Virtualize user and domain accounts
In the following article, TipsMake.com will guide, explain to you how to install Postfix-based mail server system - built on virtual user and domain accounts
In the following article, TipsMake.com will guide, explain to you how to install Postfix-based mail server system - built on virtual user and domain accounts (eg these 2 values are stored in the server) MySQL database). At the same time, we also rebuilt the whole process of installing and setting up Courier (Courier-POP3, Courier-IMAP), through which Courier can identify the same information flow as MySQL.
The result of Postfix server is the ability to support authentication mechanisms SMTP-AUTH, TLS and quota (quota is not integrated with Postfix in default mode), where the password will be stored under the encrypted form in the engine. database. In addition, the article will show how to install Amavisd, SpamAssassin and ClamAV to scan emails and detect associated threats.
Preliminary note
The system used here is based on the x86_64 Fedora 13 server platform, has a static IP address192.168.0.100 and hostname is server1.example.com . In addition, turn off the firewall and SELinux feature.
Install some required software
First, we need to update a number of application packages on the system:
yum update
yum groupinstall 'Development Tools'
yum groupinstall 'Development Libraries'
Install Apache, MySQL, phpMyAdmin
With only one command line, there are packages required to build the Courier-IMAP system later:
yum install ntp httpd mysql-server php php-mysql php-mbstring rpm gcc build mysql-devel openssl-devel cyrus-s-devel pkgconfig zlib-devel phpMyAdmin pcre-devel openldap-devel postgresql-devel expect libtool-ltdl-devel openldap -servers libtool gdbm-devel pam-devel gamin-devel
Courier-IMAP, Courier-Authlib, and Maildrop installation
It is inconvenient when there is no rpm package for Courier-IMAP, Courier-Authlib, and Maildrop, so we need to build the source code ourselves. Note that RPM packages should not be created with root accounts, courier-imap will automatically turn off the compilation process if it detects that the compiler is running with the root account. Therefore, we need to create a normal account (in this example, falko) and create an accompanying password:
useradd -m -s / bin / bash falko
passwd falko
We will need sudo syntax later, so that falco account can compile and install rpm packages. But first, we must allow the falko account to run all commands using sudo:
visudo
In the file just opened, there will be root ALL = (ALL) ALL . Add a similar line for falko directly below:
[.]
## Allow root to run any commands anywhere
root ALL = (ALL) ALL
falko ALL = (ALL) ALL
[.]
And now, we're ready to build rpm packages. First, log in to the falko account:
su falko
Create environment variables:
mkdir $ HOME / rpm
mkdir $ HOME / rpm / SOURCES
mkdir $ HOME / rpm / SPECS
mkdir $ HOME / rpm / BUILD
mkdir $ HOME / rpm / BUILDROOT
mkdir $ HOME / rpm / SRPMS
mkdir $ HOME / rpm / RPMS
mkdir $ HOME / rpm / RPMS / i386
mkdir $ HOME / rpm / RPMS / x86_64
echo "% _topdir $ HOME / rpm" >> $ HOME / .rpmmacros
Create the downloads folder and download the source code from here:
mkdir $ HOME / downloads
cd $ HOME / downloads
wget https://sourceforge.net/projects/courier/files/authlib/0.63.0/courier-authlib-0.63.0.tar.bz2/download
wget https://sourceforge.net/projects/courier/files/imap/4.8.0/courier-imap-4.8.0.tar.bz2/download
wget https://sourceforge.net/projects/courier/files/maildrop/2.5.0/maildrop-2.5.0.tar.bz2/download
Still in the $ HOME / downloads folder, build courier-authlib package:
sudo rpmbuild -ta courier-authlib-0.63.0.tar.bz2
Then, the rpm package will be in $ HOME / rpm / RPMS / x86_64 ( $ HOME / rpm / RPMS / i386 if you use i386):
cd $ HOME / rpm / RPMS / x86_64
Use the command:
ls -l
to list the appropriate rpm packages:
[falko @ server1 x86_64] $ ls -l
total 516
-rw-r - r-- 1 root root 124304 Jun 10 17:48 courier-authlib-0.63.0-1.fc13.x86_64.rpm
-rw-r - r-- 1 root root 258896 Jun 10 17:48 courier-authlib-debuginfo-0.63.0-1.fc13.x86_64.rpm
-rw-r - r-- 1 root root 35064 Jun 10 17:48 courier-authlib-devel-0.63.0-1.fc13.x86_64.rpm
-rw-r - r-- 1 root root 17424 Jun 10 17:48 courier-authlib-ldap-0.63.0-1.fc13.x86_64.rpm
-rw-r - r-- 1 root root 13956 Jun 10 17:48 courier-authlib-mysql-0.63.0-1.fc13.x86_64.rpm
-rw-r - r-- 1 root root 13120 Jun 10 17:48 courier-authlib-pgsql-0.63.0-1.fc13.x86_64.rpm
-rw-r - r-- 1 root root 8328 Jun 10 17:48 courier-authlib-pipe-0.63.0-1.fc13.x86_64.rpm
-rw-r - r-- 1 root root 34160 Jun 10 17:48 courier-authlib-userdb-0.63.0-1.fc13.x86_64.rpm
[falko @ server1 x86_64] $
Select an appropriate package and install the following:
sudo rpm -ivh courier-authlib-0.63.0-1.fc13.x86_64.rpm courier-authlib-mysql-0.63.0-1.fc13.x86_64.rpm courier-authlib-devel-0.63.0-1.fc13. x86_64.rpm
Next, go back to the downloads folder:
cd $ HOME / downloads
and run rpmbuild again, but there is no sudo otherwise the compilation will fail:
rpmbuild -ta courier-imap-4.8.0.tar.bz2
After this process, the rpm package will be found in the HOME / rpm / RPMS / x86_64 folder ( $ HOME / rpm / RPMS / i386 if you are using the i386 system):
cd $ HOME / rpm / RPMS / x86_64
Use the command:
ls -l
will list the appropriate rpm packages:
[falko @ server1 x86_64] $ ls -l
total 2300
-rw-r - r-- 1 root root 124304 Jun 10 17:48 courier-authlib-0.63.0-1.fc13.x86_64.rpm
-rw-r - r-- 1 root root 258896 Jun 10 17:48 courier-authlib-debuginfo-0.63.0-1.fc13.x86_64.rpm
-rw-r - r-- 1 root root 35064 Jun 10 17:48 courier-authlib-devel-0.63.0-1.fc13.x86_64.rpm
-rw-r - r-- 1 root root 17424 Jun 10 17:48 courier-authlib-ldap-0.63.0-1.fc13.x86_64.rpm
-rw-r - r-- 1 root root 13956 Jun 10 17:48 courier-authlib-mysql-0.63.0-1.fc13.x86_64.rpm
-rw-r - r-- 1 root root 13120 Jun 10 17:48 courier-authlib-pgsql-0.63.0-1.fc13.x86_64.rpm
-rw-r - r-- 1 root root 8328 Jun 10 17:48 courier-authlib-pipe-0.63.0-1.fc13.x86_64.rpm
-rw-r - r-- 1 root root 34160 Jun 10 17:48 courier-authlib-userdb-0.63.0-1.fc13.x86_64.rpm
-rw-r - r-- 1 falko falko 632296 Jun 10 17:58 courier-imap-4.8.0-1.13.x86_64.rpm
-rw-r - r-- 1 falko falko 1188976 Jun 10 17:58 courier-imap-debuginfo-4.8.0-1.13.x86_64.rpm
[falko @ server1 x86_64] $
And courier-imap installation as follows:
sudo rpm -ivh courier-imap-4.8.0-1.13.x86_64.rpm
Go back to downloads folder:
cd $ HOME / downloads
continue running rpmbuild, this time to build maildrop package:
sudo rpmbuild -ta maildrop-2.5.0.tar.bz2
When completed, the rpm package will be in the $ HOME / rpm / RPMS / x86_64 folder ( $ HOME / rpm / RPMS / i386 if you use the i386 system):
cd $ HOME / rpm / RPMS / x86_64
Type the command:
ls -l
to list the appropriate packages:
[falko @ server1 x86_64] $ ls -l
total 5400
-rw-r - r-- 1 root root 124304 Jun 10 17:48 courier-authlib-0.63.0-1.fc13.x86_64.rpm
-rw-r - r-- 1 root root 258896 Jun 10 17:48 courier-authlib-debuginfo-0.63.0-1.fc13.x86_64.rpm
-rw-r - r-- 1 root root 35064 Jun 10 17:48 courier-authlib-devel-0.63.0-1.fc13.x86_64.rpm
-rw-r - r-- 1 root root 17424 Jun 10 17:48 courier-authlib-ldap-0.63.0-1.fc13.x86_64.rpm
-rw-r - r-- 1 root root 13956 Jun 10 17:48 courier-authlib-mysql-0.63.0-1.fc13.x86_64.rpm
-rw-r - r-- 1 root root 13120 Jun 10 17:48 courier-authlib-pgsql-0.63.0-1.fc13.x86_64.rpm
-rw-r - r-- 1 root root 8328 Jun 10 17:48 courier-authlib-pipe-0.63.0-1.fc13.x86_64.rpm
-rw-r - r-- 1 root root 34160 Jun 10 17:48 courier-authlib-userdb-0.63.0-1.fc13.x86_64.rpm
-rw-r - r-- 1 falko falko 632296 Jun 10 17:58 courier-imap-4.8.0-1.13.x86_64.rpm
-rw-r - r-- 1 falko falko 1188976 Jun 10 17:58 courier-imap-debuginfo-4.8.0-1.13.x86_64.rpm
-rw-r - r-- 1 root root 1759056 Jun 10 18:06 maildrop-2.5.0-1.13.x86_64.rpm
-rw-r - r-- 1 root root 1243400 Jun 10 18:06 maildrop-debuginfo-2.5.0-1.13.x86_64.rpm
-rw-r - r-- 1 root root 99764 Jun 10 18:06 maildrop-devel-2.5.0-1.13.x86_64.rpm
-rw-r - r-- 1 root root 62536 Jun 10 18:06 maildrop-man-2.5.0-1.13.x86_64.rpm
[falko @ server1 x86_64] $
And set up maildrop as follows:
sudo rpm -ivh maildrop-2.5.0-1.13.x86_64.rpm
After completing the above processes, log into the system with the root account:
exit
Apply Quote patch with Postfix
Here, we will have to find a way to patch Quota with Postfix in the following way: download the source code, apply the patch, build the rpm installation package of Postfix and install:
cd / usr / src
wget http://ftp-stud.fht-esslingen.de/pub/Mirrors/fedora/linux/releases/13/Fedora/source/SRPMS/postfix-2.7.0-1.fc13.src.rpm
rpm -ivh postfix-2.7.0-1.fc13.src.rpm
The last statement will show a few warnings, you can ignore these warnings:
warning: mockbuild user does not exist - dùng root
cảnh báo: mockbuild group không tồn tại - dùng root
cd / root / rpmbuild / SOURCES
wget http://vda.sourceforge.net/VDA/postfix-vda-2.7.0.patch
cd / root / rpmbuild / SPECS /
Next, edit the postfix.spec file:
en postfix.spec
Add Patch0 syntax: postfix-vda-2.7.0.patch to # Patches location, and % patch0 -p1 -b .vda to % setup -q :
[.]
Patches
Patch0: postfix-vda-2.7.0.patch
Patch1: postfix-2.7.0-config.patch
Patch2: postfix-2.6.1-files.patch
Patch3: postfix-alternatives.patch
Patch8: postfix-large-fs.patch
Patch9: pflogsumm-1.1.2-datecalc.patch
[.]
% prep
% setup -q
# Apply obligatory patches
% patch0 -p1 -b .vda
% patch1 -p1 -b .config
% patch2 -p1 -b .files
% patch3 -p1 -b .alternatives
% patch8 -p1 -b .large-fs
[.]
Then, build the rpm installation package of Postfix with quota and MySQL support:
rpmbuild -ba postfix.spec
The Postfix installation rpm package is created in / root / rpmbuild / RPMS / x86_64 ( / root / rpmbuild / RPMS / i386 if you use the i386 system):
cd / root / rpmbuild / RPMS / x86_64
Use the command:
ls -l
to list the appropriate packages:
[root @ server1 x86_64] # ls -l
total 8804
-rw-r - r-- 1 root root 2197708 Jun 10 18:17 postfix-2.7.0-1.fc13.x86_64.rpm
-rw-r - r-- 1 root root 6746304 Jun 10 18:17 postfix-debuginfo-2.7.0-1.fc13.x86_64.rpm
-rw-r - r-- 1 root root 61460 Jun 10 18:17 postfix-perl-scripts-2.7.0-1.fc13.x86_64.rpm
[root @ server1 x86_64] #
Select the appropriate Postfix package and install it using the following command:
rpm -ivh postfix-2.7.0-1.fc13.x86_64.rpm
Set password for MySQL and set up phpMyAdmin
Start MySQL:
chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start
Set password for MySQL root account:
mysql_secure_installation
[root @ server1 ~] # mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In hàng lệnh để đăng nhập vào MySQL để bảo vệ nó, sẽ cần phải hiện thời
password for the root user. If you've just installed MySQL, và
bạn không đặt được mật khẩu root này, mật khẩu sẽ được trống,
so you should just press enter here.
Enter current password cho root (nhập cho không):
OK, đã được sử dụng mật khẩu và chuyển đổi .
Thiết lập mật khẩu gốc cần thiết mà không thể đăng nhập vào MySQL
root user without the proper authoring.
Set root password? [Y / n]
New password: ← set root sql password
Re-enter new password: Password updated successfully!
Reloading privilege tables .
. Success!
Vì mặc định, một cài đặt MySQL có một người dùng không rõ, Allow anyone
để đăng nhập vào MySQL không có đủ người dùng đã tạo cho người dùng
more. Đây được sử dụng chỉ để kiểm tra, và để tạo cài đặt
go a bit smoother. Bạn nên gỡ bỏ chúng trước khi chuyển vào một
production environment.
Remove anonymous users? [Y / n]
. Success!
Thường, root nên chỉ được phép phép kết nối từ 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login command? [Y / n]
. Success!
By default, MySQL comes with a database được xác định 'thử' mà có thể
access. Đây là chỉ định chỉ chỉ cho thử thử, và nên được gỡ bỏ
trước khi chuyển vào một Production environment.
Remove test database and access to it? [Y / n]
- Dropping test database .
. Success!
- Removing privileges on test database .
. Success!
Reloading the privilege tables will ensure that all changes do so far
sẽ xử lý ngay ngay.
Reload privilege tables now? [Y / n]
. Success!
Cleaning up .
All done! If you've completed all steps theo đây, bạn MySQL
cài đặt nên được bảo vệ.
Thanks for dùng MySQL!
[root @ server1 ~] #
Next, we have to set up phpMyAdmin, change Apache so that phpMyAdmin accepts connections not only from localhost:
en /etc/httpd/conf.d/phpMyAdmin.conf
# phpMyAdmin - Web based MySQL browser written in php
#
# Phép phép chỉ có địa chỉ từ mặc định
#
# But allowing phpMyAdmin to anyone other localhost should be considered
# dangerous unless properly secured by SSL
Alias / phpMyAdmin / usr / share / phpMyAdmin
Alias / phpmyadmin / usr / share / phpMyAdmin
#
# order deny, allow
# deny from all
# allow from 127.0.0.1
# allow from :: 1
#
# Thư mục này không có quyền truy cập qua HTTP - được lấy từ gốc
# phpMyAdmin upstream tarball
#
Order Deny, Allow
Deny from All
Allow from None
# Cấu hình cấu hình mod_security tại phpMyAdmin directories từ
# filtering SQL etc. This may break your mod_security implementation.
#
#
#
# SecRuleInheritance Off
#
#
Create boot path for Apache and activate:
chkconfig --levels 235 httpd on
/etc/init.d/httpd start
Open the browser and type in http://server1.example.com/phpMyAdmin/ or http://192.168.0.100/phpMyAdmin/ , log in with the root account and the MySQL password declared above.
Create MySQL database for Postfix / Courier
Here, we will create the database with the name mail:
mysqladmin -u root -p create mail
Move to MySQL shell:
mysql -u root -p
And here, we will create mail_admin account with mail_admin_password password (replace with your optional password) with basic rights such as SELECT, INSERT, UPDATE, and DELETE on the mail database. This account will be used by Postfix and Courier to connect to the mail database:
GRANT SELECT, INSERT, UPDATE, DELETE ON mail. * TO 'mail_admin' @ 'localhost' IDENTIFIED BY 'mail_admin_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON mail. * TO 'mail_admin'@'localhost.localdomain' IDENTIFIED BY 'mail_admin_password';
FLUSH PRIVILEGES;
Create tables that Postfix and Courier need:
USE mail;
CREATE TABLE domains (
domain varchar (50) NOT NULL,
PRIMARY KEY (domain))
TYPE = MyISAM;
CREATE TABLE forwardings (
source varchar (80) NOT NULL,
destination TEXT NOT NULL,
PRIMARY KEY (source))
TYPE = MyISAM;
CREATE TABLE users (
email varchar (80) NOT NULL,
password varchar (20) NOT NULL,
bigint quota (20) DEFAULT '10485760',
PRIMARY KEY (email)
) TYPE = MyISAM;
CREATE TABLE transport (
domain varchar (128) NOT NULL default '',
transport varchar (128) NOT NULL default '',
UNIQUE KEY domain (domain)
) TYPE = MyISAM;
quit;
With the command quit; we will exit the MySQL shell and return to the Linux shell.
Domain data tables store each virtual domain that Postfix uses to receive email (eg example.com ).
The forwardings table is for emails pointing to another email, for example pointing from info@example.com to sales@example.com
The users table stores all virtual account information and password with the mail box quota value (in this example, the default value is 10485760 bytes equivalent to 10MB).
Transport table is an additional option, for advanced users, to allow mail forwarding for each single user, or the entire domain as well as all mail to another server.
Adjust Postfix
Next, we have to show Postfix to find all the information in the database, so we have to create 6 text files. Postfix will connect to MySQL with the IP address: 127.0.0.1 inside localhost:
vi /etc/postfix/mysql-virtual_domains.cf
user = mail_admin
password = mail_admin_password
dbname = mail
query = SELECT domain AS virtual FROM domains WHERE domain = '% s'
hosts = 127.0.0.1
vi /etc/postfix/mysql-virtual_forwardings.cf
user = mail_admin
password = mail_admin_password
dbname = mail
câu hỏi = SELECT đích đến từ cuối cùng WHERE nguồn = '% s'
hosts = 127.0.0.1
vi /etc/postfix/mysql-virtual_mailboxes.cf
user = mail_admin
password = mail_admin_password
dbname = mail
query = SELECT CONCAT (SUBSTRING_INDEX (email, '@', - 1), '/', SUBSTRING_INDEX (email, '@', 1), '/') FROM users WHERE email = '% s'
hosts = 127.0.0.1
vi /etc/postfix/mysql-virtual_email2email.cf
user = mail_admin
password = mail_admin_password
dbname = mail
query = SELECT email FROM users WHERE email = '% s'
hosts = 127.0.0.1
en /etc/postfix/mysql-virtual_transports.cf
user = mail_admin
password = mail_admin_password
dbname = mail
query = SELECT transport FROM transport WHERE domain = '% s'
hosts = 127.0.0.1
vi /etc/postfix/mysql-virtual_mailbox_limit_maps.cf
user = mail_admin
password = mail_admin_password
dbname = mail
query = SELECT quota FROM WHERE email = '% s'
hosts = 127.0.0.1
chmod o = /etc/postfix/mysql-virtual_*.cf
chgrp postfix /etc/postfix/mysql-virtual_*.cf
Create a user account and a group called vmail with the / home / vmail root directory. This will be the place to store all mail boxes.
groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d / home / vmail -m
Next, we need to modify some parameters of Postfix, make sure that you have replaced the value server1.example.com with the corresponding FQDN, otherwise Postfix will not work properly:
postconf -e 'myhostname = server1.example.com'
postconf -e 'mydestination = server1.example.com, localhost, localhost.localdomain'
postconf -e 'mynetworks = 127.0.0.0/8'
postconf -e 'virtual_alias_domains ='
postconf -e 'virtual_alias_maps = proxy: mysql: /etc/postfix/mysql-virtual_forwardings.cf, mysql: /etc/postfix/mysql-virtual_email2email.cf'
postconf -e 'virtual_mailbox_domains = proxy: mysql: /etc/postfix/mysql-virtual_domains.cf'
postconf -e 'virtual_mailbox_maps = proxy: mysql: /etc/postfix/mysql-virtual_mailboxes.cf'
postconf -e 'virtual_mailbox_base = / home / vmail'
postconf -e 'virtual_uid_maps = static: 5000'
postconf -e 'virtual_gid_maps = static: 5000'
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_sasl_authenticated_header = yes'
postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/smtpd.cert'
postconf -e 'smtpd_tls_key_file = /etc/postfix/smtpd.key'
postconf -e 'transport_maps = proxy: mysql: /etc/postfix/mysql-virtual_transports.cf'
postconf -e 'virtual_create_maildirsize = yes'
postconf -e 'virtual_maildir_extended = yes'
postconf -e 'virtual_mailbox_limit_maps = proxy: mysql: /etc/postfix/mysql-virtual_mailbox_limit_maps.cf'
postconf -e 'virtual_mailbox_limit_override = yes'
postconf -e 'virtual_maildir_limit_message = "The user you are trying to reach is over quota."'
postconf -e 'virtual_overquota_bounce = yes'
postconf -e 'proxy_read_maps = $ local_recipient_maps $ virtual_alias_maps $ virtual_alias_domains $ virtual_mailbox_maps $ virtual_mailbox_domains $ relay_recipient_maps $ relay_domains $ canonical_maps $ sender_canonical_maps $ recipient_canonical_maps $ relocated_maps $ transport_maps $ mynetworks $ virtual_mailbox $ transportation_maps $ mynetworks $ virtual_mailbox_limit_maps'
postconf -e 'inet_interfaces = all'
Then create the necessary SSL authentication mechanism for TLS:
cd / etc / postfix
openssl req -new -outform PEM -out smtpd.cert -newkey rsa: 2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Tên tên (eg, của tên của bạn, máy chủ hostname) []:
Email Address []:
Then change the limits of smtpd.key:
chmod o = /etc/postfix/smtpd.key
Adjustment Saslauthd
Change /usr/lib64/sasl2/smtpd.conf ( /usr/lib/sasl2/smtpd.conf if you use the i386 system), it will look like this:
vi /usr/lib64/sasl2/smtpd.conf
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path: / var / spool / authdaemon / socket
Turn off the Sendmail function and start Postfix, saslauthd, and courier-authlib:
chmod 755 / var / spool / authdaemon
chkconfig --levels 235 courier-authlib on
/etc/init.d/courier-authlib start
chkconfig --levels 235 sendmail off
chkconfig --levels 235 postfix on
chkconfig --levels 235 saslauthd on
/etc/init.d/sendmail stop
/etc/init.d/postfix start
/etc/init.d/saslauthd start
Adjust Courier
Next, we need to specify Courier to authenticate identity information from the MySQL database. First, edit the file / etc / authlib / authdaemonrc and replace the authmodulelist value:
en / etc / authlib / authdaemonrc
[.]
authmodulelist = "authmysql"
# authmodulelist = "authuserdb authpam authpgsql authldap authmysql authcustom authpipe"
[.]
Continue to edit the file / etc / authlib / authmysqlrc :
cp / etc / authlib / authmysqlrc / etc / authlib / authmysqlrc_orig
cat / dev / null> / etc / authlib / authmysqlrc
en / etc / authlib / authmysqlrc
MYSQL_SERVER localhost
MYSQL_USERNAME mail_admin
MYSQL_PASSWORD mail_admin_password
MYSQL_PORT 0
MYSQL_DATABASE mail
MYSQL_USER_TABLE users
MYSQL_CRYPT_PWFIELD password
#MYSQL_CLEAR_PWFIELD password
MYSQL_UID_FIELD 5000
MYSQL_GID_FIELD 5000
MYSQL_LOGIN_FIELD email
MYSQL_HOME_FIELD "/ home / vmail"
MYSQL_MAILDIR_FIELD CONCAT (SUBSTRING_INDEX (email, '@', - 1), '/', SUBSTRING_INDEX (email, '@', 1), '/')
#MYSQL_NAME_FIELD
MYSQL_QUOTA_FIELD quota
Then restart Courier:
chkconfig --levels 235 courier-imap on
/etc/init.d/courier-authlib restart
/etc/init.d/courier-imap restart
When courier-imap starts for the first time, the application will automatically create the authentication file /usr/lib/courier-imap/share/imapd.pem and usr / lib / courier-imap / share / pop3d.pem from the file / usr / lib / courier-imap / etc / imapd.cnf and /usr/lib/courier-imap/etc/pop3d.cnf . Because the .cnf file contains the parameter line CN = localhost, but our server is named server1.example.com, and the authentication process will have problems when using the TLS connection. To resolve this, delete both files above:
cd / usr / lib / courier-imap / share
rm -f imapd.pem
rm -f pop3d.pem
and replace the line CN = localhost in /usr/lib/courier-imap/etc/imapd.cnf and /usr/lib/courier-imap/etc/pop3d.cnf with CN = server1.example.com :
vi /usr/lib/courier-imap/etc/imapd.cnf
[.]
CN = server1.example.com
[.]
en /usr/lib/courier-imap/etc/pop3d.cnf
[.]
CN = server1.example.com
[.]
Then re-create both authentication files:
./mkimapdcert
./mkpop3dcert
restart restart courier-authlib and courier-imap:
/etc/init.d/courier-authlib restart
/etc/init.d/courier-imap restart
Run the command:
telnet localhost pop3
to check if the POP3 server is working properly. The returned result will look like + OK Hello there (type quit to return to the Linux shell)
[root @ server1 share] # telnet localhost pop3
Trying :: 1 .
Connected to localhost.
Escape character is '^]'.
+ OK Hello there.
thoát
+ OK Better luck next time.
Connection closed by foreign host.
[root @ server1 share] #
Edit / etc / aliases
Now, we will open the file / etc / aliases. Make sure the postmaster variable points to the root account like this:
vi / etc / aliases
[.]
postmaster: root
root: postmaster@yourdomain.tld
[.]
or like this (if it is an administrator account):
[.]
postmaster: root
root: administrator
[.]
Whenever editing / etc / aliases, run the following command:
newaliases
and then restart Postfix:
/etc/init.d/postfix restart
Install Amavisd-new, SpamAssassin and ClamAV
To install these applications, use the following command:
yum install amavisd-new spamassassin clamav clamav-data clamav-server clamav-update unzip bzip2
Next, edit the /etc/amavisd/amavisd.conf file:
/etc/amavisd/amavisd.conf
In this file, we will modify the 5 parameters:
First, change:
$ mydomain = 'example.com'; # một mặc định mặc định cho các phần khác
into:
$ mydomain = 'localhost';
# $ mydomain = 'example.com'; # một mặc định mặc định cho các phần khác
Second, change:
$ sa_tag_level_deflt = 2.0; # add spam headers if at, or above mà cấp
$ sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level
$ sa_kill_level_deflt = 6.9; # triggers spam evasive actions (eg khối thư)
$ sa_dsn_cutoff_level = 10; # spam level ở sau một số DSN không được gửi
into:
$ sa_tag_level_deflt = 2.0; # add spam headers if at, or above mà cấp
$ sa_tag2_level_deflt = 4.0; # add 'spam detected' headers at that level
$ sa_kill_level_deflt = $ sa_tag2_level_deflt; # triggers spam evasive actions (eg khối thư)
$ sa_dsn_cutoff_level = 10; # spam level ở sau một số DSN không được gửi
# $ sa_tag_level_deflt = 2.0; # add spam headers if at, or above mà cấp
# $ sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level
# $ sa_kill_level_deflt = 6.9; # triggers spam evasive actions (eg khối thư)
# $ sa_dsn_cutoff_level = 10; # spam level ở sau một số DSN không được gửi
Note: adjusting the spam score parameter at will
Tuesday, change:
# @lookup_sql_dsn =
# (['DBI: mysql: database = mail; host = 127.0.0.1; port = 3306', 'user1', 'passwd1'],
# ['DBI: mysql: database = mail; host = host2', 'username2', 'password2'],
# ["DBI: SQLite: dbname = $ MYHOME / sql / mail_prefs.sqlite", '', '']);
# @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database
into:
# @lookup_sql_dsn =
# (['DBI: mysql: database = mail; host = 127.0.0.1; port = 3306', 'user1', 'passwd1'],
# ['DBI: mysql: database = mail; host = host2', 'username2', 'password2'],
# ["DBI: SQLite: dbname = $ MYHOME / sql / mail_prefs.sqlite", '', '']);
# @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database
@lookup_sql_dsn =
(['DBI: mysql: database = mail; host = 127.0.0.1; port = 3306', 'mail_admin', 'mail_admin_password']);
$ sql_select_policy = 'SELECT "Y" as local FROM domains WHERE CONCAT ("@", domain) IN (% k)';
$ sql_select_white_black_list = undef; # white undef disables SQL white / blacklisting
$ recipient_delimiter = '+'; # (default is '+')
$ replace_existing_extension = 1; # (default is false)
$ localpart_is_case_sensitive = 0; # (default is false)
Next, change:
# $ recipient_delimiter = '+'; # undef disables address extensions altogether
# khi được phép thêm các tập tin thêm thêm, cũng thêm Postfix / main.cf: recipient_delimiter = +
into:
$ recipient_delimiter = undef; # undef disables address extensions altogether
# $ recipient_delimiter = '+'; # undef disables address extensions altogether
# khi được phép thêm các tập tin thêm thêm, cũng thêm Postfix / main.cf: recipient_delimiter = +
Finally, change:
$ final_virus_destiny = D_DISCARD;
$ final_banned_destiny = D_BOUNCE;
$ final_spam_destiny = D_DISCARD;
$ final_bad_header_destiny = D_BOUNCE;
into:
$ final_virus_destiny = D_REJECT;
$ final_banned_destiny = D_REJECT;
$ final_spam_destiny = D_PASS;
$ final_bad_header_destiny = D_PASS;
# $ final_virus_destiny = D_DISCARD;
# $ final_banned_destiny = D_BOUNCE;
# $ final_spam_destiny = D_DISCARD;
# $ final_bad_header_destiny = D_BOUNCE;
After applying the change, the /etc/amavisd/amavisd.conf file will look like this:
[ view command ]
In it, amavisd-new is an application that integrates Postfix and SpamAssassin / ClamAV together. When installing ClamAV, a work order was set up to update the identity database for ClamAV every 3 hours. But the feature only works when we activate inside / etc / sysconfig / freshclam and /etc/freshclam.conf:
en / etc / sysconfig / freshclam
and annotate outside the FRESHCLAM_DELAY line at the end as follows:
## When changing the periodicity of freshclam runs in crontab,
## this value must be adapt also. Its value là thời gian giữa
## hai freshclam theo sau trong trong các các các các chương trình này Eg for the default
##
## | 0 * / 3 * * * .
##
## crontab line, the value is 180 (minutes).
# FRESHCLAM_MOD =
## A value predefined for delay in seconds. By default, giá trị là
## Calcul được bởi chương trình 'hostid'. Không tìm thấy giá trị này
## times timespans of 3 hours between two subsequent freshclam runs.
##
## This option accepts hai các giá trị:
## 'disabled-warn' . disables the automatic freshclam update and
## gives out a warning
## 'disabled' . disables the automatic freshclam silently
# FRESHCLAM_DELAY =
### !!!!! REMOVE ME !!!!!!
### REMOVE ME: By default, the freshclam update is disabled to avoid
### REMOVE ME: network access without prior activation
# FRESHCLAM_DELAY = disabled-warn # REMOVE ME
en /etc/freshclam.conf
caption outside the Example line:
[.]
# Comment hay gỡ bỏ dòng dưới.
#Example
[.]
Next step, create boot paths for ClamAV and amavisd-new, update ClamAV and launch both services:
chkconfig --levels 235 amavisd on
chkconfig --levels 235 clamd.amavisd on
/ usr / bin / freshclam
/etc/init.d/amavisd start
/etc/init.d/clamd.amavisd start
Next, configure Postfix to be able to send mail through amavisd-new:
postconf -e 'content_filter = amavis: [127.0.0.1]: 10024'
postconf -e 'receive_override_options = no_address_mappings'
Then add the following command line to /etc/postfix/master.cf:
en /etc/postfix/master.cf
[.]
amavis unix - - - - 2 smtp
-o smtp_data_done_timeout = 1200
-o smtp_send_xforward_command = yes
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter =
-o local_recipient_maps =
-o relay_recipient_maps =
-o smtpd_restriction_classes =
-o smtpd_client_restrictions =
-o smtpd_helo_restrictions =
-o smtpd_sender_restrictions =
-o smtpd_recipient_restrictions = permit_mynetworks, reject
-o mynetworks = 127.0.0.0 / 8
-o strict_rfc821_envelopes = yes
-o receive_override_options = no_unknown_recipient_checks, no_header_body_checks
-o smtpd_bind_address = 127.0.0.1
Restart Postfix to apply the changes:
/etc/init.d/postfix restart
Install Razor, Pyzor and DCC and configure SpamAssassin
Razor, Pyzor and DCC are email filters with interactive features. To install Razor and Pyzor, type the following command:
yum install perl-Razor-Agent pyzor
Initialize both services:
chmod -R a + rX /usr/share/doc/pyzor-0.5.0 / usr / bin / pyzor / usr / bin / pyzord
chmod -R a + rX /usr/lib/python2.6/site-packages/pyzor
su -m amavis -c 'pyzor --homedir / var / spool / amavisd discover'
su -m amavis -c 'razor-admin -home=/var/spool/amavisd -create'
su -m amavis -c 'razor-admin -home=/var/spool/amavisd -register'
Và cài đặt DCC theo cách sau:
cd /tmp
wget http://www.dcc-servers.net/dcc/source/dcc-dccproc.tar.Z
tar xzvf dcc-dccproc.tar.Z <
You should read it
- Virtualize users and domains with Postfix, Courier, MySQL and SquirrelMail
- How to install and configure MySQL server on Pi
- Install Cherokee with PHP5 and MySQL supported in Fedora 14
- How to upgrade to Fedora 32
- How to install MySQL on Ubuntu 20.04
- Install and configure Mailman (with Postfix) on Debian Squeeze
- How to install and configure WampServer
- Instructions for installing MySQL on Windows and remote access
- Backup and restore MySQL with mysql-zrm on Debian Sarge
- How to Arrange a Courier Pick Up
- Guide to creating Virtual Hosting with PureFTPd and MySQL
- How to install MySQL Workbench Community Edition on Windows 10
Maybe you are interested
System
Mac OS X
Hardware
Game
Tech info
Technology
Science
Life
Application
-
Web Email -
Website - Blog -
Web browser -
Support Download - Upload -
Software conversion -
Simulator software -
Online payment -
Office information -
Music Software -
Map and Positioning -
Installation - Uninstall -
Graphic design -
Free - Discount -
Email reader -
Edit video -
Edit photo -
Compress and Decompress -
Chat, Text, Call -
Archive - Share