一.虚拟账号
顾明思意,在本地账号库中并不存在的账号为虚拟账号。在服务器内部会将虚拟账号映射成为一个本地账号在邮件服务器上进行操作。对于用户来说并没有任何影响。避免网络抓包得到账号密码。这样可以提高服务器的安全性。
二.lamp环境
linux+apache+mysql+php 环境大搭建。提供一个web方式访问。mysql用来存放账号。并映射使用postfix账户进行操作。使用web方式登录并进行管理。
第一步:安装lamp环境
Yum install httpd php php-mysql mysql mysql-server mysql-devel openssl-devel dovecot perl-DBD-MySQL tcl tcl-devel libart_lgpl libart_lgpl-devel libtool-ltdl libtool-ltdl-devel expect
第二步:源码安装postfix
[root@mail ~]# groupadd -g 2525 postfix
[root@mail ~]# useradd -g postfix -u 2525 -s /sbin/nologin -M postfix
[root@mail ~]# groupadd -g 2525 postdrop
[root@mail ~]# useradd -g postdrop -u 2525 -s /sbin/nologin -M postdrop
[root@mail ~]# cd /usr/local/src/postfix-2.8.2/
[root@mail postfix-2.8.2]# make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I /usr/include/sasl -DUSE_TLS ' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib/sasl2 -lsasl2 -lssl -lcrypto'
[root@mail postfix-2.8.2]# make && make install
tempdir: [/usr/local/src/postfix-2.8.2] /tmp
html_directory: [no] /var/www/postfix_html
生成别名二进制文件,这个步骤如果忽略,会造成postfix效率极低:
[root@mail postfix-2.8.2]# newaliases
[root@mail ~]# service postfix start
Starting postfix: [ OK ]
[root@mail postfix]# postconf -a //查看邮件服务器支持的类型
cyrus
dovecot
第三步:在postfix中添加认证功能
669 ################CYRUS-SASL###################
670 broken_sasl_auth_clients = yes
671 smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_ invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_no n_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_u nauth_pipelining,reject_unauth_destination
672 smtpd_sasl_auth_enable = yes //启用验证
673 smtpd_sasl_local_domain = $myhostname
674 smtpd_sasl_security_options = noanonymous //不允许匿名登录
675 smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!
[root@mail postfix]# cd /usr/lib/sasl2/ //切换到 sasl 配置模式模式下的
[root@mail postfix]# mv Sendmail.conf smtpd.conf //直接修改配置文件的名称
内容如下:
[root@mail sasl2]# vim smtpd.conf
1 pwcheck_method:saslauthd
2 mech_list:PLAIN LOGIN
[root@mail sasl2]# service saslauthd restart
Stopping saslauthd: [ OK ]
Starting saslauthd: [ OK ]
[root@mail sasl2]# chkconfig --list saslauthd
saslauthd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
测试验证方式
[root@mail sasl2]# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
Escape character is '^]'.
220 Welcome to our mail.huawei.com ESMTP,Warning: Version not Available!
EHLO 127.0.0.1
250-mail.huawei.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN //验证已经生效
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
第四步:安装认证模块Courier authentication library
[root@mail ~]# tar -jxvf courier-authlib-0.63.1.20111230.tar.bz2 -C /usr/local/src/
[root@mail ~]# cd /usr/local/src/courier-authlib-0.63.1.20111230/
[root@mail courier-authlib-0.63.1.20111230]# ./configure --prefix=/usr/local/courier-authlib --sysconfdir=/etc --with-authmysql --with-mysql-libs=/usr/lib/mysql --with-mysql-includes=/usr/include/mysql --with-redhat --with-authmysqlrc=/etc/authmysqlrc --with-authdaemonrc=/etc/authdaemonrc --with-ltdl-lib=/usr/lib --with-ltdl-include=/usr/include
[root@mail courier-authlib-0.63.1.20111230]# make && make install
chmod 755 /usr/local/courier-authlib/var/spool/authdaemon
[root@mail courier-authlib-0.63.1.20111230]# cp /etc/authdaemonrc.dist /etc/authdaemonrc
[root@mail courier-authlib-0.63.1.20111230]# cp /etc/authmysqlrc.dist /etc/authmysqlrc
[root@mail courier-authlib-0.63.1.20111230]# vim /etc/authdaemonrc //修改如下行
27 authmodulelist="authmysql"
34 authmodulelistorig="authmysql"
53 daemons=10
[root@mail ~]# vim /etc/authmysqlrc //修改关于数据库的设置
26 MYSQL_SERVER localhost
27 MYSQL_USERNAME extmail
28 MYSQL_PASSWORD extmial
49 MYSQL_SOCKET /var/lib/mysql/mysql.sock
56 MYSQL_PORT 3306
68 MYSQL_DATABASE extmail
83 MYSQL_USER_TABLE mailbox
92 MYSQL_CRYPT_PWFIELD password
113 MYSQL_UID_FIELD 2525
119 MYSQL_GID_FIELD 2525
128 MYSQL_LOGIN_FIELD username
133 MYSQL_HOME_FIELD concat('/var/mailbox/',homedir)
150 MYSQL_MAILDIR_FIELD concat('/var/mailbox/',maildir)
[root@mail courier-authlib-0.63.1.20111230]# cp courier-authlib.sysvinit /etc/init.d/courier-authlib
[root@mail courier-authlib-0.63.1.20111230]# chmod 755 /etc/init.d/courier-authlib
[root@mail courier-authlib-0.63.1.20111230]# chkconfig --add courier-authlib
[root@mail courier-authlib-0.63.1.20111230]# chkconfig courier-authlib on
[root@mail courier-authlib-0.63.1.20111230]# chkconfig --list courier-authlib
courier-authlib 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@mail courier-authlib-0.63.1.20111230]# service courier-authlib start
Starting Courier authentication services: authdaemond
[root@mail ~]# echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf.d/courier-authlib.conf
[root@mail ~]# ldconfig -v
/usr/local/courier-authlib/lib/courier-authlib:
libauthmysql.so -> libauthmysql.so.0
libcourierauthsasl.so -> libcourierauthsasl.so.0
libcourierauthcommon.so -> libcourierauthcommon.so.0
libcourierauthsaslclient.so -> libcourierauthsaslclient.so.0
libauthuserdb.so -> libauthuserdb.so.0
libauthcustom.so -> libauthcustom.so.0
libcourierauth.so -> libcourierauth.so.0
libauthpipe.so -> libauthpipe.so.0
libauthpam.so -> libauthpam.so.0
[root@mail ~]# service courier-authlib restart
Stopping Courier authentication services: authdaemond
Starting Courier authentication services: authdaemond
[root@mail ~]# mkdir -pv /var/mailbox
mkdir: created directory `/var/mailbox'
[root@mail ~]# chown -R postfix /var/mailbox
[root@mail ~]# vim /usr/lib/sasl2/smtpd.conf
1 pwcheck_method: authdaemond
2 mech_list:PLAIN LOGIN
3 authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket
第五步:设置postfix支持虚拟账号
[root@mail ~]# vim /etc/postfix/main.cf
679 #######################Virtual Mailbox Settings########################
680 virtual_mailbox_base = /var/mailbox
681 virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
682 virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
684 virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
685 virtual_uid_maps = static:2525
686 virtual_gid_maps = static:2525
687 virtual_transport = virtual
688 maildrop_destination_recipient_limit = 1
689 maildrop_destination_concurrency_limit = 1
690 ##########################QUOTA Settings########################
691 message_size_limit = 14336000
692 virtual_mailbox_limit = 20971520
693 virtual_create_maildirsize = yes
694 virtual_mailbox_extended = yes
695 virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
696 virtual_mailbox_limit_override = yes
697 virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please Tidy your mailbox and try aga in later.
698 virtual_overquota_bounce = yes
第六步:导入extmail的mysql数据库数据
[root@mail ~]# tar zxvf extman-1.1.tar.gz
[root@mail docs]# cd extman-1.1
[root@mail docs]# cd docs/
[root@mail docs]# mysql -u root -p <extmail.sql
Enter password:
[root@mail docs]# mysql -u root -p <init.sql
Enter password:
[root@mail docs]# cp mysql* /etc/postfix/
[root@mail docs]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.0.77 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| extmail |
| mysql |
| test |
+--------------------+
4 rows in set (0.03 sec)
mysql> \q
Bye
[root@mail docs]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.0.77 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the buffer. //为本地的extmail账号登陆指定密码
mysql> GRANT all privileges on extmail.* TO extmail@localhost IDENTIFIED BY 'extmail ';
Query OK, 0 rows affected (0.00 sec) //为本地的extmail账号登陆指定密码
mysql> GRANT all privileges on extmail.* TO extmail@127.0.0.1 IDENTIFIED BY 'extmail ';
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES ; //使得配置生效
Query OK, 0 rows affected (0.00 sec)
mysql> \q
Bye
第七步:将设置postfix使用mysql方式存放信息
vi /etc/dovecot.conf //修改如下行
211 mail_location = maildir:/var/mailbox/%d/%n/Maildir
禁用如下内容的行
795 # passdb pam {
828 #}
896 # userdb passwd {
903 #}
启用如下内容的行
869 passdb sql {
871 args = /etc/dovecot-mysql.conf
872 }
930 userdb sql {
932 args = /etc/dovecot-mysql.conf
933 }
[root@mail ~]# vim /etc/dovecot-mysql.conf
1 driver = mysql
2 connect = host=localhost dbname=extmail user=extmail password=extmail
3 default_pass_scheme = CRYPT
4 password_query = SELECT username AS user,password AS password FROM mailbox
5 WHERE username = '%u'
6 user_query = SELECT maildir, uidnumber AS uid, gidnumber AS gid FROM mailbox WH ERE username = '%u'
[root@mail ~]# vim /etc/postfix/main.cf
410 home_mailbox = Maildir/
[root@mail ~]# service dovecot restart
Stopping Dovecot Imap: [ OK ]
Starting Dovecot Imap: [ OK ]
[root@mail docs]# service postfix restart
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
第八步:安装 extmail及extman
[root@mail ~]# tar -zxvf extmail-1.2.tar.gz
[root@mail ~]# mkdir -pv /var/www/extsuite
mkdir: created directory `/var/www/extsuite'
[root@mail ~]# mv extman-1.1 /var/www/extsuite/extman
[root@mail ~]# mv extmail-1.2 /var/www/extsuite/extmail
[root@mail extmail]# pwd
/var/www/extsuite/extmail
[root@mail extmail]# cp webmail.cf.default webmail.cf
77 SYS_USER_LANG = zh_CN
127 SYS_MAILDIR_BASE = /var/mailbox
139 SYS_MYSQL_USER = extmail
140 SYS_MYSQL_PASS = extmail
197 SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket
第九步:将extmail ,extman与apache服务器结合起来
[root@mail extmail]# vim /etc/httpd/conf/httpd.conf
231 User postfix
232 Group postfix
992 <VirtualHost 192.168.10.244:80>
993 ServerAdmin root@huawei.com 994
994 DocumentRoot /var/www/extsuite/extmail/html/
995 ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
996 ServerName www.abc.com
997 Alias /extmail /var/www/extsuite/extmail/html
998 ErrorLog logs/huawei-error_log
999 CustomLog logs/huawei-access_log common
1000 </VirtualHost>
[root@mail extmail]# chown -R postfix.postfix /var/www/extsuite/extmail/cgi/
[root@mail extman]# cp webman.cf.default webman.cf
[root@mail extman]# vim webman.cf
[root@mail extman]# chown -R postfix.postfix /var/www/extsuite/extman/cgi/
[root@mail extman]# vim /etc/httpd/conf/httpd.conf
992 <VirtualHost 192.168.10.244:80>
993 ServerAdmin root@huawei.com
994 DocumentRoot /var/www/extsuite/extmail/html/
995 ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
996 ServerName www.huawei.com
997 Alias /extmail /var/www/extsuite/extmail/html
998 ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi
999 Alias /extman /var/www/extsuite/extman/html
1000 ErrorLog logs/huawei-error_log
1001 CustomLog logs/huawei-access_log common
1002 </VirtualHost>
[root@mail extmail]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
第十步:添加一个关于log日志的补丁
[root@mail ~]# tar zxvf Unix-Syslog-1.1.tar.gz
[root@mail Unix-Syslog-1.1]# perl Makefile.PL
[root@mail Unix-Syslog-1.1]# make
[root@mail Unix-Syslog-1.1]# make install
vim /etc/postfic/main.cf //禁掉如下行
156 #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
嗯,韩宇说的对!!!