gentoo linux 上配置postfix+courier+cyrus-sasl+vmail+postfixadmin+squirrelmail+mailman+amavis全过程记录

作者 in gentoo, linux, postfix, serverconfig, server安装日志

gentoo linux 上配置postfix+courier+cyrus-sasl+vmail+postfixadmin+squirrelmail+mailman+amavis全过程记录

1 修改USE参数
加上mysql imap libwww maildir sasl ssl
我的配置
# emacs /etc/make.conf

USE="mmx sse sse2
jpeg gif tiff png cairo
oci8-instant-client oracle
fbcondecor subversion xcb glitz svg
hal
mysql imap libwww maildir sasl ssl"

LINGUAS="zh_CN zh"

MAKEOPTS="-j4"

2 修改hostname
# emacs /etc/conf.d/hostname
HOSTNAME="domain.com"
# emacs /etc/hosts
127.0.0.1 localhost domain.com
::1 localhost

# /etc/init.d/hostname restart

3 安装postfix
# emerge -C ssmtp
# emerge -av postfix
# env-update && source /etc/profile

# /usr/bin/newaliases

# emacs /etc/postfix/main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = //usr/lib64/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = 916xue.com
myorigin = $myhostname
inet_interfaces = $myhostname, localhost
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
mail.$mydomain, www.$mydomain, ftp.$mydomain
unknown_local_recipient_reject_code = 550
mynetworks = 10.0.0.0/8, 127.0.0.0/8, 192.168.1.0/24
local_destination_concurrency_limit = 2
default_destination_concurrency_limit = 20
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = /usr/share/doc/postfix-2.6.5/html
manpage_directory = /usr/share/man
sample_directory = /etc/postfix
readme_directory = /usr/share/doc/postfix-2.6.5/readme
home_mailbox = .maildir/

方便调试把原有的log系统中的mail独立出来
# emacs /etc/syslog-ng/syslog-ng.conf
添加
# This files are the log come from the mail subsystem.
#
destination mail { file("/var/log/mail.log"); };
destination maillog { file("/var/log/maillog"); };
destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };

filter f_mail { facility(mail); };
filter f_info { level(info); };
filter f_warn { level(warn); };
filter f_err { level(err); };

log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_mail); destination(maillog); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };

然后重启服务
# /etc/init.d/syslog-ng restart
# /etc/init.d/postfix start
这时候就能在/var/log/ 下看到相应的log文件了

改完配置后重启动
# /etc/init.d/postfix restart

4 安装代理和验证
# emerge -av courier-imap courier-authlib

不使用ssl的可以不产生这些认证信息
# cd /etc/courier-imap

分别填写相应的 公司地区等等信息

# emacs pop3d.cnf
RANDFILE = /usr/share/pop3d.rand

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no

[ req_dn ]
C=CN
ST=BJ
L=BeiJing
O=Courier Mail Server
OU=Automatically-generated POP3 SSL key
CN=localhost
emailAddress=ohergal@gmail.com

[ cert_type ]
nsCertType = server
# emacs imapd.cnf
RANDFILE = /usr/share/imapd.rand

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no

[ req_dn ]
C=CN
ST=BJ
L=BeiJing
O=Courier Mail Server
OU=Automatically-generated IMAP SSL key
CN=localhost
emailAddress=ohergal@gmail.com

[ cert_type ]
nsCertType = server

生成认证信息
# mkpop3dcert
# mkimapdcert

修改pop验证信息
# emacs /etc/courier/authlib/authdaemonrc
authmodulelist="authpam"

# emacs /etc/sasl2/smtpd.conf
pwcheck_method:pam

# /etc/init.d/courier-imapd start
# /etc/init.d/courier-imapd-ssl start
# /etc/init.d/courier-pop3d start
# /etc/init.d/courier-pop3d-ssl start
# /etc/init.d/courier-authlib start
# /etc/init.d/saslauthd start

# rc-update add courier-imapd default
# rc-update add courier-imapd-ssl default
# rc-update add courier-pop3d default
# rc-update add courier-pop3d-ssl default
# rc-update add courier-authlib default
# rc-update add saslauthd default

这个时候就能简单的用客户端来收发邮件

5 安装smtp身份认证软件
# emerge -av cyrus-sasl

# emacs /etc/sasl2/smtpd.conf
#pwcheck_method:pam

mech_list: PLAIN LOGIN
pwcheck_method: saslauthd

# emacs /etc/conf.d/saslauthd
SASLAUTHD_OPTS="${SASLAUTH_MECH} -a rimap -r"
SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -O localhost"

# /etc/init.d/saslauthd restart

6 ssl认证信息
# cd /etc/ssl/
# emacs openssl.cnf
修改或添加下面的变量(不改也行 可以在做证书的时候输入)
countryName_default = CN
stateOrProvinceName_default = BeiJing
localityName_default = beijing
0.organizationName_default = leningshidai
commonName_default = ohergal
emailAddress_default = ohergal@gmail.com

# cd misc

执行下面的命令 记住中间填写的密码1q2w3e4r
先用128位rsa算法生成密钥
填写密码

生成证书请求文件newreq.pem和密钥文件newkey.pem
# ./CA.pl -newreq-nodes
Generating a 1024 bit RSA private key
.....++++++
.............................++++++
writing new private key to 'newkey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [BeiJing]:
Locality Name (eg, city) [beijing]:
Organization Name (eg, company) [leningshidai]:
Organizational Unit Name (eg, section) []:xiaoma
Common Name (eg, YOUR name) [ohergal]:
Email Address [ohergal@gmail.com]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:1q2w3e4r
An optional company name []:xiaoma
Request is in newreq.pem, private key is in newkey.pem

生成ca证书
中间要填写密码和刚才密钥的密码
证书签名
填写./demoCA/private/cakey.pem的密码

# ./CA.pl -newca
CA certificate filename (or enter to create)

Making CA certificate ...
Generating a 1024 bit RSA private key
..................++++++
...++++++
writing new private key to './demoCA/private/cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [BeiJing]:
Locality Name (eg, city) [beijing]:
Organization Name (eg, company) [leningshidai]:
Organizational Unit Name (eg, section) []:xiaoma
Common Name (eg, YOUR name) [ohergal]:
Email Address [ohergal@gmail.com]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:1q2w3e4r
An optional company name []:xiaoma
Using configuration from /etc/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number:
ee:73:f7:6a:c2:d3:f4:8c
Validity
Not Before: May 4 21:17:09 2009 GMT
Not After : May 3 21:17:09 2012 GMT
Subject:
countryName = CN
stateOrProvinceName = BeiJing
organizationName = leningshidai
organizationalUnitName = xiaoma
commonName = ohergal
emailAddress = ohergal@gmail.com
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:F8:33:38:2E:38:51:86:E1:7D:F9:EB:64:FA:93:77:D2:7A:FB:E8
X509v3 Authority Key Identifier:
keyid:EF:F8:33:38:2E:38:51:86:E1:7D:F9:EB:64:FA:93:77:D2:7A:FB:E8
DirName:/C=CN/ST=BeiJing/O=leningshidai/OU=xiaoma/CN=ohergal/emailAddress=ohergal@gmail.com
serial:EE:73:F7:6A:C2:D3:F4:8C

X509v3 Basic Constraints:
CA:TRUE
Certificate is to be certified until May 3 21:17:09 2012 GMT (1095 days)

Write out database with 1 new entries
Data Base Updated

生成签名证书newcert.pem
给ca签名输入密码 生成newcert.pem
# ./CA.pl -sign
将证书 密钥 CA证书copy到postfix下
# cp newcert.pem /etc/postfix
# cp newkey.pem /etc/postfix
# cp demoCA/cacert.pem /etc/postfix

现在为apache做同样的认证
执行下面的命令 记住中间填写的密码1q2w3e4r
openssl在制作好证书之后就可以请求来生成
利用证书签署申请生成请求
# openssl req -new > new.cert.csr
Generating a 1024 bit RSA private key
.................++++++
...........................................++++++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [BeiJing]:
Locality Name (eg, city) [beijing]:
Organization Name (eg, company) [leningshidai]:
Organizational Unit Name (eg, section) []:xiaoma
Common Name (eg, YOUR name) [ohergal]:
Email Address [ohergal@gmail.com]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:1q2w3e4r
An optional company name []:xiaoma

创建CA密钥
# openssl rsa -in privkey.pem -out new.cert.key
利用CA密钥自签署CA证书
# openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 365

重新修改postfix的配置
# emacs /etc/postfix/main.cf

smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain =

smtpd_recipient_restrictions =
permit_sasl_authenticated
permit_mynetworks
reject_unauth_pipelining
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_unauth_destination
reject_rhsbl_client blackhole.securitysage.com
reject_rhsbl_sender blackhole.securitysage.com
reject_rbl_client relays.ordb.org,
reject_rbl_client blackholes.easynet.nl,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client proxies.blackholes.wirehub.net,
reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client opm.blitzed.org,
reject_rbl_client dnsbl.njabl.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client multihop.dsbl.org,
reject_rbl_client cblless.anti-spam.org.cn
reject_rbl_client sbl-xbl.spamhaus.org
reject

smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_use_tls = yes
#smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/newkey.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

到这一步就可以测试了
# emerge -av netkit-telnetd
重启
# /etc/init.d/saslauthd restart
# /etc/init.d/postfix restart
测试
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 domain.com ESMTP Postfix
EHLO domain.com
250-domain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
确保上面出现了
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN

或者用邮件客户端测试

到现在为止的postfix的配置为
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = //usr/lib64/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = 916xue.com
myorigin = $myhostname
inet_interfaces = $myhostname, localhost
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
mail.$mydomain, www.$mydomain, ftp.$mydomain
unknown_local_recipient_reject_code = 550
mynetworks = 10.0.0.0/8, 127.0.0.0/8, 192.168.1.0/24
local_destination_concurrency_limit = 2
default_destination_concurrency_limit = 20
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = /usr/share/doc/postfix-2.6.5/html
manpage_directory = /usr/share/man
sample_directory = /etc/postfix
readme_directory = /usr/share/doc/postfix-2.6.5/readme
home_mailbox = .maildir/

smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain =

smtp_sender_dependent_authentication = yes

smtpd_recipient_restrictions =
permit_sasl_authenticated
permit_mynetworks
reject_unauth_pipelining
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_unauth_destination
reject_rhsbl_client blackhole.securitysage.com
reject_rhsbl_sender blackhole.securitysage.com
reject_rbl_client relays.ordb.org,
reject_rbl_client blackholes.easynet.nl,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client proxies.blackholes.wirehub.net,
reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client opm.blitzed.org,
reject_rbl_client dnsbl.njabl.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client multihop.dsbl.org,
reject_rbl_client cblless.anti-spam.org.cn
reject_rbl_client sbl-xbl.spamhaus.org
reject

smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_use_tls = yes
#smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/newkey.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

6 虚拟用户 vmail
创建虚拟邮件用户 所有的邮件都由它来进行处理 是一个前端用户
# adduser -d /home/vmail -s /bin/false -m vmail

创建虚拟邮件的接收位置 当然还包含mysql表里映射的用户
# mkdir -p /home/vmail/virt-916xue.com/foo
# maildirmake /home/vmail/virt-916xue.com/foo/.maildir
# chown -R vmail:vmail /home/vmail/virt-916xue.com

就会生成如下的目录形状
--/home/vmail/virt-916xue.com/foo/.maildir
cur
new
tmp

创建mysql 数据库 mailsql 用户mailsql
并导入以下数据
alias - local email alias and mailman alias information.
relocated - relocated user email address maps
transport - default mail transport information for all domains you are hosting
users - all user account information
virtual - virtual domain email alias maps

DROP TABLE IF EXISTS alias;
CREATE TABLE alias (
id int(11) NOT NULL auto_increment,
alias varchar(128) NOT NULL default '',
destination varchar(128) NOT NULL default '',
PRIMARY KEY (id)
) TYPE=MyISAM;

/*!40000 ALTER TABLE alias DISABLE KEYS */;

--
-- Dumping data for table 'alias'
--

LOCK TABLES alias WRITE;
INSERT INTO alias VALUES (1,'wch','wch@916xue.com'),(2,'ohergal','ohergal@wcv5.com');

/*!40000 ALTER TABLE alias ENABLE KEYS */;
UNLOCK TABLES;

--
-- Table structure for table 'relocated'
--

DROP TABLE IF EXISTS relocated;
CREATE TABLE relocated (
id int(11) NOT NULL auto_increment,
email varchar(128) NOT NULL default '',
destination varchar(128) NOT NULL default '',
PRIMARY KEY (id)
) TYPE=MyISAM;

/*!40000 ALTER TABLE relocated DISABLE KEYS */;

--
-- Dumping data for table 'relocated'
--

LOCK TABLES relocated WRITE;

/*!40000 ALTER TABLE relocated ENABLE KEYS */;
UNLOCK TABLES;

--
-- Table structure for table 'transport'
--

DROP TABLE IF EXISTS transport;
CREATE TABLE transport (
id int(11) NOT NULL auto_increment,
domain varchar(128) NOT NULL default '',
destination varchar(128) NOT NULL default '',
PRIMARY KEY (id),
UNIQUE KEY domain (domain)
) TYPE=MyISAM;

/*!40000 ALTER TABLE transport DISABLE KEYS */;

--
-- Dumping data for table 'transport'
--

LOCK TABLES transport WRITE;
INSERT INTO transport VALUES (1,'916xue.com','local:'),(2,'wcv5.com','virtual:');

/*!40000 ALTER TABLE transport ENABLE KEYS */;
UNLOCK TABLES;

--
-- Table structure for table 'users'
--

DROP TABLE IF EXISTS users;
CREATE TABLE users (
id int(11) NOT NULL auto_increment,
email varchar(128) NOT NULL default '',
clear varchar(128) NOT NULL default '',
name tinytext NOT NULL,
uid int(11) NOT NULL default '1002',
gid int(11) NOT NULL default '1007',
homedir tinytext NOT NULL,
maildir tinytext NOT NULL,
quota tinytext NOT NULL,
postfix enum('n','y') NOT NULL default 'y',
PRIMARY KEY (id),
UNIQUE KEY email (email)
) TYPE=MyISAM;

/*!40000 ALTER TABLE users DISABLE KEYS */;

--
-- Dumping data for table 'users'
--

LOCK TABLES users WRITE;
INSERT INTO users VALUES (1,'wch@916xue.com','0p9o8i7u','local user wch',1000,1004,'/home/wch','/home/wch/.maildir/','','y'),
(2,'ohergal@wcv5.com','0p9o8i7u','second user who lives in a virtual domain',1002,1007,'/home/vmail','/home/vmail/virt-916xue.com/ohergal/.maildir/','','y');

/*!40000 ALTER TABLE users ENABLE KEYS */;
UNLOCK TABLES;

--
-- Table structure for table 'virtual'
--

DROP TABLE IF EXISTS virtual;
CREATE TABLE virtual (
id int(11) NOT NULL auto_increment,
email varchar(128) NOT NULL default '',
destination varchar(128) NOT NULL default '',
PRIMARY KEY (id)
) TYPE=MyISAM;

/*!40000 ALTER TABLE virtual DISABLE KEYS */;

--
-- Dumping data for table 'virtual'
--

LOCK TABLES virtual WRITE;

/*!40000 ALTER TABLE virtual ENABLE KEYS */;
UNLOCK TABLES;

使mysql生效
# emacs /etc/courier/authlib/authdaemonrc
authmodulelist="authmysql authpam"

# emacs /etc/courier/authlib/authmysqlrc

MYSQL_SERVER localhost
MYSQL_USERNAME mailsql
MYSQL_PASSWORD mailsql
MYSQL_DATABASE mailsql
MYSQL_USER_TABLE users
(Make sure the following line is commented out since we're storing plaintext.)
#MYSQL_CRYPT_PWFIELD crypt
MYSQL_CLEAR_PWFIELD clear
MYSQL_UID_FIELD uid
MYSQL_GID_FIELD gid
MYSQL_LOGIN_FIELD email
MYSQL_HOME_FIELD homedir
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD maildir

# /etc/init.d/courier-authlib restart
# /etc/init.d/saslauthd restart

# emacs /etc/postfix/mysql-aliases.cf
user = mailsql
password = mailsql
dbname = mailsql
table = alias
select_field = destination
where_field = alias
hosts = unix:/var/run/mysqld/mysqld.sock

# emacs /etc/postfix/mysql-relocated.cf
user = mailsql
password = mailsql
dbname = mailsql
table = relocated
select_field = destination
where_field = email
hosts = unix:/var/run/mysqld/mysqld.sock

# emacs /etc/postfix/mysql-transport.cf
user = mailsql
password = mailsql
dbname = mailsql
table = transport
select_field = destination
where_field = domain
hosts = unix:/var/run/mysqld/mysqld.sock

# emacs /etc/postfix/mysql-virtual-gid.cf
user = mailsql
password = mailsql
dbname = mailsql
table = users
select_field = gid
where_field = email
additional_conditions = and postfix = 'y'
hosts = unix:/var/run/mysqld/mysqld.sock

# emacs /etc/postfix/mysql-virtual-maps.cf
user = mailsql
password = mailsql
dbname = mailsql
table = users
select_field = maildir
where_field = email
additional_conditions = and postfix = 'y'
hosts = unix:/var/run/mysqld/mysqld.sock

# emacs /etc/postfix/mysql-virtual-uid.cf
user = mailsql
password = mailsql
dbname = mailsql
table = users
select_field = uid
where_field = email
additional_conditions = and postfix = 'y'
hosts = unix:/var/run/mysqld/mysqld.sock

# emacs /etc/postfix/mysql-virtual.cf
user = mailsql
password = mailsql
dbname = mailsql
table = virtual
select_field = destination
where_field = email
hosts = unix:/var/run/mysqld/mysqld.sock

# chmod 640 /etc/postfix/mysql-*.cf
# chgrp postfix /etc/postfix/mysql-*.cf

# emacs /etc/postfix/main.cf

alias_maps = mysql:/etc/postfix/mysql-aliases.cf
relocated_maps = mysql:/etc/postfix/mysql-relocated.cf

local_transport = local
local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname

virtual_transport = virtual
virtual_mailbox_domains = 916xue.com, 916xueinc.com

virtual_minimum_uid = 1000

virtual_gid_maps = static:1007
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf

virtual_uid_maps = static:1002
virtual_mailbox_base = /
#virtual_mailbox_limit =

重要的概念
如果设置虚拟用户
1 需要有一个虚拟域
INSERT INTO transport VALUES (1,'916xue.com','local:'),(2,'wcv5.com','virtual:');

2 建立系统的vmail账户 并获取 uid和gid

3 需要在mysql里配置用户 并创建相应的文件夹
INSERT INTO users VALUES (1,'wch@916xue.com','0p9o8i7u','local user wch',1000,1004,'/home/wch','/home/wch/.maildir/','','y'),
(2,'ohergal@wcv5.com','0p9o8i7u','second user who lives in a virtual domain',1002,1007,'/home/vmail','/home/vmail/virt-916xue.com/ohergal/.maildir/','','y');

这个阶段的配置
# emacs /etc/postfix/main.cf
ueue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = //usr/lib64/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = 916xue.com
myorigin = $myhostname
# inet_interfaces = $myhostname, localhost
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
mail.$mydomain, www.$mydomain, ftp.$mydomain
unknown_local_recipient_reject_code = 550
mynetworks = 10.0.0.0/8, 127.0.0.0/8, 192.168.1.0/24
local_destination_concurrency_limit = 2
default_destination_concurrency_limit = 20
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = /usr/share/doc/postfix-2.6.5/html
manpage_directory = /usr/share/man
sample_directory = /etc/postfix
readme_directory = /usr/share/doc/postfix-2.6.5/readme
home_mailbox = .maildir/

smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain =

#smtp_sender_dependent_authentication = yes

smtpd_recipient_restrictions =
permit_sasl_authenticated
permit_mynetworks
#reject_unauth_pipelining
#reject_non_fqdn_recipient
#reject_non_fqdn_sender
reject_unauth_destination
#reject_rhsbl_client blackhole.securitysage.com
#reject_rhsbl_sender blackhole.securitysage.com
#reject_rbl_client relays.ordb.org,
#reject_rbl_client blackholes.easynet.nl,
#reject_rbl_client cbl.abuseat.org,
#reject_rbl_client proxies.blackholes.wirehub.net,
#reject_rbl_client bl.spamcop.net,
#reject_rbl_client sbl.spamhaus.org,
#reject_rbl_client opm.blitzed.org,
#reject_rbl_client dnsbl.njabl.org,
#reject_rbl_client list.dsbl.org,
#reject_rbl_client multihop.dsbl.org,
#reject_rbl_client cblless.anti-spam.org.cn
#reject_rbl_client sbl-xbl.spamhaus.org
#reject

smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_use_tls = yes
#smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/newkey.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

alias_maps = mysql:/etc/postfix/mysql-aliases.cf
relocated_maps = mysql:/etc/postfix/mysql-relocated.cf

local_transport = local
local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname

virtual_transport = virtual
virtual_mailbox_domains = wcv5.com

virtual_minimum_uid = 1000

virtual_gid_maps = static:1007
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf

virtual_uid_maps = static:1002
virtual_mailbox_base = /
#virtual_mailbox_limit =

# emerge -av squirrelmail

# cd /app01/htdocs/
# webapp-config -I -h mail.916xue.com -d /mail squirrelmail 1.4.19
# cd /var/www/mail.916xue.com/htdocs/mail/config

如果使用postfixadmin那原来的mysql管理的虚拟用户就不起作用了,需要全部换成有postfixadmin来管理

# echo "=www-apps/postfixadmin-2.2.1.1 ~amd64" >> /etc/portage/package.keywords
# emerge -av postfixadmin
# webapp-config --install --host=mailadmin.916xue.com postfixadmin 2.2.1.1
# chown -R apache.apache /var/www/mailadmin.916xue.com/

# emacs config.inc.php
'admin',
'alias' => 'alias',
'alias_domain' => 'alias_domain',
'config' => 'config',
'domain' => 'domain',
'domain_admins' => 'domain_admins',
'fetchmail' => 'fetchmail',
'log' => 'log',
'mailbox' => 'mailbox',
'vacation' => 'vacation',
'vacation_notification' => 'vacation_notification',
);

// Site Admin
// Define the Site Admins email address below.
// This will be used to send emails from to create mailboxes.
$CONF['admin_email'] = 'wch@916xue.com';

// Mail Server
// Hostname (FQDN) of your mail server.
// This is used to send email to Postfix in order to create mailboxes.
$CONF['smtp_server'] = 'localhost';
$CONF['smtp_port'] = '25';

// Encrypt
// In what way do you want the passwords to be crypted?
// md5crypt = internal postfix admin md5
// md5 = md5 sum of the password
// system = whatever you have set as your PHP system default
// cleartext = clear text passwords (ouch!)
$CONF['encrypt'] = 'md5crypt';

// Minimum length required for passwords. Postfixadmin will not
// allow users to set passwords which are shorter than this value.
$CONF['min_password_length'] = 5;

// Generate Password
// Generate a random password for a mailbox or admin and display it.
// If you want to automagically generate paswords set this to 'YES'.
$CONF['generate_password'] = 'NO';

// Show Password
// Always show password after adding a mailbox or admin.
// If you want to always see what password was set set this to 'YES'.
$CONF['show_password'] = 'NO';

// Page Size
// Set the number of entries that you would like to see
// in one page.
$CONF['page_size'] = '10';

// Default Aliases
// The default aliases that need to be created for all domains.
$CONF['default_aliases'] = array (
'abuse' => 'abuse@change-this-to-your.domain.tld',
'hostmaster' => 'hostmaster@change-this-to-your.domain.tld',
'postmaster' => 'postmaster@change-this-to-your.domain.tld',
'webmaster' => 'webmaster@change-this-to-your.domain.tld'
);

// Mailboxes
// If you want to store the mailboxes per domain set this to 'YES'.
// Examples:
// YES: /usr/local/virtual/domain.tld/username@domain.tld
// NO: /usr/local/virtual/username@domain.tld
$CONF['domain_path'] = 'YES';
// If you don't want to have the domain in your mailbox set this to 'NO'.
// Examples:
// YES: /usr/local/virtual/domain.tld/username@domain.tld
// NO: /usr/local/virtual/domain.tld/username
// Note: If $CONF['domain_path'] is set to NO, this setting will be forced to YES.
$CONF['domain_in_mailbox'] = 'NO';

// Default Domain Values
// Specify your default values below. Quota in MB.
$CONF['aliases'] = '10';
$CONF['mailboxes'] = '10';
$CONF['maxquota'] = '10';

// Quota
// When you want to enforce quota for your mailbox users set this to 'YES'.
$CONF['quota'] = 'NO';
// You can either use '1024000' or '1048576'
$CONF['quota_multiplier'] = '1024000';

// Transport
// If you want to define additional transport options for a domain set this to 'YES'.
// Read the transport file of the Postfix documentation.
$CONF['transport'] = 'NO';
// Transport options
// If you want to define additional transport options put them in array below.
$CONF['transport_options'] = array (
'virtual', // for virtual accounts
'local', // for system accounts
'relay' // for backup mx
);
// Transport default
// You should define default transport. It must be in array above.
$CONF['transport_default'] = 'virtual';

// Virtual Vacation
// If you want to use virtual vacation for you mailbox users set this to 'YES'.
// NOTE: Make sure that you install the vacation module. http://high5.net/postfixadmin/
$CONF['vacation'] = 'NO';
// This is the autoreply domain that you will need to set in your Postfix
// transport maps to handle virtual vacations. It does not need to be a
// real domain (i.e. you don't need to setup DNS for it).
$CONF['vacation_domain'] = 'autoreply.change-this-to-your.domain.tld';

// Vacation Control
// If you want users to take control of vacation set this to 'YES'.
$CONF['vacation_control'] ='YES';

// Vacation Control for admins
// Set to 'YES' if your domain admins should be able to edit user vacation.
$CONF['vacation_control_admin'] = 'YES';

// Alias Control
// Postfix Admin inserts an alias in the alias table for every mailbox it creates.
// The reason for this is that when you want catch-all and normal mailboxes
// to work you need to have the mailbox replicated in the alias table.
// If you want to take control of these aliases as well set this to 'YES'.
$CONF['alias_control'] = 'NO';

// Alias Control for admins
// Set to 'NO' if your domain admins shouldn't be able to edit user aliases.
$CONF['alias_control_admin'] = 'NO';

// Special Alias Control
// Set to 'NO' if your domain admins shouldn't be able to edit default aliases.
$CONF['special_alias_control'] = 'NO';

// Alias Goto Field Limit
// Set the max number of entries that you would like to see
// in one 'goto' field in overview, the rest will be hidden and "[and X more...]" will be added.
// '0' means no limits.
$CONF['alias_goto_limit'] = '0';

// Backup
// If you don't want backup tab set this to 'NO';
$CONF['backup'] = 'YES';

// Send Mail
// If you don't want sendmail tab set this to 'NO';
$CONF['sendmail'] = 'YES';

// Logging
// If you don't want logging set this to 'NO';
$CONF['logging'] = 'YES';

// Fetchmail
// If you don't want fetchmail tab set this to 'NO';
$CONF['fetchmail'] = 'YES';

// fetchmail_extra_options allows users to specify any fetchmail options and any MDA
// (it will even accept 'rm -rf /' as MDA!)
// This should be set to NO, except if you *really* trust *all* your users.
$CONF['fetchmail_extra_options'] = 'NO';

// Header
$CONF['show_header_text'] = 'NO';
$CONF['header_text'] = ':: Postfix Admin ::';

// link to display under 'Main' menu when logged in as a user.
$CONF['user_footer_link'] = "http://change-this-to-your.domain.tld/main";

// Footer
// Below information will be on all pages.
// If you don't want the footer information to appear set this to 'NO'.
$CONF['show_footer_text'] = 'YES';
$CONF['footer_text'] = 'Return to change-this-to-your.domain.tld';
$CONF['footer_link'] = 'http://change-this-to-your.domain.tld';

// Welcome Message
// This message is send to every newly created mailbox.
// Change the text between EOM.
$CONF['welcome_text'] = <<
ServerAdmin ohergal@gmail.com
DocumentRoot "/var/www/mailadmin.916xue.com/htdocs/"

Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all


AllowOverride None
Options None
Order allow,deny
Allow from all

ScriptAlias /cgi-bin/ "/var/www/mailadmin.916xue.com/cgi-bin/"
ServerName mailadmin.916xue.com
DirectoryIndex index.php index.php3 index.html index.cgi index.htm home.htm

# emerge -av xineted
这样可以禁止telnet

' 加上mailman支持邮件列表

INSERT INTO users VALUES (5,'test@wcv5.com','ergal1234','virtual user test',1002,1007,'/home/vmail/wc.virt-domain.com/','/home/vmail/wc.virt-domain.com/.maildir/','','y');

$ emerge -av mailman
$ emacs /usr/lib/mailman/Mailman/Defaults.py
这个安装的时候已经配置好了
DEFAULT_EMAIL_HOST = '916xue.com'
DEFAULT_URL_HOST = '916xue.com'
DEFAULT_URL_PATTERN = 'http://%s/mailman/'

$ emacs /usr/lib/mailman/Mailman/mm_cfg.py

MTA = "Postfix"
POSTFIX_STYLE_VIRTUAL_DOMAINS = ['wcv5.com', 'domain.com']
add_virtualhost('ml.wcv5.com', 'wcv5.com')
add_virtualhost('ml.domain.com', 'domain.com')
DEFAULT_SERVER_LANGUAGE = 'zh_CN'

$ su - mailman
$ ./bin/newlist --urlhost='ml.domain.com' --emailhost='domain.com' all
输入运行列表的人的email:test@wcv5.com
初始的 test的密码:ergal1234
$ ./bin/genaliases

$ bin/mailmanctl -s start
缺少站点列表: mailman
mailman@916xue ~ $ ./bin/newlist --urlhost='list.916xue.com' --emailhost='916xue.com' mailman
输入运行列表的人的email:wch@916xue.com
初始的 mailman的密码:0p9o8i7u

$ ./bin/genaliases

alias_maps = hash:/etc/mail/aliases,
mysql:/etc/postfix/mysql-aliases.cf

$ emacs /etc/postfix/main.cf
添加以下内容
owner_request_special = no
recipient_delimiter = +

alias_maps = hash:/usr/lib64/mailman/data/aliases,
mysql:/etc/postfix/mysql-aliases.cf
virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman,
mysql:/etc/postfix/mysql-virtual.cf

检查和修复错误 可能需要执行2遍
$ ./bin/check_perms -f
$ chmod 02775 /usr/lib64/mailman

设置站点口令
$ ./bin/mmsitepass
ergal1234

$ /etc/init.d/mailman start
$ rc-update add mailman default
$ emacs /etc/postfix/main.cf

增加cron
$ su - mailman
$ crontab cron/crontab.in

bin/list_lists 查看列表
bin/rmlist -a xxxx 删除列表

' 我又新增了一个列表
./bin/newlist --urlhost='list.916xue.com' --emailhost='domain.com' all

问题
NOQUEUE: reject: RCPT from m50-133.163.com[123.125.50.133]: 550 5.1.6 : Recipient address rejected: User has moved to all; from= to= proto=ESMTP helo=
Dec 18 12:07:31 916xue postfix/smtpd[25694]: > m50-133.163.com[123.125.50.133]: 550 5.1.6 : Recipient address rejected: User has moved to all

妈的
virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman,
mysql:/etc/postfix/mysql-virtual.cf
写成了
relocated_maps = hash:/usr/lib64/mailman/data/virtual-mailman,
mysql:/etc/postfix/mysql-relocated.cf
这个是用来提示用户地址已经修改的

' 又遇到问题postfixadmin的
Invalid domain name selected, or you tried to select a domain you are not an admin for
这个是因为我连虚拟域都没建立, 解决办法 :直接在postfixadmin里加上需要的域名

' 重新整理postadmin,这样添加用户要方便很多

1 首先修改authmysqlrc

原来的配置不要了重新进行配置 注意 如果使用单引号 表示使用常量 比如gid和uid 还有MYSQL_HOME_FIELD都可以使用常量
$ emacs /etc/courier/authlib/authmysqlrc
MYSQL_USERNAME mailadmin
MYSQL_PASSWORD mailadmin
MYSQL_DATABASE mailadmin

MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_LOGIN_FIELD username
# 这里可以写死
MYSQL_HOME_FIELD '/var/mailbox/'
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD maildir
MYSQL_QUOTA_FIELD quota
# 下面两个根据情况查/etc/passwd来修改 我这里是使用的vmail的
MYSQL_UID_FIELD '1002'
MYSQL_GID_FIELD '1007'

2 修改原来的mysql配置
$ cd /etc/postfix
$ cp mysql-aliases.cf mysql_virtual_alias_maps_ma.cf
$ emacs mysql_virtual_alias_maps_ma.cf
user = mailadmin
password = mailadmin
dbname = mailadmin
table = alias
select_field = goto
where_field = address
additional_conditions = and active='1'
hosts = unix:/var/run/mysqld/mysqld.sock

$ cp mysql-virtual-maps.cf mysql_virtual_mailbox_maps_ma.cf
$ emacs mysql_virtual_mailbox_maps_ma.cf

user = mailadmin
password = mailadmin
dbname = mailadmin
table = mailbox
select_field = maildir
where_field = username
additional_conditions = and active='1'
hosts = unix:/var/run/mysqld/mysqld.sock

$ emacs mysql_virtual_domain_maps_ma.cf
user = mailadmin
password = mailadmin
dbname = mailadmin
table = domain
select_field = domain
where_field = domain
additional_conditions = and active='1'
hosts = unix:/var/run/mysqld/mysqld.sock

然后修改/etc/postfix/main.cf
$ emacs /etc/postfix/main.cf

virtual_mailbox_base = /var/mailbox/
alias_maps = hash:/var/lib/mailman/data/aliases,
hash:/etc/postfix/aliases
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps_ma.cf
virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman,
mysql:/etc/postfix/mysql_virtual_alias_maps_ma.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domain_maps_ma.cf

virtual_minimum_uid = 80
virtual_gid_maps = static:81
virtual_uid_maps = static:81
注释掉下面的
#relocated_maps = mysql:/etc/postfix/mysql-relocated.cf
#virtual_mailbox_domains = wcv5.com, domain.com
#virtual_mailbox_base = /
重启服务
$ postalias /etc/mail/aliases
chown -R root.postfix /etc/postfix/
mkdir /var/mailbox
chown -R apache.apache /var/mailbox

$ /etc/init.d/saslauthd restart
$ /etc/init.d/courier-authlib restart
$ /etc/init.d/mailman restart
$ /etc/init.d/postfix restart

' 安装postfix的日志分析软件
$ emerge -av pflogsumm

测试
$ pflogsumm.pl -d yesterday /var/log/maillog | sendmail wangchao@domain.com
添加到定时任务
# maillog analysis
0 4 * * * /usr/bin/pflogsumm.pl -d yesterday /var/log/maillog | sendmail wangchao@domain.com

错误
1 create maildir file //domain.com/wangchao/tmp/1292793838.P20829.916xue.com: Permission denied
解决办法:没看见main.cf最下面的virtual_mailbox_base = / 耽误了我好多时间 换成virtual_mailbox_base = /var/mailbox/
注意事项 : 使用postfixadmin来管理虚拟用户和虚拟域 那么apache需要对virtual_mailbox_base有权限 最好保持postfix和apache对此目录有相同的权限以免其他情况发生
原来的vmail已经没有用了 vmail用户和用户组就都没有用了
2 warning: do not list domain in BOTH virtual_mailbox_domains and relay_domains
暂时没影响

3
[28349] info: config: failed to parse line, skipping, in "/etc/mail/spamassassin/local.cf": use_dcc 1
[28349] info: config: failed to parse, now a plugin, skipping, in "/etc/mail/spamassassin/local.cf": ok_languages all
这个好像是因为sa的版本的问题 其实如果amavisd使用sa的perl lib的话不需要启动sa就没有什么问题

4 amavis的错误
Dec 21 17:44:43 916xue amavis[10206]: (10206-20) (!!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/amavis/tmp/amavis-20101221T165813-10206/parts: lstat() failed: Permission denied. ERROR\n"

lstat() failed on: /var/amavis/tmp/amavis-20101221T222627-29732/parts

参考文章

http://www.bobd.cn/itschool/Server/mailserver/200612/itschool_15631.html
http://en.gentoo-wiki.com/wiki/Mail_server_using_Postfix_and_Dovecot
http://en.gentoo-wiki.com/wiki/Virtual_mail_server_using_Postfix,_Courier_and_PostfixAdmin
http://www.gentoo.org/doc/en/virt-mail-howto.xml
http://www.postfix.org/postconf.5.html
http://www.5dmail.net/html/2006-9-5/200695232547.htm
http://spamassassin.apache.org/
http://www.gentoo.org/doc/en/mailfilter-guide.xml
http://blog.5ilinux.com/archives/2006/05/postfixamavisdn.html
http://en.gentoo-wiki.com/wiki/Index:Tutorials#Mail_Servers
http://www.gentoo.org/doc/en/mailfilter-guide.xml

留下评论

您的email地址不会被公开.

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据