• Like

Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

How-to Integração Postfi

  • 1,035 views
Published

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,035
On SlideShare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
18
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Instalação do Postfix integrado com Active Directory Autor: Thiago Cavalcante (tlcavalcante@gmail.com) Instalção dos pacotes apt-get install courier-authdaemon courier-authlib courier-authlib-dev courier-authlib-ldap courier-base courier-imap courier-maildrop postfix postfix-ldap postfix-policyd-spf-perl libsasl2-2 libsasl2-modules libsasl2-modules-ldap sasl2-bin clamav-base clamav-daemon clamav-freshclam spamassassin htop openssh-server build-essential linux-source-2.6.26 linux-headers-2.6.26-2-amd64 rcconf dnsutils locate htop nmap Arquivos de configuração vim /etc/postfix/main.cf smtpd_banner = $myhostname ESMTP biff = no append_dot_mydomain = no delay_warning_time = 4h myhostname = mailserver.solisc.org.br myorigin = solisc.org.br mydestination = solisc.org.br, mailserver.solisc.org.br, localhost relayhost = 172.86.41.230 mynetworks = 127.0.0.0/8, 172.86.0.0/16 inet_interfaces = all disable_vrfy_command = yes strict_rfc821_envelopes = yes home_mailbox = Maildir/ message_size_limit = 20000000 virtual_alias_expansion_limit = 5000 alias_maps = hash:/etc/aliases mailbox_transport = maildrop mailbox_command_maps = ldap:accounts local_recipient_maps = $alias_maps $virtual_mailbox_maps virtual_maps = ldap:grupos ldap:forward virtual_mailbox_maps = ldap:accounts debug_peer_level = 5 debug_peer_list = 127.0.0.1 accounts_server_host = 172.86.41.190 accounts_bind_dn = cn=bind,cn=Users,dc=solisc accounts_bind_pw = Solisc2010 accounts_search_base = ou=Usuarios,dc=solisc accounts_query_filter = (&(objectClass=organizationalPerson)(mail=%s)) accounts_result_attribute = mail accounts_bind = yes grupos_server_host = 172.86.41.190 grupos_version = 3 grupos_search_base = ou=Usuarios,dc=solisc grupos_query_filter = (&(objectClass=group)(mail=%s)) grupos_bind_dn = cn=bind,cn=Users,dc=solisc grupos_bind_pw = Solisc2010 grupos_special_result_attribute = member grupos_result_attribute = mail grupos_recursion_limit = 5000 forward_server_host = 172.86.41.190 forward_version = 3 forward_timeout = 10 forward_chase_referral = 0 forward_search_base = ou=Usuarios,dc=solisc forward_query_filter = (&(mail=%s)(objectClass=organizationalPerson)) forward_bind_dn = cn=bind,cn=Users,dc=solisc forward_bind_pw = Solisc2010 forward_result_attribute = l smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_invalid_hostname, check_helo_access regexp:/etc/postfix/helo-invalid smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unauth_pipelining check_policy_service unix:private/policy smtpd_etrn_restrictions = permit_sasl_authenticated, reject header_checks = regexp:/etc/postfix/header_checks smtpd_data_restrictions = reject_unauth_pipelining
  • 2. vim /etc/postfix/master.cf smtp inet n - - - - smtpd -v -v -v -D pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - - - - smtp relay unix - - - - - smtp -o fallback_relay= showq unix n - - - - showq error unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache maildrop unix - n n - 20 pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -w 90 -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} retry unix - - n - - error proxywrite unix - - n - 1 proxymap policy unix - n n - - spawn user=nobody argv=/usr/bin/perl /usr/lib/postfix/policyd-spf-perl smtp inet n - n - - smtpd -o content_filter=clamav:clamav clamav unix - n n - - pipe flags=Rq user=clamav argv=/usr/lib/postfix/clamav-filter.sh -f ${sender} -- ${recipient} vim /etc/maildroprc USER=`echo "$LOGNAME" | cut -d@ -f1` MAILBOX="$HOME/$USER/" MAILDIR="$HOME/$USER/Maildir/" MESSAGE="/etc/courier/overquota" DELIVERQUOTA="/usr/bin/deliverquota.courier" ASSUNTO="CAIXA CHEIA!" MAILER="MAILER-DAEMON@mailserver.solisc.org.br" if ( /^From: *.*/ ) { ADDR=getaddr($MATCH) } `test -d "$MAILDIR"` if ($RETURNCODE != 0) { exception { `mkdir -p "$MAILBOX"` `maildirmake.courier "$MAILDIR"` } } if (/^X-Spam-Status: Yes/) { `test -d "$MAILDIR/.Spam/"` if ($RETURNCODE != 0) { `maildirmake.courier -f Spam "$MAILDIR"` `echo "INBOX.Spam" >> $MAILDIR/courierimapsubscribed` } exception { to "$MAILDIR/.Spam/" } } `test -f "$MAILDIR/vacation.txt"` if ($RETURNCODE==0) { `test -f "$MAILDIR/vacation_subject.txt"` if ($RETURNCODE==0) { SUBJECT=`cat "$MAILDIR/vacation_subject.txt"` cc "| mailbot -t "$MAILDIR/vacation.txt" -A 'From: $USER' -A 'Subject: $SUBJECT' /usr/sbin/sendmail -t $ADDR" } else { cc "| mailbot -t "$MAILDIR/vacation.txt" -A 'From: $USER' /usr/sbin/sendmail -t $ADDR" } `test -f "$MAILDIR/vacation_cc_addresses.txt"`
  • 3. if ($RETURNCODE==0) { CCADDRESSES=`cat "$MAILDIR/vacation_cc_addresses.txt"` `test -f "$MAILDIR/vacation_keep_messages.txt"` if ($RETURNCODE==0) { cc "! -f "$ADDR" $CCADDRESSES" } else { to "! -f "$ADDR" $CCADDRESSES" } } } exception { to "$MAILDIR/" } exception { xfilter "$DELIVERQUOTA -w 90 $MAILDIR" } if ($RETURNCODE==75) { cc "| mailbot -t "$MESSAGE" -A 'From: $MAILER' /usr/sbin/sendmail -t $ADDR" } vim /usr/lib/postfix/clamav-filter.sh #!/bin/sh export PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/usr/games INSPECT_DIR=/AV SENDMAIL="/usr/bin/spamc -f -e /usr/sbin/sendmail -i" MYHOSTNAME=`postconf -h myhostname` REPORTHOST=`postconf -h myhostname` EX_TEMPFAIL=75 EX_UNAVAILABLE=69 EX_DENIED=77 nome_arquivo=`date +%Y%m%d%H%M%S` nome_arquivo=in.$$.$nome_arquivo AVCMD="/usr/bin/clamdscan --disable-summary --stdout " NOTIFY_VIRUS=no NOTIFY_POSTMASTER=yes viruscan() { VIRUS=`$AVCMD $nome_arquivo` SAIDA=$? VIRUS=`echo $VIRUS | cut -d" " -f2-` if [ $SAIDA -eq 1 ]; then postlog -t postfix/virus-filter message-id=$msgid status=virus from=<$from> to=<$rcpts> 2>/dev/null if [ "$NOTIFY_VIRUS" = "yes" ]; then echo "From: Virus Scanner <mailer-daemon@$MYHOSTNAME> Subject: AVISO: Email rejeitado: VIRUS Detectado To: $from Seu email para ($rcpts) com assunto ($subj) foi rejeitado por conter virus. Virus encontrados: $VIRUS " | $SENDMAIL -f MAILER-DAEMON -- $from fi if [ "$NOTIFY_POSTMASTER" = "yes" ]; then echo "From: Virus Scanner <mailer-daemon@$MYHOSTNAME> Subject: Postmaster Copy: VIRUS Detectado To: postmaster@solisc.org.br Um email de $from para $rcpts com assunto ($subj) foi rejeitado por conter virus. Virus encontrados: $VIRUS " | $SENDMAIL -f MAILER-DAEMON – postmaster@solisc.org.br fi exit 0 fi } trap "rm -rf $nome_arquivo*" 0 1 2 3 15 cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; } cat >$nome_arquivo || { echo Cannot save mail to file; exit $EX_TEMPFAIL; } from=$2 if [ "$from" != "--" ]; then shift else $from="" fi shift ; shift dominio=`echo $from | cut -d"@" -f2` email=`echo $from | cut -d"@" -f1` subj=`head -n 200 $nome_arquivo | grep -i "^Subject:" | cut -d":" -f2- | head -n 1` msgid=`head -n 200 $nome_arquivo | grep -i "^message-id" | cut -d: -f 2- | sed 's/^ *//' | head -n 1` saida="-f $from -- $@" rcpts=$@ viruscan $SENDMAIL $saida <$nome_arquivo>
  • 4. exit 0 vim /etc/courier/authldaprc LDAP_URI ldap://172.86.23.171 LDAP_SERVER 172.86.23.171 LDAP_PORT 389 LDAP_PROTOCOL_VERSION 3 LDAP_AUTHBIND 1 LDAP_BASEDN dc=ad,dc=solisc LDAP_BINDDN cn=bind,cn=users,dc=solisc LDAP_BINDPW Solisc2010 LDAP_TIMEOUT 5 LDAP_FILTER (objectClass=organizationalPerson) LDAP_DOMAIN solisc LDAP_FULLNAME cn LDAP_CLEARPW clearPassword LDAP_CRYPTPW userPassword LDAP_MAIL mail LDAP_GLOB_UID 1000 LDAP_GLOB_GID 1000 LDAP_MAILDIR wWWHomePage LDAP_HOMEDIR streetAddress LDAP_DEREF never LDAP_MAILDIRQUOTA st vim /etc/courier/authdaemonrc authmodulelist="authldap" authmodulelistorig="authldap" daemons=50 authdaemonvar=/var/run/courier/authdaemon DEBUG_LOGIN=0 DEFAULTOPTIONS="" LOGGEROPTS="" vim /etc/spamassassin/local.cf rewrite_header Subject *****SPAM***** trusted_networks 172.86.0.0/16 required_score 5.0 use_bayes 1 bayes_auto_learn 1 bayes_ignore_header X-Bogosity bayes_ignore_header X-Spam-Flag bayes_ignore_header X-Spam-Status touch /etc/postfix/helo-invalid; touch /etc/postfix/header_checks; postmap /etc/postfix/helo-invalid; postmap /etc/postfix/header_checks adduser vmail (senha vmail) Alterar o home do usuário para /vmail mkdir /AV; chown clamav /AV; chgrp clamav /AV; mkdir /vmail; chown vmail /vmail; chgrp vmail /vmail ln -s /etc/maildroprc /etc/courier/maildroprc Habilite o Spamassassin, substituindo o 0 por 1 no arquivo /etc/default/spamassassin – ENABLED=1
  • 5. Campos utilizados no Active Directory Criação de usuários: E-mail: Preencher com e-mail do usuário. Rua: Home do Postfix (igual para todos usuários) Página do Web: Preencher com o Maildir do usuário. Cidade: Redirecionamento (repetir email do usuario para desabilitar) Estado: Quota de disco em bytes (não esquecer do S no final) Criação de listas: Para cada lista deve ser criada uma ACL no arquivo no Posftix e criado um grupo no AD com o mesmo username do email da lista. Nome do grupo: Deve ser o mesmo username do email da lista Incluir e/ou remover aqui os usuários ativos na lista. E-Mail: Endereço de e-mail da lista. Configuração do SPF perl -MCPAN -e shell install Mail::SPF q Editar o arquivo de DNS e incluir a linha do SPF abaixo do MX mailserver.solisc.org.br. IN TXT "v=spf1 ipv4:172.86.23.39/32 mx -all" Incluir no final do arquivo /etc/postfix/master.cf
  • 6. vim /etc/postfix/master.cf policy unix - n n - - spawn user=nobody argv=/usr/bin/perl /usr/lib/postfix/policyd-spf-perl Testando: host -t txt mailserver.solisc.org.br mailserver.solisc.org.br descriptive text "v=spf1 ipv4:172.86.23.39/32 mx -all" Obs.: OS ARQUIVOS INCLUIDOS NESSE DOCUMENTO JÁ INCLUEN AS ALTERAÇÕES ACIMA. Disco virtua RAMDISK para a Queue Inlcuir no /etc/rc.local: mount -t tmpfs none /AV Configuração do OpenISCSI iscsiadm -m iface -I iface4 --op=new iscsiadm -m iface -I iface4 --op=update -n iface.hwaddress -v d8:d3:85:b8:5d:8a iscsiadm -m discovery -t st -p 10.0.30.2 iface4 -P 1 iscsiadm -m node -T iqn.1986-03.com.hp:storage.msa2324i.0944da4fac -l mount -t ext3 /dev/sdg1 /vmail vim /etc/iscsi/iscsid.conf isns.address = 10.0.30.2 isns.port = 3260 node.startup = automatic node.session.timeo.replacement_timeout = 120 node.conn[0].timeo.login_timeout = 15 node.conn[0].timeo.logout_timeout = 15 node.conn[0].timeo.noop_out_interval = 5 node.conn[0].timeo.noop_out_timeout = 5 node.session.err_timeo.abort_timeout = 15 node.session.err_timeo.lu_reset_timeout = 20 node.session.initial_login_retry_max = 8 node.session.queue_depth = 32 node.session.iscsi.InitialR2T = No node.session.iscsi.ImmediateData = Yes node.session.iscsi.FirstBurstLength = 262144 node.session.iscsi.MaxBurstLength = 16776192 node.conn[0].iscsi.MaxRecvDataSegmentLength = 131072 discovery.sendtargets.iscsi.MaxRecvDataSegmentLength = 32768 node.session.iscsi.FastAbort = Yes vim /etc/fstab /dev/sda1 /vmail ext3 rw,sync,auto,_netdev 0 0 Verificação de portas nmap 127.0.0.1 22/tcp | 25/tcp | 111/tcp | 143/tcp | 734/tcp | 783/tcp Relação de arquivos utilizados: /etc/passwd /etc/group /etc/rc.local /etc/fstab /etc/crontab /etc/resolv.conf /etc/iscsi/iscsid.conf /etc/postfix/main.cf /etc/postfix/master.cf /etc/postfix/helo-invalid /etc/postfix/header_checks /etc/courier/authldaprc /etc/courier/authdaemonrc /etc/spamassassin/local.cf /etc/maildroprc /etc/default/spamassassin /usr/lib/postfix/clamav-filter.sh Obs.: Os arquivos de configuração não podem conter espaços em branco no final das linhas.