postfix邮件服务器搭建



                  

 

 Postfix邮件服务器搭建方案

                    

操作系统:Linux Red Hat Enterprise Linux Serverrelease 6.3

IP:10.0.0.20

主机名:www.szgyzb.com

 

目标:1.实现局域网内部同域名之间互相收发;

     2.实现往外部Internet邮箱发送邮件;

     3.实现对部分帐号邮件外发管控;

 

一、需要安装的软件清单:

名称

版本

说明

Postfix

postfix-2.7.0.tar.gz

MTA

Mysql

mysql-5.5.9.tar.gz

存储虚拟用户信息的数据库

Courier-authlib

courier-authlib-0.62.4.tar.bz2

搭配SASL做验证

cyrus-sasl

cyrus-sasl-2.1.22.tar.gz

认证包

courier-imap

courier-imap-4.5.0.tar.bz2

结合postfix提供imappop3服务

perl

perl-5.10.1-127.el6.x86_64rpm

解释器

pcre

pcre-8.34.tar.gz

安装imap需要—perl兼容正则表达式

httpd

httpd-2.2.29.tar.gz

Web服务器提供虚拟机服务

Extmail

extman-0.2.5.tar.gz

邮件WebMail

Extmail

extmail-1.1.0.tar.gz

邮件后台管理包

DBD

DBD-mysql-3.0002_3.tar.gz

登录邮件服务器后台报错MySQL.pm line 13. BEGIN failed--compilation aborted需要安装这两个依赖工具

DBI

DBI-1.607.tar.gz

Clamav

 

杀毒软件

amavisd-new

 

扫描邮件病毒

Spamassassin

 

防垃圾邮件工具

maildrop

 

邮件投递

  1. 创建用户和组清单:

用户

简介

备注

mysql

mysql

mysql的用户和组

安装mysql时候创建

vmail

vmail

Postfix虚拟账户所使
用的用户和组

uid: 1003
gid: 1003

postfix

postfix

postfix主程序使用的用户和组

uid: 1000
gid: 1000

 

postdrop


Postfix
专用组

该组不能包含任何成员,包括前面的postfix虚拟帐号也不例外。
gid:1002

clamav

clamav

杀毒软件用户

 

amavis

amavis

邮件扫描用户

 

 

#groupadd -g 1001vmail

#useradd -g 1001 -u1001 -s /sbin/nologin -M vmail

#groupadd -g 1002postdrop

#groupadd -g 1000postfix

#useradd -g 1000 -u1000 -s /sbin/nologin -M postfix

#useradd clamav

#useradd amavis

  1. 卸载系统自带的sendmailsasl

#rpm -qa | grepsendmail

sendmail-8.13.8-2.el5

#service sendmailstop

#rpm -e --nodepssendmail

#rpm -qa |grep sasl

cyrus-sasl-lib-2.1.22-4

cyrus-sasl-devel-2.1.22-4 

cyrus-sasl-2.1.22-4 

cyrus-sasl-plain-2.1.22-4

#rpm -e --nodepscyrus-sasl-lib cyrus-sasl-devel cyrus-sasl cyrus-sasl-plain

 

  1. 创建虚拟用户的邮件存放路径

#mkdir -p/var/mailbox

#chown vmail:vmail/var/mailbox

#chmod 700/var/mailbox

  1. 源码包存放及解压路径

    /mail

  2. MysqlApache的安装

    省略,参考SVNwiki搭建文档中

  3. 安装配置courier-authlib

    重点在Configuremake这两步,容易出错,重点说明:

    ./configure --with-mailuser=vmail --with-mailgroup=vmail--with-mysql-libs=/usr/local/mysql/lib--with-mysql-include=/usr/local/mysql/include/mysql --prefix=/usr/local/authlib--without-stdheaderdir

    configure报错

    报错1configure: error: Cannot find either the gdbm or the dblibrary.

    处理1:原因是gdbm-devel的版本不对,开始用的是32位的工具gdbm-devel-1.8.0-24.i386.rpm,一直报错,重新下载一个64位的gdbm-devel 工具 gdbm-devel-1.8.0-26.2.1.el5_6.1.x86_64.rpm即可

    下载地址是http://rpm.pbone.net/index.php3?stat=3&limit=5&srodzaj=3&dl=40&search=gdbm-devel

    报错2make时候libgdbm.a: could not read symbols: Bad value

    处理2

    1.CFLAGS="-O3 -fPIC" ./configure--with-mailuser=vmail --with-mailgroup=vmail--with-mysql-libs=/usr/local/mysql/lib--with-mysql-include=/usr/local/mysql/include/mysql --prefix=/usr/local/authlib--without-stdheaderdir

2.gdbm-1.8.3.tar.gz configure时候也加上CFLAGS="-O3 -fPIC"

3.备份/usr/lib64/libgdbm.a文件 cp /usr/local/gdbm/lib/libgdbm.a/usr/lib64/cp /usr/local/gdbm/lib/libgdbm.a /usr/lib

make 通过

4.mysqllibinclude路径的指向需要注意,照搬网上的会容易出错,要根据自己源码安装的路径来

安装完成以后需要修改配置vim /usr/local/authlib/etc/authlib/authdaemonrc

authmodulelist="authmysql"

authmodulelistorig="authmysql"

#vim/usr/local/authlib/etc/authlib/authmysqlrc

配置如下:

##VERSION: $Id: authmysqlrc,v 1.202007/10/07 02:50:45 mrsam Exp $

#

# Copyright 2000-2007 Double Precision,Inc.  See COPYING for

# distribution information.

#

# Do not alter lines that begin with ##,they are used when upgrading

# this configuration.

#

# authmysqlrc created from authmysqlrc.distby sysconftool

#

# DO NOT INSTALL THIS FILE with world readpermissions.  This file

# might contain the MySQL admin password!

#

# Each line in this file must follow thefollowing format:

#

# field[spaces|tabs]value

#

# That is, the name of the field, followedby spaces or tabs, followed by

# field value.  Trailing spaces are prohibited.

 

 

##NAME: LOCATION:0

#

# The server name, userid, and password usedto log in.

 

MYSQL_SERVER www.szgyzb.com  //数据库服务器主机名

MYSQL_USERNAME extmail       //数据库登录用户名

 

MYSQL_PASSWORD 123456       //数据库登录密码

 

##NAME: SSLINFO:0

#

# The SSL information.

#

# To use SSL-encrypted connections, definethe following variables (available

# in MySQL 4.0, or higher):

#

#

# MYSQL_SSL_KEY        /path/to/file

# MYSQL_SSL_CERT       /path/to/file

# MYSQL_SSL_CACERT     /path/to/file

# MYSQL_SSL_CAPATH     /path/to/file

# MYSQL_SSL_CIPHERS    ALL:!DES

 

##NAME: MYSQL_SOCKET:0

#

# MYSQL_SOCKET can be used with MySQLversion 3.22 or later, it specifies the

# filesystem pipe used for the connection

#

# MYSQL_SOCKET                   /var/mysql/mysql.sock

MYSQL_SOCKET "/tmp/mysql.sock"

 

##NAME: MYSQL_PORT:0

#

# MYSQL_PORT can be used with MySQL version3.22 or later to specify a port to

# connect to.

 

#MYSQL_PORT                         0

MYSQL_PORT 3306     //数据库端口

 

##NAME: MYSQL_OPT:0

#

# Leave MYSQL_OPT as 0, unless you know whatyou're doing.

 

MYSQL_OPT 0

 

##NAME: MYSQL_DATABASE:0

#

# The name of the MySQL database we willopen:

 

#MYSQL_DATABASE               mysql

MYSQL_DATABASE extmail   //数据库名称

 

#NAME: MYSQL_CHARACTER_SET:0

#

# This is optional. MYSQL_CHARACTER_SETinstalls a character set. This option

# can be used with  MySQL version 4.1 or later. MySQL supports70+ collations

# for 30+ character sets. See MySQLdocumentations for more detalis.

#

# MYSQL_CHARACTER_SET latin1

 

##NAME: MYSQL_USER_TABLE:0

#

# The name of the table containing your userdata.  See README.authmysqlrc

# for the required fields in this table.

 

#MYSQL_USER_TABLE          passwd

MYSQL_USER_TABLE  mailbox  //虚拟帐号用户信息表

 

##NAME: MYSQL_CRYPT_PWFIELD:0

#

# Either MYSQL_CRYPT_PWFIELD orMYSQL_CLEAR_PWFIELD must be defined. Both

# are OK too. crypted passwords go intoMYSQL_CRYPT_PWFIELD, cleartext

# passwords go intoMYSQL_CLEAR_PWFIELD.  Cleartext passwordsallow

# CRAM-MD5 authentication to be implemented.

 

#MYSQL_CRYPT_PWFIELD              crypt

MYSQL_CRYPT_PWFIELD  password

 

##NAME: MYSQL_CLEAR_PWFIELD:0

#

#

# MYSQL_CLEAR_PWFIELD            clear

 

##NAME: MYSQL_DEFAULT_DOMAIN:0

#

# If DEFAULT_DOMAIN is defined, and someonetries to log in as 'user',

# we will look up 'user@DEFAULT_DOMAIN'instead.

#

#

# DEFAULT_DOMAIN                           example.com

DEFAULT_DOMAIN  gyzb.com

##NAME: MYSQL_UID_FIELD:0

#

# Other fields in the mysql table:

#

# MYSQL_UID_FIELD - contains the numericaluserid of the account

 

MYSQL_UID_FIELD  '1003'

 

##NAME: MYSQL_GID_FIELD:0

#

# Numerical groupid of the account

 

MYSQL_GID_FIELD  '1003' //虚拟帐号用户名ID

 

##NAME: MYSQL_LOGIN_FIELD:0

#

# The login id, default is id.  Basically the query is:

#

# SELECT MYSQL_UID_FIELD, MYSQL_GID_FIELD, ... WHERE id='loginid'

#

 

MYSQL_LOGIN_FIELD  username

 

##NAME: MYSQL_HOME_FIELD:0

#

 

MYSQL_HOME_FIELD  "/var/mailbox"  //注意有双引号

 

##NAME: MYSQL_NAME_FIELD:0

#

# The user's name (optional)

 

MYSQL_NAME_FIELD  name

 

##NAME: MYSQL_MAILDIR_FIELD:0

#

# This is an optional field, and can be usedto specify an arbitrary

# location of the maildir for the account,which normally defaults to

# $HOME/Maildir (where $HOME is read fromMYSQL_HOME_FIELD).

#

# You still need to provide aMYSQL_HOME_FIELD, even if you uncomment this

# out.

#

MYSQL_MAILDIR_FIELD  maildir

 

##NAME: MYSQL_DEFAULTDELIVERY:0

#

# Courier mail server only: optional fieldspecifies custom mail delivery

# instructions for this account (if defined)-- essentially overrides

# DEFAULTDELIVERY from${sysconfdir}/courierd

#

# MYSQL_DEFAULTDELIVERY defaultdelivery

 

##NAME: MYSQL_QUOTA_FIELD:0

#

# Define MYSQL_QUOTA_FIELD to be the name ofthe field that can optionally

# specify a maildir quota.  See README.maildirquota for more information

#

 MYSQL_QUOTA_FIELD  (quota,'S')

 

##NAME: MYSQL_AUXOPTIONS:0

#

# Auxiliary options.  The MYSQL_AUXOPTIONS field should be a charfield that

# contains a single string consisting ofcomma-separated "ATTRIBUTE=NAME"

# pairs. These names are additional attributes that define various per-account

# "options", as given in INSTALL'sdescription of the "Account OPTIONS"

# setting.

#

# MYSQL_AUXOPTIONS_FIELD     auxoptions

#

# You might want to try something like this,if you'd like to use a bunch

# of individual fields, instead of a singletext blob:

#

# MYSQL_AUXOPTIONS_FIELD             CONCAT("disableimap=",disableimap,",disablepop3=",disablepop3,",disablewebmail=",disablewebmail,",sharedgroup=",sharedgroup)

#

# This will let you define fields called"disableimap", etc, with the end result

# being something that the OPTIONS parserunderstands.

 

 

##NAME: MYSQL_WHERE_CLAUSE:0

#

# This is optional, MYSQL_WHERE_CLAUSE canbe basically set to an arbitrary

# fixed string that is appended to the WHEREclause of our query

#

# MYSQL_WHERE_CLAUSE             server='mailhost.example.com'

MYSQL_WHERE_CLAUSE  active='1'

 

##NAME: MYSQL_SELECT_CLAUSE:0

#

# (EXPERIMENTAL)

# This is optional, MYSQL_SELECT_CLAUSE canbe set when you have a database,

# which is structuraly different fromproposed. The fixed string will

# be used to do a SELECT operation ondatabase, which should return fields

# in order specified bellow:

#

# username, cryptpw, clearpw, uid, gid,home, maildir, quota, fullname, options

#

# The username field should include thedomain (see example below).

#

# Enabling this option causes ignorance ofany other field-related

# options, excluding default domain.

#

# There are two variables, which you canuse. Substitution will be made

# for them, so you can put entered username(local part) and domain name

# in the right place of your query. Thesevariables are:

#                          $(local_part), $(domain),$(service)

#

# If a $(domain) is empty (not given by theremote user) the default domain

# name is used in its place.

#

# $(service) will expand out to the servicebeing authenticated: imap, imaps,

# pop3 or pop3s.  Courier mail server only: service will alsoexpand out to

# "courier", when searching forlocal mail account's location.  In thiscase,

# if the "maildir" field is notempty it will be used in place of

# DEFAULTDELIVERY.  Courier mail server will also use esmtp whendoing

# authenticated ESMTP.

#

# This example is a little bit modifiedadaptation of vmail-sql

# database scheme:

#

# MYSQL_SELECT_CLAUSE              SELECT CONCAT(popbox.local_part, '@',popbox.domain_name),                                   \

#                                          CONCAT('{MD5}',popbox.password_hash),                 \

#                                          popbox.clearpw,                                                            \

#                                          domain.uid,                                                                      \

#                                          domain.gid,                                                                       \

#                                          CONCAT(domain.path,'/', popbox.mbox_name),  \

#                                          '',                                                                                 \

#                                          domain.quota,                                                                \

#                                          '',                                                                                 \

#                                          CONCAT("disableimap=",disableimap,",disablepop3=",    \

#                             disablepop3,",disablewebmail=",disablewebmail, \

#                             ",sharedgroup=",sharedgroup)             \

#                                          FROMpopbox, domain                                             \

#                                          WHEREpopbox.local_part = '$(local_part)'              \

#                                          ANDpopbox.domain_name = '$(domain)'                 \

#                                          ANDpopbox.domain_name = domain.domain_name

 

 

##NAME: MYSQL_ENUMERATE_CLAUSE:1

#

# {EXPERIMENTAL}

# Optional custom SQL query used toenumerate accounts for authenumerate,

# in order to compile a list of accounts forshared folders.  The query

# should return the following fields: name,uid, gid, homedir, maildir, options

#

# Example:

# MYSQL_ENUMERATE_CLAUSE   SELECT CONCAT(popbox.local_part, '@',popbox.domain_name),                                   \

#                                          domain.uid,                                                                      \

#                                          domain.gid,                                                                       \

#                                          CONCAT(domain.path,'/', popbox.mbox_name),  \

#                                          '',                                                                                 \

#                                          CONCAT('sharedgroup=',sharedgroup)                         \

#                                          FROMpopbox, domain                                             \

#                                          WHEREpopbox.local_part = '$(local_part)'              \

#                                          ANDpopbox.domain_name = '$(domain)'                 \

#                                          ANDpopbox.domain_name = domain.domain_name

 

 

 

