2014-07-13 20:21:48
来 源
中存储网
Postfix
Author:汪洋 Nickname:ruochen / ruochen0926Date:20070927Version:1.0Contact: E-Mail:ruochen0926(at)gmail.comQQ:967409  Note:参考了网上很多网友的

    Author:汪洋

    Nickname:ruochen / ruochen0926

    Date:20070927

    Version:1.0

    Contact: E-Mail:ruochen0926(at)gmail.com QQ:967409

    Note:参考了网上很多网友的帖子,都比较零散,不一一列出,如果在安装或者使用过程中有疑问,请到我的blog跟帖,我会尽快回复

    目录:

    目标:配置一个功能齐全的Mail系统

    1)安装需要的软件包

    2)DNS相关配置

    2.1)建立正向反向和MX记录

    2.2)测试DNS配置

    3)安装Postfix

    4)配置Postfix

    4.1)配置Postfix的主配置文件 /etc/postfix/main.cf

    4.2)配置Postfix虚拟用户的配置文件

    5)配置dovecot (IMAP/IMAPS/POP3/POP3S)

    5.1)配置dovecot的主配置文件/etc/dovecot.conf

    5.2)配置dovecot的mysql认证配置文件

    6)测试发信认证及收信

    6.1)LOGIN登录测试

    6.2)pop3收信测试

    7)安装Extmail-1.0.2

    7.1)解压安装

    7.2)修改Extmail主配置文件

    7.3)APACHE相关配置

    7.4)Extmail依赖关系的解决

    8)安装Extman-0.2.2

    8.1)解压安装

    8.2)修改Extman的主配置文件

    8.3)APACHE相关配置

    9)开启Apache/Mysql/Bind,并让他们自启动

    10)安装反垃圾SpamAssassin

    11)安装反病毒Clamav

    12)安装MailScanner

    1)安装需要的软件包

    Mysql部分

    [root@mailtest /]# rpm -qa|grep mysql

    mysql-connector-odbc-3.51.12-2.2

    mysql-devel-5.0.22-2.1

    mysql-server-5.0.22-2.1

    mod_auth_mysql-3.0.0-3.1

    php-mysql-5.1.6-15.el5

    mysql-5.0.22-2.1

    libdbi-dbd-mysql-0.8.1a-1.2.2

    Http部分

    [root@mailtest /]# rpm -qa|grep http

    httpd-2.2.3-6.el5.centos.1

    Php部分

    [root@mailtest /]# rpm -qa|grep php

    php-mysql-5.1.6-5.el5

    php-5.1.6-5.el5

    php-mbstring-5.1.6-5.el5

    php-common-5.1.6-5.el5

    php-cli-5.1.6-5.el5

    php-pdo-5.1.6-5.el5

    php-gd-5.1.6-5.el5

    Perl部分

    [root@mailtest noarch]# rpm -qa|grep perl

    perl-HTML-Tagset-3.10-2.1.1

    perl-Digest-HMAC-1.01-15

    perl-HTML-Parser-3.56-1

    perl-Sys-Hostname-Long-1.4-1

    perl-Net-DNS-0.59-1.fc6

    perl-XML-SAX-0.14-5

    perl-IO-stringy-2.108-1

    perl-DBI-1.56-1

    perl-5.8.8-10

    mod_perl-2.0.2-6.1

    perl-Socket6-0.19-3.fc6

    perl-IO-Socket-INET6-2.51-2.fc6

    perl-IO-String-1.08-1.1.1

    perl-Convert-ASN1-0.20-1.1

    perl-TimeDate-1.16-3

    perl-MIME-tools-5.420-1

    perl-DBD-SQLite-1.13-1

    perl-BSD-Resource-1.28-1.fc6.1

    perl-DBD-MySQL-3.0007-1.fc6

    perl-IO-Zlib-1.04-4.2.1

    perl-Digest-SHA1-2.11-1.2.1

    perl-Archive-Tar-1.30-1.fc6

    perl-IO-Socket-SSL-1.01-1.fc6

    perl-LDAP-0.33-3.fc6

    perl-libwww-perl-5.805-1.1.1

    perl-MailTools-1.71-1

    perl-Convert-TNEF-0.17-1

