Clamav+Dovecot+Exim: различия между версиями

Материал из BSD Howto
Перейти к навигации Перейти к поиску
← Предыдущая правкаСледующая правка →
Строка 93: Строка 93:
== Установка Dovecot ==
== Установка Dovecot ==


Установка из пакета:
  # pkg install dovecot
  # pkg install dovecot
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 3 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
        cyrus-sasl: 2.1.28_5
        dovecot: 2.3.21.1_2
        openldap26-client: 2.6.9_1
Number of packages to be installed: 3
The process will require 36 MiB more space.
7 MiB to be downloaded.
Proceed with this action? [y/N]: y
[1/3] Fetching cyrus-sasl-2.1.28_5.pkg: 100%    1 MiB  1.1MB/s    00:01
[2/3] Fetching openldap26-client-2.6.9_1.pkg: 100%    1 MiB  1.1MB/s    00:01
[3/3] Fetching dovecot-2.3.21.1_2.pkg: 100%    5 MiB  4.9MB/s    00:01
Checking integrity... done (0 conflicting)
[1/3] Installing cyrus-sasl-2.1.28_5...
*** Added group `cyrus' (id 60)
*** Added user `cyrus' (id 60)
[1/3] Extracting cyrus-sasl-2.1.28_5: 100%
[2/3] Installing openldap26-client-2.6.9_1...
[2/3] Extracting openldap26-client-2.6.9_1: 100%
[3/3] Installing dovecot-2.3.21.1_2...
===> Creating groups
Creating group 'dovecot' with gid '143'
Creating group 'dovenull' with gid '144'
===> Creating users
Creating user 'dovecot' with uid '143'
Creating user 'dovenull' with uid '144'
[3/3] Extracting dovecot-2.3.21.1_2: 100%
=====
Message from cyrus-sasl-2.1.28_5:
--
You can use sasldb2 for authentication, to add users use:
        saslpasswd2 -c username
If you want to enable SMTP AUTH with the system Sendmail, read
Sendmail.README
NOTE: This port has been compiled with a default pwcheck_method of
      auxprop.  If you want to authenticate your user by /etc/passwd,
      PAM or LDAP, install ports/security/cyrus-sasl2-saslauthd and
      set sasl_pwcheck_method to saslauthd after installing the
      Cyrus-IMAPd 2.X port.  You should also check the
      /usr/local/lib/sasl2/*.conf files for the correct
      pwcheck_method.
      If you want to use GSSAPI mechanism, install
      ports/security/cyrus-sasl2-gssapi.
      If you want to use SRP mechanism, install
      ports/security/cyrus-sasl2-srp.
      If you want to use LDAP auxprop plugin, install
      ports/security/cyrus-sasl2-ldapdb.
=====
Message from openldap26-client-2.6.9_1:
--
The OpenLDAP client package has been successfully installed.
Edit
  /usr/local/etc/openldap/ldap.conf
to change the system-wide client defaults.
Try `man ldap.conf' and visit the OpenLDAP FAQ-O-Matic at
  http://www.OpenLDAP.org/faq/index.cgi?file=3
for more information.
=====
Message from dovecot-2.3.21.1_2:
--
You must create the configuration files yourself. Copy them over
  to /usr/local/etc/dovecot and edit them as desired:
        cp -R /usr/local/etc/dovecot/example-config/* \
                /usr/local/etc/dovecot
  The default configuration includes IMAP and POP3 services, will
  authenticate users agains the system's passwd file, and will use
  the default /var/mail/$USER mbox files.
  Next, enable dovecot in /etc/rc.conf:
        dovecot_enable="YES"
  To avoid a risk of mailbox corruption, do not set the
  security.bsd.see_other_uids or .see_other_gids sysctls to 0
  if Dovecot is storing mail for multiple concurrent users (PR 218392).
  Similarly, setting sysctls security.bsd.hardlink_check_uid or
  security.bsd.hardlink_check_gid to 1 might result in non-working
  mailboxes, depending on what mailbox locking mechanism is used
  (PR 242223).
  If you want to be able to search within attachments using the
  decode2text plugin, you'll need to install textproc/catdoc, and
  one of graphics/xpdf or graphics/poppler-utils.
  There are some potentially breaking changes in Dovecot 2.3. If you
  are upgrading from Dovecot 2.2:
    * https://doc.dovecot.org/2.3/installation_guide/upgrading/from-2.2-to-2.3/
    * Merge the configuration file changes from
      /usr/local/etc/dovecot/examples-config/
Копирование файлов настроек:
# cp -R /usr/local/etc/dovecot/example-config/* /usr/local/etc/dovecot
# sysrc dovecot_enable="YES"
dovecot_enable:  -> YES


== Установка mail/exim-mysql ==
== Установка mail/exim-mysql ==

Версия от 07:37, 3 мая 2025

Подготовка клетки для Clamav+Dovecot+Exim

Перед использованием этой статьи рекомендуется пройти по ссылке Qjail.

Создание отдельной файловой системы для клетки с Clamav+Dovecot+Exim в ZFS:: 

# zfs create zroot/usr/jails/mail

Создание клетки c именем "mail" и IPv4-адресом "192.168.0.105", запуск и управление клеткой: 

# qjail create -4 192.168.0.105 mail
# qjail start mail
# qjail console mail

Установка security/clamav

Clam Antivirus - антивирусный сканер, который можно использовать для почтовых систем.

Подробная информация на сайте https://www.clamav.net/

Установка из пакета: 

# pkg install clamav
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 19 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        arc: 5.21q_1
        arj: 3.10.22_12
        brotli: 1.1.0,1
        clamav: 1.4.2_1,1
        curl: 8.12.1
        [пропущен список пакетов для установки]

Number of packages to be installed: 19

The process will require 95 MiB more space.
21 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/19] Fetching indexinfo-0.3.1_1.pkg: 100%    6 KiB   6.0kB/s    00:01
[2/19] Fetching libnghttp2-1.65.0.pkg: 100%  136 KiB 139.4kB/s    00:01
[3/19] Fetching libxml2-2.11.9.pkg: 100%  872 KiB 893.4kB/s    00:01
[4/19] Fetching libidn2-2.3.8.pkg: 100%  160 KiB 164.2kB/s    00:01
[5/19] Fetching liblz4-1.10.0,1.pkg: 100%  163 KiB 167.3kB/s    00:01
[пропущен список скачиваемых пакетов]
Checking integrity... done (0 conflicting)
[1/19] Installing arc-5.21q_1...
[1/19] Extracting arc-5.21q_1: 100%
[2/19] Installing arj-3.10.22_12...
[2/19] Extracting arj-3.10.22_12: 100%
[3/19] Installing brotli-1.1.0,1...
[3/19] Extracting brotli-1.1.0,1: 100%
[4/19] Installing indexinfo-0.3.1_1...
[4/19] Extracting indexinfo-0.3.1_1: 100%
[5/19] Installing json-c-0.18...
[5/19] Extracting json-c-0.18: 100%
[пропущен список устанавливаемых пакетов]
[19/19] Installing clamav-1.4.2_1,1...
===> Creating groups
Creating group 'clamav' with gid '106'
Using existing group 'mail'
===> Creating users
Creating user 'clamav' with uid '106'
Adding user 'clamav' to group 'mail'
[19/19] Extracting clamav-1.4.2_1,1: 100%

Проверка установки Clamav: 

# pkg version -v | grep clamav
clamav-1.4.2_1,1                   =   up-to-date with remote

Установка автозапуска Clam Antivirus в /etc/rc.conf: 

# sysrc clamav_freshclam_enable="YES"
clamav_freshclam_enable:  -> YES
# sysrc clamav_clamd_enable="YES"
clamav_clamd_enable:  -> YES

Настройка обхода санкций перед запуском freshclam (обновление антивирусных баз данных clamav) в файле /usr/local/etc/freshclam.conf: 

#DatabaseMirror database.clamav.net
DatabaseMirror packages.microsoft.com/clamav

Запуск clamav_freshclam: 

# service clamav_freshclam start
Starting clamav_freshclam.

Запуск clamav: 

# service clamav_clamd start
Starting clamav_clamd.

Проверка Clamav: 

# sockstat -l | grep clamav
clamav   clamd       1333 4   stream /var/run/clamav/clamd.sock

Установка Dovecot

Установка из пакета: 

# pkg install dovecot
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        cyrus-sasl: 2.1.28_5
        dovecot: 2.3.21.1_2
        openldap26-client: 2.6.9_1

Number of packages to be installed: 3

The process will require 36 MiB more space.
7 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/3] Fetching cyrus-sasl-2.1.28_5.pkg: 100%    1 MiB   1.1MB/s    00:01
[2/3] Fetching openldap26-client-2.6.9_1.pkg: 100%    1 MiB   1.1MB/s    00:01
[3/3] Fetching dovecot-2.3.21.1_2.pkg: 100%    5 MiB   4.9MB/s    00:01
Checking integrity... done (0 conflicting)
[1/3] Installing cyrus-sasl-2.1.28_5...
*** Added group `cyrus' (id 60)
*** Added user `cyrus' (id 60)
[1/3] Extracting cyrus-sasl-2.1.28_5: 100%
[2/3] Installing openldap26-client-2.6.9_1...
[2/3] Extracting openldap26-client-2.6.9_1: 100%
[3/3] Installing dovecot-2.3.21.1_2...
===> Creating groups
Creating group 'dovecot' with gid '143'
Creating group 'dovenull' with gid '144'
===> Creating users
Creating user 'dovecot' with uid '143'
Creating user 'dovenull' with uid '144'
[3/3] Extracting dovecot-2.3.21.1_2: 100%
=====
Message from cyrus-sasl-2.1.28_5:

--
You can use sasldb2 for authentication, to add users use:

        saslpasswd2 -c username

If you want to enable SMTP AUTH with the system Sendmail, read
Sendmail.README

NOTE: This port has been compiled with a default pwcheck_method of
      auxprop.  If you want to authenticate your user by /etc/passwd,
      PAM or LDAP, install ports/security/cyrus-sasl2-saslauthd and
      set sasl_pwcheck_method to saslauthd after installing the
      Cyrus-IMAPd 2.X port.  You should also check the
      /usr/local/lib/sasl2/*.conf files for the correct
      pwcheck_method.
      If you want to use GSSAPI mechanism, install
      ports/security/cyrus-sasl2-gssapi.
      If you want to use SRP mechanism, install
      ports/security/cyrus-sasl2-srp.
      If you want to use LDAP auxprop plugin, install
      ports/security/cyrus-sasl2-ldapdb.
=====
Message from openldap26-client-2.6.9_1:

--
The OpenLDAP client package has been successfully installed.

Edit
  /usr/local/etc/openldap/ldap.conf
to change the system-wide client defaults.

Try `man ldap.conf' and visit the OpenLDAP FAQ-O-Matic at
  http://www.OpenLDAP.org/faq/index.cgi?file=3
for more information.
=====
Message from dovecot-2.3.21.1_2:

--
You must create the configuration files yourself. Copy them over
 to /usr/local/etc/dovecot and edit them as desired:

        cp -R /usr/local/etc/dovecot/example-config/* \
                /usr/local/etc/dovecot

 The default configuration includes IMAP and POP3 services, will
 authenticate users agains the system's passwd file, and will use
 the default /var/mail/$USER mbox files.

 Next, enable dovecot in /etc/rc.conf:

        dovecot_enable="YES"


 To avoid a risk of mailbox corruption, do not set the
 security.bsd.see_other_uids or .see_other_gids sysctls to 0
 if Dovecot is storing mail for multiple concurrent users (PR 218392).

 Similarly, setting sysctls security.bsd.hardlink_check_uid or
 security.bsd.hardlink_check_gid to 1 might result in non-working
 mailboxes, depending on what mailbox locking mechanism is used
 (PR 242223).

 If you want to be able to search within attachments using the
 decode2text plugin, you'll need to install textproc/catdoc, and
 one of graphics/xpdf or graphics/poppler-utils.


 There are some potentially breaking changes in Dovecot 2.3. If you
 are upgrading from Dovecot 2.2:

   * https://doc.dovecot.org/2.3/installation_guide/upgrading/from-2.2-to-2.3/
   * Merge the configuration file changes from
     /usr/local/etc/dovecot/examples-config/

Копирование файлов настроек: 

# cp -R /usr/local/etc/dovecot/example-config/* /usr/local/etc/dovecot

# sysrc dovecot_enable="YES"
dovecot_enable:  -> YES

Установка mail/exim-mysql

Exim - агент отправки почты для систем Unix.

Подробная информация на сайте http://www.exim.org/

Перед использованием этой статьи рекомендуется пройти по ссылке PKG.

Установка из пакета: 

# pkg install exim-mysql

Установка автозапуска Exim в /etc/rc.conf: 

# sysrc exim_enable="YES"
Источник — https://wiki.bsdhowto.ru/index.php?title=Clamav%2BDovecot%2BExim&oldid=132