Difference between revisions of "Postfix How-To"

From Secure Computing Wiki
Jump to: navigation, search
Line 14: Line 14:
 
>FLUSH PRIVILEGES;
 
>FLUSH PRIVILEGES;
 
>quit</pre>
 
>quit</pre>
</ol>
+
<li>Download the SQL file:
 
+
==== Initialize the Database ====
+
<ol><li>Download the SQL file
+
 
<pre># fetch http://www.purplehat.org/downloads/postfix_guide/postfix-db.sql</pre>
 
<pre># fetch http://www.purplehat.org/downloads/postfix_guide/postfix-db.sql</pre>
 +
<li>Initialize the database:
 +
<pre>mysql -u root -p < postfix-db.sql</pre>
 
</ol>
 
</ol>
  

Revision as of 13:55, 24 April 2007

  • Loosly follows the How-To at www.purplehat.org.

Install MySQL

  1. Install MySQL 5.0 Port:
    #cd /usr/ports/databases/mysql50-server
    #make all install clean
  2. Add MySQL to system startup in /etc/rc.conf:
    #echo ‘mysql_enable=”YES”‘ >> /etc/rc.conf
  3. Start MySQL
    #/usr/local/etc/rc.d/mysql-server start
  4. Secure MySQL root account:
    #mysql -u root mysql
    >UPDATE user SET Password=PASSWORD(’mysql_root_password‘) WHERE user=’root’;
    >FLUSH PRIVILEGES;
    >quit
  5. Download the SQL file:
    # fetch http://www.purplehat.org/downloads/postfix_guide/postfix-db.sql
  6. Initialize the database:
    mysql -u root -p < postfix-db.sql

Install Dovecot

  1. Install Dovecot from ports:
    # cd /usr/ports/mail/dovecot
    # make all install clean
  2. Make sure options SSL, IPv6, POP3, and MySQL are selected.
  3. Enable Dovecot at startup in /etc/rc.conf:
     #echo ‘dovecot_enable=”YES”‘ >> /etc/rc.conf
  4. Copy example configurations to correct locations:
    #cd /usr/local/etc/
    #cp dovecot-example.conf dovecot.conf
    #cp dovecot-sql-example.conf dovecot-sql.conf
  5. Create the certificate directory, and place your ssl-certificates:
    # mkdir /etc/certs
    # cp ssl.crt ssl.key /etc/certs
  6. Edit /usr/local/etc/dovecot.conf:
    Line 16, uncomment:</pre>
    base_dir = /var/run/dovecot/


    Line 21, uncomment and add POP3(S) daemons:

    protocols = imap imaps pop3 pop3s


    Line 40, uncomment:

    listen = *


    Line 46, uncomment and change to no:

    disable_plaintext_auth = no


    Line 54, uncomment:

    shutdown_clients = yes


    Line 86, uncomment:

    ssl_disable = no


    Lines 92-93, uncomment:

    ssl_cert_file = /etc/ssl/certs/dovecot.pem
    ssl_key_file = /etc/ssl/private/dovecot.pem


    Lines 172, uncomment and change accordingly:

    login_greeting = ISP Server Ready.


    Line 213, change for Maildir format:

    mail_location = maildir:/usr/local/virtual/%d/%n


    Line 321, uncomment and change UID:

    first_valid_uid = 125


    Line 329, uncomment and change GID:

    first_valid_gid = 125


    Line 526, uncomment and add for quota support:

    mail_plugins = quota imap_quota


    Line 656, uncomment and add quota module:

    mail_plugins = quota


    Line 638, change postmaster address:

    postmaster_address = postmaster@domain.tld


    Line 748, add other auth types:

    mechanisms = plain login (Adjust accordingly)


    Line 794, comment this line out:

    #passdb pam {


    Line 827, comment out closing bracket:

    #}


    Line 869, uncomment this line:

    passdb sql {


    Lines 871-872, uncomment and add arg line for SQL file:

    args = /usr/local/etc/dovecot-sql.conf
    }


    Lines 898-905, comment these lines out:

    #userdb passwd {
    }


    Line 934, uncomment:

    userdb sql {


    Lines 936-937 uncomment and add arg line for SQL file:

    args = /usr/local/etc/dovecot-sql.conf
    }


    Line 984, uncomment:

    socket listen {


    Line 995, uncomment:

    client {


    Line 999, uncomment and change path:

    path = /var/spool/postfix/private/auth


    Line 1001, add GID for Postfix socket:

    user = postfix


    Line 1002, add UID for Postfix socket:

    group = postfix


    Lines 1003-1004, uncomment:

