Pythontr

husonet | Tarih: 02.05.2014

Postfix, Courier ve MySQL ile Mail Server Kurulumu

Mail, Eposta server kurulumu ve yapılandırması Postfix Ver 2.9.6.

Daha önce bu kurulumu yapmıştık fakat postfix 2.9.6 versiyon kurulumunda değişiklikler olmuş bu sebepten dolayı tekrar yazmak istedik.

Kurulum yapılacak makina
amd 64 işlemci
32 GB Ram
2 TB Disk

Sistem gereksinimi
Debian 7 Wheezy

Kurulması Gereken Paketler
# aptitude install apache2 libapache2-mod-php5 php5-cli php5-common php5-cgi
aptitude install php7.0-cli php7.0-common php7.0-cgi
aptitude install mysql-server phpmyadmin
aptitude install postfix-mysql postfix
# aptitude install libsasl2 libsasl2-dev libsasl2-modules-sql
aptitude install libsasl2-2 libsasl2-dev libsasl2-modules-sql
aptitude install spamassassin
aptitude install amavisd-new
# aptitude install clamav clamav-daemon lha arj
aptitude install clamav clamav-daemon jlha-utils arj
aptitude install unrar zoo nomarch lzop
aptitude install libsasl2-modules libsasl2-modules-gssapi-heimdal
# aptitude install courier-authdaemon courier-authmysql courier-imap courier-imap-ssl courier-pop-ssl courier-pop courier-authlib-mysql
aptitude install courier-authdaemon courier-authlib-mysql courier-imap courier-imap-ssl courier-pop-ssl courier-pop courier-authlib-mysql
aptitude install maildrop
touch /var/lib/amavis/whitelist_sender
chown amavis:amavis /var/lib/amavis/whitelist_sender
touch /var/lib/amavis/blacklist_sender
chown amavis:amavis /var/lib/amavis/blacklist_sender 

● amavis.service - LSB: Starts amavisd-new mailfilter                                                                                                               
   Loaded: loaded (/etc/init.d/amavis; generated; vendor preset: enabled)                                       
   Active: failed (Result: exit-code) since Mon 2018-05-14 16:07:37 CEST; 3ms ago                                    
     Docs: man:systemd-sysv-generator(8)                                                 
  Process: 20077 ExecStart=/etc/init.d/amavis start (code=exited, status=1/FAILURE)                   
                                                                                                             
May 14 16:07:37 pythontr amavis[20077]: Starting amavisd:   The value of variable $myhostname is "pythontr", but should have been
May 14 16:07:37 pythontr amavis[20077]:   a fully qualified domain name; perhaps uname(3) did not provide such.              
May 14 16:07:37 pythontr amavis[20077]:   You must explicitly assign a FQDN of this host to variable $myhostname         
May 14 16:07:37 pythontr amavis[20077]:   in /etc/amavis/conf.d/05-node_id, or fix what uname(3) provides as a host's
May 14 16:07:37 pythontr amavis[20077]:   network name!                       
May 14 16:07:37 pythontr amavis[20077]: (failed).                                
May 14 16:07:37 pythontr systemd[1]: amavis.service: Control process exited, code=exited status=1                                                           
May 14 16:07:37 pythontr systemd[1]: Failed to start LSB: Starts amavisd-new mailfilter.
May 14 16:07:37 pythontr systemd[1]: amavis.service: Unit entered failed state.                     
May 14 16:07:37 pythontr systemd[1]: amavis.service: Failed with result 'exit-code'.


amavis yukarıdaki gibi hata verirse


vim /etc/amavis/conf.d/05-node_id
    $myhostname = "pythontr.com";


Açılması gereken portlar
ACCEPT          $FW             net             icmp
# net
ACCEPT          net                     fw              tcp     22
ACCEPT          net                     fw              tcp     514 
ACCEPT          net                     fw              udp     514 
# mail sunucu
ACCEPT          net                     fw              tcp     143 
ACCEPT          net                     fw              udp     143 
ACCEPT          net                     fw              tcp     110 
ACCEPT          net                     fw              udp     110 
ACCEPT          net                     fw              tcp     587 
ACCEPT          net                     fw              udp     587 
ACCEPT          net                     fw              tcp     993 
ACCEPT          net                     fw              udp     993 
ACCEPT          net                     fw              tcp     25  
ACCEPT          net                     fw              udp     25  
# dns server
ACCEPT          net                     fw              tcp     53  
ACCEPT          net                     fw              udp     53  
HTTP/ACCEPT     net                     fw  
Ping/ACCEPT     net                     fw



