Thursday, October 15, 2009

Postfix Server

POSTFIX HOWTO
First check postfix is install or not. ( You need to require basic repository to be setup )
[root@mail ~]# yum list postfix
Loading "security" plugin
Loading "rhnplugin" plugin
Loading "installonlyn" plugin
This system is not registered with RHN.
RHN support will be disabled.
Setting up repositories
Reading repository metadata in from local files
Available Packages
postfix.i386 2:2.3.3-2 rhel
[root@mail ~]#
Now install postfix
[root@mail ~]# yum install postfix
Loading "security" plugin
Loading "rhnplugin" plugin
Loading "installonlyn" plugin
This system is not registered with RHN.
RHN support will be disabled.
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for postfix to pack into transaction set.
postfix-2.3.3-2.i386.rpm 100% |=========================| 41 kB 00:00
---> Package postfix.i386 2:2.3.3-2 set to be updated
--> Running transaction check
Dependencies Resolved
================================================================
Package Arch Version Repository Size
================================================================
Installing:
postfix i386 2:2.3.3-2 rhel 3.6 M
Transaction Summary
================================================================
Install 1 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 3.6 M
Is this ok [y/N]: y
Downloading Packages:
(1/1): postfix-2.3.3-2.i3 100% |=========================| 3.6 MB 00:00
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: postfix ######################### [1/1]
Installed: postfix.i386 2:2.3.3-2
Complete!
[root@mail ~]#
Let us make postfix default mta
[root@mail ~]# alternatives --display mta
mta - status is auto.
link currently points to /usr/sbin/sendmail.sendmail
/usr/sbin/sendmail.sendmail - priority 90
slave mta-pam: /etc/pam.d/smtp.sendmail
slave mta-mailq: /usr/bin/mailq.sendmail
slave mta-newaliases: /usr/bin/newaliases.sendmail
slave mta-rmail: /usr/bin/rmail.sendmail
slave mta-sendmail: /usr/lib/sendmail.sendmail
slave mta-mailqman: /usr/share/man/man1/mailq.sendmail.1.gz
slave mta-newaliasesman: /usr/share/man/man1/newaliases.sendmail.1.gz
slave mta-aliasesman: /usr/share/man/man5/aliases.sendmail.5.gz
slave mta-sendmailman: /usr/share/man/man8/sendmail.sendmail.8.gz
/usr/sbin/sendmail.postfix - priority 30
slave mta-pam: /etc/pam.d/smtp.postfix
slave mta-mailq: /usr/bin/mailq.postfix
slave mta-newaliases: /usr/bin/newaliases.postfix
slave mta-rmail: /usr/bin/rmail.postfix
slave mta-sendmail: /usr/lib/sendmail.postfix
slave mta-mailqman: /usr/share/man/man1/mailq.postfix.1.gz
slave mta-newaliasesman: /usr/share/man/man1/newaliases.postfix.1.gz
slave mta-aliasesman: /usr/share/man/man5/aliases.postfix.5.gz
slave mta-sendmailman: /usr/share/man/man1/sendmail.postfix.1.gz
Current `best' version is /usr/sbin/sendmail.sendmail.
[root@mail ~]#
[root@mail ~]# alternatives --config mta
There are 2 programs which provide 'mta'.
Selection Command
-----------------------------------------------
*+ 1 /usr/sbin/sendmail.sendmail
2 /usr/sbin/sendmail.postfix
Enter to keep the current selection[+], or type selection number: 2
[root@mail ~]#
Stop sendmail
[root@mail ~]# service sendmail stop
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
[root@mail ~]# chkconfig sendmail off
Start Postfix
[root@mail ~]# chkconfig postfix on
[root@mail ~]# service postfix start
Starting postfix: [ OK ]
[root@mail ~]#
CHECK POSTFIX LISTING ON .
[root@mail ~]# netstat -tlpn | grep ':25'
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 5108/master
[root@mail ~]#
As it is listing on localhost onle need to enabled it listen to all address.
[root@mail postfix]# postconf -n | grep interfaces
inet_interfaces = localhost
[root@mail postfix]#
FROM OTHER HOST 192.168.0.101
[root@mail postfix]# postconf -n | grep interfaces
inet_interfaces = localhost
[root@mail postfix]#
FROM LOCALHOST
[root@mail postfix]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.taashee.com ESMTP Postfix
SO LET IT LISTION TO ALL PORTS
[root@mail postfix]# grep inet_interfaces main.cf
# The inet_interfaces parameter specifies the network interface
#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
inet_interfaces = localhost
# the address list specified with the inet_interfaces parameter.
# receives mail on (see the inet_interfaces parameter).
# to $mydestination, $inet_interfaces or $proxy_interfaces.
# - destinations that match $inet_interfaces or $proxy_interfaces,
# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
[root@mail postfix]#
[root@mail postfix]# postconf inet_interfaces
inet_interfaces = localhost
[root@mail postfix]# postconf -e "inet_interfaces = all"
[root@mail postfix]# postconf inet_interfaces
inet_interfaces = all
[root@mail postfix]#
[root@mail postfix]# service postfix restart
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
[root@mail postfix]#
NOW CHECKING FROM OTHER HOST
[root@vhost ~]# telnet 192.168.0.253 25
Trying 192.168.0.253...
telnet: connect to address 192.168.0.253: No route to host
telnet: Unable to connect to remote host: No route to host
STILL REFUSING CONNECTION, CHECK FIREWALL AND ADD FOLLOWING RULES.
[root@mail postfix]# iptables -I INPUT -p tcp --dport 25 -m state --state NEW -j ACCEPT
[root@vhost ~]# telnet 192.168.0.253 25
Trying 192.168.0.253...
Connected to mail.taashee.com (192.168.0.253).
Escape character is '^]'.
220 mail.taashee.com ESMTP Postfix
check the trusted network.
[root@mail postfix]# postconf mynetworks
mynetworks = 127.0.0.0/8 192.168.122.0/24 192.168.0.0/24
FROM POSTFIX main.cf
# TRUST AND RELAY CONTROL
# The mynetworks parameter specifies the list of "trusted" SMTP
# clients that have more privileges than "strangers".
#
# In particular, "trusted" SMTP clients are allowed to relay mail
# through Postfix. See the smtpd_recipient_restrictions parameter
# in postconf(5).
#
# You can specify the list of "trusted" network addresses by hand
# or you can let Postfix do it for you (which is the default).
#
# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
# clients in the same IP subnetworks as the local machine.
# On Linux, this does works correctly only with interfaces specified
# with the "ifconfig" command.
#
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
# clients in the same IP class A/B/C networks as the local machine.
# Don't do this with a dialup site - it would cause Postfix to "trust"
# your entire provider's network. Instead, specify an explicit
# mynetworks list by hand, as described below.
#
# Specify "mynetworks_style = host" when Postfix should "trust"
# only the local machine.
Check defaults and current parameters.
[root@mail postfix]# postconf mynetworks_style
mynetworks_style = subnet
[root@mail postfix]# postconf -d mynetworks_style
mynetworks_style = subnet
checking myhostname parameters
[root@mail postfix]# postconf myhostname
myhostname = mail.taashee.com
[root@mail postfix]# postconf -d myhostname
myhostname = mail.taashee.com
[root@mail postfix]# postconf -d myorigin
myorigin = $myhostname
[root@mail postfix]# postconf -d mydomain
mydomain = example.com
[root@mail postfix]# postconf myorigin
myorigin = $myhostname
[root@mail postfix]#
CHECKING WITH MAIL COMMAND
[root@mail postfix]# su - raj
[raj@mail ~]$ echo testmail | mail -s thefirstmail rajat
THE OUTPUT OF tail -f /var/log/maillog.
July 711:07:27 mail postfix/pickup[6523]: 9FF6B135FCA: uid=511 from=
July 711:07:27 mail postfix/cleanup[8412]: 9FF6B135FCA: message-
id=<20090125053727.9FF6B135FCA@mail.taashee.com>
July 711:07:27 mail postfix/qmgr[6524]: 9FF6B135FCA: from=, size=336,
nrcpt=1 (queue active)
July 711:07:27 mail postfix/local[8414]: 9FF6B135FCA: to=, orig_to=,
relay=local, delay=0.07, delays=0.03/0.01/0/0.03, dsn=2.0.0, status=sent (delivered to mailbox)
July 711:07:27 mail postfix/qmgr[6524]: 9FF6B135FCA: removed
CHECKING MAIL ON RAJAT USER
[root@mail postfix]# mail -u rajat
Mail version 8.1 6/6/93. Type ? for help.
"/var/mail/rajat": 1 message 1 new
>N 1 rajat@mail. Sun July 711:07 14/498 "thefirstmail"
&
NOW CHANGE myorigin parameter
[root@mail postfix]# grep mydomain /etc/postfix/main.cf
# The mydomain parameter specifies the local internet domain name.
# $mydomain is used as a default value for many other configuration
#mydomain = domain.tld
# machines, you should (1) change this to $mydomain and (2) set up
myorigin = $mydomain
AND CHECK
[root@mail postfix]# postconf myorigin
myorigin = $mydomain
SET ALSO mydestination parameters.
[root@mail postfix]# postconf mydestination
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
SO WHENEVER YOU SEND A MAIL IT WILL SEND AS USER@mydomain instead of user@hostname and
$mydomain is also considered as local domain now.
LIKE FROM LOG
FIRST CASE WHEN myorigin = $myhostname
July 711:23:33 mail postfix/pickup[10798]: 91217135FD7: uid=511 from=
July 711:23:33 mail postfix/cleanup[10937]: 91217135FD7: message-
id=<20090125055333.91217135FD7@mail.taashee.com>
July 711:23:33 mail postfix/qmgr[10799]: 91217135FD7: from=, size=326,
nrcpt=1 (queue active)
July 711:23:33 mail postfix/local[10939]: 91217135FD7: to=, relay=local,
delay=0.04, delays=0.03/0.01/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
July 711:23:33 mail postfix/qmgr[10799]: 91217135FD7: removed
SECOND CASE WHEN myorigin = $mydomain
July 711:25:16 mail postfix/pickup[11177]: AE0F8135FD7: uid=511 from=
July 711:25:16 mail postfix/cleanup[11247]: AE0F8135FD7: message-
id=<20090125055516.AE0F8135FD7@mail.taashee.com>
July 711:25:16 mail postfix/qmgr[11178]: AE0F8135FD7: from=, size=315,
nrcpt=1 (queue active)
July 711:25:16 mail postfix/local[11249]: AE0F8135FD7: to=, relay=local,
delay=0.05, delays=0.04/0.01/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
July 711:25:16 mail postfix/qmgr[11178]: AE0F8135FD7: removed
REDUCE INFORMATION LEAKAGE BY DISABLING THE vrfy command
[root@mail postfix]# postconf disable_vrfy_command
disable_vrfy_command = no
[root@mail postfix]# postconf -e 'disable_vrfy_command = yes'
[root@mail postfix]# postconf disable_vrfy_command
disable_vrfy_command = yes
[root@mail postfix]#
LET US CHECK
[root@vhost ~]# telnet 192.168.0.253 25
Trying 192.168.0.253...
Connected to mail.taashee.com (192.168.0.253).
Escape character is '^]'.
220 mail.taashee.com ESMTP Postfix
vrfy rajat
502 5.5.1 VRFY command is disabled
[root@mail postfix]# postconf smtpd_banner
smtpd_banner = $myhostname ESMTP $mail_name
[root@vhost ~]# telnet 192.168.0.253 25
Trying 192.168.0.253...
Connected to mail.taashee.com (192.168.0.253).
Escape character is '^]'.
220 mail.taashee.com ESMTP Postfix
vrfy rajat
502 5.5.1 VRFY command is disabled
^]
telnet> quit
Connection closed.
[root@mail postfix]# postconf -e 'smtpd_banner = $myhostname ESMTP'
[root@mail postfix]# postconf smtpd_banner
smtpd_banner = $myhostname ESMTP
[root@mail postfix]# service postfix restart
Shutting down postfix: [ OK ]
Starting postfix:
[root@vhost ~]# telnet 192.168.0.253 25
Trying 192.168.0.253...
Connected to mail.taashee.com (192.168.0.253).
Escape character is '^]'.
220 mail.taashee.com ESMTP
FORCE CONNECTING HOST TO ISSUE A CORRECT HELO OR EHLO BEFORE SENDING ANY COMMAND
[root@mail postfix]# postconf smtpd_helo_required
smtpd_helo_required = no
[root@mail postfix]# postconf -e 'smtpd_helo_required = yes'
[root@mail postfix]# postconf smtpd_helo_required
smtpd_helo_required = yes
[root@mail postfix]# service postfix restart
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
[root@mail postfix]#
SIMILARLY ALSO SEND HELO OR EHLO WHEN WE ESTABLIESHED THE CONNECTION
[root@mail postfix]# postconf smtp_always_send_ehlo
smtp_always_send_ehlo = yes
LET US SETUP MAIL BOX DELEVERY AS MAIL DIR.
[root@mail postfix]# postconf home_mailbox
home_mailbox = Maildir/
[root@mail postfix]# postconf -e 'home_mailbox = Maildir/'
[root@mail postfix]# yum install dovecot
Loading "security" plugin
Loading "rhnplugin" plugin
Loading "installonlyn" plugin
This system is not registered with RHN.
RHN support will be disabled.
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for dovecot to pack into transaction set.
dovecot-1.0-1.2.rc15.el5. 100% |=========================| 27 kB 00:00
---> Package dovecot.i386 0:1.0-1.2.rc15.el5 set to be updated
--> Running transaction check
--> Processing Dependency: libmysqlclient.so.15(libmysqlclient_15) for package: dovecot
--> Processing Dependency: libmysqlclient.so.15 for package: dovecot
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for mysql to pack into transaction set.
mysql-5.0.22-2.1.0.1.i386 100% |=========================| 36 kB 00:00
---> Package mysql.i386 0:5.0.22-2.1.0.1 set to be updated
--> Running transaction check
--> Processing Dependency: perl(DBI) for package: mysql
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for perl-DBI to pack into transaction set.
perl-DBI-1.52-1.fc6.i386. 100% |=========================| 16 kB 00:00
---> Package perl-DBI.i386 0:1.52-1.fc6 set to be updated
--> Running transaction check
Dependencies Resolved
================================================================
Package Arch Version Repository Size
================================================================
Installing:
dovecot i386 1.0-1.2.rc15.el5 rhel 1.5 M
Installing for dependencies:
mysql i386 5.0.22-2.1.0.1 rhel 3.0 M
perl-DBI i386 1.52-1.fc6 rhel 605 k
Transaction Summary
================================================================
Install 3 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 5.1 M
Is this ok [y/N]: y
Downloading Packages:
(1/3): dovecot-1.0-1.2.rc 100% |=========================| 1.5 MB 00:00
(2/3): perl-DBI-1.52-1.fc 100% |=========================| 605 kB 00:00
(3/3): mysql-5.0.22-2.1.0 100% |=========================| 3.0 MB 00:00
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: perl-DBI ######################### [1/3]
Installing: mysql ######################### [2/3]
Installing: dovecot ######################### [3/3]
Installed: dovecot.i386 0:1.0-1.2.rc15.el5
Dependency Installed: mysql.i386 0:5.0.22-2.1.0.1 perl-DBI.i386 0:1.52-1.fc6
Complete!
[root@mail postfix]#
UNCOMMENT THE FOLLOWING LINE FROM /etc/dovecot.conf
protocols = imap imaps pop3 pop3s
AS WE NEED TO SETUP DOVECOT TO ACCEPT MAIL AS MAILDIR FORMAT WE NEED TO CHANGE
FOLLOWING LINE ALSO.
mail_location = maildir:~/Maildir
[root@mail postfix]# service dovecot restart
Stopping Dovecot Imap: [FAILED]
Starting Dovecot Imap: [ OK ]
[root@mail postfix]# chkconfig dovecot on
[root@mail postfix]#
LET US NOW CONFIGURE SASL ON CLIENT SIDE AUTHENTICATION
[root@mail postfix]# chkconfig --list | grep saslauthd
saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@mail postfix]#
[root@mail postfix]# chkconfig saslauthd on
ONE CAN REFFER [root@mail postfix]# vim /usr/share/doc/postfix-2.3.3/README_FILES/SASL_README
[root@mail postfix]# postconf smtpd_sasl_auth_enable
smtpd_sasl_auth_enable = no
[root@mail postfix]# postconf -e 'smtpd_sasl_auth_enable = yes'
[root@mail postfix]# postconf smtpd_sasl_auth_enable
smtpd_sasl_auth_enable = yes
FROM main.cf
#sasl authentication
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =
permit_mynetworks permit_sasl_authenticated
smtpd_sasl_authenticated_header = yes
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
---------------
Added dovecot configuration on date
-----------
Add following entry in "auth default " section at the end. ( /etc/dovecot.conf )
---------entry start-----------
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
} <-----------do not add this, it is already there to complete the auth default section.
-----------end----------
Thanks.
Rajat
Post a Comment