FreeBSD - postfix, courier-imap, postfixadmin

Установка, настройка postfix

 # cd /usr/ports/mail/postfix
 # make showconfig
 ===> The following configuration options are available for postfix-2.7.0,1:
      PCRE=on "Perl Compatible Regular Expressions"
      SASL2=on "Cyrus SASLv2 (Simple Auth. and Sec. Layer)"
      DOVECOT=off "Dovecot SASL authentication method"
      SASLKRB=off "If your SASL req. Kerberos select this option"
      SASLKRB5=off "If your SASL req. Kerberos5 select this option"
      SASLKMIT=off "If your SASL req. MIT Kerberos5 select this option"
      TLS=off "Enable SSL and TLS support"
      BDB=off "Berkeley DB (choose version with WITH_BDB_VER)"
      MYSQL=on "MySQL maps (choose version with WITH_MYSQL_VER)"
      PGSQL=off "PostgreSQL maps (choose with DEFAULT_PGSQL_VER)"
      OPENLDAP=off "OpenLDAP maps (choose ver. with WITH_OPENLDAP_VER)"
      CDB=off "CDB maps lookups"
      NIS=off "NIS maps lookups"
      VDA=off "VDA (Virtual Delivery Agent 32Bit)"
      TEST=off "SMTP/LMTP test server and generator"
 ===> Use 'make config' to modify these settings
 # make install clean

/usr/local/etc/postfix/main.cf

 queue_directory = /var/spool/postfix
 command_directory = /usr/local/sbin
 daemon_directory = /usr/local/libexec/postfix
 
 data_directory = /var/db/postfix
 mail_owner = postfix
 
 myhostname = xxx
 
 myorigin = $myhostname
 
 inet_interfaces = localhost, $myhostname
 
 mydestination =
 
 unknown_local_recipient_reject_code = 550
 
 mynetworks_style = host
 
 mynetworks = 127.0.0.0/8
 
 debug_peer_level = 2
 debugger_command =
          PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
          ddd $daemon_directory/$process_name $process_id & sleep 5
  
 # debug_peer_list = 127.0.0.1, x.x.x.x # дебаг хождения почты
 
 sendmail_path = /usr/local/sbin/sendmail
 
 newaliases_path = /usr/local/bin/newaliases
 
 mailq_path = /usr/local/bin/mailq
 
 setgid_group = maildrop
 
 html_directory = /usr/local/share/doc/postfix
 
 manpage_directory = /usr/local/man
 
 sample_directory = /usr/local/etc/postfix
 
 readme_directory = /usr/local/share/doc/postfix
 
 # --------------------- custom settings --------------------------------
 
 transport_maps = mysql:/usr/local/etc/postfix/mysql/transport_maps.conf
 
 virtual_gid_maps = static:1111
 virtual_uid_maps = static:1111
 virtual_minimum_uid = 1001
 
 virtual_mailbox_base = /var/spool/mail/virtual
 virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql/alias_maps.conf
 virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql/domains_maps.conf
 virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql/mailbox_maps.conf
 virtual_transport = virtual:
 
 virtual_create_maildirsize = yes
 virtual_mailbox_extended = yes
 virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/mysql/mailbox_limit_maps.conf
 virtual_mailbox_limit_override = yes
 virtual_maildir_limit_message = Sorry, quota
 virtual_overquota_bounce = yes
 virtual_mailbox_limit = 102400000
 broken_sasl_auth_clients = yes
 
 message_size_limit = 10000000
 
 smtpd_sasl_auth_enable = yes
 smtpd_sasl_application_name = smtpd
 broken_sasl_auth_clients = yes
 smtpd_sasl_security_options = noanonymous
 
 smtpd_helo_required = yes
 
 local_recipient_maps = mysql:/usr/local/etc/postfix/mysql/local_recipient_maps.conf $alias_maps $virtual_alias_maps
 
 # ----------------------------------------------------------------------
 
 # ------------------------ restrictions ----------------------------------------
 smtpd_client_restrictions =     permit_mynetworks,
 #                               reject_unknown_client_hostname # проверка обратной зоны
 
 smtpd_helo_restrictions =       permit_mynetworks,
                                 reject_invalid_helo_hostname,
                                 reject_unknown_helo_hostname,
                                 reject_non_fqdn_helo_hostname,
 
 smtpd_recipient_restrictions =  permit_mynetworks,
                                 permit_sasl_authenticated,
                                 permit_auth_destination, # доставка писем конкретным адресатам (смотрит в таблице virtual_mailbox_domains)
                                 reject_unauth_destination,
                                 reject
 
 # -------------------------------------------------------------------------------
 
 notify_classes =
 #2bounce_notice_recipient = garbage
 #bounce_notice_recipient = garbage

/usr/local/etc/postfix/mysql/alias_maps.conf

 user = логин
 password = пароль
 hosts = localhost
 dbname = БД
 table = alias
 select_field = goto
 where_field = address
 

/usr/local/etc/postfix/mysql/domains_maps.conf

 user = логин
 password = пароль
 hosts = localhost
 dbname = БД
 table = domain
 select_field = description
 where_field = domain
 

/usr/local/etc/postfix/mysql/mailbox_limit_maps.conf

 user = логин
 password = пароль
 hosts = localhost
 dbname = БД
 table = mailbox
 select_field = quota
 where_field = username
 additional_conditions = and active = '1'
 

/usr/local/etc/postfix/mysql/mailbox_maps.conf

 user = логин
 password = пароль
 hosts = localhost
 dbname = БД
 table = mailbox
 select_field = maildir
 where_field = username
 additional_conditions = and active = '1'
 

/usr/local/etc/postfix/mysql/transport_maps.conf

 user = логин
 password = пароль
 hosts = localhost
 dbname = БД
 table = domain
 select_field = transport
 where_field = domain

/usr/local/etc/postfix/mysql/local_recipient_maps.conf

 user = логин
 password = пароль
 hosts = localhost
 dbname = БД
 table = mailbox
 select_field = username
 where_field = username
 additional_conditions = and active = '1'

Выполнить

 # pw group add virtual -g 1111
 # pw user add virtual -g virtual -s /sbin/nologin -u 1111
 # mkdir -p /var/spool/mail/virtual
 # chown virtual:virtual /var/spool/mail/virtual/

Настройка SASL

Конфиг сборки и установка

 cd /usr/ports/security/cyrus-sasl2 && make showconfig |grep =on
 MYSQL=on "Use MySQL"
 LOGIN=on "Enable LOGIN authentication"
 PLAIN=on "Enable PLAIN authentication"
 cd /usr/ports/security/cyrus-sasl2 && make install clean

Создадим файл /usr/local/lib/sasl2/smtpd.conf c корректными правами

 touch /usr/local/lib/sasl2/smtpd.conf
 chgrp mail /usr/local/lib/sasl2/smtpd.conf
 chmod 640 /usr/local/lib/sasl2/smtpd.conf

/usr/local/lib/sasl2/smtpd.conf

 pwcheck_method: auxprop
 mech_list: PLAIN LOGIN
 auxprop_plugin: sql
 sql_engine: mysql
 sql_hostnames: localhost
 sql_user: БД-логин
 sql_passwd: БД-пароль
 sql_database: БД-имя
 sql_select: select password from mailbox where username = '%u@%r'
 log_level: 7

Установка, настройка postfixadmin

 # cd /usr/ports/mail/postfixadmin
 # make showconfig
 ===> The following configuration options are available for postfixadmin-2.3_1:
      MYSQL=on "MySQL back-end (use mysql PHP extension)"
      MYSQLI=off "MySQL 4.1+ back-end (use mysqli PHP extension)"
      PGSQL=off "PostgreSQL back-end (use pgsql PHP extension)"
 ===> Use 'make config' to modify these settings
 # make install clean

В настройках ''apache'' прописываем

  Alias /postfix-admin/ "/usr/local/www/apache22/postfixadmin/"
  <Directory "/usr/local/www/apache22/postfixadmin">
     Options -Indexes FollowSymLinks MultiViews
     AllowOverride None
     Order deny,allow
     Allow from all
 </Directory>
 # apachectl restart

Создадим БД ''postfix''

 mysql> create database postfix;
 mysql> grant all on postfix.* to admin@localhost identfied by "admin";

Заходим на http://your_ip/postfix-admin/setup.php и создаем админскую уч. запись (а также создаются таблицы в БД postfix).

/usr/local/www/postfixadmin/config.inc.php

 $CONF['configured'] = true;
 $CONF['setup_password'] = 'хэш';
 $CONF['encrypt'] = 'cleartext';
 $CONF['admin_email'] = 'postmaster@daystudio.ru';
    'abuse' => 'abuse@daystudio.ru',
    'hostmaster' => 'hostmaster@daystudio.ru',
    'postmaster' => 'postmaster@daystudio.ru',
    'webmaster' => 'webmaster@daystudio.ru'

p.s. Важно заполнять описание домена при создании в веб-панели postfix-admin !!

