構建Postfix郵件服務器

Postfix是一款基於開源環境，用於取代在開源環境中Sendmail的一種嘗試。與Sendmail相比postfix更快、更安全、更加易於管理，於此同時還與Sendmail保持了足夠的兼容性。

下面是基於Postfix配合Dovecat、Extmail與Extman實現提供具備SASL認證的web服務的郵件服務器

下面對postfix郵件服務器的具體構建、以及各部分的測試過程進行詳述：

1、安裝前的準備工做

爲了實現完整的郵件服務器功能，咱們須要具備解析本域郵件服務器功能的DNS Server，具體過程再也不贅述，能夠參考做者博文：《Linux下DNS服務器搭建詳解》http://evolution.blog.51cto.com/3343305/643520

1.安裝所需的rpm包

yum install -y httpd php php-mysql mysql mysql-server mysql-devel openssl-devel dovecot perl-DBD-MySQL tcl tcl-devel libart_lgpl libart_lgpl-devel libtool-ltdl libtool-ltdl-devel
#爲了下降搭建過程的複雜程度，這裏做者將非必須編譯安裝的軟件使用yum源來安裝

2.關閉sendmail，並卸載

service sendmail stop
chkconfig sendmail off
rpm -e --nodeps sendmail
#卸載sendmail防止影響後面postfix的安裝工做

3.安裝編譯安裝時須要用到的開發包組

yum -y groupinstall "Development Libraries" "Development Tools" "Legacy Software Development" "X Software Development"

4.啓動Mysql數據庫，並設置密碼

service mysqld start
chkconfig mysqld on
/usr/bin/mysql
mysql>SET PASSWORD FOR root@'localhost'=PASSWORD('redhat');
mysql>SET PASSWORD FOR root@'127.0.0.1'=PASSWORD('redhat');
#設置本地登陸密碼
mysql>GRANT ALL PRIVILEGES ON *.* TO root@'%' IDENTIFIED BY 'redhat';
#設置遠程登錄密碼
mysql>FLUSH PRIVILEGES;
mysql>quit

5.啓動SASL並加入開機啓動

service saslauthd start
chkconfig saslauthd on

2、安裝配置Postfix

1.編譯安裝

groupadd -g 2525 postfix
useradd -g postfix -u 2525 -s /sbin/nologin -M postfix
groupadd -g 2526 postdrop
useradd -g postdrop -u 2526 -s /bin/false -M postdrop
#建立postfix用戶
tar zxvf postfix-2.6.5.tar.gz
cd postfix-2.6.5
make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl  -DUSE_TLS ' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib/sasl2 -lsasl2   -lssl -lcrypto'
#編譯選項：gcc的編譯選項；mysql頭文件；支持sasl認證；cyrus_sasl的頭文件；mysql的客戶端；指明auxlibs的位置
make
make install

如下是安裝時提示輸入的內容，「[]」中爲默認值
install_root: [/] /
tempdir: [/usr/local/src/ postfix-2.6.5] /tmp
config_directory: [/etc/postfix] /etc/postfix
daemon_directory: [/usr/libexec/postfix]
command_directory: [/usr/sbin]
queue_directory: [/var/spool/postfix]
sendmail_path: [/usr/sbin/sendmail]
newaliases_path: [/usr/bin/newaliases]
mailq_path: [/usr/bin/mailq]
mail_owner: [postfix]
setgid_group: [postdrop]
html_directory: [no] /var/www/postfix_html
manpages: [/usr/local/man]
readme_directory: [no]

編譯安裝完成後

newaliases
生成別名二進制文件，這個步驟若是忽略，會形成postfix效率極低。

2.配置postfix

vim /etc/postfix/main.cf
myhostname = mail.evo.com
#指定運行postfix郵件系統的主機的主機名
myorigin = evo.com
#指明發件人所在的域名
mydomain = evo.com
#郵件服務器的域名
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#指定postfix接收郵件時收件人的域名
mynetworks = 192.168.0.0/24, 127.0.0.0/8
#指定你所在的網絡的網絡地址
inet_interfaces
#參數指定postfix系統監聽的網絡接口

3.添加postfix啓動腳本

vim /etc/init.d/postfix

#!/bin/bash
. /etc/rc.d/init.d/functions
. /etc/sysconfig/network
[ ${NETWORKING} = "no" ] && exit 0

[ -x /usr/sbin/postfix ] || exit 0
[ -d /etc/postfix ] || exit 0
[ -d /var/spool/postfix ] || exit 0

RETVAL=0
prog="postfix"

start() {
    # Start daemons.
    echo -n $"Starting postfix: "
        /usr/bin/newaliases >/dev/null 2>&1
    /usr/sbin/postfix start 2>/dev/null 1>&2 && success || failure $"$prog start"
    RETVAL=$?
    [ $RETVAL -eq 0 ] && touch /var/lock/subsys/postfix
        echo
    return $RETVAL
}

stop() {
        # Stop daemons.
    echo -n $"Shutting down postfix: "
    /usr/sbin/postfix stop 2>/dev/null 1>&2 && success || failure $"$prog stop"
    RETVAL=$?
    [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/postfix
    echo
    return $RETVAL
}

reload() {
    echo -n $"Reloading postfix: "
    /usr/sbin/postfix reload 2>/dev/null 1>&2 && success || failure $"$prog reload"
    RETVAL=$?
    echo
    return $RETVAL
}

abort() {
    /usr/sbin/postfix abort 2>/dev/null 1>&2 && success || failure $"$prog abort"
    return $?
}

flush() {
    /usr/sbin/postfix flush 2>/dev/null 1>&2 && success || failure $"$prog flush"
    return $?
}

check() {
    /usr/sbin/postfix check 2>/dev/null 1>&2 && success || failure $"$prog check"
    return $?
}

restart() {
    stop
    start
}

# See how we were called.
case "$1" in
  start)
    start
    ;;
  stop)
    stop
    ;;
  restart)
    stop
    start
    ;;
  reload)
    reload
    ;;
  abort)
    abort
    ;;
  flush)
    flush
    ;;
  check)
    check
    ;;
  status)
    status master
    ;;
  condrestart)
    [ -f /var/lock/subsys/postfix ] && restart || :
    ;;
  *)
    echo $"Usage: $0 {start|stop|restart|reload|abort|flush|check|status|condrestart}"
    exit 1
esac

exit $?

chmod +x postfix
#給腳本執行權限
chkconfig --add postfix
#添加默認2345運行級別隨系統啓動
service postfix start
#啓動postfix

4.測試postfix，驗正服務啓動情況

>telnet 192.168.0.71 25
Trying 192.168.0.71...
Connected to station71.redhat_hu.com (192.168.0.71).
Escape character is '^]'.
220 mail.evo.com ESMTP Postfix
>ehlo mail.evo.com
250-mail.evo.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
>mail from:root@evo.com
250 2.1.0 Ok
>rcpt to:root@evo.com
250 2.1.5 Ok
>data
354 End data with <CR><LF>.<CR><LF>
>subject:test
>test 123...
>.
250 2.0.0 Ok: queued as 7AAD51B803D
>quit
221 2.0.0 Bye
Connection closed by foreign host.
You have mail in /var/spool/mail/root
#已有提示收到測試郵件
>mail
#查看郵箱
Mail version 8.1 6/6/93.  Type ? for help.
"/var/spool/mail/root": 1 message 1 new
N  1 root@evo.com          Sun Aug 14 20:03  15/481   "test"

3、爲postfix開啓基於cyrus-sasl的認證功能

1.編輯postfix配置文件

vi /etc/postfix/main.cf
添加如下內容：
broken_sasl_auth_clients = yes
#定義是否容許突破sasl認證
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination
smtpd_sasl_auth_enable = yes
#啓動sasl認證
smtpd_sasl_local_domain = $myhostname
#本域名定義
smtpd_sasl_security_options = noanonymous
#不支持匿名
smtpd_sasl_application_name = smtpd
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version has been hidden!
#隱藏版本信息

2.編輯stmtpd服務配置文件

vim /usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
#密碼檢驗方法爲sasl認證
mech_list: PLAIN LOGIN

3.重啓postfix服務

service postfix restart

4.測試SASL認證

>telnet 192.168.0.71 25
Trying 192.168.0.71...
Connected to station71.redhat_hu.com (192.168.0.71).
Escape character is '^]'.
220 Welcome to our mail.evo.com ESMTP,Warning: Version has been hidden.
>ehlo mail.evo.com
250-mail.evo.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
#有以上兩行說明CYRUS-SASL認證添加成功
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
>quit
221 2.0.0 Bye
Connection closed by foreign host.

4、安裝Courier authentication library

注意：請確保安裝libtool-ltdl，libtool-ltdl-devel否則編譯過程會報錯

1.編譯安裝Courier auth

tar jxvf courier-authlib-0.62.4.tar.bz2
cd courier-authlib-0.62.4
./configure --prefix=/usr/local/courier-authlib --sysconfdir=/etc --with-authmysql --with-mysql-libs=/usr/lib/mysql --with-mysql-includes=/usr/include/mysql --with-redhat --with-authmysqlrc=/etc/authmysqlrc --with-authdaemonrc=/etc/authdaemonrc CFLAGS="-march=i686 -O2 -fexpensive-optimizations"   CXXFLAGS="-march=i686 -O2 -fexpensive-optimizations"
make
make install

2.編輯配置文件

chmod 755 /usr/local/courier-authlib/var/spool/authdaemon
cp /etc/authdaemonrc.dist  /etc/authdaemonrc
cp /etc/authmysqlrc.dist  /etc/authmysqlrc

vim /etc/authdaemonrc
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=10
#修改這3行
vim /etc/authmysqlrc
MYSQL_SERVER localhost
MYSQL_PORT 3306
#指定你的mysql監聽的端口，這裏使用默認的3306
MYSQL_USERNAME  extmail
#這時爲後文要用的數據庫的全部者的用戶名
MYSQL_PASSWORD extmail
#密碼
MYSQL_SOCKET  /var/lib/mysql/mysql.sock
#此行前註釋去掉
MYSQL_DATABASE  extmail
MYSQL_USER_TABLE  mailbox
MYSQL_CRYPT_PWFIELD  password
MYSQL_UID_FIELD  '2525'
MYSQL_GID_FIELD  '2525'
#2525，2525 爲postfix 用戶的UID和GID
MYSQL_LOGIN_FIELD  username
MYSQL_HOME_FIELD  concat('/var/mailbox/',homedir)
#本地郵箱的位置
MYSQL_NAME_FIELD  name
MYSQL_MAILDIR_FIELD  concat('/var/mailbox/',maildir)

3.爲courier添加啓動腳本

cp courier-authlib.sysvinit /etc/init.d/courier-authlib             #courier提供的啓動腳本
chmod 755 /etc/init.d/courier-authlib
chkconfig --add courier-authlib
chkconfig courier-authlib on

4.添加庫文件並測試導入狀況

echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf
#或添加到/etc/ld.so.conf.d/courier.conf
ldconfig -v | grep courier
#有以下顯示錶示庫文件添加成功
/usr/local/courier-authlib/lib/courier-authlib:
    libcourierauthcommon.so -> libcourierauthcommon.so.0
    libcourierauth.so -> libcourierauth.so.0
    libcourierauthsasl.so -> libcourierauthsasl.so.0
    libcourierauthsaslclient.so -> libcourierauthsaslclient.so.0

5.啓動courier-authlib服務

service courier-authlib start
#啓動服務
ps aux |grep courier
#查看進程啓動狀態

6.建立虛擬用戶郵箱目錄

mkdir –pv /var/mailbox
#新建虛擬用戶郵箱所在的目錄，並將其權限賦予postfix用戶
chown –R postfix /var/mailbox
#全部用戶的郵件都在這裏

7.從新修改smtpd服務配置文件，確保是以下內容

pwcheck_method: authdaemond
log_level: 3
mech_list:PLAIN LOGIN
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket
#添加這些內容進去

5、讓postfix支持虛擬域和虛擬用戶

1.編輯postfix配置文件，添加以下內容於配置文件末行

vim /etc/postfix/main.cf
virtual_mailbox_base = /var/mailbox
#指明虛擬用戶郵件目錄
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again later.
virtual_overquota_bounce = yes

2.添加extmail數據進mysql數據庫

tar zxvf  extman-1.1.tar.gz
cd extman-1.1/docs
mysql -u root -p <extmail.sql
#添加extmail.sql數據庫到mysql
mysql -u root -p <init.sql
#添加init.sql數據庫到mysql
cp mysql*  /etc/postfix/

3.授予用戶extmail訪問extmail數據庫的權限

mysql> GRANT all privileges on extmail.* TO extmail@localhost IDENTIFIED BY 'extmail';
mysql> GRANT all privileges on extmail.* TO extmail@127.0.0.1 IDENTIFIED BY 'extmail';

4.在此修改postfix配置文件

爲了支持虛擬用戶，須要對/etc/postfix/main.cf即postfix的配置文件作以下修改：

虛擬域之後，須要取消中心域，註釋掉myhostname, mydestination, mydomain, myorigin，mydestionation幾個指令。

6、配置Dovecot

1.編輯dovecot主配置文件

vim /etc/dovecot.conf
mail_location = maildir:/var/mailbox/%d/%n/Maildir
#修改此項
auth default {
    mechanisms = plain
#pam {xxxxxxxx}                                                                                             #注意把pam{}這一項註釋掉
 passdb sql {
        args = /etc/dovecot-mysql.conf                              #添加此項
    }
    userdb sql {
        args = /etc/dovecot-mysql.conf                              #添加此項
    }

2.編輯dovecot與mysql關聯的配置文件

vim /etc/dovecot-mysql.conf
driver = mysql
connect = host=localhost dbname=extmail user=extmail password=extmail
default_pass_scheme = CRYPT
password_query = SELECT username AS user,password AS password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, uidnumber AS uid, gidnumber AS gid FROM mailbox WHERE username = '%u'

3.啓動dovecot服務

service dovecot start
chkconfig dovecot on

7、安裝Extmail

1.解壓安裝

tar zxvf extmail-1.2.tar.gz
mkdir -pv /var/www/extsuite
mv extmail-1.2 /var/www/extsuite/extmail
cp /var/www/extsuite/extmail/webmail.cf.default  /var/www/extsuite/extmail/webmail.cf
#複製配置文件

2.修改主配置文件

SYS_MESSAGE_SIZE_LIMIT = 5242880
#用戶能夠發送的最大郵件
SYS_USER_LANG = zh_CN
#語言選項選擇中文
SYS_MAILDIR_BASE = /var/mailbox
#修改郵件的存放目錄
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
#以上兩句句用來設置鏈接數據庫服務器所使用用戶名、密碼和郵件服務器用到的數據庫
SYS_MYSQL_HOST = localhost
#使用默認選項
SYS_MYSQL_TABLE = mailbox
SYS_MYSQL_ATTR_USERNAME = username
SYS_MYSQL_ATTR_DOMAIN = domain
SYS_MYSQL_ATTR_PASSWD = password
#以上用來指定驗正用戶登陸裏所用到的表，以及用戶名、域名和用戶密碼分別對應的表中列的名稱；使用默認值
SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket
#此句用來指明authdaemo socket文件的位置

3.配置apache虛擬主機

vim /etc/httpd/conf/httpd.conf
User postfix
Group postfix
#修改這兩項
#DocumentRoot "/var/www/html"
#註釋此項
NameVirtualHost *:80
#啓用此項
<VirtualHost *:80>
ServerName mail.test.com
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
</VirtualHost>
<Directory "/var/www/extsuite/extmail/html/">
    Order allow,deny
    Allow from all
</Directory>
#添加權限

 

4.解決extmail的依賴關係

tar zxvf Unix-Syslog-0.100.tar.gz
cd Unix-Syslog-0.100
perl Makefile.PL
make
make install
#編譯安裝Unix-Syslog

5.修改 cgi執行文件權限，啓動httpd

chown -R postfix.postfix /var/www/extsuite/extmail/cgi/
service httpd start
chkconfig httpd on

8、安裝Extman

1.安裝extman

tar zxvf  extman-1.1.tar.gz
mv extman-1.1 /var/www/extsuite/extman

2.編輯extman的配置文件

cp /var/www/extsuite/extman/webman.cf.default  /var/www/extsuite/extman/webman.cf
vim /var/www/extsuite/extman/webman.cf
SYS_MAILDIR_BASE = /var/mailbox
#用戶郵件的存放目錄
SYS_CAPTCHA_ON = 0
#關閉驗證碼功能
SYS_DEFAULT_UID=2525
SYS_DEFAULT_UID=2525
#將虛擬用戶映射本地用戶2525如下載郵件

3.修改apache配置文件

在上文虛擬主機配置字段中添加以下兩行

ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi
Alias /extman /var/www/extsuite/extman/html

4.修改權限，使postfix可以使用Ext族組件

chown -R postfix.postfix /var/www/extsuite

5.建立運行時所需的臨時文件

mkdir  -pv  /tmp/extman
chown postfix.postfix  /tmp/extman

9、圖形化日誌啓用

1.按照以下安裝順序安裝如下3個軟件包

tar zxvf Time-HiRes-1.9707.tar.gz
cd Time-HiRes-1.9707
perl Makefile.PL
make
make test
make install
#安裝time-hires
tar zxvf File-Tail-0.99.3.tar.gz
cd File-Tail-0.99.3
perl Makefile
make
make test
make install
#安裝file-tail
tar zxvf rrdtool-1.4.5.tar.gz
cd rrdtool-1.4.5
./configure --prefix=/usr/local/rrdtool
make
make install
#安裝rrdtool

2.建立必須得符號連接

ln -vs /usr/local/rrdtool/lib/perl/5.8.8/i386-linux-thread-multi/auto/RRDs/RRDs.so /usr/lib/perl5/5.8.8/i386-linux-thread-multi/
ln -vs /usr/local/rrdtool/lib/perl/5.8.8/RRDp.pm /usr/lib/perl5/5.8.8/
ln -vs /usr/local/rrdtool/lib/perl/5.8.8/i386-linux-thread-multi/RRDs.pm /usr/lib/perl5/5.8.8/

3.調整文件並啓動服務

cp -r /var/www/extsuite/extman/addon/mailgraph_ext  /usr/local
#複製mailgraph_ext到/usr/local
/usr/local/mailgraph_ext/mailgraph-init start
#啓動服務
 /var/www/extsuite/extman/daemon/cmdserver --daemon
#啓動cmdserver在後臺顯示系統信息

echo 「/usr/local/mailgraph_ext/mailgraph-init start」 >> /etc/rc.d/rc.local
echo 「/var/www/extsuite/extman/daemon/cmdserver -v -d」 >> /etc/rc.d/rc.local
#添加這兩條，使其可以在系統初始化完成後實行啓動腳本

 到此咱們的配置就已經完成了，因爲做者使用的是VMware虛擬機故這裏將物理機首選DNS指向虛擬機ip，瀏覽器中輸入郵件服務器域名便可登入。

首次登錄：使用管理員帳號/密碼

管理賬號爲：root@extmail.org  密碼爲：extmail*123*

 

 圖形化統計日誌

 

 Ps：此時，只能在本域中發送郵件；若要實現向外域發送郵件的功能，在DNS配置文件中添加轉發便可。