MBCDN

Ubuntu 24.04

# Postfix und LibSASL installieren
sudo apt install postfix libsasl2-modules sasl2-bin
 
# SASL gegen PAM (lokale User)
sudo sed -i 's/^START=.*/START=yes/' /etc/default/saslauthd
sudo sed -i 's/^MECHANISMS=.*/MECHANISMS="pam"/' /etc/default/saslauthd
sudo systemctl enable --now saslauthd
sudo systemctl status saslauthd
sudo adduser postfix sasl
 
# SASL für Postfix
sudo mkdir -p /etc/postfix/sasl
sudo tee /etc/postfix/sasl/smtpd.conf >/dev/null <<'EOF'
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
log_level: 7
EOF
 
 
# SASL einschalten (Server-Seite)
sudo postconf -e "smtpd_sasl_auth_enable = yes"
sudo postconf -e "smtpd_sasl_type = cyrus"
sudo postconf -e "smtpd_sasl_security_options = noanonymous"
sudo postconf -e "broken_sasl_auth_clients = yes"
 
# WICHTIG: Keine TLS-Pflicht für AUTH (sonst gäbe es ohne Zertifikat kein AUTH)
sudo postconf -e "smtpd_tls_auth_only = no"
sudo postconf -e "smtpd_use_tls = no"
sudo postconf -e "smtpd_tls_security_level = none"
 
# Gegen offenes Relay absichern (nur mynetworks ODER authentifiziert)
sudo postconf -e "smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination"
 
# Optional wie auf smtp02:
sudo postconf -e "relayhost = vie-srv-ex02.d2000.local"
#sudo postconf -e "fallback_relay = vie-srv-ex01.d2000.local"
 
# master.cf smtpd Socket NICHT im Chroot!! 2 x n
smtp      inet  n       -       n       -       -       smtpd
  -o smtpd_sasl_auth_enable=yes
 
# proxy-protocol
sudo postconf -e "smtpd_upstream_proxy_protocol = haproxy"
sudo postconf -e "smtpd_upstream_proxy_timeout = 5s"
sudo postconf -e "postscreen_upstream_proxy_protocol = haproxy"
sudo postconf -e "postscreen_upstream_proxy_timeout = 5s"