simple mail server ( postfix & dovecot )

how to buid mail server
                using postfix and dovecot 

thanks for
       Thomas Bohl ,Edgar Pettijohn, Edgar Pettijoh, Craig Skinner.
if there is not their helps , i cannot achieve this . 



internet
|
wifi router
192.168.100.254
|
run0 192.168.100.101
openbsd PC1 mailserver  which also runs dnsmasq
bge0 192.168.11.1
|
fxp0
openbsd PC2


pkg_add  postfix-2.11.4     dovecot-2.2.15p0


A) about wifi router
port forward

システム上の仮想サーバ
No.	IPアドレス	ポート範囲	プロトコル	ステータス
1	192.168.100.101	22 - 22	TCP&UDP	有効 (effective)
2	192.168.100.101	80 - 80	TCP&UDP	有効  (effective)
3	192.168.100.101	143 - 143	TCP&UDP	有効  (effective)
4	192.168.100.101	587 - 587	TCP&UDP	有効  (effectibv)
5	192.168.100.101	993 - 993	TCP&UDP	有効 (effective)

B) about PC1

real name is not a.mydns.jp but ao????? .mydns.jp.

1)
/etc/myname                                                             
------------------
a.mydns.jp


/etc/hosts
-------------
127.0.0.1             localhost
::1                        localhost
192.168.100.101 a.mydns.jp


 /etc/resolv.conf
---------------------                                                                
nameserver 192.168.100.254   #<-192.168.100.254 do internet dns server
lookup file bind


/etc/dnsmasq.conf       : consists dhcpd server of intranet                                                   
---------------------------
listen-address=192.168.11.1    # Example IP
interface=bge0
dhcp-range=192.168.11.10,192.168.11.12,12h
bind-interfaces





 /etc/dovecot/dovecot.conf                                                   
---------------------
protocols = imap
listen = *
!include conf.d/*.conf



  /etc/dovecot/conf.d/10-mail.conf
---------------------------------------------                                         
mail_location = maildir:~/Maildir
namespace inbox {
  inbox = yes
}
mmap_disable = yes
first_valid_uid = 1000
mail_plugin_dir = /usr/local/lib/dovecot
mbox_write_locks = fcntl




2) /etc/dovecot/conf.d/10-ssl.conf
------------------------------------------------                                               
ssl = yes
ssl_cert = </etc/ssl/dovecotcert.pem
ssl_key = </etc/ssl/private/dovecot.pem

to deal with dovecot fails with too many open files
http://comments.gmane.org/gmane.os.openbsd.misc/207288

 /etc/login.conf
 ------------------------------------------
auth-defaults:auth=passwd,skey:
auth-ftp-defaults:auth-ftp=passwd:
default:\
        :path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\
        :umask=022:\
        :datasize-max=512M:\
        :datasize-cur=512M:\
        :maxproc-max=256:\
        :maxproc-cur=128:\
        :openfiles-cur=512:\
        :stacksize-cur=4M:\
        :localcipher=blowfish,8:\
        :ypcipher=old:\
        :tc=auth-defaults:\
        :tc=auth-ftp-defaults:
daemon:\
        :ignorenologin:\
        :datasize=infinity:\
        :maxproc=infinity:\
        :openfiles-cur=128:\
        :stacksize-cur=8M:\
        :localcipher=blowfish,9:\
        :tc=default:
staff:\
        :datasize-cur=512M:\
        :datasize-max=infinity:\
        :maxproc-max=512:\
        :maxproc-cur=128:\
        :ignorenologin:\
        :requirehome@:\
        :tc=default:
authpf:\
        :welcome=/etc/motd.authpf:\
        :shell=/usr/sbin/authpf:\
        :tc=default:
bgpd:\
        :openfiles-cur=512:\
        :tc=daemon:
unbound:\
        :openfiles-cur=512:\
        :tc=daemon:
dovecot:\
        :openfiles-cur=2048:\
        :openfiles-max=4096:\
        :tc=daemon:




my address is not fixed address ,so i　meet
Outbound port 25 Blocking problem.

namely my wifi router (=　provider　、not dynamic dns )  prohibits 
            　　 port 25 forwarding .  so  i cannot use relay ,so can't send mail to X@google.com)


but with this limit . i will write how to solve it .

and i receive verous report(for example , crontave ) via mail ,so it is convinient .

X-1)   dynamic dns' mx problem

see http://www.mhserv.info/co5/mydns.php

domain -> a.mydns.jp
mx-------->a.mydns.jp
*            A



X-3)

/etc/pf.conf   
---------------------
ext_if="run0"
int_if="bge0"
tcp_services="{ 22, 80, 143, 587 }"  # submisson port
icmp_types="echoreq"
set block-policy return
set loginterface $ext_if
set skip on lo
match out on $ext_if inet from ($int_if:network) to any nat-to
($ext_if:0)
set reassemble yes no-df
block in log
pass out quick
antispoof quick for { lo $int_if }
pass in  on  $ext_if   inet proto tcp from any to  ( $ext_if:0 ) port 
$tcp_services
pass in inet proto icmp all icmp-type $icmp_types
pass in on $int_if

 

X4)
follow http://vine.1-max.net/postfix-OP25B.html


namely
/etc/postfix/main.cf
--------------------------------                                                              
myhostname = a.mydns.jp
mydomain = mydns.jp
myorigin = $myhostname
inet_interfaces = all
mydestination = $myhostname localhost.$mydomain
home_mailbox = Maildir/
mynetworks = 192.168.100.0/24, 127.0.0.0/8
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/postfix
mail_owner = _postfix
inet_protocols = all
unknown_local_recipient_reject_code = 550
debug_peer_level = 2
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/sbin/newaliases
mailq_path = /usr/local/sbin/mailq
setgid_group = _postdrop
html_directory = /usr/local/share/doc/postfix/html
manpage_directory = /usr/local/man
sample_directory = /etc/postfix
readme_directory = /usr/local/share/doc/postfix/readme
relayhost = [smtp.gmobb.jp]:587  <-regretably relay ,so use personally
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/isp_auth
smtp_sasl_security_options = noanonymous



X-5) /etc/postfix/isp_auth
---------------------                                                             
[smtp.gmobb.jp]:587 t?????@ki.gmobb.jp:S?????

and
postmap /etc/postfix/isp_auth



X-6)
/etc/postfix/master.cf                                                            
--------------------------
smtp      inet  n       -       -       -       -       smtpd
submission inet n       -       -       -       -       smtpd
pickup    unix  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      unix  n       -       -       300     1       qmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache


then do script

mail-server.bat                                                             
/etc/rc.d/dnsmasq  restart
/etc/rc.d/dovecot  restart
/etc/rc.d/postfix  restart


to make coment out ,
commentout.bat                                                                                            
awk '$1 !~ "#"{print}' $1 | awk 'NF >0 {print}' -

nginx 5.7

5.7 で　pkg_add nginx はうまく動かない。


しょうがないので
http://wiki.nginx.org/OnOpenBSD
のとおりにする。

http://nginx.org/download/nginx-1.9.0.tar.gz


$ ./configure --sbin-path=/usr/local/sbin/nginx  --conf-path=/etc/nginx/nginx.conf  --pid-path=/var/run/nginx.pid  --with-http_ssl_module  --http-log-path=/var/log/nginx.log  --error-log-path=/var/log/nginx-error.log  --http-fastcgi-temp-path=/var/tmp/fastcgi_tmp  --http-proxy-temp-path=/var/tmp/proxy_tmp  --http-client-body-temp-path=/var/tmp/client_body_temp  --with-http_stub_status_module  --user=www --group=www

Compile and install

$ make && sudo make install 

後は　以下の用にした。 

ls -l /var/www/                                                                                                      
total 28
drwx------  2 www  wheel  512 Apr 11 00:06 0
drwx------  2 www  wheel  512 May 13 01:42 1
drwx------  2 www  wheel  512 Apr 11 00:06 11
drwx------  2 www  wheel  512 Apr 11 00:06 12
drwx------  2 www  wheel  512 Apr 11 00:06 2
lrwxr-xr-x  1 www  wheel    8 May 13 02:06 d0 -> /SAVE/d0
lrwxr-xr-x  1 www  wheel    8 May 13 02:05 d1 -> /SAVE/d1
lrwxr-xr-x  1 www  wheel    9 May 13 02:06 d11 -> /SAVE/d11
lrwxr-xr-x  1 www  wheel    9 May 13 02:06 d12 -> /SAVE/d12
lrwxr-xr-x  1 www  wheel    8 May 13 02:06 d2 -> /SAVE/d2
drwxr-xr-x  3 www  wheel  512 May 12 20:55 htdocs
drwxr-xr-x  2 www  wheel  512 May 13 02:20 logs

ls -l /SAVE/                                                                                                         
total 3892264
drwx------   2 www  wheel          512 Apr 11 00:06 0
drwx------   2 www  wheel          512 May 13 01:42 1
drwx------   2 www  wheel          512 Apr 11 00:06 11
drwx------   2 www  wheel          512 Apr 11 00:06 12
drwx------   2 www  wheel          512 Apr 11 00:06 2
drwxr-xr-x   3 www  wheel          512 Apr 24 18:25 d0
drwxr-xr-x   5 www  wheel          512 May 11 08:58 d1
drwxr-xr-x   2 www  wheel          512 Apr  9 05:33 d11
drwxrwxr--   8 www  tuyosi         512 May  2 10:24 d12
drwxr-xr-x   3 www  wheel          512 Dec 31 03:46 d2

/etc/nginx/nginx.conf

 worker_processes  1;
worker_rlimit_nofile 1024;
events {
    worker_connections  800;
       }
http {
    include       mime.types;
    default_type  application/octet-stream;
    index         index.html index.htm;
    keepalive_timeout  65;
    server_tokens off;
 

server {
        listen       80;
        server_name  localhost;    #<-for test
        root         /var/www/d0;
          }
 

 server {
        listen       80;
        server_name  a.mydns.jp;
        root         /var/www/d0;
          }
 

server {
        listen       80;
        server_name  s.sun.ddns.vc;
        root         /var/www/d1;
auth_basic "Restricted";
auth_basic_user_file /var/www/1/.htpasswd;
          }
 

server {
        listen       80;
        server_name  k.sun.ddns.vc;
        root         /var/www/d2;
auth_basic "Restricted";
auth_basic_user_file /var/www/2/.htpasswd;
          }

server {
        listen       80;
        server_name  m.planex.ddns.vc;
        root         /var/www/d11;
auth_basic "Restricted";
auth_basic_user_file /var/www/11/.htpasswd;
          }
 

server {
        listen       80;
        server_name  n.luna.ddns.vc;
        root         /var/www/d12;
auth_basic "Restricted";
auth_basic_user_file /var/www/12/.htpasswd;
          }
    }