Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@servername:~# telnet localhost 25
- Trying ::1...
- Connected to localhost.
- Escape character is '^]'.
- 220 servername.com ESMTP Postfix (Ubuntu)
- EHLO test
- 250-servername.de
- 250-PIPELINING
- 250-SIZE 10240000
- 250-VRFY
- 250-ETRN
- 250-STARTTLS
- 250-ENHANCEDSTATUSCODES
- 250-8BITMIME
- 250-DSN
- 250 SMTPUTF8
- root@servername:~# cat /etc/default/saslauthd
- #
- # Settings for saslauthd daemon
- # Please read /usr/share/doc/sasl2-bin/README.Debian for details.
- #
- # Should saslauthd run automatically on startup? (default: no)
- START=yes
- # Description of this saslauthd instance. Recommended.
- # (suggestion: SASL Authentication Daemon)
- DESC="SASL Authentication Daemon"
- # Short name of this saslauthd instance. Strongly recommended.
- # (suggestion: saslauthd)
- NAME="saslauthd"
- # Which authentication mechanisms should saslauthd use? (default: pam)
- #
- # Available options in this Debian package:
- # getpwent -- use the getpwent() library function
- # kerberos5 -- use Kerberos 5
- # pam -- use PAM
- # rimap -- use a remote IMAP server
- # shadow -- use the local shadow password file
- # sasldb -- use the local sasldb database file
- # ldap -- use LDAP (configuration is in /etc/saslauthd.conf)
- #
- # Only one option may be used at a time. See the saslauthd man page
- # for more information.
- #
- # Example: MECHANISMS="pam"
- MECHANISMS="shadow"
- # Additional options for this mechanism. (default: none)
- # See the saslauthd man page for information about mech-specific options.
- MECH_OPTIONS=""
- # How many saslauthd processes should we run? (default: 5)
- # A value of 0 will fork a new process for each connection.
- THREADS=5
- # Other options (default: -c -m /var/run/saslauthd)
- # Note: You MUST specify the -m option or saslauthd won't run!
- #
- # WARNING: DO NOT SPECIFY THE -d OPTION.
- # The -d option will cause saslauthd to run in the foreground instead of as
- # a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
- # to run saslauthd in debug mode, please run it by hand to be safe.
- #
- # See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
- # See the saslauthd man page and the output of 'saslauthd -h' for general
- # information about these options.
- #
- # Example for chroot Postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
- # Example for non-chroot Postfix users: "-c -m /var/run/saslauthd"
- #
- # To know if your Postfix is running chroot, check /etc/postfix/master.cf.
- # If it has the line "smtp inet n - y - - smtpd" or "smtp inet n - - - - smtpd"
- # then your Postfix is running in a chroot.
- # If it has the line "smtp inet n - n - - smtpd" then your Postfix is NOT
- # running in a chroot.
- OPTIONS="-c -m /var/run/saslauthd"
- # OPTIONS="-c -m /var/run/spool/postfix/var/run/saslauthd"
- root@servername:~# cat /etc/postfix/sasl/smtpd.conf
- pwcheck_method: saslauthd
- mech_list: PLAIN LOGIN
- saslauthd_path: /var/run/saslauthd/mux
- log_level: 7
- #auxprop_plugin: sasldb
- root@servername:~# ps ax|grep saslauthd
- 1112 ? Ss 0:00 /usr/sbin/saslauthd -a shadow -c -m /var/run/saslauthd -n 5
- 1113 ? S 0:00 /usr/sbin/saslauthd -a shadow -c -m /var/run/saslauthd -n 5
- 1114 ? S 0:00 /usr/sbin/saslauthd -a shadow -c -m /var/run/saslauthd -n 5
- 1115 ? S 0:00 /usr/sbin/saslauthd -a shadow -c -m /var/run/saslauthd -n 5
- 1116 ? S 0:00 /usr/sbin/saslauthd -a shadow -c -m /var/run/saslauthd -n 5
- root@servername:~# cat /var/log/auth.log|grep saslauthd
- [...]
- Oct 24 16:05:55 servername saslauthd[1112]: detach_tty : master pid is: 1112
- Oct 24 16:05:55 servername saslauthd[1112]: ipc_init : listening on socket: /var/run/saslauthd/mux
- root@servername:~# cat /etc/group|grep sasl
- sasl:x:45:postfix
- root@servername:~# id -G postfix
- 121 45
- root@servername:~# ls -l /var/run/saslauthd/
- total 968
- -rw------- 1 root root 0 Oct 24 16:05 cache.flock
- -rw------- 1 root root 986112 Oct 24 16:05 cache.mmap
- srwxrwxrwx 1 root root 0 Oct 24 16:05 mux
- -rw------- 1 root root 0 Oct 24 16:05 mux.accept
- -rw------- 1 root root 5 Oct 24 16:05 saslauthd.pid
- root@servername:~# ls -l /usr/lib/sasl2
- total 8
- -rw-r--r-- 1 root root 4 Oct 24 14:44 berkeley_db.active
- -rw-r--r-- 1 root root 4 Apr 5 2016 berkeley_db.txt
- lrwxrwxrwx 1 root root 28 Oct 24 16:21 smtpd.conf -> /etc/postfix/sasl/smtpd.conf
- root@servername:/etc/postfix# cat main.cf
- # See /usr/share/postfix/main.cf.dist for a commented, more complete version
- # Debian specific: Specifying a file name will cause the first
- # line of that file to be used as the name. The Debian default
- # is /etc/mailname.
- #myorigin = /etc/mailname
- compatibility_level=2
- smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
- biff = no
- # appending .domain is the MUA's job.
- append_dot_mydomain = no
- # Uncomment the next line to generate "delayed mail" warnings
- #delay_warning_time = 4h
- readme_directory = no
- # TLS parameters
- smtpd_tls_cert_file = /etc/letsencrypt/live/servername.com/fullchain.pem
- smtpd_tls_key_file = /etc/letsencrypt/live/servername.com/privkey.pem
- smtpd_use_tls = yes
- smtpd_tls_auth_only = yes
- smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
- smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
- tls_ssl_options = NO_COMPRESSION
- tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
- ### outgoing connections ###
- smtp_tls_security_level = may
- smtp_tls_cert_file = /etc/letsencrypt/live/servername.com/fullchain.pem
- smtp_tls_key_file = /etc/letsencrypt/live/servername.com/privkey.pem
- smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
- # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
- # information on enabling SSL in the smtp client.
- smtpd_sasl_type = dovecot
- smtpd_sasl_path = smtpd
- smtpd_sasl_auth_enable = yes
- broken_sasl_auth_clients = yes
- smtpd_recipient_restrictions =
- permit_sasl_authenticated,
- permit_mynetworks,
- reject_unauth_destination
- smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_invalid_hostname, reject_unauth_pipelining, reject_non_fqdn_hostname
- smtpd_sasl_security_options = noanonymous
- #smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
- myhostname = servername.com
- alias_maps = hash:/etc/aliases
- alias_database = hash:/etc/aliases
- myorigin = /etc/mailname
- #mydestination = $myhostname, servername.com, localhost.com, , localhost
- mydestination = localhost
- relayhost =
- mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
- mailbox_size_limit = 0
- recipient_delimiter = +
- inet_interfaces = all
- inet_protocols = all
- #Handing off local delivery to Dovecot's LMTP, and telling it where to store mail
- virtual_transport = lmtp:unix:private/dovecot-lmtp
- #Virtual domains, users, and aliases
- virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
- virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
- virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,
- mysql:/etc/postfix/mysql-virtual-email2email.cf
- always_bcc = alwaysbcc@localhost
- recipient_bcc_maps = hash:/etc/postfix/recipient_bcc_maps
- root@servername:/etc/postfix# cat master.cf
- #
- # Postfix master process configuration file. For details on the format
- # of the file, see the master(5) manual page (command: "man 5 master" or
- # on-line: http://www.postfix.org/master.5.html).
- #
- # Do not forget to execute "postfix reload" after editing this file.
- #
- # ==========================================================================
- # service type private unpriv chroot wakeup maxproc command + args
- # (yes) (yes) (no) (never) (100)
- # ==========================================================================
- smtp inet n - - - - smtpd
- #smtp inet n - y - 1 postscreen
- #smtpd pass - - y - - smtpd
- #dnsblog unix - - y - 0 dnsblog
- #tlsproxy unix - - y - 0 tlsproxy
- submission inet n - - - - smtpd
- -o syslog_name=postfix/submission
- -o smtpd_tls_security_level=encrypt
- -o smtpd_sasl_auth_enable=yes
- -o smtpd_reject_unlisted_recipient=no
- -o smtpd_client_restrictions=$mua_client_restrictions
- -o smtpd_helo_restrictions=$mua_helo_restrictions
- -o smtpd_sender_restrictions=$mua_sender_restrictions
- -o smtpd_recipient_restrictions=
- -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
- -o milter_macro_daemon_name=ORIGINATING
- smtps inet n - - - - smtpd
- -o syslog_name=postfix/smtps
- -o smtpd_tls_wrappermode=yes
- -o smtpd_sasl_auth_enable=yes
- -o smtpd_reject_unlisted_recipient=no
- -o smtpd_client_restrictions=$mua_client_restrictions
- -o smtpd_helo_restrictions=$mua_helo_restrictions
- -o smtpd_sender_restrictions=$mua_sender_restrictions
- -o smtpd_recipient_restrictions=
- -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
- -o milter_macro_daemon_name=ORIGINATING
- #628 inet n - y - - qmqpd
- pickup unix n - y 60 1 pickup
- cleanup unix n - y - 0 cleanup
- qmgr unix n - n 300 1 qmgr
- #qmgr unix n - n 300 1 oqmgr
- tlsmgr unix - - y 1000? 1 tlsmgr
- rewrite unix - - y - - trivial-rewrite
- bounce unix - - y - 0 bounce
- defer unix - - y - 0 bounce
- trace unix - - y - 0 bounce
- verify unix - - y - 1 verify
- flush unix n - y 1000? 0 flush
- proxymap unix - - n - - proxymap
- proxywrite unix - - n - 1 proxymap
- smtp unix - - y - - smtp
- relay unix - - y - - smtp
- # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
- showq unix n - y - - showq
- error unix - - y - - error
- retry unix - - y - - error
- discard unix - - y - - discard
- local unix - n n - - local
- virtual unix - n n - - virtual
- lmtp unix - - y - - lmtp
- anvil unix - - y - 1 anvil
- scache unix - - y - 1 scache
- #
- # ====================================================================
- # Interfaces to non-Postfix software. Be sure to examine the manual
- # pages of the non-Postfix software to find out what options it wants.
- #
- # Many of the following services use the Postfix pipe(8) delivery
- # agent. See the pipe(8) man page for information about ${recipient}
- # and other message envelope options.
- # ====================================================================
- #
- # maildrop. See the Postfix MAILDROP_README file for details.
- # Also specify in main.cf: maildrop_destination_recipient_limit=1
- #
- maildrop unix - n n - - pipe
- flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
- #
- # ====================================================================
- #
- # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
- #
- # Specify in cyrus.conf:
- # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
- #
- # Specify in main.cf one or more of the following:
- # mailbox_transport = lmtp:inet:localhost
- # virtual_transport = lmtp:inet:localhost
- #
- # ====================================================================
- #
- # Cyrus 2.1.5 (Amos Gouaux)
- # Also specify in main.cf: cyrus_destination_recipient_limit=1
- #
- #cyrus unix - n n - - pipe
- # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
- #
- # ====================================================================
- # Old example of delivery via Cyrus.
- #
- #old-cyrus unix - n n - - pipe
- # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
- #
- # ====================================================================
- #
- # See the Postfix UUCP_README file for configuration details.
- #
- uucp unix - n n - - pipe
- flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
- #
- # Other external delivery methods.
- #
- ifmail unix - n n - - pipe
- flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
- bsmtp unix - n n - - pipe
- flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
- scalemail-backend unix - n n - 2 pipe
- flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
- mailman unix - n n - - pipe
- flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
- ${nexthop} ${user}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement