====== Postfix, Dovecot внутренний и внешний домен на одном физическом сервере ======
FIXME
|WAN|-|-|v|-|-|-|-|-|-|-|.|WAN{border-color:silver;background-color:silver;}=**Интернет**
| | | | | |!@4| | | | | | | |!@1|
| |F|~|~|~|#|~|~|~|~|~|~|~|#|~|~|~|~|~|~|7|
|SMTP||Input|-@2|System|-@8|Output|-@8|Switch| |Input=**[[#Входной сервер|Вход]]**|Output=**[[#Выходной сервер|Выход]]**|System=**[[#Системный сервер|Системный ]]**|SMTP{border-color:#a9c}=Сервер SMTP\\ **[[#Postfix]]**|Switch=**[[#Локальный сервер|Локальный]]**| |:|
| |L|~|~|~|#|~|~|~|~|~|~|~|~|~|~|~|#|~|~|J|
|Dovecot| | |! | | | | | | | | | | | |!|Dovecot{border-color:#a9c}=Сервер IMAP\\ **[[#Dovecot]]**
| | | | | |!@4 | | | | | | | | | | | |!|
|LAN|-|-|^|-|-|-|-|-|-|-|-|-|-|-|'|LAN{border-color:silver;background-color:silver;}=**Локальная сеть**
* 10.1.0.1 - внутренний IP адрес
* 10.1.0.0 - внутренний сеть
* 203.0.113.13 внешний IP адрес
* domain.local - локальный домен
* domain.ru, domain2.ru - внешние домены
====== Postfix ======
Основная статья о [[postfix:postfix|Postfix]].
Внутренний и внешний домен находятся на одном физическом сервере.
В данном примере использована [[postfix:postfix#Работа с несколькими экземплярами|работа с несколькими экземплярами Postfix]], далее приведены команды, которые нужно выполнить для работы в этом режиме:
postmulti -e init
mkdir /etc/postfix-i
postmulti -I postfix-i -G local -e create
postmulti -i postfix-i -e enable
mkdir /etc/postfix-l
postmulti -I postfix-l -G local -e create
postmulti -i postfix-l -e enable
mkdir /etc/postfix-o
postmulti -I postfix-o -G local -e create
postmulti -i postfix-o -e enable
Нужно создать символические ссылки на ''/etc/postfix/dynamicmaps.cf'':
ln -s /etc/postfix/dynamicmaps.cf /etc/postfix-i
ln -s /etc/postfix/dynamicmaps.cf /etc/postfix-l
ln -s /etc/postfix/dynamicmaps.cf /etc/postfix-o
===== Системный сервер =====
/etc/postfix
tcp /usr/lib/postfix/dict_tcp.so dict_tcp_open
sqlite /usr/lib/postfix/dict_sqlite.so dict_sqlite_open
ldap /usr/lib/postfix/dict_ldap.so dict_ldap_open
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
readme_directory = no
myorigin = localhost
myhostname = localhost.localdomain
mydestination = localhost
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mynetworks = 127.0.0.0/8
relayhost =
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = 127.0.0.1
multi_instance_enable = yes
multi_instance_wrapper = ${command_directory}/postmulti -p --
multi_instance_directories = /etc/postfix-i /etc/postfix-o /etc/postfix-l
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_alias_maps = ldap:/etc/postfix/ldap-users.cf ldap:/etc/postfix/ldap-groups.cf
localhost.localdomain :127.0.0.1
.localhost.localdomain :127.0.0.1
domain.local smtp:smtp.domain.local
domain.ru smtp:smtp.domain.local
domain2.ru smtp:smtp.domain.local
postmap /etc/postfix/transport
==== LDAP ====
server_host = ldap
bind = yes
version = 3
search_base = ou=users,dc=domain
# query_filter = (&(!(l=disabled)) (|(mail=%s)(maildrop=%s))(objectclass=mailUser))
query_filter = (&(!(l=disabled)) (|(mail=%s)(maildrop=%s))(objectclass=mailUser))
result_attribute = maildrop
server_host = ldap
search_base = ou=groups,dc=domain
query_filter = (&(|(mail=%s)(mailRoutingAddress=%s))(objectclass=mailGroup))
special_result_attribute = member
result_attribute = maildrop
===== Входной сервер =====
/etc/postfix/postfix-i
helo_restrictions.domain1 OK
helo_restrictions.domain2 OK
postmap /etc/postfix-i/helo_restrictions
alias_maps = hash:/etc/aliases
unknown_local_recipient_reject_code = 550
readme_directory = no
inet_protocols = ipv4
recipient_delimiter = +
multi_instance_enable = yes
multi_instance_group = in
multi_instance_name = postfix-i
data_directory=/var/lib/postfix-i
queue_directory = /var/spool/postfix-i
mynetworks = 127.0.0.0/8
myhostname = mail.domain.ru
smtpd_proxy_ehlo = mail.domain.ru
smtpd_banner = $myhostname ESMTP
inet_interfaces = 203.0.113.13 127.0.0.2
mydestination = domain.ru
content_filter=smtp-amavis:[127.0.0.1]:10024
virtual_alias_maps = hash:/etc/postfix-i/virtual
relayhost =
disable_vrfy_command = yes
show_user_unknown_table_name = no
smtpd_helo_required = yes
smtpd_helo_restrictions=
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_invalid_helo_hostname,
reject_unknown_helo_hostname
smtpd_sender_restrictions=
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unlisted_sender,
permit_mynetworks,
permit_sasl_authenticated
smtpd_recipient_restrictions=
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unlisted_recipient,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
reject_invalid_hostname
smtpd_data_restrictions=
reject_unauth_pipelining,
reject_multi_recipient_bounce
smtpd_etrn_restrictions=
permit_mynetworks,
permit_sasl_authenticated,
reject
message_size_limit = 30720000
receive_override_options = no_address_mappings
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = ldap:/etc/postfix/ldap-users.cf ldap:/etc/postfix/ldap-groups.cf
В файл ''/etc/postfix/postfix-i/master.cf>'' нужно добавить строки для работы с [[amavisd-new:amavisd-new|AMaViSd-new]] по описанию в [[postfix:postfix#AMaViSd-new|Postfix: AMaViSd-new]]
test: test@domain.ru
test1: test1@domain.ru
test2: test2@domain.ru
postalias /etc/postfix-i/virtual
===== Локальный сервер =====
/etc/postfix/postfix-l
mydomain = domain.local
myhostname = mail.domain.local
mydestination = localhost $mydomain $myhostname
myorigin = $mydomain
smtpd_proxy_ehlo = $mydomain
smtp_helo_name = $mydomain
smtpd_banner = $myhostname ESMTP (s)
biff = no
multi_instance_enable = yes
multi_instance_group = local
multi_instance_name = postfix-l
queue_directory = /var/spool/postfix-l
data_directory = /var/lib/postfix-l
append_dot_mydomain = no
readme_directory = no
delay_warning_time = 4h
message_size_limit = 30720000
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
relayhost = 10.1.0.1:587
mynetworks = 10.1.0.0/24
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = 10.1.0.1 203.0.113.13
mailbox_transport = lmtp:unix:private/dovecot-lmtp
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_alias_maps = ldap:/etc/postfix/ldap-users.cf ldap:/etc/postfix/ldap-groups.cf
#TLS
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/ssl/certs/mail.domain.ru.crt
smtpd_tls_key_file = /etc/ssl/private/mail.domain.ru.key
smtpd_tls_CApath = /etc/ssl/certs/domain_rootCA.crt
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
10.1.0.1:smtp inet n - - - - smtpd
203.0.113.13:smtps inet n - - - - smtpd
-o syslog_name=postfix-o/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o mynetworks=0.0.0.0/0
===== Выходной сервер =====
/etc/postfix/postfix-o
@domain.local @domain.ru
@domain.ru @domain.ru
@domain2.ru @domain.ru
postmap /etc/postfix-o/generic
alias_maps = hash:/etc/aliases
unknown_local_recipient_reject_code = 550
smtpd_banner = $myhostname ESMTP
readme_directory = no
inet_protocols = ipv4
recipient_delimiter = +
multi_instance_enable = yes
multi_instance_group = out
multi_instance_name = postfix-o
queue_directory = /var/spool/postfix-o
data_directory = /var/lib/postfix-o
relayhost =
mydestination = domain.ru
myhostname = mail.domain.ru
mynetworks = 10.1.0.0/24
inet_interfaces = 203.0.113.13
smtp_bind_address = 203.0.113.13
smtp_helo_name = $myhostname
smtp_generic_maps = hash:/etc/postfix-o/generic
receive_override_options = no_address_mappings
transport_maps = hash:/etc/postfix/transport
receive_override_options =
delay_warning_time = 4h
#DKIM
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
10.1.0.1:587 inet n - - - - smtpd
====== Dovecot ======
FIXME
Основная статья: [[dovecot:dovecot|Dovecot]]
''/srv/mail/vmail''
* [[dovecot:dovecot#dovecot.conf|dovecot.conf]]
* [[dovecot:dovecot#10-auth.conf|10-auth.conf]]
* [[dovecot:dovecot#Сознание папки для пользователей домена|Сознание папки для пользователей домена]]
* [[dovecot:dovecot#sieve|Sieve]]
* [[dovecot:dovecot#Квоты|Квоты]]
* [[dovecot:dovecot#Мастер-пользователи|Мастер-пользователи]]
* [[dovecot:dovecot#LDAP|LDAP]]
* [[dovecot:dovecot#Общие папки|Общие папки]]
{{tag>Examples Linux Debian Email}}