User anlegen mit Postfixadmin
- Ersteller ghostadmin
- Erstellt am
ghostadmin
Grand Admiral Special
★ Themenstarter ★
Ich bin grad dabei meinen Homeserver zu virtualisieren und das ganze Mailzeug in eine VM zu stecken. Eigentlich bin ich ja davon ausgegangen das das funktioniert wenn man die Config files von Wheezy nach Jessie rüber schiebt aber dem ist wohl nicht so.
Wenn man in postfixadmin einen User erstellt dann wird kein Verzeichnis angelegt, ich glaube das da irgendwas mit postfix oder gar dovecot nicht stimmt. In MySQL wird alles normal angelegt. Wenn man eine Domäne anlegt, wird auch kein Folder angelegt.
Output von postfixadmin: Mail gesendet! Die Mailbox wurde in der Mailbox-Tabelle eingetragen, aber keine (oder nur einige) der vorkonfigurierten Unterordner konnte erstellt werden (test@intern.lan)
saslfinger -s auf dem alten Host meldet:
-- mechanisms on localhost --
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
auf dem neuen Host wird nichts gemeldet
postfix meldet:
Nov 6 19:39:55 mail postfix/smtpd[1163]: connect from localhost[127.0.0.1]
Nov 6 19:39:55 mail postfix/smtpd[1163]: warning: non-SMTP command from localhost[127.0.0.1]: To: test@intern.lan
Nov 6 19:39:55 mail postfix/smtpd[1163]: disconnect from localhost[127.0.0.1]
dovecot meldet:
2014-11-06 19:39:56 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, TLS, session=<En/hBTUHeQAAAAAAAAAAAAAAAAAAAAAB>
postfixadmin config
dovecot.conf
dovecot-mysql.conf
main.cf
master.cf
/etc/postfix/sasl/smtpd.conf
--- Update ---
Narf, ich hatte in master.cf eine Raute vor submission, dann klappts auch mit saslfinger
Wenn man in postfixadmin einen User erstellt dann wird kein Verzeichnis angelegt, ich glaube das da irgendwas mit postfix oder gar dovecot nicht stimmt. In MySQL wird alles normal angelegt. Wenn man eine Domäne anlegt, wird auch kein Folder angelegt.
Output von postfixadmin: Mail gesendet! Die Mailbox wurde in der Mailbox-Tabelle eingetragen, aber keine (oder nur einige) der vorkonfigurierten Unterordner konnte erstellt werden (test@intern.lan)
saslfinger -s auf dem alten Host meldet:
-- mechanisms on localhost --
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
auf dem neuen Host wird nichts gemeldet
postfix meldet:
Nov 6 19:39:55 mail postfix/smtpd[1163]: connect from localhost[127.0.0.1]
Nov 6 19:39:55 mail postfix/smtpd[1163]: warning: non-SMTP command from localhost[127.0.0.1]: To: test@intern.lan
Nov 6 19:39:55 mail postfix/smtpd[1163]: disconnect from localhost[127.0.0.1]
dovecot meldet:
2014-11-06 19:39:56 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, TLS, session=<En/hBTUHeQAAAAAAAAAAAAAAAAAAAAAB>
postfixadmin config
Code:
<?php
/**
* Postfix Admin
*
* LICENSE
* This source file is subject to the GPL license that is bundled with
* this package in the file LICENSE.TXT.
*
* Further details on the project are available at :
* http://www.postfixadmin.com or http://postfixadmin.sf.net
*
* @version $Id: config.inc.php 935 2011-01-02 21:33:13Z christian_boltz $
* @license GNU GPL v2 or later.
*
* File: config.inc.php
* Contains configuration options.
*/
// This loads the automatic generated DB credentials from /etc/postfixadmin/dbconfig.inc.php
require_once('dbconfig.inc.php');
if (!isset($dbserver) || empty($dbserver))
$dbserver='localhost';
/*****************************************************************
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
* You have to set $CONF['configured'] = true; before the
* application will run!
* Doing this implies you have changed this file as required.
* i.e. configuring database etc; specifying setup.php password etc.
