Postfix - Virtual Domains – wiki linux-user

Wersja z 14:34, 17 kwi 2012 (pokaż źródło)

Slawek (dyskusja | edycje)

← poprzednia edycja

Wersja z 14:39, 17 kwi 2012 (pokaż źródło)

Slawek (dyskusja | edycje)

następna edycja →

Linia 225:

Przenosząc certyfikaty w odpowiednie miejsca

−

''ssl_cert_file = /etc/pki/dovecot/certs/myserver.example.com.crt''

+

''ssl_cert_file = /etc/pki/dovecot/certs/myserver.example.com.crt''<br />

−

''ssl_key_file = /etc/pki/dovecot/private/myserver.example.com.key''

+

''ssl_key_file = /etc/pki/dovecot/private/myserver.example.com.key''<br />

−

''ssl_ca_file = /etc/pki/dovecot/certs/ca-bundle.crt''

+

''ssl_ca_file = /etc/pki/dovecot/certs/ca-bundle.crt''<br />

Linia 253:

WHERE username = '%u' AND active = '1'

−

UWAGA !! linie ze znakiem ''/'' są przełamane jeśli będziesz robił kopiuj wklej pamiętaj o połączeniu tych lini

+

'''UWAGA!!''' linie ze znakiem ''/'' są przełamane jeśli będziesz robił kopiuj wklej pamiętaj o połączeniu tych lini

Jeśli zachodzi potrzeba to dostrajamy go do swoich potrzeb.

Linia 261:

1 Spam

2 Trash

+

== Edycja postfixa ==

+

Dodajemy do pliku ''master.cf'' następujące linijki

+

# Dovecot LDA

+

dovecot unix - n n - - pipe

+

flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d ${recipient}

+

Następnie zmieniamy plik ''main.cf'' tak aby wyglądał następująco:

+

myhostname = my-domain.pl

+

inet_interfaces = all

+

myorigin = $myhostname

+

mynetworks = $config_directory/mynetworks

+

mydestination = localhost.$mydomain, localhost, #$myhostname

+

relay_domains = $mydestination

+

# ---------------------- VIRTUAL DOMAINS START ----------------------

+

virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf

+

virtual_mailbox_base = /var/vmail

+

virtual_mailbox_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf

+

#virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf

+

alias_maps = hash:/etc/aliases

+

virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf

+

virtual_minimum_uid = 101

+

virtual_uid_maps = static:101

+

virtual_gid_maps = static:12

+

virtual_transport = dovecot

+

dovecot_destination_recipient_limit = 1

+

# ---------------------- VIRTUAL DOMAINS KONIEC ----------------------

+

# ---------------------- SASL START ----------------------

+

smtpd_sasl_auth_enable = yes

+

#smtpd_sasl_local_domain = $myhostname

+

smtpd_sasl_exceptions_networks = $mynetworks

+

smtpd_sasl_security_options = noanonymous

+

broken_sasl_auth_clients = yes

+

smtpd_sasl_type = dovecot

+

smtpd_sasl_path = private/auth

+

# ---------------------- SASL KONIEC ----------------------

+

# ---------------------- TLS START ------------------------

+

smtp_tls_CAfile = /etc/postfix/ssl/cacert.pem

+

smtp_tls_cert_file = /etc/postfix/ssl/smtpd.crt

+

smtp_tls_key_file = /etc/postfix/ssl/smtpd.key

+

#Postfix 2.5 albo wyzszy musi uzywac:

+

#smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache

+

smtp_tls_session_cache_database = btree:/var/spool/postfix/smtp_tls_session_cache

+

smtp_tls_security_level = may

+

smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem

+

smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt

+

smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key

+

#Postfix 2.5 albo wyzszy musi uzywac:

+

#smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_session_cache

+

smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache

+

smtpd_tls_dh1024_param_file = $config_directory/dh_1024.pem

+

smtpd_tls_dh512_param_file = $config_directory/dh_512.pem

+

smtpd_tls_security_level = may

+

smtpd_tls_received_header = yes

+

smtpd_tls_ask_ccert = yes

+

smtpd_tls_loglevel = 1

+

tls_random_source = dev:/dev/urandom

+

# ---------------------- TLS KONIEC ----------------------

+

smtpd_helo_required = yes

+

disable_vrfy_command = yes

+

non_fqdn_reject_code = 450

+

invalid_hostname_reject_code = 450

+

maps_rbl_reject_code = 450

+

#unverified_sender_reject_code = 550

+

#header_checks = pcre:$config_directory/header_checks

+

#body_checks = pcre:$config_directory/body_checks

+

#warning: the restrictions reject_unknown_(sender|recipient)_domain

+

smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_rbl_client,

+

reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, reject_invalid_hostname

+

local_transport = virtual

+

readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES

+

sample_directory = /usr/share/doc/postfix-2.3.3/samples

+

sendmail_path = /usr/sbin/sendmail

+

html_directory = no

+

setgid_group = postdrop

+

command_directory = /usr/sbin

+

manpage_directory = /usr/share/man

+

daemon_directory = /usr/libexec/postfix

+

newaliases_path = /usr/bin/newaliases

+

mailq_path = /usr/bin/mailq

+

queue_directory = /var/spool/postfix

+

mail_owner = postfix

+

unknown_local_recipient_reject_code = 450

+

alias_database =

+

Tworzymy certyfikaty dla '''smtpd'''

+

Czyli znane nam już komendy

+

mkdir -P /etc/postfix/ssl

+

cd /etc/postfix/ssl

+

openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024

+

chmod 600 smtpd.key

+

openssl req -new -key smtpd.key -out smtpd.csr

+

openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt

+

openssl rsa -in smtpd.key -out smtpd.key.unencrypted

+

mv -f smtpd.key.unencrypted smtpd.key

+

openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 365

+

Tworzymy klucze ''dh'' używając biblioteki [[openssl]]

+

cd /etc/postfix

+

openssl dhparam -out dh_1024.pem 1024

+

openssl dhparam -out dh_512.pem 512

+

Następnie tworzymy pliki baz danych dla '''postfixa'''

+

Dodajemy kolejno pliki ''/etc/postfix/mysql_virtual_alias_maps.cf'' :

+

user = postfix

+

password = postfix

+

hosts = localhost

+

dbname = postfix

+

query = SELECT goto FROM alias WHERE address='%s' AND active = '1'

+

''/etc/postfix/mysql_virtual_domains_maps.cf'':

+

user = postfix

+

password = postfix

+

hosts = localhost

+

dbname = postfix

+

#query = SELECT domain FROM domain WHERE domain='%s'

+

#optional query to use when relaying for backup MX

+

query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1'''/etc/postfix/mysql_relay_domains_maps.cf'':

+

user = postfix

+

password = postfix

+

hosts = localhost

+

dbname = postfix

+

query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '1'

+

''/etc/postfix/mysql_virtual_mailbox_limit_maps.cf'':

+

user = postfix

+

password = postfix

+

hosts = localhost

+

dbname = postfix

+

query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'

+

''/etc/postfix/mysql_virtual_mailbox_maps.cf'':

+

user = postfix

+

password = postfix

+

hosts = localhost

+

dbname = postfix

+

query = SELECT CONCAT(domain,'/',maildir) FROM mailbox WHERE username='%s' AND active = '1'

+

Pamiętaj, aby zmienić liniki z hasłem, użytkownikiem lub z nazwą bazy danych jeśli masz inaczej.

