Serveur postfix ok! mais coté clients ...?

bjour

j’ai configuré un serveur postfix sur mon ptit domaine et tout va bien, les machines communiquent entre elles grace à thunderbird

mais j aimerais que les machines puissent aussi communiquer entre elles par une commande shell genre mail, et la je sais pas quoi faire:quand je fais mail ca envoie seulement sur la machine locale dans /var/mail/user

que faut-il installer chez les clients?

a vot bon coeur msieurs dames

hello,

En faite la commande mail est propre au serveur, en clairs tu doit créer tes comptes utilisateurs, ensuite ils se connectes sur le serveur et de la ils pourront utilisés la commande mail pour envoyer en local ou a l’exterieur grace a ton serveur postfix, j’espere avoir etait clairs. Sinon si tu veux que tes machines puissent communiquer entre elles, il faut installer un postfix sur chaque machine, donc le serveur devient client et le client devient serveur ainsi de suite.

pour etre un peu plus clair, ce qu’il faut c’est installer postfix sur les machines clientes en mode “satellite”: “Tout le courrier est envoyé à une autre machine, le « smarthost », qui le distribue. Aucun courrier n’est reçu localement.”

au fait j’avais oublié de dire que mon serveur est en imap; cette config satellite me permet ainsi de récupérer les messages sytèmes des différents clients sur thunderbird

merci

Resolu ??

Sinon pour l’envoi de mail tu as aussi “mutt” (sous debian)

#apt-get install mutt”

ensuit tu tape la commande “#mutt” et tu peux envoyer les mail ou les lire…

Au fait pour ton imap, tu as choisi quel serveur? (courier-imap?, uw-imapd?, dovecot?, …) Pourrait-tu me dire comment tu as configurer ton imap car le mien ne marche pas… :confused:

cf : http://forum.debian-fr.org/viewtopic.php?t=3391&start=0&sid=4b71ea701beed6a6704278eb11c12135

merci

j’ai installé les différents paquets relatifs à postfix cyrus sasl, mais ct un peu chaud;en gros voila ce que j’ai fait (mais j ai pas fini : sieve, spamassassin, tls, antivirus…) et une inscription gratuite à no-ip.org; bon courage :slightly_smiling:

/etc/postfix/main.cf

See /usr/share/postfix/main.cf.dist for a commented, more complete version

Debian specific: Specifying a file name will cause the first

line of that file to be used as the name. The Debian default

is /etc/mailname.

#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

appending .domain is the MUA’s job.

append_dot_mydomain = no

Uncomment the next line to generate “delayed mail” warnings

#delay_warning_time = 4h

myhostname = mail.domain.fr
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = domain.fr
mydestination = mail.domain.fr, domain.fr, localhost
mydomain = domain.fr
mynetworks = 192.168.0.0/24,127.0.0.0/8
mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp
recipient_delimiter = +
inet_interfaces = all
##################################################################
default_transport = smtp
#strict_rfc821_envelopes = no
##################################################################

reecriture adr recue par postfix de l’ext

virtual_alias_domains = oldpc.no-ip.org # firewall en entrée du réseau
virtual_alias_maps = hash:/etc/postfix/virtual
##################################################################
smtp_generic_maps = hash:/etc/postfix/generic
##################################################################

sasl

postfix.state-of-mind.de/patrick … /smtpauth/

postfix.org/SASL_README.html

/usr/share/doc/cyrus-doc-2.2/README.postfix.gz

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination

##############################################################################

/etc/postfix/master.cf

Postfix master process configuration file. For details on the format

of the file, see the Postfix master(5) manual page.

==========================================================================

service type private unpriv chroot wakeup maxproc command + args

(yes) (yes) (yes) (never) (100)

==========================================================================

smtp inet n - - - - smtpd
#submission inet n - - - - smtpd

-o smtpd_etrn_restrictions=reject

-o smtpd_client_restrictions=permit_sasl_authenticated,reject

#smtps inet n - - - - smtpd

-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes

#submission inet n - - - - smtpd

-o smtpd_etrn_restrictions=reject

-o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes

#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp

When relaying mail as backup MX, disable fallback_relay to avoid MX loops

relay unix - - - - - smtp
-o fallback_relay=

-o smtp_helo_timeout=5 -o smtp_connect_timeout=5

showq unix n - - - - showq
error unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache

====================================================================

Interfaces to non-Postfix software. Be sure to examine the manual

pages of the non-Postfix software to find out what options it wants.

Many of the following services use the Postfix pipe(8) delivery

agent. See the pipe(8) man page for information about ${recipient}

and other message envelope options.

====================================================================

maildrop. See the Postfix MAILDROP_README file for details.

Also specify in main.cf: maildrop_destination_recipient_limit=1

maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}

See the Postfix UUCP_README file for configuration details.

uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

Other external delivery methods.

ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

##############################################################################
/etc/default/saslauthd

This needs to be uncommented before saslauthd will be run automatically

START=yes

You must specify the authentication mechanisms you wish to use.

This defaults to “pam” for PAM support, but may also include

“shadow” or “sasldb”, like this:

MECHANISMS=“pam shadow”

MECHANISMS=“pam sasldb”

/etc/cyrus.conf

Debian defaults for Cyrus IMAP server/cluster implementation

see cyrus.conf(5) for more information

All the tcp services are tcpd-wrapped. see hosts_access(5)

$Id: cyrus.conf 306 2006-03-04 23:30:43Z sven $

START {
# do not delete this entry!
recover cmd="/usr/sbin/ctl_cyrusdb -r"

    # this is only necessary if using idled for IMAP IDLE
    # this is NOT to be enabled right now in Debian builds
    #idled          cmd="idled"

    # this is useful on backend nodes of a Murder cluster
    # it causes the backend to syncronize its mailbox list with
    # the mupdate master upon startup
    #mupdatepush   cmd="/usr/sbin/ctl_mboxlist -m"

    # this is recommended if using duplicate delivery suppression
    delprune        cmd="/usr/sbin/ctl_deliver -E 3"
    # this is recommended if caching TLS sessions
    tlsprune        cmd="/usr/sbin/tls_prune"

}

UNIX sockets start with a slash and are absolute paths

you can use a maxchild=# to limit the maximum number of forks of a service

you can use babysit=true and maxforkrate=# to keep tight tabs on the service

most services also accept -U (limit number of reuses) and -T (timeout)

SERVICES {
# — Normal cyrus spool, or Murder backends —
# add or remove based on preferences
imap cmd=“imapd -U 30” listen=“imap” prefork=0 maxchild=100
#imaps cmd=“imapd -s -U 30” listen=“imaps” prefork=0 maxchild=100
pop3 cmd=“pop3d -U 30” listen=“pop3” prefork=0 maxchild=50
#pop3s cmd=“pop3d -s -U 30” listen=“pop3s” prefork=0 maxchild=50
nntp cmd=“nntpd -U 30” listen=“nntp” prefork=0 maxchild=100
#nntps cmd=“nntpd -s -U 30” listen=“nntps” prefork=0 maxchild=100

    # At least one form of LMTP is required for delivery
    # (you must keep the Unix socket name in sync with imap.conf)
    #lmtp           cmd="lmtpd" listen="localhost:lmtp" prefork=0 maxchild=20
    lmtpunix        cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" prefork=0 maxchild=20
    # ----------------------------------------------

    # useful if you need to give users remote access to sieve
    # by default, we limit this to localhost in Debian
    sieve           cmd="timsieved" listen="localhost:sieve" prefork=0 maxchild=100

    # this one is needed for the notification services
    notify          cmd="notifyd" listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1

    # --- Murder frontends -------------------------
    # enable these and disable the matching services above,
    # except for sieve (which deals automatically with Murder)

    # mupdate database service - must prefork at least 1
    # (mupdate slaves)
    #mupdate       cmd="mupdate" listen=3905 prefork=1
    # (mupdate master, only one in the entire cluster)
    #mupdate       cmd="mupdate -m" listen=3905 prefork=1

    # proxies that will connect to the backends
    #imap           cmd="proxyd" listen="imap" prefork=0 maxchild=100
    #imaps          cmd="proxyd -s" listen="imaps" prefork=0 maxchild=100
    #pop3           cmd="pop3proxyd" listen="pop3" prefork=0 maxchild=50
    #pop3s          cmd="pop3proxyd -s" listen="pop3s" prefork=0 maxchild=50
    #lmtp           cmd="lmtpproxyd" listen="lmtp" prefork=1 maxchild=20
    # ----------------------------------------------

}

EVENTS {
# this is required
checkpoint cmd="/usr/sbin/ctl_cyrusdb -c" period=30

    # this is only necessary if using duplicate delivery suppression
    delprune        cmd="/usr/sbin/ctl_deliver -E 3" at=0401

    # this is only necessary if caching TLS sessions
    tlsprune        cmd="/usr/sbin/tls_prune" at=0401

    # indexing of mailboxs for server side fulltext searches

    # reindex changed mailboxes (fulltext) approximately every other hour
    #squatter_1     cmd="/usr/bin/nice -n 19 /usr/sbin/squatter -s" period=120

    # reindex all mailboxes (fulltext) daily
    #squatter_a     cmd="/usr/sbin/squatter" at=0517

}

##############################################################################

/etc/imapd.conf

Debian Cyrus imapd.conf

$Id: imapd.conf 321 2006-03-27 23:15:15Z astronut $

See imapd.conf(5) for more information and more options

Configuration directory

configdirectory: /var/lib/cyrus

Which partition to use for default mailboxes

defaultpartition: default
partition-default: /var/spool/cyrus/mail

News setup

partition-news: /var/spool/cyrus/news
newsspool: /var/spool/news

Alternate namespace

If enabled, activate the alternate namespace as documented in

/usr/share/doc/cyrus-doc-2.2/html/altnamespace.html, where an user’s

subfolders are in the same level as the INBOX

See also userprefix and sharedprefix on imapd.conf(5)

altnamespace: no

UNIX Hierarchy Convention

Set to yes, and cyrus will accept dots in names, and use the forward

slash “/” to delimit levels of the hierarchy. This is done by converting

internally all dots to “^”, and all “/” to dots. So the “rabbit.holes”

mailbox of user “helmer.fudd” is stored in “user.elmer^fud.rabbit^holes”

unixhierarchysep: no

Rejecting illegal characters in headers

Headers of RFC2882 messages must not have characters with the 8th bit

set. However, too many badly-written MUAs generate this, including most

spamware. Enable this to reject such messages.

#reject8bit: yes

Munging illegal characters in headers

Headers of RFC2882 messages must not have characters with the 8th bit

set. However, too many badly-written MUAs generate this, including most

spamware. If you kept reject8bit disabled, you can choose to leave the

crappage untouched by disabling this (if you don’t care that IMAP SEARCH

won’t work right anymore.

#munge8bit: no

Forcing recipient user to lowercase

Cyrus 2.2 is case-sensitive. If all your mail users are in lowercase, it is

probably a very good idea to set lmtp_downcase_rcpt to true. This is set by

default, per RFC2821. This was not set by default in debian versions up to

and including 2.2.12-4.

lmtp_downcase_rcpt: yes

Uncomment the following and add the space-separated users who

have admin rights for all services.

admins: cyrus

Space-separated list of users that have lmtp “admin” status (i.e. that

can deliver email through TCP/IP lmtp) in addition to those in the

admins: entry above

#lmtp_admins: postman

Space-separated list of users that have mupdate “admin” status, in

addition to those in the admins: entry above. Note that mupdate slaves and

backends in a Murder cluster need to autenticate against the mupdate master

as admin users.

#mupdate_admins: mupdateman

Space-separated list of users that have imapd “admin” status, in

addition to those in the admins: entry above

#imap_admins: cyrus

Space-separated list of users that have sieve “admin” status, in

addition to those in the admins: entry above

#sieve_admins: cyrus

List of users and groups that are allowed to proxy for other users,

seperated by spaces. Any user listed in this will be allowed to login

for any other user. Like “admins:” above, you can have imap_proxyservers

and sieve_proxyservers.

#proxyservers: cyrus

No anonymous logins

allowanonymouslogin: no

Minimum time between POP mail fetches in minutes

popminpoll: 1

If nonzero, normal users may create their own IMAP accounts by creating

the mailbox INBOX. The user’s quota is set to the value if it is positive,

otherwise the user has unlimited quota.

autocreatequota: 0

umask used by Cyrus programs

umask: 077

Sendmail binary location

DUE TO A BUG, Cyrus sends CRLF EOLs to this program. This breaks Exim 3.

For now, to work around the bug, set this to a wrapper that calls

/usr/sbin/sendmail -dropcr instead if you use Exim 3.

#sendmail: /usr/sbin/sendmail

If enabled, cyrdeliver will look for Sieve scripts in user’s home

directories: ~user/.sieve.

sieveusehomedir: false

If sieveusehomedir is false, this directory is searched for Sieve scripts.

sievedir: /var/spool/sieve

notifyd(8) method to use for “MAIL” notifications. If not set, “MAIL”

notifications are disabled. Valid methods are: null, log, zephyr

#mailnotifier: zephyr

notifyd(8) method to use for “SIEVE” notifications. If not set, “SIEVE”

notifications are disabled. This method is only used when no method is

specified in the script. Valid methods are null, log, zephyr, mailto

#sievenotifier: zephyr

DRAC (pop-before-smtp, imap-before-smtp) support

Set dracinterval to the time in minutes to call DRAC while a user is

connected to the imap/pop services. Set to 0 to disable DRAC (default)

Set drachost to the host where the rpc drac service is running

#dracinterval: 0
#drachost: localhost

If enabled, the partitions will also be hashed, in addition to the hashing

done on configuration directories. This is recommended if one partition has a

very bushy mailbox tree.

hashimapspool: true

Allow plaintext logins by default (SASL PLAIN)

allowplaintext: yes

Force PLAIN/LOGIN authentication only

(you need to uncomment this if you are not using an auxprop-based SASL

mechanism. saslauthd users, that means you!). And pay attention to

sasl_minimum_layer and allowapop below, too.

sasl_mech_list: PLAIN

Allow use of the POP3 APOP authentication command.

Note that this command requires that the plaintext passwords are

available in a SASL auxprop backend (eg. sasldb), and that the system

can provide enough entropy (eg. from /dev/urandom) to create a challenge

in the banner.

allowapop: no

The minimum SSF that the server will allow a client to negotiate. A

value of 1 requires integrity protection; any higher value requires some

amount of encryption.

sasl_minimum_layer: 0

The maximum SSF that the server will allow a client to negotiate. A

value of 1 requires integrity protection; any higher value requires some

amount of encryption.

#sasl_maximum_layer: 256

List of remote realms whose users may log in using cross-realm

authentications. Seperate each realm name by a space. A cross-realm

identity is considered any identity returned by SASL with an “@” in it.

NOTE: To support multiple virtual domains on the same interface/IP,

you need to list them all as loginreals. If you don’t list them here,

(most of) your users probably won’t be able to log in.

#loginrealms: example.com

Enable virtual domain support. If enabled, the user’s domain will

be determined by splitting a fully qualified userid at the last ‘@’

or ‘%’ symbol. If the userid is unqualified, and the virtdomains

option is set to “on”, then the domain will be determined by doing

a reverse lookup on the IP address of the incoming network

interface, otherwise the user is assumed to be in the default

domain (if set).

#virtdomains: userid

The default domain for virtual domain support

If the domain of a user can’t be taken from its login and it can’t

be determined by doing a reverse lookup on the interface IP, this

domain is used.

#defaultdomain:

SASL library options (these are handled directly by the SASL libraries,

refer to SASL documentation for an up-to-date list of these)

The mechanism(s) used by the server to verify plaintext passwords. Possible

values are “saslauthd”, “auxprop”, “pwcheck” and “alwaystrue”. They

are tried in order, you can specify more than one, separated by spaces.

Do note that, since sasl will be run as user cyrus, you may have a lot of

trouble to set this up right.

#sasl_pwcheck_method: saslauthd auxprop pwcheck
#sasl_pwcheck_method: auxprop
#sasl_pwcheck_method: pwcheck

j ajoute auxprop sinon cyradm --user cyrus localhost ne marche pas

sasl_pwcheck_method: saslauthd auxprop

What auxpropd plugins to load, if using sasl_pwcheck_method: auxprop

by default, all plugins are tried (which is probably NOT what you want).

sasl_auxprop_plugin: sasldb

If enabled, the SASL library will automatically create authentication secrets

when given a plaintext password. Refer to SASL documentation

sasl_auto_transition: no

SSL/TLS Options

File containing the global certificate used for ALL services (imap, pop3,

lmtp, sieve)

#tls_cert_file: /etc/ssl/certs/cyrus-global.pem

File containing the private key belonging to the global server certificate.

#tls_key_file: /etc/ssl/private/cyrus-global.key

File containing the certificate used for imap. If not specified, the global

certificate is used. A value of “disabled” will disable SSL/TLS for imap.

#tls_imap_cert_file: /etc/ssl/certs/cyrus-imap.pem

File containing the private key belonging to the imap-specific server

certificate. If not specified, the global private key is used. A value of

“disabled” will disable SSL/TLS for imap.

#tls_imap_key_file: /etc/ssl/private/cyrus-imap.key

File containing the certificate used for pop3. If not specified, the global

certificate is used. A value of “disabled” will disable SSL/TLS for pop3.

#tls_pop3_cert_file: /etc/ssl/certs/cyrus-pop3.pem

File containing the private key belonging to the pop3-specific server

certificate. If not specified, the global private key is used. A value of

“disabled” will disable SSL/TLS for pop3.

#tls_pop3_key_file: /etc/ssl/private/cyrus-pop3.key

File containing the certificate used for lmtp. If not specified, the global

certificate is used. A value of “disabled” will disable SSL/TLS for lmtp.

#tls_lmtp_cert_file: /etc/ssl/certs/cyrus-lmtp.pem

File containing the private key belonging to the lmtp-specific server

certificate. If not specified, the global private key is used. A value of

“disabled” will disable SSL/TLS for lmtp.

#tls_lmtp_key_file: /etc/ssl/private/cyrus-lmtp.key

File containing the certificate used for sieve. If not specified, the global

certificate is used. A value of “disabled” will disable SSL/TLS for sieve.

#tls_sieve_cert_file: /etc/ssl/certs/cyrus-sieve.pem

File containing the private key belonging to the sieve-specific server

certificate. If not specified, the global private key is used. A value of

“disabled” will disable SSL/TLS for sieve.

#tls_sieve_key_file: /etc/ssl/private/cyrus-sieve.key

File containing one or more Certificate Authority (CA) certificates.

#tls_ca_file: /etc/ssl/certs/cyrus-imapd-ca.pem

Path to directory with certificates of CAs.

tls_ca_path: /etc/ssl/certs

The length of time (in minutes) that a TLS session will be cached for later

reuse. The maximum value is 1440 (24 hours), the default. A value of 0 will

disable session caching.

tls_session_timeout: 1440

The list of SSL/TLS ciphers to allow, in decreasing order of precedence.

The format of the string is described in ciphers(1). The Debian default

selects TLSv1 high-security ciphers only, and removes all anonymous ciphers

from the list (because they provide no defense against man-in-the-middle

attacks). It also orders the list so that stronger ciphers come first.

tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH

Require a client certificate for ALL services (imap, pop3, lmtp, sieve).

#tls_require_cert: false

Require a client certificate for imap ONLY.

#tls_imap_require_cert: false

Require a client certificate for pop3 ONLY.

#tls_pop3_require_cert: false

Require a client certificate for lmtp ONLY.

#tls_lmtp_require_cert: false

Require a client certificate for sieve ONLY.

#tls_sieve_require_cert: false

Cyrus Murder cluster configuration

Set the following options to the values needed for this server to

autenticate against the mupdate master server:

mupdate_server

mupdate_port

mupdate_username

mupdate_authname

mupdate_realm

mupdate_password

mupdate_retry_delay

KEEP THESE IN SYNC WITH cyrus.conf

Unix domain socket that lmtpd listens on.

lmtpsocket: /var/run/cyrus/socket/lmtp

Unix domain socket that idled listens on.

idlesocket: /var/run/cyrus/socket/idle

Unix domain socket that the new mail notification daemon listens on.

notifysocket: /var/run/cyrus/socket/notify

Syslog prefix. Defaults to cyrus (so logging is done as cyrus/imap etc.)

syslog_prefix: cyrus

DEBUGGING

Debugging hook. See /usr/share/doc/cyrus-common-2.2/README.Debian.debug

Keep the hook disabled when it is not in use

gdb Back-traces

#debug_command: /usr/bin/gdb -batch -cd=/tmp -x /usr/lib/cyrus/get-backtrace.gdb /usr/lib/cyrus/bin/%s %d >/tmp/gdb-backtrace.cyrus.%1$s.%2$d <&- 2>&1 &

system-call traces

#debug_command: /usr/bin/strace -tt -o /tmp/strace.cyrus.%s.%d -p %2$d <&- 2>&1 &

library traces

#debug_command: /usr/bin/ltrace -tt -n 2 -o /tmp/ltrace.cyrus.%s.%d -p %2$d <&- 2>&1 &

non mais la vous deviez le sujet avec mutt, avec ton fichier de conf !

  1. “Resolu ??” oui : install postfix sur les machines clientes en mode “satellite”

  2. mutt ne m’est pas utile puisque la communication des messages sytemes des clients vers le serveur se fait par la commande mail(x)

  3. “non mais la vous deviez le sujet avec mutt, avec ton fichier de conf !” : veuillez préciser le sens de la question

(cpamoi)

donc met resolu et pour l’autre ouvre un new post !

n étant pas un pro des forums, je ne sais pas coment on “met resolu et pour l’autre ouvre un new post !”(!)

j’avais bien essayé un
"cpamoi MessagePosté le: Mar Juin 06, 2006 5:19 pm Sujet du message: résolu"
mais apparemment ct pas ça

oyez oyez forumiens : le 1er sujet est RESOLU!!! (enfin le 1er pas le 2eme :smiley: , même si le 2eme est en fait la suite d’un post précédent :confused: , qui n’a pas été lui-même résolu :open_mouth: , mais ça ne saurait tarder…)

!

Pour mettre resolu tu édite bien ton message et tu en modifie le sujet mais tu dois le faire sur le premier post :slightly_smiling: