alexalmazan.com

Postfix SPF

Posted by alex almazan Wed, 30 Jul 2008 13:18:00 GMT

This article is to ouline the specifics for implementing SPF policy framework for Postfix provided in Redhat Enterprise Linux (es4/es5).

1.) First install all the necessary perl modules via RPM that you will require:

http://dag.wieers.com/rpm/packages/perl-Net-Address-IPv4-Local/ http://dag.wieers.com/rpm/packages/perl-NetAddr-IP/ http://dag.wieers.com/rpm/packages/perl-Mail-SPF/

(additional RPMs may be required) I would recommend that you refrain from installing via CPAN as a mix of RPM installed and CPAN installed modules can lead to issues in the future.

2.) Obtain and install the SPF perl script

cd /usr/src
wget http://www.openspf.org/blobs/postfix-policyd-spf-perl-2.001.tar.gz
tar xvfz postfix-policyd-spf-perl-2.001.tar.gz
cd postfix-policyd-spf-perl-2.001
cp postfix-policyd-spf-perl /usr/libexec/postfix/postfix-policyd-spf-perl
chomd o+x /usr/libexec/postfix/postfix-policyd-spf-perl

Ensure that you set the script to executable, or errors such as these are recieved

warning: command /usr/bin/perl exit status 2
postfix/smtpd: warning: premature end-of-input on private/policy while reading input attribute name

3.)Next, edit the postfix configuration file ’/etc/postfix/master.cf’ This line should be appended to the end of the configuration.

policy  unix  -       n       n       -       -       spawn
        user=nobody argv=/usr/bin/perl /usr/lib/postfix/policyd-spf-perl

4.)Next open /etc/postfix/main.cf and find the directive “smtpd_recipient_restrictions” You should have reject_unauth_destination in that directive, and right after reject_unauth_destination add ‘check_policy_service unix:private/policy’

smtpd_recipient_restrictions =permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,check_policy_service unix:private/policy

important ensure that you specify “check_policy_service” AFTER “reject_unauth_destination” or else you will have an open relay!

Posted in Mail Server Tips & Tricks
Meta permalink, rss, atom

Plesk TLS

Posted by alex almazan Mon, 21 Jul 2008 08:21:22 GMT

The following syntax will help determine any issues with the certificates loaded for TLS: -

openssl s_client -connect 127.0.0.1:25 -starttls smtp -debug

Your mileage will vary

Posted in Plesk Tips & Tricks, Mail Server Tips & Tricks
Meta permalink, rss, atom

alexalmazan.com

atypical typo tech rhelish

Postfix SPF

Plesk TLS

Categories

Archives

Ma.gnolia Links (magnolia)

Recent Comments

Docs

Old School

Tags

Gallerias Almazan

Syndicate