ViMbAdmin
Instalando Composer# curl -sS https://getcomposer.org/installer | php
# mv composer.phar /usr/local/bin/composer
Instando dependencias de ViMbAdmin:
# apt-get install mysql-server php5-cgi php5-mcrypt php5-memcache php5-json php5-mysql php-gettext pkg-php-tools git bcrypt
Creamos un usuario para que maneje el correo
# groupadd -g 2000 vmail
# useradd -c 'Virtual Mailboxes' -d /srv/vmail -g 2000 -u 2000 -s /usr/sbin/nologin -m vmail
Usamos el gid y uid 2000 así como la ruta /srv/vmail para modificar lo mínimo el fichero de ViMbAdmin.
Descargamos la última versión del repositorio.
# export INSTALL_PATH=/srv/vmail/www
# git clone https://github.com/opensolutions/ViMbAdmin.git $INSTALL_PATH
# cd $INSTALL_PATH
# composer install --dev
# chown -R www-data: ./var
# cp ./public/.htaccess.dist ./public/.htaccess
# cp ./application/configs/application.ini.dist ./application/configs/application.ini
Creamos la base de datos y el usuario para la conexión:
$ mysql -u root -p
mysql > CREATE DATABASE `vimbadmin`;
mysql > GRANT ALL ON `vimbadmin`.* TO `vimbadmin`@`localhost` IDENTIFIED BY 'password';
mysql > FLUSH PRIVILEGES;
mysql > QUIT;
Insertamos los datos para la base de datos:
$ nano +48 ./application/configs/application.ini
Debemos modifica:
resources.doctrine2.connection.options.driver = 'pdo_mysql' resources.doctrine2.connection.options.dbname = 'vimbadmin' resources.doctrine2.connection.options.user = 'vimbadmin' resources.doctrine2.connection.options.password = 'password' resources.doctrine2.connection.options.host = 'localhost'
Además para almacenar las claves cifradas usaremos:
$ nano +149 ./application/configs/application.ini
defaults.mailbox.password_scheme = "dovecot:SHA512-CRYPT"
Ya podemos crear la base de datos, para ello:
$ ./bin/doctrine2-cli.php orm:schema-tool:create
En este punto debemos crear la claves "salt" para el sistema y la cuenta de administración.
Para ello podemos esperar ha hacerlo tras configurar todo o seguir usando:
$ php -S 0.0.0.0:8080 -t public/
Accedemos a la nuestro servidor via web y copiamos las "salt" generadas(en la web) en:
$ nano +24 ./application/configs/application.ini
Además podemos aprovechar para cambiar las apariciones de "example.com" por el nombre de nuestro servidor.
Una vez guardadas las "salts" podemos crear un administrador para el sistema de administración del correo.
Si no configuramos Dovecot y Postfix los cambios que realizemos en la web no tendrán efecto alguno, así que continuemos.
Si no configuramos Dovecot y Postfix los cambios que realizemos en la web no tendrán efecto alguno, así que continuemos.
Dovecot
Instalando Dovecot
# apt-get install dovecot-core dovecot-imapd dovecot-pop3d dovecot-managesieved dovecot-sieve dovecot-mysql dovecot-lmtpd dovecot-common
Editamos /etc/dovecot/conf.d/10-mail.conf para que quede:
mail_location = maildir:/srv/vmail/%d/%n
mail_uid = 2000
mail_gid = 2000
mail_privileged_group = vmail
first_valid_uid = 2000
last_valid_uid = 2000
maildir_copy_with_hardlinks = yes
Habilitamos los protocolos que queramos:
# nano +25 /etc/dovecot/dovecot.conf
protocols = imap pop3
# apt-get install postfix postfix-mysql
Configuramos el servidor para que conecte con la base de datos:
# mkdir /etc/postfix/mysql
# echo "
virtual_uid_maps = static:2000
virtual_gid_maps = static:2000
virtual_alias_maps = mysql:/etc/postfix/mysql/virtual-aliases.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql/virtual-mailboxes.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
smtpd_tls_auth_only = yes
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_invalid_hostname,
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_rbl_client sbl.spamhaus.org,
permit
" >> /etc/postfix/main.cf
# echo "user = vimbadmin
password = password
hosts = 127.0.0.1
dbname = aC2w1cIiSB
query = SELECT goto FROM alias WHERE address = '%s' AND active = '1'" > /etc/postfix/mysql/virtual-aliases.cf
# echo "user = vimbadmin
password = password
hosts = 127.0.0.1
dbname = aC2w1cIiSB
query = SELECT domain FROM domain WHERE domain = '%s' AND backupmx = '0' AND active = '1'" > /etc/postfix/mysql/virtual-domains.cf
# echo "user = vimbadmin
password = password
hosts = 127.0.0.1
dbname = aC2w1cIiSB
query = SELECT maildir FROM mailbox WHERE username = '%s' AND active = '1'" > /etc/postfix/mysql/virtual-mailboxes.cf
# echo "
dovecot unix - n n - - pipe flags=DRhu
user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}
" >> /etc/postfix/master.cf
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
# apt-get install apache2 libapache2-mod-php5
# a2enmod rewrite# echo "Alias /vimbadmin $INSTALL_PATH/public
<Directory $INSTALL_PATH/public>
Options FollowSymLinks
AllowOverride None
# For Apache <= 2.3:
#Order allow,deny
#allow from all
# For Apache >= 2.4
Require all granted
SetEnv APPLICATION_ENV production
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ /vimbadmin/index.php [NC,L]
</Directory>" > /etc/apache2/conf-available/vimbadmin.conf
# ln -sf ../conf-available/vimbadmin.conf /etc/apache2/conf-enabled/vimbadmin.conf
Mejoramos un poco la seguridad descomentando:
# a2enmod headers ssl
# a2ensite default-ssl
Aplicamos los siguientes cambios:
#ServerSignature OnHeader set X-Content-Type-Options: "nosniff"
# apt-get install opendkim opendkim-tools
# mkdir /etc/opendkim/
# mkdir /etc/opendkim/keys/
# nano /etc/opendkim.conf
AutoRestart Yes
AutoRestartRate 10/1h
Syslog yes
SyslogSuccess Yes
LogWhy Yes
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:12301@localhost
# nano /etc/default/opendkim
Descomentamos la linea que aparece: SOCKET="inet:12301@localhost"
milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301
# nano /etc/opendkim/TrustedHosts
Dejamos /etc/opendkim/TrustedHosts del siguiente modo:
127.0.0.1
localhost
*.example.com
# nano /etc/opendkim/KeyTable
Dejamos /etc/opendkim/KeyTable del siguiente modo:
mail._domainkey.example.com example.com:mail:/etc/opendkim/keys/example.com/mail.private
# nano /etc/opendkim/SigningTable
Dejamos /etc/opendkim/SigningTable del siguiente modo:
*@example.com mail._domainkey.example.com
Referencias:
http://pietervogelaar.nl/ubuntu-12-04-install-postfix-dovecot-and-vimbadmin
https://github.com/opensolutions/ViMbAdmin/wiki/Mail-System-Install-on-Ubuntu
https://gist.github.com/barryo/8918488
http://mxtoolbox.com/diagnostic.aspx
https://www.mail-tester.com/
# apt-get install dovecot-core dovecot-imapd dovecot-pop3d dovecot-managesieved dovecot-sieve dovecot-mysql dovecot-lmtpd dovecot-common
Editamos /etc/dovecot/conf.d/10-mail.conf para que quede:
mail_location = maildir:/srv/vmail/%d/%n
mail_uid = 2000
mail_gid = 2000
mail_privileged_group = vmail
first_valid_uid = 2000
last_valid_uid = 2000
maildir_copy_with_hardlinks = yes
Editamos /etc/dovecot/conf.d/10-auth.conf para que quede:
disable_plaintext_auth = yes
auth_mechanisms = plain login
auth_mechanisms = plain login
#!include auth-system.conf.ext
!include auth-sql.conf.ext
Editamos /etc/dovecot/conf.d/auth-sql.conf.ext para que quede:
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = prefetch
}
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
Editamos /etc/dovecot/conf.d/10-master.conf para que quede:
service auth {
unix_listener auth-userdb {
mode = 0600
user = vmail
group = vmail
}
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
Editamos /etc/dovecot/conf.d/15-lda.conf para que quede:
protocol lda {
postmaster_address = postmaster@example.com
mail_plugins = sieve
auth_socket_path = /var/run/dovecot/auth-userdb
log_path = /srv/vmail/dovecot-deliver.log
}
Editamos /etc/dovecot/dovecot-sql.conf.ext para que quede:
driver = mysql
default_pass_scheme = SHA512-CRYPT
user_query = SELECT homedir AS home, maildir AS mail, \
concat('*:bytes=', quota) as quota_rule, uid, gid \
FROM mailbox WHERE username = '%u'
password_query = SELECT username AS user, password, \
homedir AS home, maildir AS mail, \
concat('*:bytes=', quota) AS quota_rule, uid, gid \
FROM mailbox \
WHERE username = '%Lu' AND active = '1' \
AND ( access_restriction = 'ALL' OR LOCATE( access_restriction, '%Us' ) > 0 )
iterate_query = SELECT username AS user FROM mailbox
concat('*:bytes=', quota) as quota_rule, uid, gid \
FROM mailbox WHERE username = '%u'
password_query = SELECT username AS user, password, \
homedir AS home, maildir AS mail, \
concat('*:bytes=', quota) AS quota_rule, uid, gid \
FROM mailbox \
WHERE username = '%Lu' AND active = '1' \
AND ( access_restriction = 'ALL' OR LOCATE( access_restriction, '%Us' ) > 0 )
iterate_query = SELECT username AS user FROM mailbox
Habilitamos los protocolos que queramos:
# nano +25 /etc/dovecot/dovecot.conf
protocols = imap pop3
Por último vamos a dar los permisos:
# chgrp vmail /etc/dovecot/dovecot.conf
# chmod g+r /etc/dovecot/dovecot.conf
Postfix
Instalando Postfix:# apt-get install postfix postfix-mysql
Configuramos el servidor para que conecte con la base de datos:
# mkdir /etc/postfix/mysql
# echo "
virtual_uid_maps = static:2000
virtual_gid_maps = static:2000
virtual_alias_maps = mysql:/etc/postfix/mysql/virtual-aliases.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql/virtual-mailboxes.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
smtpd_tls_auth_only = yes
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/authsmtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_invalid_hostname,
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_rbl_client sbl.spamhaus.org,
permit
" >> /etc/postfix/main.cf
# echo "user = vimbadmin
password = password
hosts = 127.0.0.1
dbname = aC2w1cIiSB
query = SELECT goto FROM alias WHERE address = '%s' AND active = '1'" > /etc/postfix/mysql/virtual-aliases.cf
# echo "user = vimbadmin
password = password
hosts = 127.0.0.1
dbname = aC2w1cIiSB
query = SELECT domain FROM domain WHERE domain = '%s' AND backupmx = '0' AND active = '1'" > /etc/postfix/mysql/virtual-domains.cf
# echo "user = vimbadmin
password = password
hosts = 127.0.0.1
dbname = aC2w1cIiSB
query = SELECT maildir FROM mailbox WHERE username = '%s' AND active = '1'" > /etc/postfix/mysql/virtual-mailboxes.cf
# echo "
dovecot unix - n n - - pipe flags=DRhu
user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}
" >> /etc/postfix/master.cf
Modificar /etc/postfix/master.cf para que quede:
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
Apache
Instalamos Apache:# apt-get install apache2 libapache2-mod-php5
# a2enmod rewrite# echo "Alias /vimbadmin $INSTALL_PATH/public
<Directory $INSTALL_PATH/public>
Options FollowSymLinks
AllowOverride None
# For Apache <= 2.3:
#Order allow,deny
#allow from all
# For Apache >= 2.4
Require all granted
SetEnv APPLICATION_ENV production
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ /vimbadmin/index.php [NC,L]
</Directory>" > /etc/apache2/conf-available/vimbadmin.conf
# ln -sf ../conf-available/vimbadmin.conf /etc/apache2/conf-enabled/vimbadmin.conf
Mejoramos un poco la seguridad descomentando:
# a2enmod headers ssl
# a2ensite default-ssl
Aplicamos los siguientes cambios:
# nano +26 /etc/apache2/conf-enabled/security.conf
ServerTokens Prod
#ServerTokens OS
ServerSignature Off#ServerSignature OnHeader set X-Content-Type-Options: "nosniff"
Header set X-Frame-Options: "sameorigin"
DKIM
Instalamos OpneDKIM# apt-get install opendkim opendkim-tools
# mkdir /etc/opendkim/
# mkdir /etc/opendkim/keys/
# nano /etc/opendkim.conf
Modificar /etc/postfix/master.cf para que quede:
AutoRestartRate 10/1h
Syslog yes
SyslogSuccess Yes
LogWhy Yes
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:12301@localhost
# nano /etc/default/opendkim
Descomentamos la linea que aparece: SOCKET="inet:12301@localhost"
Modificar /etc/postfix/main.cf y añadimos:
milter_default_action = accept
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301
# nano /etc/opendkim/TrustedHosts
Dejamos /etc/opendkim/TrustedHosts del siguiente modo:
127.0.0.1
localhost
*.example.com
# nano /etc/opendkim/KeyTable
Dejamos /etc/opendkim/KeyTable del siguiente modo:
mail._domainkey.example.com example.com:mail:/etc/opendkim/keys/example.com/mail.private
# nano /etc/opendkim/SigningTable
Dejamos /etc/opendkim/SigningTable del siguiente modo:
*@example.com mail._domainkey.example.com
# cd /etc/opendkim/keys
# mkdir /etc/opendkim/keys/example.com
# cd example.com
# opendkim-genkey -s mail -d example.com
# chown opendkim:opendkim mail.private
# cat mail.txt
Copiar el contenido en el registro TXT del DNS
# service postfix restart
# service opendkim restart
Actualizando ViMbAdmin
# cd /srv/vmail/www
# git pull
# composer update
# ./bin/doctrine2-cli.php orm:schema-tool:update --dump-sql
# ./bin/doctrine2-cli.php orm:schema-tool:update --force
# ./bin/doctrine2-cli.php orm:validate-schema
Referencias:
http://pietervogelaar.nl/ubuntu-12-04-install-postfix-dovecot-and-vimbadmin
https://github.com/opensolutions/ViMbAdmin/wiki/Mail-System-Install-on-Ubuntu
https://gist.github.com/barryo/8918488
http://mxtoolbox.com/diagnostic.aspx
https://www.mail-tester.com/
No hay comentarios:
Publicar un comentario