Re: postfix with SASL over PAM
Hi Jose,
> Postfix is not in a chroot jail, and (I forgot to mention this) the
> user posftix is in the shadow group.
I recommend running postfix chrooted and use pwcheck for
authentication.
Here is a quick guide how I did it:
Make sure the following packages are installed...
postfix-tls sasl-bin libsasl-modules-plain libsasl2 libsasl-gssapi-mit
libsasl-digestmd5-des
I´m using pwcheck so since we´re running postfix chrooted we have to
link /var/spool/postfix/var/run/pwcheck to /var/run/pwcheck and of
course create it.
mkdir -p /var/spool/postfix/var/run/pwcheck
chown postfix.root /var/spool/postfix/var/run/pwcheck/
chmod 700 /var/spool/postfix/var/run/pwcheck/
ln -s /var/spool/postfix/var/run/pwcheck /var/run/pwcheck
launch /usr/sbin/pwcheck - you may want to write a little start/stop
script for /etc/init.d/pwcheck (don´t forget to include the symlink in
it!)
Use 'pwcheck_method: pwcheck' in /etc/postfix/sasl/smtpd.conf
In main.cf I have:
smtpd_sasl_auth_enable=yes
smtpd_sasl_security_options=noanonymous
broken_sasl_auth_clients=yes
smtpd_recipient_restrictions = reject_non_fqdn_sender,
reject_non_fqdn_recipient,
permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_maps_rbl,
reject_unauth_pipelining,
check_relay_domains
That should be all...
--
Regards
Thomas Kramer
mailto:newsletter@tmkis.com
Reply to: