Postfix - Debian 7
root@mail:~# apt-get install postfix procmail bsd-mailx courier-imap courier-pop
1. Primeiro defina a função do servidor de e-mails. A opção que utilizaremos é “Internet Site”, onde você cria um servidor “de verdade”, que envia e recebe os e-mails diretamente.
2. Em seguida, defina o domínio do servidor a ser incluído no envio de mensagens. Utilize o padrão exemplo.org.
3. Otimizar o Postfix para administração web através do courier-webmin. Não utilizaremos essa ferramenta, portanto marque <Não>.
Configuração padrão:
root@mail:~# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix inet_interfaces = all mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 mydestination = exemplo.org, mail.exemplo.org, localhost.exemplo.org, localhost myhostname = mail.exemplo.org mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + relayhost = smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes
root@mail:~# postconf -e "smtpd_banner = Bem Vindo - \$myhostname" root@mail:~# postconf -e "mydestination = mail.exemplo.org, localhost, exemplo.org" root@mail:~# postconf -e "mynetworks = 127.0.0.0/8, 192.0.2.0/24 198.51.100.0/24" root@mail:~# postconf -e "inet_interfaces = all" root@mail:~# postconf -e "mydomain = exemplo.org" root@mail:~# postconf -e "myorigin = mail.exemplo.org" root@mail:~# postconf -e "myhostname = mail.exemplo.org"
root@mail:~# service postfix reload [ ok ] Reloading Postfix configuration...done.
root@mail:~# echo "Teste de Envio" | mail -s "Primeiro Email" gean@exemplo.org
root@mail:~# tail /var/log/mail.log Jul 11 16:49:36 mail postfix/master[3568]: daemon started -- version 2.9.6, configuration /etc/postfix Jul 11 16:49:38 mail authdaemond: modules="authpam", daemons=5 Jul 11 16:49:38 mail authdaemond: Installing libauthpam Jul 11 16:49:38 mail authdaemond: Installation complete: authpam Jul 11 16:55:55 mail postfix/master[3568]: reload -- version 2.9.6, configuration /etc/postfix Jul 11 16:57:30 mail postfix/pickup[3834]: 2E9E1FF0D6: uid=0 from=<root> Jul 11 16:57:30 mail postfix/cleanup[3853]: 2E9E1FF0D6: message-id=<20160711195730.2E9E1FF0D6@mail.exemplo.org> Jul 11 16:57:30 mail postfix/qmgr[3835]: 2E9E1FF0D6: from=<root@mail.exemplo.org>, size=315, nrcpt=1 (queue active) Jul 11 16:57:31 mail postfix/local[3855]: 2E9E1FF0D6: to=<gean@exemplo.org>, relay=local, delay=1, delays=0.02/0/0/1, dsn=2.0.0, status=sent (delivered to command: procmail -a "$EXTENSION") Jul 11 16:57:31 mail postfix/qmgr[3835]: 2E9E1FF0D6: removed
root@mail:~# cat /var/spool/mail/gean From root@mail.exemplo.org Mon Jul 11 16:57:30 2016 Return-Path: <root@mail.exemplo.org> X-Original-To: gean@exemplo.org Delivered-To: gean@exemplo.org Received: by mail.exemplo.org (Postfix, from userid 0) id 2E9E1FF0D6; Mon, 11 Jul 2016 16:57:30 -0300 (BRT) To: gean@exemplo.org Subject: Primeiro Email Message-Id: <20160711195730.2E9E1FF0D6@mail.exemplo.org> Date: Mon, 11 Jul 2016 16:57:30 -0300 (BRT) From: root@mail.exemplo.org (root) Teste de Envio
Ative o padrão maildir:
root@mail:~# postconf -e "home_mailbox = Maildir/"
Comentar essa linha:
root@mail:~# vim /etc/postfix/main.cf [...] # mailbox_command = procmail -a "$EXTENSION" [...]
