Почтовый сервер на CentOS 6.5.

Имеем:
2 сетевых интерфейса:
eth0 — локальная сеть 192.168.0.1
eth1 — интернет 100.200.1.1
Контроллер домена example.com
Компоненты почтового сервера:
Dovecot — IMAP и POP3 сервер, MDA (mail delivery agent)
Postfix — MTA (mail transfer agent)
Postixadmin — управление почтовыми ящиками

Добавляем репозитории
Настраиваем контроллер домена

Настраиваем dovecot:
yum -y install dovecot dovecot-mysql
vi /etc/dovecot/dovecot.conf:

auth_debug = yes
auth_verbose = yes
service auth {
unix_listener auth-master {
user = vmail
group = mail
mode = 0660
}
inet_listener = { * }
}
mail_debug = yes
protocol lda {
postmaster_address = admin@example.com
mail_plugins = sieve
hostname = mail.example.com
}
passdb {
args = /etc/dovecot/dovecot-mysql.conf
driver = sql
}

userdb {
args = /etc/dovecot/dovecot-mysql.conf
driver = sql
}
protocols = imap pop3 lmtp
listen = *
base_dir = /var/run/dovecot/
instance_name = dovecot
login_greeting = my mail server
dict {
#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
}
!include conf.d/*.conf
!include_try local.conf

vi /etc/dovecot/conf.d/10-auth.conf:

disable_plaintext_auth = no
auth_mechanisms = plain login cram-md5

vi /etc/dovecot/conf.d/10-mail.conf:

mail_location = maildir:/var/spool/mail/%d/%u
mail_uid = vmail
mail_gid = mail
first_valid_uid = 2000
last_valid_uid = 2000
first_valid_gid = 12
last_valid_gid = 12

vi /etc/dovecot/conf.d/10-master.conf:

service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
service lmtp {
unix_listener lmtp {
}
}
service imap {
}
service pop3 {
}
service auth {
unix_listener auth-userdb {
mode = 0600
user = vmail
group = mail
}
unix_listener /var/spool/postfix/dovecot-auth {
mode = 0666
user = postfix
group = postfix
}
}
service auth-worker {
}
service dict {
unix_listener dict {
}

vi /etc/dovecot/conf.d/10-ssl.conf:

ssl = yes
ssl_cert = ssl_key = ssl_parameters_regenerate = 168
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL

vi /etc/dovecot/conf.d/20-imap.conf:

protocol imap {
imap_client_workarounds = tb-extra-mailbox-sep
mail_plugins = autocreate
}

vi /etc/dovecot/conf.d/20-pop3.conf:

protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}

vi /etc/dovecot/conf.d/90-plugin.conf:

plugin {
autocreate = INBOX
autocreate2 = Sent
autocreate3 = Trash
autocreate4 = Drafts
autocreate5 = Junk
autosubscribe = INBOX
autosubscribe2 = Sent
autosubscribe3 = Trash
autosubscribe4 = Drafts
autosubscribe5 = Junk
#quota = maildir:User quota
#quota_rule = *:storage=1GB
#quota_rule2 = Trash:storage=+10%% # 10% of 1GB = 100MB
#quota_rule3 = Junk:storage=+10%% # 10% of 1GB = 100MB
#quota_rule4 = Drafts:storage=+10%% # 10% of 1GB = 100MB
}

Делаем файл запроса к mysql серверу vi /etc/dovecot/dovecot-mysql.conf:

driver = mysql
connect = host=/var/lib/mysql/mysql.sock dbname=postfix user=postfix password=postfixdbpass
default_pass_scheme = PLAIN
password_query = SELECT username as user, password, concat('/var/spool/mail/', maildir) as home, concat('maildir:/var/spool/mail/', maildir) as mail, 2000 as uid, 12 as gid FROM mailbox WHERE username = '%u' AND active = '1'
user_query = SELECT concat('/var/spool/mail/', maildir) as home, concat('maildir:/var/spool/mail/', maildir) as mail, 2000 AS uid, 12 AS gid, concat('maildir:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'

Создаём виртуального пользователя, который будет заниматься локальной доставкой почты:
useradd -u 2000 -g mail -d /var/spool/mail -s /sbin/nologin vmail

Настраиваем postfix (по умолчанию должен быть установлен):
vi /etc/postfix/main.cf:

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = mail.example.com
mydomain = example.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
local_recipient_maps = $virtual_mailbox_maps, $virtual_alias_maps, $alias_maps
unknown_local_recipient_reject_code = 550
mynetworks_style = subnet
mynetworks = 127.0.0.0/8, 192.168.0.0/24, 100.200.1.0/24
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
recipient_delimiter = +
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/libexec/dovecot/deliver
mailbox_transport = dovecot
smtpd_banner = $myhostname ESMTP
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.11.0/samples
readme_directory = /usr/share/doc/postfix-2.11.0/README_FILES
inet_protocols = ipv4
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated,
check_client_access hash:/etc/postfix/client_access
# reject_unknown_client_hostname

smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/hello_access,
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname

smtpd_sender_restrictions = permit_mynetworks,
check_sender_access hash:/etc/postfix/sender_access,
reject_authenticated_sender_login_mismatch,
reject_unknown_sender_domain,
reject_unlisted_sender,
permit_sasl_authenticated
# reject_non_fqdn_sender,
# reject_unverified_sender

smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unlisted_recipient,
reject_unknown_recipient_domain,
reject_non_fqdn_recipient,
reject_unverified_recipient

smtpd_etrn_restrictions = reject
smtpd_reject_unlisted_sender = yes
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
show_user_unknown_table_name = no
address_verify_sender = <>
unverified_sender_reject_code = 550
smtpd_helo_required = yes
smtp_always_send_ehlo = yes
smtpd_hard_error_limit = 10
smtpd_timeout = 240s
smtp_helo_timeout = 240s
smtp_rcpt_timeout = 300s
#mysql
virtual_mailbox_base = /var/spool/mail
virtual_mailbox_maps = mysql:/etc/postfix/virtual_mailbox_maps.cf
virtual_alias_maps = mysql:/etc/postfix/virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/virtual_mailbox_domains.cf
#quota
virtual_mailbox_limit = 52428800
virtual_mailbox_limit_inbox = no
virtual_mailbox_limit_maps = mysql:/etc/postfix/virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_mailbox_extended = yes
virtual_create_maildirsize = yes
virtual_minimum_uid = 2000
virtual_uid_maps = static:2000
virtual_gid_maps = static:12
message_size_limit = 100485760
mailbox_size_limit = 524288000

virtual_transport = dovecot
dovecot_destination_recipient_limit=1
smtpd_sasl_auth_enable = yes
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/spool/postfix/dovecot-auth

vi /etc/postfix/master.cf:

smtps     inet  n       -       n       -       -       smtpd
#Dovecot LDA
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d ${recipient}

Создаём базу данных для postfix:
mysql -u root -p

create database postfix;
GRANT ALL PRIVILEGES ON postfix.* TO 'postfix'@'localhost' IDENTIFIED BY 'postfixdbpass';
quit;

Создаём файлы postfix для базы данных mysql:
vi /etc/postfix/virtual_mailbox_maps.cf:

user = postfix
password = postfixdbpass
dbname = postfix
hosts = 127.0.0.1
table = users
select_field = maildir
where_field = email
additional_conditions = and enabled = 1

vi /etc/postfix/virtual_alias_maps.cf:

user = postfix
password = postfixdbpass
dbname = postfix
table = alias
select_field = goto
where_field = address
hosts = 127.0.0.1

vi /etc/postfix/virtual_mailbox_domains.cf:

user = postfix
password = postfixdbpass
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' AND transport <> 'relay' AND active = '1'

vi /etc/postfix/virtual_mailbox_limit_maps.cf:

user = postfix
password = postfixdbpass
dbname = postfix
table = users
select_field = quota
where_field = email
additional_conditions = and enabled = 1
hosts = 127.0.0.1

Создаём базу данных псевдонимов:
newaliases

Создаём файлы базы данных для postfix:
touch /etc/postfix/{client_access,hello_access,sender_access,recipient_access}
postmap /etc/postfix/{client_access,hello_access,sender_access,recipient_access}

Генерируем самоподписные сертификаты для TLS/SSL протоколов:
openssl req -new -x509 -days 3650 -nodes -out /etc/pki/dovecot/certs/dovecot.pem -keyout /etc/pki/dovecot/private/dovecot.pem

service postfix start
chkconfig postfix on

service dovecot start
chkconfig dovecot on

Настраиваем postixadmin:
wget http://www.mirrorservice.org/sites/downloads.sourceforge.net/p/po/postfixadmin/postfixadmin/postfixadmin-2.3.7/postfixadmin-2.3.7.tar.gz
tar xzf postfixadmin-2.3.7.tar.gz
mkdir /var/www/postfixadmin
cp -r postfixadmin-2.3.7/* /var/www/postfixadmin/
chown -R apache:apache /var/www/postfixadmin/
vi /var/www/postfixadmin/config.inc.php:

$CONF['configured'] = true;
$CONF['default_language'] = 'ru';
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix';
$CONF['database_password'] = 'postfixdbpass';
$CONF['database_name'] = 'postfix';
$CONF['database_prefix'] = '';
$CONF['encrypt'] = 'cleartext';

Создаём конфигурационный файл postfixadmin для apache:
vi /etc/httpd/conf.d/postfixadmin.conf:
Alias /pfa /var/www/postfixadmin

DirectoryIndex index.php
Options none
Order Deny,Allow
Deny from All
Allow from All

service httpd restart

Переходим на страницу настройки postfixadmin http://example.com/pfa/setup.php:
Генерируем hash пароля установки
Копируем hash в опцию «$CONF[‘setup_password’]» в /var/www/postfixadmin/config.inc.php
Вводим пароль установки
Логин вводим в виде почтового адреса, например admin@example.com
Пароль администратора
Теперь для управления почтовыми ящиками нужно заходить по адресу http://example.com/pfa

Добавляем записи для почтового сервера в наши файлы зон для внутренней и для внешней сети:
vi /var/named/chroot/etc/master/example.com.lan:
MX 10 mail.example.com.
mail.example.com. A 192.168.0.1

vi /var/named/chroot/etc/master/example.com.wan:
MX 10 mail.example.com.
mail.example.com. A 100.200.1.1

vi /var/named/chroot/etc/master/example.com.wan.rev:
1 IN PTR mail.example.com.

service named restart

Открываем порты:

iptables -I INPUT 2 -s 192.168.0.0/24 -d 192.168.0.1 -i eth0 -p tcp -m state --state NEW -m multiport --dports 25,110,143,465,993,995 -j ACCEPT
iptables -I INPUT 3 -s ip-адрес-внешних-клиентов -d 100.200.1.1 -i eth1 -p tcp -m state --state NEW -m multiport --dports 25,110,143,465,993,995 -j ACCEPT

service iptables save

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *