[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

--- howtos:misc:postifx_with_cyrus [2013/07/21 11:41 (UTC)] – created badirca
+++ howtos:network_services:postfix_with_cyrus [2017/10/18 04:32 (UTC)] – grammar, minor formatting corrections, spelling, and minimalism klaatu
@@ Line 1: / Line 1: @@
 ====== Making Slackware Mail Server ======
-This article shows how to make an Slackware machine your personal Mail Server. This howto is for Slackware 64 13.37, but with few changes you can adapt it to the newest member of Slackware familly Slackware 14.
+This article shows how to make an Slackware machine your personal Mail Server. This howto is for Slackware 64 13.37, but with few changes you can adapt it to the newest member of the Slackware family.
-Before we begin I must say that you need a normal installation of Slackware, without any special packages. The packages we will need to make the Mail Server we will manually download and install from Slackbuilds.org. I preffer the Cyrus SASL authentication method and Cyrus IMAP for remote login, insted of other alternatives like qpopper or dovecot.
+Before beginning, you need a normal installation of Slackware, without any special packages. You will manually download and install from Slackbuilds.org extra packages needed to make a Mail Server. This article uses Cyrus SASL authentication and Cyrus IMAP for remote login, rather than alternatives like qpopper or dovecot.
-Let's get started then , we will need to install Cyrus-SASL, Postfix, Cyurs-IMAP and then configure them all to use Certificates for encrypting the mail packages that traverse the Internet.
+You will install Cyrus-SASL, Postfix, Cyurs-IMAP, and then configure them to use certificates for encrypting the mail packages that traverse the Internet.
 ====== Installing Cyrus-SASL ======
@@ Line 11: / Line 11: @@
   # cd /tmp
-  # mkdir cyrus-sal
+  # mkdir cyrus-sasl
   # cd cyrus-sasl
   # wget ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/source/n/cyrus-sasl/cyrus-sasl-2.1.23.tar.xz
@@ Line 45: / Line 45: @@
   # joe postfix.Slackbuild
-Edit the following line and replace "dovecot" with "cyrus" like this
+Edit the following line and replace "dovecot" with "cyrus" like this:
   SASL=${SASL:-cyrus}
-In order to begin Postfix installation you will need to create postfix user and group (also keep in mind that we need to add user postfix and user cyrus to the same group, mail group that is).
+To begin Postfix installation, you must create the **postfix** user and group. Later, you will add the user postfix and user cyrus to the **mail** group.
   # groupadd -g 200 postfix
@@ Line 57: / Line 57: @@
   # installpkg /tmp/postfix-2.8.3-x86_64-1_SBo.tgz
-Before we continue with installation of Imap server we need to assure that Postfix is working and we can authenticate with sasl. Let's make some basic Postfix configuration and some basic SASL configuration. I will be explaining plain auth because later on we will use it togheter with sasl to authenticate.
+Before continuing, configure Postfix can authenticate with sasl. First, make some aliases and tell Postfix to use aliases maps from **/etc/postfix/aliases**:
-First of all we need to make our aliases and tell postfix to use aliases maps from /etc/postfix/aliases, so :
   # joe /etc/postfix/main.cf
-Edit these lines and make them look like this :
+Edit these lines and make them look like this:
   alias_maps = hash:/etc/postfix/aliases
   alias_database = hash:/etc/postfix/aliases
-Now let's add a user to the Slackware machine, a user who will also can read and send mail.
+Now add a user to your Slackware machine, a user who will also can read and send mail.
   # adduser
-  Login name for new user []:xxxxxx
+  Login name for new user []: slackware_user
   User ID ('UID') [ defaults to next available ]: press ENTER
   Initial group [ users ]: 200
@@ Line 79: / Line 77: @@
   Do you wish to change the sheel? (Y/n): n
   Expiry date (YYYY-MM-DD) []: press ENTER
-  Press ENTER and imput full name and other account relates stuff. Also specify an password for your newly created user.
+Press ENTER and input full name and other account-related stuff. Also specify a password for your newly created user.
+Now edit /etc/postfix/aliases and modify it to your needs :
+  root  :         slackware_user
+  office:	  slackware_user
+Update your aliases database:
+  # postalias hash:/etc/postfix/aliases
+Make the required configuration changes to Postfix so it can run:
+  # joe /etc/postfix/main.cf
+  myhostname = mx.yourdomain.tld
+  mydomain = yourdomain.tld
+  myorigin = $mydomain
+  inet_interfaces = all
+  mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
+  mynetworks = 127.0.0.0/8
+Configure Postfix to authenticate users using SASL:
-====== Sources ======
+  # mkdir /etc/sasl2
-<!-- If you are copying information from another source, then specify that source -->
+  # cd /etc/sasl2
-<!-- * Original source: [[http://some.website.org/some/page.html]] -->
+  # touch smtpd.conf
-<!-- Authors are allowed to give credit to themselves! -->
+  # joe smtpd.conf
-<!-- * Originally written by [[wiki:user:xxx | User X]] -->
-<!-- * Contributions by [[wiki:user:yyy | User Y]] -->
-<!-- Please do not modify anything below, except adding new tags.-->
+  pwcheck_method: saslauthd
-<!-- You must remove the tag-word "template" below before saving your new page -->
+  mech_list: PLAIN LOGIN
-{{tag>howtos template}}
+Next, configure Postfix to have users authenticate using SASL. Edit /etc/postfix/main.cf and add the folowing code to the end of the file:
+  smtpd_sasl_auth_enable = yes
+  broken_sasl_auth_clients = yes
+  smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
+Start the daemons and test our configurations until now:
+  # saslauthd -a shadow
+  # postfix start
+Then from another machine, telnet into your mail server on port 25 and issue the following commands :
+  # telnet mx.mailserver.com 25
+  ehlo user.mailserver.tld
+-mx.mailserver.com
+-PIPELINING
+-SIZE 10240000
+-VRFY
+-ETRN
+-AUTH PLAIN LOGIN
+-AUTH=PLAIN LOGIN
+-ENHANCEDSTATUSCODES
+-8BITMIME
+DSN
+  AUTH PLAIN Y4R0QYxpcuHsFBRbbGjnPHIwYjB0MWrpMTk7La==
+2.7.0 Authentication successful
+  MAIL FROM: <user@mailserver.com>
+2.1.0 Ok
+  RCPT TO: <user@yahoo.com>
+2.1.5 Ok
+  DATA
+End data with <CR><LF>.<CR><LF>
+  HI. This mail is a test .
+  .
+2.0.0 Ok: queued as 4C0EE221E93
+  QUIT
+<note>In order to find out the string after AUTH PLAIN enter the command ''printf 'user\0user\0password' | mmencode'' on your mail server, where user is your username and password is your password</note>
+<note important>Rember to put the "." at the end so the mail can be sent to qeue daemon </note>
+====== Installing Mail Delivery and Cyrus IMAP ======
+  # cd /tmp
+  # mkdir cyrus-imap
+  # cd cyrus-imap
+  # wget http://cyrusimap.org/releases/cyrus-imapd-2.4.12.tar.gz
+  # wget http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/README
+  # wget http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/README.SLACKWARE
+  # wget http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/cyrus-imapd.SlackBuild
+  # wget http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/cyrus-imapd.info
+  # wget http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/doinst.sh
+  # wget http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/imapd.conf
+  # wget http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/patches
+  # wget http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/rc.cyrus-imapd
+  # wget http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/slack-desc
+  # mkdir patches
+  # cd patches/
+  # wget http://mirrors.vbi.vt.edu/mirrors/linux/slackbuilds/13.37/network/cyrus-imapd/patches/cyrus-imapd-2.4.4-autocreate-0.10-0-sv1.patch
+  # wget http://mirrors.vbi.vt.edu/mirrors/linux/slackbuilds/13.37/network/cyrus-imapd/patches/cyrus-imapd-2.4.4-autosieve-0.6.0-sv1.patch
+  # cd /tmp/cyrus-imap
+  # groupadd -g 238 cyrus
+  # useradd -d /var/imap -s /bin/sh -u 238 -g 238 cyrus -G mail
+  # sh cyrus-imapd.SlackBuild
+  # installpkg /tmp/cyrus-imapd-2.4.12-x86_64-1_SBo.tgz
+  # mkdir -m 750 -p /var/imap /var/spool/imap /var/sieve
+  # chown cyrus:mail /var/imap /var/spool/imap /var/sieve
+  # su - cyrus
+  # /usr/doc/cyrus-imapd-2.4.12/tools/mkimap
+  # su - root
+Edit /etc/imapd.conf and add the following lines:
+  sasl_mech_list: PLAIN LOGIN
+  allowplaintext: yes
+Edit /etc/postfix/main.cf and at mailbox_transport add the following:
+  mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
+The last step to do is to add users to your imap server.
+  # passwd cyrus
+  # cyradm --user cyrus --server localhost --auth plain
+  localhost>cm user.slackware_user
+  localhost>lm
+  localhost> quit
+<note>slackware_user is the user you have created in your slackware machine</note>
+At this point, you have a functional Mail Server, but with users authenticating in plain text . So the next step is inevitable.
+====== SSL / TLS Postfix and Cyrus ======
+Start by creating certificates and configuring POSTFIX to use STARTTLS.
+  # cd /etc/ssl
+  # misc/CA.pl -newca ( complete all entries)
+  # openssl req -new -nodes -keyout mailkey.pem -out mailreq.pem -days 36500
+  # openssl ca -out mail_signed_cert.pem -infiles mailreq.pem
+  # cp /etc/ssl/mailkey.pem /etc/postfix
+  # cp /etc/ssl/mail_signed_cert.pem /etc/postfix
+  # chown root /etc/postfix/mailkey.pem
+  # chmod 400 /etc/postfix/mailkey.pem
+  # cp /etc/ssl/demoCA/cacert.pem /etc/postfix
+Add the followings to /etc/postfix/main.cf :
+  smtpd_use_tls = yes
+  smtpd_tls_key_file = /etc/postfix/mailkey.pem
+  smtpd_tls_cert_file = /etc/postfix/mail_signed_cert.pem
+  smtpd_tls_CAfile = /etc/postfix/cacert.pem
+<note important>In /etc/postfix/master.cf delete the "#" sign from smtps and the next two columns from it
+                   smtps     inet  n       -       n       -       -       smtpd
+                     -o smtpd_tls_wrappermode=yes
+                     -o smtpd_sasl_auth_enable=yes
+</note>
+Now configure IMAP to use STARTTLS:
+  # openssl req -new -nodes -out req.pem -keyout key.pem
+  # openssl rsa -in key.pem -out new.key.pem
+  # openssl x509 -in req.pem -out ca-cert -req -signkey new.key.pem -days 36500
+  # cp new.key.pem /var/imap/server.pem
+  # rm new.key.pem
+  # cat ca-cert >> /var/imap/server.pem
+  # chown cyrus:mail /var/imap/server.pem
+  # chmod 600 /var/imap/server.pem
+  # echo tls_ca_file: /var/imap/server.pem >> /etc/imapd.conf
+  # echo tls_cert_file: /var/imap/server.pem >> /etc/imapd.conf
+  # echo tls_key_file: /var/imap/server.pem >> /etc/imapd.conf
+====== Adding daemons to rc.local ======
+The final step is to add all daemons to **rc.local** so they can start when machine boots. Open **/etc/rc.d/rc.local** and add these lines :
+  # Starting saslauthd daemon
+  if [ ! -r /var/state/saslauthd/saslauthd.pid ]; then
+      echo "Starting SASL authentication daemon:  /usr/sbin/saslauthd -a shadow"
+      /usr/sbin/saslauthd -a shadow
+  fi
+  # Starting IMAP daemon
+  if [ -x /usr/libexec/cyrus/master ]; then
+      echo "Starting Cyrus IMAP daemon:  /usr/libexec/cyrus/master"
+      /etc/rc.d/rc.cyrus-imapd start
+  fi
+  # Starting POSTFIX daemon
+  /etc/rc.d/rc.postfix start
+====== Sources ======
+  Postfix The Definitive Guide, Kyle D. Dent, O'Reilly
+  Managing IMAP, Dianna Mullet & Kevin Mullet, O'Reilly
+  Official Postfix Documentation, [[http://www.postfix.org/documentation.html]]
+{{tag>howtos author_badirca}}

Trace:

Differences

Search

Navigation

Print/export

Tools

SlackDocs

Slackware Links