diff options
| author | skangas <skangas@web> | 2013-01-12 19:02:32 +0100 |
|---|---|---|
| committer | Ikiwiki <ikwiki@zetkin.marxist.se> | 2013-01-12 19:02:32 +0100 |
| commit | 803140e1108752ea009e332b528725667816612f (patch) | |
| tree | cf9b3a413977088d53da2ebcdf22ba2b753815ad | |
| parent | ff534f9f1010a62bde4b06df4d604ba8c7d4dc8a (diff) | |
Update postfix instructions
| -rw-r--r-- | konfigurera.mdwn | 57 |
1 files changed, 51 insertions, 6 deletions
diff --git a/konfigurera.mdwn b/konfigurera.mdwn index 886c838..9cea457 100644 --- a/konfigurera.mdwn +++ b/konfigurera.mdwn @@ -136,17 +136,23 @@ password uSerS_paSSword ## Postfix för utgående e-post +Kör följande kommandon: + +<pre> +touch /etc/postfix/sasl/passwd +sudo chown root:root /etc/postfix/sasl/passwd +sudo chmod 0400 /etc/postfix/sasl/passwd +</pre> + Lägg in följande rad i /etc/postfix/sasl/passwd <pre> -smtp.fripost.org USERNAME@fripost.org:PASSWORD +[smtp.fripost.org]:587 USERNAME@fripost.org:PASSWORD </pre> Kör följande kommandon: <pre> -sudo chown root:root /etc/postfix/sasl/passwd -sudo chmod 0400 /etc/postfix/sasl/passwd sudo postmap hash:/etc/postfix/sasl/passwd </pre> @@ -156,9 +162,48 @@ Lägg in följande i main.cf: mydomain = fripost.org myorigin = $mydomain myhostname = USERNAME.$mydomain -relayhost = smtp.fripost.org:587 +relayhost = [smtp.fripost.org]:587 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd -smtp_sasl_security_options = -smtp_tls_security_level = may +smtp_sasl_security_options = noanonymous, noplaintext +smtp_sasl_tls_security_options = noanonymous + +smtp_tls_security_level = fingerprint +smtp_tls_fingerprint_digest = sha1 +smtp_tls_mandatory_ciphers = high +smtp_tls_fingerprint_cert_match = 6B:75:B6:CA:6F:6C:DD:F7:7C:FD:5A:98:89:80:3B:82:FD:82:0E:8B </pre> + +Guilhem comments: + +> I guess I'm not the only one who prefers to separate personal and +> professional e-mail accounts. I do it as follows: +> +> /etc/postfix/main.cf +> smtp_tls_policy_maps = hash:$config_directory/tls_policy +> smtp_sender_dependent_authentication = yes +> sender_dependent_relayhost_maps = hash:$config_directory/relayhost_map +> smtp_tls_fingerprint_digest = sha1 +> +> /etc/postfix/tls_policy +> [mail.chalmers.se]:587 secure ciphers=high +> [smtp.fripost.org]:587 fingerprint +> match=6B:75:B6:CA:6F:6C:DD:F7:7C:FD:5A:98:89:80:3B:82:FD:82:0E:8B +> ciphers=high +> +> /etc/postfix/relayhost_map +> @fripost.org [smtp.fripost.org]:587 +> guilhem.moulin@chalmers.se [mail.chalmers.se]:587 +> +> /etc/postfix/sasl/passwd +> [mail.chalmers.se]:587 mouling:xxxxxx +> [smtp.fripost.org]:587 guilhem:xxxxxx + +Guilhem adds: + +> Also, note that if you want to switch to the ‘secure’ TLS policy under +> Postfix < 2.8, you have to manually populate the chroot's CApath with +> trusted CAs (the bug was fixed in Postfix 2.8.). I wrote a script anyway +> which can be found at +> +> git://git.guilhem.org/fripost-ansible scripts/postfix-fixcerts.sh |