WikiTeki /  Modifications de « ZAC/Yaoundé/Configuration/Messagerie »

Migration dans Léo terminée . Des détails sur redmine

smtp

• CT 210
• IP : 192.168.10.5
• Description : réception/envoi des courriels
  • postfix + postgrey + spamhaus

  • aperçu configuration postfix postconf -n

    • on en a profité pour brancher ce CT sur la table virtual afin de pouvoir livrer les courriels des boites locales sans passer par Montréal (mais sera revu ultérieurement)

root@smtp:/etc/postfix# postconf  -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
content_filter = amavisfeed:[192.168.10.6]:10024
inet_interfaces = all
mailbox_size_limit = 0
mydestination = localhost
myhostname = smtp.cm.auf.org
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128  192.168.10.7 192.168.10.9
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relay_domains = listes.cm.auf.org, cm.auf.org, cm.refer.org, listes.cm.refer.org
relayhost = 
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = permit_mynetworks,
 hash:/etc/postfix/spamhaus_ok,
 reject_rbl_client zen.spamhaus.org

smtpd_recipient_restrictions =
 permit_sasl_authenticated,
 hash:$config_directory/destinations_protegees,
 permit_mynetworks,
 reject_unauth_destination,
 check_client_access  hash:/etc/postfix/postgrey-client-ok,
 check_policy_service inet:127.0.0.1:10023

smtpd_restriction_classes = class_auf_only

smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
soft_bounce = yes
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = mysql:/etc/postfix/virtual.cf

• /etc/postfix/transport

cm.auf.org    relay:[mail.cm.auf.org]:submission
.cm.auf.org    relay:[mail.cm.auf.org]:submission
cm.refer.org    relay:[mail.cm.auf.org]:submission
.cm.refer.org    relay:[mail.cm.auf.org]:submission
listes.cm.refer.org    relay:[listes.cm.auf.org]:smtp
listes.cm.auf.org    relay:[listes.cm.auf.org]:smtp

`

amavis

• CT 211
• IP : 192.168.10.6
• Description : analyse du contenu des courriels.

  • amavis + clamav¹ + spamassassin

  • le plus possible ajouter les modifications uniquement dans le fichier /etc/amavis/conf.d\50-user.

use strict;
$forward_method = 'smtp:[192.168.10.5]:10025';
$notify_method = 'smtp:[192.168.10.5]:10025';
$inet_socket_bind = '192.168.10.6';
@inet_acl   = qw( 127.0.0.1 [::1]
                   192.168.10.0/24 );

@mynetworks = qw( 127.0.0.0/8 [::1]
                   192.168.10.0/24 );

@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

#------------ Do not modify anything below this line -------------
1;  # ensure a defined return

mx

• CT 212
• IP : 192.168.10.7
• Description : stockage des boîtes aux lettres + serveur smtp sortant
  • postfix

root@mx:/var/mail/vhosts/cm.auf.org# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
message_size_limit = 10240000
mydestination = mx, localhost.localdomain, localhost
myhostname = mail.cm.auf.org
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/16 10.45.0.0/16
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost = smtp.cm.auf.org
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = $config_directory/ssl/smtp.cm.auf.org-cert.pem
smtpd_tls_key_file = $config_directory/ssl/smtp.cm.auf.org-key.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = mysql:/etc/postfix/virtual.cf
virtual_gid_maps = static:889
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_domains = cm.auf.org cm.refer.org
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 889
virtual_transport = dovecot
virtual_uid_maps = static:889

• /etc/postfix/transport

listes.cm.refer.org    relay:[listes.cm.auf.org]:smtp
listes.cm.auf.org    relay:[listes.cm.auf.org]:smtp

• /etc/postfix/virtual.cf

hosts = sql.cm.auf.org
user = seeUseeMe
password = waitAndSee :)
dbname = messagerie
query = SELECT destination FROM virtual
 WHERE user='%u' AND domain='%d' AND actif=1

• dovecot -n

# 1.2.15: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-17-pve x86_64 Debian 6.0.6 
log_timestamp: %Y-%m-%d %H:%M:%S 
protocols: imaps managesieve
listen(default): *
listen(imap): *
listen(managesieve): *:4190, [::]:4190
ssl: required
ssl_cert_file: /etc/ssl/certs/mail.cm.auf.org-cert.pem
ssl_key_file: /etc/ssl/private/mail.cm.auf.org-key.pem
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(managesieve): /usr/lib/dovecot/managesieve-login
verbose_proctitle: yes
first_valid_uid: 889
last_valid_uid: 889
first_valid_gid: 889
last_valid_gid: 889
mail_privileged_group: mail
mail_uid: vmail
mail_gid: vmail
mail_location: maildir:~/Maildir
fsync_disable: yes
maildir_copy_preserve_filename: yes
maildir_very_dirty_syncs: yes
mbox_write_locks: fcntl dotlock
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(managesieve): /usr/lib/dovecot/managesieve
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve
lda:
  postmaster_address: postmaster@cm.auf.org
  hostname: mail.cm.auf.org
  mail_plugins: sieve
  quota_full_tempfail: yes
auth default:
  mechanisms: plain login
  verbose: yes
  debug: yes
  debug_passwords: yes
  passdb:
    driver: sql
    args: /etc/dovecot/dovecot-sql.conf
  userdb:
    driver: sql
    args: /etc/dovecot/dovecot-sql.conf
  socket:
    type: listen
    client:
      path: /var/spool/postfix/private/auth
      mode: 432
      user: postfix
      group: postfix
    master:
      path: /var/run/dovecot/auth-master
      mode: 384
      user: vmail
      group: vmail
plugin:
  sieve: ~/dovecot.sieve
  sieve_before: /var/lib/dovecot/sieve/discard-spams.sieve

• /etc/dovecot/dovecot-sql.conf

driver = mysql

connect = host=sql.cm.auf.org dbname=messagerie user=oneMoreTime password=seeMeseeU

default_pass_scheme = CRYPT

password_query = SELECT user, password FROM auth WHERE user='%u'

user_query = SELECT homedir AS home, 889 AS uid, 889 AS gid FROM mailbox \
   WHERE user='%u' OR (user='%n' AND domain='%d')

listes

• CT 213
• IP : 192.168.10.9
• Description : serveur de listes de diffusion
  • postfix + mailman

• sortie de postconf -n

append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
mydestination = localhost
mydomain = listes.cm.auf.org
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relay_recipient_maps = hash:/var/lib/mailman/data/virtual-mailman
relayhost = cm.auf.org
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = mysql:/etc/postfix/virtual.cf

• /etc/postfix/transport

listes.cm.refer.org mailman:
listes.cm.auf.org mailman:

• des ajustements dans les fichiers du dossier /etc/mailman tenant compte du fait qu'on place les adresses des listes sur ... listes.cm.(auf|refer).org