Red Hat 9.0 Postfix+SASL+TLS Server Notes

• Uninstall sendmail
• Procure Postfix RPM: http://www.flamewars.org/~phil/software/postfix-2.1.5-3.sasl2.tls.rh9.i386.rpm
• Install RPM
• Ensure that saslauthd service is enabled (using chkconfig)
• Aquire postfix and ipop3d certificate (place in /usr/share/ssl/certs/postfix.pem and /usr/share/ssl/certs/ipop3d.pem)

• Edit provided configuration (/etc/postfix/main.cf)
• Important options:
  • myhostname
  • myorigin (your domain)
  • mydestination (all your domains)
  • mynetworks_style=host
  • mail_spool_directory (probably /var/spool/mail)
• Add the following lines to /etc/postfix/main.cf:

# SASL configuration
broken_sasl_auth_clients=yes
smtpd_sasl_auth_enable=yes
smtpd_sasl_local_domain=
smtpd_sasl_security_options=noanonymous
smtpd_recipient_restrictions=permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

# TLS configuration
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /usr/share/ssl/certs/postfix.pem
smtpd_tls_cert_file = /usr/share/ssl/certs/postfix.pem
smtpd_tls_received_headers = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

• Edit /etc/postfix/aliases to redirect root's mail
• Edit /usr/lib/sasl2/smtpd.conf

mech_list: plain login
pwcheck_method: saslauthd

• Fix pam

ln -s /etc/pam.d/smtp.postfix /etc/pam.d/smtp

• Set up postfix service