配置环境:RHEL5.5 i386
===DNS MX====
[root@station40 ~]# host -t MX tianyun.com
tianyun.com mail is handled by 10 mail.tianyun.com.
[root@station40 ~]#
[root@station40 ~]# ping mail.tianyun.com
PING mail.tianyun.com (192.168.0.2) 56(84) bytes of data.
64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=0.337 ms
64 bytes from 192.168.0.2: icmp_seq=2 ttl=64 time=0.387 ms
一、准备工作
1. IP,Iptables,SELinux,hosts
[root@station11 ~]# service iptables status
防火墙已停
[root@station11 ~]# getenforce
Disabled
# vim /etc/hosts
127.0.0.1 localhost
192.168.2.115 station115.uplooking.com station115
2. #; yum -y groupinstall "Development Libraries" "Development Tools" "Legacy Software Development" "X Software Development"
3. 关闭sendmail,并将它的随系统自动启动功能关闭:
# service sendmail stop
# chkconfig sendmail off
4.安装所需的rpm包,这包括以下这些:
# yum -y install httpd php php-mysql mysql mysql-server mysql-devel openssl-devel \
dovecot perl-DBD-MySQL tcl tcl-devel libart_lgpl libart_lgpl-devel libtool-ltdl libtool-ltdl-devel expect
5. 启动mysql数据库,并给mysql的root用户设置密码
# service mysqld start
# chkconfig mysqld on
# mysqladmin -uroot password '123456'
# mysql -uroot -p123456
6.启动saslauthd服务,并将其加入到自动启动队列
# service saslauthd start
# chkconfig saslauthd on
二、安装postfix
1. postfix
# groupadd -g 1200 postdrop
# groupadd -g 1000 postfix
# useradd -u 1000 -g postfix -G postdrop -M -s /sbin/nologin postfix
# tar xvf postfix-2.6.5.tar.gz
# cd postfix-2.6.5
# make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DUSE_TLS' \
'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib/sasl2 -lsasl2 -lssl -lcrypto'
# make
# make install
按照以下的提示输入相关的路径([]号中的是缺省值,”]”后的是输入值,省略的表示采用默认值)
install_root: [/]
tempdir: [/usr/local/src/ postfix-2.6.5] /tmp <===
config_directory: [/etc/postfix]
daemon_directory: [/usr/libexec/postfix]
command_directory: [/usr/sbin]
queue_directory: [/var/spool/postfix]
sendmail_path: [/usr/sbin/sendmail]
newaliases_path: [/usr/bin/newaliases]
mailq_path: [/usr/bin/mailq]
mail_owner: [postfix]
setgid_group: [postdrop]
html_directory: [no] /var/www/postfix_html <===
manpages: [/usr/local/man]
readme_directory: [no]
BTW: Check your /etc/aliases file and be sure to set up aliases
that send mail for root and postmaster to a real person, then run
/usr/bin/newaliases.
生成别名二进制文件,这个步骤如果忽略,会造成postfix效率极低:
# newaliases
2.进行一些基本配置,测试启动postfix并进行发信
[root@server ~]# cp /etc/postfix/main.cf /etc/postfix/main.cf.bak
[root@server ~]# postconf -n > /etc/postfix/main.cf1
[root@server ~]# cp /etc/postfix/main.cf1 /etc/postfix/main.cf
#vi /etc/postfix/main.cf
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = /var/www/postfix_html
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
unknown_local_recipient_reject_code = 550
修改以下几项需要的配置
inet_interfaces = all //监听在所有接口
myhostname = mail.tianyun.com //主机名(DNS)
mydomain = tianyun.com //域名
myorigin = $mydomain //伪装
mydestination = $mydomain,$myhostname,localhost //定义邮件服务器收取邮件范围
启动postfix
[root@tianyun postfix-2.6.5]# /usr/sbin/postfix start
postfix/postfix-script: starting the Postfix mail system
[root@tianyun postfix-2.6.5]# echo "/usr/sbin/postfix start" >> /etc/rc.local
[root@station230 ~]# netstat -tnlp |grep :25
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 12127/master
===================================可选操作部分=======================================
连接postfix,验证服务启动状况:
[root@tianyun ~]# useradd alice
[root@tianyun ~]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
Escape character is '^]'.
220 mail.tianyun.com ESMTP Postfix
ehlo mail.tianyun.com <===
250-mail.tianyun.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: root@tianyun.com <===
250 2.1.0 Ok
rcpt to: alice@tianyun.com <===
250 2.1.5 Ok
data <===
354 End data with <CR><LF>.<CR><LF>
I love you!
. <===
250 2.0.0 Ok: queued as 01D418F633
quit <===
221 2.0.0 Bye
Connection closed by foreign host.
[root@tianyun ~]#
切换到alice用户进行收信:
[root@tianyun ~]# su - alice
[alice@tianyun ~]$ mail
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/alice": 1 message 1 new
>N 1 root@tianyun.com Thu Sep 27 04:50 14/488
& 1
Message 1:
From root@tianyun.com Thu Sep 27 04:50:56 2012
X-Original-To: alice@tianyun.com
Delivered-To: alice@tianyun.com
Date: Thu, 27 Sep 2012 04:50:36 +0800 (CST)
From: root@tianyun.com
To: undisclosed-recipients:;
I love you!
&
====================================================================================
三、为postfix开启基于cyrus-sasl的认证功能
使用以下命令验正postfix是否支持cyrus风格的sasl认证,如果您的输出为以下结果,则是支持的:
[root@tianyun ~]# postconf -a
cyrus
dovecot
[root@tianyun ~]# vim /etc/postfix/main.cf
添加以下内容:
############################CYRUS-SASL############################
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!
[root@tianyun ~]# vim /usr/lib/sasl2/smtpd.conf
添加如下内容:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
让postfix重新加载配置文件
[root@tianyun ~]# postfix reload
===========================测试部分可选操作===========================================
[root@tianyun ~]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
Escape character is '^]'.
220 Welcome to our mail.tianyun.com ESMTP,Warning: Version not Available!
ehlo mail.tianyun.com
250-mail.tianyun.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN //
250-AUTH=PLAIN LOGIN //表示已支持sasl认证
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
四、安装Courier authentication library
[root@tianyun ~]# tar xvf courier-authlib-0.62.4.tar.bz2
[root@tianyun ~]# cd courier-authlib-0.62.4
[root@tianyun courier-authlib-0.62.4]# ./configure \
--prefix=/usr/local/courier-authlib \
--sysconfdir=/etc \
--with-authmysql \
--with-mysql-libs=/usr/lib/mysql \
--with-mysql-includes=/usr/include/mysql \
--with-redhat \
--with-authmysqlrc=/etc/authmysqlrc \
--with-authdaemonrc=/etc/authdaemonrc \
--with-ltdl-lib=/usr/lib \
--with-ltdl-include=/usr/include
[root@tianyun courier-authlib-0.62.4]# make
[root@tianyun courier-authlib-0.62.4]# make install
[root@tianyun courier-authlib-0.62.4]# chmod 755 /usr/local/courier-authlib/var/spool/authdaemon/
[root@tianyun ~]# cp /etc/authdaemonrc.dist /etc/authdaemonrc
[root@tianyun ~]# cp /etc/authmysqlrc.dist /etc/authmysqlrc
修改/etc/authdaemonrc 文件
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=10
编辑/etc/authmysqlrc 为以下内容,其中1000,1000 为postfix 用户的UID和GID。
MYSQL_SERVER localhost
MYSQL_USERNAME extmail //连接数据库使用的用户名
MYSQL_PASSWORD extmail //连接数据库使用的密码
MYSQL_SOCKET /var/lib/mysql/mysql.sock //去掉注释并修改
MYSQL_PORT 3306
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD '1000'
MYSQL_GID_FIELD '1000'
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD concat('/var/mailbox/',homedir)
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD concat('/var/mailbox/',maildir) //去掉注释并修改
[root@tianyun courier-authlib-0.62.4]# cp courier-authlib.sysvinit /etc/init.d/courier-authlib
[root@tianyun courier-authlib-0.62.4]# chmod 755 /etc/init.d/courier-authlib
[root@tianyun courier-authlib-0.62.4]# chkconfig --add courier-authlib
[root@tianyun courier-authlib-0.62.4]# chkconfig courier-authlib on
[root@tianyun ~]# echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf.d/courier-authlib.conf
[root@tianyun ~]# ldconfig -v
[root@tianyun ~]# /etc/init.d/courier-authlib start
Starting Courier authentication services: authdaemond (启动服务)
新建虚拟用户邮箱所在的目录,并将其权限赋予postfix用户:
[root@tianyun ~]# mkdir -p /var/mailbox
[root@tianyun ~]# chown -R postfix /var/mailbox/
接下来重新配置SMTP 认证,编辑 /usr/lib/sasl2/smtpd.conf,确保其为以下内容:
[root@tianyun ~]# vim /usr/lib/sasl2/smtpd.conf
pwcheck_method: authdaemond
mech_list: PLAIN LOGIN
log_level: 3
authdaemond_path: /usr/local/courier-authlib/var/spool/authdaemon/socket
五、让postfix支持虚拟域和虚拟用户
1、编辑/etc/postfix/main.cf,添加如下内容:
########################Virtual Mailbox Settings########################
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
##########################QUOTA Settings########################
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again later.
virtual_overquota_bounce = yes
2、使用extman源码目录下docs目录中的extmail.sql和init.sql建立数据库:
[root@tianyun ~]# tar xvf extman-1.1.tar.gz
[root@tianyun ~]# cd extman-1.1/docs/
[root@tianyun docs]# mysql -uroot -p123456 < extmail.sql
[root@tianyun docs]# mysql -uroot -p123456 < init.sql
[root@tianyun docs]# cp mysql* /etc/postfix/
3、授予用户extmail访问extmail数据库的权限
[root@tianyun docs]# mysql -uroot -p123456
mysql> GRANT all privileges on extmail.* TO extmail@localhost IDENTIFIED BY 'extmail';
mysql> GRANT all privileges on extmail.* TO extmail@127.0.0.1 IDENTIFIED BY 'extmail';
注意:启用虚拟域以后,需要取消默认域,即注释掉myhostname, mydestination, mydomain, myorigin几个指令;
[root@tianyun docs]# vim /etc/postfix/main.cf
#myhostname = mail.tianyun.com
#mydomain = tianyun.com
#myorigin = $mydomain
#mydestination = $mydomain,$myhostname,localhost
六、配置dovecot
[root@tianyun docs]# vim /etc/dovecot.conf
mail_location = maildir:/var/mailbox/%d/%n/Maildir
……
auth default {
mechanisms = plain
passdb sql {
args = /etc/dovecot-mysql.conf
}
userdb sql {
args = /etc/dovecot-mysql.conf
}
……
[root@tianyun docs]# vi /etc/dovecot-mysql.conf
driver = mysql
connect = host=localhost dbname=extmail user=extmail password=extmail
default_pass_scheme = CRYPT
password_query = SELECT username AS user,password AS password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, uidnumber AS uid, gidnumber AS gid FROM mailbox WHERE username = '%u'
启动dovecot服务:
[root@tianyun docs]# service dovecot start
[root@tianyun docs]# chkconfig dovecot on
七、安装Extmail-1.2
1、安装
[root@tianyun ~]# tar xvf extmail-1.2.tar.gz
[root@tianyun ~]# mkdir -p /var/www/extsuite
[root@tianyun ~]# mv extmail-1.2 /var/www/extsuite/extmail
[root@tianyun ~]# cd /var/www/extsuite/extmail/
[root@tianyun extmail]# cp webmail.cf.default webmail.cf
2、修改主配置文件,部分修改选项的说明:
[root@tianyun ~]# vim /var/www/extsuite/extmail/webmail.cf
SYS_MESSAGE_SIZE_LIMIT = 5242880 用户可以发送的最大邮件,默认为5M
SYS_USER_LANG = zh_CN 中文支持
SYS_MAILDIR_BASE = /var/mailbox 此处即在前面所设置的用户邮件的存放目录
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail 以上两句句用来设置连接数据库服务器所使用用户名、密码和邮件服务器用到的数据库
SYS_MYSQL_HOST = localhost 指明数据库服务器主机名,这里默认即可
SYS_MYSQL_TABLE = mailbox
SYS_MYSQL_ATTR_USERNAME = username
SYS_MYSQL_ATTR_DOMAIN = domain
SYS_MYSQL_ATTR_PASSWD = password 以上用来指定验正用户登录里所用到的表,以及用户名、域名和用户密码分别对应的表中列的名称;这里默认即可
SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket 此句用来指明authdaemo socket文件的位置
3、apache相关配置
由于extmail要进行本地邮件的投递操作,故必须将运行apache服务器用户的身份修改为您的邮件投递代理的用户;
本例中打开了apache服务器的suexec功能,故使用以下方法来实现虚拟主机运行身份的指定。
此例中的MDA为postfix自带,因此将指定为postfix用户:
[root@tianyun ~]# vim /etc/httpd/conf/httpd.conf
<VirtualHost *:80>
ServerName mail.test.com
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
SuexecUserGroup postfix postfix
</VirtualHost>
修改 cgi执行文件属主为apache运行身份用户:
[root@tianyun ~]# chown -R postfix.postfix /var/www/extsuite/extmail/cgi/
4、依赖关系的解决
extmail将会用到perl的Unix::syslogd功能
[root@tianyun ~]# tar xvf Unix-Syslog-0.100.tar.gz
[root@tianyun ~]# cd Unix-Syslog-0.100
[root@tianyun Unix-Syslog-0.100]# perl Makefile.PL
[root@tianyun Unix-Syslog-0.100]# make
[root@tianyun Unix-Syslog-0.100]# make install
5、启动apache服务
[root@tianyun ~]# service httpd start
[root@tianyun ~]# chkconfig httpd on
八、安装Extman-1.1
1、安装及基本配置
[root@tianyun ~]# tar xvf extman-1.1.tar.gz
[root@tianyun ~]# mv extman-1.1 /var/www/extsuite/extman
[root@tianyun ~]# cp /var/www/extsuite/extman/webman.cf.default /var/www/extsuite/extman/webman.cf
[root@tianyun ~]# vim /var/www/extsuite/extman/webman.cf
SYS_MAILDIR_BASE = /var/mailbox
SYS_CAPTCHA_ON = 0 //验证码是否开启
修改cgi目录的属主:
[root@tianyun ~]# chown -R postfix.postfix /var/www/extsuite/extman/cgi/
在apache的主配置文件中Extmail的虚拟主机部分,添加如下两行:
ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi
Alias /extman /var/www/extsuite/extman/html
创建其运行时所需的临时目录,并修改其相应的权限:
[root@tianyun ~]# mkdir -p /tmp/extman
[root@tianyun ~]# chown postfix.postfix /tmp/extman/
重新启动apache,配置基本结构,可从浏览器中访问Webmail和Extman
[root@tianyun ~]# service httpd restart
http://mail.tianyun.com
extman默认管理帐号为:root@extmail.org 密码为:extmail*123*
邮件服务器登陆extman 后台时显示 系统信息 错误 no such file or directory
[root@tianyun ~]# /var/www/extsuite/extman/daemon/cmdserver -v -d
loaded ok
[root@server ~]# echo "/var/www/extsuite/extman/daemon/cmdserver -v -d" >> /etc/rc.local
创建域uplooking.com, 注册2个账号 相互发封邮件试试,可以收到那就祝贺了。。配置成功
[root@server ~]# tail -f /var/log/maillog
登陆mysql看一下相关的数据库信息,有数据,则表明整个认证机制是基于mysql数据库实现的。
===========================================================================================================
错误1:邮件目录没有权限
[root@station11 ~]# telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK Dovecot ready.
user jack@tianyun.com
+OK
pass 123
+OK Logged in.
-ERR Internal error occurred. Refer to server log for more information. [2012-10-11 16:05:59]
Connection closed by foreign host.
[root@station40 ~]# printf "jack@tianyun.com" |openssl base64
amFja0B0aWFueXVuLmNvbQ==
[root@station40 ~]#
[root@station40 ~]# printf "123" |openssl base64
MTIz
[root@station11 ~]# telnet 192.168.0.2 25
Trying 192.168.0.2...
Connected to 192.168.0.2 (192.168.0.2).
Escape character is '^]'.
220 Welcome to our station11.uplooking.com ESMTP,Warning: Version not Available!
ehlo nihao
250-station11.uplooking.com
250-PIPELINING
250-SIZE 14336000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
amFja0B0aWFueXVuLmNvbQ==
334 UGFzc3dvcmQ6
MTIz
mail from: alice@tianyun.com //发件人
rcpt to: jack@tianyun.com //收件人
data
输入正文
.
quit
[root@station11 ~]# telnet 192.168.0.2 110 收信
Trying 192.168.0.2...
Connected to 192.168.0.2 (192.168.0.2).
Escape character is '^]'.
+OK Dovecot ready.
user jack@tianyun.com
+OK
pass 123
+OK Logged in.
list //列出邮件
+OK 1 messages:
1 1542
.
retr 1 //读第一封邮件
dele 1 //删除第一封邮件
MUA: outlook,foxmail
用户名必须是全名 jack@tianyun.com
支持SASL认证: 我的服务器需要身份验证
Can't chdir to /var/mailbox/bingo.com/111/Maildir/, No such file or directory
转载于:https://blog.51cto.com/13763261/2170519
)
