Postfix Dovecot Pam
* master.cf *
xxx.xxx.xxx.xxx = ipadresse; um den smtp server auf eine ip zu binden
xxx.xxx.xxx.xxx:smtp inet n - - - - smtpd
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
* virtual_domains *
example.net ACCEPT domain.com ACCEPT
postmap /etc/postfix/virtual_domains
* main.cf *
myhostname = mail.example.net
myorigin = /etc/mailname
virtual_mailbox_domains = hash:/etc/postfix/virtual_domains
virtual_mailbox_base = /srv/vmail
virtual_uid_maps = static:8
virtual_gid_maps = static:8
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
mydestination = localhost
mynetworks = 127.0.0.0/8,
smtpd_banner = $myhostname ESMTP Mailserver
mailbox_size_limit = 512000000
message_size_limit = 10240000
smtpd_sender_restrictions = reject_unknown_address
smtpd_client_restrictions = reject_invalid_hostname
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_invalid_hostname,
permit
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_destination,
permit_mynetworks,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
permit
strict_rfc821_envelopes = yes
home_mailbox = mails/
#smtpd_tls_cert_file = /etc/postfix/mail.csr
#smtpd_tls_key_file = /etc/postfix/mail.key
smtpd_use_tls = yes
smtpd_enforce_tls = no
smtpd_tls_auth_only = no
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
# http://www.mailscanner.info
header_checks = regexp:/etc/postfix/header_checks
body_checks surf to http://www.malware.com.br
* /etc/postfix/header_checks *
/^Received:/ HOLD
/^X-Spam-Level: (\*){8,}/ REDIRECT sa-spam
* dovecot.cf *
base_dir = /var/run/dovecot/
#log_path = /var/log/dovecot.log
protocols = imap
ssl_disable = no
verbose_proctitle = yes
#first_valid_uid = 3000
#last_valid_uid = 3000
#first_valid_gid = 8
#last_valid_gid = 8
#valid_chroot_dirs = /var/mail
mail_location = maildir:~/Maildir
maildir_copy_with_hardlinks = yes
#protocol imap {
#}
auth_verbose = yes
auth default {
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0600
user = vmail
}
}
mechanisms = plain login
passdb pam {
}
userdb static {
args = uid=vmail gid=vmail home=/srv/vmail/%u
}
}
protocol lda {
postmaster_address = host@example.net
}
* addmailuser.sh *
#!/bin/sh -x echo "usage: $0 <newusername>" mkdir /srv/vmail/$1 maildirmake /srv/vmail/$1/Maildir chown vmail:vmail /srv/vmail/$1 -R htpasswd /etc/dovecot/dovecot.passwd $1
* pam.d/dovecot *
aptitude install libpam_pwdfile
#%PAM-1.0 auth required pam_pwdfile.so pwdfile=/etc/dovecot/dovecot.passwd debug session sufficient pam_permit.so account sufficient pam_permit.so #@include common-auth #@include common-account #@include common-session
aptitude install policyd-weight
postgrey-unter-debian-einrichten
MailScanner With Postfix on Etch
Add Anti-Virus support to MailScanner
Um noch den Usern zu ermöglichen ihre Mails über den Server zu relayen sollte man eine SMTP Authentifizierung benutzen. Falls die Clients statisce IPs besitzen kann man diese natürlich auch in der main.cf unter my_networks eintragen. Wie eine mögliche SMTP Auth ausehen kann findet sich unter LittleMailserverSMTP