See our guide on security certificates for details about generating digital certificates and setting up your own Certificate Authority (CA). For MTA-to-MTA TLS, there is no reason not to use a self-signed certificate unless local policy requires it. This can either be done using a certificate from Let’s Encrypt, from a commercial CA or with a self-signed certificate that users manually install/accept.įor MTA-to-MTA, TLS certificates are never validated without prior agreement from the affected organisations. MUAs connecting to your mail server via TLS will need to recognise the certificate used for TLS. Next, generate or obtain a digital certificate for TLS. The options “noanonymous,noplaintext” prevent the use of mechanisms that permit anonymous authentication or that transmit credentials unencrypted. There are several SASL mechanism properties worth evaluating to improve the security of your deployment. The smtpd_sasl_path config parameter is a path relative to the Postfix queue directory. Permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination' Sudo postconf -e 'smtpd_recipient_restrictions = \ Sudo postconf -e 'smtpd_sasl_auth_enable = yes' Sudo postconf -e 'broken_sasl_auth_clients = yes' Sudo postconf -e 'smtpd_sasl_tls_security_options = noanonymous' Sudo postconf -e 'smtpd_sasl_security_options = noanonymous,noplaintext' Sudo postconf -e 'smtpd_sasl_local_domain =' Sudo postconf -e 'smtpd_sasl_path = private/auth' To configure Postfix for SMTP-AUTH using SASL (Dovecot SASL), run these commands at a terminal prompt: sudo postconf -e 'smtpd_sasl_type = dovecot' Once it has been authenticated, the SMTP server will allow the client to relay mail. SMTP-AUTH allows a client to identify itself through the Simple Authentication and Security Layer (SASL) authentication mechanism, using Transport Layer Security (TLS) to encrypt the authentication process. This will place new mail in /home//Maildir so you will need to configure your Mail Delivery Agent (MDA) to use the same path. To configure the mailbox format for Maildir: sudo postconf -e 'home_mailbox = Maildir/' Later if you wish to re-configure a particular parameter, you can either run the command or change it manually in the file. In either case, the configuration parameters will be stored in /etc/postfix/main.cf file. ![]() To set the mailbox format, you can either edit the configuration file directly, or use the postconf command. On each screen, select the following values: To configure postfix, run the following command: sudo dpkg-reconfigure postfix ![]() Type of mailbox format ( mbox is the default, but we’ll use the alternative, Maildir).The network and class range of your mail server (we’ll use 192.168.0.0/24). ![]() The for which you’ll accept email (we’ll use in our example).There are four things you should decide before configuring: The package still exists for compatibility reasons, but won’t setup a working email system. The mail-stack-delivery metapackage has been deprecated in Focal. Some of the configuration options will be investigated in greater detail in the configuration stage. It is OK to accept defaults initially by pressing return for each question. To install Postfix run the following command: sudo apt install postfix For information on Virtual Domains and other advanced configurations see References. This guide does not cover setting up Postfix Virtual Domains.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |