构建Postfix邮件服务器

Postfix是一款基于开源环境，用于取代在开源环境中Sendmail的一种尝试。与Sendmail相比postfix更快、更安全、更加易于管理，于此同时还与Sendmail保持了足够的兼容性。

下面是基于Postfix配合Dovecat、Extmail与Extman实现提供具有SASL认证的web服务的邮件服务器

下面对postfix邮件服务器的具体构建、以及各部分的测试过程进行详述：

一、安装前的准备工作

为了实现完整的邮件服务器功能，我们需要具有解析本域邮件服务器功能的DNS Server，具体过程不再赘述，可以参考作者博文：《Linux下DNS服务器搭建详解》http://evolution.blog.51cto.com/3343305/643520

1.安装所需的rpm包

yum install -y httpd php php-mysql mysql mysql-server mysql-devel openssl-devel dovecot perl-DBD-MySQL tcl tcl-devel libart_lgpl libart_lgpl-devel libtool-ltdl libtool-ltdl-devel
#为了降低搭建过程的复杂程度，这里作者将非必须编译安装的软件使用yum源来安装

2.关闭sendmail，并卸载

service sendmail stop
chkconfig sendmail off
rpm -e --nodeps sendmail
#卸载sendmail防止影响后面postfix的安装工作

3.安装编译安装时需要用到的开发包组

yum -y groupinstall "Development Libraries" "Development Tools" "Legacy Software Development" "X Software Development"

4.启动Mysql数据库，并设置密码

service mysqld start
chkconfig mysqld on
/usr/bin/mysql
mysql>SET PASSWORD FOR root@'localhost'=PASSWORD('redhat');
mysql>SET PASSWORD FOR root@'127.0.0.1'=PASSWORD('redhat');
#设置本地登录密码
mysql>GRANT ALL PRIVILEGES ON *.* TO root@'%' IDENTIFIED BY 'redhat';
#设置远程登陆密码
mysql>FLUSH PRIVILEGES;
mysql>quit

5.启动SASL并加入开机启动

service saslauthd start
chkconfig saslauthd on

二、安装配置Postfix

1.编译安装

groupadd -g 2525 postfix
useradd -g postfix -u 2525 -s /sbin/nologin -M postfix
groupadd -g 2526 postdrop
useradd -g postdrop -u 2526 -s /bin/false -M postdrop
#创建postfix用户
tar zxvf postfix-2.6.5.tar.gz
cd postfix-2.6.5
make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl  -DUSE_TLS ' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib/sasl2 -lsasl2   -lssl -lcrypto'
#编译选项：gcc的编译选项；mysql头文件；支持sasl认证；cyrus_sasl的头文件；mysql的客户端；指明auxlibs的位置
make
make install

以下是安装时提示输入的内容，“[]”中为默认值
install_root: [/] /
tempdir: [/usr/local/src/ postfix-2.6.5] /tmp
config_directory: [/etc/postfix] /etc/postfix
daemon_directory: [/usr/libexec/postfix]
command_directory: [/usr/sbin]
queue_directory: [/var/spool/postfix]
sendmail_path: [/usr/sbin/sendmail]
newaliases_path: [/usr/bin/newaliases]
mailq_path: [/usr/bin/mailq]
mail_owner: [postfix]
setgid_group: [postdrop]
html_directory: [no] /var/www/postfix_html
manpages: [/usr/local/man]
readme_directory: [no]

编译安装完成后

newaliases
生成别名二进制文件，这个步骤如果忽略，会造成postfix效率极低。

2.配置postfix

vim /etc/postfix/main.cf
myhostname = mail.evo.com
#指定运行postfix邮件系统的主机的主机名
myorigin = evo.com
#指明发件人所在的域名
mydomain = evo.com
#邮件服务器的域名
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#指定postfix接收邮件时收件人的域名
mynetworks = 192.168.0.0/24, 127.0.0.0/8
#指定你所在的网络的网络地址
inet_interfaces
#参数指定postfix系统监听的网络接口

3.添加postfix启动脚本

vim /etc/init.d/postfix

#!/bin/bash
. /etc/rc.d/init.d/functions
. /etc/sysconfig/network
[ ${NETWORKING} = "no" ] && exit 0

[ -x /usr/sbin/postfix ] || exit 0
[ -d /etc/postfix ] || exit 0
[ -d /var/spool/postfix ] || exit 0

RETVAL=0
prog="postfix"

start() {
    # Start daemons.
    echo -n $"Starting postfix: "
        /usr/bin/newaliases >/dev/null 2>&1
    /usr/sbin/postfix start 2>/dev/null 1>&2 && success || failure $"$prog start"
    RETVAL=$?
    [ $RETVAL -eq 0 ] && touch /var/lock/subsys/postfix
        echo
    return $RETVAL
}

stop() {
        # Stop daemons.
    echo -n $"Shutting down postfix: "
    /usr/sbin/postfix stop 2>/dev/null 1>&2 && success || failure $"$prog stop"
    RETVAL=$?
    [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/postfix
    echo
    return $RETVAL
}

reload() {
    echo -n $"Reloading postfix: "
    /usr/sbin/postfix reload 2>/dev/null 1>&2 && success || failure $"$prog reload"
    RETVAL=$?
    echo
    return $RETVAL
}

abort() {
    /usr/sbin/postfix abort 2>/dev/null 1>&2 && success || failure $"$prog abort"
    return $?
}

flush() {
    /usr/sbin/postfix flush 2>/dev/null 1>&2 && success || failure $"$prog flush"
    return $?
}

check() {
    /usr/sbin/postfix check 2>/dev/null 1>&2 && success || failure $"$prog check"
    return $?
}

restart() {
    stop
    start
}

# See how we were called.
case "$1" in
  start)
    start
    ;;
  stop)
    stop
    ;;
  restart)
    stop
    start
    ;;
  reload)
    reload
    ;;
  abort)
    abort
    ;;
  flush)
    flush
    ;;
  check)
    check
    ;;
  status)
    status master
    ;;
  condrestart)
    [ -f /var/lock/subsys/postfix ] && restart || :
    ;;
  *)
    echo $"Usage: $0 {start|stop|restart|reload|abort|flush|check|status|condrestart}"
    exit 1
esac

exit $?

chmod +x postfix
#给脚本执行权限
chkconfig --add postfix
#添加默认2345运行级别随系统启动
service postfix start
#启动postfix

4.测试postfix，验正服务启动状况

>telnet 192.168.0.71 25
Trying 192.168.0.71...
Connected to station71.redhat_hu.com (192.168.0.71).
Escape character is '^]'.
220 mail.evo.com ESMTP Postfix
>ehlo mail.evo.com
250-mail.evo.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
>mail from:root@evo.com
250 2.1.0 Ok
>rcpt to:root@evo.com
250 2.1.5 Ok
>data
354 End data with .
>subject:test
>test 123...
>.
250 2.0.0 Ok: queued as 7AAD51B803D
>quit
221 2.0.0 Bye
Connection closed by foreign host.
You have mail in /var/spool/mail/root
#已有提示收到测试邮件
>mail
#查看邮箱
Mail version 8.1 6/6/93.  Type ? for help.
"/var/spool/mail/root": 1 message 1 new
N  1 root@evo.com          Sun Aug 14 20:03  15/481   "test"

三、为postfix开启基于cyrus-sasl的认证功能

1.编辑postfix配置文件

vi /etc/postfix/main.cf
添加以下内容：
broken_sasl_auth_clients = yes
#定义是否允许突破sasl认证
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination
smtpd_sasl_auth_enable = yes
#启动sasl认证
smtpd_sasl_local_domain = $myhostname
#本域名定义
smtpd_sasl_security_options = noanonymous
#不支持匿名
smtpd_sasl_application_name = smtpd
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version has been hidden!
#隐藏版本信息

2.编辑stmtpd服务配置文件

vim /usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
#密码检验方法为sasl认证
mech_list: PLAIN LOGIN

3.重启postfix服务

service postfix restart

4.测试SASL认证

>telnet 192.168.0.71 25
Trying 192.168.0.71...
Connected to station71.redhat_hu.com (192.168.0.71).
Escape character is '^]'.
220 Welcome to our mail.evo.com ESMTP,Warning: Version has been hidden.
>ehlo mail.evo.com
250-mail.evo.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
#有以上两行说明CYRUS-SASL认证添加成功
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
>quit
221 2.0.0 Bye
Connection closed by foreign host.

四、安装Courier authentication library

注意：请确保安装libtool-ltdl，libtool-ltdl-devel不然编译过程会报错

1.编译安装Courier auth

tar jxvf courier-authlib-0.62.4.tar.bz2
cd courier-authlib-0.62.4
./configure --prefix=/usr/local/courier-authlib --sysconfdir=/etc --with-authmysql --with-mysql-libs=/usr/lib/mysql --with-mysql-includes=/usr/include/mysql --with-redhat --with-authmysqlrc=/etc/authmysqlrc --with-authdaemonrc=/etc/authdaemonrc CFLAGS="-march=i686 -O2 -fexpensive-optimizations"   CXXFLAGS="-march=i686 -O2 -fexpensive-optimizations"
make
make install

2.编辑配置文件

chmod 755 /usr/local/courier-authlib/var/spool/authdaemon
cp /etc/authdaemonrc.dist  /etc/authdaemonrc
cp /etc/authmysqlrc.dist  /etc/authmysqlrc

vim /etc/authdaemonrc
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=10
#修改这3行
vim /etc/authmysqlrc
MYSQL_SERVER localhost
MYSQL_PORT 3306
#指定你的mysql监听的端口，这里使用默认的3306
MYSQL_USERNAME  extmail
#这时为后文要用的数据库的所有者的用户名
MYSQL_PASSWORD extmail
#密码
MYSQL_SOCKET  /var/lib/mysql/mysql.sock
#此行前注释去掉
MYSQL_DATABASE  extmail
MYSQL_USER_TABLE  mailbox
MYSQL_CRYPT_PWFIELD  password
MYSQL_UID_FIELD  '2525'
MYSQL_GID_FIELD  '2525'
#2525，2525 为postfix 用户的UID和GID
MYSQL_LOGIN_FIELD  username
MYSQL_HOME_FIELD  concat('/var/mailbox/',homedir)
#本地邮箱的位置
MYSQL_NAME_FIELD  name
MYSQL_MAILDIR_FIELD  concat('/var/mailbox/',maildir)

3.为courier添加启动脚本

cp courier-authlib.sysvinit /etc/init.d/courier-authlib             #courier提供的启动脚本
chmod 755 /etc/init.d/courier-authlib
chkconfig --add courier-authlib
chkconfig courier-authlib on

4.添加库文件并测试导入情况

echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf
#或添加到/etc/ld.so.conf.d/courier.conf
ldconfig -v | grep courier
#有如下显示表示库文件添加成功
/usr/local/courier-authlib/lib/courier-authlib:
    libcourierauthcommon.so -> libcourierauthcommon.so.0
    libcourierauth.so -> libcourierauth.so.0
    libcourierauthsasl.so -> libcourierauthsasl.so.0
    libcourierauthsaslclient.so -> libcourierauthsaslclient.so.0

5.启动courier-authlib服务

service courier-authlib start
#启动服务
ps aux |grep courier
#查看进程启动状态

6.创建虚拟用户邮箱目录

mkdir –pv /var/mailbox
#新建虚拟用户邮箱所在的目录，并将其权限赋予postfix用户
chown –R postfix /var/mailbox
#所有用户的邮件都在这里

7.重新修改smtpd服务配置文件，确保是如下内容

pwcheck_method: authdaemond
log_level: 3
mech_list:PLAIN LOGIN
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket
#添加这些内容进去

五、让postfix支持虚拟域和虚拟用户

1.编辑postfix配置文件，添加如下内容于配置文件末行

vim /etc/postfix/main.cf
virtual_mailbox_base = /var/mailbox
#指明虚拟用户邮件目录
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again later.
virtual_overquota_bounce = yes

2.添加extmail数据进mysql数据库

tar zxvf  extman-1.1.tar.gz
cd extman-1.1/docs
mysql -u root -p
#添加extmail.sql数据库到mysql
mysql -u root -p
#添加init.sql数据库到mysql
cp mysql*  /etc/postfix/

3.授予用户extmail访问extmail数据库的权限

mysql> GRANT all privileges on extmail.* TO extmail@localhost IDENTIFIED BY 'extmail';
mysql> GRANT all privileges on extmail.* TO extmail@127.0.0.1 IDENTIFIED BY 'extmail';

4.在此修改postfix配置文件

为了支持虚拟用户，需要对/etc/postfix/main.cf即postfix的配置文件做如下修改：

虚拟域以后，需要取消中心域，注释掉myhostname, mydestination, mydomain, myorigin，mydestionation几个指令。

六、配置Dovecot

1.编辑dovecot主配置文件

vim /etc/dovecot.conf
mail_location = maildir:/var/mailbox/%d/%n/Maildir
#修改此项
auth default {
    mechanisms = plain
#pam {xxxxxxxx}                                                                                             #注意把pam{}这一项注释掉
 passdb sql {
        args = /etc/dovecot-mysql.conf                              #添加此项
    }
    userdb sql {
        args = /etc/dovecot-mysql.conf                              #添加此项
    }

2.编辑dovecot与mysql关联的配置文件

vim /etc/dovecot-mysql.conf
driver = mysql
connect = host=localhost dbname=extmail user=extmail password=extmail
default_pass_scheme = CRYPT
password_query = SELECT username AS user,password AS password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, uidnumber AS uid, gidnumber AS gid FROM mailbox WHERE username = '%u'

3.启动dovecot服务

service dovecot start
chkconfig dovecot on

七、安装Extmail

1.解压安装

tar zxvf extmail-1.2.tar.gz
mkdir -pv /var/www/extsuite
mv extmail-1.2 /var/www/extsuite/extmail
cp /var/www/extsuite/extmail/webmail.cf.default  /var/www/extsuite/extmail/webmail.cf
#复制配置文件

2.修改主配置文件

SYS_MESSAGE_SIZE_LIMIT = 5242880
#用户可以发送的最大邮件
SYS_USER_LANG = zh_CN
#语言选项选择中文
SYS_MAILDIR_BASE = /var/mailbox
#修改邮件的存放目录
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
#以上两句句用来设置连接数据库服务器所使用用户名、密码和邮件服务器用到的数据库
SYS_MYSQL_HOST = localhost
#使用默认选项
SYS_MYSQL_TABLE = mailbox
SYS_MYSQL_ATTR_USERNAME = username
SYS_MYSQL_ATTR_DOMAIN = domain
SYS_MYSQL_ATTR_PASSWD = password
#以上用来指定验正用户登录里所用到的表，以及用户名、域名和用户密码分别对应的表中列的名称；使用默认值
SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket
#此句用来指明authdaemo socket文件的位置

3.配置apache虚拟主机

vim /etc/httpd/conf/httpd.conf
User postfix
Group postfix
#修改这两项
#DocumentRoot "/var/www/html"
#注释此项
NameVirtualHost *:80
#启用此项

ServerName mail.test.com
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html

"/var/www/extsuite/extmail/html/">
    Order allow,deny
    Allow from all

#添加权限

 

4.解决extmail的依赖关系

tar zxvf Unix-Syslog-0.100.tar.gz
cd Unix-Syslog-0.100
perl Makefile.PL
make
make install
#编译安装Unix-Syslog

5.修改 cgi执行文件权限，启动httpd

chown -R postfix.postfix /var/www/extsuite/extmail/cgi/
service httpd start
chkconfig httpd on

八、安装Extman

1.安装extman

tar zxvf  extman-1.1.tar.gz
mv extman-1.1 /var/www/extsuite/extman

2.编辑extman的配置文件

cp /var/www/extsuite/extman/webman.cf.default  /var/www/extsuite/extman/webman.cf
vim /var/www/extsuite/extman/webman.cf
SYS_MAILDIR_BASE = /var/mailbox
#用户邮件的存放目录
SYS_CAPTCHA_ON = 0
#关闭验证码功能
SYS_DEFAULT_UID=2525
SYS_DEFAULT_UID=2525
#将虚拟用户映射本地用户2525以下载邮件

3.修改apache配置文件

在上文虚拟主机配置字段中添加如下两行

ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi
Alias /extman /var/www/extsuite/extman/html

4.修改权限，使postfix能够使用Ext族组件

chown -R postfix.postfix /var/www/extsuite

5.创建运行时所需的临时文件

mkdir  -pv  /tmp/extman
chown postfix.postfix  /tmp/extman

九、图形化日志启用

1.按照如下安装顺序安装以下3个软件包

tar zxvf Time-HiRes-1.9707.tar.gz
cd Time-HiRes-1.9707
perl Makefile.PL
make
make test
make install
#安装time-hires
tar zxvf File-Tail-0.99.3.tar.gz
cd File-Tail-0.99.3
perl Makefile
make
make test
make install
#安装file-tail
tar zxvf rrdtool-1.4.5.tar.gz
cd rrdtool-1.4.5
./configure --prefix=/usr/local/rrdtool
make
make install
#安装rrdtool

2.创建必须得符号链接

ln -vs /usr/local/rrdtool/lib/perl/5.8.8/i386-linux-thread-multi/auto/RRDs/RRDs.so /usr/lib/perl5/5.8.8/i386-linux-thread-multi/
ln -vs /usr/local/rrdtool/lib/perl/5.8.8/RRDp.pm /usr/lib/perl5/5.8.8/
ln -vs /usr/local/rrdtool/lib/perl/5.8.8/i386-linux-thread-multi/RRDs.pm /usr/lib/perl5/5.8.8/

3.调整文件并启动服务

cp -r /var/www/extsuite/extman/addon/mailgraph_ext  /usr/local
#复制mailgraph_ext到/usr/local
/usr/local/mailgraph_ext/mailgraph-init start
#启动服务
 /var/www/extsuite/extman/daemon/cmdserver --daemon
#启动cmdserver在后台显示系统信息

echo “/usr/local/mailgraph_ext/mailgraph-init start” >> /etc/rc.d/rc.local
echo “/var/www/extsuite/extman/daemon/cmdserver -v -d” >> /etc/rc.d/rc.local
#添加这两条，使其能够在系统初始化完成后实行启动脚本

 到此我们的配置就已经完成了，由于作者使用的是VMware虚拟机故这里将物理机首选DNS指向虚拟机ip，浏览器中输入邮件服务器域名即可登入。

首次登陆：使用管理员账号/密码

管理帐号为：[email protected]  密码为：extmail*123*

 

 图形化统计日志

 

 Ps：此时，只能在本域中发送邮件；若要实现向外域发送邮件的功能，在DNS配置文件中添加转发即可。