基於虛擬賬號的郵件服務器

一.虛擬賬號

顧明思意，在本地賬號庫中並不存在的賬號爲虛擬賬號。在服務器內部會將虛擬賬號映射成爲一個本地賬號在郵件服務器上進行操作。對於用戶來說並沒有任何影響。避免網絡抓包得到賬號密碼。這樣可以提高服務器的安全性。

二.lamp環境

linux+apache+mysql+php 環境大搭建。提供一個web方式訪問。mysql用來存放賬號。並映射使用postfix賬戶進行操作。使用web方式登錄並進行管理。

第一步：安裝lamp環境

Yum  install  httpd php php-mysql mysql mysql-server mysql-devel openssl-devel dovecot perl-DBD-MySQL tcl tcl-devel libart_lgpl libart_lgpl-devel libtool-ltdl  libtool-ltdl-devel expect

第二步：源碼安裝postfix

[root@mail ~]# groupadd -g 2525 postfix

[root@mail ~]# useradd -g postfix -u 2525 -s /sbin/nologin  -M postfix

[root@mail ~]# groupadd -g 2525 postdrop

[root@mail ~]# useradd -g postdrop -u 2525 -s /sbin/nologin  -M postdrop

[root@mail ~]# cd /usr/local/src/postfix-2.8.2/

[root@mail postfix-2.8.2]# make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I /usr/include/sasl  -DUSE_TLS ' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib/sasl2 -lsasl2   -lssl -lcrypto'

[root@mail postfix-2.8.2]# make && make install

tempdir: [/usr/local/src/postfix-2.8.2] /tmp

html_directory: [no] /var/www/postfix_html

生成別名二進制文件，這個步驟如果忽略，會造成postfix效率極低：

[root@mail postfix-2.8.2]# newaliases

[root@mail ~]# service postfix start

Starting postfix:                                          [  OK  ]

[root@mail postfix]# postconf  -a  //查看郵件服務器支持的類型

cyrus

dovecot

第三步：在postfix中添加認證功能

669 ################CYRUS-SASL###################

670 broken_sasl_auth_clients = yes

671 smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_    invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_no    n_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_u    nauth_pipelining,reject_unauth_destination

672 smtpd_sasl_auth_enable = yes  //啓用驗證

673 smtpd_sasl_local_domain = $myhostname

674 smtpd_sasl_security_options = noanonymous  //不允許匿名登錄

675 smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!

[root@mail postfix]# cd /usr/lib/sasl2/     //切換到 sasl 配置模式模式下的

[root@mail postfix]# mv Sendmail.conf smtpd.conf  //直接修改配置文件的名稱

內容如下：

[root@mail sasl2]# vim smtpd.conf

  1 pwcheck_method:saslauthd

  2 mech_list:PLAIN LOGIN

[root@mail sasl2]# service saslauthd   restart

Stopping saslauthd:                                        [  OK  ]

Starting saslauthd:                                         [  OK  ]

[root@mail sasl2]# chkconfig --list saslauthd

saslauthd       0:off 1:off 2:on 3:on 4:on 5:on 6:off

測試驗證方式

[root@mail sasl2]# telnet 127.0.0.1 25

Trying 127.0.0.1...

Connected to localhost (127.0.0.1).

Escape character is '^]'.

220 Welcome to our mail.huawei.com ESMTP,Warning: Version not Available!

EHLO 127.0.0.1

250-mail.huawei.com

250-PIPELINING

250-SIZE 10240000

250-VRFY

250-ETRN

250-AUTH LOGIN PLAIN   //驗證已經生效

250-AUTH=LOGIN PLAIN

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

第四步：安裝認證模塊Courier authentication library

[root@mail ~]# tar -jxvf courier-authlib-0.63.1.20111230.tar.bz2 -C  /usr/local/src/

[root@mail ~]# cd  /usr/local/src/courier-authlib-0.63.1.20111230/

[root@mail courier-authlib-0.63.1.20111230]# ./configure --prefix=/usr/local/courier-authlib --sysconfdir=/etc --with-authmysql --with-mysql-libs=/usr/lib/mysql --with-mysql-includes=/usr/include/mysql --with-redhat --with-authmysqlrc=/etc/authmysqlrc --with-authdaemonrc=/etc/authdaemonrc --with-ltdl-lib=/usr/lib --with-ltdl-include=/usr/include

[root@mail courier-authlib-0.63.1.20111230]# make && make install

chmod 755 /usr/local/courier-authlib/var/spool/authdaemon

[root@mail courier-authlib-0.63.1.20111230]# cp /etc/authdaemonrc.dist /etc/authdaemonrc

[root@mail courier-authlib-0.63.1.20111230]# cp /etc/authmysqlrc.dist /etc/authmysqlrc

[root@mail courier-authlib-0.63.1.20111230]# vim /etc/authdaemonrc //修改如下行

27 authmodulelist="authmysql"

34 authmodulelistorig="authmysql"

53 daemons=10

[root@mail ~]# vim /etc/authmysqlrc  //修改關於數據庫的設置

26 MYSQL_SERVER            localhost

27 MYSQL_USERNAME          extmail

28 MYSQL_PASSWORD          extmial

49 MYSQL_SOCKET            /var/lib/mysql/mysql.sock

56 MYSQL_PORT              3306

68 MYSQL_DATABASE          extmail

83 MYSQL_USER_TABLE        mailbox

92 MYSQL_CRYPT_PWFIELD     password

113 MYSQL_UID_FIELD         2525

119 MYSQL_GID_FIELD         2525

128 MYSQL_LOGIN_FIELD       username

133 MYSQL_HOME_FIELD        concat('/var/mailbox/',homedir)

150 MYSQL_MAILDIR_FIELD     concat('/var/mailbox/',maildir)

[root@mail courier-authlib-0.63.1.20111230]# cp courier-authlib.sysvinit /etc/init.d/courier-authlib

[root@mail courier-authlib-0.63.1.20111230]# chmod 755 /etc/init.d/courier-authlib

[root@mail courier-authlib-0.63.1.20111230]# chkconfig --add  courier-authlib

[root@mail courier-authlib-0.63.1.20111230]# chkconfig   courier-authlib  on

[root@mail courier-authlib-0.63.1.20111230]# chkconfig --list  courier-authlib

courier-authlib 0:off 1:off 2:on 3:on 4:on 5:on 6:off

[root@mail courier-authlib-0.63.1.20111230]# service courier-authlib start

Starting Courier authentication services: authdaemond

[root@mail ~]# echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf.d/courier-authlib.conf

[root@mail ~]# ldconfig -v

/usr/local/courier-authlib/lib/courier-authlib:

libauthmysql.so -> libauthmysql.so.0

libcourierauthsasl.so -> libcourierauthsasl.so.0

libcourierauthcommon.so -> libcourierauthcommon.so.0

libcourierauthsaslclient.so -> libcourierauthsaslclient.so.0

libauthuserdb.so -> libauthuserdb.so.0

libauthcustom.so -> libauthcustom.so.0

libcourierauth.so -> libcourierauth.so.0

libauthpipe.so -> libauthpipe.so.0

libauthpam.so -> libauthpam.so.0

[root@mail ~]# service courier-authlib  restart

Stopping Courier authentication services: authdaemond

Starting Courier authentication services: authdaemond

[root@mail ~]# mkdir  -pv  /var/mailbox

mkdir: created directory `/var/mailbox'

[root@mail ~]# chown -R postfix /var/mailbox

[root@mail ~]# vim /usr/lib/sasl2/smtpd.conf

  1 pwcheck_method: authdaemond

  2 mech_list:PLAIN LOGIN

  3 authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket

第五步：設置postfix支持虛擬賬號

[root@mail ~]# vim /etc/postfix/main.cf

679 #######################Virtual Mailbox Settings########################

680 virtual_mailbox_base = /var/mailbox

681 virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf

682 virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf

684 virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf

685 virtual_uid_maps = static:2525

686 virtual_gid_maps = static:2525

687 virtual_transport = virtual

688 maildrop_destination_recipient_limit = 1

689 maildrop_destination_concurrency_limit = 1

690 ##########################QUOTA Settings########################

691 message_size_limit = 14336000

692 virtual_mailbox_limit = 20971520

693 virtual_create_maildirsize = yes

694 virtual_mailbox_extended = yes

695 virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf

696 virtual_mailbox_limit_override = yes

697 virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please Tidy your mailbox and try aga    in later.

698 virtual_overquota_bounce = yes

第六步：導入extmail的mysql數據庫數據

[root@mail ~]# tar zxvf extman-1.1.tar.gz

[root@mail docs]# cd  extman-1.1

[root@mail docs]# cd docs/

[root@mail docs]# mysql  -u root -p <extmail.sql

Enter password:

[root@mail docs]# mysql  -u root -p &lt;init.sql

Enter password:

[root@mail docs]# cp mysql*  /etc/postfix/

[root@mail docs]# mysql -u root -p

Enter password:

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 6

Server version: 5.0.77 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> show databases;

+--------------------+

| Database           |

+--------------------+

| information_schema |

| extmail            |

| mysql              |

| test               |

+--------------------+

4 rows in set (0.03 sec)

mysql&gt; \q

Bye

[root@mail docs]# mysql -u root -p

Enter password:

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 7

Server version: 5.0.77 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer. //爲本地的extmail賬號登陸指定密碼

mysql&gt; GRANT all privileges on extmail.* TO extmail@localhost IDENTIFIED BY 'extmail ';

Query OK, 0 rows affected (0.00 sec) //爲本地的extmail賬號登陸指定密碼

mysql&gt; GRANT all privileges on extmail.* TO [email protected] IDENTIFIED BY 'extmail ';

Query OK, 0 rows affected (0.00 sec)

mysql&gt; FLUSH PRIVILEGES ; //使得配置生效

Query OK, 0 rows affected (0.00 sec)

mysql&gt; \q

Bye

第七步：將設置postfix使用mysql方式存放信息

vi /etc/dovecot.conf  //修改如下行

211 mail_location = maildir:/var/mailbox/%d/%n/Maildir

禁用如下內容的行

795  # passdb pam {

828   #}

896  # userdb passwd {

903   #}

啓用如下內容的行

869   passdb sql {

871     args = /etc/dovecot-mysql.conf

872   }

930   userdb sql {

932     args = /etc/dovecot-mysql.conf

933   }

[root@mail ~]# vim /etc/dovecot-mysql.conf

  1 driver = mysql

  2 connect = host=localhost dbname=extmail user=extmail password=extmail

  3 default_pass_scheme = CRYPT

  4 password_query = SELECT username AS user,password AS password FROM mailbox

  5 WHERE username = '%u'

  6 user_query = SELECT maildir, uidnumber AS uid, gidnumber AS gid FROM mailbox WH    ERE username = '%u'

[root@mail ~]# vim /etc/postfix/main.cf

410 home_mailbox = Maildir/

[root@mail ~]# service dovecot restart

Stopping Dovecot Imap:                                     [  OK  ]

Starting Dovecot Imap:                                     [  OK  ]

[root@mail docs]# service  postfix restart

Shutting down postfix:                                     [  OK  ]

Starting postfix:                                          [  OK  ]

第八步：安裝 extmail及extman

[root@mail ~]# tar -zxvf extmail-1.2.tar.gz

[root@mail ~]# mkdir -pv /var/www/extsuite

mkdir: created directory `/var/www/extsuite'

[root@mail ~]# mv extman-1.1  /var/www/extsuite/extman

[root@mail ~]# mv extmail-1.2  /var/www/extsuite/extmail

[root@mail extmail]# pwd

/var/www/extsuite/extmail

[root@mail extmail]# cp webmail.cf.default webmail.cf

77 SYS_USER_LANG = zh_CN

127 SYS_MAILDIR_BASE = /var/mailbox

139 SYS_MYSQL_USER = extmail

140 SYS_MYSQL_PASS = extmail

197 SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket

第九步：將extmail ，extman與apache服務器結合起來

[root@mail extmail]# vim /etc/httpd/conf/httpd.conf

231 User postfix

232 Group postfix

992 <VirtualHost 192.168.10.244:80>

993  ServerAdmin  [email protected] 994

994     DocumentRoot      /var/www/extsuite/extmail/html/

995     ScriptAlias /extmail/cgi  /var/www/extsuite/extmail/cgi

996     ServerName www.abc.com

997     Alias  /extmail  /var/www/extsuite/extmail/html

998     ErrorLog logs/huawei-error_log

999     CustomLog logs/huawei-access_log common

1000 </VirtualHost>

[root@mail extmail]# chown  -R postfix.postfix /var/www/extsuite/extmail/cgi/

[root@mail extman]# cp webman.cf.default webman.cf

[root@mail extman]# vim webman.cf

[root@mail extman]# chown  -R postfix.postfix /var/www/extsuite/extman/cgi/

[root@mail extman]# vim /etc/httpd/conf/httpd.conf

992 <VirtualHost 192.168.10.244:80>

993     ServerAdmin  [email protected]

994     DocumentRoot /var/www/extsuite/extmail/html/

995     ScriptAlias /extmail/cgi  /var/www/extsuite/extmail/cgi

996     ServerName www.huawei.com

997     Alias  /extmail  /var/www/extsuite/extmail/html

998     ScriptAlias /extman/cgi   /var/www/extsuite/extman/cgi

999     Alias /extman /var/www/extsuite/extman/html

1000     ErrorLog logs/huawei-error_log

1001     CustomLog logs/huawei-access_log common

1002 </VirtualHost>

[root@mail extmail]# service httpd restart

Stopping httpd:                                            [  OK  ]

Starting httpd:                                            [  OK  ]

第十步：添加一個關於log日誌的補丁

[root@mail ~]# tar zxvf Unix-Syslog-1.1.tar.gz

[root@mail Unix-Syslog-1.1]# perl Makefile.PL

[root@mail Unix-Syslog-1.1]# make

[root@mail Unix-Syslog-1.1]# make install

vim /etc/postfic/main.cf  //禁掉如下行

156 #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

             嗯，韓宇說的對！！！