十、编辑配置文件
[root@mail ~]# cp /etc/postfix/main.cf /etc/postfix/main.cfbak #备份
[root@mail ~]# vim /etc/postfix/main.cf
75 #myhostname = host.domain.tld
修改
75 myhostname = mail.postfix.org #本机名
83 #mydomain = domain.tld
修改:
83 mydomain = postfix.org #域名
99 #myorigin = $mydomain
修改为
99 myorigin = $mydomain
113 #inet_interfaces = all
修改为
113 inet_interfaces = all
161 #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
修改为
161 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
260 #mynetworks = 168.100.189.0/28, 127.0.0.0/8
修改为
260 mynetworks = 127.0.0.0/8 #提供邮件转发功能的网段
:wq
[root@mail ~]# service postfix restart
说明:
myhostname = mail.postfix.org 指定运行postfix邮件系统的主机名
myorigin = postfix.org 当发件人的信息不详细时,使用这个默认域
mydomain = $mydomain 指定域名,默认情况下postfix将myhostname的第一部分删除而作为mydomain的值
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain 指定发往哪里的邮件postfix服务器负责接收
mynetworks = 127.0.0.0/8 指定postfix为哪些网段的用户进行邮件中继
inet_interfaces = all
注意:
(1)在postfix的配置文件中,参数行和注释行是不能处在同一行中的;
(2)任何一个参数的值都不需要加引号,否则,引号将会被当作参数值的一部分来使用;
(3)每修改参数及其值后执行 postfix reload 即可令其生效;但若修改了inet_interfaces,则需重新启动postfix;
(4)如果一个参数的值有多个,可以将它们放在不同的行中,只需要在其后的每个行前多置一个空格即可;postfix会把第一个字符为空格或tab的文本行视为上一行的延续;
十一、为postfix开启基于cyrus-sasl的认证功能
添加此功能之后,当用户需要向外域发送邮件的话POSTFIX启用Cyrus-SASL函数库,来启动saslauthd程序,到存放用户帐号密码的地方进行认证,如果认证成功,则允许发送出去
1、使用以下命令验正postfix是否支持cyrus风格的sasl认证
postconf -a
如果您的输出为以下结果,则是支持的:
[root@mail ~]# postconf -a
cyrus
dovecot
2、编辑postfix的主配置文件
[root@mail ~]# vim /etc/postfix/main.cf
最后添加以下内容:
############################CYRUS-SASL############################
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!
3、文件
[root@mail ~]# cd /usr/lib/sasl2
[root@mail sasl2]# cp -p sendmail.conf smtpd.conf
[root@mail sasl2]# cp smtpd.conf smtpd.confbak #备份
[root@mail sasl2]# vim smtpd.conf
添加如下内容:
启动saslauthd认证服务,并将其加入到自动启动队列:
[root@mail sasl2]# service saslauthd start
[root@mail sasl2]# chkconfig saslauthd on
4、让postfix重新加载配置文件
[root@mail sasl2]# postfix reload
5、验证是否成功启用saslauthd服务
[root@mail sasl2]# telnet mail.postfix.org 25
Trying 172.16.1.254...
Connected to mail.postfix.org (172.16.1.254).
Escape character is '^]'.
220 Welcome to our mail.postfix.org ESMTP,Warning: Version not Available!
EHLO mail.postfix.org
250-mail.postfix.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN *有这两行输出信息则
250-AUTH=LOGIN PLAIN -表示此功能成功启用
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
十二、安装Courier authentication library
安装Courier authentication library是让postfix能够和mysql数据库连接,将用户的帐号和密码放在数据库中,以便能够提供用户认证
1、编译、安装Courier authentication library
[root@mail ~]# tar -jxvf courier-authlib-0.63.0.tar.bz2 -C /usr/local/src/
[root@mail ~]# cd /usr/local/src/
[root@mail src]# cd courier-authlib-0.63.0/
[root@mail courier-authlib-0.63.0]# ./configure --prefix=/usr/local/courier-authlib --sysconfdir=/etc --with-authmysql --with-mysql-libs=/usr/lib/mysql --with-mysql-includes=/usr/include/mysql --with-redhat --with-authmysqlrc=/etc/authmysqlrc --with-authdaemonrc=/etc/authdaemonrc --with-ltdl-lib=/usr/lib --with-ltdl-include=/usr/include
[root@mail courier-authlib-0.63.0]# make
[root@mail courier-authlib-0.63.0]# make install
[root@mail courier-authlib-0.63.0]# chmod 755 /usr/local/courier-authlib/var/spool/authdaemon
[root@mail courier-authlib-0.63.0]# cp /etc/authdaemonrc.dist /etc/authdaemonrc
[root@mail courier-authlib-0.63.0]# cp /etc/authmysqlrc.dist /etc/authmysqlrc
2、修改/etc/authdaemonrc 文件
[root@mail courier-authlib-0.63.0]# cp /etc/authdaemonrc /etc/authdaemonrcbak #备份
[root@mail courier-authlib-0.63.0]# vim /etc/authdaemonrc
27 authmodulelist="authuserdb authpwd authshadow authmysql authcustom authpipe"
修改为
27 authmodulelist="authmysql"
34 authmodulelistorig="authuserdb authpwd authshadow authmysql authcustom authpipe"
修改为
34 authmodulelistorig="authmysql"
53 daemons=5
修改为
53 daemons=10
:wq
3、编辑/etc/authmysqlrc 对应项需改结果如下
[root@mail courier-authlib-0.63.0]# cp /etc/authmysqlrc /etc/authmysqlrcbak #备份
[root@mail courier-authlib-0.63.0]# vim /etc/authmysqlrc
26 MYSQL_SERVER mysql.example.com
修改为
26 MYSQL_SERVER localhost
27 MYSQL_USERNAME admin
修改为
27 MYSQL_USERNAME extmail #指定后文要用的数据库的所有者的用户名
28 MYSQL_PASSWORD admin
修改为
28 MYSQL_PASSWORD extmail #指定后文要用的数据库的所有者的密码
49 # MYSQL_SOCKET /var/mysql/mysql.sock
修改为
49 MYSQL_SOCKET /var/lib/mysql/mysql.sock
56 MYSQL_PORT 0
修改为
56 MYSQL_PORT 3306 #指定你的mysql监听的端口,这里使用默认的3306
68 MYSQL_DATABASE mysql
修改为
68 MYSQL_DATABASE extmail
83 MYSQL_USER_TABLE passwd
修改为
83 MYSQL_USER_TABLE mailbox
92 MYSQL_CRYPT_PWFIELD crypt
修改为
92 MYSQL_CRYPT_PWFIELD password
113 MYSQL_UID_FIELD uid
修改为
113 MYSQL_UID_FIELD 2525
119 MYSQL_GID_FIELD gid
修改为
119 MYSQL_GID_FIELD 2525
128 MYSQL_LOGIN_FIELD id
修改为
128 MYSQL_LOGIN_FIELD username
133 MYSQL_HOME_FIELD home
修改为
133 MYSQL_HOME_FIELD concat('/var/mailbox/',homedir)
150 # MYSQL_MAILDIR_FIELD maildir
修改为
150 # MYSQL_MAILDIR_FIELD concat('/var/mailbox/',maildir)
:wq
创建此服务加入系统服务列表
[root@mail courier-authlib-0.63.0]# cp courier-authlib.sysvinit /etc/init.d/courier-authlib
[root@mail courier-authlib-0.63.0]# chmod 755 /etc/init.d/courier-authlib
[root@mail courier-authlib-0.63.0]# service courier-authlib restart
Stopping Courier authentication services: authdaemond
Starting Courier authentication services: authdaemond
[root@mail courier-authlib-0.63.0]# chkconfig --add courier-authlib
[root@mail courier-authlib-0.63.0]# chkconfig --level 2345 courier-authlib on
[root@mail courier-authlib-0.63.0]# echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf.d/courier-authlib.conf
[root@mail courier-authlib-0.63.0]# ldconfig -v #重新加载库文件
4、新建虚拟用户邮箱所在的目录,并将其权限赋予postfix用户
[root@mail courier-authlib-0.63.0]# mkdir –pv /var/mailbox
[root@mail courier-authlib-0.63.0]# chown -R postfix /var/mailbox
[root@mail courier-authlib-0.63.0]# ll /var/mail
lrwxrwxrwx 1 root root 10 Dec 18 17:06 /var/mail -> spool/mail
[root@mail courier-authlib-0.63.0]# ll -d /var/mailbox
drwxr-xr-x 2 postfix root 4096 Dec 24 14:27 /var/mailbox
5、重新配置SMTP 认证
[root@mail courier-authlib-0.63.0]# vim /usr/lib/sasl2/smtpd.conf
注释两行内容:
#pwcheck_method: saslauthd
#mech_list:PLAIN LOGIN
添加以下内容:
mech_liseck_method: authdaemond
log_level: 3
mech_list:PLAIN LOGIN
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket:PLAIN LOGIN
:wq
十三、让postfix支持虚拟域和虚拟用户
1、编辑postfix主配置文件
[root@mail courier-authlib-0.63.0]# vim /etc/postfix/main.cf
在最后添加以下内容:
########################Virtual Mailbox Settings########################
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
##########################QUOTA Settings########################
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again later.
virtual_overquota_bounce = yes
:wq
2、使用extman源码目录下docs目录中的extmail.sql和init.sql建立数据库
[root@mail ~]# tar -zxvf extman-1.1.tar.gz -C /usr/local/src/
[root@mail ~]# cd /usr/local/src/
[root@mail src]# cd extman-1.1/
[root@mail extman-1.1]# cd docs/
[root@mail docs]# mysql -u root -p <extmail.sql
Enter password: 输入数据库密码:redhat
[root@mail docs]# mysql -u root -p <init.sql
Enter password: 输入数据库管理员密码:redhat
[root@mail docs]# mysql -u root -p
Enter password: 输入数据库管理员密码:redhat
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.0.77 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| extmail | 建立成功
| mysql |
| test |
+--------------------+
4 rows in set (0.02 sec)
mysql> use extmail;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+-------------------+
| Tables_in_extmail |
+-------------------+
| alias |
| domain |
| domain_manager |
| mailbox |
| manager |
+-------------------+
5 rows in set (0.00 sec)
mysql> \q
Bye
[root@mail docs]# cp mysql* /etc/postfix/
3、授予用户extmail访问extmail数据库的权限
[root@mail docs]# mysql -u root -p
Enter password: 输入数据库管理员密码:redhat
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
[root@mail docs]# mysql -u root -p
Enter password: 输入数据库管理员密码:redhat
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.0.77 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> GRANT all privileges on extmail.* TO extmail@localhost IDENTIFIED BY 'extmail';
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT all privileges on extmail.* TO extmail@127.0.0.1 IDENTIFIED BY 'extmail';
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
mysql> \q
Bye
[root@mail docs]# service postfix restart
本文转自 yhw85 51CTO博客,原文链接:http://blog.51cto.com/yanghuawu/1103288,如需转载请自行联系原作者
