imported>Vix |
imported>Vix |
Строка 1: |
Строка 1: |
| '''Руководство для быстрого развертывания собственного сервера почты:'''
| | ==GIT== |
| '''Порядок установки:'''
| | '''* Команды git:''' |
| * '''''Система Debian Stretch {9}'''''
| |
| * Используемый source.list | |
| #
| |
| deb http://mirror.mephi.ru/debian/ stretch main
| |
| deb-src http://mirror.mephi.ru/debian/ stretch main
| |
|
| |
| deb http://security.debian.org/debian-security stretch/updates main
| |
| deb-src http://security.debian.org/debian-security stretch/updates main
| |
|
| |
| # stretch-updates, previously known as 'volatile'
| |
| deb http://mirror.mephi.ru/debian/ stretch-updates main
| |
| deb-src http://mirror.mephi.ru/debian/ stretch-updates main
| |
|
| |
| ###### Debian Main Repos
| |
| deb http://deb.debian.org/debian/ stable main contrib non-free
| |
| deb-src http://deb.debian.org/debian/ stable main contrib non-free
| |
|
| |
| deb http://deb.debian.org/debian/ stable-updates main contrib non-free
| |
| deb-src http://deb.debian.org/debian/ stable-updates main contrib non-free
| |
|
| |
| deb http://deb.debian.org/debian-security stable/updates main contrib non-free
| |
| deb-src http://deb.debian.org/debian-security stable/updates main contrib non-free
| |
|
| |
| deb http://ftp.debian.org/debian stretch-backports main contrib non-free
| |
| deb-src http://ftp.debian.org/debian stretch-backports main contrib non-free
| |
|
| |
| 1. ''Устанавливаем необходимые пакеты:''
| |
| apt-get install pkg-config libglib2.0-dev libgmime-2.6-dev libmhash-dev libevent-dev libssl-dev libzdb-dev\
| |
| autoconf automake libtool autotools-dev dpkg-dev fakeroot debhelper dh-make libldap2-dev libsieve2-dev ascidoc\
| |
| libcrypto++6 libcrypto++-utils libcrypto++-dev xmlto xmltoman libarchive-tools lrzip binutils-multiarch\
| |
| arch-test libpgf-dev libsasl2-modules-db libsasl2-modules curl libcroco3 libsasl2-2 procmail libsasl2-modules-sql\
| |
| libpcre32-3 zlib1g-dev libmhash-dev libpcrecpp0v5
| |
|
| |
|
| 2. ''Скачиваем с [http://www.dbmail.org/index.php?page=download dbmail.org] исходники:''
| | Создание нового репозитария: |
| wget -c -t 0 -T 8 http://www.dbmail.org/download/3.1/dbmail-3.1.17.tar.gz
| |
|
| |
|
| 3. ''Распаковываем и компилируем:''
| | touch README.md |
| cp dbmail-3.1.17.tar.gz /usr/local/src | | git init |
| tar -xf dbmail-3.1.17.tar.gz /usr/local/src.dbmail-3.1.7 | | git add . |
| cp dbmail-3.1.17.tar.gz /usr/local/src/dbmail_3.1.7.orig.tar.gz | | git commit -m "first commit" |
| * '''[!]''' - ''не знаю, может так у меня получилось, но когда применяешь комменты, версия которая высвечивается именно'' '''3.1.7'''!!
| | git remote add origin http://gitserver.org/dev_user/testrep.git |
| * '''[!]''' - ''именно поэтому все, что тут распаковываем и создаем имеет версию'' - 3.1.7 ...
| | git push -u origin dev_user |
|
| |
|
| ''Готовим пакет к сборке:''
| |
| cd /usr/local/src/dbmail-3.1.7
| |
| ./configure --prefix=/usr
| |
|
| |
| dpkg-source --commit
| |
| даем имя, что-то: '''pgsql.commit'''<br>
| |
| выходим по '''ESC'''<br>
| |
| должно быть так:<br>
| |
| ...
| |
| dpkg-source: инфо: локальные изменения были записаны в новую заплату: dbmail-3.1.7/debian/patches/pgsql.commit
| |
|
| |
|
| далее:
| | * Как обнулить историю Git? |
| cd /usr/local/src/
| | <hr> |
| dpkg-source -b dbmail-3.1.7
| |
|
| |
|
| cd /usr/local/src/dbmail-3.1.7 | | git reset --hard commitId #УДАЛЯЕТ ИСТОРИЮ GIT |
| dpkg-buildpackage -d
| |
|
| |
|
| * '''[!]''' - если у вас появилось сообщение типа:
| | или |
| ...
| |
| debian/rules:138: *** missing separator (did you mean TAB instead of 8 spaces?). Останов.
| |
| dpkg-buildpackage: ошибка: debian/rules clean возвратил код ошибки 2
| |
|
| |
|
| * '''[!]''' - то необходимо исправить ошибку в файле '''dbmail-3.1.7/debian/rules''' | | * [https://ru.stackoverflow.com/questions/229431/%D0%9A%D0%B0%D0%BA-%D0%BE%D0%B1%D0%BD%D1%83%D0%BB%D0%B8%D1%82%D1%8C-%D0%B8%D1%81%D1%82%D0%BE%D1%80%D0%B8%D1%8E-git взято тут...] |
| строка 138:
| |
| '''''........make -f debian/rules binary-common $* DH_OPTIONS=-p$*'''''
| |
| ^^^
| |
| здесь 8 пробелов!! - а должно быть 2 табуляции, что и вызывает ошибку...
| |
|
| |
|
| * после того как соберется пакет, дожно быть так:
| | Все эти инструкции верны, если на удаленном сервере у вас пусто, а локально - есть проект и репозиторий Git с историей, которую вы хотите удалить. |
| # ls -n /usr/local/src
| | Что будет потеряно безвозвратно |
| итого 3668
| |
| drwxrwxr-x 13 0 0 4096 ноя 2 00:19 dbmail-3.1.7
| |
| -rw-r--r-- 1 0 50 7597 ноя 2 00:19 dbmail_3.1.7-1_amd64.buildinfo
| |
| -rw-r--r-- 1 0 50 1957 ноя 2 00:19 dbmail_3.1.7-1_amd64.changes
| |
| -rw-r--r-- 1 0 50 349256 ноя 2 00:19 dbmail_3.1.7-1_amd64.deb
| |
| -rw-r--r-- 1 0 50 148008 ноя 2 00:14 dbmail_3.1.7-1.debian.tar.xz
| |
| -rw-r--r-- 1 0 50 1045 ноя 2 00:14 dbmail_3.1.7-1.dsc
| |
| -rw-r--r-- 1 0 0 2391054 июл 27 2014 dbmail_3.1.7.orig.tar.gz
| |
| -rw-r--r-- 1 0 50 838508 ноя 2 00:19 dbmail-dbgsym_3.1.7-1_amd64.deb
| |
|
| |
|
| * копируем себе в архив и ставим пакет.
| | Собственно, история. Вы точно хотите ее потерять? Ради нее весь Git и придумывался. |
| dpkg -i dbmail_3.1.7-1_amd64.deb
| | Весь код в не-слитых (unmerged) ветках. |
| | Весь код в orphaned ветках. |
|
| |
|
| * правим файл конфигурации:
| | Быстрый способ |
| editor /etc/dbmail/dbmail.conf
| |
|
| |
|
| * пример рабочего конфигурационного файла:
| | Найдите первый коммит в ветке, запомните его sha1. |
|
| |
|
| # (c) 2000-2006 IC&S, The Netherlands | | git log --oneline |
| #
| |
| # Configuration file for DBMAIL
| |
|
| |
| [DBMAIL]
| |
| #
| |
| # Database settings
| |
| #
| |
| # database connection URI
| |
|
| |
| '''#dburi = sqlite:///var/tmp/dbmail.db'''
| |
|
| |
| #
| |
| # Supported drivers are sql, ldap.
