Автор: Kirill

За основу был взята статья отсюда:
http://blog.mohiva.com/2011/11/setting-up-mail-server-with-postfix.html

На момент написания, актуальные версии софта:
postfix-2.10.2
dovecot-2.2.10
postfixadmin-2.3.6
roundcube-0.9.5

echo "mail-mta/postfix mysql dovecot-sasl ssl" >> /etc/portage/package.use 
echo "net-mail/dovecot mysql maildir ssl  sieve managesieve" >> /etc/portage/package.use
echo "www-apps/postfixadmin mysql  vhosts" >> /etc/portage/package.use
echo "mail-client/roundcube vhosts" >> /etc/portage/package.use
pdo gd sockets - required for roundcube
echo "dev-lang/php imap myqsqli pdo gd sockets" >> /etc/portage/package.use

emerge -av postfix postfixadmin dovecot amavisd-new

in mysql :

CREATE DATABASE `[postfixadmin]` CHARACTER SET `utf8` COLLATE `utf8_general_ci`;
 
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, ALTER, INDEX
ON `[postfixadmin]`.*
TO '[postfixadmin]'@'[localhost]' IDENTIFIED BY '[secret]';
 
GRANT SELECT
ON `[postfixadmin]`.*
TO '[mailauth]'@'[localhost]' IDENTIFIED BY '[secret]';

В консоли

mkdir /var/vmail
useradd -d /var/vmail -U -s /bin/false vmail
chown vmail:vmail /var/vmail
chmod 770 /var/vmail

Before you start to edit the configuration files, Postfix must know where it should send mails to local users. Therefore exists the file /etc/mail/aliases. It specifies several aliases for the most system accounts. Postfix must translate these aliases to real addresses. So edit the file and set a real mail address for the root and the operator account.

# Well-known aliases -- these should be filled in!
root:               Этот адрес электронной почты защищён от спам-ботов. У вас должен быть включен JavaScript для просмотра.
operator:           Этот адрес электронной почты защищён от спам-ботов. У вас должен быть включен JavaScript для просмотра.

Run the newaliases command to recreate the alias database.

newaliases

in /etc/postfix/main.cf

mailbox_command = /usr/libexec/dovecot/dovecot-lda 

myhostname = [mail.domain.com]
mydomain = [domain.com]
myorigin = $myhostname
mydestination = $myhostname, localhost
mynetworks = 127.0.0.0/8
mynetworks_style = host
inet_interfaces = $myhostname, localhost
relay_domains = $mydestination

alias_maps = hash:/etc/mail/aliases
alias_database = hash:/etc/mail/aliases

smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/ssl/postfix/[mail.domain.com.key.pem]
smtpd_tls_cert_file = /etc/ssl/postfix/[mail.domain.com.cert.pem]
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_error_sleep_time = 60
smtpd_soft_error_limit = 60
smtpd_hard_error_limit = 10
smtpd_recipient_restrictions =
   permit_sasl_authenticated,
   permit_mynetworks,
   reject_non_fqdn_hostname
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   reject_unauth_destination,
   reject_unauth_pipelining,
   reject_invalid_hostname,
   reject_rbl_client list.dsbl.org,
   reject_rbl_client sbl.spamhaus.org,
   reject_rbl_client bl.spamcop.net,
   permit
 
tls_random_source = dev:/dev/urandom
tls_random_prng_update_period = 3600s

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yes

mailbox_command = /usr/libexec/dovecot/deliver

smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes

virtual_transport = dovecot
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domain_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_uid_maps = static:[1001]
virtual_gid_maps = static:[1001]
dovecot_destination_recipient_limit = 1

mysql_virtual_alias_maps.cf

user = [mailauth]
password = [secret]
hosts = [localhost]
dbname = [postfixadmin]
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'

mysql_virtual_domain_maps.cf

user = [mailauth]
password = [secret]
hosts = [localhost]
dbname = [postfixadmin]
query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1'

mysql_virtual_mailbox_maps.cf

user = [mailauth]
password = [secret]
hosts = [localhost]
dbname = [postfixadmin]
query = SELECT CONCAT(maildir, 'Maildir/') AS maildir FROM mailbox WHERE username='%s' AND active = '1'

master.cf

The master.cf defines which services are available, which daemons should be started for a requested service and how a client connects to a service. In this file we must only setup two additional services. So first of all you must uncomment the smtps service in order to use the secure variant of the smtp protocol.

smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

For using the Dovecot LDA to deliver emails for virtual domains, you must add the dovecot service to the end of the file.

dovecot   unix  -       n       n       -       -       pipe
    flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}

in /etc/dovecot/dovecot.conf :

protocols = imap 
listen = *, [::]

in /etc/dovecot/conf.d/10-ssl.conf :

ssl = yes
ssl_cert = <[/etc/ssl/dovecot/mail.domain.com.cert.pem]
ssl_key = <[/etc/ssl/dovecot/mail.domain.com.key.pem]

(http://wiki2.dovecot.org/SSL/DovecotConfiguration)

 in /etc/dovecot/conf.d/10-mail.conf :

mail_location = maildir:/var/vmail/%d/%n/Maildir:INDEX=/var/vmail/%d/%n/indexes
mail_uid = vmail
mail_gid = vmail
first_valid_uid = [1001]
last_valid_uid = [1001]
first_valid_gid = [1001]
last_valid_gid = [1001]

in /etc/dovecot/conf.d/10-master.conf :

unix_listener auth-userdb {                                                 
    mode = 0660                                                                 
    user = vmail                                                                
    group = vmail                                                               
  }     
  unix_listener /var/spool/postfix/private/auth {                               
    mode = 0660                                                                 
    user = postfix                                                              
    group = postfix                                                             
  } 

in /etc/dovecot/conf.d/15-mailboxes.conf:

namespace inbox {
   mailbox Trash {
    auto = subscribe
    special_use = \Trash
  }
  mailbox Drafts {
    auto = subscribe
    special_use = \Drafts
  }
  mailbox Sent {
    auto = subscribe # autocreate and autosubscribe the Sent mailbox
    special_use = \Sent
  }
  mailbox Junk {
    auto = subscribe # autocreate and autosubscribe Spam
    special_use = \Junk
  }

(http://wiki2.dovecot.org/MailboxSettings)

in /etc/dovecot/conf.d/20-imap.conf:

protocol imap {
  mail_plugins = quota imap_quota
}
protocol lda {
  postmaster_address = [Этот адрес электронной почты защищён от спам-ботов. У вас должен быть включен JavaScript для просмотра.]
  mail_plugins = quota
}

in /etc/dovecot/conf.d/90-plugin.conf :

plugin { 
         quota = maildir:User quota
 }

in /etc/dovecot/conf.d/10-auth.conf :

 
auth_mechanisms = plain login cram-md5 digest-md5

in /etc/dovecot/dovecot-sql.conf :

driver = mysql
connect = host=/var/run/mysqld/mysqld.sock user=[mailauth] password=[secret] dbname=[postfixadmin]
default_pass_scheme = cram-md5
 
user_query = SELECT CONCAT('/var/vmail/', maildir) AS home, CONCAT('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active = 1
password_query = SELECT CONCAT('/var/vmail/', maildir) AS userdb_home, username as user, password, CONCAT('*:bytes=', quota) AS userdb_quota_rule FROM mailbox WHERE username = '%u' AND active = 1

webapp-config -I -h localhost -d roundcube roundcube 0.9.5
webapp-config -I -h localhost -d postfixadmin postfixadmin 2.3.6

postfixadmin/config.inc.php :

$CONF['configured'] = true;
 
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = '[localhost]';
$CONF['database_user'] = '[postfixadmin]';
$CONF['database_password'] = '[secret]';
$CONF['database_name'] = '[postfixadmin]';
$CONF['database_prefix'] = '';

$CONF['setup_password'] = '[paste here your hashed password]';
 
$CONF['postfix_admin_url'] = '[https://postfixadmin.domain.com]';
$CONF['admin_email'] = '[Этот адрес электронной почты защищён от спам-ботов. У вас должен быть включен JavaScript для просмотра.]';

$CONF['dovecotpw'] = "/usr/bin/doveadm pw";
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';
	
$CONF['quota'] = 'YES';
$CONF['used_quotas'] = 'YES';
$CONF['new_quota_table'] = 'YES';

/etc/init.d/postfix start
/etc/init.d/dovecot start
rc-update add postfix default
rc-update add dovecot default

UPD 270814 : roundcube и amvisd будут добавлены позже :-)