Author:汪洋
Nickname:ruochen / ruochen0926
Date:20070927
Version:1.0
Contact: E-Mail:ruochen0926(at)gmail.com QQ:967409
Note:参考了网上很多网友的帖子,都比较零散,不一一列出,如果在安装或者使用过程中有疑问,请到我的blog跟帖,我会尽快回复
目录:
目标:配置一个功能齐全的Mail系统
1)安装需要的软件包
2)DNS相关配置
2.1)建立正向反向和MX记录
2.2)测试DNS配置
3)安装Postfix
4)配置Postfix
4.1)配置Postfix的主配置文件 /etc/postfix/main.cf
4.2)配置Postfix虚拟用户的配置文件
5)配置dovecot (IMAP/IMAPS/POP3/POP3S)
5.1)配置dovecot的主配置文件/etc/dovecot.conf
5.2)配置dovecot的mysql认证配置文件
6)测试发信认证及收信
6.1)LOGIN登录测试
6.2)pop3收信测试
7)安装Extmail-1.0.2
7.1)解压安装
7.2)修改Extmail主配置文件
7.3)APACHE相关配置
7.4)Extmail依赖关系的解决
8)安装Extman-0.2.2
8.1)解压安装
8.2)修改Extman的主配置文件
8.3)APACHE相关配置
9)开启Apache/Mysql/Bind,并让他们自启动
10)安装反垃圾SpamAssassin
11)安装反病毒Clamav
12)安装MailScanner
1)安装需要的软件包
Mysql部分
[root@mailtest /]# rpm -qa|grep mysql
mysql-connector-odbc-3.51.12-2.2
mysql-devel-5.0.22-2.1
mysql-server-5.0.22-2.1
mod_auth_mysql-3.0.0-3.1
php-mysql-5.1.6-15.el5
mysql-5.0.22-2.1
libdbi-dbd-mysql-0.8.1a-1.2.2
Http部分
[root@mailtest /]# rpm -qa|grep http
httpd-2.2.3-6.el5.centos.1
Php部分
[root@mailtest /]# rpm -qa|grep php
php-mysql-5.1.6-5.el5
php-5.1.6-5.el5
php-mbstring-5.1.6-5.el5
php-common-5.1.6-5.el5
php-cli-5.1.6-5.el5
php-pdo-5.1.6-5.el5
php-gd-5.1.6-5.el5
Perl部分
[root@mailtest noarch]# rpm -qa|grep perl
perl-HTML-Tagset-3.10-2.1.1
perl-Digest-HMAC-1.01-15
perl-HTML-Parser-3.56-1
perl-Sys-Hostname-Long-1.4-1
perl-Net-DNS-0.59-1.fc6
perl-XML-SAX-0.14-5
perl-IO-stringy-2.108-1
perl-DBI-1.56-1
perl-5.8.8-10
mod_perl-2.0.2-6.1
perl-Socket6-0.19-3.fc6
perl-IO-Socket-INET6-2.51-2.fc6
perl-IO-String-1.08-1.1.1
perl-Convert-ASN1-0.20-1.1
perl-TimeDate-1.16-3
perl-MIME-tools-5.420-1
perl-DBD-SQLite-1.13-1
perl-BSD-Resource-1.28-1.fc6.1
perl-DBD-MySQL-3.0007-1.fc6
perl-IO-Zlib-1.04-4.2.1
perl-Digest-SHA1-2.11-1.2.1
perl-Archive-Tar-1.30-1.fc6
perl-IO-Socket-SSL-1.01-1.fc6
perl-LDAP-0.33-3.fc6
perl-libwww-perl-5.805-1.1.1
perl-MailTools-1.71-1
perl-Convert-TNEF-0.17-1
perl-Filesys-Df-0.90-1
perl-URI-1.35-3
perl-Compress-Zlib-1.42-1.fc6
perl-Net-IP-1.25-2.fc6
perl-XML-NamespaceSupport-1.09-1.2.1
perl-Net-CIDR-0.11-1
perl-Archive-Zip-1.16-1
perl-String-CRC32-1.4-2.fc6
perl-Net-SSLeay-1.30-4.fc6
perl-Convert-BinHex-1.119-2
Spamassassin部分
[root@mailtest /]# rpm -qa|grep spamassassin
spamassassin-3.1.7-4.el5
Dovecot部分
[root@mailtest /]# rpm -qa|grep dovecot
dovecot-1.0-1.2.rc15.el5 #imap imaps pop3 pop3s
Cyrus-sasl部分
[root@mailtest /]# rpm -qa|grep cyrus-sasl
cyrus-sasl-lib-2.1.22-4
cyrus-sasl-plain-2.1.22-4
cyrus-sasl-devel-2.1.22-4
cyrus-sasl-2.1.22-4
cyrus-sasl-md5-2.1.22-4
cyrus-sasl-sql-2.1.22-4
Spamassassin所依赖的包
perl-Archive-Tar-1.30-1.fc6.noarch.rpm
perl-IO-Socket-SSL-1.01-1.fc6.noarch.rpm
perl-Compress-Zlib-1.42-1.fc6.i386.rpm
perl-IO-Zlib-1.04-4.2.1.noarch.rpm
perl-Digest-HMAC-1.01-15.noarch.rpm
perl-Net-DNS-0.59-1.fc6.i386.rpm
perl-Digest-SHA1-2.11-1.2.1.i386.rpm
perl-Net-IP-1.25-2.fc6.noarch.rpm
perl-HTML-Parser-3.55-1.fc6.i386.rpm
perl-Net-SSLeay-1.30-4.fc6.i386.rpm
perl-HTML-Tagset-3.10-2.1.1.noarch.rpm
perl-Socket6-0.19-3.fc6.i386.rpm
perl-IO-Socket-INET6-2.51-2.fc6.noarch.rpm
Postfix所依赖的包
db4-devel-4.3.29-9.fc6.i386.rpm
e2fsprogs-devel-1.39-8.el5.i386.rpm
krb5-devel-1.5-17.i386.rpm
zlib-devel-1.2.3-3.i386.rpm
openssl-devel-0.9.8b-8.3.el5.i386.rpm
mysql-devel-5.0.22-2.1.i386.rpm
cyrus-sasl-devel-2.1.22-4.i386.rpm
gcc所依赖的包
libgomp-4.1.1-52.el5.i386.rpm
gcc-4.1.1-52.el5.i386.rpm
其他软件包
perl-libwww-perl-5.805-1.1.1.noarch.rpm
avahi-compat-howl-0.6.16-1.el5.i386.rpm
openldap-servers-sql-2.3.27-5.i386.rpm
perl-LDAP-0.33-3.fc6.noarch.rpm
kernel-devel-2.6.18-8.el5.i686.rpm
elfutils-libelf-0.125-3.el5.i386.rpm
elfutils-libelf-devel-0.125-3.el5.i386.rpm
rpm-build-4.4.2-37.el5.i386.rpm
建议安装与系统管理相关的两个包
nmap-4.11-1.1.i386.rpm
sysstat-7.0.0-3.el5.i386.rpm
下面的两个软件包用于clamav的数字签名
gmp-devel-4.1.4-10.el5
gmp-4.1.4-10.el5
2)DNS相关配置
2.1)建立正向反向和MX记录
[root@mailtest ~]# cat /var/named/named.test.hk
$TTL 86400
@ IN SOA test.hk. test1.test.hk (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS mailtest
test.hk. IN MX 5 mail.test.hk.
mail IN A 10.10.119.204
mailtest IN A 10.10.119.204
[root@mailtest ~]# cat /var/named/named.10.10.119
$TTL 86400
@ IN SOA test.hk. test1.test.hk (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS mailtest
204 IN PTR mail.test.hk.
204 IN PTR mailtest.test.hk.
[root@mailtest ~]# hostname
mailtest.test.hk
2.2)测试DNS配置
[root@mailtest ~]# nslookup mail.test.hk
Server: 10.10.119.204
Address: 10.10.119.204#53
Name: mail.test.hk
Address: 10.10.119.204
[root@mailtest ~]# nslookup mailtest.test.hk
Server: 10.10.119.204
Address: 10.10.119.204#53
Name: mailtest.test.hk
Address: 10.10.119.204
[root@mailtest ~]# nslookup 10.10.119.204
Server: 10.10.119.204
Address: 10.10.119.204#53
204.119.10.10.in-addr.arpa name = mail.test.hk.
