四 Courier Authlib
最好先安装courier-authlib。为什么呢?因为后面配置 SASL验证smtp时需要authlib的socket路径。
1.安装
# ./configure \
--prefix=/usr/local/authlib --with-redhat --with-authmysql=yes --with-mailuser=zhousong \
--with-mailgroup=zhousong --with-mysql-libs=/usr/local/mysql/lib/mysql \
--with-mysql-includes=/usr/local/mysql/include/mysql --without-stdheaderdir
注:--without-stdheaderdir该选项必须加否则maildrop –v出错。
# make
# make install
# make install-configure
2.配置
(1)#vim /usr/local/authlib/etc/authlib/authdaemonrc
修改成:
authdaemonvar=/usr/local/authlib/var/spool/authdaemon
# chmod 755 /usr/local/authlib/var/spool/authdaemon
注:如果该目录权限不正确修改,maildrop及postfix等将无法正确获取用户的信息及密码认证
(2)#ln -s /usr/local/authlib/bin/courierauthconfig /usr/bin/courierauthconfig
(3)#vim /usr/local/authlib/etc/authlib/authdaemonrc
修改成:
authmodulelist="authmysql"
authmodulelistorig="authmysql"
DEBUG_LOGIN=2
(4)vim /usr/local/authlib/etc/authlib/authmysqlrc
按要求修改成:
MYSQL_SERVER localhost
MYSQL_USERNAME extmail
MYSQL_PASSWORD extmail
MYSQL_SOCKET /tmp/mysql.sock
MYSQL_PORT 3306
MYSQL_OPT 0
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD uidnumber
MYSQL_GID_FIELD gidnumber
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD homedir
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD maildir
MYSQL_QUOTA_FIELD quota
MYSQL_SELECT_CLAUSE SELECT username,password,"",uidnumber,gidnumber,\
CONCAT('/home/domains/',homedir), \
CONCAT('/home/domains/',maildir), \
quota, \
name \
FROM mailbox \
WHERE username = '$(local_part)@$(domain)'
(5)配置启动
#cp courier-authlib.sysvinit /etc/init.d/courier-authlib
#chmod 755 /etc/init.d/courier-authlib
#chkconfig --add courier-authlib
3. 测试
五 Cyrus SASL
1. 安装
# ./configure --prefix=/usr/local/cyrus-sasl
--disable-anon --enable-plain --enable-login \
--enable-sql --with-mysql=/usr/local/mysql \
--with-mysql-includes=/usr/local/mysql/include/mysql \
--with-mysql-libs=/usr/local/mysql/lib/mysql \
--with-authdaemond
#make
#make install
2. 配置
(1) ln -s /usr/local/cyrus-sasl/lib/sasl2 /usr/lib/sasl2
(2) #vim /etc/ld.so.conf
添加如下内容:
/usr/local/cyrus-sasl/lib
#ldconfig
(3) 创建文件/usr/local/cyrus-sasl/lib/sasl2/smtpd.conf,并加入如下内容:
pwcheck_method: authdaemond
mech_list: PLAIN LOGIN
log_level: 3
authdaemond_path: /usr/local/authlib/var/spool/authdaemon/socket
六 Postfix
1. 安装
#useradd postfix
# useradd postdrop
# make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include/mysql -DUSE_CYRUS_SASL -DUSE_SASL_AUTH -I/usr/local/cyrus-sasl/include/sasl' 'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient -lz -lm -L/usr/local/cyrus-sasl/lib -lsasl2'
#make install一路回车即可
2. 配置
(1)
# postconf -n > /etc/postfix/main2.cf
# mv /etc/postfix/main.cf /etc/postfix/main.cf.old
# mv /etc/postfix/main2.cf /etc/postfix/main.cf
#vim /etc/postfix/main.cf
增加如下内容:
# hostname
mynetworks = 127.0.0.1
myhostname = mail.zhousonglinux.com
mydestination = $mynetworks $myhostname
# banner
mail_name = Postfix - by zhousonglinux.com
smtpd_banner = $myhostname ESMTP $mail_name
# response immediately
smtpd_error_sleep_time = 0s
# Message and return code control
message_size_limit = 5242880
mailbox_size_limit = 5242880
show_user_unknown_table_name = no
# Queue lifetime control
bounce_queue_lifetime = 1d
maximal_queue_lifetime = 1d
(2)配置SASL验证
#vim /etc/postfix/main.cf
# smtpd related config
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
# SMTP sender login matching config
smtpd_sender_restrictions =
permit_mynetworks,
reject_sender_login_mismatch,
reject_authenticated_sender_login_mismatch,
reject_unauthenticated_sender_login_mismatch
smtpd_sender_login_maps =
mysql:/etc/postfix/mysql_virtual_sender_maps.cf,
mysql:/etc/postfix/mysql_virtual_alias_maps.cf
# SMTP AUTH config here
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
本文出自 “周天琪” 博客,谢绝转载!