|
S E Ç Õ E S |
|
|
B U S C A |
|
|
|
D E S T A Q U E |
|
|
 |
|
|
|
|
|
|
|
E N Q U E T E |
|
|
- 2001
Todos os direitos reservados
|
|
|
H O W T O
|
|
|
|
|
03/10/05 11:38 - Instalando Postfix +MySQL+Postfixadmin +SPF+smtp-autenticado+amavisd-new+clamav+squirrelmail
Márcio Luciano Donada
Instalando MySQL
# cd /usr/ports/database/mysql40-server
# make install clean clean-depends
# ee /etc/rc.conf
mysql_enable="YES"
Utilize o mysqladmin (http://dev.mysql.com/doc/mysql/en/mysqladmin.html) para dar
uma senha ao seu usuário root, administrador do MySQL
# mysqladmin -u root password sua_senha_aqui
Instalando o courier-imap (Selecione, no menu que irá aparecer os itens
OpenSSL, TRASHQUOTA, AUTH_MYSQL)
# cd /usr/ports/mail/courier-imap
# make install clean clean-depends
Instalando apache2
# cd /usr/ports/www/apache2
# make install clean clean-depends
Instalando o PHP4 (selecione MySQL, além das que já vem por default no
ports)
# cd /usr/ports/lang/php4-extencions/
# make install clean clean-depends
# cd /usr/local/etc/
# mv php.ini-recomended php.ini
Instalando o postfixadmin
# cd /usr/ports/mail/postfixadmin
# make install clean clean-depends
# cd /usr/local/etc/apache2
# ee httpd.conf
#PHP
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
Alias /postfixadmin/ "/usr/local/www/postfixadmin/"
Options Indexes
AllowOverride AuthConfig
-- fim do httpd.conf --
# htpasswd /usr/local/www/postfixadmin/admin/.htpasswd admin
New password:
Re-type new password:
Adding password for user admin
# apachectl start
# cd /etc
# ee rc.conf
apache2_enable="YES"
# ee /usr/local/www/postfixadmin/config.inc.php
$CONF['default_language'] = 'pt-BR';
$CONF['database_type'] = 'mysql';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfixadmin';
$CONF['database_password'] = 'PasswordPostfixadmin';
$CONF['database_name'] = 'postfix';
$CONF['admin_email'] = 'postmaster@slchapeco.org';
$CONF['smtp_server'] = "localhost";
$CONF['smtp_port'] = "25";
$CONF['encrypt'] = 'md5crypt';
$CONF['generate_password'] = 'NO';
$CONF['page_size'] = '10';
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';
$CONF['aliases'] = '10';
$CONF['mailboxes'] = '10';
$CONF['maxquota'] = '10';
$CONF['quota'] = 'YES';
$CONF['quota_multiplier'] = '102400';
$CONF['vacation'] = 'NO';
$CONF['alias_control'] = 'NO';
$CONF['logging'] = 'YES';
$CONF['logo'] = 'YES';
$CONF['header_text'] = ':: Welcome to Postfix Admin ::';
$CONF['show_footer_text'] = 'YES';
$CONF['footer_text'] = 'Retornar ao postfixadmin';
$CONF['footer_link'] = 'http://www.slchapeco.org/postfixadmin/';
Próximo passo é realizarmos alterações na configuração do database do postfixadmin
# ee /tmp/postfixadmin.sql
# Postfix / MySQL
#
USE mysql;
#
INSERT INTO user (Host, User, Password) VALUES ('localhost','postfix',password('PasswordPostix'));
INSERT INTO db (Host, Db, User, Select_priv) VALUES ('localhost','postfix','postfix','Y');
# Postfix Admin user & password
INSERT INTO user (Host, User, Password) VALUES ('localhost','postfixadmin',password('PasswordPostfixadmin'));
INSERT INTO db (Host, Db, User, Select_priv, Insert_priv, Update_priv, Delete_priv) VALUES ('localhost', 'postfix', 'postfixadmin', 'Y', 'Y', 'Y', 'Y');
FLUSH PRIVILEGES;
GRANT USAGE ON postfix.* TO postfix@localhost;
GRANT SELECT, INSERT, DELETE, UPDATE ON postfix.* TO postfix@localhost;
GRANT USAGE ON postfix.* TO postfixadmin@localhost;
GRANT SELECT, INSERT, DELETE, UPDATE ON postfix.* TO postfixadmin@localhost;
CREATE DATABASE postfix;
USE postfix;
#
#
CREATE TABLE admin (
username varchar(255) NOT NULL default '',
password varchar(255) NOT NULL default '',
created datetime NOT NULL default '0000-00-00 00:00:00',
modified datetime NOT NULL default '0000-00-00 00:00:00',
active tinyint(1) NOT NULL default '1',
PRIMARY KEY (username),
KEY username (username)
) TYPE=MyISAM COMMENT='Postfix Admin - Virtual Admins';
#
#
CREATE TABLE alias (
address varchar(255) NOT NULL default '',
goto text NOT NULL,
domain varchar(255) NOT NULL default '',
created datetime NOT NULL default '0000-00-00 00:00:00',
modified datetime NOT NULL default '0000-00-00 00:00:00',
active tinyint(1) NOT NULL default '1',
PRIMARY KEY (address),
KEY address (address)
) TYPE=MyISAM COMMENT='Postfix Admin - Virtual Aliases';
#
#
CREATE TABLE domain (
domain varchar(255) NOT NULL default '',
description varchar(255) NOT NULL default '',
aliases int(10) NOT NULL default '-1',
mailboxes int(10) NOT NULL default '-1',
maxquota int(10) NOT NULL default '-1',
transport varchar(255) default 'virtual',
backupmx tinyint(1) NOT NULL default '0',
created datetime NOT NULL default '0000-00-00 00:00:00',
modified datetime NOT NULL default '0000-00-00 00:00:00',
active tinyint(1) NOT NULL default '1',
PRIMARY KEY (domain),
KEY domain (domain)
) TYPE=MyISAM COMMENT='Postfix Admin - Virtual Domains';
#
#
CREATE TABLE domain_admins (
username varchar(255) NOT NULL default '',
domain varchar(255) NOT NULL default '',
created datetime NOT NULL default '0000-00-00 00:00:00',
active tinyint(1) NOT NULL default '1',
KEY username (username)
) TYPE=MyISAM COMMENT='Postfix Admin - Domain Admins';
#
#
CREATE TABLE log (
timestamp datetime NOT NULL default '0000-00-00 00:00:00',
username varchar(255) NOT NULL default '',
domain varchar(255) NOT NULL default '',
action varchar(255) NOT NULL default '',
data varchar(255) NOT NULL default '',
KEY timestamp (timestamp)
) TYPE=MyISAM COMMENT='Postfix Admin - Log';
#
#
CREATE TABLE mailbox (
username varchar(255) NOT NULL default '',
password varchar(255) NOT NULL default '',
name varchar(255) NOT NULL default '',
home char(255) default '/home',
maildir varchar(255) NOT NULL default '',
quota int(10) NOT NULL default '-1',
domain varchar(255) NOT NULL default '',
created datetime NOT NULL default '0000-00-00 00:00:00',
modified datetime NOT NULL default '0000-00-00 00:00:00',
active tinyint(1) NOT NULL default '1',
uid int(10) unsigned default '125',
gid int(10) unsigned default '6',
PRIMARY KEY (username),
KEY username (username)
) TYPE=MyISAM COMMENT='Postfix Admin - Virtual Mailboxes';#
#
#
CREATE TABLE vacation (
email varchar(255) NOT NULL default '',
subject varchar(255) NOT NULL default '',
body text NOT NULL,
cache text NOT NULL,
domain varchar(255) NOT NULL default '',
created datetime NOT NULL default '0000-00-00 00:00:00',
active tinyint(1) NOT NULL default '1',
PRIMARY KEY (email),
KEY email (email)
) TYPE=MyISAM COMMENT='Postfix Admin - Virtual Vacation';
-- salve o arquivo --
# mysql -u root -p postfix < postfixadmin.sql
enter password:
Instalando o Postfix (selecione no menu os itens SASL2, SPF, TLS, MySQL, VDA)
# cd /usr/ports/mail/postfix
# make install clean clean-depends
Instalando o SPF
# cd /usr/ports/mail/postfix-policyd-spf
# make install clean clean-depends
Configurando o postfix
# cd /usr/local/etc/postfix
# mkdir ssl
# cd ssl
# openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650
# ee main.cf
myhostname = mx1.slchapeco.org
mydomain = slchapeco.org
myorigin = $myhostname
mydestination = $myhostname, localhost.$mydomain, localhost mail.$mydomain inet_interfaces = all
strict_rfc821_envelopes = yes
# Security Options
disable_vrfy_command = yes
smtpd_etrn_restrictions = permit_mynetworks, reject
smtpd_helo_required = yes
spf_explanation = "%{h} [%{i}] is not allowed to send mail for %{s}"
# SASL Configuration
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_application_name = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated
reject_unauth_destination
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unknown_sender_domain
reject_unknown_recipient_domain
reject_invalid_hostname
reject_non_fqdn_hostname
reject_spf_invalid_sender
reject_rbl_client bl.spamcop.net
reject_rbl_client sbl-xbl.spamhaus.org
reject_rbl_client relays.ordb.org
reject_rbl_client opm.blitzed.org
reject_rbl_client list.dsbl.org
reject_rbl_client sbl.spamhaus.org
reject_rbl_client cbl.abuseat.org
reject_rbl_client dul.dnsbl.sorbs.net
reject_rbl_client rbl.brasilrbl.com.br
reject_rhsbl_client rhsbl.brasilrbl.com.br,
reject_unknown_sender_domain,
reject_unauth_destination,
#SPF
check_policy_service unix:private/policy,
permit
home_mailbox = Maildir/
virtual_alias_maps = mysql:/usr/local/etc/postfix/cnf/virtual_alias_maps.cnf
virtual_mailbox_base = /home
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/cnf/virtual_mailbox_maps.cnf
virtual_uid_maps = mysql:/usr/local/etc/postfix/cnf/virtual_uid_maps.cnf
virtual_gid_maps = mysql:/usr/local/etc/postfix/cnf/virtual_gid_maps.cnf
transport_maps = mysql:/usr/local/etc/postfix/cnf/transport_maps.cnf
local_transport = virtual
local_recipient_maps = $virtual_mailbox_maps
virtual_mailbox_limit_inbox = no
virtual_mailbox_limit_maps= mysql:/usr/local/etc/postfix/cnf/virtual_mailbox_limit_maps.cnf
virtual_mailbox_limit_override = yes
virtual_maildir_extended = yes
virtual_create_maildirsize = yes
# 10Mb
virtual_mailbox_limit = 100000000
virtual_maildir_limit_message = Aviso de Quota Excedida!
