Fedora Linux Support Community & Resources Center
  #1  
Old 21st October 2009, 02:18 PM
Yerevanski Offline
Registered User
 
Join Date: Oct 2009
Posts: 15
windows_xp_2003safari
Unhappy Postfix+dovecot+spamassassin

Can anyone take me tutorial for install this ?
thanks
__________________
Best Regards!
Reply With Quote
  #2  
Old 21st October 2009, 04:31 PM
EnglandA Offline
Registered User
 
Join Date: May 2005
Location: UK
Posts: 250
linuxfedorafirefox
Take a look here: http://www.howtoforge.com/howtos/email/postfix you should be able to find what you're after.
__________________
Registered Linux User #221895
Reply With Quote
  #3  
Old 21st October 2009, 06:29 PM
Firewing1 Offline
Registered User
 
Join Date: Dec 2004
Location: Canada
Age: 23
Posts: 9,224
macossafari
I'm not sure if this is exactly what you're looking for, but below are the configurations for setting up dovecot and postfix using virtual users in a MySQL database with virus/spam scanning enabled. I commented every few lines to describe what the parameters do.

With this setup each virtual user gets mapped to a system user and group, so it's up to you how to divide these but you could do this per domain for example. I've bolded any configuration values that you'll need to change manually.

Software required:
Code:
yum install dovecot postfix mysql-server amavisd-new clamav-server spamassassin
Enable the services:
Code:
for i in dovecot postfix mysql amavisd clamd.amavisd;do
  chkconfig $service on
done
Allow dovecot to deliver mail to user's mailboxes with varying UID/GIDs:
Code:
chown root.mail /usr/libexec/dovecot/deliver
chmod 4750 /usr/libexec/dovecot/deliver
To setup a basic configuration for amavisd, edit /etc/amavisd/amavisd.conf and change the settings to your liking. At a minimum you'll want to edit the $mydomain, $myhostname, $*_admin and $*level_deflt variables. You can find more information about the spam levels in the spamassassin documentation.

This is the configuration for Postfix, /etc/postfix/main.cf:
Code:
# basic server settings
myhostname = mail.your-domain.tld
mydomain = localdomain
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 127.0.0.0/8
inet_interfaces = all
smtpd_banner = $myhostname ESMTP $mail_name: You can put your own message here.
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
parent_domain_matches_subdomains = no
# Remember to run "newaliases" when you change this file
alias_maps = hash:/etc/aliases

# Configuration for Postfix/SQL interation
# This allows Postfix to know which domains it should be handling
virtual_mailbox_domains = mysql:/etc/postfix/mysql-vdomains.cf
# This tells Postfix which virtual users are present
virtual_mailbox_maps = mysql:/etc/postfix/mysql-vusers.cf
# Additional alias maps (SQL) for Postfix
virtual_alias_maps = mysql:/etc/postfix/mysql-valiases.cf

# Enables dovecot local delivery agent (lda). When mail is sent to this server,
# it is passed onto Dovecot for delivery into the user's mbox
dovecot_destination_recipient_limit = 1
virtual_transport = dovecot

# SASL authentication via dovecot.
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

# Reject unknown local users with error code to prevent backscatter spam
# Mail to unknown virtual users is also automatically deflected with a 550
unknown_local_recipient_reject_code = 550

# Disallow non fully qualified domain names & relay if user isn't authenticated
# Stops spammers from using the mail server
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain

# Do not discard messages at HELO until RCPT TO command is given
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject, reject_non_fqdn_helo_hostname, reject_invalid_hostname

# TLS config
smtpd_tls_security_level = may
# You need to create these keys manually - look online for more info
smtpd_tls_key_file = /etc/pki/tls/private/server-ssl.key
smtpd_tls_cert_file = /etc/pki/tls/certs/server-ssl.cert
# Send session info to log
smtpd_tls_loglevel = 1
# Don't renegotiate new TLS sessions with the same client for an hour
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
tls_random_source = dev:/dev/urandom
# Enable me to force TLS connections
#smtpd_tls_auth_only = yes

# Spam filtering - relays to amavisd
content_filter = smtp:[127.0.0.1]:10024
# Limit how fast we can accept mail so that is is processed correctly
default_process_limit = 20

# Some standard defaults
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
html_directory = no
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/share/man
daemon_directory = /usr/libexec/postfix
queue_directory = /var/spool/postfix
mail_owner = postfix

# Max message size of ~20MB
message_size_limit = 20480000
Here is the dovecot configuration, /etc/dovecot.conf:
Code:
# Support IMAP and POP (plain & secure)
protocols = imap imaps pop3 pop3s

# Set to "yes" to force secure authentication
# This setup uses SSL so plaintext authentication isn't a huge deal.
disable_plaintext_auth = no

# Enable me to debug authentication failures
#auth_debug_passwords=yes

# for $USER@$DOMAIN, maildir storage in $HOME/mail/$DOMAIN/$USER
# $HOME is set in the virtual user SQL DB
mail_location = maildir:%h/mail/%d/%n
umask = 0077 # 700 permissions

# For compatability with some older mail clients
pop3_uidl_format = %08Xu%08Xv
imap_client_workarounds = delay-newmail outlook-idle netscape-eoh
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh

# Increases performance
maildir_copy_with_hardlinks = yes

# Lowercase all usernames
auth_username_format = %Lu

# TLS settings
# These are the same keys used in the Postfix config
ssl_disable = no
ssl_cert_file = /etc/pki/tls/certs/server-ssl.cert
ssl_key_file = /etc/pki/tls/private/server-ssl.key

# Disable insecure ciphers
ssl_cipher_list = ALL:!LOW:!SSLv2
#verbose_ssl = yes

auth default {
  mechanisms = plain login

  # Lookup virtual users in the SQL DB
  passdb sql {
    args = /etc/dovecot-mysql.conf
  }
  userdb prefetch {
  }
  userdb sql {
    args = /etc/dovecot-mysql.conf
  }

  # The sockets allow Postfix to perform SASL authentication via Dovecot
  socket listen {
    client {
      path = /var/run/dovecot/auth-client
      mode = 0660
      user = dovecot
      group  = mail # Postfix is running as this user
    }
    
    master {
      path = /var/run/dovecot/auth-master
      mode = 0660
      user = dovecot
      group = mail # User running deliver = Postfix = mail UID/GID
    }
  }
}

# Enable lda (local delivery agent)
# Allows postfix to pass mail to dovecot for delivery into the proper user's mailbox
protocol lda {
  postmaster_address = postmaster@your-domain.tld
  auth_socket_path = /var/run/dovecot/auth-master
}
Now, let's set up the SQL databases that dovecot and postfix will use:
Code:
mysql -u root -p
Create the tables:
Code:
CREATE DATABASE your-db-name
USE your-db-name
CREATE TABLE `forwarders` (
  `source` varchar(128) NOT NULL,
  `destination` varchar(128) NOT NULL,
  PRIMARY KEY  (`source`)
);
CREATE TABLE `vusers` (
  `userid` varchar(128) NOT NULL,
  `domain` varchar(128) NOT NULL,
  `password` varchar(64) NOT NULL,
  `home` varchar(255) NOT NULL,
  `uid` int(11) NOT NULL,
  `gid` int(11) NOT NULL,
  PRIMARY KEY  (`userid`,`domain`)
);
GRANT ALL ON your-db-name.* TO USER 'your-db-user'@'localhost' IDENTIFIED BY 'your-password';
exit
In order to access the SQL databases, Postfix and Dovecot need to be configured with additional config files - remember to use the same database, username and password as earlier!

/etc/dovecot-mysql.conf:
Code:
driver = mysql
connect = host=/var/lib/mysql/mysql.sock dbname=your-db-name user=your-db-user password=your-password
#%u = user@domain.tld, %n = use, %d = domain.tld
# password w/ prefetch lookups
password_query = SELECT concat(userid, '@', domain) AS user, password, home AS userdb_home, uid AS userdb_uid, gid AS userdb_gid   FROM vusers WHERE userid = '%Ln' AND domain = '%Ld'

# For deliver lookups:
user_query = SELECT home, uid, gid  FROM vusers  WHERE userid = '%Ln' AND domain = '%Ld'
/etc/postix/mysql-valiases.cf:
Code:
# Connection info for alias lookups
user = your-db-user
password = your-password
hosts = 127.0.0.1

# The database name on the servers.
dbname = your-db-name

# SQL query template - see mysql_table(5) for details.
query = SELECT destination FROM forwarders WHERE source='%s'
/etc/postfix/mysql-vusers.cf
Code:
# Connection info for virtual user lookups
user = your-db-user
password = your-password
hosts = 127.0.0.1

# The database name on the servers.
dbname = your-db-name

# SQL query template - see mysql_table(5) for details.
query = SELECT 1 FROM vusers WHERE concat(userid, '@', domain)='%s'
/etc/postfix/mysql-vdomains.cf:
Code:
# Connection info for "virtual domains"
user = your-db-user
password = your-password
hosts = 127.0.0.1

# The database name on the servers.
dbname = your-db-name

# SQL query template - see mysql_table(5) for details.
query = SELECT DISTINCT(domain) FROM vusers WHERE domain='%s'
The last piece to put it all together is to setup the transports so that Postfix can relay to Dovecot LDA or Amavisd for scanning. Add, do not replace, the following to /etc/postfix/master.cf:
Code:
# Dovecot LDA, ignores extensions (user+extension@domain.com --> user@domain.com)
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=mail:mail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}
# Spam filtering
127.0.0.1:10025 inet n - - - 0 smtpd -o content_filter= -o smtpd_sasl_auth_enable=no
__________________
[+] My open source software and blog
[+] Some of my howtos: (for full list, click here)
Reply With Quote
  #4  
Old 22nd October 2009, 11:18 AM
Yerevanski Offline
Registered User
 
