 | Com configurar Postfix (MTA) d'una forma segura, i accedir al correu des d'una pàgina web. El contingut del post està estructurat en: |
Instal·lar Postfix
sudo aptitude install postfix
Configuració bàsica Postfix
sudo dpkg-reconfigure postfix
Tipus de configuració del Correu: Lloc d'Internet
Nom del correu del sistema: server1.example.com
Destinatari del correu de root i postmaster:
Altres destinacions per a les quals s'accepta correu (deixeu-ho en blanc per a cap): server1.example.com, example.com, localhost.example.com, localhost
Voleu forçar les actualitzacions síncrones a la cua de correu?: No
Xarxes locals: 127.0.0.0/8
Mida màxima de la bústia (bytes): 0
Caràcter d'extensió de les adreces locals: +
Protocols d'Internet a utilitzar: ambdós
Configurar el format de mailbox a Maildir
sudo postconf -e 'home_mailbox = Maildir/'
sudo postconf -e 'mailbox_command ='
Configurar Postfix per utilitzar SMTP AUTH amb SASL (saslauthd)
sudo postconf -e 'smtpd_sasl_local_domain ='
sudo postconf -e 'smtpd_sasl_auth_enable = yes'
sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
sudo postconf -e 'broken_sasl_auth_clients = yes'
sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
sudo postconf -e 'inet_interfaces = all'
Agefir l'usuari postfix al grup sasl:
sudo adduser postfix sasl
editar /etc/postfix/sasl/smtpd.conf i afegir les següents línies:
pwcheck_method: saslauthd
mech_list: plain login
Generar certificats:
touch smtpd.key
chmod 600 smtpd.key
openssl genrsa 1024 > smtpd.key
openssl req -new -key smtpd.key -x509 -days 3650 -out smtpd.crt # has prompts
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
sudo mv smtpd.key /etc/ssl/private/
sudo mv smtpd.crt /etc/ssl/certs/
sudo mv cakey.pem /etc/ssl/private/
sudo mv cacert.pem /etc/ssl/certs/
Configurar Postfix per TLS:
sudo postconf -e 'smtp_tls_security_level = may'
sudo postconf -e 'smtpd_tls_security_level = may'
sudo postconf -e 'smtpd_tls_auth_only = no'
sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/smtpd.key'
sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt'
sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
sudo postconf -e 'smtpd_tls_loglevel = 1'
sudo postconf -e 'smtpd_tls_received_header = yes'
sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
sudo postconf -e 'tls_random_source = dev:/dev/urandom'
sudo postconf -e 'myhostname = server1.example.com'
Reiniciar el servei postfix
sudo /etc/init.d/postfix restart
Autentificació SASL
sudo aptitude install libsasl2-2 sasl2-bin
Editar /etc/default/saslauthd i descomentar/canviar la línia:
START=yes
Afegir les següents liníes després de la línia START=yes:
PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"
Executar:
dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd > /dev/null
Reiniciar:
sudo /etc/init.d/saslauthd start
Instal·lar antivirus
Email --> [(Port 25) Postfix] --> [(10024) amavisd-new] --> [(10025) Postfix] --> Mailbox | v [ClamAV]
sudo aptitude install clamav-daemon
Instal·lar actualitzador de definicions de virus:
sudo aptitude install clamav-freshclam
Instal·lar decompressors per a que l'antivirus pugui analitzar arxius comprimits:
sudo aptitude install unrar lha arj zip unzip bzip2 gzip cpio file lzop
Descomentar la línia @bypass_virus_checks_maps de /etc/amavis/conf.d/15-content_filter_mode:
@bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
Editar /etc/amavis/conf.d/05-domain_id, comentant la línia:
#chomp($myhostname = `hostname --fqdn`);
i descomentar la linia, agefint el valor:
$myhostname = "localhost";
Agefir l'usuari clamav al grup amavis:
sudo adduser clamav amavis
sudo /etc/init.d/amavis restart
sudo /etc/init.d/clamav-daemon restart
Executar:
postconf -e 'content_filter = amavis:[127.0.0.1]:10024'
postconf -e 'receive_override_options = no_address_mappings'
Modificar l'arxiu /etc/postfix/master.cf afegint les següents línies:
amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_bind_address=127.0.0.1
Reiniciar servidor:
sudo /etc/init.d/postfix restart
Comprovar els ports:
netstat -tap
Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:imaps *:* LISTEN 1438/dovecot tcp 0 0 localhost:10024 *:* LISTEN 10355/amavisd (mast tcp 0 0 localhost:10025 *:* LISTEN 11129/master tcp 0 0 localhost:mysql *:* LISTEN 3375/mysqld tcp 0 0 *:imap2 *:* LISTEN 1438/dovecot tcp 0 0 *:www *:* LISTEN 3097/apache2 tcp 0 0 localhost:ipp *:* LISTEN 2769/cupsd tcp 0 0 *:smtp *:* LISTEN 11129/master tcp6 0 0 [::]:smtp [::]:* LISTEN 11129/master
Instal·lar antispam
Email --> [(Port 25) Postfix] --> [(10024) amavisd-new] --> [(10025) Postfix] --> Mailbox | v [SpamAssassin]
sudo aptitude install spamassassin
Descomentar la línia @bypass_spam_checks_maps de /etc/amavis/conf.d/15-content_filter_mode (si ho heu fet en l'antivirus, no cal fer-ho):
@bypass_spam_checks_maps = ( \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
Instal·lar anti-plublicitaris:
sudo aptitude install razor pyzor
Editar l'arxiu /etc/default/spamassassin i modificar la línia:
ENABLED=1
Editar l'arxiu /etc/spamassassin/local.cf i afegir les següents línies:
#pyzor use_pyzor 1 pyzor_path /usr/bin/pyzor pyzor_add_header 1 #razor use_razor2 1 razor_config /etc/razor/razor-agent.conf #bayes use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1
Editar /etc/amavis/conf.d/05-domain_id, comentant la línia:
#chomp($myhostname = `hostname --fqdn`);
i descomentar la linia, agefint el valor (si ho heu fet en l'antivirus, no cal fer-ho):
$myhostname = "localhost";
Executar (si ho heu fet en l'antivirus, no cal fer-ho):
postconf -e 'content_filter = amavis:[127.0.0.1]:10024'
postconf -e 'receive_override_options = no_address_mappings'
Modificar l'arxiu /etc/postfix/master.cf afegint les següents línies (si ho heu fet en l'antivirus, no cal fer-ho):
amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_bind_address=127.0.0.1
Reiniciar servidor:
sudo /etc/init.d/spamassassin restart
sudo /etc/init.d/amavis restart
sudo /etc/init.d/postfix restart
Comprovar els ports (si ho heu fet en l'antivirus, no cal fer-ho):
netstat -tap
Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:imaps *:* LISTEN 1438/dovecot tcp 0 0 localhost:10024 *:* LISTEN 10355/amavisd (mast tcp 0 0 localhost:10025 *:* LISTEN 11129/master tcp 0 0 localhost:mysql *:* LISTEN 3375/mysqld tcp 0 0 *:imap2 *:* LISTEN 1438/dovecot tcp 0 0 *:www *:* LISTEN 3097/apache2 tcp 0 0 localhost:ipp *:* LISTEN 2769/cupsd tcp 0 0 *:smtp *:* LISTEN 11129/master tcp6 0 0 [::]:smtp [::]:* LISTEN 11129/master
Testejar Postfix
Executar:
telnet localhost 25
Escriure:
ehlo localhost
Veureu les línies:
250-STARTTLS
250-AUTH
(...)
Enviar un correu a un usuari local:
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 server1.example.com ESMTP Postfix (Ubuntu)
MAIL FROM: robert@localhost
250 2.1.0 Ok
RCPT TO: robert@localhost
250 2.1.5 Ok
DATA
354 End data with
Subject: Hola!!
Que tal?
.
250 2.0.0 Ok: queued as 9334A8D394
quit
221 2.0.0 Bye
Connection closed by foreign host.
comprovar missatge:
cat /home/robert/Maildir/cur/*
| Return-Path: <robert@localhost> X-Original-To: robert@localhost Delivered-To: robert@localhost Received: from localhost (localhost [127.0.0.1]) by server1.example.com (Postfix) with ESMTP id CFF8E8D395 for <robert@localhost>; Wed, 28 Jan 2009 02:57:26 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at server1.example.com Received: from server1.example.com ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xI0dqzdSHr6l for <robert@localhost>; Wed, 28 Jan 2009 02:57:23 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by server1.example.com (Postfix) with SMTP id 9334A8D394 for <robert@localhost>; Wed, 28 Jan 2009 02:55:52 +0100 (CET) Subject: Hola!! Message-Id: <20090128015630.9334A8D394@server1.example.com> Date: Wed, 28 Jan 2009 02:55:52 +0100 (CET) From: robert@localhost To: undisclosed-recipients:; Que tal? |
Podeu mirar el registre a:
sudo tail -f /var/log/mail.log
(per tancar pitjar Control+C)
squirrelmail
sudo aptitude install dovecot-imapd
sudo aptitude install apache2
sudo aptitude install php5
aptitude install squirrelmail
editar /etc/apache2/apache2.conf i afegir la linia:
Include /etc/squirrelmail/apache.conf
Reiniciar el servidor:
/etc/init.d/apache2 restart
Comprovar el servidor de correu:
http://localhost/squirrelmail
El resultat d'enviar un correu a un usuari local (robert@localhost):
cat /home/robert/Maildir/cur/*
Return-Path: <robert@server1.example.com> X-Original-To: robert@localhost Delivered-To: robert@localhost Received: from localhost (localhost [127.0.0.1]) by server1.example.com (Postfix) with ESMTP id 0B78B8D395 for <robert@localhost>; Wed, 28 Jan 2009 03:24:43 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at server1.example.com Received: from server1.example.com ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NTCJn-O9ogWR for <robert@localhost>; Wed, 28 Jan 2009 03:24:39 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by server1.example.com (Postfix) with ESMTP id 411448D394 for <robert@localhost>; Wed, 28 Jan 2009 03:24:39 +0100 (CET) Received: from 127.0.0.1 (SquirrelMail authenticated user robert) by localhost with HTTP; Wed, 28 Jan 2009 03:24:39 +0100 (CET) Message-ID: <3210f6d9c31ed3aebc194b387f34ef77.squirrel@localhost> Date: Wed, 28 Jan 2009 03:24:39 +0100 (CET) Subject: Prova From: robert@server1.example.com To: robert@localhost User-Agent: SquirrelMail/1.4.15 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal |
Cap comentari:
Publica un comentari a l'entrada