imported>Vix |
imported>Vix |
Строка 1: |
Строка 1: |
| '''Руководство для быстрого развертывания собственного сервера почты.'''<br>
| | [[Файл:Zabbix2.png]] |
| * ''Данная статья появилась тут в связи с тем, что я столкнулся с проблемой переноса почтового сервера на обычной файловой системе.''
| | <hr> |
| ''В первую очередь с тем, что почта была организована на уже устаревшем ПО и перенос ее на новую платформу без потерь стал практически не возможен.
| | == Установка и настройка == |
| А вот хранение почты в базе данных, дает огромные преимущества при обновлении или доступе к информации, а так же восстановлении. В частности у меня база данных находится на другом хосте, что сильно облегчает ее обслуживание, при этом все конфигурационные файлы самой почты можно легко повторить если понадобится на новом хосте для создания почтового сервера заново.''<br>
| | '''''- Система Debian Jessie (8)''''' |
| | |
| =='''. Порядок установки dbmail'''== | |
| * '''''Система Debian Stretch {9}'''''
| |
| * Используемый source.list
| |
| #
| |
| deb http://mirror.mephi.ru/debian/ stretch main
| |
| deb-src http://mirror.mephi.ru/debian/ stretch main
| |
|
| |
| deb http://security.debian.org/debian-security stretch/updates main
| |
| deb-src http://security.debian.org/debian-security stretch/updates main
| |
|
| |
| # stretch-updates, previously known as 'volatile'
| |
| deb http://mirror.mephi.ru/debian/ stretch-updates main
| |
| deb-src http://mirror.mephi.ru/debian/ stretch-updates main
| |
|
| |
| ###### Debian Main Repos
| |
| deb http://deb.debian.org/debian/ stable main contrib non-free
| |
| deb-src http://deb.debian.org/debian/ stable main contrib non-free
| |
|
| |
| deb http://deb.debian.org/debian/ stable-updates main contrib non-free
| |
| deb-src http://deb.debian.org/debian/ stable-updates main contrib non-free
| |
|
| |
| deb http://deb.debian.org/debian-security stable/updates main contrib non-free
| |
| deb-src http://deb.debian.org/debian-security stable/updates main contrib non-free
| |
|
| |
| deb http://ftp.debian.org/debian stretch-backports main contrib non-free
| |
| deb-src http://ftp.debian.org/debian stretch-backports main contrib non-free
| |
|
| |
| 1.1 ''Устанавливаем необходимые пакеты:''
| |
| apt-get install pkg-config libglib2.0-dev libgmime-2.6-dev libmhash-dev libevent-dev libssl-dev libzdb-dev\
| |
| autoconf automake libtool autotools-dev dpkg-dev fakeroot debhelper dh-make libldap2-dev libsieve2-dev ascidoc\
| |
| libcrypto++6 libcrypto++-utils libcrypto++-dev xmlto xmltoman libarchive-tools lrzip binutils-multiarch\
| |
| arch-test libpgf-dev libsasl2-modules-db libsasl2-modules curl libcroco3 libsasl2-2 procmail libsasl2-modules-sql\
| |
| libpcre32-3 zlib1g-dev libmhash-dev libpcrecpp0v5
| |
| | |
| 1.2 ''Скачиваем с [http://www.dbmail.org/index.php?page=download dbmail.org] исходники:''
| |
| wget -c -t 0 -T 8 http://www.dbmail.org/download/3.1/dbmail-3.1.17.tar.gz
| |
| | |
| 1.3 ''Распаковываем и компилируем:''
| |
| cp dbmail-3.1.17.tar.gz /usr/local/src
| |
| tar -xf dbmail-3.1.17.tar.gz /usr/local/src.dbmail-3.1.7
| |
| cp dbmail-3.1.17.tar.gz /usr/local/src/dbmail_3.1.7.orig.tar.gz
| |
| * '''[!]''' - ''не знаю, может так у меня получилось, но когда применяешь комменты, версия которая высвечивается именно'' '''3.1.7'''!!
| |
| * '''[!]''' - ''именно поэтому все, что тут распаковываем и создаем имеет версию'' - 3.1.7 ...
| |
| | |
| ''Готовим пакет к сборке:''
| |
| cd /usr/local/src/dbmail-3.1.7
| |
| ./configure --prefix=/usr
| |
|
| |
| dpkg-source --commit
| |
| даем имя, что-то: '''pgsql.commit'''<br>
| |
| выходим по '''ESC'''<br>
| |
| должно быть так:<br>
| |
| ...
| |
| dpkg-source: инфо: локальные изменения были записаны в новую заплату: dbmail-3.1.7/debian/patches/pgsql.commit
| |
| | |
| далее:
| |
| cd /usr/local/src/
| |
| dpkg-source -b dbmail-3.1.7
| |
| | |
| cd /usr/local/src/dbmail-3.1.7
| |
| dpkg-buildpackage -d
| |
| | |
| * '''[!]''' - если у вас появилось сообщение типа:
| |
| ...
| |
| debian/rules:138: *** missing separator (did you mean TAB instead of 8 spaces?). Останов.
| |
| dpkg-buildpackage: ошибка: debian/rules clean возвратил код ошибки 2
| |
| | |
| * '''[!]''' - то необходимо исправить ошибку в файле '''dbmail-3.1.7/debian/rules'''
| |
| строка 138:
| |
| '''''........make -f debian/rules binary-common $* DH_OPTIONS=-p$*'''''
| |
| ^^^
| |
| здесь 8 пробелов!! - а должно быть 2 табуляции, что и вызывает ошибку...
| |
| | |
| * после того как соберется пакет, дожно быть так:
| |
| # ls -n /usr/local/src
| |
| итого 3668
| |
| drwxrwxr-x 13 0 0 4096 ноя 2 00:19 dbmail-3.1.7
| |
| -rw-r--r-- 1 0 50 7597 ноя 2 00:19 dbmail_3.1.7-1_amd64.buildinfo
| |
| -rw-r--r-- 1 0 50 1957 ноя 2 00:19 dbmail_3.1.7-1_amd64.changes
| |
| -rw-r--r-- 1 0 50 349256 ноя 2 00:19 dbmail_3.1.7-1_amd64.deb
| |
| -rw-r--r-- 1 0 50 148008 ноя 2 00:14 dbmail_3.1.7-1.debian.tar.xz
| |
| -rw-r--r-- 1 0 50 1045 ноя 2 00:14 dbmail_3.1.7-1.dsc
| |
| -rw-r--r-- 1 0 0 2391054 июл 27 2014 dbmail_3.1.7.orig.tar.gz
| |
| -rw-r--r-- 1 0 50 838508 ноя 2 00:19 dbmail-dbgsym_3.1.7-1_amd64.deb
| |
|
| |
|
| * копируем себе в архив и ставим пакет. | | * '''устанавливаем postgresql''', читать тут [[PostgreSQL]] |
| dpkg -i dbmail_3.1.7-1_amd64.deb
| |
| * собранный пакет для Debian 9 (Stretch) amd64 можно взять: [http://download.qbpro.ru/download/pkg/dbmail/ '''тут''']
| |
|
| |
|
| * Официальная документация [https://linux.die.net/man/5/dbmail.conf Тут..] | | * '''устанавливаем необходимые пакеты:''' |
| * правим файл конфигурации:
| | echo "deb-src http://repo.zabbix.com/zabbix/3.4/debian stretch main" > /etc/apt/sources.list.d/zabbix.list |
| editor /etc/dbmail/dbmail.conf | | wget -O - "http://repo.zabbix.com/zabbix-official-repo.key" | apt-key add - |
| | wget -O - "https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-79EA5ED4" | apt-key add - |
| | wget -O - "https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-A14FE591" | apt-key add - |
| | wget -O - "https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-A14FE591-EL5" | apt-key add - |
|
| |
|
| * пример рабочего конфигурационного файла:
| | apt-get update |
| | apt-get install zabbix-agent zabbix-frontend-php zabbix-proxy-pgsql zabbix-server-pgsql php-fpm nginx |
|
| |
|
| # (c) 2000-2006 IC&S, The Netherlands
| | * '''создаем базу данных для zabbix''' |
| #
| | CREATE DATABASE "zabbix" |
| # Configuration file for DBMAIL
| | WITH OWNER "zabbixadmin" |
|
| | ENCODING 'UTF8' |
| [DBMAIL]
| | LC_COLLATE = 'ru_RU.UTF-8' |
| #
| | LC_CTYPE = 'ru_RU.UTF-8'; |
| # Database settings
| |
| #
| |
| # database connection URI
| |
|
| |
| '''#dburi = sqlite:///var/tmp/dbmail.db'''
| |
| '''dburi = postgresql://dbmail:dbmailpass@10.0.5.2:5432/mailbasename'''
| |
| #
| |
| # Supported drivers are sql, ldap.
| |
| #
| |
| '''authdriver = sql'''
| |
|
| |
| #
| |
| #
| |
| # following fields are now DEPRECATED!
| |
| '''driver = postgresql'''
| |
| '''host = 10.0.5.2''' | |
| '''sqlport = 5432'''
| |
| '''#sqlsocket ='''
| |
| '''user = dbmail'''
| |
| '''pass = dbmailpass'''
| |
| '''db = mailbasename'''
| |
|
| |
| #
| |
| # Number of database connections per threaded daemon
| |
| # This also determines the size of the worker threadpool
| |
| #
| |
| # Do NOT increase this without proper consideration. A
| |
| # very large database/worker pool will not only increase
| |
| # the connection pressure on the database, but will more
| |
| # significantly cause unnecessary context-switching in
| |
| # your CPUs.
| |
| #
| |
| #max_db_connections = 10
| |
|
| |
| #
| |
| # Table prefix. Defaults to "dbmail_" if not specified.
| |
| #
| |
| '''table_prefix = dbmail_'''
| |
|
| |
| #
| |
| # encoding must match the database/table encoding.
| |
| # i.e. latin1, utf8
| |
| encoding = utf8
| |
|
| |
| #
| |
| # messages with unknown encoding will be assumed to have
| |
| # default_msg_encoding
| |
| # i.e. iso8859-1, utf8
| |
| default_msg_encoding = utf8
| |
|
| |
| #
| |
| # Postmaster's email address for use in bounce messages.
| |
| #
| |
| #postmaster = DBMAIL-MAILER
| |
|
| |
| #
| |
| # Sendmail executable for forwards, replies, notifies, vacations.
| |
| # You may use pipes (|) in this command, for example:
| |
| # dos2unix|/usr/sbin/sendmail works well with Qmail.
| |
| # You may use quotes (") for executables with unusual names.
| |
| #
| |
| sendmail = /usr/sbin/sendmail
| |
|
| |
| #
| |
| #
| |
| # The following items can be overridden in the service-specific sections.
| |
| #
| |
| #
| |
|
| |
| #
| |
| # Logging via stderr/log file and syslog
| |
| #
| |
| # Logging is broken up into 8 logging levels and each level can be indivually turned on or off.
| |
| # The Stderr/log file logs all entries to stderr or the log file.
| |
| # Syslog logging uses the facility mail and the logging level of the event for logging.
| |
| # Syslog can then be configured to log data according to the levels.
| |
| #
| |
| # Set the log level to the sum of the values next to the levels you want to record.
| |
| # 1 = Emergency
| |
| # 2 = Alert
| |
| # 4 = Critical
| |
| # 8 = Error
| |
| # 16 = Warning
| |
| # 32 = Notice
| |
| # 64 = Info
| |
| # 128 = Debug
| |
| # 256 = Database -> Logs at debug level
| |
| #
| |
| # Examples: 0 = Nothing
| |
| # 31 = Emergency + Alert + Critical + Error + Warning
| |
| # 511 = Everything
| |
| #
| |
| file_logging_levels = 7
| |
| #
| |
| syslog_logging_levels = 31
| |
|
| |
| #
| |
| # Generate a log entry for database queries for the log level at number of seconds of query execution time.
| |
| #
| |
| query_time_info = 10
| |
| query_time_notice = 20
| |
| query_time_warning = 30
| |
|
| |
| #
| |
| # Throw an exception is the query takes longer than query_timeout seconds
| |
| query_timeout = 300
| |
|
| |
| #
| |
| # Root privs are used to open a port, then privs
| |
| # are dropped down to the user/group specified here.
| |
| #
| |
| '''effective_user = dbmail'''
| |
| '''effective_group = mail'''
| |
|
| |
| #
| |
| # The IPv4 and/or IPv6 addresses the services will bind to.
| |
| # Use * for all local interfaces.
| |
| # Use 127.0.0.1 for localhost only.
| |
| # Separate multiple entries with spaces ( ) or commas (,).
| |
| #
| |
| '''bindip = 0.0.0.0 # IPv4 only - all IP's'''
| |
| #bindip = :: # IPv4 and IPv6 - all IP's (linux)
| |
| #bindip = :: # IPv6 only - all IP's (BSD)
| |
| #bindip = 0.0.0.0,:: # IPv4 and IPv6 - all IP's (BSD)
| |
|
| |
|
| |
| #
| |
| # The maximum length of the queue of pending connections. See
| |
| # listen(2) for more information
| |
| #
| |
| # backlog = 128
| |
|
| |
| #
| |
| # Idle time allowed before a connection is shut off.
| |
| #
| |
| timeout = 300
| |
|
| |
| #
| |
| # Idle time allowed before a connection is shut off if you have not logged in yet.
| |
| #
| |
| login_timeout = 60
| |
|
| |
| #
| |
| # If yes, resolves IP addresses to DNS names when logging.
| |
| #
| |
| resolve_ip = yes
| |
|
| |
| #
| |
| # If yes, keep statistics in the authlog table for connecting users
| |
| #
| |
| authlog = no
| |
|
| |
| #
| |
| # logfile for stdout messages
| |
| #
| |
| logfile = /var/log/dbmail.log
| |
|
| |
| #
| |
| # logfile for stderr messages
| |
| #
| |
| errorlog = /var/log/dbmail.err
| |
|
| |
| #
| |
| # directory for storing PID files
| |
| #
| |
| pid_directory = /var/run/dbmail
| |
|
| |
| #
| |
| # directory for locating libraries (normally has a sane default compiled-in)
| |
| #
| |
| library_directory = /usr/lib/dbmail
| |
|
| |
| #
| |
| # SSL/TLS certificates
| |
| #
| |
| # A file containing a list of CAs in PEM format
| |
| tls_cafile =
| |
|
| |
| # A file containing a PEM format certificate
| |
| tls_cert =
| |
|
| |
| # A file containing a PEM format RSA or DSA key
| |
| tls_key =
| |
|
| |
| # A cipher list string in the format given in ciphers(1)
| |
| tls_ciphers =
| |
|
| |
|
| |
| # hashing algorithm. You can select your favorite hash type
| |
| # for generating unique ids for message parts.
| |
| #
| |
| # for valid values check mhash(3) but minus the MHASH_ prefix.
| |
| #
| |
| # if you ever change this value run 'dbmail-util --rehash' to
| |
| # update the hash for all mimeparts.
| |
| #
| |
| # examples: MD5, SHA1, SHA256, SHA512, TIGER, WHIRLPOOL
| |
| #
| |
| # hash_algorithm = SHA1
| |
|
| |
|
| |
| # header_cache tuning
| |
| #
| |
| # set header_cache_readonly to 'yes' to prevent new
| |
| # unknown header-names from being cached.
| |
| #
| |
| # header_cache_readonly = yes
| |
|
| |
|
| |
|
| |
| [LMTP]
| |
| '''bindip = 127.0.0.1'''
| |
| port = 24
| |
| #tls_port =
| |
|
| |
|
| |
| [POP]
| |
| port = 110
| |
| #tls_port = 995
| |
|
| |
| # You can set an alternate banner to display when connecting to the service
| |
| # banner = DBMAIL pop3 server ready to rock
| |
|
| |
| #
| |
| # If yes, allows SMTP access from the host IP connecting by POP3.
| |
| # This requires addition configuration of your MTA
| |
| #
| |
| pop_before_smtp = no
| |
|
| |
| [HTTP]
| |
| port = 41380
| |
| #
| |
| # the httpd daemon provides full access to all users, mailboxes
| |
| # and messages. Be very careful with this one!
| |
| '''bindip = 127.0.0.1'''
| |
| admin = admin:secret
| |
|
| |
| [IMAP]
| |
| # You can set an alternate banner to display when connecting to the service
| |
| # banner = imap 4r1 server (dbmail 2.3.x)
| |
|
| |
| #
| |
| # Port to bind to.
| |
| #
| |
| port = 143
| |
| ##tls_port = 993
| |
|
| |
| #
| |
| # IMAP prefers a longer timeout than other services.
| |
| #
| |
| timeout = 4000
| |
|
| |
| #
| |
| # If yes, allows SMTP access from the host IP connecting by IMAP.
| |
| # This requires addition configuration of your MTA
| |
| #
| |
| imap_before_smtp = no
| |
|
| |
| #
| |
| # during IDLE, how many seconds between checking the mailbox
| |
| # status (default: 30)
| |
| #
| |
| # idle_timeout = 30
| |
|
| |
| # during IDLE, how often should the server send an '* OK' still
| |
| # here message (default: 10)
| |
| #
| |
| # the time between such a message is idle_timeout * idle_interval
| |
| # seconds
| |
| #
| |
| # idle_interval = 10
| |
|
| |
| #
| |
| # If TLS is enabled, login before starttls is normally
| |
| # not allowed. Use login_disabled=no to change this
| |
| #
| |
| # login_disabled = yes
| |
|
| |
| #
| |
| # Provide a CAPABILITY to override the default
| |
| #
| |
| # capability = IMAP4 IMAP4rev1 AUTH=LOGIN ACL RIGHTS=texk NAMESPACE CHILDREN SORT QUOTA THREAD=ORDEREDSUBJECT UNSELECT IDLE
| |
|
| |
| # max message size. You can specify the maximum message size
| |
| # accepted by the IMAP daemon during APPEND commands.
| |
| #
| |
| # Supported formats:
| |
| # decimal: 1000000
| |
| # octal: 03777777
| |
| # hex: 0xfffff
| |
| #
| |
| # max_message_size =
| |
|
| |
|
| |
| [SIEVE]
| |
| #
| |
| # Port to bind to.
| |
| #
| |
| port = 2000
| |
| tls_port =
| |
|
| |
|
| |
| [LDAP]
| |
| port = 389
| |
| version = 3
| |
| hostname = ldap
| |
| base_dn = ou=People,dc=mydomain,dc=com
| |
|
| |
| #
| |
| # If your LDAP library supports ldap_initialize(), then you can use the
| |
| # alternative LDAP server DSN like following.
| |
| #
| |
| # URI = ldap://127.0.0.1:389
| |
| # URI = ldapi://%2fvar%2frun%2fopenldap%2fldapi/
| |
|
| |
| #
| |
| # Leave blank for anonymous bind.
| |
| # example: cn=admin,dc=mydomain,dc=com
| |
| #
| |
| bind_dn =
| |
|
| |
| #
| |
| # Leave blank for anonymous bind.
| |
| #
| |
| bind_pw =
| |
| scope = SubTree
| |
|
| |
| # AD users may want to set this to 'no' to disable
| |
| # ldap referrals if you are seeing 'Operations errors'
| |
| # in your logs
| |
| #
| |
| referrals = yes
| |
|
| |
| user_objectclass = top,account,dbmailUser
| |
| forw_objectclass = top,account,dbmailForwardingAddress
| |
| cn_string = uid
| |
| field_passwd = userPassword
| |
| field_uid = uid
| |
| field_nid = uidNumber
| |
| min_nid = 10000
| |
| max_nid = 15000
| |
| field_cid = gidNumber
| |
| min_cid = 10000
| |
| max_cid = 15000
| |
|
| |
| # a comma-separated list of attributes to match when searching
| |
| # for users or forwards that match a delivery address. A match
| |
| # on any of them is a hit.
| |
| field_mail = mail
| |
|
| |
| # field that holds the mail-quota size for a user.
| |
| field_quota = mailQuota
| |
|
| |
| # field that holds the forwarding address.
| |
| field_fwdtarget = mailForwardingAddress
| |
|
| |
| # override the query string used to search for users
| |
| # or forwards with a delivery address.
| |
| # query_string = (mail=%s)
| |
|
| |
| [DELIVERY]
| |
| #
| |
| # Run Sieve scripts as messages are delivered.
| |
| #
| |
| SIEVE = yes
| |
|
| |
| #
| |
| # Use 'user+mailbox@domain' format to deliver to a mailbox.
| |
| #
| |
| SUBADDRESS = yes
| |
|
| |
| #
| |
| # Turn on/off the Sieve Vacation extension.
| |
| #
| |
| SIEVE_VACATION = yes
| |
|
| |
| #
| |
| # Turn on/off the Sieve Notify extension
| |
| #
| |
| SIEVE_NOTIFY = yes
| |
|
| |
| #
| |
| # Turn on/off additional Sieve debugging.
| |
| #
| |
| SIEVE_DEBUG = no
| |
|
| |
|
| |
| # Use the auto_notify table to send email notifications.
| |
| #
| |
| AUTO_NOTIFY = no
| |
|
| |
| #
| |
| # Use the auto_reply table to send away messages.
| |
| #
| |
| AUTO_REPLY = no
| |
|
| |
| #
| |
| # Defaults to "NEW MAIL NOTIFICATION"
| |
| #
| |
| #AUTO_NOTIFY_SUBJECT =
| |
|
| |
| #
| |
| # Defaults to POSTMASTER from the DBMAIL section.
| |
| #
| |
| #AUTO_NOTIFY_SENDER =
| |
|
| |
|
| |
| # If you set this to 'yes' dbmail will check for duplicate
| |
| # messages in the relevant mailbox during delivery using
| |
| # the Message-ID header
| |
| #
| |
| suppress_duplicates = no
| |
|
| |
| #
| |
| # Soft or hard bounce on over-quota delivery
| |
| #
| |
| quota_failure = hard
| |
|
| |
|
| |
| # end of configuration file
| |
|
| |
|
| |
|
| * правим default конфигурационный файл - /etc/default/dbmail | | * '''теперь необходимо в эту базу загрузить шаблоны и схему (для postgresql)''' |
| | zcat /usr/share/zabbix-server-pgsql/{schema,images,data}.sql.gz|psql -h 127.0.0.1 zabbix zabbixadmin |
| | '''{!}''' - для версии 3.4: |
| | zcat /usr/share/doc/zabbix-server-pgsql/create.sql.gz|psql -h 127.0.0.1 zabbix zabbixadmin |
|
| |
|
| # debian specific configuration for dbmail
| | * '''настраиваем php-fpm''' |
|
| | cat /etc/php5/fpm/pool.d/www.conf |
| # work-around for linux/epoll bug in libevent
| | .... |
| export EVENT_NOEPOLL=yes
| | ;listen = /var/run/php5-fpm.sock |
|
| | listen = 127.0.0.1:9000 |
| # comment out to disable the pop3 server
| |
| '''START_POP3D=true'''
| |
| | |
| # comment out to disable the imapd server | |
| '''START_IMAPD=true'''
| |
| | |
| # uncomment to enable the lmtpd server
| |
| '''START_LMTPD=true'''
| |
|
| |
| # uncomment to enable the timsieved server
| |
| #START_SIEVE=true | |
| | | |
| # comment out to enable the stunnel SSL wrapper | | .... |
| '''START_SSL=true'''
| |
| | | |
| # specify the filename for the pem file as | | cat /etc/php5/fpm/php.ini |
| # it resides in /etc/ssl/certs
| | .... |
| '''PEMFILE="/etc/ssl/serts/dbmail.pem"'''
| | disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,<br>pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,<br>pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority, |
| | | .... |
| * создаем сертификат для dbmail:
| | date.timezone = Europe/Moscow |
| cd /etc/ssl/certs
| | .... |
| openssl req -new -x509 -nodes -out dbmail.pem -keyout smtpd.pem -days 3650 | | max_execution_time = 300 |
|
| | .... |
| * перезапуск службы:
| | post_max_size = 16M |
| systemctl restart dbmail
| | .... |
| | | always_populate_raw_post_data = -1 |
| * Краткое пояснение:
| | .... |
| 1. Предназначенные для доставки сообщений от MTA в хранилище.<br>
| |
| 2. Предназначенные для доставки MUA из хранилища.<br> | |
| | |
| * К первым относятся:<br>
| |
| '''dbmail-lmtpd''' – UNIX-демон, принимающий клиентские подключения через UNIX-сокет или TCP-сокет. Для приема почтовых сообщений используется протокол LMTP. На каждое входящее сообщение MTA создает только клиентский сокет, необходимое количество процессов и подключений к БД создается заранее.<br>
| |
| Таким образом, этот вариант обеспечивает лучшую производительность при высокой нагрузке, но при низкой он потребляет больше системных ресурсов, чем необходимо.<br>
| |
| | |
| * Ко вторым относятся:<br>
| |
| '''dbmail-pop3d''' – демон для доступа по протоколу POP3.<br>
| |
| '''dbmail-imapd''' – демон для доступа по протоколу IMAP.<br>
| |
| | |
| * Кроме того, в состав DBMail входят следующие вспомогательные утилиты:<br>
| |
| '''dbmail-users''' – инструмент для управления пользователями и их псевдонимами (возможно, многим из вас будет привычнее термин alias).<br>
| |
| '''dbmail-util''' – инструмент для очистки, оптимизации и проверки корректности БД.<br>
| |
| | |
| * С установкой '''dbmail''' пока окончено, следующий этап установка '''postgesql''' и настройка для будущей работы.
| |
| | |
| =='''. Читаем тут:[[Настройка PostgreSQL]]'''==
| |
| | |
| 2.1. После того как мы настроили базу данных '''postgresql''', создаем пользователя '''dbmail''' и базу '''dbmail'''<br>
| |
| * Создаем пользователя для работы с почтовой базой
| |
| createuser -U postgres -P dbmail | |
| | |
| * '''[!]''' - Ни в коем случае не используйте спецсимволы в пароле, кроме #! (авторизация может не проходить)
| |
| | |
| * Создаем базу
| |
| createdb -U postgres --owner dbmail dbmail | |
| | |
| * Вместе с '''dbmail''' идут заготовки базы, распаковываем и заливаем:
| |
| bunzip2 /usr/share/doc/dbmail-2.2.10/create_tables.pgsql.bz2 | |
| psql -U dbmail -d dbmail < /usr/share/doc/dbmail-2.2.10/create_tables.pgsql | |
| | |
| или так:
| |
| zcat /usr/share/doc/dbmail/examples/create_tables.pgsql.gz|psql -h 127.0.0.1 dbmail dbmailadmin | |
|
| |
|
| или так:
| | * '''(!)''' - возможно '''zabbix''' при первом запуске еще что-то попросит, измените как будет указано. |
| psql -U dbmail -h localhost maildb < create_tables.pgsql
| |
|
| |
|
| | * '''nginx''' - пример наcтройки для '''zabbix''': |
|
| |
|
| * В этом дампе нет таблицы для работы с виртуальными доменами, создадим ее:
| | server { |
| CREATE TYPE dtype AS ENUM ( | | listen 10.0.1.40:88; |
| 'LOCAL',
| | server_name zabbix; |
| 'VIRTUAL',
| | root /home/www/zabbix; |
| 'RELAY'
| | location / { |
| );
| | index index.html index.php; |
|
| | } |
| ALTER TYPE public.dtype OWNER TO dbmail;
| |
|
| |
| SET default_with_oids = true;
| |
| | | |
| CREATE TABLE dbmail_domains (
| | location ~* \.(gif|jpg|png)$ { |
| uid integer NOT NULL,
| | expires 30d; |
| domain character varying(128) NOT NULL,
| | } |
| type dtype NOT NULL
| |
| );
| |
| | | |
| INSERT INTO dbmail_domains (uid, domain, type) VALUES (1, 'example.com', 'LOCAL'); | | location ~ \.php$ { |
| | fastcgi_pass localhost:9000; |
| | fastcgi_param SCRIPT_FILENAME |
| | $document_root$fastcgi_script_name; |
| | include fastcgi_params; |
| | } |
| | } |
|
| |
|
| '''База готова.''' | | =='''Полезные советы'''== |
| | * '''Проблема:''' Триггер с элементом vm.memory.size |
| | Пытаюсь мониторить переполнение RAM (если меньше 10% свободной RAM в течении 5 минут) и создаю триггер: |
| | {hostname:vm.memory.size[available].last(5m)}<10 |
| | Однако ничего не происходит. |
|
| |
|
| * добавляем обработку базы в /etc/crontab | | * '''Решение:''' |
| ...
| | Вам для вашей задачи лучше использовать функцию max() |
| 0 3 * * * root /usr/sbin/dbmail-util -cturpd -l 24h -qq
| | {hostname:vm.memory.size[pavailable].max(5m)}<10 |
| ...
| | * [https://www.zabbix.com/forum/in-russian/46020-%D0%A2%D1%80%D0%B8%D0%B3%D0%B3%D0%B5%D1%80-%D1%81-%D1%8D%D0%BB%D0%B5%D0%BC%D0%B5%D0%BD%D1%82%D0%BE%D0%BC-vm-memory-size источник] |
| | | '''Пример:''' {Zabbix server:vm.memory.size[available].max(5m)}<10 |
| * проверяем работу '''dbmail''' c базой:
| | <hr> |
| | |
| dbmail-util -av
| |
| | |
| если есть ошибки, исправляем не забывая проверить файл конфигурации...<br>
| |
| .. если все ок, приступаем к настройке '''postfix'''
| |
| | |
| =='''. Настройка Postfix'''==
| |
| | |
| apt-get install postfix postfix-pgsql postfix-sqlite procmail libsasl2-2 libsasl2-modules libsasl2-modules-db\ | |
| libsasl2-modules-sql sqlite3 mutt postfix-pcre postfix-ldap postfix-lmdb sasl2-bin ufw bareos-common
| |
| | |
| * сразу вносим в '''/etc/hosts'''
| |
| ...
| |
| '''91.134.23.12 mydomain.ru'''
| |
| ..
| |
| | |
| * вносим необходимые изменения в файлы конфигурации - пример рабочей версии '''main.cf''':
| |
| | |
| # See /usr/share/postfix/main.cf.dist for a commented, more complete version
| |
|
| |
|
| |
| # Debian specific: Specifying a file name will cause the first
| |
| # line of that file to be used as the name. The Debian default
| |
| # is /etc/mailname.
| |
| #myorigin = /etc/mailname
| |
|
| |
| smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
| |
| biff = no | |
|
| |
| # appending .domain is the MUA's job.
