public:mail:postfix
Table of Contents
Postfix
SMTP over TLS
Configuring TLS on daemon side
This Postfix configuration option enable TLS support on SMTP connections.
smtpd_tls_security_level=may smtpd_tls_cert_file=/path/to/certificate_cert.pem smtpd_tls_key_file=/path/to/certificate_private.pem smtpd_tls_CAfile=/path/to/certificate_ca_cert.pem
Configuring TLS on client side
This Postfix configuration options enable TLS support on client. Client is used by Postfix server when relaying mail to another server using SMTP.
smtp_tls_security_level=may
It's also possible to enable TLS only on specific relay host.
Configuring SMTP authentication
Edit postfix configuration :
smtpd_sasl_auth_enable=yes broken_sasl_auth_clients=yes smtpd_sasl_security_options = noanonymous smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtpd_sasl_authenticated_header=yes
Saslauthd service can be used to check password on LDAP. Create file “/etc/postfix/sasl/smtpd.conf” :
pwcheck_method: saslauthd
Postfix is chrooted by default, 2 solutions can be used to allow Postfix/saslauthd :
- disabling Postfix chroot : easy but sad…
- moving saslauthd unix socket into Postfix chroot :
rm -rf /var/spool/postfix/var/run/saslauthd mkdir -p /var/spool/postfix/var/run/saslauthd chown root:sasl /var/spool/postfix/var/run/saslauthd chmod 710 /var/spool/postfix/var/run/saslauthd rm -rf /var/run/saslauthd ln -s /var/spool/postfix/var/run/saslauthd /var/run
public/mail/postfix.txt · Last modified: 2012/03/15 13:55 by toony