八、为 postfix 开启基于 cyrus-sasl 的认证功能 <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

 

使用以下命令验正 postfix 是否支持 cyrus 风格的 sasl 认证,如果您的输出为以下结果,则是支持的:

# /usr/local/postfix/sbin/postconf  -a

cyrus

dovecot

 

#vim /etc/postfix/main.cf

添加以下内容:

############################CYRUS-SASL############################

broken_sasl_auth_clients = yes

smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination

smtpd_sasl_auth_enable = yes

smtpd_sasl_local_domain = $myhostname

smtpd_sasl_security_options = noanonymous

smtpd_sasl_application_name = smtpd

smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!

 

#vim /usr/local/lib/sasl2/smtpd.conf( 可能是 vim /usr/ lib/sasl2/smtpd.conf)

添加如下内容:

pwcheck_method: saslauthd

mech_list: PLAIN LOGIN

 

postfix 重新加载配置文件

#/usr/local/postfix/sbin/postfix reload

 

# telnet localhost 25

Trying 127.0.0.1...

Connected to localhost.localdomain (127.0.0.1).

Escape character is '^]'.

220 Welcome to our mail.benet.org ESMTP,Warning: Version not Available!

ehlo mail.benet.org

250-mail.benet.org

250-PIPELINING

250-SIZE 10240000

250-VRFY

250-ETRN

250-AUTH PLAIN LOGIN

250-AUTH=PLAIN LOGIN               (请确保您的输出以类似两行)

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

 

九、让 postfix 支持虚拟域和虚拟用户

 

1 、编辑 /etc/postfix/main.cf ,添加如下内容:

########################Virtual Mailbox Settings########################

virtual_mailbox_base = /var/mailbox

virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf

virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf

virtual_alias_domains =

virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf

virtual_uid_maps = static:2525

virtual_gid_maps = static:2525

virtual_transport = virtual

maildrop_destination_recipient_limit = 1

maildrop_destination_concurrency_limit = 1

##########################QUOTA Settings########################

message_size_limit = 14336000

virtual_mailbox_limit = 20971520

virtual_create_maildirsize = yes

virtual_mailbox_extended = yes

virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf

virtual_mailbox_limit_override = yes

virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again later.

virtual_overquota_bounce = yes

 

2 、添加为支持虚拟域和虚拟用户所用到的配置文件

 

编辑 /etc/postfix/mysql_virtual_alias_maps.cf ,添加如下内容:

user = extmail

password = extmail

hosts = localhost

dbname = extmail

table = alias

select_field = goto

where_field = address

 

编辑 /etc/postfix/mysql_virtual_domains_maps.cf ,添加如下内容:

user = extmail

password = extmail

hosts = localhost

dbname = extmail

table = domain

select_field = description

where_field = domain

 

编辑 /etc/postfix/mysql_virtual_mailbox_limit_maps.cf ,添加如下内容:

user = extmail

password = extmail

hosts = localhost

dbname = extmail

table = mailbox

select_field = quota

where_field = username

 

编辑 /etc/postfix/mysql_virtual_mailbox_maps.cf ,添加如下内容:

user = extmail

password = extmail

hosts = localhost

dbname = extmail

table = mailbox

select_field = maildir

where_field = username

说明:

1 、这里用到的数据库及用户的建立可以后文中的 extmail 说明部分来实现,您可以参照那一部分来理解这里指定的数据库及其用户名等;

2 、以上新建文件亦可以从 extman 安装文件中获得,您也可以由此不用手动输入;

3 、虚拟用户邮箱目录我这里沿用了 /var/mailbox ,你可以指定为别的目录,比如常见到的 /var/spool/mail ,或者 /home/domains 等;但如果这里做了修改,请在后文中用到时作了相应的修改;

十、安装 Courier authentication library

 

# tar jxvf courier-authlib-0.61.0.tar.bz2

# cd courier-authlib-0.61.0

#./configure

    --prefix=/usr/local/courier-authlib

    --sysconfdir=/etc

    --without-authpam

    --without-authldap

    --without-authpwd

    --without-authshadow

    --without-authvchkpw

    --without-authpgsql

    --with-authmysql

    --with-mysql-libs=/usr/local/mysql/lib/mysql

    --with-mysql-includes=/usr/local/mysql/include/mysql

    --with-redhat

    --with-authmysqlrc=/etc/authmysqlrc

    --with-authdaemonrc=/etc/authdaemonrc

    CFLAGS="-march=i686 -O2 -fexpensive-optimizations" 

CXXFLAGS="-march=i686 -O2 -fexpensive-optimizations"

(./configure --prefix=/usr/local/courier-authlib --sysconfdir=/etc --without-authpam --without-authldap --without-authpwd --without-authshadow --without-authvchkpw --without-authpgsql --with-authmysql --with-mysql-libs=/usr/local/mysql/lib/mysql --with-mysql-includes=/usr/local/mysql/include/mysql --with-redhat --with-authmysqlrc=/etc/authmysqlrc --with-authdaemonrc=/etc/authdaemonrc CFLAGS="-march=i686 -O2 -fexpensive-optimizations"  CXXFLAGS="-march=i686 -O2 -fexpensive-optimizations")

# make

# make install

# make install-migrate

# make install-configure

 

# chmod 755 /usr/local/courier-authlib/var/spool/authdaemon

# cp /etc/authdaemonrc.dist  /etc/authdaemonrc

# cp /etc/authmysqlrc.dist  /etc/authmysqlrc

 

修改 /etc/authdaemonrc 文件

authmodulelist="authmysql"

authmodulelistorig="authmysql"

daemons=10

 

编辑 /etc/authmysqlrc 为以下内容,其中 2525 2525 postfix 用户的 UID GID

MYSQL_SERVER localhost

MYSQL_PORT 3306                   ( 指定你的 mysql 监听的端口,这里使用默认的 3306)

MYSQL_USERNAME  extmail      ( 这时为后文要用的数据库的所有者的用户名 )

MYSQL_PASSWORD extmail        ( 密码 )

MYSQL_SOCKET  /tmp/mysql.sock

MYSQL_DATABASE  extmail

MYSQL_USER_TABLE  mailbox

MYSQL_CRYPT_PWFIELD  password

MYSQL_UID_FIELD  '2525'

MYSQL_GID_FIELD  '2525'

MYSQL_LOGIN_FIELD  username

MYSQL_HOME_FIELD  concat('/var/mailbox/',maildir)

MYSQL_NAME_FIELD  name

MYSQL_MAILDIR_FIELD  concat('/var/mailbox/',maildir)

 

# cp courier-authlib.sysvinit /etc/init.d/courier-authlib

# chmod 755 /etc/init.d/courier-authlib

# chkconfig --add courier-authlib

# chkconfig --level 2345 courier-authlib on

 

#echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf

# ldconfig -v

# service courier-authlib start   ( 启动服务 )