00-tech-book
.pdfPostfix доступный в репозитории не имеет поддержки MySQL а именно там мы собираемся хранить всю свою базу аккаунтов пользователей, поэтому мы скачаем src-пакет, внесем в него изменения (добавим поддержку MySQL), соберем и установим.
#mkdir -p /usr/src/redhat/{SOURCES,BUILD,SRPMS,RPMS/i386}
#rpm -Uvh http://mirror.corbina.net/pub/Linux/centos/5.2/updates/SRPMS/ postfix-2.3.3-2.1.el5_2.src.rpm
#cd /usr/src/redhat/SPECS/
В файл postfix.spec добавляем поддержку MySQL и кое какие другие опции для успешной сборки:
меняем %define LDAP 2 на %define LDAP 0 меняем %define MySQL 0 на %define MySQL 1
В коде ниже меняем %define SASL 1 на %define SASL 2
%if %{LDAP} <= 1 && %{SASL} >= 2 %undefine SASL
%define SASL 1 %endif
#yum -y install mysql gcc rpm-build db4-devel zlib-devel openldap-devel cyrus- sasl-devel pcre-devel mysql-devel openssl-devel
#rpmbuild -ba postfix.spec
#rpm -Uvh /usr/src/redhat/RPMS/i386/postfix-2.3.3-2.1.i386.rpm
#chkconfig postfix on
#chkconfig mysqld on
Выполняем postconf и убеждаемся что postfix собран с поддержкой mysql
#postconf -m
...
mysql
...
#useradd -r -u 1000 -g mail -d /var/vmail -s /sbin/nologin -c “Virtual Mailbox” vmail
#mkdir /var/vmail
#chmod 770 /var/vmail/
#chown vmail: /var/vmail/
Модуль 15. Postfix. |
|
211 |
|
|
|
|
|
Конфигурационный файл /etc/postfix/main.cf
soft_bounce = no
queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = postfix
default_privs = nobody
myhostname = mail-server.company.ru mydomain = company.ru
myorigin = $mydomain inet_interfaces = all
mydestination = localhost.$myhostname, localhost unknown_local_recipient_reject_code = 550
local_recipient_maps = $virtual_mailbox_maps, $virtual_alias_maps mynetworks = 127.0.0.0/8, 192.168.146.0/24
#relay_domains = $mydomain alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mail_spool_directory = /var/spool/mail smtpd_banner = $myhostname ESMTP debug_peer_level = 2
debug_peer_list = 127.0.0.1 debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop
html_directory = no manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES config_directory = /etc/postfix
virtual_mailbox_domains = mysql:$config_directory/sql/vdomains.cf virtual_mailbox_base = /var/vmail
virtual_mailbox_maps = mysql:$config_directory/sql/vmailbox.cf virtual_alias_maps = mysql:$config_directory/sql/valias.cf virtual_minimum_uid = 1000
virtual_uid_maps = static:1000 virtual_gid_maps = static:12 virtual_transport = dovecot dovecot_destination_recipient_limit = 1 smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
212 |
|
Модуль 15. Postfix. |
|
|
|
smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_recipient, reject_unverified_recipient, reject_rbl_client cbl.abuseat.org, reject_rbl_client dialups.mail-abuse.org,
content_filter = scan:127.0.0.1:10025 receive_override_options = no_address_mappings
Конфигурационный файл /etc/postfix/master.cf
# Postfix master process configuration file.
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
smtp |
inet |
n |
- |
n |
|
- |
- |
|
smtpd |
||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||
|
|
|
|
|
|
|
-o content_filter=spamfilter:dummy |
||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
pickup |
fifo n |
- |
n |
|
60 |
|
1 |
pickup |
|||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||
cleanup |
unix n |
- |
n |
|
- |
|
0 |
cleanup |
|||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||
qmgr |
fifo n |
- |
n |
|
300 |
|
1 |
|
qmgr |
||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||||
tlsmgr |
unix |
- |
- |
n |
|
1000? |
1 |
|
tlsmgr |
||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||
rewrite |
unix |
- |
- |
n |
|
- |
- |
|
trivial-rewrite |
||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||||
bounce |
unix - |
- |
n |
|
- |
0 |
bounce |
||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||
defer |
unix |
- |
- |
n |
|
- |
0 |
|
bounce |
||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||
trace |
unix |
- |
- |
n |
|
- |
0 |
|
bounce |
||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||||
verify |
unix |
- |
- |
n |
|
- |
1 |
|
verify |
||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||||||||
flush |
unix n |
- |
n |
|
1000? |
0 |
|
flush |
|||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||||||||||
proxymap unix - |
|
- |
n |
- |
|
- |
|
proxymap |
|||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||||||||
smtp |
unix |
- |
- |
n |
|
- |
- |
|
smtp |
||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||||||||||
relay |
unix |
- |
- |
n |
|
- |
- |
|
smtp |
Модуль 15. Postfix. |
|
213 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
|
|
|
|
|
|
-o fallback_relay= |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
showq |
unix n |
- |
|
n |
- |
- |
showq |
|||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
error |
unix |
- |
|
- |
|
n |
- |
- |
error |
|||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||
discard |
unix |
- |
|
- |
|
n |
- |
- |
discard |
|||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||
local |
unix |
- |
|
n |
n |
- |
- |
local |
||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||
virtual |
unix |
- |
|
n |
n |
- |
- |
virtual |
||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||
lmtp |
unix |
- |
|
- |
|
n |
- |
- |
lmtp |
|||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||||||||
anvil |
unix |
- |
|
- |
|
n |
- |
1 |
anvil |
|||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||
scache |
unix |
- |
|
- |
|
n |
- |
1 |
scache |
|||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
||||||||||||||||
maildrop unix |
- |
n |
n |
- |
- |
pipe |
||||||||||||||||||||
|
|
|
|
|
|
|
|
|
||||||||||||||||||
|
|
|
|
|
|
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} |
||||||||||||||||||||
|
|
|
|
|
|
|
|
|
||||||||||||||||||
old-cyrus unix |
- |
n |
n |
- |
- |
pipe |
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
dovecot unix - n n - - pipe
flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d $(recipient)
scan unix - - n - 16 smtp -o smtp_send_xforward_command=yes
127.0.0.1:10026 inet n - n - 16 smtpd -o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
214 |
|
Модуль 15. Postfix. |
|
|
|
-o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
spamfilter unix - n n - - pipe
flags=Rq user=spamfilter argv=/usr/local/bin/spamfilter -f ${sender} -- ${recipient}
# mkdir /etc/postfix/sql
Конфигурационный файл /etc/postfix/sql/valias.cf
user = postfix password = password hosts = localhost dbname = postfix table = alias select_field = goto where_field = address
additional_conditions = and active = '1'
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'
Конфигурационный файл /etc/postfix/sql/vdomains.cf
user = postfix password = password hosts = localhost dbname = postfix table = domain select_field = domain where_field = domain
additional_conditions = and backupmx = '0' and active = '1'
query = SELECT domain FROM domain WHERE domain='%s' AND backupmx='0' AND active='1'
Модуль 15. Postfix. |
|
215 |
|
|
|
Конфигурационный файл /etc/postfix/sql/vmailbox.cf
user = postfix password = password hosts = localhost dbname = postfix table = mailbox
select_field = CONCAT(domain,'/',maildir) where_field = username additional_conditions = and active = '1'
query = SELECT CONCAT(domain,'/',maildir) FROM mailbox WHERE username='%s' AND active = '1'
MySQL
MySQL – популярная система управления базами данных. В базе мы будет хранить почтовые аккаунты, то есть пользователи будут виртуальными и нет необходимости заводить их в системе.
# service mysqld start
Установите административный пароль на MySQL и некоторые другие опции ответив на несколько вопросов.
# /usr/bin/mysql_secure_installation
Set root password? [Y/n] y
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
Thanks for using MySQL!
# mysql -p
mysql> CREATE DATABASE postfix;
216 |
|
Модуль 15. Postfix. |
|
|
|
Вместо password укажите свой пароль для пользователя.
mysql> CREATE USER 'postfix'@'localhost' IDENTIFIED BY 'password';
mysql> GRANT ALL PRIVILEGES ON `postfix`.* TO ‘postfix’@’localhost’;
mysql> \q
В файле /etc/my.cnf в секцию [mysqld] добавляем строку указанную ниже, она сообщит MySQL-серверу ожидать входящие соединения на этом IP-адресе.
bind-address=127.0.0.1
# service mysqld restart
Dovecot
Dovecot – популярный POP3/IMAP-сервер, стабильный и несложный в настройке.
#yum -y install dovecot
#chkconfig dovecot on
Конфигурационный файл /etc/dovecot.conf
base_dir = /var/run/dovecot/
protocols = imap pop3
protocol imap { listen = *:143
}
protocol pop3 { listen = *:110
}
log_timestamp = «%Y-%m-%d %H:%M:%S»
syslog_facility = mail
mail_location = maildir:/var/vmail/%d/%u
Модуль 15. Postfix. |
|
217 |
|
|
|
mail_debug = yes
first_valid_uid = 1000 last_valid_uid = 1000
maildir_copy_with_hardlinks = yes
protocol imap {
login_executable = /usr/libexec/dovecot/imap-login mail_executable = /usr/libexec/dovecot/imap imap_max_line_length = 65536
protocol pop3 {
login_executable = /usr/libexec/dovecot/pop3-login mail_executable = /usr/libexec/dovecot/pop3 pop3_uidl_format = %08Xu%08Xv
protocol lda {
postmaster_address = postmaster@company.ru sendmail_path = /usr/lib/sendmail auth_socket_path = /var/run/dovecot/auth-master
auth_verbose = yes auth_debug = yes auth_debug_passwords = yes
auth default {
base_dir = /var/run/dovecot/
mechanisms = plain
passdb pam {
}
218 |
|
Модуль 15. Postfix. |
|
|
|
passdb sql {
args = /etc/dovecot-sql.conf
}
userdb passwd {
}
userdb sql {
args = /etc/dovecot-sql.conf
}
user = nobody
socket listen { master {
path = /var/run/dovecot/auth-master mode = 0660
user = vmail group = mail
}
client {
path = /var/spool/postfix/private/auth mode = 0660
user = postfix group = postfix
}
}
}
dict {
}
plugin {
}
Конфигурационный файл /etc/dovecot-sql.conf
driver = mysql
connect = host=localhost dbname=postfix user=postfix password=password default_pass_scheme = MD5
Модуль 15. Postfix. |
|
219 |
|
|
|
user_query = SELECT '/var/vmail/%d/%n' as home, 'maildir:/var/vmail/%d/%n' as mail, 1000 AS uid, 12 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'
password_query = SELECT username as user, password, '/var/vmail/%d/%n' asuserdb_ home, 'maildir:/var/vmail/%d/%n' as userdb_mail, 1000 as userdb_uid, 12 asuserdb_gid FROM mailbox WHERE username = '%u' AND active = '1'
Clamd
Clamd - Clam AntiVirus Daemon. Сервис ожидает входящие подключения на UNIX/TCP-сокете и проверяет файлы и каталоги по запросу (например clamdscan /var).
#yum -y install clamd
#chkconfig clamd on
Конфигурационный файл /etc/clamd.conf
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 0
LogTime yes
LogSyslog yes
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /var/tmp
DatabaseDirectory /var/clamav
LocalSocket /var/run/clamav/clamd.sock
FixStaleSocket yes
TCPSocket 3310
TCPAddr 127.0.0.1
MaxConnectionQueueLength 30
MaxThreads 50
ReadTimeout 300
User clamav
AllowSupplementaryGroups yes
ScanPE yes
ScanELF yes
DetectBrokenExecutables yes
ScanOLE2 yes
ScanMail yes
ScanHTML yes
ScanArchive yes
ArchiveBlockEncrypted no
220 |
|
Модуль 15. Postfix. |
|
|
|