Chinaunix首页 | 论坛 | 博客

惜时之之之的ChinaUnix博客xishi.blog.chinaunix.net

首页 |  博文目录 |  关于我

惜时之之之

  • 博客访问: 147396
  • 博文数量: 52
  • 博客积分: 1447
  • 博客等级: 上尉
  • 技术积分: 505
  • 用 户 组: 普通用户
  • 注册时间: 2011-02-15 15:09
文章分类

全部博文(52)

文章存档

2012年(1)

2011年(51)

我的朋友
最近访客
推荐博文
相关博文
ubuntu下extmail安装说明_lnmp_fcgi +sasl+courier

分类: LINUX

2011-08-15 13:04:54

##架构四(extmail版):Postfix+Courier-IMAP/POP3+courier-authdaemon+Cyrus-SASL+MySQL+extmail+extman完全指南。
建议先了解架构:
四架构详细说明:http://blog.chinaunix.net/space.php?uid=25385953&do=blog&id=2187011

##时区及时间同步设置
#-------------------------------------------------------------------------------
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ntpdate cn.pool.ntp.org && hwclock -w
 
##零、安装mysql
apt-get install mysql-server-5.1 libmysqlclient16-dev
 
##一、建立相关系统用户
#1、新建普通用户
useradd -m -d /home/zhangyq -s /bin/bash zhangyq
passwd zhangyq
usermod -G admin zhangyq
 
#2、重启以新添加的用户(zhangyq)登录后,删除以前gid,uid为1000的用户(ubuntu全新安装的第一个用户的id为1000,而centos的id是500)
userdel -r zyq
 
#3、建立extmail所需要的用户和组(gid,uid为1000的用户,主要是为了方便配置extmail)
groupadd -g 1000 vgroup
useradd -m -g vgroup -u 1000 -d /home/vmail -s /bin/false vuser          #/home/vmail可以根据实际需求改变路径,如(/var/vmail,/data/vmail)
 
##二、安装、配置postfix:
#1、安装postfix:
apt-get install postfix
#eg:     System mail name:mail.jmail.com
 
#2、配置postfix,根据实际需求修改以下参数
cp /etc/postfix/main.cf /etc/postfix/main.cf.default
 
#hostname
postconf -e "mynetworks = 127.0.0.1"
postconf -e "myhostname = mail.jmail.com"
postconf -e "mydestination = $mynetworks $myhostname"
 
#banner
postconf -e "mail_name = mail.jmail.com"
postconf -e "smtpd_banner = ESMTP $mail_name"
 
#response immediately
postconf -e "smtpd_error_sleep_time = 0s"
 
#Message and return code control(5M)
postconf -e "message_size_limit = 5242880"
postconf -e "mailbox_size_limit = 5242880"
postconf -e "show_user_unknown_table_name = no"
 
#Queue lifetime control
postconf -e "bounce_queue_lifetime = 1d"
postconf -e "maximal_queue_lifetime = 1d"
 
/etc/init.d/postfix restart
netstat -ntlp  #查看25端口
 
##三、安装courier-authlib,用于pop认证
apt-get install courier-authlib courier-authlib-mysql courier-authdaemon
mv /etc/courier/authmysqlrc /etc/courier/authmysqlrc.bak
 
vim /etc/courier/authmysqlrc
# 并将其内容清空,然后增加如下内容:
MYSQL_SERVER            localhost
MYSQL_USERNAME          extmail
MYSQL_PASSWORD          extmail
MYSQL_SOCKET            /var/run/mysqld/mysqld.sock
MYSQL_PORT              0
MYSQL_OPT               0
MYSQL_DATABASE          extmail
MYSQL_USER_TABLE        mailbox
MYSQL_CRYPT_PWFIELD     password
MYSQL_UID_FIELD         uidnumber
MYSQL_GID_FIELD         gidnumber
MYSQL_LOGIN_FIELD       username
MYSQL_HOME_FIELD        homedir
MYSQL_NAME_FIELD        name
MYSQL_MAILDIR_FIELD     maildir
MYSQL_QUOTA_FIELD       quota
MYSQL_SELECT_CLAUSE     SELECT username,password,"",uidnumber,gidnumber,\
                        CONCAT('/home/vmail/',homedir),               \
                        CONCAT('/home/vmail/',maildir),               \
                        quota,                                          \
                        name                                            \
                        FROM mailbox                                    \
                        WHERE username = '$(local_part)@$(domain)'
 
#---------------------------------------------------------------------------
vim /etc/courier/authdaemonrc
#修改如下内容:
DEBUG_LOGIN=2  #调试的时候开启
authmodulelist="authmysql"
authmodulelistorig="authmysql"
 
#启动courier-authlib的daemon
/etc/init.d/courier-authdaemon restart
chmod 755 /var/run/courier/authdaemon  #maildrop及sasl有权限获取用户的信息及密码认证
 
 
##四、安装、配置maildrop
#1、安装maildrop
aptitude install maildrop
maildrop -v | grep Courier   #检测是否支持coure认证,空的话,说明maildrop有问题
#出现:Courier Authentication Library extension enabled.
 
 
#2、修改master.cf
vim /etc/postfix/master.cf
注释掉以前的,添加如下,注意flags前面有两个空格
maildrop   unix        -       n        n        -        -        pipe
  flags=DRhu user=vuser argv=maildrop -w 90 -d ${user}@${nexthop} ${recipient} ${user} ${extension} {nexthop}
 
#3、maildrop只支持每次投递一封邮件,修改main.cf
postconf -e "maildrop_destination_recipient_limit = 1"
#说明:#maildrop_destination_xxx 并不是内建的参数,自然无法用postconf来编辑和显示。但是在main.cf里是有效的(postfix启动时,会正确解析出这个参数的真正含义。)
/etc/init.d/postfix restart
 
##五、安装nginx
apt-get install nginx apache2-utils
cd /etc/nginx && htpasswd -c htpasswd zaza   #用于浏览器登录时后台访问认证
 
vim /etc/nginx/sites-available/nginx.vhost_extmail.conf
#-------------------------------------------------------------------------
server {
        listen       80;
        server_name  mail.jmail.com;
        charset  utf-8;
 
        access_log      /var/log/nginx/mail.jmail.com.access.log ;
        error_log       /var/log/nginx/mail.jmail.com.error.log ;
 
 
        location /extmail/cgi/ {
                fastcgi_pass          127.0.0.1:8888;
                fastcgi_index         index.cgi;
                include fastcgi_params;
        }
 
        location /extmail/ {
             alias  /var/www/extsuite/extmail/html/;
        }
 
       location /extman/cgi/ {
#根据实际情况填写你的IP
        if ($remote_addr !~ (192.168.0.60|123.123.111.111))
                {
                rewrite ^(.*) http://xishi.blog.chinaunix.net? redirect;
                }
                auth_basic      "mail system";
                auth_basic_user_file htpasswd;
                fastcgi_pass          127.0.0.1:8888;
                fastcgi_index         index.cgi;
                include fastcgi_params;
        }
 
        location /extman/ {
                alias /var/www/extsuite/extman/html/;
        }
 
        }
#-------------------------------------------------------------------------
cd /etc/nginx/sites-enabled/ && ln ../sites-available/nginx.vhost_extmail.conf .
/etc/init.d/nginx configtest
/etc/init.d/nginx restart
 
##六、安装、配置extmail,extman
#1、安装extmail,extman
tar xzf extmail-1.1.1.tar.gz     
tar xzf extman-1.1.tar.gz
mkdir -p /var/www/extsuite
mv extmail-1.1.1 /var/www/extsuite/extmail
mv extman-1.1 /var/www/extsuite/extman
cd /var/www/extsuite/extman/libs/Ext && mv Utils.pm ManUtils.pm
#http://my.chinaunix.net/space.php?uid=20653538&do=blog&id=384222
 
#2、安装perl缺失模块
perl -MCPAN -e shell
install Unix::Syslog
推出cpan,继续安装
aptitude install libgd-graph3d-perl libfcgi-perl
cd /var/www/extsuite/extmail;. ./tools/pkg_stats.sh  #查看extmail所需模块是否安装完整
 
#3、extmail配置修改
cd /var/www/extsuite/extmail
cp webmail.cf.default webmail.cf
vim webmail.cf
#-------------------------------------------------------
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
SYS_MYSQL_DB = extmail
SYS_MAILDIR_BASE = /home/vmail
SYS_MYSQL_SOCKET = /var/run/mysqld/mysqld.sock
SYS_AUTHLIB_SOCKET = /var/run/courier/authdaemon/socket
#-------------------------------------------------------
 
#chown -R vuser:vgroup /var/www/extsuite/extmail/cgi/
 
#4、extman配置修改:
cd /var/www/extsuite/extman
cp webman.cf.default webman.cf
vim webman.cf  
#-------------------------------------------------------
SYS_MAILDIR_BASE = /home/vmail
SYS_MYSQL_SOCKET = /var/run/mysqld/mysqld.sock
#-------------------------------------------------------
 
#chown -R vuser:vgroup /var/www/extsuite/extman/cgi/
 
mkdir /tmp/extman
chown -R vuser:vgroup /tmp/extman
 
 
#5、数据库初始化
#导入初始化SQL时,默认的uidnumber/gidnumber都是1000,这和vuser:vgroup 的uid/gid一致。注意核实
mysql -u root -p < /var/www/extsuite/extman/docs/extmail.sql
mysql -u root -p < /var/www/extsuite/extman/docs/init.sql
 
#6、设置虚拟域和虚拟用户的配置文件
cd /var/www/extsuite/extman/docs
cp mysql_virtual_alias_maps.cf /etc/postfix/
cp mysql_virtual_domains_maps.cf /etc/postfix/
cp mysql_virtual_mailbox_maps.cf /etc/postfix/
cp mysql_virtual_sender_maps.cf /etc/postfix/
cd /etc/postfix/
#修改以下文件的localhost为127.0.0.1;否则会报错无法正常连接mysql server
vim mysql_virtual_alias_maps.cf
vim mysql_virtual_domains_maps.cf
vim mysql_virtual_mailbox_maps.cf
vim mysql_virtual_sender_maps.cf
#7、修改postfix参数
#增加以下参数:        
postconf -e "virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf"
postconf -e "virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf"
postconf -e "virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf"
postconf -e "virtual_transport = maildrop:"
/etc/init.d/postfix restart
 
#8、修改extman的数据库连接socket
cd /var/www/extsuite/;grep -R mysql.sock ./*
vim ./extman/contrib/passwd2ext.pl
将/var/lib/mysql/mysql.sock修改为/var/run/mysqld/mysqld.sock  
#ExtMan的默认超级管理员帐户:root@extmail.org,初始密码:extmail*123*,登陆成功后,建议将密码修改,以确保安全。
 
#9、配置图形化日志
aptitude install mailgraph
/etc/init.d/mailgraph start
 
#10、启动cmdserver(在后台显示系统信息)
/var/www/extsuite/extman/daemon/cmdserver --daemon
 
#11、加入开机自启动:
echo "/etc/init.d/mailgraph start"  >> /etc/rc.local
echo "/var/www/extsuite/extman/daemon/cmdserver --daemon"  >> /etc/rc.local
 
##七、相关测试
#1、测试authlib
/usr/sbin/authtest -s login postmaster@extmail.org extmail
Authentication succeeded.
 
     Authenticated: postmaster@extmail.org  (uid 1001, gid 1001)
    Home Directory: /home/domains/extmail.org/postmaster
           Maildir: /home/domains/extmail.org/postmaster/Maildir/
             Quota: 104857600S
Encrypted Password: $1$phz1mRrj$3ok6BjeaoJYWDBsEPZb5C0
Cleartext Password: extmail
           Options: (none)
#这样表明ExtMan的正确安装,数据库也正确导入,courier-authlib能正确连接到mysql数据库
 
 
 
#七、安装、配置sasl库,通过sasl的authdaemond.mysql进行数据读取
#1、安装sasl库
#安装Cyrus SASL library, 需要libsasl2软件包。为SASL library添加认证机制, 需要libsasl2-modules软件包。添加MySQL支持SASL library认证机制, 需要libsasl2-modules-sql软件包。创建证书, 需要openssl软件包
apt-get install libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql   ##libpam-mysql pam支持mysql验证的模块
adduser --shell /bin/false postfix sasl
dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd
#postconf -e "smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2"
 
#2、添加pam的子服务
vim /etc/pam.d/smtp
auth    required   pam_mysql.so user=extmail passwd=extmail host=127.0.0.1 db=extmail table=mailbox usercolumn=username passwdcolumn=password crypt=1
account sufficient pam_mysql.so user=extmail passwd=extmail host=127.0.0.1 db=extmail table=mailbox usercolumn=username passwdcolumn=password crypt=1
 
 
#3、开启saslauthd的daemon
vim /etc/default/saslauthd  
START=yes
OPTIONS="OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r""
 
#4、运行saslauthd
/etc/init.d/saslauthd start
 
4、测试saslauthd的pam认证模块是否正常运行
测试saslauthd的mysql模块是否运行正常
#mux为saslauthd的socket,如果socket路径改变了,必须指定socket绝对路径(tail -f /var/log/auth.log 可以查看mux的路径)
testsaslauthd -u postmaster@extmail.org -p extmail -s smtp -f /var/spool/postfix/var/run/saslauthd/mux
0: OK "Success."  #表示pam_mysql验证正常
 
#5、配置smtpd认证
vim /etc/postfix/sasl/smtpd.conf
 
pwcheck_method:saslauthd
mech_list:plain login
allow_plaintext: true
#saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: extmail
sql_password: extmail
sql_database: extmail
log_level:7
sql_select: SELECT password FROM mailbox WHERE username='%u@%r' and domain='%r'
#在smtpd.conf里的这句sql中,%u代表的是username;%r代表的是你的域名,他是读取postfix的主配置文件main.cf中SASL认证字段中参数 "smtpd_sasl_local_domain"的来的。
                     
#6、使smtp支持mysql认证
  #1)、使postfix支持mysql模块
aptitude install postfix-mysql
 
  #2)、增加以下内容
vim /etc/postfix/main.cf
#--------------------------------------------
# smtpd related config
smtpd_recipient_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unauth_destination,
        reject_unauth_pipelining,
        reject_invalid_hostname
 
# SMTP sender login matching config
smtpd_sender_restrictions =
        permit_mynetworks,
        reject_sender_login_mismatch,
        reject_authenticated_sender_login_mismatch,
        reject_unauthenticated_sender_login_mismatch
 
smtpd_sender_login_maps =
        mysql:/etc/postfix/mysql_virtual_sender_maps.cf,
        mysql:/etc/postfix/mysql_virtual_alias_maps.cf
   
# SMTP AUTH config here
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
#--------------------------------------------
/etc/init.d/saslauthd restart
/etc/init.d/postfix restart
 
#3)、测试SMTP认证
#perl -e 'use MIME::Base64; print encode_base64("postmaster\@extmail.org")'
#perl -e 'use MIME::Base64; print encode_base64("extmail")'
telnet localhost 25
ehlo demo.domain.tld
auth login
cG9zdG1hc3RlckBleHRtYWlsLm9yZw==
ZXh0bWFpbA==
#测试一直不通过的话,建议重启机器。重启后再测试,应该能够通过,我的就是一直测试未通过,重启后发现认证成功--!
 
##八、安装courier-pop
#1、安装courier-pop
aptitude install courier-pop
 
##九、重启所有服务
/etc/init.d/nginx restart
/etc/init.d/postfix restart
/etc/init.d/saslauthd restart
/etc/init.d/courier-authdaemon restart
chmod 755 /var/run/courier/authdaemon
/var/www/extsuite/extmail/dispatch-init start
/etc/init.d/mailgraph start
/var/www/extsuite/extman/daemon/cmdserver --daemon
mkdir /tmp/extman
chown -R vuser:vgroup /tmp/extman
#dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd
netstat -ntlp
 
##十、测试
#1、浏览器测试,建议用火狐或则IE,chrome貌似有兼容性的问题,extman的登录出现“校验码不正确,请重新输入”
#ExtMan的默认超级管理员帐户:root@extmail.org,初始密码:extmail*123*,登陆成功后,建议将密码修改,以确保安全。


 
#2、测试pop的认证
#测试POP3,请首先登录extman自行建立zaza@extmail.org用户,密码:123456
telnet localhost 110
user zaza@extmail.org
pass 123456
list
quit

转载请标明出处:http://xishi.blog.chinaunix.net
阅读(2072) | 评论(0) | 转发(0) |
0

上一篇:ubuntu下extmail安装说明_lnmp_fcgi+courier

下一篇:ubuntu下extmail安装说明_lamp_cgi+courier

给主人留下些什么吧!~~
关于我们 | 关于IT168 | 联系方式 | 广告合作 | 法律声明 | 免费注册

Copyright 2001-2010 ChinaUnix.net All Rights Reserved 北京皓辰网域网络信息技术有限公司. 版权所有

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6