If you are planning to use mysql for cyrus-sasl authentication, it is better to install PostfixAdmin. It will help us to add new smtp users easily.
Install and Configure PostfixAdmin
It is needed to install httpd,mysql and php for PostfixAdmin.
# yum install mysql-server php php-mysql php-imap php-mbstring -y
Once all the above packages were installed, make sure httpd and mysqld services are running.
It is needed to create db, db user for PostfixAdmin. Here i am using the following db details. Change the following details as you prefered.
DB: postfix
DB User: postfix
Password: postfix
The following command will create the DB for postfix. You can also execute these queries directly in the mysql console.
# mysql -e "CREATE DATABASE postfix;"
# mysql -e "CREATE USER postfix@localhost IDENTIFIED BY 'postfix';"
# mysql -e "GRANT ALL PRIVILEGES ON postfix.* TO postfix;"
To download and fix permissions of PostfixAdmin.
# yum install -y subversion
# cd /usr/local/
The following command will download latest PostfixAdmin package. The 'svn' command is available in the package 'subversion' which we have already installed.
# svn co http://svn.code.sf.net/p/postfixadmin/code/trunk postfixadmin
# chmod 777 /usr/local/postfixadmin/templates_c
Edit the postfixadmin configuration file, /usr/local/postfixadmin/config.inc.php and update the following lines as shown below.
$CONF['configured'] = true;
$CONF['postfix_admin_url'] = '/postfixadmin';
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix';
$CONF['database_password'] = 'postfix';
$CONF['database_name'] = 'postfix';
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';
$CONF['encrypt'] = 'cleartext';
$CONF['emailcheck_resolve_domain] = 'NO';
Once you have done the above changes, you have to create the following entry in httpd.conf to access postfixadmin via browser.
Alias /postfixadmin /usr/local/postfixadmin
Restart httpd service
# /etc/init.d/httpd restart
Now you can access postfixadmin using the following url. Setup the postfixadmin as per the given instructon in there.
http://<IP>/postfixadmin/setup.php
Once the setup is completed successsfully, it is time to install and configure postfix service.
Install and Configure Postfix
There will be a postfix package initiallly in the default installation. Here i am removing it and i am using Postfix-2.9.7. Depending upon the version and architecture, select the postfix version from http://packages.oostergo.net/
To download and install postfix
# rpm -Uvh http://packages.oostergo.net/postfix-2.9/el6/postfix-2.9.7-1.el6.x86_64.rpm
The following commands will made the changes in /etc/postfix/main.cf. We have to setup it initially.
To set postfix's hostname.
# postconf -e "myhostname = mail.sudosu.in"
# postconf -e "mydomain = sudosu.in"
# postconf -e "myorigin = "'$'"mydomain"
inet_interfaces initially set for listening from localhost only. We need to change it to listen on all interfaces.
# postconf -e "inet_interfaces = all"
# postconf -e "inet_protocols = ipv4"
# postconf -e "smtpd_banner = "'$'"myhostname ESMTP"
To limit an email size 10M
# postconf -e "message_size_limit = 10485760"
# postconf -e "mydestination = "'$'"myhostname, localhost."'$'"mydomain, localhost"
Install and Configure Cyrus-SASL
Install necessary packages.
# yum install cyrus-sasl*
Check if postfix support cyrus authentication. Check if cyrus is listed in the result.
# postconf -a
cyrus
dovecot
Here i am using mysql backend for smtp authentication. Here is cyrus-sasl configuration for smtpd service.
[root@server ~]# cat /etc/sasl2/smtpd.conf
log_level: 7
pwcheck_method: auxprop
auxprop_plugin: sql
sql_engine: mysql
mech_list: PLAIN LOGIN
sql_hostnames: localhost
sql_user: postfix
sql_passwd: postfix
sql_database: postfix
sql_select: SELECT password FROM mailbox WHERE username = '%u@%r'
Postfix configuration for cyrus SMTP-Auth settings
# postconf -e "smtpd_sasl_local_domain = $myhostname"
# postconf -e "broken_sasl_auth_clients = yes"
# postconf -e "smtpd_sasl_type = cyrus"
# postconf -e "smtpd_sasl_auth_enable = yes"
# postconf -e "smtpd_sasl_security_options = noanonymous"
# postconf -e "broken_sasl_auth_clients = yes"
# postconf -e "smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, permit"
# postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination"
**If you have added any more configuration other than discussed in this article, remove those first. Once you verified the configuration discussed here, you can add new configurations.
Once the above onfiguration is completed, restart saslauthd and postfix services.
# /etc/init.d/saslauthd restart
# /etc/init.d/postfix restart
Verify the confiration by using telnet.
