Caso de Estudo: E-mail Server ISP

LDAP + Postfix Virtual + Dovecot (Quotas) + Phamm + Mailwatch + Mailscanner + SpamAssassin + Clamav + Horde IMP Webmail + Gnarwl Auto-reply. Implementação: Fedora 12.

[ Hits: 34.443 ]

Por: LinuxClass Treinamentos em 18/04/2011 | Blog: http://www.linuxclass.com.br


Postfix e Dovecot



Abaixo você encontra todos os arquivos de configuração que estão em produção em meu servidor, seus arquivos devem se parecer com os meus.

Substitua seus arquivos originais pelos arquivos modelos, recomendo fazer download nos links abaixo ao invés de copiar e colar. Guarde sempre um backup de seus arquivos originais.

/etc/postfix/main.cf:

smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
delay_warning_time = 4h
debug_peer_level = 8
myhostname = vm-mailcdl.cdlflorianopolis.org.br
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $myhostname
relayhost =
mynetworks = 127.0.0.0/8
dovecot_destination_recipient_limit = 1
mailbox_command = /usr/lib/deliver
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
broken_sasl_auth_clients = yes
home_mailbox = Maildir/

default_destination_concurrency_limit=50
default_destination_recipient_limit=50
default_process_limit=200
smtp_mx_session_limit=100
smtpd_client_connection_count_limit=100
smtp_destination_concurrency_limit=100
maximal_backoff_time = 1000s
minimal_backoff_time = 300s

smtpd_helo_required = yes
disable_vrfy_command = yes
strict_rfc821_envelopes = yes

#smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated reject_unknown_client reject
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_invalid_hostname reject_unauth_pipelining reject_non_fqdn_sender reject_unknown_sender_domain reject_unverified_sender reject_multi_recipient_bounce reject_non_fqdn_recipient reject_unknown_recipient_domain reject_unlisted_recipient reject_rbl_client zen.spamhaus.org reject_rbl_client bl.spamcop.net permit

smtpd_data_restrictions = reject_unauth_pipelining, reject_multi_recipient_bounce, permit

ldap_bind_dn = cn=phamm,o=hosting,dc=example,dc=tld
ldap_bind_pw = zymTask938
ldap_search_base = o=hosting,dc=example,dc=tld
ldap_domain = dc=example,dc=tld
ldap_server_host = localhost
ldap_server_port = 389
ldap_version = 3

# transports
transport_server_host = $ldap_server_host
transport_search_base = $ldap_search_base
transport_query_filter = (&(&(vd=%s)(objectClass=VirtualDomain))(accountActive=TRUE))
transport_result_attribute = postfixTransport
transport_cache = no
transport_bind = yes
transport_scope = one
transport_bind_dn = $ldap_bind_dn
transport_bind_pw = $ldap_bind_pw
transport_version = $ldap_version

# aliases
aliases_server_host = $ldap_server_host
aliases_search_base = $ldap_search_base
aliases_query_filter = (&(&(objectClass=VirtualMailAlias)(mail=%s))(accountActive=TRUE))
aliases_result_attribute = maildrop
aliases_bind = yes
aliases_cache = no
aliases_bind_dn = $ldap_bind_dn
aliases_bind_pw = $ldap_bind_pw
aliases_version = $ldap_version

# Accounts
accounts_server_host = $ldap_server_host
accounts_search_base = $ldap_search_base
accounts_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(accountActive=TRUE))
accounts_result_attribute = mailbox
accounts_cache = no
accounts_bind = yes
accounts_bind_dn = $ldap_bind_dn
accounts_bind_pw = $ldap_bind_pw
accounts_version = $ldap_version

accountsmap_server_host = $ldap_server_host
accountsmap_search_base = $ldap_search_base
accountsmap_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(accountActive=TRUE))
accountsmap_result_attribute = mail
accountsmap_cache = no
accountsmap_bind = yes
accountsmap_bind_dn = $ldap_bind_dn
accountsmap_bind_pw = $ldap_bind_pw
accountsmap_version = $ldap_version

# virtual quota
quota_server_host = $ldap_server_host
quota_search_base = $ldap_search_base
quota_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(accountActive=TRUE))
quota_result_attribute = quota
quota_cache = no
quota_bind = yes
quota_bind_dn = $ldap_bind_dn
quota_bind_pw = $ldap_bind_pw
quota_version = $ldap_version

# transport_maps
maildrop_destination_concurrency_limit = 2
maildrop_destination_recipient_limit = 1
transport_maps = hash:/etc/postfix/transport, ldap:transport
mydestination = $transport_maps, localhost, localhost.localdomain, $myhostname, localhost.$mydomain, $mydomain


# virtual accounts for delivery
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = ldap:accounts
virtual_minimum_uid = 500
virtual_uid_maps = static:500
virtual_gid_maps = static:500
#virtual_alias_maps = ldap:aliases, ldap:accountsmap, hash:/etc/postfix/virtual, ldap:virtualforward

virtual_alias_maps = ldap:virtualforward, ldap:aliases, ldap:accountsmap

local_recipient_maps = $alias_maps $virtual_alias_maps

owner_request_special = no
qmgr_message_active_limit = 40000
qmgr_message_recipient_limit = 40000

header_checks = regexp:/etc/postfix/header_checks

#####
# Mail to reply for gnarwl and mail to forward during vacation
recipient_bcc_maps = ldap:vfm
vfm_server_host = $ldap_server_host
vfm_search_base = $ldap_search_base
#vfm_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(vacationActive=TRUE)(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE))
vfm_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(vacationActive=TRUE)(accountActive=TRUE)(delete=FALSE))
vfm_result_attribute = mailAutoreply
vfm_cache = no
vfm_bind = yes
vfm_bind_dn = $ldap_bind_dn
vfm_bind_pw = $ldap_bind_pw
vfm_version = $ldap_version
gnarwl_destination_concurrency_limit = 1
gnarwl_destination_recipient_limit = 1

### Virtual Forward
# VirtualForward
virtualforward_server_host = $ldap_server_host
virtualforward_search_base = $ldap_search_base
#virtualforward_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(vacationActive=FALSE)(forwardActive=TRUE)(accountActive=TRUE)(delete=FALSE))
virtualforward_query_filter = (&(&(objectClass=VirtualMailAccount)(mail=%s))(forwardActive=TRUE)(accountActive=TRUE)(delete=FALSE))
virtualforward_result_attribute = maildrop
virtualforward_bind = yes
virtualforward_cache = no
virtualforward_bind_dn = $ldap_bind_dn
virtualforward_bind_pw = $ldap_bind_pw
virtualforward_version = $ldap_version

/etc/postfix/master.cf:

#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - 1000 smtpd
#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#cyrus unix - n n - - pipe
# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix - n n - - pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}
gnarwl unix - n n - - pipe
flags=F user=vmail argv=/usr/local/bin/gnarwl -a ${user}@${nexthop} -s ${sender}

#/etc/postfix/transport

.autoreply gnarwl:

#/etc/postfix/header_checks

/^Received:/ HOLD

#/etc/dovecot.conf

auth_verbose = no
mail_debug = no
auth_debug_passwords = no
verbose_proctitle = no
mail_uid = vmail
mail_gid = vmail

syslog_facility = mail

base_dir = /var/run/dovecot/
protocols = imap imaps pop3 pop3s
protocol imap {
mail_plugins = quota imap_quota
imap_client_workarounds = outlook-idle

}
protocol pop3 {
mail_plugins = quota
pop3_no_flag_updates = yes
pop3_reuse_xuidl = no
pop3_lock_session = no
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
mail_plugins = quota sieve
postmaster_address = [email protected]
auth_socket_path = /var/run/dovecot/auth-master
log_path = /var/log/dovecot-deliver-errors.log
info_log_path = /var/log/dovecot-deliver.log
}
plugin {
quota = maildir:User quota
quota_rule = *:storage=20M
quota_rule2 = Trash:storage=10M
quota_warning = storage=80%% /home/vmail/bin/quota-warning.sh 80
quota_warning2 = storage=90%% /home/vmail/bin/quota-warning.sh 90
quota_warning3 = storage=100%% /home/vmail/bin/quota-warning.sh 100
sieve = /home/vmail/%d/%n/.dovecot.sieve
}
listen = *
shutdown_clients = yes
log_timestamp = "%b %d %H:%M:%S "
syslog_facility = mail
disable_plaintext_auth = no
login_chroot = yes
login_user = postfix
login_process_per_connection = yes
login_processes_count = 2
login_max_processes_count = 128
login_max_connections = 256
login_greeting = Welcome to Dovecot ISP Server.
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c
login_log_format = %$: %s
mail_location = maildir:/home/vmail/%d/%u/Maildir
first_valid_uid = 89
pop3_uidl_format = %08Xu%08Xv
auth default {
mechanisms = PLAIN LOGIN
passdb ldap {
args = /etc/dovecot-ldap.conf
}
userdb ldap {
args = /etc/dovecot-ldap.conf
}
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0666
user = vmail
group = vmail
}
client {
path = /var/spool/postfix/private/auth
mode = 0666
user = postfix
group = postfix
}
}
user = vmail
}

/etc/dovecot-ldap.conf:

hosts = localhost
auth_bind = yes
sasl_bind = no
auth_bind_userdn = mail=%u,vd=%d,o=hosting,dc=example,dc=tld
ldap_version = 3
base = o=hosting,dc=example,dc=tld
dn = cn=phamm,o=hosting,dc=example,dc=tld
dnpass = sua-senha-aqui
deref = never
scope = subtree
user_attrs = %n,%Dd=user,quota=quota_rule=*:storage=%$,=home=/home/vmail/%d/%n/Maildir
user_filter = (&(objectClass=VirtualMailAccount)(accountActive=TRUE)(mail=%u))
pass_attrs = uid=mail
pass_filter = (&(objectClass=VirtualMailAccount)(accountActive=TRUE)(mail=%u))
default_pass_scheme = MD5
#user_global_uid = 30041
#user_global_gid = 30041

