Postfix Mailserver - the Base System


First of all, we need to install the postfix mailserver. All you need is to invoke the following command and postfix will be setup automatically. Anyhow, some further configurations steps will be neccessary afterwards - of course.

sudo aptitude install postfix

The installation process will ask for some general information, which you can restart by invoking dpkg-reconfigure postfix. After that, you should set some general settings to postfix using the following commands

sudo postconf -e 'home_mailbox = Maildir/'
sudo postconf -e 'mailbox_command ='

Now, its a good idea to disable to chroot the smptd and the rewrite process in the configuration file. This is important for both MySQL support and later spamassassin filtering. Additionally, you should insert the dovecot LDA line, which will be referred to later in the dovecot section. These lines relate to the virtual_transport field in /etc/postfix/ and are placed inside /etc/postfix/

smtp      inet  n       -       n      -       -       smtpd
rewrite   unix  -       -       n      -       -       trivial-rewrite

# Dovecot LDA
dovecot   unix  -       n       n      -       -       pipe
  flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -d ${recipient}

Create some certificates for secure authentication over TLS, using openssl. The following listing shows the creation process for a certificate to be used for SMTP authentication.

touch smtpd.key
chmod 600 smtpd.key
openssl genrsa 1024 > smtpd.key
openssl req -new -key smtpd.key -x509 -days 3650 -out smtpd.crt
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
sudo mv smtpd.key /etc/ssl/private/
sudo mv smtpd.crt /etc/ssl/certs/
sudo mv cakey.pem /etc/ssl/private/
sudo mv cacert.pem /etc/ssl/certs/</pre>

Tell postfix to use the certificate, by adding/modifying these lines to/in /etc/postfix/

# TLS parameters
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

# set smtpd restrictions
smtpd_recipient_restrictions = permit_sasl_authenticated,

That’s it for now. Further changes will be done after MySQL user database installation.

Cheers, iss.