2015年(65)
分类: LINUX
2015-03-16 11:00:23
这篇文章介绍如何在 Linux 上建立一个邮件服务器。使用的是 作为 MTA、 作为 IMAP 和 POP3 服务器、Courier-authlib 来作为安全认证程序、MySQL 来存储虚拟用户、ExtMail 作为 WebMail 的前台并且使用 ExtMan 来管理帐号
在建立邮件服务器之前,首先要建立网页服务器来运行 ExtMail 和 ExtMan,可以选择LNMP(Linux+Nginx+MySQL+PHP)环境
首先安装必要的程序
Shell
yum install postfix dovecot* cyrus* expect libtool libtool-ltdl-devel gdbm gdbm-devel
前往 下载 courier-authlib,我们需要手动编译使其支持 MySQL 登陆
Shell
tar jxvf courier-authlib-0.66.1.tar.bz2 cd courier-authlib-0.66.1 ./configure \ --prefix=/usr/local/courier-authlib \ --sysconfdir=/etc \ --with-authmysql \ --with-redhat \ --with-authmysqlrc=/etc/authmysqlrc \ --with-authdaemonrc=/etc/authdaemonrc make && make install # 这一行如果是 systemctl 的话才运行 cp courier-authlib.sysvinit /usr/local/courier-authlib/share/ chmod 0755 /usr/local/courier-authlib/share/courier-authlib.sysvinit cp courier-authlib.service /usr/lib/systemd/system
如果在 configure 的过程中出现找不到 mysqlclient.so 之类的情况,到 /usr/lib64/mysql 目录下看看是否有 libmysqlclient.so 这个文件,如果没有,创建一个符号连接把旁边的链接过来
然后需要安装 Unix-Syslog,这是 ExtMan 和 ExtMail 所需要的
Shell
yum install perl-DBD-MySQL perl-CGI perl-FCGI perl-DB_File perl-Sys-Syslog perl-ExtUtils-MakeMaker
Shell
wget http:///id/M/MH/MHARNISCH/Unix-Syslog-1.1.tar.gz tar zxvf Unix-Syslog-1.1.tar.gz cd Unix-Syslog-1.1 perl Makefile.PL make && make install
添加一个用户(这个 uid 和 gid 以后会用到)
Shell
groupadd vmail -g 3311 useradd vmail -d /var/mailbox -s /sbin/nologin -g 3311 -u 3311
在这些都做完之后就可以开始配置邮件服务器了
修改 /etc/postfix/main.cf
Shell
myhostname = mail.miskcoo.com mydomain = miskcoo.com mynetworks = 127.0.0.0/8 inet_interfaces = all
修改 /etc/dovecot/dovecot.conf
C++
protocols = pop3s imap listen = * base_dir = /var/run/dovecot/ login_trusted_networks = 0.0.0.0/0
修改 /etc/dovecot/conf.d/10-ssl.conf
C++
ssl = yes
修改 /etc/dovecot/conf.d/10-auth.conf
C++
disable_plaintext_auth = yes
关闭 pop3 端口开启 pop3s 端口,修改 /etc/dovecot/conf.d/10-master.conf
C++
service pop3-login {
inet_listener pop3 { #port = 110 port = 0
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
然后关闭 Sendmail 服务(如果有的话),并且启动 Postfix 和 Dovecot
Shell
systemctl disable sendmail
systemctl stop sendmail
systemctl start postfix
systemctl enable postfix
systemctl start dovecot
systemctl enable dovecot
systemctl start saslauthd
systemctl enable saslauthd
现在开始安装 ExtMan 和 ExtMail,前往 下载 ExtMail(WebMail 帐号登陆) 和 ExtMan(WebMail 帐号管理)
Shell
# 创建目录 mkdir /var/www/extsuite # 解压并且复制 ExtMail tar zxvf extmail-1.2.tar.gz mv extmail-1.2/ /var/www/extsuite/extmail cp /var/www/extsuite/extmail/webmail.cf.default /var/www/extsuite/extmail/webmail.cf # 解压并且复制 ExtMan tar zxvf extman-1.1.tar.gz mv extman-1.1/ /var/www/extsuite/extman cp /var/www/extsuite/extman/webman.cf.default /var/www/extsuite/extman/webman.cf
修改 /var/www/extsuite/extmail/webmail.cf
C++
SYS_CONFIG = /var/www/extsuite/extmail/ SYS_LANGDIR = /var/www/extsuite/extmail/lang SYS_TEMPLDIR = /var/www/extsuite/extmail/html SYS_SESS_DIR = /var/www/extsuite/tmp/extmail SYS_UPLOAD_TMPDIR = /var/www/extsuite/tmp/extmail/upload SYS_LOG_FILE = /var/log/extmail.log SYS_USER_LANG = zh_CN SYS_APP_TYPE = WebMail SYS_USER_TEMPLATE = default SYS_USER_CHARSET = utf-8 SYS_USER_TRYLOCAL = 1 SYS_USER_TIMEZONE = +0800 SYS_MIN_PASS_LEN = 8 SYS_AUTH_TYPE = mysql SYS_MAILDIR_BASE = /var/mailbox SYS_AUTH_SCHEMA = virtual SYS_CRYPT_TYPE = md5crypt SYS_MYSQL_USER = extmail SYS_MYSQL_PASS = extmail # 修改为你的数据库密码,默认是 extmail SYS_MYSQL_DB = extmail SYS_MYSQL_HOST = localhost SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket
编辑 /var/www/extsuite/extman/webman.cf
C++
SYS_CONFIG = /var/www/extsuite/extman/ SYS_LANGDIR = /var/www/extsuite/extman/lang SYS_TEMPLDIR = /var/www/extsuite/extman/html SYS_MAILDIR_BASE = /var/mailbox SYS_SESS_DIR = /var/www/extsuite/tmp/extman/ SYS_MYSQL_USER = extmail SYS_MYSQL_PASS = extmail # 修改为你的数据库密码,默认是 extmail SYS_MYSQL_DB = extmail SYS_MYSQL_HOST = localhost SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock
然后建立临时目录
Shell
cd /var/www/extsuite mkdir tmp mkdir tmp/extmail mkdir tmp/extmail/upload mkdir tmp/extman chown vmail.vmail -R tmp
现在导入数据库,首先进入 /var/www/extsuite/extman/docs 目录,然后登陆 mysql 服务
Shell
mysql -u root -p
之后运行
MySQL
/* 这两行导入数据库,并且增加 extmail 用户 */ source extmail.sql source init.sql /* 这两行修改 extmail 用户密码 */ GRANT all privileges on extmail.* TO extmail@localhost IDENTIFIED BY 'your-passwd'; GRANT all privileges on extmail.* TO extmail@127.0.0.1 IDENTIFIED BY 'your-passwd'; /* 这两行的 3311 就是原先 vmail 的 uid 和 gid */ ALTER TABLE mailbox ALTER uidnumber SET DEFAULT 3311; ALTER TABLE mailbox ALTER gidnumber SET DEFAULT 3311;
现在开始配置 Postfix 使其支持虚拟用户,首先生成配置文件
Shell
mkdir -p /etc/postfix/mysql cp /var/www/extsuite/extman/docs/mysql_virtual_* /etc/postfix/mysql/
编辑 /etc/postfix/main.cf 在末尾添加如下内容
C++
broken_sasl_auth_clients = yes local_transport = dovecot virtual_mailbox_base = /var/mailbox virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_maps.cf virtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql_virtual_domains_maps.cf virtual_alias_domains = virtual_alias_maps = mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf virtual_uid_maps = static:3311 virtual_gid_maps = static:3311 virtual_transport = virtual smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = '' smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_client_restrictions = permit_sasl_authenticated smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, permit
编辑 /etc/postfix/master.cf
Shell
#submission inet n - - - - smtpd # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING 改为 submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
并且在末尾添加(/usr/libexec/dovecot/deliver 的位置可能不一样)
C++
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -d ${recipient}
编辑 /etc/dovecot/conf.d/10-auth.conf
C++
disable_plaintext_auth = yes #!include auth-system.conf.ext !include auth-sql.conf.ext #!include auth-ldap.conf.ext #!include auth-passwdfile.conf.ext #!include auth-checkpassword.conf.ext #!include auth-vpopmail.conf.ext #!include auth-static.conf.ext
编辑 /etc/dovecot/conf.d/10-mail.conf
C++
mail_location = maildir:/var/mailbox/%d/%n/Maildir mail_uid = 3311 mail_gid = 3311 first_valid_uid = 3311 last_valid_uid = 3311
编辑 /etc/dovecot/conf.d/10-logging.conf
C++
log_path = /var/log/dovecot.log info_log_path = /var/log/dovecot.info log_timestamp = "%Y-%m-%d %H:%M:%S "
编辑 /etc/dovecot/conf.d/10-master.conf
C++
service auth { # auth_socket_path points to this userdb socket by default. It's typically # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have # full permissions to this socket are able to get a list of all usernames and # get the results of everyone's userdb lookups. # # The default 0666 mode allows anyone to connect to the socket, but the # userdb lookups will succeed only if the userdb returns an "uid" field that # matches the caller process's UID. Also if caller's uid or gid matches the # socket's uid or gid the lookup succeeds. Anything else causes a failure. # # To give the caller full permissions to lookup all users, set the mode to # something else than 0666 and Dovecot lets the kernel enforce the # permissions (e.g. 0777 allows everyone full permissions). unix_listener auth-userdb { #mode = 0666 #user = #group = } # Postfix smtp-auth # 你要修改的是这部分 unix_listener /var/spool/postfix/private/auth {
mode = 0666 user = postfix group = postfix
} # Auth process is run as this user. #user = $default_internal_user }
编辑 /etc/dovecot/conf.d/auth-sql.conf.ext
C++
passdb {
driver = sql
# Path for SQL configuration file, see example-config/dovecot-sql.conf.ext
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
新建文件 /etc/dovecot/auth-sql.conf.ext
C++
driver = mysql
connect = host=localhost dbname=extmail user=extmail password=your-password # 替换成你的密码
default_pass_scheme = CRYPT
user_query = SELECT CONCAT('/var/mailbox/', maildir) AS maildir, uidnumber AS uid, gidnumber AS gid FROM mailbox WHERE username = '%u' AND active='1' password_query = SELECT username AS user,password AS password FROM mailbox WHERE username = '%u' AND active='1'
现在编辑 Courier-authlib 的配置文件
Shell
chmod 755 /usr/local/courier-authlib/var/spool/authdaemon cp /etc/authdaemonrc.dist /etc/authdaemonrc cp /etc/authmysqlrc.dist /etc/authmysqlrc
编辑 /etc/authdaemonrc
Shell
authmodulelist="authmysql" authmodulelistorig="authmysql"
编辑 /etc/authmysqlrc
C++
MYSQL_SERVER localhost MYSQL_PORT 3306 MYSQL_USERNAME extmail #连接数据库的用户名 MYSQL_PASSWORD your-password #连接数据库的密码 MYSQL_SOCKET /var/lib/mysql/mysql.sock MYSQL_DATABASE extmail MYSQL_USER_TABLE mailbox MYSQL_CRYPT_PWFIELD password MYSQL_UID_FIELD '3311' MYSQL_GID_FIELD '3311' MYSQL_LOGIN_FIELD username MYSQL_HOME_FIELD concat('/var/mailbox/',homedir) MYSQL_NAME_FIELD name MYSQL_MAILDIR_FIELD concat('/var/mailbox/',maildir)
编辑 /etc/sasl2/smtpd.conf
C++
pwcheck_method: authdaemond log_level: 3 mech_list: PLAIN LOGIN authdaemond_path: /usr/local/courier-authlib/var/spool/authdaemon/socket
运行
Shell
saslpasswd2 /etc/sasldb2
现在启动 courier-authlib 的服务程序
Shell
systemctl enable courier-authlib
systemctl start courier-authlib
好!现在来测试一下
Shell
/usr/local/courier-authlib/sbin/authtest -s login postmaster@extmail.org extmail
如果你看见下面的输出,那么就说明成功了
Shell
Authentication succeeded. Authenticated: postmaster@extmail.org (uid 3311, gid 3311) Home Directory: /var/mailbox/extmail.org/postmaster Maildir: /var/mailbox/extmail.org/postmaster/Maildir/ Quota: (none) Encrypted Password: $1$phz1mRrj$3ok6BjeaoJYWDBsEPZb5C0 Cleartext Password: extmail Options: (none)
接下来我们来配置 nginx 来让外部能够访问站点,编辑 /usr/local/nginx/conf/nginx.conf(如果用的是 yum 安装是 /etc/nginx/nginx.conf)
C++
php">
http { include mime.types;
default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65;
gzip on; # 如果你的 .conf 原先没有类似的语句,那么加入这段,并且新建一个文件夹叫做 conf.d include conf.d/*.conf;
编辑 /usr/local/nginx/conf/conf.d/extsuite.conf
C++
server
{
server_name test.miskcoo.com;
root /var/www/extsuite;
location / { alias /var/www/extsuite/extmail/html;
}
loion /extman { alias /var/www/extsuite/extman/html;
}
location ~ \.cgi$ { fastcgi_pass 127.0.0.1:8888; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name;
}
}
然后重新启动 nginx 服务
Shell
systemctl rest nginx
然后编辑 /usr/lib/systemd/system/extsuite-cgi.service 来创建一个脚本自动启动
C++
[Unit] Description=ExtMail and ExtMan CGI Server [Service] Type=forking RemainAfterExit=true ExecStart=/var/www/extsuite/extmail/dispatch-init start ExecS=/var/www/extsuite/extmail/dis- stop [Install] WantedBy=multi-user.target
之后运行
Shell
systemctl start extsuite-cgi
systemctl enable extsuite-cgi
现在你可以访问你的 WebMail 了!