Virtuelle Benutzer und Domains mit Postfix, Courier, MySQL und SquirrelMail (Mandriva 2008.1)

Version 1.0
Author: Falko Timme


Diese Anleitung unterliegt dem Copyright (c) 2008 von Falko Timme. Sie stammt von einem Tutorial von Christoph Haas, das Du hier finden kannst: http://workaround.org. Du kannst dieses Tutorial unter der Creative Commons License 2.5 oder jeder neueren Version verwenden.
Dieses Dokument veranschaulicht, wie man einen Postfix Mail Server installiert, der auf virtuellen Benutzern und Domains basiert, d.h. Benutzer und Domains, die sich in einer MySQL Datenbank befinden. Weiterhin werde ich die Installation und Konfiguration von Courier (Courier-POP3, Courier-IMAP) aufzeigen, so dass sich Courier gegenüber der gleichen MySQL Datenbank authentifizieren kann, die Postfix verwendet.

Der daraus resultierende Postfix Server ist SMTP-AUTH-, TLS- und Quota-fähig (Quota ist in Postfix nicht automatisch integriert, ich werde zeigen, wie Du Dein Postfix richtig patchst). Passwörter werden in der Datenbank in verschlüsselter Form gespeichert (die meisten Dokumente, die ich fand, beschäftigen sich mit normalen Text-Passwörtern, was ein Sicherheitsrisiko darstellt). Zusätzlich befasst sich diese Anleitung mit der Installation von Amavisd, SpamAssassin und ClamAV, so dass E-Mails nach Spam und Viren gescannt werden. Weiterhin werde ich zeigen, wie man SquirrelMail als ein Webmail Interface installiert, damit Benutzer E-Mails lesen und senden können und ihre Passwörter ändern können.

Der Vorteil eines solchen “virtuellen” Setups (virtuelle Benutzer und Domains in einer MySQL Datenbank) ist, dass es weitaus leistungsfähiger als ein Setup, das auf “realen” Systembenutzern basiert. Mit diesem virtuellen Setup kann Dein Mail Server Tausende von Domains und Benutzern bedienen. Davon abgesehen, ist es einfacher zu verwalten, da man sich nur mit der MySQL Datenbank beschäftigen muss, wenn man neue Benutzer/Domains hinzufügt oder bereits vorhandene bearbeitet. Keine postmap Befehle mehr um db Dateien zu erstellen, kein Neuladen von Postfix, etc. Zur Administration der MySQL Datenbank kannst Du web-basierte Tools wie phpMyAdmin verwenden, die auch in dieser Anleitung installiert werden. Der dritte Vorteil ist, dass die Benutzer eine E-mail Adresse als Benutzernamen haben (anstelle eines Benutzernamens + E-mai Adresse), was einfacher zu verstehen ist und man kann es sich besser merken.

Diese Anleitung basiert auf Mandriva 2008.1 (i386). Du solltest bereits ein Mandriva Basissystem eingerichtet haben, was in den Kapiteln 1 bis 7 dieser Anleitung beschrieben wird: http://www.howtoforge.com/perfect-server-mandriva-2008.1. Bitte lass das Kapitel 6.3 "Creating An Auto-Update Script" aus, denn wenn es ein Postfix Update gibt, wird es unser benutzerdefiniertes Postfix, das wir in Kapitel 3 bauen, ersetzen!

Diese Anleitung ist ein praktischer Leitfaden und deckt kein theoretisches Hintergrundwissen ab. Dies wird in anderen Dokumenten im Web abgehandelt.

Diese Anleitung ist ohne jegliche Gewähr! Allerdings möchte ich an dieser Stelle darauf hinweisen, dass dies hier nicht der einzige Weg ist, ein solches System zu installieren. Es gibt viele Möglichkeiten - ich selbst habe mich für diese entschieden. Ich kann aber nicht garantieren, dass diese Lösung bei jedem funktioniert bzw. für jeden die richtige ist!

Vorbemerkung

Das System sollte eine statische IP Adresse haben. Ich verwende in dieser Anleitung 192.168.0.100 als meine IP Adresse und server1.example.com als Hostnamen.

1 Installation von Apache, MySQL, phpMyAdmin

Das kann alles mit nur einem Befehl installiert werden:

urpmi MySQL MySQL-client libmysql15-devel phpmyadmin db4-devel html2text libsasl-devel openssl-devel openldap-devel pcre-devel postgresql-devel rpm-build


2 Installation von Courier und Saslauthd

Um Courier und saslauthd zu installieren, führen wir einfach Folgendes aus:

urpmi courier-authlib courier-authlib-mysql courier-imap courier-pop cyrus-sasl libsasl2 libsasl2-devel libsasl2-plug-plain libsasl2-plug-anonymous libsasl2-plug-crammd5 libsasl2-plug-digestmd5 libsasl2-plug-gssapi libsasl2-plug-login


3 Einen Quota Patch in Postfix anbringen

Wir müssen das Postfix rpm Quell-Paket beziehen, es mit dem Quota Patch patchen, ein neues Postfix rpm Paket bauen und es installieren.

cd /usr/src
mkdir rpm
wget ftp://wftp.tu-chemnitz.de/pub/linux/mandrakelinux/official/2008.1/SRPMS/main/release/postfix-2.5.1-2mdv2008.1.src.rpm
rpm -ivh postfix-2.5.1-2mdv2008.1.src.rpm

Der letzte Befehl zeigt ein paar Warnungen, die Du aber ignorieren kannst:

warning: user mandrake does not exist - using root
warning: group mandrake does not exist - using root

Nun patchen wir die Postfix Quellen mit dem postfix-2.5.1-vda-ng Patch (von http://vda.sourceforge.net/):

cd /usr/src/rpm/SOURCES
tar xvfz postfix-2.5.1.tar.gz
wget http://vda.sourceforge.net/VDA/postfix-2.5.1-vda-ng.patch.gz
gunzip postfix-2.5.1-vda-ng.patch.gz
cd postfix-2.5.1
patch -p1 < ../postfix-2.5.1-vda-ng.patch
cd ..
mv postfix-2.5.1.tar.gz postfix-2.5.1.tar.gz_orig
tar -pczf postfix-2.5.1.tar.gz postfix-2.5.1/
rm -fr postfix-2.5.1/

Dann bauen wir unser neues Postfix rpm Paket mit Quota und MySQL Unterstützung:

cd /usr/src/rpm/SPECS/
rpmbuild -ba postfix.spec

Unser Postfix rpm Paket wird in /usr/src/rpm/RPMS/i586 erstellt, also begeben wir uns dorthin:

cd /usr/src/rpm/RPMS/i586

Der Befehl

ls -l

zeigt Dir die verfügbaren Pakete an:

[root@server1 i586]# ls -l
total 4712
-rw-r--r-- 1 root root 275303 2008-04-11 16:22 libpostfix1-2.5.1-2mdv2008.1.i586.rpm
-rw-r--r-- 1 root root 1822571 2008-04-11 16:22 postfix-2.5.1-2mdv2008.1.i586.rpm
-rw-r--r-- 1 root root 2608569 2008-04-11 16:22 postfix-debug-2.5.1-2mdv2008.1.i586.rpm
-rw-r--r-- 1 root root 27341 2008-04-11 16:22 postfix-ldap-2.5.1-2mdv2008.1.i586.rpm
-rw-r--r-- 1 root root 22208 2008-04-11 16:22 postfix-mysql-2.5.1-2mdv2008.1.i586.rpm
-rw-r--r-- 1 root root 22150 2008-04-11 16:22 postfix-pcre-2.5.1-2mdv2008.1.i586.rpm
-rw-r--r-- 1 root root 22266 2008-04-11 16:22 postfix-pgsql-2.5.1-2mdv2008.1.i586.rpm
[root@server1 i586]#

Deinstalliere zunächst Dein derzeitiges Postfix Paket...

urpme postfix

...wähle dann das postfix und das postfix-mysql Paket aus und installiere sie wie folgt:

rpm -ivh postfix-2.5.1-2mdv2008.1.i586.rpm postfix-mysql-2.5.1-2mdv2008.1.i586.rpm


4 MySQL Passwörter einrichten und phpMyAdmin konfigurieren

Der Netzwerkbetrieb in Mandriva 2008.1s MySQL Paket ist standardmäßig nicht aktiviert, wird aber von ISPConfig verlangt. Wir können das ändern, indem wir die Zeile skip-networking in /etc/my.cnf auskommentieren:

vi /etc/my.cnf


[...]
# Don't listen on a TCP/IP port at all. This can be a security enhancement, # if all processes that need to connect to mysqld run on the same host. # All interaction with mysqld must be made via Unix sockets or named pipes. # Note that using this option without enabling named pipes on Windows # (via the "enable-named-pipe" option) will render mysqld useless! # #skip-networking [...]
Danach erstellen wir die System Startup Links für Apache und MySQL...

chkconfig mysqld on
chkconfig httpd on

... und starten beide Dienste:

/etc/init.d/mysqld start
/etc/init.d/httpd start

Überprüfe nun, dass der Netzwerkbetrieb aktiviert ist. Führe dies aus

netstat -tap | grep mysql

Die Ausgabe sollte so aussehen:

[root@server1 i586]# netstat -tap | grep mysql
tcp 0 0 *:mysql-im *:* LISTEN 13537/mysqlmanager
tcp 0 0 *:mysql *:* LISTEN 13545/mysqld
[root@server1 i586]#

Wähle als Nächstes

mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword

um ein Passwort für den Benutzer root anzulegen (sonst kann jeder auf Deine MySQL Datenbank zugreifen!).

Nun kannst Du Deinen Browser auf http://server1.example.com/phpmyadmin/ oder http://192.168.0.100/phpmyadmin/ richten und Dich mit dem Benutzernamen root und Deinem neuen Root MySQL Passwort anmelden.

5 Die MySQL Datenbank für Postfix/Courier erstellen

Wir erstellen eine Datenbank mit der Bezeichnung mail:

mysqladmin -u root -p create mail

Als Nächstes begeben wir uns in die MySQL Kommandozeile:

mysql -u root -p

In der MySQL Kommandozeile erstellen wir den Benutzer mail_admin mit dem Passwort mail_admin_password (ersetze es mit einem Passwort Deiner Wahl), der SELECT,INSERT,UPDATE,DELETE Privilegien in der mail Datenbank hat. Mit diesem Benutzer werden sich Postfix und Courier mit der mail Datenbank in Verbindung setzen:

GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost' IDENTIFIED BY 'mail_admin_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost.localdomain' IDENTIFIED BY 'mail_admin_password';
FLUSH PRIVILEGES;

Immer noch in der MySQL Kommandozeile, erstellen wir die Tabellen, die Postfix und Courier benötigen:

USE mail;


CREATE TABLE domains (
domain varchar(50) NOT NULL,
PRIMARY KEY (domain) )
TYPE=MyISAM;

CREATE TABLE forwardings (
source varchar(80) NOT NULL,
destination TEXT NOT NULL,
PRIMARY KEY (source) )
TYPE=MyISAM;

CREATE TABLE users (
email varchar(80) NOT NULL,
password varchar(20) NOT NULL,
quota INT(10) DEFAULT '10485760',
PRIMARY KEY (email)
) TYPE=MyISAM;

CREATE TABLE transport (
domain varchar(128) NOT NULL default '',
transport varchar(128) NOT NULL default '',
UNIQUE KEY domain (domain)
) TYPE=MyISAM;

quit;

Wie Dir vielleicht aufgefallen sein wird, haben wir die MySQL Kommandozeile mit dem quit; Befehl verlassen und befinden uns wieder in der Linux Kommandozeile.

