Luthienstar Networks Wiki

User Tools

Site Tools

Trace:
setup:mx

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
setup:mx [2013/05/24 21:02] rootsetup:mx [2013/07/31 13:16] (current) – [MySQL] root
Line 6: Line 6:
  
 ==== MySQL ==== ==== MySQL ====
 +Create a database with a user with appropriate rights
 +
 +Then go into that database and execute this:
 +
 +<code>
 +CREATE TABLE IF NOT EXISTS `domains` (
 +  `domain` varchar(50) NOT NULL,
 +  PRIMARY KEY (`domain`)
 +) ENGINE=MyISAM DEFAULT CHARSET=latin1;
 +
 +CREATE TABLE IF NOT EXISTS `forwardings` (
 +  `source` varchar(80) NOT NULL,
 +  `destination` text NOT NULL,
 +  PRIMARY KEY (`source`)
 +) ENGINE=MyISAM DEFAULT CHARSET=latin1;
 +
 +CREATE TABLE IF NOT EXISTS `transport` (
 +  `domain` varchar(128) NOT NULL DEFAULT '',
 +  `transport` varchar(128) NOT NULL DEFAULT '',
 +  UNIQUE KEY `domain` (`domain`)
 +) ENGINE=MyISAM DEFAULT CHARSET=latin1;
 +
 +CREATE TABLE IF NOT EXISTS `users` (
 +  `email` varchar(80) NOT NULL,
 +  `password` varchar(20) NOT NULL,
 +  `quota` bigint(20) DEFAULT '10485760',
 +  PRIMARY KEY (`email`)
 +) ENGINE=MyISAM DEFAULT CHARSET=latin1;
 +</code>
 +
 +In the table **domains**, add each domain you want to manage on your server.
 +
 +In the table **forwardings**, add each email value pair that you want to redirect, no account is needed on the server.
 +
 +In the table **transport**, add transport directives for each domain you want to configure. For locally hosted domains, add **:** in the transport column.
 +
 +In the table **users**, add an entry for each managed user you want to give a mailbox. Quota is expressed in bytes, and don't forget to use the **ENCRYPT** function to store the user password.
  
 ==== Setup milters ==== ==== Setup milters ====
Line 29: Line 66:
 Restart the ''spf-milter-python'' service. Restart the ''spf-milter-python'' service.
  
-Add the milter socket in ''/etc/postfix/main.cf'' as described below:+Add the milter socket ''unix:/var/run/spf-milter-python/spfmilter.sock'' in **/etc/postfix/main.cf** (an example is given below):
 <code>smtpd_milters = unix:/var/run/spf-milter-python/spfmilter.sock</code> <code>smtpd_milters = unix:/var/run/spf-milter-python/spfmilter.sock</code>
 You must put this filter before opendmarc (DMARC validation won't be done if you don't do it), and you should put it before spamass-milter socket (SPF validation contributes to spam flagging). You must put this filter before opendmarc (DMARC validation won't be done if you don't do it), and you should put it before spamass-milter socket (SPF validation contributes to spam flagging).
  
 === DKIM (DomainKeys Identified Mail) === === DKIM (DomainKeys Identified Mail) ===
-//This part has been inspired by the following tutorial: [[http://blog.tjitjing.com/index.php/2012/03/guide-to-install-opendkim-for-multiple-domains-with-postfix-and-debian.html +//This part has been inspired by the following tutorial: [[http://blog.tjitjing.com/index.php/2012/03/guide-to-install-opendkim-for-multiple-domains-with-postfix-and-debian.html|
 Guide to Install OpenDKIM for multiple domains with Postfix and Debian]]// Guide to Install OpenDKIM for multiple domains with Postfix and Debian]]//
  
Line 72: Line 109:
 You will find the appropriate record in ''/etc/opendkim/keys/mydomain.com/default.txt''. You should secure your DNS zone with DNSSEC to enhance your immunity to DNS records spoofing. You will find the appropriate record in ''/etc/opendkim/keys/mydomain.com/default.txt''. You should secure your DNS zone with DNSSEC to enhance your immunity to DNS records spoofing.
 Start opendkim service and double-check that it is started at each reboot.q Start opendkim service and double-check that it is started at each reboot.q
 +
 +== Install the filter socket in postfix ==
 +Add the milter socket ''unix:/var/run/spf-milter-python/spfmilter.sock'' in **/etc/postfix/main.cf** (an example is given below) in both ''smtpd_milters'' and ''non_smtpd_milters'' section (e.g below):
 +<code>smtpd_milters = unix:/var/run/spf-milter-python/spfmilter.sock unix:/var/var/run/opendkim/opendkim.sock
 +non_smtpd_milters = unix:/var/var/run/opendkim/opendkim.sock</code>
 +You must put this filter before opendmarc (DMARC validation won't be done if you don't do it), and you should put it before spamass-milter socket (DKIM validation contributes to spam flagging).
  
 === DMARC (Domain-based Message Authentication, Reporting & Conformance) === === DMARC (Domain-based Message Authentication, Reporting & Conformance) ===
 +[[http://dmarc.org/|DMARC]] is a technical specification that enables you fight the spam more efficiently. It enables:
  
 +  * A security policy enforcement (quarantine or reject) when a DMARC-compliant server receives fraudulent email (detected using SPF policy violation or DKIM signature failure) from a DMARC enabled domain. 
 +  * Collecting feedback data. This is pretty useful to identify from where threats come from, and to set up a mitigation policy.
 +
 +The stable version of this module is in debian unstable repository. Enable the unstable repository (and pin it to avoid an upgrade to unstable).
 +<code>apt-get install -t unstable opendmarc</code>
 +
 +==== Sorting your messages with maildrop ====
 +Installing maildrop
 +<code>apt-get install maildrop
 +chmod +s /usr/bin/maildrop</code>
 +
 +''/etc/postfix/master.cf''
 +<code>maildrop  unix  -                               pipe
 +  flags=DRhu user=vmail argv=/usr/bin/maildrop
 +   -d ${user}@${domain} ${user} ${domain} ${extension} ${nexthop} ${sender}</code>
 +
 +''/etc/postfix/main.cf''
 +<code>virtual_transport = maildrop
 +maildrop_destination_recipient_limit = 1</code>
 +
 +''/etc/maildroprc''
 +<code># /etc/maildroprc - Global maildrop filtering rules
 +# Luthienstar Networks - 2013
 +#
 +
 +
 +####  Logging controls
 +#
 +logfile "/var/log/maildrop.log"
 +#log " Arguments: '$1' '$2' '$3' '$4' '$5' '$6' '$7'"
 +
 +
 +####  Environment variables definition
 +# ${user} ${domain} ${extension} ${nexthop} ${sender}
 +#
 +
 +SHELL="/bin/sh"
 +import EXT
 +import HOST
 +
 +MAILADDR="$1@$2"
 +USERNAME="$1"
 +DOMAIN="$2"
 +EXTENSION="$3"
 +NEXTHOP="$4"
 +SENDER="$5"
 +
 +####  Environment setup
 +#
 +MAILROOT="/home/vmail"
 +DEFAULT="$MAILROOT/$DOMAIN/$USERNAME"
 +maildirmake=/usr/bin/maildirmake
 +mkdir=/bin/mkdir
 +rmdir=/bin/rmdir
 +
 +####  Create the base directories if a user has none
 +#
 +`test -e $DEFAULT`
 +if ($RETURNCODE != 0)
 +{
 + `$mkdir -p $DEFAULT`
 + `$rmdir $DEFAULT`
 + `$maildirmake $DEFAULT`
 + `touch $DEFAULT/courierimapsubscribed`
 + `$maildirmake "$DEFAULT/.Drafts"`
 + `$maildirmake "$DEFAULT/.Junk"`
 + `$maildirmake "$DEFAULT/.Sent"`
 + `$maildirmake "$DEFAULT/.Trash"`
 + `echo INBOX.Drafts >> $DEFAULT/courierimapsubscribed`
 + `echo INBOX.Junk >> $DEFAULT/courierimapsubscribed`
 + `echo INBOX.Sent >> $DEFAULT/courierimapsubscribed`
 + `echo INBOX.Trash >> $DEFAULT/courierimapsubscribed`
 +}
 +
 +
 +####  Filtering rules
 +#
 +
 +# Mail is a spam
 +if( /^X-Spam-Status: Yes/)
 +{
 +    to "$DEFAULT/.Junk/"
 +}
 +
 +# Attempt extension filtering
 +if( $EXTENSION =~ /^.+/ )
 +{
 +    if( $EXTENSION =~ /\.\./)
 +    {
 +        log "'..' pattern is forbidden for obvious reasons."
 +    }
 +    else
 +    {
 +        `test -d $DEFAULT/.$EXTENSION`
 +        if( $RETURNCODE == 0 )
 +        {
 +            to "$DEFAULT/.$EXTENSION/"
 +        }
 +    }
 +}
 +
 +# Default storage
 +to "$DEFAULT/"
 +
 +</code>
 ===== Emergency Postfix Setup ===== ===== Emergency Postfix Setup =====
 +
 +
setup/mx.1369422144.txt.gz · Last modified: 2013/05/24 21:02 by root
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki