Build a complete mailserver using Postfix virtual mailboxes
Versi 1.0.0
by : Henry Gultom(henry@gultom.or.id)
Last edited 15/09/2009

Membuat mailserver dari skala besar dan kecil ada banyak softwarenya dari yang kelas komersil(Microsoft Exchange, Lotus Domino,Merak,dsb) sampai kelas opensources(Sendmail,Qmail,Postfix,Zimbra). Cara instalasi dan konfigurasi juga di manja oleh developer software tersebut yang hanya memberikan sebuah file binary installer, tanpa pusing otak-atik konfigurasi didalamnya saat instalasi berlangsung, seperti Merak,Zimbra,Exchange. Berbeda dengan software menggunakan qmail dan postfix yang harus memiliki third party(tambahan) software pendukung lainnya dan mencocokkannya menjadi sebuah solusi complete sebuah mailserver tangguh.

Kali ini saya mencoba mensetup sebuah mailserver yang ribet dan banyak teman-teman pendukungnya untuk membuat sebuah mailserver tangguh. Mailserver ini terdiri dari sistem operasi Debian Lenny, Postfix dengan Virtual mailbox domains dengan PostfixAdmin, MySQL, Dovecot IMAP/POP3, Amavisd-new, SquirrelMail dan MailZu. Ditambah sistem quota, maildirmake, Mailgraph, Pyzor, OpenProtect SARE rules, Razor, Postgrey, SaneSecurity dan MSRBL ClamAV signatures, Botnet SA plugin, Passive OS Fingerprinting(p0f), SpamAssassin Body Rules, Altermime, dan terakhir firewall.

Fungsinya : Postfix virtual mailbox domains (informasi user dan domain disimpan di MySQL), PostfixAdmin(webbased) untuk memaintain database of administrators, domains, aliases, users, maildirs dll, MailZu dimana user dapat maintain quarantined messages, Dovecot IMAP dan POP3 servers User passwords disimpan di MySQL, Dovecot's deliver sebagai local delivery agent, maildirmake untuk membuat maildirs dengan informasi quota, Pembagian setiap domain dengan maildir yang berbeda, cth: /var/vmail/contoh.com/user/, Amavisd-new (dengan SpamAssassin) bisa diseting per user melalui MySQL, SquirrelMail sebagai webmail client. Users dapat memodifikasi level sensitif terhadap spam dan pengaturan white/black lists, Spam langsung di lempar ke user's Spam folder atau masuk quarantine, Email virus scanning menggunakan ClamAV, dan tambahan Mailgraph, OpenProtect SARE rules, Postgrey, SaneSecurity dan MSRBL ClamAV signatures, Botnet SA plugin, p0f, SpamAssassin Body Rules, Altermime. Wah too much pendahuluan, langsung dimulai saja. Berikut proses instalasi dan konfigurasinya yang saya dokumentasikan :

Sistem Operasi
Pasca instalasi Debian Lenny 5.0.3(netinstal) pilih standart system. Perlu dibersihkan lagi dengan membuat paket yang tidak perlu :

apt-get remove nfs-common portmap exim4

Instalasi dan konfigurasi komponen diatas satu persatu :

debian:/home/gtoms# apt-get install openntpd build-essential make automake1.9 gcc bison flex libc6-dev logcheck logcheck-database flip psmisc dpkg-dev libcurl3 libssh2-1 byacc libbz2-dev
Reading package lists... Done
Building dependency tree
Reading state information... Done

----skip-----------

MySQL

debian:/home/gtoms# apt-get install mysql-server
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libdbd-mysql-perl libdbi-perl libhtml-template-perl libmysqlclient15off libnet-daemon-perl libplrpc-perl libterm-readkey-perl mysql-client-5.0
mysql-common mysql-server-5.0

-----skip--------------

Mysql menggunakan tables InnoDB jadi perlu mengedit file /etc/mysql/my.cnf sekalian tunning mysql :

innodb_data_home_dir = /var/lib/mysql/
innodb_log_group_home_dir = /var/lib/mysql/
innodb_log_arch_dir = /var/lib/mysql/
innodb_buffer_pool_size = 192M
innodb_additional_mem_pool_size = 4M
innodb_log_file_size = 48M
innodb_log_buffer_size = 8M
innodb_fast_shutdown = 1

Apache,PHP,SSL certificates,...

debian:/etc/mysql# apt-get install apache2 libapache2-mod-php5 php5 php5-common php5-mysql php5-gd php5-mcrypt mcrypt ca-certificates openssl
Reading package lists... Done
Building dependency tree
Reading state information... Done
ca-certificates is already the newest version.
ca-certificates set to manually installed.
openssl is already the newest version.
openssl set to manually installed.
The following extra packages will be installed:
apache2-mpm-prefork apache2-utils apache2.2-common defoma fontconfig-config libapr1 libaprutil1 libexpat1 libfontconfig1 libfreetype6 libgd2-xpm
libjpeg62 libltdl3 libmcrypt4 libmhash2 libpng12-0 libpq5 libt1-5 libxpm4 openssl-blacklist ssl-cert ttf-dejavu ttf-dejavu-core ttf-dejavu-extra
Suggested packages:
apache2-doc apache2-suexec apache2-suexec-custom defoma-doc dfontmgr psfontmgr x-ttcidfont-conf php-pear libfreetype6-dev libgd-tools libmcrypt-dev

---------skip----------------

debian:/etc/mysql# apt-get install libcompress-raw-zlib-perl libcompress-zlib-perl libdigest-hmac-perl libdigest-sha1-perl libfile-remove-perl libio-compress-base-perl libio-compress-zlib-perl libio-stringy-perl
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
libcompress-raw-zlib-perl libcompress-zlib-perl libdigest-hmac-perl libdigest-sha1-perl libfile-remove-perl libio-compress-base-perl
libio-compress-zlib-perl libio-stringy-perl

--------skip------------------------

debian:/etc/mysql# apt-get install libsys-hostname-long-perl libuser-identity-perl libmail-box-perl libobject-realize-later-perl liburi-perl libio-socket-ssl-perl libnet-ident-perl libmail-dkim-perl pax
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libcrypt-openssl-bignum-perl libcrypt-openssl-rsa-perl liberror-perl libmailtools-perl libmime-types-perl libnet-dns-perl libnet-ip-perl
libnet-libidn-perl libnet-ssleay-perl

-------skip-----------------------

debian:/etc/mysql# apt-get install libarchive-zip-perl libberkeleydb-perl libconvert-binhex-perl libconvert-tnef-perl libconvert-uulib-perl libio-multiplex-perl libmime-tools-perl libnet-cidr-perl libnet-server-perl libunix-syslog-perl
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libmime-perl
The following NEW packages will be installed:
libarchive-zip-perl libberkeleydb-perl libconvert-binhex-perl libconvert-tnef-perl libconvert-uulib-perl libio-multiplex-perl libmime-perl
libmime-tools-perl libnet-cidr-perl libnet-server-perl libunix-syslog-perl
0 upgraded, 11 newly installed, 0 to remove and 0 not upgraded.

--------skip------------------------

POSTFIX

debian:/etc/mysql# apt-get install postfix postfix-pcre postfix-mysql libsasl2-modules-sql libsasl2-modules
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libsqlite0
Suggested packages:
libsasl2-modules-otp libsasl2-modules-ldap libsasl2-modules-gssapi-mit libsasl2-modules-gssapi-heimdal postfix-pgsql postfix-ldap sasl2-bin resolvconf
postfix-cdb ufw

-------skip-----------------------

Answer the questions:
General type of configuration? Internet Site (the default)
Mail name? mail.nusantaraxxxx.com (the default)

DOVECOT

apt-get install dovecot

Set /etc/dovecot/dovecot.conf

protocols = imap imaps pop3 pop3s

Membuat dan Install SSL Certificates

mail:~# sed -i 's/= 365\t/= 3653\t/' /etc/ssl/openssl.cnf
mail:~# mkdir CA
mail:~# cd CA
mail:~/CA# mkdir demoCA
mail:~/CA# cd demoCA
mail:~/CA/demoCA# mkdir newcerts
mail:~/CA/demoCA# mkdir private
mail:~/CA/demoCA# echo '01' > serial
mail:~/CA/demoCA# touch index.txt
mail:~/CA/demoCA# cd ..
mail:~/CA#

mail:~/CA# openssl req -new -x509 -extensions v3_ca -keyout demoCA/private/cakey.pem -out cacert.pem -days 3653
Generating a 1024 bit RSA private key
.........++++++
....++++++
writing new private key to 'demoCA/private/cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

---skip-----------------------

mail:~/CA# dpkg-reconfigure ca-certificates
Updating certificates in /etc/ssl/certs....done.
Running hooks in /etc/ca-certificates/update.d....done

--skip---------------------

mail:~/CA# openssl req -new -nodes -out req.pem
Generating a 1024 bit RSA private key
................................................................................++++++
.................++++++
writing new private key to 'privkey.pem'

---skip------------------

mail:~/CA# cp -i privkey.pem privkey.mail.nusantaraxxx.com.pem
mail:~/CA# chmod 600 privkey.*
mail:~/CA# cp -i req.pem req.mail.nusantaraxxx.com.pem
mail:~/CA# openssl ca -out cert.pem -cert cacert.pem -infiles req.pem
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Sep 7 22:30:27 2009 GMT
Not After : Sep 8 22:30:27 2019 GMT
Subject:
countryName = ID
stateOrProvinceName = DKI Jakarta
organizationName = Nusantaraxxx Mail
organizationalUnitName = IT
commonName = mail.nusantaraxxx.com

mail:~/CA# mv -i cert.pem temp.cert.mail.nusantaraxxx.pem
mail:~/CA# openssl x509 -in temp.cert.mail.nusantaraxxx.com.pem -out cert.pem
mail:~/CA# cp -i cert.pem cert.mail.nusantaraxxx.com.pem
mail:~/CA# cat privkey.mail.nusantaraxxx.pem cert.mail.nusantaraxxx.com.pem >key-cert.pem
mail:~/CA# cp -i key-cert.pem key-cert.mail.nusantaraxxx.com.pem
mail:~/CA# chmod -R 600 /root/CA
mail:~/CA# /etc/init.d/apache2 stop
Stopping web server: apache2 ... waiting .
mail:~/CA# /etc/init.d/apache2 start
Starting web server: apache2.
mail:~/CA# cd /root/CA/
mail:~/CA# cp key-cert.mail.nusantaraxxx.com.pem /etc/apache2/
mail:~/CA# chmod 600 /etc/apache2/key-cert.mail.nusantaraxxx.com.pem
mail:~/CA# a2enmod ssl
Enabling module ssl.
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
Run '/etc/init.d/apache2 restart' to activate new configuration!
mail:~/CA# a2enmod rewrite
Enabling module rewrite.
Run '/etc/init.d/apache2 restart' to activate new configuration!
mail:~/CA# cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
mail:~/CA# nano /etc/apache2/sites-available/default
mail:~/CA# nano /etc/apache2/sites-available/ssl
mail:~/CA# a2ensite ssl
Enabling site ssl.
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
Run '/etc/init.d/apache2 reload' to activate new configuration!
mail:~/CA# /etc/init.d/apache2 stop
Stopping web server: apache2 ... waiting .
mail:~/CA# /etc/init.d/apache2 start
Starting web server: apache2.
mail:~/CA# nano /etc/apache2/sites-available/default
mail:~/CA# /etc/init.d/apache2 restart
Restarting web server: apache2 ... waiting .
mail:~/CA# mv /etc/ssl/certs/dovecot.pem /etc/ssl/certs/dovecot.pem.backup
mail:~/CA# cp cert.mail.nusantaraxxx.pem /etc/ssl/certs/dovecot.pem
mail:~/CA# mv /etc/ssl/private/dovecot.pem /etc/ssl/private/dovecot.pem.backup
mail:~/CA# cp privkey.mail.nusantaraxxx.pem /etc/ssl/private/dovecot.pem
mail:~/CA# chmod 0600 /etc/ssl/private/dovecot.pem
mail:~/CA# /etc/init.d/dovecot restart
Restarting IMAP/POP3 mail server: dovecotInfo: If you have trouble with authentication failures,
enable auth_debug setting.

mail:~/CA# postconf -e "smtpd_tls_cert_file = /etc/ssl/certs/dovecot.pem"
mail:~/CA# postconf -e "smtpd_tls_key_file = /etc/ssl/private/dovecot.pem"
mail:~/CA# postconf -e "smtpd_tls_CAfile = /etc/ssl/certs/cacert.nusantaraxxx.pem"
mail:~/CA# postconf -e "smtpd_tls_received_header = yes"
mail:~/CA# postfix reload
postfix/postfix-script: refreshing the Postfix mail system

mail:~/CA# netstat -nltup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 10232/dovecot
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 10232/dovecot
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1872/mysqld
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 10232/dovecot
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 10232/dovecot
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1807/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2056/master
tcp6 0 0 :::80 :::* LISTEN 10204/apache2
tcp6 0 0 :::22 :::* LISTEN 1807/sshd
tcp6 0 0 :::443 :::* LISTEN 10204/apache2
mail:~/CA#

Menyeting Postfix configuration

mail:/var/www# postconf -e "mydomain = nusantaraxxx.com"
mail:/var/www# postconf -e "myorigin = nusantaraxxx.com"
mail:/var/www# postconf -e "myhostname = mail.nusantaraxxx.com"
mail:/var/www# postconf -e "mydestination = nusantaraxxx.com, mail.nusantaraxxx.com, localhost.nusantaraxxx.com, localhost"
mail:/var/www# sed -i 's/smtpd_use_tls=yes//' /etc/postfix/main.cf
mail:/var/www# postfix reload
postfix/postfix-script: refreshing the Postfix mail system
mail:/var/www#

mail:/var/www# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
inet_interfaces = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = nusantaraxxx.com, mail.nusantaraxxx.com, localhost.nusantaraxxx.com, localhost
mydomain = nusantaraxxx.com
myhostname = mail.nusantaraxxx.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = nusantaraxxx.com
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_tls_CAfile = /etc/ssl/certs/cacert.nusantaraxxx.com.pem
smtpd_tls_cert_file = /etc/ssl/certs/dovecot.pem
smtpd_tls_key_file = /etc/ssl/private/dovecot.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

Kita unduh postfix binary untuk mengambil beberapa sample file yang dibutuhkan.

mail:/var/www# cd /usr/local/src
mail:/usr/local/src# wget http://ftp.debian.org/debian/pool/main/p/postfix/postfix_2.5.5.orig.tar.gz
--2009-09-08 11:51:20-- http://ftp.debian.org/debian/pool/main/p/postfix/postfix_2.5.5.orig.tar.gz
Resolving ftp.debian.org... 130.89.149.226
Connecting to ftp.debian.org|130.89.149.226|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3157877 (3.0M) [application/x-gzip]
Saving to: `postfix_2.5.5.orig.tar.gz'

100%[=======================================>] 3,157,877 807K/s in 4.9s

2009-09-08 11:51:26 (626 KB/s) - `postfix_2.5.5.orig.tar.gz' saved [3157877/3157877]

mail:/usr/local/src# tar xzf postfix_2.5.5.orig.tar.gz
mail:/usr/local/src# cp -i /usr/local/src/postfix-2.5.5/conf/* /etc/postfix
cp: overwrite `/etc/postfix/main.cf'? n
cp: overwrite `/etc/postfix/master.cf'? n
cp: overwrite `/etc/postfix/postfix-files'? n
cp: overwrite `/etc/postfix/postfix-script'? n
cp: overwrite `/etc/postfix/post-install'? n
mail:/usr/local/src# cp -i /etc/postfix/header_checks /etc/postfix/body_checks
mail:/usr/local/src# cp -i /etc/postfix/access /etc/postfix/sender_access
mail:/usr/local/src# cp -i /etc/postfix/access /etc/postfix/rbl_client_exceptions
mail:/usr/local/src# cp -i /etc/postfix/access /etc/postfix/rbl_sender_exceptions
mail:/usr/local/src# cp -i /etc/postfix/access /etc/postfix/rbl_recipient_exceptions
mail:/usr/local/src# cp /usr/local/src/postfix-2.5.5/examples/chroot-setup/LINUX2 /usr/sbin
mail:/usr/local/src# chmod +x /usr/sbin/LINUX2
mail:/usr/local/src# LINUX2
postfix/postfix-script: refreshing the Postfix mail system
mail:/usr/local/src#

Pada sistem Debian, Postfix berjalan dalam mode chrooted. Saya gunakan LINUX2 script untuk mencopy files ke chroot jail.

Install SquirrelMail (webmail), PHP

mail:/usr/local/src# apt-get install squirrelmail squirrelmail-locales maildrop
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
courier-authlib expect tcl8.4
Suggested packages:
expectk squirrelmail-decode imapproxy php-pear php4-pear php5-ldap php4-ldap tclreadline
The following NEW packages will be installed:
courier-authlib expect maildrop squirrelmail squirrelmail-locales tcl8.4
0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.
Need to get 5027kB of archives.

---skip--------------

mail:/usr/local/src# apt-get install php-pear php5-mysql php5-gd php5-cli php5-common php5-mcrypt
Reading package lists... Done
Building dependency tree
Reading state information... Done
sudo is already the newest version.
php5-mysql is already the newest version.
php5-gd is already the newest version.
php5-common is already the newest version.
php5-common set to manually installed.
php5-mcrypt is already the newest version.
Suggested packages:
php5-dev php4-dev
The following NEW packages will be installed:
php-pear php5-cli
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.

----skip----------------

mail:/usr/local/src# apt-get install php-db php-net-socket php-log php-net-smtp php5-imap
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libc-client2007b mlock
Suggested packages:
uw-mailutils php-mdb2 php5-sqlite
The following NEW packages will be installed:
libc-client2007b mlock php-db php-log php-net-smtp php-net-socket php5-imap
0 upgraded, 7 newly installed, 0 to remove and 0 not upgraded.
Need to get 1014kB of archives.

--------skip---------------

Install dan konfigurasi PostfixAdmin dan deliver

mail:/usr/local/src# groupadd vmail -g 6060
mail:/usr/local/src# useradd vmail -u 6060 -g 6060
mail:/usr/local/src# mkdir /var/vmail
mail:/usr/local/src# chown -R vmail:vmail /var/vmail
mail:/usr/local/src# chmod -R 700 /var/vmail
mail:/usr/local/src# wget http://superb-east.dl.sourceforge.net/sourceforge/postfixadmin/postfixadmin_2.2.1.1_all.deb
--2009-09-08 13:03:13-- http://superb-east.dl.sourceforge.net/sourceforge/postfixadmin/postfixadmin_2.2.1.1_all.deb
Resolving superb-east.dl.sourceforge.net... 209.160.66.130
Connecting to superb-east.dl.sourceforge.net|209.160.66.130|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://prdownloads.sourceforge.net/postfixadmin/postfixadmin_2.2.1.1_all.deb?download&failedmirror=superb-east.dl.sourceforge.net [following]
--2009-09-08 13:03:13-- http://prdownloads.sourceforge.net/postfixadmin/postfixadmin_2.2.1.1_all.deb?download&failedmirror=superb-east.dl.sourceforge.net
Resolving prdownloads.sourceforge.net... 216.34.181.59
---------skip-----------------
Length: 958568 (936K) [application/octet-stream]
Saving to: `postfixadmin_2.2.1.1_all.deb'

100%[=============================>] 958,568 582K/s in 1.6s

2009-09-08 13:03:16 (582 KB/s) - `postfixadmin_2.2.1.1_all.deb' saved [958568/958568]

mail:/usr/local/src# dpkg -i postfixadmin_2.2.1.1_all.deb
Selecting previously deselected package postfixadmin.
(Reading database ... 35506 files and directories currently installed.)
Unpacking postfixadmin (from postfixadmin_2.2.1.1_all.deb) ...
Setting up postfixadmin (2.2.1.1) ...
mail:/usr/local/src#

mail:/usr/local/src# echo "postfixadmin hold" | dpkg --set-selections
mail:/usr/local/src# mysql -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 34
Server version: 5.0.51a-24+lenny2-log (Debian)

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> CREATE DATABASE postfix;
Query OK, 1 row affected (0.06 sec)

mysql> CREATE USER 'postfix'@'localhost' IDENTIFIED BY 'passwordnya';
Query OK, 0 rows affected (0.09 sec)

mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, INDEX, ALTER, DROP ON `postfix`.* TO 'postfix'@'localhost';
Query OK, 0 rows affected (0.00 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

mysql> QUIT
Bye

mail:/usr/local/src# cd /usr/share/postfixadmin
mail:/usr/share/postfixadmin# cp config.inc.php config.inc.php.original
mail:/usr/share/postfixadmin# sed -i "s/configured'] = false/configured'] = true/" config.inc.php
mail:/usr/share/postfixadmin# sed -i "s|admin_url'] = ''|admin_url'] = 'https://mail.nusantaraxxx.com/postFixadminx'|" config.inc.php
mail:/usr/share/postfixadmin# sed -i "s|admin_path'] = ''|admin_path'] = '/usr/share/postfixadmin'|" config.inc.php
mail:/usr/share/postfixadmin# sed -i "s/database_type'] = 'mysql'/database_type'] = 'mysqli'/" config.inc.php
mail:/usr/share/postfixadmin# sed -i "s/password'] = 'postfixadmin'/password'] = 'postfix'/" config.inc.php
mail:/usr/share/postfixadmin# sed -i 's/postmaster@change-this-to-your.domain.tld/postmaster@nusantaraxxx.com/' config.inc.php
mail:/usr/share/postfixadmin# sed -i 's/abuse@change-this-to-your.domain.tld/abuse@nusantaraxxx.com/' config.inc.php
mail:/usr/share/postfixadmin# sed -i 's/hostmaster@change-this-to-your.domain.tld/hostmaster@nusantaraxxx.com/' config.inc.php
mail:/usr/share/postfixadmin# sed -i 's/postmaster@change-this-to-your.domain.tld/postmaster@nusantaraxxx.com/' config.inc.php
mail:/usr/share/postfixadmin# sed -i 's/webmaster@change-this-to-your.domain.tld/webmaster@nusantaraxxx.com/' config.inc.php
mail:/usr/share/postfixadmin# sed -i 's/autoreply.change-this-to-your.domain.tld/autoreply.nusantaraxxx.com/' config.inc.php
mail:/usr/share/postfixadmin# sed -i 's|to change-this-to-your.domain.tld|to https://mail.nusantaraxxx.com/postFixadminx|' config.inc.php
mail:/usr/share/postfixadmin# sed -i "s/domain_path'] = 'NO/domain_path'] = 'YES/" config.inc.php
mail:/usr/share/postfixadmin# sed -i 's|http://change-this-to-your.domain.tld|https://mail.nusantaraxxx.com/postFixadminx|' config.inc.php
mail:/usr/share/postfixadmin# sed -i "s/domain_in_mailbox'] = 'YES/domain_in_mailbox'] = 'NO/" config.inc.php
mail:/usr/share/postfixadmin# sed -i "s/mailboxes'] = '10'/mailboxes'] = '300'/" config.inc.php
mail:/usr/share/postfixadmin# sed -i "s/aliases'] = '10'/aliases'] = '300'/" config.inc.php
mail:/usr/share/postfixadmin# sed -i "s/maxquota'] = '10'/maxquota'] = '500'/" config.inc.php
mail:/usr/share/postfixadmin# sed -i "s/quota'] = 'NO/quota'] = 'YES/" config.inc.php
mail:/usr/share/postfixadmin# sed -i 's/EHLO/HELO/' functions.inc.php
mail:/usr/share/postfixadmin# cd /usr/share/postfixadmin

mail:/usr/share/postfixadmin# htpasswd -c .htpasswd postfixadmin
New password:
Re-type new password:
Adding password for user postfixadmin
mail:/usr/share/postfixadmin#

mail:/usr/share/postfixadmin# nano /etc/apache2/conf.d/postfixadmin.conf
mail:/usr/share/postfixadmin# nano /etc/apache2/conf.d/postfixadmin.conf
mail:/usr/share/postfixadmin# sed -i s'|Alias /postfixadmin|Alias /postFixadminx|' /etc/apache2/conf.d/postfixadmin.conf
mail:/usr/share/postfixadmin# /etc/init.d/apache2 restart
Restarting web server: apache2 ... waiting .

mail:/usr/share/postfixadmin# cd /usr/share/postfixadmin/

Kita edit beberapa file didalam direktori /usr/share/postfixadmin/ : create-mailbox.php dan edit-mailbox.php

Postfixadmin dapat diakses di https://mail.nusantaraxxx.com/postfixadminx

Administrasi domain Add Mailbox dan Create mailbox dapat dilakukan menggunakan postfixadmin.
Struktur direktori jika sudah dilakukan penambahan mailbox sbb :

mail:/usr/share/postfixadmin# ls -l /var/vmail/nusantaraxxx.com
total 8
drwx------ 6 vmail vmail 4096 2009-09-09 00:53 gtoms
drwx------ 6 vmail vmail 4096 2009-09-09 00:54 info
mail:/usr/share/postfixadmin#

mail:/usr/share/postfixadmin# ls -l /var/lib/squirrelmail/data
total 8
-rw------- 1 www-data www-data 58 2009-09-09 00:53 gtoms@nusantaraxxx.com.pref
-rw------- 1 www-data www-data 55 2009-09-09 00:54 info@nusantaraxxx.com.pref
mail:/usr/share/postfixadmin#

Kembali ke /etc/postfix :

mail:/etc/postfix# nano mysql_virtual_alias_maps.cf

user = postfix
password = postfix
hosts = 127.0.0.1
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = 1

mail:/etc/postfix# nano mysql_virtual_domains_maps.cf

user = postfix
password = postfix
hosts = 127.0.0.1
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s'
#optional query to use when relaying for backup MX
#query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '0' and active = '1'

mail:/etc/postfix# nano mysql_virtual_mailbox_maps.cf

user = postfix
password = postfix
hosts = 127.0.0.1
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1

mail:/etc/postfix# chmod 640 mysql_*
mail:/etc/postfix# chown root:postfix mysql_*
mail:/etc/postfix# cp /etc/postfix/main.cf /etc/postfix/main.cf-domain
mail:/etc/postfix# postconf -e "mydestination = mail.nusantaraxxx.com, localhost.nusantaraxxx.com, localhost"
mail:/etc/postfix# touch /etc/postfix/virtual
mail:/etc/postfix# postmap /etc/postfix/virtual
mail:/etc/postfix# cp /etc/postfix/virtual /etc/postfix/amavis_virtual
mail:/etc/postfix# postmap /etc/postfix/amavis_virtual
mail:/etc/postfix# postconf -e "virtual_minimum_uid = 6060"
mail:/etc/postfix# postconf -e "virtual_gid_maps = static:6060"
mail:/etc/postfix# postconf -e "virtual_uid_maps = static:6060"
mail:/etc/postfix# postconf -e "virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf, hash:/etc/postfix/virtual"
mail:/etc/postfix# postconf -e "virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf"
mail:/etc/postfix# postconf -e "virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf"
mail:/etc/postfix# postconf -e "virtual_transport = dovecot"
mail:/etc/postfix# postconf -e "virtual_mailbox_base = /var/vmail/"
mail:/etc/postfix# postconf -e "dovecot_destination_concurrency_limit = 2"
mail:/etc/postfix# postconf -e "dovecot_destination_recipient_limit = 1"

Konfigurasi Dovecot 'deliver'

mail:/etc/postfix# mkdir /var/sieve
mail:/etc/postfix# cd /var/sieve
mail:/var/sieve# nano global.sieve

require "fileinto";
if header :contains "X-Spam-Flag" "YES" {
fileinto "Spam";
}

mail:/var/sieve# chown -R vmail:vmail /var/sieve
mail:/var/sieve# chmod -R 0700 /var/sieve
mail:/var/sieve# touch /var/log/dovecot-deliver.log
mail:/var/sieve# chown vmail:vmail /var/log/dovecot-deliver.log
mail:/var/sieve# cd /etc/logrotate.d/
mail:/etc/logrotate.d# nano dovecot-deliver

/var/log/dovecot-deliver.log {
rotate 7
daily
compress
delaycompress
copytruncate
notifempty
}

Tambahkan baris berikut di /etc/postfix/master.cf

dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient} -e

mail:/etc/logrotate.d# postfix stop
postfix/postfix-script: stopping the Postfix mail system
mail:/etc/logrotate.d# postfix start
postfix/postfix-script: starting the Postfix mail system

Konfigurasi Dovecot

mail:/etc/dovecot# nano dovecot.conf

protocols = imap imaps pop3 pop3s
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_location = maildir:/var/vmail/%d/%n
mail_privileged_group = mail
first_valid_uid = 6060
protocol imap {
mail_plugins = autocreate quota imap_quota
}
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
mail_plugins = quota
}
protocol managesieve {
sieve=~/.dovecot.sieve
sieve_storage=~/sieve
}
protocol lda {
quota_full_tempfail = yes
rejection_reason = Your message to <%t> was automatically rejected:%n%r%n%nThe Subject of your message was: %s
mail_plugins = quota cmusieve
log_path = /var/log/dovecot-deliver.log
auth_socket_path = /var/run/dovecot/auth-master
postmaster_address = postmaster@nusantaraxxx.com
sieve_global_path = /var/sieve/global.sieve
}
auth default {
mechanisms = plain login cram-md5
passdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
passdb sql {
args = /etc/dovecot/dovecot-crammd5.conf
}
userdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
user = root
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0600
user = vmail
}
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
dict {
}
plugin {
quota = maildir:User quota
quota_warning = storage=90%% /usr/sbin/quota-warning.sh 90
quota_warning2 = storage=70%% /usr/sbin/quota-warning.sh 70
autocreate = Spam
autosubscribe = Spam
}

mail:/etc/dovecot# nano dovecot-sql.conf

driver = mysql
connect = host=127.0.0.1 dbname=postfix user=postfix password=postfix
default_pass_scheme = MD5-CRYPT
password_query = SELECT password FROM mailbox WHERE username = '%u' AND active = '1'
user_query = SELECT CONCAT('/var/vmail/',maildir) AS home, 6060 AS uid, 6060 AS gid FROM mailbox WHERE username = '%u' AND active = '1'

mail:/etc/dovecot# nano dovecot-crammd5.conf

driver = mysql
connect = host=127.0.0.1 dbname=postfix user=postfix password=postfix
default_pass_scheme = PLAIN
password_query = SELECT clear AS password FROM mailbox WHERE username = '%u' AND active = '1'

mail:/etc/dovecot# chmod 0644 dovecot.conf
mail:/etc/dovecot# chmod 0600 dovecot-sql.conf
mail:/etc/dovecot# chmod 0600 dovecot-crammd5.conf
mail:/etc/dovecot# /etc/init.d/dovecot restart
Restarting IMAP/POP3 mail server: dovecotInfo: If you have trouble with authentication failures,
enable auth_debug setting.

mail:/etc/dovecot# ls -al /var/vmail/nusantaraxxx.com/test/new
total 12
drwx------ 2 vmail vmail 4096 2009-09-14 11:17 .
drwx------ 9 vmail vmail 4096 2009-09-14 11:17 ..
-rw------- 1 vmail vmail 1933 2009-09-14 11:17 1252901869.M766215P1455.mail,S=1933,W=1973

mail:/home/gtoms# cat /var/log/dovecot-deliver.log
deliver(gtoms@nusantaraxxx.com): 2009-09-09 01:12:12 Info: msgid=<c8156a5b0909081112n33b5d040w9cc1932d9f0d0db0@mail.gmail.com>: saved mail to INBOX
mail:/home/gtoms#

maildircheck

mail:/home/gtoms#cp -i /usr/share/doc/postfixadmin/ADDITIONS/cleanupdirs.pl /usr/sbin/maildircheck
mail:/home/gtoms#touch /var/log/maildircheck.log
mail:/home/gtoms#sed -i "s|/home/vmail|/var/vmail|" /usr/sbin/maildircheck
mail:/home/gtoms#sed -i "s/removed_maildirs.log/maildircheck.log/" /usr/sbin/maildircheck
mail:/home/gtoms#sed -i "s/someuser/postfix/" /usr/sbin/maildircheck
mail:/home/gtoms#sed -i "s/somepass/postfix/" /usr/sbin/maildircheck
mail:/home/gtoms#sed -i "s/ rmtree/# rmtree/" /usr/sbin/maildircheck
mail:/home/gtoms#sed -i "s/'\$to_delete'/\$to_delete/" /usr/sbin/maildircheck
mail:/home/gtoms#sed -i "s/Need to delete/Orphaned/" /usr/sbin/maildircheck
mail:/home/gtoms#chmod 700 /usr/sbin/maildircheck
mail:/home/gtoms#cd /etc/logrotate.d

mail:/home/gtoms#nano maildircheck

/var/log/maildircheck.log {
rotate 2
monthly
compress
delaycompress
copytruncate
notifempty
}

Configure SASL dan TLS

mail:/home/gtoms# postconf -e "smtpd_sasl_type = dovecot"
mail:/home/gtoms# postconf -e "smtpd_sasl_path = private/auth"
mail:/home/gtoms# postconf -e "broken_sasl_auth_clients = yes"
mail:/home/gtoms# postconf -e "smtpd_sasl_auth_enable = yes"
mail:/home/gtoms# postconf -e "smtpd_sasl_local_domain = \$myhostname"
mail:/home/gtoms# postconf -e "smtpd_sasl_security_options = noanonymous"
mail:/home/gtoms# postconf -e "smtpd_sasl_authenticated_header = yes"
mail:/home/gtoms# postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination"

Tambakan pada /etc/postfix/master.cf

submission inet n - - - - smtpd
-o smtpd_tls_security_level=may
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject

smtps inet n - - - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject

4650 inet n - - - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject

mail:/home/gtoms# /etc/init.d/postfix restart
Stopping Postfix Mail Transport Agent: postfix.
Starting Postfix Mail Transport Agent: postfix.

Install dan configure amavisd-new, clamav

mail:/home/gtoms# apt-get install amavisd-new spamassassin
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libfont-afm-perl libhtml-format-perl libhtml-parser-perl libhtml-tagset-perl libhtml-tree-perl libio-socket-inet6-perl libmail-spf-perl
libnetaddr-ip-perl libsocket6-perl libsys-syslog-perl libwww-perl re2c spamc
Suggested packages:
clamav clamav-daemon lha arj unrar zoo nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl dspam razor pyzor
The following NEW packages will be installed:
amavisd-new libfont-afm-perl libhtml-format-perl libhtml-parser-perl libhtml-tagset-perl libhtml-tree-perl libio-socket-inet6-perl
libmail-spf-perl libnetaddr-ip-perl libsocket6-perl libsys-syslog-perl libwww-perl re2c spamassassin spamc
0 upgraded, 15 newly installed, 0 to remove and 0 not upgraded.
Need to get 3280kB of archives.

-------skip---------------

mail:/home/gtoms# apt-get install clamav clamav-daemon arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl libmail-dkim-perl libio-socket-ssl-perl libnet-ident-perl pyzor razor
Reading package lists... Done
Building dependency tree
Reading state information... Done
libmail-dkim-perl is already the newest version.
libio-socket-ssl-perl is already the newest version.
libnet-ident-perl is already the newest version.
The following extra packages will be installed:
clamav-base clamav-freshclam libclamav6 libconvert-asn1-perl liblzo2-2 libtommath0 lsb-release python-apt python-gdbm python-support
Suggested packages:
x-terminal-emulator python-glade2 python-gtk2 clamav-docs daemon libgssapi-perl libclamunrar6 libxml-parser-perl libxml-sax-perl lsb
python-apt-dbg python-gdbm-dbg
The following NEW packages will be installed:
apt-listchanges arj cabextract clamav clamav-base clamav-daemon clamav-freshclam libauthen-sasl-perl libclamav6 libconvert-asn1-perl
liblzo2-2 libnet-ldap-perl libtommath0 lsb-release lzop nomarch python-apt python-gdbm python-support pyzor razor
0 upgraded, 21 newly installed, 0 to remove and 0 not upgraded.
Need to get 25.1MB of archives.
After this operation, 30.8MB of additional disk space will be used.

---------skip-----------------

mail:/home/gtoms# gpasswd -a clamav amavis
Adding user clamav to group amavis
mail:/home/gtoms# freshclam
ClamAV update process started at Wed Sep 9 15:40:57 2009
main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
daily.cvd is up to date (version: 9786, sigs: 77519, f-level: 43, builder: guitar)

mail:/home/gtoms# /etc/init.d/clamav-daemon stop
Stopping ClamAV daemon: clamd.
mail:/home/gtoms# /etc/init.d/clamav-daemon start
Starting ClamAV daemon: clamd sa-update

mail:/home/gtoms# sa-update
mail:/home/gtoms# cd /etc/amavis/conf.d/
mail:/etc/amavis/conf.d# sed -i 's/#@bypass_virus_/@bypass_virus_/' 15-content_filter_mode
mail:/etc/amavis/conf.d# sed -i 's/# \\%bypass_vi/ \\%bypass_vi/' 15-content_filter_mode
mail:/etc/amavis/conf.d# sed -i 's/#@bypass_spam_/@bypass_spam_/' 15-content_filter_mode
mail:/etc/amavis/conf.d# sed -i 's/# \\%bypass_s/ \\%bypass_s/' 15-content_filter_mode

mail:/etc/amavis/conf.d# cat 15-content_filter_mode
use strict;

@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

mail:/etc/amavis/conf.d# /etc/init.d/amavis restart
Stopping amavisd: amavisd-new.
Starting amavisd: amavisd-new.

mail:/usr/sbin#nano sa-update.sh

#!/bin/bash
test -x /usr/bin/sa-update || exit 0
/usr/bin/sa-update
code1=$?
if [[ $code1 > 1 ]]; then
echo "problem with sa-update"
fi
/usr/bin/sa-update --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel saupdates.openprotect.com
code2=$?
if [[ $code2 > 1 ]]; then
echo "problem with openprotect update"
fi
rm -f /var/lib/spamassassin/3.002003/saupdates_openprotect_com/70_sare_whitelist_spf.cf
rm -f /var/lib/spamassassin/3.002003/saupdates_openprotect_com/70_sare_stocks.cf
rm -f /var/lib/spamassassin/3.002003/saupdates_openprotect_com/loadplugins.pre
if [[ `expr $code1 + $code2` < 2 ]]; then
/usr/bin/spamassassin --lint
code3=$?
if [[ $code3 = 0 ]]; then
test -x /usr/sbin/amavisd-new || exit 0
/etc/init.d/amavis restart >/dev/null
else
echo "spamassassin failed to lint"
fi
fi

mail:/usr/sbin# chmod +x sa-update.sh
mail:/usr/sbin# sa-update.sh
masukkan di crontab melalui crontab -e

Mengaktifkan SpamAssassin DKIM plugin:

mail:/usr/sbin# nano /etc/spamassassin/v312.pre
mail:/usr/sbin# su amavis -c 'spamassassin --lint'

File /etc/amavis/conf.d/50-user perlu diedit untuk domain mailserver yang akan digunakan pada sistem ini nusantaraxxx.xom, mail.nusantaraxxx.com sbb :

$mydomain = 'nusantaraxxx.com';
$myhostname = 'mail.nusantaraxxx.com';

@virus_admin_maps = ({
'.example.com' => 'postmaster@nusantaraxxx.com',
'.example.net' => 'postmaster@example.net',
'.' => 'postmaster@nusantaraxxx.com',
});
@banned_admin_maps = ({
'.example.com' => 'postmaster@nusantaraxxx.com',
'.example.net' => 'postmaster@example.net',
'.' => 'postmaster@nusantaraxxx.com',

# Here we set up access to MySQL data:
@lookup_sql_dsn = ( ['DBI:mysql:amavis:localhost', 'amavis', 'amavis_password'] );
@storage_sql_dsn = @lookup_sql_dsn;

MySQL skema for amavisd-new :

mail:/usr/sbin# cd
mail:~# wget http://henry.gultom.or.id/mecham/amavis-260-sqmail.sql.txt
--2009-09-09 16:08:29-- http://henry.gultom.or.id/mecham/amavis-260-sqmail.sql.txt
Resolving henry.gultom.or.id... 202.59.206.84
Connecting to henry.gultom.or.id|202.59.206.84|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 13188 (13K) [text/plain]
Saving to: `amavis-260-sqmail.sql.txt'

100%[====================================================>] 13,188 --.-K/s in 0.06s

2009-09-15 14:58:29 (216 KB/s) - `amavis-260-sqmail.sql.txt' saved [13188/13188]

mail:~# sed -i "s/BY 'password'/BY 'amavis_password'/" amavis-260-sqmail.sql.txt
mail:~# chmod 600 amavis-260-sqmail.sql.txt
mail:~# mysql -u root -p < amavis-260-sqmail.sql.txt
Enter password:
mail:~# chmod 640 /etc/amavis/conf.d/50-user
mail:~# nano /usr/sbin/local_domains.sh
mail:~# chmod 700 /usr/sbin/local_domains.sh
mail:~# local_domains.sh
mail:~# nano /usr/sbin/local_domains.sh

#!/bin/bash
mysql -upostfix -ppostfix postfix -B -N -e "select concat('.',domain) from domain" >/var/lib/amavis/local_domains

mail:~# cat /var/lib/amavis/local_domains
.ALL
.nusantaraxxx.com

Tambahkan di /etc/sudoers :

www-data mail=NOPASSWD: /usr/sbin/local_domains.sh

mail:~# cd /usr/share/postfixadmin
mail:/usr/share/postfixadmin# wget http://henry.gultom.or.id/mecham/domain.patch.v2.txt
--2009-09-15 15:10:54-- http://henry.gultom.or.id/mecham/domain.patch.v2.txt
Resolving henry.gultom.or.id... 202.59.206.84
Connecting to henry.gultom.or.id|202.59.206.84|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 756 [text/plain]
Saving to: `domain.patch.v2.txt'

100%[=========================================>] 756 --.-K/s in 0s

2009-09-15 15:10:54 (56.8 MB/s) - `domain.patch.v2.txt' saved [756/756]

mail:/usr/share/postfixadmin# patch -p0 < domain.patch.v2.txt
patching file create-domain.php
patching file delete.php
mail:/usr/share/postfixadmin# /etc/init.d/amavis restart
Stopping amavisd: amavisd-new.
Starting amavisd: amavisd-new.
mail:/usr/share/postfixadmin#

Konfigurasi Postfix menggunakan Amavisd-new :

mail:/etc/cron.daily# nano /etc/postfix/master.cf

smtp inet n - - - - smtpd
-o smtpd_sasl_auth_enable=no
-o content_filter=smtp-amavis:[127.0.0.1]:10024

submission inet n - - - - smtpd
-o smtpd_tls_security_level=may
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o content_filter=smtp-amavis:[127.0.0.1]:10026

smtps inet n - - - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o content_filter=smtp-amavis:[127.0.0.1]:10026

4650 inet n - - - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o content_filter=smtp-amavis:[127.0.0.1]:10026

pickup fifo n - - 60 1 pickup
-o content_filter=

smtp-amavis unix - - n - 5 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes

127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters

127.0.0.1:10035 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters

mail:/etc/cron.daily# /etc/init.d/postfix restart
Stopping Postfix Mail Transport Agent: postfix.
Starting Postfix Mail Transport Agent: postfix.

Konfigurasi PYZOR

mail:/etc/cron.daily# pyzor discover
downloading servers from http://pyzor.sourceforge.net/cgi-bin/inform-servers-0-3-x
mail:/etc/cron.daily# su amavis -c 'pyzor discover'
downloading servers from http://pyzor.sourceforge.net/cgi-bin/inform-servers-0-3-x
mail:/etc/cron.daily# echo "82.94.255.100:24441" > /var/lib/amavis/.pyzor/servers
mail:/etc/cron.daily# echo "82.94.255.100:24441" > /root/.pyzor/servers
mail:/etc/cron.daily# su amavis -c 'pyzor ping'
82.94.255.100:24441 TimeoutError:
mail:/etc/cron.daily# su amavis -c 'pyzor ping'
82.94.255.100:24441 TimeoutError:
mail:/etc/cron.daily# nano /etc/spamassassin/local.cf
mail:/etc/cron.daily# spamassassin --lint
mail:/etc/cron.daily# /etc/init.d/amavis restart
Stopping amavisd: amavisd-new.
Starting amavisd: amavisd-new.

Menambahkan Bayes dan AWL tables di MySQL

mail:/etc/cron.daily# cd /etc/spamassassin/
mail:/etc/spamassassin# wget http://henry.gultom.or.id/mecham/gv-bayes-awl.sql.txt
mail:/etc/spamassassin# sed -i 's/paSSw0rd/sa_password/' gv-bayes-awl.sql.txt
mail:/etc/spamassassin# mysql -u root -p < gv-bayes-awl.sql.txt
mail:/etc/spamassassin# rm gv-bayes-awl.sql.txt
mail:/etc/spamassassin# wget http://henry.gultom.or.id/mecham/local.cf-bayes-awl.txt
mail:/etc/spamassassin# cat local.cf-bayes-awl.txt local.cf-before-mysql > local.cf
mail:/etc/spamassassin# sed -i 's/paSSw0rd/sa_password/' local.cf
mail:/etc/spamassassin# chmod 0640 local.cf
mail:/etc/spamassassin# chown root:amavis local.cf
mail:/etc/spamassassin# spamassassin --lint
mail:/etc/spamassassin# /etc/init.d/amavis restart
Stopping amavisd: amavisd-new.
Starting amavisd: amavisd-new.

Configure dan customize SquirrelMail

mail:/home/gtoms# echo "Include /etc/squirrelmail/apache.conf" >> /etc/apache2/apache2.conf
mail:/home/gtoms# cd /etc/squirrelmail/
mail:/home/gtoms# sed -i "s|Alias /squirrelmail|Alias /mail|" apache.conf
mail:/home/gtoms# sed -i "s|allow from 127.0.0.1|allow from 202.77.33.xxx|" apache.conf
mail:/home/gtoms# /etc/init.d/apache2 restart
Restarting web server: apache2 ... waiting .
mail:/home/gtoms# cd /usr/share/squirrelmail/plugins/
mail:/usr/share/squirrelmail/plugins# wget http://www.squirrelmail.org/plugins/check_quota-1.4-re-1.2.7.tar.gz
--2009-09-09 16:51:30-- http://www.squirrelmail.org/plugins/check_quota-1.4-re-1.2.7.tar.gz
Resolving www.squirrelmail.org... 82.94.230.148
Connecting to www.squirrelmail.org|82.94.230.148|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 34069 (33K) [application/x-gzip]
Saving to: `check_quota-1.4-re-1.2.7.tar.gz'

100%[=====================================>] 34,069 33.7K/s in 1.0s

2009-09-09 16:51:32 (33.7 KB/s) - `check_quota-1.4-re-1.2.7.tar.gz' saved [34069/34069]

mail:/usr/share/squirrelmail/plugins# tar xzf check_quota-1.4-re-1.2.7.tar.gz
mail:/usr/share/squirrelmail/plugins# cp check_quota/config.php.sample check_quota/config.php
mail:/usr/share/squirrelmail/plugins# wget http://www.squirrelmail.org/plugins/timeout_user-1.1.1-0.5.tar.gz
--2009-09-09 16:52:23-- http://www.squirrelmail.org/plugins/timeout_user-1.1.1-0.5.tar.gz
Resolving www.squirrelmail.org... 82.94.230.148
Connecting to www.squirrelmail.org|82.94.230.148|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4101 (4.0K) [application/x-gzip]
Saving to: `timeout_user-1.1.1-0.5.tar.gz'

100%[====================================>] 4,101 12.1K/s in 0.3s

2009-09-09 16:52:24 (12.1 KB/s) - `timeout_user-1.1.1-0.5.tar.gz' saved [4101/4101]

mail:/usr/share/squirrelmail/plugins# tar xzf timeout_user-1.1.1-0.5.tar.gz
mail:/usr/share/squirrelmail/plugins# wget http://www.squirrelmail.org/plugins/compatibility-2.0.9-1.0.tar.gz
--2009-09-09 16:52:33-- http://www.squirrelmail.org/plugins/compatibility-2.0.9-1.0.tar.gz
Resolving www.squirrelmail.org... 82.94.230.148
Connecting to www.squirrelmail.org|82.94.230.148|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 31763 (31K) [application/x-gzip]
Saving to: `compatibility-2.0.9-1.0.tar.gz'

100%[=========================================>] 31,763 30.5K/s in 1.0s

2009-09-09 16:52:35 (30.5 KB/s) - `compatibility-2.0.9-1.0.tar.gz' saved [31763/31763]

mail:/usr/share/squirrelmail/plugins# tar xzf compatibility-2.0.9-1.0.tar.gz
mail:/usr/share/squirrelmail/plugins# wget http://www.squirrelmail.org/plugins/amavisnewsql-0.8.0-1.4.tar.gz
--2009-09-09 16:52:44-- http://www.squirrelmail.org/plugins/amavisnewsql-0.8.0-1.4.tar.gz
Resolving www.squirrelmail.org... 82.94.230.148
Connecting to www.squirrelmail.org|82.94.230.148|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 101008 (99K) [application/x-gzip]
Saving to: `amavisnewsql-0.8.0-1.4.tar.gz'

100%[===========================================>] 101,008 72.0K/s in 1.4s

2009-09-09 16:52:46 (72.0 KB/s) - `amavisnewsql-0.8.0-1.4.tar.gz' saved [101008/101008]

mail:/usr/share/squirrelmail/plugins# tar xzf amavisnewsql-0.8.0-1.4.tar.gz
mail:/usr/share/squirrelmail/plugins# mkdir /var/lib/amavis/.notstored
mail:/usr/share/squirrelmail/plugins# chown -R amavis:amavis /var/lib/amavis
mail:/usr/share/squirrelmail/plugins# sed -i 's/minutes = 120;/minutes = 20;/' timeout_user/config.php
mail:/usr/share/squirrelmail/plugins# cd amavisnewsql
mail:/usr/share/squirrelmail/plugins/amavisnewsql# cp config.php.dist config.php
mail:/usr/share/squirrelmail/plugins/amavisnewsql# sed -i 's|pgsql://postgres:@localhost|mysql://amavis:amavis_password@localhost|' config.php
mail:/usr/share/squirrelmail/plugins/amavisnewsql# sed -i 's|"yourdomain.com"|"nusantaraxxx.com"|' config.php
mail:/usr/share/squirrelmail/plugins/amavisnewsql# sed -i 's|use_quarantine"] = true|use_quarantine"] = false|' config.php
mail:/usr/share/squirrelmail/plugins/amavisnewsql# sed -i 's|/htdocs/squirrel/|/usr/share/squirrelmail/|' utils/cleanquarantine.php
mail:/usr/share/squirrelmail/plugins/amavisnewsql# sed -i 's|/htdocs/squirrel/|/usr/share/squirrelmail/|' utils/generatedigest.php
mail:/usr/share/squirrelmail/plugins/amavisnewsql# sed -i 's|/htdocs/squirrel/|/usr/share/squirrelmail/|' utils/process_bsmtp.php
mail:/usr/share/squirrelmail/plugins/amavisnewsql# sed -i 's|/var/virusmails|/var/lib/amavis/virusmails|' utils/process_bsmtp.php
mail:/usr/share/squirrelmail/plugins/amavisnewsql# chown -R root:root /usr/share/squirrelmail/plugins/amavisnewsql
mail:/usr/share/squirrelmail/plugins/amavisnewsql# chmod 644 *
mail:/usr/share/squirrelmail/plugins/amavisnewsql# chmod 755 contrib htmlMimeMail-2.5.1 locale po utils
mail:/usr/share/squirrelmail/plugins/amavisnewsql# chmod 640 contrib/*
mail:/usr/share/squirrelmail/plugins/amavisnewsql# chmod 640 htmlMimeMail-2.5.1/*
mail:/usr/share/squirrelmail/plugins/amavisnewsql# chmod 640 utils/soap/*
mail:/usr/share/squirrelmail/plugins/amavisnewsql# chmod 640 utils/*php
mail:/usr/share/squirrelmail/plugins/amavisnewsql# chmod 640 utils/*sql
mail:/usr/share/squirrelmail/plugins/amavisnewsql# chmod 640 config.php
mail:/usr/share/squirrelmail/plugins/amavisnewsql# chown root:www-data config.php

mail:/usr/share/squirrelmail/plugins/amavisnewsql#squirrelmail-configure

Tambahkan plugin amavisnewsql check_quota timeout_user

Browse ke : https://mail.nusantaraxxx.com/mail/

Configure Razor

mail:/usr/share/squirrelmail/plugins/amavisnewsql# cd
mail:~# rm /etc/razor/razor-agent.conf
mail:~# razor-admin -create
mail:~# razor-admin -create
mail:~# razor-admin -register
Register successful. Identity stored in /root/.razor/identity-ru8basz_3L
mail:~# sed -i 's/= 3/= 0/' /root/.razor/razor-agent.conf
mail:~# cp -r /root/.razor /var/lib/amavis
mail:~# chown -R amavis:amavis /var/lib/amavis
mail:~# cat /var/lib/amavis/.razor/razor-agent.conf | grep debuglevel
debuglevel = 0
mail:~#

Install BIND

mail:~# apt-get install bind9
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
bind9utils
Suggested packages:
bind9-doc resolvconf ufw
The following NEW packages will be installed:
bind9 bind9utils
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 335kB of archives.

--skip----------

mail:~# /etc/init.d/bind9 stop
Stopping domain name service...: bind9.
mail:~# sed -i 's|"-u bind"|"-u bind -t /var/lib/named"|' /etc/default/bind9
mail:~# mkdir -p /var/lib/named/etc
mail:~# mkdir /var/lib/named/dev
mail:~# mkdir -p /var/lib/named/var/cache/bind
mail:~# mkdir -p /var/lib/named/var/run/bind/run
mail:~# mv /etc/bind /var/lib/named/etc
mail:~# ln -s /var/lib/named/etc/bind /etc/bind
mail:~# mknod /var/lib/named/dev/null c 1 3
mail:~# mknod /var/lib/named/dev/random c 1 8
mail:~# chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
mail:~# chown -R bind:bind /var/lib/named/var/*
mail:~# chown -R bind:bind /var/lib/named/etc/bind
mail:~# /etc/init.d/bind9 start
Starting domain name service...: bind9.

Tambahkan /etc/bind/named.conf :

logging {
category lame-servers {null; };
category edns-disabled { null; };
};

mail:~#echo "search nusantaraxxx.com" > /etc/resolv.conf
mail:~#echo "nameserver 202.77.33.xxx" >> /etc/resolv.conf
mail:~#echo "nameserver 202.77.25.xxx" >> /etc/resolv.conf

ket : 202.77.33.xxx ip mailserver ini.

mail:~#/etc/init.d/bind9 restart
Stopping domain name service...: bind9.
Starting domain name service...: bind9.

mail:~# lsof -i | grep :domain
named 23119 bind 20u IPv6 420824 TCP *:domain (LISTEN)
named 23119 bind 21u IPv4 420827 TCP localhost:domain (LISTEN)
named 23119 bind 22u IPv4 420829 TCP mail.nusantaraxxx.com:domain (LISTEN)
named 23119 bind 512u IPv6 420823 UDP *:domain
named 23119 bind 513u IPv4 420826 UDP localhost:domain
named 23119 bind 514u IPv4 420828 UDP mail.nusantaraxxx.com:domain

mail:~# LINUX2
postfix/postfix-script: refreshing the Postfix mail system

mail:~# dig yahoo.com

; <<>> DiG 9.5.1-P3 <<>> yahoo.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14657
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 7, ADDITIONAL: 2

;; QUESTION SECTION:
;yahoo.com. IN A

;; ANSWER SECTION:
yahoo.com. 21600 IN A 69.147.114.224
yahoo.com. 21600 IN A 209.131.36.159
yahoo.com. 21600 IN A 209.191.93.53

;; AUTHORITY SECTION:
yahoo.com. 172800 IN NS ns8.yahoo.com.
yahoo.com. 172800 IN NS ns5.yahoo.com.
yahoo.com. 172800 IN NS ns3.yahoo.com.
yahoo.com. 172800 IN NS ns4.yahoo.com.
yahoo.com. 172800 IN NS ns2.yahoo.com.
yahoo.com. 172800 IN NS ns6.yahoo.com.
yahoo.com. 172800 IN NS ns1.yahoo.com.

;; ADDITIONAL SECTION:
ns6.yahoo.com. 172800 IN A 202.43.223.170
ns8.yahoo.com. 172800 IN A 202.165.104.22

;; Query time: 499 msec
;; SERVER: 202.77.33.xxx#53(202.77.33.xxx)
;; WHEN: Wed Sep 9 17:17:06 2009
;; MSG SIZE rcvd: 233

Tambahan untuk Postfix configuration :

mail:~# postmap /etc/postfix/sender_access
mail:~# postmap /etc/postfix/rbl_client_exceptions
mail:~# postmap /etc/postfix/rbl_sender_exceptions
mail:~# postmap /etc/postfix/rbl_recipient_exceptions
mail:~# touch /etc/postfix/reject_over_quota
mail:~# postmap /etc/postfix/reject_over_quota
mail:~# cp /etc/postfix/main.cf /etc/postfix/main.cf-changes
mail:~# postconf -e "smtpd_hard_error_limit = 10"
mail:~# postconf -e "smtpd_soft_error_limit = 8"
mail:~# postconf -e "smtpd_helo_required = yes"
mail:~# postconf -e "smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain"
mail:~# postconf -e "smtpd_data_restrictions = reject_unauth_pipelining"
mail:~# postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unlisted_recipient,check_recipient_access hash:/etc/postfix/reject_over_quota, check_sender_access hash:/etc/postfix/rbl_sender_exceptions, check_client_access hash:/etc/postfix/rbl_client_exceptions, check_recipient_access hash:/etc/postfix/rbl_recipient_exceptions, reject_rbl_client sbl-xbl.spamhaus.org"
mail:~# postconf -e "mydestination = "
mail:~# postconf -e "local_transport = error:no local mail delivery"
mail:~# /etc/init.d/postfix restart
Stopping Postfix Mail Transport Agent: postfix.
Starting Postfix Mail Transport Agent: postfix.

Set up PostfixAdmin Vacation

mail:/home/gtoms# apt-get install libdbi-perl libdbd-mysql-perl libmail-sendmail-perl libemail-valid-perl libmime-perl libmime-charset-perl libmime-encwords-perl
Reading package lists... Done
Building dependency tree
Reading state information... Done
libdbi-perl is already the newest version.
libdbi-perl set to manually installed.
libdbd-mysql-perl is already the newest version.
libdbd-mysql-perl set to manually installed.
libmail-sendmail-perl is already the newest version.
libmail-sendmail-perl set to manually installed.
libmime-perl is already the newest version.
libmime-perl set to manually installed.
The following extra packages will be installed:
libnet-domain-tld-perl
The following NEW packages will be installed:
libemail-valid-perl libmime-charset-perl libmime-encwords-perl libnet-domain-tld-perl
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 91.3kB of archives.

-------skip----------------

mail:/home/gtoms# addgroup --gid 65501 vacation
Adding group `vacation' (GID 65501) ...
Done.
mail:/home/gtoms# useradd -c "Virtual Vacation" -d /nonexistent -u 65501 -g 65501 -s /sbin/false vacation
mail:/home/gtoms# mkdir /var/spool/vacation
mail:/home/gtoms# cd /var/spool/vacation/
mail:/var/spool/vacation# cp /usr/share/doc/postfixadmin/VIRTUAL_VACATION/vacation.pl.gz .
mail:/var/spool/vacation# gunzip vacation.pl.gz

mail:/var/spool/vacation# sed -i "s/my \$db_type = 'Pg/#my \$db_type = 'Pg/" vacation.pl
mail:/var/spool/vacation# sed -i "s/#my \$db_type = 'mysql/my \$db_type = 'mysql/" vacation.pl
mail:/var/spool/vacation# sed -i "s/db_host = ''/db_host = 'localhost'/" vacation.pl
mail:/var/spool/vacation# sed -i "s/db_username = 'vacation/db_username = 'postfix/" vacation.pl
mail:/var/spool/vacation# sed -i "s/db_password = ''/db_password = 'postfix'/" vacation.pl
mail:/var/spool/vacation# sed -i "s/smtp_server = 'localhost'/smtp_server = 'localhost:10025'/" vacation.pl
mail:/var/spool/vacation# chown -R vacation:vacation /var/spool/vacation
mail:/var/spool/vacation# chmod 750 vacation.pl

Tambahkan di /etc/postfix/transport :

autoreply.nusantaraxxx.com vacation:

Tambahkan di /etc/postfix/master.cf :

vacation unix - n n - - pipe
flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}

mail:/var/spool/vacation# postmap /etc/postfix/transport
mail:/var/spool/vacation# postconf -e "transport_maps = hash:/etc/postfix/transport"
mail:/var/spool/vacation# postconf -e "vacation_destination_recipient_limit = 1"
mail:/var/spool/vacation# LINUX2
postfix/postfix-script: refreshing the Postfix mail system

mail:/var/spool/vacation# sed -i "s/vacation'] = 'NO/vacation'] = 'YES/" /usr/share/postfixadmin/config.inc.php

User dapat mengatur Auto Response settings melalui :
https://mail.nusantaralxxx.com/postfixadminx/users

Install Postfixadmin SquirrelMail plugin

mail:/var/spool/vacation# pear channel-update pear.php.net
Updating channel "pear.php.net"
Update of Channel "pear.php.net" succeeded
mail:/var/spool/vacation# pear install MDB2-2.4.1
downloading MDB2-2.4.1.tgz ...
Starting to download MDB2-2.4.1.tgz (119,790 bytes)
..........................done: 119,790 bytes
install ok: channel://pear.php.net/MDB2-2.4.1
MDB2: Optional feature fbsql available (Frontbase SQL driver for MDB2)
MDB2: Optional feature ibase available (Interbase/Firebird driver for MDB2)
MDB2: Optional feature mysql available (MySQL driver for MDB2)
MDB2: Optional feature mysqli available (MySQLi driver for MDB2)
MDB2: Optional feature mssql available (MS SQL Server driver for MDB2)
MDB2: Optional feature oci8 available (Oracle driver for MDB2)
MDB2: Optional feature pgsql available (PostgreSQL driver for MDB2)
MDB2: Optional feature querysim available (Querysim driver for MDB2)
MDB2: Optional feature sqlite available (SQLite2 driver for MDB2)
MDB2: To install optional features use "pear install pear/MDB2#featurename"

mail:/var/spool/vacation# pear install MDB2_Driver_mysql-1.4.1
downloading MDB2_Driver_mysql-1.4.1.tgz ...
Starting to download MDB2_Driver_mysql-1.4.1.tgz (36,481 bytes)
..........done: 36,481 bytes
install ok: channel://pear.php.net/MDB2_Driver_mysql-1.4.1

mail:/var/spool/vacation# apt-get install subversion
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libneon27-gnutls libserf-0-0 libsvn1
Suggested packages:
subversion-tools db4.6-util
The following NEW packages will be installed:
libneon27-gnutls libserf-0-0 libsvn1 subversion
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 2210kB of archives.
After this operation, 6332kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://kebo.vlsm.org lenny/main libneon27-gnutls 0.28.2-6.1 [115kB]
Get:2 http://kebo.vlsm.org lenny/main libserf-0-0 0.2.0-1 [31.2kB]
Get:3 http://kebo.vlsm.org lenny/main libsvn1 1.5.1dfsg1-4 [794kB]
Get:4 http://kebo.vlsm.org lenny/main subversion 1.5.1dfsg1-4 [1271kB]
Fetched 2210kB in 1min4s (34.4kB/s)
Selecting previously deselected package libneon27-gnutls.
(Reading database ... 37314 files and directories currently installed.)
Unpacking libneon27-gnutls (from .../libneon27-gnutls_0.28.2-6.1_i386.deb) ...
Selecting previously deselected package libserf-0-0.
Unpacking libserf-0-0 (from .../libserf-0-0_0.2.0-1_i386.deb) ...
Selecting previously deselected package libsvn1.
Unpacking libsvn1 (from .../libsvn1_1.5.1dfsg1-4_i386.deb) ...
Selecting previously deselected package subversion.
Unpacking subversion (from .../subversion_1.5.1dfsg1-4_i386.deb) ...
Processing triggers for man-db ...
Setting up libneon27-gnutls (0.28.2-6.1) ...
Setting up libserf-0-0 (0.2.0-1) ...
Setting up libsvn1 (1.5.1dfsg1-4) ...
Setting up subversion (1.5.1dfsg1-4) ...
mail:/var/spool/vacation#

mail:/var/spool/vacation# cd /usr/local/src
mail:/usr/local/src# svn -r 33 co http://squirrelmail-postfixadmin.palepurple.co.uk/svn postfixadmin-plugin
A postfixadmin-plugin/trunk
A postfixadmin-plugin/trunk/locale
A postfixadmin-plugin/trunk/locale/de_DE
A postfixadmin-plugin/trunk/locale/de_DE/LC_MESSAGES
A postfixadmin-plugin/trunk/locale/de_DE/LC_MESSAGES/postfixadmin.mo
A postfixadmin-plugin/trunk/locale/de_DE/LC_MESSAGES/postfixadmin.po

---------skip-----------

mail:/usr/local/src# cd postfixadmin-plugin/tags
mail:/usr/local/src/postfixadmin-plugin/tags# cp -r squirrelmail-postfixadmin-0.4.3/ /usr/share/squirrelmail/plugins/
mail:/usr/local/src/postfixadmin-plugin/tags# mv /usr/share/squirrelmail/plugins/squirrelmail-postfixadmin-0.4.3 /usr/share/squirrelmail/plugins/postfixadmin
mail:/usr/local/src/postfixadmin-plugin/tags# cd /usr/share/squirrelmail/plugins/
mail:/usr/share/squirrelmail/plugins# chown -R root:root postfixadmin
mail:/usr/share/squirrelmail/plugins# cd postfixadmin
mail:/usr/share/squirrelmail/plugins/postfixadmin# cp config.php.sample config.php
mail:/usr/share/squirrelmail/plugins/postfixadmin# sed -i "s/postgres/mysql/" config.php
mail:/usr/share/squirrelmail/plugins/postfixadmin# sed -i "s/xxxxx/postfix/" config.php
mail:/usr/share/squirrelmail/plugins/postfixadmin# sed -i "s/autoreply.my.domain.com/autoreply.nusantaraxxx.com/" config.php

mail:/usr/share/squirrelmail/plugins/postfixadmin#squirrelmail-configure

SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Plugins
Installed Plugins
1. postfixadmin
2. amavisnewsql
3. check_quota
4. timeout_user

-------------skip-----------------

Install MailZu

mail:/usr/share/squirrelmail/plugins/postfixadmin# apt-get install php-mail-mime
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
php-mail-mimedecode
The following NEW packages will be installed:
php-mail-mime php-mail-mimedecode
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 32.5kB of archives.

----------------skip----------------

mail:/usr/share/squirrelmail/plugins/postfixadmin# cd /var/www
mail:/var/www# http://downloads.sourceforge.net/project/mailzu/mailzu/MailZu%200.8RC3/MailZu_0.8RC3.tar.gz?use_mirror=biznetnetworks

mail:/var/www# tar xzf MailZu_0.8RC3.tar.gz
mail:/var/www# mv MailZu_0.8RC3.tar.gz /usr/local/src/
mail:/var/www# mv MailZu_0.8RC3 mailzu
mail:/var/www# cd mailzu/config

mail:/var/www/mailzu/config# cd /var/www/mailzu/lib/
mail:/var/www/mailzu/lib# cp AmavisdEngine.class.php AmavisdEngine.class.php.original

mail:/var/www/mailzu/lib# cd /var/www/mailzu/config
mail:/var/www/mailzu/config# sed -i "s/'user'/'amavis'/" config.php
mail:/var/www/mailzu/config# sed -i "s/'pass'/'amavis_password'/" config.php
mail:/var/www/mailzu/config# sed -i "s/'dbname'/'amavis'/" config.php
mail:/var/www/mailzu/config# sed -i "s/hostname.domain.tld/localhost/" config.php
mail:/var/www/mailzu/config# sed -i "s/binquar'] = false/binquar'] = true/" config.php
mail:/var/www/mailzu/config# sed -i "s/'auth']\['serverType'] = 'ldap'/'auth']\['serverType'] = 'imap'/" config.php
mail:/var/www/mailzu/config# sed -i "s|imaphost.domain.tld:143|localhost:110/pop3/novalidate-cert|" config.php
mail:/var/www/mailzu/config# sed -i "s/'imap_type'] = 'imapssl'/'imap_type'] = 'imap'/" config.php
mail:/var/www/mailzu/config# sed -i "s/'imap_domain_name'] = 'domain.tld'/'imap_domain_name'] = ''/" config.php
mail:/var/www/mailzu/config# sed -i "s/mailzuhost.domain.tld/mail.nusantaraxxx.com/" config.php
mail:/var/www/mailzu/config# sed -i "s/'emailType'] = 'mail'/'emailType'] = 'sendmail'/" config.php
mail:/var/www/mailzu/config# sed -i "s/support@domain.tld/postmaster@nusantaraxxx.com/" config.php
mail:/var/www/mailzu/config# cp ../lib/IMAPAuth.class.php ../lib/IMAPAuth.class.php.original
mail:/var/www/mailzu/config# sed -i "s/, OP_HALFOPEN//" ../lib/IMAPAuth.class.php
mail:/var/www/mailzu/config# cp ../lib/DBEngine.class.php ../lib/DBEngine.class.php.original
mail:/var/www/mailzu/config# sed -i 's/dbtype/dbType/' ../lib/DBEngine.class.php
mail:/var/www/mailzu/config# touch /var/log/mailzu.log
mail:/var/www/mailzu/config# chown www-data:www-data /var/log/mailzu.log
mail:/var/www/mailzu/config# chmod 660 /var/log/mailzu.log
mail:/var/www/mailzu/config# chown -R root:www-data /var/www/mailzu
mail:/var/www/mailzu/config# chmod 640 config.php
mail:/var/www/mailzu/config# cd /etc/logrotate.d

mail:/etc/logrotate.d#nano /etc/logrotate.d/mailzu

/var/log/mailzu.log {
rotate 7
daily
compress
delaycompress
copytruncate
notifempty
}

Tambahkan pada /etc/amavis/conf.d/50-user :

$inet_socket_port = [10024, 10026, 9998];
$inet_socket_bind = undef;
$interface_policy{'9998'} = 'MAILZU';
$policy_bank{'MAILZU'} = {
protocol => 'AM.PDP',
inet_acl => [qw( 127.0.0.1 [::1] 202.77.33.xxx )],
};

$banned_files_quarantine_method = 'sql:';
$spam_quarantine_method = 'sql:';

mail:/etc/logrotate.d# /etc/init.d/amavis restart
Stopping amavisd: amavisd-new.
Starting amavisd: amavisd-new.
mail:/etc/logrotate.d#

https://mail.nusantaraxxx.com/mailzu

QUOTA
mail:/etc/logrotate.d# cd /usr/sbin
mail:/usr/sbin# wget http://henry.gultom.or.id/mecham/quota-warning.sh.txt
mail:/usr/sbin# mv quota-warning.sh.txt quota-warning.sh
mail:/usr/sbin# chmod +x quota-warning.sh
mail:/usr/sbin# sed -i 's/host.domain.tld/mail.nusantaraxxx.com/' quota-warning.sh
mail:/usr/sbin# cat /var/vmail/nusantaraxxx.com/test/maildirsize
1024000S
0 0
mail:/usr/sbin# postmap /etc/postfix/reject_over_quota

Install Mailgraph

mail:/usr/sbin# apt-get install mailgraph
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
fontconfig libcairo2 libdatrie0 libdirectfb-1.0-0 libfile-tail-perl libfontenc1 libpango1.0-0 libpango1.0-common libpixman-1-0 librrd4 librrds-perl
libsysfs2 libthai-data libthai0 libts-0.0-0 libxcb-render-util0 libxcb-render0 libxfont1 libxft2 libxrender1 x-ttcidfont-conf xfonts-encodings
xfonts-utils
Suggested packages:
ttf-kochi-gothic ttf-kochi-mincho ttf-thryomanes ttf-baekmuk ttf-arphic-gbsn00lp ttf-arphic-bsmi00lp ttf-arphic-gkai00mp ttf-arphic-bkai00mp
The following NEW packages will be installed:
fontconfig libcairo2 libdatrie0 libdirectfb-1.0-0 libfile-tail-perl libfontenc1 libpango1.0-0 libpango1.0-common libpixman-1-0 librrd4 librrds-perl
libsysfs2 libthai-data libthai0 libts-0.0-0 libxcb-render-util0 libxcb-render0 libxfont1 libxft2 libxrender1 mailgraph x-ttcidfont-conf xfonts-encodings
xfonts-utils
0 upgraded, 24 newly installed, 0 to remove and 0 not upgraded.
------------skip-----------

mail:/usr/sbin# sed -i 's/IGNORE_LOCALHOST=false/IGNORE_LOCALHOST=true/' /etc/default/mailgraph
mail:/usr/sbin# /etc/init.d/mailgraph restart
Stopping Postfix Mail Statistics: mailgraph.
Starting Postfix Mail Statistics: mailgraph.
mail:/usr/sbin#

Testing hasil :
https://mail.nusantaraxxx.com/cgi-bin/mailgraph.cgi

Install OpenProtect SARE rules

mail:/usr/sbin# cd /etc/spamassassin
mail:/etc/spamassassin# wget http://saupdates.openprotect.com/pub.gpg
--2009-09-13 17:36:52-- http://saupdates.openprotect.com/pub.gpg
Resolving saupdates.openprotect.com... 216.32.73.253
Connecting to saupdates.openprotect.com|216.32.73.253|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 946 [application/octet-stream]
Saving to: `pub.gpg'

100%[======================================>] 946 --.-K/s in 0s

2009-09-13 17:36:54 (76.8 MB/s) - `pub.gpg' saved [946/946]

mail:/etc/spamassassin# sa-update --import pub.gpg
mail:/etc/spamassassin# cd /usr/sbin
mail:/usr/sbin# wget http://www200.pair.com/mecham/spam/sa-update.sh.txt
--2009-09-13 17:37:16-- http://www200.pair.com/mecham/spam/sa-update.sh.txt
Resolving www200.pair.com... 209.68.2.45
Connecting to www200.pair.com|209.68.2.45|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 578 [text/plain]
Saving to: `sa-update.sh.txt'

100%[======================================>] 578 --.-K/s in 0s

2009-09-13 17:37:16 (51.2 MB/s) - `sa-update.sh.txt' saved [578/578]

mail:/usr/sbin# mv sa-update.sh.txt sa-update.sh
mail:/usr/sbin# chmod +x sa-update.sh
mail:/usr/sbin# sa-update.sh
mail:/usr/sbin#

Install SaneSecurity dan MSRBL ClamAV signatures

mail:/usr/sbin# apt-get install curl rsync
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
curl rsync
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 536kB of archives.
After this operation, 922kB of additional disk space will be used.
Get:1 http://kebo.vlsm.org lenny/main curl 7.18.2-8lenny3 [208kB]
Get:2 http://kebo.vlsm.org lenny/main rsync 3.0.3-2 [328kB]
Fetched 536kB in 10s (48.8kB/s)
Selecting previously deselected package curl.
(Reading database ... 37824 files and directories currently installed.)
Unpacking curl (from .../curl_7.18.2-8lenny3_i386.deb) ...
Selecting previously deselected package rsync.
Unpacking rsync (from .../rsync_3.0.3-2_i386.deb) ...
Processing triggers for man-db ...
Setting up curl (7.18.2-8lenny3) ...
Setting up rsync (3.0.3-2) ...

mail:/usr/sbin# cd /usr/sbin
mail:/usr/sbin# wget http://henry.gultom.or.id/mecham/UpdateSaneSecurity.sh.txt
mail:/usr/sbin# mv UpdateSaneSecurity.sh.txt UpdateSaneSecurity.sh
mail:/usr/sbin# chmod +x UpdateSaneSecurity.sh
mail:/usr/sbin# UpdateSaneSecurity.sh

The /usr/sbin/UpdateSaneSecurity.sh setting will only report errors for curl downloads.
====================
= ClamD is running =
====================

Running script manually, do you want to pause execution (y/n)?: y
Starting unofficial ClamAV signature updates on Sun Sep 13 17:42:42 WIT 2009

Pausing signature updates for 14 seconds. Time remaining: 1
Pause complete, Sun Sep 13 17:42:56 WIT 2009, checking for new signature files...

======================================================================
Malware Black List mbl.db Signature File Update
======================================================================
6 hours have not yet elapsed since the last MBL update.

--- No update was performed at this time ---

Next MBL update will be performed in approximately 6 hour(s), 0 minute(s)

======================================================================
MSRBL MSRBL-Images.hdb Signature File Update
======================================================================

Number of files: 1
Number of files transferred: 1
Total file size: 181337 bytes
Total transferred file size: 181337 bytes
Literal data: 181337 bytes
Matched data: 0 bytes
File list size: 35
File list generation time: 0.001 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 118
Total bytes received: 181478

sent 118 bytes received 181478 bytes 846.60 bytes/sec
total size is 181337 speedup is 1.00

======================================================================
MSRBL MSRBL-SPAM.ndb Signature File Update
======================================================================

Number of files: 1
Number of files transferred: 1
Total file size: 244643 bytes
Total transferred file size: 244643 bytes
Literal data: 244643 bytes
Matched data: 0 bytes
File list size: 28
File list generation time: 0.001 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 46
Total bytes received: 244776

sent 46 bytes received 244776 bytes 16884.28 bytes/sec
total size is 244643 speedup is 1.00

======================================================================
SecuriteInfo vx.hdb Signature File Update
======================================================================
======================================================================
SecuriteInfo honeynet.hdb Signature File Update
======================================================================
======================================================================
SecuriteInfo securiteinfo.hdb Signature File Update
======================================================================
==================================================
= Update(s) detected, reloading ClamAV databases =
==================================================


mail:/usr/sbin# ls -l /var/lib/clamav
total 40052
-rw-r--r-- 1 clamav clamav 4775424 2009-09-13 15:25 daily.cld
-rw-r--r-- 1 clamav clamav 43452 2009-09-13 17:46 honeynet.hdb
-rw-r--r-- 1 clamav clamav 12530 2009-05-07 18:20 honeynet.hdb.gz
-rw-r--r-- 1 clamav clamav 11 2009-09-13 17:43 last-mbl-update.txt
-rw-r--r-- 1 clamav clamav 21253696 2009-09-09 15:17 main.cvd
-rw-r--r-- 1 clamav clamav 88063 2009-09-13 17:43 mbl.db
-rw------- 1 clamav clamav 260 2009-09-13 17:25 mirrors.dat
-rw-r--r-- 1 clamav clamav 181337 2009-07-24 17:40 MSRBL-Images.hdb
-rw-r--r-- 1 clamav clamav 244643 2009-07-27 15:21 MSRBL-SPAM.ndb
-rw-r--r-- 1 clamav clamav 9393566 2009-09-13 17:47 securiteinfo.hdb
-rw-r--r-- 1 clamav clamav 3822328 2009-08-28 17:43 securiteinfo.hdb.gz
-rw-r--r-- 1 clamav clamav 777577 2009-09-13 17:46 vx.hdb
-rw-r--r-- 1 clamav clamav 310223 2009-05-07 21:02 vx.hdb.gz

mail:/usr/sbin#


POSTGREY
mail:/usr/sbin#apt-get install postgrey

mail:/usr/sbin#sed -i 's/--inet=127.0.0.1:60000/--inet=127.0.0.1:60000 --delay=29/' /etc/default/postgrey
mail:/usr/sbin#/etc/init.d/postgrey restart
mail:/usr/sbin#ps aux | grep postgrey | grep -v grep

mail:/usr/sbin#cd /etc/postfix
mail:/usr/sbin#wget http://henry.gultom.or.id/mecham/check_client_fqdn
mail:/usr/sbin#cp -ip main.cf main.cf-before-grey

mail:/usr/sbin#postconf -e "smtpd_restriction_classes = check_greylist"
mail:/usr/sbin#postconf -e "check_greylist = check_policy_service inet:127.0.0.1:60000"
mail:/usr/sbin#cp access greylist_sender_exceptions
mail:/usr/sbin#postmap greylist_sender_exceptions
mail:/usr/sbin#touch cidr_greylist_network_exceptions

Install Botnet SA plugin

mail:/usr/sbin# cd /usr/local/src
mail:/usr/local/src# mkdir Botnet-0.8
mail:/usr/local/src# cd Botnet-0.8
mail:/usr/local/src/Botnet-0.8# wget http://people.ucsc.edu/~jrudd/spamassassin/Botnet-0.8.tar
--2009-09-13 17:49:24-- http://people.ucsc.edu/~jrudd/spamassassin/Botnet-0.8.tar
Resolving people.ucsc.edu... 128.114.124.1
Connecting to people.ucsc.edu|128.114.124.1|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 81920 (80K) [application/x-tar]
Saving to: `Botnet-0.8.tar'

100%[=====================================>] 81,920 89.6K/s in 0.9s

2009-09-13 17:49:26 (89.6 KB/s) - `Botnet-0.8.tar' saved [81920/81920]

mail:/usr/local/src/Botnet-0.8# tar -xf Botnet-0.8.tar
mail:/usr/local/src/Botnet-0.8# wget http://henry.gultom.or.id/mecham/botnet8patch.txt
mail:/usr/local/src/Botnet-0.8# cp Botnet.pm Botnet.pm~
mail:/usr/local/src/Botnet-0.8# patch -p0 <botnet8patch.txt
patching file Botnet.pm
mail:/usr/local/src/Botnet-0.8# cp Botnet.pm /etc/spamassassin/
mail:/usr/local/src/Botnet-0.8# cp Botnet.cf /etc/spamassassin/
mail:/usr/local/src/Botnet-0.8# cd /etc/spamassassin/
mail:/etc/spamassassin# sed -i 's/5.0/2.0/' Botnet.cf
mail:/etc/spamassassin# amavisd-new reload
Daemon [30943] terminated by SIGTERM, waiting for dust to settle...
becoming a new daemon...
mail:/etc/spamassassin# spamassassin --lint

Install p0f (Passive OS Fingerprinting)

mail:/etc/spamassassin# apt-get install p0f
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libpcap0.8
The following NEW packages will be installed:
libpcap0.8 p0f
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 165kB of archives.
After this operation, 430kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://kebo.vlsm.org lenny/main libpcap0.8 0.9.8-5 [94.4kB]
Get:2 http://kebo.vlsm.org lenny/main p0f 2.0.8-1 [70.5kB]
Fetched 165kB in 3s (41.3kB/s)
Selecting previously deselected package libpcap0.8.
(Reading database ... 37869 files and directories currently installed.)
Unpacking libpcap0.8 (from .../libpcap0.8_0.9.8-5_i386.deb) ...
Selecting previously deselected package p0f.
Unpacking p0f (from .../archives/p0f_2.0.8-1_i386.deb) ...
Processing triggers for man-db ...
Setting up libpcap0.8 (0.9.8-5) ...
Setting up p0f (2.0.8-1) ...
mail:/etc/spamassassin# cd /usr/sbin
mail:/usr/sbin# wget http://henry.gultom.or.id/mecham/p0f-analyzer.txt
mail:/usr/sbin# mv p0f-analyzer.txt p0f-analyzer.pl
mail:/usr/sbin# chmod +x p0f-analyzer.pl
mail:/usr/sbin# cd /etc/init.d
mail:/etc/init.d# wget http://henry.gultom.or.id/mecham/p0f
mail:/etc/init.d# chmod +x p0f
mail:/etc/init.d# update-rc.d p0f defaults
update-rc.d: warning: /etc/init.d/p0f missing LSB information
update-rc.d: see <http://wiki.debian.org/LSBInitScripts>
Adding system startup for /etc/init.d/p0f ...
/etc/rc0.d/K20p0f -> ../init.d/p0f
/etc/rc1.d/K20p0f -> ../init.d/p0f
/etc/rc6.d/K20p0f -> ../init.d/p0f
/etc/rc2.d/S20p0f -> ../init.d/p0f
/etc/rc3.d/S20p0f -> ../init.d/p0f
/etc/rc4.d/S20p0f -> ../init.d/p0f
/etc/rc5.d/S20p0f -> ../init.d/p0f


mail:/etc/init.d# cd /etc/spamassassin
mail:/etc/spamassassin# wget http://henry.gultom.or.id/mecham/p0f.cf
mail:/etc/spamassassin# /etc/init.d/p0f start
mail:/etc/spamassassin# nano /etc/amavis/conf.d/50-user
mail:/etc/spamassassin# amavisd-new reload
Waiting for the process [31135] to terminate
Daemon [31135] terminated by SIGTERM, waiting for dust to settle...
becoming a new daemon...
mail:/etc/spamassassin#

Install altermime

mail:/etc/spamassassin# cd /etc
mail:/etc# wget http://henry.gultom.or.id/mecham/disclaimer.txt
mail:/etc# cd /usr/local/src
mail:/usr/local/src# wget http://pldaniels.com/altermime/altermime-0.3-dev.tar.gz
--2009-09-13 17:58:21-- http://pldaniels.com/altermime/altermime-0.3-dev.tar.gz
Resolving pldaniels.com... 202.130.35.19
Connecting to pldaniels.com|202.130.35.19|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 86569 (85K) [application/x-gzip]
Saving to: `altermime-0.3-dev.tar.gz'

100%[====================================>] 86,569 30.2K/s in 2.8s

2009-09-13 17:58:25 (30.2 KB/s) - `altermime-0.3-dev.tar.gz' saved [86569/86569]

mail:/usr/local/src# tar xzf altermime-0.3-dev.tar.gz
mail:/usr/local/src# cd altermime-0.3-dev
mail:/usr/local/src/altermime-0.3-dev#

mail:/usr/local/src# cd altermime-0.3-dev
mail:/usr/local/src/altermime-0.3-dev# make && make install
cc -Wall -Werror -g -I. -O2 -c strstack.c
cc -Wall -Werror -g -I. -O2 -c mime_alter.c
cc -Wall -Werror -g -I. -O2 -c ffget.c
cc -Wall -Werror -g -I. -O2 -c pldstr.c
cc -Wall -Werror -g -I. -O2 -c filename-filters.c
cc -Wall -Werror -g -I. -O2 -c logger.c
cc -Wall -Werror -g -I. -O2 -c MIME_headers.c
cc -Wall -Werror -g -I. -O2 -c libmime-decoders.c
cc -Wall -Werror -g -I. -O2 -c boundary-stack.c
cc -Wall -Werror -g -I. -O2 -c qpe.c
cc -Wall -Werror -g -I. -O2 altermime.c strstack.o mime_alter.o ffget.o pldstr.o filename-filters.o logger.o MIME_headers.o libmime-decoders.o boundary-stack.o qpe.o -o altermime
strip altermime
cp altermime /usr/local/bin
chmod a+rx /usr/local/bin/altermime

mail:/usr/local/src/altermime-0.3-dev# nano /etc/amavis/amavisd.conf
mail:/usr/local/src/altermime-0.3-dev# nano /etc/amavis/conf.d/50-user
mail:/usr/local/src/altermime-0.3-dev# amavisd-new reload
Waiting for the process [31219] to terminate
Daemon [31219] terminated by SIGTERM, waiting for dust to settle...
becoming a new daemon...
mail:/usr/local/src/altermime-0.3-dev# nano /etc/disclaimer.txt
mail:/usr/local/src/altermime-0.3-dev#

FIREWALL

Sistem mailserver yang dibangun berbeda dengan kebanyakan dan membatasin traffic dan port yang dibuka. Disini port 80 ditutup. Untuk user akan menggunakan port 443 (apache-ssl), 993 (courier-imap-ssl) dan 995 (courier-pop-ssl). Berikut confignya yang diketikkan di konsol langsung :

iptables -F
iptables -N FIREWALL
iptables -F FIREWALL
iptables -A INPUT -j FIREWALL
iptables -A FORWARD -j FIREWALL
iptables -A FIREWALL -p tcp -m tcp --dport 25 --syn -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --dport 110 --syn -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --dport 143 --syn -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --dport 443 --syn -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --dport 465 --syn -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --dport 587 --syn -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --dport 993 --syn -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --dport 995 --syn -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --dport 4650 --syn -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp -s 222.222.222.222/24 --dport 22 --syn -j ACCEPT
iptables -A FIREWALL -i lo -j ACCEPT
iptables -A FIREWALL -p udp -m udp --sport 53 -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --sport 53 -j ACCEPT
iptables -A FIREWALL -p udp -m udp --dport 123 -j ACCEPT
iptables -A FIREWALL -p udp -m udp --sport 6277 -j ACCEPT
iptables -A FIREWALL -p udp -m udp --sport 24441 -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --syn -j REJECT
iptables -A FIREWALL -p udp -m udp -j REJECT
iptables-save > /etc/firewall-rules
iptables-restore < /etc/firewall-rules

kemudian kita masukkan ke /etc/network/interfaces

pre-up iptables-restore < /etc/firewall-rules

kemudian kita reboot komputer server ini untuk melihat efek dari keseluruhan instalasi.

Setelah komputer up kita cek status services semua :

mail:/home/gtoms# netstat -nltup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 2072/dovecot
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 2072/dovecot
tcp 0 0 0.0.0.0:10024 0.0.0.0:* LISTEN 31281/amavisd (mast
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 30900/master
tcp 0 0 0.0.0.0:10026 0.0.0.0:* LISTEN 31281/amavisd (mast
tcp 0 0 0.0.0.0:4650 0.0.0.0:* LISTEN 30900/master
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1874/mysqld
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 30900/master
tcp 0 0 0.0.0.0:9998 0.0.0.0:* LISTEN 31281/amavisd (mast
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 2072/dovecot
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 2072/dovecot
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 30900/master
tcp 0 0 127.0.0.1:10035 0.0.0.0:* LISTEN 30900/master
tcp 0 0 202.77.33.xxx:53 0.0.0.0:* LISTEN 23271/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 23271/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1809/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 30900/master
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 23271/named
tcp6 0 0 :::53 :::* LISTEN 23271/named
tcp6 0 0 :::22 :::* LISTEN 1809/sshd
tcp6 0 0 ::1:953 :::* LISTEN 23271/named
tcp6 0 0 :::443 :::* LISTEN 14091/apache2
udp 0 0 127.0.0.1:2345 0.0.0.0:* 31206/perl
udp 0 0 202.77.33.xxx:53 0.0.0.0:* 23271/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 23271/named
udp6 0 0 :::53 :::* 23271/named



Testing kirim-kiriman email sembari melihat log :

Dari account test@nusantaraxxx.com ke Yahoo :

Sep 13 19:01:15 mail postfix/smtpd[4312]: connect from localhost[127.0.0.1]
Sep 13 19:01:15 mail postfix/smtpd[4312]: 9407F23A547: client=localhost[127.0.0.1]
Sep 13 19:01:15 mail postfix/cleanup[4318]: 9407F23A547: message-id=<f6a2dad2475906895d9d2bc989704cc4.squirrel@mail.nusantaraxxx.com>
Sep 13 19:01:15 mail postfix/qmgr[2465]: 9407F23A547: from=<test@nusantaraxxx.com>, size=790, nrcpt=1 (queue active)
Sep 13 19:01:15 mail dovecot: imap-login: Login: user=<test@nusantaraxxx.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Sep 13 19:01:15 mail postfix/smtpd[4312]: disconnect from localhost[127.0.0.1]
Sep 13 19:01:15 mail dovecot: IMAP(test@nusantaraxxx.com): Disconnected: Logged out bytes=661/165
Sep 13 19:01:16 mail dovecot: imap-login: Login: user=<test@nusantaraxxx.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Sep 13 19:01:16 mail dovecot: IMAP(test@nusantaraxxx.com): Disconnected: Logged out bytes=340/6932
Sep 13 19:01:24 mail postfix/smtpd[4331]: connect from localhost[127.0.0.1]
Sep 13 19:01:24 mail postfix/smtpd[4331]: 98B1623A562: client=localhost[127.0.0.1]
Sep 13 19:01:24 mail postfix/cleanup[4336]: 98B1623A562: message-id=<f6a2dad2475906895d9d2bc989704cc4.squirrel@mail.nusantaraxxx.com>
Sep 13 19:01:24 mail postfix/qmgr[2465]: 98B1623A562: from=<test@nusantaraxxx.com>, size=2087, nrcpt=1 (queue active)
Sep 13 19:01:24 mail postfix/smtpd[4331]: disconnect from localhost[127.0.0.1]
Sep 13 19:01:24 mail amavis[4012]: (04012-04) Passed CLEAN, MYNETS LOCAL [127.0.0.1] [125.161.183.35] <test@nusantaraxxx.com> -> <gtomslinux@yahoo.com>, Message-ID: <f6a2dad2475906895d9d2bc989704cc4.squirrel@mail.nusantaraxxx.com>, mail_id: fFDuKU+SHble, Hits: -0.474, size: 790, queued_as: 98B1623A562, 8980 ms
Sep 13 19:01:24 mail postfix/smtp[4319]: 9407F23A547: to=<gtomslinux@yahoo.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=9.1, delays=0.07/0.02/0.01/9, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=04012-04, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 98B1623A562)
Sep 13 19:01:24 mail postfix/qmgr[2465]: 9407F23A547: removed
Sep 13 19:01:25 mail postfix/smtp[4337]: 98B1623A562: lost connection with a.mx.mail.yahoo.com[67.195.168.31] while receiving the initial server greeting
Sep 13 19:01:27 mail postfix/anvil[4285]: statistics: max connection rate 1/60s for (smtp:125.160.6.243) at Sep 13 18:58:07
Sep 13 19:01:27 mail postfix/anvil[4285]: statistics: max connection count 1 for (smtp:125.160.6.243) at Sep 13 18:58:07
Sep 13 19:01:27 mail postfix/anvil[4285]: statistics: max cache size 1 at Sep 13 18:58:07
Sep 13 19:01:27 mail postfix/smtp[4337]: 98B1623A562: to=<gtomslinux@yahoo.com>, relay=g.mx.mail.yahoo.com[206.190.53.191]:25, delay=2.9, delays=0.03/0.05/2.2/0.66, dsn=2.0.0, status=sent (250 ok dirdel)
Sep 13 19:01:27 mail postfix/qmgr[2465]: 98B1623A562: removed


Dari Yahoo ke account test@nusantaraxxx.com :

Sep 13 19:04:14 mail postfix/smtpd[5347]: connect from n6.bullet.re3.yahoo.com[68.142.237.91]
Sep 13 19:04:16 mail postfix/smtpd[5347]: 7BFA523A547: client=n6.bullet.re3.yahoo.com[68.142.237.91]
Sep 13 19:04:17 mail postfix/cleanup[5353]: 7BFA523A547: message-id=<366745.89383.qm@web57003.mail.re3.yahoo.com>
Sep 13 19:04:17 mail postfix/qmgr[2465]: 7BFA523A547: from=<gtomslinux@yahoo.com>, size=9925, nrcpt=1 (queue active)
Sep 13 19:04:17 mail postfix/smtpd[5347]: disconnect from n6.bullet.re3.yahoo.com[68.142.237.91]
Sep 13 19:04:28 mail postfix/smtpd[5361]: connect from localhost[127.0.0.1]
Sep 13 19:04:28 mail postfix/smtpd[5361]: 2BA0C23A566: client=localhost[127.0.0.1]
Sep 13 19:04:28 mail postfix/cleanup[5366]: 2BA0C23A566: message-id=<366745.89383.qm@web57003.mail.re3.yahoo.com>
Sep 13 19:04:28 mail postfix/qmgr[2465]: 2BA0C23A566: from=<gtomslinux@yahoo.com>, size=10555, nrcpt=1 (queue active)
Sep 13 19:04:28 mail postfix/smtpd[5361]: disconnect from localhost[127.0.0.1]
Sep 13 19:04:28 mail amavis[4007]: (04007-05) Passed CLEAN, [68.142.237.91] [125.161.142.52] <gtomslinux@yahoo.com> -> <test@nusantaraxxx.com>, Message-ID: <366745.89383.qm@web57003.mail.re3.yahoo.com>, mail_id: 3P33XQoWBHif, Hits: 0, size: 9922, queued_as: 2BA0C23A566, 10546 ms
Sep 13 19:04:28 mail postfix/smtp[5354]: 7BFA523A547: to=<test@nusantaraxxx.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=13, delays=2.5/0.01/0.01/11, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=04007-05, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 2BA0C23A566)
Sep 13 19:04:28 mail postfix/qmgr[2465]: 7BFA523A547: removed
Sep 13 19:04:28 mail postfix/pipe[5367]: 2BA0C23A566: to=<test@nusantaraxxx.com>, relay=dovecot, delay=0.24, delays=0.03/0.04/0/0.17, dsn=2.0.0, status=sent (delivered via dovecot service)
Sep 13 19:04:28 mail postfix/qmgr[2465]: 2BA0C23A566: removed









Baca juga :


Index

Henry Gultom
henry at gultom dot or dot id
SEPT 15 2009