Postfix Dovecot Pam

* master.cf *

xxx.xxx.xxx.xxx = ipadresse; um den smtp server auf eine ip zu binden

xxx.xxx.xxx.xxx:smtp        inet  n       -       -       -       -       smtpd

dovecot unix    -       n       n       -       -      pipe
  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}

* virtual_domains *

example.net ACCEPT
domain.com  ACCEPT

postmap /etc/postfix/virtual_domains

* main.cf *

myhostname = mail.example.net
myorigin = /etc/mailname

virtual_mailbox_domains         = hash:/etc/postfix/virtual_domains
virtual_mailbox_base            = /srv/vmail

virtual_uid_maps                = static:8
virtual_gid_maps                = static:8

virtual_transport               = dovecot

dovecot_destination_recipient_limit = 1

mydestination = localhost
mynetworks = 127.0.0.0/8,

smtpd_banner = $myhostname ESMTP Mailserver

mailbox_size_limit = 512000000
message_size_limit = 10240000

smtpd_sender_restrictions = reject_unknown_address
smtpd_client_restrictions = reject_invalid_hostname

smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_invalid_hostname,
        permit

smtpd_recipient_restrictions =
        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        reject_unauth_destination,
        permit_mynetworks,
        reject_rbl_client list.dsbl.org,
        reject_rbl_client sbl-xbl.spamhaus.org,
        reject_rbl_client cbl.abuseat.org,
        reject_rbl_client dul.dnsbl.sorbs.net,
        permit

strict_rfc821_envelopes = yes

home_mailbox = mails/

#smtpd_tls_cert_file = /etc/postfix/mail.csr
#smtpd_tls_key_file = /etc/postfix/mail.key

smtpd_use_tls = yes
smtpd_enforce_tls = no
smtpd_tls_auth_only = no

smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20

# http://www.mailscanner.info
header_checks = regexp:/etc/postfix/header_checks
body_checks surf to http://www.malware.com.br

* /etc/postfix/header_checks *

/^Received:/ HOLD
/^X-Spam-Level: (\*){8,}/   REDIRECT sa-spam

* dovecot.cf *

base_dir = /var/run/dovecot/
#log_path = /var/log/dovecot.log
protocols = imap
ssl_disable = no
verbose_proctitle = yes
#first_valid_uid = 3000
#last_valid_uid = 3000
#first_valid_gid = 8
#last_valid_gid = 8
#valid_chroot_dirs = /var/mail
mail_location = maildir:~/Maildir
maildir_copy_with_hardlinks = yes

#protocol imap {
#}

auth_verbose = yes

auth default {
        socket listen {
                master {
                path = /var/run/dovecot/auth-master
                mode = 0600
                user = vmail
                }
        }
        mechanisms = plain login
        passdb pam {
        }
        userdb static {
          args = uid=vmail gid=vmail home=/srv/vmail/%u
        }
}

protocol lda {
        postmaster_address = host@example.net
}

* addmailuser.sh *

#!/bin/sh -x

echo "usage: $0 <newusername>"

mkdir /srv/vmail/$1
maildirmake /srv/vmail/$1/Maildir
chown vmail:vmail /srv/vmail/$1 -R

htpasswd /etc/dovecot/dovecot.passwd $1

* pam.d/dovecot *

aptitude install libpam_pwdfile

#%PAM-1.0

auth required pam_pwdfile.so pwdfile=/etc/dovecot/dovecot.passwd debug

session sufficient pam_permit.so
account sufficient pam_permit.so

#@include common-auth
#@include common-account
#@include common-session
aptitude install policyd-weight

postgrey-unter-debian-einrichten

MailScanner Debian-package

MailScanner With Postfix on Etch

Add Anti-Virus support to MailScanner

Um noch den Usern zu ermöglichen ihre Mails über den Server zu relayen sollte man eine SMTP Authentifizierung benutzen. Falls die Clients statisce IPs besitzen kann man diese natürlich auch in der main.cf unter my_networks eintragen. Wie eine mögliche SMTP Auth ausehen kann findet sich unter LittleMailserverSMTP