204.119.10.10.in-addr.arpa name = mailtest.test.hk.
[root@mailtest ~]# ping mailtest.test.hk
PING mailtest.test.hk (10.10.119.204) 56(84) bytes of data.
64 bytes from mailtest.test.hk (10.10.119.204): icmp_seq=1 ttl=64 time=0.793 ms
64 bytes from mailtest.test.hk (10.10.119.204): icmp_seq=2 ttl=64 time=0.046 ms
64 bytes from mailtest.test.hk (10.10.119.204): icmp_seq=3 ttl=64 time=0.040 ms
--- mailtest.test.hk ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.040/0.293/0.793/0.353 ms
[root@mailtest ~]# ping mail.test.hk
PING mail.test.hk (10.10.119.204) 56(84) bytes of data.
64 bytes from mail.test.hk (10.10.119.204): icmp_seq=1 ttl=64 time=0.395 ms
64 bytes from mail.test.hk (10.10.119.204): icmp_seq=2 ttl=64 time=0.037 ms
64 bytes from mail.test.hk (10.10.119.204): icmp_seq=3 ttl=64 time=0.038 ms
--- mail.test.hk ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.037/0.156/0.395/0.169 ms
Note:DNS的配置错误多看Bind的日志文件/var/log/messages
3)安装Postfix
虽然CentOS 5自带Postfix,但因为其不支持SSL及Mysql/LDAP,所以我们需要自行编译
[root@mailtest /]# rpm -e sendmail --nodeps #卸载系统自带的sendmail
[root@mailtest /]# groupadd postfix #添加postfix用户
[root@mailtest /]# groupadd postdrop #添加postdrop组
[root@mailtest /]# useradd postfix -g postfix -G postdrop -c "Postfix User" -d /dev/null -s /sbin/nologin #添加postfix用户
[root@mailtest /]# mkdir -pv /tmp/postfix #建立postfix的临时目录
[root@mailtest /]# chown -R postfix.postfix /tmp/postfix #给postfix的临时目录相关权限
[root@mailtest /]# mkdir -pv /home/domains/ #建立虚拟邮件用户的邮件存放目录
[root@mailtest /]# chown -R postfix.postfix /home/ #给虚拟邮件用户的邮件存放目录相关权限
[root@mailtest /]# tar zxvf postfix-2.4.6.tar.gz #解压postfix包
[root@mailtest /]# cd postfix-2.4.6 #进入postfix解压目录
[root@mailtest postfix-2.4.5]# make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_TLS -DUSE_CYRUS_SASL -DUSE_SASL_AUTH -I/usr/include/sasl -DHAS_LDAP' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib -lssl -lcrypto -lsasl2 -L/usr/lib/openldap -llber -lldap'
#配置编译环境支持sasl/tls/mysql/ldap.相关编译参数参考readme文件
#在64bit的机器上安装,要将参数里面的lib换成lib64
[root@mailtest postfix-2.4.6]# make #编译postfix
[root@mailtest postfix-2.4.6]# make install #安装postfix文件到相应目录并配置
Note:make install命令后的所有问题都直接敲回车键即可。最好能改下临时目录到/tmp/postfix
生成别名二进制文件,这个步骤如果忽略,会造成postfix效率极低:
[root@mailtest postfix-2.4.6]# newaliases
4)配置Postfix
4.1)配置Postfix的主配置文件 /etc/postfix/main.cf
#=====================BASE=========================
myhostname = mail.test.hk #postfix服务的邮件主机的主机名,建虚拟域时不要建这个同名的
mydomain = test.hk #postfix服务的邮件主机的域名
myorigin = $mydomain #设置由本机寄出的邮件所使用的域名或主机名称
mydestination = $myhostname localhost localhost.$mydomain #设置可接收邮件的主机名称或域名
mynetworks = 10.10.119.0/24 127.0.0.0/8 #设置可转发哪些网络的邮件,不需要认证的网段
inet_interfaces = all #设置postfix服务监听的网络接口
#relay_domains = $mydestination #设置可转发哪些网域的邮件
#=====================Vritual Mailbox settings=========================
virtual_mailbox_base = /home/domains
virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:501
virtual_gid_maps = static:502
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
#====================QUOTA========================
message_size_limit = 5242880 #每个邮件最大尺寸5M
mailbox_size_limit = 209715200 #邮箱大小限制200M
virtual_mailbox_limit = 209715200 #虚拟邮箱大小限制200M
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql/mysql_virtual_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes
#====================SASL========================
smtpd_sasl_type = dovecot #使用dovecot进行验证
smtpd_sasl_path = /var/run/dovecot/auth-client #与dovecot.conf中如下的的path一致
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_unknown_sender_domain,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_unauth_destination,
permit
# From: 本地域 To: 任何地址 必须认证且验证用户和From:必须一致
# From: 任何非本地地址 To: 本地地址 无需认证
# From: 任何非本地 To: 任何地址 拒绝
#列出本地用户的列表,以便验证 From: 本地域 To: 本地域
#smtpd_sender_login_maps =
# mysql:/etc/postfix/mysql/mysql_virtual_sender_maps.cf,
# mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf
#smtpd_reject_unlisted_sender = yes
#本地域向本地域发信也需要SMTP身份验证
#smtpd_sender_restrictions =
# reject_sender_login_mismatch,
# reject_authenticated_sender_login_mismatch,
# reject_unauthenticated_sender_login_mismatch
#smtpd_error_sleep_time = 1s
#smtpd_soft_error_limit = 10
#smtpd_hard_error_limit = 20
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner=$myhostname ESMTP "Version not Available"
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
html_directory = no
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/local/man
daemon_directory = /usr/libexec/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix
#====================SSL/TLS========================
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/smtpd.pem
smtpd_tls_CAfile = /etc/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
生成证书
[root@mailtest postfix]# mkdir /etc/ssl
[root@mailtest postfix]# cd /etc/ssl
[root@mailtest ssl]# openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650
Generating a 1024 bit RSA private key
..++++++
..++++++
writing new private key to 'smtpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:GD
Locality Name (eg, city) [Newbury]:DG
Organization Name (eg, company) [My Company Ltd]:www.test.hk
Organizational Unit Name (eg, section) []:PROC
Common Name (eg, your name or your server's hostname) []:www.test.hk
Email Address []:test1@test.hk
4.2)配置Postfix虚拟用户的配置文件
[root@mailtest mysql]# vi /etc/postfix/mysql/mysql_virtual_alias_maps.cf
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = alias
select_field = goto
where_field = address
additional_conditions = AND active = '1'
[root@mailtest mysql]# vi /etc/postfix/mysql/mysql_virtual_domains_maps.cf
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = domain
select_field = domain
where_field = domain
additional_conditions = AND active = '1'
[root@mailtest mysql]# vi /etc/postfix/mysql/mysql_virtual_limit_maps.cf
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = mailbox
select_field = quota
where_field = username
additional_conditions = AND active = '1'
[root@mailtest mysql]# vi /etc/postfix/mysql/mysql_virtual_mailbox_maps.cf
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = mailbox
select_field = maildir
where_field = username
additional_conditions = AND active = '1'
5)配置dovecot
5.1)配置dovecot的主配置文件/etc/dovecot.conf
[root@mailtest /]# cp /etc/dovecot.conf /etc/dovecot.conf-orig #备份一份dovecot的原始配置文件
[root@mailtest /]# vi /etc/dovecot.conf #编辑dovecot配置文件
base_dir=/var/run/dovecot
protocols=imap imaps pop3 pop3s
listen=*
mail_location = maildir:/vmail/domains/%d/%n/Maildir #虚拟用户maildir形式的邮箱路径(和Extmail一致)
auth default {
mechanisms = plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi #认证方法(ldap认证不支持除plain login外的)
passdb sql { #去掉前面的注释
args = /etc/dovecot-sql.conf #定义mysql文件路径
userdb sql { #去掉前面的注释
args = /etc/dovecot-sql.conf #定义mysql文件路径
socket listen {
client {
path = /var/run/dovecot/auth-client
mode = 0660
user = postfix #添加
group = postfix #添加
} #去掉前面的注释
} #去掉前面的注释
}
5.2)配置dovecot的mysql认证配置文件
[root@mailtest ~]# more /etc/dovecot-sql.conf
driver = mysql
connect = host=/var/lib/mysql/mysql.sock dbname=extmail user=extmail password=extmail
default_pass_scheme = MD5
#password_query = select username as user,password from mailbox where substring(username,1,instr(username,'@')-1) = '%n' and active='1' #这样些的话,不同的域有相同的用户的话会出现多个匹配导致认证失败
password_query = select username as user,password from mailbox where username = '%u' and active='1'
user_query = select maildir as home,501 as uid ,502 as gid from mailbox where username='%u' and active='1'
6)测试发信认证及收信
您可以通过登录postfixadmin新建虚拟域和虚拟用户,也可以直接在mysql中进行创建;
本示例中创建了一个虚拟域:test.hk,并创建了两个虚拟用户:
[email=test1@test.hk]test1@test.hk[/email]
和
[email=test2@test1.hk]test2@test1.hk[/email]
,密码分别为test1和test2
由于login认证采用Base64编码格式,故先将用户test1@test.hk的登录名和密码进行相应的编码:
[root@mailtest postfix]# perl -e 'use MIME::Base64; print encode_base64("test1@test.hk")'
dGVzdDFAdGVzdC5oaw==
[root@mailtest postfix]# perl -e 'use MIME::Base64; print encode_base64("test1")'
dGVzdDE=
6.1)LOGIN登录测试:
C:>telnet 10.10.119.204 25
220 mail.test.hk ESMTP "Version not Available"
ehlo mail
250-mail.test.hk
250-PIPELINING
250-SIZE 5242880
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH LOGIN
334 VXNlcm5hbWU6
dGVzdDFAdGVzdC5oaw==
334 UGFzc3dvcmQ6
dGVzdDE=
235 2.0.0 Authentication successful
mail from:test1@test.hk
250 2.1.0 Ok
rcpt to:test2@test.hk
250 2.1.5 Ok
data
354 Please start mail input.
test send mail
.
quit
221 Closing connection. Good bye.
Connection to host lost.
C:>
6.2)POP3收信测试
先对用户
[email=test2@test.hk]test2@test.hk[/email]
进行Base64编码,而后认证登入,测试pop3收信
[root@mailtest postfix]# perl -e 'use MIME::Base64; print encode_base64("test2@test.hk")'
dGVzdDJAdGVzdC5oaw==
[root@mailtest postfix]# perl -e 'use MIME::Base64; print encode_base64("test2")'
dGVzdDI=
C:>telnet 10.10.119.204 110
+OK Dovecot ready.
AUTH LOGIN
+ VXNlcm5hbWU6
dGVzdDJAdGVzdC5oaw==
+ UGFzc3dvcmQ6
dGVzdDI=
+OK Logged in.
LIST
+OK 1 messages:
1 1410
.
RETR 1
+OK 1410 octets
Return-Path:
X-Original-To:
[email=test2@test.hk]test2@test.hk[/email]
Delivered-To:
[email=test2@test.hk]test2@test.hk[/email]
Received: from d2800js7mh1x (unknown [10.10.119.250])
by mail.test.hk (Postfix) with ESMTP id E8D9413B540
for ; Fri, 16 Nov 2007 08:23:43 +0800 (CST)
Message-ID:
From: "test1"
&nb
声明: 此文观点不代表本站立场;转载须要保留原文链接;版权疑问请联系我们。