Mailserver Basic

Aus Cowwwiki
Version vom 9. Februar 2011, 16:59 Uhr von Benjaminfras (Diskussion | Beiträge) (→‎Postfix)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Zur Navigation springen Zur Suche springen

Dieser Artikel beschreibt die Grundkonfiguration eines Mailservers unter Linux (Ubuntu 10.04 Server LTS). Nach Fertigstellung dieser Anleitung können eMails versendet und über POP3 bzw. IMAP abgerufen werden. Darüber hinaus steht noch eine Verwaltungsoberfläche für Postfix zur Verfügung. Die Benutzerverwaltung erfolgt anhand einer Datenbank.

Zusätzliche Features, wie z. B. SpamAssassin, ClamAV Antivirus, Quota, Sieve werden in einzelnen Artikeln behandelt.

Installation

Übersicht

Folgende Programme werden benötigt:

  • postfix
  • postfix-mysql
  • mysql-server
  • dovecot-imapd
  • dovecot-pop3d
  • apache2
  • php5
  • php5-imap
  • php5-mysql
  • postfixadmin

Postfixadmin

Wir beginnen mit der Postfixadmin-Installation. Postfixadmin ist im Grunde genommen ein Backendtool zur Konfiguration der eMail-Adressen, Domains, Abwesenheitsnotizen, Quotas, usw. Da die Postfixkonfiguration keine Datenbankstruktur vorgibt, beginnen wir mit der Postfixadmin-Webseite und erstellen zur Datenstruktur die passenden Konfigdateien.

Anforderungen:

  • Apache2
  • php5 php5-imap php5-mysql
  • mysql-server
user@localhost:~# apt-get install apache2 php5 php5-imap php5-mysql mysql-server


Das aktuellste Postfixadmin hier herunterladen und in /var/www/ entpacken. Anschließend die muss die config.inc.php editiert werden. Es ist ratsam die originale Datei vor der Bearbeitung zu kopieren und unter anderem Namen abzuspeichern (z. B. config.dist.inc.php).

Hier müssen nun die Konfigurationsparameter gesetzt werden, wie z. B. MySQL-Server, Datenbank, eMail-Adressen. Wichtig ist, dass man die configured-Variable auf true setzt:

$CONF['configured'] = true;


Hier geht es zur Beispielkonfiguration: #Postfixadmin. Hinweis: Die Domänen, eMail-Adressen und Server müssen natürlich entsprechend auf die eigene Umgebung angepasst werden.

Bevor man die Setup-Routine von Postfixadmin benutzen kann, muss man zuerst eine Datenbank und einen Benutzer anlegen:

user@localhost:~# mysql -u root -p -h 127.0.0.1
CREATE DATABASE postfix;
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, ALTER ON postfix.*
TO 'postfix'@'%'
IDENTIFIED BY 'secret';
flush privileges;


Nun kann man das Setup von Postfixadmin im Browser aufrufen, z. B. http://domain.tld/postfixadmin/setup.php Wenn alles in Ordnung ist, wird unten eine Maske angezeigt, wo der Administrator angelegt werden kann. Außerdem wird das Setup-Passwort in der verschlüsselten Variante angezeigt. Diese kopiert man sich mit Copy & Paste und ersetzt das Klartextpasswort in der /var/www/postfixadmin/config.inc.php

Die Datenbank ist nun angelegt. Allerdings verwenden wir hier für den Papierkorb eine eigene Quota. Deshalb muss auf der Datenbank in der Tabelle mailbox noch eine Spalte hinzugefügt werden. Dies kann man wahlweise über den MySQL Query Browser oder Konsole machen:

user@localhost:~# mysql -u root -p -h 127.0.0.1
ALTER TABLE `postfix`.`mailbox` ADD COLUMN `quota_trash` BIGINT(20)  NOT NULL DEFAULT 51200000 AFTER `active`;


Um die Sicherheit zu erhöhen können dem Datenbankuser postfix die Rechte CREATE und ALTER wieder entzogen werden.

Die Postfixadminkonfiguration ist damit fürs erste abgeschlossen. Jetzt muss die Mailserversoftware installiert werden.

