summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorskangas <skangas@web>2013-01-12 19:02:32 +0100
committerIkiwiki <ikwiki@zetkin.marxist.se>2013-01-12 19:02:32 +0100
commit803140e1108752ea009e332b528725667816612f (patch)
treecf9b3a413977088d53da2ebcdf22ba2b753815ad
parentff534f9f1010a62bde4b06df4d604ba8c7d4dc8a (diff)
Update postfix instructions
-rw-r--r--konfigurera.mdwn57
1 files changed, 51 insertions, 6 deletions
diff --git a/konfigurera.mdwn b/konfigurera.mdwn
index 886c838..9cea457 100644
--- a/konfigurera.mdwn
+++ b/konfigurera.mdwn
@@ -136,17 +136,23 @@ password uSerS_paSSword
## Postfix för utgående e-post
+Kör följande kommandon:
+
+<pre>
+touch /etc/postfix/sasl/passwd
+sudo chown root:root /etc/postfix/sasl/passwd
+sudo chmod 0400 /etc/postfix/sasl/passwd
+</pre>
+
Lägg in följande rad i /etc/postfix/sasl/passwd
<pre>
-smtp.fripost.org USERNAME@fripost.org:PASSWORD
+[smtp.fripost.org]:587 USERNAME@fripost.org:PASSWORD
</pre>
Kör följande kommandon:
<pre>
-sudo chown root:root /etc/postfix/sasl/passwd
-sudo chmod 0400 /etc/postfix/sasl/passwd
sudo postmap hash:/etc/postfix/sasl/passwd
</pre>
@@ -156,9 +162,48 @@ Lägg in följande i main.cf:
mydomain = fripost.org
myorigin = $mydomain
myhostname = USERNAME.$mydomain
-relayhost = smtp.fripost.org:587
+relayhost = [smtp.fripost.org]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
-smtp_sasl_security_options =
-smtp_tls_security_level = may
+smtp_sasl_security_options = noanonymous, noplaintext
+smtp_sasl_tls_security_options = noanonymous
+
+smtp_tls_security_level = fingerprint
+smtp_tls_fingerprint_digest = sha1
+smtp_tls_mandatory_ciphers = high
+smtp_tls_fingerprint_cert_match = 6B:75:B6:CA:6F:6C:DD:F7:7C:FD:5A:98:89:80:3B:82:FD:82:0E:8B
</pre>
+
+Guilhem comments:
+
+> I guess I'm not the only one who prefers to separate personal and
+> professional e-mail accounts. I do it as follows:
+>
+> /etc/postfix/main.cf
+> smtp_tls_policy_maps = hash:$config_directory/tls_policy
+> smtp_sender_dependent_authentication = yes
+> sender_dependent_relayhost_maps = hash:$config_directory/relayhost_map
+> smtp_tls_fingerprint_digest = sha1
+>
+> /etc/postfix/tls_policy
+> [mail.chalmers.se]:587 secure ciphers=high
+> [smtp.fripost.org]:587 fingerprint
+> match=6B:75:B6:CA:6F:6C:DD:F7:7C:FD:5A:98:89:80:3B:82:FD:82:0E:8B
+> ciphers=high
+>
+> /etc/postfix/relayhost_map
+> @fripost.org [smtp.fripost.org]:587
+> guilhem.moulin@chalmers.se [mail.chalmers.se]:587
+>
+> /etc/postfix/sasl/passwd
+> [mail.chalmers.se]:587 mouling:xxxxxx
+> [smtp.fripost.org]:587 guilhem:xxxxxx
+
+Guilhem adds:
+
+> Also, note that if you want to switch to the ‘secure’ TLS policy under
+> Postfix < 2.8, you have to manually populate the chroot's CApath with
+> trusted CAs (the bug was fixed in Postfix 2.8.). I wrote a script anyway
+> which can be found at
+>
+> git://git.guilhem.org/fripost-ansible scripts/postfix-fixcerts.sh