手把手让你完成postfix+extmail+mysql虚拟用户邮件系统51CTO博客 - 千亿集团

手把手让你完成postfix+extmail+mysql虚拟用户邮件系统51CTO博客

2019年04月01日14时11分37秒 | 作者: 白萱 | 标签: 用户,邮件,完成 | 浏览: 919

现在尽管个人博客迁移到 http://www.linuxwind.com ,但51这个老家也不能忘了。 最近言语组织能力特别差,都是不常常写博客缺少训练啊。。 今日就来一篇依据mysql认证和extmail的企业级邮件运用架构. 废话不多说.开端了.
先简略介绍下原理吧,都知道邮件效劳是常用效劳中最杂乱的,没有之一,装备起来适当繁琐,这儿为了节约篇幅,根底的原理部分不做过多解说,仅对所需求的常识进行简略的解说阐明,国际惯例,先上图,理不乱.
      原理部分能够用这副图来展现,首要当用户登录到postfix后来发送邮件,然后调用cyrus-sasl的库函数,并经过courier-authlib来经过mysql的认证,假如认证经过,则能够发送邮件,假如所发的邮件是本机所承受的邮件,则直接经过postfix存储到mailbox中,而其他用户要想收邮件,dovecot能够完成pop3和imap的MDA功用,而此进程,能够经过装备dovecot也运用mysql来进行对收取邮件的认证;而extmail是完成经过web来替代outlook来完成MUA功用的,用户登录web的认证,也能经过mysql来完成,extman的功用是能够经过用户的注册,修正暗码等恳求来对账户进行办理的,当然,这样一整套的认证机制能够彻底经过数据库来完成,这样就达到了企业级的运用。但这不是最高效的处理方案,都知道像126这样的专业都是经过ldap来完成的,但那是天王等级的运用,笔者介绍的此种邮件效劳架构,能够满意大多数企业的运用了。
 

笔者所运用的环境为rhel5.6准备工作:开发环境为默许装出来后装置以下4个组1、yum装置以下开发所用到的rpm包组:
Development Libraries
Development Tools
Legacy Software Development
X Software Development
2、封闭sendmail,并将它的随体系主动发动功用封闭:
# service sendmail stop # chkconfig sendmail off
3、装置所需的rpm包,这包含以下这些: httpd, php, php-mysql, mysql, mysql-server, mysql-devel, openssl-devel, dovecot, perl-DBD-MySQL, tcl, tcl-devel, libart_lgpl, libart_lgpl-devel, libtool-ltdl, libtool-ltdl-devel, expect
有同学会问到,怎样不直接yum把postfix装上,rhel5.6红帽整合的postfix的rpm包默许不支撑mysql的认证功用的,要想完成则需求从头编译装置。
4、发动mysql数据库,并给mysql的root用户设置暗码:
# service mysqld start
# chkconfig mysqld on
# mysqladmin -uroot password your_password
 5、发动saslauthd效劳,并将其加入到主动发动行列:
# service saslauthd start
# chkconfig saslauthd on
二、装置装备postfix
  
# groupadd -g 2525 postfix
# useradd -g postfix -u 2525 -s /sbin/nologin -M postfix
# groupadd -g 2526 postdrop
# useradd -g postdrop -u 2526 -s /bin/false -M postdrop
# tar zxvf postfix-2.6.5.tar.gz
# cd postfix-2.6.5
# make makefiles CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl  -DUSE_TLS  AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib/sasl2 -lsasl2 -lssl -lcrypto
# make
# make install
依照以下的提示输入相关的途径([]号中的是缺省值,”]”后的是输入值,省掉的标明选用默许值)
  install_root: [/] /
  tempdir: [/usr/local/src/ postfix-2.6.5] /tmp
  config_directory: [/etc/postfix] /etc/postfix
  daemon_directory: [/usr/libexec/postfix] 
  command_directory: [/usr/sbin] 
  queue_directory: [/var/spool/postfix]
  sendmail_path: [/usr/sbin/sendmail]
  newaliases_path: [/usr/bin/newaliases]
  mailq_path: [/usr/bin/mailq]
  mail_owner: [postfix]
  setgid_group: [postdrop] 
  html_directory: [no] /var/www/postfix_html
  manpages: [/usr/local/man]
  readme_directory: [no]
生成别号二进制文件,这个过程假如疏忽,会形成postfix功率极低:
#  newaliases
2.进行一些根本装备,测验发动postfix并进行发信
#vi /etc/postfix/main.cf
修正以下几项为您需求的装备
myhostname = mail.test.com
myorigin = test.com
mydomain = test.com
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 192.168.1.0/24, 127.0.0.0/8
 阐明: myorigin参数用来指明发件人地点的域名; mydestination参数指定postfix接纳邮件时收件人的域名,即您的postfix体系要接纳到哪个域名的邮件; myhostname 参数指定运转postfix邮件体系的主机的主机名,默许情况下,其值被设定为本地机器名; mydomain参数指定您的域名,默许情况下,postfix将myhostname的榜首部分删去而作为mydomain的值; mynetworks 参数指定你地点的网络的网络地址,postfix体系依据其值来差异用户是长途的仍是本地的,假如是本地网络用户则答应其拜访; inet_interfaces 参数指定postfix体系监听的网络接口;  

  留意: 1、在postfix的装备文件中,参数行和注释行是不能处在同一行中的; 2、任何一个参数的值都不需求加引号,不然,引号将会被当作参数值的一部分来运用; 3、每修正参数及其值后履行 postfix reload 即可令其收效;但若修正了inet_interfaces,则需从头发动postfix; 4、假如一个参数的值有多个,能够将它们放在不同的行中,只需求在这今后的每个行前多置一个空格即可;postfix会把榜首个字符为空格或tab的文本行视为上一行的连续;   
 发动postfix
/usr/local/postfix/sbin/postfix  start
衔接postfix,验正效劳发动情况:
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is ^].
220 mail.test.com ESMTP Postfix
ehlo mail.test.com
250-mail.test.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:root@test.com
250 2.1.0 Ok
rcpt to:redhat@test.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
subject:Mail test!
Mail test!!!
.
250 2.0.0 Ok: queued as AB94A1A561
quit
221 2.0.0 Bye
Connection closed by foreign host.
切换到redhat用户进行收信:
# su - redhat
$ mail
Mail version 8.1 6/6/93.  Type ? for help.
"/var/spool/mail/redhat": 1 message 1 new
>N  1 root@test.com    Wed Sep  5 10:59  15/488 "Mail test!"
&
三、为postfix敞开依据cyrus-sasl的认证功用
运用以下指令验正postfix是否支撑cyrus风格的sasl认证,假如您的输出为以下成果,则是支撑的: # /usr/local/postfix/sbin/postconf  -a cyrus dovecot
#vi /etc/postfix/main.cf
增加以下内容:
CYRUS-SASL
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!
#vi /usr/local/lib/sasl2/smtpd.conf
增加如下内容:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
让postfix从头加载装备文件
#/usr/local/postfix/sbin/postfix reload
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is ^].
220 Welcome to our mail.test.com ESMTP,Warning: Version not Available!
ehlo mail.test.com
250-mail.test.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN     (请保证您的输出以相似两行)
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
四、装置Courier authentication library
# tar jxvf courier-authlib-0.62.4.tar.bz2
# cd courier-authlib-0.62.4
#./configure
  prefix=/usr/local/courier-authlib
  sysconfdir=/etc
  with-authmysql
  with-mysql-libs=/usr/lib/mysql
  with-mysql-includes=/usr/include/mysql
  with-redhat
  with-authmysqlrc=/etc/authmysqlrc
  with-authdaemonrc=/etc/authdaemonrc
  with-ltdl-lib=/usr/lib
  with-ltdl-include=/usr/include
# make
# make install
# chmod 755 /usr/local/courier-authlib/var/spool/authdaemon
# cp /etc/authdaemonrc.dist  /etc/authdaemonrc
# cp /etc/authmysqlrc.dist  /etc/authmysqlrc
修正/etc/authdaemonrc 文件
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=10
修正/etc/authmysqlrc 为以下内容,其间2525,2525 为postfix 用户的UID和GID。
MYSQL_SERVER localhost
MYSQL_PORT 3306       (指定你的mysql监听的端口,这儿运用默许的3306) 
MYSQL_USERNAME  extmail  (这时为后文要用的数据库的所有者的用户名) 
MYSQL_PASSWORD extmail    (暗码)
MYSQL_SOCKET  /var/lib/mysql/mysql.sock
MYSQL_DATABASE  extmail
MYSQL_USER_TABLE  mailbox
MYSQL_CRYPT_PWFIELD  password
MYSQL_UID_FIELD  2525
MYSQL_GID_FIELD  2525
MYSQL_LOGIN_FIELD  username
MYSQL_HOME_FIELD  concat(/var/mailbox/,homedir)
MYSQL_NAME_FIELD  name
MYSQL_MAILDIR_FIELD  concat(/var/mailbox/,maildir)
# cp courier-authlib.sysvinit /etc/init.d/courier-authlib
# chmod 755 /etc/init.d/courier-authlib
# chkconfig add courier-authlib
# chkconfig level 2345 courier-authlib on
#echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf.d/courier-authlib.conf
# ldconfig -v
# service courier-authlib start (发动效劳)
新建虚拟用户邮箱地点的目录,并将其权限赋予postfix用户:
#mkdir –pv /var/mailbox
#chown –R postfix /var/mailbox
接下来从头装备SMTP 认证,修正 /usr/local/lib/sasl2/smtpd.conf ,保证其为以下内容: pwcheck_method: authdaemond log_level: 3 mech_list:PLAIN LOGIN authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket
五、让postfix支撑虚拟域和虚拟用户
1、修正/etc/postfix/main.cf,增加如下内容:
Virtual Mailbox Settings
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
QUOTA Settings
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the users maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again later.
virtual_overquota_bounce = yes
2、运用extman源码目录下docs目录中的extmail.sql和init.sql树立数据库:
# tar zxvf  extman-1.1.tar.gz
# cd extman-1.1/docs
# mysql -u root -p <extmail.sql
# mysql -u root -p <init.sql
# cp mysql*  /etc/postfix/
3、颁发用户extmail拜访extmail数据库的权限
 mysql> GRANT all privileges on extmail.* TO extmail@localhost IDENTIFIED BY extmail; 
mysql> GRANT all privileges on extmail.* TO extmail@127.0.0.1 IDENTIFIED BY extmail;
阐明:启用虚拟域今后,需求撤销中心域,即注释掉myhostname, mydestination, mydomain, myorigin几个指令;当然,你也能够把mydestionation的值改为你自己需求的。
六、装备dovecot
# vi /etc/dovecot.conf
mail_location = maildir:/var/mailbox/%d/%n/Maildir
……
auth default {
  mechanisms = plain
  passdb sql {
    args = /etc/dovecot-mysql.conf
  }
  userdb sql {
    args = /etc/dovecot-mysql.conf
  }
  ……
# vi /etc/dovecot-mysql.conf       
driver = mysql
connect = host=localhost dbname=extmail user=extmail password=extmail
default_pass_scheme = CRYPT
password_query = SELECT username AS user,password AS password FROM mailbox WHERE username = %u          
user_query = SELECT maildir, uidnumber AS uid, gidnumber AS gid FROM mailbox WHERE username = %u
 接下来发动dovecot效劳:
# service dovecot start
# chkconfig dovecot on
 七、装置Extmail-1.2
1、装置
# tar zxvf extmail-1.2.tar.gz
# mkdir -pv /var/www/extsuite
# mv extmail-1.2 /var/www/extsuite/extmail
# cp /var/www/extsuite/extmail/webmail.cf.default  /var/www/extsuite/extmail/webmail.cf
2、修正主装备文件
#vi /var/www/extsuite/extmail/webmail.cf
部分修正选项的阐明:
SYS_MESSAGE_SIZE_LIMIT = 5242880
用户能够发送的最大邮件
SYS_USER_LANG = en_US
言语选项,可改作:
SYS_USER_LANG = zh_CN
SYS_MAILDIR_BASE = /home/domains
此处即为您在前文所设置的用户邮件的寄存目录,可改作:
SYS_MAILDIR_BASE = /var/mailbox
SYS_MYSQL_USER = db_user SYS_MYSQL_PASS = db_pass
以上两句句用来设置衔接数据库效劳器所运用用户名、暗码和邮件效劳器用到的数据库,这儿修正为:
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
SYS_MYSQL_HOST = localhost
指明数据库效劳器主机名,这儿默许即可
SYS_MYSQL_TABLE = mailbox
SYS_MYSQL_ATTR_USERNAME = username
SYS_MYSQL_ATTR_DOMAIN = domain
SYS_MYSQL_ATTR_PASSWD = password
以上用来指定验正用户登录里所用到的表,以及用户名、域名和用户暗码别离对应的表中列的称号;这儿默许即可 
 SYS_AUTHLIB_SOCKET = /var/spool/authdaemon/socket 此句用来指明authdaemo socket文件的方位,这儿修正为: SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket
3、apache相关装备
因为extmail要进行本地邮件的投递操作,故必须将运转apache效劳器用户的身份修正为您的邮件投递署理的用户;本例中打开了apache效劳器的suexec功用,故运用以下办法来完成虚拟主机运转身份的指定。此例中的MDA为postfix自带,因而将指定为postfix用户:
<VirtualHost *:80>
ServerName mail.test.com
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
SuexecUserGroup postfix postfix
</VirtualHost>
修正 cgi履行文件属主为apache运转身份用户:
 # chown -R postfix.postfix /var/www/extsuite/extmail/cgi/
假如您没有打开apache效劳器的suexec功用,也能够运用以下办法处理:
# vi /etc/httpd/httpd.conf
User postfix
Group postfix
<VirtualHost *:80>
ServerName mail.test.com
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
</VirtualHost>
4、依靠联系的处理
extmail将会用到perl的Unix::syslogd功用,您能够去http://search.cpan.org查找下载原码包进行装置。
# tar zxvf Unix-Syslog-0.100.tar.gz
# cd Unix-Syslog-0.100
# perl Makefile.PL
# make
# make install
5、发动apache效劳
# service httpd start
# chkconfig httpd on
八、装置Extman-1.1
1、装置及根本装备
# tar zxvf  extman-1.1.tar.gz
# mv extman-1.1 /var/www/extsuite/extman
修正装备文件以契合本例的需求:
# cp /var/www/extsuite/extman/webman.cf.default  /var/www/extsuite/extman/webman.cf
# vi /var/www/extsuite/extman/webman.cf
SYS_MAILDIR_BASE = /home/domains
此处即为您在前文所设置的用户邮件的寄存目录,可改作:
SYS_MAILDIR_BASE = /var/mailbox
修正cgi目录的属主:
# chown -R postfix.postfix /var/www/extsuite/extman/cgi/
在apache的主装备文件中Extmail的虚拟主机部分,增加如下两行:
ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi
Alias /extman /var/www/extsuite/extman/html
创立其运转时所需的暂时目录,并修正其相应的权限:
#mkdir  -pv  /tmp/extman
#chown postfix.postfix  /tmp/extman
修正
SYS_CAPTCHA_ON = 1
为
SYS_CAPTCHA_ON = 0
好了,到此为止,从头发动apache效劳器后,您的Webmail和Extman现已能够运用了,能够在浏览器中输入指定的虚拟主机的称号进行拜访,如下:
http://mail.test.com
挑选办理即可登入extman进行后台办理了。默许办理帐号为:root@extmail.org  暗码为:extmail*123*
这是登陆界面,需求先用办理员账号在办理员登陆页面登陆后增加个域,然后注册登陆


注册2个账号 相互发封邮件试试,能够收到那就恭喜了。。装备成功

登陆mysql看一下相关的数据库信息,有数据,则标明整个认证机制是依据mysql数据库完成的。

假如想完成图形日志功用,则持续下面装备

阐明: (1) 假如您装置后无法正常显现校验码,装置perl-GD模块会处理这个问题。假如想简略,您能够到以下地址下载合适您的渠道的rpm包,装置即可: 
 http://dries.ulyssis.org/rpm/packages/perl-GD/info.html 
(2) extman-1.1自带了图形化显现日志的功用;此功用需求rrdtool的支撑,您需求装置此些模块才或许正常显现图形日志。
 2、装备Mailgraph_ext,运用Extman的图形日志:(下面所需的软件包面要自己下载)
接下来装置图形日志的运转所需求的软件包Time::HiRes、File::Tail和rrdtool,其间前两个包您能够去http://search.cpan.org查找并下载取得,后一个包您能够到 http://oss.oetiker.ch/rrdtool/pub/?M=D下载取得; 留意装置次序不能转换。
装置Time::HiRes
#tar zxvf Time-HiRes-1.9707.tar.gz
#cd Time-HiRes-1.9707
#perl Makefile.PL
#make
#make test
#make install
装置File::Tail
#tar zxvf File-Tail-0.99.3.tar.gz
#cd File-Tail-0.99.3
#perl Makefile
#make
#make test
#make install
装置rrdtool-1.2.23
#tar zxvf rrdtool-1.2.23.tar.gz
#cd rrdtool-1.2.23
#./configure prefix=/usr/local/rrdtool
#make
#make install
创立必要的符号链接(Extman会到这些途径下找相关的库文件)
#ln -sv /usr/local/rrdtool/lib/perl/5.8.5/i386-linux-thread-multi/auto/RRDs/RRDs.so /usr/lib/perl5/5.8.5/i386-linux-thread-multi/
#ln -sv /usr/local/rrdtool/lib/perl/5.8.5/RRDp.pm /usr/lib/perl5/5.8.5
#ln -sv /usr/local/rrdtool/lib/perl/5.8.5/i386-linux-thread-multi/RRDs.pm /usr/lib/perl5/5.8.5
仿制mailgraph_ext到/usr/local,并发动之
# cp -r /var/www/extsuite/extman/addon/mailgraph_ext  /usr/local  
# /usr/local/mailgraph_ext/mailgraph-init start 
发动cmdserver(在后台显现体系信息) 
# /var/www/extsuite/extman/daemon/cmdserver daemon
增加到主动发动行列
# echo “/usr/local/mailgraph_ext/mailgraph-init start” >> /etc/rc.d/rc.local
# echo “/var/www/extsuite/extman/daemon/cmdserver -v -d” >> /etc/rc.d/rc.local 
运用办法: 等候大约15分钟左右,假如邮件体系有必定的流量,即可登陆到extman里,点“图形日志”即可看到图形化的日志。详细每天,周,月,年的则点击相应的图片进入即可。 
smtpd_recipient_restrictions=permit_mynetworks,
 permit_sasl_authenticated,
 reject_invalid_hostname,
 reject_non_fqdn_hostname,
 reject_unknown_sender_domain,
 reject_non_fqdn_sender,
 reject_non_fqdn_recipient,
 reject_unknown_recipient_domain,
 reject_unauth_pipelining,
 reject_unauth_destination
 
postconf -e "smtpd_client_restrictions = check_client_access hash:/etc/postfix/client_access,
 reject_rbl_client sbl.spamhaus.org, reject_rbl_client relays.ordb.org, reject_rbl_client
 opm.blitzed.org, reject_rbl_client list.dsbl.org,reject_rbl_client cbl.abuseat.org,
 reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client dun.dnsrbl.net"
postconf -e "smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access,
 reject_non_fqdn_sender, reject_unknown_sender_domain, reject_rhsbl_sender relays.ordb.org,
 reject_rhsbl_sender opm.blitzed.org, reject_rhsbl_sender dun.dnsrbl.net"
 
 
 
 
 
 
 
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Make sure the e-mail contains this string in the body, and that it’s the only thing there.
This is known as the EICAR test string. All Anti-Virus software should detect this as a virus (but of course, it’s not. It’s used for testing only.) 
 
   
版权声明
本文来源于网络,版权归原作者所有,其内容与观点不代表千亿集团立场。转载文章仅为传播更有价值的信息,如采编人员采编有误或者版权原因,请与我们联系,我们核实后立即修改或删除。

猜您喜欢的文章