POSTFIX
需求:使用postfix、cyrus-sasl、courier-authlib、dovecot、mysql、openssl、bind、apache、mailscanner、spamassassin、f-prot构建电子邮件系统
一.构建DNS服务器,用于解析MX记录
1. 安装BIND、BIND-CHROOT、CACHING-NAMESERVER
yum -y install bind-9.3.6-16.P1.el5.i386.rpm yum -y install bind-chroot-9.3.6-16.P1.el5.i386.rpm yum -y install caching-nameserver-9.3.6-16.P1.el5.i386.rpm |
2. 配置BIND
2.1配置BIND服务的主配置文件named.conf
cd /var/named/chroot/etc cp -p named.caching-nameserver.conf named.conf vim named.conf //修改如下配置 |
options { listen-on port 53 { 172.16.1.1; }; allow-query { any; }; allow-query-cache { any; }; }; view extmail.org_resolver { match-clients { any; }; match-destinations { any; }; include "/etc/named.zones"; }; |
2.2配置区域主配置文件named.zones
cp -p named.rfc1912.zones named.zones vim named.zones //删除原有内容,输入如下 |
zone "extmail.org" IN { type master; file "extmail.org.zone"; allow-update {none;}; }; zone "1.16.172.in-addr.arpa" IN { type master; file "1.16.172.local"; allow-update {none;}; }; |
2.3建立并修改区域解析配置文件extmail.org.zone和1.16.172.local
cd /var/named/chroot/var/named/ cp -p named.zero extmail.org.zone cp -p named.local 1.16.172.local vim extmail.org.zone |
$TTL 86400 @ IN SOA centos.extmail.org. root.extmail.org. ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS centos.extmail.org. centos IN A 172.16.1.1 pop3 IN CNAME centos.extmail.org. smtp IN CNAME centos.extmail.org. mail IN CNAME centos.extmail.org. @ IN MX 1 centos.extmail.org. |
vim 1.16.172.local |
$TTL 86400 @ IN SOA centos.extmail.org. root.extmail.org. ( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS centos.extmail.org. 1 IN PTR centos.extmail.org. |
2.4配置BIND系统自动加载
chkconfig --level 3 named on |
2.5配置服务器DNS IP地址,HOSTS解析文件
vim /etc/hosts |
127.0.0.1 centos localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 172.16.1.1 centos.extmail.org |
vim /etc/resolv.conf |
nameserver 172.16.1.1 |
2.6重启network服务和named服务
service network restart service named restart |
二.安装OPENSSL、CYRUS-SASL、MYSQL
mkdir /mnt/cdrom mount /dev/cdrom /mnt/cdrom cd /mnt/cdrom/Centos yum -y install openssl-* yum -y install cyrus-sasl-* yum -y install mysql-* |
三.安装POSTFIX
1. 解压postfix源码、VDA-NG(虚拟用户邮箱配额)补丁
tar zxf postfix-2.4.6.tar.gz -C ~ gunzip postfix-2.4.6-vda-ng.patch.gz |
2. 合并VDA-NG补丁至postfix源码
cd postfix-2.4.6 patch -p1 < ../postfix-2.4.6-vda-ng.patch |
3. 编译安装POSTFIX源码
yum -y install db4-* yum -y install gcc-* groupadd -g 1000 postfix groupadd -g 1200 postdrop useradd -M -s /sbin/nologin �Cu 1000 -g postfix -G postdrop postfix cd postfix-2.4.6 make makefiles 'CCARGS=-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DHAS_MYSQL -I/usr/include/mysql -DUSE_TLS -I/usr/include/openssl' 'AUXLIBS=-L/usr/lib/sasl2 -lsasl2 -L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib/openssl/engines -lssl -lcrypto' make && make install |
四.配置MYSQL
1.修改MYSQL管理密码
service mysqld restart mysqladmin -u root password 123qwe! |
2. 解压EXTMAN管理组件
tar zxf extman-0.2.5.tar.gz -C ~ |
3. 调用extmail.sql和init.sql初始化mysql数据库
cd /root/extman-0.2.5/docs mysql -u root -p < extmail.sql mysql -u root -p < init.sql |
五.配置Courier-Authlib发信认证库
1. 解压Courier-Authlib
tar jxf courier-authlib-0.60.2.tar.bz2 -C ~ |
2. 编译安装Courier-Authlib
cd /root/courier-authlib-0.60.2 ./configure --prefix=/usr/local/courier-authlib --without-stdheaderdir --with-authmysql --with-mysql-libs=/usr/lib/mysql --with-mysql-includes=/usr/include/mysql make && make install && make install-configure |
3. 配置Courier-Authlib
cd /usr/local/courier-authlib/etc/authlib vim authdaemonrc |
authmodulelist="authmysql" authmodulelistorig="authmysql" |
vim authmysqlrc |
MYSQL_SERVER localhost MYSQL_USERNAME extmail MYSQL_PASSWORD extmail MYSQL_SOCKET /var/lib/mysql/mysql.sock MYSQL_PORT 3306 MYSQL_DATABASE extmail MYSQL_USER_TABLE mailbox MYSQL_CRYPT_PWFIELD password DEFAULT_DOMAIN extmail.org MYSQL_UID_FIELD uidnumber MYSQL_GID_FIELD gidnumber MYSQL_LOGIN_FIELD username MYSQL_HOME_FIELD concat('/mailbox/',homedir) MYSQL_NAME_FIELD name MYSQL_MAILDIR_FIELD concat('/mailbox/',maildir) |
cp /root/courier-authlib-0.60.2/courier-authlib.sysvinit /etc/init.d/courier-authlib chmod 755 /etc/init.d/courier-authlib service courier-authlib restart cd /usr/lib/sasl2/ cp Sendmail.conf smtpd.conf vim smtpd.conf |
pwcheck_method:authdaemond authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket mech_list:plain |
service saslauthd restart |
六.配置DOVECOT
1.安装pam-devel模块
yum -y install pam-devel-* |
2.建立dovecot账户
useradd -M -s /sbin/nologin dovecot |
3.解压dovecot源码
tar zxf dovecot-1.1.4.tar.gz -C ~ |
4. 配置安装dovecot
cd /root/dovecot-1.1.4 ./configure --sysconfdir=/etc --with-mysql make && make install cd /etc cp dovecot-example.conf dovecot.conf cp dovecot-sql-example.conf dovecot-sql.conf vim dovecot.conf |
protocols = pop3 imap disable_plaintext_auth = no ssl_disable = yes mail_location = maildir:/mailbox/%d/%n/Maildir # passdb pam { //注销 #}//注销 passdb sql { args =/etc/dovecot-sql.conf } # userdb passwd {//注销 #}//注销 userdb sql { args =/etc/dovecot-sql.conf } |
vim dovecot-sql.conf |
driver = mysql connect = host=localhost dbname=extmail user=extmail password=extmail default_pass_scheme = CRYPT password_query=select username as user,password as password from mailbox where username='%u' and active=1 user_query=select uidnumber as uid, gidnumber as gid, concat(‘/mailbox/’,homedir) as home from mailbox where username='%u' |
pkill -9 dovecot dovecot |
七.配置POSTFIX
1. 修改POSTFIX服务配置文件main.cf
cd /etc/postfix vim main.cf |
soft_bounce = yes myhostname=centos.extmail.org mydomain=extmail.org myorigin=$mydomain inet_interfaces=127.0.0.1, 172.16.1.1 mynetworks_style = subnet mynetworks = 172.16.1.0/24, 127.0.0.0/8 #mydestination= //注释掉本地用户的收件人查询 mail_spool_directory = /var/spool/mail smtpd_error_sleep_time=60s smtpd_soft_error_limit=5 smtpd_hard_error_limit=10 queue_run_delay=120s maximal_queue_lifetime=3600s bounce_size_limit=5120000 smtpd_sasl_auth_enable=yes smtpd_sasl_authenticated_header=yes smtpd_sasl_local_domain=$mydomain smtpd_sasl_path=smtpd smtpd_sasl_security_options=noanonymous smtpd_recipient_restrictions=permit_mynetworks,reject_unauth_destination,permit_sasl_authenticated virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:1000 virtual_mailbox_base = /mailbox virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 512000000 virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_uid_maps = static:1000 |
