本文源出处:
邮件系统可以算是目前比较麻烦的互联网应用。由于各种垃圾邮件的横行,ISP和其他的邮箱提供者对邮件都有着很多限制。要玩转邮件系统,对于DNS系统,openrelay,网络黑名单,垃圾邮件过虑等各种规则都需要有一定程度的了解。
这是一副经典的邮件收发的流程图,清晰的描述了整个邮件收发的过程
整体架构简介
本文基于postfix+cyrus-sasl+extmail+mysql来架设一个功能较为完整的企业级邮件系统。
笔者水平有限,有不对之处还请路过的高手不吝赐教
在MTA系统中,sendmaill由于其苦涩的配置文件,安全性,效率。。。更多的缺点就不一一道来了。。。现在用的比较多的MTA系统还是当属改良sendmail之后的postfix
而postfix是不支持认证功能的,需要借助saslauthd 认证框架,结合pam的认证功能实现用户的认证。
这里借助cyrus-sasl来进行用户的认证。 cyrus-sasl本身不支持mysql和ldap的,要结合mysql需要还借助courier-authlib库来实现mysql的虚拟用户认证。
最后用extmail这个开源免费的webmail来做一个网页接口,让邮件系统可以使用web的方式访问
整个实现的流程图
实现过程
step1:环境安装
首先要安装整个开发环境,此外postfix和其它组件还需要依赖以下几个包 tcl,tcl-devel,libart_lgpl,libart_lgpl-devel,libtool-ltdl,libtool-ltdl-devel,expect
为extmail实现服务还需要安装web服务,这里使用apache 这些包用yum安装即可
[root@mail ~]# yum install tcl tcl-devel libart_lgpl libart_lgpl-devel libtool-ltdl libtool-ltdl-devel expect httpd –y
step2:安装mysql
由于在编译安装postfix的时候要指定mysql的路径,所以先安装好mysql,这里用绿色安装的方式安装mysql
添加mysql用户和用户组
[root@mail ~]# groupadd -r mysql
[root@mail ~]# useradd -r -d /mysql/data -s /sbin/nologin -g mysql -M mysql
解压安装mysql
[root@mail ~]# tar xf mysql-5.5.22-linux2.6-i686.tar.gz -C /usr/local/
[root@mail local]# ln -sv mysql-5.5.22-linux2.6-i686 mysql
[root@mail mysql]# scripts/mysql_install_db --user=mysql --datadir=/mysql/data
在此之前不要忘记创建数据目录并把所属用户和用户组改为mysql 复制启动脚本和配置文件
[root@mail mysql]# cp support-files/mysql.server /etc/rc.d/init.d/mysqld
[root@mail mysql]# cp support-files/my-large.cnf /etc/my.cnf 加载头文件和库文件(关键,安装postfix需要读取相关库文件)
[root@mail mysql]# ln -sv /usr/local/mysql/include /usr/include/mysql
[root@mail mysql]# echo "/usr/local/mysql/lib/" > /etc/ld.so.conf.d/mysql.conf 添加mysql的PATH命令路径
[root@mail mysql]# vi /etc/profile PATH=$PATH:/usr/local/mysql/bin
[root@mail mysql]# . /etc/profile
step3:安装postfix 添加对应用户
[root@mail ~]# groupadd -g 1024 postfix
[root@mail ~]# useradd -g postfix -u 1024 -s /sbin/nologin -M postfix
[root@mail ~]# groupadd -g 1025 postdrop
[root@mail ~]# useradd -g postdrop -u 1025 -s /sbin/nologin -M postdrop
解压编译安装 安装之前确保安装开发包时已经安装cyrus-sasl相关包
[root@mail ~]# tar xf postfix-2.9.1.tar.gz
[root@mail ~]# cd postfix-2.9.1
[root@mail postfix-2.9.1]# make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DUSE_TLS ' 'AUXLIBS=-L/usr/local/mysql/lib -lmysqlclient -lz -lm -L/usr/lib/sasl2 -lsasl2 -lssl –lcrypto'
[root@mail postfix-2.9.1]# make
[root@mail postfix-2.9.1]# make install
安装的时候会要求输入相关选项 一般按照默认就行了,
html_directory: [no] /var/www/html/postfix 此选项可以指定apache的网页路径,可以通过web查看postfix帮助文档
添加SysV服务脚本
#!/bin/bash
# # postfix Postfix Mail Transfer Agent # # chkconfig: 2345 80 30 # description: Postfix is a Mail Transport Agent, which is the program \ # that moves mail from one machine to another. # processname: master # pidfile: /var/spool/postfix/pid/master.pid # config: /etc/postfix/main.cf # config: /etc/postfix/master.cf# Source function library.
. /etc/rc.d/init.d/functions# Source networking configuration.
. /etc/sysconfig/network# Check that networking is up.
[ $NETWORKING = "no" ] && exit 3[ -x /usr/sbin/postfix ] || exit 4
[ -d /etc/postfix ] || exit 5 [ -d /var/spool/postfix ] || exit 6RETVAL=0
prog=”postfix”start() {
# Start daemons. echo -n $”Starting postfix: ” /usr/bin/newaliases >/dev/null 2>&1 /usr/sbin/postfix start 2>/dev/null 1>&2 && success || failure $”$prog start” RETVAL=$? [ $RETVAL -eq 0 ] && touch /var/lock/subsys/postfix echo return $RETVAL }stop() {
# Stop daemons. echo -n $”Shutting down postfix: ” /usr/sbin/postfix stop 2>/dev/null 1>&2 && success || failure $”$prog stop” RETVAL=$? [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/postfix echo return $RETVAL }reload() {
echo -n $”Reloading postfix: ” /usr/sbin/postfix reload 2>/dev/null 1>&2 && success || failure $”$prog reload” RETVAL=$? echo return $RETVAL }abort() {
/usr/sbin/postfix abort 2>/dev/null 1>&2 && success || failure $”$prog abort” return $? }flush() {
/usr/sbin/postfix flush 2>/dev/null 1>&2 && success || failure $”$prog flush” return $? }check() {
/usr/sbin/postfix check 2>/dev/null 1>&2 && success || failure $”$prog check” return $? }restart() {
stop start }# See how we were called.
case “$1″ in start) start ;; stop) stop ;; restart) stop start ;; reload) reload ;; abort) abort ;; flush) flush ;; check) check ;; status) status master ;; condrestart) [ -f /var/lock/subsys/postfix ] && restart || : ;; *) echo $”Usage: $0 {start|stop|restart|reload|abort|flush|check|status|condrestart}” exit 1 esacexit $?
step4:构建DNS服务
为了方便我就直接在本机安装dns服务了
[root@mail ~]# yum install bind –y
具体的dns配置步骤不再列出,这里给出的我配置
name.conf
lustlost.com.zone
172.16.zone
修改resolv.conf ,dns服务器为本机 测试下MX解析
step6:安装dovecot作为MRA
[root@mail ~]# yum install dovecot –y
编辑/etc/dovecot.conf 修改protocol = imap pop3 service dovecot start 就OK了
step7:整合SASL实现虚拟用户认证
postfix本身没有SASL模块,需要整合cyrus-sasl来实现认证,而cyrus-sasl对mysql的认证功能比较简陋,所以还需要借助courier-authlib库和mysql交互。
而dovecot可以直接和mysql交互,而不需要借助于cyrus-sasl
整体的流程在本文开头的图中有详细的描述
先安装courier-authlib让cyrus-sasl更好的支持mysql
[root@mail ~]# tar xf courier-authlib-0.62.4.tar.bz2
[root@mail ~]# cd courier-authlib-0.62.4
[root@mail courier-authlib-0.62.4]# ./configure \
–prefix=/usr/local/courier-authlib \ –sysconfdir=/etc \ –without-authpam \ –without-authshadow \ –without-authvchkpw \ –without-authpgsql \ –with-authmysql \ –with-mysql-libs=/usr/local/mysql/lib \ –with-mysql-includes=/usr/local/mysql/include \ –with-redhat \ –with-authmysqlrc=/etc/authmysqlrc \ –with-authdaemonrc=/etc/authdaemonrc \ –with-mailuser=postfix \ –with-mailgroup=postfix \ –with-ltdl-lib=/usr/lib[root@mail courier-authlib-0.62.4]# make&&make install
提供courier-authlib的SysV风格脚本,安装目录下有此脚本,cp过去就OK了
[root@mail courier-authlib-0.62.4]# cp courier-authlib.sysvinit /etc/rc.d/init.d/courier-authlib
加入服务列表并开机自启动
[root@mail courier-authlib-0.62.4]# chkconfig –add courier-authlib
[root@mail courier-authlib-0.62.4]# chkconfig !$ on可以将库文件载入系统库
[root@mail courier-authlib-0.62.4]# echo “/usr/local/courier-authlib/lib/courier-authlib” > /etc/ld.so.conf.d/local.conf
[root@mail courier-authlib-0.62.4]# ldconfig
提供配置文件
[root@mail courier-authlib-0.62.4]# cp /etc/authdaemonrc.dist /etc/authdaemonrc
[root@mail courier-authlib-0.62.4]# cp /etc/authmysqlrc.dist /etc/authmysqlrc编辑authmysqlrc修改以下内容(各个字段和extmail创建的数据库是相连的,所以都要按照extmail的数据库字段来修改)
注意指定好mysql.sock文件路径 然后修改authdaemonrc让courier-authlib使用mysql来认证(courier-authlib单单只可以使用mysql,也可以使用ldap)
[root@mail ~]# service courier-authlib start 然后配置SASL来支持courier-authlib
step8:配置postfix支持SASL认证和虚拟用户
[root@mail ~]# grep -v “^#” /etc/postfix/main.cf | grep -v “^$”
######全局的配置项########
queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix mail_owner = postfix mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain, www.$mydomain, ftp.$mydomain unknown_local_recipient_reject_code = 550 mynetworks = 127.0.0.0/8 debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq setgid_group = postdrop html_directory = /var/www/html/postfix manpage_directory = /usr/local/man sample_directory = /etc/postfix readme_directory = no inet_protocols = ipv4
#####支持CYRUS-SASL认证配置项#####
broken_sasl_auth_clients = yes smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sasl_application_name = smtpd smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!
######虚拟用户配置项###########
virtual_mailbox_base = /var/mailbox virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_alias_domains = virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_uid_maps = static:2525 virtual_gid_maps = static:2525 virtual_transport = virtual maildrop_destination_recipient_limit = 1 maildrop_destination_concurrency_limit = 1########磁盘配额配置项##############
message_size_limit = 14336000
virtual_mailbox_limit = 20971520 virtual_create_maildirsize = yes virtual_mailbox_extended = yes virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = yes virtual_maildir_limit_message = Sorry, the user’s maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again later. virtual_overquota_bounce = yes
step9:整合extman到postfix
extman是extmail的一个管理组件
[root@mail ~]# tar xf extman-1.1.tar.gz
[root@mail ~]# cd extman-1.1/docs/
导入数据库
由于extmail很久不更新了,所以数据库脚本在新的mysql5.5上语法有点问题,vi打开数据库脚本修改。(在mysql5.1上没有问题)
:%s@TYPE=MyISAM@ENGINE=MyISAM@g
[root@mail docs]# mysql -uroot -p < extmail.sql
[root@mail docs]# mysql -uroot -p < init.sql
创建extman相关的数据库用户
mysql> grant all privileges on extmail.* to extmail@localhost identified by ‘extmail’;
Query OK, 0 rows affected (0.00 sec)mysql> grant all privileges on extmail.* to extmail@127.0.0.1 identified by ‘extmail’;
Query OK, 0 rows affected (0.00 sec)提供extman的配置文件
[root@mail docs]# cp mysql_virtual_* /etc/postfix/
step10:配置dovecot支持mysql认证
dovecot本身就支持mysql认证,所以直接配置就行
修改/etc/dovecot/conf.d/10-mail.conf 中邮件目录
mail_location = maildir:/var/mailbox/%d/%n/Maildir
修改/etc/dovecot/conf.d/auth-sql.conf中使用mysql验证用户的配置文件位置
passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf } userdb { driver = sql args = /etc/dovecot/dovecot-sql.conf }然后创建/etc/dovecot/dovecot-sql.conf,配置如下
driver = mysql
connect = host=/tmp/mysql.sock dbname=extmail user=extmail password=extmail default_pass_scheme = CRYPT password_query = SELECT username AS user,password AS password FROM mailbox WHERE username = ‘%u’ user_query = SELECT maildir, uidnumber AS uid, gidnumber AS gid FROM mailbox WHERE username = ‘%u’
step11:安装extmail和extman
安装extmail
[root@mail ~]# tar xf extmail-1.2.tar.gz
[root@mail ~]# mkdir /var/www/extsuite -pv
[root@mail ~]# cp extmail-1.2 /var/www/extsuite/extmail -R
修改配置文件
[root@mail extmail]# vi webmail.cf
这里grep出来的配置太长了,主要修改这几项
SYS_USER_LANG = zh_CN SYS_MAILDIR_BASE = /var/mailbox SYS_MYSQL_USER = extmail SYS_MYSQL_PASS = extmail SYS_MYSQL_SOCKET = /tmp/mysql.sock SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket其它的默认即可
而后修改extmail目录下cgi的属主为postfix
[root@mail extmail]# chown -R postfix.postfix /var/www/extsuite/extmail/cgi/
安装extman
[root@mail ~]# cp extman-1.1 /var/www/extsuite/extman -R
修改配置文件
[root@mail extman]# vi webman.cf
主要是下面这几项
SYS_MAILDIR_BASE = /var/mailbox SYS_DEFAULT_UID = 1024SYS_DEFAULT_GID = 1024
SYS_MYSQL_USER = extmail SYS_MYSQL_PASS = extmail SYS_MYSQL_SOCKET = /tmp/mysql.sock而后修改extman目录下cgi的属主为postfix
[root@mail extman]# chown -R postfix.postfix /var/www/extsuite/extman/cgi/
step12:整合将extmail和extman整合进apache
extmail和extman都是基于perl脚本实现的,所以要开机apache的perl的cgi
而它还需要perl的Unix::syslogd功能,所以需要编译安装Unix::syslogd
[root@mail ~]# tar xf Unix-Syslog-1.1.tar.gz
[root@mail ~]# cd Unix-Syslog-1.1
[root@mail Unix-Syslog-1.1]# perl Makefile.PL[root@mail Unix-Syslog-1.1]# make && make install
配置1个虚拟主机
加入如下配置
User postfix Group postfix<VirtualHost *:80>
ServerName mail.magedu.com DocumentRoot /var/www/extsuite/extmail/html/ ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi Alias /extmail /var/www/extsuite/extmail/htmlScriptAlias /extman/cgi /var/www/extsuite/extman/cgi
Alias /extman /var/www/extsuite/extman/html </VirtualHost>
step13:完结。。。。
OK ,浏览器输入地址
然后登入系统创建虚拟域和虚拟用户,整个环境就此做好。