|
Name: Postfix
HomePage: http://www.postfix.org/
Function:
Postfix attempts to be fast, easy to administer, and secure, while at
the same time being sendmail compatible enough to not upset existing
users Name: OpenSSL
HomePage: http://www.openssl.org/
Function: developed for transmitting private documents via the Internet using cryptographic a system
1. Lets start with making some changes to your postfix main.cf file
nano /etc/postfix/main.cf main.cf:
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
inet_interfaces = all
|
2. Now let’s setup the saslauth files, add the following information to the bottom of each file.
nano /usr/lib/sasl2/smtpd.conf
smtpd.conf:
|
pwcheck_method: saslauthd
|
nano /usr/lib/sasl/smtpd.conf
smtpd.conf:
3. Now let’s setup the OpenSSL directories ready for the OpenSSL certificates
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
4. Next we will make the OpenSSL certificates
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
5. Next step for setting up an OpenSSL certificate for postfix
openssl req -new -key smtpd.key -out smtpd.csr
6. Once that is done move onto the next openssl command for setting up OpenSSL certificates for postfix
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
7. Now remove the OpenSSL encryption on the postfix certificate file
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
8. Once it is all done change the name of the OpenSSL certificate
mv -f smtpd.key.unencrypted smtpd.key
9. Now change the permissions on the file
chmod 600 smtpd.key
10. Finally one last command for setting up the OpenSSL certificate for postfix
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
11. Now we need to add some more information to the postfix main.cf file
nano /etc/postfix/main.cf
main.cf:
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom |
12. Now let’s start the postfix & saslauthd servers.
/etc/init.d/postfix start
/etc/init.d/saslauthd start
13. The last step is to set postfix & saslauthd servers to start on boot
chkconfig saslauthd on
chkconfig postfix on
14. To see if SMTP-AUTH and TLS work properly now run the following command:
telnet localhost 25
After you have established the connection to your postfix mail server type
ehlo localhost
If you see the lines
250-STARTTLS
&
250-AUTH
then that means everything is fine.
BookMarking:
cell1
|
|
cell3 |
|
cell4
|
|
Trouble Shooting:
Go to the wiki page
Go to the 'Contact Us ' Forum
Go to the how-to's Support Forum
External Links:
http://www.falkotimme.com/howtos/perfect_setup_fedora_core_4/ |
