SMTP server - Postfix & Sasl2 & MySQL
1. Nainstalovat Ubuntu (server) Linux (de-facto samé entrování)
2. Nastavit ten “správný” shell
rm -f /bin/sh
ln -s /bin/bash /bin/sh
3. Zeditovat sources.list
vi /etc/apt/sources.list
a do něj dát
deb http://us.archive.ubuntu.com/ubuntu/ feisty main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ feisty main restricted
deb http://us.archive.ubuntu.com/ubuntu/ feisty-updates main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ feisty-updates main restricted
deb http://us.archive.ubuntu.com/ubuntu/ feisty universe
deb-src http://us.archive.ubuntu.com/ubuntu/ feisty universe
deb http://us.archive.ubuntu.com/ubuntu/ feisty multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ feisty multiverse
#deb http://us.archive.ubuntu.com/ubuntu/ feisty-backports main restricted universe multiverse
#deb-src http://us.archive.ubuntu.com/ubuntu/ feisty-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu feisty-security main restricted
deb-src http://security.ubuntu.com/ubuntu feisty-security main restricted
deb http://security.ubuntu.com/ubuntu feisty-security universe
deb-src http://security.ubuntu.com/ubuntu feisty-security universe
deb http://security.ubuntu.com/ubuntu feisty-security multiverse
deb-src http://security.ubuntu.com/ubuntu feisty-security multiverse
4. Aktualizovat systém
apt-get update
apt-get upgrade
5. Nainstalovat ssh démona
apt-get install ssh
6. Nastavit sít
vi /etc/network/interfaces
auto eth0
iface eth0 inet static
network 77.48.27.0
gateway 77.48.27.1
address 77.48.27.3
broadcast 77.48.27.31
netmask 255.255.255.224
7. Restartovat sít
/etc/init.d/networking restart
8. Zeditovat host tabulku
vi /etc/hosts
127.0.0.1 localhost localdomain localhost.localdomain
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
9. Nastavit správné doménové jméno
echo smtp.fofrnet.cz > /etc/hostname
10. Nainstalovat potřebnébalíky
apt-get install postfix libsasl2 sasl2-bin libsasl2-modules libsasl2-modules-sql libdb3-util procmail
11. Přenastavit poštáka postfixe
dpkg-reconfigure postfix
12. Dokončit konfiguraci poštáka
postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
postconf -e 'myhostname = smtp.fofrnet.net'
13. Nastavit metody ověřování v Saslu2
vi /etc/postfix/sasl/smtpd.conf
saslauthd_path: /var/run/saslauthd/mux
#pwcheck_method: saslauthd
#mech_list: shadow
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: plain login cram-md5 digest-md5
sql_engine: mysql
sql_hostnames: IP
sql_user: UZIVATEL
sql_passwd: HESLO
sql_database: DATABÁZE
sql_select: select password from users where email='%u'
sql_verbose: yes
14. Vytvoření potřebné adresářové struktury
mkdir -p /var/spool/postfix/var/run/saslauthd
mkdir /etc/postfix/ssl
15. Vygenerování klíčů & nastavení práv
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
16. Konfigurace démona Sasl
vi /etc/default/saslauthd
START=yes
MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
17. Restart poštáka
/etc/init.d/postfix restart
18. Restart démona SASL
/etc/init.d/saslauthd start