Vďaka proprietárnemu formátu mailboxov cyrusu, nemusí toto riešenie vyhovovať každému. Rád by som preto popísal konfiguráciu riešenia uvedeného v nadpise tohto článku. MTA postfix je s podporou TLS/SASL.

Uvediem celú konfiguráciu iba MTA postfix v /etc/postfix/main.cf. Ostatné konfiguračné súbory sú zo štandardnej inštalácie a popíšem iba zmeny v nich.

  • Konfigurácia postfixu:
  • /etc/postfix/main.cf:
    smtpd_banner = $myhostname ESMTP $mail_name
    biff = no

    # appending .domain is the MUA’s job.
    append_dot_mydomain = no

    # Uncomment the next line to generate “delayed mail” warnings
    #delay_warning_time = 4h

    myhostname = mail.domena.sk
    mydomain = domena.sk
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = domena.sk, mail.domena.sk
    relayhost =
    relay_domains =
    mynetworks = 127.0.0.0/8, 123.123.123.123/32
    content_filter = smtp:127.0.0.1:10024
    mailbox_command = procmail -a “$EXTENSION”
    home_mailbox = Maildir/
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    virtual_alias_domains = virtual1.domena.sk, virtual2.domena.sk
    virtual_alias_maps = hash:/etc/postfix/virtual
    header_checks=pcre:/etc/postfix/header_checks
    body_checks=regexp:/etc/postfix/body_checks
    smtp_connect_timeout=0
    smtp_helo_timeout=300
    smtp_mail_timeout=300
    smtp_rcpt_timeout=300
    smtp_data_init_timeout=120
    smtp_data_xfer_timeout=180
    smtp_data_done_timeout=600
    smtp_quit_timeout=300
    daemon_timeout=18000
    ipc_idle=100
    ipc_timeout=3600
    max_idle=100
    trigger_timeout=10
    delay_warning_time=0
    maps_rbl_domains=opm.blitzed.org,list.dsbl.org,sbl.spamhaus.org,cbl.abuseat.org,dul.dnsbl.sorbs.net
    smtpd_helo_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_rbl_client opm.blitzed.org,reject_rbl_client list.dsbl.org,reject_rbl_client sbl.spamhaus.org,reject_rbl_client cbl.abuseat.org,reject_rbl_client dul.dnsbl.sorbs.net
    smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_rbl_client opm.blitzed.org,reject_rbl_client list.dsbl.org,reject_rbl_client sbl.spamhaus.org,reject_rbl_client cbl.abuseat.org,reject_rbl_client dul.dnsbl.sorbs.net
    smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_unknown_sender_domain,reject_unauth_destination
    smtpd_sender_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_non_fqdn_sender,reject_unknown_sender_domain
    smtpd_timeout=300
    smtpd_error_sleep_time=5
    smtpd_helo_required=yes
    command_time_limit=1000
    deliver_lock_delay=1
    fork_delay=1
    message_size_limit=10240000
    stale_lock_time=500
    transport_retry_time=60
    maximal_backoff_time=4000
    maximal_queue_lifetime=5
    minimal_backoff_time=1000
    queue_run_delay=1000

    # SASL auth:
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_tls_auth_only = yes

    # TLS:
    smtpd_tls_cert_file = /etc/ssl/certs/domena.pem
    smtpd_tls_key_file = $smtpd_tls_cert_file
    smtpd_use_tls = yes
    smtp_tls_note_starttls_offer = yes

    /etc/postfix/master.cf:
    # only used by postfix-tls
    tlsmgr fifo – – n 300 1 tlsmgr
    #smtps inet n – n – – smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
    #587 inet n – n – – smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes

    # amavis
    smtp-amavis unix – – y – 2 smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    127.0.0.1:10025 inet n – y – – smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000

  • Konfigurácia procmail:
  • /etc/procmailrc:
    MAILDIR=$HOME/Maildir/ # You’d better make sure it exists
    DEFAULT=$HOME/Maildir/
    LOCKFILE=$HOME/.lockmail

    :0fw
    | /usr/bin/spamc -s 256000

  • Konfigurácia dovecot POP3/POP3S/IMAP/IMAPS servera:
  • /etc/dovecot/dovecot.conf:
    protocols = imap imaps pop3 pop3s
    auth = default
    auth_mechanisms = plain
    auth_passdb = pam
    ssl_cert_file = /etc/ssl/certs/domena.pem
    ssl_key_file = /etc/ssl/certs/domena.pem

  • Konfigurácia spamassassina:
  • /etc/default/spamassassin:
    ENABLED=1
    OPTIONS=”–create-prefs –max-children 5 –helper-home-dir”
    PIDFILE=”/var/run/spamd.pid”

  • Konfigurácia amavis/clamav:
  • /etc/amavis/amavis.conf:
    $mydomain = ‘domena.sk’;
    $forward_method = ‘smtp:127.0.0.1:10025’;
    $notify_method = $forward_method;

  • Konfigurácia horde/imp:
  • /etc/horde2/horde.php:
    $conf[‘auth’][‘driver’] = ‘imap’;
    $conf[‘problems’][’email’] = ‘root@domena.sk’;

  • Konfigurácia saslauthd:
  • /etc/default/saslauthd:
    # This needs to be uncommented before saslauthd will be run automatically
    START=yes

    # You must specify the authentication mechanisms you wish to use.
    # This defaults to “pam” for PAM support, but may also include
    # “shadow” or “sasldb”, like this:
    # MECHANISMS=”pam shadow”

    MECHANISMS=”pam”
    PARAMS=”-m /var/spool/postfix/var/saslauthd”
    Enjoy! 😉

    Leave a Reply