Postfix是一款基于开源环境,用于取代在开源环境中Sendmail的一种尝试。与Sendmail相比postfix更快、更安全、更加易于管理,于此同时还与Sendmail保持了足够的兼容性。
下面是基于Postfix配合Dovecat、Extmail与Extman实现提供具有SASL认证的web服务的邮件服务器
下面对postfix邮件服务器的具体构建、以及各部分的测试过程进行详述:
一、安装前的准备工作
为了实现完整的邮件服务器功能,我们需要具有解析本域邮件服务器功能的DNS Server,具体过程不再赘述,可以参考作者博文:《Linux下DNS服务器搭建详解》http://evolution.blog.51cto.com/3343305/643520
1.安装所需的rpm包
yum install -y httpd php php-mysql mysql mysql-server mysql-devel openssl-devel dovecot perl-DBD-MySQL tcl tcl-devel libart_lgpl libart_lgpl-devel libtool-ltdl libtool-ltdl-devel
#为了降低搭建过程的复杂程度,这里作者将非必须编译安装的软件使用yum源来安装
2.关闭sendmail,并卸载
service sendmail stop
chkconfig sendmail off
rpm -e --nodeps sendmail
#卸载sendmail防止影响后面postfix的安装工作
3.安装编译安装时需要用到的开发包组
yum -y groupinstall "Development Libraries" "Development Tools" "Legacy Software Development" "X Software Development"
4.启动Mysql数据库,并设置密码
service mysqld start
chkconfig mysqld on
/usr/bin/mysql
mysql>SET PASSWORD FOR root@'localhost'=PASSWORD('redhat');
mysql>SET PASSWORD FOR root@'127.0.0.1'=PASSWORD('redhat');
#设置本地登录密码
mysql>GRANT ALL PRIVILEGES ON *.* TO root@'%' IDENTIFIED BY 'redhat';
#设置远程登陆密码
mysql>FLUSH PRIVILEGES;
mysql>quit
5.启动SASL并加入开机启动
service saslauthd start
chkconfig saslauthd on
二、安装配置Postfix
1.编译安装
groupadd -g 2525 postfix
useradd -g postfix -u 2525 -s /sbin/nologin -M postfix
groupadd -g 2526 postdrop
useradd -g postdrop -u 2526 -s /bin/false -M postdrop
#创建postfix用户
tar zxvf postfix-2.6.5.tar.gz
cd postfix-2.6.5
make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DUSE_TLS ' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib/sasl2 -lsasl2 -lssl -lcrypto'
#编译选项:gcc的编译选项;mysql头文件;支持sasl认证;cyrus_sasl的头文件;mysql的客户端;指明auxlibs的位置
make
make install
以下是安装时提示输入的内容,“[]”中为默认值
install_root: [/] /
tempdir: [/usr/local/src/ postfix-2.6.5] /tmp
config_directory: [/etc/postfix] /etc/postfix
daemon_directory: [/usr/libexec/postfix]
command_directory: [/usr/sbin]
queue_directory: [/var/spool/postfix]
sendmail_path: [/usr/sbin/sendmail]
newaliases_path: [/usr/bin/newaliases]
mailq_path: [/usr/bin/mailq]
mail_owner: [postfix]
setgid_group: [postdrop]
html_directory: [no] /var/www/postfix_html
manpages: [/usr/local/man]
readme_directory: [no]
编译安装完成后
newaliases
生成别名二进制文件,这个步骤如果忽略,会造成postfix效率极低。
2.配置postfix
vim /etc/postfix/main.cf
myhostname = mail.evo.com
#指定运行postfix邮件系统的主机的主机名
myorigin = evo.com
#指明发件人所在的域名
mydomain = evo.com
#邮件服务器的域名
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#指定postfix接收邮件时收件人的域名
mynetworks = 192.168.0.0/24, 127.0.0.0/8
#指定你所在的网络的网络地址
inet_interfaces
#参数指定postfix系统监听的网络接口
3.添加postfix启动脚本
vim /etc/init.d/postfix
#!/bin/bash
. /etc/rc.d/init.d/functions
. /etc/sysconfig/network
[ ${NETWORKING} = "no" ] && exit 0
[ -x /usr/sbin/postfix ] || exit 0
[ -d /etc/postfix ] || exit 0
[ -d /var/spool/postfix ] || exit 0
RETVAL=0
prog="postfix"
start() {
# Start daemons.
echo -n $"Starting postfix: "
/usr/bin/newaliases >/dev/null 2>&1
/usr/sbin/postfix start 2>/dev/null 1>&2 && success || failure $"$prog start"
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/postfix
echo
return $RETVAL
}
stop() {
# Stop daemons.
echo -n $"Shutting down postfix: "
/usr/sbin/postfix stop 2>/dev/null 1>&2 && success || failure $"$prog stop"
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/postfix
echo
return $RETVAL
}
reload() {
echo -n $"Reloading postfix: "
/usr/sbin/postfix reload 2>/dev/null 1>&2 && success || failure $"$prog reload"
RETVAL=$?
echo
return $RETVAL
}
abort() {
/usr/sbin/postfix abort 2>/dev/null 1>&2 && success || failure $"$prog abort"
return $?
}
flush() {
/usr/sbin/postfix flush 2>/dev/null 1>&2 && success || failure $"$prog flush"
return $?
}
check() {
/usr/sbin/postfix check 2>/dev/null 1>&2 && success || failure $"$prog check"
return $?
}
restart() {
stop
start
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
reload)
reload
;;
abort)
abort
;;
flush)
flush
;;
check)
check
;;
status)
status master
;;
condrestart)
[ -f /var/lock/subsys/postfix ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|restart|reload|abort|flush|check|status|condrestart}"
exit 1
esac
exit $?
chmod +x postfix
#给脚本执行权限
chkconfig --add postfix
#添加默认2345运行级别随系统启动
service postfix start
#启动postfix
4.测试postfix,验正服务启动状况
>telnet 192.168.0.71 25
Trying 192.168.0.71...
Connected to station71.redhat_hu.com (192.168.0.71).
Escape character is '^]'.
220 mail.evo.com ESMTP Postfix
>ehlo mail.evo.com
250-mail.evo.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
>mail from:root@evo.com
250 2.1.0 Ok
>rcpt to:root@evo.com
250 2.1.5 Ok
>data
354 End data with <CR><LF>.<CR><LF>
>subject:test
>test 123...
>.
250 2.0.0 Ok: queued as 7AAD51B803D
>quit
221 2.0.0 Bye
Connection closed by foreign host.
You have mail in /var/spool/mail/root
#已有提示收到测试邮件
#查看邮箱
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/root": 1 message 1 new
N 1 root@evo.com Sun Aug 14 20:03 15/481 "test"
三、为postfix开启基于cyrus-sasl的认证功能
1.编辑postfix配置文件
vi /etc/postfix/main.cf
添加以下内容:
broken_sasl_auth_clients = yes
#定义是否允许突破sasl认证
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination
smtpd_sasl_auth_enable = yes
#启动sasl认证
smtpd_sasl_local_domain = $myhostname
#本域名定义
smtpd_sasl_security_options = noanonymous
#不支持匿名
smtpd_sasl_application_name = smtpd
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version has been hidden!
#隐藏版本信息
2.编辑stmtpd服务配置文件
vim /usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
#密码检验方法为sasl认证
mech_list: PLAIN LOGIN
3.重启postfix服务
service postfix restart
4.测试SASL认证
>telnet 192.168.0.71 25
Trying 192.168.0.71...
Connected to station71.redhat_hu.com (192.168.0.71).
Escape character is '^]'.
220 Welcome to our mail.evo.com ESMTP,Warning: Version has been hidden.
>ehlo mail.evo.com
250-mail.evo.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
#有以上两行说明CYRUS-SASL认证添加成功
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
>quit
221 2.0.0 Bye
Connection closed by foreign host.
四、安装Courier authentication library
注意:请确保安装libtool-ltdl,libtool-ltdl-devel不然编译过程会报错
1.编译安装Courier auth
tar jxvf courier-authlib-0.62.4.tar.bz2
cd courier-authlib-0.62.4
./configure --prefix=/usr/local/courier-authlib --sysconfdir=/etc --with-authmysql --with-mysql-libs=/usr/lib/mysql --with-mysql-includes=/usr/include/mysql --with-redhat --with-authmysqlrc=/etc/authmysqlrc --with-authdaemonrc=/etc/authdaemonrc CFLAGS="-march=i686 -O2 -fexpensive-optimizations" CXXFLAGS="-march=i686 -O2 -fexpensive-optimizations"
make
make install
2.编辑配置文件
chmod 755 /usr/local/courier-authlib/var/spool/authdaemon
cp /etc/authdaemonrc.dist /etc/authdaemonrc
cp /etc/authmysqlrc.dist /etc/authmysqlrc
vim /etc/authdaemonrc
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=10
#修改这3行
vim /etc/authmysqlrc
MYSQL_SERVER localhost
MYSQL_PORT 3306
#指定你的mysql监听的端口,这里使用默认的3306
MYSQL_USERNAME extmail
#这时为后文要用的数据库的所有者的用户名
MYSQL_PASSWORD extmail
#密码
MYSQL_SOCKET /var/lib/mysql/mysql.sock
#此行前注释去掉
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD '2525'
MYSQL_GID_FIELD '2525'
#2525,2525 为postfix 用户的UID和GID
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD concat('/var/mailbox/',homedir)
#本地邮箱的位置
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD concat('/var/mailbox/',maildir)
3.为courier添加启动脚本
cp courier-authlib.sysvinit /etc/init.d/courier-authlib #courier提供的启动脚本
chmod 755 /etc/init.d/courier-authlib
chkconfig --add courier-authlib
chkconfig courier-authlib on
4.添加库文件并测试导入情况
echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf
#或添加到/etc/ld.so.conf.d/courier.conf
ldconfig -v | grep courier
#有如下显示表示库文件添加成功
/usr/local/courier-authlib/lib/courier-authlib:
libcourierauthcommon.so -> libcourierauthcommon.so.0
libcourierauth.so -> libcourierauth.so.0
libcourierauthsasl.so -> libcourierauthsasl.so.0
libcourierauthsaslclient.so -> libcourierauthsaslclient.so.0
5.启动courier-authlib服务
service courier-authlib start
#启动服务
ps aux |grep courier
#查看进程启动状态
6.创建虚拟用户邮箱目录
mkdir –pv /var/mailbox
#新建虚拟用户邮箱所在的目录,并将其权限赋予postfix用户
chown –R postfix /var/mailbox
#所有用户的邮件都在这里
7.重新修改smtpd服务配置文件,确保是如下内容
pwcheck_method: authdaemond
log_level: 3
mech_list:PLAIN LOGIN
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket
#添加这些内容进去
五、让postfix支持虚拟域和虚拟用户
1.编辑postfix配置文件,添加如下内容于配置文件末行
vim /etc/postfix/main.cf
virtual_mailbox_base = /var/mailbox
#指明虚拟用户邮件目录
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again later.
virtual_overquota_bounce = yes
2.添加extmail数据进mysql数据库
tar zxvf extman-1.1.tar.gz
cd extman-1.1/docs
mysql -u root -p <extmail.sql
#添加extmail.sql数据库到mysql
mysql -u root -p <init.sql
#添加init.sql数据库到mysql
cp mysql* /etc/postfix/
3.授予用户extmail访问extmail数据库的权限
mysql> GRANT all privileges on extmail.* TO extmail@localhost IDENTIFIED BY 'extmail';
mysql> GRANT all privileges on extmail.* TO extmail@127.0.0.1 IDENTIFIED BY 'extmail';
4.在此修改postfix配置文件
为了支持虚拟用户,需要对/etc/postfix/main.cf即postfix的配置文件做如下修改:
虚拟域以后,需要取消中心域,注释掉myhostname, mydestination, mydomain, myorigin,mydestionation几个指令。
六、配置Dovecot
1.编辑dovecot主配置文件
vim /etc/dovecot.conf
mail_location = maildir:/var/mailbox/%d/%n/Maildir
#修改此项
auth default {
mechanisms = plain
#pam {xxxxxxxx} #注意把pam{}这一项注释掉
passdb sql {
args = /etc/dovecot-mysql.conf #添加此项
}
userdb sql {
args = /etc/dovecot-mysql.conf #添加此项
}
2.编辑dovecot与mysql关联的配置文件
vim /etc/dovecot-mysql.conf
driver = mysql
connect = host=localhost dbname=extmail user=extmail password=extmail
default_pass_scheme = CRYPT
password_query = SELECT username AS user,password AS password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, uidnumber AS uid, gidnumber AS gid FROM mailbox WHERE username = '%u'
3.启动dovecot服务
service dovecot start
chkconfig dovecot on
七、安装Extmail
1.解压安装
tar zxvf extmail-1.2.tar.gz
mkdir -pv /var/www/extsuite
mv extmail-1.2 /var/www/extsuite/extmail
cp /var/www/extsuite/extmail/webmail.cf.default /var/www/extsuite/extmail/webmail.cf
#复制配置文件
2.修改主配置文件
SYS_MESSAGE_SIZE_LIMIT = 5242880
#用户可以发送的最大邮件
SYS_USER_LANG = zh_CN
#语言选项选择中文
SYS_MAILDIR_BASE = /var/mailbox
#修改邮件的存放目录
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
#以上两句句用来设置连接数据库服务器所使用用户名、密码和邮件服务器用到的数据库
SYS_MYSQL_HOST = localhost
#使用默认选项
SYS_MYSQL_TABLE = mailbox
SYS_MYSQL_ATTR_USERNAME = username
SYS_MYSQL_ATTR_DOMAIN = domain
SYS_MYSQL_ATTR_PASSWD = password
#以上用来指定验正用户登录里所用到的表,以及用户名、域名和用户密码分别对应的表中列的名称;使用默认值
SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket
#此句用来指明authdaemo socket文件的位置
3.配置apache虚拟主机
vim /etc/httpd/conf/httpd.conf
User postfix
Group postfix
#修改这两项
#DocumentRoot "/var/www/html"
#注释此项
NameVirtualHost *:80
#启用此项
<VirtualHost *:80>
ServerName mail.test.com
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
</VirtualHost>
<Directory "/var/www/extsuite/extmail/html/">
Order allow,deny
Allow from all
</Directory>
#添加权限
4.解决extmail的依赖关系
tar zxvf Unix-Syslog-0.100.tar.gz
cd Unix-Syslog-0.100
perl Makefile.PL
make
make install
#编译安装Unix-Syslog
5.修改 cgi执行文件权限,启动httpd
chown -R postfix.postfix /var/www/extsuite/extmail/cgi/
service httpd start
chkconfig httpd on
八、安装Extman
1.安装extman
tar zxvf extman-1.1.tar.gz
mv extman-1.1 /var/www/extsuite/extman
2.编辑extman的配置文件
cp /var/www/extsuite/extman/webman.cf.default /var/www/extsuite/extman/webman.cf
vim /var/www/extsuite/extman/webman.cf
SYS_MAILDIR_BASE = /var/mailbox
#用户邮件的存放目录
SYS_CAPTCHA_ON = 0
#关闭验证码功能
SYS_DEFAULT_UID=2525
SYS_DEFAULT_UID=2525
#将虚拟用户映射本地用户2525以下载邮件
3.修改apache配置文件
在上文虚拟主机配置字段中添加如下两行
ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi
Alias /extman /var/www/extsuite/extman/html
4.修改权限,使postfix能够使用Ext族组件
chown -R postfix.postfix /var/www/extsuite
5.创建运行时所需的临时文件
mkdir -pv /tmp/extman
chown postfix.postfix /tmp/extman
九、图形化日志启用
1.按照如下安装顺序安装以下3个软件包
tar zxvf Time-HiRes-1.9707.tar.gz
cd Time-HiRes-1.9707
perl Makefile.PL
make
make test
make install
#安装time-hires
tar zxvf File-Tail-0.99.3.tar.gz
cd File-Tail-0.99.3
perl Makefile
make
make test
make install
#安装file-tail
tar zxvf rrdtool-1.4.5.tar.gz
cd rrdtool-1.4.5
./configure --prefix=/usr/local/rrdtool
make
make install
#安装rrdtool
2.创建必须得符号链接
ln -vs /usr/local/rrdtool/lib/perl/5.8.8/i386-linux-thread-multi/auto/RRDs/RRDs.so /usr/lib/perl5/5.8.8/i386-linux-thread-multi/
ln -vs /usr/local/rrdtool/lib/perl/5.8.8/RRDp.pm /usr/lib/perl5/5.8.8/
ln -vs /usr/local/rrdtool/lib/perl/5.8.8/i386-linux-thread-multi/RRDs.pm /usr/lib/perl5/5.8.8/
3.调整文件并启动服务
cp -r /var/www/extsuite/extman/addon/mailgraph_ext /usr/local
#复制mailgraph_ext到/usr/local
/usr/local/mailgraph_ext/mailgraph-init start
#启动服务
/var/www/extsuite/extman/daemon/cmdserver --daemon
#启动cmdserver在后台显示系统信息
echo “/usr/local/mailgraph_ext/mailgraph-init start” >> /etc/rc.d/rc.local
echo “/var/www/extsuite/extman/daemon/cmdserver -v -d” >> /etc/rc.d/rc.local
#添加这两条,使其能够在系统初始化完成后实行启动脚本
到此我们的配置就已经完成了,由于作者使用的是VMware虚拟机故这里将物理机首选DNS指向虚拟机ip,浏览器中输入邮件服务器域名即可登入。
首次登陆:使用管理员账号/密码
管理帐号为:root@extmail.org 密码为:extmail*123*
图形化统计日志
Ps:此时,只能在本域中发送邮件;若要实现向外域发送邮件的功能,在DNS配置文件中添加转发即可。
声明: 此文观点不代表本站立场;转载须要保留原文链接;版权疑问请联系我们。