## ------------------------------------------------------------ ## ## - - ## ## - install postfix + dovecot + sieve + postfisadmin - ## ## - +roundecube - ## ## - - ## ## - supports ipv6 - ## ## - - ## ## ------------------------------------------------------------ ## ## - mx.warenform.de ## - _WEBMAIL_IP_4=83.223.85.154 _WEBMAIL_IP_6=2a01:30:1fff:6::154 _APACHE_CONF_DIR=/usr/local/apache2/conf _APACHE_VHOST_DIR=${_APACHE_CONF_DIR}/vhosts _APACHE_LOG_DIR=/var/log/apache2 _ADMIN_EMAIL=argus@oopen.de _TLS_CERT_DIR=/etc/postfix/ssl _TLS_CERT_FILE="${_TLS_CERT_DIR}/mailserver.crt" _TLS_KEY_FILE="${_TLS_CERT_DIR}/mailserver.key" _TLS_CHAIN_FILE="${_TLS_CERT_DIR}/SSL123_CA_Bundle.pem" _TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt _HOSTNAME=mx.warenform.de _IPV4=83.223.86.76 _IPV6=2a01:30:0:13:231:32ff:fe8b:7763 _autoreply_domain='autoreply.warenform.de' #_pf_admin_version=2.3.7 # _pf_admin_version=2.91 _pf_admin_version=3.0.2 _db_type='Pg' #_db_type='mysql' _db_name='postfix' _db_user='postfix' _db_pass='CbX8vg347Vvm' ## - ## - ENDE: mx.warenform.de ## - a.mx.oopen.de ## - _WEBMAIL_IP_4=83.223.86.91 _WEBMAIL_IP_6=2a01:30:0:13:2f7:50ff:fed2:cef7 _APACHE_CONF_DIR=/usr/local/apache2/conf _APACHE_VHOST_DIR=${_APACHE_CONF_DIR}/vhosts _APACHE_LOG_DIR=/var/log/apache2 _ADMIN_EMAIL=argus@oopen.de _TLS_CERT_DIR=/etc/postfix/ssl _TLS_CERT_FILE="${_TLS_CERT_DIR}/mailserver.crt" _TLS_KEY_FILE="${_TLS_CERT_DIR}/mailserver.key" _TLS_CHAIN_FILE="${_TLS_CERT_DIR}/sub.class2.server.ca.pem" _TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt _HOSTNAME=a.mx.oopen.de _IPV4=83.223.86.91 _IPV6=2a01:30:0:13:2f7:50ff:fed2:cef7 _autoreply_domain='autoreply.oopen.de' #_pf_admin_version=2.3.7 #_pf_admin_version=2.91 _pf_admin_version=3.0 _db_type='Pg' #_db_type='mysql' _db_name='postfix' _db_user='postfix' _db_pass='FKt4z55FxMZp' ## - ## -ENDE: a.mx.oopen.de ## - sympa.oopen.de ## - _WEBMAIL_IP_4=83.223.85.206 _WEBMAIL_IP_6=2a01:30:0:13:239:a7ff:fe7e:1129 _APACHE_CONF_DIR=/usr/local/apache2/conf _APACHE_VHOST_DIR=${_APACHE_CONF_DIR}/vhosts _APACHE_LOG_DIR=/var/log/apache2 _ADMIN_EMAIL=argus@oopen.de _TLS_CERT_DIR=/etc/postfix/ssl _TLS_CERT_FILE="${_TLS_CERT_DIR}/mailserver.crt" _TLS_KEY_FILE="${_TLS_CERT_DIR}/mailserver.key" _TLS_CHAIN_FILE="${_TLS_CERT_DIR}/sub.class2.server.ca.pem" _TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt _HOSTNAME=sympa.oopen.de _IPV4=83.223.85.206 _IPV6=2a01:30:0:13:239:a7ff:fe7e:1129 _autoreply_domain='autoreply.oopen.de' #_pf_admin_version=2.3.7 _pf_admin_version=2.91 _db_type='Pg' #_db_type='mysql' _db_name='postfix' _db_user='postfix' _db_pass='FKt4z55FxMZp' ## - ## -ENDE: sympa.oopen.de ## - d.mx.oopen.de ## - _WEBMAIL_IP_4=83.223.86.92 _WEBMAIL_IP_6=2a01:30:0:13:254:9eff:fed5:e7fd _APACHE_CONF_DIR=/usr/local/apache2/conf _APACHE_VHOST_DIR=${_APACHE_CONF_DIR}/vhosts _APACHE_LOG_DIR=/var/log/apache2 _ADMIN_EMAIL=argus@oopen.de _TLS_CERT_DIR=/etc/postfix/ssl _TLS_CERT_FILE="${_TLS_CERT_DIR}/mailserver.crt" _TLS_KEY_FILE="${_TLS_CERT_DIR}/mailserver.key" _TLS_CHAIN_FILE="${_TLS_CERT_DIR}/sub.class2.server.ca.pem" _TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt _HOSTNAME=d.mx.oopen.de _IPV4=83.223.86.92 _IPV6=83.223.86.92 _autoreply_domain='autoreply.oopen.de' #_pf_admin_version=2.3.7 _pf_admin_version=2.91 _db_type='Pg' #_db_type='mysql' _db_name='postfix' _db_user='postfix' _db_pass='FKt4z55FxMZp' ## - ## -ENDE: d.mx.oopen.de ## - mail.interventionistische-linke.org ## - _WEBMAIL_IP_4=83.223.85.215 _WEBMAIL_IP_6=2a01:30:1fff:5::215 _APACHE_CONF_DIR=/usr/local/apache2/conf _APACHE_VHOST_DIR=${_APACHE_CONF_DIR}/vhosts _APACHE_LOG_DIR=/var/log/apache2 _ADMIN_EMAIL=argus@oopen.de _TLS_CERT_DIR=/etc/postfix/ssl _TLS_CERT_FILE="${_TLS_CERT_DIR}/mailserver.crt" _TLS_KEY_FILE="${_TLS_CERT_DIR}/mailserver.key" _TLS_CHAIN_FILE="${_TLS_CERT_DIR}/sub.class2.server.ca.pem" _TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt _HOSTNAME=mail.interventionistische-linke.org _IPV4=83.223.85.214 _IPV6=2a01:30:1fff:5::214 _autoreply_domain='autoreply.interventionistische-linke.org' #_pf_admin_version=2.3.7 _pf_admin_version=2.91 _db_type='Pg' #_db_type='mysql' _db_name='postfix' _db_user='postfix' _db_pass='NcXxt7sf7bfV' ## - ## -ENDE: mail.interventionistische-linke.org ## - listserver.so36.net ## - _WEBMAIL_IP_4='' _WEBMAIL_IP_6='' _APACHE_CONF_DIR='' _APACHE_VHOST_DIR='' _APACHE_LOG_DIR='' _ADMIN_EMAIL=roots@so36.net _TLS_CERT_DIR=/etc/postfix/ssl _TLS_CERT_FILE="${_TLS_CERT_DIR}/mailserver.crt" _TLS_KEY_FILE="${_TLS_CERT_DIR}/mailserver.key" _TLS_CHAIN_FILE="${_TLS_CERT_DIR}/sub.class2.server.ca.pem" _TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt _HOSTNAME=listserver.so36.net _IPV4=83.223.73.213 _IPV6=2a01:30:1fff:fd00::213 _autoreply_domain='' #_pf_admin_version=2.3.7 _pf_admin_version='' #_db_type=pg #_db_type='mysql' _db_name='' _db_user='' _db_pass='' ## - ## -ENDE: listserver.so36.net ## ------------------------------------------------------------ ## ## - Download debian prerequisites - ## ## ------------------------------------------------------------ ## ## - ## - compiler stuff ## - apt-get install g++ g++-multilib gcc gcc-multilib cpp make libssl-dev apt-get install automake autoconf libtool flex bison gnu-standards apt-get install libdb-dev ## - Postgres (if needed) ## - cat < /etc/apt/sources.list.d/pgdg.list deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main EOF apt-get update apt-get install pgdg-keyring apt-get install postgresql postgresql-client ## - SSL/TLS support apt-get install libssl-dev ## - obtain dovecot from Mercurial repository apt-get install hgsvn ## - Mysql ## - #apt-get install mysql-server-5.0 mysql-client-5.0 libmysqlclient15-dev ## - SASL support ## - #apt-get install libsasl2-dev libsasl2-2 ## - I think quota is not needed, because quota support is ## - softwareside realised ## - ## - ## - quota support ## - ## - ## - apt-get install quota ## - ## - ## - /etc/fstab ## - ## - ## - ## - proc /proc proc defaults 0 0 ## - ## - none /dev/pts devpts gid=5,mode=620 0 0 ## - ## - /dev/md0 none swap sw 0 0 ## - ## - /dev/md1 /boot ext3 defaults 0 0 ## - ## - /dev/md2 / ext3 defaults,usrquota,grpquota 0 0 ## - ## - /dev/md3 /data ext3 defaults,usrquota,grpquota 0 0 ## ------------------------------------------------------------ ## ## - Download sources - ## ## ------------------------------------------------------------ ## mkdir -p /usr/local/src/mailsystem/tarballs cd /usr/local/src/mailsystem/tarballs # - postfix ## - #wget http://de.postfix.org/ftpmirror/official/postfix-2.7.1.tar.gz ## - postfixadmin (needed for vacation plugin) ## - #wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.3.7/postfixadmin-2.3.7.tar.gz #wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.91/postfixadmin-2.91.tar.gz wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-${_pf_admin_version}/postfixadmin-${_pf_admin_version}.tar.gz ## ------------------------------------------------------------ ## ## - Install software - ## ## ------------------------------------------------------------ ## ## --------------------------------- # ## --- install Apapche webserver --- # ## --------------------------------- # apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils ## - access server-status ## - ## - Allow from 178.63.63.151 127.0.0.1 ## - vim /etc/apache2/mods-enabled/status.conf ## - configure ports ## - ## - NameVirtualHost 178.63.63.151:80 ## - Listen 178.63.63.151:80 ## - Listen 127.0.0.1:80 ## - ## - ## - # SSL name based virtual hosts are not yet supported, therefore no ## - # NameVirtualHost statement here ## - NameVirtualHost 178.63.63.151:443 ## - Listen 178.63.63.151:443 ## - ## - vim /etc/apache2/ports.conf ## - configure default site ## - rm /etc/apache2/sites-enabled/000-default mv /etc/apache2/sites-available/default /etc/apache2/sites-available/_default mv /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/_default-ssl mkdir -p /var/www ## - Apache base configuration ## - cat < ${_APACHE_VHOST_DIR}/000default.conf Options FollowSymLinks AllowOverride None ## - Apache httpd 2.2.x #Order deny,allow #Deny from all ## - Apache httpd 2.4.x Require all denied AllowOverride None ## - Apache httpd 2.2.x #Order deny,allow #Deny from all ## - Apache httpd 2.4.x Require all granted ## - the first VirtualHost Directive - All Requests ## - with no concerning VirtualHost Directive will be ## - handelde here ServerAdmin $_ADMIN_EMAIL ServerName dummy.warenform.net RewriteEngine On RewriteCond %{HTTP_HOST} .* RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L] ServerAdmin $_ADMIN_EMAIL ServerName dummy.warenform.net DocumentRoot /var/www/ SSLEngine on SSLHonorCipherOrder On SSLCompression Off SSLProtocol ALL -SSLv2 -SSLv3 SSLCipherSuite EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS Header add Strict-Transport-Security "max-age=15768000" SSLCertificateFile ${_APACHE_CONF_DIR}/server.crt SSLCertificateKeyFile ${_APACHE_CONF_DIR}/server.key SSLCACertificateFile ${_APACHE_CONF_DIR}/SSL123_CA_Bundle.pem ServerAdmin admin@warenform.net ServerName dummy.warenform.net ## - IPv6 ## - ServerAdmin $_ADMIN_EMAIL ServerName dummy.warenform.net RewriteEngine On RewriteCond %{HTTP_HOST} .* RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L] ServerAdmin $_ADMIN_EMAIL ServerName dummy.warenform.net DocumentRoot /var/www/ SSLEngine on SSLHonorCipherOrder On SSLCompression Off SSLProtocol ALL -SSLv2 -SSLv3 SSLCipherSuite EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS Header add Strict-Transport-Security "max-age=15768000" SSLCertificateFile ${_APACHE_CONF_DIR}/server.crt SSLCertificateKeyFile ${_APACHE_CONF_DIR}/server.key SSLCACertificateFile ${_APACHE_CONF_DIR}/SSL123_CA_Bundle.pem EOF #ln -s ../sites-available/000default.conf /etc/apache2/sites-enabled/ ## - enable module ssl ## - a2enmod ssl ## - include certificates ## - chgrp ssl-cert /etc/ssl/private/20091103-0058-aktionsbuendnis_key.pem chmod 640 /etc/ssl/private/20091103-0058-aktionsbuendnis_key.pem chmod 644 /etc/ssl/certs/20091103-0058-aktionsbuendnis_crt.pem ## - enable module ssl ## - a2enmod rewrite ## - enable sites ## - put the VirtualHosts Directives in files living in the ## - directory /etc/apache2/sites-available ## - i.e. you have configured the files ## - - 000default.conf ## - - aktionsbuendnis.oopen.de.conf ## - #a2ensite 000default.conf aktionsbuendnis.oopen.de.conf a2ensite 000default.conf ## --------------------------------------------------------- # ## --- install PHP (needed for postfixadmin / roundcube) --- # ## --------------------------------------------------------- # ## - Zusatzinstallation php (fuer: postfixadmin / roundcube) ## - apt-get install libexpat1 mcrypt imagemagick mpt-get install libcompress-zlib-perl apt-get install re2c apt-get install libmagic-dev apt-get install php5 php5-common php5-cli php5-pgsql \ php5-mcrypt php5-gd php5-imagick php5-curl \ php-pear php5-suhosin php5-mhash php5-dev \ php-file php-gettext php-auth apt-get install php5-imap uw-mailutils ## - settings /etc/php5/apache2/php.ini ## - vim /etc/php5/apache2/php.ini memory_limit = 128M register_globals = Off session.save_handler = file error_reporting = E_ALL safe_mode = Off session.cache_limiter = nocache cgi.fix_pathinfo=1 apt-get install libmysqlclient15-dev pecl channel-update pear.php.net pecl install fileinfo ## - already included in php 5.3 ## - ## - #extension=pdo.so ## - #extension=pdo_mysql.so ## - #extension=fileinfo.so #vim /etc/php5/apache2/php.ini mkdir -p /var/www/adm.warenform.de ## ----------------------- ## ## --- install postfix --- ## ## ----------------------- ## ## *************************** ## ## - install from source - ## _postfix_version=2.11.5 ## - postfix user/group anlegen ## - addgroup --system postfix addgroup --system postdrop adduser --system --home /var/spool/postfix --group postfix postfix cd /usr/local/src/mailsystem/tarballs wget http://de.postfix.org/ftpmirror/official/postfix-${_postfix_version}.tar.gz cd /usr/local/src/mailsystem gunzip < tarballs/postfix-${_postfix_version}.tar.gz | tar -xf - cd postfix-$_postfix_version ## - For Postgres (PCRE-support, TLS-support, SASL-support also included) ## - make makefiles \ CCARGS="-DHAS_PGSQL -I/usr/include/postgresql -DHAS_PCRE `pcre-config --cflags` -DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl" \ AUXLIBS="-L/usr/lib/x86_64-linux-gnu -lpg `pcre-config --libs` -lssl -lcrypto -L/usr/lib/x86_64-linux-gnu -lsasl2" ## - For MySQL installed to /usr/local/Mysql (PCRE-support, TLS-support, SASL-support also included) ## - make makefiles \ CCARGS="-DHAS_MYSQL -I/usr/local/mysql/include -DHAS_PCRE `pcre-config --cflags` -DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl" \ AUXLIBS="-L/usr/local/mysql/lib -lmysqlclient -lz -lm `pcre-config --libs` -lssl -lcrypto -L/usr/lib/x86_64-linux-gnu -lsasl2" make make install ## ************************************** ## ## - install from debian package-system - ## ## - ## - since debian wheezy, postfix-tls is integrated in postfix package ## - # - postfix apt-get install -t jessie-backports postfix postfix-pgsql postfix-pcre # - mysql apt-get install -t jessie-backports postfix postfix-mysql postfix-pcre ## - remove exim4 and related if installed and you plan ## - to install an alternative mailer ## - apt-get remove --purge bsd-mailx exim4 exim4-base exim4-config \ exim4-daemon-light mailx apt-get install postfix postfix-pcre libsasl2-modules bsd-mailx haveged ## - !! Notice: ## - ## - If using MySQL and MySQL was installed from source, then ## - remove/check my.cnf file from debian package "mysql-common", ## - which will be installed within postfix-mysql. ## - ## - !! End: Notice ## - adjust main.cf ## - cp /etc/postfix/main.cf /etc/postfix/main.cf.ORIG cat < /etc/postfix/main.cf # ============ Basic settings ============ # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname myorigin = /etc/mailname smtpd_banner = \$myhostname ESMTP \$mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h #readme_directory = no readme_directory = /usr/share/doc/postfix html_directory = /usr/share/doc/postfix/html ## - The Internet protocols Postfix will attempt to use when making ## - or accepting connections. ## - DEFAULT: ipv4 EOF if [ -n "$_IPV6" ]; then cat <> /etc/postfix/main.cf inet_protocols = ipv4, ipv6 #inet_interfaces = all inet_interfaces = 127.0.0.1 $_IPV4 $_IPV6 myhostname = $_HOSTNAME mydestination = $_HOSTNAME localhost ## - The list of "trusted" SMTP clients that have more ## - privileges than "strangers" ## - mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 ${_IPV4}/32, [${_IPV6}]/128 # b.mx.oopen.de #83.223.86.162/32 #[2a01:30:1fff:a::162]/128 smtp_bind_address = $_IPV4 smtp_bind_address6 = $_IPV6 EOF else cat <> /etc/postfix/main.cf inet_protocols = ipv4 #inet_interfaces = all inet_interfaces = 127.0.0.1 $_IPV4 myhostname = $_HOSTNAME mydestination = $_HOSTNAME localhost ## - The list of "trusted" SMTP clients that have more ## - privileges than "strangers" ## - mynetworks = 127.0.0.0/8 ${_IPV4}/32 # b.mx.oopen.de #83.223.86.162/32 #[2a01:30:1fff:a::162]/128 smtp_bind_address = $_IPV4 #smtp_bind_address6 = $_IPV6 EOF fi cat <> /etc/postfix/main.cf ## - The method to generate the default value for the mynetworks parameter. ## - ## - mynetworks_style = host" when Postfix should "trust" only the local machine ## - mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP ## - clients in the same IP subnetworks as the local machine. ## - mynetworks_style = class" when Postfix should "trust" SMTP clients in the same ## - IP class A/B/C networks as the local machine. ## - #mynetworks_style = host ## - The maximal size of any local(8) individual mailbox or maildir file, ## - or zero (no limit). In fact, this limits the size of any file that is ## - written to upon local delivery, including files written by external ## - commands that are executed by the local(8) delivery agent. ## - mailbox_size_limit = 0 ## - The maximal size in bytes of a message, including envelope information. ## - ## - we user 50MB ## - message_size_limit = 52480000 ## - The system-wide recipient address extension delimiter ## - recipient_delimiter = + ## - The alias databases that are used for local(8) delivery. ## - alias_maps = hash:/etc/aliases ## - The alias databases for local(8) delivery that are updated ## - with "newaliases" or with "sendmail -bi". ## - alias_database = hash:/etc/aliases ## - Optional lookup tables with mappings from recipient address ## - to (message delivery transport, next-hop destination). ## - See transport(5) for details. ## - transport_maps = btree:/etc/postfix/transport btree:/etc/postfix/relay_domains ## - The maximal time a message is queued before it is sent back as ## - undeliverable. Defaults to 5d (5 days) ## - Specify 0 when mail delivery should be tried only once. ## - maximal_queue_lifetime = 3d bounce_queue_lifetime = \$maximal_queue_lifetime ## - delay_warning_time (default: 0h) ## - ## - The time after which the sender receives a copy of the message ## - headers of mail that is still queued. To enable this feature, ## - specify a non-zero time value (an integral value plus an optional ## - one-letter suffix that specifies the time unit). ## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). ## - The default time unit is h (hours). delay_warning_time = 1d #header_checks = pcre:/etc/postfix/header_checks prepend_delivered_header = forward file ## - proxy_read_maps ## - ## - The lookup tables that the proxymap(8) server is allowed to access for the read-only service. ## - ## - Specify zero or more "type:name" lookup tables, separated by whitespace or comma. Table ## - references that don't begin with proxy: are ignored. ## - #proxy_read_maps = \$local_recipient_maps \$mydestination \$virtual_alias_maps \$virtual_alias_domains \$virtual_mailbox_maps \$virtual_mailbox_domains \$relay_recipient_maps \$relay_domains \$canonical_maps \$sender_canonical_maps \$recipient_canonical_maps \$relocated_maps \$transport_maps \$mynetworks \$sender_bcc_maps \$recipient_bcc_maps \$smtp_generic_maps \$lmtp_generic_maps \$smtpd_sender_login_maps # ============ Relay parameters ============ relayhost = relay_domains = \$mydestination btree:/etc/postfix/relay_domains # ============ TLS parameters ============ ## - supports DNSSEC ## - ## - !! Notice !! ## - In order to support DNSSEC and DANE your resolver MUST support ## - DNSSEC too. ## - ## - If your resolver does not support DNSSEC, install "unbound". ## - smtp_host_lookup = dns smtp_dns_support_level = dnssec ## - Aktiviert STARTTLS für den Mailempfang ## - ## - may: ## - Opportunistic TLS. Use TLS if this is supported by the remote ## - SMTP server, otherwise use plaintext ## - ## - This overrides the obsolete parameters smtpd_use_tls and ## - smtpd_enforce_tls. This parameter is ignored with ## - "smtpd_tls_wrappermode = yes". #smtpd_use_tls=yes smtpd_tls_security_level=may ## - Aktiviert STARTTLS für den Mailversand ## - ## - may: ## - Opportunistic TLS: announce STARTTLS support to SMTP clients, ## - but do not require that clients use TLS encryption. # smtp_use_tls=yes #smtp_tls_security_level=may smtp_tls_security_level=dane ## - 0 Disable logging of TLS activity. ## - 1 Log TLS handshake and certificate information. ## - 2 Log levels during TLS negotiation. ## - 3 Log hexadecimal and ASCII dump of TLS negotiation process. ## - 4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS. ## - smtpd_tls_loglevel = 1 smtp_tls_loglevel = 1 smtpd_tls_cert_file = $_TLS_CERT_FILE smtpd_tls_key_file = $_TLS_KEY_FILE ## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. ## - ## - Dont't forget to create it, e.g with openssl: ## - openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024 ## - #smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem ## - also possible to use 2048 key with that parameter ## - smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem ## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. ## - ## - Dont't forget to create it, e.g with openssl: ## - openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512 ## - smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem ## - File containing CA certificates of root CAs trusted to sign either remote SMTP ## - server certificates or intermediate CA certificates. These are loaded into ## - memory !! BEFORE !! the smtp(8) client enters the chroot jail. ## - smtp_tls_CAfile = $_TLS_CA_FILE ## - Directory with PEM format certificate authority certificates that the Postfix SMTP ## - client uses to verify a remote SMTP server certificate. Don't forget to create the ## - necessary "hash" links with, for example, " ## - $OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". ## - ## - !! Note !! ## - To use this option in chroot mode, this directory (or a copy) must be inside ## - the chroot jail. ## - ## - Note that a chrooted daemon resolves all filenames relative to the Postfix ## - queue directory (/var/spool/postfix) ## - #smtpd_tls_CApath = /etc/postfix/certs # Disable SSLv2 SSLv3 - Postfix SMTP server # # List of TLS protocols that the Postfix SMTP server will exclude or # include with opportunistic TLS encryption. smtpd_tls_protocols = !SSLv2, !SSLv3 # # The SSL/TLS protocols accepted by the Postfix SMTP server # with mandatory TLS encryption. smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 # Disable SSLv2 SSLv3 - Postfix SMTP client # # List of TLS protocols that the Postfix SMTP client will exclude or # include with opportunistic TLS encryption. smtp_tls_protocols = !SSLv2, !SSLv3 # # List of SSL/TLS protocols that the Postfix SMTP client will use # with mandatory TLS encryption smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 ## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange ## - openssl > 1.0 ## - smtpd_tls_eecdh_grade = strong # standard list cryptographic algorithm tls_preempt_cipherlist = yes # Disable ciphers which are less than 256-bit: # #smtpd_tls_mandatory_ciphers = high # # opportunistic smtpd_tls_ciphers = high # Exclude ciphers #smtpd_tls_exclude_ciphers = # RC4 # aNULL # SEED-SHA # EXP # MD5 smtpd_tls_exclude_ciphers = aNULL eNULL EXPORT DES RC4 MD5 PSK aECDH EDH-DSS-DES-CBC3-SHA EDH-RSA-DES-CDC3-SHA KRB5-DE5 CBC3-SHA smtpd_tls_session_cache_database = btree:\${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:\${data_directory}/smtp_scache #======= SASL Authentification ============ smtpd_sasl_auth_enable = yes smtpd_sasl_type=dovecot smtpd_sasl_path=private/dovecot-auth smtpd_sasl_security_options = noanonymous smtpd_sasl_authenticated_header = yes broken_sasl_auth_clients = yes ## - Optional lookup table with the SASL login names that own ## - sender (MAIL FROM) addresses. smtpd_sender_login_maps = #======= Virtual mailboxes ============ ## - Local Mailboxes ## - virtual_mailbox_base = /var/vmail virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 ## - virtual_transport ## - ================= ## - ## - using postfix ## - virtual_transport = virtual ## - ## - using dovecot lda ## - virtual_transport = dovecot ## - ## - using dovecot's lmtp service ## - virtual_transport = lmtp:unix:private/dovecot-lmtp ## - virtual_transport = virtual virtual_mailbox_maps = virtual_mailbox_domains = ## - Optional lookup tables that alias specific mail addresses or domains ## - to other local or remote address. The table format and lookups are ## - documented in virtual(5). For an overview of Postfix address ## - manipulations see the ADDRESS_REWRITING_README document. ## - virtual_alias_maps = ## - mailman #hash:/var/lib/mailman/data/virtual-mailman ## - Postfix is final destination for the specified list of virtual alias ## - domains, that is, domains for which all addresses are aliased to addresses ## - in other local or remote domains. The SMTP server validates recipient ## - addresses with \$virtual_alias_maps and rejects non-existent recipients. ## - See also the virtual alias domain class in the ADDRESS_CLASS_README file ## - virtual_alias_domains = #header_checks = pcre:/etc/postfix/header_checks prepend_delivered_header = forward, file #======= Restrictions ============ smtpd_recipient_restrictions = # only special accounts (postmaster, abuse and other rolr accounts) check_recipient_access btree:/etc/postfix/access_recipient-rfc, # White- / Blacklisting check_sender_access btree:/etc/postfix/access_sender, check_recipient_access btree:/etc/postfix/access_recipient, # permit trusted network (mynetwork) permit_mynetworks, # permit our users permit_sasl_authenticated, # dont' accept misconfigured Mail reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unlisted_recipient, # don't accept misconfigured recipients # RBL check - !! comment out if postcreens postscreen_dnsbl_sites is in use # Whitelist (configured on a.ns.oopen.de # in /opt/tinydns/root/zonefiles/dnswl.oopen.de.zone ) permit_dnswl_client dnswl.oopen.de, # Blacklists reject_rbl_client zen.spamhaus.org, reject_rbl_client ix.dnsbl.manitu.net, #reject_rbl_client bl.spamcop.net, # March 1, 2013: NJABL is in the process of being shut down #reject_rbl_client dnsbl.njabl.org, # Policyd-Weight #check_policy_service inet:127.0.0.1:12525, # Greylisting check #warn_if_reject, #check_policy_service inet:127.0.0.1:10023, # Reject the request unless one of the following is true: # # - Postfix is mail forwarder: the resolved RCPT TO domain matches $relay_domains # or a subdomain thereof, and contains no sender-specified routing (user@elsewhere@domain), # # # - Postfix is the final destination: the resolved RCPT TO domain matches # $mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, # or $virtual_mailbox_domains, and contains no sender-specified routing (user@elsewhere@domain). reject_unverified_recipient, # permit Backup MX permit_mx_backup, # forbid all other relaying reject_unauth_destination, # permit, if all restrictions so far passed permit ## - Sinve version 2.11 ## - smtpd_relay_restrictions = # only special accounts (postmaster, abuse and other rolr accounts) check_recipient_access btree:/etc/postfix/access_recipient-rfc, # White- / Blacklisting check_sender_access btree:/etc/postfix/access_sender, check_recipient_access btree:/etc/postfix/access_recipient, # permit trusted network (mynetwork) permit_mynetworks, # permit our users permit_sasl_authenticated, # dont' accept misconfigured Mail reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unlisted_recipient, # don't accept misconfigured recipients # RBL check - !! comment out if postcreens postscreen_dnsbl_sites is in use # Whitelist (configured on a.ns.oopen.de # in /opt/tinydns/root/zonefiles/dnswl.oopen.de.zone ) permit_dnswl_client dnswl.oopen.de, # Blacklists reject_rbl_client zen.spamhaus.org, reject_rbl_client ix.dnsbl.manitu.net, #reject_rbl_client bl.spamcop.net, # March 1, 2013: NJABL is in the process of being shut down #reject_rbl_client dnsbl.njabl.org, # Policyd-Weight #check_policy_service inet:127.0.0.1:12525, # Greylisting check #warn_if_reject, #check_policy_service inet:127.0.0.1:10023, # Reject the request unless one of the following is true: # # - Postfix is mail forwarder: the resolved RCPT TO domain matches $relay_domains # or a subdomain thereof, and contains no sender-specified routing (user@elsewhere@domain), # # # - Postfix is the final destination: the resolved RCPT TO domain matches # $mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, # or $virtual_mailbox_domains, and contains no sender-specified routing (user@elsewhere@domain). reject_unverified_recipient, # permit Backup MX permit_mx_backup, # forbid all other relaying reject_unauth_destination, # permit, if all restrictions so far passed permit EOF ## - create directory for certificates and copy certificates ## - and coresponding keys to /etc/postfix/ssl/ ## - mkdir -p /etc/postfix/ssl cp /etc/postfix/ssl/ #mkdir -p /etc/postfix/ssl/certs ## - generate DH parameters that the Postfix SMTP server should use ## - with EDH ciphers (length 512 and 1024 ## - openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512 openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024 openssl gendh -out /etc/postfix/ssl/dh_2048.pem -2 2048 ## - put all CA root certs you trustet into directory /etc/postfix/certs ## - afterwards create the hashes: ## - c_rehash /etc/postfix/sslcerts ## - ## - ## - create directory for trusted root certificates and copy ## - certificates into it ## - #mkdir -p /etc/postfix/certs # #c_rehash /etc/postfix/certs # ## - Note that a chrooted daemon resolves all filenames relative to the Postfix ## - queue directory (/var/spool/postfix) # #mkdir -p /var/spool/postfix/etc/postfix/ #cp -a /etc/postfix/certs /var/spool/postfix/etc/postfix/ ## - create files ## - cat < /etc/postfix/access_recipient-rfc # if destination is ok, permit /^postmaster\@/ permit_auth_destination /^abuse\@/ permit_auth_destination EOF postmap btree:/etc/postfix/access_recipient-rfc cat < /etc/postfix/access_sender ## - bekannte Virus/Spam Absener blocken ## - error@mailfrom.com REJECT EOF ## - Notice: ## - this (access_sender) list can also be used as white list: ## - backup@b3-bornim.de OK ## - backup_file-ah@oopen.de OK ## - backup_file-spr@oopen.de OK ## - root_file_spr@oopen.de OK ## - backup_anw-urban@oopen.de OK ## - anonymous@bbb-server.b3-bornim.de OK postmap btree:/etc/postfix/access_sender echo > /etc/postfix/access_recipient postmap btree:/etc/postfix/access_recipient echo > /etc/postfix/transport postmap btree:/etc/postfix/transport echo > /etc/postfix/relay_domains postmap btree:/etc/postfix/relay_domains ## - Eliminate Sender ip-address, repalce with 127.0.0.1 ## - echo '/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\)).*?([[:space:]]+).*\(Authenticated sender: ([^)]+)\)(.*)/ REPLACE Received: from [127.0.0.1] (localhost [127.0.0.1])$2(Authenticated sender: $3)$4' > /etc/postfix/header_checks ## - add to /etc/aliases ## - ## - postmaster: root ## - abuse: root ## - root: argus@oopen.de ## - ## - and execute "newaliases" to generate /etc/aliases.db ## - newaliases ## - Configure rsyslogd to avoid writing into two logfiles (syslog, mail.log) ## - ## - !! APPEND to /etc/rsyslog.d/postfix.conf ## - cat << EOF >> /etc/rsyslog.d/postfix.conf # # Logging for the mail system. Split it up so that # it is easy to write scripts to parse these files. # mail.info -/var/log/mail.info mail.warn -/var/log/mail.warn mail.err /var/log/mail.err mail.* -/var/log/mail.log & ~ EOF /etc/init.d/rsyslog restart ## - Create user and directory for virtual mailboxes ## - useradd -s /bin/false -d /var/vmail -M -u 5000 vmail mkdir /var/vmail chown vmail:vmail /var/vmail chmod 700 /var/vmail ## - Create Listener for user authenticated smtp connection port 587 (submission) ## - and port 465 (smtps) ## - ## - Two posibilities: ## - 1.) Do not filter outgong e-mails ## - 2.) Filter outgoing e-mails (amavis) ## - ## ------------------------------------------------------- ## - Configure smtps and submission WITHOUT filtering ## - edit /etc/postfix/master.cf - and add services on ## - submissionport (587) an smtpds (465). on these ports ## - only allow authenticated users ## - ## - submission inet n - - - - smtpd ## - -o smtpd_tls_security_level=encrypt ## - -o smtpd_sasl_auth_enable=yes ## - -o smtpd_client_restrictions=permit_sasl_authenticated,reject ## - # -o milter_macro_daemon_name=ORIGINATING ## - ## - smtps inet n - - - - smtpd ## - -o smtpd_tls_wrappermode=yes ## - -o smtpd_sasl_auth_enable=yes ## - -o smtpd_client_restrictions=permit_sasl_authenticated,reject ## - vim /etc/postfix/master.cf ## - End: Configure smtps and submission WITHOUT filtering ## ------------------------------------------------------- ## ------------------------------------------------------- ## - Configure smtps and submission WITH filtering ## - in file /etc/postfix/master.cf ## - ## - 1.) add to smtp entry ## - ## - smtp inet n - - - - smtpd ## - -o smtpd_proxy_filter=127.0.0.1:10024 ## - -o content_filter= ## - ## - 2.) add to / create submisson entry: ## - ## - submission inet n - - - 20 smtpd ## - -o content_filter=amavisfeed:[127.0.0.1]:10024 ## - -o smtpd_tls_security_level=encrypt ## - -o smtpd_sasl_auth_enable=yes ## - -o smtpd_client_restrictions=permit_sasl_authenticated,reject ## - # -o milter_macro_daemon_name=ORIGINATING ## - ## - ## - 3.) add to / create "smtps" entry ## - ## - smtps inet n - - - - smtpd ## - -o content_filter=amavisfeed:[127.0.0.1]:10024 ## - -o smtpd_tls_wrappermode=yes ## - -o smtpd_sasl_auth_enable=yes ## - -o smtpd_client_restrictions=permit_sasl_authenticated,reject ## - # -o milter_macro_daemon_name=ORIGINATING ## - ## - ## - 4.) add entry "amavisfeed" ## - ## - amavisfeed unix - - n - 20 lmtp ## - -o smtp_data_done_timeout=1200 ## - -o smtp_send_xforward_command=yes ## - -o disable_dns_lookups=yes ## - ... ## - ## - so it looks like: ## - smtp inet n - - - - smtpd -o smtpd_proxy_filter=127.0.0.1:10024 -o content_filter= submission inet n - - - 20 smtpd -o content_filter=amavisfeed:[127.0.0.1]:10024 -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - - - - smtpd -o content_filter=amavisfeed:[127.0.0.1]:10024 -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING amavisfeed unix - - n - 20 lmtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes ## - End: Configure smtps and submission WITH filtering ## ------------------------------------------------------- ## --------------------------------------------------------- # ## --- Install Greylist-Daemon and configure for Postfix --- # ## --------------------------------------------------------- # apt-get install postgrey ## - configure Postgrey-Daemon ## - ## - the default values are: ## - host: localhost (127.0.0.1) ## - port: 10023 ## - delay: 300 seconds ## - max ge: 35 days ## - ## - --inet=10023 --inet=[HOST:]PORT listen on PORT, localhost if HOST is not specified ## - --delay=N how long to greylist, seconds (default: 300) ## - --max-age=N delete old entries after N days (default: 35) ## - ## - you can also specify whitelists (for client hostnames ## - and recipients) ## - see whitelist_clients and whitelist_recipients in /etc/postgrey ## - cp /usr/share/postgrey/postgrey-default /etc/default/postgrey ## - edit /etc/default/postgrey ## - ## - set: ## - POSTGREY_OPTS="--inet=10023 --delay=149" ## - vim /etc/default/postgrey ## - Complement the client whitelist. Put additional entries ## - into file /etc/postgrey/whitelist_clients.local ## - ## - Notice the following Problem ## - A delivery attempt runs into greylisting (because ist the first ## - time) - Thats OK. But the next delivery attempt for just the same ## - e-mail comes from another very different client-ip - and runs into ## - greylisting again, and again, and again.. ## - ## - very different client-ip meens: even if stripping the last byte of ## - the ip-address, postgreys default (--lookup-by-subnet), the rest of ## - the ip-addresse ist still different. ## - ## - cat << EOF > /etc/postgrey/whitelist_clients.local # For Office 365 - servers: ##/.*outbound.protection.outlook.com\$/ /^mail-.*\.outbound\.protection\.outlook\.com\$/ EOF /etc/init.d/postgrey restart ## - start at boot time ## - update-rc.d postgrey defaults ## - /etc/postfix/main.cf ## - ## - ## - in section Restrictions, parameter smtpd_recipient_restrictions ## - uncomment add ## - ## - ceck_policy_service inet:127.0.0.1:10023,, ## - ## - Notice: ## - you can use the directive "warn_if_reject" just befor the check_policy_service ## - directive and let it ## - To bring postgrey to learn about incomming wanted emails, but not rejecting them ## - by firts arrival, you can use the directive "warn_if_reject" just befor the check_policy_service ## - directive. then the following directive "check_policy_service" will not reject, but ## - only logging. ## - vim /etc/postfix/main.cf /etc/init.d/postfix reload ## ------------------------- # ## --- install vacation --- # ## ------------------------- # if [ "$_db_type" = "postgres" -o "$_db_type" = "postgresql" -o "$_db_type" = "pgsql" -o "$_db_type" = "psql" ];then _db_type=Pg fi ## - install prerequisites ## - apt-get install libdbi-perl libmime-encwords-perl libemail-valid-perl \ libmail-sendmail-perl liblog-log4perl-perl libdbd-pg-perl \ libmail-sender-perl ## - If MySQL/Postgres was installed from debian package system, install also perl ## - modules "DBI" and DBD::mysql/DBD::Pg from debian package system ## - if [ "$_db_type" = "Pg" ]; then apt-get install libdbd-pgsql libdbd-pg-perl libdbi-perl libdbi-dev else apt-get install libdbd-mysql libdbd-mysql-perl libdbi-perl libdbi-dev fi ## - If MySQL/PostgresSQL was installed from source, install perl modules "DBI" and ## - "DBD::mysql" via cpan ## - cpan -i DBI if [ "$_db_type" = "Pg" ]; then cpan -i DBD::Pg else cpan -i DBD::mysql fi ## - create a local accaount ## - ## - this user handles all potentially dangerous mail content - that is why it ## - should be a separate account. ## - addgroup --system --gid 65501 vacation adduser --system --home /var/spool/vacation --no-create-home --uid 65501 --gid 65501 --shell /usr/sbin/nologin vacation ## - create directory /var/spool/vacation ## - mkdir /var/spool/vacation chown vacation:vacation /var/spool/vacation ## - as perl binary, we use the vacation.pl from the postfixadmin distribution. ## - cd /usr/local/src/mailsystem/tarballs wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-${_pf_admin_version}/postfixadmin-${_pf_admin_version}.tar.gz ## - since postfixadmin v. 2.91 , the subject-patch i already included #wget http://sourceforge.net/p/postfixadmin/patches/_discuss/thread/69a7ce85/b4e9/attachment/vacation.pl_SUBJECT.patch cd /usr/local/src/mailsystem gunzip < tarballs/postfixadmin-${_pf_admin_version}.tar.gz | tar -xf - cd /tmp cp /usr/local/src/mailsystem/postfixadmin-${_pf_admin_version}/VIRTUAL_VACATION/vacation.pl /tmp/ ## - Add a patch ## - ## - Add capability to include the subject of the original mail in the subject of the vacation message. ## - A good vacation subject could be: 'Re: $SUBJECT' ## - Also corrected log entry about "Already informed ..." to show the $orig_from, not $email ## - #wget http://sourceforge.net/p/postfixadmin/patches/_discuss/thread/69a7ce85/b4e9/attachment/vacation.pl_SUBJECT.patch ## - Apply the patch ## - ## - !!Note: ## - Patch is already included in version of postfixadmin distribution >= 2.91 ## - #patch -p0 /tmp/vacation.pl /usr/local/src/mailsystem/tarballs/vacation.pl_SUBJECT.patch ## - postfixadmin, version 2.91 is broken if database backend is PostgreSQL ## - ## - I have written a patch, which fixes that errors ## - ## - Note: ## - Patch seems already included in version of postfixadmin distribution >= 2.91 ## - #patch vacation.pl /usr/local/src/mailsystem/tarballs/vacation-4.0r1.pl_PGSQL.patch ## - Encoding does not work as exspected. ## - ## - NOTE: ## - this IS NOT a fix, but a workaround ## - perl -i -n -p -e "s/(\s*\'ctype\'\s* =>\s*)\'text\/plain.