root@mail:~# maildirmake /home/gean/Maildir root@mail:~# maildirmake /home/gean/Maildir/.Enviados root@mail:~# maildirmake /home/gean/Maildir/.Rascunhos root@mail:~# maildirmake /home/gean/Maildir/.Lixeira root@mail:~# maildirmake /home/gean/Maildir/.Spam root@mail:~# chown -R gean:gean /home/gean
Configurando para os proximos usuários:
root@mail:~# maildirmake /etc/skel/Maildir root@mail:~# maildirmake /etc/skel/Maildir/.Enviados root@mail:~# maildirmake /etc/skel/Maildir/.Rascunhos root@mail:~# maildirmake /etc/skel/Maildir/.Lixeira root@mail:~# maildirmake /etc/skel/Maildir/.Spam
root@mail:~# service postfix reload [ ok ] Reloading Postfix configuration...done.
root@mail:~# echo "Teste de Envio" | mail -s "Segundo Email" gean@exemplo.org
root@mail:~# cat /home/gean/Maildir/new/1468268481.V801Ibf697M159081.mail Return-Path: <root@mail.exemplo.org> X-Original-To: gean@exemplo.org Delivered-To: gean@exemplo.org Received: by mail.exemplo.org (Postfix, from userid 0) id 251F0FF7DE; Mon, 11 Jul 2016 17:21:21 -0300 (BRT) To: gean@exemplo.org Subject: Segundo Email Message-Id: <20160711202121.251F0FF7DE@mail.exemplo.org> Date: Mon, 11 Jul 2016 17:21:21 -0300 (BRT) From: root@mail.exemplo.org (root) Teste de Envio
Testando o Envio de E-mail Utilizando o Telnet:
root@mail:~# telnet localhost 25 Trying ::1... Connected to localhost. Escape character is '^]'. 220 Bem Vindo - mail.exemplo.org helo exemplo.org 250 mail.exemplo.org mail from: root@exemplo.org 250 2.1.0 Ok rcpt to: gean@exemplo.org 250 2.1.5 Ok data 354 End data with <CR><LF>.<CR><LF> subject: Teste de e-mail via telnet Comando SMTP . 250 2.0.0 Ok: queued as 4B37B101846 quit 221 2.0.0 Bye Connection closed by foreign host.
Lendo o e-mail enviado:
root@mail:~# telnet localhost 110 Trying ::1... Connected to localhost. Escape character is '^]'. +OK Hello there. user gean +OK Password required. pass martins58 +OK logged in. list +OK POP3 clients that break here, they violate STD53. 1 457 2 417 3 451 . retr 3 +OK 451 octets follow. Return-Path: <root@exemplo.org> X-Original-To: gean@exemplo.org Delivered-To: gean@exemplo.org Received: from exemplo.org (localhost [IPv6:::1]) by mail.exemplo.org (Postfix) with SMTP id 4B37B101846 for <gean@exemplo.org>; Mon, 11 Jul 2016 17:25:36 -0300 (BRT) subject: Teste de e-mail via telnet Message-Id: <20160711202549.4B37B101846@mail.exemplo.org> Date: Mon, 11 Jul 2016 17:25:36 -0300 (BRT) From: root@exemplo.org Comando SMTP . quit +OK Bye-bye. Connection closed by foreign host.
root@mail:~# apt-get install libsasl2-2 sasl2-bin libsasl2-modules
root@mail:~# mv /etc/default/saslauthd /etc/default/saslauthd.backup root@mail:~# mkdir -p /var/spool/postfix/var/run/saslauthd
root@mail:~# cat /etc/default/saslauthd START=yes DESC="SASL Authentication Daemon" NAME="saslauthd" MECHANISMS="pam" MECH_OPTIONS="" THREADS=5 OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
root@mail:~# cat /etc/postfix/sasl/smtpd.conf pwcheck_method: saslauthd mech_list: plain login
root@mail:~# service saslauthd restart [ ok ] Stopping SASL Authentication Daemon: saslauthd. [ ok ] Starting SASL Authentication Daemon: saslauthd.
root@mail:~# adduser postfix sasl Adicionando usuário 'postfix' ao grupo 'sasl' ... Adicionando usuário postfix ao grupo sasl Concluído.
root@mail:~# postconf -e "smtpd_sasl_local_domain =" root@mail:~# postconf -e "smtpd_sasl_auth_enable = yes" root@mail:~# postconf -e "smtpd_sasl_security_options = noanonymous" root@mail:~# postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination" root@mail:~# postconf -e "smtpd_tls_auth_only = no"
root@mail:~# service postfix reload [ ok ] Reloading Postfix configuration...done.
root@mail:~# mkdir /etc/postfix/ssl root@mail:~# cd /etc/postfix/ssl/
root@mail:/etc/postfix/ssl# openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 203 semi-random bytes loaded Generating RSA private key, 1024 bit long modulus ..++++++ .............++++++ e is 65537 (0x10001) Enter pass phrase for smtpd.key: <ENTRE COM UMA SENHA> Verifying - Enter pass phrase for smtpd.key: <ENTRE COM UMA SENHA>
root@mail:/etc/postfix/ssl# chmod -v 600 smtpd.key mode of "smtpd.key" changed from 0644 (rw-r--r--) to 0600 (rw-------)
root@mail:/etc/postfix/ssl# openssl req -new -key smtpd.key -out smtpd.csr Enter pass phrase for smtpd.key: <ENTRE COM UMA SENHA> You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:BT State or Province Name (full name) [Some-State]:Para Locality Name (eg, city) []:Belem Organization Name (eg, company) [Internet Widgits Pty Ltd]:Exemplo Organizational Unit Name (eg, section) []:TI Common Name (e.g. server FQDN or YOUR name) []:mail.exemplo.org Email Address []:admin@exemplo.org Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: <ENTER> An optional company name []: <ENTER>
root@mail:/etc/postfix/ssl# openssl x509 -req -days 365 -in smtpd.csr -signkey smtpd.key -out smtpd.crt Signature ok subject=/C=BT/ST=Para/L=Belem/O=Exemplo/OU=TI/CN=mail.exemplo.org/emailAddress=admin@exemplo.org Getting Private key Enter pass phrase for smtpd.key: <ENTRE COM UMA SENHA>
root@mail:/etc/postfix/ssl# openssl rsa -in smtpd.key -out smtpd.key.unencrypted Enter pass phrase for smtpd.key: writing RSA key
root@mail:/etc/postfix/ssl# mv smtpd.key{,.dist} root@mail:/etc/postfix/ssl# mv smtpd.key.unencrypted smtpd.key
root@mail:/etc/postfix/ssl# openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 365 Generating a 2048 bit RSA private key .....................................+++ .......................................................+++ writing new private key to 'cakey.pem' Enter PEM pass phrase: <ENTRE COM UMA SENHA> Verifying - Enter PEM pass phrase: <ENTRE COM UMA SENHA> ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:BR State or Province Name (full name) [Some-State]:Para Locality Name (eg, city) []:Belem Organization Name (eg, company) [Internet Widgits Pty Ltd]:Exemplo Organizational Unit Name (eg, section) []:TI Common Name (e.g. server FQDN or YOUR name) []:mail.exemplo.org Email Address []:admin@exemplo.org
root@mail:/etc/postfix/ssl# postconf -e "smtp_use_tls = yes" root@mail:/etc/postfix/ssl# postconf -e "smtp_tls_note_starttls_offer = yes" root@mail:/etc/postfix/ssl# postconf -e "smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem" root@mail:/etc/postfix/ssl# postconf -e "smtpd_tls_loglevel = 1" root@mail:/etc/postfix/ssl# postconf -e "smtpd_tls_received_header = yes" root@mail:/etc/postfix/ssl# postconf -e "smtpd_tls_session_cache_timeout = 3600s" root@mail:/etc/postfix/ssl# postconf -e "smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt" root@mail:/etc/postfix/ssl# postconf -e "smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key" root@mail:/etc/postfix/ssl# postconf -e "smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache" root@mail:/etc/postfix/ssl# postconf -e "smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache" root@mail:/etc/postfix/ssl# postconf -e "tls_random_source = dev:/dev/urandom"
root@mail:/etc/postfix/ssl# aptitude install courier-imap-ssl courier-pop-ssl courier-ssl
root@mail:/etc/postfix/ssl# service postfix restart [ ok ] Stopping Postfix Mail Transport Agent: postfix. [ ok ] Starting Postfix Mail Transport Agent: postfix.