617 lines
10 KiB
HTML
617 lines
10 KiB
HTML
<HTML
|
||
><HEAD
|
||
><TITLE
|
||
>Configuring Postfix</TITLE
|
||
><META
|
||
NAME="GENERATOR"
|
||
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
||
REL="HOME"
|
||
TITLE="Postfix-Cyrus-Web-cyradm-HOWTO"
|
||
HREF="index.html"><LINK
|
||
REL="PREVIOUS"
|
||
TITLE="Configuring PAM"
|
||
HREF="pam-config.html"><LINK
|
||
REL="NEXT"
|
||
TITLE="Configuring Cyrus IMAP"
|
||
HREF="cyrus-config.html"></HEAD
|
||
><BODY
|
||
CLASS="SECT1"
|
||
BGCOLOR="#FFFFFF"
|
||
TEXT="#000000"
|
||
LINK="#0000FF"
|
||
VLINK="#840084"
|
||
ALINK="#0000FF"
|
||
><DIV
|
||
CLASS="NAVHEADER"
|
||
><TABLE
|
||
SUMMARY="Header navigation table"
|
||
WIDTH="100%"
|
||
BORDER="0"
|
||
CELLPADDING="0"
|
||
CELLSPACING="0"
|
||
><TR
|
||
><TH
|
||
COLSPAN="3"
|
||
ALIGN="center"
|
||
>Postfix-Cyrus-Web-cyradm-HOWTO</TH
|
||
></TR
|
||
><TR
|
||
><TD
|
||
WIDTH="10%"
|
||
ALIGN="left"
|
||
VALIGN="bottom"
|
||
><A
|
||
HREF="pam-config.html"
|
||
ACCESSKEY="P"
|
||
>Prev</A
|
||
></TD
|
||
><TD
|
||
WIDTH="80%"
|
||
ALIGN="center"
|
||
VALIGN="bottom"
|
||
></TD
|
||
><TD
|
||
WIDTH="10%"
|
||
ALIGN="right"
|
||
VALIGN="bottom"
|
||
><A
|
||
HREF="cyrus-config.html"
|
||
ACCESSKEY="N"
|
||
>Next</A
|
||
></TD
|
||
></TR
|
||
></TABLE
|
||
><HR
|
||
ALIGN="LEFT"
|
||
WIDTH="100%"></DIV
|
||
><DIV
|
||
CLASS="SECT1"
|
||
><H1
|
||
CLASS="SECT1"
|
||
><A
|
||
NAME="POSTFIX-CONFIG"
|
||
></A
|
||
>6. Configuring Postfix</H1
|
||
><P
|
||
>Postfix needs two major config files: <TT
|
||
CLASS="FILENAME"
|
||
>main.cf</TT
|
||
> and <TT
|
||
CLASS="FILENAME"
|
||
>master.cf</TT
|
||
>.
|
||
Both need your attention.</P
|
||
><DIV
|
||
CLASS="SECT2"
|
||
><H2
|
||
CLASS="SECT2"
|
||
><A
|
||
NAME="POSTFIX-MASTER"
|
||
></A
|
||
>6.1. master.cf</H2
|
||
><P
|
||
>You need to change just one line:</P
|
||
><P
|
||
>old: </P
|
||
><TABLE
|
||
BORDER="1"
|
||
BGCOLOR="#E0E0E0"
|
||
WIDTH="100%"
|
||
><TR
|
||
><TD
|
||
><FONT
|
||
COLOR="#000000"
|
||
><PRE
|
||
CLASS="SCREEN"
|
||
>flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}</PRE
|
||
></FONT
|
||
></TD
|
||
></TR
|
||
></TABLE
|
||
><P
|
||
>new: </P
|
||
><TABLE
|
||
BORDER="1"
|
||
BGCOLOR="#E0E0E0"
|
||
WIDTH="100%"
|
||
><TR
|
||
><TD
|
||
><FONT
|
||
COLOR="#000000"
|
||
><PRE
|
||
CLASS="SCREEN"
|
||
>flags= user=cyrus argv=/usr/cyrus/bin/deliver -r ${sender} -m ${extension} ${user}</PRE
|
||
></FONT
|
||
></TD
|
||
></TR
|
||
></TABLE
|
||
><P
|
||
> What does that change affect?
|
||
</P
|
||
><P
|
||
> A look to the cyrus man-pages <B
|
||
CLASS="COMMAND"
|
||
>man deliver </B
|
||
>clears up that issue:
|
||
</P
|
||
><P
|
||
> The Postfix default setup uses a wrong path to cyrus deliver, this is the first change.
|
||
The parameter <20>-r<> inserts a proper return path. Without that, mail rejected/retured by sieve will
|
||
be sent to the cyrus user at yourdomain.
|
||
</P
|
||
></DIV
|
||
><DIV
|
||
CLASS="SECT2"
|
||
><H2
|
||
CLASS="SECT2"
|
||
><A
|
||
NAME="POSTFIX-MAIN"
|
||
></A
|
||
>6.2. main.cf</H2
|
||
><P
|
||
>Here you need to change some more things like hostname, relaying, alias-lookups etc.</P
|
||
><P
|
||
>First change the hostname:</P
|
||
><TABLE
|
||
BORDER="1"
|
||
BGCOLOR="#E0E0E0"
|
||
WIDTH="100%"
|
||
><TR
|
||
><TD
|
||
><FONT
|
||
COLOR="#000000"
|
||
><PRE
|
||
CLASS="SCREEN"
|
||
>myhostname = foo.bar.org</PRE
|
||
></FONT
|
||
></TD
|
||
></TR
|
||
></TABLE
|
||
><P
|
||
>mydestination</P
|
||
><P
|
||
>Here you have to put all domainnames that are local (corresponding to sendmail's
|
||
<TT
|
||
CLASS="FILENAME"
|
||
>/etc/mail/sendmail.cw)</TT
|
||
>. If you have multiple domains, separate them with comma.</P
|
||
><TABLE
|
||
BORDER="1"
|
||
BGCOLOR="#E0E0E0"
|
||
WIDTH="100%"
|
||
><TR
|
||
><TD
|
||
><FONT
|
||
COLOR="#000000"
|
||
><PRE
|
||
CLASS="SCREEN"
|
||
>mydestination = foo.bar.org, example.com, furchbar-grausam.ch,
|
||
whatever.domain.tld, mysql:/etc/postfix/mysql-mydestination.cf</PRE
|
||
></FONT
|
||
></TD
|
||
></TR
|
||
></TABLE
|
||
><P
|
||
>Relayhost</P
|
||
><P
|
||
>Here you define where to deliver outgoing mails. If you do not provide any host, mail is delivered directly
|
||
to the destination smtp host. Usually your relayhosts are your internet service provider's smtp server.</P
|
||
><TABLE
|
||
BORDER="1"
|
||
BGCOLOR="#E0E0E0"
|
||
WIDTH="100%"
|
||
><TR
|
||
><TD
|
||
><FONT
|
||
COLOR="#000000"
|
||
><PRE
|
||
CLASS="SCREEN"
|
||
>relayhost = relay01.foobar.net relay02.foobar.net relay03.foobar.net</PRE
|
||
></FONT
|
||
></TD
|
||
></TR
|
||
></TABLE
|
||
><P
|
||
>Mailtransport</P
|
||
><P
|
||
>Here you define how the mails accepted for local delivery should be handled. In your situation, mail should be
|
||
delivered by the cyrus delivery program.</P
|
||
><TABLE
|
||
BORDER="1"
|
||
BGCOLOR="#E0E0E0"
|
||
WIDTH="100%"
|
||
><TR
|
||
><TD
|
||
><FONT
|
||
COLOR="#000000"
|
||
><PRE
|
||
CLASS="SCREEN"
|
||
>mailbox_transport = cyrus</PRE
|
||
></FONT
|
||
></TD
|
||
></TR
|
||
></TABLE
|
||
><P
|
||
>At the end of file you need to add:</P
|
||
><TABLE
|
||
BORDER="1"
|
||
BGCOLOR="#E0E0E0"
|
||
WIDTH="100%"
|
||
><TR
|
||
><TD
|
||
