##架构三:Postfix+Courier-IMAP/POP3+courier-authdaemon+MySQL+extmail+extman完全指南。(注意此方法的postfix须取消chroot环境下才能正常的进行smtp认证)建议先了解架构:
四架构详细说明:http://blog.chinaunix.net/space.php?uid=25385953&do=blog&id=2187011##时区及时间同步设置
#-------------------------------------------------------------------------------
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ntpdate cn.pool.ntp.org && hwclock -w
##零、安装mysql
apt-get install mysql-server-5.1
##一、建立相关系统用户
#1、新建普通用户
useradd -m -d /home/zhangyq -s /bin/bash zhangyq
passwd zhangyq
usermod -G admin zhangyq
#2、重启以新添加的用户(zhangyq)登录后,删除以前gid,uid为1000的用户(ubuntu全新安装的第一个用户的id为1000,而centos的id是500)
userdel -r zyq
#3、建立extmail所需要的用户和组(gid,uid为1000的用户,主要是为了方便配置extmail)
groupadd -g 1000 vgroup
useradd -m -g vgroup -u 1000 -d /home/vmail -s /bin/false vuser #/home/vmail可以根据实际需求改变路径,如(/var/vmail,/data/vmail)
##二、安装postfix:
#1、apt-get install postfix
#2、配置postfix,根据实际需求修改以下参数
cp /etc/postfix/main.cf /etc/postfix/main.cf.default
#hostname
postconf -e "mynetworks = 127.0.0.1"
postconf -e "myhostname = mail.jmail.com"
postconf -e "mydestination = $mynetworks $myhostname"
#banner
postconf -e "mail_name = mail.jmail.com"
postconf -e "smtpd_banner = ESMTP $mail_name"
#response immediately
postconf -e "smtpd_error_sleep_time = 0s"
#Message and return code control
postconf -e "message_size_limit = 5242880"
postconf -e "mailbox_size_limit = 5242880"
postconf -e "show_user_unknown_table_name = no"
#Queue lifetime control
postconf -e "bounce_queue_lifetime = 1d"
postconf -e "maximal_queue_lifetime = 1d"
/etc/init.d/postfix restart
##三、安装courier-authlib,用于pop和smtp的认证
apt-get install courier-authlib courier-authlib-mysql courier-authdaemon
mv /etc/courier/authmysqlrc /etc/courier/authmysqlrc.bak
vim /etc/courier/authmysqlrc
# 并将其内容清空,然后增加如下内容:
MYSQL_SERVER 127.0.0.1
MYSQL_USERNAME extmail
MYSQL_PASSWORD extmail
MYSQL_SOCKET /var/run/mysqld/mysqld.sock
MYSQL_PORT 0
MYSQL_OPT 0
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD uidnumber
MYSQL_GID_FIELD gidnumber
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD homedir
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD maildir
MYSQL_QUOTA_FIELD quota
MYSQL_SELECT_CLAUSE SELECT username,password,"",uidnumber,gidnumber,\
CONCAT('/home/vmail/',homedir), \
CONCAT('/home/vmail/',maildir), \
quota, \
name \
FROM mailbox \
WHERE username = '$(local_part)@$(domain)'
#---------------------------------------------------------------------------
vim /etc/courier/authdaemonrc
#修改如下内容:
DEBUG_LOGIN=2 #调试的时候开启
authmodulelist="authmysql"
authmodulelistorig="authmysql"
#启动courier-authlib的daemon
/etc/init.d/courier-authdaemon restart
chmod 755 /var/run/courier/authdaemon #maildrop及sasl有权限获取用户的信息及密码认证
##四、安装、配置maildrop
#1、安装maildrop
aptitude install maildrop
maildrop -v | grep Courier #检测是否支持coure认证,空的话,说明maildrop有问题
#2、修改master.cf
vim /etc/postfix/master.cf
maildrop unix - n n - - pipe
flags=DRhu user=vuser argv=maildrop -w 90 -d ${user}@${nexthop} ${recipient} ${user} ${extension} {nexthop}
#3、maildrop只支持每次投递一封邮件,修改main.cf
postconf -e "maildrop_destination_recipient_limit = 1"
#说明:#maildrop_destination_xxx 并不是内建的参数,自然无法用postconf来编辑和显示。但是在main.cf里是有效的(postfix启动时,会正确解析出这个参数的真正含义。)
/etc/init.d/postfix restart
##五、安装apache以fcgi方式访问extmail
apt-get install apache2 apache2-suexec #apache2-suexec,实现apache2更改访问用户,即vuser和ugroup访问"/home/vmail"
apt-get install libfcgi-perl libapache2-mod-fastcgi #libfcgi-perl为perl的fcgi模块
cp ./doc/vhost_extmail_fcgi.conf /etc/apache2/sites-available/
ln -s /etc/apache2/sites-available/vhost_extmail_fcgi.conf /etc/apache2/sites-enabled/
rm -f /etc/apache2/sites-enabled/000-default
ln -s /etc/apache2/mods-available/suexec.load /etc/apache2/mods-enabled/
echo "ServerName localhost" >> /etc/apache2/httpd.conf
##六、安装、配置extmail,extman
#1、安装extmail,extman
tar xzf extmail-1.1.1.tar.gz
tar xzf extman-1.1.tar.gz
mkdir -p /var/www/extsuite
mv extmail-1.1.1 /var/www/extsuite/extmail
mv extman-1.1 /var/www/extsuite/extman
cd /var/www/extsuite/extmail;. ./tools/pkg_stats.sh #测试perl的fcgi模块是否安装成功
/var/www/extsuite/extmail/dispatch-init start #启动perl的fcgi进程
netstat -ntlp #端口为127.0.0.1:8888
#2、安装perl缺失模块
cd /var/www/extsuite/extmail;. ./tools/pkg_stats.sh #查看缺失模块
perl -MCPAN -e shell
install Unix::Syslog #安装退出,继续以下的安装
aptitude install libgd-graph3d-perl
#3、extmail配置修改
cd /var/www/extsuite/extmail
cp webmail.cf.default webmail.cf
vim webmail.cf
#-------------------------------------------------------
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
SYS_MYSQL_DB = extmail
SYS_MAILDIR_BASE = /home/vmail
SYS_MYSQL_SOCKET = /var/run/mysqld/mysqld.sock
SYS_AUTHLIB_SOCKET = /var/run/courier/authdaemon/socket
#-------------------------------------------------------
chown -R vuser:vgroup /var/www/extsuite/extmail/cgi/
#4、extman配置修改:
cd /var/www/extsuite/extman
cp webman.cf.default webman.cf
vim webman.cf
#-------------------------------------------------------
SYS_MAILDIR_BASE = /home/vmail
SYS_MYSQL_SOCKET = /var/run/mysqld/mysqld.sock
#-------------------------------------------------------
chown -R vuser:vgroup /var/www/extsuite/extman/cgi/
mkdir /tmp/extman
chown -R vuser:vgroup /tmp/extman
#5、数据库初始化
#导入初始化SQL时,默认的uidnumber/gidnumber都是1000,这和vuser:vgroup 的uid/gid一致。注意核实
mysql -u root -p < /var/www/extsuite/extman/docs/extmail.sql
mysql -u root -p < /var/www/extsuite/extman/docs/init.sql
#6、设置虚拟域和虚拟用户的配置文件
cd /var/www/extsuite/extman/docs
cp mysql_virtual_alias_maps.cf /etc/postfix/
cp mysql_virtual_domains_maps.cf /etc/postfix/
cp mysql_virtual_mailbox_maps.cf /etc/postfix/
cp mysql_virtual_sender_maps.cf /etc/postfix/
cd /etc/postfix/
#修改以下文件的localhost为127.0.0.1;否则会报错无法正常连接mysql server
vim mysql_virtual_alias_maps.cf
vim mysql_virtual_domains_maps.cf
vim mysql_virtual_mailbox_maps.cf
vim mysql_virtual_sender_maps.cf
#7、修改postfix参数
#增加以下参数:
postconf -e "virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf"
postconf -e "virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf"
postconf -e "virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf"
postconf -e "virtual_transport = maildrop:"
/etc/init.d/postfix restart
#8、修改extman的数据库连接socket
#cd /var/www/extsuite/;grep -R mysql.sock ./*
#vim ./extman/contrib/passwd2ext.pl
#将/var/lib/mysql/mysql.sock修改为/var/run/mysqld/mysqld.sock
#ExtMan的默认超级管理员帐户:root@extmail.org,初始密码:extmail*123*,登陆成功后,建议将密码修改,以确保安全。
#9、配置图形化日志
aptitude install mailgraph
/etc/init.d/mailgraph start
#10、启动cmdserver(在后台显示系统信息)
/var/www/extsuite/extman/daemon/cmdserver --daemon
#11、加入开机自启动:
#echo "/etc/init.d/mailgraph start" >> /etc/rc.local
#echo "/var/www/extsuite/extman/daemon/cmdserver --daemon" >> /etc/rc.local
##七、相关测试
#1、测试authlib
/etc/init.d/postfix restart
/usr/sbin/authtest -s login postmaster@extmail.org extmail
Authentication succeeded.
Authenticated: postmaster@extmail.org (uid 1001, gid 1001)
Home Directory: /home/domains/extmail.org/postmaster
Maildir: /home/domains/extmail.org/postmaster/Maildir/
Quota: 104857600S
Encrypted Password: $1$phz1mRrj$3ok6BjeaoJYWDBsEPZb5C0
Cleartext Password: extmail
Options: (none)
#这样表明ExtMan的正确安装,数据库也正确导入,courier-authlib能正确连接到mysql数据库
#通常造成测试失败都是因为/etc/courier/authmysqlrc里面的内容有错,建议直接将附件里面的authmysqlrc拷贝到/etc/courier/下面
#七、安装、配置cyrus-sasl,查询定义在smtpd_sender_login_maps中
#1、安装sasl相关依赖库,"libsasl2-modules-sql sasl2-bin对于此认证模式无用"
apt-get install libsasl2-2 libsasl2-modules
#2、配置cyrus-sasl
vim /etc/postfix/sasl/smtpd.conf #通过postfix直接请求authmysql----->authmysqllib----->SQL query(此过程依赖sasl相关库)
#-----------------------------------------------------
pwcheck_method:authdaemond
log_level:3
mech_list:PLAIN LOGIN
authdaemond_path:/var/run/courier/authdaemon/socket
#-----------------------------------------------------
#此方法是通过postfix----->sasl相关库---->authmysqllib
#/var/run/courier/authdaemon/socket 由/etc/courier/authdaemonrc文件的authdaemonvar参数确定
#3、修改master.cf
vim /etc/postfix/master.cf
smtp inet n - n - - smtpd
#特别说明,此方式是关闭postfix以chroot方式运行,默认编译安装的postfix时是没有开启chroot的,本人猜测chroot是ubuntu针对cyrus-sasl认证进行的一种优化。
#4、使smtp支持mysql认证
#1)、使postfix支持mysql模块
aptitude install postfix-mysql
#2)、增加以下内容
vim /etc/postfix/main.cf
#--------------------------------------------
# smtpd related config
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname
# SMTP sender login matching config
smtpd_sender_restrictions =
permit_mynetworks,
reject_sender_login_mismatch,
reject_authenticated_sender_login_mismatch,
reject_unauthenticated_sender_login_mismatch
smtpd_sender_login_maps =
mysql:/etc/postfix/mysql_virtual_sender_maps.cf,
mysql:/etc/postfix/mysql_virtual_alias_maps.cf
# SMTP AUTH config here
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
#--------------------------------------------
/etc/init.d/postfix restart
chmod 755 /var/run/courier/authdaemon
#3)、测试SMTP认证
#perl -e 'use MIME::Base64; print encode_base64("postmaster\@extmail.org")'
#perl -e 'use MIME::Base64; print encode_base64("extmail")'
telnet localhost 25
ehlo demo.domain.tld
auth login
cG9zdG1hc3RlckBleHRtYWlsLm9yZw==
ZXh0bWFpbA==
##八、安装courier-pop
#1、安装courier-pop
aptitude install courier-pop #选择no
#The following NEW packages will be installed:
# courier-authlib-userdb{a} courier-base{a} courier-pop gamin{a} libgamin0{a} 依赖包
#2、修改本机hosts,添加如下
192.168.0.234 pop.jmail.com
192.168.0.234 pop3.jmail.com
192.168.0.234 smtp.jmail.com
192.168.0.234 mail.jmail.com
192.168.0.234 jmail.com
#3、重启所有服务
/etc/init.d/apache2 restart
/etc/init.d/postfix restart
/etc/init.d/courier-authdaemon restart
chmod 755 /var/run/courier/authdaemon
/var/www/extsuite/extmail/dispatch-init start
/etc/init.d/mailgraph start
mkdir /tmp/extman
chown -R vuser:vgroup /tmp/extman
#3、浏览器测试,建议用火狐或则IE,chrome貌似有兼容性的问题,extman的登录出现“校验码不正确,请重新输入”
#ExtMan的默认超级管理员帐户:root@extmail.org,初始密码:extmail*123*,登陆成功后,建议将密码修改,以确保安全。
#测试POP3 请按如下步骤输入pop3命令测试其是否正常工作,注意蓝色的信息是我们输入到POP3服务器的(请首先登录extman自行建立test@extmail.org用户,密码:extmail)
#4、测试pop的认证
telnet localhost 110
user test@extmail.org
pass test
list
quit
转载请标明出处:
http://xishi.blog.chinaunix.net 
doc.rar
