<<TableOfContents()>>

= Mise en place de la messagerie =

 * La messagerie est répartie sur 3 CT aux noms assez significatifs : smtp, amavis et mx ... Ces serveurs ont été fraichement installés sur [[Debian/Wheezy|Wheezy]] ...
 * Certaines informations sont stockées dans une base MySQL `auth` notamment : les mots de passe, l'emplacement des boites et les alias .
  * Un tour sur [[https://redmine.auf.org/projects/it-bacgl/wiki/MigrationMessagerie | redmine]] pour avoir plus de détails sur l'origine des données et le schéma des tables. 

== smtp ==

 * CT 205
 * IP : 172.16.0.250
 * Rôle : smarthost pour tous les LAN et smtp pour l'internet
  * Utilisation de [[Postgrey]] pour  effectuer du greylisting
  * sortie de `postconf -n `
   * on utilise spamhaus.org au passage pour rejeter certains spams
   * l'envoi de courriels à certaines adresses comme <<MailTo(diffusion@cd.auf.org)>> est restreint aux adels @auf.org et @refer.org
{{{
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
class_auf_only = check_sender_access hash:$config_directory/class_auf_only reject
config_directory = /etc/postfix
content_filter = amavisfeed:[amavis.cd.auf.org]:10024
inet_interfaces = all
mailbox_size_limit = 0
message_size_limit = 3072000
mydestination = localhost
myhostname = smtp.cd.auf.org
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.16.0.0/24 196.1.137.0/24
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relay_domains = cd.auf.org cd.refer.org
relayhost =
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = permit_mynetworks, hash:/etc/postfix/spamhaus_ok, reject_rbl_client zen.spamhaus.org
smtpd_recipient_restrictions = permit_sasl_authenticated, hash:$config_directory/destinations_protegees, permit_mynetworks, reject_unauth_destination, check_client_access hash:/etc/postfix/postgrey-client-ok, check_policy_service inet:127.0.0.1:10023
smtpd_restriction_classes = class_auf_only
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = mysql:/etc/postfix/virtual.cf
}}}

== amavis ==

 * CT 205
 * IP : 172.16.0.250
 * Rôle: analyse du contenu des courriels à l'aide notamment de Clamav et Spamassassin
 * extrait de `/etc/amavis/conf.d/50-user` <<FootNote(Autant que possible, il faut mettre ses préférences dans ce fichier)>>

{{{
$myhostname = "amavis.cd.auf.org";
$forward_method = 'smtp:[smtp.cd.auf.org]:10025';
$notify_method = 'smtp:[smtp.cd.auf.org]:10025';
$inet_socket_bind = '172.16.0.249';
@inet_acl   = qw( 127.0.0.1 [::1]
                   172.16.0.0/24 );

@mynetworks = qw( 127.0.0.0/8 [::1]
                   172.16.0.0/24 );

@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

$final_spam_destiny       = D_PASS;
}}}
== mx ==

 * CT 206
 * IP : 172.16.0.249
 * Rôle : 
 * Aperçu des principaux fichiers de configuration

{{{
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
dovecot_destination_recipient_limit = 1
inet_interfaces = all
mailbox_size_limit = 0
message_size_limit = 10240000
mydestination = mx, localhost.localdomain, localhost
myhostname = mx.cd.auf.org
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.16.0.0/24 196.1.137.0/24
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost = smtp.cd.auf.org
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = $config_directory/ssl/certs/smtpsortant.cd.auf.org-cert.pem
smtpd_tls_key_file = $config_directory/ssl/private/smtpsortant.cd.auf.org-key.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = mysql:/etc/postfix/virtual.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_domains = cd.auf.org cd.refer.org
virtual_minimum_uid = 5000
virtual_transport = dovecot
virtual_uid_maps = static:5000
}}}

  * Dovecot qui s'occupe de la livraison grâce à `lda`<<FootNote(Auparavant désigné sous le nom de `deliver`)>> et filtrage des courriels grâce à Sieve.
   * La configuration s'effectue désormais dans plusieurs fichiers. La numérotation des fichiers et leur documentation permettent d'adapter dovecot à ses besoins.Attention aux permissions pour certains processus ;)
{{{
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-26-pve x86_64 Debian 7.4 
auth_mechanisms = plain login
auth_socket_path = /var/run/dovecot/auth-userdb
first_valid_gid = 5000
first_valid_uid = 5000
last_valid_gid = 5000
last_valid_uid = 5000
lda_mailbox_autocreate = yes
mail_gid = vmail
mail_location = maildir:~/Maildir
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  sieve = ~/.dovecot.sieve
  sieve_before = /var/lib/dovecot/sieve/discards-spams.sieve
  sieve_dir = ~/sieve
}
postmaster_address = root@cd.auf.org
protocols = " imap sieve"
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
  unix_listener auth-userdb {
    group = vmail
    mode = 0666
    user = vmail
  }
}
service imap-login {
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}
ssl = required
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
userdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
protocol lda {
  mail_plugins = " sieve"
}
}}}


----