postfix+mysql+apache+dovecot支持虚拟用户虚拟域名的邮件系统

   postfix是Wietse Venema在IBM的GPL协议之下开发的MTA(邮件传输代理)软件,用于替代早期sendmail的软件
事实上灵活,健壮和安全的特点已使得它越来越使它变成中小企业级应用中的宠儿
   然而postfix本身是不支持身份认证,使得早期垃圾邮件变得猖獗,但可以借助SASL simple authentication security lay  简单认证安全层
来将认证功能外包给SASL。而SASL只是个认证安全层,不提供功能,但可以通过将不同的认证方式外包给LAMP mysql
虚拟用户等认证结构,来实现认证功能,进而减少了垃圾邮件在internet中的带宽占用
   虚拟域名邮件系统 顾名思义就是在一个postfix中支持对不同的域名的邮件收发,如果是本域邮件
则负责收取,否则就根据配置文件中所支持的DESTINNATION转发到外域中  
具体拓扑结构如下图所示:
postfix虚拟域名邮件服务器



 这里所要构建的邮件系统支持web页面登录和本地MUA收发两种方式
 一、准备工作:
 安装开发包组:“Development Tools” “Development Libraries”
 安装 apache 组件 如果你已经安装有了apache 跳过此步
 安装一下软件包:
  tcl, tcl-devel, libart_lgpl, libart_lgpl-devel, libtool-ltdl, libtool-ltdl-devel, expect
 
 二、关闭sendmail服务:(防止与postfix服务发生冲突)
    service sendmail stop
    chkconfig --del sendmail
    chkconfig sendmail off
 三、开启saslauthd服务
     chkconfig --add saslauthd 
     chkconfig saslauthd on
     service saslauthd start
 四、安装配置mysql-5.5.20
      这里用到的是mysql-5.5.20-linux2.6-i686.tar.gz 直接解压,进行如下配置就可使用
      tar xf mysql-5.5.20-linux2.6-i686.tar.gz -C /usr/local
      cd /usr/local
      ln -sv /usr/local/mysql-5.5.20-linux2.6-i686 mysql
      cd mysql
       # groupadd -r mysql
       # useradd -g mysql -r -s /sbin/nologin -M -d /mydata/data mysql
       # chown -R mysql:mysql /mydata/data
       # chown -R mysql:mysql  .
       # scripts/mysql_install_db --user=mysql --datadir=/mydata/data
       # chown -R root 
       # cd /usr/local/mysql
       # cp support-files/my-large.cnf  /etc/my.cnf
 并修改此文件中thread_concurrency的值为你的CPU个数乘以2,比如这里使用如下行:
 thread_concurrency = 2

另外还需要添加如下行指定mysql数据文件的存放位置:
datadir = /mydata/data
 为mysql提供sysv服务脚本:

# cd /usr/local/mysql
# cp support-files/mysql.server  /etc/rc.d/init.d/mysqld

添加至服务列表:
# chkconfig --add mysqld
# chkconfig mysqld on
 
 # ln -sv /usr/local/mysql/include  /usr/include/mysql
 # echo '/usr/local/mysql/lib' > /etc/ld.so.conf.d/mysql.conf
 
 五、安装配置postfix
    # groupadd -g 2525 postfix
# useradd -g postfix -u 2525 -s /sbin/nologin -M postfix
# groupadd -g 2526 postdrop
# useradd -g postdrop -u 2526 -s /sbin/nologin -M postdrop

# tar zxvf postfix-2.9.1.tar.gz
# cd postfix-2.9.1
# make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl  -DUSE_TLS ' 'AUXLIBS=-L/usr/local/mysql/lib -lmysqlclient -lz -lm -L/usr/lib/sasl2 -lsasl2  -lssl -lcrypto'
# make
# make install
可使用默认的方法安装
 
 # vim /etc/postfix/main.cf

修改以下几项为您需要的配置      
myhostname = mail.leezqang.com     //你需要在dns的正向文件反向文件中添加MX记录和PTR记录,以实现对leezqang域的邮件解析和反向解析
myorigin = leezqang.com
mydomain = leezqang.com
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 192.168.1.0/24, 127.0.0.0/8


为postfix提供SysV服务脚本/etc/rc.d/init.d/postfix,内容如下(#END 之前):
#!/bin/bash
#
# postfix      Postfix Mail Transfer Agent
#
# chkconfig: 2345 80 30
# description: Postfix is a Mail Transport Agent, which is the program \
#              that moves mail from one machine to another.
# processname: master
# pidfile: /var/spool/postfix/pid/master.pid
# config: /etc/postfix/main.cf
# config: /etc/postfix/master.cf

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ $NETWORKING = "no" ] && exit 3

[ -x /usr/sbin/postfix ] || exit 4
[ -d /etc/postfix ] || exit 5
[ -d /var/spool/postfix ] || exit 6

RETVAL=0
prog="postfix"

start() {
# Start daemons.
echo -n $"Starting postfix: "
        /usr/bin/newaliases >/dev/null 2>&1
/usr/sbin/postfix start 2>/dev/null 1>&2 && success || failure $"$prog start"
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/postfix
        echo
return $RETVAL
}

stop() {
  # Stop daemons.
echo -n $"Shutting down postfix: "
/usr/sbin/postfix stop 2>/dev/null 1>&2 && success || failure $"$prog stop"
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/postfix
echo
return $RETVAL
}

reload() {
echo -n $"Reloading postfix: "
/usr/sbin/postfix reload 2>/dev/null 1>&2 && success || failure $"$prog reload"
RETVAL=$?
echo
return $RETVAL
}

abort() {
/usr/sbin/postfix abort 2>/dev/null 1>&2 && success || failure $"$prog abort"
return $?
}

flush() {
/usr/sbin/postfix flush 2>/dev/null 1>&2 && success || failure $"$prog flush"
return $?
}

check() {
/usr/sbin/postfix check 2>/dev/null 1>&2 && success || failure $"$prog check"
return $?
}

restart() {
stop
start
}

# See how we were called.
case "$1" in
  start)
start
;;
  stop)
stop
;;
  restart)
stop
start
;;
  reload)
reload
;;
  abort)
abort
;;
  flush)
flush
;;
  check)
check
;;
  status)
  status master
;;
  condrestart)
[ -f /var/lock/subsys/postfix ] && restart || :
;;
  *)
echo $"Usage: $0 {start|stop|restart|reload|abort|flush|check|status|condrestart}"
exit 1
esac

exit $?

# END

为此脚本赋予执行权限:
# chmod +x /etc/rc.d/init.d/postfix

将postfix服务添加至服务列表:
# chkconfig --add postfix

设置其开机自动启动:
# chkconfig postfix on

使用此脚本重新启动服务,以测试其能否正常执行:
# service postfix restart

 
六、为postfix开启基于cyrus-sasl的认证功能

使用以下命令验正postfix是否支持cyrus风格的sasl认证,如果您的输出为以下结果,则是支持的:
# postconf -a
cyrus
dovecot

#vi /etc/postfix/main.cf
添加以下内容:
############################CYRUS-SASL############################
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!

#vim /usr/lib/sasl2/smtpd.conf
添加如下内容:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

让postfix重新加载配置文件
#/usr/sbin/postfix reload
 
 # telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 Welcome to our mail.magedu.com ESMTP,Warning: Version not Available!
ehlo mail.magedu.com
250-mail.magedu.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN               (请确保您的输出以类似两行)
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
 
 七、安装Courier authentication library
 本文中使用的mysql是非rpm包的安装方式安装出来的,请确保你的系统上没有其它的mysql相关的rpm包,否则为courier-authlib执行configure时会报错。如果的确要用到mysql,也可以在编译courier-authlib完成后再将mysql安装上。卸载本地安装的mysql方法和安装mysql的方法如下:
# rpm -e mysql --nodeps
# yum -y install mysql

# tar jxvf courier-authlib-0.62.4.tar.bz2
# cd courier-authlib-0.62.4
#./configure \
    --prefix=/usr/local/courier-authlib \
    --sysconfdir=/etc \
    --without-authpam \
    --without-authshadow \
    --without-authvchkpw \
    --without-authpgsql \
    --with-authmysql \
    --with-mysql-libs=/usr/local/mysql/lib \
    --with-mysql-includes=/usr/local/mysql/include \
    --with-redhat \
    --with-authmysqlrc=/etc/authmysqlrc \
    --with-authdaemonrc=/etc/authdaemonrc \
    --with-mailuser=postfix \
    --with-mailgroup=postfix \
    --with-ltdl-lib=/usr/lib \
    --with-ltdl-include=/usr/include
# make
# make install

# chmod 755 /usr/local/courier-authlib/var/spool/authdaemon
# cp /etc/authdaemonrc.dist  /etc/authdaemonrc
# cp /etc/authmysqlrc.dist  /etc/authmysqlrc

修改/etc/authdaemonrc 文件
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=10

3、配置其通过mysql进行邮件帐号认证

编辑/etc/authmysqlrc 为以下内容,其中2525,2525 为postfix 用户的UID和GID。
MYSQL_SERVER localhost
MYSQL_PORT 3306                   (指定你的mysql监听的端口,这里使用默认的3306)
MYSQL_USERNAME  extmail      (这时为后文要用的数据库的所有者的用户名)
MYSQL_PASSWORD extmail        (密码)
MYSQL_SOCKET  /tmp/mysql.sock
MYSQL_DATABASE  extmail
MYSQL_USER_TABLE  mailbox
MYSQL_CRYPT_PWFIELD  password
MYSQL_UID_FIELD  '2525'
MYSQL_GID_FIELD  '2525'
MYSQL_LOGIN_FIELD  username
MYSQL_HOME_FIELD  concat('/var/mailbox/',homedir)
MYSQL_NAME_FIELD  name
MYSQL_MAILDIR_FIELD  concat('/var/mailbox/',maildir)

4、提供SysV服务脚本

# cp courier-authlib.sysvinit /etc/rc.d/init.d/courier-authlib
# chmod 755 /etc/init.d/courier-authlib
# chkconfig --add courier-authlib
# chkconfig --level 2345 courier-authlib on

#echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf.d/courier-authlib.conf
# ldconfig -v
# service courier-authlib start   (启动服务)
 
 新建虚拟用户邮箱所在的目录,并将其权限赋予postfix用户:
#mkdir –pv /var/mailbox
#chown –R postfix /var/mailbox

接下来重新配置SMTP 认证,编辑 /usr/lib/sasl2/smtpd.conf ,确保其为以下内容:
pwcheck_method: authdaemond
log_level: 3
mech_list:PLAIN LOGIN
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket
 
 八、让postfix支持虚拟域和虚拟用户

1、编辑/etc/postfix/main.cf,添加如下内容:
########################Virtual Mailbox Settings########################
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
##########################QUOTA Settings########################
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again later.
virtual_overquota_bounce = yes

九、使用extman源码目录下docs目录中的extmail.sql和init.sql建立数据库:

# tar zxvf  extman-1.1.tar.gz
# cd extman-1.1/docs
vim extmail.sql
将TYPE=MyISAM 替换成ENGINE=MyISAM 
:%s@TYPE=MyISAM@INGINE=MyISAM@g
 保存退出
# mysql -u root -p < extmail.sql
# mysql -u root -p <init.sql
# cp mysql*  /etc/postfix/

3、授予用户extmail访问extmail数据库的权限
mysql> GRANT all privileges on extmail.* TO extmail@localhost IDENTIFIED BY 'extmail';
mysql> GRANT all privileges on extmail.* TO extmail@127.0.0.1 IDENTIFIED BY 'extmail';

说明:启用虚拟域以后,需要取消中心域,即注释掉myhostname, mydestination, mydomain, myorigin几个指令;当然,你也可以把mydestionation的值改为你自己需要的。

十、配置dovecot

# vi /etc/dovecot.conf
mail_location = maildir:/var/mailbox/%d/%n/Maildir
……
auth default {
    mechanisms = plain
    passdb sql {
        args = /etc/dovecot-mysql.conf
    }
    userdb sql {
        args = /etc/dovecot-mysql.conf
    }
    ……

# vim /etc/dovecot-mysql.conf                 
driver = mysql
connect = host=localhost dbname=extmail user=extmail password=extmail
default_pass_scheme = CRYPT
password_query = SELECT username AS user,password AS password FROM mailbox WHERE username = '%u'                            
user_query = SELECT maildir, uidnumber AS uid, gidnumber AS gid FROM mailbox WHERE username = '%u'

接下来启动dovecot服务:

# service dovecot start
# chkconfig dovecot on



十一、安装Extmail-1.2

1、安装
# tar zxvf extmail-1.2.tar.gz
# mkdir -pv /var/www/extsuite
# mv extmail-1.2 /var/www/extsuite/extmail
# cp /var/www/extsuite/extmail/webmail.cf.default  /var/www/extsuite/extmail/webmail.cf

2、修改主配置文件
#vi /var/www/extsuite/extmail/webmail.cf

部分修改选项的说明:

SYS_MESSAGE_SIZE_LIMIT = 5242880
用户可以发送的最大邮件

SYS_USER_LANG = en_US
语言选项,可改作:
SYS_USER_LANG = zh_CN

SYS_MAILDIR_BASE = /home/domains
此处即为您在前文所设置的用户邮件的存放目录,可改作:
SYS_MAILDIR_BASE = /var/mailbox

SYS_MYSQL_USER = db_user
SYS_MYSQL_PASS = db_pass
以上两句句用来设置连接数据库服务器所使用用户名、密码和邮件服务器用到的数据库,这里修改为:
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail

SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock
修改为:
SYS_MYSQL_SOCKET = /tmp/mysql.sock

SYS_MYSQL_HOST = localhost
指明数据库服务器主机名,这里默认即可

SYS_MYSQL_TABLE = mailbox
SYS_MYSQL_ATTR_USERNAME = username
SYS_MYSQL_ATTR_DOMAIN = domain
SYS_MYSQL_ATTR_PASSWD = password

以上用来指定验正用户登录里所用到的表,以及用户名、域名和用户密码分别对应的表中列的名称;这里默认即可

SYS_AUTHLIB_SOCKET = /var/spool/authdaemon/socket
此句用来指明authdaemo socket文件的位置,这里修改为:
SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket


3、apache相关配置



如果您没有打开apache服务器的suexec功能,也可以使用以下方法解决:
# vi /etc/httpd/httpd.conf
User postfix
Group postfix

<VirtualHost *:80>
ServerName mail.leezqang.com
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
</VirtualHost>

4、依赖关系的解决

extmail将会用到perl的Unix::syslogd功能,您可以去http://search.cpan.org搜索下载原码包进行安装。
# tar zxvf Unix-Syslog-0.100.tar.gz
# cd Unix-Syslog-0.100
# perl Makefile.PL
# make
# make install

5、启动apache服务
# service httpd start
# chkconfig httpd on



十二、安装Extman-1.1

1、安装及基本配置

# tar zxvf  extman-1.1.tar.gz
# mv extman-1.1 /var/www/extsuite/extman

修改配置文件以符合本例的需要:
# cp /var/www/extsuite/extman/webman.cf.default  /var/www/extsuite/extman/webman.cf
# vi /var/www/extsuite/extman/webman.cf

SYS_MAILDIR_BASE = /home/domains
此处即为您在前文所设置的用户邮件的存放目录,可改作:
SYS_MAILDIR_BASE = /var/mailbox

SYS_DEFAULT_UID = 1000
SYS_DEFAULT_GID = 1000
此两处后面设定的ID号需更改为前而创建的postfix用户和postfix组的id号,本文使用的是2525,因此,上述两项需要修改为:
SYS_DEFAULT_UID = 2525
SYS_DEFAULT_GID = 2525

SYS_MYSQL_USER = webman
SYS_MYSQL_PASS = webman
修改为:
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail

SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock
修改为:
SYS_MYSQL_SOCKET = /tmp/mysql.sock

而后修改cgi目录的属主:
# chown -R postfix.postfix /var/www/extsuite/extman/cgi/

在apache的主配置文件中Extmail的虚拟主机部分,添加如下两行:
ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi
Alias /extman /var/www/extsuite/extman/html

创建其运行时所需的临时目录,并修改其相应的权限:
#mkdir  -pv  /tmp/extman
#chown postfix.postfix  /tmp/extman

修改
SYS_CAPTCHA_ON = 1
SYS_CAPTCHA_ON = 0

好了,到此为止,重新启动apache服务器后,您的Webmail和Extman已经可以使用了,可以在浏览器中输入指定的虚拟主机的名称进行访问,如下:
http://mail.leezqang.com

如果无法正常进入管理页面请确保perl-DBD-MySQL 安装成功

选择管理即可登入extman进行后台管理了。默认管理帐号为:root@extmail.org  密码为:extmail*123*