www.extmail.net
本章目录:
1、电子邮局介绍(成员的组成及工作原理)
2、回顾分析第一阶段的邮局系统: postfix(MTA smtp)+dovecot(pop3/imap)+squirrelmail(webmail)+apache+php+DNS
3、分析虚拟用户邮局系统: postfix(MTA+maildrop+(MDA)couier-imap(MUA)+courier-authlib+apache(extmail/exman)+mysql
4、邮局部署之前的DNS准备(MX)
5、部署虚拟用户邮局系统
邮件角色
MTA 邮件传输代理 邮局 sendmail postfix qmail notes(IBM) exchange(MS)
MDA 邮件分发代理 代理机制
MUA 邮件用户代理 客户端 mail mutt webmail foxmail outlook
邮件协议
smtp 简单邮件传输协议 用于发送邮件 TCP 25 465
pop3 第三版邮局协议 用于接收邮件 TCP 110 995 离线模式(1-100)
imap 互联网邮件访问协议 用于接收邮件 TCP 443 993 在线模式(锁定第几封)
工作原理
---DNS MX -----
MUA ---smtpd:25--- MTA -smtpd--- MDA --smtpd--- MTA --pop3/imap--- MUA
回顾
postfix(MTA smtp)+dovecot(pop3/imap)+squirrelmail(webmail)+apache+php+DNS + pam --> /etc/passwd|/etc/shadow
虚拟用户邮局系统
postfix(MTA)+maildrop(MDA)+couier-imap(MUA)+courier-authlib+apache(extmail/exman)+mysql
++++++++++部署虚拟用户邮件系统++++++++++++++++
1 配置DNS的MX记录
[root@i ~]# vim /var/named/uplooking.com.zone
$TTL 1D
@ IN SOA dns.uplooking.com. root.uplooking.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ NS dns.uplooking.com. --DNS服务器
dns A 192.168.0.254
@ MX 5 mail.uplooking.com. --邮件服务器
mail A 192.168.0.1
[root@node1 ~]# echo "nameserver 192.168.0.254" > /etc/resolv.conf
[root@node1 ~]# host mail.uplooking.com
mail.uplooking.com has address 192.168.0.1
2 配置本地ISO源与EMOS源
[root@node1 ~]# rm -fr /etc/yum.repos.d/*
[root@node1 ~]# vim /etc/yum.repos.d/emos.repo
[local]
baseurl=ftp://192.168.0.254/pub/rhel6/dvd
gpgcheck=0
[emos]
baseurl=ftp://192.168.0.254/EMOS
gpgcheck=0
3 安装MTA postfix ---- 升级(qmail)
--升级postfix
[root@node1 ~]# yum -y install postfix
postfix是否加载mysql模块
[root@node1 ~]# postconf -m |grep mysql
mysql
配置postfix(命令回顾)
# postconf--查询所有已经生效配置
# postconf -n--查询自定义的配置
# postconf -d--查询默认配置
# postconf -m--查询postfix支持的模块列表
# postconf -e--通过非交互模式配置文件修改,用于脚本方式配置postfix
生成配置文件
[root@node1 ~]# postconf -n >> /etc/postfix/main.cf.new
[root@node1 ~]# mv /etc/postfix/main.cf /etc/postfix/main.cf.old
[root@node1 ~]# cp /etc/postfix/main.cf.new /etc/postfix/main.cf
[root@node1 ~]# vim /etc/postfix/main.cf
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = /usr/share/doc/postfix-2.7.3-documentation/html
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.7.3-documentation/readme
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
unknown_local_recipient_reject_code = 550
# hostname --邮件主机信息
mynetworks = 127.0.0.1
myhostname = mail.uplooking.com
mydomain = uplooking.com
mydestination = $mynetworks $myhostname $mydomain
# banner --欢迎信息
mail_name = Postfix - by uplooking.com
smtpd_banner = $myhostname ESMTP $mail_name
# response immediately --错误报告立刻返回
smtpd_error_sleep_time = 0s
# Message and return code control --单位字节 单封邮件与邮件家目录的限制
message_size_limit = 50000000
mailbox_size_limit = 1024000000
show_user_unknown_table_name = no
# Queue lifetime control --生命周期
bounce_queue_lifetime = 1d
maximal_queue_lifetime = 1d
4 安装MDA (maildrop)
[root@node1 ~]# yum -y install maildrop
定义maildrop程序
[root@node1 ~]# id vuser
uid=1000(vuser) gid=1000(vgroup) 组=1000(vgroup)
[root@node1 ~]# vim /etc/postfix/master.cf
maildrop unix - n n - - pipe
flags=DRhu user=vuser argv=maildrop -w 90 -d ${user}@${nexthop} ${recipient} ${user} ${extension} {nexthop}
5 安装配置Courier-Authlib验证中间件:
[root@node1 ~]# rpm -qa |grep authlib
courier-authlib-0.62.4-1.el6.FT.x86_64
[root@node1 docs]# yum -y install courier-authlib courier-authlib-mysql
[root@node1 ~]# rpm -ql courier-authlib |grep mysql
/etc/authlib/authmysqlrc.dist
/usr/share/doc/courier-authlib-0.62.4/README.authmysql.html
/usr/share/doc/courier-authlib-0.62.4/README.authmysql.myownquery
--清空配置文件 重新定义中间件程序 如何 连接数据库
[root@node1 ~]# :> /etc/authlib/authmysqlrc
[root@node1 ~]# vim /etc/authlib/authmysqlrc
MYSQL_SERVER localhost
MYSQL_USERNAME extmail
MYSQL_PASSWORD extmail
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_PORT 3306
MYSQL_OPT 0
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD uidnumber
MYSQL_GID_FIELD gidnumber
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD homedir
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD maildir
MYSQL_QUOTA_FIELD quota
MYSQL_SELECT_CLAUSE SELECT username,password,"",uidnumber,gidnumber,\
CONCAT('/home/domains/',homedir), \
CONCAT('/home/domains/',maildir), \
quota, \
name \
FROM mailbox \
WHERE username = '$(local_part)@$(domain)'
[root@node1 ~]# vim /etc/authlib/authdaemonrc
authmodulelist="authmysql"
authmodulelistorig="authmysql"
启动服务
[root@node1 ~]# /etc/rc.d/init.d/courier-authlib start
[root@node1 ~]# chkconfig courier-authlib on
修改authdaemon socket目录权限,如果该目录权限不正确修改,maildrop及postfix等将无法正确获取用户的信息及密码认证:
思路 MTA--postfix--maildrop ---/var/spool/authdaemon/socket----- authdaemonrc---/etc/authlib/authmysqlrc
[root@node1 ~]# chmod 755 /var/spool/authdaemon/
6 虚拟主机设置
[root@node1 ~]# yum -y install httpd
[root@node1 ~]# vim /etc/httpd/conf.d/vhost_mail.uplooking.conf
NameVirtualHost *:80
<VirtualHost *:80>
ServerName mail.uplooking.com
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi/ /var/www/extsuite/extmail/cgi/
Alias /extmail /var/www/extsuite/extmail/html/
ScriptAlias /extman/cgi/ /var/www/extsuite/extman/cgi/
Alias /extman /var/www/extsuite/extman/html/
# Suexec config
SuexecUserGroup vuser vgroup
</VirtualHost>
7 安装与配置页面
安装页面 后台 webman --extsuite-webman
[root@node1 ~]# yum -y install extsuite-webman
安装页面 前端 extmail --extsuite-webmail
[root@node1 ~]# yum -y install extsuite-webmail
配置页面
[root@node1 ~]# cp /var/www/extsuite/extmail/webmail.cf.default /var/www/extsuite/extmail/webmail.cf
[root@node1 ~]# vim /var/www/extsuite/extmail/webmail.cf
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
SYS_MYSQL_DB = extmail
SYS_MYSQL_HOST = localhost
SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock
修改权限
[root@node1 ~]# chown vuser.vgroup /var/www/extsuite/extmail/cgi/ -R
[root@node1 ~]# chown vuser.vgroup /var/www/extsuite/extman/cgi/ -R
[root@node1 ~]# mkdir /tmp/extman
[root@node1 ~]# chmod 777 /tmp/extman/
8 安装数据库
[root@node1 ~]# yum -y install mysql-server mysql
[root@node1 ~]# service mysqld start
导入mysql数据库结构及初始化数据,root密码默认为空
[root@node1 ~]# mysql < /var/www/extsuite/extman/docs/extmail.sql
[root@node1 ~]# mysql < /var/www/extsuite/extman/docs/init.sql
测试帐号
[root@node1 ~]# mysql -uextmail -pextmail extmail --SELECT,UPDATE
[root@node1 ~]# mysql -uwebman -pwebman extmail --SELECT, INSERT, UPDATE, DELETE
启动httpd
[root@node1 ~]# service httpd start
[root@node1 ~]# chkconfig httpd on
9 设置虚拟域和虚拟用户的配置文件
[root@node1 ~]# cd /var/www/extsuite/extman/docs/
[root@node1 docs]# cp mysql_virtual_* /etc/postfix/
[root@node1 docs]# vim /etc/postfix/main.cf
#mydestination = $mynetworks $myhostname $mydomain
# extmail config here
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_transport = maildrop:
[root@node1 docs]# service postfix restart
登录后台注册域名 uplooking.com
在注册邮件用户
http://mail.uplooking.com/extman/cgi/index.cgi
ExtMan的默认超级管理员帐户:[email protected],初始密码:extmail*123*,登陆成功后,建议将密码修改,以确保安全。
-----------测试
手连接数据库
[root@node1 ~]# mysql -uextmail -pextmail extmail
mysql> SELECT username,password,"",uidnumber,gidnumber,CONCAT('/home/domains/',homedir),CONCAT('/home/domains/',maildir),quota,name from mailbox where username='[email protected]'\G
*************************** 1. row ***************************
username: [email protected]
password: $1$DxNPON8B$yzxRpp7lQu5.WWi4ljINF/
:
uidnumber: 1000
gidnumber: 1000
CONCAT('/home/domains/',homedir): /home/domains/uplooking.com/u01
CONCAT('/home/domains/',maildir): /home/domains/uplooking.com/u01/Maildir/
quota: 5242880S
name: user01
1 row in set (0.00 sec)
使用命令 自动连接数据库查询
[root@node1 docs]# authtest -s /var/spool/authdaemon/socket [email protected] 123
Authentication succeeded.
Authenticated: [email protected] (uid 1000, gid 1000)
Home Directory: /home/domains/uplooking.com/u01
Maildir: /home/domains/uplooking.com/u01/Maildir/
Quota: 5242880S
Encrypted Password: $1$DxNPON8B$yzxRpp7lQu5.WWi4ljINF/
Cleartext Password: 123
Options: (none)
[root@node1 docs]# authtest -s /var/spool/authdaemon/socket [email protected] 456
Authentication succeeded.
Authenticated: [email protected] (uid 1000, gid 1000)
Home Directory: /home/domains/uplooking.com/u02
Maildir: /home/domains/uplooking.com/u02/Maildir/
Quota: 5242880S
Encrypted Password: $1$kIEJyc6F$MsDVCUtmS/mOw2vCpOOdg0
Cleartext Password: 456
Options: (none)
配置图形化日志:[热]
[root@node1 docs]# /usr/local/mailgraph_ext/mailgraph-init start
启动cmdserver(在后台显示系统信息)
[root@node1 docs]# /var/www/extsuite/extman/daemon/cmdserver --daemon
10 安装cyrus-sasl
[root@node1 docs]# yum -y install cyrus-sasl cyrus-sasl-lib cyrus-sasl-plain
[root@node1 docs]# vim /etc/postfix/main.cf
# smtpd related config ----收件人定义 rcpt to:
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
# SMTP sender login matching config -- --发件人定义 mail from:
smtpd_sender_restrictions =
permit_mynetworks,
reject_sender_login_mismatch,
reject_authenticated_sender_login_mismatch,
reject_unauthenticated_sender_login_mismatch
smtpd_sender_login_maps =
mysql:/etc/postfix/mysql_virtual_sender_maps.cf,
mysql:/etc/postfix/mysql_virtual_alias_maps.cf
# SMTP AUTH config here
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
定义认证模块如何连接数据库
[root@node1 docs]# vim /usr/lib64/sasl2/smtpd.conf
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path:/var/spool/authdaemon/socket
[root@node1 docs]# service postfix restart
测试SMTP认证
通过以下命令获得[email protected]的用户名及密码的BASE64编码:
# perl -e 'use MIME::Base64; print encode_base64("u01\@uplooking.com")'
dTAxQHVwbG9va2luZy5jb20=
# perl -e 'use MIME::Base64; print encode_base64("123")'
MTIz
[root@node1 docs]# telnet mail.uplooking.com 25
Trying 192.168.0.1...
Connected to mail.uplooking.com.
Escape character is '^]'.
220 mail.uplooking.com ESMTP Postfix - by uplooking.com
ehlo localhost
250-mail.uplooking.com
250-PIPELINING
250-SIZE 50000000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
dTAxQHVwbG9va2luZy5jb20=
334 UGFzc3dvcmQ6
MTIz
235 2.7.0 Authentication successful
quit
221 2.0.0 Bye
Connection closed by foreign host.
11 安装Courier-imap
[root@node1 docs]# yum -y install courier-imap
[root@node1 docs]# /etc/init.d/courier-imap start
[root@node1 docs]# chkconfig courier-imap on
测试
[root@node1 docs]# telnet mail.uplooking.com 110
Trying 192.168.0.1...
Connected to mail.uplooking.com.
Escape character is '^]'.
+OK Hello there.
user [email protected]
+OK Password required.
pass 123
+OK logged in.
list
+OK POP3 clients that break here, they violate STD53.
1 658
.
retr 1
进入后台 新增加新的域 qq.com
--配置DNS( 定义DNS的mx记录)
[root@i ~]# vim /var/named/qq.com.zone
@ NS dns.qq.com.
dns A 192.168.0.254
@ MX 5 mail.qq.com.
mail A 192.168.0.1
--测试mx记录是否解析
[root@node1 ~]# host mail.qq.com
mail.qq.com has address 192.168.0.1
域列表----域名 qq.com
用户 ---- [email protected] 密码123
进入前端注册邮箱地址 [email protected] 密码456
http://mail.qq.com/extmail/cgi/index.cgi
测试帐号
[root@node1 ~]# authtest -s /var/spool/authdaemon/socket [email protected] 123
Authentication succeeded.
Authenticated: [email protected] (uid 1000, gid 1000)
Home Directory: /home/domains/qq.com/q01
Maildir: /home/domains/qq.com/q01/Maildir/
Quota: 5242880S
Encrypted Password: $1$x4TzQksX$V4CTLdRCYbdRVd8w8SPUK.
Cleartext Password: 123
Options: (none)
[root@node1 ~]# authtest -s /var/spool/authdaemon/socket [email protected] 456
Authentication succeeded.
测试 [email protected] ---- [email protected]
[email protected] ---- [email protected]
--------------------------------
安装EMOS系统
[root@i ~]# vim /var/named/google.com.zone
@ NS dns.google.com.
dns A 192.168.0.254
@ MX 5 mail.google.com.
mail A 192.168.0.10