Aller au contenu | Aller au menu | Aller à la recherche


Installer un serveur de mail multi-domaines sur SUSE 10.0

Par PlaceOweb le mardi, février 3 2009, 21:58 - Système - Lien permanent

Postfix + Quota + Postfix Admin + Mysql + Anti SPAM + Anti VIRUS + Courier (Imap et Pop) + Squirrelmail + Règles de messageries avec Maildrop + Gestion des absences (vacation)

Admettons : . votre serveur mysql sur l'ip 192.168.30.1 . un domaine bidon "test.com"

Légende : "/chemin/d/acces/a/un/fichier.txt:" indique d'éditer le fichiers commmes les lignes suivantes et >> indique une modification d'un contenant par un autre tojours dans un fichier donné.

Install de SUSE OSS 10.0 en mode texte

Changement du mirroir (Logiciels->Changer le support d'installation)

http://fr2.rpmfind.net/linux/opensuse/distribution/SL-10.0-OSS/inst-source/

Installation des logiciels nécessaires

yast -i \
gcc \
gcc-c++ \
glibc \
glibc-devel \
compat \ 
strace

yast -i \
findutils-locate \
wget \
lynx \
ntp \
tcpdump \
nmap \
patch \
mysql-client \
mysql-devel \
mysql-shared \
perl-DBD-mysql \
perl-DBI \
perl-TimeDate \
zlib-devel

# en 64bits
yast -i \
mysql-shared-32bit

yast -i \
db-devel \
cyrus-sasl \
cyrus-sasl-devel \
openssl \
openssl-devel \
courier-authlib \
courier-authlib-devel \
courier-authlib-userdb \
courier-imap \
expect \
fam \
fam-devel \
fam-server \
libtool \
tcl

Lancement au démarrage

chkconfig ntp on

Dossier des fichiers d'install

mkdir -p /root/install/postfix
cd /root/install/postfix

Install de postfix + vda

http://www2.pcl.fr/mirrors/www.postfix.org/source/index.html
http://web.onda.com.br/nadal/
wget "http://www2.pcl.fr/mirrors/www.postfix.org/source/official/postfix-2.2.10.tar.gz"
wget "http://web.onda.com.br/nadal/postfix/VDA/postfix-2.2.10-vda.patch.gz"
tar -xzvf postfix-2.2.10.tar.gz
gunzip postfix-2.2.10-vda.patch.gz

cd postfix-2.2.10
patch -p1 < ../postfix-2.2.10-vda.patch

/etc/init.d/postfix stop

Compilation de Postfix

  1. mysql
  2. sasl2
  3. openssl
# en 32bits
make -f Makefile.init makefiles \
        'CCARGS=\
  -DHAS_MYSQL -I/usr/include/mysql \
	-DUSE_SASL_AUTH -I/usr/include/sasl \
	-DUSE_TLS' \
        'AUXLIBS=\
  -L/usr/lib/mysql -lmysqlclient -lz -lm \
	-L/usr/lib/sasl2 -lsasl2 \
	-lssl -lcrypto'

# en 64bits
make -f Makefile.init makefiles \
        'CCARGS=\
  -DHAS_MYSQL -I/usr/include/mysql \
	-DUSE_SASL_AUTH -I/usr/include/sasl \
	-DUSE_TLS' \
        'AUXLIBS=\
  -L/usr/lib64/mysql -lmysqlclient -lz -lm \
	-L/usr/lib/sasl2 -lsasl2 \
	-lssl -lcrypto'
	
make install

groupadd postdrop

/etc/init.d/postfix start

L'utilisateur virtuel qui gère les mails

groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /home/vmail -m

Tips pour purger les commentaires de main.cf sous vi

:g/^#.*$/d	ou	:g/^[^a-zA-Z]/d
:g/^$/d

Sur le serveur SQL

GRANT ALL PRIVILEGES ON postfix . * TO "postfix"@"localhost" IDENTIFIED BY 'postfix' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON postfix . * TO "postfix"@"192.168.%" IDENTIFIED BY 'postfix' WITH GRANT OPTION;
FLUSH PRIVILEGES;
  1. saslauthd (attention lancé sans -r) ? semble pas influer ( du moins bloquer )

authentification daemon - demande d'authentification sous mysql

/etc/authlib/authdaemonrc:
authmodulelist="authuserdb authpam authldap authcustom authpipe"
>>
authmodulelist="authmysql"

avec prise en charge de mysql

http://www.courier-mta.org/?download.php~authlib

wget "http://umn.dl.sourceforge.net/sourceforge/courier/courier-authlib-0.58.tar.bz2"
tar jxvf courier-authlib-0.58.tar.bz2
cd courier-authlib-0.58

Modification du fichier authmysqlrc.h Ajout du path absolu du fichier /etc/authlib/authmysqlrc définissant les acces à mysql Pour éviter l'erreur : authdaemond: authmysql: MYSQL_SERVER nor MYSQL_SOCKET set inauthmysqlrc

authmysqlrc.h:

  1. define AUTHMYSQLRC "/etc/authlib/authmysqlrc"
# en 32 bits
./configure \
--prefix=/usr \
--with-PACKAGE=yes \
--with-pkgconfdir=/etc/authlib/ \
--without-authpam \
--without-authldap \
--without-authpwd \
--without-authshadow \
--without-authvchkpw \
--without-authpgsql \
--with-authmysqlrc=authmysqlrc \
--with-mysql-libs=/usr/lib/mysql/ \	
--with-authdaemonrc=authdaemonrc \
--with-mailuser=vmail \
--with-mailgroup=vmail

# en 64 bits
./configure \
--prefix=/usr \
--with-PACKAGE=yes \
--with-pkgconfdir=/etc/authlib/ \
--without-authpam \
--without-authldap \
--without-authpwd \
--without-authshadow \
--without-authvchkpw \
--without-authpgsql \
--with-authmysqlrc=authmysqlrc \
--with-mysql-libs=/usr/lib64/mysql/ \
--with-authdaemonrc=authdaemonrc \
--with-mailuser=vmail \
--with-mailgroup=vmail

#--without-authpipe \
#--without-authcustom \
#--without-authuserdb \

make
make install
make install-migrate
make install-configure

# en 64bits
ln -s /usr/lib/courier-authlib /usr/lib64/courier-authlib

Configuration Postfix

postconf -e 'myhostname = '`hostname`'.test.com'
postconf -e 'virtual_uid_maps = static:5000'
postconf -e 'virtual_gid_maps = static:5000'
postconf -e 'virtual_mailbox_base = /home/vmail'
postconf -e 'virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf'
postconf -e 'virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf'
postconf -e 'virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf'
# Additional for quota support
postconf -e 'virtual_create_maildirsize = yes'
postconf -e 'virtual_mailbox_extended = yes'
postconf -e 'virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf'
postconf -e 'virtual_mailbox_limit_override = yes'
postconf -e 'virtual_maildir_limit_message = Sorry, the user s maildir has overdrawn his diskspace quota, please try again later.'
postconf -e 'virtual_overquota_bounce = yes'
postconf -e 'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps'

# SASL
postconf -e 'broken_sasl_auth_clients = yes'

# Comme sur un autre serveur
postconf -e 'inet_interfaces = all'
postconf -e 'smtpd_helo_required = yes'
postconf -e 'strict_rfc821_envelopes = yes'
# Limiter postfix de plusieurs envois
postconf -e 'initial_destination_concurrency_limit = 2'
postconf -e 'default_destination_concurrency_limit = 10'
postconf -e 'local_destination_concurrency_limit = 2'

postconf -e 'smtp_destination_concurrency_limit = 4'

# Vire le courrier qui vient d'une addresse inexistante
postconf -e 'smtpd_reject_unlisted_recipient = yes'

# Falsifier le nom du serveur
postconf -e 'smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)'
postconf -e 'mail_name = Microsoft Exchange'
postconf -e 'mail_version = 5.5'



postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_local_domain = $myhostname'
postconf -e 'smtpd_sasl_security_options = noanonymous'

#postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_hostname, reject_unauth_destination

smtpd_recipient_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_non_fqdn_hostname,
  reject_non_fqdn_sender,
  reject_non_fqdn_recipient,
  reject_unauth_destination,
  reject_unauth_pipelining,
  reject_invalid_hostname,
  reject_rbl_client opm.blitzed.org,
  reject_rbl_client list.dsbl.org,
  reject_rbl_client bl.spamcop.net,
  reject_rbl_client sbl-xbl.spamhaus.org
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/smtpd.cert'
postconf -e 'smtpd_tls_key_file = /etc/postfix/smtpd.key'

Generation des certificats et clefs

  1. Afterwards we create the SSL certificate that is needed for TLS:
cd /etc/postfix
openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509
<-- Enter your Country Name (e.g., "DE").
<-- Enter your State or Province Name.
<-- Enter your City.
<-- Enter your Organization Name (e.g., the name of your company).
<-- Enter your Organizational Unit Name (e.g. "IT Department").
<-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
<-- Enter your Email Address.
chmod o= /etc/postfix/smtpd.key

Les fichiers associés

/etc/postfix/mysql_virtual_domains_maps.cf:
user = postfix
password = postfix
hosts = 192.168.30.1
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s'
#optional query to use when relaying for backup MX
#query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '0' and active = '1'

/etc/postfix/mysql_virtual_mailbox_maps.cf:
user = postfix
password = postfix
hosts = 192.168.30.1
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1

/etc/postfix/mysql_virtual_mailbox_limit_maps.cf:
user = postfix
password = postfix
hosts = 192.168.30.1
dbname = postfix
query = SELECT quota FROM mailbox WHERE username='%s'

/etc/postfix/mysql_virtual_alias_maps.cf:
user = postfix
password = postfix
hosts = 192.168.30.1
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = 1

/usr/lib/sasl2/smtpd.conf	OU	/usr/lib64/sasl2/smtpd.conf:
pwcheck_method: saslauthd
mech_list: plain login
>>
pwcheck_method: authdaemond
mech_list: plain login
log_level: 3
#authdaemond_path:/usr/var/spool/authdaemon/socket
authdaemond_path:/var/run/authdaemon.courier-imap/socket

/etc/authlib/authmysqlrc:
################################################################################
MYSQL_SERVER            mysql.exploit
MYSQL_USERNAME          postfix
MYSQL_PASSWORD          45LMKOP_LP
MYSQL_DATABASE          postfix

MYSQL_PORT              3306
MYSQL_OPT               0

# Default Suse Socket
#MYSQL_SOCKET            /var/lib/mysql/mysql.sock

#DEFAULT_DOMAIN         domain.tld
#MYSQL_WHERE_CLAUSE     server='example.domain.com'

MYSQL_USER_TABLE        mailbox
MYSQL_UID_FIELD         '5000'
MYSQL_GID_FIELD         '5000'
MYSQL_HOME_FIELD        '/home/vmail'
MYSQL_LOGIN_FIELD       username
MYSQL_CLEAR_PWFIELD     password
#MYSQL_CRYPT_PWFIELD     password
MYSQL_MAILDIR_FIELD     maildir
MYSQL_NAME_FIELD        name

# Uncomment below if you want quota support.
MYSQL_QUOTA_FIELD       quota
################################################################################

cp /etc/authlib/authmysqlrc /etc/authlib/authmysqlrc.work
chmod 660 /etc/authlib/authmysqlrc*

Rajout au démarrage

chkconfig saslauthd on
chkconfig courier-authdaemon on
chkconfig courier-imap on
chkconfig courier-pop on
chkconfig fam on

Relancer

 # Postfix
/etc/init.d/postfix restart

  # Le daemon courier
/etc/init.d/saslauthd restart
/etc/init.d/courier-authdaemon restart
/etc/init.d/courier-imap restart
/etc/init.d/courier-pop restart

/etc/init.d/fam restart

A ce niveau, nous avons un serveur de mail fonctionnant avec des utilisateurs virtuels Mysql et administrable depuis Postfix Admin. Ainsi que Courier imap et pop, pour accèder aux messages électroniques

# On rajoute Amavis, ClamAV et SpamAssasin
[quote]yast -i \
perl-spamassassin \
razor-agents \
spamassassin \
amavisd-new \
clamav \
clamav-db[/quote]
/etc/amavisd.conf:
# @lookup_sql_dsn =
#   ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'],
#     ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],
#     ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );
# @storage_sql_dsn = @lookup_sql_dsn;  # none, same, or separate database
>>
#@lookup_sql_dsn =
#  ( ['DBI:mysql:database=mail;host=192.168.30.1;port=3306', 'postfix', 'postfix'] );
#@storage_sql_dsn = @lookup_sql_dsn;  # none, same, or separate database


# ### [url]http://www.clamav.net[/url]/
# ['ClamAV-clamd',
#   \&ask_daemon, ["CONTSCAN {}\n", "127.0.0.1:3310"],
#   qr/\bOK$/, qr/\bFOUND$/,
#   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: the easiest is to run clamd under the same user as amavisd; match the
# # socket name (LocalSocket) in clamav.conf to the socket name in this entry
# # When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],
>>
### [url]http://www.clamav.net[/url]/
['ClamAV-clamd',
  \&ask_daemon, ["CONTSCAN {}\n", "127.0.0.1:3310"],
  qr/\bOK$/, qr/\bFOUND$/,
  qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# NOTE: the easiest is to run clamd under the same user as amavisd; match the
# socket name (LocalSocket) in clamav.conf to the socket name in this entry
# When running chrooted one may prefer: ["CONTSCAN {}\n","$MYHOME/clamd"],



# Mise ajour de Postfix pour filtrer via PIPE amavis-new
[quote]postconf -e 'content_filter = amavis:[127.0.0.1]:10024'
postconf -e 'receive_override_options = no_address_mappings'[/quote]
# Déclaration du filtre dans
/etc/postfix/master.cf:
amavis unix - - - - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_bind_address=127.0.0.1


# Lancement au démarrage
[quote]chkconfig amavis on
chkconfig clamd on
chkconfig spamd on
# Lancement immédiat
/etc/init.d/amavis restart
/etc/init.d/clamd restart
/etc/init.d/spamd restart[/quote]
/etc/amavisd.conf:
$mydomain = 'test.com';
$myhostname = 'pc3.test.com';

/etc/mail/spamassassin/local.cf:
# Rajouter :

#razor
use_razor2 1
razor_config /etc/razor/razor-agent.conf

#bayes
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1
# Pour les vacations

## LISEZ postfixadmin-2.1.0/VIRTUAL_VACATION/INSTALL.TXT !!! ###
Apres l'avoir téléchargé et décompressé
[url]http://high5.net/postfixadmin/download.php?file=postfixadmin-2.1.0.tgz[/url]

# L'utilisateur virtuel qui gère vacation
groupadd vacation
useradd -g vacation -d /nonexistent -c "Virtual Vacation" vacation
mkdir /var/spool/vacation
chown vacation.vacation /var/spool/vacation
chmod 700 /var/spool/vacation
cd /var/spool/vacation
chown vacation.vacation vacation.pl
chmod 700 vacation.pl
chown -R vacation.vacation /var/spool/vacation

# [url]http://forums.high5.net/index.php?showtopic=2231&pid=25482&st=0&#entry25482[/url]
/etc/postfix/master.cf:
vacation    unix  -       n       n       -       -       pipe
  flags=DRhu user=vacation argv=/var/spool/vacation/vacation.pl
  
/var/spool/vacation/vacation.pl:

# modifier de la conf SQL
my $db_host = '192.168.30.1';
my $db_user = 'postfix';
my $db_pass = 'postfix';
my $db_name = 'postfix';

"/usr/bin/logger" => "/bin/logger"
:%s/usr\/bin\/logger/bin\/logger/g

Ajouter un commentaire

Le code HTML est affiché comme du texte et les adresses web sont automatiquement transformées.

Fil des commentaires de ce billet