Raspberrypi.mail: Unterschied zwischen den Versionen

Aus OrgaMon Wiki
Zur Navigation springen Zur Suche springen
Zeile 156: Zeile 156:


==== /etc/dovecot/conf.d/10-master.conf ====
==== /etc/dovecot/conf.d/10-master.conf ====
#default_process_limit = 100
#default_client_limit = 1000
# Default VSZ (virtual memory size) limit for service processes. This is mainly
# intended to catch and kill processes that leak memory before they eat up
# everything.
#default_vsz_limit = 256M
# Login user is internally used by login processes. This is the most untrusted
# user in Dovecot system. It shouldn't have access to anything at all.
#default_login_user = dovenull
# Internal user is used by unprivileged processes. It should be separate from
# login user, so that login processes can't disturb other processes.
#default_internal_user = dovecot
service imap-login {
  inet_listener imap {
    #port = 143
  }
  inet_listener imaps {
    #port = 993
    #ssl = yes
  }
  # Number of connections to handle before starting a new process. Typically
  # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
  # is faster. <doc/wiki/LoginProcess.txt>
  #service_count = 1
  # Number of processes to always keep waiting for more connections.
  #process_min_avail = 0
  # If you set service_count=0, you probably need to grow this.
  #vsz_limit = $default_vsz_limit
}
service pop3-login {
  inet_listener pop3 {
    #port = 110
  }
  inet_listener pop3s {
    #port = 995
    #ssl = yes
  }
}
service lmtp {
  unix_listener lmtp {
    #mode = 0666
  }
  # Create inet listener only if you can't use the above UNIX socket
  #inet_listener lmtp {
    # Avoid making LMTP visible for the entire internet
    #address =
    #port =
  #}
}
service imap {
  # Most of the memory goes to mmap()ing files. You may need to increase this
  # limit if you have huge mailboxes.
  #vsz_limit = $default_vsz_limit
  # Max. number of IMAP processes (connections)
  #process_limit = 1024
}
service pop3 {
  # Max. number of POP3 processes (connections)
  #process_limit = 1024
}
service auth {
  # auth_socket_path points to this userdb socket by default. It's typically
  # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
  # full permissions to this socket are able to get a list of all usernames and
  # get the results of everyone's userdb lookups.
  #
  # The default 0666 mode allows anyone to connect to the socket, but the
  # userdb lookups will succeed only if the userdb returns an "uid" field that
  # matches the caller process's UID. Also if caller's uid or gid matches the
  # socket's uid or gid the lookup succeeds. Anything else causes a failure.
  #
  # To give the caller full permissions to lookup all users, set the mode to
  # something else than 0666 and Dovecot lets the kernel enforce the
  # permissions (e.g. 0777 allows everyone full permissions).
  unix_listener auth-userdb {
    #mode = 0666
    #user =
    #group =
  }
  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
  #  mode = 0666
      user = postfix
      group = postfix
  }
  # Auth process is run as this user.
  #user = $default_internal_user
}
service auth-worker {
  # Auth worker process is run as root by default, so that it can access
  # /etc/shadow. If this isn't necessary, the user should be changed to
  # $default_internal_user.
  #user = root
}
service dict {
  # If dict proxy is used, mail processes should have access to its socket.
  # For example: mode=0660, group=vmail and global mail_access_groups=vmail
  unix_listener dict {
    #mode = 0600
    #user =
    #group =
  }
}


==== /etc/dovecot/conf.d/10-logging.conf ====
==== /etc/dovecot/conf.d/10-logging.conf ====

Version vom 14. Februar 2019, 12:25 Uhr

Konzept

Internet     |   Raspi 
             |
:25 (smtp)   ->  [ Postfix ] -> Filesystem "/var/mail/user"
             |               -> dovecot User API 
             |
:110 (pop3)  ->  [ dovecot ] -> Filesystem "/var/mail/user"
             |               -> Linux User API
  • Mein Ziel ist ein ordentlicher eigenständiger Mailserver (er braucht keinen anderen Mailserver zum versenden der Mail)
  • Es soll keine Datenbank nötig sein
  • Mail-Accounts sind native Linux-User, über den Kernel läuft somit auch die Authentifizierung
  • Mail-Speicherung erfolgt im mbox Format in /var/mail so wie das Linux vorsieht
  • eMail-Adressen sind in der Text-Datei "/etc/postfix/virtual" aufgelistet

Vorarbeiten

benötigte Software

apt-get install dovecot-pop3d postfix

Ordentlich starten

  • postfix ist von dovecot abhängig, deshalb sollte postfix erst starten wenn dovecot schon Aktiv ist

erst dovecot

joe /lib/systemd/system/dovecot.service
[Unit]
Requires=network-online.target
After=network-online.target

dann postfix

joe /lib/systemd/system/postfix.service
[Unit]
Requires=dovecot.service
After=network-online.target nss-lookup.target dovecot.service

Dienst beim Reboot starten

systemctl enable dovecot
systemctl enable postfix

Konfiguration

Test

noch zu klären ...

Im Moment gibt es noch Datei-Rechte Probleme, dies ist ein Workaround so dass beide Programme miteinander arbeiten können


chmod 777 /var/mail


drwxrwsrwx  2 root mail       4096 Feb 14 11:41 mail

postfix

http://www.postfix.org/features.html


main.cf

virtual_alias_maps = hash:/etc/postfix/virtual
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot

Test

dovecot

Information

https://dovecot.org/

Installation

apt-get install dovecot-pop3d

Konfiguration

/etc/dovecot/conf.d/10-ssl.conf

##
## SSL settings 
##

# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = no

# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
#ssl_cert = </etc/dovecot/dovecot.pem
#ssl_key = </etc/dovecot/private/dovecot.pem

# If key file is password protected, give the password here. Alternatively
# give it when starting dovecot with -p parameter. Since this file is often
# world-readable, you may want to place this setting instead to a different
# root owned 0600 file by using ssl_key_password = <path.
#ssl_key_password =

# PEM encoded trusted certificate authority. Set this only if you intend to use
# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
# followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
#ssl_ca = 

# Require that CRL check succeeds for client certificates.
#ssl_require_crl = yes

# Directory and/or file for trusted SSL CA certificates. These are used only
# when Dovecot needs to act as an SSL client (e.g. imapc backend). The
# directory is usually /etc/ssl/certs in Debian-based systems and the file is
# /etc/pki/tls/cert.pem in RedHat-based systems.
#ssl_client_ca_dir =
#ssl_client_ca_file =

# Request client to send a certificate. If you also want to require it, set
# auth_ssl_require_client_cert=yes in auth section.
#ssl_verify_client_cert = no

# Which field from certificate to use for username. commonName and
# x500UniqueIdentifier are the usual choices. You'll also need to set
# auth_ssl_username_from_cert=yes.
#ssl_cert_username_field = commonName

# DH parameters length to use.
#ssl_dh_parameters_length = 1024

# SSL protocols to use
#ssl_protocols = !SSLv3

# SSL ciphers to use
#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL

# Prefer the server's order of ciphers over client's.
#ssl_prefer_server_ciphers = no

# SSL crypto device to use, for valid values run "openssl engine"
#ssl_crypto_device =

# SSL extra options. Currently supported options are:
#   no_compression - Disable compression.
#ssl_options =

/etc/dovecot/conf.d/10-master.conf

#default_process_limit = 100
#default_client_limit = 1000

# Default VSZ (virtual memory size) limit for service processes. This is mainly
# intended to catch and kill processes that leak memory before they eat up
# everything.
#default_vsz_limit = 256M

# Login user is internally used by login processes. This is the most untrusted
# user in Dovecot system. It shouldn't have access to anything at all.
#default_login_user = dovenull

# Internal user is used by unprivileged processes. It should be separate from
# login user, so that login processes can't disturb other processes.
#default_internal_user = dovecot

service imap-login {
  inet_listener imap {
    #port = 143
  }
  inet_listener imaps {
    #port = 993
    #ssl = yes
  }

  # Number of connections to handle before starting a new process. Typically
  # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
  # is faster. <doc/wiki/LoginProcess.txt>
  #service_count = 1

  # Number of processes to always keep waiting for more connections.
  #process_min_avail = 0

  # If you set service_count=0, you probably need to grow this.
  #vsz_limit = $default_vsz_limit
}

service pop3-login {
  inet_listener pop3 {
    #port = 110
  }
  inet_listener pop3s {
    #port = 995
    #ssl = yes
  }
}

service lmtp {
  unix_listener lmtp {
    #mode = 0666
  }

  # Create inet listener only if you can't use the above UNIX socket
  #inet_listener lmtp {
    # Avoid making LMTP visible for the entire internet
    #address =
    #port = 
  #}
}

service imap {
  # Most of the memory goes to mmap()ing files. You may need to increase this
  # limit if you have huge mailboxes.
  #vsz_limit = $default_vsz_limit

  # Max. number of IMAP processes (connections)
  #process_limit = 1024
}

service pop3 {
  # Max. number of POP3 processes (connections)
  #process_limit = 1024
}

service auth {
  # auth_socket_path points to this userdb socket by default. It's typically
  # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
  # full permissions to this socket are able to get a list of all usernames and
  # get the results of everyone's userdb lookups.
  #
  # The default 0666 mode allows anyone to connect to the socket, but the
  # userdb lookups will succeed only if the userdb returns an "uid" field that
  # matches the caller process's UID. Also if caller's uid or gid matches the
  # socket's uid or gid the lookup succeeds. Anything else causes a failure.
  #
  # To give the caller full permissions to lookup all users, set the mode to
  # something else than 0666 and Dovecot lets the kernel enforce the
  # permissions (e.g. 0777 allows everyone full permissions).
  unix_listener auth-userdb {
    #mode = 0666
    #user = 
    #group = 
  }

  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
  #  mode = 0666
     user = postfix
     group = postfix
  }

  # Auth process is run as this user.
  #user = $default_internal_user
}

service auth-worker {
  # Auth worker process is run as root by default, so that it can access
  # /etc/shadow. If this isn't necessary, the user should be changed to
  # $default_internal_user.
  #user = root
}

service dict {
  # If dict proxy is used, mail processes should have access to its socket.
  # For example: mode=0660, group=vmail and global mail_access_groups=vmail
  unix_listener dict {
    #mode = 0600
    #user = 
    #group = 
  }
}

/etc/dovecot/conf.d/10-logging.conf

/etc/dovecot/conf.d/auth-system.conf.ext

/etc/dovecot/conf.d/10-auth.conf

/etc/dovecot/conf.d/10-mail.conf

Test

eMail-Konten anlegen

eMail.sh

./eMail.sh user password


#
# create a Postfix Mail Account
#

useradd --gid postfix --create-home --shell /bin/false $1
echo "$1:$2" | chpasswd
chmod 777 /home/$1
touch /var/mail/$1
chown $1 /var/mail/$1
chgrp postfix /var/mail/$1
chmod 0660 /var/mail/$1

offene Probleme

  • Wenn ein neuer User angelegt wird und erstmalig mit dovecot per pop3 angefragt wird schafft dovecot es nicht eine leere mbox anzulegen
  • Wenn ein neuer user angelegt wird schafft es postfix eine neue mbox anzulegen, diese kann aber Rechtmäßig nicht von dovecot gelesen werden
  • dovecot will imap Sachen machen, obwohl ich nur pop3 einsetze.
  • dovecort schafft es nicht im home des users das Verzeichnis .imap anzulegen (rechteproblem)


Sep 25 20:30:38 pi3x04 dovecot: pop3(mail-ma1): Error: mkdir_parents(/home/mail-ma1/.imap/INBOX) failed: Permission denied

-> Versuch

#
# die User einfach mal der Gruppe "mail" zuordnen, nicht postfix, das war dumm
#
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin