基于虚拟用户的邮件系统配置
实验说明:
操作系统:redhat5.8_x64bit
由postfix+ sasl + courier-authlib + MySQL(实现了虚拟用户、虚拟域) + dovecot + Webmail {extmail(extmain)} 组成的虚拟用户。
需要准备以下软件包:
postfix-2.9.6.tar.gz
courier-authlib-0.64.0.tar.bz2
extmail-1.2.tar.gz
extman-1.1.tar.gz
Unix-Syslog-0.100.tar.gz
提示:以下实验都在一台机器上配置。
一、安装Bind97
1、首先卸载bind93
#rpm -qa | grep bind /*查看是否安装Bind93 bind-libs-9.3.6.e15_6.1 bind-utils-9.3.6-20.P1.e15 #rpm -e bind-libs bind-utils /卸载bind93
2、安装bind97
#yum install bind97 bind97-utils
3、简单修改named.conf配置文件
#vim /etc/named.conf -->删除下面3行内容 listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; allow-query {localhost;};
4、编辑named.rfc1912.zones文件定义正向和反向区域。
zone "zengx.com" IN { type master; file "zengx.com.zone"; allow-update { none; }; //不让任何人更新 allow-transfer { none; }; //不让任何人传输 }; zone "3.168.192.in-addr.arpa" IN { type master; file "192.168.3.zone"; allow-update { none; }; allow-transfer { none; }; }; [root@localhost ~]# named-checkconf /etc/named.conf
5、创建区域文件
#cd /var/named/ #vim zengx.com.zone $TTL 86400 @ IN SOA ns.magedu.com. admin.magedu.com. ( 2015113001 2H //刷新时间 10M //重试时间 3D //过期时间 1D) //否定TTL值 IN NS ns IN MX 10 mail ns IN A 192.168.3.3 mail IN A 192.168.3.3 www IN A 1192.168.3.3 #vim 192.168.3.zone $TTL 86400 @ IN SOA ns.magedu.com. admin.magedu.com. ( 2013041501 2H 10M 3D 1D) IN NS ns.magedu.com. 3 IN PTR ns.magedu.com. 3 IN PTR mail.magedu.com. 3 IN PTR www.magedu.com. :wq 保存退出 # named-checkzone "zengx.com.zone" zengx.com.zone zone zengx.com.zone/IN: loaded serial 2015113001 OK # named-checkzone "192.168.3.in-addr-arpa" 192.168.3.zonezone 192.168.3.in-addr-arpa/IN: loaded serial 2015113001 OK
6、修改权限
# chgrp named zengx.com.zone 192.168.3.zone # chgrp named zengx.com.zone 192.168.3.zone
7、启动DNS
# service named start Starting named: [ OK ] # netstat -tunlp | grep named //查看端口是否被监听 tcp 0 0 192.168.3.3:53 0.0.0.0:* LISTEN 4189/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 4189/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 4189/named tcp 0 0 ::1:953 :::* LISTEN 4189/named udp 0 0 192.168.3.3:53 0.0.0.0:* 4189/named udp 0 0 127.0.0.1:53 0.0.0.0:* 4189/named # chkconfig named on //设置开机自动启动
8、测试
# vim /etc/resolv.conf //修改DNS服务IP为192.168.3.3 nameserver 192.168.3.3
# dig -t MX zengx.com @192.168.3.3
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -t MX zengx.com @192.168.3.3 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42182 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; QUESTION SECTION: ;zengx.com.INMX ;; ANSWER SECTION: zengx.com. 86400 IN MX 10 mail.zengx.com. ;; AUTHORITY SECTION: zengx.com. 86400 IN NS ns.zengx.com. ;; ADDITIONAL SECTION: mail.zengx.com. 86400 IN A 192.168.3.3 ns.zengx.com. 86400 IN A 192.168.3.3 ;; Query time: 3 msec ;; SERVER: 192.168.3.3#53(192.168.3.3) ;; WHEN: Mon Nov 30 12:40:20 2015 ;; MSG SIZE rcvd: 97 INA192.168.3.3
# dig -t A mail.zengx.com @192.168.3.3
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -t A mail.zengx.com @192.168.3.3 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46849 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;mail.zengx.com. IN A ;; ANSWER SECTION: mail.zengx.com. 86400 IN A 192.168.3.3 ;; AUTHORITY SECTION: zengx.com. 86400 IN NS ns.zengx.com. ;; ADDITIONAL SECTION: ns.zengx.com. 86400 IN A 192.168.3.3 ;; Query time: 3 msec ;; SERVER: 192.168.3.3#53(192.168.3.3) ;; WHEN: Mon Nov 30 12:42:02 2015 ;; MSG SIZE rcvd: 81
# dig -x 192.168.3.3 @192.168.3.3
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -x 192.168.3.3 @192.168.3.3 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4837 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;3.3.168.192.in-addr.arpa.INPTR ;; ANSWER SECTION: 3.3.168.192.in-addr.arpa. 86400 IN PTR mail.magedu.com. 3.3.168.192.in-addr.arpa. 86400 IN PTR ns.magedu.com. 3.3.168.192.in-addr.arpa. 86400 IN PTR www.magedu.com. ;; AUTHORITY SECTION: 3.168.192.in-addr.arpa. 86400 IN NS ns.magedu.com. ;; Query time: 4 msec ;; SERVER: 192.168.3.3#53(192.168.3.3) ;; WHEN: Mon Nov 30 12:43:10 2015 ;; MSG SIZE rcvd: 120
9、修改主机名
#vim /etc/sysconfig/network HOSTNAME=mail.zengx.com #hostname mail.zengx.com //立即生效 #vim /etc/hosts 192.168.3.3 mail.zengx.com # ping mail.zengx.com PING mail.zengx.com (192.168.3.3) 56(84) bytes of data. 64 bytes from ns.magedu.com (192.168.3.3): icmp_seq=1 ttl=64 time=0.028 ms 64 bytes from ns.magedu.com (192.168.3.3): icmp_seq=2 ttl=64 time=0.049 ms 64 bytes from ns.magedu.com (192.168.3.3): icmp_seq=3 ttl=64 time=0.047 ms
二、安装MySQL
1、安装前确保以下开发库和工具已经安装。
Development Libraries
Development Tools
Redhat6的开发软件包:
Development Tools
Server Platform Development
Desktop Platform Development
2、安装mysql
#yum install mysql-server mysql-devel
#service mysqld start
#chkconfig mysqld on
三、安装Postfix
下载postfix-2.9.6.tar.gz
1)卸载系统自带的sendmail
#service sendmail stop
#chkconfig sendmail off
# yum list all | grep sendmail
sendmail.x86_64 8.13.8-8.1.el5_7 installed
# rpm -e sendmail --nodeps
2)创建postfix用户和组
#groupadd -g 2525 postfix //ID号要大于1000
#useradd -g postfix -u 2525 -s /sbin/nologin -M postfix
#groupadd -g 2526 postdrop
#useradd -g postdrop -u 2526 -s /sbin/nologin -M postdrop
3)确认sasl软件包是否安装及位置
#yum list all | grep sasl
cryus-sasl-devel.* -->确定这两个包安装了。
cryus-sasl-plain.*
# rpm -ql cyrus-sasl-devel -->查看sasl安装位置
/usr/include/sasl
/usr/lib64/libsasl2.a
/usr/lib64/libsasl2.so
/usr/lib/libsasl2.a
/usr/lib/libsasl2.so
......省略
#cd /usr/lib64/sas12
#ls
libanonymous.la liblogin.so.2 libsasldb.la
libanonymous.so liblogin.so.2.0.22 libsasldb.so
libanonymous.so.2 libplain.la libsasldb.so.2
libanonymous.so.2.0.22 libplain.so libsasldb.so.2.0.22
liblogin.la libplain.so.2
liblogin.so libplain.so.2.0.22
4)解压安装postfix-2.9.6.tar.gz
#tar -zxvf postfix-2.9.6.tar.gz
#cd postfix-2.9.6
#make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DUSE_TLS ' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib64/sasl2 -lsasl2 -lssl -lcrypto'
#make
#make install
按照以下的提示输入相关的路径([]号中的是缺省值,”]”后的是输入值,省略的表示采用默认值)
install_root: [/] /
tempdir: [/root/postfix-2.9.6]
config_directory: [/etc/postfix]
command_directory: [/usr/sbin]
daemon_directory: [/usr/libexec/postfix]
data_directory: [/var/lib/postfix]
html_directory: [no]
mail_owner: [postfix]
mailq_path: [/usr/bin/mailq]
manpage_directory: [/usr/local/man]
newaliases_path: [/usr/bin/newaliases]
queue_directory: [/var/spool/postfix]
readme_directory: [no]
sendmail_path: [/usr/sbin/sendmail]
setgid_group: [postdrop]
为postfix提供SysV服务脚本/etc/init.d/postfix,内容如下(#END 之前):
为postfix提供SysV服务脚本/etc/init.d/postfix,内容如下(#END 之前):
vim /etc/init.d/postfix
#!/bin/bash
#
# postfix Postfix Mail Transfer Agent
#
# chkconfig: 2345 80 30
# description: Postfix is a Mail Transport Agent, which is the program \
# that moves mail from one machine to another.
# processname: master
# pidfile: /var/spool/postfix/pid/master.pid
# config: /etc/postfix/main.cf
# config: /etc/postfix/master.cf
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ $NETWORKING = "no" ] && exit 3
[ -x /usr/sbin/postfix ] || exit 4
[ -d /etc/postfix ] || exit 5
[ -d /var/spool/postfix ] || exit 6
RETVAL=0
prog="postfix"
start() {
# Start daemons.
echo -n $"Starting postfix: "
/usr/bin/newaliases >/dev/null 2>&1
/usr/sbin/postfix start 2>/dev/null 1>&2 && success || failure $"$prog start"
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/postfix
echo
return $RETVAL
}
stop() {
# Stop daemons.
echo -n $"Shutting down postfix: "
/usr/sbin/postfix stop 2>/dev/null 1>&2 && success || failure $"$prog stop"
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/postfix
echo
return $RETVAL
}
reload() {
echo -n $"Reloading postfix: "
/usr/sbin/postfix reload 2>/dev/null 1>&2 && success || failure $"$prog reload"
RETVAL=$?
echo
return $RETVAL
}
abort() {
/usr/sbin/postfix abort 2>/dev/null 1>&2 && success || failure $"$prog abort"
return $?
}
flush() {
/usr/sbin/postfix flush 2>/dev/null 1>&2 && success || failure $"$prog flush"
return $?
}
check() {
/usr/sbin/postfix check 2>/dev/null 1>&2 && success || failure $"$prog check"
return $?
}
restart() {
stop
start
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
reload)
reload
;;
abort)
abort
;;
flush)
flush
;;
check)
check
;;
status)
status master
;;
condrestart)
[ -f /var/lock/subsys/postfix ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|restart|reload|abort|flush|check|status|condrestart}"
exit 1
esac
exit $?
# END
#chmod +x /etc/init.d/postfix
#chkconfig --add postfix
#chkconfig --list postfix
生成别名二进制文件:
# newaliases
确保在/etc/下有aliases.db文件
#ls /etc/aliases.db
编辑main.cf
#vim /etc/postfix/main.cf
myhostname = mail.zengx.com
mydomain = zengx.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname,localhost.$mydomain,localhost,$mydomain,ns.$mydomain
mynetworks = 192.168.3.0/24,127.0.0.0/8
:wq 保存退出
#service postfix start //启动postfix
#tail /var/log/maillog //查看postfix启动过程初始化信息
Nov 30 14:22:42 localhost postfix/postfix-script[7568]: starting the Postfix mail system
Nov 30 14:22:42 localhost postfix/master[7569]: daemon started -- version 2.9.6, configuration /etc/postfix
#netstat -tnlp //查看25号端口是否监听
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 7569/master
5)测试
/*添加两个用户*/
#useradd openstack
#useradd hadoop
# telnet mail.zengx.com 25
Trying 192.168.3.3...
Connected to mail.zengx.com (192.168.3.3).
Escape character is '^]'.
220 mail.zengx.com ESMTP Postfix
ehlo mail.zengx.com
250-mail.zengx.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Subject:hello
hello
.
