Copyright (C) 2008-2021 Oliver Bohlen.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
A copy of the license is included in the section entitled "GNU Free Documentation License".
This documentation comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.
In this topic is a full featured mailserver described. I comes with SMTP/TLS (postfix), PAM-authentification (saslauthd), Mail-Scanner (AMAVISD-NEW), Spam-Scanner (spamassassin) and Virus-Scanner (ClamAV).
Think about to run "newaliases" if you change the /etc/mail/aliases file.
Insert the valid recipient an sender addresses in /etc/postfix/virtual_recipient and /etc/postfix/virtual_sender (Syntax: "emailaddress@yourdomain.tld cyrusmailboxname" - one per line). Then create postfix mappings with
postmap /etc/postfix/virtual_sender
postmap /etc/postfix/virtual_recipient
If you want to use this solution you need the following howto(s) finished:
emerge mail-mta/postfix emerge dev-libs/cyrus-sasl emerge mail-filter/amavisd-new emerge mail-filter/spamassassin emerge app-antivirus/clamav
File permissions:
Owner: root
Group: amavis
Permissions: -rw-r-----
Click here for a download of the complete file: /etc/amavisd.conf
Changed on 11.09.08Amavis Domain
$mydomain = 'example.com'; # a convenient default for other settingsAfter change
$mydomain = 'example.com'; @local_domains_maps = ( [".$mydomain", "olmusic.de", "ol-music.de", "drachenrachen.de", "sangesfolk.de", "rockfolk.de"] );
Some spamassassin settings
$sa_tag_level_deflt = -9999; $sa_kill_level_deflt = undef; $sa_dsn_cutoff_level = undef;
Deliver banned and spam mails.
$final_banned_destiny = D_PASS; $final_spam_destiny = D_PASS;
Warns the reciver of getting a mail with banned or virus content.
$warnvirusrecip = 1; $warnbannedrecip = 1; $undecipherable_subject_tag = ''; $sa_spam_subject_tag = '';
Address where virus mails are delivered to.
$virus_quarantine_to = "virus\@$mydomain"; $banned_quarantine_to = undef; $bad_header_quarantine_to = "virus\@$mydomain"; $spam_quarantine_to = undef;
ClamAV Socket settings.
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
qr/\bOK$/m, qr/\bFOUND$/m,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
File permissions:
Owner: root
Group: root
Permissions: -rw-r-----
Click here for a download of the complete file: /etc/amavisd.conf.bak
Changed on 11.09.08Deliver banned and spam mails.
#$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE) #$final_spam_destiny = D_BOUNCE; # (defaults to D_BOUNCE)After change
$final_banned_destiny = D_PASS; $final_spam_destiny = D_PASS;
Warns the reciver of getting a mail with banned or virus content.
#$warnvirusrecip = 1; # (defaults to false (undef)) #$warnbannedrecip = 1; # (defaults to false (undef))After change
$warnvirusrecip = 1; $warnbannedrecip = 1;
Address where virus mails are delivered to.
$virus_quarantine_to = 'virus-quarantine'; # traditional local quarantineAfter change
$virus_quarantine_to = "virus\@$mydomain";
Only quaranteine virus mails.
$banned_quarantine_to = 'banned-quarantine'; # local quarantine $bad_header_quarantine_to = 'bad-header-quarantine'; # local quarantine $spam_quarantine_to = 'spam-quarantine'; # local quarantineAfter change
$banned_quarantine_to = undef; $bad_header_quarantine_to = "virus\@$mydomain"; $spam_quarantine_to = undef;
Some spamassassin settings
$sa_local_tests_only = 0; # only tests which do not require internet access?
#$sa_auto_whitelist = 1; # turn on AWL in SA 2.63 or older (irrelevant
# for SA 3.0, its cf option is use_auto_whitelist)
$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger
# (less than 1% of spam is > 64k)
# default: undef, no limitations
# default values, customarily used in the @spam_*_level_maps as the last entry
$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level;
# undef is interpreted as lower than any spam level
$sa_tag2_level_deflt = 6.31;# add 'spam detected' headers at that level to
# passed mail, adding address extensions;
$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions
# at or above that level: bounce/reject/drop,
# quarantine
$sa_dsn_cutoff_level = 9; # spam level beyond which a DSN is not sent,
# effectively turning D_BOUNCE into D_DISCARD;
# undef disables this feature and is a default;
# see also $sa_quarantine_cutoff_level above, which only controls quarantining
After change$sa_local_tests_only = 0; #$sa_auto_whitelist = 1; $sa_mail_body_size_limit = 257*1024; $sa_tag_level_deflt = -99; $sa_tag2_level_deflt = 6.31; $sa_kill_level_deflt = undef; $sa_dsn_cutoff_level = undef;
ClamAV Socket settings.
# ['ClamAV-clamd',
# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
# qr/\bOK$/m, qr/\bFOUND$/m,
# qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
After change
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
qr/\bOK$/m, qr/\bFOUND$/m,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /etc/clamd.conf
Changed on 10.09.08Log ClamAV to syslog
LogSyslog yes
File permissions:
Owner: root
Group: root
Permissions: -rwxr-xr-x
Click here for a download of the complete file: /etc/cron.daily/spamassassinupdate
Changed on 15.09.14Daily Spamassassin Update
date >>/var/log/sa-update.log 2>&1 sa-update -v >>/var/log/sa-update.log 2>&1 /etc/init.d/spamd restart >>/var/log/sa-update.log 2>&1 /etc/init.d/amavisd restart >>/var/log/sa-update.log 2>&1
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /etc/crontab
Changed on 04.06.13Update Mail addresses for each User.
30 * * * * root /usr/local/sbin/mailaddresses.sh 2>&1 | ifne mail -s "Mail Adresses Update" root
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /etc/freshclam.conf
Changed on 10.09.08Log ClamAV to syslog
LogSyslog yes
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /etc/mail/aliases
Changed on 11.09.08This sends mails to root or virusadmin so the admin Users (This user has to esxist with a mailbox). Change it to your personal needs.
root: admin mailman: admin virusalert: admin
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /etc/postfix/master.cf
Changed on 10.09.08Allow Port 587 (submission)
#submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_tls_auth_only=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions=$mua_client_restrictions -o smtpd_helo_restrictions=$mua_helo_restrictions -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATINGAfter change
submission inet n - n - - smtpd -o syslog_name=postfix/submission
Allow Port 465 (smtps)
smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_security_level=encrypt -o smtpd_tls_wrappermode=yes -o smtpd_tls_auth_only=yes -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
Deliver local incoming mails to Cyrus
cyrus unix - n n - - pipe
user=cyrus argv=/usr/sbin/deliver -e -r ${sender} -m ${extension} ${user}
Receive mails scanned by amavis
# amavisd-new
postfix-policyd-spf unix - n n - 0 spawn user=nobody argv=/usr/bin/policyd-spf
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o lmtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=XXX.XXX.XXX.XXX/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
-o local_header_rewrite_clients=
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=
File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--
Click here for a download of the complete file: /etc/sasl2/smtpd.conf
Changed on 25.03.09Add LOGIN mech - Needed by some clients
mech_list: PLAINAfter change
mech_list: PLAIN LOGIN
File permissions:
Owner: root
Group: root
Permissions: -rwxr-xr-x
Click here for a download of the complete file: /usr/local/sbin/mailaddresses.sh
Changed on 04.06.13Update Mail addresses for each User.
#!/bin/bash
. /etc/profile
>/tmp/mailaddresses-$$
for i in `getent group users | cut -d: -f4 | perl -pe 's/\,/ /g'` weg
do
# Get Infos
USER=`getent passwd $i | cut -d":" -f 1`
LNAME="`getent passwd $i | cut -d':' -f 5`"
echo "$USER@example.com $USER" >>/tmp/mailaddresses-$$
LNAME=`echo "$LNAME" | tr '[A-Z]' '[a-z]' | perl -pe 's/ö/oe/g; s/ä/ae/g; s/ü/ue/g; s/ß/ss/g; s/[^a-zA-Z0-9\.]/\./g; s/\.+/\./g; s/^\.//; s/\.$//;'`
echo "$LNAME@example.com $USER" >>/tmp/mailaddresses-$$
if id $USER | grep -q '2023(dms)'
then
echo "${USER}mail@example.com ${USER}dms" >>/tmp/mailaddresses-$$
fi
done
find /tmp/mailaddresses-$$ -empty -delete
if [ -f /tmp/mailaddresses-$$ ]
then
if [ `cat /tmp/mailaddresses-$$ | wc -l` -gt 5 ]
then
cat /tmp/mailaddresses-$$ /etc/postfix/mailaddresses | sort -u > /etc/postfix/mailaddresses.tmp
cat /etc/postfix/mailaddresses.tmp >/etc/postfix/mailaddresses
postmap /etc/postfix/mailaddresses
rm /tmp/mailaddresses-$$ /etc/postfix/mailaddresses.tmp
else
echo "$0: /tmp/mailaddresses-$$ hat wegiger als 5 Zeilen: `cat /tmp/mailaddresses-$$` -> Breche Bearbeitung ab. " | mail -s "/tmp/mailaddresses-$$ hat weniger als 5 Zeilen" root
fi
else
echo "$0: Fehler beim Mailadressenupdate!!!"
fi
For starting the new service after system reboot you should add it to a runlevel with the following command(s):
rc-update add postfix rc-update add saslauthd default rc-update add amavisd rc-update add spamd rc-update add clamd default
Please send a feedback to: doc<at>gabosh.net
Howto listingHere you can find the official Gentoo Linux Forums where you can find a lot of answers.
Here a link to the official Gentoo Linux Homepage.