centos 5.6下部署postfix

POSTFIX
需求：使用postfix、cyrus-sasl、courier-authlib、dovecot、mysql、openssl、bind、apache、mailscanner、spamassassin、f-prot构建电子邮件系统
一．构建DNS服务器，用于解析MX记录
1． 安装BIND、BIND-CHROOT、CACHING-NAMESERVER

yum -y install bind-9.3.6-16.P1.el5.i386.rpm yum -y install bind-chroot-9.3.6-16.P1.el5.i386.rpm yum -y install caching-nameserver-9.3.6-16.P1.el5.i386.rpm

2． 配置BIND
2.1配置BIND服务的主配置文件named.conf

cd /var/named/chroot/etc cp -p named.caching-nameserver.conf named.conf vim named.conf //修改如下配置

options { listen-on port 53 { 172.16.1.1; }; allow-query { any; }; allow-query-cache { any; }; }; view extmail.org_resolver { match-clients { any; }; match-destinations { any; }; include "/etc/named.zones"; };

2.2配置区域主配置文件named.zones

cp -p named.rfc1912.zones named.zones vim named.zones //删除原有内容，输入如下

zone "extmail.org" IN { type master; file "extmail.org.zone"; allow-update {none;}; }; zone "1.16.172.in-addr.arpa" IN { type master; file "1.16.172.local"; allow-update {none;}; };

2.3建立并修改区域解析配置文件extmail.org.zone和1.16.172.local

cd /var/named/chroot/var/named/ cp -p named.zero extmail.org.zone cp -p named.local 1.16.172.local vim extmail.org.zone

$TTL 86400 @ IN SOA centos.extmail.org. root.extmail.org. ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS centos.extmail.org. centos IN A 172.16.1.1 pop3 IN CNAME centos.extmail.org. smtp IN CNAME centos.extmail.org. mail IN CNAME centos.extmail.org. @ IN MX 1 centos.extmail.org.

vim 1.16.172.local

$TTL 86400 @ IN SOA centos.extmail.org. root.extmail.org. ( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS centos.extmail.org. 1 IN PTR centos.extmail.org.

2.4配置BIND系统自动加载

chkconfig --level 3 named on

2.5配置服务器DNS IP地址，HOSTS解析文件

vim /etc/hosts

127.0.0.1 centos localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 172.16.1.1 centos.extmail.org

vim /etc/resolv.conf

nameserver 172.16.1.1

2.6重启network服务和named服务

service network restart service named restart

二．安装OPENSSL、CYRUS-SASL、MYSQL

mkdir /mnt/cdrom mount /dev/cdrom /mnt/cdrom cd /mnt/cdrom/Centos yum -y install openssl-* yum -y install cyrus-sasl-* yum -y install mysql-*

三．安装POSTFIX
1． 解压postfix源码、VDA－NG（虚拟用户邮箱配额）补丁

tar zxf postfix-2.4.6.tar.gz -C ~ gunzip postfix-2.4.6-vda-ng.patch.gz

2． 合并VDA-NG补丁至postfix源码

cd postfix-2.4.6 patch -p1 < ../postfix-2.4.6-vda-ng.patch

3． 编译安装POSTFIX源码

yum -y install db4-* yum -y install gcc-* groupadd -g 1000 postfix groupadd -g 1200 postdrop useradd -M -s /sbin/nologin –u 1000 -g postfix -G postdrop postfix cd postfix-2.4.6 make makefiles 'CCARGS=-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DHAS_MYSQL -I/usr/include/mysql -DUSE_TLS -I/usr/include/openssl' 'AUXLIBS=-L/usr/lib/sasl2 -lsasl2 -L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib/openssl/engines -lssl -lcrypto' make && make install

四．配置MYSQL
1．修改MYSQL管理密码

service mysqld restart mysqladmin -u root password 123qwe!

2． 解压EXTMAN管理组件

tar zxf extman-0.2.5.tar.gz -C ~

3． 调用extmail.sql和init.sql初始化mysql数据库

cd /root/extman-0.2.5/docs mysql -u root -p < extmail.sql mysql -u root -p < init.sql

五．配置Courier-Authlib发信认证库
1. 解压Courier-Authlib

tar jxf courier-authlib-0.60.2.tar.bz2 -C ~

2. 编译安装Courier-Authlib

cd /root/courier-authlib-0.60.2 ./configure --prefix=/usr/local/courier-authlib --without-stdheaderdir --with-authmysql --with-mysql-libs=/usr/lib/mysql --with-mysql-includes=/usr/include/mysql make && make install && make install-configure

3. 配置Courier-Authlib

cd /usr/local/courier-authlib/etc/authlib vim authdaemonrc

authmodulelist="authmysql" authmodulelistorig="authmysql"

vim authmysqlrc

MYSQL_SERVER localhost MYSQL_USERNAME extmail MYSQL_PASSWORD extmail MYSQL_SOCKET /var/lib/mysql/mysql.sock MYSQL_PORT 3306 MYSQL_DATABASE extmail MYSQL_USER_TABLE mailbox MYSQL_CRYPT_PWFIELD password DEFAULT_DOMAIN extmail.org MYSQL_UID_FIELD uidnumber MYSQL_GID_FIELD gidnumber MYSQL_LOGIN_FIELD username MYSQL_HOME_FIELD concat('/mailbox/',homedir) MYSQL_NAME_FIELD name MYSQL_MAILDIR_FIELD concat('/mailbox/',maildir)

cp /root/courier-authlib-0.60.2/courier-authlib.sysvinit /etc/init.d/courier-authlib chmod 755 /etc/init.d/courier-authlib service courier-authlib restart cd /usr/lib/sasl2/ cp Sendmail.conf smtpd.conf vim smtpd.conf

pwcheck_method:authdaemond authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket mech_list:plain

service saslauthd restart

六．配置DOVECOT
1.安装pam-devel模块

yum -y install pam-devel-*

2.建立dovecot账户

useradd -M -s /sbin/nologin dovecot

3.解压dovecot源码

tar zxf dovecot-1.1.4.tar.gz -C ~

4. 配置安装dovecot

cd /root/dovecot-1.1.4 ./configure --sysconfdir=/etc --with-mysql make && make install cd /etc cp dovecot-example.conf dovecot.conf cp dovecot-sql-example.conf dovecot-sql.conf vim dovecot.conf

protocols = pop3 imap disable_plaintext_auth = no ssl_disable = yes mail_location = maildir:/mailbox/%d/%n/Maildir # passdb pam { //注销 #}//注销 passdb sql { args =/etc/dovecot-sql.conf } # userdb passwd {//注销 #}//注销 userdb sql { args =/etc/dovecot-sql.conf }

vim dovecot-sql.conf

driver = mysql connect = host=localhost dbname=extmail user=extmail password=extmail default_pass_scheme = CRYPT password_query=select username as user,password as password from mailbox where username='%u' and active=1 user_query=select uidnumber as uid, gidnumber as gid, concat(‘/mailbox/’,homedir) as home from mailbox where username='%u'

pkill -9 dovecot dovecot

七．配置POSTFIX
1. 修改POSTFIX服务配置文件main.cf

cd /etc/postfix vim main.cf

soft_bounce = yes myhostname=centos.extmail.org mydomain=extmail.org myorigin=$mydomain inet_interfaces=127.0.0.1, 172.16.1.1 mynetworks_style = subnet mynetworks = 172.16.1.0/24, 127.0.0.0/8 #mydestination= //注释掉本地用户的收件人查询 mail_spool_directory = /var/spool/mail smtpd_error_sleep_time=60s smtpd_soft_error_limit=5 smtpd_hard_error_limit=10 queue_run_delay=120s maximal_queue_lifetime=3600s bounce_size_limit=5120000 smtpd_sasl_auth_enable=yes smtpd_sasl_authenticated_header=yes smtpd_sasl_local_domain=$mydomain smtpd_sasl_path=smtpd smtpd_sasl_security_options=noanonymous smtpd_recipient_restrictions=permit_mynetworks,reject_unauth_destination,permit_sasl_authenticated virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:1000 virtual_mailbox_base = /mailbox virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 512000000 virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_uid_maps = static:1000

cp /root/extman-0.2.5/docs/mysql_virtual_* /etc/postfix/ service sendmail stop chkconfig --level 123456 sendmail off postfix start mkdir -p /mailbox/extmail.org/postmaster/Maildir chown -R postfix:postfix /mailbox

八．安装EXTMAIL
1. 安装APACHE

yum -y install httpd-*

2. 解压EXTMAIL

tar zxf extmail-1.0.5.tar.gz -C /var/www/html/ cd /var/www/html mv extmail-1.0.5 extmail

3. 配置EXTMAIL

Cd /var/www/html/extmail cp webmail.cf.default webmail.cf vim webmail.cf

SYS_CONFIG = /var/www/html/extmail/ SYS_LANGDIR = /var/www/html/extmail/lang SYS_TEMPLDIR = /var/www/html/extmail/html SYS_MAILDIR_BASE = /mailbox SYS_CRYPT_TYPE = crypt SYS_MYSQL_USER = extmail SYS_MYSQL_PASS = extmail SYS_MYSQL_DB = extmail SYS_MYSQL_HOST = localhost SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock SYS_MYSQL_TABLE = mailbox SYS_MYSQL_ATTR_USERNAME = username SYS_MYSQL_ATTR_DOMAIN = domain SYS_MYSQL_ATTR_PASSWD = password SYS_MYSQL_ATTR_CLEARPW = clearpwd SYS_MYSQL_ATTR_QUOTA = quota SYS_MYSQL_ATTR_NDQUOTA = netdiskquota SYS_MYSQL_ATTR_HOME = homedir SYS_MYSQL_ATTR_MAILDIR = maildir SYS_MYSQL_ATTR_DISABLEWEBMAIL = disablewebmail SYS_MYSQL_ATTR_DISABLENETDISK = disablenetdisk SYS_MYSQL_ATTR_DISABLEPWDCHANGE = disablepwdchange SYS_MYSQL_ATTR_ACTIVE = active SYS_MYSQL_ATTR_PWD_QUESTION = question SYS_MYSQL_ATTR_PWD_ANSWER = answer

tar zxf Unix-Syslog-1.1.tar.gz -C ~ cd /root/Unix-Syslog-1.1 perl Makefile.PL make make install vim /etc/httpd/conf/httpd.conf

ServerName centos.extmail.org:80 <VirtualHost 172.16.1.1:80> ServerAdmin postmaster@extmail.org DocumentRoot /var/www/html/extmail/html ServerName mail.extmail.org ErrorLog logs/extmail.org-error_log CustomLog logs/extmail.org-access_log common DirectoryIndex index.html ScriptAlias /extmail/cgi/ /var/www/html/extmail/cgi/ Alias /extmail /var/www/html/extmail/html SuexecUserGroup postfix postfix </VirtualHost>

service httpd restart

九．安装EXTMAN
1. 先安装rrdtool-perl

yum -y install rrdtool-perl-1.2.23-3.el5.i386.rpm

2. 安装rrdtool

yum -y install rrdtool-1.2.23-3.el5.i386.rpm

3. 安装File-Tail

tar zxf File-Tail-0.99.3.tar.gz -C ~ cd /root/File-Tail-0.99.3 perl Makefile.PL make make install

4.安装GD

tar zxf GD-2.41.tar.gz -C ~ tar zxf gd-2.0.28.tar.gz -C ~ yum -y install libpng-* yum -y install libjpeg-* yum -y install freetype-* cd /root/gd-2.0.28 ./configure make && make install cd /root/GD-2.41 perl Makefile.PL make && make install

5.解压并配置EXTMAN

tar zxf extman-0.2.5.tar.gz -C /var/www/html/ cd /var/www/html/ mv extman-0.2.5 extman cd extman vim webman.cf

SYS_CONFIG = /var/www/html/extman/ SYS_LANGDIR = /var/www/html/extman/lang SYS_TEMPLDIR = /var/www/html/extman/html SYS_MAILDIR_BASE = /mailbox SYS_CAPTCHA_ON=0 SYS_CRYPT_TYPE = crypt SYS_MYSQL_USER = webman SYS_MYSQL_PASS = webman SYS_MYSQL_DB = extmail SYS_MYSQL_HOST = localhost SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock SYS_MYSQL_TABLE = manager SYS_MYSQL_ATTR_USERNAME = username SYS_MYSQL_ATTR_PASSWD = password

mkdir -p /tmp/extman chown -R postfix:postfix /tmp/extman vim /etc/httpd/conf/httpd.conf

<VirtualHost 172.16.1.1:80> ServerAdmin postmaster@extmail.org DocumentRoot /var/www/html/extmail/html ServerName mail.extmail.org ErrorLog logs/extmail.org-error_log CustomLog logs/extmail.org-access_log common DirectoryIndex index.html ScriptAlias /extmail/cgi/ /var/www/html/extmail/cgi/ Alias /extmail /var/www/html/extmail/html ScriptAlias /extman/cgi/ /var/www/html/extman/cgi/ Alias /extman /var/www/html/extman/html SuexecUserGroup postfix postfix </VirtualHost>

cd /var/www/html/extman/addon/mailgraph_ext mkdir -p /usr/local/mailgraph_ext cp mailgraph* /usr/local/mailgraph_ext/ cp qmonitor* /usr/local/mailgraph_ext/ cp queue_* /usr/local/mailgraph_ext/ cd /usr/local/mailgraph_ext/ ./mailgraph-init start ./qmonitor-init start service httpd restart

十．启用TLS
1.生成CA证书和密码文件

cd /etc/pki/tls/certs openssl req -new -x509 -nodes -keyout ca.key -out ca.crt

writing new private key to 'ca.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:cn State or Province Name (full name) [Berkshire]:hubei Locality Name (eg, city) [Newbury]:wuhan Organization Name (eg, company) [My Company Ltd]:bdqn Organizational Unit Name (eg, section) []:benet Common Name (eg, your name or your server's hostname) []:centos.extmail.org Email Address []:

2. 生成SMTPS私钥

openssl genrsa -out smtps.key 512

3. 使用SMTPS私钥生成证书请求

openssl req -new -key smtps.key -out smtps.csr

You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:cn State or Province Name (full name) [Berkshire]:hubei Locality Name (eg, city) [Newbury]:wuhan Organization Name (eg, company) [My Company Ltd]:bdqn Organizational Unit Name (eg, section) []:benet Common Name (eg, your name or your server's hostname) []:centos.extmail.org Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:

4.使用CA私钥和CA证书对SMTPS证书请求进行证书颁发和签名

cp /etc/pki/tls/certs/ca.key /etc/pki/CA/private/cakey.pem mkdir -p /etc/pki/CA/newcerts touch /etc/pki/CA/index.txt touch /etc/pki/CA/serial echo 01 > /etc/pki/CA/serial openssl ca -key ca.key -cert ca.crt -in smtps.csr -out smtps.crt

Using configuration from /etc/pki/tls/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Sep 22 09:19:04 2011 GMT Not After : Sep 21 09:19:04 2012 GMT Subject: countryName = cn stateOrProvinceName = hubei organizationName = bdqn organizationalUnitName = benet commonName = centos.extmail.org X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 4D:72:CD:1B:37:C1:E0:0C:49:90:3B:4F:8C:FA:2C:7B:8A:82:80:C5 X509v3 Authority Key Identifier: keyid:9E:FD:B3:58:D2:01:AA:7D:B1:07:99:33:87:63:27:EB:E2:06:22:D9 Certificate is to be certified until Sep 21 09:19:04 2012 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated

5.配置TLS

mkdir /etc/postfix/.certs cp /etc/pki/tls/certs/ca.key /etc/postfix/.certs/ cp /etc/pki/tls/certs/ca.crt /etc/postfix/.certs/ cp /etc/pki/tls/certs/smtps.crt /etc/postfix/.certs/ cp /etc/pki/tls/certs/smtps.key /etc/postfix/.certs/ vim /etc/postfix/main.cf

smtpd_tls_CAfile=/etc/postfix/.certs/ca.crt smtpd_tls_CApath=/etc/postfix/.certs smtpd_tls_auth_only=yes smtpd_tls_cert_file=/etc/postfix/.certs/smtps.crt smtpd_tls_key_file=/etc/postfix/.certs/smtps.key smtpd_tls_loglevel=0 smtpd_tls_received_header=yes smtpd_use_tls=yes

cd /etc/pki/tls/certs make dovecot.pem

Country Name (2 letter code) [GB]:cn State or Province Name (full name) [Berkshire]:hubei Locality Name (eg, city) [Newbury]:wuhan Organization Name (eg, company) [My Company Ltd]:bdqn Organizational Unit Name (eg, section) []:benet Common Name (eg, your name or your server's hostname) []:centos.extmail.org Email Address []:

cp /etc/pki/tls/certs/dovecot.pem /etc/postfix/.certs/ vim /etc/dovecot.conf

protocols = pop3s pop3 imap ssl_disable = no ssl_cert_file = /etc/postfix/.certs/dovecot.pem ssl_key_file = /etc/postfix/.certs/dovecot.pem

pkill -9 dovecot dovecot

6.配置客户端 十一.配置防垃圾邮件系统
1.安装spamassassin

yum -y install spamassassin-3.2.5-1.el5.i386.rpm

2.安装MailScanner

tar zxf MailScanner-4.83.5-1.rpm.tar.gz -C ~ cd /root/MailScanner-4.83.5-1 yum -y install rpm-build ./install.sh

3.安装F-prot

tar zxf fp-Linux-i686-ws.tar.gz -C /opt/ cd /opt/f-prot/ perl install-f-prot.pl

4. 配置MailScanner

vim /etc/MailScanner/MailScanner.conf

%org-name% = extmail %org-long-name% = extmail.org %web-site% = centos.extmail.org Run As User =postfix Run As Group =postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming MTA = postfix

chown -R postfix:postfix /var/spool/MailScanner chmod 755 /var/spool/MailScanner/incoming/Processing.db chmod 755 /var/spool/MailScanner/incoming/SpamAssassin.cache.db vim /etc/postfix/main.cf

header_checks = regexp:/etc/postfix/header_checks

echo > /etc/postfix/header_checks vim /etc/postfix/header_checks

/^Received:/ HOLD

postmap /etc/postfix/header_checks postfix stop postfix start service saslauthd restart service courier-authlib restart service MailScanner restart pkill -9 dovecot dovecot service spamassassin restart service named restart service mysqld restart service httpd restart chkconfig --level 3 saslauthd on chkconfig --level 3 courier-authlib on chkconfig --level 3 MailScanner on chkconfig --level 3 named on chkconfig --level 3 mysqld on chkconfig --level 3 spamassassin on chkconfig --level 3 httpd on vim /etc/rc.d/rc.local

/usr/local/mailgraph_ext/mailgraph-init start /usr/local/mailgraph_ext/qmonitor-init start /usr/local/sbin/dovecot /usr/sbin/postfix start

十二.测试客户端
1. 测试extmail 2. 测试extman 3. 测试outlook