Оглавление
Данный материал относится к настройке почтового сервера с использованием в качестве MTA Postfix, IMAP\POP3 Dovecot, администрированием Postfixadmin и WEBMail RoundCube. Постараюсь последовательно описать необходимые действия и приложу конфигурационные файлы, которые можно использовать для настройки. В последующих статьях будет описано подключение антивируса — ClamAV с неофициальными фильтрами, Spamassassin с подключением к MySQL, OpenDMARC и OpenDKIM. И так:
Дано:
MTA — Postfix
IMAP\POP3 IMAPs\POP3s — Dovecot
WEBMail — RoundCube
WEB Server — Apache
DataBase — MySQL (mariadb)
Administrator — Postfixadmin
OS — CentOS7 minimal
Загрузка дистрибутива CentOS7
Установка операционной системы CentOS7
Небольшой тюнинг операционной системы
Установка программного обеспечения
Подключение репозитория EPEL
|
1 2 3 |
yum -y install epel-release |
Установка MTA
|
1 2 3 |
yum -y install postfix |
Установка IMAP\POP3
|
1 2 3 |
yum -y install dovecot dovecot-mysql dovecot-pigeonhole |
Установка WEB сервера и PHP
|
1 2 3 |
yum -y install php php-mysql php-mbstring php-imap php-dom php-imap php-ldap mod_ssl httpd |
Установка MariaDB 10.4
Подключаем репозиторий MariaDB 10.4
|
1 2 3 4 5 6 7 8 9 |
cat <<EOF | sudo tee /etc/yum.repos.d/MariaDB.repo [mariadb] name = MariaDB baseurl = http://yum.mariadb.org/10.4/centos7-amd64 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck=1 EOF |
Обновим кеш пакетов
|
1 2 3 |
yum makecache fast |
Установка сервера СУБД
|
1 2 3 |
yum -y install MariaDB-server MariaDB-client |
Настройка программного обеспечения
Генерация сертификатов
Генерация само подписанного сертификата
|
1 2 3 4 5 6 |
openssl req -x509 -newkey rsa:2048 -nodes -days 1024 \ -keyout /etc/pki/tls/private/mail.kost.su.key \ -out /etc/pki/tls/certs/mail.kost.su.crt \ -subj /C=RU/ST=NN/L=Dust/O=kost.su/OU=IT/CN=mail.kost.su |
Генерация ключа с алгоритмом Diffie-Hellman (Диффи-Хеллмана)
|
1 2 3 4 |
openssl dhparam -out /etc/pki/tls/dh2048_param.pem 2048 openssl dhparam -out /etc/pki/tls/dh512_param.pem 512 |
Создание системного пользователя vmail
|
1 2 3 4 |
sudo groupadd -g 2000 vmail sudo useradd -g vmail -u 2000 vmail -d /home/vmail -s /sbin/nologin |
Настройка СУБД MariaDB
Добавление в автозагрузку и запуск
|
1 2 3 4 |
sudo systemctl enable mariadb sudo systemctl start mariadb |
Инициализация MariaDB
|
1 2 3 |
mysql_secure_installation |
Создание баз данных
|
1 2 3 4 |
create database vmail character set utf8 collate utf8_bin; create database roundcubemail character set utf8 collate utf8_bin; |
Создание пользователей, паролей и прав
Для повышения безопасности, пользователь mail должен обладать минимальными правами, необходимыми для получения данных из БД, тогда как vmailadmin имеет большие привилегии. Я немного не доработал и дал полные права всем, но ближайшее время разберусь.
|
1 2 3 4 |
create database vmail character set utf8 collate utf8_bin; create database roundcubemail character set utf8 collate utf8_bin; |
|
1 2 3 4 5 |
use vmail; GRANT ALL PRIVILEGES ON vmail.* TO 'vmail'@'localhost' identified by 'PASSVMAILREAD'; GRANT ALL PRIVILEGES ON vmail.* TO 'vmailadmin'@'localhost' identified by 'PASSVMAILADMIN'; |
|
1 2 3 4 |
use roundcubemail; GRANT ALL PRIVILEGES ON roundcubemail.* TO 'roundcube'@'localhost' identified by 'PASSROUNCUBE'; |
|
1 2 3 |
FLUSH PRIVILEGES; |
Заливаем базу VMAIL
В данном примере авторизационные данные для входа в админку — kost@kost.su JLASqe2123. Структура базы взята из iRedMail и запросы в Dovecot и Postfix адаптированы именно под нее
|
1 2 3 |
mysql -pPASSWORD_MYSQL vmail < /usr/src/vmail.txt |
— phpMyAdmin SQL Dump
— version 4.4.3
— http://www.phpmyadmin.net
—
— Хост: localhost
— Время создания: Авг 15 2019 г., 10:50
— Версия сервера: 10.4.7-MariaDB
— Версия PHP: 5.4.16
SET SQL_MODE = «NO_AUTO_VALUE_ON_ZERO»;
SET time_zone = «+00:00»;
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;
—
— База данных: vmail
—
— ———————————————————
—
— Структура таблицы admin
—
CREATE TABLE IF NOT EXISTS admin (
username varchar(255) NOT NULL,
password varchar(255) NOT NULL,
superadmin tinyint(1) NOT NULL DEFAULT 0,
name varchar(255) CHARACTER SET utf8 NOT NULL DEFAULT »,
language varchar(5) CHARACTER SET utf8 NOT NULL DEFAULT »,
passwordlastchange datetime NOT NULL DEFAULT ‘1970-01-01 01:01:01’,
settings text CHARACTER SET utf8 DEFAULT NULL,
created datetime NOT NULL DEFAULT ‘2000-01-01 00:00:00’,
modified datetime NOT NULL DEFAULT ‘2000-01-01 00:00:00’,
expired datetime NOT NULL DEFAULT ‘9999-12-31 00:00:00’,
active tinyint(1) NOT NULL DEFAULT 1,
phone varchar(30) CHARACTER SET utf8 NOT NULL DEFAULT »,
email_other varchar(255) CHARACTER SET utf8 NOT NULL DEFAULT »,
token varchar(255) CHARACTER SET utf8 NOT NULL DEFAULT »,
token_validity datetime NOT NULL DEFAULT ‘2000-01-01 00:00:00’
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
—
— Дамп данных таблицы admin
—
INSERT INTO admin (username, password, superadmin, name, language, passwordlastchange, settings, created, modified, expired, active, phone, email_other, token, token_validity) VALUES
(‘kost@kost.su’, ‘$1$87ca345f$Gxw3V0NNRnAQXn48e4eis1’, 1, », », ‘1970-01-01 01:01:01’, NULL, ‘2019-08-08 12:30:00’, ‘2019-08-15 10:50:16’, ‘9999-12-31 00:00:00’, 1, », », », ‘2019-08-08 12:29:59’);
— ———————————————————
—
— Структура таблицы alias
—
CREATE TABLE IF NOT EXISTS alias (
address varchar(255) NOT NULL,
name varchar(255) CHARACTER SET utf8 NOT NULL DEFAULT »,
accesspolicy varchar(30) CHARACTER SET utf8 NOT NULL DEFAULT »,
domain varchar(255) NOT NULL,
created datetime NOT NULL DEFAULT ‘2000-01-01 00:00:00’,
modified datetime NOT NULL DEFAULT ‘2000-01-01 00:00:00’,
expired datetime NOT NULL DEFAULT ‘9999-12-31 00:00:00’,
active tinyint(1) NOT NULL DEFAULT 1,
goto text NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
—
— Дамп данных таблицы alias
—
INSERT INTO alias (address, name, accesspolicy, domain, created, modified, expired, active, goto) VALUES
(‘abuse@kost.su’, », », ‘kost.su’, ‘2019-08-08 12:32:51’, ‘2019-08-08 12:32:51’, ‘9999-12-31 00:00:00’, 1, ‘abuse@change-this-to-your.domain.tld’),
(‘hostmaster@kost.su’, », », ‘kost.su’, ‘2019-08-08 12:32:51’, ‘2019-08-08 12:32:51’, ‘9999-12-31 00:00:00’, 1, ‘hostmaster@change-this-to-your.domain.tld’),
(‘kost@kost.su’, », », ‘kost.su’, ‘2019-08-08 12:33:16’, ‘2019-08-08 12:33:16’, ‘9999-12-31 00:00:00’, 1, ‘kost@kost.su’),
(‘postmaster@kost.su’, », », ‘kost.su’, ‘2019-08-08 12:32:51’, ‘2019-08-08 12:32:51’, ‘9999-12-31 00:00:00’, 1, ‘postmaster@change-this-to-your.domain.tld’),
(‘webmaster@kost.su’, », », ‘kost.su’, ‘2019-08-08 12:32:51’, ‘2019-08-08 12:32:51’, ‘9999-12-31 00:00:00’, 1, ‘webmaster@change-this-to-your.domain.tld’);
— ———————————————————
—
— Структура таблицы alias_domain
—
CREATE TABLE IF NOT EXISTS alias_domain (
alias_domain varchar(255) NOT NULL DEFAULT »,
target_domain varchar(255) NOT NULL DEFAULT »,
created datetime NOT NULL DEFAULT ‘2000-01-01 00:00:00’,
modified datetime NOT NULL DEFAULT ‘2000-01-01 00:00:00’,
active tinyint(1) NOT NULL DEFAULT 1
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
— ———————————————————
—
— Структура таблицы anyone_shares
—
CREATE TABLE IF NOT EXISTS anyone_shares (
from_user varchar(255) NOT NULL,
dummy char(1) DEFAULT ‘1’
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
— ———————————————————
—
— Структура таблицы config
—
CREATE TABLE IF NOT EXISTS config (
id int(11) NOT NULL,
name varchar(20) CHARACTER SET latin1 NOT NULL DEFAULT »,
value varchar(20) CHARACTER SET latin1 NOT NULL DEFAULT »
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8 COMMENT=’PostfixAdmin settings’;
—
— Дамп данных таблицы config
—
INSERT INTO config (id, name, value) VALUES
(1, ‘version’, ‘1840’);
— ———————————————————
—
— Структура таблицы deleted_mailboxes
—
CREATE TABLE IF NOT EXISTS deleted_mailboxes (
id bigint(20) unsigned NOT NULL,
timestamp timestamp NOT NULL DEFAULT current_timestamp(),
username varchar(255) NOT NULL DEFAULT »,
domain varchar(255) NOT NULL DEFAULT »,
maildir varchar(255) NOT NULL DEFAULT »,
admin varchar(255) NOT NULL DEFAULT »,
delete_date date DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
— ———————————————————
—
— Структура таблицы domain
—
CREATE TABLE IF NOT EXISTS domain (
domain varchar(255) NOT NULL,
description varchar(255) CHARACTER SET utf8 NOT NULL,
disclaimer text CHARACTER SET utf8 DEFAULT NULL,
aliases int(10) NOT NULL DEFAULT 0,
mailboxes int(10) NOT NULL DEFAULT 0,
maillists int(10) NOT NULL DEFAULT 0,
maxquota bigint(20) NOT NULL DEFAULT 0,
quota bigint(20) NOT NULL DEFAULT 0,
transport varchar(255) NOT NULL,
backupmx tinyint(1) NOT NULL DEFAULT 0,
settings text CHARACTER SET utf8 DEFAULT NULL,
created datetime NOT NULL DEFAULT ‘2000-01-01 00:00:00’,
modified datetime NOT NULL DEFAULT ‘2000-01-01 00:00:00’,
expired datetime NOT NULL DEFAULT ‘9999-12-31 00:00:00’,
active tinyint(1) NOT NULL DEFAULT 1
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
—
— Дамп данных таблицы domain
—
INSERT INTO domain (domain, description, disclaimer, aliases, mailboxes, maillists, maxquota, quota, transport, backupmx, settings, created, modified, expired, active) VALUES
(‘ALL’, », NULL, 0, 0, 0, 0, 0, », 0, NULL, ‘2018-10-15 16:29:16’, ‘2018-10-15 16:29:16’, ‘9999-12-31 00:00:00’, 1),
(‘kost.su’, », NULL, 0, 0, 0, 10, 2048, ‘virtual’, 0, NULL, ‘2019-08-08 12:32:51’, ‘2019-08-08 12:33:00’, ‘9999-12-31 00:00:00’, 1);
— ———————————————————
—
— Структура таблицы domain_admins
—
CREATE TABLE IF NOT EXISTS domain_admins (
username varchar(255) NOT NULL,
domain varchar(255) NOT NULL,
created datetime NOT NULL DEFAULT ‘2000-01-01 00:00:00’,
modified datetime NOT NULL DEFAULT ‘1970-01-01 01:01:01’,
expired datetime NOT NULL DEFAULT ‘9999-12-31 00:00:00’,
active tinyint(1) NOT NULL DEFAULT 1
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
—
— Дамп данных таблицы domain_admins
—
INSERT INTO domain_admins (username, domain, created, modified, expired, active) VALUES
(‘kost@kost.su’, ‘ALL’, ‘2019-08-08 12:30:00’, ‘1970-01-01 01:01:01’, ‘9999-12-31 00:00:00’, 1);
— ———————————————————
—
— Структура таблицы fetchmail
—
CREATE TABLE IF NOT EXISTS fetchmail (
id int(11) unsigned NOT NULL,
domain varchar(255) DEFAULT »,
mailbox varchar(255) NOT NULL,
src_server varchar(255) NOT NULL,
src_auth enum(‘password’,’kerberos_v5′,’kerberos’,’kerberos_v4′,’gssapi’,’cram-md5′,’otp’,’ntlm’,’msn’,’ssh’,’any’) CHARACTER SET utf8 DEFAULT NULL,
src_user varchar(255) NOT NULL,
src_password varchar(255) NOT NULL,
src_folder varchar(255) NOT NULL,
poll_time int(11) unsigned NOT NULL DEFAULT 10,
fetchall tinyint(1) unsigned NOT NULL DEFAULT 0,
keep tinyint(1) unsigned NOT NULL DEFAULT 0,
protocol enum(‘POP3′,’IMAP’,’POP2′,’ETRN’,’AUTO’) CHARACTER SET utf8 DEFAULT NULL,
usessl tinyint(1) unsigned NOT NULL DEFAULT 0,
sslcertck tinyint(1) NOT NULL DEFAULT 0,
sslcertpath varchar(255) CHARACTER SET utf8 DEFAULT »,
sslfingerprint varchar(255) DEFAULT »,
extra_options text DEFAULT NULL,
returned_text text DEFAULT NULL,
mda varchar(255) NOT NULL,
date timestamp NOT NULL DEFAULT ‘1999-12-31 21:00:00’,
created timestamp NOT NULL DEFAULT ‘1999-12-31 21:00:00’,
modified timestamp NOT NULL DEFAULT current_timestamp(),
active tinyint(1) NOT NULL DEFAULT 0
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
— ———————————————————
—
— Структура таблицы forwardings
—
CREATE TABLE IF NOT EXISTS forwardings (
id bigint(20) unsigned NOT NULL,
address varchar(255) NOT NULL DEFAULT »,
forwarding varchar(255) NOT NULL DEFAULT »,
domain varchar(255) NOT NULL DEFAULT »,
dest_domain varchar(255) NOT NULL DEFAULT »,
is_maillist tinyint(1) NOT NULL DEFAULT 0,
is_list tinyint(1) NOT NULL DEFAULT 0,
is_forwarding tinyint(1) NOT NULL DEFAULT 0,
is_alias tinyint(1) NOT NULL DEFAULT 0,
active tinyint(1) NOT NULL DEFAULT 1
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
— ———————————————————
—
— Структура таблицы log
—
CREATE TABLE IF NOT EXISTS log (
timestamp datetime NOT NULL DEFAULT ‘2000-01-01 00:00:00’,
username varchar(255) NOT NULL,
domain varchar(255) NOT NULL,
action varchar(255) NOT NULL,
data text NOT NULL,
id int(11) NOT NULL
) ENGINE=InnoDB AUTO_INCREMENT=436 DEFAULT CHARSET=latin1 COMMENT=’Postfix Admin — Log’;
—
— Дамп данных таблицы log
—
INSERT INTO log (timestamp, username, domain, action, data, id) VALUES
(‘2019-08-15 10:50:16’, ‘kost@kost.su (10.101.220.10)’, », ‘edit_admin’, ‘kost@kost.su’, 435);
— ———————————————————
—
— Структура таблицы mailbox
—
CREATE TABLE IF NOT EXISTS mailbox (
username varchar(255) NOT NULL,
password varchar(255) NOT NULL,
name varchar(255) CHARACTER SET utf8 NOT NULL,
language varchar(5) CHARACTER SET utf8 NOT NULL DEFAULT »,
storagebasedirectory varchar(255) CHARACTER SET utf8 NOT NULL DEFAULT ‘/var/vmail’,
storagenode varchar(255) CHARACTER SET utf8 NOT NULL DEFAULT ‘vmail1’,
maildir varchar(255) NOT NULL,
quota bigint(20) NOT NULL DEFAULT 0,
local_part varchar(255) NOT NULL,
domain varchar(255) NOT NULL,
transport varchar(255) CHARACTER SET utf8 NOT NULL DEFAULT »,
department varchar(255) CHARACTER SET utf8 NOT NULL DEFAULT »,
rank varchar(255) CHARACTER SET utf8 NOT NULL DEFAULT ‘normal’,
employeeid varchar(255) CHARACTER SET utf8 DEFAULT »,
isadmin tinyint(1) NOT NULL DEFAULT 0,
isglobaladmin tinyint(1) NOT NULL DEFAULT 0,
enablesmtp tinyint(1) NOT NULL DEFAULT 1,
enablesmtpsecured tinyint(1) NOT NULL DEFAULT 1,
enablepop3 tinyint(1) NOT NULL DEFAULT 1,
enablepop3secured tinyint(1) NOT NULL DEFAULT 1,
enablepop3tls tinyint(1) NOT NULL DEFAULT 1,
enableimap tinyint(1) NOT NULL DEFAULT 1,
enableimapsecured tinyint(1) NOT NULL DEFAULT 1,
enableimaptls tinyint(1) NOT NULL DEFAULT 1,
enabledeliver tinyint(1) NOT NULL DEFAULT 1,
enablelda tinyint(1) NOT NULL DEFAULT 1,
enablemanagesieve tinyint(1) NOT NULL DEFAULT 1,
enablemanagesievesecured tinyint(1) NOT NULL DEFAULT 1,
enablesieve tinyint(1) NOT NULL DEFAULT 1,
enablesievesecured tinyint(1) NOT NULL DEFAULT 1,
enablesievetls tinyint(1) NOT NULL DEFAULT 1,
enableinternal tinyint(1) NOT NULL DEFAULT 1,
enabledoveadm tinyint(1) NOT NULL DEFAULT 1,
enablelib-storage tinyint(1) NOT NULL DEFAULT 1,
enableindexer-worker tinyint(1) NOT NULL DEFAULT 1,
enablelmtp tinyint(1) NOT NULL DEFAULT 1,
enabledsync tinyint(1) NOT NULL DEFAULT 1,
enablesogo tinyint(1) NOT NULL DEFAULT 1,
allow_nets text CHARACTER SET utf8 DEFAULT NULL,
lastlogindate datetime NOT NULL DEFAULT ‘1970-01-01 01:01:01’,
lastloginipv4 int(4) unsigned NOT NULL DEFAULT 0,
lastloginprotocol char(255) CHARACTER SET utf8 NOT NULL DEFAULT »,
disclaimer text CHARACTER SET utf8 DEFAULT NULL,
allowedsenders text CHARACTER SET utf8 DEFAULT NULL,
rejectedsenders text CHARACTER SET utf8 DEFAULT NULL,
allowedrecipients text CHARACTER SET utf8 DEFAULT NULL,
rejectedrecipients text CHARACTER SET utf8 DEFAULT NULL,
settings text CHARACTER SET utf8 DEFAULT NULL,
passwordlastchange datetime NOT NULL DEFAULT ‘1970-01-01 01:01:01’,
created datetime NOT NULL DEFAULT ‘2000-01-01 00:00:00’,
modified datetime NOT NULL DEFAULT ‘2000-01-01 00:00:00’,
expired datetime NOT NULL DEFAULT ‘9999-12-31 00:00:00’,
active tinyint(1) NOT NULL DEFAULT 1,
phone varchar(30) CHARACTER SET utf8 NOT NULL DEFAULT »,
email_other varchar(255) CHARACTER SET utf8 NOT NULL DEFAULT »,
token varchar(255) CHARACTER SET utf8 NOT NULL DEFAULT »,
token_validity datetime NOT NULL DEFAULT ‘2000-01-01 00:00:00’
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
—
— Дамп данных таблицы mailbox
—
INSERT INTO mailbox (username, password, name, language, storagebasedirectory, storagenode, maildir, quota, local_part, domain, transport, department, rank, employeeid, isadmin, isglobaladmin, enablesmtp, enablesmtpsecured, enablepop3, enablepop3secured, enablepop3tls, enableimap, enableimapsecured, enableimaptls, enabledeliver, enablelda, enablemanagesieve, enablemanagesievesecured, enablesieve, enablesievesecured, enablesievetls, enableinternal, enabledoveadm, enablelib-storage, enableindexer-worker, enablelmtp, enabledsync, enablesogo, allow_nets, lastlogindate, lastloginipv4, lastloginprotocol, disclaimer, allowedsenders, rejectedsenders, allowedrecipients, rejectedrecipients, settings, passwordlastchange, created, modified, expired, active, phone, email_other, token, token_validity) VALUES
(‘kost@kost.su’, ‘$1$c76e6255$c326kc/j1faTF17vRHYEK1’, ‘G7ba9to20’, », ‘/var/vmail’, ‘vmail1’, ‘kost.su/kost/’, 0, ‘kost’, ‘kost.su’, », », ‘normal’, », 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, NULL, ‘1970-01-01 01:01:01’, 0, », NULL, NULL, NULL, NULL, NULL, NULL, ‘1970-01-01 01:01:01’, ‘2019-08-08 12:33:16’, ‘2019-08-08 12:33:16’, ‘9999-12-31 00:00:00’, 1, », », », ‘2019-08-08 12:33:16’);
— ———————————————————
—
— Структура таблицы maillists
—
CREATE TABLE IF NOT EXISTS maillists (
id bigint(20) unsigned NOT NULL,
address varchar(255) NOT NULL DEFAULT »,
domain varchar(255) NOT NULL DEFAULT »,
transport varchar(255) NOT NULL DEFAULT »,
accesspolicy varchar(30) NOT NULL DEFAULT »,
maxmsgsize bigint(20) NOT NULL DEFAULT 0,
name varchar(255) NOT NULL DEFAULT »,
description text DEFAULT NULL,
mlid varchar(36) NOT NULL DEFAULT »,
is_newsletter tinyint(1) NOT NULL DEFAULT 0,
settings text DEFAULT NULL,
created datetime NOT NULL DEFAULT ‘1970-01-01 01:01:01’,
modified datetime NOT NULL DEFAULT ‘1970-01-01 01:01:01’,
expired datetime NOT NULL DEFAULT ‘9999-12-31 00:00:00’,
active tinyint(1) NOT NULL DEFAULT 1
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
— ———————————————————
—
— Структура таблицы moderators
—
CREATE TABLE IF NOT EXISTS moderators (
id bigint(20) unsigned NOT NULL,
address varchar(255) NOT NULL DEFAULT »,
moderator varchar(255) NOT NULL DEFAULT »,
domain varchar(255) NOT NULL DEFAULT »,
dest_domain varchar(255) NOT NULL DEFAULT »
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
— ———————————————————
—
— Структура таблицы quota
—
CREATE TABLE IF NOT EXISTS quota (
username varchar(255) CHARACTER SET latin1 NOT NULL,
path varchar(100) CHARACTER SET latin1 NOT NULL,
current bigint(20) NOT NULL DEFAULT 0
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
— ———————————————————
—
— Структура таблицы quota2
—
CREATE TABLE IF NOT EXISTS quota2 (
username varchar(100) CHARACTER SET latin1 NOT NULL,
bytes bigint(20) NOT NULL DEFAULT 0,
messages int(11) NOT NULL DEFAULT 0
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
— ———————————————————
—
— Структура таблицы recipient_bcc_domain
—
CREATE TABLE IF NOT EXISTS recipient_bcc_domain (
domain varchar(255) NOT NULL DEFAULT »,
bcc_address varchar(255) NOT NULL DEFAULT »,
created datetime NOT NULL DEFAULT ‘1970-01-01 01:01:01’,
modified datetime NOT NULL DEFAULT ‘1970-01-01 01:01:01’,
expired datetime NOT NULL DEFAULT ‘9999-12-31 00:00:00’,
active tinyint(1) NOT NULL DEFAULT 1
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
— ———————————————————
—
— Структура таблицы recipient_bcc_user
—
CREATE TABLE IF NOT EXISTS recipient_bcc_user (
username varchar(255) NOT NULL DEFAULT »,
bcc_address varchar(255) NOT NULL DEFAULT »,
domain varchar(255) NOT NULL DEFAULT »,
created datetime NOT NULL DEFAULT ‘1970-01-01 01:01:01’,
modified datetime NOT NULL DEFAULT ‘1970-01-01 01:01:01’,
expired datetime NOT NULL DEFAULT ‘9999-12-31 00:00:00’,
active tinyint(1) NOT NULL DEFAULT 1
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
— ———————————————————
—
— Структура таблицы sender_bcc_domain
—
CREATE TABLE IF NOT EXISTS sender_bcc_domain (
domain varchar(255) NOT NULL DEFAULT »,
bcc_address varchar(255) NOT NULL DEFAULT »,
created datetime NOT NULL DEFAULT ‘1970-01-01 01:01:01’,
modified datetime NOT NULL DEFAULT ‘1970-01-01 01:01:01’,
expired datetime NOT NULL DEFAULT ‘9999-12-31 00:00:00’,
active tinyint(1) NOT NULL DEFAULT 1
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
— ———————————————————
—
— Структура таблицы sender_bcc_user
—
CREATE TABLE IF NOT EXISTS sender_bcc_user (
username varchar(255) NOT NULL DEFAULT »,
bcc_address varchar(255) NOT NULL DEFAULT »,
domain varchar(255) NOT NULL DEFAULT »,
created datetime NOT NULL DEFAULT ‘1970-01-01 01:01:01’,
modified datetime NOT NULL DEFAULT ‘1970-01-01 01:01:01’,
expired datetime NOT NULL DEFAULT ‘9999-12-31 00:00:00’,
active tinyint(1) NOT NULL DEFAULT 1
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
— ———————————————————
—
— Структура таблицы sender_relayhost
—
CREATE TABLE IF NOT EXISTS sender_relayhost (
id bigint(20) unsigned NOT NULL,
account varchar(255) NOT NULL DEFAULT »,
relayhost varchar(255) NOT NULL DEFAULT »
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
— ———————————————————
—
— Структура таблицы share_folder
—
CREATE TABLE IF NOT EXISTS share_folder (
from_user varchar(255) CHARACTER SET ascii NOT NULL,
to_user varchar(255) CHARACTER SET ascii NOT NULL,
dummy char(1) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
— ———————————————————
—
— Структура таблицы used_quota
—
CREATE TABLE IF NOT EXISTS used_quota (
username varchar(255) NOT NULL,
bytes bigint(20) NOT NULL DEFAULT 0,
messages bigint(20) NOT NULL DEFAULT 0,
domain varchar(255) NOT NULL DEFAULT »
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
—
— Дамп данных таблицы used_quota
—
INSERT INTO used_quota (username, bytes, messages, domain) VALUES
(‘kost@kost.su’, 20038293, 58, ‘kost.su’);
—
— Триггеры used_quota
—
DELIMITER $$
CREATE TRIGGER used_quota_before_insert BEFORE INSERT ON used_quota
FOR EACH ROW BEGIN
SET NEW.domain = SUBSTRING_INDEX(NEW.username, ‘@’, -1);
END
$$
DELIMITER ;
— ———————————————————
—
— Структура таблицы vacation
—
CREATE TABLE IF NOT EXISTS vacation (
email varchar(255) NOT NULL,
subject varchar(255) NOT NULL,
body text NOT NULL,
activefrom timestamp NOT NULL DEFAULT ‘1999-12-31 21:00:00’,
activeuntil timestamp NOT NULL DEFAULT ‘2038-01-17 21:00:00’,
cache text NOT NULL,
domain varchar(255) NOT NULL,