##NAME: MYSQL_CHPASS_CLAUSE:0

#

# (EXPERIMENTAL)

# This is optional, MYSQL_CHPASS_CLAUSE canbe set when you have a database,

# which is structuraly different fromproposed. The fixed string will

# be used to do an UPDATE operation ondatabase. In other words, it is

# used, when changing password.

#

# There are four variables, which you canuse. Substitution will be made

# for them, so you can put entered username(local part) and domain name

# in the right place of your query. Therevariables are:

#            $(local_part), $(domain) , $(newpass) , $(newpass_crypt)

#

# If a $(domain) is empty (not given by theremote user) the default domain

# name is used in its place.

# $(newpass) contains plain password

# $(newpass_crypt) contains its crypted form

#

# MYSQL_CHPASS_CLAUSE             UPDATE           popbox                                                                   \

#                                          SET       clearpw='$(newpass)',                                  \

#                                                        password_hash='$(newpass_crypt)'    \

#                                          WHERE            local_part='$(local_part)'                          \

#                                          AND    domain_name='$(domain)'

#

切换到源码目录,启动authlib,并设置开机自启动

#cp courier-authlib.sysvinit/etc/init.d/courier-authlib

#chmod 755 /etc/init.d/courier-authlib

#chkconfig --add courier-authlib

#chkconfig courier-authlib on

#servicecourier-authlib start

查看是否启动:

[root@www init.d]# ps -aux|grep authlib

Warning: bad syntax, perhaps a bogus '-'?See /usr/share/doc/procps-3.2.8/FAQ

root     1291  0.0 0.0   4060   508 ?       S    Nov12   0:00 /usr/local/authlib/sbin/courierlogger-pid=/usr/local/authlib/var/spool/authdaemon/pid -start/usr/local/authlib/libexec/courier-authlib/authdaemond

root     1292  0.0  0.1 36316  1680 ?        S   Nov12   0:00/usr/local/authlib/libexec/courier-authlib/authdaemond

root     1293  0.0  0.1 114328 1772 ?        S    Nov12  0:00 /usr/local/authlib/libexec/courier-authlib/authdaemond

root     1294  0.0  0.1 114328 1772 ?        S    Nov12  0:00 /usr/local/authlib/libexec/courier-authlib/authdaemond

root     1295  0.0  0.1 114328 1772 ?        S    Nov12  0:00 /usr/local/authlib/libexec/courier-authlib/authdaemond

root     1296  0.0  0.1 114328 1772 ?        S    Nov12  0:00 /usr/local/authlib/libexec/courier-authlib/authdaemond

root      1297 0.0  0.1 114328  1772 ?       S    Nov12   0:00/usr/local/authlib/libexec/courier-authlib/authdaemond

查到上面的进程,表明authlib启动成功

修改authdaemon socket目录权限如果该目录权限不正确修改,maildroppostfix等将无法正确获取用户的信息及密码认证:

#chmod 755/usr/local/authlib/var/spool/authdaemon

#ll -d/usr/local/authlib/var/spool/authdaemon

drwxr-xr-x

系统集成

#ln -s/usr/local/courier-authlib/lib/courier-authlib/* /usr/lib

#ldconfig –v

  1. 安装配置Cyrus-SASL2 

重点在Configure这步容易出错,重点说明:

步骤1./configure --prefix=/usr/local/sasl2 --disable-gssapi --disable-anon --disable-sample --disable-digest --enable-plain --enable-login--enable-sql  --with-mysql=/usr/local/mysql --with-mysql-includes=/usr/local/mysql/include/mysql --with-mysql-libs=/usr/local/mysql/lib--with-authdaemond=/usr/local/authlib/var/spool/authdaemon/socket(第一次用这种验证方式,STMP测试无法通过)

./configure --prefix=/usr/local/sasl2 --disable-anon--disable-gssapi --disable-sample --disable-digest  --enable-plain --enable-login --enable-cram--enable-digest --enable-sql --with-mysql=/usr/local/mysql --with-mysql-includes=/usr/local/mysql/include/mysql--with-mysql-libs=/usr/local/mysql/lib --with-saslauthd=/var/run/saslauthd(重新编译安装改为saslauthd验证,SMTP测试通过)

make报错

报错1error: mysql.h: No such file or directory

处理1.这是因为在编译时需要 MySQL 的头的文件。而它按默认搜索找不到头文件的位置,所以才出现这个问题。通过软连接把MySQL头文件对应到/usr/local/include/下就好

 比如你的MySQL安装文件位于/usr/local/mysql,那么就执行以下命令:

 # ln -s/usr/local/mysql/include/* /usr/local/include/

报错2error: des.h: No such file or directory

处理2:查到openssl安装目录下面的des.sh路径,编译cyrus时候会去默认的路径/usr/local/include下面找des.sh文件,但是实际des.sh是在/usr/local/ssl/include/openssl/下面的,故做软连接处理,确保可以找到

ln -s /usr/local/ssl/include/openssl/*/usr/local/include/

系统集成

#ln -s /usr/local/lib/sasl2/ /usr/lib/

#ldconfig -v | grep sasl

PostfixSMTP认证需要透过Cyrus-SASL,连接到authdaemon获取认证信息,这里我们需要配置smtp的验证,后续的还需要修改postfixmain.cf文件这里先不错说明,等到了配置postfix的时候再介绍如何配置postfixsmtp认证的配置

vim /usr/local/sasl2/lib/sasl2/smtpd.conf

#pwcheck_method:saslauthd (原来采用此,SMTP验证测试老是不通过,改为下面的方式才通过)

pwcheck_method:authdaemond

mech_list: plain login

log_level: 3

authdaemond_path:/usr/local/authlib/var/spool/authdaemon/socket  //安装authlib时候socket的路径

 

  1. 安装配置Postfix

    主要是编译步骤采用第二种,前提是要装好BerkeleyDB

    make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL-I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL-I/usr/local/sasl2/include/sasl' 'AUXLIBS=-L/usr/local/mysql/lib -lmysqlclient-lz -lm -L/usr/local/lib -lsasl2'

    make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL-I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL-I/usr/local/sasl2/include/sasl -I/usr/local/BerkeleyDB/include  -DUSE_TLS -I/usr/local/ssl/include/openssl ''AUXLIBS=-L/usr/local/mysql/lib -lmysqlclient -lz -lm -L/usr/local/sasl2/lib-lsasl2 -L/usr/local/BerkeleyDB/lib -L/usr/local/ssl/lib -lssl -lcrypto'

    报错1:找不到libmysqlclient.so 

    处理1ln-s /usr/local/mysql/lib/libmysqlclient.so /usr/lib/libmysqlclient.soln -s /usr/local/mysql/lib/libmysqlclient.so/usr/lib64/libmysqlclient.so

    类似的问题都可以这样处理

    报错2errorwhile loading shared libraries: libmysqlclient.so.16: cannot open shared objectfile: No such file 

编译完成后程序会自动进入交互状态,等待用户的输入,一般情况下,一路回车即可完成所有的安装。生成别名二进制文件

#/usr/bin/newaliases

这条命令的作用就是将/etc/alias 文件利用工具转为postfix可以读取的二进制文件,存为/etc/postfix/ aliases

验证安装的Postfix是否支持SASLMySQL

#postconf -a

cyrus

dovecot

#postconf -m

btree

cidr

environ

hash

mysql

nis

proxy

regexp

static

unix

注意:

1)如果没有显示出cyrus项说明你的postfix不支持SASL,需要检查但前系统是否将libsasl库加入到系统中,利用ldconfig -v | grep 查看。如果没有libsasl2.so.2 -> libsasl2.so.2.0.23 需要将/usr/local/lib目录添加到/etc/ld.so.conf文件中然后再执行ldconfig命令使其生效。这在前面的安装前准备工作中已经有介绍。

2)如果没有mysql项说明postfix不支持mysql协议的查询,肯定是编译时mysql的目录指定错误,重新查看mysqllib目录和include目录的确切位置后重新编译安装postfix

 

Postfix配置

Postfix的配置我们放到最后等courier-imapmaildropextmail安装完成之后做统一的配置。

创建虚拟用户验证配置文件的目录由于我们的虚拟用户是结合mysql进行验证的,

postfix的配置文件中可以针对虚拟用户进行配置的定义,该目录就是存储mysql验证的配置文件。

后文extman配置时会介绍。这里先创建相应目录。

#mkdir -p /etc/postfix/mysql

创建postfix启动daemon控制脚本

#vim /etc/init.d/postfix

#!/bin/sh

# postfix Postfix Mail Transfer Agent

# chkconfig: 2345 80 30 

 

# description: Postfix is a Mail TransportAgent, which is the program \

 

# that moves mail from one machine toanother.

 

# processname: master 

 

# pidfile: /var/spool/postfix/pid/master.pid

 

# config: /etc/postfix/main.cf

 

# config: /etc/postfix/master.cf

 

# 

 

# $Revision: 2.4 $

 

# 

 

# Source function library.

 

. /etc/rc.d/init.d/functions

 

# Source networking configuration.

 

. /etc/sysconfig/network

 

# Check that networking is up.

 

[ ${NETWORKING} = "no" ]&& exit 0

 

[ -x /usr/sbin/postfix ] || exit 0

 

[ -d /etc/postfix ] || exit 0

 

[ -d /var/spool/postfix ] || exit 0

 

RETVAL=0

 

start() {

 

# Start daemons. 

 

echo -n "Starting postfix: " 

 

/usr/sbin/postfix start 2>/dev/null1>&2 && success || failure

 

RETVAL=$? 

 

[ $RETVAL -eq 0 ] && touch/var/lock/subsys/postfix

echo 

 

return $RETVAL

 

}

 

stop() {

 

# Stop daemons. 

 

echo -n "Shutting down postfix:" 

 

/usr/sbin/postfix stop 2>/dev/null1>&2 && success || failure

 

RETVAL=$? 

 

[ $RETVAL -eq 0 ] && rm -f/var/lock/subsys/postfix

 

echo 

 

return $RETVAL

 

} 

 

reload() { 

 

echo -n "Reloading postfix: " 

 

/usr/sbin/postfix reload 2>/dev/null1>&2 && success || failure

 

RETVAL=$?

 

echo 

 

return $RETVAL

 

} 

 

restart() {

 

stop

 

start

 

} 

 

abort() { 

 

/usr/sbin/postfix abort 2>/dev/null1>&2 && success || failure

 

return $?

 

} 

 

flush() { 

 

/usr/sbin/postfix flush 2>/dev/null1>&2 && success || failure

 

return $?

 

} 

 

check() { 

 

/usr/sbin/postfix check 2>/dev/null1>&2 && success || failure

 

return $?

 

} 

 

# See how we were called.

 

case "$1" in

 

start)

 

start

 

;;

 

stop)

 

stop

 

;;

 

restart)

 restart

 

;;

 

reload)

 

reload

 

;;

 

abort)

 

abort

 

;;

 

flush)

 

flush

 

;;

 

check)

 

check

 

;;

 

status)

 

status master

 

;; 

 

condrestart) 

 

# don't use /var/lock/subsys/postfix, checkfor postfix running directly

 

daemon_directory=$(postconf -hdaemon_directory)

 

$daemon_directory/master -t 2>/dev/null&& : || restart

 

;;

 

*) 

 

echo "Usage: postfix 

 

{start|stop|restart|reload|abort|flush|check|status|condrestart}"

 

exit 1

 

esac

 

exit $?

添加服务,指定自动启动

#chmod +x /etc/init.d/postfix

#chkconfig --add postfix

#chkconfig postfix on

  1. 安装配置courier-imap

    ./configure --prefix=/usr/local/courier-imap--with-redhat --disable-root-check  --enable-unicode=utf-8,iso-8859-1,gb2312,gbk,gb18030--with-trashquota --with-dirsync --with-mysql-libs=/usr/local/mysql/lib--with-mysql-includes=/usr/local/mysql/include/mysql --with-authmysql--with-authmysql=yes CPPFLAGS='-I/usr/local/authlib/include'LDFLAGS='-L/usr/local/authlib/lib/courier-authlib' COURIERAUTHCONFIG='/usr/local/courier-authlib/bin/courierauthconfig'

    报错1configure: error: courierauthconfig not found

    处理1ln -s /usr/local/authlib/bin/courierauthconfig/usr/bin/courierauthconfig

    其它报错处理:换4.5版本解决问题

    配置

    #vim/usr/local/courier-imap/etc/imapd

    跳到文件最后,找到IMAPDSTART=NO

    替换为IMAPDSTART=YES

    #vim/usr/local/courier-imap/etc/pop3d

    imapd文件类似,在文件最后找到POP3DSTART=NO

    修改为POP3DSTART=YES启动服务

    #service imapdstart

    StartingCourier-IMAP server: imap pop3

    #netstat -tulnp |egrep "110|143"

    tcp 0 0 :::110:::* LISTEN 23349/couriertcpd

    tcp 0 0 :::143:::* LISTEN 23343/couriertcpd

  2. 安装配置pcre比较简单过程省略

  3. 安装maildrop

    ./configure--enable-sendmail=/usr/sbin/sendmail --enable-trusted-users='root vmail' --enable-syslog=1--enable-maildirquota --enable-maildrop-uid=1003  --enable-maildrop-gid=1003 --with-trashquota--with-dirsync

    验证安装

    #maildrop -v

    maildrop 2.1.0 Copyright 1998-2005 DoublePrecision, Inc.

    GDBM/DB extensions enabled.

    Courier Authentication Library extensionenabled.

    Maildir quota extension enabled. 

    This program is distributed under the termsof the GNU General Public

    License. See COPYING for additionalinformation.

    如果没有显示Courier Authentication Library extension enabled.说明你的maidrop还不支持courier auth,请仔细检查,重新编译maildrop建议不要自定义目录安装,可以减少不必要的麻烦,删除很方便:直接在已经编译的源代码目录make uninstall知道maildrop把邮件移动到哪个用户目录还是非常有必要的,这个操作就是maildrop的日志记录。这里我们创建一个新文件/etc/maildroprc,这个文件就2行内容:如果加入反SPAM,需要更改以下内容

    #touch /var/log/maildrop.log;chownvmail.vmail /var/log/maildrop.log

     

  4. 安装配置extmanextmail

    解压它们,并拷贝它们的解压出来的目录到/usr/local/apache/htdocs下面

    #tar -xvzf extmail-1.1.0.tar.gz -C/usr/local/apache/htdocs

    #cd /usr/local/apache/htdocs

    #mv extmail-1.1.0/ extmail

    #chown vmail.vmail extmail/ -R

    #cd extmail

    #cp -pwebmail.cf.default webmail.cf

    配置extmail.cf

    # sys_config, theconfig file and webmail programe root

    SYS_CONFIG =/usr/local/apache/htdocs/extmail/  //虚拟机指向的extmail路径

     

    # sys_langdir, thei18n dir

    SYS_LANGDIR =/usr/local/apache/htdocs/extmail/lang

     

    # sys_templdir,the template dir

    SYS_TEMPLDIR =/usr/local/apache/htdocs/extmail/html

     

    # sys_http_cache,a switch to enable or disable http cache via http header

    SYS_HTTP_CACHE = 0

     

    # sys_smtp_host

    SYS_SMTP_HOST =10.0.0.20  //smtp服务器 IP

     

    # sys_smtp_port

    SYS_SMTP_PORT = 25  //smtp端口

     

    # sys_smtp_timeout

    SYS_SMTP_TIMEOUT =5  //smtp超时时间

     

    #sys_spam_report_on = 1 | 0 - enable spam reporting or not

    SYS_SPAM_REPORT_ON= 0

     

    #sys_spam_report_type = dspam | spamassassin - spam reporting type

    SYS_SPAM_REPORT_TYPE= dspam

     

    # sys_warn, showsystem warning or not, default to yes

    SYS_SHOW_WARN = 0

     

    #sys_permit_noquota, permit an account without qouta?

