Virtuelle Benutzer und Domains mit Postfix, Courier, MySQL und SquirrelMail (Mandriva 2008.1) - Seite 2

6 Konfiguration von Postfix

Nun müssen wir Postfix mitteilen, wo es alle Informationen in der Datenbank finden kann. Dafür müssen wir sechs Textdateien erstellen. Du wirst feststellen, dass ich Postfix mitteile, sich mit MySQL auf der IP Adresse 127.0.0.1 anstatt sich mit localhost zu verbinden. Postfix läuft in einem Chroot Gefängnis und hat keinen Zugriff auf den MySQL Socket welchen er versuchen würde zu verbinden, wenn ich Postfix mitgeteilt hätte, localhost zu verwenden. Wenn ich 127.0.0.1 verwende, nutzt Postfix den TCP Netzwerkbetrieb um sich mit MySQL zu verbinden, was auch im Chroot Gefängnis kein Problem darstellt (die Alternative wäre den MySQL Socket in ein Chroot Gefängnis zu verschieben, was wieder andere Probleme verursacht).

Lass uns nun unsere sechs Textdateien erstellen.

vi /etc/postfix/mysql-virtual_domains.cf


user = mail_admin
password = mail_admin_password dbname = mail query = SELECT domain AS virtual FROM domains WHERE domain='%s' hosts = 127.0.0.1

vi /etc/postfix/mysql-virtual_forwardings.cf


user = mail_admin
password = mail_admin_password dbname = mail query = SELECT destination FROM forwardings WHERE source='%s' hosts = 127.0.0.1

vi /etc/postfix/mysql-virtual_mailboxes.cf


user = mail_admin
password = mail_admin_password dbname = mail query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM users WHERE email='%s' hosts = 127.0.0.1

vi /etc/postfix/mysql-virtual_email2email.cf


user = mail_admin
password = mail_admin_password dbname = mail query = SELECT email FROM users WHERE email='%s' hosts = 127.0.0.1

vi /etc/postfix/mysql-virtual_transports.cf


user = mail_admin
password = mail_admin_password dbname = mail query = SELECT transport FROM transport WHERE domain='%s' hosts = 127.0.0.1

vi /etc/postfix/mysql-virtual_mailbox_limit_maps.cf


user = mail_admin
password = mail_admin_password dbname = mail query = SELECT quota FROM users WHERE email='%s' hosts = 127.0.0.1

chmod o= /etc/postfix/mysql-virtual_*.cf
chgrp postfix /etc/postfix/mysql-virtual_*.cf

Nun erstellen wir einen Benutzer und eine Gruppe namens vmail mit dem Home Verzeichnis /home/vmail. Hier werden alle Mail Boxes gespeichert.

groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /home/vmail -m

Als Nächstes werden wir Postfix etwas konfigurieren. Pass auf, dass Du server1.example.com mit einem gültigen FQDN ersetzt, sonst kann es sein, dass Dein Postfix nicht richtig funktioniert!

postconf -e 'myhostname = server1.example.com'
postconf -e 'mydestination = server1.example.com, localhost, localhost.localdomain'
postconf -e 'mynetworks = 127.0.0.0/8'
postconf -e 'virtual_alias_domains ='
postconf -e ' virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf'
postconf -e 'virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf'
postconf -e 'virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf'
postconf -e 'virtual_mailbox_base = /home/vmail'
postconf -e 'virtual_uid_maps = static:5000'
postconf -e 'virtual_gid_maps = static:5000'
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_sasl_authenticated_header = yes'
postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/smtpd.cert'
postconf -e 'smtpd_tls_key_file = /etc/postfix/smtpd.key'
postconf -e 'transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf'
postconf -e 'virtual_create_maildirsize = yes'
postconf -e 'virtual_mailbox_extended = yes'
postconf -e 'virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf'
postconf -e 'virtual_mailbox_limit_override = yes'
postconf -e 'virtual_maildir_limit_message = "The user you are trying to reach is over quota."'
postconf -e 'virtual_overquota_bounce = yes'
postconf -e 'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps'
postconf -e 'inet_interfaces = all'
postconf -e 'alias_database = hash:/etc/postfix/aliases'
postconf -e 'alias_maps = hash:/etc/postfix/aliases'

Danach erstellen wir das SSL Zertifikat, das für TLS benötigt wird:

cd /etc/postfix
openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509

Country Name (2 letter code) [GB]: <-- Enter your Country Name (e.g., "DE").
State or Province Name (full name) [Berkshire]: <-- Enter your State or Province Name.
Locality Name (eg, city) [Newbury]: <-- Enter your City.
Organization Name (eg, company) [My Company Ltd]: <-- Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []: <-- Enter your Organizational Unit Name (e.g. "IT Department").
Common Name (eg, your name or your server's hostname) []: <-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
Email Address []: <-- Enter your Email Address.

Ändere dann die Berechtigungen des smtpd.keys:

chmod o= /etc/postfix/smtpd.key


7 Konfiguration von Saslauthd

Bearbeite /etc/sasl2/smtpd.conf. So sollte es aussehen:

vi /etc/sasl2/smtpd.conf


# all parameters are documented into:
# /usr/share/doc/cyrus-sasl/options.html # The mech_list parameters list the sasl mechanisms to use, # default being all mechs found. #mech_list: plain login # To authenticate using the separate saslauthd daemon, (e.g. for # system or ldap users). Also see /etc/sysconfig/saslauthd. #pwcheck_method: saslauthd #saslauthd_path: /var/lib/sasl2/mux # To authenticate against users stored in sasldb. #pwcheck_method: auxprop #auxprop_plugin: sasldb #sasldb_path: /var/lib/sasl2/sasl.db pwcheck_method: authdaemond log_level: 3 mech_list: PLAIN LOGIN authdaemond_path:/var/lib/authdaemon/socket
Erstelle dann die System Startup Links für Postfix und starte Postfix, saslauthd und courier-authdaemon:

chmod 755 /var/lib/authdaemon
chkconfig postfix on
/etc/init.d/courier-authdaemon start
/etc/init.d/postfix start
/etc/init.d/saslauthd start

8 Konfiguration von Courier

Nun müssen wir Courier mitteilen, dass es sich gegenüber unserer MySQL Datenbank authentifizieren soll. Bearbeite zunächst /etc/courier/authdaemonrc und ändere den Wert von authmodulelist so dass es heißt

vi /etc/courier/authdaemonrc


[...]
authmodulelist="authmysql" #authmodulelist="authpam authpwd authshadow" [...]
Bearbeite dann /etc/courier/authmysqlrc. Es sollte ganz genau so aussehen (noch mal, vergewissere Dich, dass Du die korrekten Datenbank-Angaben eingibst):

cp /etc/courier/authmysqlrc /etc/courier/authmysqlrc_orig
cat /dev/null > /etc/courier/authmysqlrc
vi /etc/courier/authmysqlrc

MYSQL_SERVER localhost
MYSQL_USERNAME mail_admin MYSQL_PASSWORD mail_admin_password MYSQL_PORT 0 MYSQL_DATABASE mail MYSQL_USER_TABLE users MYSQL_CRYPT_PWFIELD password #MYSQL_CLEAR_PWFIELD password MYSQL_UID_FIELD 5000 MYSQL_GID_FIELD 5000 MYSQL_LOGIN_FIELD email MYSQL_HOME_FIELD "/home/vmail" MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') #MYSQL_NAME_FIELD MYSQL_QUOTA_FIELD quota
Starte dann Courier neu:

/etc/init.d/courier-authdaemon restart
/etc/init.d/courier-imapd restart
/etc/init.d/courier-pop3d restart

Wenn Du Folgendes ausführst

telnet localhost pop3

kannst Du sehen, ob Dein POP3 Server richtig funktioniert. Er sollte +OK Hello there. zurückgeben (tippe quit um wieder zur Linux Kommandozeile zu gelangen):

[root@server1 postfix]# telnet localhost pop3
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK Hello there.
quit
+OK Better luck next time.
Connection closed by foreign host.
[root@server1 postfix]#

9 Installation von Amavisd-new, SpamAssassin und ClamAV

Um amavisd-new, spamassassin und clamav zu installieren, führe folgenden Befehl aus:

urpmi amavisd-new spamassassin spamassassin-spamc spamassassin-spamd pax cabextract lha lzop ncompress nomarch clamd clamav unzip bzip2 arj freeze p7zip

Nun müssen wir /etc/amavisd/amavisd.conf bearbeiten.

vi /etc/amavisd/amavisd.conf

In dieser Datei ändern wir sechs Stellen:

1) Ändere
$inet_socket_port = 10025;   # listen on this local TCP port(s)
zu
$inet_socket_port = 10024;   # listen on this local TCP port(s)
2) Ändere
$sa_tag_level_deflt  = 1.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 4.9; # add 'spam detected' headers at that level $sa_kill_level_deflt = 4.9; # triggers spam evasive actions (e.g. blocks mail) $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
zu
$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 4.0; # add 'spam detected' headers at that level $sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions (e.g. blocks mail) $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
(Natürlich kannst Du die Spam Scores an Deine Wünsche anpassen.)

3) Ändere
# @lookup_sql_dsn =
# ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'], # ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'], # ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] ); # @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database
zu
# @lookup_sql_dsn =
# ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'], # ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'], # ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] ); # @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database @lookup_sql_dsn = ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'mail_admin', 'mail_admin_password'] ); $sql_select_policy = 'SELECT "Y" as local FROM domains WHERE CONCAT("@",domain) IN (%k)'; $sql_select_white_black_list = undef; # undef disables SQL white/blacklisting $recipient_delimiter = '+'; # (default is '+') $replace_existing_extension = 1; # (default is false) $localpart_is_case_sensitive = 0; # (default is false)
(Pass auf, dass Du die korrekten Datenbank-Angaben eingibst!)

4) Ändere
# $recipient_delimiter = '+';  # undef disables address extensions altogether
# when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+
zu
$recipient_delimiter = undef;  # undef disables address extensions altogether
# $recipient_delimiter = '+'; # undef disables address extensions altogether # when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+
5) Ändere
# $notify_method  = 'smtp:[127.0.0.1]:10026';
# $forward_method = 'smtp:[127.0.0.1]:10026'; # set to undef with milter!
zu
$notify_method  = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter!
6) Ändere
# $final_virus_destiny      = D_DISCARD;
# $final_banned_destiny = D_BOUNCE; # $final_spam_destiny = D_PASS; # $final_bad_header_destiny = D_PASS;
zu
$final_virus_destiny      = D_REJECT;
$final_banned_destiny = D_REJECT; $final_spam_destiny = D_PASS; $final_bad_header_destiny = D_PASS;
(Natürlich kannst Du selbst entscheiden, was mit Spam und Viren passieren soll. Ich habe mit dafür entschieden, Spam zu akzeptieren (D_PASS), so dass Spam in meinem E-Mail Client mit einem einfachen Filter Rule (basierend auf dem Betreff, der von amavisd-new umgeschrieben wird, wenn er denkt, dass es Spam ist) gefiltert werden kann. Die erlaubten Aktionen (D_PASS, D_DISCARD, D_BOUNCE und D_REJECT) werden hier erklärt: http://www.ijs.si/software/amavisd/amavisd-new-docs.html#actions)

0 Kommentar(e)

Zum Posten von Kommentaren bitte