Garey's Blog–FreeBSD/PHP/GoLang

十二月 15th, 2009

FreeBSD系统下Postfix邮件系统的建立

8,571 views, FreeBSD, by garey.

在网上搜了很多关于postfix+mysql的帖子,发现Extmail做的很好,只是本人要用的系统是FreeBSD 7.2,而Extmail For FreeBSD安装手册不是用的mysql,本人结合Extmail For Linux安装手册,成功安装了一套邮件系统(FreeBSD+Postfix+MySQL+Extman)。

一、创建帐号
增加一个存储邮件的帐号和组(vmail)
执行如下命令
pw group add vmail -g 1000
pw user add vmail -u 1000 -g 1000 -s /sbin/nologin -d /dev/null

二、mysql的安装和配置
cd /usr/ports/database/mysql51-server
make install clean

编辑/etc/rc.conf
mysql_enable=”YES”

三、ExtMan的安装
由于在安装过程中要使用ExtMan里面带的文件,因此在此先安装ExtMan。安装时需要选择MySQL支持。
cd /usr/ports/mail/extman/ && make install clean
数据库初始化
mysql -u root -p < /usr/local/www/extman/docs/extmail.sql
mysql -u root -p < /usr/local/www/extman/docs/init.sql

四、安装配置courier-imap POP3/IMAP

Courier-imap的安装

安装时选择:
TRASHQUOTA
AUTH_MYSQL

cd /usr/ports/mail/courier-imap/ && make install clean

Authlib的配置
编辑/usr/local/etc/authlib/authdaemonrc文件,内容类似如下:
authmodulelist=”authmysql”
authmodulelistorig=”authmysql”
daemons=5
authdaemonvar=/var/run/authdaemond
subsystem=mail
DEBUG_LOGIN=0
DEFAULTOPTIONS=”wbnodsn=1″
LOGGEROPTS=”"

增加/var/run/authdaemond的执行权限,在FreeBSD系统下,其他用户默认没有执行权限
chmod +x /var/run/authdaemond 

编辑/usr/local/etc/authlib/authmysqlrc文件,内容类似如下:
MYSQL_SERVER            localhost
MYSQL_USERNAME          extmail
MYSQL_PASSWORD          extmail
MYSQL_SOCKET            /tmp/mysql.sock
MYSQL_PORT              3306
MYSQL_OPT               0
MYSQL_DATABASE          extmail
MYSQL_USER_TABLE        mailbox
MYSQL_CRYPT_PWFIELD     password
MYSQL_UID_FIELD         uidnumber
MYSQL_GID_FIELD         gidnumber
MYSQL_LOGIN_FIELD       username
MYSQL_HOME_FIELD        homedir
MYSQL_NAME_FIELD        name
MYSQL_MAILDIR_FIELD     maildir
MYSQL_QUOTA_FIELD       quota
MYSQL_SELECT_CLAUSE     SELECT username,password,”",uidnumber,gidnumber,
                        CONCAT(‘/home/domains/’,homedir),              
                        CONCAT(‘/home/domains/’,maildir),              
                        quota,                                         
                        name                                           
                        FROM mailbox                                   
                        WHERE username = ‘$(local_part)@$(domain)’

配置支持POP3s
拷贝一份配置文件
cp /usr/local/etc/courier-imap/pop3d.cnf.dist /usr/local/etc/courier-imap/pop3d.cnf

编辑/usr/local/etc/courier-imap/pop3d.cnf文件,类似如下:

RANDFILE = /usr/local/share/courier-imap/pop3d.rand

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no

[ req_dn ]
C=CN
ST=SH
L=Shang Hai
O=Bsdart
OU=Esdart
CN=bsdartbsdart.org
emailAddress=garey.ding@gmail.com

[ cert_type ]
nsCertType = server

执行如下命令产生供POP3s使用的证书
/usr/local/sbin/mkpop3dcert

配置自动启动
编辑/etc/rc.conf文件,添加如下行:

courier_authdaemond_enable=”YES”
courier_imap_pop3d_enable=”YES”
courier_imap_pop3d_ssl_enable=”YES”

五、Postfix的安装和配置-MTA

安装postfix

安装时选择:

PCRE
SASL2
TLS
MYSQL
VDA
TEST

cd /usr/ports/mail/postfix/ && make install clean

配置postfix

编辑/etc/rc.conf,增加如下一行
sendmail_enable=”NO”
postfix_enable=”YES”
编辑/etc/aliases,确保有如下一行
postfix: root

替换掉系统带的sendmail程序
编辑/etc/mail/mailer.conf,修改:
sendmail        /usr/local/sbin/sendmail
send-mail       /usr/local/sbin/sendmail
mailq           /usr/local/sbin/sendmail
newaliases      /usr/local/sbin/sendmail
hoststat        /usr/local/sbin/sendmail
purgestat       /usr/local/sbin/sendmail

编辑/etc/periodic.conf,加入如下内容,禁掉sendmail的自动维护。
daily_clean_hoststat_enable=”NO”
daily_status_mail_rejects_enable=”NO”
daily_status_include_submit_mailq=”NO”
daily_submit_queuerun=”NO”

执行如下命令

postalias /etc/aliases
chown postfix:postfix /etc/opiekeys

编辑/usr/local/etc/postfix/main.cf
增加
mynetworks = 127.0.0.0/8

mydomain = bsdart.org
myhostname = mail.bsdart.org
myorigin = $mydomain

mail_name = Postfix – by bsdart.org
smtpd_banner = $myhostname ESMTP $mail_name

smtpd_error_sleep_time = 0s
unknown_local_recipient_reject_code = 450

virtual_mailbox_base = /home/domains
virtual_uid_maps=static:1000
virtual_gid_maps=static:1000

virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf

SMTP认证设置

编辑/usr/local/lib/sasl2/smtpd.conf

pwcheck_method:authdaemond
log_level:3
mech_list:PLAIN LOGIN
authdaemond_path:/var/run/authdaemond/socket

编辑/usr/local/etc/postfix/main.cf
增加
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain =
#smtpd_sasl_local_domain = $myhostname

postfix反垃圾设置
编辑/usr/local/etc/postfix/main.cf
增加
smtpd_helo_required = yes
smtpd_delay_reject = yes
disable_vrfy_command = yes
smtpd_client_restrictions = check_client_access hash:/usr/local/etc/postfix/client_access
smtpd_helo_restrictions = reject_invalid_hostname,check_helo_access hash:/usr/local/etc/postfix/helo_access
smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, check_sender_access hash:/usr/local/etc/postfix/sender_access
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain
smtpd_data_restrictions = reject_unauth_pipelining
header_checks = regexp:/usr/local/etc/postfix/head_checks
body_checks = regexp:/usr/local/etc/postfix/body_checks

TLS设置

生成证书,在这里默认私钥的访问密码为123qwe98,请根据自己的情况决定,以后可能会用得到。

mkdir -p /usr/local/etc/postfix/certs/CA
cd /usr/local/etc/postfix/certs/CA
mkdir certs crl newcerts private
echo “01″ > serial
touch index.txt
cp /usr/src/crypto/openssl/apps/openssl.cnf .

编辑openssl.cnf,确认dir参数的值是/usr/local/etc/postfix/certs/CA。然后继续执行如下命令,并根据情况输入信息。输入信息类似如下:

Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:SH
Locality Name (eg, city) []:Shang Hai
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Bsdart
Organizational Unit Name (eg, section) []:bsdart
Common Name (eg, YOUR name) []:bsdart.org
Email Address []:garey.ding@gmail.com

命令如下:

openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650 -config openssl.cnf
openssl req -nodes -new -x509 -keyout mykey.pem -out myreq.pem -days 3650 -config openssl.cnf
openssl x509 -x509toreq -in myreq.pem -signkey mykey.pem -out tmp.pem
openssl ca -config openssl.cnf -policy policy_anything -out mycert.pem -infiles tmp.pem
rm tmp.pem
cp cacert.pem mycert.pem mykey.pem /usr/local/etc/postfix/certs/
cd /usr/local/etc/postfix/certs/
chown root:wheel cacert.pem mycert.pem
chown root:postfix mykey.pem
chmod 755 cacert.pem
chmod 644 mycert.pem
chmod 440 mykey.pem
ln -s cacert.pem `openssl x509 -noout -hash < cacert.pem `.0

配置postfix支持TLS
编辑/usr/local/etc/postfix/main.cf
增加
smtpd_use_tls = yes
smtpd_tls_auth_only = no
smtp_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem
smtp_tls_cert_file = /usr/local/etc/postfix/certs/mycert.pem
smtp_tls_key_file = /usr/local/etc/postfix/certs/mykey.pem
smtpd_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/certs/mycert.pem
smtpd_tls_key_file = /usr/local/etc/postfix/certs/mykey.pem
smtpd_tls_received_header = yes
smtpd_tls_loglevel = 0
smtpd_starttls_timeout = 60s

配置master.cf,添加如下信息

smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

六、Maildrop的安装和配置-MDA
安装maildrop
安装时选择mysql
cd /usr/ports/mail/maildrop/ && make WITH_AUTHLIB=yes install clean
修改master.cf
修改master.cf的maildrop,类似修改为:

#maildrop  unix  -       n       n       -       -       pipe
#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/local/bin/maildrop -w 90 -d ${recipient}

编辑/usr/local/etc/postfix/main.cf
增加
virtual_transport=maildrop:
maildrop_destination_concurrency_limit=1
maildrop_destination_recipient_limit=1

编辑文件/usr/local/etc/maildroprc
确保是如下内容:

logfile “/var/log/maildrop.log”
TEST=”/bin/test -f”
#
# Check for custom user .mailfilter file
#
CUSTOM_FILTER=”$HOME/.mailfilter”
`$TEST $CUSTOM_FILTER && exit 1 || exit 0`
if ( $RETURNCODE == 0 )
{
        to “$HOME/Maildir”
}

touch /var/log/maildrop.log
chmod vmail:vmail /var/log/maildrop.log

七、安装配置Apache

安装apache
cd /usr/ports/www/apache22/ &&make WITH_SUEXEC=yes SUEXEC_DOCROOT=/usr/local/www install clean
配置/etc/rc.conf
添加如下一行
apache22_enable=”YES”

虚拟主机配置
编辑/usr/local/etc/apache22/Includes/extmail.conf

NameVirtualHost *:80

    ServerName mail.extmail.org
    DocumentRoot /usr/local/www/extman/html/

    ScriptAlias /extman/cgi “/usr/local/www/extman/cgi/”
    Alias /extman “/usr/local/www/extman/html/”

        SetHandler cgi-script
        Options +ExecCGI
        AllowOverride All
        AllowOverride None
        Options None
        Order allow,deny
        Allow from all

    SuexecUserGroup vmail vmail

八、配置ExtMan
配置extman
编辑/usr/local/www/extman/webman.cf,修改对应的参数如下

SYS_CONFIG = /usr/local/www/extman/
SYS_LANGDIR = /usr/local/www/extman/lang
SYS_TEMPLDIR = /usr/local/www/extman/html
SYS_MAILDIR_BASE = /home/domains
SYS_SESS_DIR = /var/tmp/extman/
SYS_PSIZE = 50
SYS_LANG = zh_CN
SYS_DEFAULT_MAXQUOTA = 10000
SYS_DEFAULT_MAXALIAS = 10000
SYS_DEFAULT_MAXUSERS = 1000
SYS_DEFAULT_MAXNDQUOTA = 100
SYS_BACKEND_TYPE = mysql
SYS_CRYPT_TYPE = md5crypt
SYS_MYSQL_USER = extman
SYS_MYSQL_PASS = extman
SYS_MYSQL_DB = extmail
SYS_MYSQL_HOST = localhost
SYS_MYSQL_SOCKET = /tmp/mysql.sock
SYS_MYSQL_TABLE = manager
SYS_MYSQL_ATTR_USERNAME = username
SYS_MYSQL_ATTR_PASSWD = password

其他设置
执行如下命令
mkdir /var/tmp/extman/
chown –R vmail:vmail /var/tmp/extman/
chmod 700 /var/tmp/extman/
chmod 600 /usr/local/www/extman/webman.cf
unlink /usr/local/www/extman/libs/HTML/KTemplate.pm
cp /usr/local/www/extmail/libs/HTML/KTemplate.pm /usr/local/www/extman/libs/HTML/

配置图形日志
安装依赖软件

cd /usr/ports/databases/rrdtool && make install clean
cd /usr/ports/devel/p5-File-Tail && make install clean
cd /usr/ports/devel/p5-Time-HiRes && make install clean

安装mailgraph_ext

cp -Rfp /usr/local/www/extman/addon/mailgraph_ext/ /usr/local/mailgraph_ext
/usr/local/mailgraph_ext/mailgraph-init start
/usr/local/mailgraph_ext/qmonitor-init start

之后使用root@extmail.org登录Extman后台管理控制台,新建自己需要的bsdart.org域,并建立帐号和别名。
之后就可以用建立好的帐号使用pop3,pop3s,smtp,smtps登录了。

Back Top

发表评论