标签:word ted linux encrypt sele 导出 登陆 uid 必须
一、邮件服务架构bind:域名解析
postfix:实现SMTP协议,用于发件
dovecot:实现POP3和IMAP协议,用于收件
Cyrus-SASL函数库:用于用户认证
courier-authlib:使用MySQL数据库中的表进行身份验证
extmail和extman:提供webmail
引自马哥文档的结构图
系统:CentOS Linux release 7.4.1708 (Core)
yum -y install bind bind-utils
主配置文件
vim /etc/named.conf
//listen-on port 53 { 127.0.0.1; };
//listen-on-v6 port 53 { ::1; };
//allow-query { localhost; };
直接注释listen与allow-query,就可以监听在所有地址上并且允许所有主机访问
定义正反向区域配置文件
vim /etc/named.rfc1912.zones
zone "zhongdianjizhi.com" IN {
type master;
file "zhongdianjizhi.com.zone";
};
zone "118.168.192.in-addr.arpa" {
type master;
file "zhongdianjizhi.com.local";
};
定义区域解析库文件(配置A记录与MX记录)
cd /var/named
cp -p named.localhost zhongdianjizhi.com.zone
cp -p named.localhost zhongdianjizhi.com.local
vim /var/named/zhongdianjizhi.com.zone
$TTL 86400
@ IN SOA ns.zhongdianjizhi.com. admin.zhongdianjizhi.com. (
201902 ; serial
2H ; refresh
10M ; retry
3D ; expire
1D ) ; minimum
IN NS ns
IN MX 10 mail
ns IN A 192.168.118.100
mail IN A 192.168.118.100
vim /var/named/zhongdianjizhi.com.local
$TTL 86400
@ IN SOA ns.zhongdianjizhi.com. admin.zhongdianjizhi.com. (
201902 ; serial
2H ; refresh
10M ; retry
3D ; expire
1D ) ; minimum
IN NS ns.zhongdianjizhi.com.
1 IN PTR ns.zhongdianjizhi.com.
1 IN PTR mail.zhongdianjizhi.com.
named-checkzone "zhongdianjizhi.com.zone" /var/named/zhongdianjizhi.com.zone
named-checkzone "118.168.192.in-addr.arpa" /var/named/zhongdianjizhi.com.local
chgrp named /var/named/zhongdianjizhi.com.*
chmod 640 /var/named/zhongdianjizhi.com.*
vim /etc/resolv.conf
nameserver 192.168.118.100
hostnamectl set-hostname mail.zhongdianjizhi.com
systemctl start named
systemctl enable named
dig -t A mail.zhongdianjizhi.com @192.168.118.100
dig -x 192.168.118.100 @192.168.118.100
移除系统自带的postfix
rpm -e postfix
删除postfix用户
userdel postfix
groupdel postdrop
新建用户
groupadd -g 2525 postfix
useradd -g 2525 -u 2525 -M -s /sbin/nologin postfix
groupadd -g 2526 postdrop
useradd -g 2526 -u 2526 -M -s /sbin/nologin postdrop
wget ftp://ftp.cuhk.edu.hk/pub/packages/mail-server/postfix/official/postfix-3.4.5.tar.gz
yum -y install mariadb-server mariadb-devel
systemctl start mariadb.service
yum -y install gcc gcc-c++ make pcre-devel expat-devel perl
yum -y install openssl openssl-devel db4-devel ntpdate bzip2 php-mysql cyrus-sasl-md5 perl-GD perl-DBD-MySQL perl-GD perl-CPAN perl-CGI perl-CGI-Session cyrus-sasl-lib cyrus-sasl-plain cyrus-sasl cyrus-sasl-devel libtool-ltdl-devel telnet mail libicu-devel m4 expect httpd
rpm -ql mariadb-devel
Mysql include:/usr/include/mysql
Mysql lib:/usr/lib64/mysql
rpm -ql cyrus-sasl-devel
Sasl lib:/usr/lib64/sasl2
Sasl include:/usr/include/sasl
cd /usr/local/src/; tar -xf postfix-3.4.5.tar.gz
cd postfix-3.4.5/
#编译时指定上一步找到的头文件以及库文件位置
make makefiles ‘CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DUSE_TLS ‘ ‘AUXLIBS=-L/usr/lib64/mysql -lmysqlclient -lz -lrt -lm -L/usr/lib64/sasl2 -lsasl2 -lssl -lcrypto‘
make && make install
在make install过程中交互式的填写配置文件
Please specify the prefix for installed file names. Specify this ONLY
if you are building ready-to-install packages for distribution to OTHER
machines. See PACKAGE_README for instructions.
install_root: [/]
Please specify a directory for scratch files while installing Postfix. You
must have write permission in this directory.
tempdir: [/usr/local/src/postfix-3.0.11] /tmp/extmail #更改tmp目录,其他的全部默认
Please specify the final destination directory for installed Postfix
configuration files.
config_directory: [/etc/postfix]
Please specify the final destination directory for installed Postfix
administrative commands. This directory should be in the command search
path of adminstrative users.
command_directory: [/usr/sbin]
Please specify the final destination directory for installed Postfix
daemon programs. This directory should not be in the command search path
of any users.
daemon_directory: [/usr/libexec/postfix]
Please specify the final destination directory for Postfix-writable
data files such as caches or random numbers. This directory should not
be shared with non-Postfix software.
data_directory: [/var/lib/postfix]
Please specify the final destination directory for the Postfix HTML
files. Specify "no" if you do not want to install these files.
html_directory: [no]
Please specify the owner of the Postfix queue. Specify an account with
numerical user ID and group ID values that are not used by any other
accounts on the system.
mail_owner: [postfix]
Please specify the final destination pathname for the installed Postfix
mailq command. This is the Sendmail-compatible mail queue listing command.
mailq_path: [/usr/bin/mailq]
Please specify the final destination directory for the Postfix on-line
manual pages. You can no longer specify "no" here.
manpage_directory: [/usr/local/man]
Please specify the final destination pathname for the installed Postfix
newaliases command. This is the Sendmail-compatible command to build
alias databases for the Postfix local delivery agent.
newaliases_path: [/usr/bin/newaliases]
Please specify the final destination directory for Postfix queues.
queue_directory: [/var/spool/postfix]
Please specify the final destination directory for the Postfix README
files. Specify "no" if you do not want to install these files.
readme_directory: [no]
Please specify the final destination pathname for the installed Postfix
sendmail command. This is the Sendmail-compatible mail posting interface.
sendmail_path: [/usr/sbin/sendmail]
Please specify the group for mail submission and for queue management
commands. Specify a group name with a numerical group ID that is
not shared with other accounts, not even with the Postfix mail_owner
account. You can no longer specify "no" here.
setgid_group: [postdrop]
Please specify the final destination directory for Postfix shared-library
files.
shlib_directory: [no]
主配置文件:/etc/postfix/main.cf
maildrop配置文件:/etc/postfix/master.cf 可通过postconf -e修改
备份
cp /etc/postfix/main.cf{,.bak}
配置文件main.cf
#第94行 修改邮局主机名
myhostname = mail.zhongdianjizhi.com
#第102行 修改邮局域名
mydomain = zhongdianjizhi.com
#第118行 寄出邮件域名,删除注释
myorigin = $mydomain
#第132行 修改监听所有网卡,删除注释
inet_interfaces = all
#第180行 修改可接收邮件的主机名和域名,可被中继的域名
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#第279 修改可接收邮件的主机名和域名,可被中继的主机
