基於虛擬用戶的郵件系統配置
實驗說明:
操作系統:redhat5.8_x64bit
由postfix+ sasl + courier-authlib + MySQL(實現了虛擬用戶、虛擬域) + dovecot + Webmail {extmail(extmain)} 組成的虛擬用戶。
需要準備以下軟件包:
postfix-2.9.6.tar.gz
courier-authlib-0.64.0.tar.bz2
extmail-1.2.tar.gz
extman-1.1.tar.gz
Unix-Syslog-0.100.tar.gz
提示:以下實驗都在一臺機器上配置。
一、安裝Bind97
1、首先卸載bind93
#rpm -qa | grep bind /*查看是否安裝Bind93 bind-libs-9.3.6.e15_6.1 bind-utils-9.3.6-20.P1.e15 #rpm -e bind-libs bind-utils /卸載bind93
2、安裝bind97
#yum install bind97 bind97-utils
3、簡單修改named.conf配置文件
#vim /etc/named.conf -->刪除下面3行內容 listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; allow-query {localhost;};
4、編輯named.rfc1912.zones文件定義正向和反向區域。
zone "zengx.com" IN { type master; file "zengx.com.zone"; allow-update { none; }; //不讓任何人更新 allow-transfer { none; }; //不讓任何人傳輸 }; zone "3.168.192.in-addr.arpa" IN { type master; file "192.168.3.zone"; allow-update { none; }; allow-transfer { none; }; }; [root@localhost ~]# named-checkconf /etc/named.conf
5、創建區域文件
#cd /var/named/ #vim zengx.com.zone $TTL 86400 @ IN SOA ns.magedu.com. admin.magedu.com. ( 2015113001 2H //刷新時間 10M //重試時間 3D //過期時間 1D) //否定TTL值 IN NS ns IN MX 10 mail ns IN A 192.168.3.3 mail IN A 192.168.3.3 www IN A 1192.168.3.3 #vim 192.168.3.zone $TTL 86400 @ IN SOA ns.magedu.com. admin.magedu.com. ( 2013041501 2H 10M 3D 1D) IN NS ns.magedu.com. 3 IN PTR ns.magedu.com. 3 IN PTR mail.magedu.com. 3 IN PTR www.magedu.com. :wq 保存退出 # named-checkzone "zengx.com.zone" zengx.com.zone zone zengx.com.zone/IN: loaded serial 2015113001 OK # named-checkzone "192.168.3.in-addr-arpa" 192.168.3.zonezone 192.168.3.in-addr-arpa/IN: loaded serial 2015113001 OK
6、修改權限
# chgrp named zengx.com.zone 192.168.3.zone # chgrp named zengx.com.zone 192.168.3.zone
7、啓動DNS
# service named start Starting named: [ OK ] # netstat -tunlp | grep named //查看端口是否被監聽 tcp 0 0 192.168.3.3:53 0.0.0.0:* LISTEN 4189/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 4189/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 4189/named tcp 0 0 ::1:953 :::* LISTEN 4189/named udp 0 0 192.168.3.3:53 0.0.0.0:* 4189/named udp 0 0 127.0.0.1:53 0.0.0.0:* 4189/named # chkconfig named on //設置開機自動啓動
8、測試
# vim /etc/resolv.conf //修改DNS服務IP爲192.168.3.3 nameserver 192.168.3.3
# dig -t MX zengx.com @192.168.3.3
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -t MX zengx.com @192.168.3.3 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42182 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; QUESTION SECTION: ;zengx.com.INMX ;; ANSWER SECTION: zengx.com. 86400 IN MX 10 mail.zengx.com. ;; AUTHORITY SECTION: zengx.com. 86400 IN NS ns.zengx.com. ;; ADDITIONAL SECTION: mail.zengx.com. 86400 IN A 192.168.3.3 ns.zengx.com. 86400 IN A 192.168.3.3 ;; Query time: 3 msec ;; SERVER: 192.168.3.3#53(192.168.3.3) ;; WHEN: Mon Nov 30 12:40:20 2015 ;; MSG SIZE rcvd: 97 INA192.168.3.3
# dig -t A mail.zengx.com @192.168.3.3
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -t A mail.zengx.com @192.168.3.3 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46849 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;mail.zengx.com. IN A ;; ANSWER SECTION: mail.zengx.com. 86400 IN A 192.168.3.3 ;; AUTHORITY SECTION: zengx.com. 86400 IN NS ns.zengx.com. ;; ADDITIONAL SECTION: ns.zengx.com. 86400 IN A 192.168.3.3 ;; Query time: 3 msec ;; SERVER: 192.168.3.3#53(192.168.3.3) ;; WHEN: Mon Nov 30 12:42:02 2015 ;; MSG SIZE rcvd: 81
# dig -x 192.168.3.3 @192.168.3.3
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -x 192.168.3.3 @192.168.3.3 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4837 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;3.3.168.192.in-addr.arpa.INPTR ;; ANSWER SECTION: 3.3.168.192.in-addr.arpa. 86400 IN PTR mail.magedu.com. 3.3.168.192.in-addr.arpa. 86400 IN PTR ns.magedu.com. 3.3.168.192.in-addr.arpa. 86400 IN PTR www.magedu.com. ;; AUTHORITY SECTION: 3.168.192.in-addr.arpa. 86400 IN NS ns.magedu.com. ;; Query time: 4 msec ;; SERVER: 192.168.3.3#53(192.168.3.3) ;; WHEN: Mon Nov 30 12:43:10 2015 ;; MSG SIZE rcvd: 120
9、修改主機名
#vim /etc/sysconfig/network HOSTNAME=mail.zengx.com #hostname mail.zengx.com //立即生效 #vim /etc/hosts 192.168.3.3 mail.zengx.com # ping mail.zengx.com PING mail.zengx.com (192.168.3.3) 56(84) bytes of data. 64 bytes from ns.magedu.com (192.168.3.3): icmp_seq=1 ttl=64 time=0.028 ms 64 bytes from ns.magedu.com (192.168.3.3): icmp_seq=2 ttl=64 time=0.049 ms 64 bytes from ns.magedu.com (192.168.3.3): icmp_seq=3 ttl=64 time=0.047 ms
二、安裝MySQL
1、安裝前確保以下開發庫和工具已經安裝。
Development Libraries
Development Tools
Redhat6的開發軟件包:
Development Tools
Server Platform Development
Desktop Platform Development
2、安裝mysql
#yum install mysql-server mysql-devel
#service mysqld start
#chkconfig mysqld on
三、安裝Postfix
下載postfix-2.9.6.tar.gz
1)卸載系統自帶的sendmail
#service sendmail stop
#chkconfig sendmail off
# yum list all | grep sendmail
sendmail.x86_64 8.13.8-8.1.el5_7 installed
# rpm -e sendmail --nodeps
2)創建postfix用戶和組
#groupadd -g 2525 postfix //ID號要大於1000
#useradd -g postfix -u 2525 -s /sbin/nologin -M postfix
#groupadd -g 2526 postdrop
#useradd -g postdrop -u 2526 -s /sbin/nologin -M postdrop
3)確認sasl軟件包是否安裝及位置
#yum list all | grep sasl
cryus-sasl-devel.* -->確定這兩個包安裝了。
cryus-sasl-plain.*
# rpm -ql cyrus-sasl-devel -->查看sasl安裝位置
/usr/include/sasl
/usr/lib64/libsasl2.a
/usr/lib64/libsasl2.so
/usr/lib/libsasl2.a
/usr/lib/libsasl2.so
......省略
#cd /usr/lib64/sas12
#ls
libanonymous.la liblogin.so.2 libsasldb.la
libanonymous.so liblogin.so.2.0.22 libsasldb.so
libanonymous.so.2 libplain.la libsasldb.so.2
libanonymous.so.2.0.22 libplain.so libsasldb.so.2.0.22
liblogin.la libplain.so.2
liblogin.so libplain.so.2.0.22
4)解壓安裝postfix-2.9.6.tar.gz
#tar -zxvf postfix-2.9.6.tar.gz
#cd postfix-2.9.6
#make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DUSE_TLS ' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib64/sasl2 -lsasl2 -lssl -lcrypto'
#make
#make install
按照以下的提示輸入相關的路徑([]號中的是缺省值,”]”後的是輸入值,省略的表示採用默認值)
install_root: [/] /
tempdir: [/root/postfix-2.9.6]
config_directory: [/etc/postfix]
command_directory: [/usr/sbin]
daemon_directory: [/usr/libexec/postfix]
data_directory: [/var/lib/postfix]
html_directory: [no]
mail_owner: [postfix]
mailq_path: [/usr/bin/mailq]
manpage_directory: [/usr/local/man]
newaliases_path: [/usr/bin/newaliases]
queue_directory: [/var/spool/postfix]
readme_directory: [no]
sendmail_path: [/usr/sbin/sendmail]
setgid_group: [postdrop]
爲postfix提供SysV服務腳本/etc/init.d/postfix,內容如下(#END 之前):
爲postfix提供SysV服務腳本/etc/init.d/postfix,內容如下(#END 之前):
vim /etc/init.d/postfix
#!/bin/bash
#
# postfix Postfix Mail Transfer Agent
#
# chkconfig: 2345 80 30
# description: Postfix is a Mail Transport Agent, which is the program \
# that moves mail from one machine to another.
# processname: master
# pidfile: /var/spool/postfix/pid/master.pid
# config: /etc/postfix/main.cf
# config: /etc/postfix/master.cf
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ $NETWORKING = "no" ] && exit 3
[ -x /usr/sbin/postfix ] || exit 4
[ -d /etc/postfix ] || exit 5
[ -d /var/spool/postfix ] || exit 6
RETVAL=0
prog="postfix"
start() {
# Start daemons.
echo -n $"Starting postfix: "
/usr/bin/newaliases >/dev/null 2>&1
/usr/sbin/postfix start 2>/dev/null 1>&2 && success || failure $"$prog start"
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/postfix
echo
return $RETVAL
}
stop() {
# Stop daemons.
echo -n $"Shutting down postfix: "
/usr/sbin/postfix stop 2>/dev/null 1>&2 && success || failure $"$prog stop"
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/postfix
echo
return $RETVAL
}
reload() {
echo -n $"Reloading postfix: "
/usr/sbin/postfix reload 2>/dev/null 1>&2 && success || failure $"$prog reload"
RETVAL=$?
echo
return $RETVAL
}
abort() {
/usr/sbin/postfix abort 2>/dev/null 1>&2 && success || failure $"$prog abort"
return $?
}
flush() {
/usr/sbin/postfix flush 2>/dev/null 1>&2 && success || failure $"$prog flush"
return $?
}
check() {
/usr/sbin/postfix check 2>/dev/null 1>&2 && success || failure $"$prog check"
return $?
}
restart() {
stop
start
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
reload)
reload
;;
abort)
abort
;;
flush)
flush
;;
check)
check
;;
status)
status master
;;
condrestart)
[ -f /var/lock/subsys/postfix ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|restart|reload|abort|flush|check|status|condrestart}"
exit 1
esac
exit $?
# END
#chmod +x /etc/init.d/postfix
#chkconfig --add postfix
#chkconfig --list postfix
生成別名二進制文件:
# newaliases
確保在/etc/下有aliases.db文件
#ls /etc/aliases.db
編輯main.cf
#vim /etc/postfix/main.cf
myhostname = mail.zengx.com
mydomain = zengx.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname,localhost.$mydomain,localhost,$mydomain,ns.$mydomain
mynetworks = 192.168.3.0/24,127.0.0.0/8
:wq 保存退出
#service postfix start //啓動postfix
#tail /var/log/maillog //查看postfix啓動過程初始化信息
Nov 30 14:22:42 localhost postfix/postfix-script[7568]: starting the Postfix mail system
Nov 30 14:22:42 localhost postfix/master[7569]: daemon started -- version 2.9.6, configuration /etc/postfix
#netstat -tnlp //查看25號端口是否監聽
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 7569/master
5)測試
/*添加兩個用戶*/
#useradd openstack
#useradd hadoop
# telnet mail.zengx.com 25
Trying 192.168.3.3...
Connected to mail.zengx.com (192.168.3.3).
Escape character is '^]'.
220 mail.zengx.com ESMTP Postfix
ehlo mail.zengx.com
250-mail.zengx.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Subject:hello
hello
.
250 2.0.0 Ok: queued as BBD711A1002B
quit
221 2.0.0 Bye
# tail /var/log/maillog
localhost postfix/qmgr[7571]: BBD711A1002B: from=<[email protected]>, size=325, nrcpt=1 (queue active)
localhost postfix/local[7853]: BBD711A1002B: to=<[email protected]>, relay=local, delay=58, delays=58/0/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
localhost postfix/qmgr[7571]: BBD711A1002B: removed
localhost postfix/smtpd[7842]: disconnect from mail.zengx.com[192.168.3.3]
下面使用WindowsXP測試:
Outlook來給openstack發一封郵件:
opstack用戶查看是否收到郵件:
[openstack@mail ~]$ mail
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/openstack": 2 messages 1 new 2 unread
U 1 [email protected] Mon Nov 30 15:44 45/1534 "TEST"
>N 2 [email protected] Mon Nov 30 15:50 44/1586 "TEST Hello"
&
四、安裝dovecot
1、rpm包來安裝dovecot
#yum install dovecot
2、編輯/etc/dovecot.conf文件
#vim /etc/dovecot.conf
protocols = pop3 //改成支持pop3協議
3、啓動dovecot
#service dovecot start
#chkconfig dovecot on
#netstat -tnlp
tcp 0 0 :::110 :::* LISTEN 8116/dovecot
4、測試是否可以接收郵件
# telnet mail.zengx.com 110
Trying 192.168.3.3...
Connected to mail.zengx.com (192.168.3.3).
Escape character is '^]'.
+OK Dovecot ready.
USER openstack //用戶名
+OK
PASS openstack //密碼
+OK Logged in.
LIST
+OK 1 messages:
1 1517
.
mutt命令:字符界面收發郵件
mutt -f PROTOCOL://[email protected]@172.16.100.1
mutt -f pop://[email protected]
五、啓用SASL
1、編輯saslauthd
#vim /etc/sysconfig/saslauthd
MECH=shadow
:wq 保存退出
2、啓動saslauthd
#service saslauthd start
#chkconfig saslauthd on
# testsaslauthd -uhadoop -phadoop
0: OK "Success."
3、編輯smtpd.conf
# vim /usr/lib64/sasl2/smtpd.conf
log_level:3 //測試時候可以打開,方便排查錯誤。
pwcheck_method:saslauthd
memch_list:PLAIN LOGIN
:wq 保存退出
#service saslauthd restart //重啓saslauthd
4、編輯postfix配置文件
#vim /etc/postfix/main.cf //修改和添加以下內容
mynetworks = 127.0.0.0/8
############################CYRUS-SASL############################
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_path = smtpd
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!
# service postfix restart //重啓postfix
5、測試
客戶端的Windows XP:192.168.3.4
使用Outlook給openstack發郵件:
點擊“發送”,提示如下錯誤:
解決方法:客戶端打開身份驗證才能發送,如下圖:
再點擊發送全部郵件:
[root@mail ~]# tail /var/log/maillog
Nov 30 20:40:46 mail postfix/smtpd[4783]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Nov 30 20:40:46 mail postfix/smtpd[4783]: connect from unknown[192.168.3.4]
Nov 30 20:40:46 mail postfix/smtpd[4783]: 1BC691A10035: client=unknown[192.168.3.4], sasl_method=LOGIN, [email protected]
Nov 30 20:40:46 mail postfix/cleanup[4787]: 1BC691A10035: message-id=<D35D7372E2E54C319645CED292B51968@zx5e0f057a8636>
Nov 30 20:40:46 mail postfix/qmgr[4715]: 1BC691A10035: from=<[email protected]>, size=1417, nrcpt=1 (queue active)
Nov 30 20:40:46 mail postfix/smtpd[4783]: disconnect from unknown[192.168.3.4]
Nov 30 20:40:46 mail postfix/local[4789]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Nov 30 20:40:46 mail postfix/local[4789]: 1BC691A10035: to=<[email protected]>, relay=local, delay=0.16, delays=0.06/0.01/0/0.08, dsn=2.0.0, status=sent (delivered to mailbox)
Nov 30 20:40:46 mail postfix/qmgr[4715]: 1BC691A10035: removed
以上完成Postfix +dovecot + SASL。
六、安裝Courier authentication library
1、courier簡介
courier-authlib是Courier組件中的認證庫,它是courier組件中一個獨立的子項目,用於爲Courier的其它組件提供認證服務。其認證功能通常包括驗正登錄時的帳號和密碼、獲取一個帳號相關的家目錄或郵件目錄等信息、改變帳號的密碼等。而其認證的實現方式也包括基於PAM通過/etc/passwd和/etc/shadow進行認證,基於GDBM或DB進行認證,基於LDAP/MySQL/PostgreSQL進行認證等。因此,courier-authlib也常用來與courier之外的其它郵件組件(如postfix)整合爲其提供認證服務。
備註:在RHEL5上要使用0.64.0及之前的版本,否則,可能會由於sqlite版本過低問題導致configure檢查無法通過或編譯無法進行。
2、安裝
接下來開始編譯安裝
#yum list all | grep ltdl //確認是否安裝,否則安裝
#yum install libtool-ltdl libtool-ltdl-devel //安裝ltdl
#yum install expect //這個也需要安裝好
# tar jxvf courier-authlib-0.64.0.tar.bz2
# cd courier-authlib-0.64.0
#./configure \
--prefix=/usr/local/courier-authlib \
--sysconfdir=/etc \
--without-authpam \
--without-authshadow \
--without-authvchkpw \
--without-authpgsql \
--with-sqlite-libs=/usr/lib64 \
--with-sqlite-includes=/usr/include \
--with-authmysql \
--with-mysql-libs=/usr/lib64/mysql \
--with-mysql-includes=/usr/include/mysql \
--with-redhat \ -->不是紅帽系統,這個就不需要。
--with-authmysqlrc=/etc/authmysqlrc \
--with-authdaemonrc=/etc/authdaemonrc \
--with-mailuser=postfix \
--with-mailgroup=postfix \
--with-ltdl-lib=/usr/lib64 \
--with-ltdl-include=/usr/include
#make
#make install
備註:可以使用--with-authdaemonver=/var/spool/authdaemon選項指定進程套接字目錄路徑。
# chmod 755 /usr/local/courier-authlib/var/spool/authdaemon
# cp /etc/authdaemonrc.dist /etc/authdaemonrc
# cp /etc/authmysqlrc.dist /etc/authmysqlrc
修改/etc/authdaemonrc 文件
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=10
DEBUG_LOGIN=2 //調試時候,打開這個選項。
3、配置其通過mysql進行郵件帳號認證
編輯/etc/authmysqlrc 爲以下內容,其中2525,2525 爲postfix 用戶的UID和GID。
MYSQL_SERVER localhost
MYSQL_PORT 3306 (指定你的mysql監聽的端口,這裏使用默認的3306)
MYSQL_USERNAME extmail (這時爲後文要用的數據庫的所有者的用戶名)
MYSQL_PASSWORD extmail (密碼)
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD '2525'
MYSQL_GID_FIELD '2525'
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD concat('/var/mailbox/',homedir)
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD concat('/var/mailbox/',maildir)
4、提供SysV服務腳本
# cd courier-authlib-0.64.0
# cp courier-authlib.sysvinit /etc/rc.d/init.d/courier-authlib
# chmod 755 /etc/init.d/courier-authlib
# chkconfig --add courier-authlib
# chkconfig --level 2345 courier-authlib on
# echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf.d/courier-authlib.conf
# ldconfig -v
# service courier-authlib start (啓動服務)
Starting Courier authentication services: authdaemond
#ps aux | grep auth
5、配置postfix和courier-authlib
新建虛擬用戶郵箱所在的目錄,並將其權限賦予postfix用戶:
#mkdir -pv /var/mailbox
#chown -R postfix /var/mailbox
接下來重新配置SMTP 認證,編輯 /usr/lib64/sasl2/smtpd.conf ,確保其爲以下內容:
pwcheck_method: authdaemond
log_level: 3
mech_list:PLAIN LOGIN
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket
七、讓postfix支持虛擬域和虛擬用戶
1、編輯/etc/postfix/main.cf,添加如下內容:
########################Virtual Mailbox Settings########################
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
virtual_transport = virtual
##########################QUOTA Settings########################
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
#postconf -n //檢查配置文件
注意:這個時候不能啓動postfix服務!!!
2、安裝httpd
#yum install httpd
3、使用extman源碼目錄下docs目錄中的extmail.sql和init.sql建立數據庫:
# tar zxvf extman-1.1.tar.gz
# cd extman-1.1/docs
# mysql -u root -p < extmail.sql
# mysql -u root -p <init.sql
# cp mysql* /etc/postfix/
3、授予用戶extmail訪問extmail數據庫的權限
mysql> GRANT all privileges on extmail.* TO extmail@localhost IDENTIFIED BY 'extmail';
mysql> GRANT all privileges on extmail.* TO [email protected] IDENTIFIED BY 'extmail';
4、編輯main.cf -->註釋下面的內容
#myhostname = mail.zengx.com
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,ns.$mydomain
#mydomain = zengx.com
#myorigin = $mydomain
#service postfix restart //啓動postfix服務
[root@mail ~]# telnet 192.168.3.3 25 //測試是否可以認證
Trying 192.168.3.3...
Connected to mail.zengx.com (192.168.3.3).
Escape character is '^]'.
220 Welcome to our mail.zengx.com ESMTP,Warning: Version not Available!
EHLO mail.zengx.com
250-mail.zengx.com
250-PIPELINING
250-SIZE 14336000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
554 5.7.1 <[email protected]>: Relay access denied
說明:啓用虛擬域以後,需要取消中心域,即註釋掉myhostname, mydestination, mydomain, myorigin幾個指令;當然,你也可以把mydestionation的值改爲你自己需要的。
2、對於MySQL-5.1以後版本,其中的服務腳本extmail.sql執行會有語法錯誤:可先使用如下命令修改extmail.sql配置文件,然而再執行,修改方法如下:
#sed -i 's@TYPE=MyISAM@ENGINE=InnoDB@g' extmail.sql
八、配置dovecot
# vi /etc/dovecot.conf
mail_location = maildir:/var/mailbox/%d/%n/Maildir
修改以下內容:
auth default {
mechanisms = plain
passdb sql { -->去掉前面的註釋“#”號,添加下面內容
args = /etc/dovecot-mysql.conf
}
userdb sql { -->去掉前面的註釋“#”號,添加下面內容
args = /etc/dovecot-mysql.conf
}
註釋以下內容:
#userdb passwd {
...............
}
#userdb passwd {
..........
#}
:wq保存退出
# vim /etc/dovecot-mysql.conf
driver = mysql
connect = host=localhost dbname=extmail user=extmail password=extmail
default_pass_scheme = CRYPT
password_query = SELECT username AS user,password AS password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, uidnumber AS uid, gidnumber AS gid FROM mailbox WHERE username = '%u'
說明:如果mysql服務器是本地主機,即host=localhost時,如果mysql.sock文件不是默認的/var/lib/mysql/mysql.sock,可以使用host=“sock文件的路徑”來指定新位置;例如:使用通用二進制安裝MySQL,其sock文件位置爲/tmp/mysql.sock,相應地,connect應按如下方式定義:
connect = host=/tmp/mysql.sock dbname=extmail user=extmail password=extmail
接下來啓動dovecot服務:
# service dovecot start
# chkconfig dovecot on
九、安裝Extmail-1.2
說明:如果extmail的放置路徑做了修改,那麼配置文件webmail.cf中的/var/www路徑必須修改爲你所需要的位置。本文使用了默認的/var/www,所以,以下示例中並沒有包含路徑修改的相關內容。
1、安裝
# mkdir -pv /var/www/extsuite
# tar zxvf extmail-1.2.tar.gz
# mv extmail-1.2 /var/www/extsuite/extmail
#cd /var/www/extsuite/extmail
#cp webmail.cf.default webmail.cf
2、修改主配置文件
#vi /var/www/extsuite/extmail/webmail.cf
部分修改選項的說明:
SYS_MESSAGE_SIZE_LIMIT = 5242880
用戶可以發送的最大郵件
SYS_USER_LANG = en_US
語言選項,可改作:
SYS_USER_LANG = zh_CN
SYS_MAILDIR_BASE = /home/domains
此處即爲您在前文所設置的用戶郵件的存放目錄,可改作:
SYS_MAILDIR_BASE = /var/mailbox
SYS_MYSQL_USER = db_user
SYS_MYSQL_PASS = db_pass
以上兩句句用來設置連接數據庫服務器所使用用戶名、密碼和郵件服務器用到的數據庫,這裏修改爲:
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
SYS_MYSQL_HOST = localhost
指明數據庫服務器主機名,這裏默認即可
SYS_MYSQL_TABLE = mailbox
SYS_MYSQL_ATTR_USERNAME = username
SYS_MYSQL_ATTR_DOMAIN = domain
SYS_MYSQL_ATTR_PASSWD = password
以上用來指定驗正用戶登錄裏所用到的表,以及用戶名、域名和用戶密碼分別對應的表中列的名稱;這裏默認即可
SYS_AUTHLIB_SOCKET = /var/spool/authdaemon/socket
此句用來指明authdaemo socket文件的位置,這裏修改爲:
SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket
3、apache相關配置
由於extmail要進行本地郵件的投遞操作,故必須將運行apache服務器用戶的身份修改爲您的郵件投遞代理的用戶;本例中打開了apache服務器的suexec功能,故使用以下方法來實現虛擬主機運行身份的指定。此例中的MDA爲postfix自帶,因此將指定爲postfix用戶:
#vim /etc/httpd/conf/httpd.conf -->修改如下內容
#DocumentRoot "/var/www/html" //註釋中心主機
添加如下內容:行尾添加
<VirtualHost *:80>
ServerName mail.zengx.com
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
SuexecUserGroup postfix postfix
</VirtualHost>
:wq 保存退出
#httpd -t -->檢查語法
修改 cgi執行文件屬主爲apache運行身份用戶:
# chown -R postfix.postfix /var/www/extsuite/extmail/cgi/
注意:
如果您沒有打開apache服務器的suexec功能,也可以使用以下方法解決:
# vim /etc/httpd/httpd.conf
User postfix
Group postfix
<VirtualHost *:80>
ServerName mail.zengx.com
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
</VirtualHost>
#service httpd start //啓動httpd服務
測試:打開瀏覽器輸入:http://192.168.3.3/extmail
出現如下提示如下信息:
Unix::Syslog not found, please install it first! (in cleanup) Undefined subroutine &Ext::Logger::do_closelog called at /var/www/extsuite/extmail/libs/Ext/Logger.pm line 86.
