Linux/Mailserver/Small Office Smarthost: Difference between revisions
< Linux | Mailserver
| (37 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
This configuration is based on Ubuntu 12.04 LTS | == Definitions == | ||
* This configuration is based on Ubuntu 12.04 LTS | |||
* verify that "hostname" gives your local hostname | |||
* verify that "hostname -d" gives your local domain(workgroup) | |||
== preparing the system == | |||
<blockquote> | <blockquote> | ||
<pre> | <pre> | ||
groupadd -g 5000 vmail | groupadd -g 5000 vmail | ||
useradd -s /usr/sbin/nologin -u 5000 -g 5000 vmail | useradd -s /usr/sbin/nologin -u 5000 -g 5000 vmail | ||
id vmail | id vmail | ||
mkdir -p /srv/mail/virtual/$(hostname -d) | |||
chown -R vmail:vmail /srv/mail/virtual | |||
</pre> | |||
</blockquote> | |||
== installation == | |||
<blockquote> | |||
<pre> | |||
apt-get install postfix dovecot-core dovecot-imapd dovecot-pop3d dovecot-postfix dovecot-sieve dovecot-managesieved mail-stack-delivery | |||
</pre> | </pre> | ||
</blockquote> | </blockquote> | ||
== postfix == | == postfix == | ||
* preparing | |||
<blockquote> | |||
<pre> | |||
touch /etc/postfix/canonical_recipients | |||
touch /etc/postfix/canonical_senders | |||
touch /etc/postfix/sender_relayhosts | |||
touch /etc/postfix/sasl_password | |||
chmod 600 /etc/postfix/sasl_password | |||
touch /etc/postfix/virtual_alias | |||
touch /etc/postfix/virtual_domains | |||
touch /etc/postfix/vmailbox | |||
touch /etc/postfix/reload.sh | |||
chmod 744 /etc/postfix/reload.sh | |||
</pre> | |||
</blockquote> | |||
* /etc/postfix/main.cf | |||
<blockquote> | |||
<pre> | |||
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) | |||
biff = no | |||
append_dot_mydomain = no | |||
#delay_warning_time = 4h | |||
readme_directory = no | |||
myhostname = localhostname.localdomain | |||
mydomain = localdomain | |||
alias_maps = hash:/etc/aliases | |||
alias_database = hash:/etc/aliases | |||
mynetworks = 127.0.0.0/8 | |||
mailbox_size_limit = 0 | |||
recipient_delimiter = + | |||
inet_interfaces = all | |||
# Virtual user settings | |||
virtual_mailbox_domains = /etc/postfix/virtual_domains | |||
virtual_mailbox_base = /srv/mail/virtual | |||
virtual_mailbox_maps = hash:/etc/postfix/vmailbox | |||
virtual_alias_maps = hash:/etc/postfix/virtual_alias | |||
virtual_minimum_uid = 100 | |||
virtual_uid_maps = static:5000 | |||
virtual_gid_maps = static:5000 | |||
mailbox_size_limit = 0 | |||
# Dovecot sasl | |||
smtpd_sasl_auth_enable = yes | |||
smtpd_sasl_type = dovecot | smtpd_sasl_type = dovecot | ||
smtpd_sasl_path = private/dovecot-auth | |||
smtpd_sasl_security_options = noanonymous | |||
smtpd_sasl_local_domain = $myhostname | |||
broken_sasl_auth_clients = no | |||
smtpd_sasl_authenticated_header = yes | |||
# | # TLS parameters | ||
smtpd_use_tls = yes | |||
smtpd_tls_security_level = may | |||
smtpd_tls_auth_only = yes | |||
smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem | |||
smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key | |||
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache | |||
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache | |||
smtpd_tls_received_header = yes | |||
tls_random_source = dev:/dev/urandom | |||
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_unknown_client, reject_rbl_client sbl-xbl.spamhaus.org | |||
smtpd_sender_restrictions = reject_unknown_sender_domain | |||
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination | |||
smtpd_recipient_limit = 250 | |||
smtpd_tls_mandatory_protocols = SSLv3, TLSv1 | |||
smtpd_tls_mandatory_ciphers = medium | |||
# | # outbound | ||
smtpd_sasl_auth_enable = yes | recipient_canonical_maps = hash:/etc/postfix/canonical_recipients | ||
sender_canonical_maps = hash:/etc/postfix/canonical_senders | |||
smtp_sender_dependent_authentication = yes | |||
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relayhosts | |||
smtp_connection_cache_on_demand = no | |||
smtp_tls_note_starttls_offer = yes | |||
smtp_tls_security_level = encrypt | |||
smtp_tls_mandatory_ciphers = high | |||
smtp_sasl_auth_enable = yes | |||
smtp_sasl_security_options = noanonymous noplaintext | |||
smtp_sasl_tls_security_options = noanonymous noplaintext | |||
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password | |||
</pre> | |||
</blockquote> | |||
* /etc/postfix/master.cf | |||
<blockquote> | |||
<pre> | |||
smtp inet n - - - - smtpd -v # add -v for verbose | |||
#smtp inet n - - - 1 postscreen | |||
#smtpd pass - - - - - smtpd | |||
#dnsblog unix - - - - 0 dnsblog | |||
#tlsproxy unix - - - - 0 tlsproxy | |||
submission inet n - - - - smtpd -v # uncomment for starttls port | |||
-o syslog_name=postfix/submission # | |||
-o smtpd_tls_security_level=encrypt | |||
-o smtpd_sasl_auth_enable=yes | |||
-o smtpd_client_restrictions=permit_sasl_authenticated,reject | |||
-o milter_macro_daemon_name=ORIGINATING | |||
#smtps inet n - - - - smtpd -v # uncomment for ssl/tls port | |||
# -o syslog_name=postfix/smtps | |||
# -o smtpd_tls_wrappermode=yes | |||
# -o smtpd_sasl_auth_enable=yes | |||
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject | |||
# -o milter_macro_daemon_name=ORIGINATING | |||
#628 inet n - - - - qmqpd | |||
</pre> | |||
</blockquote> | |||
* /etc/postfix/canonical_recipients | |||
<blockquote> | |||
<pre> | |||
root server@domain.de | |||
postmaster root | |||
webmaster root | |||
</pre> | |||
</blockquote> | |||
* /etc/postfix/canonical_senders | |||
<blockquote> | |||
<pre> | |||
root hostname@domain.de | |||
postmaster root | |||
webmaster root | |||
</pre> | |||
</blockquote> | |||
* /etc/postfix/sasl_password | |||
<blockquote> | |||
<pre> | |||
smtp.domain.de username:password | |||
</pre> | |||
</blockquote> | |||
* /etc/postfix/sender_relayhosts | |||
<blockquote> | |||
<pre> | |||
mail@domain.de smtp.domain.de | |||
</pre> | |||
</blockquote> | |||
* /etc/postfix/virtual_alias | |||
* /etc/ | |||
<blockquote> | <blockquote> | ||
<pre> | <pre> | ||
</pre> | </pre> | ||
</blockquote> | </blockquote> | ||
* /etc/ | * /etc/postfix/virtual_domains | ||
<blockquote> | |||
<pre> | |||
domain.de | |||
</pre> | |||
</blockquote> | |||
* /etc/postfix/vmailbox | |||
<blockquote> | <blockquote> | ||
<pre> | <pre> | ||
mail@domain.de localdomain/virtemailuser/ | |||
server@domain.de localdomain/server/ | |||
domain.de localdomain/virtemailuser/ | |||
</pre> | |||
</blockquote> | |||
* /etc/postfix/reload.sh | |||
<blockquote> | |||
<pre> | |||
#!/bin/bash | |||
newaliases | |||
postmap /etc/postfix/vmailbox | |||
postmap /etc/postfix/virtual_alias | |||
postmap /etc/postfix/sender_relayhosts | |||
postmap /etc/postfix/canonical_recipients | |||
postmap /etc/postfix/canonical_senders | |||
postmap /etc/postfix/sasl_password | |||
/etc/init.d/postfix restart | |||
</pre> | </pre> | ||
</blockquote> | </blockquote> | ||
* | == dovecot == | ||
* preparing | |||
<blockquote> | <blockquote> | ||
<pre> | <pre> | ||
touch /var/log/dovecot | |||
chown vmail:vmail /var/log/dovecot | |||
chmod 660 /var/log/dovecot | |||
touch /etc/dovecot/userdb | |||
touch /etc/dovecot/passdb | |||
chown root:dovecot /etc/dovecot/userdb | |||
chown root:dovecot /etc/dovecot/passdb | |||
chmod 640 /etc/dovecot/userdb | |||
chmod 640 /etc/dovecot/passdb | |||
</pre> | </pre> | ||
</blockquote> | </blockquote> | ||
* /etc/dovecot/conf.d/ | * /etc/dovecot/conf.d/01-custom.conf | ||
<blockquote> | <blockquote> | ||
<pre> | <pre> | ||
protocols = imap pop3 #imaps pop3s sieve | |||
# auth | |||
#disable_plaintext_auth = yes | |||
auth_mechanisms = plain login | |||
auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ | |||
# virtual user db | |||
passdb { | |||
driver = passwd-file | |||
args = /etc/dovecot/passdb | |||
} | |||
userdb { | |||
driver = passwd-file | |||
args = /etc/dovecot/userdb | |||
} | |||
# ssl | |||
ssl = yes | |||
#ssl_cert = </etc/ssl/certs/ssl-mail.pem | |||
#ssl_key = </etc/ssl/private/ssl-mail.key | |||
ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM | |||
# logging | |||
log_path = /var/log/dovecot | |||
auth_debug = yes # for debugging only | |||
mail_debug = yes # | |||
verbose_ssl = yes # | |||
# mail | |||
mail_location = maildir:/srv/mail/virtual/%d/%n | |||
# master | |||
service auth { | service auth { | ||
unix_listener /var/spool/postfix/private/dovecot-auth { | |||
unix_listener /var/spool/postfix/private/auth { | |||
mode = 0660 | mode = 0660 | ||
user = postfix | user = postfix | ||
group = postfix | group = postfix | ||
} | } | ||
} | } | ||
# IMAP configuration | |||
#protocol imap { | |||
# mail_max_userip_connections = 10 | |||
# imap_client_workarounds = delay-newmail | |||
#} | |||
# POP3 configuration | |||
#protocol pop3 { | |||
# mail_max_userip_connections = 10 | |||
# pop3_client_workarounds = outlook-no-nuls oe-ns-eoh | |||
#} | |||
# LDA configuration | |||
#protocol lda { | |||
# postmaster_address = postmaster | |||
# mail_plugins = sieve | |||
# quota_full_tempfail = yes | |||
# deliver_log_format = msgid=%m: %$ | |||
# rejection_reason = Your message to <%t> was automatically rejected:%n%r | |||
#} | |||
# Plugins configuration | |||
#plugin { | |||
# sieve=~/.dovecot.sieve | |||
# sieve_dir=~/sieve | |||
#} | |||
</pre> | |||
</blockquote> | |||
* /etc/dovecot/conf.d/10-auth.conf | |||
<blockquote> | |||
<pre> | |||
#!include auth-master.conf.ext # disable | |||
</pre> | |||
</blockquote> | |||
== fetchmail == | |||
* /etc/defaults/fetchmail | |||
<blockquote> | |||
<pre> | |||
START_DAEMON=yes | |||
</pre> | </pre> | ||
</blockquote> | </blockquote> | ||
* /etc/fetchmailrc | |||
<blockquote> | <blockquote> | ||
<pre> | <pre> | ||
set postmaster "root" | |||
set bouncemail | |||
set no spambounce | |||
set properties "" | |||
set syslog | |||
set daemon 300 | |||
poll pop.gmail.com with proto POP3 | |||
user 'test@gmail.com' there with password '1234' is localuser here options ssl | |||
</pre> | </pre> | ||
</blockquote> | </blockquote> | ||
Latest revision as of 14:59, 1 December 2013
Definitions
- This configuration is based on Ubuntu 12.04 LTS
- verify that "hostname" gives your local hostname
- verify that "hostname -d" gives your local domain(workgroup)
preparing the system
groupadd -g 5000 vmail useradd -s /usr/sbin/nologin -u 5000 -g 5000 vmail id vmail mkdir -p /srv/mail/virtual/$(hostname -d) chown -R vmail:vmail /srv/mail/virtual
installation
apt-get install postfix dovecot-core dovecot-imapd dovecot-pop3d dovecot-postfix dovecot-sieve dovecot-managesieved mail-stack-delivery
postfix
- preparing
touch /etc/postfix/canonical_recipients touch /etc/postfix/canonical_senders touch /etc/postfix/sender_relayhosts touch /etc/postfix/sasl_password chmod 600 /etc/postfix/sasl_password touch /etc/postfix/virtual_alias touch /etc/postfix/virtual_domains touch /etc/postfix/vmailbox touch /etc/postfix/reload.sh chmod 744 /etc/postfix/reload.sh
- /etc/postfix/main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
#delay_warning_time = 4h
readme_directory = no
myhostname = localhostname.localdomain
mydomain = localdomain
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
# Virtual user settings
virtual_mailbox_domains = /etc/postfix/virtual_domains
virtual_mailbox_base = /srv/mail/virtual
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_alias_maps = hash:/etc/postfix/virtual_alias
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
mailbox_size_limit = 0
# Dovecot sasl
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = no
smtpd_sasl_authenticated_header = yes
# TLS parameters
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_received_header = yes
tls_random_source = dev:/dev/urandom
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_unknown_client, reject_rbl_client sbl-xbl.spamhaus.org
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_recipient_limit = 250
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium
# outbound
recipient_canonical_maps = hash:/etc/postfix/canonical_recipients
sender_canonical_maps = hash:/etc/postfix/canonical_senders
smtp_sender_dependent_authentication = yes
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relayhosts
smtp_connection_cache_on_demand = no
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = encrypt
smtp_tls_mandatory_ciphers = high
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous noplaintext
smtp_sasl_tls_security_options = noanonymous noplaintext
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
- /etc/postfix/master.cf
smtp inet n - - - - smtpd -v # add -v for verbose #smtp inet n - - - 1 postscreen #smtpd pass - - - - - smtpd #dnsblog unix - - - - 0 dnsblog #tlsproxy unix - - - - 0 tlsproxy submission inet n - - - - smtpd -v # uncomment for starttls port -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING #smtps inet n - - - - smtpd -v # uncomment for ssl/tls port # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - - - - qmqpd
- /etc/postfix/canonical_recipients
root server@domain.de postmaster root webmaster root
- /etc/postfix/canonical_senders
root hostname@domain.de postmaster root webmaster root
- /etc/postfix/sasl_password
smtp.domain.de username:password
- /etc/postfix/sender_relayhosts
mail@domain.de smtp.domain.de
- /etc/postfix/virtual_alias
- /etc/postfix/virtual_domains
domain.de
- /etc/postfix/vmailbox
mail@domain.de localdomain/virtemailuser/ server@domain.de localdomain/server/ domain.de localdomain/virtemailuser/
- /etc/postfix/reload.sh
#!/bin/bash newaliases postmap /etc/postfix/vmailbox postmap /etc/postfix/virtual_alias postmap /etc/postfix/sender_relayhosts postmap /etc/postfix/canonical_recipients postmap /etc/postfix/canonical_senders postmap /etc/postfix/sasl_password /etc/init.d/postfix restart
dovecot
- preparing
touch /var/log/dovecot chown vmail:vmail /var/log/dovecot chmod 660 /var/log/dovecot touch /etc/dovecot/userdb touch /etc/dovecot/passdb chown root:dovecot /etc/dovecot/userdb chown root:dovecot /etc/dovecot/passdb chmod 640 /etc/dovecot/userdb chmod 640 /etc/dovecot/passdb
- /etc/dovecot/conf.d/01-custom.conf
protocols = imap pop3 #imaps pop3s sieve
# auth
#disable_plaintext_auth = yes
auth_mechanisms = plain login
auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
# virtual user db
passdb {
driver = passwd-file
args = /etc/dovecot/passdb
}
userdb {
driver = passwd-file
args = /etc/dovecot/userdb
}
# ssl
ssl = yes
#ssl_cert = </etc/ssl/certs/ssl-mail.pem
#ssl_key = </etc/ssl/private/ssl-mail.key
ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
# logging
log_path = /var/log/dovecot
auth_debug = yes # for debugging only
mail_debug = yes #
verbose_ssl = yes #
# mail
mail_location = maildir:/srv/mail/virtual/%d/%n
# master
service auth {
unix_listener /var/spool/postfix/private/dovecot-auth {
mode = 0660
user = postfix
group = postfix
}
}
# IMAP configuration
#protocol imap {
# mail_max_userip_connections = 10
# imap_client_workarounds = delay-newmail
#}
# POP3 configuration
#protocol pop3 {
# mail_max_userip_connections = 10
# pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
#}
# LDA configuration
#protocol lda {
# postmaster_address = postmaster
# mail_plugins = sieve
# quota_full_tempfail = yes
# deliver_log_format = msgid=%m: %$
# rejection_reason = Your message to <%t> was automatically rejected:%n%r
#}
# Plugins configuration
#plugin {
# sieve=~/.dovecot.sieve
# sieve_dir=~/sieve
#}
- /etc/dovecot/conf.d/10-auth.conf
#!include auth-master.conf.ext # disable
fetchmail
- /etc/defaults/fetchmail
START_DAEMON=yes
- /etc/fetchmailrc
set postmaster "root"
set bouncemail
set no spambounce
set properties ""
set syslog
set daemon 300
poll pop.gmail.com with proto POP3
user 'test@gmail.com' there with password '1234' is localuser here options ssl