Join Date: Oct 2009
Posts: 15
windows_xp_2003safari
Red face

ok, thanks, And can you say me the tool for easy administration?
__________________
Best Regards!
Reply With Quote
  #5  
Old 22nd October 2009, 04:11 PM
Firewing1 Offline
Registered User
 
Join Date: Dec 2004
Location: Canada
Age: 23
Posts: 9,224
macossafari
I'm not sure what you mean by easy administration... What do you want to administrate (what kind of tasks do you want to do)?
__________________
[+] My open source software and blog
[+] Some of my howtos: (for full list, click here)
Reply With Quote
  #6  
Old 24th October 2009, 03:40 PM
Yerevanski Offline
Registered User
 
Join Date: Oct 2009
Posts: 15
windows_xp_2003firefox
I want to add users, delete users, and manage spam!
Thank you!
__________________
Best Regards!
Reply With Quote
  #7  
Old 24th October 2009, 09:20 PM
Firewing1 Offline
Registered User
 
Join Date: Dec 2004
Location: Canada
Age: 23
Posts: 9,224
macossafari
This setup denies hosts trying to connect with non fully qualified domain names, so that catches a bunch of the spam senders right away. Amavisd is also running spam detection via Spamassassin, so any mail sent or received on your server is automatically filtered as well.

Adding system users you can do via the system-config-users tool, but it's just as easy over the command line:
Code:
useradd system-username
passwd system-username
Note that adding a system user does not give you a user@domain.tld address though! To add email addresses on your server, first choose a system user and get their UID/GIDs:
Code:
id system-username
Say for example you see that the UID and GID is 502. Now, the first thing we need to do is generate the md5 password hash for the new email account:
Code:
dovecotpw -p "email-account-password" -s MD5
Copy that output so you can paste it later, we will need to use it a few steps down.
Now, let's login to MySQL:
Code:
mysql -u root -p
After entering your MySQL password, insert the new virtual user into the database:
Code:
USE your-db-name
INSERT INTO vusers VALUES('user','domain.tld','the-passwd-from-above','/home/system-username', 'UID','GID')
exit
This adds user@domain.tld, with the password you supplied to the "dovecotpw" command, to the list of virtual users. Their mail will be stored in /home/system-username/mail and owned by the UID/GID you chose.

For example, if I wanted to add the email address me@mydomain.com I would do:
Code:
# Create the system user to handle all @mydomain.com email accounts
useradd mydomain
passwd mydomain

# Get the UID/GID for system user mydomain
id mydomain
# It says that the numerical UID and GID is "501"

# Format the password for Dovecot:
dovecotpw -p "4_sTr,.0nG_PA(ss)W0rd" -s MD5
# It says the formatted password is {MD5}$1$AySVRhOD$8.qnm4maC9AtQhE2B72ID/

# Now, put all the information together and add the user in the MySQL DB:
mysql -u root -p
# After entering your password, you now have a MySQL prompt...
USE your-db-name
INSERT INTO vusers VALUES('me','mydomain.com','{MD5}$1$AySVRhOD$8.qnm4maC9AtQhE2B72ID/','/home/mydomain', '501','501')
exit
__________________
[+] My open source software and blog
[+] Some of my howtos: (for full list, click here)
Reply With Quote
  #8  
Old 26th October 2009, 11:49 AM
Yerevanski Offline
Registered User
 
Join Date: Oct 2009
Posts: 15
windows_xp_2003safari
Ok!!!! Thank you very much!!!!!
__________________
Best Regards!
Reply With Quote
Reply

Tags
dovecot, postfix, spamassassin

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Email Server using Postfix, Dovecot, Squirrelmail, Spamassassin, ClamAV and Amavisd nephila Guides & Solutions (No Questions) 120 26th January 2009 02:37 AM
postfix and spamassassin alone? nethole Servers & Networking 1 11th January 2006 03:46 PM
How to Postfix and Spamassassin? linux_spartacus Servers & Networking 1 19th October 2005 04:08 PM
Spamassassin setup with Postfix, Dovecot, Amavis snurckle Using Fedora 1 21st March 2005 05:07 PM
Spamassassin + Postfix + Dovecot dmode Servers & Networking 4 24th February 2005 07:54 AM


Current GMT-time: 06:51 (Monday, 24-11-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
Nakano - Pamiers Travel Photos - Ath Thawrah Photos on Instagram