安装前的准备工作:
安装前说明:邮件服务依赖于DNS服务,请事先确信您的DNS服务已经为邮件应用配置完成。
1、安装所需的rpm包,这包括以下这些:
httpd, mysql, mysql-server, mysql-devel, openssl-devel, dovecot, perl-DBD-MySQL, tcl, tcl-devel, libart_lgpl, libart_lgpl-devel, libtool-ltdl, libtool-ltdl-devel, expect
2、关闭sendmail,并将它的随系统自动启动功能关闭:
# service sendmail stop
# chkconfig sendmail off
3、安装以下开发所用到的rpm包组:
Development Libraries
Development Toolspostfix+sasl+dovecot及虚拟域相关概念
Postfix:
Aliases,newaliases
/etc/aliases -> /etc/aliases.db
/etc/postfix/main.cf <- /etc/postfix/master.cf
postconf -e
-a
-n
-d
-m
myhostname
mydomain
mynetworks
mydestination
myorigin:发件人地址伪装
inet_interfaces: 定义postfix进程监听的ip地址
127.0.0.1:只能为本机作为客户端访问
0.0.0.0:本机的所有可用地址
smtpd_client_restrictions
smtpd_helo_restrictions
sender
recipient
data搭DNS
yum install bind bind-utils -y
vim /etc/named.rfc1912.zones
添加:
zone "magedu.com" IN {
type master;
file "magedu.com.zone";
};
zone "100.16.172.in-addr.arpa" IN {
type master;
file "172.16.100.zone";
};named-checkconf
named-checkconf /etc/named.conf
cd /var/named/
vim magedu.com.zone
$TTL 86400
@ IN SOA ns.magedu.com. admin.magedu.com. (
2013041501
2H
10M
3D
1D )
IN NS ns
IN MX 10 mail
ns IN A 172.16.100.1
mail IN A 172.16.100.1
www IN A 172.16.100.1cp mageud.com.zone 172.16.100.zone
vim 172.16.100.zone
$TTL 86400
@ IN SOA ns.magedu.com. admin.magedu.com. (
2013041501
2H
10M
3D
1D )
IN NS ns.magedu.com.
1 IN PTR ns.mageud.com.
1 IN PTR mail.magedu.com.
1 IN PTR www.magedu.com.named-checkzone “magedu.com” magedu.com.zone
named-checkzone “100.16.172.in-addr.arpa” 172.16.100.zone
setenforce 0
vim /etc/sysconfig/selinux
SELINUX=permissivechgrp named magedu.com.zone 172.16.100.zone
chmod 640 magedu.com.zone 172.16.100.zone
service named start
netstat -tunlp
chkconfig named on
vim /etc/resolv.conf
nameserver 172.16.100.1dig -t MX magedu.com
dig -t A mail.magedu.com
vim /etc/sysconfig/network
HOSTNAME=mail.magedu.comhostname mail.magedu.com
安装开发库
yum grouplist
yum install "Development Libraries"
yum gruopinstall "Development Libraries"安装mysql,rpm方式
RHEL自身提供的rpm包:
头文件:/usr/include/
库文件:/lib,/usr/lib
第三方的rpm包:
/usr/local,/opt
头文件:/usr/include,/usr/local/include
库文件:/usr/local/lib
/etc/ld.so.conf
/etc/ld.so.conf.d/local.conf
yum install mysql-server mysql-devel
vim /etc/ld.so.conf
内容如下:
include ld.so.conf.d/*.conf
service mysqld start
chkconfig mysqld on安装postfix
时间同步
hwclock -s
crontab -e
内容:
*/5 * * * * /sbin/hwclock -s //每隔5分钟自动同步时间
# groupadd -g 2525 postfix
# useradd -g postfix -u 2525 -s /sbin/nologin -M postfix
# groupadd -g 2526 postdrop
# useradd -g postdrop -u 2526 -s /sbin/nologin -M postdrop
tar zvxf postfix-2.9.6.tar.gz
cd postfix-2.9.6
mysql头文件:/usr/include/mysql/
库文件:/usr/lib/mysql
# make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DUSE_TLS ' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib/sasl2 -lsasl2 -lssl -lcrypto'
# make
# make install
vim /etc/inti.d/postfix
提供脚本:
#!/bin/bash
#
# postfix Postfix Mail Transfer Agent
#
# chkconfig: 2345 80 30
# description: Postfix is a Mail Transport Agent, which is the program \
# that moves mail from one machine to another.
# processname: master
# pidfile: /var/spool/postfix/pid/master.pid
# config: /etc/postfix/main.cf
# config: /etc/postfix/master.cf
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ $NETWORKING = "no" ] && exit 3
[ -x /usr/sbin/postfix ] || exit 4
[ -d /etc/postfix ] || exit 5
[ -d /var/spool/postfix ] || exit 6
RETVAL=0
prog="postfix"
start() {
# Start daemons.
echo -n $"Starting postfix: "
/usr/bin/newaliases >/dev/null 2>&1
/usr/sbin/postfix start 2>/dev/null 1>&2 && success || failure $"$prog start"
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/postfix
echo
return $RETVAL
}
stop() {
# Stop daemons.
echo -n $"Shutting down postfix: "
/usr/sbin/postfix stop 2>/dev/null 1>&2 && success || failure $"$prog stop"
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/postfix
echo
return $RETVAL
}
reload() {
echo -n $"Reloading postfix: "
/usr/sbin/postfix reload 2>/dev/null 1>&2 && success || failure $"$prog reload"
RETVAL=$?
echo
return $RETVAL
}
abort() {
/usr/sbin/postfix abort 2>/dev/null 1>&2 && success || failure $"$prog abort"
return $?
}
flush() {
/usr/sbin/postfix flush 2>/dev/null 1>&2 && success || failure $"$prog flush"
return $?
}
check() {
/usr/sbin/postfix check 2>/dev/null 1>&2 && success || failure $"$prog check"
return $?
}
restart() {
stop
start
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
reload)
reload
;;
abort)
abort
;;
flush)
flush
;;
check)
check
;;
status)
status master
;;
condrestart)
[ -f /var/lock/subsys/postfix ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|restart|reload|abort|flush|check|status|condrestart}"
exit 1
esac
exit $?
# END
chmod +x /etc/init.d/postfix
chkconfig --add postfix
chkdonfig --list postfix
newaliases
ls /etc/aliases.db 确保生成这个文件
//配置主文件
cd /etc/postfix/
vim main.cf
myhostname=mail.magedu.com
mydomain=megedu.com
myorign=$mydomain
inet_interfaces=all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 172.16.0.0/16,127.0.0.0/8
postconf -n
service postfix start
tail /var/loc/maillog
//发现sendmail没卸载
service sendmail stop//停止sendmail
chkconfig sendmail off
service postfix start
tail /var/log/maillog
//测试:
useradd hadoop
useradd openstack
echo "hadoop" | passwd --stdin hadoop
telnet mail.magedu.com 25
ehlo mail.magedu.com
mail from:root@magedu.com
rcpt to:hadoop@magedu.com
data
Subject:hello
.
quit
tail /var/log/maillog
也可使用outlook进行测试安装dovecot
yum install dovecot
修改:
只是用pop3:
protocols = pop3
service dovecot start
chkconfig dovecot on
netstat -tnlp
echo "redhat" | passwd --stdin openstack
telnet mail.magedu.com 110
USER openstack
PASS redhat
LIST
RETR 1
再使用outlook发送邮件
收件人:openstack@magedu.com
主题:test test
正文:test
//mutt -f PROTOCOL://username@magedu.com@172.16.100.1
man mutt
mutt -f pop://openstack@mail.magedu.com//邮件收发SASL认证
SASL:cyrus-sasl
服务脚本:saslauthd
postfix --> /usr/lib/sasl2/smtpd.conf
pwcheck_method:saslauthd
mech_list:PLAIN LOGIN
vim /etc/sysconfig/saslauthd
MECH=shadow
service saslauthd start
chkconfig saslauthd on
testsaslauthd -uhadoop -phadoop
cd /etc/postfix
vim /usr/lib/sasl2/smtpd.conf
pwcheck_method:saslauthd
mech_list:PLAIN LOGIN
service saslauthd restart
cd /etc/postfix/
vim main.cf
mynetworks=127.0.0.0/8
文件尾部添加:
############################CYRUS-SASL############################
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_path = smtpd
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!
service postfix restart
测试outlook发送邮件:
收件人:openstack@magedu.com
主题:test
正文:test
发送失败,必须认证。
outlook:
工具->账户->属性->服务器
勾选我的服务器要求身份验证
点击发送全部邮件 成功
tail /var/log/maillog基于虚拟用户的虚拟域邮件系统架构
安装Courier authentication library
1、courier简介
courier-authlib是Courier组件中的认证库,它是courier组件中一个独立的子项目,用于为Courier的其它组件提供认证服务。其认证功能通常包括验正登录时的帐号和密码、获取一个帐号相关的家目录或邮件目录等信息、改变帐号的密码等。而其认证的实现方式也包括基于PAM通过/etc/passwd和/etc/shadow进行认证,基于GDBM或DB进行认证,基于LDAP/MySQL/PostgreSQL进行认证等。因此,courier-authlib也常用来与courier之外的其它邮件组件(如postfix)整合为其提供认证服务。
备注:在RHEL5上要使用0.64.0及之前的版本,否则,可能会由于sqlite版本过低问题导致configure检查无法通过或编译无法进行。
2、安装
接下来开始编译安装
# tar jxvf courier-authlib-0.64.0.tar.bz2
# cd courier-authlib-0.64.0
#./configure \
--prefix=/usr/local/courier-authlib \
--sysconfdir=/etc \
--without-authpam \
--without-authshadow \
--without-authvchkpw \
--without-authpgsql \
--with-authmysql \
--with-mysql-libs=/usr/lib/mysql \
--with-mysql-includes=/usr/include/mysql \
--with-redhat \
--with-authmysqlrc=/etc/authmysqlrc \
--with-authdaemonrc=/etc/authdaemonrc \
--with-mailuser=postfix \
--with-mailgroup=postfix \
--with-ltdl-lib=/usr/lib \
--with-ltdl-include=/usr/include
# make
# make install
备注:可以使用--with-authdaemonvar=/var/spool/authdaemon选项来指定进程套节字目录路径。
# chmod 755 /usr/local/courier-authlib/var/spool/authdaemon
# cp /etc/authdaemonrc.dist /etc/authdaemonrc
# cp /etc/authmysqlrc.dist /etc/authmysqlrc
修改/etc/authdaemonrc 文件
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=10
3、配置其通过mysql进行邮件帐号认证
编辑/etc/authmysqlrc 为以下内容,其中2525,2525 为postfix 用户的UID和GID。
MYSQL_SERVER localhost
MYSQL_PORT 3306 (指定你的mysql监听的端口,这里使用默认的3306)
MYSQL_USERNAME extmail (这时为后文要用的数据库的所有者的用户名)
MYSQL_PASSWORD extmail (密码)
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD '2525'
MYSQL_GID_FIELD '2525'
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD concat('/var/mailbox/',homedir)
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD concat('/var/mailbox/',maildir)
4、提供SysV服务脚本
# cp courier-authlib.sysvinit /etc/rc.d/init.d/courier-authlib
# chmod 755 /etc/init.d/courier-authlib
# chkconfig --add courier-authlib
# chkconfig --level 2345 courier-authlib on
# echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf.d/courier-authlib.conf
# ldconfig -v
# service courier-authlib start (启动服务)
5、配置postfix和courier-authlib
新建虚拟用户邮箱所在的目录,并将其权限赋予postfix用户:
#mkdir –pv /var/mailbox
#chown –R postfix /var/mailbox
接下来重新配置SMTP 认证,编辑 /usr/lib/sasl2/smtpd.conf ,确保其为以下内容:
pwcheck_method: authdaemond
log_level: 3
mech_list:PLAIN LOGIN
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket让postfix支持虚拟域和虚拟用户
1、编辑/etc/postfix/main.cf,添加如下内容:
########################Virtual Mailbox Settings########################
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
##########################QUOTA Settings########################
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again later.
virtual_overquota_bounce = yes
2、使用extman源码目录下docs目录中的extmail.sql和init.sql建立数据库:
# tar zxvf extman-1.1.tar.gz
# cd extman-1.1/docs
# mysql -u root -p < extmail.sql
# mysql -u root -p <init.sql
# cp mysql* /etc/postfix/
3、授予用户extmail访问extmail数据库的权限
mysql -uroot
mysql> GRANT all privileges on extmail.* TO extmail@localhost IDENTIFIED BY 'extmail';
mysql> GRANT all privileges on extmail.* TO extmail@127.0.0.1 IDENTIFIED BY 'extmail';
说明:
1、启用虚拟域以后,需要取消中心域,即注释掉myhostname, mydestination, mydomain, myorigin几个指令;当然,你也可以把mydestionation的值改为你自己需要的。
2、对于MySQL-5.1以后版本,其中的服务脚本extmail.sql执行会有语法错误;可先使用如下命令修改extmail.sql配置文件,而后再执行。修改方法如下:
# sed -i 's@TYPE=MyISAM@ENGINE=InnoDB@g' extmail.sql测试:
service postfix restart
telnet 172.16.100.1 25
ehlo mail.magedu.com
mail from:root@magedu.com
rcpt to:hadoop@magedu.com
quit
# mysql
mysql>SHOW DATABASES
mysql>USE extmail
mysql>SHOW TABLES
mysql>SELECT * FROM domain\G
mysql>\q配置devocot
# vi /etc/dovecot.conf
mail_location = maildir:/var/mailbox/%d/%n/Maildir
……
auth default {
mechanisms = plain
passdb sql {
args = /etc/dovecot-mysql.conf
}
userdb sql {
args = /etc/dovecot-mysql.conf
}
……
# vim /etc/dovecot-mysql.conf
driver = mysql
connect = host=localhost dbname=extmail user=extmail password=extmail
default_pass_scheme = CRYPT
password_query = SELECT username AS user,password AS password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, uidnumber AS uid, gidnumber AS gid FROM mailbox WHERE username = '%u'
说明:如果mysql服务器是本地主机,即host=localhost时,如果mysql.sock文件不是默认的/var/lib/mysql/mysql.sock,可以使用host=“sock文件的路径”来指定新位置;例如,使用通用二进制格式安装的MySQL,其soc文件位置为/tmp/mysql.sock,相应地,connect应按如下方式定义。
connect = host=/tmp/mysql.sock dbname=extmail user=extmail password=extmail
接下来启动dovecot服务:
# service dovecot start
# chkconfig dovecot on安装Extmail-1.2
说明:如果extmail的放置路径做了修改,那么配置文件webmail.cf中的/var/www路径必须修改为你所需要的位置。本文使用了默认的/var/www,所以,以下示例中并没有包含路径修改的相关内容。
1、安装
# tar zxvf extmail-1.2.tar.gz
# mkdir -pv /var/www/extsuite
# mv extmail-1.2 /var/www/extsuite/extmail
# cp /var/www/extsuite/extmail/webmail.cf.default /var/www/extsuite/extmail/webmail.cf
2、修改主配置文件
#vi /var/www/extsuite/extmail/webmail.cf
部分修改选项的说明:
SYS_MESSAGE_SIZE_LIMIT = 5242880
用户可以发送的最大邮件
SYS_USER_LANG = en_US
语言选项,可改作:
SYS_USER_LANG = zh_CN
SYS_MAILDIR_BASE = /home/domains
此处即为您在前文所设置的用户邮件的存放目录,可改作:
SYS_MAILDIR_BASE = /var/mailbox
SYS_MYSQL_USER = db_user
SYS_MYSQL_PASS = db_pass
以上两句句用来设置连接数据库服务器所使用用户名、密码和邮件服务器用到的数据库,这里修改为:
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
SYS_MYSQL_HOST = localhost
指明数据库服务器主机名,这里默认即可
SYS_MYSQL_TABLE = mailbox
SYS_MYSQL_ATTR_USERNAME = username
SYS_MYSQL_ATTR_DOMAIN = domain
SYS_MYSQL_ATTR_PASSWD = password
以上用来指定验正用户登录里所用到的表,以及用户名、域名和用户密码分别对应的表中列的名称;这里默认即可
SYS_AUTHLIB_SOCKET = /var/spool/authdaemon/socket
此句用来指明authdaemo socket文件的位置,这里修改为:
SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket
3、apache相关配置
由于extmail要进行本地邮件的投递操作,故必须将运行apache服务器用户的身份修改为您的邮件投递代理的用户;本例中打开了apache服务器的suexec功能,故使用以下方法来实现虚拟主机运行身份的指定。此例中的MDA为postfix自带,因此将指定为postfix用户:
<VirtualHost *:80>
ServerName mail.magedu.com
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
SuexecUserGroup postfix postfix
</VirtualHost>
修改 cgi执行文件属主为apache运行身份用户:
# chown -R postfix.postfix /var/www/extsuite/extmail/cgi/
如果您没有打开apache服务器的suexec功能,也可以使用以下方法解决:
# vim /etc/httpd/httpd.conf
User postfix
Group postfix
<VirtualHost *:80>
ServerName mail.magedu.com
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
</VirtualHost>
4、依赖关系的解决
extmail将会用到perl的Unix::syslogd功能,您可以去http://search.cpan.org搜索下载原码包进行安装。
# tar zxvf Unix-Syslog-0.100.tar.gz
# cd Unix-Syslog-0.100
# perl Makefile.PL
# make
# make install
5、启动apache服务
# service httpd start
# chkconfig httpd on安装Extman-1.1
1、安装及基本配置
# tar zxvf extman-1.1.tar.gz
# mv extman-1.1 /var/www/extsuite/extman
修改配置文件以符合本例的需要:
# cp /var/www/extsuite/extman/webman.cf.default /var/www/extsuite/extman/webman.cf
# vi /var/www/extsuite/extman/webman.cf
SYS_MAILDIR_BASE = /home/domains
此处即为您在前文所设置的用户邮件的存放目录,可改作:
SYS_MAILDIR_BASE = /var/mailbox
SYS_DEFAULT_UID = 1000
SYS_DEFAULT_GID = 1000
此两处后面设定的ID号需更改为前而创建的postfix用户和postfix组的id号,本文使用的是2525,因此,上述两项需要修改为:
SYS_DEFAULT_UID = 2525
SYS_DEFAULT_GID = 2525
SYS_MYSQL_USER = webman
SYS_MYSQL_PASS = webman
修改为:
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
而后修改cgi目录的属主:
# chown -R postfix.postfix /var/www/extsuite/extman/cgi/
在apache的主配置文件中Extmail的虚拟主机部分,添加如下两行:
ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi
Alias /extman /var/www/extsuite/extman/html
创建其运行时所需的临时目录,并修改其相应的权限:
#mkdir -pv /tmp/extman
#chown postfix.postfix /tmp/extman
修改
SYS_CAPTCHA_ON = 1
为
SYS_CAPTCHA_ON = 0
好了,到此为止,重新启动apache服务器后,您的Webmail和Extman已经可以使用了,可以在浏览器中输入指定的虚拟主机的名称进行访问,如下:
http://mail.magedu.com
选择管理即可登入extman进行后台管理了。默认管理帐号为:root@extmail.org 密码为:extmail*123*
说明:
(1) 如果您安装后无法正常显示校验码,安装perl-GD模块会解决这个问题。如果想简单,您可以到以下地址下载适合您的平台的rpm包,安装即可: http://dries.ulyssis.org/rpm/packages/perl-GD/info.html
(2) extman-1.1自带了图形化显示日志的功能;此功能需要rrdtool的支持,您需要安装此些模块才可能正常显示图形日志。
2、配置Mailgraph_ext,使用Extman的图形日志:(下面所需的软件包面要自己下载)
接下来安装图形日志的运行所需要的软件包Time::HiRes、File::Tail和rrdtool,其中前两个包您可以去http://search.cpan.org搜索并下载获得,后一个包您可以到 http://oss.oetiker.ch/rrdtool/pub/?M=D下载获得; 注意安装顺序不能改换。
安装Time::HiRes
#tar zxvf Time-HiRes-1.9707.tar.gz
#cd Time-HiRes-1.9707
#perl Makefile.PL
#make
#make test
#make install
安装File::Tail
#tar zxvf File-Tail-0.99.3.tar.gz
#cd File-Tail-0.99.3
#perl Makefile
#make
#make test
#make install
安装rrdtool-1.2.23
#tar zxvf rrdtool-1.2.23.tar.gz
#cd rrdtool-1.2.23
#./configure --prefix=/usr/local/rrdtool
#make
#make install
创建必要的符号链接(Extman会到这些路径下找相关的库文件)
#ln -sv /usr/local/rrdtool/lib/perl/5.8.5/i386-linux-thread-multi/auto/RRDs/RRDs.so /usr/lib/perl5/5.8.5/i386-linux-thread-multi/
#ln -sv /usr/local/rrdtool/lib/perl/5.8.5/RRDp.pm /usr/lib/perl5/5.8.5
#ln -sv /usr/local/rrdtool/lib/perl/5.8.5/i386-linux-thread-multi/RRDs.pm /usr/lib/perl5/5.8.5
复制mailgraph_ext到/usr/local,并启动之
# cp -r /var/www/extsuite/extman/addon/mailgraph_ext /usr/local
# /usr/local/mailgraph_ext/mailgraph-init start
启动cmdserver(在后台显示系统信息)
# /var/www/extsuite/extman/daemon/cmdserver --daemon
添加到自动启动队列
# echo “/usr/local/mailgraph_ext/mailgraph-init start” >> /etc/rc.d/rc.local
# echo “/var/www/extsuite/extman/daemon/cmdserver -v -d” >> /etc/rc.d/rc.local
使用方法: 等待大约15分钟左右,如果邮件系统有一定的流量,即可登陆到extman里,点“图形日志”即可看到图形化的日志。具体每天,周,月,年的则点击相应的图片进入即可。 配置postfix使用maildrop投递邮件
配置postfix使用maildrop投递邮件
maildrop是一个使用C++编写的用来代替本地MDA的带有过滤功能邮件投递代理,是courier邮件系统组件之一。它从标准输入接受信息并投递到用户邮箱;maildrop既可以将邮件投递到mailboxes格式邮箱,亦可以将其投递到maildirs格式邮箱。同时,maildrop可以从文件中读取入站邮件过滤指示,并由此决定是将邮件送入用户邮箱或者转发到其它地址等。和procmail不同的是,maildrop使用结构化的过滤语言,因此,邮件系统管理员可以开发自己的过滤规则并应用其中。
我们在此将使用maildrop来代替postfix自带的MDA,并以此为基础扩展后文的邮件杀毒和反垃圾邮件功能的调用;在此可能会修改前文中的许多设置,请确保您的设置也做了相应的修改。
1、安装
将courier-authlib的头文件及库文件(参考第八部分的第四小节)链接至/usr目录(编译maildrop时会到此目录下找此些相关的文件):
# ln -sv /usr/local/courier-authlib/bin/courierauthconfig /usr/bin
# ln -sv /usr/local/courier-authlib/include/* /usr/include
maildrop需要pcre的支持,因此,需要事先提供pcre的头文件及库文件等开发组件。如果选择以yum源来提供pcre,请确保安装pcre-devel包。
# yum -y install pcre-devel
# groupadd -g 1001 vmail
# useradd -g vmail -u 1001 -M -s /sbin/nologin vmail
# tar xf maildrop-2.6.0.tar.bz2
# cd maildrop-2.6.0
# ./configure \
--enable-sendmail=/usr/sbin/sendmail \
--enable-trusted-users='root vmail' \
--enable-syslog=1 --enable-maildirquota \
--enable-maildrop-uid=1001 \
--enable-maildrop-gid=1001 \
--with-trashquota --with-dirsync
# make
# make install
检查安装结果,请确保有"Courier Authentication Library extension enabled."一句出现:
# maildrop -v
maildrop 2.6.0 Copyright 1998-2005 Double Precision, Inc.
GDBM/DB extensions enabled.
Courier Authentication Library extension enabled.
Maildir quota extension are now always enabled.
This program is distributed under the terms of the GNU General Public
License. See COPYING for additional information.
2、新建其配置文件/etc/maildroprc文件,首先指定maildrop的日志记录位置:
# vi /etc/maildroprc
添加:
logfile "/var/log/maildrop.log"
# touch /var/log/maildrop.log
# chown vmail.vmail /var/log/maildrop.log
3、配置Postfix
编辑master.cf
# vi /etc/postfix/master.cf
启用如下两行
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
注意:定义transport的时候,即如上两行中的第二行,其参数行必须以空格开头,否则会出错。
编辑main.cf
# vi /etc/postfix/main.cf
virtual_transport = virtual
修改为:
virtual_transport = maildrop
将下面两项指定的UID和GID作相应的修改:
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
修改为:
virtual_uid_maps = static:1001
virtual_gid_maps = static:1001
4、编辑/etc/authmysqlrc
# vi /etc/authmysqrc
MYSQL_UID_FIELD '2525'
MYSQL_GID_FIELD '2525'
更改为:
MYSQL_UID_FIELD '1001'
MYSQL_GID_FIELD '1001'
注意:没有此处的修改,maildrop可能会报告 “signal 0x06”的错误报告。
5、编辑/etc/httpd/httpd.conf,修改运行用户:
如果启用了suexec的功能,则将虚拟主机中指定的
SuexecUserGroup postfix postfix
修改为:
SuexecUserGroup vmail vmail
如果没有使用上面的功能,则修改User和Group指令后的用户为vmail
将前文中的如下项
User postfix
Group postfix
修改为:
User vmail
Group vmail
6、将用户邮件所在的目录/var/mailbox和extman的临时目录/tmp/extman的属主和属组指定为vmail
#chown -R vmail.vmail /var/mailbox
#chown -R vmail.vmail /tmp/extman
7、修改extman的主配置文件中的默认用户ID和组ID,确保其为类似如下内容
SYS_DEFAULT_UID = 1001
SYS_DEFAULT_GID = 1001
8、验正
接下来重新启动postfix和apache,进行发信测试后,如果日志中的记录类同以下项,则安装成功
Apr 15 15:33:54 localhost postfix/pipe[11964]: 04B92147CE9: to=<jerry@magedu.com>, relay=maildrop, delay=0.16, delays=0.07/0.03/0/0.07, dsn=2.0.0, status=sent (delivered via maildrop service)
基于pop3s,imaps加密
建一个私有CA
dir =/etc/pki/CA
cd /etc/pki/CA
vim /etc/dovecot.conf
编辑:
protocols = pop3 pop3s
# ssl_listen =
ssl_disable = no
ssl_cert_file = /etc/dovecot/ssl/dovecot.crt
ssl_key_file = /etc/dovecot/ssl/dovecot.key
service dovecot restart
netstat -tnlppop3s:995/tcp
imaps:993/tcpman openssl
man s_client
openssl s_client -connect SERVER:PORT -CAfile /path/to/CA_CERT
openssl s_client -connect mail.magedu.com/emailAddress=postadmin@magedu.com:995
使用mutt
mutt -f pops://hadoop@magedu.com@172.16.100.1tcpdump
协议报文分析器:
sniffer: 商业工具
tcpdump, wireshark(GUI), tshark(CLI)
tcpdump [options] 过滤条件
获取报文的条件:
ip src host 172.16.100.1
tcp src or dst port 21
udp dst port 53
tcp src or dst port 21 AND src host 172.16.100.1
tcp port 21 AND host 172.16.100.1
tcpdump的语法:
tcpdump [options] [Protocol] [Direction] [Host(s)] [Value] [Logical Operations] [Other expression]
Protocol(协议):
Values(取值): ether, fddi, ip, arp, rarp, decnet, lat, sca, moprc, mopdl, tcp and udp.
If no protocol is specified, all the protocols are used.
Direction(流向):
Values(取值): src, dst, src and dst, src or dst
If no source or destination is specified, the "src or dst" keywords are applied. (默认是src or dst)
For example, "host 10.2.2.2" is equivalent to "src or dst host 10.2.2.2".
Host(s)(主机):
Values(替代关键字): net, port, host, portrange.
If no host(s) is specified, the "host" keyword is used. 默认如果此段没有指定关键字,默认即host。
For example, "src 10.1.1.1" is equivalent to "src host 10.1.1.1".
Logical Operations:
(1) AND
and or &&
(2) OR
or or ||
(3) EXCEPT
not or !
常用选项:
-i any : Listen on all interfaces just to see if you're seeing any traffic.
-n : Don't resolve hostnames.
-nn : Don't resolve hostnames or port names.
-X : Show the packet's contents in both hex and ASCII.
-XX : Same as -X, but also shows the ethernet header.
-v, -vv, -vvv : Increase the amount of packet information you get back.
-c # : Only get x number of packets and then stop.
-s : Define the snaplength (size) of the capture in bytes. Use -s0 to get everything, unless you are intentionally capturing less.
-S : Print absolute sequence numbers.
-e : Get the ethernet header as well.
-q : Show less protocol information.
-E : Decrypt IPSEC traffic by providing an encryption key.
-A :Display Captured Packets in ASCII
-w /path/to/some_file : Capture the packets and write into a file
-r /path/from/some_file : Reading the packets from a saved file
-tttt : Capture packets with proper readable timestamp
eg:
tcpdump -i eht0 -X -nn -vv tcp port 110
ip host 172.16.100.1
ip src host 172.16.100.1
ip dst host 172.16.100.1
ip src and dst host 172.16.100.1
tcp src port 110postfix系统组件
收取邮件
发送邮件
实现垃圾邮件过滤
垃圾邮件过滤机制
内容过滤器:
APACHE: Spamassassin
Perl: 垃圾邮件分拣器
特征码
RBL: Realtime Black List
实时黑名单
关闭OpenRelay
病毒邮件:
clamav: 开源杀毒软件
病毒邮件服务器网关
呼叫器:caller,
MIMEDefang, Mailscanner, Amavisd-new
amavisd-new: spamassassin, clamav
perl: CPAN
2019
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
