project4電子郵局

www.extmail.net

本章目錄：

        １、電子郵局介紹（成員的組成及工作原理）

        ２、回顧分析第一階段的郵局系統：        postfix(MTA smtp)+dovecot(pop3/imap)+squirrelmail(webmail)＋apache+php+DNS

        ３、分析虛擬用戶郵局系統：              postfix(MTA+maildrop+(MDA)couier-imap(MUA)+courier-authlib+apache(extmail/exman)+mysql

        ４、郵局部署之前的ＤＮＳ準備（ＭＸ）

        ５、部署虛擬用戶郵局系統

郵件角色

MTA 郵件傳輸代理  郵局    sendmail postfix qmail notes(IBM) exchange(MS)

MDA 郵件分發代理  代理機制

MUA 郵件用戶代理  客戶端  mail mutt  webmail foxmail outlook

郵件協議

smtp  簡單郵件傳輸協議   用于發送郵件  TCP  25 465

pop3  第三版郵局協議     用于接收郵件  TCP 110 995   離線模式(1-100)

imap  互聯網郵件訪問協議 用于接收郵件  TCP 443 993   在線模式(鎖定第幾封)

工作原理

                                          ---DNS MX -----

            MUA ---smtpd:25--- MTA  -smtpd--- MDA --smtpd--- MTA  --pop3/imap--- MUA

回顧

postfix(MTA smtp)+dovecot(pop3/imap)+squirrelmail(webmail)＋apache+php+DNS + pam --> /etc/passwd|/etc/shadow

虛擬用戶郵局系統

postfix(MTA)+maildrop(MDA)+couier-imap(MUA)+courier-authlib+apache(extmail/exman)+mysql

++++++++++部署虛擬用戶郵件系統++++++++++++++++

1 配置DNS的MX記錄

[root@i ~]# vim /var/named/uplooking.com.zone

$TTL 1D

@       IN SOA  dns.uplooking.com. root.uplooking.com. (

                                        0       ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

@       NS      dns.uplooking.com.  --DNS服務器

dns     A       192.168.0.254

@       MX 5    mail.uplooking.com.  --郵件服務器

mail    A       192.168.0.1

[root@node1 ~]# echo "nameserver 192.168.0.254" > /etc/resolv.conf

[root@node1 ~]# host mail.uplooking.com

mail.uplooking.com has address 192.168.0.1

2  配置本地ISO源與EMOS源

[root@node1 ~]# rm -fr /etc/yum.repos.d/*

[root@node1 ~]# vim /etc/yum.repos.d/emos.repo

[local]

baseurl=ftp://192.168.0.254/pub/rhel6/dvd

gpgcheck=0

[emos]

baseurl=ftp://192.168.0.254/EMOS

gpgcheck=0

3 安裝MTA postfix  ---- 升級(qmail)

--升級postfix

[root@node1 ~]# yum -y install postfix

postfix是否加載mysql模塊

[root@node1 ~]# postconf -m |grep mysql

mysql

配置postfix(命令回顧)

# postconf--查詢所有已經生效配置

# postconf -n--查詢自定義的配置

# postconf -d--查詢默認配置

# postconf -m--查詢postfix支持的模塊列表

# postconf -e--通過非交互模式配置文件修改，用于腳本方式配置postfix

生成配置文件

[root@node1 ~]# postconf -n >> /etc/postfix/main.cf.new

[root@node1 ~]# mv /etc/postfix/main.cf /etc/postfix/main.cf.old

[root@node1 ~]# cp /etc/postfix/main.cf.new /etc/postfix/main.cf

[root@node1 ~]# vim /etc/postfix/main.cf

alias_database = hash:/etc/postfix/aliases

alias_maps = hash:/etc/postfix/aliases

command_directory = /usr/sbin

config_directory = /etc/postfix

daemon_directory = /usr/libexec/postfix

data_directory = /var/lib/postfix

debug_peer_level = 2

html_directory = /usr/share/doc/postfix-2.7.3-documentation/html

mail_owner = postfix

mailq_path = /usr/bin/mailq.postfix

manpage_directory = /usr/share/man

newaliases_path = /usr/bin/newaliases.postfix

queue_directory = /var/spool/postfix

readme_directory = /usr/share/doc/postfix-2.7.3-documentation/readme

sample_directory = /etc/postfix

sendmail_path = /usr/sbin/sendmail.postfix

setgid_group = postdrop

unknown_local_recipient_reject_code = 550

# hostname  --郵件主機信息

mynetworks = 127.0.0.1

myhostname = mail.uplooking.com

mydomain = uplooking.com

mydestination = $mynetworks $myhostname $mydomain

# banner --歡迎信息

mail_name = Postfix - by uplooking.com

smtpd_banner = $myhostname ESMTP $mail_name

# response immediately  --錯誤報告立刻返回

smtpd_error_sleep_time = 0s

# Message and return code control --單位字節  單封郵件與郵件家目錄的限制

message_size_limit = 50000000

mailbox_size_limit = 1024000000

show_user_unknown_table_name = no

# Queue lifetime control  --生命周期

bounce_queue_lifetime = 1d

maximal_queue_lifetime = 1d

4 安裝MDA (maildrop)

[root@node1 ~]# yum -y install maildrop

定義maildrop程序

[root@node1 ~]# id vuser

uid=1000(vuser) gid=1000(vgroup) 組=1000(vgroup)

[root@node1 ~]# vim /etc/postfix/master.cf

maildrop   unix        -       n        n        -        -        pipe

   flags=DRhu user=vuser argv=maildrop -w 90 -d ${user}@${nexthop} ${recipient} ${user} ${extension} {nexthop}

5  安裝配置Courier-Authlib驗證中間件：

[root@node1 ~]# rpm -qa  |grep authlib

courier-authlib-0.62.4-1.el6.FT.x86_64

[root@node1 docs]# yum -y install courier-authlib courier-authlib-mysql

[root@node1 ~]# rpm -ql courier-authlib |grep mysql

/etc/authlib/authmysqlrc.dist

/usr/share/doc/courier-authlib-0.62.4/README.authmysql.html

/usr/share/doc/courier-authlib-0.62.4/README.authmysql.myownquery

--清空配置文件 重新定義中間件程序 如何 連接數據庫

[root@node1 ~]# :> /etc/authlib/authmysqlrc

[root@node1 ~]# vim /etc/authlib/authmysqlrc

MYSQL_SERVER            localhost

MYSQL_USERNAME          extmail

MYSQL_PASSWORD          extmail

MYSQL_SOCKET            /var/lib/mysql/mysql.sock

MYSQL_PORT              3306

MYSQL_OPT               0

MYSQL_DATABASE          extmail

MYSQL_USER_TABLE        mailbox

MYSQL_CRYPT_PWFIELD     password

MYSQL_UID_FIELD         uidnumber

MYSQL_GID_FIELD         gidnumber

MYSQL_LOGIN_FIELD       username

MYSQL_HOME_FIELD        homedir

MYSQL_NAME_FIELD        name

MYSQL_MAILDIR_FIELD     maildir

MYSQL_QUOTA_FIELD       quota

MYSQL_SELECT_CLAUSE     SELECT username,password,"",uidnumber,gidnumber,\

                        CONCAT('/home/domains/',homedir),               \

                        CONCAT('/home/domains/',maildir),               \

                        quota,                                          \

                        name                                            \

                        FROM mailbox                                    \

                        WHERE username = '$(local_part)@$(domain)'

[root@node1 ~]# vim /etc/authlib/authdaemonrc

authmodulelist="authmysql"

authmodulelistorig="authmysql"

啟動服務

[root@node1 ~]# /etc/rc.d/init.d/courier-authlib  start

[root@node1 ~]# chkconfig courier-authlib on

修改authdaemon socket目錄權限,如果該目錄權限不正確修改，maildrop及postfix等將無法正確獲取用戶的信息及密碼認證：

思路 MTA--postfix--maildrop ---/var/spool/authdaemon/socket----- authdaemonrc---/etc/authlib/authmysqlrc

[root@node1 ~]# chmod 755 /var/spool/authdaemon/

6 虛擬主機設置

[root@node1 ~]# yum -y install httpd

[root@node1 ~]# vim /etc/httpd/conf.d/vhost_mail.uplooking.conf

NameVirtualHost *:80

<VirtualHost *:80>

ServerName mail.uplooking.com

DocumentRoot /var/www/extsuite/extmail/html/

ScriptAlias /extmail/cgi/ /var/www/extsuite/extmail/cgi/

Alias /extmail /var/www/extsuite/extmail/html/

ScriptAlias /extman/cgi/ /var/www/extsuite/extman/cgi/

Alias /extman /var/www/extsuite/extman/html/

# Suexec config

SuexecUserGroup vuser vgroup

</VirtualHost>

7  安裝與配置頁面

安裝頁面  后臺 webman --extsuite-webman

[root@node1 ~]# yum -y install extsuite-webman

安裝頁面  前端 extmail  --extsuite-webmail

[root@node1 ~]# yum -y install extsuite-webmail

配置頁面

[root@node1 ~]# cp /var/www/extsuite/extmail/webmail.cf.default /var/www/extsuite/extmail/webmail.cf

[root@node1 ~]# vim /var/www/extsuite/extmail/webmail.cf

SYS_MYSQL_USER = extmail

SYS_MYSQL_PASS = extmail

SYS_MYSQL_DB = extmail

SYS_MYSQL_HOST = localhost

SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock

修改權限

[root@node1 ~]# chown vuser.vgroup /var/www/extsuite/extmail/cgi/ -R

[root@node1 ~]# chown vuser.vgroup /var/www/extsuite/extman/cgi/ -R

[root@node1 ~]#  mkdir /tmp/extman

[root@node1 ~]#  chmod 777 /tmp/extman/

8  安裝數據庫

[root@node1 ~]# yum -y install mysql-server mysql

[root@node1 ~]# service mysqld start

導入mysql數據庫結構及初始化數據，root密碼默認為空

[root@node1 ~]# mysql < /var/www/extsuite/extman/docs/extmail.sql

[root@node1 ~]# mysql <   /var/www/extsuite/extman/docs/init.sql

測試帳號

[root@node1 ~]# mysql -uextmail -pextmail extmail  --SELECT，UPDATE

[root@node1 ~]# mysql -uwebman -pwebman extmail    --SELECT, INSERT, UPDATE, DELETE

啟動httpd

[root@node1 ~]# service httpd start

[root@node1 ~]# chkconfig httpd on

9 設置虛擬域和虛擬用戶的配置文件

[root@node1 ~]# cd /var/www/extsuite/extman/docs/

[root@node1 docs]# cp mysql_virtual_* /etc/postfix/

[root@node1 docs]# vim /etc/postfix/main.cf

#mydestination = $mynetworks $myhostname $mydomain

# extmail config here

virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf

virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf

virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf

virtual_transport = maildrop:

[root@node1 docs]# service postfix restart

登錄后臺注冊域名 uplooking.com

在注冊郵件用戶

http://mail.uplooking.com/extman/cgi/index.cgi

ExtMan的默認超級管理員帳戶：root@extmail.org，初始密碼：extmail*123*，登陸成功后，建議將密碼修改，以確保安全。

-----------測試

手連接數據庫

[root@node1 ~]# mysql -uextmail -pextmail extmail

mysql> SELECT username,password,"",uidnumber,gidnumber,CONCAT('/home/domains/',homedir),CONCAT('/home/domains/',maildir),quota,name from mailbox where username='u01@uplooking.com'\G

*************************** 1. row ***************************

                        username: u01@uplooking.com

                        password: $1$DxNPON8B$yzxRpp7lQu5.WWi4ljINF/

                                :

                       uidnumber: 1000

                       gidnumber: 1000

CONCAT('/home/domains/',homedir): /home/domains/uplooking.com/u01

CONCAT('/home/domains/',maildir): /home/domains/uplooking.com/u01/Maildir/

                           quota: 5242880S

                            name: user01

1 row in set (0.00 sec)

使用命令 自動連接數據庫查詢

[root@node1 docs]# authtest -s /var/spool/authdaemon/socket u01@uplooking.com 123

Authentication succeeded.

     Authenticated: u01@uplooking.com  (uid 1000, gid 1000)

    Home Directory: /home/domains/uplooking.com/u01

           Maildir: /home/domains/uplooking.com/u01/Maildir/

             Quota: 5242880S

Encrypted Password: $1$DxNPON8B$yzxRpp7lQu5.WWi4ljINF/

Cleartext Password: 123

           Options: (none)

[root@node1 docs]# authtest -s /var/spool/authdaemon/socket u02@uplooking.com 456

Authentication succeeded.

     Authenticated: u02@uplooking.com  (uid 1000, gid 1000)

    Home Directory: /home/domains/uplooking.com/u02

           Maildir: /home/domains/uplooking.com/u02/Maildir/

             Quota: 5242880S

Encrypted Password: $1$kIEJyc6F$MsDVCUtmS/mOw2vCpOOdg0

Cleartext Password: 456

           Options: (none)

配置圖形化日志：[熱]

[root@node1 docs]#  /usr/local/mailgraph_ext/mailgraph-init start

啟動cmdserver(在后臺顯示系統信息)

[root@node1 docs]# /var/www/extsuite/extman/daemon/cmdserver --daemon

10 安裝cyrus-sasl

[root@node1 docs]#  yum -y install cyrus-sasl cyrus-sasl-lib cyrus-sasl-plain

[root@node1 docs]# vim /etc/postfix/main.cf

# smtpd related config ----收件人定義  rcpt to:

smtpd_recipient_restrictions =                          

        permit_mynetworks,

        permit_sasl_authenticated,

        reject_non_fqdn_hostname,

        reject_non_fqdn_sender,

        reject_non_fqdn_recipient,

        reject_unauth_destination,

        reject_unauth_pipelining,

        reject_invalid_hostname,

# SMTP sender login matching config  -- --發件人定義 mail from:

smtpd_sender_restrictions =

        permit_mynetworks,

        reject_sender_login_mismatch,

        reject_authenticated_sender_login_mismatch,

        reject_unauthenticated_sender_login_mismatch

smtpd_sender_login_maps =

        mysql:/etc/postfix/mysql_virtual_sender_maps.cf,

        mysql:/etc/postfix/mysql_virtual_alias_maps.cf

# SMTP AUTH config here

broken_sasl_auth_clients = yes

smtpd_sasl_auth_enable = yes

smtpd_sasl_local_domain = $myhostname

smtpd_sasl_security_options = noanonymous

定義認證模塊如何連接數據庫

[root@node1 docs]# vim /usr/lib64/sasl2/smtpd.conf

pwcheck_method: authdaemond

log_level: 3

mech_list: PLAIN LOGIN

authdaemond_path:/var/spool/authdaemon/socket

[root@node1 docs]# service postfix restart

測試SMTP認證

通過以下命令獲得u01@uplooking.com的用戶名及密碼的BASE64編碼：

# perl -e 'use MIME::Base64; print encode_base64("u01\@uplooking.com")'

dTAxQHVwbG9va2luZy5jb20=

# perl -e  'use MIME::Base64; print encode_base64("123")'

MTIz

[root@node1 docs]# telnet mail.uplooking.com 25

Trying 192.168.0.1...

Connected to mail.uplooking.com.

Escape character is '^]'.

220 mail.uplooking.com ESMTP Postfix - by uplooking.com

ehlo localhost

250-mail.uplooking.com

250-PIPELINING

250-SIZE 50000000

250-VRFY

250-ETRN

250-AUTH LOGIN PLAIN

250-AUTH=LOGIN PLAIN

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

auth login

334 VXNlcm5hbWU6

dTAxQHVwbG9va2luZy5jb20=

334 UGFzc3dvcmQ6

MTIz

235 2.7.0 Authentication successful

quit

221 2.0.0 Bye

Connection closed by foreign host.

11 安裝Courier-imap

[root@node1 docs]# yum -y install courier-imap

[root@node1 docs]# /etc/init.d/courier-imap start

[root@node1 docs]# chkconfig courier-imap on

測試

[root@node1 docs]# telnet mail.uplooking.com 110

Trying 192.168.0.1...

Connected to mail.uplooking.com.

Escape character is '^]'.

+OK Hello there.

user u01@uplooking.com

+OK Password required.

pass 123

+OK logged in.

list

+OK POP3 clients that break here, they violate STD53.

1 658

.

retr 1

進入后臺  新增加新的域 qq.com

--配置DNS( 定義DNS的mx記錄)

[root@i ~]# vim /var/named/qq.com.zone

@       NS      dns.qq.com.

dns     A       192.168.0.254

@       MX 5    mail.qq.com.

mail    A       192.168.0.1

--測試mx記錄是否解析

[root@node1 ~]# host mail.qq.com

mail.qq.com has address 192.168.0.1

域列表----域名 qq.com

用戶  ---- q01@qq.com 密碼123

進入前端注冊郵箱地址 q02@qq.com 密碼456

http://mail.qq.com/extmail/cgi/index.cgi

測試帳號

[root@node1 ~]# authtest -s /var/spool/authdaemon/socket q01@qq.com 123

Authentication succeeded.

     Authenticated: q01@qq.com  (uid 1000, gid 1000)

    Home Directory: /home/domains/qq.com/q01

           Maildir: /home/domains/qq.com/q01/Maildir/

             Quota: 5242880S

Encrypted Password: $1$x4TzQksX$V4CTLdRCYbdRVd8w8SPUK.

Cleartext Password: 123

           Options: (none)

[root@node1 ~]# authtest -s /var/spool/authdaemon/socket q02@qq.com 456

Authentication succeeded.

  測試 q01@qq.com ---- q02@qq.com

       q02@qq.com ---- u01@uplooking.com

--------------------------------

安裝EMOS系統

[root@i ~]# vim /var/named/google.com.zone

@       NS      dns.google.com.

dns     A       192.168.0.254

@       MX 5    mail.google.com.

mail    A       192.168.0.10