interval_time int(11) NOT NULL DEFAULT 0,
created datetime NOT NULL DEFAULT ‘2000-01-01 00:00:00’,
modified timestamp NOT NULL DEFAULT current_timestamp(),
active tinyint(1) NOT NULL DEFAULT 1
) ENGINE=InnoDB DEFAULT CHARSET=latin1 COMMENT=’Postfix Admin — Virtual Vacation’;
— ———————————————————
—
— Структура таблицы vacation_notification
—
CREATE TABLE IF NOT EXISTS vacation_notification (
on_vacation varchar(255) CHARACTER SET latin1 NOT NULL,
notified varchar(255) CHARACTER SET latin1 NOT NULL DEFAULT »,
notified_at timestamp NOT NULL DEFAULT current_timestamp()
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT=’Postfix Admin — Virtual Vacation Notifications’;
—
— Индексы сохранённых таблиц
—
—
— Индексы таблицы admin
—
ALTER TABLE admin
ADD PRIMARY KEY (username),
ADD KEY passwordlastchange (passwordlastchange),
ADD KEY expired (expired),
ADD KEY active (active);
—
— Индексы таблицы alias
—
ALTER TABLE alias
ADD PRIMARY KEY (address),
ADD KEY expired (expired),
ADD KEY active (active),
ADD KEY domain (domain);
—
— Индексы таблицы alias_domain
—
ALTER TABLE alias_domain
ADD PRIMARY KEY (alias_domain),
ADD KEY target_domain (target_domain),
ADD KEY active (active);
—
— Индексы таблицы anyone_shares
—
ALTER TABLE anyone_shares
ADD PRIMARY KEY (from_user);
—
— Индексы таблицы config
—
ALTER TABLE config
ADD PRIMARY KEY (id),
ADD UNIQUE KEY name (name);
—
— Индексы таблицы deleted_mailboxes
—
ALTER TABLE deleted_mailboxes
ADD KEY id (id),
ADD KEY timestamp (timestamp),
ADD KEY username (username),
ADD KEY domain (domain),
ADD KEY admin (admin),
ADD KEY delete_date (delete_date);
—
— Индексы таблицы domain
—
ALTER TABLE domain
ADD PRIMARY KEY (domain),
ADD KEY backupmx (backupmx),
ADD KEY expired (expired),
ADD KEY active (active);
—
— Индексы таблицы domain_admins
—
ALTER TABLE domain_admins
ADD PRIMARY KEY (username,domain),
ADD KEY username (username),
ADD KEY domain (domain),
ADD KEY active (active);
—
— Индексы таблицы fetchmail
—
ALTER TABLE fetchmail
ADD PRIMARY KEY (id);
—
— Индексы таблицы forwardings
—
ALTER TABLE forwardings
ADD PRIMARY KEY (id),
ADD UNIQUE KEY address (address,forwarding),
ADD KEY domain (domain),
ADD KEY dest_domain (dest_domain),
ADD KEY is_maillist (is_maillist),
ADD KEY is_list (is_list),
ADD KEY is_alias (is_alias);
—
— Индексы таблицы log
—
ALTER TABLE log
ADD PRIMARY KEY (id),
ADD KEY timestamp (timestamp),
ADD KEY domain_timestamp (domain,timestamp);
—
— Индексы таблицы mailbox
—
ALTER TABLE mailbox
ADD PRIMARY KEY (username),
ADD KEY department (department),
ADD KEY employeeid (employeeid),
ADD KEY isadmin (isadmin),
ADD KEY isglobaladmin (isglobaladmin),
ADD KEY enablesmtp (enablesmtp),
ADD KEY enablesmtpsecured (enablesmtpsecured),
ADD KEY enablepop3 (enablepop3),
ADD KEY enablepop3secured (enablepop3secured),
ADD KEY enableimap (enableimap),
ADD KEY enableimapsecured (enableimapsecured),
ADD KEY enableimaptls (enableimaptls),
ADD KEY enablepop3tls (enablepop3tls),
ADD KEY enablesievetls (enablesievetls),
ADD KEY enabledeliver (enabledeliver),
ADD KEY enablelda (enablelda),
ADD KEY enablemanagesieve (enablemanagesieve),
ADD KEY enablemanagesievesecured (enablemanagesievesecured),
ADD KEY enablesieve (enablesieve),
ADD KEY enablesievesecured (enablesievesecured),
ADD KEY enablelmtp (enablelmtp),
ADD KEY enableinternal (enableinternal),
ADD KEY enabledoveadm (enabledoveadm),
ADD KEY enablelib-storage (enablelib-storage),
ADD KEY enableindexer-worker (enableindexer-worker),
ADD KEY enabledsync (enabledsync),
ADD KEY enablesogo (enablesogo),
ADD KEY passwordlastchange (passwordlastchange),
ADD KEY expired (expired),
ADD KEY active (active),
ADD KEY domain (domain);
—
— Индексы таблицы maillists
—
ALTER TABLE maillists
ADD PRIMARY KEY (id),
ADD UNIQUE KEY address (address),
ADD UNIQUE KEY mlid (mlid),
ADD KEY is_newsletter (is_newsletter),
ADD KEY domain (domain),
ADD KEY active (active);
—
— Индексы таблицы moderators
—
ALTER TABLE moderators
ADD PRIMARY KEY (id),
ADD UNIQUE KEY address (address,moderator),
ADD KEY domain (domain),
ADD KEY dest_domain (dest_domain);
—
— Индексы таблицы quota
—
ALTER TABLE quota
ADD PRIMARY KEY (username,path);
—
— Индексы таблицы quota2
—
ALTER TABLE quota2
ADD PRIMARY KEY (username);
—
— Индексы таблицы recipient_bcc_domain
—
ALTER TABLE recipient_bcc_domain
ADD PRIMARY KEY (domain),
ADD KEY bcc_address (bcc_address),
ADD KEY expired (expired),
ADD KEY active (active);
—
— Индексы таблицы recipient_bcc_user
—
ALTER TABLE recipient_bcc_user
ADD PRIMARY KEY (username),
ADD KEY bcc_address (bcc_address),
ADD KEY expired (expired),
ADD KEY active (active);
—
— Индексы таблицы sender_bcc_domain
—
ALTER TABLE sender_bcc_domain
ADD PRIMARY KEY (domain),
ADD KEY bcc_address (bcc_address),
ADD KEY expired (expired),
ADD KEY active (active);
—
— Индексы таблицы sender_bcc_user
—
ALTER TABLE sender_bcc_user
ADD PRIMARY KEY (username),
ADD KEY bcc_address (bcc_address),
ADD KEY domain (domain),
ADD KEY expired (expired),
ADD KEY active (active);
—
— Индексы таблицы sender_relayhost
—
ALTER TABLE sender_relayhost
ADD PRIMARY KEY (id),
ADD UNIQUE KEY account (account);
—
— Индексы таблицы share_folder
—
ALTER TABLE share_folder
ADD PRIMARY KEY (from_user,to_user),
ADD KEY from_user (from_user),
ADD KEY to_user (to_user);
—
— Индексы таблицы used_quota
—
ALTER TABLE used_quota
ADD PRIMARY KEY (username),
ADD KEY domain (domain);
—
— Индексы таблицы vacation
—
ALTER TABLE vacation
ADD PRIMARY KEY (email),
ADD KEY email (email);
—
— Индексы таблицы vacation_notification
—
ALTER TABLE vacation_notification
ADD PRIMARY KEY (on_vacation,notified);
—
— AUTO_INCREMENT для сохранённых таблиц
—
—
— AUTO_INCREMENT для таблицы config
—
ALTER TABLE config
MODIFY id int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=2;
—
— AUTO_INCREMENT для таблицы deleted_mailboxes
—
ALTER TABLE deleted_mailboxes
MODIFY id bigint(20) unsigned NOT NULL AUTO_INCREMENT;
—
— AUTO_INCREMENT для таблицы fetchmail
—
ALTER TABLE fetchmail
MODIFY id int(11) unsigned NOT NULL AUTO_INCREMENT;
—
— AUTO_INCREMENT для таблицы forwardings
—
ALTER TABLE forwardings
MODIFY id bigint(20) unsigned NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=2;
—
— AUTO_INCREMENT для таблицы log
—
ALTER TABLE log
MODIFY id int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=436;
—
— AUTO_INCREMENT для таблицы maillists
—
ALTER TABLE maillists
MODIFY id bigint(20) unsigned NOT NULL AUTO_INCREMENT;
—
— AUTO_INCREMENT для таблицы moderators
—
ALTER TABLE moderators
MODIFY id bigint(20) unsigned NOT NULL AUTO_INCREMENT;
—
— AUTO_INCREMENT для таблицы sender_relayhost
—
ALTER TABLE sender_relayhost
MODIFY id bigint(20) unsigned NOT NULL AUTO_INCREMENT;
—
— Ограничения внешнего ключа сохраненных таблиц
—
—
— Ограничения внешнего ключа таблицы vacation_notification
—
ALTER TABLE vacation_notification
ADD CONSTRAINT vacation_notification_pkey FOREIGN KEY (on_vacation) REFERENCES vacation (email) ON DELETE CASCADE;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
Настройка Postfix
Добавление в автозагрузку и запуск
|
1 2 3 4 |
sudo systemctl enable postfix sudo systemctl start postfix |
Файлы конфигурации Postfix
Весь набор файлов конфигураций, необходимых для подключения к MySQL и работы MTA в целом
main.cf
# ———————
# INSTALL-TIME CONFIGURATION INFORMATION
#
# location of the Postfix queue. Default is /var/spool/postfix.
queue_directory = /var/spool/postfix
# location of all postXXX commands. Default is /usr/sbin.
command_directory = /usr/sbin
# location of all Postfix daemon programs (i.e. programs listed in the
# master.cf file). This directory must be owned by root.
# Default is /usr/libexec/postfix
daemon_directory = /usr/libexec/postfix
# location of Postfix-writable data files (caches, random numbers).
# This directory must be owned by the mail_owner account (see below).
# Default is /var/lib/postfix.
data_directory = /var/lib/postfix
# owner of the Postfix queue and of most Postfix daemon processes.
# Specify the name of a user account THAT DOES NOT SHARE ITS USER OR GROUP ID
# WITH OTHER ACCOUNTS AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.
# In particular, don’t specify nobody or daemon. PLEASE USE A DEDICATED USER.
# Default is postfix.
mail_owner = postfix
# The following parameters are used when installing a new Postfix version.
#
# sendmail_path: The full pathname of the Postfix sendmail command.
# This is the Sendmail-compatible mail posting interface.
#
sendmail_path = /usr/sbin/sendmail.postfix
# newaliases_path: The full pathname of the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases.
#
newaliases_path = /usr/bin/newaliases.postfix
# full pathname of the Postfix mailq command. This is the Sendmail-compatible
# mail queue listing command.
mailq_path = /usr/bin/mailq.postfix
# group for mail submission and queue management commands.
# This must be a group name with a numerical group ID that is not shared with
# other accounts, not even with the Postfix account.
setgid_group = postdrop
# external command that is executed when a Postfix daemon program is run with
# the -D option.
#
# Use «command .. & sleep 5» so that the debugger can attach before
# the process marches on. If you use an X-based debugger, be sure to
# set up your XAUTHORITY environment variable before starting Postfix.
#
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
debug_peer_level = 2
# ———————
# CUSTOM SETTINGS
#
# SMTP server response code when recipient or domain not found.
unknown_local_recipient_reject_code = 550
# Do not notify local user.
biff = no
# Disable the rewriting of «site!user» into «user@site».
swap_bangpath = no
# Disable the rewriting of the form «user%domain» to «user@domain».
allow_percent_hack = no
# Allow recipient address start with ‘-‘.
allow_min_user = no
# Disable the SMTP VRFY command. This stops some techniques used to
# harvest email addresses.
disable_vrfy_command = yes
# Enable both IPv4 and/or IPv6: ipv4, ipv6, all.
inet_protocols = ipv4
# Enable all network interfaces.
inet_interfaces = all
#
# TLS settings.
#
# SSL key, certificate, CA
#
smtpd_tls_key_file = /etc/pki/tls/private/mail.kost.su.key
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.kost.su.crt
smtpd_tls_CAfile = /etc/pki/tls/certs/mail.kost.su.crt
smtpd_tls_CApath = /etc/pki/tls/certs
#
# Disable SSLv2, SSLv3
#
smtpd_tls_protocols = !SSLv2 !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_protocols = !SSLv2 !SSLv3
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
lmtp_tls_protocols = !SSLv2 !SSLv3
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3
#
# Fix ‘The Logjam Attack’.
#
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
smtpd_tls_dh512_param_file = /etc/pki/tls/dh512_param.pem
smtpd_tls_dh1024_param_file = /etc/pki/tls/dh2048_param.pem
tls_random_source = dev:/dev/urandom
# Log only a summary message on TLS handshake completion — no logging of client
# certificate trust-chain verification errors if client certificate
# verification is not required. With Postfix 2.8 and earlier, log the summary
# message, peer certificate summary information and unconditionally log
# trust-chain verification errors.
smtp_tls_loglevel = 1
smtpd_tls_loglevel = 1
# Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do
# not require that clients use TLS encryption.
smtpd_tls_security_level = may
# Produce Received: message headers that include information about the
# protocol and cipher used, as well as the remote SMTP client CommonName and
# client certificate issuer CommonName.
# This is disabled by default, as the information may be modified in transit
# through other mail servers. Only information that was recorded by the final
# destination can be trusted.
#smtpd_tls_received_header = yes
# Opportunistic TLS, used when Postfix sends email to remote SMTP server.
# Use TLS if this is supported by the remote SMTP server, otherwise use
# plaintext.
# References:
# — http://www.postfix.org/TLS_README.html#client_tls_may
# — http://www.postfix.org/postconf.5.html#smtp_tls_security_level
smtp_tls_security_level = may
# Use the same CA file as smtpd.
smtp_tls_CApath = /etc/pki/tls/certs
smtp_tls_CAfile = $smtpd_tls_CAfile
smtp_tls_note_starttls_offer = yes
# Enable long, non-repeating, queue IDs (queue file names).
# The benefit of non-repeating names is simpler logfile analysis and easier
# queue migration (there is no need to run «postsuper» to change queue file
# names that don’t match their message file inode number).
enable_long_queue_ids = yes
# Reject unlisted sender and recipient
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
# Header and body checks with PCRE table
header_checks = pcre:/etc/postfix/header_checks
body_checks = pcre:/etc/postfix/body_checks.pcre
# A mechanism to transform commands from remote SMTP clients.
# This is a last-resort tool to work around client commands that break
# interoperability with the Postfix SMTP server. Other uses involve fault
# injection to test Postfix’s handling of invalid commands.
# Requires Postfix-2.7+.
smtpd_command_filter = pcre:/etc/postfix/command_filter.pcre
# HELO restriction
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks
permit_sasl_authenticated
check_helo_access pcre:/etc/postfix/helo_access.pcre
reject_non_fqdn_helo_hostname
reject_unknown_helo_hostname
# Sender restrictions
smtpd_sender_restrictions =
reject_unknown_sender_domain
reject_non_fqdn_sender
reject_unlisted_sender
permit_mynetworks
permit_sasl_authenticated
check_sender_access pcre:/etc/postfix/sender_access.pcre
# Recipient restrictions
smtpd_recipient_restrictions =
reject_non_fqdn_recipient
reject_unlisted_recipient
#check_policy_service inet:127.0.0.1:7777
permit_mynetworks
permit_sasl_authenticated
r eject_unauth_destination
# END-OF-MESSAGE restrictions
smtpd_end_of_data_restrictions =
#check_policy_service inet:127.0.0.1:7777
# Data restrictions
smtpd_data_restrictions = reject_unauth_pipelining
# SRS (Sender Rewriting Scheme) support
#sender_canonical_maps = tcp:127.0.0.1:7778
#sender_canonical_classes = envelope_sender
#recipient_canonical_maps = tcp:127.0.0.1:7779
#recipient_canonical_classes= envelope_recipient,header_recipient
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps
# Avoid duplicate recipient messages. Default is ‘yes’.
enable_original_recipient = no
# Virtual support.
virtual_minimum_uid = 2000
virtual_uid_maps = static:2000
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/vmail
# Do not set virtual_alias_domains.
virtual_alias_domains =
#
# Enable SASL authentication on port 25 and force TLS-encrypted SASL authentication.
# WARNING: NOT RECOMMENDED to enable smtp auth on port 25, all end users should
# be forced to submit email through port 587 instead.
#
#smtpd_sasl_auth_enable = yes
#smtpd_sasl_security_options = noanonymous
#smtpd_tls_auth_only = yes
# hostname
myhostname = mail.kost.su
myorigin = mail.kost.su
mydomain = mail.kost.su
# trusted SMTP clients which are allowed to relay mail through Postfix.
#
# Note: additional IP addresses/networks listed in mynetworks should be listed
# in iRedAPD setting ‘MYNETWORKS’ (in /opt/iredapd/settings.py) too.
# for example:
#
# MYNETWORKS = [‘xx.xx.xx.xx’, ‘xx.xx.xx.0/24’, …]
#
mynetworks = 127.0.0.1 192.168.1.0/24
# Accepted local emails
mydestination = $myhostname, localhost, localhost.localdomain
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
# Default message_size_limit.
message_size_limit = 15728640
# The set of characters that can separate a user name from its extension
# (example: user+foo), or a .forward file name from its extension (example:
# .forward+foo).
# Postfix 2.11 and later supports multiple characters.
recipient_delimiter = +
# The time after which the sender receives a copy of the message headers of
# mail that is still queued. Default setting is disabled (0h) by Postfix.
#delay_warning_time = 1h
#
# Lookup virtual mail accounts
#
transport_maps =
proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf
proxy:mysql:/etc/postfix/mysql/transport_maps_maillist.cf
proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
sender_dependent_relayhost_maps =
proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf
# Lookup table with the SASL login names that own the sender (MAIL FROM) addresses.
smtpd_sender_login_maps =
proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
virtual_mailbox_domains =
proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
relay_domains =
$mydestination
proxy:mysql:/etc/postfix/mysql/relay_domains.cf
virtual_mailbox_maps =
proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_alias_maps =
proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf
proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf
proxy:mysql:/etc/postfix/mysql/catchall_maps.cf
proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
sender_bcc_maps =
proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf
proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
recipient_bcc_maps =
proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf
proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
#
# Postscreen
#
postscreen_greet_action = drop
postscreen_blacklist_action = drop
postscreen_dnsbl_action = drop
postscreen_dnsbl_threshold = 2
# Attention:
# — zen.spamhaus.org free tire has 3 limits
# (https://www.spamhaus.org/organization/dnsblusage/):
#
# 1) Your use of the Spamhaus DNSBLs is non-commercial*, and
# 2) Your email traffic is less than 100,000 SMTP connections per day, and
# 3) Your DNSBL query volume is less than 300,000 queries per day.
#
# — FAQ: «Your DNSBL blocks nothing at all!»
# https://www.spamhaus.org/faq/section/DNSBL%20Usage#261
#
# It’s strongly recommended to use a local DNS server for cache.
postscreen_dnsbl_sites =
zen.spamhaus.org=127.0.0.[2..11]*3
b.barracudacentral.org=127.0.0.2*2
postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply
postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr
# Require Postfix-2.11+
#postscreen_dnsbl_whitelist_threshold = -2
#
# Dovecot SASL support.
#
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
#
# mlmmj — mailing list manager
#
mlmmj_destination_recipient_limit = 1
#
# Amavisd + SpamAssassin + ClamAV
#
#content_filter = smtp-amavis:[127.0.0.1]:10024
# Concurrency per recipient limit.
smtp-amavis_destination_recipient_limit = 1
master.cf
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: «man 5 master»).
#
# Do not forget to execute «postfix reload» after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
#smtp inet n — — — — smtpd
smtp inet n — n — 1 postscreen
smtpd pass — — n — — smtpd
dnsblog unix — — n — 0 dnsblog
tlsproxy unix — — n — 0 tlsproxy
#submission inet n — n — — smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n — n — — smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n — n — — qmqpd
pickup unix n — n 60 1 pickup
cleanup unix n — n — 0 cleanup
qmgr unix n — n 300 1 qmgr
#qmgr unix n — n 300 1 oqmgr
tlsmgr unix — — n 1000? 1 tlsmgr
rewrite unix — — n — — trivial-rewrite
bounce unix — — n — 0 bounce
defer unix — — n — 0 bounce
trace unix — — n — 0 bounce
verify unix — — n — 1 verify
flush unix n — n 1000? 0 flush
proxymap unix — — n — — proxymap
proxywrite unix — — n — 1 proxymap
smtp unix — — n — — smtp
relay unix — — n — — smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n — n — — showq
error unix — — n — — error
retry unix — — n — — error
discard unix — — n — — discard
local unix — n n — — local
virtual unix — n n — — virtual
lmtp unix — — n — — lmtp
anvil unix — — n — 1 anvil
scache unix — — n — 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix — n n — — pipe
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing «lmtp» master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd=»lmtpd -a» listen=»localhost:lmtp» proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix — n n — — pipe
# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# Old example of delivery via Cyrus.
