dokuro Posté(e) le 18 janvier 2015 Signaler Share Posté(e) le 18 janvier 2015 Il y a encore besoin d'un certain nombre de fichiers additionnels pour faire la configuration de Postfix selon le filtrage que l'on veut activer. Je veux filtrer sur une liste d'expéditeurs et de destinataires valides, afin d'éviter que le serveur serve de relai ouvert pour tout les domaines. Dans cette optique, on va créer deux fichiers qui contiendront plus ou moins la même chose. Il suffit de saisir les noms de domaines acceptés. Dans ce cas, les emails sur mondomaine.net et monautredomaine.com pourront recevoir des mails depuis partout et envoyer des emails partout. # nano /etc/postfix/access_by_recipient mondomaine.net OK monautredomaine.com OK unautredomaine.com REJECT # nano /etc/postfix/access_by_sender mondomaine.net OK monautredomaine.com OK unautredomaine.com REJECT Nous allons également éditer les alias système pour recevoir les alertes de Postfix et les messages administratifs par email. # nano /etc/aliases # /etc/aliases mailer-daemon: root postmaster: root nobody: root hostmaster: root usenet: root news: root webmaster: root www: root ftp: root abuse: root noc: root security: root root: email@mondomaine.net clamav: root On prépare ces fichiers pour être utilisés par Postfix. Si des modifications sont faites ultérieurement sur ces fichiers (ajout de domaines, alias ou autre), il sera nécessaire de les republier en saisissant la commande correspondante au fichier: # newaliases # postmap /etc/postfix/access_by_sender # postmap /etc/postfix/access_by_recipient On crée l'utilisateur et groupe vmail avec un UID et GID de 5000. Cet utilsateur aura comme dossier /var/mail/virtual qui sera donc le dossier de stockage emails # groupadd -g 5000 vmail # useradd -g vmail -u 5000 vmail -d /var/mail/virtual -m Nous avons maintenant les fichiers utiles à la configuration de Postfix. Avant de modifier les fichiers sensibles de la configuration, on en fera une copie avec un suffixe .save qui permettra si besoin de revenir à la configuration de base. On attaque par le main.cf # cp /etc/postfix/main.cf /etc/postfix/main.cf.save # nano /etc/postfix/main.cf biff = no anvil_rate_time_unit = 60s mail_name = Postfix Mail Server myhostname = ns01.mondomaine.net mydomain = mondomaine.net myorigin = $mydomain mail_owner = postfix alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydestination = ns01.mondomaine.net, localhost.mondomaine.net, localhost relayhost = notify_classes = resource, software mynetworks = 127.0.0.0/8, 91.91.91.91/32 relay_domains = recipient_delimiter = + inet_interfaces = all smtpd_banner = $myhostname ESMTP $mail_name (Debian) append_dot_mydomain = no delay_warning_time = 1h maximal_queue_lifetime = 10d mailbox_size_limit = 0 message_size_limit = 15728640 virtual_alias_maps = mysql:/etc/postfix/mysql/mysql_virtual_alias.cf virtual_mailbox_base = /var/mail/virtual virtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql_virtual_domains.cf virtual_mailbox_limit = 51200000 virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox.cf virtual_minimum_uid = 100 virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 #virtual_create_maildirsize = yes #virtual_mailbox_extended = yes #virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_limit.cf #virtual_mailbox_limit_override = yes #virtual_maildir_limit_message = Sorry, the maildir has overdrawn diskspace quota #virtual_overquota_bounce = yes# Transport par dovecot dovecot_destination_recipient_limit = 1 virtual_transport = dovecot maps_rbl_domains = relays.ordb.org, opm.blitzed.org, blackholes.easynet.nl, cbl.abuseat.org smtpd_helo_required = yes allow_untrusted_routing = no disable_vrfy_command = yes # Securite SASL smtpd_sasl_local_domain = $myhostname smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes # TLS server options smtpd_tls_security_level = may smtpd_tls_auth_only = no smtp_enforce_tls = no smtp_tls_enforce_peername = nosmtpd_tls_key_file = /etc/ssl_cert/sCA/private/server-key-cert.pem smtpd_tls_cert_file = /etc/ssl_cert/sCA/private/server-key-cert.pem smtpd_tls_CAfile = /etc/ssl_cert/sCA/certs/serverCA.crt smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache tls_random_source = dev:/dev/urandom smtpd_tls_ask_ccert = yes smtpd_tls_req_ccert = no smtpd_tls_mandatory_protocols = !SSLv2 smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 smtp_use_tls = yes smtp_tls_note_starttls_offer = no smtp_tls_loglevel = 1 smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination,check_recipient_access hash:/etc/postfix/access_by_recipient, check_sender_access hash:/etc/postfix/access_by_sender, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_non_fqdn_sender, reject_unknown_recipient_domain, reject_invalid_helo_hostname, reject_unlisted_recipient, reject_unlisted_sender, reject_non_fqdn_helo_hostname, reject_rbl_client list.dsbl.org, reject_rhsbl_sender $maps_rbl_domains, dsn.rfc-ignorant.org, reject_invalid_hostname, reject_unauth_pipelining, Passons au master.cf # cp /etc/postfix/master.cf /etc/postfix/master.cf.save # nano /etc/postfix/master.cf # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - - - - smtpdsubmission inet n - - - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes #628 inet n - - - - qmqpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - - 300 1 oqmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - - - - smtp -o smtp_fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender} # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}# Dovecot dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}# Amavis smtp-amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes Citer Lien vers le commentaire Partager sur d’autres sites More sharing options...
Messages recommandés
Rejoindre la conversation
Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.