https://wiki.archlinux.org/api.php?action=feedcontributions&user=JesseSteele&feedformat=atomArchWiki - User contributions [en]2024-03-29T12:10:21ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=SpamAssassin&diff=787180SpamAssassin2023-09-08T08:50:36Z<p>JesseSteele: the updater and compiler also needs this other directory and to own it: /etc/mail/sa-update-keys</p>
<hr />
<div>[[Category:Mail server]]<br />
{{Related articles start}}<br />
{{Related|Postfix#SpamAssassin}}<br />
{{Related articles end}}<br />
[https://spamassassin.apache.org/ SpamAssassin] is a mail filter to identify spam.<br />
<br />
== Installation ==<br />
<br />
[[Install]] the {{Pkg|spamassassin}} package.<br />
<br />
Create a sa-update-keys directory in {{ic|/etc/mail/spamassassin}} and change the owner and group:<br />
<br />
# mkdir -p /etc/mail/spamassassin/sa-update-keys /etc/mail/sa-update-keys<br />
# chown -R spamd:spamd /etc/mail/spamassassin /etc/mail/sa-update-keys<br />
# chmod 755 /etc/mail/spamassassin<br />
# chmod 700 /etc/mail/spamassassin/sa-update-keys<br />
<br />
Next [[start/enable]] {{ic|spamassassin.service}}.<br />
<br />
== Usage ==<br />
<br />
Go over {{ic|/etc/mail/spamassassin/local.cf}} and configure it to your needs.<br />
<br />
=== Updating rules ===<br />
<br />
Update the SpamAssassin matching patterns and compile them:<br />
<br />
# sudo -u spamd /usr/bin/vendor_perl/sa-update && sudo -u spamd /usr/bin/vendor_perl/sa-compile<br />
<br />
You will want to run this periodically, the best way to do so is by setting up a [[systemd timer]].<br />
<br />
Create the following service, which will run these commands:<br />
{{hc|1=/etc/systemd/system/spamassassin-update.service|2=<br />
[Unit]<br />
Description=spamassassin housekeeping stuff<br />
After=network.target<br />
<br />
[Service]<br />
User=spamd<br />
Group=spamd<br />
Type=oneshot<br />
<br />
ExecStart=/usr/bin/vendor_perl/sa-update<br />
SuccessExitStatus=1<br />
ExecStart=/usr/bin/vendor_perl/sa-compile<br />
ExecStart=!/usr/bin/systemctl -q --no-block try-restart spamassassin.service<br />
<br />
# uncomment the following ExecStart line to train SA's bayes filter<br />
# and specify the path to the mailbox that contains spam email(s)<br />
#ExecStart=/usr/bin/vendor_perl/sa-learn --spam <path_to_your_spam_mailbox><br />
}}<br />
<br />
Then create the timer, which will execute the previous service daily:<br />
{{hc|1=/etc/systemd/system/spamassassin-update.timer|2=<br />
[Unit]<br />
Description=spamassassin house keeping<br />
<br />
[Timer]<br />
OnCalendar=daily<br />
Persistent=true<br />
<br />
[Install]<br />
WantedBy=timers.target<br />
}}<br />
<br />
Now you can [[start]] and [[enable]] {{ic|spamassassin-update.timer}}.<br />
<br />
== Set maximum size for scanning ==<br />
<br />
The default maximum size for scanning is 500 KB (see {{man|1p|spamc}}). You can modify it: create the spamc configuration file. For example :<br />
<br />
{{hc|1=/etc/mail/spamassassin/spamc.conf|2=<br />
# spamc global configuration file<br />
<br />
# max message size for scanning = 1Mo<br />
-s 1000000<br />
}}<br />
<br />
== Using a SQL database ==<br />
<br />
SpamAssassin can load user preferences, Bayesian filter data and auto-whitelist from a SQL database. This is specially helpful for a virtual user mail setup, where users do not have a {{ic|$HOME/.spamassassin}} directory with their SpamAssassin data.<br />
<br />
{{Note|Since [https://cwiki.apache.org/confluence/display/SPAMASSASSIN/TxRep TxRep plugin] is a newer and enhanced replacement for [https://cwiki.apache.org/confluence/display/SPAMASSASSIN/AutoWelcomelist Auto-Welcomelist] and [https://cwiki.apache.org/confluence/display/spamassassin/AutoWhitelist Auto-Whitelist], this is the covered implementation in this article}}<br />
<br />
=== MySQL ===<br />
<br />
Install {{pkg|perl-dbd-mysql}}. Then, create the database:<br />
<br />
{{hc|1=$ mysql -u root -p|2=<br />
CREATE DATABASE <db_name>;<br />
GRANT ALL ON <db_name>.* TO '<db_user>'@'localhost' IDENTIFIED BY '<password>';<br />
}}<br />
<br />
Git-clone [https://github.com/apache/spamassassin SpamAssassin's source]. Under the {{ic|sql/}} directory you will find the required files to create the database tables. Note that {{ic|TYPE}} has been replaced by {{ic|ENGINE}} in recent MySQL versions, so replace it accordingly in the used {{ic|.sql}} files if needed.<br />
<br />
Create the tables for user preferences, Bayesian filter data and TxRep, respectively:<br />
<br />
$ mysql -u root -p <db_name> < userpref_mysql.sql<br />
$ mysql -u root -p <db_name> < bayes_mysql.sql<br />
$ mysql -u root -p <db_name> < txrep_mysql.sql<br />
<br />
TxRep is optional, so skip it if you're not using it. In case you want to use it but haven't configured it yet, please refer to {{man|3|Mail::SpamAssassin::Plugin::TxRep}}<br />
<br />
Make sure to have the following your configuration file:<br />
<br />
{{hc|1=/etc/mail/spamassassin/local.cf|2=<br />
## MySQL database setup<br />
# User scores<br />
user_scores_dsn DBI:mysql:<db_name>:localhost<br />
user_scores_sql_username <db_user><br />
user_scores_sql_password <password><br />
<br />
# Bayesian filter<br />
bayes_store_module Mail::SpamAssassin::BayesStore::MySQL<br />
bayes_sql_dsn DBI:mysql:<db_name>:localhost<br />
bayes_sql_username <db_user><br />
bayes_sql_password <password><br />
<br />
# TxRep plugin<br />
txrep_factory Mail::SpamAssassin::SQLBasedAddrList<br />
user_awl_dsn DBI:mysql:<db_name>:localhost<br />
user_awl_sql_username <db_user><br />
user_awl_sql_password <password><br />
}}<br />
<br />
Finally, [[restart]] {{ic|spamassassin.service}}.<br />
<br />
== Plugins ==<br />
<br />
=== ClamAV ===<br />
<br />
Install and setup clamd as described in [[ClamAV]].<br />
<br />
Follow one of the above instructions to call SpamAssassin from within your mail system.<br />
<br />
[[Install]] the {{pkg|perl-cpanplus-dist-arch}} package. Then install the ClamAV perl library as follows:<br />
<br />
# /usr/bin/vendor_perl/cpanp -i File::Scan::ClamAV<br />
<br />
Add the 2 files from https://wiki.apache.org/spamassassin/ClamAVPlugin into {{ic|/etc/mail/spamassassin/}}.<br />
Edit {{ic|/etc/mail/spamassassin/clamav.pm}} and update {{ic|$CLAMD_SOCK}} to point to your Clamd socket location (default is {{ic|/run/clamav/clamd.ctl}}).<br />
<br />
Finally, [[restart]] {{ic|spamassassin.service}}.<br />
<br />
=== Razor ===<br />
<br />
{{Note|The last version was released 2008.[https://sourceforge.net/projects/razor/files/razor-agents/]}}<br />
<br />
[http://razor.sourceforge.net/ Vipul's Razor] is a distributed, collaborative, spam detection and filtering network.<br />
<br />
Make sure you have installed SpamAssassin first, then:<br />
<br />
[[Install]] the {{Pkg|razor}} package.<br />
<br />
Register with Razor.<br />
<br />
# mkdir /etc/mail/spamassassin/razor<br />
# chown spamd:spamd /etc/mail/spamassassin/razor<br />
# sudo -u spamd -s<br />
$ cd /etc/mail/spamassassin/razor<br />
$ razor-admin -home=/etc/mail/spamassassin/razor -register<br />
$ razor-admin -home=/etc/mail/spamassassin/razor -create<br />
$ razor-admin -home=/etc/mail/spamassassin/razor -discover<br />
<br />
To tell SpamAssassin about Razor, add the following line to {{ic|/etc/mail/spamassassin/local.cf}}:<br />
<br />
razor_config /etc/mail/spamassassin/razor/razor-agent.conf<br />
<br />
To tell Razor about itself, add the following line to {{ic|/etc/mail/spamassassin/razor/razor-agent.conf}}:<br />
<br />
razorhome = /etc/mail/spamassassin/razor/<br />
<br />
Finally, [[restart]] {{ic|spamassassin.service}}.<br />
<br />
== Tips and tricks ==<br />
<br />
=== Maintaining TxRep SQL table ===<br />
<br />
It is recommended to keep TxRep SQL table clear of stale data, for performance and storage reasons. Here is a sample query that can be run on a regular schedule:<br />
<br />
DELETE FROM txrep WHERE last_hit <= (now() - INTERVAL 120 day);</div>JesseSteelehttps://wiki.archlinux.org/index.php?title=SpamAssassin&diff=787179SpamAssassin2023-09-08T08:43:02Z<p>JesseSteele: the updater returned home dir ownership errors if spamd did not own /etc/mail/spamassassin</p>
<hr />
<div>[[Category:Mail server]]<br />
{{Related articles start}}<br />
{{Related|Postfix#SpamAssassin}}<br />
{{Related articles end}}<br />
[https://spamassassin.apache.org/ SpamAssassin] is a mail filter to identify spam.<br />
<br />
== Installation ==<br />
<br />
[[Install]] the {{Pkg|spamassassin}} package.<br />
<br />
Create a sa-update-keys directory in {{ic|/etc/mail/spamassassin}} and change the owner and group:<br />
<br />
# mkdir -p /etc/mail/spamassassin/sa-update-keys<br />
# chown -R spamd:spamd /etc/mail/spamassassin<br />
# chmod 755 /etc/mail/spamassassin<br />
# chmod 700 /etc/mail/spamassassin/sa-update-keys<br />
<br />
Next [[start/enable]] {{ic|spamassassin.service}}.<br />
<br />
== Usage ==<br />
<br />
Go over {{ic|/etc/mail/spamassassin/local.cf}} and configure it to your needs.<br />
<br />
=== Updating rules ===<br />
<br />
Update the SpamAssassin matching patterns and compile them:<br />
<br />
# sudo -u spamd /usr/bin/vendor_perl/sa-update && sudo -u spamd /usr/bin/vendor_perl/sa-compile<br />
<br />
You will want to run this periodically, the best way to do so is by setting up a [[systemd timer]].<br />
<br />
Create the following service, which will run these commands:<br />
{{hc|1=/etc/systemd/system/spamassassin-update.service|2=<br />
[Unit]<br />
Description=spamassassin housekeeping stuff<br />
After=network.target<br />
<br />
[Service]<br />
User=spamd<br />
Group=spamd<br />
Type=oneshot<br />
<br />
ExecStart=/usr/bin/vendor_perl/sa-update<br />
SuccessExitStatus=1<br />
ExecStart=/usr/bin/vendor_perl/sa-compile<br />
ExecStart=!/usr/bin/systemctl -q --no-block try-restart spamassassin.service<br />
<br />
# uncomment the following ExecStart line to train SA's bayes filter<br />
# and specify the path to the mailbox that contains spam email(s)<br />
#ExecStart=/usr/bin/vendor_perl/sa-learn --spam <path_to_your_spam_mailbox><br />
}}<br />
<br />
Then create the timer, which will execute the previous service daily:<br />
{{hc|1=/etc/systemd/system/spamassassin-update.timer|2=<br />
[Unit]<br />
Description=spamassassin house keeping<br />
<br />
[Timer]<br />
OnCalendar=daily<br />
Persistent=true<br />
<br />
[Install]<br />
WantedBy=timers.target<br />
}}<br />
<br />
Now you can [[start]] and [[enable]] {{ic|spamassassin-update.timer}}.<br />
<br />
== Set maximum size for scanning ==<br />
<br />
The default maximum size for scanning is 500 KB (see {{man|1p|spamc}}). You can modify it: create the spamc configuration file. For example :<br />
<br />
{{hc|1=/etc/mail/spamassassin/spamc.conf|2=<br />
# spamc global configuration file<br />
<br />
# max message size for scanning = 1Mo<br />
-s 1000000<br />
}}<br />
<br />
== Using a SQL database ==<br />
<br />
SpamAssassin can load user preferences, Bayesian filter data and auto-whitelist from a SQL database. This is specially helpful for a virtual user mail setup, where users do not have a {{ic|$HOME/.spamassassin}} directory with their SpamAssassin data.<br />
<br />
{{Note|Since [https://cwiki.apache.org/confluence/display/SPAMASSASSIN/TxRep TxRep plugin] is a newer and enhanced replacement for [https://cwiki.apache.org/confluence/display/SPAMASSASSIN/AutoWelcomelist Auto-Welcomelist] and [https://cwiki.apache.org/confluence/display/spamassassin/AutoWhitelist Auto-Whitelist], this is the covered implementation in this article}}<br />
<br />
=== MySQL ===<br />
<br />
Install {{pkg|perl-dbd-mysql}}. Then, create the database:<br />
<br />
{{hc|1=$ mysql -u root -p|2=<br />
CREATE DATABASE <db_name>;<br />
