MAILSERVER

Trnh by: Trn Huy Cng

WebMail
Gii !hi"u Mail#er$er
Ci %&! ' C(u hnh )*#!+i,
S-a. A##a##in ' An!i$iru#
Vir!ual H*#!ing ' SSL
Trn Huy Cng

Mailserver l ./! !0- h1- 232 4ng

56ng v giao thc cung cp chc
nng gi, nhn v phn pht email
n mailbox ca user. Mail server #7
56ng nhi8u gia* !h42 9h32 nhau
truyn email t h thng ny sang h
thng khc
GI:I THI;<
Trn Huy Cng

The In!erne! Me##age A22e## )r*!*2*l

=IMA)> l protocol c s dng trong cc ng
dng email-client truy cp vo mailbox t
xa! "u im c#a giao t$c ny l user c% t$
&u'n l( mailbox t xa m )$*ng c+n do,nload
v- my local

http://www.imap.org/.
GI:I THI;<
Trn Huy Cng

The )*#! ?++i2e )r*!*2*l =)?)>: Client

download mail t mailserver v luu tr tai my
local

http://www.rfc-editor.org/in-notes/rfc1939.txt.

The Si.-le Mail Tran#+er )r*!*2*l =SMT)> l

giao thc gi mail gia client v server v
gia cc server mail vi nhau (khc vi POP
v MAP l giao thc nhn mail)
GI:I THI;<
Trn Huy Cng

Mail <#er Agen!# =M<A#>: l email-client, chuong

trnh qun l cc email thng qua giao thc MAP,
POP3 (microsoft outlook, thunderbird.)

Mail Tran#+er Agen!# =MTA#>: transfer email gia

cc my tnh khc nhau s dung SMTP (sendmail,
posfix,manmail.) posfix l MTA mc jnh trong
CentOS 6

Mail @eli$ery Agen!# =M@A#>: MTA nhn mail v

chuyn n cho MDA phn pht cc mail n ng
user's mailbox. Cc email server va l MTA v MDA
CAC THBCH )HDC CEA MAIL
Trn Huy Cng
GI:I THI;<
N NS mail.newstar.vn
N MX 10 mail.newstar.vn
mail N A 203.233.22.33
FGu 2u g7i .ail
Mail
Se$erH
IJKLIKKLIILKK
G7i .ail %Mn #er$er -*r! IN
Oa
%Mn
#er$er
%P2h H
H
WebMail
Gii !hi"u Mail#er$er
Ci %&! ' C(u hnh )*#!+i,
S-a. A##a##in ' An!i$iru#
Vir!ual H*#!ing ' SSL
Trn Huy Cng

Postfix l mailserver ci mc jnh trong CentOS 6.2

File cu hnh chnh /etc/postfix/main.cf

Setup DNS server phn gii domain newstarx.local

@ N NS master.newstarx.local.
mail N MX 10 master.newstarx.local.
N A 192.168.1.151
master N A 192.168.1.151
CQ< HRCH )?STSIT
Trn Huy Cng

myhostname = mail.newstarx.local (75)

mydomain = newstarx.local (83)

myorigin = $mydomain (99)

inet_interfaces = all (113)

#inet_interfaces = localhost (116)

#mydestination = $myhostname, localhost.$mydomain,

localhost (164)

mydestination = $myhostname, localhost.$mydomain,

localhost, $mydomain (166)

mynetwork = 192.168.1.0/24, 127.0.0.0/8 (264)

home_mailbox = Maildir/ (419)

CQ< HRCH )?STSIT
Trn Huy Cng

Tao user hv1 v hv2 gi mail qua lai cho nhau

ng nhp vo user hv1 gi cho hv2 nhu sau

telnet mail.newstarx.local 25
helo newstarx.local
mail from:hv1@newstarx.local
rcpt to:hv2@newstarx.local
data
Noi dung: test mail
.
quit
CQ< HRCH )?STSIT
Trn Huy Cng

Postix chi l MTA and MDA khng h tro giao thc

POP3 v MAP. c th check mail dng POP3 hoc
MAP tai email-client phi ci thm chuong trnh h tro
dovecot
yum install dovecot
M file cu hnh /etc/dovecot/dovecot.conf
Uncomment dng 20
protocols = imap pop3 lmtp
disable_plaintext_auth = no
login_trusted_networks = 192.168.1.0/24
service dovecot restart
CBI OUT VB CQ< HRCH @?VEC?T
Trn Huy Cng
GHI CHV
OW GXI MAIL Y<A LZI Gi[A
CAC @?MAIC THR @CS )H\I
)H]C Gi\I O^_C O`A CHa
MAIL SERVER CEA CAC
@?MAIC Ob
WebMail
Gii !hi"u Mail#er$er
Ci %&! ' C(u hnh )*#!+i,
S-a. A##a##in ' An!i$iru#
Vir!ual H*#!ing ' SSL
Trn Huy Cng

Webmail l email-client uoc ua chung nht user

c th check mail moi lc moi noi. Linux c nhiu phn
mm webmail nhu squirrelmail, openwebmail,
roundcube..

Squirrelmail uoc s dung nhiu nht v c nhiu

add-in cho mail server

http://squirrelmail.org

Chinh sa file /etc/squirrelmail/config.php

WEcMAIL
Trn Huy Cng
WEcMAIL
WebMail
Gii !hi"u Mail#er$er
Ci %&! ' C(u hnh )*#!+i,
S-a. A##a##in ' An!i$iru#
Vir!ual H*#!ing ' SSL
Trn Huy Cng

Cng mt server mail, cho php cu hnh hosting cho

nhiu domain khc nhau gim chi ph xy dung
mail server. V du domain newstarx.local c th hosting
email cho domain iforno.com, microsoft.com...
C32 b2 2(u hnh $ir!ual h*#!

Chi jnh cc virtual domain cho postfix

Tao co s d liu virtual user

Cu hnh dovecot chng thuc user v chi jnh

virtual user mailbox

Cu hnh postfix dng dovecot chng thuc user

CQ< HRCH VIRT<AL H?ST
Trn Huy Cng

Tao user vmail vi uid v gid = 5000. User ny s chju

trch nhim qun l v virtual hosting v thu muc c
nhn ca user ny s cha mailbox ca cc virtual user
groupadd -g 5000 vmail
useradd g 5000 u 5000 vmail
Thm cc dng sau vo /etc/postfix/main.cf
virtual_mailbox_domains = /etc/postfix/virtual_domains
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_mailbox_base = /var/mail/vhosts
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
CQ< HRCH VIRT<AL H?ST TRdC )?STSIT
Trn Huy Cng

/etc/postfix/virtual_domains: file cha danh sch cc

virtual domain. Tai y chng ta hosting cho 2 domain
l iforno.vn v microsoft.com. Do file ny gm 2
dng
iforno.vn
microsoft.com
CQ< HRCH VIRT<AL H?ST TRdC )?STSIT
Trn Huy Cng

etc/postfix/vmailbox : file nh xa gia tn username

v virtual mailbox
hv1@iforno.vn iforno.vn/hv1
hv2@microsoft.com microsoft.com/hv2

Dng lnh sau cp nht lai database user sau

mi ln thay i
postmap /etc/postfix/vmailbox
CQ< HRCH VIRT<AL H?ST TRdC )?STSIT
Trn Huy Cng

Do cc virtual user khng thuc user h thng unix

nn khng th chng thuc. Do ta phi tao c s d
liu ring

Tao file /etc/dovecot/passwd

hv1@iforno.vn:{PLAN}123456
hv2@microsoft.com:{PLAN}123456

Chng ta c th m ha password bng MD5, SSHA,

CRYPT..
5*$ea5. -e fu h$ghi+*rn*L$n f# @IGESTfM@N
TZ? CS@L VIRT<AL <SER
Trn Huy Cng

protocols = imap pop3

info_log_path = /var/log/dovecot-info.log

disable_plaintext_auth = no

ssl = no

mail_location = maildir:~/Maildir

pop3_uidl_format = %08Xu%08Xv

auth_verbose = yes
CQ< HRCH iETCi@?VEC?Ti@?VEC?TLC?CS
Trn Huy Cng
passdb {
driver = passwd-file
args = /etc/dovecot/passwd
}
userdb {
driver = static
args = uid=5000 gid=5000 home=/home/vmail/%u
}
CQ< HRCH iETCi@?VEC?Ti@?VEC?TLC?CS
Trn Huy Cng
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,reject_unauth_destination
dovecot_destination_recipient_limit = 1
virtual_transport = dovecot
CQ< HRCH iETCi)?STSITiMAICLCS
Trn Huy Cng
/etc/dovecot/dovecot.conf
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
CQ< HRCH VIRT<AL H?ST
Trn Huy Cng
protocol lda {
postmaster_address = root@newstar.local
hostname = mail.newstar.local
auth_socket_path = /var/run/dovecot/auth-master
mail_plugin_dir = /usr/lib/dovecot
}
CQ< HRCH VIRT<AL H?ST
Trn Huy Cng

Cu hnh posftix nhn mail v chuyn v cho

dovecot phn pht cho virtual user
/etc/postfix/master.cf
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail
argv=/usr/libexec/dovecot/deliver -f ${sender} -d $
{recipient}
CQ< HRCH VIRT<AL H?ST
Trn Huy Cng

Cu hnh posftix nhn mail v chuyn v cho

dovecot phn pht cho virtual user
touch /var/log/dovecot.log
touch /var/log/dovecot-info.log
chown vmail:vmail /var/log/dovecot.log
chown vmail:vmail /var/log/dovecot-info.log
service postfix restart
service dovecot restart
CQ< HRCH VIRT<AL H?ST
Trn Huy Cng

Tao certificate trong thu muc /etc/postfix/ssl

openssl genrsa -out ca!)ey ./01
openssl re& -ne, -)ey ca!)ey -out ca!csr
openssl x2/3 -re& -days 452 -in ca!csr -sign)ey
ca!)ey -out ca!crt
CQ< HRCH SSL
Trn Huy Cng

Cu hnh /etc/postfix/main.cf
smtpd6use6tls 7 yes
smtpd6tls6aut$6only 7 yes
smtpd6tls6)ey68ile 7 9etc9post8ix9ssl9ca!)ey
smtpd6tls6cert68ile 7 9etc9post8ix9ssl9ca!crt
smtpd6tls6:;8ile 7 9etc9post8ix9ssl9ca!crt
smtpd6tls6loglevel 7 .
smtpd6tls6received6$eader 7 yes
smtpd6tls6session6cac$e6timeout 7 45//s
tls6random6source 7 dev<9dev9urandom
CQ< HRCH SSL SMT)
Trn Huy Cng

Cu hnh /etc/dovecot/dovecot.conf
ssl7yes
ssl6cert 7 =9etc9post8ix9ssl9ca!crt
ssl6)ey 7 =9etc9post8ix9ssl9ca!)ey
CQ< HRCH SSL )?)K IMA)
WebMail
Gii !hi"u Mail#er$er
Ci %&! ' C(u hnh )*#!+i,
S-a. A##a##in ' An!i$iru#
Vir!ual H*#!ing ' SSL
Trn Huy Cng

Postfix c th tch hop vi mt s phn mm

chng spam v antivirus nhu spamassasin,
mailscaner, clamav. lm cho h thng mail
an ton hon

Spamassassin l mt sn phm ca apache

tch hop vi mt s email system procmail,
sendmail, Postfix, qmail. lm b loc spam

Spam mail l nhng email khng mong oi t

ngui nhn cho muc ch qung co, la o.
lm nh hung bng thng h thng mang
S)AMASSASSIC
Trn Huy Cng
S)AMASSASSIC
Trn Huy Cng

Chng spam on gin trong postfix

smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_destination,
reject_invalid_hostname,
reject_unknown_sender_domain,
reject_unknown_client
S)AMASSASSIC
Trn Huy Cng

yum install spamassasin

spamassasin chay port 783

File cu hnh chnh

/etc/mail/spamassassin/local.cf
S)AMASSASSIC
Trn Huy Cng

M file /etc/postfix/master.cf
smtp inet n - n - - smtpd 12
-o content_filter=spamassassin (11)
spamassassin unix - n n - -
pipe user=mail argv=/usr/bin/spamc -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
S)AMASSASSIC
Trn Huy Cng

Ci t ci gi clamav
clamav-db: database virus
clamav: chuong trnh dit virus
clamd: bin clamav thnh djch vu trn linux
clamsmtp: tch hop clamav v postfix qut
virus trn cc email
Cp nht csld virus mi bng lnh freshclam
ACTIVIR<S WITH CLAMAV
Trn Huy Cng

Cu hnh /etc/postfix/main.cf
content_filter = scan:127.0.0.1:10025
receive_override_options = no_address_mappings
ACTIVIR<S WITH CLAMAV
Trn Huy Cng

Cu hnh /etc/postfix/master.cf
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
-o smtp_enforce_tls=no
127.0.0.1:10026 inet n - n - 16 smtpd
-o content_filter=
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
ACTIVIR<S WITH CLAMAV
Trn Huy Cng

Cu hnh /etc/clamsmtpd.conf
ClamAddress: /var/run/clamav/clamd.sock (25)
User: clam
TempDirectory: /tmp

n quyn lai cho thu muc

chown clam:clam /var/run/clamd.clamsmtp/
ACTIVIR<S WITH CLAMAV
Trn Huy Cng

service clamd restart

service clamsmtpd restart

service postfix restart

chkconfig postfix on

chkconfig dovecot on

chkconfig spamassassin on

chkconfig clamsmtpd on
ACTIVIR<S WITH CLAMAV
Y<ESTI?C
'
THACj F?< S?R
F?<R ATTECTI?C