ubuntu 8.04 mail server

vladimir simeonov

04/07/2011

Stories

С това ръководство ще се опитам да събера на едно място начините за изграждане на пълнофункционален пощенски сървър на базата на:

Ubuntu Server 8.04 LTS

изграден е на базата на: POSTFIX (MTA) + Mysql (съхранение на данни за потребители) + Postfixadmin (php код за управление на акаунтите на postfix посредством web browser) + SASL (позволява логване на потребители при изпращане на писма) + IMAP/POP3 (позволява проверка на получени писма) + RoundCube Webmail (проверка на писма през browser) + Amavis-new (анти – спам и анти – вирусен скенер)

В интернет има няколко подобни ръководства, но в тях нещата не са завършени, а някой компонени не се настройват правилно и времето по отстраняване и намиране на грешките надхвърля значитено времето по изпълнение на самото ръководство. Главно ще се водя по следните достъпни ръководства,

https://help.ubuntu.com/community/PostfixCompleteVirtualMailSystemHowto
http://forums.linux-index.org/cgi-bin/virtual-users-and-domains-with-postfix-ubuntu-8.04
http://www.starbridge.org/spip/spip.php?article1

напомням, че това е нещо като сборник на всички полезни и правилни инструкции в тях, с нищо не съм внасял от себе си, ползвал съм и доста материали от интернет за дребни надстройки, за които ми е трудно да предоставя точен линк. Не желая да приписвам никакви заслуги на себе си по реализацията на описаното.

1. Няма да описвам как да инсталирате базовата инсталация. Това трябва да направите сами. По време на инсталацията е препоръчително да маркирате за инсталация следните компоненти, но не е фатално ако ги пропуснете: OpenSSH Server, LAMP, BIND DNS server

2. Изключително важно е да имате домейн, който да има прав и обратен resolve към инсталираната машина. Опците по сигурността, който ще бъдат въведени по – късно ще спират изпращането и получаване на писма от сервъра ако той няма FQDN, nslookup IP не връща FQDN/Hostname

3. Интерфейсите на мрежовите контролери трябва да са настроени със статични адреси.

4. Всички команди които ползвам ще се изпълняват като потребител root, т.е. ще изпусна sudo, ако не сте задали парола за root акаунта можете да го направите като: $sudo passwd root, или да влезете временно като root: $sudo su -, или просто да ги изпълнявате като добавяте sudo пред тях.

5. Инсталиране на пакети:

apt-get install postfix postfix-mysql mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl postfix-tls libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl phpmyadmin apache2 libapache2-mod-php5 php5 php5-mysql libpam-smbpass roundcube-webmail postgrey

6. Ако не сте задали парола на mysql-server,

mysqladmin -u root password <парола>

7. Ако не си спомняте паролата на root потребителя в mysql, тук е описано как може да се смени:

http://dev.mysql.com/doc/refman/5.0/en/resetting-permissions.html

8. Ще използваме папката /usr/src за временни файлове и downloads

mkdir -p /usr/src/postfix; touch /usr/src/postfix/postfixadmin-mysq.sql;

9. Ако ползвате nano заместете editor с нано, ако ползвате vi, по – добре инсталирайте vim и използвайте vim вместо editor на следващите редове.

nano /usr/src/postfix/postfixadmin-mysql.sql

Поставете вътре следното съдържание, ЗАМЕНИТЕ УДЕБЕЛЕНИЯТ ШРИФТ С ПАРОЛА ПО ВАШ ИЗБОР, ТЯ НЕ ТРЯБВА ДА Е ЕДНАКВА С ТАЗИ НА MYSQL, ТАЗИ ПАРОЛА ЩЕ СЕ ИЗПОЛЗВА ПО – НАТАТЪК В НАСТРОЙКИТЕ, ЩЕ Я МАРКИРАМ С PAROLA, КЪДЕТО ВИДИТЕ PAROLA, НАПРЕД В ИНСТРУКЦИИТЕ Я ЗАМЕНЕТЕ С ПАРОЛАТА КОЯТО СТЕ ИЗБРАЛИ, ЗАБЕЛЕЖЕТЕ ЧЕ ТУК ПРАВИМ 2 ПОТРЕБИТЕЛЯ, ТАКА ЧЕ ПАРОЛИТЕ СА 2, PAROLA1 и PAROLA2, PAROLA2 ще ползваме само на 1 място, но те тр. да са различни

CREATE DATABASE postfix;

GRANT SELECT ON postfix.* TO postfix@localhost IDENTIFIED BY ‘PAROLA1‘;

GRANT ALL ON postfix.* TO postfixadmin@localhost IDENTIFIED BY ‘PAROLA2‘;

USE postfix;

# Table structure for table admin

CREATE TABLE admin (

username varchar(255) NOT NULL default ”,

password varchar(255) NOT NULL default ”,

created datetime NOT NULL default ‘0000-00-00 00:00:00’,

modified datetime NOT NULL default ‘0000-00-00 00:00:00’,

active tinyint(1) NOT NULL default ‘1’,

PRIMARY KEY (username),

KEY username (username)

) COMMENT=’Postfix Admin – Virtual Admins’;

# Table structure for table alias

CREATE TABLE alias (

address varchar(255) NOT NULL default ”,

goto text NOT NULL,

domain varchar(255) NOT NULL default ”,

created datetime NOT NULL default ‘0000-00-00 00:00:00’,

modified datetime NOT NULL default ‘0000-00-00 00:00:00’,

active tinyint(1) NOT NULL default ‘1’,

PRIMARY KEY (address),

KEY address (address)

) COMMENT=’Postfix Admin – Virtual Aliases’;

# Table structure for table domain

CREATE TABLE domain (

domain varchar(255) NOT NULL default ”,

description varchar(255) NOT NULL default ”,

aliases int(10) NOT NULL default ‘0’,

mailboxes int(10) NOT NULL default ‘0’,

maxquota int(10) NOT NULL default ‘0’,

transport varchar(255) default NULL,

backupmx tinyint(1) NOT NULL default ‘0’,

created datetime NOT NULL default ‘0000-00-00 00:00:00’,

modified datetime NOT NULL default ‘0000-00-00 00:00:00’,

active tinyint(1) NOT NULL default ‘1’,

PRIMARY KEY (domain),

KEY domain (domain)

) COMMENT=’Postfix Admin – Virtual Domains’;

# Table structure for table domain_admins

CREATE TABLE domain_admins (

username varchar(255) NOT NULL default ”,

domain varchar(255) NOT NULL default ”,

created datetime NOT NULL default ‘0000-00-00 00:00:00’,

active tinyint(1) NOT NULL default ‘1’,

KEY username (username)

) COMMENT=’Postfix Admin – Domain Admins’;

# Table structure for table log

CREATE TABLE log (

timestamp datetime NOT NULL default ‘0000-00-00 00:00:00’,

username varchar(255) NOT NULL default ”,

domain varchar(255) NOT NULL default ”,

action varchar(255) NOT NULL default ”,

data varchar(255) NOT NULL default ”,

KEY timestamp (timestamp)

) COMMENT=’Postfix Admin – Log’;

# Table structure for table mailbox

CREATE TABLE mailbox (

username varchar(255) NOT NULL default ”,

password varchar(255) NOT NULL default ”,

name varchar(255) NOT NULL default ”,

maildir varchar(255) NOT NULL default ”,

quota int(10) NOT NULL default ‘0’,

domain varchar(255) NOT NULL default ”,

created datetime NOT NULL default ‘0000-00-00 00:00:00’,

modified datetime NOT NULL default ‘0000-00-00 00:00:00’,

active tinyint(1) NOT NULL default ‘1’,

PRIMARY KEY (username),

KEY username (username)

) COMMENT=’Postfix Admin – Virtual Mailboxes’;

# Table structure for table vacation

CREATE TABLE vacation (

email varchar(255) NOT NULL default ”,

subject varchar(255) NOT NULL default ”,

body text NOT NULL,

cache text NOT NULL,

domain varchar(255) NOT NULL default ”,

created datetime NOT NULL default ‘0000-00-00 00:00:00’,

active tinyint(1) NOT NULL default ‘1’,

PRIMARY KEY (email),

KEY email (email)

) COMMENT=’Postfix Admin – Virtual Vacation’;

#————————————End copy————————————-

След това изпълнете следната команда, ще изисква да въведете в терминал паролата на root, за mysql

mysql -u root -p < /usr/src/postfix/postfixadmin-mysql.sql

10. В следващата стъпка създаваме няколко важни файла, не забравяйте че в тях PAROLA1 е паролата която въведохте в кога по – горе!

editor /etc/postfix/mysql_virtual_alias_maps.cf

user = postfix

password = PAROLA1

hosts = 127.0.0.1

dbname = postfix

table = alias

select_field = goto

where_field = address

editor /etc/postfix/mysql_virtual_domains_maps.cf

user = postfix

password = PAROLA1

hosts = 127.0.0.1

dbname = postfix

table = domain

select_field = domain

where_field = domain

#additional_conditions = and backupmx = ‘0’ and active = ‘1’

editor /etc/postfix/mysql_virtual_mailbox_maps.cf

user = postfix

password = PAROLA1

hosts = 127.0.0.1

dbname = postfix

table = mailbox

select_field = maildir

where_field = username

#additional_conditions = and active = ‘1’

editor /etc/postfix/mysql_virtual_mailbox_limit_maps.cf

user = postfix

password = PAROLA1

hosts = 127.0.0.1

dbname = postfix

table = mailbox

select_field = quota

where_field = username

#additional_conditions = and active = ‘1’

editor /etc/postfix/mysql_relay_domains_maps.cf

user = postfix

password = PAROLA1

hosts = 127.0.0.1

dbname = postfix

table = domain

select_field = domain

where_field = domain

additional_conditions = and backupmx = ‘1’

11. Следващата стъпка е да защитим файловете от промяна и няпозволен достъп:

chgrp postfix /etc/postfix/mysql_*.cf

chmod 640 /etc/postfix/mysql_*.cf

12. Създаваме потребител на който ще принадлежат писмата който ще се записват на диска

groupadd -g 5000 vmail

useradd -m -g vmail -u 5000 -d /home/vmail -s /bin/bash vmail

13. редактирайте /etc/postfix/main.cf и генерираме ключ за SSL/TLS

cd /etc/postfix

openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509

ЗАДЪЛЖИТЕЛНО СМЕНЕТЕ УДЕБЕЛЕНИЯТ ТЕКСТ С ВАШИЯТ DOMAIN/HOSTNAME.

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific: Specifying a file name will cause the first

# line of that file to be used as the name. The Debian default

# is /etc/mailname.

#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)

biff = no

# appending .domain is the MUA’s job.

append_dot_mydomain = no

# Uncomment the next line to generate “delayed mail” warnings

#delay_warning_time = 4h

readme_directory = no

# TLS parameters

smtpd_tls_cert_file=/etc/postfix/smtpd.cert

smtpd_tls_key_file=/etc/postfix/smtpd.key

smtpd_use_tls=yes

smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for

# information on enabling SSL in the smtp client.

myhostname = MYHOSTNAME/FQDN

alias_maps = hash:/etc/aliases

alias_database = hash:/etc/aliases

myorigin = /etc/mailname

mydestination =

relayhost =

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

mailbox_size_limit = 0

recipient_delimiter = +

inet_interfaces = all

####PostfixAdmin

virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf

virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf

virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf

virtual_mailbox_limit = 51200000

virtual_minimum_uid = 5000

virtual_uid_maps = static:5000

virtual_gid_maps = static:5000

virtual_mailbox_base = /home/vmail

virtual_transport = virtual

# Additional for quota support

virtual_create_maildirsize = yes

virtual_mailbox_extended = yes

virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf

virtual_mailbox_limit_override = yes

virtual_maildir_limit_message = Sorry, the your maildir has overdrawn your diskspace quota, please free up some of spaces of your mailbox try again.

virtual_overquota_bounce = yes

###SMTP AUTH

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain =

broken_sasl_auth_clients = yes

smtpd_sasl_authenticated_header = yes

#smtpd_sasl_application_name = smtpd

#cyrus_smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2

###POLICY

smtpd_recipient_restrictions =

reject_unauth_pipelining,

permit_mynetworks,

check_policy_service inet:127.0.0.1:60000,

permit_sasl_authenticated,

reject_non_fqdn_recipient,

reject_unauth_destination,

reject_invalid_hostname,

reject_non_fqdn_hostname,

reject_non_fqdn_sender,

reject_unknown_recipient_domain,

reject_unauth_pipelining,

reject_rbl_client zen.spamhaus.org,

# reject_rbl_client no-more-funn.moensted.dk,

# reject_rbl_client virbl.dnsbl.bit.nl,

reject_rbl_client bl.spamcop.net,

# reject_rbl_client dynamic.spamlists.tqmcube.com,

# reject_rbl_client list.dsbl.org,

# reject_rbl_client dnsbl-1.uceprotect.net,

# reject_rbl_client dnsbl-2.uceprotect.net,

# reject_rbl_client dnsbl-3.uceprotect.net,

# reject_rbl_client relays.ordb.org,

# reject_rbl_client lists.spam.sux.com,

# reject_rbl_client impersonator.lists.spam.sux.com,

# reject_rbl_client dnsbl.njabl.org,

# reject_rbl_client dnsbl.ahbl.org,

permit

smtpd_sender_restrictions =

permit_sasl_authenticated,

permit_mynetworks,

reject_non_fqdn_sender,

reject_unknown_sender_domain,

hash:/etc/postfix/access-sender,

reject_unauth_pipelining,

permit

smtpd_client_restrictions =

hash:/etc/postfix/access,

check_client_access hash:/etc/postfix/rbl-whitelist,

permit_mynetworks,

reject_unauth_pipelining,

reject_rbl_client zen.spamhaus.org,

permit

#smtpd_helo_restrictions =

# permit_mynetworks,

# permit_sasl_authenticated,

#reject_non_fqdn_hostname,

#reject_invalid_hostname,

# permit

smtpd_delay_reject = yes

content_filter = amavis:[127.0.0.1]:10024

receive_override_options = no_address_mappings

14. Свалете postfixadmin:

http://postfixadmin.sourceforge.net/

инсталира се с

dpkg -i postfixadmin*.deb

рестартираме apache2:

/etc/init.d/apache2 restart

15. главният му файл за настройка се намира в /etc/postfixadmin/config*

можете да го направите да изглежда така:

Сменете PAROLA2 с паролата която въведохте в файла в началото:

/**

* Postfix Admin

* LICENSE

* This source file is subject to the GPL license that is bundled with

* this package in the file LICENSE.TXT.

* Further details on the project are available at :

* http://www.postfixadmin.com or http://postfixadmin.sf.net

* @version $Id: config.inc.php 309 2008-03-05 00:09:46Z christian_boltz $

* @license GNU GPL v2 or later.

* File: config.inc.php

* Contains configuration options.

if (ereg (“config.inc.php”, $_SERVER[‘PHP_SELF’]))

{

header (“Location: login.php”);

exit;

}

/*****************************************************************

* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

* The following line needs commenting out or removing before the

* application will run!

* Doing this implies you have changed this file as required.

$CONF[‘configured’] = yes;

// Postfix Admin Path

// Set the location of your Postfix Admin installation here.

// YOU MUST ENTER THE COMPLETE URL e.g. http://domain.tld/postfixadmin

$CONF[‘postfix_admin_url’] = ”;

// shouldn’t need changing.

$CONF[‘postfix_admin_path’] = ‘/usr/share/postfixadmin’;

// Language config

// Language files are located in ‘./languages’, change as required..

$CONF[‘default_language’] = ‘en’;

// Database Config

// mysql = MySQL 3.23 and 4.0

// mysqli = MySQL 4.1

// pgsql = PostgreSQL

$CONF[‘database_type’] = ‘mysqli’;

$CONF[‘database_host’] = ‘localhost’;

$CONF[‘database_user’] = ‘postfixadmin’;

$CONF[‘database_password’] = ‘PAROLA2‘;

$CONF[‘database_name’] = ‘postfix’;

$CONF[‘database_prefix’] = ”;

// Here, if you need, you can customize table names.

