Postfix

Vorher openssl installieren

"wget http://www.mirrorspace.org/postfix/official/postfix-2.4.6.tar.gz"
"tar -xvzf postfix-2.4.6.tar.gz"
"cd postfix-2.4.6"
mit LibreSSL:
	"vi src/tls/tls.h" ->
	//#if OPENSSL_VERSION_NUMBER < 0x10100000L
	#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)

Mit SSL(TSL) und sasl Support ->
	"make tidy"
	"make makefiles CCARGS="-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl" AUXLIBS="-lssl -lcrypto -L/usr/lib -lsasl2" "

"make"
"make install"
Daraufhin kommen einige Abfragen die nach Vorschlag von Postfix übernommen werden.
Eventuell "ps -ef | grep -i post" -> "kill /usr/lib/postfix/master"
"/etc/init.d/postfix restart" (Bei SuSE)

#Postfix Kommandos##################
postconf -d mail_version = Zeigt die Version an

#Installation ohne SuSE Yast#################################
"wget 	http://de.postfix.org/ftpmirror/official/postfix-2.6.0.tar.gz"
"tar -xzf postfix-2.6.0.tar.gz"
"groupadd postfix"
"useradd -g postfix -s /bin/false -c "Postfix user" postfix"
"mkdir /etc/postfix"
"mkdir /usr/libexec/postfix"
"mkdir /var/lib/postfix"
"chown -R postfix:postfix /var/lib/postfix"
"mkdir /var/spool/postfix"
"groupadd postdrop"
Mit SSL(TSL) und sasl Support ->
	"make tidy"
	"make makefiles CCARGS="-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl" AUXLIBS="-lssl -lcrypto -L/usr/lib64 -lsasl2 -ldl" "
"make"
"make install"
Dann den Anweisungen folgen

Dann main.cf und master.cf gemäß den Vorlagen anpassen

"cd /etc/postfix"
"postmap canonical"
"postmap virtual"
"postmap access"
"postmap relocated"
"postmap transport"
"touch sender_canonical"
"postmap sender_canonical"

"postfix start" zum starten
"postfix stop" zum stopen

"postfix -vvv start" = -vvv Debug Output

Achtung auf Verzeichnis und Dateiberechtigung achten, da das Arbeitsverzeichnis unter /var/spool/postfix liegt.
Zu testen unter anderem "su - postfix" (usermod -s /bin/bash postfix) . Sollte ein Permission denied kommen die Berechtigungen anpassen.
Korrekte Permissions:
stat /var/
	Access: (2755/drwxr-sr-x)  Uid: (    0/    root)   Gid: (    0/    root)
stat /var/spool/
	Access: (0755/drwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
stat /var/spool/postfix
	Access: (0755/drwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Sonst kann es zu folgenden Fehler kommen.
	2017-04-27T10:23:18.949764+02:00 control postfix/master[10579]: fatal: open lock file /var/lib/postfix/master.lock: cannot open file: Permission denied
	Oder via "strace -f postfix start"
		[pid 10579] geteuid()                   = 0
		[pid 10579] setresgid(-1, 51, -1)       = 0
		[pid 10579] setgroups(1, [51])          = 0
		[pid 10579] setresuid(-1, 51, -1)       = 0
		[pid 10579] open("/var/lib/postfix/master.lock", O_RDWR) = -1 EACCES (Permission denied)
		[pid 10579] getgid()                    = 0
		[pid 10579] getuid()                    = 0
		[pid 10579] geteuid()                   = 51

	
#Mail Relay Einstellungen#######################################
für googlemail (postfix mit SSL(TSL) und SASL Support kompiliern):
"vi /etc/postfix/sasl_passwd" -> smtp.googlemail.com opensolutionit@googlemail.com:<passwort>
"postmap /etc/postfix/sasl_passwd"
"vi /etc/postfix/main.cf" ->
	relayhost = [smtp.googlemail.com]		#Eckige Klammern deshalb, da googlemail keinen DNS MX Eintrag liefert und postfix sonst nicht senden kann.
	#relayhost = [smtp.gmail.com]:587
	smtp_sasl_auth_enable = yes
	smtpd_sasl_auth_enable = yes
	smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
	smtp_sasl_security_options = noanonymous
	smtp_sasl_mechanism_filter = plain, login
	#smtpd_tls_cert_file = /etc/ssl/certs/Thawte_Premium_Server_CA.pem				#( wget --no-check-certificate https://www.thawte.com/roots/thawte_Premium_Server_CA.pem)
	smtp_tls_CAfile = /etc/ssl/certs/thawte_Premium_Server_CA.pem
	smtpd_use_tls = yes
	smtp_use_tls = yes
	smtp_sender_dependent_authentication = yes
	smtpd_tls_received_header = yes
	debug_peer_list==smtp.googlemail.com
	debug_peer_level=3
	smtpd_tls_key_file = /etc/ssl/certs/bit-devil.key
	smtpd_tls_cert_file = /etc/ssl/certs/bit-devil.crt
	tls_random_source = dev:/dev/urandom
	smtpd_tls_received_header = yes
	smtpd_tls_ask_ccert = yes
	#smtpd_tls_loglevel = 3
	smtpd_tls_loglevel = 1

