Mailserver-Best-Practice: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
|||
| (28 dazwischenliegende Versionen von 3 Benutzern werden nicht angezeigt) | |||
| Zeile 5: | Zeile 5: | ||
=Install Postfix= | =Install Postfix= | ||
*apt-get install postfix | *apt-get install postfix | ||
| − | |||
| − | |||
| − | |||
=Postfix Service Handling= | =Postfix Service Handling= | ||
*systemctl start postfix.service | *systemctl start postfix.service | ||
| Zeile 16: | Zeile 13: | ||
*/etc/postfix/master.cf | */etc/postfix/master.cf | ||
*/etc/postfix/main.cf | */etc/postfix/main.cf | ||
| − | =Install | + | =SSL Verschlüsselung= |
| − | *apt-get install | + | ==Install letsencrypt== |
| + | *[[Letsencrpyt Ubuntu 16.04]] | ||
| + | *crontab -e | ||
| + | 0 */6 * * * /usr/bin/certbot renew --no-self-upgrade --pre-hook "systemctl stop postfix; systemctl stop dovecot" --post-hook "systemctl start postfix ; systemctl start dovecot" | ||
| + | |||
| + | ==master.cf changed== | ||
| + | <pre> | ||
| + | smtps inet n - y - - smtpd | ||
| + | -o smtpd_tls_wrappermode=yes | ||
| + | -o smtpd_sasl_auth_enable=yes | ||
| + | -o smtpd_relay_restrictions=permit_sasl_authenticated,reject | ||
| + | </pre> | ||
| + | ==main.cf== | ||
| + | <pre> | ||
| + | smtpd_tls_cert_file = /etc/letsencrypt/live/yyy.tuxmen.de/fullchain.pem | ||
| + | smtpd_tls_key_file = /etc/letsencrypt/live/yyy.tuxmen.de/privkey.pem | ||
| + | smtpd_tls_security_level = may | ||
| + | smtpd_tls_received_header = yes | ||
| + | </pre> | ||
| + | |||
| + | =Sasl2 over Dovecot= | ||
| + | */etc/postfix/main.cf | ||
| + | smtpd_sasl_auth_enable = yes | ||
| + | smtpd_sasl_type = dovecot | ||
| + | smtpd_sasl_path = private/auth | ||
| + | smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination | ||
| + | =Dovecot= | ||
| + | ==Install== | ||
| + | *apt-get install dovecot-core dovecot-imapd | ||
| + | |||
| + | ==Config== | ||
| + | */etc/dovecot/conf.d/10-ssl.conf | ||
| + | ssl = yes | ||
| + | ssl_cert = </etc/letsencrypt/live/yyy.tuxmen.de/fullchain.pem | ||
| + | ssl_key = </etc/letsencrypt/live/yyy.tuxmen.de/privkey.pem | ||
| + | */etc/dovecot/conf.d/10-mail.conf | ||
| + | mail_location = maildir:~/Maildir | ||
| + | */etc/dovecot/conf.d/10-master.conf | ||
| + | <pre> | ||
| + | service auth { | ||
| + | unix_listener auth-userdb { | ||
| + | #mode = 0666 | ||
| + | #user = | ||
| + | #group = | ||
| + | } | ||
| + | unix_listener /var/spool/postfix/private/auth { | ||
| + | mode = 0666 | ||
| + | } | ||
| + | } | ||
| + | </pre> | ||
| + | |||
| + | =Restart= | ||
| + | *systemctl restart postfix | ||
| + | *systemctl restart dovecot | ||
| + | |||
| + | =Tables= | ||
| + | <pre> | ||
| + | mydestination = $myhostname, yaphit.tuxmen.de, localhost.tuxmen.de, localhost , hash:/etc/postfix/mydestinations | ||
| + | alias_maps = hash:/etc/aliases | ||
| + | transport_maps = hash:/etc/postfix/transport | ||
| + | relocated_maps = hash:/etc/postfix/relocated | ||
| + | virtual_maps = hash:/etc/postfix/virtual | ||
| + | sender_canonical_maps = hash:/etc/postfix/canonical | ||
| + | </pre> | ||
| + | =Checks= | ||
| + | *[[SMTPS AUTH PLAIN CHECK]] | ||
| + | *[[IMAPS LOGIN CHECK]] | ||
Aktuelle Version vom 2. Oktober 2022, 19:25 Uhr
Prepare Maildirs
- mkdir -p /etc/skel/Maildir/new
- mkdir -p /etc/skel/Maildir/cur
- mkdir -p /etc/skel/Maildir/tmp
Install Postfix
- apt-get install postfix
Postfix Service Handling
- systemctl start postfix.service
- systemctl restart postfix.service
- systemctl stop postfix.service
- systemctl status postfix.service
Config of Postfix
- /etc/postfix/master.cf
- /etc/postfix/main.cf
SSL Verschlüsselung
Install letsencrypt
- Letsencrpyt Ubuntu 16.04
- crontab -e
0 */6 * * * /usr/bin/certbot renew --no-self-upgrade --pre-hook "systemctl stop postfix; systemctl stop dovecot" --post-hook "systemctl start postfix ; systemctl start dovecot"
master.cf changed
smtps inet n - y - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
main.cf
smtpd_tls_cert_file = /etc/letsencrypt/live/yyy.tuxmen.de/fullchain.pem smtpd_tls_key_file = /etc/letsencrypt/live/yyy.tuxmen.de/privkey.pem smtpd_tls_security_level = may smtpd_tls_received_header = yes
Sasl2 over Dovecot
- /etc/postfix/main.cf
smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
Dovecot
Install
- apt-get install dovecot-core dovecot-imapd
Config
- /etc/dovecot/conf.d/10-ssl.conf
ssl = yes ssl_cert = </etc/letsencrypt/live/yyy.tuxmen.de/fullchain.pem ssl_key = </etc/letsencrypt/live/yyy.tuxmen.de/privkey.pem
- /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir
- /etc/dovecot/conf.d/10-master.conf
service auth {
unix_listener auth-userdb {
#mode = 0666
#user =
#group =
}
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
}
Restart
- systemctl restart postfix
- systemctl restart dovecot
Tables
mydestination = $myhostname, yaphit.tuxmen.de, localhost.tuxmen.de, localhost , hash:/etc/postfix/mydestinations alias_maps = hash:/etc/aliases transport_maps = hash:/etc/postfix/transport relocated_maps = hash:/etc/postfix/relocated virtual_maps = hash:/etc/postfix/virtual sender_canonical_maps = hash:/etc/postfix/canonical