Postfix

Differences between revisions 1 and 2
Revision 1 as of 2006-12-27 14:38:20
Size: 7196
Comment:
Revision 2 as of 2006-12-27 14:39:28
Size: 7197
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
||<tablestyle="float:right; font-size: 0.9em; width:30%; background:#F1F1ED; margin: 0 0 1em 1em;" style="padding:0.5em;">'''Contents'''[[BR]][[TableOfContents(1)]]|| ||<tablestyle="float:right; font-size: 0.9em; width:30%; background:#F1F1ED; margin: 0 0 1em 1em;" style="padding:0.5em;">'''Conteúdo'''[[BR]][[TableOfContents(1)]]||

Postfix

O Postfix é um agente de transferência de emails (MTA), um software livre para envio e entrega de emails. Rápido e fácil de administrar, é uma alternativa segura ao Sendmail. Ele é o MTA padrão do Ubuntu Linux.

Instalação

Instale os seguintes pacotes

apt-get install postfix libsasl2 sasl2-bin libsasl2-modules libdb3-util procmail

Configuração

Configure o Postfix para fazer SMTP AUTH usando SASL (saslauthd)

Acesse o shell do root

sudo su

postconf -e 'smtpd_sasl_local_domain ='

postconf -e 'smtpd_sasl_auth_enable = yes'

postconf -e 'smtpd_sasl_security_options = noanonymous'

postconf -e 'broken_sasl_auth_clients = yes'

postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'

postconf -e 'inet_interfaces = all'

echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf

echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf

Gere os certificados que serão usados pela encriptação TLS e/ou certificado de authenticação

mkdir /etc/postfix/ssl

cd /etc/postfix/ssl/

openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024

Enter pass phrase for smtpd.key:<Informe_a_frase_senha>
Verifying - Enter pass phrase for smtpd.key:<Repita_a_frase_senha>

chmod 600 smtpd.key

openssl req -new -key smtpd.key -out smtpd.csr

Enter pass phrase for smtpd.key:<Informe_a_senha_criada_anteriormente>

Country Name (2 letter code) [AU]:BR
State or Province Name (full name) [Some-State]:Bahia
Locality Name (eg, city) []:Salvador
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Ideia Digital
Organizational Unit Name (eg, section) []:projetos
Common Name (eg, YOUR name) []:Alexandro Silva
Email Address []:penguim@ubuntu.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:<ENTER>
An optional company name []:<ENTER>

openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt

Verifying - Enter PEM pass phrase:<Informe_a_senha_criada_anteriormente>

Country Name (2 letter code) [AU]:BR
State or Province Name (full name) [Some-State]:Bahia
Locality Name (eg, city) []:Salvador
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Ideia Digital
Organizational Unit Name (eg, section) []:projetos
Common Name (eg, YOUR name) []:Alexandro Silva
Email Address []:penguim@ubuntu.com

openssl rsa -in smtpd.key -out smtpd.key.unencrypted

mv -f smtpd.key.unencrypted smtpd.key

openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Configure Postfix to do TLS encryption for both incoming and outgoing mail

postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
postconf -e 'myhostname = server1.example.com'

O arquivo /etc/postfix/main.cf ficará da seguinte forma

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = server1.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = ubuntu.ideiadigital.com.br, localhost.ideiadigital.com.br, , localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

Reinicie o daemon do postfix

/etc/init.d/postfix reload

Autenticação

Autenticação será feita pelo saslauthd.

  • Teremos que alterar alguns campos para que o Postfix funcione corretamente. porque o Postfix roda em modo chroot no /var/spool/postfix Teremos que alterar alguns caminhos. (ie. /var/run/saslauthd torna-se /var/spool/postfix/var/run/saslauthd):

Edite o arquivo /etc/default/saslauthd para ativar o saslauthd. Remova o comentário da linha START=yes e adicione as linhas PWDIR, PARAMS, e PIDFILE

vi /etc/default/saslauthd

# This needs to be uncommented before saslauthd will be run automatically
START=yes

PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"

# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"

MECHANISMS="pam"

OBS: Se preferir, você poderá usar o "shadow" ao invés do "pam", isto é seguro também. O usuário e a senha para autenticar serão os mesmos do sistema.

Atualize o "estado" do dpkg de /var/spool/portfix/var/run/saslauthd. O init script do saslauthd usa essas configurações para criar o diretório que está faltado com os donos e as permissões corretas

dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd

Inicie o saslauthd

/etc/init.d/saslauthd start

Testando

Verifique se o SMTP-AUTH e o TLS estão funcionando

telnet localhost 25

ehlo localhost

Aparecendo estas linhas, tudo está OK

...
250-STARTTLS
250-AUTH
...

CategoryDocumentação

Postfix (last edited 2011-09-19 23:22:11 by localhost)