«Установка почтового сервера - Citadel Debian 7» и «Почтовый сервер на Debian 9 полная установка: dbmail & postgresql & postfix & stunnel & postgrey& spamassassin»: разница между страницами
Материал из support.qbpro.ru
(Различия между страницами)
imported>Vix (Vix переименовал страницу Установка почтового сервера - Citadel Debian 7 в Установка почтового сервера - Citadel в Debian) |
imported>Vix Нет описания правки |
||
Строка 1: | Строка 1: | ||
# | '''Порядок установки:''' | ||
* '''''Система Debian Stretch {9}''''' | |||
* Используемый source.list | |||
# | |||
deb http://mirror.mephi.ru/debian/ stretch main | |||
deb-src http://mirror.mephi.ru/debian/ stretch main | |||
deb http://security.debian.org/debian-security stretch/updates main | |||
deb-src http://security.debian.org/debian-security stretch/updates main | |||
# stretch-updates, previously known as 'volatile' | |||
deb http://mirror.mephi.ru/debian/ stretch-updates main | |||
deb-src http://mirror.mephi.ru/debian/ stretch-updates main | |||
###### Debian Main Repos | |||
deb http://deb.debian.org/debian/ stable main contrib non-free | |||
deb-src http://deb.debian.org/debian/ stable main contrib non-free | |||
deb http://deb.debian.org/debian/ stable-updates main contrib non-free | |||
deb-src http://deb.debian.org/debian/ stable-updates main contrib non-free | |||
deb http://deb.debian.org/debian-security stable/updates main contrib non-free | |||
deb-src http://deb.debian.org/debian-security stable/updates main contrib non-free | |||
deb http://ftp.debian.org/debian stretch-backports main contrib non-free | |||
deb-src http://ftp.debian.org/debian stretch-backports main contrib non-free | |||
1. ''Устанавливаем необходимые пакеты:'' | |||
apt-get install pkg-config libglib2.0-dev libgmime-2.6-dev libmhash-dev libevent-dev libssl1.0-dev libzdb-dev | |||
autoconf automake libtool autotools-dev dpkg-dev fakeroot | |||
2. ''Скачиваем с [http://www.dbmail.org/index.php?page=download dbmail.org] исходники:'' | |||
wget -c -t 0 -T 8 http://www.dbmail.org/download/3.1/dbmail-3.1.17.tar.gz | |||
3. ''Распаковываем и компилируем:'' | |||
cp dbmail-3.1.17.tar.gz /usr/local/src | |||
tar -xf dbmail-3.1.17.tar.gz /usr/local/src.dbmail-3.1.17 | |||
cp dbmail-3.1.17.tar.gz /usr/local/src/dbmail_3.0.2.orig.tar.gz | |||
''Готовим пакет к сборке:'' | |||
cd /usr/local/src/dbmail-3.2.3 | |||
./configure --with-pgsql --prefix=/usr | |||
dpkg-source --commit | |||
даем имя, что-то pgsql.commit | |||
cd /usr/local/src/ | |||
dpkg-source -b dbmail-3.2.3 | |||
cd /usr/local/src/dbmail-3.2.3 | |||
dpkg-buildpackage -d | |||
* после того как соберется пакет, копируем себе в архив и ставим. | |||
dpkg -i dbmail_3.2.3-1_amd64.deb | |||
* правим файл конфигурации: | |||
editor /etc/dbmail/dbmail.conf | |||
* пример рабочего конфигурационного файла: | |||
# (c) 2000-2006 IC&S, The Netherlands | |||
# | |||
# Configuration file for DBMAIL | |||
[DBMAIL] | |||
# | |||
# Database settings | |||
# | |||
# database connection URI | |||
#dburi = sqlite:///var/tmp/dbmail.db | |||
# | |||
# Supported drivers are sql, ldap. | |||
# | |||
authdriver = sql | |||
# | |||
# | |||
# following fields are now DEPRECATED! | |||
driver = postgresql | |||
host = 10.0.5.2 | |||
sqlport = 5432 | |||
#sqlsocket = | |||
user = dbmail | |||
pass = dbmailpass | |||
db = mailbasename | |||
# | |||
# Number of database connections per threaded daemon | |||
# This also determines the size of the worker threadpool | |||
# | |||
# Do NOT increase this without proper consideration. A | |||
# very large database/worker pool will not only increase | |||
# the connection pressure on the database, but will more | |||
# significantly cause unnecessary context-switching in | |||
# your CPUs. | |||
# | |||
#max_db_connections = 10 | |||
# | |||
# Table prefix. Defaults to "dbmail_" if not specified. | |||
# | |||
table_prefix = dbmail_ | |||
# | |||
# encoding must match the database/table encoding. | |||
# i.e. latin1, utf8 | |||
encoding = utf8 | |||
# | |||
# messages with unknown encoding will be assumed to have | |||
# default_msg_encoding | |||
# i.e. iso8859-1, utf8 | |||
default_msg_encoding = utf8 | |||
# | |||
# Postmaster's email address for use in bounce messages. | |||
# | |||
#postmaster = DBMAIL-MAILER | |||
# | |||
# Sendmail executable for forwards, replies, notifies, vacations. | |||
# You may use pipes (|) in this command, for example: | |||
# dos2unix|/usr/sbin/sendmail works well with Qmail. | |||
# You may use quotes (") for executables with unusual names. | |||
# | |||
sendmail = /usr/sbin/sendmail | |||
# | |||
# | |||
# The following items can be overridden in the service-specific sections. | |||
# | |||
# | |||
# | |||
# Logging via stderr/log file and syslog | |||
# | |||
# Logging is broken up into 8 logging levels and each level can be indivually turned on or off. | |||
# The Stderr/log file logs all entries to stderr or the log file. | |||
# Syslog logging uses the facility mail and the logging level of the event for logging. | |||
# Syslog can then be configured to log data according to the levels. | |||
# | |||
# Set the log level to the sum of the values next to the levels you want to record. | |||
# 1 = Emergency | |||
# 2 = Alert | |||
# 4 = Critical | |||
# 8 = Error | |||
# 16 = Warning | |||
# 32 = Notice | |||
# 64 = Info | |||
# 128 = Debug | |||
# 256 = Database -> Logs at debug level | |||
# | |||
# Examples: 0 = Nothing | |||
# 31 = Emergency + Alert + Critical + Error + Warning | |||
# 511 = Everything | |||
# | |||
file_logging_levels = 7 | |||
# | |||
syslog_logging_levels = 31 | |||
# | |||
# Generate a log entry for database queries for the log level at number of seconds of query execution time. | |||
# | |||
query_time_info = 10 | |||
query_time_notice = 20 | |||
query_time_warning = 30 | |||
# | |||
# Throw an exception is the query takes longer than query_timeout seconds | |||
query_timeout = 300 | |||
# | |||
# Root privs are used to open a port, then privs | |||
# are dropped down to the user/group specified here. | |||
# | |||
effective_user = dbmail | |||
effective_group = mail | |||
# | |||
# The IPv4 and/or IPv6 addresses the services will bind to. | |||
# Use * for all local interfaces. | |||
# Use 127.0.0.1 for localhost only. | |||
# Separate multiple entries with spaces ( ) or commas (,). | |||
# | |||
bindip = 0.0.0.0 # IPv4 only - all IP's | |||
#bindip = :: # IPv4 and IPv6 - all IP's (linux) | |||
#bindip = :: # IPv6 only - all IP's (BSD) | |||
#bindip = 0.0.0.0,:: # IPv4 and IPv6 - all IP's (BSD) | |||
# | |||
# The maximum length of the queue of pending connections. See | |||
# listen(2) for more information | |||
# | |||
# backlog = 128 | |||
# | |||
# Idle time allowed before a connection is shut off. | |||
# | |||
timeout = 300 | |||
# | |||
# Idle time allowed before a connection is shut off if you have not logged in yet. | |||
# | |||
login_timeout = 60 | |||
# | |||
# If yes, resolves IP addresses to DNS names when logging. | |||
# | |||
resolve_ip = yes | |||
# | |||
# If yes, keep statistics in the authlog table for connecting users | |||
# | |||
authlog = no | |||
# | |||
# logfile for stdout messages | |||
# | |||
logfile = /var/log/dbmail.log | |||
# | |||
# logfile for stderr messages | |||
# | |||
errorlog = /var/log/dbmail.err | |||
# | |||
# directory for storing PID files | |||
# | |||
pid_directory = /var/run/dbmail | |||
# | |||
# directory for locating libraries (normally has a sane default compiled-in) | |||
# | |||
library_directory = /usr/lib/dbmail | |||
# | |||
# SSL/TLS certificates | |||
# | |||
# A file containing a list of CAs in PEM format | |||
tls_cafile = | |||
# A file containing a PEM format certificate | |||
tls_cert = | |||
# A file containing a PEM format RSA or DSA key | |||
tls_key = | |||
# A cipher list string in the format given in ciphers(1) | |||
tls_ciphers = | |||
# hashing algorithm. You can select your favorite hash type | |||
# for generating unique ids for message parts. | |||
# | |||
# for valid values check mhash(3) but minus the MHASH_ prefix. | |||
# | |||
# if you ever change this value run 'dbmail-util --rehash' to | |||
# update the hash for all mimeparts. | |||
# | |||
# examples: MD5, SHA1, SHA256, SHA512, TIGER, WHIRLPOOL | |||
# | |||
# hash_algorithm = SHA1 | |||
# header_cache tuning | |||
# | |||
# set header_cache_readonly to 'yes' to prevent new | |||
# unknown header-names from being cached. | |||
# | |||
# header_cache_readonly = yes | |||
[LMTP] | |||
bindip = 127.0.0.1 | |||
port = 24 | |||
#tls_port = | |||
[POP] | |||
port = 110 | |||
#tls_port = 995 | |||
# You can set an alternate banner to display when connecting to the service | |||
# banner = DBMAIL pop3 server ready to rock | |||
# | |||
# If yes, allows SMTP access from the host IP connecting by POP3. | |||
# This requires addition configuration of your MTA | |||
# | |||
pop_before_smtp = no | |||
[HTTP] | |||
port = 41380 | |||
# | |||
# the httpd daemon provides full access to all users, mailboxes | |||
# and messages. Be very careful with this one! | |||
bindip = 127.0.0.1 | |||
admin = admin:secret | |||
[IMAP] | |||
# You can set an alternate banner to display when connecting to the service | |||
# banner = imap 4r1 server (dbmail 2.3.x) | |||
# | |||
# Port to bind to. | |||
# | |||
port = 143 | |||
##tls_port = 993 | |||
# | |||
# IMAP prefers a longer timeout than other services. | |||
# | |||
timeout = 4000 | |||
# | |||
# If yes, allows SMTP access from the host IP connecting by IMAP. | |||
# This requires addition configuration of your MTA | |||
# | |||
imap_before_smtp = no | |||
# | |||
# during IDLE, how many seconds between checking the mailbox | |||
# status (default: 30) | |||
# | |||
# idle_timeout = 30 | |||
# during IDLE, how often should the server send an '* OK' still | |||
# here message (default: 10) | |||
# | |||
# the time between such a message is idle_timeout * idle_interval | |||
# seconds | |||
# | |||
# idle_interval = 10 | |||
# | |||
# If TLS is enabled, login before starttls is normally | |||
# not allowed. Use login_disabled=no to change this | |||
# | |||
# login_disabled = yes | |||
# | |||
# Provide a CAPABILITY to override the default | |||
# | |||
# capability = IMAP4 IMAP4rev1 AUTH=LOGIN ACL RIGHTS=texk NAMESPACE CHILDREN SORT QUOTA THREAD=ORDEREDSUBJECT UNSELECT IDLE | |||
# max message size. You can specify the maximum message size | |||
# accepted by the IMAP daemon during APPEND commands. | |||
# | |||
# Supported formats: | |||
# decimal: 1000000 | |||
# octal: 03777777 | |||
# hex: 0xfffff | |||
# | |||
# max_message_size = | |||
[SIEVE] | |||
# | |||
# Port to bind to. | |||
# | |||
port = 2000 | |||
tls_port = | |||
[LDAP] | |||
port = 389 | |||
version = 3 | |||
hostname = ldap | |||
base_dn = ou=People,dc=mydomain,dc=com | |||
# | |||
# If your LDAP library supports ldap_initialize(), then you can use the | |||
# alternative LDAP server DSN like following. | |||
# | |||
# URI = ldap://127.0.0.1:389 | |||
# URI = ldapi://%2fvar%2frun%2fopenldap%2fldapi/ | |||
# | |||
# Leave blank for anonymous bind. | |||
# example: cn=admin,dc=mydomain,dc=com | |||
# | |||
bind_dn = | |||
# | |||
# Leave blank for anonymous bind. | |||
# | |||
bind_pw = | |||
scope = SubTree | |||
# AD users may want to set this to 'no' to disable | |||
# ldap referrals if you are seeing 'Operations errors' | |||
# in your logs | |||
# | |||
referrals = yes | |||
user_objectclass = top,account,dbmailUser | |||
forw_objectclass = top,account,dbmailForwardingAddress | |||
cn_string = uid | |||
field_passwd = userPassword | |||
field_uid = uid | |||
field_nid = uidNumber | |||
min_nid = 10000 | |||
max_nid = 15000 | |||
field_cid = gidNumber | |||
min_cid = 10000 | |||
max_cid = 15000 | |||
# a comma-separated list of attributes to match when searching | |||
# for users or forwards that match a delivery address. A match | |||
# on any of them is a hit. | |||
field_mail = mail | |||
# field that holds the mail-quota size for a user. | |||
field_quota = mailQuota | |||
# field that holds the forwarding address. | |||
field_fwdtarget = mailForwardingAddress | |||
# override the query string used to search for users | |||
# or forwards with a delivery address. | |||
# query_string = (mail=%s) | |||
[DELIVERY] | |||
# | |||
# Run Sieve scripts as messages are delivered. | |||
# | |||
SIEVE = yes | |||
# | |||
# Use 'user+mailbox@domain' format to deliver to a mailbox. | |||
# | |||
SUBADDRESS = yes | |||
# | |||
# Turn on/off the Sieve Vacation extension. | |||
# | |||
SIEVE_VACATION = yes | |||
# | |||
# Turn on/off the Sieve Notify extension | |||
# | |||
SIEVE_NOTIFY = yes | |||
# | |||
# Turn on/off additional Sieve debugging. | |||
# | |||
SIEVE_DEBUG = no | |||
# Use the auto_notify table to send email notifications. | |||
# | |||
AUTO_NOTIFY = no | |||
# | |||
# Use the auto_reply table to send away messages. | |||
# | |||
AUTO_REPLY = no | |||
# | |||
# Defaults to "NEW MAIL NOTIFICATION" | |||
# | |||
#AUTO_NOTIFY_SUBJECT = | |||
# | |||
# Defaults to POSTMASTER from the DBMAIL section. | |||
# | |||
#AUTO_NOTIFY_SENDER = | |||
# If you set this to 'yes' dbmail will check for duplicate | |||
# messages in the relevant mailbox during delivery using | |||
# the Message-ID header | |||
# | |||
suppress_duplicates = no | |||
# | |||
# Soft or hard bounce on over-quota delivery | |||
# | |||
quota_failure = hard | |||
# end of configuration file | |||
* перезапуск службы: | |||
systemctl restart dbmail | |||
* С установкой '''dbmail''' пока окончено, следующий этап установка '''postgesql''' и настройка для будущей работы. | |||
4. ''[[Настройка PostgreSQL]]'' | |||
5. После того как мы настроили базу данных '''postgresql''', создаем пользователя '''dbmail''' и базу '''dbmail'''<br> | |||
* Создаем пользователя для работы с почтовой базой | |||
createuser -U postgres -P dbmail | |||
* Создаем базу | |||
createdb -U postgres --owner dbmail dbmail | |||
* Вместе с dbmail идут заготовки базы, распаковываем и заливаем: | |||
bunzip2 /usr/share/doc/dbmail-2.2.10/create_tables.pgsql.bz2 | |||
psql -U dbmail -d dbmail < /usr/share/doc/dbmail-2.2.10/create_tables.pgsql | |||
* В этом дампе нету таблицы для работы с виртуальными доменами, создадим ее: | |||
CREATE TYPE dtype AS ENUM ( | |||
'LOCAL', | |||
'VIRTUAL', | |||
'RELAY' | |||
); | |||
ALTER TYPE public.dtype OWNER TO dbmail; | |||
SET default_with_oids = true; | |||
CREATE TABLE dbmail_domains ( | |||
uid integer NOT NULL, | |||
domain character varying(128) NOT NULL, | |||
type dtype NOT NULL | |||
); | |||
INSERT INTO dbmail_domains (uid, domain, type) VALUES (1, 'example.com', 'LOCAL'); | |||
'''База готова.''' | |||
* проверяем работу '''dbmail''' c базой: | |||
dbmail-util -av | |||
если есть ошибки, исправляем не забывая проверить файл конфигурации...<br> | |||
.. если все ок, приступаем к настройке '''postfix''' | |||
5. '''Настройка Postfix''' | |||
apt-get install postfix postfix-pgsql postfix-sqlite procmail libsasl2-2 libsasl2-modules libsasl2-modules-db libsasl2-modules-sql sqlite3 | |||
* вносим необходимые изменения в файлы конфигурации - пример рабочей версии '''main.cf''': | |||
# See /usr/share/postfix/main.cf.dist for a commented, more complete version | |||
# Debian specific: Specifying a file name will cause the first | |||
# line of that file to be used as the name. The Debian default | |||
# is /etc/mailname. | |||
#myorigin = /etc/mailname | |||
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) | |||
biff = no | |||
# appending .domain is the MUA's job. | |||
append_dot_mydomain = no | |||
# Uncomment the next line to generate "delayed mail" warnings | |||
#delay_warning_time = 4h | |||
readme_directory = no | |||
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on | |||
# fresh installs. | |||
compatibility_level = 2 | |||
# TLS parameters | |||
'''#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem''' | |||
'''#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key''' | |||
'''#smtpd_use_tls=yes''' | |||
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache | |||
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache | |||
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for | |||
# information on enabling SSL in the smtp client. | |||
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination | |||
'''myhostname = mymail.home.local''' | |||
alias_maps = hash:/etc/aliases | |||
alias_database = hash:/etc/aliases | |||
myorigin = /etc/mailname | |||
'''mydestination = $myhostname, mymail.ru, mymail.home.local, localhost.home.local, localhost''' | |||
relayhost = | |||
#mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 | |||
'''mynetworks = 127.0.0.0/8 10.0.5.0/24''' | |||
mailbox_size_limit = 0 | |||
recipient_delimiter = + | |||
inet_interfaces = all | |||
inet_protocols = all | |||
'''############################## - указываем способ использования postgresql''' | |||
'''local_recipient_maps = pgsql:/etc/postfix/dbmail-mailboxes.cf $alias_maps''' | |||
'''mailbox_transport = dbmail-lmtp:127.0.0.1:24''' | |||
'''#################### - подключаем авторизацию через sasl, установка ниже в статье.''' | |||
'''broken_sasl_auth_clients = yes''' | |||
'''smtpd_sasl_auth_enable = yes''' | |||
'''smtpd_sasl_local_domain =''' | |||
'''############################### - подключаем наш сертификат созданный как описано ниже.''' | |||
'''smtp_use_tls = yes''' | |||
'''smtpd_use_tls = yes''' | |||
'''smtp_tls_note_starttls_offer = yes''' | |||
'''smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem''' | |||
'''smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem''' | |||
'''smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem''' | |||
'''smtpd_tls_loglevel = 1''' | |||
'''smtpd_tls_received_header = yes''' | |||
'''smtpd_tls_session_cache_timeout = 3600s''' | |||
'''tls_random_source = dev:/dev/urandom''' | |||
* вносим необходимые изменения в файлы конфигурации - пример рабочей версии '''master.cf''': | |||
# | |||
# Postfix master process configuration file. For details on the format | |||
# of the file, see the master(5) manual page (command: "man 5 master" or | |||
# on-line: http://www.postfix.org/master.5.html). | |||
# | |||
# Do not forget to execute "postfix reload" after editing this file. | |||
# | |||
# ========================================================================== | |||
# service type private unpriv chroot wakeup maxproc command + args | |||
# (yes) (yes) (no) (never) (100) | |||
# ========================================================================== | |||
smtp inet n - y - - smtpd | |||
#smtp inet n - y - 1 postscreen | |||
#smtpd pass - - y - - smtpd | |||
#dnsblog unix - - y - 0 dnsblog | |||
#tlsproxy unix - - y - 0 tlsproxy | |||
#submission inet n - y - - smtpd | |||
# -o syslog_name=postfix/submission | |||
# -o smtpd_tls_security_level=encrypt | |||
# -o smtpd_sasl_auth_enable=yes | |||
# -o smtpd_reject_unlisted_recipient=no | |||
# -o smtpd_client_restrictions=$mua_client_restrictions | |||
# -o smtpd_helo_restrictions=$mua_helo_restrictions | |||
# -o smtpd_sender_restrictions=$mua_sender_restrictions | |||
# -o smtpd_recipient_restrictions= | |||
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject | |||
# -o milter_macro_daemon_name=ORIGINATING | |||
#smtps inet n - y - - smtpd | |||
# -o syslog_name=postfix/smtps | |||
# -o smtpd_tls_wrappermode=yes | |||
# -o smtpd_sasl_auth_enable=yes | |||
# -o smtpd_reject_unlisted_recipient=no | |||
# -o smtpd_client_restrictions=$mua_client_restrictions | |||
# -o smtpd_helo_restrictions=$mua_helo_restrictions | |||
# -o smtpd_sender_restrictions=$mua_sender_restrictions | |||
# -o smtpd_recipient_restrictions= | |||
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject | |||
# -o milter_macro_daemon_name=ORIGINATING | |||
#628 inet n - y - - qmqpd | |||
pickup unix n - y 60 1 pickup | |||
cleanup unix n - y - 0 cleanup | |||
qmgr unix n - n 300 1 qmgr | |||
#qmgr unix n - n 300 1 oqmgr | |||
tlsmgr unix - - y 1000? 1 tlsmgr | |||
rewrite unix - - y - - trivial-rewrite | |||
bounce unix - - y - 0 bounce | |||
defer unix - - y - 0 bounce | |||
trace unix - - y - 0 bounce | |||
verify unix - - y - 1 verify | |||
flush unix n - y 1000? 0 flush | |||
proxymap unix - - n - - proxymap | |||
proxywrite unix - - n - 1 proxymap | |||
smtp unix - - y - - smtp | |||
relay unix - - y - - smtp | |||
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 | |||
showq unix n - y - - showq | |||
error unix - - y - - error | |||
retry unix - - y - - error | |||
discard unix - - y - - discard | |||
local unix - n n - - local | |||
virtual unix - n n - - virtual | |||
lmtp unix - - y - - lmtp | |||
anvil unix - - y - 1 anvil | |||
scache unix - - y - 1 scache | |||
# | |||
# ==================================================================== | |||
# Interfaces to non-Postfix software. Be sure to examine the manual | |||
# pages of the non-Postfix software to find out what options it wants. | |||
# | |||
# Many of the following services use the Postfix pipe(8) delivery | |||
# agent. See the pipe(8) man page for information about ${recipient} | |||
# and other message envelope options. | |||
# ==================================================================== | |||
# | |||
# maildrop. See the Postfix MAILDROP_README file for details. | |||
# Also specify in main.cf: maildrop_destination_recipient_limit=1 | |||
# | |||
maildrop unix - n n - - pipe | |||
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} | |||
# | |||
# ==================================================================== | |||
# | |||
# Recent Cyrus versions can use the existing "lmtp" master.cf entry. | |||
# | |||
# Specify in cyrus.conf: | |||
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 | |||
# | |||
# Specify in main.cf one or more of the following: | |||
# mailbox_transport = lmtp:inet:localhost | |||
# virtual_transport = lmtp:inet:localhost | |||
# | |||
# ==================================================================== | |||
# | |||
# Cyrus 2.1.5 (Amos Gouaux) | |||
# Also specify in main.cf: cyrus_destination_recipient_limit=1 | |||
# | |||
#cyrus unix - n n - - pipe | |||
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} | |||
# | |||
# ==================================================================== | |||
# Old example of delivery via Cyrus. | |||
# | |||
#old-cyrus unix - n n - - pipe | |||
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} | |||
# | |||
# ==================================================================== | |||
# | |||
# See the Postfix UUCP_README file for configuration details. | |||
# | |||
uucp unix - n n - - pipe | |||
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) | |||
# | |||
# Other external delivery methods. | |||
# | |||
ifmail unix - n n - - pipe | |||
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) | |||
bsmtp unix - n n - - pipe | |||
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient | |||
scalemail-backend unix - n n - 2 pipe | |||
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} | |||
mailman unix - n n - - pipe | |||
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py | |||
${nexthop} ${user} | |||
'''######''' | |||
'''dbmail-lmtp unix - - n - - lmtp''' | |||
'''-o disable_dns_lookups=yes''' | |||
<hr> | |||
Источники: | |||
<hr> | |||
* [https://www.opennet.ru/docs/RUS/dbmail_postfix/ Почтовый сервер на основе реляционной СУБД.] | |||
* [http://library.mobrien.com/dbmailadministrator/ GUI-конфигуратора DbMail Administrator (DBMA), написанного на Perl] | |||
* [https://habrahabr.ru/post/37195/ Настройка exim+postgresql+dbmail+spamassassin...] | |||
* [https://www.opennet.ru/docs/RUS/dbmail/#dbmail_fs Создание почтовой системы на базе exim, dbmail, amavisd-new и postgresql] | |||
* [https://www.opennet.ru/docs/RUS/dbmail_postfix/ Почтовый сервер на основе реляционной СУБД] | |||
* [https://habrahabr.ru/post/211078/ Почтовый сервер с хранением данных в PostgreSQL] | |||
* [https://www.opennet.ru/base/net/exim_intro.txt.html Exim (exim mail mta virtual spam virus clamav freebsd imap postgresql)] | |||
* [http://www.linuxcenter.ru/lib/articles/soft/ezh_mailsystem.phtml?style=print Создание почтовой системы на базе exim, dbmail, amavisd-new и postgresql] | |||
* [https://www.lissyara.su/archive/exim+dbmail/ Exim и dbmail] | |||
* [https://vovanys.com/linux/pochtovyj-server-pod-ubuntu-server-svyazka-dbmail-postfix-sasl-spamassassin-clamav/ Почтовый сервер под Ubuntu Server: связка DBmail + Postfix + sasl + spamassassin + clamav] |
Версия от 18:47, 31 октября 2017
Порядок установки:
- Система Debian Stretch {9}
- Используемый source.list
# deb http://mirror.mephi.ru/debian/ stretch main deb-src http://mirror.mephi.ru/debian/ stretch main deb http://security.debian.org/debian-security stretch/updates main deb-src http://security.debian.org/debian-security stretch/updates main # stretch-updates, previously known as 'volatile' deb http://mirror.mephi.ru/debian/ stretch-updates main deb-src http://mirror.mephi.ru/debian/ stretch-updates main ###### Debian Main Repos deb http://deb.debian.org/debian/ stable main contrib non-free deb-src http://deb.debian.org/debian/ stable main contrib non-free deb http://deb.debian.org/debian/ stable-updates main contrib non-free deb-src http://deb.debian.org/debian/ stable-updates main contrib non-free deb http://deb.debian.org/debian-security stable/updates main contrib non-free deb-src http://deb.debian.org/debian-security stable/updates main contrib non-free deb http://ftp.debian.org/debian stretch-backports main contrib non-free deb-src http://ftp.debian.org/debian stretch-backports main contrib non-free
1. Устанавливаем необходимые пакеты:
apt-get install pkg-config libglib2.0-dev libgmime-2.6-dev libmhash-dev libevent-dev libssl1.0-dev libzdb-dev autoconf automake libtool autotools-dev dpkg-dev fakeroot
2. Скачиваем с dbmail.org исходники:
wget -c -t 0 -T 8 http://www.dbmail.org/download/3.1/dbmail-3.1.17.tar.gz
3. Распаковываем и компилируем:
cp dbmail-3.1.17.tar.gz /usr/local/src tar -xf dbmail-3.1.17.tar.gz /usr/local/src.dbmail-3.1.17 cp dbmail-3.1.17.tar.gz /usr/local/src/dbmail_3.0.2.orig.tar.gz
Готовим пакет к сборке:
cd /usr/local/src/dbmail-3.2.3 ./configure --with-pgsql --prefix=/usr dpkg-source --commit
даем имя, что-то pgsql.commit
cd /usr/local/src/ dpkg-source -b dbmail-3.2.3
cd /usr/local/src/dbmail-3.2.3 dpkg-buildpackage -d
- после того как соберется пакет, копируем себе в архив и ставим.
dpkg -i dbmail_3.2.3-1_amd64.deb
- правим файл конфигурации:
editor /etc/dbmail/dbmail.conf
- пример рабочего конфигурационного файла:
# (c) 2000-2006 IC&S, The Netherlands # # Configuration file for DBMAIL [DBMAIL] # # Database settings # # database connection URI #dburi = sqlite:///var/tmp/dbmail.db # # Supported drivers are sql, ldap. # authdriver = sql # # # following fields are now DEPRECATED! driver = postgresql host = 10.0.5.2 sqlport = 5432 #sqlsocket = user = dbmail pass = dbmailpass db = mailbasename # # Number of database connections per threaded daemon # This also determines the size of the worker threadpool # # Do NOT increase this without proper consideration. A # very large database/worker pool will not only increase # the connection pressure on the database, but will more # significantly cause unnecessary context-switching in # your CPUs. # #max_db_connections = 10 # # Table prefix. Defaults to "dbmail_" if not specified. # table_prefix = dbmail_ # # encoding must match the database/table encoding. # i.e. latin1, utf8 encoding = utf8 # # messages with unknown encoding will be assumed to have # default_msg_encoding # i.e. iso8859-1, utf8 default_msg_encoding = utf8 # # Postmaster's email address for use in bounce messages. # #postmaster = DBMAIL-MAILER # # Sendmail executable for forwards, replies, notifies, vacations. # You may use pipes (|) in this command, for example: # dos2unix|/usr/sbin/sendmail works well with Qmail. # You may use quotes (") for executables with unusual names. # sendmail = /usr/sbin/sendmail # # # The following items can be overridden in the service-specific sections. # # # # Logging via stderr/log file and syslog # # Logging is broken up into 8 logging levels and each level can be indivually turned on or off. # The Stderr/log file logs all entries to stderr or the log file. # Syslog logging uses the facility mail and the logging level of the event for logging. # Syslog can then be configured to log data according to the levels. # # Set the log level to the sum of the values next to the levels you want to record. # 1 = Emergency # 2 = Alert # 4 = Critical # 8 = Error # 16 = Warning # 32 = Notice # 64 = Info # 128 = Debug # 256 = Database -> Logs at debug level # # Examples: 0 = Nothing # 31 = Emergency + Alert + Critical + Error + Warning # 511 = Everything # file_logging_levels = 7 # syslog_logging_levels = 31 # # Generate a log entry for database queries for the log level at number of seconds of query execution time. # query_time_info = 10 query_time_notice = 20 query_time_warning = 30 # # Throw an exception is the query takes longer than query_timeout seconds query_timeout = 300 # # Root privs are used to open a port, then privs # are dropped down to the user/group specified here. # effective_user = dbmail effective_group = mail # # The IPv4 and/or IPv6 addresses the services will bind to. # Use * for all local interfaces. # Use 127.0.0.1 for localhost only. # Separate multiple entries with spaces ( ) or commas (,). # bindip = 0.0.0.0 # IPv4 only - all IP's #bindip = :: # IPv4 and IPv6 - all IP's (linux) #bindip = :: # IPv6 only - all IP's (BSD) #bindip = 0.0.0.0,:: # IPv4 and IPv6 - all IP's (BSD) # # The maximum length of the queue of pending connections. See # listen(2) for more information # # backlog = 128 # # Idle time allowed before a connection is shut off. # timeout = 300 # # Idle time allowed before a connection is shut off if you have not logged in yet. # login_timeout = 60 # # If yes, resolves IP addresses to DNS names when logging. # resolve_ip = yes # # If yes, keep statistics in the authlog table for connecting users # authlog = no # # logfile for stdout messages # logfile = /var/log/dbmail.log # # logfile for stderr messages # errorlog = /var/log/dbmail.err # # directory for storing PID files # pid_directory = /var/run/dbmail # # directory for locating libraries (normally has a sane default compiled-in) # library_directory = /usr/lib/dbmail # # SSL/TLS certificates # # A file containing a list of CAs in PEM format tls_cafile = # A file containing a PEM format certificate tls_cert = # A file containing a PEM format RSA or DSA key tls_key = # A cipher list string in the format given in ciphers(1) tls_ciphers = # hashing algorithm. You can select your favorite hash type # for generating unique ids for message parts. # # for valid values check mhash(3) but minus the MHASH_ prefix. # # if you ever change this value run 'dbmail-util --rehash' to # update the hash for all mimeparts. # # examples: MD5, SHA1, SHA256, SHA512, TIGER, WHIRLPOOL # # hash_algorithm = SHA1 # header_cache tuning # # set header_cache_readonly to 'yes' to prevent new # unknown header-names from being cached. # # header_cache_readonly = yes [LMTP] bindip = 127.0.0.1 port = 24 #tls_port = [POP] port = 110 #tls_port = 995 # You can set an alternate banner to display when connecting to the service # banner = DBMAIL pop3 server ready to rock # # If yes, allows SMTP access from the host IP connecting by POP3. # This requires addition configuration of your MTA # pop_before_smtp = no [HTTP] port = 41380 # # the httpd daemon provides full access to all users, mailboxes # and messages. Be very careful with this one! bindip = 127.0.0.1 admin = admin:secret [IMAP] # You can set an alternate banner to display when connecting to the service # banner = imap 4r1 server (dbmail 2.3.x) # # Port to bind to. # port = 143 ##tls_port = 993 # # IMAP prefers a longer timeout than other services. # timeout = 4000 # # If yes, allows SMTP access from the host IP connecting by IMAP. # This requires addition configuration of your MTA # imap_before_smtp = no # # during IDLE, how many seconds between checking the mailbox # status (default: 30) # # idle_timeout = 30 # during IDLE, how often should the server send an '* OK' still # here message (default: 10) # # the time between such a message is idle_timeout * idle_interval # seconds # # idle_interval = 10 # # If TLS is enabled, login before starttls is normally # not allowed. Use login_disabled=no to change this # # login_disabled = yes # # Provide a CAPABILITY to override the default # # capability = IMAP4 IMAP4rev1 AUTH=LOGIN ACL RIGHTS=texk NAMESPACE CHILDREN SORT QUOTA THREAD=ORDEREDSUBJECT UNSELECT IDLE # max message size. You can specify the maximum message size # accepted by the IMAP daemon during APPEND commands. # # Supported formats: # decimal: 1000000 # octal: 03777777 # hex: 0xfffff # # max_message_size = [SIEVE] # # Port to bind to. # port = 2000 tls_port = [LDAP] port = 389 version = 3 hostname = ldap base_dn = ou=People,dc=mydomain,dc=com # # If your LDAP library supports ldap_initialize(), then you can use the # alternative LDAP server DSN like following. # # URI = ldap://127.0.0.1:389 # URI = ldapi://%2fvar%2frun%2fopenldap%2fldapi/ # # Leave blank for anonymous bind. # example: cn=admin,dc=mydomain,dc=com # bind_dn = # # Leave blank for anonymous bind. # bind_pw = scope = SubTree # AD users may want to set this to 'no' to disable # ldap referrals if you are seeing 'Operations errors' # in your logs # referrals = yes user_objectclass = top,account,dbmailUser forw_objectclass = top,account,dbmailForwardingAddress cn_string = uid field_passwd = userPassword field_uid = uid field_nid = uidNumber min_nid = 10000 max_nid = 15000 field_cid = gidNumber min_cid = 10000 max_cid = 15000 # a comma-separated list of attributes to match when searching # for users or forwards that match a delivery address. A match # on any of them is a hit. field_mail = mail # field that holds the mail-quota size for a user. field_quota = mailQuota # field that holds the forwarding address. field_fwdtarget = mailForwardingAddress # override the query string used to search for users # or forwards with a delivery address. # query_string = (mail=%s) [DELIVERY] # # Run Sieve scripts as messages are delivered. # SIEVE = yes # # Use 'user+mailbox@domain' format to deliver to a mailbox. # SUBADDRESS = yes # # Turn on/off the Sieve Vacation extension. # SIEVE_VACATION = yes # # Turn on/off the Sieve Notify extension # SIEVE_NOTIFY = yes # # Turn on/off additional Sieve debugging. # SIEVE_DEBUG = no # Use the auto_notify table to send email notifications. # AUTO_NOTIFY = no # # Use the auto_reply table to send away messages. # AUTO_REPLY = no # # Defaults to "NEW MAIL NOTIFICATION" # #AUTO_NOTIFY_SUBJECT = # # Defaults to POSTMASTER from the DBMAIL section. # #AUTO_NOTIFY_SENDER = # If you set this to 'yes' dbmail will check for duplicate # messages in the relevant mailbox during delivery using # the Message-ID header # suppress_duplicates = no # # Soft or hard bounce on over-quota delivery # quota_failure = hard # end of configuration file
- перезапуск службы:
systemctl restart dbmail
- С установкой dbmail пока окончено, следующий этап установка postgesql и настройка для будущей работы.
5. После того как мы настроили базу данных postgresql, создаем пользователя dbmail и базу dbmail
- Создаем пользователя для работы с почтовой базой
createuser -U postgres -P dbmail
- Создаем базу
createdb -U postgres --owner dbmail dbmail
- Вместе с dbmail идут заготовки базы, распаковываем и заливаем:
bunzip2 /usr/share/doc/dbmail-2.2.10/create_tables.pgsql.bz2 psql -U dbmail -d dbmail < /usr/share/doc/dbmail-2.2.10/create_tables.pgsql
- В этом дампе нету таблицы для работы с виртуальными доменами, создадим ее:
CREATE TYPE dtype AS ENUM ( 'LOCAL', 'VIRTUAL', 'RELAY' ); ALTER TYPE public.dtype OWNER TO dbmail; SET default_with_oids = true; CREATE TABLE dbmail_domains ( uid integer NOT NULL, domain character varying(128) NOT NULL, type dtype NOT NULL ); INSERT INTO dbmail_domains (uid, domain, type) VALUES (1, 'example.com', 'LOCAL');
База готова.
- проверяем работу dbmail c базой:
dbmail-util -av
если есть ошибки, исправляем не забывая проверить файл конфигурации...
.. если все ок, приступаем к настройке postfix
5. Настройка Postfix
apt-get install postfix postfix-pgsql postfix-sqlite procmail libsasl2-2 libsasl2-modules libsasl2-modules-db libsasl2-modules-sql sqlite3
- вносим необходимые изменения в файлы конфигурации - пример рабочей версии main.cf:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on # fresh installs. compatibility_level = 2 # TLS parameters #smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem #smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key #smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = mymail.home.local alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = $myhostname, mymail.ru, mymail.home.local, localhost.home.local, localhost relayhost = #mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mynetworks = 127.0.0.0/8 10.0.5.0/24 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all ############################## - указываем способ использования postgresql local_recipient_maps = pgsql:/etc/postfix/dbmail-mailboxes.cf $alias_maps mailbox_transport = dbmail-lmtp:127.0.0.1:24 #################### - подключаем авторизацию через sasl, установка ниже в статье. broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = ############################### - подключаем наш сертификат созданный как описано ниже. smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom
- вносим необходимые изменения в файлы конфигурации - пример рабочей версии master.cf:
# # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master" or # on-line: http://www.postfix.org/master.5.html). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (no) (never) (100) # ========================================================================== smtp inet n - y - - smtpd #smtp inet n - y - 1 postscreen #smtpd pass - - y - - smtpd #dnsblog unix - - y - 0 dnsblog #tlsproxy unix - - y - 0 tlsproxy #submission inet n - y - - smtpd # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #smtps inet n - y - - smtpd # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - y - - qmqpd pickup unix n - y 60 1 pickup cleanup unix n - y - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgr unix - - y 1000? 1 tlsmgr rewrite unix - - y - - trivial-rewrite bounce unix - - y - 0 bounce defer unix - - y - 0 bounce trace unix - - y - 0 bounce verify unix - - y - 1 verify flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - y - - smtp relay unix - - y - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - y - - showq error unix - - y - - error retry unix - - y - - error discard unix - - y - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - y - - lmtp anvil unix - - y - 1 anvil scache unix - - y - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} # # ==================================================================== # # Recent Cyrus versions can use the existing "lmtp" master.cf entry. # # Specify in cyrus.conf: # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 # # Specify in main.cf one or more of the following: # mailbox_transport = lmtp:inet:localhost # virtual_transport = lmtp:inet:localhost # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # Old example of delivery via Cyrus. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} ###### dbmail-lmtp unix - - n - - lmtp -o disable_dns_lookups=yes
Источники:
- Почтовый сервер на основе реляционной СУБД.
- GUI-конфигуратора DbMail Administrator (DBMA), написанного на Perl
- Настройка exim+postgresql+dbmail+spamassassin...
- Создание почтовой системы на базе exim, dbmail, amavisd-new и postgresql
- Почтовый сервер на основе реляционной СУБД
- Почтовый сервер с хранением данных в PostgreSQL
- Exim (exim mail mta virtual spam virus clamav freebsd imap postgresql)
- Создание почтовой системы на базе exim, dbmail, amavisd-new и postgresql
- Exim и dbmail
- Почтовый сервер под Ubuntu Server: связка DBmail + Postfix + sasl + spamassassin + clamav