    }
    }
  7. Edit /usr/local/etc/dovecot-sql.conf:
    Line 28, uncomment and add MySQL support:
    driver = mysql

    <br?Line 57, uncomment and change to match our SQL settings:

    connect = host=localhost dbname=postfix user=postfix password=postfix_password


    Line 64, uncomment and change to MD5:

    default_pass_scheme = MD5


    Line 91, uncomment and change query to match our setup:

    password_query = SELECT password FROM mailbox WHERE username = ‘%u’


    Line 111, uncomment and change query to match our setup:

    user_query = SELECT maildir, 125 AS uid, 125 AS gid, CONCAT(’dirsize:storage=’, ROUND( mailbox.quota / 1024 ) ) AS quota FROM mailbox 
    WHERE username = ‘%u’ AND active = ‘1′
    • Note: Above edits should be on ONE line, don't wrap as you may notice on this web site.

      Postfix Installation

      1. Install Postfix port:
        # cd /usr/ports/mail/postfix
        # make install clean
      2. When asked for options, select PCRE, DOVECOT, TLS, BDB, MYSQL, and VDA.
      3. You will be asked if you want to activate postfix in /etc/mail/mailer.conf - select yes.
        Would you like to activate Postfix in /etc/mail/mailer.conf [n]? y
      4. Add the following lines to /etc/rc.conf:
        sendmail_enable="NO"
        sendmail_submit_enable="NO"
        sendmail_outbound_enable="NO"
        sendmail_msp_queue_enable="NO"
      5. Add the following lines to /etc/periodic.conf:
        daily_clean_hoststat_enable="NO"
        daily_status_mail_rejects_enable="NO"
        daily_status_include_submit_mailq="NO"
        daily_submit_queuerun="NO"
      6. Add the following to /usr/local/etc/postfix/main.cf under "soft_bounce=no" section:
        # SASL CONFIG
        #
        broken_sasl_auth_clients = yes
        smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
        smtpd_recipient_restrictions =
          permit_mynetworks,
          permit_sasl_authenticated,
          reject_non_fqdn_hostname,
          reject_non_fqdn_sender,
          reject_non_fqdn_recipient,
          reject_unauth_destination,
          reject_unauth_pipelining,
          reject_invalid_hostname,
          reject_rbl_client list.dsbl.org,
          reject_rbl_client bl.spamcop.net,
          reject_rbl_client sbl-xbl.spamhaus.org
        smtpd_sasl_auth_enable = yes
        smtpd_sasl_authenticated_header = yes
        smtpd_sasl_local_domain = $myhostname
        smtpd_sasl_security_options = noanonymous
        smtpd_sasl_type = dovecot
        smtpd_sasl_path = private/auth    
        
        # TLS CONFIG
        #
        smtp_use_tls = yes
        smtpd_use_tls = yes
        smtp_tls_note_starttls_offer = yes
        smtpd_tls_key_file = /usr/local/etc/postfix/ssl/smtpd.pem
        smtpd_tls_cert_file = /usr/local/etc/postfix/ssl/smtpd.pem
        smtpd_tls_CAfile = /usr/local/etc/postfix/ssl/smtpd.pem
        smtpd_tls_loglevel = 0
        smtpd_tls_received_header = yes
        smtpd_tls_session_cache_timeout = 3600s
        tls_random_source = dev:/dev/urandom    
        
        #MySQL Configuration
        virtual_alias_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
        virtual_gid_maps = static:125
        virtual_mailbox_base = /usr/local/virtual
        virtual_mailbox_domains = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
        virtual_mailbox_limit = 51200000
        virtual_mailbox_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
        virtual_minimum_uid = 125
        virtual_transport = virtual
        virtual_uid_maps = static:125    
        
        # Additional for quota support
        virtual_create_maildirsize = yes
        virtual_mailbox_extended = yes
        virtual_mailbox_limit_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
        proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps
          $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains
          $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps
          $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
          $virtual_mailbox_limit_maps
        virtual_mailbox_limit_override = yes
        virtual_maildir_limit_message = Sorry, this user has overdrawn their diskspace quota. Please try again later.
        virtual_overquota_bounce = yes