特殊:Badtitle/NS100:PostfixVirtualMailBoxClamSmtpHowto:修订间差异

来自Ubuntu中文
跳到导航跳到搜索
Oneleaf留言 | 贡献
无编辑摘要
Wikibot留言 | 贡献
无编辑摘要
第1行: 第1行:
{{From|https://help.ubuntu.com/community/PostfixVirtualMailBoxClamSmtpHowto}}
{{From|https://help.ubuntu.com/community/PostfixVirtualMailBoxClamSmtpHowto}}
{{Languages|UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto}}
{{Languages|UbuntuHelp:PostfixVirtualMailBoxClamSmtpHowto}}
== Introduction ==
== Introduction ==
In this setup you will be  running a small to medium sized email server with Postfix virtual mailboxes for Separate domains and non-Linux Accounts. I do not intend teach you basic stuff with Postfix here. If you are new to Postfix please work on my PostfixBasicSetupHowto to understand basics and proceed with this howto. Also I will tell you howto integrate with ClamSMTP, an SMTP filter for Postfix and other mail servers that checks for viruses using the ClamAV anti-virus software. It aims to be lightweight, reliable, and simple and easy to configure
In this setup you will be  running a small to medium sized email server with Postfix virtual mailboxes for Separate domains and non-Linux Accounts. I do not intend teach you basic stuff with Postfix here. If you are new to Postfix please work on my PostfixBasicSetupHowto to understand basics and proceed with this howto. Also I will tell you howto integrate with ClamSMTP, an SMTP filter for Postfix and other mail servers that checks for viruses using the ClamAV anti-virus software. It aims to be lightweight, reliable, and simple and easy to configure
== Example Setup ==
== Example Setup ==
In this howto I assume that your are going to host mails for two example domains. Namely '''domain1.com''' and '''domain2.com'''. Be ready to replace these with your actual domains.
In this howto I assume that your are going to host mails for two example domains. Namely '''domain1.com''' and '''domain2.com'''. Be ready to replace these with your actual domains.
== Install Postfix ==
== Install Postfix ==
'''To install postfix'''
'''To install postfix'''
Install the <code><nowiki>postfix</nowiki></code> package.
Install the <code><nowiki>postfix</nowiki></code> package.
Install <code><nowiki>mailx</nowiki></code> package for use as command line '''mail''' utility program.  
Install <code><nowiki>mailx</nowiki></code> package for use as command line '''mail''' utility program.  
== Setting Postfix Support for Maildir-style Mailboxes ==
== Setting Postfix Support for Maildir-style Mailboxes ==
Maildir is a format for an e-mail spool that does not require file locking to maintain message integrity because the messages are kept in separate files with unique names. A Maildir is a directory (often named Maildir) with three subdirectories named tmp, new, and cur. The subdirectories should all reside on the same filesystem.
Maildir is a format for an e-mail spool that does not require file locking to maintain message integrity because the messages are kept in separate files with unique names. A Maildir is a directory (often named Maildir) with three subdirectories named tmp, new, and cur. The subdirectories should all reside on the same filesystem.
Please find out more about Maildir [http://en.wikipedia.org/wiki/Maildir here]  
Please find out more about Maildir [http://en.wikipedia.org/wiki/Maildir here]  
<pre><nowiki>
<pre><nowiki>
sudo  vi /etc/postfix/main.cf
sudo  vi /etc/postfix/main.cf
</nowiki></pre>
</nowiki></pre>
Add the following code segment:
Add the following code segment:
<pre><nowiki>
<pre><nowiki>
home_mailbox = Maildir/
home_mailbox = Maildir/
</nowiki></pre>
</nowiki></pre>
Remove the Line <code><nowiki> mailbox_command = procmail -a "$EXTENSION"</nowiki></code>. We are not going to use it.
Remove the Line <code><nowiki> mailbox_command = procmail -a "$EXTENSION"</nowiki></code>. We are not going to use it.
'''Restart Postfix''' to make changes effect.
'''Restart Postfix''' to make changes effect.
<pre><nowiki>
<pre><nowiki>
sudo  /etc/init.d/postfix restart
sudo  /etc/init.d/postfix restart
</nowiki></pre>
</nowiki></pre>
== Postfix virtual Mailboxes for Separate Domains and Non-Linux Accounts ==
== Postfix virtual Mailboxes for Separate Domains and Non-Linux Accounts ==
As a system hosts more and more domains and users, it becomes less desirable to give every user their own Linux system account.
As a system hosts more and more domains and users, it becomes less desirable to give every user their own Linux system account.
With the Postfix virtual mailbox delivery agent, every recipient address can have its own virtual mailbox. Unlike virtual alias domains, virtual mailbox domains do not need the translation from each recipient addresses into a different address, and owners of a virtual mailbox address do not need to have a Linux system account.
With the Postfix virtual mailbox delivery agent, every recipient address can have its own virtual mailbox. Unlike virtual alias domains, virtual mailbox domains do not need the translation from each recipient addresses into a different address, and owners of a virtual mailbox address do not need to have a Linux system account.
The Postfix virtual mailbox delivery agent looks up the user mailbox pathname, uid and gid via separate tables that are searched with the recipient's mail address. '''Maildir''' style delivery is turned on by terminating the mailbox pathname with "/".  
The Postfix virtual mailbox delivery agent looks up the user mailbox pathname, uid and gid via separate tables that are searched with the recipient's mail address. '''Maildir''' style delivery is turned on by terminating the mailbox pathname with "/".  
Look at the following figure and it will be our directory structure for mailboxes.
Look at the following figure and it will be our directory structure for mailboxes.
https://help.ubuntu.com/community/PostfixVirtualMailBoxClamSmtpHowto?action=AttachFile&do=get&target=VhostsDomains.png
https://help.ubuntu.com/community/PostfixVirtualMailBoxClamSmtpHowto?action=AttachFile&do=get&target=VhostsDomains.png
I suggest you to transfer all domains into virtual mailboxes. Even if you have setup  postfix with one domain , we will make that domain a virtual domain. Actually you do not need to do this ,but doing this way you will have well organized mail system , and no need to avoid this. Having Postfix host one real domain and the rest virtual means that you will always need to configure Postfix twice: once for each type of domain.  
I suggest you to transfer all domains into virtual mailboxes. Even if you have setup  postfix with one domain , we will make that domain a virtual domain. Actually you do not need to do this ,but doing this way you will have well organized mail system , and no need to avoid this. Having Postfix host one real domain and the rest virtual means that you will always need to configure Postfix twice: once for each type of domain.  
To do that, let's change our <code><nowiki>myhostname</nowiki></code> line in main.cf to read:
To do that, let's change our <code><nowiki>myhostname</nowiki></code> line in main.cf to read:
<pre><nowiki>
<pre><nowiki>
myhostname = localhost
myhostname = localhost
</nowiki></pre>
</nowiki></pre>
=== Create Virtual Mailbox Owner ===
=== Create Virtual Mailbox Owner ===
In our setup all virtual mailboxes are owned by a fixed uid and gid 5000. If this is not what you want, specify lookup tables that are searched by the recipient's mail address.
In our setup all virtual mailboxes are owned by a fixed uid and gid 5000. If this is not what you want, specify lookup tables that are searched by the recipient's mail address.
'''To create virtual mailbox group:'''
'''To create virtual mailbox group:'''
<pre><nowiki>
<pre><nowiki>
sudo groupadd -g 5000 vmail
sudo groupadd -g 5000 vmail
</nowiki></pre>
</nowiki></pre>
'''To create virtual mailbox owner:'''
'''To create virtual mailbox owner:'''
<pre><nowiki>
<pre><nowiki>
sudo useradd -m -u 5000 -g 5000 -s /bin/bash vmail
sudo useradd -m -u 5000 -g 5000 -s /bin/bash vmail
</nowiki></pre>
</nowiki></pre>
Open <code><nowiki>main.cf</nowiki></code>
Open <code><nowiki>main.cf</nowiki></code>
<pre><nowiki>
<pre><nowiki>
sudo vi /etc/postfix/main.cf
sudo vi /etc/postfix/main.cf
</nowiki></pre>
</nowiki></pre>
=== Setup Postfix to Use Virtual Mailboxes ===
=== Setup Postfix to Use Virtual Mailboxes ===
Then add the following code segment to <code><nowiki>main.cf</nowiki></code>
Then add the following code segment to <code><nowiki>main.cf</nowiki></code>
<pre><nowiki>
<pre><nowiki>
第97行: 第59行:
virtual_gid_maps = static:5000
virtual_gid_maps = static:5000
</nowiki></pre>
</nowiki></pre>
In the first line, we're using a text file called vhosts. You can actually name this anything you want. Inside this text file will be a simple one-column list of all the domains you are hosting. For example, add your all domains there.
In the first line, we're using a text file called vhosts. You can actually name this anything you want. Inside this text file will be a simple one-column list of all the domains you are hosting. For example, add your all domains there.
<pre><nowiki>
<pre><nowiki>
sudo vi /etc/postfix/vhosts
sudo vi /etc/postfix/vhosts
</nowiki></pre>
</nowiki></pre>
Add the the following codes:
Add the the following codes:
<pre><nowiki>
<pre><nowiki>
domain1.com
domain1.com
domain2.com
domain2.com
</nowiki></pre>
</nowiki></pre>
This is my example use your own domains here.
This is my example use your own domains here.
The next line <code><nowiki>virtual_mailbox_base</nowiki></code> specifies the base directory where we shall store all of our mail. Again, you can choose anything you want. In our case it will be our <code><nowiki>'''vmail'''</nowiki></code> owners's home directory <code><nowiki>/home/vmail</nowiki></code>
The next line <code><nowiki>virtual_mailbox_base</nowiki></code> specifies the base directory where we shall store all of our mail. Again, you can choose anything you want. In our case it will be our <code><nowiki>'''vmail'''</nowiki></code> owners's home directory <code><nowiki>/home/vmail</nowiki></code>
The third line points to a text file I called <code><nowiki>'''vmaps'''</nowiki></code>. This is a two column text file. The first column specifies a virtual email address. The second column specifies that persons mailbox location. Just like with real domain hosting, if you specify a '''/''' at the end of the location, it becomes Maildir format. If not, it is mbox. Any way in this howto we use '''Maildir''' format.
The third line points to a text file I called <code><nowiki>'''vmaps'''</nowiki></code>. This is a two column text file. The first column specifies a virtual email address. The second column specifies that persons mailbox location. Just like with real domain hosting, if you specify a '''/''' at the end of the location, it becomes Maildir format. If not, it is mbox. Any way in this howto we use '''Maildir''' format.
Setup this file as in this example:
Setup this file as in this example:
<pre><nowiki>
<pre><nowiki>
sudo vi /etc/postfix/vmaps
sudo vi /etc/postfix/vmaps
</nowiki></pre>
</nowiki></pre>
Format of this file should look like:
Format of this file should look like:
<pre><nowiki>
<pre><nowiki>
[email protected]  domain1.com/info/
[email protected]  domain1.com/info/
第132行: 第82行:
[email protected]  domain2.com/sales/
[email protected]  domain2.com/sales/
</nowiki></pre>
</nowiki></pre>
Convert vmaps into a hash file by running:
Convert vmaps into a hash file by running:
<pre><nowiki>
<pre><nowiki>
sudo postmap /etc/postfix/vmaps
sudo postmap /etc/postfix/vmaps
</nowiki></pre>
</nowiki></pre>
Remember to execute the above command every time when you add new map.
Remember to execute the above command every time when you add new map.
Restart Postfix to make changes effect.
Restart Postfix to make changes effect.
<pre><nowiki>
<pre><nowiki>
sudo  /etc/init.d/postfix restart
sudo  /etc/init.d/postfix restart
</nowiki></pre>
</nowiki></pre>
My example config look like the following
My example config look like the following
<pre><nowiki>
<pre><nowiki>
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu/GNU)
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu/GNU)
biff = no
biff = no
# appending .domain is the MUA's job.
# appending .domain is the MUA's job.
append_dot_mydomain = no
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
#delay_warning_time = 4h
myhostname = localhost
myhostname = localhost
alias_maps = hash:/etc/aliases
alias_maps = hash:/etc/aliases
第176行: 第115行:
inet_interfaces = all
inet_interfaces = all
</nowiki></pre>
</nowiki></pre>
=== Test Virtual Mailbox Setup ===
=== Test Virtual Mailbox Setup ===
Remember that the directory structure for a particular user is create when you send    he gets his firs mail.
Remember that the directory structure for a particular user is create when you send    he gets his firs mail.
Send a mail for [email protected]
Send a mail for [email protected]
In a terminal you can type:
In a terminal you can type:
<pre><nowiki>
<pre><nowiki>
</nowiki></pre>
</nowiki></pre>
Check the mailbox
Check the mailbox
<pre><nowiki>
<pre><nowiki>
cd /home/vmail/domain1/info/new
cd /home/vmail/domain1/info/new
ls
ls
</nowiki></pre>
</nowiki></pre>
You see a mail file there. If so,  Cheers!!!, you have done it.  
You see a mail file there. If so,  Cheers!!!, you have done it.  
== Setup Non-Linux Accounts ==
== Setup Non-Linux Accounts ==
Now it's time to work on the non-unix accounts.
Now it's time to work on the non-unix accounts.
There are several popular techniques to do this using services such as OpenLDAP or MySQL and mixing that with Courier IMAP. We won't be using any of those. Instead, we're going to be using something much more simple: plain text files.
There are several popular techniques to do this using services such as OpenLDAP or MySQL and mixing that with Courier IMAP. We won't be using any of those. Instead, we're going to be using something much more simple: plain text files.
In order to do this, we'll be using Dovecot. If you've never heard of it, you will now. '''Dovecot''' is extremely lightweight, flexible, and from what the author says, secure.  
In order to do this, we'll be using Dovecot. If you've never heard of it, you will now. '''Dovecot''' is extremely lightweight, flexible, and from what the author says, secure.  
Remember the following command will install '''Dovecot''' but removes '''Courier IMAP/POP3''' which if you have installed already them. Take it easy ,let's continue to install it.
Remember the following command will install '''Dovecot''' but removes '''Courier IMAP/POP3''' which if you have installed already them. Take it easy ,let's continue to install it.
=== Install Dovecot IMAP/POP3 server ===
=== Install Dovecot IMAP/POP3 server ===
Install the following packages: <code><nowiki>dovecot-common dovecot-imapd dovecot-pop3d</nowiki></code>
Install the following packages: <code><nowiki>dovecot-common dovecot-imapd dovecot-pop3d</nowiki></code>
=== Configure Dovecot ===
=== Configure Dovecot ===
You need to setup the '''dovecot''' to work with our setup. If your are following my steps , the best is to backup your original dovecot config file and create a one for you getting a copy of my file which I will list here.
You need to setup the '''dovecot''' to work with our setup. If your are following my steps , the best is to backup your original dovecot config file and create a one for you getting a copy of my file which I will list here.
Let's backup original config file:
Let's backup original config file:
<pre><nowiki>
<pre><nowiki>
sudo mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.orig
sudo mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.orig
</nowiki></pre>
</nowiki></pre>
Create a new config file and copy my config file into it:
Create a new config file and copy my config file into it:
<pre><nowiki>
<pre><nowiki>
sudo vi /etc/dovecot/dovecot.conf
sudo vi /etc/dovecot/dovecot.conf
</nowiki></pre>
</nowiki></pre>
Copy the following code segment and save the file:
Copy the following code segment and save the file:
<pre><nowiki>
<pre><nowiki>
base_dir = /var/run/dovecot/
base_dir = /var/run/dovecot/
第256行: 第171行:
auth_verbose = yes
auth_verbose = yes
</nowiki></pre>
</nowiki></pre>
----
----
'''Note:'''  
'''Note:'''  
If you are using/testing with Dapper Drake (Ubuntu 6.06), please use [https://wiki.ubuntu.com/DovecotDapperConf Dovecot config file for Dapper ]
If you are using/testing with Dapper Drake (Ubuntu 6.06), please use [https://wiki.ubuntu.com/DovecotDapperConf Dovecot config file for Dapper ]
----
----
Most of the above config lines are pretty self-explanatory . Few of them I need to explain for your understanding.
Most of the above config lines are pretty self-explanatory . Few of them I need to explain for your understanding.
* The line '''"default_mail_env = maildir:/home/vmail/%d/%n"''' is particularly important. In our virtual hosting set up, the way we distinguish one user from another is to have them log in with their full email address. For example, when the email account is '''"[email protected]"''',  Dovecot does some guessing on its end with your user name. If it just sees something like '''"info"''', it set's a variable called '''"%n"'''to '''"info"'''. If it sees '''"[email protected]"''', it will split it up and set '''"%d"''' to '''domain1.com''' and '''"%n"''' to '''"info"'''. Going off of that, if we replace the variables in this line , we get something like: '''maildir:/home/vmail/domain1.com/info'''
* The line '''"default_mail_env = maildir:/home/vmail/%d/%n"''' is particularly important. In our virtual hosting set up, the way we distinguish one user from another is to have them log in with their full email address. For example, when the email account is '''"[email protected]"''',  Dovecot does some guessing on its end with your user name. If it just sees something like '''"info"''', it set's a variable called '''"%n"'''to '''"info"'''. If it sees '''"[email protected]"''', it will split it up and set '''"%d"''' to '''domain1.com''' and '''"%n"''' to '''"info"'''. Going off of that, if we replace the variables in this line , we get something like: '''maildir:/home/vmail/domain1.com/info'''
* The lines '''"auth_userdb == passwd-file /etc/dovecot/users"''' and  '''"auth_passdb == passwd-file /etc/dovecot/passwd"''' are similar /etc/passwd and /etc/shadow file.  
* The lines '''"auth_userdb == passwd-file /etc/dovecot/users"''' and  '''"auth_passdb == passwd-file /etc/dovecot/passwd"''' are similar /etc/passwd and /etc/shadow file.  
'''The format of these files goes like this:'''
'''The format of these files goes like this:'''
::
::
<pre><nowiki>
<pre><nowiki>
/etc/dovecot/users:
/etc/dovecot/users:
[email protected]::5000:5000::/home/vmail/domain1.com/:/bin/false::
[email protected]::5000:5000::/home/vmail/domain1.com/:/bin/false::
</nowiki></pre>
</nowiki></pre>
<pre><nowiki>
<pre><nowiki>
/etc/dovecot/passwd:
/etc/dovecot/passwd:
[email protected]:$1$G/FqlOG5$Vj0xmc9fKY.UVr8OWr/7C1
[email protected]:$1$G/FqlOG5$Vj0xmc9fKY.UVr8OWr/7C1
</nowiki></pre>  
</nowiki></pre>  
The 5000:5000 corresponds to the '''uid''' and '''gid''' of the "virtual" called '''vmail''' who owns all the mailboxes in the system . The home directory includes everything but the word before the @ in the email address.  
The 5000:5000 corresponds to the '''uid''' and '''gid''' of the "virtual" called '''vmail''' who owns all the mailboxes in the system . The home directory includes everything but the word before the @ in the email address.  
=== Create Dovecot Users ===
=== Create Dovecot Users ===
There are no commands like '''useradd''' and '''passwd''' to add users and passwords for our mail system. I will provide small and quick solution with a bash script. Drawback of my system is that it can not delete users, but you can delete them manually opening the files with '''vi''' like ASCII text editor.  
There are no commands like '''useradd''' and '''passwd''' to add users and passwords for our mail system. I will provide small and quick solution with a bash script. Drawback of my system is that it can not delete users, but you can delete them manually opening the files with '''vi''' like ASCII text editor.  
==== Script to Add Users ====
==== Script to Add Users ====
Create file:
Create file:
<pre><nowiki>
<pre><nowiki>
sudo vi /usr/sbin/adddovecotuser  
sudo vi /usr/sbin/adddovecotuser  
</nowiki></pre>
</nowiki></pre>
Add the following code segment and save the file:
Add the following code segment and save the file:
<pre><nowiki>
<pre><nowiki>
#!/bin/bash
#!/bin/bash
第304行: 第203行:
domain=`cat /tmp/user | cut -f2 -d "@"`
domain=`cat /tmp/user | cut -f2 -d "@"`
echo "$user@$domain::5000:5000::/home/vmail/$domain/:/bin/false::" >> /etc/dovecot/users
echo "$user@$domain::5000:5000::/home/vmail/$domain/:/bin/false::" >> /etc/dovecot/users
# Create the needed Maildir directories
# Create the needed Maildir directories
/usr/bin/maildirmake.dovecot /home/vmail/$domain/$user 5000:5000
/usr/bin/maildirmake.dovecot /home/vmail/$domain/$user 5000:5000
# To add user to Postfix virtual map file and relode Postfix
# To add user to Postfix virtual map file and relode Postfix
echo $1  $domain/$user/ >> /etc/postfix/vmaps
echo $1  $domain/$user/ >> /etc/postfix/vmaps
postmap /etc/postfix/vmaps
postmap /etc/postfix/vmaps
postfix reload
postfix reload
</nowiki></pre>
</nowiki></pre>
Make the file executable:
Make the file executable:
<pre><nowiki>
<pre><nowiki>
sudo chmod +x /usr/sbin/adddovecotuser  
sudo chmod +x /usr/sbin/adddovecotuser  
</nowiki></pre>
</nowiki></pre>
Add a user like this:
Add a user like this:
<pre><nowiki>
<pre><nowiki>
sudo adddovecotuser [email protected]
sudo adddovecotuser [email protected]
</nowiki></pre>
</nowiki></pre>
==== Script to Set Passwords ====
==== Script to Set Passwords ====
First, make sure you have 'mkpasswd' installed:
First, make sure you have 'mkpasswd' installed:
<pre><nowiki>
<pre><nowiki>
which mkpasswd
which mkpasswd
</nowiki></pre>
</nowiki></pre>
This is not installed by default, and since mkpasswd comes with the 'whois' package,  
This is not installed by default, and since mkpasswd comes with the 'whois' package,  
you may have to install this first:
you may have to install this first:
第339行: 第228行:
sudo apt-get install whois
sudo apt-get install whois
</nowiki></pre>
</nowiki></pre>
Create file:
Create file:
<pre><nowiki>
<pre><nowiki>
sudo vi /usr/sbin/mkdovecotpasswd  
sudo vi /usr/sbin/mkdovecotpasswd  
</nowiki></pre>
</nowiki></pre>
Add the following code segment and save the file:
Add the following code segment and save the file:
<pre><nowiki>
<pre><nowiki>
#!/bin/bash
#!/bin/bash
第353行: 第238行:
echo "$1:`cat /tmp/hash`" >> /etc/dovecot/passwd
echo "$1:`cat /tmp/hash`" >> /etc/dovecot/passwd
</nowiki></pre>
</nowiki></pre>
Make the file executable:
Make the file executable:
<pre><nowiki>
<pre><nowiki>
sudo chmod +x /usr/sbin/mkdovecotpasswd  
sudo chmod +x /usr/sbin/mkdovecotpasswd  
</nowiki></pre>
</nowiki></pre>
Add a user like this:
Add a user like this:
<pre><nowiki>
<pre><nowiki>
sudo mkdovecotpasswd [email protected] password
sudo mkdovecotpasswd [email protected] password
</nowiki></pre>
</nowiki></pre>
Replace '''password''' with a good password
Replace '''password''' with a good password
Restart Dovecot to make changes effect
Restart Dovecot to make changes effect
Let's remove world readable permission from password file for security:
Let's remove world readable permission from password file for security:
<pre><nowiki>
<pre><nowiki>
sudo chmod 640 /etc/dovecot/passwd
sudo chmod 640 /etc/dovecot/passwd
</nowiki></pre>
</nowiki></pre>
To start Devecot for the first time
To start Devecot for the first time
<pre><nowiki>
<pre><nowiki>
sudo /etc/init.d/dovecot start
sudo /etc/init.d/dovecot start
</nowiki></pre>
</nowiki></pre>
== Testing Your Setup ==
== Testing Your Setup ==
Let's test our system before going production
Let's test our system before going production
=== Testing Dovecot POP3 Server ===
=== Testing Dovecot POP3 Server ===
Type in a terminal
Type in a terminal
<pre><nowiki>
<pre><nowiki>
telnet mail.domain1.com 110
telnet mail.domain1.com 110
</nowiki></pre>
</nowiki></pre>
An output like the following will display in your terminal
An output like the following will display in your terminal
<pre><nowiki>
<pre><nowiki>
Trying 69.60.109.217...
Trying 69.60.109.217...
第402行: 第270行:
+OK dovecot ready.
+OK dovecot ready.
</nowiki></pre>
</nowiki></pre>
Type the following code segment in the prompt provided by the Dovecot POP3 server
Type the following code segment in the prompt provided by the Dovecot POP3 server
<pre><nowiki>
<pre><nowiki>
第409行: 第276行:
quit
quit
</nowiki></pre>
</nowiki></pre>
Final output should be something like this
Final output should be something like this
<pre><nowiki>
<pre><nowiki>
Trying 69.60.109.217...
Trying 69.60.109.217...
第423行: 第288行:
quit
quit
+OK Logging out.
+OK Logging out.
</nowiki></pre>
</nowiki></pre>
=== Testing Dovecot IMAP Server ===
=== Testing Dovecot IMAP Server ===
Type in a terminal
Type in a terminal
<pre><nowiki>
<pre><nowiki>
telnet mail.domain1.com 143
telnet mail.domain1.com 143
</nowiki></pre>
</nowiki></pre>
An output like the following will display in your terminal
An output like the following will display in your terminal
<pre><nowiki>
<pre><nowiki>
Trying 69.60.109.217...
Trying 69.60.109.217...
第442行: 第301行:
+OK dovecot ready.
+OK dovecot ready.
</nowiki></pre>
</nowiki></pre>
Type the following code segment in the prompt provided by the Dovecot IMAP server.
Type the following code segment in the prompt provided by the Dovecot IMAP server.
<pre><nowiki>
<pre><nowiki>
第448行: 第306行:
a logout
a logout
</nowiki></pre>
</nowiki></pre>
Final output should be something like this
Final output should be something like this
<pre><nowiki>
<pre><nowiki>
Trying 69.60.109.217...
Trying 69.60.109.217...
第462行: 第318行:
a OK Logout completed.
a OK Logout completed.
</nowiki></pre>
</nowiki></pre>
== ClamSMTP SMTP Virus Filter ==
== ClamSMTP SMTP Virus Filter ==
ClamSMTP is an SMTP filter that allows you to check for viruses using the ClamAV anti-virus software. It accepts SMTP connections and forwards the SMTP commands and responses to another SMTP server. The 'DATA' email body is intercepted and scanned before forwarding.
ClamSMTP is an SMTP filter that allows you to check for viruses using the ClamAV anti-virus software. It accepts SMTP connections and forwards the SMTP commands and responses to another SMTP server. The 'DATA' email body is intercepted and scanned before forwarding.
ClamSMTP aims to be lightweight, reliable, and simple rather than have a myriad of options. It's written in C without major dependencies.
ClamSMTP aims to be lightweight, reliable, and simple rather than have a myriad of options. It's written in C without major dependencies.
ClamSMTP can also be used as a transparent proxy to filter an entire network's SMTP traffic at the router.
ClamSMTP can also be used as a transparent proxy to filter an entire network's SMTP traffic at the router.
=== Installing ClamAV ===
=== Installing ClamAV ===
We need ClamAV daemon to work with ClamSMTP. Let's install ClamAV first, with the following packages: <code><nowiki>clamav-daemon clamav</nowiki></code>
We need ClamAV daemon to work with ClamSMTP. Let's install ClamAV first, with the following packages: <code><nowiki>clamav-daemon clamav</nowiki></code>
=== Installing ClamSMTP ===
=== Installing ClamSMTP ===
You need to install the <code><nowiki>clamsmtp</nowiki></code> package.
You need to install the <code><nowiki>clamsmtp</nowiki></code> package.
=== Setting Postfix to use ClamSMTP ===
=== Setting Postfix to use ClamSMTP ===
Postfix supports filtering mail through a filter that acts like an SMTP server.
Postfix supports filtering mail through a filter that acts like an SMTP server.
