Etat des configurations du service Mail 1 - CardinPatson/SysAdmin GitHub Wiki
Etat de fonctionnement
Configuration de la base de données mysql pour les utilisateurs mails
1. Création de la base de données et des tables
- Dans votre conteneur docker, installez le serveur mariadb et demarrer le service mysql
apt install mariadb-server -y && service mysql start
- Connectez vous au client mysql
mysql -u root
- Sur votre terminal copiez les lignes suivantes afin de créer la base de données
mailboxet les tables associées
CREATE TABLE mailbox;
CREATE USER 'woody'@'localhost' IDENTIFIED BY 'hypersecurise';
GRANT ALL PRIVILEGES ON mailbox.* to 'woody'@'localhost' WITH GRANT OPTION ;
--reload database
FLUSH PRIVILEGES;
use mailbox;
CREATE TABLE domains(
domain VARCHAR(50) NOT NULL,
PRIMARY KEY (domain),
);
CREATE TABLE forwardings(
source varchar(80) NOT NULL,
destination TEXT NOT NULL,
PRIMARY KEY (source) )
);
CREATE TABLE users (
id INT NOT NULL AUTO_INCREMENT,
username VARCHAR(150) NOT NULL,
password VARCHAR(106) NOT NULL,
domain VARCHAR(50) NOT NULL,
foldermail VARCHAR(150) NOT NULL,
PRIMARY KEY (id),
UNIQUE KEY username (username)
FOREIGN KEY (domain) REFERENCES domains(domain) ON DELETE CASCADE
);
- Inserer votre domaine et des utilisateurs tests dans la base de données
INSERT INTO domains(domain)
VALUES ('m1-3.ephec-ti.be');
INSERT INTO users
(id, username , password , domain, foldermail)
VALUES (1,'[email protected]', MD5() ,'m1-3.ephec-ti.be', 'm1-3.ephec-ti.be/cardin/');
INSERT INTO users
(id, username , password , domain, foldermail)
VALUES (2, '[email protected]',ENCRYPT('password2', MD5(),'m1-3.ephec-ti.be', 'm1-3.ephec-ti.be/marina/');
Configuration du service postfix
Commencez par installer postfix dans votre conteneur
apt install postfix postfix-mysql -y
1. Dans le fichier de configuration principale de postfix /etc/postfix/main.cf
Rajoutez les lignes suivantes afin de compléter la configuration principale
smtpd_banner = $myhostname ESMTP $mail_name (HappyGhost)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2
###Enabling SMTP for authenticated users,and handing off authentication to Dovecot
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
virtual_transport = lmtp:unix:private/dovecot-lmtp
# Restrictions
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
defer_unauth_destination
myhostname = mail.m1-3.ephec-ti.be
mydomain = m1-3.ephec-ti.be
myorigin = $mydomain
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, localhost.localdomain, localhost.m1-3.ephec-ti.be, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
# Handing off local delivery to Dovecot's LMTP, and telling it where to store mail
virtual_transport = lmtp:unix:private/dovecot-lmtp
# Virtual domains, users, and aliases
# These files contain the connection information for the MySQL lookup tables created in the MySQL in the Part 2
virtual_mailbox_domains = mysql:/etc/postfix/virtual-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/virtual-users.cf
virtual_alias_maps = mysql:/etc/postfix/virtual-aliases.cf,
mysql:/etc/postfix/virtual-email2email.cf
# Even more Restrictions and MTA params
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
smtpd_delay_reject = yes
smtpd_timeout = 30s
smtp_helo_timeout = 15s
smtp_rcpt_timeout = 15s
smtpd_recipient_limit = 40
minimal_backoff_time = 180s
maximal_backoff_time = 3h
# Reply Rejection Codes
invalid_hostname_reject_code = 550
non_fqdn_reject_code = 550
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550
#SSL/TLS
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
#offrir tls sans obligation
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_cert_file=/etc/ssl/certs/woodymail.pem
smtpd_tls_key_file=/etc/ssl/private/woodymail.pem
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_CApath = /etc/ssl/certs
#DKIM
milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:127.0.0.1:12345
non_smtpd_milters = $smtpd_milters
#LOG
maillog_file=/var/log/mail.log
2. Dans le second fichier de configuration principale de postfix /etc/postfix/master.cf
Rajoutez les lignes suivantes afin de compléter la configuration.
