Mise en place d’un serveur de mail et d’une passerelle filtrante. Mettre en place des procédure suffisamment précise pour l’écriture de packages debian qui auto-configueraient ce type d’installation.

• multi-domaines
• anti-virus / anti-spam
• gestion de règles de filtrages cote serveur
• webmail

• Linux (C’est de la balle)
• Debian (Pour la maintenabilite)
• Postfix (C’est le MTA le plus complet et le plus souple)
• Amavisd-new (C’est l’un des rares a faire du LMTP)
• Courier (La gestion des mails sous forme de maildir offre plein de possibilités)

1. Filesystem :

• Type de filesystem :

Le choix technique du type de partition pour l’utilisation des mailbox après en avoir parlé avec rolphin, le filesystem utilisé sera XFS.

Mort-subite:~# df -h
/dev/hda1             462M  133M  306M  31% /
tmpfs                 502M     0  502M   0% /dev/shm
/dev/hda5             3.0G  1.1G  1.8G  39% /usr
/dev/hda6             3.0G  422M  2.4G  15% /var

Les autres partition de donnes seront situe dans /mnt ex :

/mnt/data (non defini)
/mnt/backup

Les utilisateurs sont stockes dans une base LDAP. L’idee est de creer une surcouche simple pour faire toutes les manipulations sur l’ensemble des configurations des differents elements de la structure applicative. Le federateur est la couche LDAP, mais celle-ci ne permet pas de tout gerer. Pour cela une API en perl a ete developper.

Lire la section API Ldap_Mail de gestion de messageries pour plus d’informations.

Ce projet de messagerie est divise en trois partie :

1. Le MTA (Mail Transport Agent) Postfix
2. Le MFA (Mail Filter Agent)1) Amavisd-new
3. Le MDA (Mail Devilery Agent) Maildrop

Chacun de ces agents doit etre configuré proprement pour etre utilise en ldap. Chacune des partie qui suit permet de configuer le tout.

openldap

postfix

Amavis

Presentation, installation.

maildrop

Maildrop ne supportant plus le LDAP il faudrait passer par authdaemon de courrier et en arriver a la structure suivante

Mise en place de MX secondaire.

• La configuration Openldap
• La configuration Postfix

• Creation du user vmail
• Mettre en place la config ldap + schema
• Chargement de la base ldap
• Initialiser le pass admin
• Modifier les scripts avec le pass admin
• Mettre en place la config amavis
• Mettre en place la config postfix
• Config maildrop
• Config spamassasin + pyzor + razor
• Creation du Spam-Control
• Script de demarrage spam-famd
• Sanity check + envoi de mail

cd /var/lib/amavis
maildirmake -S System
maildirmake -S System/.Spam
maildirmake -S System/.Not-spam
chown -R vmail:vmail System

cd /usr/src
apt-get source maildrop
apt-get install fakeroot libldap2-dev
patch <<EOF maildrop-1.5.3/debian/rules 
*** maildrop-1.5.3/debian/rules Tue Jul 25 23:53:12 2006
--- rules       Wed Jul 26 00:01:08 2006
***************
*** 16,22 ****
         --mandir='${prefix}/share/man' --libexecdir='${prefix}/lib/maildrop' \
         --sysconfdir=/etc \
         --enable-use-dotlock=1 --enable-use-flock=1 \
!        --enable-sendmail=/usr/sbin/sendmail --enable-maildirquota
      [ -f maildrop/maildrop ] || make
      ;;
    clean)
--- 16,23 ----
         --mandir='${prefix}/share/man' --libexecdir='${prefix}/lib/maildrop' \
         --sysconfdir=/etc \
         --enable-use-dotlock=1 --enable-use-flock=1 \
!        --enable-sendmail=/usr/sbin/sendmail --enable-maildirquota \
!        --enable-maildropldap
      [ -f maildrop/maildrop ] || make
      ;;
    clean)
EOF
cd maildrop-1.5.3
dpkg-buildpackage
dpkg -i maildrop_1.5.3-2_i386.deb
cat <<EOF >/etc/maildroprc
# Global maildrop filter file

# Uncomment this line to make maildrop default to ~/Maildir for
# delivery- this is where courier-imap (amongst others) will look.
#DEFAULT="$HOME/Maildir"
 
if (/^From: report@*/) 
{
#    log "Report"
#    log "Report $HOME $DEFAULT"
    `maildirmake -f Report "$DEFAULT"`
    if (/^Subject: VIRUS/) 
    {
     `maildirmake -f Report.Virus "$DEFAULT"`
     to "$HOME/.Report.Virus"
    }
    if (/^Subject: SPAM/) 
    {
     `maildirmake -f Report.Spam "$DEFAULT"`
     to "$HOME/.Report.Spam"
    }
    if (/^Subject: BANNED/) 
    {
     `maildirmake -f Report.Banned "$DEFAULT"`
     to "$HOME/.Report.Banned"
    }
    to "$HOME/.Report/"
}
 
 
if (/^X-Spam-Status: Yes.*/) 
{
#    log "Spam"
#    log "Spam $HOME $DEFAULT"
    `maildirmake -f SPAM "$DEFAULT"`
    to "$HOME/.SPAM/"
}
 
include "$HOME/filter"
 
EOF
cat <<EOF >/etc/maildropldap.config
# Sample maildropldap.conf file, to enable virtual users via
# LDAP in maildrop.  
#
# In order for the LDAP extension to work properly a few
# attributes must exist in the LDAP entries.
#
# You may redefine the actual names of these attributes, as they appear
# in your LDAP object class further down in this config file.
#
# The attributes are:
#
# mail - The full email address of the user (ie user@yourdomain.com)
#        This is the primary attribute searched upon by maildrop.
#
# maildir - The location (full path including name) of the users
#           mail directory (Maildir)
#
# homedirectory - The location (full path including name) of the 
#                 users home directory.  This may be the same as the
#                 users maildir.
#
# uidnumber - The uid of the user that owns the mail files for 
#             this user.  This may be a specific uid per user, 
#             or a single uid for every user (full 'virtual' user 
#             configuration), or a combination.
#
# gidnumber - The gid of the user that owns the mail files for 
#             this user.  This may be a specific gid per user, 
#             or a single gid for every user (full 'virtual' user 
#             configuration), or a combination.
#
# quota     - *OPTIONAL* The quota for this user.  If blank, or
#             non-existent defaults to no quota.
#
# A sample LDAP entry is given at the end of this file.
#
# --- Actual configuration begins here -----------------------------

# hostname - host name of your ldap server
hostname        localhost
 
# basedn - base DN by which to search for LDAP entries
basedn          o=mail
 
# filter - optional, addition filter to add to
# default 'mail=<email address>'
# 'emailstatus' is an attribute which could be created in the
# LDAP entry to set whether or not the user is allowed to
# receive email on this box.. just an example
#
# this option can be left out and the default search would 
# just be 'mail=<email address>'
#filter         &(&(objectclass=vmailAccount)(emailstatus=active))
filter          &(AccountStatus=active)
 
# binddn, bindpw - optional, binddn and password if your ldap server
# requires you to authenticate before searching
binddn          cn=reader,o=mail
bindpw          reader
 
# timeout - specifies maximum time ( in seconds ) to wait for a response
# from the LDAP server
timeout         5
 
# search_method - used to specify whether to search on the users id, or
# email address, and may be either 'mail' or 'uid'
#
# if set to 'mail' (default) then to deliver mail to a user you must
# specify the entire email address:
#   ie.   maildrop -d joeuser@domain.com
#
# if set to 'uid' then to deliver mail to a user you need only specify
# the users id (username)
#   ie.   maildrop -d joeuser
#
search_method           mail
 
# default_uid - default uid (number only) to use incase uidnumber attribute not
# found in users ldap entry
default_uidnumber       5000
 
# default_gid - default gid (number only) to use incase gidnumber attribute not
# found in users ldap entry
default_gidnumber       5000
 
# LDAP Field definitions
#
# This section allows you to specify the actual attributes you
# use in your LDAP object class
# 
# The example attribute mapping shown below is also the default
# mapping used by maildrop in the case that any are missing

# MAIL_ATTR - LDAP attribute which contains the users complete email address
mail_attr               mailAlternateAddress
 
# UID_ATTR - LDAP attribute which contains the users name (w/o domain)
uid_attr                uid
 
# UIDNUMBER_ATTR - LDAP attribute which contains the system uid to deliver
# mail as
#uidnumber_attr         uidnumber

# GIDNUMBER_ATTR - LDAP attribute which contains the system gid to deliver
# mail as
#gidnumber_attr         gidnumber

# MAILDIR_ATTR - LDAP attribute which contains the path to the users
# custom maildir
maildir_attr            mailMessageStore
 
# HOMEDIRECTORY_ATTR - LDAP attribute which contains the path to the users
# home directory
homedirectory_attr      mailMessageStore
 
# QUOTA_ATTR - LDAP attribute which contains the users quota
#quota_attr             mailQuota

# --- Sample LDAP entry for a valid virtual user
# --- Using attributes specified above
#
# mail=joe@yourdomain.com,dc=yourdomain,dc=com
# emailstatus=active
# objectclass=vmailAccount
# maildir=/var/mail/virtual/mailboxes/joe
# mail=joe@yourdomain.com
# cn=Joe User
# uid=joe
# uidnumber=1900
# gidnumber=1900
# quota=2097152S,1000C
# homedirectory=/var/mail/virtual/mailboxes/joe
# userpassword={crypt}asViVeLinxDlI

danjer@Rochefort:~$ cat /etc/maildropldap.config 
# Sample maildropldap.conf file, to enable virtual users via
# LDAP in maildrop.  
#
# In order for the LDAP extension to work properly a few
# attributes must exist in the LDAP entries.
#
# You may redefine the actual names of these attributes, as they appear
# in your LDAP object class further down in this config file.
#
# The attributes are:
#
# mail - The full email address of the user (ie user@yourdomain.com)
#        This is the primary attribute searched upon by maildrop.
#
# maildir - The location (full path including name) of the users
#           mail directory (Maildir)
#
# homedirectory - The location (full path including name) of the 
#                 users home directory.  This may be the same as the
#                 users maildir.
#
# uidnumber - The uid of the user that owns the mail files for 
#             this user.  This may be a specific uid per user, 
#             or a single uid for every user (full 'virtual' user 
#             configuration), or a combination.
#
# gidnumber - The gid of the user that owns the mail files for 
#             this user.  This may be a specific gid per user, 
#             or a single gid for every user (full 'virtual' user 
#             configuration), or a combination.
#
# quota     - *OPTIONAL* The quota for this user.  If blank, or
#             non-existent defaults to no quota.
#
# A sample LDAP entry is given at the end of this file.
#
# --- Actual configuration begins here -----------------------------

# hostname - host name of your ldap server
hostname        localhost
 
# basedn - base DN by which to search for LDAP entries
basedn          o=mail
 
# filter - optional, addition filter to add to
# default 'mail=<email address>'
# 'emailstatus' is an attribute which could be created in the
# LDAP entry to set whether or not the user is allowed to
# receive email on this box.. just an example
#
# this option can be left out and the default search would 
# just be 'mail=<email address>'
#filter         &(&(objectclass=vmailAccount)(emailstatus=active))
filter          &(AccountStatus=active)
 
# binddn, bindpw - optional, binddn and password if your ldap server
# requires you to authenticate before searching
binddn          cn=reader,o=mail
bindpw          reader
 
# timeout - specifies maximum time ( in seconds ) to wait for a response
# from the LDAP server
timeout         5
 
# search_method - used to specify whether to search on the users id, or
# email address, and may be either 'mail' or 'uid'
#
# if set to 'mail' (default) then to deliver mail to a user you must
# specify the entire email address:
#   ie.   maildrop -d joeuser@domain.com
#
# if set to 'uid' then to deliver mail to a user you need only specify
# the users id (username)
#   ie.   maildrop -d joeuser
#
search_method           mail
 
# default_uid - default uid (number only) to use incase uidnumber attribute not
# found in users ldap entry
default_uidnumber       5000
 
# default_gid - default gid (number only) to use incase gidnumber attribute not
# found in users ldap entry
default_gidnumber       5000
 
# LDAP Field definitions
#
# This section allows you to specify the actual attributes you
# use in your LDAP object class
# 
# The example attribute mapping shown below is also the default
# mapping used by maildrop in the case that any are missing

# MAIL_ATTR - LDAP attribute which contains the users complete email address
mail_attr               mailAlternateAddress
 
# UID_ATTR - LDAP attribute which contains the users name (w/o domain)
uid_attr                uid
 
# UIDNUMBER_ATTR - LDAP attribute which contains the system uid to deliver
# mail as
#uidnumber_attr         uidnumber

# GIDNUMBER_ATTR - LDAP attribute which contains the system gid to deliver
# mail as
#gidnumber_attr         gidnumber

# MAILDIR_ATTR - LDAP attribute which contains the path to the users
# custom maildir
maildir_attr            mailMessageStore
 
# HOMEDIRECTORY_ATTR - LDAP attribute which contains the path to the users
# home directory
homedirectory_attr      mailMessageStore
 
# QUOTA_ATTR - LDAP attribute which contains the users quota
#quota_attr             mailQuota

# --- Sample LDAP entry for a valid virtual user
# --- Using attributes specified above
#
# mail=joe@yourdomain.com,dc=yourdomain,dc=com
# emailstatus=active
# objectclass=vmailAccount
# maildir=/var/mail/virtual/mailboxes/joe
# mail=joe@yourdomain.com
# cn=Joe User
# uid=joe
# uidnumber=1900
# gidnumber=1900
# quota=2097152S,1000C
# homedirectory=/var/mail/virtual/mailboxes/joe
# userpassword={crypt}asViVeLinxDlI
EOF

patch master.cf

maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${user}@${nexthop} ${extension} ${recipient} ${user} ${nexthop} mbox=${mailbox}

J’ai mis en place un truc sympa : mailgraph. C’est cool ca marche tout seul.