Linux/Mailserver/Small Office Smarthost

From Wiki

Definitions

  • This configuration is based on Ubuntu 12.04 LTS


preparing the system

groupadd -g 5000 vmail
useradd -s /usr/sbin/nologin -u 5000 -g 5000 vmail
id vmail

mkdir -p /srv/mail/virtual/$(hostname -d)
chown -R vmail:vmail /srv/mail/virtual

touch /etc/dovecot/userdb
touch /etc/dovecot/passdb
chown root:dovecot /etc/dovecot/userdb
chown root:dovecot /etc/dovecot/passdb
chmod 640 /etc/dovecot/userdb
chmod 640 /etc/dovecot/passdb

installation

apt-get install postfix dovecot-core dovecot-imapd dovecot-pop3d dovecot-postfix dovecot-sieve dovecot-managedsieved mail-stack-delivery


postfix

  • /etc/postfix/main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

append_dot_mydomain = no
#delay_warning_time = 4h
readme_directory = no


myhostname = localhostname.localdomain
mydomain = localdomain
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

transport_maps = hash:/etc/postfix/transport
#relayhost = smtp.domain.de
mynetworks = 127.0.0.0/8
#, 192.168.111.0/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

# Virtual user settings
virtual_mailbox_domains = /etc/postfix/virtual_domains
virtual_mailbox_base = /srv/mail/virtual
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_alias_maps = hash:/etc/postfix/virtual_alias
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_transport = dovecot
#dovecot_destination_recipient_limit = 1
mailbox_size_limit = 0

# Dovecot sasl
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = no
#smtpd_sasl_authenticated_header = yes

# TLS parameters
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_received_header = yes
tls_random_source = dev:/dev/urandom
#smtpd_require_helo = yes
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_unknown_client, reject_rbl_client sbl-xbl.spamhaus.org
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_recipient_limit = 250
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium



# SMTP
smtp_use_tls = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
sender_canonical_maps = hash:/etc/postfix/sender_canonical

dovecot

  • preparing
touch /var/log/dovecot
chown vmail:vmail /var/log/dovecot
chmod 660 /var/log/dovecot


  • /etc/dovecot/conf.d/01-custom.conf
protocols = imap  pop3            #imaps pop3s sieve


# auth
#disable_plaintext_auth = yes
auth_mechanisms = plain login
auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@


# virtual user db
passdb {
  driver = passwd-file
  args = /srv/mail/virtual/%d/passdb
}
userdb {
  driver = passwd-file
  args = /srv/mail/virtual/%d/userdb
}


# ssl
ssl = yes
#ssl_cert = </etc/ssl/certs/ssl-mail.pem
#ssl_key = </etc/ssl/private/ssl-mail.key
ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM


# logging 
log_path = /var/log/dovecot
auth_debug = yes    # for debugging only
mail_debug = yes    #
verbose_ssl = yes   #


# mail
mail_location = maildir:/srv/mail/virtual/%d/%n


# master
service auth {
  unix_listener /var/spool/postfix/private/dovecot-auth {
    mode = 0660
    user = postfix
    group = postfix
  }
}


# IMAP configuration
#protocol imap {
#        mail_max_userip_connections = 10
#        imap_client_workarounds = delay-newmail
#}

# POP3 configuration
#protocol pop3 {
#        mail_max_userip_connections = 10
#        pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
#}

# LDA configuration
#protocol lda {
#        postmaster_address = postmaster
#        mail_plugins = sieve
#        quota_full_tempfail = yes
#        deliver_log_format = msgid=%m: %$
#        rejection_reason = Your message to <%t> was automatically rejected:%n%r
#}

# Plugins configuration
#plugin {
#        sieve=~/.dovecot.sieve
#        sieve_dir=~/sieve
#}
  • /etc/dovecot/conf.d/10-auth.conf
#!include auth-master.conf.ext     # disable
Retrieved from "https://wiki.marcluerssen.de/index.php?title=Linux/Mailserver/Small_Office_Smarthost&oldid=665"