	
	
###########################################################################################################################
TLS aktivieren.
Zerti erstellen (self Signed)
openssl genrsa -des3 -out www.key 2048
openssl genrsa -out www.key 2048
openssl req -new -key www.key -out www.csr
cp www.key www.key.org
openssl rsa -in www.key -out new.key
openssl x509 -req -days 365 -in mail.domain.tld.csr -signkey mail.domain.tld.key -out mail.domain.tld.crt

"vi /etc/postfix/main.cf" ->
	#Google Realy#####################
	relayhost = [smtp.googlemail.com]
	#relayhost = [smtp.gmail.com]:587
	smtp_sasl_auth_enable = yes
	smtpd_sasl_auth_enable = yes
	smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
	smtp_sasl_security_options = noanonymous
	smtp_sasl_mechanism_filter = plain, login
	#smtpd_tls_cert_file = /etc/ssl/certs/thawte_Premium_Server_CA.pem
	smtp_tls_CAfile = /etc/ssl/certs/thawte_Premium_Server_CA.pem
	smtpd_use_tls = yes
	smtp_use_tls = yes
	smtp_sender_dependent_authentication = yes
	smtpd_tls_received_header = yes
	debug_peer_list==smtp.googlemail.com
	debug_peer_level=3
	smtpd_tls_key_file = /etc/ssl/certs/bit-devil.key
	smtpd_tls_cert_file = /etc/ssl/certs/bit-devil.crt
	tls_random_source = dev:/dev/urandom
	smtpd_tls_received_header = yes
	smtpd_tls_ask_ccert = yes
	#smtpd_tls_loglevel = 3
	smtpd_tls_loglevel = 1


##################################################################################
#lokale Einstellungen
"vi /etc/postfix/main.cf" ->
	myhostname = bit-devil.no-ip.org
	mydomain = bit-devil.no-ip.org
	mydestination = bit-devil.no-ip.org, mail-server.moore.corp, localhost, bit-devil, mail-server
	#
	smtpd_banner = Welcome to Bit-Devil Mail System v2.4
	inet_interfaces = all
	mynetworks_style = subnet
	mynetworks = 172.17.0.0/16, 127.0.0.0/8
	2bounce_notice_recipient = root

	alias_maps = hash:/etc/aliases
	mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
	
##################################################################################
"vi /etc/postfix/main.cf" ->	
	#SPAM Einstellungen
	disable_vrfy_command = yes
	default_rbl_reply = $rbl_code RBLTRAP: NIX GUT !!!
	smtpd_delay_reject = yes
	smtpd_helo_required = no
	smtpd_helo_restrictions = 
			#reject_rbl_client zen.spamhaus.org
			#reject_rbl_client multi.uribl.com,
			#reject_rbl_client dsn.rfc-ignorant.org,
			#reject_rbl_client dul.dnsbl.sorbs.net,
			##reject_rbl_client list.dsbl.org,
			#reject_rbl_client sbl-xbl.spamhaus.org,
			#reject_rbl_client bl.spamcop.net,
			#reject_rbl_client dnsbl.sorbs.net,
			#reject_rbl_client cbl.abuseat.org,
			#reject_rbl_client ix.dnsbl.manitu.net,
			#reject_rbl_client combined.rbl.msrbl.net,
			#reject_rbl_client rabl.nuclearelephant.com,
	smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
			#reject_rbl_client zen.spamhaus.org
			#reject_rbl_client multi.uribl.com,
			#reject_rbl_client dsn.rfc-ignorant.org,
			#reject_rbl_client dul.dnsbl.sorbs.net,
			##reject_rbl_client list.dsbl.org,
			#reject_rbl_client sbl-xbl.spamhaus.org,
			#reject_rbl_client bl.spamcop.net,
			#reject_rbl_client dnsbl.sorbs.net,
			#reject_rbl_client cbl.abuseat.org,
			#reject_rbl_client ix.dnsbl.manitu.net,
			#reject_rbl_client combined.rbl.msrbl.net,
			#reject_rbl_client rabl.nuclearelephant.com,
	smtpd_sender_restrictions = hash:/etc/postfix/access
	strict_rfc821_envelopes = no
	invalid_hostname_reject_code = 554
	multi_recipient_bounce_reject_code = 554
	non_fqdn_reject_code = 554
	relay_domains_reject_code = 554
	unknown_address_reject_code = 554
	unknown_client_reject_code = 554
	unknown_hostname_reject_code = 554
	unknown_local_recipient_reject_code = 554
	unknown_relay_recipient_reject_code = 554
	unknown_virtual_alias_reject_code = 554
	#unknown_sender_reject_code = 554
	unknown_virtual_mailbox_reject_code = 554
	unverified_recipient_reject_code = 554
	unverified_sender_reject_code = 554
	smtpd_client_restrictions = 
	smtpd_data_restrictions =
		reject_unauth_pipelining
		reject_multi_recipient_bounce
		permit

	maps_rbl_domains =
		multi.uribl.com,
		dsn.rfc-ignorant.org,
		dul.dnsbl.sorbs.net,
		#list.dsbl.org,
		sbl-xbl.spamhaus.org,
		bl.spamcop.net,
		dnsbl.sorbs.net,
		cbl.abuseat.org,
		ix.dnsbl.manitu.net,
		combined.rbl.msrbl.net,
		rabl.nuclearelephant.com
	local_recipient_maps = proxy:unix:passwd.byname $alias_maps

	smtpd_error_sleep_time = 1s
	smtpd_soft_error_limit = 1
	smtpd_hard_error_limit = 2
	smtpd_client_connection_rate_limit = 10
	anvil_rate_time_unit = 60
	default_destination_recipient_limit = 50
	smtp_destination_recipient_limit = $default_destination_recipient_limit
	smtpd_recipient_limit = $default_destination_recipient_limit
	smtpd_recipient_overshoot_limit = $default_destination_recipient_limit
	smtpd_client_recipient_rate_limit = $default_destination_recipient_limit
	default_extra_recipient_limit = $default_destination_recipient_limit
	duplicate_filter_limit = $default_destination_recipient_limit
	smtpd_client_message_rate_limit = 100
	queue_minfree = 20971520
	smtpd_client_connection_count_limit = 10
	header_size_limit = 51200
	message_size_limit = 0
	mailbox_size_limit = 0
	
#############################################################
#ClamAV Konfig############
"vi /etc/postfix/main.cf" ->	
	content_filter = scan:[127.0.0.1]:10025
	receive_override_options = no_address_mappings

#############################################################
"vi /etc/postfix/master.cf" ->
		smtp      inet  n       -       n       -       -       smtpd
		-o content_filter=spamassassin
	pickup    unix  n       -       n       60      1       pickup
	cleanup   unix  n       -       n       -       0       cleanup
	qmgr      unix  n       -       n       300     1       qmgr
	tlsmgr    unix  -       -       n       1000?   1       tlsmgr
	rewrite   unix  -       -       n       -       -       trivial-rewrite
	bounce    unix  -       -       n       -       0       bounce
	defer     unix  -       -       n       -       0       bounce
	trace     unix  -       -       n       -       0       bounce
	verify    unix  -       -       n       -       1       verify
	flush     unix  n       -       n       1000?   0       flush
	proxymap  unix  -       -       n       -       -       proxymap
	proxywrite unix -       -       n       -       1       proxymap
	smtp      unix  -       -       n       -       -       smtp
	relay     unix  -       -       n       -       -       smtp
	showq     unix  n       -       n       -       -       showq
	error     unix  -       -       n       -       -       error
	retry     unix  -       -       n       -       -       error
	discard   unix  -       -       n       -       -       discard
	local     unix  -       n       n       -       -       local
	virtual   unix  -       n       n       -       -       virtual
	lmtp      unix  -       -       n       -       -       lmtp
	anvil     unix  -       -       n       -       1       anvil
	scache    unix  -       -       n       -       1       scache

	##########
	#Eigen einstellungen
	#Cyrus###############
	cyrus     unix  -       n       n       -       -       pipe
	   user=cyrus argv=/usr/local/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}

	#ClamAV/Clamsmptd#########
	scan      unix  -       -       n       -       16      smtp
		-o smtp_send_xforward_command=yes
		-o smtp_enforce_tls=no
	# For injecting mail back into postfix from the filter
	127.0.0.1:10026 inet  n -       n       -       16      smtpd
		-o content_filter=
		-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
		-o smtpd_helo_restrictions=
		-o smtpd_client_restrictions=
		-o smtpd_sender_restrictions=
		-o smtpd_recipient_restrictions=permit_mynetworks,reject
		-o mynetworks_style=host
		-o smtpd_authorized_xforward_hosts=127.0.0.0/8
		-o smtpd_sasl_auth_enable=no
	
	#SpamAssassin#############
	spamassassin unix -     n       n       -       -       pipe
			user=filter argv=/usr/local/spamassassin/bin/spamc -f -e  
			/usr/sbin/sendmail -oi -f ${sender} ${recipient}
	#Zusatz Konfig siehe oben 
		#smtp      inet  n       -       n       -       -       smtpd
		#	-o content_filter=spamassassin

#############################################################
postqueue -p = Mail Queue anzeigen
postqueue -f = Mail in Post Queue erneut senden.
mailq = Mail Queue anzeigen
postsuper -d ALL = Postqueue leeren

#Quick Mail Test
echo "Test mail from postfix" | mail -s "Test Postfix" root@gmail.com
echo `date '+%Y-%m-%d-%H_%M_%S'` | mail -s `date '+%Y-%m-%d-%H_%M_%S'` root@gmail.com
echo `hostname` | mail -s "`hostname`-mailtest" -r root-`hostname`@bit-devil.no-ip.com root@bit-devil.no-ip.org


Googlemail Reactivation für Relay
https://www.google.com/accounts/DisplayUnlockCaptcha
 
 

Post Revisions: