postfix with no local delivery 
All mails for local accounts should be transfered to a central mailserver.

Sender email should look like USER@HOST.DOMAIN and all mails should be delivered to root@DOMAIN.

Usually /etc/aliases is used, but in my case local delivery is disasbled.

/etc/postfix/main.cf:
myhostname = HOST.DOMAIN
myorigin = $myhostname
relayhost = $mydomain
mydestination =
local_recipient_maps =
inet_interfaces = 127.0.0.1
local_transport = error:local delivery is disabled
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical

/etc/postfix/recipient_canonical:
@HOST.DOMAIN root@DOMAIN


[ view entry ] ( 931 views )   |  print article
Postfix and Spamassassin 
apt-get install spamassassin spamc re2c make gcc libc6-dev

I want to run spamassassin as non root user.
groupadd -g 3000 spamd
useradd -u 3000 -g spamd -s /bin/false -d /var/lib/spamassassin spamd
mkdir /var/lib/spamassassin
chown spamd:spamd /var/lib/spamassassin
/etc/default/spamassassin:
ENABLED=1
OPTIONS="--create-prefs --max-children=5 --ipv4-only --username spamd \
--helper-home-dir /var/lib/spamassassin -s /var/log/spamd.log"
PIDFILE="/var/run/spamd.pid"
CRON=1
/etc/logrotate.d/spamassassin:
/var/log/spamd.log {
rotate 5
daily
compress
copytruncate
missingok
}
/etc/spamassassin/local.cf:
report_safe 0
lock_method flock
required_score 5.0
use_bayes 1
bayes_auto_learn 1
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status
in /etc/spamassassin/v310.pre disabled Pyzor, Razor2 and SpamCop
in /etc/spamassassin/v320.pre enabled loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody

/etc/postfix/master.cf:
cyrus unix - n n - - pipe flags=R user=cyrus argv=/usr/bin/spamc -f -u spamd \
-e /usr/sbin/cyrdeliver -f ${sender} -m ${extension} ${user}
i want to use a compiled ruleset for spamassassin
#> sa-update
#> su spamd -s /bin/sh -c sa-compile
#> invoke-rc.d spamassassin reload

users should be able to tell the mailserver what mails a spam or ham.
i created public mailboxes where uses can move sam or ham mails into:
sudo cyradm --user cyrus --server localhost
cm user.spam
sam user.spam anyone p
sam user.spam admin all
cm user.nospam
sam user.nospam anyone p
sam user.nospam admin all
Two cronjobs monitors these folders and let spamassassin learn.
/etc/cron.d/spam-learn:
*/5 * * * * root for n in /var/spool/cyrus/mail/s/user/spam/*\.; \
do [ -f "$n" ] && /usr/bin/sa-learn --dbpath /var/lib/spamassassin/.spamassassin \
--spam $n && rm -f $n && su cyrus -c "/usr/sbin/cyrreconstruct user.spam"; done
/etc/cron.d/nospam-learn:
*/5 * * * * root for n in /var/spool/cyrus/mail/n/user/nospam/*\.; \
do [ -f "$n" ] && /usr/bin/sa-learn --dbpath /var/lib/spamassassin/.spamassassin \
--ham $n && rm -f $n && su cyrus -c "/usr/sbin/cyrreconstruct user.nospam"; done
Spamassassin marks mail-headers with X-Spam-Status. According to this users can create an own spam folder and with a sieve filter automatically move them to this folder if X-Spam-Status is Yes.

Because we are running as spamd

/etc/cron.daily/spamassassin
-sa-compile > /dev/null 2>&1
+su spamd -s /bin/sh -c sa-compile > /dev/null 2>&1


[ view entry ] ( 818 views )   |  print article
cyrus postfix pop-before-smtp 
apt-get install pop-before-smtp

uncomment $pat for cyrus in /etc/pop-before-smtp/pop-before-smtp.conf

/etc/postfix/main.cf:
smtpd_recipient_restrictions = permit_mynetworks,
reject_non_fqdn_recipient,
check_client_access hash:/var/lib/pop-before-smtp/hosts,
reject_unauth_destination
list collected IP's with:
pop-before-smtp --list


[ view entry ] ( 611 views )   |  print article
cyrus offline transfer mailboxes to a new server 
On old cyrus server:

export mailboxes.db:
su - cyrus -c 'ctl_mboxlist -d > cyrus_mboxlist.txt
export seen databases:
su - cyrus -c 'for seenfile in `find /var/lib/imap/user -name \*.seen`; do \
/usr/lib/cyrus/bin/cvt_cyrusdb $seenfile skiplist ${seenfile%seen}txt flat; \
done'
export deliver.db: (check for your format, here is berkeley-nosync)
su - cyrus -c '/usr/lib/cyrus/bin/cvt_cyrusdb /var/lib/imap/deliver.db \
berkeley-nosync /var/lib/imap/deliver.txt flat'

Copy these files and all mailboxes to the new cyrus server, import and reconstruct mailboxes:

stop cyrus
remove old things:
rm /var/lib/imap/db/*
rm /var/lib/imap/tls_sessions.db
rm /var/lib/imap/mailboxes.db
rm /var/lib/imap/deliver.db
find /var/lib/imap/ -type f -name *.seen | xargs rm
check if all files ae owned by cyrus:mail
import mailboxes.db:
su - cyrus -c 'ctl_mboxlist -u <cyrus_mboxlist.txt'
reconstruct mailboxes:
cyrreconstruct -r user
import seen databases:
su - cyrus -c 'for txtfile in `find /var/lib/imap/user -name \*.txt`; do \
/usr/lib/cyrus/bin/cvt_cyrusdb $txtfile flat ${txtfile%txt}seen skiplist; \
done'
import deliver.db:
su - cyrus -c '/usr/lib/cyrus/bin/cvt_cyrusdb /var/lib/imap/deliver.txt \
flat /var/lib/imap/deliver.db berkeley-nosync'
start cyrus

[ view entry ] ( 717 views )   |  print article
cyrus convert user authentication from ldap to sasldb 
apt-get install sasl2-bin libsasl2-modules cyrus-imapd-2.2 cyrus-pop3 cyrus-admin-2.2 cyrus-clients-2.2

/etc/default/saslauthd:
MECHANISMS="ldap"
OPTIONS="-O /etc/saslauthd.conf"
/etc/saslauthd.conf:
ldap_servers: ldap://127.0.0.1/
ldap_search_base: dc=mydomain,dc=tld
ldap_auth_method: bind
/etc/imapd.conf:
sasl_mech_list: PLAIN
sasl_pwcheck_method: saslauthd auxprop
sasl_auxprop_plugin: sasldb
sasl_auto_transition: yes
setup cyrus login: saslpasswd2 -c cyrus

invoke-rc.d saslauthd restart
invoke-rc.d cyrus2.2 restart

Test login with cyrusadm: sudo cyradm --user cyrus --server localhost

ssh -L389:localhost:389 user@ldapserver

Test saslauthd for ldap authentication:
#> testsaslauthd -u username -p password
0: OK "Success."
Test imap authentication:
#> imtest -a username
S: L01 OK User logged in
now username is converted from ldap to /etc/sasldb
#> sasldblistusers2
username@host: userPassword
after dropping ssh connection imtest should also succeed

(to delete a user use saslpasswd2 -d)

[ view entry ] ( 567 views )   |  print article

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |