Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Howto Debian Postfix 3

    Hochgeladen von

    Hk On Tk
    106 Ansichten2 Seiten
    Howto Debian Postfix part 3

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    TXT, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    Howto Debian Postfix part 3

    Copyright:

    © All Rights Reserved
    Als TXT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    106 Ansichten2 Seiten

    Howto Debian Postfix 3

    Hochgeladen von

    Hk On Tk
    Howto Debian Postfix part 3

    Copyright:

    © All Rights Reserved
    Als TXT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 2

    howto debian postfix Part 3

    12. OPTIONAL: Own SSL configuration


    The package is creating self signed certificates. So if you want to change them
    because you want to use official ssl certs edit following lines:
    /etc/postfix/main.cf
    /etc/dovecot/conf.d/10-ssl.conf
    /etc/dovecot/conf.d/01-mail-stack-delivery.conf
    /etc/postfix/main.cf:smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem
    /etc/postfix/main.cf:smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
    /etc/dovecot/conf.d/10-ssl.conf:ssl_cert = </etc/ssl/certs/dovecot.pem
    /etc/dovecot/conf.d/10-ssl.conf:ssl_key = </etc/ssl/private/dovecot.pem
    /etc/dovecot/conf.d/01-mail-stack-delivery.conf:ssl_cert = </etc/ssl/certs/ssl-m
    ail.pem
    /etc/dovecot/conf.d/01-mail-stack-delivery.conf:ssl_key = </etc/ssl/private/sslmail.key13. OPTIONAL: Set rate limits
    If your mail server is used by yourself ... you do not need to limit the number
    of emails a user can send.
    Edit /etc/postfix/main.cf
    sudo nano /etc/postfix/main.cfAnd add these lines at the end of file:
    smtpd_client_event_limit_exceptions = $mynetworks
    #Clients that are excluded from connection count
    anvil_rate_time_unit = 60s
    #The time unit over which client connection rates and other rates are calculated
    .
    anvil_status_update_time = 120s
    #How frequently the server logs peak usage information.
    smtpd_client_message_rate_limit=5
    #The maximal number of message delivery requests that any client is allowed to m
    ake to this service per time unit.So each client - not connected through $mynetw
    orks - is only able to send 5 emails per 60 seconds.
    14. OPTIONAL: DKIM
    Well ....
    Quote
    DomainKeys Identified Mail (DKIM) is a method for E-mail authentication, allowin
    g a person who receives email to verify that the message actually comes from the
    domain that it claims to have come from. The need for this type of authenticati
    on arises because spam often has forged headers.
    So your mail server can sign your emails to ensure that someone can check if the
    emails are from your approved mail servers.
    Installation is quite easy:
    sudo apt-get install opendkim opendkim-toolsFor 12.04 you have to use backports:
    sudo apt-get install opendkim/precise-backports
    sudo apt-get install opendkim-tools/precise-backportsConfiguration is done on tw
    o files:
    /etc/opendkim.conf
    /etc/default/opendkimThings you have to change:
    nano /etc/opendkim.conf
    UserID
    105 # 'id postfix' in your shell
    Domain
    domain.com
    KeyFile
    /etc/mail/dkim.key
    nano /etc/default/opendkim
    SOCKET="inet:54321" # listen on all interfaces on port 54321
    #Don't forget to allow this port on iptablesNow we have to tell postfix to use t
    his service:
    nano /etc/postfix/main.cf
    # DKIM

    milter_default_action = accept
    milter_protocol = 2
    smtpd_milters = inet:localhost:8891
    non_smtpd_milters = inet:localhost:8891To generate the key run following command
    :
    cd /etc/mail
    sudo opendkim-genkey -t -s mail -d domain.com
    cp mail.private /etc/mail/dkim.keyThe DNS TXT entry should be a copy&paste of ma
    il.txt
    mail._domainkey.domain.com. IN TXT "v=DKIM1; g=*; k=rsa; p=openssl_public_key";1
    5. OPTIONAL: Add backup MX
    First of all you have to add an additional MX record with a higher priority:
    @ mailserver.domain.com. MX 10 3600
    @ backupmailserver.domain.com. MX 20 3600Everyone is first trying to send the em
    ail to mailserver.domain.com, if it is not reachable backupmailserver.domain.com
    is used.
    The higher the priority the lower the chance that someone is using the MX server
    .
    Next change of the backup mail server is the main.cf:
    relay_domains = $mydestination, hash:/etc/postfix/relay_domains
    transport_maps = hash:/etc/postfix/relay_transportNow we have to define the rela
    y domains:
    nano /etc/postfix/relay_domainsContent:
    domain1.com anything
    domain2.com anything
    domain3.com anythingA backup MX can be responsible for more than one domain.
    Now we have to define what the backup mail server should do with an incoming ema
    il:
    nano /etc/postfix/relay_transportConent:
    domain1.com relay:mailserver.domain1.com
    domain2.com relay:mailserver.domain2.com
    domaint3.com relay:mailserver.domain3.comJust forward them to the real mail serv
    ers.
    Last step is to map both files:
    cd /etc/postfix
    postmap relay_domains
    postmap relay_transportIf you want you can add a time to live for the emails too
    :
    maximal_queue_lifetime = 60d So the backup server will store the mails for 60 da
    ys. Hopefully your main mail server will not be offline for more than 60 days.
    16. Restart you vps
    Done.

    Das könnte Ihnen auch gefallen