linux下安裝postfix郵件系統(二)

5.安裝postfix 2.2.3
如果你的系統上原來有sendmail，先將其停止并將其文件改名：
# /etc/init.d/sendmail stop
# chkconfig --level 0123456 sendmail off
# mv /usr/bin/newaliases /usr/bin/newaliases.orig
# mv /usr/bin/mailq /usr/bin/mailq.orig
# mv /usr/sbin/sendmail /usr/sbin/sendmail.orig

開始安裝
# groupadd -g 12345 postfix
# useradd -u 12345 -g 12345 -c postfix -d/dev/null -s/bin/false postfix
# groupadd -g 54321 postdrop
# wget ftp://postfix.cn99.com/postfix/official/postfix-2.2.3.tar.gz
# tar -zxvf postfix-2.2.3.tar.gz
# cd postfix-2.2.3
(Building Postfix with SASL authentication and mysql support)
# make -f Makefile.init makefiles \
'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH -I/usr/local/include/sasl' \
'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient -lz -lm -L/usr/local/lib -lsasl2'
# make install
如果/etc/aliases文件不存在，請用如下命令創建：
# echo postfix: root >> /etc/aliases
# /usr/bin/newaliases

注意：
    本例中Mysql安裝在/usr/lcoal/mysql，sasl2安裝在/usr/lib/sasl2。如果安裝路徑不同，請自行修改編譯時CCARGS和AUXLIBS選項。
    在執行make install的時候可能會得到如下的提示(如果沒有就不用管了)：
/usr/libexec/ld-elf.so.1: Shared object "libmysqlclient.so.12" not found
    這是因為mysql不是安裝在默認目錄中的，所以需要告訴postfix應該到哪里去找libmysqlclient.so.12，使用ldconfig就可以達到這個目的：
# echo /usr/local/mysql/lib/mysql >> /etc/ld.so.conf
# ldconfig

Go to top.

6.安裝postfixadmin 2.1.0
建立apache和maildrop的用戶和組
# groupadd vmail -g 1001
# useradd vmail -u 1001 -g 1001 -s/bin/false -d/dev/null

# vi /usr/local/apache/conf/httpd.conf
把
User nobody
Group #-1
改為
User vmail
Group vmail

# wget http://high5.net/postfixadmin/download.php?file=postfixadmin-2.1.0.tgz
# tar -zxvf postfixadmin-2.1.0.tgz
# mv postfixadmin-2.1.0 /var/www/postfixadmin
更改權限，假定運行apache的用戶和組為vmail
# chown -R vmail:vmail /var/www/postfixadmin
# cd /var/www/postfixadmin
# chmod 640 *.php *.css
# cd /var/www/postfixadmin/admin/
# chmod 640 *.php .ht*
# cd /var/www/postfixadmin/images/
# chmod 640 *.gif *.png
# cd /var/www/postfixadmin/languages/
# chmod 640 *.lang
# cd /var/www/postfixadmin/templates/
# chmod 640 *.tpl
# cd /var/www/postfixadmin/users/
# chmod 640 *.php

建立mysql表
# cd /var/www/postfixadmin
# mysql -u root [-p] < DATABASE_MYSQL.TXT
# cp config.inc.php.sample config.inc.php
# vi config.inc.php
本例中的配置如下：
// Language config
// Language files are located in './languages'.
$CONF['default_language'] = 'cn';
// Database Config
// 'database_type' is for future reference.
$CONF['database_type'] = 'mysql';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfixadmin';
$CONF['database_password'] = 'postfixadmin';
$CONF['database_name'] = 'postfix';
//$CONF['encrypt'] = 'md5crypt';
$CONF['encrypt'] = 'cleartext';
// Mailboxes
// If you want to store the mailboxes per domain set this to 'YES'.
// Example: /usr/local/virtual/domain.tld/username@domain.tld
$CONF['domain_path'] = 'YES';
// If you don't want to have the domain in your mailbox set this to 'NO'.
// Example: /usr/local/virtual/domain.tld/username
$CONF['domain_in_mailbox'] = 'NO';
// Quota
// When you want to enforce quota for your mailbox users set this to 'YES'.
$CONF['quota'] = 'YES';
// You can either use '1024000' or '1048576'
$CONF['quota_multiplier'] = '1024000';

我們在這里使用明文口令方式，如果想使用密文，請把$CONF['encrypt']='cleartext';改成$CONF['encrypt']='md5crypt';
郵箱的存儲格式使用domain.ltd/username的形式，所以設置：
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';

然后打開瀏覽器，進入postfixadmin的歡迎界面，點擊網頁上的setup，看看檢查是否通過，記得要刪除setup.php文件。然后進入http://www.yourdomain.com/postfixadmin/admin/index.php，就可以新建域名、管理員以及郵箱了。

Go to top.

# vi /etc/postfix/main.cf
#=====================BASE=========================
#主機名稱(用 FQDN 的方式來寫)
myhostname = www.test.com
#domain 名稱
mydomain = test.com
#郵件標頭上面的 mail from 的那個地址
myorigin = $mydomain
#可用來收件的主機名稱（這里沒有使用$mydomain是因為我們將使用virtualhost）
mydestination = $myhostname localhost localhost.$mydomain
#允許不使用smtp發信認證的網段
mynetworks = 127.0.0.0/8
inet_interfaces = all
#使用的郵箱格式
#home_mailbox = Maildir/
#mailbox_transport = maildrop

#=====================Vritual Mailbox settings=========================
# 指定用戶郵箱所在的根目錄
virtual_mailbox_base = /var/mailbox/
#指定postfix如何去檢索郵件用戶,這里是采用mysql (用戶郵箱的目錄)
virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf
#郵件賬號的uid, 使用apache的運行用戶
virtual_uid_maps = static:1001
virtual_gid_maps = static:1001
#virtual_uid_maps = mysql:/etc/postfix/mysql/mysql-virtual_uid_maps.cf
#virtual_gid_maps = mysql:/etc/postfix/mysql/mysql-virtual_gid_maps.cf
# use this for virtual delivery（如果沒有安裝maildrop，則此處為virtual）
#virtual_transport = virtual
#use this for maildrop-delivery （如果有maildrop，則此處為maildrop）
virtual_transport = maildrop
#Maildrop-Options for usage with maildrop
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1

#/var/mailbox/最后的"/"字符不能省略
#所有的MySQL查詢配置文件統一存放在/etc/postfix/mysql中

#====================QUOTA========================
#每封信的最大大小(10M),postfix的默認值是10M, 但這指的是郵件正文和編碼后附件的總和, 經過#base64編碼,附件的大小會增加35%左右, 因此這里設定可接受郵件的大小為14M
message_size_limit = 14336000
#郵箱的默認大小(10M)
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
#指定postfix如何獲得用戶的quota信息(每個用戶的郵箱大小)
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_limit_maps.cf
# 是否允許覆蓋默認郵箱的大小
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes

#====================SASL========================
broken_sasl_auth_clients = yes
#In order to allow mail relaying by authenticated clients
smtpd_recipient_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_invalid_hostname,
  reject_non_fqdn_hostname,
  reject_unknown_sender_domain,
  reject_non_fqdn_sender,
  reject_non_fqdn_recipient,
  reject_unknown_recipient_domain,
  reject_unauth_pipelining,
  reject_unauth_destination,
  permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner=$myhostname ESMTP "Version not Available"

Go to top.

建立/var/mailbox并設置權限
# mkdir /var/mailbox
# chown -R vmail:vmail /var/mailbox
# chmod -R ug+rwx,o-rwx /var/mailbox

建立/etc/postfix/mysql文件夾和MySQL查詢配置文件
# mkdir /etc/postfix/mysql
1、vi /etc/postfix/mysql/mysql_virtual_alias_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address

2、vi /etc/postfix/mysql/mysql_virtual_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = domain
select_field = description
where_field = domain
#additional_conditions = and backupmx = '0' and active = '1'

3、vi /etc/postfix/mysql/mysql_virtual_mailbox_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
#additional_conditions = and active = '1'

4、vi /etc/postfix/mysql/mysql_virtual_mailbox_limit_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = quota
where_field = username
#additional_conditions = and active = '1'

Go to top.

配置 /usr/local/lib/sasl2/smtpd.conf
# vi /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: plain login
sql_engine: mysql
sql_hostnames: localhost
sql_user: postfix
sql_passwd: postfix
sql_database: postfix
sql_select: SELECT password FROM mailbox WHERE username='%u@%r' and domain='%r' and active='1'

啟動postfix
# postfix start

測試smtp
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 www.test.com ESMTP "Version not Available"
ehlo www.test.com
250-www.test.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME

Go to top.

7.安裝Courier-authlib 0.55
新版本的imap不再包含authentication library，必須先安裝 Courier authentication library
# wget http://www.courier-mta.org/beta/courier-authlib/courier-authlib-0.55.20050407.tar.bz2
# tar -jxvf courier-authlib-0.55.20050407.tar.bz2
# cd courier-authlib-0.55.20050407
# ./configure \
--with-redhat \
--with-authmysql=yes \
--with-mailuser=vmail --with-mailgroup=vmail \
--with-mysql-libs=/usr/local/mysql/lib/mysql --with-mysql-includes=/usr/local/mysql/include/mysql/
# make
# make install
# make install-configure

# vi /usr/local/etc/authlib/authdaemonrc （確保只使用mysql認證模塊）
authmodulelist="authmysql"
authmodulelistorig="authmysql"

# vi /usr/local/etc/authlib/authmysqlrc
MYSQL_SERVER localhost
MYSQL_SOCKET /tmp/mysql.sock
MYSQL_DATABASE postfix
MYSQL_USERNAME postfix
MYSQL_PASSWORD postfix
MYSQL_USER_TABLE mailbox
MYSQL_LOGIN_FIELD username
#MYSQL_CRYPT_PWFIELD password
MYSQL_CLEAR_PWFIELD password
MYSQL_UID_FIELD '1001'
MYSQL_GID_FIELD '1001'
MYSQL_HOME_FIELD '/var/mailbox/'
MYSQL_MAILDIR_FIELD maildir
MYSQL_NAME_FIELD name
MYSQL_QUOTA_FIELD quota
MYSQL_WHERE_CLAUSE active='1'
DEFAULT_DOMAIN test.com
注意：確認在這個文件中不能用空格鍵，只能用tab鍵。
確認只使用單引號，比如：'/var/mailbox/','UID','GID'（本文為'1001'）
localhost不能用單引號
確認你的/etc/hosts文件中有localhost
編譯時如果支持Ipv6可能導致錯誤
MYSQL_GID_FIELD 和MYSQL_UID_FIELD是maildrop的UID和GID，而不是MySQL的。
如果想使用md5密碼，把MYSQL_CLEAR_PWFIELD password改成MYSQL_CRYPT_PWFIELD password

啟動服務
要是想讓imap開機就啟動服務：
# cp courier-authlib.sysvinit /etc/rc.d/init.d/courier-authlib
# chmod 755 /etc/rc.d/init.d/courier-authlib
# chkconfig --level 0123456 courier-authlib on
手動啟動服務：
# authdaemond start

測試courier-authlib
檢查進程：
# pstree |grep authdaemond
|-authdaemond.mys---5*[authdaemond.mys]

Go to top.

8.安裝Courier-imap 4.0.2
# wget http://www.courier-mta.org/beta/imap/courier-imap-4.0.2.20050403.tar.bz2
# tar -jxvf courier-imap-4.0.2.20050403.tar.bz2
# cd courier-imap-4.0.2.20050403
# ./configure \
--prefix=/usr/local/imap \
--with-redhat \
--disable-root-check \
--enable-unicode=utf-8,iso-8859-1,gb2312,gbk,gb18030 \
--with-trashquota \
--with-dirsync
# make
# make install-strip （先install-strip，如果失敗，再make install）
# make install-configure

# vi /usr/local/imap/etc/pop3d
將POP3DSTART=NO改為POP3DSTART=YES

# vi /usr/local/imap/etc/imapd
將IMAPDSTART=NO改為IMAPDSTART=YES

讓imap自啟動：
# cp courier-imap.sysvinit /etc/rc.d/init.d/courier-imap
# chmod 755 /etc/rc.d/init.d/courier-imap
# chkconfig --level 0123456 courier-imap on
手動啟動服務：
# /usr/local/imap/libexec/pop3d.rc start
# /usr/local/imap/libexec/imapd.rc start

測試courier-imap
檢查進程：
# pstree |grep courier
|-2*[courierlogger]
|-2*[couriertcpd]

檢查端口，應該有如下端口打開：
# netstat -an |grep LISTEN
tcp??0??0 0.0.0.0:110??0.0.0.0:*??LISTEN
tcp??0??0 0.0.0.0:143??0.0.0.0:*??LISTEN

檢測POP3和IMAP服務：
# telnet localhost 110
+OK Hello there
USER test@test.com
+OK Password required.
PASS test
+OK Logged in.
QUIT
+OK bye-bye

Go to top.

9.安裝Courier-maildrop 1.8.0
# groupadd vmail -g 1001
# useradd vmail -u 1001 -g 1001 -s/bin/false -d/dev/null
# wget http://jaist.dl.sourceforge.net/sourceforge/courier/maildrop-1.8.0.tar.bz2
# tar jxvf maildrop-1.8.0.tar.bz2
# cd maildrop-1.8.0
# ./configure \
--prefix=/usr/local/maildrop \
--enable-sendmail=/usr/sbin/sendmail \
--enable-trusted-users='root vmail' \
--enable-syslog=1 \
--enable-maildirquota \
--enable-maildrop-uid=1001 \
--enable-maildrop-gid=1001 \
--with-trashquota \
--with-dirsync
# make
# make install
# cp /usr/local/maildrop/bin/maildrop /usr/bin
# chmod a+rx /usr/bin/maildrop

運行maildrop -v應該有如下提示信息：
maildrop 1.8.0 Copyright 1998-2004 Double Precision, Inc.
GDBM extensions enabled.
Courier Authentication Library extension enabled.
Maildir quota extension enabled.
This program is distributed under the terms of the GNU General Public
License. See COPYING for additional information.

新建/etc/maildroprc文件
# vi /etc/maildroprc
logfile "/var/mailbox/maildrop.log"
to "$HOME$DEFAULT"

# chmod a+r /etc/maildroprc

配置Postfix
# vi /etc/postfix/main.cf
virtual_transport = maildrop
maildrop_destination_recipient_limit = 1

# vi /etc/postfix/master.cf
maildrop unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/local/maildrop/bin/maildrop -w 90 -d $

由于maildrop沒有建立及刪除maildir的功能，因此由腳本實現（是否有什么安全隱患？）
# vi /etc/sudoers
vmail ALL = NOPASSWD: /usr/sbin/maildirmake.sh , /usr/sbin/maildirdel.sh

新建/usr/sbin/maildirmake.sh文件
# vi /usr/sbin/maildirmake.sh
#!/bin/bash
set -e
if [ ! -f /var/mailbox/ ]
then
mkdir /var/mailbox/
fi
chown -R vmail:vmail /var/mailbox/
cd "/var/mailbox/"
/usr/local/imap/bin/maildirmake
chown -R 1001:12345 /var/mailbox//
chmod -R g=s /var/mailbox//

新建/usr/sbin/maildirdel.sh文件
# vi /usr/sbin/maildirmake.sh
#!/bin/bash
rm -rf /var/mailbox//

# chmod 755 /usr/sbin/maildirmake.sh
# chmod 755 /usr/sbin/maildirdel.sh

更改postfixadmin目錄及postfixadmin/admin目錄下的create-mailbox.php文件
在這兩個文件的$tQuota = $CONF['maxquota'];行后加一行：
# vi /var/www/postfixadmin/admin/create-mailbox.php (vi /var/www/postfixadmin/create-mailbox.php)
system("sudo /usr/sbin/maildirmake.sh $fDomain ".$_POST['fUsername']);

更改postfixadmin目錄及postfixadmin/admin目錄下的delete.php文件
在這兩個文件的$result = db_query ("SELECT * FROM mailbox WHERE username='$fDelete' AND domain='$fDomain'");行后加幾行：
# vi /var/www/postfixadmin/admin/delete.php (vi /var/www/postfixadmin/delete.php)
$userarray=explode("@",$fDelete);
$user=$userarray[0];
$domain=$userarray[1];
system("sudo /usr/sbin/maildirdel.sh $domain $user");

說明：
建立的郵箱格式：/var/vmail/domain.tld/username
uid 1001 是vmail的用戶id，也是目錄/var/vmail的owner
gid 12345 是postfix的組id

在postfixadmin中建立一測試帳戶test@test.com
測試maildrop
# maildrop -V 9 -d test@test.com
maildrop: authlib: groupid=1001
maildrop: authlib: userid=1001
maildrop: authlib: logname=test@test.com, home=/var/mailbox/, mail=test.com/test/
maildrop: Changing to /var/mailbox/
ctrl+c退出

下一步，查看日志(/var/log/maillog)看看postfix是不是和maildrop一起工作：
# cat /var/log/maillog | grep maildrop -A 2
Feb 28 11:50:41 malochia postfix/qmgr[7345]: 2875B7823E62: from=<remote@user.nl>, size=3308, nrcpt=1 (queue active)
Feb 28 17:18:05 malochia postfix/pipe[11615]: 04DD57822697: to=<user@domain.tld>, relay=maildrop, delay=0, status=sent (domain.tld)

如果沒有，看看是不是由于配置不正確，而使郵件在隊列中
# Mailq

配置quotas
新建文件/usr/local/maildrop/etc/quotawarnmsg
# vi /usr/local/maildrop/etc/quotawarnmsg
From: 管理員 test.com <postmaster@test.com>
Reply-To: postmaster@test.com
To: Valued Customer:;
Subject: 警告！您的郵箱空間即將用完！
Mime-Version: 1.0
Content-Type: text/plain; charset=gb2312
Content-Transfer-Encoding: 8bit

親愛的用戶，您的郵箱空間已用了90％。如果還想繼續收到郵件的話，請刪除一些郵件。

設置quotas
Postfixadmin的數據庫的maildrop表的quota字段是int類型的，在maildrop下不能工作，不過我們可以修改 /usr/local/etc/authlib/authmysqlrc文件，把其中的MYSQL_QUOTA_FIELD quota一行改為MYSQL_QUOTA_FIELD concat(quota,'S') ，如果你想限制郵件的數量，也可以改成MYSQL_QUOTA_FIELD concat(quota,'C')。
如果我們把一個用戶的郵箱設為10M，我們可以把quota的值改為“10000000S”。也可以用“C”，“1000C”的意思是只能存放1000條郵件。


給test@test.com發一封信，但是不用包含附件。然后：
# cd /var/mailbox/test.com/test
# cat maildirsize
1000000S
1622 1

maildirsize這個文件存儲了郵箱配額的信息，而且courier-imap也用這個文件。
舉個例子說明一下該文件，我的一個maildirsize文件的內容如下：
# cat maildirsize
5000000S
42898 9
3403 1
1622 1
2371 1

說明這個郵箱的容量是5M（如果你把quota字段的值刪除，maildrop會自動給它一個值，但是不要把它的值設置成null），現在郵箱里有四封信。
假設該用戶用掉了5M中的3M，只剩2M了，如果來了一封大于2M的郵件，將會被退回，如果是1.7M的郵件，maildrop會收下該郵件，更新maildirsize文件，重新計算quota，得知該用戶使用了90％（/etc/postfix/master.cf中的-w 90）以上的配額，maildrop會拷貝/usr/local/maildrop/etc/quotawarnmsg文件到該用戶的郵箱中警告該用戶。

Go to top.