Diferencia entre revisiones de «PostFix»
(→Control de SPAM) |
(→SASL) |
||
(No se muestran 24 ediciones intermedias del mismo usuario) | |||
Línea 1: | Línea 1: | ||
− | == | + | = /etc/postfix/main.cf = |
− | === | + | == Base == |
+ | <pre> | ||
+ | smtpd_banner = $myhostname ESMTP $mail_name | ||
+ | biff = no | ||
+ | append_dot_mydomain = no | ||
− | + | smtpd_use_tls=yes | |
− | + | smtpd_tls_key_file=/etc/ssl/certs/server.key | |
− | + | smtpd_tls_cert_file=/etc/ssl/certs/server.crt | |
− | *[http://www. | + | smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache |
+ | smtpd_tls_received_header = yes | ||
+ | smtpd_tls_loglevel = 1 | ||
+ | |||
+ | smtpd_sasl_auth_enable = yes | ||
+ | smtpd_sasl_security_options = noanonymous | ||
+ | smtpd_sasl_local_domain = | ||
+ | broken_sasl_auth_clients = yes | ||
+ | |||
+ | smtp_use_tls = yes | ||
+ | smtp_tls_note_starttls_offer = yes | ||
+ | smtp_tls_key_file = /etc/ssl/certs/server.key | ||
+ | smtp_tls_cert_file = /etc/ssl/certs/server.crt | ||
+ | smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache | ||
+ | smtp_tls_loglevel = 1 | ||
+ | |||
+ | relayhost = | ||
+ | mynetworks = 127.0.0.0/8 | ||
+ | inet_interfaces = all | ||
+ | inet_protocols = all | ||
+ | |||
+ | virtual_mailbox_limit = 512000000 | ||
+ | message_size_limit = 20480000 | ||
+ | mailbox_size_limit = 512000000 | ||
+ | recipient_delimiter = + | ||
+ | |||
+ | myorigin = servidor1.dominio.com.ar | ||
+ | myhostname = servidor1.dominio.com.ar | ||
+ | mydestination = servidor1, servidor1.dominio.com.ar, localhost.localdomain, localhost | ||
+ | |||
+ | alias_maps = hash:/etc/aliases | ||
+ | alias_database = hash:/etc/aliases | ||
+ | |||
+ | smtpd_recipient_restrictions = | ||
+ | permit_sasl_authenticated, | ||
+ | permit_mynetworks, | ||
+ | reject_unauth_destination, | ||
+ | reject_non_fqdn_recipient, | ||
+ | reject_unknown_sender_domain | ||
+ | #check_policy_service inet:127.0.0.1:60000, | ||
+ | reject_rbl_client bl.spamcop.net, | ||
+ | reject_rbl_client sbl-xbl.spamhaus.org | ||
+ | </pre> | ||
+ | |||
+ | == Amavis-new == | ||
+ | <pre> | ||
+ | # Amavis-new | ||
+ | content_filter = amavis:[127.0.0.1]:10024 | ||
+ | receive_override_options = no_address_mappings | ||
+ | </pre> | ||
+ | |||
+ | == Cyrus == | ||
+ | <pre> | ||
+ | mailbox_transport = cyrus | ||
+ | </pre> | ||
+ | |||
+ | == Mailman == | ||
+ | And add to variable alias_maps: | ||
+ | <pre> | ||
+ | alias_maps = hash:/var/lib/mailman/data/aliases | ||
+ | </pre> | ||
+ | |||
+ | and at the end: | ||
+ | <pre> | ||
+ | # OpenLDAP + Mailman | ||
+ | virtual_alias_maps = ldap:/etc/postfix/virtualaliases.cf | ||
+ | local_recipient_maps = $alias_maps | ||
+ | </pre> | ||
+ | |||
+ | == Domainkeys == | ||
+ | <pre> | ||
+ | # Configuracion para domainkeys | ||
+ | smtpd_milters = inet:127.0.0.1:1025 | ||
+ | non_smtpd_milters = inet:127.0.0.1:1025 | ||
+ | </pre> | ||
+ | |||
+ | = /etc/postfix/master.cf = | ||
+ | == Cyrus-IMAP == | ||
+ | ;Single domain | ||
+ | <pre> | ||
+ | cyrus unix - n n - - pipe | ||
+ | flags= user=cyrus argv=/usr/sbin/cyrdeliver -r ${sender} -m ${extension} ${user} | ||
+ | </pre> | ||
+ | |||
+ | ;Multidomain domain | ||
+ | <pre> | ||
+ | cyrus unix - n n - - pipe | ||
+ | flags= user=cyrus argv=/usr/sbin/cyrdeliver -r ${sender} -m ${extension} ${original_recipient} | ||
+ | </pre> | ||
+ | |||
+ | = Postfix LDAP = | ||
+ | ;Packages | ||
+ | <pre> | ||
+ | aptitude install postfix-ldap | ||
+ | </pre> | ||
+ | |||
+ | ;/etc/postfix/virtualaliases.cf | ||
+ | <pre> | ||
+ | server_host = 127.0.0.1 | ||
+ | server_port = 389 | ||
+ | bind = yes | ||
+ | bind_dn = cn=admin,dc=dominio,dc=com,dc=ar | ||
+ | bind_pw = passwd | ||
+ | timeout = 5 | ||
+ | search_base = dc=dominio,dc=com,dc=ar | ||
+ | query_filter = (|(mail=%s)(gosaMailAlternateAddress=%s)) | ||
+ | result_attribute = gosaMailForwardingAddress,uid | ||
+ | </pre> | ||
+ | |||
+ | ;/etc/postfix/main.cf | ||
+ | Add to alias_maps the ldap option | ||
+ | <pre> | ||
+ | alias_maps = hash:/etc/aliases, ldap:/etc/postfix/virtualaliases.cf | ||
+ | </pre> | ||
+ | |||
+ | == SASL == | ||
+ | * First configure [[SASL-LDAP]] | ||
+ | |||
+ | <pre> | ||
+ | rm -r /var/run/saslauthd/ | ||
+ | mkdir -p /var/spool/postfix/var/run/saslauthd | ||
+ | ln -s /var/spool/postfix/var/run/saslauthd /var/run | ||
+ | chgrp sasl /var/spool/postfix/var/run/saslauthd | ||
+ | addgroup postfix sasl | ||
+ | </pre> | ||
+ | |||
+ | ;/etc/postfix/sasl/smtpd.conf (VALIDAR) | ||
+ | <pre> | ||
+ | pwcheck_method: saslauthd | ||
+ | mech_list: plain login | ||
+ | allow_plaintext: true | ||
+ | ############## | ||
+ | # Esta siguiente linea no es necesaria, pero evita que aparezcan errores de tipo: | ||
+ | # Mar 29 18:59:12 calculin postfix/smtpd[14647]: auxpropfunc error invalid parameter supplied | ||
+ | # Mar 29 18:59:12 calculin postfix/smtpd[14647]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb | ||
+ | # en /var/log/auth.log | ||
+ | ldapdb_uri: ldap://localhost | ||
+ | ############## | ||
+ | </pre> | ||
+ | |||
+ | == Referencias == | ||
+ | * [http://www.postfix.org/LDAP_README.html Postfix LDAP Howto] | ||
+ | |||
+ | = SPAM / Antivirus = | ||
+ | == postgrey == | ||
+ | ;Packages | ||
+ | <pre> | ||
+ | aptitude install postgrey | ||
+ | </pre> | ||
+ | |||
+ | ;/etc/postfix/master.cf | ||
+ | <pre> | ||
+ | 127.0.0.1:10025 inet n - - - - smtpd | ||
+ | -o content_filter= | ||
+ | -o local_recipient_maps= | ||
+ | -o relay_recipient_maps= | ||
+ | -o smtpd_restriction_classes= | ||
+ | -o smtpd_client_restrictions= | ||
+ | -o smtpd_helo_restrictions= | ||
+ | -o smtpd_sender_restrictions= | ||
+ | -o smtpd_recipient_restrictions=permit_mynetworks,reject | ||
+ | -o mynetworks=127.0.0.0/8 | ||
+ | -o strict_rfc821_envelopes=yes | ||
+ | -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks | ||
+ | -o smtpd_bind_address=127.0.0.1 | ||
+ | </pre> | ||
+ | |||
+ | == amavis == | ||
+ | ;/etc/postfix/master.cf | ||
+ | <pre> | ||
+ | amavis unix - - - - 2 smtp | ||
+ | -o smtp_data_done_timeout=1200 | ||
+ | -o smtp_send_xforward_command=yes | ||
+ | </pre> | ||
+ | |||
+ | ;/etc/amavis/conf.d/15-content_filter_mode | ||
+ | <pre> | ||
+ | use strict; | ||
− | = | + | @bypass_virus_checks_maps = ( |
− | + | \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); | |
− | |||
− | = | + | @bypass_spam_checks_maps = ( |
− | + | \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); | |
+ | 1; | ||
+ | </pre> | ||
Línea 56: | Línea 238: | ||
Reinicié el Postfix, y se acabó el problema. | Reinicié el Postfix, y se acabó el problema. | ||
− | == Hacer un hash local_recipient_maps == | + | =Commands= |
+ | ==Empty Postfix Mail Queue== | ||
+ | postsuper -d ALL | ||
+ | ==Hacer un hash local_recipient_maps== | ||
+ | postmap | ||
+ | = Configurar envío por servidor externo con autenticación = | ||
+ | /etc/postfix/main.cf | ||
+ | <pre><nowiki> | ||
+ | smtp_sasl_auth_enable = yes | ||
+ | smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd | ||
+ | smtp_sasl_security_options = noanonymous | ||
+ | relayhost = [mailserver.gacq.com] | ||
+ | </nowiki></pre> | ||
− | postmap | + | /etc/postfix/sasl_passwd |
+ | <pre><nowiki> | ||
+ | [mailserver.gacq.com] gacq:el_passwd | ||
+ | </nowiki></pre> | ||
+ | |||
+ | <pre><nowiki> | ||
+ | postmap /etc/postfix/sasl_passwd | ||
+ | /etc/init.d/postfix restart | ||
+ | </nowiki></pre> | ||
+ | |||
+ | == Guías de configuración == | ||
+ | * http://www.linuxmail.info/ | ||
+ | |||
+ | *[http://liyuangarcia.blogspot.com/2009_03_01_archive.html Sistema de correo electrónico sobre Linux (2009/debian)] | ||
+ | *[http://tuxjm.net/docs/mailserver-howto/index.html Servidor de Correo con dominios virtuales sobre un directorio LDAP (2006)] | ||
+ | *[http://www.linuxsilo.net/articles/postfix-mysql.html Servidor de correo con Postfix, Cyrus y MySQL administrado desde OpenMailAdmin] | ||
+ | *http://www.tribulaciones.org/docs/postfix-sasl-tls-howto.html | ||
+ | *[http://wiki.ev-15.com/debian:mail_system Installing a Mail Sytem on Debian Sarge] | ||
+ | *[http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/html/index.html Postfix-Cyrus-Web-cyradm-HOWTO] | ||
+ | *[http://www.linuxsilo.net/articles/postfix.html Configuración de un completo servidor de correo seguro con Postfix y Cyrus] | ||
+ | |||
+ | === Otros === | ||
+ | *[http://www.postfix.org/VIRTUAL_README.html Postfix Virtual Domain Hosting Howto] | ||
+ | *[http://workaround.org/articles/ispmail-sarge/ ISP-style Email Service with Debian-Sarge and Postfix 2.1] | ||
+ | |||
+ | === Sitios interesantes === | ||
+ | *http://postfixwiki.org |
Revisión actual del 09:04 13 dic 2009
Contenido
/etc/postfix/main.cf
Base
smtpd_banner = $myhostname ESMTP $mail_name biff = no append_dot_mydomain = no smtpd_use_tls=yes smtpd_tls_key_file=/etc/ssl/certs/server.key smtpd_tls_cert_file=/etc/ssl/certs/server.crt smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtpd_tls_received_header = yes smtpd_tls_loglevel = 1 smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = broken_sasl_auth_clients = yes smtp_use_tls = yes smtp_tls_note_starttls_offer = yes smtp_tls_key_file = /etc/ssl/certs/server.key smtp_tls_cert_file = /etc/ssl/certs/server.crt smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache smtp_tls_loglevel = 1 relayhost = mynetworks = 127.0.0.0/8 inet_interfaces = all inet_protocols = all virtual_mailbox_limit = 512000000 message_size_limit = 20480000 mailbox_size_limit = 512000000 recipient_delimiter = + myorigin = servidor1.dominio.com.ar myhostname = servidor1.dominio.com.ar mydestination = servidor1, servidor1.dominio.com.ar, localhost.localdomain, localhost alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_sender_domain #check_policy_service inet:127.0.0.1:60000, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org
Amavis-new
# Amavis-new content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings
Cyrus
mailbox_transport = cyrus
Mailman
And add to variable alias_maps:
alias_maps = hash:/var/lib/mailman/data/aliases
and at the end:
# OpenLDAP + Mailman virtual_alias_maps = ldap:/etc/postfix/virtualaliases.cf local_recipient_maps = $alias_maps
Domainkeys
# Configuracion para domainkeys smtpd_milters = inet:127.0.0.1:1025 non_smtpd_milters = inet:127.0.0.1:1025
/etc/postfix/master.cf
Cyrus-IMAP
- Single domain
cyrus unix - n n - - pipe flags= user=cyrus argv=/usr/sbin/cyrdeliver -r ${sender} -m ${extension} ${user}
- Multidomain domain
cyrus unix - n n - - pipe flags= user=cyrus argv=/usr/sbin/cyrdeliver -r ${sender} -m ${extension} ${original_recipient}
Postfix LDAP
- Packages
aptitude install postfix-ldap
- /etc/postfix/virtualaliases.cf
server_host = 127.0.0.1 server_port = 389 bind = yes bind_dn = cn=admin,dc=dominio,dc=com,dc=ar bind_pw = passwd timeout = 5 search_base = dc=dominio,dc=com,dc=ar query_filter = (|(mail=%s)(gosaMailAlternateAddress=%s)) result_attribute = gosaMailForwardingAddress,uid
- /etc/postfix/main.cf
Add to alias_maps the ldap option
alias_maps = hash:/etc/aliases, ldap:/etc/postfix/virtualaliases.cf
SASL
- First configure SASL-LDAP
rm -r /var/run/saslauthd/ mkdir -p /var/spool/postfix/var/run/saslauthd ln -s /var/spool/postfix/var/run/saslauthd /var/run chgrp sasl /var/spool/postfix/var/run/saslauthd addgroup postfix sasl
- /etc/postfix/sasl/smtpd.conf (VALIDAR)
pwcheck_method: saslauthd mech_list: plain login allow_plaintext: true ############## # Esta siguiente linea no es necesaria, pero evita que aparezcan errores de tipo: # Mar 29 18:59:12 calculin postfix/smtpd[14647]: auxpropfunc error invalid parameter supplied # Mar 29 18:59:12 calculin postfix/smtpd[14647]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb # en /var/log/auth.log ldapdb_uri: ldap://localhost ##############
Referencias
SPAM / Antivirus
postgrey
- Packages
aptitude install postgrey
- /etc/postfix/master.cf
127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_bind_address=127.0.0.1
amavis
- /etc/postfix/master.cf
amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes
- /etc/amavis/conf.d/15-content_filter_mode
use strict; @bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); @bypass_spam_checks_maps = ( \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); 1;
Estadisticas
Generales
awstats
# poner en /etc/cron.daily/sysklogd para que deje bien los permisos al rotar chmod 664 /var/log/mail.log
Interesantes
- Mailgraph - a RRDtool frontend for Mail statistics
- [amavis-stats - Virus statistics RRDtool frontend for Amavis]
Revisar
- Tech-note: Mail statistics for Postfix via SNMP
- Anteater - Reportes de textos, Indico usuario por usuario!
Viejos
Listas negras
Seguro que a más de uno nos ha sucedido: queremos mandar un mensaje por correo electrónico, pero el servidor donde tiene la cuenta el destinatario rechaza las conexiones de nuestro Postfix porque nuestra IP figura en una lista negra. Solucionémoslo.
No, no se trata de conseguir que nuestro proveedor (ISP) haga salir nuestra IP de esas listas negras, cuyo uso indiscriminado es en mi opinión una especie de fascismo electrónico practicado por administradores comodones.
Lo que vamos a hacer es pasarle la patata caliente al SMTP de nuestro proveedor, configurando nuestro Postfix para que enrute a través suyo el correo destinado a determinados dominios.
En primer lugar, revisaremos el fichero /etc/postfix/main.cf que, como su nombre deja entrever, es el principal de la configuración de Postfix. En él nos aseguraremos que aparece sin comentar una linea que dice transport_maps = hash:/etc/postfix/transport, es decir, que toma en cuenta el fichero /etc/postfix/transport, donde se define un tratamiento especial para determinadas direcciones de correo, que en definitiva es lo que queremos hacer. Editaremos ese fichero, incluyendo lineas del tipo:
dominiodedestino.com smtp:mta.derelay.com
para cada dominio.
Mi ISP es ONO, y uno de los dominios con los que tenía problemas era t-online.de, así que añadí la siguiente linea:
t-online.de smtp:smtp.ono.com
Reinicié el Postfix, y se acabó el problema.
Commands
Empty Postfix Mail Queue
postsuper -d ALL
Hacer un hash local_recipient_maps
postmap
Configurar envío por servidor externo con autenticación
/etc/postfix/main.cf
smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous relayhost = [mailserver.gacq.com]
/etc/postfix/sasl_passwd
[mailserver.gacq.com] gacq:el_passwd
postmap /etc/postfix/sasl_passwd /etc/init.d/postfix restart
Guías de configuración
- Sistema de correo electrónico sobre Linux (2009/debian)
- Servidor de Correo con dominios virtuales sobre un directorio LDAP (2006)
- Servidor de correo con Postfix, Cyrus y MySQL administrado desde OpenMailAdmin
- http://www.tribulaciones.org/docs/postfix-sasl-tls-howto.html
- Installing a Mail Sytem on Debian Sarge
- Postfix-Cyrus-Web-cyradm-HOWTO
- Configuración de un completo servidor de correo seguro con Postfix y Cyrus