<<TableOfContents()>>


/!\ Migration dans [[ZAC/Yaoundé/Configuration/ServeurVirtualisationLeo|Léo]] terminée . Des détails sur [[https://redmine.auf.org/projects/it-bacgl/wiki/MigrationMessagerie| redmine]]

== smtp ==
 * CT 210
 * IP : 192.168.10.5 
 * Description : réception/envoi des courriels
  * postfix + postgrey + spamhaus
  * aperçu configuration postfix `postconf -n`
   * on en a profité pour brancher ce CT sur la table virtual afin de pouvoir livrer les courriels des boites locales sans passer par Montréal (''mais sera revu ultérieurement'')
{{{
root@smtp:/etc/postfix# postconf  -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
content_filter = amavisfeed:[192.168.10.6]:10024
inet_interfaces = all
mailbox_size_limit = 0
mydestination = localhost
myhostname = smtp.cm.auf.org
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128  192.168.10.7 192.168.10.9
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relay_domains = listes.cm.auf.org, cm.auf.org, cm.refer.org, listes.cm.refer.org
relayhost = 
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = permit_mynetworks,
 hash:/etc/postfix/spamhaus_ok,
 reject_rbl_client zen.spamhaus.org

smtpd_recipient_restrictions =
 permit_sasl_authenticated,
 hash:$config_directory/destinations_protegees,
 permit_mynetworks,
 reject_unauth_destination,
 check_client_access  hash:/etc/postfix/postgrey-client-ok,
 check_policy_service inet:127.0.0.1:10023

smtpd_restriction_classes = class_auf_only

smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
soft_bounce = yes
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = mysql:/etc/postfix/virtual.cf
}}}
 * /etc/postfix/transport
{{{
cm.auf.org    relay:[mail.cm.auf.org]:submission
.cm.auf.org    relay:[mail.cm.auf.org]:submission
cm.refer.org    relay:[mail.cm.auf.org]:submission
.cm.refer.org    relay:[mail.cm.auf.org]:submission
listes.cm.refer.org    relay:[listes.cm.auf.org]:smtp
listes.cm.auf.org    relay:[listes.cm.auf.org]:smtp

}}}`

== amavis ==
 * CT 211
 * IP : 192.168.10.6
 * Description : analyse du contenu des courriels.
  * amavis + clamav<<FootNote(Attention à bien avoir `clamav-daemon` installé)>> + spamassassin
  * {i} le plus possible ajouter les modifications uniquement dans le fichier `/etc/amavis/conf.d\50-user`.

{{{
use strict;
$forward_method = 'smtp:[192.168.10.5]:10025';
$notify_method = 'smtp:[192.168.10.5]:10025';
$inet_socket_bind = '192.168.10.6';
@inet_acl   = qw( 127.0.0.1 [::1]
                   192.168.10.0/24 );

@mynetworks = qw( 127.0.0.0/8 [::1]
                   192.168.10.0/24 );

@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

#------------ Do not modify anything below this line -------------
1;  # ensure a defined return
}}}


== mx ==
 * CT 212
 * IP : 192.168.10.7
 * Description : stockage des boîtes aux lettres  + serveur smtp sortant
  * postfix

{{{
root@mx:/var/mail/vhosts/cm.auf.org# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_size_limit = 0
message_size_limit = 10240000
mydestination = mx, localhost.localdomain, localhost
myhostname = mail.cm.auf.org
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/16 10.45.0.0/16
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost = smtp.cm.auf.org
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = $config_directory/ssl/smtp.cm.auf.org-cert.pem
smtpd_tls_key_file = $config_directory/ssl/smtp.cm.auf.org-key.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = mysql:/etc/postfix/virtual.cf
virtual_gid_maps = static:889
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_domains = cm.auf.org cm.refer.org
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 889
virtual_transport = dovecot
virtual_uid_maps = static:889
}}}

  * `/etc/postfix/transport`
{{{
listes.cm.refer.org    relay:[listes.cm.auf.org]:smtp
listes.cm.auf.org    relay:[listes.cm.auf.org]:smtp
}}}
  * `/etc/postfix/virtual.cf`
{{{
hosts = sql.cm.auf.org
user = seeUseeMe
password = waitAndSee :)
dbname = messagerie
query = SELECT destination FROM virtual
 WHERE user='%u' AND domain='%d' AND actif=1
}}}

  * dovecot -n

{{{


# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.2 
auth_mechanisms = plain login
auth_verbose = yes
default_process_limit = 120
first_valid_gid = 889
first_valid_uid = 889
last_valid_gid = 889
last_valid_uid = 889
mail_fsync = never
mail_gid = vmail
mail_location = maildir:~/Maildir
mail_privileged_group = mail
mail_uid = vmail
maildir_very_dirty_syncs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = 
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
plugin {
  sieve = ~/dovecot.sieve
  sieve_before = /var/lib/dovecot/sieve/discard-spams.sieve
  sieve_dir = ~/sieve
}
protocols = " imap sieve sieve"
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
  unix_listener auth-master {
    group = vmail
    mode = 0666
    user = vmail
  }
  user = root
}
service imap-login {
  inet_listener imap {
    port = 0
  }
}
service managesieve-login {
  process_limit = 250
}
ssl = required
ssl_cert = </etc/ssl/certs/mail.cm.auf.org-cert.pem
ssl_key = </etc/ssl/private/mail.cm.auf.org-key.pem
userdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
verbose_proctitle = yes
protocol lda {
  hostname = mail.cm.auf.org
  mail_plugins = sieve
  postmaster_address = postmaster@cm.auf.org
  quota_full_tempfail = yes
}
protocol sieve {
  managesieve_notify_capability = mailto
  managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
}


}}}

/!\ Avec dovecot 2, il faut installer : dovecot-imapd dovecot-managesieved dovecot-sieve dovecot-mysql

 * `/etc/postfix/transport`
{{{
listes.cm.refer.org mailman:
listes.cm.auf.org mailman:
}}}

 * des ajustements dans les fichiers du dossier `/etc/mailman` tenant compte du fait qu'on place les adresses des listes sur ... listes.cm.(auf|refer).org

----