基于虚拟账号的邮件服务器

一.虚拟账号

顾明思意，在本地账号库中并不存在的账号为虚拟账号。在服务器内部会将虚拟账号映射成为一个本地账号在邮件服务器上进行操作。对于用户来说并没有任何影响。避免网络抓包得到账号密码。这样可以提高服务器的安全性。

二.lamp环境

linux+apache+mysql+php 环境大搭建。提供一个web方式访问。mysql用来存放账号。并映射使用postfix账户进行操作。使用web方式登录并进行管理。

第一步：安装lamp环境

Yum  install  httpd php php-mysql mysql mysql-server mysql-devel openssl-devel dovecot perl-DBD-MySQL tcl tcl-devel libart_lgpl libart_lgpl-devel libtool-ltdl  libtool-ltdl-devel expect

第二步：源码安装postfix

[root@mail ~]# groupadd -g 2525 postfix

[root@mail ~]# useradd -g postfix -u 2525 -s /sbin/nologin  -M postfix

[root@mail ~]# groupadd -g 2525 postdrop

[root@mail ~]# useradd -g postdrop -u 2525 -s /sbin/nologin  -M postdrop

[root@mail ~]# cd /usr/local/src/postfix-2.8.2/

[root@mail postfix-2.8.2]# make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I /usr/include/sasl  -DUSE_TLS ' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib/sasl2 -lsasl2   -lssl -lcrypto'

[root@mail postfix-2.8.2]# make && make install

tempdir: [/usr/local/src/postfix-2.8.2] /tmp

html_directory: [no] /var/www/postfix_html

生成别名二进制文件，这个步骤如果忽略，会造成postfix效率极低：

[root@mail postfix-2.8.2]# newaliases

[root@mail ~]# service postfix start

Starting postfix:                                          [  OK  ]

[root@mail postfix]# postconf  -a  //查看邮件服务器支持的类型

cyrus

dovecot

第三步：在postfix中添加认证功能

669 ################CYRUS-SASL###################

670 broken_sasl_auth_clients = yes

671 smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_    invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_no    n_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_u    nauth_pipelining,reject_unauth_destination

672 smtpd_sasl_auth_enable = yes  //启用验证

673 smtpd_sasl_local_domain = $myhostname

674 smtpd_sasl_security_options = noanonymous  //不允许匿名登录

675 smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!

[root@mail postfix]# cd /usr/lib/sasl2/     //切换到 sasl 配置模式模式下的

[root@mail postfix]# mv Sendmail.conf smtpd.conf  //直接修改配置文件的名称

内容如下：

[root@mail sasl2]# vim smtpd.conf

  1 pwcheck_method:saslauthd

  2 mech_list:PLAIN LOGIN

[root@mail sasl2]# service saslauthd   restart

Stopping saslauthd:                                        [  OK  ]

Starting saslauthd:                                         [  OK  ]

[root@mail sasl2]# chkconfig --list saslauthd

saslauthd       0:off 1:off 2:on 3:on 4:on 5:on 6:off

测试验证方式

[root@mail sasl2]# telnet 127.0.0.1 25

Trying 127.0.0.1...

Connected to localhost (127.0.0.1).

Escape character is '^]'.

220 Welcome to our mail.huawei.com ESMTP,Warning: Version not Available!

EHLO 127.0.0.1

250-mail.huawei.com

250-PIPELINING

250-SIZE 10240000

250-VRFY

250-ETRN

250-AUTH LOGIN PLAIN   //验证已经生效

250-AUTH=LOGIN PLAIN

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

第四步：安装认证模块Courier authentication library

[root@mail ~]# tar -jxvf courier-authlib-0.63.1.20111230.tar.bz2 -C  /usr/local/src/

[root@mail ~]# cd  /usr/local/src/courier-authlib-0.63.1.20111230/

[root@mail courier-authlib-0.63.1.20111230]# ./configure --prefix=/usr/local/courier-authlib --sysconfdir=/etc --with-authmysql --with-mysql-libs=/usr/lib/mysql --with-mysql-includes=/usr/include/mysql --with-redhat --with-authmysqlrc=/etc/authmysqlrc --with-authdaemonrc=/etc/authdaemonrc --with-ltdl-lib=/usr/lib --with-ltdl-include=/usr/include

[root@mail courier-authlib-0.63.1.20111230]# make && make install

chmod 755 /usr/local/courier-authlib/var/spool/authdaemon

[root@mail courier-authlib-0.63.1.20111230]# cp /etc/authdaemonrc.dist /etc/authdaemonrc

[root@mail courier-authlib-0.63.1.20111230]# cp /etc/authmysqlrc.dist /etc/authmysqlrc

[root@mail courier-authlib-0.63.1.20111230]# vim /etc/authdaemonrc //修改如下行

27 authmodulelist="authmysql"

34 authmodulelistorig="authmysql"

53 daemons=10

[root@mail ~]# vim /etc/authmysqlrc  //修改关于数据库的设置

26 MYSQL_SERVER            localhost

27 MYSQL_USERNAME          extmail

28 MYSQL_PASSWORD          extmial

49 MYSQL_SOCKET            /var/lib/mysql/mysql.sock

56 MYSQL_PORT              3306

68 MYSQL_DATABASE          extmail

83 MYSQL_USER_TABLE        mailbox

92 MYSQL_CRYPT_PWFIELD     password

113 MYSQL_UID_FIELD         2525

119 MYSQL_GID_FIELD         2525

128 MYSQL_LOGIN_FIELD       username

133 MYSQL_HOME_FIELD        concat('/var/mailbox/',homedir)

150 MYSQL_MAILDIR_FIELD     concat('/var/mailbox/',maildir)

[root@mail courier-authlib-0.63.1.20111230]# cp courier-authlib.sysvinit /etc/init.d/courier-authlib

[root@mail courier-authlib-0.63.1.20111230]# chmod 755 /etc/init.d/courier-authlib

[root@mail courier-authlib-0.63.1.20111230]# chkconfig --add  courier-authlib

[root@mail courier-authlib-0.63.1.20111230]# chkconfig   courier-authlib  on

[root@mail courier-authlib-0.63.1.20111230]# chkconfig --list  courier-authlib

courier-authlib 0:off 1:off 2:on 3:on 4:on 5:on 6:off

[root@mail courier-authlib-0.63.1.20111230]# service courier-authlib start

Starting Courier authentication services: authdaemond

[root@mail ~]# echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf.d/courier-authlib.conf

[root@mail ~]# ldconfig -v

/usr/local/courier-authlib/lib/courier-authlib:

libauthmysql.so -> libauthmysql.so.0

libcourierauthsasl.so -> libcourierauthsasl.so.0

libcourierauthcommon.so -> libcourierauthcommon.so.0

libcourierauthsaslclient.so -> libcourierauthsaslclient.so.0

libauthuserdb.so -> libauthuserdb.so.0

libauthcustom.so -> libauthcustom.so.0

libcourierauth.so -> libcourierauth.so.0

libauthpipe.so -> libauthpipe.so.0

libauthpam.so -> libauthpam.so.0

[root@mail ~]# service courier-authlib  restart

Stopping Courier authentication services: authdaemond

Starting Courier authentication services: authdaemond

[root@mail ~]# mkdir  -pv  /var/mailbox

mkdir: created directory `/var/mailbox'

[root@mail ~]# chown -R postfix /var/mailbox

[root@mail ~]# vim /usr/lib/sasl2/smtpd.conf

  1 pwcheck_method: authdaemond

  2 mech_list:PLAIN LOGIN

  3 authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket

第五步：设置postfix支持虚拟账号

[root@mail ~]# vim /etc/postfix/main.cf

679 #######################Virtual Mailbox Settings########################

680 virtual_mailbox_base = /var/mailbox

681 virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf

682 virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf

684 virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf

685 virtual_uid_maps = static:2525

686 virtual_gid_maps = static:2525

687 virtual_transport = virtual

688 maildrop_destination_recipient_limit = 1

689 maildrop_destination_concurrency_limit = 1

690 ##########################QUOTA Settings########################

691 message_size_limit = 14336000

692 virtual_mailbox_limit = 20971520

693 virtual_create_maildirsize = yes

694 virtual_mailbox_extended = yes

695 virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf

696 virtual_mailbox_limit_override = yes

697 virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please Tidy your mailbox and try aga    in later.

698 virtual_overquota_bounce = yes

第六步：导入extmail的mysql数据库数据

[root@mail ~]# tar zxvf extman-1.1.tar.gz

[root@mail docs]# cd  extman-1.1

[root@mail docs]# cd docs/

[root@mail docs]# mysql  -u root -p <extmail.sql

Enter password:

[root@mail docs]# mysql  -u root -p &lt;init.sql

Enter password:

[root@mail docs]# cp mysql*  /etc/postfix/

[root@mail docs]# mysql -u root -p

Enter password:

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 6

Server version: 5.0.77 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> show databases;

+--------------------+

| Database           |

+--------------------+

| information_schema |

| extmail            |

| mysql              |

| test               |

+--------------------+

4 rows in set (0.03 sec)

mysql&gt; \q

Bye

[root@mail docs]# mysql -u root -p

Enter password:

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 7

Server version: 5.0.77 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer. //为本地的extmail账号登陆指定密码

mysql&gt; GRANT all privileges on extmail.* TO extmail@localhost IDENTIFIED BY 'extmail ';

Query OK, 0 rows affected (0.00 sec) //为本地的extmail账号登陆指定密码

mysql&gt; GRANT all privileges on extmail.* TO extmail@127.0.0.1 IDENTIFIED BY 'extmail ';

Query OK, 0 rows affected (0.00 sec)

mysql&gt; FLUSH PRIVILEGES ; //使得配置生效

Query OK, 0 rows affected (0.00 sec)

mysql&gt; \q

Bye

第七步：将设置postfix使用mysql方式存放信息

vi /etc/dovecot.conf  //修改如下行

211 mail_location = maildir:/var/mailbox/%d/%n/Maildir

禁用如下内容的行

795  # passdb pam {

828   #}

896  # userdb passwd {

903   #}

启用如下内容的行

869   passdb sql {

871     args = /etc/dovecot-mysql.conf

872   }

930   userdb sql {

932     args = /etc/dovecot-mysql.conf

933   }

[root@mail ~]# vim /etc/dovecot-mysql.conf

  1 driver = mysql

  2 connect = host=localhost dbname=extmail user=extmail password=extmail

  3 default_pass_scheme = CRYPT

  4 password_query = SELECT username AS user,password AS password FROM mailbox

  5 WHERE username = '%u'

  6 user_query = SELECT maildir, uidnumber AS uid, gidnumber AS gid FROM mailbox WH    ERE username = '%u'

[root@mail ~]# vim /etc/postfix/main.cf

410 home_mailbox = Maildir/

[root@mail ~]# service dovecot restart

Stopping Dovecot Imap:                                     [  OK  ]

Starting Dovecot Imap:                                     [  OK  ]

[root@mail docs]# service  postfix restart

Shutting down postfix:                                     [  OK  ]

Starting postfix:                                          [  OK  ]

第八步：安装 extmail及extman

[root@mail ~]# tar -zxvf extmail-1.2.tar.gz

[root@mail ~]# mkdir -pv /var/www/extsuite

mkdir: created directory `/var/www/extsuite'

[root@mail ~]# mv extman-1.1  /var/www/extsuite/extman

[root@mail ~]# mv extmail-1.2  /var/www/extsuite/extmail

[root@mail extmail]# pwd

/var/www/extsuite/extmail

[root@mail extmail]# cp webmail.cf.default webmail.cf

77 SYS_USER_LANG = zh_CN

127 SYS_MAILDIR_BASE = /var/mailbox

139 SYS_MYSQL_USER = extmail

140 SYS_MYSQL_PASS = extmail

197 SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket

第九步：将extmail ，extman与apache服务器结合起来

[root@mail extmail]# vim /etc/httpd/conf/httpd.conf

231 User postfix

232 Group postfix

992 <VirtualHost 192.168.10.244:80>

993  ServerAdmin  root@huawei.com 994

994     DocumentRoot      /var/www/extsuite/extmail/html/

995     ScriptAlias /extmail/cgi  /var/www/extsuite/extmail/cgi

996     ServerName www.abc.com

997     Alias  /extmail  /var/www/extsuite/extmail/html

998     ErrorLog logs/huawei-error_log

999     CustomLog logs/huawei-access_log common

1000 </VirtualHost>

[root@mail extmail]# chown  -R postfix.postfix /var/www/extsuite/extmail/cgi/

[root@mail extman]# cp webman.cf.default webman.cf

[root@mail extman]# vim webman.cf

[root@mail extman]# chown  -R postfix.postfix /var/www/extsuite/extman/cgi/

[root@mail extman]# vim /etc/httpd/conf/httpd.conf

992 <VirtualHost 192.168.10.244:80>

993     ServerAdmin  root@huawei.com

994     DocumentRoot /var/www/extsuite/extmail/html/

995     ScriptAlias /extmail/cgi  /var/www/extsuite/extmail/cgi

996     ServerName www.huawei.com

997     Alias  /extmail  /var/www/extsuite/extmail/html

998     ScriptAlias /extman/cgi   /var/www/extsuite/extman/cgi

999     Alias /extman /var/www/extsuite/extman/html

1000     ErrorLog logs/huawei-error_log

1001     CustomLog logs/huawei-access_log common

1002 </VirtualHost>

[root@mail extmail]# service httpd restart

Stopping httpd:                                            [  OK  ]

Starting httpd:                                            [  OK  ]

第十步：添加一个关于log日志的补丁

[root@mail ~]# tar zxvf Unix-Syslog-1.1.tar.gz

[root@mail Unix-Syslog-1.1]# perl Makefile.PL

[root@mail Unix-Syslog-1.1]# make

[root@mail Unix-Syslog-1.1]# make install

vim /etc/postfic/main.cf  //禁掉如下行

156 #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

             嗯，韩宇说的对！！！