Postfix tls mysql dovecot
From linux360
Contents
Scopul Ghidului
Creearea unui mailserver cu ajutorul programelor postfix,mysql, dovecot si interfata de webmail squirrelmail. In loc de clasicul cyrus saslauth o sa folosim dovecot-sasl, postfix-ul 2.3 are suport pentru acesta.
Nota
Instalarea s-a facut pe o distributie Slackware 10.2 cu mysql instalat si apache. Acest ghid nu se va ocupa de instalarea serverului mysql si nici de configurarea si instalarea serverului de web apache. In functie de distributia folosita unele comenzi necesita o mica modificare de cale (vezi mysql in configurarea postfix-ului).
Compilarea si instalarea programelor postfix si dovecot
In momentul scrierii acestui ghid versiunile folosite au fost cele mai noi.
Instalare postfix
<sh/>wget http://postfix.imar.ro/postfix-release/experimental/postfix-2.3-20060202.tar.gz
tar -zxf postfix-2.3-20060202.tar.gz
cd postfix-2.3-20060202
make tidy
make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL -DUSE_TLS -I/usr/include/mysql -DUSE_SASL_AUTH \
-DDEF_SASL_SERVER=\"dovecot\"' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -lssl -lcrypto'
make useradd postfix groupadd postdrop make install
Instalare dovecot
<sh/>wget http://www.dovecot.org/releases/dovecot-1.0.beta2.tar.gz
tar -zxf dovecot-1.0.beta2.tar.gz
cd dovecot-1.0.beta2
./configure --prefix=/usr --sysconfdir=/etc/dovecot --with-mysql
make
make install
Crearea unui certificat self-signed
<sh/>cd /etc/postfix
mkdir ssl
cd ssl
openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650
Configurare postfix
main.cf:
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
mynetworks_style = subnet
mailbox_command =
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/man/
sample_directory = /etc/postfix
mynetworks = 127.0.0.0/8
readme_directory = no
myhostname = domeniu.ro
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,rejec
t_unauth_destination
inet_interfaces = all
transport_maps = mysql:/etc/postfix/mysql_virtual_transport.cf
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_base = /home/mails
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_transport = virtual
virtual_uid_maps = mysql:/etc/postfix/uid.cf
virtual_gid_maps = mysql:/etc/postfix/gid.cf
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps
.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has no space available
in their inbox.
virtual_overquota_bounce = yes
relay_domains = mysql:/etc/postfix/mysql_relay_domains_maps.cf
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_limi
t_maps.cf
proxy_read_maps = $local_recipient_maps $virtual_alias_maps
$virtual_alias_domains $virtual_mailbox_maps $mydestination $virtual_mailbox_d
omains
$relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps
$recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
$virtual_mailbox_limit_maps
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
gid.cf:
hosts=localhost user=mailuser password=mailpass dbname=email table=users select_field=gid where_field=userid
uid.cf:
hosts=localhost user=mailuser password=mailpass dbname=email table=users select_field=uid where_field=userid
mysql_relay_domains_maps.cf:
hosts = localhost dbname = email user = mailuser password = mailpass table = domain select_field = domain where_field = domain
mysql_virtual_alias_maps.cf:
hosts = localhost dbname = email user = mailuser password = mailpass table = alias select_field = goto where_field = email
mysql_virtual_domains_maps.cf:
hosts = localhost dbname = email user = mailuser password = mailpass table = domain select_field = domain where_field = domain
mysql_virtual_mailbox_limit_maps.cf:
hosts = localhost dbname = email user = mailuser password = mailpass table = users select_field = quota where_field = userid
mysql_virtual_mailbox_maps.cf:
hosts = localhost dbname = email user = mailuser password = mailpass table = users select_field = home where_field = userid
mysql_virtual_transport.cf:
hosts = localhost dbname = email user = mailuser password = mailpass table = domain select_field = transport where_field = domain
Configurare dovecot
dovecot.conf :
base_dir = /var/run/dovecot/
protocols = imap pop3s imaps pop3
listen = *
ssl_disable = no
ssl_cert_file = /etc/postfix/ssl/smtpd.pem
ssl_key_file = /etc/postfix/ssl/smtpd.pem
disable_plaintext_auth = no
login_user = postfix
first_valid_uid = 400
mail_debug = no
default_mail_env = maildir:/home/mails/%h/
protocol imap {
}
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
}
auth default {
mechanisms = plain digest-md5 cram-md5
passdb sql {
args = /etc/dovecot/dovecot-mysql.conf
}
userdb sql {
args = /etc/dovecot/dovecot-mysql.conf
}
user = root
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0666
}
}
}
dovecot-mysql.conf:
driver=mysql default_pass_scheme = crypt connect = host=localhost dbname=email user=mailuser password=mailpass password_query = SELECT password FROM users WHERE userid = '%n' user_query = SELECT home, uid , gid FROM users WHERE userid = '%n';
Configurarea bazei de date in mysql
Se va folosi fisierul postdov.sql pentru crearea tabelelor in baza de date cu numele email. I se va da acces userului mailuser si cu parola mailpass drept de citire pentru baza de date email. Atentie: Este recomandat sa schimbati parola si userul in toate fisierele de configurare.
postdov.sql:
<sql/>--
-- Table structure for table `alias`
--
CREATE TABLE alias (
email varchar(255) NOT NULL default , goto text NOT NULL, domain varchar(255) NOT NULL default , PRIMARY KEY (email), KEY domain (domain)
) TYPE=MyISAM;
-- -- Dumping data for table `alias` --
INSERT INTO alias VALUES ('root@domeniu.ro','administrator@domeniu.ro','domeniu.ro'); -- -- Table structure for table `domain` --
CREATE TABLE domain (
domain varchar(255) NOT NULL default , transport varchar(50) NOT NULL default 'virtual', PRIMARY KEY (domain)
) TYPE=MyISAM;
-- -- Dumping data for table `domain` --
INSERT INTO domain VALUES ('domeniu.ro','virtual');
-- -- Table structure for table `users` -- -- -- Table structure for table `users` --
CREATE TABLE users (
userid varchar(255) NOT NULL default ,
password varchar(255) NOT NULL default ,
home varchar(255) NOT NULL default ,
quota int(10) NOT NULL default '0',
domain varchar(255) NOT NULL default ,
uid int(11) NOT NULL default '0',
gid int(11) NOT NULL default '0',
block enum('y','n') NOT NULL default 'n'
) TYPE=MyISAM;
-- -- Dumping data for table `users` --
INSERT INTO users VALUES ('administrator','$1$3totus54$6J1/1ETB/LdZHHt5D1bv7.','root/',0,'domeniu.ro',400,400,'n');
Fisierul postdov.sql creeaza tabelele necesare pentru postfix si dovecot, precum si un cont administrator si un alias catre acest cont. Parola implicita pentru acest cont este '123456'.
Parola este de tipul MD5. Un mic script pentru generarea parolelor poate fi urmatorul.
<html/>
<form method="post" action="'.$_SERVER['PHP_SELF'].'"> <input type="text" name="pass" size="13"> <input type="submit" name="doit" value="generate"> </form>
<?php
if (CRYPT_MD5 == 1 && $_POST['pass']) {
echo 'MD5: ' . crypt($_POST['pass'], '$1$3totus54$') . "\n";
};
?>
Testarea serverului
Va trebui sa creeam intai directorul in care vor fi casutele postale
mkdir /home/mails
Pornirea serverelor binenteles si mysql trebuie sa fie pornit si configurat corespunzator.
postfix start dovecot
Verificam daca totul este in regula pana acum: Pentru postfix
telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 domeniu.ro ESMTP Postfix ehlo localhost 250-domeniu.ro 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN DIGEST-MD5 CRAM-MD5 250-AUTH=PLAIN DIGEST-MD5 CRAM-MD5 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
Si pentru dovecot
telnet 127.0.0.1 143 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. * OK Dovecot ready.
