postfix #3

  • By jose
  • Latest version (#3)
  • precise
  • Stable
  • Edge

Description

Postfix is Wietse Venema's mail transport agent that started life as an
alternative to the widely-used Sendmail program. Postfix attempts to
be fast, easy to administer, and secure, while at the same time being
sendmail compatible enough to not upset existing users. Thus, the
outside has a sendmail-ish flavor, but the inside is completely
different.


Overview

Postfix is Wietse Venema's mail transport agent that started life as an
alternative to the widely-used Sendmail program. Postfix attempts to be fast,
easy to administer, and secure, while at the same time being sendmail
compatible enough to not upset existing users. Thus, the outside has a
sendmail-ish flavor, but the inside is completely different.

This charm will install the necessary packages, create the required
certificates, and fully deploy Postfix as a POP3 and SMTP server, so it is
ready to use.

REMINDER: This charm does not include a configuration for a web interface.

Usage

To deploy Postfix, you first need to edit the config.yaml with your own
configuration options. This is because some certificates will be created once
to deploy the system, and they need to have your own values. Once you have done
that, you can run:

juju deploy --config config.yaml postfix

once the environment is bootstrapped, and the configuration file edited. To
expose the service, and open all the necessary ports for mail transport, do:

juju expose postfix

once the service has finished deploying.

Configuration

To configure the charm, you need to edit the config.yaml file that comes here,
setting the values to your current values. More information on the add-ssl and
options can be found on the config.yaml file itself.

hostname: This is the hostname you assigned for the server, not the rDNS

domain: This is the domain you will be using for the server (what, in the email
address, goes after the @)

rootuser: The root username (it is usually root or ubuntu)

ssl-key: The SSL key on your system, which should be stated as cat ~/smtpd.key

ssl-cert: The SSL certificate on your system, which should be stated as cat ~/smtpd.crt

cacert: The cacert.pem file you generated on your system, which should be
stated as cat ~/cacert.pem

cakey: The cakey.pem file you generated on your system, which should be
stated as cat ~/cakey.pem

Adding TLS/SSL support

This charm has Transport Socket Layer (TLS) and Secure Socket Layer (SSL)
support. Even though this option is not necessary, it is highly recommended. To
add TLS/SSL support, just trigger the add-ssl hook. For this script to work you
will have to follow the instructions below for generating keys/certificates (in
case you do not have them yet) and placing them in the correct directories.

Generating the keys and certificates

In case you want to add TLS/SSL to this charm you will need to use keys and SSL
certificates. If you already have those done, please skip to the bottom of this
step, otherwise please follow this instructions.

To generate self-signed certificates, you need to issue the following commands
on a Terminal:

touch smtpd.key

chmod 600 smtpd.key

openssl genrsa 1024 > smtpd.key openssl req -new -key smtpd.key -x509 -days
3650 -out smtpd.crt

openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem
-days 3650

Please, note that the third and fourth commands have prompts you have to fill
in with the correct information.

Once you have generated the certificates, you can go ahead and execute the
following command:

juju set postfix ssl-key="cat ~/smtpd.key" ssl-cert="cat ~/smtpd.crt"
cacert="cat ~/cacert.pem" cakey="~/cakey.pem"

Renewing the keys and certificates

The renewal of keys and SSL certificates can be done in the same way that you
added SSL support. Just re-run the following command, specifying the new
certificates and keys locations instead of the old ones:

juju set postfix ssl-key="cat ~/smtpd.key" ssl-cert="cat ~/smtpd.crt"
cacert="cat ~/cacert.pem" cakey="~/cakey.pem"

Once you do that, your keys and SSL certificates should be updated.

Contact Information

Author: José Antonio Rey jose@ubuntu.com
Report bugs at: http://bugs.launchpad.net/charms
Location: http://jujucharms.com

Configuration

rootuser
(string) The root username
root
domain
(string) Your domain (what goes after the @)
example.com
cakey
(string) This is the cakey.pem file you generated. Should go as `cat ~/cakey.pem`
hostname
(string) The hostname you assigned for the server
server1.example.com
cacert
(string) This is the cacert.pem file you generated. Should go as `cat ~/cacert.pem`
ssl-cert
(string) This is the SSL Certificate address on your system. Should go as `cat ~/smtpd.crt`
ssl-key
(string) This is the SSL Key address on your system. Should go as `cat ~/smtpd.key`