StuRa:Server/srs14
PT und bommel 2018-02-09 bauen nach der Doku Server/Jails/SRS14.
Installation
- pkg update
- pkg install apache24 maildrop sudo
Mailman und Postfix muss aus den Ports gebaut werden, weil die Paket sendmail als MTA unterstuetzt, wir aber Postfix benoetigen. Es gibt sonst Permission Probleme mit dem wrapper script.
- portsnap fetch extract
- cd /usr/ports/mail/mailman
- ALLOW_UNSUPPORTED_SYSTEM=1 make config
DOCS=on: Build and/or install documentation HTDIG=off: - EXPERIMENTAL - htdig integration patches NAMAZU2=off: Make private archives searchable with namazu2 NLS=on: Native Language Support Integrate with which MTA?: you have to select exactly one of them COURIER=off: for use with courier EXIM4=off: for use with exim4 OPENSMTPD=off: for use with opensmtpd - EXPERIMENTAL - POSTFIX=on: for use with postfix SENDMAIL=off: for use with sendmail
- ALLOW_UNSUPPORTED_SYSTEM=1 make install
- cd /usr/ports/mail/postfix
- ALLOW_UNSUPPORTED_SYSTEM=1 make config
BDB : off CDB : off DOCS : on EAI : on INST_BASE : off LDAP : off LDAP_SASL : off LMDB : off MYSQL : off NIS : off PCRE : on PGSQL : off SASL : off SASLKMIT : off SASLKRB5 : off SQLITE : off TEST : off TLS : on
- ALLOW_UNSUPPORTED_SYSTEM=1 make install
INFO: Alle folgenden Abfragen im build-Prozess werden mit der vorgeschlagenden Einstellung uebernommen.
Konfiguration
Dienste
/etc/rc.conf
apache24_enable="YES" mailman_enable="YES" postfix_enable="YES" sendmail_enable="NO"
Konten
Hinzufuegen von System Konten.
Mail - Angestellten
- Rossberg
Shell: nologin
remote: cd /home/rossberg && tar -cvf rossberg.tar .mailfilter Mail .mail_aliases .rhosts cd /home/rossberg && tar -xvf rossberg.tar
Mail - spam
- Spam
Shell: nologin
Aliases
/etc/aliases.stura
newaliases postmap /etc/aliases.stura
Postfix
/usr/local/etc/postfix/main.cf
myhostname = mail.stura.htw-dresden.de mydomain = stura.htw-dresden.de smtp_bind_address = 141.56.50.14 myorigin = $myhostname inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain local_recipient_maps = unix:passwd.byname $alias_maps # 141.56.16.134 - 141.56.16.136 mailexchanger vom RZ # 141.56.16.231 - 232 mailrelay vom RZ mynetworks = 141.56.16.131, 141.56.16.134, 141.56.16.135, 141.56.16.136, 141.56.16.231, 141.56.16.232, 141.56.50.0/26, 127.0.0.0/24, 192.168.100.12 alias_maps = hash:/etc/aliases, hash:/etc/aliases.stura, hash:/usr/local/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/etc/aliases.stura home_mailbox = Mail/ mail_spool_directory = /var/mail mailbox_command = /usr/local/bin/maildrop -d ${USER} header_checks = pcre:$config_directory/header_checks smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_rhsbl_sender blackhole.securitysage.com smtpd_recipient_restrictions = reject_invalid_hostname, reject_unknown_recipient_domain, check_client_access hash:/usr/local/etc/postfix/rbl_override, reject_rbl_client sbl.spamhaus.org, permit smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname smtpd_client_restrictions = permit_mynetworks, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net smtpd_relay_restrictions = permit_mynetworks, defer_unauth_destination
/usr/local/etc/postfix/master.cf
Aktivate Mailman wrapper Script
mailman unix - n n - - pipe flags=FR user=mailman:mailman argv=/usr/local/mailman/postfix-to-mailman.py ${nexthop} ${user}
/usr/local/etc/postfix/header_checks
/^X-HTW-Spam-Flag:\s+YES/ REDIRECT spam@stura.htw-dresden.de
/usr/local/etc/postfix/rbl_override
<rz mail server als domain und ip-adresse>
/usr/local/etc/postfix/relay_recipients
@stura.htw-dresden.de OK
/usr/local/etc/postfix/transport
kss-sachsen.de smtp:lrs0x018.kss-sachsen.de
erstellen von Datenbank Dateien
postmap rbl_override relay_recipientstransportheader_checks
starte postfix
$ service postfix restart postfix: Postfix is running with backwards-compatible default settings postfix: See http://www.postfix.org/COMPATIBILITY_README.html for details postfix: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload" postfix/postfix-script: starting the Postfix mail system
Apache
/usr/local/etc/apache24/httpd.conf
... ServerAdmin webmaster@stura.htw-dresden.de ... ServerName lists.stura.htw-dresden.de:80 ... # Virtual hosts Include etc/apache24/extra/httpd-vhosts.conf ...
