Postfix+Dovecot+LAMP+Extmail搭建web邮件系统(二)

一、邮件解决方案的软件组成：

二、DNS环境的搭建/配置：

三、LAMP环境的搭建：

四、Postfix 、Dovecot环境的搭建/配置 ：

五、SMTP认证环境的搭建/配置 ：

六、Maildrop的安装/配置：

七、Extmail & Extman 环境的搭建/配置 ：

八、trouble shooting：

九、邮件收发测试：

Postfix 、Dovecot环境的搭建/配置 ：

编译安装Postfix:由于系统自带的Postfix不支持mysql扩展，因此需要自己编译安装

# service sendmail stop                 //关闭并卸载自带的sendmail服务
# rpm -e sendmail --nodeps
# rpm -ivh postfix-2.3.3-6.el5.src.rpm
# cd /usr/src/redhat/SPECS
# vi postfix.spec
%define LDAP 2
%define MYSQL 1                         //添加Mysql的支持(默认已注释)
%define PCRE 1
%define SASL 2
%define TLS 1
%define IPV6 1
%define POSTDROP_GID 90
%define PFLOGSUMM 1
# rpmbuild -bb postfix.spec
# cd ../RPMS/x86_64
# rpm -ivh postfix-2.3.3-6.x86_64.rpm
# vi /etc/postfix/main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = mail.xfcy.org
mydomain = xfcy.org
myorigin = $mydomain
inet_interfaces = all
mydestination =
unknown_local_recipient_reject_code = 550
mynetworks = 192.168.0.0/24, 127.0.0.0/8
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
# chkconfig postfix on
# /etc/init.d/postfix start

Postfix邮件的外发测试：

# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.xfcy.org ESMTP Postfix
ehlo mail.xfcy.org
250-mail.xfcy.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
250 2.1.5 Ok
data
354 End data with .
subject:test
postfix test
.
250 2.0.0 Ok: queued as 5212B96E83
quit
221 2.0.0 Bye
Connection closed by foreign host.
# tailf /var/log/maillog
May 17 12:52:50 mail postfix/smtpd[15176]: connect from mail.xfcy.org[192.168.0.89]
May 17 12:53:04 mail postfix/smtpd[15176]: DF4B796E26: client=mail.xfcy.org[192.168.0.89]
May 17 12:53:15 mail postfix/cleanup[15210]: DF4B796E26: message-id=<[email protected]>
May 17 12:53:15 mail postfix/qmgr[3050]: DF4B796E26: from=, size=379, nrcpt=1 (queue active)
May 17 12:53:16 mail postfix/smtp[15214]: DF4B796E26: host 163mx03.mxmail.netease.com[220.181.14.159] said: 451 DT:SPM mx44, XsCowEBpUEu7t5VRWqdEAw--.1675S2, please try again 1368766395 http://mail.163.com/help/help_spam_16.htm?ip=210.13.194.138&hostid=mx44&time=1368766395 (in reply to end of DATA command)
May 17 12:53:17 mail postfix/smtp[15214]: DF4B796E26: to=, relay=163mx01.mxmail.netease.com[220.181.14.139]:25, delay=16, delays=14/0.02/1.6/0.24, dsn=2.0.0, status=sent (250 Mail OK queued as mx10,PMCowEBJElK8t5VRT8XKFQ--.914S2 1368766396)
May 17 12:53:17 mail postfix/qmgr[3050]: DF4B796E26: removed
May 17 12:53:23 mail postfix/smtpd[15176]: disconnect from mail.xfcy.org[192.168.0.89]

安装配置Dovecot：

# yum -y install dovecot
# vi /etc/dovecot.conf
mail_location = maildir:/var/maildata/domains/%d/%n/Maildir
auth default {
  mechanisms = plain
   #把pam { }这一项注释掉
  passdb sql {
    args = /etc/dovecot-mysql.conf
  }
  userdb passwd {
  }
  userdb sql {
        args =/etc/dovecot-mysql.conf
  }
  user = root
}
# vi /etc/dovecot-mysql.conf                                        //创建mysql认证文件
driver = mysql
connect = host=localhost dbname=extmail user=extmail password=extmail
default_pass_scheme = CRYPT
password_query = SELECT username AS user,password AS password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, uidnumber AS uid,gidnumber AS gid FROM mailbox WHERE username = '%u'
# chkconfig dovecot on
# /etc/init.d/dovecot start
# netstat -lntp | grep dovecot
tcp        0      0 :::993                      :::*                        LISTEN      5033/dovecot       
tcp        0      0 :::995                      :::*                        LISTEN      5033/dovecot       
tcp        0      0 :::110                      :::*                        LISTEN      5033/dovecot       
tcp        0      0 :::143                      :::*                        LISTEN      5033/dovecot

SMTP认证环境的搭建/配置:

配置cyrus-sasl认证：
# yum -y install cyrus-sasl
# postconf -a
cyrus
dovecot
# vi /etc/postfix/main.cf                   //为postfix开启基于cyrus-sasl的认证功能
##====================SASL========================
smtpd_recipient_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unauth_destination,
        reject_unauth_pipelining,
        reject_invalid_hostname,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain
# SMTP sender login matching config
smtpd_sender_restrictions =
        permit_mynetworks,
        reject_sender_login_mismatch
# SMTP AUTH config here
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
# banner
mail_name = Postfix - by xfcy.org
smtpd_banner = Welcome to $myhostname ESMTP , $mail_name
# service postfix restart
# telnet localhost 25
Trying 192.168.0.89...
Connected to mail.xfcy.org (192.168.0.89).
Escape character is '^]'.
220 Welcome to mail.xfcy.org ESMTP , Postfix - by xfcy.org
ehlo mail.xfcy.org
250-mail.xfcy.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN                    //出现以下两行表示cyrus-sasl认证添加成功
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
安装Courier-Authlib：
# tar jxvf courier-authlib-0.62.4.tar.bz2
# cd courier-authlib-0.62.4
# ./configure --prefix=/usr/local/courier-authlib --without-stdheaderdir --without-authuserdb --without-authpam --without-authldap --without-authpwd --without-authshadow --without-authvchkpw --without-authpgsql --without-authcustom --with-authmysql --with-redhat
# make
# make install
# make install-configure
# echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf
# ldconfig
# ldconfig -v | grep courier
/usr/local/courier-authlib/lib/courier-authlib:
        libcourierauthsasl.so -> libcourierauthsasl.so.0
        libcourierauthsaslclient.so -> libcourierauthsaslclient.so.0
        libcourierauth.so -> libcourierauth.so.0
        libcourierauthcommon.so -> libcourierauthcommon.so.0
# cp courier-authlib.sysvinit /etc/rc.d/init.d/courier-authlib
# chmod 755 /etc/rc.d/init.d/courier-authlib
# chkconfig --add courier-authlib
# chkconfig courier-authlib on
# chmod 755 /usr/local/courier-authlib/var/spool/authdaemon/
# cp /usr/local/courier-authlib/etc/authlib/authmysqlrc /usr/local/courier-authlib/etc/authlib/authmysqlrc.bak
# vi /usr/local/courier-authlib/etc/authlib/authmysqlrc
MYSQL_SERVER            127.0.0.1
MYSQL_USERNAME          extmail
MYSQL_PASSWORD          extmail
MYSQL_SOCKET            /var/lib/mysql/mysql.sock
MYSQL_PORT              3306
MYSQL_OPT               0
MYSQL_DATABASE          extmail
MYSQL_USER_TABLE        mailbox
MYSQL_CRYPT_PWFIELD     password
MYSQL_UID_FIELD         1000
MYSQL_GID_FIELD         1000
MYSQL_LOGIN_FIELD       username
MYSQL_HOME_FIELD        concat('/var/maildata/domains/',homedir)
MYSQL_NAME_FIELD        name
MYSQL_MAILDIR_FIELD     concat('/var/maildata/domains/',maildir)
# vi /usr/local/courier-authlib/etc/authlib/authdaemonrc
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=10
authdaemonvar=/usr/local/courier-authlib/var/spool/authdaemon
DEBUG_LOGIN=0
DEFAULTOPTIONS=""
LOGGEROPTS=""
# service courier-authlib start
Starting Courier authentication services: authdaemond
# ps -ef | grep authdaemond | grep -v grep
root      9173     1  0 02:50 ?        00:00:00 /usr/local/courier-authlib/sbin/courierlogger -pid=/usr/local/courier-authlib/var/spool/authdaemon/pid -start /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root      9174  9173  0 02:50 ?        00:00:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root      9175  9174  0 02:50 ?        00:00:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root      9176  9174  0 02:50 ?        00:00:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root      9177  9174  0 02:50 ?        00:00:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root      9178  9174  0 02:50 ?        00:00:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root      9179  9174  0 02:50 ?        00:00:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root      9180  9174  0 02:50 ?        00:00:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root      9181  9174  0 02:50 ?        00:00:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root      9182  9174  0 02:50 ?        00:00:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root      9183  9174  0 02:50 ?        00:00:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root      9184  9174  0 02:50 ?        00:00:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
# vi /usr/lib64/sasl2/smtpd.conf
pwcheck_method: authdaemond
log_level: 3
mech_list:PLAIN LOGIN
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket

Maildrop的安装/配置:

# groupadd -g 1000 vgroup
# useradd -g 1000 -u 1000 -s /sbin/nologin -M vuser
# tar jxvf maildrop-2.2.0.tar.bz2
# cd maildrop-2.2.0/
# ./configure --enable-sendmail=/usr/sbin/sendmail --enable-trusted-users='root vuser' --enable-syslog=1 --enable-maildirquota --enable-maildrop-uid=1000 --enable-maildrop-gid=1000 --with-trashquota --with-dirsync
# make && make install
# vi /etc/postfix/master.cf
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vuser argv=/usr/local/bin/maildrop -w 90 -d ${user}@${nexthop} ${recipient} ${user} ${extension} {nexthop}
//flags前面有"两个空格"
# vi /etc/postfix/main.cf
maildrop_destination_recipient_limit = 1
# maildrop -v                                                   //测试maildrop对authlib支持
maildrop 2.1.0 Copyright 1998-2005 Double Precision, Inc.
GDBM/DB extensions enabled.
Maildir quota extension enabled.
This program is distributed under the terms of the GNU General Public
License. See COPYING for additional information.

如果maildrop使用RPM包安装时，会自动创建vuser用户及vgroup用户组，专门用于邮件的存储，vuser:vgroup的uid/gid都是1000，这与一般的邮件文档中提及用postfix用户存邮件不一样。因为postfix用户的uid一般都低于500，而Suexec模块编译时对UID/GID的要求是要大于500，因此使用postfix用户不能满足要求。其次，如果用Maildrop作为投递代理（MDA），以postfix身份投递的话，会导致postfix MTA错误。