配置extmail 過(guò)程詳解所用軟件包:(本文中, 以下軟件包都將在/root中存放), 軟件包都是最新的源代碼包。Postfix-2.6.2Mysql-5.0.45Cyrus-sasl-2.1.22

配置extmail 過(guò)程詳解

所用軟件包:(本文中, 以下軟件包都將在/root中存放), 軟件包都是最新的源代碼包。

Postfix-2.6.2

Mysql-5.0.45

Cyrus-sasl-2.1.22

DB-4.5.20

Openssl-0.9.8e

Php-5.2.3

courier-authlib-0.58

courier-imap-4.1.0

Extmail-1.1.0(依賴關(guān)系包:Unix-Syslog-1.1.tar.gz,DBD-mysql-3.0008.tar.gz)

Extman-0.2.5(依賴關(guān)系包:gd-2.0.35,GD-2.44,配置圖形日志所需軟件包:Time-HiRes-1.9719.tar.gz,File-Tail-0.99.3.tar.gz,rrdtool-1.2.30.tar.gz )

maildrop-2.0.2(需要pcre 的支持,pcre-7.3.tar.bz2)

clamav-0.91.2

amavisd-new-2.6.4

Mail-SpamAssassin-3.2.5

系統(tǒng)邏輯結(jié)構(gòu)

前提：開(kāi)始前請(qǐng)確保您已經(jīng)配置好指向此郵件服務(wù)器MX 記錄及其它DNS 設(shè)置；本示例中的域名為gdc8888.com ，郵件服務(wù)器FQDN 為mail.gdc8888.com ，IP 地址為192.168.1.11；同時(shí)，如果您的服務(wù)器事先已經(jīng)安裝了sendmail ，請(qǐng)卸載之；

一、安裝mysql-5.0.45

# rpm -qa |grep mysql|xargs rpm -e --nodeps（刪除系統(tǒng)自帶的mysql ）

# groupadd mysql

# useradd -g mysql -s /bin/false -M mysql

# tar zxvf mysql-5.0.45.tar.gz

# cd mysql-5.0.45

#./configure --prefix=/usr/local/mysql --enable-thread-safe-client --enable-local-infile --with-charset=gbk --with-extra-charset=all --with-low-memory

# make

# make install

# cp support-files/my-medium.cnf /etc/my.cnf

# cd /usr/local/mysql

# chown -R mysql .

# chgrp -R mysql .

# bin/mysql_install_db --user=mysql

# chown -R root .

# chown -R mysql var

# bin/mysqld_safe --user=mysql &

# netstat -tnl(查看有沒(méi)有打開(kāi)3306端口)

# cd /root/mysql-5.0.45 (這里的目錄指的是原壓縮包解壓后的目錄) # cp support-files/mysql.server /etc/rc.d/init.d/mysqld

# chmod 700 /etc/rc.d/init.d/mysqld

加入自動(dòng)啟動(dòng)服務(wù)隊(duì)列：

# chkconfig --add mysqld

# chkconfig --level 345 mysqld on

測(cè)試

# /usr/local/mysql/bin/mysqladmin ping

# /usr/local/mysql/bin/mysqladmin version

# /usr/local/mysql/bin/mysql

添加root 密碼

# /usr/local/mysql/bin/mysqladmin -u root password 'password' 新密碼

說(shuō)明：此時(shí)mysql 的root 用戶的密碼為空

配置庫(kù)文件搜索路徑

# echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf

# ldconfig -v

添加/usr/local/mysql/bin到環(huán)境變量PATH 中

# export PATH=$PATH:/usr/local/mysql/bin

二、安裝openssl-0.9.8e

# tar zxvf openssl-0.9.8e.tar.gz

# cd openssl-0.9.8e

# ./config shared zlib

# make

# make test

# make install

# mv /usr/bin/openssl /usr/bin/openssl.OFF

# mv /usr/include/openssl /usr/include/openssl.OFF

# rm /usr/lib/libssl.so

# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

# ln -s /usr/local/ssl/include/openssl /usr/include/openssl

# ln -sv /usr/local/ssl/lib/libssl.so.0.9.8 /usr/lib/libssl.so

配置庫(kù)文件搜索路徑

# echo "/usr/local/ssl/lib" >> /etc/ld.so.conf

# ldconfig -v

檢測(cè)安裝結(jié)果

# openssl version

OpenSSL 0.9.8e 23 Feb 2007

三、安裝BerkeleyDB

# tar zxvf db-4.5.20.tar.gz

# cd db-4.5.20/build_unix

# ../dist/configure --prefix=/usr/local/BerkeleyDB

# make

# make install

修改相應(yīng)的頭文件指向

# mv /usr/include/db4 /usr/inculde/db4.OFF

# rm /usr/include/db_cxx.h

# rm /usr/include/db.h

# rm /usr/include/db_185.h

# ln -sv /usr/local/BerkeleyDB/include /usr/include/db4

# ln -sv /usr/local/BerkeleyDB/include/db.h /usr/include/db.h

# ln -sv /usr/local/BerkeleyDB/include/db_cxx.h /usr/include/db_cxx.h

配置庫(kù)文件搜索路徑

# echo "/usr/local/BerkeleyDB/lib" >> /etc/ld.so.conf

# ldconfig -v

四、安裝httpd-2.2.4

# tar jxvf httpd-2.2.4.tar.bz2

# cd httpd-2.2.4

#./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd --enable-so --enable-ssl --with-ssl=/usr/local/ssl --enable-track-vars --enable-rewrite --with-zlib --enable-mods-shared=most --enable-suexec --with-suexec-caller=daemon --with-suexec-docroot=/var/www

# make

# make install

# echo "/usr/local/apache/bin/apachectl start" >> /etc/rc.local(系統(tǒng)啟動(dòng)時(shí)服務(wù)自動(dòng)啟動(dòng))

安裝：libpng 以支持PHP

五、安裝php-5.2.3

# tar -zvxf php-5.2.3.tar.gzmak

# mkdir -p /usr/local/php

# cd php-5.2.3

#./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache/bin/apxs --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-xml --with-png --with-jpeg --with-zlib --with-freetype --with-gd --enable-track-vars --enable-mbstring=all

# make

# make install

# cp php.ini-dist /usr/local/php/lib/php.ini

注：編輯apache 配置文件httpd.conf ，以apache 支持php

# vi /etc/httpd/httpd.conf

1、添加如下二行

AddType application/x-httpd-php .php

AddType application/x-httpd-php-source .phps

2、定位至DirectoryIndex index.html

修改為：

DirectoryIndex index.php index.html

3、按照使用習(xí)慣，這里將網(wǎng)站根目錄指定到/var/www：

找到DocumentRoot “/usr/local/apache/htdocs”

修改為：DocumentRoot “/var/www”(后文中我們還會(huì)注釋掉此行，以啟用虛擬主機(jī))

找到

修改為：

找到<#ServerName www.example.com:80>

修改為: 注意把#去掉

說(shuō)明:這個(gè)對(duì)本文來(lái)說(shuō)并非是不可少的。

# mkdir /var/www

# /usr/local/apache/bin/apachectl start 啟動(dòng)apache 服務(wù)

最后一步重新啟動(dòng)apache 報(bào)如下錯(cuò)誤:（NND 美好的事總是最后發(fā)生異常）

/usr/local/apache/modules/libphp5.so into server: /usr/local/apache/modules/libphp5.so: cannot restore segment prot after reloc: Permission denied

解決辦法：

原因是Linux 有一個(gè)SELinux 保護(hù)模式引起的。

1關(guān)閉SELINUX 的方法:

vi /etc/selinux/config 將SELINUX=enforcing 改成SELINUX=disabled 需要重啟

2不關(guān)閉SELINUX 的方法:

# setenforce 0

# chcon -c -v -R -u system_u -r object_r -t textrel_shlib_t

/usr/local/apache/modules/libphp5.so

# service httpd restart

# setenforce 1

六、安裝Courier authentication library

1. 先添加vuser 用戶和vgroup 組

# groupadd -g 1000 vgroup

# useradd -g 1000 -u 1000 -M -s /bin/false vuser

# tar jxvf courier-authlib-0.58.tar.bz2

# cd courier-authlib-0.58

#./configure --prefix=/usr/local/courier-authlib --without-stdheaderdir --sysconfdir=/etc --without-authpam --without-authldap --without-authpwd --without-authshadow --without-authvchkpw --without-authpgsql --with-authmysql --with-mysql-libs=/usr/local/mysql/lib/mysql

--with-mysql-includes=/usr/local/mysql/include/mysql --with-redhat --with-mailuser=vuser --with-mailgroup=vgroup --with-authmysqlrc=/etc/authmysqlrc --with-authdaemonrc=/etc/authdaemonrc CFLAGS="-march=i686 -O2 -fexpensive-optimizations" CXXFLAGS="-march=i686 -O2 -fexpensive-optimizations"

# make

# make install

# make install-migrate

# make install-configure

# chmod 755 /usr/local/courier-authlib/var/spool/authdaemon(這一步需注意，這一步若沒(méi)有，則會(huì)出現(xiàn)authdaemon 權(quán)限拒絕。)

# cp /etc/authdaemonrc.dist /etc/authdaemonrc

# cp /etc/authmysqlrc.dist /etc/authmysqlrc

修改/etc/authdaemonrc 文件

authmodulelist="authmysql"

authmodulelistorig="authmysql"

daemons=10

DEBUG_LOGIN=2

編輯/etc/authmysqlrc 為以下內(nèi)容，其中1000,1000為vuser 用戶的UID 和vgroup 的GID 。

MYSQL_SERVER localhost

MYSQL_PORT 3306 (指定你的mysql 監(jiān)聽(tīng)的端口，這里使用默認(rèn)的3306)

MYSQL_USERNAME extmail (這時(shí)為后文要用的數(shù)據(jù)庫(kù)的所有者的用戶名)

MYSQL_PASSWORD extmail (密碼)

MYSQL_SOCKET /tmp/mysql.sock

MYSQL_DATABASE extmail

MYSQL_USER_TABLE mailbox

MYSQL_CRYPT_PWFIELD password

MYSQL_UID_FIELD 1000

MYSQL_GID_FIELD 1000

MYSQL_LOGIN_FIELD username

MYSQL_HOME_FIELD concat('/var/mailbox/',homedir)

MYSQL_NAME_FIELD name

MYSQL_MAILDIR_FIELD concat('/var/mailbox/',maildir)

MYSQL_QUOTA_FIELD quota

# cp courier-authlib.sysvinit /etc/rc.d/init.d/courier-authlib

# chmod 755 /etc/rc.d/init.d/courier-authlib

# chkconfig --add courier-authlib

# chkconfig courier-authlib on

# echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf # ldconfig

# ldconfig -v

# service courier-authlib start (啟動(dòng)服務(wù))

七、安裝Courier-IMAP

# tar jxvf courier-imap-4.1.0.tar.bz2

# cd courier-imap-4.1.0

#./configure --prefix=/usr/local/courier-imap --with-redhat --enable-unicode --disable-root-check --with-trashquota --without-ipv6 CPPFLAGS='-I/usr/local/ssl/include/openssl -I/usr/local/courier-authlib/include' LDFLAGS='-L/usr/local/courier-authlib/lib/courier-authlib'

COURIERAUTHCONFIG='/usr/local/courier-authlib/bin/courierauthconfig' # make

# make install

# cp /usr/local/courier-imap/etc/imapd.dist /usr/local/courier-imap/etc/imapd

# cp /usr/local/courier-imap/etc/imapd-ssl.dist /usr/local/courier-imap/etc/imapd-ssl # cp /usr/local/courier-imap/etc/pop3d.dist /usr/local/courier-imap/etc/pop3d

# cp /usr/local/courier-imap/etc/pop3d-ssl.dist /usr/local/courier-imap/etc/pop3d-ssl 配置Courier-IMAP ，為用戶提供pop3服務(wù)：

vi /usr/local/courier-imap/etc/pop3d

POP3DSTART=YES

注：如果你想為用戶提供IMAP 服務(wù)，則需在"/usr/local/courier-imap/etc/imapd"文件中設(shè)置"IMAPDSTART=yes"；其它類(lèi)同；

新建虛擬用戶郵箱所在的目錄，并將其權(quán)限賦予vuser 用戶：

# mkdir –pv /var/mailbox

# chown -R vuser.vgroup /var/mailbox

# cp courier-imap.sysvinit /etc/rc.d/init.d/courier-imapd

# chmod 755 /etc/rc.d/init.d/courier-imapd

# chkconfig --add courier-imapd

# chkconfig --level 2345 courier-imapd on

# service courier-imapd start

八、安裝sasl-2.1.22

刪除系統(tǒng)自帶的cyrus-sasl

# rpm -qa|grep cyrus-sasl |xargs rpm -e --nodeps

# rm -rf /usr/lib/sasl

# rm -rf /usr/lib/sasl2

# tar zxvf cyrus-sasl-2.1.22.tar.gz

# cd cyrus-sasl-2.1.22

#./configure --disable-ntlm --disable-krb4 --disable-gssapi --disable-anon --disable-sample --enable-plain --enable-digest -enable-cram --enable-login --enable-sql --with-mysql=/usr/local/mysql --with-mysql-includes=/usr/local/mysql/include/mysql

--with-mysql-libs=/usr/local/mysql/lib/mysql

--with-authdaemond=/usr/local/courier-authlib/var/spool/authdaemon/socket # make

# make install

# ln -sv /usr/local/lib/sasl2 /usr/lib/sasl2

創(chuàng)建運(yùn)行時(shí)需要的目錄并調(diào)試啟動(dòng)

# mkdir -pv /var/state/saslauthd

# /usr/local/sbin/saslauthd -a shadow pam -d

啟動(dòng)并測(cè)試

# /usr/local/sbin/saslauthd -a shadow pam

# /usr/local/sbin/testsaslauthd -u root -p 用戶密碼 如果提示OK "Success."，則成功。

配置庫(kù)文件搜索路徑

# echo "/usr/local/lib" >> /etc/ld.so.conf

# ldconfig

# ldconfig -v

開(kāi)機(jī)自動(dòng)啟動(dòng)

# echo "/usr/local/sbin/saslauthd -a shadow pam">>/etc/rc.local

接下來(lái)配置SMTP 認(rèn)證，編輯 /usr/local/lib/sasl2/smtpd.conf,確保其為以下內(nèi)容： pwcheck_method: authdaemond

log_level: 3

mech_list:PLAIN LOGIN

authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket

九、安裝Postfix-2.6.2

安裝之前請(qǐng)先卸載掉sendmail

# /etc/init.d/sendmail stop

# rpm -qa |grep sendmail|xargs rpm -e --nodeps

1．安裝

# groupadd -g 2525 postfix

# useradd -g postfix -u 2525 -s /sbin/nologin -M postfix

# groupadd -g 2526 postdrop

# useradd -g postdrop -u 2526 -s /bin/false -M postdrop

# tar zxvf postfix-2.6.2.tar.gz

# cd postfix-2.6.2

#make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/local/include/sasl -I/usr/local/BerkeleyDB/include -DUSE_TLS -I/usr/local/ssl/include/openssl ' 'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient -lz -lm -L/usr/local/lib -lsasl2 -L/usr/local/BerkeleyDB/lib -L/usr/local/ssl/lib -lssl -lcrypto'

# make

# make install

按照以下的提示輸入相關(guān)的路徑([]號(hào)中的是缺省值，”]”后的是輸入值) install_root: [/] /

tempdir: [/root/postfix-2.6.2]

config_directory: [/etc/postfix]

daemon_directory: [/usr/libexec/postfix]

command_directory: [/usr/sbin]

queue_directory: [/var/spool/postfix]

sendmail_path: [/usr/sbin/sendmail]

newaliases_path: [/usr/bin/newaliases]

mailq_path: [/usr/bin/mailq]

mail_owner: [postfix]

setgid_group: [postdrop]

html_directory: [no]

manpages: [/usr/local/man]

readme_directory: [no]

說(shuō)明：上面我全都采用默認(rèn)安裝，這樣使用起來(lái)會(huì)更為方便些；

生成別名二進(jìn)制文件，這個(gè)步驟如果忽略，會(huì)造成postfix 效率極低： # newaliases

2．進(jìn)行一些基本配置，測(cè)試啟動(dòng)postfix 并進(jìn)行發(fā)信

#vi /etc/postfix/main.cf

修改以下幾項(xiàng)為您需要的配置

myhostname = mail.gdc8888.com

myorigin = gdc8888.com

mydomain = gdc8888.com

mydestination = $myhostname, localhost.$mydomain, localhost

mynetworks = 192.168.1.0/24, 127.0.0.0/8

說(shuō)明:

myorigin 參數(shù)用來(lái)指明發(fā)件人所在的域名；

mydestination 參數(shù)指定postfix 接收郵件時(shí)收件人的域名，即您的postfix 系統(tǒng)要接收到哪個(gè)域名的郵件；myhostname 參數(shù)指定運(yùn)行postfix 郵件系統(tǒng)的主機(jī)的主機(jī)名，默認(rèn)情況下，其值被設(shè)定為本地機(jī)器名；mydomain 參數(shù)指定您的域名，默認(rèn)情況下，postfix 將myhostname 的第一部分刪除而作為mydomain 的值；mynetworks 參數(shù)指定你所在的網(wǎng)絡(luò)的網(wǎng)絡(luò)地址，postfix 系統(tǒng)根據(jù)其值來(lái)區(qū)別用戶是遠(yuǎn)程的還是本地的，如果是本地網(wǎng)絡(luò)用戶則允許其訪問(wèn)；

inet_interfaces 參數(shù)指定postfix 系統(tǒng)監(jiān)聽(tīng)的網(wǎng)絡(luò)接口；

注意：

1、在postfix 的配置文件中，參數(shù)行和注釋行是不能處在同一行中的；

2、任何一個(gè)參數(shù)的值都不需要加引號(hào)，否則，引號(hào)將會(huì)被當(dāng)作參數(shù)值的一部分來(lái)使用；

3、每修改參數(shù)及其值后執(zhí)行 postfix reload 即可令其生效；但若修改了inet_interfaces，則需重新啟動(dòng)postfix ；

4、如果一個(gè)參數(shù)的值有多個(gè)，可以將它們放在不同的行中，只需要在其后的每個(gè)行前多置一個(gè)空格即可；postfix 會(huì)把第一個(gè)字符為空格或tab 的文本行視為上一行的延續(xù)；

啟動(dòng)postfix

# /usr/sbin/postfix start

十、為postfix 開(kāi)啟基于cyrus-sasl 的認(rèn)證功能

使用以下命令驗(yàn)正postfix 是否支持cyrus 風(fēng)格的sasl 認(rèn)證，如果您的輸出為以下結(jié)果，

則是支持的：

# postconf -a

cyrus

dovecot

#vi /etc/postfix/main.cf

在文件末尾添加以下內(nèi)容：

############################CYRUS-SASL############################ broken_sasl_auth_clients = yes

smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination permit

smtpd_sasl_auth_enable = yes

smtpd_sasl_local_domain = $myhostname

smtpd_sasl_security_options = noanonymous

smtpd_sasl_application_name = smtpd

smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!

讓postfix 重新加載配置文件

# postfix reload

十一、讓postfix 支持虛擬域和虛擬用戶

1、編輯/etc/postfix/main.cf，在文件末尾添加如下內(nèi)容：

########################Virtual Mailbox Settings######################## virtual_mailbox_base = /var/mailbox

virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_alias_domains =

virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf

virtual_uid_maps = static:1000

virtual_gid_maps = static:1000

virtual_transport = maildrop

maildrop_destination_recipient_limit = 1

maildrop_destination_concurrency_limit = 1

##########################QUOTA Settings######################## message_size_limit = 14336000

virtual_mailbox_limit = 20971520

virtual_create_maildirsize = yes

virtual_mailbox_extended = yes

virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf

virtual_mailbox_limit_override = yes

virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again later.