在网上搜了很多关于postfix+mysql的帖子,发现Extmail做的很好,只是本人要用的系统是FreeBSD 7.2,而Extmail For FreeBSD安装手册不是用的mysql,本人结合Extmail For Linux安装手册,成功安装了一套邮件系统(FreeBSD+Postfix+MySQL+Extman)。
一、创建帐号
增加一个存储邮件的帐号和组(vmail)
执行如下命令
pw group add vmail -g 1000
pw user add vmail -u 1000 -g 1000 -s /sbin/nologin -d /dev/null
二、mysql的安装和配置
cd /usr/ports/database/mysql51-server
make install clean
编辑/etc/rc.conf
mysql_enable=”YES”
三、ExtMan的安装
由于在安装过程中要使用ExtMan里面带的文件,因此在此先安装ExtMan。安装时需要选择MySQL支持。
cd /usr/ports/mail/extman/ && make install clean
数据库初始化
mysql -u root -p < /usr/local/www/extman/docs/extmail.sql
mysql -u root -p < /usr/local/www/extman/docs/init.sql
四、安装配置courier-imap POP3/IMAP
Courier-imap的安装
安装时选择:
TRASHQUOTA
AUTH_MYSQL
cd /usr/ports/mail/courier-imap/ && make install clean
Authlib的配置
编辑/usr/local/etc/authlib/authdaemonrc文件,内容类似如下:
authmodulelist=”authmysql”
authmodulelistorig=”authmysql”
daemons=5
authdaemonvar=/var/run/authdaemond
subsystem=mail
DEBUG_LOGIN=0
DEFAULTOPTIONS=”wbnodsn=1″
LOGGEROPTS=”"
增加/var/run/authdaemond的执行权限,在FreeBSD系统下,其他用户默认没有执行权限
chmod +x /var/run/authdaemond
编辑/usr/local/etc/authlib/authmysqlrc文件,内容类似如下:
MYSQL_SERVER localhost
MYSQL_USERNAME extmail
MYSQL_PASSWORD extmail
MYSQL_SOCKET /tmp/mysql.sock
MYSQL_PORT 3306
MYSQL_OPT 0
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD uidnumber
MYSQL_GID_FIELD gidnumber
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD homedir
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD maildir
MYSQL_QUOTA_FIELD quota
MYSQL_SELECT_CLAUSE SELECT username,password,”",uidnumber,gidnumber,
CONCAT(‘/home/domains/’,homedir),
CONCAT(‘/home/domains/’,maildir),
quota,
name
FROM mailbox
WHERE username = ‘$(local_part)@$(domain)’
配置支持POP3s
拷贝一份配置文件
cp /usr/local/etc/courier-imap/pop3d.cnf.dist /usr/local/etc/courier-imap/pop3d.cnf
编辑/usr/local/etc/courier-imap/pop3d.cnf文件,类似如下:
RANDFILE = /usr/local/share/courier-imap/pop3d.rand
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
C=CN
ST=SH
L=Shang Hai
O=Bsdart
OU=Esdart
CN=bsdartbsdart.org
emailAddress=garey.ding@gmail.com
[ cert_type ]
nsCertType = server
执行如下命令产生供POP3s使用的证书
/usr/local/sbin/mkpop3dcert
配置自动启动
编辑/etc/rc.conf文件,添加如下行:
courier_authdaemond_enable=”YES”
courier_imap_pop3d_enable=”YES”
courier_imap_pop3d_ssl_enable=”YES”
五、Postfix的安装和配置-MTA
安装postfix
安装时选择:
PCRE
SASL2
TLS
MYSQL
VDA
TEST
cd /usr/ports/mail/postfix/ && make install clean
配置postfix
编辑/etc/rc.conf,增加如下一行
sendmail_enable=”NO”
postfix_enable=”YES”
编辑/etc/aliases,确保有如下一行
postfix: root
替换掉系统带的sendmail程序
编辑/etc/mail/mailer.conf,修改:
sendmail /usr/local/sbin/sendmail
send-mail /usr/local/sbin/sendmail
mailq /usr/local/sbin/sendmail
newaliases /usr/local/sbin/sendmail
hoststat /usr/local/sbin/sendmail
purgestat /usr/local/sbin/sendmail
编辑/etc/periodic.conf,加入如下内容,禁掉sendmail的自动维护。
daily_clean_hoststat_enable=”NO”
daily_status_mail_rejects_enable=”NO”
daily_status_include_submit_mailq=”NO”
daily_submit_queuerun=”NO”
执行如下命令
postalias /etc/aliases
chown postfix:postfix /etc/opiekeys
编辑/usr/local/etc/postfix/main.cf
增加
mynetworks = 127.0.0.0/8
mydomain = bsdart.org
myhostname = mail.bsdart.org
myorigin = $mydomain
mail_name = Postfix – by bsdart.org
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_error_sleep_time = 0s
unknown_local_recipient_reject_code = 450
virtual_mailbox_base = /home/domains
virtual_uid_maps=static:1000
virtual_gid_maps=static:1000
virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
SMTP认证设置
编辑/usr/local/lib/sasl2/smtpd.conf
pwcheck_method:authdaemond
log_level:3
mech_list:PLAIN LOGIN
authdaemond_path:/var/run/authdaemond/socket
编辑/usr/local/etc/postfix/main.cf
增加
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain =
#smtpd_sasl_local_domain = $myhostname
postfix反垃圾设置
编辑/usr/local/etc/postfix/main.cf
增加
smtpd_helo_required = yes
smtpd_delay_reject = yes
disable_vrfy_command = yes
smtpd_client_restrictions = check_client_access hash:/usr/local/etc/postfix/client_access
smtpd_helo_restrictions = reject_invalid_hostname,check_helo_access hash:/usr/local/etc/postfix/helo_access
smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, check_sender_access hash:/usr/local/etc/postfix/sender_access
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain
smtpd_data_restrictions = reject_unauth_pipelining
header_checks = regexp:/usr/local/etc/postfix/head_checks
body_checks = regexp:/usr/local/etc/postfix/body_checks
TLS设置
生成证书,在这里默认私钥的访问密码为123qwe98,请根据自己的情况决定,以后可能会用得到。
mkdir -p /usr/local/etc/postfix/certs/CA
cd /usr/local/etc/postfix/certs/CA
mkdir certs crl newcerts private
echo “01″ > serial
touch index.txt
cp /usr/src/crypto/openssl/apps/openssl.cnf .
编辑openssl.cnf,确认dir参数的值是/usr/local/etc/postfix/certs/CA。然后继续执行如下命令,并根据情况输入信息。输入信息类似如下:
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:SH
Locality Name (eg, city) []:Shang Hai
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Bsdart
Organizational Unit Name (eg, section) []:bsdart
Common Name (eg, YOUR name) []:bsdart.org
Email Address []:garey.ding@gmail.com
命令如下:
openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650 -config openssl.cnf
openssl req -nodes -new -x509 -keyout mykey.pem -out myreq.pem -days 3650 -config openssl.cnf
openssl x509 -x509toreq -in myreq.pem -signkey mykey.pem -out tmp.pem
openssl ca -config openssl.cnf -policy policy_anything -out mycert.pem -infiles tmp.pem
rm tmp.pem
cp cacert.pem mycert.pem mykey.pem /usr/local/etc/postfix/certs/
cd /usr/local/etc/postfix/certs/
chown root:wheel cacert.pem mycert.pem
chown root:postfix mykey.pem
chmod 755 cacert.pem
chmod 644 mycert.pem
chmod 440 mykey.pem
ln -s cacert.pem `openssl x509 -noout -hash < cacert.pem `.0
配置postfix支持TLS
编辑/usr/local/etc/postfix/main.cf
增加
smtpd_use_tls = yes
smtpd_tls_auth_only = no
smtp_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem
smtp_tls_cert_file = /usr/local/etc/postfix/certs/mycert.pem
smtp_tls_key_file = /usr/local/etc/postfix/certs/mykey.pem
smtpd_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/certs/mycert.pem
smtpd_tls_key_file = /usr/local/etc/postfix/certs/mykey.pem
smtpd_tls_received_header = yes
smtpd_tls_loglevel = 0
smtpd_starttls_timeout = 60s
配置master.cf,添加如下信息
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
六、Maildrop的安装和配置-MDA
安装maildrop
安装时选择mysql
cd /usr/ports/mail/maildrop/ && make WITH_AUTHLIB=yes install clean
修改master.cf
修改master.cf的maildrop,类似修改为:
#maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
maildrop unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/local/bin/maildrop -w 90 -d ${recipient}
编辑/usr/local/etc/postfix/main.cf
增加
virtual_transport=maildrop:
maildrop_destination_concurrency_limit=1
maildrop_destination_recipient_limit=1
编辑文件/usr/local/etc/maildroprc
确保是如下内容:
logfile “/var/log/maildrop.log”
TEST=”/bin/test -f”
#
# Check for custom user .mailfilter file
#
CUSTOM_FILTER=”$HOME/.mailfilter”
`$TEST $CUSTOM_FILTER && exit 1 || exit 0`
if ( $RETURNCODE == 0 )
{
to “$HOME/Maildir”
}
touch /var/log/maildrop.log
chmod vmail:vmail /var/log/maildrop.log
七、安装配置Apache
安装apache
cd /usr/ports/www/apache22/ &&make WITH_SUEXEC=yes SUEXEC_DOCROOT=/usr/local/www install clean
配置/etc/rc.conf
添加如下一行
apache22_enable=”YES”
虚拟主机配置
编辑/usr/local/etc/apache22/Includes/extmail.conf
NameVirtualHost *:80
ServerName mail.extmail.org
DocumentRoot /usr/local/www/extman/html/
ScriptAlias /extman/cgi “/usr/local/www/extman/cgi/”
Alias /extman “/usr/local/www/extman/html/”
SetHandler cgi-script
Options +ExecCGI
AllowOverride All
AllowOverride None
Options None
Order allow,deny
Allow from all
SuexecUserGroup vmail vmail
八、配置ExtMan
配置extman
编辑/usr/local/www/extman/webman.cf,修改对应的参数如下
SYS_CONFIG = /usr/local/www/extman/
SYS_LANGDIR = /usr/local/www/extman/lang
SYS_TEMPLDIR = /usr/local/www/extman/html
SYS_MAILDIR_BASE = /home/domains
SYS_SESS_DIR = /var/tmp/extman/
SYS_PSIZE = 50
SYS_LANG = zh_CN
SYS_DEFAULT_MAXQUOTA = 10000
SYS_DEFAULT_MAXALIAS = 10000
SYS_DEFAULT_MAXUSERS = 1000
SYS_DEFAULT_MAXNDQUOTA = 100
SYS_BACKEND_TYPE = mysql
SYS_CRYPT_TYPE = md5crypt
SYS_MYSQL_USER = extman
SYS_MYSQL_PASS = extman
SYS_MYSQL_DB = extmail
SYS_MYSQL_HOST = localhost
SYS_MYSQL_SOCKET = /tmp/mysql.sock
SYS_MYSQL_TABLE = manager
SYS_MYSQL_ATTR_USERNAME = username
SYS_MYSQL_ATTR_PASSWD = password
其他设置
执行如下命令
mkdir /var/tmp/extman/
chown –R vmail:vmail /var/tmp/extman/
chmod 700 /var/tmp/extman/
chmod 600 /usr/local/www/extman/webman.cf
unlink /usr/local/www/extman/libs/HTML/KTemplate.pm
cp /usr/local/www/extmail/libs/HTML/KTemplate.pm /usr/local/www/extman/libs/HTML/
配置图形日志
安装依赖软件
cd /usr/ports/databases/rrdtool && make install clean
cd /usr/ports/devel/p5-File-Tail && make install clean
cd /usr/ports/devel/p5-Time-HiRes && make install clean
安装mailgraph_ext
cp -Rfp /usr/local/www/extman/addon/mailgraph_ext/ /usr/local/mailgraph_ext
/usr/local/mailgraph_ext/mailgraph-init start
/usr/local/mailgraph_ext/qmonitor-init start
之后使用root@extmail.org登录Extman后台管理控制台,新建自己需要的bsdart.org域,并建立帐号和别名。
之后就可以用建立好的帐号使用pop3,pop3s,smtp,smtps登录了。