><FONT
|
||
COLOR="#000000"
|
||
><PRE
|
||
CLASS="SCREEN"
|
||
>virtual_alias_maps = hash:/etc/postfix/virtual, mysql:/etc/postfix/mysql-virtual.cf</PRE
|
||
></FONT
|
||
></TD
|
||
></TR
|
||
></TABLE
|
||
><P
|
||
>If you don't want to have a overriding /etc/postfix/virtual, skip the hash entry</P
|
||
><P
|
||
>Outgoing addresses should be rewritten from test0002 at domain
|
||
to user.name at virtualhost.com. This is important if you want to use a webmail interface.</P
|
||
><TABLE
|
||
BORDER="1"
|
||
BGCOLOR="#E0E0E0"
|
||
WIDTH="100%"
|
||
><TR
|
||
><TD
|
||
><FONT
|
||
COLOR="#000000"
|
||
><PRE
|
||
CLASS="SCREEN"
|
||
>sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf </PRE
|
||
></FONT
|
||
></TD
|
||
></TR
|
||
></TABLE
|
||
><P
|
||
>Now you need to create the file <TT
|
||
CLASS="FILENAME"
|
||
>/etc/postfix/mysql-virtual.cf</TT
|
||
>: </P
|
||
><TABLE
|
||
BORDER="1"
|
||
BGCOLOR="#E0E0E0"
|
||
WIDTH="100%"
|
||
><TR
|
||
><TD
|
||
><FONT
|
||
COLOR="#000000"
|
||
><PRE
|
||
CLASS="SCREEN"
|
||
>#
|
||
# mysql config file for alias lookups on postfix
|
||
# comments are ok.
|
||
#
|
||
|
||
# the user name and password to log into the mysql server
|
||
hosts = localhost
|
||
user = mail
|
||
password = secret
|
||
|
||
# the database name on the servers
|
||
dbname = mail
|
||
|
||
# the table name
|
||
table = virtual
|
||
|
||
#
|
||
select_field = dest
|
||
where_field = alias
|
||
additional_conditions = and status = '1'</PRE
|
||
></FONT
|
||
></TD
|
||
></TR
|
||
></TABLE
|
||
><P
|
||
>The file <TT
|
||
CLASS="FILENAME"
|
||
>/etc/postfix/mysql-canonical.cf</TT
|
||
>:</P
|
||
><TABLE
|
||
BORDER="1"
|
||
BGCOLOR="#E0E0E0"
|
||
WIDTH="100%"
|
||
><TR
|
||
><TD
|
||
><FONT
|
||
COLOR="#000000"
|
||
><PRE
|
||
CLASS="SCREEN"
|
||
># mysql config file for canonical lookups on postfix
|
||
# comments are ok.
|
||
#
|
||
|
||
# the user name and password to log into the mysql server
|
||
hosts = localhost
|
||
user = mail
|
||
password = secret
|
||
|
||
# the database name on the servers
|
||
dbname = mail
|
||
|
||
# the table name
|
||
table = virtual
|
||
#
|
||
select_field = alias
|
||
where_field = username
|
||
# Return the first match only
|
||
additional_conditions = and status = '1' limit 1</PRE
|
||
></FONT
|
||
></TD
|
||
></TR
|
||
></TABLE
|
||
><P
|
||
>Finally the file <TT
|
||
CLASS="FILENAME"
|
||
>/etc/postfix/mysql-mydestination.cf</TT
|
||
>:</P
|
||
><TABLE
|
||
BORDER="1"
|
||
BGCOLOR="#E0E0E0"
|
||
WIDTH="100%"
|
||
><TR
|
||
><TD
|
||
><FONT
|
||
COLOR="#000000"
|
||
><PRE
|
||
CLASS="SCREEN"
|
||
># mysql config file for local domain (like sendmail's sendmail.cw) lookups on postfix
|
||
# comments are ok.
|
||
#
|
||
|
||
# the user name and password to log into the mysql server
|
||
hosts = localhost
|
||
user = mail
|
||
password = secret
|
||
|
||
# the database name on the servers
|
||
dbname = mail
|
||
|
||
# the table name
|
||
table = domain
|
||
#
|
||
select_field = domain_name
|
||
where_field = domain_name</PRE
|
||
></FONT
|
||
></TD
|
||
></TR
|
||
></TABLE
|
||
><P
|
||
>SMTP Authentication with SASL and PAM</P
|
||
><P
|
||
>Put the following in your <TT
|
||
CLASS="FILENAME"
|
||
>/etc/postfix/main.cf</TT
|
||
></P
|
||
><TABLE
|
||
BORDER="1"
|
||
BGCOLOR="#E0E0E0"
|
||
WIDTH="100%"
|
||
><TR
|
||
><TD
|
||
><FONT
|
||
COLOR="#000000"
|
||
><PRE
|
||
CLASS="SCREEN"
|
||
>smtpd_sasl_auth_enable = yes
|
||
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
|
||
smtpd_sasl_security_options = noanonymous
|
||
smtpd_sasl_local_domain =
|
||
broken_sasl_auth_clients = yes</PRE
|
||
></FONT
|
||
></TD
|
||
></TR
|
||
></TABLE
|
||
><P
|
||
>You also need to create the file <TT
|
||
CLASS="FILENAME"
|
||
>/usr/local/lib/sasl2/smtpd.conf</TT
|
||
> with
|
||
the following contents:</P
|
||
><TABLE
|
||
BORDER="1"
|
||
BGCOLOR="#E0E0E0"
|
||
WIDTH="100%"
|
||
><TR
|
||
><TD
|
||
><FONT
|
||
COLOR="#000000"
|
||
><PRE
|
||
CLASS="SCREEN"
|
||
>pwcheck_method: saslauthd</PRE
|
||
></FONT
|
||
></TD
|
||
></TR
|
||
></TABLE
|
||
><P
|
||
>The next step is to tell postfix how to find the saslauthd socket:</P
|
||
><TABLE
|
||
BORDER="1"
|
||
BGCOLOR="#E0E0E0"
|
||
WIDTH="100%"
|
||
><TR
|
||
><TD
|
||
><FONT
|
||
COLOR="#000000"
|
||
><PRE
|
||
CLASS="SCREEN"
|
||
>mv /var/run/sasl2 /var/run/sasl2-old
|
||
ln -s /var/run/saslauthd /var/run/sasl2</PRE
|
||
></FONT
|
||
></TD
|
||
></TR
|
||
></TABLE
|
||
><P
|
||
></P
|
||
></DIV
|
||
><DIV
|
||
CLASS="SECT2"
|
||
><H2
|
||
CLASS="SECT2"
|
||
><A
|
||
NAME="ANTISPAM"
|
||
></A
|
||
>6.3. Fighting against SPAM</H2
|
||
><P
|
||
>This section describes how to implement a basic SPAM protection setup with postfix. It does not use any external software like spamassassin, etc.</P
|
||
><P
|
||
>Postfix has some built-in filters that allow you to stop obvious SPAM attempts. In particular these are:</P
|
||
><P
|
||
></P
|
||
><UL
|
||
><LI
|
||
><P
|
||
> smtpd_helo_required = yes
|
||
</P
|
||
><P
|
||
> This switch in <TT
|
||
CLASS="FILENAME"
|
||
>main.cf</TT
|
||
> means that SMTP clients connecting to your mail server must give
|
||
a <20>helo<6C> when connecting.
|
||
</P
|
||
></LI
|
||
><LI
|
||
><P
|
||
> smtpd_recipient_restrictions
|
||
</P
|
||
><P
|
||
>This option in <TT
|
||
CLASS="FILENAME"
|
||
>main.cf</TT
|
||
> lets you define different rules on the handling the acceptance
|
||
of mail. The following example simply rejects all invalid sender and recipient data.
|
||
Additionally it defines how to lookup known spammers from online blacklists.
