Postfix With SMTP-AUTH And TLS on openSuSE Linux 10.x

This article describes the installation of Postfix With SMTP-AUTH And TLS on a SuSE Linux 10.x Server.

We do it quick and easy.

Normally any linux distribution comes with precompiled packages. That`s fine and we use them.

System Description:

Standard SuSE linux 10.x server, installed in runlevel3. No graphical system is required.

Systemrequirements:

Install the follwing packages via SuSE "YaST"

  • Postfix
  • cyrus-sasl
  • cyrus-sasl-crammd5
  • cyrus-sasl-digestmd5
  • cyrus-sasl-gssapi
  • cyrus-sasl-otp
  • cyrus-sasl-plain
  • cyrus-sasl-saslauthd

Now we create the certificates for TLS:

TLS cert for 10 years: 

...
$>mkdir /etc/postfix/ssl
$>cd cd /etc/postfix/ssl/
$>openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 
$>chmod 600 smtpd.key
$>openssl req -new -key smtpd.key -out smtpd.csr
$>openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
$>openssl rsa -in smtpd.key -out smtpd.key.unencrypted
$>mv -f smtpd.key.unencrypted smtpd.key
$>openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Now we configure Postfix for SMTP-AUTH and TLS:

There are two ways to do this, one is to change every variable in /etc/postfix/main.cf, the other way is via "postconf" command like we do it:

$>postconf -e 'mydomain = example.com'
$>postconf -e 'myhostname = server.$mydomain'
$>postconf -e 'mynetworks = 127.0.0.0/8'
$>postconf -e 'smtpd_sasl_local_domain ='
$>postconf -e 'smtpd_sasl_auth_enable = yes'
$>postconf -e 'smtpd_sasl_security_options = noanonymous'
$>postconf -e 'broken_sasl_auth_clients = yes'
$>postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_relay_domains'
$>postconf -e 'inet_interfaces = all'
$>postconf -e 'alias_maps = hash:/etc/aliases'
$>postconf -e 'smtpd_tls_auth_only = no'
$>postconf -e 'smtp_use_tls = yes'
$>postconf -e 'smtpd_use_tls = yes'
$>postconf -e 'smtp_tls_note_starttls_offer = yes'
$>postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
$>postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
$>postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
$>postconf -e 'smtpd_tls_loglevel = 1'
$>postconf -e 'smtpd_tls_received_header = yes'
$>postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
$>postconf -e 'tls_random_source = dev:/dev/urandom'

To enable TLS connections in Postfix, edit /etc/postfix/master.cf and uncomment the tlsmgr line so that it looks like this:

$>vi /etc/postfix/master.cf


tlsmgr unix  -   -   n   1000?  1   tlsmgr

To see if SMTP-AUTH and TLS work properly now run the following commands:

$>/etc/init.d/postfix restart
$>telnet localhost 25
$>ehlo localhost

If you see the lines:

250-STARTTLS

and

250-AUTH

then everything is fine.

It should look like this:

server:/etc/postfix/ssl # telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 server.example.com ESMTP Postfix
ehlo localhost
250-server.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
server:/etc/postfix/ssl

Type
$>quit

to return to the shell.

<<<------------>>> that`s it <<<------------>>>