本文介绍Postfix邮件系统的安装与配置. 如有疑问可以留言.
本文主要内容是poftfix+mysql 实现虚拟用户.
http://wiki.extmail.org/extmail_solution_for_linux_centos-5
平台:
Centos 5.6 64位
所需软件:
Apache:2.2.15
Mysql:5.1.36
Php:5.2.13
Postfix:2.8.0
Courier-authlib:0.63
Cyrus-sasl:2.1.22
BerkeleyDB:4.5.20
Courier-IMAP:4.9.3
Maildrop:2.5.4
Extman:1.1
Extmail:1.2
Rrdtool:1.4.3
Slockd:0.99
先安装 Apache,Mysql,Php
Mysql 虚拟用户使用.
Apache ,php ,Mysql extmail Web管理台需要.
Apache,Mysql,Php的安装这里不做介绍,它们的安装文档网上很多,本人blog也有安装文档.
这里只介绍下Apache,Mysql,Php的编译参数.
Apache编译参数: (关于suexec可以看下http://lamp.linux.gov.cn/Apache/ApacheMenu/suexec.html)
./configure --prefix=/usr/local/apache2.2.15 --with-mpm=worker --enable-so --enable-rewrite --enable-headers --enable-expires --enable-suexec --with-suexec-caller=nobody --with-suexec-docroot=/opt/www
Mysql编译参数:
#./configure --prefix=/usr/local/mysql --datadir=/opt/mydata --with-charset=utf8 --with-extra-charsets=complex --enable-thread-safe-client --with-big-tables --with-ssl --with-embedded-server --enable-local-infile --enable-assembler --with-plugins=innobase --with-plugins=partition
php编译参数:
#./configure --prefix=/usr/local/php-5.2.13 --with-config-file-path=/usr/local/php-5.2.13 --with-apxs2=/usr/local/apache2.2.15/bin/apxs --with-bz2 --with-curl --with-curlwrappers --enable-ftp --enable-sockets --disable-ipv6 --with-gd --with-jpeg-dir=/usr/local --with-png-dir=/usr/local --with-freetype-dir=/usr/local --enable-gd-native-ttf --with-iconv-dir=/usr/local --enable-mbstring --enable-calendar --with-gettext --with-libxml-dir=/usr/local --with-zlib --enable-zend-multibyte --with-pdo-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-mysql=/usr/local/mysql
说明:
/usr/local/src/tarbag/ \\源码包存放的位置
/usr/local/src/software/ \\源码包解压出来存放的位置
以下安装建立在以上所需条件.所有安装为源码安装,源码包放在tarbag目录下,解压后放在software目录下:
首先安装courier-authlib
下载地址:http://prdownloads.sourceforge.net/courier
#cd /usr/local/src/tarbag
#wget http://sourceforge.net/projects/courier/files/authlib/0.63.0/courier-authlib-0.63.0.tar.bz2/download
#tar jvxf courier-authlib-0.63.tar.bz2 -C ../software/
安装之前添加postfix和maildrop相关的用户&用户组
#groupadd postfix -g 1000
#groupadd postdrop -g 1002
#useradd postfix -u 1000 -g postfix -G postdrop
#groupadd vmail -g 1001
#useradd vmail -u 1001 -g 1001
#./configure --prefix=/usr/local/courier-authlib --with-mailuser=vmail --with-mailgroup=vmail --sysconfdir=/etc --without-authpam --without-authldap --without-authpwd --without-authshadow --without-authvchkpw --without-authpgsql --with-authmysql --with-mysql-libs=/usr/local/mysql/lib/mysql --with-mysql-includes=/usr/local/mysql/include/mysql --with-redhat --with-authmysqlrc=/etc/authmysqlrc --with-authdaemonrc=/etc/authdaemonrc CFLAGS="-march=x86-64 -O2 -fexpensive-optimizations" CXXFLAGS="-march=x86-64 -O2 -fexpensive-optimizations"
#make
#make install
1.如果courier-authlib安装到非标准位置(例如安装到/usr/local下),一定记得在./configure时增加--without-stdheaderdir,这样以后在编译Courier-IMAP和maildrop的时候,不用特别指定courier-authlib的库文件位置
2.投递过程出现如下错误:
May 30 16:08:27 hsf postfix/pipe[25422]: D822E210104: to=<microsea@hsf.com>, relay=maildrop, delay=1248, status=deferred (temporary failure. Command output: ERR: authdaemon: s_connect() failed: Permission denied /usr/local/bin/maildrop: Temporary authentication failure. )
说明编译authlib时没有指定maildrop的用户和组,加上--with-mailuser和--with-mailgroup 指定用户和组后重编译安装.
增加"/usr/local/courier-authlib/lib/courier-authlib"到"/etc/ld.so.conf",并执行ldconfig命令。
#echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf
#ldconfig -v
#cp /etc/authdaemonrc.dist /etc/authdaemonrc
#vi /etc/authdaemonrc
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=5
authdaemonvar=/usr/local/courier-authlib/var/spool/authdaemon
DEBUG_LOGIN=0
DEFAULTOPTIONS=""
LOGGEROPTS=""
#vi /etc/authmysqlrc
MYSQL_SERVER localhost
MYSQL_USERNAME extmail
MYSQL_PASSWORD extmail
MYSQL_SOCKET /tmp/mysql.sock
MYSQL_PORT 3306
MYSQL_OPT 0
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD '1001'
MYSQL_GID_FIELD '1001'
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD concat('/opt/mailbox/',homedir)
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD concat('/opt/mailbox/',maildir)
启动courier-authlib
#/usr/local/courier-authlib/sbin/authdaemond start
安装 cyrus-sasl:
安装 cyrun-sasl 先把系统自带的给卸载了.
#rpm -e `rpm -qa | grep sasl`
如果卸载不掉 加上 --nodeps --allmatches选项强制卸载
下载地址:
ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/
#wget ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.22.tar.gz
安装时最新版本2.1.22
#tar zxvf cyrus-sasl-2.1.22.tar.gz -C ../software/
#cd ../software/cyrus-sasl-2.1.22/
#./configure --prefix=/usr/local/sasl2 --with-mysql=/usr/local/mysql --disable-sample --disable-saslauthd --disable-pwcheck --disable-cram --disable-digest --disable-krb4 --disable-gssapi --disable-anon --enable-plain --enable-login --enable-sql --disable-ntlm --disable-otp --disable-srp --disable-srp-setpass --with-authdaemond=/usr/local/courier-authlib/var/spool/authdaemon/socket --with-mysql-includes=/usr/local/mysql/include/ --with-mysql-libs=/usr/local/mysql/lib/mysql
#make
#make install
#ln -s /usr/local/sasl2/lib/sasl2 /usr/lib/ //这步一定要做..以下步骤做了以后Postfix还是找不到正确的sasl 所以会报验证错误的信息.
添加以下两行:
/usr/local/sasl2/lib/sasl2
/usr/local/sasl2/lib
到"/etc/ld.so.conf",并执行ldconfig命令.
#vi /usr/local/sasl2/lib/sasl2/smtpd.conf //这个文件是自己创建的
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket //这个目录与编译时候--with-authdaemond 选项目录相同
注意,这个文件的编辑不要多写一个空格,否则会出现smtp验证不过的问题
创建运行时需要的目录并调试启动
# mkdir -pv /var/state/saslauthd
# /usr/local/sasl2/sbin/saslauthd -a shadow pam -d
如果没有报错.crtl+c结束掉进程 .
启动并测试
# /usr/local/sasl2/sbin/saslauthd -a shadow pam
# /usr/local/sasl2/sbin/testsaslauthd -u root -p root用户密码
开机自动启动
# echo "/usr/local/sasl2/sbin/saslauthd -a shadow pam">>/etc/rc.local
安装BerkeleyDB
卸载系统自带的DB4
#tar zxvf db-4.5.20.tar.gz
#cd db-4.5.20/build_unix
#../dist/configure --prefix=/usr/local/BerkeleyDB
#make
#make install
修改相应的头文件指向
# mv /usr/include/db4 /usr/inculde/db4.OFF
# rm /usr/include/db_cxx.h
# rm /usr/include/db.h
# rm /usr/include/db_185.h
# ln -sv /usr/local/BerkeleyDB/include /usr/include/db4
# ln -sv /usr/local/BerkeleyDB/include/db.h /usr/include/db.h
# ln -sv /usr/local/BerkeleyDB/include/db_cxx.h /usr/include/db_cxx.h
配置库文件搜索路径
# echo "/usr/local/BerkeleyDB/lib" >> /etc/ld.so.conf
# ldconfig –v
安装postfix
关闭redhat 系统自带的sendmail
#chkconfig --level 2345 sendmail off
下载地址:
http://www.postfix.org
#wget ftp://ftp.cuhk.edu.hk/pub/packages/mail-server/postfix/official/postfix-2.8.0.tar.gz
下载VDA补丁,使postfix支持磁盘限额
#wget http://vda.sourceforge.net/VDA/postfix-vda-2.8.0.patch
postfix版本:2.8.0,VDA也要下载相应版本补丁.
#tar xvzf postfix-2.8.0.tar.gz -C ../software
#mv postfix-vda-2.8.0.patch ../software/postfix-2.8.0/
#cd ../software/postfix-2.8.0/
#make clean
#make tidy
#patch -p1 < postfix-vda-2.8.0.patch
#make -f Makefile.init Makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/local/sasl2/include/sasl' 'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient -lz -lm -L/usr/local/sasl2/lib -lsasl2 -L/usr/local/BerkeleyDB/lib'
#make
#make install
执行“make install”命令后,期间会需要设置如下一些安装参数,一般都使用默认设置(按回车),如果有特殊需要,直接在后面输入自己的设置,回车即可。
install_root: [/] //指定系统的根目录
tempdir: [/usr/local/src/software/postfix-2.8.0/] //指定postfix-install脚本使用的临时文件目录
config_directory: [/etc/postfix] //设置Postfix的配置文件目录
daemon_directory: [/usr/libexec/postfix]
command_directory: [/usr/sbin] //设置Postfix命令的存放目录
queue_directory: [/var/spool/postfix] //设置邮件队列目录
sendmail_path: [/usr/sbin/sendmail]
newaliases_path: [/usr/bin/newaliases]
mailq_path: [/usr/bin/mailq]
mail_owner: [postfix]
setgid_group: [postdrop]
html_directory: [no]
manpage_directory: [/usr/local/man]
readme_directory: [no]
下面是我的配置目录:
配置文件目录:/etc/postfix/
服务程序目录:/usr/local/postfix/libexec/
邮件队列目录:/var/spool/postfix/
邮件管理程序目录:/usr/local/postfix/sbin/
日志文件目录: /var/log/maillog
#mv /etc/aliases /etc/aliases.old
#ln -s /etc/postfix/aliases /etc/aliases
最后
:
生成别名二进制文件,这个步骤如果忽略,会造成postfix效率极低:
#/usr/bin/newaliases
如果编译时候没有加-L/usr/local/BerkeleyDB/lib newaliases会去找系统自带的4.3.29的库.会报错.
检验postfix是否支持sasl认证,如果输出为以下结果,则支持:
#/usr/local/postfix/sbin/postconf -a
cyrus
dovecot
#/usr/local/postfix/sbin/postconf -m | grep mysql
mysql
没有的话需重新编译
postfix
。如果postconf -a
没有
cyrus
的话注意看下
postfix
编译的关于
cyrus-sasl
的参数有没正确
.
再看下
cyrus-sasl
安装好了没有
.
下面添加生成Mysql验证的一些配置文件:
#touch /etc/postfix/mysql_virtual_alias_maps.cf
#touch /etc/postfix/mysql_virtual_domains_maps.cf
#touch /etc/postfix/mysql_virtual_mailbox_maps.cf
#touch /etc/postfix/mysql_virtual_limit_maps.cf
修改postfix配置文件:
#vi /etc/postfix/main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/local/postfix/sbin
daemon_directory = /usr/local/postfix/libexec
myhostname = mail.hsf.com
mydomain = hsf.com
inet_interfaces = all
mydestination =
unknown_local_recipient_reject_code = 550
mynetworks = 168.100.189.0/28, 127.0.0.0/8, 10.9.0.0/24, 10.0.0.0/24
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/local/postfix/man
sample_directory = /etc/postfix
readme_directory = no
##====================SASL========================
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_unknown_sender_domain,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_unauth_destination,
permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
#================ Virtual Mailbox Settings =====================#
virtual_mailbox_base = /opt/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains = virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:1001
virtual_gid_maps = static:1001
virtual_transport = maildrop
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again later.
virtual_overquota_bounce = yes
编辑前面生成的一些Mysql相关的cf配置文件:
#vi /etc/postfix/mysql_virtual_alias_maps.cf
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = alias
select_field = goto
where_field = address
additional_conditions = AND active = '1'
=================================
#vi /etc/postfix/mysql_virtual_domains_maps.cf
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = domain
select_field = description
where_field = domain
additional_conditions = AND active = '1'
=================================
#vi /etc/postfix/mysql_virtual_mailbox_maps.cf
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = mailbox
select_field = maildir
where_field = username
additional_conditions = AND active = '1'
=================================
#vi /etc/postfix/mysql_virtual_limit_maps.cf
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = mailbox
select_field = quota
where_field = username
additional_conditions = AND active = '1'
启动和停止postfix服务:
#/usr/local/postfix/sbin/postfix start
#/usr/local/postfix/sbin/postfix stop
安装Courier-IMAP
下载地址:
http://prdownloads.sourceforge.net/courier
目前最新版4.9.3
#wget http://sourceforge.net/projects/courier/files/imap/4.9.3/courier-imap-4.9.3.tar.bz2/download
#tar jvxf courier-imap-4.9.3.tar.bz2 -C ../software/
#cd ../software/courier-imap-4.9.3/
#./configure --prefix=/usr/local/courier-imap --with-redhat --enable-unicode --disable-root-check --with-trashquota --without-ipv6 CPPFLAGS='-I/usr/local/courier-authlib/include' COURIERAUTHCONFIG='/usr/local/courier-authlib/bin/courierauthconfig'
#####CPPFLAGS='-I/usr/local/courier-authlib/include' 如果编译courier-authlib没有安装在默认路径,必须指定这个,如果之前编译courier-authlib加了--without-stdheaderdir,就不需要指定了.
没有加COURIERAUTHCONFIG='/usr/local/courier-authlib/bin/courierauthconfig'会出现:
checking for courierauthconfig... no
configure: WARNING: === Courier authentication library not found.
configure: WARNING: === You need to download and install
configure: WARNING: === http://www.courier-mta.org/download.php#authlib first.
configure: WARNING: === If courier-authlib is installed in a non-default
configure: WARNING: === directory, set the COURIERAUTHCONFIG environment
configure: WARNING: === variable to the full path to the courierauthconfig
configure: WARNING: === binary and rerun this configure script.
configure: WARNING:
configure: error: courierauthconfig not found
解决方法
#export COURIERAUTHCONFIG=/usr/local/courier-authlib/bin/courierauthconfig
再执行configure.命令
#make
#make install
建立配置文件
#cd /usr/local/courier-imap/etc
#ls *.dist | awk -F"." '{print "cp "$0" "$1""}' | sh
打开pop3,imapd支持,修改MAILPATH
#vi /usr/local/courier-imap/etc/pop3d
POP3DSTART=YES
MAILDIRPATH=/opt/mailbox
#vi /usr/local/courier-imap/etc/imapd
IMAPDSTART=YES
MAILPATH=/opt/mailbox
加入开机启动
#cp courier-imap.sysvinit /etc/init.d/imapd
#chmod 755 /etc/init.d/imapd
#chkconfig --add imapd
#chkconfig --level 2345 imapd on
#service imapd start
检测:
#netstat -tnl |egrep "110|143"
安装maildrop
下载地址:http://sourceforge.net/projects/courier/files/maildrop/
目前最新版本:2.5.4
http://sourceforge.net/projects/courier/files/maildrop/2.5.4/maildrop-2.5.4.tar.bz2/download
将courier-authlib的头文件及库文件链接至/usr目录(编译maildrop时会到此目录下找此些相关的文件):
# ln -sv /usr/local/courier-authlib/bin/courierauthconfig /usr/bin
# ln -sv /usr/local/courier-authlib/include/* /usr/include
1、
maildrop
需要
pcre
的支持,因此,接下来将首先安装
pcre
#tar zxvf pcre-7.9.tar.gz -C ../software/
# cd ../software/pcre-7.9/
# ./configure
# make
# make check
# make install
# tar jxvf maildrop-2.5.4.tar.bz2 -C ../software/
#cd ../software/maildrop-2.5.4/
# cd maildrop-2.5.4
# ./configure --enable-sendmail=/usr/sbin/sendmail --enable-trusted-users='root vmail' --enable-syslog=1 --enable-maildirquota --enable-maildrop-uid=1001 --enable-maildrop-gid=1001 --with-trashquota --with-dirsync
# make
# make install
检查安装结果,请确保有"Courier Authentication Library extension enabled."一句出现:
# maildrop -v
maildrop 2.5.4 Copyright 1998-2005 Double Precision, Inc. ///注意看下这个版本是不是2.5.4是否是现在安装的.如果不是的话可能就是系统自带的.要把系统自带的卸载了再安装一遍.或者把/usr/local/bin/maildrop删了.再安装一遍也可以 .
GDBM extensions enabled.
Courier Authentication Library extension enabled.
Maildir quota extension enabled.
This program is distributed under the terms of the GNU General Public
License. See COPYING for additional information.
2、新建其配置文件/etc/maildroprc文件,首先指定maildrop的日志记录位置:
# vi /etc/maildroprc
添加:
logfile "/var/log/maildrop.log"
# touch /var/log/maildrop.log
# chown vmail.vmail /var/log/maildrop.log
3
、配置
Postfix
编辑master.cf
# vi /etc/postfix/master.cf
启用如下两行
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} //注意:定义transport的时候,即如上两行中的第二行,其参数行必须以空格开头,否则会出错。
编辑main.cf
# vi /etc/postfix/main.cf
virtual_transport = maildrop
virtual_uid_maps = static:1001
virtual_gid_maps = static:1001
4
、编辑
/etc/authmysqlrc
# vi /etc/authmysqrc
MYSQL_UID_FIELD '1001'
MYSQL_GID_FIELD '1001'
5
、编辑
/etc/httpd/httpd.conf
,修改运行用户
:
如果启用了suexec的功能,则将虚拟主机中指定的
SuexecUserGroup vmail vmail
如果没有使用上面的功能,则修改User和Group指令后的用户为vmail
将前文中的如下项
User postfix
Group postfix
修改为:
User vmail
Group vmail
6
、将用户邮件所在的目录/opt/mailbox和
extman
的临时目录
/tmp/extman
的属主和属组指定为
vmail
转播
