Email configuration

Goal: configure postfix, courier, spamassassin, clamav, amavisd to work with the user administration mysql database.

Postfix

For more in depth information see this page.

  1. Create user and directory
    useradd vmail
    mkdir /home/vmail
    chown vmail:vmail /home/vmail
    chmod og-r /home/vmail
  2. Create a postfix user in the database than can access the views:
    GRANT SELECT ON useradministration.view_email_accounts TO postfix@localhost IDENTIFIED BY 'mysecretpasswd';
    GRANT SELECT ON useradministration.view_email_aliases TO postfix@localhost;
    GRANT SELECT ON useradministration.domains TO postfix@localhost;
  3. Postfix main configuration, /etc/postfix/main.cf
    virtual_mailbox_base = /home/vmail
    # uid and guid of vmail user
    virtual_uid_maps = static:2000
    virtual_gid_maps = static:2000
    virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_mailbox_domains
    virtual_mailbox_maps = mysql:/etc/postfix/mysql_vmailbox
    virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_aliases
    # Maildir style delivery
    home_mailbox = Maildir/
  4. Postfix mysql database maps:
    • /etc/postfix/mysql_virtual_aliases
      hosts = 127.0.0.1
      user = postfix
      password = mysecretpassword
      dbname = useradministration
      query = SELECT destination FROM view_email_aliases WHERE email='%s'
    • /etc/postfix/mysql_virtual_mailbox_domains
      hosts = 127.0.0.1
      user = postfix
      password = mysecretpassword
      dbname = useradministration
      query = SELECT 1 FROM domains WHERE name='%s'
    • /etc/postfix/mysql_vmailbox
      hosts = 127.0.0.1
      user = postfix
      password = mysecretpassword
      dbname = useradministration
      query = SELECT maildir FROM view_email_accounts where email = '%s' and status=1

Courier

See also http://www.vliruos-ict.ugent.be/doku.php?id=training2007:day4

  1. In /etc/courier/authdaemonrc:
    authmodulelist="authmysql
  2. Config the file /etc/courier/authmysqlrc
  3. Installing courier-imap-ssl should get you going straight away

Courier maildrop

  1. Install courier-maildrop package and
    chmod a+x /var/run/courier/authdaemon/
  2. /etc/postfix/main.cf
    virtual_transport = maildrop
    maildrop_destination_recipient_limit=1
  3. Look in /etc/postfix/master.cf for the maildrop line and make it like like this:
    maildrop  unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail argv=/usr/bin/maildrop -w 90 -d ${recipient}
  4. Configure /etc/courier/maildroprc
    # Global maildrop filter file
    
    logfile "/var/log/maildrop.log"
    
    MAILDIRMAKE="/usr/bin/maildirmake"
    MKDIR="/bin/mkdir -p"
    MAILBOX="${HOME}Maildir"
    
    #log "TESTING $HOME"
    `test -d "$MAILBOX"`
    #log "$RETURNCODE"
    if( $RETURNCODE != 0 )
    {
      log "====  BEGIN maildrop creating $MAILBOX $LOGNAME"
    
      `$MAILDIRMAKE "$MAILBOX"`
       # Lets create some folders
       `$MAILDIRMAKE -f Sent "$MAILBOX"`
       `$MAILDIRMAKE -f Trash "$MAILBOX"`
    
       # Suscribe to the new folders
       `echo INBOX.Sent >> $MAILBOX/courierimapsubscribed`
       `echo INBOX.Trash >> $MAILBOX/courierimapsubscribed`
    }
    
    # LOG BEGING OF FILTERING
    #log "====  BEGIN maildrop processing for $LOGNAME"
  5. touch /var/log/maildrop.log; chown vmail:vmail /var/log/maildrop.log

    Keep an eye on the size of this logfile!!

Anti virus and anti spam

Amavisd, Spamassassin, ClamAV

Check your /etc/apt/sources.list file for:

deb http://ftp.debian.org/debian/ etch main contrib non-free
deb http://volatile.debian.org/debian-volatile etch/volatile main contrib non-free 

Install the required packages:

aptitude install amavisd-new
aptitude install spamassassin clamav-daemon cpio arj zoo nomarch lzop cabextract pax

Go read the howto step 10 . Contrary to what the howto says, you need to edit /etc/amavis/conf.d/50-user, e.g.:

$final_spam_destiny = D_PASS;
@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

@lookup_sql_dsn = (
    ['DBI:mysql:database=useradministration;host=127.0.0.1;port=3306',
    'postfix',
    'mysecretpassword']);
    $sql_select_policy = 'SELECT name FROM domains WHERE CONCAT("@",name) IN (%k)';

Don't forget to fill in the correct password.

Settings of your Postfix main.cf file:

Settings of your Postfix /etc/postfix/main.cf file, using postconf

postconf -e content_filter=smtp-amavis:[127.0.0.1]:10024
postconf -e receive_override_options=no_address_mappings

/etc/postfix/master.cf

smtp-amavis unix -      -       n     -       2  smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20

127.0.0.1:10025 inet n  -       -     -       -  smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o mynetworks=127.0.0.0/8
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
    -o local_header_rewrite_clients=
addgroup clamav amavis

Greylisting

aptitude install postgrey

Have a look at the files in /etc/postgrey.

Configure postfix and restart it:

smtpd_client_restrictions =
    permit_mynetworks
    reject_unauth_pipelining
    reject_rbl_client bl.spamcop.net
    reject_rbl_client dynablock.njabl.org
    reject_rbl_client zen.spamhaus.org
    reject_rbl_client list.dsbl.org
    check_policy_service inet:127.0.0.1:60000

Freshclam

  1. Configure apt-get to use the http proxy, see http://www.getautomatix.com/wiki/index.php?title=Proxy_configuration (If needed)
  2. Make sure package clamav-freshclam is installed and it is the latest version
    apt-get update; apt-get upgrade
  3. Then configure freshclam to use a http proxy
    Add this to /etc/clamav/freshclam.conf:
    HTTPProxyServer 10.140.X.Y (correct ip address of the proxy)
    HTTPProxyPort 8080
  4. If freshclam is not running, start it /etc/init.d/clamav-freshclam start (or restart)
  5. Have a look in /var/log/clamav/freshclam.log if the it could receive the update!

Monitoring

apt-get install mailgraph queuegraph couriergraph

Webmail

vlir/projects/email.txt · Last modified: 2009/01/14 13:50 by rudy
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Run by Debian Driven by DokuWiki