Hello,
Déjà il semblerait que ta connexion à la base de données ne soit pas opérationnelle :
C’est un premier problème !
Ensuite quand tu fais ton telnet fais-le sur la boucle locale (127.0.0.1) tu verras ce que te renvoie la commande. Une fois que ça marchera comme ça tu verras pour le FQDN.
Les indications suivantes ne sont valables et testée qu’avec Debian 8. Pour ubuntu PAS DE GARANTIES ça devrait le faire mais voir si apparmor veut bien
Pour tes ports, il faut les ouvrir sur ta box et rediriger le 25 vers l’@IP de ta machine ainsi que le 143 (imap) le 443 et 80 (https, http). Nmap c’est bien mais à tester depuis l’extérieur (le web) ! Il faut faire du NAT, sur ton lan ce sera forcément ouvert. Mais tu veux pouvoir envoyer des mails vers l’internet…
Désactive le sasl dans un premier temps, ça sera + facile d’avancer.
Pour les paquets fais ça :
Root_pass=TON_MOT_DE_PASSE_MARIADB
echo "debconf-set-selections <<< 'mariadb-server mysql-server/root_password password ${Root_pass}'
debconf-set-selections <<< 'mariadb-server mysql-server/root_password_again password ${Root_pass}'" > /tmp/mysql
bash /tmp/mysql
rm /tmp/mysql
apt-get update && apt-get upgrade -y --force-yes
apt-get install -y --force-yes apache2 libapache2-mod-php5 php5-gd php5-mcrypt php-pear openssl postfix postfix-mysql ssl-cert courier-authdaemon courier-authlib courier-authlib-mysql courier-authlib-userdb courier-base courier-imap courier-pop gamin courier-maildrop spamassassin amavisd-new clamav-base libclamav6 clamav-daemon clamav-freshclam mariadb-server php5-mysql
Fais un
et tapes:
1. Ok
2. Site internet
3. Ok
4. Nom de domaine FQDN : srv-web-idlas.latriadedubienetre.fr
5. Ok
Ensuite il te faudra une base sql pour postfix. Je te conseille de copier tout ça dans un script que tu exécutes en tapant :
Sinon tu tapes tout mais pas d’erreur de frappe et pense à supprimer les antislash d’échappement sinon rien ne marchera !
[code]## Modifie les 2 lignes suivantes à ta convenance
Root_pass=TON_MOT_DE_PASSE_MARIADB
Postfix_pass=LE_MOT_DE_PASSE_QUI_TE_SIED
cat > /tmp/postfix_sql << EOF
GRANT ALL PRIVILEGES ON postfix.* TO “postfix”@“localhost” IDENTIFIED BY “${Postfix_pass}”;
FLUSH PRIVILEGES;
EOF
mysqladmin --user=root --password=${Root_pass} create postfix
mysql --user=root --password=${Root_pass} < /tmp/postfix_sql
rm -rf /tmp/postfix_sql
cd /tmp
echo "USE postfix;
CREATE TABLE `domaines` (
`domaine` varchar(255) NOT NULL default ‘’,
`etat` tinyint(1) NOT NULL default ‘1’,
PRIMARY KEY (`domaine`)
) ENGINE=MyISAM;
CREATE TABLE `comptes` (
`email` varchar(255) NOT NULL default ‘’,
`password` varchar(255) NOT NULL default ‘’,
`quota` int(10) NOT NULL default ‘0’,
`etat` tinyint(1) NOT NULL default ‘1’,
`imap` tinyint(1) NOT NULL default ‘1’,
`pop3` tinyint(1) NOT NULL default ‘1’,
PRIMARY KEY (`email`)
) ENGINE=MyISAM;
CREATE TABLE `alias` (
`source` varchar(255) NOT NULL default ‘’,
`destination` text NOT NULL,
`etat` tinyint(1) NOT NULL default ‘1’,
PRIMARY KEY (`source`)
) ENGINE=MyISAM;" >> tables.sql
mysql --user=root --password=${Root_pass} postfix < /tmp/tables.sql
rm -rf /tmp/tables.sql
cat > /etc/postfix/mysql-virtual_domaines.cf << EOF
hosts = 127.0.0.1
user = postfix
password = ${Postfix_pass}
dbname = postfix
select_field = 'virtual’
table = domaines
where_field = domaine
additional_conditions = AND etat=1
EOF
cat > /etc/postfix/mysql-virtual_comptes.cf << EOF
hosts = 127.0.0.1
user = postfix
password = ${Postfix_pass}
