how to buid mail server
using postfix and dovecot
thanks for
Thomas Bohl ,Edgar Pettijohn, Edgar Pettijoh, Craig Skinner.
if there is not their helps , i cannot achieve this .
internet
|
wifi router
192.168.100.254
|
run0 192.168.100.101
openbsd PC1 mailserver which also runs dnsmasq
bge0 192.168.11.1
|
fxp0
openbsd PC2
pkg_add postfix-2.11.4 dovecot-2.2.15p0
A) about wifi router
port forward
| システム上の仮想サーバ | ||||
| No. | IPアドレス | ポート範囲 | プロトコル | ステータス |
| 1 | 192.168.100.101 | 22 - 22 | TCP&UDP | 有効 (effective) |
| 2 | 192.168.100.101 | 80 - 80 | TCP&UDP | 有効 (effective) |
| 3 | 192.168.100.101 | 143 - 143 | TCP&UDP | 有効 (effective) |
| 4 | 192.168.100.101 | 587 - 587 | TCP&UDP | 有効 (effectibv) |
| 5 | 192.168.100.101 | 993 - 993 | TCP&UDP | 有効 (effective) |
B) about PC1
real name is not a.mydns.jp but ao????? .mydns.jp.
1)
/etc/myname
------------------
a.mydns.jp
/etc/hosts
-------------
127.0.0.1 localhost
::1 localhost
192.168.100.101 a.mydns.jp
/etc/resolv.conf
---------------------
nameserver 192.168.100.254 #<-192.168.100.254 do internet dns server
lookup file bind
/etc/dnsmasq.conf : consists dhcpd server of intranet
---------------------------
listen-address=192.168.11.1 # Example IP
interface=bge0
dhcp-range=192.168.11.10,192.168.11.12,12h
bind-interfaces
/etc/dovecot/dovecot.conf
---------------------
protocols = imap
listen = *
!include conf.d/*.conf
/etc/dovecot/conf.d/10-mail.conf
---------------------------------------------
mail_location = maildir:~/Maildir
namespace inbox {
inbox = yes
}
mmap_disable = yes
first_valid_uid = 1000
mail_plugin_dir = /usr/local/lib/dovecot
mbox_write_locks = fcntl
2) /etc/dovecot/conf.d/10-ssl.conf
------------------------------------------------
ssl = yes
ssl_cert = </etc/ssl/dovecotcert.pem
ssl_key = </etc/ssl/private/dovecot.pem
to deal with dovecot fails with too many open files
http://comments.gmane.org/gmane.os.openbsd.misc/207288
/etc/login.conf
------------------------------------------
auth-defaults:auth=passwd,skey:
auth-ftp-defaults:auth-ftp=passwd:
default:\
:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\
:umask=022:\
:datasize-max=512M:\
:datasize-cur=512M:\
:maxproc-max=256:\
:maxproc-cur=128:\
:openfiles-cur=512:\
:stacksize-cur=4M:\
:localcipher=blowfish,8:\
:ypcipher=old:\
:tc=auth-defaults:\
:tc=auth-ftp-defaults:
daemon:\
:ignorenologin:\
:datasize=infinity:\
:maxproc=infinity:\
:openfiles-cur=128:\
:stacksize-cur=8M:\
:localcipher=blowfish,9:\
:tc=default:
staff:\
:datasize-cur=512M:\
:datasize-max=infinity:\
:maxproc-max=512:\
:maxproc-cur=128:\
:ignorenologin:\
:requirehome@:\
:tc=default:
authpf:\
:welcome=/etc/motd.authpf:\
:shell=/usr/sbin/authpf:\
:tc=default:
bgpd:\
:openfiles-cur=512:\
:tc=daemon:
unbound:\
:openfiles-cur=512:\
:tc=daemon:
dovecot:\
:openfiles-cur=2048:\
:openfiles-max=4096:\
:tc=daemon:
my address is not fixed address ,so i meet
Outbound port 25 Blocking problem.
namely my wifi router (= provider 、not dynamic dns ) prohibits
port 25 forwarding . so i cannot use relay ,so can't send mail to X@google.com)
but with this limit . i will write how to solve it .
and i receive verous report(for example , crontave ) via mail ,so it is convinient .
X-1) dynamic dns' mx problem
see http://www.mhserv.info/co5/mydns.php
domain -> a.mydns.jp
mx-------->a.mydns.jp
* A
X-3)
/etc/pf.conf
---------------------
ext_if="run0"
int_if="bge0"
tcp_services="{ 22, 80, 143, 587 }" # submisson port
icmp_types="echoreq"
set block-policy return
set loginterface $ext_if
set skip on lo
match out on $ext_if inet from ($int_if:network) to any nat-to
($ext_if:0)
set reassemble yes no-df
block in log
pass out quick
antispoof quick for { lo $int_if }
pass in on $ext_if inet proto tcp from any to ( $ext_if:0 ) port
$tcp_services
pass in inet proto icmp all icmp-type $icmp_types
pass in on $int_if
X4)
follow http://vine.1-max.net/postfix-OP25B.html
namely
/etc/postfix/main.cf
--------------------------------
myhostname = a.mydns.jp
mydomain = mydns.jp
myorigin = $myhostname
inet_interfaces = all
mydestination = $myhostname localhost.$mydomain
home_mailbox = Maildir/
mynetworks = 192.168.100.0/24, 127.0.0.0/8
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/postfix
mail_owner = _postfix
inet_protocols = all
unknown_local_recipient_reject_code = 550
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/sbin/newaliases
mailq_path = /usr/local/sbin/mailq
setgid_group = _postdrop
html_directory = /usr/local/share/doc/postfix/html
manpage_directory = /usr/local/man
sample_directory = /etc/postfix
readme_directory = /usr/local/share/doc/postfix/readme
relayhost = [smtp.gmobb.jp]:587 <-regretably relay ,so use personally
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/isp_auth
smtp_sasl_security_options = noanonymous
X-5) /etc/postfix/isp_auth
---------------------
[smtp.gmobb.jp]:587 t?????@ki.gmobb.jp:S?????
and
postmap /etc/postfix/isp_auth
X-6)
/etc/postfix/master.cf
--------------------------
smtp inet n - - - - smtpd
submission inet n - - - - smtpd
pickup unix n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr unix n - - 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
then do script
mail-server.bat
/etc/rc.d/dnsmasq restart
/etc/rc.d/dovecot restart
/etc/rc.d/postfix restart
to make coment out ,
commentout.bat
awk '$1 !~ "#"{print}' $1 | awk 'NF >0 {print}' -
0 件のコメント:
コメントを投稿