딸기아빠의 IT이야기: 10월 2018

CentOS 7.x Postfix + Dovecot + MySQL + RoundCube Webmail

# yum install postfix dovecot dovecot-mysql roundcubemail

# useradd -u 5000 -d /home/vmail -s /sbin/nologin -m vmail

CREATE DATABASE webmail;
GRANT ALL PRIVILEGES ON webmail.* TO webmail@localhost IDENTIFIED BY 'dbpassword';

CREATE TABLE `webmail`.`virtual_domains` (
`id` INT NOT NULL AUTO_INCREMENT,
`name` VARCHAR(50) NOT NULL,
PRIMARY KEY (`id`)
) DEFAULT CHARSET=utf8;

CREATE TABLE `webmail`.`virtual_users` (
`id` INT NOT NULL AUTO_INCREMENT,
`password` VARCHAR(106) NOT NULL,
`email` VARCHAR(80) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `email` (`email`)
) DEFAULT CHARSET=utf8;

CREATE TABLE `webmail`.`virtual_aliases` (
`id` INT NOT NULL AUTO_INCREMENT,
`source` varchar(100) NOT NULL,
`destination` varchar(100) NOT NULL,
PRIMARY KEY (`id`)
) DEFAULT CHARSET=utf8;

INSERT INTO `webmail`.`virtual_domains` (`id` ,`name`) VALUES
('1', 'aaa.com'),
('2', 'bbb.com'),
('3', 'example.com');

INSERT INTO `webmail`.`virtual_users` (`id`, `password`, `email`) VALUES
('1', ENCRYPT('userpassword', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), 'user1@aaa.com'),
('2', ENCRYPT('userpassword', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), 'user2@aaa.com'),
('3', ENCRYPT('userpassword', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), 'user1@bbb.com'),
('4', ENCRYPT('userpassword', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), 'user2@bbb.com'),
('5', ENCRYPT('userpassword', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), 'user1@example.com'),
('6', ENCRYPT('userpassword', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), 'user2@example.com');

INSERT INTO `webmail`.`virtual_aliases` (`id`, `source`, `destination`) VALUES
('1', 'alias@aaa.com', 'user1@aaa.com'),
('2', 'user2@example.com', 'user1@example.com');

# vi /etc/postfix/mysql-virtual-alias-maps.cf
hosts = 127.0.0.1
dbname = webmail
user = webmail
password = dbpassword
query = SELECT destination FROM virtual_aliases WHERE source='%s'

# vi /etc/postfix/mysql-virtual-users.cf
hosts = 127.0.0.1
dbname = webmail
user = webmail
password = dbpassword
query = SELECT email FROM virtual_users WHERE email='%s'

# vi /etc/postfix/mysql-virtual-mailbox-domains.cf
hosts = 127.0.0.1
dbname = webmail
user = webmail
password = dbpassword
query = SELECT name FROM virtual_domains WHERE name='%s'

# vi /etc/postfix/mysql-virtual-mailbox-maps.cf
hosts = 127.0.0.1
dbname = webmail
user = webmail
password = dbpassword
query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM virtual_users WHERE email='%s'

# chgrp postfix /etc/postfix/mysql-virtual-*.cf
# chmod o= /etc/postfix/mysql-virtual-*.cf

# vi /etc/postfix/main.cf
myhostname = mail.example.com
mydestination = localhost
mynetworks = 127.0.0.0/8
inet_interfaces = all
message_size_limit = 30720000
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual-alias-maps.cf, mysql:/etc/postfix/mysql-virtual-users.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

# vi /etc/postfix/master.cf
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}

submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
#-o smtpd_client_restrictions=$mua_client_restrictions
#-o smtpd_helo_restrictions=$mua_helo_restrictions
#-o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
#-o smtpd_client_restrictions=$mua_client_restrictions
#-o smtpd_helo_restrictions=$mua_helo_restrictions
#-o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING

# systemctl restart postfix
# systemctl status postfix
# postmap -q alias@aaa.com mysql:/etc/postfix/mysql-virtual-alias-maps.cf
# postmap -q user1@aaa.com mysql:/etc/postfix/mysql-virtual-users.cf
# postmap -q aaa.com mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
# postmap -q user1@aaa.com mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf

# mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.ori
# vi /etc/dovecot/dovecot.conf
protocols = imap pop3
listen = *
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_location = maildir:/home/vmail/%d/%n/Maildir

ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem

namespace {
type = private
separator = .
prefix = INBOX.
inbox = yes
}

service auth {
unix_listener auth-master {
mode = 0600
user = vmail
}
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
user = root
}

service auth-worker {
user = root
}

protocol lda {
log_path = /home/vmail/dovecot-deliver.log
auth_socket_path = /var/run/dovecot/auth-master
postmaster_address = postmaster@example.com
}

protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
}

passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}

userdb {
driver = static
args = uid=vmail gid=vmail home=/home/vmail/%d/%n allow_all_users=yes
}

# vi /etc/dovecot/dovecot-sql.conf.ext
driver = mysql
connect = host=127.0.0.1 dbname=webmail user=webmail password=dbpassword
default_pass_scheme = SHA512-CRYPT
password_query = SELECT email as user, password FROM virtual_users WHERE email='%u';

# chown vmail:dovecot /etc/dovecot
# chown vmail:dovecot /etc/dovecot/dovecot.conf
# chown vmail:dovecot /etc/dovecot/dovecot-sql.conf.ext
# chmod o= /etc/dovecot/dovecot-sql.conf.ext

systemctl restart postfix
systemctl restart dovecot
tail -n15 /var/log/maillog

# mysql -u webmail -p webmail < /usr/share/roundcubemail/SQL/mysql.initial.sql

# cp -p /etc/roundcubemail/config.inc.php.sample /etc/roundcubemail/config.inc.php
# vi /etc/roundcubemail/config.inc.php
$config['db_dsnw'] = 'mysql://webmail:dbpassword@localhost/webmail';
$config['product_name'] = 'Webmail'; // HTML Title

# vi /etc/httpd/conf.d/roundcubemail.conf
<Directory /usr/share/roundcubemail/>
<IfModule mod_authz_core.c>
# Apache 2.4
Require local
Require all granted
</IfModule>
</Directory>
<Directory /usr/share/roundcubemail/installer/>
<IfModule mod_authz_core.c>
# Apache 2.4
Require local
Require ip xxx.xxx.xxx.xxx
</IfModule>
</Directory>
# vi /etc/httpd/conf.d/webmail.example.com.conf
<VirtualHost *:80>
ServerName webmail.example.com
DocumentRoot /usr/share/roundcubemail
ErrorLog logs/webmail.example.com-error_log
LogFormat "%V %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vcommon
CustomLog logs/webmail.example.com-access_log vcommon
</VirtualHost>
# systemctl restart httpd

2018년 10월 12일 금요일

CentOS 7.x Postfix + Dovecot + MySQL + RoundCube Webmail

CentOS 7.x Postfix + Dovecot + MySQL + RoundCube Webmail