1. 서비스 구성 환경 및 버전.
[설치 패키지] --> 기본 경로, Document (/home/webmaster/web1/html) , vmail (/Disk1/vmail)
패키지 |
버전 및 항목 |
|
Nginx |
Package | nginx-mod-mail-1.12.2-2.el7.x86_64 nginx-mod-http-image-filter-1.12.2-2.el7.x86_64 php72u-fpm-nginx-7.2.9-1.ius.centos7.noarch nginx-filesystem-1.12.2-2.el7.noarch nginx-mod-http-geoip-1.12.2-2.el7.x86_64 nginx-mod-http-xslt-filter-1.12.2-2.el7.x86_64 nginx-1.12.2-2.el7.x86_64 nginx-all-modules-1.12.2-2.el7.noarch python2-certbot-nginx-0.26.1-1.el7.noarch nginx-mod-http-perl-1.12.2-2.el7.x86_64 nginx-mod-stream-1.12.2-2.el7.x86_64 |
configure | 1. /etc/nginx/conf.d/web1.conf
server {
## Configuration ################################################## listen 80; client_max_body_size 2048M; server_name U.domain.com; root /home/webmaster/web1/html; access_log /home/webmaster/web1/logs/access.log; location / { index index.html index.htm index.php; } error_page 403 404 500 502 503 504 /error.html; location = /error.html { } location ~ \.php$ { fastcgi_pass php-fpm; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } } 2. /etc/nginx/conf.d/php-fpm.conf # PHP-FPM FastCGI server # network or unix domain socket configuration upstream php-fpm { #server 127.0.0.1:9000; server unix:/run/php-fpm/www.sock; } |
|
PHP-FPM |
Package | php72u-xml-7.2.9-1.ius.centos7.x86_64 php72u-fpm-nginx-7.2.9-1.ius.centos7.noarch php72u-mbstring-7.2.9-1.ius.centos7.x86_64 php72u-imap-7.2.9-1.ius.centos7.x86_64 php72u-fpm-7.2.9-1.ius.centos7.x86_64 php72u-json-7.2.9-1.ius.centos7.x86_64 php72u-pdo-7.2.9-1.ius.centos7.x86_64 php72u-opcache-7.2.9-1.ius.centos7.x86_64 php72u-common-7.2.9-1.ius.centos7.x86_64 php72u-gd-7.2.9-1.ius.centos7.x86_64 php72u-intl-7.2.9-1.ius.centos7.x86_64 php72u-mysqlnd-7.2.9-1.ius.centos7.x86_64 php72u-pecl-apcu-5.1.11-1.ius.centos7.x86_64 |
configure | 1. /etc/php.ini ---> 메일서비스를 위해 세팅된 내용으로 disable_funcions 기능을 제한하지 않았음. [PHP] engine = On short_open_tag = Off precision = 14 output_buffering = 4096 zlib.output_compression = Off implicit_flush = Off unserialize_callback_func = serialize_precision = -1 disable_functions = disable_classes = zend.enable_gc = On expose_php = On max_execution_time = 30 max_input_time = 3600 memory_limit = 5120M error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT display_errors = Off display_startup_errors = Off log_errors = On log_errors_max_len = 1024 ignore_repeated_errors = Off ignore_repeated_source = Off report_memleaks = On track_errors = Off html_errors = On variables_order = "GPCS" request_order = "GP" register_argc_argv = Off auto_globals_jit = On post_max_size = 4096M auto_prepend_file = auto_append_file = default_mimetype = "text/html" default_charset = "UTF-8" doc_root = user_dir = enable_dl = Off file_uploads = On upload_tmp_dir = /tmp upload_max_filesize = 3072M max_file_uploads = 20 allow_url_fopen = On allow_url_include = Off default_socket_timeout = 60 [CLI Server] cli_server.color = On [Date] date.timezone = Asia/Seoul; [filter] [iconv] [intl] [sqlite3] [Pcre] pcre.jit=0 [Pdo] [Pdo_mysql] pdo_mysql.cache_size = 2000 pdo_mysql.default_socket= [Phar] [mail function] sendmail_path = /usr/sbin/sendmail -t -i mail.add_x_header = On [ODBC] odbc.allow_persistent = On odbc.check_persistent = On odbc.max_persistent = -1 odbc.max_links = -1 odbc.defaultlrl = 4096 odbc.defaultbinmode = 1 [Interbase] ibase.allow_persistent = 1 ibase.max_persistent = -1 ibase.max_links = -1 ibase.timestampformat = "%Y-%m-%d %H:%M:%S" ibase.dateformat = "%Y-%m-%d" ibase.timeformat = "%H:%M:%S" [MySQLi] mysqli.max_persistent = -1 mysqli.allow_persistent = On mysqli.max_links = -1 mysqli.cache_size = 2000 mysqli.default_port = 3306 mysqli.default_socket = mysqli.default_host = mysqli.default_user = mysqli.default_pw = mysqli.reconnect = Off [mysqlnd] mysqlnd.collect_statistics = On mysqlnd.collect_memory_statistics = Off [PostgreSQL] pgsql.allow_persistent = On pgsql.auto_reset_persistent = Off pgsql.max_persistent = -1 pgsql.max_links = -1 pgsql.ignore_notice = 0 pgsql.log_notice = 0 [bcmath] bcmath.scale = 0 [browscap] [Session] session.save_handler = files session.use_strict_mode = 0 session.use_cookies = 1 session.use_only_cookies = 1 session.name = PHPSESSID session.auto_start = 0 session.cookie_lifetime = 0 session.cookie_path = / session.cookie_domain = session.cookie_httponly = session.serialize_handler = php session.gc_probability = 1 session.gc_divisor = 1000 session.gc_maxlifetime = 1440 session.referer_check = session.cache_limiter = nocache session.cache_expire = 180 session.use_trans_sid = 0 session.sid_length = 26 session.trans_sid_tags = "a=href,area=href,frame=src,form=" session.sid_bits_per_character = 5 [Assertion] zend.assertions = -1 [mbstring] [gd] [exif] [Tidy] tidy.clean_output = Off [soap] soap.wsdl_cache_enabled=1 soap.wsdl_cache_dir="/tmp" soap.wsdl_cache_ttl=86400 soap.wsdl_cache_limit = 5 [sysvshm] [ldap] ldap.max_links = -1 [dba] [curl] [openssl] 2. /etc/php-fpm.d/www.conf ---> 서비스 환경 설정 ;listen = 127.0.0.1:9000 listen = /run/php-fpm/www.sock listen.acl_users = nginx
|
|
Postfix |
Package | postfix32u-mysql-3.2.5-2.ius.centos7.x86_64 postfix32u-sqlite-3.2.5-2.ius.centos7.x86_64 postfix32u-debuginfo-3.2.5-2.ius.centos7.x86_64 postfix32u-3.2.5-2.ius.centos7.x86_64 postfix32u-cdb-3.2.5-2.ius.centos7.x86_64 postfix32u-perl-scripts-3.2.5-2.ius.centos7.x86_64 postfix32u-pcre-3.2.5-2.ius.centos7.x86_64 postfix32u-ldap-3.2.5-2.ius.centos7.x86_64 postfix32u-pgsql-3.2.5-2.ius.centos7.x86_64 |
configure |
1. /etc/postfix/main.cf # -------------------- # INSTALL-TIME CONFIGURATION INFORMATION # # location of the Postfix queue. Default is /var/spool/postfix. queue_directory = /var/spool/postfix # location of all postXXX commands. Default is /usr/sbin. command_directory = /usr/sbin # location of all Postfix daemon programs (i.e. programs listed in the # master.cf file). This directory must be owned by root. # Default is /usr/libexec/postfix daemon_directory = /usr/libexec/postfix # location of Postfix-writable data files (caches, random numbers). # This directory must be owned by the mail_owner account (see below). # Default is /var/lib/postfix. data_directory = /var/lib/postfix # owner of the Postfix queue and of most Postfix daemon processes. # Specify the name of a user account THAT DOES NOT SHARE ITS USER OR GROUP ID # WITH OTHER ACCOUNTS AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. # In particular, don't specify nobody or daemon. PLEASE USE A DEDICATED USER. # Default is postfix. mail_owner = postfix # The following parameters are used when installing a new Postfix version. # # sendmail_path: The full pathname of the Postfix sendmail command. # This is the Sendmail-compatible mail posting interface. # sendmail_path = /usr/sbin/sendmail.postfix # newaliases_path: The full pathname of the Postfix newaliases command. # This is the Sendmail-compatible command to build alias databases. # newaliases_path = /usr/bin/newaliases.postfix # full pathname of the Postfix mailq command. This is the Sendmail-compatible # mail queue listing command. mailq_path = /usr/bin/mailq.postfix # group for mail submission and queue management commands. # This must be a group name with a numerical group ID that is not shared with # other accounts, not even with the Postfix account. setgid_group = postdrop # external command that is executed when a Postfix daemon program is run with # the -D option. # # Use "command .. & sleep 5" so that the debugger can attach before # the process marches on. If you use an X-based debugger, be sure to # set up your XAUTHORITY environment variable before starting Postfix. # debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 debug_peer_level = 2 # -------------------- # CUSTOM SETTINGS # # SMTP server response code when recipient or domain not found. unknown_local_recipient_reject_code = 550 # Do not notify local user. biff = no # Disable the rewriting of "site!user" into "user@site". swap_bangpath = no # Disable the rewriting of the form "user%domain" to "user@domain". allow_percent_hack = no # Allow recipient address start with '-'. allow_min_user = no # Disable the SMTP VRFY command. This stops some techniques used to # harvest email addresses. disable_vrfy_command = yes # Enable both IPv4 and/or IPv6: ipv4, ipv6, all. inet_protocols = all # Enable all network interfaces. inet_interfaces = all # # TLS settings. # # SSL key, certificate, CA # smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem #smtpd_tls_CAfile = /etc/pki/tls/certs/iRedMail.crt #smtpd_tls_CApath = /etc/pki/tls/certs # # Disable SSLv2, SSLv3 # smtpd_tls_protocols = !SSLv2 !SSLv3 smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3 smtp_tls_protocols = !SSLv2 !SSLv3 smtp_tls_mandatory_protocols = !SSLv2 !SSLv3 lmtp_tls_protocols = !SSLv2 !SSLv3 lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3 # # Fix 'The Logjam Attack'. # smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA smtpd_tls_dh512_param_file = /etc/pki/tls/dh512_param.pem smtpd_tls_dh1024_param_file = /etc/pki/tls/dh2048_param.pem tls_random_source = dev:/dev/urandom # Log only a summary message on TLS handshake completion — no logging of client # certificate trust-chain verification errors if client certificate # verification is not required. With Postfix 2.8 and earlier, log the summary # message, peer certificate summary information and unconditionally log # trust-chain verification errors. smtp_tls_loglevel = 1 smtpd_tls_loglevel = 1 # Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do # not require that clients use TLS encryption. smtpd_tls_security_level = may # Produce `Received:` message headers that include information about the # protocol and cipher used, as well as the remote SMTP client CommonName and # client certificate issuer CommonName. # This is disabled by default, as the information may be modified in transit # through other mail servers. Only information that was recorded by the final # destination can be trusted. #smtpd_tls_received_header = yes # Opportunistic TLS, used when Postfix sends email to remote SMTP server. # Use TLS if this is supported by the remote SMTP server, otherwise use # plaintext. # References: # - http://www.postfix.org/TLS_README.html#client_tls_may # - http://www.postfix.org/postconf.5.html#smtp_tls_security_level smtp_tls_security_level = may # Use the same CA file as smtpd. smtp_tls_CApath = /etc/pki/tls/certs smtp_tls_CAfile = $smtpd_tls_CAfile smtp_tls_note_starttls_offer = yes # Enable long, non-repeating, queue IDs (queue file names). # The benefit of non-repeating names is simpler logfile analysis and easier # queue migration (there is no need to run "postsuper" to change queue file # names that don't match their message file inode number). #enable_long_queue_ids = yes # Reject unlisted sender and recipient smtpd_reject_unlisted_recipient = yes smtpd_reject_unlisted_sender = yes # Header and body checks with PCRE table #header_checks = pcre:/etc/postfix/header_checks #body_checks = pcre:/etc/postfix/body_checks.pcre # A mechanism to transform commands from remote SMTP clients. # This is a last-resort tool to work around client commands that break # interoperability with the Postfix SMTP server. Other uses involve fault # injection to test Postfix's handling of invalid commands. # Requires Postfix-2.7+. #smtpd_command_filter = pcre:/etc/postfix/command_filter.pcre # HELO restriction smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated check_helo_access pcre:/etc/postfix/helo_access.pcre reject_non_fqdn_helo_hostname reject_unknown_helo_hostname # Sender restrictions smtpd_sender_restrictions = #reject_unknown_sender_domain reject_non_fqdn_sender reject_unlisted_sender permit_mynetworks permit_sasl_authenticated check_sender_access pcre:/etc/postfix/sender_access.pcre # Recipient restrictions smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_unlisted_recipient #check_policy_service inet:127.0.0.1:7777 permit_mynetworks permit_sasl_authenticated reject_unauth_destination # END-OF-MESSAGE restrictions # smtpd_end_of_data_restrictions = # check_policy_service inet:127.0.0.1:7777 # Data restrictions smtpd_data_restrictions = reject_unauth_pipelining proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps # Avoid duplicate recipient messages. Default is 'yes'. enable_original_recipient = no # Virtual support. virtual_minimum_uid = 2000 virtual_uid_maps = static:2000 virtual_gid_maps = static:2000 virtual_mailbox_base = /Disk1/vmail # Do not set virtual_alias_domains. virtual_alias_domains = # # Enable SASL authentication on port 25 and force TLS-encrypted SASL authentication. # WARNING: NOT RECOMMENDED to enable smtp auth on port 25, all end users should # be forced to submit email through port 587 instead. # smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_tls_auth_only = no # hostname myhostname = smtp.mailu.kr myorigin = smtp.mailu.kr mydomain = smtp.mailu.kr # trusted SMTP clients which are allowed to relay mail through Postfix. # # Note: additional IP addresses/networks listed in mynetworks should be listed # in iRedAPD setting 'MYNETWORKS' (in `/opt/iredapd/settings.py`) too. # for example: # # MYNETWORKS = ['xx.xx.xx.xx', 'xx.xx.xx.0/24', ...] # mynetworks = 127.0.0.1 [::1]
# Accepted local emails mydestination = $myhostname, localhost, localhost.localdomain alias_maps = hash:/etc/postfix/aliases alias_database = hash:/etc/postfix/aliases # Default message_size_limit. message_size_limit = 524288000 mailbox_size_limit = 629145600 # The set of characters that can separate a user name from its extension # (example: user+foo), or a .forward file name from its extension (example: # .forward+foo). # Postfix 2.11 and later supports multiple characters. recipient_delimiter = + # The time after which the sender receives a copy of the message headers of # mail that is still queued. Default setting is disabled (0h) by Postfix. #delay_warning_time = 1h # # Lookup virtual mail accounts # transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf proxy:mysql:/etc/postfix/mysql/transport_maps_maillist.cf proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf sender_dependent_relayhost_maps = proxy:mysql:/etc/postfix/mysql/sender_dependent_relayhost_maps.cf # Lookup table with the SASL login names that own the sender (MAIL FROM) addresses. smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf relay_domains = $mydestination proxy:mysql:/etc/postfix/mysql/relay_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf proxy:mysql:/etc/postfix/mysql/catchall_maps.cf proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf # # Postscreen # postscreen_greet_action = drop postscreen_blacklist_action = drop postscreen_dnsbl_action = drop postscreen_dnsbl_threshold = 2 postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[2..11]*3 b.barracudacentral.org=127.0.0.2*2 postscreen_dnsbl_reply_map = texthash:/etc/postfix/postscreen_dnsbl_reply postscreen_access_list = permit_mynetworks cidr:/etc/postfix/postscreen_access.cidr # Require Postfix-2.11+ #postscreen_dnsbl_whitelist_threshold = -2 # # Dovecot SASL support. # smtpd_sasl_type = dovecot smtpd_sasl_path = private/dovecot-auth virtual_transport = dovecot dovecot_destination_recipient_limit = 1 # # mlmmj - mailing list manager # #mlmmj_destination_recipient_limit = 1 # # Amavisd + SpamAssassin + ClamAV # #content_filter = smtp-amavis:[127.0.0.1]:10024 # Concurrency per recipient limit. #smtp-amavis_destination_recipient_limit = 1 meta_directory = /etc/postfix sample_directory = /usr/share/doc/postfix32u-3.2.5/samples readme_directory = /usr/share/doc/postfix32u-3.2.5/README_FILES manpage_directory = /usr/share/man html_directory = no shlib_directory = /usr/lib64/postfix 2. /etc/master.cf # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== #smtp inet n - - - - smtpd smtp inet n - n - 1 postscreen smtpd pass - - n - - smtpd dnsblog unix - - n - 0 dnsblog tlsproxy unix - - n - 0 tlsproxy #submission inet n - n - - smtpd # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #smtps inet n - n - - smtpd # -o syslog_name=postfix/smtps # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - n - - qmqpd pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # #maildrop unix - n n - - pipe # flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} # # ==================================================================== # # Recent Cyrus versions can use the existing "lmtp" master.cf entry. # # Specify in cyrus.conf: # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 # # Specify in main.cf one or more of the following: # mailbox_transport = lmtp:inet:localhost # virtual_transport = lmtp:inet:localhost # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # # Old example of delivery via Cyrus. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # #uucp unix - n n - - pipe # flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # ==================================================================== # # Other external delivery methods. # #ifmail unix - n n - - pipe # flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) # #bsmtp unix - n n - - pipe # flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient # #scalemail-backend unix - n n - 2 pipe # flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store # ${nexthop} ${user} ${extension} # #mailman unix - n n - - pipe # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py # ${nexthop} ${user} # Submission, port 587, force TLS connection. submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject #-o content_filter=smtp-amavis:[127.0.0.1]:10026 # Use dovecot's `deliver` program as LDA. dovecot unix - n n - - pipe flags=DRh user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${domain} -m ${extension} # mlmmj - mailing list manager # ${nexthop} is '%d/%u' in transport ('mlmmj:%d/%u') #mlmmj unix - n n - - pipe # flags=ORhu user=mlmmj:mlmmj argv=/usr/bin/mlmmj-amime-receive -L /var/vmail/mlmmj/${nexthop} # Amavisd integration. #smtp-amavis unix - - n - 1 smtp # -o syslog_name=postfix/amavis # -o smtp_data_done_timeout=1200 # -o smtp_send_xforward_command=yes # -o disable_dns_lookups=yes # -o max_use=20 127.0.0.1:10025 inet n - n - - smtpd -o syslog_name=postfix/10025 -o content_filter= -o mynetworks_style=host -o mynetworks=127.0.0.0/8 -o local_recipient_maps= -o relay_recipient_maps= -o strict_rfc821_envelopes=yes -o smtp_tls_security_level=none -o smtpd_tls_security_level=none -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_end_of_data_restrictions= -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings 3. /etc/postfix/body_checks.pcre 4. /etc/postfix/helo_access.pcre
#--------------------------------------------------------------------- # This file is part of iRedMail, which is an open source mail server # solution for Red Hat(R) Enterprise Linux, CentOS, Debian and Ubuntu. # # iRedMail is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # iRedMail is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with iRedMail. If not, see <http://www.gnu.org/licenses/>. #--------------------------------------------------------------------- # # Sample Postfix check_helo_access rule. It should be located at: # /etc/postfix/check_helo_access.pcre # # Shipped within iRedMail project: # * http://www.iredmail.org/ # Prepend HELO hostname of sender server #/(.*)/ PREPEND X-Original-Helo: $1 (iRedMail: http://www.iredmail.org/) # No one will use these in helo command. /^(localhost)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /^(localhost.localdomain)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(\.local)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) # Reject who use IP address as helo. # Correct: [xxx.xxx.xxx.xxx] # Incorrect: xxx.xxx.xxx.xxx /^([0-9\.]+)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (${1}) # # This is the real HELO identify of these ISPs: # sohu.com websmtp.sohu.com relay2nd.mail.sohu.com # 126.com m15-78.126.com # 163.com m31-189.vip.163.com m13-49.163.com # sina.com mail2-209.sinamail.sina.com.cn # gmail.com xx-out-NNNN.google.com /^(126\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1}) /^(163\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1}) /^(163\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1}) /^(sohu\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1}) /^(gmail\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1}) /^(google\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1}) /^(yahoo\.com\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1}) /^(yahoo\.co\.jp)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server seems to be impersonating another mail server (${1}) # # Spammers. # /^(728154EA470B4AA\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(taj-co\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(CF8D3DB045C1455\.net)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(dsgsfdg\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(se\.nit7-ngbo\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(mail\.goo\.ne\.jp)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(n-ong_an\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(meqail\.teamefs-ine5tl\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(zzg\.jhf-sp\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(din_glo-ng\.net)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(fda-cnc\.ie\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(yrtaj-yrco\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(m\.am\.biz\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(xr_haig\.roup\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(hjn\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(we_blf\.com\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(netvigator\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(mysam\.biz)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(mail\.teams-intl\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(seningbo\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(nblf\.com\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(kdn\.ktguide\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(zzsp\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(nblongan\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(dpu\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(nbalton\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(cncie\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(xinhaigroup\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(wz\.com)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /(\.zj\.cn)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /(\.kornet)$/ REJECT ACCESS DENIED. Your email was rejected because it appears to come from a known spamming mail server (${1}) /^(dsldevice\.lan)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /^(system\.mail)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /^(speedtouch\.lan)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /^(dsldevice\.lan)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) # # Reject adsl spammers. # # match word `adsl` with word boundary `\b`. /(\badsl\b)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1}) # bypass "[IP_ADDRESS]" /^\[(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\]$/ DUNNO # bypass some HELOs which contains IP address /^o\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}\.outbound-mail\.sendgrid\.net$/ DUNNO # reject HELO which contains IP address /(\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3}[\.-]\d{1,3})/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1}) /(\d{1,3}\.ip\.-\d{1,3}-\d{1,3}-\d{1,3}\.eu)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1}) /(pppoe)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1}) /(dsl\.brasiltelecom\.net\.br)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1}) /(dsl\.optinet\.hr)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1}) /(dsl\.telesp\.net\.br)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1}) /(dialup)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1}) /(dhcp)/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1}) /(static-pool-[\d\.-]*\.flagman\.zp\.ua)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1}) /(speedy\.com\.ar)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1}) /(speedyterra\.com\.br)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1}) /(static\.sbb\.rs)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1}) /(static\.vsnl\.net\.in)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server appears to be on a dynamic IP address that should not be doing direct mail delivery (${1}) /(advance\.com\.ar)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(airtelbroadband\.in)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(bb\.netvision\.net\.il)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(broadband3\.iol\.cz)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(cable\.net\.co)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(catv\.broadband\.hu)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(chello\.nl)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(chello\.sk)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(client\.mchsi\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(comunitel\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(coprosys\.cz)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(dclient\.hispeed\.ch)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(dip0\.t-ipconnect\.de)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(domain\.invalid)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(dyn\.centurytel\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(embarqhsd\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(emcali\.net\.co)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(epm\.net\.co)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(eutelia\.it)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(fibertel\.com\.ar)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(freedom2surf\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(hgcbroadband\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(HINET-IP\.hinet\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(infonet\.by)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(is74\.ru)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(kievnet\.com\.ua)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(metrotel\.net\.co)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(nw\.nuvox\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(pldt\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(pool\.invitel\.hu)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(pool\.ukrtel\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(pools\.arcor-ip\.net)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(pppoe\.avangarddsl\.ru)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(retail\.telecomitalia\.it)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(revip2\.asianet\.co\.th)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(tim\.ro)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(tsi\.tychy\.pl)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(ttnet\.net\.tr)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(tttmaxnet\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(user\.veloxzone\.com\.br)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(utk\.ru)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(veloxzone\.com\.br)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(virtua\.com\.br)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(wanamaroc\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(wbt\.ru)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(wireless\.iaw\.on\.ca)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(business\.telecomitalia\.it)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(cotas\.com\.bo)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(marunouchi\.tokyo\.ocn\.ne\.jp)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(amedex\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /(aageneva\.com)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (${1}) /^ylmf-pc/ REJECT ACCESS DENIED 5. /etc/postfix/postscreen_access.cidr # Rules are evaluated in the order as specified. #1.2.3.4 permit #2.3.4.5 reject # Permit local clients 127.0.0.0/8 permit 6. /etc/postfix/postscreen_dnsbl_reply 7. /etc/postfix/sender_access.pcre 8. /etc/postfix/mysql/catchall_maps.cf hosts = 127.0.0.1:3306 user = vmail password = rladudrl dbname = vmail query = SELECT forwardings.forwarding FROM forwardings,domain WHERE forwardings.address='%d' AND '%u' NOT LIKE '%%+%%' AND forwardings.address=domain.domain AND forwardings.active=1 AND domain.active=1 AND domain.backupmx=0 9. /etc/postfix/mysql/domain_alias_catchall_maps.cf hosts = 127.0.0.1:3306 user = vmail password = rladudrl dbname = vmail query = SELECT forwardings.forwarding FROM forwardings,alias_domain,domain WHERE alias_domain.alias_domain='%d' AND forwardings.address=alias_domain.target_domain AND alias_domain.target_domain=domain.domain AND forwardings.active=1 AND alias_domain.active=1 10. /etc/postfix/mysql/domain_alias_maps.cf hosts = 127.0.0.1:3306 user = vmail password = rladudrl dbname = vmail query = SELECT forwardings.forwarding FROM forwardings,alias_domain,domain WHERE alias_domain.alias_domain='%d' AND forwardings.address=alias_domain.target_domain AND alias_domain.target_domain=domain.domain AND forwardings.active=1 AND alias_domain.active=1 11. /etc/postfix/mysql/recipient_bcc_maps_domain.cf hosts = 127.0.0.1:3306 user = vmail password = rladudrl dbname = vmail query = SELECT bcc_address FROM recipient_bcc_domain WHERE domain='%d' AND active=1 12. /etc/postfix/mysql/recipient_bbs_maps_user.cf hosts = 127.0.0.1:3306 user = vmail password = rladudrl dbname = vmail query = SELECT recipient_bcc_user.bcc_address FROM recipient_bcc_user,domain WHERE recipient_bcc_user.username='%s' AND recipient_bcc_user.domain='%d' AND recipient_bcc_user.domain=domain.domain AND domain.backupmx=0 AND domain.active=1 AND recipient_bcc_user.active=1 13. /etc/postfix/mysql/relay_domains.cf hosts = 127.0.0.1:3306 user = vmail password = rladudrl dbname = vmail query = (SELECT domain FROM domain WHERE domain='%s' AND backupmx=1 AND active=1 LIMIT 1) UNION (SELECT alias_domain.target_domain FROM alias_domain, domain WHERE alias_domain.alias_domain='%s' AND alias_domain.target_domain=domain.domain AND domain.backupmx=1 AND domain.active=1 LIMIT 1) 14. /etc/postfix/mysql/sender_bcc_maps_domain.cf hosts = 127.0.0.1:3306 user = vmail password = rladudrl dbname = vmail query = SELECT bcc_address FROM sender_bcc_domain WHERE domain='%d' AND active=1 15. /etc/postfix/mysql/sender_bcc_maps_user.cf hosts = 127.0.0.1:3306 user = vmail password = rladudrl dbname = vmail query = SELECT sender_bcc_user.bcc_address FROM sender_bcc_user,domain WHERE sender_bcc_user.username='%s' AND sender_bcc_user.domain='%d' AND sender_bcc_user.domain=domain.domain AND domain.backupmx=0 AND domain.active=1 AND sender_bcc_user.active=1 16. /etc/postfix/mysql/sender_dependent_relayhost_maps.cf hosts = 127.0.0.1:3306 user = vmail password = rladudrl dbname = vmail # '%s' will be replaced by the envelope sender address or @domain. query = SELECT relayhost FROM sender_relayhost WHERE account='%s' LIMIT 1 17. /etc/postfix/mysql/sender_login_maps.cf hosts = 127.0.0.1:3306 user = vmail password = rladudrl dbname = vmail query = SELECT mailbox.username FROM mailbox,domain WHERE mailbox.username='%s' AND mailbox.domain='%d' AND mailbox.domain=domain.domain AND mailbox.enablesmtp=1 AND mailbox.active=1 AND domain.backupmx=0 AND domain.active=1 18. /etc/postfix/mysql/transport_maps_domain.cf hosts = 127.0.0.1:3306 user = vmail password = rladudrl dbname = vmail query = SELECT transport FROM domain WHERE domain='%s' AND active=1 19. /etc/postfix/mysql/transport_maps_maillist.cf hosts = 127.0.0.1:3306 user = vmail password = rladudrl dbname = vmail query = SELECT maillists.transport FROM maillists,domain WHERE maillists.address='%s' AND