Luthienstar Networks Wiki

User Tools

Site Tools

Trace:
setup:mx_v2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
setup:mx_v2 [2018/08/16 16:23] – created rootsetup:mx_v2 [2020/11/27 15:01] (current) – [MX Setup] root
Line 1: Line 1:
 ====== MX Setup ====== ====== MX Setup ======
 +
 + **Version aborted, look for v3**
  
 ===== Environment Setup ===== ===== Environment Setup =====
  
 +==== VMail folder ====
 +<code bash>
 +groupadd -g 5000 vmail
 +useradd -g vmail -u 5000 vmail -d /var/vmail -m
 +</code>
 +
 +==== SQL ====
 +<code sql>
 +USE mail;
 +
 +CREATE TABLE domains (
 +domain varchar(50) NOT NULL,
 +PRIMARY KEY (domain) )
 +ENGINE=MyISAM;
 +
 +CREATE TABLE forwardings (
 +source varchar(80) NOT NULL,
 +destination TEXT NOT NULL,
 +PRIMARY KEY (source) )
 +ENGINE=MyISAM;
 +
 +CREATE TABLE users (
 +email varchar(80) NOT NULL,
 +password varchar(20) NOT NULL,
 +quota INT(10) DEFAULT '10485760',
 +PRIMARY KEY (email)
 +) ENGINE=MyISAM;
 +
 +CREATE TABLE transport (
 +domain varchar(128) NOT NULL default '',
 +transport varchar(128) NOT NULL default '',
 +UNIQUE KEY domain (domain)
 +) ENGINE=MyISAM;
 +</code>
 +
 +
 +<code bash>
 +cat > /etc/postfix/mysql-virtual_alias.cf <<EOF
 +user = mail_admin
 +password = mail_admin_password
 +dbname = mail
 +query = SELECT destination FROM forwardings WHERE source='%s'
 +hosts = 127.0.0.1
 +EOF
 +
 +cat > /etc/postfix/mysql-virtual_domains.cf <<EOF
 +user = mail_admin
 +password = mail_admin_password
 +dbname = mail
 +query = SELECT domain AS virtual FROM domains WHERE domain='%s'
 +hosts = 127.0.0.1
 +EOF
 +
 +cat > /etc/postfix/mysql-virtual_forwardings.cf <<EOF
 +user = mail_admin
 +password = mail_admin_password
 +dbname = mail
 +query = SELECT destination FROM forwardings WHERE source='%s'
 +hosts = 127.0.0.1
 +EOF
 +
 +cat > /etc/postfix/mysql-virtual_mailboxes.cf <<EOF
 +user = mail_admin
 +password = mail_admin_password
 +dbname = mail
 +query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM users WHERE email='%s'
 +hosts = 127.0.0.1
 +EOF
 +
 +cat > /etc/postfix/mysql-virtual_email2email.cf <<EOF
 +user = mail_admin
 +password = mail_admin_password
 +dbname = mail
 +query = SELECT email FROM users WHERE email='%s'
 +hosts = 127.0.0.1
 +EOF
 +
 +cat > /etc/postfix/mysql-virtual_transports.cf <<EOF
 +user = mail_admin
 +password = mail_admin_password
 +dbname = mail
 +query = SELECT transport FROM transport WHERE domain='%s'
 +hosts = 127.0.0.1
 +EOF
 +
 +cat > /etc/postfix/mysql-virtual_mailbox_limit_maps.cf <<EOF
 +user = mail_admin
 +password = mail_admin_password
 +dbname = mail
 +query = SELECT quota FROM users WHERE email='%s'
 +hosts = 127.0.0.1
 +EOF
 +
 +chmod o= /etc/postfix/mysql-virtual_*.cf
 +chgrp postfix /etc/postfix/mysql-virtual_*.cf
 +</code>
 ===== Packages Install ===== ===== Packages Install =====
  
 +<code>
 +apt-get install postfix postfix-mysql dovecot-core dovecot-imapd dovecot-lmtpd dovecot-mysql
 +</code>
 +
 +FIXME
 +
 +<code>
 +# See /usr/share/postfix/main.cf.dist for a commented, more complete version
 +
 +smtpd_banner = $myhostname ESMTP $mail_name (Cray Linux Environment)
 +biff = no
 +
 +# appending .domain is the MUA's job.
 +append_dot_mydomain = no
 +
 +# Uncomment the next line to generate "delayed mail" warnings
 +#delay_warning_time = 4h
 +
 +readme_directory = no
 +
 +# Server TLS parameters
 +smtpd_tls_cert_file = /etc/dehydrated/certs/<hostname>/fullchain.pem
 +smtpd_tls_key_file = /etc/dehydrated/certs/<hostname>/privkey.pem
 +smtpd_use_tls = yes
 +smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 +smtpd_tls_dh1024_param_file = /etc/postfix/dh_3072.pem
 +
 +# Send TLS parameters
 +smtp_tls_cert_file = $smtpd_tls_cert_file
 +smtp_tls_key_file = $smtpd_tls_key_file
 +smtp_use_tls = $smtpd_use_tls
 +smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 +smtp_tls_security_level = may
 +
 +# Disable ssl compression (postfix >=2.11)
 +#tls_ssl_options = no_compression
 +
 +# Secure cipherlist setup
 +tls_preempt_cipherlist = yes
 +smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
 +smtpd_tls_protocols = $smtpd_tls_mandatory_protocols
 +smtp_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols
 +smtp_tls_protocols = $smtpd_tls_mandatory_protocols
 +
 +smtpd_tls_mandatory_ciphers = high
 +smtpd_tls_ciphers = $smtpd_tls_mandatory_ciphers
 +smtp_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers
 +smtp_tls_ciphers = $smtpd_tls_mandatory_ciphers
 +
 +smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5, aEDH, RC4, eNULL, DES, 3DES
 +smtpd_tls_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers
 +smtp_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers
 +smtp_tls_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers
 +
 +# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
 +# information on enabling SSL in the smtp client.
 +
 +myhostname = <hostname>
 +
 +alias_maps = hash:/etc/aliases
 +alias_database = hash:/etc/aliases
 +
 +myorigin = /etc/mailname
 +mydestination = arwen.luthienstar.fr, mx0.luthienstar.fr, localhost, localhost.localdomain
 +relayhost =
 +mynetworks = 127.0.0.0/8
 +mailbox_command = procmail -a "$EXTENSION"
 +mailbox_size_limit = 0
 +recipient_delimiter = +
 +inet_interfaces = all
 +inet_protocols = all
 +message_size_limit = 30720000
 +virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
 +virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
 +virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
 +virtual_mailbox_base = /home/vmail
 +virtual_uid_maps = static:5000
 +virtual_gid_maps = static:5000
 +
 +# Security
 +#mtpd_delay_reject = yes
 +#mtpd_helo_required = yes
 +#mtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit
 +
 +smtpd_sasl_auth_enable = yes
 +broken_sasl_auth_clients = yes
 +smtpd_sasl_authenticated_header = yes
 +smtpd_recipient_restrictions = reject_invalid_hostname, reject_unauth_pipelining, permit_sasl_authenticated, permit_mynetworks, check_sender_access hash:/etc/postfix/sender_acl, check_client_access hash:/etc/postfix/rbl_override, reject_unauth_destination
 +transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
 +proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
 +
 +#mime_header_checks = regexp:/etc/postfix/mime_header_checks
 +
 +milter_default_action = accept
 +milter_protocol = 6
 +milter_command_timeout = 60s
 +
 +smtpd_milters = unix:/var/run/spf-milter-python/spfmilter.sock unix:/var/run/opendkim/opendkim.sock unix:/var/run/opendmarc/opendmarc.sock unix:/var/run/spamass/spamass.sock
 +non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock
 +
 +virtual_transport = maildrop
 +maildrop_destination_recipient_limit = 1
 +
 +</code>
 ===== Dovecot-lda ===== ===== Dovecot-lda =====
  
 +FIXME Config Sieve
 +<code>
 +require "fileinto";
 +require "mailbox";
 +require "variables";
 +require "subaddress";
 +require "envelope";
 +
 +if header :contains "X-Spam-Flag" "YES" {
 + fileinto "INBOX/Junk";
 +}
  
 +if envelope :detail :matches "to" "*" {
 + set :lower :upperfirst "tag" "${1}";
 + if mailboxexists "INBOX/${1}" {
 + fileinto "INBOX/${1}";
 + } else {
 + fileinto :create "INBOX/${tag}";
 + }
 +}
 +</code>
  
 ===== SPF Milter ===== ===== SPF Milter =====
setup/mx_v2.1534429428.txt.gz · Last modified: 2018/08/16 16:23 by root
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki