● amavis.service - LSB: Starts amavisd-new mailfilter
Loaded: loaded (/etc/init.d/amavis; generated; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2018-05-14 16:07:37 CEST; 3ms ago
Docs: man:systemd-sysv-generator(8)
Process: 20077 ExecStart=/etc/init.d/amavis start (code=exited, status=1/FAILURE)
May 14 16:07:37 pythontr amavis: Starting amavisd: The value of variable $myhostname is "pythontr", but should have been
May 14 16:07:37 pythontr amavis: a fully qualified domain name; perhaps uname(3) did not provide such.
May 14 16:07:37 pythontr amavis: You must explicitly assign a FQDN of this host to variable $myhostname
May 14 16:07:37 pythontr amavis: in /etc/amavis/conf.d/05-node_id, or fix what uname(3) provides as a host's
May 14 16:07:37 pythontr amavis: network name!
May 14 16:07:37 pythontr amavis: (failed).
May 14 16:07:37 pythontr systemd: amavis.service: Control process exited, code=exited status=1
May 14 16:07:37 pythontr systemd: Failed to start LSB: Starts amavisd-new mailfilter.
May 14 16:07:37 pythontr systemd: amavis.service: Unit entered failed state.
May 14 16:07:37 pythontr systemd: amavis.service: Failed with result 'exit-code'.
amavis yukarıdaki gibi hata verirse
vim /etc/amavis/conf.d/05-node_id $myhostname = "pythontr.com";
ACCEPT $FW net icmp # net ACCEPT net fw tcp 22 ACCEPT net fw tcp 514 ACCEPT net fw udp 514 # mail sunucu ACCEPT net fw tcp 143 ACCEPT net fw udp 143 ACCEPT net fw tcp 110 ACCEPT net fw udp 110 ACCEPT net fw tcp 587 ACCEPT net fw udp 587 ACCEPT net fw tcp 993 ACCEPT net fw udp 993 ACCEPT net fw tcp 25 ACCEPT net fw udp 25 # dns server ACCEPT net fw tcp 53 ACCEPT net fw udp 53 HTTP/ACCEPT net fw Ping/ACCEPT net fw
CREATE DATABASE `mail_sunucu` DEFAULT CHARACTER SET utf8 COLLATE utf8_turkish_ci;
CREATE EXISTS `users` ( `id` int(11) NOT NULL AUTO_INCREMENT, `address` varchar(128) COLLATE utf8_turkish_ci NOT NULL DEFAULT '', `crypt` varchar(128) COLLATE utf8_turkish_ci NOT NULL DEFAULT '', `clear` varchar(128) COLLATE utf8_turkish_ci NOT NULL DEFAULT '', `name` varchar(128) COLLATE utf8_turkish_ci NOT NULL DEFAULT '', `uid` smallint(5) unsigned NOT NULL DEFAULT '1000', `gid` smallint(5) unsigned NOT NULL DEFAULT '1000', `home` varchar(128) COLLATE utf8_turkish_ci NOT NULL DEFAULT '/', `domain` varchar(128) COLLATE utf8_turkish_ci NOT NULL DEFAULT '', `maildir` varchar(255) COLLATE utf8_turkish_ci NOT NULL DEFAULT '', `imapok` tinyint(3) unsigned NOT NULL DEFAULT '1', `bool1` tinyint(3) unsigned NOT NULL DEFAULT '1', `bool2` tinyint(3) unsigned NOT NULL DEFAULT '1', `quota` varchar(100) COLLATE utf8_turkish_ci NOT NULL DEFAULT '5000', `SILINDI` varchar(1) COLLATE utf8_turkish_ci NOT NULL DEFAULT 'F', PRIMARY KEY (`id`), UNIQUE KEY `address` (`address`), UNIQUE KEY `id` (`id`), KEY `id_2` (`id`), KEY `address_2` (`address`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_turkish_ci AUTO_INCREMENT=1; CREATE TABLE `virtual` ( `id` int(11) NOT NULL AUTO_INCREMENT, `address` varchar(255) COLLATE utf8_turkish_ci NOT NULL DEFAULT '', `goto` text COLLATE utf8_turkish_ci NOT NULL, `SILINDI` varchar(1) COLLATE utf8_turkish_ci NOT NULL DEFAULT 'F', PRIMARY KEY (`id`), UNIQUE KEY `ADDRESS` (`address`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_turkish_ci AUTO_INCREMENT=1 ; CREATE TABLE `transport` ( `domain` varchar(128) NOT NULL default '', `transport` varchar(128) NOT NULL default 'virtual:', UNIQUE KEY `domain` (`domain`) ) ENGINE=MyISAM; INSERT INTO `users` (`id`, `address`, `crypt`, `clear`, `name`, `uid`, `gid`, `home`, `domain`, `maildir`, `imapok`, `bool1`, `bool2`, `quota`, `SILINDI`) VALUES ('1', 'huseyin@example.com', encrypt('123456'), '123456', 'Huseyin', 5000, 5000, '/var/spool/postfix/virtual', 'example.com', 'example.com/huseyin/', 1, 1, 1, '51200000', 'F'); INSERT INTO `virtual` (`id`, `address`, `goto`, `SILINDI`) VALUES ('1', 'root@example.com', 'huseyin@example.com', 'F'), ('2', '@example.com', 'huseyin@example.com', 'F'); INSERT INTO `transport` (`domain`, `transport`) VALUES ('example.com', 'virtual:');
# See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = /usr/share/doc/postfix # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes tls_preempt_cipherlist = yes smtpd_tls_auth_only = yes smtp_tls_security_level = may smtpd_tls_security_level = may smtp_tls_loglevel = 1 smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes # sadece TLSv1.2 icin smtpd_use_tls = yes smtpd_tls_mandatory_protocols = TLSv1.2 smtpd_tls_exclude_ciphers = aNULL, DES, 3DES, MD5, DES+MD5, RC4, RC4-MD5 smtpd_tls_protocols = TLSv1.2 smtp_use_tls = yes smtp_tls_mandatory_protocols = TLSv1.2 smtp_tls_protocols = TLSv1.2 tls_preempt_cipherlist = yes smtpd_tls_auth_only = yes smtp_tls_security_level = may smtpd_tls_security_level = may smtp_tls_loglevel = 1 smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtp_tls_mandatory_ciphers = high smtpd_tls_mandatory_ciphers = high lmtp_tls_mandatory_ciphers = high tls_high_cipherlist = ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS smtp_tls_ciphers = export smtpd_tls_ciphers = export lmtp_tls_ciphers = export tls_random_source = dev:/dev/urandom smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = mail.example.com mydomain = example.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = example.com #mydestination = example.com, husonet, localhost.localdomain, localhost mydestination = $myhostname, husonet, localhost.localdomain, localhost relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all transport_maps = mysql:/etc/postfix/config/transport.cf html_directory = /usr/share/doc/postfix/html relay_domains = mysql:/etc/postfix/config/relay_domains.cf virtual_mailbox_maps = mysql:/etc/postfix/config/mysql_virt.cf virtual_mailbox_limit = 51200000 virtual_minimum_uid = 100 virtual_transport = virtual #virtual_create_maildirsize = yes #virtual_mailbox_extended = yes #virtual_mailbox_limit_maps = mysql:/etc/postfix/config/mysql_virt_limit.cf #virtual_mailbox_limit_override = yes #virtual_maildir_limit_message = Uzgunuz e posta kutunuz dolmustur. #virtual_overquota_bounce = yes enable_original_recipient = No virtual_uid_maps = mysql:/etc/postfix/config/uids.cf virtual_gid_maps = mysql:/etc/postfix/config/gids.cf virtual_mailbox_base=/var/spool/postfix/virtual mydestination = $mydomain, $myhostname, $transport_maps # virtual_maps = mysql:/etc/postfix/config/virtual.cf virtual_alias_maps = mysql:/etc/postfix/config/virtual.cf smtpd_sender_restrictions = reject_unknown_sender_domain unverified_recipient_reject_code = 550 home_mailbox = Maildir/ # mailbox_command = # mailbox_command = /usr/bin/maildrop -V 9 -d ${USER} # mailbox_command = procmail -a "$EXTENSION" # =======MAILDROP ========== fallback_transport = /usr/bin/maildrop maildrop_destination_recipient_limit = 1 unknown_local_recipient_reject_code = 550 # smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unknown_recipient_domain, reject_unverified_recipient smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unverified_recipient, reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_destination, reject_rbl_client sbl.spamhaus.org, permit smtpd_helo_restrictions = reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname smtpd_client_restrictions = reject_rbl_client dnsbl.sorbs.net
# # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - - smtpd 587 inet n - n - - smtpd #smtp inet n - - - 1 postscreen #smtpd pass - - - - - smtpd #dnsblog unix - - - - 0 dnsblog #tlsproxy unix - - - - 0 tlsproxy #submission inet n - - - - smtpd # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #smtps inet n - - - - smtpd # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - - - - qmqpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp relay unix - - - - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} #maildrop unix - n n - - pipe # flags=ODRhu user=postfix:mail argv=/usr/bin/maildrop -w 90 -d ${user}@${nexthop} # ${extension} ${recipient} ${user} ${nexthop} #maildrop unix - n n - - pipe # flags=DRhu user=vmail argv=/usr/bin/maildrop # -d ${user}@${domain} ${extension} ${recipient} ${user} ${nexthop} # # ==================================================================== # # Recent Cyrus versions can use the existing "lmtp" master.cf entry. # # Specify in cyrus.conf: # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 # # Specify in main.cf one or more of the following: # mailbox_transport = lmtp:inet:localhost # virtual_transport = lmtp:inet:localhost # # ==================================================================== # smtp-amavis unix - - n - 2 lmtp -o lmtp_data_done_timeout=1200 -o lmtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions=permit_sasl_authenticated -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # cyrus unix - n n - - pipe user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # Old example of delivery via Cyrus. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
pwcheck_method: auxprop auxprop_plugin: sql sql_engine: mysql sasl_mech_list: login plain cram-md5 digest-md5 mech_list: plain login cram-md5 sql_user: user sql_passwd: password sql_hostnames: 127.0.0.1 sql_database: mail_sunucu sql_select: select clear from users where address='%u@%r'
user=user password=password dbname=mail_sunucu table=users select_field=maildir where_field=address hosts=127.0.0.1
user = user password = password dbname = mail_sunucu table = users select_field = quota where_field = address hosts = 127.0.0.1
user = user password = password hosts = 127.0.0.1 dbname = mail_sunucu # query = SELECT domain FROM domain WHERE domain='%s' and backupmx = true query = SELECT domain FROM transport WHERE domain='%s'
user=user password=password dbname=mail_sunucu table=transport select_field=transport where_field=domain hosts=127.0.0.1
user=user password=password dbname=mail_sunucu table=virtual select_field=goto where_field=address additional_conditions = and SILINDI = 'F' hosts=127.0.0.1
user=user password=password dbname=mail_sunucu table=users select_field=uid where_field=address hosts=127.0.0.1
user=user password=password dbname=mail_sunucu table=users select_field=gid where_field=address hosts=127.0.0.1
vim /etc/courier/authmysqlrc MYSQL_SERVER localhost #your mysql server MYSQL_USERNAME uname MYSQL_PASSWORD passwd MYSQL_SOCKET /tmp/mysql.sock #necessary if you are on localhost MYSQL_DATABASE maildb MYSQL_USER_TABLE users MYSQL_CRYPT_PWFIELD crypt MYSQL_CLEAR_PWFIELD clear MYSQL_UID_FIELD uid MYSQL_GID_FIELD gid #MYSQL_LOGIN_FIELD id MYSQL_LOGIN_FIELD address MYSQL_HOME_FIELD home MYSQL_NAME_FIELD name MYSQL_MAILDIR_FIELD maildir MYSQL_WHERE_CLAUSE imapok=1 AND bool1=1 AND bool2=1 AND SILINDI='F'
vim /etc/courier/authdaemonrc authmodulelist="authpam authmysql"
telnet localhost 25
ehlo example.com
250-my-new-mailserver
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:<steve@example.com>
250 2.1.0 Ok
rcpt to:<john@example.com>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Hi John,
just wanted to drop you a note.
.
250 2.0.0 Ok: queued as A9D64379C4
quit
Postfix kullanıcısını sasl grubuna dahil edelim. adduser postfix sasl
vim /etc/postfix/main.cf smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname smtpd_sasl_type = cyrus broken_sasl_auth_clients = yes content_filter = smtp-amavis:[localhost]:10024
vim /etc/postfix/sasl/smtpd.conf #pwcheck_method: auxprop pwcheck_method: saslauthd allow_plaintext: true auxprop_plugin: sql sql_engine: mysql sasl_mech_list: login plain cram-md5 digest-md5 mech_list: plain login cram-md5 sql_user: root sql_passwd: root27SQL2 sql_hostnames: 127.0.0.1 sql_database: mail_sunucu #sql_select: select clear from users where address='%u@%r' sql_select: select crypt from users where address='%u@%r'
vim /etc/pam.d/smtp auth required pam_mysql.so user=kullanici_adi passwd=sifre host=127.0.0.1 db=database table=users usercolumn=address passwdcolumn=crypt crypt=1 account sufficient pam_mysql.so user=kullanici_adi passwd=sifre host=127.0.0.1 db=database table=users usercolumn=address passwdcolumn=crypt crypt=1
aptitude install clamav-milter clamav-unofficial-sigs milter-greylist spamass-milter
clamav-milter dabatabase update edelim ardındanda servisi start yapalım.
/etc/init.d/clamav-freshclam stop freshclam /etc/init.d/clamav-freshclam start /etc/init.d/clamav-daemon start
Default socket grubunu düzenleyelim.
vim /etc/default/clamav-milter SOCKET_RWGROUP=postfix
Socket klasörü ve sahibini belirleyelim.
mkdir /var/spool/postfix/clamav chown clamav /var/spool/postfix/clamav
dpkg-reconfigure clamav-milter
Handle configuration automatically --> yes
User to run clamav-milter as --> clamav
Groups for clamav-milter --> none (Boş bırak)
path to socket --> /var/spool/postfix/clamav/clamav-milter.ctl
group owner for the socket --> clamav
permissions (mode) for socket --> 666
remove stale socket --> yes
wait timeout for clamd --> 120
foreground --> no
chroot --> none (boş bırak)
pid file --> /var/run/clamav/clamav-milter.pid
temporary path --> /tmp
clamd socket --> unix:/var/run/clamav/clamd.ctl
hosts excluded for scanning --> none (boş bırak)
mail whitelist --> none (boş bırak)
action for "infected" mail --> reject
action on error --> defer
reason for rejection --> Zararli eposta: %v bulundu.
headers -> replace
log file --> /var/log/clamav/clamav-milter.log
disable log file locking --> no
maximum log file size --> 0
log time --> yes
use syslog --> no
log facility (type of syslog message) --> LOG_LOCAL6
verbose logging --> no
log level when infected --> off
log level when no threat --> off
size limit for scanned messages --> 25
Do you want clamav-milter to support multiple recipients --> no
Do you want to enable log rotation --> yes
Postfix konfigurasyon dosyamıza ekleyelim.
postconf -e 'smtpd_milters = unix:/var/spool/postfix/clamav/clamav-milter.ctl' postfix reload
vim /etc/default/spamass-milter
OPTIONS="-u spamass-milter -i 127.0.0.1 -m -r -1 -I"
spammass-milter kullanıcısını postfix grubuna ekleyelim
adduser spamass-milter postfix
service spamass-milter restart
vim /etc/default/spamassassin ENABLED=1 OPTIONS="--create-prefs --max-children 5 --helper-home-dir=/var/lib/spamassassin -u spamd -g spamd" CRON=1
Kuralları update edelim ardından da servisi restart edelim.
sa-update service spamassassin restart
Yeni milter ayarımızı Postfix e tanıtalım.
postconf -e 'smtpd_milters =unix:milter-greylist/milter-greylist.sock, unix:clamav/clamav-milter.ctl, unix:postfix/spamass/spamass.sock' postconf -e 'non_smtpd_milters = unix:spamass/spamass.sock, inet:localhost:12301' postfix reload
vim /etc/milter-greylist/greylist.conf # For sendmail use the following two lines #socket "/var/run/milter-greylist/milter-greylist.sock" #user "smmsp" # For Postfix uncomment the following two lines and comment out the # sendmail ones above. socket "/var/spool/postfix/milter-greylist/milter-greylist.sock" 660 user "greylist"
vim /etc/default/milter-greylist ENABLED=1 SOCKET="/var/spool/postfix/milter-greylist/milter-greylist.sock"
Soket için bir klasör oluşturalım ardından da servisi restart edelim.
mkdir /var/spool/postfix/milter-greylist chmod 2755 /var/spool/postfix/milter-greylist chown greylist:postfix /var/spool/postfix/milter-greylist service milter-greylist restart
Roundcube mail gönderilmlerinde pear Net SMTP kullanır. Fakat 1.8 versiyonunda TLS le ilgili bir bug keşfettim TLS1.0 la mail gönderimi yapmaya çalışıyor sistem kodu aşağıdaki şekilde düzenleyebilirsiniz. Ayrıca kurulu değil ise pear install Net_SMTP şeklinde kurulum yapabilirsiniz.
vim /usr/share/php/Net/SMTP.php #$crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT # | @STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT # | @STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT; $crypto_method = (STREAM_CRYPTO_METHOD_SSLv23_CLIENT & ~STREAM_CRYPTO_METHOD_SSLv2_CLIENT & ~STREAM_CRYPTO_METHOD_SSLv3_CLIENT) | (STREAM_CRYPTO_METHOD_TLS_CLIENT & ~STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT & ~STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT );
Yorumlar
I feel that is among the so much significant information for me. And i'm glad studying your article. However should observation on few general issues, The website taste is ideal, the articles is in point of fact excellent D. Just right activity, cheers aacbefdaaaefdfkf