maillists.active=1 AND maillists.domain = domain.domain AND domain.active=1 20. /etc/postfix/mysql/transport_maps_user.cf hosts = 127.0.0.1:3306 user = vmail password = rladudrl dbname = vmail query = SELECT mailbox.transport FROM mailbox,domain WHERE mailbox.username='%s' AND mailbox.domain='%d' AND mailbox.domain=domain.domain AND mailbox.transport<>'' AND mailbox.active=1 AND mailbox.enabledeliver=1 AND domain.backupmx=0 AND domain.active=1 21. /etc/postfix/mysql/virtual_alias_maps.cf hosts = 127.0.0.1:3306 user = vmail password = rladudrl dbname = vmail query = SELECT forwardings.forwarding FROM forwardings,domain WHERE forwardings.address='%s' AND forwardings.domain=domain.domain AND forwardings.active=1 AND domain.backupmx=0 AND domain.active=1 22. /etc/postfix/mysql/virtual_mailbox_domains.cf hosts = 127.0.0.1:3306 user = vmail password = rladudrl dbname = vmail query = SELECT domain FROM domain WHERE domain='%s' AND backupmx=0 AND active=1 UNION SELECT alias_domain.alias_domain FROM alias_domain,domain WHERE alias_domain.alias_domain='%s' AND alias_domain.active=1 AND alias_domain.target_domain=domain.domain AND domain.active=1 AND domain.backupmx=0 23. /etc/postfix/mysql/virtual_mailbox_maps.cf hosts = 127.0.0.1:3306 user = vmail password = rladudrl dbname = vmail query = SELECT CONCAT(mailbox.storagenode, '/', mailbox.maildir, '/Maildir/') FROM mailbox,domain WHERE mailbox.username='%s' AND mailbox.active=1 AND mailbox.enabledeliver=1 AND domain.domain = mailbox.domain AND domain.active=1 |
|
Dovecot | Package | dovecot22u-devel-2.2.35-1.ius.centos7.x86_64 |
configure | 1. /etc/dovecot/dovecot-master-users 2. /etc/dovecot/dovecot-mysql.conf driver = mysql default_pass_scheme = SHA512-CRYPT connect = host=127.0.0.1 port=3306 dbname=vmail user=vmail password=********* # Required by doveadm tools which require to list all mail users. iterate_query = SELECT username AS user FROM mailbox password_query = SELECT mailbox.password, mailbox.allow_nets \ FROM mailbox,domain \ WHERE mailbox.username='%u' \ AND mailbox.`enable%Ls%Lc`=1 \ AND mailbox.active=1 \ AND mailbox.domain=domain.domain \ AND domain.backupmx=0 \ AND domain.active=1 user_query = SELECT \ '%u' AS master_user, \ CONCAT(mailbox.storagebasedirectory, '/', mailbox.storagenode, '/', mailbox.maildir) AS home, \ CONCAT('*:bytes=', mailbox.quota*1048576) AS quota_rule \ FROM mailbox,domain \ WHERE mailbox.username='%u' \ AND mailbox.`enable%Ls%Lc`=1 \ AND mailbox.active=1 \ AND mailbox.domain=domain.domain \ AND domain.backupmx=0 \ AND domain.active=1 3. /etc/dovecot/dovecot-share-folder.conf connect = host=127.0.0.1 port=3306 dbname=vmail user=vmail password=******** map { pattern = shared/shared-boxes/user/$to/$from table = share_folder value_field = dummy fields { from_user = $from to_user = $to } } # To share mailbox to anyone, please uncomment 'acl_anyone = allow' in # dovecot.conf map { pattern = shared/shared-boxes/anyone/$from table = anyone_shares value_field = dummy fields { from_user = $from } } 4. /etc/dovecot/dovecot-used-quota.conf connect = host=127.0.0.1 port=3306 dbname=vmail user=vmail password=********** map { pattern = priv/quota/storage table = used_quota username_field = username value_field = bytes } map { pattern = priv/quota/messages table = used_quota username_field = username value_field = messages } 5. /etc/dovecot/dovecot.conf # More details about Dovecot settings: # - http://wiki2.dovecot.org/ # - http://wiki2.dovecot.org/Variables # Listen addresses. # - '*' means all available IPv4 addresses. # - '[::]' means all available IPv6 addresses. # Listen on all available addresses by default listen = * [::] #base_dir = /var/run/dovecot mail_plugins = quota mailbox_alias acl mail_log notify stats # Enabled mail protocols. protocols = pop3 imap sieve lmtp # User/group who owns the message files: mail_uid = 2000 mail_gid = 2000 # Assign uid to virtual users. first_valid_uid = 2000 last_valid_uid = 2000 # Logging. Reference: http://wiki2.dovecot.org/Logging # # Use syslog #syslog_facility = local5 # Log file path if we use internal log system log_path = /var/log/dovecot/dovecot.log # Debug #mail_debug = yes #auth_verbose = yes #auth_debug = yes #auth_debug_passwords = yes # Possible values: no, plain, sha1. #auth_verbose_passwords = no # SSL: Global settings. # Refer to wiki site for per protocol, ip, server name SSL settings: # http://wiki2.dovecot.org/SSL/DovecotConfiguration ssl_protocols = !SSLv2 !SSLv3 ssl = required verbose_ssl = no #ssl_ca = </path/to/ca ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem # Fix 'The Logjam Attack' ssl_cipher_list = ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5 # Dovecot 2.2.6 or greater: # Specify the wanted DH parameters length ssl_dh_parameters_length = 2048 ssl_prefer_server_ciphers = yes # With disable_plaintext_auth=yes AND ssl=required, STARTTLS is mandatory. # Set disable_plaintext_auth=no AND ssl=yes to allow plain password transmitted # insecurely. disable_plaintext_auth = yes # Allow plain text password per IP address/net #remote 192.168.0.0/24 { # disable_plaintext_auth = no #} # Mail location and mailbox format. mail_location = maildir:%Lh/Maildir/:INDEX=%Lh/Maildir/ # Authentication related settings. # Append this domain name if client gives empty realm. #auth_default_realm = weschool.kr # Authentication mechanisms. auth_mechanisms = PLAIN LOGIN # Limits the number of users that can be logging in at the same time. # Default is 100. This can be overridden by `process_limit =` in # `service [protocol]` block. # e.g. # protocol imap-login { # ... # process_limit = 500 # } #default_process_limit = 100 # Mail delivery log format deliver_log_format = from=%{from}, envelope_sender=%{from_envelope}, subject=%{subject}, msgid=%m, size=%{size}, %$ service auth { unix_listener /var/spool/postfix/private/dovecot-auth { user = postfix group = postfix mode = 0666 } unix_listener auth-master { user = vmail group = vmail mode = 0666 } unix_listener auth-userdb { user = vmail group = vmail mode = 0660 } } # LMTP server (Local Mail Transfer Protocol). # Reference: http://wiki2.dovecot.org/LMTP service lmtp { user = vmail # For higher volume sites, it may be desirable to increase the number of # active listener processes. A range of 5 to 20 is probably good for most # sites. process_min_avail = 5 # Logging. # Require 'log_path =' in 'protocol lmtp {}' block. executable = lmtp -L # Listening on socket file and TCP unix_listener /var/spool/postfix/private/dovecot-lmtp { user = postfix group = postfix mode = 0600 } inet_listener lmtp { # Listen on localhost (ipv4) address = 127.0.0.1 port = 24 } } # Virtual mail accounts. userdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } passdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } # Master user. # Master users are able to log in as other users. It's also possible to # directly log in as any user using a master password, although this isn't # recommended. # Reference: http://wiki2.dovecot.org/Authentication/MasterUsers auth_master_user_separator = * passdb { driver = passwd-file args = /etc/dovecot/dovecot-master-users master = yes } plugin { # Quota configuration. # Reference: http://wiki2.dovecot.org/Quota/Configuration quota = dict:user::proxy::quotadict # Set default quota rule if no quota returned from SQL/LDAP query. #quota_rule = *:storage=1G #quota_rule2 = *:messages=0 #quota_rule3 = Trash:storage=1G #quota_rule4 = Junk:ignore # Quota warning. # # If user suddenly receives a huge mail and the quota jumps from # 85% to 95%, only the 95% script is executed. # # Only the command for the first exceeded limit is executed, so configure # the highest limit first. quota_warning = storage=100%% quota-warning 100 %u quota_warning2 = storage=95%% quota-warning 95 %u quota_warning3 = storage=90%% quota-warning 90 %u quota_warning4 = storage=85%% quota-warning 85 %u # allow user to become max 10% (or 50 MB) over quota quota_grace = 10%% #quota_grace = 50 M # Custom Quota Exceeded Message. # You can specify the message directly or read the message from a file. #quota_exceeded_message = Quota exceeded, please try again later. #quota_exceeded_message = </path/to/quota_exceeded_message.txt # Plugin: expire. #expire = Trash 7 Trash/* 7 Junk 30 #expire_dict = proxy::expire # ACL and share folder acl = vfile acl_shared_dict = proxy::acl # By default Dovecot doesn't allow using the IMAP "anyone" or # "authenticated" identifier, because it would be an easy way to spam # other users in the system. If you wish to allow it, #acl_anyone = allow # Pigeonhole managesieve service. # Reference: http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration # Per-user sieve settings. sieve_dir = %Lh/sieve sieve = %Lh/sieve/dovecot.sieve # Global sieve settings. sieve_global_dir = /var/vmail/sieve # Note: if user has personal sieve script, global sieve rules defined in # sieve_default will be ignored. Please use sieve_before or # sieve_after instead. #sieve_default = sieve_before = /var/vmail/sieve/dovecot.sieve #sieve_after = # The maximum number of redirect actions that can be performed during a # single script execution. # The meaning of 0 differs based on your version. For pigeonhole-0.3.0 and # beyond this means that redirect is prohibited. For older versions, # however, this means that the number of redirects is unlimited. sieve_max_redirects = 30 # Reference: http://wiki2.dovecot.org/Plugins/MailboxAlias mailbox_alias_old = Sent mailbox_alias_new = Sent Messages mailbox_alias_old2 = Sent mailbox_alias_new2 = Sent Items # Events to log. `autoexpunge` is included in `expunge` # Defined in https://github.com/dovecot/core/blob/master/src/plugins/mail-log/mail-log-plugin.c mail_log_events = delete undelete expunge mailbox_delete mailbox_rename mail_log_fields = uid box msgid size from subject # stats # # how often to session statistics (must be set) stats_refresh = 30 secs # track per-IMAP command statistics (optional) stats_track_cmds = yes } service stats { fifo_listener stats-mail { user = vmail mode = 0644 } inet_listener { address = 127.0.0.1 port = 24242 } } service quota-warning { executable = script /usr/local/bin/dovecot-quota-warning.sh unix_listener quota-warning { user = vmail group = vmail mode = 0660 } } service dict { unix_listener dict { mode = 0660 user = vmail group = vmail } } dict { #expire = db:/var/lib/dovecot/expire/expire.db quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf acl = mysql:/etc/dovecot/dovecot-share-folder.conf } protocol lda { # Reference: http://wiki2.dovecot.org/LDA mail_plugins = $mail_plugins sieve lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes postmaster_address = root # Log file path if we use internal log system #log_path = /var/log/dovecot/sieve.log } protocol lmtp { # Log file path if we use internal log system #log_path = /var/log/dovecot/lmtp.log # Plugins mail_plugins = quota sieve postmaster_address = postmaster # Address extension delivery lmtp_save_to_detail_mailbox = yes recipient_delimiter = + } protocol imap { mail_plugins = $mail_plugins imap_quota imap_acl imap_stats imap_client_workarounds = tb-extra-mailbox-sep # Maximum number of IMAP connections allowed for a user from each IP address. # NOTE: The username is compared case-sensitively. # Default is 10. # Increase it to avoid issue like below: # "Maximum number of concurrent IMAP connections exceeded" mail_max_userip_connections = 30 } protocol pop3 { mail_plugins = $mail_plugins pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_uidl_format = %08Xu%08Xv # Maximum number of IMAP connections allowed for a user from each IP address. # NOTE: The username is compared case-sensitively. # Default is 10. mail_max_userip_connections = 30 # POP3 logout format string: # %i - total number of bytes read from client # %o - total number of bytes sent to client # %t - number of TOP commands # %p - number of bytes sent to client as a result of TOP command # %r - number of RETR commands # %b - number of bytes sent to client as a result of RETR command # %d - number of deleted messages # %m - number of messages (before deletion) # %s - mailbox size in bytes (before deletion) # Default format doesn't have 'in=%i, out=%o'. #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s, in=%i, out=%o } # Login processes. Refer to Dovecot wiki for more details: # http://wiki2.dovecot.org/LoginProcess service imap-login { #inet_listener imap { # port = 143 #} #inet_listener imaps { # port = 993 # ssl = yes #} service_count = 1 # To avoid startup latency for new client connections, set process_min_avail # to higher than zero. That many idling processes are always kept around # waiting for new connections. #process_min_avail = 0 # number of simultaneous IMAP connections process_limit = 500 # vsz_limit should be fine at its default 64MB value #vsz_limit = 64M } service pop3-login { #inet_listener pop3 { # port = 110 #} #inet_listener pop3s { # port = 995 # ssl = yes #} service_count = 1 # number of simultaneous POP3 connections #process_limit = 500 } service managesieve-login { inet_listener sieve { # Listen on localhost (ipv4) address = 127.0.0.1 port = 4190 } } namespace { type = private separator = / prefix = inbox = yes # Refer to document for more details about alias mailbox: # http://wiki2.dovecot.org/MailboxSettings # # Sent mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { auto = no special_use = \Sent } mailbox "Sent Items" { auto = no special_use = \Sent } mailbox Drafts { auto = subscribe special_use = \Drafts } # Trash mailbox Trash { auto = subscribe special_use = \Trash } mailbox "Deleted Messages" { auto = no special_use = \Trash } # Junk mailbox Junk { auto = subscribe special_use = \Junk } mailbox Spam { auto = no special_use = \Junk } mailbox "Junk E-mail" { auto = no special_use = \Junk } # Archive mailbox Archive { auto = no special_use = \Archive } mailbox Archives { auto = no special_use = \Archive } } namespace { type = shared separator = / prefix = Shared/%%u/ location = maildir:%%Lh/Maildir/:INDEX=%%Lh/Maildir/Shared/%%Ld/%%Ln # this namespace should handle its own subscriptions or not. subscriptions = yes list = children }
# Public mailboxes. # Refer to Dovecot wiki page for more details: # http://wiki2.dovecot.org/SharedMailboxes/Public #namespace { # type = public # separator = / # prefix = Public/ # location = maildir:/var/vmail/public:CONTROL=%Lh/Maildir/public:INDEXPVT=%Lh/Maildir/public # # # Allow users to subscribe to the public folders. # subscriptions = yes #} !include_try /etc/dovecot/iredmail/*.conf | |
MariaDB | Package | mariadb101u-embedded-devel-10.1.32-1.ius.centos7.x86_6 mariadb101u-libs-10.1.32-1.ius.centos7.x86_64 mariadb101u-errmsg-10.1.32-1.ius.centos7.x86_64 mariadb101u-server-10.1.32-1.ius.centos7.x86_64 mariadb101u-devel-10.1.32-1.ius.centos7.x86_64 mariadb101u-test-10.1.32-1.ius.centos7.x86_64 mariadb101u-server-utils-10.1.32-1.ius.centos7.x86_64 mariadb101u-oqgraph-engine-10.1.32-1.ius.centos7.x86_64 mariadb101u-debuginfo-10.1.32-1.ius.centos7.x86_64 mariadb101u-bench-10.1.32-1.ius.centos7.x86_64 mariadb101u-connect-engine-10.1.32-1.ius.centos7.x86_64 mariadb101u-common-10.1.32-1.ius.centos7.x86_64 mariadb101u-embedded-10.1.32-1.ius.centos7.x86_64 |
configure |
1. /etc/my.cnf # # This group is read both both by the client and the server # use it for options that affect everything # [client-server] # # This group is read by the server # [mysqld] bind-address = 0.0.0.0 port = 3306 collation-server = utf8mb4_general_ci character-set-server = utf8mb4 skip-character-set-client-handshake max_allowed_packet = 32M slow_query_log long_query_time = 2 # 모든 쿼리 로그를 남깁니다. general_log = 1 general_log_file = /var/log/mariadb/mysql_query.log expire_logs_days = 2 max_binlog_size = 10M # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 #ssl-ca = #ssl-cert = /etc/pki/tls/certs/iRedMail.crt #ssl-key = /etc/pki/tls/private/iRedMail.key #ssl-cipher = ALL [client] default-character-set=utf8 # # include all files from the config directory # !includedir /etc/my.cnf.d | |
