Grzegorz Czapliński --> articles

<--

Postfix and Amavis

Postfix and SASL

Postfix aliases

Courier-IMAP

Using Mutt

Postfix and Anti-Spam

Setting up ACLs

Service

OpenService

Gmirror(8)

Scripts and code

Contact

  
Articles
Setting Up Sophos + Amavis for Postfix,
This (pdf) article is a little outdated. Instead read "Setting Up Amavisd-new + Sophos for Postfix". If any questions feel free to drop me a line.

Comment:
My only other comment would be to build the amavis port mentioned with

make fetch-recursive

which should do the same as the 'make install and break with ^C' mentioned, but do it cleaner... - Murray Taylor

 
Postfix with SASL Authentication over TLS,
This article is on how to set up ESMTP AUTH option in Postifx using SASL over TLS. All is implemented under FreeBSD. Working configs and scripts.

After the publication several questions were asked and also I came to useful conclusions. Here it goes...

I was asked why not use PAM while authenticating via SASL.
When I was working on the article it was not possible. Also the manpage was misleading stating that PAM option works on Linux and Solaris. According to manpage getpwent option works on all platforms. That is why I chose the latter. I made some tests and PAM authenticaion works fine with saslauthd daemon now.

Moreover it is possible to chroot(1) postfix while working with SASL.
In my article I suggested to edit master.cf file and change it to read like this:

 smtp      inet  n       n       n       -       -       smtpd

Don't do that! Leave it as it was. The whole secret lies in SASL installation.

After last cvsup of ports I have noticed some changes. There are now three SASL ports - cyrus-sasl, cyrus-sasl2 and cyrus-sasl2-saslauthd.

(I decided not to go with the details regarding old layout of ports, sorry.)

Before you make(1) anything go to cyrus-sasl2 and cyrus-sasl2-saslauthd; and apply these patches as follows:

(Get the patches from here.) Go to /usr/ports/security/cyrus-sasl2 and apply:
# patch -p < cyrus-sasl2.patch

Go to /usr/ports/security/cyrus-sasl2-saslauthd
# patch -p < cyrus-sasl2-saslauthd.patch

then chdir to /usr/ports/security/cyrus-sasl2-saslauthd/files
# patch -p < saslauthd.sh.patch

Go back to /usr/ports/security/cyrus-sasl2-saslauthd and now type:
# make all install

I assume you have not changed the queue_directory variable in main.cf file. It is essential. queue_directory is the place where Postfix chroots. My patches force SASL to use /var/spool/postfix/saslauthd as a place to keep pid file and its socket. This way, even when postfix is chrooted, it can see what's below queue_directory. The config has been tested!

 

Postfix aliases,
That article has to be read after "Postfix SASL". This is on how to implement postfix aliases, ecartis aliases and canonical ones. Working configs and scripts.
 
Courier-IMAP,
POP3 and IMAP send passwords in clear-text over the network. An attacker may easily steal a user's password sniffing the net or simply hijack his connection. In this article I will show how to install and securely configure Courier-IMAP on your mail server. Your users will have to use secure connections (over SSL) to connect to POP3/SSL and IMAP/SSL services. To understand why it is so important, read more.
 
Using Mutt,
Have you ever asked yourself what MUA - Mail User Agent to use?
You must have, as sending email is a base to communicate over the internet. Before start reading my article read "Trawling the Ports Collection: Using Mutt for email" written by Greg Lehey. Greg's aricle is a great intro to using Mutt.

 
Mutt
Setting Up Amavisd-new + Sophos for Postfix,
A few months ago I wrote an article titled "Setting Up Sophos + Amavis for Postfix". In that article I described how to implement an effective anti-virus protection for your site. In the configuration details presented there, I was relaying on Sophos anti-virus, Postfix, amavis-perl and amavisd. This time I would like to introduce a more advanced configuration - Sophos anti-virus, Postfix and Amavisd-new with SpamAssassin. Read more.

Read the Errata!

 
Spam is BAD! Spam is BAD!

Setting up ACLs,
ACLs provide an extended set of permissions for a file or directory. These permissions can be used in addition to the conventional UNIX permissions for files and directories. Standard UNIX file permissions provide read, write and execute access to three user classes...Read more.
 
Professional service,
I wrote this article for Sun Magazine (in Polish)...
 
OpenService,
OpenService is the way I think, people could service their systems. This article was written for Sun Magazine (in Polish).
 
Gmirror(8)
gmirror(8) is a nice and neat tool to mirror your data. Read the first and the second part of the article.
 
Legal,
I maintain all Copyrights © on these articles.

Special thanks to Jason McIntyre and Gary Kline.

 
Contact
E-mail: <gregory at czaplinski.net>
IRC: irc.FreeNode.net - #DaemonNews
*.irc.pl - #freebsd.pl, !freebsd
PGP Key: <http://www.czaplinski.net/key.asc>

"The Power to Serve, Right for the Power Users!" - http://www.FreeBSD.org/

 
Powered by FreeBSD Powered by vi Powered by Apache
24th of August 2006.
Grzegorz Czapliński