virtual_overquota_bounce = yes
# TLS
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /usr/local/etc/postfix/ssl/smtpd.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/ssl/smtpd.pem
smtpd_tls_CAfile = /usr/local/etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
# Content Filter interagindo com o Amavis via SMTP
content_filter = smtp-amavis:[127.0.0.1]:10024
-- fim main.cf --
# ee master.cf
#SPF
policy unix - n n - - spawn
user=nobody argv=/usr/local/sbin/postfix-policyd-spf
#anti-virus
## Interface for amavisd virus scanner
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
#mkdir cnf
#cd cnf
#cat transport_maps.cnf
user = root
password = teste
dbname = postfix
table = domain
select_field = transport
where_field = domain
hosts = localhost
# cat virtual_alias_maps.cnf
user = root
password= teste
dbname = postfix
table = alias
select_field = goto
where_field = address
hosts = localhost
# cat virtual_gid_maps.cnf
user = root
password = teste
dbname = postfix
table = mailbox
select_field = gid
where_field = username
hosts = localhost
# cat virtual_mailbox_limit_maps.cnf
user = root
password = teste
dbname = postfix
table = mailbox
select_field = quota
where_field = username
hosts = localhost
# cat virtual_mailbox_maps.cnf
user = root
password= teste
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
hosts = localhost
# cat virtual_uid_maps.cnf
user = postfix
password = postfix
dbname = postfix
table = mailbox
select_field = uid
where_field = username
hosts = localhost
# cd /etc
# ee rc.conf
sendmail_enable="YES"
sendmail_flags="-bd"
sendmail_pidfile="/var/spool/postfix/pid/master.pid"
sendmail_outbound_enable="NO"
sendmail_submit_enable="NO"
sendmail_msp_queue_enable="NO"
Retornando ao Courier-imap
# cd /usr/local/etc/courier-imap
# ls | awk '{system("cat " $0 " > `echo " $0 "|sed s/.dist//`")}'
# ee imapd.conf
RANDFILE = /usr/local/share/courier-imap/imapd.rand
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
C=BR
ST=SC
L=Chapeco
O=Courier Mail Server
OU=Automatically-generated IMAP SSL key
CN=localhost
emailAddress=postmaster@slchapeco.org
[ cert_type ]
nsCertType = server
-- fim arquivo --
# ee pop3d.cnf
RANDFILE = /usr/local/share/courier-imap/pop3d.rand
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
C=BR
ST=SC
L=Chapeco
O=Courier Mail Server
OU=Automatically-generated POP3 SSL key
CN=localhost
emailAddress=postmaster@slchapeco.org
[ cert_type ]
nsCertType = server
Gerando os certificados
# /usr/local/share/courier-imap/mkpop3cert
# /usr/local/share/courier-imap/mkimapdcert
Configuração da autenticação dos usuários na base de dados - MySQL
# cd /usr/local/etc/authlib/authmysqlrc
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD uid
MYSQL_GID_FIELD gid
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD home
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD maildir
MYSQL_QUOTA_FIELD quota
MYSQL_WHERE_CLAUSE active=1
-- fim arquivo --
Iniciando os serviços
#sh /usr/local/libexec/courier-imap/imapd.rc start
#sh /usr/local/libexec/courier-imap/pop3d.rc start
Iniciando os serviços com suporte SSL
#sh /usr/local/libexec/courier-imap/imapd-ssl.rc start
#sh /usr/local/libexec/courier-imap/pop3d-ssl.rc start
#sockstat -4
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root couriertcp 18514 6 tcp4 *:993 *:*
root couriertcp 18501 6 tcp4 *:995 *:*
# cd /etc
# ee rc.conf
courier_authdaemond_enable="YES"
courier_imap_imapd_enable="YES"
courier_imap_pop3d_enable="YES"
courier_imap_imapd_ssl_enable="YES"
courier_imap_pop3d_ssl_enable="YES"
Instalando o cyrus-sasl2
# cd /usr/ports/security/cyrrus-sasl2
# fetch http://www.viperstrike.com/~lopaka/sysadmin/cyrus-sasl-mysql-encrypt/software-sources/patch
# mv patch files/patch-lib::chkpw.c
# make -DWITH_MYSQL -DWITH_DEV_URANDOM -DWITHOUT_OTP -DWITHOUT_CRAM
-DWITHOUT_DIGEST -DWITHOUT_NTLM install clean
# ee /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: auxprop
mech_list: plain login
sql_engine: mysql
auxprop_plugin: sql
srp_mda: md5
password_format: crypt
sql_hostnames: localhost
sql_user: postfix
sql_passwd: PasswordPostfix
sql_database: postfix
sql_select: select password from mailbox where username = '%u@%r'
Já incluimos as configurações do amavisd-new no postfix, mas devemos instalar ele
juntamente com o clamav
Instalando o clamav
# cd /usr/ports/security/clamav
# make install clean clean-depends
# cd /usr/local/etc
# ee clamav.conf
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 2M
DatabaseDirectory /usr/local/share/clamav
LocalSocket /var/amavis/clamd
FixStaleSocket
MaxDirectoryRecursion 15
User clamav
AllowSupplementaryGroups
ScanMail
# ee freshclam.conf
DatabaseDirectory /usr/local/share/clamav
UpdateLogFile /var/log/freshclam.log
LogVerbose
DatabaseOwner clamav
DatabaseMirror database.clamav.net
MaxAttempts 3
Checks 12
# mkdir /var/amavis/
# chown -R clamav:clamav /var/amavis
# chmod 750 /var/amavis
# mkdir /var/log/clamav
# touch /var/log/clamav/freshclam.log
# chown clamav:clamav /var/log/clamav/freshclam.log
# chmod 600 /var/log/clamav/freshclam.log
# touch /var/log/clamav/clamd.log
# chown clamav:clamav /var/log/clamav/clamd.log
# chmod 600 /var/log/clamav/clamd.log
Instalando o amavisd-new
# cd /usr/ports/security/amavisd-new
# make install clean clean-depends
# cd /usr/local/etc
# ee amavisd.conf
use strict;
# Section I - Essential daemon and MTA settings
# Katalog domowy AMaViS'a:
$MYHOME = '/var/amavis';
# Domena Twojego serwera:
$mydomain = 'slchapeco.org';
$daemon_user = 'clamav';
$daemon_group = 'clamav';
@local_domains_acl = ( ".$mydomain", '.slchapeco.org' );
# Section II - MTA specific (defaults should be ok)
$unix_socketname = "$MYHOME/amavisd.sock";
$inet_socket_port = 10024;
@inet_acl = qw( 127.0.0.1 );
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_BOUNCE;
$final_spam_destiny = D_REJECT;
$final_bad_header_destiny = D_PASS;
@av_scanners = (
['Clam Antivirus-clamd',
&ask_daemon, ["CONTSCAN {}n", '/var/amavis/clamd'],
qr/bOK$/, qr/bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);
# cd /etc
# ee rc.conf
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
amavisd_enable="YES"
Instalando o Squirrelmail
# cd /usr/ports/mail/squirrelmail/
# make install clean clean-depends
# echo "Alias /webmail/ "/usr/local/www/squirrelmail/"" >> /usr/local/etc/apache2/httpd.conf
# apachectl restart
# cd /usr/local/www/squirrelmail/config
# cat config.php
Você pode utilizar o conf.pl para realizar a configuração do squirrelmail. Você pode
utilizar plugins que estão disponíveis no www.squirrelmail.org/plugins
Abaixo, o cabeçalho de uma mensagem utilizando o servidor que acabamos de
configurar:
Return-Path:
X-Original-To: marcio@slchapeco.org
Delivered-To: marcio@slchapeco.org
Received: from localhost (localhost.slchapeco.org [127.0.0.1])
by mx1.slchapeco.org (Postfix) with ESMTP id A6ABA2E
for ; Sun, 25 Sep 2005 23:46:10 -0300 (BRT)
Received: from mx1.slchapeco.org ([127.0.0.1])
by localhost (mx1.slchapeco.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 28156-02 for ;
Sun, 25 Sep 2005 23:45:58 -0300 (BRT)
Received: from emperor (unknown [10.1.1.173])
by mx1.slchapeco.org (Postfix) with SMTP id BDEA02B
for ; Sun, 25 Sep 2005 23:45:57 -0300 (BRT)
Message-ID: <000501c5c244$81355d50$ad01010a@emperor>
Reply-To: =?iso-8859-1?Q?M=E1rcio?=
From: =?iso-8859-1?Q?M=E1rcio?=
To:
Subject: teste
Date: Sun, 25 Sep 2005 23:46:32 -0300
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1506
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506
X-Virus-Scanned: amavisd-new at slchapeco.org
Qualquer dúvida entre em contato.
Márcio Luciano Donada
Márcio Luciano Donada
|
|
