八、配置SASL
1、建立smtpd.conf文件
# vi /usr/local/lib/sasl2/smtpd.conf
内容如下:
pwcheck_method:authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path:/usr/local/var/spool/authdaemon/socket
2、建立相关用户和组:
# groupadd -g 1000 vgroup
# useradd -u 1000 -g vgroup -s /bin/false vuser
# mkdir /var/spool/authdaemon/
# chown -R vuser:vgroup /var/spool/authdaemon
# chmod -R 755 /var/spool/authdaemon
3、修改main.cf文件
在/etc/postfix/main.cf中添加以下内容:
# smtpd related config
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
# SMTP AUTH config here
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
# postfix stop/start(postfix reload) //重启postfix
4、常见错误解决:
日志报错1:fatal: unsupported dictionary type: mysql
表示不支持mysql,在编译postfix时要加参数-DHAS_MYSQL
日志报错2:
mail postfix/smtpd[7291]: [ID 947731 mail.warning] warning: xsasl_cyrus_server_get_mechanism_list: no applicable SASL mechanisms
Feb 21 23:14:29 mail postfix/smtpd[7291]: [ID 947731 mail.crit] fatal: no SASL authentication mechanisms
Feb 21 23:14:30 mail postfix/postfix-script: [ID 197553 mail.info] stopping the Postfix mail system
Feb 21 23:14:30 mail postfix/master[7280]: [ID 197553 mail.info] terminating on signal 15
解决方法:
# ln -s /usr/local/lib/sasl2 /usr/lib/sasl2
测试SASL验证:
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.extmail.org ESMTP Postfix - by extmail.org
ehlo localhost
250-mail.extmail.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
出现上面的AUTH LOGIN PLAIN表示验证成功。
九、安装配置courier-authlib和Courier-IMAP
1、下载courier-authlib和courier-imap
http://www.courier-mta.org/?download.php
下载文件:courier-authlib-0.59.1.tar.bz2和courier-imap-4.1.2.tar.bz2
2、解压文件
# bunzip2 courier-authlib-0.59.1.tar.bz2
# tar xvf courier-authlib-0.59.1.tar
安装相关包:gdbm
#gunzip gdbm-1.8.3-sol8-sparc-local.gz
#pkgadd -d gdbm-1.8.3-sol8-sparc-local
//出现Installation of <SMCgdbm> was successful.表安装完成。
3、安装及配置:
# cd courier-authlib-0.59.1
# ./configure --with-mysql-libs=/usr/local/mysql/lib/mysql --with-mysql-includes=/usr/local/mysql/include/mysql --with-mailuser=vuser --with-mailgroup=vgroup --with-authmysql --with-authmysql=yes --with-authchangepwdir
# make && make install
# make install-configure
查看是否有以下配置文件(文件名相同,一个扩展名为dist,一个为无扩展名)
# ls /usr/local/etc/authlib/
authProg authdaemonrc.dist authmysqlrc authdaemonrc authldaprc authldaprc.dist authmysqlrc.dist
修改文件/usr/local/etc/authlib/authdaemonrc
找到其中两行,改成以下:
authmodulelist="authmysql"
authmodulelistorig="authmysql"
编辑/usr/local/etc/authlib/authmysqlrc文件,内容为:
MYSQL_SERVER localhost
MYSQL_USERNAME extmail
MYSQL_PASSWORD extmail
MYSQL_SOCKET /tmp/mysql.sock
MYSQL_PORT 3306
MYSQL_OPT 0
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD uidnumber
MYSQL_GID_FIELD gidnumber
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD homedir
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD maildir
MYSQL_QUOTA_FIELD quota
MYSQL_SELECT_CLAUSE SELECT username,password,"",uidnumber,gidnumber,\
CONCAT('/home/domains/',homedir), \
CONCAT('/home/domains/',maildir), \
quota, \
name \
FROM mailbox \
WHERE username = '$(local_part)@$(domain)'
设置该文档的相关权限:
# chmod 660 /usr/local/etc/authlib/authmysqlrc
# chown vuser:vgroup /usr/local/etc/authlib/authmysqlrc
# chown vuser:vgroup /usr/local/etc/authlib/authldaprc
4、设置启动
拷贝启动文件
# cp /var/tmp/courier-authlib-0.59.1/courier-authlib.sysvinit /etc/init.d/courier-authlib
# chmod 755 /etc/init.d/courier-authlib
启动courier-authlib:
# /etc/init.d/courier-authlib start
Starting Courier authentication services: authdaemond //启动完毕;
5、常见错误解决:
错误1:touch: /var/lock/subsys/courier-authlib cannot create.
解决:建立目录
# mkdir /var/lock
# mkdir /var/lock/subsys
错误2:
#authtest -s login test@test.com //建议这一步测试要等imap/maildrop配置完后再做,否则出错
Authentication FAILED: I/O error
解决:检查文件/usr/local/etc/authlib/authdaemonrc
出错3:mail authdaemond: [ID 702911 mail.debug] authpipe: disabled: failed to stat pipe program /usr/local/etc/authlib/authProg: No such file or directory
解决:
# touch /usr/local/etc/authlib/authProg
6、安装courier-imap
解压:
# bunzip2 courier-imap-4.1.2.tar.bz2
# tar xvf courier-imap-4.1.2.tar
安装:
# cd courier-imap-4.1.2
# ./configure --prefix=/usr/local/courier --enable-unicode=utf-8,iso-8859-1,gb2312 --with-mysql-libs=/usr/local/mysql/lib/mysql -with-mysql-includes=/usr/local/mysql/include/mysql --with-authmysql=yes --with-authchangepwdir --disable-root-check --with-trashquota --with-dirsync --with-db=gdbm --with-waitfunc=wait3
# make && make install
# make install-configure
安装路径:/usr/local/courier
7、配置Courier-IMAP
主要通过Courier-IMAP,为用户提供pop3服务:
# vi /usr/local/courier/etc/pop3d
将其中一行改为如下:
POP3DSTART=yes
8、设置启动
# cp /export/home/ftp/courier-imap-4.1.2/courier-imap.sysvinit /etc/init.d/courier-imap
# chmod 744 /etc/init.d/courier-imap
# /etc/init.d/courier-imap start
Starting Courier-IMAP server: pop3
测试是否启动:
# lsof -i:110 //出现以下相关信息,表示启动成功
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
couriertc 23048 root 3u IPv6 0x300023ed9d8 0t0 TCP *:pop3 (LISTEN)
couriertc 23048 root 5u IPv4 0x300015056d0 0t0 TCP *:pop3 (LISTEN)
常见出错1:
Feb 23 07:37:49 mail pop3d: [ID 702911 mail.info] ld.so.1: couriertcpd: fatal: libgdbm.so.3: open failed: No such file or directory
ld.so.1: couriertcpd: fatal: libgdbm.so.3: open failed: No such file or directory
解决:
# ln -s /usr/local/lib/libgdbm.so.3 /usr/lib/libgdbm.so.3
9、设置Courier-authlib和Courier-imap的开机自动启动
# ln -s /etc/init.d/courier-authlib /etc/rc3.d/S51authlib
# ln -s /etc/init.d/courier-authlib /etc/rc0.d/K15authlib
# ln -s /etc/init.d/courier-authlib /etc/rc1.d/K15authlib
# ln -s /etc/init.d/courier-authlib /etc/rc2.d/K15authlib
# ln -s /etc/init.d/courier-imap /etc/rc3.d/S51imap
# ln -s /etc/init.d/courier-imap /etc/rc0.d/K51imap
# ln -s /etc/init.d/courier-imap /etc/rc1.d/K51imap
# ln -s /etc/init.d/courier-imap /etc/rc2.d/K51imap
