Postfix How-To

From Secure Computing Wiki
Revision as of 13:55, 24 April 2007 by Ecrist (Talk | contribs)

Jump to: navigation, search
  • Loosly follows the How-To at www.purplehat.org.

Install MySQL

  1. Install MySQL 5.0 Port: 
    #cd /usr/ports/databases/mysql50-server
#make all install clean
  2. Add MySQL to system startup in /etc/rc.conf: 
    #echo ‘mysql_enable=”YES”‘ >> /etc/rc.conf
  3. Start MySQL 
    #/usr/local/etc/rc.d/mysql-server start
  4. Secure MySQL root account: 
    #mysql -u root mysql
>UPDATE user SET Password=PASSWORD(’mysql_root_password‘) WHERE user=’root’;
>FLUSH PRIVILEGES;
>quit
  5. Download the SQL file: 
    # fetch http://www.purplehat.org/downloads/postfix_guide/postfix-db.sql
  6. Initialize the database: 
    mysql -u root -p < postfix-db.sql

Install Dovecot

  1. Install Dovecot from ports: 
    # cd /usr/ports/mail/dovecot
# make all install clean
  2. Make sure options SSL, IPv6, POP3, and MySQL are selected.
  3. Enable Dovecot at startup in /etc/rc.conf: 
     #echo ‘dovecot_enable=”YES”‘ >> /etc/rc.conf
  4. Copy example configurations to correct locations: 
    #cd /usr/local/etc/
#cp dovecot-example.conf dovecot.conf
#cp dovecot-sql-example.conf dovecot-sql.conf
  5. Create the certificate directory, and place your ssl-certificates: 
    # mkdir /etc/certs
# cp ssl.crt ssl.key /etc/certs
  6. Edit /usr/local/etc/dovecot.conf:
    Line 16, uncomment:</pre> 
    base_dir = /var/run/dovecot/


    Line 21, uncomment and add POP3(S) daemons: 

    protocols = imap imaps pop3 pop3s


    Line 40, uncomment: 

    listen = *


    Line 46, uncomment and change to no: 

    disable_plaintext_auth = no


    Line 54, uncomment: 

    shutdown_clients = yes


    Line 86, uncomment: 

    ssl_disable = no


    Lines 92-93, uncomment: 

    ssl_cert_file = /etc/ssl/certs/dovecot.pem
ssl_key_file = /etc/ssl/private/dovecot.pem


    Lines 172, uncomment and change accordingly: 

    login_greeting = ISP Server Ready.


    Line 213, change for Maildir format: 

    mail_location = maildir:/usr/local/virtual/%d/%n


    Line 321, uncomment and change UID: 

    first_valid_uid = 125


    Line 329, uncomment and change GID: 

    first_valid_gid = 125


    Line 526, uncomment and add for quota support: 

    mail_plugins = quota imap_quota


    Line 656, uncomment and add quota module: 

    mail_plugins = quota


    Line 638, change postmaster address: 

    postmaster_address = postmaster@domain.tld


    Line 748, add other auth types: 

    mechanisms = plain login (Adjust accordingly)


    Line 794, comment this line out: 

    #passdb pam {


    Line 827, comment out closing bracket: 

    #}


    Line 869, uncomment this line: 

    passdb sql {


    Lines 871-872, uncomment and add arg line for SQL file: 

    args = /usr/local/etc/dovecot-sql.conf
}


    Lines 898-905, comment these lines out: 

    #userdb passwd {
}


    Line 934, uncomment: 

    userdb sql {


    Lines 936-937 uncomment and add arg line for SQL file: 

    args = /usr/local/etc/dovecot-sql.conf
}


    Line 984, uncomment: 

    socket listen {


    Line 995, uncomment: 

    client {


    Line 999, uncomment and change path: 

    path = /var/spool/postfix/private/auth


    Line 1001, add GID for Postfix socket: 

    user = postfix


    Line 1002, add UID for Postfix socket: 

    group = postfix


    Lines 1003-1004, uncomment: 

    }
}
  7. Edit /usr/local/etc/dovecot-sql.conf:
    Line 28, uncomment and add MySQL support: 
    driver = mysql

    <br?Line 57, uncomment and change to match our SQL settings: 

    connect = host=localhost dbname=postfix user=postfix password=postfix_password


    Line 64, uncomment and change to MD5: 

    default_pass_scheme = MD5


    Line 91, uncomment and change query to match our setup: 

    password_query = SELECT password FROM mailbox WHERE username = ‘%u’


    Line 111, uncomment and change query to match our setup: 

    user_query = SELECT maildir, 125 AS uid, 125 AS gid, CONCAT(’dirsize:storage=’, ROUND( mailbox.quota / 1024 ) ) AS quota FROM mailbox 
WHERE username = ‘%u’ AND active = ‘1′
    • Note: Above edits should be on ONE line, don't wrap as you may notice on this web site.

      Postfix Installation

      1. Install Postfix port: 
        # cd /usr/ports/mail/postfix
# make install clean
      2. When asked for options, select PCRE, DOVECOT, TLS, BDB, MYSQL, and VDA.
      3. You will be asked if you want to activate postfix in /etc/mail/mailer.conf - select yes. 
        Would you like to activate Postfix in /etc/mail/mailer.conf [n]? y
      4. Add the following lines to /etc/rc.conf: 
        sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
      5. Add the following lines to /etc/periodic.conf: 
        daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"
      6. Add the following to /usr/local/etc/postfix/main.cf under "soft_bounce=no" section: 
        # SASL CONFIG
#
broken_sasl_auth_clients = yes
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_recipient_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_non_fqdn_hostname,
  reject_non_fqdn_sender,
  reject_non_fqdn_recipient,
  reject_unauth_destination,
  reject_unauth_pipelining,
  reject_invalid_hostname,
  reject_rbl_client list.dsbl.org,
  reject_rbl_client bl.spamcop.net,
  reject_rbl_client sbl-xbl.spamhaus.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth    

# TLS CONFIG
#
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /usr/local/etc/postfix/ssl/smtpd.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/ssl/smtpd.pem
smtpd_tls_CAfile = /usr/local/etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom    

#MySQL Configuration
virtual_alias_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:125
virtual_mailbox_base = /usr/local/virtual
virtual_mailbox_domains = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 125
virtual_transport = virtual
virtual_uid_maps = static:125    

# Additional for quota support
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps
  $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains
  $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps
  $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
  $virtual_mailbox_limit_maps
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, this user has overdrawn their diskspace quota. Please try again later.
virtual_overquota_bounce = yes
Retrieved from "https://secure-computing.net/wiki/index.php?title=Postfix_How-To&oldid=22"