环境
CentOS release 6.4 (Final)
postfix-2.6.6-6.el6_5.x86_64
dovecot-2.0.9-7.el6.x86_64
mysql-server-5.1.73-3.el6_5.x86_64
courier-authlib-0.66
extmail-1.2
extman-1.1
准备
1关闭Selinux
vi /etc/selinux/config
==================================================
SELINUX=disabled
==================================================
2 添加用户
useradd vmail -d /var/mailbox -s /sbin/nologin -g 504 -u 504
# 此用户用于虚拟用户的映射,多处使用该id。
3 安装Unix-Syslog补丁
wget
tar fzvx Unix-Syslog-1.1.tar.gz
cd Unix-Syslog-1.1
perl Makefile.PL
make && make install
注意:不安装此补丁的话使用extmail会报如下错误:
Unix::Syslog not found, please install it first! (in cleanup) Undefined subroutine &Ext::Logger::do_closelog called at /var/www/extsuite/extmail/libs/Ext/Logger.pm line 86.
perl -MCPAN -e shell
cpan[1]> install CGI Unix::Syslog Encode::IMAPUTF7 DBD::mysql
重启服务器。
安装
1)
yum install -y postfix dovecot* httpd php php-mysql mysql-server db4-devel ntpdate libtool-ltdl-devel gdbm-devel perl-rrdtool perl-BerkeleyDB perl-GD
2)
wget
tar fvx courier-authlib-0.66.1.tar.bz2
cd courier-authlib-0.66.1
./configure --prefix=/usr/local/courier-authlib \
--sysconfdir=/etc \
--with-authmysql \
--with-mysql-libs=/usr/lib64/mysql \
--with-mysql-includes=/usr/include/mysql \
--with-redhat \
--with-authmysqlrc=/etc/authmysqlrc \
--with-authdaemonrc=/etc/authdaemonrc \
--with-ltdl-lib=/usr/lib \
--with-ltdl-include=/usr/include
#################################
postfix: 收发邮件
dovecot: 投递邮件
courier-authlib: 身份验证
mysql 存储账号信息
extmail: web支持
extman: web管理
#################################
配置
I 系统用户
1.postfix
修改 /etc/postfix/main.cf
==================================================
myhostname = mail_1.test.com.cn
mydomain = test.com.cn
mynetworks = 127.0.0.0/8
inet_interfaces = all
==================================================
2. dovecot
2.1修改 /etc/dovecot/dovecot.conf
==================================================
protocols = pop3
listen = *
base_dir = /var/run/dovecot/
login_trusted_networks = 0.0.0.0/0
dict {
}
!include conf.d/*.conf
==================================================
2.2 修改 /etc/dovecot/conf.d/10-ssl.conf
==================================================
ssl = no
==================================================
service dovecot start
2.3测试
useradd test && passwd test
使用foxmail客户端,系统账号test测试,可收发邮件。
3加密的 POP3
3.1取消密码的明文传输。
vi /etc/dovecot/conf.d/10-auth.conf
==================================================
disable_plaintext_auth = yes
==================================================
3.2 开启ssl加密
vi /etc/dovecot/conf.d/10-ssl.conf
==================================================
ssl = yes
==================================================
3.3 关闭pop3端口并开启pop3s
vi /etc/dovecot/conf.d/10-master.conf
==================================================
service pop3-login {
inet_listener pop3 {
#port = 110
port = 0
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
==================================================
3.4 重启服务
service dovecot start
3.5测试
这时使用foxmail测试提示:
“错误信息:由于目标计算机积极拒绝,无法连接。”
修改foxmail的pop3配置,勾选“使用 此服务器需要安全连接(ssl)(F)”后,正常。
II 虚拟用户
安装extmail
下载地址
extmail-1.2.tar.gz #webmail账号登陆
extman-1.1.tar.gz #webmail系统管理
1.1 extmail
mkdir -p /var/www/extsuite
tar fzvx extmail-1.2.tar.gz -C /var/www/extsuite/
cp /var/www/extsuite/extmail-1.2 /var/www/extsuite/extmail
cd /var/www/extsuite
cp webmail.cf.default webmail.cf
vi webmail.cf
=============== ===========================
SYS_CONFIG = /var/www/extsuite/extmail/
SYS_LANGDIR = /var/www/extsuite/extmail/lang
SYS_TEMPLDIR = /var/www/extsuite/extmail/html
SYS_SESS_DIR = /tmp/extmail
SYS_UPLOAD_TMPDIR = /tmp/extmail/upload
SYS_LOG_FILE = /var/log/extmail.log
SYS_USER_LANG = zh_CN
SYS_APP_TYPE = WebMail
SYS_USER_TEMPLATE = default
SYS_USER_CHARSET = utf-8
SYS_USER_TRYLOCAL = 1
SYS_USER_TIMEZONE = +0800
SYS_MIN_PASS_LEN = 8
SYS_AUTH_TYPE = mysql
SYS_MAILDIR_BASE = /var/mailbox
SYS_AUTH_SCHEMA = virtual
SYS_CRYPT_TYPE = md5crypt
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
SYS_MYSQL_DB = extmail
SYS_MYSQL_HOST = localhost
SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock
SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket
=============== ===========================
建立extmail的临时文件目录及session目录
mkdir -p /tmp/extmail/upload
chown vmail.vmail -R /tmp/extmail/
1.2 extman
tar fzvx extman-1.1.tar.gz -C /var/www/extsuite/
cd /var/www/extsuite/
mv extman-1.1 extman
cd extman
cp webman.cf.default webman.cf
vi webman.cf
=============== ===========================
SYS_CONFIG = /var/www/extsuite/extman/
SYS_LANGDIR = /var/www/extsuite/extman/lang
SYS_TEMPLDIR = /var/www/extsuite/extman/html
SYS_MAILDIR_BASE = /var/mailbox
SYS_SESS_DIR = /tmp/extman/
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
SYS_MYSQL_DB = extmail
SYS_MYSQL_HOST = localhost
SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock
=============== ===========================
mkdir -p /tmp/extman/
chown vmail.vmail -R /tmp/extman/
1.3修改cgi目录的属主
chown -R postfix.postfix /var/www/extsuite/extman/cgi/
chown -R postfix.postfix /var/www/extsuite/extmail/cgi/
1.4导入Extman的数据库
mysql -u root < /var/www/extsuite/extman/docs/extmail.sql
mysql -u root < /var/www/extsuite/extman/docs/init.sql
1.5授予用户extmail访问extmail数据库的权限
mysql -u root -p
GRANT all privileges on extmail.* TO extmail@localhost IDENTIFIED BY 'extmail';
GRANT all privileges on extmail.* TO extmail@127.0.0.1 IDENTIFIED BY 'extmail';
2配置postfix支持虚拟用户
2.1添加内容
vi /etc/postfix/main.cf
=============== ===========================
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:504
virtual_gid_maps = static:504
virtual_transport = virtual
==================================================
2.2生成配置文件
mkdir -p /etc/postfix/mysql
cp /var/www/extsuite/extman/docs/mysql_virtual_* /etc/postfix/mysql/
对/etc/postfix/mysql/下的文件进行编辑,填写适当的用户名、密码。
3配置Dovecot
cd /etc/dovecot/conf.d/
vi 10-auth.conf
==================================================
disable_plaintext_auth = yes
#!include auth-system.conf.ext
!include auth-sql.conf.ext
#!include auth-ldap.conf.ext
#!include auth-passwdfile.conf.ext
#!include auth-checkpassword.conf.ext
#!include auth-vpopmail.conf.ext
#!include auth-static.conf.ext
==================================================
vi 10-mail.conf
==================================================
mail_location = maildir:/var/mailbox/%d/%n/Maildir
mail_uid = 504
mail_gid = 504
first_valid_uid = 504
last_valid_uid = 504
==================================================
vi 10-logging.conf
==================================================
log_path = /var/log/dovecot.log
info_log_path = /var/log/dovecot.info
log_timestamp = "%Y-%m-%d %H:%M:%S "
==================================================
vi auth-sql.conf.ext
==================================================
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext}
==================================================
vi /etc/dovecot/dovecot-sql.conf.ext
==================================================
driver = mysql
connect = host=localhost dbname=extmail user=extmail password=extmail
default_pass_scheme = CRYPT
user_query = SELECT CONCAT('/var/mailbox/', maildir) AS maildir, uidnumber AS uid, gidnumber AS gid FROM mailbox WHERE username = '%u' AND active='1'
password_query = SELECT username AS user,password AS password FROM mailbox WHERE username = '%u' AND active='1'
==================================================
4 使用Courier authentication library为smtp提供认证
4.1生成配置文件
chmod 755 /usr/local/courier-authlib/var/spool/authdaemon
cp /etc/authdaemonrc.dist /etc/authdaemonrc
cp /etc/authmysqlrc.dist /etc/authmysqlrc
4.2 修改配置文件
4.2.1
vi /etc/authdaemonrc
==================================================
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=10
==================================================
4.2.2
vi /etc/authmysqlrc
==================================================
MYSQL_SERVER localhost
MYSQL_PORT 3306
MYSQL_USERNAME extmail #连接数据库的用户名
MYSQL_PASSWORD extmail #连接数据库的密码
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD '504'
MYSQL_GID_FIELD '504'
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD concat('/var/mailbox/',homedir)
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD concat('/var/mailbox/',maildir)
==================================================
4.3 设置启动及重新加载库文件
cp courier-authlib.sysvinit /etc/init.d/courier-authlib
chmod 755 /etc/init.d/courier-authlib
chkconfig --add courier-authlib
chkconfig --level 2345 courier-authlib on
echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf.d/courier-authlib.conf
ldconfig -v
service courier-authlib start
4.4设置smtpd认证
vi /usr/lib64/sasl2/smtpd.conf
==================================================
pwcheck_method: authdaemond
log_level: 3
mech_list:PLAIN LOGIN
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket
==================================================
4.5配置postfix支持SMTP
vi /etc/postfix/main.cf
==================================================
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = ''
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
broken_sasl_auth_clients=yes
smtpd_client_restrictions = permit_sasl_authenticated
smtpd_sasl_security_options = noanonymous
==================================================
4.6 生成数据库文件
saslpasswd2 /etc/sasldb2
4.7 修改邮件所有者的id
mysql> ALTER TABLE mailbox ALTER uidnumber SET DEFAULT 504;
mysql> ALTER TABLE mailbox ALTER gidnumber SET DEFAULT 504;
或者修改文件/var/www/extsuite/extman/tools/userctl.pl
==================================================
uidnumber => $uidnumber || 1000
gidnumber => $gidnumber || 1000
==================================================
将1000改为504.
5测试虚拟用户
5.1测试Postfix 是否支持虚拟用户
/usr/local/courier-authlib/sbin/authtest -s login postmaster@extmail.org extmail
Authentication succeeded. // 表示成功
Authenticated: postmaster@extmail.org (uid 504, gid 504)
Home Directory: /var/mailbox/extmail.org/postmaster
Maildir: /var/mailbox/extmail.org/postmaster/Maildir/
Quota: (none)
Encrypted Password: $1$phz1mRrj$3ok6BjeaoJYWDBsEPZb5C0
Cleartext Password: extmail
Options: (none)
5.2测试虚拟用户SMPT发信认证
printf "postmaster@extmail.org" | openssl base64
cG9zdG1hc3RlckBleHRtYWlsLm9yZw==
printf "extmail" | openssl base64
ZXh0bWFpbA==
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.benet.com ESMTP Postfix
auth login
334 VXNlcm5hbWU6
cG9zdG1hc3RlckBleHRtYWlsLm9yZw==
334 UGFzc3dvcmQ6
ZXh0bWFpbA==
235 2.0.0 Authentication successful // 表示成功
quit
221 2.0.0 Bye
Connection closed by foreign host.
限定发件人伪造地址
1. 修改main.cf,添加
==================================================
smtpd_sender_login_maps = mysql:/etc/postfix/mysql/mysql_virtual_sender_maps.cf,mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf
smtpd_reject_unlisted_sender = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_sender_login_mismatch,reject_authenticated_sender_login_mismatch
==================================================
2 修改
/etc/postfix/mysql/mysql_virtual_sender_maps.cf /etc/postfix/mysql/mysql_virtual_alias_maps.cf
文件中的账号、密码。
Webmaill
1. 修改apache配置文件
vi /etc/httpd/conf/httpd.conf
==================================================
User vmail
Group vmail
==================================================
vi /etc/httpd/conf.d/extmail.conf
==================================================
ServerName mail.test.com.cn
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi
Alias /extman /var/www/extsuite/extman/html
==================================================
2. 登录并管理Extman邮件系统
在浏览器中访问可以看到Extman程序套件的WEB首页,选择“登陆邮箱管理”,可以使用默认的邮件管理员帐户root@extmail.org登录Extman邮件管理系统,默认密码是“extmail*123*”。
3. 普通用户选择“登陆邮箱”并取消“IP安全”选项的复选框。
其他
1. 使用虚拟用户后,发现错误,日志内容如下
extmail postfix/trivial-rewrite[22800]: warning: do not list domain extmail.lib.tsinghua.edu.cn in BOTH mydestination and virtual_mailbox_domains
解决方法:mydestination设置为127.0.0.1,或设置为空,或者将它注释掉。
2. Open Relay
是指由于邮件服务器不理会邮件发送者或邮件接受者的是否为系统所设定的用户,而对所有的入站邮件一律进行转发(RELAY)的功能。
telnet mailhostname 25
220 ESMTP POSTFIX ( 屏幕回显,通常指明邮件服务器类型)
Mail From:user1@this.domain.tld (输入模拟用户) 服务器显示
250 ... ok
RCPT TO: 服务器会显示
250 ... Recipient ok
Data
.
Quit
如果用户user2接受无误,则服务器即具有Open-Relay功能,可能被别人作为中转服务器。
同上,若服务器在RCPT TO命令后显示 5xx 代码回应则表明此台服务器关闭了Open-Relay功能。
下面网址可查看是否已经在黑名单中:
3. 批量添加
A. 用户
创建账号文件,格式如下(账号 密码):
vi /tmp/user.info
==================================================
user1@test.com.cn 123123
user2@test.com.cn 123123
==================================================
perl /var/www/extsuite/extman/tools/userctl.pl --mode=badd --file=/tmp/user.info --setuid=504 --setgid=504
B. 别名
perl /var/www/extsuite/extman/tools/aliasctl.pl add -u all@test.com.cn -g zfj@test.com.cn,user01@test.com.cn -d test.com.cn -su 504 -sg 504
4. 黑白名单
A. 限定往本机发邮件的人
vi /etc/postfix/main.cf
==================================================
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access_1
==================================================
vi /etc/postfix/sender_access_1
==================================================
spamer1@expample.com REJECT
spamer1@ REJECT
domain.com OK
master@expample.com OK
==================================================
postmap /etc/postfix/sender_access_1
service postfix reload
使用spamer1@expample.com发送邮件到本域一个有效邮箱,发现有退信,说明限定成功。
B. 限定本机外发邮件的人
vi /etc/postfix/main.cf
==================================================
smtpd_sender_restrictions = \
check_recipient_access hash:/etc/postfix/recipient_access_1
==================================================
vi /etc/postfix/recipient_access_1
==================================================
spamer1@expample.com REJECT Bad-domain
spamer1@ REJECT
domain.com OK
master@expample.com OK
==================================================
postmap /etc/postfix/recipient_access_1
service postfix reload
使用本地邮箱发送邮件到spamer1@expample.com时,错误提示“Bad-domain”,表示成功限定。
5. 别名邮件组只接受本域的邮件
smtpd_recipient_restrictions 后添加2个选项
vi /etc/postfix/main.cf
==================================================
smtpd_recipient_restrictions = \
check_recipient_access hash:/etc/postfix/recipient_access_2
==================================================
vi /etc/postfix/recipient_access_2
==================================================
tech@test.com.cn REJECT
==================================================
postmap /etc/postfix/recipient_access_2
service postfix reload
使用本地域之外的邮箱发往tech@test.com.cn 时将被退回。
6. 账户监控
postfix的bcc(密送)功能可以根据条件,将所有经过postfix队列的邮件根据规则密送到指定的邮箱。
postfix带有三个bcc参数:
①、always_bcc:将所有的邮件都备份到指定邮箱;
②、sender_bcc_maps:将收件人包含在map文件中的邮件被分到指定邮箱;
③、recipient_bcc_maps:将收件人包含在map文件中的邮件被分到指定邮箱。
文件方式
vi /etc/postfix/main.cf
==================================================
always_bcc = monitor@test.com.cn
recipient_bcc_maps = hash:/etc/postfix/recipient_bcc
sender_bcc_maps = hash:/etc/postfix/ sender_bcc
==================================================
vi /etc/postfix/recipient_bcc
==================================================
usr1@test.com.cn usr2@test.com.cn
==================================================
vi /etc/postfix/ sender_bcc
==================================================
usr3@test.com.cn usr4@test.com.cn
==================================================
postmap /etc/postfix/ sender_bcc
postmap /etc/postfix/recipient_bcc
service postfix reload
所有的邮件都将密送一份到monitor@test.com.cn
发送给usr1@test.com.cn 的邮件,密送一份到 usr2@test.com.cn
usr3@test.com.cn 所发出的邮件,密送一份到usr4@test.com.cn
mysql方式
①、在mysql中创建表mail_watch
create TABLE `mail_watch` (
`sender` varchar(100) NOT NULL,
`bcc` varchar(100) NOT NULL,
PRIMARY KEY (`sender`)
);
②、插入监控与密送邮箱账号
insert into mail_watch values('usr1@test.com.cn','usr2@test.com.cn');
③、vi /etc/postfix/main.cf
==================================================
always_bcc = monitor@test.com.cn
sender_bcc_maps = mysql:/etc/postfix/mail_watch.cf
recipient_bcc_maps = mysql:/etc/postfix/mail_watch.cf ==================================================
④、vi /etc/postfix/mysql_watch.cf
==================================================
user = postfix
password = xxxxx
dbname = postfix
table = mail_watch
select_field = bcc
where_field = sender
hosts = localhost
==================================================
service postfix reload
postfix+dovecot之虚拟用户.docx
