use unix newlines everywhere
[debienna.git] / LittleMailserver / index.mdwn
1 = Postfix Dovecot Pam =
2
3 ''' master.cf '''
4
5 # xxx.xxx.xxx.xxx = ipadresse; um den smtp server auf eine ip zu binden
6 {{{
7 xxx.xxx.xxx.xxx:smtp        inet  n       -       -       -       -       smtpd
8
9 dovecot unix    -       n       n       -       -      pipe
10   flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
11 }}}
12
13 ''' virtual_domains '''
14
15 {{{
16 example.net ACCEPT
17 domain.com  ACCEPT
18 }}}
19
20 postmap /etc/postfix/virtual_domains
21
22
23 ''' main.cf '''
24
25 {{{
26 myhostname = mail.example.net
27 myorigin = /etc/mailname
28
29 virtual_mailbox_domains         = hash:/etc/postfix/virtual_domains
30 virtual_mailbox_base            = /srv/vmail
31
32 virtual_uid_maps                = static:8
33 virtual_gid_maps                = static:8
34
35 virtual_transport               = dovecot
36
37 dovecot_destination_recipient_limit = 1
38
39 mydestination = localhost
40 mynetworks = 127.0.0.0/8,
41
42 smtpd_banner = $myhostname ESMTP Mailserver
43
44 mailbox_size_limit = 512000000
45 message_size_limit = 10240000
46
47 smtpd_sender_restrictions = reject_unknown_address
48 smtpd_client_restrictions = reject_invalid_hostname
49
50 smtpd_helo_required = yes
51 smtpd_helo_restrictions = reject_invalid_hostname,
52         reject_non_fqdn_hostname,
53         reject_invalid_hostname,
54         permit
55
56 smtpd_recipient_restrictions =
57         reject_invalid_hostname,
58         reject_non_fqdn_hostname,
59         reject_non_fqdn_sender,
60         reject_non_fqdn_recipient,
61         reject_unknown_sender_domain,
62         reject_unknown_recipient_domain,
63         reject_unauth_destination,
64         permit_mynetworks,
65         reject_rbl_client list.dsbl.org,
66         reject_rbl_client sbl-xbl.spamhaus.org,
67         reject_rbl_client cbl.abuseat.org,
68         reject_rbl_client dul.dnsbl.sorbs.net,
69         permit
70
71 strict_rfc821_envelopes = yes
72
73 home_mailbox = mails/
74
75 #smtpd_tls_cert_file = /etc/postfix/mail.csr
76 #smtpd_tls_key_file = /etc/postfix/mail.key
77
78 smtpd_use_tls = yes
79 smtpd_enforce_tls = no
80 smtpd_tls_auth_only = no
81
82 smtpd_error_sleep_time = 1s
83 smtpd_soft_error_limit = 10
84 smtpd_hard_error_limit = 20
85
86 # http://www.mailscanner.info
87 header_checks = regexp:/etc/postfix/header_checks
88 body_checks surf to http://www.malware.com.br
89
90 }}}
91
92 ''' /etc/postfix/header_checks '''
93
94 {{{
95 /^Received:/ HOLD
96 /^X-Spam-Level: (\*){8,}/   REDIRECT sa-spam
97 }}}
98
99 ''' dovecot.cf '''
100 {{{
101 base_dir = /var/run/dovecot/
102 #log_path = /var/log/dovecot.log
103 protocols = imap
104 ssl_disable = no
105 verbose_proctitle = yes
106 #first_valid_uid = 3000
107 #last_valid_uid = 3000
108 #first_valid_gid = 8
109 #last_valid_gid = 8
110 #valid_chroot_dirs = /var/mail
111 mail_location = maildir:~/Maildir
112 maildir_copy_with_hardlinks = yes
113
114 #protocol imap {
115 #}
116
117 auth_verbose = yes
118
119 auth default {
120         socket listen {
121                 master {
122                 path = /var/run/dovecot/auth-master
123                 mode = 0600
124                 user = vmail
125                 }
126         }
127         mechanisms = plain login
128         passdb pam {
129         }
130         userdb static {
131           args = uid=vmail gid=vmail home=/srv/vmail/%u
132         }
133 }
134
135 protocol lda {
136         postmaster_address = host@example.net
137 }
138
139 }}}
140 ''' addmailuser.sh ''' 
141 {{{
142 #!/bin/sh -x
143
144 echo "usage: $0 <newusername>"
145
146 mkdir /srv/vmail/$1
147 maildirmake /srv/vmail/$1/Maildir
148 chown vmail:vmail /srv/vmail/$1 -R
149
150 htpasswd /etc/dovecot/dovecot.passwd $1
151 }}}
152
153 ''' pam.d/dovecot '''
154
155 aptitude install libpam_pwdfile
156
157 {{{
158 #%PAM-1.0
159
160 auth required pam_pwdfile.so pwdfile=/etc/dovecot/dovecot.passwd debug
161
162 session sufficient pam_permit.so
163 account sufficient pam_permit.so
164
165 #@include common-auth
166 #@include common-account
167 #@include common-session
168 }}}
169
170 {{{
171 aptitude install policyd-weight
172 }}}
173
174 [[http://rikman.mtb-news.de/archives/2005/12/13/postgrey-unter-debian-einrichten/|postgrey-unter-debian-einrichten]]
175
176 [[http://packages.debian.org/etch/mailscanner|MailScanner Debian-package]]
177
178 [[http://www.delodder.be/index.php/2007/10/18/mailscanner-with-postfix-on-etch/#more-86|MailScanner With Postfix on Etch]]
179
180 [[http://www.delodder.be/index.php/2007/10/22/add-anti-virus-support-to-mailscanner/#more-88|Add Anti-Virus support to MailScanner]]
181
182
183
184 Um noch den Usern zu ermöglichen ihre Mails über den Server zu relayen sollte man eine SMTP Authentifizierung benutzen. Falls die Clients statisce IPs besitzen kann man diese natürlich auch in der main.cf unter my_networks eintragen. Wie eine mögliche SMTP Auth ausehen kann findet sich unter [[LittleMailserverSMTP]]
185
186 ----
187 CategoryCodeSnippets CategoryTipsAndTricks