project4电子邮局

www.extmail.net

本章目录：

１、电子邮局介绍（成员的组成及工作原理）

２、回顾分析第一阶段的邮局系统：        postfix(MTA smtp)+dovecot(pop3/imap)+squirrelmail(webmail)＋apache+php+DNS

３、分析虚拟用户邮局系统：              postfix(MTA+maildrop+(MDA)couier-imap(MUA)+courier-authlib+apache(extmail/exman)+mysql

４、邮局部署之前的ＤＮＳ准备（ＭＸ）

５、部署虚拟用户邮局系统

邮件角色

MTA 邮件传输代理  邮局    sendmail postfix qmail notes(IBM) exchange(MS)

MDA 邮件分发代理  代理机制

MUA 邮件用户代理  客户端  mail mutt  webmail foxmail outlook

邮件协议

smtp  简单邮件传输协议   用于发送邮件  TCP  25 465

pop3  第三版邮局协议     用于接收邮件  TCP 110 995   离线模式(1-100)

imap  互联网邮件访问协议 用于接收邮件  TCP 443 993   在线模式(锁定第几封)

工作原理

---DNS MX -----

MUA ---smtpd:25--- MTA  -smtpd--- MDA --smtpd--- MTA  --pop3/imap--- MUA

回顾

postfix(MTA smtp)+dovecot(pop3/imap)+squirrelmail(webmail)＋apache+php+DNS + pam --> /etc/passwd|/etc/shadow

虚拟用户邮局系统

postfix(MTA)+maildrop(MDA)+couier-imap(MUA)+courier-authlib+apache(extmail/exman)+mysql

++++++++++部署虚拟用户邮件系统++++++++++++++++

1 配置DNS的MX记录

[[email protected] ~]# vim /var/named/uplooking.com.zone

$TTL 1D

@       IN SOA  dns.uplooking.com. root.uplooking.com. (

0       ; serial

1D      ; refresh

1H      ; retry

1W      ; expire

3H )    ; minimum

@       NS      dns.uplooking.com.  --DNS服务器

dns     A       192.168.0.254

@       MX 5    mail.uplooking.com.  --邮件服务器

mail    A       192.168.0.1

[[email protected] ~]# echo "nameserver 192.168.0.254" > /etc/resolv.conf

[[email protected] ~]# host mail.uplooking.com

mail.uplooking.com has address 192.168.0.1

2  配置本地ISO源与EMOS源

[[email protected] ~]# rm -fr /etc/yum.repos.d/*

[[email protected] ~]# vim /etc/yum.repos.d/emos.repo

[local]

baseurl=ftp://192.168.0.254/pub/rhel6/dvd

gpgcheck=0

[emos]

baseurl=ftp://192.168.0.254/EMOS

gpgcheck=0

3 安装MTA postfix  ---- 升级(qmail)

--升级postfix

[[email protected] ~]# yum -y install postfix

postfix是否加载mysql模块

[[email protected] ~]# postconf -m |grep mysql

mysql

配置postfix(命令回顾)