GRANT ALL ON <db_name>.* TO '<db_user>'@'localhost' IDENTIFIED BY '<password>';<br />
}}<br />
<br />
Git-clone [https://github.com/apache/spamassassin SpamAssassin's source]. Under the {{ic|sql/}} directory you will find the required files to create the database tables. Note that {{ic|TYPE}} has been replaced by {{ic|ENGINE}} in recent MySQL versions, so replace it accordingly in the used {{ic|.sql}} files if needed.<br />
<br />
Create the tables for user preferences, Bayesian filter data and TxRep, respectively:<br />
<br />
$ mysql -u root -p <db_name> < userpref_mysql.sql<br />
$ mysql -u root -p <db_name> < bayes_mysql.sql<br />
$ mysql -u root -p <db_name> < txrep_mysql.sql<br />
<br />
TxRep is optional, so skip it if you're not using it. In case you want to use it but haven't configured it yet, please refer to {{man|3|Mail::SpamAssassin::Plugin::TxRep}}<br />
<br />
Make sure to have the following your configuration file:<br />
<br />
{{hc|1=/etc/mail/spamassassin/local.cf|2=<br />
## MySQL database setup<br />
# User scores<br />
user_scores_dsn DBI:mysql:<db_name>:localhost<br />
user_scores_sql_username <db_user><br />
user_scores_sql_password <password><br />
<br />
# Bayesian filter<br />
bayes_store_module Mail::SpamAssassin::BayesStore::MySQL<br />
bayes_sql_dsn DBI:mysql:<db_name>:localhost<br />
bayes_sql_username <db_user><br />
bayes_sql_password <password><br />
<br />
# TxRep plugin<br />
txrep_factory Mail::SpamAssassin::SQLBasedAddrList<br />
user_awl_dsn DBI:mysql:<db_name>:localhost<br />
user_awl_sql_username <db_user><br />
user_awl_sql_password <password><br />
}}<br />
<br />
Finally, [[restart]] {{ic|spamassassin.service}}.<br />
<br />
== Plugins ==<br />
<br />
=== ClamAV ===<br />
<br />
Install and setup clamd as described in [[ClamAV]].<br />
<br />
Follow one of the above instructions to call SpamAssassin from within your mail system.<br />
<br />
[[Install]] the {{pkg|perl-cpanplus-dist-arch}} package. Then install the ClamAV perl library as follows:<br />
<br />
# /usr/bin/vendor_perl/cpanp -i File::Scan::ClamAV<br />
<br />
Add the 2 files from https://wiki.apache.org/spamassassin/ClamAVPlugin into {{ic|/etc/mail/spamassassin/}}.<br />
Edit {{ic|/etc/mail/spamassassin/clamav.pm}} and update {{ic|$CLAMD_SOCK}} to point to your Clamd socket location (default is {{ic|/run/clamav/clamd.ctl}}).<br />
<br />
Finally, [[restart]] {{ic|spamassassin.service}}.<br />
<br />
=== Razor ===<br />
<br />
{{Note|The last version was released 2008.[https://sourceforge.net/projects/razor/files/razor-agents/]}}<br />
<br />
[http://razor.sourceforge.net/ Vipul's Razor] is a distributed, collaborative, spam detection and filtering network.<br />
<br />
Make sure you have installed SpamAssassin first, then:<br />
<br />
[[Install]] the {{Pkg|razor}} package.<br />
<br />
Register with Razor.<br />
<br />
# mkdir /etc/mail/spamassassin/razor<br />
# chown spamd:spamd /etc/mail/spamassassin/razor<br />
# sudo -u spamd -s<br />
$ cd /etc/mail/spamassassin/razor<br />
$ razor-admin -home=/etc/mail/spamassassin/razor -register<br />
$ razor-admin -home=/etc/mail/spamassassin/razor -create<br />
$ razor-admin -home=/etc/mail/spamassassin/razor -discover<br />
<br />
To tell SpamAssassin about Razor, add the following line to {{ic|/etc/mail/spamassassin/local.cf}}:<br />
<br />
razor_config /etc/mail/spamassassin/razor/razor-agent.conf<br />
<br />
To tell Razor about itself, add the following line to {{ic|/etc/mail/spamassassin/razor/razor-agent.conf}}:<br />
<br />
razorhome = /etc/mail/spamassassin/razor/<br />
<br />
Finally, [[restart]] {{ic|spamassassin.service}}.<br />
<br />
== Tips and tricks ==<br />
<br />
=== Maintaining TxRep SQL table ===<br />
<br />
It is recommended to keep TxRep SQL table clear of stale data, for performance and storage reasons. Here is a sample query that can be run on a regular schedule:<br />
<br />
DELETE FROM txrep WHERE last_hit <= (now() - INTERVAL 120 day);</div>JesseSteelehttps://wiki.archlinux.org/index.php?title=Kernel_live_patching&diff=738977Kernel live patching2022-07-25T07:23:52Z<p>JesseSteele: grammar</p>
<hr />
<div>[[Category:Kernel]]<br />
[[ja:カーネルライブパッチ]]<br />
[[pt:Kernel live patching]]<br />
[[zh-hans:Kernel live patching]]<br />
{{Related articles start}}<br />
{{Related|Kernel modules}}<br />
{{Related|Kernels/Compilation}}<br />
{{Related|Kexec}}<br />
{{Related articles end}}<br />
<br />
Kernel Live Patching (KLP) allows quick fixes to the kernel space without rebooting the whole system. Since version 4.0, related patches have been accepted [https://lwn.net/Articles/619390/][https://lwn.net/Articles/622936/][https://lwn.net/Articles/634649/], so one can configure their kernel to enable this feature. Generally, KLP is achieved by the following steps:<br />
# Obtain the source tree of the running kernel<br />
# Prepare the patch against the kernel<br />
# Apply some tools (as follows) to help transform and load the patch<br />
<br />
Some projects provide the live patching utilities before KLP was officially supported, such as Oracle's ksplice, SuSE's [[#kGraft]], and RedHat's [[#kpatch]]. They implemented the KLP functionality in different ways. The minimalistic functional set of patches that entered the mainstream kernel were derived from kpatch and kGraft.<br />
<br />
== kpatch ==<br />
<br />
=== Installation ===<br />
<br />
[[Install]] {{AUR|kpatch}} for an appropriate kernel and {{AUR|kpatch-git}} for userspace tools.<br />
<br />
You can also manually build a kernel that supports kpatch usage, by enabling {{ic|CONFIG_LIVEPATCH}}, {{ic|CONFIG_DEBUG_INFO}}, and {{ic|CONFIG_KALLSYMS}}.<br />
<br />
{{Note|Remember to update the [[bootloader]] after you install the special kernel.}}<br />
<br />
=== Usage ===<br />
<br />
Once both packages are successfully built and after reboot, you may<br />
<br />
$ export ROOTDIR=some/dir/aur/linux-kpatch/src/linux-x-y<br />
$ cd $ROOTDIR<br />
<br />
Assume that you have done some modifications and have a patch ''some.patch'' (against the source tree after a {{ic|makepkg -o}}, not the vanilla kernel of version ''x.y'') in the working directory. Launch the kpatch utility,<br />
<br />
$ kpatch-build -s $(pwd) -v $(pwd)/vmlinux ''some.patch''<br />
<br />
This command involves two kernel builds, the original one and the patched one, so it may take a period of time to complete. After the build is over, there should be a ''kpatch-some.ko'' module in the same directory. And then,<br />
<br />
# insmod ''kpatch-some.ko''<br />
<br />
should do the trick.<br />
<br />
For further information, please check the manpages or [https://github.com/dynup/kpatch the GitHub repository].<br />
<br />
== kGraft ==<br />
<br />
{{Expansion|No useful information.}}<br />
<br />
KGraft has not been tested in Arch environment.<br />
<br />
== See also ==<br />
<br />
* [https://docs.kernel.org/livepatch/livepatch.html The kernel document of livepatch]<br />
* [[wikipedia:Kpatch]]<br />
* [[wikipedia:KGraft]]<br />
* [[wikipedia:Ksplice]]</div>JesseSteelehttps://wiki.archlinux.org/index.php?title=SpamAssassin&diff=658498SpamAssassin2021-04-09T00:29:17Z<p>JesseSteele: /* ClamAV */ Type-o was imported from the referred Wiki site</p>
<hr />
<div>[[Category:Mail server]]<br />
{{Related articles start}}<br />
{{Related|Postfix#SpamAssassin}}<br />
{{Related articles end}}<br />
[https://spamassassin.apache.org/ SpamAssassin] is a mail filter to identify spam.<br />
<br />
== Installation ==<br />
<br />
Install the {{Pkg|spamassassin}} package.<br />
<br />
{{Style|Use absolute paths, as currently it is not clear where exactly should the directory be located. Also, [[chown]] can set user and group ownership in one command.}}<br />
<br />
Create a spamassassin directory in /etc/mail and change the owner and group<br />
# mkdir /etc/mail/sa-update-keys<br />
# chown spamd:spamd /etc/mail/sa-update-keys<br />
<br />
Next [[start]] and enable {{ic|spamassassin.service}}.<br />
<br />
== Usage ==<br />
<br />
Go over {{ic|/etc/mail/spamassassin/local.cf}} and configure it to your needs.<br />
<br />
=== Updating rules ===<br />
<br />
Update the SpamAssassin matching patterns and compile them:<br />
# sudo -u spamd sa-update && sudo -u spamd sa-compile<br />
<br />
You will want to run this periodically, the best way to do so is by setting up a [[Systemd/Timers]].<br />
<br />
Create the following service, which will run these commands:<br />
{{hc|1=/etc/systemd/system/spamassassin-update.service|2=<br />
[Unit]<br />
Description=spamassassin housekeeping stuff<br />
After=network.target<br />
<br />
[Service]<br />
#User=spamd<br />
#Group=spamd<br />
Type=oneshot<br />
<br />
# remove --allowplugins, if you do not want plugin updates from SA.<br />
ExecStart=sudo -u spamd /usr/bin/vendor_perl/sa-update --allowplugins<br />
SuccessExitStatus=1<br />
ExecStart=sudo -u spamd /usr/bin/vendor_perl/sa-compile<br />
ExecStart=/usr/bin/systemctl -q --no-block try-restart spamassassin.service<br />
<br />
# uncomment the following ExecStart line to train SA's bayes filter<br />
# and specify the path to the mailbox that contains spam email(s)<br />
#ExecStart=/usr/bin/vendor_perl/sa-learn --spam <path_to_your_spam_mailbox><br />
}}<br />
<br />
Then create the timer, which will execute the previous service daily:<br />
{{hc|1=/etc/systemd/system/spamassassin-update.timer|2=<br />
[Unit]<br />
Description=spamassassin house keeping<br />
<br />
[Timer]<br />
OnCalendar=daily<br />
Persistent=true<br />
<br />
[Install]<br />
WantedBy=timers.target<br />
}}<br />
<br />
Now you can [[start]] and [[enable]] {{ic|spamassassin-update.timer}}.<br />
<br />
== Plugins ==<br />
<br />
=== ClamAV ===<br />
<br />
Install and setup clamd as described in [[ClamAV]].<br />
<br />
Follow one of the above instructions to call SpamAssassin from within your mail system.<br />
<br />
[[Install]] the {{pkg|perl-cpanplus-dist-arch}} package. Then install the ClamAV perl library as follows:<br />
<br />
# /usr/bin/vendor_perl/cpanp -i File::Scan::ClamAV<br />
Add the 2 files from http://wiki.apache.org/spamassassin/ClamAVPlugin into {{ic|/etc/mail/spamassassin/}}.<br />
Edit {{ic|/etc/mail/spamassassin/clamav.pm}} and update {{ic|$CLAMD_SOCK}} to point to your Clamd socket location (default is {{ic|/run/clamav/clamd.ctl}}).<br />
<br />
Finally, [[restart]] {{ic|spamassassin.service}}.<br />
<br />
=== Razor ===<br />
<br />
{{Note|The last version was released 2008.[https://sourceforge.net/projects/razor/files/razor-agents/]}}<br />
<br />
[http://razor.sourceforge.net/ Vipul's Razor] is a distributed, collaborative, spam detection and filtering network.<br />
<br />
Make sure you have installed SpamAssassin first, then:<br />
<br />
[[Install]] the {{Pkg|razor}} package.<br />
<br />
Register with Razor.<br />
<br />
# mkdir /etc/mail/spamassassin/razor<br />
# chown spamd:spamd /etc/mail/spamassassin/razor<br />
# sudo -u spamd -s<br />
$ cd /etc/mail/spamassassin/razor<br />
$ razor-admin -home=/etc/mail/spamassassin/razor -register<br />
$ razor-admin -home=/etc/mail/spamassassin/razor -create<br />
$ razor-admin -home=/etc/mail/spamassassin/razor -discover<br />
<br />
To tell SpamAssassin about Razor, add the following line to {{ic|/etc/mail/spamassassin/local.cf}}:<br />
<br />
razor_config /etc/mail/spamassassin/razor/razor-agent.conf<br />
<br />
To tell Razor about itself, add the following line to {{ic|/etc/mail/spamassassin/razor/razor-agent.conf}}:<br />
<br />
razorhome = /etc/mail/spamassassin/razor/<br />
<br />
