Postfix
Prerequisites
Setup SQL
Directory /etc/postfix:
The tables already exist, we now need to tell postfix how to find them; the following *.cf files have the same head:
1 2 3 4 5 |
user = dovecot
password = yourpassword
hosts = 10.0.0.1
dbname = system
query = SELECT something FROM sometable WHERE somecol = '%s'
|
The last line is the query to fetch the infos:
- uids.cf:
query= SELECT "userdb_uid" FROM "dovecot_users" WHERE "user" LIKE '%s' - gids.cf:
query= SELECT "userdb_gid" FROM "dovecot_users" WHERE "user" LIKE '%s' - mailboxes.cf:
query= SELECT "mailbox" FROM "postfix_mailboxes" WHERE "userid" LIKE '%s' - transport.cf:
query= SELECT "transport" FROM "transport" WHERE "domain" LIKE '%s' - virtual.cf:
query= SELECT "userid" FROM "postfix_virtual" WHERE "address" LIKE '%s'
Now add the following in main.cf
1 2 3 4 5 6 7 8 9 10 11 12 13 |
# sql data
transport_maps = pgsql:/etc/postfix/transport.cf
virtual_uid_maps = pgsql:/etc/postfix/uids.cf
virtual_gid_maps = pgsql:/etc/postfix/gids.cf
virtual_mailbox_maps = pgsql:/etc/postfix/mailboxes.cf
virtual_maps = pgsql:/etc/postfix/virtual.cf
virtual_mailbox_base = /
# sasl for authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
|
And i changed the smtpd entries in the master.cf to be not chrooted:
1 2 |
smtp inet n - n - - smtpd
smtp unix - - n - - smtp
|
DKIM
- http://www.dkim.org/
- http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
- http://www.sendmail.com/sm/wp/dkim/ (milter plugin)
- DKIM fails at Content-Transfer-Encoding
Install dkim-filter:
1 2 3 |
aptitude install dkim-filter
mkdir /etc/dkim-filter
chmod go-rwx /etc/dkim-filter
|
Configure dkim-filter:
1 2 3 4 |
Syslog yes
UMask 002
Statistics /var/run/dkim-filter/dkim-stats
KeyList /etc/dkim-keys.conf
|
Add keys:
1 2 |
cd /etc/dkim-filter
dkim-genkey -b 1024 -d example.com -s selector0
|
And add them in /etc/dkim-keys.conf:
1 |
*@example.com:example.com:/etc/dkim-filter/selector0
|
Configure postfix to use dkim: append to /etc/postfix/main.cf:
1 2 3 4 |
milter_default_action = accept
milter_protocol = 2
smtpd_milters = unix:/var/run/dkim-filter/dkim-filter.sock
non_smtpd_milters = unix:/var/run/dkim-filter/dkim-filter.sock
|
and allow postfix to access the socket:
1 |
adduser postfix dkim-filter
|
Restart dkim-filter and postfix:
1 2 |
/etc/init.d/dkim-filter restart
/etc/init.d/postfix restart
|
And add the entries from /etc/dkim-filter/*.txt to your DNS server.
If it works you may want to add another DNS entry (this means “all outgoing for that domain mail is signed with dkim”):
1 |
_asp._domainkey.example.com 86400 IN TXT "dkim=all"
|