| |
| #
| |
| '''authdriver = sql'''
| |
|
| |
| #
| |
| #
| |
| # following fields are now DEPRECATED!
| |
| '''driver = postgresql'''
| |
| '''host = 10.0.5.2'''
| |
| '''sqlport = 5432'''
| |
| '''#sqlsocket ='''
| |
| '''user = dbmail'''
| |
| '''pass = dbmailpass'''
| |
| '''db = mailbasename'''
| |
|
| |
| #
| |
| # Number of database connections per threaded daemon
| |
| # This also determines the size of the worker threadpool
| |
| #
| |
| # Do NOT increase this without proper consideration. A
| |
| # very large database/worker pool will not only increase
| |
| # the connection pressure on the database, but will more
| |
| # significantly cause unnecessary context-switching in
| |
| # your CPUs.
| |
| #
| |
| #max_db_connections = 10
| |
|
| |
| #
| |
| # Table prefix. Defaults to "dbmail_" if not specified.
| |
| #
| |
| '''table_prefix = dbmail_'''
| |
|
| |
| #
| |
| # encoding must match the database/table encoding.
| |
| # i.e. latin1, utf8
| |
| encoding = utf8
| |
|
| |
| #
| |
| # messages with unknown encoding will be assumed to have
| |
| # default_msg_encoding
| |
| # i.e. iso8859-1, utf8
| |
| default_msg_encoding = utf8
| |
|
| |
| #
| |
| # Postmaster's email address for use in bounce messages.
| |
| #
| |
| #postmaster = DBMAIL-MAILER
| |
|
| |
| #
| |
| # Sendmail executable for forwards, replies, notifies, vacations.
| |
| # You may use pipes (|) in this command, for example:
| |
| # dos2unix|/usr/sbin/sendmail works well with Qmail.
| |
| # You may use quotes (") for executables with unusual names.
| |
| #
| |
| sendmail = /usr/sbin/sendmail
| |
|
| |
| #
| |
| #
| |
| # The following items can be overridden in the service-specific sections.
| |
| #
| |
| #
| |
|
| |
| #
| |
| # Logging via stderr/log file and syslog
| |
| #
| |
| # Logging is broken up into 8 logging levels and each level can be indivually turned on or off.
| |
| # The Stderr/log file logs all entries to stderr or the log file.
| |
| # Syslog logging uses the facility mail and the logging level of the event for logging.
| |
| # Syslog can then be configured to log data according to the levels.
| |
| #
| |
| # Set the log level to the sum of the values next to the levels you want to record.
| |
| # 1 = Emergency
| |
| # 2 = Alert
| |
| # 4 = Critical
| |
| # 8 = Error
| |
| # 16 = Warning
| |
| # 32 = Notice
| |
| # 64 = Info
| |
| # 128 = Debug
| |
| # 256 = Database -> Logs at debug level
| |
| #
| |
| # Examples: 0 = Nothing
| |
| # 31 = Emergency + Alert + Critical + Error + Warning
| |
| # 511 = Everything
| |
| #
| |
| file_logging_levels = 7
| |
| #
| |
| syslog_logging_levels = 31
| |
|
| |
| #
| |
| # Generate a log entry for database queries for the log level at number of seconds of query execution time.
| |
| #
| |
| query_time_info = 10
| |
| query_time_notice = 20
| |
| query_time_warning = 30
| |
|
| |
| #
| |
| # Throw an exception is the query takes longer than query_timeout seconds
| |
| query_timeout = 300
| |
|
| |
| #
| |
| # Root privs are used to open a port, then privs
| |
| # are dropped down to the user/group specified here.
| |
| #
| |
| '''effective_user = dbmail'''
| |
| '''effective_group = mail'''
| |
|
| |
| #
| |
| # The IPv4 and/or IPv6 addresses the services will bind to.
| |
| # Use * for all local interfaces.
| |
| # Use 127.0.0.1 for localhost only.
| |
| # Separate multiple entries with spaces ( ) or commas (,).
| |
| #
| |
| '''bindip = 0.0.0.0 # IPv4 only - all IP's'''
| |
| #bindip = :: # IPv4 and IPv6 - all IP's (linux)
| |
| #bindip = :: # IPv6 only - all IP's (BSD)
| |
| #bindip = 0.0.0.0,:: # IPv4 and IPv6 - all IP's (BSD)
| |
|
| |
|
| |
| #
| |
| # The maximum length of the queue of pending connections. See
| |
| # listen(2) for more information
| |
| #
| |
| # backlog = 128
| |
|
| |
| #
| |
| # Idle time allowed before a connection is shut off.
| |
| #
| |
| timeout = 300
| |
|
| |
| #
| |
| # Idle time allowed before a connection is shut off if you have not logged in yet.
| |
| #
| |
| login_timeout = 60
| |
|
| |
| #
| |
| # If yes, resolves IP addresses to DNS names when logging.
| |
| #
| |
| resolve_ip = yes
| |
|
| |
| #
| |
| # If yes, keep statistics in the authlog table for connecting users
| |
| #
| |
| authlog = no
| |
|
| |
| #
| |
| # logfile for stdout messages
| |
| #
| |
| logfile = /var/log/dbmail.log
| |
|
| |
| #
| |
| # logfile for stderr messages
| |
| #
| |
| errorlog = /var/log/dbmail.err
| |
|
| |
| #
| |
| # directory for storing PID files
| |
| #
| |
| pid_directory = /var/run/dbmail
| |
|
| |
| #
| |
| # directory for locating libraries (normally has a sane default compiled-in)
| |
| #
| |
| library_directory = /usr/lib/dbmail
| |
|
| |
| #
| |
| # SSL/TLS certificates
| |
| #
| |
| # A file containing a list of CAs in PEM format
| |
| tls_cafile =
| |
|
| |
| # A file containing a PEM format certificate
| |
| tls_cert =
| |
|
| |
| # A file containing a PEM format RSA or DSA key
| |
| tls_key =
| |
|
| |
| # A cipher list string in the format given in ciphers(1)
| |
| tls_ciphers =
| |
|
| |
|
| |
| # hashing algorithm. You can select your favorite hash type
| |
| # for generating unique ids for message parts.
| |
| #
| |
| # for valid values check mhash(3) but minus the MHASH_ prefix.
| |
| #
| |
| # if you ever change this value run 'dbmail-util --rehash' to
| |
| # update the hash for all mimeparts.
| |
| #
| |
| # examples: MD5, SHA1, SHA256, SHA512, TIGER, WHIRLPOOL
| |
| #
| |
| # hash_algorithm = SHA1
| |
|
| |
|
| |
| # header_cache tuning
| |
| #
| |
| # set header_cache_readonly to 'yes' to prevent new
| |
| # unknown header-names from being cached.
| |
| #
| |
| # header_cache_readonly = yes
| |
|
| |
|
| |
|
| |
| [LMTP]
| |
| '''bindip = 127.0.0.1'''
| |
| port = 24
| |
| #tls_port =
| |
|
| |
|
| |
| [POP]
| |
| port = 110
| |
| #tls_port = 995
| |
|
| |
| # You can set an alternate banner to display when connecting to the service
| |
| # banner = DBMAIL pop3 server ready to rock
| |
|
| |
| #
| |
| # If yes, allows SMTP access from the host IP connecting by POP3.
| |
| # This requires addition configuration of your MTA
| |
| #
| |
| pop_before_smtp = no
| |
|
| |
| [HTTP]
| |
| port = 41380
| |
| #
| |
| # the httpd daemon provides full access to all users, mailboxes
| |
| # and messages. Be very careful with this one!
| |
| '''bindip = 127.0.0.1'''
| |
| admin = admin:secret
| |
|
| |
| [IMAP]
| |
| # You can set an alternate banner to display when connecting to the service
| |
| # banner = imap 4r1 server (dbmail 2.3.x)
| |
|
| |
| #
| |
| # Port to bind to.
| |
| #
| |
| port = 143
| |
| ##tls_port = 993
| |
|
| |
| #
| |
| # IMAP prefers a longer timeout than other services.
| |
| #
| |
| timeout = 4000
| |
|
| |
| #
| |
| # If yes, allows SMTP access from the host IP connecting by IMAP.
| |
| # This requires addition configuration of your MTA
| |
| #
| |
| imap_before_smtp = no
| |
|
| |
| #
| |
| # during IDLE, how many seconds between checking the mailbox
| |
| # status (default: 30)
| |
| #
| |
| # idle_timeout = 30
| |
|
| |
| # during IDLE, how often should the server send an '* OK' still
| |
| # here message (default: 10)
| |
| #
| |
| # the time between such a message is idle_timeout * idle_interval
| |
| # seconds
| |
| #
| |
| # idle_interval = 10
| |
|
| |
| #
| |
| # If TLS is enabled, login before starttls is normally
| |
| # not allowed. Use login_disabled=no to change this
| |
| #
| |
| # login_disabled = yes
| |
|
| |
| #
| |
| # Provide a CAPABILITY to override the default
| |
| #
| |
| # capability = IMAP4 IMAP4rev1 AUTH=LOGIN ACL RIGHTS=texk NAMESPACE CHILDREN SORT QUOTA THREAD=ORDEREDSUBJECT UNSELECT IDLE
| |
|
| |
| # max message size. You can specify the maximum message size
| |
| # accepted by the IMAP daemon during APPEND commands.
| |
| #
| |
| # Supported formats:
| |
| # decimal: 1000000
| |
| # octal: 03777777
| |
| # hex: 0xfffff
| |
| #
| |
| # max_message_size =
| |
|
| |
|
| |
| [SIEVE]
| |
| #
| |
| # Port to bind to.
| |
| #
| |
| port = 2000
| |
| tls_port =
| |
|
| |
|
| |
| [LDAP]
| |
| port = 389
| |
| version = 3
| |
| hostname = ldap
| |
| base_dn = ou=People,dc=mydomain,dc=com
| |
|
| |
| #
| |
| # If your LDAP library supports ldap_initialize(), then you can use the
| |
| # alternative LDAP server DSN like following.
| |
| #
| |
| # URI = ldap://127.0.0.1:389
| |
| # URI = ldapi://%2fvar%2frun%2fopenldap%2fldapi/
| |
|
| |
| #
| |
| # Leave blank for anonymous bind.
| |
| # example: cn=admin,dc=mydomain,dc=com
| |
| #
| |
| bind_dn =
| |
|
| |
| #
| |
| # Leave blank for anonymous bind.
| |
| #
| |
| bind_pw =
| |
| scope = SubTree
| |
|
| |
| # AD users may want to set this to 'no' to disable
| |
| # ldap referrals if you are seeing 'Operations errors'
| |
| # in your logs
| |
| #
| |
| referrals = yes
| |
|
| |
| user_objectclass = top,account,dbmailUser
| |
| forw_objectclass = top,account,dbmailForwardingAddress
| |
| cn_string = uid
| |
| field_passwd = userPassword
| |
| field_uid = uid
| |
| field_nid = uidNumber
| |
| min_nid = 10000
| |
| max_nid = 15000
| |
| field_cid = gidNumber
| |
| min_cid = 10000
| |
| max_cid = 15000
| |
|
| |
| # a comma-separated list of attributes to match when searching
| |
| # for users or forwards that match a delivery address. A match
| |
| # on any of them is a hit.
| |
| field_mail = mail
| |
|
| |
| # field that holds the mail-quota size for a user.
| |
| field_quota = mailQuota
| |
|
| |
| # field that holds the forwarding address.
| |
| field_fwdtarget = mailForwardingAddress
| |
|
| |
| # override the query string used to search for users
| |
| # or forwards with a delivery address.
| |
| # query_string = (mail=%s)
| |
|
| |
| [DELIVERY]
| |
| #
| |
| # Run Sieve scripts as messages are delivered.
| |
| #
| |
| SIEVE = yes
| |
|
| |
| #
| |
| # Use 'user+mailbox@domain' format to deliver to a mailbox.
| |
| #
| |
| SUBADDRESS = yes
| |
|
| |
| #
| |
| # Turn on/off the Sieve Vacation extension.
| |
| #
| |
| SIEVE_VACATION = yes
| |
|
| |
| #
| |
| # Turn on/off the Sieve Notify extension
| |
| #
| |
| SIEVE_NOTIFY = yes
| |
|
| |
| #
| |
| # Turn on/off additional Sieve debugging.
| |
| #
| |
| SIEVE_DEBUG = no
| |
|
| |
|
| |
| # Use the auto_notify table to send email notifications.
| |
| #
| |
| AUTO_NOTIFY = no
| |
|
| |
| #
| |
| # Use the auto_reply table to send away messages.
| |
| #
| |
| AUTO_REPLY = no
| |
|
| |
| #
| |
| # Defaults to "NEW MAIL NOTIFICATION"
| |
| #
| |
| #AUTO_NOTIFY_SUBJECT =
| |
|
| |
| #
| |
| # Defaults to POSTMASTER from the DBMAIL section.
| |
| #
| |
| #AUTO_NOTIFY_SENDER =
| |
|
| |
|
| |
| # If you set this to 'yes' dbmail will check for duplicate
| |
| # messages in the relevant mailbox during delivery using
| |
| # the Message-ID header
| |
| #
| |
| suppress_duplicates = no
| |
|
| |
| #
| |
| # Soft or hard bounce on over-quota delivery
| |
| #
| |
| quota_failure = hard
| |
|
| |
|
| |
| # end of configuration file
| |
|
| |
|
| |
|
| * правим default конфигурационный файл - /etc/default/dbmail
| | Переключитесь на тот коммит, который хотите сохранить в итоге. |
|
| |
|
| # debian specific configuration for dbmail | | git checkout master |
|
| |
| # work-around for linux/epoll bug in libevent
| |
| export EVENT_NOEPOLL=yes
| |
|
| |
| # comment out to disable the pop3 server
| |
| '''START_POP3D=true'''
| |
|
| |
| # comment out to disable the imapd server
| |
| '''START_IMAPD=true'''
| |
|
| |
| # uncomment to enable the lmtpd server
| |
| '''START_LMTPD=true'''
| |
|
| |
| # uncomment to enable the timsieved server
| |
| #START_SIEVE=true
| |
|
| |
| # comment out to enable the stunnel SSL wrapper
| |
| '''START_SSL=true'''
| |
|
| |
| # specify the filename for the pem file as
| |
| # it resides in /etc/ssl/certs
| |
| '''PEMFILE="/etc/ssl/serts/dbmail.pem"'''
| |
|
| |
|
| * создаем сертификат для dbmail:
| | Теперь используем git reset --soft чтобы сделать из всей истории один коммит (подробнее - пункт 4.1: Как вернуться (откатиться) к более раннему коммиту? ). |
| cd /etc/ssl/certs
| |
| openssl req -new -x509 -nodes -out dbmail.pem -keyout smtpd.pem -days 3650
| |
|
| |
| * перезапуск службы:
| |
| systemctl restart dbmail
| |
|
| |
|
| * Краткое пояснение:
| | git reset --soft <first-commit-sha1> |
| 1. Предназначенные для доставки сообщений от MTA в хранилище.<br>
| | git commit -m'слил историю в один коммит' |
| 2. Предназначенные для доставки MUA из хранилища.<br>
| |
|
| |
|
| * К первым относятся:<br>
| | Долгий способ |
| '''dbmail-lmtpd''' – UNIX-демон, принимающий клиентские подключения через UNIX-сокет или TCP-сокет. Для приема почтовых сообщений используется протокол LMTP. На каждое входящее сообщение MTA создает только клиентский сокет, необходимое количество процессов и подключений к БД создается заранее.<br>
| |
| Таким образом, этот вариант обеспечивает лучшую производительность при высокой нагрузке, но при низкой он потребляет больше системных ресурсов, чем необходимо.<br>
| |
|
| |
|
| * Ко вторым относятся:<br>
| | Сделайте бэкап локального репозитория. Можно запушить на резервный удаленный репозиторий, а можно просто взять и переместить папку .git в другое место. |
| '''dbmail-pop3d''' – демон для доступа по протоколу POP3.<br>
| |
| '''dbmail-imapd''' – демон для доступа по протоколу IMAP.<br>
| |
|
| |
|
| * Кроме того, в состав DBMail входят следующие вспомогательные утилиты:<br>
| | mkdir ../git-backup |
| '''dbmail-users''' – инструмент для управления пользователями и их псевдонимами (возможно, многим из вас будет привычнее термин alias).<br>
| | mv .git ../git-backup/.git |
| '''dbmail-util''' – инструмент для очистки, оптимизации и проверки корректности БД.<br>
| |
|
| |
|
| * С установкой '''dbmail''' пока окончено, следующий этап установка '''postgesql''' и настройка для будущей работы.
| | Если не переместили локально, а забэкапили куда-то еще: удаляем папку. |
|
| |
|
| | rm -Rf .git |
|
| |
|
| 4. ''[[Настройка PostgreSQL]]''
| | Теперь заново инициализируем репозиторий: |
|
| |
|
| 5. После того как мы настроили базу данных '''postgresql''', создаем пользователя '''dbmail''' и базу '''dbmail'''<br>
| | git init |
| * Создаем пользователя для работы с почтовой базой
| |
| createuser -U postgres -P dbmail | |
|
| |
|
| * Создаем базу
| | Добавляем все файлы в рабочей области и делаем коммит. |
| createdb -U postgres --owner dbmail dbmail
| |
|
| |
|
| * Вместе с '''dbmail''' идут заготовки базы, распаковываем и заливаем:
| | git add . |
| bunzip2 /usr/share/doc/dbmail-2.2.10/create_tables.pgsql.bz2 | | git commit -m'начал с нуля' |
| psql -U dbmail -d dbmail < /usr/share/doc/dbmail-2.2.10/create_tables.pgsql | |
|
| |
|
| * В этом дампе нет таблицы для работы с виртуальными доменами, создадим ее:
| | Когда все готово |
| CREATE TYPE dtype AS ENUM (
| |
| 'LOCAL',
| |
| 'VIRTUAL',
| |
| 'RELAY'
| |
| );
| |
|
| |
| ALTER TYPE public.dtype OWNER TO dbmail;
| |
|
| |
| SET default_with_oids = true;
| |
|
| |
| CREATE TABLE dbmail_domains (
| |
| uid integer NOT NULL,
| |
| domain character varying(128) NOT NULL,
| |
| type dtype NOT NULL
| |
| );
| |
|
| |
| INSERT INTO dbmail_domains (uid, domain, type) VALUES (1, 'example.com', 'LOCAL');
| |
|
| |
|
| '''База готова.'''
| | Подключаем удаленный репозиторий и заливаем на него изменения: |
|
| |
|
| * добавляем обработку базы в /etc/crontab
| | git remote add origin <url> |
| ... | | git push -u origin --all |
| 0 3 * * * root /usr/sbin/dbmail-util -cturpd -l 24h -qq | |
| ...
| |
|
| |
|
| * проверяем работу '''dbmail''' c базой:
| | ==GOGS== |
| | ОПИСАНИЕ: |
| | <hr> |
| | '''Gogs''' — продукт китайских разработчиков. На первый взгляд он почти ничем не отличается от GitHub или BitBucket — это даже по дизайну заметно. |
| | Но при всех внешних сходствах у него есть одно выгодное отличие от существующих аналогов: легковесность. |
|
| |
|
| dbmail-util -av
| | '''Gogs''' написан на Go (собственно, это название представляет собой сокращение от Go Git Service). Из этого факта вытекают серьёзные преимущества: низкие требования к системным ресурсам, минимум зависимостей, простота установки и настройки. |
|
| |
|
| если есть ошибки, исправляем не забывая проверить файл конфигурации...<br>
| | В числе важнейших характеристик '''Gogs''' также следует назвать: |
| .. если все ок, приступаем к настройке '''postfix'''
| |
|
| |
|
| 5. '''Настройка Postfix'''
| | * поддержку протоколов '''HTTP(s) и SSH'''; |
| | | * поддержку '''SMTP''' и '''LDAP'''; |
| apt-get install postfix postfix-pgsql postfix-sqlite procmail libsasl2-2 libsasl2-modules libsasl2-modules-db libsasl2-modules-sql sqlite3\
| | * возможность создания как приватных, так и публичных репозиториев; |
| mutt postfix-pcre postfix-ldap postfix-lmdb sasl2-bin ufw
| | * интеграцию с социальными сетями (пока что поддерживаются '''GitHub, Google+''', а также китайские сервисы '''QQ и Weibo'''); |
| | | * возможность работы в связке с сервисами непрерывной интеграции и '''DevOps-сервисами''' |
| * вносим необходимые изменения в файлы конфигурации - пример рабочей версии '''main.cf''': | | УСТАНОВКА и НАСТРОЙКА: |
| | | <hr> |
| # See /usr/share/postfix/main.cf.dist for a commented, more complete version | | * Представлено в виде скрипта для Debian: |
| | | #!/bin/bash |
| | | ## https://linode.com/docs/development/version-control/install-gogs-on-debian/ |
| # Debian specific: Specifying a file name will cause the first
| | gogs_path="/home/git/gogs"; |
| # line of that file to be used as the name. The Debian default
| | git_path="/home/git"; |
| # is /etc/mailname.
| | ## подготовка |
| #myorigin = /etc/mailname | | sudo apt update && sudo apt upgrade |
| | | sudo apt-get install -y git golang golang-1.8 golang-1.8-doc golang-1.8-go golang-1.8-src golang-any golang-doc golang-src |
| smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) | | sudo adduser --disabled-login --gecos 'Gogs' git |
| biff = no
| | mkdir -p $gogs_path |
|
| | chown -R git:git $gogs_path |
| # appending .domain is the MUA's job.
