Postfix邮件服务器搭建方案
操作系统:Linux Red Hat Enterprise Linux Serverrelease 6.3
IP:10.0.0.20
主机名:www.szgyzb.com
目标:1.实现局域网内部同域名之间互相收发;
2.实现往外部Internet邮箱发送邮件;
3.实现对部分帐号邮件外发管控;
一、需要安装的软件清单:
名称 |
版本 |
说明 |
Postfix |
postfix-2.7.0.tar.gz |
MTA |
Mysql |
mysql-5.5.9.tar.gz |
存储虚拟用户信息的数据库 |
Courier-authlib |
courier-authlib-0.62.4.tar.bz2 |
搭配SASL做验证 |
cyrus-sasl |
cyrus-sasl-2.1.22.tar.gz |
认证包 |
courier-imap |
courier-imap-4.5.0.tar.bz2 |
结合postfix提供imap和pop3服务 |
perl |
perl-5.10.1-127.el6.x86_64(rpm) |
解释器 |
pcre |
pcre-8.34.tar.gz |
安装imap需要—perl兼容正则表达式 |
httpd |
httpd-2.2.29.tar.gz |
Web服务器提供虚拟机服务 |
Extmail |
extman-0.2.5.tar.gz |
邮件WebMail |
Extmail |
extmail-1.1.0.tar.gz |
邮件后台管理包 |
DBD |
DBD-mysql-3.0002_3.tar.gz |
登录邮件服务器后台报错MySQL.pm line 13. BEGIN failed--compilation aborted需要安装这两个依赖工具 |
DBI |
DBI-1.607.tar.gz |
|
Clamav |
杀毒软件 |
|
amavisd-new |
扫描邮件病毒 |
|
Spamassassin |
防垃圾邮件工具 |
|
maildrop |
邮件投递 |
创建用户和组清单:
用户 |
组 |
简介 |
备注 |
mysql |
mysql |
mysql的用户和组 |
安装mysql时候创建 |
vmail |
vmail |
Postfix虚拟账户所使 |
uid: 1003 |
postfix |
postfix |
postfix主程序使用的用户和组 |
uid: 1000 |
|
postdrop |
|
该组不能包含任何成员,包括前面的postfix虚拟帐号也不例外。 |
clamav |
clamav |
杀毒软件用户 |
|
amavis |
amavis |
邮件扫描用户 |
|
#groupadd -g 1001vmail
#useradd -g 1001 -u1001 -s /sbin/nologin -M vmail
#groupadd -g 1002postdrop
#groupadd -g 1000postfix
#useradd -g 1000 -u1000 -s /sbin/nologin -M postfix
#useradd clamav
#useradd amavis
卸载系统自带的sendmail和sasl
#rpm -qa | grepsendmail
sendmail-8.13.8-2.el5
#service sendmailstop
#rpm -e --nodepssendmail
#rpm -qa |grep sasl
cyrus-sasl-lib-2.1.22-4
cyrus-sasl-devel-2.1.22-4
cyrus-sasl-2.1.22-4
cyrus-sasl-plain-2.1.22-4
#rpm -e --nodepscyrus-sasl-lib cyrus-sasl-devel cyrus-sasl cyrus-sasl-plain
创建虚拟用户的邮件存放路径
#mkdir -p/var/mailbox
#chown vmail:vmail/var/mailbox
#chmod 700/var/mailbox
源码包存放及解压路径
Mysql和Apache的安装
省略,参考SVN和wiki搭建文档中
安装配置courier-authlib
重点在Configure和make这两步,容易出错,重点说明:
./configure --with-mailuser=vmail --with-mailgroup=vmail--with-mysql-libs=/usr/local/mysql/lib--with-mysql-include=/usr/local/mysql/include/mysql --prefix=/usr/local/authlib--without-stdheaderdir
configure报错
报错1:configure: error: Cannot find either the gdbm or the dblibrary.
处理1:原因是gdbm-devel的版本不对,开始用的是32位的工具gdbm-devel-1.8.0-24.i386.rpm,一直报错,重新下载一个64位的gdbm-devel 工具 gdbm-devel-1.8.0-26.2.1.el5_6.1.x86_64.rpm即可
下载地址是http://rpm.pbone.net/index.php3?stat=3&limit=5&srodzaj=3&dl=40&search=gdbm-devel
报错2:make时候libgdbm.a: could not read symbols: Bad value
处理2:
1.CFLAGS="-O3 -fPIC" ./configure--with-mailuser=vmail --with-mailgroup=vmail--with-mysql-libs=/usr/local/mysql/lib--with-mysql-include=/usr/local/mysql/include/mysql --prefix=/usr/local/authlib--without-stdheaderdir
2.gdbm-1.8.3.tar.gz 在configure时候也加上CFLAGS="-O3 -fPIC"
3.备份/usr/lib64/libgdbm.a文件 cp /usr/local/gdbm/lib/libgdbm.a/usr/lib64/、cp /usr/local/gdbm/lib/libgdbm.a /usr/lib
make 通过
4.mysql的lib和include路径的指向需要注意,照搬网上的会容易出错,要根据自己源码安装的路径来
安装完成以后需要修改配置vim /usr/local/authlib/etc/authlib/authdaemonrc
authmodulelist="authmysql"
authmodulelistorig="authmysql"
#vim/usr/local/authlib/etc/authlib/authmysqlrc
配置如下:
##VERSION: $Id: authmysqlrc,v 1.202007/10/07 02:50:45 mrsam Exp $
#
# Copyright 2000-2007 Double Precision,Inc. See COPYING for
# distribution information.
#
# Do not alter lines that begin with ##,they are used when upgrading
# this configuration.
#
# authmysqlrc created from authmysqlrc.distby sysconftool
#
# DO NOT INSTALL THIS FILE with world readpermissions. This file
# might contain the MySQL admin password!
#
# Each line in this file must follow thefollowing format:
#
# field[spaces|tabs]value
#
# That is, the name of the field, followedby spaces or tabs, followed by
# field value. Trailing spaces are prohibited.
##NAME: LOCATION:0
#
# The server name, userid, and password usedto log in.
MYSQL_SERVER www.szgyzb.com //数据库服务器主机名
MYSQL_USERNAME extmail //数据库登录用户名
MYSQL_PASSWORD 123456 //数据库登录密码
##NAME: SSLINFO:0
#
# The SSL information.
#
# To use SSL-encrypted connections, definethe following variables (available
# in MySQL 4.0, or higher):
#
#
# MYSQL_SSL_KEY /path/to/file
# MYSQL_SSL_CERT /path/to/file
# MYSQL_SSL_CACERT /path/to/file
# MYSQL_SSL_CAPATH /path/to/file
# MYSQL_SSL_CIPHERS ALL:!DES
##NAME: MYSQL_SOCKET:0
#
# MYSQL_SOCKET can be used with MySQLversion 3.22 or later, it specifies the
# filesystem pipe used for the connection
#
# MYSQL_SOCKET /var/mysql/mysql.sock
MYSQL_SOCKET "/tmp/mysql.sock"
##NAME: MYSQL_PORT:0
#
# MYSQL_PORT can be used with MySQL version3.22 or later to specify a port to
# connect to.
#MYSQL_PORT 0
MYSQL_PORT 3306 //数据库端口
##NAME: MYSQL_OPT:0
#
# Leave MYSQL_OPT as 0, unless you know whatyou're doing.
MYSQL_OPT 0
##NAME: MYSQL_DATABASE:0
#
# The name of the MySQL database we willopen:
#MYSQL_DATABASE mysql
MYSQL_DATABASE extmail //数据库名称
#NAME: MYSQL_CHARACTER_SET:0
#
# This is optional. MYSQL_CHARACTER_SETinstalls a character set. This option
# can be used with MySQL version 4.1 or later. MySQL supports70+ collations
# for 30+ character sets. See MySQLdocumentations for more detalis.
#
# MYSQL_CHARACTER_SET latin1
##NAME: MYSQL_USER_TABLE:0
#
# The name of the table containing your userdata. See README.authmysqlrc
# for the required fields in this table.
#MYSQL_USER_TABLE passwd
MYSQL_USER_TABLE mailbox //虚拟帐号用户信息表
##NAME: MYSQL_CRYPT_PWFIELD:0
#
# Either MYSQL_CRYPT_PWFIELD orMYSQL_CLEAR_PWFIELD must be defined. Both
# are OK too. crypted passwords go intoMYSQL_CRYPT_PWFIELD, cleartext
# passwords go intoMYSQL_CLEAR_PWFIELD. Cleartext passwordsallow
# CRAM-MD5 authentication to be implemented.
#MYSQL_CRYPT_PWFIELD crypt
MYSQL_CRYPT_PWFIELD password
##NAME: MYSQL_CLEAR_PWFIELD:0
#
#
# MYSQL_CLEAR_PWFIELD clear
##NAME: MYSQL_DEFAULT_DOMAIN:0
#
# If DEFAULT_DOMAIN is defined, and someonetries to log in as 'user',
# we will look up 'user@DEFAULT_DOMAIN'instead.
#
#
# DEFAULT_DOMAIN example.com
DEFAULT_DOMAIN gyzb.com
##NAME: MYSQL_UID_FIELD:0
#
# Other fields in the mysql table:
#
# MYSQL_UID_FIELD - contains the numericaluserid of the account
MYSQL_UID_FIELD '1003'
##NAME: MYSQL_GID_FIELD:0
#
# Numerical groupid of the account
MYSQL_GID_FIELD '1003' //虚拟帐号用户名ID
##NAME: MYSQL_LOGIN_FIELD:0
#
# The login id, default is id. Basically the query is:
#
# SELECT MYSQL_UID_FIELD, MYSQL_GID_FIELD, ... WHERE id='loginid'
#
MYSQL_LOGIN_FIELD username
##NAME: MYSQL_HOME_FIELD:0
#
MYSQL_HOME_FIELD "/var/mailbox" //注意有双引号
##NAME: MYSQL_NAME_FIELD:0
#
# The user's name (optional)
MYSQL_NAME_FIELD name
##NAME: MYSQL_MAILDIR_FIELD:0
#
# This is an optional field, and can be usedto specify an arbitrary
# location of the maildir for the account,which normally defaults to
# $HOME/Maildir (where $HOME is read fromMYSQL_HOME_FIELD).
#
# You still need to provide aMYSQL_HOME_FIELD, even if you uncomment this
# out.
#
MYSQL_MAILDIR_FIELD maildir
##NAME: MYSQL_DEFAULTDELIVERY:0
#
# Courier mail server only: optional fieldspecifies custom mail delivery
# instructions for this account (if defined)-- essentially overrides
# DEFAULTDELIVERY from${sysconfdir}/courierd
#
# MYSQL_DEFAULTDELIVERY defaultdelivery
##NAME: MYSQL_QUOTA_FIELD:0
#
# Define MYSQL_QUOTA_FIELD to be the name ofthe field that can optionally
# specify a maildir quota. See README.maildirquota for more information
#
MYSQL_QUOTA_FIELD (quota,'S')
##NAME: MYSQL_AUXOPTIONS:0
#
# Auxiliary options. The MYSQL_AUXOPTIONS field should be a charfield that
# contains a single string consisting ofcomma-separated "ATTRIBUTE=NAME"
# pairs. These names are additional attributes that define various per-account
# "options", as given in INSTALL'sdescription of the "Account OPTIONS"
# setting.
#
# MYSQL_AUXOPTIONS_FIELD auxoptions
#
# You might want to try something like this,if you'd like to use a bunch
# of individual fields, instead of a singletext blob:
#
# MYSQL_AUXOPTIONS_FIELD CONCAT("disableimap=",disableimap,",disablepop3=",disablepop3,",disablewebmail=",disablewebmail,",sharedgroup=",sharedgroup)
#
# This will let you define fields called"disableimap", etc, with the end result
# being something that the OPTIONS parserunderstands.
##NAME: MYSQL_WHERE_CLAUSE:0
#
# This is optional, MYSQL_WHERE_CLAUSE canbe basically set to an arbitrary
# fixed string that is appended to the WHEREclause of our query
#
# MYSQL_WHERE_CLAUSE server='mailhost.example.com'
MYSQL_WHERE_CLAUSE active='1'
##NAME: MYSQL_SELECT_CLAUSE:0
#
# (EXPERIMENTAL)
# This is optional, MYSQL_SELECT_CLAUSE canbe set when you have a database,
# which is structuraly different fromproposed. The fixed string will
# be used to do a SELECT operation ondatabase, which should return fields
# in order specified bellow:
#
# username, cryptpw, clearpw, uid, gid,home, maildir, quota, fullname, options
#
# The username field should include thedomain (see example below).
#
# Enabling this option causes ignorance ofany other field-related
# options, excluding default domain.
#
# There are two variables, which you canuse. Substitution will be made
# for them, so you can put entered username(local part) and domain name
# in the right place of your query. Thesevariables are:
# $(local_part), $(domain),$(service)
#
# If a $(domain) is empty (not given by theremote user) the default domain
# name is used in its place.
#
# $(service) will expand out to the servicebeing authenticated: imap, imaps,
# pop3 or pop3s. Courier mail server only: service will alsoexpand out to
# "courier", when searching forlocal mail account's location. In thiscase,
# if the "maildir" field is notempty it will be used in place of
# DEFAULTDELIVERY. Courier mail server will also use esmtp whendoing
# authenticated ESMTP.
#
# This example is a little bit modifiedadaptation of vmail-sql
# database scheme:
#
# MYSQL_SELECT_CLAUSE SELECT CONCAT(popbox.local_part, '@',popbox.domain_name), \
# CONCAT('{MD5}',popbox.password_hash), \
# popbox.clearpw, \
# domain.uid, \
# domain.gid, \
# CONCAT(domain.path,'/', popbox.mbox_name), \
# '', \
# domain.quota, \
# '', \
# CONCAT("disableimap=",disableimap,",disablepop3=", \
# disablepop3,",disablewebmail=",disablewebmail, \
# ",sharedgroup=",sharedgroup) \
# FROMpopbox, domain \
# WHEREpopbox.local_part = '$(local_part)' \
# ANDpopbox.domain_name = '$(domain)' \
# ANDpopbox.domain_name = domain.domain_name
##NAME: MYSQL_ENUMERATE_CLAUSE:1
#
# {EXPERIMENTAL}
# Optional custom SQL query used toenumerate accounts for authenumerate,
# in order to compile a list of accounts forshared folders. The query
# should return the following fields: name,uid, gid, homedir, maildir, options
#
# Example:
# MYSQL_ENUMERATE_CLAUSE SELECT CONCAT(popbox.local_part, '@',popbox.domain_name), \
# domain.uid, \
# domain.gid, \
# CONCAT(domain.path,'/', popbox.mbox_name), \
# '', \
# CONCAT('sharedgroup=',sharedgroup) \
# FROMpopbox, domain \
# WHEREpopbox.local_part = '$(local_part)' \
# ANDpopbox.domain_name = '$(domain)' \
# ANDpopbox.domain_name = domain.domain_name
##NAME: MYSQL_CHPASS_CLAUSE:0
#
# (EXPERIMENTAL)
# This is optional, MYSQL_CHPASS_CLAUSE canbe set when you have a database,
# which is structuraly different fromproposed. The fixed string will
# be used to do an UPDATE operation ondatabase. In other words, it is
# used, when changing password.
#
# There are four variables, which you canuse. Substitution will be made
# for them, so you can put entered username(local part) and domain name
# in the right place of your query. Therevariables are:
# $(local_part), $(domain) , $(newpass) , $(newpass_crypt)
#
# If a $(domain) is empty (not given by theremote user) the default domain
# name is used in its place.
# $(newpass) contains plain password
# $(newpass_crypt) contains its crypted form
#
# MYSQL_CHPASS_CLAUSE UPDATE popbox \
# SET clearpw='$(newpass)', \
# password_hash='$(newpass_crypt)' \
# WHERE local_part='$(local_part)' \
# AND domain_name='$(domain)'
#
切换到源码目录,启动authlib,并设置开机自启动
#cp courier-authlib.sysvinit/etc/init.d/courier-authlib
#chmod 755 /etc/init.d/courier-authlib
#chkconfig --add courier-authlib
#chkconfig courier-authlib on
#servicecourier-authlib start
查看是否启动:
[root@www init.d]# ps -aux|grep authlib
Warning: bad syntax, perhaps a bogus '-'?See /usr/share/doc/procps-3.2.8/FAQ
root 1291 0.0 0.0 4060 508 ? S Nov12 0:00 /usr/local/authlib/sbin/courierlogger-pid=/usr/local/authlib/var/spool/authdaemon/pid -start/usr/local/authlib/libexec/courier-authlib/authdaemond
root 1292 0.0 0.1 36316 1680 ? S Nov12 0:00/usr/local/authlib/libexec/courier-authlib/authdaemond
root 1293 0.0 0.1 114328 1772 ? S Nov12 0:00 /usr/local/authlib/libexec/courier-authlib/authdaemond
root 1294 0.0 0.1 114328 1772 ? S Nov12 0:00 /usr/local/authlib/libexec/courier-authlib/authdaemond
root 1295 0.0 0.1 114328 1772 ? S Nov12 0:00 /usr/local/authlib/libexec/courier-authlib/authdaemond
root 1296 0.0 0.1 114328 1772 ? S Nov12 0:00 /usr/local/authlib/libexec/courier-authlib/authdaemond
root 1297 0.0 0.1 114328 1772 ? S Nov12 0:00/usr/local/authlib/libexec/courier-authlib/authdaemond
查到上面的进程,表明authlib启动成功
修改authdaemon 的socket目录权限如果该目录权限不正确修改,maildrop及postfix等将无法正确获取用户的信息及密码认证:
#chmod 755/usr/local/authlib/var/spool/authdaemon
#ll -d/usr/local/authlib/var/spool/authdaemon
drwxr-xr-x
系统集成
#ln -s/usr/local/courier-authlib/lib/courier-authlib/* /usr/lib
#ldconfig –v
安装配置Cyrus-SASL2
重点在Configure这步容易出错,重点说明:
步骤1:./configure --prefix=/usr/local/sasl2 --disable-gssapi --disable-anon --disable-sample --disable-digest --enable-plain --enable-login--enable-sql --with-mysql=/usr/local/mysql --with-mysql-includes=/usr/local/mysql/include/mysql --with-mysql-libs=/usr/local/mysql/lib--with-authdaemond=/usr/local/authlib/var/spool/authdaemon/socket(第一次用这种验证方式,STMP测试无法通过)
./configure --prefix=/usr/local/sasl2 --disable-anon--disable-gssapi --disable-sample --disable-digest --enable-plain --enable-login --enable-cram--enable-digest --enable-sql --with-mysql=/usr/local/mysql --with-mysql-includes=/usr/local/mysql/include/mysql--with-mysql-libs=/usr/local/mysql/lib --with-saslauthd=/var/run/saslauthd(重新编译安装改为saslauthd验证,SMTP测试通过)
make报错
报错1:error: mysql.h: No such file or directory
处理1.这是因为在编译时需要 MySQL 的头的文件。而它按默认搜索找不到头文件的位置,所以才出现这个问题。通过软连接把MySQL头文件对应到/usr/local/include/下就好
比如你的MySQL安装文件位于/usr/local/mysql,那么就执行以下命令:
# ln -s/usr/local/mysql/include/* /usr/local/include/
报错2:error: des.h: No such file or directory
处理2:查到openssl安装目录下面的des.sh路径,编译cyrus时候会去默认的路径/usr/local/include下面找des.sh文件,但是实际des.sh是在/usr/local/ssl/include/openssl/下面的,故做软连接处理,确保可以找到
ln -s /usr/local/ssl/include/openssl/*/usr/local/include/
系统集成
#ln -s /usr/local/lib/sasl2/ /usr/lib/
#ldconfig -v | grep sasl
Postfix的SMTP认证需要透过Cyrus-SASL,连接到authdaemon获取认证信息,这里我们需要配置smtp的验证,后续的还需要修改postfix的main.cf文件这里先不错说明,等到了配置postfix的时候再介绍如何配置postfix的smtp认证的配置
vim /usr/local/sasl2/lib/sasl2/smtpd.conf
#pwcheck_method:saslauthd (原来采用此,SMTP验证测试老是不通过,改为下面的方式才通过)
pwcheck_method:authdaemond
mech_list: plain login
log_level: 3
authdaemond_path:/usr/local/authlib/var/spool/authdaemon/socket //安装authlib时候socket的路径
安装配置Postfix
主要是编译步骤采用第二种,前提是要装好BerkeleyDB
make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL-I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL-I/usr/local/sasl2/include/sasl' 'AUXLIBS=-L/usr/local/mysql/lib -lmysqlclient-lz -lm -L/usr/local/lib -lsasl2'
make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL-I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL-I/usr/local/sasl2/include/sasl -I/usr/local/BerkeleyDB/include -DUSE_TLS -I/usr/local/ssl/include/openssl ''AUXLIBS=-L/usr/local/mysql/lib -lmysqlclient -lz -lm -L/usr/local/sasl2/lib-lsasl2 -L/usr/local/BerkeleyDB/lib -L/usr/local/ssl/lib -lssl -lcrypto'
报错1:找不到libmysqlclient.so
处理1:ln-s /usr/local/mysql/lib/libmysqlclient.so /usr/lib/libmysqlclient.so和ln -s /usr/local/mysql/lib/libmysqlclient.so/usr/lib64/libmysqlclient.so
类似的问题都可以这样处理
报错2:errorwhile loading shared libraries: libmysqlclient.so.16: cannot open shared objectfile: No such file
编译完成后程序会自动进入交互状态,等待用户的输入,一般情况下,一路回车即可完成所有的安装。生成别名二进制文件
#/usr/bin/newaliases
这条命令的作用就是将/etc/alias 文件利用工具转为postfix可以读取的二进制文件,存为/etc/postfix/ aliases
验证安装的Postfix是否支持SASL、MySQL
#postconf -a
cyrus
dovecot
#postconf -m
btree
cidr
environ
hash
mysql
nis
proxy
regexp
static
unix
注意:
(1)如果没有显示出cyrus项说明你的postfix不支持SASL,需要检查但前系统是否将libsasl库加入到系统中,利用ldconfig -v | grep 查看。如果没有libsasl2.so.2 -> libsasl2.so.2.0.23 需要将/usr/local/lib目录添加到/etc/ld.so.conf文件中然后再执行ldconfig命令使其生效。这在前面的安装前准备工作中已经有介绍。
(2)如果没有mysql项说明postfix不支持mysql协议的查询,肯定是编译时mysql的目录指定错误,重新查看mysql的lib目录和include目录的确切位置后重新编译安装postfix
Postfix配置
Postfix的配置我们放到最后等courier-imap、maildrop、extmail安装完成之后做统一的配置。
创建虚拟用户验证配置文件的目录由于我们的虚拟用户是结合mysql进行验证的,
postfix的配置文件中可以针对虚拟用户进行配置的定义,该目录就是存储mysql验证的配置文件。
后文extman配置时会介绍。这里先创建相应目录。
#mkdir -p /etc/postfix/mysql
创建postfix启动daemon控制脚本
#vim /etc/init.d/postfix
#!/bin/sh
# postfix Postfix Mail Transfer Agent
# chkconfig: 2345 80 30
# description: Postfix is a Mail TransportAgent, which is the program \
# that moves mail from one machine toanother.
# processname: master
# pidfile: /var/spool/postfix/pid/master.pid
# config: /etc/postfix/main.cf
# config: /etc/postfix/master.cf
#
# $Revision: 2.4 $
#
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ]&& exit 0
[ -x /usr/sbin/postfix ] || exit 0
[ -d /etc/postfix ] || exit 0
[ -d /var/spool/postfix ] || exit 0
RETVAL=0
start() {
# Start daemons.
echo -n "Starting postfix: "
/usr/sbin/postfix start 2>/dev/null1>&2 && success || failure
RETVAL=$?
[ $RETVAL -eq 0 ] && touch/var/lock/subsys/postfix
echo
return $RETVAL
}
stop() {
# Stop daemons.
echo -n "Shutting down postfix:"
/usr/sbin/postfix stop 2>/dev/null1>&2 && success || failure
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f/var/lock/subsys/postfix
echo
return $RETVAL
}
reload() {
echo -n "Reloading postfix: "
/usr/sbin/postfix reload 2>/dev/null1>&2 && success || failure
RETVAL=$?
echo
return $RETVAL
}
restart() {
stop
start
}
abort() {
/usr/sbin/postfix abort 2>/dev/null1>&2 && success || failure
return $?
}
flush() {
/usr/sbin/postfix flush 2>/dev/null1>&2 && success || failure
return $?
}
check() {
/usr/sbin/postfix check 2>/dev/null1>&2 && success || failure
return $?
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload)
reload
;;
abort)
abort
;;
flush)
flush
;;
check)
check
;;
status)
status master
;;
condrestart)
# don't use /var/lock/subsys/postfix, checkfor postfix running directly
daemon_directory=$(postconf -hdaemon_directory)
$daemon_directory/master -t 2>/dev/null&& : || restart
;;
*)
echo "Usage: postfix
{start|stop|restart|reload|abort|flush|check|status|condrestart}"
exit 1
esac
exit $?
添加服务,指定自动启动
#chmod +x /etc/init.d/postfix
#chkconfig --add postfix
#chkconfig postfix on
安装配置courier-imap
./configure --prefix=/usr/local/courier-imap--with-redhat --disable-root-check --enable-unicode=utf-8,iso-8859-1,gb2312,gbk,gb18030--with-trashquota --with-dirsync --with-mysql-libs=/usr/local/mysql/lib--with-mysql-includes=/usr/local/mysql/include/mysql --with-authmysql--with-authmysql=yes CPPFLAGS='-I/usr/local/authlib/include'LDFLAGS='-L/usr/local/authlib/lib/courier-authlib' COURIERAUTHCONFIG='/usr/local/courier-authlib/bin/courierauthconfig'
报错1:configure: error: courierauthconfig not found
处理1:ln -s /usr/local/authlib/bin/courierauthconfig/usr/bin/courierauthconfig
其它报错处理:换4.5版本解决问题
配置
#vim/usr/local/courier-imap/etc/imapd
跳到文件最后,找到IMAPDSTART=NO
替换为IMAPDSTART=YES
#vim/usr/local/courier-imap/etc/pop3d
与imapd文件类似,在文件最后找到POP3DSTART=NO
修改为POP3DSTART=YES启动服务
#service imapdstart
StartingCourier-IMAP server: imap pop3
#netstat -tulnp |egrep "110|143"
tcp 0 0 :::110:::* LISTEN 23349/couriertcpd
tcp 0 0 :::143:::* LISTEN 23343/couriertcpd
安装配置pcre比较简单过程省略
安装maildrop
./configure--enable-sendmail=/usr/sbin/sendmail --enable-trusted-users='root vmail' --enable-syslog=1--enable-maildirquota --enable-maildrop-uid=1003 --enable-maildrop-gid=1003 --with-trashquota--with-dirsync
验证安装
#maildrop -v
maildrop 2.1.0 Copyright 1998-2005 DoublePrecision, Inc.
GDBM/DB extensions enabled.
Courier Authentication Library extensionenabled.
Maildir quota extension enabled.
This program is distributed under the termsof the GNU General Public
License. See COPYING for additionalinformation.
如果没有显示Courier Authentication Library extension enabled.说明你的maidrop还不支持courier auth,请仔细检查,重新编译maildrop建议不要自定义目录安装,可以减少不必要的麻烦,删除很方便:直接在已经编译的源代码目录make uninstall知道maildrop把邮件移动到哪个用户目录还是非常有必要的,这个操作就是maildrop的日志记录。这里我们创建一个新文件/etc/maildroprc,这个文件就2行内容:如果加入反SPAM,需要更改以下内容
#touch /var/log/maildrop.log;chownvmail.vmail /var/log/maildrop.log
安装配置extman和extmail
解压它们,并拷贝它们的解压出来的目录到/usr/local/apache/htdocs下面
#tar -xvzf extmail-1.1.0.tar.gz -C/usr/local/apache/htdocs
#cd /usr/local/apache/htdocs
#mv extmail-1.1.0/ extmail
#chown vmail.vmail extmail/ -R
#cd extmail
#cp -pwebmail.cf.default webmail.cf
配置extmail.cf
# sys_config, theconfig file and webmail programe root
SYS_CONFIG =/usr/local/apache/htdocs/extmail/ //虚拟机指向的extmail路径
# sys_langdir, thei18n dir
SYS_LANGDIR =/usr/local/apache/htdocs/extmail/lang
# sys_templdir,the template dir
SYS_TEMPLDIR =/usr/local/apache/htdocs/extmail/html
# sys_http_cache,a switch to enable or disable http cache via http header
SYS_HTTP_CACHE = 0
# sys_smtp_host
SYS_SMTP_HOST =10.0.0.20 //smtp服务器 IP
# sys_smtp_port
SYS_SMTP_PORT = 25 //smtp端口
# sys_smtp_timeout
SYS_SMTP_TIMEOUT =5 //smtp超时时间
#sys_spam_report_on = 1 | 0 - enable spam reporting or not
SYS_SPAM_REPORT_ON= 0
#sys_spam_report_type = dspam | spamassassin - spam reporting type
SYS_SPAM_REPORT_TYPE= dspam
# sys_warn, showsystem warning or not, default to yes
SYS_SHOW_WARN = 0
#sys_permit_noquota, permit an account without qouta?
SYS_PERMIT_NOQUOTA= 1
# sys_sess_dir,the session dir
SYS_SESS_DIR =/tmp
#sys_upload_tmpdir, the temp directory for file uploading
SYS_UPLOAD_TMPDIR= /tmp
# sys_log_on = 1 |0 - enable logging or not
SYS_LOG_ON = 1
# sys_log_type =file|syslog|nsyslog, syslog will save login
# or error infointo mail.*, nsyslog is a replacement to syslog
# that will sendlog message to network syslogd
#SYS_LOG_TYPE =syslog
SYS_LOG_TYPE =file
# sys_log_file -path to log file, if sys_log_type = file
SYS_LOG_FILE =/var/log/extmail.log
#sys_sess_timeout, session timeout, default 3 hours (3h) format:
#number+(s|m|h|d|M|y); or only number, the 0 means that the
# session willlast for 0 seconds, but if you specify the
#sys_sess_cookie_only = 1 then it means the session will expire
# after you closeyour browser :)
SYS_SESS_TIMEOUT= 0
#sys_sess_cookie_only = 0|1 use cookie only or include cgi "sid"
# parameter ? ifset to true(1), the session will be expired after
# sys_sess_timeoutif there is no any active request from browser
SYS_SESS_COOKIE_ONLY= 1
# sys_user_psize,user default page_size
SYS_USER_PSIZE =10
# sys_user_tsize,user mail subject truncate size, valid type:
# auto => full text
# screen1 =>800x600
# screen2 =>1024x768
# screen3 =>1280x1024
SYS_USER_SCREEN =auto
# sys_user_lang,user default language
#SYS_USER_LANG =en_US
SYS_USER_LANG =zh_CN
# sys_app_type,the app type: WebMail or ExtMan? It must be the same
# as prefix partof language package name, eg: WebMail::en_US
SYS_APP_TYPE =WebMail
#sys_user_template, user default template
SYS_USER_TEMPLATE= default
#sys_user_charset, user default charset
SYS_USER_CHARSET =utf-8
# sys_user_trylocal,user default outgoing encoding mechanism
SYS_USER_TRYLOCAL= 1
#sys_user_timezone, user default timezone
SYS_USER_TIMEZONE= +0800
# sys_user_*default parameters
SYS_USER_CCSENT =1
SYS_USER_SHOW_HTML= 1
SYS_USER_COMPOSE_HTML= 1
SYS_USER_CONV_LINK=1
SYS_USER_ADDR2ABOOK= 1
#sys_message_size_limit, default message size limit per user
# count asbyte(s), eg: 5242880 means 5MB
SYS_MESSAGE_SIZE_LIMIT= 5242880
#sys_min_pass_len, minimal password length, default 2
SYS_MIN_PASS_LEN =2
# sys_mfilter_on,default is off
SYS_MFILTER_ON = 1
# sys_netdisk_on,default is off
SYS_NETDISK_ON = 1
# sys_show_signup,default is on, this feature need extman
# 0.2.2 or higherversion, built with signup serivce
SYS_SHOW_SIGNUP =1
# sys_debug_on,default is off
SYS_DEBUG_ON = 1
# sys auth type,mysql/ldap/authlib
SYS_AUTH_TYPE =mysql
# maildir_base,the base dir of user maildir, use absolute path
# if not set.
#SYS_MAILDIR_BASE= /home/domains
SYS_MAILDIR_BASE =/var/mailbox //这里是存放邮件的路径,注意不要写错,否则造成只能发不能收的问题
# sys_auth_schema,vpopmail1/vpopmail2/virtual
# vpopmail1 =>all user accounts in one table
# vpopmail2 =>accounts in per domain table
SYS_AUTH_SCHEMA =virtual
# crypt_type, thedefault encrypt type of password, possible type
# currently iscrypt|cleartext|plain|md5|md5crypt|plain-md5|ldap-md5|sha|sha1
SYS_CRYPT_TYPE =md5crypt
# if mysql, allrelate parameters should prefix as SYS_MYSQL
SYS_MYSQL_USER =extmail //mysql数据库用户名
SYS_MYSQL_PASS =123456 //mysql数据库密码
SYS_MYSQL_DB =extmail //mysql数据库名
SYS_MYSQL_HOST =10.0.0.20 //mysql DB服务器 IP
SYS_MYSQL_SOCKET =/tmp/mysql.sock
# table name
SYS_MYSQL_TABLE =mailbox
SYS_MYSQL_ATTR_USERNAME= username
SYS_MYSQL_ATTR_DOMAIN= domain
SYS_MYSQL_ATTR_PASSWD= password
# sys_mysql_attr_clearpw- attribute to save clear password, useful for
# postmasterwithdraw the original passwd if the end user forgot, but
# we highlyrecommend that you don't enable it for security reason
SYS_MYSQL_ATTR_CLEARPW= clearpwd
SYS_MYSQL_ATTR_QUOTA= quota
SYS_MYSQL_ATTR_NDQUOTA= netdiskquota
SYS_MYSQL_ATTR_HOME= homedir
SYS_MYSQL_ATTR_MAILDIR= maildir
# serviceenable/disable attributes
# comment them outif you don't want their function
SYS_MYSQL_ATTR_DISABLEWEBMAIL= disablewebmail
SYS_MYSQL_ATTR_DISABLENETDISK= disablenetdisk
SYS_MYSQL_ATTR_DISABLEPWDCHANGE= disablepwdchange
SYS_MYSQL_ATTR_ACTIVE= active
# passwordretrieve attributes
# comment them outif you don't want such function
SYS_MYSQL_ATTR_PWD_QUESTION= question
SYS_MYSQL_ATTR_PWD_ANSWER= answer
# if ldap, allrelate parameters should prefix as SYS_LDAP
SYS_LDAP_BASE =o=extmailAccount,dc=example.com
SYS_LDAP_RDN =cn=Manager,dc=example.com
SYS_LDAP_PASS =secret
SYS_LDAP_HOST =localhost
# ldif attributes
SYS_LDAP_ATTR_USERNAME= mail
SYS_LDAP_ATTR_DOMAIN= virtualDomain
SYS_LDAP_ATTR_PASSWD= userPassword
#sys_ldap_attr_clearpw - attribute to save clear password, useful for
# postmasterwithdraw the original passwd if the end user forgot, but
# we highlyrecommend that you don't enable it for security reason
SYS_LDAP_ATTR_CLEARPW= clearPassword
SYS_LDAP_ATTR_QUOTA= mailQuota
SYS_LDAP_ATTR_NDQUOTA= netdiskQuota
SYS_LDAP_ATTR_HOME= homeDirectory
SYS_LDAP_ATTR_MAILDIR= mailMessageStore
# serviceenable/disable attributes
# comment them outif you don't want their function
SYS_LDAP_ATTR_DISABLEWEBMAIL= disablewebmail
SYS_LDAP_ATTR_DISABLENETDISK= disablenetdisk
SYS_LDAP_ATTR_DISABLEPWDCHANGE= disablePasswdChange
SYS_LDAP_ATTR_ACTIVE= active
# passwordretrieve attributes
# comment them outif you don't want such function
SYS_LDAP_ATTR_PWD_QUESTION= question
SYS_LDAP_ATTR_PWD_ANSWER= answer
# if authlib, allrelate parameters should prefix as AUTHLIB
SYS_AUTHLIB_SOCKET= /usr/local/authlib/var/spool/authdaemon/socket
# Global Abooksupport
#sys_g_abook_type, global abook type, valid is ldap|file
SYS_G_ABOOK_TYPE =file
# if ldap, allrelate parameters should prefix as SYS_G_ABOOK_LDAP
SYS_G_ABOOK_LDAP_HOST= localhost
SYS_G_ABOOK_LDAP_BASE= ou=AddressBook,dc=example.com
SYS_G_ABOOK_LDAP_ROOTDN= cn=Manager,dc=example.com
SYS_G_ABOOK_LDAP_ROOTPW= secret
SYS_G_ABOOK_LDAP_FILTER= objectClass=OfficePerson
# if file, allrelate parameters should prefix as SYS_G_ABOOK_FILE
SYS_G_ABOOK_FILE_PATH= /var/www/extsuite/extmail/globabook.cf
SYS_G_ABOOK_FILE_LOCK= 1
SYS_G_ABOOK_FILE_CONVERT= 0
SYS_G_ABOOK_FILE_CHARSET= utf-8
#tar -xvzf extman-0.2.5.tar.gz -C/usr/local/apache/htdocs
#cd /usr/local/apache/htdocs
#mv extman-0.2.5/ extman; chown vmail.vmailextman –R
配置webman.cf
# vim /data/web/extman/webman.cf
#sys_config, the config file and webman programe root
SYS_CONFIG= /usr/local/apache/htdocs/extman/ //虚拟机指向的extman的路径
#sys_langdir, the i18n dir
SYS_LANGDIR= /usr/local/apache/htdocs/extman/lang
# sys_templdir,the template dir
SYS_TEMPLDIR= /usr/local/apache/htdocs/extman/html
#maildir_base, the base dir of user maildir, use absolute path
# if notset.
SYS_MAILDIR_BASE= /var/mailbox/
# sys_warn,show system warning or not, default to yes
SYS_SHOW_WARN= 0
#sys_sess_dir, the session dir
SYS_SESS_DIR= /var/tmp/extman/
#sys_captcha_on 1|0 - to enable captcha feature or not
SYS_CAPTCHA_ON= 0
#sys_captcha_key
SYS_CAPTCHA_KEY= r3s9b6a7
#sys_captcha_len
SYS_CAPTCHA_LEN= 6
#sys_purge_data - to completely destroy user's mailbox or not?
SYS_PURGE_DATA = 0
#sys_sess_timeout, session timeout in seccond, default 6 hours
#SYS_SESS_TIMEOUT = 21600
#sys_user_psize, user default page_size
SYS_PSIZE =20
#sys_user_lang, user default language
# SYS_LANG= en_US
#sys_app_type, the app type: WebMail or ExtMan? It must be the same
# as prefixpart of language package name, eg: WebMail::en_US
SYS_APP_TYPE= ExtMan
#sys_template_name, the template name
SYS_TEMPLATE_NAME= default
# webmanagement related restritions
#sys_default_expire, valid value: ?y ?m ?d
SYS_DEFAULT_EXPIRE= 1y
#sys_groupmail_sender - sender for groupmail, this account must
# exist orpostfix or other mta will complain error
#SYS_GROUPMAIL_SENDER= [email protected]
SYS_GROUPMAIL_SENDER= [email protected]
#sys_default_services, valid value: smtpd, smtp, webmail, netdisk,
# imap andpop3, concatenate with "," as multiple values, eg: webmail,smtpauth
SYS_DEFAULT_SERVICES= webmail,smtpd,smtp,pop3,netdisk
#sys_isp_mode, yes|no - if yes, use our HashDir to spread
# storageto multiple directories
SYS_ISP_MODE= no
#sys_domain_hashdir = yes|no, if yes we will enable domain hashdir
# depend onsys_isp_mode = yes
SYS_DOMAIN_HASHDIR= yes
#sys_domain_hashdir_depth, the hash length and depth, format:
# length xdepth, eg: 2x1 => length =2, depth =1
# depend onsys_isp_mode = yes
SYS_DOMAIN_HASHDIR_DEPTH= 2x2
#sys_user_hashdir = yes|no, if yes we will enable user hashdir
# depend onsys_isp_mode = yes
SYS_USER_HASHDIR= yes
#sys_user_hashdir_depth, similar to sys_hashdir_domain_depth
SYS_USER_HASHDIR_DEPTH= 2x2
# XXX FIXME
#experimental feature, per domain tranport/routing capability
# sameconfig style as SYS_USER_ROUTING_LIST
#SYS_DOMAIN_ROUTING_LIST = lmtp:mx1.extmail.org,lmtp:mx2.extmail.org
# XXX FIXME
#experimental feature, per user routing capability
# pleasespecify routing info, concatenate with "," as multiple list
# members,eg: smtp:mx1.abc.com,smtp:mx2.abc.com
#SYS_USER_ROUTING_LIST = smtp:[192.168.2.130],smtp:[192.168.2.128]
#sys_min_uid, the minimal uid
SYS_MIN_UID= 500
#sys_min_gid, the minimal gid
SYS_MIN_GID= 100
#sys_default_uid, if not set, webman will ignore it
SYS_DEFAULT_UID= 1003 //vmail用户的UID
#sys_default_gid, if not set, webman will ignore it
SYS_DEFAULT_GID= 1003 // vmail组的GID
#sys_quota_multiplier, in bytes, default to 1 MB
SYS_QUOTA_MULTIPLIER= 1048576
#sys_quota_type, valid type: vda|courier
SYS_QUOTA_TYPE= courier
# maxquota,alias, users and netdisk quota for domain
SYS_DEFAULT_MAXQUOTA= 500
SYS_DEFAULT_MAXALIAS= 100
SYS_DEFAULT_MAXUSERS= 100
SYS_DEFAULT_MAXNDQUOTA= 500
# per userdefault quota, netdisk quota and expire
SYS_USER_DEFAULT_QUOTA= 5
SYS_USER_DEFAULT_NDQUOTA= 5
SYS_USER_DEFAULT_EXPIRE= 1y
#sys_backend_type mysql|ldap
SYS_BACKEND_TYPE= mysql
#sys_crypt_type: crypt|cleartext|plain|md5|md5crypt|plain-md5|ldap-md5|sha|sha1
SYS_CRYPT_TYPE= md5crypt
# if mysql,all relate paramters should prefix as SYS_MYSQL
SYS_MYSQL_USER= extmail //数据库登录的用户名
SYS_MYSQL_PASS= 123456 //数据库登录的密码
SYS_MYSQL_DB= extmail //数据库名
SYS_MYSQL_HOST= 10.0.0.20 //数据库服务器IP
SYS_MYSQL_SOCKET= /tmp/mysql.sock
# tablename
SYS_MYSQL_TABLE= manager
SYS_MYSQL_ATTR_USERNAME= username
SYS_MYSQL_ATTR_PASSWD= password
# commentit if you only want to save crypted password
# we highlyrecommend that you disable the following line :)
#SYS_MYSQL_ATTR_CLEARPW = clearpwd
# if ldap,all relate paramters should prefix as SYS_LDAP
SYS_LDAP_BASE= dc=extmail.org
SYS_LDAP_RDN= cn=Manager,dc=extmail.org
SYS_LDAP_PASS= secret
SYS_LDAP_HOST= localhost
# ldifattributes
SYS_LDAP_ATTR_USERNAME= mail
SYS_LDAP_ATTR_PASSWD= userPassword
# commentit if you only want to save crypted password
# we highlyrecommend that you disable the following line :)
#SYS_LDAP_ATTR_CLEARPW = clearPassword
#sys_rrd_datadir, the full path of rrd data
SYS_RRD_DATADIR= /var/lib
#sys_rrd_tmpdir, the temp dir for graph
SYS_RRD_TMPDIR= /tmp/viewlog
#sys_rrd_queue_on, yes|no, show queue or not
SYS_RRD_QUEUE_ON= yes
修改extmail创建表的mysql语句
#vim/data/web/extman/docs/extmail.sql
vi 替换命令:【1,$s/TYPE=MyISAM/TYPE=MyISAM DEFAULTCHARSET=utf8/g】
这一行注意ENGINE=MyISAM COMMENT='ExtMail - VirtualDomains';
原来默认不是 ENGINE,改成这个才不报错的
初始化数据库:
添加用户后登录测试报错1:通过客户端无法链接数据库,是需要手动添加数据库extmail的用户名并设定密码,处理步骤1:
mysql>create user extmail identified by'123456'; //创建数据库的登录名
mysql>grant all privileges on extmail.* to extmail; //用户的权限分配
create user extmail@localhost identified by'123456';
grant allprivileges on extmail.* to extmail'@'localhost;
报错2:localhostauthdaemond: mysql_query failed, reconnecting: You have an error in your SQLsyntax; check the manual that corresponds to your MySQL server version for theright syntax to use near '/var/mailbox, maildir, "", name,"" FROM mailbox WHERE usern
处理2:字段格式错误,修改vim/usr/local/authlib/etc/authlib/authmysqlrc中把/var/mailbox加英文双引号
数据库用户名和密码extmail/123456
extman后台添加用户后 /var/mailbox里面没有产生该用户的目录,并且apache后台报错File does not exist:/usr/local/apache/htdocs/extman/plugins, referer:http://mail.example.com/extman/cgi/user.cgi
处理方法:chown -R vmail:vmail /var/mailbox即可
配置Apache
添加cgi和php支持:
DirectoryIndex index.html index.phpindex.cgi index.htm index.html.var
AllowOverride None
Options None
Order allow,deny
Allow from all
AddHandlercgi-script .cgi
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
虚拟机配置:
ServerNamewww.szgyzb.com
DocumentRoot/usr/local/apache/htdocs
ScriptAlias/extmail/cgi /usr/local/apache/htdocs/extmail/cgi
Alias/extmail /usr/local/apache/htdocs/extmail
#SuexecUserGroupvmail vmail
重启Apache生效
邮件管理后台图形日志服务测试(非必须,日后补充)
联调配置与测试
#vim/etc/postfix/master.cf
#
# Postfix master process configurationfile. For details on the format
# of the file, see the master(5) manual page(command: "man 5 master").
#
# Do not forget to execute "postfixreload" after editing this file.
#
#==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#dbmail-lmtp unix - - n - - lmtp -odisable_dns_lookups=yes //注销此行
#submission inet n - n - - smtpd
# -osmtpd_tls_security_level=encrypt
# -osmtpd_sasl_auth_enable=yes
# -osmtpd_client_restrictions=permit_sasl_authenticated,reject
# -omilter_macro_daemon_name=ORIGINATING
#smtps inet n - n - - smtpd
# -osmtpd_tls_wrappermode=yes
# -osmtpd_sasl_auth_enable=yes
# -osmtpd_client_restrictions=permit_sasl_authenticated,reject
# -omilter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disablefallback_relay to avoid MX loops
relay unix - - n - - smtp
-osmtp_fallback_relay=
# -o smtp_helo_timeout=5 -osmtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
#====================================================================
# Interfaces to non-Postfix software. Besure to examine the manual
# pages of the non-Postfix software to findout what options it wants.
#
# Many of the following services use thePostfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_READMEfile for details.
# Also specify in main.cf:maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop-d ${recipient}
#
#====================================================================
#
# Recent Cyrus versions can use the existing"lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a"listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of thefollowing:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
#====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf:cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension}${user}
#
# ====================================================================
#
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file forconfiguration details.
#
#uucp unix - n n - - pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail($recipient)
#
#====================================================================
#
# Other external delivery methods.
#
#ifmail unix - n n - - pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp unix - n n - - pipe
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop$recipient
#
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#
#mailman unix - n n - - pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
#vim/etc/postfix/main.cf
myhostname= www.szgyzb.com //服务器主机名
mydomain =szgyzb.com //域名,即邮件@后面显示的部分
myorigin =$mydomain //变量取值
inet_interfaces= all
mynetworks= 10.0.0.0/16,127.0.0.0/8 //设置网络,注意设置方式是IP段的方式
mydestination= $myhostname,localhost.$mydomain,localhost
smtpd_client_restrictions= check_client_access hash:/etc/postfix/access
alias_maps= $alias_database
alias_database= hash:/etc/aliases
mail_spool_directory= /var/spool/mail
default_recipient_refill_delay= 1s
#====================SASLESMTP Authenticat=================
smtpd_sasl_auth_enable= yes
smtpd_sasl_local_domain= $mydomain
smtpd_sasl_security_options= noanonymous
broken_sasl_auth_clients= yes
#========================Authwho to Internet Mail Begin==============
smtpd_restriction_classes= local_only //邮件外发管控
local_only= check_recipient_access hash:/etc/postfix/local_domains,reject //邮件外发管控
local_only1= check_sender_access hash:/etc/postfix/local_domains,reject //邮件外发管控
#local_only1= check_sender_access hash:/etc/postfix/local_domains,reject //邮件外发管控
#========================Authwho to Internet Mail End================
smtpd_recipient_restrictions= check_sender_accesshash:/etc/postfix/local_senders, permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination
smtpd_sasl_application_name= smtpd
smtpd_banner= $myhostname ESMTP Jobkoo mail system (version:1.0)
#=====================VritualMailbox settings=========================
virtual_mailbox_base= /var/mailbox/
virtual_mailbox_maps= mysql:/etc/postfix/mysql/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains= mysql:/etc/postfix/mysql/mysql_virtual_domains_maps.cf
#virtual_mailbox_domains= $mydomain
virtual_alias_domains=
virtual_alias_maps= mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf
virtual_uid_maps= static:1003 //vmail用户的UID
virtual_gid_maps= static:1003 //vmail用户的GID
virtual_transport= maildrop
maildrop_destination_recipient_limit= 1
maildrop_destination_concurrency_limit= 1
#====================QUOTA============================================
message_size_limit= 20000000
mailbox_size_limit= 409600000
virtual_mailbox_limit= 20000000
virtual_create_maildirsize= yes
virtual_mailbox_extended= yes
virtual_mailbox_limit_maps= mysql:/etc/postfix/mysql/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override= yes
virtual_maildir_limit_message= Sorry, the user's maildir has overdrawn his diskspace
quota, please try again later.
virtual_overquota_bounce= yes
smtp_host_lookup= dns, native
启动postfix
#postfixstart
#tail –f//var/log/maillog
联调配置与测试
[root@www conf]#/usr/local/authlib/sbin/authtest -s login [email protected] 123456
Authenticationsucceeded.
Authenticated: [email protected] (uid 1003, gid 1003)
Home Directory: /var/mailbox
Maildir: szgyzb.com/cjin/Maildir/
Quota: (none)
EncryptedPassword: $1$jG9ds5IO$GGA8Fw2fL3V.4dEi0Zfe9.
CleartextPassword: 123456
Options: (none)
说明:这样表明ExtMan的正确安装,数据库也正确导入,courier-authlib能正确连接到mysql数据库。
STMP认证测试
首先通过perl获取虚拟帐号和密码的base64编码,方式如下:
[root@www ~]# perl -e 'use MIME::Base64;print encode_base64("cjin\@szgyzb.com")'
Y2ppbkBzemd5emIuY29tLmNvbQ==
[root@www ~]# perl -e 'use MIME::Base64;print encode_base64("123456")'
MTIzNDU2
[root@www ~]# telnet 10.0.0.20 25
[root@www ~]# telnet 10.0.0.20 25 //以下红色手动输入
Trying10.0.0.20...
Connectedto 10.0.0.20.
Escapecharacter is '^]'.
220www.szgyzb.com ESMTP Jobkoo mail system (version:1.0)
ehlo www.szgyzb.com
250-www.szgyzb.com
250-PIPELINING
250-SIZE20000000
250-VRFY
250-ETRN
250-AUTHLOGIN PLAIN
250-AUTH=LOGINPLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250DSN
authlogin
334VXNlcm5hbWU6
Y2ppbkBzemd5emIuY29t
334UGFzc3dvcmQ6
MTIzNDU2
#2352.0.0
Authentication successful //表明SMTP认证测试成功
quit
2212.0.0 Bye
命令测试可以收发邮件但是 页面收件箱为空 :vim /usr/local/apache/htdocs/extmail/webmail.cf 的配置有问题,SYS_MAILDIR_BASE的值由默认的 /home/domains改为实际的 /var/mailbox
POP认证测试
[root@www~]# telnet 10.0.0.20 110
Trying10.0.0.20...
Connectedto 10.0.0.20.
Escapecharacter is '^]'.
+OKHello there.
+OKPassword required.
pass123456
+OKlogged in.
quit
+OKBye-bye.
命令行和WebMail(Extmail)或者客户端(Foxmail)的方式发信测试
[root@www~]# mail -s test [email protected]
testtest
EOT
说明:test作为邮件主题,手动输入的testtest作为邮件内容,输入完成敲回车后ctrl+d结束并发送邮件给[email protected]
http://www.szgyzb.com/extman([email protected]/123456)进入邮件后台,可添加用户上面测试用的,上述[email protected]帐号 就是在这里加的
访问http://www.szgyzb.com/extmanil 用[email protected]帐号登录即可看到刚才命令发信的信息,在后台再添加一个帐号 用Web端做收发测试即可
也可以用Foxmail客户端建立帐号做邮件的收发工作
邮件外发管控
#cd /etc/postfix
#touch local_domains
#touch local_senders
vim /etc/postfix/main.cf
配置:
smtpd_restriction_classes = local_only
local_only = check_recipient_accesshash:/etc/postfix/local_domains,reject
local_only1 = check_sender_accesshash:/etc/postfix/local_domains,reject
smtpd_recipient_restrictions参数加上下面
check_sender_access hash:/etc/postfix/local_senders
在/etc/postifx/local_out_senders加入要禁止外发邮件的邮件帐号地址
在/etc/postfix/local_domains配置
szgyzb.com ok
10.0.0.20 ok
#postmaphash:/etc/postfix/local_in_domains
#postmaphash:/etc/postfix/local_in_senders
#postfix reload //重载postfix配置
至此基于Postfix的邮件服务器搭建基本完成,当邮件需要收发外网的邮件时为了保证邮件的安全性和实现对外网垃圾邮件的拦截,建议安装杀毒软件及垃圾邮件扫描工具
邮件问题处理总结:
问题1:extman管理后台无法登录
进入extman目录下面的tools利用密码找回工具 重置密码
./adminctl.pl --mode=mod--managername="[email protected]" --password="123456"
问题2:不小心执行了chmod –R 777 /var导致/var及子目录、文件权限全部变化,结果是导致postfix无法开启,查看日志后台报错发现:Dec 12 10:00:07 localhostpostfix/master[31815]: fatal: open lock file /var/lib/postfix/master.lock:cannot open file: Permission denied查了一整天,最后终于发现问题在于 /var的权限问题,linux在权限的操作上要十分谨慎小心,一定要在系统定型以后做一个备份
[root@localhost lib]# ls -ld /var
drwx------. 22 root root 4096 Dec 10 15:53 /var
应该改为如下:[root@localhostlib]# chmod 755 /var
[root@localhost lib]# ls -ld /var
drwxr-xr-x. 22 root root 4096 Dec 10 15:53 /var
问题3:进入extman管理后台新增邮件用户帐号后 ,/var/mailbox下面不会生成帐号信息目录
用帐号登录邮箱时候报错Can't chdir to /var/mailbox/szgyzb.com/chao.jin/Maildir/, Permissiondenied
问题4:[root@www szgyzb.com]# /usr/local/authlib/sbin/authtest -s [email protected] 123456
Authentication FAILED: Input/output error
查看/var/log/maillog报错authdaemond: failed to connect to mysql server (server=www.gyzb.com,userid=extmail): Can't connect to MySQL server on 'www.gyzb.com' (110)
解决:vim /usr/local/authlib/etc/authlib/authmysqlrc
MYSQL_SERVER www.gyzb.com ==è改成10.0.0.20
问题5:[root@www szgyzb.com]#/usr/local/authlib/sbin/authtest -s login [email protected] 123456
Authentication FAILED: Operation not permitted
查看/var/log/maillog报错
Dec 17 14:06:01 www authdaemond: SQL query: SELECT username,password, "", '1003', '1003', "/var/mailbox", maildir,"", name, "" FROM mailbox WHERE username ='[email protected]' AND (active='1')
Dec 17 14:06:01 www authdaemond: zero rows returned
Dec 17 14:06:01 www authdaemond: authmysql: REJECT - trynext module
Dec 17 14:06:01 www authdaemond: FAIL, all modules rejected
解决:将sql copy到mysql客户端中查询发现查不到数据,去掉AND(active='1')
发现就可以查到,说明在创建cjin用户的时候,没有勾选激活,所以删除这个用户,重新创建勾选激活
再测试成功