Part
|
What it Does
|
Example
|
Mail User Agent (MUA)
|
The MUA is the program which the user uses to read and send e-mail. It reads incoming messages that have been delivered to the user’s mailbox, and passes outgoing messages to an MTA for sending.
|
elm, pine, mutt
|
Mail Transfer Agent (MTA)
|
The MTA basicly acts as a “mail router”. It accepts a message passed to it by either an MUA or another MTA, decides based upon the message header which delivery method it should use, and then passes the message to the appropriate MDA for that delivery method.
|
sendmail, postfix, qmail
|
Mail Delivery Agent (MDA)
|
The MDA accepts a piece of mail from an MTA and performs the actual delivery.
|
mail.local, procmail
|
/etc/postfix/main.cf
|
# Install Time Configuration
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
manpage_directory = /usr/local/man
sample_directory = /etc/postfix
readme_directory = no
html_directory = no
queue_directory = /var/spool/postfix
daemon_directory = /usr/libexec/postfix
command_directory = /usr/sbin
mail_owner = postfix
myhostname = hostname.domain.com
mydomain = domain.com
myorigin = $myhostname
mydestination= $myhostname, localhost.$mydomain, localhost
mynetworks = 10.0.0.0/8, 127.0.0.0/8
smtpd_banner = $myhostname ESMTP
header_checks = regexp:/etc/postfix/header_checks
smtpd_client_restrictions = hash:/etc/postfix/access
smtpd_sender_restrictions = reject_unknown_sender_domain, hash:/etc/postfix/access
smtpd_recipient_restrictions = hash:/etc/postfix/access, reject_rbl_client bl.spamcop.net, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, reject_multi_recipient_bounce
biff = no
smtpd_helo_required = yes
maximal_queue_lifetime = 2d
queue_run_delay = 3600s
ignore_mx_lookup_error = yes
smtp_always_send_ehlo = yes
default_destination_concurrency_limit = 10
default_destination_recipient_limit = 20
default_process_limit = 150
best_mx_transport = local
disable_vrfy_command = yes
alias_database = hash:/etc/postfix/aliases
mydestination = $myhostname, localhost.$mydomain, hash:/etc/postfix/transport
relay_domains = hash:/etc/postfix/transport
alias_database = hash:/etc/aliases
transport_maps = hash:/etc/postfix/transport
message_size_limit = 80000000
mailbox_size_limit = 1000000000
|
queue_directory
|
Postfix’s work directory. Where all the mail will be temporarily stored until it is delivered.
|
daemon_directory
|
Specifies the location of all the postfix programs.
|
command_directory
|
Specifies the location of all post* commands.
|
mail_owner
|
Specifies the user account that will own the mail queues.
|
myhostname
|
The name of this computer including the domain part. This is used when adding received by headers in email messages.
|
mydomain
|
This specifies the domain of this current computer.
|
myorigin
|
This name is added to locally originating email. So if you sent yourself a message from root, it would appear to come from root@mta1.domain.com.
|
mydestination
|
This setting tells postfix what domains it is the final destination for. This should be left at the default, and your domain should instead be listed in the transport file.
|
mynetworks
|
This setting tells postfix what networks it should consider local. In other words, computers connecting from any of these networks will be able to relay mail, etc. In our case, we put 127.0.0.0 (for localhost) and 10.0.0.0 (for any internal computer).
|
relay_domains
|
This setting tells postfix which domains it should relay. In this setting, we specify the transport file (which we’ll create below). This simply lists domains each on separate lines.
|
biff
|
This setting tells postfix not to use the biff program to let local users know that they have new email.
|
message_size_limit
|
This sets the maximum size of a message. Messages larger than 80 megs will be rejected. You can increase or decrease this based on your own server requirements.
|
mailbox_size_limit
|
This sets the maximum size of local mailbox files. We set it to 100 megs, although it should never reach this high because our only local mailboxes are spam and notspam
|
smtpd_banner
|
This is the banner that is displayed to connecting computers. It is a good security practice to give as little information as possible. I’ve included just the essentials.
|
transport_maps
|
This setting tells postfix where to find the transport information. The transport file is where we tell Postfix where to route certain mail. In our case, this file is where we tell Postfix that mail for domain.com should be delivered to our exchange server.
|
local_transport
|
This setting tells postfix that all local mail should be delivered using the local delivery agent.
|
smtpd_helo_restrictions, smtpd_sender_restrictions, smtpd_recipient_restrictions
|
These settings are used to deny access to postfix based on the HELO command, the sender, or the recipient. The recipient restrictions settings are used to prevent our mail server from being used as an open. You can get the details from http://www.postfix.org/uce.html
|
header_checks
|
The header_checks parameter restricts what is allowed in message headers. Patterns are applied to entire logical message headers, even when a header spans multiple lines of text.
|
/etc/postfix/transport
|
domain.com local:
.domain.com local:
|
Syntex
|
Comment
|
cp /etc/postfix/aliases /etc/
|
#copy the aliases file to /etc
|
postalias /etc/postfix/aliases
|
#create the aliases.db file
|
postalias /etc/ aliases
|
#create the aliases.db file
|
postmap /etc/postfix/transport
|
#create the transport.db file
|
- install Cyrus-SASL
- configure Cyrus-SASL
- configure Postfix source-code with Cyrus-SASL support
- build Postfix
- (re)install Postfix
- configure Postfix to use the SASL SMTP features
Cyrus-SASL
SASL comes with default linux installation which is ok for us. Or we can install it from cyrus-sasl packages. We need the cyrus-sasl and cyrus-sasl-devel program along with one or more authentication mechanism. If it is install or not we can check it from rpm -q cyrus-sasl.
The initial script is located in /etc/init.d/saslauthd
Check for SMTP AUTH support
telnet localhost 25
S: 220 mail.example.com ESMTP Postfix
C: EHLO example.com
S: 250-mail.example.com
S: 250-PIPELINING
S: 250-SIZE 10240000
S: 250-VRFY
S: 250-ETRN
S: 250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI
S: 250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI
S: 250-XVERP
S: 250 8BITMIME
C: quit
S: 221 Bye