Instalace Ubuntu mail server


Instalace balíků pro mailserver
apt-get install postfix
apt-get install postfix-mysql dovecot-mysql dovecot-core dovecot-imapd postgrey
apt-get installamavis clamav clamav-daemon spamassassin
apt-get installphp5-imap
apt-get install spamass-milter
apt-get install clamav-milter
apt-get install arj bzip2 cabextract cpio file gzip jlha-utils lzop nomarch p7zip pax unrar-free rpm zip zoo apt-get install libnet-dns-perl pyzor razor
apt-get install dovecot-sieve dovecot-managesieved

Konfigurace Postfixadmin 
wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.3.7/postfixadmin-2.3.7.tar.gz
gunzip postfixadmin-2.3.7.tar.gz
tar -xf postfixadmin-2.3.7.tar 
mv postfixadmin-2.3.7 /usr/share/postfixadmin
nano /etc/postfixadmin/apache.conf 
Alias /postfixadmin /usr/share/postfixadmin  
cp /usr/share/postfixadmin/config.inc.php /etc/postfixadmin 
pokud je novější soubor tak přidat ještě dbconfig.inc.php ten je include v config.inc.php jinak obsaženo v config.inc.php
nano /etc/postfixadmin/config.inc.php
require_once('dbconfig.inc.php');
if (!isset($dbserver) || empty($dbserver))
        $dbserver='localhost';
$CONF['configured'] = true;
$CONF['postfix_admin_url'] = '/postfixadmin';
$CONF['admin_email'] = 'xxx@xxx.net';
$CONF['smtp_server'] = 'localhost';
$CONF['smtp_port'] = '25';
$CONF['encrypt'] = 'dovecot:CRAM-MD5';
$CONF['authlib_default_flavor'] = 'md5raw';
$CONF['dovecotpw'] = "/usr/bin/dovecotpw";
$CONF['generate_password'] = 'NO';
$CONF['show_password'] = 'NO';
$CONF['page_size'] = '10';
touch /etc/postfixadmin/dowecotpw
#!/bin/sh
# front end to mimic dovecotpw using doveadm for postfixadmin
#
# doveadm pw [-l] [-p plaintext] [-r rounds] [-s scheme] [-t hash] [-u user] [-V]
cmdargs="pw "
while getopts ":lp:r:s:t:u:V" opt ; do
case $opt in 
 l ) cmdargs="$cmdargs -l ";;
 V ) cmdargs="$cmdargs -V ";;
 p ) cmdargs="$cmdargs -p $OPTARG " ;;
 r ) cmdargs="$cmdargs -r $OPTARG " ;;
 s ) cmdargs="$cmdargs -s $OPTARG " ;;
 t ) cmdargs="$cmdargs -t $OPTARG " ;;
 u ) cmdargs="$cmdargs -u $OPTARG " ;;
esac
done
shift $(($OPTIND - 1))
/usr/bin/doveadm $cmdargs

Konfigurace Dovecot 
useradd -r -u 150 -g mail -d /var/vmail -s /sbin/nologin -c "Virtual maildir handler" vmail mkdir /var/vmail chmod 770 /var/vmail chown vmail:mail /var/vmail
touch /etc/dovecot/dovecot-sql.conf.ext
driver = mysql 
connect = host=localhost dbname=postfixadmin user=postfix password=password
default_pass_scheme = CRAM-MD5 
password_query = \ 
 SELECT username as user, password, '/var/vmail/%d/%n' as userdb_home, \ 
 'maildir:/var/vmail/%d/%n' as userdb_mail, 150 as userdb_uid, 8 as userdb_gid \ 
 FROM mailbox WHERE username = '%u' AND active = '1' 
user_query = \ 
 SELECT '/var/vmail/%d/%n' as home, 'maildir:/var/vmail/%d/%n' as mail, \ 
 150 AS uid, 8 AS gid, concat('dirsize:storage=', quota) AS quota \ 
 FROM mailbox WHERE username = '%u' AND active = '1' 

touch /etc/dovecot/conf.d/auth-sql.conf.ext
passdb { 
 driver = sql 
 args = /etc/dovecot/dovecot-sql.conf.ext 
} 
userdb { 
 driver = sql 
 args = /etc/dovecot/dovecot-sql.conf.ext 
}

nano /etc/dovecot/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = yes
auth_mechanisms = cram-md5
#!include auth-system.conf.ext 
!include auth-sql.conf.ext 

nano /etc/dovecot/dovecot/conf.d/10-logging.conf
log_path = /var/log/dovecot.log //po odladění zakomentovat

nano /etc/dovecot/dovecot/conf.d/10-mail.conf
mail_location = maildir:/var/vmail/%d/%n
inbox = yes 
mail_uid = vmail 
mail_gid = mail 
first_valid_uid = 150 
last_valid_uid = 150 

nano /etc/dovecot/dovecot/conf.d/10-master.conf
service auth { 
 unix_listener auth-userdb { 
 mode = 0666 
 user = vmail 
 group = mail 
 } 
 # Postfix smtp-auth 
 unix_listener /var/spool/postfix/private/auth { 
 mode = 0666 
 user = postfix 
 group = postfix 
 }
 } 
openssl req -new -x509 -days 1000 -nodes -out "/etc/dovecot/dovecot.pem" -keyout "/etc/dovecot/private/dovecot.pem"
nano /etc/dovecot/conf.d/10-ssl.conf 
ssl = yes
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem

nano /etc/dovecot/conf.d/15-lda.conf 
postmaster_address = postmaster@example.com 
lda_mailbox_autocreate = yes 
lda_mailbox_autosubscribe = yes
protocol lda {
 mail_plugins = $mail_plugins sieve
}

chown -R vmail:dovecot /etc/dovecot
chmod-R o-rwx /etc/dovecot
chmod o+x /etc/dovecot
chmod -R o+r /etc/dovecot/conf.d
chmod o+xr /etc/dovecot/conf.d
chmod o+r /etc/dovecot/dovecot.conf
pro debug dovecot -F

Konfigurace Amavis, ClamAV, a SpamAssassin

adduser clamav amavis

adduser amavis clamav

nano /etc/amavis/conf.d/15-content_filter_mode
use strict; 
@bypass_virus_checks_maps = ( 
 \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); 
@bypass_spam_checks_maps = ( 
 \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); 
1;

nano /etc/default/spamassassin
ENABLED=1
CRON=1

nano /etc/amavis/conf.d/50-user
use strict;
$max_servers  = 3;
$sa_tag_level_deflt  = -9999;
@lookup_sql_dsn = (
    ['DBI:mysql:database=postfixadmin;host=127.0.0.1;port=3306',
     'postfix',
     'mailpassword']);
$sql_select_policy = 'SELECT domain from domain WHERE CONCAT("@",domain) IN (%k)';
# Uncomment to bump up the log level when testing.
# $log_level = 2;
#------------ Do not modify anything below this line -------------
1;  # ensure a defined return

service amavis restart

service spamassassin restart
test funkce spamassasin:sudo -u amavis sa-learn --dbpath /var/lib/amavis/.spamassassin/ --spam /usr/share/doc/spamassassin/examples/sample-spam.txt
Konfigurace Postfix
Pozn. "hosts" direktiva v následujícich souborech musí být stejná jako "bind-address" v /etc/mysql/my.cnf. ("localhost" nebo "127.0.0.1" ) 
touch /etc/postfix/mysql_virtual_alias_domainaliases_maps.cf
user = postfix
password = mailpassword
hosts = 127.0.0.1
dbname = postfixadmin
query = SELECT goto FROM alias,alias_domain
  WHERE alias_domain.alias_domain = '%d'
  AND alias.address=concat('%u', '@', alias_domain.target_domain)
  AND alias.active = 1

touch /etc/postfix/mysql_virtual_alias_maps.cf
user = postfix
password = mailpassword
hosts = 127.0.0.1
dbname = postfixadmin
table = alias
select_field = goto
where_field = address
additional_conditions = and active = ‚1‘

touch /etc/postfix/mysql_virtual_domains_maps.cf
user = postfix
password = mailpassword
hosts = 127.0.0.1
dbname = postfixadmin
table = domain
select_field = domain
where_field = domain
additional_conditions = and backupmx = ‚0‘ and active = ‚1‘

