install/mailsystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
0bde6546165384d6cd4d3c56b597d2102f5729d3
mailsystem/DOC/postfix/postfix_mailsystem.install

1707 lines
47 KiB
Plaintext
Raw Blame History

## ------------------------------------------------------------ ##
## - - ##
## - install postfix + dovecot + sieve + postfisadmin - ##
## - +roundecube - ##
## - - ##
## - supports ipv6 - ##
## - - ##
## ------------------------------------------------------------ ##
## - mx.warenform.de
## -
_WEBMAIL_IP_4=83.223.85.154
_WEBMAIL_IP_6=2a01:30:1fff:6::154
_APACHE_CONF_DIR=/usr/local/apache2/conf
_APACHE_VHOST_DIR=${_APACHE_CONF_DIR}/vhosts
_APACHE_LOG_DIR=/var/log/apache2
_ADMIN_EMAIL=argus@oopen.de
_TLS_CERT_DIR=/etc/postfix/ssl
_TLS_CERT_FILE="${_TLS_CERT_DIR}/mailserver.crt"
_TLS_KEY_FILE="${_TLS_CERT_DIR}/mailserver.key"
_TLS_CHAIN_FILE="${_TLS_CERT_DIR}/SSL123_CA_Bundle.pem"
_TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt
_HOSTNAME=mx.warenform.de
_IPV4=83.223.86.76
_IPV6=2a01:30:0:13:231:32ff:fe8b:7763
_autoreply_domain='autoreply.warenform.de'
#_pf_admin_version=2.3.7
# _pf_admin_version=2.91
_pf_admin_version=3.0.2
_db_type='Pg'
#_db_type='mysql'
_db_name='postfix'
_db_user='postfix'
_db_pass='CbX8vg347Vvm'
## -
## - ENDE: mx.warenform.de
## - a.mx.oopen.de
## -
_WEBMAIL_IP_4=83.223.86.91
_WEBMAIL_IP_6=2a01:30:0:13:2f7:50ff:fed2:cef7
_APACHE_CONF_DIR=/usr/local/apache2/conf
_APACHE_VHOST_DIR=${_APACHE_CONF_DIR}/vhosts
_APACHE_LOG_DIR=/var/log/apache2
_ADMIN_EMAIL=argus@oopen.de
_TLS_CERT_DIR=/etc/postfix/ssl
_TLS_CERT_FILE="${_TLS_CERT_DIR}/mailserver.crt"
_TLS_KEY_FILE="${_TLS_CERT_DIR}/mailserver.key"
_TLS_CHAIN_FILE="${_TLS_CERT_DIR}/sub.class2.server.ca.pem"
_TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt
_HOSTNAME=a.mx.oopen.de
_IPV4=83.223.86.91
_IPV6=2a01:30:0:13:2f7:50ff:fed2:cef7
_autoreply_domain='autoreply.oopen.de'
#_pf_admin_version=2.3.7
#_pf_admin_version=2.91
_pf_admin_version=3.0
_db_type='Pg'
#_db_type='mysql'
_db_name='postfix'
_db_user='postfix'
_db_pass='FKt4z55FxMZp'
## -
## -ENDE: a.mx.oopen.de
## - sympa.oopen.de
## -
_WEBMAIL_IP_4=83.223.85.206
_WEBMAIL_IP_6=2a01:30:0:13:239:a7ff:fe7e:1129
_APACHE_CONF_DIR=/usr/local/apache2/conf
_APACHE_VHOST_DIR=${_APACHE_CONF_DIR}/vhosts
_APACHE_LOG_DIR=/var/log/apache2
_ADMIN_EMAIL=argus@oopen.de
_TLS_CERT_DIR=/etc/postfix/ssl
_TLS_CERT_FILE="${_TLS_CERT_DIR}/mailserver.crt"
_TLS_KEY_FILE="${_TLS_CERT_DIR}/mailserver.key"
_TLS_CHAIN_FILE="${_TLS_CERT_DIR}/sub.class2.server.ca.pem"
_TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt
_HOSTNAME=sympa.oopen.de
_IPV4=83.223.85.206
_IPV6=2a01:30:0:13:239:a7ff:fe7e:1129
_autoreply_domain='autoreply.oopen.de'
#_pf_admin_version=2.3.7
_pf_admin_version=2.91
_db_type='Pg'
#_db_type='mysql'
_db_name='postfix'
_db_user='postfix'
_db_pass='FKt4z55FxMZp'
## -
## -ENDE: sympa.oopen.de
## - d.mx.oopen.de
## -
_WEBMAIL_IP_4=83.223.86.92
_WEBMAIL_IP_6=2a01:30:0:13:254:9eff:fed5:e7fd
_APACHE_CONF_DIR=/usr/local/apache2/conf
_APACHE_VHOST_DIR=${_APACHE_CONF_DIR}/vhosts
_APACHE_LOG_DIR=/var/log/apache2
_ADMIN_EMAIL=argus@oopen.de
_TLS_CERT_DIR=/etc/postfix/ssl
_TLS_CERT_FILE="${_TLS_CERT_DIR}/mailserver.crt"
_TLS_KEY_FILE="${_TLS_CERT_DIR}/mailserver.key"
_TLS_CHAIN_FILE="${_TLS_CERT_DIR}/sub.class2.server.ca.pem"
_TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt
_HOSTNAME=d.mx.oopen.de
_IPV4=83.223.86.92
_IPV6=83.223.86.92
_autoreply_domain='autoreply.oopen.de'
#_pf_admin_version=2.3.7
_pf_admin_version=2.91
_db_type='Pg'
#_db_type='mysql'
_db_name='postfix'
_db_user='postfix'
_db_pass='FKt4z55FxMZp'
## -
## -ENDE: d.mx.oopen.de
## - mail.interventionistische-linke.org
## -
_WEBMAIL_IP_4=83.223.85.215
_WEBMAIL_IP_6=2a01:30:1fff:5::215
_APACHE_CONF_DIR=/usr/local/apache2/conf
_APACHE_VHOST_DIR=${_APACHE_CONF_DIR}/vhosts
_APACHE_LOG_DIR=/var/log/apache2
_ADMIN_EMAIL=argus@oopen.de
_TLS_CERT_DIR=/etc/postfix/ssl
_TLS_CERT_FILE="${_TLS_CERT_DIR}/mailserver.crt"
_TLS_KEY_FILE="${_TLS_CERT_DIR}/mailserver.key"
_TLS_CHAIN_FILE="${_TLS_CERT_DIR}/sub.class2.server.ca.pem"
_TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt
_HOSTNAME=mail.interventionistische-linke.org
_IPV4=83.223.85.214
_IPV6=2a01:30:1fff:5::214
_autoreply_domain='autoreply.interventionistische-linke.org'
#_pf_admin_version=2.3.7
_pf_admin_version=2.91
_db_type='Pg'
#_db_type='mysql'
_db_name='postfix'
_db_user='postfix'
_db_pass='NcXxt7sf7bfV'
## -
## -ENDE: mail.interventionistische-linke.org
## - listserver.so36.net
## -
_WEBMAIL_IP_4='<not-in-use>'
_WEBMAIL_IP_6='<not-in-use>'
_APACHE_CONF_DIR='<not-in-use>'
_APACHE_VHOST_DIR='<not-in-use>'
_APACHE_LOG_DIR='<not-in-use>'
_ADMIN_EMAIL=roots@so36.net
_TLS_CERT_DIR=/etc/postfix/ssl
_TLS_CERT_FILE="${_TLS_CERT_DIR}/mailserver.crt"
_TLS_KEY_FILE="${_TLS_CERT_DIR}/mailserver.key"
_TLS_CHAIN_FILE="${_TLS_CERT_DIR}/sub.class2.server.ca.pem"
_TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt
_HOSTNAME=listserver.so36.net
_IPV4=83.223.73.213
_IPV6=2a01:30:1fff:fd00::213
_autoreply_domain='<not-in-use>'
#_pf_admin_version=2.3.7
_pf_admin_version='<not-in-use>'
#_db_type=pg
#_db_type='mysql'
_db_name='<not-in-use>'
_db_user='<not-in-use>'
_db_pass='<not-in-use>'
## -
## -ENDE: listserver.so36.net
## ------------------------------------------------------------ ##
## - Download debian prerequisites - ##
## ------------------------------------------------------------ ##
## -
## - compiler stuff
## -
apt-get install g++ g++-multilib gcc gcc-multilib cpp make libssl-dev
apt-get install automake autoconf libtool flex bison gnu-standards
apt-get install libdb-dev
## - Postgres (if needed)
## -
cat <<EOF > /etc/apt/sources.list.d/pgdg.list
deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main
EOF
apt-get update
apt-get install pgdg-keyring
apt-get install postgresql postgresql-client
## - SSL/TLS support
apt-get install libssl-dev
## - obtain dovecot from Mercurial repository
apt-get install hgsvn
## - Mysql
## -
#apt-get install mysql-server-5.0 mysql-client-5.0 libmysqlclient15-dev
## - SASL support
## -
#apt-get install libsasl2-dev libsasl2-2
## - I think quota is not needed, because quota support is
## - softwareside realised
## -
## - ## - quota support
## - ## -
## - apt-get install quota
## -
## - ## - /etc/fstab
## - ## -
## - ## - proc /proc proc defaults 0 0
## - ## - none /dev/pts devpts gid=5,mode=620 0 0
## - ## - /dev/md0 none swap sw 0 0
## - ## - /dev/md1 /boot ext3 defaults 0 0
## - ## - /dev/md2 / ext3 defaults,usrquota,grpquota 0 0
## - ## - /dev/md3 /data ext3 defaults,usrquota,grpquota 0 0
## ------------------------------------------------------------ ##
## - Download sources - ##
## ------------------------------------------------------------ ##
mkdir -p /usr/local/src/mailsystem/tarballs
cd /usr/local/src/mailsystem/tarballs
# - postfix
## -
#wget http://de.postfix.org/ftpmirror/official/postfix-2.7.1.tar.gz
## - postfixadmin (needed for vacation plugin)
## -
#wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.3.7/postfixadmin-2.3.7.tar.gz
#wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.91/postfixadmin-2.91.tar.gz
wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-${_pf_admin_version}/postfixadmin-${_pf_admin_version}.tar.gz
## ------------------------------------------------------------ ##
## - Install software - ##
## ------------------------------------------------------------ ##
## --------------------------------- #
## --- install Apapche webserver --- #
## --------------------------------- #
apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils
## - access server-status
## -
## - Allow from 178.63.63.151 127.0.0.1
## -
vim /etc/apache2/mods-enabled/status.conf
## - configure ports
## -
## - NameVirtualHost 178.63.63.151:80
## - Listen 178.63.63.151:80
## - Listen 127.0.0.1:80
## -
## - <IfModule mod_ssl.c>
## - # SSL name based virtual hosts are not yet supported, therefore no
## - # NameVirtualHost statement here
## - NameVirtualHost 178.63.63.151:443
## - Listen 178.63.63.151:443
## - </IfModule>
## -
vim /etc/apache2/ports.conf
## - configure default site
## -
rm /etc/apache2/sites-enabled/000-default
mv /etc/apache2/sites-available/default /etc/apache2/sites-available/_default
mv /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/_default-ssl
mkdir -p /var/www
## - Apache base configuration
## -
cat <<EOF > ${_APACHE_VHOST_DIR}/000default.conf
<Directory />
Options FollowSymLinks
AllowOverride None
## - Apache httpd 2.2.x
#Order deny,allow
#Deny from all
## - Apache httpd 2.4.x
Require all denied
</Directory>
<Directory "/var/www/">
AllowOverride None
## - Apache httpd 2.2.x
#Order deny,allow
#Deny from all
## - Apache httpd 2.4.x
Require all granted
</Directory>
## - the first VirtualHost Directive - All Requests
## - with no concerning VirtualHost Directive will be
## - handelde here
<VirtualHost ${_WEBMAIL_IP_4}:80>
ServerAdmin $_ADMIN_EMAIL
ServerName dummy.warenform.net
RewriteEngine On
RewriteCond %{HTTP_HOST} .*
RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
</VirtualHost>
<VirtualHost ${_WEBMAIL_IP_4}:443>
ServerAdmin $_ADMIN_EMAIL
ServerName dummy.warenform.net
DocumentRoot /var/www/
SSLEngine on
SSLHonorCipherOrder On
SSLCompression Off
SSLProtocol ALL -SSLv2 -SSLv3
SSLCipherSuite EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
Header add Strict-Transport-Security "max-age=15768000"
SSLCertificateFile ${_APACHE_CONF_DIR}/server.crt
SSLCertificateKeyFile ${_APACHE_CONF_DIR}/server.key
SSLCACertificateFile ${_APACHE_CONF_DIR}/SSL123_CA_Bundle.pem
</VirtualHost>
<VirtualHost 127.0.0.1:80>
ServerAdmin admin@warenform.net
ServerName dummy.warenform.net
</VirtualHost>
## - IPv6
## -
<VirtualHost [${_WEBMAIL_IP_6}]:80>
ServerAdmin $_ADMIN_EMAIL
ServerName dummy.warenform.net
RewriteEngine On
