Your SlideShare is downloading. ×
How-to Integração Postfi
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

How-to Integração Postfi

1,066
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,066
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
19
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Instalação do Postfix integrado com Active Directory Autor: Thiago Cavalcante (tlcavalcante@gmail.com) Instalção dos pacotes apt-get install courier-authdaemon courier-authlib courier-authlib-dev courier-authlib-ldap courier-base courier-imap courier-maildrop postfix postfix-ldap postfix-policyd-spf-perl libsasl2-2 libsasl2-modules libsasl2-modules-ldap sasl2-bin clamav-base clamav-daemon clamav-freshclam spamassassin htop openssh-server build-essential linux-source-2.6.26 linux-headers-2.6.26-2-amd64 rcconf dnsutils locate htop nmap Arquivos de configuração vim /etc/postfix/main.cf smtpd_banner = $myhostname ESMTP biff = no append_dot_mydomain = no delay_warning_time = 4h myhostname = mailserver.solisc.org.br myorigin = solisc.org.br mydestination = solisc.org.br, mailserver.solisc.org.br, localhost relayhost = 172.86.41.230 mynetworks = 127.0.0.0/8, 172.86.0.0/16 inet_interfaces = all disable_vrfy_command = yes strict_rfc821_envelopes = yes home_mailbox = Maildir/ message_size_limit = 20000000 virtual_alias_expansion_limit = 5000 alias_maps = hash:/etc/aliases mailbox_transport = maildrop mailbox_command_maps = ldap:accounts local_recipient_maps = $alias_maps $virtual_mailbox_maps virtual_maps = ldap:grupos ldap:forward virtual_mailbox_maps = ldap:accounts debug_peer_level = 5 debug_peer_list = 127.0.0.1 accounts_server_host = 172.86.41.190 accounts_bind_dn = cn=bind,cn=Users,dc=solisc accounts_bind_pw = Solisc2010 accounts_search_base = ou=Usuarios,dc=solisc accounts_query_filter = (&(objectClass=organizationalPerson)(mail=%s)) accounts_result_attribute = mail accounts_bind = yes grupos_server_host = 172.86.41.190 grupos_version = 3 grupos_search_base = ou=Usuarios,dc=solisc grupos_query_filter = (&(objectClass=group)(mail=%s)) grupos_bind_dn = cn=bind,cn=Users,dc=solisc grupos_bind_pw = Solisc2010 grupos_special_result_attribute = member grupos_result_attribute = mail grupos_recursion_limit = 5000 forward_server_host = 172.86.41.190 forward_version = 3 forward_timeout = 10 forward_chase_referral = 0 forward_search_base = ou=Usuarios,dc=solisc forward_query_filter = (&(mail=%s)(objectClass=organizationalPerson)) forward_bind_dn = cn=bind,cn=Users,dc=solisc forward_bind_pw = Solisc2010 forward_result_attribute = l smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_invalid_hostname, check_helo_access regexp:/etc/postfix/helo-invalid smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unauth_pipelining check_policy_service unix:private/policy smtpd_etrn_restrictions = permit_sasl_authenticated, reject header_checks = regexp:/etc/postfix/header_checks smtpd_data_restrictions = reject_unauth_pipelining
  • 2. vim /etc/postfix/master.cf smtp inet n - - - - smtpd -v -v -v -D pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - - - - smtp relay unix - - - - - smtp -o fallback_relay= showq unix n - - - - showq error unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache maildrop unix - n n - 20 pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -w 90 -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} retry unix - - n - - error proxywrite unix - - n - 1 proxymap policy unix - n n - - spawn user=nobody argv=/usr/bin/perl /usr/lib/postfix/policyd-spf-perl smtp inet n - n - - smtpd -o content_filter=clamav:clamav clamav unix - n n - - pipe flags=Rq user=clamav argv=/usr/lib/postfix/clamav-filter.sh -f ${sender} -- ${recipient} vim /etc/maildroprc USER=`echo "$LOGNAME" | cut -d@ -f1` MAILBOX="$HOME/$USER/" MAILDIR="$HOME/$USER/Maildir/" MESSAGE="/etc/courier/overquota" DELIVERQUOTA="/usr/bin/deliverquota.courier" ASSUNTO="CAIXA CHEIA!" MAILER="MAILER-DAEMON@mailserver.solisc.org.br" if ( /^From: *.*/ ) { ADDR=getaddr($MATCH) } `test -d "$MAILDIR"` if ($RETURNCODE != 0) { exception { `mkdir -p "$MAILBOX"` `maildirmake.courier "$MAILDIR"` } } if (/^X-Spam-Status: Yes/) { `test -d "$MAILDIR/.Spam/"` if ($RETURNCODE != 0) { `maildirmake.courier -f Spam "$MAILDIR"` `echo "INBOX.Spam" >> $MAILDIR/courierimapsubscribed` } exception { to "$MAILDIR/.Spam/" } } `test -f "$MAILDIR/vacation.txt"` if ($RETURNCODE==0) { `test -f "$MAILDIR/vacation_subject.txt"` if ($RETURNCODE==0) { SUBJECT=`cat "$MAILDIR/vacation_subject.txt"` cc "| mailbot -t "$MAILDIR/vacation.txt" -A 'From: $USER' -A 'Subject: $SUBJECT' /usr/sbin/sendmail -t $ADDR" } else { cc "| mailbot -t "$MAILDIR/vacation.txt" -A 'From: $USER' /usr/sbin/sendmail -t $ADDR" } `test -f "$MAILDIR/vacation_cc_addresses.txt"`
  • 3. if ($RETURNCODE==0) { CCADDRESSES=`cat "$MAILDIR/vacation_cc_addresses.txt"` `test -f "$MAILDIR/vacation_keep_messages.txt"` if ($RETURNCODE==0) { cc "! -f "$ADDR" $CCADDRESSES" } else { to "! -f "$ADDR" $CCADDRESSES" } } } exception { to "$MAILDIR/" } exception { xfilter "$DELIVERQUOTA -w 90 $MAILDIR" } if ($RETURNCODE==75) { cc "| mailbot -t "$MESSAGE" -A 'From: $MAILER' /usr/sbin/sendmail -t $ADDR" } vim /usr/lib/postfix/clamav-filter.sh #!/bin/sh export PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/usr/games INSPECT_DIR=/AV SENDMAIL="/usr/bin/spamc -f -e /usr/sbin/sendmail -i" MYHOSTNAME=`postconf -h myhostname` REPORTHOST=`postconf -h myhostname` EX_TEMPFAIL=75 EX_UNAVAILABLE=69 EX_DENIED=77 nome_arquivo=`date +%Y%m%d%H%M%S` nome_arquivo=in.$$.$nome_arquivo AVCMD="/usr/bin/clamdscan --disable-summary --stdout " NOTIFY_VIRUS=no NOTIFY_POSTMASTER=yes viruscan() { VIRUS=`$AVCMD $nome_arquivo` SAIDA=$? VIRUS=`echo $VIRUS | cut -d" " -f2-` if [ $SAIDA -eq 1 ]; then postlog -t postfix/virus-filter message-id=$msgid status=virus from=<$from> to=<$rcpts> 2>/dev/null if [ "$NOTIFY_VIRUS" = "yes" ]; then echo "From: Virus Scanner <mailer-daemon@$MYHOSTNAME> Subject: AVISO: Email rejeitado: VIRUS Detectado To: $from Seu email para ($rcpts) com assunto ($subj) foi rejeitado por conter virus. Virus encontrados: $VIRUS " | $SENDMAIL -f MAILER-DAEMON -- $from fi if [ "$NOTIFY_POSTMASTER" = "yes" ]; then echo "From: Virus Scanner <mailer-daemon@$MYHOSTNAME> Subject: Postmaster Copy: VIRUS Detectado To: postmaster@solisc.org.br Um email de $from para $rcpts com assunto ($subj) foi rejeitado por conter virus. Virus encontrados: $VIRUS " | $SENDMAIL -f MAILER-DAEMON – postmaster@solisc.org.br fi exit 0 fi } trap "rm -rf $nome_arquivo*" 0 1 2 3 15 cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; } cat >$nome_arquivo || { echo Cannot save mail to file; exit $EX_TEMPFAIL; } from=$2 if [ "$from" != "--" ]; then shift else $from="" fi shift ; shift dominio=`echo $from | cut -d"@" -f2` email=`echo $from | cut -d"@" -f1` subj=`head -n 200 $nome_arquivo | grep -i "^Subject:" | cut -d":" -f2- | head -n 1` msgid=`head -n 200 $nome_arquivo | grep -i "^message-id" | cut -d: -f 2- | sed 's/^ *//' | head -n 1` saida="-f $from -- $@" rcpts=$@ viruscan $SENDMAIL $saida <$nome_arquivo>
