>Message: 3
>Date: Thu, 1 Dec 2005 16:07:36 -0600 (CST)
>From: "Hongwei Li" <hongwei@xxxxxxxxx>
>The Symantec Antivirus checks port 25 for outgoing emails. So, if we could
set port 587 for SMTP on the server side, then it may work with Symantec
>antivirus. Is it true? If yes, how to set the port 587 on the server side
for SMTP? Will that work anyway?
>Thanks!
>Hongwei
By default it will set up SMTP using TLS on port 465. What SBC yahoo has
published in the post above is irrelevant and I have used this with all of
the Symantec products. Also, I can send you a detailed doc on integrating
spam filters, ClamAV and also exporting the self signed keys that are
generated below and importing them into Outlook for both Postfix and dovecot
IMAP. If you want them email me off line and I will send them along.
Good Luck,
John
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
cat /etc/services |grep smtp
smtp 25/tcp mail
smtp 25/udp mail
smtps 465/tcp # SMTP over SSL (TLS)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Generate the certificate files needed for TLS Fedora Postfix implementation:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
mkdir /etc/postfix/certs
cd /etc/postfix/certs/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
<- Enter a password for smtpd.key. (something)
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
<- Again, enter your password for smtpd.key.
Something
<- Enter your Country Name (e.g., "DE").
US
<- Enter your State or Province Name.
California
<- Enter your City.
Felton
<- Enter your Organization Name (e.g., the name of your company).
Your Name
<- Enter your Organizational Unit Name (e.g. "IT Department").
Nothing
<- Enter the Fully Qualified Domain Name of the system (e.g.
"server1.example.com"). systemname.domainname.com
<- Enter your Email Address.
your-email@xxxxxxxxxxxxx
The following information is optional:
<- Enter a challenge password.
Not Entered
<- Enter an optional company name.
Not Entered
openssl x509 -req -days 9999 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
<- Again, enter your password for smtpd.key.
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
<- Again, enter your password for smtpd.key.
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem
-days 9999
<- Again, enter your password for smtpd.key.
Something
<- Enter your Country Name (e.g., "DE").
US
<- Enter your State or Province Name.
California
<- Enter your City.
Felton
<- Enter your Organization Name (e.g., the name of your company).
Your Name
<- Enter your Organizational Unit Name (e.g. "IT Department").
Nothing
<- Enter the Fully Qualified Domain Name of the system (e.g.
"server1.example.com"). systemname.domainname.com
<- Enter your Email Address.
your-email@xxxxxxxxxxxxx
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Modify /etc/postfix/main.cf adding the following lines:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,ch
eck_relay_domains
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/certs/smtpd.key
smtpd_tls_cert_file = /etc/postfix/certs/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Uncomment TLS and SASL lines in /etc/postfix/master.cf
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#DO NOT SHARE THE POSTFIX QUEUE BETWEEN MULTIPLE POSTFIX INSTANCES.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
submission inet n - n - - smtpd
#Default
-o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
#qmgr fifo n - n 300 1 qmgr
qmgr fifo n - n 300 1 nqmgr
tlsmgr fifo - - n 300 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
cyrus unix - n n - - pipe
user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#Service postfix restart
