메그넘

[root@smtp tls]# rpm -qa openssl

openssl-1.0.2k-8.el7.x86_64

[root@smtp tmp]# openssl genrsa -des3 -out private.key 2048

Generating RSA private key, 2048 bit long modulus

....................................................+++

................+++

e is 65537 (0x10001)

Enter pass phrase for private.key:                ------------>  비밀번호 입력.

Verifying - Enter pass phrase for private.key:      -----------> 비밀번호 확인 입력.

[root@smtp tmp]#

[root@smtp tmp]# openssl req -new -key private.key  -out server.csr

Enter pass phrase for private.key:   --------------> 개인키 비밀번호 입력.

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX] KR

[root@smtp tmp]# cp -a private.key  private.key_org

[root@smtp tmp]# openssl rsa -in private.key_org  -out private.key

Enter pass phrase for private.key_org:  --------------> 개인키 비밀번호 입력.   

writing RSA key

[root@smtp tmp]# ls

private.key  private.key_org  server.csr

[root@smtp tmp]#

[root@smtp tmp]# openssl x509 -req -days 365 -in server.csr -signkey private.key -out server.crt

Signature ok

subject=/C=KR/ST=Daejeon/L=Seogu/O=NETRA/OU=Service/CN=mail.weschool.kr/emailAddress=master@weschool.kr

Getting Private key

[root@smtp tmp]# more private.key | head -3

-----BEGIN RSA PRIVATE KEY-----

MIIEogIBAAKCAQEAx/+LzN+U5Xn2/sz9MQFY83WU4nma95zo9WvIPc0H7OlhI2hO

MKcWjbRnD7w3zPw1rYvt+2keZeRKp1B8lq+9HlZnCmS6DWNCajW6c9kcLbWI65I7

[root@smtp tmp]#

[root@smtp tmp]# more server.crt | head -3

-----BEGIN CERTIFICATE-----

MIIDnDCCAoQCCQDAlK1Edjlw/jANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMC

S1IxEDAOBgNVBAgMB0RhZWplb24xDjAMBgNVBAcMBVNlb2d1MQ4wDAYDVQQKDAVO

[root@smtp tmp]#

[root@cca php-fpm.d]# more www.conf

; 오라클 설정 파일

env[ORACLE_HOME] =/usr/lib/oracle/11.2/client64

env[NLS_LANG] = KOREAN_KOREA.KO16MSWIN949

env[LD_LIBRARY_PATH] = /usr/include/oracle/11.2/client64/lib:$LD_LIBRARY_PATH

env[NLS_DATE_FORMAT] = "YYYY-MM-DD HH:MI:SS"

 패키지

버전 및 항목 

Nginx

 Package

nginx-mod-mail-1.12.2-2.el7.x86_64

nginx-mod-http-image-filter-1.12.2-2.el7.x86_64

php72u-fpm-nginx-7.2.9-1.ius.centos7.noarch

nginx-filesystem-1.12.2-2.el7.noarch

nginx-mod-http-geoip-1.12.2-2.el7.x86_64

nginx-mod-http-xslt-filter-1.12.2-2.el7.x86_64

nginx-1.12.2-2.el7.x86_64

nginx-all-modules-1.12.2-2.el7.noarch

python2-certbot-nginx-0.26.1-1.el7.noarch

nginx-mod-http-perl-1.12.2-2.el7.x86_64

nginx-mod-stream-1.12.2-2.el7.x86_64

 configure

 1. /etc/nginx/conf.d/web1.conf

server {

        ## Configuration ##################################################

listen 80;

        client_max_body_size    2048M;

        server_name     U.domain.com;

        root    /home/webmaster/web1/html;

        access_log      /home/webmaster/web1/logs/access.log;

        location / {

                index  index.html  index.htm  index.php;

        }

        error_page      403 404 500 502 503 504 /error.html;

        location = /error.html {

        }

        location ~ \.php$ {

                fastcgi_pass   php-fpm;

                fastcgi_index  index.php;

                fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

                include        fastcgi_params;

        }

}

2. /etc/nginx/conf.d/php-fpm.conf

# PHP-FPM FastCGI server

# network or unix domain socket configuration

upstream php-fpm {

        #server 127.0.0.1:9000;

        server unix:/run/php-fpm/www.sock;

}

PHP-FPM

 Package

php72u-xml-7.2.9-1.ius.centos7.x86_64

php72u-fpm-nginx-7.2.9-1.ius.centos7.noarch

php72u-mbstring-7.2.9-1.ius.centos7.x86_64

php72u-imap-7.2.9-1.ius.centos7.x86_64

php72u-fpm-7.2.9-1.ius.centos7.x86_64

php72u-json-7.2.9-1.ius.centos7.x86_64

php72u-pdo-7.2.9-1.ius.centos7.x86_64

php72u-opcache-7.2.9-1.ius.centos7.x86_64

php72u-common-7.2.9-1.ius.centos7.x86_64

php72u-gd-7.2.9-1.ius.centos7.x86_64

php72u-intl-7.2.9-1.ius.centos7.x86_64

php72u-mysqlnd-7.2.9-1.ius.centos7.x86_64

php72u-pecl-apcu-5.1.11-1.ius.centos7.x86_64

 configure

1. /etc/php.ini      --->  메일서비스를 위해 세팅된 내용으로 disable_funcions 기능을 제한하지 않았음.

[PHP]

engine = On

zlib.output_compression = Off

zend.enable_gc = On

file_uploads = On

upload_tmp_dir = /tmp

upload_max_filesize = 3072M

max_file_uploads = 20

allow_url_include = Off

[CLI Server]

pcre.jit=0

pdo_mysql.default_socket=

ibase.allow_persistent = 1

[PostgreSQL]

session.use_cookies = 1

[mbstring]

[Tidy]