  • 4. exit 0 vim /etc/courier/authldaprc LDAP_URI ldap://172.86.23.171 LDAP_SERVER 172.86.23.171 LDAP_PORT 389 LDAP_PROTOCOL_VERSION 3 LDAP_AUTHBIND 1 LDAP_BASEDN dc=ad,dc=solisc LDAP_BINDDN cn=bind,cn=users,dc=solisc LDAP_BINDPW Solisc2010 LDAP_TIMEOUT 5 LDAP_FILTER (objectClass=organizationalPerson) LDAP_DOMAIN solisc LDAP_FULLNAME cn LDAP_CLEARPW clearPassword LDAP_CRYPTPW userPassword LDAP_MAIL mail LDAP_GLOB_UID 1000 LDAP_GLOB_GID 1000 LDAP_MAILDIR wWWHomePage LDAP_HOMEDIR streetAddress LDAP_DEREF never LDAP_MAILDIRQUOTA st vim /etc/courier/authdaemonrc authmodulelist="authldap" authmodulelistorig="authldap" daemons=50 authdaemonvar=/var/run/courier/authdaemon DEBUG_LOGIN=0 DEFAULTOPTIONS="" LOGGEROPTS="" vim /etc/spamassassin/local.cf rewrite_header Subject *****SPAM***** trusted_networks 172.86.0.0/16 required_score 5.0 use_bayes 1 bayes_auto_learn 1 bayes_ignore_header X-Bogosity bayes_ignore_header X-Spam-Flag bayes_ignore_header X-Spam-Status touch /etc/postfix/helo-invalid; touch /etc/postfix/header_checks; postmap /etc/postfix/helo-invalid; postmap /etc/postfix/header_checks adduser vmail (senha vmail) Alterar o home do usuário para /vmail mkdir /AV; chown clamav /AV; chgrp clamav /AV; mkdir /vmail; chown vmail /vmail; chgrp vmail /vmail ln -s /etc/maildroprc /etc/courier/maildroprc Habilite o Spamassassin, substituindo o 0 por 1 no arquivo /etc/default/spamassassin – ENABLED=1
  • 5. Campos utilizados no Active Directory Criação de usuários: E-mail: Preencher com e-mail do usuário. Página do Web: Preencher com o Maildir do usuário. Rua: Home do Postfix (igual para todos usuários) Cidade: Redirecionamento (repetir email do usuario para desabilitar) Estado: Quota de disco em bytes (não esquecer do S no final) Criação de listas: Para cada lista deve ser criada uma ACL no arquivo no Posftix e criado um grupo no AD com o mesmo username do email da lista. Nome do grupo: Deve ser o mesmo username do email da lista E-Mail: Endereço de e-mail da lista. Incluir e/ou remover aqui os usuários ativos na lista. Configuração do SPF perl -MCPAN -e shell install Mail::SPF q Editar o arquivo de DNS e incluir a linha do SPF abaixo do MX mailserver.solisc.org.br. IN TXT "v=spf1 ipv4:172.86.23.39/32 mx -all" Incluir no final do arquivo /etc/postfix/master.cf
  • 6. vim /etc/postfix/master.cf policy unix - n n - - spawn user=nobody argv=/usr/bin/perl /usr/lib/postfix/policyd-spf-perl Testando: host -t txt mailserver.solisc.org.br mailserver.solisc.org.br descriptive text "v=spf1 ipv4:172.86.23.39/32 mx -all" Obs.: OS ARQUIVOS INCLUIDOS NESSE DOCUMENTO JÁ INCLUEN AS ALTERAÇÕES ACIMA. Disco virtua RAMDISK para a Queue Inlcuir no /etc/rc.local: mount -t tmpfs none /AV Configuração do OpenISCSI iscsiadm -m iface -I iface4 --op=new iscsiadm -m iface -I iface4 --op=update -n iface.hwaddress -v d8:d3:85:b8:5d:8a iscsiadm -m discovery -t st -p 10.0.30.2 iface4 -P 1 iscsiadm -m node -T iqn.1986-03.com.hp:storage.msa2324i.0944da4fac -l mount -t ext3 /dev/sdg1 /vmail vim /etc/iscsi/iscsid.conf isns.address = 10.0.30.2 isns.port = 3260 node.startup = automatic node.session.timeo.replacement_timeout = 120 node.conn[0].timeo.login_timeout = 15 node.conn[0].timeo.logout_timeout = 15 node.conn[0].timeo.noop_out_interval = 5 node.conn[0].timeo.noop_out_timeout = 5 node.session.err_timeo.abort_timeout = 15 node.session.err_timeo.lu_reset_timeout = 20 node.session.initial_login_retry_max = 8 node.session.queue_depth = 32 node.session.iscsi.InitialR2T = No node.session.iscsi.ImmediateData = Yes node.session.iscsi.FirstBurstLength = 262144 node.session.iscsi.MaxBurstLength = 16776192 node.conn[0].iscsi.MaxRecvDataSegmentLength = 131072 discovery.sendtargets.iscsi.MaxRecvDataSegmentLength = 32768 node.session.iscsi.FastAbort = Yes vim /etc/fstab /dev/sda1 /vmail ext3 rw,sync,auto,_netdev 0 0 Verificação de portas nmap 127.0.0.1 22/tcp | 25/tcp | 111/tcp | 143/tcp | 734/tcp | 783/tcp Relação de arquivos utilizados: /etc/passwd /etc/group /etc/rc.local /etc/fstab /etc/crontab /etc/resolv.conf /etc/iscsi/iscsid.conf /etc/postfix/main.cf /etc/postfix/master.cf /etc/postfix/helo-invalid /etc/postfix/header_checks /etc/courier/authldaprc /etc/courier/authdaemonrc /etc/spamassassin/local.cf /etc/maildroprc /etc/default/spamassassin /usr/lib/postfix/clamav-filter.sh Obs.: Os arquivos de configuração não podem conter espaços em branco no final das linhas.