Last active
August 3, 2023 13:27
-
-
Save jurikern/bddc98c3c4b8f24a350d to your computer and use it in GitHub Desktop.
Postfix base configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo apt-get update -y | |
| sudo locale-gen en_US | |
| sudo apt-get install postfix opendkim opendkim-tools sasl2-bin libsasl2-modules libsasl2-modules-sql libopendbx1-pgsql iptables-persistent | |
| sudo mkdir /etc/postfix/ssl | |
| cd /etc/postfix/ssl/ | |
| sudo openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 | |
| sudo chmod 600 smtpd.key | |
| sudo openssl req -new -key smtpd.key -out smtpd.csr | |
| sudo openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt | |
| sudo openssl rsa -in smtpd.key -out smtpd.key.unencrypted | |
| sudo mv -f smtpd.key.unencrypted smtpd.key | |
| sudo openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 | |
| cd | |
| sudo vim /etc/postfix/sasl/smtpd.conf | |
| # pwcheck_method: auxprop | |
| # auxprop_plugin: sql | |
| # mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM | |
| # sql_engine: pgsql | |
| # sql_hostnames: 127.0.0.1 | |
| # sql_user: smtp | |
| # sql_passwd: smtp | |
| # sql_database: tynnel | |
| # sql_select: SELECT password FROM smtp_access WHERE username = '%u' | |
| sudo vim /etc/default/saslauthd | |
| # START=yes | |
| # OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" | |
| sudo mkdir -p /var/spool/postfix/var/run/saslauthd | |
| sudo dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd | |
| sudo adduser postfix sasl | |
| opendkim-genkey -t -s smtp -d tynnel.com | |
| sudo cp smtp.private /etc/postfix/dkim.key | |
| sudo chown opendkim:opendkim /etc/postfix/dkim.key | |
| cat smtp.txt | |
| sudo vim /etc/opendkim.conf | |
| # SigningTable dsn:pgsql://smtp:smtp@127.0.0.1/tynnel/table=dkim?keycol=domain_name?datacol=id | |
| # KeyTable dsn:pgsql://smtp:smtp@127.0.0.1/tynnel/table=dkim?keycol=id?datacol=domain_name,selector,private_key | |
| # SigningTable /etc/opendkim/SigningTable | |
| # KeyTable /etc/opendkim/KeyTable | |
| # ExternalIgnoreList /etc/opendkim/TrustedHosts | |
| # InternalHosts /etc/opendkim/TrustedHosts | |
| # KeyFile /etc/postfix/dkim.key | |
| # Selector smtp | |
| # Canonicalization relaxed/relaxed | |
| # SOCKET inet:8891@localhost | |
| sudo vim /etc/opendkim/TrustedHosts | |
| # 127.0.0.1 | |
| # localhost | |
| # 192.168.0.1/24 | |
| # x.x.x.x | |
| sudo vim /etc/opendkim/KeyTable | |
| # smtp._domainkey.tynnel.com tynnel.com:smtp:/etc/postfix/dkim.key | |
| sudo vim /etc/opendkim/SigningTable | |
| # * smtp._domainkey.tynnel.com | |
| sudo vim /etc/default/opendkim | |
| # SOCKET="inet:8891@localhost" | |
| sudo adduser postfix opendkim | |
| sudo mkdir /var/spool/postfix/var/run/opendkim | |
| sudo chown opendkim:opendkim /var/spool/postfix/var/run/opendkim | |
| sudo dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/opendkim | |
| sudo vim /etc/postfix/main.cf | |
| # inet_interfaces = 172.31.9.253 | |
| # inet_protocols = ipv4 | |
| # message_size_limit = 20480000 | |
| # milter_default_action = accept | |
| # milter_protocol = 6 | |
| # smtpd_milters = inet:localhost:8891 | |
| # non_smtpd_milters = inet:localhost:8891 | |
| # smtpd_sasl_local_domain = | |
| # smtpd_sasl_auth_enable = yes | |
| # smtpd_sasl_security_options = noanonymous | |
| # broken_sasl_auth_clients = yes | |
| # smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination | |
| # smtpd_tls_auth_only = no | |
| # smtp_use_tls = yes | |
| # smtpd_use_tls = yes | |
| # smtp_tls_note_starttls_offer = yes | |
| # smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key | |
| # smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt | |
| # smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem | |
| # smtpd_tls_loglevel = 1 | |
| # smtpd_tls_received_header = yes | |
| # smtpd_tls_session_cache_timeout = 3600s | |
| # tls_random_source = dev:/dev/urandom | |
| # debugger_command = | |
| # PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin | |
| # ddd $daemon_directory/$process_name $process_id & sleep 5 | |
| postconf | grep nis: | |
| sudo postconf -e alias_maps=hash:/etc/aliases | |
| sudo postmap aliases | |
| sudo postalias /etc/aliases | |
| sudo /etc/init.d/saslauthd start | |
| sudo service opendkim start | |
| sudo service postfix restart | |
| sudo postmulti -e init | |
| sudo postmulti -I postfix-2 -G outgoing -e create | |
| sudo touch /etc/postfix-2/dynamicmaps.cf | |
| sudo postmulti -i postfix-2 -e enable | |
| sudo rm /etc/postfix-2/main.cf | |
| sudo vim /etc/postfix-2/main.cf | |
| # inet_interfaces = 172.31.1.67 | |
| # data_directory = /var/lib/postfix-2 | |
| # inet_protocols = ipv4 | |
| # master_service_disable = inet | |
| # queue_directory = /var/spool/postfix-2 | |
| # multi_instance_group = outgoing | |
| # multi_instance_name = postfix-2 | |
| # multi_instance_enable = yes | |
| # --- postfix/main.cf content --- | |
| sudo iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 --packet 0 -j SNAT --to-source 172.31.9.253 | |
| sudo iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 --packet 0 -j SNAT --to-source 172.31.10.125 | |
| sudo iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 --packet 0 -j SNAT --to-source 172.31.10.172 | |
| sudo iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 --packet 0 -j SNAT --to-source 172.31.1.67 | |
| sudo iptables-save > /etc/iptables/rules.v4 | |
| dig smtp._domainkey.tynnel.com TXT | |
| sudo apt-get install swaks | |
| swaks -t check-auth2@verifier.port25.com -f me@tynnel.com (You can test by simply sending an email to autorespond+dkim@dk.elandsys.com or check-auth2@verifier.port25.com) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment