Hello everybody,
I have almost setup my postfix, that's what I've done.
configured postfix with TLS SASL2 via pam (saslauthd) with virtual
domains and unix accounts that's my main.cf
--------------------------------------------------------------------
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/server.crt
smtpd_tls_key_file=/etc/ssl/certs/server.key
smtpd_use_tls=yes
smtpd_tls_auth_only=yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = orion.ballano.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
#myorigin = /etc/mailname
mydestination = orion.ballano.net, localhost.ballano.net, localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
home_mailbox = Maildir/
virtual_alias_domains = ballano.net
virtual_alias_maps = hash:/etc/postfix/virtual
smtpd_sasl_path = smtpd
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
----------------------------------------------------------------------------------
my virtual file:
---------------------------------------------------
cat /etc/postfix/virtual
[EMAIL PROTECTED] [EMAIL PROTECTED]
---------------------------------------------------------
and my smtpd.conf file
----------------------------------------------------------
pwcheck_method: saslauthd
mech_list: plain login
----------------------------------------------------------
I even installed courier-pop-ssl with my certificates an is working ok.
but here is something I think is not going ok. with this method of
auth saslauth I read that only I can use plain and login mech's but
that's no problem because I configured tls for stmp.
but what happens if some client don't use tls? I tried, and without
tls can't send mail to other domains (relay acces denied), but I can
send mails to myself is that normal? I'm a bit confused because if
some client don't use tls someone can get passwords and send mails
not outside but inside.
is there a solution for that?, maybe telling postfix always to use
tls, and if client not use tls reject the email, how?
thank you guys, I'm learning a lot with your help.
David.
PD: here is my postconf -n by the way...
orion:~# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = all
mailbox_size_limit = 0
mydestination = orion.ballano.net, localhost.ballano.net, localhost
myhostname = orion.ballano.net
mynetworks = 127.0.0.0/8
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/server.crt
smtpd_tls_key_file = /etc/ssl/certs/server.key
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_domains = ballano.net
virtual_alias_maps = hash:/etc/postfix/virtual