+

Teraz dodajemy do pliku''/etc/postfix/mynetworks'' i dodajemy do niego odpowiednie opcje

+

192.168.2.0/24 moja.domena.pl

+

127.0.0.0/8

+

Oczywiście w pliku powyżej musisz podać swoje dane

Postfix - Virtual Domains

Wersja z 14:39, 17 kwi 2012

Osobiste

Przestrzenie nazw

Warianty

Widok

Działania

Szukaj

Nawigacja

Narzędzia

@@ Linia 225: / Linia 225: @@
 Przenosząc certyfikaty w odpowiednie miejsca
-''ssl_cert_file = /etc/pki/dovecot/certs/myserver.example.com.crt''
+''ssl_cert_file = /etc/pki/dovecot/certs/myserver.example.com.crt''<br />
-''ssl_key_file = /etc/pki/dovecot/private/myserver.example.com.key''
+''ssl_key_file = /etc/pki/dovecot/private/myserver.example.com.key''<br />
-''ssl_ca_file = /etc/pki/dovecot/certs/ca-bundle.crt''
+''ssl_ca_file = /etc/pki/dovecot/certs/ca-bundle.crt''<br />
@@ Linia 253: / Linia 253: @@
   WHERE username = '%u' AND active = '1'
-UWAGA !! linie ze znakiem ''/'' są przełamane jeśli będziesz robił kopiuj wklej pamiętaj o połączeniu tych lini
+'''UWAGA!!''' linie ze znakiem ''/'' są przełamane jeśli będziesz robił kopiuj wklej pamiętaj o połączeniu tych lini
 Jeśli zachodzi potrzeba to dostrajamy go do swoich potrzeb.
@@ Linia 261: / Linia 261: @@
 Spam
 Trash
+== Edycja postfixa ==
+Dodajemy do pliku ''master.cf'' następujące linijki
+ # Dovecot LDA
+ dovecot   unix  -       n       n       -       -       pipe
+ flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d ${recipient}
+Następnie zmieniamy plik ''main.cf'' tak aby wyglądał następująco:
+ myhostname                      = my-domain.pl
+ inet_interfaces                 = all
+ myorigin                        = $myhostname
+ mynetworks                      = $config_directory/mynetworks
+ mydestination                   = localhost.$mydomain, localhost, #$myhostname
+ relay_domains                   = $mydestination
+ # ---------------------- VIRTUAL DOMAINS START ----------------------
+ virtual_mailbox_domains         = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf
+ virtual_mailbox_base            = /var/vmail
+ virtual_mailbox_maps            = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf
+ #virtual_alias_maps              = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf
+ alias_maps = hash:/etc/aliases
+ virtual_mailbox_limit_maps      = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
+ virtual_minimum_uid             = 101
+ virtual_uid_maps                = static:101
+ virtual_gid_maps                = static:12
+ virtual_transport               = dovecot
+ dovecot_destination_recipient_limit = 1
+ # ---------------------- VIRTUAL DOMAINS KONIEC ----------------------
+ # ---------------------- SASL START ----------------------
+ smtpd_sasl_auth_enable          = yes
+ #smtpd_sasl_local_domain        = $myhostname
+ smtpd_sasl_exceptions_networks  = $mynetworks
+ smtpd_sasl_security_options     = noanonymous
+ broken_sasl_auth_clients        = yes
+ smtpd_sasl_type                 = dovecot
+ smtpd_sasl_path                 = private/auth
+ # ---------------------- SASL KONIEC ----------------------
+ # ---------------------- TLS START ------------------------
+ smtp_tls_CAfile                 = /etc/postfix/ssl/cacert.pem
+ smtp_tls_cert_file              = /etc/postfix/ssl/smtpd.crt
+ smtp_tls_key_file               = /etc/postfix/ssl/smtpd.key
+ #Postfix 2.5 albo wyzszy musi uzywac:
+ #smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
+ smtp_tls_session_cache_database = btree:/var/spool/postfix/smtp_tls_session_cache
+ smtp_tls_security_level = may
+ smtpd_tls_CAfile                = /etc/postfix/ssl/cacert.pem
+ smtpd_tls_cert_file             = /etc/postfix/ssl/smtpd.crt
+ smtpd_tls_key_file              = /etc/postfix/ssl/smtpd.key
+ #Postfix 2.5 albo wyzszy musi uzywac:
+ #smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_session_cache
+ smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache
+ smtpd_tls_dh1024_param_file     = $config_directory/dh_1024.pem
+ smtpd_tls_dh512_param_file      = $config_directory/dh_512.pem
+ smtpd_tls_security_level        = may
+ smtpd_tls_received_header       = yes
+ smtpd_tls_ask_ccert             = yes
+ smtpd_tls_loglevel              = 1
+ tls_random_source               = dev:/dev/urandom
+ # ---------------------- TLS KONIEC ----------------------
+ smtpd_helo_required             = yes
+ disable_vrfy_command            = yes
+ non_fqdn_reject_code            = 450
+ invalid_hostname_reject_code    = 450
+ maps_rbl_reject_code            = 450
+ #unverified_sender_reject_code  = 550
+ #header_checks                  = pcre:$config_directory/header_checks
+ #body_checks                    = pcre:$config_directory/body_checks
+ #warning: the restrictions reject_unknown_(sender|recipient)_domain
+ smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_rbl_client,
+ reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, reject_invalid_hostname
+ local_transport                 = virtual
+ readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
+ sample_directory = /usr/share/doc/postfix-2.3.3/samples
+ sendmail_path = /usr/sbin/sendmail
+ html_directory = no
+ setgid_group = postdrop
+ command_directory = /usr/sbin
+ manpage_directory = /usr/share/man
+ daemon_directory = /usr/libexec/postfix
+ newaliases_path = /usr/bin/newaliases
+ mailq_path = /usr/bin/mailq
+ queue_directory = /var/spool/postfix
+ mail_owner = postfix
+ unknown_local_recipient_reject_code = 450
+ alias_database =
+Tworzymy certyfikaty dla '''smtpd'''
+Czyli znane nam już komendy
+ mkdir -P /etc/postfix/ssl
+ cd /etc/postfix/ssl
+ openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
+ chmod 600 smtpd.key
+ openssl req -new -key smtpd.key -out smtpd.csr
+ openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
+ openssl rsa -in smtpd.key -out smtpd.key.unencrypted
+ mv -f smtpd.key.unencrypted smtpd.key
+ openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 365
+ Tworzymy klucze ''dh'' używając biblioteki [[openssl]]
+ cd /etc/postfix
+ openssl dhparam -out dh_1024.pem 1024
+ openssl dhparam -out dh_512.pem 512
+Następnie tworzymy pliki baz danych dla '''postfixa'''
+Dodajemy kolejno pliki  ''/etc/postfix/mysql_virtual_alias_maps.cf'' :
+ user                = postfix
+ password        = postfix
+ hosts              = localhost
+ dbname          = postfix
+ query              = SELECT goto FROM alias WHERE address='%s' AND active = '1'
+''/etc/postfix/mysql_virtual_domains_maps.cf'':
+ user              = postfix
+ password      = postfix
+ hosts            = localhost
+ dbname        = postfix
+ #query          = SELECT domain FROM domain WHERE domain='%s'
+ #optional query to use when relaying for backup MX
+ query            = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1'''/etc/postfix/mysql_relay_domains_maps.cf'':
+ user                = postfix
+ password        = postfix
+ hosts              = localhost
+ dbname          = postfix
+ query              = SELECT domain FROM domain WHERE domain='%s' and backupmx = '1'
+''/etc/postfix/mysql_virtual_mailbox_limit_maps.cf'':
+ user                 = postfix
+ password         = postfix
+ hosts               = localhost
+ dbname           = postfix
+ query              = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'
+''/etc/postfix/mysql_virtual_mailbox_maps.cf'':
+ user                = postfix
+ password        = postfix
+ hosts              = localhost
+ dbname          = postfix
+ query              = SELECT CONCAT(domain,'/',maildir) FROM mailbox WHERE username='%s' AND active = '1'
+Pamiętaj, aby zmienić liniki z hasłem, użytkownikiem lub z nazwą bazy danych jeśli masz inaczej.
+Teraz dodajemy do pliku''/etc/postfix/mynetworks'' i dodajemy do niego odpowiednie opcje
+.168.2.0/24 moja.domena.pl
+.0.0.0/8
+Oczywiście w pliku powyżej musisz podać swoje dane