Mail Server (julie.mixi.cz)
Webmail (RoundCube): mail.mixi.cz
Nastavení klienta
Příjem pošty
IMAP
Preferované, zprávy zůstávají na serveru roztříděné do složek, lze používat více e-mailových klientů najednou.
- hostname: imap.mixi.cz
- protokol: IMAP
- zabezpečení: SSL/TLS
- port: 993
POP3
- hostname: pop3.mixi.cz
- protokol: POP3
- zabezpečení: SSL/TLS
- port: 995
Odesílání pošty (SMTP)
- hostname: smtp.mixi.cz
- protokol: SMTP
- zabezpečení: StartTLS
- port: 587
Components
| Component | Purpose |
|---|---|
| Postfix | SMTP server (MTA) |
| Dovecot 2.4 | IMAP/POP3/LMTP/ManageSieve server |
| rspamd | Spam filtering, DKIM verification |
| ClamAV | Antivirus scanning (via rspamd) |
| Redis | Bayes classifier storage for rspamd |
| lldap | LDAP authentication backend (localhost) |
Mail Flow
Internet -> Postfix (SMTP/25, submission/587)
-> rspamd milter (spam scoring, DKIM check, ClamAV)
-> Dovecot LMTP (delivery)
-> Sieve filtering (spam to Spam folder)
-> Maildir storage
Hosted Domains
Configured in Postfix virtual_mailbox_domains:
mixi.cz, janna.cz, quilling.cz, vytvarnictvi.cz, g.mixi.cz, m.mixi.cz, mm.mixi.cz, t.mixi.cz, s.mixi.cz, m.janna.cz, j.janna.cz
Authentication
- LDAP via lldap running on localhost
- LDAP base:
ou=People,dc=mixi,dc=cz - Filter:
(&(&(objectClass=posixAccount)(accountStatus=active))(mail=%{user})) - Postfix SASL authentication delegated to Dovecot (
private/authsocket)
Mail Storage
- Format: Maildir
- User:
vmail - Home directory: from LDAP (
homeDirectoryattribute) - Mail path:
~/Maildir
Protocols & Ports
| Protocol | Port | Notes |
|---|---|---|
| IMAP | 143 | localhost only |
| IMAPS | 993 | SSL, public |
| POP3S | 995 | SSL, public |
| ManageSieve | 4190 | personal sieve script management |
| ManageSieve (legacy) | 2000 | deprecated port |
Important Config Files
Postfix
| File | Purpose |
|---|---|
/etc/postfix/main.cf |
Main postfix configuration |
/etc/postfix/vmailbox |
Virtual mailbox mappings |
/etc/postfix/ldap-vmailbox.cf |
LDAP virtual mailbox lookup |
/etc/postfix/ldap-valias.cf |
LDAP virtual alias lookup |
/etc/postfix/virtual |
Virtual alias maps (pcre) |
/etc/postfix/mynetworks |
Trusted networks |
/etc/postfix/access |
Sender access control |
Dovecot
| File | Purpose |
|---|---|
/etc/dovecot/dovecot.conf |
Main dovecot config |
/etc/dovecot/conf.d/90-sieve.conf |
Sieve plugin configuration |
/etc/dovecot/conf.d/90-sieve-extprograms.conf |
Sieve external programs config |
/etc/dovecot/private/dovecot.pem |
SSL certificate |
/etc/dovecot/private/dovecot.key |
SSL key |
rspamd
| File | Purpose |
|---|---|
/etc/rspamd/local.d/antivirus.conf |
ClamAV integration |
/etc/rspamd/local.d/milter_headers.conf |
Headers added to messages (X-Spamd-Bar, X-Virus) |
/etc/rspamd/local.d/classifier-bayes.conf |
Bayes autolearn thresholds |
/etc/rspamd/local.d/redis.conf |
Redis connection (localhost) |
SPAM Filtering
Detection (rspamd)
rspamd runs as a Postfix milter (inet:localhost:11332) and scans all incoming mail. It adds headers:
X-Spam: Yes- message classified as spamX-Spamd-Bar- visual spam score indicator
Bayes autolearn thresholds (in classifier-bayes.conf):
- Spam threshold: 6.0
- Ham threshold: -0.5
Delivery Filtering (Sieve)
Spam-flagged messages are moved to the Spam folder by a global Sieve script that runs before any personal user scripts.
Config (/etc/dovecot/conf.d/90-sieve.conf):
sieve_script default {
type = before
name = spam-to-folder
driver = file
path = /etc/dovecot/sieve/default/spam-to-folder.sieve
}
Script (/etc/dovecot/sieve/default/spam-to-folder.sieve):
require ["fileinto", "mailbox"];
if header :contains "X-Spam" "Yes" {
fileinto :create "spam";
stop;
}
After editing: sievec <file> then systemctl reload dovecot.
Spam/Ham Learning (imapsieve)
Dovecot uses imapsieve to automatically train rspamd's Bayes classifier when users move messages in/out of the Spam folder:
- Move to Spam -> triggers
report-spam.sieve-> callsrspamc learn_spam - Move from Spam (except to Trash) -> triggers
report-ham.sieve-> callsrspamc learn_ham
Files:
| File | Purpose |
|---|---|
/usr/local/lib/dovecot/sieve/report-spam.sieve |
imapsieve: learn spam on move to Spam |
/usr/local/lib/dovecot/sieve/report-ham.sieve |
imapsieve: learn ham on move from Spam |
/usr/local/lib/dovecot/sieve/sa-learn-spam.sh |
Shell wrapper: rspamc learn_spam |
/usr/local/lib/dovecot/sieve/sa-learn-ham.sh |
Shell wrapper: rspamc learn_ham |
DKIM
DKIM signing via milter on inet:localhost:12001 (configured separately from rspamd).
Personal Sieve Scripts
Users can manage their own sieve scripts via ManageSieve (port 4190):
- Storage:
~/sieve/ - Active script symlink:
~/.dovecot.sieve
Dovecot 2.4 Migration Notes
Dovecot 2.4 changed the sieve configuration format significantly:
- Old format:
plugin/sieve = file:~/sieve;active=~/.dovecot.sieve - New format:
sieve_scriptblocks withdriver,path,active_pathetc. - The
filedriver withpathpointing to a directory requiresactive_pathfor the symlink. Pointingpathdirectly to a.sievefile avoids this issue. - Old config backup:
/etc/dovecot/conf.d/90-sieve.conf.old.bad