Ignore:
Timestamp:
04/26/18 17:32:02 (7 years ago)
Author:
Edwin Eefting <edwin@datux.nl>
Branches:
gcc484, master, perl-5.22
Children:
dd97a57
Parents:
a1525ed
Message:

improved logging. auth and tls support. qmail-submission on port 587 (requires both tls and auth to relay mails from the internet)

Location:
npl/mailserver/netqmail_conf/root
Files:
9 added
7 edited

Legend:

Unmodified
Added
Removed
  • npl/mailserver/netqmail_conf/root/etc/postinst.d/post.qmail_conf

    ra1525ed rcd8630b  
    3737
    3838
     39# logging via syslog in /var/log/maillog from now on
     40rm -rf /var/log/qmail/
     41
     42
    3943# permissions
    4044. /etc/qmail.permissions
    4145qmail_permissions
    42 cd /var/log/qmail
    43 chown -R qmaill.nofiles .
    44 chgrp root .
    45 chmod -R og-wrx .
    46 chmod g+rx .
     46
    4747
    4848#stuff
     
    6161#regenerate cdb
    6262tcprules /etc/qmail/tcp.smtp.cdb /etc/qmail/tcp.smtp.tmp < /etc/qmail/tcp.smtp
     63tcprules /etc/qmail/tcp.submission.cdb /etc/qmail/tcp.submission.tmp < /etc/qmail/tcp.submission
     64
     65
     66#TLS configuration
     67if ! [ -e /var/qmail/control/dh1024.pem ]; then
     68    openssl dhparam -out /var/qmail/control/dh1024.pem.tmp 1024 || exit 1
     69    chown qmaild /var/qmail/control/dh1024.pem.tmp || exit 1
     70    chmod 400 /var/qmail/control/dh1024.pem.tmp || exit 1
     71    mv /var/qmail/control/dh1024.pem.tmp /var/qmail/control/dh1024.pem || exit 1
     72fi
     73
     74
     75
    6376
    6477#enable scripts (x is disble to prevent starting up after first installation of binary)
    65 chmod +x /service/qmail-smtpd/run /service/qmail-send/run /service/qmail-send/log/run /service/qmail-smtpd/log/run
     78chmod +x /service/qmail-smtpd/run /service/qmail-send/run /service/qmail-send/log/run /service/qmail-smtpd/log/run /service/qmail-submission/run /service/qmail-submission/log/run
  • npl/mailserver/netqmail_conf/root/home/system/qmail/tcp.smtp.new

    ra1525ed rcd8630b  
    2020192.168.:allow,RELAYCLIENT="",QMAILQUEUE="bin/qmail-qmqpc"
    212110.:allow,RELAYCLIENT="",QMAILQUEUE="bin/qmail-qmqpc"
    22 :allow,QMAILQUEUE="bin/qmail-qmqpc"
     22:allow,QMAILQUEUE="bin/qmail-qmqpc",CHKUSER_WRONGRCPTLIMIT="3"
  • npl/mailserver/netqmail_conf/root/var/qmail/rc

    ra1525ed rcd8630b  
    11#!/bin/sh
    2 exec env - PATH="/var/qmail/bin:$PATH" qmail-start ''  splogger qmail
     2
     3# Using stdout for logging
     4# Using control/defaultdelivery from qmail-local to deliver messages by default
     5
     6# DKIM signign
     7#exec env - PATH="/var/qmail/bin:$PATH" \
     8#QMAILREMOTE=/var/qmail/bin/spawn-filter  \
     9#FILTERARGS=/var/qmail/bin/dk-filter \
     10#qmail-start "`cat /var/qmail/control/defaultdelivery`"
     11
     12exec env - PATH="/var/qmail/bin:$PATH" \
     13qmail-start "`cat /var/qmail/control/defaultdelivery`"
  • npl/mailserver/netqmail_conf/root/var/qmail/supervise/qmail-send/log/run

    ra1525ed rcd8630b  
    11#!/bin/sh
    2 exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s2500000 /var/log/qmail/qmail-send
     2exec /usr/bin/setuidgid qmaill logger -t qmail-send -p mail.info
  • npl/mailserver/netqmail_conf/root/var/qmail/supervise/qmail-send/run

    ra1525ed rcd8630b  
    11#!/bin/sh
     2exec 2>&1
     3
    24#dynamic update of hostname
    35hostname -f > /var/qmail/control/me
  • npl/mailserver/netqmail_conf/root/var/qmail/supervise/qmail-smtpd/log/run

    ra1525ed rcd8630b  
    11#!/bin/sh
    2 exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s2500000 /var/log/qmail/qmail-smtpd
     2exec /usr/bin/setuidgid qmaill logger -t qmail-smtpd -p mail.info
  • npl/mailserver/netqmail_conf/root/var/qmail/supervise/qmail-smtpd/run

    ra1525ed rcd8630b  
    11#!/bin/sh
     2
     3exec 2>&1
     4
     5##### OUD
     6# QMAILDUID=`id -u qmaild`
     7# NOFILESGID=`id -g qmaild`
     8# MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
     9# LOCAL=`head -1 /var/qmail/control/me`
     10# if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
     11#     echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
     12#     echo /var/qmail/supervise/qmail-smtpd/run
     13#     exit 1
     14# fi
     15# if [ ! -f /var/qmail/control/rcpthosts ]; then
     16#     echo "No /var/qmail/control/rcpthosts!"
     17#     echo "Refusing to start SMTP listener because it'll create an open relay"
     18#     exit 1
     19# fi
     20# exec /usr/bin/softlimit -m 150000000 /usr/bin/tcpserver -v -R -l "$LOCAL" -x /etc/qmail/tcp.smtp.cdb -c "$MAXSMTPD" -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /usr/bin/rblsmtpd -r cbl.abuseat.org -r bl.spamcop.net /usr/bin/fixcrio /var/qmail/bin/qmail-smtpd 2>&1
     21######
     22
    223QMAILDUID=`id -u qmaild`
    324NOFILESGID=`id -g qmaild`
    425MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
     26SOFTLIMIT=`cat /var/qmail/control/softlimit`
    527LOCAL=`head -1 /var/qmail/control/me`
    6 if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
    7     echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
    8     echo /var/qmail/supervise/qmail-smtpd/run
    9     exit 1
    10 fi
    11 if [ ! -f /var/qmail/control/rcpthosts ]; then
    12     echo "No /var/qmail/control/rcpthosts!"
    13     echo "Refusing to start SMTP listener because it'll create an open relay"
    14     exit 1
    15 fi
    16 exec /usr/bin/softlimit -m 150000000 /usr/bin/tcpserver -v -R -l "$LOCAL" -x /etc/qmail/tcp.smtp.cdb -c "$MAXSMTPD" -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /usr/bin/rblsmtpd -r cbl.abuseat.org -r bl.spamcop.net /usr/bin/fixcrio /var/qmail/bin/qmail-smtpd 2>&1
     28
     29# This enables greetdelay for qmail-smtpd
     30export SMTPD_GREETDELAY=20
     31export DROP_PRE_GREET=1
     32
     33# This enables chkuser
     34export CHKUSER_START=ALWAYS
     35
     36# DKIM - SURBL configuration
     37# DKIMQUEUE and SURBLQUEUE are front-ends of qmail-queue
     38#export SURBL=1                               # Comment out to enable SURBL filtering
     39#export QMAILQUEUE=/var/qmail/bin/surblqueue  # executes surblfilter
     40#export SURBLQUEUE=/var/qmail/bin/qmail-dkim  # executes qmail-dkim afer sublfilter
     41#export DKIMQUEUE=/var/qmail/bin/simscan      # simscan is executed after qmail-dkim
     42# DKIM verification. Use carefully
     43#export DKIMVERIFY="FGHKLMNOQRTVWjp"
     44# This is to avoid verification of outgoing messages
     45#export RELAYCLIENT_NODKIMVERIFY=1
     46
     47# This turns off TLS on port 25
     48# export DISABLETLS="1"
     49
     50# Requires that authenticated user and 'mail from' are identical
     51#export FORCEAUTHMAILFROM="1"
     52
     53# rcptcheck-overlimit. Limits the number of emails sent by relayclients
     54export RCPTCHECK=/var/qmail/bin/rcptcheck-overlimit.sh
     55export RCPTCHECKRELAYCLIENT="1"
     56
     57# This enables simscan debug
     58#export SIMSCAN_DEBUG=4
     59
     60exec /usr/bin/softlimit -m "$SOFTLIMIT" \
     61    /usr/bin/tcpserver -v -H -R -l "$LOCAL" \
     62    -x /etc/qmail/tcp.smtp.cdb -c "$MAXSMTPD" \
     63    -u "$QMAILDUID" -g "$NOFILESGID" 0 25 \
     64    /var/qmail/bin/qmail-smtpd 2>&1
Note: See TracChangeset for help on using the changeset viewer.