Postfix, Dovecot внутренний и внешний домен на одном физическом сервере

FIXME

Интернет
Сервер SMTP
Postfix
Вход Системный
Выход
Локальный
Сервер IMAP
Dovecot
Локальная сеть
  • 10.1.0.1 - внутренний IP адрес
  • 10.1.0.0 - внутренний сеть
  • 203.0.113.13 внешний IP адрес
  • domain.local - локальный домен
  • domain.ru, domain2.ru - внешние домены

Postfix

Основная статья о Postfix.

Внутренний и внешний домен находятся на одном физическом сервере.

В данном примере использована работа с несколькими экземплярами Postfix, далее приведены команды, которые нужно выполнить для работы в этом режиме:

postmulti -e init
 
mkdir /etc/postfix-i
postmulti -I postfix-i -G local -e create
postmulti -i postfix-i -e enable
 
mkdir /etc/postfix-l
postmulti -I postfix-l -G local -e create
postmulti -i postfix-l -e enable
 
mkdir /etc/postfix-o
postmulti -I postfix-o -G local -e create
postmulti -i postfix-o -e enable

Нужно создать символические ссылки на /etc/postfix/dynamicmaps.cf:

ln -s /etc/postfix/dynamicmaps.cf /etc/postfix-i
ln -s /etc/postfix/dynamicmaps.cf /etc/postfix-l
ln -s /etc/postfix/dynamicmaps.cf /etc/postfix-o

Системный сервер

/etc/postfix

/etc/postfix/dynamicmaps.cf
tcp     /usr/lib/postfix/dict_tcp.so            dict_tcp_open
sqlite  /usr/lib/postfix/dict_sqlite.so         dict_sqlite_open
ldap    /usr/lib/postfix/dict_ldap.so           dict_ldap_open
/etc/postfix/main.cf
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
readme_directory = no
myorigin = localhost
myhostname = localhost.localdomain
mydestination = localhost
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mynetworks = 127.0.0.0/8
relayhost =
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = 127.0.0.1
multi_instance_enable = yes
multi_instance_wrapper = ${command_directory}/postmulti -p --
multi_instance_directories = /etc/postfix-i /etc/postfix-o /etc/postfix-l
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_alias_maps = ldap:/etc/postfix/ldap-users.cf ldap:/etc/postfix/ldap-groups.cf
/etc/postfix/transport
localhost.localdomain :127.0.0.1
.localhost.localdomain :127.0.0.1
domain.local smtp:smtp.domain.local
domain.ru smtp:smtp.domain.local
domain2.ru smtp:smtp.domain.local
/etc/postfix/transport.sh
postmap /etc/postfix/transport

LDAP

/etc/postfix/ldap-users.cf
server_host = ldap
bind = yes
version = 3
search_base = ou=users,dc=domain
# query_filter = (&(!(l=disabled)) (|(mail=%s)(maildrop=%s))(objectclass=mailUser))
query_filter = (&(!(l=disabled)) (|(mail=%s)(maildrop=%s))(objectclass=mailUser))
result_attribute = maildrop
/etc/postfix/ldap-groups.cf
server_host = ldap
search_base = ou=groups,dc=domain
query_filter = (&(|(mail=%s)(mailRoutingAddress=%s))(objectclass=mailGroup))
special_result_attribute = member
result_attribute = maildrop

Входной сервер

/etc/postfix/postfix-i

/etc/postfix/postfix-i/helo_restrictions
helo_restrictions.domain1    OK
helo_restrictions.domain2    OK
/etc/postfix/postfix-i/helo_restrictions.sh
postmap /etc/postfix-i/helo_restrictions
/etc/postfix/postfix-i/main.cf
alias_maps = hash:/etc/aliases
unknown_local_recipient_reject_code = 550
readme_directory = no
inet_protocols = ipv4
recipient_delimiter = +
multi_instance_enable = yes
multi_instance_group = in
multi_instance_name = postfix-i
data_directory=/var/lib/postfix-i
queue_directory = /var/spool/postfix-i
mynetworks = 127.0.0.0/8
myhostname = mail.domain.ru
smtpd_proxy_ehlo = mail.domain.ru
smtpd_banner = $myhostname ESMTP
inet_interfaces = 203.0.113.13 127.0.0.2
mydestination = domain.ru
content_filter=smtp-amavis:[127.0.0.1]:10024
virtual_alias_maps = hash:/etc/postfix-i/virtual
relayhost =
disable_vrfy_command = yes
show_user_unknown_table_name = no
smtpd_helo_required = yes
smtpd_helo_restrictions=
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_invalid_hostname,
    reject_non_fqdn_hostname,
    reject_invalid_helo_hostname,
    reject_unknown_helo_hostname
smtpd_sender_restrictions=
    reject_non_fqdn_sender,
    reject_unknown_sender_domain,
    reject_unlisted_sender,
    permit_mynetworks,
    permit_sasl_authenticated
smtpd_recipient_restrictions=
    reject_non_fqdn_recipient,
    reject_unknown_recipient_domain,
    reject_unlisted_recipient,
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination
	reject_invalid_hostname
smtpd_data_restrictions=
	reject_unauth_pipelining,
	reject_multi_recipient_bounce
smtpd_etrn_restrictions=
	permit_mynetworks,
	permit_sasl_authenticated,
	reject
message_size_limit = 30720000
receive_override_options = no_address_mappings
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = ldap:/etc/postfix/ldap-users.cf ldap:/etc/postfix/ldap-groups.cf

В файл /etc/postfix/postfix-i/master.cf> нужно добавить строки для работы с AMaViSd-new по описанию в Postfix: AMaViSd-new

/etc/postfix/postfix-i/virtual
test: test@domain.ru
test1: test1@domain.ru
test2: test2@domain.ru
/etc/postfix/postfix-i/virtual.sh
postalias /etc/postfix-i/virtual

Локальный сервер

/etc/postfix/postfix-l

/etc/postfix/postfix-l/main.cf
mydomain = domain.local
myhostname = mail.domain.local
mydestination = localhost $mydomain $myhostname
myorigin =  $mydomain
smtpd_proxy_ehlo = $mydomain
smtp_helo_name = $mydomain
smtpd_banner = $myhostname ESMTP (s)
biff = no
multi_instance_enable = yes
multi_instance_group = local
multi_instance_name = postfix-l
queue_directory = /var/spool/postfix-l
data_directory = /var/lib/postfix-l
append_dot_mydomain = no
readme_directory = no
delay_warning_time = 4h
message_size_limit = 30720000
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
relayhost = 10.1.0.1:587
mynetworks = 10.1.0.0/24
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces =  10.1.0.1 203.0.113.13
mailbox_transport = lmtp:unix:private/dovecot-lmtp
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_alias_maps = ldap:/etc/postfix/ldap-users.cf ldap:/etc/postfix/ldap-groups.cf
#TLS
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/ssl/certs/mail.domain.ru.crt
smtpd_tls_key_file = /etc/ssl/private/mail.domain.ru.key
smtpd_tls_CApath = /etc/ssl/certs/domain_rootCA.crt
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
/etc/postfix/postfix-l/master.cf
10.1.0.1:smtp      inet  n       -       -       -       -       smtpd
203.0.113.13:smtps     inet  n       -       -       -       -       smtpd
    -o syslog_name=postfix-o/smtps
    -o smtpd_tls_wrappermode=yes
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_sasl_type=dovecot
    -o smtpd_sasl_path=private/auth
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    -o mynetworks=0.0.0.0/0

Выходной сервер

/etc/postfix/postfix-o

/etc/postfix/postfix-o/generic
@domain.local @domain.ru
@domain.ru @domain.ru
@domain2.ru @domain.ru
/etc/postfix/postfix-o/generic.sh
postmap /etc/postfix-o/generic
/etc/postfix/postfix-o/main.cf
alias_maps = hash:/etc/aliases
unknown_local_recipient_reject_code = 550
smtpd_banner = $myhostname ESMTP
readme_directory = no
inet_protocols = ipv4
recipient_delimiter = +
multi_instance_enable = yes
multi_instance_group = out
multi_instance_name = postfix-o
queue_directory = /var/spool/postfix-o
data_directory = /var/lib/postfix-o
relayhost =
mydestination = domain.ru
myhostname = mail.domain.ru
mynetworks = 10.1.0.0/24
inet_interfaces = 203.0.113.13
smtp_bind_address = 203.0.113.13
smtp_helo_name = $myhostname
smtp_generic_maps = hash:/etc/postfix-o/generic
receive_override_options = no_address_mappings
transport_maps = hash:/etc/postfix/transport
receive_override_options =
delay_warning_time = 4h
#DKIM
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
/etc/postfix/postfix-o/master.cf
10.1.0.1:587      inet  n       -       -       -       -       smtpd

Dovecot

examples/postfix_dovecot_intenal_external_single_server.txt · Последние изменения: 2017-04-08 15:56 (внешнее изменение)
 
За исключением случаев, когда указано иное, содержимое этой вики предоставляется на условиях следующей лицензии: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki