Postfix完全配置指南.doc

Postfix完全配置指南 经过近一周的配置，终于把邮件服务器搭建好了，有点兴奋，现我把配置文档贡献出来。(注：文档是借助别人写的做了校正修改)联系方式：QQ : 279379936MSN : 测试平台：CentOS release 5.3需要的包：mysql-5.1.49.tar.gzcyrus-sasl-2.1.22.tar.gzhttpd-2.2.14.tar.gzphp-5.2.2.tar.bz2postfix-2.6.2.tar.gzcourier-authlib-0.62.4.tar.bz2courier-imap-4.1.2.tar.bz2extmail-1.2.tar.gzperl-Unix-Syslog-0.100-1.2.el5.rf.i386.rpmlibmysql10-3.23.52-1mdk.i586.rpmDBD-mysql-3.0008.tar.gzextman-0.2.5.tar.gzperl-GD-2.35-1.el5.rf.i386.RpmphpMyAdmin-2.11.10-all-languages.tar.GzTime-HiRes-1.86.tar.GzFile-Tail-0.99.3.tar.Gzrrdtool-1.2.23.tar.gz以上为搭建最基本的邮件服务器所需要的包如支持extman后台的图形日志功能需装以下包：基础架构图（引用）配置DNS及主机名，域名#查询是否已安装软件#rpm -qa | grep httpd # rpm -qa | grep mysql # rpm -qa | grep php # rpm -qa |grep sasl# rpm -qa | grep ssl /可采用系统自带的不用卸载# rpm -qa |grep sendmail# rpm -e -nodeps sendmail /举例卸载方式安装mysql#tar xzvf mysql-5.1.49.tar.gz #cd mysql-5.1.49#groupadd mysql#useradd -g mysql -s /sbin/nologin mysql注：源码包编译安装的时候有可能因系统缺少某些包造成编译安装出错，建议直接配好本地yum源（挂载光盘，以光盘做为yum源）#yum -y install gcc*#yum -y install ncurses-devel*#CFLAGS=-O3 CXX=gcc CXXFLAGS=-O3 -felide-constructors -fno-exceptions -fno-rtti -fomit-frame-pointer ./configure -prefix=/usr/local/mysql -localstatedir=/usr/local/mysql/var -with-unix-socket-path=/tmp/mysql.sock -enable-assembler -with-mysqld-ldflags=-all-static -with-charset=utf8 -with-extra-charsets=all -enable-thread-safe-client -enable-local-infile -with-low-memory 注：出错了,提示: configure: error: No curses/termcap library found这是缺少ncurses包,挂载安装盘,找到ncurses-devel-5.5-24.20060715.i386.rpm安装#make#make install#cp support-files/f /etc/f#cp support-files/mysql.server /etc/rc.d/init.d/mysqld#chmod 700 /etc/rc.d/init.d/mysqld #chkconfig -add mysqld#chkconfig mysqld on 35#cd /usr/local/mysql#bin/mysql_install_db -user=mysql#chown -R root .#chown -R mysql var#chgrp -R mysql . #service mysqld startorbin/mysqld_safe -user=mysql &注：(如果没有问题的话,应该会出现类似这样的提示: 1 42264 #Starting mysqld daemon with databases from /usr/local/mysql/var如果出现 mysql ended这样的语句，表示Mysql没有正常启动，你可以到log中查找问题，Log文件的通常在 /etc/f中配置,大多数问题是权限设置不正确引起的.日志文件路径：mysql安装路径（/usr/local/mysql）./var/主机名.err我的错误日志路径 /usr/local/mysql/var/.err#bin/mysqladmin -u root password password /设置用户密码#bin/mysql -u root -p /登录测试Enter password:Welcome to the MySQL monitor. Commands end with ; or g.Your MySQL connection id is 6Server version: 5.0.67-log Source distributionType help; or h for help. Type c to clear the buffer.mysql select version();+-+| version() |+-+| 5.1.49-log | +-+1 row in set (0.00 sec)mysql quitBye修改环境变量文件/etc/profile,添加mysql的PATH变量.#vim /etc/profile在以下字段添加:pathmunge /usr/local/mysql/bin# Path manipulationif $EUID = 0 ; thenpathmunge /sbinpathmunge /usr/sbinpathmunge /usr/local/sbinpathmunge /usr/local/mysql/bin也可以做符号连接如下:rootmail mysql#cd binrootmail mysql#for i in *; do ln -s /usr/local/mysql/bin/$i /usr/bin/$i; done#echo /usr/local/mysql/lib/mysql /etc/ld.so.conf /添加连接库postfix安装时候会用到,否则报错.#ldconfig#export PATH=$PATH:/usr/local/mysql/binOk!Mysql安装完毕.安装openssl因为Openssl在这里的作用不是很明显，而且系统中默认一般都自带有，所以这里没有采用源码的方式安装，在这里只是做一次查询:# rpm -qa |grep ssl openssl-devel-0.9.7a-43.1 openssl-0.9.7a-43.1 xmlsec1-openssl-1.2.6-3此为源码包的安装方法：#tar zxvf openssl-0.9.8l.tar.gz #cd openssl-0.9.8l#./config shared zlib -prefix=/usr/local/openssl#make #make test#make install#mv /usr/bin/openssl /usr/bin/openssl.OFF#mv /usr/include/openssl /usr/include/openssl.OFF#rm /usr/lib/libssl.so#ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl#ln -s /usr/local/openssl/include/openssl /usr/include/openssl#ln -s /usr/local/openssl/lib/libssl.so.0.9.8 /usr/lib/libssl.so建立libs缓存:#echo /usr/local/ssl/lib /etc/ld.so.conf#ldconfig安装sasl# tar zxvf cyrus-sasl-2.1.22.tar.gz# cd cyrus-sasl-2.1.22#./configure -prefix=/usr/local/sasl2 -disable-gssapi -disable-anon -disable-sample -disable-digest -enable-plain -enable-login -enable-sql -with-mysql=/usr/local/mysql/ /mysql的支持可以不加，因为sasl2直接调用courier-authlib来实现查找mysql并验证用户的，sasl2本身不需要mysql支持-with-mysql-includes=/usr/local/mysql/include/mysql/ -with-mysql-libs=/usr/local/mysql/lib/mysql/ -with-authdaemond=/usr/local/courier-authlib/var/spool/authdaemon/socket#make#make install注：如果出现下面的错误:auth_getpwent.c:48:20: des.h: No such file or directorymake3: * auth_getpwent.o Error 1make3: Leaving directory /tmp/cyrus-sasl-2.1.21/saslauthdmake2: * all Error 2make2: Leaving directory /tmp/cyrus-sasl-2.1.21/saslauthdmake1: * all-recursive Error 1make1: Leaving directory /tmp/cyrus-sasl-2.1.21make: * all Error 2修改/tmp/cyrus-sasl-2.1.21/saslauthd/Makefiles内的变量CFLAGS添加-I/opt/openssl/include/openssl或者直接#cp /tmp/cyrus-sasl-2.1.21/mac/libdes/public/des.h /tmp/cyrus-sasl-2.1.21/建立系统lib链接及缓存：#ln -s /usr/local/sasl2/lib/* /usr/lib#ln -s /usr/local/sasl2/lib/* /usr/local/lib#ln -s /usr/local/sasl2/include/sasl/* /usr/local/include/#ln -s /usr/local/sasl2/include/sasl/* /usr/include/#echo /usr/local/sasl2/lib /etc/ld.so.conf#echo /usr/local/sasl2/lib/sasl2 /etc/ld.so.conf#ldconfig建立启动目录，调试启动测试：#mkdir -p /var/state/saslauthd #/usr/local/sasl2/sbin/saslauthd -a shadow pam -d正式启动，登录测试：#/usr/local/sasl2/sbin/saslauthd -a shadow pam #/usr/local/sasl2/sbin/testsaslauthd -u uesrname -p password /此处为系统用户名和密码0: OK Success. 表示测试成功加入启动项：#echo /usr/local/sasl2/sbin/saslauthd -a shadow pam/etc/rc.local安装apache#tar zxvf httpd-2.2.14.tar.gz #cd httpd-2.2.14#./configure -prefix=/usr/local/apache -enable-so -with-mpm=worker -enable-nonportable-atomics=yes -enable-ssl -enable-usertrack -enable-rewrite -enable-zlib -enable-suexec -with-suexec-docroot=/var/www -with-suexec-caller=daemon -with-ssl=/usr/lib/openssl/ /注：如openssl为源码包安装方式，此处要指定openssl的路径#make#make install#echo /usr/local/apache/bin/apachectl start /etc/rc.local6安装php#tar jxvf php-5.2.2.tar.bz2 #cd php-5.2.2#./configure -prefix=/usr/local/php -with-apxs2=/usr/local/apache/bin/apxs -with-mysql=/usr/local/mysql/ -with-zlib -with-gd -enable-mbstring#make#make test#make install注：报错configure: error: cannot find output from lex; giving up是缺少包造成# yum -y install *lex*checking for xml2-config pathconfigure: error: xml2-config not found. Please check your libxml2 installation.是缺少libxml2-dev包#yum -y install libxml2-dev*configure: error: libpng.(a|so) not found.# yum -y install libpng* #vim /usr/local/apache/conf/httpd.conf=LoadModule php5_module modules/libphp5.soAddType application/x-httpd-php .php .phtmlAddType application/x-httpd-php-source .phps DirectoryIndex index.html index.phpDocumentRoot /var/www=#mkdir /var/www#vi /var/www/index.php=重启apache# /usr/local/apache/bin/apachectl stop# /usr/local/apache/bin/apachectl start测试： 在浏览器是输入：61/index.php7安装postfix#groupadd postfix#groupadd postdrop#useradd -g postfix -s /sbin/nologin -d /dev/null postfix# useradd -g postdrop -s /sbin/nologin d /dev/null postdrop#id postfixuid=502(postfix) gid=502 groups=502 context=user_u:system_r:unconfined_t注：记录下postfix的uid及gid，后面的配置文件中会经常用到此id。# tar zxvf postfix-2.6.2.tar.gz# cd postfix-2.6.2#make tidy报错：rootlocalhost postfix-2.6.2# make tidymake -f Makefile.in MAKELEVEL= Makefiles(echo # Do not edit - this file documents how Postfix was built for your machine.; /bin/sh makedefs) makedefs.tmpNo include file found.Install the appropriate db*-devel package first.See the RELEASE_NOTES file for more information.make: * Makefiles Error 1make: * Makefiles Error 2# yum -y install db*-devel* 根据报错提示装确少的包#make -f Makefile.init makefiles CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/local/include/sasl -DUSE_TLS -I/usr/include AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient -lz -lm -L/usr/local/lib -lsasl2 -L/usr/lib -lssl -lcrypto注：上边make的参数中的目录需要根据不同的安装环境选择，推荐ls查看一下相应目录，确认目录下为需要的libs。#make#make install 按照以下的提示输入相关的路径(号中的是缺省值，”后的是输入值)install_root: /tempdir: /root/postfix-2.6.5 /tmp /其他的都是默认config_directory: /etc/postfixcommand_directory: /usr/sbindaemon_directory: /usr/libexec/postfixdata_directory: /var/lib/postfixhtml_directory: nomail_owner: postfixmailq_path: /usr/bin/mailqmanpage_directory: /usr/local/mannewaliases_path: /usr/bin/newaliasesqueue_directory: /var/spool/postfixreadme_directory: nosendmail_path: /usr/sbin/sendmailsetgid_group: postdrop设置postfix:#mv /etc/aliases /etc/aliases.OFF #ln -s /etc/postfix/aliases /etc/aliases注：postfix默认不允许给root发邮件，所以需要给root建立一个别名。 #echo root: /etc/postfix/aliases#postalias /etc/postfix/aliases#postconf -n /etc/postfix/main.cf.tmp#mv /etc/postfix/main.cf /etc/postfix/main.cf.backup#mv /etc/postfix/main.cf.tmp /etc/postfix/main.cf#vim /etc/postfix/main.cf=command_directory = /usr/sbinconfig_directory = /etc/postfixdaemon_directory = /usr/libexec/postfixdata_directory = /var/lib/postfixdebug_peer_level = 2html_directory = nomail_owner = postfixmailq_path = /usr/bin/mailqmanpage_directory = /usr/local/mannewaliases_path = /usr/bin/newaliasesqueue_directory = /var/spool/postfixreadme_directory = nosample_directory = /etc/postfixsendmail_path = /usr/sbin/sendmailsetgid_group = postdropunknown_local_recipient_reject_code = 550#-user specified-myhostname = myorigin = $mydomainmydomain = #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomainmydestination =mynetworks = ,/24local_recipient_maps = unix:passwd.byname $alias_mapsalias_maps = hash:/etc/postfix/aliasesalias_database = hash:/etc/postfix/aliasesinet_interfaces = allsmtp_helo_name = =注：需要特别注意的是mydomain和myhostname,这2个项的值不要设置成一样，否则postfix将不能正确启动,虚拟邮箱不可用。myorigin参数用来指明发件人所在的域名；mydestination参数指定postfix接收邮件时收件人的域名，即您的postfix系统要接收到哪个域名的邮件；myhostname 参数指定运行postfix邮件系统的主机的主机名，默认情况下，其值被设定为本地机器名；mydomain参数指定您的域名，默认情况下，postfix将myhostname的第一部分删除而作为mydomain的值；mynetworks 参数指定你所在的网络的网络地址，postfix系统根据其值来区别用户是远程的还是本地的，如果是本地网络用户则允许其访问；inet_interfaces 参数指定postfix系统监听的网络接口；设置开机自启动#echo ”/usr/sbin/postfix start” /etc/rc.local启动postfix#/usr/sbin/postfix start测试：#telnet localhost 25Trying .Connected to ssn ().Escape character is .220 ESMTP Postfixmail from:250 2.1.0 Okrcpt to:250 2.1.5 Okdata354 End data with .subject: Mail testnew test .250 2.0.0 Ok: queued as 3D574D04C42quit221 2.0.0 ByeConnection closed by foreign host.#su - sense$mailMail version 8.1 6/6/93. Type ? for help./var/spool/mail/sense: 1 message 1 newN 1 Sat Nov 3 08:58 15/487 Mail test& 1Message 1:From Sat Nov 3 08:58:42 2007X-Original-To: Delivered-To: subject: Mail testDate: Sat, 3 Nov 2007 08:58:17 +0800 (CST)From: To: undisclosed-recipients:;new test & quitSaved 1 message in mbox开启postfix的cyrus-sasl认证(1)检测postfix是否支持cyrus-sasl：#postconf -acyrusdovecot如果postconf命令显示上边结果，则说明postfix支持cyrus-sasl认证。(2)添加postfix对cyrus-sasl的支持：#vi /etc/postfix/main.cf=#-cyrus-sasl-broken_sasl_auth_clients = yessmtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated, reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain, reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain, reject_unauth_pipelining,reject_unauth_destinationsmtpd_sasl_auth_enable = yessmtpd_sasl_security_options = noanonymoussmtpd_banner = Welcome to our $myhostname ESMTP,Warning: Nonauthorized login is not recommended.=(3)添加cyrus-sasl对smtp的认证支持：#vim /usr/local/lib/sasl2/smtpd.conf=pwcheck_method: saslauthdmech_list: PLAIN LOGIN=(4)测试认证结果：#postfix reload#telnet localhost 25Trying .Connected to ssn ().Escape character is .220 Welcome to our ESMTP,Warning: Nonauthorized login is not recommended.ehlo 250-PIPELINING250-SIZE 10240000250-VRFY250-ETRN注：如果有以下两行，则说明认证设置成功。250-AUTH PLAIN LOGIN250-AUTH=PLAIN LOGIN250-ENHANCEDSTATUSCODES250-8BITMIME250 DSNquit221 2.0.0 ByeConnection closed by foreign host.添加postfix对虚拟域及虚拟用户的支持（即添加mysql支持）#vi /etc/postfix/main.cf=#-Virtual Mailbox Settings-virtual_mailbox_base = /var/mailboxvirtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cfvirtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cfvirtual_alias_domains =virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cfvirtual_uid_maps = static:1000virtual_gid_maps = static:1000virtual_transport = maildrop:maildrop_destination_recipient_limit = 1maildrop_destination_concurrency_limit = 1#-QUOTA Settings-message_size_limit = 14336000virtual_mailbox_limit = 20971520virtual_create_maildirsize = yesvirtual_mailbox_extended = yesvirtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cfvirtual_mailbox_limit_override = yesvirtual_maildir_limit_message = Sorry, the users maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again later.virtual_overquota_bounce = yes=注：需要注意virtual_uid_maps及virtual_gid_maps的值，它是postfix用户的uid和postfix组的gid,与文件/usr/local/courier-authlib/etc/authlib/authmysqlrc的MYSQL_UID_FIELDMYSQL_GID_FIELD一定要保持一致。虚拟域及虚拟用户的配置文件在extman的源代码中有提供。在安装extman时会说明操作。安装courier-authlib# tar jxvf courier-authlib-0.62.4.tar.bz2#cd courier-authlib-0.62.4#./configure -prefix=/usr/local/courier-authlib -without-authpam -without-authldap -without-authpwd -without-authshadow -without-authvchkpw -without-authpgsql -with-mysql-libs=/usr/local/mysql/lib/mysql/ -with-mysql-includes=/usr/local/mysql/include/mysql/安装courier-authlib（1） 首先需要安装expect：#yum install expect （2） 安装courier-authlib#groupadd -g 1000 vmail#useradd -g 1000 -u 1000 -M -s /sbin/nologin vmail# tar -jxvf courier-authlib-0.62.4.tar.bz2# cd courier-authlib-0.62.4#./configure -prefix=/usr/local/courier-authlib -without-stdheaderdir -sysconfdir=/etc -without-authuserdb -without-authpam -without-authldap -without-authpwd -without-authshadow -without-authvchkpw -without-authpgsql -without-authcustom -with-authmysql -with-mysql-libs=/usr/local/mysql/lib/mysql -with-mysql-includes=/usr/local/mysql/inculde/mysql -with-redhat -with-mailuser=vmail -with-mailgroup=vmail # make & make install# make install-migrate# make install-configure更新lib库文件搜索路径# echo /usr/local/courier-authlib/lib/courier-authlib/etc/ld.so.conf# ldconfig（3）修改配置文件# vim /etc/authlib/authdaemonrc=authmodulelist=authmysqlauthmodulelistorig=authmysqldaemons=10DEBUG_LOGIN=2=# vim /etc/authlib/authmysqlrc修改以下内容=MYSQL_SERVER localhostMYSQL_USERNAME extmailMYSQL_PASSWORD extmailMYSQL_SOCKET /tmp/mysql.sock MYSQL_PORT 3306MYSQL_DATABASE extmailMYSQL_USER_TABLE mailboxMYSQL_CRYPT_PWFIELD passwordMYSQL_UID_FIELD 1000MYSQL_GID_FIELD 1000MYSQL_LOGIN_FIELD usernameMYSQL_HOME_FIELD concat(/var/mailbox/,homedir)MYSQL_NAME_FIELD nameMYSQL_MAILDIR_FIELD concat(/var/mailbox/,maildir)MYSQL_QUOTA_FIELD concat(quota,S)=（4） 启动及加入到自动运行队列# chmod a+x /usr/local/courier-authlib/var/spool/authdaemon# cp courier-authlib.sysvinit /etc/rc.d/init.d/courier-authlib# chmod 755 /etc/rc.d/init.d/courier-authlib# chkconfig -add courier-authlib# chkconfig courier-authlib on# service courier-authlib start配置courier-authlib：#chmod 755 /usr/local/courier-authlib/var/spool/authdaemon#cp /usr/local/courier-authlib/etc/authlib/authdaemonrc.dist /usr/local/courier-authlib/etc/authlib/authdaemonrc#cp /usr/local/courier-authlib/etc/authlib/au