Index

treba stiahnut zdrojaky postfoxu a patch na podporu TLS

cd ~/install
wget ftp://ftp.tuke.sk/pub/postfix/postfix-release/official/postfix-2.1.0.tar.gz
tar -xzvf postfix-2.1.0.tar.gz -C /tmp

postfix defaultne nema v sebe podporu TLS, treba opatchovat

cd /tmp
wget http://www.ipnet6.org/postfix/download/tls+ipv6-1.23-pf-2.1.0.patch.gz
gunzip ~/install/tls+ipv6-1.23-pf-2.1.0.patch.gz
patch -p0 < ~/install/tls+ipv6-1.23-pf-2.1.0.patch
rm ~/install/tls+ipv6-1.23-pf-2.1.0.patch

zmaknut len takto, inak nepojde (teda ak cesty su ako som mal ja) s podporou mysql:

make -f Makefile.init makefiles CCARGS="-DUSE_SSL -I/usr/include/openssl -DHAS_MYSQL -I/usr/include/mysql" AUXLIBS="-L/usr/lib -lssl -lcrypto -L/  usr/include/mysql -lmysqlclient -lz -lm"

bez podpory mysql:

make CCARGS="-DUSE_SSL -I/usr/include/openssl" AUXLIBS="-L/usr/lib -lssl -lcrypto"

make
make install

OK, teraz treba vyrobit certifikaty - velmi dobry navod je http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_support.html
A najnovsie aj ca

dalej treba do /etc/postfix/main.cf pridat (poznamky netreba ):

## TLS
#  Transport Layer Security
#  TLS-Patch by Lutz J�nicke
#
smtpd_use_tls = yes
#smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/cert.pem
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_CAfile = /etc/postfix/ca.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

• v /etc/postfix/master.cf ani nikde inde uz netreba nic menit
• na normalny beh TLS netreba mat ani otvoreny port 465 (smtps) - vsetko ide cez 25, ale ak by sa niekomu velmi chcelo tak sa da port 465 aktivovat pridanim do /etc/postfix/master.cf tohto:

smtps    inet  n       -       n       -       -       smtpd

postfx sa startuje velmi jednoducho:

postfix start

hadaj ako sa vypina?

postfix stop