potfix mail server dengan virtual domain lengkap

46
Build a complete mailserver using Postfix virtual mailboxes Versi 1.0.0 by : Henry Gultom([email protected] ) Last edited 15/09/2009 Membuat mailserver dari skala besar dan kecil ada banyak softwarenya dari yang kelas komersil(Microsoft Exchange , Lotus Domino ,Merak ,dsb) sampai kelas opensources(Sendmail ,Qmail ,Postfix ,Zimbra ). Cara instalasi dan konfigurasi juga di manja oleh developer software tersebut yang hanya memberikan sebuah file binary installer, tanpa pusing otak-atik konfigurasi didalamnya saat instalasi berlangsung, seperti Merak,Zimbra,Exchange. Berbeda dengan software menggunakan qmail dan postfix yang harus memiliki third party(tambahan) software pendukung lainnya dan mencocokkannya menjadi sebuah solusi complete sebuah mailserver tangguh. Kali ini saya mencoba mensetup sebuah mailserver yang ribet dan banyak teman-teman pendukungnya untuk membuat sebuah mailserver tangguh. Mailserver ini terdiri dari sistem operasi Debian Lenny, Postfix dengan Virtual mailbox domains dengan PostfixAdmin , MySQL , Dovecot IMAP/POP3, Amavisd- new ,SquirrelMail dan MailZu . Ditambah sistem quota, maildirmake, Mailgraph , Pyzor , OpenProtect SARE rules, Razor , Postgrey , SaneSecurity dan MSRBL ClamAV signatures, Botnet SA plugin, Passive OS Fingerprinting(p0f) , SpamAssassin Body Rules, Altermime , dan terakhir firewall . Fungsinya : Postfix virtual mailbox domains (informasi user dan domain disimpan di MySQL), PostfixAdmin(webbased) untuk memaintain database of administrators, domains, aliases, users, maildirs dll, MailZu dimana user dapat maintain quarantined messages, Dovecot IMAP dan POP3 servers User passwords disimpan di MySQL, Dovecot's deliver sebagai local delivery agent, maildirmake untuk membuat maildirs dengan informasi quota, Pembagian setiap domain dengan maildir yang berbeda, cth: /var/vmail/contoh.com/user/, Amavisd-new (dengan SpamAssassin) bisa diseting per user melalui MySQL,

Upload: dickri-hidayatullah

Post on 30-Oct-2014

186 views

Category:

Documents


1 download

TRANSCRIPT

Page 1: Potfix Mail Server Dengan Virtual Domain Lengkap

Build a complete mailserver using Postfix virtual mailboxesVersi 1.0.0

by : Henry Gultom([email protected]) Last edited 15/09/2009

Membuat mailserver dari skala besar dan kecil ada banyak softwarenya dari yang kelas komersil(Microsoft Exchange, Lotus Domino,Merak,dsb) sampai kelas opensources(Sendmail,Qmail,Postfix,Zimbra). Cara instalasi dan konfigurasi juga di manja oleh developer software tersebut yang hanya memberikan sebuah file binary installer, tanpa pusing otak-atik konfigurasi didalamnya saat instalasi berlangsung, seperti Merak,Zimbra,Exchange. Berbeda dengan software menggunakan qmail dan postfix yang harus memiliki third party(tambahan) software pendukung lainnya dan mencocokkannya menjadi sebuah solusi complete sebuah mailserver tangguh.

Kali ini saya mencoba mensetup sebuah mailserver yang ribet dan banyak teman-teman pendukungnya untuk membuat sebuah mailserver tangguh. Mailserver ini terdiri dari sistem operasi Debian Lenny, Postfix dengan Virtual mailbox domains dengan PostfixAdmin, MySQL, Dovecot IMAP/POP3, Amavisd-new,SquirrelMail dan MailZu. Ditambah sistem quota, maildirmake, Mailgraph, Pyzor, OpenProtect SARE   rules, Razor, Postgrey, SaneSecurity dan MSRBL ClamAVsignatures, Botnet SA plugin, Passive OS Fingerprinting(p0f), SpamAssassin Body Rules, Altermime, dan terakhir firewall.

Fungsinya : Postfix virtual mailbox domains (informasi user dan domain disimpan di MySQL), PostfixAdmin(webbased) untuk memaintain database of administrators, domains, aliases, users, maildirs dll, MailZu dimana user dapat maintain quarantined messages, Dovecot IMAP dan POP3 servers User passwords disimpan di MySQL, Dovecot's deliver sebagai local delivery agent, maildirmake untuk membuat maildirs dengan informasi quota, Pembagian setiap domain dengan maildir yang berbeda, cth: /var/vmail/contoh.com/user/, Amavisd-new (dengan SpamAssassin) bisa diseting per user melalui MySQL, SquirrelMail sebagai webmail client. Users dapat memodifikasi level sensitif terhadap spam dan pengaturan white/black lists, Spam langsung di lempar ke user's Spam folder atau masuk quarantine, Email virus scanning menggunakan ClamAV, dan tambahan Mailgraph, OpenProtect SARE rules, Postgrey, SaneSecurity dan MSRBL ClamAV signatures, Botnet SA plugin, p0f, SpamAssassin Body Rules, Altermime. Wah too much pendahuluan, langsung dimulai saja. Berikut proses instalasi dan konfigurasinya yang saya dokumentasikan

Sistem OperasiPasca instalasi Debian Lenny 5.0.3(netinstal) pilih standart system. Perlu dibersihkan lagi dengan membuang paket yang tidak perlu :

apt-get remove nfs-common portmap exim4

Instalasi dan konfigurasi komponen diatas satu persatu :

debian:/home/gtoms# apt-get install openntpd build-essential make automake1.9 gcc bison flex libc6-dev logcheck logcheck-database flip psmisc dpkg-dev libcurl3 libssh2-1 byacc libbz2-devReading package lists... DoneBuilding dependency treeReading state information... Done

Page 2: Potfix Mail Server Dengan Virtual Domain Lengkap

----skip-----------

MySQL

debian:/home/gtoms# apt-get install mysql-serverReading package lists... DoneBuilding dependency treeReading state information... DoneThe following extra packages will be installed:libdbd-mysql-perl libdbi-perl libhtml-template-perl libmysqlclient15off libnet-daemon-perl libplrpc-perl libterm-readkey-perl mysql-client-5.0mysql-common mysql-server-5.0

-----skip--------------

Mysql menggunakan tables InnoDB jadi perlu mengedit file /etc/mysql/my.cnf sekalian tunning mysql :

innodb_data_home_dir = /var/lib/mysql/innodb_log_group_home_dir = /var/lib/mysql/innodb_log_arch_dir = /var/lib/mysql/innodb_buffer_pool_size = 192Minnodb_additional_mem_pool_size = 4Minnodb_log_file_size = 48Minnodb_log_buffer_size = 8Minnodb_fast_shutdown = 1

Apache,PHP,SSL certificates,...

debian:/etc/mysql# apt-get install apache2 libapache2-mod-php5 php5 php5-common php5-mysql php5-gd php5-mcrypt mcrypt ca-certificates opensslReading package lists... DoneBuilding dependency treeReading state information... Doneca-certificates is already the newest version.ca-certificates set to manually installed.openssl is already the newest version.openssl set to manually installed.The following extra packages will be installed:apache2-mpm-prefork apache2-utils apache2.2-common defoma fontconfig-config libapr1 libaprutil1 libexpat1 libfontconfig1 libfreetype6 libgd2-xpmlibjpeg62 libltdl3 libmcrypt4 libmhash2 libpng12-0 libpq5 libt1-5 libxpm4 openssl-blacklist ssl-cert ttf-dejavu ttf-dejavu-core ttf-dejavu-extraSuggested packages:apache2-doc apache2-suexec apache2-suexec-custom defoma-doc dfontmgr psfontmgr x-ttcidfont-conf php-pear libfreetype6-dev libgd-tools libmcrypt-dev

---------skip----------------

debian:/etc/mysql# apt-get install libcompress-raw-zlib-perl libcompress-zlib-perl libdigest-hmac-perl libdigest-sha1-perl libfile-remove-perl libio-compress-base-perl libio-compress-zlib-perl libio-stringy-perlReading package lists... DoneBuilding dependency tree

Page 3: Potfix Mail Server Dengan Virtual Domain Lengkap

Reading state information... DoneThe following NEW packages will be installed:libcompress-raw-zlib-perl libcompress-zlib-perl libdigest-hmac-perl libdigest-sha1-perl libfile-remove-perl libio-compress-base-perllibio-compress-zlib-perl libio-stringy-perl

--------skip------------------------

debian:/etc/mysql# apt-get install libsys-hostname-long-perl libuser-identity-perl libmail-box-perl libobject-realize-later-perl liburi-perl libio-socket-ssl-perl libnet-ident-perl libmail-dkim-perl paxReading package lists... DoneBuilding dependency treeReading state information... DoneThe following extra packages will be installed:libcrypt-openssl-bignum-perl libcrypt-openssl-rsa-perl liberror-perl libmailtools-perl libmime-types-perl libnet-dns-perl libnet-ip-perllibnet-libidn-perl libnet-ssleay-perl

-------skip-----------------------

debian:/etc/mysql# apt-get install libarchive-zip-perl libberkeleydb-perl libconvert-binhex-perl libconvert-tnef-perl libconvert-uulib-perl libio-multiplex-perl libmime-tools-perl libnet-cidr-perl libnet-server-perl libunix-syslog-perlReading package lists... DoneBuilding dependency treeReading state information... DoneThe following extra packages will be installed:libmime-perlThe following NEW packages will be installed:libarchive-zip-perl libberkeleydb-perl libconvert-binhex-perl libconvert-tnef-perl libconvert-uulib-perl libio-multiplex-perl libmime-perllibmime-tools-perl libnet-cidr-perl libnet-server-perl libunix-syslog-perl0 upgraded, 11 newly installed, 0 to remove and 0 not upgraded.

--------skip------------------------

POSTFIX

debian:/etc/mysql# apt-get install postfix postfix-pcre postfix-mysql libsasl2-modules-sql libsasl2-modulesReading package lists... DoneBuilding dependency treeReading state information... DoneThe following extra packages will be installed:libsqlite0Suggested packages:libsasl2-modules-otp libsasl2-modules-ldap libsasl2-modules-gssapi-mit libsasl2-modules-gssapi-heimdal postfix-pgsql postfix-ldap sasl2-bin resolvconfpostfix-cdb ufw

-------skip-----------------------

Page 4: Potfix Mail Server Dengan Virtual Domain Lengkap

Answer the questions:General type of configuration? Internet Site (the default)Mail name? mail.nusantaraxxxx.com (the default)

DOVECOT

apt-get install dovecot

Set /etc/dovecot/dovecot.conf

protocols = imap imaps pop3 pop3s

Membuat dan Install SSL Certificates

mail:~# sed -i 's/= 365\t/= 3653\t/' /etc/ssl/openssl.cnfmail:~# mkdir CAmail:~# cd CAmail:~/CA# mkdir demoCAmail:~/CA# cd demoCAmail:~/CA/demoCA# mkdir newcertsmail:~/CA/demoCA# mkdir privatemail:~/CA/demoCA# echo '01' > serialmail:~/CA/demoCA# touch index.txtmail:~/CA/demoCA# cd ..mail:~/CA#mail:~/CA# openssl req -new -x509 -extensions v3_ca -keyout demoCA/private/cakey.pem -out cacert.pem -days 3653Generating a 1024 bit RSA private key.........++++++....++++++writing new private key to 'demoCA/private/cakey.pem'Enter PEM pass phrase:Verifying - Enter PEM pass phrase:

---skip-----------------------

mail:~/CA# dpkg-reconfigure ca-certificatesUpdating certificates in /etc/ssl/certs....done.Running hooks in /etc/ca-certificates/update.d....done

--skip---------------------

mail:~/CA# openssl req -new -nodes -out req.pemGenerating a 1024 bit RSA private key

................................................................................++++++

.................++++++writing new private key to 'privkey.pem'

---skip------------------

mail:~/CA# cp -i privkey.pem privkey.mail.nusantaraxxx.com.pemmail:~/CA# chmod 600 privkey.*mail:~/CA# cp -i req.pem req.mail.nusantaraxxx.com.pemmail:~/CA# openssl ca -out cert.pem -cert cacert.pem -infiles req.pemUsing configuration from /usr/lib/ssl/openssl.cnfEnter pass phrase for ./demoCA/private/cakey.pem:

Page 5: Potfix Mail Server Dengan Virtual Domain Lengkap

Check that the request matches the signatureSignature okCertificate Details:Serial Number: 1 (0x1)ValidityNot Before: Sep 7 22:30:27 2009 GMTNot After : Sep 8 22:30:27 2019 GMTSubject:countryName = IDstateOrProvinceName = DKI JakartaorganizationName = Nusantaraxxx MailorganizationalUnitName = ITcommonName = mail.nusantaraxxx.commail:~/CA# mv -i cert.pem temp.cert.mail.nusantaraxxx.pemmail:~/CA# openssl x509 -in temp.cert.mail.nusantaraxxx.com.pem -out cert.pemmail:~/CA# cp -i cert.pem cert.mail.nusantaraxxx.com.pemmail:~/CA# cat privkey.mail.nusantaraxxx.pem cert.mail.nusantaraxxx.com.pem >key-cert.pemmail:~/CA# cp -i key-cert.pem key-cert.mail.nusantaraxxx.com.pemmail:~/CA# chmod -R 600 /root/CAmail:~/CA# /etc/init.d/apache2 stopStopping web server: apache2 ... waiting .mail:~/CA# /etc/init.d/apache2 startStarting web server: apache2.mail:~/CA# cd /root/CA/mail:~/CA# cp key-cert.mail.nusantaraxxx.com.pem /etc/apache2/mail:~/CA# chmod 600 /etc/apache2/key-cert.mail.nusantaraxxx.com.pemmail:~/CA# a2enmod sslEnabling module ssl.See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.Run '/etc/init.d/apache2 restart' to activate new configuration!mail:~/CA# a2enmod rewriteEnabling module rewrite.Run '/etc/init.d/apache2 restart' to activate new configuration!mail:~/CA# cp /etc/apache2/sites-available/default /etc/apache2/sites-available/sslmail:~/CA# nano /etc/apache2/sites-available/defaultmail:~/CA# nano /etc/apache2/sites-available/sslmail:~/CA# a2ensite sslEnabling site ssl.See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.Run '/etc/init.d/apache2 reload' to activate new configuration!mail:~/CA# /etc/init.d/apache2 stopStopping web server: apache2 ... waiting .mail:~/CA# /etc/init.d/apache2 startStarting web server: apache2.mail:~/CA# nano /etc/apache2/sites-available/defaultmail:~/CA# /etc/init.d/apache2 restartRestarting web server: apache2 ... waiting .mail:~/CA# mv /etc/ssl/certs/dovecot.pem /etc/ssl/certs/dovecot.pem.backupmail:~/CA# cp cert.mail.nusantaraxxx.pem /etc/ssl/certs/dovecot.pemmail:~/CA# mv /etc/ssl/private/dovecot.pem /etc/ssl/private/dovecot.pem.backupmail:~/CA# cp privkey.mail.nusantaraxxx.pem /etc/ssl/private/dovecot.pemmail:~/CA# chmod 0600 /etc/ssl/private/dovecot.pemmail:~/CA# /etc/init.d/dovecot restartRestarting IMAP/POP3 mail server: dovecotInfo: If you have trouble with

Page 6: Potfix Mail Server Dengan Virtual Domain Lengkap

authentication failures,enable auth_debug setting.mail:~/CA# postconf -e "smtpd_tls_cert_file = /etc/ssl/certs/dovecot.pem"mail:~/CA# postconf -e "smtpd_tls_key_file = /etc/ssl/private/dovecot.pem"mail:~/CA# postconf -e "smtpd_tls_CAfile = /etc/ssl/certs/cacert.nusantaraxxx.pem"mail:~/CA# postconf -e "smtpd_tls_received_header = yes"mail:~/CA# postfix reloadpostfix/postfix-script: refreshing the Postfix mail systemmail:~/CA# netstat -nltupActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program nametcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 10232/dovecottcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 10232/dovecottcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1872/mysqldtcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 10232/dovecottcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 10232/dovecottcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1807/sshdtcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2056/mastertcp6 0 0 :::80 :::* LISTEN 10204/apache2tcp6 0 0 :::22 :::* LISTEN 1807/sshdtcp6 0 0 :::443 :::* LISTEN 10204/apache2mail:~/CA#

Menyeting Postfix configuration

mail:/var/www# postconf -e "mydomain = nusantaraxxx.com"mail:/var/www# postconf -e "myorigin = nusantaraxxx.com"mail:/var/www# postconf -e "myhostname = mail.nusantaraxxx.com"mail:/var/www# postconf -e "mydestination = nusantaraxxx.com, mail.nusantaraxxx.com, localhost.nusantaraxxx.com, localhost"mail:/var/www# sed -i 's/smtpd_use_tls=yes//' /etc/postfix/main.cfmail:/var/www# postfix reloadpostfix/postfix-script: refreshing the Postfix mail systemmail:/var/www#mail:/var/www# postconf -nalias_database = hash:/etc/aliasesalias_maps = hash:/etc/aliasesappend_dot_mydomain = nobiff = noconfig_directory = /etc/postfixinet_interfaces = allmailbox_command = procmail -a "$EXTENSION"mailbox_size_limit = 0mydestination = nusantaraxxx.com, mail.nusantaraxxx.com, localhost.nusantaraxxx.com, localhostmydomain = nusantaraxxx.commyhostname = mail.nusantaraxxx.commynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128myorigin = nusantaraxxx.comreadme_directory = norecipient_delimiter = +relayhost =smtp_tls_session_cache_database = btree:${data_directory}/smtp_scachesmtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)smtpd_tls_CAfile = /etc/ssl/certs/cacert.nusantaraxxx.com.pemsmtpd_tls_cert_file = /etc/ssl/certs/dovecot.pemsmtpd_tls_key_file = /etc/ssl/private/dovecot.pemsmtpd_tls_received_header = yessmtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

Page 7: Potfix Mail Server Dengan Virtual Domain Lengkap

Kita unduh postfix binary untuk mengambil beberapa sample file yang dibutuhkan.

mail:/var/www# cd /usr/local/srcmail:/usr/local/src# wget http://ftp.debian.org/debian/pool/main/p/postfix/postfix_2.5.5.orig.tar.gz--2009-09-08 11:51:20-- http://ftp.debian.org/debian/pool/main/p/postfix/postfix_2.5.5.orig.tar.gzResolving ftp.debian.org... 130.89.149.226Connecting to ftp.debian.org|130.89.149.226|:80... connected.HTTP request sent, awaiting response... 200 OKLength: 3157877 (3.0M) [application/x-gzip]Saving to: `postfix_2.5.5.orig.tar.gz'100%[=======================================>] 3,157,877 807K/s in 4.9s2009-09-08 11:51:26 (626 KB/s) - `postfix_2.5.5.orig.tar.gz' saved [3157877/3157877]mail:/usr/local/src# tar xzf postfix_2.5.5.orig.tar.gzmail:/usr/local/src# cp -i /usr/local/src/postfix-2.5.5/conf/* /etc/postfixcp: overwrite `/etc/postfix/main.cf'? ncp: overwrite `/etc/postfix/master.cf'? ncp: overwrite `/etc/postfix/postfix-files'? ncp: overwrite `/etc/postfix/postfix-script'? ncp: overwrite `/etc/postfix/post-install'? nmail:/usr/local/src# cp -i /etc/postfix/header_checks /etc/postfix/body_checksmail:/usr/local/src# cp -i /etc/postfix/access /etc/postfix/sender_accessmail:/usr/local/src# cp -i /etc/postfix/access /etc/postfix/rbl_client_exceptionsmail:/usr/local/src# cp -i /etc/postfix/access /etc/postfix/rbl_sender_exceptionsmail:/usr/local/src# cp -i /etc/postfix/access /etc/postfix/rbl_recipient_exceptionsmail:/usr/local/src# cp /usr/local/src/postfix-2.5.5/examples/chroot-setup/LINUX2 /usr/sbinmail:/usr/local/src# chmod +x /usr/sbin/LINUX2mail:/usr/local/src# LINUX2postfix/postfix-script: refreshing the Postfix mail systemmail:/usr/local/src#

Pada sistem Debian, Postfix berjalan dalam mode chrooted. Saya gunakan LINUX2 script untuk mencopy files ke chroot jail.

Install SquirrelMail (webmail), PHP

mail:/usr/local/src# apt-get install squirrelmail squirrelmail-locales maildropReading package lists... DoneBuilding dependency treeReading state information... DoneThe following extra packages will be installed:courier-authlib expect tcl8.4Suggested packages:expectk squirrelmail-decode imapproxy php-pear php4-pear php5-ldap php4-ldap tclreadlineThe following NEW packages will be installed:courier-authlib expect maildrop squirrelmail squirrelmail-locales tcl8.40 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.Need to get 5027kB of archives.

---skip--------------

Page 8: Potfix Mail Server Dengan Virtual Domain Lengkap

mail:/usr/local/src# apt-get install php-pear php5-mysql php5-gd php5-cli php5-common php5-mcryptReading package lists... DoneBuilding dependency treeReading state information... Donesudo is already the newest version.php5-mysql is already the newest version.php5-gd is already the newest version.php5-common is already the newest version.php5-common set to manually installed.php5-mcrypt is already the newest version.Suggested packages:php5-dev php4-devThe following NEW packages will be installed:php-pear php5-cli0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.

----skip----------------

mail:/usr/local/src# apt-get install php-db php-net-socket php-log php-net-smtp php5-imapReading package lists... DoneBuilding dependency treeReading state information... DoneThe following extra packages will be installed:libc-client2007b mlockSuggested packages:uw-mailutils php-mdb2 php5-sqliteThe following NEW packages will be installed:libc-client2007b mlock php-db php-log php-net-smtp php-net-socket php5-imap0 upgraded, 7 newly installed, 0 to remove and 0 not upgraded.Need to get 1014kB of archives.

--------skip---------------

Install dan konfigurasi PostfixAdmin dan deliver

mail:/usr/local/src# groupadd vmail -g 6060mail:/usr/local/src# useradd vmail -u 6060 -g 6060mail:/usr/local/src# mkdir /var/vmailmail:/usr/local/src# chown -R vmail:vmail /var/vmailmail:/usr/local/src# chmod -R 700 /var/vmailmail:/usr/local/src# wget http://superb-east.dl.sourceforge.net/sourceforge/postfixadmin/postfixadmin_2.2.1.1_all.deb--2009-09-08 13:03:13-- http://superb-east.dl.sourceforge.net/sourceforge/postfixadmin/postfixadmin_2.2.1.1_all.debResolving superb-east.dl.sourceforge.net... 209.160.66.130Connecting to superb-east.dl.sourceforge.net|209.160.66.130|:80... connected.HTTP request sent, awaiting response... 302 FoundLocation: http://prdownloads.sourceforge.net/postfixadmin/postfixadmin_2.2.1.1_all.deb?download&failedmirror=superb-east.dl.sourceforge.net [following]--2009-09-08 13:03:13-- http://prdownloads.sourceforge.net/postfixadmin/postfixadmin_2.2.1.1_all.deb?download&failedmirror=superb-east.dl.sourceforge.netResolving prdownloads.sourceforge.net... 216.34.181.59

Page 9: Potfix Mail Server Dengan Virtual Domain Lengkap

---------skip-----------------Length: 958568 (936K) [application/octet-stream]Saving to: `postfixadmin_2.2.1.1_all.deb'100%[=============================>] 958,568 582K/s in 1.6s2009-09-08 13:03:16 (582 KB/s) - `postfixadmin_2.2.1.1_all.deb' saved [958568/958568]mail:/usr/local/src# dpkg -i postfixadmin_2.2.1.1_all.debSelecting previously deselected package postfixadmin.(Reading database ... 35506 files and directories currently installed.)Unpacking postfixadmin (from postfixadmin_2.2.1.1_all.deb) ...Setting up postfixadmin (2.2.1.1) ...mail:/usr/local/src#

mail:/usr/local/src# echo "postfixadmin hold" | dpkg --set-selectionsmail:/usr/local/src# mysql -pEnter password:Welcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 34Server version: 5.0.51a-24+lenny2-log (Debian)

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> CREATE DATABASE postfix;Query OK, 1 row affected (0.06 sec)

mysql> CREATE USER 'postfix'@'localhost' IDENTIFIED BY 'passwordnya';Query OK, 0 rows affected (0.09 sec)

mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, INDEX, ALTER, DROP ON `postfix`.* TO 'postfix'@'localhost';Query OK, 0 rows affected (0.00 sec)

mysql> FLUSH PRIVILEGES;Query OK, 0 rows affected (0.00 sec)

mysql> QUITBye

mail:/usr/local/src# cd /usr/share/postfixadminmail:/usr/share/postfixadmin# cp config.inc.php config.inc.php.originalmail:/usr/share/postfixadmin# sed -i "s/configured'] = false/configured'] = true/" config.inc.phpmail:/usr/share/postfixadmin# sed -i "s|admin_url'] = ''|admin_url'] = 'https://mail.nusantaraxxx.com/postFixadminx'|" config.inc.phpmail:/usr/share/postfixadmin# sed -i "s|admin_path'] = ''|admin_path'] = '/usr/share/postfixadmin'|" config.inc.phpmail:/usr/share/postfixadmin# sed -i "s/database_type'] = 'mysql'/database_type'] = 'mysqli'/" config.inc.phpmail:/usr/share/postfixadmin# sed -i "s/password'] = 'postfixadmin'/password'] = 'postfix'/" config.inc.phpmail:/usr/share/postfixadmin# sed -i 's/[email protected]/[email protected]/' config.inc.phpmail:/usr/share/postfixadmin# sed -i 's/[email protected]/[email protected]/' config.inc.phpmail:/usr/share/postfixadmin# sed -i 's/[email protected]/[email protected]/' config.inc.phpmail:/usr/share/postfixadmin# sed -i 's/[email protected]/[email protected]/' config.inc.phpmail:/usr/share/postfixadmin# sed -i 's/webmaster@change-this-to-

Page 10: Potfix Mail Server Dengan Virtual Domain Lengkap

your.domain.tld/[email protected]/' config.inc.phpmail:/usr/share/postfixadmin# sed -i 's/autoreply.change-this-to-your.domain.tld/autoreply.nusantaraxxx.com/' config.inc.phpmail:/usr/share/postfixadmin# sed -i 's|to change-this-to-your.domain.tld|to https://mail.nusantaraxxx.com/postFixadminx|' config.inc.phpmail:/usr/share/postfixadmin# sed -i "s/domain_path'] = 'NO/domain_path'] = 'YES/" config.inc.phpmail:/usr/share/postfixadmin# sed -i 's|http://change-this-to-your.domain.tld|https://mail.nusantaraxxx.com/postFixadminx|' config.inc.phpmail:/usr/share/postfixadmin# sed -i "s/domain_in_mailbox'] = 'YES/domain_in_mailbox'] = 'NO/" config.inc.phpmail:/usr/share/postfixadmin# sed -i "s/mailboxes'] = '10'/mailboxes'] = '300'/" config.inc.phpmail:/usr/share/postfixadmin# sed -i "s/aliases'] = '10'/aliases'] = '300'/" config.inc.phpmail:/usr/share/postfixadmin# sed -i "s/maxquota'] = '10'/maxquota'] = '500'/" config.inc.phpmail:/usr/share/postfixadmin# sed -i "s/quota'] = 'NO/quota'] = 'YES/" config.inc.phpmail:/usr/share/postfixadmin# sed -i 's/EHLO/HELO/' functions.inc.phpmail:/usr/share/postfixadmin# cd /usr/share/postfixadminmail:/usr/share/postfixadmin# htpasswd -c .htpasswd postfixadminNew password:Re-type new password:Adding password for user postfixadminmail:/usr/share/postfixadmin#mail:/usr/share/postfixadmin# nano /etc/apache2/conf.d/postfixadmin.confmail:/usr/share/postfixadmin# nano /etc/apache2/conf.d/postfixadmin.confmail:/usr/share/postfixadmin# sed -i s'|Alias /postfixadmin|Alias /postFixadminx|' /etc/apache2/conf.d/postfixadmin.confmail:/usr/share/postfixadmin# /etc/init.d/apache2 restartRestarting web server: apache2 ... waiting .mail:/usr/share/postfixadmin# cd /usr/share/postfixadmin/Kita edit beberapa file didalam direktori /usr/share/postfixadmin/ : create-mailbox.php dan edit-mailbox.phpPostfixadmin dapat diakses di https://mail.nusantaraxxx.com/postfixadminxAdministrasi domain Add Mailbox dan Create mailbox dapat dilakukan menggunakan postfixadmin. Struktur direktori jika sudah dilakukan penambahan mailbox sbb :mail:/usr/share/postfixadmin# ls -l /var/vmail/nusantaraxxx.comtotal 8drwx------ 6 vmail vmail 4096 2009-09-09 00:53 gtomsdrwx------ 6 vmail vmail 4096 2009-09-09 00:54 infomail:/usr/share/postfixadmin#mail:/usr/share/postfixadmin# ls -l /var/lib/squirrelmail/datatotal 8-rw------- 1 www-data www-data 58 2009-09-09 00:53 [email protected] 1 www-data www-data 55 2009-09-09 00:54 [email protected]:/usr/share/postfixadmin#

Kembali ke /etc/postfix :

mail:/etc/postfix# nano mysql_virtual_alias_maps.cf

user = postfixpassword = postfixhosts = 127.0.0.1

Page 11: Potfix Mail Server Dengan Virtual Domain Lengkap

dbname = postfixquery = SELECT goto FROM alias WHERE address='%s' AND active = 1

mail:/etc/postfix# nano mysql_virtual_domains_maps.cf

user = postfixpassword = postfixhosts = 127.0.0.1dbname = postfixquery = SELECT domain FROM domain WHERE domain='%s'#optional query to use when relaying for backup MX#query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '0' and active = '1'

mail:/etc/postfix# nano mysql_virtual_mailbox_maps.cf

user = postfixpassword = postfixhosts = 127.0.0.1dbname = postfixquery = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1

mail:/etc/postfix# chmod 640 mysql_*mail:/etc/postfix# chown root:postfix mysql_*mail:/etc/postfix# cp /etc/postfix/main.cf /etc/postfix/main.cf-domainmail:/etc/postfix# postconf -e "mydestination = mail.nusantaraxxx.com, localhost.nusantaraxxx.com, localhost"mail:/etc/postfix# touch /etc/postfix/virtualmail:/etc/postfix# postmap /etc/postfix/virtualmail:/etc/postfix# cp /etc/postfix/virtual /etc/postfix/amavis_virtualmail:/etc/postfix# postmap /etc/postfix/amavis_virtualmail:/etc/postfix# postconf -e "virtual_minimum_uid = 6060"mail:/etc/postfix# postconf -e "virtual_gid_maps = static:6060"mail:/etc/postfix# postconf -e "virtual_uid_maps = static:6060"mail:/etc/postfix# postconf -e "virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf, hash:/etc/postfix/virtual"mail:/etc/postfix# postconf -e "virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf"mail:/etc/postfix# postconf -e "virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf"mail:/etc/postfix# postconf -e "virtual_transport = dovecot"mail:/etc/postfix# postconf -e "virtual_mailbox_base = /var/vmail/"mail:/etc/postfix# postconf -e "dovecot_destination_concurrency_limit = 2"mail:/etc/postfix# postconf -e "dovecot_destination_recipient_limit = 1"

Konfigurasi Dovecot 'deliver'

mail:/etc/postfix# mkdir /var/sievemail:/etc/postfix# cd /var/sievemail:/var/sieve# nano global.sieve

require "fileinto";if header :contains "X-Spam-Flag" "YES" {fileinto "Spam";}

mail:/var/sieve# chown -R vmail:vmail /var/sievemail:/var/sieve# chmod -R 0700 /var/sieve

Page 12: Potfix Mail Server Dengan Virtual Domain Lengkap

mail:/var/sieve# touch /var/log/dovecot-deliver.logmail:/var/sieve# chown vmail:vmail /var/log/dovecot-deliver.logmail:/var/sieve# cd /etc/logrotate.d/mail:/etc/logrotate.d# nano dovecot-deliver

/var/log/dovecot-deliver.log {rotate 7dailycompressdelaycompresscopytruncatenotifempty}

Tambahkan baris berikut di /etc/postfix/master.cf

dovecot unix - n n - - pipeflags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient} -e

mail:/etc/logrotate.d# postfix stoppostfix/postfix-script: stopping the Postfix mail systemmail:/etc/logrotate.d# postfix startpostfix/postfix-script: starting the Postfix mail system

Konfigurasi Dovecot

mail:/etc/dovecot# nano dovecot.conf

protocols = imap imaps pop3 pop3slog_timestamp = "%Y-%m-%d %H:%M:%S "mail_location = maildir:/var/vmail/%d/%nmail_privileged_group = mailfirst_valid_uid = 6060protocol imap {mail_plugins = autocreate quota imap_quota}protocol pop3 {pop3_uidl_format = %08Xu%08Xvmail_plugins = quota}protocol managesieve {sieve=~/.dovecot.sievesieve_storage=~/sieve}protocol lda {quota_full_tempfail = yesrejection_reason = Your message to <%t> was automatically rejected:%n%r%n%nThe Subject of your message was: %smail_plugins = quota cmusievelog_path = /var/log/dovecot-deliver.logauth_socket_path = /var/run/dovecot/auth-masterpostmaster_address = [email protected]_global_path = /var/sieve/global.sieve}auth default {mechanisms = plain login cram-md5passdb sql {args = /etc/dovecot/dovecot-sql.conf

Page 13: Potfix Mail Server Dengan Virtual Domain Lengkap

}passdb sql {args = /etc/dovecot/dovecot-crammd5.conf}userdb sql {args = /etc/dovecot/dovecot-sql.conf}user = rootsocket listen {master {path = /var/run/dovecot/auth-mastermode = 0600user = vmail}client {path = /var/spool/postfix/private/authmode = 0660user = postfixgroup = postfix}}}dict {}plugin {quota = maildir:User quotaquota_warning = storage=90%% /usr/sbin/quota-warning.sh 90quota_warning2 = storage=70%% /usr/sbin/quota-warning.sh 70autocreate = Spamautosubscribe = Spam}

mail:/etc/dovecot# nano dovecot-sql.conf

driver = mysqlconnect = host=127.0.0.1 dbname=postfix user=postfix password=postfixdefault_pass_scheme = MD5-CRYPTpassword_query = SELECT password FROM mailbox WHERE username = '%u' AND active = '1'user_query = SELECT CONCAT('/var/vmail/',maildir) AS home, 6060 AS uid, 6060 AS gid FROM mailbox WHERE username = '%u' AND active = '1'

mail:/etc/dovecot# nano dovecot-crammd5.conf

driver = mysqlconnect = host=127.0.0.1 dbname=postfix user=postfix password=postfixdefault_pass_scheme = PLAINpassword_query = SELECT clear AS password FROM mailbox WHERE username = '%u' AND active = '1'

mail:/etc/dovecot# chmod 0644 dovecot.confmail:/etc/dovecot# chmod 0600 dovecot-sql.confmail:/etc/dovecot# chmod 0600 dovecot-crammd5.confmail:/etc/dovecot# /etc/init.d/dovecot restartRestarting IMAP/POP3 mail server: dovecotInfo: If you have trouble with authentication failures,enable auth_debug setting.mail:/etc/dovecot# ls -al /var/vmail/nusantaraxxx.com/test/newtotal 12drwx------ 2 vmail vmail 4096 2009-09-14 11:17 .

Page 14: Potfix Mail Server Dengan Virtual Domain Lengkap

drwx------ 9 vmail vmail 4096 2009-09-14 11:17 ..-rw------- 1 vmail vmail 1933 2009-09-14 11:17 1252901869.M766215P1455.mail,S=1933,W=1973

mail:/home/gtoms# cat /var/log/dovecot-deliver.logdeliver([email protected]): 2009-09-09 01:12:12 Info: msgid=<[email protected]>: saved mail to INBOXmail:/home/gtoms#

maildircheck

mail:/home/gtoms#cp -i /usr/share/doc/postfixadmin/ADDITIONS/cleanupdirs.pl /usr/sbin/maildircheckmail:/home/gtoms#touch /var/log/maildircheck.logmail:/home/gtoms#sed -i "s|/home/vmail|/var/vmail|" /usr/sbin/maildircheckmail:/home/gtoms#sed -i "s/removed_maildirs.log/maildircheck.log/" /usr/sbin/maildircheckmail:/home/gtoms#sed -i "s/someuser/postfix/" /usr/sbin/maildircheckmail:/home/gtoms#sed -i "s/somepass/postfix/" /usr/sbin/maildircheckmail:/home/gtoms#sed -i "s/ rmtree/# rmtree/" /usr/sbin/maildircheckmail:/home/gtoms#sed -i "s/'\$to_delete'/\$to_delete/" /usr/sbin/maildircheckmail:/home/gtoms#sed -i "s/Need to delete/Orphaned/" /usr/sbin/maildircheckmail:/home/gtoms#chmod 700 /usr/sbin/maildircheckmail:/home/gtoms#cd /etc/logrotate.dmail:/home/gtoms#nano maildircheck

/var/log/maildircheck.log {rotate 2monthlycompressdelaycompresscopytruncatenotifempty}

Configure SASL dan TLS

mail:/home/gtoms# postconf -e "smtpd_sasl_type = dovecot"mail:/home/gtoms# postconf -e "smtpd_sasl_path = private/auth"mail:/home/gtoms# postconf -e "broken_sasl_auth_clients = yes"mail:/home/gtoms# postconf -e "smtpd_sasl_auth_enable = yes"mail:/home/gtoms# postconf -e "smtpd_sasl_local_domain = \$myhostname"mail:/home/gtoms# postconf -e "smtpd_sasl_security_options = noanonymous"mail:/home/gtoms# postconf -e "smtpd_sasl_authenticated_header = yes"mail:/home/gtoms# postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination"

Tambakan pada /etc/postfix/master.cf

submission inet n - - - - smtpd-o smtpd_tls_security_level=may-o smtpd_sasl_auth_enable=yes-o smtpd_client_restrictions=permit_sasl_authenticated,reject

smtps inet n - - - - smtpd-o smtpd_tls_security_level=encrypt

Page 15: Potfix Mail Server Dengan Virtual Domain Lengkap

-o smtpd_tls_wrappermode=yes-o smtpd_sasl_auth_enable=yes-o smtpd_client_restrictions=permit_sasl_authenticated,reject

4650 inet n - - - - smtpd-o smtpd_tls_security_level=encrypt-o smtpd_sasl_auth_enable=yes-o smtpd_client_restrictions=permit_sasl_authenticated,reject

mail:/home/gtoms# /etc/init.d/postfix restartStopping Postfix Mail Transport Agent: postfix.Starting Postfix Mail Transport Agent: postfix.

Install dan configure amavisd-new, clamav

mail:/home/gtoms# apt-get install amavisd-new spamassassinReading package lists... DoneBuilding dependency treeReading state information... DoneThe following extra packages will be installed:libfont-afm-perl libhtml-format-perl libhtml-parser-perl libhtml-tagset-perl libhtml-tree-perl libio-socket-inet6-perl libmail-spf-perllibnetaddr-ip-perl libsocket6-perl libsys-syslog-perl libwww-perl re2c spamcSuggested packages:clamav clamav-daemon lha arj unrar zoo nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl dspam razor pyzorThe following NEW packages will be installed:amavisd-new libfont-afm-perl libhtml-format-perl libhtml-parser-perl libhtml-tagset-perl libhtml-tree-perl libio-socket-inet6-perllibmail-spf-perl libnetaddr-ip-perl libsocket6-perl libsys-syslog-perl libwww-perl re2c spamassassin spamc0 upgraded, 15 newly installed, 0 to remove and 0 not upgraded.Need to get 3280kB of archives.

-------skip---------------

mail:/home/gtoms# apt-get install clamav clamav-daemon arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl libmail-dkim-perl libio-socket-ssl-perl libnet-ident-perl pyzor razorReading package lists... DoneBuilding dependency treeReading state information... Donelibmail-dkim-perl is already the newest version.libio-socket-ssl-perl is already the newest version.libnet-ident-perl is already the newest version.The following extra packages will be installed:clamav-base clamav-freshclam libclamav6 libconvert-asn1-perl liblzo2-2 libtommath0 lsb-release python-apt python-gdbm python-supportSuggested packages:x-terminal-emulator python-glade2 python-gtk2 clamav-docs daemon libgssapi-perl libclamunrar6 libxml-parser-perl libxml-sax-perl lsbpython-apt-dbg python-gdbm-dbgThe following NEW packages will be installed:apt-listchanges arj cabextract clamav clamav-base clamav-daemon clamav-freshclam libauthen-sasl-perl libclamav6 libconvert-asn1-perlliblzo2-2 libnet-ldap-perl libtommath0 lsb-release lzop nomarch python-apt python-gdbm python-support pyzor razor0 upgraded, 21 newly installed, 0 to remove and 0 not upgraded.

Page 16: Potfix Mail Server Dengan Virtual Domain Lengkap

Need to get 25.1MB of archives.After this operation, 30.8MB of additional disk space will be used.

---------skip-----------------

mail:/home/gtoms# gpasswd -a clamav amavisAdding user clamav to group amavismail:/home/gtoms# freshclamClamAV update process started at Wed Sep 9 15:40:57 2009main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)daily.cvd is up to date (version: 9786, sigs: 77519, f-level: 43, builder: guitar)mail:/home/gtoms# /etc/init.d/clamav-daemon stopStopping ClamAV daemon: clamd.mail:/home/gtoms# /etc/init.d/clamav-daemon startStarting ClamAV daemon: clamd sa-updatemail:/home/gtoms# sa-updatemail:/home/gtoms# cd /etc/amavis/conf.d/mail:/etc/amavis/conf.d# sed -i 's/#@bypass_virus_/@bypass_virus_/' 15-content_filter_modemail:/etc/amavis/conf.d# sed -i 's/# \\%bypass_vi/ \\%bypass_vi/' 15-content_filter_modemail:/etc/amavis/conf.d# sed -i 's/#@bypass_spam_/@bypass_spam_/' 15-content_filter_modemail:/etc/amavis/conf.d# sed -i 's/# \\%bypass_s/ \\%bypass_s/' 15-content_filter_mode

mail:/etc/amavis/conf.d# cat 15-content_filter_modeuse strict;

@bypass_virus_checks_maps = (\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

@bypass_spam_checks_maps = (\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

mail:/etc/amavis/conf.d# /etc/init.d/amavis restartStopping amavisd: amavisd-new.Starting amavisd: amavisd-new.

mail:/usr/sbin#nano sa-update.sh

#!/bin/bashtest -x /usr/bin/sa-update || exit 0/usr/bin/sa-updatecode1=$?if [[ $code1 > 1 ]]; thenecho "problem with sa-update"fi/usr/bin/sa-update --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.comcode2=$?if [[ $code2 > 1 ]]; thenecho "problem with openprotect update"firm -f /var/lib/spamassassin/3.002003/saupdates_openprotect_com/70_sare_whitelist_

Page 17: Potfix Mail Server Dengan Virtual Domain Lengkap

spf.cfrm -f /var/lib/spamassassin/3.002003/saupdates_openprotect_com/70_sare_stocks.cfrm -f /var/lib/spamassassin/3.002003/saupdates_openprotect_com/loadplugins.preif [[ `expr $code1 + $code2` < 2 ]]; then/usr/bin/spamassassin --lintcode3=$?if [[ $code3 = 0 ]]; thentest -x /usr/sbin/amavisd-new || exit 0/etc/init.d/amavis restart >/dev/nullelseecho "spamassassin failed to lint"fifi

mail:/usr/sbin# chmod +x sa-update.shmail:/usr/sbin# sa-update.shmasukkan di crontab melalui crontab -e

Mengaktifkan SpamAssassin DKIM plugin:

mail:/usr/sbin# nano /etc/spamassassin/v312.premail:/usr/sbin# su amavis -c 'spamassassin --lint'File /etc/amavis/conf.d/50-user perlu diedit untuk domain mailserver yang akan digunakan pada sistem ini nusantaraxxx.xom, mail.nusantaraxxx.com sbb :

$mydomain = 'nusantaraxxx.com';$myhostname = 'mail.nusantaraxxx.com';

@virus_admin_maps = ({'.example.com' => '[email protected]','.example.net' => '[email protected]','.' => '[email protected]',});@banned_admin_maps = ({'.example.com' => '[email protected]','.example.net' => '[email protected]','.' => '[email protected]',

# Here we set up access to MySQL data:@lookup_sql_dsn = ( ['DBI:mysql:amavis:localhost', 'amavis', 'amavis_password'] );@storage_sql_dsn = @lookup_sql_dsn;

MySQL skema for amavisd-new :

mail:/usr/sbin# cdmail:~# wget http://henry.gultom.or.id/mecham/amavis-260-sqmail.sql.txt--2009-09-09 16:08:29-- http://henry.gultom.or.id/mecham/amavis-260-sqmail.sql.txtResolving henry.gultom.or.id... 202.59.206.84Connecting to henry.gultom.or.id|202.59.206.84|:80... connected.HTTP request sent, awaiting response... 200 OKLength: 13188 (13K) [text/plain]Saving to: `amavis-260-sqmail.sql.txt'100%[====================================================>] 13,188 --.-K/s in 0.06s

Page 18: Potfix Mail Server Dengan Virtual Domain Lengkap

2009-09-15 14:58:29 (216 KB/s) - `amavis-260-sqmail.sql.txt' saved [13188/13188]mail:~# sed -i "s/BY 'password'/BY 'amavis_password'/" amavis-260-sqmail.sql.txtmail:~# chmod 600 amavis-260-sqmail.sql.txtmail:~# mysql -u root -p < amavis-260-sqmail.sql.txtEnter password:mail:~# chmod 640 /etc/amavis/conf.d/50-usermail:~# nano /usr/sbin/local_domains.shmail:~# chmod 700 /usr/sbin/local_domains.shmail:~# local_domains.shmail:~# nano /usr/sbin/local_domains.sh

#!/bin/bashmysql -upostfix -ppostfix postfix -B -N -e "select concat('.',domain) from domain" >/var/lib/amavis/local_domains

mail:~# cat /var/lib/amavis/local_domains.ALL.nusantaraxxx.com

Tambahkan di /etc/sudoers :

www-data mail=NOPASSWD: /usr/sbin/local_domains.sh

mail:~# cd /usr/share/postfixadminmail:/usr/share/postfixadmin# wget http://henry.gultom.or.id/mecham/domain.patch.v2.txt--2009-09-15 15:10:54-- http://henry.gultom.or.id/mecham/domain.patch.v2.txtResolving henry.gultom.or.id... 202.59.206.84Connecting to henry.gultom.or.id|202.59.206.84|:80... connected.HTTP request sent, awaiting response... 200 OKLength: 756 [text/plain]Saving to: `domain.patch.v2.txt'100%[=========================================>] 756 --.-K/s in 0s2009-09-15 15:10:54 (56.8 MB/s) - `domain.patch.v2.txt' saved [756/756]mail:/usr/share/postfixadmin# patch -p0 < domain.patch.v2.txtpatching file create-domain.phppatching file delete.phpmail:/usr/share/postfixadmin# /etc/init.d/amavis restartStopping amavisd: amavisd-new.Starting amavisd: amavisd-new.mail:/usr/share/postfixadmin#

Konfigurasi Postfix menggunakan Amavisd-new :

mail:/etc/cron.daily# nano /etc/postfix/master.cf

smtp inet n - - - - smtpd-o smtpd_sasl_auth_enable=no-o content_filter=smtp-amavis:[127.0.0.1]:10024

submission inet n - - - - smtpd-o smtpd_tls_security_level=may-o smtpd_sasl_auth_enable=yes-o smtpd_client_restrictions=permit_sasl_authenticated,reject-o content_filter=smtp-amavis:[127.0.0.1]:10026

Page 19: Potfix Mail Server Dengan Virtual Domain Lengkap

smtps inet n - - - - smtpd-o smtpd_tls_security_level=encrypt-o smtpd_tls_wrappermode=yes-o smtpd_sasl_auth_enable=yes-o smtpd_client_restrictions=permit_sasl_authenticated,reject-o content_filter=smtp-amavis:[127.0.0.1]:10026

4650 inet n - - - - smtpd-o smtpd_tls_security_level=encrypt-o smtpd_sasl_auth_enable=yes-o smtpd_client_restrictions=permit_sasl_authenticated,reject-o content_filter=smtp-amavis:[127.0.0.1]:10026

pickup fifo n - - 60 1 pickup-o content_filter=

smtp-amavis unix - - n - 5 smtp-o smtp_data_done_timeout=1200-o smtp_send_xforward_command=yes-o disable_dns_lookups=yes

127.0.0.1:10025 inet n - n - - smtpd-o content_filter=-o local_recipient_maps=-o relay_recipient_maps=-o smtpd_restriction_classes=-o smtpd_delay_reject=no-o smtpd_client_restrictions=permit_mynetworks,reject-o smtpd_helo_restrictions=-o smtpd_sender_restrictions=-o smtpd_recipient_restrictions=permit_mynetworks,reject-o smtpd_data_restrictions=reject_unauth_pipelining-o smtpd_end_of_data_restrictions=-o mynetworks=127.0.0.0/8-o smtpd_error_sleep_time=0-o smtpd_soft_error_limit=1001-o smtpd_hard_error_limit=1000-o smtpd_client_connection_count_limit=0-o smtpd_client_connection_rate_limit=0-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters

127.0.0.1:10035 inet n - n - - smtpd-o content_filter=-o local_recipient_maps=-o relay_recipient_maps=-o smtpd_restriction_classes=-o smtpd_delay_reject=no-o smtpd_client_restrictions=permit_mynetworks,reject-o smtpd_helo_restrictions=-o smtpd_sender_restrictions=-o smtpd_recipient_restrictions=permit_mynetworks,reject-o smtpd_data_restrictions=reject_unauth_pipelining-o smtpd_end_of_data_restrictions=-o mynetworks=127.0.0.0/8-o smtpd_error_sleep_time=0-o smtpd_soft_error_limit=1001-o smtpd_hard_error_limit=1000-o smtpd_client_connection_count_limit=0

Page 20: Potfix Mail Server Dengan Virtual Domain Lengkap

-o smtpd_client_connection_rate_limit=0-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters

mail:/etc/cron.daily# /etc/init.d/postfix restartStopping Postfix Mail Transport Agent: postfix.Starting Postfix Mail Transport Agent: postfix.

Konfigurasi PYZOR

mail:/etc/cron.daily# pyzor discoverdownloading servers from http://pyzor.sourceforge.net/cgi-bin/inform-servers-0-3-xmail:/etc/cron.daily# su amavis -c 'pyzor discover'downloading servers from http://pyzor.sourceforge.net/cgi-bin/inform-servers-0-3-xmail:/etc/cron.daily# echo "82.94.255.100:24441" > /var/lib/amavis/.pyzor/serversmail:/etc/cron.daily# echo "82.94.255.100:24441" > /root/.pyzor/serversmail:/etc/cron.daily# su amavis -c 'pyzor ping'82.94.255.100:24441 TimeoutError:mail:/etc/cron.daily# su amavis -c 'pyzor ping'82.94.255.100:24441 TimeoutError:mail:/etc/cron.daily# nano /etc/spamassassin/local.cfmail:/etc/cron.daily# spamassassin --lintmail:/etc/cron.daily# /etc/init.d/amavis restartStopping amavisd: amavisd-new.Starting amavisd: amavisd-new.

Menambahkan Bayes dan AWL tables di MySQL

mail:/etc/cron.daily# cd /etc/spamassassin/mail:/etc/spamassassin# wget http://henry.gultom.or.id/mecham/gv-bayes-awl.sql.txtmail:/etc/spamassassin# sed -i 's/paSSw0rd/sa_password/' gv-bayes-awl.sql.txtmail:/etc/spamassassin# mysql -u root -p < gv-bayes-awl.sql.txtmail:/etc/spamassassin# rm gv-bayes-awl.sql.txtmail:/etc/spamassassin# wget http://henry.gultom.or.id/mecham/local.cf-bayes-awl.txtmail:/etc/spamassassin# cat local.cf-bayes-awl.txt local.cf-before-mysql > local.cfmail:/etc/spamassassin# sed -i 's/paSSw0rd/sa_password/' local.cfmail:/etc/spamassassin# chmod 0640 local.cfmail:/etc/spamassassin# chown root:amavis local.cfmail:/etc/spamassassin# spamassassin --lintmail:/etc/spamassassin# /etc/init.d/amavis restartStopping amavisd: amavisd-new.Starting amavisd: amavisd-new.

Configure dan customize SquirrelMail

mail:/home/gtoms# echo "Include /etc/squirrelmail/apache.conf" >> /etc/apache2/apache2.confmail:/home/gtoms# cd /etc/squirrelmail/mail:/home/gtoms# sed -i "s|Alias /squirrelmail|Alias /mail|" apache.confmail:/home/gtoms# sed -i "s|allow from 127.0.0.1|allow from 202.77.33.xxx|" apache.conf

Page 21: Potfix Mail Server Dengan Virtual Domain Lengkap

mail:/home/gtoms# /etc/init.d/apache2 restartRestarting web server: apache2 ... waiting .mail:/home/gtoms# cd /usr/share/squirrelmail/plugins/mail:/usr/share/squirrelmail/plugins# wget http://www.squirrelmail.org/plugins/check_quota-1.4-re-1.2.7.tar.gz--2009-09-09 16:51:30-- http://www.squirrelmail.org/plugins/check_quota-1.4-re-1.2.7.tar.gzResolving www.squirrelmail.org... 82.94.230.148Connecting to www.squirrelmail.org|82.94.230.148|:80... connected.HTTP request sent, awaiting response... 200 OKLength: 34069 (33K) [application/x-gzip]Saving to: `check_quota-1.4-re-1.2.7.tar.gz'100%[=====================================>] 34,069 33.7K/s in 1.0s2009-09-09 16:51:32 (33.7 KB/s) - `check_quota-1.4-re-1.2.7.tar.gz' saved [34069/34069]mail:/usr/share/squirrelmail/plugins# tar xzf check_quota-1.4-re-1.2.7.tar.gzmail:/usr/share/squirrelmail/plugins# cp check_quota/config.php.sample check_quota/config.phpmail:/usr/share/squirrelmail/plugins# wget http://www.squirrelmail.org/plugins/timeout_user-1.1.1-0.5.tar.gz--2009-09-09 16:52:23-- http://www.squirrelmail.org/plugins/timeout_user-1.1.1-0.5.tar.gzResolving www.squirrelmail.org... 82.94.230.148Connecting to www.squirrelmail.org|82.94.230.148|:80... connected.HTTP request sent, awaiting response... 200 OKLength: 4101 (4.0K) [application/x-gzip]Saving to: `timeout_user-1.1.1-0.5.tar.gz'100%[====================================>] 4,101 12.1K/s in 0.3s2009-09-09 16:52:24 (12.1 KB/s) - `timeout_user-1.1.1-0.5.tar.gz' saved [4101/4101]mail:/usr/share/squirrelmail/plugins# tar xzf timeout_user-1.1.1-0.5.tar.gzmail:/usr/share/squirrelmail/plugins# wget http://www.squirrelmail.org/plugins/compatibility-2.0.9-1.0.tar.gz--2009-09-09 16:52:33-- http://www.squirrelmail.org/plugins/compatibility-2.0.9-1.0.tar.gzResolving www.squirrelmail.org... 82.94.230.148Connecting to www.squirrelmail.org|82.94.230.148|:80... connected.HTTP request sent, awaiting response... 200 OKLength: 31763 (31K) [application/x-gzip]Saving to: `compatibility-2.0.9-1.0.tar.gz'100%[=========================================>] 31,763 30.5K/s in 1.0s2009-09-09 16:52:35 (30.5 KB/s) - `compatibility-2.0.9-1.0.tar.gz' saved [31763/31763]mail:/usr/share/squirrelmail/plugins# tar xzf compatibility-2.0.9-1.0.tar.gzmail:/usr/share/squirrelmail/plugins# wget http://www.squirrelmail.org/plugins/amavisnewsql-0.8.0-1.4.tar.gz--2009-09-09 16:52:44-- http://www.squirrelmail.org/plugins/amavisnewsql-0.8.0-1.4.tar.gzResolving www.squirrelmail.org... 82.94.230.148Connecting to www.squirrelmail.org|82.94.230.148|:80... connected.HTTP request sent, awaiting response... 200 OKLength: 101008 (99K) [application/x-gzip]Saving to: `amavisnewsql-0.8.0-1.4.tar.gz'100%[===========================================>] 101,008 72.0K/s in 1.4s2009-09-09 16:52:46 (72.0 KB/s) - `amavisnewsql-0.8.0-1.4.tar.gz' saved [101008/101008]mail:/usr/share/squirrelmail/plugins# tar xzf amavisnewsql-0.8.0-1.4.tar.gzmail:/usr/share/squirrelmail/plugins# mkdir /var/lib/amavis/.notstoredmail:/usr/share/squirrelmail/plugins# chown -R amavis:amavis

Page 22: Potfix Mail Server Dengan Virtual Domain Lengkap

/var/lib/amavismail:/usr/share/squirrelmail/plugins# sed -i 's/minutes = 120;/minutes = 20;/' timeout_user/config.phpmail:/usr/share/squirrelmail/plugins# cd amavisnewsqlmail:/usr/share/squirrelmail/plugins/amavisnewsql# cp config.php.dist config.phpmail:/usr/share/squirrelmail/plugins/amavisnewsql# sed -i 's|pgsql://postgres:@localhost|mysql://amavis:amavis_password@localhost|' config.phpmail:/usr/share/squirrelmail/plugins/amavisnewsql# sed -i 's|"yourdomain.com"|"nusantaraxxx.com"|' config.phpmail:/usr/share/squirrelmail/plugins/amavisnewsql# sed -i 's|use_quarantine"] = true|use_quarantine"] = false|' config.phpmail:/usr/share/squirrelmail/plugins/amavisnewsql# sed -i 's|/htdocs/squirrel/|/usr/share/squirrelmail/|' utils/cleanquarantine.phpmail:/usr/share/squirrelmail/plugins/amavisnewsql# sed -i 's|/htdocs/squirrel/|/usr/share/squirrelmail/|' utils/generatedigest.phpmail:/usr/share/squirrelmail/plugins/amavisnewsql# sed -i 's|/htdocs/squirrel/|/usr/share/squirrelmail/|' utils/process_bsmtp.phpmail:/usr/share/squirrelmail/plugins/amavisnewsql# sed -i 's|/var/virusmails|/var/lib/amavis/virusmails|' utils/process_bsmtp.phpmail:/usr/share/squirrelmail/plugins/amavisnewsql# chown -R root:root /usr/share/squirrelmail/plugins/amavisnewsqlmail:/usr/share/squirrelmail/plugins/amavisnewsql# chmod 644 *mail:/usr/share/squirrelmail/plugins/amavisnewsql# chmod 755 contrib htmlMimeMail-2.5.1 locale po utilsmail:/usr/share/squirrelmail/plugins/amavisnewsql# chmod 640 contrib/*mail:/usr/share/squirrelmail/plugins/amavisnewsql# chmod 640 htmlMimeMail-2.5.1/*mail:/usr/share/squirrelmail/plugins/amavisnewsql# chmod 640 utils/soap/*mail:/usr/share/squirrelmail/plugins/amavisnewsql# chmod 640 utils/*phpmail:/usr/share/squirrelmail/plugins/amavisnewsql# chmod 640 utils/*sqlmail:/usr/share/squirrelmail/plugins/amavisnewsql# chmod 640 config.phpmail:/usr/share/squirrelmail/plugins/amavisnewsql# chown root:www-data config.phpmail:/usr/share/squirrelmail/plugins/amavisnewsql#squirrelmail-configure

Tambahkan plugin amavisnewsql check_quota timeout_user

Browse ke : https://mail.nusantaraxxx.com/mail/

Configure Razor

mail:/usr/share/squirrelmail/plugins/amavisnewsql# cdmail:~# rm /etc/razor/razor-agent.confmail:~# razor-admin -createmail:~# razor-admin -createmail:~# razor-admin -registerRegister successful. Identity stored in /root/.razor/identity-ru8basz_3Lmail:~# sed -i 's/= 3/= 0/' /root/.razor/razor-agent.confmail:~# cp -r /root/.razor /var/lib/amavismail:~# chown -R amavis:amavis /var/lib/amavismail:~# cat /var/lib/amavis/.razor/razor-agent.conf | grep debugleveldebuglevel = 0mail:~#

Install BIND

Page 23: Potfix Mail Server Dengan Virtual Domain Lengkap

mail:~# apt-get install bind9Reading package lists... DoneBuilding dependency treeReading state information... DoneThe following extra packages will be installed:bind9utilsSuggested packages:bind9-doc resolvconf ufwThe following NEW packages will be installed:bind9 bind9utils0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.Need to get 335kB of archives.

--skip----------

mail:~# /etc/init.d/bind9 stopStopping domain name service...: bind9.mail:~# sed -i 's|"-u bind"|"-u bind -t /var/lib/named"|' /etc/default/bind9mail:~# mkdir -p /var/lib/named/etcmail:~# mkdir /var/lib/named/devmail:~# mkdir -p /var/lib/named/var/cache/bindmail:~# mkdir -p /var/lib/named/var/run/bind/runmail:~# mv /etc/bind /var/lib/named/etcmail:~# ln -s /var/lib/named/etc/bind /etc/bindmail:~# mknod /var/lib/named/dev/null c 1 3mail:~# mknod /var/lib/named/dev/random c 1 8mail:~# chmod 666 /var/lib/named/dev/null /var/lib/named/dev/randommail:~# chown -R bind:bind /var/lib/named/var/*mail:~# chown -R bind:bind /var/lib/named/etc/bindmail:~# /etc/init.d/bind9 startStarting domain name service...: bind9.

Tambahkan /etc/bind/named.conf :

logging {category lame-servers {null; };category edns-disabled { null; };};

mail:~#echo "search nusantaraxxx.com" > /etc/resolv.confmail:~#echo "nameserver 202.77.33.xxx" >> /etc/resolv.confmail:~#echo "nameserver 202.77.25.xxx" >> /etc/resolv.confket : 202.77.33.xxx ip mailserver ini.mail:~#/etc/init.d/bind9 restartStopping domain name service...: bind9.Starting domain name service...: bind9.

mail:~# lsof -i | grep :domainnamed 23119 bind 20u IPv6 420824 TCP *:domain (LISTEN)named 23119 bind 21u IPv4 420827 TCP localhost:domain (LISTEN)named 23119 bind 22u IPv4 420829 TCP mail.nusantaraxxx.com:domain (LISTEN)named 23119 bind 512u IPv6 420823 UDP *:domainnamed 23119 bind 513u IPv4 420826 UDP localhost:domainnamed 23119 bind 514u IPv4 420828 UDP mail.nusantaraxxx.com:domain

mail:~# LINUX2postfix/postfix-script: refreshing the Postfix mail systemmail:~# dig yahoo.com

Page 24: Potfix Mail Server Dengan Virtual Domain Lengkap

; <<>> DiG 9.5.1-P3 <<>> yahoo.com;; global options: printcmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14657;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 7, ADDITIONAL: 2;; QUESTION SECTION:;yahoo.com. IN A;; ANSWER SECTION:yahoo.com. 21600 IN A 69.147.114.224yahoo.com. 21600 IN A 209.131.36.159yahoo.com. 21600 IN A 209.191.93.53;; AUTHORITY SECTION:yahoo.com. 172800 IN NS ns8.yahoo.com.yahoo.com. 172800 IN NS ns5.yahoo.com.yahoo.com. 172800 IN NS ns3.yahoo.com.yahoo.com. 172800 IN NS ns4.yahoo.com.yahoo.com. 172800 IN NS ns2.yahoo.com.yahoo.com. 172800 IN NS ns6.yahoo.com.yahoo.com. 172800 IN NS ns1.yahoo.com.;; ADDITIONAL SECTION:ns6.yahoo.com. 172800 IN A 202.43.223.170ns8.yahoo.com. 172800 IN A 202.165.104.22;; Query time: 499 msec;; SERVER: 202.77.33.xxx#53(202.77.33.xxx);; WHEN: Wed Sep 9 17:17:06 2009;; MSG SIZE rcvd: 233

Tambahan untuk Postfix configuration :

mail:~# postmap /etc/postfix/sender_accessmail:~# postmap /etc/postfix/rbl_client_exceptionsmail:~# postmap /etc/postfix/rbl_sender_exceptionsmail:~# postmap /etc/postfix/rbl_recipient_exceptionsmail:~# touch /etc/postfix/reject_over_quotamail:~# postmap /etc/postfix/reject_over_quotamail:~# cp /etc/postfix/main.cf /etc/postfix/main.cf-changesmail:~# postconf -e "smtpd_hard_error_limit = 10"mail:~# postconf -e "smtpd_soft_error_limit = 8"mail:~# postconf -e "smtpd_helo_required = yes"mail:~# postconf -e "smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain"mail:~# postconf -e "smtpd_data_restrictions = reject_unauth_pipelining"mail:~# postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unlisted_recipient,check_recipient_access hash:/etc/postfix/reject_over_quota, check_sender_access hash:/etc/postfix/rbl_sender_exceptions, check_client_access hash:/etc/postfix/rbl_client_exceptions, check_recipient_access hash:/etc/postfix/rbl_recipient_exceptions, reject_rbl_client sbl-xbl.spamhaus.org"mail:~# postconf -e "mydestination = "mail:~# postconf -e "local_transport = error:no local mail delivery"mail:~# /etc/init.d/postfix restartStopping Postfix Mail Transport Agent: postfix.Starting Postfix Mail Transport Agent: postfix.

Set up PostfixAdmin Vacation

Page 25: Potfix Mail Server Dengan Virtual Domain Lengkap

mail:/home/gtoms# apt-get install libdbi-perl libdbd-mysql-perl libmail-sendmail-perl libemail-valid-perl libmime-perl libmime-charset-perl libmime-encwords-perlReading package lists... DoneBuilding dependency treeReading state information... Donelibdbi-perl is already the newest version.libdbi-perl set to manually installed.libdbd-mysql-perl is already the newest version.libdbd-mysql-perl set to manually installed.libmail-sendmail-perl is already the newest version.libmail-sendmail-perl set to manually installed.libmime-perl is already the newest version.libmime-perl set to manually installed.The following extra packages will be installed:libnet-domain-tld-perlThe following NEW packages will be installed:libemail-valid-perl libmime-charset-perl libmime-encwords-perl libnet-domain-tld-perl0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.Need to get 91.3kB of archives.

-------skip----------------

mail:/home/gtoms# addgroup --gid 65501 vacationAdding group `vacation' (GID 65501) ...Done.mail:/home/gtoms# useradd -c "Virtual Vacation" -d /nonexistent -u 65501 -g 65501 -s /sbin/false vacationmail:/home/gtoms# mkdir /var/spool/vacationmail:/home/gtoms# cd /var/spool/vacation/mail:/var/spool/vacation# cp /usr/share/doc/postfixadmin/VIRTUAL_VACATION/vacation.pl.gz .mail:/var/spool/vacation# gunzip vacation.pl.gzmail:/var/spool/vacation# sed -i "s/my \$db_type = 'Pg/#my \$db_type = 'Pg/" vacation.plmail:/var/spool/vacation# sed -i "s/#my \$db_type = 'mysql/my \$db_type = 'mysql/" vacation.plmail:/var/spool/vacation# sed -i "s/db_host = ''/db_host = 'localhost'/" vacation.plmail:/var/spool/vacation# sed -i "s/db_username = 'vacation/db_username = 'postfix/" vacation.plmail:/var/spool/vacation# sed -i "s/db_password = ''/db_password = 'postfix'/" vacation.plmail:/var/spool/vacation# sed -i "s/smtp_server = 'localhost'/smtp_server = 'localhost:10025'/" vacation.plmail:/var/spool/vacation# chown -R vacation:vacation /var/spool/vacationmail:/var/spool/vacation# chmod 750 vacation.pl

Tambahkan di /etc/postfix/transport :

autoreply.nusantaraxxx.com vacation:

Tambahkan di /etc/postfix/master.cf :

vacation unix - n n - - pipeflags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}

Page 26: Potfix Mail Server Dengan Virtual Domain Lengkap

mail:/var/spool/vacation# postmap /etc/postfix/transportmail:/var/spool/vacation# postconf -e "transport_maps = hash:/etc/postfix/transport"mail:/var/spool/vacation# postconf -e "vacation_destination_recipient_limit = 1"mail:/var/spool/vacation# LINUX2postfix/postfix-script: refreshing the Postfix mail systemmail:/var/spool/vacation# sed -i "s/vacation'] = 'NO/vacation'] = 'YES/" /usr/share/postfixadmin/config.inc.php

User dapat mengatur Auto Response settings melalui :https://mail.nusantaralxxx.com/postfixadminx/users

Install Postfixadmin SquirrelMail plugin

mail:/var/spool/vacation# pear channel-update pear.php.netUpdating channel "pear.php.net"Update of Channel "pear.php.net" succeededmail:/var/spool/vacation# pear install MDB2-2.4.1downloading MDB2-2.4.1.tgz ...Starting to download MDB2-2.4.1.tgz (119,790 bytes)..........................done: 119,790 bytesinstall ok: channel://pear.php.net/MDB2-2.4.1MDB2: Optional feature fbsql available (Frontbase SQL driver for MDB2)MDB2: Optional feature ibase available (Interbase/Firebird driver for MDB2)MDB2: Optional feature mysql available (MySQL driver for MDB2)MDB2: Optional feature mysqli available (MySQLi driver for MDB2)MDB2: Optional feature mssql available (MS SQL Server driver for MDB2)MDB2: Optional feature oci8 available (Oracle driver for MDB2)MDB2: Optional feature pgsql available (PostgreSQL driver for MDB2)MDB2: Optional feature querysim available (Querysim driver for MDB2)MDB2: Optional feature sqlite available (SQLite2 driver for MDB2)MDB2: To install optional features use "pear install pear/MDB2#featurename"

mail:/var/spool/vacation# pear install MDB2_Driver_mysql-1.4.1downloading MDB2_Driver_mysql-1.4.1.tgz ...Starting to download MDB2_Driver_mysql-1.4.1.tgz (36,481 bytes)..........done: 36,481 bytesinstall ok: channel://pear.php.net/MDB2_Driver_mysql-1.4.1

mail:/var/spool/vacation# apt-get install subversionReading package lists... DoneBuilding dependency treeReading state information... DoneThe following extra packages will be installed:libneon27-gnutls libserf-0-0 libsvn1Suggested packages:subversion-tools db4.6-utilThe following NEW packages will be installed:libneon27-gnutls libserf-0-0 libsvn1 subversion0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.Need to get 2210kB of archives.After this operation, 6332kB of additional disk space will be used.Do you want to continue [Y/n]? yGet:1 http://kebo.vlsm.org lenny/main libneon27-gnutls 0.28.2-6.1 [115kB]Get:2 http://kebo.vlsm.org lenny/main libserf-0-0 0.2.0-1 [31.2kB]Get:3 http://kebo.vlsm.org lenny/main libsvn1 1.5.1dfsg1-4 [794kB]Get:4 http://kebo.vlsm.org lenny/main subversion 1.5.1dfsg1-4 [1271kB]Fetched 2210kB in 1min4s (34.4kB/s)Selecting previously deselected package libneon27-gnutls.

Page 27: Potfix Mail Server Dengan Virtual Domain Lengkap

(Reading database ... 37314 files and directories currently installed.)Unpacking libneon27-gnutls (from .../libneon27-gnutls_0.28.2-6.1_i386.deb) ...Selecting previously deselected package libserf-0-0.Unpacking libserf-0-0 (from .../libserf-0-0_0.2.0-1_i386.deb) ...Selecting previously deselected package libsvn1.Unpacking libsvn1 (from .../libsvn1_1.5.1dfsg1-4_i386.deb) ...Selecting previously deselected package subversion.Unpacking subversion (from .../subversion_1.5.1dfsg1-4_i386.deb) ...Processing triggers for man-db ...Setting up libneon27-gnutls (0.28.2-6.1) ...Setting up libserf-0-0 (0.2.0-1) ...Setting up libsvn1 (1.5.1dfsg1-4) ...Setting up subversion (1.5.1dfsg1-4) ...mail:/var/spool/vacation#mail:/var/spool/vacation# cd /usr/local/srcmail:/usr/local/src# svn -r 33 co http://squirrelmail-postfixadmin.palepurple.co.uk/svn postfixadmin-pluginA postfixadmin-plugin/trunkA postfixadmin-plugin/trunk/localeA postfixadmin-plugin/trunk/locale/de_DEA postfixadmin-plugin/trunk/locale/de_DE/LC_MESSAGESA postfixadmin-plugin/trunk/locale/de_DE/LC_MESSAGES/postfixadmin.moA postfixadmin-plugin/trunk/locale/de_DE/LC_MESSAGES/postfixadmin.po---------skip-----------mail:/usr/local/src# cd postfixadmin-plugin/tagsmail:/usr/local/src/postfixadmin-plugin/tags# cp -r squirrelmail-postfixadmin-0.4.3/ /usr/share/squirrelmail/plugins/mail:/usr/local/src/postfixadmin-plugin/tags# mv /usr/share/squirrelmail/plugins/squirrelmail-postfixadmin-0.4.3 /usr/share/squirrelmail/plugins/postfixadminmail:/usr/local/src/postfixadmin-plugin/tags# cd /usr/share/squirrelmail/plugins/mail:/usr/share/squirrelmail/plugins# chown -R root:root postfixadminmail:/usr/share/squirrelmail/plugins# cd postfixadminmail:/usr/share/squirrelmail/plugins/postfixadmin# cp config.php.sample config.phpmail:/usr/share/squirrelmail/plugins/postfixadmin# sed -i "s/postgres/mysql/" config.phpmail:/usr/share/squirrelmail/plugins/postfixadmin# sed -i "s/xxxxx/postfix/" config.phpmail:/usr/share/squirrelmail/plugins/postfixadmin# sed -i "s/autoreply.my.domain.com/autoreply.nusantaraxxx.com/" config.phpmail:/usr/share/squirrelmail/plugins/postfixadmin#squirrelmail-configure

SquirrelMail Configuration : Read: config.php (1.4.0)---------------------------------------------------------PluginsInstalled Plugins1. postfixadmin2. amavisnewsql3. check_quota4. timeout_user

-------------skip-----------------

Install MailZu

mail:/usr/share/squirrelmail/plugins/postfixadmin# apt-get install php-mail-mime

Page 28: Potfix Mail Server Dengan Virtual Domain Lengkap

Reading package lists... DoneBuilding dependency treeReading state information... DoneThe following extra packages will be installed:php-mail-mimedecodeThe following NEW packages will be installed:php-mail-mime php-mail-mimedecode0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.Need to get 32.5kB of archives.

----------------skip----------------

mail:/usr/share/squirrelmail/plugins/postfixadmin# cd /var/wwwmail:/var/www# http://downloads.sourceforge.net/project/mailzu/mailzu/MailZu%200.8RC3/MailZu_0.8RC3.tar.gz?use_mirror=biznetnetworksmail:/var/www# tar xzf MailZu_0.8RC3.tar.gzmail:/var/www# mv MailZu_0.8RC3.tar.gz /usr/local/src/mail:/var/www# mv MailZu_0.8RC3 mailzumail:/var/www# cd mailzu/configmail:/var/www/mailzu/config# cd /var/www/mailzu/lib/mail:/var/www/mailzu/lib# cp AmavisdEngine.class.php AmavisdEngine.class.php.originalmail:/var/www/mailzu/lib# cd /var/www/mailzu/configmail:/var/www/mailzu/config# sed -i "s/'user'/'amavis'/" config.phpmail:/var/www/mailzu/config# sed -i "s/'pass'/'amavis_password'/" config.phpmail:/var/www/mailzu/config# sed -i "s/'dbname'/'amavis'/" config.phpmail:/var/www/mailzu/config# sed -i "s/hostname.domain.tld/localhost/" config.phpmail:/var/www/mailzu/config# sed -i "s/binquar'] = false/binquar'] = true/" config.phpmail:/var/www/mailzu/config# sed -i "s/'auth']\['serverType'] = 'ldap'/'auth']\['serverType'] = 'imap'/" config.phpmail:/var/www/mailzu/config# sed -i "s|imaphost.domain.tld:143|localhost:110/pop3/novalidate-cert|" config.phpmail:/var/www/mailzu/config# sed -i "s/'imap_type'] = 'imapssl'/'imap_type'] = 'imap'/" config.phpmail:/var/www/mailzu/config# sed -i "s/'imap_domain_name'] = 'domain.tld'/'imap_domain_name'] = ''/" config.phpmail:/var/www/mailzu/config# sed -i "s/mailzuhost.domain.tld/mail.nusantaraxxx.com/" config.phpmail:/var/www/mailzu/config# sed -i "s/'emailType'] = 'mail'/'emailType'] = 'sendmail'/" config.phpmail:/var/www/mailzu/config# sed -i "s/[email protected]/[email protected]/" config.phpmail:/var/www/mailzu/config# cp ../lib/IMAPAuth.class.php ../lib/IMAPAuth.class.php.originalmail:/var/www/mailzu/config# sed -i "s/, OP_HALFOPEN//" ../lib/IMAPAuth.class.phpmail:/var/www/mailzu/config# cp ../lib/DBEngine.class.php ../lib/DBEngine.class.php.originalmail:/var/www/mailzu/config# sed -i 's/dbtype/dbType/' ../lib/DBEngine.class.phpmail:/var/www/mailzu/config# touch /var/log/mailzu.logmail:/var/www/mailzu/config# chown www-data:www-data /var/log/mailzu.logmail:/var/www/mailzu/config# chmod 660 /var/log/mailzu.logmail:/var/www/mailzu/config# chown -R root:www-data /var/www/mailzumail:/var/www/mailzu/config# chmod 640 config.phpmail:/var/www/mailzu/config# cd /etc/logrotate.d

Page 29: Potfix Mail Server Dengan Virtual Domain Lengkap

mail:/etc/logrotate.d#nano /etc/logrotate.d/mailzu

/var/log/mailzu.log {rotate 7dailycompressdelaycompresscopytruncatenotifempty}

Tambahkan pada /etc/amavis/conf.d/50-user :

$inet_socket_port = [10024, 10026, 9998];$inet_socket_bind = undef;$interface_policy{'9998'} = 'MAILZU';$policy_bank{'MAILZU'} = {protocol => 'AM.PDP',inet_acl => [qw( 127.0.0.1 [::1] 202.77.33.xxx )],};

$banned_files_quarantine_method = 'sql:';$spam_quarantine_method = 'sql:';

mail:/etc/logrotate.d# /etc/init.d/amavis restartStopping amavisd: amavisd-new.Starting amavisd: amavisd-new.mail:/etc/logrotate.d#https://mail.nusantaraxxx.com/mailzu

QUOTAmail:/etc/logrotate.d# cd /usr/sbinmail:/usr/sbin# wget http://henry.gultom.or.id/mecham/quota-warning.sh.txtmail:/usr/sbin# mv quota-warning.sh.txt quota-warning.shmail:/usr/sbin# chmod +x quota-warning.shmail:/usr/sbin# sed -i 's/host.domain.tld/mail.nusantaraxxx.com/' quota-warning.shmail:/usr/sbin# cat /var/vmail/nusantaraxxx.com/test/maildirsize1024000S0 0mail:/usr/sbin# postmap /etc/postfix/reject_over_quota

Install Mailgraph

mail:/usr/sbin# apt-get install mailgraphReading package lists... DoneBuilding dependency treeReading state information... DoneThe following extra packages will be installed:fontconfig libcairo2 libdatrie0 libdirectfb-1.0-0 libfile-tail-perl libfontenc1 libpango1.0-0 libpango1.0-common libpixman-1-0 librrd4 librrds-perllibsysfs2 libthai-data libthai0 libts-0.0-0 libxcb-render-util0 libxcb-render0 libxfont1 libxft2 libxrender1 x-ttcidfont-conf xfonts-encodingsxfonts-utilsSuggested packages:ttf-kochi-gothic ttf-kochi-mincho ttf-thryomanes ttf-baekmuk ttf-arphic-gbsn00lp ttf-arphic-bsmi00lp ttf-arphic-gkai00mp ttf-arphic-bkai00mp

Page 30: Potfix Mail Server Dengan Virtual Domain Lengkap

The following NEW packages will be installed:fontconfig libcairo2 libdatrie0 libdirectfb-1.0-0 libfile-tail-perl libfontenc1 libpango1.0-0 libpango1.0-common libpixman-1-0 librrd4 librrds-perllibsysfs2 libthai-data libthai0 libts-0.0-0 libxcb-render-util0 libxcb-render0 libxfont1 libxft2 libxrender1 mailgraph x-ttcidfont-conf xfonts-encodingsxfonts-utils0 upgraded, 24 newly installed, 0 to remove and 0 not upgraded.

------------skip-----------

mail:/usr/sbin# sed -i 's/IGNORE_LOCALHOST=false/IGNORE_LOCALHOST=true/' /etc/default/mailgraphmail:/usr/sbin# /etc/init.d/mailgraph restartStopping Postfix Mail Statistics: mailgraph.Starting Postfix Mail Statistics: mailgraph.mail:/usr/sbin#

Testing hasil :https://mail.nusantaraxxx.com/cgi-bin/mailgraph.cgi

Install OpenProtect SARE rules

mail:/usr/sbin# cd /etc/spamassassinmail:/etc/spamassassin# wget http://saupdates.openprotect.com/pub.gpg--2009-09-13 17:36:52-- http://saupdates.openprotect.com/pub.gpgResolving saupdates.openprotect.com... 216.32.73.253Connecting to saupdates.openprotect.com|216.32.73.253|:80... connected.HTTP request sent, awaiting response... 200 OKLength: 946 [application/octet-stream]Saving to: `pub.gpg'100%[======================================>] 946 --.-K/s in 0s2009-09-13 17:36:54 (76.8 MB/s) - `pub.gpg' saved [946/946]mail:/etc/spamassassin# sa-update --import pub.gpgmail:/etc/spamassassin# cd /usr/sbinmail:/usr/sbin# wget http://www200.pair.com/mecham/spam/sa-update.sh.txt--2009-09-13 17:37:16-- http://www200.pair.com/mecham/spam/sa-update.sh.txtResolving www200.pair.com... 209.68.2.45Connecting to www200.pair.com|209.68.2.45|:80... connected.HTTP request sent, awaiting response... 200 OKLength: 578 [text/plain]Saving to: `sa-update.sh.txt'100%[======================================>] 578 --.-K/s in 0s2009-09-13 17:37:16 (51.2 MB/s) - `sa-update.sh.txt' saved [578/578]mail:/usr/sbin# mv sa-update.sh.txt sa-update.shmail:/usr/sbin# chmod +x sa-update.shmail:/usr/sbin# sa-update.shmail:/usr/sbin#

Install SaneSecurity dan MSRBL ClamAV signatures

mail:/usr/sbin# apt-get install curl rsyncReading package lists... DoneBuilding dependency treeReading state information... DoneThe following NEW packages will be installed:curl rsync0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.Need to get 536kB of archives.

Page 31: Potfix Mail Server Dengan Virtual Domain Lengkap

After this operation, 922kB of additional disk space will be used.Get:1 http://kebo.vlsm.org lenny/main curl 7.18.2-8lenny3 [208kB]Get:2 http://kebo.vlsm.org lenny/main rsync 3.0.3-2 [328kB]Fetched 536kB in 10s (48.8kB/s)Selecting previously deselected package curl.(Reading database ... 37824 files and directories currently installed.)Unpacking curl (from .../curl_7.18.2-8lenny3_i386.deb) ...Selecting previously deselected package rsync.Unpacking rsync (from .../rsync_3.0.3-2_i386.deb) ...Processing triggers for man-db ...Setting up curl (7.18.2-8lenny3) ...Setting up rsync (3.0.3-2) ...mail:/usr/sbin# cd /usr/sbinmail:/usr/sbin# wget http://henry.gultom.or.id/mecham/UpdateSaneSecurity.sh.txtmail:/usr/sbin# mv UpdateSaneSecurity.sh.txt UpdateSaneSecurity.shmail:/usr/sbin# chmod +x UpdateSaneSecurity.shmail:/usr/sbin# UpdateSaneSecurity.sh

The /usr/sbin/UpdateSaneSecurity.sh setting will only report errors for curl downloads.===================== ClamD is running =====================

Running script manually, do you want to pause execution (y/n)?: yStarting unofficial ClamAV signature updates on Sun Sep 13 17:42:42 WIT 2009

Pausing signature updates for 14 seconds. Time remaining: 1Pause complete, Sun Sep 13 17:42:56 WIT 2009, checking for new signature files...

======================================================================Malware Black List mbl.db Signature File Update======================================================================6 hours have not yet elapsed since the last MBL update.

--- No update was performed at this time ---

Next MBL update will be performed in approximately 6 hour(s), 0 minute(s)

======================================================================MSRBL MSRBL-Images.hdb Signature File Update======================================================================

Number of files: 1Number of files transferred: 1Total file size: 181337 bytesTotal transferred file size: 181337 bytesLiteral data: 181337 bytesMatched data: 0 bytesFile list size: 35File list generation time: 0.001 secondsFile list transfer time: 0.000 secondsTotal bytes sent: 118Total bytes received: 181478

Page 32: Potfix Mail Server Dengan Virtual Domain Lengkap

sent 118 bytes received 181478 bytes 846.60 bytes/sectotal size is 181337 speedup is 1.00

======================================================================MSRBL MSRBL-SPAM.ndb Signature File Update======================================================================

Number of files: 1Number of files transferred: 1Total file size: 244643 bytesTotal transferred file size: 244643 bytesLiteral data: 244643 bytesMatched data: 0 bytesFile list size: 28File list generation time: 0.001 secondsFile list transfer time: 0.000 secondsTotal bytes sent: 46Total bytes received: 244776

sent 46 bytes received 244776 bytes 16884.28 bytes/sectotal size is 244643 speedup is 1.00

======================================================================SecuriteInfo vx.hdb Signature File Update============================================================================================================================================SecuriteInfo honeynet.hdb Signature File Update============================================================================================================================================SecuriteInfo securiteinfo.hdb Signature File Update========================================================================================================================= Update(s) detected, reloading ClamAV databases ===================================================

mail:/usr/sbin# ls -l /var/lib/clamavtotal 40052-rw-r--r-- 1 clamav clamav 4775424 2009-09-13 15:25 daily.cld-rw-r--r-- 1 clamav clamav 43452 2009-09-13 17:46 honeynet.hdb-rw-r--r-- 1 clamav clamav 12530 2009-05-07 18:20 honeynet.hdb.gz-rw-r--r-- 1 clamav clamav 11 2009-09-13 17:43 last-mbl-update.txt-rw-r--r-- 1 clamav clamav 21253696 2009-09-09 15:17 main.cvd-rw-r--r-- 1 clamav clamav 88063 2009-09-13 17:43 mbl.db-rw------- 1 clamav clamav 260 2009-09-13 17:25 mirrors.dat-rw-r--r-- 1 clamav clamav 181337 2009-07-24 17:40 MSRBL-Images.hdb-rw-r--r-- 1 clamav clamav 244643 2009-07-27 15:21 MSRBL-SPAM.ndb-rw-r--r-- 1 clamav clamav 9393566 2009-09-13 17:47 securiteinfo.hdb-rw-r--r-- 1 clamav clamav 3822328 2009-08-28 17:43 securiteinfo.hdb.gz-rw-r--r-- 1 clamav clamav 777577 2009-09-13 17:46 vx.hdb-rw-r--r-- 1 clamav clamav 310223 2009-05-07 21:02 vx.hdb.gzmail:/usr/sbin#

POSTGREYmail:/usr/sbin#apt-get install postgreymail:/usr/sbin#sed -i 's/--inet=127.0.0.1:60000/--inet=127.0.0.1:60000 --delay=29/' /etc/default/postgreymail:/usr/sbin#/etc/init.d/postgrey restartmail:/usr/sbin#ps aux | grep postgrey | grep -v grep

Page 33: Potfix Mail Server Dengan Virtual Domain Lengkap

mail:/usr/sbin#cd /etc/postfixmail:/usr/sbin#wget http://henry.gultom.or.id/mecham/check_client_fqdnmail:/usr/sbin#cp -ip main.cf main.cf-before-greymail:/usr/sbin#postconf -e "smtpd_restriction_classes = check_greylist"mail:/usr/sbin#postconf -e "check_greylist = check_policy_service inet:127.0.0.1:60000"mail:/usr/sbin#cp access greylist_sender_exceptionsmail:/usr/sbin#postmap greylist_sender_exceptionsmail:/usr/sbin#touch cidr_greylist_network_exceptions

Install Botnet SA plugin

mail:/usr/sbin# cd /usr/local/srcmail:/usr/local/src# mkdir Botnet-0.8mail:/usr/local/src# cd Botnet-0.8mail:/usr/local/src/Botnet-0.8# wget http://people.ucsc.edu/~jrudd/spamassassin/Botnet-0.8.tar--2009-09-13 17:49:24-- http://people.ucsc.edu/~jrudd/spamassassin/Botnet-0.8.tarResolving people.ucsc.edu... 128.114.124.1Connecting to people.ucsc.edu|128.114.124.1|:80... connected.HTTP request sent, awaiting response... 200 OKLength: 81920 (80K) [application/x-tar]Saving to: `Botnet-0.8.tar'100%[=====================================>] 81,920 89.6K/s in 0.9s2009-09-13 17:49:26 (89.6 KB/s) - `Botnet-0.8.tar' saved [81920/81920]mail:/usr/local/src/Botnet-0.8# tar -xf Botnet-0.8.tarmail:/usr/local/src/Botnet-0.8# wget http://henry.gultom.or.id/mecham/botnet8patch.txtmail:/usr/local/src/Botnet-0.8# cp Botnet.pm Botnet.pm~mail:/usr/local/src/Botnet-0.8# patch -p0 <botnet8patch.txtpatching file Botnet.pmmail:/usr/local/src/Botnet-0.8# cp Botnet.pm /etc/spamassassin/mail:/usr/local/src/Botnet-0.8# cp Botnet.cf /etc/spamassassin/mail:/usr/local/src/Botnet-0.8# cd /etc/spamassassin/mail:/etc/spamassassin# sed -i 's/5.0/2.0/' Botnet.cfmail:/etc/spamassassin# amavisd-new reloadDaemon [30943] terminated by SIGTERM, waiting for dust to settle...becoming a new daemon...mail:/etc/spamassassin# spamassassin --lint

Install p0f (Passive OS Fingerprinting)

mail:/etc/spamassassin# apt-get install p0fReading package lists... DoneBuilding dependency treeReading state information... DoneThe following extra packages will be installed:libpcap0.8The following NEW packages will be installed:libpcap0.8 p0f0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.Need to get 165kB of archives.After this operation, 430kB of additional disk space will be used.Do you want to continue [Y/n]? yGet:1 http://kebo.vlsm.org lenny/main libpcap0.8 0.9.8-5 [94.4kB]Get:2 http://kebo.vlsm.org lenny/main p0f 2.0.8-1 [70.5kB]Fetched 165kB in 3s (41.3kB/s)Selecting previously deselected package libpcap0.8.(Reading database ... 37869 files and directories currently installed.)

Page 34: Potfix Mail Server Dengan Virtual Domain Lengkap

Unpacking libpcap0.8 (from .../libpcap0.8_0.9.8-5_i386.deb) ...Selecting previously deselected package p0f.Unpacking p0f (from .../archives/p0f_2.0.8-1_i386.deb) ...Processing triggers for man-db ...Setting up libpcap0.8 (0.9.8-5) ...Setting up p0f (2.0.8-1) ...mail:/etc/spamassassin# cd /usr/sbinmail:/usr/sbin# wget http://henry.gultom.or.id/mecham/p0f-analyzer.txtmail:/usr/sbin# mv p0f-analyzer.txt p0f-analyzer.plmail:/usr/sbin# chmod +x p0f-analyzer.plmail:/usr/sbin# cd /etc/init.dmail:/etc/init.d# wget http://henry.gultom.or.id/mecham/p0fmail:/etc/init.d# chmod +x p0fmail:/etc/init.d# update-rc.d p0f defaultsupdate-rc.d: warning: /etc/init.d/p0f missing LSB informationupdate-rc.d: see <http://wiki.debian.org/LSBInitScripts>Adding system startup for /etc/init.d/p0f .../etc/rc0.d/K20p0f -> ../init.d/p0f/etc/rc1.d/K20p0f -> ../init.d/p0f/etc/rc6.d/K20p0f -> ../init.d/p0f/etc/rc2.d/S20p0f -> ../init.d/p0f/etc/rc3.d/S20p0f -> ../init.d/p0f/etc/rc4.d/S20p0f -> ../init.d/p0f/etc/rc5.d/S20p0f -> ../init.d/p0f

mail:/etc/init.d# cd /etc/spamassassinmail:/etc/spamassassin# wget http://henry.gultom.or.id/mecham/p0f.cfmail:/etc/spamassassin# /etc/init.d/p0f startmail:/etc/spamassassin# nano /etc/amavis/conf.d/50-usermail:/etc/spamassassin# amavisd-new reloadWaiting for the process [31135] to terminateDaemon [31135] terminated by SIGTERM, waiting for dust to settle...becoming a new daemon...mail:/etc/spamassassin#

Install altermime

mail:/etc/spamassassin# cd /etcmail:/etc# wget http://henry.gultom.or.id/mecham/disclaimer.txtmail:/etc# cd /usr/local/srcmail:/usr/local/src# wget http://pldaniels.com/altermime/altermime-0.3-dev.tar.gz--2009-09-13 17:58:21-- http://pldaniels.com/altermime/altermime-0.3-dev.tar.gzResolving pldaniels.com... 202.130.35.19Connecting to pldaniels.com|202.130.35.19|:80... connected.HTTP request sent, awaiting response... 200 OKLength: 86569 (85K) [application/x-gzip]Saving to: `altermime-0.3-dev.tar.gz'100%[====================================>] 86,569 30.2K/s in 2.8s2009-09-13 17:58:25 (30.2 KB/s) - `altermime-0.3-dev.tar.gz' saved [86569/86569]mail:/usr/local/src# tar xzf altermime-0.3-dev.tar.gzmail:/usr/local/src# cd altermime-0.3-devmail:/usr/local/src/altermime-0.3-dev#mail:/usr/local/src# cd altermime-0.3-devmail:/usr/local/src/altermime-0.3-dev# make && make installcc -Wall -Werror -g -I. -O2 -c strstack.ccc -Wall -Werror -g -I. -O2 -c mime_alter.ccc -Wall -Werror -g -I. -O2 -c ffget.c

Page 35: Potfix Mail Server Dengan Virtual Domain Lengkap

cc -Wall -Werror -g -I. -O2 -c pldstr.ccc -Wall -Werror -g -I. -O2 -c filename-filters.ccc -Wall -Werror -g -I. -O2 -c logger.ccc -Wall -Werror -g -I. -O2 -c MIME_headers.ccc -Wall -Werror -g -I. -O2 -c libmime-decoders.ccc -Wall -Werror -g -I. -O2 -c boundary-stack.ccc -Wall -Werror -g -I. -O2 -c qpe.ccc -Wall -Werror -g -I. -O2 altermime.c strstack.o mime_alter.o ffget.o pldstr.o filename-filters.o logger.o MIME_headers.o libmime-decoders.o boundary-stack.o qpe.o -o altermimestrip altermimecp altermime /usr/local/binchmod a+rx /usr/local/bin/altermimemail:/usr/local/src/altermime-0.3-dev# nano /etc/amavis/amavisd.confmail:/usr/local/src/altermime-0.3-dev# nano /etc/amavis/conf.d/50-usermail:/usr/local/src/altermime-0.3-dev# amavisd-new reloadWaiting for the process [31219] to terminateDaemon [31219] terminated by SIGTERM, waiting for dust to settle...becoming a new daemon...mail:/usr/local/src/altermime-0.3-dev# nano /etc/disclaimer.txtmail:/usr/local/src/altermime-0.3-dev#

FIREWALL

Sistem mailserver yang dibangun berbeda dengan kebanyakan dan membatasin traffic dan port yang dibuka. Disini port 80 ditutup. Untuk user akan menggunakan port 443 (apache-ssl), 993 (courier-imap-ssl) dan 995 (courier-pop-ssl). Berikut confignya yang diketikkan di konsol langsung :

iptables -Fiptables -N FIREWALLiptables -F FIREWALLiptables -A INPUT -j FIREWALLiptables -A FORWARD -j FIREWALLiptables -A FIREWALL -p tcp -m tcp --dport 25 --syn -j ACCEPTiptables -A FIREWALL -p tcp -m tcp --dport 110 --syn -j ACCEPTiptables -A FIREWALL -p tcp -m tcp --dport 143 --syn -j ACCEPTiptables -A FIREWALL -p tcp -m tcp --dport 443 --syn -j ACCEPTiptables -A FIREWALL -p tcp -m tcp --dport 465 --syn -j ACCEPTiptables -A FIREWALL -p tcp -m tcp --dport 587 --syn -j ACCEPTiptables -A FIREWALL -p tcp -m tcp --dport 993 --syn -j ACCEPTiptables -A FIREWALL -p tcp -m tcp --dport 995 --syn -j ACCEPTiptables -A FIREWALL -p tcp -m tcp --dport 4650 --syn -j ACCEPTiptables -A FIREWALL -p tcp -m tcp -s 222.222.222.222/24 --dport 22 --syn -j ACCEPTiptables -A FIREWALL -i lo -j ACCEPTiptables -A FIREWALL -p udp -m udp --sport 53 -j ACCEPTiptables -A FIREWALL -p tcp -m tcp --sport 53 -j ACCEPTiptables -A FIREWALL -p udp -m udp --dport 123 -j ACCEPTiptables -A FIREWALL -p udp -m udp --sport 6277 -j ACCEPTiptables -A FIREWALL -p udp -m udp --sport 24441 -j ACCEPTiptables -A FIREWALL -p tcp -m tcp --syn -j REJECTiptables -A FIREWALL -p udp -m udp -j REJECTiptables-save > /etc/firewall-rulesiptables-restore < /etc/firewall-rules

kemudian kita masukkan ke /etc/network/interfaces 

pre-up iptables-restore < /etc/firewall-rules

Page 36: Potfix Mail Server Dengan Virtual Domain Lengkap

kemudian kita reboot komputer server ini untuk melihat efek dari keseluruhan instalasi.

Setelah komputer up kita cek status services semua :

mail:/home/gtoms# netstat -nltupActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program nametcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 2072/dovecottcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 2072/dovecottcp 0 0 0.0.0.0:10024 0.0.0.0:* LISTEN 31281/amavisd (masttcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 30900/mastertcp 0 0 0.0.0.0:10026 0.0.0.0:* LISTEN 31281/amavisd (masttcp 0 0 0.0.0.0:4650 0.0.0.0:* LISTEN 30900/mastertcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1874/mysqldtcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 30900/mastertcp 0 0 0.0.0.0:9998 0.0.0.0:* LISTEN 31281/amavisd (masttcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 2072/dovecottcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 2072/dovecottcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 30900/mastertcp 0 0 127.0.0.1:10035 0.0.0.0:* LISTEN 30900/mastertcp 0 0 202.77.33.xxx:53 0.0.0.0:* LISTEN 23271/namedtcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 23271/namedtcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1809/sshdtcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 30900/mastertcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 23271/namedtcp6 0 0 :::53 :::* LISTEN 23271/namedtcp6 0 0 :::22 :::* LISTEN 1809/sshdtcp6 0 0 ::1:953 :::* LISTEN 23271/namedtcp6 0 0 :::443 :::* LISTEN 14091/apache2udp 0 0 127.0.0.1:2345 0.0.0.0:* 31206/perludp 0 0 202.77.33.xxx:53 0.0.0.0:* 23271/namedudp 0 0 127.0.0.1:53 0.0.0.0:* 23271/namedudp6 0 0 :::53 :::* 23271/named

Testing kirim-kiriman email sembari melihat log :

Dari account [email protected] ke Yahoo :

Sep 13 19:01:15 mail postfix/smtpd[4312]: connect from localhost[127.0.0.1]Sep 13 19:01:15 mail postfix/smtpd[4312]: 9407F23A547: client=localhost[127.0.0.1]Sep 13 19:01:15 mail postfix/cleanup[4318]: 9407F23A547: message-id=<[email protected]>Sep 13 19:01:15 mail postfix/qmgr[2465]: 9407F23A547: from=<[email protected]>, size=790, nrcpt=1 (queue active)Sep 13 19:01:15 mail dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, securedSep 13 19:01:15 mail postfix/smtpd[4312]: disconnect from localhost[127.0.0.1]Sep 13 19:01:15 mail dovecot: IMAP([email protected]): Disconnected: Logged out bytes=661/165Sep 13 19:01:16 mail dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, securedSep 13 19:01:16 mail dovecot: IMAP([email protected]): Disconnected: Logged out bytes=340/6932

Page 37: Potfix Mail Server Dengan Virtual Domain Lengkap

Sep 13 19:01:24 mail postfix/smtpd[4331]: connect from localhost[127.0.0.1]Sep 13 19:01:24 mail postfix/smtpd[4331]: 98B1623A562: client=localhost[127.0.0.1]Sep 13 19:01:24 mail postfix/cleanup[4336]: 98B1623A562: message-id=<[email protected]>Sep 13 19:01:24 mail postfix/qmgr[2465]: 98B1623A562: from=<[email protected]>, size=2087, nrcpt=1 (queue active)Sep 13 19:01:24 mail postfix/smtpd[4331]: disconnect from localhost[127.0.0.1]Sep 13 19:01:24 mail amavis[4012]: (04012-04) Passed CLEAN, MYNETS LOCAL [127.0.0.1] [125.161.183.35] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: fFDuKU+SHble, Hits: -0.474, size: 790, queued_as: 98B1623A562, 8980 msSep 13 19:01:24 mail postfix/smtp[4319]: 9407F23A547: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=9.1, delays=0.07/0.02/0.01/9, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=04012-04, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 98B1623A562)Sep 13 19:01:24 mail postfix/qmgr[2465]: 9407F23A547: removedSep 13 19:01:25 mail postfix/smtp[4337]: 98B1623A562: lost connection with a.mx.mail.yahoo.com[67.195.168.31] while receiving the initial server greetingSep 13 19:01:27 mail postfix/anvil[4285]: statistics: max connection rate 1/60s for (smtp:125.160.6.243) at Sep 13 18:58:07Sep 13 19:01:27 mail postfix/anvil[4285]: statistics: max connection count 1 for (smtp:125.160.6.243) at Sep 13 18:58:07Sep 13 19:01:27 mail postfix/anvil[4285]: statistics: max cache size 1 at Sep 13 18:58:07Sep 13 19:01:27 mail postfix/smtp[4337]: 98B1623A562: to=<[email protected]>, relay=g.mx.mail.yahoo.com[206.190.53.191]:25, delay=2.9, delays=0.03/0.05/2.2/0.66, dsn=2.0.0, status=sent (250 ok dirdel)Sep 13 19:01:27 mail postfix/qmgr[2465]: 98B1623A562: removed

Dari Yahoo ke account [email protected] :

Sep 13 19:04:14 mail postfix/smtpd[5347]: connect from n6.bullet.re3.yahoo.com[68.142.237.91]Sep 13 19:04:16 mail postfix/smtpd[5347]: 7BFA523A547: client=n6.bullet.re3.yahoo.com[68.142.237.91]Sep 13 19:04:17 mail postfix/cleanup[5353]: 7BFA523A547: message-id=<[email protected]>Sep 13 19:04:17 mail postfix/qmgr[2465]: 7BFA523A547: from=<[email protected]>, size=9925, nrcpt=1 (queue active)Sep 13 19:04:17 mail postfix/smtpd[5347]: disconnect from n6.bullet.re3.yahoo.com[68.142.237.91]Sep 13 19:04:28 mail postfix/smtpd[5361]: connect from localhost[127.0.0.1]Sep 13 19:04:28 mail postfix/smtpd[5361]: 2BA0C23A566: client=localhost[127.0.0.1]Sep 13 19:04:28 mail postfix/cleanup[5366]: 2BA0C23A566: message-id=<[email protected]>Sep 13 19:04:28 mail postfix/qmgr[2465]: 2BA0C23A566: from=<[email protected]>, size=10555, nrcpt=1 (queue active)Sep 13 19:04:28 mail postfix/smtpd[5361]: disconnect from localhost[127.0.0.1]Sep 13 19:04:28 mail amavis[4007]: (04007-05) Passed CLEAN, [68.142.237.91] [125.161.142.52] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: 3P33XQoWBHif, Hits: 0, size: 9922, queued_as: 2BA0C23A566, 10546 msSep 13 19:04:28 mail postfix/smtp[5354]: 7BFA523A547:

Page 38: Potfix Mail Server Dengan Virtual Domain Lengkap

to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=13, delays=2.5/0.01/0.01/11, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=04007-05, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 2BA0C23A566)Sep 13 19:04:28 mail postfix/qmgr[2465]: 7BFA523A547: removedSep 13 19:04:28 mail postfix/pipe[5367]: 2BA0C23A566: to=<[email protected]>, relay=dovecot, delay=0.24, delays=0.03/0.04/0/0.17, dsn=2.0.0, status=sent (delivered via dovecot service)Sep 13 19:04:28 mail postfix/qmgr[2465]: 2BA0C23A566: removed

Page 39: Potfix Mail Server Dengan Virtual Domain Lengkap