smtp inet n - y - - smtpd
-o content_filter=spamassassin
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=may
-o smtpd_sasl_auth_enable=yes
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
-o syslog_name=postfix/$service_name
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
##SPAMASSASSIN
spamassassin unix - n n - - pipe
user=spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
3. Configuration de mysql avec postfix
- Créez le fichier les fichiers suivants pour etablir la connexion entre mysql et postfix
mkdir -p /etc/postfix/virtual-domains.cf
mkdir -p /etc/postfix/virtual-users.cf
mkdir -p /etc/postfix/virtual-email2email.cf
mkdir -p /etc/postfix/virtual-forwardings.cf
- Dans le fichier
/etc/postfix/virtual-domains.cfrajoutez les lignes suivantes et remplacer user, password, dbname par le user et password de votre base de données et dbname par le nom de votre base de données
user = woody
password = hypersecurise
dbname = mailbox
query = SELECT 1 FROM domains WHERE domain='%s'
hosts = 127.0.0.1
- Dans le fichier
/etc/postfix/virtual-users.cffaites de même
user = woody
password = hypersecurise
dbname = mailbox
query = SELECT foldermail FROM users WHERE username='%s'
hosts = 127.0.0.1
- Dans le fichier
/etc/postfix/virtual-email2email.cffaites de même
user = woody
password = hypersecurise
host = 127.0.0.1
dbname = mailbox
query = SELECT username FROM users WHERE username='%s'
- Faites de même dans le fichier
/etc/postfix/virtual-forwardings.cf
user = woody
password = hypersecurise
dbname = mail
query = SELECT destination FROM forwardings WHERE source='%s'
hosts = 127.0.0.1
- Redémarrez le service postfix
service postfix restart
Configuration de spamassassin
Installation
- Exécutez la commande suivante sur votre terminal
apt install spamassassin spamc -y
- Créez le groupe et le user spamd
groupadd spamd
useradd -g spamd -s /usr/sbin/nologin -d /var/log/spamassassin -m spamd
Configuration
- Dans votre conteneur rajouter les lignes suivantes dans le fichier de configuration
/etc/spamassassin/local.cf
rewrite_header Subject [*****SPAM*****]
# Set the threshold at which a message is considered spam (default: 5.0)
#
required_score 5.0
# Use Bayesian classifier (default: 1)
#
use_bayes 1
# Bayesian classifier auto-learning (default: 1)
#
bayes_auto_learn 1
# Some shortcircuiting, if the plugin is enabled
#
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
endif # Mail::SpamAssassin::Plugin::Shortcircuit
- Configurer la configuration par défaut de spamassassin
/etc/default/spamassassin
# Prior to version 3.4.2-1, spamd could be enabled by setting
# ENABLED=1 in this file. This is no longer supported. Instead, please
# use the update-rc.d command, invoked for example as "update-rc.d
# spamassassin enable", to enable the spamd service.
ENABLE=1
# SpamAssassin uses a preforking model, so be careful! You need to
# make sure --max-children is not set to anything higher than 5,
# unless you know what you're doing.
SAHOME="/var/log/spamassassin/"
OPTIONS="--create-prefs --max-children 5 --usernmae spamd --helper-home-dir ${SAHOME} -s ${SAHOME}spamd.log"
# Pid file
# Where should spamd write its PID to file? If you use the -u or
# --username option above, this needs to be writable by that user.
# Otherwise, the init script will not be able to shut spamd down.
#PIDFILE="/var/run/spamd.pid"
PIDFILE="${SAHOME}spamd.pid"
# Cronjob
# Set to anything but 0 to enable the cron job to automatically update
# spamassassin's rules on a nightly basis
CRON=1
-Vérifiez bien que dans les lignes suivantes se trouve dans le fichier /etc/postfix/master
smtp inet n - y - - smtpd
-o content_filter=spamassassin
##SPAMASSASSIN
spamassassin unix - n n - - pipe
user=spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}