# postconf--查询所有已经生效配置

# postconf -n--查询自定义的配置

# postconf -d--查询默认配置

# postconf -m--查询postfix支持的模块列表

# postconf -e--通过非交互模式配置文件修改，用于脚本方式配置postfix

生成配置文件

[[email protected] ~]# postconf -n >> /etc/postfix/main.cf.new

[[email protected] ~]# mv /etc/postfix/main.cf /etc/postfix/main.cf.old

[[email protected] ~]# cp /etc/postfix/main.cf.new /etc/postfix/main.cf

[[email protected] ~]# vim /etc/postfix/main.cf

alias_database = hash:/etc/postfix/aliases

alias_maps = hash:/etc/postfix/aliases

command_directory = /usr/sbin

config_directory = /etc/postfix

daemon_directory = /usr/libexec/postfix

data_directory = /var/lib/postfix

debug_peer_level = 2

html_directory = /usr/share/doc/postfix-2.7.3-documentation/html

mail_owner = postfix

mailq_path = /usr/bin/mailq.postfix

manpage_directory = /usr/share/man

newaliases_path = /usr/bin/newaliases.postfix

queue_directory = /var/spool/postfix

readme_directory = /usr/share/doc/postfix-2.7.3-documentation/readme

sample_directory = /etc/postfix

sendmail_path = /usr/sbin/sendmail.postfix

setgid_group = postdrop

unknown_local_recipient_reject_code = 550

# hostname  --邮件主机信息

mynetworks = 127.0.0.1

myhostname = mail.uplooking.com

mydomain = uplooking.com

mydestination = $mynetworks $myhostname $mydomain

# banner --欢迎信息

mail_name = Postfix - by uplooking.com

smtpd_banner = $myhostname ESMTP $mail_name

# response immediately  --错误报告立刻返回

smtpd_error_sleep_time = 0s

# Message and return code control --单位字节  单封邮件与邮件家目录的限制

message_size_limit = 50000000

mailbox_size_limit = 1024000000

show_user_unknown_table_name = no

# Queue lifetime control  --生命周期

bounce_queue_lifetime = 1d

maximal_queue_lifetime = 1d

4 安装MDA (maildrop)

[[email protected] ~]# yum -y install maildrop

定义maildrop程序

[[email protected] ~]# id vuser

uid=1000(vuser) gid=1000(vgroup) 组=1000(vgroup)

[[email protected] ~]# vim /etc/postfix/master.cf

maildrop   unix        -       n        n        -        -        pipe

flags=DRhu user=vuser argv=maildrop -w 90 -d ${user}@${nexthop} ${recipient} ${user} ${extension} {nexthop}

5  安装配置Courier-Authlib验证中间件：

[[email protected] ~]# rpm -qa  |grep authlib

courier-authlib-0.62.4-1.el6.FT.x86_64

[[email protected] docs]# yum -y install courier-authlib courier-authlib-mysql

[[email protected] ~]# rpm -ql courier-authlib |grep mysql

/etc/authlib/authmysqlrc.dist

/usr/share/doc/courier-authlib-0.62.4/README.authmysql.html

/usr/share/doc/courier-authlib-0.62.4/README.authmysql.myownquery

--清空配置文件 重新定义中间件程序 如何 连接数据库

[[email protected] ~]# :> /etc/authlib/authmysqlrc

[[email protected] ~]# vim /etc/authlib/authmysqlrc

MYSQL_SERVER            localhost

MYSQL_USERNAME          extmail

MYSQL_PASSWORD          extmail

MYSQL_SOCKET            /var/lib/mysql/mysql.sock

MYSQL_PORT              3306

MYSQL_OPT               0

MYSQL_DATABASE          extmail

MYSQL_USER_TABLE        mailbox

MYSQL_CRYPT_PWFIELD     password

MYSQL_UID_FIELD         uidnumber

MYSQL_GID_FIELD         gidnumber

MYSQL_LOGIN_FIELD       username

MYSQL_HOME_FIELD        homedir

MYSQL_NAME_FIELD        name

MYSQL_MAILDIR_FIELD     maildir

MYSQL_QUOTA_FIELD       quota

MYSQL_SELECT_CLAUSE     SELECT username,password,"",uidnumber,gidnumber,\

CONCAT(‘/home/domains/‘,homedir),               \

CONCAT(‘/home/domains/‘,maildir),               \

quota,                                          \

name                                            \

FROM mailbox                                    \

WHERE username = ‘$(local_part)@$(domain)‘

[[email protected] ~]# vim /etc/authlib/authdaemonrc

authmodulelist="authmysql"

authmodulelistorig="authmysql"

启动服务

[[email protected] ~]# /etc/rc.d/init.d/courier-authlib  start

[[email protected] ~]# chkconfig courier-authlib on

修改authdaemon socket目录权限,如果该目录权限不正确修改，maildrop及postfix等将无法正确获取用户的信息及密码认证：

思路 MTA--postfix--maildrop ---/var/spool/authdaemon/socket----- authdaemonrc---/etc/authlib/authmysqlrc

[[email protected] ~]# chmod 755 /var/spool/authdaemon/

6 虚拟主机设置

[[email protected] ~]# yum -y install httpd

[[email protected] ~]# vim /etc/httpd/conf.d/vhost_mail.uplooking.conf

NameVirtualHost *:80

<VirtualHost *:80>

ServerName mail.uplooking.com

DocumentRoot /var/www/extsuite/extmail/html/

ScriptAlias /extmail/cgi/ /var/www/extsuite/extmail/cgi/

Alias /extmail /var/www/extsuite/extmail/html/

ScriptAlias /extman/cgi/ /var/www/extsuite/extman/cgi/

Alias /extman /var/www/extsuite/extman/html/

# Suexec config

SuexecUserGroup vuser vgroup

</VirtualHost>

7  安装与配置页面

安装页面  后台 webman --extsuite-webman

[[email protected] ~]# yum -y install extsuite-webman

安装页面  前端 extmail  --extsuite-webmail

[[email protected] ~]# yum -y install extsuite-webmail

配置页面

[[email protected] ~]# cp /var/www/extsuite/extmail/webmail.cf.default /var/www/extsuite/extmail/webmail.cf

[[email protected] ~]# vim /var/www/extsuite/extmail/webmail.cf

SYS_MYSQL_USER = extmail

SYS_MYSQL_PASS = extmail

SYS_MYSQL_DB = extmail

SYS_MYSQL_HOST = localhost

SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock

修改权限

[[email protected] ~]# chown vuser.vgroup /var/www/extsuite/extmail/cgi/ -R

[[email protected] ~]# chown vuser.vgroup /var/www/extsuite/extman/cgi/ -R

[[email protected] ~]#  mkdir /tmp/extman

[[email protected] ~]#  chmod 777 /tmp/extman/

8  安装数据库

[[email protected] ~]# yum -y install mysql-server mysql

[[email protected] ~]# service mysqld start

导入mysql数据库结构及初始化数据，root密码默认为空

[[email protected] ~]# mysql < /var/www/extsuite/extman/docs/extmail.sql

[[email protected] ~]# mysql <   /var/www/extsuite/extman/docs/init.sql

测试帐号

[[email protected] ~]# mysql -uextmail -pextmail extmail  --SELECT，UPDATE

[[email protected] ~]# mysql -uwebman -pwebman extmail    --SELECT, INSERT, UPDATE, DELETE

启动httpd

[[email protected] ~]# service httpd start

[[email protected] ~]# chkconfig httpd on

9 设置虚拟域和虚拟用户的配置文件

[[email protected] ~]# cd /var/www/extsuite/extman/docs/

[[email protected] docs]# cp mysql_virtual_* /etc/postfix/

[[email protected] docs]# vim /etc/postfix/main.cf

#mydestination = $mynetworks $myhostname $mydomain

# extmail config here

virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf

virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf

virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf

virtual_transport = maildrop:

[[email protected] docs]# service postfix restart

登录后台注册域名 uplooking.com

在注册邮件用户

http://mail.uplooking.com/extman/cgi/index.cgi

ExtMan的默认超级管理员帐户：[email protected]，初始密码：extmail*123*，登陆成功后，建议将密码修改，以确保安全。

-----------测试

手连接数据库

[[email protected] ~]# mysql -uextmail -pextmail extmail

mysql> SELECT username,password,"",uidnumber,gidnumber,CONCAT(‘/home/domains/‘,homedir),CONCAT(‘/home/domains/‘,maildir),quota,name from mailbox where username=‘[email protected]‘\G

*************************** 1. row ***************************

username: [email protected]

password: $1$DxNPON8B$yzxRpp7lQu5.WWi4ljINF/

:

uidnumber: 1000

gidnumber: 1000

CONCAT(‘/home/domains/‘,homedir): /home/domains/uplooking.com/u01

CONCAT(‘/home/domains/‘,maildir): /home/domains/uplooking.com/u01/Maildir/

quota: 5242880S

name: user01

1 row in set (0.00 sec)

使用命令 自动连接数据库查询

[[email protected] docs]# authtest -s /var/spool/authdaemon/socket [email protected] 123

Authentication succeeded.

Authenticated: [email protected]  (uid 1000, gid 1000)

Home Directory: /home/domains/uplooking.com/u01

Maildir: /home/domains/uplooking.com/u01/Maildir/

Quota: 5242880S

Encrypted Password: $1$DxNPON8B$yzxRpp7lQu5.WWi4ljINF/

Cleartext Password: 123

Options: (none)

[[email protected] docs]# authtest -s /var/spool/authdaemon/socket [email protected] 456

Authentication succeeded.

Authenticated: [email protected]  (uid 1000, gid 1000)

Home Directory: /home/domains/uplooking.com/u02

Maildir: /home/domains/uplooking.com/u02/Maildir/

Quota: 5242880S

Encrypted Password: $1$kIEJyc6F$MsDVCUtmS/mOw2vCpOOdg0

Cleartext Password: 456

Options: (none)

配置图形化日志：[热]

[[email protected] docs]#  /usr/local/mailgraph_ext/mailgraph-init start

启动cmdserver(在后台显示系统信息)

[[email protected] docs]# /var/www/extsuite/extman/daemon/cmdserver --daemon

10 安装cyrus-sasl

[[email protected] docs]#  yum -y install cyrus-sasl cyrus-sasl-lib cyrus-sasl-plain

[[email protected] docs]# vim /etc/postfix/main.cf

# smtpd related config ----收件人定义  rcpt to:

smtpd_recipient_restrictions =

permit_mynetworks,

permit_sasl_authenticated,

reject_non_fqdn_hostname,

reject_non_fqdn_sender,

reject_non_fqdn_recipient,

reject_unauth_destination,

reject_unauth_pipelining,

reject_invalid_hostname,

# SMTP sender login matching config  -- --发件人定义 mail from:

smtpd_sender_restrictions =

permit_mynetworks,

reject_sender_login_mismatch,

reject_authenticated_sender_login_mismatch,

reject_unauthenticated_sender_login_mismatch

smtpd_sender_login_maps =

mysql:/etc/postfix/mysql_virtual_sender_maps.cf,

mysql:/etc/postfix/mysql_virtual_alias_maps.cf

# SMTP AUTH config here

broken_sasl_auth_clients = yes

smtpd_sasl_auth_enable = yes

smtpd_sasl_local_domain = $myhostname

smtpd_sasl_security_options = noanonymous

定义认证模块如何连接数据库

[[email protected] docs]# vim /usr/lib64/sasl2/smtpd.conf

pwcheck_method: authdaemond

log_level: 3

mech_list: PLAIN LOGIN

authdaemond_path:/var/spool/authdaemon/socket

[[email protected] docs]# service postfix restart

测试SMTP认证

通过以下命令获得[email protected]的用户名及密码的BASE64编码：

# perl -e ‘use MIME::Base64; print encode_base64("u01\@uplooking.com")‘

dTAxQHVwbG9va2luZy5jb20=

# perl -e  ‘use MIME::Base64; print encode_base64("123")‘

MTIz

[[email protected] docs]# telnet mail.uplooking.com 25

Trying 192.168.0.1...

Connected to mail.uplooking.com.

Escape character is ‘^]‘.

220 mail.uplooking.com ESMTP Postfix - by uplooking.com

ehlo localhost

250-mail.uplooking.com

250-PIPELINING

250-SIZE 50000000

250-VRFY

250-ETRN

250-AUTH LOGIN PLAIN

250-AUTH=LOGIN PLAIN

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

auth login

334 VXNlcm5hbWU6

dTAxQHVwbG9va2luZy5jb20=

334 UGFzc3dvcmQ6

MTIz

235 2.7.0 Authentication successful

quit

221 2.0.0 Bye

Connection closed by foreign host.

11 安装Courier-imap

[[email protected] docs]# yum -y install courier-imap

[[email protected] docs]# /etc/init.d/courier-imap start

[[email protected] docs]# chkconfig courier-imap on

测试

[[email protected] docs]# telnet mail.uplooking.com 110

Trying 192.168.0.1...

Connected to mail.uplooking.com.

Escape character is ‘^]‘.

+OK Hello there.

user [email protected]

+OK Password required.

pass 123

+OK logged in.

list

+OK POP3 clients that break here, they violate STD53.

1 658

.

retr 1

进入后台  新增加新的域 qq.com

--配置DNS( 定义DNS的mx记录)

[[email protected] ~]# vim /var/named/qq.com.zone

@       NS      dns.qq.com.

dns     A       192.168.0.254

@       MX 5    mail.qq.com.

mail    A       192.168.0.1

--测试mx记录是否解析

[[email protected] ~]# host mail.qq.com

mail.qq.com has address 192.168.0.1

域列表----域名 qq.com

用户  ---- [email protected] 密码123

进入前端注册邮箱地址 [email protected] 密码456

http://mail.qq.com/extmail/cgi/index.cgi

测试帐号

[[email protected] ~]# authtest -s /var/spool/authdaemon/socket [email protected] 123

Authentication succeeded.

Authenticated: [email protected]  (uid 1000, gid 1000)

Home Directory: /home/domains/qq.com/q01

Maildir: /home/domains/qq.com/q01/Maildir/

Quota: 5242880S

Encrypted Password: $1$x4TzQksX$V4CTLdRCYbdRVd8w8SPUK.

Cleartext Password: 123

Options: (none)

[[email protected] ~]# authtest -s /var/spool/authdaemon/socket [email protected] 456

Authentication succeeded.

测试 [email protected] ---- [email protected]

[email protected] ---- [email protected]

--------------------------------

安装EMOS系统

[[email protected] ~]# vim /var/named/google.com.zone

@       NS      dns.google.com.

dns     A       192.168.0.254

@       MX 5    mail.google.com.

mail    A       192.168.0.10