| 9. YaPI::MailServer | ||
|---|---|---|
 |  | |
| 9. YaPI::MailServer | ||
|---|---|---|
| | | |
This package is the public Yast2 API to configure the postfix. Representation of the configuration of mail-server. Input and output routines.
EXAMPLE:
Example 238.
Dump the mail-server Global Settings to a single hash
Return hash Dumped settings (later acceptable by WriteGlobalSettings ())
$GlobalSettings is a pointer to a hash containing the basic settings of
the mail server.
%GlobalSettings = (
'Changed' => 0,
Shows if the hash was changed. Possible values are 0 (no) or 1 (yes).
'MaximumMailSize' => 0,
Shows the maximum message size in bytes, the mail server will accept
to deliver. Setting this value 0 means there is no limit.
'Banner' => '$myhostname ESMTP $mail_name'
The smtpd_banner parameter specifies the text that follows the 220
code in the SMTP server's greeting banner. Some people like to see
the mail version advertised. By default, Postfix shows no version.
You MUST specify $myhostname at the start of the text. That is an
RFC requirement. Postfix itself does not care.
'Interfaces' => ''
The inet_interfaces parameter specifies the network interface
addresses that this mail system receives mail on. By default,
the software claims all active interfaces on the machine. The
parameter also controls delivery of mail to user@[ip.address]
'SendingMail' => {
In this hash you can define the type of delivery of outgoing emails.
'Type' => '',
Shows the type of the delivery of the outgoing mails. Possible
values are:
DNS : Delivery via DNS lookup of the MX records of the
destination domain.
relayhost : Delivery using a relay host
NONE : There is no delivery of outgoing mails. In this case
some other funcions are not avaiable. For example
setting of mail transport.
'TLS' => '',
If delivery via DNS is used you can set how TLS will be used
for security. Possible values are:
NONE : don't use TLS.
MAY : TLS will used when offered by the server.
MUST : Only connection with TLS will be accepted.
MUST_NOPEERMATCH : Only connection with TLS will be accepted, but
no strict peername checking accours.
'RelayHost' => {
If the type of delivery of outgoing emails is set to "relayhost",
then you have to define the relyhost in this hash.
'Name' => '',
DNS name or IP address of the relay host.
'Auth' => 0,
Sets if SASL authentication will be used for the relayhost.
Possible values are: 0 (no) and 1 (yes).
'Account' => '',
The account name of the SASL account.
'Password' => ''
The SASL account password
}
}
);Write the mail-server Global Settings from a single hash @param settings The YCP structure to be imported. @return boolean True on success
Example 240.
my $AdminPassword = "VerySecure";
my %GlobalSettings = (
'Changed' => 1,
'MaximumMailSize' => 10485760,
'Banner' => '$myhostname ESMTP $mail_name',
'SendingMail' => {
'Type' => 'relayhost',
'TLS' => 'MUST',
'RelayHost' => {
'Name' => 'mail.domain.de',
'Auth' => 1,
'Account' => 'user',
'Password' => 'password'
}
}
);
if( ! WriteGlobalSettings(\%GlobalSettings,$AdminPassword) ) {
print "ERROR in WriteGlobalSettings\n";
}EXAMPLE:
Example 241.
Dump the mail-server Mail Transport to a single hash @return hash Dumped settings (later acceptable by WriteCanonical ())
EXAMPLE:
Example 242.
Dump the mail-server Mail Transport to a single hash
@return hash Dumped settings (later acceptable by WriteMailTransport ())
$MailTransports is a pointer to a hash containing the mail transport
definitions.
%MailTransports = (
'Changed' => 0,
Shows if the hash was changed. Possible values are 0 (no) or 1 (yes).
'Transports' => [],
Poiter to an array containing the mail transport table entries.
'TLSSites' => {},
Poiter to an hash containing the mail transport TLS per site table entries.
'SASLAccounts' => {},
Poiter to an hash containing the client side authentication accounts.
);
Each element of the arry 'Transports' has following syntax:
%Transport = (
'Destination' => '',
This field contains a search pattern for the mail destination.
Patterns are tried in the order as listed below:
user+extension@domain
Mail for user+extension@domain is delivered through
transport to nexthop.
user@domain
Mail for user@domain is delivered through transport
to nexthop.
domain
Mail for domain is delivered through transport to
nexthop.
.domain
Mail for any subdomain of domain is delivered
through transport to nexthop. This applies only
when the string transport_maps is not listed in the
parent_domain_matches_subdomains configuration set-
ting. Otherwise, a domain name matches itself and
its subdomains.
Note 1: the special pattern * represents any address (i.e.
it functions as the wild-card pattern).
Note 2: the null recipient address is looked up as
$empty_address_recipient@$myhostname (default: mailer-dae-
mon@hostname).
'Nexthop' => '',
This field has the format transport:nexthop and shows how
the mails for the corresponding destination will be
delivered.
The transport field specifies the name of a mail delivery
transport (the first name of a mail delivery service entry
in the Postfix master.cf file).
The interpretation of the nexthop field is transport
dependent. In the case of SMTP, specify host:service for a
non-default server port, and use [host] or [host]:port in
order to disable MX (mail exchanger) DNS lookups. The []
form is required when you specify an IP address instead of
a hostname.
A null transport and null nexthop result means "do not
change": use the delivery transport and nexthop informa-
tion that would be used when the entire transport table
did not exist.
A non-null transport field with a null nexthop field
resets the nexthop information to the recipient domain.
A null transport field with non-null nexthop field does
not modify the transport information.
For a detailed description have a look in man 5 trnsport.
);
%TLSSites = {
'TLSSite' => ''
The name or IP of the mail server (nexthop).
'TLSMode' => '',
You can set how TLS will be used for security. Possible values are:
NONE : don't use TLS.
MAY : TLS will used when offered by the server.
MUST : Only connection with TLS will be accepted.
MUST_NOPEERMATCH : Only connection with TLS will be accepted, but
no strict peername checking accours.
};
%SASLAccounts = {
'Server1' => ['Account1','Password1'],
'Server2' => ['Account2','Password2']
}
Example 243.
my $AdminPassword = "VerySecure";
my $MailTransorts = [];
if (! $MailTransorts = ReadMailTransports($AdminPassword) ) {
print "ERROR in ReadMailTransports\n";
} else {
foreach my $Transport (@{$MailTransports->{'Transports'}}){
print "Destination=> $Transport->{'Destination'}\n";
print " Nexthop=> $Transport->{'Nexthop'}\n";
}
foreach my $TLSSite (keys %{$MailTransports->{'TLSSites'}}){
print "TLSSite: $TLSSite => ";
print "TLSMode: $MailTransports->{'TLSSites'}->{$TLSSite}\n";
}
foreach my $SASLAccount (keys %{$MailTransports->{'SASLAccounts'}}){
print "Nexthop: $SASLAccount => ";
print "Account: $MailTransports->{'SASLAccounts'}->{$SASLAccount}->[0] ";
print "Passord: $MailTransports->{'SASLAccounts'}->{$SASLAccount}->[1]\n";
}
}EXAMPLE:
Example 244.
Write the mail server Mail Transport from a single hash. WARNING! All transport defintions not contained in the hash will be removed from the tranport table.
Example 245.
my $AdminPassword = "VerySecure";
my %MailTransports = (
'Changed' => '1',
'Transports' => []
);
my %Transport = (
'Destination' => 'dom.ain',
'Transport' => 'smtp',
'Nexthop' => '[mail.dom.ain]',
'TLS' => 'MUST',
'Auth' => 1,
'Account' => 'user',
'Password' => 'passwd'
);
push @($MailTransports{Transports}), %Transport;
%Transport = (
'Destination' => 'my-domain.de',
'Nexthop' => 'uucp:[mail.my-domain.de]',
'TLS' => 'NONE',
'Auth' => '0'
);
push @($MailTransports{Transports}), %Transport;
%Transport = (
'Destination' => 'my-old-domain.de',
'Nexthop' => "error:I've droped this domain"
);
push @($MailTransports{Transports}), %Transport;
if( ! WriteMailTransports(\%Transports,$AdminPassword) ) {
print "ERROR in WriteMailTransport\n";
}EXAMPLE:
Example 246.
Dump the mail-server prevention to a single hash
@return hash Dumped settings (later acceptable by WriteMailPrevention())
Postfix offers a variety of parameters that limit the delivery of
unsolicited commercial email (UCE).
By default, the Postfix SMTP server will accept mail only from or to the
local network or domain, or to domains that are hosted by Postfix, so that
your system can't be used as a mail relay to forward bulk mail from random strangers.
There is a lot of combination of the postfix configuration parameter
you can set. To make the setup easier we have defined three kind of predefined
settings:
off:
1. Accept connections from all clients even if the client IP address has no
PTR (address to name) record in the DNS.
2. Accept all eMails has RCPT a local destination or the client is in the
local network.
3. Mail adresses via access table can be rejected.
medium:
1. Accept connections from all clients even if the client IP address has no
PTR (address to name) record in the DNS.
2. Accept all eMails has RCPT a local destination and the sender domain is
a valid domain. Furthermore mails from clients from local network will
be accepted.
3.
hard:
$MailPrevention is a pointer to a hash containing the mail server
basic prevention settings. This hash has following structure:
my %MailPrevention = (
'Changed' => 0,
Shows if the hash was changed. Possible values are 0 (no) or 1 (yes).
'BasicProtection' => 'hard',
'RBLList' => [],
'AccessList' => [],
'VirusScanning' => 1,
'VSCount' => 10
'SpamLearning' => 1
);
AccessList is a pointer to an array of %AccessEntry hashes.
my %AccessEntry = ( 'ClientAddress' => '',
'ClientAccess' => ''
);Example 247.
my $AdminPassword = "VerySecure";
my $MailPrevention = [];
if( $MailPrevention = ReadMailPrevention($AdminPassword) ) {
print "Basic BasicProtection : $MailPrevention->{BasicProtection}\n";
foreach(@{$MailPrevention->{RBLList}}) {
print "Used RBL Server: $_\n";
}
foreach(@{$MailPrevention->{AccessList}}) {
print "Access for $_{MailClient} is $_{MailAction}\n";
}
if($MailPrevention->{VirusScanning}){
print "Virus scanning is activated\n";
} else {
print "Virus scanning isn't activated\n";
}
} else {
print "ERROR in ReadMailPrevention\n";
}Reads the LDAP Configuration: The LDAP Base The LDAP Base for the User Configuration The LDAP Base for the Group Configuration The LDAP Base for the DNS Configuration The LDAP Base for the MAIL Configuration The LDAP Template for the MAIL Configuration If the last there does not exist this will be created.
Example 248.
Dump the mail-server server side relay settings to a single hash
@return hash Dumped settings (later acceptable by WriteMailRelaying ())
$MailRelaying is a pointer to a hash containing the mail server
relay settings. This hash has following structure:
%MailRelaying = (
'Changed' => 0,
Shows if the hash was changed. Possible values are 0 (no) or 1 (yes).
'TrustedNetworks' => [],
An array of trusted networks/hosts addresses
'RequireSASL' => 1,
Show if SASL authentication is required for sending external eMails.
'SMTPDTLSMode' => 'use',
Shows how TLS will be used for smtpd connection.
Avaiable values are:
'none' : no TLS will be used.
'use' : TLS will be used if the client wants.
'enfoce' : TLS must be used.
'auth_only' : TLS will be used only for SASL authentication.
'UserRestriction' => 0
If UserRestriction is set, there is possible to make user/group based
restrictions for sending and getting eMails. Strickt authotentication
is requiered. To do so an 2nd interface for sending eMails for internal
clients will be set up. The system administrator have to care that the
other interface (external interface) can not be accessed from the internal
clients
);
Reads the LDAP Configuration: The LDAP Base The LDAP Base for the User Configuration The LDAP Base for the Group Configuration The LDAP Base for the DNS Configuration The LDAP Base for the MAIL Configuration The LDAP Template for the MAIL Configuration If the last there does not exist this will be created.
Example 249.
$ldapMap = {
'ldap_server' => ...,
'ldap_port' => ...,
'bind_pw' => ...,
'bind_dn' => ...,
'mail_config_dn' => ...,
'dns_config_dn' => ...,
'user_config_dn' => ...,
'group_config_dn'=> ...,
}Funktion to reset the mail server configuration: Needed Parameters are: $AdminPassword the Adminstrator Psssword
Example 250.
Sets Maximum Mail Size to 10MB
Sets Sending Mail Type to DNS
Sets Mail Server Basic Protection to off
Sets Mail Local Delivery Type to local
Sets up the needed LDAP lookup tables
Sets the postfix variables:
mydestination
masquerade_classes
masquerade_exceptions| | | |
| 8. YaPI::LdapServer |  | 10. YaPI::Samba |