Instalacja postfix

(zapytani o typ serwera podajemy Internet Site) (zapytani o domenę podajemy s123456.asl24.pl)
root@asl24:~# apt-get install postfix
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
libmysqlclient16 libperl5.10 mysql-common
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
  libmysqlclient16 libperl5.10 mysql-common
Suggested packages:
  postfix-mysql postfix-pgsql postfix-ldap postfix-pcre sasl2-bin resolvconf
  postfix-cdb ufw
The following packages will be REMOVED:
  exim4 exim4-base exim4-config exim4-daemon-light
The following NEW packages will be installed:
  libmysqlclient16 libperl5.10 mysql-common postfix
0 upgraded, 4 newly installed, 4 to remove and 0 not upgraded.
Need to get 3,449 kB of archives.
After this operation, 3,903 kB of additional disk space will be used.
Do you want to continue [Y/n]? Y
Get:1 http://security.debian.org/ squeeze/updates/main mysql-common all 5.1.61-0+squeeze1 [69.6 kB]
Get:2 http://ftp.man.poznan.pl/pub/linux/debian/debian/ squeeze/main postfix amd64 2.7.1-1+squeeze1 [1,402 kB]
Get:3 http://security.debian.org/ squeeze/updates/main libmysqlclient16 amd64 5.1.61-0+squeeze1 [1,976 kB]
Get:4 http://ftp.man.poznan.pl/pub/linux/debian/debian/ squeeze/main libperl5.10 amd64 5.10.1-17squeeze3 [1,160 B]
Fetched 3,449 kB in 1s (2,943 kB/s)
Preconfiguring packages ...
(Reading database ... 23319 files and directories currently installed.)
Removing exim4 ...
dpkg: exim4-config: dependency problems, but removing anyway as you requested:
 exim4-base depends on exim4-config (>= 4.30) | exim4-config-2; however:
  Package exim4-config is to be removed.
  Package exim4-config-2 is not installed.
  Package exim4-config which provides exim4-config-2 is to be removed.
 exim4-base depends on exim4-config (>= 4.30) | exim4-config-2; however:
  Package exim4-config is to be removed.
  Package exim4-config-2 is not installed.
  Package exim4-config which provides exim4-config-2 is to be removed.
Removing exim4-config ...
dpkg: exim4-daemon-light: dependency problems, but removing anyway as you requested:
 bsd-mailx depends on default-mta | mail-transport-agent; however:
  Package default-mta is not installed.
  Package exim4-daemon-light which provides default-mta is to be removed.
  Package mail-transport-agent is not installed.
  Package exim4-daemon-light which provides mail-transport-agent is to be removed.
 bsd-mailx depends on default-mta | mail-transport-agent; however:
  Package default-mta is not installed.
  Package exim4-daemon-light which provides default-mta is to be removed.
  Package mail-transport-agent is not installed.
  Package exim4-daemon-light which provides mail-transport-agent is to be removed.
Removing exim4-daemon-light ...
Stopping MTA: exim4_listener.
Processing triggers for man-db ...
Selecting previously deselected package postfix.
(Reading database ... 23255 files and directories currently installed.)
Unpacking postfix (from .../postfix_2.7.1-1+squeeze1_amd64.deb) ...
Processing triggers for man-db ...
Setting up postfix (2.7.1-1+squeeze1) ...
Adding group `postfix' (GID 109) ...
Done.
Adding system user \`postfix' (UID 106) ...
Adding new user `postfix' (UID 106) with group \`postfix' ...
Not creating home directory \`/var/spool/postfix'.
Creating /etc/postfix/dynamicmaps.cf
Adding tcp map entry to /etc/postfix/dynamicmaps.cf
Adding group `postdrop' (GID 110) ...
Done.
setting myhostname: asl24.pl
setting alias maps
setting alias database
changing /etc/mailname to kalkos.asl24.pl
setting myorigin
setting destinations: kalkos.asl24.pl, asl24.pl, localhost.pl, localhost
setting relayhost:
setting mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
setting mailbox_command
setting mailbox_size_limit: 0
setting recipient_delimiter: +
setting inet_interfaces: all

Postfix is now set up with a default configuration.  If you need to make
changes, edit
/etc/postfix/main.cf (and others) as needed.  To view Postfix configuration
values, see postconf(1).

After modifying main.cf, be sure to run '/etc/init.d/postfix reload'.

Running newaliases
Stopping Postfix Mail Transport Agent: postfix.
Starting Postfix Mail Transport Agent: postfix.
(Reading database ... 23432 files and directories currently installed.)
Removing exim4-base ...
Processing triggers for man-db ...
Selecting previously deselected package mysql-common.
(Reading database ... 23357 files and directories currently installed.)
Unpacking mysql-common (from .../mysql-common_5.1.61-0+squeeze1_all.deb) ...
Selecting previously deselected package libmysqlclient16.
Unpacking libmysqlclient16 (from .../libmysqlclient16_5.1.61-0+squeeze1_amd64.deb) ...
Selecting previously deselected package libperl5.10.
Unpacking libperl5.10 (from .../libperl5.10_5.10.1-17squeeze3_amd64.deb) ...
Setting up mysql-common (5.1.61-0+squeeze1) ...
Setting up libmysqlclient16 (5.1.61-0+squeeze1) ...
Setting up libperl5.10 (5.10.1-17squeeze3) ...
root@asl24:~#


Konfiguracja


Konfiguracja podstawowa:
myorigin = /etc/mailname                                               #ustawiamy nazwę domenową dla poczty wychodzącej

(...)

smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

(...)

mydestination = kalkos.asl24.pl, asl24.pl, localhost.pl, localhost     #tutaj wpisujemy nazwę domeny dla której nasz MTA jest również MDA
relayhost = domenakolegi.asl24.pl                                      #tutaj wpisujemy nazwę dns serwera dla którego będziemy realizowali usługę zapasowego smtp, pośredniczącego w doręczeniu
Konfiguracja uwierzytelniania w main.cf:
smtpd_sasl_type = dovecot                                              #ustawiamy mechanizm autoryzacji SMTP
smtpd_sasl_path = private/auth                                         #ścieżka do socketa unix z którym się komunikujemy 
smtpd_recipient_restrictions = permit_sasl_authenticated, check_relay_domains     #parametry sprawdzania przez smtpd czy przesłać pocztę do nadawcy
smtpd_sasl_auth_enable = yes                                           #włączenie uwierzytelniania smtp 
Dodatkowo potrzebne jest wprowadzenie zmian w dovecot.

Parametr smtpd_recipient_restrictions umożliwia ustawianie dodatkowych ograniczeń, np:
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,


Testowanie działania

Ciąg znaków potrzebny do zalogowania:
root@asl24:~# perl -MMIME::Base64 -e 'print encode_base64("\000nazwauzytkownika\000tajnehaslo")'
AG5hendhdXp5dGtvd25pa2EAdGFqbmVoYXNsbw==
root@asl24:~#
Połączenie SSL (można skorzystać z telnet localhost 25 i sprawdzić bez szyfrowania):
root@asl24:~# openssl s_client -connect smtp1.asl24.pl:25 -starttls smtp
CONNECTED(00000003)
depth=0 /CN=asl24.pl
verify error:num=18:self signed certificate
verify return:1
depth=0 /CN=asl24.pl
verify return:1
---
Certificate chain
 0 s:/CN=asl24.pl
 i:/CN=asl24.pl
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICojCCAYoCCQCzO+2cgkgDkjANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhh
c2wyNC5wbDAeFw0xMjA1MDgwNzM3MDVaFw0yMjA1MDYwNzM3MDVaMBMxETAPBgNV
BAMTCGFzbDI0LnBsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtr5
aK2T9U991fXS4i/XbSodEarvLyyl3rSYhSUE+a5qp/BFT3O5xkqtMt+GHBJcXyfS
uv969xHchwJJ/ApaAMafJ6XvZZEgFsXIwZNBeeuqrX1RiiqHrGqINTMCNgF0M6mj
+Kus1ras0xUFAAdY4ZcntnAFqKUZBZHyYg7gK0VPbdthBUYlpwreNBdaZ9sk5Cf3
Ov3unQ5FDuCkZVv69Jn3xjFHpJmYfgkTsL3LAceybSfxu4mzICEflAqZDu9lvAPK
gJScxI8tC5VUBFI6/XvgOMBOwfwk+zHG5Mo3a4QDjsZ9PEZXkcA29Kmec04pF1El
W2ZROU8UFV328OWGuwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQBJZs2zqFlUarUE
ds3N5Sghey7ej2e91EIDvmDIPDR/4/V7LXT6eTWtn6eZ9PZP+w48IiRl/BVY/HXE
0Lho+34Klf5c3amGlLoJforoVvJo/kx/PvWghkzcp97MeLYJlNObnrxTbV8df1/6
GN7wz1AUFRbEkv+CHN5JFGd3ciJ6SbeKi8UQ/GNXZx8Q36BIjro+HD1ZhAOhuEgI
1E5E3mzMkEwYn/vB3ACNHmbkVN9rohjLBsePiV6TNDjLbLDL75tT9XqZlxj/162v
qhtx7fjhbnqC+sbRKxixin6Aq3KXBGXBfkFUXAgqTf7V+33rXEXxYBK2iF+F80Wv
j/+4MNoP
-----END CERTIFICATE-----
subject=/CN=asl24.pl
issuer=/CN=asl24.pl
---
No client certificate CA names sent
---
SSL handshake has read 1601 bytes and written 354 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
	Protocol  : TLSv1
	Cipher    : DHE-RSA-AES256-SHA
	Session-ID: E99E015F41B6151EE2165F3AE9D1117F15316AEBB1D9406E9B370DF16852EA00
	Session-ID-ctx:
	Master-Key: 20CC5E67006729778875EBCE9215C143789DFF98B800E9A01D2552CA453B33BE5E1604CA8B269FB6215E2C650B342C4C
	Key-Arg   : None
	Start Time: 1337076336
	Timeout   : 300 (sec)
	Verify return code: 18 (self signed certificate)
---
250 DSN
EHLO mojadomena.asl24.pl
250-asl24.pl
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN AG5hendhdXp5dGtvd25pa2EAdGFqbmVoYXNsbw==
235 2.7.0 Authentication successful
mail from: 
250 2.1.0 Ok
rcpt to: 
250 2.1.5 Ok
data
354 End data with .
From: Testowy 
To: Testowy2 
Subject: czesc

dzien dobry czesc i czolem, pytacie skad sie wzialem
.
250 2.0.0 Ok: queued as DE91A5EAC
quit
221 2.0.0 Bye
closed
root@asl24:~#
Ustawienie nasłuchiwania przez smtp na dwóch portach. W pliku master.cf poniżej lini zawierającej
(...)
smtp      inet  n       -       -       -       -       smtpd
(...)
dopisz:
(...)
smtp      inet  n       -       -       -       -       smtpd
1025      inet  n       -       -       -       -       smtpd		#pierwszy parametr oznacza numer portu na którym smtpd będzie słuchał
(...)