Mailserver-Best-Practice: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
(18 dazwischenliegende Versionen von 3 Benutzern werden nicht angezeigt)
Zeile 5: Zeile 5:
 
=Install Postfix=
 
=Install Postfix=
 
*apt-get install postfix
 
*apt-get install postfix
=Install Procmail=
 
*apt-get install procmail
 
 
 
=Postfix Service Handling=
 
=Postfix Service Handling=
 
*systemctl start  postfix.service
 
*systemctl start  postfix.service
Zeile 18: Zeile 15:
 
=SSL Verschlüsselung=
 
=SSL Verschlüsselung=
 
==Install letsencrypt==
 
==Install letsencrypt==
*sudo apt install letsencrypt
+
*[[Letsencrpyt Ubuntu 16.04]]
*letsencrypt certonly --standalone -d yyy.tuxmen.de
+
*crontab -e
 +
0 */6 * * * /usr/bin/certbot renew --no-self-upgrade --pre-hook "systemctl stop postfix; systemctl stop dovecot" --post-hook "systemctl start postfix ; systemctl start dovecot"
  
 
==master.cf changed==
 
==master.cf changed==
Zeile 28: Zeile 26:
 
   -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
 
   -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
 
</pre>
 
</pre>
 +
 
==main.cf==
 
==main.cf==
 
<pre>
 
<pre>
Zeile 34: Zeile 33:
 
smtpd_tls_security_level = may
 
smtpd_tls_security_level = may
 
smtpd_tls_received_header = yes
 
smtpd_tls_received_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
 
 
</pre>
 
</pre>
  
=Sasl2=
+
=Sasl2 over Dovecot=
==Install==
 
*apt-get install sasl2-bin
 
==Config==
 
*/etc/postfix/sasl/smtpd.conf
 
pwcheck_method: saslauthd
 
mech_list: PLAIN LOGIN
 
saslauthd_path: /var/run/saslauthd/mux
 
*/etc/default/saslauthd
 
START=yes
 
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
 
 
*/etc/postfix/main.cf
 
*/etc/postfix/main.cf
 
  smtpd_sasl_auth_enable = yes
 
  smtpd_sasl_auth_enable = yes
  smtpd_sasl_path = smtpd
+
  smtpd_sasl_type = dovecot
  broken_sasl_auth_clients = yes
+
  smtpd_sasl_path = private/auth
 
  smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
 
  smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
 +
=Dovecot=
 +
==Install==
 +
*apt-get install dovecot-core dovecot-imapd
 +
 +
==Config==
 +
*/etc/dovecot/conf.d/10-ssl.conf
 +
ssl = yes
 +
ssl_cert = </etc/letsencrypt/live/yyy.tuxmen.de/fullchain.pem
 +
ssl_key = </etc/letsencrypt/live/yyy.tuxmen.de/privkey.pem
 +
*/etc/dovecot/conf.d/10-mail.conf
 +
mail_location = maildir:~/Maildir
 +
*/etc/dovecot/conf.d/10-master.conf
 +
<pre>
 +
service auth {
 +
  unix_listener auth-userdb {
 +
    #mode = 0666
 +
    #user =
 +
    #group =
 +
  }
 +
  unix_listener /var/spool/postfix/private/auth {
 +
    mode = 0666
 +
  }
 +
}
 +
</pre>
 +
 +
=Restart=
 +
*systemctl restart postfix
 +
*systemctl restart dovecot
  
==Test==
+
=Tables=
*testsaslauthd -f  /var/spool/postfix/var/run/saslauthd/mux  -s smtp -u leroy -p suxer
+
<pre>
 +
mydestination = $myhostname, yaphit.tuxmen.de, localhost.tuxmen.de, localhost , hash:/etc/postfix/mydestinations
 +
alias_maps = hash:/etc/aliases
 +
transport_maps = hash:/etc/postfix/transport
 +
relocated_maps = hash:/etc/postfix/relocated
 +
virtual_maps = hash:/etc/postfix/virtual
 +
sender_canonical_maps = hash:/etc/postfix/canonical
 +
</pre>
 +
=Checks=
 +
*[[SMTPS AUTH PLAIN CHECK]]
 +
*[[IMAPS LOGIN CHECK]]

Aktuelle Version vom 5. Oktober 2024, 11:31 Uhr

Prepare Maildirs

  • mkdir -p /etc/skel/Maildir/new
  • mkdir -p /etc/skel/Maildir/cur
  • mkdir -p /etc/skel/Maildir/tmp

Install Postfix

  • apt-get install postfix

Postfix Service Handling

  • systemctl start postfix.service
  • systemctl restart postfix.service
  • systemctl stop postfix.service
  • systemctl status postfix.service

Config of Postfix

  • /etc/postfix/master.cf
  • /etc/postfix/main.cf

SSL Verschlüsselung

Install letsencrypt

0 */6 * * * /usr/bin/certbot renew --no-self-upgrade --pre-hook "systemctl stop postfix; systemctl stop dovecot" --post-hook "systemctl start postfix ; systemctl start dovecot"

master.cf changed

smtps     inet  n       -       y       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject

main.cf

smtpd_tls_cert_file = /etc/letsencrypt/live/yyy.tuxmen.de/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/yyy.tuxmen.de/privkey.pem
smtpd_tls_security_level = may
smtpd_tls_received_header = yes

Sasl2 over Dovecot

  • /etc/postfix/main.cf
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

Dovecot

Install

  • apt-get install dovecot-core dovecot-imapd

Config

  • /etc/dovecot/conf.d/10-ssl.conf
ssl = yes
ssl_cert = </etc/letsencrypt/live/yyy.tuxmen.de/fullchain.pem
ssl_key = </etc/letsencrypt/live/yyy.tuxmen.de/privkey.pem
  • /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir
  • /etc/dovecot/conf.d/10-master.conf
service auth {
  unix_listener auth-userdb {
    #mode = 0666
    #user = 
    #group = 
  }
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
  }
}

Restart

  • systemctl restart postfix
  • systemctl restart dovecot

Tables

mydestination = $myhostname, yaphit.tuxmen.de, localhost.tuxmen.de, localhost , hash:/etc/postfix/mydestinations
alias_maps = hash:/etc/aliases
transport_maps = hash:/etc/postfix/transport
relocated_maps = hash:/etc/postfix/relocated
virtual_maps = hash:/etc/postfix/virtual
sender_canonical_maps = hash:/etc/postfix/canonical

Checks

Abgerufen von „http://wiki.ixheim.de/index.php?title=Mailserver-Best-Practice&oldid=57005