{"id":226,"date":"2010-11-19T23:05:45","date_gmt":"2010-11-19T22:05:45","guid":{"rendered":""},"modified":"2010-12-29T17:27:23","modified_gmt":"2010-12-29T15:27:23","slug":"instalacja-systemu-pocztowego-na-ubuntu","status":"publish","type":"post","link":"https:\/\/drfugazi.eu.org\/en\/instalacja-systemu-pocztowego-na-ubuntu\/","title":{"rendered":"Instalacja systemu pocztowego na Ubuntu"},"content":{"rendered":"

Zak\u0142adam, \u017ce system jest zainstalowany i posiada podstawow\u0105 konfiguracj\u0119 z uruchomion\u0105 us\u0142ug\u0105 SSH. Po zalogowaniu przyst\u0119pujemy do instalacji pakietu dovecot-postfix, kt\u00f3ry opisany jest jako w pe\u0142ni funkcjonalny serwer pocztowy:<\/h3>\n
drfugazi@charr:~% sudo aptitude install dovecot-postfix\r\n[sudo] password for drfugazi:\r\nCzytanie list pakiet\u00f3w... Gotowe\r\nBudowanie drzewa zale\u017cno\u015bci\r\nOdczyt informacji o stanie... Gotowe\r\nReading extended state information\r\nInitializing package states... Gotowe\r\nThe following NEW packages will be installed:\r\n  dovecot-common{a} dovecot-imapd{a} dovecot-pop3d{a} dovecot-postfix\r\n0 packages upgraded, 4 newly installed, 0 to remove and 0 not upgraded.\r\nNeed to get 7957kB of archives. After unpacking 15,1MB will be used.\r\nDo you want to continue? [Y\/n\/?] y\r\n...\r\nKonfigurowanie dovecot-common (1:1.2.9-1ubuntu6.1) ...\r\nCreating config file \/etc\/dovecot\/dovecot.conf with new version\r\nCreating config file \/etc\/dovecot\/dovecot-ldap.conf with new version\r\nCreating config file \/etc\/dovecot\/dovecot-sql.conf with new version\r\n<\/code><\/pre>\n
Sprawdzamy czy dzia\u0142a serwer Dovecot i czy da si\u0119 po\u0142\u0105czy\u0107 do serwera IMAP z localhosta:<\/h3>\n
<\/p>\n
drfugazi@charr:~% ps axu|grep dovecot\r\nroot     13772  0.0  0.0   2320   700 ?        Ss   Nov19   0:00 \/usr\/sbin\/dovecot -c \/etc\/dovecot\/dovecot.conf\r\nroot     13775  0.0  0.2  10208  2536 ?        S    Nov19   0:00 dovecot-auth\r\n...\r\ndrfugazi@charr:~% telnet localhost 143\r\nTrying 127.0.0.1...\r\nConnected to localhost.\r\nEscape character is '^]'.\r\n* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.\r\na LOGOUT\r\n* BYE Logging out\r\na OK Logout completed.\r\nConnection closed by foreign host.<\/code><\/pre>\n
Je\u015bli da si\u0119 po\u0142\u0105czy\u0107 z localhosta to spr\u00f3bujmy z zewn\u0105trz:<\/h3>\n
drfugazi@neptun:~% telnet example.com 143\r\nTrying 212.106.X.X...\r\ntelnet: Unable to connect to remote host: Connection timed out<\/code><\/pre>\n
Sprawd\u017amy czy Dovecot s\u0142ucha na zewn\u0119trznym interfejsie:<\/h3>\n
drfugazi@charr:~% netstat -an|grep 143\r\ntcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN<\/code><\/pre>\n
S\u0142ucha na wszystkich interfejsach, dodajmy wi\u0119c regu\u0142\u0119, kt\u00f3ra wpuszcza na port 143 do iptables:<\/h3>\n
sudo iptables -I INPUT -i eth0 -p tcp --syn --dport 143 -d 212.106.X.X -j ACCEPT<\/code><\/pre>\n
Ponawiamy pr\u00f3b\u0119 po\u0142\u0105czenia z zewn\u0105trz:<\/h3>\n
drfugazi@neptun:~% telnet example.com 143\r\nTrying 212.106.X.X...\r\nConnected to example.com.\r\nEscape character is '^]'.\r\n* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS LOGINDISABLED] Dovecot ready.\r\na LOGOUT\r\n* BYE Logging out\r\na OK Logout completed.\r\nConnection closed by foreign host.<\/code><\/pre>\n
Wygl\u0105da na to, \u017ce dzia\u0142a. Mo\u017cna zabra\u0107 si\u0119 za serwer SMTP, tutaj u\u017cyj\u0119 Postfixa. Najpierw sprawdzam jak wygl\u0105da master.cf:<\/h3>\n
drfugazi@charr:~% cd \/etc\/postfix\r\ndrfugazi@charr:\/etc\/postfix% sudo vi master.cf\r\n[sudo] password for drfugazi:<\/code><\/pre>\n
Szczeg\u00f3lnie interesuje nas cz\u0119\u015b\u0107 dotycz\u0105ca submission oraz smtps, je\u015bli jest wykomentowana, to nale\u017cy w\u0142\u0105czy\u0107 oba te bloki. Sprawd\u017amy przy okazji czy odpowiednie wpisy znajduj\u0105 si\u0119 w \/etc\/services:<\/h3>\n
drfugazi@charr:\/etc\/postfix% grep submis \/etc\/services\r\nsubmission      587\/tcp                         # Submission [RFC4409]\r\nsubmission      587\/udp\r\ndrfugazi@charr:\/etc\/postfix% grep smtps \/etc\/services\r\nssmtp           465\/tcp         smtps           # SMTP over SSL<\/code><\/pre>\n
Wygl\u0105da dobrze, sprawd\u017amy co s\u0142ycha\u0107 w main.cf, tutaj na ko\u0144cu pakiet dovecot-postfix doda\u0142 m.in takie linie:<\/h3>\n
mailbox_command = \/usr\/lib\/dovecot\/deliver -c \/etc\/dovecot\/conf.d\/01-dovecot-postfix.conf -n -m \"${EXTENSION}\"\r\nhome_mailbox = Maildir\/\r\nsmtpd_sasl_auth_enable = yes\r\nsmtpd_sasl_type = dovecot\r\nsmtpd_sasl_path = private\/dovecot-auth\r\nsmtpd_sasl_authenticated_header = yes\r\nsmtpd_sasl_security_options = noanonymous\r\nsmtpd_sasl_local_domain = $myhostname\r\nbroken_sasl_auth_clients = yes\r\nsmtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination\r\nsmtpd_sender_restrictions = reject_unknown_sender_domain\r\nsmtp_use_tls = yes\r\nsmtpd_tls_received_header = yes\r\nsmtpd_tls_mandatory_protocols = SSLv3, TLSv1\r\nsmtpd_tls_mandatory_ciphers = medium\r\nsmtpd_tls_auth_only = yes\r\ntls_random_source = dev:\/dev\/urandom<\/code><\/pre>\n
Kiedy\u015b trzeba by\u0142o to konfigurowa\u0107 samemu wg dokumentacji, tu mamy ju\u017c gotowe, na razie to zostawimy i zrobimy restart postfixa, aby uwzgl\u0119dni\u0142 zmiany w master.cf i uruchomi\u0142 obs\u0142ug\u0119 submission i smtps. Uwaga, nie wystarczy tu postfix reload, musimy go zrestartowa\u0107 ca\u0142kiem:<\/h3>\n
drfugazi@charr:\/etc\/postfix% sudo service postfix stop\r\n * Stopping Postfix Mail Transport Agent postfix                                                                 [ OK ]\r\ndrfugazi@charr:\/etc\/postfix% sudo service postfix start\r\n * Starting Postfix Mail Transport Agent postfix                                                                 [ OK ]\r\n<\/code><\/pre>\n
Sprawd\u017amy czy nasz postfix s\u0142ucha na odpowiednich portach: submission (587) i smtps (465):<\/h3>\n
drfugazi@charr:\/etc\/postfix% netstat -an|egrep \"(:587|:465)\"\r\ntcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN\r\ntcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN\r\n<\/code><\/pre>\n
Porty s\u0105 otwarte, spr\u00f3bujmy si\u0119 po\u0142\u0105czy\u0107 z localhosta i zagada\u0107 z Postfixem:<\/h3>\n
drfugazi@charr:\/etc\/postfix% telnet localhost 587\r\nTrying 127.0.0.1...\r\nConnected to localhost.\r\nEscape character is '^]'.\r\n220 charr ESMTP Postfix (Ubuntu)\r\nehlo localhost\r\n250-charr\r\n250-PIPELINING\r\n250-SIZE 10240000\r\n250-VRFY\r\n250-ETRN\r\n250-STARTTLS\r\n250-ENHANCEDSTATUSCODES\r\n250-8BITMIME\r\n250 DSN\r\nstarttls\r\n220 2.0.0 Ready to start TLS\r\n^]\r\ntelnet> quit\r\nConnection closed.<\/code><\/pre>\n
Na port 465 nie b\u0119dziemy si\u0119 \u0142\u0105czy\u0107, bo tam trzeba od razu gada\u0107 SSLem. Spr\u00f3bujmy po\u0142\u0105czenia z zewn\u0105trz, oczywi\u015bcie filtry musz\u0105 przepuszcza\u0107 po\u0142\u0105czenia:<\/h3>\n
drfugazi@charr:\/etc\/postfix% sudo iptables -L -n|egrep \"(:465|:587)\"\r\ndrfugazi@charr:\/etc\/postfix% sudo iptables -I INPUT -i eth0 -p tcp --syn --dport 587 -d 212.106.X.X -j ACCEPT\r\ndrfugazi@charr:\/etc\/postfix% sudo iptables -I INPUT -i eth0 -p tcp --syn --dport 465 -d 212.106.X.X -j ACCEPT\r\ndrfugazi@charr:\/etc\/postfix% sudo iptables -L -n|egrep \"(:465|:587)\"\r\nACCEPT     tcp  --  0.0.0.0\/0            212.106.X.X     tcp dpt:465 flags:0x17\/0x02\r\nACCEPT     tcp  --  0.0.0.0\/0            212.106.X.X     tcp dpt:587 flags:0x17\/0x02\r\n\r\ndrfugazi@charlie:~% telnet example.com 587\r\nTrying 212.106.X.X...\r\nConnected to example.com.\r\nEscape character is '^]'.\r\n220 charr ESMTP Postfix (Ubuntu)\r\nehlo test\r\n250-charr\r\n250-PIPELINING\r\n250-SIZE 10240000\r\n250-VRFY\r\n250-ETRN\r\n250-STARTTLS\r\n250-ENHANCEDSTATUSCODES\r\n250-8BITMIME\r\n250 DSN\r\nstarttls\r\n220 2.0.0 Ready to start TLS\r\n^]\r\ntelnet> quit\r\nConnection closed.<\/code><\/pre>\n
Teraz proponuj\u0119 skonfigurowa\u0107 jaki\u015b program pocztowy i sprawdzi\u0107 czy mo\u017cna si\u0119 zalogowa\u0107 do poczty z u\u017cytkownika, kt\u00f3rego mamy w systemie. Oczywi\u015bcie finalnie mamy mie\u0107 wirtualne domeny i wirtualnych u\u017cytkownik\u00f3w w LDAP, ale proponuj\u0119 zacz\u0105\u0107 od u\u017cytkownika systemowego i dopiero jak zadzia\u0142a to posuwa\u0107 si\u0119 dalej. Je\u015bli do tej pory co\u015b posz\u0142o nie tak, to trzeba sprawdzi\u0107 w logach komunikat b\u0142\u0119du i podj\u0105\u0107 odpowiednie dzia\u0142ania. W razie czego prosz\u0119 pyta\u0107 w komentarzach, spr\u00f3buj\u0119 jako\u015b pom\u00f3c.<\/p>\n
M\u00f3j Thunderbird automagicznie skonfigurowa\u0142 si\u0119 do obs\u0142ugi IMAP z TLS na porcie 143 oraz SMTP z TLS na porcie 587, to bardzo dobra konfiguracja. Je\u015bli klient tego nie potrafi obs\u0142u\u017cy\u0107, to mo\u017cna u\u017cy\u0107 portu 993 do IMAP z SSL lub 955 do POP3 z SSL i 465 do SMTP z SSL albo… zmieni\u0107 klienta poczty \ud83d\ude09<\/p>\n
Spr\u00f3bujmy wys\u0142a\u0107 maila, najlepiej na jakie\u015b swoje zewn\u0119trzne konto, a nast\u0119pnie odpisa\u0107 na tego\u017c maila, sprawdzimy w ten spos\u00f3b przesy\u0142anie w obie strony. Je\u015bli co\u015b p\u00f3jdzie nie tak, to zn\u00f3w trzeba spojrze\u0107 w logi i ewentualnie naprawi\u0107.<\/p>\n
Je\u015bli dzia\u0142a wysy\u0142anie, uwierzytelnianie przy wysy\u0142aniu oraz odbi\u00f3r poczty, to mo\u017cemy przej\u015b\u0107 do ambitniejszych zada\u0144, jak np. instalacja OpenLDAPa:<\/h3>\n
Ca\u0142kiem dobry opis instalacji i wst\u0119pnej konfiguracji LDAPa pod Ubuntu mo\u017cna znale\u017a\u0107 na HowtoForge<\/a>. Ja z tego skorzysta\u0142em, zapis sesji znajduje si\u0119 tutaj: instalacja-i-konfiguracja-openldap<\/a>.<\/h3>\n","protected":false},"excerpt":{"rendered":"
Zak\u0142adam, \u017ce system jest zainstalowany i posiada podstawow\u0105 konfiguracj\u0119 z uruchomion\u0105 us\u0142ug\u0105 SSH. Po zalogowaniu przyst\u0119pujemy do instalacji pakietu dovecot-postfix, kt\u00f3ry opisany jest jako w pe\u0142ni funkcjonalny serwer pocztowy:<\/h3>\n
drfugazi@charr:~% sudo aptitude install dovecot-postfix\r\n[sudo] password for drfugazi:\r\nCzytanie list pakiet\u00f3w... Gotowe\r\nBudowanie drzewa zale\u017cno\u015bci\r\nOdczyt informacji o stanie... Gotowe\r\nReading extended state information\r\nInitializing package states... Gotowe\r\nThe following NEW packages will be installed:\r\n  dovecot-common{a} dovecot-imapd{a} dovecot-pop3d{a} dovecot-postfix\r\n0 packages upgraded, 4 newly installed, 0 to remove and 0 not upgraded.\r\nNeed to get 7957kB of archives. After unpacking 15,1MB will be used.\r\nDo you want to continue? [Y\/n\/?] y\r\n...\r\nKonfigurowanie dovecot-common (1:1.2.9-1ubuntu6.1) ...\r\nCreating config file \/etc\/dovecot\/dovecot.conf with new version\r\nCreating config file \/etc\/dovecot\/dovecot-ldap.conf with new version\r\nCreating config file \/etc\/dovecot\/dovecot-sql.conf with new version\r\n<\/code><\/pre>\n
Sprawdzamy czy dzia\u0142a serwer Dovecot i czy da si\u0119 po\u0142\u0105czy\u0107 do serwera IMAP z localhosta:<\/h3>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[],"tags":[12,51,52,34,11],"jetpack_publicize_connections":[],"acf":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7M9Tz-3E","jetpack-related-posts":[{"id":236,"url":"https:\/\/drfugazi.eu.org\/en\/installation-on-ubuntu\/","url_meta":{"origin":226,"position":0},"title":"Installation of mail system on Ubuntu","author":"drfugazi","date":"Tuesday January 18th, 2011","format":false,"excerpt":"I assume that you have installed system with basic configuration and SSH running. After login to system we can install dovecot-postfix package, which is described as fully functional mail server: drfugazi@charr:~% sudo aptitude install dovecot-postfix [sudo] password for drfugazi: Reading extended state information Initializing package states... Gotowe The following NEW\u2026","rel":"","context":"In \"Mail system\"","block_context":{"text":"Mail system","link":"https:\/\/drfugazi.eu.org\/en\/tag\/mail_system\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":348,"url":"https:\/\/drfugazi.eu.org\/en\/dovecot-2\/","url_meta":{"origin":226,"position":1},"title":"Dovecot","author":"drfugazi","date":"Monday June  4th, 2012","format":false,"excerpt":"Dovecot is an open source IMAP and POP3 email server for Linux\/UNIX-like systems, written with security primarily in mind. Dovecot is an excellent choice for both small and large installations. It's fast, simple to set up, requires no special administration and it uses very little memory.","rel":"","context":"In "Mail system"","block_context":{"text":"Mail system","link":"https:\/\/drfugazi.eu.org\/en\/category\/mail-system\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":374,"url":"https:\/\/drfugazi.eu.org\/en\/mail-system-implementation\/","url_meta":{"origin":226,"position":2},"title":"Mail system implementation","author":"drfugazi","date":"Thursday August 16th, 2012","format":false,"excerpt":"My experience, which I gained during implementation of different systems shows, that implementation should be done in stages. Then, at each stage you can see if it works, if there are some fields to improve and then go to the next stage of implementation. Mail system implementation is not exception.\u2026","rel":"","context":"In "Mail system"","block_context":{"text":"Mail system","link":"https:\/\/drfugazi.eu.org\/en\/category\/mail-system\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":240,"url":"https:\/\/drfugazi.eu.org\/en\/mail-system-authentication-ldap\/","url_meta":{"origin":226,"position":3},"title":"Mail system authentication in LDAP","author":"drfugazi","date":"Wednesday March 16th, 2011","format":false,"excerpt":"I suppose that Dovecot and Postfix are up and running, and you can receive and send mail with system user (see previous posts). It is time to configure authentication in LDAP. Use of directory service to user authentication allows for flexible management of mail system, hosting and so on. LDAP\u2026","rel":"","context":"In \"Mail system\"","block_context":{"text":"Mail system","link":"https:\/\/drfugazi.eu.org\/en\/tag\/mail_system\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":330,"url":"https:\/\/drfugazi.eu.org\/en\/mail-system-authentication-ldap\/","url_meta":{"origin":226,"position":4},"title":"Mail system authentication in LDAP","author":"","date":"Wednesday March 16th, 2011","format":false,"excerpt":"I suppose that Dovecot and Postfix are up and running, and you can receive and send mail with system user (see previous posts). It is time to configure authentication in LDAP. Use of directory service to user authentication allows for flexible management of mail system, hosting and so on. LDAP\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":231,"url":"https:\/\/drfugazi.eu.org\/en\/konfiguracja-uwierzytelniania-poczty-w-ldap\/","url_meta":{"origin":226,"position":5},"title":"Konfiguracja uwierzytelniania poczty w LDAP","author":"drfugazi","date":"Friday December  3rd, 2010","format":false,"excerpt":"Zak\u0142adam, \u017ce Dovecot i Postfix ju\u017c dzia\u0142aj\u0105 i mo\u017cna odebra\u0107 i wys\u0142a\u0107 poczt\u0119 loguj\u0105c si\u0119 na u\u017cytkownika systemowego (patrz poprzednie wpisy). Nadszed\u0142 zatem czas na uruchomienie uwierzytelniania w naszym katalogu LDAP (patrz konfiguracja LDAP). Wykorzystanie LDAPa do uwierzytelniania u\u017cytkownik\u00f3w pozwala na elastyczne zarz\u0105dzanie hostingiem poczty i nie tylko. LDAP jest\u2026","rel":"","context":"In \"Dovecot\"","block_context":{"text":"Dovecot","link":"https:\/\/drfugazi.eu.org\/en\/tag\/dovecot\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts\/226"}],"collection":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/comments?post=226"}],"version-history":[{"count":0,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts\/226\/revisions"}],"wp:attachment":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/media?parent=226"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/categories?post=226"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/tags?post=226"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}