Postfix with TLS and Sasl

by Mike on October 30, 2009 · 2 comments

in Postfix Mail Server

Install and Configure Postfix
Postifx is installed by default and the only real setting you have to make is to set it to be an Internet server.

/etc/postfix/main.cf
Note is this setup TLS is using the certs provided by the system, you need to create your own but you can get it working with the default.  The sasl authentication is using dovecot as the means of authenticating.  The smtpd_sasl_path is actually inside the chroot for SMTP at /var/spool/postfix/private/dovecot-sasl-auth.  In several places changes need to be made to the configuration to provide for this problem as the chroot prohibits communication with some files.  The mynetworks setting in this example only allows the localhost to send mail but since SMTP AUTH is used mobile users who authenticate can use the server.

Ubuntu Mail server Course
Secure Connections
Postfix with TLS
Dovecot with Sasl
SMTP AUTH
Secure Client

Ubuntu 9.10 Server Course now available.

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# Sasl parameters
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = example.com
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-sasl-auth
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination

myhostname = ub910s
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = ub910s.example.com, ub910s, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

{ 1 comment }

Ante Karamatic October 31, 2009 at 3:02 am

Or… you can just install dovecot-postfix package which will do everything for you.

{ 1 trackback }

Previous post:

Next post: