Postfix with TLS, amavisd-new and SASL |
![]() |
Written by Administrator |
Monday, 21 April 2008 11:20 |
To have a secure mail server, I have configured my postfix to work with:
amavisd-new is a high-performance interface between mailer (MTA) and content checkers such as virus scanners and SpamAssassin. Transport layer security (TLS) provides authenticated and encrypted sessions. SASL is a framework for secure authentication. In the following, I want to give you a short overview how to enable these features in the postfix mail daemon. However, you will not find any information here, e.g. how to to configure amavisd-new. amavisd-newTo connect amavisd-new with postifx, you need to add the following in the file "main.cf" (/etc/postfix/main.cf)
content_filter = amavisfeed:[127.0.0.1]:10024
In the file "master.cf", add:
127.0.0.1:10025 inet n - n - - smtpd
However, you need to be aware that amavisd-new itself needs configuration, and has some requirements such as perl modules to be installed first. TLSAdd the following in "main.cf":
smtpd_tls_cert_file = /etc/ssl/misc/postfixcert.pem
The first two options are for the certificate and key to use with TLS. If you want to use a self signed certificate, refer to my article "OpenSSL CA". The last option defines that a connection may use, but is not forced TLS. Note: You should ensure that the issuing CA certificate(s) are installed in your mail client in order to avoid SSL warning messages when sending e-mails. SASLAdd the following in "main.cf":
smtpd_sasl_auth_enable = yes
Find the file etc/dovecot.conf In the authentication section, add or enable:
# It's possible to export the authentication interface to other programs: |
Last Updated on Monday, 11 June 2012 10:34 |