{"id":2911,"date":"2018-08-10T17:33:01","date_gmt":"2018-08-10T17:33:01","guid":{"rendered":"https:\/\/tst-amo.net.ua\/blog\/?p=2911"},"modified":"2021-03-22T08:10:56","modified_gmt":"2021-03-22T08:10:56","slug":"postfix-dovecot-postfixadmin-roundcube-dkim","status":"publish","type":"post","link":"https:\/\/tst-amo.net.ua\/blog\/?p=2911","title":{"rendered":"Postfix + Dovecot + Postfixadmin + Roundcube + Postgrey + DKIM"},"content":{"rendered":"

\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u044b:<\/p>\n

# cat \/etc\/hosts\r\n127.0.0.1 localhost localhost.tst-amo.net.ua<\/span> localhost4 localhost4.tst-amo.net.ua<\/span>\r\n::1 localhost localhost.tst-amo.net.ua localhost6 localhost6.tst-amo.net.ua\r\n\r\n192.168.1.41 mail mail.tst-amo.net.ua\r\n192.168.1.41 mail.tst-amo.net.ua.<\/pre>\n
# cat \/etc\/aliases\r\n\r\n# Basic system aliases -- these MUST be present.\r\nmailer-daemon: postmaster\r\npostmaster: root<\/span>\r\nroot: pm@tst-amo.net.ua<\/span> # \u0443\u0447\u0435\u0442\u043a\u0430 \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0431\u0443\u0434\u0435\u0442 \u043f\u0435\u0440\u0435\u0441\u044b\u043b\u0430\u0442\u044c\u0441\u044f \u043f\u043e\u0447\u0442\u0430 root\r\n\r\n# General redirections for pseudo accounts.\r\nbin: root\r\ndaemon: root<\/pre>\n
# hostname\r\ntst.tst-amo.net.ua<\/pre>\n
\u041e\u0447\u0435\u043d\u044c \u0436\u0435\u043b\u0430\u0442\u0435\u043b\u0435\u043d PTR (\u043f\u0440\u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0443 \u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u0430 \u043f\u043e \u0437\u0430\u044f\u0432\u043a\u0435, \u0443 \u043c\u043e\u0435\u0433\u043e \u043d\u0435\u043b\u044c\u0437\u044f)<\/p>\n
\u041d\u0430\u043f\u0440\u0438\u043c\u0435\u0440:<\/p>\n
# nslookup 222.444.22.63<\/span>\r\nServer: 192.168.1.41\r\nAddress: 192.168.1.41#53\r\n\r\nNon-authoritative answer:\r\n222.444.22.63<\/span>.in-addr.arpa name = mail.domen.ua.<\/pre>\n
\u041f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u0443\u0436\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u044b \u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u044b MySQL, nginx.<\/p>\n
1. MySQL<\/h3>\n
\u0421\u043e\u0437\u0434\u0430\u0435\u043c \u0431\u0430\u0437\u0443 \u0434\u0430\u043d\u043d\u044b\u0445:<\/p>\n
# mysql -uroot -p\r\nMariaDB [(none)]> CREATE DATABASE postfix;\r\nQuery OK, 1 row affected (0.03 sec)\r\nMariaDB [(none)]> GRANT ALL PRIVILEGES ON postfix.* TO 'postfix'@'localhost' IDENTIFIED BY 'mypassword';\r\nQuery OK, 0 rows affected (0.10 sec)\r\nMariaDB [(none)]> FLUSH PRIVILEGES;\r\nQuery OK, 0 rows affected (0.01 sec)\r\nMariaDB [(none)]> quit<\/pre>\n
2. Postfixadmin<\/h3>\n
# wget -q -O - \"https:\/\/downloads.sourceforge.net\/project\/postfixadmin\/postfixadmin\/postfixadmin-3.2\/postfixadmin-3.2.tar.gz\" | tar -xzf - -C \/home\/www\/\r\n# yum install php56w-imap\r\n# chown -R nginx:www-data \/home\/www\/postfixadmin<\/pre>\n
– \u0433\u0434\u0435\u00a0nginx:www-data – \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043f\u043e\u0434 \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f nginx \u0438 \u0433\u0440\u0443\u043f\u043f\u0430<\/p>\n
\u041f\u043e\u0441\u043b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u043c\u0435\u043d\u0438\u043b\u0441\u044f \u0432\u043b\u0430\u0434\u0435\u043b\u0435\u0446 \/var\/lib\/php\/session \u0438 \u0432\u044b\u0434\u0430\u043b\u043e \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435<\/p>\n
Invalid token<\/pre>\n
\u0432 \u043b\u043e\u0433\u0430\u0445 \u0440\u0443\u0433\u0430\u043d\u044c \u043d\u0430 permission, \u0442\u0430\u043a \u043a\u0430\u043a, \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0435\u043c \u0441\u0442\u0430\u043b root:apache:<\/p>\n
2018\/08\/18 08:55:06 [error] 1786#0: *9149 FastCGI sent in stderr: \"PHP message: PHP Warning: session_start(): open(\/var\/lib\/php\/session\/sess_7p6c8kjkosj36d0lehjjr4eeg\r\n6, O_RDWR) failed: Permission denied (13) in \/home\/www\/postfixadmin\/common.php on line 26\r\nPHP message: PHP Warning: session_start(): open(\/var\/lib\/php\/session\/sess_7p6c8kjkosj36d0lehjjr4eeg6, O_RDWR) failed: Permission denied (13) in \/home\/www\/postfixadmin\r\n\/public\/login.php on line 84\" while reading response header from upstream, client: 192.168.1.1, server: tst-amo.net.ua, request: \"GET \/postfixadmin\/public\/login.php HT\r\nTP\/2.0\", upstream: \"fastcgi:\/\/unix:\/var\/run\/php-fpm\/php-fpm.sock:\", host: \"tst-amo.net.ua\"\r\n2018\/08\/18 08:55:06 [error] 1786#0: *9149 FastCGI sent in stderr: \"PHP message: PHP Warning: Unknown: open(\/var\/lib\/php\/session\/sess_7p6c8kjkosj36d0lehjjr4eeg6, O_RDW\r\nR) failed: Permission denied (13) in Unknown on line 0<\/pre>\n
\u041b\u0435\u0447\u0438\u043c:<\/p>\n
# chown -R nginx:www-data \/var\/lib\/php\/session<\/pre>\n
\u0423 \u043c\u0435\u043d\u044f \u0432\u044b\u0434\u0430\u0432\u0430\u043b\u043e \u043e\u0448\u0438\u0431\u043a\u0443 \u043d\u0430 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438 templates_c<\/em>:<\/p>\n
# mkdir postfixadmin\/templates_c\r\n# chown nginx:www-data templates_c<\/pre>\n
\u0417\u0430\u0445\u043e\u0434\u0438\u0442\u044c \u0432 \u0441\u0435\u0442\u0430\u043f:<\/p>\n
https:\/\/tst-amo.net.ua\/postfixadmin\/public\/setup.php<\/pre>\n
\u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c<\/p>\n
$CONF['setup_password'] = '422962da717c2abb5408efe.......b2fa22dd9f7d1bc01835c9e59a';<\/pre>\n
\u041f\u043e\u0441\u043b\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u0437\u0430\u0445\u043e\u0434\u0438\u043c \u0438 \u0441\u043e\u0437\u0434\u0430\u0435\u043c \u0434\u043e\u043c\u0435\u043d, \u044f\u0449\u0438\u043a\u0438 \u0438 \u0442.\u0434.<\/p>\n
https:\/\/tst-amo.net.ua\/postfixadmin\/public\/login.php<\/pre>\n
3. Postfix – \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438<\/h3>\n
\u0421\u043e\u0437\u0434\u0430\u0435\u043c \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u0433\u0440\u0443\u043f\u0443 vmail \u0441 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u043c 1024:<\/p>\n
# groupadd -g 1024 vmail<\/pre>\n
\u0430 \u043f\u043e\u0442\u043e\u043c \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0442\u0443\u0434\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f:<\/p>\n
# useradd -d \/home\/vmail -g 1024 -u 1024 vmail -m<\/pre>\n
\u0414\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u0432 \/etc\/postfix\/main.cf<\/p>\n
 ........\r\n virtual_mailbox_base = \/home\/vmail\r\n virtual_alias_maps = proxy:mysql:\/etc\/postfix\/mysql_virtual_alias_maps.cf\r\n virtual_mailbox_domains = proxy:mysql:\/etc\/postfix\/mysql_virtual_domains_maps.cf\r\n virtual_mailbox_maps = proxy:mysql:\/etc\/postfix\/mysql_virtual_mailbox_maps.cf\r\n virtual_minimum_uid = 1024\r\n virtual_uid_maps = static:1024\r\n virtual_gid_maps = static:1024\r\n\r\n# \u0422\u0440\u0430\u043d\u0441\u043f\u043e\u0440\u0442\r\nvirtual_transport = dovecot\r\ndovecot_destination_recipient_limit = 1<\/pre>\n
…..<\/p>\n
smtpd_recipient_restrictions =\r\n    check_client_access hash:\/etc\/postfix\/blacklist-IP\r\n    permit_mynetworks\r\n    permit_sasl_authenticated\r\n    check_recipient_access hash:\/etc\/postfix\/recipient-list\r\n    reject_non_fqdn_recipient\r\n    reject_unauth_destination<\/span>\r\n    reject_unknown_recipient_domain\r\n    reject_unverified_recipient\r\n    permit<\/pre>\n
\u0417\u0434\u0435\u0441\u044c \u043f\u0440\u0430\u0432\u0438\u043b\u043e reject_unauth_destination – \u0434\u043e\u043b\u0436\u043d\u043e \u0437\u0430\u043f\u0440\u0435\u0449\u0430\u0442\u044c \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 \u0440\u0435\u043b\u0435\u0439 \u0447\u0435\u0440\u0435\u0437 \u0432\u0430\u0448 \u0441\u0435\u0440\u0432\u0435\u0440<\/p>\n
\u0421\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0435 \u0441\u043b\u0443\u0436\u0435\u0431\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432:<\/p>\n
[root@tst postfix]# cat mysql_virtual_alias_maps.cf\r\nuser = postfix\r\npassword = mypassword\r\nhosts = localhost\r\ndbname = postfix\r\nquery = SELECT goto FROM alias WHERE address='%s' AND active = '1'<\/pre>\n
[root@tst postfix]# cat mysql_virtual_domains_maps.cf\r\nuser = postfix\r\npassword = mypassword\r\nhosts = localhost\r\ndbname = postfix\r\nquery = SELECT domain FROM domain WHERE domain='%u'<\/pre>\n
[root@tst postfix]# cat mysql_virtual_mailbox_maps.cf\r\nuser = postfix\r\npassword = mypassword\r\nhosts = localhost\r\ndbname = postfix\r\nquery = SELECT CONCAT(domain,'\/',maildir) FROM mailbox WHERE username='%s' AND active = '1'<\/pre>\n
[root@tst postfix]# cat access_sender\r\ntst-amo.net.ua OnlyFromMyUsers<\/pre>\n
[root@tst postfix]# cat blacklist\r\n#spam@net.ua REJECT\r\n#info@uni.ka REJECT Your e-mail was banned!\r\n#acc@tst1.pp.ua REJECT Your e-mail was banned!\r\n#s@i.ua REJECT SPAM!!!\r\n\/.*@tst-amo\\.net\\.ua\/i REJECT You are not imp.kiev.ua, this is my name!!!\r\n\r\nadvocatov.com REJECT SPAM!!!\r\nbilabonges.eu REJECT SPAM!!!\r\ncloudlite.eu REJECT SPAM!!!\r\ndeals@save.spirit-airlines.com REJECT SPAM!!!\r\ndomrike.eu REJECT SPAM!!!\r\nsaffiano-double.ru REJECT SPAM!!!\r\nwhilsacom.eu REJECT SPAM!!!<\/pre>\n
[root@tst postfix]# cat blacklist-IP\r\n1.52.38.29 REJECT Your IP is spam\r\n2.90.145.125 REJECT Your IP is spam\r\n5.235.7.171 REJECT Your IP is spam\r\n37.104.210.18 REJECT Your IP is spam\r\n37.106.204.58 REJECT Your IP is spam\r\n42.113.159.236 REJECT Your IP is spam\r\n42.116.220.21 REJECT Your IP is spam\r\n43.250.80.131 REJECT Your IP is spam\r\n45.244.118.151 REJECT Your IP is spam<\/pre>\n
[root@tst postfix]# cat header_checks\r\n# \u0414\u043b\u044f \u0441\u043f\u0430\u043c\u0430\r\n\/^X-Spam-Level:.*\\*{12,}.*\/ REDIRECT spam@uni.ka\r\n# \u0414\u043b\u044f \u0432\u043b\u043e\u0436\u0435\u043d\u0438\u0439\r\n\/^(.*)name=\\\"(.*)\\.(exe|bat|cmd|mp3)\\\"$\/ REJECT Attachment type not allowed. File \"$2\" has unacceptable extension: \"$3\"<\/pre>\n
[root@tst postfix]# cat hello_access\r\nmail.tst-amo.net.ua REJECT Don't use my server name!!!<\/pre>\n
[root@tst postfix]# cat recipient-list\r\n# For these users to receive all\r\n\/^postmaster\\@\/ OK\r\n\/^hostmaster\\@\/ OK\r\n\/^abuse\\@\/ OK\r\n\/^webmaster\\@\/ OK\r\n## Users\r\n#\/^mfint\\@\/ OK\r\n#\/^metall\\@\/ OK<\/pre>\n
[root@tst postfix]# cat whitelist\r\n#--------------- Nuzhno_IMP -----------------\r\n.nas.gov OK\r\n@nas.gov OK\r\n.domen.kiev.ua OK\r\n@domen.kiev.ua OK\r\n\r\n#--------------- Cheff other\r\n@mpiyt-shalle.4mpg.de OK\r\n.mpiyt-shalle.4mpg.de OK<\/pre>\n
 <\/p>\n
4. Amavisd-new, ClamAV<\/h3>\n
This will install amavisd-new and a bunch of dependencies, and clamav + freshclam. It will also install SpamAssassin by default.<\/p>\n
# yum install amavisd-new\u00a0clamav clamav-update freshclam<\/pre>\n
Edit amavisd.conf.<\/p>\n
# vim \/etc\/amavisd\/amavisd.conf<\/pre>\n
Change the following lines like this\u2026<\/p>\n
$mydomain = \u2018domain.com\u2019; # a convenient default for other settings\r\n$myhostname = 'mail.domain.com\u2019; # must be a fully-qualified domain name and same as reverse DNS lookup<\/pre>\n
<\/pre>\n
Make sure everything is set in postfix\u2019s configuration file master.cf<\/p>\n
# vim \/etc\/postfix\/master.cf<\/pre>\n
On top of master.cf, you should have something like\u2026<\/p>\n
smtp inet n - n - - smtpd\r\n  -o smtpd_sasl_auth_enable=yes\r\n  -o receive_override_options=no_address_mappings\r\n  -o content_filter=smtp-amavis:127.0.0.1:10024\r\n \u2026and on bottom, you should have something like\u2026<\/pre>\n
#\r\n # spam\/virus section\r\n #\r\n smtp-amavis unix - - n - 2 smtp\r\n   -o smtp_data_done_timeout=1200\r\n   -o disable_dns_lookups=yes\r\n   -o smtp_send_xforward_command=yes\r\n 127.0.0.1:10025 inet n - y - - smtpd\r\n   -o content_filter=\r\n   -o smtpd_helo_restrictions=\r\n   -o smtpd_sender_restrictions=\r\n   -o smtpd_recipient_restrictions=permit_mynetworks,reject\r\n   -o mynetworks=127.0.0.0\/8\r\n   -o smtpd_error_sleep_time=0\r\n   -o smtpd_soft_error_limit=1001\r\n   -o smtpd_hard_error_limit=1000\r\n   -o receive_override_options=no_header_body_checks\r\n   -o smtpd_helo_required=no\r\n   -o smtpd_client_restrictions=\r\n   -o smtpd_restriction_classes=\r\n   -o disable_vrfy_command=no\r\n   -o strict_rfc821_envelopes=yes<\/pre>\n
Stop the postfix daemon.<\/p>\n
# service postfix stop<\/pre>\n
Start Spamassassin, Amavisd-new and ClamAV daemons.<\/p>\n
\u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0441\u0438\u043d\u0442\u0430\u043a\u0441\u0438\u0441\u0430 Spamassassin<\/p>\n
# spamassassin --lint<\/pre>\n
\u041e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u043c \u043f\u0440\u0430\u0432\u0438\u043b\u0430 Spamassassin:<\/p>\n
# sa-update --nogpg<\/pre>\n
\u041e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u043c \u0431\u0430\u0437\u044b Spamassassin<\/p>\n
\n
\n
\n
\n
# sa-update -v<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n
# service spamassassin start\r\n# service amavisd start\u00a0\r\n# service postfix start<\/pre>\n
5. Postgrey<\/h3>\n
# yum install postgrey<\/pre>\n
smtpd_recipient_restrictions =\r\n   check_client_access hash:\/etc\/postfix\/blacklist-IP\r\n   permit_mynetworks\r\n   permit_sasl_authenticated\r\n   check_recipient_access hash:\/etc\/postfix\/recipient-list\r\n   reject_non_fqdn_recipient\r\n   reject_unauth_destination\r\n ## POSTGREY\r\n   #check_policy_service unix:\/var\/spool\/postfix\/postgrey\/socket\r\n<\/span>   check_policy_service inet:127.0.0.1:10023<\/span>\r\n ##\r\n   reject_unknown_recipient_domain\r\n   reject_unverified_recipient\r\n   permit<\/pre>\n
\u0441\u0442\u0440\u043e\u0447\u043a\u0430 \u201ccheck_policy_service unix:\/var\/spool\/postfix\/postgrey\/socket<\/span>,\u201d \u0438\u043b\u0438 “check_policy_service inet:127.0.0.1:10023<\/span>” \u0434\u043e\u043b\u0436\u043d\u0430 \u0431\u044b\u0442\u044c \u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u0440\u043e\u043f\u0438\u0441\u0430\u043d\u0430 \u043f\u043e\u0441\u043b\u0435 \u0441\u0442\u0440\u043e\u0447\u043a\u0438 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430 \u201creject_unauth_destination\u201d, \u043a\u0430\u043a \u043d\u0430 \u043f\u0440\u0438\u043c\u0435\u0440\u0435 \u0432\u044b\u0448\u0435.<\/p>\n
\u041f\u043e \u043c\u0430\u043d\u0443 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043d\u0443\u0436\u043d\u043e \u0442\u0430\u043a:<\/p>\n
# man postgrey\r\n# postgrey --inet=10023 -d\r\n\r\n# systemctl start postgrey && systemctl enable postgrey\r\n# systemctl reload postfix<\/pre>\n
6. OpenDKIM<\/h3>\n
# yum install -y opendkim<\/pre>\n
\u0413\u0435\u043d\u0435\u0440\u0438\u0440\u0443\u0435\u043c \u043a\u043b\u044e\u0447:<\/p>\n
# opendkim-genkey -D \/etc\/opendkim\/ --domain tst-amo.net.ua --selector relay\r\n# cd \/etc\/opendkim\r\n# chown :opendkim \/etc\/opendkim\/*\r\n# chmod g+r \/etc\/opendkim\/*<\/pre>\n
# cp opendkim.conf opendkim.conf_orig\r\n# cat opendkim.conf_orig | grep \"^[^#]\" > opendkim.conf<\/pre>\n
\u041f\u0440\u0430\u0432\u0438\u043c opendkim.conf \u0434\u043e \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f:<\/p>\n
[root@tst etc]# cat opendkim.conf\r\nAutoRestart Yes\r\nAutoRestartRate 10\/1h\r\nUmask 002\r\nSyslog yes\r\nSyslogSuccess Yes\r\nLogWhy Yes\r\nCanonicalization relaxed\/simple\r\nExternalIgnoreList refile:\/etc\/opendkim\/TrustedHosts\r\nInternalHosts refile:\/etc\/opendkim\/TrustedHosts\r\nKeyTable refile:\/etc\/opendkim\/KeyTable\r\nSigningTable refile:\/etc\/opendkim\/SigningTable\r\nMode sv\r\nPidFile \/var\/run\/opendkim\/opendkim.pid\r\nSignatureAlgorithm rsa-sha256\r\nUserID opendkim:opendkim\r\nSocket inet:12301@localhost<\/pre>\n
\u0421\u043e\u0437\u0434\u0430\u0435\u043c \u0441\u043b\u0443\u0436\u0435\u0431\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b:<\/p>\n
# touch \/etc\/opendkim\/TrustedHosts\r\n# touch \/etc\/opendkim\/KeyTable\r\n# touch \/etc\/opendkim\/SigningTable<\/pre>\n
\u0418\u0445 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0435:<\/p>\n
# cat \/etc\/opendkim\/KeyTable\r\n relay._domainkey.tst-amo.net.ua tst-amo.net.ua:relay:\/etc\/opendkim\/relay.private<\/pre>\n
# cat \/etc\/opendkim\/SigningTable\r\n *@tst-amo.net.ua relay._domainkey.tst-amo.net.ua<\/pre>\n
# cat \/etc\/opendkim\/TrustedHosts\r\n 127.0.0.1\r\n localhost\r\n *.tst-amo.net.ua\r\n #host.example.com\r\n #192.168.1.0\/24<\/pre>\n
\u0417\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c \u0441\u0435\u0440\u0432\u0438\u0441:<\/p>\n
# systemctl start opendkim.service\r\n# systemctl enable opendkim.service\r\n# systemctl status opendkim.service<\/pre>\n
\u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0432 main.cf \u0434\u043b\u044f Postfix<\/p>\n
# nano \/etc\/postfix\/main.cf\r\n# DKIM\r\nmilter_protocol = 2\r\nmilter_default_action = accept\r\nsmtpd_milters = inet:127.0.0.1:12301\r\nnon_smtpd_milters = $smtpd_milters\r\n\r\n# service postfix reload<\/pre>\n
\u0434\u043b\u044f BIND<\/p>\n
# nano \/var\/named\/chroot\/var\/named\/tst-amo.net.ua.zone\r\n relay._domainkey IN TXT ( \"v=DKIM1; k=rsa; \" \"p=MIGfMA0GCSqGSIb3DQEBAQUAA......k02pIg+TwIDAQAB\" )<\/pre>\n
# service named-chroot reload\r\n# service named-chroot status<\/pre>\n
\u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c.<\/p>\n
7 . Dovecot<\/h3>\n
# yum install dovecot dovecot-mysql dovecot-pigeonhole<\/pre>\n
Dovecot quota<\/h4>\n
# nano \/etc\/dovecot\/conf.d\/10-mail.conf\r\nmail_plugins = $mail_plugins quota<\/pre>\n
# nano \/etc\/dovecot\/conf.d\/20-imap.conf\r\nprotocol imap {\r\n   mail_plugins = $mail_plugins imap_quota\r\n}<\/pre>\n
# nano \/etc\/dovecot\/conf.d\/10-master.conf\r\nservice dict {\r\n    unix_listener dict {\r\n       mode = 0660\r\n       user = vmail\r\n       group = vmail\r\n    }\r\n}<\/pre>\n
# nano \/etc\/dovecot\/conf.d\/90-quota.conf\r\nplugin {\r\n    quota = dict:User quota::proxy::quota\r\n}<\/pre>\n
# nano \/etc\/dovecot\/dovecot.conf\r\ndict {\r\n    quota = mysql:\/etc\/dovecot\/dovecot-dict-sql.conf.ext\r\n}<\/pre>\n
# nano \/etc\/dovecot\/dovecot-dict-sql.conf.ext\r\nconnect = host=localhost dbname=postfix user=postfix password=mypassword\r\nmap {\r\n    pattern = priv\/quota\/storage\r\n    table = quota2\r\n    username_field = username\r\n    value_field = bytes\r\n}\r\nmap {\r\n    pattern = priv\/quota\/messages\r\n    table = quota2\r\n    username_field = username\r\n    value_field = messages\r\n}\r\nmap {\r\n    pattern = shared\/expire\/$user\/$mailbox\r\n    table = expires\r\n    value_field = expire_stamp\r\nfields {\r\n    username = $user\r\n    mailbox = $mailbox\r\n   }\r\n}<\/pre>\n
# nano \/etc\/dovecot\/dovecot-sql.conf.ext\r\n# Database driver: mysql, pgsql, sqlite\r\n driver = mysql\r\n connect = host=localhost dbname=postfix user=postfix password=mypassword\r\n default_pass_scheme = MD5-CRYPT\r\n\r\n#\r\n password_query = SELECT `username` as `user`, `password` FROM `mailbox` WHERE `username` = '%n@%d' AND `active`='1'\r\n\r\n#\r\n user_query = SELECT CONCAT('\/var\/vmail\/', `maildir`) AS \\\r\n `home`, 1024 AS `uid`, 1024 AS `gid`, concat('dict:storage=', \\\r\n CAST(ROUND(quota \/ 1024) AS CHAR), '::proxy::sqlquota') \\\r\n AS quota, CONCAT('*:storage=', CAST(quota AS CHAR), 'B') AS quota_rule \\\r\n FROM `mailbox` WHERE `username` = '%n@%d' AND `active`='1'\r\n\r\n# Query to get a list of all usernames.\r\n iterate_query = SELECT username AS user FROM mailbox<\/pre>\n
# systemctl restart dovecot<\/pre>\n
\u041f\u0440\u043e\u0441\u043c\u043e\u0442\u0440 \u043a\u0432\u043e\u0442\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f(\u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u043d\u043e \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u0432 WEB-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0435 PostfixAdmin).<\/p>\n
# doveadm quota get -u username@example.com<\/pre>\n
\u0412\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u043e\u043f\u043e\u0432\u0435\u0449\u0435\u043d\u0438\u0439 \u043f\u0440\u0438 \u043f\u0440\u0435\u0432\u044b\u0448\u0435\u043d\u0438\u0438 \u043a\u0432\u043e\u0442\u044b<\/p>\n
# nano \/etc\/dovecot\/conf.d\/90-quota.conf\r\nplugin {\r\n # LDA\/LMTP allows saving the last mail to bring user from under quota to\r\n # over quota, if the quota doesn't grow too high. Default is to allow as\r\n # long as quota will stay under 10% above the limit. Also allowed e.g. 10M.\r\n   quota_rule = *:storage=500M\r\n   quota_rule2 = Trash:storage=+100M\r\n   quota_rule3 = Junk:ignore\r\n   quota_grace = 10%%\r\n}\r\n\r\ndict {\r\n   sqlquota = mysql:\/etc\/dovecot\/dovecot-dict-sql.conf.ext\r\n }\r\n\r\n##\r\n## Quota backends\r\n##\r\n\r\n# Multiple backends are supported:\r\n# dirsize: Find and sum all the files found from mail directory.\r\n# Extremely SLOW with Maildir. It'll eat your CPU and disk I\/O.\r\n# dict: Keep quota stored in dictionary (eg. SQL)\r\n# maildir: Maildir++ quota\r\n# fs: Read-only support for filesystem quota\r\n\r\nplugin {\r\n   #quota = dirsize:User quota\r\n   quota = maildir:User quota::proxy::quota\r\n\r\n   #quota = dict:User quota::proxy::quota\r\n   #quota = fs:User quota\r\n}\r\n\r\n# Multiple quota roots are also possible, for example this gives each user\r\n# their own 100MB quota and one shared 1GB quota within the domain:\r\nplugin {\r\n   #quota = dict:user::proxy::quota\r\n   #quota2 = dict:domain:%d:proxy::quota_domain\r\n   #quota_rule = *:storage=102400\r\n   #quota2_rule = *:storage=1048576\r\n}<\/pre>\n
# nano \/etc\/dovecot\/quota-warning.sh\r\n#!\/bin\/sh\r\nPERCENT=$1\r\nUSER=$2\r\ncat << EOF | \/usr\/libexec\/dovecot\/dovecot-lda -d $USER -o \"plugin\/quota=maildir:User quota:noenforcing\"\r\nFrom: postmaster@tst-amo.net.ua\r\nSubject: quota warning\r\nContent-Type: text\/plain; charset=utf-8\r\nContent-Transfer-Encoding: 8bit\r\nTo: $USER\r\n\r\n\u0412\u043d\u0438\u043c\u0430\u043d\u0438\u0435!\r\n\u0412\u0430\u0448 \u044f\u0449\u0438\u043a \u0437\u0430\u043f\u043e\u043b\u043d\u0435\u043d \u043d\u0430 $PERCENT%.\r\n\r\nAttention!\r\nYour mailbox is now $PERCENT% full.\r\nEOF<\/pre>\n
 <\/p>\n
\"image_pdf\"<\/a>\"image_print\"<\/a><\/div>","protected":false},"excerpt":{"rendered":"
\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u044b: # cat \/etc\/hosts 127.0.0.1 localhost localhost.tst-amo.net.ua localhost4 localhost4.tst-amo.net.ua ::1 localhost localhost.tst-amo.net.ua localhost6 localhost6.tst-amo.net.ua 192.168.1.41 mail mail.tst-amo.net.ua 192.168.1.41 mail.tst-amo.net.ua. # cat \/etc\/aliases # Basic system aliases — these MUST be present. mailer-daemon: postmaster postmaster: root root: pm@tst-amo.net.ua # \u0443\u0447\u0435\u0442\u043a\u0430 \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0431\u0443\u0434\u0435\u0442 \u043f\u0435\u0440\u0435\u0441\u044b\u043b\u0430\u0442\u044c\u0441\u044f \u043f\u043e\u0447\u0442\u0430 root # General redirections for pseudo accounts. bin: root daemon: …<\/p>\n
Continue reading ‘Postfix + Dovecot + Postfixadmin + Roundcube + Postgrey + DKIM’ »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[83,18,48,131,81,89,5,12,33,47,7,126,15,90,70,71,122,97,109,63,61],"tags":[],"class_list":["post-2911","post","type-post","status-publish","format-standard","hentry","category-amavis-new","category-bind","category-centos","category-chroot","category-clamav","category-dkim","category-dns","category-dovecot","category-imap","category-linux","category-mail","category-mariadb","category-mysql","category-opendkim","category-postfix","category-postfixadmin","category-postgrey","category-quotes","category-roundcube","category-sieve","category-spamassassin"],"_links":{"self":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2911"}],"collection":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2911"}],"version-history":[{"count":13,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2911\/revisions"}],"predecessor-version":[{"id":4687,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2911\/revisions\/4687"}],"wp:attachment":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2911"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2911"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2911"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}