OS yang digunakan FreeBSD 7.4
install sasl2 dan saslauthd dari ports

# cd /usr/ports/security/cyrus-sasl2
# make install clean
# cd /usr/ports/security/cyrus-sasl2-saslauthd
# make install clean

configurasi sasl2

# cd /usr/local/lib/sasl2
# echo "pwcheck_method: saslauthd" > smtpd.conf

isi dari config file /usr/local/lib/sasl2/smtpd.conf

pwcheck_method: saslauthd
mech_list: plain login
saslauthd_path: /var/run/saslauthd/mux

disable metode sasl autentikasi yang tidak digunakan, bila step ini di lewatkan maka akan terjadi masalah pada user yang menggunakan outlook, nantinya user akan sulit melakukan otentikasi ke server.
pindahkan NTLM ke folder deactivated yang akan dibuat

# cd /usr/local/lib/sasl2
# mkdir deactivated
# mv ntlm deactivated

install dovecot dari ports

# cd /usr/ports/mail/dovecot2
# make install clean

install postfix-2.7 dari ports

# cd /usr/ports/mail/postfix27
# make install clean

*dovecot
*tls
*ssl

pada saat instalasi postfix anda akan melihat pesan di bawah ini dan isikan dengan y

Would you like to add postfix user to mail group [y] y
Would you like to activate Postfix in /etc/mail/mailer.conf [n]? y

jika ingin menonaktifkan sendmail, maka tambahkan baris dibawah ini kedalam rc.conf

sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

dan juga disable sendmail mantenance routines dengan menambahkan baris berikut pada /etc/periodic.conf (optional)

daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"

kemudian cek ke beradaan library yang di perlukan mensupport postfix SSL dan TLS

# ldd /usr/local/libexec/postfix/smtpd

seharusnya akan terlihat baris seperti dibawah ini

smtpd:
libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x28096000)
libssl.so.3 => /usr/local/lib/libssl.so.3 (0x280aa000)
libcrypto.so.3 => /usr/local/lib/libcrypto.so.3 (0x280db000)
libc.so.5 => /usr/lib/libc.so.5 (0x281df000)

buatlah SSL certificate

# mkdir -p /etc/postfix/ssl
# cd /etc/postfix/ssl
# openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650

berikut isi config dari /usr/local/etc/postfix/main.cf

queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
mail_owner = postfix
myhostname = smtp4.donat.web.id
mydomain = donat.web.id
inet_interfaces = all
local_recipient_maps =
unknown_local_recipient_reject_code = 550
mynetworks_style = host
mynetworks = 192.168.1.0/24 192.168.2.0/24 127.0.0.0/8
relayhost =
alias_maps = hash:/etc/mail/aliases
alias_database = hash:/etc/mail/aliases
recipient_delimiter = +
home_mailbox = Maildir/
smtpd_banner = $myhostname ESMTP $mail_name
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
$daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = /usr/local/share/doc/postfix
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = /usr/local/share/doc/postfix

#config tambahan
smtpd_sasl_path = smtpd

sasl config
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination

tls config
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

berikut isi config dari /usr/local/etc/postfix/main.cf

#############################################################
smtp inet n - n - - smtpd
587 inet n - n - - smtpd
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_local_domain=$myhostname
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_sender_login_maps=hash:/etc/postfix/virtual
-o smtpd_sender_restrictions=reject_sender_login_mismatch
-o smtpd_recipient_restrictions=reject_unknown_recipient_domain,reject_non_fqdn_recipient,permit_sasl_authenticated,reject
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
#When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o smtp_fallback_relay=
-o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache

berikut isi config dari /usr/local/etc/dovecot.conf

########################################################################
protocols = imap pop3
Base directory where to store runtime data
base_dir = /var/run/dovecot/
Greeting message for clients
login_greeting = Dovecot ready.

!include_try local.conf
############################################################################

berikut isi config dari /usr/local/etc/dovecot/conf.d/10-ssl.conf

##########################################################################
SSL settings
SSL/TLS support: yes, no, required.
#ssl = yes
ssl_cert = ssl_key = #ssl_key =

berikut isi config dari /usr/local/etc/dovecot/conf.d/10-auth.conf

#############################################################################
auth_mechanisms = plain login
!include auth-checkpassword.conf.ext
############################################################################

berikut isi config dari /usr/local/etc/dovecot/conf.d/10-master.conf

###########################################################################
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
}
###########################################################################

berikut isi config dari /usr/local/etc/dovecot/conf.d/auth-checkpassword.conf.ext

#################################################################################

passdb {
driver = checkpassword
args = /usr/local/bin/checkpasswordmail
}
passdb lookup should return also userdb info
userdb {
driver = static
args = uid=dovecot gid=dovecot home=/tmp/
}

untuk file checkpasswordmail.conf dapat diletakan di /usr/local/etc/checkpasswordmail.conf, dengan isi sebagai berikut

donat.web.id:mail.donat.web.id:imap:143
(tulis nama domain yang dikehendaki)

##############################################################################

ini merupakan isi dari /etc/rc.conf

###################################
check_quotas="NO"
defaultrouter="192.168.167.1"
hostname="smtp4.donat.web.id"
ifconfig_re0="inet 192.168.167.16 netmask 255.255.255.224"
keymap="us.iso"
nisdomainname="NO"
ntpdate_enable="YES"
ntpdate_hosts="asia.pool.ntp.org"
sshd_enable="YES"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
postfix_enable="YES"
dovecot_enable="YES"
saslauthd_enable="YES"
##############################################################################

jalankan service postfix, saslauthd, dan dovecot dengan perintah

# /usr/local/etc/rc.d/postfix start
# /usr/local/etc/rc.d/saslauthd start
# /usr/local/etc/rc.d/dovecot start
Advertisements