Debian ± Install and Configure Postfix, Dovecot IMAP/POP3 Server
Total Page:16
File Type:pdf, Size:1020Kb
Debian ± Install and Configure Postfix, Dovecot IMAP/POP3 Server, Fetchmail Mail Retrieval, Procmail Mail Filter, Amavis, Spamassassin Mail Filter, Clam Anti Virus, Freepops, SquirrelMail 2010.01.09 Note : - Change IP Address with Your IP - Change debian with Your Hostname - Change linux.vmw with Your Domain - Change debian.linux.vmw with Your FQDN Hostname - Change /bkup with Your Directory - Change **** with Your Password 1. Backup and Edit IP Address Configuration File cp /etc/network/interfaces /bkup/interfaces.ori sudo vim /etc/network/interfaces allow-hotplug eth0au to eth0iface eth0 inet staticaddress 192.168.44.9net staticaddress 18.18.18.9netmask 255.255.255.0gateway 192.168.44.2network 18.18.18.0broadcast 18.18.18.255allow -hotplug eth2auto eth2iface eth2 inet staticaddress 88.88.88.9netmask 255.255.255.0gateway 192.168.44.2network 88.88.88.0broadcast 88.88.88.255 2. Backup and Edit Hostname File Configuration cp /etc/hostname /bkup/hostname.ori sudo vim /etc/hostname debian.linux.vmw 3. Backup and Edit Host Addresses Configuration cp /etc/hosts /bkup/hosts.ori sudo vim /etc/hosts 127.0.0.1 localhost127.0.1.1 debian.linux.vmw debian192.168.44.9 debian.linux.vmw debian18.18.18.9 debian.linux.vm 4. Backup and Edit Host Resolve Addresses Configuration cp /etc/resolv.conf /bkup/resolv.conf.ori sudo vim /etc/resolv.conf domain linux.vmwsearch linux.vmwnameserver 192.168.44.2 5. Reboot the Machine sudo reboot 6. Update and Install Packages sudo apt-get update sudo apt-get install postfix postfix-tls dovecot-imapd dovecot-pop3d dovecot- common fetchmail procmail amavisd-new spamassassin clamav clamav-base clamav- freshclam clamav-daemon freepops squirrelmail apache2 php5 php5-cgi php5-cli php5-common libapache2-mod-php5 libnet-dns-perl libmail-spf-query-perl pyzor razor arj bzip2 cabextract cpio file gzip nomarch pax unzip zip zoo sasl2-bin libsasl2- modules 7. Postfix Initialize Configuration OK Internet Site System mail name : linux.vmw 8. Backup and Activate Spam Assassin cp /etc/default/spamassassin /bkup/spamassassin.ori sudo vim /etc/default/spamassassin ENABLED=1 9. Backup and Edit Spam Assassin cp /etc/spamassassin/local.cf /bkup/local.cf.ori sudo vim /etc/spamassassin/local.cf rewrite_header Subject [SPAM]report_safe 2 10. Add clamav user to the amavis group and vice versa sudo adduser clamav amavis sudo adduser amavis clamav 11. Backup and Activate Spam and Anti Virus Detection cp /etc/amavis/conf.d/15-content_filter_mode /bkup/15-content_filter_mode.ori sudo vim /etc/amavis/conf.d/15-content_filter_mode @bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);@bypass_spam_checks_maps = ( \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); 12. Backup and Edit Spam Mail Configuration cp /etc/amavis/conf.d/20-debian_defaults /bkup/20-debian_defaults.ori sudo vim /etc/amavis/conf.d/20-debian_defaults $final_spam_destiny = D_DISCARD; 13. Backup and Edit User Domain Configuration cp /etc/amavis/conf.d/50-user /bkup/50-user.ori sudo vim /etc/amavis/conf.d/50-user @local_domains_acl = ( ".$mydomain" ); 14. Backup and Edit Main Postfix Configuration cp /etc/postfix/main.cf /bkup/main.cf.ori sudo vim /etc/postfix/main.cf 1. Add mydomain = linux.vmwvirtual_alias_maps =content_filter = smtp - amavis:[127.0.0.1]:10024home_mailbox = Maildir/inet_protocols = allsmtpd_sasl_path = private/auth -clientsmtpd_sasl_local_domain = $mydomainsmtpd_sasl_security_options = noanonymoussmtpd_sasl_auth_enable = yesbroken_sasl_auth_clients = yessmtpd_sasl_password_maps = hash:/etc/postfix/saslpasswdsmtpd_always_send_ehlo = yessmtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_desti nation,check_policy_service inet:127.0.0.1:10023smtpd_sasl_authenticated_header = yessmtpd_tls_auth_only = nosmtpd_tls_note_starttls_offer = yessmtp_tls_note_starttls_offer = yessmtpd_tls_CAfile = /etc/postfix/ssl/cacert.pemsmtpd_tls_loglevel = 1smtpd_tls_received_ header = yessmtpd_tls_session_cache_timeout = 3600stls_random_source = dev:/dev/urandom 2. Edit smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crtsmtpd_tls_key_file = /etc/postfix/ssl/smtpd.keyrelayhost = [smtp.gmail.com]:587mynetworks = 127.0.0.0/8 [::ffff:12 7.0.0.0]/104 [::1]/128 192.168.44.0/24 18.18.18.0/24 88.88.88.0/24 15. Backup and Edit Master Postfix Configuration cp /etc/postfix/master.cf /bkup/master.cf.ori sudo vim /etc/postfix/master.cf pickup fifo n - - 60 1 pickup -o content_filter= -o receive_override_options=no_header_body_checkssmtp -amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_look ups=yes -o max_use=20127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connecti on_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_c hecks 16. Add SMTP Credential sudo vim /etc/postfix/saslpasswd [smtp.gmail.com]:587 [email protected]:*** ** 17. Hash /etc/postfix/saslpasswd sudo postmap /etc/postfix/saslpasswd 18. Edit Postfix SASL sudo vim /etc/postfix/sasl/smtpd.conf pwcheck_method: saslauthdmech_list: plain login 19. Create Certificate for TLS Postfix 1. Create STMP TLS Key sudo mkdir /etc/postfix/ssl cd /etc/postfix/ssl/ sudo openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 Enter pass phrase for smtpd.key: ***** Verifying ± Enter pass phrase for smtpd.key: ***** 2. Create SMTP CSR sudo chmod 600 smtpd.key sudo openssl req -new -key smtpd.key -out smtpd.csr Enter pass phrase for smtpd.key: ***** Country Name (2 letter code) [AU]:ID State or Province Name (full name) [Some-State]:Jakarta Locality Name (eg, city) []:Jakarta Organization Name (eg, company) [Internet Widgits Pty Ltd]:debian Organizational Unit Name (eg, section) []:debian Common Name (eg, YOUR name) []:debian.linux.vmw Email Address []:[email protected] A challenge password []:***** An optional company name []:debian 3. Create Sign Key Expiration Date sudo openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt Enter pass phrase for smtpd.key: ***** 4. Create Open SSL RSA sudo openssl rsa -in smtpd.key -out smtpd.key.unencrypted Enter pass phrase for smtpd.key: ***** 5. Create SSL to PEM CA Certificate sudo mv -f smtpd.key.unencrypted smtpd.key sudo openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem - days 3650 Enter PEM pass phrase: ***** Verifying ± Enter PEM pass phrase: ***** Country Name (2 letter code) [AU]:ID State or Province Name (full name) [Some-State]:Jakarta Locality Name (eg, city) []:Jakarta Organization Name (eg, company) [Internet Widgits Pty Ltd]:debian Organizational Unit Name (eg, section) []:debian Common Name (eg, YOUR name) []:debian.linux.vmw Email Address []:[email protected] 20. Edit Procmail sudo vim /etc/procmailrc DROPPRIVS=yes:0fw| /usr/bin/spamc:0* ^X -Spam-Status: Yes$HOME/spam 21. Backup and Edit Dovecot Configuration cp /etc/dovecot/dovecot.conf /bkup/dovecot.conf.ori sudo vim /etc/dovecot/dovecot.conf protocols = imap imaps pop3 pop3sdisable_plaintext_auth = nossl_disable = nomail_debug = yesauth_debug = yesauth_debug_passwords = yesauth default {mechanisms = plain loginpassdb pam {}userdb passwd {}socket listen {client {path = /var/spool/postfix/private/authmode = 0660user = postfixgroup = postfix}}} 22. Backup and Edit SASL Authentification Configuration cp /etc/default/saslauthd /bkup/saslauthd.ori sudo vim /etc/default/saslauthd START=yes 23. Add Postfix User to SASL Group sudo adduser postfix sasl 24. Backup and Enable SquirrelMail on Apache Configuration cp /etc/apache2/apache2.conf /bkup/apache2.conf.ori sudo vim /etc/apache2/apache2.conf Include /etc/squirrelmail/apache.conf 25. Create User Fetchmail sudo vim /home/sugizo/.fetchmailrc poll pop.gmail.com proto pop3 port 995 user "steve.van.christie" pass "*****" is sugizo fetchall sslpoll pop3.live.com proto pop3 port 995 user "steve [email protected]" pass "*****" is sugizo fetchall sslpoll pop.mail.yahoo.com proto pop3 port 110 user "steve_van_christie" pass "*****" is sugizo fetchallpoll pop.aol.com proto pop3 port 110 user "[email protected]" pass "*****" is sugizo fetchallpoll pop.mail.yahoo.co.jp proto pop3 user "stevevanchristie" pass "*****" is sugizo fetchallpoll pop.ao l.com proto pop3 user "[email protected]" pass "*****" is sugizo fetchallpoll pop.icqmail.com proto pop3 user "[email protected]" pass "*****" is sugizo fetchallpoll imap.mai l.ovi.com proto imap port 993 user "[email protected]" pass "*****" is sugizo fetchall sslpoll localhost proto pop3 port 2000 user "[email protected]" pass "*****" is sugizo fetchall 26. Backup and Edit PHP Configuration File cp /etc/php5/apache2/php.ini /bkup/php.ini.ori sudo vim /etc/php5/apache2/php.ini post_max_size = 32Mupload_max_filesize = 32Mextension=msql.so 27. Backup and Edit Apache Configuration cp /etc/apache2/apache2.conf /bkup/apache2.conf.ori sudo vim /etc/apache2/apache2.conf ServerAdmin