2007-5-10

Postfix+Mysql+Maildrop安装笔记

 

一、安装启动好Httpd,Mysqld,配置Postfixadmin

[root@localhost postfix]# tar xzvf postfixadmin-2.1.0.tgz

[root@localhost postfix]# mv postfixadmin-2.1.0 /var/www/html/postfixadmin

[root@localhost postfix]# service httpd start

[root@localhost postfix]# service mysqld start

[root@localhost postfix]# mysql -uroot < /var/www/html/postfixadmin/DATABASE_MYSQL.TXT

[root@localhost postfix]# service httpd restart

 

打开浏览器，,即可增加域名,暂先别增加用户，在后面会有详细讲。

 

二、检查cyrus-sasl，系统自带的即可。编译安courier-authlib

[root@localhost postfix]# rpm -qa |grep cyrus-sasl

cyrus-sasl-md5-2.1.19-5.EL4

cyrus-sasl-ntlm-2.1.19-5.EL4

cyrus-sasl-plain-2.1.19-5.EL4

cyrus-sasl-devel-2.1.19-5.EL4

cyrus-sasl-gssapi-2.1.19-5.EL4

cyrus-sasl-2.1.19-5.EL4

cyrus-sasl-sql-2.1.19-5.EL4

 

[root@localhost postfix]# tar xjvf courier-authlib-0.59.3.tar.bz2

[root@localhost postfix]# cd courier-authlib-0.59.3

[root@localhost courier-authlib-0.59.3]# groupadd vmail

[root@localhost courier-authlib-0.59.3]# useradd vmail -d /dev/null -s /sbin/nologin -g vmail

[root@localhost courier-authlib-0.59.3]# ./configure --prefix=/usr/local/courier-authlib --without-stdheaderdir --without-authuserdb --without-authpam --without-authldap --without-authpwd --without-authshadow --without-authvchkpw --without-authpgsql --with-authdaemonvar=/var/spool/authdaemon --without-authcustom --with-authmysql --with-mysql-libs=/usr/lib --with-mysql-includes=/usr/include/mysql --with-redhat --with-authmysqlrc=/usr/local/courier-authlib/etc/authmysqlrc --with-mailuser=vmail --with-mailgroup=vmail --with-authdaemonrc=/usr/local/courier-authlib/etc/authdaemonrc CHOST="i686-pc-linux-gnu" CFLAGS="-march=pentium4 -O2 -pipe -fomit-frame-pointer" CXXFLAGS="-march=pentium4 -O2 -pipe -fomit-frame-pointer"

[root@localhost courier-authlib-0.59.3]# make

[root@localhost courier-authlib-0.59.3]# make install

FAQ：

1.       如果courier-authlib安装到非标准位置（例如安装到/usr/local下），一定记得在./configure时增加--without-stdheaderdir，这样以后在编译Courier-IMAP和maildrop的时候，不用特别指定courier-authlib的库文件位置

2.       投递过程出现如下错误:

May 30 16:08:27 microsea-work postfix/pipe[25422]: D822E210104: to=<>, relay=maildrop, delay=1248, status=deferred (temporary failure. Command output: ERR: authdaemon: s_connect() failed: Permission denied /usr/local/bin/maildrop: Temporary authentication failure. )

说明编译authlib时没有指定maildrop的用户和组,加上--with-mailuser和--with-mailgroup 指定用户和组后重编译安装.

 

[root@localhost courier-authlib-0.59.3]# vi /usr/local/courier-authlib/etc/authdaemonrc

authmodulelist="authmysql"

authmodulelistorig="authmysql"

daemons=10

[root@localhost courier-authlib-0.59.3]# vi /usr/local/courier-authlib/etc/authmysqlrc

MYSQL_SERVER localhost

MYSQL_USERNAME postfix

MYSQL_PASSWORD postfix

MYSQL_SOCKET /var/lib/mysql/mysql.sock

MYSQL_DATABASE postfix

MYSQL_USER_TABLE mailbox

MYSQL_CRYPT_PWFIELD password

MYSQL_UID_FIELD '501' //vmail的Uid

MYSQL_GID_FIELD '502' //Vmail的Gid

MYSQL_LOGIN_FIELD username

MYSQL_HOME_FIELD concat('/var/spool/mail/',maildir)

MYSQL_MAILDIR_FIELD concat('/var/spool/mail/',maildir)

MYSQL_NAME_FIELD name

[root@localhost ~]# chmod 755 /var/spool/authdaemon

[root@localhost courier-authlib-0.59.3]# /usr/local/courier-authlib/sbin/authdaemond start //启动courier-authlib

 

编译 Maildrop

[root@localhost postfix]# tar xjvf maildrop-2.0.2.tar.bz2

[root@localhost postfix]# cd maildrop-2.0.2

[root@localhost maildrop-2.0.2]# ln -s /usr/local/courier-authlib/bin/courierauthconfig /usr/bin/courierauthconfig

[root@localhost maildrop-2.0.2]# ./configure --enable-sendmail=/usr/sbin/sendmail --enable-trusted-users='root vmail' --enable-syslog=1 --enable-maildirquota --enable-maildrop-uid=501 --enable-maildrop-gid=502 --with-trashquota --with-dirsync

[root@localhost maildrop-2.0.2]# make

[root@localhost maildrop-2.0.2]# make install

 

FAQ：

注意源码安装的，将courierauthconfig 命令链接到/usr/bin里，假设装在：

/usr/local/courier-authlib/bin/courierauthconfig，则：

ln -s /usr/local/courier-authlib/bin/courierauthconfig /usr/bin/courierauthconfig

这样编译出来的maildrop才会ourier Authentication Library extension enabled.

[root@localhost maildrop-2.0.2]# maildrop -v

maildrop 2.0.2 Copyright 1998-2005 Double Precision, Inc.

GDBM extensions enabled.

Courier Authentication Library extension enabled.

Maildir quota extension enabled.

This program is distributed under the terms of the GNU General Public

License. See COPYING for additional information.

 

配置smtpd.conf文件

[root@localhost postfix]# vi /usr/lib/sasl2/smtpd.conf

pwcheck_method: authdaemond

log_level: 3

mech_list: plain login

authdaemond_path:/var/spool/authdaemon/socket

 

 

 

 

 

三、编译配置Postfix

[root@localhost postfix]# rpm -e sendmail –nodeps //删除sendmail

[root@localhost postfix]# groupadd postfix

[root@localhost postfix]# groupadd postdrop

[root@localhost postfix]# useradd postfix -g postfix -c "Postfix user" -d /dev/null -s /sbin/nologin

[root@localhost postfix]# tar xzvf postfix-2.3.3.tar.gz

[root@localhost postfix]#make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_TLS -DUSE_SASL_AUTH -I/usr/include/sasl -DUSE_CYRUS_SASL -DUSE_SASL_AUTH -I/usr/lib/sasl' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib -lssl -lcrypto -lsasl2'

[root@localhost postfix-2.3.3]# make

[root@localhost postfix-2.3.3]#make install

 

配置main.cf

#=====================BASE=========================
myhostname = mail.你的域名
mydomain = 你的域名
myorigin = $mydomain
mydestination =
mynetworks = 192.168.1.0/24 127.0.0.0/8
inet_interfaces = all

alias_maps = hash:/etc/postfix/aliases

home_mailbox = Maildir/

#=====================Vritual Mailbox settings=========================
virtual_mailbox_base = /var/spool/mail
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:501
virtual_gid_maps = static:502
#virtual_transport = virtual

virtual_transport = maildrop
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1

#====================QUOTA========================
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes 

#====================SASL========================
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination,permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner=$myhostname ESMTP "Version not Available"

 

[root@localhost postfix]# vi /etc/postfix/mysql_virtual_alias_maps.cf

user = postfix

password = postfix

hosts = localhost

dbname = postfix

table = alias

select_field = goto

where_field = address

 

[root@localhost postfix]# vi /etc/postfix/mysql_virtual_domains_maps.cf

user = postfix

password = postfix

hosts = localhost

dbname = postfix

table = domain

select_field = description

where_field = domain

 

[root@localhost postfix]# vi /etc/postfix/mysql_virtual_mailbox_limit_maps.cf

user = postfix

password = postfix

hosts = localhost

dbname = postfix

table = mailbox

select_field = quota

where_field = username

 

 

 [root@localhost postfix]# vi /etc/postfix/mysql_virtual_mailbox_maps.cf

user = postfix

password = postfix

hosts = localhost

dbname = postfix

table = mailbox

select_field = maildir

where_field = username

 

[root@localhost postfix]# postalias hash:/etc/postfix/aliases

[root@localhost postfix]# postfix start //启动postfix

FAQ:

启动postfix后，就可以发送电邮了。如有错误，要查看日志,如出现这个错误（in BOTH mydestination and virtual_mailbox_domains），就要将Main.cf里配制改一改:

將main.cf下面的改下試試:
#mydestination = $mydomain,$myhostname,localhost
改成:

mydestination =

看看/var/log/message或/var/log/maillog 在认证失败时有什么提示。根据提示去检查问题到底出在哪儿
warning: SASL authentication failure: cannot connect to Courier authdaemond: Permission denied
检查 authdaemond的socket所在目录及其父目录的属性是否对smtpd可读。如果不可读则出现这个问题（permission的问题）。3.warning: SASL authentication failure: cannot connect to Courier authdaemond: No such file or directory
检查/usr/local/lib/sasl2/smtpd.conf，看看是否有多写一个空格，一般空格很难直观的发现

 

四、使用Postfixadmin增加用户

因为是采用Maildrop 方式转送邮件，Maildrop没有建立邮箱目录的能力。（virtual方式则不用），所以要增加一个小脚本来实现。

修改/etc/sudoers (文件属性改为0755, 改好后再改回 0440)

[root@localhost postfix]# chmod 0755 /etc/sudoers

vi /etc/sudoers

vmail ALL = NOPASSWD: /usr/sbin/maildirmake.sh

[root@localhost postfix]# chmod 0440 /etc/sudoers

 

创建/usr/sbin/maildirmake.sh脚本

[root@localhost postfix]# vi /usr/sbin/maildirmake.sh

#!/bin/bash

set -e

cd "/var/spool/mail/"

/usr/local/bin/maildirmake "$2@$1"

chown -R vmail:vmail /var/spool/mail/"$2@$1"

[root@localhost postfix]# chmod 755 /usr/sbin/maildirmake.sh

 

接着在Postfixadmin

vi /var/www/html/postfixadmin/admin/create-mailbox.php //在200行后面增加以下一行

system("sudo /usr/sbin/maildirmake.sh $fDomain ".$_POST['fUsername']);

 

 

 

更改httpd以vmail用户运行，更改/var/spool/mail目录属主为vmail

[root@localhost postfix]#vi /etc/httpd/conf/httpd.conf

更改：User apache  为User vmail

更改：Group apache 为Group vmail

[root@localhost postfix]#service httpd restart

[root@localhost postfix]#chown vmail.vmail /var/spool/mail/

 

新增用户，检查看看/var/spool/mail/下有没有新建立用户的邮箱目录

 

五、配置Dovecot，增加IMAP，IMAPS，POP3，POP3S功能
由于Dovecot 是系统自带的，配置两个文件，再生成证书就可以了

[root@localhost mail]# vi /etc/dovecot.conf

base_dir = /var/run/dovecot/
protocols = imap imaps pop3 pop3s
imap_listen = [::]
pop3_listen = [::]
ssl_disable = no
ssl_cert_file = /etc/ssl/certs/imapd.pem
ssl_key_file = /etc/ssl/private/imapd.pem
ssl_parameters_file = /var/run/dovecot/ssl-parameters.dat
login_dir = /var/run/dovecot-login
login = imap
login = pop3
mbox_locks = fcntl
auth = default
auth_mechanisms = plain
auth_userdb = passwd
auth_user = root
default_mail_env = maildir:/var/spool/mail/%u/
auth_userdb = mysql /etc/dovecot-mysql.conf
auth_passdb = mysql /etc/dovecot-mysql.conf
first_valid_uid = 501 //501为vmail用户的Uid

 

 

 

 

 

[root@localhost mail]# vi /etc/dovecot-mysql.conf

db_host = localhost

db_port = 3306

db_unix_socket = /var/lib/mysql/mysql.sock

db = postfix

db_user = postfix

db_passwd = postfix

db_client_flags = 0

default_pass_scheme = PLAIN-MD5

password_query = SELECT password FROM mailbox WHERE username = '%u'

user_query = SELECT maildir, 501 AS uid, 501 AS gid FROM mailbox WHERE username = '%u'

生成证书

[root@localhost mail]# mkdir /etc/ssl

[root@localhost mail]# mkdir /etc/ssl/certs

[root@localhost mail]#mkdir /etc/ssl/private

[root@localhost mail]# cd /usr/share/doc/dovecot-0.99.11/

[root@localhost dovecot-0.99.11]# sh mkcert.sh

启动dovecot

用Outlook测试收发邮件。如正常，日志无其它错误。则继续。

 

接着用Maildrop调用SA,写/etc/maildropc文件来调用SA,将垃圾邮件移动用户的.Spam夹

[root@localhost ~]# vi /etc/maildroprc

# /etc/maildroprc

SHELL="/bin/sh"

DEFAULT="/var/spool/mail/$LOGNAME"

 

`/usr/bin/test -d "$DEFAULT"`

 

if ( $RETURNCODE == 1 )

{

   `/usr/local/bin/maildirmake "$DEFAULT"`

}

 

if ($SIZE < 262144)

{

    #xfilter "/usr/bin/spamc -f -u root"

    xfilter "/usr/bin/spamassassin"

 

    if (/^X-Spam-Flag: *YES/)

    {

                `/usr/bin/test -d "$DEFAULT"/.Spam`

                if( $RETURNCODE == 1 )

                {

                        `/usr/local/bin/maildirmake -f Spam "$DEFAULT"`

                }

        to "$DEFAULT/.Spam/."

        exit

    }

    else

    {

        to "$DEFAULT/."

        exit

    }

}

else

{

    to "$DEFAULT/."

    exit

}

 

呵呵。。完成了。