Понадобился почтовик с SMTP и POP3 доступом на сервере с CentOS 6.
Среди всех вариантов по описанию понравилась сабжевая связка.
Ее и настроим:
1. Установим exim как SMTP сервер и dovecot для сбора почты через POP3.
1 2 |
yum install exim dovecot -y 2. Запишем <a href="http://www.note4us.com/wp-content/uploads/2012/04/mail-exim-conf.txt">начальную конфигурацию</a> для exim в файл /etc/exim/exim.conf (не забываем поправить в нем primary_hostname). |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 |
primary_hostname = domain log_selector = \ +all_parents \ +lost_incoming_connection \ +received_sender \ +received_recipients \ +tls_cipher +tls_peerdn \ +smtp_confirmation \ +smtp_syntax_error \ +smtp_protocol_error domainlist local_domains = lsearch;/etc/exim/domains hostlist relay_from_hosts = 127.0.0.1 domainlist relay_to_domains = lsearch;/etc/exim/domains exim_user = exim exim_group = exim trusted_users = apache never_users = root host_lookup = * rfc1413_hosts = * rfc1413_query_timeout = 0s ignore_bounce_errors_after = 1d timeout_frozen_after = 1d smtp_accept_max = 500 acl_smtp_rcpt = acl_check_rcpt acl_smtp_data = acl_check_data acl_smtp_mail = acl_check_sender begin acl acl_check_rcpt: accept hosts = : deny message = Restricted characters in address domains = +local_domains local_parts = ^[.] : ^.*[@%!/|] deny message = Restricted characters in address domains = !+local_domains local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ accept local_parts = postmaster verify = recipient domains = +local_domains require verify = sender accept hosts = +relay_from_hosts control = submission accept authenticated = * condition = ${if eq{${extract{5}{:}{${lookup{$authenticated_id}lsearch{/etc/exim/passwd}}}}}{no} {yes}{no}} condition = ${if eq{${extract{3}{:}{${lookup{${domain:$authenticated_id}}lsearch{/etc/exim/domains}}}}}{no} {yes}{no}} control = submission/domain= deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\\n$dnslist_text dnslists = ${readfile {/etc/exim/dnsblists}{:}} require message = relay not permitted domains = +local_domains : +relay_to_domains require verify = recipient accept acl_check_data: accept acl_check_sender: accept begin routers dnslookup: driver = dnslookup transport = remote_smtp ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 self = pass no_more disabled_domains: driver = redirect condition = ${extract{3}{:}{${lookup{$domain}lsearch{/etc/exim/domains}}}} allow_fail = yes data = :fail: Domain disabled no_more disabled_users: driver = redirect condition = ${extract{5}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/passwd}}}} allow_fail = yes data = :fail: User disabled no_more local_domains: driver = redirect data = ${quote_local_part:$local_part}@${extract{1}{:}{${lookup{$domain}lsearch{/etc/exim/domains}}}} cannot_route_message = Unknown user no_more group_aliases: driver = redirect data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/aliases}}}} condition = ${if and{\ {exists{/etc/exim4/aliases}}\ {eq {${extract{2}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/aliases}}}}} {group} }\ } {yes} {no} } redirect_router = a_dnslookup aliases: driver = redirect data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/aliases}}}} condition = ${if exists{/etc/exim/aliases} {yes} {no} } aliases_pipe: driver = accept transport = aliases_pipe condition = ${lookup {$local_part@$domain} lsearch {/etc/exim/pipe-aliases} {yes} {no} } local_users: driver = redirect condition = ${lookup {$local_part@$domain} lsearch {/etc/exim/passwd} {yes} {no} } data = $local_part@$domain redirect_router = autoreplay catchall_for_domains: driver = redirect headers_add = X-redirected: yes data = ${extract{2}{:}{${lookup{$domain}lsearch{/etc/exim/domains}}}} file_transport = local_delivery unknown_users: driver = redirect allow_fail = yes data = :fail: Unknown user no_more autoreplay: driver = accept condition = ${if exists{${extract{4}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/passwd}}}}/message.txt} {yes} {no}} retry_use_local_part transport = address_reply unseen localuser: driver = accept transport = local_delivery # Same routers without autoreplay a_dnslookup: driver = dnslookup transport = remote_smtp ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 self = pass no_more a_disabled_domains: driver = redirect condition = ${extract{3}{:}{${lookup{$domain}lsearch{/etc/exim/domains}}}} allow_fail = yes data = :fail: Domain disabled no_more a_disabled_users: driver = redirect condition = ${extract{5}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/passwd}}}} allow_fail = yes data = :fail: User disabled no_more a_local_domains: driver = redirect data = ${quote_local_part:$local_part}@${extract{1}{:}{${lookup{$domain}lsearch{/etc/exim/domains}}}} cannot_route_message = Unknown user redirect_router = a_dnslookup no_more a_aliases: driver = redirect data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/aliases}}}} condition = ${if exists{/etc/exim/aliases} {yes} {no} } redirect_router = a_dnslookup a_aliases_pipe: driver = accept transport = aliases_pipe condition = ${lookup {$local_part@$domain} lsearch {/etc/exim/pipe-aliases} {yes} {no} } a_local_users: driver = accept transport = local_delivery condition = ${lookup {$local_part@$domain} lsearch {/etc/exim/passwd} {yes} {no} } a_catchall_for_domains: driver = redirect headers_add = X-redirected: yes data = ${extract{2}{:}{${lookup{$domain}lsearch{/etc/exim/domains}}}} file_transport = local_delivery redirect_router = a_dnslookup begin transports remote_smtp: driver = smtp local_delivery: driver = appendfile file = ${extract{4}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/passwd}}}}/inbox delivery_date_add envelope_to_add return_path_add mode = 0660 quota = ${extract{3}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/passwd}}}}M quota_warn_threshold = 75% use_lockfile = no no_mode_fail_narrower user = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/passwd}}}} group = ${extract{2}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/passwd}}}} address_pipe: driver = pipe return_output aliases_pipe: driver = pipe command = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/pipe-aliases}}}} use_shell address_reply: driver = autoreply headers = ${readfile{${extract{4}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/passwd}}}}/message.txt}} to = $sender_address begin retry * * F,2h,15m; G,16h,1h,1.5; F,4d,6h begin rewrite begin authenticators login: driver = dovecot public_name = LOGIN server_socket = /var/run/dovecot/auth-client server_set_id = $1 plain: driver = dovecot public_name = PLAIN server_socket = /var/run/dovecot/auth-client server_set_id = $1 |
3. Создадим остальные конфигурационные файлы:
1 2 3 4 5 6 |
touch /etc/exim/aliases touch /etc/exim/blacklist touch /etc/exim/dnsblists touch /etc/exim/domains touch /etc/exim/pipe-aliases |
4. Запишем конфигурацию для dovecot в файл /etc/dovecot/dovecot.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
log_path = /var/log/dovecot.log login_greeting = pop3/imap service. protocols = imap pop3 auth_mechanisms = plain login cram-md5 digest-md5 service auth { unix_listener auth-client { mode = 0660 user = exim group = exim } user = root } passdb passwd-file { args = /etc/dovecot/passwd driver = passwd-file } userdb { args = /etc/dovecot/passwd driver = passwd-file } disable_plaintext_auth = no mail_privileged_group = mail first_valid_uid = 93 ssl = no mail_location = mbox:/var/mail/%d/%n |
5. Запишем скрипт для создания юзеров, например в /root/addmail.sh, не забыв сделать chmod для него:
chmod +x /bin/addmain.sh
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
#!/bin/sh mailuser=$1 pass=$2 hash=`doveadm pw -s MD5 -p $pass` user=`echo $mailuser |cut -d'@' -f1` domain=`echo $mailuser |cut -d'@' -f2` mkdir -p /var/mail/$domain/$user touch /var/mail/$domain/$user/inbox chown -R exim:exim /var/mail/$domain if ! grep $domain /etc/exim/domains >/dev/null then echo "$domain:$domain::no" >>/etc/exim/domains fi echo "$mailuser:93:93:0:/var/mail/$domain/$user:no:" >>/etc/exim/passwd echo "$mailuser:$hash:93:93::/var/mail/$domain/$user:::" >>/etc/dovecot/passwd |
Создание нового ящика будет делаться так:
1 2 |
addmail.sh mailbox@domain.com password |
6. Стартуем exim и dovecot, а также включаем их в автозагрузку:
1 2 3 4 5 |
chkconfig dovecot on chkconfig exim on service dovecot start service exim start |
7. Устанавливаем ClamAV:
1 2 3 |
yum install clamav clamav-devel clamd -y freshclam |
8. Добавляем пользователя ClamAV в группу к exim:
1 2 |
usermod -a -G exim clam |
9. Дописываем /etc/exim/exim.conf для работы с ClamAV:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
... acl_smtp_rcpt = acl_check_rcpt acl_smtp_data = acl_check_data acl_smtp_connect = acl_check_host av_scanner = clamd:/var/run/clamav/clamd.sock ... acl_check_data: deny message = This message contains malware ($malware_name) log_message = Malware found: $malware_name demime = * malware = * accept ... |
10. Стартуем ClamAV и включаем его в автозагрузку, перезагружаем exim:
1 2 3 4 |
service clamd start chkconfig clamd on service exim restart |
11. Устанавливаем SpamAssassin:
1 2 |
yum install smapassassin -y |
12. Дописываем /etc/exim/exim.conf для работы со SpamAssassin:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
... acl_smtp_rcpt = acl_check_rcpt acl_smtp_data = acl_check_data acl_smtp_connect = acl_check_host ... spamd_address = 127.0.0.1 783 ... acl_check_data: ... accept condition = ${if >={$message_size}{500k}{yes}{no}} warn message = X-SA-Score: $spam_score spam = nobody:true warn message = X-SA-Report: $spam_report spam = nobody:true condition = ${if >{$spam_score_int}{0}{true}{false}} warn message = X-SA-Status: Yes spam = nobody:true condition = ${if >{$spam_score_int}{50}{true}{false}} deny message = This message scored $spam_score spam points. spam = nobody:true condition = ${if >{$spam_score_int}{70}{true}{false}} accept ... |
13. Стартуем SpamAssassin и включаем его в автозагрузку, перезагружаем exim:
1 2 3 4 |
service spamassassin start chkconfig spamassassin on service exim restart |
14. Проверяем работоспособность нашего сервера.
1 |