解決方法如下第4步:
4、依賴關係的解決
extmail將會用到perl的Unix::syslogd功能,您可以去http://search.cpan.org搜索下載原碼包進行安裝。
# tar zxvf Unix-Syslog-0.100.tar.gz
# cd Unix-Syslog-0.100
# perl Makefile.PL
# make
# make install
再次打開瀏覽器輸入:http://192.168.3.3/extmail,出現如下信息:
5、設置apache開機自動啓動
# chkconfig httpd on
十、安裝Extman-1.1
1、安裝及基本配置
# tar zxvf extman-1.1.tar.gz # mv extman-1.1 /var/www/extsuite/extman 修改配置文件以符合本例的需要: # cp /var/www/extsuite/extman/webman.cf.default /var/www/extsuite/extman/webman.cf # vi /var/www/extsuite/extman/webman.cf SYS_MAILDIR_BASE = /home/domains 此處即爲您在前文所設置的用戶郵件的存放目錄,可改作: SYS_MAILDIR_BASE = /var/mailbox SYS_DEFAULT_UID = 1000 SYS_DEFAULT_GID = 1000 此兩處後面設定的ID號需更改爲前而創建的postfix用戶和postfix組的id號,本文使用的是2525,因此,上述兩項需要修改爲: SYS_DEFAULT_UID = 2525 SYS_DEFAULT_GID = 2525 修改 SYS_CAPTCHA_ON = 1 爲 SYS_CAPTCHA_ON = 0 SYS_MYSQL_USER = webman SYS_MYSQL_PASS = webman 修改爲: SYS_MYSQL_USER = extmail SYS_MYSQL_PASS = extmail 如果SYS_MYSQL_USER沒有使用extmail,而使用默認的webman,需要登錄mysql,授權webman權限。操作如下: 這裏使用默認的webman,所以創建webman用戶,如下操作: #mysql -uroot -p mysql>GRANT ALL PRIVILEGES ON extmail.* TO webman@localhost IDENTIFIED BY 'webman'; mysql>GRANT ALL PRIVILEGES ON extmail.* TO [email protected] IDENTIFIED BY 'webman'; mysql>FLUSH PRIVILEGES;
而後修改cgi目錄的屬主:
# chown -R postfix.postfix /var/www/extsuite/extman/cgi/
在apache的主配置文件中Extmail的虛擬主機部分,添加如下兩行:
#vim /etc/httpd/conf/httpd.conf <VirtualHost *:80> ........... ........... 省略 ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi Alias /extman /var/www/extsuite/extman/html </VirtualHost>
創建其運行時所需的臨時目錄,並修改其相應的權限:
#mkdir -pv /tmp/extman #chown postfix.postfix /tmp/extman #service httpd restart
好了,到此爲止,重新啓動apache服務器後,您的Webmail和Extman已經可以使用了,可以在瀏覽器中輸入指定的虛擬主機的名稱進行訪問,如下:
http://172.16.100.1/extmail 出現如下示圖:
選擇登錄郵箱管理:點擊“登錄”
跳轉到:如下頁面
http://172.16.100.1/extman 出現如下示圖:
選擇管理即可登入extman進行後臺管理了。默認管理帳號爲:[email protected] 密碼爲:extmail*123* 出現如下頁面:
說明:
(1) 如果您安裝後無法正常顯示校驗碼,安裝perl-GD模塊會解決這個問題。如果想簡單,您可以到以下地址下載適合您的平臺的rpm包,安裝即可: http://dries.ulyssis.org/rpm/packages/perl-GD/info.html
(2) extman-1.1自帶了圖形化顯示日誌的功能;此功能需要rrdtool的支持,您需要安裝此些模塊纔可能正常顯示圖形日誌。
下面我們來添加一個域:
下面來註冊郵箱,操作步驟如下:
出現如下頁面:
在註冊一個郵箱賬號,測試兩個賬號之間是否可以收發郵件,詳細操作在這裏略過!!
#########################################################################
下面我們來測試一下是否可以給外網郵箱發郵件嗎?:
登錄到126郵箱查看是否收到郵件:顯示收到了tom發過來的郵件,
十一、實現SSL會話加密機制配置如下:
1、生成私鑰
#cd /etc/pki/CA/ #(umask 077;openssl genrsa -out private/cakey.pem 2048) Generating RSA private key, 2048 bit long modulus .......................+++ ..................+++ e is 65537 (0x10001) #ls private //確認文件是否生成 cakey.pem
2、生成自簽證書
#openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3656 Country Name (2 letter code) [GB]:CN State or Province Name (full name) [Berkshire]:beijing Locality Name (eg, city) [Newbury]:fengtai Organization Name (eg, company) [My Company Ltd]:Zengx Organizational Unit Name (eg, section) []:Tech Common Name (eg, your name or your server's hostname) []:ca.zengx.com Email Address []:[email protected] 編輯openssl.cnf文件 #vim /etc/pki/tls/openssl.cnf 把 dir =../../CA 修改爲: dir =/etc/pki/CA
3、給dovecot生成私鑰
#mkdir /etc/dovecot/ssl -pv #cd /etc/dovecot/ssl #(umask 077;openssl genrsa 1024 > dovecot.key) -->生成私鑰 #openssl req -new -key dovecot.key -out dovecot.csr -->生成證書籤署請求 Country Name (2 letter code) [GB]:CN State or Province Name (full name) [Berkshire]:beijing Locality Name (eg, city) [Newbury]:fengtai Organization Name (eg, company) [My Company Ltd]:Zengx Organizational Unit Name (eg, section) []:Tech Common Name (eg, your name or your server's hostname) []:mail.zengx.com Email Address []:[email protected] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
簽署證書:
#cd /etc/pki/CA #mkdir certs newcerts crl #touch index.txt #echo 01 > serial #cd /etc/dovecot/ssl/ #openssl ca -in dovecot.csr -out dovecot.crt -days 3656 Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Dec 3 05:14:06 2015 GMT Not After : Dec 6 05:14:06 2025 GMT Subject: countryName = CN stateOrProvinceName = beijing organizationName = Zengx organizationalUnitName = Tech commonName = mail.zengx.com emailAddress = [email protected] X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 62:28:07:AA:FA:44:45:1E:31:CD:DE:4F:1F:8D:AB:C9:4F:0F:52:BB X509v3 Authority Key Identifier: keyid:9E:07:93:EA:CD:3E:F0:3A:DF:9A:84:18:87:61:78:F9:08:87:3D:37 Certificate is to be certified until Dec 6 05:14:06 2025 GMT (3656 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated
修改dovecot.conf配置文件:
#vim /etc/dovecot.conf protocols = pop3 pop3s ssl_disable = no ssl_cert_file = /etc/dovecot/ssl/dovecot.crt ssl_key_file = /etc/dovecot/ssl/dovecot.key :wq 保存退出 #service dovecot restart //重啓服務 #netstat -tnlp //查看端口是否被監聽了 tcp 0 0 :::995 :::* LISTEN 5620/dovecot tcp 0 0 :::110 :::* LISTEN 5620/dovecot
測試:
#openssl s_client -connect mail.zengx.com:995 Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 84B3ED780437136624195FA74EF84858DD5DD523153B2790B27769A0633CA6A4 Session-ID-ctx: Master-Key: 2C97D2DE1C19F02A327B0D119B13F8851F4792E3C3FDB42A03D3A4C98C9723820235E753BAFBEBCD28F95879686C9A73 Key-Arg : None Krb5 Principal: None Start Time: 1449120852 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- +OK Dovecot ready. USER [email protected] PASS hadoop LIST