.
.
.
.
.
.
[lang_en]
ClamAV, virusscanner
ClamAV uses /usr/local/etc/clamav.conf for configuration, the only changes made were
- changed localsocket to /var/amavis/clamd
- changed user to vscan
OpenLDAP scripts
Using the script provide below we can add users, according to the domain setup shown below using the following commands example
- ./ldapadduser.pl vivian example.org “Secret123” mailbox | ldapadd -x -D ‘cn=Manager,dc=example,dc=org’ -w secret
- ./ldapadduser.pl alexander example.org “Dog=Cr@zy” mailbox | ldapadd -x -D ‘cn=Manager,dc=example,dc=org’ -w secret
- ./ldapadduser.pl roland_dg example.org “a1zihw” mailbox | ldapadd -x -D ‘cn=Manager,dc=example,dc=org’ -w secret
- ./ldapadduser.pl postmaster example.org alexander@example.org,vivian@example.org alias | ldapadd -x -D ‘cn=Manager,dc=example,dc=org’ -w secret
- ./ldapadduser.pl webmaster example.org john@webbuilders.com alias | ldapadd -x -D ‘cn=Manager,dc=example,dc=org’ -w secret
- ./ldapadduser.pl “*” example.org vivian@example.org alias | ldapadd -x -D ‘cn=Manager,dc=example,dc=org’ -w secret
somenudomain.nu
- ./ldapadduser.pl ian somenudomain.nu “vivian” mailbox | ldapadd -x -D ‘cn=Manager,dc=example,dc=org’ -w secret
- ./ldapadduser.pl postmaster somenudomain.nu alexander@example.org alias | ldapadd -x -D ‘cn=Manager,dc=example,dc=org’ -w secret
- ./ldapadduser.pl webmaster somenudomain.nu “w3bs1t3” mailbox | ldapadd -x -D ‘cn=Manager,dc=example,dc=org’ -w secret
someoldaccount.demon.org
- ./ldapadduser.pl “*” someoldaccount.demon.org @somenudomain.nu alias | ldapadd -x -D ‘cn=Manager,dc=example,dc=org’ -w secret
domain3.org
- ./ldapadduser.pl postmaster domain3.org alexander@example.org alias | ldapadd -x -D ‘cn=Manager,dc=example,dc=org’ -w secret
- ./ldapadduser.pl webmaster domain3.org alexander@example.org alias | ldapadd -x -D ‘cn=Manager,dc=example,dc=org’ -w secret
And so, we should have created a tree looking like this, with vivian@example.org receiving all ‘non-existing-mailbox’ mail from example.org and all mail from ‘someoldaccount.demon.org’ delivered to somenudomain.nu (so you can email ian@someoldaccount.demon.org and still reach ian, whom (ofcourse) should have procmail or so set up to warn people about his changed domain name, but that’s outside the scope of this document). Also mind that postmaster@example.org is delivered to BOTH alexander AND vivian. The add-script just makes to ‘maildrop’s in the LDAP tree!
Configure postfix
Changes to postfix’ main.cf, also change other settings to customize you’re requirements. Setting ‘soft_bounce=yes’ for testing purposes while starting out using you’re new mailserver would be a wise decision!
# Transports transport_server_host = localhost transport_search_base = dc=mail,dc=example,dc=org transport_query_filter = (&(dc=%s)(objectClass=mailDomain)(accountActive=TRUE)(delete=FALSE)) transport_result_attribute = postfixTransport #transport_cache = yes transport_bind = no transport_scope = one # Aliases aliases_server_host = localhost aliases_search_base = dc=mail,dc=example,dc=org aliases_query_filter = (&(objectClass=mailAlias)(mail=%s)(accountActive=TRUE)) aliases_result_attribute = maildrop aliases_bind = no #aliases_cache = yes # Accounts accounts_server_host = localhost accounts_search_base = dc=mail,dc=example,dc=org accounts_query_filter = (&(objectClass=mailAccount)(mail=%s)(accountActive=TRUE)(delete=FALSE)) accounts_result_attribute = mailbox accounts_bind = no #accounts_cache = yes accountsmap_server_host = localhost accountsmap_search_base = dc=mail,dc=example,dc=org accountsmap_query_filter = (&(objectClass=mailAccount)(mail=%s)(accountActive=TRUE)(delete=FALSE)) accountsmap_result_attribute = mail accountsmap_bind = no #accountsmap_cache = yes # Transport map transport_maps = ldap:transport mydestination = $myhostname, localhost.$mydomain, $mydomain, mail.$mydomain, $transport_maps # Virtual maps virtual_maps = ldap:aliases, ldap:accountsmap # Virtual accounts virtual_mailbox_base = /usr/virtual virtual_mailbox_maps = ldap:accounts virtual_minimum_uid = 2000 virtual_uid_maps = static:2000 virtual_gid_maps = static:2000 # Local accounts local_alias_maps = hash:/etc/aliases local_recipient_maps = $local_alias_maps unix:passwd.byname # local_transport should set to "virtual" to deliver mail to local VirtualAccount # 's $HOME direcotry . or not set here, mail delivery would be failure local_transport = virtual local_recipient_maps = $alias_maps unix:passwd.byname $virtual_mailbox_maps # AMAVIS content_filter = smtp-amavis:[127.0.0.1]:10024
Changes to postfix’ master.cf (optionally replace the ‘y’ with ‘n’ depending on you’re chroot wishes). Make sure ‘virtual’ and ‘maildrop’ also exist in master.cf
smtp-amavis unix - - y - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - y - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000
Starting you’re mailserver
Next again edit /etc/rc.conf to disable sendmail and enable postfix Insert
- sendmail_enable=”NONE”
Comment out/remove
- sendmail_enable=”YES”
- sendmail_flags=”-bd”
- sendmail_pidfile=”/var/spool/postfix/pid/master.pid”
- sendmail_outbound_enable=”NO”
- sendmail_submit_enable=”NO”
- sendmail_msp_queue_enable=”NO”
Now would be a great time to start postfix, but before you do touch /var/log/maillog and open a second terminal, screen or whatever and do a tail -f /var/log/maillog there (as well as maybe a tail on /var/log/messages) to see what’s going on. Now you’re ready to start postfix simply by typing postfix start
Verify mail sending and receiving
Verify that you can send mail by sending yourself mail. If using an address@example.org which is an alias (pointing outside one of the domains for wich your new postfix server receives mail) please check you’re headers and confirm their ok. If receiving on a mailbox address (at your new postfix server), look in /usr/virtual and confirm you have a new directory named example.org (depending on the recipient). Below that directory your mailbox name (as a directory) should emerge, containing various maildir files. Besides checking that your mail was received also check the headers!
Note that users of a mailbox should have received at least one email to have their directory (and maildir files) in place When you create a new mailbox (not alias), you should send the new user a ‘welcome’ mail of some kind to let postfix create their ‘homedirectory’ in /usr/virtual. When omitted the user will receive an error when checking mail (either via imap/pop or when using webmail)
Documents and resources used
Besides RTFM on various packages used to install a number of special resources will be named below the packages linklist; (in no particular order)
- Postfix, MTA used
- Spam tagging software
- LDAP software
- Webmail software
- Mailinglist software (when done, you could add mailinglists, not captured in this document)
- ClamAV Antivirus software
- Short for [A] [MA]il [VI]rus [S]canner
- Apache webserver for webmail and admin (php) interface
- The admin interface was build using php
Most usefull to produce this document was :http://janus.errornet.de/ with his pdf and schema ((mirrored here) pdf and schema)
Others resources used
- http://jamm.sourceforge.net everything else seems to be based upon this
- http://www.vriesman.tk detailed enough for me
Tom Scholten is Unix specialist with Snow B.V., a Dutch Technical Consultancy Company supplying specialists in the field of Networking and Unix
[/lang_en]