*$/\1\'text\/plain; charset=iso-8859-1\',/" \ /tmp/vacation.pl ## - Copy vacation.pl into /var/spool/vacation/ ## - if [ -f /var/spool/vacation/vacation.pl ]; then mv /var/spool/vacation/vacation.pl /var/spool/vacation/vacation.pl.`date "+%Y%m%d-%H%M"` fi cp vacation.pl /var/spool/vacation/ chown vacation:vacation /var/spool/vacation/vacation.pl chmod 700 /var/spool/vacation/vacation.pl rm /tmp/vacation.pl ## - Configure script vacation.pl ## - ## - Notice: ## - the needed tables (named vacation and vacation_notification) are createt throug ## - postfixadmin installation /setup) ## - ## - instead of changing this script, we put the needed entries ## - to file /etc/postfixadmin/vacation.conf: ## - ## - $db_type = '$_db_type'; ## - $db_username = '$_db_user'; ## - $db_password = '$_db_pass'; ## - $db_name = '$_db_name'; ## - $vacation_domain = '$_autoreply_domain'; ## - $syslog = 0; ## - $log_to_file = 1; ## - $logfile = '/var/log/vacation.log'; ## - $log_level = 1; ## - $interval = 60*60*24; ## - mkdir /etc/postfixadmin/ cat < /etc/postfixadmin/vacation.conf \$db_type = '$_db_type'; \$db_username = '$_db_user'; \$db_password = '$_db_pass'; \$db_name = '$_db_name'; \$vacation_domain = '$_autoreply_domain'; \$syslog = 0; \$log_to_file = 1; \$logfile = '/var/log/vacation.log'; \$log_level = 1; \$interval = 60*60*24; EOF touch /var/log/vacation.log chown vacation:vacation /var/log/vacation.log ## - Logrotate entry for /var/log/vacation.log ## - cat < /etc/logrotate.d/vacation /var/log/vacation.log { daily start 0 rotate 7 missingok compress delaycompress notifempty create 640 vacation vacation copytruncate } EOF ## - Deprecated - Already fixed in distribution ## - ## - Fix an Error, considering syslog-functionality in vacation.pl ## - ## - replace (line 208) ## - Facility => 'mail', ## - with ## - facility => 'mail', ## - #perl -i.ORIG -n -p -e "s#^(\s*)Facility(\s+=.*)#\1facility\2#" /var/spool/vacation/vacation.pl ## - create an entry in /etc/hosts for the (non-existant domain) ## - autoreply.warenform.de ## - add: ## - ## - 127.0.0.1 autoreply.warenform.de ## - perl -i. -n -p -e"s#(^\s*127.0.0.1\s+localhost.*)#\1\n\n127.0.0.1 $_autoreply_domain#" /etc/hosts vim /etc/hosts ## - Define the transport type in the Postfix master file ## - /etc/postfix/master.cf ## - ## - vacation unix - n n - - pipe ## - flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient} ## - cat <> /etc/postfix/master.cf vacation unix - n n - - pipe flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f \${sender} -- \${recipient} EOF ## - Setup the transport maps file /etc/postfix/transport ## - ## - add line: ## - ## - autoreply.warenform.de vacation: ## - echo "$_autoreply_domain vacation:" >> /etc/postfix/transport postmap btree:/etc/postfix/transport ## - Notice: ## - take care the entry for transport_maps in /etc/postfix/main.cf ## - contains "btree:/etc/postfix/transport" ## - /etc/init.d/postfix reload ## --------------------------------------------------- ## ## --- Install AMaViS with ClamAV and Spamassassin --- ## ## --------------------------------------------------- ## ## - See file: amavis_clamav_sa.install ## ------------------------------ ## ## --- install dovecot server --- ## ## ------------------------------ ## ## - Use: ## - install_update_dovecot.sh ## - ## - (Old) textversion: install_dovecot+mysql.txt ## ---------------------------- ## ## --- install postfixadmin --- ## ## ---------------------------- ## ## - See file: postfixadmin.install ## ----------------------------------- ## ## --- install roundcube Webmailer --- ## ## ----------------------------------- ## ## - See file: roundcube.install ## ------------------------------------------------------ ## ## - Mailgraph - a RRDtool frontend for Mail statistics - ## ## ------------------------------------------------------ ## apt-get install rrdtool librrds-perl libfile-tail-perl cd /usr/local/src/mailsystem/tarballs wget http://mailgraph.schweikert.ch/pub/mailgraph-1.14.tar.gz gunzip < mailgraph-1.14.tar.gz | tar -xf - cd mailgraph-1.14 cp mailgraph.pl /usr/local/bin/ cp mailgraph-init mailgraph-init.ORIG cp mailgraph-init /etc/init.d/ chmod 755 /etc/init.d/mailgraph-init ## -------------------------------------- ## ## - some litle tests ## ## -------------------------------------- ## ## - test smtp (STARTTLS), submission (587) (STARTTLS), smtp (SSL), ## - pop3 (SSL), pop3 (STARTTLS), imap (SSL) and imap (STARTTLS) ## - openssl s_client -crlf -starttls smtp -connect localhost:25 [-state -debug] openssl s_client -crlf -starttls smtp -connect localhost:587 openssl s_client -crlf -connect localhost:465 openssl s_client -crlf -connect localhost:995 openssl s_client -crlf -starttls pop3 -connect localhost:110 openssl s_client -crlf -connect localhost:993 openssl s_client -crlf -starttls imap -connect localhost:143