Domain yönlendirmesi için sitemizde bind kurulumunu okuyup uygulamalsınız. /makale.py?tid=163


Mysql: Domain Bilgileri ve Kullanıcı Mail bilgilerini Tutmak için. Avantajı ise kullanıcıların db den direkt eklenip silinmesi için. Web arayüzünün hazırlanmasını daha kolaylaştıracaktır.
Postfix: Mail server
Courier Imap: Imap ve pop3 server
Cyrus Sasl: SMTP Auth yapilabilmesi icin gerekli program.
Amavisd-new: Spam ve virüs kontrolü
Clamav: Virus programı.
Spamassassin: Spam kontrolü yapan program.

Database İşlemleri
# Yeni bir database olsun
CREATE DATABASE  `mail_sunucu` DEFAULT CHARACTER SET utf8 COLLATE utf8_turkish_ci;


# Tablolar
CREATE EXISTS `users` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `address` varchar(128) COLLATE utf8_turkish_ci NOT NULL DEFAULT '',
  `crypt` varchar(128) COLLATE utf8_turkish_ci NOT NULL DEFAULT '',
  `clear` varchar(128) COLLATE utf8_turkish_ci NOT NULL DEFAULT '',
  `name` varchar(128) COLLATE utf8_turkish_ci NOT NULL DEFAULT '',
  `uid` smallint(5) unsigned NOT NULL DEFAULT '1000',
  `gid` smallint(5) unsigned NOT NULL DEFAULT '1000',
  `home` varchar(128) COLLATE utf8_turkish_ci NOT NULL DEFAULT '/',
  `domain` varchar(128) COLLATE utf8_turkish_ci NOT NULL DEFAULT '',
  `maildir` varchar(255) COLLATE utf8_turkish_ci NOT NULL DEFAULT '',
  `imapok` tinyint(3) unsigned NOT NULL DEFAULT '1',
  `bool1` tinyint(3) unsigned NOT NULL DEFAULT '1',
  `bool2` tinyint(3) unsigned NOT NULL DEFAULT '1',
  `quota` varchar(100) COLLATE utf8_turkish_ci NOT NULL DEFAULT '5000',
  `SILINDI` varchar(1) COLLATE utf8_turkish_ci NOT NULL DEFAULT 'F',
  PRIMARY KEY (`id`),
  UNIQUE KEY `address` (`address`),
  UNIQUE KEY `id` (`id`),
  KEY `id_2` (`id`),
  KEY `address_2` (`address`)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_turkish_ci AUTO_INCREMENT=1;

CREATE TABLE `virtual` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `address` varchar(255) COLLATE utf8_turkish_ci NOT NULL DEFAULT '',
  `goto` text COLLATE utf8_turkish_ci NOT NULL,
  `SILINDI` varchar(1) COLLATE utf8_turkish_ci NOT NULL DEFAULT 'F',
  PRIMARY KEY (`id`),
  UNIQUE KEY `ADDRESS` (`address`)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_turkish_ci AUTO_INCREMENT=1 ;

CREATE TABLE `transport` (
`domain` varchar(128) NOT NULL default '',
`transport` varchar(128) NOT NULL default 'virtual:',
UNIQUE KEY `domain` (`domain`)
) ENGINE=MyISAM;

INSERT INTO `users` (`id`, `address`, `crypt`, `clear`, `name`, `uid`, `gid`, `home`, `domain`, `maildir`, `imapok`, `bool1`, `bool2`, `quota`, `SILINDI`) VALUES
('1', 'huseyin@example.com', encrypt('123456'), '123456', 'Huseyin', 5000, 5000, '/var/spool/postfix/virtual', 'example.com', 'example.com/huseyin/', 1, 1, 1, '51200000', 'F');

INSERT INTO `virtual` (`id`, `address`, `goto`, `SILINDI`) VALUES
('1', 'root@example.com', 'huseyin@example.com', 'F'),
('2', '@example.com', 'huseyin@example.com', 'F');

INSERT INTO `transport` (`domain`, `transport`) VALUES
('example.com', 'virtual:');


Transport Tablosu: Bu tablo gelen epostaların domain bilgilerini tutar. Burada o domain’e ait epostaların virtual mi yoksa sistem üzerinde mi tutulacağı belirlenir.
Transport Tablosu Alanları
domain: Host edilecek domain adi. “virtual” ve “local” olarak host edecekleriniz dahil.
transport: Host edilecek domain tipi. Virtual domainler için “virtual:”, local kullanıcılar için “local:” yazılabilir.

Virtual Tablosu: Bir e-posta adresine gelen e postaların başka bir eposta adrese yada adreslere yönlendirilmesi bu tablodan yapılır. Eposta adresleri arasına “,” konarak bu işlem yapılabilir.
Virtual Tablosu Alanları
address: Gelen mail adresi
goto: Üstteki mail adresinden gelen maillerin yönlendirileceği adres.

Users Tablosu: Kullanıcıların yer aldığı tablodur.
Users Tablosu Alanları
id: Kullanıcı Adı örnek user@xxx.com
address: Kullanıcı e-mail adresi. user@xxx.com şeklinde
crypt: Şifre kısmının şifreli (crypted) edilmiş hali. Şifrenin bu şekilde saklanmasını istemiyorsanız boş bırakın. Bu alana MYSQL'den veri girerken querynizi encrypt fonksiyonuyla gönderin. encrypt(‘password’) gibi.
clear: Şifrenin yalın hali
name: Kullanicinin ismi. Postfix icin gerekli degil. Courier icin kullanacagiz.
uid: virtual uid
gid: virtual gid Farklı mail adresi içn için tek gid kullanmalıyız.
home: Mail klasorü “/var/spool/postfix/virtual” olabilir.
domain: Kullanıcı domain adı.
maildir: Kullanıcı maillerinin saklanacağı klasör. Burada tam yolu kullanmalıyız. örnek. (“example.com/huseyin/” seklinde)
imapok: Courier imap ile kendi hesabına ulaşımı sağlar. 1 yada 0 değeri alır 1 aktifdir 0 pasif.
bool1: 1 yada 0 biz 1 veriyoruz
bool2: 1 yada 0 biz 1 veriyoruz
quota: Kotayı verir.


Postfix ayarları

vim /etc/postfix/main.cf


# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

smtpd_use_tls=yes
tls_preempt_cipherlist = yes 
smtpd_tls_auth_only = yes 
smtp_tls_security_level = may 
smtpd_tls_security_level = may 
smtp_tls_loglevel = 1 
smtpd_tls_loglevel = 1 
smtpd_tls_received_header = yes 

# sadece TLSv1.2 icin
smtpd_use_tls = yes 
smtpd_tls_mandatory_protocols = TLSv1.2
smtpd_tls_exclude_ciphers = aNULL, DES, 3DES, MD5, DES+MD5, RC4, RC4-MD5
smtpd_tls_protocols = TLSv1.2
smtp_use_tls = yes 
smtp_tls_mandatory_protocols = TLSv1.2
smtp_tls_protocols = TLSv1.2

tls_preempt_cipherlist = yes 
smtpd_tls_auth_only = yes 
smtp_tls_security_level = may 
smtpd_tls_security_level = may 
smtp_tls_loglevel = 1
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes

smtp_tls_mandatory_ciphers  = high
smtpd_tls_mandatory_ciphers = high
lmtp_tls_mandatory_ciphers  = high

tls_high_cipherlist = ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS

smtp_tls_ciphers = export
smtpd_tls_ciphers = export
lmtp_tls_ciphers = export

tls_random_source = dev:/dev/urandom
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mail.example.com
mydomain = example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = example.com
#mydestination = example.com, husonet, localhost.localdomain, localhost
mydestination = $myhostname, husonet, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
transport_maps = mysql:/etc/postfix/config/transport.cf
html_directory = /usr/share/doc/postfix/html
relay_domains = mysql:/etc/postfix/config/relay_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/config/mysql_virt.cf
virtual_mailbox_limit = 51200000
virtual_minimum_uid = 100
virtual_transport = virtual
#virtual_create_maildirsize = yes
#virtual_mailbox_extended = yes
#virtual_mailbox_limit_maps = mysql:/etc/postfix/config/mysql_virt_limit.cf
#virtual_mailbox_limit_override = yes
#virtual_maildir_limit_message = Uzgunuz e posta kutunuz dolmustur.
#virtual_overquota_bounce = yes
enable_original_recipient = No
virtual_uid_maps = mysql:/etc/postfix/config/uids.cf
virtual_gid_maps = mysql:/etc/postfix/config/gids.cf
virtual_mailbox_base=/var/spool/postfix/virtual
mydestination = $mydomain, $myhostname, $transport_maps
# virtual_maps = mysql:/etc/postfix/config/virtual.cf
virtual_alias_maps = mysql:/etc/postfix/config/virtual.cf
smtpd_sender_restrictions = reject_unknown_sender_domain
unverified_recipient_reject_code = 550

home_mailbox = Maildir/
# mailbox_command = 
# mailbox_command = /usr/bin/maildrop -V 9 -d ${USER}
# mailbox_command = procmail -a "$EXTENSION"


# =======MAILDROP ==========
fallback_transport = /usr/bin/maildrop
maildrop_destination_recipient_limit = 1
unknown_local_recipient_reject_code = 550

# smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unknown_recipient_domain, reject_unverified_recipient

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unverified_recipient,
        reject_invalid_hostname,
        reject_unknown_recipient_domain,
        reject_unauth_destination,
        reject_rbl_client sbl.spamhaus.org,
        permit

smtpd_helo_restrictions = reject_invalid_helo_hostname,
        reject_non_fqdn_helo_hostname,
        reject_unknown_helo_hostname

smtpd_client_restrictions = reject_rbl_client dnsbl.sorbs.net



vim /etc/postfix/master.cf


#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd
587       inet  n       -       n       -       -       smtpd

#smtp      inet  n       -       -       -       1       postscreen
#smtpd     pass  -       -       -       -       -       smtpd
#dnsblog   unix  -       -       -       -       0       dnsblog
#tlsproxy  unix  -       -       -       -       0       tlsproxy
#submission inet n       -       -       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       -       -       -       smtpd
#  -o syslog_name=postfix/smtps
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr

#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}

#maildrop  unix  -       n       n       -       -       pipe
#  flags=ODRhu user=postfix:mail argv=/usr/bin/maildrop -w 90 -d ${user}@${nexthop}
#  ${extension} ${recipient} ${user} ${nexthop}

#maildrop  unix  -       n       n       -       -       pipe
#   flags=DRhu user=vmail argv=/usr/bin/maildrop
#   -d ${user}@${domain} ${extension} ${recipient} ${user} ${nexthop}

#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#

smtp-amavis unix - - n - 2 lmtp
  -o lmtp_data_done_timeout=1200
  -o lmtp_send_xforward_command=yes
  -o disable_dns_lookups=yes

127.0.0.1:10025 inet n - n - - smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o smtpd_helo_restrictions=
  -o smtpd_client_restrictions=
  -o smtpd_sender_restrictions=permit_sasl_authenticated
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=127.0.0.0/8

# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}



vim /etc/postfix/sasl/smtpd.conf



pwcheck_method: auxprop
auxprop_plugin: sql 
sql_engine: mysql
sasl_mech_list: login plain cram-md5 digest-md5
mech_list: plain login cram-md5
sql_user: user
sql_passwd: password
sql_hostnames: 127.0.0.1
sql_database: mail_sunucu
sql_select: select clear from users where address='%u@%r'


mkdir /etc/postfix/config/

vim /etc/postfix/config/mysql_virt.cf


user=user
password=password
dbname=mail_sunucu
table=users
select_field=maildir
where_field=address
hosts=127.0.0.1


vim /etc/postfix/config/mysql_virt_limit.cf


user = user
password = password
dbname = mail_sunucu
table = users
select_field = quota
where_field = address
hosts = 127.0.0.1




vim /etc/postfix/config/relay_domains.cf


user = user
password = password
hosts = 127.0.0.1
dbname = mail_sunucu
# query = SELECT domain FROM domain WHERE domain='%s' and backupmx = true
query = SELECT domain FROM transport WHERE domain='%s'



vim /etc/postfix/config/transport.cf


user=user
password=password
dbname=mail_sunucu
table=transport
select_field=transport
where_field=domain
hosts=127.0.0.1




vim /etc/postfix/config/virtual.cf


user=user
password=password
dbname=mail_sunucu
table=virtual
select_field=goto
where_field=address
additional_conditions = and SILINDI = 'F' 
hosts=127.0.0.1




vim /etc/postfix/config/uids.cf


user=user
password=password
dbname=mail_sunucu
table=users
select_field=uid
where_field=address
hosts=127.0.0.1



vim /etc/postfix/config/gids.cf


user=user
password=password
dbname=mail_sunucu
table=users
select_field=gid
where_field=address
hosts=127.0.0.1



IMAP Ayarları
vim /etc/courier/authmysqlrc
	MYSQL_SERVER	localhost  #your mysql server
	MYSQL_USERNAME	uname
	MYSQL_PASSWORD	passwd
	MYSQL_SOCKET	/tmp/mysql.sock  #necessary if you are on localhost
	MYSQL_DATABASE	maildb
	MYSQL_USER_TABLE	users
	MYSQL_CRYPT_PWFIELD	crypt
	MYSQL_CLEAR_PWFIELD	clear
	MYSQL_UID_FIELD	uid
	MYSQL_GID_FIELD	gid
	#MYSQL_LOGIN_FIELD	id
	MYSQL_LOGIN_FIELD	address
	MYSQL_HOME_FIELD	home
	MYSQL_NAME_FIELD	name
	MYSQL_MAILDIR_FIELD	maildir
	MYSQL_WHERE_CLAUSE	imapok=1 AND bool1=1 AND bool2=1 AND SILINDI='F'


vim /etc/courier/authdaemonrc
	authmodulelist="authpam	authmysql"




Mail Box için klasör oluşturma
cd /var/spool/postfix
mkdir virtual
chown postfix:postfix virtual
cd virtual
mkdir example.com
chown postfix:postfix example.com
# db iden user box ları oluşturacağımız için 777 verelim.
chmod 777 example.com
cd example.com
mkdir huseyin
chmod 0770 huseyin
chown 5000:5000 huseyin


telnet test
telnet localhost 25
ehlo example.com
250-my-new-mailserver
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

mail from:<steve@example.com>
250 2.1.0 Ok

rcpt to:<john@example.com>
250 2.1.5 Ok

data

354 End data with <CR><LF>.<CR><LF>

Hi John,

just wanted to drop you a note.
.

250 2.0.0 Ok: queued as A9D64379C4

quit


SASL Kurulumu


Postfix kullanıcısını sasl grubuna dahil edelim. adduser postfix sasl


vim /etc/postfix/main.cf
smtpd_sasl_auth_enable = yes 
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_type = cyrus
broken_sasl_auth_clients = yes 

content_filter = smtp-amavis:[localhost]:10024


vim /etc/postfix/sasl/smtpd.conf
#pwcheck_method: auxprop
pwcheck_method: saslauthd
allow_plaintext: true
auxprop_plugin: sql 
sql_engine: mysql
sasl_mech_list: login plain cram-md5 digest-md5
mech_list: plain login cram-md5
sql_user: root
sql_passwd: root27SQL2
sql_hostnames: 127.0.0.1
sql_database: mail_sunucu
#sql_select: select clear from users where address='%u@%r'
sql_select: select crypt from users where address='%u@%r'


vim /etc/pam.d/smtp
auth required pam_mysql.so user=kullanici_adi passwd=sifre host=127.0.0.1 db=database table=users usercolumn=address passwdcolumn=crypt crypt=1
account sufficient pam_mysql.so user=kullanici_adi passwd=sifre host=127.0.0.1 db=database table=users usercolumn=address passwdcolumn=crypt crypt=1


Milters kurulumu


aptitude install clamav-milter clamav-unofficial-sigs milter-greylist spamass-milter

clamav-milter dabatabase update edelim ardındanda servisi start yapalım.



/etc/init.d/clamav-freshclam stop
freshclam
/etc/init.d/clamav-freshclam start
/etc/init.d/clamav-daemon start

Default socket grubunu düzenleyelim.


vim /etc/default/clamav-milter
SOCKET_RWGROUP=postfix

Socket klasörü ve sahibini belirleyelim.


mkdir /var/spool/postfix/clamav
chown clamav /var/spool/postfix/clamav

Milters konfigürasyonu


dpkg-reconfigure clamav-milter

Handle configuration automatically --> yes
User to run clamav-milter as --> clamav
Groups for clamav-milter --> none (Boş bırak)
path to socket --> /var/spool/postfix/clamav/clamav-milter.ctl
group owner for the socket --> clamav
permissions (mode) for socket --> 666
remove stale socket --> yes
wait timeout for clamd --> 120
foreground --> no
chroot --> none (boş bırak)
pid file --> /var/run/clamav/clamav-milter.pid
temporary path --> /tmp
clamd socket --> unix:/var/run/clamav/clamd.ctl
hosts excluded for scanning --> none (boş bırak)
mail whitelist --> none (boş bırak)
action for "infected" mail --> reject
action on error --> defer
reason for rejection --> Zararli eposta: %v bulundu.
headers -> replace
log file --> /var/log/clamav/clamav-milter.log
disable log file locking --> no
maximum log file size --> 0
log time --> yes
use syslog --> no
log facility (type of syslog message) --> LOG_LOCAL6
verbose logging --> no
log level when infected --> off
log level when no threat --> off
size limit for scanned messages  --> 25
Do you want clamav-milter to support multiple recipients --> no
Do you want to enable log rotation --> yes

Postfix konfigurasyon dosyamıza ekleyelim.


postconf -e 'smtpd_milters = unix:/var/spool/postfix/clamav/clamav-milter.ctl'
postfix reload

spamass-milter


vim /etc/default/spamass-milter

  • -m Konu başlığını değiştirmek için kullanılır.
  • -r -1 Bu şekild SpamAssassin spam olarak ne işaretlendiyse red eder.
  • -l Giriş yapmış kullanıcıların eposta larının taranmasını önlemek için kullanabilirsiniz.

OPTIONS="-u spamass-milter -i 127.0.0.1 -m -r -1 -I"

spammass-milter kullanıcısını postfix grubuna ekleyelim


adduser spamass-milter postfix

Servisi restart edelim
service spamass-milter restart

Spamassassin Servisini açalım.


vim /etc/default/spamassassin
	ENABLED=1
	OPTIONS="--create-prefs --max-children 5 --helper-home-dir=/var/lib/spamassassin -u spamd -g spamd" 
	CRON=1

Kuralları update edelim ardından da servisi restart edelim.


sa-update
service spamassassin restart

Yeni milter ayarımızı Postfix e tanıtalım.


postconf -e 'smtpd_milters =unix:milter-greylist/milter-greylist.sock,  unix:clamav/clamav-milter.ctl, unix:postfix/spamass/spamass.sock'
postconf -e 'non_smtpd_milters = unix:spamass/spamass.sock, inet:localhost:12301'
postfix reload

milter-greylist


vim /etc/milter-greylist/greylist.conf
# For sendmail use the following two lines
#socket "/var/run/milter-greylist/milter-greylist.sock"
#user "smmsp"
# For Postfix uncomment the following two lines and comment out the
# sendmail ones above.
socket "/var/spool/postfix/milter-greylist/milter-greylist.sock" 660
user "greylist"

vim /etc/default/milter-greylist
ENABLED=1
SOCKET="/var/spool/postfix/milter-greylist/milter-greylist.sock"

Soket için bir klasör oluşturalım ardından da servisi restart edelim.


mkdir /var/spool/postfix/milter-greylist
chmod 2755 /var/spool/postfix/milter-greylist
chown greylist:postfix /var/spool/postfix/milter-greylist
service milter-greylist restart

Roundcube mail gönderilmlerinde pear Net SMTP kullanır. Fakat 1.8 versiyonunda TLS le ilgili bir bug keşfettim TLS1.0 la mail gönderimi yapmaya çalışıyor sistem kodu aşağıdaki şekilde düzenleyebilirsiniz. Ayrıca kurulu değil ise pear install Net_SMTP şeklinde kurulum yapabilirsiniz.


vim /usr/share/php/Net/SMTP.php
                #$crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT
                #                 | @STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT
                #                 | @STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;

                $crypto_method = (STREAM_CRYPTO_METHOD_SSLv23_CLIENT
                              & ~STREAM_CRYPTO_METHOD_SSLv2_CLIENT
                              & ~STREAM_CRYPTO_METHOD_SSLv3_CLIENT)
                             | (STREAM_CRYPTO_METHOD_TLS_CLIENT
                              & ~STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT
                              & ~STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT
                                );