apt-get install postfix
dpkg-reconfigure postfix
    *
      Ok
    *
      Internet Site
    *
      NONE
    *
      mail.example.com
    *
      mail.example.com, localhost.localdomain, localhost
    *
      No
    *
      127.0.0.0/8
    *
      Yes
    *
      0
    *
      +
    *
      ipv4
-------------------------------
bash# :
postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'

Open the /etc/postfix/sasl/smtpd.conf

--------------
nano /etc/postfix/sasl/smtpd.conf

idedu:
pwcheck_method: saslauthd
mech_list: plain login

------------------
bash#:
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
pass: passwordas

chmod 600 smtpd.key

openssl req -new -key smtpd.key -out smtpd.csr #(ivedu pass)::

root@zet req -new -key smtpd.key -out smtpd.csr

Enter pass phrase for smtpd.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:LT
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:Kaunas
Organization Name (eg, company) [Internet Widgits Pty Ltd]:domain.lt
Organizational Unit Name (eg, section) []:domain.lt
Common Name (eg, YOUR name) []:Virg
Email Address []:zzz@gmai/lt

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:passwordas
An optional company name []:domain.lt

--------------------------------

openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt #(pass)

openssl rsa -in smtpd.key -out smtpd.key.unencrypted  #pass

mv -f smtpd.key.unencrypted smtpd.key
-------------------------------------------------------------
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

root@zetilium:~# openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
Generating a 1024 bit RSA private key
.....++++++
...++++++
writing new private key to 'cakey.pem'
Enter PEM pass phrase: #pass
Verifying - Enter PEM pass phrase: passwordas
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:LT
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:Kaunas
Organization Name (eg, company) [Internet Widgits Pty Ltd]:domain.lt
Organizational Unit Name (eg, section) []:domain.lt

---------------------------------------

sudo mv smtpd.key /etc/ssl/private/
sudo mv smtpd.crt /etc/ssl/certs/
sudo mv cakey.pem /etc/ssl/private/
sudo mv cacert.pem /etc/ssl/certs/

-----------------------

postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/ssl/private/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
postconf -e 'myhostname = mail.example.com'

------------------------
Now, the file /etc/postfix/main.cf  should look like this::

# See /usr/share/postfix/main.cf.dist for a commented, more complete
# version

smtpd_banner = $myhostname ESMTP $mail_name (Zetilium)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

myhostname = server1.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = server1.example.com, localhost.example.com, localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

---------------

      sudo /etc/init.d/postfix start
------------------

apt-get install libsasl2 sasl2-bin

mkdir -p /var/spool/postfix/var/run/saslauthd

rm -rf /var/run/saslauthd

---------------

To activate saslauthd, edit the file /etc/default/saslauthd, and change or add the START variable. In order to configure saslauthd to run in the false root, add the PWDIR, PIDFILE and PARAMS variables. Finally, configure the MECHANISMS variable to your liking. The file should look like this:

# This needs to be uncommented before saslauthd will be run
# automatically
START=yes

PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"

# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"

MECHANISMS="pam"
-----------

If you prefer, you can use shadow instead of pam. This will use MD5 hashed password transfer and is perfectly secure. The username and password needed to authenticate will be those of the users on the system you are using on the server.

Next, update the dpkg "state" of /var/spool/portfix/var/run/saslauthd. The saslauthd init script uses this setting to create the missing directory with the appropriate permissions and ownership:

dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd

----------------

Testing

SMTP AUTH configuration is complete. Now it is time to start and test the setup. You can run the following command to start the SASL daemon:

           
              sudo /etc/init.d/saslauthd start
           
         

To see if SMTP-AUTH and TLS work properly, run the following command:

           
              telnet mail.example.com 25
           
          ----------------

After you have established the connection to the postfix mail server, type:

ehlo mail.example.com

If you see the following lines among others, then everything is working perfectly. Type quit to exit.

250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME

viskas gerai...
-----------------