Well let's see how to configure SMTP authentication postfix. Let's start, taking into account that we already have installed Postfix start with the Base main.cf configuration file, when installing configure some parameters guided by the "wizard" in the same package, where we indicate the domain, the administrator ( to get emails from the report), among many other options. While these
configurations are further described below, to make our system 100% functional, safe and with a little less spam.
1. define the user Maildir the following commands: $ sudo
postconf-e 'home_mailbox = Maildir /'
$ sudo postconf-e 'mailbox_command ='
2.Configure Postfix to use SMTP Authentication (saslathd)
run these commands: $ sudo 
postconf-e 'smtpd_sasl_local_domain =' $ sudo postconf-e 'smtpd_sasl_auth_enable = yes' sudo postconf
-e 'smtpd_sasl_security_options = noanonymous'
$ sudo postconf-e 'broken_sasl_auth_clients = yes' $
sudo postconf -E 'smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination'
$ sudo postconf-e 'inet_interfaces = all'
3.Editamos the file / etc / postfix / sasl / smtpd.conf
(if there is no directory or file it believe)
place within the following:
pwcheck_method: saslauthd
mech_list: plain login
save and continue.
4.Generamos Certificates to be used for TLS Encryption. $ Touch smtpd.key
-assign the necessary permissions $ chmod 600
smtpd.key
-generate the certificate $ openssl genrsa
1024> smtpd.key
$ openssl req-new-key smtpd.key-x509-days 3650-out smtpd.crt
(answer what comes in the PROMPT)
$ openssl req-new-x509-extensions-keyout v3_ca cacert cakey.pem-out . PEM-days 3650 (answer the PROMPT)-now move
certificates smtpd.key
$ sudo mv / etc / ssl / private / $ sudo mv
smtpd.crt / etc / ssl / certs / sudo mv $
cakey . pem / etc / ssl / private / mv cacert.pem
$ sudo / etc / ssl / certs /
5. configure postfix to use TLS for outgoing and incoming
$ sudo postconf-e 'smtp_tls_security_level = may'
$ sudo postconf-e 'smtpd_tls_security_level = may'
$ sudo postconf-e 'smtpd_tls_auth_only = no'
$ Sudo postconf-e 'smtp_tls_note_starttls_offer = yes' sudo postconf
-e 'smtpd_tls_key_file = / etc / ssl / private / smtpd.key'
$ sudo postconf-e 'smtpd_tls_cert_file = / etc / ssl / certs / smtpd.crt'
$ sudo postconf-e 'smtpd_tls_CAfile = / etc / ssl / certs / cacert.pem' sudo postconf
-e 'smtpd_tls_loglevel = 1'
$ sudo postconf-e 'smtpd_tls_received_header = yes' sudo postconf
-e' smtpd_tls_session_cache_timeout = 3600s' sudo postconf
-e 'tls_random_source = dev: / dev / urandom' sudo postconf
-e 'myhostname = mail.th3d0ctor.net' # change it with your domain
6.nuestro
main.cf should look like this :
------------------------------------------------ --------------------------
smtpd_banner = $myhostname
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
myhostname = mail.th3d0ctor.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.th3d0ctor.com, th3d0ctor.com, localhost.th3d0ctor.com, localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command =
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions= permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
smtpd_tls_auth_only = no
#Use these on Postfix 2.2.x only
#smtp_use_tls = yes
#smtpd_use_tls = yes
#For Postfix 2.3 or above use:
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_received_header
smtpd_tls_loglevel = 1 = yes
tls_random_source smtpd_tls_session_cache_timeout = 3600s = dev: / dev / urandom
----------------------------- -------------------------------------------------
Postfix 7.reiniciamos
$ sudo / etc / init.d / postfix restart
9.ahora go with the authentication.
, we first need to install libsasl2-2 sasl2-bin and the main repository
$ sudo apt-get install libsasl2 sasl2-bin
- edit the file / etc / default / saslauthd
we remove the comment line: START = yes
- subscribe the following lines:
PWDIR = "/ var / spool / postfix / var / run / saslauthd"
PARAMS = "-m $ {PWDIR}"
pidfile = "$ {PWDIR} / saslauthd.pid"
- verify the mechanism used and is in "pam" should look like this
MECHANISMS = "pam"
- changed the options
line OPTIONS = "-c-m / var / spool / postfix / var / run / saslauthd"
NOTE
the remaining lines of the file can delete or comment.
complete file should look like this: ----------------------------------------
START = yes ------------------------------
PWDIR = "/ var / spool / postfix / var / run / saslauthd "PARAMS
="-m $ {PWDIR} "
pidfile =" $ {PWDIR} / saslauthd.pid "
MECHANISMS =" pam "
OPTIONS = "-c-m / var / spool / postfix / var / run / saslauthd"
---------------------------
-------------------------------------------- 10. update the dpkg "state", so that the startup script using the appropriate configuration: $ sudo dpkg-
statoverride - force - update - add root sasl 755 / var / spool / postfix / var / run / saslauthd
service 11.iniciamos
$ sudo / etc / init.d / saslauthd start
12 FINALAMENT E can test the configuration.
$ sudo telnet localhost 25
(after connecting copy) ehlo localhost
- if these two lines appear in the server's response, the configuration was correct. 250-STARTTLS
250-AUTH
13. nothing remains but remember that when you configure a mail client, thunderbird, evolution, outlook or whatever, we should activate the option that indicates the outgoing server requires authentication, if we do this, we get the error message " RELAY ACCESS DENIED. "
not being more ................. I leave there
0 comments:
Post a Comment