dbname = postfix
table = comptes
select_field = CONCAT(SUBSTRING_INDEX(email,’@’,-1),’/’,SUBSTRING_INDEX(email,’@’,1),’/’)
where_field = email
additional_conditions = AND etat=1
EOF
cat > /etc/postfix/mysql-virtual_aliases.cf << EOF
hosts = 127.0.0.1
user = postfix
password = ${Postfix_pass}
dbname = postfix
table = alias
select_field = destination
where_field = source
additional_conditions = AND etat=1
EOF
cat > /etc/postfix/mysql-virtual_aliases_comptes.cf << EOF
hosts = 127.0.0.1
user = postfix
password = ${Postfix_pass}
dbname = postfix
table = comptes
select_field = email
where_field = email
additional_conditions = AND etat=1
EOF
cat > /etc/postfix/mysql-virtual_quotas.cf << EOF
echo “INSERT INTO `domaines` ( `domaine` , `etat` ) VALUES (‘domainex’, ‘1’);” >> indomain.sql
sed -i “s/domainex/latriadedubienetre.fr/” /tmp/indomain.sql
mysql --user=root --password=${Root_pass} postfix < /tmp/indomain.sql
rm -rf /tmp/indomain.sql
echo “INSERT INTO `comptes` ( `email` , `password` , `quota` , `etat` , `imap` , `pop3` ) VALUES
(‘contact@domaine’, ENCRYPT( ‘pass_user1’ ) , ‘0’, ‘1’, ‘1’, ‘1’);” >> Postfix_tables2
sed -i “s/domaine/latriadedubienetre.fr/” /tmp/Postfix_tables2
sed -i “s/contact/philippe/” /tmp/Postfix_tables2
sed -i “s/pass_user1/${Postfix_pass}/” /tmp/Postfix_tables2
mysql --user=root --password=${Root_pass} postfix < /tmp/Postfix_tables2
rm -rf /tmp/Postfix_tables2[/code]
Ensuite tu ajuste un peu les droits :
groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /var/spool/vmail/ -m
Le fameux /etc/mailname :
echo srv-web-idlas.latriadedubienetre.fr > /etc/mailname
Le main.cf (dans un premier temps commente la section TLS parameters) !
[code]## On définit quelques variables :
myhostname=srv-web-idlas
A ajuster le cas échéant mais ça devrait le faire à moins que tu ne joues avec les masques
IP_network=192.168.0.0
prefixe=/24
cat > /etc/postfix/main.cf << EOF
smtpd_banner = ${myhostname} ESMTP $mail_name (Debian/GNU)
biff = no
disable_vrfy_command = yes
smtpd_helo_required = yes
TLS parameters
smtpd_tls_cert_file=/usr/lib/courier/imapd.pem
smtpd_tls_key_file=/usr/lib/courier/imapd.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_auth_only = yes
appending .domain is the MUA’s job.
append_dot_mydomain = no
Impose au client SMTP de démarrer la session SMTP par une commande Helo (ou ehlo)
smtpd_helo_required = yes
Desactive la commande SMTP VRFY. Arrête certaine technique pour avoir des adresses email
disable_vrfy_command = yes
Pour faire simple, il est conseillé d’utiliser le reverse DNS de votre serveur.
myhostname = srv-web-idlas.latriadedubienetre.fr
home_mailbox = Maildir/
myorigin = /etc/mailname
mydestination = srv-web-idlas.latriadedubienetre.fr, localhost.latriadedubienetre.fr, srv-web-idlas, localhost
relayhost =
mynetworks = 127.0.0.0/8, $IP_network$prefixe
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_aliases.cf,mysql:/etc/postfix/mysql-virtual_aliases_comptes.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_domaines.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_comptes.cf
virtual_mailbox_base = /var/spool/vmail/
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
#virtual_create_maildirsize = yes
#virtual_mailbox_extended = yes
#virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql-virtual_quotas.cf
#virtual_mailbox_limit_override = yes
#virtual_maildir_limit_message = “La boite mail de votre destinataire est pleine, merci de rééssayer plus tard.”
#virtual_overquota_bounce = yes
adresses d’expedition
smtpd_sender_restrictions =
permit_mynetworks,
warn_if_reject reject_unverified_sender
adresses de destination
smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_destination,
reject_non_fqdn_recipient
client
smtpd_client_restrictions =
permit_mynetworks
inet_protocols = all
EOF[/code]
Pour la taille des pièces jointes (ajuster la variable mailsize si besoin) :
mailsize=20
sed -i "34imessage_size_limit = $(($mailsize +1))240000" /etc/postfix/main.cf
On Ajuste encore les droits :
chgrp postfix /etc/postfix/mysql-virtual_*.cf
chmod u=rw,g=r,o= /etc/postfix/mysql-virtual_*.cf
Tu peux reboot postfix :
Et faire un premier check
Tu arrêtes postfix
la commande suivante assure la compatibilité avec le SRV pop3/imap pour la base de donnes des alias ==> l’authentification se fait au niveau du SRV pop3/imap
Tu relances postfix
/etc/init.d/postfix start
Tu créés l’arborescence pour tes utilisateurs :
Tu recharges la conf de postfix :
Voilà pour Postfix.
Pour courier :
On active le module mysql
petit backup avant de tripatouiller :
On tripatouille !!!
## Ajuster la ligne suivante en fonction de ce que tu a modifié tout à l'heure
Postfix_pass=LE_MOT_DE_PASSE_QUI_TE_SIED
cat > /etc/courier/authmysqlrc << EOF
MYSQL_SERVER localhost
MYSQL_USERNAME postfix
MYSQL_PASSWORD ${Postfix_pass}
MYSQL_PORT 0
MYSQL_DATABASE postfix
MYSQL_USER_TABLE comptes
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD 5000
MYSQL_GID_FIELD 5000
MYSQL_LOGIN_FIELD email
MYSQL_HOME_FIELD "/var/spool/vmail/"
MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
EOF[/code]
Tu relances les services courier :
[code]/etc/init.d/courier-authdaemon restart
/etc/init.d/courier-imap restart
/etc/init.d/courier-pop restart[/code]
Tu finalise l'arborescence des répertoires utilisateurs :
[code]domaine=latriadedubienetre.fr
contact=philippe
cd /var/spool/vmail/${domaine}
maildirmake ${contact}
maildirmake -f Sent ${contact}
maildirmake -f Queue ${contact}
maildirmake -f junkmail ${contact}
maildirmake -f virus ${contact}
maildirmake -f Drafts ${contact}
maildirmake -f Trash ${contact}
chown -R vmail:vmail /var/spool/vmail/[/code]
Tu crées un premier utilisateur ([b]modifie la variable pass_user !!!!!!!![/b]):
[code]cd /tmp
domaine=latriadedubienetre.fr
contact=philippe
pass_user=TON_MOT_DE_PASSE_POUR_PHILIPPE
Root_pass=TON_MOT_DE_PASSE_MARIADB
echo "INSERT INTO \`comptes\` ( \`email\` , \`password\` , \`quota\` , \`etat\` , \`imap\` , \`pop3\` ) VALUES
('contact@domaine', ENCRYPT( 'pass_user1' ) , '0', '1', '1', '1');" >> user1.sql
sed -i "s/domaine/${domaine}/" /tmp/user1.sql
sed -i "s/contact/${contact}/" /tmp/user1.sql
sed -i "s/pass_user1/$pass_user/" /tmp/user1.sql
mysql --user=root --password=${Root_pass} postfix < /tmp/user1.sql
rm -rf /tmp/user1.sql
Tu envoies ton 1er mail et tu actives l’utilisateur philippe :
[code]cat > /tmp/telnet << EOF
mail from: philippe@$latriadedubienetre.fr
rcpt to: philippe@latriadedubienetre.fr
data
Subject: Autotest
Le compte philippe@latriadedubienetre.fr est actif !
Cordialement,
La DSI de ${Domaine}
.
quit
EOF
telnet 127.0.0.1 25 < /tmp/telnet
rm -rf /tmp/telnet[/code]
Tu peux tester l’authentification :
Tu devrais avoir quelque chose comme ça (à part le Encrypted password) :
[code]Authentication succeeded.
Authenticated: philippe@latriadedubienetre.fr (uid 5000, gid 5000)
Home Directory: /var/spool/vmail/
Maildir: latriadedubienetre.fr/philippe/
Quota: (none)
Encrypted Password: ahDZHR7ytFoL6
Cleartext Password: (none)
Options: (none) [/code]
Tu peux relancer postfix
Pour Spamassassin et Amavis, Clamav j’ai un peu la flemme de détailler alors voilà :
[code]sa-update
sed -i “s|ENABLED=0|ENABLED=1|” /etc/default/spamassassin
groupadd -g 5001 spamd
useradd -u 5001 -g spamd -s /sbin/nologin -d /var/lib/spamassassin spamd
mkdir /var/lib/spamassassin 2> /tmp/err.Super
chown spamd:spamd /var/lib/spamassassin
echo “import USER
if ($LOGNAME ne “”)
{
xfilter “spamc -u $LOGNAME”
}
else
{
xfilter “spamc -u $USER”
}” >> /etc/courier/maildroprc
echo "rewrite_header Subject [***** SPAM SCORE *****]
required_score 2.0
#to be able to use SCORE we need report_safe set to 0
#If this option is set to 0, incoming spam is only modified by adding some “X-Spam-” headers and no changes will be made to the body.
report_safe 0
Enable the Bayes system
use_bayes 1
use_bayes_rules 1
Enable Bayes auto-learning
bayes_auto_learn 1
Enable or disable network checks
skip_rbl_checks 0
use_razor2 0
#use_dcc 0
use_pyzor 0" >> /etc/spamassassin/local.cf
sed -i “s|# use_bayes 1| use_bayes 1|” /etc/spamassassin/local.cf
sed -i “s|# bayes_auto_learn 1| bayes_auto_learn 1|” /etc/spamassassin/local.cf
sed -i “s|# | |” /etc/amavis/conf.d/15-content_filter_mode
sed -i “s|#------------ Do not modify anything below this line -------------||” /etc/amavis/conf.d/50-user
sed -i s"|1; # ensure a defined return||" /etc/amavis/conf.d/50-user
echo "@local_domains_acl = qw(.);
$log_level = 2;
$syslog_priority = ‘debug’;
$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.31; # add ‘spam detected’ headers at that level
$sa_kill_level_deflt = 8.0; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
$final_spam_destiny = D_PASS;
$final_spam_destiny = D_REJECT; # default
$final_spam_destiny = D_BOUNCE; # debian default
$final_spam_destiny = D_DISCARD; # ubuntu default, recommended as sender is usually faked
#------------ Do not modify anything below this line -------------
1; # ensure a defined return" >> /etc/amavis/conf.d/50-user
echo “amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
” >> /etc/postfix/master.cf
sed -i “30i-o content_filter=” /etc/postfix/master.cf
sed -i “31i-o receive_override_options=no_header_body_checks” /etc/postfix/master.cf
sed -i “s|-o content_filter=| -o content_filter=|” /etc/postfix/master.cf
sed -i “s|-o receive_override_options=no_header_body_checks| -o receive_override_options=no_header_body_checks|” /etc/postfix/master.cf
echo “content_filter = amavis:[127.0.0.1]:10024” >> /etc/postfix/main.cf
sed -i “s|#@bypass_v|@bypass_v|” /etc/amavis/conf.d/15-content_filter_mode
sed -i “s|#@bypass_spam|@bypass_spam|” /etc/amavis/conf.d/15-content_filter_mode
chown -R amavis /var/lib/amavis/tmp
usermod -a -G amavis clamav
chmod g+rx -R /var/lib/amavis/tmp
/etc/init.d/clamav-freshclam restart
/etc/init.d/clamav-daemon start
/etc/init.d/spamassassin restart
/etc/init.d/postfix restart
echo “23 4 */2 * * root /usr/bin/sa-update --no-gpg &> /dev/null” >> /etc/crontab[/code]
Si tu veux activer TLS (dé-commenter la section TLS parameter du main.cf si tu l’a commenté):
apt-get install -y courier-imap-ssl
sed -i "s|ADDRESS=0|ADDRESS=0.0.0.0|" /etc/courier/imapd
/etc/init.d/courier-imap restart ;/etc/init.d/courier-authdaemon restart; /etc/init.d/courier-imap-ssl restart; /etc/init.d/postfix restart
Voilà. Je te laisse un peu chercher pour roundcube. Fais déjà ça, on verra plus tard. Si tu galères trop, désinstalle tout et recommence. Il n’y a que ça à faire.
Courage