How-to Integra??o Postfi
?
0 likes?909 views
The document provides instructions for configuring Postfix to integrate with Active Directory for user authentication. It includes configuring Postfix configuration files and LDAP settings to query user information from Active Directory for mail delivery, alias lookups, and more. Commands are provided to install required packages, configure ClamAV for antivirus scanning, and set up virtual users on the mail server using directories mounted from an iSCSI LUN.
![if ($RETURNCODE==0)
{
CCADDRESSES=`cat "$MAILDIR/vacation_cc_addresses.txt"`
`test -f "$MAILDIR/vacation_keep_messages.txt"`
if ($RETURNCODE==0)
{
cc "! -f "$ADDR" $CCADDRESSES"
}
else
{
to "! -f "$ADDR" $CCADDRESSES"
}
}
}
exception {
to "$MAILDIR/"
}
exception {
xfilter "$DELIVERQUOTA -w 90 $MAILDIR"
}
if ($RETURNCODE==75)
{
cc "| mailbot -t "$MESSAGE" -A 'From: $MAILER' /usr/sbin/sendmail -t $ADDR"
}
vim /usr/lib/postfix/clamav-filter.sh
#!/bin/sh
export PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/usr/games
INSPECT_DIR=/AV
SENDMAIL="/usr/bin/spamc -f -e /usr/sbin/sendmail -i"
MYHOSTNAME=`postconf -h myhostname`
REPORTHOST=`postconf -h myhostname`
EX_TEMPFAIL=75
EX_UNAVAILABLE=69
EX_DENIED=77
nome_arquivo=`date +%Y%m%d%H%M%S`
nome_arquivo=in.$$.$nome_arquivo
AVCMD="/usr/bin/clamdscan --disable-summary --stdout "
NOTIFY_VIRUS=no
NOTIFY_POSTMASTER=yes
viruscan() {
VIRUS=`$AVCMD $nome_arquivo`
SAIDA=$?
VIRUS=`echo $VIRUS | cut -d" " -f2-`
if [ $SAIDA -eq 1 ]; then
postlog -t postfix/virus-filter message-id=$msgid status=virus from=<$from> to=<$rcpts> 2>/dev/null
if [ "$NOTIFY_VIRUS" = "yes" ]; then
echo "From: Virus Scanner <mailer-daemon@$MYHOSTNAME>
Subject: AVISO: Email rejeitado: VIRUS Detectado
To: $from
Seu email para ($rcpts) com assunto ($subj) foi rejeitado por conter virus.
Virus encontrados: $VIRUS
" | $SENDMAIL -f MAILER-DAEMON -- $from
fi
if [ "$NOTIFY_POSTMASTER" = "yes" ]; then
echo "From: Virus Scanner <mailer-daemon@$MYHOSTNAME>
Subject: Postmaster Copy: VIRUS Detectado
To: postmaster@solisc.org.br
Um email de $from para $rcpts com assunto ($subj) foi rejeitado por conter virus.
Virus encontrados: $VIRUS
" | $SENDMAIL -f MAILER-DAEMON ¨C postmaster@solisc.org.br
fi
exit 0
fi
}
trap "rm -rf $nome_arquivo*" 0 1 2 3 15
cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }
cat >$nome_arquivo || { echo Cannot save mail to file; exit $EX_TEMPFAIL; }
from=$2
if [ "$from" != "--" ]; then
shift
else
$from=""
fi
shift ; shift
dominio=`echo $from | cut -d"@" -f2`
email=`echo $from | cut -d"@" -f1`
subj=`head -n 200 $nome_arquivo | grep -i "^Subject:" | cut -d":" -f2- | head -n 1`
msgid=`head -n 200 $nome_arquivo | grep -i "^message-id" | cut -d: -f 2- | sed 's/^ *//' | head -n 1`
saida="-f $from -- $@"
rcpts=$@
viruscan
$SENDMAIL $saida <$nome_arquivo>](https://image.slidesharecdn.com/postifixadsolisc-101022075321-phpapp01/85/How-to-Integracao-Postfi-3-320.jpg)
![vim /etc/postfix/master.cf
policy unix - n n - - spawn user=nobody argv=/usr/bin/perl /usr/lib/postfix/policyd-spf-perl
Testando: host -t txt mailserver.solisc.org.br
mailserver.solisc.org.br descriptive text "v=spf1 ipv4:172.86.23.39/32 mx -all"
Obs.: OS ARQUIVOS INCLUIDOS NESSE DOCUMENTO J? INCLUEN AS ALTERA??ES ACIMA.
Disco virtua RAMDISK para a Queue
Inlcuir no /etc/rc.local: mount -t tmpfs none /AV
Configura??o do OpenISCSI
iscsiadm -m iface -I iface4 --op=new
iscsiadm -m iface -I iface4 --op=update -n iface.hwaddress -v d8:d3:85:b8:5d:8a
iscsiadm -m discovery -t st -p 10.0.30.2 iface4 -P 1
iscsiadm -m node -T iqn.1986-03.com.hp:storage.msa2324i.0944da4fac -l
mount -t ext3 /dev/sdg1 /vmail
vim /etc/iscsi/iscsid.conf
isns.address = 10.0.30.2
isns.port = 3260
node.startup = automatic
node.session.timeo.replacement_timeout = 120
node.conn[0].timeo.login_timeout = 15
node.conn[0].timeo.logout_timeout = 15
node.conn[0].timeo.noop_out_interval = 5
node.conn[0].timeo.noop_out_timeout = 5
node.session.err_timeo.abort_timeout = 15
node.session.err_timeo.lu_reset_timeout = 20
node.session.initial_login_retry_max = 8
node.session.queue_depth = 32
node.session.iscsi.InitialR2T = No
node.session.iscsi.ImmediateData = Yes
node.session.iscsi.FirstBurstLength = 262144
node.session.iscsi.MaxBurstLength = 16776192
node.conn[0].iscsi.MaxRecvDataSegmentLength = 131072
discovery.sendtargets.iscsi.MaxRecvDataSegmentLength = 32768
node.session.iscsi.FastAbort = Yes
vim /etc/fstab
/dev/sda1 /vmail ext3 rw,sync,auto,_netdev 0 0
Verifica??o de portas
nmap 127.0.0.1
22/tcp | 25/tcp | 111/tcp | 143/tcp | 734/tcp | 783/tcp
Rela??o de arquivos utilizados:
/etc/passwd
/etc/group
/etc/rc.local
/etc/fstab
/etc/crontab
/etc/resolv.conf
/etc/iscsi/iscsid.conf
/etc/postfix/main.cf
/etc/postfix/master.cf
/etc/postfix/helo-invalid
/etc/postfix/header_checks
/etc/courier/authldaprc
/etc/courier/authdaemonrc
/etc/spamassassin/local.cf
/etc/maildroprc
/etc/default/spamassassin
/usr/lib/postfix/clamav-filter.sh
Obs.: Os arquivos de configura??o n?o podem conter espa?os em branco no final das linhas.](https://image.slidesharecdn.com/postifixadsolisc-101022075321-phpapp01/85/How-to-Integracao-Postfi-6-320.jpg)
How-to Integra??o Postfi
- 1. Instala??o do Postfix integrado com Active Directory Autor: Thiago Cavalcante (tlcavalcante@gmail.com) Instal??o dos pacotes apt-get install courier-authdaemon courier-authlib courier-authlib-dev courier-authlib-ldap courier-base courier-imap courier-maildrop postfix postfix-ldap postfix-policyd-spf-perl libsasl2-2 libsasl2-modules libsasl2-modules-ldap sasl2-bin clamav-base clamav-daemon clamav-freshclam spamassassin htop openssh-server build-essential linux-source-2.6.26 linux-headers-2.6.26-2-amd64 rcconf dnsutils locate htop nmap Arquivos de configura??o vim /etc/postfix/main.cf smtpd_banner = $myhostname ESMTP biff = no append_dot_mydomain = no delay_warning_time = 4h myhostname = mailserver.solisc.org.br myorigin = solisc.org.br mydestination = solisc.org.br, mailserver.solisc.org.br, localhost relayhost = 172.86.41.230 mynetworks = 127.0.0.0/8, 172.86.0.0/16 inet_interfaces = all disable_vrfy_command = yes strict_rfc821_envelopes = yes home_mailbox = Maildir/ message_size_limit = 20000000 virtual_alias_expansion_limit = 5000 alias_maps = hash:/etc/aliases mailbox_transport = maildrop mailbox_command_maps = ldap:accounts local_recipient_maps = $alias_maps $virtual_mailbox_maps virtual_maps = ldap:grupos ldap:forward virtual_mailbox_maps = ldap:accounts debug_peer_level = 5 debug_peer_list = 127.0.0.1 accounts_server_host = 172.86.41.190 accounts_bind_dn = cn=bind,cn=Users,dc=solisc accounts_bind_pw = Solisc2010 accounts_search_base = ou=Usuarios,dc=solisc accounts_query_filter = (&(objectClass=organizationalPerson)(mail=%s)) accounts_result_attribute = mail accounts_bind = yes grupos_server_host = 172.86.41.190 grupos_version = 3 grupos_search_base = ou=Usuarios,dc=solisc grupos_query_filter = (&(objectClass=group)(mail=%s)) grupos_bind_dn = cn=bind,cn=Users,dc=solisc grupos_bind_pw = Solisc2010 grupos_special_result_attribute = member grupos_result_attribute = mail grupos_recursion_limit = 5000 forward_server_host = 172.86.41.190 forward_version = 3 forward_timeout = 10 forward_chase_referral = 0 forward_search_base = ou=Usuarios,dc=solisc forward_query_filter = (&(mail=%s)(objectClass=organizationalPerson)) forward_bind_dn = cn=bind,cn=Users,dc=solisc forward_bind_pw = Solisc2010 forward_result_attribute = l smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_invalid_hostname, check_helo_access regexp:/etc/postfix/helo-invalid smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unauth_pipelining check_policy_service unix:private/policy smtpd_etrn_restrictions = permit_sasl_authenticated, reject header_checks = regexp:/etc/postfix/header_checks smtpd_data_restrictions = reject_unauth_pipelining
- 2. vim /etc/postfix/master.cf smtp inet n - - - - smtpd -v -v -v -D pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - - - - smtp relay unix - - - - - smtp -o fallback_relay= showq unix n - - - - showq error unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache maildrop unix - n n - 20 pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -w 90 -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} retry unix - - n - - error proxywrite unix - - n - 1 proxymap policy unix - n n - - spawn user=nobody argv=/usr/bin/perl /usr/lib/postfix/policyd-spf-perl smtp inet n - n - - smtpd -o content_filter=clamav:clamav clamav unix - n n - - pipe flags=Rq user=clamav argv=/usr/lib/postfix/clamav-filter.sh -f ${sender} -- ${recipient} vim /etc/maildroprc USER=`echo "$LOGNAME" | cut -d@ -f1` MAILBOX="$HOME/$USER/" MAILDIR="$HOME/$USER/Maildir/" MESSAGE="/etc/courier/overquota" DELIVERQUOTA="/usr/bin/deliverquota.courier" ASSUNTO="CAIXA CHEIA!" MAILER="MAILER-DAEMON@mailserver.solisc.org.br" if ( /^From: *.*/ ) { ADDR=getaddr($MATCH) } `test -d "$MAILDIR"` if ($RETURNCODE != 0) { exception { `mkdir -p "$MAILBOX"` `maildirmake.courier "$MAILDIR"` } } if (/^X-Spam-Status: Yes/) { `test -d "$MAILDIR/.Spam/"` if ($RETURNCODE != 0) { `maildirmake.courier -f Spam "$MAILDIR"` `echo "INBOX.Spam" >> $MAILDIR/courierimapsubscribed` } exception { to "$MAILDIR/.Spam/" } } `test -f "$MAILDIR/vacation.txt"` if ($RETURNCODE==0) { `test -f "$MAILDIR/vacation_subject.txt"` if ($RETURNCODE==0) { SUBJECT=`cat "$MAILDIR/vacation_subject.txt"` cc "| mailbot -t "$MAILDIR/vacation.txt" -A 'From: $USER' -A 'Subject: $SUBJECT' /usr/sbin/sendmail -t $ADDR" } else { cc "| mailbot -t "$MAILDIR/vacation.txt" -A 'From: $USER' /usr/sbin/sendmail -t $ADDR" } `test -f "$MAILDIR/vacation_cc_addresses.txt"`