cp /root/extman-0.2.5/docs/mysql_virtual_* /etc/postfix/ service sendmail stop chkconfig --level 123456 sendmail off postfix start mkdir -p /mailbox/extmail.org/postmaster/Maildir chown -R postfix:postfix /mailbox |
八.安装EXTMAIL
1. 安装APACHE
yum -y install httpd-* |
2. 解压EXTMAIL
tar zxf extmail-1.0.5.tar.gz -C /var/www/html/ cd /var/www/html mv extmail-1.0.5 extmail |
3. 配置EXTMAIL
Cd /var/www/html/extmail cp webmail.cf.default webmail.cf vim webmail.cf |
SYS_CONFIG = /var/www/html/extmail/ SYS_LANGDIR = /var/www/html/extmail/lang SYS_TEMPLDIR = /var/www/html/extmail/html SYS_MAILDIR_BASE = /mailbox SYS_CRYPT_TYPE = crypt SYS_MYSQL_USER = extmail SYS_MYSQL_PASS = extmail SYS_MYSQL_DB = extmail SYS_MYSQL_HOST = localhost SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock SYS_MYSQL_TABLE = mailbox SYS_MYSQL_ATTR_USERNAME = username SYS_MYSQL_ATTR_DOMAIN = domain SYS_MYSQL_ATTR_PASSWD = password SYS_MYSQL_ATTR_CLEARPW = clearpwd SYS_MYSQL_ATTR_QUOTA = quota SYS_MYSQL_ATTR_NDQUOTA = netdiskquota SYS_MYSQL_ATTR_HOME = homedir SYS_MYSQL_ATTR_MAILDIR = maildir SYS_MYSQL_ATTR_DISABLEWEBMAIL = disablewebmail SYS_MYSQL_ATTR_DISABLENETDISK = disablenetdisk SYS_MYSQL_ATTR_DISABLEPWDCHANGE = disablepwdchange SYS_MYSQL_ATTR_ACTIVE = active SYS_MYSQL_ATTR_PWD_QUESTION = question SYS_MYSQL_ATTR_PWD_ANSWER = answer |
tar zxf Unix-Syslog-1.1.tar.gz -C ~ cd /root/Unix-Syslog-1.1 perl Makefile.PL make make install vim /etc/httpd/conf/httpd.conf |
ServerName centos.extmail.org:80 <VirtualHost 172.16.1.1:80> ServerAdmin [email protected] DocumentRoot /var/www/html/extmail/html ServerName mail.extmail.org ErrorLog logs/extmail.org-error_log CustomLog logs/extmail.org-access_log common DirectoryIndex index.html ScriptAlias /extmail/cgi/ /var/www/html/extmail/cgi/ Alias /extmail /var/www/html/extmail/html SuexecUserGroup postfix postfix </VirtualHost> |
service httpd restart |
九.安装EXTMAN
1. 先安装rrdtool-perl
yum -y install rrdtool-perl-1.2.23-3.el5.i386.rpm |
2. 安装rrdtool
yum -y install rrdtool-1.2.23-3.el5.i386.rpm |
3. 安装File-Tail
tar zxf File-Tail-0.99.3.tar.gz -C ~ cd /root/File-Tail-0.99.3 perl Makefile.PL make make install |
4.安装GD
tar zxf GD-2.41.tar.gz -C ~ tar zxf gd-2.0.28.tar.gz -C ~ yum -y install libpng-* yum -y install libjpeg-* yum -y install freetype-* cd /root/gd-2.0.28 ./configure make && make install cd /root/GD-2.41 perl Makefile.PL make && make install |
5.解压并配置EXTMAN
tar zxf extman-0.2.5.tar.gz -C /var/www/html/ cd /var/www/html/ mv extman-0.2.5 extman cd extman vim webman.cf |
SYS_CONFIG = /var/www/html/extman/ SYS_LANGDIR = /var/www/html/extman/lang SYS_TEMPLDIR = /var/www/html/extman/html SYS_MAILDIR_BASE = /mailbox SYS_CAPTCHA_ON=0 SYS_CRYPT_TYPE = crypt SYS_MYSQL_USER = webman SYS_MYSQL_PASS = webman SYS_MYSQL_DB = extmail SYS_MYSQL_HOST = localhost SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock SYS_MYSQL_TABLE = manager SYS_MYSQL_ATTR_USERNAME = username SYS_MYSQL_ATTR_PASSWD = password |
mkdir -p /tmp/extman chown -R postfix:postfix /tmp/extman vim /etc/httpd/conf/httpd.conf |
<VirtualHost 172.16.1.1:80> ServerAdmin [email protected] DocumentRoot /var/www/html/extmail/html ServerName mail.extmail.org ErrorLog logs/extmail.org-error_log CustomLog logs/extmail.org-access_log common DirectoryIndex index.html ScriptAlias /extmail/cgi/ /var/www/html/extmail/cgi/ Alias /extmail /var/www/html/extmail/html ScriptAlias /extman/cgi/ /var/www/html/extman/cgi/ Alias /extman /var/www/html/extman/html SuexecUserGroup postfix postfix </VirtualHost> |
cd /var/www/html/extman/addon/mailgraph_ext mkdir -p /usr/local/mailgraph_ext cp mailgraph* /usr/local/mailgraph_ext/ cp qmonitor* /usr/local/mailgraph_ext/ cp queue_* /usr/local/mailgraph_ext/ cd /usr/local/mailgraph_ext/ ./mailgraph-init start ./qmonitor-init start service httpd restart |
十.启用TLS
1.生成CA证书和密码文件
cd /etc/pki/tls/certs openssl req -new -x509 -nodes -keyout ca.key -out ca.crt |
writing new private key to 'ca.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:cn State or Province Name (full name) [Berkshire]:hubei Locality Name (eg, city) [Newbury]:wuhan Organization Name (eg, company) [My Company Ltd]:bdqn Organizational Unit Name (eg, section) []:benet Common Name (eg, your name or your server's hostname) []:centos.extmail.org Email Address []: |
2. 生成SMTPS私钥
openssl genrsa -out smtps.key 512 |
3. 使用SMTPS私钥生成证书请求
openssl req -new -key smtps.key -out smtps.csr |
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:cn State or Province Name (full name) [Berkshire]:hubei Locality Name (eg, city) [Newbury]:wuhan Organization Name (eg, company) [My Company Ltd]:bdqn Organizational Unit Name (eg, section) []:benet Common Name (eg, your name or your server's hostname) []:centos.extmail.org Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: |
4.使用CA私钥和CA证书对SMTPS证书请求进行证书颁发和签名
cp /etc/pki/tls/certs/ca.key /etc/pki/CA/private/cakey.pem mkdir -p /etc/pki/CA/newcerts touch /etc/pki/CA/index.txt touch /etc/pki/CA/serial echo 01 > /etc/pki/CA/serial openssl ca -key ca.key -cert ca.crt -in smtps.csr -out smtps.crt |
Using configuration from /etc/pki/tls/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Sep 22 09:19:04 2011 GMT Not After : Sep 21 09:19:04 2012 GMT Subject: countryName = cn stateOrProvinceName = hubei organizationName = bdqn organizationalUnitName = benet commonName = centos.extmail.org X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 4D:72:CD:1B:37:C1:E0:0C:49:90:3B:4F:8C:FA:2C:7B:8A:82:80:C5 X509v3 Authority Key Identifier: keyid:9E:FD:B3:58:D2:01:AA:7D:B1:07:99:33:87:63:27:EB:E2:06:22:D9 Certificate is to be certified until Sep 21 09:19:04 2012 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated |
5.配置TLS
mkdir /etc/postfix/.certs cp /etc/pki/tls/certs/ca.key /etc/postfix/.certs/ cp /etc/pki/tls/certs/ca.crt /etc/postfix/.certs/ cp /etc/pki/tls/certs/smtps.crt /etc/postfix/.certs/ cp /etc/pki/tls/certs/smtps.key /etc/postfix/.certs/ vim /etc/postfix/main.cf |
smtpd_tls_CAfile=/etc/postfix/.certs/ca.crt smtpd_tls_CApath=/etc/postfix/.certs smtpd_tls_auth_only=yes smtpd_tls_cert_file=/etc/postfix/.certs/smtps.crt smtpd_tls_key_file=/etc/postfix/.certs/smtps.key smtpd_tls_loglevel=0 smtpd_tls_received_header=yes smtpd_use_tls=yes |
cd /etc/pki/tls/certs make dovecot.pem |
Country Name (2 letter code) [GB]:cn State or Province Name (full name) [Berkshire]:hubei Locality Name (eg, city) [Newbury]:wuhan Organization Name (eg, company) [My Company Ltd]:bdqn Organizational Unit Name (eg, section) []:benet Common Name (eg, your name or your server's hostname) []:centos.extmail.org Email Address []: |
cp /etc/pki/tls/certs/dovecot.pem /etc/postfix/.certs/ vim /etc/dovecot.conf |
protocols = pop3s pop3 imap ssl_disable = no ssl_cert_file = /etc/postfix/.certs/dovecot.pem ssl_key_file = /etc/postfix/.certs/dovecot.pem |
pkill -9 dovecot dovecot |
6.配置客户端
十一.配置防垃圾邮件系统
1.安装spamassassin
yum -y install spamassassin-3.2.5-1.el5.i386.rpm |
2.安装MailScanner
tar zxf MailScanner-4.83.5-1.rpm.tar.gz -C ~ cd /root/MailScanner-4.83.5-1 yum -y install rpm-build ./install.sh |
3.安装F-prot
tar zxf fp-Linux-i686-ws.tar.gz -C /opt/ cd /opt/f-prot/ perl install-f-prot.pl |
4. 配置MailScanner
vim /etc/MailScanner/MailScanner.conf |
%org-name% = extmail %org-long-name% = extmail.org %web-site% = centos.extmail.org Run As User =postfix Run As Group =postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming MTA = postfix |
chown -R postfix:postfix /var/spool/MailScanner chmod 755 /var/spool/MailScanner/incoming/Processing.db chmod 755 /var/spool/MailScanner/incoming/SpamAssassin.cache.db vim /etc/postfix/main.cf |
header_checks = regexp:/etc/postfix/header_checks |
echo > /etc/postfix/header_checks vim /etc/postfix/header_checks |
/^Received:/ HOLD |
postmap /etc/postfix/header_checks postfix stop postfix start service saslauthd restart service courier-authlib restart service MailScanner restart pkill -9 dovecot dovecot service spamassassin restart service named restart service mysqld restart service httpd restart chkconfig --level 3 saslauthd on chkconfig --level 3 courier-authlib on chkconfig --level 3 MailScanner on chkconfig --level 3 named on chkconfig --level 3 mysqld on chkconfig --level 3 spamassassin on chkconfig --level 3 httpd on vim /etc/rc.d/rc.local |
/usr/local/mailgraph_ext/mailgraph-init start /usr/local/mailgraph_ext/qmonitor-init start /usr/local/sbin/dovecot /usr/sbin/postfix start |
十二.测试客户端
1. 测试extmail
2. 测试extman
3. 测试outlook