Mailserver

Aus Howtos und Gedankenstuetzen

Inhaltsverzeichnis 1 Installation 1.1 BerkeleyDB 1.2 Cyrus 1.2.1 Troubleshooting 1.3 Postgrey 1.4 Procmail 1.5 Perl Module für Spammassassin 1.6 Distributed Checksum Clearinghouse 1.7 Razor 1.8 Spammassassin 1.9 Rules du jour 1.10 ClamAV 2 Konfiguration 2.1 SSL Zertifikat 2.2 Cyrus-SASL 2.3 Postfix 2.4 Procmail 2.5 Spamassassin 2.6 RulesduJour 3 Testen 3.1 Aditional

Installation

 apt-get install openssl mysql-server postfix postgrey procmail spamassassin clamav

BerkeleyDB

wget irgendwas\db-4.7.25.tar.gz 
tar xfz db-4.7.25.tar.gz 
cd db-4.7.25.tar.gz 
../dist/configure --prefix=/usr/local/bdb 
make
make install
echo /usr/local/bdb/lib >> /etc/ld.so.conf 
ldconfig 

Cyrus

wget http://sunsite.rediris.es/pub/mirror/cyrus-mail/cyrus-sasl-2.1.22.tar.gz
tar xfz cyrus-sasl-2.1.22.tar.gz
cd cyrus-sasl-2.1.22
 ./configure \
--enable-anon \
--enable-plain \
--enable-login \
--enable-sql \
--disable-krb4 \
--disable-otp \
--disable-cram \
--disable-digest \
--with-saslauthd=/var/run/saslauthd \
--with-mysql=/usr/local/mysql \
--with-dblib=berkeley \
--with-bdb-libdir=/usr/local/bdb/lib \
--with-bdb-incdir=/usr/local/bdb/include \
--with-openssl=/usr/local/ssl \
--with-plugindir=/usr/local/lib/sasl2 
make
make install

mkdir -p /var/run/saslauthd
cd saslauthd
make testsaslauthd
cp testsaslauthd /usr/local/bin
ln -s /usr/local/lib/sasl2 /usr/lib/sasl2 

wget http://sunsite.rediris.es/pub/mirror/cyrus-mail/cyrus-imapd-2.2.13.tar.gz
tar xfz 
cd cyrus-imapd-2.2.8
export CPPFLAGS="-I/usr/include/et" 
./configure \
--with-sasl=/usr/local/lib \
--with-perl \
--with-auth=unix \
--with-dbdir=/usr/local/bdb \
--with-bdb-libdir=/usr/local/bdb/lib \
--with-bdb-incdir=/usr/local/bdb/include \
--with-openssl=/usr/local/ssl \
--without-ucdsnmp
make depend

• make depend verursacht Fehler (make: *** No rule to make target `depend'. Stop.) Abhilfe schafft apt-get install cyrus-imapd2.2

Troubleshooting

• In /etc/postfix/main.cf folgendes eintragen

cyrus unix - n n - - pipe flags=R user=cyrus argv=/usr/sbin/cyrdeliver -e -m ${extension} ${user}

#smtp_sasl_password_maps = hash:/etc/postfix/saslpasswd

DIVERSE FEHLER

kein IMAP POP Zugang

nano /etc/cyros.conf
lmtp    cmd="lmtpd" listen="lmtp" prefork=1

apt-get install cyrus-admin-2.2

FEHLER can't write proc file

nano /etc/imapd.conf

configdirectory: /var/imap =>=>> configdirectory: /var/lib/imap

FEHLER DBERROR

cyrus/imap[15010]: DBERROR: init() on berkeley
cyrus/imap[15010]: DBERROR: reading /var/lib/imap/db/skipstamp, assuming the worst: No such file or directory
cyrus/sieve[15007]: IOERROR: creating directory /var/lib/imap: Permission denied
cyrus/sieve[15007]: DBERROR: opening /var/lib/imap: cyrusdb error
cyrus/imap[15008]: IOERROR: creating directory /var/lib/imap: Permission denied
cyrus/imap[15008]: DBERROR: opening /var/lib/imap: cyrusdb error
cyrus/imaps[15011]: DBERROR db4: /var/lib/imap/db/__db.001: No such file or directory
cyrus/imaps[15011]: DBERROR: dbenv->open '/var/lib/imap/db' failed: No such file or directory

mkdir /var/lib/imap
mkdir /var/lib/imap/db
mkdir /var/lib/imap/socket
mkdir /var/lib/imap/proc
touch /var/lib/imap/db/skipstamp
chown cyrus:mail -R /var/lib/imap

Auth Failure

apt-get install libpam-mysql 
mkdir /var/spool/postfix/var/run/saslauthd
ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd
nano /etc/pam.d/imap
#%PAM-1.0

Postgrey

useradd filter -g mail -d /home/filter -m -s /bin/false
mkdir /var/run/postgrey/
chown -R filter:mail /var/run/postgrey/ 
mkdir /var/spool/postfix/postgrey 
chown filter:mail /var/spool/postfix/postgrey 

Procmail

wget http://www.procmail.org/procmail-3.22.tar.gz 
tar xfz procmail-3.22.tar.gz 
cd procmail-3.22 
make 
make install-suid
make install

Perl Module für Spammassassin

perl -MCPAN -eshell 

• ACHTUNG will zuerst konfiguriert werden! Bei Fehlern hier mal schauen http://systembash.com/content/change-or-remove-cpan-mirror/

innerhalb der Shell dann:

install Bundle::LWP
install ExtUtils::MakeMaker

• Das Modul MakeMaker 6.50 verursacht einen Fehler beim compilieren von Spamassasin (install Mail::SpamAssassin scheint zu helfen)

install Pod::Usage
install HTML::Parser
install HTML::Tagset
install DB_File 

• install DB_File verursacht Fehler (make had returned bad status, install seems impossible) Abhilfe schafft apt-get install libdb4.6++ libdb4.6-dbg libdb4.6-dev

install Net::DNS
install Net::Ping
install Time::HiRes
install Test::More
install Digest::SHA1
install Digest::Nilsimsa
install Digest::MD5
install Digest::HMAC
install URI
install URI::Escape
install Getopt::Long

• unbedingt folgendes Installieren damit Tls-auth geht

install Net::SSLeay

Distributed Checksum Clearinghouse

wget http://www.rhyolite.com/anti-spam/dcc/source/dcc.tar.Z 
tar xfz dcc.tar.Z 
cd dcc-1.3.102 
./configure --homedir=/usr/local/dcc 
make
make install

• in der Firewall mus Ausgehend der UDP Port 6277 geöffnet werden

Razor

apt-get install Razor

Spammassassin

wget http://mirror.serversupportforum.de/apache/spamassassin/source/Mail-SpamAssassin-3.2.5.tar.gz
tar xfz Mail-SpamAssassin-3.2.5.tar.gz
cd Mail-SpamAssassin-3.2.5
perl Makefile.PL PREFIX=/home/filter SYSCONFDIR=/etc/spamassassin/ $CFLAGS=DSPAMC_SSL 

ln -s /home/filter/bin/spamassassin /usr/bin
ln -s /home/filter/bin/spamd /usr/bin
ln -s /home/filter/bin/spamc /usr/bin
ln -s /etc/init.d/spamassassin /etc/init.d/spamd 

Rules du jour

wget http://www.wains.be/pub/rules_du_jour.gz P /etc/mail/spamassassin/ 
gunzip /etc/mail/spamassassin/rules_du_jour.gz
chmod +x /etc/mail/spamassassin/rules_du_jour 
mkdir /etc/rulesdujour/
touch /etc/rulesdujour/config 

ClamAV

wget http://prdownloads.sourceforge.net/clamav/clamav-0.94.tar.gz
tar xfz clamav-0.94.tar.gz
cd clamav-0.94.tar.gz
./configure

• verursacht Fehler (libclamunrar_iface.so.5 => not found) abhilfe schaft ./configure --disable-rpath

make
make install

crontab -e
# Spamassassin rule update
0 0 * * * /etc/mail/spamassassin/rules_du_jour
# Clam AV AV Update
0 0 * * * /usr/bin/freshclam --quiet -l /var/log/clamav.log

touch /var/log/clamav/clamav.log
chmod u+rwx /var/log/clamav/clamav.log
chown filter /var/log/clamav/clamav.log

Konfiguration

SSL Zertifikat

mkdir /etc/certs
cd /etc/cert

openssl req -new -nodes -out req.pem -keyout key.pem
openssl rsa -in key.pem -out new.key.pem
openssl x509 -in req.pem -out ca-cert -req -signkey new.key.pem -days 999

cp new.key.pem /etc/certs/key.pem
rm new.key.pem
cat ca-cert >> /etc/certs/cert.pem
rm ca-cert 

Cyrus-SASL

mkdir /usr/local/lib/sasl2/
nano /usr/local/lib/sasl2/smtpd.conf 

pwcheck_method: saslauthd
mech_list: plain login 

nano /etc/imapd.conf

postmaster: postmaster
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus
allowanonymouslogin: no
allowplaintext: yes
sasl_mech_list: PLAIN
servername: servername
autocreatequota: 10000
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
sievedir: /usr/sieve
sendmail: /usr/sbin/sendmail
sieve_maxscriptsize: 32
sieve_maxscripts: 5
#unixhierarchysep: yes
tls_ca_file: /etc/certs/cert.pem
tls_cert_file: /etc/certs/cert.pem
tls_key_file: /etc/certs/key.pem 

nano /etc/cyrus.conf

START {
 recover   cmd="ctl_cyrusdb -r"
}
SERVICES {
 imap    cmd="imapd" listen="imap" prefork=0
 imaps   cmd="imapd -s" listen="imaps" prefork=0
 pop3    cmd="pop3d" listen="pop3" prefork=0
 pop3s   cmd="pop3d -s" listen="pop3s" prefork=0
 sieve   cmd="timsieved" listen="sieve" prefork=0
 # lmtp    cmd="lmtpd" listen="lmtp" prefork=0
 lmtpunix  cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
}
EVENTS {
 checkpoint cmd="ctl_cyrusdb -c" period=30
 delprune   cmd="ctl_deliver -E 3" period=1440
 tlsprune   cmd="tls_prune" period=1440
 squatter   cmd="squatter -r user" period=1440
}

mkdir /var/imap
chown cyrus:mail /var/imap
chmod 750 /var/imap 

mkdir /var/spool/imap
chown cyrus:mail /var/spool/imap
chmod 750 /var/spool/imap 

mkdir /usr/sieve
chown cyrus:mail /usr/sieve
chmod 750 /usr/sieve 

Postfix

nano /etc/postfix/master.cf

master.cf

nano /etc/postfix/main.cf

main.cf

nano /etc/postfix/body_check

body_check

Procmail

nano /etc/procmailrc

procmail

nano /etc/postfix/master.cfg

procmail unix -    n    n    -    20    pipe
flags=R user=cyrus argv=/usr/bin/procmail -o SENDER=${sender} -m USER=${user} EXTENSION=${extension} /etc/procmailrc

Spamassassin

nano /etc/spamassassin/local.cf

local.cf

RulesduJour

nano /etc/rulesdujour/config

config

Testen

/etc/init.d/postfix start
/etc/init.d/cyrus start
/etc/init.d/postgrey start
/etc/init.d/spamd start
/etc/init.d/mysql start 

netstat -an | grep LISTEN
tcp    0    0 0.0.0.0:993     0.0.0.0:*    LISTEN
tcp    0    0 0.0.0.0:995     0.0.0.0:*    LISTEN
tcp    0    0 0.0.0.0:110     0.0.0.0:*    LISTEN
tcp    0    0 0.0.0.0:143     0.0.0.0:*    LISTEN
tcp    0    0 0.0.0.0:2000    0.0.0.0:*    LISTEN
tcp    0    0 0.0.0.0:443     0.0.0.0:*    LISTEN
tcp    0    0 127.0.0.1:3306  0.0.0.0:*    LISTEN
tcp    0    0 127.0.0.1:10024 0.0.0.0:*    LISTEN
tcp    0    0 127.0.0.1:783   0.0.0.0:*    LISTEN 

telnet localhost 25
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.testserver.de ESMTP Postfix

helo localhost
250 mail
mail from:<testing@example.com>
250 Ok
rcpt to:<someone@someserver.net>
250 Ok

data
354 End data with .
some text
.
250 Ok: queued as B58E141D33

quit 

Wenn das nicht geht unbedingt in die logfiles schauen. Dafür in /etc/postfix/master.cf

smtp      inet   n       -       -       -       -       smtpd -v

/etc/init.d/postfix restart
tail -f /var/log/mail.log

Es kann sein das man mitels:

postmap /etc/aliases

usw. die Konfigurationsdateien erstmal Postfix bekannt geben muss.

Aditional

apt-get install postfix-pcre