== Postfix 快速指南 ==
第134行: 第133行:

We have to change a few things to make it work properly. Because Postfix runs chrooted in '''''/var/spool/postfix''''' we have change a couple paths to live in the false root.  (ie. '''''/var/run/saslauthd''''' becomes '''''/var/spool/postfix/var/run/saslauthd'''''): <br>我们应当修改一些内容来令saslauthd正常工作.因为Postfix需要将根目录更改为'''''/var/spool/postfix ''''',我们应当将那些使用不正确根目录的目录更改为正确的.(例如:将'''''/var/run/saslauthd''''' 修改为'''''/var/spool/postfix/var/run/saslauthd'''''):
以上没有说明 怎么更改,这里给出方法 ,做一些小的修改,以便于postfix可以通过saslauthd工作 修改方法如下:
mkdir -p /var/spool/postfix/var/run/saslauthd

First we edit /etc/default/saslauthd in order to activate saslauthd. Remove # in front of START=yes and add the PWDIR, PARAMS, and PIDFILE lines:<br>首先,我们需要编辑/etc/default/saslauthd 以激活 saslauthd . 请将 '''''START=yes''''' 之前的 '''''#''''' 号去掉并添加''''' PWDIR''''', '''''PARAMS''''' 和''''' PIDFILE''''' 行:

Postfix 快速指南







Postfix is a Mail Transfer Agent (MTA) which is the default MTA for Ubuntu. It is in Ubuntu's main repository, which means that it receives security updates. This guide explains how to install and configure postfix and set it up as an SMTP server using a secure connection.


In order to install Postfix with SMTP-AUTH and TLS do the following steps:

apt-get install postfix libsasl2 sasl2-bin libsasl2-modules libdb3-util procmail



dpkg-reconfigure postfix

Insert the following details when asked (replacing with your domain name if you have one):

  • Internet Site
  • NONE
  •,, localhost
  • No
  • Yes
  • 0
  • +
  • all

Then run the following commands:

postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
postconf -e 'myhostname ='

The file /etc/postfix/ should now look like this: /etc/postfix/

# See /usr/share/postfix/ for a commented, more complete version
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
myhostname =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =,, localhost
relayhost =
mynetworks =
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

Restart the postfix daemon like this:

/etc/init.d/postfix restart


Authentication will be done by saslauthd.

We have to change a few things to make it work properly. Because Postfix runs chrooted in /var/spool/postfix we have change a couple paths to live in the false root. (ie. /var/run/saslauthd becomes /var/spool/postfix/var/run/saslauthd):
我们应当修改一些内容来令saslauthd正常工作.因为Postfix需要将根目录更改为/var/spool/postfix ,我们应当将那些使用不正确根目录的目录更改为正确的.(例如:将/var/run/saslauthd 修改为/var/spool/postfix/var/run/saslauthd):


以上没有说明 怎么更改,这里给出方法 ,做一些小的修改,以便于postfix可以通过saslauthd工作 修改方法如下: mkdir -p /var/spool/postfix/var/run/saslauthd


First we edit /etc/default/saslauthd in order to activate saslauthd. Remove # in front of START=yes and add the PWDIR, PARAMS, and PIDFILE lines:
首先,我们需要编辑/etc/default/saslauthd 以激活 saslauthd . 请将 START=yes 之前的 # 号去掉并添加 PWDIR, PARAMS PIDFILE 行:

# This needs to be uncommented before saslauthd will be run automatically
# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"

Note: If you prefer, you can use "shadow" instead of "pam". This will use MD5 hashed password transfer and is perfectly secure. The username and password needed to authenticate will be those of the users on the system you are using on the server.
 : 如果你喜欢的话,你可以使用"shadow"来替换"pam" .这将使用MD5生成的哈希值来传输以得到更高的安全性. 需要验证的用户名及密码将是那些你服务器上的系统上的.

Next, we update the dpkg "state" of /var/spool/portfix/var/run/saslauthd. The saslauthd init script uses this setting to create the missing directory with the appropriate permissions and ownership:
下一步: 我们更新 dpkg 中 /var/spool/portfix/var/run/saslauthd 的状态. saslauthd 的启动脚本需要一个特定的用户权限来建立一个新的目录.

dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd

Finally, start saslauthd:

/etc/init.d/saslauthd start


To see if SMTP-AUTH and TLS work properly now run the following command:
要查看SMTP-AUTH 及TLS能否正常工作请使用如下命令:

telnet localhost 25

After you have established the connection to your postfix mail server type

ehlo localhost

If you see the lines


among others, everything is working.

Type quit to return to the system's shell.
输入 quit 以返回系统.