    SYS_PERMIT_NOQUOTA= 1

     

    # sys_sess_dir,the session dir

    SYS_SESS_DIR =/tmp

     

    #sys_upload_tmpdir, the temp directory for file uploading

    SYS_UPLOAD_TMPDIR= /tmp

     

    # sys_log_on = 1 |0 - enable logging or not

    SYS_LOG_ON = 1

     

    # sys_log_type =file|syslog|nsyslog, syslog will save login

    # or error infointo mail.*, nsyslog is a replacement to syslog

    # that will sendlog message to network syslogd

    #SYS_LOG_TYPE =syslog

    SYS_LOG_TYPE =file

     

    # sys_log_file -path to log file, if sys_log_type = file

    SYS_LOG_FILE =/var/log/extmail.log

     

    #sys_sess_timeout, session timeout, default 3 hours (3h) format:

    #number+(s|m|h|d|M|y); or only number, the 0 means that the

    # session willlast for 0 seconds, but if you specify the

    #sys_sess_cookie_only = 1 then it means the session will expire

    # after you closeyour browser :)

    SYS_SESS_TIMEOUT= 0

     

    #sys_sess_cookie_only = 0|1 use cookie only or include cgi "sid"

    # parameter ? ifset to true(1), the session will be expired after

    # sys_sess_timeoutif there is no any active request from browser

    SYS_SESS_COOKIE_ONLY= 1

     

    # sys_user_psize,user default page_size

    SYS_USER_PSIZE =10

     

    # sys_user_tsize,user mail subject truncate size, valid type:

    # auto    => full text

    # screen1 =>800x600

    # screen2 =>1024x768

    # screen3 =>1280x1024

    SYS_USER_SCREEN =auto

     

    # sys_user_lang,user default language

    #SYS_USER_LANG =en_US

    SYS_USER_LANG =zh_CN

     

    # sys_app_type,the app type: WebMail or ExtMan? It must be the same

    # as prefix partof language package name, eg: WebMail::en_US

    SYS_APP_TYPE =WebMail

     

    #sys_user_template, user default template

    SYS_USER_TEMPLATE= default

     

    #sys_user_charset, user default charset

    SYS_USER_CHARSET =utf-8

     

    # sys_user_trylocal,user default outgoing encoding mechanism

    SYS_USER_TRYLOCAL= 1

     

    #sys_user_timezone, user default timezone

    SYS_USER_TIMEZONE= +0800

     

    # sys_user_*default parameters

    SYS_USER_CCSENT =1

    SYS_USER_SHOW_HTML= 1

    SYS_USER_COMPOSE_HTML= 1

    SYS_USER_CONV_LINK=1

    SYS_USER_ADDR2ABOOK= 1

     

    #sys_message_size_limit, default message size limit per user

    # count asbyte(s), eg: 5242880 means 5MB

    SYS_MESSAGE_SIZE_LIMIT= 5242880

     

    #sys_min_pass_len, minimal password length, default 2

    SYS_MIN_PASS_LEN =2

     

    # sys_mfilter_on,default is off

    SYS_MFILTER_ON = 1

     

    # sys_netdisk_on,default is off

    SYS_NETDISK_ON = 1

     

    # sys_show_signup,default is on, this feature need extman

    # 0.2.2 or higherversion, built with signup serivce

    SYS_SHOW_SIGNUP =1

     

    # sys_debug_on,default is off

    SYS_DEBUG_ON = 1

     

    # sys auth type,mysql/ldap/authlib

    SYS_AUTH_TYPE =mysql

     

    # maildir_base,the base dir of user maildir, use absolute path

    # if not set.

    #SYS_MAILDIR_BASE= /home/domains

    SYS_MAILDIR_BASE =/var/mailbox   //这里是存放邮件的路径,注意不要写错,否则造成只能发不能收的问题

    # sys_auth_schema,vpopmail1/vpopmail2/virtual

    # vpopmail1 =>all user accounts in one table

    # vpopmail2 =>accounts in per domain table

    SYS_AUTH_SCHEMA =virtual

     

    # crypt_type, thedefault encrypt type of password, possible type

    # currently iscrypt|cleartext|plain|md5|md5crypt|plain-md5|ldap-md5|sha|sha1

    SYS_CRYPT_TYPE =md5crypt

     

    # if mysql, allrelate parameters should prefix as SYS_MYSQL

    SYS_MYSQL_USER =extmail  //mysql数据库用户名

    SYS_MYSQL_PASS =123456  //mysql数据库密码

    SYS_MYSQL_DB =extmail  //mysql数据库名

    SYS_MYSQL_HOST =10.0.0.20 //mysql DB服务器 IP

    SYS_MYSQL_SOCKET =/tmp/mysql.sock

    # table name

    SYS_MYSQL_TABLE =mailbox

    SYS_MYSQL_ATTR_USERNAME= username

    SYS_MYSQL_ATTR_DOMAIN= domain

    SYS_MYSQL_ATTR_PASSWD= password

    # sys_mysql_attr_clearpw- attribute to save clear password, useful for

    # postmasterwithdraw the original passwd if the end user forgot, but

    # we highlyrecommend that you don't enable it for security reason

    SYS_MYSQL_ATTR_CLEARPW= clearpwd

    SYS_MYSQL_ATTR_QUOTA= quota

    SYS_MYSQL_ATTR_NDQUOTA= netdiskquota

    SYS_MYSQL_ATTR_HOME= homedir

    SYS_MYSQL_ATTR_MAILDIR= maildir

    # serviceenable/disable attributes

    # comment them outif you don't want their function

    SYS_MYSQL_ATTR_DISABLEWEBMAIL= disablewebmail

    SYS_MYSQL_ATTR_DISABLENETDISK= disablenetdisk

    SYS_MYSQL_ATTR_DISABLEPWDCHANGE= disablepwdchange

    SYS_MYSQL_ATTR_ACTIVE= active

    # passwordretrieve attributes

    # comment them outif you don't want such function

    SYS_MYSQL_ATTR_PWD_QUESTION= question

    SYS_MYSQL_ATTR_PWD_ANSWER= answer

     

    # if ldap, allrelate parameters should prefix as SYS_LDAP

    SYS_LDAP_BASE =o=extmailAccount,dc=example.com

    SYS_LDAP_RDN =cn=Manager,dc=example.com

    SYS_LDAP_PASS =secret

    SYS_LDAP_HOST =localhost

    # ldif attributes

    SYS_LDAP_ATTR_USERNAME= mail

    SYS_LDAP_ATTR_DOMAIN= virtualDomain

    SYS_LDAP_ATTR_PASSWD= userPassword

    #sys_ldap_attr_clearpw - attribute to save clear password, useful for

    # postmasterwithdraw the original passwd if the end user forgot, but

    # we highlyrecommend that you don't enable it for security reason

    SYS_LDAP_ATTR_CLEARPW= clearPassword

    SYS_LDAP_ATTR_QUOTA= mailQuota

    SYS_LDAP_ATTR_NDQUOTA= netdiskQuota

    SYS_LDAP_ATTR_HOME= homeDirectory

    SYS_LDAP_ATTR_MAILDIR= mailMessageStore

    # serviceenable/disable attributes

    # comment them outif you don't want their function

    SYS_LDAP_ATTR_DISABLEWEBMAIL= disablewebmail

    SYS_LDAP_ATTR_DISABLENETDISK= disablenetdisk

    SYS_LDAP_ATTR_DISABLEPWDCHANGE= disablePasswdChange

    SYS_LDAP_ATTR_ACTIVE= active

    # passwordretrieve attributes

    # comment them outif you don't want such function

    SYS_LDAP_ATTR_PWD_QUESTION= question

    SYS_LDAP_ATTR_PWD_ANSWER= answer

     

    # if authlib, allrelate parameters should prefix as AUTHLIB

    SYS_AUTHLIB_SOCKET= /usr/local/authlib/var/spool/authdaemon/socket

     

    # Global Abooksupport

    #sys_g_abook_type, global abook type, valid is ldap|file

    SYS_G_ABOOK_TYPE =file

     

    # if ldap, allrelate parameters should prefix as SYS_G_ABOOK_LDAP

    SYS_G_ABOOK_LDAP_HOST= localhost

    SYS_G_ABOOK_LDAP_BASE= ou=AddressBook,dc=example.com

    SYS_G_ABOOK_LDAP_ROOTDN= cn=Manager,dc=example.com

    SYS_G_ABOOK_LDAP_ROOTPW= secret

    SYS_G_ABOOK_LDAP_FILTER= objectClass=OfficePerson

     

