MailServer unter Debian

Aus Tobi1980CGN

Wechseln zu: Navigation, Suche

Hallo in diesem Artikel versuche einen Mailserver für eGroupware aufzusetzen.


Inhaltsverzeichnis

Einleitung

Dieses Howto soll zeigen wie man einen Emailserver mit ImapSverver auf Debian Etch installiert. Ich habe sehr viele andere Quellen im Internet durchforstet aber keine ging genau auf meine Bedürfnisse ein. Ich versuche das Howto immer auf den aktuellsten Stand zu halten.

Folgende Komponenten benutze ich:

Postfix, Fetchmail, Amavisd-New, SpamAssassin, ClamAV, Cyrus, MySQL, phpMyadmin, eGroupware

Szenario

Ich habe einen externen Emailanbieter und möchte bei mir im Büro gerne eGroupwarre als Groupwarelösung einsetzen. Dafür brauche ich einen eigenen Mailserver & Imap Server. eGroupware kann nur mit dem Procol Imap arbeiten nicht mit pop.

Also Grundlage benutze ich einen Debian Etch Server.

Folgende Komponenten brauche ich für den Emailserver:

Postfix, Fetchmail, Amavisd-New, SpamAssassin, ClamAV, Cyrus, MySQL

Installation

Als erstes müssen wir die benötigten Packete besorgen:

apt-get install postfix postfix-mysql postfix-doc amavisd-new clamav spamassassin cyrus-admin-2.2
cyrus-common-2.2 cyrus-imapd-2.2 libcyrus-imap-perl22 libsasl2 libsasl2-modules sasl2-bin fetchmail
apache2 php5 phpmyadmin mysql-server

ACHTUNG: Es öffnet sich ein Setup für Postfix ich habe die Standardeinstellungen beibehalten (Internet Site)!

MySQL konfigurieren

root ein passwort hinterlegen

Nach der installation von MySQL hat der User: Root noch kein Passwort hinterlegt. Folgendes muss man in der Konsole eingeben um ein Passwort zu setzen:

mysqladmin -u root password <neues passwort>

Aufruf von phpMyAdmin

Um die Datenbank und Tabellen für Postfix und Cyrus benutze ich phpMyAdmin was wir schon mit installiert haben. Wir rufen dies nun im Browser auf.

http://<ip des Server>/phpmyadmin/


Anlegen des Benutzers und der Datenbank

  1. meld Dich im phpMyAdmin an
  2. wähle den Punk Rechte aus
  3. wähle Neuen Benutzer hinzufügen aus
  4. wähle Benutzername = postfix
  5. wähle Dein Passwort aus
  6. unter Datenbank für Benutzer wähle Erstelle eine Datenbank mit gleichem Namen und gewähre alle Rechte
  7. ganzen unten auf ok klicken

Anlegen von Tabellen

Ich werde in der Konfiguration von Postfix und Cyrus angeben wie die Tabellen erzeugt werden können. Dafür müßte Ihr im phpMyAdmin auf der Linken Seite im DropDown Menu die Datenbank Postfix auswählen und auf SQL klicken dort den Befehl reinkopieren und auf Ok klicken.

Postfix konfigurieren

Postfix smtp_auth

Da wir einen externen Emailprovider benutzen wollen müssen wir die ausgehenden Mails an Ihn weiterleiten. Um sich vor Spam zu schützen verlangen die Provider das mich sich autenifiziert.

Dazu müssen wir die /etc/postfix/main.cf editieren:

vim /etc/postfix/main.cf

nun fügen wir folgende Zeilen hinzu:

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
smtp_sasl_security_options = noanonymous

nun müssen wir noch die /etc/postfix/smtp_auth erzeugen und editieren:

vim etc/postfix/smtp_auth
smtp.domain.de      benutzername:passwort

Damit Postfix die Datei lesen kann müssen wir Sie in das Hashformat umwandeln:

postmap smtp_auth


Amavis/ClamAV/SpamAssinss konfigurieren

Fetchmail konfigurieren

Cyrus konfigurieren

als erstet müssen wir die imapd.conf editieren mit:

vim /etc/imapd.conf

Folgende Zeilen müssen angepaßt werden:

admins: cyrus #Damit wir später per cyradm zugriff haben
imap_admins: cyrus # cyrus hat somit uneingeschränkten Zugriff auf die Postfächer


Als nächstes passen wir die

eGroupware installieren/konfigurieren

Links

Aktuelle Config die so funktionieren!

Leider nur noch nicht mit einer MySQL Datenbank das ist mein nächster Schritt.


Postfix main.cf

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = postfix
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = postfix, localhost, localhost.localdomain, localhost
relayhost = 1und1.de
mynetworks = 127.0.0.0/8, 192.168.0.0/24
mailbox_command = lmtp:unix:/var/run/cyrus/socket/lmtp
mailbox_transport = cyrus
mailbox_size_limit = 0
message_size_limit = 0
virtual_mailbox_limit = 0
recipient_delimiter = +
inet_interfaces = all
local_recipient_maps =

#SMTP Auth
#SMTP mit SASL-Authentification verwenden
smtp_sasl_auth_enable = yes

#Die Passwoerter stehen in der Datei /etc/postfix/smtp_auth
smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth 

#Zusatz-Optionen: Keine anonyme-Anmeldung verwenden
smtp_sasl_security_options = noanonymous

content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings

Postfix master.cf

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
#submission inet n       -       -       -       -       smtpd
#  -o smtpd_enforce_tls=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps     inet  n       -       -       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628      inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       -       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       -       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       -       -       -       smtp
        -o fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}
cyrus   unix    -       n       n       -       -       pipe
  flags=R user=cyrus argv=/usr/sbin/cyrdeliver -e -r ${sender}
  -m ${extension} ${user}
amavis  unix    -       -       n       -       2       smtp
        -o smtp_data_done_timeout=1200
        -o disable_dns_lookups=yes
127.0.0.1:10025 inet    n       -       n       -       -       smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
lmtp    unix    -       -       n       -       -       lmtp

/etc/cyrus.conf

# Debian defaults for Cyrus IMAP server/cluster implementation
# see cyrus.conf(5) for more information
#
# All the tcp services are tcpd-wrapped. see hosts_access(5)
# $Id: cyrus.conf 567 2006-08-14 18:19:32Z sven $ 

START {
        # do not delete this entry!
        recover         cmd="/usr/sbin/ctl_cyrusdb -r" 

        # this is only necessary if idlemethod is set to "idled" in imapd.conf
        #idled          cmd="idled"

        # this is useful on backend nodes of a Murder cluster
        # it causes the backend to syncronize its mailbox list with
        # the mupdate master upon startup
        #mupdatepush   cmd="/usr/sbin/ctl_mboxlist -m"

        # this is recommended if using duplicate delivery suppression
        delprune        cmd="/usr/sbin/cyr_expire -E 3"
        # this is recommended if caching TLS sessions
        tlsprune        cmd="/usr/sbin/tls_prune"
}

# UNIX sockets start with a slash and are absolute paths
# you can use a maxchild=# to limit the maximum number of forks of a service
# you can use babysit=true and maxforkrate=# to keep tight tabs on the service
# most services also accept -U (limit number of reuses) and -T (timeout)
SERVICES {
        # --- Normal cyrus spool, or Murder backends ---
        # add or remove based on preferences
        imap            cmd="imapd -U 30" listen="imap" prefork=0 maxchild=100
        #imaps          cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=100
        pop3            cmd="pop3d -U 30" listen="pop3" prefork=0 maxchild=50
        #pop3s          cmd="pop3d -s -U 30" listen="pop3s" prefork=0 maxchild=50
        nntp            cmd="nntpd -U 30" listen="nntp" prefork=0 maxchild=100
        #nntps          cmd="nntpd -s -U 30" listen="nntps" prefork=0 maxchild=100

        # At least one form of LMTP is required for delivery
        # (you must keep the Unix socket name in sync with imap.conf)
        #lmtp           cmd="lmtpd" listen="localhost:lmtp" prefork=0 maxchild=20
        lmtpunix        cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" prefork=0 maxchild=60
        # ----------------------------------------------

        # useful if you need to give users remote access to sieve
        # by default, we limit this to localhost in Debian
        sieve           cmd="timsieved" listen="localhost:sieve" prefork=0 maxchild=100

        # this one is needed for the notification services
        notify          cmd="notifyd" listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1

        # --- Murder frontends -------------------------
        # enable these and disable the matching services above,
        # except for sieve (which deals automatically with Murder)

        # mupdate database service - must prefork at least 1
        # (mupdate slaves)
        #mupdate       cmd="mupdate" listen=3905 prefork=1
        # (mupdate master, only one in the entire cluster)
        #mupdate       cmd="mupdate -m" listen=3905 prefork=1
 
        # proxies that will connect to the backends
        #imap           cmd="proxyd" listen="imap" prefork=0 maxchild=100
        #imaps          cmd="proxyd -s" listen="imaps" prefork=0 maxchild=100
        #pop3           cmd="pop3proxyd" listen="pop3" prefork=0 maxchild=50
        #pop3s          cmd="pop3proxyd -s" listen="pop3s" prefork=0 maxchild=50
        #lmtp           cmd="lmtpproxyd" listen="lmtp" prefork=1 maxchild=20
        # ----------------------------------------------
}

EVENTS {
        # this is required
        checkpoint      cmd="/usr/sbin/ctl_cyrusdb -c" period=30
 
        # this is only necessary if using duplicate delivery suppression
        delprune        cmd="/usr/sbin/cyr_expire -E 3" at=0401

        # this is only necessary if caching TLS sessions
        tlsprune        cmd="/usr/sbin/tls_prune" at=0401

        # indexing of mailboxs for server side fulltext searches

        # reindex changed mailboxes (fulltext) approximately every other hour
        #squatter_1     cmd="/usr/bin/nice -n 19 /usr/sbin/squatter -s" period=120

        # reindex all mailboxes (fulltext) daily
        #squatter_a     cmd="/usr/sbin/squatter" at=0517

imapd.conf

# Debian Cyrus imapd.conf
# $Id: imapd.conf 565 2006-08-14 16:51:28Z sven $
# See imapd.conf(5) for more information and more options

# Configuration directory
configdirectory: /var/lib/cyrus

# Which partition to use for default mailboxes
defaultpartition: default
partition-default: /var/spool/cyrus/mail

# News setup
partition-news: /var/spool/cyrus/news
newsspool: /var/spool/news

# Alternate namespace
# If enabled, activate the alternate namespace as documented in
# /usr/share/doc/cyrus-doc-2.2/html/altnamespace.html, where an user's
# subfolders are in the same level as the INBOX
# See also userprefix and sharedprefix on imapd.conf(5)
altnamespace: no

# UNIX Hierarchy Convention
# Set to yes, and cyrus will accept dots in names, and use the forward
# slash "/" to delimit levels of the hierarchy. This is done by converting
# internally all dots to "^", and all "/" to dots. So the "rabbit.holes"
# mailbox of user "helmer.fudd" is stored in "user.elmer^fud.rabbit^holes"
unixhierarchysep: no

# Rejecting illegal characters in headers
# Headers of RFC2882 messages must not have characters with the 8th bit
# set. However, too many badly-written MUAs generate this, including most
# spamware. Enable this to reject such messages.
#reject8bit: yes 

# Munging illegal characters in headers
# Headers of RFC2882 messages must not have characters with the 8th bit
# set. However, too many badly-written MUAs generate this, including most
# spamware. If you kept reject8bit disabled, you can choose to leave the
# crappage untouched by disabling this (if you don't care that IMAP SEARCH
# won't work right anymore.
#munge8bit: no 

# Forcing recipient user to lowercase
# Cyrus 2.2 is case-sensitive.  If all your mail users are in lowercase, it is
# probably a very good idea to set lmtp_downcase_rcpt to true.  This is set by
# default, per RFC2821. This was not set by default in debian versions up to
# and including 2.2.12-4.
lmtp_downcase_rcpt: yes 

# Uncomment the following and add the space-separated users who
# have admin rights for all services.
admins: cyrus 

# Space-separated list of users that have lmtp "admin" status (i.e. that
# can deliver email through TCP/IP lmtp). If specified, this parameter
# overrides the "admins" parameter above
#lmtp_admins: postman 

# Space-separated list of users that have mupdate "admin" status, in
# addition to those in the admins: entry above. Note that mupdate slaves and 
# backends in a Murder cluster need to autenticate against the mupdate master
# as admin users.
#mupdate_admins: mupdateman

# Space-separated list of users that have imapd "admin" status, in
# addition to those in the admins: entry above
#imap_admins: cyrus

# Space-separated list of users that have sieve "admin" status, in
# addition to those in the admins: entry above
sieve_admins: cyrus

# List of users and groups that are allowed to proxy for other users,
# seperated by spaces.  Any user listed in this will be allowed to login
# for any other user.  Like "admins:" above, you can have imap_proxyservers
# and sieve_proxyservers.
#proxyservers: cyrus

# No anonymous logins
allowanonymouslogin: no 

# Minimum time between POP mail fetches in minutes
popminpoll: 1

# If nonzero, normal users may create their own IMAP accounts by creating
# the mailbox INBOX.  The user's quota is set to the value if it is positive,
# otherwise the user has unlimited quota.
autocreatequota: 0

# umask used by Cyrus programs
umask: 077

# Sendmail binary location
# DUE TO A BUG, Cyrus sends CRLF EOLs to this program. This breaks Exim 3.
# For now, to work around the bug, set this to a wrapper that calls
# /usr/sbin/sendmail -dropcr instead if you use Exim 3.
#sendmail: /usr/sbin/sendmail

# If enabled, cyrdeliver will look for Sieve scripts in user's home
# directories: ~user/.sieve.
sieveusehomedir: false

# If sieveusehomedir is false, this directory is searched for Sieve scripts.
sievedir: /var/spool/sieve

# notifyd(8) method to use for "MAIL" notifications.  If not set, "MAIL"
# notifications are disabled.  Valid methods are: null, log, zephyr
#mailnotifier: zephyr 

# notifyd(8) method to use for "SIEVE" notifications.  If not set, "SIEVE"
# notifications are disabled.  This method is only used when no method is
# specified in the script.  Valid methods are null, log, zephyr, mailto
#sievenotifier: zephyr 

# DRAC (pop-before-smtp, imap-before-smtp) support
# Set dracinterval to the time in minutes to call DRAC while a user is
# connected to the imap/pop services. Set to 0 to disable DRAC (default)
# Set drachost to the host where the rpc drac service is running
#dracinterval: 0
#drachost: localhost

# If enabled, the partitions will also be hashed, in addition to the hashing
# done on configuration directories. This is recommended if one partition has a
# very bushy mailbox tree.
hashimapspool: true

# Allow plaintext logins by default (SASL PLAIN)
allowplaintext: yes

# Force PLAIN/LOGIN authentication only
# (you need to uncomment this if you are not using an auxprop-based SASL
# mechanism.  saslauthd users, that means you!). And pay attention to
# sasl_minimum_layer and allowapop below, too.
sasl_mech_list: PLAIN

# Allow use of the POP3 APOP authentication command.
# Note that this command requires that the plaintext passwords are
# available in a SASL auxprop backend (eg. sasldb), and that the system
# can provide enough entropy (eg. from /dev/urandom) to create a challenge
# in the banner.
#allowapop: no

# The minimum SSF that the server will allow a client to negotiate. A
# value of 1 requires integrity protection; any higher value requires some
# amount of encryption.
#sasl_minimum_layer: 0

# The maximum SSF that the server will allow a client to negotiate. A
# value of 1 requires integrity protection; any higher value requires some
# amount of encryption.
#sasl_maximum_layer: 256

# List of remote realms whose users may log in using cross-realm
# authentications. Seperate each realm name by a space. A cross-realm
# identity is considered any identity returned by SASL with an "@" in it.
# NOTE: To support multiple virtual domains on the same interface/IP,
# you need to list them all as loginreals. If you don't list them here,
# (most of) your users probably won't be able to log in.
#loginrealms: example.com

# Enable virtual domain support.  If enabled, the user's domain will
# be determined by splitting a fully qualified userid at the last '@'
# or '%' symbol.  If the userid is unqualified, and the virtdomains
# option is set to "on", then the domain will be determined by doing
# a reverse lookup on the IP address of the incoming network
# interface, otherwise the user is assumed to be in the default
# domain (if set).
#virtdomains: userid

# The default domain for virtual domain support
# If the domain of a user can't be taken from its login and it can't
# be determined by doing a reverse lookup on the interface IP, this
# domain is used.
#defaultdomain: 

#
# SASL library options (these are handled directly by the SASL libraries,
# refer to SASL documentation for an up-to-date list of these)
#

# The mechanism(s) used by the server to verify plaintext passwords. Possible
# values are "saslauthd", "auxprop", "pwcheck" and "alwaystrue".  They
# are tried in order, you can specify more than one, separated by spaces.
#
# Do note that, since sasl will be run as user cyrus, you may have a lot of
# trouble to set this up right.
#sasl_pwcheck_method: auxprop
sasl_pwcheck_method: saslauthd

# What auxpropd plugins to load, if using sasl_pwcheck_method: auxprop
# by default, all plugins are tried (which is probably NOT what you want).
#sasl_auxprop_plugin: sasldb

# If enabled, the SASL library will automatically create authentication secrets
# when given a plaintext password. Refer to SASL documentation
#sasl_auto_transition: no

#
# SSL/TLS Options
#

# File containing the global certificate used for ALL services (imap, pop3,
# lmtp, sieve)
#tls_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem

# File containing the private key belonging to the global server certificate.
#tls_key_file: /etc/ssl/private/ssl-cert-snakeoil.key

# File containing the certificate used for imap. If not specified, the global
# certificate is used.  A value of "disabled" will disable SSL/TLS for imap.
#imap_tls_cert_file: /etc/ssl/certs/cyrus-imap.pem

# File containing the private key belonging to the imap-specific server
# certificate.  If not specified, the global private key is used.  A value of
# "disabled" will disable SSL/TLS for imap.
#imap_tls_key_file: /etc/ssl/private/cyrus-imap.key

# File containing the certificate used for pop3. If not specified, the global
# certificate is used.  A value of "disabled" will disable SSL/TLS for pop3.
#pop3_tls_cert_file: /etc/ssl/certs/cyrus-pop3.pem

# File containing the private key belonging to the pop3-specific server
# certificate.  If not specified, the global private key is used.  A value of
# "disabled" will disable SSL/TLS for pop3.
#pop3_tls_key_file: /etc/ssl/private/cyrus-pop3.key

# File containing the certificate used for lmtp. If not specified, the global
# certificate is used.  A value of "disabled" will disable SSL/TLS for lmtp.
#lmtp_tls_cert_file: /etc/ssl/certs/cyrus-lmtp.pem

# File containing the private key belonging to the lmtp-specific server
# certificate.  If not specified, the global private key is used.  A value of
# "disabled" will disable SSL/TLS for lmtp.
#lmtp_tls_key_file: /etc/ssl/private/cyrus-lmtp.key

# File containing the certificate used for sieve. If not specified, the global
# certificate is used.  A value of "disabled" will disable SSL/TLS for sieve.
#sieve_tls_cert_file: /etc/ssl/certs/cyrus-sieve.pem

# File containing the private key belonging to the sieve-specific server
# certificate.  If not specified, the global private key is used.  A value of
# "disabled" will disable SSL/TLS for sieve.
#sieve_tls_key_file: /etc/ssl/private/cyrus-sieve.key

# File containing one or more Certificate Authority (CA) certificates.
#tls_ca_file: /etc/ssl/certs/cyrus-imapd-ca.pem

# Path to directory with certificates of CAs.
tls_ca_path: /etc/ssl/certs

# The length of time (in minutes) that a TLS session will be cached for later
# reuse.  The maximum value is 1440 (24 hours), the default.  A value of 0 will
# disable session caching.
tls_session_timeout: 1440

# The list of SSL/TLS ciphers to allow, in decreasing order of precedence.
# The format of the string is described in ciphers(1).  The Debian default
# selects TLSv1 high-security ciphers only, and removes all anonymous ciphers
# from the list (because they provide no defense against man-in-the-middle
# attacks).  It also orders the list so that stronger ciphers come first.
tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH

# Require a client certificate for ALL services (imap, pop3, lmtp, sieve).
#tls_require_cert: false

# Require a client certificate for imap ONLY. 
#imap_tls_require_cert: false

# Require a client certificate for pop3 ONLY.
#pop3_tls_require_cert: false 

# Require a client certificate for lmtp ONLY.
#lmtp_tls_require_cert: false

# Require a client certificate for sieve ONLY.
#sieve_tls_require_cert: false

#
# Cyrus Murder cluster configuration
#
# Set the following options to the values needed for this server to
# autenticate against the mupdate master server:
# mupdate_server
# mupdate_port
# mupdate_username
# mupdate_authname
# mupdate_realm
# mupdate_password
# mupdate_retry_delay

##
## KEEP THESE IN SYNC WITH cyrus.conf
##
# Unix domain socket that lmtpd listens on.
lmtpsocket: /var/run/cyrus/socket/lmtp

etc/fetchmailrc

# /etc/fetchmailrc for system-wide daemon mode
# This file must be chmod 0600, owner fetchmail 

# The default for this option is 300, which polls the server every 5
# minutes.
#
set daemon      300

# By default, the system-wide fetchmail will output logging messages to
# syslog; uncomment the line below to disable this. This might be useful
# if you are logging to another file using the 'logfile' option.
#
set syslog

 # Avoid loss on 4xx errors. On the other hand, 5xx errors get more
 # dangerous.
 #
 set no bouncemail
 
 # The following defaults are used when connecting to any server, and can
 # be overridden in the server description below.
 #
 # Set antispam to -1, since it is far safer to use that together with no
 # bouncemail.
 #
 defaults:
  antispam -1
  batchlimit 100 



poll pop.1und1.de with protocol pop3
user user@example.com with password Passwort is systemuser here keep

# Example server section.
#
#poll foo.bar.org with protocol pop3
#  user baka there is localbaka here smtphost smtp.foo.bar.org;

/etc/default/saslauthd

#
# Settings for saslauthd daemon
#

# Should saslauthd run automatically on startup? (default: no)
START=yes

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent  -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam       -- use PAM
# rimap     -- use a remote IMAP server
# shadow    -- use the local shadow password file
# sasldb    -- use the local sasldb database file
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="shadow"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options. 
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c)
# See the saslauthd man page for information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian
OPTIONS="-c"
Persönliche Werkzeuge