| |
| append_dot_mydomain = no
| |
|
| |
| # Uncomment the next line to generate "delayed mail" warnings
| |
| #delay_warning_time = 4h
| |
|
| |
| readme_directory = no
| |
|
| |
| # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
| |
| # fresh installs.
| |
| compatibility_level = 2
| |
|
| |
| # TLS parameters
| |
| '''#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem'''
| |
| '''#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key'''
| |
| '''smtpd_tls_cert_file=/etc/postfix/ssl/smtpd.pem'''
| |
| '''smtpd_tls_key_file=/etc/postfix/ssl/smtpd.key'''
| |
| smtpd_use_tls=yes
| |
| smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
| |
| smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
| |
|
| |
| # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
| |
| # information on enabling SSL in the smtp client.
| |
|
| |
| '''smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination'''
| |
| '''myhostname = smtp.mydomain.ru'''
| |
| '''mydomain = mydomain.ru'''
| |
| alias_maps = hash:/etc/aliases
| |
| alias_database = hash:/etc/aliases
| |
| myorigin = /etc/mailname
| |
| '''mydestination = $myhostname, mydomain.ru, mymail.home.local, localhost.home.local, localhost'''
| |
| relayhost =
| |
| '''#mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128'''
| |
| '''######################### вторым ip указываем хост где база данных postgresql'''
| |
| '''mynetworks = 127.0.0.0/8 10.0.5.2'''
| |
| mailbox_size_limit = 0
| |
| recipient_delimiter = +
| |
| inet_interfaces = all
| |
| inet_protocols = all
| |
| '''############################## - указываем способ использования postgresql'''
| |
| '''recipient_bcc_maps = hash:/etc/postfix/db/recipient_bcc'''
| |
| '''local_recipient_maps = pgsql:/etc/postfix/dbmail-mailboxes.cf $alias_maps'''
| |
| '''virtual_alias_maps = pgsql:/etc/postfix/dbmail-mailboxes.cf $alias_maps'''
| |
| '''virtual_mailbox_domains = pgsql:/etc/postfix/dbmail-mailboxes.cf $alias_maps'''
| |
| '''local_transport = dbmail-lmtp:127.0.0.1:24'''
| |
| '''mailbox_transport = dbmail-lmtp:127.0.0.1:24'''
| |
|
| |
| '''# - подключаем авторизацию через sasl в master.cf через submission inet n - n - - smtpd -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes.'''
| |
| '''# - это необходимо чтобы убрать авторизацию на 25 порту, защита от подбора пароля для ботов'''
| |
| '''############################### - подключаем наш сертификат созданный как описано ниже.'''
| |
| '''smtpd_tls_auth_only = no'''
| |
| '''smtpd_tls_loglevel = 1'''
| |
| '''smtpd_tls_received_header = yes'''
| |
| '''smtpd_tls_session_cache_timeout = 3600s'''
| |
| '''tls_random_source = dev:/dev/urandom'''
| |
|
| |
| ### -- antispam rules
| |
| # Запрет некорректного синтаксиса в командах MAIL FROM или RCPT TO
| |
| strict_rfc821_envelopes = yes
| |
|
| |
| # Отключена команда SMTP VRFY - сбор информации о почтовых ящиках.
| |
| disable_vrfy_command = yes
| |
|
| |
| # Отклонение писем с несуществующим адресом отправителя.
| |
| smtpd_reject_unlisted_sender = yes
| |
|
| |
| # Максимальное количество входящих подключений, обслуживаемых демоном postfix.
| |
| max_use = 500
| |
|
| |
| # откладывать обработку списков ограничений до получения команды RCPT TO
| |
| smtpd_delay_reject = yes
| |
|
| |
| #Требование к клиентам отсылать команду HELO или EHLO перед использованием команды MAIL FROM или ETRN.
| |
| smtpd_helo_required = yes
| |
|
| |
| ###
| |
| smtpd_recipient_restrictions =
| |
| check_client_access hash:/etc/postfix/db/client_access,
| |
| permit_mynetworks,
| |
| permit_auth_destination,
| |
| permit_sasl_authenticated,
| |
| reject_unauth_destination,
| |
| reject_sender_login_mismatch,
| |
| reject_unknown_sender_domain,
| |
| reject_unknown_hostname,
| |
| reject_unknown_client,
| |
| reject_invalid_hostname,
| |
| reject_unverified_sender,
| |
| reject_non_fqdn_sender,
| |
| reject_non_fqdn_recipient,
| |
| reject_unauth_pipelining,
| |
| reject_unlisted_recipient,
| |
| reject_authenticated_sender_login_mismatch,
| |
| check_helo_access pcre:/etc/postfix/db/helo_checks,
| |
| check_helo_access hash:/etc/postfix/db/helo_regexp
| |
| # правило для '''postgrey''' - раскомментируйте после установки пакета, не зубудьте поставить перед правилом ''','''
| |
| # check_policy_service inet:127.0.0.1:10023
| |
| | |
| smtpd_client_restrictions =
| |
| permit_mynetworks,
| |
| hash:/etc/postfix/db/client_access,
| |
| regexp:/etc/postfix/db/dul_checks,
| |
| reject_unknown_client,
| |
| permit
| |
| | |
| # После добавления следующей строки, спам вообще почти пропал.
| |
| address_verify_sender = $double_bounce_sender
| |
| | |
| | |
| # если нужна отладка раскомментируйте эту строку и укажите свои параметры
| |
| #debug_peer_level = 2
| |
| #debug_peer_list = mymail.home.local mymail.ru 10.0.5.2/32 10.0.5.0/24
| |
|
| |
| * теперь пример файлов фильтрации на спам которые нужно создать в папке /etc/postfix/db (если нет папки '''db''' - то ее создать):
| |
| 1. Пример '''client_access''':
| |
| 10.0.5.1 OK
| |
| 10.0.5.2 OK
| |
| 10.0.5.3 OK
| |
| 10.0.5.4 OK
| |
| admin@mydomain.ru OK
| |
| mydomain.ru OK
| |
| | |
| 2. Пример '''dul_checks''':
| |
| /([0-9]*-){3}[0-9]*(\..*){2,}/i 553 SPAM_ip-add-rr-ess_networks
| |
| /([0-9]*\.){4}(.*\.){3,}.*/i 553 SPAM_ip-add-rr-ess_networks
| |
| /.*\..*\...\.comcast\.net/i 553 SPAM_comcast-net
| |
| /.*yahoobb.*\.bbtec\.net/i 553 SPAM_yahoobb_bbtec-net
| |
| /[0-9]{12}\.bbtec\.net/i 553 SPAM_host_bbtec-net
| |
| /.*\.broadband\.hu/i 553 SPAM_broadband-hu
| |
| /client.*\..*\..*/i 553 SPAM_CLIENT
| |
| /cable.*\..*\..*/i 553 SPAM_CABLE
| |
| /pool.*\..*\..*/i 553 SPAM_POOL
| |
| /dial.*\..*\..*/i 553 SPAM_DIAL
| |
| /ppp.*\..*\..*/i 553 SPAM_PPP
| |
| /dslam.*\..*\..*/i 553 SPAM_DSLAM
| |
| /dhcp.*\..*\..*/i 553 SPAM_DHCP
| |
| /[\.-]dsl.*\..*\..*/i 553 SPAM_DSL
| |
| /[ax]dsl.*\..*\..*/i 553 SPAM_XDSL
| |
| /.*([0-9]*\.){4}cableonline\.com\.mx/i 553 SPAM_IP-cableonline-com-mx
| |
| /.*\.([0-9]*\.){4}ip\.holtonks\.net/i 553 SPAM_ip-holtonks-net
| |
| /([0-9]*-){3}[0-9]*\.fibertel\.com\.ar/i 553 SPAM_IP-fibertel-com-ar
| |
| /.*[0-9]*-[0-9]*\.fibertel\.com\.ar/i 553 SPAM_IP-fibertel-com-ar
| |
| /[0-9]*\.user\.veloxzone\.com\.br/i 553 SPAM_user-veloxzone-com-br
| |
| /[0-9]*\.customer\.alfanett\.no/i 553 SPAM_customer-alfanett-no
| |
| /.*([0-9]*-){3}[0-9]*\.telecom\.net\.ar/i 553 SPAM_host-telecom-net-ar
| |
| /.*(-[0-9]*){2}\.telpol\.net\.pl/i 553 SPAM_host-telpol-net-pl
| |
| /(.*\.){2}maxonline\.com\.sg/i 553 SPAM_host-maxonline-com-sg
| |
| /(.*-){2}.*\.fairgamemail\.us/i 553 SPAM_host-fairgamemail-us
| |
| /[0-9]*[0-9]*-\.wispnet\.net/i 553 SPAM_host-wispnet-net
| |
| /.*-.*(\..*){2}\.ne\.jp/i 553 SPAM_host-ne-jp
| |
| /[0-9]*\..*\.ne\.jp/i 553 SPAM_h09t-ne-jp
| |
| /(.*\.){3}ad\.jp/i 553 SPAM_host-ad-jp
| |
| /(.*\.){4}revip\.asianet\.co\.th/i 553 SPAM_revip-asianet-co-th
| |
| /[0-9]*\..*\.virtua\.com\.br/i 553 SPAM_host-virtua-com-br
| |
| /([0-9]*-){3}[0-9]*\.exatt\.net/i 553 SPAM_host-exatt-net
| |
| /([0-9]*\.){4}ip\.alltel\.net/i 553 SPAM_host-ip-alltel-net
| |
| /[0-9]{6,}\.chello\.../i 553 SPAM_host-chello
| |
| /.*[0-9]*\..*\.chello\.../i 553 SPAM_host-chello-xx
| |
| /.*\..*\.t-dialin\.net/i 553 SPAM_t-dialin-net
| |
| /.*\..*\.t-ipconnect\.de/i 553 SPAM_t-ipconnect-de
| |
| /([0-9]*-){2,3}[0-9]*\..*\.cgocable\.net/i 553 SPAM_host-cgocable-net
| |
| /.*\..*\.shawcable\.net/i 553 SPAM_host-shawcable-net
| |
| /p[0-9]*\.mp[0-9]*\.aaanet\.ru/i 553 SPAM_aaa_modem_pool
| |
| /([0-9]*-){2}[0-9]*\.ip\.adsl\.hu/i 553 SPAM_ip-adsl-hu
| |
| /([0-9]{1,3}\.){2}broadband4\.iol\.cz/i 553 SPAM_broadband-iol-cz
| |
| /.*\.mydomain\.ru/i OK mydomain.ru
| |
| /.*\.home\.local/i OK home.local
| |
| | |
| 3. Пример '''helo_checks''':
| |
| /^mail\.example\.com$/ Reject That's my hostname, use your own
| |
| /^1\.1\.1\.1$/ Reject That's my IP address, use your own
| |
| /^[1\.1\.1\.1]$/ Reject That's my IP address, use your own
| |
| /^[0-9.]+$/ Reject Your client not RFC 2821 compilant
| |
| /([0-9]){1,3}\.([0-9]){1,3}\.([0-9]){1,3}\.([0-9]){1,3}/ 553 SPAM-raw-ip-in-helo
| |
| /(^|[0-9.-])([axv]dsl|isadsl|as|bgp|dynamicIP|broadband|cable|[ck]lient|dhcp|dial|dialin|dialup|dialer|dip|dsl|dslam|dup|dyn|dynamic|host|ip|isdn|modem|nas|node|pool|ppp|pppo[ae]|sirius.*ukrtel.*|user|users|vpn)[0-9.-]/i 553 SPAM_DYNAMIC-in-helo
| |
| /([0-9]*-){3}[0-9]*(\..*){2,}/i 553 SPAM-ip-add-rr-ess_networks-in-helo
| |
| /([0-9]*\.){4}(.*\.){3,}.*/i 553 SPAM-ip-add-rr-ess_networks-in-helo
| |
| /smtp[-0-9]*\.orange\.nl/i 553 SPAM-orange.nl
| |
| /smtp[-0-9]*\.orange\.fr/i 553 SPAM-orange.fr
| |
| /\.lan$/i 533 SPAM-lan-in-helo
| |
| | |
| 4. Пример '''helo_regexp''':
| |
| /([0-9]{1,3}(\.|-)){3}[0-9]{1,3}/i REJECT IP-able helo SPAM
| |
| | |
| 5. Пример '''recipient_bcc''':
| |
| *@mymail.home.local admin@mydomain.ru
| |
| *@devhost.home.local admin@mydomain.ru
| |
| | |
| * После этого делаем на все файлы '''postmap''':
| |
| postmap client_access
| |
| postmap dul_checks
| |
| postmap helo_checks
| |
| postmap helo_regexp
| |
| postmap recipient_bcc
| |
| | |
| * вносим необходимые изменения в файлы конфигурации - пример рабочей версии '''master.cf''':
| |
| #
| |
| # Postfix master process configuration file. For details on the format
| |
| # of the file, see the master(5) manual page (command: "man 5 master" or
| |
| # on-line: http://www.postfix.org/master.5.html).
| |
| #
| |
| # Do not forget to execute "postfix reload" after editing this file.
| |
| #
| |
| # ==========================================================================
| |
| # service type private unpriv chroot wakeup maxproc command + args
| |
| # (yes) (yes) (no) (never) (100)
| |
| # ==========================================================================
| |
| smtp inet n - y - - smtpd
| |
| #smtp inet n - y - 1 postscreen
| |
| #smtpd pass - - y - - smtpd
| |
| #dnsblog unix - - y - 0 dnsblog
| |
| #tlsproxy unix - - y - 0 tlsproxy
| |
| ###
| |
| ### - '''закрываем авторизацию с 25 порта и переносим в 587(против ботов spam)'''
| |
| ###
| |
| '''submission inet n - y - - smtpd'''
| |
| '''-o syslog_name=postfix/submission'''
| |
| '''-o broken_sasl_auth_clients=yes'''
| |
| '''-o smtpd_tls_security_level=may'''
| |
| '''-o smtpd_sasl_security_options=noanonymous'''
| |
| # -o smtpd_tls_security_level=encrypt
| |
| '''-o smtpd_sasl_auth_enable=yes'''
| |
| # -o smtpd_reject_unlisted_recipient=no
| |
| # -o smtpd_client_restrictions=$mua_client_restrictions
| |
| # -o smtpd_helo_restrictions=$mua_helo_restrictions
| |
| # -o smtpd_sender_restrictions=$mua_sender_restrictions
| |
| # -o smtpd_recipient_restrictions=
| |
| # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
| |
| # -o milter_macro_daemon_name=ORIGINATING
| |
| #smtps inet n - y - - smtpd
| |
| # -o syslog_name=postfix/smtps
| |
| # -o smtpd_tls_wrappermode=yes
| |
| # -o smtpd_sasl_auth_enable=yes
| |
| # -o smtpd_reject_unlisted_recipient=no
| |
| # -o smtpd_client_restrictions=$mua_client_restrictions
| |
| # -o smtpd_helo_restrictions=$mua_helo_restrictions
| |
| # -o smtpd_sender_restrictions=$mua_sender_restrictions
| |
| # -o smtpd_recipient_restrictions=
| |
| # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
| |
| # -o milter_macro_daemon_name=ORIGINATING
| |
| #628 inet n - y - - qmqpd
| |
| pickup unix n - y 60 1 pickup
| |
| cleanup unix n - y - 0 cleanup
| |
| qmgr unix n - n 300 1 qmgr
| |
| #qmgr unix n - n 300 1 oqmgr
| |
| tlsmgr unix - - y 1000? 1 tlsmgr
| |
| rewrite unix - - y - - trivial-rewrite
| |
| bounce unix - - y - 0 bounce
| |
| defer unix - - y - 0 bounce
| |
| trace unix - - y - 0 bounce
| |
| verify unix - - y - 1 verify
| |
| flush unix n - y 1000? 0 flush
| |
| proxymap unix - - n - - proxymap
| |
| proxywrite unix - - n - 1 proxymap
| |
| smtp unix - - y - - smtp
| |
| relay unix - - y - - smtp
| |
| # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
| |
| showq unix n - y - - showq
| |
| error unix - - y - - error
| |
| retry unix - - y - - error
| |
| discard unix - - y - - discard
| |
| local unix - n n - - local
| |
| virtual unix - n n - - virtual
| |
| lmtp unix - - y - - lmtp
| |
| anvil unix - - y - 1 anvil
| |
| scache unix - - y - 1 scache
| |
| #
| |
| # ====================================================================
| |
| # Interfaces to non-Postfix software. Be sure to examine the manual
| |
| # pages of the non-Postfix software to find out what options it wants.
| |
| #
| |
| # Many of the following services use the Postfix pipe(8) delivery
| |
| # agent. See the pipe(8) man page for information about ${recipient}
| |
| # and other message envelope options.
| |
| # ====================================================================
| |
| #
| |
| # maildrop. See the Postfix MAILDROP_README file for details.
| |
| # Also specify in main.cf: maildrop_destination_recipient_limit=1
| |
| #
| |
| maildrop unix - n n - - pipe
| |
| flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
| |
| #
| |
| # ====================================================================
| |
| #
| |
| # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
| |
| #
| |
| # Specify in cyrus.conf:
| |
| # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
| |
| #
| |
| # Specify in main.cf one or more of the following:
| |
| # mailbox_transport = lmtp:inet:localhost
| |
| # virtual_transport = lmtp:inet:localhost
| |
| #
| |
| # ====================================================================
| |
| #
| |
| # Cyrus 2.1.5 (Amos Gouaux)
| |
| # Also specify in main.cf: cyrus_destination_recipient_limit=1
| |
| #
| |
| #cyrus unix - n n - - pipe
| |
| # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
| |
| #
| |
| # ====================================================================
| |
| # Old example of delivery via Cyrus.
| |
| #
| |
| #old-cyrus unix - n n - - pipe
| |
| # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
| |
| #
| |
| # ====================================================================
| |
| #
| |
| # See the Postfix UUCP_README file for configuration details.
| |
| #
| |
| uucp unix - n n - - pipe
| |
| flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
| |
| #
| |
| # Other external delivery methods.
| |
| #
| |
| ifmail unix - n n - - pipe
| |
| flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
| |
| bsmtp unix - n n - - pipe
| |
| flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
| |
| scalemail-backend unix - n n - 2 pipe
| |
| flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
| |
| mailman unix - n n - - pipe
| |
| flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
| |
| ${nexthop} ${user}
| |
| '''######'''
| |
| '''dbmail-lmtp unix - - n - - lmtp'''
| |
| ''' -o disable_dns_lookups=yes'''
| |
| | |
| * '''Внимание:''' при записи в '''master.cf''' перед '''-o xxx''' должно быть '''2 пробела''', а где '''переменная=параметр''' без пробелов!
| |
| * создаем файл настройки подключения к базе postgresql - '''dbmail-mailboxes.cf''':
| |
| | |
| user = dbmail
| |
| password = userpass
| |
| hosts = 10.0.5.2
| |
| dbname = mailbasename
| |
| #
| |
| table = dbmail_aliases
| |
| select_field = alias
| |
| where_field = alias
| |
| | |
| * создаем файл настройки подключения к базе postgresql - '''dbmail-domains.cf''':
| |
| | |
| user = dbmail
| |
| password = userpass
| |
| hosts = 10.0.5.2
| |
| dbname = mailbasename
| |
| #
| |
| table = dbmail_domains
| |
| select_field = domain
| |
| where_field = domain
| |
| | |
| * Так как почтовый сервер изначально не рассматсривается как релей, то доступ к '''SMTP''' только по авторизации и для этого используем '''SASL'''.
| |
| * в каталоге настроек postfix создаем файл настроек для '''sasl''':
| |
| mkdir -p /etc/postfix/sasl
| |
| | |
| * создаем файл конфигурации - '''smtpd.conf''':
| |
| echo > /etc/postfix/sasl/smtpd.conf
| |
| * вносим содержимое файла:
| |
| edit /etc/postfix/sasl/smtpd.conf
| |
| | |
| pwcheck_method: auxprop
| |
| auxprop_plugin: sql
| |
| mech_list: digest-md5 cram-md5 login plain
| |
| sql_engine: pgsql
| |
| sql_user: dbmail
| |
| sql_passwd: userpass
| |
| sql_hostnames: 10.0.5.2
| |
| sql_database: mailbasename
| |
| sql_statement: select passwd from dbmail_users where userid='%u@%r'
| |
| sql_verbose: yes
| |
| | |
| * генерируем свой сертификат tls:
| |
| mkdir -p /etc/postfix/ssl
| |
| cd /etc/postfix/ssl
| |
| openssl req -new -x509 -days 3650 -nodes -out smtpd.pem -keyout smtpd.key
| |
| | |
| * перезапускаем '''postfix''':
| |
| systemctl restart postfix
| |
| или
| |
| /etc/init.d/postfix restart
| |
|
| |
|
| * проверяем работу '''postfix''': | | * '''Проблема:''' Если постоянно выскакивает предупреждение на триггер Disk I/O is overloaded on |
| # telnet mymail.ru 25 | | {Zabbix server:system.cpu.util[,iowait].last(0)}>20 |
| Trying mymail.ru... | | Получается, что ожидает операции ввода.вывода более 20 сек ? |
| Connected to mymail.ru.
| |
| Escape character is '^]'.
| |
| 220 mx.kscom.ru ESMTP Postfix
| |
| EHLO example.com
| |
| 250-mx.kscom.ru
| |
| 250-PIPELINING
| |
| 250-SIZE 10240000
| |
| 250-VRFY
| |
| 250-ETRN
| |
| 250-STARTTLS
| |
| 250-ENHANCEDSTATUSCODES
| |
| 250-8BITMIME
| |
| 250 DSN
| |
| QUIT
| |
| 221 2.0.0 Bye
| |
| Connection closed by foreign host. | |
| - должно быть - 250-STARTTLS
| |
| - все работает..
| |
|
| |
|
| * Пример проверки работы '''IMAP''' вручную через '''telnet''': | | * '''Решение:''' Cоветую увеличить интервал и также путем увелечинеия памяти! |
| Some useful commands are:
| | [https://www.zabbix.com/forum/zabbix-help/36397-disk-i-o-is-overloaded-on-zabbix-server/page2?t=44382&highlight=Disk+I/O+overloaded&page=2 Вот здесь совет] |
|
| | Пример: {Zabbix server:system.cpu.util[,iowait].avg(5m)}>30 |
| LOGIN [username] [password] | |
| LIST [flags] [folder separator] [search term]
| |
| STATUS [mailbox] [flags]
| |
| SELECT [mailbox]
| |
| FETCH [first]:[last] flags
| |
| FETCH [mail number] body[header]
| |
| FETCH [mail number] body[text]
| |
| LOGOUT
| |
|
| |
| Here is an example of an IMAP conversation between telnet and the server:
| |
|
| |
| telnet: > open imapserver.example.com imap
| |
| telnet: Trying 192.0.2.2...
| |
| telnet: Connected to imapserver.example.com.
| |
| telnet: Escape character is '^]'.
| |
| server: * OK Dovecot ready.
| |
| client: a1 LOGIN MyUsername MyPassword
| |
| server: a1 OK Logged in.
| |
| client: a2 LIST "" "*"
| |
| server: * LIST (\HasNoChildren) "." "INBOX"
| |
| server: a2 OK List completed.
| |
| client: a3 EXAMINE INBOX
| |
| server: * FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
| |
| server: * OK [PERMANENTFLAGS ()] Read-only mailbox.
| |
| server: * 1 EXISTS
| |
| server: * 1 RECENT
| |
| server: * OK [UNSEEN 1] First unseen.
| |
| server: * OK [UIDVALIDITY 1257842737] UIDs valid
| |
| server: * OK [UIDNEXT 2] Predicted next UID
| |
| server: a3 OK [READ-ONLY] Select completed. | |
| client: a4 FETCH 1 BODY[]
| |
| server: * 1 FETCH (BODY[] {405}
| |
| server: Return-Path: sender@example.com
| |
| server: Received: from client.example.com ([192.0.2.1])
| |
| server: by mx1.example.com with ESMTP
| |
| server: id <20040120203404.CCCC18555.mx1.example.com@client.example.com>
| |
| server: for <recipient@example.com>; Tue, 20 Jan 2004 22:34:24 +0200
| |
| server: From: sender@example.com
| |
| server: Subject: Test message
| |
| server: To: recipient@example.com
| |
| server: Message-Id: <20040120203404.CCCC18555.mx1.example.com@client.example.com>
| |
| server:
| |
| server: This is a test message.
| |
| server: )
| |
| server: a4 OK Fetch completed.
| |
| client: a5 LOGOUT
| |
| server: * BYE Logging out
| |
| server: a5 OK Logout completed.
| |
| Пример взят [http://blog.andrewc.com/2013/01/connect-to-imap-server-with-telnet/ Тут...]
| |
| <hr> | | <hr> |
| * [http://dummyluck.com/page/postfix_konfiguracia_nastroika '''Документация по Postfix''']
| |
| * [http://gentoo.theserverside.ru/book/ar61s06.html Добавим SSL и SASL поддержку в Postfix ]
| |
|
| |
| =='''. Настройка Stunnel'''==
| |
| * Данный пакет позволяет организовать защищенное соединение как для почты так и для других программ.<br>
| |
| * Далее будет описание, как создать защищенный вход на почтовый сервер.<br>
| |
|
| |
| * Устанавливаем пакет:
| |
| apt-get install stunnel4
| |
|
| |
| * в каталоге /etc/stunnel - сразу создаем себе скрипт для генерации сертификата, чтобы если понадобится снова не вспоминать как это...
| |
| echo > /etc/stunnel/create-sert
| |
| editor /etc/stunnel/create-sert
| |
|
| |
|
| * вносим содержимое: | | * '''Проблема:''' Zabbix discoverer processes more than 75% busy |
| #!/bin/sh
| |
| # каталог сертификатов SSL в системе
| |
| cd /etc/ssl/certs
| |
| # имя сертификата на свое усмотрение...
| |
| PEMFILE="servername.mymail.ru.pem"
| |
| # генерация сертификата
| |
| openssl req -new -x509 -nodes -days 3650 -out $PEMFILE -keyout $PEMFILE
| |
| chmod 600 $PEMFILE
| |
| [ -e temp_file ] && rm -f temp_file
| |
| dd if=/dev/urandom of=temp_file count=2
| |
| openssl dhparam -rand temp_file 512 >> $PEMFILE
| |
| ln -sf $PEMFILE `openssl x509 -noout -hash < $PEMFILE`.0
| |
| | | |
| * даем права на исполнение - только для root: | | * '''Решение:''' Этот процесс используется при обнаружении устройств в сети. |
| chmod 0700 /etc/stunnel/create-sert
| | Проверьте и в случае необходимости, подправьте настройки правил обнаружения или увеличьте количество процессов которые занимаются обнаружением новых устройств (параметр StartDiscoverers в конфиг файле zabbix сервера). |
| | | Если не нужен, то и не запускайте обнаружения. Если нужен, то поставьте 2. Посмотрите на графике динамику изменения. Если всё равно нагрузка будет большая, поставьте 3. Ну и так далее. |
| * запускаем скрипт и отвечаем на вопросы..
| |
| /etc/stunnel/create-sert
| |
| | |
| * создаем каталог в котором будет файл запуска .pid
| |
| mkdir -p /var/run/stunnel4/
| |
| | |
| * копируем из примера будущий конфигурационный файл для stunnel4
| |
| cp /usr/share/doc/stunnel4/examples/stunnel.conf-sample /etc/stunnel/stunnel.conf
| |
| | |
| * приводим его в такой вариант (рабочий пример):
| |
| ; Sample stunnel configuration file for Unix by Michal Trojnara 2002-2015
| |
| ; Some options used here may be inadequate for your particular configuration
| |
| ; This sample file does *not* represent stunnel.conf defaults
| |
| ; Please consult the manual for detailed description of available options
| |
|
| |
| ; **************************************************************************
| |
| ; * Global options *
| |
| ; **************************************************************************
| |
|
| |
| ; It is recommended to drop root privileges if stunnel is started by root
| |
| ;setuid = stunnel4
| |
| ;setgid = stunnel4
| |
|
| |
| ; PID file is created inside the chroot jail (if enabled)
| |
| pid = /var/run/stunnel4/stunnel.pid
| |
|
| |
| ; Debugging stuff (may be useful for troubleshooting)
| |
| ;foreground = yes
| |
| ;debug = info
| |
| output = /var/log/stunnel.log
| |
|
| |
| ; Enable FIPS 140-2 mode if needed for compliance
| |
| ;fips = yes
| |
| fips = no
| |
| ; **************************************************************************
| |
| ; * Service defaults may also be specified in individual service sections *
| |
| ; **************************************************************************
| |
|
| |
| ; Enable support for the insecure SSLv3 protocol
| |
| options = -NO_SSLv3
| |
| sslVersion = TLSv1.2
| |
|
| |
| ; These options provide additional security at some performance degradation
| |
| ;options = SINGLE_ECDH_USE
| |
| ;options = SINGLE_DH_USE
| |
|
| |
| ; **************************************************************************
| |
| ; * Include all configuration file fragments from the specified folder *
| |
| ; **************************************************************************
| |
|
| |
| ;include = /etc/stunnel/conf.d
| |
|
| |
| ; **************************************************************************
| |
| ; * Service definitions (remove all services for inetd mode) *
| |
| ; **************************************************************************
| |
|
| |
| ; ***************************************** Example TLS client mode services
| |
|
| |
| ; The following examples use /etc/ssl/certs, which is the common location
| |
| ; of a hashed directory containing trusted CA certificates. This is not
| |
| ; a hardcoded path of the stunnel package, as it is not related to the
| |
| ; stunnel configuration in /etc/stunnel/.
| |
|
| |
| ;[mymail-pop3]
| |
| ;client = yes
| |
| ;accept = 127.0.0.1:110
| |
| ;connect = pop3.mymail.ru:995
| |
| ;verifyChain = yes
| |
| ;CApath = @sysconfdir/ssl/certs
| |
| ;checkHost = pop3s.mymail.ru
| |
| ;OCSPaia = yes
| |
|
| |
| ;[mymail-imap]
| |
| ;client = yes
| |
| ;accept = 127.0.0.1:143
| |
| ;connect = imap.mymail.ru:993
| |
| ;verifyChain = yes
| |
| ;CApath = @sysconfdir/ssl/certs
| |
| ;checkHost = imaps.mymail.ru
| |
| ;OCSPaia = yes
| |
|
| |
| ;[mymail-smtp]
| |
| ;client = yes
| |
| ;accept = 127.0.0.1:25
| |
| ;connect = smtp.mymail.ru:465
| |
| ;verifyChain = yes
| |
| ;CApath = @sysconfdir/ssl/certs
| |
| ;checkHost = smtps.mymail.ru
| |
| ;OCSPaia = yes
| |
|
| |
| ; ***************************************** Example TLS server mode services
| |
|
| |
| [pop3s]
| |
| accept = 995
| |
| connect = 110
| |
| cert = /etc/ssl/certs/servername.mymail.ru.pem
| |
|
| |
| [imaps]
| |
| accept = 993
| |
| connect = 143
| |
| cert = /etc/ssl/certs/servername.mymail.ru.pem
| |
|
| |
| [smtps]
| |
| accept = 465
| |
| connect = 25
| |
| cert = /etc/ssl/certs/servername.mymail.ru.pem
| |
|
| |
| ; TLS front-end to a web server
| |
| ;[https]
| |
| ;accept = 443
| |
| ;connect = 80
| |
| ;cert = /etc/stunnel/stunnel.pem
| |
| ; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SChannel
| |
| ; Microsoft implementations do not use TLS close-notify alert and thus they
| |
| ; are vulnerable to truncation attacks
| |
| ;TIMEOUTclose = 0
| |
|
| |
| ; Remote shell protected with PSK-authenticated TLS
| |
| ; Create "/etc/stunnel/secrets.txt" containing IDENTITY:KEY pairs
| |
| ;[shell]
| |
| ;accept = 1337
| |
| ;exec = /bin/sh
| |
| ;execArgs = sh -i
| |
| ;ciphers = PSK
| |
| ;PSKsecrets = /etc/stunnel/secrets.txt
| |
|
| |
| ; Non-standard MySQL-over-TLS encapsulation connecting the Unix socket
| |
| ;[mysql]
| |
| ;cert = /etc/stunnel/stunnel.pem
| |
| ;accept = 3307
| |
| ;connect = /run/mysqld/mysqld.sock
| |
|
| |
| ; vim:ft=dosini
| |
| | |
| * корректируем конфигурационный файл запуска по умолчанию:
| |
| # /etc/default/stunnel
| |
| # Julien LEMOINE <speedblue@debian.org>
| |
| # September 2003
| |
|
| |
| # Change to one to enable stunnel automatic startup
| |
| ENABLED=1
| |
| FILES="/etc/stunnel/*.conf"
| |
| OPTIONS=""
| |
|
| |
| # Change to one to enable ppp restart scripts
| |
| PPP_RESTART=0
| |
|
| |
| # Change to enable the setting of limits on the stunnel instances
| |
| # For example, to set a large limit on file descriptors (to enable
| |
| # more simultaneous client connections), set RLIMITS="-n 4096"
| |
| # More than one resource limit may be modified at the same time,
| |
| # e.g. RLIMITS="-n 4096 -d unlimited"
| |
| RLIMITS=""
| |
| | |
| * перезапуск stunnel
| |
| /etc/init.d/stunnel4 restart
| |
| | |
| * после этого проверяем наличие нужных нам портов:
| |
| nmap -v mymail.ru
| |
| ...
| |
| PORT STATE SERVICE
| |
| 22/tcp open ssh
| |
| 25/tcp open smtp
| |
| 110/tcp open pop3
| |
| 143/tcp open imap
| |
| 465/tcp open smtps
| |
| 993/tcp open imaps
| |
| 995/tcp open pop3s
| |
| | |
| * проверяем работу с почтой по '''SSL\TLS''' - зашифрованный пароль на портах '''465,993,995'''
| |
| * если все в порядке, рекомендую закрыть обычные порты через '''iptables''' ('''110,143'''),
| |
| * а оставить только '''25''' (некоторые серверы для доставки вам почты требуют именно его)
| |
| | |
| =='''. Установка антиспама Spamassassin'''==
| |
| | |
| * установка пакета:
| |
| aptitude install spamassassin
| |
| | |
| * запуск по умолчанию в /etc/default/spamassassin
| |
| ...
| |
| ENABLED=1
| |
| ...
| |
| | |
| * Приводим файл конфигурации антиспама /etc/spamassassin/local.cf к такому:
| |
| | |
| # This is the right place to customize your installation of SpamAssassin.
| |
| #
| |
| # See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
| |
| # tweaked.
| |
| #
| |
| # Only a small subset of options are listed below
| |
| #
| |
| ###########################################################################
| |
|
| |
| # Add *****SPAM***** to the Subject header of spam e-mails
| |
| #
| |
| rewrite_header Subject *****SPAM*****
| |
|
| |
|
| |
| # Save spam messages as a message/rfc822 MIME attachment instead of
| |
| # modifying the original message (0: off, 2: use text/plain instead)
| |
| #
| |
| report_safe 0
| |
|
| |
|
| |
| # Set which networks or hosts are considered 'trusted' by your mail
| |
| # server (i.e. not spammers)
| |
| #
| |
| # trusted_networks 212.17.35.
| |
| trusted_networks 10.0.5.
| |
| trusted_networks 10.7.5.
| |
|
| |
|
| |
| # Set file-locking method (flock is not safe over NFS, but is faster)
| |
| #
| |
| # lock_method flock
| |
|
| |
|
| |
| # Set the threshold at which a message is considered spam (default: 5.0)
| |
| #
| |
| required_score 5.0
| |
|
| |
|
| |
| # Use Bayesian classifier (default: 1)
| |
| #
| |
| use_bayes 1
| |
|
| |
|
| |
| # Bayesian classifier auto-learning (default: 1)
| |
| #
| |
| bayes_auto_learn 1
| |
|
| |
|
| |
| # Set headers which may provide inappropriate cues to the Bayesian
| |
| # classifier
| |
| #
| |
| bayes_ignore_header X-Bogosity
| |
| bayes_ignore_header X-Spam-Flag
| |
| bayes_ignore_header X-Spam-Status
| |
|
| |
|
| |
| # Whether to decode non- UTF-8 and non-ASCII textual parts and recode
| |
| # them to UTF-8 before the text is given over to rules processing.
| |
| #
| |
| # normalize_charset 1
| |
|
| |
| # Some shortcircuiting, if the plugin is enabled
| |
| #
| |
| ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
| |
| #
| |
| # default: strongly-whitelisted mails are *really* whitelisted now, if the
| |
| # shortcircuiting plugin is active, causing early exit to save CPU load.
| |
| # Uncomment to turn this on
| |
| #
| |
| # shortcircuit USER_IN_WHITELIST on
| |
| # shortcircuit USER_IN_DEF_WHITELIST on
| |
| # shortcircuit USER_IN_ALL_SPAM_TO on
| |
| # shortcircuit SUBJECT_IN_WHITELIST on
| |
|
| |
| # the opposite; blacklisted mails can also save CPU
| |
| #
| |
| # shortcircuit USER_IN_BLACKLIST on
| |
| # shortcircuit USER_IN_BLACKLIST_TO on
| |
| # shortcircuit SUBJECT_IN_BLACKLIST on
| |
|
| |
| # if you have taken the time to correctly specify your "trusted_networks",
| |
| # this is another good way to save CPU
| |
| #
| |
| # shortcircuit ALL_TRUSTED on
| |
|
| |
| # and a well-trained bayes DB can save running rules, too
| |
| #
| |
| # shortcircuit BAYES_99 spam
| |
| # shortcircuit BAYES_00 ham
| |
| whitelist_from @mymail.ru
| |
|
| |
| endif # Mail::SpamAssassin::Plugin::Shortcircuit
| |
|
| |
| * После изменений в конфигурации необходима компиляция правил для увеличения скорости работы - '''sa-compile'''
| |
| | |
| * Стартуем spamassasin:
| |
| | |
| /etc/init.d/spamassassin start
| |
| * '''Официальная документация spamassasin:''' [http://manpages.org/mailspamassassinconf/3 '''здесь''']
| |
| | |
| * Редактируем файл постфикса /etc/postfix/master.cf
| |
| - Строку:
| |
| ..
| |
| smtp inet n - - - - smtpd
| |
| ..
| |
| - Заменяем на:
| |
| ..
| |
| smtp inet n - - - - smtpd -o content_filter=spamassassin
| |
| ..
| |
| | |
| - Перед:
| |
| ..
| |
| dbmail-lmtp unix - - n - - lmtp | |
| -o disable_dns_lookups=yes
| |
| ..
| |
| | |
| - Добавляем:
| |
| ..
| |
| spamassassin unix - n n - - pipe user=debian-spamd argv=/usr/bin/spamc -s 5120000 -f -e /usr/sbin/sendmail -oi -f
| |
| ${sender}${recipient}
| |
| ..
| |
| | |
| * Перезапускаем '''postfix''':
| |
|
| |
| /etc/init.d/postfix restart
| |
| | |
| * Проверяем работу почты, все должно работать...
| |
| <hr>
| |
| '''* Возможные проблемы и их решение:'''
| |
| | |
| '''Ошибка в логах:'''
| |
| razor2: razor2 check failed: razor2: razor2 had unknown error during get_server_info at /usr/share/perl5/Mail/SpamAssassin/Plugin/Razor2.pm line 186
| |
| | |
| '''Решение:'''
| |
| sudo razor-admin -home /var/lib/spamassassin/.razor -create
| |
| sudo razor-admin -home /var/lib/spamassassin/.razor -discover
| |
| sudo razor-admin -home /var/lib/spamassassin/.razor -register
| |
| | |
| =='''. [[Борьба со спамом, средствами самого Postfix]]'''==
| |
| * Пример параметров для '''postgray:'''
| |
| Изменения вносить в '''/etc/postfix/main.cf'''
| |
| ...
| |
| ### -- rules
| |
| # Запрет некорректного синтаксиса в командах MAIL FROM или RCPT TO
| |
| strict_rfc821_envelopes = yes
| |
|
| |
| # Отключена команда SMTP VRFY - сбор информации о почтовых ящиках.
| |
| disable_vrfy_command = yes
| |
|
| |
| # Отклонение писем с несуществующим адресом отправителя.
| |
| smtpd_reject_unlisted_sender = yes
| |
|
| |
| # Максимальное количество входящих подключений, обслуживаемых демоном postfix.
| |
| max_use = 500
| |
|
| |
| # откладывать обработку списков ограничений до получения команды RCPT TO
| |
| smtpd_delay_reject = yes
| |
|
| |
| #Требование к клиентам отсылать команду HELO или EHLO перед использованием команды MAIL FROM или ETRN.
| |
| smtpd_helo_required = yes
| |
|
| |
| ###
| |
| smtpd_recipient_restrictions =
| |
| check_client_access hash:/etc/postfix/db/client_access,
| |
| permit_mynetworks,
| |
| permit_auth_destination,
| |
| permit_sasl_authenticated,
| |
| reject_unauth_destination,
| |
| reject_sender_login_mismatch,
| |
| reject_unknown_sender_domain,
| |
| reject_unknown_hostname,
| |
| reject_unknown_client,
| |
| reject_invalid_hostname,
| |
| reject_unverified_sender,
| |
| reject_non_fqdn_sender,
| |
| reject_non_fqdn_recipient,
| |
| reject_unauth_pipelining,
| |
| reject_unlisted_recipient,
| |
| reject_authenticated_sender_login_mismatch,
| |
| check_helo_access pcre:/etc/postfix/db/helo_checks,
| |
| check_helo_access hash:/etc/postfix/db/helo_regexp,
| |
| # это параметр для '''postgray'''..
| |
| check_policy_service inet:127.0.0.1:10023
| |
| ...
| |
| | |
| * Пример белого списка - файла '''client_access''':
| |
| 10.0.5.2 OK | |
| 10.0.5.3 OK
| |
| 10.0.5.4 OK
| |
| 10.0.5.5 OK
| |
| admin@mydomain.ru OK
| |
| mybox@gmail.com OK
| |
| informix.ru OK
| |
| | |
| * Пример файла '''helo_checks''':
| |
| /^mail\.example\.com$/ Reject That's my hostname, use your own
| |
| /^1\.1\.1\.1$/ Reject That's my IP address, use your own
| |
| /^[1\.1\.1\.1]$/ Reject That's my IP address, use your own
| |
| /^[0-9.]+$/ Reject Your client not RFC 2821 compilant
| |
| /([0-9]){1,3}\.([0-9]){1,3}\.([0-9]){1,3}\.([0-9]){1,3}/ 553 SPAM-raw-ip-in-helo
| |
| /(^|[0-9.-])([axv]dsl|isadsl|as|bgp|dynamicIP|broadband|cable|[ck]lient|dhcp|dial|dialin|dialup|dialer|dip|dsl|dslam|dup|dyn|dynamic|host|ip|isdn|modem|nas|node|pool|ppp|pppo[ae]|sirius.*ukrtel.*|user|users|vpn)[0-9.-]/i 553 SPAM_DYNAMIC-in-helo
| |
| /([0-9]*-){3}[0-9]*(\..*){2,}/i 553 SPAM-ip-add-rr-ess_networks-in-helo
| |
| /([0-9]*\.){4}(.*\.){3,}.*/i 553 SPAM-ip-add-rr-ess_networks-in-helo
| |
| /smtp[-0-9]*\.orange\.nl/i 553 SPAM-orange.nl
| |
| /smtp[-0-9]*\.orange\.fr/i 553 SPAM-orange.fr
| |
| /\.lan$/i 533 SPAM-lan-in-helo
| |
| | |
| * Пример файла "helo_regexp":
| |
| /([0-9]{1,3}(\.|-)){3}[0-9]{1,3}/i REJECT IP-able helo SPAM
| |
| | |
| | |
| * [http://vladimir-stupin.blogspot.com/2009/09/postfix-postgrey.html Postfix и Postgrey: Проактивный способ фильтрации спама]
| |
| * [http://www.maxblogs.ru/index.php?id=40 Настройка POSTFIX]
| |
| | |
| Источники:
| |
| <hr> | | <hr> |
| * [https://www.opennet.ru/docs/RUS/dbmail_postfix/ Почтовый сервер на основе реляционной СУБД.]
| |
| * [http://library.mobrien.com/dbmailadministrator/ GUI-конфигуратора DbMail Administrator (DBMA), написанного на Perl]
| |
| * [https://habrahabr.ru/post/37195/ Настройка exim+postgresql+dbmail+spamassassin...]
| |
| * [https://www.opennet.ru/docs/RUS/dbmail/#dbmail_fs Создание почтовой системы на базе exim, dbmail, amavisd-new и postgresql]
| |
| * [https://www.opennet.ru/docs/RUS/dbmail_postfix/ Почтовый сервер на основе реляционной СУБД]
| |
| * [https://habrahabr.ru/post/211078/ Почтовый сервер с хранением данных в PostgreSQL]
| |
| * [https://www.opennet.ru/base/net/exim_intro.txt.html Exim (exim mail mta virtual spam virus clamav freebsd imap postgresql)]
| |
| * [http://www.linuxcenter.ru/lib/articles/soft/ezh_mailsystem.phtml?style=print Создание почтовой системы на базе exim, dbmail, amavisd-new и postgresql]
| |
| * [https://www.lissyara.su/archive/exim+dbmail/ Exim и dbmail]
| |
| * [https://vovanys.com/linux/pochtovyj-server-pod-ubuntu-server-svyazka-dbmail-postfix-sasl-spamassassin-clamav/ Почтовый сервер под Ubuntu Server: связка DBmail + Postfix + sasl + spamassassin + clamav]
| |
| * [http://samag.ru/archive/article/608 Почтовый сервер на основе реляционной СУБД - переработанное]
| |
| * [http://www.wertup.ru/ubuntu/mail-server Почтовый сервер cвязка DBmail + Postfix + sasl + spamassassin + clamav + DBMA + Roundcube webmail]
| |
| * [https://www.lissyara.su/articles/freebsd/mail/postfix+dbmail/ Почтовая система Postfix + DBMail + SASL2 + TLS + DSpam + ClamAV + RoundCubeWebMail]
| |
| * [http://www.dbmail.org/dokuwiki/doku.php/stunnel How to set up and use encrypted connections with DBmail]
| |
| * [https://notessysadmin.com/postfix-perenapravlenie-pochty Postfix. Перенаправление почты]
| |
| * [https://toster.ru/q/53106 Postfix пересылка всей входящей почты на другой ящик]
| |
| * [https://code.google.com/archive/p/simple-dbmail-admin/downloads web admin dbmail]
| |
| * [https://postovoy.net/5-luchshih-servernyh-webmail-klientov-na-php.html Сравнение WebMail клиентов]
| |
|
| |
|
| DOWNLOADS:
| |
| <hr> | | <hr> |
| * [https://roundcube.net/download/ RoundCube Webmail]
| | '''ИСТОЧНИКИ:''' |
| | |
| ПОЛЕЗНОЕ:
| |
| <hr> | | <hr> |
| * [http://www.maxblogs.ru/index.php?id=40 Настройка POSTFIX] | | * [https://serveradmin.ru/ustanovka-i-nastroyka-zabbix-3-4-na-debian-9/#_Zabbix_34_Debian_9 Установка сервера Zabbix 3.4 на Debian 9] |
| * [https://www.remoteshaman.com/server/mta/nastrojka-sendmail-i-postfix-dlya-pravilnoj-otpravki-elektronnoj-pochty Настройка sendmail и Postfix для правильной отправки электронной почты]
| | * [https://blog.vpsville.ru/blog/pro/61.html Установка службы Zabbix - агент на Windows сервер.] |
| * [https://www.remoteshaman.com/server/mta/mta-postfix-i-ispolzovanie-operativnoj-pamyati MTA PostFix и использование оперативной памяти] | | * [http://jakondo.ru/ustanovka-i-nastrojka-zabbix-agentov-na-os-windows-i-linux-ubuntu-debian/ Установка и настройка Zabbix агентов на ОС Windows и Linux (Ubuntu, Debian)] |
| * [https://bozza.ru/art-182.html Настройка ограничений SMTP в Postfix] | | * [http://www.ekzorchik.ru/2015/01/install-zabbix-agent-on-windows-7/ Установить Zabbix агент на Windows 7] |
| * [https://s-spinoza.blogspot.com/2017/01/spf-dkim-postfix-debian.html Установка и настройка SPF и DKIM на почтовом сервере для домена ]
| | * [http://www.ekzorchik.ru/2015/01/how-to-install-zabbix-agent-on-windows-xp/ Как установить Zabbix агент на Windows XP] |
| * [https://rusadmin.biz/zashhita-i-bezopasnost/spam-boty-postfix-i-fail2ban/ Спам-боты, postfix и fail2ban] | | * [http://www.suiviperf.com/zabbix/ '''ZABBIX AGENT installers'''] |
| * [https://www.stableit.ru/2010/02/fail2ban-postfix-debian.html Исправленное правило для fail2ban для защиты Postfix ] | | * [https://www.zabbix.com/documentation/3.0/ru/manual/quickstart/notification Получение оповещения о проблеме] |
| * [https://kamaok.org.ua/?p=433 Настройка fail2ban для защиты Postfix]
| | * [https://serveradmin.ru/nastroyka-email-opoveshheniy-v-zabbix/ Отправка email уведомлений в zabbix 2.4] |
| * [http://dns-master.ru/simple/records.html#p8_9 Работа с ресурсными записями DNS] | | * [https://habrahabr.ru/company/zabbix/blog/193472/ Zabbix тюнинг] |
| * [https://forum.nic.ru/showthread.php?t=5710 В записи типа PTR указываются символьные имена, IP-адреса в этом типе записей не указываются] | | * [http://blog.files.dp.ua/zabbix-trigger Решение проблем с триггерами processes more than 75% busy] |
| * [https://habr.com/ru/post/322616/ Настройка DKIM/SPF/DMARC записей или защищаемся от спуфинга]
| | * [http://linux-notes.org/optimizatsiya-nastroek-zabbix/ Оптимизация настроек Zabbix] |
| * [https://elims.org.ua/blog/dkim-spf-i-ptr-kak-nastroit-pochtu-chtoby-ne-popast-v-spam/ DKIM, SPF, PTR, DMARC: как настроить почту чтобы не попасть в спам] | |
| * [http://ittraveler.org/nastraivaem-postfix-kak-antispam-frontend/ Настраиваем Postfix как антиспам Frontend.] | |
| * [http://sudouser.com/postfix-antispam-pri-pomoshhi-rbl-dnsbl-i-shtatnyx-sredstv.html Postfix antispam при помощи RBL (DNSBL) и штатных средств]
| |
| * [http://vladimir-stupin.blogspot.com/2009/09/postfix-postgrey.html '''Postfix и Postgrey'''] | |
| * [https://mnorin.com/postfix-postgrey-spamassassin-debian.html postfix+postgrey+spamassassin в Debian’е] | |