Die domains Tabelle speichert jede virtuelle Domain, für die Postfix E-Mails erhalten sollte (z.B. example.com).
domain
example.comDie forwardings Tabelle ist für das Aliasing einer E-Mail Adresse zur anderen, z.B. E-Mails für info@example.com an sales@example.com weiterleiten.
source destination
info@example.com sales@example.comDie users Tabelle speichert alle virtuellen Benutzer (d.h. E-Mail Adressen, da E-Mail Adresse und Benutzername identsich sind), Passwörter (in verschlüsselter Form!) und einen Quota-Wert für jede Mail Box (in diesem Beispiel ist der Standardwert 10485760 Bytes, was 10MB bedeutet).
email password quota
sales@example.com No9.E4skNvGa. ("secret" in encrypted form) 10485760Die transport Tabelle ist optional, sie ist für fortgeschrittene Benutzer geeignet. Sie erlaubt Mails an einzelne Benutzer, ganze Domains oder alle Mails an einen anderen Server weiterzuleiten. Zum Beispiel würde
domain transport
example.com smtp:[1.2.3.4]alle E-Mails für example.com via smtp Protokoll an den Server mit der IP Adresse 1.2.3.4 weiterleiten (die eckigen Klammern [] bedeuten “schlage den MX DNS Record nicht nach” (was für IP Adressen Sinn macht…). Wenn Du stattdessen einen Fully Qualified Domain Name (FQDN) nutzt, verwendest Du die eckigen Klammern nicht.).

6 Konfiguration von Postfix

Nun müssen wir Postfix mitteilen, wo es alle Informationen in der Datenbank finden kann. Dafür müssen wir sechs Textdateien erstellen. Du wirst feststellen, dass ich Postfix mitteile, sich mit MySQL auf der IP Adresse 127.0.0.1 anstatt sich mit localhost zu verbinden. Postfix läuft in einem Chroot Gefängnis und hat keinen Zugriff auf den MySQL Socket welchen er versuchen würde zu verbinden, wenn ich Postfix mitgeteilt hätte, localhost zu verwenden. Wenn ich 127.0.0.1 verwende, nutzt Postfix den TCP Netzwerkbetrieb um sich mit MySQL zu verbinden, was auch im Chroot Gefängnis kein Problem darstellt (die Alternative wäre den MySQL Socket in ein Chroot Gefängnis zu verschieben, was wieder andere Probleme verursacht).

Lass uns nun unsere sechs Textdateien erstellen.

vi /etc/postfix/mysql-virtual_domains.cf


user = mail_admin
password = mail_admin_password dbname = mail query = SELECT domain AS virtual FROM domains WHERE domain='%s' hosts = 127.0.0.1

vi /etc/postfix/mysql-virtual_forwardings.cf


user = mail_admin
password = mail_admin_password dbname = mail query = SELECT destination FROM forwardings WHERE source='%s' hosts = 127.0.0.1

vi /etc/postfix/mysql-virtual_mailboxes.cf


user = mail_admin
password = mail_admin_password dbname = mail query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM users WHERE email='%s' hosts = 127.0.0.1

vi /etc/postfix/mysql-virtual_email2email.cf


user = mail_admin
password = mail_admin_password dbname = mail query = SELECT email FROM users WHERE email='%s' hosts = 127.0.0.1

vi /etc/postfix/mysql-virtual_transports.cf


user = mail_admin
password = mail_admin_password dbname = mail query = SELECT transport FROM transport WHERE domain='%s' hosts = 127.0.0.1

vi /etc/postfix/mysql-virtual_mailbox_limit_maps.cf


user = mail_admin
password = mail_admin_password dbname = mail query = SELECT quota FROM users WHERE email='%s' hosts = 127.0.0.1

chmod o= /etc/postfix/mysql-virtual_*.cf
chgrp postfix /etc/postfix/mysql-virtual_*.cf

Nun erstellen wir einen Benutzer und eine Gruppe namens vmail mit dem Home Verzeichnis /home/vmail. Hier werden alle Mail Boxes gespeichert.

groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /home/vmail -m

Als Nächstes werden wir Postfix etwas konfigurieren. Pass auf, dass Du server1.example.com mit einem gültigen FQDN ersetzt, sonst kann es sein, dass Dein Postfix nicht richtig funktioniert!

postconf -e 'myhostname = server1.example.com'
postconf -e 'mydestination = server1.example.com, localhost, localhost.localdomain'
postconf -e 'mynetworks = 127.0.0.0/8'
postconf -e 'virtual_alias_domains ='
postconf -e ' virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf'
postconf -e 'virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf'
postconf -e 'virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf'
postconf -e 'virtual_mailbox_base = /home/vmail'
postconf -e 'virtual_uid_maps = static:5000'
postconf -e 'virtual_gid_maps = static:5000'
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_sasl_authenticated_header = yes'
postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/smtpd.cert'
postconf -e 'smtpd_tls_key_file = /etc/postfix/smtpd.key'
postconf -e 'transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf'
postconf -e 'virtual_create_maildirsize = yes'
postconf -e 'virtual_mailbox_extended = yes'
postconf -e 'virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf'
postconf -e 'virtual_mailbox_limit_override = yes'
postconf -e 'virtual_maildir_limit_message = "The user you are trying to reach is over quota."'
postconf -e 'virtual_overquota_bounce = yes'
postconf -e 'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps'
postconf -e 'inet_interfaces = all'
postconf -e 'alias_database = hash:/etc/postfix/aliases'
postconf -e 'alias_maps = hash:/etc/postfix/aliases'

Danach erstellen wir das SSL Zertifikat, das für TLS benötigt wird:

cd /etc/postfix
openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509

Country Name (2 letter code) [GB]: <-- Enter your Country Name (e.g., "DE").
State or Province Name (full name) [Berkshire]: <-- Enter your State or Province Name.
Locality Name (eg, city) [Newbury]: <-- Enter your City.
Organization Name (eg, company) [My Company Ltd]: <-- Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []: <-- Enter your Organizational Unit Name (e.g. "IT Department").
Common Name (eg, your name or your server's hostname) []: <-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
Email Address []: <-- Enter your Email Address.

Ändere dann die Berechtigungen des smtpd.keys:

chmod o= /etc/postfix/smtpd.key


7 Konfiguration von Saslauthd

Bearbeite /etc/sasl2/smtpd.conf. So sollte es aussehen:

vi /etc/sasl2/smtpd.conf


# all parameters are documented into:
# /usr/share/doc/cyrus-sasl/options.html # The mech_list parameters list the sasl mechanisms to use, # default being all mechs found. #mech_list: plain login # To authenticate using the separate saslauthd daemon, (e.g. for # system or ldap users). Also see /etc/sysconfig/saslauthd. #pwcheck_method: saslauthd #saslauthd_path: /var/lib/sasl2/mux # To authenticate against users stored in sasldb. #pwcheck_method: auxprop #auxprop_plugin: sasldb #sasldb_path: /var/lib/sasl2/sasl.db pwcheck_method: authdaemond log_level: 3 mech_list: PLAIN LOGIN authdaemond_path:/var/lib/authdaemon/socket
Erstelle dann die System Startup Links für Postfix und starte Postfix, saslauthd und courier-authdaemon:

chmod 755 /var/lib/authdaemon
chkconfig postfix on
/etc/init.d/courier-authdaemon start
/etc/init.d/postfix start
/etc/init.d/saslauthd start

8 Konfiguration von Courier

Nun müssen wir Courier mitteilen, dass es sich gegenüber unserer MySQL Datenbank authentifizieren soll. Bearbeite zunächst /etc/courier/authdaemonrc und ändere den Wert von authmodulelist so dass es heißt

vi /etc/courier/authdaemonrc


[...]
authmodulelist="authmysql" #authmodulelist="authpam authpwd authshadow" [...]
Bearbeite dann /etc/courier/authmysqlrc. Es sollte ganz genau so aussehen (noch mal, vergewissere Dich, dass Du die korrekten Datenbank-Angaben eingibst):

cp /etc/courier/authmysqlrc /etc/courier/authmysqlrc_orig
cat /dev/null > /etc/courier/authmysqlrc
vi /etc/courier/authmysqlrc

MYSQL_SERVER localhost
MYSQL_USERNAME mail_admin MYSQL_PASSWORD mail_admin_password MYSQL_PORT 0 MYSQL_DATABASE mail MYSQL_USER_TABLE users MYSQL_CRYPT_PWFIELD password #MYSQL_CLEAR_PWFIELD password MYSQL_UID_FIELD 5000 MYSQL_GID_FIELD 5000 MYSQL_LOGIN_FIELD email MYSQL_HOME_FIELD "/home/vmail" MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') #MYSQL_NAME_FIELD MYSQL_QUOTA_FIELD quota
Starte dann Courier neu:

/etc/init.d/courier-authdaemon restart
/etc/init.d/courier-imapd restart
/etc/init.d/courier-pop3d restart

Wenn Du Folgendes ausführst

telnet localhost pop3

kannst Du sehen, ob Dein POP3 Server richtig funktioniert. Er sollte +OK Hello there. zurückgeben (tippe quit um wieder zur Linux Kommandozeile zu gelangen):

[root@server1 postfix]# telnet localhost pop3
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK Hello there.
quit
+OK Better luck next time.
Connection closed by foreign host.
[root@server1 postfix]#

9 Installation von Amavisd-new, SpamAssassin und ClamAV

Um amavisd-new, spamassassin und clamav zu installieren, führe folgenden Befehl aus:

urpmi amavisd-new spamassassin spamassassin-spamc spamassassin-spamd pax cabextract lha lzop ncompress nomarch clamd clamav unzip bzip2 arj freeze p7zip

Nun müssen wir /etc/amavisd/amavisd.conf bearbeiten.

vi /etc/amavisd/amavisd.conf

In dieser Datei ändern wir sechs Stellen:

1) Ändere
$inet_socket_port = 10025;   # listen on this local TCP port(s)
zu
$inet_socket_port = 10024;   # listen on this local TCP port(s)
2) Ändere
$sa_tag_level_deflt  = 1.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 4.9; # add 'spam detected' headers at that level $sa_kill_level_deflt = 4.9; # triggers spam evasive actions (e.g. blocks mail) $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
zu
$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 4.0; # add 'spam detected' headers at that level $sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions (e.g. blocks mail) $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
(Natürlich kannst Du die Spam Scores an Deine Wünsche anpassen.)

