Почтовый сервер на Debian 9 полная установка: dbmail & postgresql & postfix & stunnel & postgrey& spamassassin: различия между версиями
imported>Vix Нет описания правки |
imported>Vix Нет описания правки |
||
Строка 613: | Строка 613: | ||
'''#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem''' | '''#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem''' | ||
'''#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key''' | '''#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key''' | ||
''' | '''smtpd_tls_cert_file=/etc/postfix/ssl/smtpd.pem''' | ||
'''smtpd_tls_key_file=/etc/postfix/ssl/smtpd.key''' | |||
smtpd_use_tls=yes | |||
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache | smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache | ||
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache | smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache | ||
Строка 620: | Строка 622: | ||
# information on enabling SSL in the smtp client. | # information on enabling SSL in the smtp client. | ||
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination | '''#smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination''' | ||
'''smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination''' | |||
'''myhostname = mymail.home.local''' | '''myhostname = mymail.home.local''' | ||
alias_maps = hash:/etc/aliases | alias_maps = hash:/etc/aliases | ||
Строка 628: | Строка 631: | ||
relayhost = | relayhost = | ||
'''#mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128''' | '''#mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128''' | ||
'''mynetworks = 127.0.0.0/8 10.0.5. | '''mynetworks = 127.0.0.0/8 10.0.5.2''' | ||
mailbox_size_limit = 0 | mailbox_size_limit = 0 | ||
recipient_delimiter = + | recipient_delimiter = + | ||
Строка 642: | Строка 645: | ||
'''smtpd_sasl_local_domain =''' | '''smtpd_sasl_local_domain =''' | ||
'''############################### - подключаем наш сертификат созданный как описано ниже.''' | '''############################### - подключаем наш сертификат созданный как описано ниже.''' | ||
''' | '''smtpd_tls_auth_only = no''' | ||
'''smtpd_tls_loglevel = 1''' | '''smtpd_tls_loglevel = 1''' | ||
'''smtpd_tls_received_header = yes''' | '''smtpd_tls_received_header = yes''' | ||
'''smtpd_tls_session_cache_timeout = 3600s''' | '''smtpd_tls_session_cache_timeout = 3600s''' | ||
'''tls_random_source = dev:/dev/urandom''' | '''tls_random_source = dev:/dev/urandom''' | ||
* вносим необходимые изменения в файлы конфигурации - пример рабочей версии '''master.cf''': | * вносим необходимые изменения в файлы конфигурации - пример рабочей версии '''master.cf''': | ||
Строка 784: | Строка 783: | ||
user = dbmail | user = dbmail | ||
password = userpass | password = userpass | ||
hosts = 10.0.5.2 | hosts = 10.0.5.2 | ||
dbname = mailbasename | dbname = mailbasename | ||
table = dbmail_aliases | table = dbmail_aliases | ||
select_field = alias | select_field = alias | ||
where_field = alias | where_field = alias | ||
Строка 819: | Строка 812: | ||
mkdir -p /etc/postfix/ssl | mkdir -p /etc/postfix/ssl | ||
cd /etc/postfix/ssl | cd /etc/postfix/ssl | ||
openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd. | openssl req -new -x509 -days 3650 -nodes -out smtpd.pem -keyout smtpd.key | ||
* перезапускаем '''postfix''': | * перезапускаем '''postfix''': |
Версия от 18:14, 1 ноября 2017
Порядок установки:
- Система Debian Stretch {9}
- Используемый source.list
# deb http://mirror.mephi.ru/debian/ stretch main deb-src http://mirror.mephi.ru/debian/ stretch main deb http://security.debian.org/debian-security stretch/updates main deb-src http://security.debian.org/debian-security stretch/updates main # stretch-updates, previously known as 'volatile' deb http://mirror.mephi.ru/debian/ stretch-updates main deb-src http://mirror.mephi.ru/debian/ stretch-updates main ###### Debian Main Repos deb http://deb.debian.org/debian/ stable main contrib non-free deb-src http://deb.debian.org/debian/ stable main contrib non-free deb http://deb.debian.org/debian/ stable-updates main contrib non-free deb-src http://deb.debian.org/debian/ stable-updates main contrib non-free deb http://deb.debian.org/debian-security stable/updates main contrib non-free deb-src http://deb.debian.org/debian-security stable/updates main contrib non-free deb http://ftp.debian.org/debian stretch-backports main contrib non-free deb-src http://ftp.debian.org/debian stretch-backports main contrib non-free
1. Устанавливаем необходимые пакеты:
apt-get install pkg-config libglib2.0-dev libgmime-2.6-dev libmhash-dev libevent-dev libssl1.0-dev libzdb-dev autoconf automake libtool autotools-dev dpkg-dev fakeroot debhelper dh-make libldap2-dev libsieve2-dev ascidoc
2. Скачиваем с dbmail.org исходники:
wget -c -t 0 -T 8 http://www.dbmail.org/download/3.1/dbmail-3.1.17.tar.gz
3. Распаковываем и компилируем:
cp dbmail-3.1.17.tar.gz /usr/local/src tar -xf dbmail-3.1.17.tar.gz /usr/local/src.dbmail-3.1.7 cp dbmail-3.1.17.tar.gz /usr/local/src/dbmail_3.1.7.orig.tar.gz
Готовим пакет к сборке:
cd /usr/local/src/dbmail-3.1.7 ./configure --with-pgsql --prefix=/usr dpkg-source --commit
даем имя, что-то pgsql.commit
cd /usr/local/src/ dpkg-source -b dbmail-3.1.7
cd /usr/local/src/dbmail-3.1.7 dpkg-buildpackage -d
- после того как соберется пакет, копируем себе в архив и ставим.
dpkg -i dbmail_3.1.7-1_amd64.deb
- правим файл конфигурации:
editor /etc/dbmail/dbmail.conf
- пример рабочего конфигурационного файла:
# (c) 2000-2006 IC&S, The Netherlands # # Configuration file for DBMAIL [DBMAIL] # # Database settings # # database connection URI #dburi = sqlite:///var/tmp/dbmail.db # # Supported drivers are sql, ldap. # authdriver = sql # # # following fields are now DEPRECATED! driver = postgresql host = 10.0.5.2 sqlport = 5432 #sqlsocket = user = dbmail pass = dbmailpass db = mailbasename # # Number of database connections per threaded daemon # This also determines the size of the worker threadpool # # Do NOT increase this without proper consideration. A # very large database/worker pool will not only increase # the connection pressure on the database, but will more # significantly cause unnecessary context-switching in # your CPUs. # #max_db_connections = 10 # # Table prefix. Defaults to "dbmail_" if not specified. # table_prefix = dbmail_ # # encoding must match the database/table encoding. # i.e. latin1, utf8 encoding = utf8 # # messages with unknown encoding will be assumed to have # default_msg_encoding # i.e. iso8859-1, utf8 default_msg_encoding = utf8 # # Postmaster's email address for use in bounce messages. # #postmaster = DBMAIL-MAILER # # Sendmail executable for forwards, replies, notifies, vacations. # You may use pipes (|) in this command, for example: # dos2unix|/usr/sbin/sendmail works well with Qmail. # You may use quotes (") for executables with unusual names. # sendmail = /usr/sbin/sendmail # # # The following items can be overridden in the service-specific sections. # # # # Logging via stderr/log file and syslog # # Logging is broken up into 8 logging levels and each level can be indivually turned on or off. # The Stderr/log file logs all entries to stderr or the log file. # Syslog logging uses the facility mail and the logging level of the event for logging. # Syslog can then be configured to log data according to the levels. # # Set the log level to the sum of the values next to the levels you want to record. # 1 = Emergency # 2 = Alert # 4 = Critical # 8 = Error # 16 = Warning # 32 = Notice # 64 = Info # 128 = Debug # 256 = Database -> Logs at debug level # # Examples: 0 = Nothing # 31 = Emergency + Alert + Critical + Error + Warning # 511 = Everything # file_logging_levels = 7 # syslog_logging_levels = 31 # # Generate a log entry for database queries for the log level at number of seconds of query execution time. # query_time_info = 10 query_time_notice = 20 query_time_warning = 30 # # Throw an exception is the query takes longer than query_timeout seconds query_timeout = 300 # # Root privs are used to open a port, then privs # are dropped down to the user/group specified here. # effective_user = dbmail effective_group = mail # # The IPv4 and/or IPv6 addresses the services will bind to. # Use * for all local interfaces. # Use 127.0.0.1 for localhost only. # Separate multiple entries with spaces ( ) or commas (,). # bindip = 0.0.0.0 # IPv4 only - all IP's #bindip = :: # IPv4 and IPv6 - all IP's (linux) #bindip = :: # IPv6 only - all IP's (BSD) #bindip = 0.0.0.0,:: # IPv4 and IPv6 - all IP's (BSD) # # The maximum length of the queue of pending connections. See # listen(2) for more information # # backlog = 128 # # Idle time allowed before a connection is shut off. # timeout = 300 # # Idle time allowed before a connection is shut off if you have not logged in yet. # login_timeout = 60 # # If yes, resolves IP addresses to DNS names when logging. # resolve_ip = yes # # If yes, keep statistics in the authlog table for connecting users # authlog = no # # logfile for stdout messages # logfile = /var/log/dbmail.log # # logfile for stderr messages # errorlog = /var/log/dbmail.err # # directory for storing PID files # pid_directory = /var/run/dbmail # # directory for locating libraries (normally has a sane default compiled-in) # library_directory = /usr/lib/dbmail # # SSL/TLS certificates # # A file containing a list of CAs in PEM format tls_cafile = # A file containing a PEM format certificate tls_cert = # A file containing a PEM format RSA or DSA key tls_key = # A cipher list string in the format given in ciphers(1) tls_ciphers = # hashing algorithm. You can select your favorite hash type # for generating unique ids for message parts. # # for valid values check mhash(3) but minus the MHASH_ prefix. # # if you ever change this value run 'dbmail-util --rehash' to # update the hash for all mimeparts. # # examples: MD5, SHA1, SHA256, SHA512, TIGER, WHIRLPOOL # # hash_algorithm = SHA1 # header_cache tuning # # set header_cache_readonly to 'yes' to prevent new # unknown header-names from being cached. # # header_cache_readonly = yes [LMTP] bindip = 127.0.0.1 port = 24 #tls_port = [POP] port = 110 #tls_port = 995 # You can set an alternate banner to display when connecting to the service # banner = DBMAIL pop3 server ready to rock # # If yes, allows SMTP access from the host IP connecting by POP3. # This requires addition configuration of your MTA # pop_before_smtp = no [HTTP] port = 41380 # # the httpd daemon provides full access to all users, mailboxes # and messages. Be very careful with this one! bindip = 127.0.0.1 admin = admin:secret [IMAP] # You can set an alternate banner to display when connecting to the service # banner = imap 4r1 server (dbmail 2.3.x) # # Port to bind to. # port = 143 ##tls_port = 993 # # IMAP prefers a longer timeout than other services. # timeout = 4000 # # If yes, allows SMTP access from the host IP connecting by IMAP. # This requires addition configuration of your MTA # imap_before_smtp = no # # during IDLE, how many seconds between checking the mailbox # status (default: 30) # # idle_timeout = 30 # during IDLE, how often should the server send an '* OK' still # here message (default: 10) # # the time between such a message is idle_timeout * idle_interval # seconds # # idle_interval = 10 # # If TLS is enabled, login before starttls is normally # not allowed. Use login_disabled=no to change this # # login_disabled = yes # # Provide a CAPABILITY to override the default # # capability = IMAP4 IMAP4rev1 AUTH=LOGIN ACL RIGHTS=texk NAMESPACE CHILDREN SORT QUOTA THREAD=ORDEREDSUBJECT UNSELECT IDLE # max message size. You can specify the maximum message size # accepted by the IMAP daemon during APPEND commands. # # Supported formats: # decimal: 1000000 # octal: 03777777 # hex: 0xfffff # # max_message_size = [SIEVE] # # Port to bind to. # port = 2000 tls_port = [LDAP] port = 389 version = 3 hostname = ldap base_dn = ou=People,dc=mydomain,dc=com # # If your LDAP library supports ldap_initialize(), then you can use the # alternative LDAP server DSN like following. # # URI = ldap://127.0.0.1:389 # URI = ldapi://%2fvar%2frun%2fopenldap%2fldapi/ # # Leave blank for anonymous bind. # example: cn=admin,dc=mydomain,dc=com # bind_dn = # # Leave blank for anonymous bind. # bind_pw = scope = SubTree # AD users may want to set this to 'no' to disable # ldap referrals if you are seeing 'Operations errors' # in your logs # referrals = yes user_objectclass = top,account,dbmailUser forw_objectclass = top,account,dbmailForwardingAddress cn_string = uid field_passwd = userPassword field_uid = uid field_nid = uidNumber min_nid = 10000 max_nid = 15000 field_cid = gidNumber min_cid = 10000 max_cid = 15000 # a comma-separated list of attributes to match when searching # for users or forwards that match a delivery address. A match # on any of them is a hit. field_mail = mail # field that holds the mail-quota size for a user. field_quota = mailQuota # field that holds the forwarding address. field_fwdtarget = mailForwardingAddress # override the query string used to search for users # or forwards with a delivery address. # query_string = (mail=%s) [DELIVERY] # # Run Sieve scripts as messages are delivered. # SIEVE = yes # # Use 'user+mailbox@domain' format to deliver to a mailbox. # SUBADDRESS = yes # # Turn on/off the Sieve Vacation extension. # SIEVE_VACATION = yes # # Turn on/off the Sieve Notify extension # SIEVE_NOTIFY = yes # # Turn on/off additional Sieve debugging. # SIEVE_DEBUG = no # Use the auto_notify table to send email notifications. # AUTO_NOTIFY = no # # Use the auto_reply table to send away messages. # AUTO_REPLY = no # # Defaults to "NEW MAIL NOTIFICATION" # #AUTO_NOTIFY_SUBJECT = # # Defaults to POSTMASTER from the DBMAIL section. # #AUTO_NOTIFY_SENDER = # If you set this to 'yes' dbmail will check for duplicate # messages in the relevant mailbox during delivery using # the Message-ID header # suppress_duplicates = no # # Soft or hard bounce on over-quota delivery # quota_failure = hard # end of configuration file
- правим default конфигурационный файл - /etc/default/dbmail
# debian specific configuration for dbmail # work-around for linux/epoll bug in libevent export EVENT_NOEPOLL=yes # comment out to disable the pop3 server START_POP3D=true # comment out to disable the imapd server START_IMAPD=true # uncomment to enable the lmtpd server START_LMTPD=true # uncomment to enable the timsieved server #START_SIEVE=true # comment out to enable the stunnel SSL wrapper START_SSL=true # specify the filename for the pem file as # it resides in /etc/ssl/certs PEMFILE="dbmail.pem"
- перезапуск службы:
systemctl restart dbmail
- Краткое пояснение:
1. Предназначенные для доставки сообщений от MTA в хранилище.
2. Предназначенные для доставки MUA из хранилища.
- К первым относятся:
dbmail-lmtpd – UNIX-демон, принимающий клиентские подключения через UNIX-сокет или TCP-сокет. Для приема почтовых сообщений используется протокол LMTP. На каждое входящее сообщение MTA создает только клиентский сокет, необходимое количество процессов и подключений к БД создается заранее.
Таким образом, этот вариант обеспечивает лучшую производительность при высокой нагрузке, но при низкой он потребляет больше системных ресурсов, чем необходимо.
- Ко вторым относятся:
dbmail-pop3d – демон для доступа по протоколу POP3.
dbmail-imapd – демон для доступа по протоколу IMAP.
- Кроме того, в состав DBMail входят следующие вспомогательные утилиты:
dbmail-users – инструмент для управления пользователями и их псевдонимами (возможно, многим из вас будет привычнее термин alias).
dbmail-util – инструмент для очистки, оптимизации и проверки корректности БД.
- С установкой dbmail пока окончено, следующий этап установка postgesql и настройка для будущей работы.
5. После того как мы настроили базу данных postgresql, создаем пользователя dbmail и базу dbmail
- Создаем пользователя для работы с почтовой базой
createuser -U postgres -P dbmail
- Создаем базу
createdb -U postgres --owner dbmail dbmail
- Вместе с dbmail идут заготовки базы, распаковываем и заливаем:
bunzip2 /usr/share/doc/dbmail-2.2.10/create_tables.pgsql.bz2 psql -U dbmail -d dbmail < /usr/share/doc/dbmail-2.2.10/create_tables.pgsql
- В этом дампе нет таблицы для работы с виртуальными доменами, создадим ее:
CREATE TYPE dtype AS ENUM ( 'LOCAL', 'VIRTUAL', 'RELAY' ); ALTER TYPE public.dtype OWNER TO dbmail; SET default_with_oids = true; CREATE TABLE dbmail_domains ( uid integer NOT NULL, domain character varying(128) NOT NULL, type dtype NOT NULL ); INSERT INTO dbmail_domains (uid, domain, type) VALUES (1, 'example.com', 'LOCAL');
База готова.
- добавляем обработку базы в /etc/crontab
... 0 3 * * * root /usr/sbin/dbmail-util -cturpd -l 24h -qq ...
- проверяем работу dbmail c базой:
dbmail-util -av
если есть ошибки, исправляем не забывая проверить файл конфигурации...
.. если все ок, приступаем к настройке postfix
5. Настройка Postfix
apt-get install postfix postfix-pgsql postfix-sqlite procmail libsasl2-2 libsasl2-modules libsasl2-modules-db libsasl2-modules-sql sqlite3
- вносим необходимые изменения в файлы конфигурации - пример рабочей версии main.cf:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on # fresh installs. compatibility_level = 2 # TLS parameters #smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem #smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_cert_file=/etc/postfix/ssl/smtpd.pem smtpd_tls_key_file=/etc/postfix/ssl/smtpd.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. #smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination myhostname = mymail.home.local alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = $myhostname, mymail.ru, mymail.home.local, localhost.home.local, localhost relayhost = #mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mynetworks = 127.0.0.0/8 10.0.5.2 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all ############################## - указываем способ использования postgresql local_recipient_maps = pgsql:/etc/postfix/dbmail-mailboxes.cf $alias_maps mailbox_transport = dbmail-lmtp:127.0.0.1:24 #################### - подключаем авторизацию через sasl, установка ниже в статье. broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = ############################### - подключаем наш сертификат созданный как описано ниже. smtpd_tls_auth_only = no smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom
- вносим необходимые изменения в файлы конфигурации - пример рабочей версии master.cf:
# # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master" or # on-line: http://www.postfix.org/master.5.html). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (no) (never) (100) # ========================================================================== smtp inet n - y - - smtpd #smtp inet n - y - 1 postscreen #smtpd pass - - y - - smtpd #dnsblog unix - - y - 0 dnsblog #tlsproxy unix - - y - 0 tlsproxy #submission inet n - y - - smtpd # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - y - - smtpd # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - y - - qmqpd pickup unix n - y 60 1 pickup cleanup unix n - y - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgr unix - - y 1000? 1 tlsmgr rewrite unix - - y - - trivial-rewrite bounce unix - - y - 0 bounce defer unix - - y - 0 bounce trace unix - - y - 0 bounce verify unix - - y - 1 verify flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - y - - smtp relay unix - - y - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - y - - showq error unix - - y - - error retry unix - - y - - error discard unix - - y - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - y - - lmtp anvil unix - - y - 1 anvil scache unix - - y - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} # # ==================================================================== # # Recent Cyrus versions can use the existing "lmtp" master.cf entry. # # Specify in cyrus.conf: # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 # # Specify in main.cf one or more of the following: # mailbox_transport = lmtp:inet:localhost # virtual_transport = lmtp:inet:localhost # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # Old example of delivery via Cyrus. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} ###### dbmail-lmtp unix - - n - - lmtp -o disable_dns_lookups=yes
- создаем файл настройки подключения к базе postgresql - dbmail-mailboxes.cf:
user = dbmail password = userpass hosts = 10.0.5.2 dbname = mailbasename table = dbmail_aliases select_field = alias where_field = alias
- в каталоге настроек postfix создаем файл настроек для sasl:
mkdir -p /etc/postfix/sasl
- создаем файл конфигурации - smtpd.conf:
echo > /etc/postfix/sasl/smtpd.conf
- вносим содержимое файла:
edit /etc/postfix/sasl/smtpd.conf
pwcheck_method: auxprop auxprop_plugin: sql mech_list: digest-md5 cram-md5 login plain sql_engine: pgsql sql_user: dbmail sql_passwd: userpass sql_hostnames: 10.0.5.2 sql_database: mailbasename sql_statement: select passwd from dbmail_users where userid='%u@%r' sql_verbose: yes
- генерируем свой сертификат tls:
mkdir -p /etc/postfix/ssl cd /etc/postfix/ssl openssl req -new -x509 -days 3650 -nodes -out smtpd.pem -keyout smtpd.key
- перезапускаем postfix:
systemctl postfix restart
или
/etc/init.d/postfix restart
- проверяем работу postfix:
# telnet <postfix_ip_address> 25 Trying <postfix_ip_address>... Connected to <postfix_ip_address>. Escape character is '^]'. 220 mx.kscom.ru ESMTP Postfix EHLO example.com 250-mx.kscom.ru 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN QUIT 221 2.0.0 Bye Connection closed by foreign host.
- должно быть - 250-STARTTLS - должно быть - AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5 - все работает..
Источники:
- Почтовый сервер на основе реляционной СУБД.
- GUI-конфигуратора DbMail Administrator (DBMA), написанного на Perl
- Настройка exim+postgresql+dbmail+spamassassin...
- Создание почтовой системы на базе exim, dbmail, amavisd-new и postgresql
- Почтовый сервер на основе реляционной СУБД
- Почтовый сервер с хранением данных в PostgreSQL
- Exim (exim mail mta virtual spam virus clamav freebsd imap postgresql)
- Создание почтовой системы на базе exim, dbmail, amavisd-new и postgresql
- Exim и dbmail
- Почтовый сервер под Ubuntu Server: связка DBmail + Postfix + sasl + spamassassin + clamav
- Почтовый сервер на основе реляционной СУБД - переработанное
- Почтовый сервер cвязка DBmail + Postfix + sasl + spamassassin + clamav + DBMA + Roundcube webmail
- Почтовая система Postfix + DBMail + SASL2 + TLS + DSpam + ClamAV + RoundCubeWebMail