Tuesday, June 15, 2010

second postfix instance with auth smtp

See advosys.ca help.ubuntu.com adomas.org postfix.org

Copy config dir
cp -rp /etc/postfix /etc/postfix-out

Create file /etc/postfix-out/sasl/smtpd.conf with
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
Note, that previous plaintext mechanism send credentials unencrypted. Therefore TLS-encrypted SMTP session is used.

Add following lines to /etc/postfix-out/main.cf
queue_directory = /var/spool/postfix-out
data_directory = /var/lib/postfix-out

Create and copy queue and data directories
mkdir /var/spool/postfix-out
postfix -c /etc/postfix-out check
cp -rp /var/lib/postfix /var/lib/postfix-out
cp -rp /var/spool/postfix/etc /var/spool/postfix-out
cp -rp /var/spool/postfix/usr /var/spool/postfix-out
cp -rp /var/spool/postfix/lib /var/spool/postfix-out

Add following line to /etc/postfix/main.cf
alternate_config_directories = /etc/postfix-out

Modify port no. for smtp at /etc/postfix-out/master.cf

1025 inet n - - - - smtpd

Test start
postfix -c /etc/postfix-out start

Install sasl and mkdir var folder
apt-get install libsasl2-2 sasl2-bin


Modify /etc/init.d/saslauthd
PIDFILE=/var/spool/postfix-out/var/run/saslauthd/saslauthd.pid

Modify /etc/default/saslauthd
START=yes
PWDIR="/var/spool/postfix-out/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"
OPTIONS="-c -m /var/spool/postfix-out/var/run/saslauthd"

Create dirs for sasl in chroot postfix
dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix-out/var/run/saslauthd

Add following lines to /etc/postfix-out/main.cf
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_path = smtpd

Restart all services
/etc/init.d/saslauthd restart
/etc/init.d/postfix restart
postfix -c /etc/postfix-out stop
postfix -c /etc/postfix-out start


Test by sasl
testsaslauthd -u USERNAME -p PASSWORD -f /var/spool/postfix-out/var/run/saslauthd/mux

Test by telnet
telnet SERVER_ADDRESS 1025
Trying IPADDRESS...
Connected to SERVER_NAME.
Escape character is '^]'.
220 SERVERNAME ESMTP Postfix (Ubuntu)
ehlo localhost
250-SERVERNAME
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN


Create startup script
cp /etc/init.d/postfix /etc/init.d/postfix-out

And replace pairs in new file
/etc/postfix by /etc/postfix-out
postfix by postfix -c /etc/postfix-out
/var/spool/postfix by /var/spool/postfix-out
postconf by postconf -c /etc/postfix-out

Now make symlinks in rc.d to /etc/init.d/postfix-out, e.g.
ln -s /etc/init.d/postfix-out /etc/rc6.d/K01postfix-out
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)