Put the following lines in your Postfix main.cf file:  
Put the following lines in your Postfix main.cf file:  
Open the file:
Open the file:
<pre><nowiki>
<pre><nowiki>
sudo vi /etc/postfix/main.cf  
sudo vi /etc/postfix/main.cf  
</nowiki></pre>
</nowiki></pre>
If you have doubt where to add the codes look at my example [https://wiki.ubuntu.com/PostfixClamSmtpMainCf main.cf] file
If you have doubt where to add the codes look at my example [https://wiki.ubuntu.com/PostfixClamSmtpMainCf main.cf] file
Add the codes:
Add the codes:
<pre><nowiki>
<pre><nowiki>
content_filter = scan:127.0.0.1:10026
content_filter = scan:127.0.0.1:10026
receive_override_options = no_address_mappings
receive_override_options = no_address_mappings
</nowiki></pre>
</nowiki></pre>
The '''content_filter''' tells Postfix to send all mail through the service called 'scan' on '''port 10026'''. We'll set up clamsmtpd to listen on this port later.
The '''content_filter''' tells Postfix to send all mail through the service called 'scan' on '''port 10026'''. We'll set up clamsmtpd to listen on this port later.
Next we add the following to the Postfix master.cf file:
Next we add the following to the Postfix master.cf file:
Open the file:
Open the file:
<pre><nowiki>
<pre><nowiki>
sudo vi /etc/postfix/master.cf
sudo vi /etc/postfix/master.cf
</nowiki></pre>
</nowiki></pre>
If you have doubt where to add the codes look at my example [https://wiki.ubuntu.com/PostfixClamSmtpMasterCf master.cf] file
If you have doubt where to add the codes look at my example [https://wiki.ubuntu.com/PostfixClamSmtpMasterCf master.cf] file
Add the codes:
Add the codes:
<pre><nowiki>
<pre><nowiki>
# AV scan filter (used by content_filter)
# AV scan filter (used by content_filter)
第528行: 第362行:
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
</nowiki></pre>
</nowiki></pre>
Make sure there's no spaces around the equal signs or commas in the text you added. Best way is to copy and my codes here.
Make sure there's no spaces around the equal signs or commas in the text you added. Best way is to copy and my codes here.
The first 2 lines create the '''scan''' service. The rest set up a service for accepting mail back into postfix. All the options prevent a mail loop as well as relax address checking and the like, since that's already been done.
The first 2 lines create the '''scan''' service. The rest set up a service for accepting mail back into postfix. All the options prevent a mail loop as well as relax address checking and the like, since that's already been done.
Make sure to run it as the same user as you run clamd or they'll have problems accessing each other's temporary files. You can use the the following accomplish  
Make sure to run it as the same user as you run clamd or they'll have problems accessing each other's temporary files. You can use the the following accomplish  
that.
that.
<pre><nowiki>
<pre><nowiki>
sudo adduser clamsmtp clamav
sudo adduser clamsmtp clamav
</nowiki></pre>
</nowiki></pre>
Restart Postfix, ClamSMTP, and ClamAV Daemon to make your changes effect:
Restart Postfix, ClamSMTP, and ClamAV Daemon to make your changes effect:
<pre><nowiki>
<pre><nowiki>
sudo /etc/init.d/postfix restart
sudo /etc/init.d/postfix restart
第549行: 第375行:
sudo /etc/init.d/clamav-daemon restart
sudo /etc/init.d/clamav-daemon restart
</nowiki></pre>
</nowiki></pre>
== Test ClamSMTP for outgoing mail ==
== Test ClamSMTP for outgoing mail ==
We need to test the our outgoing mail for viruses. Best way is to download '''eicar''' test virus and attach to a mail and send. Let's do it.
We need to test the our outgoing mail for viruses. Best way is to download '''eicar''' test virus and attach to a mail and send. Let's do it.
Download eicar to you home directory:
Download eicar to you home directory:
<pre><nowiki>
<pre><nowiki>
wget http://eicar.org/download/eicar_com.zip
wget http://eicar.org/download/eicar_com.zip
</nowiki></pre>
</nowiki></pre>
Send this file as an attachment to '''[email protected]'''
Send this file as an attachment to '''[email protected]'''
Then check your '''mail.log''' file:
Then check your '''mail.log''' file:
<pre><nowiki>
<pre><nowiki>
tail /var/log/mail.log
tail /var/log/mail.log
</nowiki></pre>
</nowiki></pre>
You should see something like in your log file.
You should see something like in your log file.
<pre><nowiki>
<pre><nowiki>
Mar  8 17:12:02 localhost clamsmtpd: 100004: [email protected], [email protected], status=VIRUS:Eicar-Test-Signature
Mar  8 17:12:02 localhost clamsmtpd: 100004: [email protected], [email protected], status=VIRUS:Eicar-Test-Signature
Mar  8 17:12:02 localhost postfix/smtp[15634]: 4A6C852110: to=<[email protected]>, relay=127.0.0.1[127.0.0.1], delay=0, status=sent (250 Virus Detected; Discarded Email)
Mar  8 17:12:02 localhost postfix/smtp[15634]: 4A6C852110: to=<[email protected]>, relay=127.0.0.1[127.0.0.1], delay=0, status=sent (250 Virus Detected; Discarded Email)
</nowiki></pre>
</nowiki></pre>
== Test ClamSMTP for incoming Mail from the Internet ==
== Test ClamSMTP for incoming Mail from the Internet ==
If you have an actual production mail server you can check your mail server for virus provided by [http://www.webmail.us/testvirus webmail.us]. They are sending you harmless test mails with the EICAR virus test signature. Also you can use [http://www.gfi.com/emailsecuritytest/ GFI Security Labs ] for further testing.
If you have an actual production mail server you can check your mail server for virus provided by [http://www.webmail.us/testvirus webmail.us]. They are sending you harmless test mails with the EICAR virus test signature. Also you can use [http://www.gfi.com/emailsecuritytest/ GFI Security Labs ] for further testing.
== Final thoughts ==
== Final thoughts ==
As I said in the beginning this setup is for a small/medium scale company which has few  hundred of mail accounts. This doesn't mean that  this system is poorly performing. This  setup can handle thousands of account with out any performance issue. What I say is here that we need  something more manageable like MySQL/PostgreSQL backend for users, web-based virtual domain management, password modifications by users, etc in a extensible,  scalable and robust manner.
As I said in the beginning this setup is for a small/medium scale company which has few  hundred of mail accounts. This doesn't mean that  this system is poorly performing. This  setup can handle thousands of account with out any performance issue. What I say is here that we need  something more manageable like MySQL/PostgreSQL backend for users, web-based virtual domain management, password modifications by users, etc in a extensible,  scalable and robust manner.
Hope I have done something for you and Ubuntu.
Hope I have done something for you and Ubuntu.
Yet another howto by: ChinthakaDeshapriya.
Yet another howto by: ChinthakaDeshapriya.
----
----
[[category:CategoryDocumentation]]
[[category:CategoryDocumentation]]


[[category:UbuntuHelp]]
[[category:UbuntuHelp]]

2007年11月30日 (五) 21:06的版本

{{#ifexist: :PostfixVirtualMailBoxClamSmtpHowto/zh | | {{#ifexist: PostfixVirtualMailBoxClamSmtpHowto/zh | | {{#ifeq: {{#titleparts:PostfixVirtualMailBoxClamSmtpHowto|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:PostfixVirtualMailBoxClamSmtpHowto|1|-1|}} | zh | | }}

Introduction

In this setup you will be running a small to medium sized email server with Postfix virtual mailboxes for Separate domains and non-Linux Accounts. I do not intend teach you basic stuff with Postfix here. If you are new to Postfix please work on my PostfixBasicSetupHowto to understand basics and proceed with this howto. Also I will tell you howto integrate with ClamSMTP, an SMTP filter for Postfix and other mail servers that checks for viruses using the ClamAV anti-virus software. It aims to be lightweight, reliable, and simple and easy to configure

Example Setup

In this howto I assume that your are going to host mails for two example domains. Namely domain1.com and domain2.com. Be ready to replace these with your actual domains.

Install Postfix

To install postfix Install the postfix package. Install mailx package for use as command line mail utility program.

Setting Postfix Support for Maildir-style Mailboxes

Maildir is a format for an e-mail spool that does not require file locking to maintain message integrity because the messages are kept in separate files with unique names. A Maildir is a directory (often named Maildir) with three subdirectories named tmp, new, and cur. The subdirectories should all reside on the same filesystem. Please find out more about Maildir here

sudo  vi /etc/postfix/main.cf

Add the following code segment:

home_mailbox = Maildir/

Remove the Line mailbox_command = procmail -a "$EXTENSION". We are not going to use it. Restart Postfix to make changes effect.

sudo  /etc/init.d/postfix restart

Postfix virtual Mailboxes for Separate Domains and Non-Linux Accounts

As a system hosts more and more domains and users, it becomes less desirable to give every user their own Linux system account. With the Postfix virtual mailbox delivery agent, every recipient address can have its own virtual mailbox. Unlike virtual alias domains, virtual mailbox domains do not need the translation from each recipient addresses into a different address, and owners of a virtual mailbox address do not need to have a Linux system account. The Postfix virtual mailbox delivery agent looks up the user mailbox pathname, uid and gid via separate tables that are searched with the recipient's mail address. Maildir style delivery is turned on by terminating the mailbox pathname with "/". Look at the following figure and it will be our directory structure for mailboxes. PostfixVirtualMailBoxClamSmtpHowto?action=AttachFile&do=get&target=VhostsDomains.png I suggest you to transfer all domains into virtual mailboxes. Even if you have setup postfix with one domain , we will make that domain a virtual domain. Actually you do not need to do this ,but doing this way you will have well organized mail system , and no need to avoid this. Having Postfix host one real domain and the rest virtual means that you will always need to configure Postfix twice: once for each type of domain. To do that, let's change our myhostname line in main.cf to read:

myhostname = localhost

Create Virtual Mailbox Owner

In our setup all virtual mailboxes are owned by a fixed uid and gid 5000. If this is not what you want, specify lookup tables that are searched by the recipient's mail address. To create virtual mailbox group:

sudo groupadd -g 5000 vmail

To create virtual mailbox owner:

sudo useradd -m -u 5000 -g 5000 -s /bin/bash vmail

Open main.cf

sudo vi /etc/postfix/main.cf

Setup Postfix to Use Virtual Mailboxes

Then add the following code segment to main.cf

virtual_mailbox_domains = /etc/postfix/vhosts
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = hash:/etc/postfix/vmaps
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

In the first line, we're using a text file called vhosts. You can actually name this anything you want. Inside this text file will be a simple one-column list of all the domains you are hosting. For example, add your all domains there.

sudo vi /etc/postfix/vhosts

Add the the following codes:

domain1.com
domain2.com

This is my example use your own domains here. The next line virtual_mailbox_base specifies the base directory where we shall store all of our mail. Again, you can choose anything you want. In our case it will be our '''vmail''' owners's home directory /home/vmail The third line points to a text file I called '''vmaps'''. This is a two column text file. The first column specifies a virtual email address. The second column specifies that persons mailbox location. Just like with real domain hosting, if you specify a / at the end of the location, it becomes Maildir format. If not, it is mbox. Any way in this howto we use Maildir format. Setup this file as in this example:

sudo vi /etc/postfix/vmaps

Format of this file should look like:

[email protected]  domain1.com/info/
[email protected]  domain1.com/sales/
[email protected]  domain2.com/info/
[email protected]  domain2.com/sales/

Convert vmaps into a hash file by running:

sudo postmap /etc/postfix/vmaps

Remember to execute the above command every time when you add new map. Restart Postfix to make changes effect.

sudo  /etc/init.d/postfix restart

My example config look like the following

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
myhostname = localhost
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $myhostname
mynetworks = 127.0.0.0/8, 10.0.0.0/24
mailbox_size_limit = 0
home_mailbox = Maildir/
virtual_mailbox_domains = /etc/postfix/vhosts
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = hash:/etc/postfix/vmaps
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
recipient_delimiter = +
inet_interfaces = all

Test Virtual Mailbox Setup

Remember that the directory structure for a particular user is create when you send he gets his firs mail. Send a mail for [email protected] In a terminal you can type:

mail [email protected]

Check the mailbox

cd /home/vmail/domain1/info/new
ls

You see a mail file there. If so, Cheers!!!, you have done it.

Setup Non-Linux Accounts

Now it's time to work on the non-unix accounts. There are several popular techniques to do this using services such as OpenLDAP or MySQL and mixing that with Courier IMAP. We won't be using any of those. Instead, we're going to be using something much more simple: plain text files. In order to do this, we'll be using Dovecot. If you've never heard of it, you will now. Dovecot is extremely lightweight, flexible, and from what the author says, secure. Remember the following command will install Dovecot but removes Courier IMAP/POP3 which if you have installed already them. Take it easy ,let's continue to install it.

Install Dovecot IMAP/POP3 server

Install the following packages: dovecot-common dovecot-imapd dovecot-pop3d

Configure Dovecot

You need to setup the dovecot to work with our setup. If your are following my steps , the best is to backup your original dovecot config file and create a one for you getting a copy of my file which I will list here. Let's backup original config file:

sudo mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.orig

Create a new config file and copy my config file into it:

sudo vi /etc/dovecot/dovecot.conf

Copy the following code segment and save the file:

base_dir = /var/run/dovecot/
protocols = imap pop3
log_path = /var/log/dovecot
info_log_path = /var/log/dovecot.info
login_dir = /var/run/dovecot/login
login_chroot = yes
login = imap
login_executable = /usr/lib/dovecot/imap-login
login_user = dovecot
login = pop3
login_executable = /usr/lib/dovecot/pop3-login
valid_chroot_dirs = /var/spool/vmail
default_mail_env = maildir:/home/vmail/%d/%n
imap_executable = /usr/lib/dovecot/imap
pop3_executable = /usr/lib/dovecot/pop3
auth = default
disable_plaintext_auth = no
auth_mechanisms = plain digest-md5
auth_userdb = passwd-file /etc/dovecot/users
auth_passdb = passwd-file /etc/dovecot/passwd
auth_executable = /usr/lib/dovecot/dovecot-auth
auth_user = root
auth_verbose = yes

Note: If you are using/testing with Dapper Drake (Ubuntu 6.06), please use Dovecot config file for Dapper


Most of the above config lines are pretty self-explanatory . Few of them I need to explain for your understanding.

  • The line "default_mail_env = maildir:/home/vmail/%d/%n" is particularly important. In our virtual hosting set up, the way we distinguish one user from another is to have them log in with their full email address. For example, when the email account is "[email protected]", Dovecot does some guessing on its end with your user name. If it just sees something like "info", it set's a variable called "%n"to "info". If it sees "[email protected]", it will split it up and set "%d" to domain1.com and "%n" to "info". Going off of that, if we replace the variables in this line , we get something like: maildir:/home/vmail/domain1.com/info
  • The lines "auth_userdb == passwd-file /etc/dovecot/users" and "auth_passdb == passwd-file /etc/dovecot/passwd" are similar /etc/passwd and /etc/shadow file.

The format of these files goes like this:

/etc/dovecot/users:
[email protected]::5000:5000::/home/vmail/domain1.com/:/bin/false::
/etc/dovecot/passwd:
[email protected]:$1$G/FqlOG5$Vj0xmc9fKY.UVr8OWr/7C1

The 5000:5000 corresponds to the uid and gid of the "virtual" called vmail who owns all the mailboxes in the system . The home directory includes everything but the word before the @ in the email address.

Create Dovecot Users

There are no commands like useradd and passwd to add users and passwords for our mail system. I will provide small and quick solution with a bash script. Drawback of my system is that it can not delete users, but you can delete them manually opening the files with vi like ASCII text editor.

Script to Add Users

Create file:

sudo vi /usr/sbin/adddovecotuser 

Add the following code segment and save the file:

#!/bin/bash
echo "$1" > /tmp/user
user=`cat /tmp/user | cut -f1 -d "@"`
domain=`cat /tmp/user | cut -f2 -d "@"`
echo "$user@$domain::5000:5000::/home/vmail/$domain/:/bin/false::" >> /etc/dovecot/users
# Create the needed Maildir directories
/usr/bin/maildirmake.dovecot /home/vmail/$domain/$user 5000:5000
# To add user to Postfix virtual map file and relode Postfix
echo $1  $domain/$user/ >> /etc/postfix/vmaps
postmap /etc/postfix/vmaps
postfix reload

Make the file executable:

sudo chmod +x /usr/sbin/adddovecotuser 

Add a user like this:

sudo adddovecotuser [email protected]

Script to Set Passwords

First, make sure you have 'mkpasswd' installed:

which mkpasswd

This is not installed by default, and since mkpasswd comes with the 'whois' package, you may have to install this first:

sudo apt-get install whois

Create file:

sudo vi /usr/sbin/mkdovecotpasswd 

Add the following code segment and save the file:

#!/bin/bash
mkpasswd --hash=md5 $2  > /tmp/hash
echo "$1:`cat /tmp/hash`" >> /etc/dovecot/passwd

Make the file executable:

sudo chmod +x /usr/sbin/mkdovecotpasswd 

Add a user like this:

sudo mkdovecotpasswd [email protected] password

Replace password with a good password Restart Dovecot to make changes effect Let's remove world readable permission from password file for security:

sudo chmod 640 /etc/dovecot/passwd

To start Devecot for the first time

sudo /etc/init.d/dovecot start

Testing Your Setup

Let's test our system before going production

Testing Dovecot POP3 Server

Type in a terminal

telnet mail.domain1.com 110

An output like the following will display in your terminal

Trying 69.60.109.217...
Connected to mail.domain1.com.
Escape character is '^]'.
+OK dovecot ready.

Type the following code segment in the prompt provided by the Dovecot POP3 server

user [email protected]
pass password
quit

Final output should be something like this

Trying 69.60.109.217...
Connected to mail.domain1.com.
Escape character is '^]'.
+OK dovecot ready.
user [email protected]
+OK
pass password
+OK Logged in.
quit
+OK Logging out.

Testing Dovecot IMAP Server

Type in a terminal

telnet mail.domain1.com 143

An output like the following will display in your terminal

Trying 69.60.109.217...
Connected to mail.domain1.com.
Escape character is '^]'.
+OK dovecot ready.

Type the following code segment in the prompt provided by the Dovecot IMAP server.

a login [email protected] password
a logout

Final output should be something like this

Trying 69.60.109.217...
Connected to mail.domain1.com.
Escape character is '^]'.
+OK dovecot ready.
a login [email protected] password
a OK Logged in.
a logout
* BYE Logging out
a OK Logout completed.

ClamSMTP SMTP Virus Filter

ClamSMTP is an SMTP filter that allows you to check for viruses using the ClamAV anti-virus software. It accepts SMTP connections and forwards the SMTP commands and responses to another SMTP server. The 'DATA' email body is intercepted and scanned before forwarding. ClamSMTP aims to be lightweight, reliable, and simple rather than have a myriad of options. It's written in C without major dependencies. ClamSMTP can also be used as a transparent proxy to filter an entire network's SMTP traffic at the router.

Installing ClamAV

We need ClamAV daemon to work with ClamSMTP. Let's install ClamAV first, with the following packages: clamav-daemon clamav

Installing ClamSMTP

You need to install the clamsmtp package.

Setting Postfix to use ClamSMTP

Postfix supports filtering mail through a filter that acts like an SMTP server. Put the following lines in your Postfix main.cf file: Open the file:

sudo vi /etc/postfix/main.cf 

If you have doubt where to add the codes look at my example main.cf file Add the codes:

content_filter = scan:127.0.0.1:10026
receive_override_options = no_address_mappings

The content_filter tells Postfix to send all mail through the service called 'scan' on port 10026. We'll set up clamsmtpd to listen on this port later. Next we add the following to the Postfix master.cf file: Open the file:

sudo vi /etc/postfix/master.cf

If you have doubt where to add the codes look at my example master.cf file Add the codes:

# AV scan filter (used by content_filter)
scan      unix  -       -       n       -       16      smtp
-o smtp_send_xforward_command=yes
# For injecting mail back into postfix from the filter
127.0.0.1:10025 inet  n -       n       -       16      smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8

Make sure there's no spaces around the equal signs or commas in the text you added. Best way is to copy and my codes here. The first 2 lines create the scan service. The rest set up a service for accepting mail back into postfix. All the options prevent a mail loop as well as relax address checking and the like, since that's already been done. Make sure to run it as the same user as you run clamd or they'll have problems accessing each other's temporary files. You can use the the following accomplish that.

sudo adduser clamsmtp clamav

Restart Postfix, ClamSMTP, and ClamAV Daemon to make your changes effect:

sudo /etc/init.d/postfix restart
sudo /etc/init.d/clamsmtp restart
sudo /etc/init.d/clamav-daemon restart

Test ClamSMTP for outgoing mail

We need to test the our outgoing mail for viruses. Best way is to download eicar test virus and attach to a mail and send. Let's do it. Download eicar to you home directory:

wget http://eicar.org/download/eicar_com.zip

Send this file as an attachment to [email protected] Then check your mail.log file:

tail /var/log/mail.log

You should see something like in your log file.

Mar  8 17:12:02 localhost clamsmtpd: 100004: [email protected], [email protected], status=VIRUS:Eicar-Test-Signature
Mar  8 17:12:02 localhost postfix/smtp[15634]: 4A6C852110: to=<[email protected]>, relay=127.0.0.1[127.0.0.1], delay=0, status=sent (250 Virus Detected; Discarded Email)

Test ClamSMTP for incoming Mail from the Internet

If you have an actual production mail server you can check your mail server for virus provided by webmail.us. They are sending you harmless test mails with the EICAR virus test signature. Also you can use GFI Security Labs for further testing.

Final thoughts

As I said in the beginning this setup is for a small/medium scale company which has few hundred of mail accounts. This doesn't mean that this system is poorly performing. This setup can handle thousands of account with out any performance issue. What I say is here that we need something more manageable like MySQL/PostgreSQL backend for users, web-based virtual domain management, password modifications by users, etc in a extensible, scalable and robust manner. Hope I have done something for you and Ubuntu. Yet another howto by: ChinthakaDeshapriya.