My RHEL7 install but it install Postfix 2.10 and I use a LDAP backend for
password storage. Not sure it helps you ?
-ALF
RAN vi /etc/postfix/master.cf
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
RAN vi /etc/postfix/main.cf
smtpd_relay_restrictions = check_recipient_access
hash:/etc/postfix/maps/block_to, permit_mynetworks, permit_sasl_authenticated,
defer_unauth_destination
RAN yum install sssd
RAN yum install pamtester
RAN vi /etc/pam.d/smtp
auth sufficient pam_unix_auth.so
auth required pam_ldap.so use_first_pass
account sufficient pam_unix_acct.so
account required pam_ldap.so
comment out other lines(2)
RAN vi /etc/sssd/sssd.conf
[domain/default]
autofs_provider = ldap
cache_credentials = True
ldap_search_base = ou=people,dc=uconn,dc=edu
krb5_realm = UCONN.EDU
krb5_server = kerberos.uconn.edu
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldaps://ldap.uconn.edu
ldap_id_use_start_tls = False
ldap_tls_cacertdir = /etc/openldap/cacerts
#ldap_tls_cacertdir = /etc/openldap/cacerts
krb5_store_password_if_offline = True
krb5_kpasswd = kadmin.uconn.edu
[sssd]
services = nss, pam, autofs
config_file_version = 2
domains = default
[nss]
homedir_substring = /home
[pam]
[autofs]
RAN chmod 600 /etc/sssd/sssd.conf
RAN yum install nss-pam-ldapd
RAN vi /etc/nslcd.conf
uri ldaps://ldap.uconn.edu
base dc=uconn,dc=edu
binddn <REMOVED>
bindpw <REMOVED>
tls_reqcert never
ssl no
tls_cacertdir /etc/openldap/cacerts
RAN yum install pam_ldap
RAN authconfig-tui
In "User information" pick "use LDAP"
In "Authentication" pick Use LDAP Authentication"
RAN yum install cyrus-sasl
RAN systemctl status saslauthd
RAN systemctl enable saslauthd
RAN systemctl start saslauthd
RAN yum install cyrus-sasl-plain
RAN pamtester smtp zzz00036 authenticate
-ANGELO FAZZINA
UITS Service Manager:
Spam and Virus Prevention
Mass Mailing
G Suite/Gmail
ang...@uconn.edu
University of Connecticut, UITS, SSG, Server Systems
860-486-9075
-----Original Message-----
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org]
On Behalf Of Philip Paeps
Sent: Friday, January 12, 2018 3:49 PM
To: postfix-users@postfix.org
Subject: Re: Offering STARTTLS in postfix. need help!
On 2018-01-12 15:45:33 (-0500), Sean Son wrote:
>How does one configure an internet facing Postfix SMTP mail relay
>server, to offer STARTTLS? I have been googling around and seeing
>various different articles and blog entries, but I cannot figure out
>what is the quickest and easiest way to do so. I am running postfix on
>RHEL 7. Any help is greatly appreciated!
I'm surprised Google couldn't find
http://www.postfix.org/TLS_README.html
DuckDuckGo returns it as the first hit for "Postfix TLS".
Philip
--
Philip Paeps
Senior Reality Engineer
Ministry of Information
