Install Mailany sur Debian : Différence entre versions
De wikiGite
| Ligne 13 : | Ligne 13 : | ||
mysqladmin -u root password '<mot_de_passe>' | mysqladmin -u root password '<mot_de_passe>' | ||
mysqladmin -u root --password='<mot_de_passe>' create mailany | mysqladmin -u root --password='<mot_de_passe>' create mailany | ||
| − | |||
Puis Postfix (sur MySQL, avec support SMTP-Auth et TLS), et procmail | Puis Postfix (sur MySQL, avec support SMTP-Auth et TLS), et procmail | ||
apt-get install postfix postfix-mysql procmail libsasl2 sasl2-bin libsasl2-modules libdb3-util | apt-get install postfix postfix-mysql procmail libsasl2 sasl2-bin libsasl2-modules libdb3-util | ||
Installer Postfix en "site internet" et donner le nom du serveur. | Installer Postfix en "site internet" et donner le nom du serveur. | ||
| − | Modifier /etc/postfix/main.cf. Pour le support MySQL : | + | Modifier /etc/postfix/main.cf.<br/> |
| − | relay_domains = proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf | + | *Pour le support MySQL : |
| − | virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf | + | postconf -e 'relay_domains = proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf' |
| − | virtual_gid_maps = static:20001 | + | postconf -e 'virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf' |
| − | virtual_mailbox_base = /home/virtual | + | postconf -e 'virtual_gid_maps = static:20001' |
| − | virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf | + | postconf -e 'virtual_mailbox_base = /home/virtual' |
| − | virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf | + | postconf -e 'virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf' |
| − | virtual_minimum_uid = 20001 | + | postconf -e 'virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf' |
| − | virtual_uid_maps = static:20001 | + | postconf -e 'virtual_minimum_uid = 20001' |
| − | proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_recipient_restrictions $smtpd_sender_login_maps | + | postconf -e 'virtual_uid_maps = static:20001' |
| − | + | postconf -e 'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps '$virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_recipient_restrictions $smtpd_sender_login_maps' | |
| + | *Pour SASL et TLS : | ||
| + | postconf -e 'smtpd_sasl_local_domain =' | ||
| + | postconf -e 'smtpd_sasl_auth_enable = yes' | ||
| + | postconf -e 'smtpd_sasl_security_options = noanonymous' | ||
| + | postconf -e 'broken_sasl_auth_clients = yes' | ||
| + | postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination' | ||
| + | postconf -e 'inet_interfaces = all' | ||
| + | postconf -e 'smtp_use_tls = yes' | ||
| + | postconf -e 'smtpd_use_tls = yes' | ||
| + | postconf -e 'smtp_tls_note_starttls_offer = yes' | ||
| + | postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key' | ||
| + | postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt' | ||
| + | postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem' | ||
| + | postconf -e 'smtpd_tls_loglevel = 1' | ||
| + | postconf -e 'smtpd_tls_received_header = yes' | ||
| + | postconf -e 'smtpd_tls_session_cache_timeout = 3600s' | ||
| + | postconf -e 'tls_random_source = dev:/dev/urandom' | ||
| + | postconf -e 'myhostname = server1.example.com' | ||
| + | |||
| + | echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf | ||
| + | echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.confpostconf -e 'smtpd_tls_auth_only = no' | ||
| + | *Un peu de sécurité : | ||
| + | postconf -e 'message_size_limit = 50240000' | ||
| + | postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, permit' | ||
| + | postconf -e 'smtpd_data_restrictions = reject_unauth_pipelining, permit' | ||
| + | *Et le minimum pour un bon serveur de mail sous linux : | ||
| + | postconf -e 'home_mailbox = Maildir/' | ||
| − | |||
Les outils complémentaires : | Les outils complémentaires : | ||
Version du 30 octobre 2008 à 09:35
Install de base Debian dans une VM
Chargement d'une iso Debian
wget ftp://ftp.proxad.net/mirrors/cdimage.debian.org/debian-cd/current/i386/iso-cd/debian-40r5-i386-netinst.iso
Création de la VM en bootant sur l'ISO. Le disque (10G) est partitionné en LVM, avec /home séparé (en prévision des quotas).
Install de base, on verra exactement ensuite ce qui est nécessaire.
On commence par installer ssh
apt-get install openssh-server
Puis apache et mysql
apt-get install apache2 mysql-server mysql-common mysql-client
On donne un mot de passe à l'admin mysql, et on crée tout de suite une base pour Mailany
mysqladmin -u root password '<mot_de_passe>' mysqladmin -u root --password='<mot_de_passe>' create mailany
Puis Postfix (sur MySQL, avec support SMTP-Auth et TLS), et procmail
apt-get install postfix postfix-mysql procmail libsasl2 sasl2-bin libsasl2-modules libdb3-util
Installer Postfix en "site internet" et donner le nom du serveur.
Modifier /etc/postfix/main.cf.
- Pour le support MySQL :
postconf -e 'relay_domains = proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf' postconf -e 'virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf' postconf -e 'virtual_gid_maps = static:20001' postconf -e 'virtual_mailbox_base = /home/virtual' postconf -e 'virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf' postconf -e 'virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf' postconf -e 'virtual_minimum_uid = 20001' postconf -e 'virtual_uid_maps = static:20001' postconf -e 'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps '$virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_recipient_restrictions $smtpd_sender_login_maps'
- Pour SASL et TLS :
postconf -e 'smtpd_sasl_local_domain =' postconf -e 'smtpd_sasl_auth_enable = yes' postconf -e 'smtpd_sasl_security_options = noanonymous' postconf -e 'broken_sasl_auth_clients = yes' postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination' postconf -e 'inet_interfaces = all' postconf -e 'smtp_use_tls = yes' postconf -e 'smtpd_use_tls = yes' postconf -e 'smtp_tls_note_starttls_offer = yes' postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key' postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt' postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem' postconf -e 'smtpd_tls_loglevel = 1' postconf -e 'smtpd_tls_received_header = yes' postconf -e 'smtpd_tls_session_cache_timeout = 3600s' postconf -e 'tls_random_source = dev:/dev/urandom' postconf -e 'myhostname = server1.example.com' echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.confpostconf -e 'smtpd_tls_auth_only = no'
- Un peu de sécurité :
postconf -e 'message_size_limit = 50240000' postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, permit' postconf -e 'smtpd_data_restrictions = reject_unauth_pipelining, permit'
- Et le minimum pour un bon serveur de mail sous linux :
postconf -e 'home_mailbox = Maildir/'
Les outils complémentaires :
- Cache DNS, le serveur mail faisant une utilisation abondante des DNS. L'installation de base sous Debian propose un serveur cache, on a donc rien à faire :
apt-get install bind9
Faire pointer le resolv.conf en local
nameserver 127.0.0.1 search systea.net
Puis on teste la résolution
ping www.google.fr
- Les quotas
apt-get install quota
Editer /etc/fstab, ajouter la gestion des quotas sur la partition /home
/dev/mapper/mailserver1-home /home ext3 defaults,usrquota,grpquota 0 2
apt-get install spamassassin
clamav
