Raspberrypi.mail: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Root (Diskussion | Beiträge) |
Root (Diskussion | Beiträge) |
||
Zeile 91: | Zeile 91: | ||
==== /etc/dovecot/conf.d/10-ssl.conf ==== | ==== /etc/dovecot/conf.d/10-ssl.conf ==== | ||
## | |||
## SSL settings | |||
## | |||
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> | |||
ssl = no | |||
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before | |||
# dropping root privileges, so keep the key file unreadable by anyone but | |||
# root. Included doc/mkcert.sh can be used to easily generate self-signed | |||
# certificate, just make sure to update the domains in dovecot-openssl.cnf | |||
#ssl_cert = </etc/dovecot/dovecot.pem | |||
#ssl_key = </etc/dovecot/private/dovecot.pem | |||
# If key file is password protected, give the password here. Alternatively | |||
# give it when starting dovecot with -p parameter. Since this file is often | |||
# world-readable, you may want to place this setting instead to a different | |||
# root owned 0600 file by using ssl_key_password = <path. | |||
#ssl_key_password = | |||
# PEM encoded trusted certificate authority. Set this only if you intend to use | |||
# ssl_verify_client_cert=yes. The file should contain the CA certificate(s) | |||
# followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem) | |||
#ssl_ca = | |||
# Require that CRL check succeeds for client certificates. | |||
#ssl_require_crl = yes | |||
# Directory and/or file for trusted SSL CA certificates. These are used only | |||
# when Dovecot needs to act as an SSL client (e.g. imapc backend). The | |||
# directory is usually /etc/ssl/certs in Debian-based systems and the file is | |||
# /etc/pki/tls/cert.pem in RedHat-based systems. | |||
#ssl_client_ca_dir = | |||
#ssl_client_ca_file = | |||
# Request client to send a certificate. If you also want to require it, set | |||
# auth_ssl_require_client_cert=yes in auth section. | |||
#ssl_verify_client_cert = no | |||
# Which field from certificate to use for username. commonName and | |||
# x500UniqueIdentifier are the usual choices. You'll also need to set | |||
# auth_ssl_username_from_cert=yes. | |||
#ssl_cert_username_field = commonName | |||
# DH parameters length to use. | |||
#ssl_dh_parameters_length = 1024 | |||
# SSL protocols to use | |||
#ssl_protocols = !SSLv3 | |||
# SSL ciphers to use | |||
#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL | |||
# Prefer the server's order of ciphers over client's. | |||
#ssl_prefer_server_ciphers = no | |||
# SSL crypto device to use, for valid values run "openssl engine" | |||
#ssl_crypto_device = | |||
# SSL extra options. Currently supported options are: | |||
# no_compression - Disable compression. | |||
#ssl_options = | |||
==== /etc/dovecot/conf.d/10-master.conf ==== | ==== /etc/dovecot/conf.d/10-master.conf ==== |
Version vom 14. Februar 2019, 12:17 Uhr
Konzept
Internet | Raspi | :25 (smtp) -> [ Postfix ] -> Filesystem "/var/mail/user" | -> dovecot User API | :110 (pop3) -> [ dovecot ] -> Filesystem "/var/mail/user" | -> Linux User API
- Mein Ziel ist ein ordentlicher eigenständiger Mailserver (er braucht keinen anderen Mailserver zum versenden der Mail)
- Es soll keine Datenbank nötig sein
- Mail-Accounts sind native Linux-User, über den Kernel läuft somit auch die Authentifizierung
- Mail-Speicherung erfolgt im mbox Format in /var/mail so wie das Linux vorsieht
- eMail-Adressen sind in der Text-Datei "/etc/postfix/virtual" aufgelistet
Vorarbeiten
benötigte Software
apt-get install dovecot-pop3d postfix
Ordentlich starten
- postfix ist von dovecot abhängig, deshalb sollte postfix erst starten wenn dovecot schon Aktiv ist
erst dovecot
joe /lib/systemd/system/dovecot.service
[Unit] Requires=network-online.target After=network-online.target
dann postfix
joe /lib/systemd/system/postfix.service
[Unit] Requires=dovecot.service After=network-online.target nss-lookup.target dovecot.service
Dienst beim Reboot starten
systemctl enable dovecot systemctl enable postfix
Konfiguration
Test
noch zu klären ...
Im Moment gibt es noch Datei-Rechte Probleme, dies ist ein Workaround so dass beide Programme miteinander arbeiten können
chmod 777 /var/mail
drwxrwsrwx 2 root mail 4096 Feb 14 11:41 mail
postfix
http://www.postfix.org/features.html
main.cf
virtual_alias_maps = hash:/etc/postfix/virtual smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot
Test
- https://www.thomas-krenn.com/de/wiki/TCP_Port_25_(smtp)_Zugriff_mit_telnet_%C3%BCberpr%C3%BCfen
- https://www.ndchost.com/wiki/mail/test-smtp-auth-telnet
dovecot
Information
Installation
apt-get install dovecot-pop3d
Konfiguration
/etc/dovecot/conf.d/10-ssl.conf
## ## SSL settings ## # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> ssl = no # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed # certificate, just make sure to update the domains in dovecot-openssl.cnf #ssl_cert = </etc/dovecot/dovecot.pem #ssl_key = </etc/dovecot/private/dovecot.pem # If key file is password protected, give the password here. Alternatively # give it when starting dovecot with -p parameter. Since this file is often # world-readable, you may want to place this setting instead to a different # root owned 0600 file by using ssl_key_password = <path. #ssl_key_password = # PEM encoded trusted certificate authority. Set this only if you intend to use # ssl_verify_client_cert=yes. The file should contain the CA certificate(s) # followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem) #ssl_ca = # Require that CRL check succeeds for client certificates. #ssl_require_crl = yes # Directory and/or file for trusted SSL CA certificates. These are used only # when Dovecot needs to act as an SSL client (e.g. imapc backend). The # directory is usually /etc/ssl/certs in Debian-based systems and the file is # /etc/pki/tls/cert.pem in RedHat-based systems. #ssl_client_ca_dir = #ssl_client_ca_file = # Request client to send a certificate. If you also want to require it, set # auth_ssl_require_client_cert=yes in auth section. #ssl_verify_client_cert = no # Which field from certificate to use for username. commonName and # x500UniqueIdentifier are the usual choices. You'll also need to set # auth_ssl_username_from_cert=yes. #ssl_cert_username_field = commonName # DH parameters length to use. #ssl_dh_parameters_length = 1024 # SSL protocols to use #ssl_protocols = !SSLv3 # SSL ciphers to use #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL # Prefer the server's order of ciphers over client's. #ssl_prefer_server_ciphers = no # SSL crypto device to use, for valid values run "openssl engine" #ssl_crypto_device = # SSL extra options. Currently supported options are: # no_compression - Disable compression. #ssl_options =
/etc/dovecot/conf.d/10-master.conf
/etc/dovecot/conf.d/10-logging.conf
/etc/dovecot/conf.d/auth-system.conf.ext
/etc/dovecot/conf.d/10-auth.conf
/etc/dovecot/conf.d/10-mail.conf
Test
eMail-Konten anlegen
eMail.sh
./eMail.sh user password
# # create a Postfix Mail Account # useradd --gid postfix --create-home --shell /bin/false $1 echo "$1:$2" | chpasswd chmod 777 /home/$1 touch /var/mail/$1 chown $1 /var/mail/$1 chgrp postfix /var/mail/$1 chmod 0660 /var/mail/$1
offene Probleme
- Wenn ein neuer User angelegt wird und erstmalig mit dovecot per pop3 angefragt wird schafft dovecot es nicht eine leere mbox anzulegen
- Wenn ein neuer user angelegt wird schafft es postfix eine neue mbox anzulegen, diese kann aber Rechtmäßig nicht von dovecot gelesen werden
- dovecot will imap Sachen machen, obwohl ich nur pop3 einsetze.
- dovecort schafft es nicht im home des users das Verzeichnis .imap anzulegen (rechteproblem)
Sep 25 20:30:38 pi3x04 dovecot: pop3(mail-ma1): Error: mkdir_parents(/home/mail-ma1/.imap/INBOX) failed: Permission denied
-> Versuch
# # die User einfach mal der Gruppe "mail" zuordnen, nicht postfix, das war dumm # mail:x:8:8:mail:/var/mail:/usr/sbin/nologin