$CONF[‘database_prefix’] = ”;

$CONF[‘database_tables’] = array (

‘admin’ => ‘admin’,

‘alias’ => ‘alias’,

‘config’ => ‘config’,

‘domain’ => ‘domain’,

‘domain_admins’ => ‘domain_admins’,

‘log’ => ‘log’,

‘mailbox’ => ‘mailbox’,

‘vacation’ => ‘vacation’,

‘vacation_notification’ => ‘vacation_notification’,

);

// Site Admin

// Define the Site Admins email address below.

// This will be used to send emails from to create mailboxes.

$CONF[‘admin_email’] = ‘[email protected]’;

// Mail Server

// Hostname (FQDN) of your mail server.

// This is used to send email to Postfix in order to create mailboxes.

$CONF[‘smtp_server’] = ‘localhost’;

$CONF[‘smtp_port’] = ’25’;

// Encrypt

// In what way do you want the passwords to be crypted?

// md5crypt = internal postfix admin md5

// md5 = md5 sum of the password

// system = whatever you have set as your PHP system default

// cleartext = clear text passwords (ouch!)

$CONF[‘encrypt’] = ‘md5crypt’;

// Minimum length required for passwords. Postfixadmin will not

// allow users to set passwords which are shorter than this value.

$CONF[‘min_password_length’] = 0;

// Generate Password

// Generate a random password for a mailbox or admin and display it.

// If you want to automagically generate paswords set this to ‘YES’.

$CONF[‘generate_password’] = ‘YES’;

// Show Password

// Always show password after adding a mailbox or admin.

// If you want to always see what password was set set this to ‘YES’.

$CONF[‘show_password’] = ‘YES’;

// Page Size

// Set the number of entries that you would like to see

// in one page.

$CONF[‘page_size’] = ‘100’;

// Default Aliases

// The default aliases that need to be created for all domains.

[B]$CONF[‘default_aliases’] = array (

‘abuse’ => ‘[email protected]’,

‘hostmaster’ => ‘[email protected]’,

‘postmaster’ => ‘[email protected]’,

‘webmaster’ => ‘[email protected]’

);[/B]

// Mailboxes

// If you want to store the mailboxes per domain set this to ‘YES’.

// Examples:

// YES: /usr/local/virtual/domain.tld/[email protected]

// NO: /usr/local/virtual/[email protected]

$CONF[‘domain_path’] = ‘YES’;

// If you don’t want to have the domain in your mailbox set this to ‘NO’.

// Examples:

// YES: /usr/local/virtual/domain.tld/[email protected]

// NO: /usr/local/virtual/domain.tld/username

// Note: If $CONF[‘domain_path’] is set to NO, this setting will be forced to YES.

$CONF[‘domain_in_mailbox’] = ‘NO’;

// Default Domain Values

// Specify your default values below. Quota in MB.

$CONF[‘aliases’] = ‘100’;

$CONF[‘mailboxes’] = ‘100’;

$CONF[‘maxquota’] = ‘100’;

// Quota

// When you want to enforce quota for your mailbox users set this to ‘YES’.

$CONF[‘quota’] = ‘YES’;

// You can either use ‘1024000’ or ‘1048576’

$CONF[‘quota_multiplier’] = ‘1024000’;

// Transport

// If you want to define additional transport options for a domain set this to ‘YES’.

// Read the transport file of the Postfix documentation.

$CONF[‘transport’] = ‘NO’;

// Transport options

// If you want to define additional transport options put them in array below.

$CONF[‘transport_options’] = array (

‘virtual’, // for virtual accounts

‘local’, // for system accounts

‘relay’ // for backup mx

);

// Transport default

// You should define default transport. It must be in array above.

$CONF[‘transport_default’] = ‘virtual’;

// Virtual Vacation

// If you want to use virtual vacation for you mailbox users set this to ‘YES’.

// NOTE: Make sure that you install the vacation module. http://high5.net/postfixadmin/

$CONF[‘vacation’] = ‘YES’;

// This is the autoreply domain that you will need to set in your Postfix

// transport maps to handle virtual vacations. It does not need to be a

// real domain (i.e. you don’t need to setup DNS for it).

$CONF[‘vacation_domain’] = ‘autoreply.lod.air’;

// Vacation Control

// If you want users to take control of vacation set this to ‘YES’.

$CONF[‘vacation_control’] =’YES’;

// Vacation Control for admins

// Set to ‘YES’ if your domain admins should be able to edit user vacation.

$CONF[‘vacation_control_admin’] = ‘YES’;

// Alias Control

// Postfix Admin inserts an alias in the alias table for every mailbox it creates.

// The reason for this is that when you want catch-all and normal mailboxes

// to work you need to have the mailbox replicated in the alias table.

// If you want to take control of these aliases as well set this to ‘YES’.

$CONF[‘alias_control’] = ‘YES’;

// Alias Control for admins

// Set to ‘NO’ if your domain admins shouldn’t be able to edit user aliases.

$CONF[‘alias_control_admin’] = ‘YES’;

// Special Alias Control

// Set to ‘NO’ if your domain admins shouldn’t be able to edit default aliases.

$CONF[‘special_alias_control’] = ‘YES’;

// Alias Goto Field Limit

// Set the max number of entries that you would like to see

// in one ‘goto’ field in overview, the rest will be hidden and “[and X more…]” will be added.

// ‘0’ means no limits.

$CONF[‘alias_goto_limit’] = ‘0’;

// Backup

// If you don’t want backup tab set this to ‘NO’;

$CONF[‘backup’] = ‘YES’;

// Send Mail

// If you don’t want sendmail tab set this to ‘NO’;

$CONF[‘sendmail’] = ‘YES’;

// Logging

// If you don’t want logging set this to ‘NO’;

$CONF[‘logging’] = ‘YES’;

// Fetchmail

// If you don’t want fetchmail tab set this to ‘NO’;

$CONF[‘fetchmail’] = ‘YES’;

// fetchmail_extra_options allows users to specify any fetchmail options and any MDA

// (it will even accept ‘rm -rf /’ as MDA!)

// This should be set to NO, except if you *really* trust *all* your users.

$CONF[‘fetchmail_extra_options’] = ‘NO’;

// Header

$CONF[‘show_header_text’] = ‘NO’;

$CONF[‘header_text’] = ‘:: Postfix Admin ::’;

// link to display under ‘Main’ menu when logged in as a user.

$CONF[‘user_footer_link’] = “http://change-this-to-your.domain.tld/main”;

// Footer

// Below information will be on all pages.

// If you don’t want the footer information to appear set this to ‘NO’.

$CONF[‘show_footer_text’] = ‘YES’;

$CONF[‘footer_text’] = ‘Return to change-this-to-your.domain.tld’;

$CONF[‘footer_link’] = ‘http://change-this-to-your.domain.tld’;

// Welcome Message

// This message is send to every newly created mailbox.

// Change the text between EOM.

$CONF[‘welcome_text’] = <<

Hi,

Welcome to your new account.

http://webmail.lod.air

EOM;

// When creating mailboxes, check that the domain-part of the

// address is legal by performing a name server look-up.

$CONF[’emailcheck_resolve_domain’]=’YES’;

// Optional:

// Analyze alias gotos and display a colored block in the first column

// indicating if an alias or mailbox appears to deliver to a non-existent

// account. Also, display indications, for POP/IMAP mailboxes and

// for custom destinations (such as mailboxes that forward to a UNIX shell

// account or mail that is sent to a MS exchange server, or any other

// domain or subdomain you use)

// See http://www.w3schools.com/html/html_colornames.asp for a list of

// color names available on most browsers

//set to YES to enable this feature

$CONF[‘show_status’]=’YES’;

//display a guide to what these colors mean

$CONF[‘show_status_key’]=’YES’;

// ‘show_status_text’ will be displayed with the background colors

// associated with each status, you can customize it here

$CONF[‘show_status_text’]=’ ‘;

// show_undeliverable is useful if most accounts are delivered to this

// postfix system. If many aliases and mailboxes are forwarded

// elsewhere, you will probably want to disable this.

$CONF[‘show_undeliverable’]=’NO’;

$CONF[‘show_undeliverable_color’]=’tomato’;

$CONF[‘show_undeliverable_exceptions’]=array(“unixmail.domain.ext”,”exchangeserver.domain.ext”,”gmail.com”);

$CONF[‘show_popimap’]=’NO’;

$CONF[‘show_popimap_color’]=’darkgrey’;

// set ‘show_custom_count’ to 0 to disable custom indicators

$CONF[‘show_custom_count’]=2;

$CONF[‘show_custom_domains’]=array(“subdomain.domain.ext”,”domain2.ext”);

$CONF[‘show_custom_colors’]=array(“lightgreen”,”lightblue”);

// Optional:

// ****** to run after creation of mailboxes.

// Note that this may fail if PHP is run in “safe mode”, or if

// operating system features (such as SELinux) or limitations

// prevent the web-server from executing external scripts.

// $CONF[‘mailbox_postcreation_script’]=’sudo -u courier /usr/local/bin/postfixadmin-mailbox-postcreation.sh’;

// Optional:

// ****** to run after deletion of mailboxes.

// Note that this may fail if PHP is run in “safe mode”, or if

// operating system features (such as SELinux) or limitations

// prevent the web-server from executing external scripts.

// $CONF[‘mailbox_postdeletion_script’]=’sudo -u courier /usr/local/bin/postfixadmin-mailbox-postdeletion.sh’;

// Optional:

// ****** to run after deletion of domains.

// Note that this may fail if PHP is run in “safe mode”, or if

// operating system features (such as SELinux) or limitations

// prevent the web-server from executing external scripts.

// $CONF[‘domain_postdeletion_script’]=’sudo -u courier /usr/local/bin/postfixadmin-domain-postdeletion.sh’;

// Optional:

// Sub-folders which should automatically be created for new users.

// The sub-folders will also be subscribed to automatically.

// Will only work with IMAP server which implement sub-folders.

// Will not work with POP3.

// If you define create_mailbox_subdirs, then the

// create_mailbox_subdirs_host must also be defined.

// $CONF[‘create_mailbox_subdirs’]=array(‘Spam’);

// $CONF[‘create_mailbox_subdirs_host’]=’localhost’;

// Normally, the TCP port number does not have to be specified.

// $CONF[‘create_mailbox_subdirs_hostport’]=143;

// If you have trouble connecting to the IMAP-server, then specify

// a value for $CONF[‘create_mailbox_subdirs_hostoptions’]. These

// are some examples to experiment with:

// $CONF[‘create_mailbox_subdirs_hostoptions’]=array(‘notls’);

// $CONF[‘create_mailbox_subdirs_hostoptions’]=array(‘novalidate-cert’,’norsh’);

// See also the “Optional flags for names” table at

// http://www.php.net/manual/en/function.imap-open.php

// Theme Config

// Specify your own logo and CSS file

$CONF[‘theme_logo’] = ‘images/logo-default.png’;

$CONF[‘theme_css’] = ‘css/default.css’;

// If you want to keep most settings at default values and/or want to ensure

// that future updates work without problems, you can use a separate config

// file (config.local.php) instead of editing this file and override some

// settings there.

if (file_exists(dirname() . ‘/config.local.php’)) { # for /

include(dirname() . ‘/config.local.php’);

}

// END OF CONFIG FILE

/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */

влезте през browser:

http://yourdomain/postfixadmin/setup.php

при успешна проверка на компонентите, ще си update базата данни и ще даде право да се въведе админстраторски акаунт и парола.

когато и това приключи въведете следната команда, за да можете да влезете в http://yourdomain/postfixadmin

rm -f -y /usr/lib/postfixadmin/setup.php

15. Настройка на POP/IMAP:

mv /etc/courier/authmysqlrc /etc/courier/authmysqlrc.bak

editor /etc/courier/authmysqlrc

MYSQL_SERVER 127.0.0.1

MYSQL_USERNAME postfix

MYSQL_PASSWORD PAROLA1

MYSQL_DATABASE postfix

MYSQL_USER_TABLE mailbox

MYSQL_LOGIN_FIELD username

MYSQL_NAME_FIELD name

MYSQL_CRYPT_PWFIELD password

#MYSQL_CLEAR_PWFIELD password

MYSQL_MAILDIR_FIELD maildir

MYSQL_QUOTA_FIELD concat(quota,’S’)

MYSQL_HOME_FIELD ‘/home/vmail’

MYSQL_UID_FIELD ‘5000’

MYSQL_GID_FIELD ‘5000’

във файла /etc/courier/authdaemonrc

authmodulelist=”authmysql”

можете да сложите DEBUGLEVEL да е 1 или 2, за да можете да гледате евентуални грешки в началото, при ниво 2 показва паролите в лога, така че не е препоръчително да го оставяте за постоянно.

16. Следва една от най – проблемните части:

apt-get install postfix-tls sasl2-bin libsasl2 libsasl2-modules libpam-mysql openssl

editor /etc/pam.d/smtp

auth required pam_mysql.so user=postfix passwd=PAROLA1 host=127.0.0.1 db=postfix table=mailbox usercolumn=username passwdcolumn=password crypt=1 md5=1

account sufficient pam_mysql.so user=postfix passwd=PAROLA1 host=127.0.0.1 db=postfix table=mailbox usercolumn=username passwdcolumn=password crypt=1 md5=1

editor /etc/postfix/sasl/smtpd.conf

pwcheck_method: saslauthd

mech_list: PLAIN LOGIN

log_level: 5

в файла /etc/default/saslauthd:

START=yes

MECHANISMS=”pam”

OPTIONS=”-c -r -m /var/spool/postfix/var/run/saslauthd”

mkdir /var/spool/postfix/var/

mkdir /var/spool/postfix/var/run/

mkdir /var/spool/postfix/var/run/saslauthd

chown -R root:sasl /var/spool/postfix/var/

chmod 710 /var/spool/postfix/var/run/saslauthd

adduser postfix sasl

ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd

отваряте файла /etc/init.d/postfix и намирате реда започващ с FILES

и го правите да изглежда така:

FILES=”etc/localtime etc/services etc/resolv.conf etc/hosts \

etc/nsswitch.conf etc/nss_mdns.config etc/postfix/sasl/smtpd.conf”

17. Настройка на филтри:

apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 unzoo libnet-ph-perl libnet-snpp-perl libnet-telnet-perl nomarch lzop pax

editor /etc/amavis/conf.d/50-user

use strict;

# Place your configuration directives here. They will override those in

# earlier files.

# See /usr/share/doc/amavisd-new/ for documentation and examples of

# the directives you can use in this file

$pax=’pax’;

#———— Do not modify anything below this line ————-

1; # ensure a defined return

18. в /etc/postfix/master.cf добавете следното накрая на файла:

amavis unix – – – – 2 smtp

-o smtp_data_done_timeout=1200

-o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n – – – – smtpd

-o content_filter=

-o local_recipient_maps=

-o relay_recipient_maps=

-o smtpd_restriction_classes=

-o smtpd_client_restrictions=

-o smtpd_helo_restrictions=

-o smtpd_sender_restrictions=

-o smtpd_recipient_restrictions=permit_mynetworks,reject

-o mynetworks=127.0.0.0/8

-o strict_rfc821_envelopes=yes

-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks

-o smtpd_bind_address=127.0.0.1

19. ще направим накрая бази за забранени клиенти, редактирайки ги можете да блокирате определени адреси/сървъри:

postmap /etc/postfix/access

postmap /etc/postfix/access-sender

postmap /etc/postfix/rbl-whitelist

не забравяйте че след всяко редактиране на файловете ще трябва да изпълнявате горните команди.

20. отворете 2ра конзола. в 1-вата въведете следната команда:

tail -f /var/log/mail.*

във втората конзола:

/etc/init.d/postfix restart; /etc/init.d/saslauthd restart; /etc/init.d/courier-imap restart; /etc/init.d/courier-imap-ssl restart; /etc/init.d/courier-pop restart; /etc/init.d/courier-pop-ssl restart; /etc/init.d/amavis restart;

предполагам, че съм пропуснал нещо в цялото това чудо. но.. “По грешките ще ги познаете”

Надявам се при вас да сработи

21. Пускане на SSL 465 порт на postfix:

editor /etc/postfix/master.cf

smtps inet n – – – – smtpd

-o smtpd_tls_wrappermode=yes

-o smtpd_sasl_auth_enable=yes