Postfix邮件服务器架构

 用alternatives --display mta 查看一下自己的默认MTA

# alternatives --display mta
mta - 状态是自动。
 链接目前指向 /usr/sbin/sendmail.sendmail
/usr/sbin/sendmail.sendmail - 优先度 90
 从 mta-mailq：/usr/bin/mailq.sendmail
 从 mta-newaliases：/usr/bin/newaliases.sendmail
 从 mta-rmail：/usr/bin/rmail.sendmail
 从 mta-sendmail：/usr/lib/sendmail.sendmail
 从 mta-pam：/etc/pam.d/smtp.sendmail
 从 mta-sendmailman：/usr/share/man/man8/sendmail.sendmail.8.gz
 从 mta-mailqman：/usr/share/man/man1/mailq.sendmail.1.gz
 从 mta-newaliasesman：/usr/share/man/man1/newaliases.sendmail.1.gz
 从 mta-aliasesman：/usr/share/man/man5/aliases.sendmail.5.gz
当前“最佳”版本是 /usr/sbin/sendmail.sendmail。

我的邮件系统默认为sendmail，我们需要的是Postfix。 

关闭sendmail服务。

因为系统运行需要邮件服务，Postfix没安装啊前，暂时不用#rpm -e sendmail卸载此邮件服务

# service sendmail stop
关闭 sm-client：[确定]
关闭 sendmail：[确定]
# chkconfig sendmail off

Postfix最新版本为 Postfix 2.9 experimental release，我们下载稳定版本Postfix 2.8 stable release

# wget http://postfix.it-austria.net/releases/official/postfix-2.8.4.tar.gz

!!!安装数据库

在安装Postfix2.8时，需要指定数据库的位置，我们先来下载安装最新的Mysql-5.5.14

# wget http://dev.mysql.com/get/Downloads/MySQL-5.5/mysql-5.5.14.tar.gz/from/http://mysql.stu.edu.tw/

安装一下Mysql所依赖的软件gcc gcc-c++ autoconf automake zlib* libxml* ncurses-devel libmcrypt* libtool* expect

# yum -y install gcc gcc-c++ autoconf automake zlib* libxml* ncurses-devel libmcrypt* libtool* expect

创建Mysql安装目录及数据存放目录

# mkdir /usr/local/mysql
# mkdir /var/mysqldata

创建用户和组

# groupadd mysql
# useradd -g mysql mysql

赋予数据存放的权限

# chown mysql.mysql -R /var/mysqldata/

安装cmake

我用的是最新的Mysql-5.5.14，Mysql5.5以后是用cmake来编译的，我们下载并安装cmake

# wget http://www.cmake.org/files/v2.8/cmake-2.8.5.tar.gz
# tar zxvf cmake-2.8.5.tar.gz
# cd cmake-2.8.5
# ./configure
# make && make install

安装Bison

看M4安装的位置并写入环境变量

# whereis m4
# vi /etc/exports
PATH=$PATH:/usr/bin/m4

下载并安装Bison

# wget ftp://mirrors.kernel.org/gnu/bison/bison-2.5.tar.gz
# tar zxvf bison-2.5.tar.gz
# cd bison-2.5
# ./configure --prefix=/usr/local/bison --with-libiconv-prefix=/usr/local/lib
# make
# make install

添加Bison到环境变量并刷新环境变量(或 yum -y install bison)

# vi /etc/exports
PATH=$PATH:/usr/bin/bison
# source /etc/exports

安装Mysql

# tar zxvf mysql-5.5.14.tar.gz
# cd mysql-5.5.14
# cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql \
-DMYSQL_UNIX_ADDR=/var/mysqldata/mysql.sock \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci \
-DWITH_EXTRA_CHARSETS:STRING=utf8,gbk \
-DWITH_MYISAM_STORAGE_ENGINE=1 \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_READLINE=1 \
-DENABLED_LOCAL_INFILE=1 \
-DMYSQL_DATADIR=/var/mysqldata \
-DMYSQL_TCP_PORT=3306
# make
# make install

复制配置文件

# cp support-files/my-medium.cnf /etc/my.cnf

初始化数据

初始化前需要赋值给scripts/mysql_install_db执行权限

# chmod 755 scripts/mysql_install_db
# scripts/mysql_install_db --user=mysql --basedir=/usr/local/mysql/ --datadir=/var/mysqldata/

设置开机启动Mysql

# cp support-files/mysql.server /etc/init.d/mysql
# chmod 755 /etc/init.d/mysql
# chkconfig mysql on

为Mysql添加环境变量并添加两个别名方便开启(#source /etc/profile 刷新后起效)

# vi /etc/profile
export PATH=/usr/local/mysql/bin:$PATH
alias mysql_start="mysqld_safe &"
alias mysql_stop="mysqladmin –u root -p shutdown"

启动Mysql

# /etc/init.d/mysql start

设置密码

数据库的密码开始为空

# /usr/local/mysql/bin/mysqladmin -u root -p password

 !!!安装Postfix

为Postfix添加用户和组

# groupadd -g 2525 postfix
# useradd -g postfix -u 2525 -s /sbin/nologin -M postfix
# groupadd -g 2526 postdrop
# useradd -g postdrop -u 2526 -s /bin/false -M postdrop

安装以下开发所用到的rpm包组

#yum groupinstall -y "Development Libraries"  "Development Tools" "Legacy Software Development"  "X Software Development"

启动saslauth认证并加入自动启动中

# service saslauthd start
# chkconfig saslauthd on

 

安装Postfix

# tar zxvf postfix-2.8.4.tar.gz
# cd postfix-2.8.4
# make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl  -DUSE_TLS ' 'AUXLIBS=-L/usr/local/mysql/lib -lmysqlclient -lz -lm -L/usr/lib/sasl2 -lsasl2   -lssl -lcrypto'
# make
# make install

 在安装的时候如果报 bin/postconf: error while loading shared libraries: libmysqlclient.so.18: cannot open shared object file: No such file or directory

# vi /etc/ld.so.conf
/usr/local/mysql/lib
# ldconfig

我的安装选项 默认也行

install_root: [/] /
tempdir: [/usr/local/src/postfix-2.8.4] /tmp
config_directory: [/etc/postfix]
command_directory: [/usr/sbin]
daemon_directory: [/usr/libexec/postfix]
data_directory: [/var/lib/postfix]
html_directory: [no]
mail_owner: [postfix]
mailq_path: [/usr/bin/mailq]
manpage_directory: [/usr/local/man]
newaliases_path: [/usr/bin/newaliases]
queue_directory: [/var/spool/postfix]
readme_directory: [no]
sendmail_path: [/usr/sbin/sendmail]
setgid_group: [postdrop]

（注意）生成别名二进制文件，这个步骤如果忽略，会造成postfix效率极低：

#  newaliases

已经安装好postfix了，修改一下配置选项并启动测试

# vi /etc/postfix/main.cf
myhostname = mail.test.com
myorigin = test.com
mydomain = test.com
mydestination = $myhostname, localhost.$mydomain, localhost,$mydomain
mynetworks = 192.168.1.0/24, 127.0.0.0/8

说明:
myorigin参数用来指明发件人所在的域名；
mydestination参数指定postfix接收邮件时收件人的域名，即您的postfix系统要接收到哪个域名的邮件；
myhostname 参数指定运行postfix邮件系统的主机的主机名，默认情况下，其值被设定为本地机器名；
mydomain参数指定您的域名，默认情况下，postfix将myhostname的第一部分删除而作为mydomain的值；
mynetworks 参数指定你所在的网络的网络地址，postfix系统根据其值来区别用户是远程的还是本地的，如果是本地网络用户则允许其访问；
inet_interfaces 参数指定postfix系统监听的网络接口；

启动postfix

# /usr/sbin/postfix start

连接Postfix，验证服务状况

#netstat -tnlp | grep :25
tcp   0    0 0.0.0.0:25   0.0.0.0:*     LISTEN   15497/master
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.test.com ESMTP Postfix
ehlo mail.test.com     //本postfix的hostname字段；
250-mail.test.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:[email protected]   //输入发信人邮箱
250 2.1.0 Ok
rcpt to:[email protected]  //输入收信人邮箱
250 2.1.5 Ok
data                     //输入邮件数据信息
subject:Mail test!       //输入邮件主题
hello hanfeng!!!         //输入邮件内容
.                        //输入结束符.
250 2.0.0 Ok: queued as C55863E016D
quit                    //输入quit退出邮件系统
221 2.0.0 Bye
Connection closed by foreign host.
[root@station123 ~]#grep C55863E016D /var/log/maillog //查找发信状态

为postfix开启cyrus-sasl认证

使用一下命令验证Postfix是否支持cyrus-sasl认证，如果输出结果如下，则是支持的：

# /usr/sbin/postconf -a
cyrus
dovecot

# vi /etc/postfix/main.cf
添加一下内容

############################CYRUS-SASL############################
broken_sasl_auth_clients = yes

smtpd_recipient_restrictions=permit_mynetworks,  //下一行与此行为同一行，下一行开头，空一格
 permit_sasl_authenticated,reject_invalid_hostname,
 reject_non_fqdn_hostname,reject_unknown_sender_domain,
 reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,
 reject_unauth_pipelining,reject_unauth_destination

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpdsmtpd_sasl_application_name = smtpd
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!

#vi /usr/lib/sasl2/smtpd.conf
添加如下内容：

pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

重新加载Postfix

# /usr/sbin/postfix reload

下载并安装courier-authlib(CFLAGS="-march=i686 -O2 -fexpensive-optimizations" CXXFLAGS="-march=i686 -O2 -fexpensive-optimizations" 这个选项放在后面就错，没加载不知道有什么影响)

# wget http://downloads.sourceforge.net/project/courier/authlib/0.63.0/courier-authlib-0.63.0.tar.bz2?r=http%3A%2F%2Fwww.courier-mta.org%2Fdownload.php&ts=1311251851&use_mirror=ncu
# tar jxvf courier-authlib-0.63.0.tar.bz2
# cd courier-authlib-0.63.0
# ./configure --prefix=/usr/local/courier-authlib --sysconfdir=/etc --with-authmysql --with-mysql-libs=/usr/local/mysql/lib --with-mysql-includes=/usr/local/mysql/include --with-redhat --with-authmysqlrc=/etc/authmysqlrc --with-authdaemonrc=/etc/authdaemonrc
# make
# make install

 

 

# chmod 755 /usr/local/courier-authlib/var/spool/authdaemon
# cp /etc/authdaemonrc.dist  /etc/authdaemonrc
# cp /etc/authmysqlrc.dist  /etc/authmysqlrc
# vi /etc/authdaemonrc
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=10
# vi /etc/authmysqlrc                  为以下内容，其中2525，2525 为postfix 用户的UID和GID。
    MYSQL_SERVER localhost
    MYSQL_PORT 3306                   (指定你的mysql监听的端口，这里使用默认的3306)
    MYSQL_USERNAME  extmail           (这时为后文要用的数据库的所有者的用户名)
    MYSQL_PASSWORD extmail            (密码)
    MYSQL_SOCKET  /var/mysqldata/mysql.sock
    MYSQL_DATABASE  extmail
    MYSQL_USER_TABLE  mailbox
    MYSQL_CRYPT_PWFIELD  password
    MYSQL_UID_FIELD  '2525'
    MYSQL_GID_FIELD  '2525'
    MYSQL_LOGIN_FIELD  username
    MYSQL_HOME_FIELD  concat('/var/mailbox/',homedir)
    MYSQL_NAME_FIELD  name
    MYSQL_MAILDIR_FIELD  concat('/var/mailbox/',maildir)
    ！！！保证此文件的内容不能有错，否则不能启用postfix与mysql的连接；

# cp courier-authlib.sysvinit /etc/init.d/courier-authlib
# chmod 755 /etc/init.d/courier-authlib
# chkconfig --add courier-authlib
# chkconfig --level 2345 courier-authlib on
#echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf
# ldconfig -v
# service courier-authlib start   (启动服务)
 Starting Courier authentication services: authdaemond （可信的, 可靠的）