【原创】postfix(ldap)邮件系统.docx

/bbs/thread/6335RHAS4+postfix+cyrus-sasl+ldap+courier-imap+courier-maildrop+jamm+squirrelmail 转载请注明出处 2005年7月24日完成 1.openldap 2.cyrus-sasl 3.postfix 4.courier-authlib 5.courier-imap 6.courier-maildrop 7.管理工具 8.测试 9.webmail 实现功能：smtp认证、pop3和imap、虚拟域和虚拟用户、web管理用户（phpldapadmin+jamm）、webmail（squirrelmail）、邮箱quota 创建vmail用户和组 #groupaddvmail-g5000 #useraddvmail-u5000-g5000-s/sbin/nologin-d/dev/null #mkdir/var/mailbox #chownvmail:vmail/var/mailbox #chmod-Rug+rwx,o-rwx/var/mailbox 1.安装openldap2.2.26 #wget/pub/OpenLDAP/openldap-stable/openldap-stable-20050429.tgz #tarzxvfopenldap-stable-20050429.tgz #cdopenldap-2.2.26 #./configure-prefix=/usr/local/openldap-enable-ldbm=yes-enable-bdb=no-enable-ipv6=no #makedepend #make #maketest #makeinstall #wget/sourceforge/jamm/jamm-0.9.7-rc1.tar.gz #tarzxvfjamm-0.9.7-rc1.tar.gz #cpjamm-0.9.7-rc1/src/schema/jamm.schema/usr/local/openldap/etc/openldap/schema/ 先获得rootpw的加密密码，注意每次都不一样。你也可以用明文的 #/usr/local/openldap/sbin/slappasswd Newpassword:12345 Re-enternewpassword:12345 SSHAeBmoJWzMhMGgC48iqHHQyX4Q4CGhzZxO #vi/usr/local/openldap/etc/openldap/slapd.conf include/usr/local/openldap/etc/openldap/schema/core.schema include/usr/local/openldap/etc/openldap/schema/cosine.schema include/usr/local/openldap/etc/openldap/schema/nis.schema include/usr/local/openldap/etc/openldap/schema/jamm.schema allowbind_v2 pidfile/usr/local/openldap/var/run/slapd.pid argsfile/usr/local/openldap/var/run/slapd.args databaseldbm directory/usr/local/openldap/var/openldap-data suffixdc=test,dc=com rootdncn=Manager,dc=test,dc=com rootpwSSHAeBmoJWzMhMGgC48iqHHQyX4Q4CGhzZxO #rootpw12345 indexobjectClasspres,eq indexmail,cneq,sub accesstodn.regex=.*,jvd=(,+),o=hosting,dc=test,dc=com attr=userPassword byselfwrite bygroup/jammPostmaster/roleOccupant.expand=cn=postmaster,jvd=$1,o=hosting,dc=test,dc=comwrite byanonymousauth by*none accesstodn.regex=.*jvd=(,+),o=hosting,dc=test,dc=com byselfwrite bygroup/jammPostmaster/roleOccupant.expand=cn=postmaster,jvd=$1,o=hosting,dc=test,dc=comwrite by*read accessto* by*read 启动ldap #/usr/local/openldap/libexec/slapd-d256 出现slapdstarting说明启动成功了，建议调试的时候以这种方式启动dlap #vi/usr/local/openldap/etc/openldap/base.ldif dn:dc=test,dc=com objectClass:top objectClass:domain domainComponent:test dn:cn=Manager,dc=test,dc=com objectClass:top objectClass:organizationalRole cn:Manager dn:o=hosting,dc=test,dc=com objectClass:top objectClass:organization o:hosting #/usr/local/openldap/bin/ldapadd-x-Dcn=Manager,dc=test,dc=com-W-f/usr/local/openldap/etc/openldap/base.ldif EnterLDAPPassword:12345 addingnewentrydc=test,dc=com addingnewentrycn=Manager,dc=test,dc=com addingnewentryo=hosting,dc=test,dc=com 2.安装cyrus-sasl2.1.21 as4默认已经安装了，给它改个文件名吧，如果把rpm包删除之后配置跟我的肯定不一样 #mv/usr/lib/sasl/usr/lib/sasl.OFF #mv/usr/lib/sasl2/usr/lib/sasl2.OFF 编译安装cyrus-sasl2.1.21 #wget/pub/cyrus-mail/cyrus-sasl-2.1.21.tar.gz #tarzxvfcyrus-sasl-2.1.21.tar.gz #cdcyrus-sasl-2.1.21 密码验证方式为saslauthd编译方法 #./configure-disable-anon-enable-plain-enable-login-enable-ldapdb-with-ldap=/usr/local/openldap-with-saslauthd=/var/run/saslauthd-sysconfdir=/etc 密码验证方式为authdaemond的编译方法 #./configure-disable-anon-enable-plain-enable-login-enable-ldapdb-with-ldap=/usr/local/openldap-with-authdaemond=/usr/local/var/spool/authdaemon/socket #make #makeinstall 为了让postfix能找到sasl，请运行如下命令： #echo/usr/local/lib;/etc/ld.so.conf #ldconfig #ln-s/usr/local/lib/sasl2/usr/lib/sasl2 密码验证方式为saslauthd的配置方法 #vi/usr/local/lib/sasl2/smtpd.conf pwcheck_method:saslauthd mech_list:loginplain #vi/etc/saslauthd.conf ldap_servers:ldap:/ ldap_search_base:o=hosting,dc=test,dc=com ldap_filter:(&(objectClass=JammMailAccount)(mail=%u%r)(accountActive=TRUE)(delete=FALSE) #vi/etc/sysconfig/saslauthd MECH=ldap 密码验证方式为auxprop的配置方法（计划中） 密码验证方式为authdaemond的配置方法 #vi/usr/local/lib/sasl2/smtpd.conf pwcheck_method:authdaemond log_level:3 mech_list:PLAINLOGIN authdaemond_path:/usr/local/var/spool/authdaemon/socket 3.安装postfix2.2.4 如果你的系统上原来有sendmail，先将其停止并将其文件改名： #/etc/init.d/sendmailstop #chkconfig-level0123456sendmailoff #mv/usr/bin/newaliases/usr/bin/newaliases.orig #mv/usr/bin/mailq/usr/bin/mailq.orig #mv/usr/sbin/sendmail/usr/sbin/sendmail.orig 开始安装 #groupadd-g12345postfix #useradd-u12345-g12345-cpostfix-d/dev/null-s/sbin/nologinpostfix #groupadd-g54321postdrop #wget/postfix/official/postfix-2.2.4.tar.gz #tar-zxvfpostfix-2.2.4.tar.gz #cdpostfix-2.2.4 #echo/usr/local/openldap/lib;/etc/ld.so.conf #ldconfig #make-fMakefile.initmakefiles CCARGS=-DHAS_LDAP-I/usr/local/openldap/include-DUSE_SASL_AUTH-I/usr/local/include/sasl AUXLIBS=-L/usr/local/openldap/lib-lldap-llber-L/usr/local/lib-lsasl2 #makeinstall #vi/etc/postfix/main.cf #=BASE= myhostname= mydomain= myorigin=$mydomain mydestination=$myhostnamelocalhostlocalhost.$mydomain mynetworks=/8 inet_interfaces=all virtual_mailbox_base=/var/mailbox virtual_minimum_uid=5000 virtual_uid_maps=static:5000 virtual_gid_maps=static:5000 #virtual_transport=virtual virtual_transport=maildrop maildrop_destination_recipient_limit=1 virtual_mailbox_domains=ldap:domains virtual_maps=ldap:aliases,ldap:accountsmap virtual_mailbox_maps=ldap:accounts domains_server_host=localhost domains_search_base=o=hosting,dc=test,dc=com domains_query_filter=(&(objectClass=JammVirtualDomain)(jvd=%s)(accountActive=TRUE)(delete=FALSE) domains_result_attribute=jvd domains_bind=no domains_scope=one aliases_server_host=localhost aliases_search_base=o=hosting,dc=test,dc=com aliases_query_filter=(&(objectClass=JammMailAlias)(mail=%s)(accountActive=TRUE) aliases_result_attribute=maildrop aliases_bind=no accounts_server_host=localhost accounts_search_base=o=hosting,dc=test,dc=com accounts_query_filter=(&(objectClass=JammMailAccount)(mail=%s)(accountActive=TRUE)(delete=FALSE) accounts_result_attribute=mailbox accounts_bind=no accountsmap_server_host=localhost