Tjänster som nu fungerar på servern datacentralen.com

Router med IP-tables regeluppsättning
DNS-server (slår upp åt sina klienter)
FTP-server (ftp.datacentralen.com)
Webserver (www.datacentralen.com)
Mailserver (datacentralen.com)

Webmin

SSH-server

Saknas

DHCP-server (behövs till VOD-burk till TV)
Stor lagringskapacitet till FTP. (Nu bara 2x80 GByte HD konfigurerade som RAID1, alltså spegling)

 

Beskrivning av mailservern på datacentralen.com

 

Mailservern körs med Postfix mailserver och Dovecot IMAP-server, och den är installerad enligt följande:

 

Installera Postfix och Dovecot

 

apt-get install Postfix

apt-get install dovecot-imapd dovecot-pop3d

 

Konfigurera Postfix main.cf och Dovecot dovecot.conf. Här är mina filer. Först main.cf

 

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

 

 

# Debian specific:  Specifying a file name will cause the first

# line of that file to be used as the name.  The Debian default

# is /etc/mailname.

#myorigin = /etc/mailname

 

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)

biff = no

 

# appending .domain is the MUA's job.

append_dot_mydomain = no

 

# Uncomment the next line to generate "delayed mail" warnings

#delay_warning_time = 4h

 

readme_directory = no

 

# TLS parameters

smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem

smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key

smtpd_use_tls = yes

smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

 

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for

# information on enabling SSL in the smtp client.

 

myhostname = datacentralen.com

alias_maps = hash:/etc/aliases

alias_database = hash:/etc/aliases

myorigin = /etc/mailname

mydestination = datacentralen.com, router, localhost.localdomain, localhost

relayhost = smtprelay1.telia.com

mynetworks = 10.10.10.0/24, 192.168.1.0/24, 127.0.0.0/8, [::ffff:127.0.0.0]/104 [::1]/128

mailbox_size_limit = 0

recipient_delimiter =

inet_interfaces = all

inet_protocols = all

home_mailbox = Maildir/

smtpd_sasl_type = dovecot

smtpd_sasl_path = private/dovecot-auth

smtpd_sasl_local_domain = $myhostname

smtpd_sasl_security_options = noanonymous

broken_sasl_auth_clients = yes

smtpd_sasl_auth_enable = yes

smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

smtpd_sasl_authenticated_header = yes

smtpd_sender_restrictions = reject_unknown_sender_domain

mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/conf.d/01-mail-stack-delivery.conf -m "${EXTENSION}"

smtp_use_tls = yes

smtpd_tls_received_header = yes

smtpd_tls_mandatory_protocols = SSLv3, TLSv1

smtpd_tls_mandatory_ciphers = medium

smtpd_tls_auth_only = yes

tls_random_source = dev:/dev/urandom

 

smtpd_recipient_restrictions =

   permit_sasl_authenticated,

   permit_mynetworks,

   check_relay_domains

 

Sedan dovecot.conf

 

## Dovecot configuration file

 

# If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration

 

# "doveconf -n" command gives a clean output of the changed settings. Use it

# instead of copy&pasting files when posting to the Dovecot mailing list.

 

# '#' character and everything after it is treated as comments. Extra spaces

# and tabs are ignored. If you want to use either of these explicitly, put the

# value inside quotes, eg.: key = "# char and trailing whitespace  "

 

# Default values are shown for each setting, it's not required to uncomment

# those. These are exceptions to this though: No sections (e.g. namespace {})

# or plugin settings are added by default, they're listed only as examples.

# Paths are also just examples with the real defaults being based on configure

# options. The paths listed here are for configure --prefix=/usr

# --sysconfdir=/etc --localstatedir=/var

 

# Enable installed protocols

!include_try /usr/share/dovecot/protocols.d/*.protocol

 

# A comma separated list of IPs or hosts where to listen in for connections.

# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.

# If you want to specify non-default ports or anything more complex,

# edit conf.d/master.conf.

listen = *, ::

 

# Base directory where to store runtime data.

#base_dir = /var/run/dovecot/

 

# Greeting message for clients.

login_greeting = Dovecot ready.

 

# Space separated list of trusted network ranges. Connections from these

# IPs are allowed to override their IP addresses and ports (for logging and

# for authentication checks). disable_plaintext_auth is also ignored for

# these networks. Typically you'd specify your IMAP proxy servers here.

#login_trusted_networks =

 

# Sepace separated list of login access check sockets (e.g. tcpwrap)

#login_access_sockets =

 

# Show more verbose process titles (in ps). Currently shows user name and

# IP address. Useful for seeing who are actually using the IMAP processes

# (eg. shared mailboxes or if same uid is used for multiple accounts).

#verbose_proctitle = no

 

# Should all processes be killed when Dovecot master process shuts down.

# Setting this to "no" means that Dovecot can be upgraded without

# forcing existing client connections to close (although that could also be

# a problem if the upgrade is e.g. because of a security fix).

#shutdown_clients = yes

 

# If non-zero, run mail commands via this many connections to doveadm server,

# instead of running them directly in the same process.

#doveadm_worker_count = 0

# UNIX socket or host:port used for connecting to doveadm server

#doveadm_socket_path = doveadm-server

 

# Space separated list of environment variables that are preserved on Dovecot

# startup and passed down to all of its child processes. You can also give

# key=value pairs to always set specific settings.

#import_environment = TZ

 

##

## Dictionary server settings

##

 

# Dictionary can be used to store key=value lists. This is used by several

# plugins. The dictionary can be accessed either directly or though a

# dictionary server. The following dict block maps dictionary names to URIs

# when the server is used. These can then be referenced using URIs in format

# "proxy::<name>".

 

dict {

  #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext

  #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext

}

 

# Most of the actual configuration gets included below. The filenames are

# first sorted by their ASCII value and parsed in that order. The 00-prefixes

# in filenames are intended to make it easier to understand the ordering.

!include conf.d/*.conf

 

# A config file can also tried to be included without giving an error if

# it's not found:

!include_try local.conf

 

# define which protocols to enable

protocols = imap pop3

 

# permit authentication even with password in plain sight

disable_plaintext_auth = no

#mechanisms = plain login

# fake greeting for client

login_greeting = Microsoft Exchange 2011

 

# tell dovecot where to store the mail

# mail_location = maildir:/var/vmail/%d/%n/Maildir

# mail_location = /home

 

 

#socket listen {

    #master {

      # Master socket provides access to userdb information. It's typically

      # used to give Dovecot's local delivery agent access to userdb so it

      # can find mailbox locations.

      #path = /var/run/dovecot/auth-master

      #mode = 0600

      # Default user/group is the one who started dovecot-auth (root)

      #user =

      #group =

    #}

 #   client {

      # The client socket is generally safe to export to everyone. Typical use

      # is to export it to your SMTP server so it can do SMTP AUTH lookups

      # using it.

  #    path = /var/spool/postfix/private/auth-client

   #   mode = 0660

    #  user = postfix

     # group = postfix

  #  }

 # }

 

För att kommunikationen till och från mailservern ska fungera krävs att IP-tables konfigureras lite. Port 25 måste öppnas utåt, och då går all utgående trafik via Telias öppna mailrelä, som är det enda som man når på port 25. Telia blockerar port 25 även ingående mot servern, vilket innebär att jag har konfigurerat mailklienten i min laptop till att sända på port 10001 istället för standard port 25. På servern vidarebefordrar jag dessa anrop på port 10001 till port 25 internt i servern, och mail kommer då fram. Jag har även öppnat port 143 i servern för IMAP-anrop. Här är de rader i IP-Tables som berör detta:

 

#Regler för mailservern

iptables -A INPUT -p tcp --in-interface eth0 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp --in-interface eth1 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp --out-interface eth0 --sport 25 -m state --state ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp --out-interface eth1 --sport 25 -m state --state ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp --in-interface eth0 --dport 143 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp --out-interface eth0 --sport 143 -m state --state ESTABLISHED -j ACCEPT

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 10001 -j REDIRECT --to-port 25

iptables -t nat -A PREROUTING -i eth0 -p udp --dport 10001 -j REDIRECT --to-port 25

iptables -A INPUT -p tcp --in-interface eth0 --dport 587 -m state --state NEW,ESTABLISHED -j ACCEPT

 

Jag fick problem med att logga in ifrån Internet med Outlook, och bytte då till Mozilla Thunderbird som har många konfigureringsmöjligheter, och då fungerade det bra.