Instalace balíků pro mailserver
apt-get install postfix
apt-get install postfix-mysql dovecot-mysql dovecot-core dovecot-imapd postgrey
apt-get installamavis clamav clamav-daemon spamassassin
apt-get installphp5-imap
apt-get install spamass-milter
apt-get install clamav-milter
apt-get install arj bzip2 cabextract cpio file gzip jlha-utils lzop nomarch p7zip pax unrar-free rpm zip zoo apt-get install libnet-dns-perl pyzor razor
apt-get install dovecot-sieve dovecot-managesieved
Konfigurace Postfixadmin
wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.3.7/postfixadmin-2.3.7.tar.gz
gunzip postfixadmin-2.3.7.tar.gz
tar -xf postfixadmin-2.3.7.tar
mv postfixadmin-2.3.7 /usr/share/postfixadmin
nano /etc/postfixadmin/apache.conf
Alias /postfixadmin /usr/share/postfixadmin
cp /usr/share/postfixadmin/config.inc.php /etc/postfixadmin
pokud je novější soubor tak přidat ještě dbconfig.inc.php ten je include v config.inc.php jinak obsaženo v config.inc.php
nano /etc/postfixadmin/config.inc.php
require_once('dbconfig.inc.php');
if (!isset($dbserver) || empty($dbserver))
$dbserver='localhost';
$CONF['configured'] = true;
$CONF['postfix_admin_url'] = '/postfixadmin';
$CONF['admin_email'] = 'xxx@xxx.net';
$CONF['smtp_server'] = 'localhost';
$CONF['smtp_port'] = '25';
$CONF['encrypt'] = 'dovecot:CRAM-MD5';
$CONF['authlib_default_flavor'] = 'md5raw';
$CONF['dovecotpw'] = "/usr/bin/dovecotpw";
$CONF['generate_password'] = 'NO';
$CONF['show_password'] = 'NO';
$CONF['page_size'] = '10';
touch /etc/postfixadmin/dowecotpw
#!/bin/sh
# front end to mimic dovecotpw using doveadm for postfixadmin
#
# doveadm pw [-l] [-p plaintext] [-r rounds] [-s scheme] [-t hash] [-u user] [-V]
cmdargs="pw "
while getopts ":lp:r:s:t:u:V" opt ; do
case $opt in
l ) cmdargs="$cmdargs -l ";;
V ) cmdargs="$cmdargs -V ";;
p ) cmdargs="$cmdargs -p $OPTARG " ;;
r ) cmdargs="$cmdargs -r $OPTARG " ;;
s ) cmdargs="$cmdargs -s $OPTARG " ;;
t ) cmdargs="$cmdargs -t $OPTARG " ;;
u ) cmdargs="$cmdargs -u $OPTARG " ;;
esac
done
shift $(($OPTIND - 1))
/usr/bin/doveadm $cmdargs
Konfigurace Dovecot
useradd -r -u 150 -g mail -d /var/vmail -s /sbin/nologin -c "Virtual maildir handler" vmail mkdir /var/vmail chmod 770 /var/vmail chown vmail:mail /var/vmail
touch /etc/dovecot/dovecot-sql.conf.ext
driver = mysql
connect = host=localhost dbname=postfixadmin user=postfix password=password
default_pass_scheme = CRAM-MD5
password_query = \
SELECT username as user, password, '/var/vmail/%d/%n' as userdb_home, \
'maildir:/var/vmail/%d/%n' as userdb_mail, 150 as userdb_uid, 8 as userdb_gid \
FROM mailbox WHERE username = '%u' AND active = '1'
user_query = \
SELECT '/var/vmail/%d/%n' as home, 'maildir:/var/vmail/%d/%n' as mail, \
150 AS uid, 8 AS gid, concat('dirsize:storage=', quota) AS quota \
FROM mailbox WHERE username = '%u' AND active = '1'
touch /etc/dovecot/conf.d/auth-sql.conf.ext
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
nano /etc/dovecot/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = yes
auth_mechanisms = cram-md5
#!include auth-system.conf.ext
!include auth-sql.conf.ext
nano /etc/dovecot/dovecot/conf.d/10-logging.conf
log_path = /var/log/dovecot.log //po odladění zakomentovat
nano /etc/dovecot/dovecot/conf.d/10-mail.conf
mail_location = maildir:/var/vmail/%d/%n
inbox = yes
mail_uid = vmail
mail_gid = mail
first_valid_uid = 150
last_valid_uid = 150
nano /etc/dovecot/dovecot/conf.d/10-master.conf
service auth {
unix_listener auth-userdb {
mode = 0666
user = vmail
group = mail
}
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
}
openssl req -new -x509 -days 1000 -nodes -out "/etc/dovecot/dovecot.pem" -keyout "/etc/dovecot/private/dovecot.pem"
nano /etc/dovecot/conf.d/10-ssl.conf
ssl = yes
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
nano /etc/dovecot/conf.d/15-lda.conf
postmaster_address = postmaster@example.com
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
protocol lda {
mail_plugins = $mail_plugins sieve
}
chown -R vmail:dovecot /etc/dovecot
chmod-R o-rwx /etc/dovecot
chmod o+x /etc/dovecot
chmod -R o+r /etc/dovecot/conf.d
chmod o+xr /etc/dovecot/conf.d
chmod o+r /etc/dovecot/dovecot.conf
pro debug dovecot -F
Konfigurace Amavis, ClamAV, a SpamAssassin
adduser clamav amavis
