postfix ,但是它只是一个 smtp server ,要配置完整的 mail 还要有个 pop3/imap ,在这里我选择了 dovecot ,原因是比较新,更重要的是,它有很多安全配置功能。
    很多 C/S 的协议是没有验证能力的,或者说验证能力很弱。所以我们要找个专业的加强用户验证功能的软件,这个软件就是 Cyrus SASL 即简单的认证机制。在网上用 LDAP 的人也很多,因为公司网络没有其他要用 LDAP 认证的,所以我没有用这个,以后会出现在补充文档里。
SASL 密码加密库 < == smtp server < == SASL 认证算法=== > smtp client
 
1.安装软件
[root@zh888 ~]# yum  -y install lftp
[root@zh888 ~]# lftpget http://pkgs.repoforge.org/perl-Text-Iconv/perl-Text-Iconv-1.4-1.2.el5.rf.i386.rpm
[root@zh888 ~]# rpm -ivh perl-Text-Iconv-1.4-1.2.el5.rf.i386.rpm
[root@zh888 ~]# cp -rf openwebmail.repo /etc/yum.repos.d
[root@zh888 ~]# yum install postfix dovecot openwebmail cyrus-sasl httpd
 
2.配置文件
[root@zh888 yum.repos.d]# cat /etc/dovecot/dovecot.conf //用[root@zh888 yum.repos.d]# doveconf -n >dovecot-new.conf
# 2.0.9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-71.el6.i686 i686 CentOS Linux release 6.0 (Final)
listen = *
auth_mechanisms = plain

disable_plaintext_auth = no
ssl= no
 
mail_location =maildir:/home/%u

mbox_write_locks = fcntl
passdb {
  driver = pam
}
protocols = pop3
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
userdb {
  driver = passwd
}
[root@zh888 ~]# chkconfig dovecot on//开机启动

[root@zh888 ~]# service dovecot start

[root@zh888 ~]# chkconfig saslauthd on
[root@zh888 ~]# cat /etc/sysconfig/saslauthd
# Directory in which to place saslauthd's listening socket, pid file, and so
# on.  This directory must already exist.
SOCKETDIR=/var/run/saslauthd
# Mechanism to use when checking passwords.  Run "saslauthd -v" to get a list
# of which mechanism your installation was compiled with the ablity to use.
MECH=shadow//修改为shadow
# Options sent to the saslauthd. If the MECH is other than "pam" uncomment the next line.
# DAEMONOPTS=--user saslauth
# Additional flags to pass to saslauthd on the command line.  See saslauthd(8)
# for the list of accepted flags.
FLAGS=

[root@zh888 sysconfig]# cat /usr/lib/sasl2/smtpd.conf//添加认证如果没有文件直接vi一个smtpd.conf文件
pwcheck_method:saslauthd
saslauthd_path:/var/run/saslauthd/mux
 
[root@zh888 sysconfig]# service saslauthd restart
Stopping saslauthd:                                        [  OK  ]
Starting saslauthd:                                        [  OK  ]
[root@zh888 sysconfig]# testsaslauthd -u zh888 -p '123456' //测试成功
0: OK "Success."
 
配置postfix2.6.6版本
[root@zh888 sysconfig]# cat /etc/postfix/main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
 
daemon_directory = /usr/libexec/postfix
 
mail_owner = postfix
 
myhostname = mail.zh888.com //修改自己的路径
 
mydomain = zh888.com//修改自己的顶级域名
 
myorigin = $mydomain
 
inet_interfaces = all
 
mydestination = localhost.$mydomain, localhost, $mydomain
 
unknown_local_recipient_reject_code = 550
 
mynetworks = 192.168.40.0/24//修改自己的ip
 
alias_maps = hash:/etc/aliases
 
alias_database = hash:/etc/aliases
 
debug_peer_level = 2
 
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5
 
sendmail_path = /usr/sbin/sendmail.postfix
 
newaliases_path = /usr/bin/newaliases.postfix
 
mailq_path = /usr/bin/mailq.postfix
 
setgid_group = postdrop
 
html_directory = no
 
manpage_directory = /usr/share/man
 
sample_directory = /usr/share/doc/postfix-2.6.6/samples
 
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
 
mail_spool_directory = /var/spool/mail
#mailbox_command = /usr/bin/procmail//这句话启动就发送不了邮件状态为deferred
LOGFILE=/var/log/mail/procmail.log
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
default_process_limit = 50
default_destination_concurrency_limit = 20
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =  $myhostname
smtpd_sasl_application_name = smtpd
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination
smtpd_client_restrictions = permit_sasl_authenticated
smtpd_sasl_security_options = noanonymous

[root@zh888 ~]# service postfix restart//重新启动postfix服务
Shutting down postfix:                                     [  OK  ]
Starting postfix:                                          [  OK  ]
[root@zh888 ~]# chkconfig postfix on//开机启动postfix
测试postfix、dovecot
[root@zh888 ~]# netstat -altpn|grep 25
tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN      32567/master       
tcp        0     48 192.168.40.40:22            192.168.40.41:2577          ESTABLISHED 1613/1             
[root@zh888 ~]# netstat -altpn|grep 110
tcp        0      0 0.0.0.0:110                 0.0.0.0:*                   LISTEN      32286/dovecot      
[root@zh888 ~]# netstat -altpn|grep 143
tcp        0      0 0.0.0.0:143                 0.0.0.0:*                   LISTEN      32286/dovecot      
[root@zh888 ~]# netstat -altpn|grep 993
tcp        0      0 0.0.0.0:993                 0.0.0.0:*                   LISTEN      32286/dovecot      
[root@zh888 ~]# netstat -altpn|grep 995
tcp        0      0 0.0.0.0:995                 0.0.0.0:*                   LISTEN      32286/dovecot      
 
最后配置openwebmail
vi /var/www/cgi-bin/openwebmail/etc/openwebmail.conf
# in cgi-bin/openwebmail/etc/defaults/openwebmail.conf
domainnames                     zh888.com
default_language                zh_CN.GB2312
default_timeoffset              +0800
default_iconset                Cool3D.Chinese.Simplified
auth_module                     auth_unix.pl
mailspooldir                    /var/spool/mail
ow_cgidir                       /var/www/cgi-bin/openwebmail
ow_cgiurl                       /cgi-bin/openwebmail
ow_htmldir                      /var/www/data/openwebmail
ow_htmlurl                      /data/openwebmail
logfile                         /var/log/openwebmail.log

cat /var/www/cgi-bin/openwebmail/etc/defaults/openwebmail.conf
# host dependent configuration
##############################################################################
domainnames             zh888
smtpserver              192.168.40.40
authpop3_server         192.168.40.40
smtpport                25
smtpauth                no
virtusertable           /etc/mail/virtusertable
auth_module             auth_unix.pl
auth_withdomain         no
auth_domain             auto
quota_module            none
[root@zh888 ~]# cd /var/www/cgi-bin/openwebmail/切换到openwebmail目录
[root@zh888 openwebmail]# ./openwebmail-tool.pl --init//安装openwebmail
Send the site report?(Y/n) Y
sending report...
Thank you.
因为是rpm装的ScriptAlias的配置已经自动添加了,装了openwebmail之后记得重启httpd。
浏览http://mail.zh888.com/webmail即可。本人在xp上就是http://192.168.40.40/webmail
直接用系统账号登
 
最后配置bind域名服务
 
[root@zh888 dovecot]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
        listen-on port 53 { any; };//任何人
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { 0.0.0.0/0; };任意ip
        recursion yes;
        forward only;
        forwarders{ 202.101.172.35;};//打开转发dns功能
       
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;
        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
        type hint;
        file "named.ca";
};
include "/etc/named.rfc1912.zones";
 
[root@zh888 dovecot]# cat /etc/named.rfc1912.zones //查看区域文件。
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "localhost.localdomain" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};
zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};
zone "0.in-addr.arpa" IN {
        type master;
        file "named.empty";
        allow-update { none; };
};
zone "zh888.com" IN {           
type master;                     //写一个正向区域文件zh888.com
file "zh888.com";               
allow-update { none; };
};
[root@zh888 dovecot]# cat /var/named/zh888.com //写一个正向区域文件内容如下:
$TTL 1D
@ IN   SOA  zh888.com. root.zh888.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
                   
 NS @
 A  127.0.0.1
 AAAA ::1
www    IN   A    192.168.40.40
mail   IN   A    192.168.40.40 //创建a记录mail
mail   IN   MX 10  mail.zh888.com //设置邮件交换。


[root@zh888 openwebmail]# tail -F /var/log/maillog //查看maillog文件。
Apr  2 00:01:11 zh888 postfix/smtpd[32742]: disconnect from zh888.com[192.168.40.40]
Apr  2 00:01:11 zh888 postfix/local[32746]: 09B69808DD: to=<zh888@zh888.com>, relay=local, delay=0.09, delays=0.06/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox)
Apr  2 00:01:11 zh888 postfix/qmgr[32570]: 09B69808DD: removed
Apr  2 00:13:49 zh888 postfix/smtpd[32767]: connect from zh888.com[192.168.40.40]
Apr  2 00:13:49 zh888 postfix/smtpd[32767]: 52DA9808DD: client=zh888.com[192.168.40.40]
Apr  2 00:13:49 zh888 postfix/cleanup[303]: 52DA9808DD: message-id=<20120401161336.M87645@zh888.com>
Apr  2 00:13:49 zh888 postfix/qmgr[32570]: 52DA9808DD: from=<foxmail@zh888.com>, size=762, nrcpt=1 (queue active)
Apr  2 00:13:49 zh888 postfix/smtpd[32767]: disconnect from zh888.com[192.168.40.40]
Apr  2 00:13:49 zh888 postfix/local[304]: 52DA9808DD: to=<zh888@zh888.com>, relay=local, delay=0.09, delays=0.06/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox)
Apr  2 00:13:49 zh888 postfix/qmgr[32570]: 52DA9808DD: removed
 
 
遇到的问题
 zh888 postfix/local[2393]: E7D5281967: to=<test@zh888.com>, relay=local, delay=0.11, delays=0.02/0.05/0/0.04, dsn=4.3.0, status=deferred (temporary failure. Command output: local: fatal: execvp /usr/bin/procmail: No such file or directory ) 没有/usr/bin这个目录在main.cf中去掉即可。
 
Apr  2 00:15:53 zh888 dovecot: pop3-login: Disconnected (tried to use disabled plaintext auth): rip=192.168.40.41, lip=192.168.40.40//在dovecot.conf中添加disable_plaintext_auth = no参数

Apr  5 22:21:49 zh888 dovecot: imap-login: Disconnected (auth failed, 1 attempts): user=<zh888@zh888.com>, method=PLAIN, rip=192.168.40.41, lip=192.168.40.40
Apr  5 22:21:49 zh888 dovecot: imap-login: Disconnected (auth failed, 1 attempts): user=<zh888@zh888.com>, method=PLAIN, rip=192.168.40.41, lip=192.168.40.40
Apr  5 22:21:49 zh888 dovecot: imap-login: Disconnected (auth failed, 1 attempts): user=<zh888@zh888.com>, method=PLAIN, rip=192.168.40.41, lip=192.168.40.40
    用foxmail测试是正常的,但是接收文件的时候虽然提示完成,但是没有接收下来,不知道为什么?但是为什么会断开连接,auth错误,到底是什么地方出现问题,还是foxmail根本就用不了,还是自己配置dovecot.conf文件出错,希望网友提出宝贵的意见。自己也查询了互联网别人说可能用rpm软件包安装就会出现这个问题,要用tar.gz包编译安装就不会出现这个问题,但是也不十分肯定。
 
 
 
 
SASL认证失败的原因可分为如下几个可能的方面:
 
Permission问题:对系统用户的SASL Auth尤其重要,要保证postfix用户(smtpd)对/etc/shadow有读权限,这必须将postfix加到root组并将shadow文件的组权限加到可读,但这毕竟有些危险,建议不要使用系统用户认证特性;另一方面,如果是用pam(例如pam_mysql, pam_ldap等),特别注意/etc/pam.d/smtp文件(Linux系统)对postfix用户也必须是可读,否则照样会造成认证失败的原因。
配置问题:如果使用pam_ldap, pam_mysql,那么要注意/usr/lib/sasl/smtpd.conf或/usr/lib/sasl2/smtpd.conf的内容不要写错,应该为pwcheck_method: pam 另外/etc/ldap.conf(pam_ldap)及pam_mysql的配置文件一权限要对,二配置必须正确,否则一样无法认证通过。
链接问题:主要指编译Postfix时将Postfix连接到错误的sasl 库,这在cyrus2.x里更加明显,一般linux发行版的cyrus 2.0.x其实是1.5.x及2.0.x的集成版,因此编译Postfix时如果连接到sasl1.x而smtpd.conf却放在/usr/lib/sasl2下那么认证无论如何都不会成功,请注意这点
 
centOS6下bind的rdnc 问题: 找不到/etc/rndc.key文件?我的系统是CentOS6 , bind 用的是rpm安装的,用rndc-confgen -a 生成/etc/rndc.key后,再用 rndc-confgen > /etc/rndc.conf文件,用 tail -13 /etc/rndc.conf >> /etc/named.conf 把 rndc.conf的最后添加到named.conf,并在named.conf中去掉了相关的注释,named-checkconf没问题