|
| 發表者 |
討論內容 |
冷日
(冷日) |
發表時間:2012/5/22 6:47 |
- Webmaster
- 註冊日: 2008/2/19
- 來自:
- 發表數: 15773
|
- [轉貼]debian的postfix Hosting Multiple Domains (即是虛擬域)
- 要設置虛擬域大概有以下步驟
1。設置虛擬域(即那些是是虛擬域 )
2。設置虛擬域用戶郵件存放的地址
3。設置虛擬域用戶郵箱類型(mbox還是maildir)
4。設置postfix有權限去操作「虛擬域用戶郵件存放的地址」
5。重新啟動postfix
1.以下都是在main.cf中加入
(1)設置虛擬域,如下語句,以下語句mysosogh.com就是我的虛擬域
virtual_mailbox_domains = mysosogh.com
(2)設置虛擬域用戶郵件存放的地址(我這裡把存放虛擬域用戶郵件的地址設置為/var/spool/vmail目錄)如下語句
virtual_mailbox_base = /var/spool/vmail
(3)先設置「虛擬域用戶郵箱類型」的影射文件,等下還有設置,如下語句
virtual_mailbox_maps = hash:/etc/postfix/virtual
(4)設置postfix的權限,其實的103和104分別是postfix的uid和gid
這個如果你可以看看//etc/passwd中postfix的這2個參數,如下語句
virtual_uid_maps = static:103
virtual_gid_maps = static:104
2.
建立vmail目錄用戶存放虛擬域用戶郵件,如下語句
設置postfix有權限操作vmail目錄,因為postfix要把虛擬域用戶郵件寫在裡面哦
(不知道這樣做會不會有安全隱患),如下語句
chown postfix /var/spool/vmail
3.建立剛才的那個「虛擬域用戶郵箱類型」的影射文件
加入
sosogh@mysosogh.com mysosogh.com/sosogh/
(在sosogh後面加一個/是表示mailbox為maildir,如果沒有/ 就是mbox)
以上語句意思是發送給sosogh@mysosogh.com的郵件都放在
/var/spool/vmail/mysosogh.com/sosogh/下
4。使/etc/postfix/virtual變為hash文件
(因為我們上面設置了一句:virtual_mailbox_maps = hash:/etc/postfix/virtual)
5。重新啟動postfix
/etc/init.d/postfix restart
原文出處:debian的postfix Hosting Multiple Domains (即是虚拟域)
|
|
|
冷日
(冷日) |
發表時間:2012/5/22 6:52 |
- Webmaster
- 註冊日: 2008/2/19
- 來自:
- 發表數: 15773
|
- [轉貼]openwebmail + postfix 虛擬帳號環境建置
- [轉錄]openwebmail + postfix 虛擬帳號環境建置
落發表於19:48:54 | Linux筆記本
==============================
基本架設
1)套件安裝
#apt-get install apache-ssl
(用apache-ssl取代apache)
#apt-get install postfix openwebmail
(基本套件)
#apt-get install speedy-cgi-perl libapache-mod-speedycgi
(CGI加速套件)
#apt-get install libcompress-zlib-perl
(支援HTTP壓縮)
(支援zip壓縮及解壓縮)
#apt-get install postfix-tls libsasl2-modules sasl2-bin
(addgroup sasl,再重新啟動postfix和sasl)
#apt-get install postfix-doc
(postfix的文件)
==============================
1)設定hostname
2)設定apache-ssl
3)設定/etc/postfix/main.cf
4)將/usr/share/openwebmail/www/images複製到/var/www/openwebmail/images
==============================
1)編輯openwebmail.conf,啟動防護機制
enable_viruscheck yes
enable_spamcheck yes
enable_learnspam yes
(這三個有效)
default_filter_badformatfrom yes
default_filter_fakedsmtp yes
default_filter_fakedfrom yes
default_filter_fakedexecontenttype yes
(這四個好像沒效)
===
虛擬帳戶
原文出處http://www.creativecrap.com/index2.php?option=content&task=view&id=18&pop=1&page=2
主要實現在 OpenWebmail 上使用多重網域,同時可以使用原系統上的帳號及虛擬使用者。
虛擬使用者的好處是可以不須要在系統上擁有實際的帳號,可省掉許多安全性及設定問題。環境需求
先定好這次設定的目的
Open Webmail 安裝位置 /usr/lib/cgi-bin/openwebmail
Open Webmail 設定檔位置 /etc/openwebmail
主要的郵件主機網址: ms.domain
要新增的郵件主機虛擬網域 : ms1.domain
當使用者登入時 OWM 設定檔的處理順序是:
/etc/openwebmail/openwebmail.conf
/etc/openwebmail/sites.conf/virtual_domain
查詢是否為系統帳號
若是系統帳號,則執行 auth_unix.pl 之前,會載入:
/usr/lib/cgi-bin/openwebmailetc/auth_unix.conf.default
/usr/lib/cgi-bin/openwebmail/etc/auth_unix.conf
若不是系統帳號,則查詢是否為虛擬帳號
virtual_domain 對應的是使用者帳號的 domain
/etc/virtual/virtual_domain/passwd
是虛擬帳號,則執行 auth_vdomian.pl 之前,會載入:
/usr/lib/cgi-bin/openwebmail/etc/auth_vdomain.conf.default
/usr/lib/cgi-bin/openwebmail/etc/auth_vdomain.conf
* 如果設定到相同的變數,越後面設定值,會蓋掉先為設定值
開始 Virtual User 設定
修改 openwebmail.conf
# 設定 mail spool 位置
mailspooldir /var/spool/mail
# 設定使用者認證模組,使用系統帳號
# 系統使用者帳號不須輸入域名
# 禁止使用者自行更改 email 位址
接著就是主要的虛擬網域,虛擬使用者的部份了
1. 使用者的對應表
首先要先定義虛擬使用者的對應表 /etc/postfix/virtual
如果是主要的郵件主機,不管是不是系統帳號還是虛擬帳號,都可以不用設定
這邊只要設定虛擬域名的使用者即可
#網域 名稱
ms1.domain anything
admin@ms1.domain admin.ms1.domain
user1@ms1.domain user1.ms1.domain
不管有沒有設定,都記得重建 db 檔
postmap hash:/etc/postfix/virtual
2. 主機端的使用者 alias
新增對應的使用者名稱,及在主機上的位置
在 /etc/postfix/aliases 後面新增
# virtual users at ms.domain
# 使用者帳號: 主機端位置
# 主要郵件主機上的虛擬使用者,可以省略後面 domain 的部份
user2: /var/spool/virtual/ms.domain/user2
# virtual users at ms1.domain
# 虛擬網域上的虛擬使用者,則要以全名來定義,就是上面才設定的名稱
admin.ms1.domain /var/spool/virtual/ms1.domain/admin
user1.ms1.domain /var/spool/virtual/ms1.domain/user1
當然還是要建立 db 檔,設定才會有效
postalias hash:/etc/postfix/aliases
上面兩個設定檔完成,就完成虛擬使用者的對應該
簡單的說,當外面有一封 user1@ms.domain 的信件時,postfix 會在 /etc/postfix/virtual 找到 user1@ms1.domain 的名稱為 user1.ms1.domain,接著在 /etc/postfix/aliases 找到檔案的位置是 /var/spool/virtual/ms1.domain/user1 然後才能將信件丟到 mail spool 裡。
3. 設定群組
修改 /var/www/cgi-bin/openwebmail/etc/auth_vdomain.conf.default
postfix 預?是 nobody 或是 mail,nobody 不太建議使用就是了,這邊改 mail 吧
4. 建立目錄
上面指定了 mail spool 位置,現在就要建立這些相關的目錄
mkdir /var/spool/virtual/ms.domain
mkdir /var/spool/virtual/ms1.domain
設定 owner/group,gropu 就是步驟 3 的 "mail"
chown root.mail /var/spool/virtual/ms.domain
chown root.mail /var/spool/virtual/ms1.domain
設定屬性
chmod og+wt /var/spool/virtual/ms.domain
chmod og+wt /var/spool/virtual/ms1.domain
5. 各個網域的設定
在 /etc/openwebmail/sites.conf 建立網域的設定檔
每個網域都各自要有一個檔案,標名與網域同名
vi /etc/openwebmail/sites.conf/ms.domain
auth_module auth_vdomain.pl
auth_withdomain yes
mailspooldir /var/spool/virtual/creativecrap.com
# use_syshomedir yes 時,使用者的家目錄會在 /var/spool/mail/virutal_domain
# use_syshomedir yes 時,則是在 /var/www/cgi-bin/openwebmail/etc/users/virutal_domain
use_syshomedir yes
use_homedirspools no
enable_autoreply yes
enable_setforward no
enable_vdomain yes
# 指定這個 domain 的管理員,可以在 openwebmail 中編輯使用者,多個帳號時用逗號隔開
vdomain_admlist sysadmin
vdomain_maxuser 100
vdomain_vmpop3_pwdpath /etc/virtual
vdomain_vmpop3_pwdname passwd
vdomain_vmpop3_mailpath /var/spool/virtual
vdomain_postfix_aliases /etc/postfix/aliases
vdomain_postfix_virtual /etc/postfix/virtual
vdomain_postfix_postalias /usr/sbin/postalias
vdomain_postfix_postmap /usr/sbin/postmap
enable_strictvirtuser yes
enable_changepwd yes
enable_strictpwd no
enable_userfilter no
enable_smartfilter no
enable_webmail yes
enable_webdisk yes
enable_calendar yes
enable_sshterm no
enable_pop3 yes
vdomain_maxalias 100
case_insensitive_login yes
passwd_minlen 6
session_multilogin no
attlimit 4096
spool_limit 512000
quota_limit 512000
ms1.domain ?比照辦理吧 ~
6. 設定使用者的預設密碼吧
快完成了,先設定使用者的預設密碼吧
mkdir /etc/virtual/virtual.domain
chown -R root.mail /etc/virtual
設定密碼的指令
htpasswd -b /etc/virtual/virtual.domain/passwd user.name user.password
7. 別忘了 postfix
修改 main.cf
#
# virtual domain
#
default_privs = mail
virtual_alias_maps = hash:/etc/postfix/virtual
更改 main.cf 後,記得重新啟動 postfix
/etc/init.d/postfix restart
大功告成了~ 喔耶~
到 opebwebmail 測試一下吧,本機系統帳號,只要使用帳號登入 (ie user2)
虛擬使用者,則須使用完整的 email (ie user1@ms1.domain),在 outlook 帳號的部份?相同
vdomain_admlist 指定的帳號,可以在 openwebmail 個人偏好設定中
會多一個帳號管理的功能,往後再這邊就可以編輯使用者資料
原文出處:好物介紹: [轉錄]openwebmail + postfix 虛擬帳號環境建置 - yam天空部落
|
|
|
冷日
(冷日) |
發表時間:2012/5/22 6:55 |
- Webmaster
- 註冊日: 2008/2/19
- 來自:
- 發表數: 15773
|
- [轉貼]SMTP Gateway for Multiple Domain Email Gateway with Postfix
- SMTP Gateway for Multiple Domain Email Gateway with Postfix
Postfix, Gateway, SMTP, Domain, Multiple
Contents
* 1 Scope / Purpose
* 2 Overview
* 3 References / Links
* 4 Configuration
o 4.1 /etc/postfix/main.cf
o 4.2 /etc/postfix/master.cf
o 4.3 /etc/postfix/virtual
o 4.4 /etc/postfix/transport
o 4.5 /etc/postfix/relay_recipients
* 5 Miscellany
o 5.1 Populating relay_recipients from Active Directory
o 5.2 Hashing Databases
o 5.3 Restarting Postfix
o 5.4 Testing the Setup
Scope / Purpose
This article walks through the setup for a email gateway for multiple domains, rejects unknown email addresses, and uses a script to query valid email addresses via Active Directory.
Overview
This article describes the rationale and the setup of an external email firewall/gateway server with Postfix, a secure, high performance, and easily configurable alternative SMTP server to Sendmail.
The most common reason for this is to improve security (this applies even if you're not running Exchange). Since the email gateway theoretically only exposes its SMTP port, and will not store any emails, so even in the (ideally unlikely) event that it is compromised, any sensitive or valuable data is held elsewhere. The worst that could happen is that the attacker obtains a list of vaild email addresses for your domain(s). It can also be used for offloading services from your main email server, tasks like rejecting and filtering spam, greylisting, scanning viruses, avoiding unnecessary bandwidth, etc.
There are "articles" on the Internet that make references to simplying using the "relayhost = internalsmtp.example.com" directive. The problem with this setup is that since the external email gateway knows nothing about the internal addresses (even when configured to only accept email to @example.com), that it has to accept and forward everything and depend on the internal host to handle rejecting and bouncing messages. This might be acceptable, except if/when your domain becomes the target of a flood of spam or viruses to invalid/generated email addresses. Especially since the source and reply-to addresses of these emails are typically spoofed, each message ends up being accepted at the email gateway, forwarded to your internal server, rejected and relayed back to your email gateway, queued by the email gateway for delivery, retried repeatedly until it exceeds the nominal timeout, then bounced back to the email admin account on your internal email server. Lather, rinse and repeat that for every single message and it should be clear why you should never just use the "relayhost" directive to do this.
The "correct(tm)" way to do this, is to set up the email gateway so that it has knowledge of valid email addresses. That way, any address that doesn't exist is immediately rejected before the email gateway even gets to accept the data. This is important enough to worth being redudant. Rejecting unknown addresses not only avoids the whole loop described above, but avoids tying up your bandwidth receiving whatever data that would have been sent.
References / Links
Basically, this article is a restatement of Postfix email firewall/gateway found on Postfix.org's online configuration examples, and additionally Using Postfix relay_recipient_maps.
Configuration
This article will not cover the compiling or installation of Postfix as it's generally available or easily installed for most distributions.
As the name implies, this is the main configuration file for Postfix. One main attribute with Postfix is that the defaults generally default to something sensible, so that for the most part, outside of the parameters that need to be customized to your setup, they can be completely omitted in main.cf.
Hint: The command below will show the configuration directives that have been altered from default.
Since this is an email gateway only meant to forward email, disable local mail delivery by (Note: setting a configuration directive to empty disables it):
mydestination =
local_recipient_maps =
local_transport = error:local mail delivery is disabled
Normally, emails that originate from a host will have a from address in the form of username@hostname.example.com. However, since the email gateway cannot receive mail for local users (as disabled above), you need to set the originating domain to something sensible:
mynetworks = define which networks are allowed to relay mail through this host. Although it's meant for internal networks to be able to relay mail without having to authenticate, it can be used (abused) to include external IP addresses or networks. However, the proper solution is to set up your Postfix installation to do SASL authentication:
mynetworks =
127.0.0.0/8,
172.16.42.0/24
This section below prevents addresses such as username@subdomain.example.com to match. Explicitly define domains you wish to accept using relay_domains below.
parent_domain_matches_subdomains =
debug_peer_list,
smtpd_access_maps
relay_domains = define domains for which the email gateway will accept emails.
relay_domains =
example1.com,
example2.com,
subdomain.example.com
smtpd_recipient_restrictions = controls what the Postfix server will accept during the RCPT TO command.
smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_destination
transport_maps = holds the mappings between domains and the SMTP server where the mail gets forwarded. See /etc/postfix/transport for details.
transport_maps = hash:/etc/postfix/transport
relay_recipient_maps = points to a file that lists all of the email addresses for which the email gateway will accept mail. See /etc/postfix/relay_recipients.
relay_recipient_maps = hash:/etc/postfix/relay_recipients
show_user_unknown_table_name = controls whether Postfix returns "User unknown in relay recipient table" (default - useful for debugging only) or "User unknown" (when set to no). This configuration directive is only used in conjunction with relay_recipient_maps.
show_user_unknown_table_name = no
ven though local mail delivery is disabled, the email gateway is still supposed to accept emails to postmaster and abuse. To do so, define a virtual alias map (we'll populate the values later). See /etc/postfix/virtual for details.
virtual_alias_maps = hash:/etc/postfix/virtual
/etc/postfix/master.cf
This file basically defines services that Postfix will provide. To completely disable local mail delivery, edit /etc/postfix/master.cf and insert a # symbol in front of the local service definition:
#local unix - n n - - local
/etc/postfix/virtual
In a typical setup, /etc/aliases is used to forward mail to other account or external addresses. However, since local mail delivery is disabled, modifying /etc/aliases has no effect. This file holds the alias mappings between local addresses and actual email addresses. Note: this is only necessary because there is no local mail delivery, and that some "local" addresses ought to exist for technical correctness.
postmaster postmaster@example.com
abuse abuse@example.com
root guru@example.com
Actually, you can use this file for more than local addresses. You can forward emails from ex-users to their new emails addresses, create simple distribution lists, or copy an email to another user, etc.
virtualuser@example.com actualuser@example1.com
distribution@example.com user1@example.com,user2@example.com,user3@example.com
ex_user@example2.com forwarding_address@dom.ain
user@example.com user@example.com,spy@example.com
/etc/postfix/transport
This file defines the relationship between domains and the server(s) where mail is forwarded.
example1.com smtp:insidesmtp.example.com
example2.com smtp:insidesmtp.example.com
subdomain.example.com smtp:insidesmtp.example.com
/etc/postfix/relay_recipients
This file folds a complete list of email address for which the email gateway will accept mail. Even though you have to enter the values as a pair (key & value), the second part (the value) doesn't actually matter as long as the email addresses are correct.
user1@example1.com OK
user2@example1.com OK
user1@example2.com OK
user2@example2.com OK
user1@subdomain.example.com OK
user2@subdomain.example.com OK
Miscellany
Populating relay_recipients from Active Directory
Note that this script requires perl and Net:DAP. However, this does NOT have to be on your email gateway.
* Download http://www-personal.umich.edu/~m ... ostfix/getadsmtp.pl
* Edit the script so that values below are correct:
$VALID = "/etc/postfix/relay_recipients";
$dc1="domaincontroller1.example.com";
$dc2="domaincontroller2.example.com";
$hqbase="cn=Users,dc=example,dc=com";
$user="cn=user,cn=Users,dc=example,dc=com";
$passwd="password";
* Note that if you have email distribution lists that need to be externally accesible, that you will also need the contents of:
$hqbase="ou=Exchange Distribution Lists,dc=example,dc=com";
Hashing Databases
Postfix uses the db hash format by default. For this setup, we need to create the hashed db files by executing:
postmap hash:/etc/postfix/virtual
postmap hash:/etc/postfix/transport
postmap hash:/etc/postfix/relay_recipients
Note: remember to rerun the above commands every time the contents of those files change.
Restarting Postfix
The preferred way of getting Postfix to reload its configuration files is simply execute:
Testing the Setup
While it's possible to just lob emails at your new email gateway, it might be easier to connect to it directly using telnet. Note: The following is a transcript. The lines not preceded by numbers (SMTP result codes) are commands that you would type. Also, make sure that you do not test from an IP address that belongs to a range defined by mynetworks = in /etc/postfix/main.cf. If it's included in that range, the email gateway will simply accept the mail and try to deliver it. Also, to make troubleshooting easier, use your real email address instead of testadmin@example1.com so that the bounces will be delivered to you.
telnet emailgateway.example.com smtp
220 emailgateway.example.com ESMTP Postfix
EHLO localhost
250-emailgateway.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250 8BITMIME
MAIL FROM: <testadmin@example1.com>
250 Ok
RCPT TO: <unknown@unknowndomain.com>
554 <unknown@unknowndomain.com>: Relay access denied
RCPT TO: <unknown@example1.com>
554 <unknown@example.com>: Relay access denied
RCPT TO: <user1@example1.com>
250 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: test
test 1 2 3
.
250 Ok: queued as 5152A39097
QUIT
221 Bye
http://www.knowplace.org/pages/howtos/smtp_gateway_for_multiple_domains_with_postfix.php
原文出處:SMTP Gateway for Multiple Domain Email Gateway with Postfix - Postfix - 开源邮件技术社区 开源mail,开源邮件,tmail,邮件服务器,mailserver,邮件系统,Tmail,postfix,courier,webmail,linux,Freebsd|Linux维护|Linux代维|成都Linux维护|成都Linux代维
|
|
|
|
|
|
