To: bsd-dk@bsd-dk.dk Subject: Postfix med sasl setup problemmer From: Martin Mathiassen <none@martin.mathiassen--dansikring.dk.lh.bsd-dk.dk> Date: Mon, 1 Dec 2003 12:18:30 +0100
i am a newbiee in freebsd
an i am trying to set up af mail server with postfix mysql amavis razor
squirrelmail sasl imap
i have tryed to follow this link
http://www.littlewhitedog.com/reviews_other_00029.asp
but i had to skeep the the start and whent on to installing the progs
going
to harden it later first i want it to work
Also add this in the beginning of your recipient restrictions
($:~)=> permit_sasl_authenticated,
this wrong but what shall there stand then
($:~)=> dd if=/dev/urandom of=/etc/postfix/ssl/post.rand count=1
2>/dev/null
and the answer is
dd: unknown oprand 2
Cyrus SASL/TLS And Postfix SSL
let's get SASL2 Installed now.
($:~)=> cd /usr/ports/security/cyrus-sasl2 ; make install clean
Now go ahead and edit postfix's main.cf so we can tell it to start
utilizing
the TLS features. Add in the following somewhere near the bottom:
#TLS
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/post.pem
smtpd_tls_cert_file = /etc/postfix/ssl/post.pem
smtpd_tls_CAfile = /etc/postfix/ssl/post.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
enable_sasl_authentication = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
Also add this in the beginning of your recipient restrictions
($:~)=> permit_sasl_authenticated,
Here we create our postfix SSL Stuff
($:~)=> mkdir /usr/local/etc/postfix/ssl
($:~)=> chmod 700 /usr/local/etc/postfix/ssl
Next we create our SSL certificates for postfix
($:~)=> cd /usr/local/etc/postfix/ssl
($:~)=> vi pst.cnf
The contents of pst.cnf are:
RANDFILE = /etc/postfix/ssl/post.rand
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
C=countryName Two letters!
ST=stateOrProvinceName
L=localityName
O=organizationName
OU=OrganizationalUnitName
CN=commonName
emailAddress=emailAddress
[ cert_type ]
nsCertType = server
Be sure to enter the correct options. Next we generate our SSL
certificates.
($:~)=> dd if=/dev/urandom of=/etc/postfix/ssl/post.rand count=1
2>/dev/null
Med venlig hilsen
With regards
Martin Mathiassen
Dansikring A/S
IT-ADELINGEN
SYSTEM-ADMINISTRATOR / IT-SUPPORTER
Microsoft Certified Professionel
Sydvestvej 98
2600 Glostrup
Denmark
Tlf. +45 43 43 43 88
Direkte +45 43 23 55 03
Mobil +45 23 38 55 03
Fax +45 43 23 55 04
This message (including any attachments) is confidential and may be
privileged.
If you have received it by mistake please notify the sender by
return e-mail and delete this message from your system. Any
unauthorised use or dissemination of this message in whole or in
part is strictly prohibited.
Please note that e-mails are susceptible to change. Dansikring A/S shall
not be liable for the improper or incomplete transmission of the
information contained in this
communication nor for any delay in its receipt or damage to your
system.
Dansikring A/S does not guarantee that the integrity of this
communication has been maintained nor that this
communication is free of viruses, interceptions or interference.
This archive was generated by hypermail 2b30 : Wed 15 Nov 2006 - 18:24:34 CET