    # if file, allrelate parameters should prefix as SYS_G_ABOOK_FILE

    SYS_G_ABOOK_FILE_PATH= /var/www/extsuite/extmail/globabook.cf

    SYS_G_ABOOK_FILE_LOCK= 1

    SYS_G_ABOOK_FILE_CONVERT= 0

    SYS_G_ABOOK_FILE_CHARSET= utf-8

#tar -xvzf extman-0.2.5.tar.gz -C/usr/local/apache/htdocs

#cd /usr/local/apache/htdocs

#mv extman-0.2.5/ extman; chown vmail.vmailextman –R

配置webman.cf

# vim /data/web/extman/webman.cf

#sys_config, the config file and webman programe root

SYS_CONFIG= /usr/local/apache/htdocs/extman/     //虚拟机指向的extman的路径

 

#sys_langdir, the i18n dir

SYS_LANGDIR= /usr/local/apache/htdocs/extman/lang

 

# sys_templdir,the template dir

SYS_TEMPLDIR= /usr/local/apache/htdocs/extman/html

 

#maildir_base, the base dir of user maildir, use absolute path

# if notset.

SYS_MAILDIR_BASE= /var/mailbox/

 

# sys_warn,show system warning or not, default to yes

SYS_SHOW_WARN= 0

 

#sys_sess_dir, the session dir

SYS_SESS_DIR= /var/tmp/extman/

 

#sys_captcha_on 1|0 - to enable captcha feature or not

SYS_CAPTCHA_ON= 0

 

#sys_captcha_key

SYS_CAPTCHA_KEY= r3s9b6a7

 

#sys_captcha_len

SYS_CAPTCHA_LEN= 6

 

#sys_purge_data - to completely destroy user's mailbox or not?

SYS_PURGE_DATA = 0

 

#sys_sess_timeout, session timeout in seccond, default 6 hours

#SYS_SESS_TIMEOUT = 21600

 

#sys_user_psize, user default page_size

SYS_PSIZE =20

 

#sys_user_lang, user default language

# SYS_LANG= en_US

 

#sys_app_type, the app type: WebMail or ExtMan? It must be the same

# as prefixpart of language package name, eg: WebMail::en_US

SYS_APP_TYPE= ExtMan

 

#sys_template_name, the template name

SYS_TEMPLATE_NAME= default

 

# webmanagement related restritions

#sys_default_expire, valid value: ?y ?m ?d

SYS_DEFAULT_EXPIRE= 1y

 

#sys_groupmail_sender - sender for groupmail, this account must

# exist orpostfix or other mta will complain error

#SYS_GROUPMAIL_SENDER= [email protected]

SYS_GROUPMAIL_SENDER= [email protected]

#sys_default_services, valid value: smtpd, smtp, webmail, netdisk,

# imap andpop3, concatenate with "," as multiple values, eg: webmail,smtpauth

SYS_DEFAULT_SERVICES= webmail,smtpd,smtp,pop3,netdisk

 

#sys_isp_mode, yes|no - if yes, use our HashDir to spread

# storageto multiple directories

SYS_ISP_MODE= no

 

#sys_domain_hashdir = yes|no, if yes we will enable domain hashdir

# depend onsys_isp_mode = yes

SYS_DOMAIN_HASHDIR= yes

 

#sys_domain_hashdir_depth, the hash length and depth, format:

# length xdepth, eg: 2x1 => length =2, depth =1

# depend onsys_isp_mode = yes

SYS_DOMAIN_HASHDIR_DEPTH= 2x2

 

#sys_user_hashdir = yes|no, if yes we will enable user hashdir

# depend onsys_isp_mode = yes

SYS_USER_HASHDIR= yes

 

#sys_user_hashdir_depth, similar to sys_hashdir_domain_depth

SYS_USER_HASHDIR_DEPTH= 2x2

 

# XXX FIXME

#experimental feature, per domain tranport/routing capability

# sameconfig style as SYS_USER_ROUTING_LIST

#SYS_DOMAIN_ROUTING_LIST = lmtp:mx1.extmail.org,lmtp:mx2.extmail.org

 

# XXX FIXME

#experimental feature, per user routing capability

# pleasespecify routing info, concatenate with "," as multiple list

# members,eg: smtp:mx1.abc.com,smtp:mx2.abc.com

#SYS_USER_ROUTING_LIST = smtp:[192.168.2.130],smtp:[192.168.2.128]

 

#sys_min_uid, the minimal uid

SYS_MIN_UID= 500

 

#sys_min_gid, the minimal gid

SYS_MIN_GID= 100

 

#sys_default_uid, if not set, webman will ignore it

SYS_DEFAULT_UID= 1003   //vmail用户的UID

 

#sys_default_gid, if not set, webman will ignore it

SYS_DEFAULT_GID= 1003  // vmail组的GID

 

#sys_quota_multiplier, in bytes, default to 1 MB

SYS_QUOTA_MULTIPLIER= 1048576

 

#sys_quota_type, valid type: vda|courier

SYS_QUOTA_TYPE= courier

 

# maxquota,alias, users and netdisk quota for domain

SYS_DEFAULT_MAXQUOTA= 500

SYS_DEFAULT_MAXALIAS= 100

SYS_DEFAULT_MAXUSERS= 100

SYS_DEFAULT_MAXNDQUOTA= 500

 

# per userdefault quota, netdisk quota and expire

SYS_USER_DEFAULT_QUOTA= 5

SYS_USER_DEFAULT_NDQUOTA= 5

SYS_USER_DEFAULT_EXPIRE= 1y

 

#sys_backend_type mysql|ldap

SYS_BACKEND_TYPE= mysql

 

#sys_crypt_type: crypt|cleartext|plain|md5|md5crypt|plain-md5|ldap-md5|sha|sha1

SYS_CRYPT_TYPE= md5crypt

 

# if mysql,all relate paramters should prefix as SYS_MYSQL

SYS_MYSQL_USER= extmail   //数据库登录的用户名

SYS_MYSQL_PASS= 123456  //数据库登录的密码

SYS_MYSQL_DB= extmail  //数据库名

SYS_MYSQL_HOST= 10.0.0.20  //数据库服务器IP

SYS_MYSQL_SOCKET= /tmp/mysql.sock

# tablename

SYS_MYSQL_TABLE= manager

SYS_MYSQL_ATTR_USERNAME= username

SYS_MYSQL_ATTR_PASSWD= password

# commentit if you only want to save crypted password

# we highlyrecommend that you disable the following line :)

#SYS_MYSQL_ATTR_CLEARPW = clearpwd

 

# if ldap,all relate paramters should prefix as SYS_LDAP

SYS_LDAP_BASE= dc=extmail.org

SYS_LDAP_RDN= cn=Manager,dc=extmail.org

SYS_LDAP_PASS= secret

SYS_LDAP_HOST= localhost

# ldifattributes

SYS_LDAP_ATTR_USERNAME= mail

SYS_LDAP_ATTR_PASSWD= userPassword

# commentit if you only want to save crypted password

# we highlyrecommend that you disable the following line :)

#SYS_LDAP_ATTR_CLEARPW = clearPassword

 

#sys_rrd_datadir, the full path of rrd data

SYS_RRD_DATADIR= /var/lib

 

#sys_rrd_tmpdir, the temp dir for graph

SYS_RRD_TMPDIR= /tmp/viewlog

 

#sys_rrd_queue_on, yes|no, show queue or not

SYS_RRD_QUEUE_ON= yes

修改extmail创建表的mysql语句

#vim/data/web/extman/docs/extmail.sql

vi 替换命令:【1,$s/TYPE=MyISAM/TYPE=MyISAM DEFAULTCHARSET=utf8/g

这一行注意ENGINE=MyISAM COMMENT='ExtMail - VirtualDomains';

原来默认不是 ENGINE,改成这个才不报错的

初始化数据库:

添加用户后登录测试报错1:通过客户端无法链接数据库,是需要手动添加数据库extmail的用户名并设定密码,处理步骤1

mysql>create  user extmail identified by'123456';  //创建数据库的登录名

mysql>grant all privileges on extmail.* to extmail; //用户的权限分配

create  user extmail@localhost identified by'123456';

grant allprivileges on extmail.* to extmail'@'localhost;

报错2localhostauthdaemond: mysql_query failed, reconnecting: You have an error in your SQLsyntax; check the manual that corresponds to your MySQL server version for theright syntax to use near '/var/mailbox, maildir, "", name,"" FROM mailbox WHERE usern

处理2:字段格式错误,修改vim/usr/local/authlib/etc/authlib/authmysqlrc中把/var/mailbox加英文双引号

数据库用户名和密码extmail/123456

extman后台添加用户后 /var/mailbox里面没有产生该用户的目录,并且apache后台报错File does not exist:/usr/local/apache/htdocs/extman/plugins, referer:http://mail.example.com/extman/cgi/user.cgi

处理方法:chown -R vmail:vmail /var/mailbox即可

配置Apache

添加cgiphp支持:

    DirectoryIndex index.html index.phpindex.cgi index.htm index.html.var

    AllowOverride None

    Options None

    Order allow,deny

    Allow from all

 AddHandlercgi-script .cgi

AddType application/x-httpd-php .php

 AddType application/x-httpd-php-source .phps

 

虚拟机配置:

ServerNamewww.szgyzb.com

DocumentRoot/usr/local/apache/htdocs

ScriptAlias/extmail/cgi /usr/local/apache/htdocs/extmail/cgi

Alias/extmail /usr/local/apache/htdocs/extmail

#SuexecUserGroupvmail vmail

重启Apache生效

 

  1. 邮件管理后台图形日志服务测试(非必须,日后补充)

  2. 联调配置与测试

    #vim/etc/postfix/master.cf

    #

    # Postfix master process configurationfile.  For details on the format

    # of the file, see the master(5) manual page(command: "man 5 master").

    #

    # Do not forget to execute "postfixreload" after editing this file.

    #

    #==========================================================================

    # service type  private unpriv  chroot wakeup  maxproc command + args

    #               (yes)   (yes)  (yes)   (never) (100)

    # ==========================================================================

    smtp     inet  n       -       n       -       -      smtpd

     #dbmail-lmtp unix - - n - - lmtp -odisable_dns_lookups=yes                //注销此行

    #submission inet n       -      n       -       -      smtpd

    #  -osmtpd_tls_security_level=encrypt

    #  -osmtpd_sasl_auth_enable=yes

    #  -osmtpd_client_restrictions=permit_sasl_authenticated,reject

    #  -omilter_macro_daemon_name=ORIGINATING

    #smtps    inet  n       -      n       -       -      smtpd

    #  -osmtpd_tls_wrappermode=yes

    #  -osmtpd_sasl_auth_enable=yes

    #  -osmtpd_client_restrictions=permit_sasl_authenticated,reject

    #  -omilter_macro_daemon_name=ORIGINATING

    #628      inet  n       -      n       -       -      qmqpd

    pickup   fifo  n       -      n       60     1       pickup

    cleanup  unix  n       -      n       -       0      cleanup

    qmgr     fifo  n       -      n       300     1      qmgr

    #qmgr    fifo  n       -      n       300     1      oqmgr

    tlsmgr   unix  -       -      n       1000?  1       tlsmgr

    rewrite  unix  -       -      n       -       -      trivial-rewrite

    bounce   unix  -       -      n       -       0      bounce

    defer    unix  -       -      n       -       0      bounce

    trace    unix  -       -      n       -      0       bounce

    verify   unix  -       -      n       -       1      verify

    flush    unix  n       -      n       1000?   0      flush

    proxymap unix  -       -      n       -       -      proxymap

    proxywrite unix -       -      n       -       1      proxymap

    smtp     unix  -       -      n       -       -      smtp

    # When relaying mail as backup MX, disablefallback_relay to avoid MX loops

    relay    unix  -       -      n       -       -      smtp

       -osmtp_fallback_relay=

    #       -o smtp_helo_timeout=5 -osmtp_connect_timeout=5

    showq    unix  n       -      n       -       -      showq

    error    unix  -       -      n       -       -      error

    retry    unix  -       -      n       -       -      error

    discard  unix  -       -      n       -       -      discard

    local    unix  -       n      n       -       -      local

    virtual  unix  -       n      n       -       -      virtual

    lmtp     unix  -       -      n       -       -      lmtp

    anvil    unix  -       -      n       -       1      anvil

    scache   unix  -       -      n       -       1      scache

    #

    #====================================================================

    # Interfaces to non-Postfix software. Besure to examine the manual

    # pages of the non-Postfix software to findout what options it wants.

    #

    # Many of the following services use thePostfix pipe(8) delivery

    # agent. See the pipe(8) man page for information about ${recipient}

    # and other message envelope options.

    # ====================================================================

    #

    # maildrop. See the Postfix MAILDROP_READMEfile for details.

    # Also specify in main.cf:maildrop_destination_recipient_limit=1

    #

    maildrop unix  - n n - - pipe

     flags=DRhu user=vmail argv=/usr/local/bin/maildrop-d ${recipient}

    #

    #====================================================================

    #

    # Recent Cyrus versions can use the existing"lmtp" master.cf entry.

    #

    # Specify in cyrus.conf:

    #  lmtp    cmd="lmtpd -a"listen="localhost:lmtp" proto=tcp4

    #

    # Specify in main.cf one or more of thefollowing:

    # mailbox_transport = lmtp:inet:localhost

    # virtual_transport = lmtp:inet:localhost

    #

    #====================================================================

    #

    # Cyrus 2.1.5 (Amos Gouaux)

    # Also specify in main.cf:cyrus_destination_recipient_limit=1

    #

    #cyrus    unix  -       n      n       -       -      pipe

    # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension}${user}

    #

    # ====================================================================

    #

    # Old example of delivery via Cyrus.

    #

    #old-cyrus unix  -      n       n       -      -       pipe

    # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}

    #

    # ====================================================================

    #

    # See the Postfix UUCP_README file forconfiguration details.

    #

    #uucp     unix  -       n      n       -       -      pipe

    # flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail($recipient)

    #

    #====================================================================

    #

    # Other external delivery methods.

    #

    #ifmail   unix  -       n      n       -       -      pipe

    # flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)

    #

    #bsmtp    unix  -       n      n       -       -      pipe

    # flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop$recipient

    #

    #scalemail-backend unix -       n      n       -       2      pipe

    # flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store

    # ${nexthop} ${user} ${extension}

    #

    #mailman  unix  -       n      n       -       -      pipe

    # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py

    # ${nexthop} ${user}

#vim/etc/postfix/main.cf

myhostname= www.szgyzb.com    //服务器主机名

mydomain =szgyzb.com          //域名,即邮件@后面显示的部分

myorigin =$mydomain           //变量取值

inet_interfaces= all

mynetworks= 10.0.0.0/16,127.0.0.0/8  //设置网络,注意设置方式是IP段的方式

mydestination= $myhostname,localhost.$mydomain,localhost

smtpd_client_restrictions= check_client_access hash:/etc/postfix/access

alias_maps= $alias_database

alias_database= hash:/etc/aliases

mail_spool_directory= /var/spool/mail

default_recipient_refill_delay= 1s

#====================SASLESMTP Authenticat=================

smtpd_sasl_auth_enable= yes

smtpd_sasl_local_domain= $mydomain

smtpd_sasl_security_options= noanonymous

broken_sasl_auth_clients= yes

#========================Authwho to Internet Mail Begin==============

smtpd_restriction_classes= local_only   //邮件外发管控

 

local_only= check_recipient_access hash:/etc/postfix/local_domains,reject    //邮件外发管控

local_only1= check_sender_access hash:/etc/postfix/local_domains,reject     //邮件外发管控

#local_only1= check_sender_access hash:/etc/postfix/local_domains,reject     //邮件外发管控

 

#========================Authwho to Internet Mail End================

smtpd_recipient_restrictions=  check_sender_accesshash:/etc/postfix/local_senders, permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination

smtpd_sasl_application_name= smtpd

smtpd_banner= $myhostname ESMTP Jobkoo mail system (version:1.0)

#=====================VritualMailbox settings=========================

virtual_mailbox_base= /var/mailbox/

virtual_mailbox_maps= mysql:/etc/postfix/mysql/mysql_virtual_mailbox_maps.cf

virtual_mailbox_domains= mysql:/etc/postfix/mysql/mysql_virtual_domains_maps.cf

#virtual_mailbox_domains= $mydomain

virtual_alias_domains=

virtual_alias_maps= mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf

virtual_uid_maps= static:1003    //vmail用户的UID

virtual_gid_maps= static:1003    //vmail用户的GID

virtual_transport= maildrop

maildrop_destination_recipient_limit= 1

maildrop_destination_concurrency_limit= 1

#====================QUOTA============================================

message_size_limit= 20000000

mailbox_size_limit= 409600000

virtual_mailbox_limit= 20000000

virtual_create_maildirsize= yes

virtual_mailbox_extended= yes

virtual_mailbox_limit_maps= mysql:/etc/postfix/mysql/mysql_virtual_mailbox_limit_maps.cf

virtual_mailbox_limit_override= yes

virtual_maildir_limit_message= Sorry, the user's maildir has overdrawn his diskspace

 quota, please try again later.

virtual_overquota_bounce= yes

smtp_host_lookup= dns, native

 启动postfix

#postfixstart

#tail –f//var/log/maillog

 

  1. 联调配置与测试

 

 [root@www conf]#/usr/local/authlib/sbin/authtest -s login [email protected] 123456

Authenticationsucceeded.

 

     Authenticated: [email protected]  (uid 1003, gid 1003)

    Home Directory: /var/mailbox

           Maildir: szgyzb.com/cjin/Maildir/

             Quota: (none)

EncryptedPassword: $1$jG9ds5IO$GGA8Fw2fL3V.4dEi0Zfe9.

CleartextPassword: 123456

           Options: (none)

说明:这样表明ExtMan的正确安装,数据库也正确导入,courier-authlib能正确连接到mysql数据库。

 

  1. STMP认证测试

    首先通过perl获取虚拟帐号和密码的base64编码,方式如下:

    [root@www ~]# perl -e 'use MIME::Base64;print encode_base64("cjin\@szgyzb.com")'

    Y2ppbkBzemd5emIuY29tLmNvbQ==

    [root@www ~]# perl -e 'use MIME::Base64;print encode_base64("123456")'

    MTIzNDU2

    [root@www ~]# telnet 10.0.0.20 25

    [root@www ~]# telnet 10.0.0.20 25    //以下红色手动输入

Trying10.0.0.20...

Connectedto 10.0.0.20.

Escapecharacter is '^]'.

220www.szgyzb.com ESMTP Jobkoo mail system (version:1.0)

ehlo www.szgyzb.com  

250-www.szgyzb.com

250-PIPELINING

250-SIZE20000000

250-VRFY

250-ETRN

250-AUTHLOGIN PLAIN

250-AUTH=LOGINPLAIN

250-ENHANCEDSTATUSCODES

250-8BITMIME

250DSN

authlogin

334VXNlcm5hbWU6

Y2ppbkBzemd5emIuY29t

334UGFzc3dvcmQ6

MTIzNDU2

#2352.0.0

Authentication successful   //表明SMTP认证测试成功

quit

2212.0.0 Bye

命令测试可以收发邮件但是 页面收件箱为空 vim /usr/local/apache/htdocs/extmail/webmail.cf  的配置有问题,SYS_MAILDIR_BASE的值由默认的 /home/domains改为实际的 /var/mailbox

  1. POP认证测试

[root@www~]# telnet 10.0.0.20 110

Trying10.0.0.20...

Connectedto 10.0.0.20.

Escapecharacter is '^]'.

+OKHello there.

[email protected]

+OKPassword required.

pass123456

+OKlogged in.

quit

+OKBye-bye.

 

  1. 命令行和WebMail(Extmail)或者客户端(Foxmail)的方式发信测试

 

[root@www~]# mail -s test [email protected]

testtest

EOT

说明:test作为邮件主题,手动输入的testtest作为邮件内容,输入完成敲回车后ctrl+d结束并发送邮件给[email protected]

http://www.szgyzb.com/extman([email protected]/123456)进入邮件后台,可添加用户上面测试用的,上述[email protected]帐号 就是在这里加的

访问http://www.szgyzb.com/extmanil [email protected]帐号登录即可看到刚才命令发信的信息,在后台再添加一个帐号 Web端做收发测试即可

也可以用Foxmail客户端建立帐号做邮件的收发工作

  1. 邮件外发管控

    #cd  /etc/postfix

    #touch local_domains

    #touch local_senders

    vim /etc/postfix/main.cf

配置:

smtpd_restriction_classes = local_only

local_only = check_recipient_accesshash:/etc/postfix/local_domains,reject

local_only1 = check_sender_accesshash:/etc/postfix/local_domains,reject

smtpd_recipient_restrictions参数加上下面

check_sender_access hash:/etc/postfix/local_senders

/etc/postifx/local_out_senders加入要禁止外发邮件的邮件帐号地址

/etc/postfix/local_domains配置

szgyzb.com ok

10.0.0.20 ok

#postmaphash:/etc/postfix/local_in_domains

#postmaphash:/etc/postfix/local_in_senders

#postfix reload //重载postfix配置

至此基于Postfix的邮件服务器搭建基本完成,当邮件需要收发外网的邮件时为了保证邮件的安全性和实现对外网垃圾邮件的拦截,建议安装杀毒软件及垃圾邮件扫描工具

 

 

邮件问题处理总结:

问题1extman管理后台无法登录

进入extman目录下面的tools利用密码找回工具 重置密码

./adminctl.pl --mode=mod--managername="[email protected]" --password="123456"

问题2:不小心执行了chmod –R 777 /var导致/var及子目录、文件权限全部变化,结果是导致postfix无法开启,查看日志后台报错发现:Dec 12 10:00:07 localhostpostfix/master[31815]: fatal: open lock file /var/lib/postfix/master.lock:cannot open file: Permission denied查了一整天,最后终于发现问题在于 /var的权限问题,linux在权限的操作上要十分谨慎小心,一定要在系统定型以后做一个备份

[root@localhost lib]# ls -ld /var

drwx------. 22 root root 4096 Dec 10 15:53 /var

应该改为如下:[root@localhostlib]# chmod 755 /var

[root@localhost lib]# ls -ld /var

drwxr-xr-x. 22 root root 4096 Dec 10 15:53 /var

问题3:进入extman管理后台新增邮件用户帐号后 /var/mailbox下面不会生成帐号信息目录

用帐号登录邮箱时候报错Can't chdir to /var/mailbox/szgyzb.com/chao.jin/Maildir/, Permissiondenied

问题4[root@www szgyzb.com]# /usr/local/authlib/sbin/authtest -s [email protected] 123456

Authentication FAILED: Input/output error

查看/var/log/maillog报错authdaemond: failed to connect to mysql server (server=www.gyzb.com,userid=extmail): Can't connect to MySQL server on 'www.gyzb.com' (110)

解决:vim /usr/local/authlib/etc/authlib/authmysqlrc

MYSQL_SERVER www.gyzb.com  ==è改成10.0.0.20

 

问题5[root@www szgyzb.com]#/usr/local/authlib/sbin/authtest -s login [email protected] 123456

Authentication FAILED: Operation not permitted

查看/var/log/maillog报错

Dec 17 14:06:01 www authdaemond: SQL query: SELECT username,password, "", '1003', '1003', "/var/mailbox", maildir,"", name, "" FROM mailbox WHERE username ='[email protected]'  AND (active='1')

Dec 17 14:06:01 www authdaemond: zero rows returned

Dec 17 14:06:01 www authdaemond: authmysql: REJECT - trynext module

Dec 17 14:06:01 www authdaemond: FAIL, all modules rejected

解决:将sql copymysql客户端中查询发现查不到数据,去掉AND(active='1')

发现就可以查到,说明在创建cjin用户的时候,没有勾选激活,所以删除这个用户,重新创建勾选激活

再测试成功

 

你可能感兴趣的:(系统运维)