ααα ααααΈααααΆα
αααα»αβα
ααβαα·ααααΆβαααΆαααΈαβαααααΎβαααα»αααβααΆβααΌαβααβα αΎα ααα»ααααβαααα»αβααΎαβααβααΆαβααΉαβαα
βαααβααα α αΎαβαααα»αβαα·αβα’αΆα
βαααααβααβααααααΆαβααααΉαααααΌαβααΆαβα
αααΎαβαα ααΌα
ααααβα αΎαβααΆαβααΆβαααα»αβαααααα
βα
α·αααβαααααβααΆαβααααα»αααβααααΆαβαααα’α·αβααΆαβαααβα’αΆα
βααααΎβαα
βααΆαα ααΆαααααα»αααααααΆααααααΉααα·ααΆααα·αααααΉαααα’αααΈ postfix, dovecot, mysql, postfixadmin ααα»αααααααααα»αααααααααΆααα’αααΈ spamassassin, clamav-milter (αααααα·ααααα clamav αααααΆαααααΆαααΈααα) postgrey ααααΌα
ααΆααααααΆαααααΆααααααααΆαα₯αααΆαααΆααα
ααΆαααα Spam (dovecot - αααα ααααααΆα) α
ααΆααααα α
ααΆααααΌα α αΌαααΎαααα‘αΎααααα αααααααΉαααααΌαααΆααααααΆααααΆαααΆα (postfix, dovecot αα·α dovecot-pigeonhole ααααΌαααααααΌαααΆαααα‘αΎαααΈα ααα, dovecot-sieve can, ααΆαααααΆααα, ααααΌαααΆαααα‘αΎαααΈαααα αα ααα»ααααααΆαααααααααΈααΆαααααα αααα»αα ααα αα·ααααααΆαα α ααα»ααααα dovecot α’αΆα αα·αααααΌαααααΆααΆαα½α dovecot- Sieve) α αααααα‘αΎααααα ααααΆααααααα
pkg install apache24 php73 mod_php73 php73-extensions php73-mysqli php73-mbstring php73-openssl clamav-milter postgrey spamassassin mysql57-server openssl wget
αααααΆααααΈααα‘αΎααα½α ααΎαααΉαααΆααααααΆααααα αΆαααΆα ααα αααα»α autostartα
#postfix ΠΈ dovecot ΡΠ°ΠΊΠΆΠ΅ Π΄ΠΎΠ±Π°Π²ΠΈΠΌ, ΡΡΠΎΠ±Ρ Π½Π΅ Π²ΠΎΠ·Π²ΡΠ°ΡΠ°ΡΡΡΡ ΠΊ ΡΡΠΎΠΌΡ ΠΏΠΎΠ·ΠΆΠ΅
sysrc postfix_enable="YES"
sysrc dovecot_enable="YES"
sysrc mysql_enable="YES"
sysrc apache24_enable="YES"
sysrc spamd_flags="-u spamd -H /var/spool/spamd"
sysrc spamd_enable="YES"
sysrc postgrey_enable="YES"
sysrc clamav_clamd_enable="YES"
sysrc clamav_milter_enable="YES"
sysrc clamav_freshclam_enable="YES"
#freshclam Π±ΡΠ΄Π΅ΠΌ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ ΠΊΠ°ΠΊ ΡΠ»ΡΠΆΠ±Ρ ΠΈ ΠΏΡΠΎΠ²Π΅ΡΡΡΡ ΠΎΠ±Π½ΠΎΠ²Π»Π΅Π½ΠΈΡ 12 ΡΠ°Π·
sysrc clamav_freshclam_flags="--daemon --checks=12"
αααα αΆααααααΎαααααΆααααα
service apache24 start
service mysql-server start
#ΠΠ΅ΡΠ΅Π΄ Π·Π°ΠΏΡΡΠΊΠΎΠΌ spamassassin Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ ΠΎΠ±Π½ΠΎΠ²ΠΈΡΡ Π±Π°Π·Ρ ΠΈ ΡΠΊΠΎΠΌΠΏΠΈΠ»ΠΈΡΠΎΠ²Π°ΡΡ ΠΏΡΠ°Π²ΠΈΠ»Π°
sa-update
sa-compile
service sa-spamd start
#ΠΡΠΏΠΎΠ»Π½ΠΈΡΠ΅ ΠΎΠ±Π½ΠΎΠ²Π»Π΅Π½ΠΈΡ Π±Π°Π· clamav ΠΏΠ΅ΡΠ΅Π΄ Π·Π°ΠΏΡΡΠΊΠΎΠΌ
freshclam
service clamav-clamd start
service clamav-freshclam start
service clamav-milter start
#ΠΠ΅ΡΠ΅Π΄ Π·Π°ΠΏΡΡΠΊΠΎΠΌ postgrey Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ ΠΎΡΡΠ΅Π΄Π°ΠΊΡΠΈΡΠΎΠ²Π°ΡΡ ΡΠΊΡΠΈΠΏ ΠΈΠ½ΠΈΡΠΈΠ°Π»ΠΈΠ·Π°ΡΠΈΠΈ(/usr/local/etc/rc.d/postgrey), Π΄Π»Ρ ΡΠΎΠ³ΠΎ ΡΡΠΎΠ±Ρ ΠΎΡΠΏΡΠ°Π²ΠΈΡΠ΅Π»ΠΈ ΠΏΠ΅ΡΠ΅Π½ΠΎΡΠΈΠ»ΠΈΡΡ Π² "Π±Π΅Π»ΡΠΉ" ΡΠΏΠΈΡΠΎΠΊ ΠΏΠΎΡΠ»Π΅ 4-Ρ
ΠΏΠΎΠΏΡΡΠΎΠΊ ΠΎΡΠΏΡΠ°Π²ΠΊΠΈ ΠΏΠΈΡΠ΅ΠΌ, Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ Π½Π°ΠΉΡΠΈ ΡΡΡΠΎΠΊΡ : ${postgrey_flags:=--inet=10023} ΠΈ ΠΏΡΠΈΠ²Π΅ΡΡΠΈ Π΅Ρ ΠΊ Π²ΠΈΠ΄Ρ:
: ${postgrey_flags:=--inet=10023 --auto-whitelist-clients=4}
service postgrey start
αα»αααααα αααααααα httpd.conf αααααΆαααααα αΆαααΆα ααααααΆαα php ααΎααααΈααααΎαααΆααααα»α apache αα·α postfixadmin ααΎααααΈααααΎαααΆαααΆαααααΉαααααΌαα
<FilesMatch ".php$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch ".phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
<IfModule dir_module>
DirectoryIndex index.php
</IfModule>
#Π ΡΠ°ΠΊΠΆΠ΅ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ ΠΈΠ·ΠΌΠ΅Π½ΠΈΡΡ Π΄ΠΎΠΌΠ°ΡΠ½ΠΈΠΉ ΠΊΠ°ΡΠ°Π»ΠΎΠ³ Π΄Π»Ρ ΠΊΠΎΡΡΠ΅ΠΊΡΠ½ΠΎΠΉ ΡΠ°Π±ΠΎΡΡ postfixadmin
DocumentRoot "/usr/local/www/apache24/data/postfixadmin-3.2/public"
αααααΆααα’αααααααΌαα αΌααα ααΆααααα―αααΆαα αΎαααΆααα postfixadmin
cd /usr/local/www/apache24/data
ααΆααα postfixadmin (αα αααααααααααααα αα α»ααααααααΊ 3.2)
wget --no-check-certificate https://sourceforge.net/projects/postfixadmin/files/postfixadmin/postfixadmin-3.2/postfixadmin-3.2.tar.gz
αααααΆααααΈααα α’αααααααΌααααααΆαααααααΆααα αααα»ααααααα αΎαααααΆααααααΌαααα αΆααααα
gzip -d postfixadmin-3.2.tar.gz
tar -xvf postfixadmin-3.2.tar
chown -R www:www /usr/local/www/apache24/data
service apache24 restart
αααααΆααααααΎαααΉααααα αααΌαααααΆααα·αααααααααααΆαα postfixadmin ααααΎαααΆαααααααΈαααα‘αΎα mysql-secure-installation (ααΆααααααααΆαααααα’ααααααααΎααααα»αααααααΈααααααΉαα αΆαααΆα αααααΌααααααΎααααα»α mysql ααΆαα½αααΉαααΆααααααααΆα’αααααααΎααααΆααααααΆααααααΌα) αααααΆααααΆαααα‘αΎαααααΌααα mysql αααααΆααααα αΌαα α αΌααα αααα»α mysql αααααΎαααΌαααααΆααα·αααααα αα·ααα·αααα·αααααΆααααΆαα
mysql -p -r
alter user 'root'@'localhost' identified by 'password123';
create database postfix;
grant all privileges on postfix.* to 'postfix'@'localhost' identified by 'password123';
exit
αααααΆααααΈααΌαααααΆααα·ααααααααααΌαααΆαααααα α’αααααααΌαααααααα½αα―αααΆα config.inc.php αααα»αα§ααΆα αααααα α―αααΆααααααΆαααΈααΆαααα αααα»ααα /usr/local/www/apache24/data/postfixadmin-3.2/ αααα»αα―αααΆααααα’αααααααΌα ααααααα½ααααααΆααααΆα αααΎα α αΎαααΆαααΆαα αααα»αα ααααΆααααααΆ αααααΆααααΈααααΆααααααΌαααΆααααααααΆααααα α αΆααααααΎα apache α‘αΎααα·α α’αααααααααΌααααααΎαααα―αααΆα templates_c αα αααα»ααα /usr/local/www/apache24/data/postfixadmin-3.2 α αΎααααααααα αΆαα www αα ααΆα :
mkdir /usr/local/www/apache24/data/postfixadmin-3.2/templates_c
chown -R www:www /usr/local/www/apache24/data/postfixadmin-3.2/templates_c
$CONF['configured'] = true
#Π΄Π°Π½Π½ΡΠΉ Ρ
ΡΡ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ ΡΠ³Π΅Π½Π΅ΡΠΈΡΠΎΠ²Π°ΡΡ Π² Π²ΡΠ± ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ΅ postfixadmin ΠΈ Π΄ΠΎΠ±Π°Π²ΠΈΡΡ Π² Π΄Π°Π½Π½ΡΡ ΡΡΡΠΎΠΊΡ.
$CONF['setup_password'] = 'dd28fb2139a3bca426f02f60e6877fd5:13d2703c477b0ab85858e3ac5e076a0a7a477315';
$CONF['default_language'] = 'ru'
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix';
#ΠΠ°ΡΠΎΠ»Ρ ΠΈ ΠΈΠΌΡ Π±Π°Π· Π΄Π°Π½Π½ΡΡ
ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΡ ΠΊΠΎΡΠΎΡΡΠ΅ ΡΠΎΠ·Π΄Π°Π» Π² Π΄Π°Π½Π½ΠΎΠΌ ΠΏΡΠΈΠΌΠ΅ΡΠ΅
$CONF['database_password'] = 'password123';
$CONF['database_name'] = 'postfix';
service apache24 restart
SSL αααααΆα
ααΎααααΈαααααΎαααΌααααα½α ααΎαααΉαααααΎαα·ααΈααΆααααααααααΆαααααΎα‘αΎααα ααΎααα ααααα postfix.org ααΆαα½αααΉαααΆααααααΎαα’αΆααααΆαααα·ααααΆαααααααααααΆαααααα½α α’αααααααΌαα αΌααα ααΆαααα /etc/ssl α αΎαααααα·ααααα·ααααααΈαα
cd /etc/ssl
/usr/local/openssl/misc/CA.pl -newca
αααα»αα’αα‘α»ααααααααΎαααΆαααααααΈα α’αααααΉαααααΌαααΆααα½αααααααααααααΆαααα·ααααΆαααααα αα»ααααα αΌαα’αααΈααΆααα’αα α α»α Enter αααααΆααααααααααΈαααΉααα½αα’αααα±αααααααΎαααΆααααααααΆαααααααΆαααα·ααααΆαααααα αααααΆααααααΉαααΆααααα½ααααααααΆααααααΆαααααααΎααα·ααααΆαααααα .
αααααΆαααα α’αααααααΌααααααΎαααα―ααα (αααααααΆαααΆααααααααΆαα) αα·ααα·ααααΆααααααααααΆααΆαααααααα·αααΆαα α»αα αααααααΆ (αααααα’αααααΆαααααα’αααααΆα (α§. ααααα) [] ααααΌααααα»αααΈα’αααΈαααααΆααααααΆαααα αααα»ααα·ααααΆαααααααααααΆααααααΎαααΆαααΎα
openssl req -new -newkey rsa:4096 -nodes -keyout foo-key.pem -out foo-req.pem
αααα α»αα αααααααΆααΎαα·ααααΆααααααααααΆααΆααα (α ααα’α»ααααα αΆαα ααα½αααααα αααΎαααΆααααα’αααααααΌαααΆα)α
openssl ca -out foo-cert.pem -days 365 -infiles foo-req.pem
αα»ααα·ααααΆαααααααααααΆααααααΎααα αααα»αααα―αααΆαααα α¬αααααααΆαα αααααααΆααααααΆααααα½ααααααΆααα’αααααα "ααΆαααααα" postfix αα·α dovecote ααΉαααααΌαααΆααααααααααα·αααΌαααΈααΆααα·ααααααΆαα·ααααΆααααααααΉαααΆαααΈααΆαααα αααα»ααααααα
α’αααααααΎααααΆαα vmail
αα»ααααααΎαα αΆααααααΎαααα‘αΎα postfix, dovecot αα·α dovecot-pigeonhole ααΌααααααΎαα’αααααααΎααααΆαα αα·ααααα»α (αααα»αααΉαααααΌαααΆααααααΎααααααααααααααααα·) vmail ααααΌα ααΆααααααααα»αααααΉαααΆαααΈααΆαααα α
pw useradd -n vmail -s /usr/sbin/nologin -u 1000 -d /var/vmail
ααααααααΎααααααααΆαα mail α αΎαααααα user vmail ααΆααα αΆααα
mkdir /var/vmail
chown -R vmail:vmail /var/vmail
chmod -R 744 /var/vmail
Postfix, dovecot, dovecot-pigeonhole
ααΌα ααααααα»αααΆααααααααΈαα»α ααΎαααΉααααααΌααααα»ααα·αααααααααααα·ααΈααΈα ααα ααααΎαααΆαααΆααααααααΆααΎααααΈααΆααα αα·ααααααΆα αααα
portsnap fetch extract
αααααΆααααΈαααααΆα αααα αα ααΌαα αΌααα ααΆααααα―αααΆα dovecot ααααααα ααΆααααααααα ααα (ααααΌααααα·αα·ααα mysql support) α αΎαααααΎαααΆα build (BATCH=yes ααΉαααααΆαααα»ααα½ααααα½αααα‘α»ααααααα‘αΎα)α
cd /usr/ports/mail/dovecot
make config
make BATCH=yes install clean
ααααΎαααααααΆαααΌα ααααΆααΆαα½α postfix αα·α dovecot-pigeonhole
Dovecot-pigeonholeα
cd /usr/ports/mail/dovecot-pigeonhole
make BATCH=yes install clean
postfix: αααα·αα·αααααΎαααΆααααααα ααααααααΆααααΆαααΆαααα mysql
cd /usr/ports/mail/postfix-sasl
make config
make BATCH=yes install clean
αα»ααααααααΎαααΆα dovecot ααΌαα αααα "configs"α
cp -R /usr/local/etc/dovecot/example-config/* /usr/local/etc/dovecot
αααααΆααααΈααα‘αΎα postfix αα·α dovecot ααΌαα αΆααααααΎαααααΆααααα
service postfix start
service dovecot start
ααΆααα αΆαααΆα αααααααααα»αααΆααααααΎαααααααααΌαα»ααααααΆααααΆαααααΎααΆαα₯αααΆαααΆααα ααΆααααααΆαα₯αααΆαααΆαααΉαααααΌαααΆαα ααααα αααα»αααααΈαααααααα»α αααααααΆαααΈααΆαααα αααα»ααα /usr/local/etc/dovecot/conf.d αααααααααΊ def ααΎαααΉααααααΎαααα―αααΆαααα αα·αα―αααΆααααααΆαααΌααααααΆααααΆαα ααααα α αΎααααααααα αΆααααααααααα ααΆ vmail α’αααααααΎααααΆααα
mkdir /usr/local/etc/dovecot/conf.d/def
touch /usr/local/etc/dovecot/conf.d/def/default.sieve
chown -R vmail:vmail /usr/local/etc/dovecot/conf.d/def
chmod -R 744 /usr/local/etc/dovecot/conf.d/def
αα αααα»αα―αααΆααααααΆαααααααΆααα
require "fileinto";
if header :contains "X-Spam-Flag" "YES" {
fileinto "Junk";
}
"ααααααα ααΆαααααααα"
αα αααα»ααααααααα αααα»αααΉααααααα§ααΆα ααααα "configs" ααΆαα½αααΉαααα·ααααααα αααα»ααα½ααα αααα»αααααΆαααααααααα "config" αα spamassassin α αΆααααΆααααΈαααα»ααα·αααΆαααααΎαααΆααα·αααααΆααααΉαααααΌααα ααΎαααααΆα (αααα»αααΆαα αΆαα ααααΈ "config" ααΆαααααΆαααΎα) ααΌααααααααα αααα»α ααα·αααααα’αααΈαααααααααα’αααα»αααΎααααΈααααααα ααΆαααααααα spamassassin α
αααααααΈαα
ααα αΆαααααΌαααΊαααααΎαα―αααΆαααΎααααΈααΆαα’αααααααΎααααΆαα ααα ααΌααΆααΈααΌαααααΆααα·ααααααα αααααΎαααα―αααΆαααΎααααΈαααααΆαα»αα―αααΆαααΆααααα αα·αα―αααΆαα αΆαααΆα αα
mkdir /usr/local/etc/postfix/mysql
touch /usr/local/etc/postfix/mysql/relay_domains.cf
touch /usr/local/etc/postfix/mysql/virtual_alias_maps.cf
touch /usr/local/etc/postfix/mysql/virtual_alias_domain_maps.cf
touch /usr/local/etc/postfix/mysql/virtual_mailbox_maps.cf
ααααΉαααΆαααα―αααΆαααΆαααααααΉαααΆαααααααααΌα
αααα
relay_domains.cf
hosts = 127.0.0.1
user = postfix
password = password123
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '1'
virtual_alias_maps.cf
hosts = 127.0.0.1
user = postfix
password = password123
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active ='1'
virtual_alias_domain_maps.cf
hosts = 127.0.0.1
user = postfix
password = password123
dbname = postfix
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = '1'
virtual_mailbox_maps.cf
hosts = 127.0.0.1
user = postfix
password = password123
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'
master.cf
#Π£ΠΊΠ°Π·Π°ΡΡ postfix ΠΎ ΡΠΎΠΌ, ΡΡΠΎ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ dovecot Π΄Π»Ρ Π΄ΠΎΡΡΠ°Π²ΠΊΠΈ ΠΏΠΎΡΡΡ
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${recipient}
#Π£ΠΊΠ°ΠΆΠ΅ΠΌ ΡΠ»ΡΠΆΠ±Π΅ smtpd ΠΎ Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΠΎΡΡΠΈ Π°Π²ΡΠΎΡΠΈΠ·ΠΎΠ²Π°ΡΡΡΡ ΡΠ΅ΡΠ΅Π· sasl, Π° ΡΠ°ΠΊΠΆΠ΅ ΠΎ ΡΠΎΠΌ, ΡΡΠΎ spamassassin Π±ΡΠ΄Π΅Ρ ΡΠΈΠ»ΡΡΡΠΎΠ²Π°ΡΡ ΠΏΠΎΡΡΡ
smtp inet n - n - - smtpd
-o content_filter=spamassassin
-o smtpd_sasl_auth_enable=yes
#ΠΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ ΠΏΠΎΡΡ 587 ΠΈ Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΠΎΡΡΡ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΠΈ ΡΠ΅ΡΠ΅Π· sasl
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
#Π£ΠΊΠ°Π·Π°ΡΡ ΡΠ»ΡΠΆΠ±Π΅ smtp ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΡ ΡΠ΅ΡΠ΅Π· SASL
smtps inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_wrappermode=yes
#ΠΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ Spamassassin
spamassassin unix - n n - - pipe
flags=DROhu user=vmail:vmail argv=/usr/local/bin/spamc -f -e
/usr/local/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
#628 inet n - n - - qmqpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o syslog_name=postfix/$service_name
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
postlog unix-dgram n - n - 1 postlogd
main.cf
#ΠΡΠ»ΠΈ Π½Π΅ ΡΠΊΠ°Π·Π°ΡΡ Π² Π΄Π°Π½Π½ΠΎΠΌ ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡΠ΅ Π·Π½Π°ΡΠ΅Π½ΠΈΠ΅ dovecot, ΡΠΎ ΠΏΠΎΡΡΠ° Π±ΡΠ΄Π΅Ρ ΠΏΠΎΡΡΡΠΏΠ°ΡΡ Π»ΠΎΠΊΠ°Π»ΡΠ½ΡΠΌ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»ΡΠΌ
local_transport = dovecot
#ΠΠ΅ ΡΡΠ²ΡΡΠ²ΠΈΡΠ΅Π»ΡΠ½ΡΠΉ ΠΊ ΡΠ΅Π³ΠΈΡΡΡΡ ΡΠΏΠΈΡΠΎΠΊ ΠΊΠ»ΡΡΠ΅Π²ΡΡ
ΡΠ»ΠΎΠ², ΠΊΠΎΡΠΎΡΡΠ΅ SMTP-ΡΠ΅ΡΠ²Π΅Ρ Π½Π΅ Π±ΡΠ΄Π΅Ρ ΠΎΡΠΏΡΠ°Π²Π»ΡΡΡ Π² ΠΎΡΠ²Π΅ΡΠ΅ EHLO ΡΠ΄Π°Π»ΡΠ½Π½ΠΎΠΌΡ SMTP ΠΊΠ»ΠΈΠ΅Π½ΡΡ
smtpd_discard_ehlo_keywords = CONNECT GET POST
#ΠΠΎΠ΄ΠΎΠΆΠ΄Π°ΡΡ ΠΏΠΎΠΊΠ° ΠΏΡΠΈΠ΄ΡΡ Π²ΡΡ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΡ ΠΎ ΠΊΠ»ΠΈΠ΅Π½ΡΠ΅ ΠΈ ΡΠΎΠ»ΡΠΊΠΎ ΠΏΠΎΡΠΎΠΌ ΠΏΡΠΈΠΌΠ΅Π½ΠΈΡΡ ΠΎΠ³ΡΠ°Π½ΠΈΡΠ΅Π½ΠΈΡ
smtpd_delay_reject = yes
#Π’ΡΠ΅Π±ΠΎΠ²Π°ΡΡ Π½Π°ΡΠΈΠ½Π°ΡΡ ΡΠ΅ΡΡΠΈΡ Ρ ΠΏΡΠΈΠ²Π΅ΡΡΡΠ²ΠΈΡ
smtpd_helo_required = yes
#ΠΠ°ΠΏΡΠ΅ΡΠΈΡΡ ΡΠ·Π½Π°Π²Π°ΡΡ ΡΡΡΠ΅ΡΡΠ²ΡΠ΅Ρ ΠΎΠΏΡΠ΅Π΄Π΅Π»ΡΠ½Π½ΡΠΉ ΠΏΠΎΡΡΠΎΠ²ΡΠΉ ΡΡΠΈΠΊ, ΠΈΠ»ΠΈ Π½Π΅Ρ
disable_vrfy_command = yes
#ΠΡΠΎΡ ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌ Π΄Π»Ρ ΡΠ°Π±ΠΎΡΡ ΡΡΡΠ°ΡΠ΅Π²ΡΠΈΡ
ΠΊΠ»ΠΈΠ΅Π½ΡΠΎΠ²
broken_sasl_auth_clients = yes
#ΠΠ°ΠΏΡΠ΅ΡΠΈΡΡ Π°Π½ΠΎΠ½ΠΈΠΌΠ½ΡΡ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΡ
smtpd_sasl_security_options = noanonymous noactive nodictionary
smtp_sasl_security_options = noanonymous noactive nodictionary
#ΠΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ dovecot Π΄Π»Ρ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΠΈ(ΠΏΠΎ ΡΠΌΠΎΠ»ΡΠ°Π½ΠΈΡ cyrus)
smtpd_sasl_type = dovecot
smtp_sasl_type = dovecot
#ΠΏΡΡΡ Π΄ΠΎ ΠΏΠ»Π°Π³ΠΈΠ½Π° Π°ΡΡΠ΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΈΠΈ
smtpd_sasl_path = private/auth
#Π‘ΠΏΠΈΡΠΎΠΊ ΡΡΡΠ΅ΡΡΠ²ΡΡΡΠΈΡ
ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Π΅ΠΉ
local_recipient_maps = $virtual_mailbox_maps $virtual_alias_maps
#ΠΡΠ»ΠΈ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Ρ Π½Π΅ ΡΡΡΠ΅ΡΡΠ²ΡΠ΅Ρ, ΡΠΎΠ³Π΄Π° ΠΎΡΠΊΠ»ΠΎΠ½ΠΈΡΡ ΠΏΠΎΡΡΡ
smtpd_reject_unlisted_recipient = yes
#ΠΠΈΠΌΠΈΡΡ ΡΠ°Π·ΠΌΠ΅ΡΠ° ΠΏΠΈΡΠ΅ΠΌ
message_size_limit = 10485760
#ΠΠ°ΠΆΠ΄ΡΠΉ ΠΏΠΎΠ»ΡΡΠ°ΡΠ΅Π»Ρ ΠΏΠΎΠ»ΡΡΠΈΡ ΠΈΠ½Π΄ΠΈΠ²ΠΈΠ΄ΡΠ°Π»ΡΠ½ΡΡ ΠΎΠ±ΡΠ°Π±ΠΎΡΠΊΡ spamassassin
spamassassin_destination_recipient_limit = 1
#ΠΠ½ΡΠΈΠ²ΠΈΡΡΡ
milter_default_action = accept
milter_protocol = 2
#ΠΡΡΡ Π΄ΠΎ ΡΠΎΠΊΠ΅ΡΠ° clamav
smtpd_milters = unix:/var/run/clamav/clmilter.sock
non_smtpd_milters = unix:/var/run/clamav/clmilter.sock
#MYSQL
relay_domains = mysql:/usr/local/etc/postfix/mysql/relay_domains.cf
virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql/virtual_alias_maps.cf, mysql:/usr/local/etc/postfix/mysql/virtual_alias_domain_maps.cf
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql/virtual_mailbox_maps.cf
#ΠΡΠΎΠ²Π΅ΡΠΊΠ° HELO
smtpd_helo_restrictions = permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_hostname
#ΠΠ³ΡΠ°Π½ΠΈΡΠ΅Π½ΠΈΡ Π΄Π»Ρ ΡΠΎΠ΄Π΅ΡΠΆΠΈΠΌΠΎΠ³ΠΎ ΠΏΠΈΡΠ΅ΠΌ
smtpd_data_restrictions = permit_sasl_authenticated reject_unauth_pipelining, reject_multi_recipient_bounce
#ΠΡΠ°Π²ΠΈΠ»Π° ΠΎΡΠΏΡΠ°Π²ΠΊΠΈ ΠΏΠΎΡΡΡ
smtpd_sender_restrictions = permit_sasl_authenticated reject_sender_login_mismatch,reject_unauthenticated_sender_login_mismatch, reject_non_fqdn_sender, reject_unknown_sender_domain
#ΠΡΠ°Π²ΠΈΠ»Π° ΠΏΡΠΈΡΠΌΠ° ΠΏΠΎΡΡΡ(check_policy_service inet:127.0.0.1:10023 ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡ postgrey - Π·Π°ΠΏΡΠ΅ΡΠ°Π΅Ρ ΠΏΡΠΈΡΠΌ ΠΏΠΎΡΡΡ Ρ ΠΏΠ΅ΡΠ²ΠΎΠ³ΠΎ ΡΠ°Π·Π°)
smtpd_recipient_restrictions = permit_sasl_authenticated reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_multi_recipient_bounce, reject_unknown_client_hostname, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023
#ΠΠ°ΠΏΠΊΠ° Π΄Π»Ρ ΠΏΠΎΡΡΡ
virtual_mailbox_base = /var/vmail
#uid ΠΈ gid vmail
virtual_minimum_uid = 1000
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000
#Π£ΠΊΠ°Π·Π°ΡΡ Π²ΠΈΡΡΡΠ°Π»ΡΠ½ΡΠΉ ΡΡΠ°Π½ΡΠΏΠΎΡΡ
virtual_transport = devecot
dovecot_destination_recipient_limit = 1
#ΠΠ°ΡΡΡΠΎΠΉΠΊΠΈ ΡΠΈΡΡΠΎΠ²Π°Π½ΠΈΡ
smtp_use_tls=yes
smtp_tls_note_starttls_offer=yes
#ΡΡΡΠΎΠΊΠ° smtp_tls_security_level=encrypt ΠΎΡΠ²Π΅ΡΠ°Π΅Ρ Π·Π° ΠΎΡΠΏΡΠ°Π²ΠΊΡ ΠΏΠΎΡΡΡ ΡΠΎΠ»ΡΠΊΠΎ ΡΠ΅ΡΠ΅Π· ssl, Π΅ΡΠ»ΠΈ ΡΠ΅ΡΠ²Π΅Ρ Π½Π΅ ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΈΠ²Π°Π΅Ρ ΠΏΡΠΈΡΠΌ ΠΏΠΎΡΡΡ ΡΠ΅ΡΠ΅Π· ssl, ΡΠΎΠ³Π΄Π° Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ ΠΏΠΎΡΡΠ°Π²ΠΈΡΡ smtp_tls_security_level=may(Π΅ΡΠ»ΠΈ ΡΠ΅ΡΠ²Π΅Ρ Π½Π΅ ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΈΠ²Π°Π΅Ρ ssl, ΡΠΎ ΠΎΡΠΏΡΠ°Π²ΠΈΡΡ Π² ΠΎΡΠΊΡΡΡΠΎΠΌ Π²ΠΈΠ΄Π΅)
smtp_tls_security_level=encrypt
smtp_tls_session_cache_database=btree:$data_directory/smtp_tls_session_cache
smtp_tls_CAfile=/etc/ssl/demoCA/cacert.pem
smtp_tls_key_file=/etc/ssl/foo-key.pem
smtp_tls_cert_file=/etc/ssl/foo-cert.pem
smtp_tls_session_cache_timeout=3600s
smtp_tls_protocols=!TLSv1.2
smtp_tls_loglevel=1
#ΡΡΡΠΎΠΊΠ° smtpd_tls_security_level=encrypt ΠΎΡΠ²Π΅ΡΠ°Π΅Ρ Π·Π° ΠΎΡΠΏΡΠ°Π²ΠΊΡ ΠΏΠΎΡΡΡ ΡΠΎΠ»ΡΠΊΠΎ ΡΠ΅ΡΠ΅Π· ssl, Π΅ΡΠ»ΠΈ ΡΠ΅ΡΠ²Π΅Ρ Π½Π΅ ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΈΠ²Π°Π΅Ρ ΠΏΡΠΈΡΠΌ ΠΏΠΎΡΡΡ ΡΠ΅ΡΠ΅Π· ssl, ΡΠΎΠ³Π΄Π° Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ ΠΏΠΎΡΡΠ°Π²ΠΈΡΡ smtpd_tls_security_level=may(Π΅ΡΠ»ΠΈ ΡΠ΅ΡΠ²Π΅Ρ Π½Π΅ ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΈΠ²Π°Π΅Ρ ssl, ΡΠΎ ΠΎΡΠΏΡΠ°Π²ΠΈΡΡ Π² ΠΎΡΠΊΡΡΡΠΎΠΌ Π²ΠΈΠ΄Π΅)
smtpd_tls_security_level=encrypt
smtpd_use_tls=yes
smtpd_tls_auth_only=yes
smtpd_tls_loglevel=1
smtpd_tls_received_header=yes
smtpd_tls_session_cache_timeout=3600s
smtpd_tls_session_cache_database=btree:$data_directory/smtpd_tls_session_cache
smtpd_tls_key_file=/etc/ssl/foo-key.pem
smtpd_tls_cert_file=/etc/ssl/foo-cert.pem
smtpd_tls_CAfile= /etc/ssl/demoCA/cacert.pem
smtpd_tls_protocols=!TLSv1.2
#ΠΡΡΡ Π΄ΠΎ ΡΡΡΡΠΎΠΉΡΡΠ²Π° Π³Π΅Π½Π΅ΡΠ°ΡΠΎΡΠ° ΡΠ»ΡΡΠ°ΠΉΠ½ΡΡ
ΡΠΈΡΠ΅Π»
tls_random_source=dev:/dev/urandom
#ΠΠ±ΡΠ°ΡΠ½Π°Ρ ΡΠΎΠ²ΠΌΠ΅ΡΡΠΈΠΌΠΎΡΡΡ
compatibility_level = 2
#Π‘ΠΎΠΎΠ±ΡΠΈΡΡ ΠΊΠ»ΠΈΠ΅Π½ΡΡ ΠΎ ΡΠΎΠΌ, ΡΡΠΎ ΠΏΠΎΡΡΠ° Π½Π΅ ΠΎΡΠΊΠ»ΠΎΠ½Π΅Π½Π°, Π° Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ ΠΎΡΠΏΡΠ°Π²ΠΈΡ Π΅Π΅ Π΅ΡΡ ΡΠ°Π·, Π½ΠΎ Π½Π΅ΠΌΠ½ΠΎΠ³ΠΎ ΠΏΠΎΠ·ΠΆΠ΅
soft_bounce = no
#Π‘ΠΈΡΡΠ΅ΠΌΠ½Π°Ρ ΡΡΡΡΠ½Π°Ρ Π·Π°ΠΏΠΈΡΡ UNIX ΠΈΠ· ΠΏΠΎ ΠΊΠΎΡΠΎΡΠΎΠΉ Π·Π°ΠΏΡΡΠΊΠ°Π΅ΡΡΡ ΠΈ ΡΠ°Π±ΠΎΡΠ°Π΅Ρ postfix
mail_owner = postfix
#ΠΠΌΡ Ρ
ΠΎΡΡΠ° Π½Π° ΠΊΠΎΡΠΎΡΠΎΠΌ ΡΠ°Π·Π²ΡΡΠ½ΡΡ postfix(Π² Π΄Π°Π½Π½ΠΎΠΌ ΠΏΡΠΈΠΌΠ΅ΡΠ΅ ΠΈΠΌΡ Π΄ΠΎΠΌΠ΅Π½Π° ΠΈ ΠΈΠΌΡ Ρ
ΠΎΡΡΠ° ΡΠΎΠ²ΠΏΠ°Π΄Π°ΡΡ)
myhostname = $mydomain
#Π Π΄Π°Π½Π½ΠΎΠΌ ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡΠ΅ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ ΡΠΊΠ°Π·Π°ΡΡ ΠΈΠΌΡ Π΄ΠΎΠΌΠ΅Π½Π°
mydomain = virusslayer.su
myorigin = $myhostname
#ΠΠ°ΠΊΠΈΠ΅ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΡ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ
inet_interfaces = all
#Π‘ΠΏΠΈΡΠΎΠΊ Π΄ΠΎΠΌΠ΅Π½ΠΎΠ² Π½Π° ΠΊΠΎΡΠΎΡΡΠ΅ Π±ΡΠ΄Π΅Ρ ΠΎΡΡΡΠ΅ΡΡΠ²Π»ΡΡΡΡΡ Π΄ΠΎΡΡΠ°Π²ΠΊΠ° ΠΏΠΎΡΡΡ
mydestination = $mydomain, localhost, localhost.$mydomain
#ΠΡΠΏΡΠ°Π²Π»ΡΠ΅Ρ ΠΊΠΎΠ΄ ΠΎΡΠ²Π΅ΡΠ° 550 ΠΎΡΠΏΡΠ°Π²ΠΈΡΠ΅Π»Ρ ΠΊΠΎΡΠΎΡΡΠΉ ΠΏΡΡΠ°Π΅ΡΡΡ ΠΎΡΠΏΡΠ°Π²ΠΈΡΡ ΠΏΠΈΡΡΠΌΠΎ Π½Π΅ ΡΡΡΠ΅ΡΡΠ²ΡΡΡΠ΅ΠΌΡ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Ρ
unknown_local_recipient_reject_code = 550
#ΠΏΠ΅ΡΠ΅ΡΡΠ»Π°ΡΡ ΠΏΠΎΡΡΡ ΡΠΎΠ»ΡΠΊΠΎ ΠΎΡ localhost
mynetworks_style = host
#Π Π΄Π°Π½Π½ΠΎΠΌ ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡΠ΅ Π½Π΅ Π½ΡΠΆΠ½ΠΎ Π½Π΅ ΡΠ΅Π³ΠΎ ΡΠΊΠ°Π·ΡΠ²Π°ΡΡ, ΡΠ°ΠΊ-ΠΊΠ°ΠΊ ΠΏΠΎΠ΄ΡΠ΅ΡΠΈ ΡΠΊΠ°Π·Π°Π½Π½ΡΠ΅ Π² Π΄Π°Π½Π½ΠΎΠΌ ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡΠ΅ Π±ΡΠ΄ΡΡ ΡΡΠΈΡΠ°ΡΡΡΡ ΠΏΡΠΈΠ²ΠΈΠ»Π΅Π³ΠΈΡΠΎΠ²Π°Π½Π½ΡΠΌΠΈ
mynetworks =
#ΠΠ΅ΡΡΠΈΡ ΠΏΡΠΎΡΠΎΠΊΠΎΠ»Π° ip
inet_protocols = ipv4
#ΠΠ»ΠΈΠ°ΡΡ Π»ΠΎΠΊΠ°Π»ΡΠ½ΡΡ
ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Π΅ΠΉ(Π΅ΡΠ»ΠΈ ΠΊΠΎΠ½Π΅ΡΠ½ΠΎ ΡΡΠΎ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ)
alias_maps = hash:/etc/mail/aliases
alias_database = dbm:/etc/mail/aliases.db
#ΠΠ°Π½Π½ΡΠΌ ΡΠΎΠΎΠ±ΡΠ΅Π½ΠΈΠ΅ΠΌ ΡΠ΅ΡΠ²Π΅Ρ Π±ΡΠ΄Π΅Ρ ΠΏΡΠ΅Π΄ΡΡΠ°Π²Π»ΡΡΡΡΡ ΠΏΡΠΈ ΠΎΡΠΏΡΠ°Π²ΠΊΠ΅ ΠΈ ΠΏΠΎΠ»ΡΡΠ΅Π½ΠΈΠΈ ΠΏΠΎΡΡΡ
smtpd_banner = $myhostname ESMTP $mail_name
#Π£ΠΊΠ°Π·Π°ΡΡ Π½Π° ΡΠΊΠΎΠ»ΡΠΊΠΎ ΠΏΠΎΠ΄ΡΠΎΠ±Π½ΡΠΌ Π΄ΠΎΠ»ΠΆΠ΅Π½ Π±ΡΡΡ ΠΎΡΡΡΡ
debug_peer_level = 2
#Π£ΠΊΠ°Π·Π°ΡΡ ΠΌΠ΅ΠΆΠ΄Ρ ΠΊΠ°ΠΊΠΈΠΌΠΈ Π΄ΠΎΠΌΠ΅Π½Π°ΠΌΠΈ ΠΎΡΡΠ»ΠΊΠΆΠΈΠ²Π°ΡΡ ΠΏΠ΅ΡΠ΅ΡΡΠ»ΠΊΡ (Π΄Π»Ρ Π·Π°ΠΏΠΈΡΠΈ Π² Π»ΠΎΠ³, ΠΌΠΎΠΆΠ½ΠΎ ΡΠΊΠ°Π·Π°ΡΡ Π½Π°ΠΏΡΠΈΠΌΠ΅Ρ yandex.ru gmail.ru mail.ru ΠΈ Ρ.Π΄.)
debug_peer_list = 127.0.0.1
#ΠΡΡΡ Π΄ΠΎ ΠΎΡΠ»Π°Π΄ΡΠΈΠΊΠ°
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
#Π‘ΠΎΠ²ΠΌΠ΅ΡΡΠΈΠΌΠΎΡΡΡ Ρ sendmail
sendmail_path = /usr/local/sbin/sendmail
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
#ΠΡΡΠΈ Π΄ΠΎ ΡΠ°Π·Π»ΠΈΡΠ½ΡΡ
ΠΊΠ°ΡΠ°Π»ΠΎΠ³ΠΎΠ²
html_directory = /usr/local/share/doc/postfix
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = /usr/local/share/doc/postfix
meta_directory = /usr/local/libexec/postfix
shlib_directory = /usr/local/lib/postfix
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
ααΌαααΌα
dovecot.conf
#ΠΡΠΎΡΠΎΠΊΠΎΠ»Ρ Ρ ΠΊΠΎΡΠΎΡΡΠΌΠΈ Π±ΡΠ΄Π΅Ρ ΡΠ°Π±ΠΎΡΠ°ΡΡ dovecot
protocols = imap pop3
#ΠΠ°ΠΊΠΈΠ΅ Π°Π΄ΡΠ΅ΡΠ° Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ ΡΠ»ΡΡΠ°ΡΡ
listen = *, ::
#ΠΡΡΡ Π΄ΠΎ ΡΠ°ΠΉΠ»Π° Ρ ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡΠ°ΠΌΠΈ ΠΈΠ·Π²Π»Π΅ΡΠ΅Π½ΠΈΡ ΠΊΠ²ΠΎΡ ΠΈΠ· mysql
dict {
quota = mysql:/usr/local/etc/dovecot/dovecot-dict-sql.conf.ext
}
#ΠΠ·Π²Π»Π΅ΡΡ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΡΠ΅ ΠΊΠΎΠ½ΡΠΈΠ³ΠΈ
!include conf.d/*.conf
!include_try local.conf
dovecot-dict-sql.conf.ext
connect = host=127.0.0.1 dbname=postfix user=postfix password=password123
map {
pattern = priv/quota/storage
table = quota2
username_field = username
value_field = bytes
}
map {
pattern = priv/quota/messages
table = quota2
username_field = username
value_field = messages
}
dovecot-sql.conf.ext
#ΠΠ°ΡΠ°ΠΌΠ΅ΡΡΡ ΠΏΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΡ ΠΊ Π±Π°Π·Π΅ MYSQL
driver = mysql
connect = host=127.0.0.1 dbname=postfix user=postfix password=password123
#ΠΠ°ΠΊΠ°Ρ ΡΡ
Π΅ΠΌΠ° ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΡΡΡ Π΄Π»Ρ ΠΏΠ°ΡΠΎΠ»Π΅ΠΉ
default_pass_scheme = MD5
#ΠΠ°ΠΏΡΠΎΡΡ Π΄Π»Ρ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Π΅ΠΉ, ΠΏΠ°ΡΠΎΠ»Π΅ΠΉ ΠΈ ΠΊΠ²ΠΎΡ
user_query = SELECT '/var/mail/%d/%n/' AS home, 'maildir:/var/vmail/%d/%n' AS mail, 1000 AS uid, 1000 AS gid, concat('*:bytes=',quota) as quota_rule FROM mailbox
WHERE username ='%u' AND active = '1'
password_query = SELECT username as user, password, '/var/vmail/%d/%n' as userdb_home, 'maildir:/var/vmail/%d/%n' as userdb_mail, 1000 as userdb_uid,
1000 as userdb_gid, concat('*:bytes=',quota) AS userdb_quota_rule FROM mailbox WHERE username ='%u' AND active ='1'
10-auth.conf
#ΠΠ°ΠΏΡΠ΅ΡΠΈΡΡ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΡ Π±Π΅Π· SSL
disable_plaintext_auth = yes
#ΠΠΌΡ ΠΠ°ΡΠ΅Π³ΠΎ Π΄ΠΎΠΌΠ΅Π½Π°
auth_realms = virusslayer.su
auth_default_realm = virusslayer.su
#ΠΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΡ Π² ΠΎΡΠΊΡΡΡΠΎΠΌ Π²ΠΈΠ΄Π΅(ΠΎΠ±ΡΡΠ½ΡΠΌ ΡΠ΅ΠΊΡΡΠΎΠΌ, Π½ΠΎ Π² Π΄Π°Π½Π½ΠΎΠΌ ΡΠ»ΡΡΠ°ΠΈ Π²ΡΠ΅ Π±ΡΠ΄Π΅ΡΠ΅ ΠΏΠ΅ΡΠ΅Π΄Π°Π²Π°ΡΡΡΡ ΡΠ΅ΡΠ΅Π· ssl)
auth_mechanisms = plain login
#ΠΠ΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ Π·Π°ΠΊΠΎΠΌΠΌΠ΅Π½ΡΠΈΡΠΎΠ²Π°ΡΡ Π²ΡΠ΅ ΡΡΡΠΎΠΊΠΈ, ΠΊΡΠΎΠΌΠ΅ !include auth-sql.conf.ext, ΡΠ°ΠΊ ΠΊΠ°ΠΊ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»ΠΈ Π±ΡΠ΄ΡΡ Π²ΠΈΡΡΡΠ°Π»ΡΠ½ΡΠ΅ ΠΈΠ· Π±Π°Π·Ρ mysql
#!include auth-deny.conf.ext
#!include auth-master.conf.ext
#!include auth-system.conf.ext
!include auth-sql.conf.ext
#!include auth-ldap.conf.ext
#!include auth-passwdfile.conf.ext
#!include auth-checkpassword.conf.ext
#!include auth-vpopmail.conf.ext
#!include auth-static.conf.ext
10-mail.conf
#ΠΡΡΡ Π΄ΠΎ ΠΏΠΎΡΡΠΎΠ²ΡΡ
ΡΡΠΈΠΊΠΎΠ²
mail_location = maildir:/var/vmail/%d/%n
#ΠΠΎΠ·ΠΌΠΎΠΆΠ΅Π½ ΡΠΎΠ»ΡΠΊΠΎ ΠΎΠ΄ΠΈΠ½ ΡΡΠΈΠΊ Π΄Π»Ρ ΠΏΡΠΈΡΠΌΠ° ΠΏΠΈΡΠ΅ΠΌ
namespace inbox {
inbox = yes
}
#uid ΠΈ gid vmail
mail_uid = 1000
mail_gid = 1000
#Π‘ΠΏΠΈΡΠΎΠΊ ΠΏΠ»Π°Π³ΠΈΠ½ΠΎΠ², Π² Π΄Π°Π½Π½ΠΎΠΌ ΡΠ»ΡΡΠ°ΠΈ quota
mail_plugins = quota
10-master.conf
#ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅ Π½ΠΎΠΌΠ΅ΡΠΎΠ² ΠΏΠΎΡΡΠΎΠ² ΠΈ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΠ΅ ssl
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
service submission-login {
inet_listener submission {
port = 587
}
}
#ΠΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»ΠΈ ΠΈ ΠΏΡΠ°Π²Π° Π΄Π»Ρ ΠΈΡ
Π΄ΠΎΡΡΡΠΏΠ° ΠΊ Π±Π°Π·Π΅ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Π΅ΠΉ ΠΈ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΠΈ (Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΠΎ Π½Π΅ ΠΊΠΎΡΡΠ΅ΠΊΡΠ½ΠΎ ΠΎΠΏΠΈΡΠ°Π», Π½ΠΎ ΡΡΠΈ ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡΡ Ρ ΠΏΠΎΠ½ΡΠ» ΠΈΠΌΠ΅Π½Π½ΠΎ ΡΠ°ΠΊ)
service auth {
unix_listener auth-userdb {
mode = 0600
user = vmail
group = vmail
}
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
}
#ΠΡΠ°Π²Π° ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Ρ vmail ΠΊ ΠΊΠ²ΠΎΡΠ°ΠΌ
service dict {
unix_listener dict {
mode = 0660
user = vmail
group = vmail
}
}
10-ssl.conf
#ΠΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ ssl ΠΏΡΠΈΠ½ΡΠ΄ΠΈΡΠ΅Π»ΡΠ½ΠΎ (ΠΏΠΎΠΏΡΡΠΊΠΈ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΡ Π±Π΅Π· sll Π±ΡΠ΄ΡΡ Π·Π°ΠΏΡΠ΅ΡΠ΅Π½Ρ)
ssl = required
#ΠΡΡΠΈ Π΄ΠΎ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠΎΠ²
ssl_cert = </etc/ssl/foo-cert.pem
ssl_key = </etc/ssl/foo-key.pem
ssl_ca = </etc/ssl/demoCA/cacert.pem
#ΠΠ°ΠΊΠΎΠΉ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ ΠΏΡΠΎΡΠΎΠΊΠΎΠ»
ssl_min_protocol = TLSv1.2
15-lda.conf
quota_full_tempfail = no
lda_mailbox_autosubscribe = yes
protocol lda {
# Π Π΄Π°Π½Π½ΠΎΠΉ ΡΡΡΠΎΠΊΠ΅ ΡΠΊΠ°Π·Π°Π½ ΠΌΠΎΠ΄ΡΠ»Ρ sieve, ΠΊΠΎΡΠΎΡΡΠΉ Π±ΡΠ΄Π΅Ρ ΠΏΠ΅ΡΠ΅Π½Π°ΠΏΡΠ°Π²Π»ΡΡΡ ΡΠΏΠ°ΠΌ Π² ΠΏΠ°ΠΏΠΊΡ ΡΠΏΠ°ΠΌ
mail_plugins = $mail_plugins sieve quota
}
90-plugin.conf
#ΠΠ΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ ΡΠΊΠ°Π·Π°ΡΡ ΠΊΠ°ΡΠ°Π»ΠΎΠ³ Π² ΠΊΠΎΡΠΎΡΠΎΠΌ Π±ΡΠ΄ΡΡ ΠΏΡΠ°Π²ΠΈΠ»Π° Π΄Π»Ρ ΠΏΠ΅ΡΠ΅Π½ΠΎΡΠ° ΡΠΏΠ°ΠΌ ΠΏΠΈΡΠ΅ΠΌ Π² ΠΊΠ°ΡΠ°Π»ΠΎΠ³ "Π‘ΠΠΠ", ΡΠ°ΠΊΠΆΠ΅ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ Π΄Π°Π½Π½ΠΎΠΌΡ ΠΊΠ°ΡΠ°Π»ΠΎΠ³Ρ Π²ΡΡΡΠ°Π²ΠΈΡΡ ΠΏΡΠ°Π²Π° chown -R vmail:vmail
#Π Π΄Π°Π½Π½ΠΎΠΌ ΠΊΠ°ΡΠ°Π»ΠΎΠ³Π΅ ΡΠΊΠΎΠΌΠΏΠΈΠ»ΠΈΡΡΠ΅ΡΡΡ ΡΠ°ΠΉΠ» Π΄Π»Ρ ΠΏΠ΅ΡΠ΅Π±ΡΠΎΡΠ° ΡΠΏΠ°ΠΌΠ° Π² ΠΊΠ°ΡΠ°Π»ΠΎΠ³ "Π‘ΠΠΠ"
plugin {
#setting_name = value
sieve = /usr/local/etc/dovecot/conf.d/def/default.sieve
}
auth-sql.conf.ext
#Π€Π°ΠΉΠ»Ρ Ρ Π½Π°ΡΡΡΠΎΠΉΠΊΠ°ΠΌΠΈ Π΄ΠΎΡΡΡΠΏΠ° ΠΊ Π±Π°Π·Π΅ MYSQL
passdb {
driver = sql
# Path for SQL configuration file, see example-config/dovecot-sql.conf.ext
args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = sql
args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
}
Spamasassin
spamassassin βconfigβ ααΎααα ααΌα ααα ααα»ααααααΆαα’αααΈαα½αααααΆαααααα»αααΆαα·ααααααααααΆαααααααα ααΆαααααααααα·ααααααααααΆαααα ααΌαα’ααααα½αααΆαα½ααα·αααααα βconfigβα
local.cf
rewrite_header Subject *****SPAM*****
report_safe 0
required_score 5.0
use_bayes 1
bayes_auto_learn 1
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
endif # Mail::SpamAssassin::Plugin::Shortcircuit
ααΆααα αΆαααΆα αααααααααα»αααΆαααααα»ααααααΆαααΎα’αααααααααΆα αα·αααααΆαααΆαα₯αααΆαααΆαα
sa-learn --spam /path/spam/folder
sa-learn --ham /path/ham/folder
ααΎαααΈαααααα
αα αααα»ααααααααα αααα»αααΉααααααΆααααΆαααααααααααΆααααααΎααααααα’ααααΎ pf αααααα pf αα autorun α αΎααααααΆααα―αααΆαααΆαα½αααΉαα αααΆααα
sysrc pf_enable="YES"
sysrc pf_rules="/etc/0.pf"
ααααααααΎαα―αααΆαααΆαα½αα αααΆααα
ee /etc/0.pf
α αΎαααααααα αααΆαααα ααΆα
#ΠΠ°Π½Π½ΡΠΉ ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡ(Π½Π΅ ΡΠΈΠ»ΡΡΡΠΎΠ²Π°ΡΡ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ lo0) ΠΎΠ±ΡΠ·Π°ΡΠ΅Π»ΡΠ½ΠΎ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ ΡΠΊΠ°Π·ΡΠ²Π°ΡΡ ΠΏΠ΅ΡΠ²ΡΠΌ, ΠΈΠ»ΠΈ ΠΎΠ½ Π½Π΅ ΡΡΠ°Π±ΠΎΡΠ°Π΅Ρ
set skip on lo0
#ΠΠ°ΡΡΡΠΎΠΈΠΌ Π΄ΠΎΡΡΡΠΏ ΠΊ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΡΠΌ ΠΏΠΎΡΡΠ°ΠΌ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»ΡΠΌ deovecot, postfix, root
pass in quick proto { tcp, udp } from any to any port {53,25,465,587,110,143,993,995} user {dovecot,postfix,root} flags S/SA modulate state
pass out quick proto { tcp, udp } from any to any port {53,25,465,587,110,143,993,995} user {dovecot,postfix,root}
#ΡΠ°Π·ΡΠ΅ΡΠΈΡΡ Π»ΡΠ±ΠΎΠΉ ΠΈΡΡ
ΠΎΠ΄ΡΡΠΈΠΉ ΡΡΠ°ΡΠΈΠΊ Π΄Π»Ρ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Ρ root
pass out quick proto {tcp,udp} from any to any user root
#Π Π°Π·ΡΠ΅ΡΠΈΡΡ Π·Π°Ρ
ΠΎΠ΄ΠΈΡΡ Π½Π° Π²ΡΠ± ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ
pass in quick proto tcp from any to any port 80 flags S/SA modulate state
#SSH
pass in quick proto tcp from any to any port 22 flags S/SA modulate state
#Π Π°Π·ΡΠ΅ΡΠΈΡΡ Π΄ΠΎΡΡΡΠΏ Π² ΡΠ΅ΡΡ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»ΡΠΌ clamav ΠΈ spamd
pass out quick proto {tcp,udp} from any to any user {clamav,spamd}
#DNS ΠΈ ICMP
pass out quick proto {tcp,udp} from any to any port=53 keep state
pass out quick proto icmp from any to any
block from any to any fragment
block from any to any
block all
α’αααα’αΆα α αΆααααααΎα pf ααΆαα½αααΆααααααααΆα
service pf start
ααΆααααα
ααΎααααΈααΆαααααααΆααααααΆαααααα’αΆα ααααΎααΆαααΆααα’αα (STARTTLS, SLL) α’αααα’αΆα ααααΎαααΆαααΈαααααααααααΆααα§αααααα ααα (αααα»αααααΈαααααααα»ααααααΆααααααααααααααα·ααααα·ααΆα iOS) "MyOffice Mail" αααααα·ααΈαααααΆααααΆαααΆααααααααΆα αααΎααααααΆααααα‘αΎαααΆααααααΆαααα αααΆαααΈαααα
ααΎααααΈααΆααααα spaassasin ααΎαααααΎα αααααααΆ GTUBE αααααααααααΆαααα α’αααα:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
ααααα·αααΎα’αααΈαααΆααα’ααααααΉαααααΌα αα·αα·ααααααΉαααααΌαααΆααααααΆααααΆααΆααΆαα₯αααΆαααΆα α αΎαααααΌαααααΆααααΈαα ααααΆαα₯αααΆαααΆαα
ααΎααααΈααΆαααααααα αΆααααααα α’αααααααΌαααααΎαααα»αααααΆαα½αα―αααΆαα’ααααα α―αααΆααααααΉαααΆαααααΆαα EICARα
X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
α’ααααααααααΆαα·ααααΌαααααΎα
ααααΈαααα’αααααα»αααααΆααααα
α
ααΎααααΈααΎααααααα ααα»αααα»ααααααααΆααΆααααααα ααΌαααααΎαααΆαα
tail -f /var/log/maillog
ααΌα ααααΆααααααααααΎααααΈααΆαααααααΆαααααΎαααα»αααα±ααααΆαααααΉαααααΌααα αααα’αααααα»αααααΆααααα (α§ααΆα ααααα yandex.ru, mail.ru, gmail.com ααα) α’αααααααΌαα α»ααααααααααα DNS αααα αααΆα (PTR record) αααα’αΆα ααααΌαααΆαααααΎαααααααΆαααααα α’ααααααααααααΆααααα’ααα (ααααα·αααΎααΆααΆααα·α α’ααααα·αααΆααααΆαααΈααα DNS ααααΆαααααα½αααααα’ααααα)α
ααα ααααΈααααα·ααααΆα
ααΆααΆααα·αααΆαα ααΆα’αΆα α αΆααααΌα ααΆααΆαααΆαααΈααααααα»αααααΊααΆααΏααααααα»αααααΆααα½α ααα»ααααααααα·αααΎα’ααααααα‘ααααΎαααΆ ααααα·ααααααΆααΆααα·αααΆααααααα αααααΆααααΈα αααΆααααααααα·α ααΎααΆαααααα α’αααα’αΆα ααα½αααΆααααΆαααΈααααααα»ααααααααΆααα»αααΆααααααα ααΆαααΆαααΆααααααΆααααΉα spam αα·ααααααα
PS ααααα·αααΎα’αααααΆααααααα "α αααααα·αααααΆαα" ααΆαα½αααΉαααα·ααααα αααα’αααααααΌαααααααα’αααααααΎααααΆααααΆ root (αα·αα’ααααααααααΌαααΆαααΆ) αα αααα»ααααααα ααα»ααααΆααααΆααΆαα»ααααΈα
pw usermod root -L russian
αααααΆααααΈααα αΆαααΆααααααα½α’αααααα»αααααΈααΉαααααΌαααΆααααα αΆααααΆαααααΉαααααΌαα
ααααα: www.habr.com