Chinaunix首页 | 论坛 | 博客
  • 博客访问: 288732
  • 博文数量: 49
  • 博客积分: 4776
  • 博客等级: 中校
  • 技术积分: 486
  • 用 户 组: 普通用户
  • 注册时间: 2005-03-02 10:42
文章分类

全部博文(49)

文章存档

2010年(6)

2009年(8)

2008年(20)

2007年(10)

2006年(2)

2005年(3)

分类:

2007-12-12 11:13:56

CenTOS 5下面用自带的RPM包安装基于Postfix的邮件系统(LDAP)
(Postfix+OpenLDAP+Dovecot+Extmail+Extman+Mailscanner+Spamassassin+Clamav)
Author:汪洋
Nickname:ruochen / ruochen0926
Date:20070927
Version:1.0
Contact: E-Mail:ruochen0926(at)gmail.com  QQ:967409
Blog:http://ruochen.cublog.cn/
Note:参考了网上很多网友的帖子,都比较零散,不一一列出,如果在安装或者使用过程中有疑问,请到我的blog跟帖,我会尽快回复


目录:
目标:配置一个功能齐全的Mail系统
1)安装需要的软件包
2)DNS相关配置
2.1)建立正向反向和MX记录
2.2)测试DNS配置
3)安装Postfix
4)配置Postfix
4.1)配置Postfix的主配置文件 /etc/postfix/main.cf
4.2)配置Postfix虚拟用户的配置文件
5)配置dovecot (IMAP/IMAPS/POP3/POP3S)
5.1)配置dovecot的主配置文件/etc/dovecot.conf
5.2)配置dovecot的mysql认证配置文件
6)测试发信认证及收信
6.1)LOGIN登录测试
6.2)pop3收信测试
7)安装Extmail-1.0.2
7.1)解压安装
7.2)修改Extmail主配置文件
7.3)APACHE相关配置
7.4)Extmail依赖关系的解决
8)安装Extman-0.2.2
8.1)解压安装
8.2)修改Extman的主配置文件
8.3)APACHE相关配置
9)开启Apache/Mysql/Bind,并让他们自启动
10)安装反垃圾SpamAssassin
11)安装反病毒Clamav
12)安装MailScanner
13)FQA
13.1)进入postfixadmin的管理页面出现下面的警告提示 Warning: Magic Quotes: OFF (using internal function!)
13.2)如何显示dovecot的所有配置
13.3)如何显示postfix的所有配置
13.4)如何检查配置文件是否正确
13.5)检查日志
13.6)/var/log/maillog出现下面的
Nov 19 12:06:00 mailtest postfix/smtpd[2055]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
13.7)在postfix中配置RBL/CBL
13.8)如何让Postfix直接支持SpamAssassin
13.9)如何利用sendmail的mailer支持postfix
13.10)如何用MySQL做后台,
13.11)如何用OpenLDAP做后台,
13.12)Open LDAP服务器的备份和恢复


1)安装需要的软件包
LDAP部分
[root@mailtest /]# rpm -qa|grep ldap
openldap-2.3.27-5
openldap-devel-2.3.27-5
openldap-servers-2.3.27-5
php-ldap-5.1.6-5.el5
nss_ldap-253-3
python-ldap-2.2.0-2.1

 

Http部分
[root@mailtest /]# rpm -qa|grep http
httpd-2.2.3-6.el5.centos.1

Php部分
[root@mailtest /]# rpm -qa|grep php
php-mysql-5.1.6-5.el5
php-cli-5.1.6-5.el5
php-5.1.6-5.el5
php-ldap-5.1.6-5.el5
php-pdo-5.1.6-5.el5
php-mbstring-5.1.6-5.el5
php-common-5.1.6-5.el5
php-gd-5.1.6-5.el5


Perl部分
[root@mailtest noarch]# rpm -qa|grep perl
perl-HTML-Tagset-3.10-2.1.1
perl-Digest-HMAC-1.01-15
perl-HTML-Parser-3.56-1
perl-Sys-Hostname-Long-1.4-1
perl-Net-DNS-0.59-1.fc6
perl-XML-SAX-0.14-5
perl-IO-stringy-2.108-1
perl-DBI-1.56-1
perl-5.8.8-10
mod_perl-2.0.2-6.1
perl-Socket6-0.19-3.fc6
perl-IO-Socket-INET6-2.51-2.fc6
perl-IO-String-1.08-1.1.1
perl-Convert-ASN1-0.20-1.1
perl-TimeDate-1.16-3
perl-MIME-tools-5.420-1
perl-DBD-SQLite-1.13-1
perl-BSD-Resource-1.28-1.fc6.1
perl-DBD-MySQL-3.0007-1.fc6
perl-IO-Zlib-1.04-4.2.1
perl-Digest-SHA1-2.11-1.2.1
perl-Archive-Tar-1.30-1.fc6
perl-IO-Socket-SSL-1.01-1.fc6
perl-LDAP-0.33-3.fc6
perl-libwww-perl-5.805-1.1.1
perl-MailTools-1.71-1
perl-Convert-TNEF-0.17-1
perl-Filesys-Df-0.90-1
perl-URI-1.35-3
perl-Compress-Zlib-1.42-1.fc6
perl-Net-IP-1.25-2.fc6
perl-XML-NamespaceSupport-1.09-1.2.1
perl-Net-CIDR-0.11-1
perl-Archive-Zip-1.16-1
perl-String-CRC32-1.4-2.fc6
perl-Net-SSLeay-1.30-4.fc6
perl-Convert-BinHex-1.119-2
perl-GD-2.35-1.fc6.rf.i386.rpm


Spamassassin部分
[root@mailtest /]# rpm -qa|grep spamassassin
spamassassin-3.1.7-4.el5


Dovecot部分
[root@mailtest /]# rpm -qa|grep dovecot
dovecot-1.0-1.2.rc15.el5  #imap imaps pop3 pop3s


Cyrus-sasl部分
[root@mailtest /]# rpm -qa|grep cyrus-sasl
cyrus-sasl-lib-2.1.22-4
cyrus-sasl-plain-2.1.22-4
cyrus-sasl-devel-2.1.22-4
cyrus-sasl-2.1.22-4
cyrus-sasl-md5-2.1.22-4
cyrus-sasl-sql-2.1.22-4

OpenLDAP部分
[root@mail pub]# rpm -qa|grep ldap
openldap-2.3.27-5
openldap-servers-2.3.27-5
openldap-clients-2.3.27-5
openldap-devel-2.3.27-5

Openldap-2.0*是必要套件,一定要先安装;
Openldap-servers*是服务器套件;
openldap-clients*是操作程序套件;
openldap-devel*是开发工具套件.
db4-4.3.29-9.fc6 BreakDB
db4-devel-4.3.29-9.fc6 BreakDB开发包

如果需要用ldap做一些高级应用,还需要加装如下套件:
php-ldap-5.1.6-5.el5
python-ldap-2.2.0-2.1
nss_ldap-253-3


下面的包是配置openLDAP的GUI管理界面lam所需要的
mhash-0.9.9-1.el5
php-mhash-5.1.6-12


Apache LDAP认证的模块,根据自己需要来安装

mod_authz_ldap.i386


Spamassassin所依赖的包
perl-Archive-Tar-1.30-1.fc6.noarch.rpm    
perl-IO-Socket-SSL-1.01-1.fc6.noarch.rpm
perl-Compress-Zlib-1.42-1.fc6.i386.rpm     
perl-IO-Zlib-1.04-4.2.1.noarch.rpm
perl-Digest-HMAC-1.01-15.noarch.rpm        
perl-Net-DNS-0.59-1.fc6.i386.rpm
perl-Digest-SHA1-2.11-1.2.1.i386.rpm       
perl-Net-IP-1.25-2.fc6.noarch.rpm
perl-HTML-Parser-3.55-1.fc6.i386.rpm       
perl-Net-SSLeay-1.30-4.fc6.i386.rpm
perl-HTML-Tagset-3.10-2.1.1.noarch.rpm     
perl-Socket6-0.19-3.fc6.i386.rpm
perl-IO-Socket-INET6-2.51-2.fc6.noarch.rpm 

 

Postfix所依赖的包
db4-devel-4.3.29-9.fc6.i386.rpm
e2fsprogs-devel-1.39-8.el5.i386.rpm
krb5-devel-1.5-17.i386.rpm
zlib-devel-1.2.3-3.i386.rpm
openssl-devel-0.9.8b-8.3.el5.i386.rpm
mysql-devel-5.0.22-2.1.i386.rpm
cyrus-sasl-devel-2.1.22-4.i386.rpm


gcc所依赖的包
libgomp-4.1.1-52.el5.i386.rpm


其他软件包
perl-libwww-perl-5.805-1.1.1.noarch.rpm
avahi-compat-howl-0.6.16-1.el5.i386.rpm
perl-LDAP-0.33-3.fc6.noarch.rpm
kernel-devel-2.6.18-8.el5.i686.rpm
elfutils-libelf-0.125-3.el5.i386.rpm
elfutils-libelf-devel-0.125-3.el5.i386.rpm
rpm-build-4.4.2-37.el5.i386.rpm
mutt-1.4.2.2-3.el5.i386.rpm

建议安装与系统管理相关的两个包
nmap-4.11-1.1.i386.rpm
sysstat-7.0.0-3.el5.i386.rpm

下面的两个软件包用于clamav的数字签名
gmp-devel-4.1.4-10.el5
gmp-4.1.4-10.el5


Note:安装系统是选择安装dovecot+spamassassin+gcc+openldap+php,并建议建立一个管理用户


2)DNS相关配置
2.1)建立正向反向和MX记录
[root@mail ~]# cat /var/named/named.test.hk
$TTL 86400
@                       IN          SOA        test.hk.         postmaster.test.hk. (
                                                1997022700 ; Serial
                                                28800      ; Refresh
                                                14400      ; Retry
                                                3600000    ; Expire
                                                86400 )    ; Minimum
                        IN          NS         mail.test.hk
test.hk.                IN          MX  5      mail.test.hk.
mail                    IN          A          10.10.119.204
www                     IN          A          10.10.119.204
[root@mail ~]# cat /var/named/named.10.10.119
$TTL 86400
@                   IN          SOA        test.hk.         postmaster.test.hk. (
                                      1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
                     IN             NS      mail.test.hk
204                  IN             PTR     .
204                  IN             PTR     mail.test.hk.
[root@mailtest ~]# hostname
mail.test.hk


2.2)测试DNS配置
[root@mailtest ~]# nslookup mail.test.hk
Server:         10.10.119.204
Address:        10.10.119.204#53

Name:   mail.test.hk
Address: 10.10.119.204

[root@mailtest ~]# nslookup
Server:         10.10.119.204
Address:        10.10.119.204#53

Name:  
Address: 10.10.119.204

[root@mailtest ~]# nslookup 10.10.119.204
Server:         10.10.119.204
Address:        10.10.119.204#53

204.119.10.10.in-addr.arpa      name = mail.test.hk.
204.119.10.10.in-addr.arpa      name = .

[root@mailtest ~]# ping
PING mailtest.test.hk (10.10.119.204) 56(84) bytes of data.
64 bytes from mailtest.test.hk (10.10.119.204): icmp_seq=1 ttl=64 time=0.793 ms
64 bytes from mailtest.test.hk (10.10.119.204): icmp_seq=2 ttl=64 time=0.046 ms
64 bytes from mailtest.test.hk (10.10.119.204): icmp_seq=3 ttl=64 time=0.040 ms

--- mailtest.test.hk ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.040/0.293/0.793/0.353 ms
[root@mailtest ~]# ping mail.test.hk
PING mail.test.hk (10.10.119.204) 56(84) bytes of data.
64 bytes from mail.test.hk (10.10.119.204): icmp_seq=1 ttl=64 time=0.395 ms
64 bytes from mail.test.hk (10.10.119.204): icmp_seq=2 ttl=64 time=0.037 ms
64 bytes from mail.test.hk (10.10.119.204): icmp_seq=3 ttl=64 time=0.038 ms

--- mail.test.hk ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.037/0.156/0.395/0.169 ms

Note:DNS的配置错误多看Bind的日志文件/var/log/messages


3)安装Postfix
虽然CentOS 5自带Postfix,但因为其不支持SSL及Mysql/LDAP,所以我们需要自行编译

[root@mailtest /]# rpm -e sendmail --nodeps   #卸载系统自带的sendmail
[root@mailtest /]# groupadd postfix    #添加postfix用户
[root@mailtest /]# groupadd postdrop    #添加postdrop组
[root@mailtest /]# useradd postfix -g postfix -G postdrop -c "Postfix User" -d /dev/null -s /sbin/nologin #添加postfix用户
[root@mailtest /]# mkdir -p /tmp/postfix   #建立postfix的临时目录
[root@mailtest /]# chown -R postfix.postfix /tmp/postfix #给postfix的临时目录相关权限
[root@mailtest /]# mkdir -p /home/domains/   #建立虚拟邮件用户的邮件存放目录
[root@mailtest /]# chown -R postfix.postfix /home/domains/ #给虚拟邮件用户的邮件存放目录相关权限
[root@mailtest /]# tar zxvf postfix-2.4.6.tar.gz        #解压postfix包
[root@mailtest /]# cd postfix-2.4.6          #进入postfix解压目录
[root@mailtest postfix-2.4.5]# make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_TLS -DUSE_CYRUS_SASL -DUSE_SASL_AUTH -I/usr/include/sasl -DHAS_LDAP' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib -lssl -lcrypto -lsasl2 -L/usr/lib/openldap -llber -lldap' #配置编译环境支持sasl/tls/mysql/ldap.相关编译参数参考readme文件
       

[root@mailtest postfix-2.4.6]# make  #编译postfix
[root@mailtest postfix-2.4.6]# make install #安装postfix文件到相应目录并配置
Note:make install命令后的所有问题都直接敲回车键即可。最好能改下临时目录到/tmp/postfix

生成别名二进制文件,这个步骤如果忽略,会造成postfix效率极低:
[root@mailtest postfix-2.4.6]#  newaliases


4)配置Postfix
4.1)配置Postfix的主配置文件 /etc/postfix/main.cf
#=====================BASE=========================
myhostname = mail.test.hk     #postfix服务的邮件主机的主机名,建虚拟域时不要建这个同名的
mydomain = test.hk      #postfix服务的邮件主机的域名
myorigin = $mydomain      #设置由本机寄出的邮件所使用的域名或主机名称
mydestination = $myhostname localhost localhost.$mydomain #设置可接收邮件的主机名称或域名
mynetworks = 10.10.119.0/24 127.0.0.0/8    #设置可转发哪些网络的邮件,不需要认证的网段
inet_interfaces = all      #设置postfix服务监听的网络接口
#relay_domains = $mydestination     #设置可转发哪些网域的邮件

#=====================Vritual Mailbox settings=========================
virtual_mailbox_base = /home/domains
virtual_mailbox_maps = ldap:/etc/postfix/ldap/ldap_virtual_mailbox_maps.cf
virtual_mailbox_domains = ldap:/etc/postfix/ldap/ldap_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = ldap:/etc/postfix/ldap/ldap_virtual_alias_maps.cf
virtual_uid_maps = static:501
virtual_gid_maps = static:502
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1

#====================QUOTA========================
message_size_limit = 5242880  #每个邮件最大尺寸5M
mailbox_size_limit = 209715200  #邮箱大小限制200M
virtual_mailbox_limit = 209715200 #虚拟邮箱大小限制200M
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = ldap:/etc/postfix/ldap/ldap_virtual_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes

#====================SASL========================
smtpd_sasl_type = dovecot    #使用dovecot进行验证
smtpd_sasl_path = /var/run/dovecot/auth-client  #与dovecot.conf中如下的的path一致
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,
                                permit_sasl_authenticated,
                                reject_invalid_hostname,
                                reject_non_fqdn_hostname,
                                reject_unknown_sender_domain,
                                reject_non_fqdn_sender,
                                reject_non_fqdn_recipient,
                                reject_unknown_recipient_domain,
                                reject_unauth_pipelining,
                                reject_unauth_destination,
                                permit

 

# From: 本地域           To: 任何地址      必须认证且验证用户和From:必须一致
# From: 任何非本地地址   To: 本地地址     无需认证
# From: 任何非本地       To: 任何地址     拒绝

#列出本地用户的列表,以便验证 From: 本地域 To: 本地域
#smtpd_sender_login_maps =
#    mysql:/etc/postfix/mysql/mysql_virtual_sender_maps.cf,
#    mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf

#smtpd_reject_unlisted_sender = yes

#本地域向本地域发信也需要SMTP身份验证
#smtpd_sender_restrictions =
#    reject_sender_login_mismatch,
#    reject_authenticated_sender_login_mismatch,
#    reject_unauthenticated_sender_login_mismatch


#smtpd_error_sleep_time = 1s
#smtpd_soft_error_limit = 10
#smtpd_hard_error_limit = 20


smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner=$myhostname ESMTP "Version not Available"

readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
html_directory = no
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/local/man
daemon_directory = /usr/libexec/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix

#====================SSL/TLS========================
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/smtpd.pem
smtpd_tls_CAfile = /etc/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom


生成证书
[root@mailtest postfix]# mkdir /etc/ssl
[root@mailtest postfix]# cd /etc/ssl
[root@mailtest ssl]# openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650
Generating a 1024 bit RSA private key
..++++++
..++++++
writing new private key to 'smtpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:GD
Locality Name (eg, city) [Newbury]:DG
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:PROC
Common Name (eg, your name or your server's hostname) []:
Email Address []:test1@test.hk


4.2)配置Postfix虚拟用户的配置文件
[root@mail ~]# cat /etc/postfix/ldap/ldap_virtual_alias_maps.cf
server_host = localhost
search_base = o=extmailAlias,dc=test.hk
query_filter = (&(objectClass=extmailAlias)(mailLocalAddress=%s)(active=1))
result_attribute = mail
cache = no
bind = no
scope = sub

[root@mail ~]# cat /etc/postfix/ldap/ldap_virtual_domains_maps.cf
server_host = localhost
search_base = o=extmailAccount,dc=test.hk
query_filter = (&(objectClass=extmailDomain)(virtualDomain=%s)(active=1))
result_attribute = virtualDomain
cache = no
bind = no
scope = sub

[root@mail ~]# cat /etc/postfix/ldap/ldap_virtual_limit_maps.cf
server_host = localhost
search_base = o=extmailAccount,dc=test.hk
query_filter = (&(objectClass=extmailUser)(mail=%s)(active=1))
result_attribute = mailQuota
cache = no
bind = no
scope = sub

[root@mail ~]# cat /etc/postfix/ldap/ldap_virtual_mailbox_maps.cf
server_host = localhost
search_base = o=extmailAccount,dc=test.hk
query_filter = (&(objectClass=extmailUser)(mail=%s)(active=1))
result_attribute = mailMessageStore
cache = no
bind = no
scope = sub

[root@mail ~]# cat /etc/postfix/ldap/ldap_virtual_sender_maps.cf
server_host = localhost
search_base = o=extmailAccount,dc=test.hk
query_filter = (&(objectClass=extmailUser)(mail=%s)(active=1))
result_attribute = mail
cache = no
bind = no
scope = sub

[root@mail ~]# cat /etc/postfix/ldap/init.ldif
# test.hk
dn: dc=test.hk
objectClass: organization
objectClass: dcObject
dc: test.hk
o: test.hk

# Manager, test.hk
dn: cn=Manager,dc=test.hk
objectClass: top
objectClass: organizationalRole
cn: Manager

# domains + users: o=extmailAccount, dc=test.hk
dn: o=extmailAccount,dc=test.hk
objectClass: organization
o: extmailAccount

# aliases: o=extmailAlias, dc=test.hk
dn: o=extmailAlias,dc=test.hk
objectClass: organization
o: extmailAlias

# manager: o=extmailManager, dc=test.hk
dn: o=extmailManager,dc=test.hk
objectClass: organization
o: extmailManager

# Domain: virtualDomain=test.hk, o=extmailAccount, dc=test.hk
dn: virtualDomain=test.hk, o=extmailAccount, dc=test.hk
virtualDomain: test.hk
description: A virtualDomain for test.hk
hashDirPath: A0/B0
Transport: virtual:
domainMaxQuota: 1073741824
domainMaxUsers: 50
domainMaxAlias: 50
domainMaxNetStore: 1073741824
defaultQuota: 5242880
defaultNetStore: 5242880
defaultExpire: 1y
disablesmtpd: 0
disablesmtp: 0
disablewebmail: 0
disablenetdisk: 0
disableimap: 1
disablepop3: 0
active: 1
expireDate: 2010-10-01 10:00:01
createDate: 2007-02-14 13:47:56
objectclass: top
objectclass: extmailDomain

# User: , virtualDomain=test.hk, o=extmailAccount, dc=test.hk
dn: , virtualDomain=test.hk, o=extmailAccount, dc=test.hk
cn: Test user
uid: test
mail:
virtualDomain: test.hk
mailMessageStore: test.hk/postmaster/Maildir/
homeDirectory: test.hk/postmaster
userName:
mailQuota: 104857600S
netdiskQuota: 52428800S
uidNumber: 1000
gidNumber: 1000
userPassword: {CRYPT}$1$phz1mRrj$3ok6BjeaoJYWDBsEPZb5C0
active: 1
disablesmtpd: 0
disablesmtp: 0
disablewebmail: 0
disablenetdisk: 0
disableimap: 0
disablepop3: 0
expireDate: 2010-10-01 00:00:00
createDate: 2007-02-14 17:56:33
objectClass: top
objectClass: uidObject
objectClass: extmailUser

# Alias: , o=extmailAlias, dc=test.hk
dn: , o=extmailAlias, dc=test.hk
mailLocalAddress:
virtualDomain: test.hk
mail:
active: 1
objectclass: extmailAlias

# Manager: , o=extmailManager, dc=test.hk
dn: , o=extmailManager, dc=test.hk
cn: Root
uid: root
mail:
userPassword: {CRYPT}$1$BrT9qxfB$Ha81Mb5YVV6rNKNN5jmtj1
managerType: admin
active: 1
question: who are you?
answer: postmaster
disablePasswdChange: 0
createDate: 2007-02-14 18:32:14
expireDate: 2010-08-01 00:00:00
objectclass: top
objectclass: extmailManager


[root@mail ~]# cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@mail ~]# slapadd -vl init.ldif
[root@mail ~]# chown -R ldap.ldap /var/lib/ldap/
[root@mail ~]# chkconfig --level 0123456  ldap on
[root@mail ~]# service ldap start

 


5)配置dovecot
5.1)配置dovecot的主配置文件/etc/dovecot.conf
[root@mail /]# cp /etc/dovecot.conf /etc/dovecot.conf-orig #备份一份dovecot的原始配置文件
[root@mail /]# vi /etc/dovecot.conf    #编辑dovecot配置文件
base_dir=/var/run/dovecot
protocols=imap imaps pop3 pop3s
listen=*
mail_location = maildir:/home/domains/%d/%n/Maildir  #虚拟用户maildir形式的邮箱路径(和Extmail一致)
auth default {
mechanisms = plain login      #认证方法(ldap认证不支持除plain login外的)
passdb ldap {       #去掉前面的注释
args = /etc/dovecot-ldap.conf     #定义mysql文件路径
userdb ldap {       #去掉前面的注释
args = /etc/dovecot-ldap.conf     #定义mysql文件路径
socket listen {
client {
path = /var/run/dovecot/auth-client
      mode = 0660
      user = postfix      #添加
      group = postfix      #添加
    }        #去掉前面的注释
  }        #去掉前面的注释
}

5.2)配置dovecot的ldap认证配置文件
[root@mail ldap]# cat /etc/dovecot-ldap.conf
hosts = 10.10.119.204:389
dn = cn=Manager,dc=test.hk
dnpass = 123456
ldap_version = 3
base =  o=extmailAccount,dc=test.hk
deref = never
scope = subtree
user_attrs = mail,homeDirectory,,,uidNumber,gidNumber
user_filter = (&(objectClass=extmailUser)(mail=%u)(active=1))
pass_attrs = mail,userPassword
pass_filter = (&(objectClass=extmailUser)(mail=%u)(active=1))
default_pass_scheme = crypt
user_global_uid = postfix
user_global_gid = postfix
auth_bind = yes

 

6)测试发信认证及收信
您可以通过登录postfixadmin新建虚拟域和虚拟用户,也可以直接在mysql中进行创建;
本示例中创建了一个虚拟域:test.hk,并创建了两个虚拟用户:
和,密码分别为test1和test2

由于login认证采用Base64编码格式,故先将用户test1\@test.hk的登录名和密码进行相应的编码:
[root@mailtest postfix]# perl -e 'use MIME::Base64; print encode_base64("test1\@test.hk")'
dGVzdDFAdGVzdC5oaw==

[root@mailtest postfix]# perl -e 'use MIME::Base64; print encode_base64("test1")'
dGVzdDE=

6.1)LOGIN登录测试:
C:\>telnet 10.10.119.204 25
220 mail.test.hk ESMTP "Version not Available"
ehlo mail
250-mail.test.hk
250-PIPELINING
250-SIZE 5242880
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH LOGIN
334 VXNlcm5hbWU6
dGVzdDFAdGVzdC5oaw==
334 UGFzc3dvcmQ6
dGVzdDE=
235 2.0.0 Authentication successful
mail from:test1\@test.hk
250 2.1.0 Ok
rcpt to:test2\@test.hk
250 2.1.5 Ok
data
354 Please start mail input.
test send mail
.
quit
221 Closing connection. Good bye.

Connection to host lost.
C:\>


6.2)POP3收信测试
先对用户进行Base64编码,而后认证登入,测试pop3收信
[root@mailtest postfix]# perl -e 'use MIME::Base64; print encode_base64("test2\@test.hk")'
dGVzdDJAdGVzdC5oaw==
[root@mailtest postfix]# perl -e 'use MIME::Base64; print encode_base64("test2")'
dGVzdDI=


C:\>telnet 10.10.119.204 110
+OK Dovecot ready.
AUTH LOGIN
+ VXNlcm5hbWU6
dGVzdDJAdGVzdC5oaw==
+ UGFzc3dvcmQ6
dGVzdDI=
+OK Logged in.
LIST
+OK 1 messages:
1 1410
.
RETR 1
+OK 1410 octets
Return-Path: <>
X-Original-To:
Delivered-To:
Received: from d2800js7mh1x (unknown [10.10.119.250])
        by mail.test.hk (Postfix) with ESMTP id E8D9413B540
        for <>; Fri, 16 Nov 2007 08:23:43 +0800 (CST)
Message-ID: <>
From: "test1" <>
To: <>
Subject: test.hk
Date: Fri, 16 Nov 2007 10:02:55 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="----=_NextPart_000_0003_01C82837.DBACB3E0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198

This is a multi-part message in MIME format.

------=_NextPart_000_0003_01C82837.DBACB3E0
Content-Type: text/plain;
        charset="gb2312"
Content-Transfer-Encoding: quoted-printable

test.hk
------=_NextPart_000_0003_01C82837.DBACB3E0
Content-Type: text/html;
        charset="gb2312"
Content-Transfer-Encoding: quoted-printable








test.hk

------=_NextPart_000_0003_01C82837.DBACB3E0--


.

7)安装Extmail-1.0.2
7.1)解压安装
# tar zxvf extmail-1.0.2.tar.gz
# mkdir -p /var/www/extsuite
# mv extmail-1.0.2 /var/www/extsuite/extmail
# cp /var/www/extsuite/extmail/webmail.cf.default  /var/www/extsuite/extmail/webmail.cf

7.2)修改Extmail主配置文件
# vi /var/www/extsuite/extmail/webmail.cf
部分修改选项的说明:

SYS_SESS_DIR = /tmp/
临时目录选项,可改作:
SYS_SESS_DIR = /tmp/extmail/

然后建立目录并附权限
[root@mailtest extmail]# mkdir -p /tmp/extmail
[root@mailtest extmail]# chown -R postfix.postfix /tmp/extmail/

SYS_MESSAGE_SIZE_LIMIT = 5242880
用户可以发送的最大邮件

SYS_USER_LANG = en_US
语言选项,可改作:
SYS_USER_LANG = zh_CN

SYS_LOG_TYPE = syslog
LOG选项,如果用syslog,需要安装Unix:syslog模块,此处选择用ASCII文件作为日志
SYS_LOG_TYPE = file

生成extmail日志文件并赋予权限
[root@mailtest extmail]# touch /var/log/extmail.log
[root@mailtest extmail]# chown postfix.postfix /var/log/extmail.log


SYS_MAILDIR_BASE = /home/domains
[root@mailtest extmail]# mkdir -p /home/domains
[root@mailtest extmail]# chown -R postfix.postfix /home/domains

SYS_BACKEND_TYPE = mysql
后台数据库选项,可改作:
SYS_BACKEND_TYPE = ldap

SYS_LDAP_BASE = o=extmailAccount,dc=example.com
SYS_LDAP_RDN = cn=Manager,dc=example.com
SYS_LDAP_PASS = secret
以上三句用来设置连接数据库服务器所使用用户名、密码和邮件服务器用到的数据库,这里修改为:
SYS_LDAP_BASE = o=extmailAccount,dc=test.hk
SYS_LDAP_RDN = cn=Manager,dc=test.hk
SYS_LDAP_PASS = 123456

 

SYS_G_ABOOK_TYPE = file
全集地址本选项,可改作:
SYS_G_ABOOK_TYPE = ldap

 

SYS_G_ABOOK_LDAP_BASE = ou=AddressBook,dc=example.com
SYS_G_ABOOK_LDAP_ROOTDN = cn=Manager,dc=example.com
SYS_G_ABOOK_LDAP_ROOTPW = secret
SYS_G_ABOOK_LDAP_FILTER = objectClass=OfficePerson
全集地址本选项,可改作:
SYS_G_ABOOK_LDAP_BASE i= ou=AddressBook,dc=test.hk
SYS_G_ABOOK_LDAP_ROOTDN = cn=Manager,dc=test.hk
SYS_G_ABOOK_LDAP_ROOTPW = 123456
SYS_G_ABOOK_LDAP_FILTER = objectClass=OfficePerson


SYS_CRYPT_TYPE = md5crypt
密码加密选项,可改作:
SYS_CRYPT_TYPE = crypt

 

7.3)APACHE相关配置
由于extmail要进行本地邮件的投递操作,故必须将运行apache服务器用户的身份修改为您的邮件投递代理的用户;本例中打开了apache服务器的suexec功能,故使用以下方法来实现虚拟主机运行身份的指定。此例中的MDA为postfix自带,因此将指定为postfix用户:

备份一份Apache的主配置文件
[root@mailtest soft]# cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf-orig

注释掉#DocumentRoot "/var/www/html"启用基于域名的虚拟主机

ServerName mail.test.hk
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
SuexecUserGroup postfix postfix


ServerName
DocumentRoot /var/www/html/

注意修改下面的几项:
Listen 10.10.119.204:80
ServerName 10.10.119.204:80
NameVirtualHost 10.10.119.204:80

 


修改 cgi执行文件属主为apache运行身份用户:
[root@mailtest soft]# chown -R postfix.postfix /var/www/extsuite/extmail/cgi/

 


如果您没有打开apache服务器的suexec功能,也可以使用以下方法解决:
[root@mailtest soft]# vi /etc/httpd/config/httpd.conf
User postfix
Group postfix


ServerName mail.test.hk
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi
Alias /extman /var/www/extsuite/extman/html

 

7.4)Extmail依赖关系的解决
extmail将会用到perl的DBD::Mysql和Unix::syslogd功能,对于第一个模块,我是安装OS自带的RPM包,第二个模块没有使用,前面有说明
perl-DBD-MySQL-3.0007-1.fc6


下面是网上的方法解决依赖问题
extmail将会用到perl的DBD::Mysql和Unix::syslogd功能,您可以去搜索下载原码包进行安装。
# tar zxvf Unix-Syslog-0.100.tar.gz
# cd Unix-Syslog-0.100
# perl Makefile.PL
# make
# make install

DBD-Mysql目前最新的版本为DBD-mysql-4.005,但它和系统中的perl结合使用时会造成extmail无法正常使用,因此我们采用3的版本:
# tar zxvf DBD-mysql-3.0002_4.tar.gz 
# cd cd DBD-mysql-3.0002_4
# perl Makefile.PL   (此步骤中如果出现类同Can't exec "mysql_config": No such file or directory at Makefile.PL line 76.的错误是因为您的mysql的bin目录没有输出至$PATH环境变量)
# make
# make install

8)安装Extman-0.2.2
8.1)解压安装
[root@mailtest soft]#  tar zxvf  extman-0.2.2.tar.gz
[root@mailtest soft]#  mv extman-0.2.2 /var/www/extsuite/extman
[root@mail rpm]# cd /var/www/extsuite/extman/docs/
[root@mail docs]# cp extmail.schema /etc/openldap/schema/
[root@mail docs]# cp ldap_virtual_* /etc/postfix/ldap/


8.2)修改Extman的主配置文件
[root@mailtest soft]# vi /var/www/extsuite/extman/webman.cf

SYS_SESS_DIR = /tmp/
临时目录选项,可改作:
SYS_SESS_DIR = /tmp/extman/

然后建立目录并附权限
[root@mailtest extmail]# mkdir -p /tmp/extman
[root@mailtest extmail]# chown -R postfix.postfix /tmp/extman/

SYS_CAPTCHA_ON = 1
显示图形验证码,可改作:
SYS_CAPTCHA_ON = 0


SYS_GROUPMAIL_SENDER =

SYS_GROUPMAIL_SENDER =


SYS_CRYPT_TYPE = md5crypt
密码加密选项,可改作:
SYS_CRYPT_TYPE = crypt

SYS_BACKEND_TYPE = mysql
后台数据库选项,可改作:
SYS_BACKEND_TYPE = ldap

SYS_LDAP_BASE = dc=extmail.org
SYS_LDAP_RDN = cn=Manager,dc=extmail.org
SYS_LDAP_PASS = 123456
LDAP配置选项,可改作:
SYS_LDAP_BASE = dc=test.hk
SYS_LDAP_RDN = cn=Manager,dc=test.hk
SYS_LDAP_PASS = 123456


修改cgi执行文件属主为apache运行身份用户
[root@mailtest soft]#  chown -R postfix.postfix /var/www/extsuite/extman/cgi/


8.3)APACHE相关配置
在apache的主配置文件中Extmail的虚拟主机部分,添加如下两行:
ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi
Alias /extman /var/www/extsuite/extman/html

最后虚拟主机的配置文件成为下面的这个样子

ServerName mail.test.hk
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi
Alias /extman /var/www/extsuite/extman/html
SuexecUserGroup postfix postfix


ServerName
DocumentRoot /var/www/html/

配置Mailgraph_ext,使用Extman的图形日志
接下来安装图形日志的运行所需要的软件包Time::HiRes、File::Tail和rrdtool,其中前两个包您可以去搜索并下载获得,后一个包您可以到 下载获得; 注意安装顺序不能改换。

安装Time::HiRes
#tar zxvf Time-HiRes-1.9707.tar.gz
#cd Time-HiRes-1.9707
#perl Makefile.PL
#make
#make test
#make install

安装File::Tail
#tar zxvf File-Tail-0.99.3.tar.gz
#cd File-Tail-0.99.3
#perl Makefile.PL
#make
#make test
#make install

安装rrdtool-1.2.26
#tar zxvf rrdtool-1.2.26.tar.gz
#cd rrdtool-1.2.26
#./configure --prefix=/usr/local/rrdtool
#make
#make install

创建必要的符号链接(Extman会到这些路径下找相关的库文件)
#ln -sv /usr/local/rrdtool/lib/perl/5.8.8/i386-linux-thread-multi/auto/RRDs/RRDs.so   /usr/lib/perl5/5.8.8/i386-linux-thread-multi/
#ln -sv /usr/local/rrdtool/lib/perl/5.8.8/RRDp.pm   /usr/lib/perl5/5.8.8
#ln -sv /usr/local/rrdtool/lib/perl/5.8.8/i386-linux-thread-multi/RRDs.pm   /usr/lib/perl5/5.8.8

复制mailgraph_ext到/usr/local,并启动之
# cp -r /var/www/extsuite/extman/addon/mailgraph_ext  /usr/local 
# /usr/local/mailgraph_ext/mailgraph-init  start
# /usr/local/mailgraph_ext/qmonitor-init  start

添加到自动启动队列
echo "/usr/local/mailgraph_ext/mailgraph-init start" >> /etc/rc.local
echo "/usr/local/mailgraph_ext/qmonitor-init start" >> /etc/rc.local


注意:安装以上软件所之前,请确保您的系统已经安装了tcl、tcl-devel、freetype、freetype-devel、libart_lgpl和libart_lgpl-devel等相关的软件包

 


9)开启Apache/Mysql/Bind,并让他们自启动
[root@mailtest /]# chkconfig --level 2345 httpd on
[root@mailtest /]# chkconfig --level 2345 mysqld on
[root@mailtest /]# chkconfig --level 2345 named on
[root@mailtest /]# service httpd start
[root@mailtest /]# service mysqld start
[root@mailtest /]# service named start


10)安装反垃圾SpamAssassin
安装系统自带的spamassassin包

11)安装反病毒Clamav
从下面的网站下载clamav

[root@mail ~]# groupadd clamav
[root@mail ~]# useradd -g clamav -s /bin/nologin -c "Clam AntiVirus" clamav
[root@mail ~]# mkdir /etc/clamav
[root@mail ~]# chown -R clamav.clamav  /etc/clamav

[root@mail ~]# tar zxvf clamav-0.91.2.tar.gz
[root@mail clamav-0.91.2]# cd clamav-0.91.2
[root@mail clamav-0.91.2]# ./configure --sysconfdir=/etc/clamav
[root@mail clamav-0.91.2]# make
[root@mail clamav-0.91.2]# make install

配置clamav的主配置文件
#vi /etc/clamav/clamd.conf
请先将文件中的 Example 这行删除掉或在其前面加上 # 注释掉
去掉注释或更改下面行的值
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 2M
PidFile /home/clamav/clamd.pid
DatabaseDirectory /usr/local/share/clamav
LocalSocket /home/clamav/clamd.sock
ScanMail yes
ScanArchive yes
ArchiveMaxFiles 1000
MaxThreads 200
MaxDirectoryRecursion 15
User clamav
这样 clamav 就基本可以工作了

接下来要下载病毒资料库
首先编辑 /etc/clamav/freshclam.conf 文件
[root@mail clamav-0.91.2]#  vi /etc/clamav/freshclam.conf
请先将文件中的 Example 这行删除掉或在其前面加上 # 注释掉
去掉次行注释并修改为  UpdateLogFile /var/log/clamav/freshclam.log


在 DatabaseMirror database.clamav.net 行下面在加入几个地址,更多地址请参考文档 clamav.pdf
DatabaseMirror clamav.inet6.fr
DatabaseMirror clamav.netopia.pt
DatabaseMirror clamav.sonic.net

这样该文件就可以了。若升级数据库时无法连接就注释掉DatabaseMirror database.clamav.net 行,留下剩下的行.
下面生成/var/log/freshclam.log 文件
[root@mail clamav-0.91.2]# mkdir /var/log/clamav
touch /var/log/clamav/clamd.log
touch /var/log/clamav/freshclam.log
chmod 600 /var/log/clamav/freshclam.log
chmod 600 /var/log/clamav/clamd.log
chown clamav /var/log/clamav/clamd.log
chown clamav /var/log/clamav/freshclam.log


运行数据库的更新
[root@mail clamav-0.91.2]#  freshclam -d -c 2   (-d 选项为该命令以 daemon 方式运行 -c 2 这个选项的意思是每天检查2次数据库更新)
[root@mail clamav-0.91.2]#  freshclam --quiet --stdout 手动更新数据库

更新结束后请到 /usr/src/clamav-0.91.2/test 目录下检查数据库里所认知的病毒数量
执行 clamscan test


建议用户做成启动脚本
/etc/rc3.d/S91clamav 内容如下:
/usr/local/bin/freshclam -d -c 2
/usr/local/sbin/clamd

 

12)安装MailScanner
MailScanner-4.65.3-1.rpm.tar.gz
tar -zvxf MailScanner-4.65.3-1.rpm.tar.gz
cd
./install.sh


可以将里面的src.rpm用rpmbuild --rebuild **.src.rpm
然后到/usr/src/redhat/RPMS/noarch去安装生成的rpm包

 

建立Mailscanner支持spamassassin所需的目录:
# mkdir /var/spool/MailScanner/spamassassin
# chmod 700 /var/spool/MailScanner/spamassassin
# chown postfix.postfix /var/spool/MailScanner/spamassassin

修改spamassassin的配置文件
vi /etc/mail/spamassassin/local.cf
# How many hits before a message is considered spam.
required_hits           5.0
# Text to prepend to subject if rewrite_subject is used
rewrite_header Subject             *****SPAM*****
# Encapsulate spam in an attachment
report_safe             1
# Enable the Bayes system
use_bayes               1
# Enable or disable network checks
skip_rbl_checks         1
use_razor2              0
use_pyzor               0
# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales              all

 


修改MailScanner.conf
# vi /etc/MailScanner/MailScanner.conf
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Virus Scanners = clamav
Always Include SpamAssassin Report = yes
Use SpamAssassin = yes
Required SpamAssassin Score = 4
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamAssassin Install Prefix = /usr/bin
SpamAssassin Local Rules Dir = /etc/MailScanner

修改 postfix支持mailscanner
# vi /etc/postfix/main.cf
变更以下的值
header_checks = regexp:/etc/postfix/header_checks
# vi /etc/postfix/header_checks
/^Received:/ HOLD
注意, 在 / 之前不可以有空白!

变更目录权限
# chown postfix.postfix /var/spool/MailScanner/incoming
# chown postfix.postfix /var/spool/MailScanner/quarantine
停止postfix执行、启动MailScanner
# service postfix stop
# chkconfig postfix off
# service MailScanner start
设定MailScanner,当MTA = postfix时,会自己启动postfix,如有设定启动postfix的请先将它停掉
定期更新病毒定义文件
# crontab -e
0 4 * * * /usr/local/bin/freshclam

 


FAQ
1)Open LDAP服务器数据的导入和导出(实现备份)
导出数据
ldapsearch -xW -D "cn=Manager,dc=test.hk" -b "dc=test.hk" >bak.ldif

导入数据
ldapadd -xW -D "cn=Manager,dc=test.hk" -f

Note:如果你的邮件用户很多,最好再架个一主两从服务器结构,主只写,从两从服务器读


2)配置phpldapadmin

// $ldapservers->SetValue($i,'appearance','password_hash','md5');
密码加密选项,可改作:
$ldapservers->SetValue($i,'appearance','password_hash','crypt');

3)其他问题参见前一篇基于MySQL的Postfix的文章

 


参考文档
同前一片基于MySQL的Postfix

阅读(5406) | 评论(9) | 转发(1) |
给主人留下些什么吧!~~

chinaunix网友2008-08-07 15:36:38

F:如何列出当前安装的postfix支持的所有参数及其值 Q:postconf -d|more

chinaunix网友2008-07-21 16:28:35

[root@webmail ldap]# slapadd -vl init.ldif bdb_db_open: DB_CONFIG for suffix dc=my-domain,dc=com has changed. Performing database recovery to activate new settings. slapadd: line 7: database (dc=my-domain,dc=com) not configured to hold "dc=ccc.com.cn" slapadd: line 7: database (dc=my-domain,dc=com) not configured to hold "dc=ccc.com.cn" 是什麼問題呀?

chinaunix网友2008-07-21 11:37:14

5.2)配置dovecot的ldap认证配置文件 [root@mail ldap]# cat /etc/dovecot-ldap.conf hosts = 10.10.119.204:389 dn = cn=Manager,dc=test.hk dnpass = 123456 ldap_version = 3 base = o=extmailAccount,dc=test.hk deref = never scope = subtree user_attrs = mail,homeDirectory,,,uidNumber,gidNumber user_filter = (&(objectClass=extmailUser)(mail=%u)(active=1)) pass_attrs = mail,userPassword pass_filter = (&(objectClass=extmailUser)(mail=%u)(active=1)) default_pass_scheme = crypt user_global_uid = postfix

chinaunix网友2008-05-22 14:31:17

你怎么没有配置dovecot-ldap.conf这个文件,不配置这个文件怎么使ldap与dovecot结合起来呢???