| | cd $git_path; |
| append_dot_mydomain = no | | sudo su - git |
|
| | # сборка |
| # Uncomment the next line to generate "delayed mail" warnings | | mkdir -p $git_path/go/src; |
| #delay_warning_time = 4h | | mkdir -p $git_path/go/bin; |
| | | ln -s /usr/lib/go/bin/* /home/git/go |
| readme_directory = no | | ln -s /usr/lib/go* /home/git/go/src |
| | | export GOROOT=/home/git/gogs |
| # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on | | export GOPATH=/home/git/go |
| # fresh installs. | | go get -u github.com/gogits/gogs; |
| compatibility_level = 2 | | cd $git_path/go/src/github.com/gogits/gogs; |
|
| | go build |
| # TLS parameters
| | cd |
| '''#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem'''
| | ln -s go/src/github.com/gogits/gogs/ gogs |
| '''#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key''' | | exit; |
| '''smtpd_tls_cert_file=/etc/postfix/ssl/smtpd.pem''' | | # установка на debian |
| '''smtpd_tls_key_file=/etc/postfix/ssl/smtpd.key''' | | cp -f $gogs_path/src/github.com/gogits/gogs/scripts/init/debian/gogs /etc/init.d/gogs |
| smtpd_use_tls=yes | | update-rc.d gogs defaults |
| smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache | | chmod 0755 /etc/init.d/gogs |
| smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
| | cp -f $gogs_path/src/github.com/gogits/gogs/scripts/systemd/gogs.service /lib/systemd/system/gogs.service |
| | | systemctl enable gogs.service |
| # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for | | # правим конфиг под базу данных postgresql если надо или через localhost:3000 |
| # information on enabling SSL in the smtp client. | | #editor go/src/github.com/gogits/gogs/conf/app.ini |
| | | # и копируем его в go/src/github.com/gogits/gogs/custom/conf/app.ini |
| '''smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination''' | | systemctl start gogs.service |
| '''myhostname = mymail.home.local'''
| | ## |
| alias_maps = hash:/etc/aliases
| | ## перенаправляем порт 3000 на 80 |
| alias_database = hash:/etc/aliases
| | ## section NAT |
| myorigin = /etc/mailname | | iptables -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3000 |
| '''mydestination = $myhostname, mymail.ru, mymail.home.local, localhost.home.local, localhost''' | | ## сохряняем для восстановления при перезагрузке |
| relayhost = | | iptables-save > rule |
| '''#mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128''' | | ## |
| '''mynetworks = 127.0.0.0/8 10.0.5.2''' | | * дальше необходимо создать базу данных (у меня используется Postgresql), краткий пример: |
| mailbox_size_limit = 0 | | #sudo apt-get install -y postgresql postgresql-client libpq-dev |
| recipient_delimiter = + | | #sudo -u postgres psql -d template1 |
| inet_interfaces = all | | #CREATE USER gogs CREATEDB; |
| inet_protocols = all | | #\password gogs |
| '''############################## - указываем способ использования postgresql''' | |
| '''local_recipient_maps = pgsql:/etc/postfix/dbmail-mailboxes.cf $alias_maps'''
| |
| '''mailbox_transport = dbmail-lmtp:127.0.0.1:24'''
| |
|
| |
| '''#################### - подключаем авторизацию через sasl, установка ниже в статье.'''
| |
| '''broken_sasl_auth_clients = yes'''
| |
| '''smtpd_sasl_auth_enable = yes'''
| |
| '''smtpd_sasl_local_domain ='''
| |
| '''############################### - подключаем наш сертификат созданный как описано ниже.'''
| |
| '''smtpd_tls_auth_only = no'''
| |
| '''smtpd_tls_loglevel = 1'''
| |
| '''smtpd_tls_received_header = yes'''
| |
| '''smtpd_tls_session_cache_timeout = 3600s'''
| |
| '''tls_random_source = dev:/dev/urandom'''
| |
| | |
|
| |
| * вносим необходимые изменения в файлы конфигурации - пример рабочей версии '''master.cf''':
| |
| #
| |
| # Postfix master process configuration file. For details on the format
| |
| # of the file, see the master(5) manual page (command: "man 5 master" or
| |
| # on-line: http://www.postfix.org/master.5.html).
| |
| #
| |
| # Do not forget to execute "postfix reload" after editing this file.
| |
| #
| |
| # ==========================================================================
| |
| # service type private unpriv chroot wakeup maxproc command + args
| |
| # (yes) (yes) (no) (never) (100)
| |
| # ==========================================================================
| |
| smtp inet n - y - - smtpd
| |
| #smtp inet n - y - 1 postscreen
| |
| #smtpd pass - - y - - smtpd
| |
| #dnsblog unix - - y - 0 dnsblog
| |
| #tlsproxy unix - - y - 0 tlsproxy
| |
| #submission inet n - y - - smtpd
| |
| # -o syslog_name=postfix/submission
| |
| # -o smtpd_tls_security_level=encrypt
| |
| # -o smtpd_sasl_auth_enable=yes
| |
| # -o smtpd_reject_unlisted_recipient=no
| |
| # -o smtpd_client_restrictions=$mua_client_restrictions
| |
| # -o smtpd_helo_restrictions=$mua_helo_restrictions
| |
| # -o smtpd_sender_restrictions=$mua_sender_restrictions
| |
| # -o smtpd_recipient_restrictions=
| |
| # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
| |
| # -o milter_macro_daemon_name=ORIGINATING
| |
| #smtps inet n - y - - smtpd
| |
| # -o syslog_name=postfix/smtps
| |
| # -o smtpd_tls_wrappermode=yes
| |
| # -o smtpd_sasl_auth_enable=yes
| |
| # -o smtpd_reject_unlisted_recipient=no
| |
| # -o smtpd_client_restrictions=$mua_client_restrictions
| |
| # -o smtpd_helo_restrictions=$mua_helo_restrictions
| |
| # -o smtpd_sender_restrictions=$mua_sender_restrictions
| |
| # -o smtpd_recipient_restrictions=
| |
| # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
| |
| # -o milter_macro_daemon_name=ORIGINATING
| |
| #628 inet n - y - - qmqpd
| |
| pickup unix n - y 60 1 pickup
| |
| cleanup unix n - y - 0 cleanup
| |
| qmgr unix n - n 300 1 qmgr
| |
| #qmgr unix n - n 300 1 oqmgr
| |
| tlsmgr unix - - y 1000? 1 tlsmgr
| |
| rewrite unix - - y - - trivial-rewrite
| |
| bounce unix - - y - 0 bounce
| |
| defer unix - - y - 0 bounce
| |
| trace unix - - y - 0 bounce
| |
| verify unix - - y - 1 verify
| |
| flush unix n - y 1000? 0 flush
| |
| proxymap unix - - n - - proxymap
| |
| proxywrite unix - - n - 1 proxymap
| |
| smtp unix - - y - - smtp
| |
| relay unix - - y - - smtp
| |
| # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
| |
| showq unix n - y - - showq
| |
| error unix - - y - - error
| |
| retry unix - - y - - error
| |
| discard unix - - y - - discard
| |
| local unix - n n - - local
| |
| virtual unix - n n - - virtual
| |
| lmtp unix - - y - - lmtp
| |
| anvil unix - - y - 1 anvil
| |
| scache unix - - y - 1 scache
| |
| #
| |
| # ====================================================================
| |
| # Interfaces to non-Postfix software. Be sure to examine the manual
| |
| # pages of the non-Postfix software to find out what options it wants.
| |
| #
| |
| # Many of the following services use the Postfix pipe(8) delivery
| |
| # agent. See the pipe(8) man page for information about ${recipient}
| |
| # and other message envelope options.
| |
| # ====================================================================
| |
| #
| |
| # maildrop. See the Postfix MAILDROP_README file for details.
| |
| # Also specify in main.cf: maildrop_destination_recipient_limit=1
| |
| #
| |
| maildrop unix - n n - - pipe
| |
| flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
| |
| #
| |
| # ====================================================================
| |
| #
| |
| # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
| |
| #
| |
| # Specify in cyrus.conf:
| |
| # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
| |
| #
| |
| # Specify in main.cf one or more of the following:
| |
| # mailbox_transport = lmtp:inet:localhost
| |
| # virtual_transport = lmtp:inet:localhost
| |
| #
| |
| # ====================================================================
| |
| #
| |
| # Cyrus 2.1.5 (Amos Gouaux)
| |
| # Also specify in main.cf: cyrus_destination_recipient_limit=1
| |
| #
| |
| #cyrus unix - n n - - pipe
| |
| # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
| |
| #
| |
| # ====================================================================
| |
| # Old example of delivery via Cyrus.
| |
| #
| |
| #old-cyrus unix - n n - - pipe
| |
| # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
| |
| #
| |
| # ====================================================================
| |
| #
| |
| # See the Postfix UUCP_README file for configuration details.
| |
| #
| |
| uucp unix - n n - - pipe
| |
| flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
| |
| #
| |
| # Other external delivery methods.
| |
| #
| |
| ifmail unix - n n - - pipe
| |
| flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
| |
| bsmtp unix - n n - - pipe
| |
| flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
| |
| scalemail-backend unix - n n - 2 pipe
| |
| flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
| |
| mailman unix - n n - - pipe
| |
| flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
| |
| ${nexthop} ${user}
| |
| '''######'''
| |
| '''dbmail-lmtp unix - - n - - lmtp'''
| |
| '''-o disable_dns_lookups=yes'''
| |
|
| |
| * создаем файл настройки подключения к базе postgresql - '''dbmail-mailboxes.cf''':
| |
| | |
| user = dbmail
| |
| password = userpass
| |
| hosts = 10.0.5.2
| |
| dbname = mailbasename
| |
| table = dbmail_aliases
| |
| select_field = alias
| |
| where_field = alias
| |
| | |
| * Так как почтовый сервер изначально не рассматсривается как релей, то доступ к '''SMTP''' только по авторизации и для этого используем '''SASL'''.
| |
| * в каталоге настроек postfix создаем файл настроек для '''sasl''':
| |
| mkdir -p /etc/postfix/sasl
| |
| | |
| * создаем файл конфигурации - '''smtpd.conf''':
| |
| echo > /etc/postfix/sasl/smtpd.conf
| |
| * вносим содержимое файла:
| |
| edit /etc/postfix/sasl/smtpd.conf
| |
| | |
| pwcheck_method: auxprop
| |
| auxprop_plugin: sql
| |
| mech_list: digest-md5 cram-md5 login plain
| |
| sql_engine: pgsql
| |
| sql_user: dbmail
| |
| sql_passwd: userpass
| |
| sql_hostnames: 10.0.5.2
| |
| sql_database: mailbasename
| |
| sql_statement: select passwd from dbmail_users where userid='%u@%r'
| |
| sql_verbose: yes
| |
| | |
| * генерируем свой сертификат tls:
| |
| mkdir -p /etc/postfix/ssl
| |
| cd /etc/postfix/ssl
| |
| openssl req -new -x509 -days 3650 -nodes -out smtpd.pem -keyout smtpd.key
| |
| | |
| * перезапускаем '''postfix''':
| |
| systemctl postfix restart
| |
| или
| |
| /etc/init.d/postfix restart
| |
| | |
| * проверяем работу '''postfix''':
| |
| # telnet mymail.ru 25
| |
| Trying mymail.ru...
| |
| Connected to mymail.ru.
| |
| Escape character is '^]'.
| |
| 220 mx.kscom.ru ESMTP Postfix
| |
| EHLO example.com
| |
| 250-mx.kscom.ru
| |
| 250-PIPELINING
| |
| 250-SIZE 10240000
| |
| 250-VRFY
| |
| 250-ETRN
| |
| 250-STARTTLS
| |
| 250-ENHANCEDSTATUSCODES
| |
| 250-8BITMIME
| |
| 250 DSN
| |
| QUIT
| |
| 221 2.0.0 Bye
| |
| Connection closed by foreign host.
| |
| - должно быть - 250-STARTTLS
| |
| - все работает..
| |
| | |
| 6. '''Настройка Stunnel'''
| |
| * Данный пакет позволяет организовать защищенное соединение как для почты так и для других программ.<br>
| |
| * Далее будет описание, как создать защищенный вход на почтовый сервер.<br>
| |
| | |
| * Устанавливаем пакет:
| |
| apt-get install stunnel4
| |
| | |
| * в каталоге /etc/stunnel - сразу создаем себе скрипт для генерации сертификата, чтобы если понадобится снова не вспоминать как это...
| |
| echo > /etc/stunnel/create-sert
| |
| editor /etc/stunnel/create-sert
| |
| | |
| * вносим содержимое:
| |
| #!/bin/sh
| |
| # каталог сертификатов SSL в системе
| |
| cd /etc/ssl/certs
| |
| # имя сертификата на свое усмотрение...
| |
| PEMFILE="servername.mymail.ru.pem"
| |
| # генерация сертификата
| |
| openssl req -new -x509 -nodes -days 3650 -out $PEMFILE -keyout $PEMFILE
| |
| chmod 600 $PEMFILE
| |
| [ -e temp_file ] && rm -f temp_file
| |
| dd if=/dev/urandom of=temp_file count=2
| |
| openssl dhparam -rand temp_file 512 >> $PEMFILE
| |
| ln -sf $PEMFILE `openssl x509 -noout -hash < $PEMFILE`.0
| |
|
| |
| * даем права на исполнение - только для root:
| |
| chmod 0700 /etc/stunnel/create-sert
| |
| | |
| * запускаем скрипт и отвечаем на вопросы..
| |
| /etc/stunnel/create-sert
| |
| | |
| * создаем каталог в котором будет файл запуска .pid
| |
| mkdir -p /var/run/stunnel4/
| |
| | |
| * копируем из примера будущий конфигурационный файл для stunnel4
| |
| cp /usr/share/doc/stunnel4/examples/stunnel.conf-sample /etc/stunnel/stunnel.conf
| |
| | |
| * приводим его в такой вариант (рабочий пример):
| |
| ; Sample stunnel configuration file for Unix by Michal Trojnara 2002-2015
| |
| ; Some options used here may be inadequate for your particular configuration
| |
| ; This sample file does *not* represent stunnel.conf defaults
| |
| ; Please consult the manual for detailed description of available options
| |
|
| |
| ; **************************************************************************
| |
| ; * Global options *
| |
| ; **************************************************************************
| |
|
| |
| ; It is recommended to drop root privileges if stunnel is started by root
| |
| ;setuid = stunnel4
| |
| ;setgid = stunnel4
| |
|
| |
| ; PID file is created inside the chroot jail (if enabled)
| |
| pid = /var/run/stunnel4/stunnel.pid
| |
|
| |
| ; Debugging stuff (may be useful for troubleshooting)
| |
| ;foreground = yes
| |
| ;debug = info
| |
| output = /var/log/stunnel.log
| |
|
| |
| ; Enable FIPS 140-2 mode if needed for compliance
| |
| ;fips = yes
| |
| fips = no
| |
| ; **************************************************************************
| |
| ; * Service defaults may also be specified in individual service sections *
| |
| ; **************************************************************************
| |
|
| |
| ; Enable support for the insecure SSLv3 protocol
| |
| options = -NO_SSLv3
| |
| sslVersion = TLSv1.2
| |
|
| |
| ; These options provide additional security at some performance degradation
| |
| ;options = SINGLE_ECDH_USE
| |
| ;options = SINGLE_DH_USE
| |
|
| |
| ; **************************************************************************
| |
| ; * Include all configuration file fragments from the specified folder *
| |
| ; **************************************************************************
| |
|
| |
| ;include = /etc/stunnel/conf.d
| |
|
| |
| ; **************************************************************************
| |
| ; * Service definitions (remove all services for inetd mode) *
| |
| ; **************************************************************************
| |
|
| |
| ; ***************************************** Example TLS client mode services
| |
|
| |
| ; The following examples use /etc/ssl/certs, which is the common location
| |
| ; of a hashed directory containing trusted CA certificates. This is not
| |
| ; a hardcoded path of the stunnel package, as it is not related to the
| |
| ; stunnel configuration in /etc/stunnel/.
| |
|
| |
| ;[mymail-pop3]
| |
| ;client = yes
| |
| ;accept = 127.0.0.1:110
| |
| ;connect = pop3.mymail.ru:995
| |
| ;verifyChain = yes
| |
| ;CApath = @sysconfdir/ssl/certs
| |
| ;checkHost = pop3s.mymail.ru
| |
| ;OCSPaia = yes
| |
|
| |
| ;[mymail-imap]
| |
| ;client = yes
| |
| ;accept = 127.0.0.1:143
| |
| ;connect = imap.mymail.ru:993
| |
| ;verifyChain = yes
| |
| ;CApath = @sysconfdir/ssl/certs
| |
| ;checkHost = imaps.mymail.ru
| |
| ;OCSPaia = yes
| |
|
| |
| ;[mymail-smtp]
| |
| ;client = yes
| |
| ;accept = 127.0.0.1:25
| |
| ;connect = smtp.mymail.ru:465
| |
| ;verifyChain = yes
| |
| ;CApath = @sysconfdir/ssl/certs
| |
| ;checkHost = smtps.mymail.ru
| |
| ;OCSPaia = yes
| |
|
| |
| ; ***************************************** Example TLS server mode services
| |
|
| |
| [pop3s]
| |
| accept = 995
| |
| connect = 110
| |
| cert = /etc/ssl/certs/servername.mymail.ru.pem
| |
|
| |
| [imaps]
| |
| accept = 993
| |
| connect = 143
| |
| cert = /etc/ssl/certs/servername.mymail.ru.pem
| |
|
| |
| [smtps]
| |
| accept = 465
| |
| connect = 25
| |
| cert = /etc/ssl/certs/servername.mymail.ru.pem
| |
|
| |
| ; TLS front-end to a web server
| |
| ;[https]
| |
| ;accept = 443
| |
| ;connect = 80
| |
| ;cert = /etc/stunnel/stunnel.pem
| |
| ; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SChannel
| |
| ; Microsoft implementations do not use TLS close-notify alert and thus they
| |
| ; are vulnerable to truncation attacks
| |
| ;TIMEOUTclose = 0
| |
|
| |
| ; Remote shell protected with PSK-authenticated TLS
| |
| ; Create "/etc/stunnel/secrets.txt" containing IDENTITY:KEY pairs
| |
| ;[shell]
| |
| ;accept = 1337
| |
| ;exec = /bin/sh
| |
| ;execArgs = sh -i
| |
| ;ciphers = PSK
| |
| ;PSKsecrets = /etc/stunnel/secrets.txt
| |
|
| |
| ; Non-standard MySQL-over-TLS encapsulation connecting the Unix socket
| |
| ;[mysql]
| |
| ;cert = /etc/stunnel/stunnel.pem
| |
| ;accept = 3307
| |
| ;connect = /run/mysqld/mysqld.sock
| |
|
| |
| ; vim:ft=dosini
| |
| | |
| * корректируем конфигурационный файл запуска по умолчанию:
| |
| # /etc/default/stunnel
| |
| # Julien LEMOINE <speedblue@debian.org>
| |
| # September 2003
| |
|
| |
| # Change to one to enable stunnel automatic startup
| |
| ENABLED=1
| |
| FILES="/etc/stunnel/*.conf"
| |
| OPTIONS=""
| |
|
| |
| # Change to one to enable ppp restart scripts
| |
| PPP_RESTART=0
| |
|
| |
| # Change to enable the setting of limits on the stunnel instances
| |
| # For example, to set a large limit on file descriptors (to enable
| |
| # more simultaneous client connections), set RLIMITS="-n 4096"
| |
| # More than one resource limit may be modified at the same time,
| |
| # e.g. RLIMITS="-n 4096 -d unlimited"
| |
| RLIMITS=""
| |
| | |
| * перезапуск stunnel
| |
| /etc/init.d/stunnel4 restart
| |
| | |
| * после этого проверяем наличие нужных нам портов:
| |
| nmap -v mymail.ru
| |
| ...
| |
| PORT STATE SERVICE
| |
| 22/tcp open ssh
| |
| 25/tcp open smtp
| |
| 110/tcp open pop3
| |
| 143/tcp open imap
| |
| 465/tcp open smtps
| |
| 993/tcp open imaps
| |
| 995/tcp open pop3s
| |
| | |
| * проверяем работу с почтой по '''SSL\TLS''' - зашифрованный пароль на портах '''465,993,995'''
| |
| * если все в порядке, рекомендую закрыть обычные порты через '''iptables''' ('''110,143'''),
| |
| * а оставить только '''25''' (некоторые серверы для доставки вам почты требуют именно его)
| |
| | |
| 7. '''Установка антиспама Spamassassin'''
| |
| | |
| * установка пакета:
| |
| aptitude install spamassassin
| |
| | |
| * запуск по умолчанию в /etc/default/spamassassin
| |
| ... | |
| ENABLED=1
| |
| ...
| |
| | |
| * Приводим файл конфигурации антиспама /etc/spamassassin/local.cf к такому:
| |
| | |
| # This is the right place to customize your installation of SpamAssassin. | |
| # | | # |
| # See 'perldoc Mail::SpamAssassin::Conf' for details of what can be | | #CREATE DATABASE gogs OWNER gogs; |
| # tweaked. | | #\q |
| # | | # |
| # Only a small subset of options are listed below
| |
| # | | # |
| ###########################################################################
| | Все подробности по Postgresql смотрим [http://support.qbpro.ru/index.php?title=PostgreSQL тут] |
|
| |
| # Add *****SPAM***** to the Subject header of spam e-mails
| |
| #
| |
| rewrite_header Subject *****SPAM*****
| |
|
| |
|
| |
| # Save spam messages as a message/rfc822 MIME attachment instead of
| |
| # modifying the original message (0: off, 2: use text/plain instead)
| |
| #
| |
| report_safe 0
| |
|
| |
|
| |
| # Set which networks or hosts are considered 'trusted' by your mail
| |
| # server (i.e. not spammers)
| |
| #
| |
| # trusted_networks 212.17.35.
| |
| trusted_networks 10.0.5.
| |
|
| |
|
| |
| # Set file-locking method (flock is not safe over NFS, but is faster)
| |
| #
| |
| # lock_method flock
| |
|
| |
|
| |
| # Set the threshold at which a message is considered spam (default: 5.0)
| |
| #
| |
| required_score 5.0
| |
|
| |
|
| |
| # Use Bayesian classifier (default: 1)
| |
| #
| |
| use_bayes 1
| |
|
| |
|
| |
| # Bayesian classifier auto-learning (default: 1)
| |
| #
| |
| bayes_auto_learn 1
| |
|
| |
|
| |
| # Set headers which may provide inappropriate cues to the Bayesian
| |
| # classifier
| |
| #
| |
| bayes_ignore_header X-Bogosity
| |
| bayes_ignore_header X-Spam-Flag
| |
| bayes_ignore_header X-Spam-Status
| |
|
| |
|
| |
| # Whether to decode non- UTF-8 and non-ASCII textual parts and recode
| |
| # them to UTF-8 before the text is given over to rules processing.
| |
| #
| |
| # normalize_charset 1
| |
|
| |
| # Some shortcircuiting, if the plugin is enabled
| |
| #
| |
| ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
| |
| #
| |
| # default: strongly-whitelisted mails are *really* whitelisted now, if the
| |
| # shortcircuiting plugin is active, causing early exit to save CPU load.
| |
| # Uncomment to turn this on
| |
| #
| |
| # shortcircuit USER_IN_WHITELIST on
| |
| # shortcircuit USER_IN_DEF_WHITELIST on
| |
| # shortcircuit USER_IN_ALL_SPAM_TO on
| |
| # shortcircuit SUBJECT_IN_WHITELIST on
| |
|
| |
| # the opposite; blacklisted mails can also save CPU
| |
| #
| |
| # shortcircuit USER_IN_BLACKLIST on
| |
| # shortcircuit USER_IN_BLACKLIST_TO on
| |
| # shortcircuit SUBJECT_IN_BLACKLIST on
| |
|
| |
| # if you have taken the time to correctly specify your "trusted_networks",
| |
| # this is another good way to save CPU
| |
| #
| |
| # shortcircuit ALL_TRUSTED on
| |
|
| |
| # and a well-trained bayes DB can save running rules, too
| |
| #
| |
| # shortcircuit BAYES_99 spam
| |
| # shortcircuit BAYES_00 ham
| |
| whitelist_from @mymail.ru
| |
|
| |
| endif # Mail::SpamAssassin::Plugin::Shortcircuit
| |
|
| |
| * Стартуем spamassasin:
| |
|
| |
|
| /etc/init.d/spamassassin start
| |
|
| |
|
| * Редактируем файл постфикса /etc/postfix/master.cf
| |
| - Строку:
| |
| ..
| |
| smtp inet n - - - - smtpd
| |
| ..
| |
| - Заменяем на:
| |
| ..
| |
| smtp inet n - - - - smtpd -o content_filter=spamassassin
| |
| ..
| |
|
| |
| - Перед:
| |
| ..
| |
| dbmail-lmtp unix - - n - - lmtp
| |
| -o disable_dns_lookups=yes
| |
| ..
| |
|
| |
| - Добавляем:
| |
| ..
| |
| spamassassin unix - n n - - pipe user=debian-spamd argv=/usr/bin/spamc -s 5120000 -f -e /usr/sbin/sendmail -oi -f
| |
| ${sender}${recipient}
| |
| ..
| |
|
| |
| * Перезапускаем '''postfix''':
| |
|
| |
| /etc/init.d/postfix restart
| |
|
| |
| * Проверяем работу почты, все должно работать...
| |
|
| |
|
|
| |
|
| | '''ИСТОЧНИКИ:''' |
| <hr> | | <hr> |
| | | * [https://habrahabr.ru/company/selectel/blog/305422/ Gogs: легковесный git-сервис ] |
| Источники:
| | * [https://ru.stackoverflow.com/questions/482760/%D0%9A%D0%B0%D0%BA-%D0%BD%D0%B0%D1%81%D1%82%D1%80%D0%BE%D0%B8%D1%82%D1%8C-git-%D0%B4%D0%BB%D1%8F-utf-8-bom-%D0%B1%D0%B5%D0%B7-%D0%B8%D0%B7%D0%BC%D0%B5%D0%BD%D0%B5%D0%BD%D0%B8%D1%8F-%D0%BA%D0%BE%D0%B4%D0%B8%D1%80%D0%BE%D0%B2%D0%BA%D0%B8 Как настроить git для utf-8] |
| | * [http://www.calculate-linux.org/main/ru/gitolite Gitolite + git настройка] |
| | * [https://git-scm.com/book/ru/v1/Git-%D0%BD%D0%B0-%D1%81%D0%B5%D1%80%D0%B2%D0%B5%D1%80%D0%B5-Gitolite 8 Git на сервере - Gitolite] |
| | * [https://gogs.io/docs/installation/install_from_source Install from source gogs] |
| | * [https://linode.com/docs/development/version-control/install-gogs-on-debian/ Install Gogs on Debian 9 with nginx and PostgreSQL] |
| | * [https://gitea.io/en-US/ Fork Gogs] |
| <hr> | | <hr> |
| * [https://www.opennet.ru/docs/RUS/dbmail_postfix/ Почтовый сервер на основе реляционной СУБД.] | | * [https://www.youtube.com/watch?v=H5TnunZIN40 Видео уроки GOGS] |
| * [http://library.mobrien.com/dbmailadministrator/ GUI-конфигуратора DbMail Administrator (DBMA), написанного на Perl]
| |
| * [https://habrahabr.ru/post/37195/ Настройка exim+postgresql+dbmail+spamassassin...]
| |
| * [https://www.opennet.ru/docs/RUS/dbmail/#dbmail_fs Создание почтовой системы на базе exim, dbmail, amavisd-new и postgresql]
| |
| * [https://www.opennet.ru/docs/RUS/dbmail_postfix/ Почтовый сервер на основе реляционной СУБД]
| |
| * [https://habrahabr.ru/post/211078/ Почтовый сервер с хранением данных в PostgreSQL]
| |
| * [https://www.opennet.ru/base/net/exim_intro.txt.html Exim (exim mail mta virtual spam virus clamav freebsd imap postgresql)]
| |
| * [http://www.linuxcenter.ru/lib/articles/soft/ezh_mailsystem.phtml?style=print Создание почтовой системы на базе exim, dbmail, amavisd-new и postgresql]
| |
| * [https://www.lissyara.su/archive/exim+dbmail/ Exim и dbmail]
| |
| * [https://vovanys.com/linux/pochtovyj-server-pod-ubuntu-server-svyazka-dbmail-postfix-sasl-spamassassin-clamav/ Почтовый сервер под Ubuntu Server: связка DBmail + Postfix + sasl + spamassassin + clamav]
| |
| * [http://samag.ru/archive/article/608 Почтовый сервер на основе реляционной СУБД - переработанное]
| |
| * [http://www.wertup.ru/ubuntu/mail-server Почтовый сервер cвязка DBmail + Postfix + sasl + spamassassin + clamav + DBMA + Roundcube webmail]
| |
| * [https://www.lissyara.su/articles/freebsd/mail/postfix+dbmail/ Почтовая система Postfix + DBMail + SASL2 + TLS + DSpam + ClamAV + RoundCubeWebMail]
| |
| * [http://www.dbmail.org/dokuwiki/doku.php/stunnel How to set up and use encrypted connections with DBmail]
| |