RewriteCond %{HTTP_HOST} .*
RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
</VirtualHost>
<VirtualHost [${_WEBMAIL_IP_6}]:443>
ServerAdmin $_ADMIN_EMAIL
ServerName dummy.warenform.net
DocumentRoot /var/www/
SSLEngine on
SSLHonorCipherOrder On
SSLCompression Off
SSLProtocol ALL -SSLv2 -SSLv3
SSLCipherSuite EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
Header add Strict-Transport-Security "max-age=15768000"
SSLCertificateFile ${_APACHE_CONF_DIR}/server.crt
SSLCertificateKeyFile ${_APACHE_CONF_DIR}/server.key
SSLCACertificateFile ${_APACHE_CONF_DIR}/SSL123_CA_Bundle.pem
</VirtualHost>
EOF
#ln -s ../sites-available/000default.conf /etc/apache2/sites-enabled/
## - enable module ssl
## -
a2enmod ssl
## - include certificates
## -
chgrp ssl-cert /etc/ssl/private/20091103-0058-aktionsbuendnis_key.pem
chmod 640 /etc/ssl/private/20091103-0058-aktionsbuendnis_key.pem
chmod 644 /etc/ssl/certs/20091103-0058-aktionsbuendnis_crt.pem
## - enable module ssl
## -
a2enmod rewrite
## - enable sites
## - put the VirtualHosts Directives in files living in the
## - directory /etc/apache2/sites-available
## - i.e. you have configured the files
## - - 000default.conf
## - - aktionsbuendnis.oopen.de.conf
## -
#a2ensite 000default.conf aktionsbuendnis.oopen.de.conf
a2ensite 000default.conf
## --------------------------------------------------------- #
## --- install PHP (needed for postfixadmin / roundcube) --- #
## --------------------------------------------------------- #
## - Zusatzinstallation php (fuer: postfixadmin / roundcube)
## -
apt-get install libexpat1 mcrypt imagemagick
mpt-get install libcompress-zlib-perl
apt-get install re2c
apt-get install libmagic-dev
apt-get install php5 php5-common php5-cli php5-pgsql \
php5-mcrypt php5-gd php5-imagick php5-curl \
php-pear php5-suhosin php5-mhash php5-dev \
php-file php-gettext php-auth
apt-get install php5-imap uw-mailutils
## - settings /etc/php5/apache2/php.ini
## -
vim /etc/php5/apache2/php.ini
memory_limit = 128M
register_globals = Off
session.save_handler = file
error_reporting = E_ALL
safe_mode = Off
session.cache_limiter = nocache
cgi.fix_pathinfo=1
apt-get install libmysqlclient15-dev
pecl channel-update pear.php.net
pecl install fileinfo
## - already included in php 5.3
## -
## - #extension=pdo.so
## - #extension=pdo_mysql.so
## - #extension=fileinfo.so
#vim /etc/php5/apache2/php.ini
mkdir -p /var/www/adm.warenform.de
## ----------------------- ##
## --- install postfix --- ##
## ----------------------- ##
## *************************** ##
## - install from source - ##
_postfix_version=2.11.5
## - postfix user/group anlegen
## -
addgroup --system postfix
addgroup --system postdrop
adduser --system --home /var/spool/postfix --group postfix postfix
cd /usr/local/src/mailsystem/tarballs
wget http://de.postfix.org/ftpmirror/official/postfix-${_postfix_version}.tar.gz
cd /usr/local/src/mailsystem
gunzip < tarballs/postfix-${_postfix_version}.tar.gz | tar -xf -
cd postfix-$_postfix_version
## - For Postgres (PCRE-support, TLS-support, SASL-support also included)
## -
make makefiles \
CCARGS="-DHAS_PGSQL -I/usr/include/postgresql -DHAS_PCRE `pcre-config --cflags` -DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl" \
AUXLIBS="-L/usr/lib/x86_64-linux-gnu -lpg `pcre-config --libs` -lssl -lcrypto -L/usr/lib/x86_64-linux-gnu -lsasl2"
## - For MySQL installed to /usr/local/Mysql (PCRE-support, TLS-support, SASL-support also included)
## -
make makefiles \
CCARGS="-DHAS_MYSQL -I/usr/local/mysql/include -DHAS_PCRE `pcre-config --cflags` -DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl" \
AUXLIBS="-L/usr/local/mysql/lib -lmysqlclient -lz -lm `pcre-config --libs` -lssl -lcrypto -L/usr/lib/x86_64-linux-gnu -lsasl2"
make
make install
## ************************************** ##
## - install from debian package-system - ##
## -
## - since debian wheezy, postfix-tls is integrated in postfix package
## -
# - postfix
apt-get install -t jessie-backports postfix postfix-pgsql postfix-pcre
# - mysql
apt-get install -t jessie-backports postfix postfix-mysql postfix-pcre
## - remove exim4 and related if installed and you plan
## - to install an alternative mailer
## -
apt-get remove --purge bsd-mailx exim4 exim4-base exim4-config \
exim4-daemon-light mailx
apt-get install postfix postfix-pcre libsasl2-modules bsd-mailx haveged
## - !! Notice:
## -
## - If using MySQL and MySQL was installed from source, then
## - remove/check my.cnf file from debian package "mysql-common",
## - which will be installed within postfix-mysql.
## -
## - !! End: Notice
## - adjust main.cf
## -
cp /etc/postfix/main.cf /etc/postfix/main.cf.ORIG
cat <<EOF > /etc/postfix/main.cf
# ============ Basic settings ============
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
myorigin = /etc/mailname
smtpd_banner = \$myhostname ESMTP \$mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
#readme_directory = no
readme_directory = /usr/share/doc/postfix
html_directory = /usr/share/doc/postfix/html
## - The Internet protocols Postfix will attempt to use when making
## - or accepting connections.
## - DEFAULT: ipv4
EOF
if [ -n "$_IPV6" ]; then
cat <<EOF >> /etc/postfix/main.cf
inet_protocols = ipv4, ipv6
#inet_interfaces = all
inet_interfaces =
127.0.0.1
$_IPV4
$_IPV6
myhostname = $_HOSTNAME
mydestination =
$_HOSTNAME
localhost
## - The list of "trusted" SMTP clients that have more
## - privileges than "strangers"
## -
mynetworks =
127.0.0.0/8
[::ffff:127.0.0.0]/104
[::1]/128
${_IPV4}/32,
[${_IPV6}]/128
# b.mx.oopen.de
#83.223.86.162/32
#[2a01:30:1fff:a::162]/128
smtp_bind_address = $_IPV4
smtp_bind_address6 = $_IPV6
EOF
else
cat <<EOF >> /etc/postfix/main.cf
inet_protocols = ipv4
#inet_interfaces = all
inet_interfaces =
127.0.0.1
$_IPV4
myhostname = $_HOSTNAME
mydestination =
$_HOSTNAME
localhost
## - The list of "trusted" SMTP clients that have more
## - privileges than "strangers"
## -
mynetworks =
127.0.0.0/8
${_IPV4}/32
# b.mx.oopen.de
#83.223.86.162/32
#[2a01:30:1fff:a::162]/128
smtp_bind_address = $_IPV4
#smtp_bind_address6 = $_IPV6
EOF
fi
cat <<EOF >> /etc/postfix/main.cf
## - The method to generate the default value for the mynetworks parameter.
## -
## - mynetworks_style = host" when Postfix should "trust" only the local machine
## - mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP
## - clients in the same IP subnetworks as the local machine.
## - mynetworks_style = class" when Postfix should "trust" SMTP clients in the same
## - IP class A/B/C networks as the local machine.
## -
#mynetworks_style = host
## - The maximal size of any local(8) individual mailbox or maildir file,
## - or zero (no limit). In fact, this limits the size of any file that is
## - written to upon local delivery, including files written by external
## - commands that are executed by the local(8) delivery agent.
## -
mailbox_size_limit = 0
## - The maximal size in bytes of a message, including envelope information.
## -
## - we user 50MB
## -
message_size_limit = 52480000
## - The system-wide recipient address extension delimiter
## -
recipient_delimiter = +
## - The alias databases that are used for local(8) delivery.
## -
alias_maps =
hash:/etc/aliases
## - The alias databases for local(8) delivery that are updated
## - with "newaliases" or with "sendmail -bi".
## -
alias_database =
hash:/etc/aliases
## - Optional lookup tables with mappings from recipient address
## - to (message delivery transport, next-hop destination).
## - See transport(5) for details.
## -
transport_maps =
btree:/etc/postfix/transport
btree:/etc/postfix/relay_domains
## - The maximal time a message is queued before it is sent back as
## - undeliverable. Defaults to 5d (5 days)
## - Specify 0 when mail delivery should be tried only once.
## -
maximal_queue_lifetime = 3d
bounce_queue_lifetime = \$maximal_queue_lifetime
## - delay_warning_time (default: 0h)
## -
## - The time after which the sender receives a copy of the message
## - headers of mail that is still queued. To enable this feature,
## - specify a non-zero time value (an integral value plus an optional
## - one-letter suffix that specifies the time unit).
## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
## - The default time unit is h (hours).
delay_warning_time = 1d
#header_checks = pcre:/etc/postfix/header_checks
prepend_delivered_header =
forward
file
## - proxy_read_maps
## -
## - The lookup tables that the proxymap(8) server is allowed to access for the read-only service.
## -
## - Specify zero or more "type:name" lookup tables, separated by whitespace or comma. Table
## - references that don't begin with proxy: are ignored.
## -
#proxy_read_maps = \$local_recipient_maps \$mydestination \$virtual_alias_maps \$virtual_alias_domains \$virtual_mailbox_maps \$virtual_mailbox_domains \$relay_recipient_maps \$relay_domains \$canonical_maps \$sender_canonical_maps \$recipient_canonical_maps \$relocated_maps \$transport_maps \$mynetworks \$sender_bcc_maps \$recipient_bcc_maps \$smtp_generic_maps \$lmtp_generic_maps \$smtpd_sender_login_maps
# ============ Relay parameters ============
relayhost =
relay_domains =
\$mydestination
btree:/etc/postfix/relay_domains
# ============ TLS parameters ============
## - supports DNSSEC
## -
## - !! Notice !!
## - In order to support DNSSEC and DANE your resolver MUST support
## - DNSSEC too.
## -
## - If your resolver does not support DNSSEC, install "unbound".
## -
smtp_host_lookup = dns
smtp_dns_support_level = dnssec
## - Aktiviert STARTTLS für den Mailempfang
## -
## - may:
## - Opportunistic TLS. Use TLS if this is supported by the remote
## - SMTP server, otherwise use plaintext
## -
## - This overrides the obsolete parameters smtpd_use_tls and
## - smtpd_enforce_tls. This parameter is ignored with
## - "smtpd_tls_wrappermode = yes".
#smtpd_use_tls=yes
smtpd_tls_security_level=may
## - Aktiviert STARTTLS für den Mailversand
## -
## - may:
## - Opportunistic TLS: announce STARTTLS support to SMTP clients,
## - but do not require that clients use TLS encryption.
# smtp_use_tls=yes
#smtp_tls_security_level=may
smtp_tls_security_level=dane
## - 0 Disable logging of TLS activity.
## - 1 Log TLS handshake and certificate information.
## - 2 Log levels during TLS negotiation.
## - 3 Log hexadecimal and ASCII dump of TLS negotiation process.
## - 4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS.
## -
smtpd_tls_loglevel = 1
smtp_tls_loglevel = 1
smtpd_tls_cert_file = $_TLS_CERT_FILE
smtpd_tls_key_file = $_TLS_KEY_FILE
## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
## -
## - Dont't forget to create it, e.g with openssl:
## - openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024
## -
#smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
## - also possible to use 2048 key with that parameter
## -
smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
## -
## - Dont't forget to create it, e.g with openssl:
## - openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512
## -
smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
## - File containing CA certificates of root CAs trusted to sign either remote SMTP
## - server certificates or intermediate CA certificates. These are loaded into
## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
## -
smtp_tls_CAfile = $_TLS_CA_FILE
## - Directory with PEM format certificate authority certificates that the Postfix SMTP
## - client uses to verify a remote SMTP server certificate. Don't forget to create the
## - necessary "hash" links with, for example, "
## - $OPENSSL_HOME/bin/c_rehash /etc/postfix/certs".
## -
## - !! Note !!
## - To use this option in chroot mode, this directory (or a copy) must be inside
## - the chroot jail.
## -
## - Note that a chrooted daemon resolves all filenames relative to the Postfix
## - queue directory (/var/spool/postfix)
## -
#smtpd_tls_CApath = /etc/postfix/certs
# Disable SSLv2 SSLv3 - Postfix SMTP server
#
# List of TLS protocols that the Postfix SMTP server will exclude or
# include with opportunistic TLS encryption.
smtpd_tls_protocols = !SSLv2, !SSLv3
#
# The SSL/TLS protocols accepted by the Postfix SMTP server
# with mandatory TLS encryption.
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
# Disable SSLv2 SSLv3 - Postfix SMTP client
#
# List of TLS protocols that the Postfix SMTP client will exclude or
# include with opportunistic TLS encryption.
smtp_tls_protocols = !SSLv2, !SSLv3
#
# List of SSL/TLS protocols that the Postfix SMTP client will use
# with mandatory TLS encryption
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange
## - openssl > 1.0
## -
smtpd_tls_eecdh_grade = strong
# standard list cryptographic algorithm
tls_preempt_cipherlist = yes
# Disable ciphers which are less than 256-bit:
#
#smtpd_tls_mandatory_ciphers = high
#
# opportunistic
smtpd_tls_ciphers = high
# Exclude ciphers
#smtpd_tls_exclude_ciphers =
# RC4
# aNULL
# SEED-SHA
# EXP
# MD5
smtpd_tls_exclude_ciphers =
aNULL
eNULL
EXPORT
DES
RC4
MD5
PSK
aECDH
EDH-DSS-DES-CBC3-SHA
EDH-RSA-DES-CDC3-SHA
KRB5-DE5
CBC3-SHA
smtpd_tls_session_cache_database = btree:\${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:\${data_directory}/smtp_scache
#======= SASL Authentification ============
smtpd_sasl_auth_enable = yes
smtpd_sasl_type=dovecot
smtpd_sasl_path=private/dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yes
broken_sasl_auth_clients = yes
## - Optional lookup table with the SASL login names that own
## - sender (MAIL FROM) addresses.
smtpd_sender_login_maps =
#======= Virtual mailboxes ============
## - Local Mailboxes
## -
virtual_mailbox_base = /var/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
## - virtual_transport
## - =================
## -
## - using postfix
## - virtual_transport = virtual
## -
## - using dovecot lda
## - virtual_transport = dovecot
## -
## - using dovecot's lmtp service
## - virtual_transport = lmtp:unix:private/dovecot-lmtp
## -
virtual_transport = virtual
virtual_mailbox_maps =
virtual_mailbox_domains =
## - Optional lookup tables that alias specific mail addresses or domains
## - to other local or remote address. The table format and lookups are
## - documented in virtual(5). For an overview of Postfix address
## - manipulations see the ADDRESS_REWRITING_README document.
## -
virtual_alias_maps =
## - mailman
#hash:/var/lib/mailman/data/virtual-mailman
## - Postfix is final destination for the specified list of virtual alias
## - domains, that is, domains for which all addresses are aliased to addresses
## - in other local or remote domains. The SMTP server validates recipient
## - addresses with \$virtual_alias_maps and rejects non-existent recipients.
## - See also the virtual alias domain class in the ADDRESS_CLASS_README file
## -
virtual_alias_domains =
#header_checks = pcre:/etc/postfix/header_checks
prepend_delivered_header = forward, file
#======= Restrictions ============
smtpd_recipient_restrictions =
# only special accounts (postmaster, abuse and other rolr accounts)
check_recipient_access btree:/etc/postfix/access_recipient-rfc,
# White- / Blacklisting
check_sender_access btree:/etc/postfix/access_sender,
check_recipient_access btree:/etc/postfix/access_recipient,
# permit trusted network (mynetwork)
permit_mynetworks,
# permit our users
permit_sasl_authenticated,
# dont' accept misconfigured Mail
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unlisted_recipient,
# don't accept misconfigured recipients
# RBL check - !! comment out if postcreens postscreen_dnsbl_sites is in use
# Whitelist (configured on a.ns.oopen.de
# in /opt/tinydns/root/zonefiles/dnswl.oopen.de.zone )
permit_dnswl_client dnswl.oopen.de,
# Blacklists
reject_rbl_client zen.spamhaus.org,
reject_rbl_client ix.dnsbl.manitu.net,
#reject_rbl_client bl.spamcop.net,
# March 1, 2013: NJABL is in the process of being shut down
#reject_rbl_client dnsbl.njabl.org,
# Policyd-Weight
#check_policy_service inet:127.0.0.1:12525,
# Greylisting check
#warn_if_reject,
#check_policy_service inet:127.0.0.1:10023,
# Reject the request unless one of the following is true:
#
# - Postfix is mail forwarder: the resolved RCPT TO domain matches $relay_domains
# or a subdomain thereof, and contains no sender-specified routing (user@elsewhere@domain),
#
#
# - Postfix is the final destination: the resolved RCPT TO domain matches
# $mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains,
# or $virtual_mailbox_domains, and contains no sender-specified routing (user@elsewhere@domain).
reject_unverified_recipient,
# permit Backup MX
permit_mx_backup,
# forbid all other relaying
reject_unauth_destination,
# permit, if all restrictions so far passed
permit
## - Sinve version 2.11
## -
smtpd_relay_restrictions =
# only special accounts (postmaster, abuse and other rolr accounts)
check_recipient_access btree:/etc/postfix/access_recipient-rfc,
# White- / Blacklisting
check_sender_access btree:/etc/postfix/access_sender,
check_recipient_access btree:/etc/postfix/access_recipient,
# permit trusted network (mynetwork)
permit_mynetworks,
# permit our users
permit_sasl_authenticated,
# dont' accept misconfigured Mail
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unlisted_recipient,
# don't accept misconfigured recipients
# RBL check - !! comment out if postcreens postscreen_dnsbl_sites is in use
# Whitelist (configured on a.ns.oopen.de
# in /opt/tinydns/root/zonefiles/dnswl.oopen.de.zone )
permit_dnswl_client dnswl.oopen.de,
# Blacklists
reject_rbl_client zen.spamhaus.org,
reject_rbl_client ix.dnsbl.manitu.net,
#reject_rbl_client bl.spamcop.net,
# March 1, 2013: NJABL is in the process of being shut down
#reject_rbl_client dnsbl.njabl.org,
# Policyd-Weight
#check_policy_service inet:127.0.0.1:12525,
# Greylisting check
#warn_if_reject,
#check_policy_service inet:127.0.0.1:10023,
# Reject the request unless one of the following is true:
#
# - Postfix is mail forwarder: the resolved RCPT TO domain matches $relay_domains
# or a subdomain thereof, and contains no sender-specified routing (user@elsewhere@domain),
#
#
# - Postfix is the final destination: the resolved RCPT TO domain matches
# $mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains,
# or $virtual_mailbox_domains, and contains no sender-specified routing (user@elsewhere@domain).
reject_unverified_recipient,
# permit Backup MX
permit_mx_backup,
# forbid all other relaying
reject_unauth_destination,
# permit, if all restrictions so far passed
permit
EOF
## - create directory for certificates and copy certificates
## - and coresponding keys to /etc/postfix/ssl/
## -
mkdir -p /etc/postfix/ssl
cp <zertificates and keys to> /etc/postfix/ssl/
#mkdir -p /etc/postfix/ssl/certs
## - generate DH parameters that the Postfix SMTP server should use
## - with EDH ciphers (length 512 and 1024
## -
openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512
openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024
openssl gendh -out /etc/postfix/ssl/dh_2048.pem -2 2048
## - put all CA root certs you trustet into directory /etc/postfix/certs
## - afterwards create the hashes:
## - c_rehash /etc/postfix/sslcerts
## -
## -
## - create directory for trusted root certificates and copy
## - certificates into it
## -
#mkdir -p /etc/postfix/certs
#
#c_rehash /etc/postfix/certs
#
## - Note that a chrooted daemon resolves all filenames relative to the Postfix
## - queue directory (/var/spool/postfix)
#
#mkdir -p /var/spool/postfix/etc/postfix/
#cp -a /etc/postfix/certs /var/spool/postfix/etc/postfix/
## - create files
## -
cat <<EOF > /etc/postfix/access_recipient-rfc
# if destination is ok, permit
/^postmaster\@/ permit_auth_destination
/^abuse\@/ permit_auth_destination
EOF
postmap btree:/etc/postfix/access_recipient-rfc
cat <<EOF > /etc/postfix/access_sender
## - bekannte Virus/Spam Absener blocken
## -
error@mailfrom.com REJECT
EOF
## - Notice:
## - this (access_sender) list can also be used as white list:
## - backup@b3-bornim.de OK
## - backup_file-ah@oopen.de OK
## - backup_file-spr@oopen.de OK
## - root_file_spr@oopen.de OK
## - backup_anw-urban@oopen.de OK
## - anonymous@bbb-server.b3-bornim.de OK
postmap btree:/etc/postfix/access_sender
echo > /etc/postfix/access_recipient
postmap btree:/etc/postfix/access_recipient
echo > /etc/postfix/transport
postmap btree:/etc/postfix/transport
echo > /etc/postfix/relay_domains
postmap btree:/etc/postfix/relay_domains
## - Eliminate Sender ip-address, repalce with 127.0.0.1
## -
echo '/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\)).*?([[:space:]]+).*\(Authenticated sender: ([^)]+)\)(.*)/ REPLACE Received: from [127.0.0.1] (localhost [127.0.0.1])$2(Authenticated sender: $3)$4' > /etc/postfix/header_checks
## - add to /etc/aliases
## -
## - postmaster: root
## - abuse: root
## - root: argus@oopen.de
## -
## - and execute "newaliases" to generate /etc/aliases.db
## -
newaliases
## - Configure rsyslogd to avoid writing into two logfiles (syslog, mail.log)
## -
## - !! APPEND to /etc/rsyslog.d/postfix.conf
## -
cat << EOF >> /etc/rsyslog.d/postfix.conf
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
mail.* -/var/log/mail.log
& ~
EOF
/etc/init.d/rsyslog restart
## - Create user and directory for virtual mailboxes
## -
useradd -s /bin/false -d /var/vmail -M -u 5000 vmail
mkdir /var/vmail
chown vmail:vmail /var/vmail
chmod 700 /var/vmail
## - Create Listener for user authenticated smtp connection port 587 (submission)
## - and port 465 (smtps)
## -
## - Two posibilities:
## - 1.) Do not filter outgong e-mails
## - 2.) Filter outgoing e-mails (amavis)
## -
## -------------------------------------------------------
## - Configure smtps and submission WITHOUT filtering
## - edit /etc/postfix/master.cf - and add services on
## - submissionport (587) an smtpds (465). on these ports
## - only allow authenticated users
## -
## - submission inet n - - - - smtpd
## - -o smtpd_tls_security_level=encrypt
## - -o smtpd_sasl_auth_enable=yes
## - -o smtpd_client_restrictions=permit_sasl_authenticated,reject
## - # -o milter_macro_daemon_name=ORIGINATING
## -
## - smtps inet n - - - - smtpd
## - -o smtpd_tls_wrappermode=yes
## - -o smtpd_sasl_auth_enable=yes
## - -o smtpd_client_restrictions=permit_sasl_authenticated,reject
## -
vim /etc/postfix/master.cf
## - End: Configure smtps and submission WITHOUT filtering
## -------------------------------------------------------
## -------------------------------------------------------
## - Configure smtps and submission WITH filtering
## - in file /etc/postfix/master.cf
## -
## - 1.) add to smtp entry
## -
## - smtp inet n - - - - smtpd
## - -o smtpd_proxy_filter=127.0.0.1:10024
## - -o content_filter=
## -
## - 2.) add to / create submisson entry:
## -
## - submission inet n - - - 20 smtpd
## - -o content_filter=amavisfeed:[127.0.0.1]:10024
## - -o smtpd_tls_security_level=encrypt
## - -o smtpd_sasl_auth_enable=yes
## - -o smtpd_client_restrictions=permit_sasl_authenticated,reject
## - # -o milter_macro_daemon_name=ORIGINATING
## -
## -
## - 3.) add to / create "smtps" entry
## -
## - smtps inet n - - - - smtpd
## - -o content_filter=amavisfeed:[127.0.0.1]:10024
## - -o smtpd_tls_wrappermode=yes
## - -o smtpd_sasl_auth_enable=yes
## - -o smtpd_client_restrictions=permit_sasl_authenticated,reject
## - # -o milter_macro_daemon_name=ORIGINATING
## -
## -
## - 4.) add entry "amavisfeed"
## -
## - amavisfeed unix - - n - 20 lmtp
## - -o smtp_data_done_timeout=1200
## - -o smtp_send_xforward_command=yes
## - -o disable_dns_lookups=yes
## - ...
## -
## - so it looks like:
## -
smtp inet n - - - - smtpd
-o smtpd_proxy_filter=127.0.0.1:10024
-o content_filter=
submission inet n - - - 20 smtpd
-o content_filter=amavisfeed:[127.0.0.1]:10024
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
-o content_filter=amavisfeed:[127.0.0.1]:10024
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
amavisfeed unix - - n - 20 lmtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
## - End: Configure smtps and submission WITH filtering
## -------------------------------------------------------
## --------------------------------------------------------- #
## --- Install Greylist-Daemon and configure for Postfix --- #
## --------------------------------------------------------- #
apt-get install postgrey
## - configure Postgrey-Daemon
## -
## - the default values are:
## - host: localhost (127.0.0.1)
## - port: 10023
## - delay: 300 seconds
## - max ge: 35 days
## -
## - --inet=10023 --inet=[HOST:]PORT listen on PORT, localhost if HOST is not specified
## - --delay=N how long to greylist, seconds (default: 300)
## - --max-age=N delete old entries after N days (default: 35)
## -
## - you can also specify whitelists (for client hostnames
## - and recipients)
## - see whitelist_clients and whitelist_recipients in /etc/postgrey
## -
cp /usr/share/postgrey/postgrey-default /etc/default/postgrey
## - edit /etc/default/postgrey
## -
## - set:
## - POSTGREY_OPTS="--inet=10023 --delay=149"
## -
vim /etc/default/postgrey
## - Complement the client whitelist. Put additional entries
## - into file /etc/postgrey/whitelist_clients.local
## -
## - Notice the following Problem
## - A delivery attempt runs into greylisting (because ist the first
## - time) - Thats OK. But the next delivery attempt for just the same
## - e-mail comes from another very different client-ip - and runs into
## - greylisting again, and again, and again..
## -
## - very different client-ip meens: even if stripping the last byte of
## - the ip-address, postgreys default (--lookup-by-subnet), the rest of
## - the ip-addresse ist still different.
## -
## -
cat << EOF > /etc/postgrey/whitelist_clients.local
# For Office 365 - servers:
##/.*outbound.protection.outlook.com\$/
/^mail-.*\.outbound\.protection\.outlook\.com\$/
EOF
/etc/init.d/postgrey restart
## - start at boot time
## -
update-rc.d postgrey defaults
## - /etc/postfix/main.cf
## -
## -
## - in section Restrictions, parameter smtpd_recipient_restrictions
## - uncomment add
## -
## - ceck_policy_service inet:127.0.0.1:10023,,
## -
## - Notice:
## - you can use the directive "warn_if_reject" just befor the check_policy_service
## - directive and let it
## - To bring postgrey to learn about incomming wanted emails, but not rejecting them
## - by firts arrival, you can use the directive "warn_if_reject" just befor the check_policy_service
## - directive. then the following directive "check_policy_service" will not reject, but
## - only logging.
## -
vim /etc/postfix/main.cf
/etc/init.d/postfix reload
## ------------------------- #
## --- install vacation --- #
## ------------------------- #
if [ "$_db_type" = "postgres" -o "$_db_type" = "postgresql" -o "$_db_type" = "pgsql" -o "$_db_type" = "psql" ];then
_db_type=Pg
fi
## - install prerequisites
## -
apt-get install libdbi-perl libmime-encwords-perl libemail-valid-perl \
libmail-sendmail-perl liblog-log4perl-perl libdbd-pg-perl \
libmail-sender-perl
## - If MySQL/Postgres was installed from debian package system, install also perl
## - modules "DBI" and DBD::mysql/DBD::Pg from debian package system
## -
if [ "$_db_type" = "Pg" ]; then
apt-get install libdbd-pgsql libdbd-pg-perl libdbi-perl libdbi-dev
else
apt-get install libdbd-mysql libdbd-mysql-perl libdbi-perl libdbi-dev
fi
## - If MySQL/PostgresSQL was installed from source, install perl modules "DBI" and
## - "DBD::mysql" via cpan
## -
cpan -i DBI
if [ "$_db_type" = "Pg" ]; then
cpan -i DBD::Pg
else
cpan -i DBD::mysql
fi
## - create a local accaount
## -
## - this user handles all potentially dangerous mail content - that is why it
## - should be a separate account.
## -
addgroup --system --gid 65501 vacation
adduser --system --home /var/spool/vacation --no-create-home --uid 65501 --gid 65501 --shell /usr/sbin/nologin vacation
## - create directory /var/spool/vacation
## -
mkdir /var/spool/vacation
chown vacation:vacation /var/spool/vacation
## - as perl binary, we use the vacation.pl from the postfixadmin distribution.
## -
cd /usr/local/src/mailsystem/tarballs
wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-${_pf_admin_version}/postfixadmin-${_pf_admin_version}.tar.gz
## - since postfixadmin v. 2.91 , the subject-patch i already included
#wget http://sourceforge.net/p/postfixadmin/patches/_discuss/thread/69a7ce85/b4e9/attachment/vacation.pl_SUBJECT.patch
cd /usr/local/src/mailsystem
gunzip < tarballs/postfixadmin-${_pf_admin_version}.tar.gz | tar -xf -
cd /tmp
cp /usr/local/src/mailsystem/postfixadmin-${_pf_admin_version}/VIRTUAL_VACATION/vacation.pl /tmp/
## - Add a patch
## -
## - Add capability to include the subject of the original mail in the subject of the vacation message.
## - A good vacation subject could be: 'Re: $SUBJECT'
## - Also corrected log entry about "Already informed ..." to show the $orig_from, not $email
## -
#wget http://sourceforge.net/p/postfixadmin/patches/_discuss/thread/69a7ce85/b4e9/attachment/vacation.pl_SUBJECT.patch
## - Apply the patch
## -
## - !!Note:
## - Patch is already included in version of postfixadmin distribution >= 2.91
## -
#patch -p0 /tmp/vacation.pl /usr/local/src/mailsystem/tarballs/vacation.pl_SUBJECT.patch
## - postfixadmin, version 2.91 is broken if database backend is PostgreSQL
## -
## - I have written a patch, which fixes that errors
## -
## - Note:
## - Patch seems already included in version of postfixadmin distribution >= 2.91
## -
#patch vacation.pl /usr/local/src/mailsystem/tarballs/vacation-4.0r1.pl_PGSQL.patch
## - Encoding does not work as exspected.
## -
## - NOTE:
## - this IS NOT a fix, but a workaround
## -
perl -i -n -p -e "s/(\s*\'ctype\'\s* =>\s*)\'text\/plain.*$/\1\'text\/plain; charset=iso-8859-1\',/" \
/tmp/vacation.pl
## - Copy vacation.pl into /var/spool/vacation/
## -
if [ -f /var/spool/vacation/vacation.pl ]; then
mv /var/spool/vacation/vacation.pl /var/spool/vacation/vacation.pl.`date "+%Y%m%d-%H%M"`
fi
cp vacation.pl /var/spool/vacation/
chown vacation:vacation /var/spool/vacation/vacation.pl
chmod 700 /var/spool/vacation/vacation.pl
rm /tmp/vacation.pl
## - Configure script vacation.pl
## -
## - Notice:
## - the needed tables (named vacation and vacation_notification) are createt throug
## - postfixadmin installation /setup)
## -
## - instead of changing this script, we put the needed entries
## - to file /etc/postfixadmin/vacation.conf:
## -
## - $db_type = '$_db_type';
## - $db_username = '$_db_user';
## - $db_password = '$_db_pass';
## - $db_name = '$_db_name';
## - $vacation_domain = '$_autoreply_domain';
## - $syslog = 0;
## - $log_to_file = 1;
## - $logfile = '/var/log/vacation.log';
## - $log_level = 1;
## - $interval = 60*60*24;
## -
mkdir /etc/postfixadmin/
cat <<EOF > /etc/postfixadmin/vacation.conf
\$db_type = '$_db_type';
\$db_username = '$_db_user';
\$db_password = '$_db_pass';
\$db_name = '$_db_name';
\$vacation_domain = '$_autoreply_domain';
\$syslog = 0;
\$log_to_file = 1;
\$logfile = '/var/log/vacation.log';
\$log_level = 1;
\$interval = 60*60*24;
EOF
touch /var/log/vacation.log
chown vacation:vacation /var/log/vacation.log
## - Logrotate entry for /var/log/vacation.log
## -
cat <<EOF > /etc/logrotate.d/vacation
/var/log/vacation.log {
daily
start 0
rotate 7
missingok
compress
delaycompress
notifempty
create 640 vacation vacation
copytruncate
}
EOF
## - Deprecated - Already fixed in distribution
## -
## - Fix an Error, considering syslog-functionality in vacation.pl
## -
## - replace (line 208)
## - Facility => 'mail',
## - with
## - facility => 'mail',
## -
#perl -i.ORIG -n -p -e "s#^(\s*)Facility(\s+=.*)#\1facility\2#" /var/spool/vacation/vacation.pl
## - create an entry in /etc/hosts for the (non-existant domain)
## - autoreply.warenform.de
## - add:
## -
## - 127.0.0.1 autoreply.warenform.de
## -
perl -i. -n -p -e"s#(^\s*127.0.0.1\s+localhost.*)#\1\n\n127.0.0.1 $_autoreply_domain#" /etc/hosts
vim /etc/hosts
## - Define the transport type in the Postfix master file
## - /etc/postfix/master.cf
## -
## - vacation unix - n n - - pipe
## - flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}
## -
cat <<EOF >> /etc/postfix/master.cf
vacation unix - n n - - pipe
flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f \${sender} -- \${recipient}
EOF
## - Setup the transport maps file /etc/postfix/transport
## -
## - add line:
## -
## - autoreply.warenform.de vacation:
## -
echo "$_autoreply_domain vacation:" >> /etc/postfix/transport
postmap btree:/etc/postfix/transport
## - Notice:
## - take care the entry for transport_maps in /etc/postfix/main.cf
## - contains "btree:/etc/postfix/transport"
## -
/etc/init.d/postfix reload
## --------------------------------------------------- ##
## --- Install AMaViS with ClamAV and Spamassassin --- ##
## --------------------------------------------------- ##
## - See file: amavis_clamav_sa.install
## ------------------------------ ##
## --- install dovecot server --- ##
## ------------------------------ ##
## - Use:
## - install_update_dovecot.sh
## -
## - (Old) textversion: install_dovecot+mysql.txt
## ---------------------------- ##
## --- install postfixadmin --- ##
## ---------------------------- ##
## - See file: postfixadmin.install
## ----------------------------------- ##
## --- install roundcube Webmailer --- ##
## ----------------------------------- ##
## - See file: roundcube.install
## ------------------------------------------------------ ##
## - Mailgraph - a RRDtool frontend for Mail statistics - ##
## ------------------------------------------------------ ##
apt-get install rrdtool librrds-perl libfile-tail-perl
cd /usr/local/src/mailsystem/tarballs
wget http://mailgraph.schweikert.ch/pub/mailgraph-1.14.tar.gz
gunzip < mailgraph-1.14.tar.gz | tar -xf -
cd mailgraph-1.14
cp mailgraph.pl /usr/local/bin/
cp mailgraph-init mailgraph-init.ORIG
cp mailgraph-init /etc/init.d/
chmod 755 /etc/init.d/mailgraph-init
## -------------------------------------- ##
## - some litle tests ##
## -------------------------------------- ##
## - test smtp (STARTTLS), submission (587) (STARTTLS), smtp (SSL),
## - pop3 (SSL), pop3 (STARTTLS), imap (SSL) and imap (STARTTLS)
## -
openssl s_client -crlf -starttls smtp -connect localhost:25 [-state -debug]
openssl s_client -crlf -starttls smtp -connect localhost:587
openssl s_client -crlf -connect localhost:465
openssl s_client -crlf -connect localhost:995
openssl s_client -crlf -starttls pop3 -connect localhost:110
openssl s_client -crlf -connect localhost:993
openssl s_client -crlf -starttls imap -connect localhost:143
Reference in New Issue View Git Blame Copy Permalink