adduser amavis clamav
nano /etc/amavis/conf.d/15-content_filter_modeuse strict;
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
1;
nano /etc/default/spamassassin ENABLED=1 CRON=1 nano /etc/amavis/conf.d/50-user use strict; $max_servers = 3; $sa_tag_level_deflt = -9999; @lookup_sql_dsn = ( ['DBI:mysql:database=postfixadmin;host=127.0.0.1;port=3306', 'postfix', 'mailpassword']); $sql_select_policy = 'SELECT domain from domain WHERE CONCAT("@",domain) IN (%k)'; # Uncomment to bump up the log level when testing. # $log_level = 2; #------------ Do not modify anything below this line ------------- 1; # ensure a defined return
service amavis restart
service spamassassin restart
test funkce spamassasin:sudo -u amavis sa-learn --dbpath /var/lib/amavis/.spamassassin/ --spam /usr/share/doc/spamassassin/examples/sample-spam.txt
Konfigurace Postfix
Pozn. "hosts" direktiva v následujícich souborech musí být stejná jako "bind-address" v /etc/mysql/my.cnf. ("localhost" nebo "127.0.0.1" ) touch /etc/postfix/mysql_virtual_alias_domainaliases_maps.cf user = postfix password = mailpassword hosts = 127.0.0.1 dbname = postfixadmin query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' AND alias.address=concat('%u', '@', alias_domain.target_domain) AND alias.active = 1
touch /etc/postfix/mysql_virtual_alias_maps.cf
user = postfix
password = mailpassword
hosts = 127.0.0.1
dbname = postfixadmin
table = alias
select_field = goto
where_field = address
additional_conditions = and active = ‚1‘
touch /etc/postfix/mysql_virtual_domains_maps.cf
user = postfix
password = mailpassword
hosts = 127.0.0.1
dbname = postfixadmin
table = domain
select_field = domain
where_field = domain
additional_conditions = and backupmx = ‚0‘ and active = ‚1‘
touch /etc/postfix/mysql_virtual_mailbox_domainaliases_maps.cf
user = postfix
password = mailpassword
hosts = 127.0.0.1
dbname = postfixadmin
query = SELECT maildir FROM mailbox, alias_domain
WHERE alias_domain.alias_domain = ‚%d‘
AND mailbox.username=concat(‚%u‘, ‚@‘, alias_domain.target_domain )
AND mailbox.active = 1
touch /etc/postfix/mysql_virtual_mailbox_maps.cf user = postfix password = mailpassword hosts = 127.0.0.1 dbname = postfixadmin query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1' table = mailbox select_field = CONCAT(domain, '/', local_part) where_field = username additional_conditions = and active = '1'
touch /etc/postfix/mysql_virtual_mailbox_limit_maps.cf user = postfix password = mailpassword hosts = 127.0.0.1 dbname = postfixadminquery = SELECT quota FROM mailbox WHERE username='%s' AND active = '1' touch /etc/postfix/header_checks /^Received:/ IGNORE /^User-Agent:/ IGNORE /^X-Mailer:/ IGNORE /^X-Originating-IP:/ IGNORE /^x-cr-[a-z]*:/ IGNORE /^Thread-Index:/ IGNORE nano /etc/mailname mydomain.net cp /usr/share/postfix/main.cf.dist /etc/postfix/main.cf nano /etc/postfix/main.cf myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no append_dot_mydomain = no readme_directory = no smtpd_tls_cert_file=/etc/dovecot/dovecot.pem smtpd_tls_key_file=/etc/ssl/private/dovecot.pem smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_use_tls=yes smtpd_tls_auth_only=yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = smtpd_sasl_authenticated_header = yes myhostname = mailservername.mydomain.net mydestination = servername.mydomain.net, localhost, localhost.localdomain, localhost mynetworks_style = host mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all virtualvirtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf, mysql:/etc/postfix/mysql_virtual_mailbox_domainaliases_maps.cf virtual_uid_maps = static:150 virtual_gid_maps = static:8 virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/mysql_virtual_alias_domainaliases_maps.