Mailserver¶
- Date
2013-05-24 22:42
FQDN - Fully Qualified Domain Name
Add details to /etc/hosts
Mailserver - Assume host without an real internet hostname (using a madeup/fantasy hostname)
Postfix - The core bit
Dovecot - IMAP server
Procmail - Proceses incomming mail & sorts it into folders
Fetchmail - Grabs email from POP3/IMAP accounts into local repository
Setup¶
Stage 1: Install Postfix¶
emerge -pv postfix
If ssmtp is blocking then remove it with
emerge -C ssmtp
Note
postfix USE Flags Set the folllowing only: pam,ssl,sasl,-dovecot-sasl (dovecot-sasl - not compiled in at the beginning as it is not yet installed/configured)
emerge postfix
1myhostname = Core.workgroup
2mydomain = workgroup
3mydestination = $myhostname localhost.$mydomain localhost $mydomain
4myorigin = $mydomain
5mynetworks = 127.0.0.0/8 192.168.0.0/24
6mynetworks_style = host
7relay_domains =
8relayhost = <specific details to follow>
9newaliases_path=/usr/bin/newaliases
10alias_maps = hash:/etc/mail/aliases #Reports problems
11#notify_classes = bounce, 2bounce, delay, policy, protocol, resource, software
12inet_interfaces = all
13smtp_generic_maps = </specific><specific details to follow>
14queue_directory = /var/spool/postfix
15command_directory = /usr/sbin
16daemon_directory = /usr/lib64/postfix
17mail_owner = postfix
18unknown_local_recipient_reject_code = 450
19alias_database = hash:/etc/mail/aliases
20home_mailbox = maildir/
21mailbox_command = /usr/bin/procmail
22local_destination_concurrency_limit = 2
23default_destingation_concurrency_limit = 2
24debug_peer_level = 2
25debugger_command = <as default>
26sendmail_Path = /usr/bin/sendmail
27mailq_path = /usr/bin/mailq
28setgid_group = postdrop
Stage 2: Configure Postfix¶
DNSDOMAIN="Workgroup"
Because we are using a fantasy domain name we need to replace it with something a little more official before sending email over the internet.
smtp_generic_maps = hash:/etc/postfix/generic
bob@workgroup bob.smith@example.com
@workgroup bob.smith2@example.com
Important
Execute “postmap /etc/postfix/generic” whenever you change the generic table.
postmap /etc/postfix/generic
postmaster: bob
root: bob
operator: bob
Stage 3: Enable SASL authentication in the postfix SMTP Client¶
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_type = cyrus
relayhost = [<insert isp smtp server>]
#Alternative form:
#relayhost = [</insert><insert isp smtp server>]:submission
smtp_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_client_restrictions = permit_sasl_authenticated, reject_unauth_destination
[<insert isp smtp server>] bob.smith:password
[<insert isp smtp server>]:submission bob.smith:password
Note
The submission destination port tells postfix to send the mail via TCP/587 which is normally reserved for email clients. Default is to send mail to the “SMTP” destination port TCP/25. If you use an explicit destination port in main.cf then you must use the same form in the smtp_sasl_password_maps file.
pwcheck_method:saslauthd
mech_list:plan login
SASLAUTH_MECH = shadow
SASL_RIMAP_HOSTNAME=""
SASLAUTHD_OPTS="-a${SASLAUTH_MECH}"
Stage 4: Postfix TLS Support¶
smtpd_use_tls = yes
smtp_tls_auth_only = yes
smtpd_tls_key_file = /etc/ssl/postfix/server.key
smtpd_tls_cert_file = /etc/ssl/postfix/server.crt
smtpd_tls_CAfile = /etc/ssl/postfix/server.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
Important
Run “postfix check” to spot any errors in the config
/etc/init.d/postfix check
/etc/init.d/saslauthd start
/etc/init.d/postfix start
rc-update add saslauthd default
rc-update add postfix default
/etc/init.d/courier-imap-ssl start
–should auto start
/etc/init.d/courier-authlib