邮件服务器Postfix+extmail+courier-imap配置
邮件服务器Postfix+extmail+courier-imap配置一.首先介绍安装环境:
OS:centos5.4最小化安装,选择了组件 base,devlopment libraries development tools editors text-base internet 这几个组件,其他的一概不选。安装系统完毕,直接进行yum update -y &升级。
在终端输入setup命令 选择firewall configuration 将security level 与SELinux 改为disabled,目的是为了避免在安装调试时产生不必要的麻烦,在系统安装完成后,可以自己去调试安全部分,在这里将不作详细介绍。
二.组件选择说明:
我们能用RPM 安装的,我们将采用rpm 安装,如果rpm没有的,我们将创建自己的rpm。部分软件简介:
1、AMP ---apache(web服务) 、mysql(数据库)、php(非必需) 的简称
2、postfix --mta 邮件系统核心
3、courier-authlib--一个为courier-imap,maildrop,sasl2 提供用户信息的后台进程序
4、courier-imap --提供pop3,pop3s,imap,imaps 服务的程序
5、dspam clamd --提供内容过滤
6、extmail --一个著名的webmail程序
7、extman --与extmail集成的后台管理程序
三:组件安装
1、安装AMP
# yum -y install httpd httpd-devel mysql mysql-devel mysql-server php php-xml php-cli php-pdo php-mbstring php-mcrypt php-gd php-common php-devel php-mysql
修改启动配置并启动
# chkconfig --level 345 mysqld on
# chkconfig --level 345 httpd on
# service mysqld start
# service httpd start
2.下载extman(http://www.extmail.org/cgi-bin/download.cgi)
# tar zxf extman-1.1.tar.gz
# cd extman-1.1/docs/
# mysql -uroot <extmail.sql
# mysql -uroot <init.sql
3、RPM 简介
下面我们将采用rpm 的方式安装软件
/usr/src/redhat/SPEC spec 文件夹,通常是rpm文件夹
/usr/src/redhat/RPMS 是生成rpm 的文件,下面还有i368,i486 等子文件夹,一般我们用i386 架构
/usr/src/redhat/SOURCE 源文件文件夹
为了安装时切换目录的方便,我们将目录存放到一个shell变量里。
# export RPMS=/usr/src/redhat/RPMS
# export SOURCE=/usr/src/redhat/SOURCES
# export SPEC=/usr/src/redhat/SPECS
在下面安装过程中,大家要记住cd $RPMS 与cd /usr/src/redhat/RPMS 的目的是一样的,只是shell变量的替换。
4、安装authlib (courier-authlib-0.63.0)
A、安装依懒的包
# yum -y install postgresql-devel expect libtool-ltdl-devel
# wget http://prdownloads.sourceforge.net/courier/courier-authlib-0.63.0.tar.bz2
# tar xjf courier-authlib-0.63.0.tar.bz2
# cd courier-authlib-0.63.0
# cp courier-authlib.spec $SPEC
# cd ..
# cp courier-authlib-0.63.0.tar.bz2 $SOURCE
# cd $SPEC
# rpmbuild -bb courier-authlib.spec (创建rpm文件)
B、安装生成的rpm
# cd $RPMS/i386
# rpm -ivh courier-authlib-0.63.0-1.i386.rpm
# rpm -ivh courier-authlib-devel-0.63.0-1.i386.rpm
# rpm -ivh courier-authlib-mysql-0.63.0-1.i386.rpm
C、配置authlibdaemon
# cd /etc/authlib/
# mv authdaemonrc authdaemonrc.bak
# vim authdaemonrc
输入下面的内容:
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=10
authdaemonvar=/var/spool/authdaemon
DEBUG_LOGIN=2
DEFAULTOPTIONS="wbnodsn=1"
LOGGEROPTS=""
D、配置authmysqlrc
# mv authmysqlrc authmysqlrc.bak
# vim authmysqlrc
输入下面的内容:
MYSQL_SERVER localhost
MYSQL_USERNAME extmail
MYSQL_PASSWORD extmail
MYSQL_PORT 0
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_OPT 0
MYSQL_DATABASE extmail
MYSQL_SELECT_CLAUSE SELECT username,password,"",uidnumber,gidnumber,\
CONCAT('/home/domains/',homedir), \
CONCAT('/home/domains/',maildir), \
quota, \
name \
FROM mailbox \
WHERE username = '$(local_part)@$(domain)'
E、启动authlib
# service courier-authlib start
Starting Courier authentication services: authdaemond
# chmod 777 /var/spool/authdaemon/
5.安装courier-imap
由于courier-imap 不能用root身份生成rpm那么我们新建一个普通用户,并创建一个rpm环境
# useradd yiyou 在这里添加自己的用户
软件包依懒需要安装openldap-server,rpm创建完成后可以删除
# yum -y install openldap-servers
# su - yiyou
$ mkdir -p rpm/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
$ vim ~/.rpmmacros
输入内容:
%_topdir /home/yiyou/rpm
$ wget http://prdownloads.sourceforge.net/courier/courier-imap-4.7.0.tar.bz2
$ cp courier-imap-4.7.0.tar.bz2 rpm/SOURCES/
$ tar xjf courier-imap-4.7.0.tar.bz2
$ cd courier-imap-4.7.0
$ cp courier-imap.spec ../rpm/SPECS/
$ cd ../rpm/SPECS/
编辑courier-imap.spec 将下面的内容:
%if %suse_version
BuildRequires: rpm >= 3.0.5 /usr/bin/sed openldap2 openldap2-devel %([ %{suse_version} -gt 819 ] && echo /usr/include/fam.h)
%else
BuildRequires: rpm >= 4.0.2 sed /usr/include/fam.h openldap-devel openldap-servers
%endif
改为:将此处fam.h 去掉 此处好像没有openldap相关选项 2010-1-12
%if %suse_version 在这里好像提示没有安装openldap-server yum install openldap* 还真没装
BuildRequires: rpm >= 3.0.5 /usr/bin/sed openldap2 openldap2-devel
%else
BuildRequires: rpm >= 4.0.2 sed openldap-devel openldap-servers
%endif
创建rpm
$ rpmbuild -bb courier-imap.spec
完成rpm后,输入exit退出当前用户。
# rpm -ivh /home/yiyou/rpm/RPMS/i386/courier-imap-4.7.0-1.i386.rpm
# service courier-imap start
6.安装cyrus-sasl
# yum install -y cyrus-sasl-devel cyrus-sasl-plain cyrus-sasl cyrus-sasl-lib
A.配置sasl2
创建/usr/lib/sasl2/smtpd.conf 文件,输入下面的内容:
pwcheck_method:authdaemond
log_level:3
mech_list:PLAIN LOGIN
authdaemond_path:/var/spool/authdaemon/socket
7、安装postfix 升级至2.6.5
A、下载软件包
# cd
# wget http://ftp.wl0.org/official/2.6/SRPMS/postfix-2.6.5-1.src.rpm
# rpm -ivh postfix-2.6.5-1.src.rpm
# cd $SPEC
编辑postfix.spec 修改下面的选项
%define distribution rhel-5.0
%define with_mysql_redhat 1
%define with_sasl 2
%define with_vda 1
%define with_pcre 1
B、创建rpm
# rpmbuild -bb postfix.spec
# cd $RPMS/i386
# rpm -ivh postfix-2.6.5-1.rhel5.i386.rpm
C、切换mta
# alternatives --config mta (选择2,postfix)
# rpm -e sendmail
# cd /usr/sbin/
# mv sendmail sendmail.bak
# newaliases
# ln -s sendmail.postfix sendmail
D、配置postfix
# cd /etc/postfix/
# mv main.cf main.cf.bak
# vim main.cf
输入下面的内容:
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = /usr/share/doc/postfix-2.6.5-documentation/html
manpage_directory = /usr/share/man
sample_directory = /etc/postfix
readme_directory = /usr/share/doc/postfix-2.6.5-documentation/readme
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
myhostname = mail.360book.com.cn(修改为自己的域名)
mydomain = 360book.com.cn(修改为自己的域名)
mydestination = $myhostname
smtpd_banner = 360book.com.cn ESMTP Mail System(修改为自己的域名)
message_size_limit = 14680064
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_base = /home/domains
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_limit_maps.cf
virtual_transport = maildrop
maildrop_destination_recipient_limit = 1
#sasl
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname
dspam_destination_recipient_limit = 1
复制extman/docs 目录的cf 文件到/etc/postfix
# cp /root/extman-1.1/docs/mysql_virtual_* .
因为配置文件的用户、密码与数据库时一样,所以不用修改。
# service postfix start
9、安装maildrop
A、下载生成RPM
# cd
# wget http://prdownloads.sourceforge.net/courier/maildrop-2.3.0.tar.bz2
# cp maildrop-2.3.0.tar.bz2 $SOURCE
# tar xjf maildrop-2.3.0.tar.bz2
# cd maildrop-2.3.0
# cp maildrop.spec $SPEC
# cd $SPEC
编辑maildrop.spec 把下面:
BuildRequires: /usr/include/fam.h gdbm-devel pcre-devel
改为:
BuildRequires: gdbm-devel pcre-devel
把下面:
%configure --with-devel --enable-userdb --enable-maildirquota \
--enable-syslog=1 --enable-trusted-users='root mail daemon postmaster qmaild mmdf' \
--enable-restrict-trusted=0 \
--enable-sendmail=/usr/sbin/sendmail
改为:
%configure --with-devel --enable-userdb --enable-maildirquota \
--enable-syslog=1 --enable-trusted-users='root mail daemon postmaster qmaild mmdf' \
--enable-restrict-trusted=0 --enable-sendmail=/usr/sbin/sendmail \
--enable-authlib
B、创建安装maildrop rpm
# yum -y install pcre-devel
# rpmbuild -bb maildrop.spec
# cd $RPMS/i386
# rpm -ivh maildrop-2.3.0-1.i386.rpm
C、添加虚似用户及创建目录
# cd 在这里提示已经添加了用户 应该是安装postfix的时候创建的用户
# groupadd -g 1000 vgroup
# useradd -g 1000 -u 1000 -s /sbin/nologin -d /dev/null vuser
编辑/etc/postfix/master.cf ,加入下面的内容:
maildrop unix - n n - - pipe
flags=DRhu user=vuser argv=/usr/bin/maildrop -d ${user}@${nexthop} ${recipient} ${user} ${extension} ${nexthop}
D、创建邮件存储目录
# mkdir -p /home/domains/extmail.org/postmaster
# maildirmake /home/domains/extmail.org/postmaster/Maildir
# chown -R vuser:vgroup /home/domains/
E、测试maildrop
# echo "test" | maildrop -V 10 -d postmaster@extmail.com
maildrop:authlib: groupid=1000
maildrop: authlib: userid=1000
maildrop:authlib:logname=postmaster@extmail.org,
home=/home/domains/extmail.org/postmaster, mail=/home/data/domains/extmail.org/postmaster/Maildir/
maildrop: Changing to /home/data/domains/extmail.org/postmaster
Message start at 0 bytes, envelope sender=postmaster@extmail.org
maildrop: Attempting .mailfilter
maildrop: Delivery complete.
出现上以信息说明authlib,maildrop 工作正常
F、测试pop3
# telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK Hello there.
user postmaster@extmail.org
+OK Password required.
pass extmail
+OK logged in.
list
+OK POP3 clients that break here, they violate STD53.
1 6
.
retr 1
+OK 6 octets follow.
test
.
quit
+OK Bye-bye.
Connection closed by foreign host.
G、测试postfix
# perl -MMIME::Base64 -e 'print encode_base64("postmaster\@extmail.org");'
cG9zdG1hc3RlckBleHRtYWlsLm9yZw==
# perl -MMIME::Base64 -e 'print encode_base64("extmail");'
ZXh0bWFpbA==
# service postfix restart (重启一下)
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 yiyou.org ESMTP Mail System
ehlo test.com
250-mail.yiyou.org
250-PIPELINING
250-SIZE 14680064
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
cG9zdG1hc3RlckBleHRtYWlsLm9yZw==
334 UGFzc3dvcmQ6
ZXh0bWFpbA==
这里会验证失败!下面会给出解决方案
A、配置apache
修改/etc/httpd/conf/httpd.conf,将下面的选项改为:
User vuser
Group vgroup
在文件最后输入:Include /etc/httpd/conf.d/extmail.conf
# cd /etc/httpd/conf.d/
# vim extmail.conf
输入下面的内容:
Alias /extman/cgi/ /var/www/extsuite/extman/cgi/
Alias /extman /var/www/extsuite/extman/html/
<Location "/extman/cgi">
SetHandler cgi-script
Options +ExecCGI
</Location>
# config for ExtMail
Alias /extmail/cgi/ /var/www/extsuite/extmail/cgi/
Alias /extmail /var/www/extsuite/extmail/html/
<Location "/extmail/cgi">
SetHandler cgi-script
Options +ExecCGI
</Location>
# mkdir /var/www/extsuite
# tar zxf extmail-1.2.tar.gz
# cp -r extmail-1.2 /var/www/extsuite/extmail
# cp -r extman-1.1 /var/www/extsuite/extman
B、配置extmail参数
# cd /var/www/extsuite/extmail/
# cp webmail.cf.default webmail.cf
修改webmail.cf 下面的选项
SYS_SESS_DIR = /tmp/extmail
SYS_MAILDIR_BASE = /home/domains
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
C、配置extman参数
# cd /var/www/extsuite/extman/
修改webman.cf 下面的选项:
SYS_MAILDIR_BASE = /home/domains
D、创建session 目录
# mkdir /tmp/{extman,extmail}
# chown vuser:vgroup /tmp/ext*
E、配置后台日志分析工具
# cd /var/www/extsuite/extman/addon/
# cp -r mailgraph_ext /usr/local/
将下面的内容加入/etc/rc.local
/usr/local/mailgraph_ext/mailgraph-init start &
/var/www/extsuite/extman/daemon/cmdserver --daemon &
安装所依懒的软件包
# yum -y install rrdtool perl-rrdtool perl-GD perl-File-Tail perl-Unix-Syslog
F、启动后台进程
# /usr/local/mailgraph_ext/mailgraph-init start
Starting mail statistics grapher: mailgraph_ext
G、访问extmail/extman
打开浏览器,输入http://your_ip_address/extmail 注意:your_ip_address 为你实际的ip
第一个测试用户为:postmaster 密码:extmail 域:extmail
打开浏览器,输入http://your_ip_address/extman
extman root 用户为:root@extmail.org 密码为:extmail*123*
注意:进入系统后要修改密码及找回密码的提示问题、答案。
11.安装dspam clamd
yum install clamd dspam*
进入mysql
create database dspam;
grant all on dspam.* to dspam@localhost identified by 'dspam';
cd /usr/share/dspam/sql/mysql/
修改mysql_objects-4.1.sql virtual_users.sql,在两个文件前添加 use dspam;
mysql -u dspam -p< mysql_objects-4.1.sql
mysql -u dspam -p< virtual_users.sql
crontab -e
0 0 * * * /usr/bin/mysql -u dspam -p'dspam' dspam < /usr/share/dspam/sql/mysql/purge-4.1.sql
0 0 * * * /usr/bin/dspam_logrotate -a 30 -d /var/spool/dspam/data
修改/etc/dspam/dspam.conf
MySQLServer /var/lib/mysql/mysql.sock
MySQLUser dspam
MySQLPass dspam
MySQLDb dspam
MySQLCompress true
MySQLUIDInSignature on
ClamAVPort 3310 //开启clamd
ClamAVHost 127.0.0.1
ClamAVResponse spam
ServerPID /var/run/dspam.pid
ServerMode auto
ServerParameters "--user dspam --deliver=innocent,spam"
ServerDomainSocketPath "/tmp/dspam.sock"
DeliveryHost 127.0.0.1
DeliveryPort 10026
DeliveryIdent localhost
DeliveryProto SMTP
ParseToHeaders on
ChangeModeOnParse on
ChangeUserOnParse full
vi /etc/postfix/master.cf
smtp inet n - n - - smtpd
To:
smtp inet n - n - - smtpd
-o content_filter=lmtp:unix:/tmp/dspam.sock(-o 前面有三个空格)
lmtp unix - - n - - lmtp
127.0.0.1:10026 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
配置dspam web 在/usr/share/dspam/webui/cgi-bin
vi admins
添加admin
#htpasswd -c .htpasswd admin
xx
xx
/etc/init.d/dspam-webd start
#chkconfig --level 345 dspamd on
#chmod -R 777 /usr/share/dspam
#service dspamd start
至此,整个postfix算是安装完毕。重启计算机,访问:http://your ip/extmail/就能直接访问了。
解决smtp验证问题
May 9 20:42:49 mail postfix/smtpd: warning: unknown: SASL LOGIN authentication failed: authentication failure
现象:
本地extmail能正常登陆并发送邮件出去。通过telnet登陆出现错误:
[*]SASL LOGIN authentication failed: authentication failure
通过foxmail,php的smtp类登陆同样报此错。
分析:
查看验证配置文件:
cat /usr/lib/sasl2/smtpd.conf
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path:/var/spool/authdaemon/socket 且 /var/spool/authdaemon/socket 文件存在,权限为
srwxrwxrwx 1 daemon daemon 0 Apr 30 15:44 /var/spool/authdaemon/socket 也正常啊,难道本地的exmail不走验证机制?
[*]/usr/local/sbin/authtest -s login x@xok.la pass
这里的验证通过了。怪怪。。
仔细想了下这次邮局的配置,与以前大不同的是使用了不少RPM,减少编译过程。所以把怀疑对象定在了cyrus-sasl。
[*]rpm -qa|grep cyrus-sasl
发现没有cyrus-sasl,于是
[*]yum install cyrus-sasl
重新启动postfix,再次测试登陆。依然失败。
saslauthd -v
authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap 支持的验证机制方法里怎么没有authdaemond。。看来RPM的默认是没有。。
解决:
下载二进制cyrus-sasl包编译。
tar zvfx cyrus-sasl-2.1.22.tar.gz
cd cyrus-sasl-2.1.22
export LDFLAGS="-lpthread"
./configure --with-mysql --enable-anon --enable-plain --enable-login --disable-krb4 --disable-otp --disable-cram --disable-digest --disable-gssapi --with-pam --with-authdaemond
make
make install
rm -rf /usr/lib/sasl
rm -rf /usr/lib/sasl2
ln -s /usr/local/lib/sasl2 /usr/lib/
#为了让postfix能找到sasl,请运行如下命令:
echo "/usr/local/lib" >> /etc/ld.so.conf
ldconfig
cat > /usr/lib/sasl2/smtpd.conf <<EOT
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path:/var/spool/authdaemon/socket
EOT
页:
[1]