INSTALLING POSTFIX

NETBSD INSTALL

it is built-in. if you want a newer version, Postfix builds on NetBSD as well (see below).

echo $PKG_PATH
pkg_add py37-spf py37-policyd-spf
which policyd-spf

grep ^postfix /etc/defaults/rc.conf

DEBIAN/UBUNTU INSTALL

export DEBIAN_FRONTEND=noninteractive
apt -y install postfix postfix-pcre bsd-mailx postfix-policyd-spf-python
#mailutils pmailq rsyslog
#postfix-policyd-spf-perl

systemctl status postfix

FROM SCRATCH

Building Postfix 3.x on NetBSD 7

this is not really required since NetBSD 8 and 9 have Postfix 3.1.4

although we are going to use Dovecot’s implementation of SASL, we could not get around this library

pkg_add cyrus-sasl
#cd /usr/pkgsrc/security/cyrus-sasl/
#make install
ll /usr/pkg/lib/sasl2/ #old
ll /usr/pkg/etc/sasl2/ #new
#security/cy2-crammd5
#security/cy2-gssapi

also we are going to enable SPF

pkg_add py-policyd-spf
#cd /usr/pkgsrc/mail/py-policyd-spf/
#make install

grab the latest release

ftp -a http://mirror.host.ag/postfix/postfix-release/official/postfix-3.4.7.tar.gz
ftp -a http://mirror.host.ag/postfix/postfix-release/official/postfix-3.4.7.tar.gz.gpg2

you can use GPG v1.4 against the .gpg2 signature

gpg --version
gpg --list-keys
gpg --recv-keys 80CA15A7
gpg --verify postfix-3.4.7.tar.gz.gpg2 postfix-3.4.7.tar.gz
#Primary key fingerprint: 622C 7C01 2254 C186 6774  69C5 0C0B 590E 80CA 15A7

extract it and compile with SSL and SASL

tar xzf postfix-3.4.7.tar.gz
cd postfix-3.4.7/
#make tidy
vi makedefs

   NetBSD*) SYSTYPE=NETBSD

vi src/util/sys_defs.h 

|| defined(NETBSD) || defined(EKKOBSD1) || defined(DRAGONFLY) 

w/ system’s SSL

make makefiles CCARGS="-DUSE_TLS" AUXLIBS="-lssl -lcrypto"

w/ local SSL

make makefiles CCARGS="-I/usr/local/include -DUSE_TLS" AUXLIBS="-L/usr/local/lib -lssl -lcrypto"

w/ SASL/Dovecot

CCARGS="-DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\"dovecot\""

that was for Cyrus+Dovecot?

#ll /usr/local/include/sasl/ /usr/local/lib/sasl2/
#ll /usr/pkg/include/sasl/ /usr/pkg/lib/sasl2/
#make makefiles \
#'CCARGS=-I/usr/local/include -I/usr/pkg/include/sasl \
#-DUSE_SASL_AUTH -DUSE_CYRUS_SASL \
#-DDEF_SERVER_SASL_TYPE=\"dovecot\" \
#-DUSE_TLS' \
#'AUXLIBS=-L/usr/local/lib -L/usr/pkg/lib/sasl2 \
#-lssl -lcrypto -lsasl2'

and build Wietse’s anti-spam framework^^

dmesg | egrep '] cpu[0-9]+:'
make clean
time make -j8 > ../postfix.make.log && echo BUILT

override it and check

grep postfix /etc/passwd
grep postfix /etc/group
grep maildrop /etc/group
make install

…and eventually accept all the defaults, overriding system’s built-in version.

which postfix
which postconf
postconf -d | grep version

check that you got Cyrus or Dovecot SASL enabled

postconf -a

now you CAN KEEP USING system’s built-in rc script

/etc/rc.d/postfix stop
postfix check
/etc/rc.d/postfix start

TROUBLESHOOTING

postfix/master[7421]: warning: process /usr/libexec/postfix/smtpd pid 7565 killed by signal 6
postfix/master[7421]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling

ll /etc/postfix/
chown -R root:wheel /etc/postfix/

ll /usr/libexec/postfix/
chown -R root:wheel /usr/libexec/postfix/

ll /usr/sbin/post*
ll /usr/sbin/sendmail
chown root:wheel /usr/sbin/post*
chown root:wheel /usr/sbin/sendmail
chown root:maildrop /usr/sbin/postqueue
chown root:maildrop /usr/sbin/postdrop
chmod g+s /usr/sbin/postqueue
chmod g+s /usr/sbin/postdrop

ll /usr/bin/newaliases
ll /usr/bin/mailq
chown root:wheel /usr/bin/newaliases
chown root:wheel /usr/bin/mailq

RESOURCES

Postfix Installation From Source Code http://www.postfix.org/INSTALL.html

NetBSD mail server with Postfix, BIND (for DNS), Dovecot, Pigeonhole (Sieve), SSL, DKIM and SPF http://silas.net.br/tech/apps/netbsd-mailserver.html

Complete (almost) Mail Server with NetBSD https://www.tumfatig.net/20101226/complete-almost-mail-server-with-netbsd/


Nethence | Pub | Lab | Pbraun | SNE Russia | xhtml