Linux/Mailserver/Small Office Smarthost: Difference between revisions
< Linux | Mailserver
No edit summary |
|||
(35 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
== Definitions == | == Definitions == | ||
* This configuration is based on Ubuntu 12.04 LTS | * This configuration is based on Ubuntu 12.04 LTS | ||
* verify that "hostname" gives your local hostname | |||
* verify that "hostname -d" gives your local domain(workgroup) | |||
Line 6: | Line 10: | ||
<blockquote> | <blockquote> | ||
<pre> | <pre> | ||
groupadd -g 5000 vmail | groupadd -g 5000 vmail | ||
useradd -s /usr/sbin/nologin -u 5000 -g 5000 vmail | useradd -s /usr/sbin/nologin -u 5000 -g 5000 vmail | ||
id vmail | id vmail | ||
mkdir -p /srv/mail/virtual/$(hostname -d) | |||
chown -R vmail:vmail /srv/mail/virtual | |||
</pre> | |||
</blockquote> | |||
== installation == | |||
<blockquote> | |||
<pre> | |||
apt-get install postfix dovecot-core dovecot-imapd dovecot-pop3d dovecot-postfix dovecot-sieve dovecot-managesieved mail-stack-delivery | |||
</pre> | </pre> | ||
</blockquote> | </blockquote> | ||
== postfix == | == postfix == | ||
* preparing | |||
<blockquote> | |||
<pre> | |||
touch /etc/postfix/canonical_recipients | |||
touch /etc/postfix/canonical_senders | |||
touch /etc/postfix/sender_relayhosts | |||
touch /etc/postfix/sasl_password | |||
chmod 600 /etc/postfix/sasl_password | |||
touch /etc/postfix/virtual_alias | |||
touch /etc/postfix/virtual_domains | |||
touch /etc/postfix/vmailbox | |||
touch /etc/postfix/reload.sh | |||
chmod 744 /etc/postfix/reload.sh | |||
</pre> | |||
</blockquote> | |||
* /etc/postfix/main.cf | |||
<blockquote> | |||
<pre> | |||
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) | |||
biff = no | |||
append_dot_mydomain = no | |||
#delay_warning_time = 4h | |||
readme_directory = no | |||
myhostname = localhostname.localdomain | |||
mydomain = localdomain | |||
alias_maps = hash:/etc/aliases | |||
alias_database = hash:/etc/aliases | |||
mynetworks = 127.0.0.0/8 | |||
mailbox_size_limit = 0 | |||
recipient_delimiter = + | |||
inet_interfaces = all | |||
# Virtual user settings | |||
virtual_mailbox_domains = /etc/postfix/virtual_domains | |||
virtual_mailbox_base = /srv/mail/virtual | |||
virtual_mailbox_maps = hash:/etc/postfix/vmailbox | |||
virtual_alias_maps = hash:/etc/postfix/virtual_alias | |||
virtual_minimum_uid = 100 | |||
virtual_uid_maps = static:5000 | |||
virtual_gid_maps = static:5000 | |||
mailbox_size_limit = 0 | |||
# Dovecot sasl | |||
smtpd_sasl_auth_enable = yes | |||
smtpd_sasl_type = dovecot | smtpd_sasl_type = dovecot | ||
smtpd_sasl_path = private/dovecot-auth | |||
smtpd_sasl_security_options = noanonymous | |||
smtpd_sasl_local_domain = $myhostname | |||
broken_sasl_auth_clients = no | |||
smtpd_sasl_authenticated_header = yes | |||
# | # TLS parameters | ||
smtpd_use_tls = yes | |||
smtpd_tls_security_level = may | |||
smtpd_tls_auth_only = yes | |||
smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem | |||
smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key | |||
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache | |||
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache | |||
smtpd_tls_received_header = yes | |||
tls_random_source = dev:/dev/urandom | |||
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_unknown_client, reject_rbl_client sbl-xbl.spamhaus.org | |||
smtpd_sender_restrictions = reject_unknown_sender_domain | |||
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination | |||
smtpd_recipient_limit = 250 | |||
smtpd_tls_mandatory_protocols = SSLv3, TLSv1 | |||
smtpd_tls_mandatory_ciphers = medium | |||
# | # outbound | ||
smtpd_sasl_auth_enable = yes | recipient_canonical_maps = hash:/etc/postfix/canonical_recipients | ||
sender_canonical_maps = hash:/etc/postfix/canonical_senders | |||
smtp_sender_dependent_authentication = yes | |||
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relayhosts | |||
smtp_connection_cache_on_demand = no | |||
smtp_tls_note_starttls_offer = yes | |||
smtp_tls_security_level = encrypt | |||
smtp_tls_mandatory_ciphers = high | |||
smtp_sasl_auth_enable = yes | |||
smtp_sasl_security_options = noanonymous noplaintext | |||
smtp_sasl_tls_security_options = noanonymous noplaintext | |||
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password | |||
</pre> | |||
</blockquote> | |||
* /etc/postfix/master.cf | |||
<blockquote> | |||
<pre> | |||
smtp inet n - - - - smtpd -v # add -v for verbose | |||
#smtp inet n - - - 1 postscreen | |||
#smtpd pass - - - - - smtpd | |||
#dnsblog unix - - - - 0 dnsblog | |||
#tlsproxy unix - - - - 0 tlsproxy | |||
submission inet n - - - - smtpd -v # uncomment for starttls port | |||
-o syslog_name=postfix/submission # | |||
-o smtpd_tls_security_level=encrypt | |||
-o smtpd_sasl_auth_enable=yes | |||
-o smtpd_client_restrictions=permit_sasl_authenticated,reject | |||
-o milter_macro_daemon_name=ORIGINATING | |||
#smtps inet n - - - - smtpd -v # uncomment for ssl/tls port | |||
# -o syslog_name=postfix/smtps | |||
# -o smtpd_tls_wrappermode=yes | |||
# -o smtpd_sasl_auth_enable=yes | |||
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject | |||
# -o milter_macro_daemon_name=ORIGINATING | |||
#628 inet n - - - - qmqpd | |||
</pre> | |||
</blockquote> | |||
* /etc/postfix/canonical_recipients | |||
<blockquote> | |||
<pre> | |||
root server@domain.de | |||
postmaster root | |||
webmaster root | |||
</pre> | |||
</blockquote> | |||
* /etc/postfix/canonical_senders | |||
<blockquote> | |||
<pre> | |||
root hostname@domain.de | |||
postmaster root | |||
webmaster root | |||
</pre> | |||
</blockquote> | |||
* /etc/postfix/sasl_password | |||
<blockquote> | |||
<pre> | |||
smtp.domain.de username:password | |||
</pre> | |||
</blockquote> | |||
* /etc/postfix/sender_relayhosts | |||
<blockquote> | |||
<pre> | |||
mail@domain.de smtp.domain.de | |||
</pre> | |||
</blockquote> | |||
* /etc/postfix/virtual_alias | |||
* /etc/ | |||
<blockquote> | <blockquote> | ||
<pre> | <pre> | ||
</pre> | </pre> | ||
</blockquote> | </blockquote> | ||
* /etc/ | * /etc/postfix/virtual_domains | ||
<blockquote> | <blockquote> | ||
<pre> | <pre> | ||
domain.de | |||
</pre> | |||
</blockquote> | |||
* /etc/postfix/vmailbox | |||
<blockquote> | |||
<pre> | |||
mail@domain.de localdomain/virtemailuser/ | |||
server@domain.de localdomain/server/ | |||
domain.de localdomain/virtemailuser/ | |||
</pre> | </pre> | ||
</blockquote> | </blockquote> | ||
* /etc/ | * /etc/postfix/reload.sh | ||
<blockquote> | <blockquote> | ||
<pre> | <pre> | ||
#!/bin/bash | |||
newaliases | |||
postmap /etc/postfix/vmailbox | |||
postmap /etc/postfix/virtual_alias | |||
postmap /etc/postfix/sender_relayhosts | |||
postmap /etc/postfix/canonical_recipients | |||
postmap /etc/postfix/canonical_senders | |||
postmap /etc/postfix/sasl_password | |||
/etc/init.d/postfix restart | |||
</pre> | </pre> | ||
</blockquote> | </blockquote> | ||
* | == dovecot == | ||
* preparing | |||
<blockquote> | <blockquote> | ||
<pre> | <pre> | ||
touch /var/log/dovecot | |||
chown vmail:vmail /var/log/dovecot | |||
chmod 660 /var/log/dovecot | |||
touch /etc/dovecot/userdb | |||
touch /etc/dovecot/passdb | |||
chown root:dovecot /etc/dovecot/userdb | |||
chown root:dovecot /etc/dovecot/passdb | |||
chmod 640 /etc/dovecot/userdb | |||
chmod 640 /etc/dovecot/passdb | |||
</pre> | </pre> | ||
</blockquote> | </blockquote> | ||
* /etc/dovecot/conf.d/ | * /etc/dovecot/conf.d/01-custom.conf | ||
<blockquote> | <blockquote> | ||
<pre> | <pre> | ||
protocols = imap pop3 #imaps pop3s sieve | |||
# auth | |||
#disable_plaintext_auth = yes | |||
auth_mechanisms = plain login | |||
auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ | |||
# virtual user db | |||
passdb { | passdb { | ||
driver = passwd-file | driver = passwd-file | ||
args = / | args = /etc/dovecot/passdb | ||
} | } | ||
userdb { | userdb { | ||
driver = passwd-file | driver = passwd-file | ||
args = /srv/mail/virtual/%d/ | args = /etc/dovecot/userdb | ||
} | |||
# ssl | |||
ssl = yes | |||
#ssl_cert = </etc/ssl/certs/ssl-mail.pem | |||
#ssl_key = </etc/ssl/private/ssl-mail.key | |||
ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM | |||
# logging | |||
log_path = /var/log/dovecot | |||
auth_debug = yes # for debugging only | |||
mail_debug = yes # | |||
verbose_ssl = yes # | |||
# mail | |||
mail_location = maildir:/srv/mail/virtual/%d/%n | |||
# master | |||
service auth { | |||
unix_listener /var/spool/postfix/private/dovecot-auth { | |||
mode = 0660 | |||
user = postfix | |||
group = postfix | |||
} | |||
} | } | ||
# IMAP configuration | |||
#protocol imap { | |||
# mail_max_userip_connections = 10 | |||
# imap_client_workarounds = delay-newmail | |||
#} | |||
# POP3 configuration | |||
#protocol pop3 { | |||
# mail_max_userip_connections = 10 | |||
# pop3_client_workarounds = outlook-no-nuls oe-ns-eoh | |||
#} | |||
# LDA configuration | |||
#protocol lda { | |||
# postmaster_address = postmaster | |||
# mail_plugins = sieve | |||
# quota_full_tempfail = yes | |||
# deliver_log_format = msgid=%m: %$ | |||
# rejection_reason = Your message to <%t> was automatically rejected:%n%r | |||
#} | |||
# Plugins configuration | |||
#plugin { | |||
# sieve=~/.dovecot.sieve | |||
# sieve_dir=~/sieve | |||
#} | |||
</pre> | |||
</blockquote> | |||
* /etc/dovecot/conf.d/10-auth.conf | |||
<blockquote> | |||
<pre> | |||
#!include auth-master.conf.ext # disable | |||
</pre> | </pre> | ||
</blockquote> | </blockquote> | ||
== fetchmail == | |||
* /etc/defaults/fetchmail | |||
<blockquote> | |||
<pre> | |||
START_DAEMON=yes | |||
</pre> | |||
</blockquote> | |||
* /etc/fetchmailrc | |||
<blockquote> | <blockquote> | ||
<pre> | <pre> | ||
set postmaster "root" | |||
set bouncemail | |||
set no spambounce | |||
set properties "" | |||
set syslog | |||
set daemon 300 | |||
poll pop.gmail.com with proto POP3 | |||
user 'test@gmail.com' there with password '1234' is localuser here options ssl | |||
</pre> | </pre> | ||
</blockquote> | </blockquote> |
Latest revision as of 14:59, 1 December 2013
Definitions
- This configuration is based on Ubuntu 12.04 LTS
- verify that "hostname" gives your local hostname
- verify that "hostname -d" gives your local domain(workgroup)
preparing the system
groupadd -g 5000 vmail useradd -s /usr/sbin/nologin -u 5000 -g 5000 vmail id vmail mkdir -p /srv/mail/virtual/$(hostname -d) chown -R vmail:vmail /srv/mail/virtual
installation
apt-get install postfix dovecot-core dovecot-imapd dovecot-pop3d dovecot-postfix dovecot-sieve dovecot-managesieved mail-stack-delivery
postfix
- preparing
touch /etc/postfix/canonical_recipients touch /etc/postfix/canonical_senders touch /etc/postfix/sender_relayhosts touch /etc/postfix/sasl_password chmod 600 /etc/postfix/sasl_password touch /etc/postfix/virtual_alias touch /etc/postfix/virtual_domains touch /etc/postfix/vmailbox touch /etc/postfix/reload.sh chmod 744 /etc/postfix/reload.sh
- /etc/postfix/main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no append_dot_mydomain = no #delay_warning_time = 4h readme_directory = no myhostname = localhostname.localdomain mydomain = localdomain alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mynetworks = 127.0.0.0/8 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all # Virtual user settings virtual_mailbox_domains = /etc/postfix/virtual_domains virtual_mailbox_base = /srv/mail/virtual virtual_mailbox_maps = hash:/etc/postfix/vmailbox virtual_alias_maps = hash:/etc/postfix/virtual_alias virtual_minimum_uid = 100 virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 mailbox_size_limit = 0 # Dovecot sasl smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/dovecot-auth smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = no smtpd_sasl_authenticated_header = yes # TLS parameters smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_tls_received_header = yes tls_random_source = dev:/dev/urandom smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_unknown_client, reject_rbl_client sbl-xbl.spamhaus.org smtpd_sender_restrictions = reject_unknown_sender_domain smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_recipient_limit = 250 smtpd_tls_mandatory_protocols = SSLv3, TLSv1 smtpd_tls_mandatory_ciphers = medium # outbound recipient_canonical_maps = hash:/etc/postfix/canonical_recipients sender_canonical_maps = hash:/etc/postfix/canonical_senders smtp_sender_dependent_authentication = yes sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relayhosts smtp_connection_cache_on_demand = no smtp_tls_note_starttls_offer = yes smtp_tls_security_level = encrypt smtp_tls_mandatory_ciphers = high smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous noplaintext smtp_sasl_tls_security_options = noanonymous noplaintext smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
- /etc/postfix/master.cf
smtp inet n - - - - smtpd -v # add -v for verbose #smtp inet n - - - 1 postscreen #smtpd pass - - - - - smtpd #dnsblog unix - - - - 0 dnsblog #tlsproxy unix - - - - 0 tlsproxy submission inet n - - - - smtpd -v # uncomment for starttls port -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING #smtps inet n - - - - smtpd -v # uncomment for ssl/tls port # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - - - - qmqpd
- /etc/postfix/canonical_recipients
root server@domain.de postmaster root webmaster root
- /etc/postfix/canonical_senders
root hostname@domain.de postmaster root webmaster root
- /etc/postfix/sasl_password
smtp.domain.de username:password
- /etc/postfix/sender_relayhosts
mail@domain.de smtp.domain.de
- /etc/postfix/virtual_alias
- /etc/postfix/virtual_domains
domain.de
- /etc/postfix/vmailbox
mail@domain.de localdomain/virtemailuser/ server@domain.de localdomain/server/ domain.de localdomain/virtemailuser/
- /etc/postfix/reload.sh
#!/bin/bash newaliases postmap /etc/postfix/vmailbox postmap /etc/postfix/virtual_alias postmap /etc/postfix/sender_relayhosts postmap /etc/postfix/canonical_recipients postmap /etc/postfix/canonical_senders postmap /etc/postfix/sasl_password /etc/init.d/postfix restart
dovecot
- preparing
touch /var/log/dovecot chown vmail:vmail /var/log/dovecot chmod 660 /var/log/dovecot touch /etc/dovecot/userdb touch /etc/dovecot/passdb chown root:dovecot /etc/dovecot/userdb chown root:dovecot /etc/dovecot/passdb chmod 640 /etc/dovecot/userdb chmod 640 /etc/dovecot/passdb
- /etc/dovecot/conf.d/01-custom.conf
protocols = imap pop3 #imaps pop3s sieve # auth #disable_plaintext_auth = yes auth_mechanisms = plain login auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ # virtual user db passdb { driver = passwd-file args = /etc/dovecot/passdb } userdb { driver = passwd-file args = /etc/dovecot/userdb } # ssl ssl = yes #ssl_cert = </etc/ssl/certs/ssl-mail.pem #ssl_key = </etc/ssl/private/ssl-mail.key ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM # logging log_path = /var/log/dovecot auth_debug = yes # for debugging only mail_debug = yes # verbose_ssl = yes # # mail mail_location = maildir:/srv/mail/virtual/%d/%n # master service auth { unix_listener /var/spool/postfix/private/dovecot-auth { mode = 0660 user = postfix group = postfix } } # IMAP configuration #protocol imap { # mail_max_userip_connections = 10 # imap_client_workarounds = delay-newmail #} # POP3 configuration #protocol pop3 { # mail_max_userip_connections = 10 # pop3_client_workarounds = outlook-no-nuls oe-ns-eoh #} # LDA configuration #protocol lda { # postmaster_address = postmaster # mail_plugins = sieve # quota_full_tempfail = yes # deliver_log_format = msgid=%m: %$ # rejection_reason = Your message to <%t> was automatically rejected:%n%r #} # Plugins configuration #plugin { # sieve=~/.dovecot.sieve # sieve_dir=~/sieve #}
- /etc/dovecot/conf.d/10-auth.conf
#!include auth-master.conf.ext # disable
fetchmail
- /etc/defaults/fetchmail
START_DAEMON=yes
- /etc/fetchmailrc
set postmaster "root" set bouncemail set no spambounce set properties "" set syslog set daemon 300 poll pop.gmail.com with proto POP3 user 'test@gmail.com' there with password '1234' is localuser here options ssl