The FreeBSD FAQ - The Power to Help
The FreeBSD FAQ - The Power to Help
This site is Powered by PAR Teleon

S E Ç Õ E S
B U S C A
+
D E S T A Q U E
CONTATO
PÁGINA ANTIGA
TELEON INTERNET
E N Q U E T E
Se apos a conclusao, a traducao da documentacao oficial do FreeBSD, fosse impressa em livro, voce:

Usaria apenas a documentacao na internet como referencia.Faria o download de toda a documentacao na internet e imprimiria eu mesmo.
Compraria o livro, para te-lo em maos, mas usaria a referencia na internet com maior frequencia do que o livro.Compraria o livro, e seria minha unica referencia.
Compraria varias copias do livro e daria de presente a varias pessoas que deveriam ser devidamente catequisadas.







Jean M. Melo © - 2001
Todos os direitos reservados






H O W   T O 


Índice


03/10/05 11:38 - Instalando Postfix +MySQL+Postfixadmin +SPF+smtp-autenticado+amavisd-new+clamav+squirrelmail


Márcio Luciano Donada


Instalando MySQL
# cd /usr/ports/database/mysql40-server
# make install clean clean-depends
# ee /etc/rc.conf
mysql_enable="YES"

Utilize o mysqladmin (http://dev.mysql.com/doc/mysql/en/mysqladmin.html)  para dar 
uma senha ao seu usuário root, administrador do MySQL
# mysqladmin -u root password sua_senha_aqui

Instalando o courier-imap (Selecione, no menu que irá aparecer os itens
 OpenSSL, TRASHQUOTA, AUTH_MYSQL)
# cd /usr/ports/mail/courier-imap
# make install clean clean-depends

Instalando apache2
# cd /usr/ports/www/apache2
# make install clean clean-depends

Instalando o PHP4 (selecione MySQL, além das que já vem por default no
 ports)
# cd /usr/ports/lang/php4-extencions/
# make install clean clean-depends
# cd /usr/local/etc/
# mv php.ini-recomended php.ini

Instalando o postfixadmin
# cd /usr/ports/mail/postfixadmin
# make install clean clean-depends

# cd /usr/local/etc/apache2
# ee httpd.conf

#PHP
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

Alias /postfixadmin/ "/usr/local/www/postfixadmin/"

        Options Indexes
        AllowOverride AuthConfig


-- fim do httpd.conf --

# htpasswd /usr/local/www/postfixadmin/admin/.htpasswd admin
New password:
Re-type new password:
Adding password for user admin

# apachectl start
# cd /etc
# ee rc.conf
apache2_enable="YES"

# ee /usr/local/www/postfixadmin/config.inc.php
$CONF['default_language'] = 'pt-BR';

$CONF['database_type'] = 'mysql';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfixadmin';
$CONF['database_password'] = 'PasswordPostfixadmin';
$CONF['database_name'] = 'postfix';

$CONF['admin_email'] = 'postmaster@slchapeco.org';

$CONF['smtp_server'] = "localhost";
$CONF['smtp_port'] = "25";

$CONF['encrypt'] = 'md5crypt';

$CONF['generate_password'] = 'NO';

$CONF['page_size'] = '10';


$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';

$CONF['aliases'] = '10';
$CONF['mailboxes'] = '10';
$CONF['maxquota'] = '10';

$CONF['quota'] = 'YES';

$CONF['quota_multiplier'] = '102400';

$CONF['vacation'] = 'NO';

$CONF['alias_control'] = 'NO';

$CONF['logging'] = 'YES';

$CONF['logo'] = 'YES';
$CONF['header_text'] = ':: Welcome to Postfix Admin ::';

$CONF['show_footer_text'] = 'YES';
$CONF['footer_text'] = 'Retornar ao postfixadmin';
$CONF['footer_link'] = 'http://www.slchapeco.org/postfixadmin/';

Próximo passo é realizarmos alterações na configuração do database do postfixadmin

# ee /tmp/postfixadmin.sql

# Postfix / MySQL
#
USE mysql;
#
INSERT INTO user (Host, User, Password) VALUES ('localhost','postfix',password('PasswordPostix'));
INSERT INTO db (Host, Db, User, Select_priv) VALUES ('localhost','postfix','postfix','Y');
# Postfix Admin user & password
INSERT INTO user (Host, User, Password) VALUES ('localhost','postfixadmin',password('PasswordPostfixadmin'));
INSERT INTO db (Host, Db, User, Select_priv, Insert_priv, Update_priv, Delete_priv) VALUES ('localhost', 'postfix', 'postfixadmin', 'Y', 'Y', 'Y', 'Y');
FLUSH PRIVILEGES;
GRANT USAGE ON postfix.* TO postfix@localhost;
GRANT SELECT, INSERT, DELETE, UPDATE ON postfix.* TO postfix@localhost;
GRANT USAGE ON postfix.* TO postfixadmin@localhost;
GRANT SELECT, INSERT, DELETE, UPDATE ON postfix.* TO postfixadmin@localhost;
CREATE DATABASE postfix;
USE postfix;

