特殊:Badtitle/NS100:PostfixVirtualMailBoxClamSmtpHowto:修订间差异
小无编辑摘要 |
小无编辑摘要 |
||
第1行: | 第1行: | ||
{{From|https://help.ubuntu.com/community/PostfixVirtualMailBoxClamSmtpHowto}} | {{From|https://help.ubuntu.com/community/PostfixVirtualMailBoxClamSmtpHowto}} | ||
{{Languages|UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto}} | {{Languages|UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto}} | ||
== Introduction == | == Introduction == | ||
In this setup you will be running a small to medium sized email server with Postfix virtual mailboxes for Separate domains and non-Linux Accounts. I do not intend teach you basic stuff with Postfix here. If you are new to Postfix please work on my PostfixBasicSetupHowto to understand basics and proceed with this howto. Also I will tell you howto integrate with ClamSMTP, an SMTP filter for Postfix and other mail servers that checks for viruses using the ClamAV anti-virus software. It aims to be lightweight, reliable, and simple and easy to configure | In this setup you will be running a small to medium sized email server with Postfix virtual mailboxes for Separate domains and non-Linux Accounts. I do not intend teach you basic stuff with Postfix here. If you are new to Postfix please work on my PostfixBasicSetupHowto to understand basics and proceed with this howto. Also I will tell you howto integrate with ClamSMTP, an SMTP filter for Postfix and other mail servers that checks for viruses using the ClamAV anti-virus software. It aims to be lightweight, reliable, and simple and easy to configure | ||
== Example Setup == | == Example Setup == | ||
In this howto I assume that your are going to host mails for two example domains. Namely '''domain1.com''' and '''domain2.com'''. Be ready to replace these with your actual domains. | In this howto I assume that your are going to host mails for two example domains. Namely '''domain1.com''' and '''domain2.com'''. Be ready to replace these with your actual domains. | ||
== Install Postfix == | == Install Postfix == | ||
'''To install postfix''' | '''To install postfix''' | ||
Install the <code><nowiki>postfix</nowiki></code> package. | Install the <code><nowiki>postfix</nowiki></code> package. | ||
Install <code><nowiki>mailx</nowiki></code> package for use as command line '''mail''' utility program. | Install <code><nowiki>mailx</nowiki></code> package for use as command line '''mail''' utility program. | ||
== Setting Postfix Support for Maildir-style Mailboxes == | == Setting Postfix Support for Maildir-style Mailboxes == | ||
Maildir is a format for an e-mail spool that does not require file locking to maintain message integrity because the messages are kept in separate files with unique names. A Maildir is a directory (often named Maildir) with three subdirectories named tmp, new, and cur. The subdirectories should all reside on the same filesystem. | Maildir is a format for an e-mail spool that does not require file locking to maintain message integrity because the messages are kept in separate files with unique names. A Maildir is a directory (often named Maildir) with three subdirectories named tmp, new, and cur. The subdirectories should all reside on the same filesystem. | ||
Please find out more about Maildir [http://en.wikipedia.org/wiki/Maildir here] | Please find out more about Maildir [http://en.wikipedia.org/wiki/Maildir here] | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo vi /etc/postfix/main.cf | sudo vi /etc/postfix/main.cf | ||
</nowiki></pre> | </nowiki></pre> | ||
Add the following code segment: | Add the following code segment: | ||
<pre><nowiki> | <pre><nowiki> | ||
home_mailbox = Maildir/ | home_mailbox = Maildir/ | ||
</nowiki></pre> | </nowiki></pre> | ||
Remove the Line <code><nowiki> mailbox_command = procmail -a "$EXTENSION"</nowiki></code>. We are not going to use it. | Remove the Line <code><nowiki> mailbox_command = procmail -a "$EXTENSION"</nowiki></code>. We are not going to use it. | ||
'''Restart Postfix''' to make changes effect. | '''Restart Postfix''' to make changes effect. | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo /etc/init.d/postfix restart | sudo /etc/init.d/postfix restart | ||
</nowiki></pre> | </nowiki></pre> | ||
== Postfix virtual Mailboxes for Separate Domains and Non-Linux Accounts == | == Postfix virtual Mailboxes for Separate Domains and Non-Linux Accounts == | ||
As a system hosts more and more domains and users, it becomes less desirable to give every user their own Linux system account. | As a system hosts more and more domains and users, it becomes less desirable to give every user their own Linux system account. | ||
With the Postfix virtual mailbox delivery agent, every recipient address can have its own virtual mailbox. Unlike virtual alias domains, virtual mailbox domains do not need the translation from each recipient addresses into a different address, and owners of a virtual mailbox address do not need to have a Linux system account. | With the Postfix virtual mailbox delivery agent, every recipient address can have its own virtual mailbox. Unlike virtual alias domains, virtual mailbox domains do not need the translation from each recipient addresses into a different address, and owners of a virtual mailbox address do not need to have a Linux system account. | ||
The Postfix virtual mailbox delivery agent looks up the user mailbox pathname, uid and gid via separate tables that are searched with the recipient's mail address. '''Maildir''' style delivery is turned on by terminating the mailbox pathname with "/". | The Postfix virtual mailbox delivery agent looks up the user mailbox pathname, uid and gid via separate tables that are searched with the recipient's mail address. '''Maildir''' style delivery is turned on by terminating the mailbox pathname with "/". | ||
Look at the following figure and it will be our directory structure for mailboxes. | Look at the following figure and it will be our directory structure for mailboxes. | ||
https://help.ubuntu.com/community/PostfixVirtualMailBoxClamSmtpHowto?action=AttachFile&do=get&target=VhostsDomains.png | https://help.ubuntu.com/community/PostfixVirtualMailBoxClamSmtpHowto?action=AttachFile&do=get&target=VhostsDomains.png | ||
I suggest you to transfer all domains into virtual mailboxes. Even if you have setup postfix with one domain , we will make that domain a virtual domain. Actually you do not need to do this ,but doing this way you will have well organized mail system , and no need to avoid this. Having Postfix host one real domain and the rest virtual means that you will always need to configure Postfix twice: once for each type of domain. | I suggest you to transfer all domains into virtual mailboxes. Even if you have setup postfix with one domain , we will make that domain a virtual domain. Actually you do not need to do this ,but doing this way you will have well organized mail system , and no need to avoid this. Having Postfix host one real domain and the rest virtual means that you will always need to configure Postfix twice: once for each type of domain. | ||
To do that, let's change our <code><nowiki>myhostname</nowiki></code> line in main.cf to read: | To do that, let's change our <code><nowiki>myhostname</nowiki></code> line in main.cf to read: | ||
<pre><nowiki> | <pre><nowiki> | ||
myhostname = localhost | myhostname = localhost | ||
</nowiki></pre> | </nowiki></pre> | ||
=== Create Virtual Mailbox Owner === | === Create Virtual Mailbox Owner === | ||
In our setup all virtual mailboxes are owned by a fixed uid and gid 5000. If this is not what you want, specify lookup tables that are searched by the recipient's mail address. | In our setup all virtual mailboxes are owned by a fixed uid and gid 5000. If this is not what you want, specify lookup tables that are searched by the recipient's mail address. | ||
'''To create virtual mailbox group:''' | '''To create virtual mailbox group:''' | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo groupadd -g 5000 vmail | sudo groupadd -g 5000 vmail | ||
</nowiki></pre> | </nowiki></pre> | ||
'''To create virtual mailbox owner:''' | '''To create virtual mailbox owner:''' | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo useradd -m -u 5000 -g 5000 -s /bin/bash vmail | sudo useradd -m -u 5000 -g 5000 -s /bin/bash vmail | ||
</nowiki></pre> | </nowiki></pre> | ||
Open <code><nowiki>main.cf</nowiki></code> | Open <code><nowiki>main.cf</nowiki></code> | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo vi /etc/postfix/main.cf | sudo vi /etc/postfix/main.cf | ||
</nowiki></pre> | </nowiki></pre> | ||
=== Setup Postfix to Use Virtual Mailboxes === | === Setup Postfix to Use Virtual Mailboxes === | ||
Then add the following code segment to <code><nowiki>main.cf</nowiki></code> | Then add the following code segment to <code><nowiki>main.cf</nowiki></code> | ||
<pre><nowiki> | <pre><nowiki> | ||
第97行: | 第59行: | ||
virtual_gid_maps = static:5000 | virtual_gid_maps = static:5000 | ||
</nowiki></pre> | </nowiki></pre> | ||
In the first line, we're using a text file called vhosts. You can actually name this anything you want. Inside this text file will be a simple one-column list of all the domains you are hosting. For example, add your all domains there. | In the first line, we're using a text file called vhosts. You can actually name this anything you want. Inside this text file will be a simple one-column list of all the domains you are hosting. For example, add your all domains there. | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo vi /etc/postfix/vhosts | sudo vi /etc/postfix/vhosts | ||
</nowiki></pre> | </nowiki></pre> | ||
Add the the following codes: | Add the the following codes: | ||
<pre><nowiki> | <pre><nowiki> | ||
domain1.com | domain1.com | ||
domain2.com | domain2.com | ||
</nowiki></pre> | </nowiki></pre> | ||
This is my example use your own domains here. | This is my example use your own domains here. | ||
The next line <code><nowiki>virtual_mailbox_base</nowiki></code> specifies the base directory where we shall store all of our mail. Again, you can choose anything you want. In our case it will be our <code><nowiki>'''vmail'''</nowiki></code> owners's home directory <code><nowiki>/home/vmail</nowiki></code> | The next line <code><nowiki>virtual_mailbox_base</nowiki></code> specifies the base directory where we shall store all of our mail. Again, you can choose anything you want. In our case it will be our <code><nowiki>'''vmail'''</nowiki></code> owners's home directory <code><nowiki>/home/vmail</nowiki></code> | ||
The third line points to a text file I called <code><nowiki>'''vmaps'''</nowiki></code>. This is a two column text file. The first column specifies a virtual email address. The second column specifies that persons mailbox location. Just like with real domain hosting, if you specify a '''/''' at the end of the location, it becomes Maildir format. If not, it is mbox. Any way in this howto we use '''Maildir''' format. | The third line points to a text file I called <code><nowiki>'''vmaps'''</nowiki></code>. This is a two column text file. The first column specifies a virtual email address. The second column specifies that persons mailbox location. Just like with real domain hosting, if you specify a '''/''' at the end of the location, it becomes Maildir format. If not, it is mbox. Any way in this howto we use '''Maildir''' format. | ||
Setup this file as in this example: | Setup this file as in this example: | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo vi /etc/postfix/vmaps | sudo vi /etc/postfix/vmaps | ||
</nowiki></pre> | </nowiki></pre> | ||
Format of this file should look like: | Format of this file should look like: | ||
<pre><nowiki> | <pre><nowiki> | ||
[email protected] domain1.com/info/ | [email protected] domain1.com/info/ | ||
第132行: | 第82行: | ||
[email protected] domain2.com/sales/ | [email protected] domain2.com/sales/ | ||
</nowiki></pre> | </nowiki></pre> | ||
Convert vmaps into a hash file by running: | Convert vmaps into a hash file by running: | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo postmap /etc/postfix/vmaps | sudo postmap /etc/postfix/vmaps | ||
</nowiki></pre> | </nowiki></pre> | ||
Remember to execute the above command every time when you add new map. | Remember to execute the above command every time when you add new map. | ||
Restart Postfix to make changes effect. | Restart Postfix to make changes effect. | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo /etc/init.d/postfix restart | sudo /etc/init.d/postfix restart | ||
</nowiki></pre> | </nowiki></pre> | ||
My example config look like the following | My example config look like the following | ||
<pre><nowiki> | <pre><nowiki> | ||
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu/GNU) | smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu/GNU) | ||
biff = no | biff = no | ||
# appending .domain is the MUA's job. | # appending .domain is the MUA's job. | ||
append_dot_mydomain = no | append_dot_mydomain = no | ||
# Uncomment the next line to generate "delayed mail" warnings | # Uncomment the next line to generate "delayed mail" warnings | ||
#delay_warning_time = 4h | #delay_warning_time = 4h | ||
myhostname = localhost | myhostname = localhost | ||
alias_maps = hash:/etc/aliases | alias_maps = hash:/etc/aliases | ||
第176行: | 第115行: | ||
inet_interfaces = all | inet_interfaces = all | ||
</nowiki></pre> | </nowiki></pre> | ||
=== Test Virtual Mailbox Setup === | === Test Virtual Mailbox Setup === | ||
Remember that the directory structure for a particular user is create when you send he gets his firs mail. | Remember that the directory structure for a particular user is create when you send he gets his firs mail. | ||
Send a mail for [email protected] | Send a mail for [email protected] | ||
In a terminal you can type: | In a terminal you can type: | ||
<pre><nowiki> | <pre><nowiki> | ||
mail [email protected] | mail [email protected] | ||
</nowiki></pre> | </nowiki></pre> | ||
Check the mailbox | Check the mailbox | ||
<pre><nowiki> | <pre><nowiki> | ||
cd /home/vmail/domain1/info/new | cd /home/vmail/domain1/info/new | ||
ls | ls | ||
</nowiki></pre> | </nowiki></pre> | ||
You see a mail file there. If so, Cheers!!!, you have done it. | You see a mail file there. If so, Cheers!!!, you have done it. | ||
== Setup Non-Linux Accounts == | == Setup Non-Linux Accounts == | ||
Now it's time to work on the non-unix accounts. | Now it's time to work on the non-unix accounts. | ||
There are several popular techniques to do this using services such as OpenLDAP or MySQL and mixing that with Courier IMAP. We won't be using any of those. Instead, we're going to be using something much more simple: plain text files. | There are several popular techniques to do this using services such as OpenLDAP or MySQL and mixing that with Courier IMAP. We won't be using any of those. Instead, we're going to be using something much more simple: plain text files. | ||
In order to do this, we'll be using Dovecot. If you've never heard of it, you will now. '''Dovecot''' is extremely lightweight, flexible, and from what the author says, secure. | In order to do this, we'll be using Dovecot. If you've never heard of it, you will now. '''Dovecot''' is extremely lightweight, flexible, and from what the author says, secure. | ||
Remember the following command will install '''Dovecot''' but removes '''Courier IMAP/POP3''' which if you have installed already them. Take it easy ,let's continue to install it. | Remember the following command will install '''Dovecot''' but removes '''Courier IMAP/POP3''' which if you have installed already them. Take it easy ,let's continue to install it. | ||
=== Install Dovecot IMAP/POP3 server === | === Install Dovecot IMAP/POP3 server === | ||
Install the following packages: <code><nowiki>dovecot-common dovecot-imapd dovecot-pop3d</nowiki></code> | Install the following packages: <code><nowiki>dovecot-common dovecot-imapd dovecot-pop3d</nowiki></code> | ||
=== Configure Dovecot === | === Configure Dovecot === | ||
You need to setup the '''dovecot''' to work with our setup. If your are following my steps , the best is to backup your original dovecot config file and create a one for you getting a copy of my file which I will list here. | You need to setup the '''dovecot''' to work with our setup. If your are following my steps , the best is to backup your original dovecot config file and create a one for you getting a copy of my file which I will list here. | ||
Let's backup original config file: | Let's backup original config file: | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.orig | sudo mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.orig | ||
</nowiki></pre> | </nowiki></pre> | ||
Create a new config file and copy my config file into it: | Create a new config file and copy my config file into it: | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo vi /etc/dovecot/dovecot.conf | sudo vi /etc/dovecot/dovecot.conf | ||
</nowiki></pre> | </nowiki></pre> | ||
Copy the following code segment and save the file: | Copy the following code segment and save the file: | ||
<pre><nowiki> | <pre><nowiki> | ||
base_dir = /var/run/dovecot/ | base_dir = /var/run/dovecot/ | ||
第256行: | 第171行: | ||
auth_verbose = yes | auth_verbose = yes | ||
</nowiki></pre> | </nowiki></pre> | ||
---- | ---- | ||
'''Note:''' | '''Note:''' | ||
If you are using/testing with Dapper Drake (Ubuntu 6.06), please use [https://wiki.ubuntu.com/DovecotDapperConf Dovecot config file for Dapper ] | If you are using/testing with Dapper Drake (Ubuntu 6.06), please use [https://wiki.ubuntu.com/DovecotDapperConf Dovecot config file for Dapper ] | ||
---- | ---- | ||
Most of the above config lines are pretty self-explanatory . Few of them I need to explain for your understanding. | Most of the above config lines are pretty self-explanatory . Few of them I need to explain for your understanding. | ||
* The line '''"default_mail_env = maildir:/home/vmail/%d/%n"''' is particularly important. In our virtual hosting set up, the way we distinguish one user from another is to have them log in with their full email address. For example, when the email account is '''"[email protected]"''', Dovecot does some guessing on its end with your user name. If it just sees something like '''"info"''', it set's a variable called '''"%n"'''to '''"info"'''. If it sees '''"[email protected]"''', it will split it up and set '''"%d"''' to '''domain1.com''' and '''"%n"''' to '''"info"'''. Going off of that, if we replace the variables in this line , we get something like: '''maildir:/home/vmail/domain1.com/info''' | * The line '''"default_mail_env = maildir:/home/vmail/%d/%n"''' is particularly important. In our virtual hosting set up, the way we distinguish one user from another is to have them log in with their full email address. For example, when the email account is '''"[email protected]"''', Dovecot does some guessing on its end with your user name. If it just sees something like '''"info"''', it set's a variable called '''"%n"'''to '''"info"'''. If it sees '''"[email protected]"''', it will split it up and set '''"%d"''' to '''domain1.com''' and '''"%n"''' to '''"info"'''. Going off of that, if we replace the variables in this line , we get something like: '''maildir:/home/vmail/domain1.com/info''' | ||
* The lines '''"auth_userdb == passwd-file /etc/dovecot/users"''' and '''"auth_passdb == passwd-file /etc/dovecot/passwd"''' are similar /etc/passwd and /etc/shadow file. | * The lines '''"auth_userdb == passwd-file /etc/dovecot/users"''' and '''"auth_passdb == passwd-file /etc/dovecot/passwd"''' are similar /etc/passwd and /etc/shadow file. | ||
'''The format of these files goes like this:''' | '''The format of these files goes like this:''' | ||
:: | :: | ||
<pre><nowiki> | <pre><nowiki> | ||
/etc/dovecot/users: | /etc/dovecot/users: | ||
[email protected]::5000:5000::/home/vmail/domain1.com/:/bin/false:: | [email protected]::5000:5000::/home/vmail/domain1.com/:/bin/false:: | ||
</nowiki></pre> | </nowiki></pre> | ||
<pre><nowiki> | <pre><nowiki> | ||
/etc/dovecot/passwd: | /etc/dovecot/passwd: | ||
[email protected]:$1$G/FqlOG5$Vj0xmc9fKY.UVr8OWr/7C1 | [email protected]:$1$G/FqlOG5$Vj0xmc9fKY.UVr8OWr/7C1 | ||
</nowiki></pre> | </nowiki></pre> | ||
The 5000:5000 corresponds to the '''uid''' and '''gid''' of the "virtual" called '''vmail''' who owns all the mailboxes in the system . The home directory includes everything but the word before the @ in the email address. | The 5000:5000 corresponds to the '''uid''' and '''gid''' of the "virtual" called '''vmail''' who owns all the mailboxes in the system . The home directory includes everything but the word before the @ in the email address. | ||
=== Create Dovecot Users === | === Create Dovecot Users === | ||
There are no commands like '''useradd''' and '''passwd''' to add users and passwords for our mail system. I will provide small and quick solution with a bash script. Drawback of my system is that it can not delete users, but you can delete them manually opening the files with '''vi''' like ASCII text editor. | There are no commands like '''useradd''' and '''passwd''' to add users and passwords for our mail system. I will provide small and quick solution with a bash script. Drawback of my system is that it can not delete users, but you can delete them manually opening the files with '''vi''' like ASCII text editor. | ||
==== Script to Add Users ==== | ==== Script to Add Users ==== | ||
Create file: | Create file: | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo vi /usr/sbin/adddovecotuser | sudo vi /usr/sbin/adddovecotuser | ||
</nowiki></pre> | </nowiki></pre> | ||
Add the following code segment and save the file: | Add the following code segment and save the file: | ||
<pre><nowiki> | <pre><nowiki> | ||
#!/bin/bash | #!/bin/bash | ||
第304行: | 第203行: | ||
domain=`cat /tmp/user | cut -f2 -d "@"` | domain=`cat /tmp/user | cut -f2 -d "@"` | ||
echo "$user@$domain::5000:5000::/home/vmail/$domain/:/bin/false::" >> /etc/dovecot/users | echo "$user@$domain::5000:5000::/home/vmail/$domain/:/bin/false::" >> /etc/dovecot/users | ||
# Create the needed Maildir directories | # Create the needed Maildir directories | ||
/usr/bin/maildirmake.dovecot /home/vmail/$domain/$user 5000:5000 | /usr/bin/maildirmake.dovecot /home/vmail/$domain/$user 5000:5000 | ||
# To add user to Postfix virtual map file and relode Postfix | # To add user to Postfix virtual map file and relode Postfix | ||
echo $1 $domain/$user/ >> /etc/postfix/vmaps | echo $1 $domain/$user/ >> /etc/postfix/vmaps | ||
postmap /etc/postfix/vmaps | postmap /etc/postfix/vmaps | ||
postfix reload | postfix reload | ||
</nowiki></pre> | </nowiki></pre> | ||
Make the file executable: | Make the file executable: | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo chmod +x /usr/sbin/adddovecotuser | sudo chmod +x /usr/sbin/adddovecotuser | ||
</nowiki></pre> | </nowiki></pre> | ||
Add a user like this: | Add a user like this: | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo adddovecotuser [email protected] | sudo adddovecotuser [email protected] | ||
</nowiki></pre> | </nowiki></pre> | ||
==== Script to Set Passwords ==== | ==== Script to Set Passwords ==== | ||
First, make sure you have 'mkpasswd' installed: | First, make sure you have 'mkpasswd' installed: | ||
<pre><nowiki> | <pre><nowiki> | ||
which mkpasswd | which mkpasswd | ||
</nowiki></pre> | </nowiki></pre> | ||
This is not installed by default, and since mkpasswd comes with the 'whois' package, | This is not installed by default, and since mkpasswd comes with the 'whois' package, | ||
you may have to install this first: | you may have to install this first: | ||
第339行: | 第228行: | ||
sudo apt-get install whois | sudo apt-get install whois | ||
</nowiki></pre> | </nowiki></pre> | ||
Create file: | Create file: | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo vi /usr/sbin/mkdovecotpasswd | sudo vi /usr/sbin/mkdovecotpasswd | ||
</nowiki></pre> | </nowiki></pre> | ||
Add the following code segment and save the file: | Add the following code segment and save the file: | ||
<pre><nowiki> | <pre><nowiki> | ||
#!/bin/bash | #!/bin/bash | ||
第353行: | 第238行: | ||
echo "$1:`cat /tmp/hash`" >> /etc/dovecot/passwd | echo "$1:`cat /tmp/hash`" >> /etc/dovecot/passwd | ||
</nowiki></pre> | </nowiki></pre> | ||
Make the file executable: | Make the file executable: | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo chmod +x /usr/sbin/mkdovecotpasswd | sudo chmod +x /usr/sbin/mkdovecotpasswd | ||
</nowiki></pre> | </nowiki></pre> | ||
Add a user like this: | Add a user like this: | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo mkdovecotpasswd [email protected] password | sudo mkdovecotpasswd [email protected] password | ||
</nowiki></pre> | </nowiki></pre> | ||
Replace '''password''' with a good password | Replace '''password''' with a good password | ||
Restart Dovecot to make changes effect | Restart Dovecot to make changes effect | ||
Let's remove world readable permission from password file for security: | Let's remove world readable permission from password file for security: | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo chmod 640 /etc/dovecot/passwd | sudo chmod 640 /etc/dovecot/passwd | ||
</nowiki></pre> | </nowiki></pre> | ||
To start Devecot for the first time | To start Devecot for the first time | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo /etc/init.d/dovecot start | sudo /etc/init.d/dovecot start | ||
</nowiki></pre> | </nowiki></pre> | ||
== Testing Your Setup == | == Testing Your Setup == | ||
Let's test our system before going production | Let's test our system before going production | ||
=== Testing Dovecot POP3 Server === | === Testing Dovecot POP3 Server === | ||
Type in a terminal | Type in a terminal | ||
<pre><nowiki> | <pre><nowiki> | ||
telnet mail.domain1.com 110 | telnet mail.domain1.com 110 | ||
</nowiki></pre> | </nowiki></pre> | ||
An output like the following will display in your terminal | An output like the following will display in your terminal | ||
<pre><nowiki> | <pre><nowiki> | ||
Trying 69.60.109.217... | Trying 69.60.109.217... | ||
第402行: | 第270行: | ||
+OK dovecot ready. | +OK dovecot ready. | ||
</nowiki></pre> | </nowiki></pre> | ||
Type the following code segment in the prompt provided by the Dovecot POP3 server | Type the following code segment in the prompt provided by the Dovecot POP3 server | ||
<pre><nowiki> | <pre><nowiki> | ||
第409行: | 第276行: | ||
quit | quit | ||
</nowiki></pre> | </nowiki></pre> | ||
Final output should be something like this | Final output should be something like this | ||
<pre><nowiki> | <pre><nowiki> | ||
Trying 69.60.109.217... | Trying 69.60.109.217... | ||
第423行: | 第288行: | ||
quit | quit | ||
+OK Logging out. | +OK Logging out. | ||
</nowiki></pre> | </nowiki></pre> | ||
=== Testing Dovecot IMAP Server === | === Testing Dovecot IMAP Server === | ||
Type in a terminal | Type in a terminal | ||
<pre><nowiki> | <pre><nowiki> | ||
telnet mail.domain1.com 143 | telnet mail.domain1.com 143 | ||
</nowiki></pre> | </nowiki></pre> | ||
An output like the following will display in your terminal | An output like the following will display in your terminal | ||
<pre><nowiki> | <pre><nowiki> | ||
Trying 69.60.109.217... | Trying 69.60.109.217... | ||
第442行: | 第301行: | ||
+OK dovecot ready. | +OK dovecot ready. | ||
</nowiki></pre> | </nowiki></pre> | ||
Type the following code segment in the prompt provided by the Dovecot IMAP server. | Type the following code segment in the prompt provided by the Dovecot IMAP server. | ||
<pre><nowiki> | <pre><nowiki> | ||
第448行: | 第306行: | ||
a logout | a logout | ||
</nowiki></pre> | </nowiki></pre> | ||
Final output should be something like this | Final output should be something like this | ||
<pre><nowiki> | <pre><nowiki> | ||
Trying 69.60.109.217... | Trying 69.60.109.217... | ||
第462行: | 第318行: | ||
a OK Logout completed. | a OK Logout completed. | ||
</nowiki></pre> | </nowiki></pre> | ||
== ClamSMTP SMTP Virus Filter == | == ClamSMTP SMTP Virus Filter == | ||
ClamSMTP is an SMTP filter that allows you to check for viruses using the ClamAV anti-virus software. It accepts SMTP connections and forwards the SMTP commands and responses to another SMTP server. The 'DATA' email body is intercepted and scanned before forwarding. | ClamSMTP is an SMTP filter that allows you to check for viruses using the ClamAV anti-virus software. It accepts SMTP connections and forwards the SMTP commands and responses to another SMTP server. The 'DATA' email body is intercepted and scanned before forwarding. | ||
ClamSMTP aims to be lightweight, reliable, and simple rather than have a myriad of options. It's written in C without major dependencies. | ClamSMTP aims to be lightweight, reliable, and simple rather than have a myriad of options. It's written in C without major dependencies. | ||
ClamSMTP can also be used as a transparent proxy to filter an entire network's SMTP traffic at the router. | ClamSMTP can also be used as a transparent proxy to filter an entire network's SMTP traffic at the router. | ||
=== Installing ClamAV === | === Installing ClamAV === | ||
We need ClamAV daemon to work with ClamSMTP. Let's install ClamAV first, with the following packages: <code><nowiki>clamav-daemon clamav</nowiki></code> | We need ClamAV daemon to work with ClamSMTP. Let's install ClamAV first, with the following packages: <code><nowiki>clamav-daemon clamav</nowiki></code> | ||
=== Installing ClamSMTP === | === Installing ClamSMTP === | ||
You need to install the <code><nowiki>clamsmtp</nowiki></code> package. | You need to install the <code><nowiki>clamsmtp</nowiki></code> package. | ||
=== Setting Postfix to use ClamSMTP === | === Setting Postfix to use ClamSMTP === | ||
Postfix supports filtering mail through a filter that acts like an SMTP server. | Postfix supports filtering mail through a filter that acts like an SMTP server. | ||
Put the following lines in your Postfix main.cf file: | Put the following lines in your Postfix main.cf file: | ||
Open the file: | Open the file: | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo vi /etc/postfix/main.cf | sudo vi /etc/postfix/main.cf | ||
</nowiki></pre> | </nowiki></pre> | ||
If you have doubt where to add the codes look at my example [https://wiki.ubuntu.com/PostfixClamSmtpMainCf main.cf] file | If you have doubt where to add the codes look at my example [https://wiki.ubuntu.com/PostfixClamSmtpMainCf main.cf] file | ||
Add the codes: | Add the codes: | ||
<pre><nowiki> | <pre><nowiki> | ||
content_filter = scan:127.0.0.1:10026 | content_filter = scan:127.0.0.1:10026 | ||
receive_override_options = no_address_mappings | receive_override_options = no_address_mappings | ||
</nowiki></pre> | </nowiki></pre> | ||
The '''content_filter''' tells Postfix to send all mail through the service called 'scan' on '''port 10026'''. We'll set up clamsmtpd to listen on this port later. | The '''content_filter''' tells Postfix to send all mail through the service called 'scan' on '''port 10026'''. We'll set up clamsmtpd to listen on this port later. | ||
Next we add the following to the Postfix master.cf file: | Next we add the following to the Postfix master.cf file: | ||
Open the file: | Open the file: | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo vi /etc/postfix/master.cf | sudo vi /etc/postfix/master.cf | ||
</nowiki></pre> | </nowiki></pre> | ||
If you have doubt where to add the codes look at my example [https://wiki.ubuntu.com/PostfixClamSmtpMasterCf master.cf] file | If you have doubt where to add the codes look at my example [https://wiki.ubuntu.com/PostfixClamSmtpMasterCf master.cf] file | ||
Add the codes: | Add the codes: | ||
<pre><nowiki> | <pre><nowiki> | ||
# AV scan filter (used by content_filter) | # AV scan filter (used by content_filter) | ||
第528行: | 第362行: | ||
-o smtpd_authorized_xforward_hosts=127.0.0.0/8 | -o smtpd_authorized_xforward_hosts=127.0.0.0/8 | ||
</nowiki></pre> | </nowiki></pre> | ||
Make sure there's no spaces around the equal signs or commas in the text you added. Best way is to copy and my codes here. | Make sure there's no spaces around the equal signs or commas in the text you added. Best way is to copy and my codes here. | ||
The first 2 lines create the '''scan''' service. The rest set up a service for accepting mail back into postfix. All the options prevent a mail loop as well as relax address checking and the like, since that's already been done. | The first 2 lines create the '''scan''' service. The rest set up a service for accepting mail back into postfix. All the options prevent a mail loop as well as relax address checking and the like, since that's already been done. | ||
Make sure to run it as the same user as you run clamd or they'll have problems accessing each other's temporary files. You can use the the following accomplish | Make sure to run it as the same user as you run clamd or they'll have problems accessing each other's temporary files. You can use the the following accomplish | ||
that. | that. | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo adduser clamsmtp clamav | sudo adduser clamsmtp clamav | ||
</nowiki></pre> | </nowiki></pre> | ||
Restart Postfix, ClamSMTP, and ClamAV Daemon to make your changes effect: | Restart Postfix, ClamSMTP, and ClamAV Daemon to make your changes effect: | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo /etc/init.d/postfix restart | sudo /etc/init.d/postfix restart | ||
第549行: | 第375行: | ||
sudo /etc/init.d/clamav-daemon restart | sudo /etc/init.d/clamav-daemon restart | ||
</nowiki></pre> | </nowiki></pre> | ||
== Test ClamSMTP for outgoing mail == | == Test ClamSMTP for outgoing mail == | ||
We need to test the our outgoing mail for viruses. Best way is to download '''eicar''' test virus and attach to a mail and send. Let's do it. | We need to test the our outgoing mail for viruses. Best way is to download '''eicar''' test virus and attach to a mail and send. Let's do it. | ||
Download eicar to you home directory: | Download eicar to you home directory: | ||
<pre><nowiki> | <pre><nowiki> | ||
wget http://eicar.org/download/eicar_com.zip | wget http://eicar.org/download/eicar_com.zip | ||
</nowiki></pre> | </nowiki></pre> | ||
Send this file as an attachment to '''[email protected]''' | Send this file as an attachment to '''[email protected]''' | ||
Then check your '''mail.log''' file: | Then check your '''mail.log''' file: | ||
<pre><nowiki> | <pre><nowiki> | ||
tail /var/log/mail.log | tail /var/log/mail.log | ||
</nowiki></pre> | </nowiki></pre> | ||
You should see something like in your log file. | You should see something like in your log file. | ||
<pre><nowiki> | <pre><nowiki> | ||
Mar 8 17:12:02 localhost clamsmtpd: 100004: [email protected], [email protected], status=VIRUS:Eicar-Test-Signature | Mar 8 17:12:02 localhost clamsmtpd: 100004: [email protected], [email protected], status=VIRUS:Eicar-Test-Signature | ||
Mar 8 17:12:02 localhost postfix/smtp[15634]: 4A6C852110: to=<[email protected]>, relay=127.0.0.1[127.0.0.1], delay=0, status=sent (250 Virus Detected; Discarded Email) | Mar 8 17:12:02 localhost postfix/smtp[15634]: 4A6C852110: to=<[email protected]>, relay=127.0.0.1[127.0.0.1], delay=0, status=sent (250 Virus Detected; Discarded Email) | ||
</nowiki></pre> | </nowiki></pre> | ||
== Test ClamSMTP for incoming Mail from the Internet == | == Test ClamSMTP for incoming Mail from the Internet == | ||
If you have an actual production mail server you can check your mail server for virus provided by [http://www.webmail.us/testvirus webmail.us]. They are sending you harmless test mails with the EICAR virus test signature. Also you can use [http://www.gfi.com/emailsecuritytest/ GFI Security Labs ] for further testing. | If you have an actual production mail server you can check your mail server for virus provided by [http://www.webmail.us/testvirus webmail.us]. They are sending you harmless test mails with the EICAR virus test signature. Also you can use [http://www.gfi.com/emailsecuritytest/ GFI Security Labs ] for further testing. | ||
== Final thoughts == | == Final thoughts == | ||
As I said in the beginning this setup is for a small/medium scale company which has few hundred of mail accounts. This doesn't mean that this system is poorly performing. This setup can handle thousands of account with out any performance issue. What I say is here that we need something more manageable like MySQL/PostgreSQL backend for users, web-based virtual domain management, password modifications by users, etc in a extensible, scalable and robust manner. | As I said in the beginning this setup is for a small/medium scale company which has few hundred of mail accounts. This doesn't mean that this system is poorly performing. This setup can handle thousands of account with out any performance issue. What I say is here that we need something more manageable like MySQL/PostgreSQL backend for users, web-based virtual domain management, password modifications by users, etc in a extensible, scalable and robust manner. | ||
Hope I have done something for you and Ubuntu. | Hope I have done something for you and Ubuntu. | ||
Yet another howto by: ChinthakaDeshapriya. | Yet another howto by: ChinthakaDeshapriya. | ||
---- | ---- | ||
[[category:CategoryDocumentation]] | [[category:CategoryDocumentation]] | ||
[[category:UbuntuHelp]] | [[category:UbuntuHelp]] |
2007年11月30日 (五) 21:06的版本
文章出处: |
{{#if: | {{{2}}} | https://help.ubuntu.com/community/PostfixVirtualMailBoxClamSmtpHowto }} |
点击翻译: |
English {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/af | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|Afrikaans| [[::PostfixVirtualMailBoxClamSmtpHowto/af|Afrikaans]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/ar | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|العربية| [[::PostfixVirtualMailBoxClamSmtpHowto/ar|العربية]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/az | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|azərbaycanca| [[::PostfixVirtualMailBoxClamSmtpHowto/az|azərbaycanca]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/bcc | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|جهلسری بلوچی| [[::PostfixVirtualMailBoxClamSmtpHowto/bcc|جهلسری بلوچی]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/bg | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|български| [[::PostfixVirtualMailBoxClamSmtpHowto/bg|български]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/br | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|brezhoneg| [[::PostfixVirtualMailBoxClamSmtpHowto/br|brezhoneg]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/ca | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|català| [[::PostfixVirtualMailBoxClamSmtpHowto/ca|català]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/cs | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|čeština| [[::PostfixVirtualMailBoxClamSmtpHowto/cs|čeština]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/de | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|Deutsch| [[::PostfixVirtualMailBoxClamSmtpHowto/de|Deutsch]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/el | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|Ελληνικά| [[::PostfixVirtualMailBoxClamSmtpHowto/el|Ελληνικά]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/es | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|español| [[::PostfixVirtualMailBoxClamSmtpHowto/es|español]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/fa | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|فارسی| [[::PostfixVirtualMailBoxClamSmtpHowto/fa|فارسی]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/fi | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|suomi| [[::PostfixVirtualMailBoxClamSmtpHowto/fi|suomi]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/fr | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|français| [[::PostfixVirtualMailBoxClamSmtpHowto/fr|français]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/gu | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|ગુજરાતી| [[::PostfixVirtualMailBoxClamSmtpHowto/gu|ગુજરાતી]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/he | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|עברית| [[::PostfixVirtualMailBoxClamSmtpHowto/he|עברית]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/hu | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|magyar| [[::PostfixVirtualMailBoxClamSmtpHowto/hu|magyar]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/id | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|Bahasa Indonesia| [[::PostfixVirtualMailBoxClamSmtpHowto/id|Bahasa Indonesia]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/it | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|italiano| [[::PostfixVirtualMailBoxClamSmtpHowto/it|italiano]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/ja | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|日本語| [[::PostfixVirtualMailBoxClamSmtpHowto/ja|日本語]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/ko | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|한국어| [[::PostfixVirtualMailBoxClamSmtpHowto/ko|한국어]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/ksh | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|Ripoarisch| [[::PostfixVirtualMailBoxClamSmtpHowto/ksh|Ripoarisch]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/mr | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|मराठी| [[::PostfixVirtualMailBoxClamSmtpHowto/mr|मराठी]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/ms | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|Bahasa Melayu| [[::PostfixVirtualMailBoxClamSmtpHowto/ms|Bahasa Melayu]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/nl | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|Nederlands| [[::PostfixVirtualMailBoxClamSmtpHowto/nl|Nederlands]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/no | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|norsk| [[::PostfixVirtualMailBoxClamSmtpHowto/no|norsk]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/oc | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|occitan| [[::PostfixVirtualMailBoxClamSmtpHowto/oc|occitan]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/pl | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|polski| [[::PostfixVirtualMailBoxClamSmtpHowto/pl|polski]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/pt | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|português| [[::PostfixVirtualMailBoxClamSmtpHowto/pt|português]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/ro | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|română| [[::PostfixVirtualMailBoxClamSmtpHowto/ro|română]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/ru | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|русский| [[::PostfixVirtualMailBoxClamSmtpHowto/ru|русский]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/si | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|සිංහල| [[::PostfixVirtualMailBoxClamSmtpHowto/si|සිංහල]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/sq | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|shqip| [[::PostfixVirtualMailBoxClamSmtpHowto/sq|shqip]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/sr | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|српски / srpski| [[::PostfixVirtualMailBoxClamSmtpHowto/sr|српски / srpski]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/sv | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|svenska| [[::PostfixVirtualMailBoxClamSmtpHowto/sv|svenska]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/th | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|ไทย| [[::PostfixVirtualMailBoxClamSmtpHowto/th|ไทย]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/tr | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|Türkçe| [[::PostfixVirtualMailBoxClamSmtpHowto/tr|Türkçe]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/vi | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|Tiếng Việt| [[::PostfixVirtualMailBoxClamSmtpHowto/vi|Tiếng Việt]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/yue | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|粵語| [[::PostfixVirtualMailBoxClamSmtpHowto/yue|粵語]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/zh | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|中文| [[::PostfixVirtualMailBoxClamSmtpHowto/zh|中文]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/zh-hans | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|中文(简体)| [[::PostfixVirtualMailBoxClamSmtpHowto/zh-hans|中文(简体)]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto | {{#if: | :}}PostfixVirtualMailBoxClamSmtpHowto}}/zh-hant | • {{#if: UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|中文(繁體)| [[::PostfixVirtualMailBoxClamSmtpHowto/zh-hant|中文(繁體)]]}}|}} |
{{#ifeq:UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto|:PostfixVirtualMailBoxClamSmtpHowto|请不要直接编辑翻译本页,本页将定期与来源同步。}} |
{{#ifexist: :PostfixVirtualMailBoxClamSmtpHowto/zh | | {{#ifexist: PostfixVirtualMailBoxClamSmtpHowto/zh | | {{#ifeq: {{#titleparts:PostfixVirtualMailBoxClamSmtpHowto|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:PostfixVirtualMailBoxClamSmtpHowto|1|-1|}} | zh | | }}
Introduction
In this setup you will be running a small to medium sized email server with Postfix virtual mailboxes for Separate domains and non-Linux Accounts. I do not intend teach you basic stuff with Postfix here. If you are new to Postfix please work on my PostfixBasicSetupHowto to understand basics and proceed with this howto. Also I will tell you howto integrate with ClamSMTP, an SMTP filter for Postfix and other mail servers that checks for viruses using the ClamAV anti-virus software. It aims to be lightweight, reliable, and simple and easy to configure
Example Setup
In this howto I assume that your are going to host mails for two example domains. Namely domain1.com and domain2.com. Be ready to replace these with your actual domains.
Install Postfix
To install postfix
Install the postfix
package.
Install mailx
package for use as command line mail utility program.
Setting Postfix Support for Maildir-style Mailboxes
Maildir is a format for an e-mail spool that does not require file locking to maintain message integrity because the messages are kept in separate files with unique names. A Maildir is a directory (often named Maildir) with three subdirectories named tmp, new, and cur. The subdirectories should all reside on the same filesystem. Please find out more about Maildir here
sudo vi /etc/postfix/main.cf
Add the following code segment:
home_mailbox = Maildir/
Remove the Line mailbox_command = procmail -a "$EXTENSION"
. We are not going to use it.
Restart Postfix to make changes effect.
sudo /etc/init.d/postfix restart
Postfix virtual Mailboxes for Separate Domains and Non-Linux Accounts
As a system hosts more and more domains and users, it becomes less desirable to give every user their own Linux system account.
With the Postfix virtual mailbox delivery agent, every recipient address can have its own virtual mailbox. Unlike virtual alias domains, virtual mailbox domains do not need the translation from each recipient addresses into a different address, and owners of a virtual mailbox address do not need to have a Linux system account.
The Postfix virtual mailbox delivery agent looks up the user mailbox pathname, uid and gid via separate tables that are searched with the recipient's mail address. Maildir style delivery is turned on by terminating the mailbox pathname with "/".
Look at the following figure and it will be our directory structure for mailboxes.
I suggest you to transfer all domains into virtual mailboxes. Even if you have setup postfix with one domain , we will make that domain a virtual domain. Actually you do not need to do this ,but doing this way you will have well organized mail system , and no need to avoid this. Having Postfix host one real domain and the rest virtual means that you will always need to configure Postfix twice: once for each type of domain.
To do that, let's change our myhostname
line in main.cf to read:
myhostname = localhost
Create Virtual Mailbox Owner
In our setup all virtual mailboxes are owned by a fixed uid and gid 5000. If this is not what you want, specify lookup tables that are searched by the recipient's mail address. To create virtual mailbox group:
sudo groupadd -g 5000 vmail
To create virtual mailbox owner:
sudo useradd -m -u 5000 -g 5000 -s /bin/bash vmail
Open main.cf
sudo vi /etc/postfix/main.cf
Setup Postfix to Use Virtual Mailboxes
Then add the following code segment to main.cf
virtual_mailbox_domains = /etc/postfix/vhosts virtual_mailbox_base = /home/vmail virtual_mailbox_maps = hash:/etc/postfix/vmaps virtual_minimum_uid = 1000 virtual_uid_maps = static:5000 virtual_gid_maps = static:5000
In the first line, we're using a text file called vhosts. You can actually name this anything you want. Inside this text file will be a simple one-column list of all the domains you are hosting. For example, add your all domains there.
sudo vi /etc/postfix/vhosts
Add the the following codes:
domain1.com domain2.com
This is my example use your own domains here.
The next line virtual_mailbox_base
specifies the base directory where we shall store all of our mail. Again, you can choose anything you want. In our case it will be our '''vmail'''
owners's home directory /home/vmail
The third line points to a text file I called '''vmaps'''
. This is a two column text file. The first column specifies a virtual email address. The second column specifies that persons mailbox location. Just like with real domain hosting, if you specify a / at the end of the location, it becomes Maildir format. If not, it is mbox. Any way in this howto we use Maildir format.
Setup this file as in this example:
sudo vi /etc/postfix/vmaps
Format of this file should look like:
[email protected] domain1.com/info/ [email protected] domain1.com/sales/ [email protected] domain2.com/info/ [email protected] domain2.com/sales/
Convert vmaps into a hash file by running:
sudo postmap /etc/postfix/vmaps
Remember to execute the above command every time when you add new map. Restart Postfix to make changes effect.
sudo /etc/init.d/postfix restart
My example config look like the following
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h myhostname = localhost alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = $myhostname mynetworks = 127.0.0.0/8, 10.0.0.0/24 mailbox_size_limit = 0 home_mailbox = Maildir/ virtual_mailbox_domains = /etc/postfix/vhosts virtual_mailbox_base = /home/vmail virtual_mailbox_maps = hash:/etc/postfix/vmaps virtual_minimum_uid = 1000 virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 recipient_delimiter = + inet_interfaces = all
Test Virtual Mailbox Setup
Remember that the directory structure for a particular user is create when you send he gets his firs mail. Send a mail for [email protected] In a terminal you can type:
mail [email protected]
Check the mailbox
cd /home/vmail/domain1/info/new ls
You see a mail file there. If so, Cheers!!!, you have done it.
Setup Non-Linux Accounts
Now it's time to work on the non-unix accounts. There are several popular techniques to do this using services such as OpenLDAP or MySQL and mixing that with Courier IMAP. We won't be using any of those. Instead, we're going to be using something much more simple: plain text files. In order to do this, we'll be using Dovecot. If you've never heard of it, you will now. Dovecot is extremely lightweight, flexible, and from what the author says, secure. Remember the following command will install Dovecot but removes Courier IMAP/POP3 which if you have installed already them. Take it easy ,let's continue to install it.
Install Dovecot IMAP/POP3 server
Install the following packages: dovecot-common dovecot-imapd dovecot-pop3d
Configure Dovecot
You need to setup the dovecot to work with our setup. If your are following my steps , the best is to backup your original dovecot config file and create a one for you getting a copy of my file which I will list here. Let's backup original config file:
sudo mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.orig
Create a new config file and copy my config file into it:
sudo vi /etc/dovecot/dovecot.conf
Copy the following code segment and save the file:
base_dir = /var/run/dovecot/ protocols = imap pop3 log_path = /var/log/dovecot info_log_path = /var/log/dovecot.info login_dir = /var/run/dovecot/login login_chroot = yes login = imap login_executable = /usr/lib/dovecot/imap-login login_user = dovecot login = pop3 login_executable = /usr/lib/dovecot/pop3-login valid_chroot_dirs = /var/spool/vmail default_mail_env = maildir:/home/vmail/%d/%n imap_executable = /usr/lib/dovecot/imap pop3_executable = /usr/lib/dovecot/pop3 auth = default disable_plaintext_auth = no auth_mechanisms = plain digest-md5 auth_userdb = passwd-file /etc/dovecot/users auth_passdb = passwd-file /etc/dovecot/passwd auth_executable = /usr/lib/dovecot/dovecot-auth auth_user = root auth_verbose = yes
Note: If you are using/testing with Dapper Drake (Ubuntu 6.06), please use Dovecot config file for Dapper
Most of the above config lines are pretty self-explanatory . Few of them I need to explain for your understanding.
- The line "default_mail_env = maildir:/home/vmail/%d/%n" is particularly important. In our virtual hosting set up, the way we distinguish one user from another is to have them log in with their full email address. For example, when the email account is "[email protected]", Dovecot does some guessing on its end with your user name. If it just sees something like "info", it set's a variable called "%n"to "info". If it sees "[email protected]", it will split it up and set "%d" to domain1.com and "%n" to "info". Going off of that, if we replace the variables in this line , we get something like: maildir:/home/vmail/domain1.com/info
- The lines "auth_userdb == passwd-file /etc/dovecot/users" and "auth_passdb == passwd-file /etc/dovecot/passwd" are similar /etc/passwd and /etc/shadow file.
The format of these files goes like this:
/etc/dovecot/users: [email protected]::5000:5000::/home/vmail/domain1.com/:/bin/false::
/etc/dovecot/passwd: [email protected]:$1$G/FqlOG5$Vj0xmc9fKY.UVr8OWr/7C1
The 5000:5000 corresponds to the uid and gid of the "virtual" called vmail who owns all the mailboxes in the system . The home directory includes everything but the word before the @ in the email address.
Create Dovecot Users
There are no commands like useradd and passwd to add users and passwords for our mail system. I will provide small and quick solution with a bash script. Drawback of my system is that it can not delete users, but you can delete them manually opening the files with vi like ASCII text editor.
Script to Add Users
Create file:
sudo vi /usr/sbin/adddovecotuser
Add the following code segment and save the file:
#!/bin/bash echo "$1" > /tmp/user user=`cat /tmp/user | cut -f1 -d "@"` domain=`cat /tmp/user | cut -f2 -d "@"` echo "$user@$domain::5000:5000::/home/vmail/$domain/:/bin/false::" >> /etc/dovecot/users # Create the needed Maildir directories /usr/bin/maildirmake.dovecot /home/vmail/$domain/$user 5000:5000 # To add user to Postfix virtual map file and relode Postfix echo $1 $domain/$user/ >> /etc/postfix/vmaps postmap /etc/postfix/vmaps postfix reload
Make the file executable:
sudo chmod +x /usr/sbin/adddovecotuser
Add a user like this:
sudo adddovecotuser [email protected]
Script to Set Passwords
First, make sure you have 'mkpasswd' installed:
which mkpasswd
This is not installed by default, and since mkpasswd comes with the 'whois' package, you may have to install this first:
sudo apt-get install whois
Create file:
sudo vi /usr/sbin/mkdovecotpasswd
Add the following code segment and save the file:
#!/bin/bash mkpasswd --hash=md5 $2 > /tmp/hash echo "$1:`cat /tmp/hash`" >> /etc/dovecot/passwd
Make the file executable:
sudo chmod +x /usr/sbin/mkdovecotpasswd
Add a user like this:
sudo mkdovecotpasswd [email protected] password
Replace password with a good password Restart Dovecot to make changes effect Let's remove world readable permission from password file for security:
sudo chmod 640 /etc/dovecot/passwd
To start Devecot for the first time
sudo /etc/init.d/dovecot start
Testing Your Setup
Let's test our system before going production
Testing Dovecot POP3 Server
Type in a terminal
telnet mail.domain1.com 110
An output like the following will display in your terminal
Trying 69.60.109.217... Connected to mail.domain1.com. Escape character is '^]'. +OK dovecot ready.
Type the following code segment in the prompt provided by the Dovecot POP3 server
user [email protected] pass password quit
Final output should be something like this
Trying 69.60.109.217... Connected to mail.domain1.com. Escape character is '^]'. +OK dovecot ready. user [email protected] +OK pass password +OK Logged in. quit +OK Logging out.
Testing Dovecot IMAP Server
Type in a terminal
telnet mail.domain1.com 143
An output like the following will display in your terminal
Trying 69.60.109.217... Connected to mail.domain1.com. Escape character is '^]'. +OK dovecot ready.
Type the following code segment in the prompt provided by the Dovecot IMAP server.
a login [email protected] password a logout
Final output should be something like this
Trying 69.60.109.217... Connected to mail.domain1.com. Escape character is '^]'. +OK dovecot ready. a login [email protected] password a OK Logged in. a logout * BYE Logging out a OK Logout completed.
ClamSMTP SMTP Virus Filter
ClamSMTP is an SMTP filter that allows you to check for viruses using the ClamAV anti-virus software. It accepts SMTP connections and forwards the SMTP commands and responses to another SMTP server. The 'DATA' email body is intercepted and scanned before forwarding. ClamSMTP aims to be lightweight, reliable, and simple rather than have a myriad of options. It's written in C without major dependencies. ClamSMTP can also be used as a transparent proxy to filter an entire network's SMTP traffic at the router.
Installing ClamAV
We need ClamAV daemon to work with ClamSMTP. Let's install ClamAV first, with the following packages: clamav-daemon clamav
Installing ClamSMTP
You need to install the clamsmtp
package.
Setting Postfix to use ClamSMTP
Postfix supports filtering mail through a filter that acts like an SMTP server. Put the following lines in your Postfix main.cf file: Open the file:
sudo vi /etc/postfix/main.cf
If you have doubt where to add the codes look at my example main.cf file Add the codes:
content_filter = scan:127.0.0.1:10026 receive_override_options = no_address_mappings
The content_filter tells Postfix to send all mail through the service called 'scan' on port 10026. We'll set up clamsmtpd to listen on this port later. Next we add the following to the Postfix master.cf file: Open the file:
sudo vi /etc/postfix/master.cf
If you have doubt where to add the codes look at my example master.cf file Add the codes:
# AV scan filter (used by content_filter) scan unix - - n - 16 smtp -o smtp_send_xforward_command=yes # For injecting mail back into postfix from the filter 127.0.0.1:10025 inet n - n - 16 smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks_style=host -o smtpd_authorized_xforward_hosts=127.0.0.0/8
Make sure there's no spaces around the equal signs or commas in the text you added. Best way is to copy and my codes here. The first 2 lines create the scan service. The rest set up a service for accepting mail back into postfix. All the options prevent a mail loop as well as relax address checking and the like, since that's already been done. Make sure to run it as the same user as you run clamd or they'll have problems accessing each other's temporary files. You can use the the following accomplish that.
sudo adduser clamsmtp clamav
Restart Postfix, ClamSMTP, and ClamAV Daemon to make your changes effect:
sudo /etc/init.d/postfix restart sudo /etc/init.d/clamsmtp restart sudo /etc/init.d/clamav-daemon restart
Test ClamSMTP for outgoing mail
We need to test the our outgoing mail for viruses. Best way is to download eicar test virus and attach to a mail and send. Let's do it. Download eicar to you home directory:
wget http://eicar.org/download/eicar_com.zip
Send this file as an attachment to [email protected] Then check your mail.log file:
tail /var/log/mail.log
You should see something like in your log file.
Mar 8 17:12:02 localhost clamsmtpd: 100004: [email protected], [email protected], status=VIRUS:Eicar-Test-Signature Mar 8 17:12:02 localhost postfix/smtp[15634]: 4A6C852110: to=<[email protected]>, relay=127.0.0.1[127.0.0.1], delay=0, status=sent (250 Virus Detected; Discarded Email)
Test ClamSMTP for incoming Mail from the Internet
If you have an actual production mail server you can check your mail server for virus provided by webmail.us. They are sending you harmless test mails with the EICAR virus test signature. Also you can use GFI Security Labs for further testing.
Final thoughts
As I said in the beginning this setup is for a small/medium scale company which has few hundred of mail accounts. This doesn't mean that this system is poorly performing. This setup can handle thousands of account with out any performance issue. What I say is here that we need something more manageable like MySQL/PostgreSQL backend for users, web-based virtual domain management, password modifications by users, etc in a extensible, scalable and robust manner. Hope I have done something for you and Ubuntu. Yet another howto by: ChinthakaDeshapriya.