Postfix

Prerequisites

Setup SQL

Directory /etc/postfix:

The tables already exist, we now need to tell postfix how to find them; the following *.cf files have the same head:

1
2
3
4
5
user = dovecot
password = yourpassword
hosts = 10.0.0.1
dbname = system
query = SELECT something FROM sometable WHERE somecol = '%s'

The last line is the query to fetch the infos:

  • uids.cf: query= SELECT "userdb_uid" FROM "dovecot_users" WHERE "user" LIKE '%s'
  • gids.cf: query= SELECT "userdb_gid" FROM "dovecot_users" WHERE "user" LIKE '%s'
  • mailboxes.cf: query= SELECT "mailbox" FROM "postfix_mailboxes" WHERE "userid" LIKE '%s'
  • transport.cf: query= SELECT "transport" FROM "transport" WHERE "domain" LIKE '%s'
  • virtual.cf: query= SELECT "userid" FROM "postfix_virtual" WHERE "address" LIKE '%s'

Now add the following in main.cf

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
# sql data
transport_maps = pgsql:/etc/postfix/transport.cf
virtual_uid_maps = pgsql:/etc/postfix/uids.cf
virtual_gid_maps = pgsql:/etc/postfix/gids.cf
virtual_mailbox_maps = pgsql:/etc/postfix/mailboxes.cf
virtual_maps = pgsql:/etc/postfix/virtual.cf
virtual_mailbox_base = /

# sasl for authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

And i changed the smtpd entries in the master.cf to be not chrooted:

1
2
smtp      inet  n       -       n       -       -       smtpd
smtp      unix  -       -       n       -       -       smtp

DKIM

Install dkim-filter:

1
2
3
aptitude install dkim-filter
mkdir /etc/dkim-filter
chmod go-rwx /etc/dkim-filter

Configure dkim-filter:

1
2
3
4
Syslog                  yes
UMask                   002
Statistics              /var/run/dkim-filter/dkim-stats
KeyList                 /etc/dkim-keys.conf

Add keys:

1
2
cd /etc/dkim-filter
dkim-genkey -b 1024 -d example.com -s selector0

And add them in /etc/dkim-keys.conf:

1
*@example.com:example.com:/etc/dkim-filter/selector0

Configure postfix to use dkim: append to /etc/postfix/main.cf:

1
2
3
4
milter_default_action = accept
milter_protocol = 2
smtpd_milters = unix:/var/run/dkim-filter/dkim-filter.sock
non_smtpd_milters = unix:/var/run/dkim-filter/dkim-filter.sock

and allow postfix to access the socket:

1
adduser postfix dkim-filter

Restart dkim-filter and postfix:

1
2
/etc/init.d/dkim-filter restart
/etc/init.d/postfix restart

And add the entries from /etc/dkim-filter/*.txt to your DNS server.

If it works you may want to add another DNS entry (this means “all outgoing for that domain mail is signed with dkim”):

1
_asp._domainkey.example.com 86400 IN TXT "dkim=all"

Generated using nanoc and bootstrap - Last content change: 2011-06-10 07:41