touch /etc/postfix/mysql_virtual_mailbox_domainaliases_maps.cf
user = postfix
password = mailpassword
hosts = 127.0.0.1
dbname = postfixadmin
query = SELECT maildir FROM mailbox, alias_domain
  WHERE alias_domain.alias_domain = ‚%d‘
  AND mailbox.username=concat(‚%u‘, ‚@‘, alias_domain.target_domain )
  AND mailbox.active = 1

touch /etc/postfix/mysql_virtual_mailbox_maps.cf
user = postfix
password = mailpassword
hosts = 127.0.0.1
dbname = postfixadmin
query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'
table = mailbox
select_field = CONCAT(domain, '/', local_part)
where_field = username
additional_conditions = and active = '1'

touch /etc/postfix/mysql_virtual_mailbox_limit_maps.cf
user = postfix
password = mailpassword
hosts = 127.0.0.1
dbname = postfixadminquery = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'

touch /etc/postfix/header_checks
/^Received:/                 IGNORE
/^User-Agent:/               IGNORE
/^X-Mailer:/                 IGNORE
/^X-Originating-IP:/         IGNORE
/^x-cr-[a-z]*:/              IGNORE
/^Thread-Index:/             IGNORE

nano /etc/mailname
mydomain.net
cp  /usr/share/postfix/main.cf.dist /etc/postfix/main.cf
nano /etc/postfix/main.cf 
myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no  
smtpd_tls_cert_file=/etc/dovecot/dovecot.pem
smtpd_tls_key_file=/etc/ssl/private/dovecot.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_use_tls=yes
smtpd_tls_auth_only=yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
smtpd_sasl_authenticated_header = yes
myhostname = mailservername.mydomain.net
mydestination = servername.mydomain.net, localhost, localhost.localdomain, localhost
mynetworks_style = host
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtualvirtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf, mysql:/etc/postfix/mysql_virtual_mailbox_domainaliases_maps.cf
virtual_uid_maps = static:150
virtual_gid_maps = static:8
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/mysql_virtual_alias_domainaliases_maps.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
dovecot_destination_concurrency_limit = 1
unknown_local_recipient_reject_code = 450
maximal_queue_lifetime = 7d
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
smtp_helo_timeout = 60s
smtpd_recipient_limit = 16
smtpd_soft_error_limit = 3
smtpd_hard_error_limit = 12
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain$
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unkn$
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_delay_reject = yes
disable_vrfy_command = yes
content_filter = amavis:[127.0.0.1]:10024
header_checks = regexp:/etc/postfix/header_checks
enable_original_recipient = no
queue_directory = /var/spool/postfix

nano /etc/postfix/master.cf
smtp      inet  n       -       -       -       -       smtpd
submission inet n       -       -       -       -       smtpd
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
  -o smtpd_sasl_security_options=noanonymous,noplaintext
pickup    unix  n       -       -       60      1       pickup
  -o content_filter=
  -o receive_override_options=no_header_body_checks
cleanup   unix  n       -       -       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}
amavis      unix    -       -       -       -       3       smtp
  -o smtp_data_done_timeout=1200
  -o smtp_send_xforward_command=yes
  -o disable_dns_lookups=yes
  -o max_use=20
127.0.0.1:10025 inet    n       -       -       -       -       smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o relay_recipient_maps=
  -o smtpd_restriction_classes=
  -o smtpd_delay_reject=no
  -o smtpd_client_restrictions=permit_mynetworks,reject
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o smtpd_data_restrictions=reject_unauth_pipelining
  -o smtpd_end_of_data_restrictions=
  -o mynetworks=127.0.0.0/8
  -o smtpd_error_sleep_time=0
  -o smtpd_soft_error_limit=1001
  -o smtpd_hard_error_limit=1000
  -o smtpd_client_connection_count_limit=0
  -o smtpd_client_connection_rate_limit=0
  -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
dovecot  unix  -       n        n       -       -       pipe
  flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/dovecot-lda -d $(recipient)

service postfix restart
service spamassassin restart
service clamav-daemon restart
service amavis restart
service dovecot restart
Konfigurace Sieve

nano /etc/dovecot/conf.d/15-lda.conf
protocol lda {
 postmaster_address = admin@example.com
 mail_plugins = $mail_plugins sieve
}
nano /etc/dovecot/conf.d/90-sieve.conf
plugin {
 sieve = ~/.dovecot.sieve
 sieve_default = /var/lib/dovecot/sieve/default.sieve
 sieve_dir = ~/sieve
 sieve_global_dir = /var/lib/dovecot/sieve/
}

