这里是普通文章模块栏目内容页
Postfix安装配置详解

    测试平台:

    Thinkpad R60

    RHEL5

    0>基础架构图(引用)

    

    1>配置DNS及主机名,域名

    2>安装mysql

    #tar xzvf mysql-5.0.45.tar.gz

    #cd mysql-5.0.45

    #groupadd mysql

    #useradd -g mysql -s /sbin/nologin mysql

    #CFLAGS="-O3" CXX=gcc CXXFLAGS="-O3 -felide-constructors -fno-exceptions -fno-rtti -fomit-frame-pointer"

    ./configure

    --prefix=/usr/local/mysql

    --localstatedir=/usr/local/mysql/var

    --with-unix-socket-path=/tmp/mysql.sock

    --enable-assembler

    --with-mysqld-ldflags=-all-static

    --with-low-memory

    --with-charset=utf8

    --with-extra-charsets=gbk,gb2312

    --enable-thread-safe-client

    #make

    #make install

    #cp support-files/my-medium.cnf /etc/my.cnf

    #cp support-files/mysql.server /etc/rc.d/init.d/mysqld

    #chmod 700 /etc/rc.d/init.d/mysqld

    #chkconfig --add mysqld

    #cd /usr/local/mysql

    #bin/mysql_install_db --user=mysql

    #chown -R root .

    #chown -R mysql var

    #chgrp -R mysql .

    #bin/mysqld_safe --user=mysql &

    or

    #service mysqld start

    #bin/mysqladmin -u root password 'password'

    #bin/mysql -u root -p

    Enter password:

    Welcome to the MySQL monitor. Commands end with ; or g.

    Your MySQL connection id is 6

    Server version: 5.0.45-log Source distribution

    Type 'help;' or 'h' for help. Type 'c' to clear the buffer.

    mysql> select version();

    +------------+

    | version() |

    +------------+

    | 5.0.45-log |

    +------------+

    1 row in set (0.00 sec)

    mysql> quit

    Bye

    #echo '/usr/local/mysql/lib/mysql' >> /etc/ld.so.conf

    #ldconfig

    #export PATH=$PATH:/usr/local/mysql/bin

    3>安装openssl

    #./config shared zlib --prefix=/usr/local/openssl

    #make

    #make test

    #make install

    #mv /usr/bin/openssl /usr/bin/openssl.OFF

    #mv /usr/include/openssl /usr/include/openssl.OFF

    #rm /usr/lib/libssl.so

    #ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl

    #ln -s /usr/local/openssl/include/openssl /usr/include/openssl

    #ln -s /usr/local/openssl/lib/libssl.so.0.9.8 /usr/lib/libssl.so

    建立libs缓存:

    #echo "/usr/local/ssl/lib" >> /etc/ld.so.conf

    #ldconfig

    4>安装sasl

    #./configure

    --prefix=/usr/local/sasl2

    --disable-gssapi

    --disable-anon

    --disable-sample

    --disable-digest

    --enable-plain

    --enable-login

    --with-authdaemond=/usr/local/courier-authlib/var/spool/authdaemon/socket

    #make

    #make install

    建立系统lib链接及缓存:

    #ln -s /usr/local/sasl2/lib/* /usr/lib

    #ln -s /usr/local/sasl2/lib/* /usr/local/lib

    #ln -s /usr/local/sasl2/include/sasl/* /usr/local/include/

    #ln -s /usr/local/sasl2/include/sasl/* /usr/include/

    #echo "/usr/local/sasl2/lib" >> /etc/ld.so.conf

    #echo "/usr/local/sasl2/lib/sasl2" >> /etc/ld.so.conf

    #ldconfig

    建立启动目录,调试启动测试:

    #mkdir -p /var/state/saslauthd

    #/usr/local/sasl2/sbin/saslauthd -a shadow pam -d

    正式启动,登录测试:

    #/usr/local/sasl2/sbin/saslauthd -a shadow pam

    #/usr/local/sasl2/sbin/testsaslauthd -u uesrname -p password

    加入启动项:

    #echo "/usr/local/sasl2/sbin/saslauthd -a shadow pam">>/etc/rc.local

    5>安装apache2

    #./configure

    --enable-so

    --with-mpm=worker

    --enable-nonportable-atomics=yes

    --enable-ssl

    --with-ssl=/usr/lib/openssl/

    --enable-usertrack

    --enable-rewrite

    --enable-zlib

    --enable-suexec

    --with-suexec-docroot=/var/www

    --with-suexec-caller=daemon

    #make

    #make install

    #echo "/usr/local/apache/bin/apachectl start" >> /etc/rc.local

    6>安装php

    #./configure

    --prefix=/usr/local/php

    --with-apxs2=/usr/local/apache2/bin/apxs

    --with-mysql=/usr/local/mysql/

    --with-zlib

    --with-gd

    --enable-mbstring

    #make

    #make test

    #make install

    #vi /usr/local/apache2/conf/httpd.conf

    ==============================================================

    LoadModule php5_module modules/libphp5.so

    AddType application/x-httpd-php .php .phtml

    AddType application/x-httpd-php-source .phps

     DirectoryIndex index.html index.php

    DocumentRoot "/var/www"

    ==============================================================

    #mkdir /var/www

    7>安装postfix

    #groupadd postfix

    #groupadd postdrop

    #useradd -g postfix -s /sbin/nologin -d /dev/null postfix

    #id postfix

    uid=506(postfix) gid=506(postfix) groups=506(postfix) context=user_u:system_r:unconfined_t

    注:记录下postfix的uid及gid,后面的配置文件中会经常用到此id。

    #make tidy

    #make -f Makefile.init makefiles

     'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/local/include/sasl -DUSE_TLS -I/usr/include'

     'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient -lz -lm -L/usr/local/lib -lsasl2 -L/usr/lib -lssl -lcrypto'

    注:

    上边make的参数中的目录需要根据不同的安装环境选择,推荐ls查看一下相应目录,确认目录下为需要的libs。

    #make

    #make install

    设置postfix:

    #mv /etc/aliases /etc/aliases.OFF

    #ln -s /etc/postfix/aliases /etc/aliases

    注:postfix默认不允许给root发邮件,所以需要给root建立一个别名。

    #echo 'root: sense5@test.edu.cn' >> /etc/postfix/aliases

    #postalias /etc/postfix/aliases

    #postconf -n > /etc/postfix/main.cf.tmp

    #mv /etc/postfix/main.cf /etc/postfix/main.cf.backup

    #mv /etc/postfix/main.cf.tmp /etc/postfix/main.cf

    #vi /etc/postfix/main.cf

    ========================================================================

    command_directory = /usr/sbin

    config_directory = /etc/postfix

    daemon_directory = /usr/libexec/postfix

    debug_peer_level = 2

    html_directory = no

    mail_owner = postfix

    mailq_path = /usr/bin/mailq

    manpage_directory = /usr/local/man

    newaliases_path = /usr/bin/newaliases

    queue_directory = /var/spool/postfix

    readme_directory = no

    sample_directory = /etc/postfix

    sendmail_path = /usr/sbin/sendmail

    setgid_group = postdrop

    unknown_local_recipient_reject_code = 550

    #------------------user specified--------------------

    myhostname = mail.test.edu.cn

    myorigin = $mydomain

    mydomain = test.edu.cn

    mydestination =

    mynetworks = 127.0.0.1,192.168.1.0/24

    local_recipient_maps = unix:passwd.byname $alias_maps

    alias_maps = hash:/etc/postfix/aliases

    alias_database = hash:/etc/postfix/aliases

    ========================================================================

    启动postfix:

    #postfix start

    测试:

    #telnet localhost 25

    Trying 127.0.0.1...

    Connected to ssn (127.0.0.1).

    Escape character is '^]'.

    220 mail.test.edu.cn ESMTP Postfix

    mail from:root@test.edu.cn

    250 2.1.0 Ok

    rcpt to:sense@test.edu.cn

    250 2.1.5 Ok

    data

    354 End data with .

    subject: Mail test

    new test

    .

    250 2.0.0 Ok: queued as 3D574D04C42

    quit

    221 2.0.0 Bye

    Connection closed by foreign host.

    #su - sense

    $mail

    Mail version 8.1 6/6/93. Type ? for help.

    "/var/spool/mail/sense": 1 message 1 new

    >N 1 root@test.edu.cn Sat Nov 3 08:58 15/487 "Mail test"

    & 1

    Message 1:

    From root@test.edu.cn Sat Nov 3 08:58:42 2007

    X-Original-To: sense@test.edu.cn

    Delivered-To: sense@test.edu.cn

    subject: Mail test

    Date: Sat, 3 Nov 2007 08:58:17 +0800 (CST)

    From: root@test.edu.cn

    To: undisclosed-recipients:;

    new test

    & quit

    Saved 1 message in mbox

    8>开启postfix的cyrus-sasl认证

    (1)检测postfix是否支持cyrus-sasl:

    #postconf -a

    cyrus

    dovecot

    如果postconf命令显示上边结果,则说明postfix支持cyrus-sasl认证。

    (2)添加postfix对cyrus-sasl的支持:

    #vi /etc/postfix/main.cf

    ====================================================

    #---------cyrus-sasl--------

    broken_sasl_auth_clients = yes

    smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,

    reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,

    reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,

    reject_unauth_pipelining,reject_unauth_destination

    smtpd_sasl_auth_enable = yes

    smtpd_sasl_security_options = noanonymous

    smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Nonauthorized login is not recommended.

    ====================================================

    (3)添加cyrus-sasl对smtp的认证支持:

    #vi /usr/local/lib/sasl2/smtpd.conf

    ====================================================

    pwcheck_method: saslauthd

    mech_list: PLAIN LOGIN

    ====================================================

    (4)测试认证结果:

    #postfix reload

    #telnet localhost 25

    Trying 127.0.0.1...

    Connected to ssn (127.0.0.1).

    Escape character is '^]'.

    220 Welcome to our mail.test.edu.cn ESMTP,Warning: Nonauthorized login is not recommended.

    ehlo mail.test.edu.cn

    250-mail.test.edu.cn

    250-PIPELINING

    250-SIZE 10240000

    250-VRFY

    250-ETRN

    注:如果有以下两行,则说明认证设置成功。

    250-AUTH PLAIN LOGIN

    250-AUTH=PLAIN LOGIN

    250-ENHANCEDSTATUSCODES

    250-8BITMIME

    250 DSN

    quit

    221 2.0.0 Bye

    Connection closed by foreign host.

    9>添加postfix对虚拟域及虚拟用户的支持(即添加mysql支持)

    #vi /etc/postfix/main.cf

    ==============================================

    #------Virtual Mailbox Settings-------

    virtual_mailbox_base = /var/mailbox

    virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf

    virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf

    virtual_alias_domains =

    virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf

    virtual_uid_maps = static:506

    virtual_gid_maps = static:506

    virtual_transport = virtual

    maildrop_destination_recipient_limit = 1

    maildrop_destination_concurrency_limit = 1

    #-------QUOTA Settings------

    message_size_limit = 14336000

    virtual_mailbox_limit = 20971520

    virtual_create_maildirsize = yes

    virtual_mailbox_extended = yes

    virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf

    virtual_mailbox_limit_override = yes

    virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again later.

    virtual_overquota_bounce = yes

    ===============================================

    注:虚拟域及虚拟用户的配置文件在extman的源代码中有提供。在此不一一列出。

    10>安装courier-authlib

    #./configure

    --prefix=/usr/local/courier-authlib

    --without-authpam

    --without-authldap

    --without-authpwd

    --without-authshadow

    --without-authvchkpw

    --without-authpgsql

    --with-mysql-libs=/usr/local/mysql/lib/mysql/

    --with-mysql-includes=/usr/local/mysql/include/mysql/

    #make

    #make install

    配置courier-authlib:

    #chmod 755 /usr/local/courier-authlib/var/spool/authdaemon

    #cp /usr/local/courier-authlib/etc/authlib/authdaemonrc.dist /usr/local/courier-authlib/etc/authlib/authdaemonrc

    #cp /usr/local/courier-authlib/etc/authlib/authmysqlrc.dist /usr/local/courier-authlib/etc/authlib/authmysqlrc

    #vi /usr/local/courier-authlib/etc/authlib/authdaemonrc

    ================================

    authmodulelist="authmysql"

    authmodulelistorig="authmysql"

    daemons=10

    ================================

    #vi /usr/local/courier-authlib/etc/authlib/authmysqlrc

    ======================================================================

    MYSQL_SERVER localhost

    MYSQL_USERNAME extmail

    MYSQL_PASSWORD extmail

    MYSQL_SOCKET /tmp/mysql.sock

    MYSQL_PORT 3306

    MYSQL_OPT 0

    MYSQL_DATABASE extmail

    MYSQL_USER_TABLE mailbox

    MYSQL_CRYPT_PWFIELD password

    MYSQL_UID_FIELD 506

    MYSQL_GID_FIELD 506

    MYSQL_LOGIN_FIELD username

    MYSQL_HOME_FIELD concat('/var/mailbox/',homedir)

    MYSQL_NAME_FIELD name

    MYSQL_MAILDIR_FIELD concat('/var/mailbox/',maildir)

    ======================================================================

    注:authdaemonrc及authmysqlrc文件中都不能使用空格,间隔用TAB来实现。

    配置libs缓存:

    #echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf

    #ldconfig

    配置开机启动项:

    #cp courier-authlib.sysvinit /etc/rc.d/init.d/courier-authlib

    #chmod 755 /etc/init.d/courier-authlib

    #chkconfig --add courier-authlib

    #chkconfig --level 2345 courier-authlib on

    启动courier-authlib

    #service courier-authlib start

    11>安装courier-imap

    #./configure

    --prefix=/usr/local/courier-imap

    --enable-unicode

    --disable-root-check

    --with-trashquota

    --without-ipv6

    CPPFLAGS='-I/usr/local/courier-authlib/include -I/usr/include/openssl'

    LDFLAGS='-L/usr/local/courier-authlib/lib/courier-authlib'

    COURIERAUTHCONFIG='/usr/local/courier-authlib/bin/courierauthconfig'

    注:CCPFLAGS中的-I/usr/local/courier-authlib/include必须在最前边,不能放到-I/usr/include/openssl后。

    #make

    #make install

    建立默认配置文件:

    #cp /usr/local/courier-imap/etc/imapd.dist /usr/local/courier-imap/etc/imapd

    #cp /usr/local/courier-imap/etc/imapd-ssl.dist /usr/local/courier-imap/etc/imapd-ssl

    #cp /usr/local/courier-imap/etc/pop3d.dist /usr/local/courier-imap/etc/pop3d

    #cp /usr/local/courier-imap/etc/pop3d-ssl.dist /usr/local/courier-imap/etc/pop3d-ssl

    实现IMAP服务:

    #vi /usr/local/courier-imap/etc/imapd

    =================================

    IMAPDSTART=YES

    =================================

    实现POP3服务:

    #vi /usr/local/courier-imap/etc/pop3d

    =================================

    POP3DSTART=YES

    =================================

    建立虚拟用户邮箱目录:

    #mkdir Cp /var/mailbox

    #chown CR postfix /var/mailbox

    建立开机启动项:

    #cp courier-imap.sysvinit /etc/rc.d/init.d/courier-imapd

    #chmod 755 /etc/rc.d/init.d/courier-imapd

    #chkconfig --add courier-imapd

    #chkconfig --level 2345 courier-imapd on

    启动courier-imapd服务:

    #service courier-imapd start

    12>重新配置smpt认证,使其支持使用courier-authlib从mysql调用用户验证信息:

    # vi /usr/local/lib/sasl2/smtpd.conf

    =========================================

    pwcheck_method: authdaemond

    mech_list:PLAIN LOGIN

    log_level: 3

    authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket

    =========================================

    13>安装extmail

    #tar xzvf extmail-1.0.2.tar.gz

    #mkdir /var/www/extsuite

    #mv extmail-1.0.2 /var/www/extsuite/extmail

    #cp /var/www/extsuite/extmail/webmail.cf.default /var/www/extsuite/extmail/webmail.cf

    #vi /var/www/extsuite/extmail/webmail.cf

    =============================

    SYS_USER_LANG = zh_CN

    SYS_MAILDIR_BASE = /var/mailbox

    SYS_MYSQL_USER = extmail

    SYS_MYSQL_PASS = extmail

    SYS_MYSQL_DB = extmail

    SYS_MYSQL_HOST = localhost

    SYS_MYSQL_SOCKET = /tmp/mysql.sock

    SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket

    =============================

    配置apache支持extmail:

    由于extmail要进行本地邮件的投递操作,故必须将运行apache服务器用户的身份修改为您的邮件投递代理的用户;本例中打开了apache服务器 的suexec功能,故使用以下方法来实现虚拟主机运行身份的指定。此例中的MDA为postfix自带,因此将指定为postfix用户:

    #vi /usr/local/apache2/conf/httpd.conf

    ===================================================================

    NameVirtualHost *:80

    ServerName mail.test.edu.cn

    DocumentRoot /var/www/extsuite/extmail/html/

    ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi

    Alias /extmail /var/www/extsuite/extmail/html

    #SuexecUserGroup postfix postfix

    ===================================================================

    修改apache对extmail_cgi的访问权限:

    #chown -R postfix.postfix /var/www/extsuite/extmail/cgi/

    去掉extmail的plugin插件(这些插件会在邮件打开时访问其它服务器,进而可能会产生不必要的流量,而且会严重影响速度):

    mv /var/www/extsuite/extmail/html/plugins/ /var/www/extsuite/extmail/html/plugins2/

    14>安装extmail运行时依赖的包

    extmail将会用到perl的DBD::Mysql和Unix::syslogd功能 。

    安装Unix::syslogd:

    #rpm -ivh perl-Unix-Syslog-0.100-1.2.el5.rf.i386.rpm

    Preparing... ########################################### [100%]

     1:perl-Unix-Syslog ########################################### [100%]

    解决安装DBD::Mysql依赖:

