飘零的代码 piao2010 ’s blog

转载请保留版权：http://piao2010.com 谢谢！
最近在公司实习，第一个任务就是配置一个企业内部的邮件服务系统，要求同时支持WEB方式和smtp pop3 imap收发邮件。
经过一番Google对主流软件进行筛选之后我决定采用的软件如下：
POSTFIX Courier-imap,Courier-authlib,Cyrus SASL,Maildrop
webmail采用extmail 后台extman
垃圾邮件过滤和病毒防护采用Amavisd-new, ClamAV,spamassassin,slockd
因为之前没接触过邮件服务配置，而且对Linux也不算太熟悉，一直用的是FreeBSD,所以这个任务整整花了10天多的时间终于在三台虚拟机上安装测试成功并最终在服务器上实现，我测试的是CentOS和Fedora 系统，重要软件采用源码方式安装，基本上可以适用于其它平台。

测试地址：http://mail.piao2010.com 欢迎大家测试！

参考文章
http://waringid.blog.51cto.com/65148/58412
http://www.extmail.org/docs/extmail_solution_linux/
http://os.51cto.com/art/200710/57530_1.htm
http://www.postfix.org/SASL_README.html
《POSTFIX权威指南》等等
感谢以上作者的辛勤劳动

 
***************************************************

一切重新开始：(2009-7-18)

***************************************************

yum install ntp
ntpdate 210.72.145.44 && clock -w#无关操作，因为虚拟机的时间总是不准，所以同步一下时间。

vi /etc/sysconfig/selinux
禁用selinux
如果不想禁用也可以用下面的命令
setsebool httpd_disable_trans=1
setsebool mysqld_disable_trans=1
iptables相关设置
允许 25 110 80 端口

设置hostname
/etc/sysconfig/network
/etc/hosts

增加相应用户和组
groupadd vmail
groupadd postfix
groupadd postdrop
groupmod -g 1001 vmail
useradd vmail -g vmail -u 1001 -d/var/mailbox
useradd postfix -g postfix -d/dev/null -s/sbin/nologin
yum install mysql-server
yum install mysql-devel
yum install httpd
以下是无关部分，采用extmail基于perl，主要是考虑到mysql操作用phpmyadmin比较方便！
yum install php
yum install php-mysql
yum install php-gd
*****PHP相关部分结束******
httpd.conf
<VirtualHost *:80>

    ServerAdmin root@hacker-piao.cn

    DocumentRoot /var/www/extsuite/extmail/html/

    ServerName mail.hacker-piao.cn

    ErrorLog /var/log/httpd/error_log

    ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi/

    Alias /extmail /var/www/extsuite/extmail/html/

    ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi/

    Alias /extman /var/www/extsuite/extman/html/

    SuexecUserGroup vmail vmail

</VirtualHost>

yum install gcc
yum install db4-devel
yum install gcc-c++
yum install gdbm-devel

alternatives –config mta

有的话选择postfix

rpm -aq | grep sendmail
rpm -e –nodeps sendmail相关组件

 

 

 

*************安装authlib******************************************
./configure –with-redhat –with-authmysql=yes –with-mailuser=vmail
–with-mailgroup=vmail –with-mysql-libs=/usr/lib/mysql–with-mysql-includes=/usr/include/mysql
–prefix=/usr/local/authlib –without-stdheaderdir
make
make install
make install-configure
grep “authdaemonvar” /usr/local/authlib/etc/authlib/authdaemonrc

##NAME: authdaemonvar:2
# authdaemonvar is here, but is not used directly by authdaemond.  It’s
authdaemonvar=/usr/local/authlib/var/spool/authdaemon

vi /usr/local/authlib/etc/authlib/authmysqlrc
数据库相关设置

vi /usr/local/authlib/etc/authlib/authdaemonrc
authmodulelist=”authmysql”
authmodulelistorig=”authmysql”
DEBUG_LOGIN=2#测试正常后改用0
共享链接库
echo “/usr/local/authlib/lib/courier-authlib” >> /etc/ld.so.conf

ldconfig -v | grep authlib

启动及加入到自动运行队列

cp courier-authlib.sysvinit /etc/init.d/courier-authlib

chmod 755 /etc/init.d/courier-authlib

chmod +x /usr/local/authlib/var/spool/authdaemon

service courier-authlib start
Starting Courier authentication services: authdaemond

chkconfig courier-authlib on
查看系统本身的sasl
saslauthd -v
saslauthd 2.1.22
authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap
一般来说最好是御载，系统自带的好像不能正常使用
rpm -qa | grep sasl
rpm -e –nodeps 相关组件
./configure –prefix=/usr/local/sasl2 –disable-anon –enable-plain –enable-login
–enable-sql –with-mysql=/usr/lib/mysql –with-mysql-includes=/usr/include/mysql
–with-mysql-libs=/usr/lib/mysql –with-authdaemond=/usr/local/authlib/var/spool/authdaemon/socket
本人测试在CentOS下可以编译，但是在fedora下无法编译，尝试去掉with-mysql部分顺利通过编译可以正常使用
make
make install

mv /usr/lib/sasl2 /usr/lib/sasl2.OFF 如果需要的话备份旧的文件
ln -sv /usr/local/sasl2/lib/* /usr/lib
ln -sv /usr/local/sasl2/lib/* /usr/local/lib
ln -sv /usr/local/sasl2/include/sasl/* /usr/local/include
mkdir -pv /var/state/saslauthd
echo “/usr/local/sasl2/lib” >> /etc/ld.so.conf
echo “/usr/local/sasl2/lib/sasl2″ >> /etc/ld.so.conf
ldconfig -v | grep sasl2
vi /usr/local/sasl2/lib/sasl2/smtpd.conf

pwcheck_method: authdaemond

mech_list: PLAIN LOGIN

log_level: 3

authdaemond_path: /usr/local/authlib/var/spool/authdaemon/socket
chmod +x /usr/local/authlib/var/spool/authdaemon/socket
经测试不执行以下两句也没事,不过好多教程上都这样做了，个人感觉是多余的，配置没有涉及到pam，我没有执行
echo “/usr/local/sasl2/sbin/saslauthd -a shadow pam”>>/etc/rc.local
/usr/local/sasl2/sbin/saslauthd -a shadow pam

 
**************安装postfix************************************
make -f Makefile.init makefiles ‘CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/local/sasl2/include/sasl ‘ ‘AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/local/sasl2/lib -lsasl2 -L/usr/lib -lssl -lcrypto’
make
make install

生成别名二进制文件，网上有人说这个步骤如果忽略，会造成postfix效率极低：我没测试过
mv /etc/aliases /etc/aliases.bak
ln -s /etc/postfix/aliases /etc/aliases
newaliases

vi /etc/rc.local
postfix start
queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/libexec/postfix

data_directory = /var/lib/postfix

mail_owner = postfix

debug_peer_level = 2

debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail

newaliases_path = /usr/bin/newaliases

mailq_path = /usr/bin/mailq

setgid_group = postdrop

html_directory = no

manpage_directory = /usr/local/man

sample_directory = /etc/postfix

readme_directory = no
#=====================BASE=========================

myhostname = mail.hacker-piao.cn

mydomain = hacker-piao.cn

myorigin = $mydomain

mydestination = $myhostname localhost.$mydomain

mynetworks = 127.0.0.0/8

inet_interfaces = all

 

#=====================Vritual Mailbox settings======================

virtual_mailbox_base = /var/mailbox

virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_maps.cf

virtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql_virtual_domains_maps.cf

virtual_alias_maps = mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf

virtual_uid_maps = static:1001

virtual_gid_maps = static:1001

virtual_transport = maildrop

maildrop_destination_recipient_limit = 1

maildrop_destination_concurrency_limit = 1

 

#====================QUOTA========================

message_size_limit = 14336000

virtual_mailbox_limit = 20971520

virtual_create_maildirsize = yes

virtual_mailbox_extended = yes

virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_limit_maps.cf

virtual_mailbox_limit_override = yes

virtual_maildir_limit_message = Sorry, the user’s maildir has overdrawn his diskspace quota, please try again later.

virtual_overquota_bounce = yes
 

 

 

#====================SASL========================

broken_sasl_auth_clients = yes
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination
smtpd_sasl_auth_enable = yes

smtpd_sasl_local_domain =

smtpd_sasl_security_options = noanonymous
smtpd_sasl_path = smtpd

smtpd_banner=Welcome to hacker-piao.cn mail server!—(:support by www.hacker-piao.cn:)

 
alias_maps = hash:/etc/aliases

unknown_local_recipient_reject_code = 450

 
################################Amavis Start(if need delete following line #)#####################

#content_filter = amavisfeed:[127.0.0.1]:10024

#max_use=10

#receive_override_options = no_address_mappings

################################Amavis END###########################
#vi /etc/postfix/master.cf

aildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/local/maildrop/bin/maildrop  -d ${user}@${nexthop} ${recipient} ${user} ${extension} {nexthop}

 

 

 

 

*****************安装maildrop**********************
yum install pcre-devel

ln -sv /usr/local/authlib/bin/courierauthconfig /usr/bin
ln -sv /usr/local/authlib/include/* /usr/include
./configure  –prefix=/usr/local/maildrop 
–enable-sendmail=/usr/sbin/sendmail
–enable-trusted-users=’root vmail’ 
–enable-syslog=1 –enable-maildirquota 
–enable-maildrop-uid=1001  –enable-maildrop-gid=1001 
–with-trashquota –with-dirsync
make
make install
cp /usr/local/maildrop/bin/maildrop /usr/bin
maildrop -v
maildrop 2.0.4 Copyright 1998-2005 Double Precision, Inc.
GDBM extensions enabled.
Courier Authentication Library extension enabled.(这句一定要有，不然就麻烦了！)
Maildir quota extension enabled.
This program is distributed under the terms of the GNU General Public
License. See COPYING for additional information.

 

vi /etc/maildroprc
logfile “/var/log/maildrop.log”
VERBOSE=”4″
touch /var/log/maildrop.log
chown vmail.vmail /var/log/maildrop.log
*******************安装courier-imap********************************

export COURIERAUTHCONFIG=/usr/local/authlib/bin/courierauthconfig

./configure –prefix=/usr/local/imap –with-redhat –disable-root-check
–enable-unicode=utf-8,iso-8859-1,gb2312,gbk,gb18030 –with-trashquota
–with-dirsync –with-mysql-libs=/usr/lib/mysql –with-mysql-includes=/usr/include/mysql
–with-authmysql –with-authmysql=yes –disable-root-check
make
make install
make install-configure
修改配置文件
vi /usr/local/imap/etc/pop3d
“POP3DSTART=NO”改成”POP3DSTART=YES”，
vi /usr/local/imap/etc/imapd
“IMAPDSTART=NO”改成”IMAPDSTART=YES”
cp courier-imap.sysvinit /usr/local/imap/sbin/imapd
chmod +x /usr/local/imap/sbin/imapd
/usr/local/imap/sbin/imapd  start
cp courier-imap.sysvinit /etc/rc.d/init.d/courier-imapd
chmod 755 /etc/rc.d/init.d/courier-imapd
chkconfig –add courier-imapd
chkconfig –level 2345 courier-imapd on

 

 

mkdir -pv /var/mailbox
chmod -R 755 /var/mailbox  &&  chown -R vmail:vmail /var/mailbox
mkdir -p /etc/postfix/mysql/
mkdir -vp /var/www/extsuite/extmail
tar zxf extmail.tar.gz
cd extmail
mv * /var/www/extsuite/extmail/
tar zxf extman.tar.gz
cd extman
mkdir -vp /var/www/extsuite/extman
mv * /var/www/extsuite/extman/
cp /var/www/extsuite/extman/docs/mysql_virtual_domains_maps.cf /etc/postfix/mysql/
mysql_virtual_mailbox_maps.cf
mysql_virtual_mailbox_limit_maps.cf
mysql_virtual_alias_maps.cf
一共4个文件
如果需要修改extmail的密码的话这里自行修改相应的密码
更改init.sql中extmail.org的名称为自已域名

mysql -u root -p < ./extmail.sql

mysql -u root -p < ./init.sql

这部分根据需要处理，extman的数据库文件里面已经创建了相关用户extmail 和 webman，为了安全一定要修改密码。
修改root密码方法
mysqladmin -uroot -p password ‘新密码’
use mysql;
修改普通帐号密码
update user set password=password(’你自己的密码哦！要强壮！’) where User=’extmail’;
update user set password=password(’你自己的密码哦！要强壮！’) where User=’webman’;
flush privileges;

extman后台root@yourdomain.com默认密码extmail*123*,尽快修改！

 

 

chmod -R 755 cgi   chown -R vmail:vmail cgi不执行也没事的

unix-syslog
源码安装也很容易tar zxf 安装包 && cd相应目录 && perl Maker.PL  && make  && make install
或者rpm方式安装
rpm -ivh ftp://ftp.pbone.net/mirror/archive.fedoraproject.org/fedora/linux/releases/7/Everything/i386/os/Fedora/perl-Unix-Syslog-0.100-9.fc7.i386.rpm
vi /var/www/extsuite/extman/webman.cf
SYS_CAPTCHA_ON = 1  //0为关闭验证码

主要就是用户名密码和编码设置，具体细节我就不贴出来了。

 详细参数设置可以参考官网http://www.extmail.org/docs/Extmail_Parameter_Intro/
vi /var/www/extsuite/extmail/webmail.cf
设置同上

 
到此基本功能已经实现，调试的时候主要看tail -f /var/log/maillog 文件根据错误提示修改，一般来说肯定会遇到问题的。不断通过Google解决问题。我是在虚拟机上模拟三次以后直接上服务器操作才一次性成功的。
文章比较长，这里只是一半，后续部分看我的安装笔记（二）
配置邮件服务需相当有耐心，有问题可以一起交流哈！

相关日志

• 2006年100款最佳安全工具谱 (0)
• 基于Postfix+sasl+courier-imap+courier-authlib+clamav+slockd+amavisd邮件系统配置安装笔记(调试观测) (0)
• 入侵检测系统IDS（FreeBSD:Snort） (0)
• 什么是运维工程师？ (3)
• 下一代的入侵检测关键技术分析 (0)

Tags: BSD, Linux, PHP, postfix, webmail

This entry was posted on 星期五, 7月 24th, 2009 at 16:58 and is filed under FreeBSD, Linux. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.