h1. Serveur Mail tetalab

{{>toc}}

pour l'instant y a juste les fichiers de config, des commentaires à venir ~

h2. installation sous debian

h3. paquets requis : 

<pre>

ii  courier-authdaemon                0.63.0-3.1                       Courier authentication daemon

ii  courier-authlib                   0.63.0-3.1                       Courier authentication library

ii  courier-authlib-ldap              0.63.0-3.1                       LDAP support for the Courier authentication library

ii  courier-authlib-postgresql        0.63.0-3.1                       PostgreSQL support for the Courier authentication library

ii  courier-authlib-userdb            0.63.0-3.1                       userdb support for the Courier authentication library

ii  courier-base                      0.66.1-1                         Courier mail server - base system

ii  courier-imap                      4.9.1-1                          Courier mail server - IMAP server

ii  courier-imap-ssl                  4.9.1-1                          Courier mail server - IMAP over SSL

ii  courier-pop                       0.66.1-1                         Courier mail server - POP3 server

ii  courier-ssl                       0.66.1-1                         Courier mail server - SSL/TLS Support

ii  postfix                           2.8.3-1                          High-performance mail transport agent

ii  postfix-pgsql                     2.8.3-1                          PostgreSQL map support for Postfix

ii  postfixadmin                      2.3.2                            Virtual mail hosting interface for Postfix

ii  postgresql                        9.0.4-1                          object-relational SQL database (supported version)

rc  postgresql-8.4                    8.4.5-0squeeze2                  object-relational SQL database, version 8.4 server

ii  postgresql-9.0                    9.0.4-1+b1                       object-relational SQL database, version 9.0 server

ii  postgresql-client-9.0             9.0.4-1+b1                       front-end programs for PostgreSQL 9.0

ii  postgresql-client-common          118                              manager for multiple PostgreSQL client versions

ii  postgresql-common                 118                              PostgreSQL database-cluster manager

ii  postgresql-contrib                9.0.4-1                          additional facilities for PostgreSQL (supported version)

ii  postgresql-contrib-9.0            9.0.4-1+b1                       additional facilities for PostgreSQL

ii  postgrey                          1.34-1                           greylisting implementation for Postfix

ii  sasl2-bin                         2.1.24~rc1.dfsg1+cvs2011-05-23-4 Cyrus SASL - administration programs for SASL users database

ii  squirrelmail                      2:1.4.21-1                       Webmail for nuts

ii  squirrelmail-locales              1.4.18-20090526-1                Translations for the SquirrelMail Webmail package

ii  squirrelmail-viewashtml           3.8-3                            SquirrelMail plugin: View mails as HTML

</pre>

h3. config

/etc/postfix/main.cf

_attention, copier-coller de tetalab.org (derriere un nat => proxy etc...)_

<pre>

smtpd_banner = $myhostname ESMTP $mail_name

biff = no

append_dot_mydomain = no

readme_directory = no

smtp_use_tls=yes

smtpd_use_tls=yes

smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

myhostname = tetalab.org

alias_maps = hash:/etc/aliases,hash:/var/lib/mailman/data/aliases

alias_database = hash:/etc/aliases

myorigin = /etc/mailname

mydestination = web.tetalab.org, www.tetalab.org, localhost.tetalab.org, localhost

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.23.0/24

mailbox_command = procmail -a "$EXTENSION"

mailbox_size_limit = 0

recipient_delimiter = +

inet_interfaces = all

smtpd_sasl_authenticated_header = yes

smtpd_sasl_auth_enable = yes

smtp_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

broken_sasl_auth_clients = yes

smtpd_sender_restrictions = permit_sasl_authenticated

smtpd_recipient_restrictions =

        permit_mynetworks,

        permit_sasl_authenticated,

        reject_unauth_destination,

        check_policy_service inet:127.0.0.1:10023

smtp_tls_note_starttls_offer = yes

smtpd_sasl_local_domain = tetalab.org

smtp_tls_policy_maps = hash:/etc/postfix/tls_policy

smtp_tls_note_starttls_offer = yes 

smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem

smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem

smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem

smtp_tls_loglevel = 1

smtp_sasl_path = smtpd

smtpd_sasl_path = smtpd

smtp_sasl_tls_security_options = $smtpd_sasl_security_options

smtpd_sasl_tls_security_options = $smtpd_sasl_security_options

relay_domains = proxy:pgsql:/etc/postfix/pgsql/relay_domains.cf, lists.tetalab.org, lists.mixart-myrys.org, lists.toulouserb.org

virtual_alias_maps = proxy:pgsql:/etc/postfix/pgsql/virtual_alias_maps.cf

virtual_mailbox_domains = proxy:pgsql:/etc/postfix/pgsql/virtual_domain_maps.cf

virtual_mailbox_maps = proxy:pgsql:/etc/postfix/pgsql/virtual_mailbox_maps.cf

smtp_sasl_password_maps = proxy:pgsql:/etc/postfix/pgsql/virtual_mailbox_maps.cf

virtual_mailbox_base = /var/mail/vmail

virtual_mailbox_limit = 51200000

virtual_minimum_uid = 8

virtual_transport = virtual

virtual_uid_maps = static:8

virtual_gid_maps = static:8

local_transport = virtual

local_recipient_maps = $virtual_mailbox_maps

transport_maps = hash:/etc/postfix/transport

mailman_destination_recipient_limit = 1

smtp_sasl_mechanism_filter = plain, login

proxy_interfaces = 88.191.126.74

</pre>

Dans @/etc/postfix/pgsql@

*relay_domains.cf*  :

<pre>

user = postfixadmin

password = PASSWORD

hosts = localhost

dbname = postfixadmin

query = SELECT domain FROM domain WHERE domain='%s' and backupmx = true

</pre>

*virtual_alias_maps.cf*  :

<pre>

user = postfixadmin

password = PASSWORD

hosts = localhost

dbname = postfixadmin

query = SELECT goto FROM alias WHERE address='%s' AND active = true

</pre>

*virtual_domain_maps.cf*  :

<pre>

user = postfixadmin

password = PASSWORD

hosts = localhost

dbname = postfixadmin

#query = SELECT domain FROM domain WHERE domain='%s'

#optional query to use when relaying for backup MX

query = SELECT domain FROM domain WHERE domain='%s' and backupmx = false and active = true

</pre>

*virtual_mailbox_limits.cf*  :

<pre>

# Used for QUOTA!

user = postfixadmin

password = PASSWORD

hosts = localhost

dbname = postfixadmin

query = SELECT quota FROM mailbox WHERE username='%s'

</pre>

*virtual_mailbox_maps.cf*  :

<pre>

user = postfixadmin

password = PASSWORD

hosts = localhost

dbname = postfixadmin

query = SELECT maildir FROM mailbox WHERE username='%s' AND active = true

</pre>

h3. courier

Dans @/etc/courier@

*authdaemonrc*  :

<pre>

authmodulelist="authpgsql"

authmodulelistorig="authuserdb authpam authpgsql authldap authmysql authcustom authpipe"

daemons=5

authdaemonvar=/var/run/courier/authdaemon

DEBUG_LOGIN=1

DEFAULTOPTIONS=""

LOGGEROPTS=""

</pre>

*authldaprc*  :

<pre>

LDAP_URI                ldap://localhost

LDAP_PROTOCOL_VERSION   3

LDAP_BASEDN             ou=People,dc=tetalab,dc=org

LDAP_TIMEOUT            5

LDAP_MAIL               mail

LDAP_HOMEDIR            homeDirectory

LDAP_MAILDIR            mailbox

LDAP_DEFAULTDELIVERY    defaultDelivery

LDAP_FULLNAME           cn

LDAP_CLEARPW            clearPassword

LDAP_CRYPTPW            userPassword

LDAP_DEREF              never

LDAP_TLS                0

</pre>

*authpgsqlrc*  :

<pre>

PGSQL_HOST              localhost

PGSQL_PORT              5432

PGSQL_USERNAME          postfixadmin

PGSQL_PASSWORD          PASSWORD

PGSQL_DATABASE          postfixadmin

PGSQL_USER_TABLE        mailbox

PGSQL_CRYPT_PWFIELD     password

PGSQL_UID_FIELD         8

PGSQL_GID_FIELD         8

PGSQL_LOGIN_FIELD       username

PGSQL_HOME_FIELD        '/var/mail/vmail'

PGSQL_NAME_FIELD        name

PGSQL_MAILDIR_FIELD     maildir

PGSQL_QUOTA_FIELD       quota

</pre>

*imapd*  :

<pre>

ADDRESS=0

PORT=143

MAXDAEMONS=40

MAXPERIP=20

PIDFILE=/var/run/courier/imapd.pid

TCPDOPTS="-nodnslookup -noidentlookup"

LOGGEROPTS="-name=imapd"

IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE"

IMAP_KEYWORDS=1

IMAP_ACL=1

IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE"

IMAP_PROXY=0

IMAP_PROXY_FOREIGN=0

IMAP_IDLE_TIMEOUT=60

IMAP_MAILBOX_SANITY_CHECK=1

IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"

IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN"

IMAP_DISABLETHREADSORT=0

IMAP_CHECK_ALL_FOLDERS=0

IMAP_OBSOLETE_CLIENT=0

IMAP_UMASK=022

IMAP_ULIMITD=131072

IMAP_USELOCKS=1

IMAP_SHAREDINDEXFILE=/etc/courier/shared/index

IMAP_ENHANCEDIDLE=0

IMAP_TRASHFOLDERNAME=Trash

IMAP_EMPTYTRASH=Trash:7

IMAP_MOVE_EXPUNGE_TO_TRASH=0

SENDMAIL=/usr/sbin/sendmail

HEADERFROM=X-IMAP-Sender

IMAPDSTART=YES

MAILDIRPATH=Maildir

</pre>

*imapd-ssl*  :

<pre>

SSLPORT=993

SSLADDRESS=0

SSLPIDFILE=/var/run/courier/imapd-ssl.pid

SSLLOGGEROPTS="-name=imapd-ssl"

IMAPDSSLSTART=YES

IMAPDSTARTTLS=YES

IMAP_TLS_REQUIRED=0

COURIERTLS=/usr/bin/couriertls

TLS_KX_LIST=ALL

TLS_COMPRESSION=ALL

TLS_CERTS=X509

TLS_CERTFILE=/etc/courier/imapd.pem

TLS_TRUSTCERTS=/etc/ssl/certs

TLS_VERIFYPEER=NONE

TLS_CACHEFILE=/var/lib/courier/couriersslcache

TLS_CACHESIZE=524288

MAILDIRPATH=Maildir

</pre>

<pre>

</pre>

<pre>

</pre>