Test sieve:
service dovecot restart
telnet example.com 4190
Trying 162.243.12.140...
Connected to test3.rtcamp.com.
Escape character is '^]'.
"IMPLEMENTATION" "Dovecot Pigeonhole"
"SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave"
"NOTIFY" "mailto"
"SASL" "PLAIN LOGIN"
"STARTTLS"
"VERSION" "1.0"
OK "Dovecot ready."

mkdir /var/lib/dovecot/sieve/
touch /var/lib/dovecot/sieve/default.sieve
nano /var/lib/dovecot/sieve/default.sieve
require "fileinto";
if header :contains "X-Spam-Flag" "YES" {
  fileinto "Junk";
}
sievec /var/lib/dovecot/sieve/default.sieve
chown vmail:mail /var/lib/dovecot/sieve/*

Instalace a konfigurace Rouncube
apt-get install roundcube 
nano /etc/roundcube/apache.conf 
Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/
Alias /roundcube /var/lib/roundcube
Alias /mail /var/lib/roundcube
<Directory "/usr/share/tinymce/www/">
 Options Indexes MultiViews FollowSymLinks
 AllowOverride None
 <IfVersion >= 2.3>
 Require all granted
 </IfVersion>
 <IfVersion < 2.3>
 Order allow,deny
 Allow from all
 </IfVersion>
</Directory>
<Directory /var/lib/roundcube/>
  Options +FollowSymLinks
  # This is needed to parse /var/lib/roundcube/.htaccess. See its
  # content before setting AllowOverride to None.
  AllowOverride All
  <IfVersion >= 2.3>
    Require all granted
  </IfVersion>
  <IfVersion < 2.3>
    Order allow,deny
    Allow from all
 </IfVersion>
</Directory>
# Protecting basic directories:
<Directory /var/lib/roundcube/config>
 Options -FollowSymLinks
 AllowOverride None
</Directory>
<Directory /var/lib/roundcube/temp>
 Options -FollowSymLinks
 AllowOverride None
 <IfVersion >= 2.3>
 Require all denied
 </IfVersion>
 <IfVersion < 2.3>
 Order allow,deny
 Deny from all
 </IfVersion>
</Directory>
<Directory /var/lib/roundcube/logs>
        Options -FollowSymLinks
        AllowOverride None
        <IfVersion >= 2.3>
          Require all denied
        </IfVersion>
        <IfVersion < 2.3>
          Order allow,deny
          Deny from all
        </IfVersion>
</Directory>
<IfModule mod_rewrite.c>
  <IfModule mod_ssl.c>
    <Location /mail>
      RewriteEngine on
      RewriteCond %{HTTPS} !^on$ [NC]
      RewriteRule . https://%{HTTP_HOST}:443%{REQUEST_URI}  [L]
    </Location>
  </IfModule>
</IfModule>
<IfModule mod_rewrite.c>
  <IfModule mod_ssl.c>
    <Location /roundcube>
      RewriteEngine on
      RewriteCond %{HTTPS} !^on$ [NC]
      RewriteRule . https://%{HTTP_HOST}:443%{REQUEST_URI}  [L]
    </Location>
  </IfModule>
</IfModule>

nano /etc/roundcube/debian-db.conf 
$dbuser='roundcube'; 
$dbpass='password'; 
$basepath=''; 
$dbname='roundcube'; 
$dbserver=''; 
$dbport=''; 
$dbtype='mysql'; 

nano /etc/roundcube/main.inc.php 
$rcmail_config['default_host'] = 'localhost'; 
$rcmail_config['imap_auth_type'] = CRAM-MD5;
$rcmail_config['use_https'] = true; 
$rcmail_config['plugins'] = array('markasjunk2','emoticons','jqueryui','contextmenu','sauserprefs','managesieve');
$rcmail_config['language'] = 'cs_CZ';

, , ,