# useradd vmaili
# cd /etc/postfix
# postalias transport
# postalias virtual
# touch /var/log/dovecot-deliver-errors.log
# touch /var/log/dovecot-deliver.log
# chmod o+w /var/log/dovecot-deliver-errors.log
# chmod o+w /var/log/dovecot-deliver.log
# yum install dovecot-ldap
# yum install dovecot-sieve
# mkdir /home/vmail/bin
# vi /home/vmail/bin/quota-warning.sh


#!/bin/bash
PERCENT=$1
cat << EOF | /usr/libexec/dovecot/deliver -d $USER -c /etc/dovecot-nowarning.conf
From: [email protected]
Subject: Aviso de Quota

Sua caixa postal esta $PERCENT% cheia, procure apagar mensagens antigas.
EOF

# chmod o+r /home/vmail/bin/quota-warning.sh

No arquivo /etc/dovecot-ldap.conf Substitua os valores de DN e Senha para o dovecot ter acesso de leitura em sua base ldap.

No arquivo /etc/postfix/main.cf Substitua os valores para o postfix ter acesso de leitura em sua base ldap também.

IMPORTANTE! Ajuste o UID do usuario vmail de acordo com o seu sistema.

# cp /etc/dovecot.conf /etc/dovecot-nowarning.conf

Remova as seguintes linhas de /etc/dovecot-nowarning.conf:

quota_warning = storage=80%% /home/vmail/bin/quota-warning.sh 80
quota_warning2 = storage=90%% /home/vmail/bin/quota-warning.sh 90
quota_warning3 = storage=100%% /home/vmail/bin/quota-warning.sh 100

Página anterior     Próxima página

Páginas do artigo
   1. Preparação
   2. LDAP e Phamm
   3. Postfix e Dovecot
   4. Deletando contas e ajustando valores das quotas
   5. Mailscanner e SpamAssassin
   6. ClamAV Daemon e Mailwatch
   7. Horde IMP e auto-reply para férias
Outros artigos deste autor
Nenhum artigo encontrado.
Leitura recomendada

O poderoso Nagios

LTSP no Slackware

Configurando wireless sem o ndiswrapper (Realtek 8180)

Solução de problemas com wireless no Ubuntu Linux

Multifuncional HP Deskjet Ink Advantage 2546 no GNU/Linux

  
Comentários
[1] Comentário enviado por cleberantonio em 19/04/2011 - 19:47h

Olá gostaria de saber o porque de se utilizar o fedora 12.


Grato pela atenção.

[2] Comentário enviado por doomk em 20/04/2011 - 11:07h

Muito bom o artigo.

Está de parabéns!!!!

[3] Comentário enviado por vbassis em 22/04/2011 - 13:05h

Excelente artigo, nota 1000.

Parabéns!!!!!



[4] Comentário enviado por lpossamai em 27/04/2011 - 17:26h

Muito bom seu artigo!
Parabéns!!!!!

[5] Comentário enviado por marcos.ths em 10/05/2011 - 16:37h

Muito bom mesmo ! vlw

[6] Comentário enviado por linuxclass em 27/06/2011 - 16:51h

Pessoal, atualizações podem ser encontradas em http://www.linuxclass.com.br
Obrigado!

[7] Comentário enviado por dimago em 04/08/2011 - 19:36h

Olá,

Primeiramente parabéns pelo artigo.

Uma dúvida. Acabei nao encontrando, mas se meu domínio for em cima de Active Directory, existe algum problema?

Quando eu crio um novo usuário, ele irá criar este usuário lá dentro do meu AD?

Um abraço

Diego

[8] Comentário enviado por FireBird em 29/12/2011 - 17:59h

Antes de tudo, parabens... Acredito que se eu tivesse feito o que ta nesse artigo e nao o que ta no site do horde, teria funcionado...Mas, agora, fazer tudo do nada nem rola... Me ajuda com 1 parada aqui gente:

Geralmente quando a gente manda 1 email vai lá no campo do "From" ou "De":

Fernandino Mesquita e Silva <[email protected]>

LINDO... NO ENTANTO...

Quando eu envio emails usando o horde, ao inves de ir o nome do cara, ta indo fullname, tipo:

fullname <[email protected]>

Eu ja fiz configuração de prefs, hooks, conf.php e o escambal e mesmo assim nao consigo sair disso... O melhor que consegui foi fazer o pref.php do fullname em lock => true, criar um hook e fazer ele enviar ao invés de "fullname", o nome do login do cara no imap, mas, mesmo assim nao é bom e pode ser ate falha de segurança...Poderia me ajudar?


Contribuir com comentário