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_transport = dovecot dovecot_destination_recipient_limit = 1 dovecot_destination_concurrency_limit = 1 unknown_local_recipient_reject_code = 450 maximal_queue_lifetime = 7d minimal_backoff_time = 1000s maximal_backoff_time = 8000s smtp_helo_timeout = 60s smtpd_recipient_limit = 16 smtpd_soft_error_limit = 3 smtpd_hard_error_limit = 12 smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain$ smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unkn$ smtpd_data_restrictions = reject_unauth_pipelining smtpd_helo_required = yes smtpd_delay_reject = yes disable_vrfy_command = yes content_filter = amavis:[127.0.0.1]:10024 header_checks = regexp:/etc/postfix/header_checks enable_original_recipient = no queue_directory = /var/spool/postfix nano /etc/postfix/master.cf smtp inet n - - - - smtpd submission inet n - - - - smtpd smtps inet n - - - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject -o smtpd_sasl_security_options=noanonymous,noplaintext pickup unix n - - 60 1 pickup -o content_filter= -o receive_override_options=no_header_body_checks cleanup unix n - - - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp relay unix - - - - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} amavis unix - - - - 3 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks dovecot unix - n n - - pipe flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/dovecot-lda -d $(recipient) service postfix restart service spamassassin restart service clamav-daemon restart service amavis restart service dovecot restart
Konfigurace Sieve
nano /etc/dovecot/conf.d/15-lda.conf protocol lda { postmaster_address = admin@example.com mail_plugins = $mail_plugins sieve }nano /etc/dovecot/conf.d/90-sieve.conf plugin { sieve = ~/.dovecot.sieve sieve_default = /var/lib/dovecot/sieve/default.sieve sieve_dir = ~/sieve sieve_global_dir = /var/lib/dovecot/sieve/ } Test sieve: service dovecot restart telnet example.com 4190 Trying 162.243.12.140... Connected to test3.rtcamp.com. Escape character is '^]'. "IMPLEMENTATION" "Dovecot Pigeonhole" "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave" "NOTIFY" "mailto" "SASL" "PLAIN LOGIN" "STARTTLS" "VERSION" "1.0" OK "Dovecot ready." mkdir /var/lib/dovecot/sieve/ touch /var/lib/dovecot/sieve/default.sieve nano /var/lib/dovecot/sieve/default.sieve require "fileinto"; if header :contains "X-Spam-Flag" "YES" { fileinto "Junk"; } sievec /var/lib/dovecot/sieve/default.sieve chown vmail:mail /var/lib/dovecot/sieve/*
Instalace a konfigurace Rouncube
apt-get install roundcube nano /etc/roundcube/apache.conf Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ Alias /roundcube /var/lib/roundcube Alias /mail /var/lib/roundcube <Directory "/usr/share/tinymce/www/"> Options Indexes MultiViews FollowSymLinks AllowOverride None <IfVersion >= 2.3> Require all granted </IfVersion> <IfVersion < 2.3> Order allow,deny Allow from all </IfVersion> </Directory> <Directory /var/lib/roundcube/> Options +FollowSymLinks # This is needed to parse /var/lib/roundcube/.htaccess. See its # content before setting AllowOverride to None. AllowOverride All <IfVersion >= 2.3> Require all granted </IfVersion> <IfVersion < 2.3> Order allow,deny Allow from all </IfVersion> </Directory> # Protecting basic directories: <Directory /var/lib/roundcube/config> Options -FollowSymLinks AllowOverride None </Directory> <Directory /var/lib/roundcube/temp> Options -FollowSymLinks AllowOverride None <IfVersion >= 2.3> Require all denied </IfVersion> <IfVersion < 2.3> Order allow,deny Deny from all </IfVersion> </Directory> <Directory /var/lib/roundcube/logs> Options -FollowSymLinks AllowOverride None <IfVersion >= 2.3> Require all denied </IfVersion> <IfVersion < 2.3> Order allow,deny Deny from all </IfVersion> </Directory> <IfModule mod_rewrite.c> <IfModule mod_ssl.c> <Location /mail> RewriteEngine on RewriteCond %{HTTPS} !^on$ [NC] RewriteRule . https://%{HTTP_HOST}:443%{REQUEST_URI} [L] </Location> </IfModule> </IfModule> <IfModule mod_rewrite.c> <IfModule mod_ssl.c> <Location /roundcube> RewriteEngine on RewriteCond %{HTTPS} !^on$ [NC] RewriteRule . https://%{HTTP_HOST}:443%{REQUEST_URI} [L] </Location> </IfModule> </IfModule> nano /etc/roundcube/debian-db.conf $dbuser='roundcube'; $dbpass='password'; $basepath=''; $dbname='roundcube'; $dbserver=''; $dbport=''; $dbtype='mysql'; nano /etc/roundcube/main.inc.php $rcmail_config['default_host'] = 'localhost'; $rcmail_config['imap_auth_type'] = CRAM-MD5; $rcmail_config['use_https'] = true; $rcmail_config['plugins'] = array('markasjunk2','emoticons','jqueryui','contextmenu','sauserprefs','managesieve'); $rcmail_config['language'] = 'cs_CZ';