在DEBIAN 下安装POSTFIX 邮件系统

 

软件简介:

所需软件 软件作用
debian 提供稳定的操作
postfix MTA邮件系统传输代理
MySQL 后台数据库
Cyrus-SASL2 发信认证
Courier-IMAP 提供POP3/IMAP服务
maildrop MDA 邮件投递代理
Extman 后台用户管理

日期:2009-06-08

本文作者:keminar

本次文章的配置文件:mail.tar

参考:原文作者:冯勇 fengyongchuang # yahoo.com.cn (≠&键盘人生$:71633908)

本文假设apache2+mysql5+php5已经安装成功。

提示:安装postfix时会自动添加postfix账号和postfix,postdrop组,如果系统添加的uid和gid与本文不一致,将本文中的替换为你系统中的对应值,切不可修改/etc/passwd 和/etc/group/文件与本文相应,那样会有 fatal: fifo_listen: remove public/pickup: Permission denied的错误

1.配置MX记录

添加A记录 mail.example.com 到 服务器的IP地址
添加MX记录 example.com 到 mail.example.com
host -t mx example.com
example.com mail is handled by 10 mail.example.com. ← 确认MX记录生效
如果只是用测试域名没有DNS管理,可以在hosts加入A地址即可(需要在main.cf设置ignore_mx_lookup_error = yes)
如果是发送到本机的邮件不设置解析也可以

可以参考图解:http://bbs.linuxphp.org/thread-479-1-1.html

2、下载extman

到www.extmail.org 下载extman-1.0.0.tar.gz ,通过FTP 上传到服务器,并解压

tar zxvf extman-1.0.0.tar.gz

初始化mysql数据库(uidnumber,gidnumber的数值参考实际系统的postfix用户的ID值)

cd extman-1.0.0/docs 
mysql -uroot <extmail.sql  
mysql -uroot <init.sql 
mysql -uroot -p
use extmail
update mailbox set username='postmaster@example.com',maildir='example.com/postmaster/Maildir/',homedir='example.com/postmaster';
update mailbox set uidnumber=105,gidnumber=106;

3、安装postfix

先卸载exim4

apt-get remove --purge exim4 exim4-base exim4-config

apt-get install postfix postfix-mysql postfix-tls postfix-doc

在弹出的对话框中选择Internet site。

A、将extman目录下所有 mysql_virtul_*.cf 复制到/etc/postfix 目录下。

mail:~#cd /opt/extman-1.0.0/docs

注意,这里我的存放位置是/opt ,不要照搬了。

cp mysql_virtual_*.cf /etc/postfix/
chmod o= /etc/postfix/mysql_virtual_*.cf
chgrp postfix /etc/postfix/mysql_virtual_*.cf

B、配置 /etc/postfix/main.cf,如果你的main.cf 已存先改名再重新编辑一个,加入下面的内容。

# See /usr/share/postfix/main.cf.dist for a commented, more complete version
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
 
# appending .domain is the MUA's job.
append_dot_mydomain = no
 
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

#本机机器名
myhostname = mail.example.com 
#本机域名
mydomain = example.com
myorigin = $mydomain
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
#收信域名,一定要有$mydomain不然不能使用user@example.com收信
mydestination =$mydomain, $myhostname, localhost 
relayhost =
#信任的,无须SMTP认证的地址范围
mynetworks = 127.0.0.0/8 
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
#邮件的存储方式,一定要有此设置
home_mailbox = Maildir

append_dot_mydomain = no
append_at_myorigin = no

smtpd_helo_required = yes

ignore_mx_lookup_error = yes
message_size_limit = 31457280

# virtual config
#本地邮件的投递方式,也可以使用maildrop
local_transport = virtual
#虚拟用户的投递方式,也可以使用maildrop
virtual_transport = virtual 
virtual_alias_domains =
virtual_alias_maps =
    proxy:mysql:/etc/postfix/mysql_virtual_sender_maps.cf,
    proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
#邮件存储的根目录
virtual_mailbox_base = /home/data/domains
#虚拟用户的ID,(数值参考实际系统的postfix用户的ID值)
virtual_uid_maps = static:105
virtual_gid_maps = static:106
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $smtpd_sender_login_maps $recipient_canonical_maps $relocated_maps transport_maps $mynetworks


# smtpd auth config
 
smtpd_sasl_security_options = noanonymous
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
#不投递本地系统帐号邮件 
local_recipient_maps = $alias_maps $virtual_mailbox_maps 
 
smtpd_sender_login_maps =
    proxy:mysql:/etc/postfix/mysql_virtual_sender_maps.cf,
    proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
 
smtpd_reject_unlisted_sender = yes
 
smtpd_recipient_restrictions =
    permit_mynetworks,
    reject_sender_login_mismatch,
    permit_sasl_authenticated,
    reject_unknown_sender_domain,
    reject_non_fqdn_hostname,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_recipient_domain,
    reject_unauth_destination,
    reject_unauth_pipelining,
    reject_invalid_hostname,
    check_recipient_maps

将 /etc/postfix/目录下面以mysql_virtul_*.cf 开头的文件,将里面的hosts=localhost 改为hosts=127.0.0.1 ,否则postfix 连接mysql 会出现问题 。

cd /etc/postfix/
find ./ -name 'mysql_virtual_*' -exec sed --in-place 's/localhost/127.0.0.1/g' {} \;

 

4、安装courier-imap

注意安装时,会提示你是否创建一个目录来放这些配置文件,要选择 YES 否则可能你的文件位置与下面配置的不一样。

mail:~# apt-get install courier-authdaemon courier-authlib-mysql courier-base courier-imap courier-pop courier-pop-ssl courier-imap-ssl

A、配置courier-authdaemon ,autdaemon 是邮件系统认证的主要软件,很多人无法通过SMTPD认证多数问题在这里。

将/etc/courier/authdaemonrc 改名为 /etc/courier/authdaemonrc.bak

authmodulelist="authmysql"
authmodulelistorig="authmysql"
version="authdaemond.mysql"
daemons=5
authdaemover=/var/run/courier/authdaemon
subsystem=mail
DEBUG_LOGIN=2
DEFAULTOPTIONS="wbnodsn=1"

将/etc/courier/authmysqlrc 改名为 authmysqlrc.bak ,创建/etc/courier/authmysqlrc 输入下面的内容。

MYSQL_SERVER            127.0.0.1
MYSQL_USERNAME          extmail
MYSQL_PASSWORD          extmail
MYSQL_PORT              3306
MYSQL_OPT               0
MYSQL_DATABASE          extmail
MYSQL_USER_TABLE        mailbox
MYSQL_CRYPT_PWFIELD     password
DEFAULT_DOMAIN          domain
MYSQL_UID_FIELD         uidnumber
MYSQL_GID_FIELD         gidnumber
MYSQL_LOGIN_FIELD       username
MYSQL_HOME_FIELD        homedir
MYSQL_NAME_FIELD        name
MYSQL_MAILDIR_FIELD     maildir
MYSQL_QUOTA_FIELD       quota
MYSQL_SELECT_CLAUSE     SELECT username,password,domain,                \
                        uidnumber,gidnumber,                            \
                        CONCAT('/home/data/domains/',homedir),          \
                        CONCAT('/home/data/domains/',maildir),          \
                        quota,                                          \
                        name                                            \
                        FROM mailbox                                    \
                        WHERE username = '$(local_part)@$(domain)'      \
                        AND active = 1

修改authdaemond 的权限,让其它程序有权限访问他,重启authdaemond

chmod -R +x /var/run/courier/authdaemon

B、创建测试用户的目录

mail:/etc/postfix# id postfix
uid=105(postfix) gid=106(postfix) groups=106(postfix)

mail:/etc/courier# mkdir -p /home/data/domains/example.com/postmaster
mail:/etc/courier# /usr/bin/maildirmake /home/data/domains/example.com/postmaster/Maildir      
mail:/etc/courier# chown -R 105:106 /home/data/domains/

5、安装cyrus-sasl2


mail:~# apt-get install libsasl2-2 libsasl2-modules libsasl2-modules-sql

创建/etc/postfix/sasl/smtpd.conf 加入下面的内容。

pwcheck_method:authdaemond
log_level:3
mech_list:PLAIN LOGIN
allow_plaintext: true
authdaemond_path:/var/run/courier/authdaemon/socket

6.注意:在进行smtpd 认证测试时,maillog 提示找不到文件通常是下面的问题 :1、权限 2、chroot 。

出错邮件日志:

May 20 17:35:26 mail postfix/smtpd[1229]: warning: SASL authentication failure: cannot connect to Courier authdaemond: No such file or directory

解决方法(另外还要注意smtpd.conf文件中的空格!)

解决方法有如下两种,
1.对于postfix不做任何修改
创建目录

mkdir -p /var/spool/postfix/var/run/courier/authdaemon

修改 /etc/init.d/courier-authdaemon 文件

#在$daemonscript start后面加入
sleep 1
ln -f /var/run/courier/authdaemon/socket /var/spool/postfix/var/run/courier/authdaemon/socket
#在$daemonscript stop前面加入
rm /var/spool/postfix/var/run/courier/authdaemon/socket
	

2.第二种就是修改postfix中master.cf文件的如下行:
smtp inet n - - - - smtpd


smtp inet n - n - - smtpd


这样smtpd程序就不是运行在chroot状态,那么postfix的smtpd程序就可以通过smtpd.conf中的
authdaemond_path参数找到authdaemon的socket文件。不过也要注意权限问题,要不然就会出现connection refused的错误。

第二种方法相对于第一种方法来说,比较容易,但是增大了安全隐患。管理员可自行选择使用哪种方式。

7.重启使配置生效

重启postfix

/etc/init.d/postfix restart

然后重启 Courier Server:

/etc/init.d/courier-authdaemon restart (首次运行/etc/init.d/courier-authdaemon start)
/etc/init.d/courier-imap restart
/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop restart
/etc/init.d/courier-pop-ssl restart

8、测试系统

先验证用户密码 ,默认的用户名是 postmaster@example.com 密码 extmail

authtest -s login postmaster@example.com extmail

如果成功 显示 Authentication succeeded.

打开一个窗口,输入 tail -f /var/log/mail.log

将测试的用户名和密码进行base64 编码

%perl -MMIME::Base64 -e 'print encode_base64("postmaster\@example.com");'                   
cG9zdG1hc3RlckBleGFtcGxlLmNvbQ==
%perl -MMIME::Base64 -e 'print encode_base64("example");'      
ZXh0bWFpbA==

测试smtpd 发邮件

mail:/etc/postfix# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 example.com ESMTP Mail System
ehlo test
250-mail.example.com
250-PIPELINING
250-SIZE 14680064
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
auth login
334 VXNlcm5hbWU6
cG9zdG1hc3RlckBleGFtcGxlLmNvbQ==
334 UGFzc3dvcmQ6
ZXh0bWFpbA==
235 Authentication successful
mail from:<test@test.com>
250 Ok
rcpt to:<test@example.com>
250 Ok
data
354 End data with .
test
.
250 Ok: queued as C2FF131B85
quit
221 Bye
Connection closed by foreign host.

mail.log 应该有如下记录

May 20 19:37:32 mail postfix/smtpd[1763]: connect from localhost[127.0.0.1]
May 20 19:37:40 mail postfix/smtpd[1763]: disconnect from localhost[127.0.0.1]
May 20 19:37:43 mail postfix/smtpd[1763]: connect from localhost[127.0.0.1]
May 20 19:38:24 mail authdaemond.mysql: received auth request, service=smtp, authtype=login
May 20 19:38:24 mail authdaemond.mysql: authmysql: trying this module
May 20 19:38:24 mail authdaemond.mysql: SQL query: SELECT username,password,"",uidnumber,gidnumber,CONCAT('/home/data/domains/',homedir),CONCAT('/home/data/domains/',maildir),quota,name FROM mailbox WHERE username = 'test@example.com'
May 20 19:38:24 mail authdaemond.mysql: password matches successfully
May 20 19:38:24 mail authdaemond.mysql: authmysql: sysusername=null, sysuserid=105, sysgroupid=106, homedir=/home/data/domains/example.com/test, address=test@example.com, fullname=Test user, maildir=/home/data/domains/example.com/test/Maildir/, quota=5242880, options=
May 20 19:38:24 mail authdaemond.mysql: authmysql: clearpasswd=null>, passwd=uywiuN.XggXXc
May 20 19:38:24 mail authdaemond.mysql: authmysql: ACCEPT, username test@example.com
May 20 19:38:47 mail postfix/smtpd[1763]: C2FF131B85: client=localhost[127.0.0.1], sasl_method=login, sasl_username=test@example.com
May 20 19:38:52 mail postfix/cleanup[1770]: C2FF131B85: message-id=20060520113836.C2FF131B85@mail.example.com
May 20 19:38:52 mail postfix/qmgr[1699]: C2FF131B85: from=test@test.com, size=328, nrcpt=1 (queue active)
May 20 19:38:52 mail postfix/virtual[1772]: C2FF131B85: to=test@example.com, relay=virtual, delay=16, status=sent (delivered to maildir)
May 20 19:38:52 mail postfix/qmgr[1699]: C2FF131B85: removed
May 20 19:38:55 mail postfix/smtpd[1763]: disconnect from localhost[127.0.0.1]

测试pop3 收邮件

mail:/etc/postfix# telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK Hello there.
user test@example.com
+OK Password required.
pass test
+OK logged in.
list
+OK POP3 clients that break here, they violate STD53.
1 539
2 423
.
retr 2
+OK 423 octets follow.
Return-Path: test@test.com
X-Original-To: test@example.com
Delivered-To: test@example.com
Received: from test (localhost [127.0.0.1])
        by mail.example.com (Postfix) with ESMTP id C2FF131B85
        for test@example.com; Sat, 20 May 2006 19:38:36 +0800 (CST)
Message-Id: 20060520113836.C2FF131B85@mail.example.com
Date: Sat, 20 May 2006 19:38:36 +0800 (CST)
From: test@test.com
To: undisclosed-recipients:;

test
.
quit
+OK Bye-bye.
Connection closed by foreign host.

所产生的mail.log

如果你的pop3 信息没有我这里详细,请检查/etc/courier/pop3d 里面有没有打开 DEBUG_LOGIN=2

May 20 19:43:19 mail courierpop3login: Connection, ip=[::ffff:127.0.0.1]
May 20 19:43:28 mail courierpop3login: LOGIN: DEBUG: ip=[::ffff:127.0.0.1], command=USER
May 20 19:43:32 mail courierpop3login: LOGIN: DEBUG: ip=[::ffff:127.0.0.1], command=PASS
May 20 19:43:32 mail courierpop3login: LOGIN: DEBUG: ip=[::ffff:127.0.0.1], username=test@example.com
May 20 19:43:32 mail courierpop3login: LOGIN: DEBUG: ip=[::ffff:127.0.0.1], password=test
May 20 19:43:32 mail courierpop3login: authdaemon: starting client module
May 20 19:43:32 mail authdaemond.mysql: received auth request, service=pop3, authtype=login
May 20 19:43:32 mail authdaemond.mysql: authmysql: trying this module
May 20 19:43:32 mail authdaemond.mysql: SQL query: SELECT username,password,"",uidnumber,gidnumber,CONCAT('/home/data/domains/',homedir),CONCAT('/home/data/domains/',maildir),quota,name FROM mailbox WHERE username = 'test@example.com'
May 20 19:43:32 mail authdaemond.mysql: password matches successfully
May 20 19:43:32 mail authdaemond.mysql: authmysql: sysusername=null>, sysuserid=105, sysgroupid=106, homedir=/home/data/domains/example.com/test, address=test@example.com, fullname=Test user, maildir=/home/data/domains/example.com/test/Maildir/, quota=5242880, options=null>
May 20 19:43:32 mail authdaemond.mysql: authmysql: clearpasswd=null>, passwd=uywiuN.XggXXc
May 20 19:43:32 mail authdaemond.mysql: authmysql: ACCEPT, username test@example.com
May 20 19:43:32 mail courierpop3login: authdaemon: ACCEPT, username test@example.com
May 20 19:43:32 mail courierpop3login: LOGIN, user=test@example.com, ip=[::ffff:127.0.0.1]
May 20 19:43:46 mail courierpop3login: LOGOUT, user=test@example.com, ip=[::ffff:127.0.0.1], top=0, retr=411, time=14

如果日志里出现:

如果出现 "Permission denied",请检查目录的权限,及extmail 数据库中mailbox 表中的uidnumber/gidnumber 是否和目录的权限一致。

如果错误
-ERR chdir /home/data/domains/jiehun5.com/postmaster/Maildir/ failed
解决方法
update mailbox set uidnumber=105,gidnumber=106;

至此,一个支持虚似域的邮件系统已配置完成。

补充

为 Courier Server 重新生成 SSL 证书

如果你觉得默认的 Courier Server 的 SSL 证书不适合你,你可以为自己重新生成一份。例如你可以修改 /etc/courier/imapd.cnf 为以下内容:

RANDFILE = /usr/lib/courier/imapd.rand
 
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
 
[ req_dn ]
C=CN
ST=ShanDong
L=Jinan
O=Uiversity of Jinan
OU=Network Center
CN=email.ujn.edu.cn
emailAddress=webmaster@ujn.cn
 
 
[ cert_type ]
nsCertType = server

然后删除 /etc/courier/imapd.pem,再执行 /usr/lib/courier/mkimapdcert,即可生成新的证书。

rm /etc/courier/imapd.pem
/usr/lib/courier/mkimapdcert

同样方法可以生成新的 pop3d.pem,只不过要执行的是:/usr/lib/courier/mkpop3dcert。

生成以后可重启这两个服务:

/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop-ssl restart

 

参考

http://www.yiyou.org/docs/debian_postfix_01/

http://www.coolcode.cn/?action=show&id=235&page=1

http://www.centospub.com/make/postfix_smtp.html

http://sery.blog.51cto.com/10037/45500

http://coolerfeng.blog.51cto.com/133059/46073

http://publish.it168.com/2006/0221/20060221219401.shtml

http://blog.chinaunix.net/u2/88527/showart_1721721.html

http://zhangbo.blog.51cto.com/350645/123098

http://blog.chinaunix.net/u2/73230/showart_1412112.html

http://www.oklinux.cn/html/network/ser/20070325/9555.html

 

讨论

http://bbs.linuxphp.org/thread-478-1-1.html

http://bbs.linuxphp.org/forum-33-1.html