基于openldap的邮件系统完全ports安装
postfix+ldap+sasl2+courier-imap for freebsd完全ports安装<br><br>
作者:柯贵中<br>
网站:www.chinake.com<br>
QQ:93606088<br>
邮箱:chaohucity@hotmail.com<br>
<br>
为什么使用FREEBSD?因为它有PORTS,有什么好处,就是你安装软件时就不用再考虑软件的依赖关系,它自己会添加的。这一点就足以位列所有的UNIX,包括类UNIX之首!!!!!<br>
本文力求使用最简单的方法,构建出高效的大容量的邮件系统。本次实践过程中得到了hefish的鼓励和帮助,基本过程是hefish的KUNMAIL系统地freebsd上的一次试验。由于新版openldap对某些字段定义的变化,kunmail.schema需要作一些变动,liut对此作些改动mail.schema,同时也使用了陈景峰的postfix.schema。其实直接使用qmail.schema就挺好。<br>
<br>
本文旨在帮助初学者,通过基本的架设过程,理解mail系统的基本原理,所以构建的系统也是最基本的,病毒防护和垃圾过滤网上的参照文件很多,就不写了。<br>
本文假设你对类UNIX有一定的了解,最好是架设或使用过邮件系统。本文的重点在openldap,如果你想使用mysql,请参照我的另一篇文章。<br>
本次试验在freebsd4.10下和freebsd5.4下成功通过。SASL2认证采用courier的AUTHDAEMOND认证,认证方式简单高效,只要courier认证通过,postfix认证肯定能通过。与postfix+mysql相比,只是数据库更改了,便于使用现有的经验来架设新的系统。<br>
暂时只使用PLAIN LOGIN,大多数电信都是这两种,对于openldap来说,这种认证方式并不比其自已本身的认证更好(openldap原文),但与sasl2结合,可以有更高的、更安全的认证方式。<br>
参考文章:<br>
1、<a target=_blank href=http://kunmail.cz8.net/>http://kunmail.cz8.net/</a><br>
2、<a target=_blank href=http://www.huihoo.com/internet/postfix/pis/book1.html>http://www.huihoo.com/internet/postfix/pis/book1.html</a><br>
<br>
<br>
第一章 系统准备<br>
<br>
<br>
如果你能够安装基本系统,可以跳过本章。本文未特别申明的,一律是以root身份操作。<br>
<br>
freebsd5.4安装<br>
选择最小化安装,配置好网络,添加perl5.8软件包。<br>
在本例中,机器名:mail.chinake.com<br>
域名:chinake.com<br>
默认网关:192.168.0.1<br>
IP地址:192.168.0.66<br>
<br>
1、cvsup安装<br>
由于5.4将不少软件包放在第二张盘上,所以只有通过网络安装了。<br>
设计pkg_add环境变量,使它使用国内的服务器,freebsd默认的shell是csh。<br>
bash shell <br>
#export PACKAGEROOT="<a target=_blank href=ftp://ftp.freebsdchina.org">ftp://ftp.freebsdchina.org"</a>; <br>
csh shell <br>
#setenv PACKAGEROOT "<a target=_blank href=ftp://ftp.freebsdchina.org">ftp://ftp.freebsdchina.org"</a>;<br>
#pkg_add -r cvsup-without-gui<br>
<br>
2、设计/etc/make.conf<br>
添加<br>
MASTER_SITE_OVERRIDE=ftp://ftp.freebsdchina.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR} <br>
<br>
3、更新ports树<br>
#/usr/local/bin/cvsup -g -L 2 -h ftp.freebsdchina.org /usr/share/examples/cvsup/ports-supfile ;<br>
<br>
第二章 邮件系统软件的安装<br>
<br>
1、安装openssl<br>
#cd /usr/ports/security/openssl; make install clean<br>
<br>
2 安装apache<br>
#cd /usr/ports/www/apache13-modssl;make install clean<br>
支持https连接,web服务路径为:/usr/local/www/data/。也可以选择apache2。<br>
#ee /etc/rc.conf;加入:apache_enable="YES"<br>
<br>
3 安装php4<br>
#cd /usr/ports/lang/php4;make install clean<br>
#cp /usr/local/etc/php.ini.dist /usr/local/etc/php.ini<br>
#ee /usr/local/etc/apache/httpd.conf<br>
在最后加入:<br>
AddType application/x-httpd-php .php<br>
AddType application/x-httpd-php-source .phps<br>
<br>
4 安装expect<br>
#cd /usr/ports/lang/expect<br>
#make install clean<br>
<br>
5 安装SASL2<br>
cd /usr/ports/security/cyrus-sasl2;make install WITH_AUTHDAEMON=yes clean;<br>
或者使用:make -DWITH_AUTHDAEMOND install clean<br>
#ln -s /usr/local/lib/sasl2 /usr/lib/sasl2;<br>
下面的这个smtpd.conf就是postfix调用的,很简单吧。<br>
#ee /usr/local/lib/sasl2/smtpd.conf ;<br>
pwcheck_method: authdaemond<br>
log_level: 3<br>
mech_list: PLAIN LOGIN<br>
authdaemond_path:/var/run/authdaemond/socket<br>
<br>
6 安装courier-imap<br>
#cd /usr/ports/mail/courier-imap<br>
#make install clean<br>
选择添加:[auth_ldap],[openssl],[gdbm]如果没有做,可以make config,进行重新选择。<br>
然后编辑/etc/rc.conf;增加courier_authdaemond_enable="YES"自启动,并启动:<br>
#/usr/local/etc/rc.d/courier_authdaemond.sh start。<br>
此时会在/var/run/authdaemond/下产生socket。<br>
chmod +x /var/run/authdaemond;<br>
给sasl可执行权限。<br>
<br>
我们这里是使用authdaemond认证,不使用pam认证,所以以下的不需要做:<br>
In case you use authpam, you should put the following lines<br>
in your /etc/pam.d/imap<br>
auth required pam_unix.so try_first_pass<br>
account required pam_unix.so try_first_pass<br>
session required pam_permit.so<br>
至此,认证部分基本完成。<br>
<br>
7、openldap安装<br>
#cd /usr/ports/net/openldap22-server;<br>
#make WITH_SASL=yes install clean;<br>
#ee /etc/rc.conf;<br>
添加:<br>
slapd_enable="YES"<br>
slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/"'<br>
slapd_sockets="/var/run/openldap/ldapi"<br>
我们来启动它:<br>
#/usr/local/etc/rc.d/slapd.sh start<br>
<br>
8、 安装POSTFIX<br>
3.3.1 cd /usr/ports/mail/postfix<br>
安装时选中[sasl2]+[tls]+[ldap]+[vda]+[test]。<br>
make install clean<br>
在安装快结束时会提示两个问题,分别是加入用户组和修改mailer.conf。全部回答为y。<br>
添加postfix别名:<br>
#cd /etc;<br>
#echo ‘postfix: root’ >> /etc/aliases<br>
产生别名数据库,每次改动都必须要做一次:<br>
#/usr/local/bin/newaliases<br>
如果提示opiekeys错误<br>
#chown postfix:postfix /etc/opiekeys<br>
<br>
替换并停止sendmail<br>
#ee /etc/rc.conf;<br>
修改sendmail_enable=’NONE’<br>
建立启动链接:<br>
#cd /usr/local/etc/rc.d/;<br>
#ln –s /usr/local/sbin/postfix postfix.sh<br>
创建/etc/periodic.conf <br>
#ee /etc/periodic.conf<br>
daily_clean_hoststat_enable="NO"<br>
daily_status_mail_rejects_enable="NO"<br>
daily_status_include_submit_mailq="NO"<br>
daily_submit_queuerun="NO"<br>
<br>
9、phpldapadmin安装<br>
强烈建议安装此程序,这是一个web界面的openldap的管理程序,对于理解和运用openldap大有帮助,我们可以把它看作是mysql的phpmyadmin一样。<br>
#cd /usr/ports/net/phpldapadmin/<br>
#ee Makefile,修改 www/为www/data/<br>
#make install clean;<br>
<br>
phpldapadmin的配置,与phpmyadmin基本上一样,无非就是用户名、密码等。<br>
#ee /usr/local/www/data/phpldapadmin/config.php;<br>
$blowfish_secret = 'mytestopenldap'; //随机加密码字符串,默认是空,使用cooki认证时必须要填,内容随便。<br>
$servers[$i]['name'] = 'My LDAP Server'; //名称,随便。<br>
$servers[$i]['host'] = '192.168.0.66'; //主机IP<br>
$servers[$i]['base'] = 'dc=chinake,dc=com'; //与slapd.conf保持一致。下面有讲到。<br>
$servers[$i]['port'] = 389; //默认端口号。<br>
$servers[$i]['auth_type'] = 'cookie'; //进入模式,开始的时候可以使用config(默认值)<br>
$servers[$i]['login_dn'] = 'cn=chaohu,dc=chinake,dc=com' //与slapd.conf的rootdn保持一致。<br>
$servers[$i]['login_pass'] = 'chaohu'; //rootpw的密码。使用cookie时,不需要。<br>
$language = 'zh-tw'; //语言,默认为 auto乱码,设为zh-cn也乱码,所以使用繁体的或en。<br>
<br>
<br>
第三章 openldap的配置<br>
<br>
1、关于schema<br>
一个schema就是一张字段和字段关系的定义表(与mysql的数据库相比)。postfix和courier需要查找的基本字段是用户名(用户邮件地址)、密码(postfix不需要)、用户邮件的存储目录。<br>
①kunmail.schema基本字段:<br>
kunmailuser: userName - 邮件系统用户名 (是完整的用户名,包括@后面的部分) <br>
userHome - 用户的home目录 <br>
userMaildir - 用户的maildir (一般为 userHome + “/Maildir/”) <br>
userClearpw - 用户密码 (明码) <br>
②postfix.schema基本字段:<br>
postfixAccount:mail – 用户邮件地址<br>
mailbox - 用户的maildir<br>
clearPassword - 用户密码<br>
homeDirectory -用户的home目录<br>
③mail.schema基本字段:<br>
mailUser: mail – 用户邮件地址<br>
userPassword - 用户密码<br>
homeDirectory -用户的home目录<br>
mailMessageStore - 用户的maildir<br>
④qmail.schema基本字段:<br>
qmailUser: mail – 用户邮件地址<br>
mailMessageStore - 用户的maildir<br>
homeDirectory -用户的home目录<br>
userPassword - 用户密码<br>
注意:用户的home目录+用户的maildir要构成一个邮件用户完整的绝对路径。本文使用mail.schema进行讲解。(几个schema文件附后)<br>
<br>
2、关于slapd.conf<br>
这是openldap主要配置文件,这个文件可以分成三个部分来理解:<br>
第一部分:载入schema文件,主要是装载所有字段定义和属性。其依赖关系可以这样理解:如某个schema文件中未定义mailhost这个字段,而其属性值里引用了这个字段,则定义了mailhost这个字段的schema必须先载入。我们先将mail.schema放到/usr/local/etc/openldap/schema/下,必须要先放。<br>
根据其依赖关系我们加入了几个schema文件:<br>
include /usr/local/etc/openldap/schema/core.schema<br>
include /usr/local/etc/openldap/schema/cosine.schema<br>
include /usr/local/etc/openldap/schema/inetorgperson.schema<br>
include /usr/local/etc/openldap/schema/nis.schema<br>
include /usr/local/etc/openldap/schema/misc.schema<br>
include /usr/local/etc/openldap/schema/mail.schema<br>
对于openldap的配置文件,行尾一定不能有空格。<br>
<br>
第二部分:控制权限。其默认的控制权限是rootdn任何时候都拥有写入权,这一部分我们可以不加定义,直接使用rootdn,但这样不太安全,所以我们添加一个用户或组来拥有对邮箱用户组写入权,邮箱用户自己可以读写。<br>
<br>
access to dn.base="" by * read //只读<br>
access to dn.base="cn=Subschema" by * read //只读<br>
access to dn.subtree="ou=admin,dc=chinake,dc=com" attr=userPassword<br>by * auth //添加管理组ou=admin,对自己可以认证。<br>
access to dn.subtree="ou=mail,dc=chinake,dc=com" attr=userPassword<br>by * auth //添加邮箱组ou=mail,对自己可以认证。<br>
access to dn.subtree="ou=mail,dc=chinake,dc=com"<br>by dn="cn=kunmail,ou=admin,dc=chinake,dc=com" write<br>by * none //添加管理员kumail,对ou=mail拥有写入权,对其它无权。<br>
<br>
第三部分:根及根用户<br>
<br>
suffix "dc=chinake,dc=com" //默认前缀<br>
rootdn "cn=chaohu,dc=chinake,dc=com" //根用户,名称随便。<br>
rootpw chaohu //根用户密码。<br>
<br>
这种结构与我的路径很相似,只是倒过来的,可以这样对比:<br>
/com/chinake/chaohu,这样就容易理解多了。<br>
<br>
那么我们的slapd.conf看起来就象这样。<br>
#ee /usr/local/etc/openldap/slapd.conf<br>
<br>
# See slapd.conf(5) for details on configuration options.<br>
# This file should NOT be world readable.<br>
#<br>
include /usr/local/etc/openldap/schema/core.schema<br>
include /usr/local/etc/openldap/schema/cosine.schema<br>
include /usr/local/etc/openldap/schema/inetorgperson.schema<br>
include /usr/local/etc/openldap/schema/nis.schema<br>
include /usr/local/etc/openldap/schema/misc.schema<br>
include /usr/local/etc/openldap/schema/mail.schema<br>
# Define global ACLs to disable default read access.<br>
# Do not enable referrals until AFTER you have a working directory<br>
# service AND an understanding of referrals.<br>
#referral ldap://root.openldap.org<br>
pidfile /var/run/openldap/slapd.pid<br>
argsfile /var/run/openldap/slapd.args<br>
# Load dynamic backend modules:<br>
# modulepath /usr/local/libexec/openldap<br>
# moduleload back_bdb<br>
# moduleload back_ldap<br>
# moduleload back_ldbm<br>
# moduleload back_passwd<br>
# moduleload back_shell<br>
<br>
# Sample security restrictions<br>
# Require integrity protection (prevent hijacking)<br>
# Require 112-bit (3DES or better) encryption for updates<br>
# Require 63-bit encryption for simple bind<br>
# security ssf=1 update_ssf=112 simple_bind=64<br>
<br>
# Sample access control policy:<br>
# Root DSE: allow anyone to read it<br>
# Subschema (sub)entry DSE: allow anyone to read it<br>
# Other DSEs:<br>
# Allow self write access<br>
# Allow authenticated users read access<br>
# Allow anonymous users to authenticate<br>
# Directives needed to implement policy:<br>
# access to dn.base="" by * read<br>
# access to dn.base="cn=Subschema" by * read<br>
# access to *<br>
# by self write<br>
# by users read<br>
# by anonymous auth<br>
#<br>
# if no access controls are present, the default policy<br>
access to dn.base="" by * read<br>
access to dn.base="cn=Subschema" by * read<br>
access to dn.subtree="ou=admin,dc=chinake,dc=com" attr=userPassword<br>by * auth<br>
access to dn.subtree="ou=mail,dc=chinake,dc=com" attr=userPassword<br>by * auth<br>
access to dn.subtree="ou=mail,dc=chinake,dc=com"<br>by dn="cn=kunmail,ou=admin,dc=chinake,dc=com" write<br>by * none<br>
#<br>
# rootdn can always read and write EVERYTHING!<br>
<br>
#######################################################################<br>
# BDB database definitions<br>
#######################################################################<br>
<br>
database bdb<br>
suffix "dc=chinake,dc=com"<br>
rootdn "cn=chaohu,dc=chinake,dc=com"<br>
# Cleartext passwords, especially for the rootdn, should<br>
# be avoid. See slappasswd(8) and slapd.conf(5) for details.<br>
rootdn "cn=chaohu,dc=chinake,dc=com"<br>
# Cleartext passwords, especially for the rootdn, should<br>
# be avoid. See slappasswd(8) and slapd.conf(5) for details.<br>
# Use of strong authentication encouraged.<br>
rootpw chaohu<br>
# The database directory MUST exist prior to running slapd AND<br>
# should only be accessible by the slapd and slap tools.<br>
# Mode 700 recommended.<br>
directory /var/db/openldap-data<br>
# Indices to maintain<br>
index objectClass eq<br>
<br>
3、配置ldap.conf,也可以不配置。<br>
<br>
# LDAP Defaults<br>
#<br>
# See ldap.conf(5) for details<br>
# This file should be world readable but not world writable.<br>
<br>
BASE dc=chinake, dc=com<br>
HOST localhost<br>
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666<br>
<br>
#SIZELIMIT 12<br>
#TIMELIMIT 15<br>
#DEREF never<br>
以上两个配置文件中间和前面空的部分都是TAB键打出来的,不是空格。<br>
<br>
重新启动slapd<br>
/usr/local/etc/rc.d/slapd.sh stop;<br>
/usr/local/etc/rc.d/slapd.sh start;<br>
<br>
4、建立用户数据<br>
<br>
建立导入文件,多个记录间使用空行分隔,我在使用过程中发现根结点必须手动导入,其它记录可以通过phpldapadmin导入,也可以直接建立。<br>
<br>
第一步是建立DN:<br>
文字不多,我们手动建立就可以了<br>
<br>
ldapadd -x -D 'cn=chaohu,dc=chinake,dc=com' -W //输入密码,然后将下面的内容输入,完成后按Ctrl+d 存盘。<br>
dn: dc=chinake,dc=com<br>
objectClass: dcObject<br>
objectClass: organization<br>
dc: chinake<br>
o: Corporation<br>
description: d Corporation<br>
<br>
第二步建立组和用户:<br>
将下面的存为postfix.ldif,然后进入<a target=_blank href=http://192.168.0.66/phpldapadmin/>http://192.168.0.66/phpldapadmin/</a>,使用其中的导入功能就可以了。<br>
也可以手动导入:<br>
# ldapadd -x -D "cn=chaohu,dc=chinake,dc=com" -W -f postfix.ldif<br>
<br>
#管理组<br>
# 紀錄 2: ou=admin,dc=chinake,dc=com<br>
dn: ou=admin,dc=chinake,dc=com<br>
ou: admin<br>
objectClass: top<br>
objectClass: organizationalUnit<br>
<br>
#用户组<br>
# 紀錄 3: ou=mail,dc=chinake,dc=com<br>
dn: ou=mail,dc=chinake,dc=com<br>
ou: mail<br>
objectClass: top<br>
objectClass: organizationalUnit<br>
<br>
#邮箱用户管理员<br>
# 紀錄 4: cn=kunmail,ou=admin,dc=chinake,dc=com<br>
dn: cn=kunmail,ou=admin,dc=chinake,dc=com<br>
cn: kunmail<br>
mail: kunmail@chinake.com<br>
uid: kunmail<br>
displayName: kunmail admin<br>
gidNumber: 80<br>
uidNumber: 80<br>
userStatus: 1<br>
mailMessageStore: chinake.com/kunmail/Maildir/<br>
mailQuota: 1000000<br>
userPassword: 2320419<br>
objectClass: mailUser<br>
objectClass: top<br>
homeDirectory: /usr/local/vmail<br>
<br>
#用户<br>
# 紀錄 5: uid=test,ou=mail,dc=chinake,dc=com<br>
dn: uid=test,ou=mail,dc=chinake,dc=com<br>
cn: test<br>
uid: test<br>
displayName: test user<br>
uidNumber: 80<br>
gidNumber: 80<br>
userPassword: test<br>
userStatus: 1<br>
objectClass: mailUser<br>
objectClass: top<br>
mail: test@chinake.com<br>
mailMessageStore: chinake.com/test/Maildir/<br>
homeDirectory: /usr/local/vmail<br>
<br>
在网络上的教程大都是建立一个用户如vmail,然后让这个用户在操作邮件用户。在本例中,用户使用www,与apache运行用户一样。<br>
邮件目录是这样的:/usr/local/vmail/chinake.com/user/Maildir/。<br>
所以我们建立这个目录:<br>
mkdir /usr/local/vmail;<br>
chown -R www:www /usr/local/vmail;<br>
chmod -R 700 /usr/local/vmail;<br>
<br>
以后再往openldap中添加用户,直接就可以使用phpldapadmin了,在相应组下面建立新记录<br>
——COUSTOM——uid=user,ObjectClasses选mailuser——填上必填项就可以了。<br>
<br>
第四章 配置AUTHLDAPRC<br>
<br>
<br>
#ee /usr/local/etc/authlib/authldaprc<br>
LDAP_SERVER localhost //本地服务器<br>
LDAP_PORT 389 //端口号<br>
LDAP_PROTOCOL_VERSION 3 //协议版本<br>
LDAP_BASEDN ou=mail, dc=chinake, dc=com //搜索的根目录<br>
LDAP_BINDDN cn=kunmail, ou=admin, dc=chinake, dc=com //绑用户<br>
LDAP_BINDPW 2320419 //绑定用户密码<br>
LDAP_TIMEOUT 10 //超时设置<br>
LDAP_AUTHBIND 1 //认证绑定为真<br>
LDAP_MAIL mail //用户邮箱地址<br>
LDAP_DOMAIN chinake.com //默认域名<br>
LDAP_GLOB_UID www //使用www用户来操作目录<br>
LDAP_GLOB_GID www //使用www用户组<br>
LDAP_HOMEDIR homeDirectory //用户基本目录<br>
LDAP_MAILDIR mailMessageStore //邮箱的Maildir地址<br>
LDAP_MAILDIRQUOTA mailQuota //邮箱大小<br>
LDAP_CLEARPW userPassword //密码字段<br>
LDAP_DEREF never<br>
LDAP_TLS 0<br>
<br>
第五章 配置POSTFIX<br>
<br>
<br>
#ee /usr/local/etc/postfix/main.cf;在最后加入:<br>
<br>
#======= BASE ==============<br>
myhostname = mail.chinake.com //本机机器名<br>
mydomain = chinake.com //本机域名<br>
home_mailbox = Maildir/ //邮件的存储方式<br>
mydestination = $myhostname $mydomain //收信域名<br>
local_recipient_maps = //不投递本地系统帐号邮件<br>
mynetworks = 127.0.0.1, 192.168.0.0/24 //信任的,无须SMTP认证的地址范围<br>
alias_maps = hash:/etc/aliases //别名<br>
alias_database = hash:/etc/aliases //别名数据<br>
local_transport = virtual //本地邮件的投递方式,也可以使用maildrop<br>
virtual_transport = virtual //虚拟用户的投递方式,也可以使用maildrop<br>
virtual_mailbox_base = /usr/local/vmail //邮件存储的根目录<br>
virtual_gid_maps = static:80 //虚拟用户的ID<br>
virtual_uid_maps = static:80 //虚拟用户组的ID<br>
virtual_minimum_uid = 80 //虚拟用户的最小ID<br>
<br>
#============ ldap mailbox ============<br>
#virtual_mailbox_domains = hash:/usr/local/etc/postfix/transport //虚拟域名,由于只有一个域名,可以不用。<br>
virtual_mailbox_maps = ldap:mailuser //虚拟域邮箱<br>
mailuser_timeout = 10 //超时设置<br>
mailuser_server_host = localhost //与mysql差不多,就是如何去找用户<br>
mailuser_server_port = 389 <br>
mailuser_search_base = ou=mail,dc=chinake,dc=com<br>
mailuser_query_filter = (&(mail=%s)(userStatus=1)) //查询语句<br>
mailuser_result_attribute = mailMessageStore <br>
mailuser_bind = yes<br>
mailuser_bind_dn = cn=kunmail,ou=admin,dc=chinake,dc=com<br>
mailuser_bind_pw = 2320419<br>
mailuser_version = 3<br>
<br>
#============== ldap Quota ============<br>
message_size_limit = 5242880<br>
virtual_mailbox_limit_size = 5242880<br>
virtual_mailbox_limit_override=yes<br>
#virtual_mailbox_limit_inbox = no<br>
virtual_maildir_extended = yes<br>
virtual_create_maildirsize = yes<br>
<br>
virtual_mailbox_limit_maps = ldap:mailquota<br>
mailquota_timeout = 10<br>
mailquota_server_host = localhost<br>
mailquota_server_port = 389<br>
mailquota_search_base = ou=mail,dc=chinake,dc=com<br>
mailquota_query_filter = (mail=%s)<br>
mailquota_result_attribute = mailQuota<br>
mailquota_bind = yes<br>
mailquota_bind_dn = cn=kunmail,ou=admin,dc=chinake,dc=com<br>
mailquota_bind_pw = 2320419<br>
mailquota_version = 3<br>
<br>
#============== SASL ================<br>
smtpd_sasl_auth_enable = yes<br>
smtpd_sasl_security_options = noanonymous<br>
broken_sasl_auth_clients = yes<br>
smtpd_recipient_restrictions = permit_sasl_authenticated permit_auth_destination reject<br>
#smtpd_sasl_local_domain = $mydomain<br>
smtpd_client_restrictions = permit_sasl_authenticated<br>
<br>
#============ banner =============<br>
smtpd_banner = Chinke Mail System<br>
<br>
多域名直接修改:/usr/local/etc/postfix/transport<br>
#ee /usr/local/etc/postfix/transport<br>
chinake.com virtual:<br>
test.com virtual:<br>
#postmap /usr/local/etc/postfix/transport<br>
<br>
<br>
re:第六章 测试1、测试cou...
第六章 测试<br><br>
<br>
1、测试courier-pop3<br>
手动建立邮件用户目录<br>
mkdir -p /usr/local/vmail/chinake.com/test<br>
maildirmake /usr/local/vmail/chinake.com/test/Maildir<br>
chown -R /usr/local/vmail<br>
chmod -R 700 /usr/local/vmail <br>
<br>
#telnet localhost 110<br>
Trying ::1...<br>
Connected to localhost.chinake.com.<br>
Escape character is '^]'.<br>
+OK Hello there.<br>
user test@chinake.com<br>
+OK Password required.<br>
pass test<br>
+OK logged in.<br>
Ctrl+]退出。<br>
<br>
如果有出错,请查看/var/log/maillog文件的输出。<br>
<br>
2、测试postfix<br>
<br>
认证测试:<br>
安装p5-MIME-Base64<br>
# cd /usr/ports/converters/p5-MIME-Base64/<br>
# make install clean<br>
# perl -MMIME::Base64 -e 'print encode_base64("test\@chinake.com");'<br>
dGVzdEBjaGluYWtlLmNvbQ==<br>
# perl -MMIME::Base64 -e 'print encode_base64("test");'<br>
dGVzdA==<br>
<br>
#telnet localhost 25<br>
Trying ::1...<br>
telnet: connect to address ::1: Connection refused<br>
Trying 127.0.0.1...<br>
Connected to localhost.chinake.com.<br>
Escape character is '^]'.<br>
220 Chinke Mail System<br>
ehlo mail<br>
250-mail.chinake.com<br>
250-PIPELINING<br>
250-SIZE 5242880<br>
250-VRFY<br>
250-ETRN<br>
250-AUTH LOGIN PLAIN<br>
250-AUTH=LOGIN PLAIN<br>
250 8BITMIME<br>
auth login<br>
334 VXNlcm5hbWU6<br>
dGVzdEBjaGluYWtlLmNvbQ==<br>
334 UGFzc3dvcmQ6<br>
dGVzdA==<br>
235 Authentication successful<br>
<br>
如果认证不成功,请查看/var/log/maillog文件,如果提示:<br>
SASL authentication failure: cannot connect to Courier authdaemond: Permission denied <br>
则可能是这一步没有做:<br>
#chmod +x /var/run/authdaemond<br>
<br>
如果提示与ldap有关,请仔细检查main.cf文件,注意每次修改后,都要<br>
#postfix reload<br>
<br>
发信测试:<br>
#echo "hello" |mail test@chinake.com<br>
成功后/var/log/maillog显示:<br>
May 25 23:46:02 mail postfix/pickup[369]: A57521BB: uid=0 from=<root><br>
May 25 23:46:02 mail postfix/cleanup[928]: A57521BB: message-id=<20050525154602.A57521BB@mail.chinake.com><br>
May 25 23:46:02 mail postfix/qmgr[272]: A57521BB: from=<root@mail.chinake.com>, size=285, nrcpt=1 (queue active)<br>
May 25 23:46:03 mail postfix/virtual[930]: A57521BB: to=<test@chinake.com>, relay=virtual,delay=1, status=sent (delivered to maildir) <br>
May 25 23:46:03 mail postfix/qmgr[272]: A57521BB: removed<br>
<br>
第七章 安装WEBMAIL<br>
<br>
<br>
我们使用小松鼠WEBMAIL,它使用IMAP方式,所以需要启动courier-imap-imapd。<br>
#ee /etc/rc.conf;<br>
添加:<br>
courier_imap_imapd_enable=”YES”<br>
启动imapd:<br>
/usr/local/etc/rc.d/courier-imap-imapd.sh start;<br>
安装小松鼠WEBMAIL:<br>
#cd /usr/ports/mail/squirrelmail/;<br>
#ee Makefile;<br>
将默认的安装路径www/修改为:www/data/<br>
#make install clean<br>
<br>
配置小松鼠WEBMAIL:<br>
#cd /usr/local/www/data/squirrelmail<br>
#./configure<br>
1. Organization Preferences //修改组织特性,可以不改<br>
2. Server Settings //修改域名,必须要改<br>
3. Folder Defaults //可以将INDEX.XXXX,改成相应的INDEX.垃圾箱、发件箱、草稿箱<br>
4. General Options<br>
5. Themes<br>
6. Address Books<br>
7. Message of the Day (MOTD)<br>
8. Plugins<br>
9. Database<br>
10. Languages //可以将语言改为zh_CH,编码改为GB2312<br>
<br>
D. Set pre-defined settings for specific IMAP servers<br>
<br>
C Turn color on<br>
S Save data<br>
Q Quit<br>
<br>
先存盘,后退出,也可以直接修改config/config.php文件。<br>
使用它去登录吧。<br>
<br>
关于新增用户,目前可以这样做,在openldap中添加新用户记录,然后给该新用户发一欢迎信,则courier就会自动建立好用户的邮箱目录,产生相对应的Maildir/。<br>
<br>
<br>
附件:<br>
1、kunmail.schema<br>
# kunmail-ldap v3 directory schema<br>
# written by hefish@cz8.net <br>
# Attribute Type Definitions<br>
attributetype ( 1.3.6.1.4.1.7914.1.2.1.1 NAME 'userNo'<br>DESC 'id of the user on the mailsystem'<br>EQUALITY integerMatch<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{32}<br>SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.7914.1.2.1.2 NAME 'userName'<br>DESC 'name of the user on the mailsystem'<br>EQUALITY caseIgnoreIA5Match<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64}<br>SINGLE-VALUE )<br><br>
attributetype ( 1.3.6.1.4.1.7914.1.2.1.3 NAME 'userUid'<br>DESC 'UID of the user on the mailsystem'<br>EQUALITY integerMatch<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{32}<br>SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.7914.1.2.1.4 NAME 'userGid'<br>DESC 'GID of the user on the mailsystem'<br>EQUALITY integerMatch<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{32}<br>SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.7914.1.2.1.5 NAME 'userHome'<br>DESC 'home of user in mail system'<br>EQUALITY caseExactMatch<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}<br>SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.7914.1.2.1.6 NAME 'userMaildir'<br>DESC 'maildir of user'<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}<br>SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.7914.1.2.1.7 NAME 'userQuota'<br>DESC 'The amount of space the user can use until all further messages get bounced.'<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{32}<br>SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.7914.1.2.1.8 NAME 'userClearpw'<br>DESC 'clear password of the user on the mailsystem'<br>EQUALITY caseExactMatch<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32}<br>SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.7914.1.2.1.9 NAME 'userFullname'<br>DESC 'full name of user'<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64}<br>SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.7914.1.2.1.10 NAME 'userActive'<br>DESC 'The status of a user account'<br>ORDERING integerOrderingMatch<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.27<br>SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.7914.1.2.1.11 NAME 'userMailReplyText'<br>DESC 'A reply text for every incoming message'<br>SUBSTR caseIgnoreSubstringsMatch<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{4096}<br>SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.7914.1.2.1.12 NAME 'userRegisterDate'<br>DESC 'timestamp of user registration'<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.27<br>SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.7914.1.2.1.13 NAME 'userExpireDate'<br>DESC 'timestamp of user mailbox expiration'<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.27<br>SINGLE-VALUE )<br>
<br>
# Object Class Definitions<br>
<br>
objectclass ( 1.3.6.1.4.1.7914.1.2.2.1 NAME 'kunmailUser'<br>DESC 'KunMail-LDAP User' SUP top STRUCTURAL <br>MUST ( userNo $ userName $ cn $ userUid $ userGid )<br>MAY ( userMaildir $ userHome $ userClearpw $ userQuota $ userFullname $ userMailReplyText $ userActive $ userRegisterDate $ userExpireDate ) )<br>
<br>
2、mail.schema<br>
# mail-ldap v3 directory schema<br>
# written by liut<br>
# This schema depends on:<br>
# - core.schema<br>
# - cosine.schema<br>
# - inetorgperson.schema<br>
# - nis.schema<br>
# - misc.schema<br>
# Attribute Type Definitions<br>
<br>
attributetype ( 1.3.6.1.4.1.7914.1.2.1.3 NAME 'mailMessageStore'<br>
DESC 'Path to the maildir/mbox on the mail system'<br>
EQUALITY caseExactIA5Match<br>
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26<br>
SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.7914.1.2.1.4 NAME 'mailQuota'<br>
DESC 'The amount of space the user can use until all further messages get bounced.'<br>
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{32}<br>
SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.7914.1.2.1.6 NAME 'mailForward'<br>
DESC 'Address(es) to forward all incoming messages to.'<br>
EQUALITY caseIgnoreIA5Match<br>
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )<br>
<br>
attributetype ( 1.3.6.1.4.1.7914.1.2.1.7 NAME 'mailClearpw'<br>DESC 'clear password of the user on the mailsystem'<br>EQUALITY caseExactMatch<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32}<br>SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.7914.1.2.1.9 NAME 'mailReplyText'<br>
DESC 'A reply text for every incoming message'<br>
EQUALITY caseIgnoreMatch<br>
SUBSTR caseIgnoreSubstringsMatch<br>
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{4096}<br>
SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.7914.1.2.1.11 NAME 'userStatus'<br>DESC 'The status of a user account'<br>EQUALITY integerMatch<br>ORDERING integerOrderingMatch<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.27<br>SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.7914.1.2.1.12 NAME 'userRegisterDate'<br>DESC 'timestamp of user registration'<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.27<br>SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.7914.1.2.1.13 NAME 'userExpireDate'<br>DESC 'timestamp of user mailbox expiration'<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.27<br>SINGLE-VALUE )<br>
<br>
# Object Class Definitions<br>
<br>
objectclass ( 1.3.6.1.4.1.7914.1.2.2.1 NAME 'mailUser'<br>
DESC 'Mail-LDAP User' SUP top STRUCTURAL <br>
MUST ( mail $ cn $ uid )<br>
MAY ( userPassword $ uidNumber $ gidNumber $ homeDirectory $ mailMessageStore $<br>
mailHost $ mailForward $ mailQuota $ displayName $ mailReplyText $<br>
userStatus $ userRegisterDate $ userExpireDate ) )<br>
<br>
3、postfix.schema<br>
<br>
# postfix-ldap directory schema v0.1<br>
# Created by: netkiller <netkiller@9812.net><br>
# Created: 2004-4-12<br>
# Note: The attribute and objectclass OIDs are valid<br>
# Attribute Type Definitions<br>
# Postfix Style<br>
<br>
#attributetype ( 1.3.6.1.4.1.7006.1.2.1.1 NAME 'uidnumber'<br>DESC 'UID of the user on the mailsystem'<br>EQUALITY integerMatch<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )<br>
<br>
#attributetype ( 1.3.6.1.4.1.7006.1.2.1.2 NAME 'gidnumber'<br>DESC 'GID of the user on the mailsystem'<br>EQUALITY integerMatch<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.12461.1.1.5 NAME 'mailbox'<br>DESC 'The absolute path to the mailbox for a mail account in a non-default location'<br>EQUALITY caseExactIA5Match<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.12461.1.1.6 NAME 'quota'<br>DESC 'A string that represents the quota on a mailbox'<br>EQUALITY caseExactIA5Match<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.12461.1.1.8 NAME 'maildrop'<br>DESC 'RFC822 Mailbox - mail alias'<br>EQUALITY caseIgnoreIA5Match<br>SUBSTR caseIgnoreIA5SubstringsMatch<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )<br>
<br>
attributetype ( 1.3.6.1.4.1.12461.1.1.7 NAME 'clearPassword'<br>DESC 'A separate text that stores the mail account password in clear text'<br>EQUALITY octetStringMatch<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128})<br>
<br>
<br>
attributetype ( 1.3.6.1.4.1.12461.1.1.9 NAME 'mailsource'<br>DESC 'Message source'<br>EQUALITY caseIgnoreIA5Match<br>SUBSTR caseIgnoreIA5SubstringsMatch<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )<br>
<br>
# Qmail Style<br>
<br>
attributetype ( 1.3.6.1.4.1.7006.1.2.1.1 NAME 'qmailUID'<br>DESC 'UID of the user on the mailsystem'<br>EQUALITY integerMatch<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.7006.1.2.1.2 NAME 'qmailGID'<br>DESC 'GID of the user on the mailsystem'<br>EQUALITY integerMatch<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.7006.1.2.1.3 NAME 'mailMessageStore'<br>DESC 'Path to the maildir/mbox on the mail system'<br>EQUALITY caseExactIA5Match<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.7006.1.2.1.4 NAME 'mailAlternateAddress'<br>DESC 'Secondary (alias) mailaddresses for the same user'<br>EQUALITY caseIgnoreIA5Match<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )<br>
<br>
attributetype ( 1.3.6.1.4.1.7006.1.2.1.5 NAME 'mailQuota'<br>DESC 'The amount of space the user can use until all further messages get bounced.'<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.7006.1.2.1.6 NAME 'mailHost'<br>DESC 'On which qmail server the messagestore of this user is located.'<br>EQUALITY caseIgnoreIA5Match<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.7006.1.2.1.7 NAME 'mailForwardingAddress'<br>DESC 'Address(es) to forward all incoming messages to.'<br>EQUALITY caseIgnoreIA5Match<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )<br>
<br>
attributetype ( 1.3.6.1.4.1.7006.1.2.1.8 NAME 'deliveryProgramPath'<br>DESC 'Program to execute for all incoming mails.'<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.7006.1.2.1.9 NAME 'qmailDotMode'<br>DESC 'Interpretation of .qmail files: both, dotonly, ldaponly, ldapwithprog, none'<br>EQUALITY caseIgnoreIA5Match<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.7006.1.2.1.10 NAME 'deliveryMode'<br>DESC 'multi field entries of: normal, forwardonly, nombox, localdelivery, reply, echo'<br>EQUALITY caseIgnoreIA5Match<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )<br>
<br>
attributetype ( 1.3.6.1.4.1.7006.1.2.1.11 NAME 'mailReplyText'<br>DESC 'A reply text for every incoming message'<br>SUBSTR caseIgnoreSubstringsMatch<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} SINGLE-VALUE )<br>
<br>
attributetype ( 1.3.6.1.4.1.7006.1.2.1.12 NAME 'accountStatus'<br>DESC 'The status of a user account: active, nopop, disabled'<br>EQUALITY caseIgnoreIA5Match<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )<br>
<br>
# Postfix Virtual Domain<br>
<br>
attributetype ( 1.3.6.1.4.1.12461.1.1.4 NAME 'vd'<br>DESC 'A virtual domain managed by Jamm'<br>EQUALITY caseIgnoreIA5Match<br>SUBSTR caseIgnoreIA5SubstringsMatch<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )<br>
<br>
attributetype ( 1.3.6.1.4.1.12461.1.1.1 NAME 'transport'<br>DESC 'A string directing postfix which transport to use'<br>EQUALITY caseExactIA5Match<br>SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{20} SINGLE-VALUE )<br>
<br>
# Object Class Definitions<br>
<br>
objectclass ( 1.3.6.1.4.1.12461.1.2.1 NAME 'postfixAccount'<br>DESC 'Postfix-LDAP User' SUP top AUXILIARY<br>MUST ( mail $ uid )<br>MAY ( mailbox $ quota $ maildrop $ clearPassword $<br>mailMessageStore $ homeDirectory $ userPassword $<br>mailAlternateAddress $ uidnumber $ gidnumber $ mailQuota $<br>mailHost $ mailForwardingAddress $ mailReplyText $<br>accountStatus ) )<br>
<br>
objectclass ( 1.3.6.1.4.1.12461.1.2.2 NAME 'postfixAliases'<br>SUP top STRUCTURAL<br>DESC 'Mail aliasing/forwarding entry'<br>MUST ( mail $ uid )<br>MAY ( maildrop $ description $ mailForwardingAddress $ accountStatus ) )<br>
<br>
objectclass ( 1.3.6.1.4.1.12461.1.2.3 NAME 'postfixVirtualDomain'<br>SUP top STRUCTURAL<br>DESC 'Virtual Domain entry to be used with postfix transport maps'<br>MUST ( vd $ transport )<br>MAY ( o $ description $ accountStatus ) )<br>
<br>
# Qmail Object Class Definitions<br>
objectclass ( 1.3.6.1.4.1.7006.1.2.2.1 NAME 'qmailUser'<br>DESC 'QMail-LDAP User' SUP top AUXILIARY<br>MUST ( mail $ uid )<br>MAY ( mailMessageStore $ homeDirectory $ userPassword $<br>mailAlternateAddress $ qmailUID $ qmailGID $ mailQuota $<br>mailHost $ mailForwardingAddress $ deliveryProgramPath $<br>qmailDotMode $ deliveryMode $ mailReplyText $<br>accountStatus ) )<br>
<br>
<br>
页:
[1]