#
#old-cyrus unix — n n — — pipe
# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix — n n — — pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender — $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail unix — n n — — pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp unix — n n — — pipe
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix — n n — 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#
#mailman unix — n n — — pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
# Submission, port 587, force TLS connection.
submission inet n — n — — smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o content_filter=smtp-amavis:[127.0.0.1]:10026
# Use dovecot’s deliver program as LDA.
dovecot unix — n n — — pipe
flags=DRh user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${domain} -m ${extension}
catchall_maps.cf
hosts = 127.0.0.1:3306
user = vmail
password = PASSVMAILREAD
dbname = vmail
query = SELECT forwardings.forwarding FROM forwardings,domain WHERE forwardings.address=’%d’ AND ‘%u’ NOT LIKE ‘%%+%%’ AND forwardings.address=domain.domain AND forwardings.active=1 AND domain.active=1 AND domain.backupmx=0
domain_alias_catchall_maps.cf
hosts = 127.0.0.1:3306
user = vmail
password = PASSVMAILREAD
dbname = vmail
query = SELECT forwardings.forwarding FROM forwardings,alias_domain,domain WHERE alias_domain.alias_domain=’%d’ AND forwardings.address=alias_domain.target_domain AND alias_domain.target_domain=domain.domain AND forwardings.active=1 AND alias_domain.active=1
domain_alias_maps.cf
hosts = 127.0.0.1:3306
user = vmail
password = PASSVMAILREAD
dbname = vmail
query = SELECT forwardings.forwarding FROM forwardings,alias_domain,domain WHERE alias_domain.alias_domain=’%d’ AND forwardings.address=CONCAT(‘%u’, ‘@’, alias_domain.target_domain) AND alias_domain.target_domain=domain.domain AND forwardings.active=1 AND alias_domain.active=1 AND domain.backupmx=0
recipient_bcc_maps_domain.cf
hosts = 127.0.0.1:3306
user = vmail
password = PASSVMAILREAD
dbname = vmail
query = SELECT bcc_address FROM recipient_bcc_domain WHERE domain=’%d’ AND active=1
recipient_bcc_maps_user.cf
hosts = 127.0.0.1:3306
user = vmail
password = PASSVMAILREAD
dbname = vmail
query = SELECT recipient_bcc_user.bcc_address FROM recipient_bcc_user,domain WHERE recipient_bcc_user.username=’%s’ AND recipient_bcc_user.domain=’%d’ AND recipient_bcc_user.domain=domain.domain AND domain.backupmx=0 AND domain.active=1 AND recipient_bcc_user.active=1
relay_domains.cf
hosts = 127.0.0.1:3306
user = vmail
password = PASSVMAILREAD
dbname = vmail
query = (SELECT domain
FROM domain
WHERE domain=’%s’
AND backupmx=1
AND active=1
LIMIT 1)
UNION
(SELECT alias_domain.target_domain
FROM alias_domain, domain
WHERE alias_domain.alias_domain=’%s’
AND alias_domain.target_domain=domain.domain
AND domain.backupmx=1
AND domain.active=1
LIMIT 1)
sender_bcc_maps_domain.cf
hosts = 127.0.0.1:3306
user = vmail
password = PASSVMAILREAD
dbname = vmail
query = SELECT bcc_address FROM sender_bcc_domain WHERE domain=’%d’ AND active=1
sender_bcc_maps_user.cf
hosts = 127.0.0.1:3306
user = vmail
password = PASSVMAILREAD
dbname = vmail
query = SELECT sender_bcc_user.bcc_address FROM sender_bcc_user,domain WHERE sender_bcc_user.username=’%s’ AND sender_bcc_user.domain=’%d’ AND sender_bcc_user.domain=domain.domain AND domain.backupmx=0 AND domain.active=1 AND sender_bcc_user.active=1
sender_dependent_relayhost_maps.cf
hosts = 127.0.0.1:3306
user = vmail
password = PASSVMAILREAD
dbname = vmail
# ‘%s’ will be replaced by the envelope sender address or @domain.
query = SELECT relayhost FROM sender_relayhost WHERE account=’%s’ LIMIT 1
sender_login_maps.cf
hosts = 127.0.0.1:3306
user = vmail
password = PASSVMAILREAD
dbname = vmail
query = SELECT mailbox.username FROM mailbox,domain WHERE mailbox.username=’%s’ AND mailbox.domain=’%d’ AND mailbox.domain=domain.domain AND mailbox.enablesmtp=1 AND mailbox.active=1 AND domain.backupmx=0 AND domain.active=1
transport_maps_domain.cf
hosts = 127.0.0.1:3306
user = vmail
password = PASSVMAILREAD
dbname = vmail
query = SELECT transport FROM domain WHERE domain=’%s’ AND active=1
transport_maps_maillist.cf
hosts = 127.0.0.1:3306
user = vmail
password = PASSVMAILREAD
dbname = vmail
query = SELECT maillists.transport FROM maillists,domain WHERE maillists.address=’%s’ AND maillists.active=1 AND maillists.domain = domain.domain AND domain.active=1
transport_maps_user.cf
hosts = 127.0.0.1:3306
user = vmail
password = PASSVMAILREAD
dbname = vmail
query = SELECT mailbox.transport FROM mailbox,domain WHERE mailbox.username=’%s’ AND mailbox.domain=’%d’ AND mailbox.domain=domain.domain AND mailbox.transport<>» AND mailbox.active=1 AND mailbox.enabledeliver=1 AND domain.backupmx=0 AND domain.active=1
virtual_alias_maps.cf
hosts = 127.0.0.1:3306
user = vmail
password = PASSVMAILREAD
dbname = vmail
query = SELECT forwardings.forwarding FROM forwardings,domain WHERE forwardings.address=’%s’ AND forwardings.domain=domain.domain AND forwardings.active=1 AND domain.backupmx=0 AND domain.active=1
virtual_mailbox_domains.cf
hosts = 127.0.0.1:3306
user = vmail
password = PASSVMAILREAD
dbname = vmail
query = SELECT domain FROM domain WHERE domain=’%s’ AND backupmx=0 AND active=1 UNION SELECT alias_domain.alias_domain FROM alias_domain,domain WHERE alias_domain.alias_domain=’%s’ AND alias_domain.active=1 AND alias_domain.target_domain=domain.domain AND domain.active=1 AND domain.backupmx=0
virtual_mailbox_maps.cf
hosts = 127.0.0.1:3306
user = vmail
password = PASSVMAILREAD
dbname = vmail
query = SELECT CONCAT(mailbox.storagenode, ‘/’, mailbox.maildir, ‘/Maildir/’) FROM mailbox,domain WHERE mailbox.username=’%s’ AND mailbox.active=1 AND mailbox.enabledeliver=1 AND domain.domain = mailbox.domain AND domain.active=1
command_filter.pcre
# Work around clients that send RCPT TO:<'user@domain'> (Outlook 2003/2007).
# WARNING: do not lose the parameters that follow the address.
/^(RCPT\s+TO:\s*<)'([^[:space:]]+)'(>.*)/ $1$2$3
helo_access.pcre
# Sample Postfix check_helo_access rule. It should be located at:
# /etc/postfix/check_helo_access.pcre
#
# Prepend HELO hostname of sender server
#/(.*)/ PREPEND X-Original-Helo: $1 (KOST: https://www.kost.su/)
# No one will use these in helo command.
/^(localhost)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/^(localhost.localdomain)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(\.local)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
# Reject who use IP address as helo.
# Correct: [xxx.xxx.xxx.xxx]
# Incorrect: xxx.xxx.xxx.xxx
/^([0-9\.]+)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (${1})
#
# This is the real HELO identify of these ISPs:
# sohu.com websmtp.sohu.com relay2nd.mail.sohu.com
# 126.com m15-78.126.com
# 163.com m31-189.vip.163.com m13-49.163.com
# sina.com mail2-209.sinamail.sina.com.cn
# gmail.com xx-out-NNNN.google.com
/^(126\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
/^(163\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
/^(163\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
/^(sohu\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
/^(gmail\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
/^(google\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
/^(yahoo\.com\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
/^(yahoo\.co\.jp)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})
#
# Spammers.
#
/^(728154EA470B4AA\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(taj-co\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(CF8D3DB045C1455\.net)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(dsgsfdg\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(se\.nit7-ngbo\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(mail\.goo\.ne\.jp)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(n-ong_an\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(meqail\.teamefs-ine5tl\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(zzg\.jhf-sp\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(din_glo-ng\.net)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(fda-cnc\.ie\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(yrtaj-yrco\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(m\.am\.biz\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(xr_haig\.roup\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(hjn\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(we_blf\.com\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(netvigator\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(mysam\.biz)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(mail\.teams-intl\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(seningbo\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(nblf\.com\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(kdn\.ktguide\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(zzsp\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(nblongan\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(dpu\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(nbalton\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(cncie\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(xinhaigroup\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(wz\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/(\.zj\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/(\.kornet)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})
/^(dsldevice\.lan)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/^(system\.mail)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/^(speedtouch\.lan)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/^(dsldevice\.lan)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
#
# Reject adsl spammers.
#
# match word adsl with word boundary \b.
/(\badsl\b)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
# bypass «[IP_ADDRESS]»
/^\[(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\]$/ DUNNO
# bypass some HELOs which contains IP address
/^o\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}\.outbound-mail\.sendgrid\.net$/ DUNNO
# reject HELO which contains IP address
/(\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3})/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
/(\d{1,3}\.ip\.-\d{1,3}-\d{1,3}-\d{1,3}\.eu)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
/(pppoe)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
/(dsl\.brasiltelecom\.net\.br)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
/(dsl\.optinet\.hr)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
/(dsl\.telesp\.net\.br)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
/(dialup)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
/(dhcp)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
/(static-pool-[\d\.-]*\.flagman\.zp\.ua)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
/(speedy\.com\.ar)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
/(speedyterra\.com\.br)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
/(static\.sbb\.rs)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
/(static\.vsnl\.net\.in)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})
/(advance\.com\.ar)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(airtelbroadband\.in)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(bb\.netvision\.net\.il)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(broadband3\.iol\.cz)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(cable\.net\.co)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(catv\.broadband\.hu)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(chello\.nl)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(chello\.sk)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(client\.mchsi\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(comunitel\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(coprosys\.cz)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(dclient\.hispeed\.ch)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(dip0\.t-ipconnect\.de)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(domain\.invalid)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(dyn\.centurytel\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(embarqhsd\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(emcali\.net\.co)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(epm\.net\.co)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(fibertel\.com\.ar)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(freedom2surf\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(hgcbroadband\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(HINET-IP\.hinet\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(infonet\.by)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(is74\.ru)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(kievnet\.com\.ua)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(metrotel\.net\.co)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(nw\.nuvox\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(pldt\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(pool\.invitel\.hu)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(pool\.ukrtel\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(pools\.arcor-ip\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(pppoe\.avangarddsl\.ru)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(retail\.telecomitalia\.it)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(revip2\.asianet\.co\.th)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(tim\.ro)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(tsi\.tychy\.pl)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(ttnet\.net\.tr)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(tttmaxnet\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(user\.veloxzone\.com\.br)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(utk\.ru)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(veloxzone\.com\.br)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(virtua\.com\.br)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(wanamaroc\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(wbt\.ru)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(wireless\.iaw\.on\.ca)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(business\.telecomitalia\.it)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(cotas\.com\.bo)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(marunouchi\.tokyo\.ocn\.ne\.jp)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(amedex\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/(aageneva\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})
/^ylmf-pc/ REJECT ACCESS DENIED
/(\.*wideragents\.com)$/ REJECT ACCESS DENIED (${1})
/(\.*resumekeep\.net)$/ REJECT ACCESS DENIED (${1})
/(\.*terracedrink\.com)$/ REJECT ACCESS DENIED (${1})
/(\.*sincemessage\.com)$/ REJECT ACCESS DENIED (${1})
/(\.*ordertranquility\.com)$/ REJECT ACCESS DENIED (${1})
/(\.*terracedrink\.com)$/ REJECT ACCESS DENIED (${1})