mynetworks = 192.168.118.0/24, 127.0.0.0/8
#第434行,取消注释
home_mailbox = Maildir/
#第676行 开启同时使用ipv4和ipv6协议,定义postfix进程监听的IP地址
inet_protocols = all
#第266行 指定信任网段类型
mynetworks_style = host
#第311行 指定允许中转邮件的域名,取消注释
relay_domains = $mydestination
#第401行,设置邮件的别名映射表,取消注释
alias_maps = hash:/etc/aliases
配置结束后使用postconf -n查看配置并核对
vim /etc/init.d/postfix
#!/bin/bash
#
# postfix Postfix Mail Transfer Agent
#
# chkconfig: 2345 80 30
# description: Postfix is a Mail Transport Agent, which is the program # that moves mail from one machine to another.
# processname: master
# pidfile: /var/spool/postfix/pid/master.pid
# config: /etc/postfix/main.cf
# config: /etc/postfix/master.cf
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ $NETWORKING = "no" ] && exit 3
[ -x /usr/sbin/postfix ] || exit 4
[ -d /etc/postfix ] || exit 5
[ -d /var/spool/postfix ] || exit 6
RETVAL=0
prog="postfix"
start() {
# Start daemons.
echo -n $"Starting postfix: "
/usr/bin/newaliases >/dev/null 2>&1
/usr/sbin/postfix start 2>/dev/null 1>&2 && success || failure $"$prog start"
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/postfix
echo
return $RETVAL
}
stop() {
# Stop daemons.
echo -n $"Shutting down postfix: "
/usr/sbin/postfix stop 2>/dev/null 1>&2 && success || failure $"$prog stop"
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/postfix
echo
return $RETVAL
}
reload() {
echo -n $"Reloading postfix: "
/usr/sbin/postfix reload 2>/dev/null 1>&2 && success || failure $"$prog reload"
RETVAL=$?
echo
return $RETVAL
}
abort() {
/usr/sbin/postfix abort 2>/dev/null 1>&2 && success || failure $"$prog abort"
return $?
}
flush() {
/usr/sbin/postfix flush 2>/dev/null 1>&2 && success || failure $"$prog flush"
return $?
}
check() {
/usr/sbin/postfix check 2>/dev/null 1>&2 && success || failure $"$prog check"
return $?
}
restart() {
stop
start
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
reload)
reload
;;
abort)
abort
;;
flush)
flush
;;
check)
check
;;
status)
status master
;;
condrestart)
[ -f /var/lock/subsys/postfix ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|restart|reload|abort|flush|check|status|condrestart}"
exit 1
esac
exit $?
添加权限,并开机启动
chmod +x /etc/init.d/postfix
chkconfig --add postfix
chkconfig postfix on
chown postfix.postfix -R /var/lib/postfix/
chown postfix.postfix /var/spool/ -R
newaliases
ls /etc/aliases.db
useradd jym
systemctl start postfix
[root@mail ~]# telnet mail.zhongdianjizhi.com 25
Trying fe80::4c54:bb23:c6db:6473%ens33...
telnet: connect to address fe80::4c54:bb23:c6db:6473%ens33: Connection refused
Trying 192.168.118.100...
Connected to mail.zhongdianjizhi.com.
Escape character is ‘^]‘.
220 mail.zhongdianjizhi.com ESMTP Postfix
mail from:root@zhongdianjizhi.com
250 2.1.0 Ok
rcpt to:jym@zhongdianjizhi.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
hello,this is test mail.
.
250 2.0.0 Ok: queued as 13259132D75
quit
221 2.0.0 Bye
Connection closed by foreign host.
Note:写完邮件正文需要以.结束
发送成功
[root@mail ~]# tail /var/log/maillog|grep sent
Jul 1 16:29:56 mail postfix/local[8749]: 13259132D75: to=<jym@zhongdianjizhi.com>, relay=local, delay=66, dela
ys=66/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir)
yum -y install dovecot dovecot-mysql
依赖包:clucene-core
vim /etc/dovecot/dovecot.conf
#第24行,取消注释
protocols = imap pop3 lmtp
#第30行,取消注释
listen = *, ::
#第33行,取消注释
base_dir = /var/run/dovecot/
vim /etc/dovecot/conf.d/10-mail.conf
#第30行,取消注释,为dovecot指明邮箱位置
mail_location = maildir:/var/mailbox/%d/%n/Maildir
配置dovecot连接mysql
cp /etc/dovecot/conf.d/auth-sql.conf.ext /etc/dovecot/conf.d/auth-sql.conf
vim /etc/dovecot/conf.d/auth-sql.conf
passdb {
driver = sql
# Path for SQL configuration file, see example-config/dovecot-sql.conf.ext
args = /etc/dovecot/dovecot-sql.conf
}
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}
vim /etc/dovecot/dovecot-sql.conf
driver = mysql
connect = host=localhost dbname=extmail user=extmail password=extmail
default_pass_scheme = CRYPT
password_query = SELECT username AS user,password AS password FROM mailbox WHERE username = ‘%u‘
user_query = SELECT maildir, uidnumber AS uid, gidnumber AS gid FROM mailbox WHERE username = ‘%u‘
systemctl start dovecot.service
echo "111111" | passwd --stdin jym
[root@mail ~]# telnet mail.zhongdianjizhi.com 110
Trying fe80::4c54:bb23:c6db:6473%ens33...
Connected to mail.zhongdianjizhi.com.
Escape character is ‘^]‘.
+OK Dovecot ready.
user jym
+OK
pass 111111
+OK Logged in.
list
+OK 2 messages:
1 506
2 495
.
retr 1
+OK 506 octets
Return-Path: <root@zhongdianjizhi.com>
X-Original-To: jym@zhongdianjizhi.com
Delivered-To: jym@zhongdianjizhi.com
Received: from mail.zhongdianjizhi.com (mail.zhongdianjizhi.com [192.168.118.100])
by mail.zhongdianjizhi.com (Postfix) with ESMTP id 13259132D75
for <jym@zhongdianjizhi.com>; Mon, 1 Jul 2019 16:28:51 +0000 (GMT)
Message-Id: <20190701162941.13259132D75@mail.zhongdianjizhi.com>
Date: Mon, 1 Jul 2019 16:28:51 +0000 (GMT)
From: root@zhongdianjizhi.com
hello,this is test mail.
配置文件:/etc/sysconfig/saslauthd
systemctl start saslauthd.service
systemctl enable saslauthd.service
testsaslauthd -ujym -p111111
vim /usr/lib64/sasl2/smtpd.conf
创建smtpd.conf配置文件并写入
log_level: 3 #生产环境关闭,现用于测试
pwcheck_method: authdaemond
mech_list: PLAIN LOGIN
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket #authlib的socket路径
vim /etc/postfix/main.cf
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqd
n_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destinationsmtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_path = smtpd
postfix使用courier-authlib实现虚拟用户的认证
下载地址:http://www.courier-mta.org/download.html
wget https://sourceforge.net/projects/courier/files/courier-unicode/2.1/courier-unicode-2.1.tar.bz2
tar xf courier-unicode-2.1.tar.bz2
cd courier-unicode-2.1/
./configure
make && make install
wget https://sourceforge.net/projects/courier/files/authlib/0.69.0/courier-authlib-0.69.0.tar.bz2
tar xf courier-authlib-0.69.0.tar.bz2
cd courier-authlib-0.69.0/
#在编译选项中指定mysql认证,指明mysql的库文件,头文件位置,指明安装目录以及配置文件目录
./configure --prefix=/usr/local/courier-authlib --sysconfdir=/etc --without-authpam --without-authshadow --without-authvchkpw --without-authpgsql --with-authmysql --with-mysql-libs=/usr/lib64/mysql --with-mysql-includes=/usr/include/mysql --with-redhat --with-authmysqlrc=/etc/authmysqlrc --with-authdaemonrc=/etc/authdaemonrc --with-mailuser=postfix --with-mailgroup=postfix
make && make install
chmod 755 /usr/local/courier-authlib/var/spool/authdaemon
cp /etc/authdaemonrc.dist /etc/authdaemonrc
cp /etc/authmysqlrc.dist /etc/authmysqlrc
配置使用mysql认证
vim /etc/authdaemonrc
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=10 #并发
配置其通过mysql进行邮件账号认证
vim /etc/authmysqlrc
MYSQL_SERVER localhost
MYSQL_USERNAME extmail #使用数据库的所有者的用户名
MYSQL_PASSWORD extmail #使用数据库的所有者的密码,生产环境下结合实际情况修改,如要修改,后面一系列都要修改
MYSQL_SOCKET /var/lib/mysql/mysql.sock #mysql的socket文件路径,根据mysql的安装方式,路径不同
MYSQL_PORT 3306
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password #设置用户密码
DEFAULT_DOMAIN zhongdianjizhi.com #默认域
MYSQL_UID_FIELD ‘2525‘ #postfix用户的UID
MYSQL_GID_FIELD ‘2525‘
MYSQL_LOGIN_FIELD username #用户所在的表名,必须是username
MYSQL_HOME_FIELD concat(‘/var/mailbox/‘,homedir) #用户账号家目录
MYSQL_NAME_FIELD name #
MYSQL_MAILDIR_FIELD concat(‘/var/mailbox/‘,maildir)
echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf.d/courier-authlib.conf
ldconfig
cp courier-authlib.sysvinit /etc/rc.d/init.d/courier-authlib
chmod 755 /etc/rc.d/init.d/courier-authlib
systemctl start courier-authlib.service
systemctl enable courier-authlib.service
mkdir -pv /var/mailbox
chown -R postfix /var/mailbox/
#####virtual mailbox settings#####
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
virtual_transport = virtual
#####QUOTA settings#####
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
启用虚拟域后,需要取消中心域,即注释掉myhostname,mydestionation,mydomain,myorigin,或者将mydestionation修改为需要的域。
#第94行 修改邮局主机名
#myhostname = mail.zhongdianjizhi.com
#第102行 修改邮局域名
#mydomain = zhongdianjizhi.com
#第118行 寄出邮件域名,删除注释
#myorigin = $mydomain
#第180行 修改可接收邮件的主机名和域名,可被中继的域名
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#第279 修改为只允许本机
mynetworks = 127.0.0.0/8
Note:以上配置的.cf配置文件都是由extman来提供
进入源码包
tar xf extman-1.1.tar.gz
cd extman-1.1/docs/
启动mariadb
systemctl start mariadb.service
修改extmail.sql 文件(mysql5.1以上版本需修改)
sed -i ‘s/TYPE/ENGINE/g‘ extmail.sql
导入数据库
mysql -uroot < extmail.sql
mysql -uroot < init.sql
MariaDB [extmail]> GRANT all privileges on extmail.* TO extmail@localhost IDENTIFIED BY ‘extmail‘;
MariaDB [extmail]> GRANT all privileges on extmail.* TO extmail@127.0.0.1 IDENTIFIED BY ‘extmail‘;
cp mysql_virtual_* /etc/postfix/
systemctl restart postfix.service
tar xf extmail-1.2.tar.gz
mkdir -pv /var/www/extsuite
mv extmail-1.2 /var/www/extsuite/extmail
cp /var/www/extsuite/extmail/webmail.cf.default /var/www/extsuite/extmail/webmail.cf
vim /var/www/extsuite/extmail/webmail.cf
#修改语言为中文
SYS_USER_LANG = zh_CN
#修改用户邮件存放目录
SYS_MAILDIR_BASE = /var/mailbox
#修改链接数据库的用户名密码
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
#修改authdaemo socket文件位置
SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket
mv extman-1.1/ /var/www/extsuite/extman
cp /var/www/extsuite/extman/webman.cf.default /var/www/extsuite/extman/webman.cf
vim /var/www/extsuite/extman/webman.cf
#修改用户邮件存放目录
SYS_MAILDIR_BASE = /var/mailbox
#关闭验证模块
SYS_CAPTCHA_ON = 0
#修改ID号
SYS_DEFAULT_UID = 2525
SYS_DEFAULT_GID = 2525
#修改连接数据库的用户名密码
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
#修改存放session的临时目录
SYS_SESS_DIR = /tmp
mkdir -pv /tmp/extman
chown -R postfix.postfix /tmp/extman
[root@mail ~]# /usr/local/courier-authlib/sbin/authtest -s login postmaster@extmail.org extmail
Authentication succeeded.
Authenticated: postmaster@extmail.org (uid 2525, gid 2525)
Home Directory: /var/mailbox/extmail.org/postmaster
Maildir: /var/mailbox/extmail.org/postmaster/Maildir/
Quota: (none)
Encrypted Password: $1$phz1mRrj$3ok6BjeaoJYWDBsEPZb5C0
Cleartext Password: extmail
Options: (none)
vim /etc/httpd/conf/httpd.conf
#第119行,注释中心主机
#DocumentRoot "/var/www/html"
#修改用户与组为postfix
User postfix
Group postfix
结尾加上虚拟主机配置
<VirtualHost *:80>
ServerName mail.zhongdianjizhi.com
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi
Alias /extman /var/www/extsuite/extman/html
</VirtualHost>
chown -R postfix.postfix /var/www/extsuite/extmail/cgi/
chown -R postfix.postfix /var/www/extsuite/extman/cgi/
httpd -t
tar xf Unix-Syslog-1.1.tar.gz
cd Unix-Syslog-1.1/
perl Makefile.PL
make && make install
systemctl start httpd
http://192.168.118.100/extmail
默认用户名:root@extmail.org
默认密码:extmail123
参考文章:
https://blog.51cto.com/mageedu/1048832
标签:word ted linux encrypt sele 导出 登陆 uid 必须
原文地址:https://blog.51cto.com/jiayimeng/2416421