250 2.0.0 Ok: queued as BBD711A1002B
quit
221 2.0.0 Bye
# tail /var/log/maillog
localhost postfix/qmgr[7571]: BBD711A1002B: from=<[email protected]>, size=325, nrcpt=1 (queue active)
localhost postfix/local[7853]: BBD711A1002B: to=<[email protected]>, relay=local, delay=58, delays=58/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
localhost postfix/qmgr[7571]: BBD711A1002B: removed
localhost postfix/smtpd[7842]: disconnect from mail.zengx.com[192.168.3.3]
下面使用WindowsXP测试:
Outlook来给openstack发一封邮件:
opstack用户查看是否收到邮件:
[openstack@mail ~]$ mail
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/openstack": 2 messages 1 new 2 unread
U 1 [email protected] Mon Nov 30 15:44 45/1534 "TEST"
>N 2 [email protected] Mon Nov 30 15:50 44/1586 "TEST Hello"
&
四、安装dovecot
1、rpm包来安装dovecot
#yum install dovecot
2、编辑/etc/dovecot.conf文件
#vim /etc/dovecot.conf
protocols = pop3 //改成支持pop3协议
3、启动dovecot
#service dovecot start
#chkconfig dovecot on
#netstat -tnlp
tcp 0 0 :::110 :::* LISTEN 8116/dovecot
4、测试是否可以接收邮件
# telnet mail.zengx.com 110
Trying 192.168.3.3...
Connected to mail.zengx.com (192.168.3.3).
Escape character is '^]'.
+OK Dovecot ready.
USER openstack //用户名
+OK
PASS openstack //密码
+OK Logged in.
LIST
+OK 1 messages:
1 1517
.
mutt命令:字符界面收发邮件
mutt -f PROTOCOL://[email protected]@172.16.100.1
mutt -f pop://[email protected]
五、启用SASL
1、编辑saslauthd
#vim /etc/sysconfig/saslauthd
MECH=shadow
:wq 保存退出
2、启动saslauthd
#service saslauthd start
#chkconfig saslauthd on
# testsaslauthd -uhadoop -phadoop
0: OK "Success."
3、编辑smtpd.conf
# vim /usr/lib64/sasl2/smtpd.conf
log_level:3 //测试时候可以打开,方便排查错误。
pwcheck_method:saslauthd
memch_list:PLAIN LOGIN
:wq 保存退出
#service saslauthd restart //重启saslauthd
4、编辑postfix配置文件
#vim /etc/postfix/main.cf //修改和添加以下内容
mynetworks = 127.0.0.0/8
############################CYRUS-SASL############################
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_path = smtpd
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!
# service postfix restart //重启postfix
5、测试
客户端的Windows XP:192.168.3.4
使用Outlook给openstack发邮件:
点击“发送”,提示如下错误:
解决方法:客户端打开身份验证才能发送,如下图:
再点击发送全部邮件:
[root@mail ~]# tail /var/log/maillog
Nov 30 20:40:46 mail postfix/smtpd[4783]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Nov 30 20:40:46 mail postfix/smtpd[4783]: connect from unknown[192.168.3.4]
Nov 30 20:40:46 mail postfix/smtpd[4783]: 1BC691A10035: client=unknown[192.168.3.4], sasl_method=LOGIN, [email protected]
Nov 30 20:40:46 mail postfix/cleanup[4787]: 1BC691A10035: message-id=<D35D7372E2E54C319645CED292B51968@zx5e0f057a8636>
Nov 30 20:40:46 mail postfix/qmgr[4715]: 1BC691A10035: from=<[email protected]>, size=1417, nrcpt=1 (queue active)
Nov 30 20:40:46 mail postfix/smtpd[4783]: disconnect from unknown[192.168.3.4]
Nov 30 20:40:46 mail postfix/local[4789]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Nov 30 20:40:46 mail postfix/local[4789]: 1BC691A10035: to=<[email protected]>, relay=local, delay=0.16, delays=0.06/0.01/0/0.08, dsn=2.0.0, status=sent (delivered to mailbox)
Nov 30 20:40:46 mail postfix/qmgr[4715]: 1BC691A10035: removed
以上完成Postfix +dovecot + SASL。
六、安装Courier authentication library
1、courier简介
courier-authlib是Courier组件中的认证库,它是courier组件中一个独立的子项目,用于为Courier的其它组件提供认证服务。其认证功能通常包括验正登录时的帐号和密码、获取一个帐号相关的家目录或邮件目录等信息、改变帐号的密码等。而其认证的实现方式也包括基于PAM通过/etc/passwd和/etc/shadow进行认证,基于GDBM或DB进行认证,基于LDAP/MySQL/PostgreSQL进行认证等。因此,courier-authlib也常用来与courier之外的其它邮件组件(如postfix)整合为其提供认证服务。
备注:在RHEL5上要使用0.64.0及之前的版本,否则,可能会由于sqlite版本过低问题导致configure检查无法通过或编译无法进行。
2、安装
接下来开始编译安装
#yum list all | grep ltdl //确认是否安装,否则安装
#yum install libtool-ltdl libtool-ltdl-devel //安装ltdl
#yum install expect //这个也需要安装好
# tar jxvf courier-authlib-0.64.0.tar.bz2
# cd courier-authlib-0.64.0
#./configure \
--prefix=/usr/local/courier-authlib \
--sysconfdir=/etc \
--without-authpam \
--without-authshadow \
--without-authvchkpw \
--without-authpgsql \
--with-sqlite-libs=/usr/lib64 \
--with-sqlite-includes=/usr/include \
--with-authmysql \
--with-mysql-libs=/usr/lib64/mysql \
--with-mysql-includes=/usr/include/mysql \
--with-redhat \ -->不是红帽系统,这个就不需要。
--with-authmysqlrc=/etc/authmysqlrc \
--with-authdaemonrc=/etc/authdaemonrc \
--with-mailuser=postfix \
--with-mailgroup=postfix \
--with-ltdl-lib=/usr/lib64 \
--with-ltdl-include=/usr/include
#make
#make install
备注:可以使用--with-authdaemonver=/var/spool/authdaemon选项指定进程套接字目录路径。
# chmod 755 /usr/local/courier-authlib/var/spool/authdaemon
# cp /etc/authdaemonrc.dist /etc/authdaemonrc
# cp /etc/authmysqlrc.dist /etc/authmysqlrc
修改/etc/authdaemonrc 文件
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=10
DEBUG_LOGIN=2 //调试时候,打开这个选项。
3、配置其通过mysql进行邮件帐号认证
编辑/etc/authmysqlrc 为以下内容,其中2525,2525 为postfix 用户的UID和GID。
MYSQL_SERVER localhost
MYSQL_PORT 3306 (指定你的mysql监听的端口,这里使用默认的3306)
MYSQL_USERNAME extmail (这时为后文要用的数据库的所有者的用户名)
MYSQL_PASSWORD extmail (密码)
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD '2525'
MYSQL_GID_FIELD '2525'
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD concat('/var/mailbox/',homedir)
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD concat('/var/mailbox/',maildir)
4、提供SysV服务脚本
# cd courier-authlib-0.64.0
# cp courier-authlib.sysvinit /etc/rc.d/init.d/courier-authlib
# chmod 755 /etc/init.d/courier-authlib
# chkconfig --add courier-authlib
# chkconfig --level 2345 courier-authlib on
# echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf.d/courier-authlib.conf
# ldconfig -v
# service courier-authlib start (启动服务)
Starting Courier authentication services: authdaemond
#ps aux | grep auth
5、配置postfix和courier-authlib
新建虚拟用户邮箱所在的目录,并将其权限赋予postfix用户:
#mkdir -pv /var/mailbox
#chown -R postfix /var/mailbox
接下来重新配置SMTP 认证,编辑 /usr/lib64/sasl2/smtpd.conf ,确保其为以下内容:
pwcheck_method: authdaemond
log_level: 3
mech_list:PLAIN LOGIN
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket
七、让postfix支持虚拟域和虚拟用户
1、编辑/etc/postfix/main.cf,添加如下内容:
########################Virtual Mailbox Settings########################
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
virtual_transport = virtual
##########################QUOTA Settings########################
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
#postconf -n //检查配置文件
注意:这个时候不能启动postfix服务!!!
2、安装httpd
#yum install httpd
3、使用extman源码目录下docs目录中的extmail.sql和init.sql建立数据库:
# tar zxvf extman-1.1.tar.gz
# cd extman-1.1/docs
# mysql -u root -p < extmail.sql
# mysql -u root -p <init.sql
# cp mysql* /etc/postfix/
3、授予用户extmail访问extmail数据库的权限
mysql> GRANT all privileges on extmail.* TO extmail@localhost IDENTIFIED BY 'extmail';
mysql> GRANT all privileges on extmail.* TO [email protected] IDENTIFIED BY 'extmail';
4、编辑main.cf -->注释下面的内容
#myhostname = mail.zengx.com
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,ns.$mydomain
#mydomain = zengx.com
#myorigin = $mydomain
#service postfix restart //启动postfix服务
[root@mail ~]# telnet 192.168.3.3 25 //测试是否可以认证
Trying 192.168.3.3...
Connected to mail.zengx.com (192.168.3.3).
Escape character is '^]'.
220 Welcome to our mail.zengx.com ESMTP,Warning: Version not Available!
EHLO mail.zengx.com
250-mail.zengx.com
250-PIPELINING
250-SIZE 14336000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
554 5.7.1 <[email protected]>: Relay access denied
说明:启用虚拟域以后,需要取消中心域,即注释掉myhostname, mydestination, mydomain, myorigin几个指令;当然,你也可以把mydestionation的值改为你自己需要的。
2、对于MySQL-5.1以后版本,其中的服务脚本extmail.sql执行会有语法错误:可先使用如下命令修改extmail.sql配置文件,然而再执行,修改方法如下:
#sed -i 's@TYPE=MyISAM@ENGINE=InnoDB@g' extmail.sql
八、配置dovecot
# vi /etc/dovecot.conf
mail_location = maildir:/var/mailbox/%d/%n/Maildir
修改以下内容:
auth default {
mechanisms = plain
passdb sql { -->去掉前面的注释“#”号,添加下面内容
args = /etc/dovecot-mysql.conf
}
userdb sql { -->去掉前面的注释“#”号,添加下面内容
args = /etc/dovecot-mysql.conf
}
注释以下内容:
#userdb passwd {
...............
}
#userdb passwd {
..........
#}
:wq保存退出
# vim /etc/dovecot-mysql.conf
driver = mysql
connect = host=localhost dbname=extmail user=extmail password=extmail
default_pass_scheme = CRYPT
password_query = SELECT username AS user,password AS password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, uidnumber AS uid, gidnumber AS gid FROM mailbox WHERE username = '%u'
说明:如果mysql服务器是本地主机,即host=localhost时,如果mysql.sock文件不是默认的/var/lib/mysql/mysql.sock,可以使用host=“sock文件的路径”来指定新位置;例如:使用通用二进制安装MySQL,其sock文件位置为/tmp/mysql.sock,相应地,connect应按如下方式定义:
connect = host=/tmp/mysql.sock dbname=extmail user=extmail password=extmail
接下来启动dovecot服务:
# service dovecot start
# chkconfig dovecot on
九、安装Extmail-1.2
说明:如果extmail的放置路径做了修改,那么配置文件webmail.cf中的/var/www路径必须修改为你所需要的位置。本文使用了默认的/var/www,所以,以下示例中并没有包含路径修改的相关内容。
1、安装
# mkdir -pv /var/www/extsuite
# tar zxvf extmail-1.2.tar.gz
# mv extmail-1.2 /var/www/extsuite/extmail
#cd /var/www/extsuite/extmail
#cp webmail.cf.default webmail.cf
2、修改主配置文件
#vi /var/www/extsuite/extmail/webmail.cf
部分修改选项的说明:
SYS_MESSAGE_SIZE_LIMIT = 5242880
用户可以发送的最大邮件
SYS_USER_LANG = en_US
语言选项,可改作:
SYS_USER_LANG = zh_CN
SYS_MAILDIR_BASE = /home/domains
此处即为您在前文所设置的用户邮件的存放目录,可改作:
SYS_MAILDIR_BASE = /var/mailbox
SYS_MYSQL_USER = db_user
SYS_MYSQL_PASS = db_pass
以上两句句用来设置连接数据库服务器所使用用户名、密码和邮件服务器用到的数据库,这里修改为:
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
SYS_MYSQL_HOST = localhost
指明数据库服务器主机名,这里默认即可
SYS_MYSQL_TABLE = mailbox
SYS_MYSQL_ATTR_USERNAME = username
SYS_MYSQL_ATTR_DOMAIN = domain
SYS_MYSQL_ATTR_PASSWD = password
以上用来指定验正用户登录里所用到的表,以及用户名、域名和用户密码分别对应的表中列的名称;这里默认即可
SYS_AUTHLIB_SOCKET = /var/spool/authdaemon/socket
此句用来指明authdaemo socket文件的位置,这里修改为:
SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket
3、apache相关配置
由于extmail要进行本地邮件的投递操作,故必须将运行apache服务器用户的身份修改为您的邮件投递代理的用户;本例中打开了apache服务器的suexec功能,故使用以下方法来实现虚拟主机运行身份的指定。此例中的MDA为postfix自带,因此将指定为postfix用户:
#vim /etc/httpd/conf/httpd.conf -->修改如下内容
#DocumentRoot "/var/www/html" //注释中心主机
添加如下内容:行尾添加
<VirtualHost *:80>
ServerName mail.zengx.com
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
SuexecUserGroup postfix postfix
</VirtualHost>
:wq 保存退出
#httpd -t -->检查语法
修改 cgi执行文件属主为apache运行身份用户:
# chown -R postfix.postfix /var/www/extsuite/extmail/cgi/
注意:
如果您没有打开apache服务器的suexec功能,也可以使用以下方法解决:
# vim /etc/httpd/httpd.conf
User postfix
Group postfix
<VirtualHost *:80>
ServerName mail.zengx.com
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
</VirtualHost>
#service httpd start //启动httpd服务
测试:打开浏览器输入:http://192.168.3.3/extmail
出现如下提示如下信息:
Unix::Syslog not found, please install it first! (in cleanup) Undefined subroutine &Ext::Logger::do_closelog called at /var/www/extsuite/extmail/libs/Ext/Logger.pm line 86.
解决方法如下第4步:
4、依赖关系的解决
extmail将会用到perl的Unix::syslogd功能,您可以去http://search.cpan.org搜索下载原码包进行安装。
# tar zxvf Unix-Syslog-0.100.tar.gz
# cd Unix-Syslog-0.100
# perl Makefile.PL
# make
# make install
再次打开浏览器输入:http://192.168.3.3/extmail,出现如下信息:
5、设置apache开机自动启动
# chkconfig httpd on
十、安装Extman-1.1
1、安装及基本配置
# tar zxvf extman-1.1.tar.gz # mv extman-1.1 /var/www/extsuite/extman 修改配置文件以符合本例的需要: # cp /var/www/extsuite/extman/webman.cf.default /var/www/extsuite/extman/webman.cf # vi /var/www/extsuite/extman/webman.cf SYS_MAILDIR_BASE = /home/domains 此处即为您在前文所设置的用户邮件的存放目录,可改作: SYS_MAILDIR_BASE = /var/mailbox SYS_DEFAULT_UID = 1000 SYS_DEFAULT_GID = 1000 此两处后面设定的ID号需更改为前而创建的postfix用户和postfix组的id号,本文使用的是2525,因此,上述两项需要修改为: SYS_DEFAULT_UID = 2525 SYS_DEFAULT_GID = 2525 修改 SYS_CAPTCHA_ON = 1 为 SYS_CAPTCHA_ON = 0 SYS_MYSQL_USER = webman SYS_MYSQL_PASS = webman 修改为: SYS_MYSQL_USER = extmail SYS_MYSQL_PASS = extmail 如果SYS_MYSQL_USER没有使用extmail,而使用默认的webman,需要登录mysql,授权webman权限。操作如下: 这里使用默认的webman,所以创建webman用户,如下操作: #mysql -uroot -p mysql>GRANT ALL PRIVILEGES ON extmail.* TO webman@localhost IDENTIFIED BY 'webman'; mysql>GRANT ALL PRIVILEGES ON extmail.* TO [email protected] IDENTIFIED BY 'webman'; mysql>FLUSH PRIVILEGES;
而后修改cgi目录的属主:
# chown -R postfix.postfix /var/www/extsuite/extman/cgi/
在apache的主配置文件中Extmail的虚拟主机部分,添加如下两行:
#vim /etc/httpd/conf/httpd.conf <VirtualHost *:80> ........... ........... 省略 ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi Alias /extman /var/www/extsuite/extman/html </VirtualHost>
创建其运行时所需的临时目录,并修改其相应的权限:
#mkdir -pv /tmp/extman #chown postfix.postfix /tmp/extman #service httpd restart
好了,到此为止,重新启动apache服务器后,您的Webmail和Extman已经可以使用了,可以在浏览器中输入指定的虚拟主机的名称进行访问,如下:
http://172.16.100.1/extmail 出现如下示图:
选择登录邮箱管理:点击“登录”
跳转到:如下页面
http://172.16.100.1/extman 出现如下示图:
选择管理即可登入extman进行后台管理了。默认管理帐号为:[email protected] 密码为:extmail*123* 出现如下页面:
说明:
(1) 如果您安装后无法正常显示校验码,安装perl-GD模块会解决这个问题。如果想简单,您可以到以下地址下载适合您的平台的rpm包,安装即可: http://dries.ulyssis.org/rpm/packages/perl-GD/info.html
(2) extman-1.1自带了图形化显示日志的功能;此功能需要rrdtool的支持,您需要安装此些模块才可能正常显示图形日志。
下面我们来添加一个域:
下面来注册邮箱,操作步骤如下:
出现如下页面:
在注册一个邮箱账号,测试两个账号之间是否可以收发邮件,详细操作在这里略过!!
#########################################################################
下面我们来测试一下是否可以给外网邮箱发邮件吗?:
登录到126邮箱查看是否收到邮件:显示收到了tom发过来的邮件,
十一、实现SSL会话加密机制配置如下:
1、生成私钥
#cd /etc/pki/CA/ #(umask 077;openssl genrsa -out private/cakey.pem 2048) Generating RSA private key, 2048 bit long modulus .......................+++ ..................+++ e is 65537 (0x10001) #ls private //确认文件是否生成 cakey.pem
2、生成自签证书
#openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3656 Country Name (2 letter code) [GB]:CN State or Province Name (full name) [Berkshire]:beijing Locality Name (eg, city) [Newbury]:fengtai Organization Name (eg, company) [My Company Ltd]:Zengx Organizational Unit Name (eg, section) []:Tech Common Name (eg, your name or your server's hostname) []:ca.zengx.com Email Address []:[email protected] 编辑openssl.cnf文件 #vim /etc/pki/tls/openssl.cnf 把 dir =../../CA 修改为: dir =/etc/pki/CA
3、给dovecot生成私钥
#mkdir /etc/dovecot/ssl -pv #cd /etc/dovecot/ssl #(umask 077;openssl genrsa 1024 > dovecot.key) -->生成私钥 #openssl req -new -key dovecot.key -out dovecot.csr -->生成证书签署请求 Country Name (2 letter code) [GB]:CN State or Province Name (full name) [Berkshire]:beijing Locality Name (eg, city) [Newbury]:fengtai Organization Name (eg, company) [My Company Ltd]:Zengx Organizational Unit Name (eg, section) []:Tech Common Name (eg, your name or your server's hostname) []:mail.zengx.com Email Address []:[email protected] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
签署证书:
#cd /etc/pki/CA #mkdir certs newcerts crl #touch index.txt #echo 01 > serial #cd /etc/dovecot/ssl/ #openssl ca -in dovecot.csr -out dovecot.crt -days 3656 Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Dec 3 05:14:06 2015 GMT Not After : Dec 6 05:14:06 2025 GMT Subject: countryName = CN stateOrProvinceName = beijing organizationName = Zengx organizationalUnitName = Tech commonName = mail.zengx.com emailAddress = [email protected] X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 62:28:07:AA:FA:44:45:1E:31:CD:DE:4F:1F:8D:AB:C9:4F:0F:52:BB X509v3 Authority Key Identifier: keyid:9E:07:93:EA:CD:3E:F0:3A:DF:9A:84:18:87:61:78:F9:08:87:3D:37 Certificate is to be certified until Dec 6 05:14:06 2025 GMT (3656 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated
修改dovecot.conf配置文件:
#vim /etc/dovecot.conf protocols = pop3 pop3s ssl_disable = no ssl_cert_file = /etc/dovecot/ssl/dovecot.crt ssl_key_file = /etc/dovecot/ssl/dovecot.key :wq 保存退出 #service dovecot restart //重启服务 #netstat -tnlp //查看端口是否被监听了 tcp 0 0 :::995 :::* LISTEN 5620/dovecot tcp 0 0 :::110 :::* LISTEN 5620/dovecot
测试:
#openssl s_client -connect mail.zengx.com:995 Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 84B3ED780437136624195FA74EF84858DD5DD523153B2790B27769A0633CA6A4 Session-ID-ctx: Master-Key: 2C97D2DE1C19F02A327B0D119B13F8851F4792E3C3FDB42A03D3A4C98C9723820235E753BAFBEBCD28F95879686C9A73 Key-Arg : None Krb5 Principal: None Start Time: 1449120852 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- +OK Dovecot ready. USER [email protected] PASS hadoop LIST