    DBD::Mysql会依赖于libmysqlclient.so.10,所以需要先安装以下包:

    #rpm -ivh libmysql10-3.23.52-1mdk.i586.rpm

    Preparing... ########################################### [100%]

     1:libmysql10 ########################################### [100%]

    安装DBD:Mysql:

    #tar xzvf DBD-mysql-3.0008.tar.gz

    #cd DBD-mysql

    #PATH=$PATH:/usr/local/mysql/bin/

    #export PATH

    #perl Makefile.PL

    #make

    #make install

    15>测试extmail及问题解决:

    http://127.0.0.1/ or http://mail.test.edu.cn/

    (1)如果正常显示extmail的登录页面,说明安装成功。现在还不能使用extmail实现登录,登录会出错,因为我们还没有建立extmail需要使用的mysql表。这些表结构将由下边将要安装的extman系统提供。

    (2)如果显示Internal Server Error,可能是Apache的suexec组件出错,可以通过查看apache的logs来发现问题:

    #less /usr/local/apache2/logs/suexec_log

    [2007-11-03 15:04:42]: uid: (506/postfix) gid: (506/506) cmd: index.cgi

    [2007-11-03 15:04:42]: command not in docroot (/var/www/extsuite/extmail/cgi/ind

    如果显示如上错误,则说明suexec的docroot配置错误。(参考apache 2.0 document)

    suexec要求docroot目录下的cgi文件才能使用suexec。

    可以使用以下命令查看suexec默认的docroot:

    #/usr/local/apache2/bin/suexec -V

     -D AP_DOC_ROOT="/usr/local/apache2/htdocs"

     -D AP_GID_MIN=100

     -D AP_HTTPD_USER="daemon"

     -D AP_LOG_EXEC="/usr/local/apache2/logs/suexec_log"

     -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"

     -D AP_UID_MIN=100

     -D AP_USERDIR_SUFFIX="public_html"

    说明当前docroot目录为/usr/local/apache2/htdocs。

    suexec必须在configure编辑时使用--with-suexec-docroot=DIR参数指定docroot目录,如果没有使用此参数,默认是 --datadir 值所指定的带有"/htdocs"的后缀的目录(即apache的默认首页存放目录),也就是上边命令显示的/usr/local/apache2/htdocs。

    解决方案:

    在安装apache时,通过--with-suexec-docroot=DIR参数将docroot目录指向cgi的根目录,此处应为/var/www。

    16>安装extman:

    #tar xzvf extman-0.2.2.tar.gz

    #mv extman-0.2.2 /var/www/extsuite/extman

    #vi /var/www/extsuite/extman/webman.cf

    ==========================================

    SYS_MAILDIR_BASE = /var/mailbox

    SYS_MYSQL_USER = extmail

    SYS_MYSQL_PASS = extmail

    SYS_MYSQL_DB = extmail

    SYS_MYSQL_HOST = localhost

    SYS_MYSQL_SOCKET = /tmp/mysql.sock

    ==========================================

    修改apache的cgi目录运行权限:

    #chown -R postfix.postfix /var/www/extsuite/extman/cgi/

    引入extmail数据库表结构:

    #cd /var/www/extsuite/extman/docs

    #mysql -uroot -p GRANT all privileges on extmail.* TO webman@localhost IDENTIFIED BY 'extmail';

    mysql> GRANT all privileges on extmail.* TO webman@127.0.0.1 IDENTIFIED BY 'extmail';

    复制postfix虚拟域/用户配置文件到/etc/postfix/:

    #cp mysql_virtual_* /etc/postfix/

    配置apache支持extman:

    #vi /usr/local/apache2/conf/httpd.conf

    ====================================================================

    NameVirtualHost *:80

    ServerName mail.test.edu.cn

    DocumentRoot /var/www/extsuite/extmail/html/

    ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi

    Alias /extmail /var/www/extsuite/extmail/html

    SuexecUserGroup postfix postfix

    ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi

    Alias /extman /var/www/extsuite/extman/html

    ====================================================================

    去掉extman的plugin插件(这些插件会在邮件打开时访问其它服务器,进而可能会产生不必要的流量,而且会严重影响速度):

    mv /var/www/extsuite/extman/html/plugins/ /var/www/extsuite/extman/html/plugins2/

    17>安装extman中用于显示校验码的插件perl-GD:

    #rpm -ivh perl-GD-2.35-1.el5.rf.i386.rpm

    Preparing... ########################################### [100%]

     1:perl-GD ########################################### [100%]

    修改extman登录时使用的校验码位数:

    #vi /var/www/extsuite/extman/webman.cf

    =========================