ot Ivo Gelov(26-01-2008)

reiting (39)   [ dobre ]  [ zle ]

Printer Friendly Variant za otpechatvane

Dovecot e munichuk i sravnitelno lesen za konfigurirane POP3 i IMAP survur, veroiatno mnozina ot vas go izpolzvat i sa
dovolni ot nego. Kolegite postepenno se otkazvat ot POP3 klientite si (obikveno Outlook Express ili Mozilla ThunderBird)
i izpolzvat WEB-interfeisa SquirrelMail kato IMAP klient. Vuznikna nuzhdata ot prilagane na pravila kum pismata - naprimer
pismata ot razlichni klienti da otivat v razlini podpapki na INBOX. SquirrelMail ima plugini za takiva pravila, glavno
kato miarka sreshtu SPAM. Tiahnoto izpolzvane obache vodi do zabaviane, poradi niakolko prichini:

1. Tezi filtri se izpulniavat ot strana na IMAP klienta (v sluchaia SquirrelMail) v momenta, kogato potrebitelia reshi da
razgleda INBOX. Ako v nego ima goliam broi pisma - mozhe da se poluchi timeout

2. Tui kato SquirrelMail e napisan na PHP, skorostta na rabota na filtrite e po-niska, otkolkoto kompilirana programa

3. Filtrite ne mogat da reagirat na pismata v realno vreme - te se izpulniavat pri logvane na potrebitelia v SquirrelMail,
a ne v momenta na pristigane na pismata

Tova bi moglo da se reshi ot LDA (Local Delivery Agent) - programata, koiato se izvikva ot poshtenskiia survur (v sluchaia tova e
Postfix). Naprimer maildrop, ili procmail. Pri men roliata na LDA se izpulniava ot samiia Postfix, i tui kato niamam opit nito
s maildrop, nito s procmail, puk i mi se storiha malko slozhnichki i neudobni (govoria za men samiia) - reshih da se opitam da
nastroia Dovecot kato LDA, i da izpolzvam edin ot negovite plugini kato ManageSieve survur. Tova e survur, koito priema
Sieve skriptove po TCP/IP i gi izpulniava pri nuzhda. Poveche informatsiia mozhe da namerite tuk (http://sieve.info/overview)
MANAGESIEVE e standarten protokol (kakto SMTP, FTP i t.n.) Sieve skriptovete sa obiknoveno tekstovi failove s lesni
komandi, predostaviat malko poveche ot minimalna funktsionalnost, no ne predostaviat "opasni" komandi, koito biha mogli da
povrediat sistemata (naprimer Buffer-Overflow) ot nepodgotveni ili zlonamereni potrebiteli. ManageSieve survurite obiknoveno
kompilirat tezi tekstovi failove v sobstven format, za da se izpulniavat po-burzo. Eto edin primer za Sieve skript:

require ["fileinto","envelope","comparator-i;ascii-numeric","regex"];
if
address :is "From" "some_address@my_domain.com"
{
fileinto "Junk";
}

Sigurno veche ste se dosetili, che tozi filtur premestva pismata ot "some_address@my_domain.com" v papka Junk :-)
Sega da pristupim kum instaliraneto i konfiguriraneto. Triabva da napravim 2 neshta:

I. Da dobavim ManageSieve survur
II. Da dobavim plugin za vruzka s tozi survur
III. Da konfigurirame Dovecot kato LDA i da ukazhem, che triabva da izpolzva tozi plugin

I veche po-podrobno.

I.1. Svaliame pach za suotvetnata versiia na Dovecot (az izpolzvam 1.0.10) ot tuk (http://sinas.rename-it.nl/~sirius/)

I.2. Zapisvame diff faila v sushtata papka, v koiato se namira configure skripta na Dovecot
Naprimer, az durzha v "/usr/local/sources" razarhiviranite izhodni kodove na vsichki programi, koito sum instaliral.
Suotvetno Dovecot se namira v "/usr/local/sources/dovecot-1.0.10", i v tazi papka zapisvam faila
dovecot-1.0.10-MANAGESIEVE-v9.1.diff.gz (nezavisimo ot razshirenieto, tova e obiknoven tekstov fail)

I.3. Osushtestviavame pacha po obichainiia nachin

patch -p1 < ./dovecot-1.0.10-MANAGESIEVE-v9.1.diff.gz

I.4. Predi da pristupim kum ./configure, make i make install - triabva da obnovim automake/autoconf konfiguratsiiata,
za da se dobaviat failovete za ManageSieve v protsesa na kompilatsiiata. Tova stava s poreditsata komandi

aclocal
autoreconf -i
automake

Pri men obache izgurmia s razni suobshteniia za lipsvashti M4 makrosi. SHTe vi spestia obiasneniiata i shte pristupia napravo
kum reshenieto. Pri vas mozhe da e po-razlichno (az sum s Fedora 4), pri men beshe dostatuchno da se snabdia s failovete
iconv.m4 i aclocal.m4, da dobavia teksta na aclocal.m4 v nachaloto na iconv.m4 i da zapisha iconv.m4 v papka
"/usr/share/aclocal" Failut iconv.m4 go vzeh ot Midnight Commander - ot papka m4, a puk aclocal.m4 uspiah da otkriia
na tozi adres (http://dev.splitbrain.org/download/darc...)
Sled tova gornite 3 komandi se izpulniha bez nito edna greshka.

I.5. Produlzhavame po obichainiia nachin

./configure
make
sudo make install  

II.1. Svaliame Sieve plugin ot saita na Dovecot (http://www.dovecot.org/download.html) za suotvetnata versiia (v moia
sluchai tova e versiia 1.0.2)

II.2. Razarhivirame sudurzhanieto na arhiva v papka na sushtoto nivo, na koeto e papkata s izhodniia kod na Dovecot.
V moia sluchai tova e "/usr/local/sources/dovecot-sieve-1.0.2"

II.3. Namiraiki se v papkata na plugina, izpulniavame komandite

./configure --with-dovecot=../dovecot-1.0.10
make
sudo make install

Po tozi nachin osven plugina (cmusieve) instalirame sievec i sieved - suotvetno kompilator i dekompilator za Sieve
skriptove.

III.1. Ukazvame na Dovecot da izpolzva cmusieve plugina - v /etc/dovecot.conf zapisvame slednoto

protocol lda {
 # Address to use when sending rejection mails.
 postmaster_address = postmaster@domain.com

 mail_plugins = cmusieve
 mail_plugin_dir = /usr/local/dovecot/lib/dovecot/lda

 # UNIX socket path to master authentication server to find users.
 auth_socket_path = /var/run/dovecot/auth-master

 # remember to give proper permissions for these files as well
 log_path = /var/log/dovecot-deliver.log
 info_log_path = /var/log/dovecot-deliver.log

 # If there is no user-specific Sieve-script, global Sieve script is
 # executed if set. (v1.0.1 and older used "global_script_path")
 #sieve_global_path =
}

Tuk sushto taka sum ukazal, che Deliver (koito vsushtnost izpulniava roliata na LDA) triabva da izpolzva sobstven log-fail,
vmesto osnovniia log-fail na Dovecot. Imaite vpredvid, che Deliver shte se izpulniava kato neprivilegirovan potrebitel
(izvikvan ot Postfix) i zatova e dobre predvaritelno da suzdadete log-failovete s touch i da im prikachite pravilni
potrebitel i grupa. Osven tova s komandata "auth_socket_path" ukazvam UNIX soket, koito da se izpolzva
ot LDA za poluchavane na mail-papkata na suotvetniia potrebitel, kudeto triabva da se zapisvat poluchenite pisma.
Da ne zabraviame - triabva da pusnem i ManageSieve survura. Tova stava chrez dobaviane na parametur "managesieve" v spisuka s
protokoli:

protocols = imap pop3 managesieve

III.2. Ukazvame na ManageSieve survura kude da suhraniava Sieve skriptovete

protocol managesieve {
 listen = localhost:2000

 # Specifies the location of the symlink pointing to the active script in
 # the sieve storage directory. This must match the SIEVE setting used by
 # deliver (refer to http://wiki.dovecot.org/LDA/Sieve#locat... for more
 # info). Variable substitution with % is recognized.
 #sieve = ~/.dovecot.sieve
 sieve = /var/mail/sieve/%d/%n/dovecot.sieve

 # This specifies the path to the directory where the uploaded scripts must
 # be stored. In terms of '%' variable substitution it is identical to
 # dovecot's mail_location setting used by the mail protocol daemons.
 sieve_storage = /var/mail/sieve/%d/%n
}

Papka "/var/mail/sieve/" triabva da bude suzdadena ot imeto na potrebitelia i grupata, s koito shte raboti LDA (deliver).
Tova e neobhodimo, tui kato Dovecot raboti kato ROOT-potrebitel i mozhe da zapisva v tazi papka bez problem - obache Deliver
se izvikva ot Postfix kato neprivilegirovan potrebitel, i triabva da mozhe da zapisva failove i da suzdava podpapki.
Failove se suzdavat pri kompilatsiiata na Sieve skriptove, a papki se suzdavat dinamichno (ako dotogava ne sa sushtestvuvali)
za domeina i potrebitelskoto ime ot email adresa. Pri men tsialata "/var/mail" e prikachena kum mail:mail. Po-nadolu shte
opisha kak tochno se nastroiva Postfix, za da izpolzva Dovecot kato LDA, a sushto i za SASL otorizatsiia pri izprashtane na pisma.

III.3. Ukazvame na cmusieve i na LDA kude da tursiat Sieve skriptovete. Ako iskame globalen skript, koito da se izpulniava
kogato daden potrebitel niama sobstven Sieve skript, togava po-gore zadavame putia do faila s tozi skript v "sieve_global_path".
Za lichnite skriptove na potrebitelite imame 2 varianta - da ukazhem obsht shtablon v /etc/dovecot.conf, ili v protiven sluchai
shte se tursi fail .dovecot.sieve v mail-papkata na vseki potrebitel. Az izpolzvam shablon:

plugin {
 sieve = /var/mail/sieve/%d/%n/dovecot.sieve
}

Zabelezhete, che tozi fail triabva da e sushtiia, koito ukazahme po-gore za ManageSieve survura - inache prosto nishto niama da stane.
%d oznachava da se vzeme vsichko sled '@' ot email adresa, a puk %n - vsichko predi '@'.

III.4. Nastroika na Postfix, za da izpolzva Dovecot kato LDA
Vuv faila "/etc/postfix/main.cf" dobaviame slednite redove

virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

Ot faila mogat da otpadnat niakolko komandi, koito se izpolzvat ot Postfix LDA. S tiah se ukazva identifikatora na potrebitelia
i grupata, na kogoto prinadlezhi papkata, kudeto shte se zapisvat pismata. Pri men tova e postfix:postdrop (501:504)

virtual_minimum_uid = 501
virtual_uid_maps = static:501
virtual_gid_maps = static:504

Vuv faila "/etc/postfix/master.cf" dobaviame slednite komandi (tova sa 2 otdelni reda, vtoriia zapochva pone ot 2-ra kolona)

dovecot   unix  -       n       n       -       -       pipe
 flags=DRhu user=mail:mail argv=/usr/local/dovecot/libexec/dovecot/deliver -c /etc/dovecot.conf -d ${recipient}

V konfiguratsiiata na Dovecot (/etc/dovecot.conf) razreshavame dostupa do modula za otorizatsiia ot vunshni programi (toest
pozvoliavame na Deliver da razbira dali sushtestvuva takuv potrebitel, i koia e negovata papka za poluchavane na pisma)

auth default {
 # Space separated list of wanted authentication mechanisms:
 #   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi
 # NOTE: See also disable_plaintext_auth setting.
 mechanisms = plain digest-md5

 # SQL database <doc/wiki/AuthDatabase.SQL.txt>
 passdb sql {
   args = /etc/dovecot-sql.conf
 }

 # User database specifies where mails are located and what user/group IDs
 # own them. For single-UID configuration use "static".
 # <doc/wiki/UserDatabase.txt>

 # UID = mail, GID = mail
 userdb static {
   args = uid=8 gid=12 home=/var/mail/vhosts/%d/%n allow_all_users=yes
 }

 user = mail

 # It's possible to export the authentication interface to other programs:
 socket listen {
   master {
     # Master socket provides access to userdb information. It's typically
     # used to give Dovecot's local delivery agent access to userdb so it
     # can find mailbox locations.
     path = /var/run/dovecot/auth-master
     mode = 0775
     # Default user/group is the one who started dovecot-auth (root)
     user = mail
     group = mail
   }
}
}

III.5. Nastroika na Postfix da izpolzva Dovecot za SASL otorizatsiia
Tova oznachava, che potrebitelite, koito imat poshtenska kutiia na survura, mogat da izprashtat pisma prez nego sus svoite ime i parola.
Vuv faila "/etc/postfix/master.cf" dobaviame komandite

smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client

V "smtpd_sasl_path" ukazvame UNIX-soket, koito sme ukazali v podsektsiia "master" na sektsiia "socket listen" v razdel "auth default"
v konfiguratsionniia fail "/etc/dovecot.conf".

Sega ostava da kazha niakolko dumi za AVELSIEVE - tova e plugin za SquirrelMail, s negova pomosht se suzdavat Sieve skriptove. Mozhete
da si go izteglite ot saita na SquirrelMail. Plugina na mesta kutsa malko sus suobshteniiata za greshki - ne sa dostatuchno
informativni, i poniakoga zabluzhdavat. No ako imate dobre nastroen Dovecot - vurvi kato pushka.


<< | >>