- 3. if ($RETURNCODE==0) { CCADDRESSES=`cat "$MAILDIR/vacation_cc_addresses.txt"` `test -f "$MAILDIR/vacation_keep_messages.txt"` if ($RETURNCODE==0) { cc "! -f "$ADDR" $CCADDRESSES" } else { to "! -f "$ADDR" $CCADDRESSES" } } } exception { to "$MAILDIR/" } exception { xfilter "$DELIVERQUOTA -w 90 $MAILDIR" } if ($RETURNCODE==75) { cc "| mailbot -t "$MESSAGE" -A 'From: $MAILER' /usr/sbin/sendmail -t $ADDR" } vim /usr/lib/postfix/clamav-filter.sh #!/bin/sh export PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/usr/games INSPECT_DIR=/AV SENDMAIL="/usr/bin/spamc -f -e /usr/sbin/sendmail -i" MYHOSTNAME=`postconf -h myhostname` REPORTHOST=`postconf -h myhostname` EX_TEMPFAIL=75 EX_UNAVAILABLE=69 EX_DENIED=77 nome_arquivo=`date +%Y%m%d%H%M%S` nome_arquivo=in.$$.$nome_arquivo AVCMD="/usr/bin/clamdscan --disable-summary --stdout " NOTIFY_VIRUS=no NOTIFY_POSTMASTER=yes viruscan() { VIRUS=`$AVCMD $nome_arquivo` SAIDA=$? VIRUS=`echo $VIRUS | cut -d" " -f2-` if [ $SAIDA -eq 1 ]; then postlog -t postfix/virus-filter message-id=$msgid status=virus from=<$from> to=<$rcpts> 2>/dev/null if [ "$NOTIFY_VIRUS" = "yes" ]; then echo "From: Virus Scanner <mailer-daemon@$MYHOSTNAME> Subject: AVISO: Email rejeitado: VIRUS Detectado To: $from Seu email para ($rcpts) com assunto ($subj) foi rejeitado por conter virus. Virus encontrados: $VIRUS " | $SENDMAIL -f MAILER-DAEMON -- $from fi if [ "$NOTIFY_POSTMASTER" = "yes" ]; then echo "From: Virus Scanner <mailer-daemon@$MYHOSTNAME> Subject: Postmaster Copy: VIRUS Detectado To: postmaster@solisc.org.br Um email de $from para $rcpts com assunto ($subj) foi rejeitado por conter virus. Virus encontrados: $VIRUS " | $SENDMAIL -f MAILER-DAEMON ¨C postmaster@solisc.org.br fi exit 0 fi } trap "rm -rf $nome_arquivo*" 0 1 2 3 15 cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; } cat >$nome_arquivo || { echo Cannot save mail to file; exit $EX_TEMPFAIL; } from=$2 if [ "$from" != "--" ]; then shift else $from="" fi shift ; shift dominio=`echo $from | cut -d"@" -f2` email=`echo $from | cut -d"@" -f1` subj=`head -n 200 $nome_arquivo | grep -i "^Subject:" | cut -d":" -f2- | head -n 1` msgid=`head -n 200 $nome_arquivo | grep -i "^message-id" | cut -d: -f 2- | sed 's/^ *//' | head -n 1` saida="-f $from -- $@" rcpts=$@ viruscan $SENDMAIL $saida <$nome_arquivo>
- 4. exit 0 vim /etc/courier/authldaprc LDAP_URI ldap://172.86.23.171 LDAP_SERVER 172.86.23.171 LDAP_PORT 389 LDAP_PROTOCOL_VERSION 3 LDAP_AUTHBIND 1 LDAP_BASEDN dc=ad,dc=solisc LDAP_BINDDN cn=bind,cn=users,dc=solisc LDAP_BINDPW Solisc2010 LDAP_TIMEOUT 5 LDAP_FILTER (objectClass=organizationalPerson) LDAP_DOMAIN solisc LDAP_FULLNAME cn LDAP_CLEARPW clearPassword LDAP_CRYPTPW userPassword LDAP_MAIL mail LDAP_GLOB_UID 1000 LDAP_GLOB_GID 1000 LDAP_MAILDIR wWWHomePage LDAP_HOMEDIR streetAddress LDAP_DEREF never LDAP_MAILDIRQUOTA st vim /etc/courier/authdaemonrc authmodulelist="authldap" authmodulelistorig="authldap" daemons=50 authdaemonvar=/var/run/courier/authdaemon DEBUG_LOGIN=0 DEFAULTOPTIONS="" LOGGEROPTS="" vim /etc/spamassassin/local.cf rewrite_header Subject SPAM trusted_networks 172.86.0.0/16 required_score 5.0 use_bayes 1 bayes_auto_learn 1 bayes_ignore_header X-Bogosity bayes_ignore_header X-Spam-Flag bayes_ignore_header X-Spam-Status touch /etc/postfix/helo-invalid; touch /etc/postfix/header_checks; postmap /etc/postfix/helo-invalid; postmap /etc/postfix/header_checks adduser vmail (senha vmail) Alterar o home do usu¨¢rio para /vmail mkdir /AV; chown clamav /AV; chgrp clamav /AV; mkdir /vmail; chown vmail /vmail; chgrp vmail /vmail ln -s /etc/maildroprc /etc/courier/maildroprc Habilite o Spamassassin, substituindo o 0 por 1 no arquivo /etc/default/spamassassin ¨C ENABLED=1