Roundcube & Gnuboard | Package |
Roundcube Webmail 1.3.5 wmail 1.1 * 기본판(liroo.net 모델 ==> |
configure | 1. gnuboard configuration /data/dbconfig.php ---> DB 접속 정보 설정. 2. Roundcube configuration [html/rmail/config/config.inc.php] <?php // SQL DATABASE $config['db_dsnw'] = 'mysqli://DB_ID:DB_PW@127.0.0.1:3306/web1'; $config['db_prefix'] = 'lr_'; // LOGGING $config['log_driver'] = 'syslog'; $config['syslog_facility'] = LOG_MAIL; // IMAP $config['default_host'] = '127.0.0.1'; $config['default_port'] = 143; $config['imap_auth_type'] = 'LOGIN'; $config['imap_delimiter'] = '/'; // Required if you're running PHP 5.6 or later $config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false, ), ); // SMTP $config['smtp_server'] = 'tls://127.0.0.1'; $config['smtp_port'] = 587; $config['smtp_user'] = '%u'; $config['smtp_pass'] = '%p'; $config['smtp_auth_type'] = 'LOGIN'; // Required if you're running PHP 5.6 or later $config['smtp_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false, ), ); // Use user's identity as envelope sender for 'return receipt' responses, // otherwise it will be rejected by iRedAPD plugin `reject_null_sender`. $config['mdn_use_from'] = true; // SYSTEM $config['force_https'] = false; $config['login_autocomplete'] = 2; $config['ip_check'] = true; $config['des_key'] = 'GyxjqQ7kaD5dqsq7HAB3Ab0g'; $config['cipher_method'] = 'AES-256-CBC'; $config['useragent'] = 'Narae Webmail'; // Hide version number $config['username_domain'] = 'weschool.kr'; //$config['mime_types'] = '/etc/mime.types'; // USER INTERFACE $config['create_default_folders'] = true; $config['quota_zero_as_unlimited'] = true; // USER PREFERENCES $config['default_charset'] = 'UTF-8'; //$config['addressbook_sort_col'] = 'name'; $config['draft_autosave'] = 60; $config['default_list_mode'] = 'threads'; $config['autoexpand_threads'] = 2; $config['check_all_folders'] = true; $config['default_font_size'] = '12pt'; $config['message_show_email'] = true; $config['layout'] = 'widescreen'; // three columns //$config['skip_deleted'] = true; // PLUGINS $config['plugins'] = array('managesieve', 'password', 'enigma', 'large_attachments'); //max mail attach file size $config['max_attach_size'] = 31457280; //logout url $config['logout_url'] = '/bbs/logout.php'; [/html/rmail/plugins/large_attachments/config.inc.php] <?php //file upload directory $config['large_upload_path']= '/data/webmaster/web1/data/upload/'; $config['large_extensions']= []; $config['large_multiselect'] = false; ?> 3. wmail configuration [/data/webmaster/web1/data/db.conf] db=mysql host=localhost port= dbname=DB user=DB_user passwd=DB_pw [/data/webmaster/web1/data/vmail.conf] db=mysql host=localhost port= dbname=vmail user=vmail_DB_user passwd=vmail_DB_pw | |
Certbot | Package | python2-certbot-0.26.1-2.el7.noarch |
configure | /etc/letsencrypt | |
2. DB 초기화
1) DB 구성
[DB 생성]
○ vmail - 메일 계정 및 기능 설정과 관련 정보 기록 
vmail.sql
admin, alias, alias_domain, anyone_shares, deleted_mailboxes, domain, domain_admins, forwardings, mailbox, maillists, recipient_bcc_domain, recipient_bcc_user, sender_bcc_domain, sender_bcc_user, sender_relayhost, share_folder, used_quota
CREATE TABLE `admin` (
`username` varchar(255) NOT NULL DEFAULT '',
`password` varchar(255) NOT NULL DEFAULT '',
`name` varchar(255) NOT NULL DEFAULT '',
`language` varchar(5) NOT NULL DEFAULT '',
`passwordlastchange` datetime NOT NULL DEFAULT '1970-01-01 01:01:01',
`settings` text,
`created` datetime NOT NULL DEFAULT '1970-01-01 01:01:01',
`modified` datetime NOT NULL DEFAULT '1970-01-01 01:01:01',
`expired` datetime NOT NULL DEFAULT '9999-12-31 00:00:00',
`active` tinyint(1) NOT NULL DEFAULT '1',
PRIMARY KEY (`username`),
KEY `passwordlastchange` (`passwordlastchange`),
KEY `expired` (`expired`),
KEY `active` (`active`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `alias` (
`address` varchar(255) NOT NULL DEFAULT '',
`name` varchar(255) NOT NULL DEFAULT '',
`accesspolicy` varchar(30) NOT NULL DEFAULT '',
`domain` varchar(255) NOT NULL DEFAULT '',
`created` datetime NOT NULL DEFAULT '1970-01-01 01:01:01',
`modified` datetime NOT NULL DEFAULT '1970-01-01 01:01:01',
`expired` datetime NOT NULL DEFAULT '9999-12-31 00:00:00',
`active` tinyint(1) NOT NULL DEFAULT '1',
PRIMARY KEY (`address`),
KEY `domain` (`domain`),
KEY `expired` (`expired`),
KEY `active` (`active`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `alias_domain` (
`alias_domain` varchar(255) NOT NULL,
`target_domain` varchar(255) NOT NULL,
`created` datetime NOT NULL DEFAULT '1970-01-01 01:01:01',
`modified` datetime NOT NULL DEFAULT '1970-01-01 01:01:01',
`active` tinyint(1) NOT NULL DEFAULT '1',
PRIMARY KEY (`alias_domain`),
KEY `target_domain` (`target_domain`),
KEY `active` (`active`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `anyone_shares` (
`from_user` varchar(255) NOT NULL,
`dummy` char(1) DEFAULT '1',
PRIMARY KEY (`from_user`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `deleted_mailboxes` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`username` varchar(255) NOT NULL DEFAULT '',
`domain` varchar(255) NOT NULL DEFAULT '',
`maildir` varchar(255) NOT NULL DEFAULT '',
`admin` varchar(255) NOT NULL DEFAULT '',
`delete_date` date DEFAULT NULL,
KEY `id` (`id`),
KEY `timestamp` (`timestamp`),
KEY `username` (`username`),
KEY `domain` (`domain`),
KEY `admin` (`admin`),
KEY `delete_date` (`delete_date`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `domain` (
`domain` varchar(255) NOT NULL DEFAULT '',
`description` text,
`disclaimer` text,
`aliases` int(10) NOT NULL DEFAULT '0',
`mailboxes` int(10) NOT NULL DEFAULT '0',
`maillists` int(10) NOT NULL DEFAULT '0',
`maxquota` bigint(20) NOT NULL DEFAULT '0',
`quota` bigint(20) NOT NULL DEFAULT '0',
`transport` varchar(255) NOT NULL DEFAULT 'dovecot',
`backupmx` tinyint(1) NOT NULL DEFAULT '0',
`settings` text,
`created` datetime NOT NULL DEFAULT '1970-01-01 01:01:01',
`modified` datetime NOT NULL DEFAULT '1970-01-01 01:01:01',
`expired` datetime NOT NULL DEFAULT '9999-12-31 00:00:00',
`active` tinyint(1) NOT NULL DEFAULT '1',
PRIMARY KEY (`domain`),
KEY `backupmx` (`backupmx`),
KEY `expired` (`expired`),
KEY `active` (`active`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `domain_admins` (
`username` varchar(255) CHARACTER SET ascii NOT NULL DEFAULT '',
`domain` varchar(255) CHARACTER SET ascii NOT NULL DEFAULT '',
`created` datetime NOT NULL DEFAULT '1970-01-01 01:01:01',
`modified` datetime NOT NULL DEFAULT '1970-01-01 01:01:01',
`expired` datetime NOT NULL DEFAULT '9999-12-31 00:00:00',
`active` tinyint(1) NOT NULL DEFAULT '1',
PRIMARY KEY (`username`,`domain`),
KEY `username` (`username`),
KEY `domain` (`domain`),
KEY `active` (`active`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `forwardings` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`address` varchar(255) NOT NULL DEFAULT '',
`forwarding` varchar(255) NOT NULL DEFAULT '',
`domain` varchar(255) NOT NULL DEFAULT '',
`dest_domain` varchar(255) NOT NULL DEFAULT '',
`is_maillist` tinyint(1) NOT NULL DEFAULT '0',
`is_list` tinyint(1) NOT NULL DEFAULT '0',
`is_forwarding` tinyint(1) NOT NULL DEFAULT '0',
`is_alias` tinyint(1) NOT NULL DEFAULT '0',
`active` tinyint(1) NOT NULL DEFAULT '1',
PRIMARY KEY (`id`),
UNIQUE KEY `address` (`address`,`forwarding`),
KEY `domain` (`domain`),
KEY `dest_domain` (`dest_domain`),
KEY `is_maillist` (`is_maillist`),
KEY `is_list` (`is_list`),
KEY `is_alias` (`is_alias`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `mailbox` (
`username` varchar(255) NOT NULL DEFAULT '',
`password` varchar(255) NOT NULL DEFAULT '',
`name` varchar(255) NOT NULL DEFAULT '',
`language` varchar(5) NOT NULL DEFAULT '',
`storagebasedirectory` varchar(255) NOT NULL DEFAULT '/var/vmail',
`storagenode` varchar(255) NOT NULL DEFAULT 'vmail1',
`maildir` varchar(255) NOT NULL DEFAULT '',
`quota` bigint(20) NOT NULL DEFAULT '0',
`domain` varchar(255) NOT NULL DEFAULT '',
`transport` varchar(255) NOT NULL DEFAULT '',
`department` varchar(255) NOT NULL DEFAULT '',
`rank` varchar(255) NOT NULL DEFAULT 'normal',
`employeeid` varchar(255) DEFAULT '',
`isadmin` tinyint(1) NOT NULL DEFAULT '0',
`isglobaladmin` tinyint(1) NOT NULL DEFAULT '0',
`enablesmtp` tinyint(1) NOT NULL DEFAULT '1',
`enablesmtpsecured` tinyint(1) NOT NULL DEFAULT '1',
`enablepop3` tinyint(1) NOT NULL DEFAULT '1',
`enablepop3secured` tinyint(1) NOT NULL DEFAULT '1',
`enableimap` tinyint(1) NOT NULL DEFAULT '1',
`enableimapsecured` tinyint(1) NOT NULL DEFAULT '1',
`enabledeliver` tinyint(1) NOT NULL DEFAULT '1',
`enablelda` tinyint(1) NOT NULL DEFAULT '1',
`enablemanagesieve` tinyint(1) NOT NULL DEFAULT '1',
`enablemanagesievesecured` tinyint(1) NOT NULL DEFAULT '1',
`enablesieve` tinyint(1) NOT NULL DEFAULT '1',
`enablesievesecured` tinyint(1) NOT NULL DEFAULT '1',
`enableinternal` tinyint(1) NOT NULL DEFAULT '1',
`enabledoveadm` tinyint(1) NOT NULL DEFAULT '1',
`enablelib-storage` tinyint(1) NOT NULL DEFAULT '1',
`enableindexer-worker` tinyint(1) NOT NULL DEFAULT '1',
`enablelmtp` tinyint(1) NOT NULL DEFAULT '1',
`enabledsync` tinyint(1) NOT NULL DEFAULT '1',
`enablesogo` tinyint(1) NOT NULL DEFAULT '1',
`allow_nets` text,
`lastlogindate` datetime NOT NULL DEFAULT '1970-01-01 01:01:01',
`lastloginipv4` int(4) unsigned NOT NULL DEFAULT '0',
`lastloginprotocol` char(255) NOT NULL DEFAULT '',
`disclaimer` text,
`allowedsenders` text,
`rejectedsenders` text,
`allowedrecipients` text,
`rejectedrecipients` text,
`settings` text,
`passwordlastchange` datetime NOT NULL DEFAULT '1970-01-01 01:01:01',
`created` datetime NOT NULL DEFAULT '1970-01-01 01:01:01',
`modified` datetime NOT NULL DEFAULT '1970-01-01 01:01:01',
`expired` datetime NOT NULL DEFAULT '9999-12-31 00:00:00',
`active` tinyint(1) NOT NULL DEFAULT '1',
PRIMARY KEY (`username`),
KEY `domain` (`domain`),
KEY `department` (`department`),
KEY `employeeid` (`employeeid`),
KEY `isadmin` (`isadmin`),
KEY `isglobaladmin` (`isglobaladmin`),
KEY `enablesmtp` (`enablesmtp`),
KEY `enablesmtpsecured` (`enablesmtpsecured`),
KEY `enablepop3` (`enablepop3`),
KEY `enablepop3secured` (`enablepop3secured`),
KEY `enableimap` (`enableimap`),
KEY `enableimapsecured` (`enableimapsecured`),
KEY `enabledeliver` (`enabledeliver`),
KEY `enablelda` (`enablelda`),
KEY `enablemanagesieve` (`enablemanagesieve`),
KEY `enablemanagesievesecured` (`enablemanagesievesecured`),
KEY `enablesieve` (`enablesieve`),
KEY `enablesievesecured` (`enablesievesecured`),
KEY `enablelmtp` (`enablelmtp`),
KEY `enableinternal` (`enableinternal`),
KEY `enabledoveadm` (`enabledoveadm`),
KEY `enablelib-storage` (`enablelib-storage`),
KEY `enableindexer-worker` (`enableindexer-worker`),
KEY `enabledsync` (`enabledsync`),
KEY `enablesogo` (`enablesogo`),
KEY `passwordlastchange` (`passwordlastchange`),
KEY `expired` (`expired`),
KEY `active` (`active`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `maillists` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`address` varchar(255) NOT NULL DEFAULT '',
`domain` varchar(255) NOT NULL DEFAULT '',
`transport` varchar(255) NOT NULL DEFAULT '',
`accesspolicy` varchar(30) NOT NULL DEFAULT '',
`maxmsgsize` bigint(20) NOT NULL DEFAULT '0',
`name` varchar(255) NOT NULL DEFAULT '',
`description` text,
`mlid` varchar(36) NOT NULL DEFAULT '',
`is_newsletter` tinyint(1) NOT NULL DEFAULT '0',
`settings` text,
`created` datetime NOT NULL DEFAULT '1970-01-01 01:01:01',
`modified` datetime NOT NULL DEFAULT '1970-01-01 01:01:01',
`expired` datetime NOT NULL DEFAULT '9999-12-31 00:00:00',
`active` tinyint(1) NOT NULL DEFAULT '1',
PRIMARY KEY (`id`),
UNIQUE KEY `address` (`address`),
UNIQUE KEY `mlid` (`mlid`),
KEY `is_newsletter` (`is_newsletter`),
KEY `domain` (`domain`),
KEY `active` (`active`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `recipient_bcc_domain` (
`domain` varchar(255) NOT NULL DEFAULT '',
`bcc_address` varchar(255) NOT NULL DEFAULT '',
`created` datetime NOT NULL DEFAULT '1970-01-01 01:01:01',
`modified` datetime NOT NULL DEFAULT '1970-01-01 01:01:01',
`expired` datetime NOT NULL DEFAULT '9999-12-31 00:00:00',
`active` tinyint(1) NOT NULL DEFAULT '1',
PRIMARY KEY (`domain`),
KEY `bcc_address` (`bcc_address`),
KEY `expired` (`expired`),
KEY `active` (`active`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `recipient_bcc_user` (
`username` varchar(255) NOT NULL DEFAULT '',
`bcc_address` varchar(255) NOT NULL DEFAULT '',
`domain` varchar(255) NOT NULL DEFAULT '',
`created` datetime NOT NULL DEFAULT '1970-01-01 01:01:01',
`modified` datetime NOT NULL DEFAULT '1970-01-01 01:01:01',
`expired` datetime NOT NULL DEFAULT '9999-12-31 00:00:00',
`active` tinyint(1) NOT NULL DEFAULT '1',
PRIMARY KEY (`username`),
KEY `bcc_address` (`bcc_address`),
KEY `expired` (`expired`),
KEY `active` (`active`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `sender_bcc_domain` (
`domain` varchar(255) NOT NULL DEFAULT '',
`bcc_address` varchar(255) NOT NULL DEFAULT '',
`created` datetime NOT NULL DEFAULT '1970-01-01 01:01:01',
`modified` datetime NOT NULL DEFAULT '1970-01-01 01:01:01',
`expired` datetime NOT NULL DEFAULT '9999-12-31 00:00:00',
`active` tinyint(1) NOT NULL DEFAULT '1',
PRIMARY KEY (`domain`),
KEY `bcc_address` (`bcc_address`),
KEY `expired` (`expired`),
KEY `active` (`active`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `sender_bcc_user` (
`username` varchar(255) NOT NULL DEFAULT '',
`bcc_address` varchar(255) NOT NULL DEFAULT '',
`domain` varchar(255) NOT NULL DEFAULT '',
`created` datetime NOT NULL DEFAULT '1970-01-01 01:01:01',
`modified` datetime NOT NULL DEFAULT '1970-01-01 01:01:01',
`expired` datetime NOT NULL DEFAULT '9999-12-31 00:00:00',
`active` tinyint(1) NOT NULL DEFAULT '1',
PRIMARY KEY (`username`),
KEY `bcc_address` (`bcc_address`),
KEY `domain` (`domain`),
KEY `expired` (`expired`),
KEY `active` (`active`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `sender_relayhost` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`account` varchar(255) NOT NULL DEFAULT '',
`relayhost` varchar(255) NOT NULL DEFAULT '',
PRIMARY KEY (`id`),
UNIQUE KEY `account` (`account`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `share_folder` (
`from_user` varchar(255) CHARACTER SET ascii NOT NULL,
`to_user` varchar(255) CHARACTER SET ascii NOT NULL,
`dummy` char(1) DEFAULT NULL,
PRIMARY KEY (`from_user`,`to_user`),
KEY `from_user` (`from_user`),
KEY `to_user` (`to_user`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `used_quota` (
`username` varchar(255) NOT NULL,
`bytes` bigint(20) NOT NULL DEFAULT '0',
`messages` bigint(20) NOT NULL DEFAULT '0',
`domain` varchar(255) NOT NULL DEFAULT '',
PRIMARY KEY (`username`),
KEY `domain` (`domain`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TRIGGER `used_quota_before_insert` BEFORE INSERT ON `used_quota` FOR EACH ROW BEGIN
SET NEW.domain = SUBSTRING_INDEX(NEW.username, '@', -1);
END;
○ web1- Gnuboard 및 Roundcube 정보 기록
g5_auth, g5_autosave, g5_board, g5_board_file, g5_board_good, g5_board_new, g5_cert_history, g5_config, g5_content, g5_faq, g5_faq_master, g5_group, g5_group_member, g5_login, g5_mail, g5_member, g5_member_social_profiles, g5_memo, g5_menu, g5_new_win, g5_point, g5_poll, g5_poll_etc, g5_popular, g5_qa_config, g5_qa_content, g5_scrap, g5_uniqid, g5_visit, g5_visit_sum, g5_write_free, g5_write_gallery, g5_write_notice, g5_write_qa,
lr_cache, lr_cache_index, lr_cache_messages, lr_cache_shared, lr_cache_thread, lr_contactgroupmembers, lr_contactgroups, lr_contacts, lr_dictionary, lr_identities, lr_searches, lr_session, lr_system, lr_users, rmail_manage
[DB 사용자 생성]
○ vmail - vmail DB 사용자를 생성한다.
○ web1_user - web1 DB 사용자를 생성한다.
3. 로그인(접속)
[도메인 등록]
- web1 의 rmail_manage 테이블의 정보를 등록해야만 관리자를 비롯한 모든 접속 기능이 동작한다.
(예)
no / type / domain / base_dir / quota_limit / etc / wdate
1 mailu.kr /Disk1/vamil 1024 1529571229
'배워서 남주자 > Service 구성' 카테고리의 다른 글
| robots.txt (0) | 2018.10.31 |
|---|---|
| [php & oracle] php에서 오라클 연동 (PDO + OCI8 설치) (0) | 2018.04.20 |
| [squid] proxy 서버 설정 - 옛날 자료 (0) | 2018.03.23 |
| [ Mail-SPF] 메일서버등록 (0) | 2018.03.23 |
| [SMB 설정] samba- 4.4.4 (1) | 2018.03.23 |