|
|
|
# installation: serveur mail
|
|
|
|
|
|
|
|
|
|
|
|
[[_TOC_]]
|
|
|
|
|
|
|
|
|
|
|
|
## configuration logiciel client
|
|
|
|
|
|
|
|
* serveur: mail.$DOMAIN
|
|
|
|
* SMTP: porte 587 avec STARTTLS
|
|
|
|
* IMAP: porte 143 avec STARTTLS *(si pas possible:* IMAP sur porte 993 avec SSL*)*
|
|
|
|
* nom d'utilisateur: PRENOM.NOM *(pas l'adresse mail)*
|
|
|
|
|
|
|
|
|
|
|
|
## SMTP ([RFC#821](http://tools.ietf.org/html/rfc821))
|
|
|
|
|
|
|
|
[Postfix already installed]
|
|
|
|
# dpkg-reconfigure postfix
|
|
|
|
postfix/main_mailer_type: Internet site
|
|
|
|
postfix/destinations: $(hostname).$(dnsdomainname), localhost.$(dnsdomainname), localhost, $(dnsdomainname)
|
|
|
|
# rm /etc/postfix/sasl/sasl_passwd*
|
|
|
|
|
|
|
|
|
|
|
|
### tout le monde
|
|
|
|
|
|
|
|
# nano /etc/postfix/main.cf
|
|
|
|
[uncomment]
|
|
|
|
delay_warning_time = 4h
|
|
|
|
[add after
|
|
|
|
readme_directory = no]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
|
|
|
|
## anti-spam: SMTP restrictions
|
|
|
|
## <http://wiki.kartbuilding.net/index.php/Postfix_SMTP#Blocking_Spam_with_spamhaus_and_Postfix>
|
|
|
|
## <http://www.crynwr.com/spam/>
|
|
|
|
## <https://wiki.debian.org/Postfix#anti-spam:_smtp_restrictions>
|
|
|
|
smtpd_recipient_restrictions =
|
|
|
|
permit_mynetworks
|
|
|
|
reject_invalid_hostname
|
|
|
|
reject_unknown_recipient_domain
|
|
|
|
reject_unauth_destination
|
|
|
|
reject_rbl_client zen.spamhaus.org
|
|
|
|
smtpd_helo_restrictions =
|
|
|
|
reject_invalid_helo_hostname
|
|
|
|
reject_non_fqdn_helo_hostname
|
|
|
|
reject_unknown_helo_hostname
|
|
|
|
|
|
|
|
## anti-spam: using RBL lists
|
|
|
|
## <https://wiki.debian.org/Postfix#anti-spam:_Using_RBL_Lists>
|
|
|
|
smtpd_client_restrictions =
|
|
|
|
permit_mynetworks
|
|
|
|
reject_rbl_client dnsbl.sorbs.net
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
[add after
|
|
|
|
smtpd_tls_session_cache_database = btree:${data_directory}/smtp_scache]
|
|
|
|
smtpd_tls_auth_only = no
|
|
|
|
smtpd_tls_loglevel = 1
|
|
|
|
smtpd_tls_received_header = yes
|
|
|
|
smtpd_tls_security_level = may
|
|
|
|
[replace]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
|
|
|
|
# information on enabling SSL in the smtp client.
|
|
|
|
smtp_tls_note_starttls_offer = yes
|
|
|
|
## <http://bugs.debian.org/330885>
|
|
|
|
smtp_tls_security_level = may
|
|
|
|
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# echo 'it: it@itopie.ch' >>/etc/aliases
|
|
|
|
# newaliases
|
|
|
|
# service postfix restart
|
|
|
|
|
|
|
|
*[si gateway Internet]*
|
|
|
|
|
|
|
|
# nano /etc/postfix/main.cf
|
|
|
|
[replace]
|
|
|
|
smtpd_banner = mail.$(dnsdomainname) ESMTP $mail_name (Debian/GNU)
|
|
|
|
# nano /etc/rc.local
|
|
|
|
[add]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
# SMTP
|
|
|
|
/sbin/iptables -A INPUT -p tcp -i $INTERFACE --dport 25 -m state --state NEW -j ACCEPT
|
|
|
|
/sbin/iptables -O OUTPUT -p tcp -o $INTERFACE --dport 25 -m state --state NEW -j ACCEPT
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# /etc/rc.local
|
|
|
|
|
|
|
|
*[de toute façon]*
|
|
|
|
|
|
|
|
# telnet localhost 25
|
|
|
|
# echo 'test!' | mail -s "test Postfix $(hostname -f)" it
|
|
|
|
# etckeeper commit 'postfix/*: Internet Site'
|
|
|
|
[do not forget to add SPF records:
|
|
|
|
<https://en.wikipedia.org/wiki/Sender_Policy_Framework>]
|
|
|
|
|
|
|
|
|
|
|
|
### domain: alias (y compris local via LDAP)
|
|
|
|
|
|
|
|
# nano /etc/postfix/main.cf
|
|
|
|
[add after
|
|
|
|
smtp_tls_security_level = may]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
|
|
|
|
## Relay
|
|
|
|
relay_domains =
|
|
|
|
DOMAIN_OTHER
|
|
|
|
[DOMAIN_OTHER]
|
|
|
|
## Domain alias
|
|
|
|
## <http://www.postfix.org/VIRTUAL_README.html>
|
|
|
|
## <https://workaround.org/ispmail/squeeze/postfix-domain-types>
|
|
|
|
virtual_alias_maps =
|
|
|
|
hash:/etc/postfix/virtual.d/DOMAIN_OTHER
|
|
|
|
[hash:/etc/postfix/virtual.d/DOMAIN_OTHER]
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# mkdir -p /etc/postfix/virtual.d
|
|
|
|
# nano $!/DOMAIN_OTHER
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
EMAIL@DOMAIN_OTHER FINAL_DESTINATION[, FINAL_DESTINATION, etc.]
|
|
|
|
PRENOM@DOMAIN_OTHER PRENOM.NOM
|
|
|
|
# Technical entries
|
|
|
|
it@DOMAIN_OTHER it@inubo.ch
|
|
|
|
postmaster@DOMAIN_OTHER it@DOMAIN_OTHER
|
|
|
|
webmaster@DOMAIN_OTHER it@DOMAIN_OTHER
|
|
|
|
# Comment out the entry below to implement a catch-all.
|
|
|
|
@DOMAIN_OTHER FINAL_DESTINATION
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# postmap !$
|
|
|
|
|
|
|
|
*[si pas de DNS interne]*
|
|
|
|
|
|
|
|
# nano /etc/postfix/main.cf
|
|
|
|
[add after
|
|
|
|
smtp_tls_security_level = may]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
|
|
|
|
## <http://leolinux.in/server/postfix/force-postfix-refer-etchosts.html>
|
|
|
|
smtp_host_lookup = native
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# nano /etc/hosts
|
|
|
|
IP mail.DOMAIN_OTHER
|
|
|
|
|
|
|
|
*[de toute façon]*
|
|
|
|
|
|
|
|
# service postfix restart
|
|
|
|
# echo 'test!' | mail -s "test Postfix domain alias $(hostname -f)" EMAIL@DOMAIN_OTHER
|
|
|
|
# etckeeper commit 'postfix/virtual.d/DOMAIN_OTHER: new file'
|
|
|
|
|
|
|
|
|
|
|
|
### SASL ([RFC#2222](http://tools.ietf.org/html/rfc2222)) via Dovecot
|
|
|
|
|
|
|
|
[Dovecot already installed]
|
|
|
|
# nano /etc/dovecot/conf.d/10-master.conf
|
|
|
|
[replace]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
# Postfix smtp-auth
|
|
|
|
unix_listener /var/spool/postfix/private/auth {
|
|
|
|
mode = 0660
|
|
|
|
# Assuming the default Postfix user and group
|
|
|
|
user = postfix
|
|
|
|
group = postfix
|
|
|
|
}
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# service dovecot restart
|
|
|
|
# nano /etc/postfix/main.cf
|
|
|
|
[replace]
|
|
|
|
smtpd_recipient_restrictions =
|
|
|
|
permit_mynetworks
|
|
|
|
permit_sasl_authenticated
|
|
|
|
reject_invalid_hostname
|
|
|
|
reject_unknown_recipient_domain
|
|
|
|
reject_unauth_destination
|
|
|
|
reject_rbl_client zen.spamhaus.org
|
|
|
|
[add after
|
|
|
|
smtpd_tls_security_level = may]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
|
|
|
|
## SASL parameters
|
|
|
|
## <http://www.postfix.org/SASL_README.html#server_sasl>
|
|
|
|
smtpd_sasl_auth_enable = yes
|
|
|
|
smtpd_sasl_security_options = noanonymous
|
|
|
|
broken_sasl_auth_clients = yes
|
|
|
|
## use Dovecot SASL authentication instead of Cyrus
|
|
|
|
## <http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL>
|
|
|
|
smtpd_sasl_type = dovecot
|
|
|
|
# Can be an absolute path, or relative to $queue_directory
|
|
|
|
# Debian/Ubuntu users: Postfix is setup by default to run chrooted,
|
|
|
|
# so it is best to leave it as-is below
|
|
|
|
smtpd_sasl_path = private/auth
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# service postfix restart
|
|
|
|
# etckeeper commit 'postfix/main.cf: SASL via Dovecot'
|
|
|
|
|
|
|
|
|
|
|
|
### STARTTLS on 587 ([RFC#6409](http://tools.ietf.org/html/rfc6409))
|
|
|
|
|
|
|
|
|
|
|
|
#### authentification via SASL
|
|
|
|
|
|
|
|
# nano /etc/postfix/master.cf
|
|
|
|
[uncomment]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
submission inet n - - - - smtpd
|
|
|
|
-o syslog_name=postfix/submission
|
|
|
|
-o smtpd_tls_security_level=encrypt
|
|
|
|
-o smtpd_sasl_auth_enable=yes
|
|
|
|
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
|
|
|
|
-o milter_macro_daemon_name=ORIGINATING
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# service postfix restart
|
|
|
|
# telnet localhost 587
|
|
|
|
|
|
|
|
*[si gateway Internet]*
|
|
|
|
|
|
|
|
# nano /etc/rc.local
|
|
|
|
[add]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
# SMTP-submission
|
|
|
|
/sbin/iptables -A INPUT -p tcp -i $INTERFACE --dport 587 -m state --state NEW -j ACCEPT
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# /etc/rc.local
|
|
|
|
|
|
|
|
*[de toute façon]*
|
|
|
|
|
|
|
|
# etckeeper commit 'postfix/master.cf: SMTP-submission on 587'
|
|
|
|
|
|
|
|
|
|
|
|
#### vérification par empreinte TLS
|
|
|
|
|
|
|
|
# nano /etc/postfix/main.cf:
|
|
|
|
[add to smtpd_recipient_restrictions after
|
|
|
|
permit_sasl_authenticated]
|
|
|
|
permit_tls_clientcerts
|
|
|
|
[add]
|
|
|
|
relay_clientcerts = hash:/etc/postfix/relay_clientcerts
|
|
|
|
[add before
|
|
|
|
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem]
|
|
|
|
smtpd_tls_ask_ccert = yes
|
|
|
|
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
|
|
|
|
smtpd_tls_mandatory_ciphers = high
|
|
|
|
# echo "${CLIENT_PUBKEY_FINGERPRINT} ${CLIENT_FQDN}" >>/etc/postfix/relay_clientcerts
|
|
|
|
# postmap /etc/postfix/relay_clientcerts
|
|
|
|
# nano /etc/postfix/master.cf:
|
|
|
|
[replace in
|
|
|
|
submission]
|
|
|
|
-o smtpd_client_restrictions=permit_sasl_authenticated,permit_tls_clientcerts,reject
|
|
|
|
# service postfix restart`
|
|
|
|
# etckeeper commit 'postfix/main.cf: smtpd_recipient_restrictions += permit_tls_clientcerts'`
|
|
|
|
|
|
|
|
|
|
|
|
### gateway
|
|
|
|
|
|
|
|
# nano /etc/postfix/main.cf
|
|
|
|
[add after
|
|
|
|
smtp_tls_security_level = may]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
|
|
|
|
## Relay
|
|
|
|
relay_domains =
|
|
|
|
DOMAIN_OTHER
|
|
|
|
[DOMAIN_OTHER]
|
|
|
|
## Gateway
|
|
|
|
## <http://beginlinux.com/server_training/mail-server/1044-postfix-mail-gateway>
|
|
|
|
## <http://www.linuxmail.info/postfix-smtp-gateway/>
|
|
|
|
## <http://www.knowplace.org/pages/howtos/smtp_gateway_for_multiple_domains_with_postfix.php>
|
|
|
|
transport_maps = hash:/etc/postfix/transport
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# nano /etc/postfix/transport
|
|
|
|
DOMAIN_OTHER smtp:[mail.DOMAIN_OTHER]
|
|
|
|
[DOMAIN_OTHER smtp:[mail.DOMAIN_OTHER]]
|
|
|
|
# postmap !$
|
|
|
|
|
|
|
|
*[si pas de DNS interne]*
|
|
|
|
|
|
|
|
# nano /etc/postfix/main.cf
|
|
|
|
[add after
|
|
|
|
smtp_tls_security_level = may]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
|
|
|
|
## <http://leolinux.in/server/postfix/force-postfix-refer-etchosts.html>
|
|
|
|
smtp_host_lookup = native
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# nano /etc/hosts
|
|
|
|
IP_OTHER mail.DOMAIN_OTHER
|
|
|
|
|
|
|
|
*[de toute façon]*
|
|
|
|
|
|
|
|
# service postfix restart
|
|
|
|
# echo 'test!' | mail -s "test Postfix gateway $(hostname -f)" rescue@DOMAIN_OTHER
|
|
|
|
# etckeeper commit 'postfix/trasport: add DOMAIN_OTHER'
|
|
|
|
|
|
|
|
|
|
|
|
## IMAP ([RFC#1730](http://tools.ietf.org/html/rfc1730))
|
|
|
|
|
|
|
|
# apt-get install dovecot-imapd
|
|
|
|
|
|
|
|
dovecot-sieve
|
|
|
|
dovecot-managesieved
|
|
|
|
|
|
|
|
# nano /etc/dovecot/conf.d/10-auth.conf
|
|
|
|
[uncomment]
|
|
|
|
disable_plaintext_auth = yes
|
|
|
|
# service dovecot restart
|
|
|
|
# etckeeper commit 'dovecot/conf.d/10-auth.conf: disable_plaintext_auth = yes'
|
|
|
|
|
|
|
|
*[si gateway Internet]*
|
|
|
|
|
|
|
|
# nano /etc/rc.local
|
|
|
|
[add]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
# IMAP(S)
|
|
|
|
### module:xt_multiport is needed for --dports
|
|
|
|
### module:ip_conntrack is needed for --state
|
|
|
|
/sbin/iptables -A INPUT -p tcp -i $INTERFACE -m multiport --dports 143,993 -m state --state NEW -j ACCEPT
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# /etc/rc.local
|
|
|
|
|
|
|
|
*[si pas Maildir]*
|
|
|
|
|
|
|
|
# nano /etc/dovecot/conf.d/10-mail.conf
|
|
|
|
[replace]
|
|
|
|
mail_privileged_group = mail
|
|
|
|
# etckeeper commit 'dovecot/conf.d/10-mail.conf: mail_privileged_group = mail'
|
|
|
|
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
A FAIRE]
|
|
|
|
|
|
|
|
## Sieve
|
|
|
|
|
|
|
|
<http://wiki2.dovecot.org/Pigeonhole/Sieve>
|
|
|
|
|
|
|
|
# apt-get install dovecot-sieve dovecot-managesieved roundcube-plugins-extra
|
|
|
|
|
|
|
|
|
|
|
|
### filtre de base
|
|
|
|
|
|
|
|
require ["comparator-i;ascii-numeric", "fileinto"];
|
|
|
|
|
|
|
|
if anyof(
|
|
|
|
allof(
|
|
|
|
address :is "To" "$MAIL",
|
|
|
|
header :contains "Subject" "$TEXTE"),
|
|
|
|
allof(header :contains "Received" "$MAIL",
|
|
|
|
header :contains "Subject" "$TEXTE")) {
|
|
|
|
fileinto "Clients/$DOMAIN/$DOSSIER";
|
|
|
|
stop;
|
|
|
|
}
|
|
|
|
|
|
|
|
if address :is ["To", "Cc"] "it@$DOMAIN.ch" {
|
|
|
|
fileinto "Clients/$DOMAIN;
|
|
|
|
stop;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
### <a name="webmail"></a>webmail
|
|
|
|
|
|
|
|
# apt-get install -t wheezy-backports roundcube[-plugins]
|
|
|
|
|
|
|
|
[INVESTIGUER:
|
|
|
|
roundcube-plugins: Help
|
|
|
|
ManageSieve ([RFC#5894](http://tools.ietf.org/html/rfc5894))
|
|
|
|
Password Change <http://trac.roundcube.net/browser/github/plugins/password/README> <http://acidx.net/wordpress/2014/06/installing-a-mailserver-with-postfix-dovecot-sasl-ldap-roundcube/>
|
|
|
|
roundcube-plugins-extra: compose_addressbook
|
|
|
|
fail2ban
|
|
|
|
listcommands
|
|
|
|
Mark-as-Junk button + Mark as Junk 2
|
|
|
|
CardDAV: <https://github.com/christian-putzke/Roundcube-CardDAV>
|
|
|
|
<http://www.benjamin-schieder.de/carddav.html>
|
|
|
|
owncloud-integration: <http://git.kolab.org/roundcubemail-plugins-kolab/tree/plugins/owncloud/README>
|
|
|
|
redirect-bounce: <http://trac.roundcube.net/ticket/1485774>
|
|
|
|
server-info: <http://axel.sjostedt.no/misc/dev/roundcube/>]
|
|
|
|
|
|
|
|
# nano /etc/roundcube/main.inc.php
|
|
|
|
[replace]
|
|
|
|
$rcmail_config['default_host'] = 'tls://mail.%d';
|
|
|
|
$rcmail_config['smtp_server'] = 'tls://mail.%d';
|
|
|
|
$rcmail_config['smtp_port'] = 587;
|
|
|
|
$rcmail_config['smtp_user'] = '%u';
|
|
|
|
$rcmail_config['smtp_pass'] = '%p';
|
|
|
|
# etckeeper commit 'roundcube/main.inc.php: default IMAP/SMTP values'
|
|
|
|
|
|
|
|
# nano /etc/roundcube/main.inc.php
|
|
|
|
[comment]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
#$rcmail_config['language'] = 'en_US';
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# etckeeper commit 'roundcube/main.inc.php: auto-detect langauge'
|
|
|
|
|
|
|
|
# nano /etc/roundcube/main.inc.php
|
|
|
|
[uncomment]
|
|
|
|
$rcmail_config['user_aliases'] = true;
|
|
|
|
# eckeeper cmmit 'roundcube/main.inc.php: allow login via email address'
|
|
|
|
|
|
|
|
[BUG:
|
|
|
|
REMPLACER AVEC LIEN VERS DOCUMENTATION POUR Apache]
|
|
|
|
|
|
|
|
# nano /etc/apache2/sites-available/webmail.${DOMAIN}
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
<IfModule mod_ssl.c>
|
|
|
|
<VirtualHost *:80>
|
|
|
|
ServerAdmin it@${DOMAIN}
|
|
|
|
ServerName webmail.${DOMAIN}
|
|
|
|
Redirect 301 / https://webmail.${DOMAIN}/
|
|
|
|
</VirtualHost>
|
|
|
|
|
|
|
|
<VirtualHost *:443>
|
|
|
|
ServerAdmin it@${DOMAIN}
|
|
|
|
ServerName webmail.${DOMAIN}
|
|
|
|
|
|
|
|
LogLevel warn
|
|
|
|
CustomLog ${APACHE_LOG_DIR}/webmail.${DOMAIN}_access.log combined
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/webmail.${DOMAIN}_error.log
|
|
|
|
|
|
|
|
## SSL
|
|
|
|
SSLEngine on
|
|
|
|
SSLCertificateFile /etc/ssl/certs/webmail.${DOMAIN}.pem
|
|
|
|
SSLCertificateKeyFile /etc/ssl/private/webmail.${DOMAIN}.key
|
|
|
|
BrowserMatch "MSIE [2-6]" \
|
|
|
|
nokeepalive ssl-unclean-shutdown \
|
|
|
|
downgrade-1.0 force-response-1.0
|
|
|
|
# MSIE 7 and newer should be able to use keepalive
|
|
|
|
BrowserMatch "MSIE [17-9]" \
|
|
|
|
ssl-unclean-shutdown
|
|
|
|
|
|
|
|
## RoundCube
|
|
|
|
## <file:///etc/apache2/conf.d/roundcube.conf>
|
|
|
|
Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/
|
|
|
|
Alias / /var/lib/roundcube/
|
|
|
|
</VirtualHost>
|
|
|
|
</IfModule>
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# a2ensite webmail.${DOMAIN}
|
|
|
|
# service apache2 reload
|
|
|
|
# etckeeper commit 'apache2/sites-available/webmail.${DOMAIN}: new file'
|
|
|
|
|
|
|
|
|
|
|
|
### une fois connecté à RoundCube
|
|
|
|
|
|
|
|
Paramètres
|
|
|
|
Identités
|
|
|
|
Paramètres
|
|
|
|
Nom à afficher: PRENOM NOM
|
|
|
|
Courriel: EMAIL
|
|
|
|
|
|
|
|
|
|
|
|
## Maildir++
|
|
|
|
|
|
|
|
# apt-get install mailutils
|
|
|
|
# update-alternatives --set mailx /usr/bin/mail.mailutils
|
|
|
|
# sed -i -e 's%\(pam_mail.so\)%\1 dir=~/Maildir%' pam.d/*
|
|
|
|
# nano /etc/procmailrc
|
|
|
|
[insert]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
## <http://wiki.debian.org/MaildirConfiguration>
|
|
|
|
## <http://bugs.debian.org/46598>
|
|
|
|
ORGMAIL=${HOME}/Maildir/
|
|
|
|
DEFAULT=${ORGMAIL}
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# nano /etc/postfix/main.cf
|
|
|
|
[add after
|
|
|
|
smtp_tls_security_level = may]
|
|
|
|
--8<---------------cut here---------------start------------->8---
|
|
|
|
|
|
|
|
## Maildir as default mailbox
|
|
|
|
## since it is better to use procmail for delivery, this must be
|
|
|
|
## set in /etc/procmailrc
|
|
|
|
## <http://wiki.debian.org/MaildirConfiguration>
|
|
|
|
## <http://bugs.debian.org/46598>
|
|
|
|
home_mailbox = Maildir/
|
|
|
|
--8<---------------cut here---------------end--------------->8---
|
|
|
|
# service postfix restart
|
|
|
|
# nano /etc/dovecot/conf.d/10-mail.conf
|
|
|
|
[replace]
|
|
|
|
## Dovecot uses Maildir++ directory layout for organizing mailbox
|
|
|
|
## directories, see <http://wiki2.dovecot.org/MailboxFormat/Maildir>.
|
|
|
|
mail_location = maildir:~/Maildir
|
|
|
|
# service dovecot restart
|
|
|
|
# etckeeper commit '*: default to Maildir'
|
|
|
|
|
|
|
|
|
|
|
|
### dossier pour utilisateur LDAP
|
|
|
|
|
|
|
|
*[si plus d'une partition, e.g. / et /srv]*
|
|
|
|
|
|
|
|
<a name="srvhomeusers"></a>
|
|
|
|
|
|
|
|
# mkdir -p /srv/home/users /home/users
|
|
|
|
# echo '/srv/home/users /home/users none defaults,bind 0 0' >>/etc/fstab
|
|
|
|
# mount /home/users
|
|
|
|
# etckeeper commit 'fstab: bind mount /srv/home/users'
|
|
|
|
|
|
|
|
*[de toute façon]*
|
|
|
|
|
|
|
|
# export USER_LDAP=$PRENOM.$NOM
|
|
|
|
# mkdir -p /home/users/${USER_LDAP}
|
|
|
|
# chown -R ${USER_LDAP}:$(getent group | grep ${USER_LDAP} | cut -d ':' -f 1) !$
|
|
|
|
# unset USER_LDAP
|
|
|
|
[ne pas oublier d'autoriser l'utilisateur dans LDAP:
|
|
|
|
authorizedServiceObject:authorizedService:dovecot] |