Postfix How-To

From Secure Computing Wiki
Revision as of 14:38, 24 April 2007 by Ecrist (Talk | contribs)

Jump to: navigation, search
  • Loosly follows the How-To at www.purplehat.org.

Install MySQL

  1. Install MySQL 5.0 Port:
    #cd /usr/ports/databases/mysql50-server
    #make all install clean
  2. Add MySQL to system startup in /etc/rc.conf:
    #echo ‘mysql_enable=”YES”‘ >> /etc/rc.conf
  3. Start MySQL
    #/usr/local/etc/rc.d/mysql-server start
  4. Secure MySQL root account:
    #mysql -u root mysql
    >UPDATE user SET Password=PASSWORD(’mysql_root_password‘) WHERE user=’root’;
    >FLUSH PRIVILEGES;
    >quit

Postfix Installation

  1. Install Postfix port:
    # cd /usr/ports/mail/postfix
    # make install clean
  2. When asked for options, select PCRE, DOVECOT, TLS, BDB, MYSQL, and VDA.
  3. You will be asked if you want to activate postfix in /etc/mail/mailer.conf - select yes.
    Would you like to activate Postfix in /etc/mail/mailer.conf [n]? y
  4. Add the following lines to /etc/rc.conf:
    sendmail_enable="NO"
    sendmail_submit_enable="NO"
    sendmail_outbound_enable="NO"
    sendmail_msp_queue_enable="NO"
  5. Add the following lines to /etc/periodic.conf:
    daily_clean_hoststat_enable="NO"
    daily_status_mail_rejects_enable="NO"
    daily_status_include_submit_mailq="NO"
    daily_submit_queuerun="NO"

Initialize the Database

  1. Download the SQL file
    # fetch http://www.purplehat.org/downloads/postfix_guide/postfix-db.sql

Install Dovecot

  1. Install Dovecot from ports:
    # cd /usr/ports/mail/dovecot
    # make all install clean
  2. Make sure options SSL, IPv6, POP3, and MySQL are selected.
  3. Enable Dovecot at startup in /etc/rc.conf:
     #echo ‘dovecot_enable=”YES”‘ >> /etc/rc.conf
  4. Copy example configurations to correct locations:
    #cd /usr/local/etc/
    #cp dovecot-example.conf dovecot.conf
    #cp dovecot-sql-example.conf dovecot-sql.conf
  5. Create the certificate directory, and place your ssl-certificates:
    # mkdir /etc/certs
    # cp ssl.crt ssl.key /etc/certs
  6. Edit /usr/local/etc/dovecot.conf:
    Line 16, uncomment:
    base_dir = /var/run/dovecot/
    Line 21, uncomment and add POP3(S) daemons:
    protocols = imap imaps pop3 pop3s
    Line 40, uncomment:
    listen = *
    Line 46, uncomment and change to no:
    disable_plaintext_auth = no
    Line 54, uncomment:
    shutdown_clients = yes
    Line 86, uncomment:
    ssl_disable = no
    Lines 92-93, uncomment:
    ssl_cert_file = /etc/ssl/certs/dovecot.pem
    ssl_key_file = /etc/ssl/private/dovecot.pem
    Lines 172, uncomment and change accordingly:
    login_greeting = ISP Server Ready.
    Line 213, change for Maildir format:
    mail_location = maildir:/usr/local/virtual/%d/%n
    Line 321, uncomment and change UID:
    first_valid_uid = 125
    Line 329, uncomment and change GID:
    first_valid_gid = 125
    Line 526, uncomment and add for quota support:
    mail_plugins = quota imap_quota
    Line 656, uncomment and add quota module:
    mail_plugins = quota
    Line 638, change postmaster address:
    postmaster_address = postmaster@domain.tld
    Line 748, add other auth types:
    mechanisms = plain login (Adjust accordingly)
    Line 794, comment this line out:
    #passdb pam {
    Line 827, comment out closing bracket:
    #}
    Line 869, uncomment this line:
    passdb sql {
    Lines 871-872, uncomment and add arg line for SQL file:
    args = /usr/local/etc/dovecot-sql.conf
    }
    Lines 898-905, comment these lines out:
    #userdb passwd {
    }
    Line 934, uncomment:
    userdb sql {
    Lines 936-937 uncomment and add arg line for SQL file:
    args = /usr/local/etc/dovecot-sql.conf
    }
    Line 984, uncomment:
    socket listen {
    Line 995, uncomment:
    client {
    Line 999, uncomment and change path:
    path = /var/spool/postfix/private/auth
    Line 1001, add GID for Postfix socket:
    user = postfix
    Line 1002, add UID for Postfix socket:
    group = postfix
    Lines 1003-1004, uncomment:
    }
    }