/usr/local/etc/apache24/extra/httpd-vhosts.conf
<VirtualHost lists.stura.htw-dresden.de:80> ServerAdmin webmaster@stura.htw-dresden.de DocumentRoot "/usr/local/mailman/lists" ServerName lists.stura.htw-dresden.de ServerAlias lists.stura.htw-dresden.de <Directory /usr/local/mailman/archives/> Options FollowSymLinks AllowOverride None </Directory> Alias /pipermail/ /usr/local/mailman/archives/public/ Alias /images/mailman/ /usr/share/images/mailman/ ScriptAlias /admin /usr/local/mailman/cgi-bin/admin ScriptAlias /admindb /usr/local/mailman/cgi-bin/admindb ScriptAlias /confirm /usr/local/mailman/cgi-bin/confirm ScriptAlias /create /usr/local/mailman/cgi-bin/create ScriptAlias /edithtml /usr/local/mailman/cgi-bin/edithtml ScriptAlias /listinfo /usr/local/mailman/cgi-bin/listinfo ScriptAlias /options /usr/local/mailman/cgi-bin/options ScriptAlias /private /usr/local/mailman/cgi-bin/private ScriptAlias /rmlist /usr/local/mailman/cgi-bin/rmlist ScriptAlias /roster /usr/local/mailman/cgi-bin/roster ScriptAlias /subscribe /usr/local/mailman/cgi-bin/subscribe ScriptAlias /mailman/ /usr/local/mailman/cgi-bin/ ScriptAlias / /usr/local/mailman/cgi-bin/listinfo <Directory "/usr/local/mailman"> AllowOverride All Options FollowSymlinks Require all granted </Directory> ErrorLog /var/log/mailman-error.log # CustomLog /var/log/mailman-access.log combined </VirtualHost>
maildrop
MDA: maildrop
maildir in users homeverzeichnis anlegen
maildrop-maildirmake Mail
im Homeverzeichnis die Datei .mailfilter anlegen:
MAILBOX="$HOME/Mail" DEFAULT="$MAILBOX"
chmod 600 .mailfilter chown <user> .mailfilter
maildrop in postfix main.cf einarbeiten
mailbox_command = /usr/local/bin/maildrop -d ${USER}
Mailman
- Mailmanumzug :[[1]]
remote: cd /usr/local/mailman && tar -cvf mailman.tar archives data lists Mailman/mm_cfg.py cd /usr/local/mailman && tar xvf mailman.tar
Mailman/mm_cfg.py
MTA = 'Postfix' POSTFIX_ALIAS_CMD = '/usr/local/sbin/postalias' POSTFIX_MAP_CMD = '/usr/local/sbin/postmap' SMTPHOST = 'localhost' # The default language for this server. DEFAULT_SERVER_LANGUAGE = 'de' # Unset send_reminders on newly created lists DEFAULT_SEND_REMINDERS = 0 DEFAULT_SEND_WELCOME_MSG = 0 DEFAULT_SEND_GOODBYE_MSG = 0 DEFAULT_ADMIN_NOTIFY_MCHANGES = 1 DEFAULT_NEW_MEMBER_OPTIONS = 272 DEFAULT_RESPOND_TO_POST_REQUESTS = 0 DEFAULT_ADMINISTRIVIA = 0 DEFAULT_MAX_MESSAGE_SIZE = 0 DEFAULT_MAX_NUM_RECIPIENTS = 0 DEFAULT_REQUIRE_EXPLICIT_DESTINATION = 0 # SUBSCRIBE POLICY # 0 - open list (only when ALLOW_OPEN_SUBSCRIBE is set to 1) ** # 1 - confirmation required for subscribes # 2 - admin approval required for subscribes # 3 - both confirmation and admin approval required # # ** please do not choose option 0 if you are not allowing open # subscribes (next variable) DEFAULT_SUBSCRIBE_POLICY = 3 # Does this site allow completely unchecked subscriptions? ALLOW_OPEN_SUBSCRIBE = Yes # Private_roster == 0: anyone can see, 1: members only, 2: admin only. DEFAULT_PRIVATE_ROSTER = 0 # Are archives public or private by default? # 0=public, 1=private DEFAULT_ARCHIVE_PRIVATE = 1 # What shold happen to non-member posts which are do not match explicit # non-member actions? # 0 = Accept # 1 = Hold # 2 = Reject # 3 = Discard DEFAULT_GENERIC_NONMEMBER_ACTION = 0 #POSTFIX_STYLE_VIRTUAL_DOMAINS = ['stura.htw-dresden.de'] # Put YOUR site-specific settings below this line. DEFAULT_URL_PATTERN = 'http://%s/' DEFAULT_EMAIL_HOST = 'stura.htw-dresden.de' DEFAULT_URL_HOST = 'lists.stura.htw-dresden.de' add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST) add_virtualhost('lists.htw.stura-dresden.de',DEFAULT_EMAIL_HOST) OWNERS_CAN_DELETE_THEIR_OWN_LISTS = 'YES' VIRTUAL_HOST_OVERVIEW = On
postfix-to-mailman.py
#! /usr/local/bin/python # Configuration variables - Change these for your site if necessary. MailmanHome = "/usr/local/mailman"; # Mailman home directory. MailmanOwner = "postmaster@stura.htw-dresden.de"; # Postmaster and abuse mail recipient. # End of configuration variables. # postfix-to-mailman-2.1.py (to be installed as postfix-to-mailman.py) # # Interface mailman to a postfix with a mailman transport. Does not require # the creation of _any_ aliases to connect lists to your mail system. # # Dax Kelson, dkelson@gurulabs.com, Sept 2002. # coverted from qmail to postfix interface # Jan 2003: Fixes for Mailman 2.1 # Thanks to Simen E. Sandberg <senilix@gallerbyen.net> # Feb 2003: Change the suggested postfix transport to support VERP # Thanks to Henrique de Moraes Holschuh <henrique.holschuh@ima.sp.gov.br> # # This script was originally qmail-to-mailman.py by: # Bruce Perens, bruce@perens.com, March 1999. # This is free software under the GNU General Public License. # # This script is meant to be called from ~mailman/postfix-to-mailman.py. # It catches all mail to a virtual domain, eg "lists.example.com". # It looks at the recipient for each mail message and decides if the mail is # addressed to a valid list or not, and bounces the message with a helpful # suggestion if it's not addressed to a list. It decides if it is a posting, # a list command, or mail to the list administrator, by checking for the # -admin, -owner, and -request addresses. It will recognize a list as soon # as the list is created, there is no need to add _any_ aliases for any list. # It recognizes mail to postmaster, mailman-owner, abuse, mailer-daemon, root, # and owner, and routes those mails to MailmanOwner as defined in the # configuration variables, above. # # INSTALLATION: # # Install this file as ~mailman/postfix-to-mailman.py # # To configure a virtual domain to connect to mailman, edit Postfix thusly: # # /etc/postfix/main.cf: # relay_domains = ... lists.example.com # transport_maps = hash:/etc/postfix/transport # mailman_destination_recipient_limit = 1 # # /etc/postfix/transport: # lists.example.com mailman: # # /etc/postfix/master.cf # mailman unix - n n - - pipe # flags=FR user=mailman:mailman # argv=/var/mailman/postfix-to-mailman.py ${nexthop} ${user} # # # Replace list.example.com above with the name of the domain to be connected # to Mailman. Note that _all_ mail to that domain will go to Mailman, so you # don't want to put the name of your main domain here. Typically a virtual # domain lists.domain.com is used for Mailman, and domain.com for regular # email. # import sys, os, re, string def main(): os.nice(5) # Handle mailing lists at non-interactive priority. # delete this if you wish os.chdir(MailmanHome + "/lists") try: local = sys.argv[2] except: # This might happen if we're not using Postfix sys.stderr.write("LOCAL not set?\n") sys.exit(1) local = string.lower(local) local = re.sub("^mailman-","",local) names = ("root", "postmaster", "mailer-daemon", "mailman-owner", "owner", "abuse") for i in names: if i == local: os.execv("/usr/sbin/sendmail", ("/usr/sbin/sendmail", MailmanOwner)) sys.exit(0) type = "post" types = (("-admin$", "admin"), ("-owner$", "owner"), ("-request$", "request"), ("-bounces$", "bounces"), ("-confirm$", "confirm"), ("-join$", "join"), ("-leave$", "leave"), ("-subscribe$", "subscribe"), ("-unsubscribe$", "unsubscribe")) for i in types: if re.search(i[0],local): type = i[1] local = re.sub(i[0],"",local) if os.path.exists(local): os.execv(MailmanHome + "/mail/mailman", (MailmanHome + "/mail/mailman", type, local)) else: bounce() sys.exit(75) def bounce(): bounce_message = """\ TO ACCESS THE MAILING LIST SYSTEM: Start your web browser on http://%s/ That web page will help you subscribe or unsubscribe, and will give you directions on how to post to each mailing list.\n""" sys.stderr.write(bounce_message % (sys.argv[1])) sys.exit(1) try: sys.exit(main()) except SystemExit, argument: sys.exit(argument) except Exception, argument: info = sys.exc_info() trace = info[2] sys.stderr.write("%s %s\n" % (sys.exc_type, argument)) sys.stderr.write("Line %d\n" % (trace.tb_lineno)) sys.exit(75) # Soft failure, try again later.
Mounts
Um eine bessere Handhabung fuer die Daten (z.B. Mail Archive und Mailkonten) zu erhalten, werden diese in ein separates ZFS Dataset ausgelagert und dann in die Jail gehangen.
/mnt/znyx/data/maildrop/rossberg on /mnt/znyx/jails/srs14/usr/home/rossberg/Mail (nullfs, local) /mnt/znyx/data/maildrop/spam on /mnt/znyx/jails/srs14/usr/home/spam/Mail (nullfs, local) /mnt/znyx/data/mailman/archives on /mnt/znyx/jails/srs14/usr/local/mailman/archives (nullfs, local) /mnt/znyx/data/mailman/data on /mnt/znyx/jails/srs14/usr/local/mailman/data (nullfs, local) /mnt/znyx/data/mailman/lists on /mnt/znyx/jails/srs14/usr/local/mailman/lists (nullfs, local)