DaemonForums  

Go Back   DaemonForums > Miscellaneous > Guides

Guides All Guides and HOWTO's.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 9th August 2010
vermaden's Avatar
vermaden vermaden is offline
Administrator
 
Join Date: Apr 2008
Location: pl_PL.lodz
Posts: 1,052
Thanked 118 Times in 93 Posts
Cool HOWTO: simple mail server (postfix/dspam/dovecot)

Hi,

I do not have big experience in mail servers setup, so I wanted to share my current setup with You, If You have any comments, feel free to post them.

I needed a small and simple mail server and after a lot of googling I went with that setup:

Code:
postfix --> dspam --> dovecot
 [MTA]      [SPAM]     [LDA]
I do not have a problem (or at least I am not aware of it) with making these cooperate together, postfix(1) work well with SASL authentification, dovecot(1) serves well the imap/pop3 services, dspam(1) passes mails from postfix(1) into dovecot(1) properly.

Generally this setup supports virtual domains with virtual users, all with simple passwd(5) format file for authentification, mails are kept in Maildir format like that: /usr/mail/${DOMAIN}/${USER}@${DOMAIN}. Of course there is separate passwd(1) file per domain, with format as: /usr/mail/${DOMAIN}/dovecot_passwd, here is how it looks like:

/usr/mail/${DOMAIN}/dovecot_passwd
Code:
admin@domain.com:{PLAIN}password:2000:2000::/usr/mail/domain.com/admin@domain.com
virtual@domain.com:{DIGEST-MD5}22e693858f955b38b1a0cc4f13c3d8fc:2000:2000::/usr/mail/domain.com/virtual@domain.com
All mail is kept under /usr/mail dir, here is how it looks right now:
Code:
% ls -l /usr/mail
total 136
drwxr-x---  3    root  virtual      4 Aug  9 13:35 dspam/
-rw-r-----  1 virtual  virtual     80 Aug  9 13:41 dspam_transport
-rw-r-----  1 virtual  virtual  65536 Aug  6 11:36 dspam_transport.db
drwxr-x---  4 virtual  virtual      5 Aug  9 13:35 domain.com/
-rw-r-----  1 virtual  virtual    278 Aug  9 13:41 postfix_accounts
-rw-r-----  1 virtual  virtual  65536 Aug  9 13:42 postfix_accounts.db
drwxr-x---  2 virtual  virtual     11 Aug  9 13:35 scripts/

% ls -l /usr/mail/domain.com
-rw-r-----  1 virtual  virtual    277 Aug  5 11:04 dovecot_passwd
drwx------  7 virtual  virtual     13 Aug  9 13:46 admin@domain.com/
drwx------  5 virtual  virtual      9 Aug  6 11:22 virtual@domain.com/
Also, all accounts are listed (not per domain, but 'globally' in /usr/mail/postfix_accounts file, here:

/usr/mail/postfix_accounts
Code:
# mbox -----> admin@bot.pl bot.pl/admin
# maildir --> admin@bot.pl bot.pl/admin/
# FORMAT: user@domain domain/user@domain/

spam@domain.com  x
ham@domain.com   x

admin@domain.com     domain.com/admin@domain.com/
virtual@domain.com   domain.com/virtual@domain.com/
Here is the dovecot(1) configuration:

/usr/local/etc/dovecot.conf
Code:
ssl = no
disable_plaintext_auth = no

protocols = pop3 imap

protocol pop3 {
  listen = *:110
  login_processes_count = 1
  login_max_processes_count = 32
  pop3_client_workarounds = outlook-no-nuls
  }

protocol imap {
  listen = *:143
  login_processes_count = 1
  login_max_processes_count = 32
  imap_client_workarounds = outlook-idle
  }

auth default {
  mechanisms = plain login digest-md5
  userdb passwd-file {
    args = /usr/mail/%d/dovecot_passwd
    }
  passdb passwd-file {
    args = /usr/mail/%d/dovecot_passwd
    }
  socket listen {
    master {
      path  = /var/run/dovecot/auth-master
      mode  = 0660
      user  = virtual
      group = virtual
      }
    client {
      path  = /var/spool/postfix/private/auth
      mode  = 0660
      user  = postfix
      group = postfix
      }
    }
  }

mail_location      = maildir:/usr/mail/%d/%u

log_path             = /var/log/dovecot.log
info_log_path        = /var/log/dovecot_info.log
protocol lda {
  postmaster_address = admin@domain.com
  log_path = /var/log/dovecot_lda.log
  }
Here is the dspam(1) configuration:

/usr/local/etc/dspam.conf
Code:
 
Home /usr/mail/dspam
StorageDriver /usr/local/lib/dspam/libhash_drv.so
TrustedDeliveryAgent "/usr/local/libexec/dovecot/deliver -f ${sender} -d ${recipient}"

OnFail error

Trust root
Trust dspam
Trust virtual
Trust dovecot
Trust mail
Trust daemon

TrainingMode teft
TestConditionalTraining on
Feature whitelist
Algorithm graham burton
Tokenizer chain
PValue bcr
WebStats off

Preference "trainingMode=TEFT"
Preference "spamAction=quarantine"
Preference "spamSubject=[SPAM]"
Preference "statisticalSedation=5"
Preference "enableBNR=on"
Preference "enableWhitelist=on"
Preference "signatureLocation=message"
Preference "tagSpam=off"
Preference "tagNonspam=off"
Preference "showFactors=off"
Preference "optIn=off"
Preference "optOut=off"
Preference "whitelistThreshold=10"
Preference "makeCorpus=off"
Preference "storeFragments=off"
Preference "localStore="
Preference "processorBias=on"
Preference "fallbackDomain=off"
Preference "trainPristine=off"
Preference "optOutClamAV=off"
Preference "ignoreRBLLookups=off"
Preference "RBLInoculate=off"

AllowOverride enableBNR
AllowOverride enableWhitelist
AllowOverride fallbackDomain
AllowOverride ignoreGroups
AllowOverride ignoreRBLLookups
AllowOverride localStore
AllowOverride makeCorpus
AllowOverride optIn
AllowOverride optOut
AllowOverride optOutClamAV
AllowOverride processorBias
AllowOverride RBLInoculate
AllowOverride showFactors
AllowOverride signatureLocation
AllowOverride spamAction
AllowOverride spamSubject
AllowOverride statisticalSedation
AllowOverride storeFragments
AllowOverride tagNonspam
AllowOverride tagSpam
AllowOverride trainPristine
AllowOverride trainingMode
AllowOverride whitelistThreshold
AllowOverride dailyQuarantineSummary

HashRecMax              98317
HashAutoExtend          on  
HashMaxExtents          0
HashExtentSize          49157
HashPctIncrease         10
HashMaxSeek             10
HashConnectionCache     10

Notifications   off
PurgeSignatures 14
PurgeNeutral    90
PurgeUnused     90
PurgeHapaxes    30
PurgeHits1S     15
PurgeHits1I     15

LocalMX 127.0.0.1
SystemLog       on
UserLog         on
Opt out
ServerMode standard

ServerParameters        "--deliver=innocent -d %u"
ServerIdent             "mail.domain.com"
ServerDomainSocketPath  "/var/run/dspam.sock"

ProcessorURLContext on
ProcessorBias on
StripRcptDomain off
/usr/mail/dspam_transport
Code:
spam@domain.com  dspam-retrain:spam
ham@domain.com   dspam-retrain:innocent
The postfix(1) configuration:

/usr/local/etc/postfix/main.cf
Code:
queue_directory      = /var/spool/postfix
command_directory    = /usr/local/sbin
daemon_directory     = /usr/local/libexec/postfix
data_directory       = /var/db/postfix
mail_owner           = postfix
mynetworks_style     = host
sendmail_path        = /usr/local/sbin/sendmail
newaliases_path      = /usr/local/bin/newaliases
mailq_path           = /usr/local/bin/mailq
setgid_group         = maildrop
html_directory       = /usr/local/share/doc/postfix
manpage_directory    = /usr/local/man
sample_directory     = /usr/local/etc/postfix
readme_directory     = /usr/local/share/doc/postfix
mailbox_command      = /usr/local/libexec/dovecot/deliver
unknown_local_recipient_reject_code = 550

myhostname = mail.domain.com
mynetworks = 0.0.0.0/8,127.0.0.0/8

smtpd_use_tls = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_path        = private/auth
smtpd_sasl_type        = dovecot
smtpd_recipient_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_unauth_destination
broken_sasl_auth_clients = yes
strict_rfc821_envelopes = no

virtual_mailbox_domains = domain.com
virtual_mailbox_base    = /usr/mail
virtual_mailbox_maps    = hash:/usr/mail/postfix_accounts
virtual_minimum_uid     = 100
virtual_uid_maps        = static:2000
virtual_gid_maps        = static:2000
virtual_transport       = lmtp:unix:/var/run/dspam.sock
transport_maps          = hash:/usr/mail/dspam_transport
dspam_destination_recipient_limit = 1
/usr/local/etc/postfix/master.cf
Code:
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd
  -o content_filter=lmtp:unix:/var/run/dspam.sock
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
        -o smtp_fallback_relay=
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
dspam-retrain unix -    n       n       -       -       pipe
  flags=Rhq argv=/usr/local/bin/dspamc --client --mode=teft --class=${nexthop} --source=error --user ${sender}
System configuration:

/etc/rc.conf
Code:
hostname="mail.domain.com"
sshd_enable="YES"
postfix_enable="YES"
dspam_enable="YES"
dspam_pidfile="/var/run/dspam.pid"
dovecot_enable="YES"
syslogd_flags="-s -s"
sendmail_enable="NONE"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
/etc/group (important ones)
Code:
mail:*:6:postfix
mailnull:*:26:
virtual:*:2000:
dovecot:*:143:
postfix:*:125:
maildrop:*:126:
/etc/passwd (important ones)
Code:
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
virtual:*:2000:2000:virtual:/usr/mail:/usr/sbin/nologin
dovecot:*:143:143:Dovecot User:/var/empty:/usr/sbin/nologin
postfix:*:125:125:Postfix Mail System:/var/spool/postfix:/usr/sbin/nologin
My current concerns are:
-- dspam(1) daemon runs on root, it should run on its user (like dspam for example), any tips how to make the permissions?

Like I said before, any comments welcome.
__________________
religions, worst damnation of mankind
"If 386BSD had been available when I started on Linux, Linux would probably never had happened." Linus Torvalds

Linux is not UNIX! Face it! It is not an insult. It is fact: GNU is a recursive acronym for “GNU's Not UNIX”.
vermaden's: links resources deviantart spreadbsd
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix, Dovecot, spamassassin, mysql and maildrop hamba Guides 3 20th May 2010 06:40 PM
Postfix and Dovecot SMTP auth configuration hints J65nko OpenBSD Packages and Ports 0 5th February 2010 02:53 AM
Maildir with Postfix/Dovecot/procmail/mutt bsdperson FreeBSD Ports and Packages 3 8th July 2009 07:05 PM
Mail server questions Zmyrgel OpenBSD General 13 4th July 2008 01:45 PM
postfix + dovecot LDA: bounce, user unknown cbrace FreeBSD General 1 9th May 2008 05:19 PM


All times are GMT. The time now is 04:16 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick