#cd /etc/postfix
#vi main.cf
Paste under mynetworks:
####### smtp auth
smtpd_tls_auth_only = yes
smtp_use_tls = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = cyrus
local_recipient_maps =
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
########
Then:
#vi master.cf
Paste under smtp:
smtps inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_sender=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o broken_sasl_auth_clients=yes
To check the SASL available mechanisms run:
#saslauthd -V
Set SASL authentication to start at system boot:
#chkconfig --levels 235 saslauthd on
Set up the encryption keys:
#mkdir /etc/postfix/ssl
#cd ssl/
#openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
#chmod 600 smtpd.key
#openssl req -new -key smtpd.key -out smtpd.csr
#openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
#openssl rsa -in smtpd.key -out smtpd.key.unencrypted
#mv -f smtpd.key.unencrypted smtpd.key
#openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
Set up the client certificate for importing into Internet Explorer (for Outlook) / Thunderbird (this will suppress warnings about using a self signed certificate):
#openssl pkcs12 -export -in smtpd.crt -inkey smtpd.key -out OutlookSMTP.p12
Reload the config:
#postfix reload
Check if the port is listening:
#netstat -ntpl | grep master
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 8366/master
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 8366/master
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 8366/master
Test if TLS and AUTH is working:
#telnet localhost 465
Dovecot config for POP3 IMAP
#vi /etc/dovecot
protocols imap imaps pop3s
Whichever services you are using, you need to configure the IP and port on which each one will listen.
protocol imap {
listen = 127.0.0.1:143
ssl_listen = 123.45.67.89:993
...
}
protocol pop3 {
# listen = 987.65.43.21:110
ssl_listen = 123.45.67.89:995
...
}
#vi main.cf
Paste under mynetworks:
####### smtp auth
smtpd_tls_auth_only = yes
smtp_use_tls = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = cyrus
local_recipient_maps =
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
########
Then:
#vi master.cf
Paste under smtp:
smtps inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_sender=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o broken_sasl_auth_clients=yes
To check the SASL available mechanisms run:
#saslauthd -V
Set SASL authentication to start at system boot:
#chkconfig --levels 235 saslauthd on
Set up the encryption keys:
#mkdir /etc/postfix/ssl
#cd ssl/
#openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
#chmod 600 smtpd.key
#openssl req -new -key smtpd.key -out smtpd.csr
#openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
#openssl rsa -in smtpd.key -out smtpd.key.unencrypted
#mv -f smtpd.key.unencrypted smtpd.key
#openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
Set up the client certificate for importing into Internet Explorer (for Outlook) / Thunderbird (this will suppress warnings about using a self signed certificate):
#openssl pkcs12 -export -in smtpd.crt -inkey smtpd.key -out OutlookSMTP.p12
Reload the config:
#postfix reload
Check if the port is listening:
#netstat -ntpl | grep master
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 8366/master
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 8366/master
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 8366/master
Test if TLS and AUTH is working:
#telnet localhost 465
Dovecot config for POP3 IMAP
#vi /etc/dovecot
protocols imap imaps pop3s
Whichever services you are using, you need to configure the IP and port on which each one will listen.
protocol imap {
listen = 127.0.0.1:143
ssl_listen = 123.45.67.89:993
...
}
protocol pop3 {
# listen = 987.65.43.21:110
ssl_listen = 123.45.67.89:995
...
}
Comments
Post a Comment