====== Postfix ======
#> apt-get install postfix postfix-tls postfix-pcre libsasl2 libsasl2-modules sasl2-bin
===== SASL authd =====
Make saslauthd work with changerooted postfix:
Edit ''/etc/default/saslauthd'':
# This needs to be uncommented before saslauthd will be run automatically
START=yes
# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"
MECHANISMS="pam"
PWDIR=/var/spool/postfix/var/run/saslauthd
PARAMS="-m /var/spool/postfix/var/run/saslauthd"
Use ''dpkg-statoverride'' to make sure the startscript works as expected:
#> dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
Add the postfix user to the group sasl
#> usermod -g postfix -G sasl postfix
Create a ''/etc/postfix/sasl/smtpd.conf'' file with the following options:
pwcheck_method: saslauthd
mech_list: plain login
Start the sasldaemon and restart postfix
#> /etc/init.d/saslauthd start
#> /etc/init.d/postfix restart
===== TLS =====
Create a private key and a certificate as described [[sslca|here]].
#> mkdir /etc/postfix/ssl
#> cp cp postfixCert.pem postfixKey.pem /etc/postfix/ssl/
#> chmod 400 /etc/postfix/ssl/postfixKey.pem
#> cp /etc/ssl/CA/cacert.pem /etc/postfix/ssl/
Add the following to the ''/etc/postfix/main.cf'':
# Enable TLS support
smtpd_tls_key_file = /etc/postfix/ssl/postfixKey.pem
smtpd_tls_cert_file = /etc/postfix/ssl/postfixCert.pem
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_use_tls = yes
Comment in the following three lines in ''/etc/postfix/master.cf''
tlsmgr fifo - - n 300 1 tlsmgr
smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
587 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
===== Spam prevention =====
Follow the tutorial at http://www.freesoftwaremagazine.com/free_issues/issue_02/focus_spam_postfix/
The SPF script which comes with the postfix-doc package is broken ((It produces the following error: ''syslog: invalid level/facility: warn at ./spf-policy.pl line 154'')) so we get a current one from the source directly.
Go to the following URL :
http://new.openspf.org/source/software/postfix-policyd-spf-perl/tags/1.08/postfix-policyd-spf-perl?rev=13&view=log
and download the most recent version of this file (click on "(download)") and save to /etc/postfix/spf-policy.pl
To make it work install the needed Perl lib and make the script executable.
#> apt-get install libmail-spf-query-perl
#> chmod 755 /etc/postfix/spf-policy.pl
Then add the following to ''/etc/postfix/master.cf''
spfpolicy unix - n n - - spawn user=nobody argv=/usr/bin/perl /etc/postfix/spf-policy.pl
Add the following entry
check_policy_service unix:private/spfpolicy
to ''/etc/postfix/main.cf'' into the smtpd_recipient_restrictions section. Preferable as one of the last restrictions.
e.g.
smtpd_recipient_restrictions =
reject_unauth_destination
reject_unknown_recipient_domain
reject_unverified_recipient
check_policy_service unix:private/spfpolicy