1 / 17

Mailserver

Mailserver. Why Postfix ?. Sendmail’s legacy Built from ground up Central queue-ing More future-proof Exim4 default of debian, but. Terms . SMTP (Simple Mail Transfer Protocol ) MTA (Postfix, Exim4, Sendmail, ... ) MDA (POP3, IMAP4, ...) MX – record FQDN. Dangers.

errin
Download Presentation

Mailserver

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mailserver

  2. Why Postfix ? Sendmail’s legacy Built from ground up Central queue-ing More future-proof Exim4 default of debian, but ...

  3. Terms • SMTP (Simple Mail Transfer Protocol ) • MTA (Postfix, Exim4, Sendmail, ... ) • MDA (POP3, IMAP4, ...) • MX – record • FQDN

  4. Dangers UBE (Unsollicited Bulk Emailers) UCE (Unsollicited Commercial Emailers) Open Relay

  5. Fresh copy of debian ! ( ) Desktop Environment ( ) Web Server ( ) Print Server ( ) DNS Server ( ) File Server ( ) Mail Server ( ) SQL database ( ) manual package selection Just proceed here as usual, installing a basic system More info in the book on page 106

  6. Prepare system # apt-get remove lpr nfs-common portmap pidentd pcmcia-cs pppoe \ pppoeconf ppp pppconfig Now, disable some service scripts: # update-inetd --remove daytime # update-inetd --remove telnet # update-inetd --remove time # update-inetd --remove finger # update-inetd --remove talk # update-inetd --remove ntalk # update-inetd --remove ftp # update-inetd --remove discard and restart the inetd superserver: # /etc/init.d/inetd reload

  7. /etc/hosts <jouw-ip> mail.jouwvoornaam.be

  8. Install Postfix and libraries apt-get install postfix postfix-doc postfix-tls libsasl2-2 sasl2-bin libsasl2-modules Choose “Internet Site”, also for local delivery Answer “NONE” if it asks where root’s mail should be delivered Insert your FQDN

  9. /etc/postfix/main.cf smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no append_dot_mydomain = no myhostname = mail.voornaam.be mydomain = voornaam.be myorigin = $mydomain inet_interfaces = all mydestination = $mydomain, localhost.$mydomain, localhost mynetworks = 172.16.99.0/24 More detailed information on p108-109

  10. Test mail ~$echo “This will go into the body of the mail.” | mail -s “Hello world” root@voornaam.be Check delivery with tail /var/log/mail.log Mar 3 15:20:07 debian postfix/qmgr[3777]: 3F452340B1: from=<root@philippe.be>, size=349, nrcpt=2 (queue active) Mar 3 15:20:07 debian postfix/local[3827]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled Mar 3 15:20:07 debian postfix/local[3818]: 3F452340B1: to=<user@philippe.be>, orig_to=<root@philippe.be>, relay=local, delay=0.06, delays=0.03/0/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox) Mar 3 15:20:07 debian postfix/local[3827]: 3F452340B1: to=<world?@philippe.be>, orig_to=<world?>, relay=local, delay=0.06, delays=0.03/0.01/0/0.01, dsn=5.1.1, status=bounced (unknown user: "world?") Mar 3 15:20:07 debian postfix/cleanup[3814]: 4A51B340B2: message-id=<20100303142007.4A51B340B2@mail.philippe.be> Mar 3 15:20:07 debian postfix/bounce[3819]: 3F452340B1: sender non-delivery notification: 4A51B340B2 Mar 3 15:20:07 debian postfix/qmgr[3777]: 4A51B340B2: from=<>, size=2085, nrcpt=1 (queue active) Mar 3 15:20:07 debian postfix/qmgr[3777]: 3F452340B1: removed Mar 3 15:20:07 debian postfix/local[3818]: 4A51B340B2: to=<user@philippe.be>, orig_to=<root@philippe.be>, relay=local, delay=0.02, delays=0.01/0/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox) Mar 3 15:20:07 debian postfix/qmgr[3777]: 4A51B340B2: removed

  11. SASLAUTHD Postfix runs with limited privileges PAM restricts Postfix to verify authentication Saslauthd runs as superuser under the Postfix process Limited security risks

  12. /etc/postfix/main.cf Add following lines in the postfix config : smtpd_sasl_local_domain = $myhostname smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_security_options = noanonymous smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

  13. Create SASL config # mkdir -p /etc/postfix/sasl # cd /etc/postfix/sasl Create the smtpd.conf file with these two lines: pwcheck_method: saslauthd mech_list: plain login You can now restart Postfix: # postfix reload

  14. Configure saslauthd 1. Create the necessary directory for the daemon: # mkdir -p /var/spool/postfix/var/run/saslauthd 2. Edit /etc/default/saslauthd to activate saslauthd. Remove the comment marker (#) from the line START=yes, then add the line: PARAMS="-m /var/spool/postfix/var/run/saslauthd -r" 3. Your file should now look like this: # This needs to be uncommented before saslauthd will be run automatically START=yes PARAMS="-m /var/spool/postfix/var/run/saslauthd -r" # You must specify the authentication mechanisms you wish to use. # This defaults to "pam" for PAM support, but may also include # "shadow" or "sasldb", like this: # MECHANISMS="pam shadow" MECHANISMS="pam“ 4. Next, edit /etc/init.d/saslauthd to change the location of saslauthd’s process ID file. Change the value of PIDFILE to the following: PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid“ 5. Start saslauthd: # /etc/init.d/saslauthd start

  15. Test with saslauthd Now test again the mail delivery and see what the difference is in the mail.log when you deliver to a known user and an unknown user.... Next week encryption and more ....

More Related