 Postfix

 Package

postfix32u-mysql-3.2.5-2.ius.centos7.x86_64

postfix32u-sqlite-3.2.5-2.ius.centos7.x86_64

postfix32u-debuginfo-3.2.5-2.ius.centos7.x86_64

postfix32u-3.2.5-2.ius.centos7.x86_64

postfix32u-cdb-3.2.5-2.ius.centos7.x86_64

postfix32u-perl-scripts-3.2.5-2.ius.centos7.x86_64

postfix32u-pcre-3.2.5-2.ius.centos7.x86_64

postfix32u-ldap-3.2.5-2.ius.centos7.x86_64

postfix32u-pgsql-3.2.5-2.ius.centos7.x86_64

 configure

1. /etc/postfix/main.cf

# --------------------

# INSTALL-TIME CONFIGURATION INFORMATION

#

# location of the Postfix queue. Default is /var/spool/postfix.

queue_directory = /var/spool/postfix

# location of all postXXX commands. Default is /usr/sbin.

command_directory = /usr/sbin

# location of all Postfix daemon programs (i.e. programs listed in the

# master.cf file). This directory must be owned by root.

# Default is /usr/libexec/postfix

daemon_directory = /usr/libexec/postfix

# location of Postfix-writable data files (caches, random numbers).

# This directory must be owned by the mail_owner account (see below).

# Default is /var/lib/postfix.

data_directory = /var/lib/postfix

# owner of the Postfix queue and of most Postfix daemon processes.

# Specify the name of a user account THAT DOES NOT SHARE ITS USER OR GROUP ID

# WITH OTHER ACCOUNTS AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM.

# In particular, don't specify nobody or daemon. PLEASE USE A DEDICATED USER.

# Default is postfix.

mail_owner = postfix

# The following parameters are used when installing a new Postfix version.

#

# sendmail_path: The full pathname of the Postfix sendmail command.

# This is the Sendmail-compatible mail posting interface.

#

sendmail_path = /usr/sbin/sendmail.postfix

# newaliases_path: The full pathname of the Postfix newaliases command.

# This is the Sendmail-compatible command to build alias databases.

#

newaliases_path = /usr/bin/newaliases.postfix

# full pathname of the Postfix mailq command.  This is the Sendmail-compatible

# mail queue listing command.

mailq_path = /usr/bin/mailq.postfix

# group for mail submission and queue management commands.

# This must be a group name with a numerical group ID that is not shared with

# other accounts, not even with the Postfix account.

setgid_group = postdrop

# external command that is executed when a Postfix daemon program is run with

# the -D option.

#

# Use "command .. & sleep 5" so that the debugger can attach before

# the process marches on. If you use an X-based debugger, be sure to

# set up your XAUTHORITY environment variable before starting Postfix.

#

debugger_command =

    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

    ddd $daemon_directory/$process_name $process_id & sleep 5

debug_peer_level = 2

# --------------------

# CUSTOM SETTINGS

#

# SMTP server response code when recipient or domain not found.

unknown_local_recipient_reject_code = 550

# Do not notify local user.

biff = no

# Disable the rewriting of "site!user" into "user@site".

swap_bangpath = no

# Disable the rewriting of the form "user%domain" to "user@domain".

allow_percent_hack = no

# Allow recipient address start with '-'.

allow_min_user = no

# Disable the SMTP VRFY command. This stops some techniques used to

# harvest email addresses.

disable_vrfy_command = yes

# Enable both IPv4 and/or IPv6: ipv4, ipv6, all.

inet_protocols = all

# Enable all network interfaces.

inet_interfaces = all

#

# TLS settings.

#

# SSL key, certificate, CA

#

smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem

smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem

#smtpd_tls_CAfile = /etc/pki/tls/certs/iRedMail.crt

#smtpd_tls_CApath = /etc/pki/tls/certs

#

# Disable SSLv2, SSLv3

#

smtpd_tls_protocols = !SSLv2 !SSLv3

smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3

smtp_tls_protocols = !SSLv2 !SSLv3

smtp_tls_mandatory_protocols = !SSLv2 !SSLv3

lmtp_tls_protocols = !SSLv2 !SSLv3

lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3

#

# Fix 'The Logjam Attack'.

#

smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA

smtpd_tls_dh512_param_file = /etc/pki/tls/dh512_param.pem

smtpd_tls_dh1024_param_file = /etc/pki/tls/dh2048_param.pem

tls_random_source = dev:/dev/urandom

# Log only a summary message on TLS handshake completion — no logging of client

# certificate trust-chain verification errors if client certificate

# verification is not required. With Postfix 2.8 and earlier, log the summary

# message, peer certificate summary information and unconditionally log

# trust-chain verification errors.

smtp_tls_loglevel = 1

smtpd_tls_loglevel = 1

# Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do

# not require that clients use TLS encryption.

smtpd_tls_security_level = may

# Produce `Received:` message headers that include information about the

# protocol and cipher used, as well as the remote SMTP client CommonName and

# client certificate issuer CommonName.

# This is disabled by default, as the information may be modified in transit

# through other mail servers. Only information that was recorded by the final

# destination can be trusted.

#smtpd_tls_received_header = yes

# Opportunistic TLS, used when Postfix sends email to remote SMTP server.

# Use TLS if this is supported by the remote SMTP server, otherwise use

# plaintext.

# References:

#   - http://www.postfix.org/TLS_README.html#client_tls_may

#   - http://www.postfix.org/postconf.5.html#smtp_tls_security_level

smtp_tls_security_level = may

# Use the same CA file as smtpd.

smtp_tls_CApath = /etc/pki/tls/certs

smtp_tls_CAfile = $smtpd_tls_CAfile

smtp_tls_note_starttls_offer = yes

# Enable long, non-repeating, queue IDs (queue file names).

# The benefit of non-repeating names is simpler logfile analysis and easier

# queue migration (there is no need to run "postsuper" to change queue file

# names that don't match their message file inode number).

#enable_long_queue_ids = yes

# Reject unlisted sender and recipient

smtpd_reject_unlisted_recipient = yes

smtpd_reject_unlisted_sender = yes

# Header and body checks with PCRE table

#header_checks = pcre:/etc/postfix/header_checks

#body_checks = pcre:/etc/postfix/body_checks.pcre

# A mechanism to transform commands from remote SMTP clients.

# This is a last-resort tool to work around client commands that break

# interoperability with the Postfix SMTP server. Other uses involve fault

# injection to test Postfix's handling of invalid commands.

# Requires Postfix-2.7+.

#smtpd_command_filter = pcre:/etc/postfix/command_filter.pcre

# HELO restriction

smtpd_helo_required = yes

smtpd_helo_restrictions =

    permit_mynetworks

    permit_sasl_authenticated

    check_helo_access pcre:/etc/postfix/helo_access.pcre

    reject_non_fqdn_helo_hostname

    reject_unknown_helo_hostname

# Sender restrictions

smtpd_sender_restrictions =

    #reject_unknown_sender_domain

    reject_non_fqdn_sender

    reject_unlisted_sender

    permit_mynetworks

    permit_sasl_authenticated

    check_sender_access pcre:/etc/postfix/sender_access.pcre

# Recipient restrictions

smtpd_recipient_restrictions =

    reject_non_fqdn_recipient

    reject_unlisted_recipient

    #check_policy_service inet:127.0.0.1:7777

    permit_mynetworks

    permit_sasl_authenticated

    reject_unauth_destination

# END-OF-MESSAGE restrictions

# smtpd_end_of_data_restrictions =

    # check_policy_service inet:127.0.0.1:7777

# Data restrictions

smtpd_data_restrictions = reject_unauth_pipelining

proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps

# Avoid duplicate recipient messages. Default is 'yes'.

enable_original_recipient = no

# Virtual support.

virtual_minimum_uid = 2000

virtual_uid_maps = static:2000

virtual_gid_maps = static:2000

virtual_mailbox_base = /Disk1/vmail

# Do not set virtual_alias_domains.

virtual_alias_domains =

#

# Enable SASL authentication on port 25 and force TLS-encrypted SASL authentication.

# WARNING: NOT RECOMMENDED to enable smtp auth on port 25, all end users should

#          be forced to submit email through port 587 instead.

#

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_tls_auth_only = no

# hostname

myhostname = smtp.mailu.kr

myorigin = smtp.mailu.kr

mydomain = smtp.mailu.kr

# trusted SMTP clients which are allowed to relay mail through Postfix.

#

# Note: additional IP addresses/networks listed in mynetworks should be listed

#       in iRedAPD setting 'MYNETWORKS' (in `/opt/iredapd/settings.py`) too.

#       for example:

#

#       MYNETWORKS = ['xx.xx.xx.xx', 'xx.xx.xx.0/24', ...]

#

mynetworks = 127.0.0.1 [::1]

# Accepted local emails

mydestination = $myhostname, localhost, localhost.localdomain

alias_maps = hash:/etc/postfix/aliases

alias_database = hash:/etc/postfix/aliases

# Default message_size_limit.

message_size_limit = 524288000

mailbox_size_limit = 629145600

# The set of characters that can separate a user name from its extension

# (example: user+foo), or a .forward file name from its extension (example:

# .forward+foo).

# Postfix 2.11 and later supports multiple characters.

recipient_delimiter = +

# The time after which the sender receives a copy of the message headers of

# mail that is still queued. Default setting is disabled (0h) by Postfix.

#delay_warning_time = 1h

#

# Lookup virtual mail accounts

#

transport_maps =

    proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf

    proxy:mysql:/etc/postfix/mysql/transport_maps_maillist.cf

    proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf

sender_dependent_relayhost_maps =

    proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf

# Lookup table with the SASL login names that own the sender (MAIL FROM) addresses.

smtpd_sender_login_maps =

    proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf

virtual_mailbox_domains =

    proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf

relay_domains =

    $mydestination

    proxy:mysql:/etc/postfix/mysql/relay_domains.cf

virtual_mailbox_maps =

    proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf

virtual_alias_maps =

    proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf

    proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf

    proxy:mysql:/etc/postfix/mysql/catchall_maps.cf

    proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf

sender_bcc_maps =

    proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf

    proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf

recipient_bcc_maps =

    proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf

    proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf

#

# Postscreen

#

postscreen_greet_action = drop

postscreen_blacklist_action = drop

postscreen_dnsbl_action = drop

postscreen_dnsbl_threshold = 2

postscreen_dnsbl_sites =

    zen.spamhaus.org=127.0.0.[2..11]*3

    b.barracudacentral.org=127.0.0.2*2

postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply

postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr

# Require Postfix-2.11+

#postscreen_dnsbl_whitelist_threshold = -2

#

# Dovecot SASL support.

#

smtpd_sasl_type = dovecot

smtpd_sasl_path = private/dovecot-auth

virtual_transport = dovecot

dovecot_destination_recipient_limit = 1

#

# mlmmj - mailing list manager

#

#mlmmj_destination_recipient_limit = 1

#

# Amavisd + SpamAssassin + ClamAV

#

#content_filter = smtp-amavis:[127.0.0.1]:10024

# Concurrency per recipient limit.

#smtp-amavis_destination_recipient_limit = 1

meta_directory = /etc/postfix

sample_directory = /usr/share/doc/postfix32u-3.2.5/samples

readme_directory = /usr/share/doc/postfix32u-3.2.5/README_FILES

manpage_directory = /usr/share/man

html_directory = no

shlib_directory = /usr/lib64/postfix

2. /etc/master.cf

#

# Postfix master process configuration file.  For details on the format

# of the file, see the master(5) manual page (command: "man 5 master").

#

# Do not forget to execute "postfix reload" after editing this file.

#

# ==========================================================================

# service type  private unpriv  chroot  wakeup  maxproc command + args

#               (yes)   (yes)   (yes)   (never) (100)

# ==========================================================================

#smtp      inet  n       -       -       -       -       smtpd

smtp      inet  n       -       n       -       1       postscreen

smtpd     pass  -       -       n       -       -       smtpd

dnsblog   unix  -       -       n       -       0       dnsblog

tlsproxy  unix  -       -       n       -       0       tlsproxy

#submission inet n       -       n       -       -       smtpd

#  -o syslog_name=postfix/submission

#  -o smtpd_tls_security_level=encrypt

#  -o smtpd_sasl_auth_enable=yes

#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

#  -o milter_macro_daemon_name=ORIGINATING

#  -o smtpd_reject_unlisted_recipient=no

#  -o smtpd_client_restrictions=$mua_client_restrictions

#  -o smtpd_helo_restrictions=$mua_helo_restrictions

#  -o smtpd_sender_restrictions=$mua_sender_restrictions

#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

#  -o milter_macro_daemon_name=ORIGINATING

#smtps     inet  n       -       n       -       -       smtpd

#  -o syslog_name=postfix/smtps

#  -o smtpd_tls_wrappermode=yes

#  -o smtpd_sasl_auth_enable=yes

#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

#  -o milter_macro_daemon_name=ORIGINATING

#  -o smtpd_reject_unlisted_recipient=no

#  -o smtpd_client_restrictions=$mua_client_restrictions

#  -o smtpd_helo_restrictions=$mua_helo_restrictions

#  -o smtpd_sender_restrictions=$mua_sender_restrictions

#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

#  -o milter_macro_daemon_name=ORIGINATING

#628       inet  n       -       n       -       -       qmqpd

pickup    unix  n       -       n       60      1       pickup

cleanup   unix  n       -       n       -       0       cleanup

qmgr      unix  n       -       n       300     1       qmgr

#qmgr     unix  n       -       n       300     1       oqmgr

tlsmgr    unix  -       -       n       1000?   1       tlsmgr

rewrite   unix  -       -       n       -       -       trivial-rewrite

bounce    unix  -       -       n       -       0       bounce

defer     unix  -       -       n       -       0       bounce

trace     unix  -       -       n       -       0       bounce

verify    unix  -       -       n       -       1       verify

flush     unix  n       -       n       1000?   0       flush

proxymap  unix  -       -       n       -       -       proxymap

proxywrite unix -       -       n       -       1       proxymap

smtp      unix  -       -       n       -       -       smtp

relay     unix  -       -       n       -       -       smtp

#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5

showq     unix  n       -       n       -       -       showq

error     unix  -       -       n       -       -       error

retry     unix  -       -       n       -       -       error

discard   unix  -       -       n       -       -       discard

local     unix  -       n       n       -       -       local

virtual   unix  -       n       n       -       -       virtual

lmtp      unix  -       -       n       -       -       lmtp

anvil     unix  -       -       n       -       1       anvil

scache    unix  -       -       n       -       1       scache

#

# ====================================================================

# Interfaces to non-Postfix software. Be sure to examine the manual

# pages of the non-Postfix software to find out what options it wants.

#

# Many of the following services use the Postfix pipe(8) delivery

# agent.  See the pipe(8) man page for information about ${recipient}

# and other message envelope options.

# ====================================================================

#

# maildrop. See the Postfix MAILDROP_README file for details.

# Also specify in main.cf: maildrop_destination_recipient_limit=1

#

#maildrop  unix  -       n       n       -       -       pipe

#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}

#

# ====================================================================

#

# Recent Cyrus versions can use the existing "lmtp" master.cf entry.

#

# Specify in cyrus.conf:

#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4

#

# Specify in main.cf one or more of the following:

#  mailbox_transport = lmtp:inet:localhost

#  virtual_transport = lmtp:inet:localhost

#

# ====================================================================

#

# Cyrus 2.1.5 (Amos Gouaux)

# Also specify in main.cf: cyrus_destination_recipient_limit=1

#

#cyrus     unix  -       n       n       -       -       pipe

#  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}

#

# ====================================================================

#

# Old example of delivery via Cyrus.

#

#old-cyrus unix  -       n       n       -       -       pipe

#  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}

#

# ====================================================================

#

# See the Postfix UUCP_README file for configuration details.

#

#uucp      unix  -       n       n       -       -       pipe

#  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

#

# ====================================================================

#

# Other external delivery methods.

#

#ifmail    unix  -       n       n       -       -       pipe

#  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)

#

#bsmtp     unix  -       n       n       -       -       pipe

#  flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

#

#scalemail-backend unix -       n       n       -       2       pipe

#  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store

#  ${nexthop} ${user} ${extension}

#

#mailman   unix  -       n       n       -       -       pipe

#  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py

#  ${nexthop} ${user}

# Submission, port 587, force TLS connection.

submission inet n       -       n       -       -       smtpd

  -o syslog_name=postfix/submission

  -o smtpd_tls_security_level=encrypt

  -o smtpd_sasl_auth_enable=yes

  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

  #-o content_filter=smtp-amavis:[127.0.0.1]:10026

# Use dovecot's `deliver` program as LDA.

dovecot unix    -       n       n       -       -      pipe

    flags=DRh user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${domain} -m ${extension}

# mlmmj - mailing list manager

# ${nexthop} is '%d/%u' in transport ('mlmmj:%d/%u')

#mlmmj   unix  -       n       n       -       -       pipe

#    flags=ORhu user=mlmmj:mlmmj argv=/usr/bin/mlmmj-amime-receive -L /var/vmail/mlmmj/${nexthop}

# Amavisd integration.

#smtp-amavis unix -  -   n   -   1  smtp

#    -o syslog_name=postfix/amavis

#    -o smtp_data_done_timeout=1200

#    -o smtp_send_xforward_command=yes

#    -o disable_dns_lookups=yes

#    -o max_use=20

127.0.0.1:10025 inet n  -   n   -   -  smtpd

    -o syslog_name=postfix/10025

    -o content_filter=

    -o mynetworks_style=host

    -o mynetworks=127.0.0.0/8

    -o local_recipient_maps=

    -o relay_recipient_maps=

    -o strict_rfc821_envelopes=yes

    -o smtp_tls_security_level=none

    -o smtpd_tls_security_level=none

    -o smtpd_restriction_classes=

    -o smtpd_delay_reject=no

    -o smtpd_client_restrictions=permit_mynetworks,reject

    -o smtpd_helo_restrictions=

    -o smtpd_sender_restrictions=

    -o smtpd_recipient_restrictions=permit_mynetworks,reject

    -o smtpd_end_of_data_restrictions=

    -o smtpd_error_sleep_time=0

    -o smtpd_soft_error_limit=1001

    -o smtpd_hard_error_limit=1000

    -o smtpd_client_connection_count_limit=0

    -o smtpd_client_connection_rate_limit=0

    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings

3. /etc/postfix/body_checks.pcre

4. /etc/postfix/helo_access.pcre

#---------------------------------------------------------------------

# This file is part of iRedMail, which is an open source mail server

# solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu.

#

# iRedMail is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# iRedMail is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with iRedMail.  If not, see <http://www.gnu.org/licenses/>.

#---------------------------------------------------------------------

#

# Sample Postfix check_helo_access rule. It should be located at:

#   /etc/postfix/check_helo_access.pcre

#

# Shipped within iRedMail project:

#   * http://www.iredmail.org/

# Prepend HELO hostname of sender server

#/(.*)/ PREPEND X-Original-Helo: $1 (iRedMail: http://www.iredmail.org/)

# No one will use these in helo command.

/^(localhost)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/^(localhost.localdomain)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(\.local)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

# Reject who use IP address as helo.

# Correct:      [xxx.xxx.xxx.xxx]

# Incorrect:    xxx.xxx.xxx.xxx

/^([0-9\.]+)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (${1})

#

# This is the real HELO identify of these ISPs:

#   sohu.com    websmtp.sohu.com relay2nd.mail.sohu.com

#   126.com     m15-78.126.com

#   163.com     m31-189.vip.163.com m13-49.163.com

#   sina.com    mail2-209.sinamail.sina.com.cn

#   gmail.com   xx-out-NNNN.google.com

/^(126\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})

/^(163\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})

/^(163\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})

/^(sohu\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})

/^(gmail\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})

/^(google\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})

/^(yahoo\.com\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})

/^(yahoo\.co\.jp)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1})

#

# Spammers.

#

/^(728154EA470B4AA\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(taj-co\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(CF8D3DB045C1455\.net)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(dsgsfdg\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(se\.nit7-ngbo\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(mail\.goo\.ne\.jp)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(n-ong_an\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(meqail\.teamefs-ine5tl\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(zzg\.jhf-sp\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(din_glo-ng\.net)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(fda-cnc\.ie\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(yrtaj-yrco\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(m\.am\.biz\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(xr_haig\.roup\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(hjn\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(we_blf\.com\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(netvigator\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(mysam\.biz)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(mail\.teams-intl\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(seningbo\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(nblf\.com\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(kdn\.ktguide\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(zzsp\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(nblongan\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(dpu\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(nbalton\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(cncie\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(xinhaigroup\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(wz\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/(\.zj\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/(\.kornet)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1})

/^(dsldevice\.lan)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/^(system\.mail)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/^(speedtouch\.lan)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/^(dsldevice\.lan)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

#

# Reject adsl spammers.

#

# match word `adsl` with word boundary `\b`.

/(\badsl\b)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})

# bypass "[IP_ADDRESS]"

/^\[(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\]$/ DUNNO

# bypass some HELOs which contains IP address

/^o\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}\.outbound-mail\.sendgrid\.net$/ DUNNO

# reject HELO which contains IP address

/(\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3})/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})

/(\d{1,3}\.ip\.-\d{1,3}-\d{1,3}-\d{1,3}\.eu)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})

/(pppoe)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})

/(dsl\.brasiltelecom\.net\.br)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})

/(dsl\.optinet\.hr)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})

/(dsl\.telesp\.net\.br)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})

/(dialup)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})

/(dhcp)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})

/(static-pool-[\d\.-]*\.flagman\.zp\.ua)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})

/(speedy\.com\.ar)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})

/(speedyterra\.com\.br)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})

/(static\.sbb\.rs)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})

/(static\.vsnl\.net\.in)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1})

/(advance\.com\.ar)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(airtelbroadband\.in)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(bb\.netvision\.net\.il)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(broadband3\.iol\.cz)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(cable\.net\.co)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(catv\.broadband\.hu)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(chello\.nl)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(chello\.sk)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(client\.mchsi\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(comunitel\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(coprosys\.cz)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(dclient\.hispeed\.ch)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(dip0\.t-ipconnect\.de)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(domain\.invalid)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(dyn\.centurytel\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(embarqhsd\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(emcali\.net\.co)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(epm\.net\.co)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(eutelia\.it)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(fibertel\.com\.ar)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(freedom2surf\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(hgcbroadband\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(HINET-IP\.hinet\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(infonet\.by)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(is74\.ru)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(kievnet\.com\.ua)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(metrotel\.net\.co)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(nw\.nuvox\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(pldt\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(pool\.invitel\.hu)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(pool\.ukrtel\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(pools\.arcor-ip\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(pppoe\.avangarddsl\.ru)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(retail\.telecomitalia\.it)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(revip2\.asianet\.co\.th)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(tim\.ro)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(tsi\.tychy\.pl)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(ttnet\.net\.tr)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(tttmaxnet\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(user\.veloxzone\.com\.br)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(utk\.ru)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(veloxzone\.com\.br)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(virtua\.com\.br)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(wanamaroc\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(wbt\.ru)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(wireless\.iaw\.on\.ca)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(business\.telecomitalia\.it)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(cotas\.com\.bo)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(marunouchi\.tokyo\.ocn\.ne\.jp)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(amedex\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/(aageneva\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1})

/^ylmf-pc/ REJECT ACCESS DENIED

5. /etc/postfix/postscreen_access.cidr

# Rules are evaluated in the order as specified.

#1.2.3.4 permit

#2.3.4.5 reject

# Permit local clients

127.0.0.0/8 permit

6. /etc/postfix/postscreen_dnsbl_reply

7. /etc/postfix/sender_access.pcre

8. /etc/postfix/mysql/catchall_maps.cf

hosts       = 127.0.0.1:3306

user        = vmail 

password    = rladudrl

dbname      = vmail

query       = SELECT forwardings.forwarding FROM forwardings,domain WHERE forwardings.address='%d' AND '%u' NOT LIKE '%%+%%' AND forwardings.address=domain.domain AND forwardings.active=1 AND domain.active=1 AND domain.backupmx=0

9. /etc/postfix/mysql/domain_alias_catchall_maps.cf

hosts       = 127.0.0.1:3306

user        = vmail 

password    = rladudrl

dbname      = vmail

query       = SELECT forwardings.forwarding FROM forwardings,alias_domain,domain WHERE alias_domain.alias_domain='%d' AND forwardings.address=alias_domain.target_domain AND alias_domain.target_domain=domain.domain AND forwardings.active=1 AND alias_domain.active=1

10. /etc/postfix/mysql/domain_alias_maps.cf

hosts       = 127.0.0.1:3306

user        = vmail 

password    = rladudrl

dbname      = vmail

query       = SELECT forwardings.forwarding FROM forwardings,alias_domain,domain WHERE alias_domain.alias_domain='%d' AND forwardings.address=alias_domain.target_domain AND alias_domain.target_domain=domain.domain AND forwardings.active=1 AND alias_domain.active=1

11. /etc/postfix/mysql/recipient_bcc_maps_domain.cf

hosts       = 127.0.0.1:3306

user        = vmail

password    = rladudrl 

dbname      = vmail

query       = SELECT bcc_address FROM recipient_bcc_domain WHERE domain='%d' AND active=1

12. /etc/postfix/mysql/recipient_bbs_maps_user.cf

hosts       = 127.0.0.1:3306

user        = vmail 

password    = rladudrl

dbname      = vmail

query       = SELECT recipient_bcc_user.bcc_address FROM recipient_bcc_user,domain WHERE recipient_bcc_user.username='%s' AND recipient_bcc_user.domain='%d' AND recipient_bcc_user.domain=domain.domain AND domain.backupmx=0 AND domain.active=1 AND recipient_bcc_user.active=1

13. /etc/postfix/mysql/relay_domains.cf

hosts       = 127.0.0.1:3306

user        = vmail

password    = rladudrl 

dbname      = vmail

query       = (SELECT domain

                 FROM domain

                WHERE domain='%s'

                      AND backupmx=1

                      AND active=1

                LIMIT 1)

                UNION

              (SELECT alias_domain.target_domain

                 FROM alias_domain, domain

                WHERE alias_domain.alias_domain='%s'

                      AND alias_domain.target_domain=domain.domain

                      AND domain.backupmx=1

                      AND domain.active=1

                LIMIT 1)

14. /etc/postfix/mysql/sender_bcc_maps_domain.cf

hosts       = 127.0.0.1:3306

user        = vmail

password    = rladudrl

dbname      = vmail

query       = SELECT bcc_address FROM sender_bcc_domain WHERE domain='%d' AND active=1

15. /etc/postfix/mysql/sender_bcc_maps_user.cf

hosts       = 127.0.0.1:3306

user        = vmail 

password    = rladudrl

dbname      = vmail

query       = SELECT sender_bcc_user.bcc_address FROM sender_bcc_user,domain WHERE sender_bcc_user.username='%s' AND sender_bcc_user.domain='%d' AND sender_bcc_user.domain=domain.domain AND domain.backupmx=0 AND domain.active=1 AND sender_bcc_user.active=1

16. /etc/postfix/mysql/sender_dependent_relayhost_maps.cf

hosts       = 127.0.0.1:3306

user        = vmail

password    = rladudrl 

dbname      = vmail

# '%s' will be replaced by the envelope sender address or @domain.

query       = SELECT relayhost FROM sender_relayhost WHERE account='%s' LIMIT 1

17. /etc/postfix/mysql/sender_login_maps.cf

hosts       = 127.0.0.1:3306

user        = vmail

password    = rladudrl 

dbname      = vmail

query       = SELECT mailbox.username FROM mailbox,domain WHERE mailbox.username='%s' AND mailbox.domain='%d' AND mailbox.domain=domain.domain AND mailbox.enablesmtp=1 AND mailbox.active=1 AND domain.backupmx=0 AND domain.active=1

18. /etc/postfix/mysql/transport_maps_domain.cf

hosts       = 127.0.0.1:3306

user        = vmail 

password    = rladudrl

dbname      = vmail

query       = SELECT transport FROM domain WHERE domain='%s' AND active=1

19. /etc/postfix/mysql/transport_maps_maillist.cf

hosts       = 127.0.0.1:3306

user        = vmail

password    = rladudrl

dbname      = vmail

query       = SELECT maillists.transport FROM maillists,domain WHERE maillists.address='%s' AND maillists.active=1 AND maillists.domain = domain.domain AND domain.active=1

20. /etc/postfix/mysql/transport_maps_user.cf

hosts       = 127.0.0.1:3306

user        = vmail

password    = rladudrl 

dbname      = vmail

query       = SELECT mailbox.transport FROM mailbox,domain WHERE mailbox.username='%s' AND mailbox.domain='%d' AND mailbox.domain=domain.domain AND mailbox.transport<>'' AND mailbox.active=1 AND mailbox.enabledeliver=1 AND domain.backupmx=0 AND domain.active=1

21. /etc/postfix/mysql/virtual_alias_maps.cf

hosts       = 127.0.0.1:3306

user        = vmail

password    = rladudrl 

dbname      = vmail

query       = SELECT forwardings.forwarding FROM forwardings,domain WHERE forwardings.address='%s' AND forwardings.domain=domain.domain AND forwardings.active=1 AND domain.backupmx=0 AND domain.active=1

22. /etc/postfix/mysql/virtual_mailbox_domains.cf

hosts       = 127.0.0.1:3306

user        = vmail

password    = rladudrl 

dbname      = vmail

query       = SELECT domain FROM domain WHERE domain='%s' AND backupmx=0 AND active=1 UNION SELECT alias_domain.alias_domain FROM alias_domain,domain WHERE alias_domain.alias_domain='%s' AND alias_domain.active=1 AND alias_domain.target_domain=domain.domain AND domain.active=1 AND domain.backupmx=0

23. /etc/postfix/mysql/virtual_mailbox_maps.cf

hosts       = 127.0.0.1:3306

user        = vmail

password    = rladudrl 

dbname      = vmail

query       = SELECT CONCAT(mailbox.storagenode, '/', mailbox.maildir, '/Maildir/') FROM mailbox,domain WHERE mailbox.username='%s' AND mailbox.active=1 AND mailbox.enabledeliver=1 AND domain.domain = mailbox.domain AND domain.active=1

 Dovecot

 Package

dovecot22u-devel-2.2.35-1.ius.centos7.x86_64
dovecot22u-mysql-2.2.35-1.ius.centos7.x86_64
dovecot22u-pigeonhole-2.2.35-1.ius.centos7.x86_64
dovecot22u-2.2.35-1.ius.centos7.x86_64

 configure

1. /etc/dovecot/dovecot-master-users

2. /etc/dovecot/dovecot-mysql.conf

driver = mysql

default_pass_scheme = SHA512-CRYPT

connect = host=127.0.0.1 port=3306 dbname=vmail user=vmail password=*********

# Required by doveadm tools which require to list all mail users.

iterate_query = SELECT username AS user FROM mailbox

password_query = SELECT mailbox.password, mailbox.allow_nets \

        FROM mailbox,domain \

       WHERE mailbox.username='%u' \

             AND mailbox.`enable%Ls%Lc`=1 \

             AND mailbox.active=1 \

             AND mailbox.domain=domain.domain \

             AND domain.backupmx=0 \

             AND domain.active=1

user_query = SELECT \

            '%u' AS master_user, \

            CONCAT(mailbox.storagebasedirectory, '/', mailbox.storagenode, '/', mailbox.maildir) AS home, \

            CONCAT('*:bytes=', mailbox.quota*1048576) AS quota_rule \

        FROM mailbox,domain \

       WHERE mailbox.username='%u' \

             AND mailbox.`enable%Ls%Lc`=1 \

             AND mailbox.active=1 \

             AND mailbox.domain=domain.domain \

             AND domain.backupmx=0 \

             AND domain.active=1

3. /etc/dovecot/dovecot-share-folder.conf

connect = host=127.0.0.1 port=3306 dbname=vmail user=vmail password=********

map {

    pattern = shared/shared-boxes/user/$to/$from

    table = share_folder

    value_field = dummy

    fields {

        from_user = $from

        to_user = $to

    }

}

# To share mailbox to anyone, please uncomment 'acl_anyone = allow' in

# dovecot.conf

map {

    pattern = shared/shared-boxes/anyone/$from

    table = anyone_shares

    value_field = dummy

    fields {

        from_user = $from

    }

}

4. /etc/dovecot/dovecot-used-quota.conf

connect = host=127.0.0.1 port=3306 dbname=vmail user=vmail password=**********

map {

    pattern = priv/quota/storage

    table = used_quota

    username_field = username

    value_field = bytes

}

map {

    pattern = priv/quota/messages

    table = used_quota

    username_field = username

    value_field = messages

}

5. /etc/dovecot/dovecot.conf

# More details about Dovecot settings:

#   - http://wiki2.dovecot.org/

#   - http://wiki2.dovecot.org/Variables

# Listen addresses.

#   - '*' means all available IPv4 addresses.

#   - '[::]' means all available IPv6 addresses.

# Listen on all available addresses by default

listen = * [::]

#base_dir = /var/run/dovecot

mail_plugins = quota mailbox_alias acl mail_log notify stats

# Enabled mail protocols.

protocols = pop3 imap sieve lmtp

# User/group who owns the message files:

mail_uid = 2000

mail_gid = 2000

# Assign uid to virtual users.

first_valid_uid = 2000

last_valid_uid = 2000

# Logging. Reference: http://wiki2.dovecot.org/Logging

#

# Use syslog

#syslog_facility = local5

# Log file path if we use internal log system

log_path = /var/log/dovecot/dovecot.log

# Debug

#mail_debug = yes

#auth_verbose = yes

#auth_debug = yes

#auth_debug_passwords = yes

# Possible values: no, plain, sha1.

#auth_verbose_passwords = no

# SSL: Global settings.

# Refer to wiki site for per protocol, ip, server name SSL settings:

# http://wiki2.dovecot.org/SSL/DovecotConfiguration

ssl_protocols = !SSLv2 !SSLv3

ssl = required

verbose_ssl = no

#ssl_ca = </path/to/ca

ssl_cert = </etc/pki/dovecot/certs/dovecot.pem

ssl_key = </etc/pki/dovecot/private/dovecot.pem

# Fix 'The Logjam Attack'

ssl_cipher_list = ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5

# Dovecot 2.2.6 or greater:

# Specify the wanted DH parameters length

ssl_dh_parameters_length = 2048

ssl_prefer_server_ciphers = yes

# With disable_plaintext_auth=yes AND ssl=required, STARTTLS is mandatory.

# Set disable_plaintext_auth=no AND ssl=yes to allow plain password transmitted

# insecurely.

disable_plaintext_auth = yes

# Allow plain text password per IP address/net

#remote 192.168.0.0/24 {

#   disable_plaintext_auth = no

#}

# Mail location and mailbox format.

mail_location = maildir:%Lh/Maildir/:INDEX=%Lh/Maildir/

# Authentication related settings.

# Append this domain name if client gives empty realm.

#auth_default_realm = weschool.kr

# Authentication mechanisms.

auth_mechanisms = PLAIN LOGIN

# Limits the number of users that can be logging in at the same time.

# Default is 100. This can be overridden by `process_limit =` in

# `service [protocol]` block.

# e.g.

#       protocol imap-login {

#           ...

#           process_limit = 500

#       }

#default_process_limit = 100

# Mail delivery log format

deliver_log_format = from=%{from}, envelope_sender=%{from_envelope}, subject=%{subject}, msgid=%m, size=%{size}, %$

service auth {

    unix_listener /var/spool/postfix/private/dovecot-auth {

        user = postfix

        group = postfix

        mode = 0666

    }

    unix_listener auth-master {

        user = vmail

        group = vmail

        mode = 0666

    }

    unix_listener auth-userdb {

        user = vmail

        group = vmail

        mode = 0660

    }

}

# LMTP server (Local Mail Transfer Protocol).

# Reference: http://wiki2.dovecot.org/LMTP

service lmtp {

    user = vmail

    # For higher volume sites, it may be desirable to increase the number of

    # active listener processes. A range of 5 to 20 is probably good for most

    # sites.

    process_min_avail = 5

    # Logging.

    # Require 'log_path =' in 'protocol lmtp {}' block.

    executable = lmtp -L

    # Listening on socket file and TCP

    unix_listener /var/spool/postfix/private/dovecot-lmtp {

        user = postfix

        group = postfix

        mode = 0600

    }

    inet_listener lmtp {

        # Listen on localhost (ipv4)

        address = 127.0.0.1

        port = 24

    }

}

# Virtual mail accounts.

userdb {

    args = /etc/dovecot/dovecot-mysql.conf

    driver = sql

}

passdb {

    args = /etc/dovecot/dovecot-mysql.conf

    driver = sql

}

# Master user.

# Master users are able to log in as other users. It's also possible to

# directly log in as any user using a master password, although this isn't

# recommended.

# Reference: http://wiki2.dovecot.org/Authentication/MasterUsers

auth_master_user_separator = *

passdb {

    driver = passwd-file

    args = /etc/dovecot/dovecot-master-users

    master = yes

}

plugin {

    # Quota configuration.

    # Reference: http://wiki2.dovecot.org/Quota/Configuration

    quota = dict:user::proxy::quotadict

    # Set default quota rule if no quota returned from SQL/LDAP query.

    #quota_rule = *:storage=1G

    #quota_rule2 = *:messages=0

    #quota_rule3 = Trash:storage=1G

    #quota_rule4 = Junk:ignore

    # Quota warning.

    #

    # If user suddenly receives a huge mail and the quota jumps from

    # 85% to 95%, only the 95% script is executed.

    #

    # Only the command for the first exceeded limit is executed, so configure

    # the highest limit first.

    quota_warning = storage=100%% quota-warning 100 %u

    quota_warning2 = storage=95%% quota-warning 95 %u

    quota_warning3 = storage=90%% quota-warning 90 %u

    quota_warning4 = storage=85%% quota-warning 85 %u

    # allow user to become max 10% (or 50 MB) over quota

    quota_grace = 10%%

    #quota_grace = 50 M

    # Custom Quota Exceeded Message.

    # You can specify the message directly or read the message from a file.

    #quota_exceeded_message = Quota exceeded, please try again later.

    #quota_exceeded_message = </path/to/quota_exceeded_message.txt

    # Plugin: expire.

    #expire = Trash 7 Trash/* 7 Junk 30

    #expire_dict = proxy::expire

    # ACL and share folder

    acl = vfile

    acl_shared_dict = proxy::acl

    # By default Dovecot doesn't allow using the IMAP "anyone" or

    # "authenticated" identifier, because it would be an easy way to spam

    # other users in the system. If you wish to allow it,

    #acl_anyone = allow

    # Pigeonhole managesieve service.

    # Reference: http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration

    # Per-user sieve settings.

    sieve_dir = %Lh/sieve

    sieve = %Lh/sieve/dovecot.sieve

    # Global sieve settings.

    sieve_global_dir = /var/vmail/sieve

    # Note: if user has personal sieve script, global sieve rules defined in

    #       sieve_default will be ignored. Please use sieve_before or

    #       sieve_after instead.

    #sieve_default =

    sieve_before = /var/vmail/sieve/dovecot.sieve

    #sieve_after =

    # The maximum number of redirect actions that can be performed during a

    # single script execution.

    # The meaning of 0 differs based on your version. For pigeonhole-0.3.0 and

    # beyond this means that redirect is prohibited. For older versions,

    # however, this means that the number of redirects is unlimited.

    sieve_max_redirects = 30

    # Reference: http://wiki2.dovecot.org/Plugins/MailboxAlias

    mailbox_alias_old = Sent

    mailbox_alias_new = Sent Messages

    mailbox_alias_old2 = Sent

    mailbox_alias_new2 = Sent Items

        # Events to log. `autoexpunge` is included in `expunge`

    # Defined in https://github.com/dovecot/core/blob/master/src/plugins/mail-log/mail-log-plugin.c

    mail_log_events = delete undelete expunge mailbox_delete mailbox_rename

    mail_log_fields = uid box msgid size from subject

    # stats

    #

    # how often to session statistics (must be set)

    stats_refresh = 30 secs

    # track per-IMAP command statistics (optional)

    stats_track_cmds = yes

}

service stats {

    fifo_listener stats-mail {

        user = vmail

        mode = 0644

    }

    inet_listener {

        address = 127.0.0.1

        port = 24242

    }

}

service quota-warning {

    executable = script /usr/local/bin/dovecot-quota-warning.sh

    unix_listener quota-warning {

        user = vmail

        group = vmail

        mode = 0660

    }

}

service dict {

    unix_listener dict {

        mode = 0660

        user = vmail

        group = vmail

    }

}

dict {

    #expire = db:/var/lib/dovecot/expire/expire.db

    quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf

    acl = mysql:/etc/dovecot/dovecot-share-folder.conf

}

protocol lda {

    # Reference: http://wiki2.dovecot.org/LDA

    mail_plugins = $mail_plugins sieve

    lda_mailbox_autocreate = yes

    lda_mailbox_autosubscribe = yes

    postmaster_address = root

    # Log file path if we use internal log system

    #log_path = /var/log/dovecot/sieve.log

}

protocol lmtp {

    # Log file path if we use internal log system

    #log_path = /var/log/dovecot/lmtp.log

    # Plugins

    mail_plugins = quota sieve

    postmaster_address = postmaster

    # Address extension delivery

    lmtp_save_to_detail_mailbox = yes

    recipient_delimiter = +

}

protocol imap {

    mail_plugins = $mail_plugins imap_quota imap_acl imap_stats

    imap_client_workarounds = tb-extra-mailbox-sep

    # Maximum number of IMAP connections allowed for a user from each IP address.

    # NOTE: The username is compared case-sensitively.

    # Default is 10.

    # Increase it to avoid issue like below:

    # "Maximum number of concurrent IMAP connections exceeded"

    mail_max_userip_connections = 30

}

protocol pop3 {

    mail_plugins = $mail_plugins

    pop3_client_workarounds = outlook-no-nuls oe-ns-eoh

    pop3_uidl_format = %08Xu%08Xv

    # Maximum number of IMAP connections allowed for a user from each IP address.

    # NOTE: The username is compared case-sensitively.

    # Default is 10.

    mail_max_userip_connections = 30

    # POP3 logout format string:

    #  %i - total number of bytes read from client

    #  %o - total number of bytes sent to client

    #  %t - number of TOP commands

    #  %p - number of bytes sent to client as a result of TOP command

    #  %r - number of RETR commands

    #  %b - number of bytes sent to client as a result of RETR command

    #  %d - number of deleted messages

    #  %m - number of messages (before deletion)

    #  %s - mailbox size in bytes (before deletion)

    # Default format doesn't have 'in=%i, out=%o'.

    #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s, in=%i, out=%o

}

# Login processes. Refer to Dovecot wiki for more details:

# http://wiki2.dovecot.org/LoginProcess

service imap-login {

    #inet_listener imap {

    #    port = 143

    #}

    #inet_listener imaps {

    #    port = 993

    #    ssl = yes

    #}

    service_count = 1

    # To avoid startup latency for new client connections, set process_min_avail

    # to higher than zero. That many idling processes are always kept around

    # waiting for new connections.

    #process_min_avail = 0

    # number of simultaneous IMAP connections

    process_limit = 500

    # vsz_limit should be fine at its default 64MB value

    #vsz_limit = 64M

}

service pop3-login {

    #inet_listener pop3 {

    #    port = 110

    #}

    #inet_listener pop3s {

    #    port = 995

    #    ssl = yes

    #}

    service_count = 1

    # number of simultaneous POP3 connections

    #process_limit = 500

}

service managesieve-login {

    inet_listener sieve {

        # Listen on localhost (ipv4)

        address = 127.0.0.1

        port = 4190

    }

}

namespace {

    type = private

    separator = /

    prefix =

    inbox = yes

    # Refer to document for more details about alias mailbox:

    # http://wiki2.dovecot.org/MailboxSettings

    #

    # Sent

    mailbox Sent {

        auto = subscribe

        special_use = \Sent

    }

    mailbox "Sent Messages" {

        auto = no

        special_use = \Sent

    }

    mailbox "Sent Items" {

        auto = no

        special_use = \Sent

    }

    mailbox Drafts {

        auto = subscribe

        special_use = \Drafts

    }

        # Trash

    mailbox Trash {

        auto = subscribe

        special_use = \Trash

    }

    mailbox "Deleted Messages" {

        auto = no

        special_use = \Trash

    }

    # Junk

    mailbox Junk {

        auto = subscribe

        special_use = \Junk

    }

    mailbox Spam {

        auto = no

        special_use = \Junk

    }

    mailbox "Junk E-mail" {

        auto = no

        special_use = \Junk

    }

    # Archive

    mailbox Archive {

        auto = no

        special_use = \Archive

    }

    mailbox Archives {

        auto = no

        special_use = \Archive

    }

}

namespace {

    type = shared

    separator = /

    prefix = Shared/%%u/

    location = maildir:%%Lh/Maildir/:INDEX=%%Lh/Maildir/Shared/%%Ld/%%Ln

    # this namespace should handle its own subscriptions or not.

    subscriptions = yes

    list = children

}

# Public mailboxes.

# Refer to Dovecot wiki page for more details:

# http://wiki2.dovecot.org/SharedMailboxes/Public

#namespace {

#    type = public

#    separator = /

#    prefix = Public/

#    location = maildir:/var/vmail/public:CONTROL=%Lh/Maildir/public:INDEXPVT=%Lh/Maildir/public

#

#    # Allow users to subscribe to the public folders.

#    subscriptions = yes

#}

!include_try /etc/dovecot/iredmail/*.conf

 MariaDB

 Package

mariadb101u-embedded-devel-10.1.32-1.ius.centos7.x86_6
mariadb101u-server-galera-10.1.32-1.ius.centos7.x86_64
mariadb101u-10.1.32-1.ius.centos7.x86_64
mariadb101u-config-10.1.32-1.ius.centos7.x86_64

mariadb101u-libs-10.1.32-1.ius.centos7.x86_64

mariadb101u-devel-10.1.32-1.ius.centos7.x86_64

mariadb101u-test-10.1.32-1.ius.centos7.x86_64

 configure

1. /etc/my.cnf  

#

# This group is read both both by the client and the server

# use it for options that affect everything

#

[client-server]

#

# This group is read by the server

#

[mysqld]

 bind-address            = 0.0.0.0

 port                    = 3306

 collation-server        = utf8mb4_general_ci

 character-set-server    = utf8mb4

 skip-character-set-client-handshake

 max_allowed_packet      = 32M

 slow_query_log

 long_query_time         = 2

# 모든 쿼리 로그를 남깁니다.

 general_log = 1

 general_log_file = /var/log/mariadb/mysql_query.log

 expire_logs_days = 2

 max_binlog_size = 10M

# Disabling symbolic-links is recommended to prevent assorted security risks

 symbolic-links=0

#ssl-ca =

#ssl-cert = /etc/pki/tls/certs/iRedMail.crt

#ssl-key = /etc/pki/tls/private/iRedMail.key

#ssl-cipher = ALL

[client]

default-character-set=utf8

#

# include all files from the config directory

#

 !includedir /etc/my.cnf.d

 Roundcube

&

Gnuboard
&
wmail

 Package

      gnuboard5.3.1.4.tar.gz

      Roundcube Webmail 1.3.5

      wmail 1.1

 * 기본판(liroo.net 모델 ==> 

web3.vol1.egg

web3.vol2.egg

web3.vol3.egg

web3.vol4.egg

 configure

1. gnuboard configuration

/data/dbconfig.php   ---> DB 접속 정보 설정.

2. Roundcube configuration

[html/rmail/config/config.inc.php]

<?php

// SQL DATABASE

$config['db_dsnw'] = 'mysqli://DB_ID:DB_PW@127.0.0.1:3306/web1';

$config['db_prefix'] = 'lr_';

// LOGGING

$config['log_driver'] = 'syslog';

$config['syslog_facility'] = LOG_MAIL;

// IMAP

$config['default_host'] = '127.0.0.1';

$config['default_port'] = 143;

$config['imap_auth_type'] = 'LOGIN';

$config['imap_delimiter'] = '/';

// Required if you're running PHP 5.6 or later

$config['imap_conn_options'] = array(

    'ssl' => array(

        'verify_peer'  => false,

        'verify_peer_name' => false,

    ),

);

// SMTP

$config['smtp_server'] = 'tls://127.0.0.1';

$config['smtp_port'] = 587;

$config['smtp_user'] = '%u';

$config['smtp_pass'] = '%p';

$config['smtp_auth_type'] = 'LOGIN';

// Required if you're running PHP 5.6 or later

$config['smtp_conn_options'] = array(

    'ssl' => array(

        'verify_peer'      => false,

        'verify_peer_name' => false,

    ),

);

// Use user's identity as envelope sender for 'return receipt' responses,

// otherwise it will be rejected by iRedAPD plugin `reject_null_sender`.

$config['mdn_use_from'] = true;

// SYSTEM

$config['force_https'] = false;

$config['login_autocomplete'] = 2;

$config['ip_check'] = true;

$config['des_key'] = 'GyxjqQ7kaD5dqsq7HAB3Ab0g';

$config['cipher_method'] = 'AES-256-CBC';

$config['useragent'] = 'Narae Webmail'; // Hide version number

$config['username_domain'] = 'weschool.kr';

//$config['mime_types'] = '/etc/mime.types';

// USER INTERFACE

$config['create_default_folders'] = true;

$config['quota_zero_as_unlimited'] = true;

// USER PREFERENCES

$config['default_charset'] = 'UTF-8';

//$config['addressbook_sort_col'] = 'name';

$config['draft_autosave'] = 60;

$config['default_list_mode'] = 'threads';

$config['autoexpand_threads'] = 2;

$config['check_all_folders'] = true;

$config['default_font_size'] = '12pt';

$config['message_show_email'] = true;

$config['layout'] = 'widescreen';   // three columns

//$config['skip_deleted'] = true;

// PLUGINS

$config['plugins'] = array('managesieve', 'password', 'enigma', 'large_attachments');

//max mail attach file size

$config['max_attach_size'] = 31457280;

//logout url

$config['logout_url'] = '/bbs/logout.php';

[/html/rmail/plugins/large_attachments/config.inc.php]

<?php

//file upload directory

$config['large_upload_path']= '/data/webmaster/web1/data/upload/';

$config['large_extensions']= [];

$config['large_multiselect'] = false;

?>

3. wmail configuration

[/data/webmaster/web1/data/db.conf]

db=mysql

host=localhost

port=

dbname=DB

user=DB_user

passwd=DB_pw

[/data/webmaster/web1/data/vmail.conf]

db=mysql

host=localhost

port=

dbname=vmail

user=vmail_DB_user

passwd=vmail_DB_pw

 Certbot

 Package

python2-certbot-0.26.1-2.el7.noarch
certbot-0.26.1-2.el7.noarch
python2-certbot-nginx-0.26.1-1.el7.noarch

 configure

/etc/letsencrypt