*/
$CONF['configured'] = true;
// In order to setup Postfixadmin, you MUST specify a hashed password here.
// To create the hash, visit setup.php in a browser and type a password into the field,
// on submission it will be echoed out to you as a hashed value.
$CONF['setup_password'] = 'xxx:xxx';
// Postfix Admin Path
// Set the location of your Postfix Admin installation here.
// YOU MUST ENTER THE COMPLETE URL e.g. http://domain.tld/postfixadmin
$CONF['postfix_admin_url'] = '/postfixadmin';
// shouldn't need changing.
$CONF['postfix_admin_path'] = dirname(__FILE__);
// Language config
// Language files are located in './languages', change as required..
$CONF['default_language'] = 'de';
// Database Config
// mysql = MySQL 3.23 and 4.0, 4.1 or 5
// mysqli = MySQL 4.1+
// pgsql = PostgreSQL
$CONF['database_type'] = $dbtype;
$CONF['database_host'] = $dbserver;
$CONF['database_user'] = $dbuser;
$CONF['database_password'] = $dbpass;
$CONF['database_name'] = $dbname;
// If you need to specify a different port for a MYSQL database connection, use e.g.
// $CONF['database_host'] = '172.30.33.66:3308';
// If you need to specify a different port for POSTGRESQL database connection
// uncomment and change the following
// $CONF['database_port'] = '5432';
// Here, if you need, you can customize table names.
$CONF['database_prefix'] = '';
$CONF['database_tables'] = array (
'admin' => 'admin',
'alias' => 'alias',
'alias_domain' => 'alias_domain',
'config' => 'config',
'domain' => 'domain',
'domain_admins' => 'domain_admins',
'fetchmail' => 'fetchmail',
'log' => 'log',
'mailbox' => 'mailbox',
'vacation' => 'vacation',
'vacation_notification' => 'vacation_notification',
'quota' => 'quota',
'quota2' => 'quota2',
);
// Site Admin
// Define the Site Admins email address below.
// This will be used to send emails from to create mailboxes.
$CONF['admin_email'] = 'postfixadmin@intern.lan';
// Mail Server
// Hostname (FQDN) of your mail server.
// This is used to send email to Postfix in order to create mailboxes.
$CONF['smtp_server'] = 'localhost';
$CONF['smtp_port'] = '25';
// Encrypt
// In what way do you want the passwords to be crypted?
// md5crypt = internal postfix admin md5
// md5 = md5 sum of the password
// system = whatever you have set as your PHP system default
// cleartext = clear text passwords (ouch!)
// mysql_encrypt = useful for PAM integration
// authlib = support for courier-authlib style passwords
// dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: dovecot:CRAM-MD5
$CONF['encrypt'] = 'md5';
// In what flavor should courier-authlib style passwords be enrypted?
// md5 = {md5} + base64 encoded md5 hash
// md5raw = {md5raw} + plain encoded md5 hash
// SHA = {SHA} + base64-encoded sha1 hash
// crypt = {crypt} + Standard UNIX DES-enrypted with 2-character salt
$CONF['authlib_default_flavor'] = 'md5raw';
// If you use the dovecot encryption method: where is the dovecotpw binary located?
$CONF['dovecotpw'] = "/usr/bin/doveadm pw";
// Minimum length required for passwords. Postfixadmin will not
// allow users to set passwords which are shorter than this value.
$CONF['min_password_length'] = 5;
// Generate Password
// Generate a random password for a mailbox or admin and display it.
// If you want to automagically generate paswords set this to 'YES'.
$CONF['generate_password'] = 'NO';
// Show Password
// Always show password after adding a mailbox or admin.
// If you want to always see what password was set set this to 'YES'.
$CONF['show_password'] = 'NO';
// Page Size
// Set the number of entries that you would like to see
// in one page.
$CONF['page_size'] = '10';
// Default Aliases
// The default aliases that need to be created for all domains.
$CONF['default_aliases'] = array (
'abuse' => 'abuse@change-this-to-your.domain.tld',
'hostmaster' => 'hostmaster@change-this-to-your.domain.tld',
'postmaster' => 'postmaster@change-this-to-your.domain.tld',
'webmaster' => 'webmaster@change-this-to-your.domain.tld'
);
// Mailboxes
// If you want to store the mailboxes per domain set this to 'YES'.
// Examples:
// YES: /usr/local/virtual/domain.tld/username@domain.tld
// NO: /usr/local/virtual/username@domain.tld
$CONF['domain_path'] = 'YES';
// If you don't want to have the domain in your mailbox set this to 'NO'.
// Examples:
// YES: /usr/local/virtual/domain.tld/username@domain.tld
// NO: /usr/local/virtual/domain.tld/username
// Note: If $CONF['domain_path'] is set to NO, this setting will be forced to YES.
$CONF['domain_in_mailbox'] = 'NO';
// If you want to define your own function to generate a maildir path set this to the name of the function.
// Notes:
// - this configuration directive will override both domain_path and domain_in_mailbox
// - the maildir_name_hook() function example is present below, commented out
// - if the function does not exist the program will default to the above domain_path and domain_in_mailbox settings
$CONF['maildir_name_hook'] = 'NO';
/*
maildir_name_hook example function
Called by create-mailbox.php if $CONF['maildir_name_hook'] == '<name_of_the_function>'
- allows for customized maildir paths determined by a custom function
- the example below will prepend a single-character directory to the
beginning of the maildir, splitting domains more or less evenly over
36 directories for improved filesystem performance with large numbers
of domains.
Returns: maildir path
ie. I/example.com/user/
*/
/*
function maildir_name_hook($domain, $user) {
$chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$dir_index = hexdec(substr(md5($domain), 28)) % strlen($chars);
$dir = substr($chars, $dir_index, 1);
return sprintf("%s/%s/%s/", $dir, $domain, $user);
}
*/
// Default Domain Values
// Specify your default values below. Quota in MB.
$CONF['aliases'] = '10';
$CONF['mailboxes'] = '10';
$CONF['maxquota'] = '10';
// Quota
// When you want to enforce quota for your mailbox users set this to 'YES'.
$CONF['quota'] = 'NO';
// You can either use '1024000' or '1048576'
$CONF['quota_multiplier'] = '1024000';
// Transport
// If you want to define additional transport options for a domain set this to 'YES'.
// Read the transport file of the Postfix documentation.
$CONF['transport'] = 'NO';
// Transport options
// If you want to define additional transport options put them in array below.
$CONF['transport_options'] = array (
'virtual', // for virtual accounts
'local', // for system accounts
'relay' // for backup mx
);
// Transport default
// You should define default transport. It must be in array above.
$CONF['transport_default'] = 'virtual';
// Virtual Vacation
// If you want to use virtual vacation for you mailbox users set this to 'YES'.
// NOTE: Make sure that you install the vacation module. (See VIRTUAL-VACATION/)
$CONF['vacation'] = 'NO';
// This is the autoreply domain that you will need to set in your Postfix
// transport maps to handle virtual vacations. It does not need to be a
// real domain (i.e. you don't need to setup DNS for it).
$CONF['vacation_domain'] = 'autoreply.change-this-to-your.domain.tld';
// Vacation Control
// If you want users to take control of vacation set this to 'YES'.
$CONF['vacation_control'] ='YES';
// Vacation Control for admins
// Set to 'YES' if your domain admins should be able to edit user vacation.
$CONF['vacation_control_admin'] = 'YES';
// Alias Control
// Postfix Admin inserts an alias in the alias table for every mailbox it creates.
// The reason for this is that when you want catch-all and normal mailboxes
// to work you need to have the mailbox replicated in the alias table.
// If you want to take control of these aliases as well set this to 'YES'.
// Alias control for superadmins
$CONF['alias_control'] = 'NO';
// Alias Control for domain admins
$CONF['alias_control_admin'] = 'NO';
// Special Alias Control
// Set to 'NO' if your domain admins shouldn't be able to edit the default aliases
// as defined in $CONF['default_aliases']
$CONF['special_alias_control'] = 'NO';
// Alias Goto Field Limit
// Set the max number of entries that you would like to see
// in one 'goto' field in overview, the rest will be hidden and "[and X more...]" will be added.
// '0' means no limits.
$CONF['alias_goto_limit'] = '0';
// Alias Domains
// Alias domains allow to "mirror" aliases and mailboxes to another domain. This makes
// configuration easier if you need the same set of aliases on multiple domains, but
// also requires postfix to do more database queries.
// Note: If you update from 2.2.x or earlier, you will have to update your postfix configuration.
// Set to 'NO' to disable alias domains.
$CONF['alias_domain'] = 'YES';
// Backup
// If you don't want backup tab set this to 'NO';
$CONF['backup'] = 'YES';
// Send Mail
// If you don't want sendmail tab set this to 'NO';
$CONF['sendmail'] = 'YES';
// Logging
// If you don't want logging set this to 'NO';
$CONF['logging'] = 'YES';
// Fetchmail
// If you don't want fetchmail tab set this to 'NO';
$CONF['fetchmail'] = 'YES';
// fetchmail_extra_options allows users to specify any fetchmail options and any MDA
// (it will even accept 'rm -rf /' as MDA!)
// This should be set to NO, except if you *really* trust *all* your users.
$CONF['fetchmail_extra_options'] = 'NO';
// Header
$CONF['show_header_text'] = 'NO';
$CONF['header_text'] = ':: Postfix Admin ::';
// link to display under 'Main' menu when logged in as a user.
$CONF['user_footer_link'] = "http://change-this-to-your.domain.tld/main";
// Footer
// Below information will be on all pages.
// If you don't want the footer information to appear set this to 'NO'.
$CONF['show_footer_text'] = 'YES';
$CONF['footer_text'] = 'Return to change-this-to-your.domain.tld';
$CONF['footer_link'] = 'http://change-this-to-your.domain.tld';
// Welcome Message
// This message is send to every newly created mailbox.
// Change the text between EOM.
$CONF['welcome_text'] = <<<EOM
Hi,
Welcome to your new account.
EOM;
// When creating mailboxes or aliases, check that the domain-part of the
// address is legal by performing a name server look-up.
$CONF['emailcheck_resolve_domain']='YES';
// Optional:
// Analyze alias gotos and display a colored block in the first column
// indicating if an alias or mailbox appears to deliver to a non-existent
// account. Also, display indications, for POP/IMAP mailboxes and
// for custom destinations (such as mailboxes that forward to a UNIX shell
// account or mail that is sent to a MS exchange server, or any other
// domain or subdomain you use)
// See http://www.w3schools.com/html/html_colornames.asp for a list of
// color names available on most browsers
//set to YES to enable this feature
$CONF['show_status']='NO';
//display a guide to what these colors mean
$CONF['show_status_key']='NO';
// 'show_status_text' will be displayed with the background colors
// associated with each status, you can customize it here
$CONF['show_status_text']=' ';
// show_undeliverable is useful if most accounts are delivered to this
// postfix system. If many aliases and mailboxes are forwarded
// elsewhere, you will probably want to disable this.
$CONF['show_undeliverable']='NO';
$CONF['show_undeliverable_color']='tomato';
// mails to these domains will never be flagged as undeliverable
$CONF['show_undeliverable_exceptions']=array("unixmail.domain.ext","exchangeserver.domain.ext","gmail.com");
$CONF['show_popimap']='NO';
$CONF['show_popimap_color']='darkgrey';
// you can assign special colors to some domains. To do this,
// - add the domain to show_custom_domains
// - add the corresponding color to show_custom_colors
$CONF['show_custom_domains']=array("subdomain.domain.ext","domain2.ext");
$CONF['show_custom_colors']=array("lightgreen","lightblue");
// If you use a recipient_delimiter in your postfix config, you can also honor it when aliases are checked.
// Example: $CONF['recipient_delimiter'] = "+";
// Set to "" to disable this check.
$CONF['recipient_delimiter'] = "";
// Optional:
// Script to run after creation of mailboxes.
// Note that this may fail if PHP is run in "safe mode", or if
// operating system features (such as SELinux) or limitations
// prevent the web-server from executing external scripts.
// Parameters: (1) username (2) domain (3) maildir (4) quota
// $CONF['mailbox_postcreation_script']='sudo -u courier /usr/local/bin/postfixadmin-mailbox-postcreation.sh';
// Optional:
// Script to run after alteration of mailboxes.
// Note that this may fail if PHP is run in "safe mode", or if
// operating system features (such as SELinux) or limitations
// prevent the web-server from executing external scripts.
// Parameters: (1) username (2) domain (3) maildir (4) quota
// $CONF['mailbox_postedit_script']='sudo -u courier /usr/local/bin/postfixadmin-mailbox-postedit.sh';
// Optional:
// Script to run after deletion of mailboxes.
// Note that this may fail if PHP is run in "safe mode", or if
// operating system features (such as SELinux) or limitations
// prevent the web-server from executing external scripts.
// Parameters: (1) username (2) domain
// $CONF['mailbox_postdeletion_script']='sudo -u courier /usr/local/bin/postfixadmin-mailbox-postdeletion.sh';
// Optional:
// Script to run after creation of domains.
// Note that this may fail if PHP is run in "safe mode", or if
// operating system features (such as SELinux) or limitations
// prevent the web-server from executing external scripts.
// Parameters: (1) domain
//$CONF['domain_postcreation_script']='sudo -u courier /usr/local/bin/postfixadmin-domain-postcreation.sh';
// Optional:
// Script to run after deletion of domains.
// Note that this may fail if PHP is run in "safe mode", or if
// operating system features (such as SELinux) or limitations
// prevent the web-server from executing external scripts.
// Parameters: (1) domain
// $CONF['domain_postdeletion_script']='sudo -u courier /usr/local/bin/postfixadmin-domain-postdeletion.sh';
// Optional:
// Sub-folders which should automatically be created for new users.
// The sub-folders will also be subscribed to automatically.
// Will only work with IMAP server which implement sub-folders.
// Will not work with POP3.
// If you define create_mailbox_subdirs, then the
// create_mailbox_subdirs_host must also be defined.
//
// $CONF['create_mailbox_subdirs']=array('Spam');
// $CONF['create_mailbox_subdirs_host']='localhost';
//
// Specify '' for Dovecot and 'INBOX.' for Courier.
$CONF['create_mailbox_subdirs_prefix']='';
$CONF['create_mailbox_subdirs']=array('Spam','Drafts','Sent','Trash');
$CONF['create_mailbox_subdirs_host']='localhost';
// Optional:
// Show used quotas from Dovecot dictionary backend in virtual
// mailbox listing.
// See: DOCUMENTATION/DOVECOT.txt
// http://wiki.dovecot.org/Quota/Dict
//
$CONF['used_quotas'] = 'NO';
// if you use dovecot >= 1.2, set this to yes.
// Note about dovecot config: table "quota" is for 1.0 & 1.1, table "quota2" is for dovecot 1.2 and newer
$CONF['new_quota_table'] = 'NO';
//
// Normally, the TCP port number does not have to be specified.
// $CONF['create_mailbox_subdirs_hostport']=143;
//
// If you have trouble connecting to the IMAP-server, then specify
// a value for $CONF['create_mailbox_subdirs_hostoptions']. These
// are some examples to experiment with:
// $CONF['create_mailbox_subdirs_hostoptions']=array('notls');
// $CONF['create_mailbox_subdirs_hostoptions']=array('novalidate-cert','norsh');
// See also the "Optional flags for names" table at
// http://www.php.net/manual/en/function.imap-open.php
// Theme Config
// Specify your own logo and CSS file
$CONF['theme_logo'] = 'images/logo-default.png';
$CONF['theme_css'] = 'css/default.css';
// XMLRPC Interface.
// This should be only of use if you wish to use e.g the
// Postfixadmin-Squirrelmail package
// change to boolean true to enable xmlrpc
$CONF['xmlrpc_enabled'] = false;
// If you want to keep most settings at default values and/or want to ensure
// that future updates work without problems, you can use a separate config
// file (config.local.php) instead of editing this file and override some
// settings there.
if (file_exists(dirname(__FILE__) . '/config.local.php')) {
include(dirname(__FILE__) . '/config.local.php');
}
//
// END OF CONFIG FILE
//
/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */dovecot.conf
Code:
ssl = yes
ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key
verbose_ssl = yes
log_timestamp = "%Y-%m-%d %H:%M:%S "
log_path = /var/log/dovecot.log
debug_log_path = /var/log/dovecot-debug.log
mail_debug = yes
# protocol imaps is obsolete
protocols = imap
mail_location = maildir:/var/vmail/%d/%n/Maildir
## uncomment this if you already have email from
## courier for instance.
#namespace private {
# separator = .
# prefix = INBOX.
# inbox = yes
#}
protocol lda {
# Address to use when sending rejection mails.
postmaster_address = postmaster@example.com
# Hostname to use in various parts of sent mails, eg. in Message-Id.
# Default is the system's real hostname.
#hostname =
# Support for dynamically loadable plugins. mail_plugins is a space separated
# list of plugins to load.
#mail_plugins =
#mail_plugin_dir = /usr/lib/dovecot/modules/lda
# Binary to use for sending mails.
#sendmail_path = /usr/lib/sendmail
# UNIX socket path to master authentication server to find users.
auth_socket_path = /var/run/dovecot/auth-master
# Enabling Sieve plugin for server-side mail filtering
# handy for storing spam in their folders
#mail_plugins = cmusieve
#global_script_path = /var/vmail/globalsieverc
}
## to look for users in the DB
passdb {
# Path for SQL configuration file, see /etc/dovecot/dovecot-sql.conf for example
args = /etc/dovecot/dovecot-mysql.conf
driver = sql
}
## and add this so dovecot does not deal with uid/gid
## we use uid and gid 5000 for everybody
# userdb static {
# args = uid=5000 gid=5000 home=/home/vmail/%d/%n allow_all_users=yes
# }
userdb {
args = /etc/dovecot/dovecot-mysql.conf
driver = sql
}
service auth {
unix_listener /var/spool/postfix/private/auth_dovecot {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-master {
mode = 0600
user = vmail
}
}
auth_mechanisms = plain login
auth_debug = yes
auth_verbose = yesdovecot-mysql.conf
Code:
driver = mysql
connect = host=localhost dbname=postfixdb user=postfix password=pass
default_pass_scheme = PLAIN-MD5
password_query = SELECT password FROM mailbox WHERE username = '%u'
user_query = SELECT CONCAT('maildir:/var/vmail/',maildir) AS mail, 5000 AS uid, 5000 AS gid FROM mailbox WHERE username = '%u'main.cf
Code:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# use postconf -n to dump config
# postalias /etc/aliases for new alias.db (non virtual)
# postmap /etc/postfix/file for new hash i.e. sender_login_maps (non virtual)
disable_vrfy_command = yes
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# use postconf -n to dump config
# postalias /etc/aliases for new alias.db (non virtual)
# postmap /etc/postfix/file for new hash i.e. sender_login_maps (non virtual)
disable_vrfy_command = yes
#smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_banner = $myhostname ESMTP Exchange Server 2003 (Microsoft Windows 2003)
#biff = no
# appending .domain is the MUA's job.
#append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
delay_warning_time = 4h
#readme_directory = no
# SMTP
# TLS parameters
smtp_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtp_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtp_tls_security_level = may
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_use_tls = yes
#smtp_enforce_tls = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
smtp_sender_dependent_authentication = yes
smtp_sasl_path = smtpd
smtp_sasl_mechanism_filter = plain, login
broken_sasl_auth_clients = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level = may
#smtpd_use_tls = yes #deprecated
#smtpd_enforce_tls = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth_dovecot
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
#dovecot lda with postfix
#mailbox_command = /usr/lib/dovecot/deliver
#sender_canonical_maps is used when local user should send as an external mail, postfix will modify the FROM address
#is not used for virtual domains?
sender_canonical_maps = hash:/etc/postfix/sender_canonical
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
# sender login maps are used when users need to send mail in others name i.e. bob@local wants to send as dave@local
# mysql_sender_login_maps.cf doesnt work when internal and external users (canonical mapping) are used and when for example reject_sender_login_mismatch is enabled
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql_sender_login_maps.cf
# enable next line when above doesnt work or sql is not needed (non mysql, file has to be edited manually)
# file has syntax: mailaddress | tls username
#smtpd_sender_login_maps = hash:/etc/postfix/sender_login_maps
# ACL UCE restrictions
# postfix.org/postconf.5.html
#smtpd_relay_restrictions #relay control that postfix applies in the context of the RCPT TO command
#default: permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
# checks if mail recipient RCPT TO is valid (rules are applied after smtpd_relay_restrictions)
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination #reject if the mail doesnt belong to us
# checks if MAIL FROM is valid, do not enable (reject_unknown_sender_domain reject_rhsbl_sender dsn.rfc-ignorant.org) when this server fetches mails from other mail server (when our server not directly gets mail)
# reject_sender_login_mismatch makes problem when virtual users are used
smtpd_sender_restrictions = permit_mynetworks
# mail client, client connection request, is default empty
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_pipelining,
reject_unauth_destination,
reject_rbl_client ix.dnsbl.menitu.net,
reject_rbl_client zen.spamhaus.org,
reject_rcl_client bl.spamcop.net,
reject
# helo client response
smtpd_helo_restrictions = reject_invalid_helo_hostname
smtpd_helo_required = yes
## General
# when using virtual users, some options are to be disabled like spool, alias, myorigin
#queue_directory = /var/spool/postfix
#mail_spool_directory = /var/mail
mail_owner = postfix
#myhostname is here used as domain for local system mails
#myhostname = server.intern.lan
#mydomain used for system mails from root user
mydomain = intern.lan
# next line to avoid nis errors
alias_maps =
#alias_maps = hash:/etc/aliases
#alias_database = hash:/etc/aliases
#myorigin specify either myhostname or mydomain
myorigin = $mydomain
#mydestination: do no list same domain as in virtual mailbox domain
#mydestination =
#relay_domains = $mydestination
#relayhost = [smtp.gmail.com]:587
mynetworks = 192.168.2.0/24, 127.0.0.0/8
mailbox_size_limit = 0
message_size_limit = 0
#message_size_limit = 10485760
# next line has to match with amavis
recipient_delimiter = +
inet_interfaces = 127.0.0.1
## Virtual users
#alias domains=hosted domains where each recipient address is aliased to a local UNIX system account or to a remote address
virtual_alias_domains = system.intern.lan
#virtual alias maps=hosted domains where each recipient address can have its own mailbox and where users do not need to have a UNIX system account
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_base = /var/vmail/
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
#virtual_mailbox_limit = 112400000
virtual_mailbox_limit = 0
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 104
#virtual_transport = virtual
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
## Amavis (Spamassassin,ClamAV)
content_filter=smtp-amavis:[127.0.0.1]:10024
# set next line when using amavis otherwise forward to alias will work 2times
receive_override_options = no_address_mappingsmaster.cf
Code:
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd
#submission inet n - - - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
-o content_filter=
-o receive_override_options=no_header_body_checks
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}
smtp-amavis unix - - n - 2 lmtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
# -o smtpd_end_od_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1001
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks/etc/postfix/sasl/smtpd.conf
Code:
pwcheck_method: saslauth
mech_list: PLAIN LOGIN
saslauthd_path: /var/run/saslauthd/mux--- Update ---
Narf, ich hatte in master.cf eine Raute vor submission, dann klappts auch mit saslfinger
Zuletzt bearbeitet:
ghostadmin
Grand Admiral Special
★ Themenstarter ★
Hat jemand Roundcube mit TLS zum laufen gebracht? Bei mir will der immer SSLv3 verwenden.
Wenigstens geht StartTLS
Wenigstens geht StartTLS
tomturbo
Technische Administration, Dinosaurier
Das hängt doch einerseits vom Webserver ab (https) und andererseits von dem was der Imap-Server anbietet.
ghostadmin
Grand Admiral Special
★ Themenstarter ★
SSLv3 hab ich beim Apachen schon abgeschaltet, ebenso bei Dovecot.
Siehe auch:
http://trac.roundcube.net/ticket/1490105
Siehe auch:
http://trac.roundcube.net/ticket/1490105
Ähnliche Themen