#
#
CREATE TABLE admin (
  username varchar(255) NOT NULL default '',
  password varchar(255) NOT NULL default '',
  created datetime NOT NULL default '0000-00-00 00:00:00',
  modified datetime NOT NULL default '0000-00-00 00:00:00',
  active tinyint(1) NOT NULL default '1',
  PRIMARY KEY  (username),
  KEY username (username)
) TYPE=MyISAM COMMENT='Postfix Admin - Virtual Admins';
#
#
CREATE TABLE alias (
  address varchar(255) NOT NULL default '',
  goto text NOT NULL,
  domain varchar(255) NOT NULL default '',
  created datetime NOT NULL default '0000-00-00 00:00:00',
  modified datetime NOT NULL default '0000-00-00 00:00:00',
  active tinyint(1) NOT NULL default '1',
  PRIMARY KEY  (address),
  KEY address (address)
) TYPE=MyISAM COMMENT='Postfix Admin - Virtual Aliases';

#
#
CREATE TABLE domain (
  domain varchar(255) NOT NULL default '',
  description varchar(255) NOT NULL default '',
  aliases int(10) NOT NULL default '-1',
  mailboxes int(10) NOT NULL default '-1',
  maxquota int(10) NOT NULL default '-1',
  transport varchar(255) default 'virtual',
  backupmx tinyint(1) NOT NULL default '0',
  created datetime NOT NULL default '0000-00-00 00:00:00',
  modified datetime NOT NULL default '0000-00-00 00:00:00',
  active tinyint(1) NOT NULL default '1',
  PRIMARY KEY  (domain),
  KEY domain (domain)
) TYPE=MyISAM COMMENT='Postfix Admin - Virtual Domains';
#
#
CREATE TABLE domain_admins (
  username varchar(255) NOT NULL default '',
  domain varchar(255) NOT NULL default '',
  created datetime NOT NULL default '0000-00-00 00:00:00',
  active tinyint(1) NOT NULL default '1',
  KEY username (username)
) TYPE=MyISAM COMMENT='Postfix Admin - Domain Admins';
#
#
CREATE TABLE log (
  timestamp datetime NOT NULL default '0000-00-00 00:00:00',
  username varchar(255) NOT NULL default '',
  domain varchar(255) NOT NULL default '',
  action varchar(255) NOT NULL default '',
  data varchar(255) NOT NULL default '',
  KEY timestamp (timestamp)
) TYPE=MyISAM COMMENT='Postfix Admin - Log';
#
#
CREATE TABLE mailbox (
  username varchar(255) NOT NULL default '',
  password varchar(255) NOT NULL default '',
  name varchar(255) NOT NULL default '',
  home char(255) default '/home',
  maildir varchar(255) NOT NULL default '',
  quota int(10) NOT NULL default '-1',
  domain varchar(255) NOT NULL default '',
  created datetime NOT NULL default '0000-00-00 00:00:00',
  modified datetime NOT NULL default '0000-00-00 00:00:00',
  active tinyint(1) NOT NULL default '1',
  uid int(10) unsigned default '125',
  gid int(10) unsigned default '6',
  PRIMARY KEY  (username),
  KEY username (username)
) TYPE=MyISAM COMMENT='Postfix Admin - Virtual Mailboxes';#
#
#
CREATE TABLE vacation (
  email varchar(255) NOT NULL default '',
  subject varchar(255) NOT NULL default '',
  body text NOT NULL,
  cache text NOT NULL,
  domain varchar(255) NOT NULL default '',
  created datetime NOT NULL default '0000-00-00 00:00:00',
  active tinyint(1) NOT NULL default '1',
  PRIMARY KEY  (email),
  KEY email (email)
) TYPE=MyISAM COMMENT='Postfix Admin - Virtual Vacation';

-- salve o arquivo --
 
# mysql -u root -p postfix < postfixadmin.sql
enter password:

Instalando o Postfix (selecione no menu os itens SASL2, SPF, TLS, MySQL, VDA) 

# cd /usr/ports/mail/postfix
# make install clean clean-depends

Instalando o SPF
# cd /usr/ports/mail/postfix-policyd-spf
# make install clean clean-depends

Configurando o postfix
# cd /usr/local/etc/postfix
# mkdir ssl
# cd ssl
# openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650
# ee main.cf

myhostname = mx1.slchapeco.org
mydomain = slchapeco.org
myorigin = $myhostname 
mydestination = $myhostname, localhost.$mydomain, localhost mail.$mydomain inet_interfaces = all 
strict_rfc821_envelopes = yes

# Security Options
disable_vrfy_command = yes
smtpd_etrn_restrictions = permit_mynetworks, reject
smtpd_helo_required = yes
spf_explanation = "%{h} [%{i}] is not allowed to send mail for %{s}"

# SASL Configuration
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_application_name = smtpd
smtpd_sasl_security_options = noanonymous

smtpd_recipient_restrictions = permit_mynetworks,
        permit_sasl_authenticated
        reject_unauth_destination
        reject_non_fqdn_sender
        reject_non_fqdn_recipient
        reject_unknown_sender_domain
        reject_unknown_recipient_domain
        reject_invalid_hostname
        reject_non_fqdn_hostname
        reject_spf_invalid_sender
        reject_rbl_client bl.spamcop.net
        reject_rbl_client sbl-xbl.spamhaus.org
        reject_rbl_client relays.ordb.org
        reject_rbl_client opm.blitzed.org
        reject_rbl_client list.dsbl.org
        reject_rbl_client sbl.spamhaus.org
        reject_rbl_client cbl.abuseat.org
        reject_rbl_client dul.dnsbl.sorbs.net
        reject_rbl_client rbl.brasilrbl.com.br
        reject_rhsbl_client rhsbl.brasilrbl.com.br,
        reject_unknown_sender_domain,
        reject_unauth_destination,
        #SPF	
        check_policy_service unix:private/policy,
        permit

home_mailbox = Maildir/
virtual_alias_maps = mysql:/usr/local/etc/postfix/cnf/virtual_alias_maps.cnf
virtual_mailbox_base = /home
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/cnf/virtual_mailbox_maps.cnf
virtual_uid_maps = mysql:/usr/local/etc/postfix/cnf/virtual_uid_maps.cnf
virtual_gid_maps =  mysql:/usr/local/etc/postfix/cnf/virtual_gid_maps.cnf
transport_maps = mysql:/usr/local/etc/postfix/cnf/transport_maps.cnf
local_transport = virtual
local_recipient_maps = $virtual_mailbox_maps

virtual_mailbox_limit_inbox = no
virtual_mailbox_limit_maps= mysql:/usr/local/etc/postfix/cnf/virtual_mailbox_limit_maps.cnf
virtual_mailbox_limit_override = yes
virtual_maildir_extended = yes
virtual_create_maildirsize = yes
# 10Mb
virtual_mailbox_limit = 100000000 
virtual_maildir_limit_message = Aviso de Quota Excedida!
virtual_overquota_bounce = yes

# TLS
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /usr/local/etc/postfix/ssl/smtpd.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/ssl/smtpd.pem
smtpd_tls_CAfile = /usr/local/etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

# Content Filter interagindo com o Amavis via SMTP
content_filter = smtp-amavis:[127.0.0.1]:10024

-- fim main.cf --

# ee master.cf
#SPF
policy  unix  -       n       n       -       -       spawn
  user=nobody argv=/usr/local/sbin/postfix-policyd-spf

#anti-virus
## Interface for amavisd virus scanner
smtp-amavis unix -  - n - 2  smtp
      -o smtp_data_done_timeout=1200
      -o smtp_send_xforward_command=yes
      -o disable_dns_lookups=yes
      -o max_use=20

127.0.0.1:10025 inet n  - n - -  smtpd
      -o content_filter=
      -o local_recipient_maps=
      -o relay_recipient_maps=
      -o smtpd_restriction_classes=
      -o smtpd_delay_reject=no
      -o smtpd_client_restrictions=permit_mynetworks,reject
      -o smtpd_helo_restrictions=
      -o smtpd_sender_restrictions=
      -o smtpd_recipient_restrictions=permit_mynetworks,reject
      -o mynetworks_style=host
      -o mynetworks=127.0.0.0/8
      -o strict_rfc821_envelopes=yes
      -o smtpd_error_sleep_time=0
      -o smtpd_soft_error_limit=1001
      -o smtpd_hard_error_limit=1000
      -o smtpd_client_connection_count_limit=0
      -o smtpd_client_connection_rate_limit=0
      -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

#mkdir cnf
#cd cnf
#cat transport_maps.cnf
user = root
password = teste
dbname = postfix
table = domain
select_field = transport
where_field = domain
hosts = localhost

# cat virtual_alias_maps.cnf
user = root
password= teste
dbname = postfix
table = alias
select_field = goto
where_field = address
hosts = localhost

# cat virtual_gid_maps.cnf
user = root
password = teste
dbname = postfix
table = mailbox
select_field = gid
where_field = username
hosts = localhost

# cat virtual_mailbox_limit_maps.cnf
user = root
password =  teste
dbname = postfix
table = mailbox
select_field = quota
where_field = username
hosts = localhost

# cat virtual_mailbox_maps.cnf
user = root
password= teste
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
hosts = localhost

# cat virtual_uid_maps.cnf
user = postfix
password = postfix
dbname = postfix
table = mailbox
select_field = uid
where_field = username
hosts = localhost

# cd /etc
# ee rc.conf

sendmail_enable="YES"
sendmail_flags="-bd"
sendmail_pidfile="/var/spool/postfix/pid/master.pid"
sendmail_outbound_enable="NO"
sendmail_submit_enable="NO"
sendmail_msp_queue_enable="NO"


Retornando ao Courier-imap
# cd /usr/local/etc/courier-imap
# ls | awk '{system("cat " $0 " > `echo " $0 "|sed s/.dist//`")}'

# ee imapd.conf
RANDFILE = /usr/local/share/courier-imap/imapd.rand

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no

[ req_dn ]
C=BR
ST=SC
L=Chapeco
O=Courier Mail Server
OU=Automatically-generated IMAP SSL key
CN=localhost
emailAddress=postmaster@slchapeco.org



[ cert_type ]
nsCertType = server

-- fim arquivo --

# ee pop3d.cnf
RANDFILE = /usr/local/share/courier-imap/pop3d.rand

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no

[ req_dn ]
C=BR
ST=SC
L=Chapeco
O=Courier Mail Server
OU=Automatically-generated POP3 SSL key
CN=localhost
emailAddress=postmaster@slchapeco.org


[ cert_type ]
nsCertType = server

Gerando os certificados
# /usr/local/share/courier-imap/mkpop3cert
# /usr/local/share/courier-imap/mkimapdcert

Configuração da autenticação dos usuários na base de dados - MySQL
# cd /usr/local/etc/authlib/authmysqlrc
MYSQL_CRYPT_PWFIELD     password
MYSQL_UID_FIELD         uid
MYSQL_GID_FIELD         gid
MYSQL_LOGIN_FIELD       username
MYSQL_HOME_FIELD        home
MYSQL_NAME_FIELD        name
MYSQL_MAILDIR_FIELD     maildir
MYSQL_QUOTA_FIELD       quota
MYSQL_WHERE_CLAUSE      active=1
-- fim arquivo --

Iniciando os serviços
#sh /usr/local/libexec/courier-imap/imapd.rc start
#sh /usr/local/libexec/courier-imap/pop3d.rc start

Iniciando os serviços com suporte SSL
#sh /usr/local/libexec/courier-imap/imapd-ssl.rc start
#sh /usr/local/libexec/courier-imap/pop3d-ssl.rc start

#sockstat -4
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS      
root     	   couriertcp   18514   6    tcp4      *:993                 *:*
root          couriertcp   18501  6     tcp4      *:995                 *:*

# cd /etc
# ee rc.conf
courier_authdaemond_enable="YES" 
courier_imap_imapd_enable="YES" 
courier_imap_pop3d_enable="YES" 
courier_imap_imapd_ssl_enable="YES" 
courier_imap_pop3d_ssl_enable="YES" 

Instalando o cyrus-sasl2
# cd /usr/ports/security/cyrrus-sasl2
# fetch http://www.viperstrike.com/~lopaka/sysadmin/cyrus-sasl-mysql-encrypt/software-sources/patch
# mv patch files/patch-lib::chkpw.c
# make -DWITH_MYSQL -DWITH_DEV_URANDOM -DWITHOUT_OTP -DWITHOUT_CRAM
 -DWITHOUT_DIGEST -DWITHOUT_NTLM install clean

# ee /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: auxprop
mech_list: plain login
sql_engine: mysql
auxprop_plugin: sql
srp_mda: md5
password_format: crypt
sql_hostnames: localhost
sql_user: postfix
sql_passwd: PasswordPostfix
sql_database: postfix
sql_select: select password from mailbox where username = '%u@%r'

Já incluimos as configurações do amavisd-new no postfix, mas devemos instalar ele
 juntamente com o clamav

Instalando o clamav
# cd /usr/ports/security/clamav
# make install clean clean-depends
# cd /usr/local/etc
# ee clamav.conf

LogFile /var/log/clamav/clamd.log
LogFileMaxSize 2M
DatabaseDirectory /usr/local/share/clamav
LocalSocket /var/amavis/clamd
FixStaleSocket
MaxDirectoryRecursion 15
User clamav
AllowSupplementaryGroups
ScanMail

# ee freshclam.conf
DatabaseDirectory /usr/local/share/clamav
UpdateLogFile /var/log/freshclam.log
LogVerbose
DatabaseOwner clamav
DatabaseMirror database.clamav.net
MaxAttempts 3
Checks 12

# mkdir /var/amavis/
# chown -R clamav:clamav /var/amavis
# chmod 750 /var/amavis
# mkdir /var/log/clamav
# touch /var/log/clamav/freshclam.log
# chown clamav:clamav /var/log/clamav/freshclam.log
# chmod 600 /var/log/clamav/freshclam.log
# touch /var/log/clamav/clamd.log
# chown clamav:clamav /var/log/clamav/clamd.log
# chmod 600 /var/log/clamav/clamd.log


Instalando o amavisd-new
# cd /usr/ports/security/amavisd-new
# make install clean clean-depends
# cd /usr/local/etc
# ee amavisd.conf

use strict;
# Section I - Essential daemon and MTA settings

# Katalog domowy AMaViS'a:
$MYHOME = '/var/amavis';
# Domena Twojego serwera:
$mydomain = 'slchapeco.org';
$daemon_user = 'clamav';
$daemon_group = 'clamav';

@local_domains_acl = ( ".$mydomain", '.slchapeco.org' );

    # Section II - MTA specific (defaults should be ok)

$unix_socketname = "$MYHOME/amavisd.sock";
$inet_socket_port = 10024;
@inet_acl = qw( 127.0.0.1 ); 

$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_BOUNCE;
$final_spam_destiny = D_REJECT;
$final_bad_header_destiny = D_PASS;

@av_scanners = (

    ['Clam Antivirus-clamd',
    &ask_daemon, ["CONTSCAN {}n", '/var/amavis/clamd'],
    qr/bOK$/, qr/bFOUND$/,
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

);

# cd /etc

# ee rc.conf
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
amavisd_enable="YES"

Instalando o Squirrelmail
# cd /usr/ports/mail/squirrelmail/
# make install clean clean-depends
# echo "Alias /webmail/ "/usr/local/www/squirrelmail/"" >> /usr/local/etc/apache2/httpd.conf
# apachectl restart
# cd /usr/local/www/squirrelmail/config
# cat config.php




Você pode utilizar o conf.pl para realizar a configuração do squirrelmail. Você pode
 utilizar plugins que estão disponíveis no www.squirrelmail.org/plugins

Abaixo, o cabeçalho de uma mensagem utilizando o servidor que acabamos de
 configurar:

Return-Path: 
X-Original-To: marcio@slchapeco.org
Delivered-To: marcio@slchapeco.org
Received: from localhost (localhost.slchapeco.org [127.0.0.1])
	by mx1.slchapeco.org (Postfix) with ESMTP id A6ABA2E
	for ; Sun, 25 Sep 2005 23:46:10 -0300 (BRT)
Received: from mx1.slchapeco.org ([127.0.0.1])
 by localhost (mx1.slchapeco.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 28156-02 for ;
 Sun, 25 Sep 2005 23:45:58 -0300 (BRT)
Received: from emperor (unknown [10.1.1.173])
	by mx1.slchapeco.org (Postfix) with SMTP id BDEA02B
	for ; Sun, 25 Sep 2005 23:45:57 -0300 (BRT)
Message-ID: <000501c5c244$81355d50$ad01010a@emperor>
Reply-To: =?iso-8859-1?Q?M=E1rcio?= 
From: =?iso-8859-1?Q?M=E1rcio?= 
To: 
Subject: teste
Date: Sun, 25 Sep 2005 23:46:32 -0300
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1506
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506
X-Virus-Scanned: amavisd-new at slchapeco.org

Qualquer dúvida entre em contato.
Márcio Luciano Donada

Márcio Luciano Donada




Entrar em contato Enviar este artigo a um amigo Preparar para impressão Índice Topo da página


 

PrincipalBusca AvançadaEnqueteContatoTeleon Internet  
Enquetes antigas | FAQ | FreeBSD Desktop | Informacoes | Links | How To