3) Ändere
# @lookup_sql_dsn =
# ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'], # ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'], # ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] ); # @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database
zu
# @lookup_sql_dsn =
# ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'], # ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'], # ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] ); # @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database @lookup_sql_dsn = ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'mail_admin', 'mail_admin_password'] ); $sql_select_policy = 'SELECT "Y" as local FROM domains WHERE CONCAT("@",domain) IN (%k)'; $sql_select_white_black_list = undef; # undef disables SQL white/blacklisting $recipient_delimiter = '+'; # (default is '+') $replace_existing_extension = 1; # (default is false) $localpart_is_case_sensitive = 0; # (default is false)
(Pass auf, dass Du die korrekten Datenbank-Angaben eingibst!)

4) Ändere
# $recipient_delimiter = '+';  # undef disables address extensions altogether
# when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+
zu
$recipient_delimiter = undef;  # undef disables address extensions altogether
# $recipient_delimiter = '+'; # undef disables address extensions altogether # when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+
5) Ändere
# $notify_method  = 'smtp:[127.0.0.1]:10026';
# $forward_method = 'smtp:[127.0.0.1]:10026'; # set to undef with milter!
zu
$notify_method  = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter!
6) Ändere
# $final_virus_destiny      = D_DISCARD;
# $final_banned_destiny = D_BOUNCE; # $final_spam_destiny = D_PASS; # $final_bad_header_destiny = D_PASS;
zu
$final_virus_destiny      = D_REJECT;
$final_banned_destiny = D_REJECT; $final_spam_destiny = D_PASS; $final_bad_header_destiny = D_PASS;
(Natürlich kannst Du selbst entscheiden, was mit Spam und Viren passieren soll. Ich habe mit dafür entschieden, Spam zu akzeptieren (D_PASS), so dass Spam in meinem E-Mail Client mit einem einfachen Filter Rule (basierend auf dem Betreff, der von amavisd-new umgeschrieben wird, wenn er denkt, dass es Spam ist) gefiltert werden kann. Die erlaubten Aktionen (D_PASS, D_DISCARD, D_BOUNCE und D_REJECT) werden hier erklärt: http://www.ijs.si/software/amavisd/amavisd-new-docs.html#actions)


Nach meinen Änderungen sieht /etc/amavisd/amavisd.conf wie folgt aus:
use strict;
# a minimalistic configuration file for amavisd-new with all necessary settings # # see amavisd.conf-default for a list of all variables with their defaults; # see amavisd.conf-sample for a traditional-style commented file; # for more details see documentation in INSTALL, README_FILES/* # and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html # COMMONLY ADJUSTED SETTINGS: # @bypass_virus_checks_maps = (1); # controls running of anti-virus code # @bypass_spam_checks_maps = (1); # controls running of anti-spam code # $bypass_decode_parts = 1; # controls running of decoders&dearchivers $max_servers = 2; # num of pre-forked children (2..30 is common), -m $daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u $daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g $mydomain = 'localhost.localdomain'; # a convenient default for other settings # $MYHOME = '/var/lib/amavis'; # a convenient default for other settings, -H $TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T $ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc. $QUARANTINEDIR = '/var/spool/amavis/virusmails'; # -Q # $quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine # $daemon_chroot_dir = $MYHOME; # chroot directory or undef, -R # $db_home = "$MYHOME/db"; # dir for bdb nanny/cache/snmp databases, -D # $helpers_home = "$MYHOME/var"; # working directory for SpamAssassin, -S # $lock_file = "$MYHOME/var/lib/amavisd.lock"; # -L # $pid_file = "$MYHOME/var/lib/amavisd.pid"; # -P #NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually $log_level = 0; # verbosity 0..5, -d $log_recip_templ = undef; # disable by-recipient level-0 log entries $DO_SYSLOG = 1; # log via syslogd (preferred) $syslog_facility = 'mail'; # Syslog facility as a string # e.g.: mail, daemon, user, local0, ... local7 $syslog_priority = 'debug'; # Syslog base (minimal) priority as a string, # choose from: emerg, alert, crit, err, warning, notice, info, debug $enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny) $enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1 $nanny_details_level = 2; # nanny verbosity: 1: traditional, 2: detailed @local_domains_maps = ( [".$mydomain"] ); # list of all local domains @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ); $unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter # option(s) -p overrides $inet_socket_port and $unix_socketname #$inet_socket_port = 10025; # listen on this local TCP port(s) $inet_socket_port = 10024; # listen on this local TCP port(s) # $inet_socket_port = [10024,10026]; # listen on multiple TCP ports $policy_bank{'MYNETS'} = { # mail originating from @mynetworks originating => 1, # is true in MYNETS by default, but let's make it explicit os_fingerprint_method => undef, # don't query p0f for internal clients }; # it is up to MTA to re-route mail from authenticated roaming users or # from internal hosts to a dedicated TCP port (such as 10026) for filtering $interface_policy{'10026'} = 'ORIGINATING'; $policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users originating => 1, # declare that mail was submitted by our smtp client allow_disclaimers => 1, # enables disclaimer insertion if available # notify administrator of locally originating malware virus_admin_maps => ["virusalert@$mydomain"], spam_admin_maps => ["virusalert@$mydomain"], warnbadhsender => 1, # forward to a smtpd service providing DKIM signing service forward_method => 'smtp:[127.0.0.1]:10027', # force MTA conversion to 7-bit (e.g. before DKIM signing) smtpd_discard_ehlo_keywords => ['8BITMIME'], bypass_banned_checks_maps => [1], # allow sending any file names and types terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option }; $interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname # Use with amavis-release over a socket or with Petr Rehor's amavis-milter.c # (with amavis-milter.c from this package or old amavis.c client use 'AM.CL'): $policy_bank{'AM.PDP-SOCK'} = { protocol => 'AM.PDP', auth_required_release => 0, # do not require secret_id for amavisd-release }; #$sa_tag_level_deflt = 1.0; # add spam info headers if at, or above that level #$sa_tag2_level_deflt = 4.9; # add 'spam detected' headers at that level #$sa_kill_level_deflt = 4.9; # triggers spam evasive actions (e.g. blocks mail) #$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent $sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 4.0; # add 'spam detected' headers at that level $sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions (e.g. blocks mail) $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent # $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off $penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn database) $penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam $sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger $sa_local_tests_only = 0; # only tests which do not require internet access? # @lookup_sql_dsn = # ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'], # ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'], # ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] ); # @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database @lookup_sql_dsn = ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'mail_admin', 'howtoforge'] ); $sql_select_policy = 'SELECT "Y" as local FROM domains WHERE CONCAT("@",domain) IN (%k)'; $sql_select_white_black_list = undef; # undef disables SQL white/blacklisting $recipient_delimiter = '+'; # (default is '+') $replace_existing_extension = 1; # (default is false) $localpart_is_case_sensitive = 0; # (default is false) # $timestamp_fmt_mysql = 1; # if using MySQL *and* msgs.time_iso is TIMESTAMP; # defaults to 0, which is good for non-MySQL or if msgs.time_iso is CHAR(16) $virus_admin = "virusalert@$mydomain"; # notifications recip. $mailfrom_notify_admin = "virusalert@$mydomain"; # notifications sender $mailfrom_notify_recip = "virusalert@$mydomain"; # notifications sender $mailfrom_notify_spamadmin = "spam.police@$mydomain"; # notifications sender $mailfrom_to_quarantine = ''; # null return path; uses original sender if undef @addr_extension_virus_maps = ('virus'); @addr_extension_banned_maps = ('banned'); @addr_extension_spam_maps = ('spam'); @addr_extension_bad_header_maps = ('badh'); $recipient_delimiter = undef; # undef disables address extensions altogether # $recipient_delimiter = '+'; # undef disables address extensions altogether # when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+ $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin'; # $dspam = 'dspam'; $MAXLEVELS = 14; $MAXFILES = 1500; $MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced) $MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced) $sa_spam_subject_tag = '***SPAM*** '; $defang_virus = 1; # MIME-wrap passed infected mail $defang_banned = 1; # MIME-wrap passed mail containing banned name # for defanging bad headers only turn on certain minor contents categories: $defang_by_ccat{+CC_BADH.",3"} = 1; # NUL or CR character in header $defang_by_ccat{+CC_BADH.",5"} = 1; # header line longer than 998 characters $defang_by_ccat{+CC_BADH.",6"} = 1; # header field syntax error # OTHER MORE COMMON SETTINGS (defaults may suffice): # $myhostname = 'host.example.com'; # must be a fully-qualified domain name! # $notify_method = 'smtp:[127.0.0.1]:10026'; # $forward_method = 'smtp:[127.0.0.1]:10026'; # set to undef with milter! $notify_method = 'smtp:[127.0.0.1]:10025'; $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter! # $final_virus_destiny = D_DISCARD; # $final_banned_destiny = D_BOUNCE; # $final_spam_destiny = D_PASS; # $final_bad_header_destiny = D_PASS; $final_virus_destiny = D_REJECT; $final_banned_destiny = D_REJECT; $final_spam_destiny = D_PASS; $final_bad_header_destiny = D_PASS; # $bad_header_quarantine_method = undef; # $os_fingerprint_method = 'p0f:*:2345'; # to query p0f-analyzer.pl ## hierarchy by which a final setting is chosen: ## policy bank (based on port or IP address) -> *_by_ccat ## *_by_ccat (based on mail contents) -> *_maps ## *_maps (based on recipient address) -> final configuration value # SOME OTHER VARIABLES WORTH CONSIDERING (see amavisd.conf-default for all) # $warnbadhsender, # $warnvirusrecip, $warnbannedrecip, $warnbadhrecip, (or @warn*recip_maps) # # @bypass_virus_checks_maps, @bypass_spam_checks_maps, # @bypass_banned_checks_maps, @bypass_header_checks_maps, # # @virus_lovers_maps, @spam_lovers_maps, # @banned_files_lovers_maps, @bad_header_lovers_maps, # # @blacklist_sender_maps, @score_sender_maps, # # $clean_quarantine_method, $virus_quarantine_to, $banned_quarantine_to, # $bad_header_quarantine_to, $spam_quarantine_to, # # $defang_bad_header, $defang_undecipherable, $defang_spam # REMAINING IMPORTANT VARIABLES ARE LISTED HERE BECAUSE OF LONGER ASSIGNMENTS @keep_decoded_original_maps = (new_RE( # qr'^MAIL$', # retain full original message for virus checking (can be slow) qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, # qr'^Zip archive data', # don't trust Archive::Zip )); # for $banned_namepath_re (a new-style of banned table) see amavisd.conf-sample $banned_filename_re = new_RE( ### BLOCKED ANYWHERE # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components qr'^.(exe-ms|dll)$', # banned file(1) types, rudimentary # qr'^.(exe|lha|tnef|cab|dll)$', # banned file(1) types ### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES: # [ qr'^.(gz|bz2)$' => 0 ], # allow any in gzip or bzip2 [ qr'^.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives qr'..(pif|scr)$'i, # banned extensions - rudimentary # qr'^.zip$', # block zip type ### BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES: # [ qr'^.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within these archives qr'^application/x-msdownload$'i, # block these MIME types qr'^application/x-msdos-program$'i, qr'^application/hta$'i, # qr'^message/partial$'i, # rfc2046 MIME type # qr'^message/external-body$'i, # rfc2046 MIME type # qr'^(application/x-msmetafile|image/x-wmf)$'i, # Windows Metafile MIME type # qr'^.wmf$', # Windows Metafile file(1) type # block certain double extensions in filenames qr'.[^./]*[A-Za-z][^./]*.s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.s]*$'i, # qr'{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}}?'i, # Class ID CLSID, strict # qr'{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}}?'i, # Class ID extension CLSID, loose qr'..(exe|vbs|pif|scr|cpl)$'i, # banned extension - basic # qr'..(exe|vbs|pif|scr|cpl|bat|cmd|com)$'i, # banned extension - basic+cmd # qr'..(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta| # inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst| # ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs| # wmf|wsc|wsf|wsh)$'ix, # banned ext - long # qr'..(ani|cur|ico)$'i, # banned cursors and icons filename # qr'^.ani$', # banned animated cursor file(1) type # qr'..(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab. ); # See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631 # and http://www.cknow.com/vtutor/vtextensions.htm # ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING @score_sender_maps = ({ # a by-recipient hash lookup table, # results from all matching recipient tables are summed # ## per-recipient personal tables (NOTE: positive: black, negative: white) # 'user1@example.com' => [{'bla-mobile.press@example.com' => 10.0}], # 'user3@example.com' => [{'.ebay.com' => -3.0}], # 'user4@example.com' => [{'cleargreen@cleargreen.com' => -7.0, # '.cleargreen.com' => -5.0}], ## site-wide opinions about senders (the '.' matches any recipient) '.' => [ # the _first_ matching sender determines the score boost new_RE( # regexp-type lookup table, just happens to be all soft-blacklist [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0], [qr'^(greatcasino|investments|lose_weight_today|market.alert)@'i=> 5.0], [qr'^(money2you|MyGreenCard|new.tld.registry|opt-out|opt-in)@'i=> 5.0], [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0], [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0], [qr'^(your_friend|greatoffers)@'i => 5.0], [qr'^(inkjetplanet|marketopt|MakeMoney)d*@'i => 5.0], ), # read_hash("/var/lib/amavis/sender_scores_sitewide"), { # a hash-type lookup table (associative array) 'nobody@cert.org' => -3.0, 'cert-advisory@us-cert.gov' => -3.0, 'owner-alert@iss.net' => -3.0, 'slashdot@slashdot.org' => -3.0, 'securityfocus.com' => -3.0, 'ntbugtraq@listserv.ntbugtraq.com' => -3.0, 'security-alerts@linuxsecurity.com' => -3.0, 'mailman-announce-admin@python.org' => -3.0, 'amavis-user-admin@lists.sourceforge.net'=> -3.0, 'amavis-user-bounces@lists.sourceforge.net' => -3.0, 'spamassassin.apache.org' => -3.0, 'notification-return@lists.sophos.com' => -3.0, 'owner-postfix-users@postfix.org' => -3.0, 'owner-postfix-announce@postfix.org' => -3.0, 'owner-sendmail-announce@lists.sendmail.org' => -3.0, 'sendmail-announce-request@lists.sendmail.org' => -3.0, 'donotreply@sendmail.org' => -3.0, 'ca+envelope@sendmail.org' => -3.0, 'noreply@freshmeat.net' => -3.0, 'owner-technews@postel.acm.org' => -3.0, 'ietf-123-owner@loki.ietf.org' => -3.0, 'cvs-commits-list-admin@gnome.org' => -3.0, 'rt-users-admin@lists.fsck.com' => -3.0, 'clp-request@comp.nus.edu.sg' => -3.0, 'surveys-errors@lists.nua.ie' => -3.0, 'emailnews@genomeweb.com' => -5.0, 'yahoo-dev-null@yahoo-inc.com' => -3.0, 'returns.groups.yahoo.com' => -3.0, 'clusternews@linuxnetworx.com' => -3.0, lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0, lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0, # soft-blacklisting (positive score) 'sender@example.net' => 3.0, '.example.net' => 1.0, }, ], # end of site-wide tables }); @decoders = ( ['mail', &do_mime_decode], ['asc', &do_ascii], ['uue', &do_ascii], ['hqx', &do_ascii], ['ync', &do_ascii], ['F', &do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ], ['Z', &do_uncompress, ['uncompress','gzip -d','zcat'] ], ['gz', &do_uncompress, 'gzip -d'], ['gz', &do_gunzip], ['bz2', &do_uncompress, 'bzip2 -d'], ['lzo', &do_uncompress, 'lzop -d'], ['rpm', &do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ], ['cpio', &do_pax_cpio, ['pax','gcpio','cpio'] ], ['tar', &do_pax_cpio, ['pax','gcpio','cpio'] ], ['deb', &do_ar, 'ar'], # ['a', &do_ar, 'ar'], # unpacking .a seems an overkill ['zip', &do_unzip], ['7z', &do_7zip, ['7zr','7za','7z'] ], ['rar', &do_unrar, ['rar','unrar'] ], ['arj', &do_unarj, ['arj','unarj'] ], ['arc', &do_arc, ['nomarch','arc'] ], ['zoo', &do_zoo, ['zoo','unzoo'] ], ['lha', &do_lha, 'lha'], # ['doc', &do_ole, 'ripole'], ['cab', &do_cabextract, 'cabextract'], ['tnef', &do_tnef_ext, 'tnef'], ['tnef', &do_tnef], # ['sit', &do_unstuff, 'unstuff'], # broken/unsafe decoder ['exe', &do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ], ); @av_scanners = ( # ### http://www.clanfield.info/sophie/ (http://www.vanja.com/tools/sophie/) # ['Sophie', # &ask_daemon, ["{}/n", '/var/run/sophie'], # qr/(?x)^ 0+ ( : | [?00rn]* $)/, qr/(?x)^ 1 ( : | [?00rn]* $)/, # qr/(?x)^ [-+]? d+ : (.*?) [?00rn]* $/ ], # ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/ # ['Sophos SAVI', &sophos_savi ], # ### http://www.clamav.net/ ['ClamAV-clamd', &ask_daemon, ["CONTSCAN {}n", "/var/lib/clamav/clamd.socket"], qr/bOK$/, qr/bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], # NOTE: run clamd under the same user as amavisd, or run it under its own # uid such as clamav, add user clamav to the amavis group, and then add # AllowSupplementaryGroups to clamd.conf; # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in # this entry; when running chrooted one may prefer socket "$MYHOME/clamd". # ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred) # # note that Mail::ClamAV requires perl to be build with threading! # ['Mail::ClamAV', &ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/], # ### http://www.openantivirus.org/ # ['OpenAntiVirus ScannerDaemon (OAV)', # &ask_daemon, ["SCAN {}n", '127.0.0.1:8127'], # qr/^OK/, qr/^FOUND: /, qr/^FOUND: (.+)/ ], # ### http://www.vanja.com/tools/trophie/ # ['Trophie', # &ask_daemon, ["{}/n", '/var/run/trophie'], # qr/(?x)^ 0+ ( : | [?00rn]* $)/, qr/(?x)^ 1 ( : | [?00rn]* $)/, # qr/(?x)^ [-+]? d+ : (.*?) [?00rn]* $/ ], # ### http://www.grisoft.com/ # ['AVG Anti-Virus', # &ask_daemon, ["SCAN {}n", '127.0.0.1:55555'], # qr/^200/, qr/^403/, qr/^403 .*?: ([^rn]+)/ ], # ### http://www.f-prot.com/ # ['F-Prot fpscand', # F-PROT Antivirus for BSD/Linux/Solaris, version 6 # &ask_daemon, # ["SCAN FILE {}/*n", '127.0.0.1:10200'], # qr/^(0|8|64) /, # qr/^([1235679]|1[01345]) |<[^>:]*(?i)(infected|suspicious|unwanted)/, # qr/(?i)<[^>:]*(?:infected|suspicious|unwanted)[^>:]*: ([^>]*)>/ ], # ### http://www.f-prot.com/ # ['F-Prot f-protd', # old version # &ask_daemon, # ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0rnrn", # ['127.0.0.1:10200', '127.0.0.1:10201', '127.0.0.1:10202', # '127.0.0.1:10203', '127.0.0.1:10204'] ], # qr/(?i)<summary[^>]*>clean</summary>/, # qr/(?i)<summary[^>]*>infected</summary>/, # qr/(?i)<name>(.+)</name>/ ], # ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/ # ['DrWebD', &ask_daemon, # DrWebD 4.31 or later # [pack('N',1). # DRWEBD_SCAN_CMD # pack('N',0x00280001). # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES # pack('N', # path length # length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")). # '{}/*'. # path # pack('N',0). # content size # pack('N',0), # '/var/drweb/run/drwebd.sock', # # '/var/lib/amavis/var/run/drwebd.sock', # suitable for chroot # # '/usr/local/drweb/run/drwebd.sock', # FreeBSD drweb ports default # # '127.0.0.1:3000', # or over an inet socket # ], # qr/Ax00[x10x11][x00x10]x00/s, # IS_CLEAN,EVAL_KEY; SKIPPED # qr/Ax00[x00x01][x00x10][x20x40x80]/s, # KNOWN_V,UNKNOWN_V,V._MODIF # qr/A.{12}(?:infected with )?([^x00]+)x00/s, # ], # # NOTE: If using amavis-milter, change length to: # # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx"). ### http://www.kaspersky.com/ (kav4mailservers) ['KasperskyLab AVP - aveclient', ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient', '/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'], '-p /var/run/aveserver -s {}/*', [0,3,6,8], qr/b(INFECTED|SUSPICION|SUSPICIOUS)b/, qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.+)/, ], # NOTE: one may prefer [0],[2,3,4,5], depending on how suspicious, # currupted or protected archives are to be handled ### http://www.kaspersky.com/ ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'], '-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ? qr/infected: (.+)/, sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"}, sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, ], ### The kavdaemon and AVPDaemonClient have been removed from Kasperky ### products and replaced by aveserver and aveclient ['KasperskyLab AVPDaemonClient', [ '/opt/AVP/kavdaemon', 'kavdaemon', '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient', '/opt/AVP/AvpTeamDream', 'AvpTeamDream', '/opt/AVP/avpdc', 'avpdc' ], "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^rn]+)/ ], # change the startup-script in /etc/init.d/kavd to: # DPARMS="-* -Y -dl -f=/var/lib/amavis /var/lib/amavis" # (or perhaps: DPARMS="-I0 -Y -* /var/lib/amavis" ) # adjusting /var/lib/amavis above to match your $TEMPBASE. # The '-f=/var/lib/amavis' is needed if not running it as root, so it # can find, read, and write its pid file, etc., see 'man kavdaemon'. # defUnix.prf: there must be an entry "*/var/lib/amavis" (or whatever # directory $TEMPBASE specifies) in the 'Names=' section. # cd /opt/AVP/DaemonClients; configure; cd Sample; make # cp AvpDaemonClient /opt/AVP/ # su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}" ### http://www.centralcommand.com/ ['CentralCommand Vexira (new) vascan', ['vascan','/usr/lib/Vexira/vascan'], "-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ". "--log=/var/log/vascan.log {}", [0,3], [1,2,5], qr/(?x)^s* (?:virus|iworm|macro|mutant|sequence|trojan) found: ( [^]s']+ ) ... / ], # Adjust the path of the binary and the virus database as needed. # 'vascan' does not allow to have the temp directory to be the same as # the quarantine directory, and the quarantine option can not be disabled. # If $QUARANTINEDIR is not used, then another directory must be specified # to appease 'vascan'. Move status 3 to the second list if password # protected files are to be considered infected. ### http://www.avira.com/ ### Avira AntiVir (formerly H+BEDV) or (old) CentralCommand Vexira Antivirus ['Avira AntiVir', ['antivir','vexira'], '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/, qr/(?x)^s* (?: ALERT: s* (?: [ | [^']* ' ) | (?i) VIRUS: .*? virus '?) ( [^]s']+ )/ ], # NOTE: if you only have a demo version, remove -z and add 214, as in: # '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/, ### http://www.commandsoftware.com/ ['Command AntiVirus for Linux', 'csav', '-all -archive -packed {}', [50], [51,52,53], qr/Infection: (.+)/ ], ### http://www.symantec.com/ ['Symantec CarrierScan via Symantec CommandLineScanner', 'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}', qr/^Files Infected:s+0$/, qr/^Infectedb/, qr/^(?:Info|Virus Name):s+(.+)/ ], ### http://www.symantec.com/ ['Symantec AntiVirus Scan Engine', 'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}', [0], qr/^Infectedb/, qr/^(?:Info|Virus Name):s+(.+)/ ], # NOTE: check options and patterns to see which entry better applies # ### http://www.f-secure.com/products/anti-virus/ version 4.65 # ['F-Secure Antivirus for Linux servers', # ['/opt/f-secure/fsav/bin/fsav', 'fsav'], # '--delete=no --disinf=no --rename=no --archive=yes --auto=yes '. # '--dumb=yes --list=no --mime=yes {}', [0], [3,6,8], # qr/(?:infection|Infected|Suspected): (.+)/ ], ### http://www.f-secure.com/products/anti-virus/ version 5.52 ['F-Secure Antivirus for Linux servers', ['/opt/f-secure/fsav/bin/fsav', 'fsav'], '--virus-action1=report --archive=yes --auto=yes '. '--dumb=yes --list=no --mime=yes {}', [0], [3,4,6,8], qr/(?:infection|Infected|Suspected|Riskware): (.+)/ ], # NOTE: internal archive handling may be switched off by '--archive=no' # to prevent fsav from exiting with status 9 on broken archives # ### http://www.avast.com/ # ['avast! Antivirus daemon', # &ask_daemon, # greets with 220, terminate with QUIT # ["SCAN {}?15?12QUIT?15?12", '/var/run/avast4/mailscanner.sock'], # qr/t[+]/, qr/t[L]t/, qr/t[L]t([^[ t?15?12]+)/ ], # ### http://www.avast.com/ # ['avast! Antivirus - Client/Server Version', 'avastlite', # '-a /var/run/avast4/mailscanner.sock -n {}', [0], [1], # qr/t[L]t([^[ t?15?12]+)/ ], ['CAI InoculateIT', 'inocucmd', # retired product '-sec -nex {}', [0], [100], qr/was infected by virus (.+)/ ], # see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html ### http://www3.ca.com/Solutions/Product.asp?ID=156 (ex InoculateIT) ['CAI eTrust Antivirus', 'etrust-wrapper', '-arc -nex -spm h {}', [0], [101], qr/is infected by virus: (.+)/ ], # NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer # see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783 ### http://mks.com.pl/english.html ['MkS_Vir for Linux (beta)', ['mks32','mks'], '-s {}/*', [0], [1,2], qr/--[ t]*(.+)/ ], ### http://mks.com.pl/english.html ['MkS_Vir daemon', 'mksscan', '-s -q {}', [0], [1..7], qr/^... (S+)/ ], # ### http://www.nod32.com/, version v2.52 and above # ['ESET NOD32 for Linux Mail servers', # ['/opt/eset/nod32/bin/nod32cli', 'nod32cli'], # '--subdir --files -z --sfx --rtp --adware --unsafe --pattern --heur '. # '-w -a --action-on-infected=accept --action-on-uncleanable=accept '. # '--action-on-notscanned=accept {}', # [0,3], [1,2], qr/virus="([^"]+)"/ ], ### http://www.eset.com/, version v2.7 ['ESET NOD32 Linux Mail Server - command line interface', ['/usr/bin/nod32cli', '/opt/eset/nod32/bin/nod32cli', 'nod32cli'], '--subdir {}', [0,3], [1,2], qr/virus="([^"]+)"/ ], ## http://www.nod32.com/, NOD32LFS version 2.5 and above ['ESET NOD32 for Linux File servers', ['/opt/eset/nod32/sbin/nod32','nod32'], '--files -z --mail --sfx --rtp --adware --unsafe --pattern --heur '. '-w -a --action=1 -b {}', [0], [1,10], qr/^object=.*, virus="(.*?)",/ ], # Experimental, based on posting from Rado Dibarbora (Dibo) on 2002-05-31 # ['ESET Software NOD32 Client/Server (NOD32SS)', # &ask_daemon2, # greets with 200, persistent, terminate with QUIT # ["SCAN {}/*rn", '127.0.0.1:8448' ], # qr/^200 File OK/, qr/^201 /, qr/^201 (.+)/ ], ### http://www.norman.com/products_nvc.shtml ['Norman Virus Control v5 / Linux', 'nvcc', '-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14], qr/(?i).* virus in .* -> '(.+)'/ ], ### http://www.pandasoftware.com/ ['Panda CommandLineSecure 9 for Linux', ['/opt/pavcl/usr/bin/pavcl','pavcl'], '-auto -aex -heu -cmp -nbr -nor -nos -eng -nob {}', qr/Number of files infected[ .]*: 0+(?!d)/, qr/Number of files infected[ .]*: 0*[1-9]/, qr/Found virus :s*(S+)/ ], # NOTE: for efficiency, start the Panda in resident mode with 'pavcl -tsr' # before starting amavisd - the bases are then loaded only once at startup. # To reload bases in a signature update script: # /opt/pavcl/usr/bin/pavcl -tsr -ulr; /opt/pavcl/usr/bin/pavcl -tsr # Please review other options of pavcl, for example: # -nomalw, -nojoke, -nodial, -nohackt, -nospyw, -nocookies # ### http://www.pandasoftware.com/ # ['Panda Antivirus for Linux', ['pavcl'], # '-TSR -aut -aex -heu -cmp -nbr -nor -nso -eng {}', # [0], [0x10, 0x30, 0x50, 0x70, 0x90, 0xB0, 0xD0, 0xF0], # qr/Found virus :s*(S+)/ ], # GeCAD AV technology is acquired by Microsoft; RAV has been discontinued. # Check your RAV license terms before fiddling with the following two lines! # ['GeCAD RAV AntiVirus 8', 'ravav', # '--all --archive --mail {}', [1], [2,3,4,5], qr/Infected: (.+)/ ], # # NOTE: the command line switches changed with scan engine 8.5 ! # # (btw, assigning stdin to /dev/null causes RAV to fail) ### http://www.nai.com/ ['NAI McAfee AntiVirus (uvscan)', 'uvscan', '--secure -rv --mime --summary --noboot - {}', [0], [13], qr/(?x) Found (?: the (.+) (?:virus|trojan) | (?:virus|trojan) or variant ([^ ]+) | : (.+) NOT a virus)/, # sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'}, # sub {delete $ENV{LD_PRELOAD}}, ], # NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before # anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6 # and then clear it when finished to avoid confusing anything else. # NOTE2: to treat encrypted files as viruses replace the [13] with: # qr/^s{5,}(Found|is password-protected|.*(virus|trojan))/ ### http://www.virusbuster.hu/en/ ['VirusBuster', ['vbuster', 'vbengcl'], "{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1], qr/: '(.*)' - Virus/ ], # VirusBuster Ltd. does not support the daemon version for the workstation # engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of # binaries, some parameters AND return codes have changed (from 3 to 1). # See also the new Vexira entry 'vascan' which is possibly related. # ### http://www.virusbuster.hu/en/ # ['VirusBuster (Client + Daemon)', 'vbengd', # '-f -log scandir {}', [0], [3], # qr/Virus found = (.*);/ ], # # HINT: for an infected file it always returns 3, # # although the man-page tells a different story ### http://www.cyber.com/ ['CyberSoft VFind', 'vfind', '--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/, # sub {$ENV{VSTK_HOME}='/usr/lib/vstk'}, ], ### http://www.avast.com/ ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'], '-a -i -n -t=A {}', [0], [1], qr/binfected by:s+([^ tn[]]+)/ ], ### http://www.ikarus-software.com/ ['Ikarus AntiVirus for Linux', 'ikarus', '{}', [0], [40], qr/Signature (.+) found/ ], ### http://www.bitdefender.com/ ['BitDefender', 'bdscan', # new version '--action=ignore --no-list {}', qr/^Infected files *:0+(?!d)/, qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/, qr/(?:suspected|infected): (.*)(?:?33|$)/ ], ### http://www.bitdefender.com/ ['BitDefender', 'bdc', # old version '--arc --mail {}', qr/^Infected files *:0+(?!d)/, qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/, qr/(?:suspected|infected): (.*)(?:?33|$)/ ], # consider also: --all --nowarn --alev=15 --flev=15. The --all argument may # not apply to your version of bdc, check documentation and see 'bdc --help' ### ArcaVir for Linux and Unix http://www.arcabit.pl/ ['ArcaVir for Linux', ['arcacmd','arcacmd.static'], '-v 1 -summary 0 -s {}', [0], [1,2], qr/(?:VIR|WIR):[ t]*(.+)/ ], # ['File::Scan', sub {Amavis::AV::ask_av(sub{ # use File::Scan; my($fn)=@_; # my($f)=File::Scan->new(max_txt_size=>0, max_bin_size=>0); # my($vname) = $f->scan($fn); # $f->error ? (2,"Error: ".$f->error) # : ($vname ne '') ? (1,"$vname FOUND") : (0,"Clean")}, @_) }, # ["{}/*"], [0], [1], qr/^(.*) FOUND$/ ], # ### fully-fledged checker for JPEG marker segments of invalid length # ['check-jpeg', # sub { use JpegTester (); Amavis::AV::ask_av(&JpegTester::test_jpeg, @_) }, # ["{}/*"], undef, [1], qr/^(bad jpeg: .*)$/ ], # # NOTE: place file JpegTester.pm somewhere where Perl can find it, # # for example in /usr/local/lib/perl5/site_perl ); @av_scanners_backup = ( ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV ['ClamAV-clamscan', 'clamscan', "--stdout --no-summary -r --tempdir=$TEMPBASE {}", [0], qr/:.*sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], ### http://www.f-prot.com/ - backs up F-Prot Daemon, V6 ['F-PROT Antivirus for UNIX', ['fpscan'], '--report --mount --adware {}', # consider: --applications -s 4 -u 3 -z 10 [0,8,64], [1,2,3, 4+1,4+2,4+3, 8+1,8+2,8+3, 12+1,12+2,12+3], qr/^[Founds+[^]]*]s+<([^ t(>]*)/ ], ### http://www.f-prot.com/ - backs up F-Prot Daemon (old) ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'], '-dumb -archive -packed {}', [0,8], [3,6], # or: [0], [3,6,8], qr/(?:Infection:|security risk named) (.+)|s+containss+(.+)$/ ], ### http://www.trendmicro.com/ - backs up Trophie ['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'], '-za -a {}', [0], qr/Found virus/, qr/Found virus (.+) in/ ], ### http://www.sald.com/, http://drweb.imshop.de/ - backs up DrWebD ['drweb - DrWeb Antivirus', # security LHA hole in Dr.Web 4.33 and earlier ['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'], '-path={} -al -go -ot -cn -upn -ok-', [0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'], ### http://www.kaspersky.com/ ['Kaspersky Antivirus v5.5', ['/opt/kaspersky/kav4fs/bin/kav4fs-kavscanner', '/opt/kav/5.5/kav4unix/bin/kavscanner', '/opt/kav/5.5/kav4mailservers/bin/kavscanner', 'kavscanner'], '-i0 -xn -xp -mn -R -ePASBME {}/*', [0,10,15], [5,20,21,25], qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.*)/ , # sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"}, # sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, ], # Commented out because the name 'sweep' clashes with Debian and FreeBSD # package/port of an audio editor. Make sure the correct 'sweep' is found # in the path when enabling. # # ### http://www.sophos.com/ - backs up Sophie or SAVI-Perl # ['Sophos Anti Virus (sweep)', 'sweep', # '-nb -f -all -rec -ss -sc -archive -cab -mime -oe -tnef '. # '--no-reset-atime {}', # [0,2], qr/Virus .*? found/, # qr/^>>> Virus(?: fragment)? '?(.*?)'? found/, # ], # # other options to consider: -idedir=/usr/local/sav # always succeeds (uncomment to consider mail clean if all other scanners fail) # ['always-clean', sub {0}], ); 1; # insure a defined return
amavisd-new ist das Programm, das Postfix und SpamAssassin/ClamAV zusammenhält. Postfix leitet die Mails an amavisd-new weiter, was dann SpamAssassin und ClamAV aufruft, die E-Mails zu scannen. Sieh Dir bitte die Spamassassin und ClamAV Einstellungen in /etc/amavisd/amavisd.conf an. Selbstverständlich kannst Du diese Datei noch weiter anpassen. Sieh Dir dazu die Erklärungen in der originalen /etc/amavisd/amavisd.conf Datei an!

Erstelle danach die System Startup Links für clamd und freshclam und starte clamd, freshclam (das Tool, das die neusten Virussignaturen aus dem Internet holt um clamd auf dem neusten Stand zu halten) und amavisd:

chkconfig clamd on
chkconfig freshclam on
/etc/init.d/clamd start
/etc/init.d/amavisd start
freshclam
/etc/init.d/freshclam start

Nun müssen wir Postfix so konfigurieren, dass es eingehende E-Mails durch amavisd-new leitet:

postconf -e 'content_filter = amavis:[127.0.0.1]:10024'
postconf -e 'receive_override_options = no_address_mappings'

Hänge danach folgende Zeilen /etc/postfix/master.cf an:

vi /etc/postfix/master.cf


[...]
amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_bind_address=127.0.0.1
und starte Postfix neu:

/etc/init.d/postfix restart

10 Installation von Razor, Pyzor und DCC und Konfiguration von SpamAssassin

Razor, Pyzor und DCC sind Spamfilter, die ein gemeinsames Filternetzwerk benutzen. Um Razor, Pyzor und DCC zu installieren, führe dies aus

urpmi perl-Razor-Agent pyzor dcc

Initialisiere dann Razor und Pyzor:

chmod -R a+rX /usr/share/doc/pyzor-0.4.0 /usr/bin/pyzor /usr/bin/pyzord
chmod -R a+rX /usr/lib/python2.5/site-packages/pyzor
chown amavis:amavis /var/spool/amavis/
su -m amavis -c 'pyzor --homedir /var/spool/amavis discover'
su -m amavis -c 'razor-admin -home=/var/spool/amavis -create'
su -m amavis -c 'razor-admin -home=/var/spool/amavis -register'

Nun müssen wir SpamAssassin mitteilen, dass es diese drei Programme verwenden soll. Bearbeite /etc/mail/spamassassin/local.cf so dass es wie folgt aussieht:

cp /etc/mail/spamassassin/local.cf /etc/mail/spamassassin/local.cf_orig
cat /dev/null > /etc/mail/spamassassin/local.cf
vi /etc/mail/spamassassin/local.cf

# dcc
use_dcc 1 dcc_path /usr/bin/dccproc #pyzor use_pyzor 1 pyzor_path /usr/bin/pyzor #razor use_razor2 1 razor_config /var/spool/amavis/razor-agent.conf #bayes use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1
Dann müssen wir den DCC Plugin in SpamAssassin aktivieren. Öffne /etc/mail/spamassassin/v310.pre und aktiviere die loadplugin Mail::SpamAssassin::Plugin::DCC Zeile:

vi /etc/mail/spamassassin/v310.pre


[...]
# DCC - perform DCC message checks. # # DCC is disabled here because it is not open source. See the DCC # license for more details. # loadplugin Mail::SpamAssassin::Plugin::DCC [...]
Du kannst Deine SpamAssassin Konfiguration überprüfen, indem Du Folgendes ausführst:

spamassassin --lint

Es dürften keine Fehler angezeigt werden.

Führe danach dies aus:

/etc/init.d/amavisd restart

Nun aktualisieren wir unsere SpamAssassin Rulesets wie folgt:

sa-update --no-gpg

Wir erstellen einen Cron Job, so dass die Rulesets regelmäßig aktualisiert werden. Führe dies aus

crontab -e

um den Cron Job Editor zu öffnen. Erstelle den folgenden Cron Job:
23 4 */2 * * /usr/bin/sa-update --no-gpg &> /dev/null
Damit werden die Rulesets jeden zweiten Tag um 4.23 Uhr aktualisiert.

11 Quota Überschreitungsmeldung

Wenn Du Meldungen bezüglich aller E-Mail Konten erhalten möchtest, die über Quota sind, dann führe Folgendes aus:

cd /usr/local/sbin/
wget http://puuhis.net/vhcs/quota.txt
mv quota.txt quota_notify
chmod 755 quota_notify

Öffne /usr/local/sbin/quota_notify und bearbeite die Variablen zu Beginn. Weiter unten in der Datei (gegen Ende) gibt es zwei Zeilen, denen Du ein % Zeichen anhängen solltest:

vi /usr/local/sbin/quota_notify


[...]
my $POSTFIX_CF = "/etc/postfix/main.cf"; my $MAILPROG = "/usr/sbin/sendmail -t"; my $WARNPERCENT = 80; my @POSTMASTERS = ('postmaster@yourdomain.tld'); my $CONAME = 'My Company'; my $COADDR = 'postmaster@yourdomain.tld'; my $SUADDR = 'postmaster@yourdomain.tld'; my $MAIL_REPORT = 1; my $MAIL_WARNING = 1; [...] print "Subject: WARNING: Your mailbox is $lusers{$luser}% full.n"; [...] print "Your mailbox: $luser is $lusers{$luser}% full.nn"; [...]
Führe dies aus

crontab -e

um einen Cron Job für dieses Skript zu erstellen:
0 0 * * * /usr/local/sbin/quota_notify &> /dev/null

12 Postfix testen

Um herauszufinden, ob Postfix für SMTP-AUTH und TLS bereit ist, führe Folgendes aus

telnet localhost 25

Nachdem Du die Verbindung zu Deinem Postfix Mail Server aufgebaut hast, tippe

ehlo localhost

Wenn Du die Zeile

250-STARTTLS
und

250-AUTH PLAIN LOGIN
siehst, ist alles in Ordnung.

[root@server1 sbin]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 server1.example.com ESMTP Postfix (2.5.1) (Mandriva Linux)
ehlo localhost
250-server1.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@server1 sbin]#

Tippe

quit

um zur Kommandozeile des Systems zurückzukehren.

13 Die Datenbank füllen und testen

Um die Datenbank zu füllen, kannst Du die MySQL Kommandozeile verwenden:

mysql -u root -p

USE mail;

Du musst wenigstens Einträge in der Tabelle domains und users erstellen:

INSERT INTO `domains` (`domain`) VALUES ('example.com');
INSERT INTO `users` (`email`, `password`, `quota`) VALUES ('sales@example.com', ENCRYPT('secret'), 10485760);

(Pass bitte auf, dass Du den ENCRYPT Syntax im zweiten INSERT Statement verwendest, um das Passwort zu verschlüsseln!)

Wenn Du Einträge in den anderen beiden Tabellen vornehmen möchtest, würde dies so aussehen:

INSERT INTO `forwardings` (`source`, `destination`) VALUES ('info@example.com', 'sales@example.com');
INSERT INTO `transport` (`domain`, `transport`) VALUES ('example.com', 'smtp:mail.example.com');

Um die MySQL Kommandozeile zu verlassen, tippe

quit;

Für die Meisten ist es einfacher, wenn sie ein grafisches Front-end für MySQL haben; daher kannst Du auch phpMyAdmin (in diesem Beispiel unter http://192.168.0.100/phpmyadmin/ oder http://server1.example.com/phpmyadmin/) verwenden, um die mail Datenbank zu verwalten. Wenn Du einen Benutzer einrichtets, pass auf, dass Du die ENCRYPT Funktion verwendest um das Passwort zu verschlüsseln:


Ich denke nicht, dass ich die domains und users Tabellen hier noch weiter erklären muss.

Die forwardings Tabelle könnte folgende Einträge haben:
source destination  
info@example.com sales@example.com Redirects emails for info@example.com to sales@example.com
@example.com thomas@example.com Creates a Catch-All account for thomas@example.com. All emails to example.com will arrive at thomas@example.com, except those that exist in the users table (i.e., if sales@example.com exists in the users table, mails to sales@example.com will still arrive at sales@example.com).
@example.com @anotherdomain.tld This redirects all emails to example.com to the same user at anotherdomain.tld. E.g., emails to thomas@example.com will be forwarded to thomas@anotherdomain.tld.
info@example.com sales@example.com, billing@anotherdomain.tld Forward emails for info@example.com to two or more email addresses. All listed email addresses under destination receive a copy of the email.Die transport Tabelle könnte folgende Einträge haben:
domain transport  
example.com : Delivers emails for example.com locally. This is as if this record would not exist in this table at all.
example.com smtp:mail.anotherdomain.tld Delivers all emails for example.com via smtp to the server mail.anotherdomain.com.
example.com smtp:mail.anotherdomain.tld:2025 Delivers all emails for example.com via smtp to the server mail.anotherdomain.com, but on port 2025, not 25 which is the default port for smtp.
example.com smtp:[1.2.3.4]
smtp:[1.2.3.4]:2025
smtp:[mail.anotherdomain.tld]
The square brackets prevent Postfix from doing lookups of the MX DNS record for the address in square brackets. Makes sense for IP addresses.
.example.com smtp:mail.anotherdomain.tld Mail for any subdomain of example.com is delivered to mail.anotherdomain.tld.
* smtp:mail.anotherdomain.tld All emails are delivered to mail.anotherdomain.tld.
joe@example.com smtp:mail.anotherdomain.tld Emails for joe@example.com are delivered to mail.anotherdomain.tld.Siehe

man transport

um mehr zu erfahren.

Bitte denke daran, dass die Reihenfolge der Einträge in der transport Tabelle wichtig ist! Die Einträge schließen sich von oben nach unten an.
Wichtig: Postfix verwendet einen Caching Mechanism für den Transport, daher kann es eine Weile dauern, bis Deine Änderungen in der transport Tabelle übernommen werden. Wenn Du möchtest, dass sie sofort übernommen werden, lass Folgendes laufen

postfix reload

nachdem Du die Änderungen in der transport Tablle vorgenommen hast.

14 Eine Willkommens-Mail senden um die Maildir zu erstellen

Wenn Du eine neues E-Mail Konto anlegst und versuchst E-Mails abzurufen (mit POP3/IMAP), erhältst Du wahrscheinlich Fehlermeldungen, die Dir mitteilen, dass die Maildir nicht existiert. Die Maildir wird automatisch erstellt, wenn die erste E-Mail im neuen Konto ankommt. Daher ist es keine schlechte Idee, eine Willkommens-Mail an ein neues Konto zu senden. Um eine Willkommens-Mail an sales@example.com zu senden, führen wir dies aus:

mailx sales@example.com

Du wirst nach dem Betreff gefragt. Gib den Betreff ein (z.B. Welcome), drücke dann ENTER und gib in die nächste Zeile Deine Nachricht ein. Wenn die Nachricht fertig ist, drücke erneut ENTER damit Du Dich in einer neuen Zeile befindest, drücke dann STRG+D um die E-Mail fertigzustellen:

[root@server1 mail]# mailx sales@example.com
Subject: Welcome <-- ENTER
Welcome! Have fun with your new mail account. <-- ENTER
<-- CTRL+D
EOT
[root@server1 mail]#

15 Installation von SquirrelMail

SquirrelMail ist ein Webmail Interface, mit dem Deine Benutzer E-Mails in einem Browser senden und erhalten können. Dieses Kapitel zeigt, wie man es installiert und an unser Setup anpasst, so dass die Benutzer sogar ihr E-Mail Konten-Passwort vom SquirrelMail Interface aus ändern können.

Um SquirrelMail zu installieren, tippen wir einfach:

urpmi squirrelmail

SquirrelMail hat einige vorinstallierte Plugins, leider ist keiner von ihnen fähig, uns unser E-Mail Passwort in unserer MySQL Datenbank ändern zu lassen. Aber es gibt den Change SQL Password Plugin, den wir manuell installieren können:

cd /var/www/squirrelmail/plugins/
wget http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fchange_sqlpass-3.3-1.2.tar.gz
tar xvfz change_sqlpass-3.3-1.2.tar.gz
cd change_sqlpass
cp config.php.sample config.php

Nun müssen wir config.php bearbeiten und sie an unser Setup anpassen. Bitte passe die $csp_dsn, $lookup_password_query, $password_update_queries, $password_encryption, $csp_salt_static und $csp_delimiter Variablen wie folgt an und kommentiere $csp_salt_query aus:

vi config.php


[...]
$csp_dsn = 'mysql://mail_admin:mail_admin_password@localhost/mail'; [...] $lookup_password_query = 'SELECT count(*) FROM users WHERE email = "%1" AND password = %4'; [...] $password_update_queries = array('UPDATE users SET password = %4 WHERE email = "%1"'); [...] $password_encryption = 'MYSQLENCRYPT'; [...] $csp_salt_static = 'LEFT(password, 2)'; [...] //$csp_salt_query = 'SELECT salt FROM users WHERE username = "%1"'; [...] $csp_delimiter = '@'; [...]
Die vollständige Datei sieht wie folgt aus:
<?php
/** * SquirrelMail Change SQL Password Plugin * Copyright (C) 2001-2002 Tyler Akins * 2002 Thijs Kinkhorst <kink@users.sourceforge.net> * 2002-2005 Paul Lesneiwski <paul@openguild.net> * This program is licensed under GPL. See COPYING for details * * @package plugins * @subpackage Change SQL Password * */ // Global Variables, don't touch these unless you want to break the plugin // global $csp_dsn, $password_update_queries, $lookup_password_query, $force_change_password_check_query, $password_encryption, $csp_salt_query, $csp_salt_static, $csp_secure_port, $csp_non_standard_http_port, $csp_delimiter, $csp_debug, $min_password_length, $max_password_length, $include_digit_in_password, $include_uppercase_letter_in_password, $include_lowercase_letter_in_password, $include_nonalphanumeric_in_password; // csp_dsn // // Theoretically, any SQL database supported by Pear should be supported // here. The DSN (data source name) must contain the information needed // to connect to your database backend. A MySQL example is included below. // For more details about DSN syntax and list of supported database types, // please see: // http://pear.php.net/manual/en/package.database.db.intro-dsn.php // //$csp_dsn = 'mysql://user:password@localhost/email_users'; $csp_dsn = 'mysql://mail_admin:mail_admin_password@localhost/mail'; // lookup_password_query // // This plugin will always verify the user's old password // against their login password, but an extra check can also // be done against the database for more security if you // desire. If you do not need the extra password check, // make sure this setting is empty. // // This is a query that returns a positive value if a user // and password pair are found in the database. // // This query should return one value (one row, one column), the // value being ideally a one or a zero, simply indicating that // the user/password pair does in fact exist in the database. // // %1 in this query will be replaced with the full username // (including domain), such as "jose@example.com" // %2 in this query will be replaced with the username (without // any domain portion), such as "jose" // %3 in this query will be replaced with the domain name, // such as "example.com" // %4 in this query will be replaced with the current (old) // password in whatever encryption format is needed per other // plugin configuration settings (Note that the syntax of // the password will be provided depending on your encryption // choices, so you NEVER need to provide quotes around this // value in the query here.) // %5 in this query will be replaced with the current (old) // password in unencrypted plain text. If you do not use any // password encryption, %4 and %5 will be the same values, // except %4 will have double quotes around it and %5 will not. // //$lookup_password_query = ''; // TERRIBLE SECURITY: $lookup_password_query = 'SELECT count(*) FROM users WHERE username = "%1" AND plain_password = "%5"'; //$lookup_password_query = 'SELECT count(*) FROM users WHERE username = "%1" AND crypt_password = %4'; $lookup_password_query = 'SELECT count(*) FROM users WHERE email = "%1" AND password = %4'; // password_update_queries // // An array of SQL queries that will all be executed // whenever a password change attempt is made. // // Any number of queries may be included here. // The queries will be executed in the order given here. // // %1 in all queries will be replaced with the full username // (including domain), such as "jose@example.com" // %2 in all queries will be replaced with the username (without // any domain portion), such as "jose" // %3 in all queries will be replaced with the domain name, // such as "example.com" // %4 in all queries will be replaced with the new password // in whatever encryption format is needed per other // plugin configuration settings (Note that the syntax of // the password will be provided depending on your // encryption choices, so you NEVER need to provide quotes // around this value in the queries here.) // %5 in all queries will be replaced with the new password // in unencrypted plain text - BEWARE! If you do not use // any password encryption, %4 and %5 will be the same // values, except %4 will have double quotes around it // and %5 will not. // // $password_update_queries = array( // 'UPDATE users SET crypt_password = %4 WHERE username = "%1"', // 'UPDATE user_flags SET force_change_pwd = 0 WHERE username = "%1"', // 'UPDATE users SET crypt_password = %4, force_change_pwd = 0 WHERE username = "%1"', // ); $password_update_queries = array('UPDATE users SET password = %4 WHERE email = "%1"'); // force_change_password_check_query // // A query that checks for a flag that indicates if a user // should be forced to change their password. This query // should return one value (one row, one column) which is // zero if the user does NOT need to change their password, // or one if the user should be forced to change it now. // // This setting should be an empty string if you do not wish // to enable this functionality. // // %1 in this query will be replaced with the full username // (including domain), such as "jose@example.com" // %2 in this query will be replaced with the username (without // any domain portion), such as "jose" // %3 in this query will be replaced with the domain name, // such as "example.com" // //$force_change_password_check_query = 'SELECT IF(force_change_pwd = "yes", 1, 0) FROM users WHERE username = "%1"'; //$force_change_password_check_query = 'SELECT force_change_pwd FROM users WHERE username = "%1"'; $force_change_password_check_query = ''; // password_encryption // // What encryption method do you use to store passwords // in your database? Please use one of the following, // exactly as you see it: // // NONE Passwords are stored as plain text only // MYSQLPWD Passwords are stored using the MySQL password() function // MYSQLENCRYPT Passwords are stored using the MySQL encrypt() function // PHPCRYPT Passwords are stored using the PHP crypt() function // MD5CRYPT Passwords are stored using encrypted MD5 algorithm // MD5 Passwords are stored as MD5 hash // //$password_encryption = 'MYSQLPWD'; $password_encryption = 'MYSQLENCRYPT'; // csp_salt_query // csp_salt_static // // Encryption types that need a salt need to know where to get // that salt. If you have a constant, known salt value, you // should define it in $csp_salt_static. Otherwise, leave that // value empty and define a value for the $csp_salt_query. // // Leave both values empty if you do not need (or use) salts // to encrypt your passwords. // // The query should return one value (one row, one column) which // is the salt value for the current user's password. This // query is ignored if $csp_salt_static is anything but empty. // // %1 in this query will be replaced with the full username // (including domain), such as "jose@example.com" // %2 in this query will be replaced with the username (without // any domain portion), such as "jose" // %3 in this query will be replaced with the domain name, // such as "example.com" // //$csp_salt_static = 'LEFT(crypt_password, 2)'; //$csp_salt_static = '"a4"'; // use this format with MYSQLENCRYPT //$csp_salt_static = '$2$blowsomefish$'; // use this format with PHPCRYPT //$csp_salt_static = ''; $csp_salt_static = 'LEFT(password, 2)'; //$csp_salt_query = 'SELECT SUBSTRING_INDEX(crypt_password, '$', 1) FROM users WHERE username = "%1"'; //$csp_salt_query = 'SELECT SUBSTRING(crypt_password, (LENGTH(SUBSTRING_INDEX(crypt_password, '$', 2)) + 2)) FROM users WHERE username = "%1"'; //$csp_salt_query = 'SELECT salt FROM users WHERE username = "%1"'; //$csp_salt_query = ''; // csp_secure_port // // You may ensure that SSL encryption is used during password // change by setting this to the port that your HTTPS is served // on (443 is typical). Set to zero if you do not wish to force // an HTTPS connection when users are changing their passwords. // // You may override this value for certain domains, users, or // service levels through the Virtual Host Login (vlogin) plugin // by setting a value(s) for $vlogin_csp_secure_port in the vlogin // configuration. // $csp_secure_port = 0; //$csp_secure_port = 443; // csp_non_standard_http_port // // If you serve standard HTTP web requests on a non-standard // port (anything other than port 80), you should specify that // port number here. Set to zero otherwise. // // You may override this value for certain domains, users, or // service levels through the Virtual Host Login (vlogin) plugin // by setting a value(s) for $vlogin_csp_non_standard_http_port // in the vlogin configuration. // //$csp_non_standard_http_port = 8080; $csp_non_standard_http_port = 0; // min_password_length // max_password_length // include_digit_in_password // include_uppercase_letter_in_password // include_lowercase_letter_in_password // include_nonalphanumeric_in_password // // You can set the minimum and maximum password lengths that // you accept or leave those settings as zero to indicate that // no limit should be applied. // // Turn on any of the other settings here to check that the // new password contains at least one digit, upper case letter, // lower case letter and/or one non-alphanumeric character. // $min_password_length = 6; $max_password_length = 0; $include_digit_in_password = 0; $include_uppercase_letter_in_password = 0; $include_lowercase_letter_in_password = 0; $include_nonalphanumeric_in_password = 0; // csp_delimiter // // if your system has usernames with something other than // an "@" sign separating the user and domain portion, // specify that character here // //$csp_delimiter = '|'; $csp_delimiter = '@'; // debug mode // $csp_debug = 0; ?>
Nun müssen wir uns in die SquirrelMail Konfiguration begeben und SquirrelMail mitteilen, dass wir Courier als unseren POP3 und IMAP Server verwenden (wenn Du das nicht tust, wirst Du wahrscheinlich folgende Fehler sehen

ERROR: Could not complete request.
Query: CREATE "Sent"
Reason Given: Invalid mailbox name.

wenn Du Dich bei SquirrelMail anmeldest), den Change SQL Password Plugin aktivieren und die anderen Passwort Plugins deaktivieren:

/var/www/squirrelmail/conf/conf.pl

Du siehst folgendes Menü. Tippe D um den IMAP/POP3 Server zu ändern:

SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages

D. Set pre-defined settings for specific IMAP servers


C Turn color off
S Save data
Q Quit

Command >> <-- D


SquirrelMail Configuration : Read: config.php
---------------------------------------------------------
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don't work so
well with others. If you select your IMAP server, this option will
set some pre-defined settings for that server.

Please note that you will still need to go through and make sure
everything is correct. This does not change everything. There are
only a few settings that this will change.

Please select your IMAP server:
bincimap = Binc IMAP server
courier = Courier IMAP server
cyrus = Cyrus IMAP server
dovecot = Dovecot Secure IMAP server
exchange = Microsoft Exchange IMAP server
hmailserver = hMailServer
macosx = Mac OS X Mailserver
mercury32 = Mercury/32
uw = University of Washington's IMAP server

quit = Do not change anything
Command >> <-- courier

imap_server_type = courier
default_folder_prefix = INBOX.
trash_folder = Trash
sent_folder = Sent
draft_folder = Drafts
show_prefix_option = false
default_sub_of_inbox = false
show_contain_subfolders_option = false
optional_delimiter = .
delete_folder = true

Press any key to continue... <-- press some key


SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages

D. Set pre-defined settings for specific IMAP servers


C Turn color off
S Save data
Q Quit

Command >> <-- 8


SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Plugins
Installed Plugins
1. delete_move_next
2. squirrelspell
3. newmail
4. filters
5. address_add
6. change_pass
7. quota_usage
8. change_ldappass
9. avelsieve
10. windows
11. folder_sizes
12. archive_mail
13. empty_folders

Available Plugins:
14. abook_import_export
15. abook_take
16. administrator
17. block_sender
18. bookmarks
19. bug_report
20. calendar
21. change_sqlpass
22. compatibility
23. demo
24. fortune
25. info
26. junkfolder
27. ldifimport
28. listcommands
29. login_image
30. mail_fetch
31. message_details
32. rewrap
33. secure_login
34. select_range
35. sent_subfolders
36. spam_buttons
37. spamassassin
38. spamcop
39. test
40. translate
41. username

R Return to Main Menu
C Turn color off
S Save data
Q Quit

Command >> <-- 22 (oder die Nummer, die der Kompatibilitäts-Plugin hat - sie wird vom change_sqlpass Plugin benötigt)


SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Plugins
Installed Plugins
1. delete_move_next
2. squirrelspell
3. newmail
4. filters
5. address_add
6. change_pass
7. quota_usage
8. change_ldappass
9. avelsieve
10. windows
11. folder_sizes
12. archive_mail
13. empty_folders
14. compatibility

Available Plugins:
15. abook_import_export
16. abook_take
17. administrator
18. block_sender
19. bookmarks
20. bug_report
21. calendar
22. change_sqlpass
23. demo
24. fortune
25. info
26. junkfolder
27. ldifimport
28. listcommands
29. login_image
30. mail_fetch
31. message_details
32. rewrap
33. secure_login
34. select_range
35. sent_subfolders
36. spam_buttons
37. spamassassin
38. spamcop
39. test
40. translate
41. username

R Return to Main Menu
C Turn color off
S Save data
Q Quit

Command >> <-- 22 (die Nummer des change_sqlpass Plugins)


SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Plugins
Installed Plugins
1. delete_move_next
2. squirrelspell
3. newmail
4. filters
5. address_add
6. change_pass
7. quota_usage
8. change_ldappass
9. avelsieve
10. windows
11. folder_sizes
12. archive_mail
13. empty_folders
14. compatibility
15. change_sqlpass

Available Plugins:
16. abook_import_export
17. abook_take
18. administrator
19. block_sender
20. bookmarks
21. bug_report
22. calendar
23. demo
24. fortune
25. info
26. junkfolder
27. ldifimport
28. listcommands
29. login_image
30. mail_fetch
31. message_details
32. rewrap
33. secure_login
34. select_range
35. sent_subfolders
36. spam_buttons
37. spamassassin
38. spamcop
39. test
40. translate
41. username

R Return to Main Menu
C Turn color off
S Save data
Q Quit

Command >> <-- 6 (die Nummer des change_pass Plugins)


SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Plugins
Installed Plugins
1. delete_move_next
2. squirrelspell
3. newmail
4. filters
5. address_add
6. quota_usage
7. change_ldappass
8. avelsieve
9. windows
10. folder_sizes
11. archive_mail
12. empty_folders
13. compatibility
14. change_sqlpass

Available Plugins:
15. abook_import_export
16. abook_take
17. administrator
18. block_sender
19. bookmarks
20. bug_report
21. calendar
22. change_pass
23. demo
24. fortune
25. info
26. junkfolder
27. ldifimport
28. listcommands
29. login_image
30. mail_fetch
31. message_details
32. rewrap
33. secure_login
34. select_range
35. sent_subfolders
36. spam_buttons
37. spamassassin
38. spamcop
39. test
40. translate
41. username

R Return to Main Menu
C Turn color off
S Save data
Q Quit

Command >> <-- 7 (die Nummer des change_ldappass Plugins)


SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Plugins
Installed Plugins
1. delete_move_next
2. squirrelspell
3. newmail
4. filters
5. address_add
6. quota_usage
7. avelsieve
8. windows
9. folder_sizes
10. archive_mail
11. empty_folders
12. compatibility
13. change_sqlpass

Available Plugins:
14. abook_import_export
15. abook_take
16. administrator
17. block_sender
18. bookmarks
19. bug_report
20. calendar
21. change_ldappass
22. change_pass
23. demo
24. fortune
25. info
26. junkfolder
27. ldifimport
28. listcommands
29. login_image
30. mail_fetch
31. message_details
32. rewrap
33. secure_login
34. select_range
35. sent_subfolders
36. spam_buttons
37. spamassassin
38. spamcop
39. test
40. translate
41. username

R Return to Main Menu
C Turn color off
S Save data
Q Quit

Command >> <-- S


SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Plugins
Installed Plugins
1. delete_move_next
2. squirrelspell
3. newmail
4. filters
5. address_add
6. quota_usage
7. avelsieve
8. windows
9. folder_sizes
10. archive_mail
11. empty_folders
12. compatibility
13. change_sqlpass

Available Plugins:
14. abook_import_export
15. abook_take
16. administrator
17. block_sender
18. bookmarks
19. bug_report
20. calendar
21. change_ldappass
22. change_pass
23. demo
24. fortune
25. info
26. junkfolder
27. ldifimport
28. listcommands
29. login_image
30. mail_fetch
31. message_details
32. rewrap
33. secure_login
34. select_range
35. sent_subfolders
36. spam_buttons
37. spamassassin
38. spamcop
39. test
40. translate
41. username

R Return to Main Menu
C Turn color off
S Save data
Q Quit

Command >> <-- Q

Nun kannst Du http://server1.example.com/squirrelmail oder http://192.168.0.100/squirrelmail in Deinen Browser eingeben um auf SquirrelMail zugreifen zu können.

Melde Dich mit Deiner E-Mail Adresse (z.B. sales@example.com) und Deinem Passwort an:


Du müsstest die Willkommens-Mail im Postfach sehen:



Um Dein Passwort zu ändern, gehe zu Options und wähle dann Change Password:


Gib Dein derzeitiges Passwort und dann Dein neues Passwort zweimal ein:


SquirrelMail wird Dir mitteilen, ob das Passwort erfolgreich geändert wurde:

16 Referenzen

Tutorial: ISP-style Email Service with Debian-Sarge and Postfix 2.1: http://workaround.org/articles/ispmail-sarge/
Postfix + Quota: http://vhcs.net/new/modules/newbb/viewtopic.php?topic_id=3496&forum=17
Mail Passwords Encrypted using saslauthd: http://www.syscp.de/docs/public/contrib/cryptedmailpws

17 Links