Postfix Dovecot Pam
* master.cf *
xxx.xxx.xxx.xxx = ipadresse; um den smtp server auf eine ip zu binden
xxx.xxx.xxx.xxx:smtp inet n - - - - smtpd dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
* virtual_domains *
example.net ACCEPT domain.com ACCEPT
postmap /etc/postfix/virtual_domains
* main.cf *
myhostname = mail.example.net myorigin = /etc/mailname virtual_mailbox_domains = hash:/etc/postfix/virtual_domains virtual_mailbox_base = /srv/vmail virtual_uid_maps = static:8 virtual_gid_maps = static:8 virtual_transport = dovecot dovecot_destination_recipient_limit = 1 mydestination = localhost mynetworks = 127.0.0.0/8, smtpd_banner = $myhostname ESMTP Mailserver mailbox_size_limit = 512000000 message_size_limit = 10240000 smtpd_sender_restrictions = reject_unknown_address smtpd_client_restrictions = reject_invalid_hostname smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_hostname, reject_non_fqdn_hostname, reject_invalid_hostname, permit smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination, permit_mynetworks, reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net, permit strict_rfc821_envelopes = yes home_mailbox = mails/ #smtpd_tls_cert_file = /etc/postfix/mail.csr #smtpd_tls_key_file = /etc/postfix/mail.key smtpd_use_tls = yes smtpd_enforce_tls = no smtpd_tls_auth_only = no smtpd_error_sleep_time = 1s smtpd_soft_error_limit = 10 smtpd_hard_error_limit = 20 # http://www.mailscanner.info header_checks = regexp:/etc/postfix/header_checks body_checks surf to http://www.malware.com.br
* /etc/postfix/header_checks *
/^Received:/ HOLD /^X-Spam-Level: (\*){8,}/ REDIRECT sa-spam
* dovecot.cf *
base_dir = /var/run/dovecot/ #log_path = /var/log/dovecot.log protocols = imap ssl_disable = no verbose_proctitle = yes #first_valid_uid = 3000 #last_valid_uid = 3000 #first_valid_gid = 8 #last_valid_gid = 8 #valid_chroot_dirs = /var/mail mail_location = maildir:~/Maildir maildir_copy_with_hardlinks = yes #protocol imap { #} auth_verbose = yes auth default { socket listen { master { path = /var/run/dovecot/auth-master mode = 0600 user = vmail } } mechanisms = plain login passdb pam { } userdb static { args = uid=vmail gid=vmail home=/srv/vmail/%u } } protocol lda { postmaster_address = host@example.net }
* addmailuser.sh *
#!/bin/sh -x echo "usage: $0 <newusername>" mkdir /srv/vmail/$1 maildirmake /srv/vmail/$1/Maildir chown vmail:vmail /srv/vmail/$1 -R htpasswd /etc/dovecot/dovecot.passwd $1
* pam.d/dovecot *
aptitude install libpam_pwdfile
#%PAM-1.0 auth required pam_pwdfile.so pwdfile=/etc/dovecot/dovecot.passwd debug session sufficient pam_permit.so account sufficient pam_permit.so #@include common-auth #@include common-account #@include common-session
aptitude install policyd-weight
postgrey-unter-debian-einrichten
MailScanner With Postfix on Etch
Add Anti-Virus support to MailScanner
Um noch den Usern zu ermöglichen ihre Mails über den Server zu relayen sollte man eine SMTP Authentifizierung benutzen. Falls die Clients statisce IPs besitzen kann man diese natürlich auch in der main.cf unter my_networks eintragen. Wie eine mögliche SMTP Auth ausehen kann findet sich unter LittleMailserverSMTP