accountsmap_search_base=o=hosting,dc=test,dc=com accountsmap_query_filter=(&(objectClass=JammMailAccount)(mail=%s)(accountActive=TRUE)(delete=FALSE) accountsmap_result_attribute=mail accountsmap_cache=yes accountsmap_bind=no #=ldapQuota= message_size_limit=14336000 virtual_mailbox_limit_size=20971520 virtual_mailbox_limit_override=yes virtual_maildir_extended=yes virtual_create_maildirsize=yes virtual_mailbox_limit_maps=ldap:quota quota_server_host=localhost quota_search_base=o=hosting,dc=example,dc=com quota_query_filter=(&(&(objectClass=JammMailAccount)(mail=%s)(accountActive=TRUE)(delete=FALSE) quota_result_attribute=quota quota_cache=no quota_bind=no #=SASL= broken_sasl_auth_clients=yes #Inordertoallowmailrelayingbyauthenticatedclients smtpd_recipient_restrictions= permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown_sender_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, permit smtpd_sasl_auth_enable=yes smtpd_sasl_local_domain=$myhostname smtpd_sasl_security_options=noanonymous smtpd_sasl_application_name=smtpd smtpd_banner=$myhostnameESMTPVersionnotAvailable 启动postfix #postfixstart 4.安装Courier-authlib0.56 新版本的imap不再包含authenticationlibrary，必须先安装Courierauthenticationlibrary #wget/beta/courier-authlib/courier-authlib-0.56.20050709.tar.bz2 #tarjxvfcourier-authlib-0.56.20050709.tar.bz2 #cdcourier-authlib-0.56.20050709 #./configure -with-redhat -with-authldap=yes -with-mailuser=vmail-with-mailgroup=vmail #make #makeinstall #makeinstall-configure #vi/usr/local/etc/authlib/authdaemonrc authmodulelist=authldap authmodulelistorig=authldap #vi/usr/local/etc/authlib/authldaprc LDAP_SERVERlocalhost LDAP_PORT389 LDAP_PROTOCOL_VERSION3 LDAP_BASEDNdc=test,dc=com LDAP_AUTHBIND1 LDAP_MAILmail LDAP_FILTER(objectClass=JammMailAccount)(accountActive=TRUE)(delete=FALSE) LDAP_GLOB_UIDvmail LDAP_GLOB_GIDvmail LDAP_HOMEDIRhomeDirectory LDAP_MAILDIRmailbox LDAP_DEFAULTDELIVERYdefaultDelivery LDAP_MAILDIRQUOTAquota LDAP_FULLNAMEcn LDAP_CRYPTPWuserPassword #LDAP_CLEARPWclearPassword LDAP_DEREFnever LDAP_TLS0 注意：确认在这个文件中不能用空格键（包括行尾），只能用tab键 设置自启动 #cpcourier-authlib.sysvinit/etc/rc.d/init.d/courier-authlib #chmod755/etc/rc.d/init.d/courier-authlib #chkconfig-level0123456courier-authlibon 手动启动服务： #authdaemondstart 测试courier-authlib 检查进程： #pstree|grepauthdaemond |-authdaemond.mys-5*authdaemond.mys 5.安装Courier-imap4.0.3 #wget/beta/imap/courier-imap-0050702.tar.bz2 #tarjxvfcourier-imap-0050702.tar.bz2 #cdcourier-imap-0050702 #./configure -prefix=/usr/local/imap -with-redhat -disable-root-check -enable-unicode=utf-8,iso-8859-1,gb2312,gbk,gb18030 -with-trashquota -with-dirsync #make #makeinstall-strip（先install-strip，如果失败，再makeinstall） #makeinstall-configure #vi/usr/local/imap/etc/pop3d 将POP3DSTART=NO改为POP3DSTART=YES #vi/usr/local/imap/etc/imapd 将IMAPDSTART=NO改为IMAPDSTART=YES 让imap自启动： #cpcourier-imap.sysvinit/etc/rc.d/init.d/courier-imap #chmod755/etc/rc.d/init.d/courier-imap #chkconfig-level0123456courier-imapon 手动启动服务： #/usr/local/imap/libexec/pop3d.rcstart #/usr/local/imap/libexec/imapd.rcstart 测试courier-imap 检查进程： #pstree|grepcourier |-2*courierlogger |-2*couriertcpd 检查端口，应该有如下端口打开： #netstat-an|grepLISTEN tcp00:1:*LISTEN tcp00:14:*LISTEN 6.安装Courier-maildrop1.8.1 #wget/sourceforge/courier/maildrop-1.8.1.tar.bz2 #tarjxvfmaildrop-1.8.1.tar.bz2 #cdmaildrop-1.8.1 #./configure -prefix=/usr/local/maildrop -enable-sendmail=/usr/sbin/sendmail -enable-trusted-users=rootvmail -enable-syslog=1 -enable-maildirquota -enable-maildrop-uid=5000 -enable-maildrop-gid=5000 -with-trashquota -with-dirsync #make #makeinstall #cp/usr/local/maildrop/bin/maildrop/usr/bin #chmoda+rx/usr/bin/maildrop 运行maildrop-v应该有如下提示信息： maildrop1.8.0Copyright1998-2004DoublePrecision,Inc. GDBMextensionsenabled. CourierAuthenticationLibraryextensionenabled. Maildirquotaextensionenabled. ThisprogramisdistributedunderthetermsoftheGNUGeneralPublic License.SeeCOPYINGforadditionalinformation. 新建/etc/maildroprc文件 #vi/etc/maildroprc logfile/var/mailbox/maildrop.log to$HOME/$DEFAULT #chmoda+r/etc/maildroprc 配置Postfix #vi/etc/postfix/main.cf virtual_transport=maildrop maildrop_destination_recipient_limit=1 #vi/etc/postfix/master.cf maildropunix-nn-pipe flags=DRhuuser=vmail:vmailargv=/usr/local/maildrop/bin/maildrop-w90-d$recipient 7.管理工具 安装apache2.0.54 #wget/httpd/httpd-2.0.54.tar.bz2 #tarjxvfhttpd-2.0.54.tar.bz2 #cdhttpd-2.0.54 #./configure-prefix=/usr/local/apache #make #makeinstall 设置自启动 #cpsupport/apachectl/etc/init.d/httpd 修改/etc/init.d/httpd #vi/etc/init.d/httpd（前面部分修改成这样） #!/bin/sh # #StartupscriptfortheApacheWebServer #chkconfig:-8515 #description:ApacheisaWorldWideWebserver.Itisusedtoserve #HTMLfilesandCGI. #processname:httpd #pidfile:/usr/local/apache/log/httpd.pid #config:/usr/local/apache/conf/httpd.conf #chkconfig-addhttpd #chmod755/etc/init.d/httpd #chkconfighttpdon #vi/usr/local/apache/conf/httpd.conf DocumentRoot/var/www ; OptionsIndexesFollowSymLinks AllowOverrideNone Orderallow,deny Allowfromall ; Uservmail Groupvmail 创建web根目录 #mkdir/var/www 启动服务 #/usr/local/apache/bin/apachectlstart 或 #servicehttpdstart 安装jamm 安装jdk 从sun网站下载（下载页面）j2sdk-1_4_2_08-linux-i586.bin，下载前要注册 #chmod755j2sdk-1_4_2_08-linux-i586.bin #./j2sdk-1_4_2_08-linux-i586.bin #mvj2sdk1.4.2_08/usr/local #ln-s/usr/local/j2sdk1.4.2_08/usr/local/j2sdk 安装resin #wget/download/resin-3.0.14.tar.gz #tarzxvfresin-3.0.14.tar.gz #mvresin-3.0.14/usr/local/j2sdk 设置JDK变量环境 #vi/etc/profile JAVA_HOME=/usr/local/j2sdk PATH=$PATH:$JAVA_HOME/bin:$JAVA_HOME/jre/bin CLASSPATH=.:$JAVA_HOME/lib exportPATHJAVA_HOMECLASSPATH #source/etc/profile 启动resin #/usr/local/j2sdk/resin-3.0.14/bin/httpd.shstart 现在就能够从00:8080上能看到resin的页面，这也就表示单独的resin运行成功了。然后，为了整合resin和apache，我们需要重新编译一下，以生成mod_caucho给apache调用 #cd/usr/local/j2sdk/resin-3.0.14/ #./configure-with-apache=/usr/local/apache #make #makeinstall 安装配置jamm #mkdir/var/www/jamm #wget/sourceforge/jamm/jamm-0.9.6-bin.tar.gz #tarzxvfjamm-0.9.6-bin.tar.gz #mkdir/var/www/jamm #cpjamm-0.9.6/jamm-0.9.6.war/var/www/jamm/ #cd/var/www/jamm #jar-xfjamm-0.9.6.war #cdWEB-INF/ #perties #perties jamm.ldap.search_base=o=hosting,dc=test,dc=com jamm.ldap.root_dn=cn=Manager,dc=test,dc=com #vi/usr/local/j2sdk/resin-3.0.14/conf/resin.conf 把 ; 重新启动apache和resin #/usr/local/j2sdk/resin-3.0.14/bin/httpd.shrestart #servicehttpdrestart 安装php5.0.4 #wget/get/php-5.0.4.tar.bz2/from/this/mirror #tarjxvfphp-5.0.4.tar.bz2 #cdphp-5.0.4 #./configure -prefix=/usr/local/php -with-apxs2=/usr/local/apache/bin/apxs -with-ldap=/usr/local/openldap -disable-ipv6 #make #makeinstall #cpphp.ini-dist/usr/local/php/lib/php.ini #vi/usr/local/php/lib/php.ini 找到 ;default_charset=iso-8859-1 在这行下面加一行 default_charset=gbk #vi/usr/local/apache/conf/httpd.conf 加两行 AddTypeapplication/x-httpd-php.php AddTypeapplication/x-httpd-php-source.phps 找到下面一行在后面加上index.php，这表示网站的默认页也能够为index.php，把index.jsp也加上去吧 DirectoryIndexindex.htmlindex.html.varindex.php 安装phpldapadmin0.9.6c 本来jamm已经非常好了，可是不能修改quota和homedirectory，可能是我不知道再哪里改吧，只好又装了个phpldapadmin #wget/sourceforge/phpldapadmin/phpldapadmin-0.9.6c.tar.gz #tarzxvfphpldapadmin-0.9.6c.tar.gz-C/var/www #mv/var/www/phpldapadmin-0.9.6c/var/www/phpldapadmin #cd/var/www/phpldapadmin #cpconfig.php.exampleconfig.php #vi/var/www/phpldapadmin/config.php $blowfish_secret=any $servers$iname=LDAPServer; $servers$ihost=localhost; $servers$ibase=dc=test,dc=com; $servers$iauth_type=cookie; $language=zh-tw; 重启apache #servicehttpdrestart 现在可以添加用户了 登陆jamm 00/jamm/index.jsp 用户名：root 密码：12345 在jamm中建一域：，并在该域下建一用户：test，密码：12345。然后到phpldapadmin中把该用户的homeDirectory改成/var/mailbox，并新增此用户一属性quota，将其值设为100000000S（就是100M） 创建该用户maildir 新建/usr/sbin/maildirmake.sh文件 #vi/usr/sbin/maildirmake.sh #!/bin/bash set-e if!-d/var/mailbox/$1 then mkdir/var/mailbox/$1 fi chown-Rvmail:vmail/var/mailbox/$1 cd/var/mailbox/$1 /usr/local/imap/bin/maildirmake$2 chown-Rvmail:postfix/var/mailbox/$1/$2 chmod-Rg=s/var/mailbox/$1/$2 #chmod755/usr/sbin/maildirmake.sh #test 8.测试 发现邮件系统在安装过程中会碰到各式各样的问题，于是把测试部分单独列出来，请注意看日志目录下的maillog和message。 测试smtp 启动saslauthd #chkconfigsaslauthdon #servicesaslauthdstart 如果你的密码验证方式为authdaemond，就不用启动saslauthd了，但是要 #chmod+x/usr/local/var/spool/authdaemon #perl-MMIME:Base64-eprintencode_base64(); dGVzdEB0ZXN0LmNvbQ= #perl-MMIME:Base64-eprintencode_base64(12345); MTIzNDU= #telnetlocalhost25 Trying. Connectedtolocalhost. Escapecharacteris. 220ESMTPVersionnotAvailable 250- 250-PIPELINING 250-SIZE10240000 250-VRFY 250-ETRN 250-AUTHLOGINPLAIN 250-AUTH=LOGINPLAIN 2508BITMIME authlogin 334VXNlcm5hbWU6 dGVzdEB0ZXN0LmNvbQ= 334UGFzc3dvcmQ6 MTIzNDU= 235Authenticationsuccessful 测试POP3和IMAP #telnetlocalhost110 +OKHellothere +OKPasswordrequired. pass12345 +OKLoggedin. QUIT +OKbye-bye 测试maildrop #maildrop-V9- maildrop:authlib:groupid=1001 maildrop:authlib:userid=1001 maildrop:authlib:logname=,home=/var/mailbox/,mail=/test/ maild