centos 5.6下部署postfix

POSTFIX

需求:使用postfix、cyrus-sasl、courier-authlib、dovecot、mysql、openssl、bind、apache、mailscanner、spamassassin、f-prot构建电子邮件系统

一.构建DNS服务器,用于解析MX记录

1. 安装BIND、BIND-CHROOT、CACHING-NAMESERVER

yum -y install bind-9.3.6-16.P1.el5.i386.rpm

yum -y install bind-chroot-9.3.6-16.P1.el5.i386.rpm

yum -y install caching-nameserver-9.3.6-16.P1.el5.i386.rpm

2. 配置BIND

2.1配置BIND服务的主配置文件named.conf

cd /var/named/chroot/etc

cp -p named.caching-nameserver.conf named.conf

vim named.conf //修改如下配置

options {

listen-on port 53 { 172.16.1.1; };

allow-query { any; };

allow-query-cache { any; };

};

view extmail.org_resolver {

match-clients { any; };

match-destinations { any; };

include "/etc/named.zones";

};

2.2配置区域主配置文件named.zones

cp -p named.rfc1912.zones named.zones

vim named.zones //删除原有内容,输入如下

zone "extmail.org" IN {

type master;

file "extmail.org.zone";

allow-update {none;};

};

zone "1.16.172.in-addr.arpa" IN {

type master;

file "1.16.172.local";

allow-update {none;};

};

2.3建立并修改区域解析配置文件extmail.org.zone和1.16.172.local

cd /var/named/chroot/var/named/

cp -p named.zero extmail.org.zone

cp -p named.local 1.16.172.local

vim extmail.org.zone

$TTL 86400

@ IN SOA centos.extmail.org. root.extmail.org. (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS centos.extmail.org.

centos IN A 172.16.1.1

pop3 IN CNAME centos.extmail.org.

smtp IN CNAME centos.extmail.org.

mail IN CNAME centos.extmail.org.

@ IN MX 1 centos.extmail.org.

vim 1.16.172.local

$TTL 86400

@ IN SOA centos.extmail.org. root.extmail.org. (

1997022700 ; Serial

28800 ; Refresh

14400 ; Retry

3600000 ; Expire

86400 ) ; Minimum

IN NS centos.extmail.org.

1 IN PTR centos.extmail.org.

2.4配置BIND系统自动加载

chkconfig --level 3 named on

2.5配置服务器DNS IP地址,HOSTS解析文件

vim /etc/hosts

127.0.0.1 centos localhost.localdomain localhost

::1 localhost6.localdomain6 localhost6

172.16.1.1 centos.extmail.org

vim /etc/resolv.conf

nameserver 172.16.1.1

2.6重启network服务和named服务

service network restart

service named restart

二.安装OPENSSL、CYRUS-SASL、MYSQL

mkdir /mnt/cdrom

mount /dev/cdrom /mnt/cdrom

cd /mnt/cdrom/Centos

yum -y install openssl-*

yum -y install cyrus-sasl-*

yum -y install mysql-*

三.安装POSTFIX

1. 解压postfix源码、VDA-NG(虚拟用户邮箱配额)补丁

tar zxf postfix-2.4.6.tar.gz -C ~

gunzip postfix-2.4.6-vda-ng.patch.gz

2. 合并VDA-NG补丁至postfix源码

cd postfix-2.4.6

patch -p1 < ../postfix-2.4.6-vda-ng.patch

3. 编译安装POSTFIX源码

yum -y install db4-*

yum -y install gcc-*

groupadd -g 1000 postfix

groupadd -g 1200 postdrop

useradd -M -s /sbin/nologin �Cu 1000 -g postfix -G postdrop postfix

cd postfix-2.4.6

make makefiles 'CCARGS=-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DHAS_MYSQL -I/usr/include/mysql -DUSE_TLS -I/usr/include/openssl' 'AUXLIBS=-L/usr/lib/sasl2 -lsasl2 -L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib/openssl/engines -lssl -lcrypto'

make && make install

四.配置MYSQL

1.修改MYSQL管理密码

service mysqld restart

mysqladmin -u root password 123qwe!