|
||
</P
|
||
><TABLE
|
||
BORDER="1"
|
||
BGCOLOR="#E0E0E0"
|
||
WIDTH="90%"
|
||
><TR
|
||
><TD
|
||
><FONT
|
||
COLOR="#000000"
|
||
><PRE
|
||
CLASS="SCREEN"
|
||
>smtpd_recipient_restrictions =
|
||
reject_invalid_hostname,
|
||
reject_non_fqdn_hostname,
|
||
reject_non_fqdn_sender,
|
||
reject_non_fqdn_recipient,
|
||
reject_unknown_sender_domain,
|
||
reject_unknown_recipient_domain,
|
||
reject_unauth_pipelining,
|
||
permit_mynetworks,
|
||
reject_unauth_destination,
|
||
reject_rbl_client zombie.dnsbl.sorbs.net,
|
||
reject_rbl_client relays.ordb.org,
|
||
reject_rbl_client opm.blitzed.org,
|
||
reject_rbl_client list.dsbl.org,
|
||
reject_rbl_client sbl.spamhaus.org,
|
||
permit</PRE
|
||
></FONT
|
||
></TD
|
||
></TR
|
||
></TABLE
|
||
><P
|
||
></P
|
||
></LI
|
||
><LI
|
||
><P
|
||
>mime_header_checks=pcre:/etc/postfix/body_checks</P
|
||
><P
|
||
>MIME header checks let you reject mail which contains malicious MIME content, i.e dangerous
|
||
attachments such as Windows executables. Create the file <TT
|
||
CLASS="FILENAME"
|
||
>/etc/postfix/body_checks</TT
|
||
>.
|
||
The following example rejects all mail that contains potentially dangerous attachments.
|
||
In my experience, using this example would filter out most of viruses delivered by e-mail.
|
||
In any event, a virus scanner should always be installed.
|
||
</P
|
||
><TABLE
|
||
BORDER="1"
|
||
BGCOLOR="#E0E0E0"
|
||
WIDTH="90%"
|
||
><TR
|
||
><TD
|
||
><FONT
|
||
COLOR="#000000"
|
||
><PRE
|
||
CLASS="SCREEN"
|
||
> /^((Content-(Disposition: attachment;|Type:).*|\ +)| *)(file)?name\ *=\ *"?.*\.(lnk|asd|hlp|ocx|reg|bat|c[ho]m|cmd|exe|dll|vxd|pif|scr|hta|jse?|sh[mbs]|vb[esx]|ws[fh]|wmf)"?\ *$/ REJECT attachment type not allowed
|
||
</PRE
|
||
></FONT
|
||
></TD
|
||
></TR
|
||
></TABLE
|
||
></LI
|
||
></UL
|
||
></DIV
|
||
></DIV
|
||
><DIV
|
||
CLASS="NAVFOOTER"
|
||
><HR
|
||
ALIGN="LEFT"
|
||
WIDTH="100%"><TABLE
|
||
SUMMARY="Footer navigation table"
|
||
WIDTH="100%"
|
||
BORDER="0"
|
||
CELLPADDING="0"
|
||
CELLSPACING="0"
|
||
><TR
|
||
><TD
|
||
WIDTH="33%"
|
||
ALIGN="left"
|
||
VALIGN="top"
|
||
><A
|
||
HREF="pam-config.html"
|
||
ACCESSKEY="P"
|
||
>Prev</A
|
||
></TD
|
||
><TD
|
||
WIDTH="34%"
|
||
ALIGN="center"
|
||
VALIGN="top"
|
||
><A
|
||
HREF="index.html"
|
||
ACCESSKEY="H"
|
||
>Home</A
|
||
></TD
|
||
><TD
|
||
WIDTH="33%"
|
||
ALIGN="right"
|
||
VALIGN="top"
|
||
><A
|
||
HREF="cyrus-config.html"
|
||
ACCESSKEY="N"
|
||
>Next</A
|
||
></TD
|
||
></TR
|
||
><TR
|
||
><TD
|
||
WIDTH="33%"
|
||
ALIGN="left"
|
||
VALIGN="top"
|
||
>Configuring PAM</TD
|
||
><TD
|
||
WIDTH="34%"
|
||
ALIGN="center"
|
||
VALIGN="top"
|
||
> </TD
|
||
><TD
|
||
WIDTH="33%"
|
||
ALIGN="right"
|
||
VALIGN="top"
|
||
>Configuring Cyrus IMAP</TD
|
||
></TR
|
||
></TABLE
|
||
></DIV
|
||
></BODY
|
||
></HTML
|
||
> |