====== Red Hat 9.0 Postfix+SASL+TLS Server Notes ======

===== Preparation =====

  * Uninstall sendmail
  * Procure Postfix RPM: [[http://www.flamewars.org/~phil/software/postfix-2.1.5-3.sasl2.tls.rh9.i386.rpm]]
  * Install RPM
  * Ensure that saslauthd service is enabled (using chkconfig)
  * Aquire postfix and ipop3d certificate (place in /usr/share/ssl/certs/postfix.pem and /usr/share/ssl/certs/ipop3d.pem)

===== Configuration =====

  * Edit provided configuration (/etc/postfix/main.cf)
  * Important options:
    * myhostname
    * myorigin (your domain)
    * mydestination (all your domains)
    * mynetworks_style=host
    * mail_spool_directory (probably /var/spool/mail)
  * Add the following lines to /etc/postfix/main.cf:
<code>
# SASL configuration
broken_sasl_auth_clients=yes
smtpd_sasl_auth_enable=yes
smtpd_sasl_local_domain=
smtpd_sasl_security_options=noanonymous
smtpd_recipient_restrictions=permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

# TLS configuration
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /usr/share/ssl/certs/postfix.pem
smtpd_tls_cert_file = /usr/share/ssl/certs/postfix.pem
smtpd_tls_received_headers = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
</code>
  * Edit /etc/postfix/aliases to redirect root's mail
  * Edit /usr/lib/sasl2/smtpd.conf
<code>
mech_list: plain login
pwcheck_method: saslauthd
</code>
  * Fix pam
<code>ln -s /etc/pam.d/smtp.postfix /etc/pam.d/smtp</code>
  * Set up postfix service