postscreen_access.cidr
# Rules are evaluated in the order as specified.
#1.2.3.4 permit
#2.3.4.5 reject
# Permit local clients
127.0.0.0/8 permit
Настройка Dovecot
Добавление в автозагрузку и запуск
|
1 2 3 4 |
sudo systemctl enable dovecot sudo systemctl start dovecot |
Директория логов
|
1 2 3 |
mkdir /var/log/dovecot/ |
|
1 2 3 4 |
touch /var/log/dovecot/lmtp.log chown vmail:vmail /var/log/dovecot/lmtp.log |
Хранилище сообщений
|
1 2 3 4 |
mkdir /var/vmail/vmail1 chown vmail:vmail /var/vmail/vmail1 |
dovecot.conf
# More details about Dovecot settings:
# — http://wiki2.dovecot.org/
# — http://wiki2.dovecot.org/Variables
# Listen addresses.
# — ‘*’ means all available IPv4 addresses.
# — ‘[::]’ means all available IPv6 addresses.
# Listen on all available addresses by default
listen = *
#base_dir = /var/run/dovecot
mail_plugins = quota mailbox_alias acl mail_log notify stats
# Enabled mail protocols.
protocols = pop3 imap sieve lmtp
# User/group who owns the message files:
mail_uid = 2000
mail_gid = 2000
# Assign uid to virtual users.
first_valid_uid = 2000
last_valid_uid = 2000
# Logging. Reference: http://wiki2.dovecot.org/Logging
#
# Use syslog
# syslog_facility = local5
# Log file path if we use internal log system
log_path = /var/log/dovecot/dovecot.log
# Debug
#mail_debug = yes
#auth_verbose = yes
#auth_debug = yes
#auth_debug_passwords = yes
# Possible values: no, plain, sha1.
#auth_verbose_passwords = no
# SSL: Global settings.
# Refer to wiki site for per protocol, ip, server name SSL settings:
# http://wiki2.dovecot.org/SSL/DovecotConfiguration
ssl_protocols = !SSLv2 !SSLv3
ssl = required
verbose_ssl = no
#ssl_ca = </path/to/ca
ssl_cert = </etc/pki/tls/certs/mail.kost.su.crt
ssl_key = </etc/pki/tls/private/mail.kost.su.key
# Fix ‘The Logjam Attack’
ssl_cipher_list = ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5
ssl_prefer_server_ciphers = yes
# With disable_plaintext_auth=yes AND ssl=required, STARTTLS is mandatory.
# Set disable_plaintext_auth=no AND ssl=yes to allow plain password transmitted
# insecurely.
disable_plaintext_auth = yes
# Allow plain text password per IP address/net
remote 127.0.01 {
disable_plaintext_auth = no
ssl=yes
}
# Mail location and mailbox format.
mail_location = maildir:%Lh/Maildir/:INDEX=%Lh/Maildir/
# Authentication related settings.
# Append this domain name if client gives empty realm.
#auth_default_realm = norchem.ru
# Authentication mechanisms.
auth_mechanisms = PLAIN LOGIN
# Limits the number of users that can be logging in at the same time.
# Default is 100. This can be overridden by process_limit = in
# service [protocol] block.
# e.g.
# protocol imap-login {
# …
# process_limit = 500
# }
#default_process_limit = 100
# Mail delivery log format
deliver_log_format = from=%{from}, envelope_sender=%{from_envelope}, subject=%{subject}, msgid=%m, size=%{size}, %$
service auth {
unix_listener /var/spool/postfix/private/dovecot-auth {
user = postfix
group = postfix
mode = 0666
}
unix_listener auth-master {
user = vmail
group = vmail
mode = 0666
}
unix_listener auth-userdb {
user = vmail
group = vmail
mode = 0660
}
}
# LMTP server (Local Mail Transfer Protocol).
# Reference: http://wiki2.dovecot.org/LMTP
service lmtp {
user = vmail
# For higher volume sites, it may be desirable to increase the number of
# active listener processes. A range of 5 to 20 is probably good for most
# sites.
process_min_avail = 5
# Logging.
# Require ‘log_path =’ in ‘protocol lmtp {}’ block.
executable = lmtp -L
# Listening on socket file and TCP
unix_listener /var/spool/postfix/private/dovecot-lmtp {
user = postfix
group = postfix
mode = 0600
}
inet_listener lmtp {
# Listen on localhost (ipv4)
address = 127.0.0.1
port = 24
}
}
# Virtual mail accounts.
userdb {
args = /etc/dovecot/dovecot-mysql.conf
driver = sql
}
passdb {
args = /etc/dovecot/dovecot-mysql.conf
driver = sql
}
# Master user.
# Master users are able to log in as other users. It’s also possible to
# directly log in as any user using a master password, although this isn’t
# recommended.
# Reference: http://wiki2.dovecot.org/Authentication/MasterUsers
auth_master_user_separator = *
passdb {
driver = passwd-file
args = /etc/dovecot/dovecot-master-users
master = yes
}
plugin {
# Quota configuration.
# Reference: http://wiki2.dovecot.org/Quota/Configuration
quota = dict:user::proxy::quotadict
# Set default quota rule if no quota returned from SQL/LDAP query.
#quota_rule = *:storage=1G
#quota_rule2 = *:messages=0
#quota_rule3 = Trash:storage=1G
#quota_rule4 = Junk:ignore
# Quota warning.
#
# If user suddenly receives a huge mail and the quota jumps from
# 85% to 95%, only the 95% script is executed.
#
# Only the command for the first exceeded limit is executed, so configure
# the highest limit first.
quota_warning = storage=100%% quota-warning 100 %u
quota_warning2 = storage=95%% quota-warning 95 %u
quota_warning3 = storage=90%% quota-warning 90 %u
quota_warning4 = storage=85%% quota-warning 85 %u
# allow user to become max 10% (or 50 MB) over quota
quota_grace = 10%%
#quota_grace = 50 M
# Custom Quota Exceeded Message.
# You can specify the message directly or read the message from a file.
#quota_exceeded_message = Quota exceeded, please try again later.
#quota_exceeded_message = </path/to/quota_exceeded_message.txt
# Plugin: expire.
#expire = Trash 7 Trash/* 7 Junk 30
#expire_dict = proxy::expire
# ACL and share folder
acl = vfile
acl_shared_dict = proxy::acl
# By default Dovecot doesn’t allow using the IMAP «anyone» or
# «authenticated» identifier, because it would be an easy way to spam
# other users in the system. If you wish to allow it,
#acl_anyone = allow
# Pigeonhole managesieve service.
# Reference: http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration
# Per-user sieve settings.
sieve_dir = ~/sieve
sieve = ~/sieve/dovecot.sieve
# Global sieve settings.
sieve_global_dir = /var/vmail/sieve
# Note: if user has personal sieve script, global sieve rules defined in
# sieve_default will be ignored. Please use sieve_before or
# sieve_after instead.
#sieve_default =
sieve_before = /var/vmail/sieve/dovecot.sieve
#sieve_after =
# The maximum number of redirect actions that can be performed during a
# single script execution.
# The meaning of 0 differs based on your version. For pigeonhole-0.3.0 and
# beyond this means that redirect is prohibited. For older versions,
# however, this means that the number of redirects is unlimited.
sieve_max_redirects = 30
# Use recipient as vacation message sender instead of null sender (<>).
sieve_vacation_send_from_recipient = yes
# Reference: http://wiki2.dovecot.org/Plugins/MailboxAlias
mailbox_alias_old = Sent
mailbox_alias_new = Sent Messages
mailbox_alias_old2 = Sent
mailbox_alias_new2 = Sent Items
# Events to log. autoexpunge is included in expunge
# Defined in https://github.com/dovecot/core/blob/master/src/plugins/mail-log/mail-log-plugin.c
mail_log_events = delete undelete expunge mailbox_delete mailbox_rename
mail_log_fields = uid box msgid size from subject
# stats
#
# how often to session statistics (must be set)
stats_refresh = 30 secs
# track per-IMAP command statistics (optional)
stats_track_cmds = yes
#last_login_dict = redis:host=127.0.0.1:port=6379
#last_login_dict = mysql:/etc/dovecot/dovecot-lastlogin.conf
}
service stats {
fifo_listener stats-mail {
user = vmail
mode = 0644
}
inet_listener {
address = 127.0.0.1
port = 24242
}
}
service quota-warning {
executable = script /usr/local/bin/dovecot-quota-warning.sh
unix_listener quota-warning {
user = vmail
group = vmail
mode = 0660
}
}
service dict {
unix_listener dict {
mode = 0660
user = vmail
group = vmail
}
}
dict {
#expire = db:/var/lib/dovecot/expire/expire.db
quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf
acl = mysql:/etc/dovecot/dovecot-share-folder.conf
#last_login = mysql:/etc/dovecot/dovecot-lastlogin.conf
}
protocol lda {
# Reference: http://wiki2.dovecot.org/LDA
mail_plugins = $mail_plugins sieve
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
# Log file path if we use internal log system
log_path = /var/log/dovecot/sieve.log
}
protocol lmtp {
# Log file path if we use internal log system
log_path = /var/log/dovecot/lmtp.log
# Plugins
mail_plugins = quota sieve
# Address extension delivery
lmtp_save_to_detail_mailbox = yes
recipient_delimiter = +
}
protocol imap {
mail_plugins = $mail_plugins imap_quota imap_acl imap_stats last_login
imap_client_workarounds = tb-extra-mailbox-sep
# Maximum number of IMAP connections allowed for a user from each IP address.
# NOTE: The username is compared case-sensitively.
# Default is 10.
# Increase it to avoid issue like below:
# «Maximum number of concurrent IMAP connections exceeded»
mail_max_userip_connections = 30
}
protocol pop3 {
mail_plugins = $mail_plugins last_login
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_uidl_format = %08Xu%08Xv
# Maximum number of IMAP connections allowed for a user from each IP address.
# NOTE: The username is compared case-sensitively.
# Default is 10.
mail_max_userip_connections = 30
# POP3 logout format string:
# %i — total number of bytes read from client
# %o — total number of bytes sent to client
# %t — number of TOP commands
# %p — number of bytes sent to client as a result of TOP command
# %r — number of RETR commands
# %b — number of bytes sent to client as a result of RETR command
# %d — number of deleted messages
# %m — number of messages (before deletion)
# %s — mailbox size in bytes (before deletion)
# Default format doesn’t have ‘in=%i, out=%o’.
#pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s, in=%i, out=%o
}
# Login processes. Refer to Dovecot wiki for more details:
# http://wiki2.dovecot.org/LoginProcess
service imap-login {
#inet_listener imap {
# port = 143
#}
#inet_listener imaps {
# port = 993
# ssl = yes
#}
service_count = 1
# To avoid startup latency for new client connections, set process_min_avail
# to higher than zero. That many idling processes are always kept around
# waiting for new connections.
#process_min_avail = 0
# number of simultaneous IMAP connections
process_limit = 500
# vsz_limit should be fine at its default 64MB value
#vsz_limit = 64M
}
service pop3-login {
#inet_listener pop3 {
# port = 110
#}
#inet_listener pop3s {
# port = 995
# ssl = yes
#}
service_count = 1
# number of simultaneous POP3 connections
#process_limit = 500
}
service managesieve-login {
inet_listener sieve {
# Listen on localhost (ipv4)
# Заставим слушать на всех интерфейсах
##address = 127.0.0.1
port = 4190
}
}
namespace {
type = private
separator = /
prefix =
inbox = yes
# Refer to document for more details about alias mailbox:
# http://wiki2.dovecot.org/MailboxSettings
#
# Sent
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox «Sent Messages» {
auto = no
special_use = \Sent
}
mailbox «Sent Items» {
auto = no
special_use = \Sent
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
# Trash
mailbox Trash {
auto = subscribe
special_use = \Trash
}
mailbox «Deleted Messages» {
auto = no
special_use = \Trash
}
# Junk
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Spam {
auto = no
special_use = \Junk
}
mailbox «Junk E-mail» {
auto = no
special_use = \Junk
}
# Archive
mailbox Archive {
auto = no
special_use = \Archive
}
mailbox Archives {
auto = no
special_use = \Archive
}
}
namespace {
type = shared
separator = /
prefix = Shared/%%u/
location = maildir:%%Lh/Maildir/:INDEX=%%Lh/Maildir/Shared/%%Ld/%%Ln
# this namespace should handle its own subscriptions or not.
subscriptions = yes
list = children
}
# Public mailboxes.
# Refer to Dovecot wiki page for more details:
# http://wiki2.dovecot.org/SharedMailboxes/Public
#namespace {
# type = public
# separator = /
# prefix = Public/
# location = maildir:/var/vmail/public:CONTROL=%Lh/Maildir/public:INDEXPVT=%Lh/Maildir/public
#
# # Allow users to subscribe to the public folders.
# subscriptions = yes
#}
dovecot-mysql.conf
driver = mysql
#default_pass_scheme = CRYPT
default_pass_scheme = SHA512-CRYPT
connect = host=localhost port=3306 dbname=vmail user=vmail password=PASSVMAILREAD
# Required by doveadm tools which require to list all mail users.
iterate_query = SELECT username AS user FROM mailbox
password_query = SELECT mailbox.password, mailbox.allow_nets \
FROM mailbox,domain \
WHERE mailbox.username=’%u’ \
AND mailbox.enable%Ls%Lc=1 \
AND mailbox.active=1 \
AND mailbox.domain=domain.domain \
AND domain.backupmx=0 \
AND domain.active=1
user_query = SELECT \
LOWER(‘%u’) AS master_user, \
LOWER(CONCAT(mailbox.storagebasedirectory, ‘/’, mailbox.storagenode, ‘/’, mailbox.maildir)) AS home, \
#CONCAT(mailbox.mailboxformat, ‘:~/’, mailbox.mailboxfolder, ‘/’) AS mail, \
CONCAT(mailbox.storagebasedirectory, ‘/’, mailbox.storagenode, ‘/’, mailbox.maildir) AS home, \
CONCAT(‘*:bytes=’, mailbox.quota*1048576) AS quota_rule \
FROM mailbox,domain \
WHERE mailbox.username=’%u’ \
AND mailbox.enable%Ls%Lc=1 \
AND mailbox.active=1 \
AND mailbox.domain=domain.domain \
AND domain.backupmx=0 \
AND domain.active=1
connect = host=localhost port=3306 dbname=vmail user=vmail password=PASSVMAILREAD
map {
pattern = shared/shared-boxes/user/$to/$from
table = share_folder
value_field = dummy
fields {
from_user = $from
to_user = $to
}
}
# To share mailbox to anyone, please uncomment ‘acl_anyone = allow’ in
# dovecot.conf
map {
pattern = shared/shared-boxes/anyone/$from
table = anyone_shares
value_field = dummy
fields {
from_user = $from
}
}
dovecot-used-quota.conf
connect = host=localhost port=3306 dbname=vmail user=vmail password=PASSVMAILREAD
map {
pattern = priv/quota/storage
table = used_quota
username_field = username
value_field = bytes
}
map {
pattern = priv/quota/messages
table = used_quota
username_field = username
value_field = messages
}
Настройка WEB сервера Apache
Добавление в автозагрузку и запуск
|
1 2 3 4 |
sudo systemctl enable httpd sudo systemctl start httpd |
Настройка SSL
Настроим WEB сервер на использование само подписанного сертификата. Для этого вносим изменения в /etc/httpd/conf.d/ssl.conf
|
1 2 3 4 |
SSLCertificateKeyFile /etc/pki/tls/private/mail.kost.su.key SSLCertificateFile /etc/pki/tls/certs/mail.kost.su.crt |
Редирект со страницы по умолчанию
cat /var/www/html/index.html
|
1 2 3 4 5 6 7 |
<html> <head> <meta HTTP-EQUIV="REFRESH" content="0; url=/roundcubemail/"> </head> </html> |
Настройка временной зоны
Установим временную зону в файле /etc/php.ini и перезапустим WEB сервер
|
1 2 3 4 |
date.timezone = Europe/Moscow systemctl restart httpd |
Алиас для Postfixadmin
В файле добавим алиас /etc/httpd/conf.d/ssl.conf
|
1 2 3 |
Alias /postfixadmin "/var/www/html/postfixadmin/public" |
Настройка Postfixadmin
Скачиваем дистрибутив и распаковываем
|
1 2 3 4 5 6 7 |
wget https://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-3.2/postfixadmin-3.2.tar.gz mkdir /var/www/html/postfixadmin mv postfixadmin-3.2/* /var/www/html/postfixadmin mkdir /var/www/html/postfixadmin/templates_c chown -R apache:apache /var/www/html/postfixadmin/* |
Файл конфигурации /var/www/html/postfixadmin/config.inc.php
Разрешим настройку, установив параметр configured в значение true
|
1 2 3 |
$CONF['configured'] = true; |
Настроим доступ к базе данных, указав авторизационные данные
|
1 2 3 4 5 6 7 |
$CONF['database_type'] = 'mysqli'; $CONF['database_host'] = 'localhost'; $CONF['database_user'] = 'vmailadmin'; $CONF['database_password'] = 'PASSVMAILADMIN'; $CONF['database_name'] = 'vmail'; |
Важно указать транспорт — dovecot, иначе не будет работать плагин sieve
|
1 2 3 |
$CONF['transport_default'] = 'dovecot'; |
Если вы используете структуру, которая представлена на сайте, то авторизационные данные для входа в админку — kost@kost.su JLASqe2123
Настройка Roundcube
Скачивание и распаковка дистрибутива
|
1 2 3 4 5 6 7 8 |
wget https://github.com/roundcube/roundcubemail/releases/download/1.3.9/roundcubemail-1.3.9-complete.tar.gz mkdir /var/www/html/roundcubemail tar -xvf roundcubemail-1.3.9-complete.tar.gz vm roundcubemail-1.3.9/* /var/www/html/roundcubemail/ chown -R apache:apache /var/www/html/roundcubemail/ cp /var/www/html/roundcubemail/config/config.inc.php.sample /var/www/html/roundcubemail/config/config.inc.php |
WEB инсталлятор
Добавим параметр $config[‘enable_installer’] = true; в /var/www/html/roundcubemail/config/config.inc.php и переходим к WEB инсталлятору по адресу https://mail.kost.su/roundcubemail/installer/
Настройка подключения к базе данных
Настройка подключения к IMAP\POP3
Настройка подключения к MTA
Тестирование конфигурации
Если возникает ошибка
|
1 2 3 4 5 6 7 |
Check if directories are writable Roundcube may need to write/save files into these directories /var/www/html/roundcubemail/temp/: NOT OK(not writeable for the webserver) /var/www/html/roundcubemail/logs/: NOT OK(not writeable for the webserver) |
То скорее всего включен SELinux. Проверить можно командой sestatus и временно отключить setenforce 0
Загрузка...
Здравствуйте, не могли бы вы выложить дамп vmail.sql ? или дать конкретные команды для копипаста?)
1. mysql_secure_installation
2. mysql -p
3. create database vmail character set utf8 collate utf8_bin;
4. use vmail;
5. GRANT ALL PRIVILEGES ON vmail.* TO ‘vmail’@’localhost’ identified by ‘PASSVMAILREAD’;
6. GRANT ALL PRIVILEGES ON vmail.* TO ‘vmailadmin’@’localhost’ identified by ‘PASSVMAILADMIN’;
7. FLUSH PRIVILEGES;
8. Скачиваем дамп https://www.kost.su/wp-content/uploads/2019/08/vmail.txt
9. mysql -pPASSWORDMYSQL vmail < /home/kost/vmail.txt