2. 解压EXTMAN管理组件

tar zxf extman-0.2.5.tar.gz -C ~

3. 调用extmail.sql和init.sql初始化mysql数据库

cd /root/extman-0.2.5/docs

mysql -u root -p < extmail.sql

mysql -u root -p < init.sql

五.配置Courier-Authlib发信认证库

1. 解压Courier-Authlib

tar jxf courier-authlib-0.60.2.tar.bz2 -C ~

2. 编译安装Courier-Authlib

cd /root/courier-authlib-0.60.2

./configure --prefix=/usr/local/courier-authlib --without-stdheaderdir --with-authmysql --with-mysql-libs=/usr/lib/mysql --with-mysql-includes=/usr/include/mysql

make && make install && make install-configure

3. 配置Courier-Authlib

cd /usr/local/courier-authlib/etc/authlib

vim authdaemonrc

authmodulelist="authmysql"

authmodulelistorig="authmysql"

vim authmysqlrc

MYSQL_SERVER localhost

MYSQL_USERNAME extmail

MYSQL_PASSWORD extmail

MYSQL_SOCKET /var/lib/mysql/mysql.sock

MYSQL_PORT 3306

MYSQL_DATABASE extmail

MYSQL_USER_TABLE mailbox

MYSQL_CRYPT_PWFIELD password

DEFAULT_DOMAIN extmail.org

MYSQL_UID_FIELD uidnumber

MYSQL_GID_FIELD gidnumber

MYSQL_LOGIN_FIELD username

MYSQL_HOME_FIELD concat('/mailbox/',homedir)

MYSQL_NAME_FIELD name

MYSQL_MAILDIR_FIELD concat('/mailbox/',maildir)

cp /root/courier-authlib-0.60.2/courier-authlib.sysvinit /etc/init.d/courier-authlib

chmod 755 /etc/init.d/courier-authlib

service courier-authlib restart

cd /usr/lib/sasl2/

cp Sendmail.conf smtpd.conf

vim smtpd.conf

pwcheck_method:authdaemond

authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket

mech_list:plain

service saslauthd restart

六.配置DOVECOT

1.安装pam-devel模块

yum -y install pam-devel-*

2.建立dovecot账户

useradd -M -s /sbin/nologin dovecot

3.解压dovecot源码

tar zxf dovecot-1.1.4.tar.gz -C ~

4. 配置安装dovecot

cd /root/dovecot-1.1.4

./configure --sysconfdir=/etc --with-mysql

make && make install

cd /etc

cp dovecot-example.conf dovecot.conf

cp dovecot-sql-example.conf dovecot-sql.conf

vim dovecot.conf

protocols = pop3 imap

disable_plaintext_auth = no

ssl_disable = yes

mail_location = maildir:/mailbox/%d/%n/Maildir

# passdb pam { //注销

#}//注销

passdb sql {

args =/etc/dovecot-sql.conf

}

# userdb passwd {//注销

#}//注销

userdb sql {

args =/etc/dovecot-sql.conf

}

vim dovecot-sql.conf

driver = mysql

connect = host=localhost dbname=extmail user=extmail password=extmail

default_pass_scheme = CRYPT

password_query=select username as user,password as password from mailbox where username='%u' and active=1

user_query=select uidnumber as uid, gidnumber as gid, concat(‘/mailbox/’,homedir) as home from mailbox where username='%u'

pkill -9 dovecot

dovecot

七.配置POSTFIX

1. 修改POSTFIX服务配置文件main.cf

cd /etc/postfix

vim main.cf

soft_bounce = yes

myhostname=centos.extmail.org

mydomain=extmail.org

myorigin=$mydomain

inet_interfaces=127.0.0.1, 172.16.1.1

mynetworks_style = subnet

mynetworks = 172.16.1.0/24, 127.0.0.0/8

#mydestination= //注释掉本地用户的收件人查询

mail_spool_directory = /var/spool/mail

smtpd_error_sleep_time=60s

smtpd_soft_error_limit=5

smtpd_hard_error_limit=10

queue_run_delay=120s

maximal_queue_lifetime=3600s

bounce_size_limit=5120000

smtpd_sasl_auth_enable=yes

smtpd_sasl_authenticated_header=yes

smtpd_sasl_local_domain=$mydomain

smtpd_sasl_path=smtpd

smtpd_sasl_security_options=noanonymous

smtpd_recipient_restrictions=permit_mynetworks,reject_unauth_destination,permit_sasl_authenticated

virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf

virtual_gid_maps = static:1000

virtual_mailbox_base = /mailbox

virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf

virtual_mailbox_limit = 512000000

virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf

virtual_uid_maps = static:1000

cp /root/extman-0.2.5/docs/mysql_virtual_* /etc/postfix/

service sendmail stop

chkconfig --level 123456 sendmail off

postfix start

mkdir -p /mailbox/extmail.org/postmaster/Maildir

chown -R postfix:postfix /mailbox

八.安装EXTMAIL

1. 安装APACHE

yum -y install httpd-*

2. 解压EXTMAIL

tar zxf extmail-1.0.5.tar.gz -C /var/www/html/

cd /var/www/html

mv extmail-1.0.5 extmail

3. 配置EXTMAIL

Cd /var/www/html/extmail

cp webmail.cf.default webmail.cf

vim webmail.cf

SYS_CONFIG = /var/www/html/extmail/

SYS_LANGDIR = /var/www/html/extmail/lang

SYS_TEMPLDIR = /var/www/html/extmail/html

SYS_MAILDIR_BASE = /mailbox

SYS_CRYPT_TYPE = crypt

SYS_MYSQL_USER = extmail

SYS_MYSQL_PASS = extmail

SYS_MYSQL_DB = extmail

SYS_MYSQL_HOST = localhost

SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock

SYS_MYSQL_TABLE = mailbox

SYS_MYSQL_ATTR_USERNAME = username

SYS_MYSQL_ATTR_DOMAIN = domain

SYS_MYSQL_ATTR_PASSWD = password

SYS_MYSQL_ATTR_CLEARPW = clearpwd

SYS_MYSQL_ATTR_QUOTA = quota

SYS_MYSQL_ATTR_NDQUOTA = netdiskquota

SYS_MYSQL_ATTR_HOME = homedir

SYS_MYSQL_ATTR_MAILDIR = maildir

SYS_MYSQL_ATTR_DISABLEWEBMAIL = disablewebmail

SYS_MYSQL_ATTR_DISABLENETDISK = disablenetdisk

SYS_MYSQL_ATTR_DISABLEPWDCHANGE = disablepwdchange

SYS_MYSQL_ATTR_ACTIVE = active

SYS_MYSQL_ATTR_PWD_QUESTION = question

SYS_MYSQL_ATTR_PWD_ANSWER = answer

tar zxf Unix-Syslog-1.1.tar.gz -C ~

cd /root/Unix-Syslog-1.1

perl Makefile.PL

make

make install

vim /etc/httpd/conf/httpd.conf

ServerName centos.extmail.org:80

<VirtualHost 172.16.1.1:80>

ServerAdmin [email protected]

DocumentRoot /var/www/html/extmail/html

ServerName mail.extmail.org

ErrorLog logs/extmail.org-error_log

CustomLog logs/extmail.org-access_log common

DirectoryIndex index.html

ScriptAlias /extmail/cgi/ /var/www/html/extmail/cgi/

Alias /extmail /var/www/html/extmail/html

SuexecUserGroup postfix postfix

</VirtualHost>

service httpd restart

九.安装EXTMAN

1. 先安装rrdtool-perl

yum -y install rrdtool-perl-1.2.23-3.el5.i386.rpm

2. 安装rrdtool

yum -y install rrdtool-1.2.23-3.el5.i386.rpm

3. 安装File-Tail

tar zxf File-Tail-0.99.3.tar.gz -C ~

cd /root/File-Tail-0.99.3

perl Makefile.PL

make

make install

4.安装GD

tar zxf GD-2.41.tar.gz -C ~

tar zxf gd-2.0.28.tar.gz -C ~

yum -y install libpng-*

yum -y install libjpeg-*

yum -y install freetype-*

cd /root/gd-2.0.28

./configure

make && make install

cd /root/GD-2.41

perl Makefile.PL

make && make install

5.解压并配置EXTMAN

tar zxf extman-0.2.5.tar.gz -C /var/www/html/

cd /var/www/html/

mv extman-0.2.5 extman

cd extman

vim webman.cf

SYS_CONFIG = /var/www/html/extman/

SYS_LANGDIR = /var/www/html/extman/lang

SYS_TEMPLDIR = /var/www/html/extman/html

SYS_MAILDIR_BASE = /mailbox

SYS_CAPTCHA_ON=0

SYS_CRYPT_TYPE = crypt

SYS_MYSQL_USER = webman

SYS_MYSQL_PASS = webman

SYS_MYSQL_DB = extmail

SYS_MYSQL_HOST = localhost

SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock

SYS_MYSQL_TABLE = manager

SYS_MYSQL_ATTR_USERNAME = username

SYS_MYSQL_ATTR_PASSWD = password

mkdir -p /tmp/extman

chown -R postfix:postfix /tmp/extman

vim /etc/httpd/conf/httpd.conf

<VirtualHost 172.16.1.1:80>

ServerAdmin [email protected]

DocumentRoot /var/www/html/extmail/html

ServerName mail.extmail.org

ErrorLog logs/extmail.org-error_log

CustomLog logs/extmail.org-access_log common

DirectoryIndex index.html

ScriptAlias /extmail/cgi/ /var/www/html/extmail/cgi/

Alias /extmail /var/www/html/extmail/html

ScriptAlias /extman/cgi/ /var/www/html/extman/cgi/

Alias /extman /var/www/html/extman/html

SuexecUserGroup postfix postfix

</VirtualHost>

cd /var/www/html/extman/addon/mailgraph_ext

mkdir -p /usr/local/mailgraph_ext

cp mailgraph* /usr/local/mailgraph_ext/

cp qmonitor* /usr/local/mailgraph_ext/

cp queue_* /usr/local/mailgraph_ext/

cd /usr/local/mailgraph_ext/

./mailgraph-init start

./qmonitor-init start

service httpd restart

十.启用TLS

1.生成CA证书和密码文件

cd /etc/pki/tls/certs

openssl req -new -x509 -nodes -keyout ca.key -out ca.crt

writing new private key to 'ca.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [GB]:cn

State or Province Name (full name) [Berkshire]:hubei

Locality Name (eg, city) [Newbury]:wuhan

Organization Name (eg, company) [My Company Ltd]:bdqn

Organizational Unit Name (eg, section) []:benet

Common Name (eg, your name or your server's hostname) []:centos.extmail.org

Email Address []:

2. 生成SMTPS私钥

openssl genrsa -out smtps.key 512

3. 使用SMTPS私钥生成证书请求

openssl req -new -key smtps.key -out smtps.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [GB]:cn

State or Province Name (full name) [Berkshire]:hubei

Locality Name (eg, city) [Newbury]:wuhan

Organization Name (eg, company) [My Company Ltd]:bdqn

Organizational Unit Name (eg, section) []:benet

Common Name (eg, your name or your server's hostname) []:centos.extmail.org

Email Address []:

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

4.使用CA私钥和CA证书对SMTPS证书请求进行证书颁发和签名

cp /etc/pki/tls/certs/ca.key /etc/pki/CA/private/cakey.pem

mkdir -p /etc/pki/CA/newcerts

touch /etc/pki/CA/index.txt

touch /etc/pki/CA/serial

echo 01 > /etc/pki/CA/serial

openssl ca -key ca.key -cert ca.crt -in smtps.csr -out smtps.crt

Using configuration from /etc/pki/tls/openssl.cnf

Check that the request matches the signature

Signature ok

Certificate Details:

Serial Number: 1 (0x1)

Validity

Not Before: Sep 22 09:19:04 2011 GMT

Not After : Sep 21 09:19:04 2012 GMT

Subject:

countryName = cn

stateOrProvinceName = hubei

organizationName = bdqn

organizationalUnitName = benet

commonName = centos.extmail.org

X509v3 extensions:

X509v3 Basic Constraints:

CA:FALSE

Netscape Comment:

OpenSSL Generated Certificate

X509v3 Subject Key Identifier:

4D:72:CD:1B:37:C1:E0:0C:49:90:3B:4F:8C:FA:2C:7B:8A:82:80:C5

X509v3 Authority Key Identifier:

keyid:9E:FD:B3:58:D2:01:AA:7D:B1:07:99:33:87:63:27:EB:E2:06:22:D9

Certificate is to be certified until Sep 21 09:19:04 2012 GMT (365 days)

Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

5.配置TLS

mkdir /etc/postfix/.certs

cp /etc/pki/tls/certs/ca.key /etc/postfix/.certs/

cp /etc/pki/tls/certs/ca.crt /etc/postfix/.certs/

cp /etc/pki/tls/certs/smtps.crt /etc/postfix/.certs/

cp /etc/pki/tls/certs/smtps.key /etc/postfix/.certs/

vim /etc/postfix/main.cf

smtpd_tls_CAfile=/etc/postfix/.certs/ca.crt

smtpd_tls_CApath=/etc/postfix/.certs

smtpd_tls_auth_only=yes

smtpd_tls_cert_file=/etc/postfix/.certs/smtps.crt

smtpd_tls_key_file=/etc/postfix/.certs/smtps.key

smtpd_tls_loglevel=0

smtpd_tls_received_header=yes

smtpd_use_tls=yes

cd /etc/pki/tls/certs

make dovecot.pem

Country Name (2 letter code) [GB]:cn

State or Province Name (full name) [Berkshire]:hubei

Locality Name (eg, city) [Newbury]:wuhan

Organization Name (eg, company) [My Company Ltd]:bdqn

Organizational Unit Name (eg, section) []:benet

Common Name (eg, your name or your server's hostname) []:centos.extmail.org

Email Address []:

cp /etc/pki/tls/certs/dovecot.pem /etc/postfix/.certs/

vim /etc/dovecot.conf

protocols = pop3s pop3 imap

ssl_disable = no

ssl_cert_file = /etc/postfix/.certs/dovecot.pem

ssl_key_file = /etc/postfix/.certs/dovecot.pem

pkill -9 dovecot

dovecot

6.配置客户端

clip_image002

十一.配置防垃圾邮件系统

1.安装spamassassin

yum -y install spamassassin-3.2.5-1.el5.i386.rpm

2.安装MailScanner

tar zxf MailScanner-4.83.5-1.rpm.tar.gz -C ~

cd /root/MailScanner-4.83.5-1

yum -y install rpm-build

./install.sh

3.安装F-prot

tar zxf fp-Linux-i686-ws.tar.gz -C /opt/

cd /opt/f-prot/

perl install-f-prot.pl

4. 配置MailScanner

vim /etc/MailScanner/MailScanner.conf

%org-name% = extmail

%org-long-name% = extmail.org

%web-site% = centos.extmail.org

Run As User =postfix

Run As Group =postfix

Incoming Queue Dir = /var/spool/postfix/hold

Outgoing Queue Dir = /var/spool/postfix/incoming

MTA = postfix

chown -R postfix:postfix /var/spool/MailScanner

chmod 755 /var/spool/MailScanner/incoming/Processing.db

chmod 755 /var/spool/MailScanner/incoming/SpamAssassin.cache.db

vim /etc/postfix/main.cf

header_checks = regexp:/etc/postfix/header_checks

echo > /etc/postfix/header_checks

vim /etc/postfix/header_checks

/^Received:/ HOLD

postmap /etc/postfix/header_checks

postfix stop

postfix start

service saslauthd restart

service courier-authlib restart

service MailScanner restart

pkill -9 dovecot

dovecot

service spamassassin restart

service named restart

service mysqld restart

service httpd restart

chkconfig --level 3 saslauthd on

chkconfig --level 3 courier-authlib on

chkconfig --level 3 MailScanner on

chkconfig --level 3 named on

chkconfig --level 3 mysqld on

chkconfig --level 3 spamassassin on

chkconfig --level 3 httpd on

vim /etc/rc.d/rc.local

/usr/local/mailgraph_ext/mailgraph-init start

/usr/local/mailgraph_ext/qmonitor-init start

/usr/local/sbin/dovecot

/usr/sbin/postfix start

十二.测试客户端

1. 测试extmail

clip_image004

2. 测试extman

clip_image006

clip_image008

3. 测试outlook

clip_image010

你可能感兴趣的:(mysql,服务器,border,邮件系统,电子)