Professional Documents
Culture Documents
Instalacin
Configuracin bsica
1. Sitio de Internet
2. mail.example.com
3. steve
5. No
7. 0
8. +
9. todo
Reemplace mail.example.com con el dominio por el que usted aceptar correo
electrnico, 192.168.0.0/24 con la red real y el rango de clase de su servidor de correo,
y configurelo con el nombre de usuario apropiado.
Ahora es un buen momento para decidir qu formato de buzn desea usar. Por omisin,
Postfix usar mbox como formato de buzn. En lugar de cambiar el archivo de
configuracin directamente, puede usar el comando postconf para configurar todos los
parmetros de postfix. Los parmetros de configuracin se guardarn en el
archivo /etc/postfix/main.cf. Posteriormente, si desea volver a configurar un
parmetro en particular, puede volver a ejecutar el comando o bien cambiarlo
manualmente en el archivo.
Autentificacin SMTP
2. sudopostconfe'smtpd_sasl_type=dovecot'
3. sudopostconfe'smtpd_sasl_path=private/auth'
4. sudopostconfe'smtpd_sasl_local_domain='
5. sudopostconfe'smtpd_sasl_security_options=noanonymous'
6. sudopostconfe'broken_sasl_auth_clients=yes'
7. sudopostconfe'smtpd_sasl_auth_enable=yes'
8. sudopostconfe'smtpd_recipient_restrictions=\
9. permit_sasl_authenticated,permit_mynetworks,reject_unauth_destinati
on'
10. Next, generate or obtain a digital certificate for TLS. See Certificados for details.
This example also uses a Certificate Authority (CA). For information on generating a
CA certificate see Autoridad de certificacin.
MUAs connecting to your mail server via TLS will need to recognize the certificate
used for TLS. This can either be done using a certificate from a commercial CA or
with a self-signed certificate that users manually install/accept. For MTA to MTA TLS
certficates are never validated without advance agreement from the affected
organizations. For MTA to MTA TLS, unless local policy requires it, there is no reason
not to use a self-signed certificate. Refer to Creacin de un certificado auto-
firmado for more details.
11. Una vez tenga el certificado, configure Postfix para proporcionar cifrado TLS
para los correos de entrada y salida:
12. sudopostconfe'smtp_tls_security_level=may'
13. sudopostconfe'smtpd_tls_security_level=may'
14. sudopostconfe'smtp_tls_note_starttls_offer=yes'
15. sudopostconfe'smtpd_tls_key_file=/etc/ssl/private/server.key'
16. sudopostconfe'smtpd_tls_cert_file=/etc/ssl/certs/server.crt'
17. sudopostconfe'smtpd_tls_loglevel=1'
18. sudopostconfe'smtpd_tls_received_header=yes'
19. sudopostconfe'myhostname=mail.example.com'
Una vez ms, para tener ms detalles sobre los certificados, vea Certificados.
Despus de correr todas las rdenes, Postfix est configurado para SMTP-AUTH y se ha
creado un certificado de firma automtica para el cifrado TLS.
#See/usr/share/postfix/main.cf.distforacommented,morecomplete
#version
smtpd_banner=$myhostnameESMTP$mail_name(Ubuntu)
biff=no
#appending.domainistheMUA'sjob.
append_dot_mydomain=no
#Uncommentthenextlinetogenerate"delayedmail"warnings
#delay_warning_time=4h
myhostname=server1.example.com
alias_maps=hash:/etc/aliases
alias_database=hash:/etc/aliases
myorigin=/etc/mailname
mydestination=server1.example.com,localhost.example.com,localhost
relayhost=
mynetworks=127.0.0.0/8
mailbox_command=procmaila"$EXTENSION"
mailbox_size_limit=0
recipient_delimiter=+
inet_interfaces=all
smtpd_sasl_local_domain=
smtpd_sasl_auth_enable=yes
smtpd_sasl_security_options=noanonymous
broken_sasl_auth_clients=yes
smtpd_recipient_restrictions=
permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only=no
smtp_tls_security_level=may
smtpd_tls_security_level=may
smtp_tls_note_starttls_offer=yes
smtpd_tls_key_file=/etc/ssl/private/smtpd.key
smtpd_tls_cert_file=/etc/ssl/certs/smtpd.crt
smtpd_tls_CAfile=/etc/ssl/certs/cacert.pem
smtpd_tls_loglevel=1
smtpd_tls_received_header=yes
smtpd_tls_session_cache_timeout=3600s
tls_random_source=dev:/dev/urandom
Configuracin de SASL
Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To enable
Dovecot SASL the dovecot-core package will need to be installed. From a terminal
prompt enter the following:
serviceauth{
#auth_socket_pathpointstothisuserdbsocketbydefault.It's
typically
#usedbydovecotlda,doveadm,possiblyimapprocess,etc.Itsdefault
#permissionsmakeitreadableonlybyroot,butyoumayneedtorelax
these
#permissions.Usersthathaveaccesstothissocketareabletogeta
list
#ofallusernamesandgetresultsofeveryone'suserdblookups.
unix_listenerauthuserdb{
#mode=0600
#user=
#group=
}
#Postfixsmtpauth
unix_listener/var/spool/postfix/private/auth{
mode=0660
user=postfix
group=postfix
}
auth_mechanisms=plain
To this:
auth_mechanisms=plainlogin
Mail-Stack Delivery
Another option for configuring Postfix for SMTP-AUTH is using the mail-stack-
delivery package (previously packaged as dovecot-postfix). This package will
install Dovecot and configure Postfix to use it for both SASL authentication and as a
Mail Delivery Agent (MDA). The package also configures Dovecot for IMAP, IMAPS,
POP3, and POP3S.
You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail server. For
example, if you are configuring your server to be a mail gateway, spam/virus filter, etc.
If this is the case it may be easier to use the above commands to configure Postfix for
SMTP-AUTH.
Ahora debe tener un servidor de correo, pero hay algunas opciones que puede que
desee personalizar an ms. Por ejemplo, el paquete utiliza el certificado y la clave del
paquete ssl-cert, y en un entorno de produccin debera usar un certificado y la clave
generada por el anfitrin. Ver Certificados para ms detalles.
smtpd_tls_cert_file=/etc/ssl/certs/sslmail.pem
smtpd_tls_key_file=/etc/ssl/private/sslmail.key
Comprobando
telnet mail.example.com 25
Luego que usted haya establecido conexin con el servidor de correo postfix, tipee:
ehlomail.example.com
SI ve las siguientes lneas entre otras, entonces todo est funcionando correctamente.
Teclee quit para salir.
250STARTTLS
250AUTHLOGINPLAIN
250AUTH=LOGINPLAIN
2508BITMIME
Resolucin de problemas
Saliendo de chroot
smtpinetnsmtpd
smtpinetnnsmtpd
Necesitar reiniciar Postfix para usar la nueva configuracin. En una consola teclee:
If you need smtps, edit /etc/postfix/master.cf and uncomment the following line:
smtpsinetnsmtpd
osmtpd_tls_wrappermode=yes
osmtpd_sasl_auth_enable=yes
osmtpd_client_restrictions=permit_sasl_authenticated,reject
omilter_macro_daemon_name=ORIGINATING
Archivos log
Para ver los mensajes ingresados en los registros en tiempo real usted puede utilizar el
comando tail -f:
tail -f /var/log/mail.err
6. smtpunixsmtpv
It is important to note that after making one of the logging changes above
the Postfix process will need to be reloaded in order to recognize the new
configuration: sudo systemctl reload postfix.service
2. auth_debug=yes
3. auth_debug_passwords=yes
Just like Postfix if you change a Dovecot configuration the process will need to be
reloaded: sudo systemctl reload dovecot.service.
TELNET
#
# Some defaults, and include /etc/xinetd.d/
defaults
# Please note that you need a log_type line to be able to use log_on_success
instances = 60
log_on_failure = HOST
cps = 25 30
4.You puede cambiar el nmero de puerto telnet por editar / etc / services con esta
lnea:
telnet 23 / tcp
# default: on
service telnet
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
......
https://www.cyberciti.biz/faq/ubuntu-linux-enable-telnet-service/