編譯安裝Postfix:由於系統自帶的Postfix不支持mysql擴展,因此需要自己編譯安裝
# service sendmail stop //關閉並卸載自帶的sendmail服務 # rpm -e sendmail --nodeps # rpm -ivh postfix-2.3.3-6.el5.src.rpm # cd /usr/src/redhat/SPECS # vi postfix.spec %define LDAP 2 %define MYSQL 1 //添加Mysql的支持(默認已註釋) %define PCRE 1 %define SASL 2 %define TLS 1 %define IPV6 1 %define POSTDROP_GID 90 %define PFLOGSUMM 1 # rpmbuild -bb postfix.spec # cd ../RPMS/x86_64 # rpm -ivh postfix-2.3.3-6.x86_64.rpm # vi /etc/postfix/main.cf queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = postfix myhostname = mail.xfcy.org mydomain = xfcy.org myorigin = $mydomain inet_interfaces = all mydestination = unknown_local_recipient_reject_code = 550 mynetworks = 192.168.0.0/24, 127.0.0.0/8 alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases # chkconfig postfix on # /etc/init.d/postfix start
Postfix郵件的外發測試:
# telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 mail.xfcy.org ESMTP Postfix ehlo mail.xfcy.org 250-mail.xfcy.org 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from:[email protected] 250 2.1.0 Ok rcpt to:[email protected] 250 2.1.5 Ok data 354 End data with <CR><LF>.<CR><LF> subject:test postfix test . 250 2.0.0 Ok: queued as 5212B96E83 quit 221 2.0.0 Bye Connection closed by foreign host. # tailf /var/log/maillog May 17 12:52:50 mail postfix/smtpd[15176]: connect from mail.xfcy.org[192.168.0.89] May 17 12:53:04 mail postfix/smtpd[15176]: DF4B796E26: client=mail.xfcy.org[192.168.0.89] May 17 12:53:15 mail postfix/cleanup[15210]: DF4B796E26: message-id=<[email protected]> May 17 12:53:15 mail postfix/qmgr[3050]: DF4B796E26: from=<[email protected]>, size=379, nrcpt=1 (queue active) May 17 12:53:16 mail postfix/smtp[15214]: DF4B796E26: host 163mx03.mxmail.netease.com[220.181.14.159] said: 451 DT:SPM mx44, XsCowEBpUEu7t5VRWqdEAw--.1675S2, please try again 1368766395 http://mail.163.com/help/help_spam_16.htm?ip=210.13.194.138&hostid=mx44&time=1368766395 (in reply to end of DATA command) May 17 12:53:17 mail postfix/smtp[15214]: DF4B796E26: to=<[email protected]>, relay=163mx01.mxmail.netease.com[220.181.14.139]:25, delay=16, delays=14/0.02/1.6/0.24, dsn=2.0.0, status=sent (250 Mail OK queued as mx10,PMCowEBJElK8t5VRT8XKFQ--.914S2 1368766396) May 17 12:53:17 mail postfix/qmgr[3050]: DF4B796E26: removed May 17 12:53:23 mail postfix/smtpd[15176]: disconnect from mail.xfcy.org[192.168.0.89]
安裝配置Dovecot:
# yum -y install dovecot
# vi /etc/dovecot.conf
mail_location = maildir:/var/maildata/domains/%d/%n/Maildir
auth default {
mechanisms = plain
#把pam { }這一項註釋掉
passdb sql {
args = /etc/dovecot-mysql.conf
}
userdb passwd {
}
userdb sql {
args =/etc/dovecot-mysql.conf
}
user = root
}
# vi /etc/dovecot-mysql.conf //創建mysql認證文件
driver = mysql
connect = host=localhost dbname=extmail user=extmail password=extmail
default_pass_scheme = CRYPT
password_query = SELECT username AS user,password AS password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, uidnumber AS uid,gidnumber AS gid FROM mailbox WHERE username = '%u'
# chkconfig dovecot on
# /etc/init.d/dovecot start
# netstat -lntp | grep dovecot
tcp 0 0 :::993 :::* LISTEN 5033/dovecot
tcp 0 0 :::995 :::* LISTEN 5033/dovecot
tcp 0 0 :::110 :::* LISTEN 5033/dovecot
tcp 0 0 :::143 :::* LISTEN 5033/dovecot配置cyrus-sasl認證:
# yum -y install cyrus-sasl
# postconf -a
cyrus
dovecot
# vi /etc/postfix/main.cf //爲postfix開啓基於cyrus-sasl的認證功能
##====================SASL========================
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
reject_unknown_sender_domain,
reject_unknown_recipient_domain
# SMTP sender login matching config
smtpd_sender_restrictions =
permit_mynetworks,
reject_sender_login_mismatch
# SMTP AUTH config here
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
# banner
mail_name = Postfix - by xfcy.org
smtpd_banner = Welcome to $myhostname ESMTP , $mail_name
# service postfix restart
# telnet localhost 25
Trying 192.168.0.89...
Connected to mail.xfcy.org (192.168.0.89).
Escape character is '^]'.
220 Welcome to mail.xfcy.org ESMTP , Postfix - by xfcy.org
ehlo mail.xfcy.org
250-mail.xfcy.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN //出現以下兩行表示cyrus-sasl認證添加成功
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
安裝Courier-Authlib:
# tar jxvf courier-authlib-0.62.4.tar.bz2
# cd courier-authlib-0.62.4
# ./configure --prefix=/usr/local/courier-authlib --without-stdheaderdir --without-authuserdb --without-authpam --without-authldap --without-authpwd --without-authshadow --without-authvchkpw --without-authpgsql --without-authcustom --with-authmysql --with-redhat
# make
# make install
# make install-configure
# echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf
# ldconfig
# ldconfig -v | grep courier
/usr/local/courier-authlib/lib/courier-authlib:
libcourierauthsasl.so -> libcourierauthsasl.so.0
libcourierauthsaslclient.so -> libcourierauthsaslclient.so.0
libcourierauth.so -> libcourierauth.so.0
libcourierauthcommon.so -> libcourierauthcommon.so.0
# cp courier-authlib.sysvinit /etc/rc.d/init.d/courier-authlib
# chmod 755 /etc/rc.d/init.d/courier-authlib
# chkconfig --add courier-authlib
# chkconfig courier-authlib on
# chmod 755 /usr/local/courier-authlib/var/spool/authdaemon/
# cp /usr/local/courier-authlib/etc/authlib/authmysqlrc /usr/local/courier-authlib/etc/authlib/authmysqlrc.bak
# vi /usr/local/courier-authlib/etc/authlib/authmysqlrc
MYSQL_SERVER 127.0.0.1
MYSQL_USERNAME extmail
MYSQL_PASSWORD extmail
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_PORT 3306
MYSQL_OPT 0
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD 1000
MYSQL_GID_FIELD 1000
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD concat('/var/maildata/domains/',homedir)
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD concat('/var/maildata/domains/',maildir)
# vi /usr/local/courier-authlib/etc/authlib/authdaemonrc
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=10
authdaemonvar=/usr/local/courier-authlib/var/spool/authdaemon
DEBUG_LOGIN=0
DEFAULTOPTIONS=""
LOGGEROPTS=""
# service courier-authlib start
Starting Courier authentication services: authdaemond
# ps -ef | grep authdaemond | grep -v grep
root 9173 1 0 02:50 ? 00:00:00 /usr/local/courier-authlib/sbin/courierlogger -pid=/usr/local/courier-authlib/var/spool/authdaemon/pid -start /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root 9174 9173 0 02:50 ? 00:00:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root 9175 9174 0 02:50 ? 00:00:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root 9176 9174 0 02:50 ? 00:00:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root 9177 9174 0 02:50 ? 00:00:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root 9178 9174 0 02:50 ? 00:00:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root 9179 9174 0 02:50 ? 00:00:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root 9180 9174 0 02:50 ? 00:00:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root 9181 9174 0 02:50 ? 00:00:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root 9182 9174 0 02:50 ? 00:00:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root 9183 9174 0 02:50 ? 00:00:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
root 9184 9174 0 02:50 ? 00:00:00 /usr/local/courier-authlib/libexec/courier-authlib/authdaemond
# vi /usr/lib64/sasl2/smtpd.conf
pwcheck_method: authdaemond
log_level: 3
mech_list:PLAIN LOGIN
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket# groupadd -g 1000 vgroup
# useradd -g 1000 -u 1000 -s /sbin/nologin -M vuser
# tar jxvf maildrop-2.2.0.tar.bz2
# cd maildrop-2.2.0/
# ./configure --enable-sendmail=/usr/sbin/sendmail --enable-trusted-users='root vuser' --enable-syslog=1 --enable-maildirquota --enable-maildrop-uid=1000 --enable-maildrop-gid=1000 --with-trashquota --with-dirsync
# make && make install
# vi /etc/postfix/master.cf
maildrop unix - n n - - pipe
flags=DRhu user=vuser argv=/usr/local/bin/maildrop -w 90 -d ${user}@${nexthop} ${recipient} ${user} ${extension} {nexthop}
//flags前面有"兩個空格"
# vi /etc/postfix/main.cf
maildrop_destination_recipient_limit = 1
# maildrop -v //測試maildrop對authlib支持
maildrop 2.1.0 Copyright 1998-2005 Double Precision, Inc.
GDBM/DB extensions enabled.
Maildir quota extension enabled.
This program is distributed under the terms of the GNU General Public
License. See COPYING for additional information.如果maildrop使用RPM包安裝時,會自動創建vuser用戶及vgroup用戶組,專門用於郵件的存儲,vuser:vgroup的uid/gid都是1000,這與一般的郵件文檔中提及用postfix用戶存郵件不一樣。因爲postfix用戶的uid一般都低於500,而Suexec模塊編譯時對UID/GID的要求是要大於500,因此使用postfix用戶不能滿足要求。其次,如果用Maildrop作爲投遞代理(MDA),以postfix身份投遞的話,會導致postfix MTA錯誤。