Finally, [[restart]] {{ic|spamassassin.service}}.</div>JesseSteelehttps://wiki.archlinux.org/index.php?title=Virtual_user_mail_system_with_Postfix,_Dovecot_and_Roundcube&diff=656889Virtual user mail system with Postfix, Dovecot and Roundcube2021-03-31T02:29:42Z<p>JesseSteele: /* Roundcube */ needed a link to the Roundcube page just like the PostfixAdmin section has.</p>
<hr />
<div>[[Category:Mail server]]<br />
[[ja:仮想ユーザーメールシステム]]<br />
[[zh-hans:Virtual user mail system with Postfix, Dovecot and Roundcube]]<br />
{{Related articles start}}<br />
{{Related|Courier MTA}}<br />
{{Related|OpenDKIM}}<br />
{{Related|Postfix}}<br />
{{Related|SOGo}}<br />
{{Related articles end}}<br />
{{Merge|Postfix|Article duplicates [[Postfix]], [[Dovecot]] and [[Roundcube]] and mainly consists of config snippets intended to be copy'n'pasted.}}<br />
<br />
This article describes how to set up a virtual user mail system, i.e. where the senders and recipients do not correspond to the Linux system users.<br />
<br />
Roughly, the components used in this article are [[Postfix]] as the mail server, [[Dovecot]] as the IMAP server, [[Roundcube]] as the webmail interface and PostfixAdmin as the administration interface to manage it all.<br />
<br />
In the end, the provided solution will allow you to use the best currently available security mechanisms, you will be able to send mails using SMTP and SMTPS and receive mails using POP3, POP3S, IMAP and IMAPS. Additionally, configuration will be easy thanks to PostfixAdmin and users will be able to login using Roundcube.<br />
<br />
== Installation ==<br />
Before you start, you must have both a working MySQL server as described in [[MySQL]] and a working Postfix server as described in [[Postfix]].<br />
<br />
[[Install]] the {{Pkg|dovecot}} and {{Pkg|roundcubemail}} packages.<br />
<br />
== Configuration ==<br />
=== User ===<br />
For security reasons, a new user should be created to store the mails:<br />
# groupadd -g 5000 vmail<br />
# useradd -u 5000 -g vmail -s /usr/bin/nologin -d /home/vmail -m vmail<br />
A gid and uid of 5000 is used in both cases so that we do not run into conflicts with regular users. All your mail will then be stored in {{ic|/home/vmail}}. You could change the home directory to something like {{ic|/var/mail/vmail}} but be careful to change this in any configuration below as well.<br />
<br />
=== Database ===<br />
You will need to create an empty database and corresponding user. In this article, the user ''postfix_user'' will have read/write access to the database ''postfix_db'' using ''hunter2'' as password. You are expected to create the database and user yourself, and give the user permission to use the database, as shown in the following code.<br />
<br />
{{hc|$ mysql -u root -p|<br />
CREATE DATABASE postfix_db;<br />
GRANT ALL ON postfix_db.* TO 'postfix_user'@'localhost' IDENTIFIED BY 'hunter2';<br />
FLUSH PRIVILEGES;<br />
}}<br />
<br />
{{Expansion|Further manual database installation is missing. So far, the only way to follow this article is by installing PostfixAdmin with Apache, MySQL and PHP.}}<br />
<br />
Now you can go to the PostfixAdmin's setup page, let PostfixAdmin create the needed tables and create the users in there.<br />
<br />
==== PostfixAdmin ====<br />
<br />
See [[PostfixAdmin]].<br />
<br />
=== SSL certificate ===<br />
You will need a SSL certificate for all encrypted mail communications (SMTPS/IMAPS/POP3S). If you do not have one, create one:<br />
# cd /etc/ssl/private/<br />
# openssl req -new -x509 -nodes -newkey rsa:4096 -keyout vmail.key -out vmail.crt -days 1460 #days are optional<br />
# chmod 400 vmail.key<br />
# chmod 444 vmail.crt<br />
<br />
Alternatively, create a free trusted certificate using [[Let's Encrypt]]. The private key will be in {{ic|/etc/letsencrypt/live/''yourdomain''/privkey.pem}}, the certificate in {{ic|/etc/letsencrypt/live/''yourdomain''/fullchain.pem}}. Either change the configuration accordingly, or symlink the keys to {{ic|/etc/ssl/private}}:<br />
# ln -s /etc/letsencrypt/live/''yourdomain''/privkey.pem /etc/ssl/private/vmail.key<br />
# ln -s /etc/letsencrypt/live/''yourdomain''/fullchain.pem /etc/ssl/private/vmail.crt<br />
<br />
=== Postfix ===<br />
<br />
Before you copy & paste the configuration below, check if {{ic|relay_domains}} has already been set. If you leave more than one active, you will receive warnings during runtime.<br />
<br />
{{Warning|{{ic|<nowiki>relay_domains</nowiki>}} can be dangerous. You usually do not want Postfix to forward mail of strangers. {{ic|<nowiki>$mydestination</nowiki>}} is a sane default value. Double check its value before running postfix! See http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_to}} <br />
<br />
Also follow [[Postfix#Secure SMTP (receiving)]] pointing to the files you created in [[#SSL certificate]].<br />
<br />
==== Setting up Postfix ====<br />
<br />
To {{ic|/etc/postfix/main.cf}} append:<br />
relay_domains = $mydestination<br />
virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_alias_maps.cf<br />
virtual_mailbox_domains = proxy:mysql:/etc/postfix/virtual_mailbox_domains.cf<br />
virtual_mailbox_maps = proxy:mysql:/etc/postfix/virtual_mailbox_maps.cf<br />
virtual_mailbox_base = /home/vmail<br />
virtual_mailbox_limit = 512000000<br />
virtual_minimum_uid = 5000<br />
virtual_transport = virtual<br />
virtual_uid_maps = static:5000<br />
virtual_gid_maps = static:5000<br />
local_transport = virtual<br />
local_recipient_maps = $virtual_mailbox_maps<br />
transport_maps = hash:/etc/postfix/transport<br />
<br />
smtpd_sasl_auth_enable = yes<br />
smtpd_sasl_type = dovecot<br />
smtpd_sasl_path = /var/run/dovecot/auth-client<br />
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination<br />
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination<br />
smtpd_sasl_security_options = noanonymous<br />
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options<br />
smtpd_tls_security_level = may<br />
smtpd_tls_auth_only = yes<br />
smtpd_tls_received_header = yes<br />
smtpd_tls_cert_file = /etc/ssl/private/vmail.crt<br />
smtpd_tls_key_file = /etc/ssl/private/vmail.key<br />
smtpd_sasl_local_domain = $mydomain<br />
smtpd_tls_loglevel = 1<br />
smtp_tls_security_level = may<br />
smtp_tls_loglevel = 1<br />
<br />
* In the configuration above {{ic|virtual_mailbox_domains}} is a list of the domains that you want to receive mail for. This CANNOT contain the domain that is set in {{ic|mydestination}}. That is why we left {{ic|mydestination}} to be localhost only.<br />
<br />
* {{ic|virtual_mailbox_maps}} will contain the information of virtual users and their mailbox locations. We are using a hash file to store the more permanent maps, and these will then override the forwards in the MySQL database.<br />
<br />
* {{ic|virtual_mailbox_base}} is the base directory where the virtual mailboxes will be stored.<br />
<br />
The {{ic|virtual_uid_maps}} and {{ic|virtual_gid_maps}} are the real system user IDs that the virtual mails will be owned by. This is for storage purposes. <br />
<br />
{{note|Since we will be using a web interface (Roundcube), and do not want people accessing this by any other means, we will be creating this account later without providing any login access.}}<br />
<br />
==== Create the file structure ====<br />
<br />
Those new additional settings reference a lot of files that do not even exist yet. We will create them with the following steps.<br />
<br />
If you were setting up your database with PostfixAdmin and created the database schema through PostfixAdmin, you can create the following files. Do not forget to change the password:<br />
<br />
{{hc|/etc/postfix/virtual_alias_maps.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = alias<br />
select_field = goto<br />
where_field = address<br />
</nowiki>}}<br />
<br />
{{hc|/etc/postfix/virtual_mailbox_domains.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = domain<br />
select_field = domain<br />
where_field = domain<br />
</nowiki>}}<br />
<br />
{{hc|/etc/postfix/virtual_mailbox_maps.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = mailbox<br />
select_field = maildir<br />
where_field = username<br />
</nowiki>}}<br />
<br />
For alias domains functionality adjust the following files:<br />
<br />
{{hc|/etc/postfix/main.cf|<nowiki><br />
virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_alias_maps.cf,proxy:mysql:/etc/postfix/virtual_alias_domains_maps.cf<br />
virtual_alias_domains = proxy:mysql:/etc/postfix/virtual_alias_domains.cf<br />
</nowiki>}}<br />
<br />
{{hc|/etc/postfix/virtual_alias_domains_maps.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = '1' AND alias_domain.active='1'<br />
</nowiki>}}<br />
<br />
{{hc|/etc/postfix/virtual_alias_domains.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
query = SELECT alias_domain FROM alias_domain WHERE alias_domain='%s' AND active = '1'<br />
</nowiki>}}<br />
<br />
{{Note | For setups without using PostfixAdmin, create the following files.}}<br />
<br />
{{hc|/etc/postfix/virtual_alias_maps.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = domains<br />
select_field = virtual<br />
where_field = domain<br />
</nowiki>}}<br />
<br />
{{hc|/etc/postfix/virtual_mailbox_domains.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = forwardings<br />
select_field = destination<br />
where_field = source<br />
</nowiki>}}<br />
<br />
{{hc|/etc/postfix/virtual_mailbox_maps.cf|<nowiki><br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = users<br />
select_field = concat(domain,'/',email,'/')<br />
where_field = email<br />
</nowiki>}}<br />
<br />
Run ''postmap'' on ''transport'' to generate its db:<br />
# postmap /etc/postfix/transport<br />
<br />
=== Dovecot ===<br />
<br />
Instead of using the provided Dovecot example config file, we'll create our own {{ic|/etc/dovecot/dovecot.conf}}. Please note that the user and group here might be vmail '''instead of postfix'''!<br />
<br />
{{hc|/etc/dovecot/dovecot.conf|<nowiki><br />
protocols = imap pop3<br />
auth_mechanisms = plain<br />
passdb {<br />
driver = sql<br />
args = /etc/dovecot/dovecot-sql.conf<br />
}<br />
userdb {<br />
driver = sql<br />
args = /etc/dovecot/dovecot-sql.conf<br />
}<br />
<br />
service auth {<br />
unix_listener auth-client {<br />
group = postfix<br />
mode = 0660<br />
user = postfix<br />
}<br />
user = root<br />
}<br />
<br />
mail_home = /home/vmail/%d/%n<br />
mail_location = maildir:~<br />
<br />
ssl_cert = </etc/ssl/private/vmail.crt<br />
ssl_key = </etc/ssl/private/vmail.key<br />
</nowiki>}}<br />
<br />
{{note|If you instead want to modify {{ic|dovecot.conf.sample}}, beware that the default configuration file imports the content of {{ic|conf.d/*.conf}}. Those files call other files that aren't present in our configuration.}}<br />
<br />
Now we create {{ic|/etc/dovecot/dovecot-sql.conf}}, which we just referenced in the config above. Use the following contents and check if everything is set accordingly to your system's configuration.<br />
<br />
If you used PostfixAdmin, then you add the following:<br />
<br />
{{hc|/etc/dovecot/dovecot-sql.conf|<nowiki><br />
driver = mysql<br />
connect = host=localhost dbname=postfix_db user=postfix_user password=hunter2<br />
# It is highly recommended to not use deprecated MD5-CRYPT. Read more at http://wiki2.dovecot.org/Authentication/PasswordSchemes<br />
default_pass_scheme = SHA512-CRYPT<br />
# Get the mailbox<br />
user_query = SELECT '/home/vmail/%d/%n' as home, 'maildir:/home/vmail/%d/%n' as mail, 5000 AS uid, 5000 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'<br />
# Get the password<br />
password_query = SELECT username as user, password, '/home/vmail/%d/%n' as userdb_home, 'maildir:/home/vmail/%d/%n' as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'<br />
# If using client certificates for authentication, comment the above and uncomment the following<br />
#password_query = SELECT null AS password, ‘%u’ AS user<br />
</nowiki>}}<br />
<br />
Without having used PostfixAdmin you can use:<br />
<br />
{{hc|/etc/dovecot/dovecot-sql.conf|<nowiki><br />
driver = mysql<br />
connect = host=localhost dbname=postfix_db user=postfix_user password=hunter2<br />
# It is highly recommended to not use deprecated MD5-CRYPT. Read more at http://wiki2.dovecot.org/Authentication/PasswordSchemes<br />
default_pass_scheme = SHA512-CRYPT<br />
# Get the mailbox<br />
user_query = SELECT '/home/vmail/%d/%n' as home, 'maildir:/home/vmail/%d/%n' as mail, 5000 AS uid, 5000 AS gid, concat('dirsize:storage=', quota) AS quota FROM users WHERE email = '%u'<br />
# Get the password<br />
password_query = SELECT email as user, password, '/home/vmail/%d/%n' as userdb_home, 'maildir:/home/vmail/%d/%n' as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid FROM users WHERE email = '%u'<br />
# If using client certificates for authentication, comment the above and uncomment the following<br />
#password_query = SELECT null AS password, ‘%u’ AS user<br />
</nowiki>}}<br />
<br />
{{Tip|Visit http://wiki2.dovecot.org/Variables to learn more about Dovecot variables.}}<br />
<br />
==== DH parameters ====<br />
<br />
With v2.3 you are required to provide {{ic|1=ssl_dh = </path/to/dh.pem}} yourself.<br />
<br />
To generate a new DH parameters file (this will take very long):<br />
<br />
# openssl dhparam -out /etc/dovecot/dh.pem 4096<br />
<br />
then add the file to {{ic|/etc/dovecot/dovecot.conf}}<br />
<br />
ssl_dh = </etc/dovecot/dh.pem<br />
<br />
=== PostfixAdmin ===<br />
See [[PostfixAdmin]].<br />
<br />
Note: To match the configuration in this file, config.inc.php should contain the following.<br />
<br />
# /etc/webapps/postfixadmin/config.inc.php<br />
...<br />
$CONF['domain_path'] = 'YES';<br />
$CONF['domain_in_mailbox'] = 'NO';<br />
...<br />
<br />
=== Roundcube ===<br />
See [[Roundcube]].<br />
<br />
Make sure that both {{ic|1=extension=pdo_mysql}} and {{ic|1=extension=iconv}} are uncommented in your {{ic|php.ini}} file. Also check the {{ic|.htaccess}} for access restrictions. Assuming that localhost is your current host, navigate a browser to {{ic|http://localhost/roundcube/installer/}} and follow the instructions. <br />
<br />
Roundcube needs a separate database to work. You should not use the same database for Roundcube and PostfixAdmin. Create a second database {{ic|roundcube_db}} and a new user named {{ic|roundcube_user}}.<br />
<br />
While running the installer ...<br />
<br />
* For the address of the IMAP host, i.e. {{ic|default_host}}, use {{ic|ssl://localhost/}} or {{ic|tls://localhost/}} and not just {{ic|localhost}}. <br />
* Use port {{ic|993}}. Likewise with SMTP. <br />
* For the address of the SMTP host, i.e. {{ic|smtp_server}}, use {{ic|tls://localhost/}} and port {{ic|587}} if you used STARTTLS. Use {{ic|ssl://localhost/}} with port {{ic|465}} if you used SMTPS. If there is a failure to establish a session, try using {{ic|tls://yourservername}} instead, replacing {{ic|yourservername}} with the name of your server.<br />
* See [[#Postfix]] for an explanation on that.<br />
* Make sure the resulting configuration file has {{ic|1=$config['smtp_user'] = '%u';}} and {{ic|1=$config['smtp_pass'] = '%p';}} lines in it or you will not be able to send email.<br />
<br />
The post install process is similar to any other webapp like [[PhpMyAdmin]] or PostFixAdmin. The configuration file is in {{ic|/etc/webapps/roundcubemail/config/config.inc.php}} which works as an override over {{ic|defaults.inc.php}}.<br />
<br />
==== Apache configuration ====<br />
<br />
If you are using Apache, copy the example configuration file to your webserver configuration directory.<br />
<br />
# cp /etc/webapps/roundcubemail/apache.conf /etc/httpd/conf/extra/httpd-roundcubemail.conf<br />
<br />
Add the following line in<br />
<br />
{{hc|/etc/httpd/conf/httpd.conf|<nowiki><br />
Include conf/extra/httpd-roundcubemail.conf<br />
</nowiki>}}<br />
<br />
==== Roundcube: Change Password Plugin ====<br />
<br />
To let users change their passwords from within Roundcube, do the following:<br />
<br />
Enable the password plugin by adding this line to<br />
<br />
{{hc|/etc/webapps/roundcubemail/config/config.inc.php|<nowiki><br />
$config['plugins'] = array('password');<br />
</nowiki>}}<br />
<br />
Configure the password plugin and make sure you alter the settings accordingly:<br />
<br />
{{hc|/usr/share/webapps/roundcubemail/plugins/password/config.inc.php|<nowiki><br />
<?php<br />
<br />
$config['password_driver'] = 'sql';<br />
$config['password_db_dsn'] = 'mysql://<postfix_database_user>:<password>@localhost/<postfix_database_name>';<br />
// If you are not using dovecot specify another algorithm explicitly e.g 'sha256-crypt'<br />
$config['password_algorithm'] = 'dovecot';<br />
// For dovecot salted passwords only (above must be set to 'dovecot')<br />
// $config['password_algorithm_prefix'] = 'true';<br />
// $config['password_dovecotpw'] = 'doveadm pw';<br />
// $config['password_dovecotpw_method'] = 'SHA512-CRYPT';<br />
// $config['password_dovecotpw_with_method'] = true;<br />
$config['password_query'] = 'UPDATE mailbox SET password=%P WHERE username=%u';<br />
</nowiki>}}<br />
<br />
== Fire it up ==<br />
All necessary daemons should be started in order to test the configuration. [[Start]] both {{ic|postfix}} and {{ic|dovecot}}.<br />
<br />
Now for testing purposes, create a domain and mail account in PostfixAdmin. Try to login to this account using Roundcube. Now send yourself a mail.<br />
<br />
== Testing ==<br />
<br />
{{Style|Needs some cleanup. There are probably more general ways to write this.}}<br />
<br />
Now lets see if Postfix is going to deliver mail for our test user.<br />
{{bc|<br />
nc servername 25<br />
helo testmail.org<br />
mail from:<test@testmail.org><br />
rcpt to:<cactus@virtualdomain.tld><br />
data<br />
This is a test email.<br />
.<br />
quit<br />
}}<br />
<br />
=== Error response ===<br />
<br />
451 4.3.0 <lisi@test.com>:Temporary lookup failure<br />
Maybe you have entered the wrong user/password for MySQL or the MySQL socket is not in the right place.<br />
<br />
This error will also occur if you neglect to run newaliases at least once before starting postfix. MySQL is not required for local only usage of postfix.<br />
<br />
550 5.1.1 <email@spam.me>: Recipient address rejected: User unknown in virtual mailbox table.<br />
Double check content of mysql_virtual_mailboxes.cf and check the main.cf for mydestination<br />
<br />
=== See that you have received a email ===<br />
<br />
Now type {{ic|$ find /home/vmailer}}.<br />
<br />
You should see something like the following:<br />
{{bc|<br />
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld<br />
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/tmp<br />
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/cur<br />
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/new<br />
/home/vmailer/virtualdomain.tld/cactus@virtualdomain.tld/new/1102974226.2704_0.bonk.testmail.org<br />
}}<br />
The key is the last entry. This is an actual email, if you see that, it is working.<br />
<br />
== Optional Items ==<br />
Although these items are not required, they definitely add more completeness to your setup<br />
<br />
=== Quota ===<br />
To enable mailbox quota support by dovecot, do the following: <br />
*First add the following lines to /etc/dovecot/dovecot.conf<br />
dict {<br />
quotadict = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext<br />
}<br />
service dict {<br />
unix_listener dict {<br />
group = vmail<br />
mode = 0660<br />
user = vmail<br />
}<br />
user = root<br />
}<br />
service quota-warning {<br />
executable = script /usr/local/bin/quota-warning.sh<br />
user = vmail<br />
unix_listener quota-warning {<br />
group = vmail<br />
mode = 0660<br />
user = vmail<br />
}<br />
} <br />
mail_plugins=quota<br />
protocol pop3 {<br />
mail_plugins = quota<br />
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh<br />
pop3_uidl_format = %08Xu%08Xv<br />
}<br />
protocol lda {<br />
mail_plugins = quota<br />
postmaster_address = postmaster@yourdomain.com<br />
}<br />
protocol imap {<br />
mail_plugins = $mail_plugins imap_quota<br />
mail_plugin_dir = /usr/lib/dovecot/modules<br />
}<br />
plugin {<br />
quota = dict:User quota::proxy::quotadict<br />
quota_rule2 = Trash:storage=+10%%<br />
quota_warning = storage=100%% quota-warning +100 %u<br />
quota_warning2 = storage=95%% quota-warning +95 %u<br />
quota_warning3 = storage=80%% quota-warning +80 %u<br />
quota_warning4 = -storage=100%% quota-warning -100 %u # user is no longer over quota<br />
}<br />
<br />
*Create a new file /etc/dovecot/dovecot-dict-sql.conf.ext with the following code:<br />
connect = host=localhost dbname=yourdb user=youruser password=yourpassword<br />
map {<br />
pattern = priv/quota/storage<br />
table = quota2<br />
username_field = username<br />
value_field = bytes<br />
}<br />
map {<br />
pattern = priv/quota/messages<br />
table = quota2<br />
username_field = username<br />
value_field = messages<br />
}<br />
*Create a warning script /usr/local/bin/quota-warning.sh and make sure it is executable. This warning script works with postfix lmtp configuration as well.<br />
<pre><br />
#!/bin/sh<br />
BOUNDARY="$1"<br />
USER="$2"<br />
MSG=""<br />
if [[ "$BOUNDARY" = "+100" ]]; then<br />
MSG="Your mailbox is now overfull (>100%). In order for your account to continue functioning properly, you need to remove some emails NOW."<br />
elif [[ "$BOUNDARY" = "+95" ]]; then<br />
MSG="Your mailbox is now over 95% full. Please remove some emails ASAP."<br />
elif [[ "$BOUNDARY" = "+80" ]]; then<br />
MSG="Your mailbox is now over 80% full. Please consider removing some emails to save space."<br />
elif [[ "$BOUNDARY" = "-100" ]]; then<br />
MSG="Your mailbox is now back to normal (<100%)."<br />
fi<br />
<br />
cat << EOF | /usr/lib/dovecot/dovecot-lda -d $USER -o "plugin/quota=maildir:User quota:noenforcing"<br />
From: postmaster@yourdomain.com<br />
Subject: Email Account Quota Warning<br />
<br />
Dear User,<br />
<br />
$MSG<br />
<br />
Best regards,<br />
Your Mail System<br />
EOF<br />
</pre><br />
<br />
*Edit the user_query line and add iterat_query in dovecot-sql.conf as following:<br />
user_query = SELECT '/home/vmail/%d/%n' as home, 'maildir:/home/vmail/%d/%n' as mail, 5000 AS uid, 5000 AS gid, concat('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active = '1'<br />
iterate_query = SELECT username AS user FROM mailbox<br />
*Set up LDA as described above under SpamAssassin. If you're not using SpamAssassin, the pipe should look like this in /etc/postfix/master.cf :<br />
dovecot unix - n n - - pipe<br />
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}<br />
As above activate it in Postfix main.cf<br />
virtual_transport = dovecot<br />
*You can set up quota per each mailbox in postfixadmin. Make sure the relevant lines in config.inc.php look like this:<br />
$CONF['quota'] = 'YES';<br />
$CONF['quota_multiplier'] = '1024000';<br />
<br />
Restart postfix and dovecot services. If things go well, you should be able to list all users' quota and usage by the this command:<br />
doveadm quota get -A<br />
You should be able to see the quota in roundcube too.<br />
<br />
=== Autocreate and autosubscribe folders in Dovecot ===<br />
<br />
To automatically create the "usual" mail hierarchy, modify your {{ic|/etc/dovecot/dovecot.conf}} as follows, editing to your specific needs.<br />
<br />
{{bc|1=<br />
namespace inbox {<br />
type = private<br />
separator = /<br />
prefix =<br />
inbox = yes<br />
}<br />
namespace inbox {<br />
mailbox Drafts {<br />
auto = subscribe<br />
special_use = \Drafts<br />
}<br />
mailbox Junk {<br />
auto = subscribe<br />
special_use = \Junk<br />
}<br />
mailbox Trash {<br />
auto = subscribe<br />
special_use = \Trash<br />
}<br />
mailbox Sent {<br />
auto = subscribe<br />
special_use = \Sent<br />
}<br />
}<br />
}}<br />
<br />
=== Dovecot public folder and global ACLs ===<br />
<br />
In this section we enable IMAP namespace public folders combined with global and per-folder [[ACL]]s.<br />
<br />
First, add the following lines to {{ic|/etc/dovecot/dovecot.conf}}:<br />
<br />
{{bc|1=<br />
### ACLs<br />
mail_plugins = acl<br />
protocol imap {<br />
mail_plugins = $mail_plugins imap_acl<br />
}<br />
plugin {<br />
acl = vfile<br />
# With global ACL files in /etc/dovecot/dovecot-acls file (v2.2.11+):<br />
acl = vfile:/etc/dovecot/dovecot-acl<br />
}<br />
<br />
### Public Mailboxes<br />
namespace {<br />
type = public<br />
separator = /<br />
prefix = public/<br />
location = maildir:/home/vmail/public:INDEXPVT=~/public<br />
subscriptions = no<br />
list = children<br />
}<br />
}}<br />
<br />
Create the root directory {{ic|/home/vmail/public}} and the folders you want to publicly share, for example (the period is required!) {{ic|/home/vmail/public/.example-1}}.<br />
<br />
Change the ownership of all files in the root directory:<br />
<br />
$ chown -R vmail:vmail /home/vmail/public<br />
<br />
Finally, create and modify your global ACL file to allow users access to these folders:<br />
<br />
{{hc|/etc/dovecot/dovecot-acl|2=<br />
public/* user=admin@example.com lrwstipekxa<br />
}}<br />
<br />
In the above example, user {{ic|admin@example.com}} has access to, and can do anything to, all the public folders. Edit to fit your specific needs.<br />
<br />
{{Note|<br />
* {{ic|lrwstipekxa}} are the permissions being granted. Visit the Dovecot wiki for further details.<br />
* Make sure the user subscribes to the folders in the client they are using.<br />
}}<br />
<br />
=== Fighting Spam ===<br />
<br />
As an alternative to SpamAssassin, consider {{Pkg|rspamd}}. Out of the box, it delivers an amazing amount of spam reduction, greylisting, etc and includes a nifty webui. See also [https://thomas-leister.de/en/mailserver-debian-stretch/].<br />
<br />
== Sidenotes ==<br />
<br />
=== Alternative vmail folder structure ===<br />
<br />
Instead of having a directory structure like {{ic|/home/vmail/example.com/user@example.com}} you can have cleaner subdirectories (without the additional domain name) by replacing {{ic|select_field}} and {{ic|where_field}} with:<br />
{{bc|1=query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM users WHERE email='%s'}}<br />
<br />
== Troubleshooting ==<br />
<br />
=== IMAP/POP3 client failing to receive mails ===<br />
<br />
If you get similar errors, take a look into {{ic|/var/log/mail.log}} or use {{ic|journalctl -xn --unit postfix.service}} to find out more.<br />
<br />
It may turn out that the Maildir {{ic|/home/vmail/mail@domain.tld}} is just being created if there is at least one email waiting. Otherwise there wouldn't be any need for the directory creation before.<br />
<br />
=== Roundcube not able to delete emails or view any 'standard' folders ===<br />
<br />
Ensure that the Roundcube config.inc.php file contains the following:<br />
<br />
{{bc|1=<br />
$config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Junk', 'Trash');<br />
$config['create_default_folders'] = true;<br />
$config['protect_default_folders'] = true;<br />
}}<br />
<br />
=== LMTP / Sieve ===<br />
<br />
Is LMTP not connecting to sieve? Ensure that your server is not routing the messages locally. This can be set in {{ic| /etc/postfix/main.cf}}:<br />
<br />
{{bc|1=<br />
mydestination = <br />
}}<br />
<br />
=== Are your emails sent to gmail users ending up in their junk/spam folders? ===<br />
<br />
Google gmail (and most other large email providers) will send your emails straight into your recipients junk / spam folder if you have not implemented SPF / DKIM / DMARC policies. (Hint: Rspamd, via the link above, shows you how to set this up, and will DKIM sign your emails.)<br />
<br />
== See also ==<br />
<br />
* [[Gentoo:Complete Virtual Mail Server]]</div>JesseSteelehttps://wiki.archlinux.org/index.php?title=Postfix&diff=656136Postfix2021-03-26T07:13:04Z<p>JesseSteele: `90-plugins.conf` does not exist! It is `90-plugin.conf`! If we need `90-plugins.conf`, the Wiki should read "Create" and include the whole file, not "Edit".</p>
<hr />
<div>[[Category:Mail server]]<br />
[[es:Postfix]]<br />
[[ja:Postfix]]<br />
[[zh-hans:Postfix]]<br />
{{Related articles start}}<br />
{{Related|Postfix with SASL}}<br />
{{Related|Virtual user mail system}}<br />
{{Related|OpenDMARC}}<br />
{{Related|OpenDKIM}}<br />
{{Related articles end}}<br />
[[Wikipedia:Postfix (software)|Postfix]] is a [[mail transfer agent]] that according to [http://www.postfix.org/ its website]:<br />
:attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different.<br />
<br />
This article builds upon [[Mail server]]. The goal of this article is to setup Postfix and explain what the basic configuration files do. There are instructions for setting up local system user-only delivery and a link to a guide for virtual user delivery. <br />
<br />
== Installation ==<br />
<br />
[[Install]] the {{Pkg|postfix}} package.<br />
<br />
== Configuration ==<br />
<br />
See [http://www.postfix.org/BASIC_CONFIGURATION_README.html Postfix Basic Configuration]. Configuration files are in {{ic|/etc/postfix}} by default. The two most important files are:<br />
<br />
* {{ic|master.cf}}, defines what Postfix services are enabled and how clients connect to them, see {{man|5|master}}<br />
* {{ic|main.cf}}, the main configuration file, see {{man|5|postconf}}<br />
<br />
Configuration changes need a {{ic|postfix.service}} [[reload]] in order to take effect.<br />
<br />
=== Aliases ===<br />
<br />
See {{man|5|aliases|pkg=postfix}}.<br />
<br />
You can specify aliases (also known as forwarders) in {{ic|/etc/postfix/aliases}}.<br />
<br />
You should map all mail addressed to ''root'' to another account since it is not a good idea to read mail as root. <br />
<br />
Uncomment the following line, and change {{ic|you}} to a real account.<br />
root: you<br />
<br />
Once you have finished editing {{ic|/etc/postfix/aliases}} you must run the postalias command:<br />
postalias /etc/postfix/aliases<br />
For later changes you can use:<br />
newaliases<br />
<br />
{{Tip|Alternatively you can create the file {{ic|~/.forward}}, e.g. {{ic|/root/.forward}} for root. Specify the user to whom root mail should be forwarded, e.g. ''user@localhost''.<br />
<br />
{{hc|/root/.forward|<br />
user@localhost<br />
}}<br />
<br />
}}<br />
<br />
=== Local mail ===<br />
<br />
To only deliver mail to local system users (that are in {{ic|/etc/passwd}}) update {{ic|/etc/postfix/main.cf}} to reflect the following configuration. Uncomment, change, or add the following lines:<br />
<br />
myhostname = localhost<br />
mydomain = localdomain<br />
mydestination = $myhostname, localhost.$mydomain, localhost<br />
inet_interfaces = $myhostname, localhost<br />
mynetworks_style = host<br />
default_transport = error: outside mail is not deliverable<br />
<br />
All other settings may remain unchanged. After setting up the above configuration file, you may wish to set up some [[#Aliases]] and then [[#Start Postfix]].<br />
<br />
=== Virtual mail ===<br />
Virtual mail is mail that does not map to a user account ({{ic|/etc/passwd}}).<br />
<br />
See [[Virtual user mail system with Postfix, Dovecot and Roundcube]] for a comprehensive guide how to set it up.<br />
<br />
=== Check configuration ===<br />
<br />
Run the {{ic|postfix check}} command. It should output anything that you might have done wrong in a config file. <br />
<br />
To see all of your configs, type {{ic|postconf}}. To see how you differ from the defaults, try {{ic|postconf -n}}.<br />
<br />
== Start Postfix ==<br />
<br />
{{Note|You must run {{ic|newaliases}} at least once for Postfix to run, even if you did not set up any [[#Aliases]].}}<br />
<br />
[[Start/enable]] the {{ic|postfix.service}}.<br />
<br />
== TLS ==<br />
<br />
For more information, see [http://www.postfix.org/TLS_README.html Postfix TLS Support].<br />
<br />
=== Secure SMTP (sending) ===<br />
<br />
By default, Postfix/sendmail will not send email encrypted to other SMTP servers. To use TLS when available, add the following line to {{ic|main.cf}}:<br />
{{hc|/etc/postfix/main.cf|2=<br />
smtp_tls_security_level = may<br />
}}<br />
<br />
To ''enforce'' TLS (and fail when the remote server does not support it), change {{ic|may}} to {{ic|encrypt}}. Note, however, that this violates [[RFC:2487]] if the SMTP server is publicly referenced.<br />
<br />
=== Secure SMTP (receiving) ===<br />
<br />
{{Warning|If you deploy [[Wikipedia:TLS|TLS]], be sure to follow [https://weakdh.org/sysadmin.html weakdh.org's guide] to prevent FREAK/Logjam. Since mid-2015, the default settings have been safe against [[Wikipedia:POODLE|POODLE]]. For more information see [[Server-side TLS]].}}<br />
<br />
By default, Postfix will not accept secure mail.<br />
<br />
You need to [[obtain a certificate]]. Point Postfix to your TLS certificates by adding the following lines to {{ic|main.cf}}:<br />
<br />
{{hc|/etc/postfix/main.cf|2=<br />
smtpd_tls_security_level = may<br />
smtpd_use_tls = yes<br />
smtpd_tls_cert_file = '''/path/to/cert.pem'''<br />
smtpd_tls_key_file = '''/path/to/key.pem'''<br />
}}<br />
<br />
There are two ways to accept secure mail. STARTTLS over SMTP (port 587) and SMTPS (port 465). The latter was previously deprecated but was reinstated by [[RFC:8314]].<br />
<br />
To enable STARTTLS over SMTP (port 587), uncomment the following lines in {{ic|master.cf}}:<br />
<br />
{{hc|/etc/postfix/master.cf|2=<br />
submission inet n - n - - smtpd<br />
-o syslog_name=postfix/submission<br />
-o smtpd_tls_security_level=encrypt<br />
-o smtpd_sasl_auth_enable=yes<br />
-o smtpd_tls_auth_only=yes<br />
-o smtpd_reject_unlisted_recipient=no<br />
# -o smtpd_client_restrictions=$mua_client_restrictions<br />
# -o smtpd_helo_restrictions=$mua_helo_restrictions<br />
# -o smtpd_sender_restrictions=$mua_sender_restrictions<br />
-o smtpd_recipient_restrictions=<br />
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject<br />
-o milter_macro_daemon_name=ORIGINATING<br />
}}<br />
The {{ic|smtpd_*_restrictions}} options remain commented because {{ic|$mua_*_restrictions}} are not defined in main.cf by default. If you do decide to set any of {{ic|$mua_*_restrictions}}, uncomment those lines too.<br />
<br />
<br />
To enable SMTPS (port 465), uncomment the following lines in {{ic|master.cf}}:<br />
<br />
{{hc|/etc/postfix/master.cf|<br />
'''smtps'''<nowiki> inet n - n - - smtpd<br />
-o syslog_name=postfix/smtps<br />
-o smtpd_tls_wrappermode=yes<br />
-o smtpd_sasl_auth_enable=yes<br />
-o smtpd_reject_unlisted_recipient=no<br />
# -o smtpd_client_restrictions=$mua_client_restrictions<br />
# -o smtpd_helo_restrictions=$mua_helo_restrictions<br />
# -o smtpd_sender_restrictions=$mua_sender_restrictions<br />
-o smtpd_recipient_restrictions=<br />
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject<br />
-o milter_macro_daemon_name=ORIGINATING<br />
</nowiki>}}<br />
<br />
And in the first line, replace {{ic|'''smtps'''}} with {{ic|submissions}}. (this is the official service name according to [https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt IANA]; Postfix still references the old name)<br />
<br />
The rationale surrounding the {{ic|$smtpd_*_restrictions}} lines is the same as above.<br />
<br />
{{Note|If you get an error message like {{ic|postfix/master[5309]: fatal: 0.0.0.0:smtps: Servname not supported for ai_socktype}}, make sure that you have the following line in {{ic|postfix/master.cf}}:<br />
submissions inet n - n - - smtpd<br />
Also make sure that {{ic|/etc/services}} is up to date and includes the following line:<br />
submissions 465/tcp<br />
}}<br />
<br />
== Tips and tricks ==<br />
<br />
=== Blacklist incoming emails ===<br />
<br />
Manually blacklisting incoming emails by sender address can easily be done with Postfix. <br />
<br />
Create and open {{ic|/etc/postfix/blacklist_incoming}} file and append sender email address:<br />
<br />
user@example.com REJECT<br />
<br />
Then use the {{ic|postmap}} command to create a database:<br />
<br />
# postmap hash:blacklist_incoming<br />
<br />
Add the following code before the first permit rule in {{ic|main.cf}}:<br />
<br />
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/blacklist_incoming<br />
<br />
Finally [[restart]] {{ic|postfix.service}}.<br />
<br />
===Hide the sender's IP and user agent in the Received header===<br />
This is a privacy concern mostly, if you use Thunderbird and send an email. The received header will contain your LAN and WAN IP and info about the email client you used.<br />
(Original source: [https://askubuntu.com/questions/78163/when-sending-email-with-postfix-how-can-i-hide-the-senders-ip-and-username-in AskUbuntu])<br />
What we want to do is remove the Received header from outgoing emails. This can be done by the following steps:<br />
<br />
Add the following line to {{ic|main.cf}}:<br />
<br />
smtp_header_checks = regexp:/etc/postfix/smtp_header_checks<br />
<br />
Create {{ic|/etc/postfix/smtp_header_checks}} with this content:<br />
<br />
/^Received: .*/ IGNORE<br />
/^User-Agent: .*/ IGNORE<br />
<br />
Finally, [[restart]] {{ic|postfix.service}}.<br />
<br />
=== Postfix in a chroot jail ===<br />
Postfix is not put in a chroot jail by default. The Postfix documentation [http://www.postfix.org/BASIC_CONFIGURATION_README.html#chroot_setup] provides details about how to accomplish such a jail. The steps are outlined below and are based on the chroot-setup script provided in the Postfix source code.<br />
<br />
First, go into the {{ic|master.cf}} file in the directory {{ic|/etc/postfix}} and change all the chroot entries to 'yes' (y) except for the services {{ic|qmgr}}, {{ic|proxymap}}, {{ic|proxywrite}}, {{ic|local}}, and {{ic|virtual}}<br />
<br />
Second, create two functions that will help us later with copying files over into the chroot jail (see last step)<br />
CP="cp -p"<br />
<br />
cond_copy() {<br />
# find files as per pattern in $1<br />
# if any, copy to directory $2<br />
dir=`dirname "$1"`<br />
pat=`basename "$1"`<br />
lr=`find "$dir" -maxdepth 1 -name "$pat"`<br />
if test ! -d "$2" ; then exit 1 ; fi<br />
if test "x$lr" != "x" ; then $CP $1 "$2" ; fi<br />
}<br />
<br />
Next, make the new directories for the jail:<br />
set -e<br />
umask 022<br />
<br />
POSTFIX_DIR=${POSTFIX_DIR-/var/spool/postfix}<br />
cd ${POSTFIX_DIR}<br />
<br />
mkdir -p etc lib usr/lib/zoneinfo<br />
test -d /lib64 && mkdir -p lib64<br />
<br />
Find the localtime file<br />
lt=/etc/localtime<br />
if test ! -f $lt ; then lt=/usr/lib/zoneinfo/localtime ; fi<br />
if test ! -f $lt ; then lt=/usr/share/zoneinfo/localtime ; fi<br />
if test ! -f $lt ; then echo "cannot find localtime" ; exit 1 ; fi<br />
rm -f etc/localtime<br />
<br />
Copy localtime and some other system files into the chroot's etc<br />
$CP -f $lt /etc/services /etc/resolv.conf /etc/nsswitch.conf etc<br />
$CP -f /etc/host.conf /etc/hosts /etc/passwd etc<br />
ln -s -f /etc/localtime usr/lib/zoneinfo<br />
<br />
Copy required libraries into the chroot using the previously created function {{ic|cond_copy}}<br />
cond_copy '/usr/lib/libnss_*.so*' lib<br />
cond_copy '/usr/lib/libresolv.so*' lib<br />
cond_copy '/usr/lib/libdb.so*' lib<br />
<br />
And don't forget to [[reload]] Postfix.<br />
<br />
=== DANE (DNSSEC) ===<br />
==== Resource Record ====<br />
<br />
{{warning|This is not a trivial section. Be aware that you make sure you know what you are doing. You better read [https://dane.sys4.de/common_mistakes Common Mistakes] before.}}<br />
<br />
[[DANE]] supports several types of records, however not all of them are suitable in Postfix.<br />
<br />
Certificate usage 0 is unsupported, 1 is mapped to 3 and 2 is optional, thus it is recommendet to publish a "3" record.<br />
More on [[DANE#Resource Record|Resource Records]].<br />
<br />
==== Configuration ====<br />
<br />
{{Expansion|What does ''tempfail'' mean?}}<br />
<br />
Opportunistic DANE is configured this way:<br />
{{hc|/etc/postfix/main.cf|<nowiki><br />
smtpd_use_tls = yes<br />
smtp_dns_support_level = dnssec<br />
smtp_tls_security_level = dane<br />
</nowiki>}}<br />
{{hc|/etc/postfix/master.cf|<nowiki><br />
dane unix - - n - - smtp<br />
-o smtp_dns_support_level=dnssec<br />
-o smtp_tls_security_level=dane<br />
</nowiki>}}<br />
<br />
To use per-domain policies, e.g. opportunistic DANE for example.org and mandatory DANE for example.com,<br />
use something like this:<br />
{{hc|/etc/postfix/main.cf|<nowiki><br />
indexed = ${default_database_type}:${config_directory}/<br />
<br />
# Per-destination TLS policy<br />
#<br />
smtp_tls_policy_maps = ${indexed}tls_policy<br />
<br />
# default_transport = smtp, but some destinations are special:<br />
#<br />
transport_maps = ${indexed}transport<br />
</nowiki>}}<br />
<br />
{{hc|transport|<br />
example.com dane<br />
example.org dane<br />
}}<br />
<br />
{{hc|tls_policy|<br />
example.com dane-only<br />
}}<br />
<br />
{{Note|For global mandatory DANE, change {{ic|smtp_tls_security_level}} to {{ic|dane-only}}. Be aware that this makes Postfix tempfail (respond with a {{ic|4.X.X}} error code) on all deliveries that do not use DANE at all!}}<br />
<br />
Full documentation is found [http://www.postfix.org/TLS_README.html#client_tls_dane here].<br />
<br />
== Extras ==<br />
<br />
* {{App|[[PostfixAdmin]]|A web-based administrative interface for Postfix.|http://postfixadmin.sourceforge.net/|{{Pkg|postfixadmin}}}}<br />
<br />
=== Postgrey ===<br />
<br />
{{Style|See [[Help:Style]]}}<br />
<br />
[http://postgrey.schweikert.ch/ Postgrey] can be used to enable [[Wikipedia:Greylisting|greylisting]] for a Postfix mail server.<br />
<br />
==== Installation ====<br />
<br />
[[Install]] the {{Pkg|postgrey}} package. To get it running quickly edit the Postfix configuration file and add these lines:<br />
{{hc|/etc/postfix/main.cf|<nowiki><br />
smtpd_recipient_restrictions =<br />
check_policy_service inet:127.0.0.1:10030<br />
</nowiki>}}<br />
<br />
Then [[start/enable]] the {{ic|postgrey}} service. Afterwards, reload the {{ic|postfix}} service. Now greylisting should be enabled.<br />
<br />
==== Configuration ====<br />
<br />
Configuration is done via editing the {{ic|postgrey.service}} file. First copy it over to edit it.<br />
<br />
# cp /usr/lib/systemd/system/postgrey.service /etc/systemd/system/<br />
<br />
==== Whitelisting ====<br />
To add automatic whitelisting (successful deliveries are whitelisted and don't have to wait any more), you could add the {{ic|<nowiki>--auto-whitelist-clients=N</nowiki>}} option and replace {{ic|N}} by a suitably small number (or leave it at its default of 5).<br />
<br />
...actually, the preferred method should be the override:<br />
<br />
cat /etc/systemd/system/postgrey.service.d/override.conf<br />
<br />
[Service]<br />
ExecStart=<br />
ExecStart=/usr/bin/postgrey --inet=127.0.0.1:10030 \<br />
--pidfile=/run/postgrey/postgrey.pid \<br />
--group=postgrey --user=postgrey \<br />
--daemonize \<br />
--greylist-text="Greylisted for %%s seconds" \<br />
--auto-whitelist-clients<br />
<br />
To add your own list of whitelisted clients in addition to the default ones, create the file {{ic|/etc/postfix/whitelist_clients.local}} and enter one host or domain per line, then restart {{ic|postgrey.service}} so the changes take effect.<br />
<br />
==== Troubleshooting ====<br />
<br />
If you specify {{ic|1=--unix=/path/to/socket}} and the socket file is not created ensure you have removed the default {{ic|1=--inet=127.0.0.1:10030}} from the service file. <br />
<br />
For a full documentation of possible options see {{ic|perldoc postgrey}}.<br />
<br />
=== SpamAssassin ===<br />
<br />
This section describes how to integrate [[SpamAssassin]].<br />
<br />
==== SpamAssassin stand-alone generic setup ====<br />
<br />
{{Note|If you want to combine SpamAssassin and Dovecot Mail Filtering, ignore the next two lines and continue further down instead.}}<br />
<br />
Edit {{ic|/etc/postfix/master.cf}} and add the content filter under smtp.<br />
{{bc|1=<br />
smtp inet n - n - - smtpd<br />
-o content_filter=spamassassin<br />
}}<br />
<br />
Also add the following service entry for SpamAssassin<br />
{{bc|1=<br />
spamassassin unix - n n - - pipe<br />
flags=R user=spamd argv=/usr/bin/vendor_perl/spamc -e /usr/bin/sendmail -oi -f ${sender} ${recipient}<br />
}}<br />
<br />
Now you can [[start]] and [[enable]] {{ic|spamassassin.service}}.<br />
<br />
==== SpamAssassin combined with Dovecot LDA / Sieve (Mailfiltering) ====<br />
<br />
Set up LDA and the Sieve-Plugin as described in [[Dovecot#Sieve]]. But ignore the last line {{ic|mailbox_command... }}.<br />
<br />
Instead add a pipe in {{ic|/etc/postfix/master.cf}}:<br />
dovecot unix - n n - - pipe<br />
flags=DRhu user=vmail:vmail argv=/usr/bin/vendor_perl/spamc -u spamd -e /usr/lib/dovecot/dovecot-lda -f ${sender} -d ${recipient}<br />
<br />
And activate it in {{ic|/etc/postfix/main.cf}}:<br />
virtual_transport = dovecot<br />
<br />
Alternately, if you don't want to use virtual transports you can use.{{ic|mailbox_command}}. This runs <br />
with the local user and group, whereas the pipe runs with with the specified user using the {{ic|user}} setting.<br />
<br />
mailbox_command = /usr/bin/vendor_perl/spamc -u spamd -e /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"<br />
<br />
==== SpamAssassin combined with Dovecot LMTP / Sieve ====<br />
Set up the LMTP and Sieve as described in [[Dovecot#Sieve]].<br />
<br />
Edit {{ic|/etc/dovecot/conf.d/90-plugin.conf}} and add:<br />
<br />
sieve_before = /etc/dovecot/sieve.before.d/<br />
sieve_extensions = +vnd.dovecot.filter<br />
sieve_plugins = sieve_extprograms<br />
sieve_filter_bin_dir = /etc/dovecot/sieve-filter<br />
sieve_filter_exec_timeout = 120s #this is often needed for the long running spamassassin scans, default is otherwise 10s<br />
<br />
Create the directory and put spamassassin in as a binary that can be ran by dovecot:<br />
<br />
# mkdir /etc/dovecot/sieve-filter<br />
# ln -s /usr/bin/vendor_perl/spamc /etc/dovecot/sieve-filter/spamc<br />
<br />
Create a new file, {{ic|/etc/dovecot/sieve.before.d/spamassassin.sieve}} which contains:<br />
<br />
require [ "vnd.dovecot.filter" ];<br />
filter "spamc" [ "-d", "127.0.0.1", "--no-safe-fallback" ];<br />
<br />
Compile the sieve rules {{ic|spamassassin.svbin}}:<br />
<br />
# cd /etc/dovecot/sieve.before.d<br />
# sievec spamassassin.sieve<br />
<br />
Finally, [[restart]] {{ic|dovecot.service}}.<br />
<br />
===Rule-based mail processing===<br />
With policy services one can easily finetune Postfix' behaviour of mail delivery.<br />
{{Pkg|postfwd}} and policyd ({{AUR|policyd-mysql}}, {{AUR|policyd-pgsql}} or {{AUR|policyd-sqlite}}) provide services to do so.<br />
This allows you to e.g. implement time-aware grey- and blacklisting of senders and receivers as well as [[SPF]] policy checking.<br />
<br />
Policy services are standalone services and connected to Postfix like this:<br />
{{hc|/etc/postfix/main.cf|<nowiki><br />
smtpd_recipient_restrictions =<br />
...<br />
check_policy_service unix:/run/policyd.sock<br />
check_policy_service inet:127.0.0.1:10040<br />
</nowiki>}}<br />
Placing policy services at the end of the queue reduces load, as only legitimate mails are processed. Be sure to place it before the first permit statement to catch all incoming messages.<br />
<br />
=== Sender Policy Framework ===<br />
To use the [[Sender Policy Framework]] with Postfix, you can [[install]] {{AUR|spf-engine}}, {{AUR|python-postfix-policyd-spf}} or {{AUR|postfix-policyd-spf-perl}}.<br />
<br />
==== With spf-engine or python-postfix-policyd-spf ====<br />
Edit {{ic|/etc/python-policyd-spf/policyd-spf.conf}} to your needs. An extensively commented version can be found at {{ic|/etc/python-policyd-spf/policyd-spf.conf.commented}}.<br />
Pay some extra attention to the HELO check policy, as standard settings strictly reject HELO failures.<br />
<br />
In {{ic|main.cf}} file, add a timeout for the policyd:<br />
<br />
{{hc|/etc/postfix/main.cf|2=<br />
policy-spf_time_limit = 3600s<br />
}}<br />
<br />
Then add a transport<br />
<br />
{{hc|/etc/postfix/master.cf|2=<br />
policy-spf unix - n n - 0 spawn<br />
user=nobody argv=/usr/bin/policyd-spf<br />
}}<br />
<br />
Lastly you need to add the policyd to the {{ic|smtpd_recipient_restrictions}}. To minimize load put it to the end of the restrictions but above any {{ic|reject_rbl_client}} DNSBL line:<br />
<br />
{{hc|/etc/postfix/main.cf|2=<br />
smtpd_recipient_restrictions=<br />
...<br />
permit_sasl_authenticated<br />
permit_mynetworks<br />
reject_unauth_destination<br />
check_policy_service unix:private/policy-spf<br />
}}<br />
<br />
Now reload the {{ic|postfix}} service.<br />
<br />
You can test your setup with the following:<br />
<br />
{{hc|/etc/python-policyd-spf/policyd-spf.conf|2=<br />
defaultSeedOnly = 0<br />
}}<br />
<br />
==== With postfix-policyd-spf-perl ====<br />
Do the same process with postfix as [[#With spf-engine or python-postfix-policyd-spf|with python-postfix-policyd-spf]], but with the following differences:<br />
<br />
Timeout for the policyd in {{ic|main.cf}} file:<br />
<br />
{{hc|/etc/postfix/main.cf|2=<br />
policy_time_limit = 3600<br />
}}<br />
<br />
Transport:<br />
<br />
{{hc|/etc/postfix/master.cf|2=<br />
policy unix - n n - 0 spawn<br />
user=nobody argv=/usr/lib/postfix/postfix-policyd-spf-perl<br />
}}<br />
<br />
Add the policyd to the {{ic|smtpd_recipient_restrictions}}:<br />
{{Warning|Specify {{ic|check_policy_service}} after {{ic|reject_unauth_destination}} or else your system can become an open relay.}}<br />
<br />
{{hc|/etc/postfix/main.cf|2=<br />
smtpd_recipient_restrictions=<br />
...<br />
reject_unauth_destination<br />
check_policy_service unix:private/policy<br />
...<br />
}}<br />
<br />
=== Sender Rewriting Scheme ===<br />
<br />
To use the [[Sender Rewriting Scheme]] with Postfix, [[install]] {{AUR|postsrsd}} and adjust the settings:<br />
<br />
{{hc|/etc/postsrsd/postsrsd|2=<br />
SRS_DOMAIN=yourdomain.tld<br />
SRS_EXCLUDE_DOMAINS=yourotherdomain.tld,yet.anotherdomain.tld<br />
SRS_SEPARATOR==<br />
SRS_SECRET=/etc/postsrsd/postsrsd.secret<br />
SRS_FORWARD_PORT=10001<br />
SRS_REVERSE_PORT=10002<br />
RUN_AS=postsrsd<br />
CHROOT=/usr/lib/postsrsd<br />
}}<br />
<br />
Enable and start the daemon, making sure it runs after reboot as well.<br />
Then configure Postfix accordingly by tweaking the following lines:<br />
<br />
{{hc|/etc/postfix/main.cf|2=<br />
sender_canonical_maps = tcp:localhost:10001<br />
sender_canonical_classes = envelope_sender<br />
recipient_canonical_maps = tcp:localhost:10002<br />
recipient_canonical_classes= envelope_recipient,header_recipient<br />
}}<br />
<br />
Restart Postfix and start forwarding mail.<br />
<br />
== Troubleshooting ==<br />
<br />
=== Warning: "database /etc/postfix/*.db is older than source file .." ===<br />
<br />
If you get one or both warnings with {{ic|journalctl}}:<br />
<br />
warning: database /etc/postfix/virtual.db is older than source file /etc/postfix/virtual<br />
warning: database /etc/postfix/transport.db is older than source file /etc/postfix/transport<br />
<br />
Then you can fix it by using these commands, depending on the messages you get:<br />
<br />
postmap /etc/postfix/transport<br />
postmap /etc/postfix/virtual<br />
<br />
And [[restart]] {{ic|postfix.service}}.<br />
<br />
=== Host or domain name not found. Name service error for name=... ===<br />
<br />
If you get the following warning with {{ic|journalctl}}:<br />
<br />
Host or domain name not found. Name service error for name=...<br />
<br />
It could be that you're running Postfix in a {{ic|chroot}} and {{ic|/etc/resolv.conf}} is missing. If so, you can fix this by:<br />
<br />
mkdir -p /var/spool/postfix/etc<br />
cp /etc/resolv.conf /var/spool/postfix/etc/resolv.conf<br />
<br />
And [[restart]] {{ic|postfix.service}}.<br />
<br />
== See also ==<br />
<br />
* [http://www.postfix.org/documentation.html Official documentation]<br />
* [https://help.ubuntu.com/community/Postfix Postfix Ubuntu documentation]</div>JesseSteelehttps://wiki.archlinux.org/index.php?title=User:JesseSteele&diff=656123User:JesseSteele2021-03-26T04:29:06Z<p>JesseSteele: wit, charm, and clarity</p>
<hr />
<div>I'm an American writer in Asia who wears many hats.<br />
<br />
I learned piano as a kid, studied Bible in college, and currently do podcasting, web contenting, cloud control, and brand design, spreading the evangels of Jesus without church and Linux without Ubuntu. I enjoy golf, water, speed, music, kung fu, art, and stories.<br />
<br />
Find my podcast at: [https://jesse.coffee jesse.coffee].</div>JesseSteelehttps://wiki.archlinux.org/index.php?title=User:JesseSteele&diff=656121User:JesseSteele2021-03-26T04:26:59Z<p>JesseSteele: Created the user page</p>
<hr />
<div>I'm an American writer in Asia who wears many hats.<br />
<br />
I learned piano as a kid, studied Bible in college, and currently do podcasting, web contenting, cloud control, and brand design, spreading the evangels of Jesus and Linux. I enjoy golf, water, speed, music, kung fu, art, and stories.<br />
<br />
Find my podcast at: [https://jesse.coffee jesse.coffee].</div>JesseSteelehttps://wiki.archlinux.org/index.php?title=Talk:Virtual_user_mail_system_with_Postfix,_Dovecot_and_Roundcube&diff=656120Talk:Virtual user mail system with Postfix, Dovecot and Roundcube2021-03-26T04:22:52Z<p>JesseSteele: I'm new here; why I hope this is not merged with the Postfix wiki</p>
<hr />
<div>== crt file ==<br />
[http://wiki2.dovecot.org/SSL/DovecotConfiguration Dovecot configuration] suggests setting the certs 0444 for the .crt and 0400 for the .key, but the wiki suggests 0644 and 0600, respectively. Personally, I do not see why anyone should have write permissions on the certs, esp. since they're not meant to be modified. Suggestions? --[[User:Gesh|Gesh]] ([[User talk:Gesh|talk]]) 23:30, 9 August 2012 (UTC)<br />
<br />
Hmm... I think you are right Gesh. I can't fathom how making the certs read only could damage the setup.<br />
--[[User:Justforgetme|Justforgetme]] ([[User talk:Justforgetme|talk]]) 00:10, 10 August 2012 (UTC)<br />
<br />
Also, shouldn't the chown nobody:nobody also be executed on the .crt file? I cannot understand the rationale of having it owned by root. At least with system-configuration files, you'd want both that root will be able to edit them and that *only* root be able to edit them. --[[User:Gesh|Gesh]] ([[User talk:Gesh|talk]]) 01:35, 10 August 2012 (UTC)<br />
<br />
Yeah there probably isn't anything wrong with making them read-only. --[[User:Svenstaro|Svenstaro]] ([[User talk:Svenstaro|talk]]) 00:23, 12 August 2012 (UTC)<br />
<br />
:I have changed this article so the permissions are exactly the same as in the Dovecot manual. Before my edits, the {{ic|.key}} was owned by "nobody", which not safe at all, since anybody logged in as "nobody"(=loads of potentially unsafe daemons) can read the {{ic|.key}}. Who owns the {{ic|.crt}} does not matter, so it's easiest to keep it root. --[[User:Lonaowna|Lonaowna]] ([[User talk:Lonaowna|talk]]) 12:44, 16 June 2014 (UTC)<br />
<br />
== Problem with dovecot and roundcube ==<br />
Hey there! Excellent tutorial, it almost worked like a charm! I had some problems with dovecot and roundcube. I'm not sure if they are sufficiently general to be added on the main tutorial, but I wanted to discuss them here:<br />
# Dovecot Greeting. I had to place a Dovecot greeting in /etc/dovecot/dovecot.conf. I included "login_greeting = Dovecot ready for action."<br />
# Instead of using TLS for IMAP in Roundcube I had to configure SSL. In particular, I had to change this "$rcmail_config['default_host'] = 'ssl://localhost/';" on Roundcube main.inc.php.<br />
# I missed a comment on the 'username_domain' option in the configuration. As it was not mentioned in the tutorial I wrongly assumed that Dovecot allows login with only the username. But then I couldn't login from Roundcube using my username. Adding the "$rcmail_config['username_domain'] = 'mydomain.net';" option in Roundcube main.inc.php.<br />
Thanks for the tutorial, I think it is pretty straightforward for a complex task a setting up the mail server. Best regards! --[[User:Es0x279e|Es0x279e]] ([[User talk:Es0x279e|talk]]) 10:12, 6 October 2012 (UTC)<br />
<br />
Hi! I cannot for the life of me get roundcube to work. It fails when I try to do the login to the IMAP server during installation. I get: <br />
"Connecting to tls://localhost/...<br />
IMAP connect: NOT OK(Login failed for [edited] from [edited]. Empty startup greeting (localhost:993))"<br />
I've tried changing it to ssl:// and without ssl:// or tls:// but for some reason it just does not work and I do not know where to go from here. Help would be greatly greatly appreciated. --[[User:Pei|Pei]] ([[User talk:Pei|talk]]) 04:20, 2 November 2012 (UTC)<br />
<br />
Undid the last contribution of ([[User talk:Mehtab|Mehtab]]) because listening interfaces should beimplementation speciffic for this Postfix installation. If anybody disagrees let me know. [[User:Justforgetme|Justforgetme]] ([[User talk:Justforgetme|talk]]) 06:41, 4 December 2012 (UTC)<br />
<br />
Expanded the Roundcube section and added some info for SpamAssassin and added the tip to remove "Received header". Had to do a bit of digging today to set it up, figured I add it here so it will be helpful. [[User:KingX|KingX]] ([[User talk:KingX|talk]]) 02:55, 21 April 2013 (UTC)<br />
<br />
Thank you!, the best tutorial I found, just want to point out some problems I had during the installation.<br />
<br />
A) If vmail id/gid != 5000, you may have dovecot-sql.conf correct, but postfix still complains for db access. Better listen to Svenstaro from the begining.<br />
<br />
B) Roundcube installer: DO NOT TRUST IT!. <br />
<br />
main.inc.php ,<br />
$rcmail_config['default_host'] = 'ssl://localhost'; <br />
If you use tls for IMAP, it will not work and you will get nightmares with the "STARTTLS command first" error. (roundcube tries to use ssl anyway)<br />
<br />
You can use tls for the SMTP server thoug, but also keep the next lines like this:<br />
$rcmail_config['smtp_server'] = 'tls://localhost';<br />
$rcmail_config['smtp_port'] = 587;<br />
$rcmail_config['smtp_user'] = '%u';<br />
$rcmail_config['smtp_pass'] = '%p'; <br />
If you use ssl, you also have to allow ssl connections. Change 'encrypt' for 'may' in your master.cf file, or you will have those nightmares again:<br />
-o smtpd_tls_security_level=encrypt<br />
C) mysql.so and imap.so must be enabled (/etc/php/php.ini)<br />
<br />
D) php.conf: You can create aliases for roundcube and postfixAdmin folders, so you don't bulk your /srv/http/ directory <br />
<br />
E) Your hostname have to include your domain name:<br />
lupus@ulula:~$ hostname <br />
myHostName.mysite.org <br />
F) Bloking port 25 is a common practice for ISP's. This port is where all incoming mail is delivered, so you will not be able get your mail from the outside world. Don't panic (I did), you need a MX DNS server with port fordwarding (or convice your isp that blocking the smtp port is for loosers). This site offers the service for free, good enough to play around: [http://rollernet.us] <br />
<br />
Edit your master.cf file to something like this<br />
smtp inet n - n - - smtpd<br />
26 inet n - n - - smtpd <br />
submission inet n - n - - smtpd<br />
Last word of advice: DO NOT mix virtual server mail with non virtual server mail configuration!<br />
--[[User:Dcgasca|dcgasca]] ([[User talk:Dcgasca|talk]]) 04:43, 22 June 2013 (UTC)<br />
<br />
== Server refuses connection ==<br />
<br />
Hello!<br />
Whenever I try to login to the mailaccount I created using postfixadmin with roundcube, I get the following error message (from roundcube):<br />
IMAP Error: Login failed for me@my.domain.com from my.ip.adre.ss. Could not connect to ssl://localhost:993: Connection refused in /usr/share/webapps/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 184 (POST /roundcubemail/?_task=login&_action=login)<br />
<br />
Also, when I tried to send an email to my account from another E-Mail adress, I got the following error report:<br />
The recipient server did not accept our requests to connect. Learn more at http://support.google.com/mail/bin/answer.py?answer=7720<br />
[(0) my.domain.com. [81.10.164.94]:25: Connection refused]<br />
<br />
Whats wrong?<br />
<br />
== relay_domains = * might me a bad idear ==<br />
<br />
I included the following warning into the article. I am not 100% sure about this. So maybe someone should check it and let us discuss it here.<br />
{{Warning|{{ic|<nowiki>relay_domains = *</nowiki>}} might me a bad idear (see http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_to). You usually do not want postfix to forward mail from strangers.}} <br />
--[[User:PMay|PMay]] ([[User talk:PMay|talk]]) 14:15, 9 January 2014 (UTC)<br />
<br />
Yes, doing it this way sets up your server as an open relay, which is a Very Bad Idea. Most setups like these specify another mysql proxy that can get the domains allowed to relay -<br />
<br />
main.cf:<br />
relay_domains = $mydestination, proxy:mysql:/etc/postfix/relay_domains_maps.cf<br />
<br />
relay_domains_maps.cf:<br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
query = SELECT domain FROM domain WHERE domain='%s' and transport = 'relay' and active = 1 AND NOT exists (select * from alias_domain where alias_domain = '%s' AND alias_domain.active = '1')<br />
[[User:Maleckii|Maleckii]] ([[User talk:Maleckii|talk]]) 23:42, 24 January 2014 (UTC)<br />
<br />
I'm going to change the default value from * to what was suggested above. I don't think it's a good idea to have * as a default.<br />
[[User:Simonsmiley|Simonsmiley]] ([[User talk:Simonsmiley|talk]]) 16:44, 16 June 2015 (UTC)<br />
== Postfix Database ==<br />
I followed this guide and found that my setup would work on the surface (I could even go in to Roundcube and believe I was sending mail but, the logs always have a lookup failure) but found that after letting postfixadmin set up the database, the mappings don't bind to anything in particular. For example, within "virtual_mailbox_domains" a table called forwardings is specified but this table does not exist.<br />
<br />
This is due to the way PostfixAdmin will set up the Database schema; I have since edited the wiki as the little note quite simply doesn't exist.<br />
<br />
== Virtual_Alias_Maps.cf for non-PostfixAdmin configurations appears to be incorrect == <br />
<br />
I may be missing something, but as far as I can tell, the suggested value of "select_field = virtual" for /etc/postfix/virtual_alias_maps.cf is incorrect when users are setting up without PostfixAdmin. The msyql db structure the user is instructed to create earlier on does not have a "virtual" column in the 'domain' table, and in practice, following though with this tutorial results in me seeing the errors:<br />
<br />
Oct 05 18:09:59 (myserver) postfix/proxymap[706]: warning: mysql query failed: Unknown column 'virtual' in 'field list'<br />
Oct 05 18:09:59 (myserver) postfix/trivial-rewrite[708]: warning: proxy:mysql:/etc/postfix/virtual_alias_maps.cf: table lookup problem<br />
Oct 05 18:09:59 (myserver) postfix/trivial-rewrite[708]: warning: virtual_alias_domains lookup failure<br />
<br />
in my log. Changing the 'select_field' entry in that file to 'domain' appears to fix the problem, and seems to match up with the DB structure the reader is told to create. So, the suggested /etc/postfix/virtual_alias_maps.cf for users not using PostfixAdmin should more likely be something like:<br />
<br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
table = domains<br />
select_field = domain<br />
where_field = domain<br />
<br />
I'm suggesting this rather than editing it because I'd rather someone more familiar with the setup of postfix and sql take a look before making the change. Thanks!<br />
<br />
== Tutorial does not create additional folders (Trash/Drafts) ==<br />
<br />
When I follow this tutorial no additional user folders (Trash/Drafts etc) are created.<br />
<br />
Users cannot delete emails or save drafts. A delete request in Roundcube generates the following: "Server Error: UID MOVE: Internal error occurred. Refer to server log for more information. [2015-11-03 06:59:11] (0.000 + 0.000 secs)."<br />
<br />
Can anybody explain how to get these folders working so that the Wiki can be amended?<br />
<br />
Update: Fixed this with the following additions to the Roundcube config file - will amend the wiki:<br />
<br />
$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Junk', 'Trash');<br />
$rcmail_config['create_default_folders'] = true;<br />
$rcmail_config['protect_default_folders'] = true;<br />
<br />
== Why not like /usr/share/doc/postfixadmin/DOCUMENTS/POSTFIX_CONF.txt? ==<br />
<br />
Is there a reason why this does not follow the recommendations in the postfixadmin documentation (the *.cf files etc... sql subdirectory for easy chmodding...)? I'm not sure how/if the non-postfixadmin setup works and can't tell if changing the configuration to resemble postfixadmin defaults more closely would break something there... but domain catchalls etc definitely doesn't work with (only) the config from this wiki page. [[User:Whoops|Whoops]] ([[User talk:Whoops|talk]]) 15:29, 16 December 2016 (UTC)<br />
<br />
<br />
== The tutorial does not use Dovecot for email delivery ==<br />
<br />
This is an interesting thing I came across when trying to add Sieve and SpamAssassin to my virtual mail setup that I created using this guide. The guide configures Postfix to do the delivery directly instead of making Dovecot do it, which makes it impossible to use Sieve with SpamAssassin through Dovecot. I'd suggest that this is corrected - possibly even explaining both lmtp and lda. Currently - unfortunately - even the guide in [https://wiki2.dovecot.org/HowTo/Virtual+Postfix+Dspam+Dovecot Dovecot documentation] is better than this.<br />
<br />
Oh and I also don't get why the configuration placing and such is so messed up, or why the dovecot/conf.d directory isn't used.<br />
<br />
--[[User:Amunak|Amunak]] ([[User talk:Amunak|talk]]) 13:19, 8 September 2018 (UTC)<br />
<br />
:I also had difficulty getting spamassassin to work while following the guide. Instead of trying to figure it out, I opted instead this go around to use rspamd. [[User:Amunak|Amunak]], if you know how to get SpamAssassin to work, please correct the guide, or at the least add a note pointing to the link you mentioned. I might add a note in the guide that other spam scan options, such as rspamd, exist...<br />
<br />
:Regarding why the configuration is so messed up, that's how dovecot was configured a few years ago. I remember using this same guide back around 2012, and since then Dovecot changed. However, the guide still works, since the new configuration locations are an attempt to not have one huge configuration file, but a bunch of small ones to make it easier. As people edited and updated the guide, nobody redid it to take into account the new format. Personally, I like having one file where all the configurations are located instead of scattered throughout multiple files. That being said, I would have no problem someone reparsing the information to the new format.<br />
<br />
:Lastly, I'm happy the guide does exist. I know there's that big tag at the top that mentions this is a candidate for merging with Postfix, but setting up an email server with virtual users is not a trivial task. This guide ties in a lot of moving pieces and, for the most part, shows you how to get them to work together. Cheers! :--[[User:Brasas|Brasas]] ([[User talk:Brasas|talk]]) 19:57, 9 September 2018 (UTC)<br />
<br />
== Section 'Setting up Postfix' might include potentially detrimental values ==<br />
<br />
Section 8 'Setting up Postfix' includes following settings.<br />
local_transport = virtual <br />
local_recipient_maps = $virtual_mailbox_maps<br />
Please help me understand the reason behind this. The guide attempts to set up virtual mail accounts. Why are settings touched that affect local delivery? In my understanding, the first line instructs Postfix to deliver local mail with the virtual domain mail delivery agent. The second line provides the virtual mailbox maps to look up the local users. Is this necessary or even useful? At no point in the guide are local users added to 'mailbox' (the table that gets queried). The guide doesn't address mixing local users and virtual users. Therefore, shouldn't following this guide lead to delivery errors whenever local users are getting mails and do not turn up in 'mailbox'? [[User:SomeOwl|SomeOwl]] ([[User talk:SomeOwl|talk]]) 16:36, 12 March 2019 (UTC)<br />
<br />
:I second this observation. Overriding local transport especially interferes when additional software like mailing lists. I spend multiple hours debugging my Mailman setup, as did [https://superuser.com/questions/731005/mailman-postfix-unknown-user#comment938506_731051| other persons reading this Wiki] [[User:Tzwenn|Tzwenn]] ([[User talk:Tzwenn|talk]]) 13:33, 15 April 2019 (UTC)<br />
<br />
== 'candidate for merging with Postfix': Please no ==<br />
<br />
I need this as a separate tutorial. When I used Ubuntu (before my conversion experience) I used this tutorial: [https://www.exratione.com/2016/05/a-mailserver-on-ubuntu-16-04-postfix-dovecot-mysql/ A Mailserver on Ubuntu 16.04: Postfix, Dovecot, MySQL]. I find that the separate tutorial here on Arch provides a should-be complete guide to integrating these various web apps together on a single mail server. Even if the Arch Wiki gurus decide these should be merged in order to maintain organizing standards, please at least included a comparable guide. We idiots need this to be less of a nuisance to the Arch community.<br />
<br />
[[User:JesseSteele|Jesse Steele]] ([[User talk:JesseSteele|talk]]) 04:22, 26 March 2021 (UTC)</div>JesseSteele