From owner-freebsd-questions@FreeBSD.ORG Tue Dec 2 00:29:15 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9C34116A4CE for ; Tue, 2 Dec 2003 00:29:15 -0800 (PST) Received: from smtp.internet.dk (smtp.internet.dk [194.19.140.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7AE5A43FE5 for ; Tue, 2 Dec 2003 00:29:11 -0800 (PST) (envelope-from martin.mathiassen@dansikring.dk) Received: from mail.dansikring.dk (mail.dansikring.dk [194.255.13.34]) hB28T8U16784 for ; Tue, 2 Dec 2003 09:29:09 +0100 Received: from gloit001 ([10.44.1.175])hB28T7VW010245 for ; Tue, 2 Dec 2003 09:29:08 +0100 Message-ID: <006d01c3b8af$0d9238a0$af012c0a@gloit001> From: "Martin Mathiassen" To: Date: Tue, 2 Dec 2003 09:34:07 +0100 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: help needed with sasl and postfix X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Dec 2003 08:29:15 -0000 i am a newbiee in freebsd an i am trying to set up af mail server with postfix mysql amavis razor squirrelmail sasl imap i have tryed to follow this link http://www.littlewhitedog.com/reviews_other_00029.asp but i had to skeep the the start and whent on to installing the progs = going to harden it later first i want it to work Also add this in the beginning of your recipient restrictions ($:~)=3D> permit_sasl_authenticated, this wrong but what shall there stand then ($:~)=3D> dd if=3D/dev/urandom of=3D/etc/postfix/ssl/post.rand count=3D1 = 2>/dev/null and the answer is dd: unknown oprand 2 Cyrus SASL/TLS And Postfix SSL let's get SASL2 Installed now. ($:~)=3D> cd /usr/ports/security/cyrus-sasl2 ; make install clean Now go ahead and edit postfix's main.cf so we can tell it to start = utilizing the TLS features. Add in the following somewhere near the bottom: #TLS smtp_use_tls =3D yes smtpd_use_tls =3D yes smtpd_tls_auth_only =3D yes smtp_tls_note_starttls_offer =3D yes smtpd_tls_key_file =3D /etc/postfix/ssl/post.pem smtpd_tls_cert_file =3D /etc/postfix/ssl/post.pem smtpd_tls_CAfile =3D /etc/postfix/ssl/post.pem smtpd_tls_loglevel =3D 3 smtpd_tls_received_header =3D yes smtpd_tls_session_cache_timeout =3D 3600s tls_random_source =3D dev:/dev/urandom enable_sasl_authentication =3D yes smtpd_sasl_auth_enable =3D yes smtpd_sasl_security_options =3D noanonymous smtpd_sasl_local_domain =3D broken_sasl_auth_clients =3D yes Also add this in the beginning of your recipient restrictions ($:~)=3D> permit_sasl_authenticated, Here we create our postfix SSL Stuff ($:~)=3D> mkdir /usr/local/etc/postfix/ssl ($:~)=3D> chmod 700 /usr/local/etc/postfix/ssl Next we create our SSL certificates for postfix ($:~)=3D> cd /usr/local/etc/postfix/ssl ($:~)=3D> vi pst.cnf The contents of pst.cnf are: RANDFILE =3D /etc/postfix/ssl/post.rand [ req ] default_bits =3D 1024 encrypt_key =3D yes distinguished_name =3D req_dn x509_extensions =3D cert_type prompt =3D no [ req_dn ] C=3DcountryName Two letters! ST=3DstateOrProvinceName L=3DlocalityName O=3DorganizationName OU=3DOrganizationalUnitName CN=3DcommonName emailAddress=3DemailAddress [ cert_type ] nsCertType =3D server Be sure to enter the correct options. Next we generate our SSL = certificates. ($:~)=3D> dd if=3D/dev/urandom of=3D/etc/postfix/ssl/post.rand count=3D1 = 2>/dev/null WITH REGARDS MARTIN M