Home - Projects - Publications - Partners - Contact Us

s40mail_postfix

Synopsys

#
# Configuration of postfix mailer daemon
#

Script

echo "%Post: POSTFIX configuration"

mv /etc/postfix/main.cf /etc/postfix/main.cf-$VERSION
mv /etc/postfix/access /etc/postfix/access-$VERSION

cat > /etc/postfix/main.cf <<EOF
# Postfix configuration file

# Standard config for all machines
# Domain appended to unqualified addresses ($mydomain == foo.int)
myorigin = \$mydomain

# ClamSMTPd input filter
content_filter = scan:127.0.0.1:10025
receive_override_options = no_address_mappings

# Disable the SMTP VRFY command
disable_vrfy_command = yes

EOF

# Pull the MX records, find any for our nodename and determine the priority

HOST_MX=`host -t MX $DOMAINNAME | grep $NODENAME`
PRIORITY=`echo $HOST_MX | cut -d" " -f6`

if [ "$PRIORITY" == "5" ]; then		# PRIMARY MAILSERVER
echo "%Post: Configuring POSTFIX as primary mailserver"
cat >> /etc/postfix/main.cf <<EOF
# Config for primary mailserver
# Deliver mail into user's home directory in maildir format
home_mailbox = mail/

# Listen to mail on all interfaces
inet_interfaces = all

# Domains considered local
mydestination = \$mydomain, \$myhostname, localhost.\$mydomain, localhost

# Which machine should mail be relayed from
mynetworks = $NETWORK/24, 127.0.0.0/8

# forward mail to my domain and subdomains
relay_domains = \$mydomain, 127.0.0.0/8

# SMTP Auth and relaying controls
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
EOF

# SMTP auth is provided by saslauthd
mkdir /etc/postfix/sasl/
cat > /etc/postfix/sasl/smtpd.conf <<EOF
pwcheck_method: saslauthd
mech_list: plain login
EOF

cat > /etc/sysconfig/saslauthd <<EOF
START=yes
MECHANISMS="pam"
EOF

chkconfig --level 345 saslauthd on

elif [ "$PRIORITY" == "10" ]; then	# SECONDARY MAILSERVER
echo "%Post: Configuring POSTFIX as secondary mailserver"
cat >> /etc/postfix/main.cf <<EOF
# Config for secondary mailserver
# Deliver mail into user's home directory in maildir format
home_mailbox = mail/

# Listen to mail on all interfaces
inet_interfaces = all

# Domains considered local
mydestination = \$mydomain, \$myhostname, localhost.\$mydomain, localhost

# Which machine should mail be relayed from
mynetworks = $NETWORK/24, 127.0.0.0/8

# forward mail to my domain and subdomains
relay_domains = \$mydomain, 127.0.0.0/8

# SMTP Auth and relaying controls
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

EOF

# SMTP auth is provided by saslauthd
mkdir /etc/postfix/sasl/
cat > /etc/postfix/sasl/smtpd.conf <<EOF
pwcheck_method: saslauthd
mech_list: plain login
EOF

cat > /etc/sysconfig/saslauthd <<EOF
START=yes
MECHANISMS="pam"
EOF

chkconfig --level 345 saslauthd on

else					# ORDINARY WORKSTATION
  # will only accept mail from the localhost 
  # and relay it all to the primary mailserver (smarthost)
  # only root mail should be delivered locally
echo "%Post: Configuring as mail client"
# Config for mail client (i.e. not primary or seconday mailhost)
# Domains considered local
mydestination = \$myhostname localhost.\$mydomain localhost

# Which machines should mail be relayed from
mynetworks_style = host

# Never forward mail from outside the authorised network
relay_domains =

# Forward all mail to local mailhub
relayhost = \$mydomain

# Only receive mail on the loopback interface
inet_interfaces = loopback-only

EOF
cat > /etc/postfix/access <<EOF
$DOMAINNAME RELAY
EOF
fi

# All things need this bit
# Configuring for ClamSMTPd and Spamassassin as input filters
mv /etc/postfix/master.cf /etc/postfix/master.cf-$VERSION
sed -e 's/\(^smtp.*smtpd$\)/\1 -o content_filter=spamassassin:dummy/' \
	/etc/postfix/master.cf-$VERSION > /etc/postfix/master.cf
cat >> /etc/postfix/master.cf <<EOF
# AV scan filter (used by content_filter)
scan      unix  -       -       n       -       16      smtp
        -o smtp_send_xforward_command=yes
# For injecting mail back into postfix from the filter
127.0.0.1:10026 inet  n -       n       -       16      smtpd
        -o content_filter=
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_helo_restrictions=
        -o smtpd_client_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks_style=host
        -o smtpd_authorized_xforward_hosts=127.0.0.0/8

# Spam tagging filter
# this is only triggered when mail arrives by smtp
# mail injected with the sendmail command DOES NOT trigger it
# test using telnet to port 25, NOT using `mail -i`
spamassassin unix -     n       n       -       -       pipe
        user=nobody argv=/usr/bin/spamc -f -e
        /usr/sbin/sendmail -oi -f \${sender} \${recipient}
EOF

# Install the ClamSMTPd daemon
rpm -i /mnt/source/kickstart/rpms/clamav/$OS/clamsmtp-1.6-1.i386.rpm
mv /etc/clamsmtpd.conf /etc/clamsmtpd.conf-$VERSION
sed -e 's/^#\(Listen:\) 0.0.0.0:\(10025\)$/\1 127.0.0.1:\2/' \
    -e 's@^#\(ClamAddress:\) /var/run/clamav/clamd$@\1 127.0.0.1:3310@' \
    -e 's/^#\(User: clamav\)$/\1/' \
       /etc/clamsmtpd.conf-$VERSION > /etc/clamsmtpd.conf

chkconfig --levels 345 clamsmtpd on

Examples and Testing

# Due to the way this is configured, mail will ONLY be spam checked if
# it arrives via SMTP and not if it is injeced into the queue with the
# postfix version of the sendmail command.
# This means testing must be carried out using telnet to port 25
# Mail sent using the `mail` command will ONLY be virus checked

Marked up in XHTML - ©2005 Thoughtful Solutions Ltd.