部署开源邮件系统?推荐使用国产的Extmail邮件系统,ExtMail Project 是一个活跃的开源邮件系统项目,目前由ExtMail 团队维护,该项于2005年9月18日正式启动,最初以WebMail软件为主,至今已逐步形成了ExtMail软件系列,目前ExtMail 1.3 已经在开发中,期待中!
一 部署Extmail前
- 1 整个 extmail邮件系统,是由多个软件构成的:
- 软件名称 功能 (注意:没有列出反垃圾邮件软件与杀毒软件)
- ExtMan Web帐户管理后台(含mailgraph_ext 图形日志分析)
- ExtMail WebMail(perl 程序)
- Apache Web服务器(MUA 通过浏览器收发邮件)
- Postfix SMTP服务器,邮件传输代理(MTA)
- Maildrop 邮件投递代理(MDA)
- Courier-imap IMAP和POP3 服务器
- Cyrus-sasl2 标准的SASL实现库,可以支持Courier Cyrus SMTP认证库
- Courier-authlib 负责courier-imap,maildrop的认证 Courier 数据认证库(mysql)
- MySQL 数据库,储存虚拟(域|用户|别名)等信息.
- 2 确定postfix 支持的smtp认证方式,与支持的查询表(必须包含mysql格式)
- smtp 认证方式
- postconf -a
- cyrus (sasl库)
- dovecot
- 支持的查询表
- postconf -m
- btree
- cidr
- environ
- hash
- ldap
- mysql (包含mysql)
- nis
- pcre
- proxy
- regexp
- static
- tcp
- unix
- 注意: redhat/centos 自带的postfix不支持mysql方式的查询表,所以你可能需要以源码的方式重新安装postfix 并且开启mysql支持!!!
- 3 extmail 发信,收信,(web登陆)认证逻辑图
- +++++++++++++++++++++++++++++++++++++++++++++++++
- + smtp/25 + po3/110 + http/80 +
- + postfix + courier-imap + apache +
- +++++++++++++++++++++++++++++++++++++++++++++++++
- + cyrus-sasl2 +
- +++++++++++++++++++++++++++++++++++++++++++++++++
- + courier-authlib +
- +++++++++++++++++++++++++++++++++++++++++++++++++
- + mysql +
- +++++++++++++++++++++++++++++++++++++++++++++++++
- 3.1 smtp认证流程
- smtp/25
- postfix
- | <-- smtp 认证
- cyrus-sasl2
- | <-- smtpd.conf 配置文档(设置了authdaemond的Unix套接字的路径)
- courier-authlib
- | <-- authmysqlrc 配置文档(设置了mysql相关信息)
- mysql
- | -- I:储存虚拟(域|用户|别名)等信息.
- 3.2 smtp认证 相关的配置文档
- postfix
- 10.0.100.88 [~]$ rpm -qf /usr/lib64/sasl2/smtpd.conf
- postfix-2.6.2-5hzq
- 10.0.100.88 [~]$ cat /usr/lib64/sasl2/smtpd.conf
- pwcheck_method: authdaemond
- log_level: 3
- mech_list: PLAIN LOGIN
- authdaemond_path:/var/spool/authdaemon/socket
- ---------------------------------------------------------------
- pwcheck_method SASL 库 auxprop(默认值)
- (描述:空格分隔开的用来效验密码的机制列表,值可能是 sasl_checkpass,auxprop,
- saslauthd,pwcheck,authdaemond【如果编译时添加了 --with-authdaemond 】
- mech_list SASL 库 使用所有有效插件
- (描述:空格分隔开的允许使用的机制的列表,比如:'plain otp'。用来在安装的插件
- 中限制出一个可用机制的子集。)
- authdaemond_path SASL 库 /dev/null(默认值)
- (描述:Courier-authlib 的 authdaemond 的 Unix 套接字的路径。仅当 pwcheck_method 设
- 置为 authdaemond 时可用。)
- -------------------------------------------------------------------
- courier-authlib
- 10.0.100.88 [~]$ rpm -qf /var/spool/authdaemon/socket
- courier-authlib-0.62.4-2hzq
- 10.0.100.88 [~]$ cat /etc/authlib/authmysqlrc
- MYSQL_SERVER localhost
- MYSQL_USERNAME extmail
- MYSQL_PASSWORD xmall.com
- MYSQL_SOCKET /var/lib/mysql/mysql.sock
- MYSQL_PORT 3306
- ...................................
- 4 了解 postfix 的查询表
- postfix 有许多的重要参数(main.cf)都需要能够查询其对应关系,将所有的对应关系保存在另外一个文件 "查询表"
- 查询表格式:
- 查询表的原始数据来自简单的文本文件,文件的每一行定义一组 "key_value" 对应关系,key 与 value
- 以空白隔开,例如:
- cat /etc/postfix/local_in_senders
- [email protected] local_in_only
- [email protected] local_in_only
- postmap命令创建查询表的数据库文件
- postmap /etc/postfix/local_in_senders
- file /etc/postfix/local_in_senders.db
- /etc/postfix/local_in_senders.db: Berkeley DB (Hash, version 8, native byte-order)
- postfix 默认的查询表数据格式为hash
- postconf | grep 'default_database_type'
- default_database_type = hash
- 当将查询表赋值给相关参数时,则必须指出查询表的数据库类型,例如:
- postconf | grep 'hash:/'
- alias_database = hash:/etc/aliases
- alias_maps = hash:/etc/aliases, nis:mail.aliases
- 查询表的特例-别名文件
- 由于别名文件的格式不同于postfix 其它的postfix 查询表,所以不能使用postmap 创建别名的数据库文件,而应该使用postalias/newalias;
- 别名文件位置:alias_maps = hash:/etc/aliases, nis:mail.aliases
- 别名文件格式:
- grep -vE '(^$|^#)' /etc/aliases | head -n 3
- mailer-daemon: postmaster
- postmaster: root
- bin: root
- daemon: root
- 5 linux系统 用 32位 还是 64位?
- 如果邮件比较少,邮件操作系统压力不大的话,32位或者64位都可以,只不过部署extmail(源码)时要区分一下,比如:
- i386
- /usr/lib/sasl2/smtpd.conf
- /usr/lib/mysql/
- x86_64
- /usr/lib64/sasl2/smtpd.conf
- /usr/lib64/mysql/
- 6 linux系统硬盘分区
- 建议 /var /home 单独分区,原因有两个
- 1 因为extman 与 extmail都是以 /home/domains作为基础目录
- 2 /var/log/maillog 邮件日志; /var/spool/postfix 邮件队列
- 10.0.100.88 [xmall.com]$ pwd
- /home/domains/xmall.com
- 10.0.100.88 [xmall.com]$ du -sh *
- 120K zm1
- 436M zm2
- 10.0.100.88 [xmall.com]$ ll
- total 8
- drwx------ 3 vuser vgroup 4096 Dec 19 16:00 zm1
- drwx------ 3 vuser vgroup 4096 Dec 19 16:00 zm2
- 7 安装依赖rpm包 (这里使用了本地cdrom源,如果你不是本地yum源,请直接yum install 后边的rpm包)
- yum --disablerepo=\* --enablerepo=c5-media install httpd php php-mysql mysql mysql-server mysql-devel openssl-devel perl-DBD-MySQL tcl tcl-devel libart_lgpl libart_lgpl-devel libtool-ltdl libtool-ltdl-devel expect
二 部署Extmail
Extmail 官方wiki 写的非常详细,所以这里连接了Extmail 官方Wiki,需要注意的是wiki文档以 CentOS-5.x-i386平台上安装,如果你我一样使用的 X86_64 的 Centos/RHEL则可能会遇到一些小问题!
1 extmail_solution概述
2 操作系统安装
3 制作_yum_仓库 (x86_64 请下载EMOS_1.5_x86_64.iso)
4 配置mta-postfix
5 配置courier-authlib
6 配置maildrop
7 配置Apache
8 配置Webmail-ExtMail
9 配置管理后台-ExtMan
10 配置Cyrus-SASL
11 配置Courier-IMAP
12 配置内容、病毒过滤
13 配置Spam Locker
14 配置DSpam
15 补充设置
可能会遇到的一些问题
- 0 防病毒,防垃圾邮件,64位系统请下载 相应64位rpm 包!
- wget http://pkgs.repoforge.org/clamav/clamav-0.97.3-1.el5.rf.x86_64.rpm
- wget http://pkgs.repoforge.org/clamav/clamd-0.97.3-1.el5.rf.x86_64.rpm
- wget http://pkgs.repoforge.org/clamav/clamav-db-0.97.3-1.el5.rf.x86_64.rpm
- 调试amavisd错误,改成第二条命令即可
- /usr/sbin/amavisd -c /etc/amavisd.conf debug
- Config file "/etc/amavisd.conf" does not exist, at /usr/sbin/amavisd line 1795.
- /usr/sbin/amavisd -c /etc/amavisd/amavisd.conf debug
- 1 maillog 日志报错
- Perl version 5.008008
- Dec 20 11:08:58 mail amavis[8175]: (!)Net::Server: 2011/12/20-11:08:58 Couldn't open pid file "/var/spool/vscan/var/amavisd.pid" [No such file or directory].\n\n at line 318 in file /usr/lib/perl5/vendor_perl/5.8.8/Net/Server.pm
- Dec 20 11:09:06 mail amavis[8210]: starting. /usr/sbin/amavisd at mail.xmall.com amavisd-new-2.6.4 (20090625), Unicode aware, LC_CTYPE="en_US.UTF-8", LANG="en_US.UTF-8"
- vim /etc/amavisd/amavisd.conf
- lock_file = "$MYHOME/var/amavisd.lock"; # -L
- $pid_file = "$MYHOME/var/amavisd.pid"; # -P
- 改成
- lock_file = "$MYHOME/amavisd.lock"; # -L
- $pid_file = "$MYHOME/amavisd.pid"; # -P
- 2 amavisd 检测不符合规定的邮件退回
- vim /etc/amavisd/amavisd.conf
- $final_virus_destiny = D_REJECT;
- $final_banned_destiny = D_REJECT;
- 3 http://wiki.extmail.org/%E6%8B%BE%E8%B2%B3%E3%80%81%E9%85%8D%E7%BD%AE%E5%86%85%E5%AE%B9%E3%80%81%E7%97%85%E6%AF%92%E8%BF%87%E6%BB%A4
- 5、配置Postfix 集成amavisd-new
- 增加邮件别名
- shell
- # vi /etc/postfix/aliases
- 增加如下信息,注意:默认的aliases数据库里已有一条virusalert的别名,请删除,再输入下面的别名记录,并确保所有记录都是唯一的:
- virusalert: root
- spam.police: root
- postfix: [email protected]
- 保存并执行newaliases命令生成新的别名数据库,重新启动amavisd:
- (unknown user: "virusalert") newaliases 命令 ,别名无效
- Dec 20 15:59:31 mail postfix/local[4037]: warning: database /etc/postfix/aliases.db is older than source file /etc/postfix/aliases
- Dec 20 15:59:31 mail postfix/smtp[4017]: D50708085EB: to=<zm2@xmall.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=7.7, delays=2.8/0/0.01/4.9, dsn=5.7.0, status=bounced (host 127.0.0.1[127.0.0.1] said: 554 5.7.0 Reject, id=03882-02 - BANNED: application/x-ms-dos-executable,.dat,test.exe (in reply to end of DATA command))
- Dec 20 15:59:31 mail postfix/local[4037]: A151F8085FC: to=<virusalert@mail.xmall.com>, relay=local, delay=0.97, delays=0.9/0.03/0/0.04, dsn=5.1.1, status=bounced (unknown user: "virusalert")
- 解决方法
- postalias /etc/postfix/aliases 命令即可
- #virusalert 用户不再提示错误了
- Dec 21 09:30:50 mail postfix/qmgr[3195]: E945D8085F0: from=<zm1@xmall.com>, size=28739726, nrcpt=1 (queue active)
- Dec 21 09:30:50 mail postfix/smtpd[3405]: disconnect from unknown[192.168.6.150]
- Dec 21 09:30:59 mail postfix/smtpd[3419]: connect from mail.xmall.com[127.0.0.1]
- Dec 21 09:30:59 mail postfix/smtpd[3419]: 683D28085FD: client=mail.xmall.com[127.0.0.1]
- Dec 21 09:30:59 mail postfix/cleanup[3415]: 683D28085FD: message-id=<VAdHaWpoTb2[email protected]>
- Dec 21 09:30:59 mail postfix/qmgr[3195]: 683D28085FD: from=<virusalert@mail.xmall.com>, size=2383, nrcpt=1 (queue active)
- Dec 21 09:30:59 mail amavis[3207]: (03207-01) Blocked BANNED (application/x-ms-dos-executable,.dat,test.exe), [192.168.6.150] [192.168.6.150] <zm1@xmall.com> -> <zm2@xmall.com>, quarantine: banned-dHaWpoTb2+Pl, Message-ID: <4EF1372A.4080409@xmall.com>, mail_id: dHaWpoTb2+Pl, Hits: -, size: 28739726, 9019 ms
- Dec 21 09:30:59 mail postfix/cleanup[3415]: BB2758085FE: message-id=<VAdHaWpoTb2[email protected]>
- Dec 21 09:30:59 mail postfix/local[3424]: 683D28085FD: to=<virusalert@mail.xmall.com>, relay=local, delay=0.37, delays=0.31/0.03/0/0.03, dsn=2.0.0, status=sent (forwarded as BB2758085FE)
- Dec 21 09:30:59 mail postfix/qmgr[3195]: BB2758085FE: from=<virusalert@mail.xmall.com>, size=2544, nrcpt=1 (queue active)
三 部署Extmail后
- 1 extmail 需要设置为自动启动的服务
- chkconfig courier-authlib on
- chkconfig courier-imap on
- chkconfig httpd on
- chkconfig mysqld on
- chkconfig postfix on
- ————————————————————
- chkconfig amavisd on
- chkconfig clamd on
- 2 关闭一些端口
- 建议只保留 22 25 110 80 其它关闭,或者使用 iptables 屏蔽掉!
- dn@dn-ThinkPad-E420:~$ nmap 192.168.57.88
- Starting Nmap 5.21 ( http://nmap.org ) at 2011-12-20 11:23 CST
- Nmap scan report for mail.xmall.com (192.168.57.88)
- Host is up (0.00076s latency).
- Not shown: 990 closed ports
- PORT STATE SERVICE
- 22/tcp open ssh
- 25/tcp open smtp
- 80/tcp open http
- 110/tcp open pop3
- 111/tcp open rpcbind
- 987/tcp open unknown
- 993/tcp open imaps
- 995/tcp open pop3s
- 2049/tcp open nfs
- 3306/tcp open mysql
- 3 为 extmail extman 升级,
- 老版本 新版本
- ExtMan 1.0 ExtMan 1.1
- ExtMail 1.1.0 ExtMail 1.2
- 直接解开压缩包覆盖extmail,extman (做好备份)即可!
- 别忘了更改属主与属组
- chown -R vuser:vgroup /var/www/extsuite/extmail/cgi/
chown -R vuser:vgroup /var/www/extsuite/extman/cgi/- 4 为 extmail 更改模版
- http://www.extmail.org/docs/Extmail_Template_Intro/#C4
- 5 extmail,extman mysql数据库安全
- 将以下账户设置为 /sbin/nologin (编辑 /etc/passwd)
- mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
- amavis:x:102:159:AMaViS email scanner user:/var/spool/vscan:/bin/sh
- 更改extmail 默认超级管理员帐户:[email protected],初始密码:extmail*123*
- extman 建立一个新的域管理员帐号比如 admin 并设置复杂的密码
- mysql 数据库root 设置密码
- $ mysqladmin -uroot password xmall.com123
- #删除mysql 空账户
- mysql> select user,host,password from mysql.user;
- +---------+----------------+------------------+
- | user | host | password |
- +---------+----------------+------------------+
- | root | localhost | 7f61883b2dac203f |
- | root | mail.xmall.com | |
- | root | 127.0.0.1 | |
- | | localhost | |
- | | mail.xmall.com | |
- | extmail | localhost | 2ffd2ffa7fea15e9 |
- | webman | localhost | 1a197db46f30ed43 |
- +---------+----------------+------------------+
- 7 rows in set (0.00 sec)
- delete from mysql.user where user=' ' and password=' ';
- #更改默认的 extmail 用户密码
- mysql> update mysql.user set password=password('xmall.com') where user='extmail';
- Query OK, 1 row affected (0.00 sec)
- Rows matched: 1 Changed: 1 Warnings: 0
- mysql> flush privileges;
- Query OK, 0 rows affected (0.00 sec)
- mysql> select user,host,password from mysql.user;
- +---------+----------------+------------------+
- | user | host | password |
- +---------+----------------+------------------+
- | root | localhost | 7f61883b2dac203f |
- | root | mail.xmall.com | |
- | root | 127.0.0.1 | |
- | extmail | localhost | 50c7f90a516065c5 |
- | webman | localhost | 1a197db46f30ed43 |
- +---------+----------------+------------------+
- 5 rows in set (0.00 sec)
- #由于更改了 extmail用户的秘密,所以要变更数据库相关配置文件,密码默认为 extmail,更改为新密码
- #vim /etc/authlib/authmysqlrc
- MYSQL_USERNAME extmail
- MYSQL_PASSWORD xmall.com
- #vim /var/www/extsuite/extmail/webmail.cf
- SYS_MYSQL_USER = extmail
- SYS_MYSQL_PASS = xmall.com
- #vim /etc/postfix/mysql_virtual_alias_maps.cf
- user = extmail
- password = xmall.com
- #vim /etc/postfix/mysql_virtual_domains_maps.cf
- user = extmail
- password = xmall.com
- #vim /etc/postfix/mysql_virtual_mailbox_maps.cf
- user = extmail
- password = xmall.com
- #vim /etc/postfix/mysql_virtual_sender_maps.cf
- user = extmail
- password = xmall.com
- #更改完毕,重新启动 authlib
- /etc/init.d/courier-authlib restart
- main.cf 增加一些规则
- 客户端可以在 rcpt to 命令指定同一封邮件发送给多少个收件地址
- smtpd_recipient_limit (来指定smtp 投递代理可以将同一封邮件发送给多少个收件人)
- postconf smtpd_recipient_limit=20(默认值1000,建议改小一些)
- 更改单封邮件大小,默认5MB
- message_size_limit = 31336000
- 收到重复邮件
- enable_original_recipient = no
四 postfix main.cf 配置文档
- postconf -n
- #别名数据库(postalias/newaliases 命令生成)
- alias_database = hash:/etc/postfix/aliases
- #别名表,列出local mda 所使用的别名数据库
- alias_maps = hash:/etc/postfix/aliases
- #退回的邮件重新投递的最长时间
- bounce_queue_lifetime = 1d
- #支持非标准验证规定的行为
- broken_sasl_auth_clients = yes
- #postfix命令目录
- command_directory = /usr/sbin
- #postfix配置文档目录
- config_directory = /etc/postfix
- #配置内容过滤 amavis
- content_filter = smtp-amavis:[127.0.0.1]:10024
- #postfix 的各个服务器程序目录
- daemon_directory = /usr/libexec/postfix
- #
- data_directory = /var/lib/postfix
- #
- debug_peer_level = 2
- #重复邮件
- enable_original_recipient = no
- #
- html_directory = /usr/share/doc/postfix-2.6.2-documentation/html
- #
- mail_name = Postfix - welcome mail.xmall.com
- #以此参数指定的系统账户,作为队列文件的拥有者以及postfix daemon 进程的运行身份
- mail_owner = postfix
- #单封邮件大小限制,单位字节
- mailbox_size_limit = 150242880
- #
- mailq_path = /usr/bin/mailq.postfi
- #manpage 目录
- manpage_directory = /usr/share/man
- #postfix在放弃投递而返回不可投递信息前,被延迟邮件再deferred邮件队列中的生存时间
- maximal_queue_lifetime = 1d
- #限制单封邮件的最大长度,单位字节
- message_size_limit = 150242880
- #设置"本地网域"
- mydestination = $mynetworks $myhostname
- #完整主机名称(主机名称+网域名称)
- myhostname = mail.xmall.com
- #邮件系统的网域名称
- mydomain = xmall.com
- #附加到只含人名部分的,不完整邮件地址的网域名称
- myorigin
- #列出可通过本邮件系统寄出邮件的网络地址或ip地址
- mynetworks = 127.0.0.1
- #兼容sendmail,用于重建别名数据库的newaliases程序路径
- newaliases_path = /usr/bin/newaliases.postfix
- #postfix 队列的主目录
- queue_directory = /var/spool/postfix
- #
- readme_directory = /usr/share/doc/postfix-2.6.2-documentation/readme
- #
- receive_override_options = no_address_mappings
- #样本配置文件目录
- sample_directory = /etc/postfix
- #供脚本或命令行用来寄送邮件
- sendmail_path = /usr/sbin/sendmail.postfix
- #用来提交邮件或管理队列的组标识符
- setgid_group = postdrop
- #
- show_user_unknown_table_name = no
- #smtp 问候信息
- smtpd_banner = $myhostname ESMTP $mail_name
- #当客户端引发错误时,postfix 的初始等待时间
- smtpd_error_sleep_time = 0s
- #收件人限制条件
- smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, check_policy_service inet:127.0.0.1:10030
- #启动sasl 验证
- smtpd_sasl_auth_enable = yes
- #
- smtpd_sasl_local_domain = $myhostname
- #指定密码验证机制(除noanonymous) 所有可用机制
- smtpd_sasl_security_options = noanonymous
- #设定寄件地址与sasl登录身份的对应关系,只能使用本域地址避免使用其他寄件地址!
- smtpd_sender_login_maps = mysql:/etc/postfix/mysql_virtual_sender_maps.cf, mysql:/etc/postfix/mysql_virtual_alias_maps.cf
- #发件人限制条件
- smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, reject_authenticated_sender_login_mismatch, reject_unauthenticated_sender_login_mismatch
- #
- unknown_local_recipient_reject_code = 550
- #指向含有“虚拟别名地址”与“实际收件地址”对应关系的查询表
- virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
- #虚拟网域查询表
- virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
- #虚拟邮箱查询表
- virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
- #用于投递邮件到虚拟邮箱地址的默认传输服务(虚拟mda)
- virtual_transport = maildrop:
五 维护 postfix 的命令
- newaliases (重建别名数据库)
- postalias /etc/postfix/aliases (创建或查询别名数据库)
- postcat (显示队列文件内容)
- postconf (修改 main.cf 配置文档 )
- postqueue (査看postfix 队列)
- postsuper (管理员管理 postfix 队列)
- postmap (创建查询表的DB数据库或查询查询表内容)
结束
推荐看看 postfix权威指南,这样更有利于我们理解Extmail 各个软件之间是如何工作的!
update 20120918
//删除 sendmail 邮件队列中的邮件
- rm -rf /var/spool/mqueue/*