- 5. Campos utilizados no Active Directory Cria??o de usu¨¢rios: E-mail: Preencher com e-mail do usu¨¢rio. P¨¢gina do Web: Preencher com o Maildir do usu¨¢rio. Rua: Home do Postfix (igual para todos usu¨¢rios) Cidade: Redirecionamento (repetir email do usuario para desabilitar) Estado: Quota de disco em bytes (n?o esquecer do S no final) Cria??o de listas: Para cada lista deve ser criada uma ACL no arquivo no Posftix e criado um grupo no AD com o mesmo username do email da lista. Nome do grupo: Deve ser o mesmo username do email da lista E-Mail: Endere?o de e-mail da lista. Incluir e/ou remover aqui os usu¨¢rios ativos na lista. Configura??o do SPF perl -MCPAN -e shell install Mail::SPF q Editar o arquivo de DNS e incluir a linha do SPF abaixo do MX mailserver.solisc.org.br. IN TXT "v=spf1 ipv4:172.86.23.39/32 mx -all" Incluir no final do arquivo /etc/postfix/master.cf
- 6. vim /etc/postfix/master.cf policy unix - n n - - spawn user=nobody argv=/usr/bin/perl /usr/lib/postfix/policyd-spf-perl Testando: host -t txt mailserver.solisc.org.br mailserver.solisc.org.br descriptive text "v=spf1 ipv4:172.86.23.39/32 mx -all" Obs.: OS ARQUIVOS INCLUIDOS NESSE DOCUMENTO J? INCLUEN AS ALTERA??ES ACIMA. Disco virtua RAMDISK para a Queue Inlcuir no /etc/rc.local: mount -t tmpfs none /AV Configura??o do OpenISCSI iscsiadm -m iface -I iface4 --op=new iscsiadm -m iface -I iface4 --op=update -n iface.hwaddress -v d8:d3:85:b8:5d:8a iscsiadm -m discovery -t st -p 10.0.30.2 iface4 -P 1 iscsiadm -m node -T iqn.1986-03.com.hp:storage.msa2324i.0944da4fac -l mount -t ext3 /dev/sdg1 /vmail vim /etc/iscsi/iscsid.conf isns.address = 10.0.30.2 isns.port = 3260 node.startup = automatic node.session.timeo.replacement_timeout = 120 node.conn[0].timeo.login_timeout = 15 node.conn[0].timeo.logout_timeout = 15 node.conn[0].timeo.noop_out_interval = 5 node.conn[0].timeo.noop_out_timeout = 5 node.session.err_timeo.abort_timeout = 15 node.session.err_timeo.lu_reset_timeout = 20 node.session.initial_login_retry_max = 8 node.session.queue_depth = 32 node.session.iscsi.InitialR2T = No node.session.iscsi.ImmediateData = Yes node.session.iscsi.FirstBurstLength = 262144 node.session.iscsi.MaxBurstLength = 16776192 node.conn[0].iscsi.MaxRecvDataSegmentLength = 131072 discovery.sendtargets.iscsi.MaxRecvDataSegmentLength = 32768 node.session.iscsi.FastAbort = Yes vim /etc/fstab /dev/sda1 /vmail ext3 rw,sync,auto,_netdev 0 0 Verifica??o de portas nmap 127.0.0.1 22/tcp | 25/tcp | 111/tcp | 143/tcp | 734/tcp | 783/tcp Rela??o de arquivos utilizados: /etc/passwd /etc/group /etc/rc.local /etc/fstab /etc/crontab /etc/resolv.conf /etc/iscsi/iscsid.conf /etc/postfix/main.cf /etc/postfix/master.cf /etc/postfix/helo-invalid /etc/postfix/header_checks /etc/courier/authldaprc /etc/courier/authdaemonrc /etc/spamassassin/local.cf /etc/maildroprc /etc/default/spamassassin /usr/lib/postfix/clamav-filter.sh Obs.: Os arquivos de configura??o n?o podem conter espa?os em branco no final das linhas.