Erinevus lehekülje "Mailiserver" redaktsioonide vahel

Allikas: Kuutõrvaja
(= Mailman)
1. rida: 1. rida:
 
====== Mailserver ======
 
====== Mailserver ======
 
  
 
===== Sissejuhatus =====
 
===== Sissejuhatus =====
 
  
 
Vastukaaluks ühele naljakale artiklile äripäevas ( http://209.85.135.104/search?q=cache:HtdTW-LZ1_IJ:www.aripaev.ee/3693/rubr_artiklid_369301.html&hl=et&strip=1 ) kirjutaks Postfixist.
 
Vastukaaluks ühele naljakale artiklile äripäevas ( http://209.85.135.104/search?q=cache:HtdTW-LZ1_IJ:www.aripaev.ee/3693/rubr_artiklid_369301.html&hl=et&strip=1 ) kirjutaks Postfixist.
14. rida: 12. rida:
  
 
Exchange 2007 mahupiirang on palju kordi suurem ja Linrosi arvates ei ole sellega mingit muret ette näha üsna pikaks ajaks.
 
Exchange 2007 mahupiirang on palju kordi suurem ja Linrosi arvates ei ole sellega mingit muret ette näha üsna pikaks ajaks.
 
 
...
 
...
  
35. rida: 32. rida:
 
Windows Med Biz Infra CAL English OLP NL Promo User CAL. (Sisaldab nii Windowsi kui ka Exchange serveri CALe, Microsofti Promo kehtis kuni 29.06.07) - 50 tk
 
Windows Med Biz Infra CAL English OLP NL Promo User CAL. (Sisaldab nii Windowsi kui ka Exchange serveri CALe, Microsofti Promo kehtis kuni 29.06.07) - 50 tk
 
</nowiki>
 
</nowiki>
 
 
 
  
 
===== Tarkvara valik =====
 
===== Tarkvara valik =====
53. rida: 47. rida:
  
 
FreeBSD paigaldust ma siinkohal kirjeldama ei hakka ning eeldan, et portsid on paigas & hilja aegu uudendatud.
 
FreeBSD paigaldust ma siinkohal kirjeldama ei hakka ning eeldan, et portsid on paigas & hilja aegu uudendatud.
 
 
  
 
==== Postfix ====
 
==== Postfix ====
320. rida: 312. rida:
  
 
Nüüdseks peaks hulka tarkvara juba peal olema, ning oleks vaja see ka töökorda seada. Teeme seda samas järjekorras.
 
Nüüdseks peaks hulka tarkvara juba peal olema, ning oleks vaja see ka töökorda seada. Teeme seda samas järjekorras.
 
 
 
 
  
 
==== Postfix ====
 
==== Postfix ====
493. rida: 481. rida:
 
Viidatud failid ( asuvad /usr/local/etc/postfix/pgsql all - kataloog mida freebsd installis by default ei ole, so mkdir v6i vaheta optionites
 
Viidatud failid ( asuvad /usr/local/etc/postfix/pgsql all - kataloog mida freebsd installis by default ei ole, so mkdir v6i vaheta optionites
 
pathi kui sa nad mujale paned ) mida postgresql'ga suhtlemisel SQL p2ringute tegemiseks kasutatakse:
 
pathi kui sa nad mujale paned ) mida postgresql'ga suhtlemisel SQL p2ringute tegemiseks kasutatakse:
<nowiki>
 
cat pgsql/relay_domains.cf
 
user = postfix
 
password = pass
 
hosts = localhost
 
dbname = postfix
 
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = true
 
</nowiki>
 
  
<nowiki>
+
cat pgsql/relay_domains.cf
cat pgsql/virtual_alias_maps.cf
+
user = postfix
user = postfix
+
password = pass
password = pass
+
hosts = localhost
hosts = localhost
+
dbname = postfix
dbname = postfix
+
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = true
query = SELECT goto FROM alias WHERE address='%s' AND active = true
 
</nowiki>
 
  
<nowiki>
+
cat pgsql/virtual_alias_maps.cf
cat pgsql/virtual_domains_maps.cf
+
user = postfix
user = postfix
+
password = pass
password = pass
+
hosts = localhost
hosts = localhost
+
dbname = postfix
dbname = postfix
+
query = SELECT goto FROM alias WHERE address='%s' AND active = true
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = false and active = true
+
</nowiki>
+
cat pgsql/virtual_domains_maps.cf
 +
user = postfix
 +
password = pass
 +
hosts = localhost
 +
dbname = postfix
 +
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = false and active = true
  
<nowiki>
+
cat pgsql/virtual_mailbox_limits.cf
cat pgsql/virtual_mailbox_limits.cf
+
user = postfix
user = postfix
+
password = pass
password = pass
+
hosts = localhost
hosts = localhost
+
dbname = postfix
dbname = postfix
+
query = SELECT quota FROM mailbox WHERE username='%s'
query = SELECT quota FROM mailbox WHERE username='%s'
 
</nowiki>
 
  
<nowiki>
+
cat pgsql/virtual_mailbox_maps.cf
cat pgsql/virtual_mailbox_maps.cf
+
user = postfix
user = postfix
+
password = pass
password = pass
+
hosts = localhost
hosts = localhost
+
dbname = postfix
dbname = postfix
+
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = true
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = true
 
</nowiki>
 
  
 
Seejärel peaks tekitama kataloogi /var/maildata ja andma selle courier'i käsutusse
 
Seejärel peaks tekitama kataloogi /var/maildata ja andma selle courier'i käsutusse
  
<nowiki>
+
mkdir -p /var/maildata
mkdir -p /var/maildata
+
chown -R courier:courier /var/maildata
chown -R courier:courier /var/maildata
 
</nowiki>
 
  
 
Seal all hakkab siis mail olema, nii nagu virtual_mailbox_base option seda ütleb.
 
Seal all hakkab siis mail olema, nii nagu virtual_mailbox_base option seda ütleb.
552. rida: 529. rida:
 
SMTP-AUTH tarvis oleks vaja tekitada aga serverile sertifikaat TLS'i jaoks:
 
SMTP-AUTH tarvis oleks vaja tekitada aga serverile sertifikaat TLS'i jaoks:
  
<nowiki>
+
openssl req -new -x509 -nodes -out server.pem -keyout server.pem -days 3650
openssl req -new -x509 -nodes -out server.pem -keyout server.pem -days 3650
 
</nowiki>
 
  
 
==== cyrus-sasl2 ====
 
==== cyrus-sasl2 ====
560. rida: 535. rida:
 
Et SMTP protokoll oskaks courier-authlib'ga rääkida, on vajalik vastav fail /usr/local/lib/sasl2 all
 
Et SMTP protokoll oskaks courier-authlib'ga rääkida, on vajalik vastav fail /usr/local/lib/sasl2 all
  
<nowiki>
+
cat /usr/local/lib/sasl2/smtpd.conf
cat /usr/local/lib/sasl2/smtpd.conf
+
pwcheck_method: authdaemond
pwcheck_method: authdaemond
+
log_level: 3
log_level: 3
+
mech_list: PLAIN LOGIN
mech_list: PLAIN LOGIN
+
authdaemond_path: /var/run/authdaemond/socket
authdaemond_path: /var/run/authdaemond/socket
 
</nowiki>
 
  
 
==== courier-authlib ====
 
==== courier-authlib ====
574. rida: 547. rida:
 
Confid asuvad /usr/local/etc/authlib
 
Confid asuvad /usr/local/etc/authlib
  
<nowiki>
+
cat /usr/local/etc/authlib/authdaemonrc
cat /usr/local/etc/authlib/authdaemonrc
+
authmodulelist="authpgsql"
authmodulelist="authpgsql"
+
authmodulelistorig="authuserdb authvchkpw authpam authldap authmysql authpgsql"
authmodulelistorig="authuserdb authvchkpw authpam authldap authmysql authpgsql"
+
daemons=3
daemons=3
+
authdaemonvar=/var/run/authdaemond
authdaemonvar=/var/run/authdaemond
+
subsystem=mail
subsystem=mail
+
DEBUG_LOGIN=0
DEBUG_LOGIN=0
+
DEFAULTOPTIONS="wbnodsn=1"
DEFAULTOPTIONS="wbnodsn=1"
+
LOGGEROPTS=""
LOGGEROPTS=""
 
</nowiki>
 
 
 
<nowiki>
 
cat /usr/local/etc/authlib/authpgsqlrc
 
PGSQL_PORT              5432
 
PGSQL_USERNAME          postfix
 
PGSQL_PASSWORD          pass
 
PGSQL_DATABASE          postfix
 
PGSQL_USER_TABLE        mailbox
 
PGSQL_CRYPT_PWFIELD    password
 
PGSQL_UID_FIELD        '465'
 
PGSQL_GID_FIELD        '465'
 
PGSQL_LOGIN_FIELD      username
 
PGSQL_HOME_FIELD        '/var/maildata'
 
PGSQL_NAME_FIELD        name
 
PGSQL_MAILDIR_FIELD    maildir
 
</nowiki>
 
  
 +
cat /usr/local/etc/authlib/authpgsqlrc
 +
PGSQL_PORT              5432
 +
PGSQL_USERNAME          postfix
 +
PGSQL_PASSWORD          pass
 +
PGSQL_DATABASE          postfix
 +
PGSQL_USER_TABLE        mailbox
 +
PGSQL_CRYPT_PWFIELD    password
 +
PGSQL_UID_FIELD        '465'
 +
PGSQL_GID_FIELD        '465'
 +
PGSQL_LOGIN_FIELD      username
 +
PGSQL_HOME_FIELD        '/var/maildata'
 +
PGSQL_NAME_FIELD        name
 +
PGSQL_MAILDIR_FIELD    maildir
 +
 
==== Courier-IMAP ====
 
==== Courier-IMAP ====
  
 
Selle confid asuvad /usr/local/etc/courier-imap all
 
Selle confid asuvad /usr/local/etc/courier-imap all
  
<nowiki>
+
cat /usr/local/etc/courier-imap/imapd
cat /usr/local/etc/courier-imap/imapd
+
ADDRESS=0
ADDRESS=0
+
PORT=143
PORT=143
+
MAXDAEMONS=40
MAXDAEMONS=40
+
MAXPERIP=4
MAXPERIP=4
+
PIDFILE=/var/run/imapd.pid
PIDFILE=/var/run/imapd.pid
+
TCPDOPTS="-nodnslookup -noidentlookup"
TCPDOPTS="-nodnslookup -noidentlookup"
+
LOGGEROPTS="-name=imapd"
LOGGEROPTS="-name=imapd"
+
IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE"
IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE"
+
IMAP_KEYWORDS=1
IMAP_KEYWORDS=1
+
IMAP_ACL=1
IMAP_ACL=1
+
IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-   SHA256 IDLE"
IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE"
+
IMAP_PROXY=0  
IMAP_PROXY=0
+
IMAP_PROXY_FOREIGN=0
IMAP_PROXY_FOREIGN=0
+
IMAP_IDLE_TIMEOUT=60
IMAP_IDLE_TIMEOUT=60
+
IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"
IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"
+
IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN"
IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN"
+
IMAP_DISABLETHREADSORT=0
IMAP_DISABLETHREADSORT=0
+
IMAP_CHECK_ALL_FOLDERS=0
IMAP_CHECK_ALL_FOLDERS=0
+
IMAP_OBSOLETE_CLIENT=0
IMAP_OBSOLETE_CLIENT=0
+
IMAP_UMASK=022
IMAP_UMASK=022
+
IMAP_ULIMITD=65536
IMAP_ULIMITD=65536
+
IMAP_USELOCKS=1
IMAP_USELOCKS=1
+
IMAP_SHAREDINDEXFILE=/usr/local/etc/courier-imap/shared/index
IMAP_SHAREDINDEXFILE=/usr/local/etc/courier-imap/shared/index
+
IMAP_ENHANCEDIDLE=0
IMAP_ENHANCEDIDLE=0
+
IMAP_TRASHFOLDERNAME=Trash
IMAP_TRASHFOLDERNAME=Trash
+
IMAP_EMPTYTRASH=Trash:7
IMAP_EMPTYTRASH=Trash:7
+
IMAP_MOVE_EXPUNGE_TO_TRASH=0
IMAP_MOVE_EXPUNGE_TO_TRASH=0
+
SENDMAIL=/usr/sbin/sendmail
SENDMAIL=/usr/sbin/sendmail
+
HEADERFROM=X-IMAP-Sender
HEADERFROM=X-IMAP-Sender
+
IMAPDSTART=NO
IMAPDSTART=NO
+
MAILDIRPATH=Maildir
MAILDIRPATH=Maildir
+
</nowiki>
+
cat /usr/local/etc/courier-imap/imapd-ssl
 
+
SSLPORT=993
<nowiki>
+
SSLADDRESS=0
cat /usr/local/etc/courier-imap/imapd-ssl
+
SSLPIDFILE=/var/run/imapd-ssl.pid
SSLPORT=993
+
SSLLOGGEROPTS="-name=imapd-ssl"
SSLADDRESS=0
+
IMAPDSSLSTART=YES
SSLPIDFILE=/var/run/imapd-ssl.pid
+
IMAPDSTARTTLS=YES
SSLLOGGEROPTS="-name=imapd-ssl"
+
IMAP_TLS_REQUIRED=0
IMAPDSSLSTART=YES
+
COURIERTLS=/usr/local/bin/couriertls
IMAPDSTARTTLS=YES
+
TLS_PROTOCOL=SSL3
IMAP_TLS_REQUIRED=0
+
TLS_STARTTLS_PROTOCOL=TLS1
COURIERTLS=/usr/local/bin/couriertls
+
TLS_CERTFILE=/usr/local/share/courier-imap/imapd.pem
TLS_PROTOCOL=SSL3
+
TLS_VERIFYPEER=NONE
TLS_STARTTLS_PROTOCOL=TLS1
+
TLS_CACHEFILE=/usr/local/var/couriersslcache
TLS_CERTFILE=/usr/local/share/courier-imap/imapd.pem
+
TLS_CACHESIZE=524288
TLS_VERIFYPEER=NONE
+
MAILDIRPATH=Maildir
TLS_CACHEFILE=/usr/local/var/couriersslcache
+
TLS_CACHESIZE=524288
 
MAILDIRPATH=Maildir
 
</nowiki>
 
 
 
 
SSL'i sertifikaadi saad genereerida muutes kopeerides imapd.cnf-dist faili imapd.cnf'x, kohandades siis selle sisu ning seejärel käivitades mkimapdcert käsu.
 
SSL'i sertifikaadi saad genereerida muutes kopeerides imapd.cnf-dist faili imapd.cnf'x, kohandades siis selle sisu ning seejärel käivitades mkimapdcert käsu.
  
<nowiki>
+
cd /usr/local/etc/courier-imap
cd /usr/local/etc/courier-imap
+
cp imapd.cnf.dist imapd.cnf
cp imapd.cnf.dist imapd.cnf
+
ee imapd.cnf
ee imapd.cnf
+
mkimapdcert
mkimapdcert
+
</nowiki>
 
 
 
 
POP3'e seadistamine on vägagi sarnane IMAP'le ning sellega saad kindlasti ka ise hakkama.
 
POP3'e seadistamine on vägagi sarnane IMAP'le ning sellega saad kindlasti ka ise hakkama.
  
675. rida: 638. rida:
 
Esmalt on vaja luua uus kasutaja:
 
Esmalt on vaja luua uus kasutaja:
  
<nowiki>
+
CREATE USER postfix WITH PASSWORD 'pass';
CREATE USER postfix WITH PASSWORD 'pass';
 
</nowiki>
 
  
 
Ning seejärel mõned andmebaasid:
 
Ning seejärel mõned andmebaasid:
  
<nowiki>
+
CREATE DATABASE postfix OWNER postfix;
CREATE DATABASE postfix OWNER postfix;
+
CREATE DATABASE postfix_gps OWNER postfix;
CREATE DATABASE postfix_gps OWNER postfix;
 
</nowiki>
 
  
 
Esimeses asuvad domeenid ja kasutajad teises aga postgres-gps greylisti andmed.
 
Esimeses asuvad domeenid ja kasutajad teises aga postgres-gps greylisti andmed.
690. rida: 649. rida:
 
Baasi postfix schema ( postfixadminile on paigaldatud postgresql'i jaoks patch @ http://troels.arvin.dk/db/postfixadmin/ ):
 
Baasi postfix schema ( postfixadminile on paigaldatud postgresql'i jaoks patch @ http://troels.arvin.dk/db/postfixadmin/ ):
  
<nowiki>
+
CREATE TABLE "admin" (
CREATE TABLE "admin" (
+
    username character varying(255) NOT NULL,
    username character varying(255) NOT NULL,
+
    "password" character varying(255) DEFAULT ''::character varying NOT NULL,
    "password" character varying(255) DEFAULT ''::character varying NOT NULL,
+
    created timestamp with time zone DEFAULT now(),
    created timestamp with time zone DEFAULT now(),
+
    modified timestamp with time zone DEFAULT now(),
    modified timestamp with time zone DEFAULT now(),
+
    active boolean DEFAULT true NOT NULL
    active boolean DEFAULT true NOT NULL
+
);
);
+
COMMENT ON TABLE "admin" IS 'Postfix Admin - Virtual Admins';
COMMENT ON TABLE "admin" IS 'Postfix Admin - Virtual Admins';
+
CREATE TABLE alias (
CREATE TABLE alias (
+
    address character varying(255) NOT NULL,
    address character varying(255) NOT NULL,
+
    goto text NOT NULL,
    goto text NOT NULL,
+
    "domain" character varying(255) NOT NULL,
    "domain" character varying(255) NOT NULL,
+
    created timestamp with time zone DEFAULT now(),
    created timestamp with time zone DEFAULT now(),
+
    modified timestamp with time zone DEFAULT now(),
    modified timestamp with time zone DEFAULT now(),
+
    active boolean DEFAULT true NOT NULL
    active boolean DEFAULT true NOT NULL
+
);
);
+
COMMENT ON TABLE alias IS 'Postfix Admin - Virtual Aliases';
COMMENT ON TABLE alias IS 'Postfix Admin - Virtual Aliases';
+
CREATE TABLE "domain" (
CREATE TABLE "domain" (
+
    "domain" character varying(255) NOT NULL,
    "domain" character varying(255) NOT NULL,
+
    description character varying(255) DEFAULT ''::character varying NOT NULL,
    description character varying(255) DEFAULT ''::character varying NOT NULL,
+
    aliases integer DEFAULT 0 NOT NULL,
    aliases integer DEFAULT 0 NOT NULL,
+
    mailboxes integer DEFAULT 0 NOT NULL,
    mailboxes integer DEFAULT 0 NOT NULL,
+
    maxquota integer DEFAULT 0 NOT NULL,
    maxquota integer DEFAULT 0 NOT NULL,
+
    transport character varying(255),
    transport character varying(255),
+
    backupmx boolean DEFAULT false NOT NULL,
    backupmx boolean DEFAULT false NOT NULL,
+
    created timestamp with time zone DEFAULT now(),
    created timestamp with time zone DEFAULT now(),
+
    modified timestamp with time zone DEFAULT now(),
    modified timestamp with time zone DEFAULT now(),
+
    active boolean DEFAULT true NOT NULL
    active boolean DEFAULT true NOT NULL
+
);
);
+
COMMENT ON TABLE "domain" IS 'Postfix Admin - Virtual Domains';
COMMENT ON TABLE "domain" IS 'Postfix Admin - Virtual Domains';
+
CREATE TABLE domain_admins (
CREATE TABLE domain_admins (
+
    username character varying(255) NOT NULL,
    username character varying(255) NOT NULL,
+
    "domain" character varying(255) NOT NULL,
    "domain" character varying(255) NOT NULL,
+
    created timestamp with time zone DEFAULT now(),
    created timestamp with time zone DEFAULT now(),
+
    active boolean DEFAULT true NOT NULL
    active boolean DEFAULT true NOT NULL
+
);
);
+
COMMENT ON TABLE domain_admins IS 'Postfix Admin - Domain Admins';
COMMENT ON TABLE domain_admins IS 'Postfix Admin - Domain Admins';
+
CREATE TABLE log (
CREATE TABLE log (
+
    "timestamp" timestamp with time zone DEFAULT now(),
    "timestamp" timestamp with time zone DEFAULT now(),
+
    username character varying(255) DEFAULT ''::character varying NOT NULL,
    username character varying(255) DEFAULT ''::character varying NOT NULL,
+
    "domain" character varying(255) DEFAULT ''::character varying NOT NULL,
    "domain" character varying(255) DEFAULT ''::character varying NOT NULL,
+
    "action" character varying(255) DEFAULT ''::character varying NOT NULL,
    "action" character varying(255) DEFAULT ''::character varying NOT NULL,
+
    data text DEFAULT ''::text NOT NULL
    data text DEFAULT ''::text NOT NULL
+
);
);
+
COMMENT ON TABLE log IS 'Postfix Admin - Log';
COMMENT ON TABLE log IS 'Postfix Admin - Log';
+
CREATE TABLE mailbox (
CREATE TABLE mailbox (
+
    username character varying(255) NOT NULL,
    username character varying(255) NOT NULL,
+
    "password" character varying(255) DEFAULT ''::character varying NOT NULL,
    "password" character varying(255) DEFAULT ''::character varying NOT NULL,
+
    name character varying(255) DEFAULT ''::character varying NOT NULL,
    name character varying(255) DEFAULT ''::character varying NOT NULL,
+
    maildir character varying(255) DEFAULT ''::character varying NOT NULL,
    maildir character varying(255) DEFAULT ''::character varying NOT NULL,
+
    quota integer DEFAULT 0 NOT NULL,
    quota integer DEFAULT 0 NOT NULL,
+
    "domain" character varying(255) NOT NULL,
    "domain" character varying(255) NOT NULL,
+
    created timestamp with time zone DEFAULT now(),
    created timestamp with time zone DEFAULT now(),
+
    modified timestamp with time zone DEFAULT now(),
    modified timestamp with time zone DEFAULT now(),
+
    active boolean DEFAULT true NOT NULL
    active boolean DEFAULT true NOT NULL
+
);
);
+
COMMENT ON TABLE mailbox IS 'Postfix Admin - Virtual Mailboxes';
COMMENT ON TABLE mailbox IS 'Postfix Admin - Virtual Mailboxes';
+
CREATE TABLE vacation (
CREATE TABLE vacation (
+
    email character varying(255) NOT NULL,
    email character varying(255) NOT NULL,
+
    subject character varying(255) NOT NULL,
    subject character varying(255) NOT NULL,
+
    body text NOT NULL,
    body text NOT NULL,
+
    "domain" character varying(255) NOT NULL,
    "domain" character varying(255) NOT NULL,
+
    created timestamp with time zone DEFAULT now(),
    created timestamp with time zone DEFAULT now(),
+
    active boolean DEFAULT true NOT NULL
    active boolean DEFAULT true NOT NULL
+
);
);
+
CREATE TABLE vacation_notification (
CREATE TABLE vacation_notification (
+
    on_vacation character varying(255) NOT NULL,
    on_vacation character varying(255) NOT NULL,
+
    notified character varying(255) NOT NULL,
    notified character varying(255) NOT NULL,
+
    notified_at timestamp with time zone DEFAULT now() NOT NULL
    notified_at timestamp with time zone DEFAULT now() NOT NULL
+
);
);
+
ALTER TABLE ONLY "admin"
ALTER TABLE ONLY "admin"
+
    ADD CONSTRAINT admin_key PRIMARY KEY (username);
    ADD CONSTRAINT admin_key PRIMARY KEY (username);
+
ALTER TABLE ONLY alias
ALTER TABLE ONLY alias
+
    ADD CONSTRAINT alias_key PRIMARY KEY (address);
    ADD CONSTRAINT alias_key PRIMARY KEY (address);
+
ALTER TABLE ONLY "domain"
ALTER TABLE ONLY "domain"
+
    ADD CONSTRAINT domain_key PRIMARY KEY ("domain");
    ADD CONSTRAINT domain_key PRIMARY KEY ("domain");
+
ALTER TABLE ONLY mailbox
ALTER TABLE ONLY mailbox
+
    ADD CONSTRAINT mailbox_key PRIMARY KEY (username);
    ADD CONSTRAINT mailbox_key PRIMARY KEY (username);
+
ALTER TABLE ONLY vacation_notification
ALTER TABLE ONLY vacation_notification
+
    ADD CONSTRAINT vacation_notification_pkey PRIMARY KEY (on_vacation, notified);
    ADD CONSTRAINT vacation_notification_pkey PRIMARY KEY (on_vacation, notified);
+
ALTER TABLE ONLY vacation
ALTER TABLE ONLY vacation
+
    ADD CONSTRAINT vacation_pkey PRIMARY KEY (email);
    ADD CONSTRAINT vacation_pkey PRIMARY KEY (email);
+
CREATE INDEX alias_address_active ON alias USING btree (address, active);
CREATE INDEX alias_address_active ON alias USING btree (address, active);
+
CREATE INDEX domain_domain_active ON "domain" USING btree ("domain", active);
CREATE INDEX domain_domain_active ON "domain" USING btree ("domain", active);
+
CREATE INDEX mailbox_username_active ON mailbox USING btree (username, active);
CREATE INDEX mailbox_username_active ON mailbox USING btree (username, active);
+
CREATE INDEX vacation_email_active ON vacation USING btree (email, active);
CREATE INDEX vacation_email_active ON vacation USING btree (email, active);
+
ALTER TABLE ONLY alias
ALTER TABLE ONLY alias
+
    ADD CONSTRAINT alias_domain_fkey FOREIGN KEY ("domain") REFERENCES "domain"("domain");
    ADD CONSTRAINT alias_domain_fkey FOREIGN KEY ("domain") REFERENCES "domain"("domain");
+
ALTER TABLE ONLY domain_admins
ALTER TABLE ONLY domain_admins
+
    ADD CONSTRAINT domain_admins_domain_fkey FOREIGN KEY ("domain") REFERENCES "domain"("domain");
    ADD CONSTRAINT domain_admins_domain_fkey FOREIGN KEY ("domain") REFERENCES "domain"("domain");
+
ALTER TABLE ONLY mailbox
ALTER TABLE ONLY mailbox
+
    ADD CONSTRAINT mailbox_domain_fkey FOREIGN KEY ("domain") REFERENCES "domain"("domain");
    ADD CONSTRAINT mailbox_domain_fkey FOREIGN KEY ("domain") REFERENCES "domain"("domain");
+
ALTER TABLE ONLY vacation
ALTER TABLE ONLY vacation
+
    ADD CONSTRAINT vacation_domain_fkey FOREIGN KEY ("domain") REFERENCES "domain"("domain");
    ADD CONSTRAINT vacation_domain_fkey FOREIGN KEY ("domain") REFERENCES "domain"("domain");
+
ALTER TABLE ONLY vacation_notification
ALTER TABLE ONLY vacation_notification
+
    ADD CONSTRAINT vacation_notification_on_vacation_fkey FOREIGN KEY (on_vacation) REFERENCES vacation(email) ON DELETE CASCADE;
    ADD CONSTRAINT vacation_notification_on_vacation_fkey FOREIGN KEY (on_vacation) REFERENCES vacation(email) ON DELETE CASCADE;
+
</nowiki>
 
 
 
 
Baasi postfix_gps schema:
 
Baasi postfix_gps schema:
 
+
<nowiki>
+
CREATE TABLE network (
CREATE TABLE network (
+
    address character varying(16) DEFAULT ''::character varying NOT NULL,
    address character varying(16) DEFAULT ''::character varying NOT NULL,
+
    "comment" character varying(30) DEFAULT ''::character varying
    "comment" character varying(30) DEFAULT ''::character varying
+
);
);
+
CREATE TABLE pattern (
CREATE TABLE pattern (
+
    expression character varying(200) DEFAULT ''::character varying NOT NULL,
    expression character varying(200) DEFAULT ''::character varying NOT NULL,
+
    "comment" character varying(30) DEFAULT ''::character varying
    "comment" character varying(30) DEFAULT ''::character varying
+
);
);
+
CREATE TABLE recipient (
CREATE TABLE recipient (
+
    address character varying(200) DEFAULT ''::character varying NOT NULL,
    address character varying(200) DEFAULT ''::character varying NOT NULL,
+
    "comment" character varying(30) DEFAULT ''::character varying
    "comment" character varying(30) DEFAULT ''::character varying
+
);
);
+
CREATE TABLE triplet (
CREATE TABLE triplet (
+
    client_address character varying(40),
    client_address character varying(40),
+
    sender character varying(160) NOT NULL,
    sender character varying(160) NOT NULL,
+
    recipient character varying(160) NOT NULL,
    recipient character varying(160) NOT NULL,
+
    ip64 numeric(4,0) DEFAULT 0 NOT NULL,
    ip64 numeric(4,0) DEFAULT 0 NOT NULL,
+
    ip32 numeric(4,0) DEFAULT 0 NOT NULL,
    ip32 numeric(4,0) DEFAULT 0 NOT NULL,
+
    ip16 numeric(4,0) DEFAULT 0 NOT NULL,
    ip16 numeric(4,0) DEFAULT 0 NOT NULL,
+
    ip8 numeric(4,0) DEFAULT 0 NOT NULL,
    ip8 numeric(4,0) DEFAULT 0 NOT NULL,
+
    count integer DEFAULT 0 NOT NULL,
    count integer DEFAULT 0 NOT NULL,
+
    uts integer NOT NULL
    uts integer NOT NULL
+
);
);
+
ALTER TABLE ONLY network
ALTER TABLE ONLY network
+
    ADD CONSTRAINT network_pkey PRIMARY KEY (address);
    ADD CONSTRAINT network_pkey PRIMARY KEY (address);
+
ALTER TABLE ONLY pattern
ALTER TABLE ONLY pattern
+
    ADD CONSTRAINT pattern_pkey PRIMARY KEY (expression);
    ADD CONSTRAINT pattern_pkey PRIMARY KEY (expression);
+
ALTER TABLE ONLY recipient
ALTER TABLE ONLY recipient
+
    ADD CONSTRAINT recipient_pkey PRIMARY KEY (address);
    ADD CONSTRAINT recipient_pkey PRIMARY KEY (address);
+
ALTER TABLE ONLY triplet
ALTER TABLE ONLY triplet
+
    ADD CONSTRAINT triplet_pkey PRIMARY KEY (recipient, sender, ip64, ip32, ip16, ip8);
    ADD CONSTRAINT triplet_pkey PRIMARY KEY (recipient, sender, ip64, ip32, ip16, ip8);
+
</nowiki>
 
 
 
 
Eeldan, et postgresql'i seadistusega tuled ise toime - dokumenatsioon on selleks täitsa piisav.
 
Eeldan, et postgresql'i seadistusega tuled ise toime - dokumenatsioon on selleks täitsa piisav.
  
832. rida: 787. rida:
 
amavisd-new teostab nii spam'i kui ka viiruse kontrolli. Eelnevalt postfix'i confis sai ta seadistatud nõndaviisi:
 
amavisd-new teostab nii spam'i kui ka viiruse kontrolli. Eelnevalt postfix'i confis sai ta seadistatud nõndaviisi:
  
<nowiki>
+
content_filter=amavis:[127.0.0.1]:65024
content_filter=amavis:[127.0.0.1]:65024
 
</nowiki>
 
  
 
/usr/local/etc/amavisd.conf 'i olulised read
 
/usr/local/etc/amavisd.conf 'i olulised read
<nowiki>
+
$max_servers = 2;            # num of pre-forked children (2..15 is common), -m
$max_servers = 2;            # num of pre-forked children (2..15 is common), -m
+
$daemon_user  = 'vscan';    # (no default;  customary: vscan or amavis), -u
$daemon_user  = 'vscan';    # (no default;  customary: vscan or amavis), -u
+
$daemon_group = 'vscan';    # (no default;  customary: vscan or amavis), -g
$daemon_group = 'vscan';    # (no default;  customary: vscan or amavis), -g
+
$mydomain = 'domeen.ee';  # a convenient default for other settings
$mydomain = 'domeen.ee';  # a convenient default for other settings
+
$inet_socket_port = 65024;  # listen on this local TCP port(s)
$inet_socket_port = 65024;  # listen on this local TCP port(s)
+
$myhostname = 'mail.domeen.ee';  # must be a fully-qualified domain name!
$myhostname = 'mail.domeen.ee';  # must be a fully-qualified domain name!
+
@av_scanners = (
@av_scanners = (
+
 
 
 
  ['ClamAV-clamd',
 
  ['ClamAV-clamd',
 
   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
 
   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
 
   qr/\bOK$/, qr/\bFOUND$/,
 
   qr/\bOK$/, qr/\bFOUND$/,
 
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
 
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);
+
);
</nowiki>
 
  
 
Siin on siis ära määratud, et amavisd-new kuulab pordil 65024 ja kasutajaks on vscan.
 
Siin on siis ära määratud, et amavisd-new kuulab pordil 65024 ja kasutajaks on vscan.
859. rida: 810. rida:
  
 
/usr/local/etc/clamd.conf:
 
/usr/local/etc/clamd.conf:
<nowiki>
+
LogFile /var/log/clamav/clamd.log
LogFile /var/log/clamav/clamd.log
+
LogFileMaxSize 20M
LogFileMaxSize 20M
+
LogTime yes
LogTime yes
+
LogVerbose no
LogVerbose no
+
PidFile /var/run/clamav/clamd.pid
PidFile /var/run/clamav/clamd.pid
+
DatabaseDirectory /var/db/clamav
DatabaseDirectory /var/db/clamav
+
LocalSocket /var/run/clamav/clamd
LocalSocket /var/run/clamav/clamd
+
FixStaleSocket yes
FixStaleSocket yes
+
MaxConnectionQueueLength 30
MaxConnectionQueueLength 30
+
StreamMaxLength 50M
StreamMaxLength 50M
+
MaxThreads 20
MaxThreads 20
+
User vscan
User vscan
+
AllowSupplementaryGroups yes
AllowSupplementaryGroups yes
+
ExitOnOOM yes
ExitOnOOM yes
+
Debug yes
Debug yes
+
LeaveTemporaryFiles no
LeaveTemporaryFiles no
+
ScanMail yes
ScanMail yes
+
</nowiki>
 
 
 
 
LocalSocket peab olema sama mis amavisd.conf 's, ehk siis /var/run/clamav/clamd
 
LocalSocket peab olema sama mis amavisd.conf 's, ehk siis /var/run/clamav/clamd
 
Samuti peab ka kasutajaks olema määratud vscan, muidu ei saa amavisd clamd'ga suhelda kui tal socketisse kirjutamiseks õigusi pole.
 
Samuti peab ka kasutajaks olema määratud vscan, muidu ei saa amavisd clamd'ga suhelda kui tal socketisse kirjutamiseks õigusi pole.
  
 
/usr/local/etc/freshclamd.conf
 
/usr/local/etc/freshclamd.conf
<nowiki>
+
DatabaseDirectory /var/db/clamav
DatabaseDirectory /var/db/clamav
+
UpdateLogFile /var/log/clamav/freshclam.log
UpdateLogFile /var/log/clamav/freshclam.log
+
LogVerbose no
LogVerbose no
+
PidFile /var/run/clamav/freshclam.pid
PidFile /var/run/clamav/freshclam.pid
+
DatabaseOwner vscan
DatabaseOwner vscan
+
AllowSupplementaryGroups yes
AllowSupplementaryGroups yes
+
DatabaseMirror database.clamav.net
DatabaseMirror database.clamav.net
+
ScriptedUpdates yes
ScriptedUpdates yes
+
Checks 24
Checks 24
+
NotifyClamd /usr/local/etc/clamd.conf
NotifyClamd /usr/local/etc/clamd.conf
+
</nowiki>
 
 
 
 
Jällegi, user vscan.
 
Jällegi, user vscan.
  
904. rida: 851. rida:
  
 
/usr/local/etc/gps.conf
 
/usr/local/etc/gps.conf
<nowiki>mode=normal
+
dbtype=pgsql
dbtype=pgsql
+
db_host=localhost
db_host=localhost
+
db_username=postfix
db_username=postfix
+
db_password=pass
db_password=pass
+
db_dbname=postfix_gps
db_dbname=postfix_gps
+
timeout=60
timeout=60
+
wl_pattern=dbcached
wl_pattern=dbcached
+
wl_network=dbcached
wl_network=dbcached
+
wl_recipient=db
wl_recipient=db
+
</nowiki>
 
 
 
 
==== Mailman ====
 
==== Mailman ====
  
 
Kõik listid hakkavad asuma list.domeen.ee domeeni all ( mis peab ka DNS's reaalselt eksisteerima ). Kuna mailman kuulutab kõik failid oma kodukataloogis /usr/local/mailman mailman kasutajale kuuluvaks, siis tuleb postfix'i kasutaja ka mailman'i gruppi lisada - muidu ei hakka listi aliased kahjuks tööle.  
 
Kõik listid hakkavad asuma list.domeen.ee domeeni all ( mis peab ka DNS's reaalselt eksisteerima ). Kuna mailman kuulutab kõik failid oma kodukataloogis /usr/local/mailman mailman kasutajale kuuluvaks, siis tuleb postfix'i kasutaja ka mailman'i gruppi lisada - muidu ei hakka listi aliased kahjuks tööle.  
  
<nowiki>
+
pw groupmod mailman -m postfix
pw groupmod mailman -m postfix
 
</nowiki>
 
  
 
Seejärel tuleks chmod'da /usr/local/mailman/data all asuvad alias failid nii, et mailman'i grupp ( kuhu nüüd postfixi kasutaja kuulub.. ) neid kirjutada saaks.
 
Seejärel tuleks chmod'da /usr/local/mailman/data all asuvad alias failid nii, et mailman'i grupp ( kuhu nüüd postfixi kasutaja kuulub.. ) neid kirjutada saaks.
  
<nowiki>
+
chmod 660 /usr/local/mailman/data/aliases /usr/local/mailman/data/aliases.db
chmod 660 /usr/local/mailman/data/aliases /usr/local/mailman/data/aliases.db
 
</nowiki>
 
  
 
Mailman'i enda config võib välja näha selline:
 
Mailman'i enda config võib välja näha selline:
  
<nowiki>
+
MTA = 'Postfix'
MTA = 'Postfix'
+
SMTPHOST = "localhost"
SMTPHOST = "localhost"
+
SMTPPORT = 65025
SMTPPORT = 65025
+
ALLOW_SITE_ADMIN_COOKIES = Yes
ALLOW_SITE_ADMIN_COOKIES = Yes
+
DEFAULT_URL_PATTERN = 'https://%s/mailman/'
DEFAULT_URL_PATTERN = 'https://%s/mailman/'
+
PUBLIC_ARCHIVE_URL = 'https://%(hostname)s/pipermail/%(listname)s'
PUBLIC_ARCHIVE_URL = 'https://%(hostname)s/pipermail/%(listname)s'
+
OWNERS_CAN_DELETE_THEIR_OWN_LISTS = Yes
OWNERS_CAN_DELETE_THEIR_OWN_LISTS = Yes
 
</nowiki>
 
  
 
Mailman räägib pordiga 65025 sel põhjusel, et selle pordi pealt viirusekontrolli ei tehta. Viirusekontrolli teostatakse siis, kui kirjad listi tulevad - seega pole neid samu kirju välja saates vaja topelt kontrollida.
 
Mailman räägib pordiga 65025 sel põhjusel, et selle pordi pealt viirusekontrolli ei tehta. Viirusekontrolli teostatakse siis, kui kirjad listi tulevad - seega pole neid samu kirju välja saates vaja topelt kontrollida.
948. rida: 887. rida:
 
See näeb välja selline:
 
See näeb välja selline:
  
<nowiki>
+
#!/usr/local/bin/python
#!/usr/local/bin/python
+
# Configuration variables - Change these for your site if necessary.
# Configuration variables - Change these for your site if necessary.
+
MailmanHome = "/usr/local/mailman"; # Mailman home directory.
MailmanHome = "/usr/local/mailman"; # Mailman home directory.
+
MailmanOwner = "postmaster@domeen.ee"; # Postmaster and abuse mail recipient.
MailmanOwner = "postmaster@domeen.ee"; # Postmaster and abuse mail recipient.
+
# End of configuration variables.
# End of configuration variables.
+
# postfix-to-mailman-2.1.py (to be installed as postfix-to-mailman.py)
# postfix-to-mailman-2.1.py (to be installed as postfix-to-mailman.py)
+
#
#
+
# Interface mailman to a postfix with a mailman transport. Does not require
# Interface mailman to a postfix with a mailman transport. Does not require
+
# the creation of _any_ aliases to connect lists to your mail system.
# the creation of _any_ aliases to connect lists to your mail system.
+
#
#
+
# Dax Kelson, dkelson@gurulabs.com, Sept 2002.
# Dax Kelson, dkelson@gurulabs.com, Sept 2002.
+
# coverted from qmail to postfix interface
# coverted from qmail to postfix interface
+
# Jan 2003: Fixes for Mailman 2.1
# Jan 2003: Fixes for Mailman 2.1
+
# Thanks to Simen E. Sandberg <senilix@gallerbyen.net>
# Thanks to Simen E. Sandberg <senilix@gallerbyen.net>
+
# Feb 2003: Change the suggested postfix transport to support VERP
# Feb 2003: Change the suggested postfix transport to support VERP
+
# Thanks to Henrique de Moraes Holschuh <henrique.holschuh@ima.sp.gov.br>
# Thanks to Henrique de Moraes Holschuh <henrique.holschuh@ima.sp.gov.br>
+
#
#
+
# This script was originally qmail-to-mailman.py by:
# This script was originally qmail-to-mailman.py by:
+
# Bruce Perens, bruce@perens.com, March 1999.
# Bruce Perens, bruce@perens.com, March 1999.
+
# This is free software under the GNU General Public License.
# This is free software under the GNU General Public License.
+
#
#
+
# This script is meant to be called from ~mailman/postfix-to-mailman.py.  
# This script is meant to be called from ~mailman/postfix-to-mailman.py.  
+
# It catches all mail to a virtual domain, eg "lists.example.com".
# It catches all mail to a virtual domain, eg "lists.example.com".
+
# It looks at the  recipient for each mail message and decides if the mail is
# It looks at the  recipient for each mail message and decides if the mail is
+
# addressed to a valid list or not, and bounces the message with a helpful
# addressed to a valid list or not, and bounces the message with a helpful
+
# suggestion if it's not addressed to a list. It decides if it is a posting,  
# suggestion if it's not addressed to a list. It decides if it is a posting,  
+
# a list command, or mail to the list administrator, by checking for the
# a list command, or mail to the list administrator, by checking for the
+
#  -admin, -owner, and -request addresses. It will recognize a list as soon
#  -admin, -owner, and -request addresses. It will recognize a list as soon
+
# as the list is created, there is no need to add _any_ aliases for any list.
# as the list is created, there is no need to add _any_ aliases for any list.
+
# It recognizes mail to postmaster, mailman-owner, abuse, mailer-daemon, root,
# It recognizes mail to postmaster, mailman-owner, abuse, mailer-daemon, root,
+
# and owner, and routes those mails to MailmanOwner as defined in the
# and owner, and routes those mails to MailmanOwner as defined in the
+
# configuration variables, above.
# configuration variables, above.
+
#
#
+
# INSTALLATION:
# INSTALLATION:
+
#
#
+
# Install this file as ~mailman/postfix-to-mailman.py
# Install this file as ~mailman/postfix-to-mailman.py
+
#
#
+
# To configure a virtual domain to connect to mailman, edit Postfix thusly:
# To configure a virtual domain to connect to mailman, edit Postfix thusly:
+
#
#
+
# /etc/postfix/main.cf:
# /etc/postfix/main.cf:
+
#    relay_domains = ... lists.example.com
#    relay_domains = ... lists.example.com
+
#    transport_maps = hash:/etc/postfix/transport
#    transport_maps = hash:/etc/postfix/transport
+
#    mailman_destination_recipient_limit = 1
#    mailman_destination_recipient_limit = 1
+
#
#
+
# /etc/postfix/transport:
# /etc/postfix/transport:
+
#  lists.example.com  mailman:
#  lists.example.com  mailman:
+
#
#
+
# /etc/postfix/master.cf
# /etc/postfix/master.cf
+
#    mailman unix  -      n      n      -      -      pipe
#    mailman unix  -      n      n      -      -      pipe
+
#      flags=FR user=mailman:mailman  
#      flags=FR user=mailman:mailman  
+
#      argv=/var/mailman/postfix-to-mailman.py ${nexthop} ${user}
#      argv=/var/mailman/postfix-to-mailman.py ${nexthop} ${user}
+
#  
#  
+
#
#
+
# Replace list.example.com above with the name of the domain to be connected
# Replace list.example.com above with the name of the domain to be connected
+
# to Mailman. Note that _all_ mail to that domain will go to Mailman, so you
# to Mailman. Note that _all_ mail to that domain will go to Mailman, so you
+
# don't want to put the name of your main domain here. Typically a virtual
# don't want to put the name of your main domain here. Typically a virtual
+
# domain lists.domain.com is used for Mailman, and domain.com for regular
# domain lists.domain.com is used for Mailman, and domain.com for regular
+
# email.
# email.
+
#
#
+
import sys, os, re, string
import sys, os, re, string
+
 
 
+
def main():
def main():
+
    os.nice(5)  # Handle mailing lists at non-interactive priority.
    os.nice(5)  # Handle mailing lists at non-interactive priority.
+
                # delete this if you wish
                # delete this if you wish
+
 
+
    os.chdir(MailmanHome + "/lists")
    os.chdir(MailmanHome + "/lists")
+
 
+
    try:
    try:
+
        local = sys.argv[2]
        local = sys.argv[2]
+
    except:
    except:
+
        # This might happen if we're not using Postfix
        # This might happen if we're not using Postfix
+
        sys.stderr.write("LOCAL not set?\n")
        sys.stderr.write("LOCAL not set?\n")
+
        sys.exit(1)
        sys.exit(1)
+
 
+
    local = string.lower(local)
    local = string.lower(local)
+
    local = re.sub("^mailman-","",local)
    local = re.sub("^mailman-","",local)
+
 
+
    names = ("root", "postmaster", "mailer-daemon", "mailman-owner", "owner",
    names = ("root", "postmaster", "mailer-daemon", "mailman-owner", "owner",
+
              "abuse")
            "abuse")
+
    for i in names:
    for i in names:
+
        if i == local:
        if i == local:
+
            os.execv("/usr/sbin/sendmail",
            os.execv("/usr/sbin/sendmail",
+
                      ("/usr/sbin/sendmail", MailmanOwner))
                    ("/usr/sbin/sendmail", MailmanOwner))
+
            sys.exit(0)
            sys.exit(0)
+
 
+
    type = "post"
    type = "post"
+
    types = (("-admin$", "admin"),
    types = (("-admin$", "admin"),
+
              ("-owner$", "owner"),
            ("-owner$", "owner"),
+
              ("-request$", "request"),
            ("-request$", "request"),
+
              ("-bounces$", "bounces"),
            ("-bounces$", "bounces"),
+
              ("-confirm$", "confirm"),
            ("-confirm$", "confirm"),
+
              ("-join$", "join"),
            ("-join$", "join"),
+
              ("-leave$", "leave"),
            ("-leave$", "leave"),
+
              ("-subscribe$", "subscribe"),
            ("-subscribe$", "subscribe"),
+
              ("-unsubscribe$", "unsubscribe"))
            ("-unsubscribe$", "unsubscribe"))
+
 
+
    for i in types:
    for i in types:
+
        if re.search(i[0],local):
        if re.search(i[0],local):
+
            type = i[1]
            type = i[1]
+
            local = re.sub(i[0],"",local)
            local = re.sub(i[0],"",local)
+
 
+
    if os.path.exists(local):
    if os.path.exists(local):
+
        os.execv(MailmanHome + "/mail/mailman",
        os.execv(MailmanHome + "/mail/mailman",
+
                  (MailmanHome + "/mail/mailman", type, local))
                (MailmanHome + "/mail/mailman", type, local))
+
    else:
    else:
+
        bounce()
        bounce()
+
    sys.exit(75)
    sys.exit(75)
+
 
+
def bounce():
def bounce():
+
    bounce_message = """\
    bounce_message = """\
+
TO ACCESS THE MAILING LIST SYSTEM: Start your web browser on
TO ACCESS THE MAILING LIST SYSTEM: Start your web browser on
+
http://%s/
http://%s/
+
That web page will help you subscribe or unsubscribe, and will
That web page will help you subscribe or unsubscribe, and will
+
give you directions on how to post to each mailing list.\n"""
give you directions on how to post to each mailing list.\n"""
+
    sys.stderr.write(bounce_message % (sys.argv[1]))  
    sys.stderr.write(bounce_message % (sys.argv[1]))
+
    sys.exit(1)
    sys.exit(1)
+
 
+
try:
try:
+
    sys.exit(main())
    sys.exit(main())
+
except SystemExit, argument:
except SystemExit, argument:
+
    sys.exit(argument)
    sys.exit(argument)
+
 
+
except Exception, argument:
except Exception, argument:
+
    info = sys.exc_info()
    info = sys.exc_info()
+
    trace = info[2]
    trace = info[2]
+
    sys.stderr.write("%s %s\n" % (sys.exc_type, argument))
    sys.stderr.write("%s %s\n" % (sys.exc_type, argument))
+
    sys.stderr.write("Line %d\n" % (trace.tb_lineno))
    sys.stderr.write("Line %d\n" % (trace.tb_lineno))
+
    sys.exit(75)      # Soft failure, try again later.
    sys.exit(75)      # Soft failure, try again later.
 
</nowiki>
 

Redaktsioon: 15. oktoober 2009, kell 17:35

Mailserver
Sissejuhatus

Vastukaaluks ühele naljakale artiklile äripäevas ( http://209.85.135.104/search?q=cache:HtdTW-LZ1_IJ:www.aripaev.ee/3693/rubr_artiklid_369301.html&hl=et&strip=1 ) kirjutaks Postfixist.

Jupike tollest artiklist:

"Exchange 2000 on teatavasti mahupiirangutega. 16 gigabaiti kõikide kasutajate e-posti jaoks, arvestades büroo kasvu, on liiga vähe. Olen täheldanud ka seda, et kirjavahetuse maht kasvab pidevalt," selgitas Linros peamist ülemineku põhjust. Töötajaid on firmas koos notaritega 50, kõik kasutavad Microsofti Exchange'i ja selle klientprogrammi Outlook. Exchange 2007 mahupiirang on palju kordi suurem ja Linrosi arvates ei ole sellega mingit muret ette näha üsna pikaks ajaks. ... Notaribüroo lahenduse teostamisel kasutati Delli server-riistvara, kogumaksumuseks kujunes 250 000 krooni. DELL PowerEdge 2950 Serveri võimsuse näitajad protsessor: Dual Core IntelV XeonV 5120, 4 MB vahemälu, 1.86 GHz, 1066 MHz FSB mälu: 8 GB FB 667 MHz FBD muu: kõvakettad dubleeritud toide kaughalduskaart Miks valiti just selline riistvara? 50 kasutaja puhul peab olema Exchange serveris igal juhul 8 GB mälu. Riistvara ja Windowsi server peavad olema 64bitised. Kaughalduskaart sai lisatud selleks, et serveri kaughaldust oleks võimalik turvaliselt läbi VPNi teostada väljastpoolt. Vertase Back-up varundustarkvara sai uuendatud - vanem versioon Exchange 2007t ei toetanud. Microsofti tarkvara MS Windows Server Std 2003 R2a 64bit ENG - 2 tk MS Exchange Server 2007 English OLP NL - 1 tk Windows Med Biz Infra CAL English OLP NL Promo User CAL. (Sisaldab nii Windowsi kui ka Exchange serveri CALe, Microsofti Promo kehtis kuni 29.06.07) - 50 tk

Tarkvara valik
 * OS'na läheb kasutusse [[1]]
 * Maili võtab vastu [[2]]
 * Postfixis teeb greylisti [[3]]
 * Spami & Viirusi kontrollib amavis koos [[4]] & [[5]] abiga.
 * Kasutajatele serveerib maili [[6]] 
 * Kasutajate andmeid hoiab [[7]]
 * Veebist saavad kasutajad oma maili lugeda läbi [[8]] ja kontosi hallata läbi [[9]]
 * Mailingliste haldab [[10]]

Installeerimine

FreeBSD paigaldust ma siinkohal kirjeldama ei hakka ning eeldan, et portsid on paigas & hilja aegu uudendatud.

Postfix

Esmalt tuleks paigaldata Postfix 'i server, mis maili vastu võtaks - ilma selleta ei ole pikemas perspektiivis mailiserveril erilist mõtet. 


cd /usr/ports/mail/postfix
make install clean


Installeerimise ajal valitud optionid ( mida saab copy-pasteda sinna samasse faili ): 

cat /var/db/ports/postfix/options
# This file is auto-generated by 'make config'.
# No user-servicable parts inside!
# Options for postfix-2.4.5,1
_OPTIONS_READ=postfix-2.4.5,1
WITH_PCRE=true
WITH_SASL2=true
WITHOUT_DOVECOT=true
WITHOUT_SASLKRB=true
WITHOUT_SASLKRB5=true
WITHOUT_SASLKMIT=true
WITH_TLS=true
WITHOUT_BDB=true
WITHOUT_MYSQL=true
WITH_PGSQL=true
WITHOUT_OPENLDAP=true
WITH_CDB=true
WITHOUT_NIS=true
WITH_VDA=true
WITHOUT_TEST=true

Oluline on siin see, et tagatud oleks SASL2,TLS,PGSQL ja VDA tugi. 

 * SASL2 läbi saab teostada SMTP-AUTH'i, millekäigus kontrollitakse saatja logib ennem kirja saatmist sisse - vältimaks suvaliste spämmerite omavolilist kasutamist.
 * TLS on krüpteerimis protkoll, mis kaitseb kasutaja andmeid SMTP-AUTH protokolliga sisselogimisel.
 * PGSQL on PostgreSQL serveri tugi, leidmaks domeene ja nende alla kuuluvaid kasutajaid kellele sissetulev mail läheb.
 * VDA Toimetab mailid ilusti kohale.

Cyrus-SASL

Kui cyrus-sasl2 porti veel peal ei ole, siis paigaldatakse see postfixi installeerimise käigus.

Optionid: 

cat /var/db/ports/cyrus-sasl2/options
# This file is auto-generated by 'make config'.
# No user-servicable parts inside!
# Options for cyrus-sasl-2.1.22
_OPTIONS_READ=cyrus-sasl-2.1.22
WITH_BDB=true
WITHOUT_MYSQL=true
WITHOUT_PGSQL=true
WITHOUT_SQLITE=true
WITH_DEV_URANDOM=true
WITHOUT_ALWAYSTRUE=true
WITH_KEEP_DB_OPEN=true
WITH_AUTHDAEMOND=true
WITH_LOGIN=true
WITH_PLAIN=true
WITH_CRAM=true
WITH_DIGEST=true
WITH_OTP=true
WITH_NTLM=true

Valida tuleks kindlasti AUTHDAEMOND ja sobivad login meetodid SMTP-AUTH/IMAP tarbeks, nagu LOGIN,PLAIN,CRAM..

Et postfix pääseks andmebaasis hoitavatele kasutajatele ligi on vaja ka courier-authlib'i, läbi mille kontrollitakse kasutajate olemasolu SMTP-AUTH protokollis, mis omakorda kasutab cyrus-sasl2'te, mis kasutab selleks courier-authlib'i ..oeh ;-)

courier-authlib

cd /usr/ports/security/courier-authlib
make install clean

Optionid: 

# This file is auto-generated by 'make config'.
# No user-servicable parts inside!
# Options for courier-authlib-0.59.3
_OPTIONS_READ=courier-authlib-0.59.3
WITHOUT_GDBM=true
WITHOUT_AUTH_LDAP=true
WITHOUT_AUTH_MYSQL=true
WITH_AUTH_PGSQL=true
WITHOUT_AUTH_USERDB=true
WITHOUT_AUTH_VCHKPW=true

postfix-gps

cd /usr/ports/mail/postfix-gps
make install clean

amavis

cd /usr/ports/security/amavisd-new
make install clean

Optionid: 

cat /var/db/ports/amavisd-new/options 
# This file is auto-generated by 'make config'.
# No user-servicable parts inside!
# Options for amavisd-new-2.5.4,1
_OPTIONS_READ=amavisd-new-2.5.4,1
WITH_BDB=true
WITHOUT_SQLITE=true
WITHOUT_MYSQL=true
WITH_PGSQL=true
WITHOUT_LDAP=true
WITH_SASL=true
WITHOUT_MILTER=true
WITH_SPAMASSASSIN=true
WITHOUT_P0F=true
WITH_ALTERMIME=true
WITH_FILE=true
WITH_RAR=true
WITH_UNRAR=true
WITH_ARJ=true
WITHOUT_UNARJ=true
WITH_LHA=true
WITH_ARC=true
WITHOUT_NOMARCH=true
WITH_CAB=true
WITH_RPM=true
WITH_ZOO=true
WITHOUT_UNZOO=true
WITH_LZOP=true
WITH_FREEZE=true
WITH_P7ZIP=true
WITHOUT_TNEF=true

Amavise installeerimise käigus paigaldatakse ka SpamAsassin:

Optionid: 

cat /var/db/ports/p5-Mail-SpamAssassin/options 
# This file is auto-generated by 'make config'.
# No user-servicable parts inside!
# Options for p5-Mail-SpamAssassin-3.2.4_2
_OPTIONS_READ=p5-Mail-SpamAssassin-3.2.4_2
WITHOUT_AS_ROOT=true
WITHOUT_SPAMC=true
WITH_SACOMPILE=true
WITHOUT_DKIM=true
WITH_SSL=true
WITH_GNUPG=true
WITHOUT_MYSQL=true
WITH_PGSQL=true
WITH_RAZOR=true
WITH_SPF_QUERY=true
WITH_RELAY_COUNTRY=true

ClamAV

cd /usr/ports/security/clamav
make install clean

Optionid: 

cat /var/db/ports/clamav/options               
# This file is auto-generated by 'make config'.
# No user-servicable parts inside!
# Options for clamav-0.92.1_1
_OPTIONS_READ=clamav-0.92.1_1
WITH_ARC=true
WITH_ARJ=true
WITH_LHA=true
WITH_UNZOO=true
WITH_UNRAR=true
WITHOUT_MILTER=true
WITHOUT_LDAP=true
WITHOUT_ICONV=true
WITHOUT_STDERR=true
WITH_EXPERIMENTAL=true

Courier-IMAP

Kui mail on vastu võetud, siis oleks ju tore ka sellele kuidagi ligi pääseda mõne meili kliendiga. Courier-IMAP pakub seda võimalust nii läbi POP3 kui ka IMAP protokollide, lugedes andmeid Maildir formaadis kataloogidest. 

cd /usr/ports/mail/courier-imap
make install clean

Optionid: 

cat /var/db/ports/courier-imap/option
# This file is auto-generated by 'make config'.
# No user-servicable parts inside!
# Options for courier-imap-4.1.3,1
_OPTIONS_READ=courier-imap-4.1.3,1
WITH_OPENSSL=true
WITHOUT_FAM=true
WITHOUT_DRAC=true
WITH_TRASHQUOTA=true
WITHOUT_GDBM=true
WITH_IPV6=true
WITHOUT_AUTH_LDAP=true
WITHOUT_AUTH_MYSQL=true
WITH_AUTH_PGSQL=true
WITHOUT_AUTH_USERDB=true
WITHOUT_AUTH_VCHKPW=true


PostgreSQL

Kasutajate andmeid on andmebaasis tore hoida sellepärast, et see on veel üks tükike selles maili puzzles mis lubab tulevikus mugavamalt skaleeruda.

cd /usr/ports/database/postgresql83 make install clean

Optionid: 

cat /var/db/ports/postgresql83/options
# This file is auto-generated by 'make config'.
# No user-servicable parts inside!
# Options for postgresql-server-8.3.1
_OPTIONS_READ=postgresql-server-8.3.1
WITH_NLS=true
WITHOUT_PAM=true
WITHOUT_LDAP=true
WITHOUT_MIT_KRB5=true
WITHOUT_HEIMDAL_KRB5=true
WITH_OPTIMIZED_CFLAGS=true
WITH_XML=true
WITH_TZDATA=true
WITHOUT_DEBUG=true
WITHOUT_ICU=true
WITH_INTDATE=true

= Mailman

Vähegi suurema asutuse/organisatsiooni korral tekib ka vajadus maililistide järgi, kus saaks mugavalt infot levitada. Selleks on täitsa sobilik kasutada Mailmani. 

cd /usr/ports/mail/mailman
make install clean

Optionid: 

cat /var/db/ports/mailman/options
# This file is auto-generated by 'make config'.
# No user-servicable parts inside!
# Options for mailman-with-htdig-2.1.9_5
_OPTIONS_READ=mailman-with-htdig-2.1.9_5
WITHOUT_SENDMAIL=true
WITHOUT_EXIM3=true
WITHOUT_EXIM4=true
WITH_POSTFIX=true
WITHOUT_COURIER=true
WITHOUT_CHINESE=true
WITHOUT_SLOVAK=true
WITH_HTDIG=true

Veeb

Lisaks sellele, et kasutaja pääseb oma mailile ligi läbi tema isiklikus arvutis olema maili kliendi ( Windowsi peal soovitaks The Bat! 'i ja *NIX peal Evolutioni ) on vajalik siiski ka veebist ligi pääseda - näiteks reisides ja kohvikutes viibides.

Jätan siinkohal ära apache/php paigaldamise õpetuse, kuna natukene pealehakkamist oleks lisaks eelnevalt tehtud copy-pastele hädasti vaja :-) Vajalik tarkvara on juba üleval pool kirjeldatud, portsides olemas ning tuleb koos täiesti ammendava dokumenatsiooniga.

NB! Postfixadminile tuleb paigaldada üks lisa patch: http://troels.arvin.dk/db/postfixadmin/

Seadistamine

Nüüdseks peaks hulka tarkvara juba peal olema, ning oleks vaja see ka töökorda seada. Teeme seda samas järjekorras.

Postfix

Vajalikud failid asuvad /usr/local/etc/postfix all.. seega: 

cd /usr/local/etc/postfix

Kõige olulisem on siin main.cf, mis kontrollib smtpd & sõprade käitumist:

/usr/local/etc/postfix/main.cf: 

queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
mail_owner = postfix
myhostname = mail.domeen.ee
local_recipient_maps = $virtual_mailbox_maps
unknown_local_recipient_reject_code = 550
mynetworks_style = host
relay_domains = proxy:pgsql:/usr/local/etc/postfix/pgsql/relay_domains.cf, list.domeen.ee
virtual_alias_maps = proxy:pgsql:/usr/local/etc/postfix/pgsql/virtual_alias_maps.cf
virtual_mailbox_domains = proxy:pgsql:/usr/local/etc/postfix/pgsql/virtual_domains_maps.cf
virtual_mailbox_maps = proxy:pgsql:/usr/local/etc/postfix/pgsql/virtual_mailbox_maps.cf
virtual_mailbox_limit_maps = pgsql:/usr/local/etc/postfix/pgsql/virtual_mailbox_limits.cf
virtual_maildir_extended = yes
virtual_create_maildirsize = yes
virtual_mailbox_limit_inbox = yes
virtual_mailbox_limit_override = yes
virtual_mailbox_base = /var/maildata
virtual_mailbox_limit = 51200000
virtual_minimum_uid = 465
virtual_transport = virtual
virtual_uid_maps = static:465
virtual_gid_maps = static:465
local_transport = virtual
transport_maps = hash:/usr/local/etc/postfix/transport
mailman_destination_recipient_limit = 1
alias_maps = hash:/usr/local/mailman/data/aliases
smtpd_banner = MAIL - ESMTP $mail_name
debug_peer_level = 1
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = no

# anti-spam
content_filter=amavis:[127.0.0.1]:65024
disable_vrfy_command = yes
maximal_queue_lifetime = 7d
smtp_helo_timeout = 30s
smtp_mail_timeout = 60s
smtp_rcpt_timeout = 60s
smtpd_client_connection_count_limit = 100
smtpd_client_connection_rate_limit = 3000
smtpd_client_message_rate_limit = 1000
smtpd_client_recipient_rate_limit = 120
smtpd_client_restrictions = permit_inet_interfaces, reject_unknown_client_hostname, sleep 3,  reject_rbl_client sbl-xbl.spamhaus.org
smtpd_error_sleep_time = 3
smtpd_helo_required = yes
smtpd_helo_restrictions = warn_if_reject reject_invalid_helo_hostname, sleep 3, warn_if_reject  reject_unknown_helo_hostname
smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination,  permit_sasl_authenticated, sleep 5, reject_non_fqdn_recipient, reject_unauth_destination,  reject_unknown_recipient_domain
smtpd_sender_restrictions = check_policy_service unix:private/policy
strict_rfc821_envelopes = yes
strict_7bit_headers = YES
smtpd_delay_reject = yes

# smtp-auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /usr/local/etc/postfix/server.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/server.pem
smtpd_tls_CAfile = /usr/local/etc/postfix/server.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

data_directory = /var/db/postfix

/usr/local/etc/postfix/master.cf 'i l6pus: 

mailman   unix  -       n       n       -       -       pipe
  flags=FR user=mailman argv=/usr/local/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}
policy  unix    -       n       n       -       -       spawn
        user=nobody     argv=/usr/local/libexec/gps /usr/local/etc/gps.conf
amavis  unix    -       -       n       -       2       smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes
        -o disable_dns_lookups=yes
        -o max_use=20
127.0.0.1:65025 inet n    -       n       -       -     smtpd
     -o content_filter=
     -o smtpd_delay_reject=no
     -o smtpd_client_restrictions=permit_mynetworks,reject
     -o smtpd_helo_restrictions=
     -o smtpd_sender_restrictions=
     -o smtpd_recipient_restrictions=permit_mynetworks,reject
     -o smtpd_data_restrictions=reject_unauth_pipelining
     -o smtpd_end_of_data_restrictions=
     -o smtpd_restriction_classes=
     -o mynetworks=10.0.0.1,127.0.0.1
     -o smtpd_error_sleep_time=0
     -o smtpd_soft_error_limit=1001
     -o smtpd_hard_error_limit=1000
     -o smtpd_client_connection_count_limit=0
     -o smtpd_client_connection_rate_limit=0
     -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
     -o local_header_rewrite_clients=
proxywrite unix -       -       n       -       1       proxymap

Ja veel /usr/local/etc/postfix/transport failis: 

list.domeen.ee     mailman:

See file tuleb postmap'ga pärast üle käia, niiviisi: 

postmap /usr/local/etc/postfix/transport


Ei ole plaaniski kirjeldama hakata mida kõik need optionid tähendavad, kuna postfixi enda dokumentatsioon on selleks piisav.

Olulisemad seaded: 

local_recipient_maps = $virtual_mailbox_maps
relay_domains = proxy:pgsql:/usr/local/etc/postfix/pgsql/relay_domains.cf, list.domeen.ee
virtual_alias_maps = proxy:pgsql:/usr/local/etc/postfix/pgsql/virtual_alias_maps.cf
virtual_mailbox_domains = proxy:pgsql:/usr/local/etc/postfix/pgsql/virtual_domains_maps.cf
virtual_mailbox_maps = proxy:pgsql:/usr/local/etc/postfix/pgsql/virtual_mailbox_maps.cf
virtual_mailbox_base = /var/maildata
virtual_mailbox_limit = 51200000
virtual_minimum_uid = 465
virtual_transport = virtual
virtual_uid_maps = static:465
virtual_gid_maps = static:465
local_transport = virtual

Ilma nende seadeteta ei tea postfix midagi andmebaasis olevatest kasutajatest ega kuidas mail nendeni jõudma peaks.

local_recipient_maps seatakse samaks mis virtual_mailbox_maps

relay_domains on SQL p2ring domeenidele, millele osutatakse MX backup teenust. Lisaks veel list.domeen.ee - ehk's listiserver.

virtual_alias_maps on SQL p2ring maili aliastele, millele v6ib maili vastu v6tta

virtual_mailbox_domains .. p2ring domeenidele, millele v6ib maili vastu v6tta

virtual_mailbox_maps p2ring mailiboxidele ( kus asub, mis 6igused jne.. ) maili kohale toimetamiseks

virtual_mailbox_base FS path mille all mailboxid asuvad ( lisatakse virtual_mailbox_maps 'st saadud info ette )

virtual_uid_maps = static:465 

                                ... nii uid kui ka gid k6ikidel mailboxidel on 465

virtual_gid_maps = static:465


Viidatud failid ( asuvad /usr/local/etc/postfix/pgsql all - kataloog mida freebsd installis by default ei ole, so mkdir v6i vaheta optionites pathi kui sa nad mujale paned ) mida postgresql'ga suhtlemisel SQL p2ringute tegemiseks kasutatakse: 

cat pgsql/relay_domains.cf
user = postfix
password = pass
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = true

cat pgsql/virtual_alias_maps.cf
user = postfix
password = pass
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = true

cat pgsql/virtual_domains_maps.cf
user = postfix
password = pass
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = false and active = true

cat pgsql/virtual_mailbox_limits.cf
user = postfix
password = pass
hosts = localhost
dbname = postfix
query = SELECT quota FROM mailbox WHERE username='%s'

cat pgsql/virtual_mailbox_maps.cf
user = postfix
password = pass
hosts = localhost
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = true

Seejärel peaks tekitama kataloogi /var/maildata ja andma selle courier'i käsutusse 

mkdir -p /var/maildata
chown -R courier:courier /var/maildata

Seal all hakkab siis mail olema, nii nagu virtual_mailbox_base option seda ütleb.

Anti-Spam osa soovitaks esialgu välja jätta ning lisada alles pärast seda, kui oled tutvunud vastavate optionite sisuga postfixi dokumentatsioonist. Kui soovid seda aga kasutada, siis oleks sul veel vaja paigaldada postfix-gps-devel port koos postgresql toega.

SMTP-AUTH tarvis oleks vaja tekitada aga serverile sertifikaat TLS'i jaoks: 

openssl req -new -x509 -nodes -out server.pem -keyout server.pem -days 3650

cyrus-sasl2

Et SMTP protokoll oskaks courier-authlib'ga rääkida, on vajalik vastav fail /usr/local/lib/sasl2 all 

cat /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path: /var/run/authdaemond/socket

courier-authlib

See on see jupp, mis vahendab SMTP-AUTH/IMAP päringuid andmebaasile.

Confid asuvad /usr/local/etc/authlib 

cat /usr/local/etc/authlib/authdaemonrc
authmodulelist="authpgsql"
authmodulelistorig="authuserdb authvchkpw authpam authldap authmysql authpgsql"
daemons=3
authdaemonvar=/var/run/authdaemond
subsystem=mail
DEBUG_LOGIN=0
DEFAULTOPTIONS="wbnodsn=1"
LOGGEROPTS=""

cat /usr/local/etc/authlib/authpgsqlrc
PGSQL_PORT              5432
PGSQL_USERNAME          postfix
PGSQL_PASSWORD          pass
PGSQL_DATABASE          postfix
PGSQL_USER_TABLE        mailbox
PGSQL_CRYPT_PWFIELD     password
PGSQL_UID_FIELD         '465'
PGSQL_GID_FIELD         '465'
PGSQL_LOGIN_FIELD       username
PGSQL_HOME_FIELD        '/var/maildata'
PGSQL_NAME_FIELD        name
PGSQL_MAILDIR_FIELD     maildir

Courier-IMAP

Selle confid asuvad /usr/local/etc/courier-imap all 

cat /usr/local/etc/courier-imap/imapd
ADDRESS=0
PORT=143
MAXDAEMONS=40
MAXPERIP=4
PIDFILE=/var/run/imapd.pid
TCPDOPTS="-nodnslookup -noidentlookup"
LOGGEROPTS="-name=imapd"
IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE"
IMAP_KEYWORDS=1
IMAP_ACL=1
IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-   SHA256 IDLE"
IMAP_PROXY=0 
IMAP_PROXY_FOREIGN=0
IMAP_IDLE_TIMEOUT=60
IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"
IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN"
IMAP_DISABLETHREADSORT=0
IMAP_CHECK_ALL_FOLDERS=0
IMAP_OBSOLETE_CLIENT=0
IMAP_UMASK=022
IMAP_ULIMITD=65536
IMAP_USELOCKS=1
IMAP_SHAREDINDEXFILE=/usr/local/etc/courier-imap/shared/index
IMAP_ENHANCEDIDLE=0
IMAP_TRASHFOLDERNAME=Trash
IMAP_EMPTYTRASH=Trash:7
IMAP_MOVE_EXPUNGE_TO_TRASH=0
SENDMAIL=/usr/sbin/sendmail
HEADERFROM=X-IMAP-Sender
IMAPDSTART=NO
MAILDIRPATH=Maildir

cat /usr/local/etc/courier-imap/imapd-ssl
SSLPORT=993
SSLADDRESS=0
SSLPIDFILE=/var/run/imapd-ssl.pid
SSLLOGGEROPTS="-name=imapd-ssl"
IMAPDSSLSTART=YES
IMAPDSTARTTLS=YES
IMAP_TLS_REQUIRED=0
COURIERTLS=/usr/local/bin/couriertls
TLS_PROTOCOL=SSL3
TLS_STARTTLS_PROTOCOL=TLS1
TLS_CERTFILE=/usr/local/share/courier-imap/imapd.pem
TLS_VERIFYPEER=NONE
TLS_CACHEFILE=/usr/local/var/couriersslcache
TLS_CACHESIZE=524288
MAILDIRPATH=Maildir

SSL'i sertifikaadi saad genereerida muutes kopeerides imapd.cnf-dist faili imapd.cnf'x, kohandades siis selle sisu ning seejärel käivitades mkimapdcert käsu. 

cd /usr/local/etc/courier-imap
cp imapd.cnf.dist imapd.cnf
ee imapd.cnf
mkimapdcert

POP3'e seadistamine on vägagi sarnane IMAP'le ning sellega saad kindlasti ka ise hakkama.

PostgreSQL

Esmalt on vaja luua uus kasutaja: 

CREATE USER postfix WITH PASSWORD 'pass';

Ning seejärel mõned andmebaasid: 

CREATE DATABASE postfix OWNER postfix;
CREATE DATABASE postfix_gps OWNER postfix;

Esimeses asuvad domeenid ja kasutajad teises aga postgres-gps greylisti andmed.

Baasi postfix schema ( postfixadminile on paigaldatud postgresql'i jaoks patch @ http://troels.arvin.dk/db/postfixadmin/ ): 

CREATE TABLE "admin" (
    username character varying(255) NOT NULL,
    "password" character varying(255) DEFAULT ::character varying NOT NULL,
    created timestamp with time zone DEFAULT now(),
    modified timestamp with time zone DEFAULT now(),
    active boolean DEFAULT true NOT NULL
);
COMMENT ON TABLE "admin" IS 'Postfix Admin - Virtual Admins';
CREATE TABLE alias (
    address character varying(255) NOT NULL,
    goto text NOT NULL,
    "domain" character varying(255) NOT NULL,
    created timestamp with time zone DEFAULT now(),
    modified timestamp with time zone DEFAULT now(),
    active boolean DEFAULT true NOT NULL
);
COMMENT ON TABLE alias IS 'Postfix Admin - Virtual Aliases';
CREATE TABLE "domain" (
    "domain" character varying(255) NOT NULL,
    description character varying(255) DEFAULT ::character varying NOT NULL,
    aliases integer DEFAULT 0 NOT NULL,
    mailboxes integer DEFAULT 0 NOT NULL,
    maxquota integer DEFAULT 0 NOT NULL,
    transport character varying(255),
    backupmx boolean DEFAULT false NOT NULL,
    created timestamp with time zone DEFAULT now(),
    modified timestamp with time zone DEFAULT now(),
    active boolean DEFAULT true NOT NULL
);
COMMENT ON TABLE "domain" IS 'Postfix Admin - Virtual Domains';
CREATE TABLE domain_admins (
    username character varying(255) NOT NULL,
    "domain" character varying(255) NOT NULL,
    created timestamp with time zone DEFAULT now(),
    active boolean DEFAULT true NOT NULL
);
COMMENT ON TABLE domain_admins IS 'Postfix Admin - Domain Admins';
CREATE TABLE log (
    "timestamp" timestamp with time zone DEFAULT now(),
    username character varying(255) DEFAULT ::character varying NOT NULL,
    "domain" character varying(255) DEFAULT ::character varying NOT NULL,
    "action" character varying(255) DEFAULT ::character varying NOT NULL,
    data text DEFAULT ::text NOT NULL
);
COMMENT ON TABLE log IS 'Postfix Admin - Log';
CREATE TABLE mailbox (
    username character varying(255) NOT NULL,
    "password" character varying(255) DEFAULT ::character varying NOT NULL,
    name character varying(255) DEFAULT ::character varying NOT NULL,
    maildir character varying(255) DEFAULT ::character varying NOT NULL,
    quota integer DEFAULT 0 NOT NULL,
    "domain" character varying(255) NOT NULL,
    created timestamp with time zone DEFAULT now(),
    modified timestamp with time zone DEFAULT now(),
    active boolean DEFAULT true NOT NULL
);
COMMENT ON TABLE mailbox IS 'Postfix Admin - Virtual Mailboxes';
CREATE TABLE vacation (
    email character varying(255) NOT NULL,
    subject character varying(255) NOT NULL,
    body text NOT NULL,
    "domain" character varying(255) NOT NULL,
    created timestamp with time zone DEFAULT now(),
    active boolean DEFAULT true NOT NULL
);
CREATE TABLE vacation_notification (
    on_vacation character varying(255) NOT NULL,
    notified character varying(255) NOT NULL,
    notified_at timestamp with time zone DEFAULT now() NOT NULL
);
ALTER TABLE ONLY "admin"
    ADD CONSTRAINT admin_key PRIMARY KEY (username);
ALTER TABLE ONLY alias
    ADD CONSTRAINT alias_key PRIMARY KEY (address);
ALTER TABLE ONLY "domain"
    ADD CONSTRAINT domain_key PRIMARY KEY ("domain");
ALTER TABLE ONLY mailbox
    ADD CONSTRAINT mailbox_key PRIMARY KEY (username);
ALTER TABLE ONLY vacation_notification
    ADD CONSTRAINT vacation_notification_pkey PRIMARY KEY (on_vacation, notified);
ALTER TABLE ONLY vacation
    ADD CONSTRAINT vacation_pkey PRIMARY KEY (email);
CREATE INDEX alias_address_active ON alias USING btree (address, active);
CREATE INDEX domain_domain_active ON "domain" USING btree ("domain", active);
CREATE INDEX mailbox_username_active ON mailbox USING btree (username, active);
CREATE INDEX vacation_email_active ON vacation USING btree (email, active);
ALTER TABLE ONLY alias
    ADD CONSTRAINT alias_domain_fkey FOREIGN KEY ("domain") REFERENCES "domain"("domain");
ALTER TABLE ONLY domain_admins
    ADD CONSTRAINT domain_admins_domain_fkey FOREIGN KEY ("domain") REFERENCES "domain"("domain");
ALTER TABLE ONLY mailbox
    ADD CONSTRAINT mailbox_domain_fkey FOREIGN KEY ("domain") REFERENCES "domain"("domain");
ALTER TABLE ONLY vacation
    ADD CONSTRAINT vacation_domain_fkey FOREIGN KEY ("domain") REFERENCES "domain"("domain");
ALTER TABLE ONLY vacation_notification
    ADD CONSTRAINT vacation_notification_on_vacation_fkey FOREIGN KEY (on_vacation) REFERENCES vacation(email) ON DELETE CASCADE;

Baasi postfix_gps schema: 

CREATE TABLE network (
    address character varying(16) DEFAULT ::character varying NOT NULL,
    "comment" character varying(30) DEFAULT ::character varying
);
CREATE TABLE pattern (
    expression character varying(200) DEFAULT ::character varying NOT NULL,
    "comment" character varying(30) DEFAULT ::character varying
);
CREATE TABLE recipient (
    address character varying(200) DEFAULT ::character varying NOT NULL,
    "comment" character varying(30) DEFAULT ::character varying
);
CREATE TABLE triplet (
    client_address character varying(40),
    sender character varying(160) NOT NULL,
    recipient character varying(160) NOT NULL,
    ip64 numeric(4,0) DEFAULT 0 NOT NULL,
    ip32 numeric(4,0) DEFAULT 0 NOT NULL,
    ip16 numeric(4,0) DEFAULT 0 NOT NULL,
    ip8 numeric(4,0) DEFAULT 0 NOT NULL,
    count integer DEFAULT 0 NOT NULL,
    uts integer NOT NULL
);
ALTER TABLE ONLY network
    ADD CONSTRAINT network_pkey PRIMARY KEY (address);
ALTER TABLE ONLY pattern
    ADD CONSTRAINT pattern_pkey PRIMARY KEY (expression);
ALTER TABLE ONLY recipient
    ADD CONSTRAINT recipient_pkey PRIMARY KEY (address);
ALTER TABLE ONLY triplet
    ADD CONSTRAINT triplet_pkey PRIMARY KEY (recipient, sender, ip64, ip32, ip16, ip8);

Eeldan, et postgresql'i seadistusega tuled ise toime - dokumenatsioon on selleks täitsa piisav.

Spam & Viirused

Amavis

amavisd-new teostab nii spam'i kui ka viiruse kontrolli. Eelnevalt postfix'i confis sai ta seadistatud nõndaviisi: 

content_filter=amavis:[127.0.0.1]:65024

/usr/local/etc/amavisd.conf 'i olulised read 

$max_servers = 2;            # num of pre-forked children (2..15 is common), -m
$daemon_user  = 'vscan';     # (no default;  customary: vscan or amavis), -u
$daemon_group = 'vscan';     # (no default;  customary: vscan or amavis), -g
$mydomain = 'domeen.ee';   # a convenient default for other settings
$inet_socket_port = 65024;   # listen on this local TCP port(s)
$myhostname = 'mail.domeen.ee';  # must be a fully-qualified domain name!
@av_scanners = (

['ClamAV-clamd',
  \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
  qr/\bOK$/, qr/\bFOUND$/,
  qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);

Siin on siis ära määratud, et amavisd-new kuulab pordil 65024 ja kasutajaks on vscan. Antiviiruse kontrolli teeb ta läbi ClamAV'i, millega ta suhtleb üle unix socketi.. /var/run/clamav/clamd.

ClamAV

/usr/local/etc/clamd.conf: 

LogFile /var/log/clamav/clamd.log
LogFileMaxSize 20M
LogTime yes
LogVerbose no
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/db/clamav
LocalSocket /var/run/clamav/clamd
FixStaleSocket yes
MaxConnectionQueueLength 30
StreamMaxLength 50M
MaxThreads 20
User vscan
AllowSupplementaryGroups yes
ExitOnOOM yes
Debug yes
LeaveTemporaryFiles no
ScanMail yes

LocalSocket peab olema sama mis amavisd.conf 's, ehk siis /var/run/clamav/clamd Samuti peab ka kasutajaks olema määratud vscan, muidu ei saa amavisd clamd'ga suhelda kui tal socketisse kirjutamiseks õigusi pole.

/usr/local/etc/freshclamd.conf 

DatabaseDirectory /var/db/clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose no
PidFile /var/run/clamav/freshclam.pid
DatabaseOwner vscan
AllowSupplementaryGroups yes
DatabaseMirror database.clamav.net
ScriptedUpdates yes
Checks 24
NotifyClamd /usr/local/etc/clamd.conf

Jällegi, user vscan.

Siinkohal tasuks ära märkida, et esialgu kuuluvad /var/db/clamav ja /var/log/clamav clamav userile.. seega tuleks need vscan userile chownida.


Postfix-GPS ehk Greylist

/usr/local/etc/gps.conf 

dbtype=pgsql
db_host=localhost
db_username=postfix
db_password=pass
db_dbname=postfix_gps
timeout=60
wl_pattern=dbcached
wl_network=dbcached
wl_recipient=db

Mailman

Kõik listid hakkavad asuma list.domeen.ee domeeni all ( mis peab ka DNS's reaalselt eksisteerima ). Kuna mailman kuulutab kõik failid oma kodukataloogis /usr/local/mailman mailman kasutajale kuuluvaks, siis tuleb postfix'i kasutaja ka mailman'i gruppi lisada - muidu ei hakka listi aliased kahjuks tööle. 

pw groupmod mailman -m postfix

Seejärel tuleks chmod'da /usr/local/mailman/data all asuvad alias failid nii, et mailman'i grupp ( kuhu nüüd postfixi kasutaja kuulub.. ) neid kirjutada saaks. 

chmod 660 /usr/local/mailman/data/aliases /usr/local/mailman/data/aliases.db

Mailman'i enda config võib välja näha selline: 

MTA = 'Postfix'
SMTPHOST = "localhost"
SMTPPORT = 65025
ALLOW_SITE_ADMIN_COOKIES = Yes
DEFAULT_URL_PATTERN = 'https://%s/mailman/'
PUBLIC_ARCHIVE_URL = 'https://%(hostname)s/pipermail/%(listname)s'
OWNERS_CAN_DELETE_THEIR_OWN_LISTS = Yes

Mailman räägib pordiga 65025 sel põhjusel, et selle pordi pealt viirusekontrolli ei tehta. Viirusekontrolli teostatakse siis, kui kirjad listi tulevad - seega pole neid samu kirju välja saates vaja topelt kontrollida.

Kui kirjad tulevad list.domeen.ee aadresile, siis antakse need postfixi poolt üle /usr/local/mailman/bin/postfix-to-mailman.py scriptile ( vt. postfixi master.cf ja transport faile )

See näeb välja selline: 

#!/usr/local/bin/python
# Configuration variables - Change these for your site if necessary.
MailmanHome = "/usr/local/mailman"; # Mailman home directory.
MailmanOwner = "postmaster@domeen.ee"; # Postmaster and abuse mail recipient.
# End of configuration variables.
# postfix-to-mailman-2.1.py (to be installed as postfix-to-mailman.py)
#  
# Interface mailman to a postfix with a mailman transport. Does not require
# the creation of _any_ aliases to connect lists to your mail system.
#
# Dax Kelson, dkelson@gurulabs.com, Sept 2002.
# coverted from qmail to postfix interface
# Jan 2003: Fixes for Mailman 2.1
# Thanks to Simen E. Sandberg <senilix@gallerbyen.net>
# Feb 2003: Change the suggested postfix transport to support VERP
# Thanks to Henrique de Moraes Holschuh <henrique.holschuh@ima.sp.gov.br>
#
# This script was originally qmail-to-mailman.py by:
# Bruce Perens, bruce@perens.com, March 1999.
# This is free software under the GNU General Public License.
#
# This script is meant to be called from ~mailman/postfix-to-mailman.py. 
# It catches all mail to a virtual domain, eg "lists.example.com".
# It looks at the  recipient for each mail message and decides if the mail is
# addressed to a valid list or not, and bounces the message with a helpful
# suggestion if it's not addressed to a list. It decides if it is a posting, 
# a list command, or mail to the list administrator, by checking for the
#  -admin, -owner, and -request addresses. It will recognize a list as soon
# as the list is created, there is no need to add _any_ aliases for any list.
# It recognizes mail to postmaster, mailman-owner, abuse, mailer-daemon, root,
# and owner, and routes those mails to MailmanOwner as defined in the
# configuration variables, above.
#
# INSTALLATION:
#
# Install this file as ~mailman/postfix-to-mailman.py
#
# To configure a virtual domain to connect to mailman, edit Postfix thusly:
#
# /etc/postfix/main.cf:
#    relay_domains = ... lists.example.com
#    transport_maps = hash:/etc/postfix/transport
#    mailman_destination_recipient_limit = 1
#
# /etc/postfix/transport:
#   lists.example.com   mailman:
#
# /etc/postfix/master.cf
#    mailman unix  -       n       n       -       -       pipe
#      flags=FR user=mailman:mailman 
#      argv=/var/mailman/postfix-to-mailman.py ${nexthop} ${user}
# 
#
# Replace list.example.com above with the name of the domain to be connected
# to Mailman. Note that _all_ mail to that domain will go to Mailman, so you
# don't want to put the name of your main domain here. Typically a virtual
# domain lists.domain.com is used for Mailman, and domain.com for regular
# email.
#
import sys, os, re, string
 
def main():
    os.nice(5)  # Handle mailing lists at non-interactive priority.
                # delete this if you wish

    os.chdir(MailmanHome + "/lists")

    try:
        local = sys.argv[2]
    except:
        # This might happen if we're not using Postfix
        sys.stderr.write("LOCAL not set?\n")
        sys.exit(1)

    local = string.lower(local)
    local = re.sub("^mailman-","",local)

    names = ("root", "postmaster", "mailer-daemon", "mailman-owner", "owner",
             "abuse")
    for i in names:
        if i == local:
            os.execv("/usr/sbin/sendmail",
                     ("/usr/sbin/sendmail", MailmanOwner))
            sys.exit(0)

    type = "post"
    types = (("-admin$", "admin"),
             ("-owner$", "owner"),
             ("-request$", "request"),
             ("-bounces$", "bounces"),
             ("-confirm$", "confirm"),
             ("-join$", "join"),
             ("-leave$", "leave"),
             ("-subscribe$", "subscribe"),
             ("-unsubscribe$", "unsubscribe"))

    for i in types:
        if re.search(i[0],local):
            type = i[1]
            local = re.sub(i[0],"",local)

    if os.path.exists(local):
        os.execv(MailmanHome + "/mail/mailman",
                 (MailmanHome + "/mail/mailman", type, local))
    else:
        bounce()
    sys.exit(75)

def bounce():
    bounce_message = """\
TO ACCESS THE MAILING LIST SYSTEM: Start your web browser on
http://%s/
That web page will help you subscribe or unsubscribe, and will
give you directions on how to post to each mailing list.\n"""
    sys.stderr.write(bounce_message % (sys.argv[1])) 
    sys.exit(1)

try:
    sys.exit(main())
except SystemExit, argument:
    sys.exit(argument)

except Exception, argument:
    info = sys.exc_info()
    trace = info[2]
    sys.stderr.write("%s %s\n" % (sys.exc_type, argument))
    sys.stderr.write("Line %d\n" % (trace.tb_lineno))
    sys.exit(75)       # Soft failure, try again later.
Pärit leheküljelt "https://kuutorvaja.eenet.ee/w/index.php?title=Mailiserver&oldid=15879"