|
Size: 8576
Comment:
|
Size: 14259
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 16: | Line 16: |
| == Steps == {{{#!highlight sh docker pull debian:bookworm docker run -d -it --name debian_pod debian:bookworm cat docker exec -it debian_pod bash cat /etc/os-release | grep -i version VERSION_ID="12" VERSION="12 (bookworm)" VERSION_CODENAME=bookworm apt update apt install -y dovecot-core postfix net-tools vim rsyslog dovecot-pop3d libsasl2-2 sasl2-bin libsasl2-modules # 2. Internet Site # General mail configuration type: 2 # System mail name: example.org service --status-all # dovecot pop3s vim /etc/dovecot/conf.d/10-mail.conf service dovecot status service dovecot restart netstat -at -n passwd # define root pwd adduser anonymous # pwd guest touch /var/mail/anonymous chown anonymous:mail /var/mail/anonymous chmod o-r /var/mail/anonymous chmod g+rw /var/mail/anonymous rsyslogd -v rsyslogd cat /var/log/syslog vim /etc/default/saslauthd # change START=yes dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd echo 'pwcheck_method: saslauthd' > /etc/postfix/sasl/smtpd.conf usermod -a -G sasl postfix service saslauthd start service saslauthd status # postfix smtps port 25 and 587 vim /etc/postfix/main.cf vim /etc/postfix/master.cf nano /etc/default/saslauthd service postfix start service postfix status mkdir -p /var/spool/postfix/var/run/saslauthd chown root:sasl /var/spool/postfix/var/run/saslauthd chmod 710 /var/spool/postfix/var/run/saslauthd adduser postfix sasl service saslauthd restart service postfix restart }}} == /etc/postfix/main.cf == |
== Docker environment == === connect.sh === {{{#!highlight sh #!/bin/sh docker exec -it mail-container bash }}} === saslauthd === {{{#!highlight sh START=yes DESC="SASL Authentication Daemon" NAME="saslauthd" MECHANISMS="pam" MECH_OPTIONS="" THREADS=5 OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" }}} === main.cf === |
| Line 105: | Line 65: |
| == /etc/dovecot/conf.d/10-mail.conf == {{{#!highlight sh mail_location = maildir:/home/%u/Maildir namespace inbox { inbox = yes } mail_privileged_group = mail protocol !indexer-worker { } }}} == /etc/postfix/master.cf == |
=== smtpd.conf === {{{#!highlight sh pwcheck_method: saslauthd }}} === mailstart.sh === {{{#!highlight sh #!/bin/sh service saslauthd start service dovecot start service postfix start cat }}} === master.cf === |
| Line 159: | Line 122: |
| === Dockerfile === {{{#!highlight sh FROM debian:bookworm RUN apt update RUN apt install -y debconf && \ echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections && \ echo "postfix postfix/mailname string example.org" | debconf-set-selections RUN apt install -y dovecot-core postfix net-tools vim rsyslog dovecot-pop3d libsasl2-2 sasl2-bin libsasl2-modules procps COPY main.cf /etc/postfix/main.cf COPY 10-mail.conf /etc/dovecot/conf.d/10-mail.conf COPY master.cf /etc/postfix/master.cf COPY saslauthd /etc/default/saslauthd COPY mailstart.sh /root/ COPY smtpd.conf /etc/postfix/sasl/smtpd.conf RUN useradd -m anonymous RUN echo 'anonymous:guest' | chpasswd RUN touch /var/mail/anonymous RUN chown anonymous:mail /var/mail/anonymous RUN chmod o-r /var/mail/anonymous RUN chmod g+rw /var/mail/anonymous RUN rsyslogd RUN dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd RUN usermod -a -G sasl postfix RUN mkdir -p /var/spool/postfix/var/run/saslauthd RUN chown root:sasl /var/spool/postfix/var/run/saslauthd RUN chmod 710 /var/spool/postfix/var/run/saslauthd CMD ["sh","/root/mailstart.sh"] }}} === 10-mail.conf === {{{#!highlight sh mail_location = maildir:/home/%u/Maildir namespace inbox { inbox = yes } mail_privileged_group = mail protocol !indexer-worker { } }}} === build.sh === {{{#!highlight sh #!/bin/sh docker build -t mail . }}} === run.sh === {{{#!highlight sh #!/bin/sh docker run --rm -d -it --name mail-container mail }}} == Steps == {{{#!highlight sh docker pull debian:bookworm docker run --rm -d -it --name debian_pod debian:bookworm cat docker exec -it debian_pod bash cat /etc/os-release | grep -i version VERSION_ID="12" VERSION="12 (bookworm)" VERSION_CODENAME=bookworm apt update apt install -y dovecot-core postfix net-tools vim rsyslog dovecot-pop3d libsasl2-2 sasl2-bin libsasl2-modules # 2. Internet Site # General mail configuration type: 2 # System mail name: example.org service --status-all # dovecot pop3s vim /etc/dovecot/conf.d/10-mail.conf service dovecot status service dovecot restart netstat -at -n passwd # define root pwd adduser anonymous # pwd guest touch /var/mail/anonymous chown anonymous:mail /var/mail/anonymous chmod o-r /var/mail/anonymous chmod g+rw /var/mail/anonymous rsyslogd -v rsyslogd cat /var/log/syslog vim /etc/default/saslauthd # change START=yes dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd echo 'pwcheck_method: saslauthd' > /etc/postfix/sasl/smtpd.conf usermod -a -G sasl postfix service saslauthd start service saslauthd status # postfix smtps port 25 and 587 vim /etc/postfix/main.cf vim /etc/postfix/master.cf nano /etc/default/saslauthd service postfix start service postfix status mkdir -p /var/spool/postfix/var/run/saslauthd chown root:sasl /var/spool/postfix/var/run/saslauthd chmod 710 /var/spool/postfix/var/run/saslauthd adduser postfix sasl service saslauthd restart service postfix restart }}} == /etc/postfix/main.cf == {{{#!highlight sh # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_security_level=may smtp_tls_CApath=/etc/ssl/certs smtp_tls_security_level=may smtp_tls_session_cache_database=btree:${data_directory}/smtp_scache myhostname=mail.example.org mydomain=example.org smtpd_recipient_restrictions=permit_sasl_authenticated , reject_unauth_destination relay_domains= smtpd_sasl_auth_enable=yes smtpd_sasl_security_options=noanonymous smtpd_sasl_local_domain=$myhostname smtpd_sasl_auth_enable = yes smtpd_sasl_path = smtpd smtpd_sasl_type = cyrus broken_sasl_auth_clients=yes smtpd_relay_restrictions=permit_sasl_authenticated home_mailbox=Maildir/ mail_spool_directory=/var/mail mydestination=$myhostname localhost.$mydomain localhost $mydomain mynetworks=127.0.0.0/8 10.0.0.0/24 }}} == /etc/dovecot/conf.d/10-mail.conf == {{{#!highlight sh mail_location = maildir:/home/%u/Maildir namespace inbox { inbox = yes } mail_privileged_group = mail protocol !indexer-worker { } }}} == /etc/postfix/master.cf == {{{#!highlight sh smtp inet n - y - - smtpd submission inet n - y - - smtpd pickup unix n - y 60 1 pickup cleanup unix n - y - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - y 1000? 1 tlsmgr rewrite unix - - y - - trivial-rewrite bounce unix - - y - 0 bounce defer unix - - y - 0 bounce trace unix - - y - 0 bounce verify unix - - y - 1 verify flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - y - - smtp relay unix - - y - - smtp -o syslog_name=postfix/$service_name showq unix n - y - - showq error unix - - y - - error retry unix - - y - - error discard unix - - y - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - y - - lmtp anvil unix - - y - 1 anvil scache unix - - y - 1 scache postlog unix-dgram n - n - 1 postlogd maildrop unix - n n - - pipe flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} }}} |
Contents
POP3S/SMTPS
Services with postfix and dovecot
Ports
The encrypted port for POP3 is 995 and works over TLS/SSL. port 587 is the standard port for secure SMTP
SMTP servers commonly use the Transmission Control Protocol on port number 25 (for plaintext) and 587 (for encrypted communications).
A POP3 server listens on well-known port number 110 for service requests. Encrypted communication for POP3 is either requested after protocol initiation, using the STLS command, if supported, or by POP3S, which connects to the server using Transport Layer Security (TLS) or Secure Sockets Layer (SSL) on well-known TCP port number 995.
Docker environment
connect.sh
saslauthd
main.cf
1 # TLS parameters
2 smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
3 smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
4 smtpd_tls_security_level=may
5
6 smtp_tls_CApath=/etc/ssl/certs
7 smtp_tls_security_level=may
8 smtp_tls_session_cache_database=btree:${data_directory}/smtp_scache
9 myhostname=mail.example.org
10 mydomain=example.org
11 smtpd_recipient_restrictions=permit_sasl_authenticated , reject_unauth_destination
12 relay_domains=
13 smtpd_sasl_auth_enable=yes
14 smtpd_sasl_security_options=noanonymous
15 smtpd_sasl_local_domain=$myhostname
16
17 smtpd_sasl_auth_enable = yes
18 smtpd_sasl_path = smtpd
19 smtpd_sasl_type = cyrus
20
21 broken_sasl_auth_clients=yes
22 smtpd_relay_restrictions=permit_sasl_authenticated
23 home_mailbox=Maildir/
24 mail_spool_directory=/var/mail
25 mydestination=$myhostname localhost.$mydomain localhost $mydomain
26 mynetworks=127.0.0.0/8 10.0.0.0/24
smtpd.conf
1 pwcheck_method: saslauthd
mailstart.sh
master.cf
1 smtp inet n - y - - smtpd
2 submission inet n - y - - smtpd
3 pickup unix n - y 60 1 pickup
4 cleanup unix n - y - 0 cleanup
5 qmgr unix n - n 300 1 qmgr
6 tlsmgr unix - - y 1000? 1 tlsmgr
7 rewrite unix - - y - - trivial-rewrite
8 bounce unix - - y - 0 bounce
9 defer unix - - y - 0 bounce
10 trace unix - - y - 0 bounce
11 verify unix - - y - 1 verify
12 flush unix n - y 1000? 0 flush
13 proxymap unix - - n - - proxymap
14 proxywrite unix - - n - 1 proxymap
15 smtp unix - - y - - smtp
16 relay unix - - y - - smtp
17 -o syslog_name=postfix/$service_name
18 showq unix n - y - - showq
19 error unix - - y - - error
20 retry unix - - y - - error
21 discard unix - - y - - discard
22 local unix - n n - - local
23 virtual unix - n n - - virtual
24 lmtp unix - - y - - lmtp
25 anvil unix - - y - 1 anvil
26 scache unix - - y - 1 scache
27 postlog unix-dgram n - n - 1 postlogd
28 maildrop unix - n n - - pipe
29 flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
30 uucp unix - n n - - pipe
31 flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
32 ifmail unix - n n - - pipe
33 flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
34 bsmtp unix - n n - - pipe
35 flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
36 scalemail-backend unix - n n - 2 pipe
37 flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
38 mailman unix - n n - - pipe
39 flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
Dockerfile
1 FROM debian:bookworm
2
3 RUN apt update
4 RUN apt install -y debconf && \
5 echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections && \
6 echo "postfix postfix/mailname string example.org" | debconf-set-selections
7 RUN apt install -y dovecot-core postfix net-tools vim rsyslog dovecot-pop3d libsasl2-2 sasl2-bin libsasl2-modules procps
8
9 COPY main.cf /etc/postfix/main.cf
10 COPY 10-mail.conf /etc/dovecot/conf.d/10-mail.conf
11 COPY master.cf /etc/postfix/master.cf
12 COPY saslauthd /etc/default/saslauthd
13 COPY mailstart.sh /root/
14 COPY smtpd.conf /etc/postfix/sasl/smtpd.conf
15
16 RUN useradd -m anonymous
17 RUN echo 'anonymous:guest' | chpasswd
18 RUN touch /var/mail/anonymous
19 RUN chown anonymous:mail /var/mail/anonymous
20 RUN chmod o-r /var/mail/anonymous
21 RUN chmod g+rw /var/mail/anonymous
22 RUN rsyslogd
23 RUN dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd
24 RUN usermod -a -G sasl postfix
25 RUN mkdir -p /var/spool/postfix/var/run/saslauthd
26 RUN chown root:sasl /var/spool/postfix/var/run/saslauthd
27 RUN chmod 710 /var/spool/postfix/var/run/saslauthd
28
29 CMD ["sh","/root/mailstart.sh"]
10-mail.conf
build.sh
run.sh
Steps
1 docker pull debian:bookworm
2 docker run --rm -d -it --name debian_pod debian:bookworm cat
3 docker exec -it debian_pod bash
4
5 cat /etc/os-release | grep -i version
6 VERSION_ID="12"
7 VERSION="12 (bookworm)"
8 VERSION_CODENAME=bookworm
9
10 apt update
11 apt install -y dovecot-core postfix net-tools vim rsyslog dovecot-pop3d libsasl2-2 sasl2-bin libsasl2-modules
12 # 2. Internet Site
13 # General mail configuration type: 2
14 # System mail name: example.org
15 service --status-all
16 # dovecot pop3s
17 vim /etc/dovecot/conf.d/10-mail.conf
18 service dovecot status
19 service dovecot restart
20
21 netstat -at -n
22 passwd # define root pwd
23 adduser anonymous # pwd guest
24 touch /var/mail/anonymous
25 chown anonymous:mail /var/mail/anonymous
26 chmod o-r /var/mail/anonymous
27 chmod g+rw /var/mail/anonymous
28
29 rsyslogd -v
30 rsyslogd
31 cat /var/log/syslog
32
33 vim /etc/default/saslauthd # change START=yes
34 dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd
35 echo 'pwcheck_method: saslauthd' > /etc/postfix/sasl/smtpd.conf
36 usermod -a -G sasl postfix
37 service saslauthd start
38 service saslauthd status
39
40 # postfix smtps port 25 and 587
41 vim /etc/postfix/main.cf
42 vim /etc/postfix/master.cf
43 nano /etc/default/saslauthd
44
45 service postfix start
46 service postfix status
47
48 mkdir -p /var/spool/postfix/var/run/saslauthd
49 chown root:sasl /var/spool/postfix/var/run/saslauthd
50 chmod 710 /var/spool/postfix/var/run/saslauthd
51 adduser postfix sasl
52
53 service saslauthd restart
54 service postfix restart
/etc/postfix/main.cf
1 # TLS parameters
2 smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
3 smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
4 smtpd_tls_security_level=may
5
6 smtp_tls_CApath=/etc/ssl/certs
7 smtp_tls_security_level=may
8 smtp_tls_session_cache_database=btree:${data_directory}/smtp_scache
9 myhostname=mail.example.org
10 mydomain=example.org
11 smtpd_recipient_restrictions=permit_sasl_authenticated , reject_unauth_destination
12 relay_domains=
13 smtpd_sasl_auth_enable=yes
14 smtpd_sasl_security_options=noanonymous
15 smtpd_sasl_local_domain=$myhostname
16
17 smtpd_sasl_auth_enable = yes
18 smtpd_sasl_path = smtpd
19 smtpd_sasl_type = cyrus
20
21 broken_sasl_auth_clients=yes
22 smtpd_relay_restrictions=permit_sasl_authenticated
23 home_mailbox=Maildir/
24 mail_spool_directory=/var/mail
25 mydestination=$myhostname localhost.$mydomain localhost $mydomain
26 mynetworks=127.0.0.0/8 10.0.0.0/24
/etc/dovecot/conf.d/10-mail.conf
/etc/postfix/master.cf
1 smtp inet n - y - - smtpd
2 submission inet n - y - - smtpd
3 pickup unix n - y 60 1 pickup
4 cleanup unix n - y - 0 cleanup
5 qmgr unix n - n 300 1 qmgr
6 tlsmgr unix - - y 1000? 1 tlsmgr
7 rewrite unix - - y - - trivial-rewrite
8 bounce unix - - y - 0 bounce
9 defer unix - - y - 0 bounce
10 trace unix - - y - 0 bounce
11 verify unix - - y - 1 verify
12 flush unix n - y 1000? 0 flush
13 proxymap unix - - n - - proxymap
14 proxywrite unix - - n - 1 proxymap
15 smtp unix - - y - - smtp
16 relay unix - - y - - smtp
17 -o syslog_name=postfix/$service_name
18 showq unix n - y - - showq
19 error unix - - y - - error
20 retry unix - - y - - error
21 discard unix - - y - - discard
22 local unix - n n - - local
23 virtual unix - n n - - virtual
24 lmtp unix - - y - - lmtp
25 anvil unix - - y - 1 anvil
26 scache unix - - y - 1 scache
27 postlog unix-dgram n - n - 1 postlogd
28 maildrop unix - n n - - pipe
29 flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
30 uucp unix - n n - - pipe
31 flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
32 ifmail unix - n n - - pipe
33 flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
34 bsmtp unix - n n - - pipe
35 flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
36 scalemail-backend unix - n n - 2 pipe
37 flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
38 mailman unix - n n - - pipe
39 flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
/etc/default/saslauthd
Send email
1 openssl s_client -connect 127.0.0.1:25 -starttls smtp
2 EHLO test
3 250-mail.example.org
4 250-PIPELINING
5 250-SIZE 10240000
6 250-VRFY
7 250-ETRN
8 250-AUTH SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM-SHA-224 SCRAM-SHA-1 DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN
9 250-AUTH=SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM-SHA-224 SCRAM-SHA-1 DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN
10 250-ENHANCEDSTATUSCODES
11 250-8BITMIME
12 250-DSN
13 250 CHUNKING
14 AUTH LOGIN
15 334 VXNlcm5hbWU6
16 YW5vbnltb3Vz
17 334 UGFzc3dvcmQ6
18 Z3Vlc3Q=
19 235 2.7.0 Authentication successful
20 mail from: root@example.org
21 250 2.1.0 Ok
22 rcpt to: anonymous@example.org
23 250 2.1.5 Ok
24 data
25 354 End data with <CR><LF>.<CR><LF>
26 a2 111222
27 .
28 250 2.0.0 Ok: queued as 8AE891694FA
29 quit
Get message
1 openssl s_client -connect localhost:995 -ign_eof
2 +OK Dovecot (Debian) ready.
3 USER anonymous
4 +OK
5 PASS guest
6 +OK Logged in.
7 LIST
8 +OK 1 messages:
9 1 423
10 .
11 +OK 423 octets
12 Return-Path: <root@example.org>
13 X-Original-To: anonymous@example.org
14 Delivered-To: anonymous@example.org
15 Received: from test (localhost [127.0.0.1])
16 by mail.example.org (Postfix) with ESMTPSA id AA1A7167F56
17 for <anonymous@example.org>; Sat, 28 Oct 2023 18:38:10 +0000 (UTC)
18 Message-Id: <20231028183815.AA1A7167F56@mail.example.org>
19 Date: Sat, 28 Oct 2023 18:38:10 +0000 (UTC)
20 From: root@example.org
21
22 a2 111222
23 .
24 quit
Send to port 587
1 openssl s_client -connect 127.0.0.1:587 -starttls smtp
2 EHLO test
3 250-mail.example.org
4 250-PIPELINING
5 250-SIZE 10240000
6 250-VRFY
7 250-ETRN
8 250-AUTH SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM-SHA-224 SCRAM-SHA-1 DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN
9 250-AUTH=SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM-SHA-224 SCRAM-SHA-1 DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN
10 250-ENHANCEDSTATUSCODES
11 250-8BITMIME
12 250-DSN
13 250 CHUNKING
14 AUTH LOGIN
15 334 VXNlcm5hbWU6
16 YW5vbnltb3Vz
17 334 UGFzc3dvcmQ6
18 Z3Vlc3Q=
19 235 2.7.0 Authentication successful
20 mail from: root@example.org
21 250 2.1.0 Ok
22 rcpt to: anonymous@example.org
23 250 2.1.5 Ok
24 data
25 354 End data with <CR><LF>.<CR><LF>
26 test 1
27 .
28 250 2.0.0 Ok: queued as 3823B169398
29 quit
30 221 2.0.0 Bye
31 closed