LUG Krefeld: PostfixDBmailSASL

This page (revision-10) was last changed on 10-May-2012 19:51 by JensKapitza

This page was created on 17-Apr-2012 12:40 by JensKapitza

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version	Date Modified	Size	Author	Changes ...	Change note
10	10-May-2012 19:51	16 KB	JensKapitza	to previous	format
9	10-May-2012 19:50	16 KB	JensKapitza	to previous \| to last	Aufräumen
8	10-May-2012 11:36	20 KB	JensKapitza	to previous \| to last	add sieve
7	10-May-2012 10:58	19 KB	JensKapitza	to previous \| to last	add sasl install
6	10-May-2012 10:09	19 KB	JensKapitza	to previous \| to last	--no-install-recommends
5	01-May-2012 18:07	19 KB	JensKapitza	to previous \| to last	tls ohne stunnel
4	01-May-2012 17:42	18 KB	JensKapitza	to previous \| to last
3	17-Apr-2012 15:46	18 KB	JensKapitza	to previous \| to last	add tls support spam mailman etc.
2	17-Apr-2012 13:06	15 KB	JensKapitza	to previous \| to last	pam geht aber postfix nicht
1	17-Apr-2012 12:40	14 KB	JensKapitza	to last	Start

Page References

Incoming links	Outgoing links
PostfixDBmailSASL...nobody	PostfixDBmailSASL

Version management

Difference between version and

View first change

=~~Hier~~>> <<Ziel~~nun~~>> <<=
~~meine Notizen zur~~ >>Installation eines <<Mail-ServerMail-Server.

Bekannte >> <<derzu >> <<möglichst~~lösende~~>> <<wenig >>Probleme <<macht,~~wer~~>> <<von~~eine~~>> <<daher~~Lösung~~>> <<wird~~hat,~~>> <<mit~~bitte~~>> <<iptables~~per~~>> <<eigentlich~~eine~~>> <<alles~~Mail~~>> <<geblockt,an >> <<was~~mich~~>> <<nicht über PORT 80/443/25/456/993/22 läuft.~~[JensKapitza].~~>>

<<Der
==>> <<Server~~Postfix~~>> <<soll möglichst wenig Aufwand zum Administrieren bereiten und ich bin kein Freund von adduser windowsNutzer also wird alles in einer Datenbank abgelegt, so vermeide ich einen echten Nutzer.==>>

<<Da~~Postfix~~>> <<die~~unter~~>> <<Datenbank~~Debian~~>> <<nicht von den üblichen IMAP Diensten verwendet werden kann muss entweder ein Frontend direkt für die Datenbank geschrieben werden oder dbmails interner IMAP Dienst verwendet werden.~~installieren~~>>

<<Die~~{{{~~>> <<Installation~~apt-get~~>> <<ist~~install~~>> <<eigentlich~~postfix~~>> <<einfach.~~postfix-pgsql~~>> <<Man muss aber die apt liste erweitern um das dbmail (aktuelle version)~~}}}~~>>

<<~~nichts~~>> <<~~Konfigurieren.~~>>
<<
>>{{{ # <<eine~~die~~>> <<neue~~Datei~~>> <<sourcelist~~main.cf~~>> <</etc/apt/sources.list.d/dbmail.list >>
<<deb#>> <<http://debian.nfgd.net/debian~~von~~>> <<stablewo >> <<main
deb-src~~soll~~>> <<http://debian.nfgd.net/debian~~postfix~~>> <<stable main~~senden~~>>
<<}}}

{{{~~myorigin~~>> <<apt-get >> <<update >> <<&& >> <<apt-get >> <<--no-install-recommends >> <<install >> <<dbmail >> <<postfix >> <<postfix-pgsql >> <<\
>> <<libpam-pgsql >> <<sasl2-bin libsasl2-modules postgresql-8.4 postgresql-client-8.4 >> <<\
>> <<=>> <<amavisd-newedv-gutachten.info
#>> <<clamav~~wie~~>> <<clamav-daemon~~heist~~>> <<clamav-freshclam~~der~~>> <<spamassassinrechner
myhostname >> <<pyzor >> <<razor >> <<\
>> <<less >> <<mailutils >> <<postgrey >> <<postgresql >> <<}}} >> <<

Dann >> <<kommt >> <<das >> <<nicht >> <<so >> <<schöne >> <<Konfigurieren >> <<und >> <<nach =>> <<demmail.edv-gutachten.info
#>> <<3~~SMTP~~>> <<Anlauf geht das unter 3Stunden ~~Helo~~>>
<<
Wichtig~~smtpd_banner~~>> <<es >> <<müssen >> <<die >> <<Gruppen >> <<angepasst >> <<werden, >> <<da >> <<sonst >> <<einige >> <<Dienste >> <<nur >> <<mit >> <<Fehlern >> <<laufen.
sasl >> <<ist >> <<einer >> <<dieser >> <<Dienste

{{{# >> <</etc/group >> <<anpassen
sasl:x:45:postfix,dbmail,amavis
dbmail:x:108:amavis,clamav
clamav:x:109:amavis,dbmail
amavis:x:110:clamav,dbmail
}}}
>> <<

== >> <<Postfix =>> <<==

Postfix~~$myhostname~~>> <<unter~~ESMTP~~>> <<Debian~~$mail_name~~>> <<installieren~~(Debian/GNU)~~>>
<<

nichts~~append_dot_mydomain~~>> <<Konfigurieren.

{{{ >> <<# >> <<die >> <<Datei >> <<main.cf >> <<
# >> <<virtuelle >> <<Zustellung >> <<macht >> <<sonst probleme >> <<
mydestination >> <<= no
# postmaster = root >> <<^^
alias_maps >> <<=>> <<localhost
append_dot_mydomain >> << >>= <<no~~hash:/etc/aliases~~>>
<<
>># TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key

smtpd_use_tls = yes
smtpd_sasl_auth_enable = yes
#plain login nur over tls
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_tls_auth_only = yes
broken_sasl_auth_clients = yes
<<
>>smtpd_tls_security_level = may

smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
mailbox_size_limit = 0
recipient_delimiter = +

# gegen den spam
smtpd_recipient_restrictions =
# lokales netz / der server selbst
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_unauth_destination,
reject_rbl_client multi.uribl.com,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client proxies.blackholes.wirehub.net,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client dnsbl.njabl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client rabl.nuclearelephant.com,
reject_rbl_client psbl.surriel.com,
# postgray prüfen
check_policy_service inet:127.0.0.1:60000,
permit

smtpd_sender_restrictions =
permit_sasl_authenticated,
reject_unknown_sender_domain,
reject_authenticated_sender_login_mismatch,
reject_unauthenticated_sender_login_mismatch,
reject_sender_login_mismatch,
reject_unknown_recipient_domain,
permit

# alles über dbmail
<<mailbox_transport
~~#mailbox_transport~~>> = <<dbmail:~~dbmail-deliver:~~>>
<<virtual_transport~~#virtual_transport~~>> = <<dbmail:~~dbmail-deliver:~~>>
#default_transport = dbmail-deliver:
#relay_transport = error
<<#transport_maps = hash:/etc/postfix/transport >>

<<
>># dbmail
<<~~transport_maps = hash:/etc/postfix/transport~~
>>virtual_mailbox_domains = pgsql:/etc/postfix/sql-virtual_mailbox_domains.cf
virtual_mailbox_maps = pgsql:/etc/postfix/sql-virtual_mailbox_maps.cf
# fehler werden auf hdd gespeichert
virtual_mailbox_base = /opt/vmail

# limit the spammer
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20

smtpd_client_message_rate_limit = 50
smtpd_client_connection_count_limit = 100
smtpd_client_connection_rate_limit = 100
smtpd_client_message_rate_limit = 30
smtpd_client_new_tls_session_rate_limit = 60
# spamfilter und virusscanner
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings

# all wenn man auch ipv6 haben will<< >>
<<# muss man in testing setzen warum auch immer
# >>inet_protocols = ipv4

}}}

{{{ #master.cf
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd
<<#submission inet n - - - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
>>pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
<<~~# für limt bei den spammern nötig~~
>>anvil unix - - - - 1 anvil
scache unix - - - - 1 scache

<<# >>dbmail<<
dbmail >> unix - n n - - pipe
<< >>flags= user=dbmail:dbmail
<< >>argv=/usr/sbin/dbmail-deliver -d ${recipient} -r ${sender}

amavis << >>unix - << >>- n - 5 smtp
-o smtp_data_done_timeout=1200s
-o disable_dns_lookups=yes
-o smtp_send_xforward_command=yes

#wiedereinliefern<< >>
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
<< >>
<<
>>}}}

{{{ #sql-virtual_mailbox_domains.cf
user = dbmail
password = dbmail
# gehe über unix socket, sasl will hier kein unix: stehen haben
hosts = unix:/var/run/postgresql
dbname = dbmail
query = SELECT DISTINCT 1 FROM dbmail_aliases WHERE SUBSTRING(alias FROM POSITION('@' in alias)+1) = '%s';
}}}

{{{ #sql-virtual_mailbox_maps.cf
user = dbmail
password = dbmail
hosts = unix:/var/run/postgresql
dbname = dbmail
query = SELECT DISTINCT 1 FROM dbmail_aliases WHERE alias= '%s';
}}}

Hiermit ist postfix fertig, startet noch <<nicht.~~nicht, da dbmail noch zu installieren ist.~~>>

<<Zuerst aber Postgesql, ich mag mysql einfach nicht und um das setup einfach zu lassen läuft postgresql auf dem server nur local und erlaubt alle Verbindungen die lokal gemacht werden, da es hier keine anderen User außer root gibt (die etwas einspielen können) brauch man nur schaun, dass postfix und dbmail auf die selbe Datenbank können.

>>=== Postgresql ===
<<~~{{{ apt-get install postgresql-8.4 postgresql-client-8.4 }}}~~>>

<<~~Nun ein wenig Konfiguration~~

>>{{{ # pg_hba.conf
<<# reihenfolge ist wichtig!!!
>>local all postgres ident
# "local" is for Unix domain socket connections only
local all all trust
# alles andere kann auskommentiert werden
}}}

{{{ #postgresql.conf
# hier gibt es die socket information,
# da postfix im chroot läuft muss hier ein wenig was angepasst werden
# damit man auch über sockets reden kann.
external_pid_file = '/var/spool/postfix/var/run/postgresql/8.4-main.pid'
listen_addresses = 'localhost' # what IP address(es) to listen on;
unix_socket_directory = '/var/spool/postfix/var/run/postgresql' # (change requires restart)
}}}

<<ich~~damit~~>> <<muste~~ist~~>> <<noch~~postgresql~~>> <<die~~konfiguriert~~>> <<Ordner~~und~~>> <<erstellen~~man~~>> <<{{{~~kann~~>> <<mkdir~~dbmail~~>> <<-p~~nun~~>> <</var/spool/postfix/var/runinstallieren.

===>> <<&&~~DBmail~~>> <<chmod===

{{{>> <<777#>> <</var/spool/postfix/var/run~~eine~~>> <<}}}~~neue~~>> <<dann~~sourcelist~~>> <<sollte/etc/apt/sources.list.d/dbmail.list
deb >> <<das~~http://debian.nfgd.net/debian~~>> <<aber~~stable~~>> <<laufen.~~main~~>>
<<~~deb-src http://debian.nfgd.net/debian stable main~~>>
<<===}}}
{{{>> <<DBmail~~apt-get~~>> <<===~~update && apt-get install dbmail }}}~~ >>
<<
>>Sollte version 3.0.2 installieren

dann muss die Datenbank angelegt werden.

{{{
$ cd /usr/share/doc/dbmail/examples

$ su postgres
$ createuser dbmail
$ createdb dbmail
$ psql
$ SQL> GRANT ALL ON DATABASE dbmail TO dbmail;

# wieder root werden STRG-D
$ gunzip create_tables.pgsql.gz
$ psql -U dbmail dbmail < create_tables.pgsql

}}}

Nun sind alle Daten Tabellen da, man kann nun mit psql nachsehen ob alles da ist,

in psql einfach mal \dt eingeben und dann sehen was ausgegeben wird.

schön an postgresql ist, das der consolen client *code-completion* kennt.
Nun ist alles da, und man kann einen user anlegen, für mail.

{{{
<<# es muss dbmail laufen!!
>>dbmail-users -a jens
# hier bin ich noch dran, wie man digest-md5 unterstüzen kann.
# bislang klappt es nur, wenn passwörter in plaintext gespeichert werden,
# aber beim connect verschlüsselt gesentet werden (für imap)
dbmail-users -c jens -w password -p plaintext
dbmail-users -c jens -s jens@mail.edv-gutachter.info
}}}

Das schöne an dbmail ist dass nach einer kleine Einstellung des mx und A records im DNS
auch subdomains ganz einfach einzustellen sind.
für df.eu ist das
{{{
edv-gutachter.info -> IP
*.edv-gutachter.info -> IP
MX edv-gutachter.info -> IP
MX *.edv-gutachter.info -> IP
}}}

das halt für alle domains, für die man Emails annehmen und versenden will.
df.eu hat auch einen SPF Assistent, der Spammen verhindern sollte, so dass nur der eigene Mailserver mails
versenden darf, die diese domain nutzen.

Da dbmail noch eine kleine Konfiguration hat,
{{{ # /etc/default/dbmail
# comment out to disable the pop3 server
#START_POP3D=true

# comment out to disable the imapd server
START_IMAPD=true

# uncomment to enable the lmtpd server
#START_LMTPD=true

# <<wer es brauch!
# >>uncomment to enable the timsieved server
<<#START_SIEVE=true~~START_SIEVE=true~~>>

# comment out to enable the stunnel SSL wrapper
#START_SSL=true

# specify the filename for the pem file as
# it resides in /etc/ssl/certs
#PEMFILE="dbmail.pem"
}}}

ich mag kein pop3 also bleibt der deamon aus.

{{{ <<

>># <<Stunnel bruach man ab v.3 nicht mehr
# SSL kann hier konfiguriert werden, dann muss aber bindip != localhost sein
und

# A file containing a list of CAs in PEM format
tls_cafile = /etc/ssl/certs/ssl-cert-snakeoil.pem

# A file containing a PEM format certificate
tls_cert = /etc/ssl/certs/ssl-cert-snakeoil.pem

# A file containing a PEM format RSA or DSA key
tls_key = /etc/ssl/private/ssl-cert-snakeoil.key
# leer lassen klappt besser als was eintragen ^^
#tls_ciphers = SSL_RSA_WITH_3DES_EDE_CBC_SHA
hash_algorithm = SHA1

[IMAP]
# You can set an alternate banner to display when connecting to the service
# banner = imap 4r1 server (dbmail 2.3.x)

#
# Port to bind to.
#
#port = 143
tls_port = 993

# >>/etc/dbmail/dbmail.conf
[DBMAIL]
driver = postgresql
authdriver = sql
# wichtig
host = localhost
sqlport =
# über sockel verbinden
sqlsocket = /var/spool/postfix/var/run/postgresql
user = dbmail
# auch wenn da trust steht
# ein pw will die bibliothek dennoch.
# ich habe kein password dem dbmailuser zugeteilt.
pass = dbmail
db = dbmail
table_prefix = dbmail_
encoding = utf8
default_msg_encoding = utf8

# logging kann man beeinflussen damit man alles sieht ;)
# file_logging_levels = 511
# syslog_logging_levels = 511
}}}

<<==~~Hier~~>> <<SASL~~endet~~>> <<==
mit~~mein~~>> <<diesem~~wissen,~~>> <<hackso >> <<sollte~~dass~~>> <<auch~~ich~~>> <<der~~TLS~~>> <<testsalauthd~~und~~>> <<laufen
{{{
/etc/init.d/saslauthd~~SSL~~>> <<stop
rm~~nicht~~>> <<-rf~~über~~>> <</var/run/saslauthd
/etc/init.d/saslauthd~~DBmail~~>> <<start~~mache.~~>>
<<ln
~~===~~>> <<-s~~stunnel4~~>> <</var/spool/postfix/var/run/saslauthd /var/run/~~===~~>>
<<}}}>>
<<damit~~{{{~~>> <<testsaslauthd~~apt-get~~>> <<-u~~install~~>> <<jkapitza~~stunnel4~~>> <<-p jens läuft.~~}}}~~>>

{{{ <<#~~#/etc/stunnel/stunnel.conf~~>> <</etc/default/saslauthd >>
<<START=yes >>
<<OPTIONS="-m#>> <</var/spool/postfix/var/run/saslauthd"
PWDIR="/var/spool/postfix/var/run/saslauthd"
PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"
}}}

postfix~~wie~~>> <<nutztin >> <<sasl~~postfix~~>> <<über pam ;)>>
<<{{{
>># <</etc/postfix/sasl/smtpd.conf
pwcheck_method:~~irgendwo~~>> <<saslauthd
mech_list:~~stand~~>> <<login~~mal~~>> <<plain~~was~~>> << ~~von multi-domain certs.~~>>
# <<leider~~muss~~>> <<das~~ich~~>> <<einzige~~aber~~>> <<was~~nochmal~~>> <<unterstüzt~~nachsehen,~~>> <<wird~~evtl~~>> <<;(~~einfach~~>> <<
}}}

==~~einen~~>> <<pam~~globalen~~>> <<==

{{{~~server~~>> <<#/etc/pam_pgsql.conf~~für~~>> <<~~verscheidene domains~~>>
<<#debug=1
database~~cert~~>> = <<dbmail~~/etc/ssl/certs/ssl-cert-snakeoil.pem~~>>
<<user~~key~~>> = <<dbmail~~/etc/ssl/private/ssl-cert-snakeoil.key~~>>
<<table
;>> <<=~~Protocol~~>> <<dbmail_users~~version (all, SSLv2, SSLv3, TLSv1)~~>>
<<user_column~~sslVersion~~>> = <<userid~~SSLv3~~>>
<<pwd_column~~session~~>> << >>= <<passwd~~14400~~>>
<<#~~TIMEOUTidle~~>> <<später >> <<auf >> <<crypt=>> <<ändern~~14400~~>>
<<pw_type=clear >>
<<}}}
{{{#;>> <</etc/pam.d/smtp~~Service-level~~>> <<~~configuration~~>>
<<auth;>> << ~~anderes~~>> << ~~ist~~>> << ~~auskommentiert~~>> << sufficient
[imaps]
accept >> <<pam_pgsql.so=>> <<verbose=1993
connect >> <<user=dbmail=>> <<\~~143~~>>
<<}}}

Stunnel >> << ~~kümmert~~>> << ~~sich~~>> << ~~nun~~>> << um >> << ~~die~~>> << ~~SSL~~>> << ~~Verbindung~~>> << ~~zwischen~~>> << ~~IMAP~~>> << ~~und~~>> << CLient.

==>> << passwd=secret~~SASL~~>> <<host=/var/spool/postfix/var/run/postgresql==>>
<<account~~Ich~~>> << ~~habe~~>> << ~~nun~~>> <<required~~noch~~>> << ~~ein~~>> << pam_pgsql.so~~Problem~~>> <<verbose=1~~mit~~>> <<user=dbmail~~sasl,~~>> <<\
~~postfix~~>> << ~~will~~>> << ~~nicht~~>> << so >> << ~~reagieren~~>> << ~~wie~~>> << ~~die~~>> << konsole.

aber >> << ~~hier~~>> << ~~nun~~>> << ~~meine~~>> << erkentnisse.

in >> << passwd=secret~~rc.local~~>> <<host=/var/spool/postfix/var/run/postgresql~~ein quick fix~~ >>

<<}}}~~{{{~~>>
<<~~/etc/init.d/saslauthd stop~~>>
<<~~rm -rf /var/run/saslauthd~~>>
<<~~/etc/init.d/saslauthd start~~>>
<<==ln >> <<Amavis-s >> <<==~~/var/spool/postfix/var/run/saslauthd~~>> << ~~/var/run/~~>>

<<{{{~~/etc/init.d/dbmail restart~~>>
<<#~~/etc/init.d/postfix~~>> <</etc/spamassassin/updatechannels.txt~~restart~~>>
<<sa.zmi.at
updates.spamassassin.org
sought.rules.yerp.org

>>}}}
<<{{{~~ich~~>> <<#~~linke~~>> <</etc/default/spamassassin~~den socked einfach vom chroot in das normale /var/run~~>>
<<#~~damit~~>> <<Change~~testsaslauthd~~>> <<to-u >> <<one~~jkapitza~~>> <<to-p >> <<enable~~jens~~>> <<spamd~~läuft.~~>>
<<ENABLED=1 >>
<<#~~dann~~>> <<Cronjob
#~~kann~~>> <<Set~~man~~>> <<to~~sasl~~>> <<anything~~einstellen,~~>> <<but~~dass~~>> <<0es >> <<to~~rimap~~>> <<enable~~nutzt~~>> <<theso >> <<cron~~dass~~>> <<job~~der~~>> <<to~~imap~~>> <<automatically~~login~~>> <<update~~ein gültiges passwort anzeigt.~~>>
<<
~~{{{~~ >># <<spamassassin's/etc/default/saslauthd
START=yes
MECHANISMS="rimap"
#>> <<rules~~imap~~>> <<on~~auf~~>> <<aloclahost
MECH_OPTIONS="localhost"
OPTIONS="-m >> <<nightly basis~~/var/spool/postfix/var/run/saslauthd"~~>>
<<CRON=1~~PWDIR="/var/spool/postfix/var/run/saslauthd"~~>>
<<~~PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"~~
>>}}}
<<{{{
~~nun~~>> <<#~~muss~~>> <</etc/spamassassin/local.cf~~noch~~>> <<~~postfix beigebracht werden dass es doch bitte sasl anfragt.~~>>
<<#pyzor >>
<<use_pyzor~~Hier~~>> <<1
pyzor_path~~aber~~>> <</usr/bin/pyzor~~meine Baustelle.~~>>
<<#pyzor_add_header
~~das~~>> <<1~~ist keine Lösung, sondern nur eine Notiz.~~>>

<<#razor~~{{{~~>>
<<use_razor2#>> <<1~~/etc/postfix/sasl/smtpd.conf~~>>
<<razor_config~~log_level:~~>> <</etc/razor/razor-agent.conf7 >>
<<#bayes~~pwcheck_method: auxprop~~>>
<<use_bayes~~mech_list:~~>> <<1~~CRAM-MD5 DIGEST-MD5~~>>
<<bayes_auto_learn~~auxprop_plugin:~~>> <<1~~sql~~>>
<<~~#password_format: crypt~~>>
<<
bayes_path~~sql_engine:~~>> <</opt/bayes~~pgsql~~>>
<<#bayes_use_chi2_combining~~sql_verbose:~~>> <<1~~yes~~>>
<<bayes_auto_expire#>> <<0~~hier darf kein unix stehen /var/log/auth.log meldet sonst ein fehler~~>>
<<bayes_journal_max_size~~sql_hostnames:~~>> <<15000000~~/var/run/postgresql~~>>
<<bayes_expiry_max_db_size~~sql_user:~~>> <<20000000~~dbmail~~>>
<<
bayes_ignore_header~~sql_passwd:~~>> <<Return-Path~~dbmail~~>>
<<bayes_ignore_header~~sql_database:~~>> <<Received~~dbmail~~>>
<<bayes_ignore_header~~sql_select:~~>> <<X-Spam-Flag~~select passwd from dbmail_users where userid = '%u' OR userid = '%u@%r'~~>>
<<bayes_ignore_header
}}}

{{{
#>> <<X-Spam-Status~~oder anderer ansat~~>>
<<bayes_ignore_header
http://www.dbmail.org/dokuwiki/doku.php/gentoo:postfix_-_sasl_tls_-_mailscanner_-_dbmail?s[]=pwcheck&s[]=method

pwcheck_method:>> <<X-Spam-Flag~~auxprop~~ >>
<<bayes_ignore_header~~auxprop_plugin:~~>> <<X-Spam-Level~~sql~~ >>
<<bayes_ignore_header~~allowanonymouslogin:~~>> <<X-purgateno >>
<<bayes_ignore_header~~allowplaintext:~~>> <<X-purgate-ID~~yes~~ >>
<<bayes_ignore_header~~mech_list:~~>> <<X-purgate-Ad~~PLAIN LOGIN~~ >>
<<bayes_ignore_header~~srp_mda:~~>> <<X-GMX-Antispam~~md5~~ >>
<<bayes_ignore_header~~srvtab:~~>> <<X-Resent-For~~/dev/null~~ >>
<<bayes_ignore_header~~opiekeys:~~>> <<X-Resent-By~~/dev/null~~ >>
<<bayes_ignore_header~~password_format:~~>> <<X-Resent-To~~crypt~~ >>
<<bayes_ignore_header~~sql_user:~~>> <<Resent-To~~dbmail~~ >>
<<bayes_ignore_header~~sql_passwd:~~>> <<Sender~~mypassword~~ >>
<<bayes_ignore_header~~sql_hostnames:~~>> <<Precedence~~localhost~~ >>
<<bayes_ignore_header~~sql_database:~~>> <<X-Antispam~~dbmail~~ >>
<<bayes_ignore_header~~sql_select:~~>> <<X-Sieve~~SELECT passwd FROM dbmail_users WHERE userid = '%u@%r'~~ >>
<<bayes_ignore_header~~log_level:~~>> <<X-Spamcount10 >>
<<bayes_ignore_header~~sql_verbose:~~>> <<X-Spamsensitivity~~yes~~ >>
<<bayes_ignore_header
~~dann~~>> <<To~~aber pam nutzen!~~>>
<<bayes_ignore_header~~SASLAUTHD_OPTS=""~~>> <<X-Sieve >>
<<bayes_ignore_header~~SASLAUTHD_OPTS="${SASLAUTH_MECH}~~>> <<X-Bogosity~~-a pam -r"~~ >>

<<
>># << in >> <<Save~~/etc/pam.d/smtp~~
>> <<spam#>> <<messages~~mit~~>> <<as~~pam_mysql~~>> <<a~~bzw.~~>> <<message/rfc822pam_pgsql?
auth >> <<MIME >> <<attachment ~~sufficient~~>> <<instead >> <<of
# >> <<~~pam_mysql.so~~>> <<modifying~~user=dbmail~~>> <<the~~passwd=password~~>> <<original~~host=127.0.0.1~~>> <<message~~db=dbmail~~>> <<(0:~~table=dbmail_users~~>> <<off,~~usercolumn=userid~~>> <<2:~~passwdcolumn=passwd~~>> <<use~~crypt=1~~>> <<text/plain instead)>>
<<#>>
<<report_safe~~account~~>> <<1

}}}

Von~~required~~>> <<hand >> <<freshcalm >> <<aufrufen >> <<und ~~pam_mysql.so~~>> <<sa-update

{{{~~user=dbmail~~>> <<
sa-update~~passwd=password~~>> <<--channelfile~~host=127.0.0.1~~>> <</etc/mail/spamassassin/updatechannels.txt~~db=dbmail~~>> <<--nogpg~~table=sbmail_users usercolumn=userid passwdcolumn=passwd crypt=1~~ >>
<<freshclam >>
<<
>>}}}

<<So==>> <<noch~~pam~~>> <<eine==

{{{
cat >> <<schöne~~/etc/pam_pgsql.conf~~>> <<Woche ;) >>
<<----~~debug=1~~>>
<<TODO~~database~~>> <<Webserver=>> <<mit~~dbmail~~>>
<<
*~~user~~>> <<http://roundcube.net/~~= dbmail~~>>
<<*~~table~~>> <<nginx=>> <<oder apache2~~dbmail_users~~>>
<<*~~user_column~~>> <<mailman=>> <<oderuserid
pwd_column >> <<phplist=>> <<~~passwd~~>>
<<*#>> <<postfix~~später~~>> <<dann~~auf~~>> <<als~~crypt~~>> <<relay-smtp ~~ändern~~>>
<<~~pw_type=clear~~>>

<<----

*~~cat~~>> <<http://www.dbmail.org/dokuwiki/doku.php/sieve~~/etc/pam.d/smtp~~ >>
<<{{{
dbmail-sievecmd~~auth~~>> <<-u >> <<USERNAME >> <<-i >> <<MYSCRIPT ~~sufficient~~>> <<sieve.script ~~pam_pgsql.so verbose=1 user=dbmail passwd=secret host=/var/spool/postfix/var/run/postgresql~~>>
<<dbmail-sievecmd~~account~~>> <<-u >> <<USERNAME >> <<-a~~required~~>> <<MYSCRIPT ~~pam_pgsql.so verbose=1 user=dbmail passwd=secret host=/var/spool/postfix/var/run/postgresql~~>>
<<

}}}
<<

Menü
Startseite
ThemenWolke
Stammtisch
Mitglieder
EMail-Verteiler
Letzte Änderungen
Sitemap

Änderungen dieser Woche

27.05.2026
PeterHormanns	23:08:37
LugTreffen	22:54:23
LeftMenuFooter	22:46:41
LeftMenu	21:32:27
SandKasten	20:37:42
ThemenWolke	19:59:18
Java	19:58:29
Netbeans	19:57:47
Main	19:54:24