Home ยป MailServer IMAP/POP3/SMTP(SSL) + ASPAM/postGREY

MailServer IMAP/POP3/SMTP(SSL) + ASPAM/postGREY

Posted on by No Comments ↓


Questa guida intende descrivere come installare e configurare un semplice server di posta Imap/pop3/smtp con auth ssl e antispam+postgrey su linux (archlinux).
Cominciamo col generare i certificati che useremo per le autenticazioni:

cd /etc/ssl/certs & openssl req -new -x509 -newkey rsa:1024 -days 3650 -keyout mail.key -out mail.crt
openssl rsa -in mail.key -out mail.key & mv mail.key /etc/ssl/private

Assicuriamoci che l’utenza di sistema che mapperemo con quella per l’email appartenga al gruppo “mail” e cominciamo con le installazioni:

pacman -S postfix procmail dovecot spamassassin
configuriamo spamassassin:
groupadd -g 5001 spamd
useradd -u 5001 -g spamd -s /sbin/nologin -d /var/lib/spamassassin -m spamd
chown spamd:spamd /var/lib/spamassassin

tuniamo un po’ abbassando ad 1 il valore del parametro max-children (default=5), cio’ ci fara risparmiare parecchia ram:
vi /etc/conf.d/spamd

SAHOME=”/var/lib/spamassassin/”
SPAMD_OPTS=”-c –max-children 1 –username spamd -H ${SAHOME} -s ${SAHOME}spamd.log –pidfile /var/run/spamd.pid”

Configuriamo adesso DOVECOT per l’ IMAPssl e il pop3dssl con:
vim /etc/dovecot/dovecot.conf

protocols = imaps pop3s

disable_plaintext_auth = yes
log_timestamp = “%b %d %H:%M:%S ”

#ssl_disable = no

#i nostri certificati precedentemente creati
ssl_cert_file = /etc/ssl/certs/mail.crt
ssl_key_file = /etc/ssl/private/mail.key

mail_location = maildir:~/Maildir
mail_access_groups = mail
auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@

protocol imap {
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
}

protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
#pop3_client_workarounds =
}

auth default {
mechanisms = plain login
passdb pam {
}
userdb passwd {
}
user = root
socket listen {
client {
path = /var/run/dovecot/auth-client
user = postfix
group = postfix
mode = 0660
}
}
}

Passiamo adesso alla configurazione di POSTFIX, (

cd /etc/postfix/

) cominciamo dal file principale:
vi main.cf


# Paths
queue_directory = /var/spool/postfix
daemon_directory = /usr/lib/postfix
command_directory = /usr/sbin
mail_owner = postfix
# Domain settings
myhostname = mail.nostrodominio.com
myorigin = nostrodominio.com
mydestination = $myhostname, localhost.$mydomain, localhost
# Timeout settings and other limits
delay_warning_time = 4h
unknown_local_recipient_reject_code = 450
minimal_backoff_time = 300s
maximal_backoff_time = 1200s
maximal_queue_lifetime = 1d
bounce_queue_lifetime = 1d
smtp_helo_timeout = 60s
smtpd_soft_error_limit = 3
smtpd_hard_error_limit = 12
# SMTP settings
smtpd_tls_cert_file=/etc/ssl/certs/mail.crt
smtpd_tls_key_file=/etc/ssl/private/mail.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
smtpd_tls_loglevel = 1
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination,
#postgrey
check_policy_service inet:127.0.0.1:10030
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_sasl_security_options = noanonymous
# SASL
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client

# Network settings
inet_interfaces = all
inet_protocols = ipv4
mynetworks = 127.0.0.0/8
relayhost =
# Email and mailbox settings
alias_maps = hash:/etc/postfix/aliases
alias_database = $alias_maps
home_mailbox = Maildir/
virtual_alias_domains = miodominio.com eventualealtrodominio.org
virtual_alias_maps = hash:/etc/postfix/virtual
mailbox_size_limit = 0

# Misc
mailbox_command = /usr/bin/procmail
smtpd_banner = $myhostname ESMTP banner_che_vogliamo
biff = no
append_dot_mydomain = no
debug_peer_level = 2
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/man
sample_directory = /etc/postfix/sample
readme_directory = no
recipient_delimiter = +

Mappiamo adesso utenza sys/utenza email inserendo le informazioni opportune con:
vi /etc/postfix/virtual


utenteemail@dominiomio.com utentesistema@localhost
utente2mail@altrodominio.org utentesistema2@localhost
#etc.

lanciamo adesso il comando:

postmap /etc/postfix/virtual

alliniamo adesso a spamassassin postfix configurando il suo vero motore principale:
vi master.cf e aggiungiamo/modifichiamo


smtp inet n – n – – smtpd
-o content_filter=spamassassin
spamassassin unix – n n – – pipe
user=spamd argv=/usr/bin/perlbin/vendor/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}

Configuriamo spamassassin:
vi /etc/mail/spamassassin/local.cf

rewrite_header Subject *****SPAM*****
required_score 3
report_safe 0 #1
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1

Diciamo adesso a procmail come istruire le emails marchiate da spamassassin:
vi /etc/procmailrc


DROPPRIVS=yes
DEFAULT=$HOME/Maildir/
MAILDIR=$HOME/Maildir/
:0:
* ^X-Spam-Status: Yes
.Junk/

Postgrey:
yaourt -S postgrey
configuriamo con
vi /etc/conf.d/postgrey


POSTGREY_TYPE=”inet”
POSTGREY_HOST=”127.0.0.1″
POSTGREY_PORT=”10030″
POSTGREY_SOCKET=”/var/spool/postfix/private/postgrey”
POSTGREY_OPTS=”–delay=60″

Infine creiamo la Maildir per l’utente:

cd ~utente
umask 077
mkdir -p Maildir/{cur,new,tmp}
mkdir -p Maildir/.Drafts/{cur,new,tmp}
mkdir -p Maildir/.Sent/{cur,new,tmp}
mkdir -p Maildir/.Trash/{cur,new,tmp}
chmod -R 0700 Maildir
chown -R utente:users *

Riavviamo adesso tutti i servizi legati al mail server

/etc/rc.d/postgrey start
/etc/rc.d/spamd start
/etc/rc.d/dovecot start
/etc/rc.d/postfix start

..e configuriamoci i nostri clients di posta.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.