Linux/Mailserver/Small Office Smarthost
< Linux | Mailserver
Definitions
- This configuration is based on Ubuntu 12.04 LTS
preparing the system
mkdir /srv/mail/virtual groupadd -g 5000 vmail useradd -s /usr/sbin/nologin -u 5000 -g 5000 vmail id vmail
postfix
- /etc/postfix/main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no append_dot_mydomain = no #delay_warning_time = 4h readme_directory = no myhostname = localhostname.localdomain mydomain = localdomain alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases transport_maps = hash:/etc/postfix/transport #relayhost = smtp.domain.de mynetworks = 127.0.0.0/8 #, 192.168.111.0/24 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all # Virtual user settings virtual_mailbox_domains = /etc/postfix/virtual_domains virtual_mailbox_base = /srv/mail/virtual virtual_mailbox_maps = hash:/etc/postfix/vmailbox virtual_alias_maps = hash:/etc/postfix/virtual_alias virtual_minimum_uid = 100 virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 virtual_transport = dovecot #dovecot_destination_recipient_limit = 1 mailbox_size_limit = 0 # Dovecot sasl smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = no #smtpd_sasl_authenticated_header = yes # TLS parameters smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_tls_received_header = yes tls_random_source = dev:/dev/urandom #smtpd_require_helo = yes smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_unknown_client, reject_rbl_client sbl-xbl.spamhaus.org smtpd_sender_restrictions = reject_unknown_sender_domain smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_recipient_limit = 250 smtpd_tls_mandatory_protocols = SSLv3, TLSv1 smtpd_tls_mandatory_ciphers = medium # SMTP smtp_use_tls = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_password sender_canonical_maps = hash:/etc/postfix/sender_canonical
dovecot
- /etc/dovecot/conf.d/01-custom.conf
protocols = imap pop3 #imaps pop3s sieve # auth #disable_plaintext_auth = yes auth_mechanisms = plain login auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ # virtual user db passdb { driver = passwd-file args = /srv/mail/virtual/%d/passdb } userdb { driver = passwd-file args = /srv/mail/virtual/%d/userdb } # ssl ssl = yes #ssl_cert = </etc/ssl/certs/ssl-mail.pem #ssl_key = </etc/ssl/private/ssl-mail.key ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM # logging log_path = /var/log/dovecot auth_debug = yes # for debugging only mail_debug = yes # verbose_ssl = yes # # mail mail_location = maildir:/srv/mail/virtual/%d/%n # master service auth { unix_listener /var/spool/postfix/private/dovecot-auth { mode = 0660 user = postfix group = postfix } } # IMAP configuration #protocol imap { # mail_max_userip_connections = 10 # imap_client_workarounds = delay-newmail #} # POP3 configuration #protocol pop3 { # mail_max_userip_connections = 10 # pop3_client_workarounds = outlook-no-nuls oe-ns-eoh #} # LDA configuration #protocol lda { # postmaster_address = postmaster # mail_plugins = sieve # quota_full_tempfail = yes # deliver_log_format = msgid=%m: %$ # rejection_reason = Your message to <%t> was automatically rejected:%n%r #} # Plugins configuration #plugin { # sieve=~/.dovecot.sieve # sieve_dir=~/sieve #}
- /etc/dovecot/conf.d/10-auth.conf
#!include auth-master.conf.ext # disable
touch /var/log/dovecot chown vmail:vmail /var/log/dovecot chmod 660