[CentOS] Postfix setup
Robert Moskowitz
rgm at htt-consult.com
Tue Mar 12 04:23:50 UTC 2013
On 03/11/2013 10:30 PM, Austin Einter wrote:
> Dear Robert Moskowitz
> The link
> */http://campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent6VirtMailServer/*you
> suggested is working great for me so far.
>
> At one point it says
>
>
> Configuring Postfix
>
> Here we go with more config files. You'll have to be sure to change
> some settings to match your host. The config files will have sections
> commented out. Don't worry about it. These sections are for
> spam/virus/sympa configuration. Just copy and past to create the
> config files. What ever you see here replaces what already exists.
>
> The main postfix config files.
> /etc/postfix/main.cf <http://main.cf>
>
Definately something wrong here. as root:
grep post install.log
You should see (for Centos 6.3):
Installing postfix-2.6.6-2.2.el6_1.i686
or x86_64 based on architecture. This creates all the postfix default
files. Or install postfix via yum.
>
>
> When I checked, I did not find any folder postfix in my /etc path.
> Even I searched the whole machine, I did not get main.cf
> <http://main.cf> anywhere.
> Does it mean that I have done some mistake somewhere in earlier steps.
>
> Even, in main.cf <http://main.cf> file given in above link has an
> entry as below.
>
> *daemon_directory = /usr/libexec/postfix*
>
> But in my machine I do not see any postfix folder in path
> /usr/libexec. However I found /var/lib/postfix folder. So should I use
> /var/lib/postfix instead of */usr/libexec/postfix*.
All the postfix directories in that howto work, but I did not go with
his 'use my main.cf' I studied it, using postconf and created a script
containing:
# postfix config file
# uncomment for debugging if needed
#postconf -e 'soft_bounce=yes'
# postfix main
postconf -e 'delay_warning_time = 4'
# network settings
postconf -e 'inet_interfaces = all'
postconf -e 'mydomain = mailserver.domain.com'
postconf -e 'myhostname = mail.mailserver.domain.com'
postconf -e 'mynetworks = $config_directory/mynetworks'
postconf -e 'relay_domains =
proxy:mysql:/etc/postfix/mysql-relay_domains_maps.cf'
# mail delivery
postconf -e 'recipient_delimiter = +'
# mappings
postconf -e 'alias_maps = hash:/etc/aliases'
postconf -e 'transport_maps = hash:/etc/postfix/transport'
# virtual setup
postconf -e 'virtual_alias_maps =
proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf,
regexp:/etc/postfix/virtual_regexp'
postconf -e 'virtual_mailbox_base = /home/vmail'
postconf -e 'virtual_mailbox_domains =
proxy:mysql:/etc/postfix/mysql-virtual_domains_maps.cf'
postconf -e 'virtual_mailbox_maps =
proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf'
postconf -e 'virtual_mailbox_limit_maps =
proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf'
postconf -e 'virtual_minimum_uid = 101'
postconf -e 'virtual_uid_maps = static:101'
postconf -e 'virtual_gid_maps = static:12'
postconf -e 'virtual_transport = dovecot'
postconf -e 'dovecot_destination_recipient_limit = 1'
# authentication
postconf -e 'smtpd_sasl_auth_enable = yes'
# postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'smtpd_sasl_local_domain = $myhostname'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_sasl_type = dovecot'
postconf -e 'smtpd_sasl_path = private/auth'
# tls config
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtp_tls_session_cache_database =
btree:$data_directory/smtp_tls_session_cache'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_security_level = may'
postconf -e 'smtpd_tls_session_cache_database =
btree:/var/lib/postfix/smtpd_scache'
# Change mail.example.com.* to your host name
postconf -e 'smtpd_tls_key_file =
/etc/pki/tls/private/mailserver.domain.com.key'
postconf -e 'smtpd_tls_cert_file =
/etc/pki/tls/certs/mailserver.domain.com.crt'
cat <<EOF>>main.cf || exit 1
# rules restrictions
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain
# uncomment for realtime black list checks
# ,reject_rbl_client zen.spamhaus.org
# ,reject_rbl_client bl.spamcop.net
# ,reject_rbl_client dnsbl.sorbs.net
EOF
postconf -e 'smtpd_helo_required = yes'
postconf -e 'disable_vrfy_command = yes'
postconf -e 'smtpd_data_restrictions = reject_unauth_pipelining'
============================================
that append above addresses that postconf cannot handle continues. You
can replace it with a single line command; I like the multiline formatting.
If you want more help, let's take it off list. I am at IETF in Orlando
right now, and IEEE 802 next week, then Passover after that, so my
posting speeds will vary.
More information about the CentOS
mailing list