Postfix

Zuerst installieren wir via apt-get Postfix und notwendige Erweiterungen:

user@localhost:~# apt-get install postfix postfix-mysql


Dann müssen folgende Dateien in /etc/postfix/ angelegt werden:


Nun müssen noch die Mappings in die Postfix-Config eintragen. Dies kann mit dem postconf-Befehl geschehen oder man editiert die Datei /etc/postfix/main.cf direkt.

user@localhost:~# postconf -e virtual_alias_maps=mysql:/etc/postfix/mysql_virtual_alias_maps.cf


Abschließend noch die Berechtigungen korrekt setzen, damit die Dateien vor fremden Zugriffen geschützt sind:

user@localhost:~# chgrp postfix /etc/postfix/mysql_*.cf
user@localhost:~# chmod u=rw,g=r,o= /etc/postfix/mysql_*.cf


Jetzt wird die Gruppe und der Benutzer vmail angelegt. Alle eMails des Mailservers gehören diesem User. Dies ist nicht zwingend notwendig, ist aber sicherer, als wenn die eMails dem Benutzer root zugeordnet wären.

user@localhost:~# groupadd -g 5000 vmail
user@localhost:~# useradd -g vmail -u 5000 vmail -d /var/vmail -m


Da wir als LDA Dovecot verwenden, muss dieser noch in der Datei </etc/postfix/master.cf eingetragen werden. Einfach ganz am Ende per Copy & Paste einfügen:

dovecot   unix  -       n       n       -       -       pipe
   flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}


Analog zum Dovecot benötigt Postfix auch ein Zertifikat, wenn eine verschlüsselte Verbindung möglich sein soll. Unbedingt darauf achten, dass der common-name dem FQDN entspricht:

openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/postfix.pem -keyout /etc/ssl/private/postfix.pem


Jetzt noch die Berechtigungen richtig setzen und die Datei in die Postfixkonfiguration eintragen:

user@localhost:~# chmod o= /etc/ssl/private/postfix.pem
user@localhost:~# postconf -e smtpd_tls_cert_file=/etc/ssl/certs/postfix.pem
user@localhost:~# postconf -e smtpd_tls_key_file=/etc/ssl/private/postfix.pem
user@localhost:~# postconf -e smtpd_use_tls=yes
user@localhost:~# postconf -e smtpd_tls_auth_only=no


Damit Postfix mit Benutzerauthentifizierung verwendet werden kann, muss folgendes in der main.cf hinzugefügt werden:

# Authentication
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination


Um Spammern das Leben schwer zu machen, empfiehlt sich die Verwendung von Blacklisten und die Überprüfung bestimmter Merkmale, z. B. besitzt der Server einen gültigen FQDN, entspricht der Domainname dem RDNS-Eintrag. Viele Spammer versenden von herkömmlichen Internetanschlüssen, die eine dynamische IP-Adresse haben und einen RDNS-Eintrag nicht setzen können. Solche Fälle kann Postfix von vornherein ausschließen. Dazu folgendes in der main.cf hinzufügen:

# Advanced SPAM-Protection, Blacklists, etc.
smtpd_client_restrictions=
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_pipelining,
        reject_rbl_client zombie.dnsbl.sorbs.net,
        reject_rbl_client opm.blitzed.org,
        reject_rbl_client sbl.spamhaus.org,
        reject_rbl_client blackholes.easynet.nl,
        reject_rbl_client dialup.blacklist.jippg.org,
        reject_rbl_client cbl.abuseat.org,
        reject_rbl_client ix.dnsbl.manitu.net,
        permit

smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_non_fqdn_recipient,
        reject_unknown_recipient_domain,
        reject_unauth_destination,
        permit

smtpd_helo_required = yes
smtpd_helo_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_non_fqdn_helo_hostname,
        reject_unknown_helo_hostname,
        reject_invalid_helo_hostname,
        reject_rhsbl_helo rhsbl.sorbs.net

smtpd_sender_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain,
        reject_rhsbl_sender rhsbl.sorbs.net

Nun kann man mit folgendem Befehl testen, ob der Server auch wirklich sicher konfiguriert wurde. Ein unsicherer Mailserver landet früher oder später auf einer Blacklist.

telnet relay-test.mail-abuse.org

Dovecot

Damit die Benutzer ihre eMails abrufen können ist eine sog. Local Delivery Agent (LDA) notwendig. Diesen Zweck erfüllt in diesem Falle dovecot. Postfix besitzt nämlich lediglich einen Mail Transfer Agent (MTA). Postfix wird bei unserer Konfiguration alle eingehenden eMails an den LDA weiterreichen, wo sie der Endbenutzer letztendlich aufrufen kann.

Wir installieren Dovecot

user@localhost:~# apt-get install dovecot-imapd dovecot-pop3d


und wechseln anschließend in das Verzeichnis /etc/dovecot. Hier die Originaldateien dovecot.conf und dovecot-sql.conf verschieben und leere Konfigdateien anlegen:

user@localhost:/etc/dovecot# mv dovecot.conf dovecot.conf.dist
user@localhost:/etc/dovecot# mv dovecot-sql.conf dovecot-sql.conf.dist
user@localhost:/etc/dovecot# touch dovecot.conf
user@localhost:/etc/dovecot# touch dovecot-sql.conf


Beispieldateien liegen hier zur Verfügung:


Nun noch ein Zertifikat erzeugen (das ist nicht zwingend erforderlich, da Dovecot selbst ein Zertifikat zur Verfügung stellt. Allerdings sind dann möglicherweise nicht alle Informationen korrekt hinterlegt).

user@localhost:~# openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/dovecot.pem -keyout /etc/ssl/private/dovecot.pem


Die Informationen können beliebig ausgefüllt werden. Wichtig ist, dass der common-name dem FQDN (kompletter Hostname z. B. main.domain.tld) des Servers entspricht. Wenn der Schlüssel erzeugt ist, noch schnell die richtigen Dateisytemberechtigungen setzen, damit den Schlüssel Unbefugte nicht bearbeiten oder einsehen können.

user@localhost:~# chmod o= /etc/ssl/private/dovecot.pem

Anhang

Postfixadmin

<?php
/** 
 * Postfix Admin 
 * 
 * LICENSE 
 * This source file is subject to the GPL license that is bundled with  
 * this package in the file LICENSE.TXT. 
 * 
 * Further details on the project are available at : 
 *     http://www.postfixadmin.com or http://postfixadmin.sf.net 
 * 
 * @version $Id: config.inc.php 828 2010-05-17 22:56:23Z christian_boltz $ 
 * @license GNU GPL v2 or later. 
 * 
 * File: config.inc.php
 * Contains configuration options.
 */

/*****************************************************************
 *  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 
 * You have to set $CONF['configured'] = true; before the
 * application will run!
 * Doing this implies you have changed this file as required.
 * i.e. configuring database etc; specifying setup.php password etc.
 */
$CONF['configured'] = true;
$CONF['setup_password'] = 'secretpass';
$CONF['postfix_admin_url'] = 'http://domain.tld/postfixadmin';
$CONF['postfix_admin_path'] = dirname(__FILE__);
$CONF['default_language'] = 'de';

// Database Config
// mysql = MySQL 3.23 and 4.0, 4.1 or 5
// mysqli = MySQL 4.1+ 
// pgsql = PostgreSQL
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix';
$CONF['database_password'] = 'secretpass';
$CONF['database_name'] = 'postfix';
$CONF['database_prefix'] = '';

// Here, if you need, you can customize table names.
$CONF['database_prefix'] = '';
$CONF['database_tables'] = array (
    'admin' => 'admin',
    'alias' => 'alias',
    'alias_domain' => 'alias_domain',
    'config' => 'config',
    'domain' => 'domain',
    'domain_admins' => 'domain_admins',
    'fetchmail' => 'fetchmail',
    'log' => 'log',
    'mailbox' => 'mailbox',
    'vacation' => 'vacation',
    'vacation_notification' => 'vacation_notification',
    'quota' => 'quota',
    'quota2' => 'quota2',
);

// Site Admin
// Define the Site Admins email address below.
// This will be used to send emails from to create mailboxes.
$CONF['admin_email'] = 'admin@domain.tld';

// Mail Server
// Hostname (FQDN) of your mail server.
// This is used to send email to Postfix in order to create mailboxes.
$CONF['smtp_server'] = 'localhost';
$CONF['smtp_port'] = '25';

// Encrypt
$CONF['encrypt'] = 'md5';

// In what flavor should courier-authlib style passwords be enrypted?
$CONF['authlib_default_flavor'] = 'md5raw';

// If you use the dovecot encryption method: where is the dovecotpw binary located?
$CONF['dovecotpw'] = "/usr/sbin/dovecotpw";

// Minimum length required for passwords. Postfixadmin will not
// allow users to set passwords which are shorter than this value.
$CONF['min_password_length'] = 6;

// Generate Password
// Generate a random password for a mailbox or admin and display it.
// If you want to automagically generate paswords set this to 'YES'.
$CONF['generate_password'] = 'YES';

// Show Password
// Always show password after adding a mailbox or admin.
// If you want to always see what password was set set this to 'YES'.
$CONF['show_password'] = 'NO';

// Page Size
// Set the number of entries that you would like to see
// in one page.
$CONF['page_size'] = '10';

// Default Aliases
// The default aliases that need to be created for all domains.
$CONF['default_aliases'] = array (
    'abuse' => 'abuse@domain.tld',
    'hostmaster' => 'hostmaster@domain.tld',
    'postmaster' => 'postmaster@domain.tld',
    'webmaster' => 'webmaster@domain.tld'
);

// Mailboxes
// If you want to store the mailboxes per domain set this to 'YES'.
// Examples:
//   YES: /usr/local/virtual/domain.tld/username@domain.tld
//   NO:  /usr/local/virtual/username@domain.tld
$CONF['domain_path'] = 'YES';
// If you don't want to have the domain in your mailbox set this to 'NO'.
// Examples: 
//   YES: /usr/local/virtual/domain.tld/username@domain.tld
//   NO:  /usr/local/virtual/domain.tld/username
// Note: If $CONF['domain_path'] is set to NO, this setting will be forced to YES.
$CONF['domain_in_mailbox'] = 'NO';
// If you want to define your own function to generate a maildir path set this to the name of the function.
// Notes: 
//   - this configuration directive will override both domain_path and domain_in_mailbox
//   - the maildir_name_hook() function example is present below, commented out
//   - if the function does not exist the program will default to the above domain_path and domain_in_mailbox settings
$CONF['maildir_name_hook'] = 'NO';

// Default Domain Values
// Specify your default values below. Quota in MB.
$CONF['aliases'] = '10';
$CONF['mailboxes'] = '10';
$CONF['maxquota'] = '500';

// Quota
// When you want to enforce quota for your mailbox users set this to 'YES'.
$CONF['quota'] = 'NO';
// You can either use '1024000' or '1048576'
$CONF['quota_multiplier'] = '1024000';

// Transport
// If you want to define additional transport options for a domain set this to 'YES'.
// Read the transport file of the Postfix documentation.
$CONF['transport'] = 'NO';
// Transport options
// If you want to define additional transport options put them in array below.
$CONF['transport_options'] = array (
    'virtual',  // for virtual accounts
    'local',    // for system accounts
    'relay'     // for backup mx
);
// Transport default
// You should define default transport. It must be in array above.
$CONF['transport_default'] = 'virtual';

// Virtual Vacation
// If you want to use virtual vacation for you mailbox users set this to 'YES'.
// NOTE: Make sure that you install the vacation module. (See VIRTUAL-VACATION/)
$CONF['vacation'] = 'NO';
// This is the autoreply domain that you will need to set in your Postfix
// transport maps to handle virtual vacations. It does not need to be a
// real domain (i.e. you don't need to setup DNS for it).
$CONF['vacation_domain'] = 'autoreply.domain.tld';

// Vacation Control
// If you want users to take control of vacation set this to 'YES'.
$CONF['vacation_control'] ='NO';

// Vacation Control for admins
// Set to 'YES' if your domain admins should be able to edit user vacation.
$CONF['vacation_control_admin'] = 'NO';

// Alias Control
// Postfix Admin inserts an alias in the alias table for every mailbox it creates.
// The reason for this is that when you want catch-all and normal mailboxes
// to work you need to have the mailbox replicated in the alias table.
// If you want to take control of these aliases as well set this to 'YES'.
$CONF['alias_control'] = 'NO';

// Alias Control for admins
// Set to 'NO' if your domain admins shouldn't be able to edit user aliases.
$CONF['alias_control_admin'] = 'NO';

// Special Alias Control
// Set to 'NO' if your domain admins shouldn't be able to edit default aliases.
$CONF['special_alias_control'] = 'NO';

// Alias Goto Field Limit
// Set the max number of entries that you would like to see
// in one 'goto' field in overview, the rest will be hidden and "[and X more...]" will be added.
// '0' means no limits.
$CONF['alias_goto_limit'] = '0';

// Alias Domains
// Alias domains allow to "mirror" aliases and mailboxes to another domain. This makes 
// configuration easier if you need the same set of aliases on multiple domains, but
// also requires postfix to do more database queries.
// Note: If you update from 2.2.x or earlier, you will have to update your postfix configuration.
// Set to 'NO' to disable alias domains.
$CONF['alias_domain'] = 'YES';

// Backup
// If you don't want backup tab set this to 'NO';
$CONF['backup'] = 'YES';

// Send Mail
// If you don't want sendmail tab set this to 'NO';
$CONF['sendmail'] = 'YES';

// Logging
// If you don't want logging set this to 'NO';
$CONF['logging'] = 'YES';

// Fetchmail
// If you don't want fetchmail tab set this to 'NO';
$CONF['fetchmail'] = 'YES';

// fetchmail_extra_options allows users to specify any fetchmail options and any MDA
// (it will even accept 'rm -rf /' as MDA!)
// This should be set to NO, except if you *really* trust *all* your users.
$CONF['fetchmail_extra_options'] = 'NO';

// Header
$CONF['show_header_text'] = 'NO';
$CONF['header_text'] = ':: Postfix Admin ::';

// link to display under 'Main' menu when logged in as a user.
$CONF['user_footer_link'] = "http://domain.tld/main";

// Footer
// Below information will be on all pages.
// If you don't want the footer information to appear set this to 'NO'.
$CONF['show_footer_text'] = 'YES';
$CONF['footer_text'] = 'Return to domain.tld';
$CONF['footer_link'] = 'http://domain.tld/';

// Welcome Message
// This message is send to every newly created mailbox.
// Change the text between EOM.
$CONF['welcome_text'] = <<<EOM
Hi,

Welcome to your new account.
EOM;

// When creating mailboxes or aliases, check that the domain-part of the
// address is legal by performing a name server look-up.
$CONF['emailcheck_resolve_domain']='YES';


// Optional:
// Analyze alias gotos and display a colored block in the first column
// indicating if an alias or mailbox appears to deliver to a non-existent
// account.  Also, display indications, for POP/IMAP mailboxes and
// for custom destinations (such as mailboxes that forward to a UNIX shell
// account or mail that is sent to a MS exchange server, or any other
// domain or subdomain you use)
// See http://www.w3schools.com/html/html_colornames.asp for a list of
// color names available on most browsers

//set to YES to enable this feature
$CONF['show_status']='NO';
//display a guide to what these colors mean
$CONF['show_status_key']='NO';
// 'show_status_text' will be displayed with the background colors
// associated with each status, you can customize it here
$CONF['show_status_text']='&nbsp;&nbsp;';
// show_undeliverable is useful if most accounts are delivered to this
// postfix system.  If many aliases and mailboxes are forwarded
// elsewhere, you will probably want to disable this.
$CONF['show_undeliverable']='NO';
$CONF['show_undeliverable_color']='tomato';
// mails to these domains will never be flagged as undeliverable
$CONF['show_undeliverable_exceptions']=array("unixmail.domain.ext","exchangeserver.domain.ext","gmail.com");
$CONF['show_popimap']='NO';
$CONF['show_popimap_color']='darkgrey';
// you can assign special colors to some domains. To do this,
// - add the domain to show_custom_domains
// - add the corresponding color to show_custom_colors
$CONF['show_custom_domains']=array("subdomain.domain.ext","domain2.ext");
$CONF['show_custom_colors']=array("lightgreen","lightblue");
// If you use a recipient_delimiter in your postfix config, you can also honor it when aliases are checked.
// Example: $CONF['recipient_delimiter'] = "+";
// Set to "" to disable this check.
$CONF['recipient_delimiter'] = "";



$CONF['create_mailbox_subdirs_prefix']='';

// Optional:
// Show used quotas from Dovecot dictionary backend in virtual
// mailbox listing.
// See: DOCUMENTATION/DOVECOT.txt
//      http://wiki.dovecot.org/Quota/Dict
//
$CONF['used_quotas'] = 'NO';

// if you use dovecot >= 1.2, set this to yes.
// Note about dovecot config: table "quota" is for 1.0 & 1.1, table "quota2" is for dovecot 1.2 and newer
$CONF['new_quota_table'] = 'YES';

//
// Normally, the TCP port number does not have to be specified.
// $CONF['create_mailbox_subdirs_hostport']=143;
//
// If you have trouble connecting to the IMAP-server, then specify
// a value for $CONF['create_mailbox_subdirs_hostoptions']. These
// are some examples to experiment with:
// $CONF['create_mailbox_subdirs_hostoptions']=array('notls');
// $CONF['create_mailbox_subdirs_hostoptions']=array('novalidate-cert','norsh');
// See also the "Optional flags for names" table at
// http://www.php.net/manual/en/function.imap-open.php


// Theme Config
// Specify your own logo and CSS file
$CONF['theme_logo'] = 'images/logo-default.png';
$CONF['theme_css'] = 'css/default.css';

// XMLRPC Interface.
// This should be only of use if you wish to use e.g the 
// Postfixadmin-Squirrelmail package
//  change to boolean true to enable xmlrpc
$CONF['xmlrpc_enabled'] = false;


// If you want to keep most settings at default values and/or want to ensure 
// that future updates work without problems, you can use a separate config 
// file (config.local.php) instead of editing this file and override some
// settings there.
if (file_exists(dirname(__FILE__) . '/config.local.php')) {
    include(dirname(__FILE__) . '/config.local.php');
}

//
// END OF CONFIG FILE
//
/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */

mysql_virtual_alias_maps.cf

hosts = 127.0.0.1
user = postfix
password = secret
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'

mysql_sender_login_maps.cf

hosts = 127.0.0.1
user = postfix
password = secret
dbname = postfix
query = SELECT username AS allowedUser FROM mailbox WHERE username="%s" AND active = 1 UNION SELECT goto FROM alias WHERE address="%s" AND active = 1

mysql_virtual_domain_maps.cf

hosts = 127.0.0.1
user = postfix
password = secret
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'

mysql_virtual_mailbox_maps.cf

hosts = 127.0.0.1
user = postfix
password = secret
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'

main.cf

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem
smtpd_tls_key_file = /etc/ssl/private/postfix.pem
smtpd_use_tls=yes
smtpd_tls_auth_only = no
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mail.easycow.de
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.easycow.de, localhost.easycow.de, , localhost
relayhost =
mynetworks = 192.168.100.0/24, 46.4.175.32/28, 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

# Virtual mailboxes
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domain_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

# Authentication
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination

dovecot.conf

## Dovecot configuration file ##

protocols = imap imaps pop3 pop3s managesieve

disable_plaintext_auth = yes

log_timestamp = "%Y-%m-%d %H:%M:%S "

mail_location = maildir:/var/vmail/%d/%n/Maildir

mail_privileged_group = mail

protocol imap {
 mail_plugins = quota imap_quota
}

protocol pop3 {
 pop3_uidl_format = %08Xu%08Xv
 mail_plugins = quota
}

protocol managesieve {
}

protocol lda {
  postmaster_address = admin@domain.tld

  auth_socket_path = /var/run/dovecot/auth-master
  log_path = /var/vmail/dovecot-deliver.log
}

dict {

}


plugin {

}


# Authentication
auth default {
  mechanisms = plain login

  passdb sql {
    args = /etc/dovecot/dovecot-sql.conf
  }

  userdb sql {
    args = /etc/dovecot/dovecot-sql.conf
  }

  user = root

  socket listen {
    master {
      path = /var/run/dovecot/auth-master
      mode = 0600
      user = vmail
    }
    client {
      path = /var/spool/postfix/private/auth
      mode = 0660
      user = postfix
      group = postfix
    }
  }
  !include_try /etc/dovecot/auth.d/*.auth
}

dovecot-sql.conf

# SQL-Config

driver = mysql

connect = host=127.0.0.1 dbname=postfix user=postfix password=secret

default_pass_scheme = PLAIN-MD5

password_query = \
  SELECT password FROM mailbox WHERE username = '%u'

user_query = \
  SELECT CONCAT('maildir:/var/vmail/',maildir) AS mail, \
  5000 AS uid, 5000 AS gid, \
  CONCAT('*:bytes=', CAST(quota AS CHAR)) AS quota_rule, \
  CONCAT('Trash:bytes=', CAST(quota_trash AS CHAR)) AS quota_rule2 \
  FROM mailbox where username= '%u' AND active = '1'

Quellen

http://workaround.org/ispmail/lenny/