Project

General

Profile

PostfixInstallDebianLenny » History » Version 2

Lutz Suhrbier, 09/13/2010 06:46 PM

1 1 Lutz Suhrbier
2 2 Lutz Suhrbier
## Postfix Installation (Debian Lenny)
3 1 Lutz Suhrbier
4 1 Lutz Suhrbier
5 2 Lutz Suhrbier
This document will describe how to install Postfix as a local mail server relay to sent local system mail to real world email recipients like e.g. system administrator(s). 
6 1 Lutz Suhrbier
7 1 Lutz Suhrbier
8 2 Lutz Suhrbier
For that, install postfix and libsasl2 packages first.
9 1 Lutz Suhrbier
10 2 Lutz Suhrbier
~~~
11 2 Lutz Suhrbier
apt-get install postfix libsasl2-modules
12 2 Lutz Suhrbier
~~~
13 1 Lutz Suhrbier
14 2 Lutz Suhrbier
Then, setup postfix as local smtp mail relay server. First, consider the following options in _/etc/postfix/main.cf_. The remaining options should be left to their default values.
15 1 Lutz Suhrbier
16 1 Lutz Suhrbier
17 2 Lutz Suhrbier
~~~
18 2 Lutz Suhrbier
### localhost only ###
19 2 Lutz Suhrbier
mydestination = $myhostname, localhost.$mydomain, localhost
20 2 Lutz Suhrbier
mynetworks = 127.0.0.0/8
21 2 Lutz Suhrbier
inet_interfaces = all
22 1 Lutz Suhrbier
23 2 Lutz Suhrbier
### redirect root mail to system administrator ###
24 2 Lutz Suhrbier
alias_maps = hash:/etc/aliases
25 2 Lutz Suhrbier
alias_database = hash:/etc/aliases
26 1 Lutz Suhrbier
27 2 Lutz Suhrbier
### mail relay host and password ###
28 2 Lutz Suhrbier
relayhost = mail.arcor.de
29 1 Lutz Suhrbier
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
30 1 Lutz Suhrbier
31 2 Lutz Suhrbier
### configure TLS connection to relay host ###
32 2 Lutz Suhrbier
smtp_tls_security_level = encrypt
33 2 Lutz Suhrbier
#smtp_tls_CApath = /etc/ssl/certs
34 2 Lutz Suhrbier
smtp_tls_CAfile = /etc/ssl/certs/Thawte_Premium_Server_CA.pem
35 2 Lutz Suhrbier
smtp_sasl_auth_enable = yes
36 2 Lutz Suhrbier
smtp_sasl_security_options = noanonymous
37 2 Lutz Suhrbier
smtp_sasl_tls_security_options = noanonymous
38 2 Lutz Suhrbier
~~~
39 1 Lutz Suhrbier
40 2 Lutz Suhrbier
The first block limits the accessibility of the mail server to localhost. That way, any incoming internet requests should be rejected.
41 1 Lutz Suhrbier
42 1 Lutz Suhrbier
43 2 Lutz Suhrbier
Regarding the _alias_maps_ directives, mail redirection (e.g. for system user root) can be redirected to a "real world" email recipient. The aliases must be definied in _/etc/aliases_ (.e.g . postmaster->root, root->sysadmin@real.world.org).
44 1 Lutz Suhrbier
45 1 Lutz Suhrbier
~~~
46 2 Lutz Suhrbier
root:		sysadmin@real.world.org
47 2 Lutz Suhrbier
postmaster:	root
48 2 Lutz Suhrbier
~~~
49 1 Lutz Suhrbier
50 2 Lutz Suhrbier
Also, _/etc/aliases_ must be hashed using the _postalias_ command.
51 1 Lutz Suhrbier
52 2 Lutz Suhrbier
~~~
53 2 Lutz Suhrbier
postalias /etc/aliases
54 2 Lutz Suhrbier
~~~
55 1 Lutz Suhrbier
56 2 Lutz Suhrbier
Next, the smtp server to which any outgoing mails were relayed to must be defined. If you can use an internal mail server which does not require to login before sending emails (e.g. ip-address authentication), you can omit the next paragraph.
57 1 Lutz Suhrbier
58 1 Lutz Suhrbier
59 2 Lutz Suhrbier
Currently, we are using the free mail hoster _mail.arcor.de_, because it permits to relay emails with any sender domain. In order to submit the user credentials required for login, create _/etc/postfix/sasl_passwd_ and define your mail relay host and login credentials as follows.
60 1 Lutz Suhrbier
61 2 Lutz Suhrbier
~~~
62 2 Lutz Suhrbier
mail.arcor.de	userid:password
63 2 Lutz Suhrbier
~~~
64 1 Lutz Suhrbier
65 2 Lutz Suhrbier
The file must be hashed using the _postmap_ command.
66 1 Lutz Suhrbier
67 2 Lutz Suhrbier
~~~
68 2 Lutz Suhrbier
postmap /etc/postfix/sasl_passwd
69 2 Lutz Suhrbier
~~~
70 1 Lutz Suhrbier
71 2 Lutz Suhrbier
Then, the remaining block configures TLS/SSL negotiations (hopefully supported by your mail provider). The security level should be set to encrypt (passwords are sent!) and the rootCA certificate of the mail relay server (e.g. Thawte Premium for arcor.de). 
72 1 Lutz Suhrbier
73 1 Lutz Suhrbier
74 2 Lutz Suhrbier
 *Note:*::
75 1 Lutz Suhrbier
76 2 Lutz Suhrbier
 Using the smtp_tls_CApath directive pointing to the default certificate directory _/etc/ssl/certs_ which will be installed along with the _ssl-cert_ package did not work for me ?!
77 1 Lutz Suhrbier
78 1 Lutz Suhrbier
79 2 Lutz Suhrbier
Finally, restart the postfix server as usual.
80 1 Lutz Suhrbier
81 1 Lutz Suhrbier
~~~
82 2 Lutz Suhrbier
/etc/init.d/postfix restart
83 2 Lutz Suhrbier
~~~
84 2 Lutz Suhrbier
 That's all.
Add picture from clipboard (Maximum size: 40 MB)