Archive | Postfix RSS feed for this section

Search maillogs for unique pop3d/imap logins

31 Mar

cat /tmp/trash | awk ‘BEGIN {} / pop3d: LOGIN/ {print $7}’ | sed ‘s/user=//’ | sed ‘s/\,//’ | sort | uniq > /tmp/pop_logins

Advertisements

Mailq

31 Mar

Delete mail in mailq matching a certain criteria:
mailq | tail +2 | awk ‘BEGIN {RS=””} /user@example\.com$/ {print $1}’ | tr -d ‘*!’ | postsuper -d –

Authenticated SMTP with Postfix and SASL

13 Jan

This works using the cyrus-sasl program.

Need to set up a few things:

1. Install cyrus-sasl
– Run:
$> saslauthd -v
This will tell you what authentication mechanisms your installation supports. We need ‘ldap’.

2. Edit (create if needed) /etc/saslauthd.conf, put in it:
ldap_servers: ldap://ldap.xxx.xxx.au/
ldap_version: 3
ldap_scope: one
ldap_search_base: ou=users,dc=xxx,dc=xxx,dc=xxx,dc=au
ldap_auth_method: bind
ldap_filter: (uid=%u)
ldap_start_tls: no
ldap_tls_check_peer: yes
ldap_tls_cacert_file: /etc/pki/tls/certs/xxx-mycert.crt
ldap_tls_cacert_dir: /etc/pki/tls/certs/

3. Edit (create if needed) /etc/sasl2/smtpd.conf, put in it:
pwcheck_method: saslauthd
mech_list: plain login

3a. Symlink /etc/sasl2/smtpd.conf to /usr/lib/sasl2/smtpd.conf

4. At this point you can check to see if SASL is working:
$> testsaslauthd -r -u -p xxxx
If this does not succeed, set your loglevel on your LDAP server to 256 and watch the output.

5. Now you need to set up Postfix to use SASL for its SMTP
Edit /etc/postfix/master.cf, uncomment the line:
smtps inet n – n – – smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes

Edit /etc/postfix/main.cf, add the lines:
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,check_relay_domains
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_use_tls=yes
smtpd_tls_auth_only = no
smtpd_tls_key_file = /etc/pki/tls/private/xxx.key
smtpd_tls_cert_file = /etc/pki/tls/certs/xxx-mycert.crt
smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

6. Thats it!, Reload postfix and it *should* work

Authenticated SMTP with Postfix and SASL

13 Jan

This works using the cyrus-sasl program.

Need to set up a few things:

1. Install cyrus-sasl
– Run:
$> saslauthd -v
This will tell you what authentication mechanisms your installation supports. We need ‘ldap’.

2. Edit (create if needed) /etc/saslauthd.conf, put in it:
ldap_servers: ldap://ldap.xxx.xxx.au/
ldap_version: 3
ldap_scope: one
ldap_search_base: ou=users,dc=xxx,dc=xxx,dc=xxx,dc=au
ldap_auth_method: bind
ldap_filter: (uid=%u)
ldap_start_tls: no
ldap_tls_check_peer: yes
ldap_tls_cacert_file: /etc/pki/tls/certs/xxx-mycert.crt
ldap_tls_cacert_dir: /etc/pki/tls/certs/

3. Edit (create if needed) /etc/sasl2/smtpd.conf, put in it:
pwcheck_method: saslauthd
mech_list: plain login

4. At this point you can check to see if SASL is working:
$> testsaslauthd -r -u -p xxxx
If this does not succeed, set your loglevel on your LDAP server to 256 and watch the output.

5. Now you need to set up Postfix to use SASL for its SMTP
Edit /etc/postfix/master.cf, uncomment the line:
smtps inet n – n – – smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes

Edit /etc/postfix/main.cf, add the lines:
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,check_relay_domains
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_use_tls=yes
smtpd_tls_auth_only = no
smtpd_tls_key_file = /etc/pki/tls/private/xxx.key
smtpd_tls_cert_file = /etc/pki/tls/certs/xxx-mycert.crt
smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

6. Thats it!, Reload postfix and it *should* work

Postfix

22 Jun

Adding a transport.

If you want mail to be routed to a particular server for a particular domain just put a line like:

sms.imvs.sa.gov.au smtp:smsgw.imvs.sa.gov.au:25

into /etc/postfix/transport and run /usr/sbin/postmap on the file.