    perl-Filesys-Df-0.90-1

    perl-URI-1.35-3

    perl-Compress-Zlib-1.42-1.fc6

    perl-Net-IP-1.25-2.fc6

    perl-XML-NamespaceSupport-1.09-1.2.1

    perl-Net-CIDR-0.11-1

    perl-Archive-Zip-1.16-1

    perl-String-CRC32-1.4-2.fc6

    perl-Net-SSLeay-1.30-4.fc6

    perl-Convert-BinHex-1.119-2

    Spamassassin部分

    [root@mailtest /]# rpm -qa|grep spamassassin

    spamassassin-3.1.7-4.el5

    Dovecot部分

    [root@mailtest /]# rpm -qa|grep dovecot

    dovecot-1.0-1.2.rc15.el5 #imap imaps pop3 pop3s

    Cyrus-sasl部分

    [root@mailtest /]# rpm -qa|grep cyrus-sasl

    cyrus-sasl-lib-2.1.22-4

    cyrus-sasl-plain-2.1.22-4

    cyrus-sasl-devel-2.1.22-4

    cyrus-sasl-2.1.22-4

    cyrus-sasl-md5-2.1.22-4

    cyrus-sasl-sql-2.1.22-4

    Spamassassin所依赖的包

    perl-Archive-Tar-1.30-1.fc6.noarch.rpm

    perl-IO-Socket-SSL-1.01-1.fc6.noarch.rpm

    perl-Compress-Zlib-1.42-1.fc6.i386.rpm

    perl-IO-Zlib-1.04-4.2.1.noarch.rpm

    perl-Digest-HMAC-1.01-15.noarch.rpm

    perl-Net-DNS-0.59-1.fc6.i386.rpm

    perl-Digest-SHA1-2.11-1.2.1.i386.rpm

    perl-Net-IP-1.25-2.fc6.noarch.rpm

    perl-HTML-Parser-3.55-1.fc6.i386.rpm

    perl-Net-SSLeay-1.30-4.fc6.i386.rpm

    perl-HTML-Tagset-3.10-2.1.1.noarch.rpm

    perl-Socket6-0.19-3.fc6.i386.rpm

    perl-IO-Socket-INET6-2.51-2.fc6.noarch.rpm

    Postfix所依赖的包

    db4-devel-4.3.29-9.fc6.i386.rpm

    e2fsprogs-devel-1.39-8.el5.i386.rpm

    krb5-devel-1.5-17.i386.rpm

    zlib-devel-1.2.3-3.i386.rpm

    openssl-devel-0.9.8b-8.3.el5.i386.rpm

    mysql-devel-5.0.22-2.1.i386.rpm

    cyrus-sasl-devel-2.1.22-4.i386.rpm

    gcc所依赖的包

    libgomp-4.1.1-52.el5.i386.rpm

    gcc-4.1.1-52.el5.i386.rpm

    其他软件包

    perl-libwww-perl-5.805-1.1.1.noarch.rpm

    avahi-compat-howl-0.6.16-1.el5.i386.rpm

    openldap-servers-sql-2.3.27-5.i386.rpm

    perl-LDAP-0.33-3.fc6.noarch.rpm

    kernel-devel-2.6.18-8.el5.i686.rpm

    elfutils-libelf-0.125-3.el5.i386.rpm

    elfutils-libelf-devel-0.125-3.el5.i386.rpm

    rpm-build-4.4.2-37.el5.i386.rpm

    建议安装与系统管理相关的两个包

    nmap-4.11-1.1.i386.rpm

    sysstat-7.0.0-3.el5.i386.rpm

    下面的两个软件包用于clamav的数字签名

    gmp-devel-4.1.4-10.el5

    gmp-4.1.4-10.el5

    2)DNS相关配置

    2.1)建立正向反向和MX记录

    [root@mailtest ~]# cat /var/named/named.test.hk

    $TTL 86400

    @ IN SOA test.hk. test1.test.hk (

     1997022700 ; Serial

     28800 ; Refresh

     14400 ; Retry

     3600000 ; Expire

     86400 ) ; Minimum

     IN NS mailtest

    test.hk. IN MX 5 mail.test.hk.

    mail IN A 10.10.119.204

    mailtest IN A 10.10.119.204

    [root@mailtest ~]# cat /var/named/named.10.10.119

    $TTL 86400

    @ IN SOA test.hk. test1.test.hk (

     1997022700 ; Serial

     28800 ; Refresh

     14400 ; Retry

     3600000 ; Expire

     86400 ) ; Minimum

     IN NS mailtest

    204 IN PTR mail.test.hk.

    204 IN PTR mailtest.test.hk.

    [root@mailtest ~]# hostname

    mailtest.test.hk

    2.2)测试DNS配置

    [root@mailtest ~]# nslookup mail.test.hk

    Server: 10.10.119.204

    Address: 10.10.119.204#53

    Name: mail.test.hk

    Address: 10.10.119.204

    [root@mailtest ~]# nslookup mailtest.test.hk

    Server: 10.10.119.204

    Address: 10.10.119.204#53

    Name: mailtest.test.hk

    Address: 10.10.119.204

    [root@mailtest ~]# nslookup 10.10.119.204

    Server: 10.10.119.204

    Address: 10.10.119.204#53

    204.119.10.10.in-addr.arpa name = mail.test.hk.

    204.119.10.10.in-addr.arpa name = mailtest.test.hk.

    [root@mailtest ~]# ping mailtest.test.hk

    PING mailtest.test.hk (10.10.119.204) 56(84) bytes of data.

    64 bytes from mailtest.test.hk (10.10.119.204): icmp_seq=1 ttl=64 time=0.793 ms

    64 bytes from mailtest.test.hk (10.10.119.204): icmp_seq=2 ttl=64 time=0.046 ms

    64 bytes from mailtest.test.hk (10.10.119.204): icmp_seq=3 ttl=64 time=0.040 ms

    --- mailtest.test.hk ping statistics ---

    3 packets transmitted, 3 received, 0% packet loss, time 2002ms

    rtt min/avg/max/mdev = 0.040/0.293/0.793/0.353 ms

    [root@mailtest ~]# ping mail.test.hk

    PING mail.test.hk (10.10.119.204) 56(84) bytes of data.

    64 bytes from mail.test.hk (10.10.119.204): icmp_seq=1 ttl=64 time=0.395 ms

    64 bytes from mail.test.hk (10.10.119.204): icmp_seq=2 ttl=64 time=0.037 ms

    64 bytes from mail.test.hk (10.10.119.204): icmp_seq=3 ttl=64 time=0.038 ms

    --- mail.test.hk ping statistics ---

    3 packets transmitted, 3 received, 0% packet loss, time 2001ms

    rtt min/avg/max/mdev = 0.037/0.156/0.395/0.169 ms

    Note:DNS的配置错误多看Bind的日志文件/var/log/messages

    3)安装Postfix

    虽然CentOS 5自带Postfix,但因为其不支持SSL及Mysql/LDAP,所以我们需要自行编译

    [root@mailtest /]# rpm -e sendmail --nodeps #卸载系统自带的sendmail

    [root@mailtest /]# groupadd postfix #添加postfix用户

    [root@mailtest /]# groupadd postdrop #添加postdrop组

    [root@mailtest /]# useradd postfix -g postfix -G postdrop -c "Postfix User" -d /dev/null -s /sbin/nologin #添加postfix用户

    [root@mailtest /]# mkdir -pv /tmp/postfix #建立postfix的临时目录

    [root@mailtest /]# chown -R postfix.postfix /tmp/postfix #给postfix的临时目录相关权限

    [root@mailtest /]# mkdir -pv /home/domains/ #建立虚拟邮件用户的邮件存放目录

    [root@mailtest /]# chown -R postfix.postfix /home/ #给虚拟邮件用户的邮件存放目录相关权限

    [root@mailtest /]# tar zxvf postfix-2.4.6.tar.gz #解压postfix包

    [root@mailtest /]# cd postfix-2.4.6 #进入postfix解压目录

    [root@mailtest postfix-2.4.5]# make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_TLS -DUSE_CYRUS_SASL -DUSE_SASL_AUTH -I/usr/include/sasl -DHAS_LDAP' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib -lssl -lcrypto -lsasl2 -L/usr/lib/openldap -llber -lldap'

    #配置编译环境支持sasl/tls/mysql/ldap.相关编译参数参考readme文件

    #在64bit的机器上安装,要将参数里面的lib换成lib64

    [root@mailtest postfix-2.4.6]# make #编译postfix

    [root@mailtest postfix-2.4.6]# make install #安装postfix文件到相应目录并配置

    Note:make install命令后的所有问题都直接敲回车键即可。最好能改下临时目录到/tmp/postfix

    生成别名二进制文件,这个步骤如果忽略,会造成postfix效率极低:

    [root@mailtest postfix-2.4.6]# newaliases

    4)配置Postfix

    4.1)配置Postfix的主配置文件 /etc/postfix/main.cf

    #=====================BASE=========================

    myhostname = mail.test.hk #postfix服务的邮件主机的主机名,建虚拟域时不要建这个同名的

    mydomain = test.hk #postfix服务的邮件主机的域名

    myorigin = $mydomain #设置由本机寄出的邮件所使用的域名或主机名称

    mydestination = $myhostname localhost localhost.$mydomain #设置可接收邮件的主机名称或域名

    mynetworks = 10.10.119.0/24 127.0.0.0/8 #设置可转发哪些网络的邮件,不需要认证的网段

    inet_interfaces = all #设置postfix服务监听的网络接口

    #relay_domains = $mydestination #设置可转发哪些网域的邮件

    #=====================Vritual Mailbox settings=========================

    virtual_mailbox_base = /home/domains

    virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_maps.cf

    virtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql_virtual_domains_maps.cf

    virtual_alias_domains =

    virtual_alias_maps = mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf

    virtual_uid_maps = static:501

    virtual_gid_maps = static:502

    virtual_transport = virtual

    maildrop_destination_recipient_limit = 1

    maildrop_destination_concurrency_limit = 1

    #====================QUOTA========================

    message_size_limit = 5242880 #每个邮件最大尺寸5M

    mailbox_size_limit = 209715200 #邮箱大小限制200M

    virtual_mailbox_limit = 209715200 #虚拟邮箱大小限制200M

    virtual_create_maildirsize = yes

    virtual_mailbox_extended = yes

    virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql/mysql_virtual_limit_maps.cf

    virtual_mailbox_limit_override = yes

    virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.

    virtual_overquota_bounce = yes

    #====================SASL========================

    smtpd_sasl_type = dovecot #使用dovecot进行验证

    smtpd_sasl_path = /var/run/dovecot/auth-client #与dovecot.conf中如下的的path一致

    broken_sasl_auth_clients = yes

    smtpd_recipient_restrictions = permit_mynetworks,

     permit_sasl_authenticated,

     reject_invalid_hostname,

     reject_non_fqdn_hostname,

     reject_unknown_sender_domain,

     reject_non_fqdn_sender,

     reject_non_fqdn_recipient,

     reject_unknown_recipient_domain,

     reject_unauth_pipelining,

     reject_unauth_destination,

     permit

    # From: 本地域 To: 任何地址 必须认证且验证用户和From:必须一致

    # From: 任何非本地地址 To: 本地地址 无需认证

    # From: 任何非本地 To: 任何地址 拒绝

    #列出本地用户的列表,以便验证 From: 本地域 To: 本地域

    #smtpd_sender_login_maps =

    # mysql:/etc/postfix/mysql/mysql_virtual_sender_maps.cf,

    # mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf

    #smtpd_reject_unlisted_sender = yes

    #本地域向本地域发信也需要SMTP身份验证

    #smtpd_sender_restrictions =

    # reject_sender_login_mismatch,

    # reject_authenticated_sender_login_mismatch,

    # reject_unauthenticated_sender_login_mismatch

    #smtpd_error_sleep_time = 1s

    #smtpd_soft_error_limit = 10

    #smtpd_hard_error_limit = 20

    smtpd_sasl_auth_enable = yes

    smtpd_sasl_local_domain = $myhostname

    smtpd_sasl_security_options = noanonymous

    smtpd_sasl_application_name = smtpd

    smtpd_banner=$myhostname ESMTP "Version not Available"

    readme_directory = no

    sample_directory = /etc/postfix

    sendmail_path = /usr/sbin/sendmail

    html_directory = no

    setgid_group = postdrop

    command_directory = /usr/sbin

    manpage_directory = /usr/local/man

    daemon_directory = /usr/libexec/postfix

    newaliases_path = /usr/bin/newaliases

    mailq_path = /usr/bin/mailq

    queue_directory = /var/spool/postfix

    mail_owner = postfix

    #====================SSL/TLS========================

    smtp_use_tls = yes

    smtpd_use_tls = yes

    smtp_tls_note_starttls_offer = yes

    smtpd_tls_key_file = /etc/ssl/smtpd.pem

    smtpd_tls_cert_file = /etc/ssl/smtpd.pem

    smtpd_tls_CAfile = /etc/ssl/smtpd.pem

    smtpd_tls_loglevel = 1

    smtpd_tls_received_header = yes

    smtpd_tls_session_cache_timeout = 3600s

    tls_random_source = dev:/dev/urandom

    生成证书

    [root@mailtest postfix]# mkdir /etc/ssl

    [root@mailtest postfix]# cd /etc/ssl

    [root@mailtest ssl]# openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650

    Generating a 1024 bit RSA private key

    ..++++++

    ..++++++

    writing new private key to 'smtpd.pem'

    -----

    You are about to be asked to enter information that will be incorporated

    into your certificate request.

    What you are about to enter is what is called a Distinguished Name or a DN.

    There are quite a few fields but you can leave some blank

    For some fields there will be a default value,

    If you enter '.', the field will be left blank.

    -----

    Country Name (2 letter code) [GB]:CN

    State or Province Name (full name) [Berkshire]:GD

    Locality Name (eg, city) [Newbury]:DG

    Organization Name (eg, company) [My Company Ltd]:www.test.hk

    Organizational Unit Name (eg, section) []:PROC

    Common Name (eg, your name or your server's hostname) []:www.test.hk

    Email Address []:test1@test.hk

    4.2)配置Postfix虚拟用户的配置文件

    [root@mailtest mysql]# vi /etc/postfix/mysql/mysql_virtual_alias_maps.cf

    user = extmail

    password = extmail

    hosts = localhost

    dbname = extmail

    table = alias

    select_field = goto

    where_field = address

    additional_conditions = AND active = '1'

    [root@mailtest mysql]# vi /etc/postfix/mysql/mysql_virtual_domains_maps.cf

    user = extmail

    password = extmail

    hosts = localhost

    dbname = extmail

    table = domain

    select_field = domain

    where_field = domain

    additional_conditions = AND active = '1'

    [root@mailtest mysql]# vi /etc/postfix/mysql/mysql_virtual_limit_maps.cf

    user = extmail

    password = extmail

    hosts = localhost

    dbname = extmail

    table = mailbox

    select_field = quota

    where_field = username

    additional_conditions = AND active = '1'

    [root@mailtest mysql]# vi /etc/postfix/mysql/mysql_virtual_mailbox_maps.cf

    user = extmail

    password = extmail

    hosts = localhost

    dbname = extmail

    table = mailbox

    select_field = maildir

    where_field = username

    additional_conditions = AND active = '1'

    5)配置dovecot

    5.1)配置dovecot的主配置文件/etc/dovecot.conf

    [root@mailtest /]# cp /etc/dovecot.conf /etc/dovecot.conf-orig #备份一份dovecot的原始配置文件

    [root@mailtest /]# vi /etc/dovecot.conf #编辑dovecot配置文件

    base_dir=/var/run/dovecot

    protocols=imap imaps pop3 pop3s

    listen=*

    mail_location = maildir:/vmail/domains/%d/%n/Maildir #虚拟用户maildir形式的邮箱路径(和Extmail一致)

    auth default {

    mechanisms = plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi #认证方法(ldap认证不支持除plain login外的)

    passdb sql { #去掉前面的注释

    args = /etc/dovecot-sql.conf #定义mysql文件路径

    userdb sql { #去掉前面的注释

    args = /etc/dovecot-sql.conf #定义mysql文件路径

    socket listen {

    client {

    path = /var/run/dovecot/auth-client

     mode = 0660

     user = postfix #添加

     group = postfix #添加

     } #去掉前面的注释

     } #去掉前面的注释

    }

    5.2)配置dovecot的mysql认证配置文件

    [root@mailtest ~]# more /etc/dovecot-sql.conf

    driver = mysql

    connect = host=/var/lib/mysql/mysql.sock dbname=extmail user=extmail password=extmail

    default_pass_scheme = MD5

    #password_query = select username as user,password from mailbox where substring(username,1,instr(username,'@')-1) = '%n' and active='1' #这样些的话,不同的域有相同的用户的话会出现多个匹配导致认证失败

    password_query = select username as user,password from mailbox where username = '%u' and active='1'

    user_query = select maildir as home,501 as uid ,502 as gid from mailbox where username='%u' and active='1'

    6)测试发信认证及收信

    您可以通过登录postfixadmin新建虚拟域和虚拟用户,也可以直接在mysql中进行创建;

    本示例中创建了一个虚拟域:test.hk,并创建了两个虚拟用户:

    [email=test1@test.hk]test1@test.hk[/email]

    和

    [email=test2@test1.hk]test2@test1.hk[/email]

    ,密码分别为test1和test2

    由于login认证采用Base64编码格式,故先将用户test1@test.hk的登录名和密码进行相应的编码:

    [root@mailtest postfix]# perl -e 'use MIME::Base64; print encode_base64("test1@test.hk")'

    dGVzdDFAdGVzdC5oaw==

    [root@mailtest postfix]# perl -e 'use MIME::Base64; print encode_base64("test1")'

    dGVzdDE=

    6.1)LOGIN登录测试:

    C:>telnet 10.10.119.204 25

    220 mail.test.hk ESMTP "Version not Available"

    ehlo mail

    250-mail.test.hk

    250-PIPELINING

    250-SIZE 5242880

    250-VRFY

    250-ETRN

    250-STARTTLS

    250-AUTH PLAIN LOGIN

    250-AUTH=PLAIN LOGIN

    250-ENHANCEDSTATUSCODES

    250-8BITMIME

    250 DSN

    AUTH LOGIN

    334 VXNlcm5hbWU6

    dGVzdDFAdGVzdC5oaw==

    334 UGFzc3dvcmQ6

    dGVzdDE=

    235 2.0.0 Authentication successful

    mail from:test1@test.hk

    250 2.1.0 Ok

    rcpt to:test2@test.hk

    250 2.1.5 Ok

    data

    354 Please start mail input.

    test send mail

    .

    quit

    221 Closing connection. Good bye.

    Connection to host lost.

    C:>

    6.2)POP3收信测试

    先对用户

    [email=test2@test.hk]test2@test.hk[/email]

    进行Base64编码,而后认证登入,测试pop3收信

    [root@mailtest postfix]# perl -e 'use MIME::Base64; print encode_base64("test2@test.hk")'

    dGVzdDJAdGVzdC5oaw==

    [root@mailtest postfix]# perl -e 'use MIME::Base64; print encode_base64("test2")'

    dGVzdDI=

    C:>telnet 10.10.119.204 110

    +OK Dovecot ready.

    AUTH LOGIN

    + VXNlcm5hbWU6

    dGVzdDJAdGVzdC5oaw==

    + UGFzc3dvcmQ6

    dGVzdDI=

    +OK Logged in.

    LIST

    +OK 1 messages:

    1 1410

    .

    RETR 1

    +OK 1410 octets

    Return-Path:

    X-Original-To:

    [email=test2@test.hk]test2@test.hk[/email]

    Delivered-To:

    [email=test2@test.hk]test2@test.hk[/email]

    Received: from d2800js7mh1x (unknown [10.10.119.250])

     by mail.test.hk (Postfix) with ESMTP id E8D9413B540

     for ; Fri, 16 Nov 2007 08:23:43 +0800 (CST)

    Message-ID:

    From: "test1"

&nb

声明: 此文观点不代表本站立场;转载须要保留原文链接;版权疑问请联系我们。