Exim+mysql
Markes
Начиная с версии 4.50 в Exim интегрирован exiscan-acl патч.
Информация об этом доступна здесь:
http://duncanthrax.net/exiscan-acl/
И так, предлагаю вашему вниманию улучшенный вариант интеграции Exim+mySQL.
За основу файла конфигурации exim.conf мною был взят вариант предлагаемый автором SA-Exim.
http://marc.merlins.org/linux/exim/files/exim4-debconf/
### exim.conf ###
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
MAILNAME = smtp.example.ru
MAINDOMAIN = example.ru
hide mysql_servers = localhost/exim/sqlmail/my_password
#SMARTHOST_ROUTELIST =
#CERTNAME = /etc/exim/certs/smtp.pem
# Enable teergrubing on acl errors and say how long we delay (unset to disable).
TEERGRUBE = 60s
timezone = Europe/Moscow
ALLOWEDRCPTFAIL = 3
HOSTREJECTRCPT1 = SELECT message FROM blacklists WHERE address='${sender_host_address}' AND type='REJRCPT'
RFC1918 = 172.16.0.0/12 : 192.168.0.0/16
BOGUSIPS = 127.0.0.1/8 : 169.254.0.0/16 : 192.0.2.0/24 : RFC1918
NO_RANDOM_CALLBACK = SELECT domain FROM callbackdomains WHERE domain='${domain:$header_from:}' AND type='NORND'
HDR_DOMAIN_DISABLE_CALLBACK = SELECT domain FROM callbackdomains WHERE domain='${domain:$header_from:}' AND type='NOHDR'
BLOCKENVSEND1 = SELECT message FROM blacklists WHERE address='${sender_address}' AND type='SENDER'
addresslist denyenvsenders = mysql;BLOCKENVSEND1
.ifdef MAILNAME
primary_hostname = MAILNAME
qualify_domain = MAINDOMAIN
.else
MAILNAME = @
.endif
domainlist local_domains = @ : @[] : localhost : MAILNAME : \
${lookup mysql{SELECT domain FROM domains \
WHERE domain='${domain}' AND (type='LOCAL' OR type='VIRTUAL')}}
domainlist relay_to_domains = ${lookup mysql{SELECT domain FROM domains \
WHERE domain='${domain}' AND type='RELAY'}}
domainlist envdomain_disable_callback = ${lookup mysql{SELECT domain \
FROM callbackdomains WHERE domain='${sender_host_name}' \
AND type='NOENV'}}
domainlist domains_callback_norandom = mysql;NO_RANDOM_CALLBACK
domainlist nodnsdomains = ${lookup mysql{SELECT domain FROM \
callbackdomains WHERE domain='${sender_host_name}' AND type='NODNS'}}
localpartlist noenvfromcheck = ${lookup mysql{SELECT address FROM whitelist}}
localpartlist noenvfromcallback = ${lookup mysql{SELECT address FROM whitelist}}
localpartlist nosarej = ${lookup mysql{SELECT address FROM whitelist}}
localpartlist nohdrsyncheck = ${lookup mysql{SELECT address FROM whitelist}}
localpartlist nohdrfromcallback = ${lookup mysql{SELECT address FROM whitelist}}
hostlist rfc1918 = RFC1918
hostlist bogusips = BOGUSIPS
hostlist localadds = +rfc1918 : @ : @[] : localhost : \
${lookup mysql{SELECT domain FROM domains \
WHERE domain='${domain}' AND (type='LOCAL' OR type='VIRTUAL')}}
hostlist host_reject = ${lookup mysql{SELECT address FROM blacklists \
WHERE address='${sender_host_address}' AND type='HOSTREJ'}}
hostlist host_reject_rcpt = net-mysql;HOSTREJECTRCPT1
hostlist hosts_disable_callback = ${lookup mysql{SELECT hostname FROM \
hostlists WHERE hostname='${sender_host_address}' AND type='NOCALL'}}
hostlist relay_from_hosts = +localadds : ${lookup mysql{SELECT domain \
FROM domains WHERE domain='${domain}' AND type='RELAY'}}
hostlist auth_relay_hosts = *
.ifdef CERTNAME
hostlist auth_over_tls_hosts = *
.endif
hostlist expn_hosts = *.MAINDOMAIN:localhost
hostlist vrfy_hosts = *.MAINDOMAIN:localhost
hostlist hosts_avoid_tls = ${lookup mysql{SELECT hostname FROM hostlists \
WHERE hostname='${sender_host_address}' AND type='AVOIDTLS'}}
hostlist hosts_try_auth = ${lookup mysql{SELECT hostname FROM hostlists \
WHERE hostname='${sender_host_address}' AND type='TRYAUTH'}}
acl_smtp_connect = check_connect
acl_smtp_starttls = check_tls
acl_smtp_mail = check_mail
acl_smtp_rcpt = check_rcpt
acl_smtp_mime = check_mime
acl_smtp_data = check_data
acl_smtp_auth = check_auth
acl_smtp_vrfy = check_vrfy
acl_not_smtp = check_nonsmtp
#local_scan_path = /usr/lib/sa-exim.so
#av_scanner = clamd:/var/lib/clamav/clamd.socket
log_selector = \
+address_rewrite \
+all_parents \
+arguments \
+connection_reject \
+delay_delivery \
+delivery_size \
+dnslist_defer \
+incoming_interface \
+incoming_port \
+lost_incoming_connection \
+queue_run \
+received_sender \
+received_recipients \
+retry_defer \
+sender_on_delivery \
+size_reject \
+skip_delivery \
+smtp_confirmation \
+smtp_connection \
+smtp_protocol_error \
+smtp_syntax_error \
+subject \
+tls_cipher \
+tls_peerdn
system_filter = /etc/exim/system-filter
system_filter_file_transport = address_file
system_filter_pipe_transport = address_pipe
.ifdef CERTNAME
tls_certificate = CERTNAME
tls_privatekey = CERTNAME
tls_advertise_hosts = ${if exists {CERTNAME}{*}{127.0.0.1/8}}
.endif
allow_domain_literals = false
never_users = root:daemon:bin:sync
host_lookup = *
helo_allow_chars = _
trusted_users = mail:www
trusted_groups = mail
rfc1413_hosts = !*
rfc1413_query_timeout = 0s
auth_advertise_hosts = !+relay_from_hosts : +auth_relay_hosts
helo_verify_hosts = !*
helo_try_verify_hosts = !*
helo_accept_junk_hosts = !*
smtp_accept_max_nonmail_hosts = *
ignore_bounce_errors_after = 30m
timeout_frozen_after = 3d
#gecos_pattern = ^([^,:]*)
#gecos_name = $1
freeze_tell = postmaster
auto_thaw = 1h
message_body_visible = 5000
message_size_limit = 20M
smtp_accept_max = 50
smtp_accept_max_per_connection = 50
smtp_accept_queue_per_connection = 100
smtp_connect_backlog = 50
smtp_accept_max_per_host = 25
split_spool_directory = true
syslog_timestamp = false
message_logs = false
remote_max_parallel = 15
smtp_reserve_hosts = +relay_from_hosts
smtp_load_reserve = 40
smtp_accept_max_nonmail = 7
smtp_max_unknown_commands = 1
sender_unqualified_hosts = +localadds
recipient_unqualified_hosts = +localadds
host_reject_connection = +host_reject
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl
check_connect:
accept
.ifdef CERTNAME
check_tls:
accept
.endif
check_mail:
accept
check_rcpt:
accept hosts = :
accept hosts = 127.0.0.1/8
deny local_parts = ^.*[@%!/|] : ^\\.
warn message = X-WhitelistedRCPT-nohdrsyncheck: Yes
local_parts = +nohdrsyncheck:postmaster:abuse
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
local_parts = +nohdrfromcallback:postmaster:abuse
warn message = X-SA-Do-Not-Rej: Yes
local_parts = +nosarej:postmaster:abuse
warn message = X-SA-Do-Not-Run: Yes
hosts = +relay_from_hosts
warn message = X-SA-Do-Not-Run: Yes
authenticated = *
warn message = X-Broken-Reverse-DNS: no host name for IP address $sender_host_address
!verify = reverse_host_lookup
# accept domains = +local_domains
# local_parts = postmaster
deny message = "HELO/EHLO required by SMTP RFC"
condition = ${if eq{$sender_helo_name}{}{yes}{no}}
.ifdef TEERGRUBE
delay = TEERGRUBE
.endif
deny message = Forged domain detected in HELO/EHLO - $sender_helo_name
condition = ${if and{{match{$sender_helo_name} \
{(example|yahoo|hotmail|compuserve)}} \
{!match{$sender_host_name}{${rxquote:$1}}}}{yes}{no}}
.ifdef TEERGRUBE
delay = TEERGRUBE
.endif
deny message = Only one recipient accepted for NULL sender
senders = :
condition = ${if >{$rcpt_count}{1}{1}}
.ifdef TEERGRUBE
delay = TEERGRUBE
.endif
.ifdef TEERGRUBE
deny log_message = Teergrube: dictionnary attack (ALLOWEDRCPTFAIL failed probes)
message = unknown user
condition = ${if >{$rcpt_fail_count}{1} {1}{0}}
.else
drop log_message = Dictionnary attack ($rcpt_fail_count failed probes). Dropping connection
message = unknown user ($rcpt_fail_count failed queries)
condition = ${if >{$rcpt_fail_count}{${eval:ALLOWEDRCPTFAIL-2}} {1}{0}}
.endif
delay = ${eval:30*$rcpt_fail_count}s
domains = +local_domains
!verify = recipient
deny condition = ${if eq{$sender_ident}{CacheFlow Server}{1}{0}}
message = Rejected - appears to be an unsecured proxy: $sender_ident
deny hosts = +host_reject_rcpt
message = Host $sender_host_address is blocked: ${lookup mysql{HOSTREJECTRCPT1}{$value}{"unspecified reason"}}
.ifdef TEERGRUBE
delay = TEERGRUBE
.endif
deny senders = +denyenvsenders
message = Sender $sender_address is blocked: ${lookup mysql{BLOCKENVSEND1}{$value}{"unspecified reason"}}
deny local_parts = !+noenvfromcheck
!verify = sender
.ifdef TEERGRUBE
delay = TEERGRUBE
.endif
# deny message = $sender_host_address is not allowed to send mail from $sender_address_domain
# spf = softfail : neutral
# !authenticated = *
#.ifdef TEERGRUBE
# delay = TEERGRUBE
#.endif
deny hosts = !+localadds:!+hosts_disable_callback:*
sender_domains = !+envdomain_disable_callback:!+domains_callback_norandom:*
local_parts = !+noenvfromcallback
!verify = sender/callout=90s,random,postmaster
# !spf = pass
.ifdef TEERGRUBE
delay = TEERGRUBE
.endif
deny hosts = !+localadds:!+hosts_disable_callback:*
sender_domains = +domains_callback_norandom
local_parts = !+noenvfromcallback
!verify = sender/callout=90s,postmaster
# !spf = pass
.ifdef TEERGRUBE
delay = TEERGRUBE
.endif
# warn message = $spf_received
# domains = +local_domains
deny message = host is listed in $dnslist_domain
dnslists = sbl-xbl.spamhaus.org : relays.ordb.org : \
combined.njabl.org : bl.spamcop.net
# !authenticated = *
.ifdef TEERGRUBE
delay = TEERGRUBE
.endif
accept domains = +local_domains
endpass
message = unknown user
verify = recipient
accept domains = +relay_to_domains
endpass
message = unrouteable address
verify = recipient/callout=30s/callout_defer_ok
accept hosts = +localadds:+relay_from_hosts
verify = recipient
accept hosts = +auth_relay_hosts
endpass
message = authentication required
authenticated = *
deny message = relay not permitted
.ifdef TEERGRUBE
delay = TEERGRUBE
.endif
check_mime:
warn decode = default
deny message = Blacklisted file extension detected
condition = ${if match {${lc:$mime_filename}} \
{\N(\.exe|\.pif|\.bat|\.scr|\.lnk|\.com)$\N} {1}{0}}
deny message = Sorry, noone speaks Chinese here
condition = ${if eq{$mime_charset}{gb2312}{1}{0}}
accept
check_data:
deny !verify = header_syntax
!condition = $header_X-WhitelistedRCPT-nohdrsyncheck:
.ifdef TEERGRUBE
delay = TEERGRUBE
.endif
accept hosts = :
accept hosts = 127.0.0.1/8
deny hosts = !+localadds:!+hosts_disable_callback:*
!condition = $header_X-WhitelistedRCPT-nohdrfromcallback:
!condition = ${lookup mysql{HDR_DOMAIN_DISABLE_CALLBACK} {yes}{no}}
!condition = ${lookup mysql{NO_RANDOM_CALLBACK} {yes}{no}}
!verify = header_sender/callout=90s,postmaster,random
.ifdef TEERGRUBE
delay = TEERGRUBE
.endif
deny hosts = !+localadds:!+hosts_disable_callback:*
!condition = $header_X-WhitelistedRCPT-nohdrfromcallback:
!condition = ${lookup mysql{HDR_DOMAIN_DISABLE_CALLBACK} {yes}{no}}
condition = ${lookup mysql{NO_RANDOM_CALLBACK} {yes}{no}}
!verify = header_sender/callout=90s,postmaster
.ifdef TEERGRUBE
delay = TEERGRUBE
.endif
deny message = Serious MIME defect detected ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
deny message = This message contains malware ($malware_name)
malware = *
accept
check_auth:
.ifdef CERTNAME
accept hosts = +auth_over_tls_hosts
endpass
message = STARTTLS required before AUTH
encrypted = *
.endif
accept
check_expn:
accept hosts = +expn_hosts
deny message = expn not allowed from this host, sorry
.ifdef TEERGRUBE
delay = TEERGRUBE
.endif
check_vrfy:
accept hosts = +vrfy_hosts
deny message = vrfy not allowed from this host, sorry
.ifdef TEERGRUBE
delay = TEERGRUBE
.endif
check_nonsmtp:
accept
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
# An address is passed to each router in turn until it is accepted. #
######################################################################
begin routers
always_verify:
driver = manualroute
domains = +nodnsdomains
verify_sender
verify_only
route_list = *
.ifdef SMARTHOST_ROUTELIST
smarthost:
driver = manualroute
domains = ! +local_domains
route_list = SMARTHOST_ROUTELIST
ignore_target_hosts = +bogusips
no_verify
host_find_failed = defer
same_domain_copy_routing = yes
transport = remote_smtp
.endif
dnslookup:
driver = dnslookup
domains = ! +local_domains
ignore_target_hosts = +bogusips
same_domain_copy_routing = yes
transport = remote_smtp
no_more
system_aliases:
driver = redirect
allow_defer
allow_fail
data = ${lookup mysql{SELECT recipients FROM aliases \
WHERE local_part='${local_part}' AND domain='${domain}'}}
userforward:
driver = redirect
allow_fail
allow_defer
data = ${lookup mysql{SELECT recipients FROM userforward \
WHERE local_part='${local_part}' AND domain='${domain}'}}
mysqluser:
driver = accept
condition = ${if eq{} {${lookup mysql{SELECT home FROM users \
WHERE id='${local_part}' AND mbox_host='${domain}' \
AND active='Y'}}}{no}{yes}}
local_part_suffix = +*
local_part_suffix_optional
transport = mysql_delivery
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
begin transports
mysql_delivery:
driver = appendfile
maildir_format
create_directory
maildir_tag = ,S=$message_size
directory = ${lookup mysql{SELECT CONCAT(home, "/Maildir") FROM users \
WHERE id='${local_part}' AND mbox_host='${domain}'}}
return_path_add
delivery_date_add
envelope_to_add
group = mail
mode = 0660
no_mode_fail_narrower
headers_remove = "Lines"
headers_add = "Lines: $body_linecount\n"
check_string = ""
directory_mode = 700
message_prefix = ""
message_suffix = ""
quota = ${lookup mysql{SELECT quota FROM users \
WHERE id='${local_part}' AND mbox_host='${domain}'}{${value}M}}
quota_size_regex = S=(\d+)$
quota_warn_threshold = 75%
address_pipe:
driver = pipe
log_defer_output
log_fail_output
path = "/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin"
return_output
user = mail
group = mail
headers_remove = "Lines"
headers_add = "Lines: $body_linecount\n"
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
user = mail
group = mail
address_reply:
driver = autoreply
remote_smtp:
driver = smtp
dns_qualify_single = false
hosts_nopass_tls = *
hosts_avoid_tls = +hosts_avoid_tls
hosts_try_auth = +hosts_try_auth
# headers_remove = "X-SA-Do-Not-Run:X-SA-Exim-Scanned:X-SA-Exim-Mail-From:X-SA-Exim-Rcpt-To:X-SA-Exim-Connect-IP"
######################################################################
# RETRY CONFIGURATION #
######################################################################
begin retry
# Domain Error Retries
# ------ ----- -------
* quota
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
######################################################################
# REWRITE CONFIGURATION #
######################################################################
begin rewrite
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
begin authenticators
# AUTH PLAIN authentication method used by Netscape Messenger.
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if crypteq{$3} {${lookup mysql{SELECT crypt FROM users \
WHERE id = '${quote_mysql:${local_part:$2}}' \
AND mbox_host = '${quote_mysql:${domain:$2}}' \
AND passwd = '${quote_mysql:$3}' \
AND active = 'Y'}{$value}{*}}}{yes}{no}}
server_prompts = :
server_set_id = $2
# AUTH LOGIN authentication method used by MS Outlook.
login:
driver = plaintext
public_name = LOGIN
server_condition = ${if crypteq{$2} {${lookup mysql{SELECT crypt FROM users \
WHERE id = '${quote_mysql:${local_part:$1}}' \
AND mbox_host = '${quote_mysql:${domain:$1}}' \
AND passwd = '${quote_mysql:$2}' \
AND active = 'Y'}{$value}{*}}}{yes}{no}}
server_prompts = Username:: : Password::
server_set_id = $1
# AUTH CRAM-MD5 authentication method used by Eudora/TheBat!.
cram_md5:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${lookup mysql{SELECT passwd FROM users \
WHERE id = '${quote_mysql:${local_part:$1}}' \
AND mbox_host = '${quote_mysql:${domain:$1}}' \
AND active = 'Y'}{$value}fail}
server_set_id = $1
# End of Exim configuration file
Измененная структура базы данных mySQL:
--
-- Table structure for table `aliases`
--
CREATE TABLE aliases (
local_part varchar(64) NOT NULL default '',
domain varchar(128) NOT NULL default 'example.ru',
recipients text,
PRIMARY KEY (local_part,domain)
) TYPE=MyISAM;
--
-- Dumping data for table `aliases`
--
INSERT INTO aliases VALUES ('postmaster','example.ru','ginger');
INSERT INTO aliases VALUES ('mailer-daemon','example.ru','postmaster');
INSERT INTO aliases VALUES ('root','example.ru','postmaster');
INSERT INTO aliases VALUES ('bin','example.ru','root');
INSERT INTO aliases VALUES ('daemon','example.ru','root');
INSERT INTO aliases VALUES ('games','example.ru','root');
INSERT INTO aliases VALUES ('ingres','example.ru','root');
INSERT INTO aliases VALUES ('sync','example.ru','root');
INSERT INTO aliases VALUES ('mail','example.ru','root');
INSERT INTO aliases VALUES ('pop','example.ru','root');
INSERT INTO aliases VALUES ('uucp','example.ru','root');
INSERT INTO aliases VALUES ('ftp','example.ru','root');
INSERT INTO aliases VALUES ('nobody','example.ru','root');
INSERT INTO aliases VALUES ('system','example.ru','root');
INSERT INTO aliases VALUES ('toor','example.ru','root');
INSERT INTO aliases VALUES ('foo','example.ru','root');
INSERT INTO aliases VALUES ('falken','example.ru','root');
INSERT INTO aliases VALUES ('www','example.ru','root');
INSERT INTO aliases VALUES ('named','example.ru','root');
INSERT INTO aliases VALUES ('postgres','example.ru','root');
INSERT INTO aliases VALUES ('mysql','example.ru','root');
INSERT INTO aliases VALUES ('squid','example.ru','root');
INSERT INTO aliases VALUES ('drweb','example.ru','root');
INSERT INTO aliases VALUES ('webmaster','example.ru','root');
INSERT INTO aliases VALUES ('admin','example.ru','root');
INSERT INTO aliases VALUES ('manager','example.ru','root');
INSERT INTO aliases VALUES ('dumper','example.ru','root');
INSERT INTO aliases VALUES ('operator','example.ru','root');
INSERT INTO aliases VALUES ('abuse','example.ru','root');
INSERT INTO aliases VALUES ('security','example.ru','root');
INSERT INTO aliases VALUES ('hostmaster','example.ru','root');
INSERT INTO aliases VALUES ('decode','example.ru','root');
INSERT INTO aliases VALUES ('moof','example.ru','root');
INSERT INTO aliases VALUES ('moog','example.ru','root');
INSERT INTO aliases VALUES ('news','example.ru','usenet');
INSERT INTO aliases VALUES ('usenet','example.ru','root');
INSERT INTO aliases VALUES ('staff','example.ru','postmaster');
INSERT INTO aliases VALUES ('office','example.ru','postmaster');
INSERT INTO aliases VALUES ('all','example.ru','postmaster');
INSERT INTO aliases VALUES ('tech','example.ru','postmaster');
INSERT INTO aliases VALUES ('ops','example.ru','postmaster');
--
-- Table structure for table `blacklists`
--
CREATE TABLE blacklists (
address varchar(64) NOT NULL default '',
type enum('SENDER','HOSTREJ','REJRCPT') NOT NULL default 'SENDER',
message text,
PRIMARY KEY (address,type)
) TYPE=MyISAM;
--
-- Dumping data for table `blacklists`
--
INSERT INTO blacklists VALUES ('postcards@rol.ru','SENDER','We are sorry, dont want message from you');
INSERT INTO blacklists VALUES ('81.13.65.178','HOSTREJ','');
--
-- Table structure for table `callbackdomains`
--
CREATE TABLE callbackdomains (
domain varchar(128) NOT NULL default '',
type enum('NOENV','NOHDR','NORND','NODNS') NOT NULL default 'NOENV',
PRIMARY KEY (domain,type)
) TYPE=MyISAM;
--
-- Dumping data for table `callbackdomains`
--
INSERT INTO callbackdomains VALUES ('example.ru','NOENV');
INSERT INTO callbackdomains VALUES ('example.ru','NOHDR');
--
-- Table structure for table `domains`
--
CREATE TABLE domains (
domain varchar(128) NOT NULL default 'example.ru',
type enum('LOCAL','RELAY','VIRTUAL') default 'LOCAL',
PRIMARY KEY (domain)
) TYPE=MyISAM;
--
-- Dumping data for table `domains`
--
INSERT INTO domains VALUES ('example.ru','LOCAL');
--
-- Table structure for table `hostlists`
--
CREATE TABLE hostlists (
hostname varchar(64) NOT NULL default '',
type enum('AVOIDTLS','TRYAUTH','NOCALL') NOT NULL default 'AVOIDTLS',
PRIMARY KEY (hostname,type)
) TYPE=MyISAM;
--
-- Dumping data for table `hostlists`
--
INSERT INTO hostlists VALUES ('194.226.96.22','NOCALL');
--
-- Table structure for table `userforward`
--
CREATE TABLE userforward (
local_part varchar(64) NOT NULL default '',
domain varchar(128) NOT NULL default 'example.ru',
recipients text,
PRIMARY KEY (local_part,domain)
) TYPE=MyISAM;
--
-- Dumping data for table `userforward`
--
INSERT INTO userforward VALUES ('noc','example.ru','ginger');
INSERT INTO userforward VALUES ('sysadmin','example.ru','ginger, max, someone@fagci.ru');
--
-- Table structure for table `users`
--
CREATE TABLE users (
id varchar(64) NOT NULL default '',
crypt varchar(64) NOT NULL default '',
passwd varchar(64) NOT NULL default '',
uid int(10) NOT NULL default '8',
gid int(10) NOT NULL default '12',
mbox_host varchar(128) NOT NULL default 'example.ru',
shell varchar(32) NOT NULL default '/sbin/nologin',
home varchar(128) NOT NULL default '/home/vmail/domains',
quota tinyint(4) default '15',
active enum('Y','N') NOT NULL default 'Y',
PRIMARY KEY (id,mbox_host)
) TYPE=MyISAM;
--
-- Dumping data for table `users`
--
INSERT INTO users VALUES ('ginger',ENCRYPT('my-secret-pass'),'my-secret-pass',8,12,'example.ru','/sbin/nologin','/home/vmail/domains/example.ru/ginger',30,'Y');
--
-- Table structure for table `whitelist`
--
CREATE TABLE whitelist (
address varchar(64) NOT NULL default '',
PRIMARY KEY (address)
) TYPE=MyISAM;
--
-- Dumping data for table `whitelist`
--
INSERT INTO whitelist VALUES ('noc@example.ru');
+------------------+
| Tables_in_exim |
+------------------+
| aliases |
| blacklists |
| callbackdomains |
| domains |
| hostlists |
| userforward |
| users |
| whitelist |
+------------------+
- Войдите на сайт для отправки комментариев
roadracer Для
roadracer Для использования Dovecot нужно несколько упростить таблицу . CREATE TABLE users ( userid varchar(64) NOT NULL default '', crypt varchar(64) NOT NULL default '', passwd varchar(64) NOT NULL default '', home varchar(128) NOT NULL default '/home/vmail/domains', uid int(6) NOT NULL default '8', gid int(6) NOT NULL default '12', domain varchar(128) NOT NULL default 'sheremetyevo-2.ru', quota tinyint(4) default '15', active enum('Y','N') NOT NULL default 'Y', PRIMARY KEY (userid,domain) ) TYPE=MyISAM; Вот так должны выглядеть файлы конфигурации: ### dovecot.conf ### protocols = imaps pop3s imap pop3 #ssl_disable = yes ssl_cert_file = /путь/к/каталогу/dovecot.pem ssl_key_file = /путь/к/каталогу/dovecot.pem login = imap login_executable = /usr/libexec/dovecot/imap-login login = pop3 login_executable = /usr/libexec/dovecot/pop3-login mail_extra_groups = mail #default_mail_env = maildir:/home/vmail/domains/%d/%n/Maildir imap_executable = /usr/libexec/dovecot/imap pop3_executable = /usr/libexec/dovecot/pop3 auth = default auth_mechanisms = plain auth_userdb = mysql /etc/dovecot-mysql.conf auth_passdb = mysql /etc/dovecot-mysql.conf first_valid_uid = 8 auth_user = mail auth_verbose = yes ### dovecot-mysql.conf ### #db_host = 127.0.0.1 #db_port = 3306 db_unix_socket = /var/lib/mysql/mysql.sock db = ИМЯБД db_user = ПОЛЬЗОВАТЕЛЬ db_passwd = ПАРОЛЬ db_client_flags = 0 default_pass_scheme = CRYPT password_query = SELECT crypt FROM users WHERE userid = '%n' AND domain = '%d' AND active = 'Y' user_query = SELECT home, uid, gid FROM users WHERE userid = '%n' AND domain = '%d' Права на dovecot-mysql.conf должны быть с маской 640 root.mail т.к. там храниться пароль к базе данных. Для того чтобы использовать TLS/SSL, нужно создать сертификат, для этого перейдите в соответсвующий каталог, например /etc/ssl/certs и выполните следующую команду: openssl req -x509 -newkey rsa:1024 -keyout dovecot.pem -out dovecot.pem -days 9999 -nodes