Raspberrypi.mail
Konzept
Internet | Raspi | :25 (smtp) -> [ Postfix ] -> Filesystem "/var/mail/user" | -> dovecot User API | :110 (pop3) -> [ dovecot ] -> Filesystem "/var/mail/user" | -> Linux User API
- Mein Ziel ist ein ordentlicher eigenständiger Mailserver (er braucht keinen anderen Mailserver zum versenden der Mail)
- Es soll keine Datenbank nötig sein
- Mail-Accounts sind native Linux-User, über den Kernel läuft somit auch die Authentifizierung
- Mail-Speicherung erfolgt im mbox Format in /var/mail so wie das Linux vorsieht
- eMail-Adressen sind in der Text-Datei "/etc/postfix/virtual" aufgelistet
Vorarbeiten
benötigte Software
apt-get install dovecot-pop3d postfix
Ordentlich starten
- postfix ist von dovecot abhängig, deshalb sollte postfix erst starten wenn dovecot schon Aktiv ist
erst dovecot
joe /lib/systemd/system/dovecot.service
[Unit] Requires=network-online.target After=network-online.target
dann postfix
joe /lib/systemd/system/postfix.service
[Unit] Requires=dovecot.service After=network-online.target nss-lookup.target dovecot.service
Dienst beim Reboot starten
systemctl enable dovecot systemctl enable postfix
Konfiguration
Test
noch zu klären ...
Im Moment gibt es noch Datei-Rechte Probleme, dies ist ein Workaround so dass beide Programme miteinander arbeiten können
chmod 777 /var/mail
drwxrwsrwx 2 root mail 4096 Feb 14 11:41 mail
postfix
http://www.postfix.org/features.html
main.cf
virtual_alias_maps = hash:/etc/postfix/virtual smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot
Test
- https://www.thomas-krenn.com/de/wiki/TCP_Port_25_(smtp)_Zugriff_mit_telnet_%C3%BCberpr%C3%BCfen
- https://www.ndchost.com/wiki/mail/test-smtp-auth-telnet
dovecot
Information
Installation
apt-get install dovecot-pop3d
Konfiguration
/etc/dovecot/conf.d/10-ssl.conf
## ## SSL settings ## # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> ssl = no # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed # certificate, just make sure to update the domains in dovecot-openssl.cnf #ssl_cert = </etc/dovecot/dovecot.pem #ssl_key = </etc/dovecot/private/dovecot.pem # If key file is password protected, give the password here. Alternatively # give it when starting dovecot with -p parameter. Since this file is often # world-readable, you may want to place this setting instead to a different # root owned 0600 file by using ssl_key_password = <path. #ssl_key_password = # PEM encoded trusted certificate authority. Set this only if you intend to use # ssl_verify_client_cert=yes. The file should contain the CA certificate(s) # followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem) #ssl_ca = # Require that CRL check succeeds for client certificates. #ssl_require_crl = yes # Directory and/or file for trusted SSL CA certificates. These are used only # when Dovecot needs to act as an SSL client (e.g. imapc backend). The # directory is usually /etc/ssl/certs in Debian-based systems and the file is # /etc/pki/tls/cert.pem in RedHat-based systems. #ssl_client_ca_dir = #ssl_client_ca_file = # Request client to send a certificate. If you also want to require it, set # auth_ssl_require_client_cert=yes in auth section. #ssl_verify_client_cert = no # Which field from certificate to use for username. commonName and # x500UniqueIdentifier are the usual choices. You'll also need to set # auth_ssl_username_from_cert=yes. #ssl_cert_username_field = commonName # DH parameters length to use. #ssl_dh_parameters_length = 1024 # SSL protocols to use #ssl_protocols = !SSLv3 # SSL ciphers to use #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL # Prefer the server's order of ciphers over client's. #ssl_prefer_server_ciphers = no # SSL crypto device to use, for valid values run "openssl engine" #ssl_crypto_device = # SSL extra options. Currently supported options are: # no_compression - Disable compression. #ssl_options =
/etc/dovecot/conf.d/10-master.conf
#default_process_limit = 100 #default_client_limit = 1000 # Default VSZ (virtual memory size) limit for service processes. This is mainly # intended to catch and kill processes that leak memory before they eat up # everything. #default_vsz_limit = 256M # Login user is internally used by login processes. This is the most untrusted # user in Dovecot system. It shouldn't have access to anything at all. #default_login_user = dovenull # Internal user is used by unprivileged processes. It should be separate from # login user, so that login processes can't disturb other processes. #default_internal_user = dovecot service imap-login { inet_listener imap { #port = 143 } inet_listener imaps { #port = 993 #ssl = yes } # Number of connections to handle before starting a new process. Typically # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0 # is faster. <doc/wiki/LoginProcess.txt> #service_count = 1 # Number of processes to always keep waiting for more connections. #process_min_avail = 0 # If you set service_count=0, you probably need to grow this. #vsz_limit = $default_vsz_limit } service pop3-login { inet_listener pop3 { #port = 110 } inet_listener pop3s { #port = 995 #ssl = yes } } service lmtp { unix_listener lmtp { #mode = 0666 } # Create inet listener only if you can't use the above UNIX socket #inet_listener lmtp { # Avoid making LMTP visible for the entire internet #address = #port = #} } service imap { # Most of the memory goes to mmap()ing files. You may need to increase this # limit if you have huge mailboxes. #vsz_limit = $default_vsz_limit # Max. number of IMAP processes (connections) #process_limit = 1024 } service pop3 { # Max. number of POP3 processes (connections) #process_limit = 1024 } service auth { # auth_socket_path points to this userdb socket by default. It's typically # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have # full permissions to this socket are able to get a list of all usernames and # get the results of everyone's userdb lookups. # # The default 0666 mode allows anyone to connect to the socket, but the # userdb lookups will succeed only if the userdb returns an "uid" field that # matches the caller process's UID. Also if caller's uid or gid matches the # socket's uid or gid the lookup succeeds. Anything else causes a failure. # # To give the caller full permissions to lookup all users, set the mode to # something else than 0666 and Dovecot lets the kernel enforce the # permissions (e.g. 0777 allows everyone full permissions). unix_listener auth-userdb { #mode = 0666 #user = #group = } # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { # mode = 0666 user = postfix group = postfix } # Auth process is run as this user. #user = $default_internal_user } service auth-worker { # Auth worker process is run as root by default, so that it can access # /etc/shadow. If this isn't necessary, the user should be changed to # $default_internal_user. #user = root } service dict { # If dict proxy is used, mail processes should have access to its socket. # For example: mode=0660, group=vmail and global mail_access_groups=vmail unix_listener dict { #mode = 0600 #user = #group = } }
/etc/dovecot/conf.d/10-logging.conf
## ## Log destination. ## # Log file to use for error messages. "syslog" logs to syslog, # /dev/stderr logs to stderr. #log_path = syslog # Log file to use for informational messages. Defaults to log_path. #info_log_path = # Log file to use for debug messages. Defaults to info_log_path. #debug_log_path = # Syslog facility to use if you're logging to syslog. Usually if you don't # want to use "mail", you'll use local0..local7. Also other standard # facilities are supported. #syslog_facility = mail ## ## Logging verbosity and debugging. ## # Log unsuccessful authentication attempts and the reasons why they failed. auth_verbose = yes # In case of password mismatches, log the attempted password. Valid values are # no, plain and sha1. sha1 can be useful for detecting brute force password # attempts vs. user simply trying the same password over and over again. # You can also truncate the value to n chars by appending ":n" (e.g. sha1:6). #auth_verbose_passwords = no # Even more verbose logging for debugging purposes. Shows for example SQL # queries. #auth_debug = no # In case of password mismatches, log the passwords and used scheme so the # problem can be debugged. Enabling this also enables auth_debug. #auth_debug_passwords = no # Enable mail process debugging. This can help you figure out why Dovecot # isn't finding your mails. mail_debug = yes # Show protocol level SSL errors. #verbose_ssl = no # mail_log plugin provides more event logging for mail processes. plugin { # Events to log. Also available: flag_change append #mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename # Available fields: uid, box, msgid, from, subject, size, vsize, flags # size and vsize are available only for expunge and copy events. #mail_log_fields = uid box msgid size } ## ## Log formatting. ## # Prefix for each line written to log file. % codes are in strftime(3) # format. #log_timestamp = "%b %d %H:%M:%S " # Space-separated list of elements we want to log. The elements which have # a non-empty variable value are joined together to form a comma-separated # string. #login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c # Login log format. %s contains login_log_format_elements string, %$ contains # the data we want to log. #login_log_format = %$: %s # Log prefix for mail processes. See doc/wiki/Variables.txt for list of # possible variables you can use. #mail_log_prefix = "%s(%u): " # Format to use for logging mail deliveries. See doc/wiki/Variables.txt for # list of all variables you can use. Some of the common ones include: # %$ - Delivery status message (e.g. "saved to INBOX") # %m - Message-ID # %s - Subject # %f - From address # %p - Physical size # %w - Virtual size #deliver_log_format = msgid=%m: %$
/etc/dovecot/conf.d/auth-system.conf.ext
# Authentication for system users. Included from 10-auth.conf. # # <doc/wiki/PasswordDatabase.txt> # <doc/wiki/UserDatabase.txt> # PAM authentication. Preferred nowadays by most systems. # PAM is typically used with either userdb passwd or userdb static. # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM # authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt> passdb { driver = pam # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>] # [cache_key=<key>] [<service name>] args = failure_show_msg=yes } # System users (NSS, /etc/passwd, or similiar). # In many systems nowadays this uses Name Service Switch, which is # configured in /etc/nsswitch.conf. <doc/wiki/AuthDatabase.Passwd.txt> #passdb { #driver = passwd # [blocking=no] #args = #} # Shadow passwords for system users (NSS, /etc/shadow or similiar). # Deprecated by PAM nowadays. # <doc/wiki/PasswordDatabase.Shadow.txt> #passdb { #driver = shadow # [blocking=no] #args = #} # PAM-like authentication for OpenBSD. # <doc/wiki/PasswordDatabase.BSDAuth.txt> #passdb { #driver = bsdauth # [blocking=no] [cache_key=<key>] #args = #} ## ## User databases ## # System users (NSS, /etc/passwd, or similiar). In many systems nowadays this # uses Name Service Switch, which is configured in /etc/nsswitch.conf. #userdb { # <doc/wiki/AuthDatabase.Passwd.txt> # driver = passwd # [blocking=no] #args = # Override fields from passwd #override_fields = home=/home/virtual/%u #} # Static settings generated from template <doc/wiki/UserDatabase.Static.txt> #userdb { #driver = static # Can return anything a userdb could normally return. For example: # # args = uid=500 gid=500 home=/var/mail/%u # # LDA and LMTP needs to look up users only from the userdb. This of course # doesn't work with static userdb because there is no list of users. # Normally static userdb handles this by doing a passdb lookup. This works # with most passdbs, with PAM being the most notable exception. If you do # the user verification another way, you can add allow_all_users=yes to # the args in which case the passdb lookup is skipped. # #args = #}
/etc/dovecot/conf.d/10-auth.conf
/etc/dovecot/conf.d/10-mail.conf
Test
eMail-Konten anlegen
eMail.sh
./eMail.sh user password
# # create a Postfix Mail Account # useradd --gid postfix --create-home --shell /bin/false $1 echo "$1:$2" | chpasswd chmod 777 /home/$1 touch /var/mail/$1 chown $1 /var/mail/$1 chgrp postfix /var/mail/$1 chmod 0660 /var/mail/$1
offene Probleme
- Wenn ein neuer User angelegt wird und erstmalig mit dovecot per pop3 angefragt wird schafft dovecot es nicht eine leere mbox anzulegen
- Wenn ein neuer user angelegt wird schafft es postfix eine neue mbox anzulegen, diese kann aber Rechtmäßig nicht von dovecot gelesen werden
- dovecot will imap Sachen machen, obwohl ich nur pop3 einsetze.
- dovecort schafft es nicht im home des users das Verzeichnis .imap anzulegen (rechteproblem)
Sep 25 20:30:38 pi3x04 dovecot: pop3(mail-ma1): Error: mkdir_parents(/home/mail-ma1/.imap/INBOX) failed: Permission denied
-> Versuch
# # die User einfach mal der Gruppe "mail" zuordnen, nicht postfix, das war dumm # mail:x:8:8:mail:/var/mail:/usr/sbin/nologin