Linux/Mailserver/Small Office Smarthost: Difference between revisions
< Linux | Mailserver
Line 44: | Line 44: | ||
#relayhost = smtp.domain.de | #relayhost = smtp.domain.de | ||
mynetworks = 127.0.0.0/8 | mynetworks = 127.0.0.0/8 | ||
mailbox_size_limit = 0 | mailbox_size_limit = 0 | ||
recipient_delimiter = + | recipient_delimiter = + | ||
Line 57: | Line 56: | ||
virtual_uid_maps = static:5000 | virtual_uid_maps = static:5000 | ||
virtual_gid_maps = static:5000 | virtual_gid_maps = static:5000 | ||
mailbox_size_limit = 0 | mailbox_size_limit = 0 | ||
Line 64: | Line 61: | ||
smtpd_sasl_auth_enable = yes | smtpd_sasl_auth_enable = yes | ||
smtpd_sasl_type = dovecot | smtpd_sasl_type = dovecot | ||
smtpd_sasl_path = private/auth | smtpd_sasl_path = private/dovecot-auth | ||
smtpd_sasl_security_options = noanonymous | smtpd_sasl_security_options = noanonymous | ||
smtpd_sasl_local_domain = $myhostname | smtpd_sasl_local_domain = $myhostname | ||
Line 80: | Line 77: | ||
smtpd_tls_received_header = yes | smtpd_tls_received_header = yes | ||
tls_random_source = dev:/dev/urandom | tls_random_source = dev:/dev/urandom | ||
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_unknown_client, reject_rbl_client sbl-xbl.spamhaus.org | smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_unknown_client, reject_rbl_client sbl-xbl.spamhaus.org | ||
smtpd_sender_restrictions = reject_unknown_sender_domain | smtpd_sender_restrictions = reject_unknown_sender_domain | ||
Line 88: | Line 84: | ||
smtpd_tls_mandatory_ciphers = medium | smtpd_tls_mandatory_ciphers = medium | ||
# outbound | |||
recipient_canonical_maps = hash:/etc/postfix/canonical_recipients | |||
sender_canonical_maps = hash:/etc/postfix/canonical_senders | |||
smtp_tls_note_starttls_offer = yes | |||
smtp_tls_security_level = encrypt | |||
smtp_tls_mandatory_ciphers = high | |||
smtp_sasl_auth_enable = yes | |||
smtp_sasl_security_options = noanonymous noplaintext | |||
smtp_sasl_tls_security_options = noanonymous noplaintext | |||
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password | smtp_sasl_password_maps = hash:/etc/postfix/sasl_password | ||
</pre> | </pre> | ||
</blockquote> | </blockquote> |
Revision as of 14:48, 13 March 2013
Definitions
- This configuration is based on Ubuntu 12.04 LTS
- verify that "hostname" gives your local hostname
- verify that "hostname -d" gives your local domain(workgroup)
preparing the system
groupadd -g 5000 vmail useradd -s /usr/sbin/nologin -u 5000 -g 5000 vmail id vmail mkdir -p /srv/mail/virtual/$(hostname -d) chown -R vmail:vmail /srv/mail/virtual
installation
apt-get install postfix dovecot-core dovecot-imapd dovecot-pop3d dovecot-postfix dovecot-sieve dovecot-managedsieved mail-stack-delivery
postfix
- /etc/postfix/main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no append_dot_mydomain = no #delay_warning_time = 4h readme_directory = no myhostname = localhostname.localdomain mydomain = localdomain alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases transport_maps = hash:/etc/postfix/transport #relayhost = smtp.domain.de mynetworks = 127.0.0.0/8 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all # Virtual user settings virtual_mailbox_domains = /etc/postfix/virtual_domains virtual_mailbox_base = /srv/mail/virtual virtual_mailbox_maps = hash:/etc/postfix/vmailbox virtual_alias_maps = hash:/etc/postfix/virtual_alias virtual_minimum_uid = 100 virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 mailbox_size_limit = 0 # Dovecot sasl smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/dovecot-auth smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = no #smtpd_sasl_authenticated_header = yes # TLS parameters smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_tls_received_header = yes tls_random_source = dev:/dev/urandom smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_unknown_client, reject_rbl_client sbl-xbl.spamhaus.org smtpd_sender_restrictions = reject_unknown_sender_domain smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_recipient_limit = 250 smtpd_tls_mandatory_protocols = SSLv3, TLSv1 smtpd_tls_mandatory_ciphers = medium # outbound recipient_canonical_maps = hash:/etc/postfix/canonical_recipients sender_canonical_maps = hash:/etc/postfix/canonical_senders smtp_tls_note_starttls_offer = yes smtp_tls_security_level = encrypt smtp_tls_mandatory_ciphers = high smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous noplaintext smtp_sasl_tls_security_options = noanonymous noplaintext smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
dovecot
- preparing
touch /var/log/dovecot chown vmail:vmail /var/log/dovecot chmod 660 /var/log/dovecot touch /etc/dovecot/userdb touch /etc/dovecot/passdb chown root:dovecot /etc/dovecot/userdb chown root:dovecot /etc/dovecot/passdb chmod 640 /etc/dovecot/userdb chmod 640 /etc/dovecot/passdb
- /etc/dovecot/conf.d/01-custom.conf
protocols = imap pop3 #imaps pop3s sieve # auth #disable_plaintext_auth = yes auth_mechanisms = plain login auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ # virtual user db passdb { driver = passwd-file args = /etc/dovecot/passdb } userdb { driver = passwd-file args = /etc/dovecot/userdb } # ssl ssl = yes #ssl_cert = </etc/ssl/certs/ssl-mail.pem #ssl_key = </etc/ssl/private/ssl-mail.key ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM # logging log_path = /var/log/dovecot auth_debug = yes # for debugging only mail_debug = yes # verbose_ssl = yes # # mail mail_location = maildir:/srv/mail/virtual/%d/%n # master service auth { unix_listener /var/spool/postfix/private/dovecot-auth { mode = 0660 user = postfix group = postfix } } # IMAP configuration #protocol imap { # mail_max_userip_connections = 10 # imap_client_workarounds = delay-newmail #} # POP3 configuration #protocol pop3 { # mail_max_userip_connections = 10 # pop3_client_workarounds = outlook-no-nuls oe-ns-eoh #} # LDA configuration #protocol lda { # postmaster_address = postmaster # mail_plugins = sieve # quota_full_tempfail = yes # deliver_log_format = msgid=%m: %$ # rejection_reason = Your message to <%t> was automatically rejected:%n%r #} # Plugins configuration #plugin { # sieve=~/.dovecot.sieve # sieve_dir=~/sieve #}
- /etc/dovecot/conf.d/10-auth.conf
#!include auth-master.conf.ext # disable