Vďaka proprietárnemu formátu mailboxov cyrusu, nemusí toto riešenie vyhovovať každému. Rád by som preto popísal konfiguráciu riešenia uvedeného v nadpise tohto článku. MTA postfix je s podporou TLS/SASL.
Uvediem celú konfiguráciu iba MTA postfix v /etc/postfix/main.cf. Ostatné konfiguračné súbory sú zo štandardnej inštalácie a popíšem iba zmeny v nich.
/etc/postfix/main.cf:
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
# appending .domain is the MUA’s job.
append_dot_mydomain = no
# Uncomment the next line to generate “delayed mail” warnings
#delay_warning_time = 4h
myhostname = mail.domena.sk
mydomain = domena.sk
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = domena.sk, mail.domena.sk
relayhost =
relay_domains =
mynetworks = 127.0.0.0/8, 123.123.123.123/32
content_filter = smtp:127.0.0.1:10024
mailbox_command = procmail -a “$EXTENSION”
home_mailbox = Maildir/
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_alias_domains = virtual1.domena.sk, virtual2.domena.sk
virtual_alias_maps = hash:/etc/postfix/virtual
header_checks=pcre:/etc/postfix/header_checks
body_checks=regexp:/etc/postfix/body_checks
smtp_connect_timeout=0
smtp_helo_timeout=300
smtp_mail_timeout=300
smtp_rcpt_timeout=300
smtp_data_init_timeout=120
smtp_data_xfer_timeout=180
smtp_data_done_timeout=600
smtp_quit_timeout=300
daemon_timeout=18000
ipc_idle=100
ipc_timeout=3600
max_idle=100
trigger_timeout=10
delay_warning_time=0
maps_rbl_domains=opm.blitzed.org,list.dsbl.org,sbl.spamhaus.org,cbl.abuseat.org,dul.dnsbl.sorbs.net
smtpd_helo_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_rbl_client opm.blitzed.org,reject_rbl_client list.dsbl.org,reject_rbl_client sbl.spamhaus.org,reject_rbl_client cbl.abuseat.org,reject_rbl_client dul.dnsbl.sorbs.net
smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_rbl_client opm.blitzed.org,reject_rbl_client list.dsbl.org,reject_rbl_client sbl.spamhaus.org,reject_rbl_client cbl.abuseat.org,reject_rbl_client dul.dnsbl.sorbs.net
smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_unknown_sender_domain,reject_unauth_destination
smtpd_sender_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_non_fqdn_sender,reject_unknown_sender_domain
smtpd_timeout=300
smtpd_error_sleep_time=5
smtpd_helo_required=yes
command_time_limit=1000
deliver_lock_delay=1
fork_delay=1
message_size_limit=10240000
stale_lock_time=500
transport_retry_time=60
maximal_backoff_time=4000
maximal_queue_lifetime=5
minimal_backoff_time=1000
queue_run_delay=1000
# SASL auth:
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_tls_auth_only = yes
# TLS:
smtpd_tls_cert_file = /etc/ssl/certs/domena.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
/etc/postfix/master.cf:
# only used by postfix-tls
tlsmgr fifo – – n 300 1 tlsmgr
#smtps inet n – n – – smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#587 inet n – n – – smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
# amavis
smtp-amavis unix – – y – 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n – y – – smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
/etc/procmailrc:
MAILDIR=$HOME/Maildir/ # You’d better make sure it exists
DEFAULT=$HOME/Maildir/
LOCKFILE=$HOME/.lockmail
:0fw
| /usr/bin/spamc -s 256000
/etc/dovecot/dovecot.conf:
protocols = imap imaps pop3 pop3s
auth = default
auth_mechanisms = plain
auth_passdb = pam
ssl_cert_file = /etc/ssl/certs/domena.pem
ssl_key_file = /etc/ssl/certs/domena.pem
/etc/default/spamassassin:
ENABLED=1
OPTIONS=”–create-prefs –max-children 5 –helper-home-dir”
PIDFILE=”/var/run/spamd.pid”
/etc/amavis/amavis.conf:
$mydomain = ‘domena.sk’;
$forward_method = ‘smtp:127.0.0.1:10025’;
$notify_method = $forward_method;
/etc/horde2/horde.php:
$conf[‘auth’][‘driver’] = ‘imap’;
$conf[‘problems’][’email’] = ‘root@domena.sk’;
/etc/default/saslauthd:
# This needs to be uncommented before saslauthd will be run automatically
START=yes
# You must specify the authentication mechanisms you wish to use.
# This defaults to “pam” for PAM support, but may also include
# “shadow” or “sasldb”, like this:
# MECHANISMS=”pam shadow”
MECHANISMS=”pam”
PARAMS=”-m /var/spool/postfix/var/saslauthd”
Enjoy! 😉