Differences

This shows you the differences between two versions of the page.

--- doc:appunti:linux:sa:postfix_courier_authdaemon_debian_12 [2023/10/24 10:04] – [Spamassassin] niccolo
+++ doc:appunti:linux:sa:postfix_courier_authdaemon_debian_12 [2024/02/26 10:08] – [Moving the Courier Authdaemon socket into the Postfix chroot] niccolo
@@ Line 1: / Line 1: @@
-====== Postfix with Courier Authdaemon in Debian 12 ======
+====== Postfix with Courier Authdaemon in Debian 12 Bookworm ======
-===== Configuring the Courier Authdaemon =====
 We want to enable authentication on **virtual users** (i.e. using a login name which is not an Unix username), e.g. we want to use an email address as a login name.
+We want the same authentication schema to work on both authenticated SMTP sumbission (sending mail via Postfix) and on POP3/IMAP (incoming mail via Courier daemons).
+===== Configuring the Courier Authdaemon =====
 Into the configuration file **/etc/courier/authdaemonrc** we add the module **authuserdb** to the **authmodulelist**, beside the standard Unix PAM (i.e. the ''passwd'' and ''shadow'' files ):
@@ Line 64: / Line 66: @@
 </code>
-To enable the bind mount at bootstrap we create a **systemd mount service** creating the file **/etc/systemd/system/var-spool-postfix-var-run-courier-authdaemon.mount** with the following content:
+To enable the bind mount at bootstrap we define a **systemd mount service** creating the file **/etc/systemd/system/var-spool-postfix-var-run-courier-authdaemon.mount** with the following content:
 <file>
 [Unit]
 Description=Mount Courier Authdaemon into Postfix chroot
-Requires=courier-authdaemon.service
+Wants=courier-authdaemon.service
-After=courier-authdaemon.service
 [Mount]
-What=/var/run/courier/authdaemon
+What=/run/courier/authdaemon
 Where=/var/spool/postfix/var/run/courier/authdaemon
 Type=bind
@@ Line 81: / Line 82: @@
 WantedBy=postfix.service
 </file>
+**NOTICE**: The weak dependency ''Wants='' upon courier-authdaemon.service is preferable than the strict ones ''Requires='' and ''After=''; in Debian 12 the first is mandatory to avoid a Systemd ordering cycle problem. See **[[systemd_tmpfiles_problem]]**.
 This is a **[[https://www.freedesktop.org/software/systemd/man/systemd.mount.html|systemd mount unit]]**, we need to reload the systemd daemon and enable that unit for the next reboot:
@@ Line 95: / Line 98: @@
 systemctl restart postfix
 </code>
+  * **[[https://www.freedesktop.org/software/systemd/man/latest/systemd.syntax.html|Systemd Syntax]]**
+  * **[[https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html|Systemd Unit]]**
+  * **[[https://www.freedesktop.org/software/systemd/man/latest/systemd.mount.html|Systemd Mount]]**
 ====== Spamassassin ======
@@ Line 102: / Line 109: @@
 The package provides two Systemd units: **spamd.service** and **spamassassin-maintenance.timer**; both should be enabled to have the daemon running and the rules updated once a day.
-To enable the update timer execute:
+To enable and start both, execute:
 <code>
 systemctl enable --now spamassassin-maintenance.timer
+systemctl enable spamassassin-maintenance.service
+systemctl start spamassassin-maintenance.service
 </code>
@@ Line 113: / Line 122: @@
 systemctl list-timers --all
 </code>
+The timer will call the **spamassassin-maint** which in turn will call the **sa-update** program to download the updated SpamAssassin rules and reload the spamd daemon.
+The SpamAssassin rules are saved into **/var/lib/spamassassin/**.
 ====== ClamAV ======
+Install the Debian packages **clamav**, **clamav-daemon**, **clamdscan** and **clamav-freshclam**. Ensure that the Systemd units **clamav-daemon.service** and **clamav-freshclam.service** are enabled and started.
+The Freshclam program will update the database of signatures stored into **/var/lib/clamav/** and will log into **/var/log/clamav/freshclam.log**.