|
ot Ivo Gelov(26-01-2008)
reiting (39)
[ dobre ]
[ zle ]
Variant za otpechatvane Dovecot e munichuk i sravnitelno lesen za konfigurirane POP3
i IMAP survur, veroiatno mnozina ot vas go izpolzvat i sa
dovolni ot nego. Kolegite postepenno se otkazvat ot POP3
klientite si (obikveno Outlook Express ili Mozilla
ThunderBird)
i izpolzvat WEB-interfeisa SquirrelMail kato IMAP klient.
Vuznikna nuzhdata ot prilagane na pravila kum pismata -
naprimer
pismata ot razlichni klienti da otivat v razlini podpapki na
INBOX. SquirrelMail ima plugini za takiva pravila,
glavno
kato miarka sreshtu SPAM. Tiahnoto izpolzvane obache vodi do
zabaviane, poradi niakolko prichini:
1. Tezi filtri se izpulniavat ot strana na IMAP klienta (v
sluchaia SquirrelMail) v momenta, kogato potrebitelia reshi
da
razgleda INBOX. Ako v nego ima goliam broi pisma - mozhe da
se poluchi timeout
2. Tui kato SquirrelMail e napisan na PHP, skorostta na
rabota na filtrite e po-niska, otkolkoto kompilirana
programa
3. Filtrite ne mogat da reagirat na pismata v realno vreme
- te se izpulniavat pri logvane na potrebitelia v
SquirrelMail,
a ne v momenta na pristigane na pismata
Tova bi moglo da se reshi ot LDA (Local Delivery Agent) -
programata, koiato se izvikva ot poshtenskiia survur (v sluchaia
tova e
Postfix). Naprimer maildrop, ili procmail. Pri men roliata
na LDA se izpulniava ot samiia Postfix, i tui kato niamam opit
nito
s maildrop, nito s procmail, puk i mi se storiha malko
slozhnichki i neudobni (govoria za men samiia) - reshih da se
opitam da
nastroia Dovecot kato LDA, i da izpolzvam edin ot negovite
plugini kato ManageSieve survur. Tova e survur, koito priema
Sieve skriptove po TCP/IP i gi izpulniava pri nuzhda. Poveche
informatsiia mozhe da namerite tuk (http://sieve.info/overview)
MANAGESIEVE e standarten protokol (kakto SMTP, FTP i t.n.)
Sieve skriptovete sa obiknoveno tekstovi failove s lesni
komandi, predostaviat malko poveche ot minimalna
funktsionalnost, no ne predostaviat "opasni"
komandi, koito biha mogli da
povrediat sistemata (naprimer Buffer-Overflow) ot
nepodgotveni ili zlonamereni potrebiteli. ManageSieve
survurite obiknoveno
kompilirat tezi tekstovi failove v sobstven format, za da
se izpulniavat po-burzo. Eto edin primer za Sieve skript:
require
["fileinto","envelope","comparator-i;ascii-numeric","regex"];
if
address :is "From"
"some_address@my_domain.com"
{
fileinto "Junk";
}
Sigurno veche ste se dosetili, che tozi filtur premestva
pismata ot "some_address@my_domain.com" v papka
Junk :-)
Sega da pristupim kum instaliraneto i konfiguriraneto.
Triabva da napravim 2 neshta:
I. Da dobavim ManageSieve survur
II. Da dobavim plugin za vruzka s tozi survur
III. Da konfigurirame Dovecot kato LDA i da ukazhem, che
triabva da izpolzva tozi plugin
I veche po-podrobno.
I.1. Svaliame pach za suotvetnata versiia na Dovecot (az
izpolzvam 1.0.10) ot tuk (http://sinas.rename-it.nl/~sirius/)
I.2. Zapisvame diff faila v sushtata papka, v koiato se namira
configure skripta na Dovecot
Naprimer, az durzha v "/usr/local/sources"
razarhiviranite izhodni kodove na vsichki programi, koito sum
instaliral.
Suotvetno Dovecot se namira v
"/usr/local/sources/dovecot-1.0.10", i v tazi
papka zapisvam faila
dovecot-1.0.10-MANAGESIEVE-v9.1.diff.gz (nezavisimo ot
razshirenieto, tova e obiknoven tekstov fail)
I.3. Osushtestviavame pacha po obichainiia nachin
patch -p1 <
./dovecot-1.0.10-MANAGESIEVE-v9.1.diff.gz
I.4. Predi da pristupim kum ./configure, make i make
install - triabva da obnovim automake/autoconf
konfiguratsiiata,
za da se dobaviat failovete za ManageSieve v protsesa na
kompilatsiiata. Tova stava s poreditsata komandi
aclocal
autoreconf -i
automake
Pri men obache izgurmia s razni suobshteniia za lipsvashti M4
makrosi. SHTe vi spestia obiasneniiata i shte pristupia napravo
kum reshenieto. Pri vas mozhe da e po-razlichno (az sum s
Fedora 4), pri men beshe dostatuchno da se snabdia s
failovete
iconv.m4 i aclocal.m4, da dobavia teksta na aclocal.m4 v
nachaloto na iconv.m4 i da zapisha iconv.m4 v papka
"/usr/share/aclocal" Failut iconv.m4 go vzeh ot
Midnight Commander - ot papka m4, a puk aclocal.m4 uspiah da
otkriia
na tozi adres (http://dev.splitbrain.org/download/darc...)
Sled tova gornite 3 komandi se izpulniha bez nito edna
greshka.
I.5. Produlzhavame po obichainiia nachin
./configure
make
sudo make install
II.1. Svaliame Sieve plugin ot saita na Dovecot (http://www.dovecot.org/download.html)
za suotvetnata versiia (v moia
sluchai tova e versiia 1.0.2)
II.2. Razarhivirame sudurzhanieto na arhiva v papka na
sushtoto nivo, na koeto e papkata s izhodniia kod na
Dovecot.
V moia sluchai tova e
"/usr/local/sources/dovecot-sieve-1.0.2"
II.3. Namiraiki se v papkata na plugina, izpulniavame
komandite
./configure --with-dovecot=../dovecot-1.0.10
make
sudo make install
Po tozi nachin osven plugina (cmusieve) instalirame sievec i
sieved - suotvetno kompilator i dekompilator za Sieve
skriptove.
III.1. Ukazvame na Dovecot da izpolzva cmusieve plugina - v
/etc/dovecot.conf zapisvame slednoto
protocol lda {
# Address to use when sending rejection mails.
postmaster_address = postmaster@domain.com
mail_plugins = cmusieve
mail_plugin_dir =
/usr/local/dovecot/lib/dovecot/lda
# UNIX socket path to master authentication server
to find users.
auth_socket_path = /var/run/dovecot/auth-master
# remember to give proper permissions for these
files as well
log_path = /var/log/dovecot-deliver.log
info_log_path = /var/log/dovecot-deliver.log
# If there is no user-specific Sieve-script, global
Sieve script is
# executed if set. (v1.0.1 and older used
"global_script_path")
#sieve_global_path =
}
Tuk sushto taka sum ukazal, che Deliver (koito vsushtnost
izpulniava roliata na LDA) triabva da izpolzva sobstven
log-fail,
vmesto osnovniia log-fail na Dovecot. Imaite vpredvid, che
Deliver shte se izpulniava kato neprivilegirovan potrebitel
(izvikvan ot Postfix) i zatova e dobre predvaritelno da
suzdadete log-failovete s touch i da im prikachite
pravilni
potrebitel i grupa. Osven tova s komandata
"auth_socket_path" ukazvam UNIX soket, koito da se
izpolzva
ot LDA za poluchavane na mail-papkata na suotvetniia
potrebitel, kudeto triabva da se zapisvat poluchenite
pisma.
Da ne zabraviame - triabva da pusnem i ManageSieve survura.
Tova stava chrez dobaviane na parametur
"managesieve" v spisuka s
protokoli:
protocols = imap pop3 managesieve
III.2. Ukazvame na ManageSieve survura kude da suhraniava
Sieve skriptovete
protocol managesieve {
listen = localhost:2000
# Specifies the location of the symlink pointing to
the active script in
# the sieve storage directory. This must match the
SIEVE setting used by
# deliver (refer to http://wiki.dovecot.org/LDA/Sieve#locat...
for more
# info). Variable substitution with % is
recognized.
#sieve = ~/.dovecot.sieve
sieve = /var/mail/sieve/%d/%n/dovecot.sieve
# This specifies the path to the directory where the
uploaded scripts must
# be stored. In terms of '%' variable substitution
it is identical to
# dovecot's mail_location setting used by the mail
protocol daemons.
sieve_storage = /var/mail/sieve/%d/%n
}
Papka "/var/mail/sieve/" triabva da bude suzdadena
ot imeto na potrebitelia i grupata, s koito shte raboti LDA
(deliver).
Tova e neobhodimo, tui kato Dovecot raboti kato
ROOT-potrebitel i mozhe da zapisva v tazi papka bez problem -
obache Deliver
se izvikva ot Postfix kato neprivilegirovan potrebitel, i
triabva da mozhe da zapisva failove i da suzdava podpapki.
Failove se suzdavat pri kompilatsiiata na Sieve skriptove, a
papki se suzdavat dinamichno (ako dotogava ne sa
sushtestvuvali)
za domeina i potrebitelskoto ime ot email adresa. Pri men
tsialata "/var/mail" e prikachena kum mail:mail.
Po-nadolu shte
opisha kak tochno se nastroiva Postfix, za da izpolzva
Dovecot kato LDA, a sushto i za SASL otorizatsiia pri izprashtane
na pisma.
III.3. Ukazvame na cmusieve i na LDA kude da tursiat Sieve
skriptovete. Ako iskame globalen skript, koito da se
izpulniava
kogato daden potrebitel niama sobstven Sieve skript, togava
po-gore zadavame putia do faila s tozi skript v
"sieve_global_path".
Za lichnite skriptove na potrebitelite imame 2 varianta - da
ukazhem obsht shtablon v /etc/dovecot.conf, ili v protiven
sluchai
shte se tursi fail .dovecot.sieve v mail-papkata na vseki
potrebitel. Az izpolzvam shablon:
plugin {
sieve = /var/mail/sieve/%d/%n/dovecot.sieve
}
Zabelezhete, che tozi fail triabva da e sushtiia, koito ukazahme
po-gore za ManageSieve survura - inache prosto nishto niama da
stane.
%d oznachava da se vzeme vsichko sled '@' ot email adresa, a
puk %n - vsichko predi '@'.
III.4. Nastroika na Postfix, za da izpolzva Dovecot kato
LDA
Vuv faila "/etc/postfix/main.cf" dobaviame
slednite redove
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
Ot faila mogat da otpadnat niakolko komandi, koito se
izpolzvat ot Postfix LDA. S tiah se ukazva identifikatora na
potrebitelia
i grupata, na kogoto prinadlezhi papkata, kudeto shte se
zapisvat pismata. Pri men tova e postfix:postdrop
(501:504)
virtual_minimum_uid = 501
virtual_uid_maps = static:501
virtual_gid_maps = static:504
Vuv faila "/etc/postfix/master.cf" dobaviame
slednite komandi (tova sa 2 otdelni reda, vtoriia zapochva
pone ot 2-ra kolona)
dovecot unix - n
n -
- pipe
flags=DRhu user=mail:mail
argv=/usr/local/dovecot/libexec/dovecot/deliver -c
/etc/dovecot.conf -d ${recipient}
V konfiguratsiiata na Dovecot (/etc/dovecot.conf) razreshavame
dostupa do modula za otorizatsiia ot vunshni programi
(toest
pozvoliavame na Deliver da razbira dali sushtestvuva takuv
potrebitel, i koia e negovata papka za poluchavane na
pisma)
auth default {
# Space separated list of wanted authentication
mechanisms:
# plain login digest-md5 cram-md5 ntlm rpa
apop anonymous gssapi
# NOTE: See also disable_plaintext_auth setting.
mechanisms = plain digest-md5
# SQL database
<doc/wiki/AuthDatabase.SQL.txt>
passdb sql {
args = /etc/dovecot-sql.conf
}
# User database specifies where mails are located
and what user/group IDs
# own them. For single-UID configuration use
"static".
# <doc/wiki/UserDatabase.txt>
# UID = mail, GID = mail
userdb static {
args = uid=8 gid=12
home=/var/mail/vhosts/%d/%n allow_all_users=yes
}
user = mail
# It's possible to export the authentication
interface to other programs:
socket listen {
master {
# Master socket provides access to
userdb information. It's typically
# used to give Dovecot's local
delivery agent access to userdb so it
# can find mailbox locations.
path =
/var/run/dovecot/auth-master
mode = 0775
# Default user/group is the one who
started dovecot-auth (root)
user = mail
group = mail
}
}
}
III.5. Nastroika na Postfix da izpolzva Dovecot za SASL
otorizatsiia
Tova oznachava, che potrebitelite, koito imat poshtenska kutiia
na survura, mogat da izprashtat pisma prez nego sus svoite ime
i parola.
Vuv faila "/etc/postfix/master.cf" dobaviame
komandite
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client
V "smtpd_sasl_path" ukazvame UNIX-soket, koito
sme ukazali v podsektsiia "master" na sektsiia
"socket listen" v razdel "auth
default"
v konfiguratsionniia fail "/etc/dovecot.conf".
Sega ostava da kazha niakolko dumi za AVELSIEVE - tova e
plugin za SquirrelMail, s negova pomosht se suzdavat Sieve
skriptove. Mozhete
da si go izteglite ot saita na SquirrelMail. Plugina na
mesta kutsa malko sus suobshteniiata za greshki - ne sa
dostatuchno
informativni, i poniakoga zabluzhdavat. No ako imate dobre
nastroen Dovecot - vurvi kato pushka.
<< | >>
|
|