Michael Hammer/ server config/ Postfix configuration

Home

About me

Blog

Software

Projects

Science

Teaching

c++ debian electronics gentoo hardware howto mac privat software

You have to set the /etc/mailname

example.net

which has allready been asked by dpkg-configure. I've collected the IMHO most important configuration changes to /etc/postfix/main.conf

Dovecot SASL

We allready configured dovecot and will use SASL for smtpd auth.

# SASL
smtpd_sasl_local_domain = herkules.example.net
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

Mail Configuration

You really should provide your own ssl certificate. You can use open peer based ssl certs like provided by cacert.

# TLS parameters
smtp_use_tls=yes
smtp_tls_note_starttls_offer = yes
smtpd_use_tls=yes
smtpd_tls_cert_file=/etc/ssl/certs/herkules.example.net.crt
smtpd_tls_key_file=/etc/ssl/private/herkules.example.net.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

myhostname = herkules.example.net
myorigin = /etc/mailname
mydestination = localhost.localdomain, localhost

To enable the smtps (TLS enabled) smtp server you have to uncomment a line in master.cf

smtps     inet  n       -       -       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

and eventually the next if you want to use port 587 for encryption enforcement.

submission inet n       -       -       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

LDAP interface

We have to configure postfix to use LDAP to look for the virtual mail boxes.

# virtual LDAP
virtual_alias_maps = ldap:/etc/postfix/ldap-virtual-aliases.cf
virtual_mailbox_maps = ldap:/etc/postfix/ldap-virtual-maps.cf
virtual_mailbox_domains = ldap:/etc/postfix/ldap-virtual-domains.cf

virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

As already mentioned in the /etc/postfix/main.cf above we have to create the scripts for the LDAP communication. You sould add this schema as described here.

/etc/postfix/ldap-virtual-aliases.cf

server_host = localhost
search_base = ou=people, dc=example, dc=net
query_filter = mail=%s
result_attribute = maildrop

/etc/postfix/ldap-virtual-maps.cf

server_host = localhost
search_base = ou=people, dc=example, dc=net
query_filter = mail=%s
result_attribute = mailbox

/etc/postfix/ldap-virtual-domains.cf

server_host = localhost
search_base = dc=example, dc=net
query_filter = associatedDomain=%s
result_attribute = associatedDomain

<- Previous | Home | Next ->