Hello,
I'm trying to set up a new mailserver, config below, on a freebsd 5.4
box. I'm using chroot for the postfix processes and am going to introduce
postfix-style virtual domains when i get sasl/tls working. Currently, i can
connect, but authentication fails. I've got in my rc.conf lines starting
postfix and sasl2 both installed from ports, i do not see my error, the
sasl_flags is set to -a pam, i'm trying to authenticate against the system's
master password file and am ensuring sasl2's state file is starting within
the postfix chroot so postfix can access it. Any help appreciated.
Thanks.
Thanks.
Dave.
master.cf:
smtp inet n - y - - smtpd
smtps inet n - y - - smtpd
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
pickup fifo n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr fifo n - y 300 1 qmgr
#tlsmgr fifo - - y 300 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
-o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
local unix - n n - - local
virtual unix - n n - - virtual
#lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - n - 1 scache
discard unix - - n - - discard
tlsmgr unix - - n 1000? 1 tlsmgr
main.cf:
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
mail_owner = postfix
default_privs = nobody
myhostname = xxxxxxxxxxxxxxxxxxxx
mydomain = xxxxxxxxxxxxxx
myorigin = $mydomain
inet_interfaces = all
proxy_interfaces = 65.31.41.29
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8, 192.168.0.0/24
relay_domains = $mydestination
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
biff = no
show_user_unknown_table_name = no
empty_address_recipient = MAILER-DAEMON
# rate limiting
smtpd_error_sleep_time = 0s
smtpd_timeout = 60s
smtp_connect_timeout = 30s
smtp_helo_timeout = 60s
smtp_mail_timeout = 60s
smtp_quit_timeout = 120s
smtp_rcpt_timeout = 60s
smtp_rset_timeout = 60s
default_process_limit = 5
smtpd_soft_error_limit = 3
smtpd_hard_error_limit = 3
smtpd_client_connection_count_limit = 3
smtpd_client_event_limit_exceptions = $mynetworks
smtpd_client_connection_rate_limit = 20
anvil_rate_time_unit = 1800s
strict_8bitmime = no
strict_8bitmime_body = no
strict_mime_encoding_domain = yes
strict_7bit_header = no
maximal_queue_lifetime = 4d
message_size_limit = 10000000
queue_minfree = 15000000
mailbox_size_limit = 1000000000
delay_warning_time = 1h
# rejection codes
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 550
unknown_relay_recipient_reject_code = 550
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550
# uce values
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
smtpd_etrn_restrictions = permit_mynetworks
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
reject_unauth_pipelining,
reject_invalid_hostname,
smtpd_sender_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unauth_pipelining
reject_rhsbl_sender dsn.rfc-ignorant.org,
reject_rhsbl_sender blackhole.securitysage.com,
reject_sender_login_mismatch
smtpd_client_restrictions =
reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rhsbl_client blackhole.securitysage.com,
reject_rbl_client list.dsbl.org,
reject_rbl_client relays.ordb.org
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_multi_recipient_bounce,
reject_unauth_pipelining,
check_sender_mx_access cidr:/etc/postfix/mx_access.cidr
check_sender_access hash:/etc/postfix/freemail_access
check_sender_access hash:/etc/postfix/verify_domain
smtpd_data_restrictions = reject_unauth_pipelining
# Additions for SASL / TLS / Auth:
enable_sasl_authentication = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
#TLS
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /usr/local/etc/postfix/ssl/key.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/ssl/smtp.pem
smtpd_tls_CAfile = /usr/local/etc/postfix/ssl/cacert.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
# Reduce default logging of 3.
smtpd_tls_loglevel = 1
transport_maps = hash:/etc/postfix/transport
masquerade_domains = $mydomain
masquerade_exceptions = root, cron
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