Установка, настройка courier-imap

 # cd /usr/ports/mail/courier-imap
 # make showconfig
 ===> The following configuration options are available for courier-imap-4.7.0,2:
      FAM=off "Build in fam support for IDLE command"
      TRASHQUOTA=off "Include deleted mails in the quota"
      GDBM=off "Use gdbm db instead of system bdb"
      IPV6=off "Build with IPv6 support"
      AUTH_LDAP=off "LDAP support"
      AUTH_MYSQL=on "MySQL support"
      AUTH_PGSQL=off "PostgreSQL support"
      AUTH_USERDB=off "Userdb support"
      AUTH_VCHKPW=off "Vpopmail/vchkpw support"
 ===> Use 'make config' to modify these settings
 # make install clean

/usr/local/etc/authlib/authdaemonrc

 authmodulelist="authmysql"
 authmodulelistorig="authmysql"
 daemons=5
 
 authdaemonvar=/var/run/authdaemond
 
 subsystem=mail
 
 DEBUG_LOGIN=0
 DEFAULTOPTIONS="wbnodsn=1"
 LOGGEROPTS=""
 

/usr/local/etc/authlib/authmysqlrc

 MYSQL_SERVER            localhost
 MYSQL_USERNAME          логин
 MYSQL_PASSWORD          пароль
 MYSQL_PORT              0
 MYSQL_OPT               0
 MYSQL_DATABASE          БД
 MYSQL_USER_TABLE        mailbox
 MYSQL_CLEAR_PWFIELD     password
 
 DEFAULT_DOMAIN          xxx
 
 MYSQL_UID_FIELD         1111
 MYSQL_GID_FIELD         1111
 MYSQL_LOGIN_FIELD       username
 MYSQL_HOME_FIELD        '/var/spool/mail/virtual/'
 MYSQL_NAME_FIELD        name
 MYSQL_MAILDIR_FIELD     maildir
 MYSQL_QUOTA_FIELD       quota

/usr/local/etc/courier-imap/pop3d

 PIDFILE=/var/run/pop3d.pid
 MAXDAEMONS=40
 MAXPERIP=4
 
 POP3AUTH=""
 POP3AUTH_ORIG="PLAIN LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256"
 POP3AUTH_TLS=""
 POP3AUTH_TLS_ORIG="LOGIN PLAIN"
 POP3_PROXY=0
 
 PORT=110
 ADDRESS=0
 
 TCPDOPTS="-nodnslookup -noidentlookup"
 LOGGEROPTS="-name=pop3d"
 
 POP3DSTART=NO
 MAILDIRPATH=Maildir

/usr/local/etc/courier-imap/imapd

 ADDRESS=x.x.x.x
 PORT=143
 MAXDAEMONS=40
 MAXPERIP=4
 
 PIDFILE=/var/run/imapd.pid
 TCPDOPTS="-nodnslookup -noidentlookup"
 
 LOGGEROPTS="-name=imapd"
 
 IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE"
 IMAP_KEYWORDS=1
 IMAP_ACL=0
 IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE"
 IMAP_PROXY=0
 IMAP_PROXY_FOREIGN=0
 IMAP_IDLE_TIMEOUT=60
 IMAP_MAILBOX_SANITY_CHECK=1
 IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"
 IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN"
 IMAP_DISABLETHREADSORT=0
 IMAP_CHECK_ALL_FOLDERS=0
 IMAP_OBSOLETE_CLIENT=0
 IMAP_UMASK=022
 IMAP_ULIMITD=65536
 IMAP_USELOCKS=1
 IMAP_SHAREDINDEXFILE=/usr/local/etc/courier-imap/shared/index
 IMAP_ENHANCEDIDLE=0
 IMAP_TRASHFOLDERNAME=Trash
 IMAP_EMPTYTRASH=Trash:7
 IMAP_MOVE_EXPUNGE_TO_TRASH=0
 SENDMAIL=/usr/sbin/sendmail
 HEADERFROM=X-IMAP-Sender
 IMAPDSTART=NO
 MAILDIRPATH=Maildir

Автозагрузка сервисов

Нам нужен только POP3:

 # echo "courier_authdaemond_enable="YES"" >> /etc/rc.conf
 # echo "courier_imap_pop3d_enable="YES"" >> /etc/rc.conf

Для IMAP:

 # echo "courier_imap_imapd_enable="YES"" >> /etc/rc.conf

Запуск:

 # /usr/local/etc/rc.d/courier-authdaemond start
 # /usr/local/etc/rc.d/courier-imap-pop3d start

Ссылки

Комментарии

 
blog/2011/12/08-freebsd_-_postfix_courier-imap_postfixadmin.txt · Последние изменения: 2011/12/08 16:42 — Антон Бугреев · []