Linux-Noob Forums

Full Version: Setting Up Postfix On Debian Etch
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Ive read lots of 'how-tos' on how to do this but none of them worked on there own, I managed to get it working by merging bits of information together and heres how i got it working on Debian Etch, this might work on Debian Sarge too.

 

TARGET MACHINE

 

apt-get install postfix-tls sasl2-bin libsasl2 libsasl2-modules << stuff required for postfix

 

apt-get install popa3d << this is the pop daemon for downloading mail from server

 

 

edit /etc/default/saslauthd and make sure these lines say:

START=yes

MECHANISMS="pam"

 

 

edit /etc/postfix/sasl/smtpd.conf if this file doesnt exist create it!

pwcheck_method: saslauthd

 

 

edit /etc/postfix/main.cf (remove old config, copy and paste everything here but change ******)

 

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)

biff = no

append_dot_mydomain = no

myhostname = ****** # make sure this is resolvable (ie use yourmail.net)

mydomain = ****** # make sure this is resolvable, i got mine working using same as above.

myorigin = $mydomain

inet_interfaces = all

mydestination = $mydomain, localhost.$mydomain, localhost

mynetworks = 127.0.0.0/8, *.*.*.*/* # change this to local address + subnet so emails can be relayed out your box

 

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain = ****** # i used same as 'mydomain' above

broken_sasl_auth_clients = yes

smtpd_sender_restrictions = reject_unknown_sender_domain, reject_unverified_sender

smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

 

 

postfix does a chroot so it can’t communicate with saslauthd. heres how to get round it:

rm -r /var/run/saslauthd/

mkdir -p /var/spool/postfix/var/run/saslauthd

ln -s /var/spool/postfix/var/run/saslauthd /var/run

chgrp sasl /var/spool/postfix/var/run/saslauthd

adduser postfix sasl

 

 

add a test user (remember to remove after)

useradd test

passwd testpass

 

 

edit /etc/passwd (so test cannot log in via ssh)

test:x:1001:1001::/home/test:/bin/false <<change this to false

 

 

start postfix + saslauthd services

/etc/init.d/postfix reload

/etc/init.d/saslauthd start

 

 

TEST POSTFIX CONNECTION WITH TELNET ON REMOTE MACHINE

 

We need perl to generate the string for the SASL telnet authentication

 

perl -MMIME::Base64 -e 'print encode_base64("testtesttestpass");' << change test / testpass accordingly

dGVzdAB0ZXN0AHRlc3RwYXNz << this will be used for authentication on telnet

 

 

telnet postfixmachineip 25

 

type 'ehlo localhost'

you should see something like this:

 

250-randallbum.net

250-PIPELINING

250-SIZE 10240000

250-VRFY

250-ETRN

250-AUTH LOGIN PLAIN DIGEST-MD5 NTLM CRAM-MD5

250-AUTH=LOGIN PLAIN DIGEST-MD5 NTLM CRAM-MD5

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

 

now enter these commands and see if you get same response:

 

AUTH PLAIN dGVzdAB0ZXN0AHRlc3RwYXNz

235 2.0.0 Authentication successful

 

MAIL FROM:<anyreal@mailaddress>

250 2.1.0 Ok

 

RCPT TO:<test@yourmail.net>

250 2.1.5 Ok

 

DATA

354 End data with <CR><LF>.<CR><LF>

This is a test email message, this better f****** work!

. << end message with '.'

250 2.0.0 Ok: queued as F11F234271

 

QUIT

 

 

 

POPA3D opens POP port 110 on the post fix server and also authenticates with users on the system the same way as Postfix has been setup to do. You could test this by sending a test email to the test user using the above method then setup a client like 'Evolution' to receive POP mail by putting in these details under 'Receiving Mail'

 

Server: postfixmachineip

 

Username: test

 

Now when you check for new mail it will ask for a password so use 'testpass' if you used method used here.

 

And if all went well, you should of received the test email.

 

Now you can do the same and put in the SMTP details for 'Sending Email'

 

 

Dont forget to remove user 'test' and put in some real users with strong passwords and disable ssh access if needs be.