Centos6 Postfix+Dovecot+Postfixadmin+Roundcube 搭建Webmail邮件系统

yuanqiao

　　

• 一 安装准备
  
  
  
  • 1 添加DNS解析记录
    
  • 2  配置iptables防火墙
    
  • 3  配置hostname
    
  • 4 配置软件源
    
  
  
  
• 二 环境配置
  
  
  
  • 1  配置LAMP环境
    
  • 2 整合Apache和PHP
    
  • 3 测试php解析
    
  
  
  
• 三  配置postfixadmin
  
  
  
  • 1 下载 postfixadmin
    
  • 2 修改配置文件
    
  • 3 配置Postfixadmin
    
  
  
  
• 四   配置Postfix
  
  
  
  • 1 安装postfix
    
  • 2 配置postfix
    
  
  
  
• 五   配置Dovecot
  
  
  
  • 1 修改配置文件
    
  • 2 添加配置文件
    
  
  
  
• 六   测试SMTP和POP3服务
  
  
  
  • 1 新建域及用户
    
  • 2 测试SMTP协议
    
  • 3 测试POP3协议
    
  
  
  
• 七   配置Roundcubemail
  
  
  
  • 1 下载roundcubemail
    
  • 2 配置roundcubemail
    
  
  
  
• 八 相关善后工作
  
  
  
  • 1 安全配置项目
    
  • 2 开启相关服务
    
  
  
  
• 九 常见错误指引
  

一、 安装准备
1、 添加DNS解析记录

• 先添加 A 记录 mail.sst888.com 解析为你的邮件服务器IP
  
• 再添加 MX 记录指向 mail.sst888.com
  

2、  配置iptables防火墙


#关闭iptables
/etc/init.d/iptables stop
#暂时关闭selinux
setenforce 0
#修改参数，永久关闭Selinux
vim /etc/selinux/config
SELINUX=disabled

• 如必须开启iptables，请开启相关端口权限。
  

# 根如必须开启iptables据默认规则，开启以下端口权限
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
# http, https
-A INPUT -p tcp --dport 80 -j ACCEPT
# smtp, submission
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 587 -j ACCEPT
# pop3, pop3s
-A INPUT -p tcp --dport 110 -j ACCEPT
-A INPUT -p tcp --dport 995 -j ACCEPT
# imap, imaps
-A INPUT -p tcp --dport 143 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT
3、  配置hostname


#暂时绑定hosts
hostname mail.ali.com
#修改network文件
vim /etc/sysconfig/network
HOSTNAME=mail.ali.com
#添加本地hosts
vim /etc/hosts
112.74.28.201 mail.ali.com


4、 配置软件源.


#新建repo文件，添加第三方软件源.
# vim /etc/yum.repos.d/ali.repo
[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
baseurl=http://mirrors.aliyun.com/epel/6/$basearch
http://mirrors.aliyuncs.com/epel/6/$basearch
enabled=1
gpgcheck=0
[epel-debuginfo]
name=Extra Packages for Enterprise Linux 6 - $basearch - Debug
baseurl=http://mirrors.aliyun.com/epel/6/$basearch/debug
http://mirrors.aliyuncs.com/epel/6/$basearch/debug
enabled=1
gpgcheck=0
[epel-source]
name=Extra Packages for Enterprise Linux 6 - $basearch - Source
baseurl=http://mirrors.aliyun.com/epel/6/SRPMS
http://mirrors.aliyuncs.com/epel/6/SRPMS
enabled=1
gpgcheck=0

二、 环境配置
1、  配置LAMP环境


#添加用户，并用yum安装LAMP相关软件
useradd -u 2000 -d /var/vmail -m -s /sbin/nologin vmail
yum -y install httpd mysql mysql-devel mysql-server php php-pecl-Fileinfo php-mcrypt php-devel php-mysql php-common php-mbstring php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc pcre pcre-devel


2、 整合Apache和PHP


#修改配置文件
#vim /etc/httpd/conf/httpd.conf
#增加以下参数
AddType application/x-httpd-php .php
PHPIniDir "/etc/php.ini"
#修改以下参数
DirectoryIndex index.php index.html index.html.var
User vmail
Group vmail

3、 测试php解析


#新建测试PHP文件
#vim /var/www/html/index.php
<?php
phpinfo();
?>
#重启Apache
/etc/init.d/httpd restart
　　注：打开浏览器，输入你的IP，看到PHP详细信息，LAMP环境OK.
三、  配置postfixadmin
1、 下载 postfixadmin


#下载并改名并解压postfixadmin
cd /var/www/html && wget http://nchc.dl.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.92/postfixadmin-2.92.tar.gz && tar xvf postfixadmin-2.92.tar.gz  && mv postfixadmin-2.92 postfixadmin
#提前安装dovecot，配置postfixadmin需要用到
yum install -y  dovecot dovecot-devel dovecot-mysql


2、 修改配置文件


#备份配置文件
cd /var/www/html/postfix && cp config.inc.php config.inc.php.bak && cp setup.php setup.php.bak
#修改配置文件中以下参数
vim config.inc.php
$CONF['configured'] = true;
$CONF['database_type'] = 'mysql';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix';
$CONF['database_password'] = 'postfix';
$CONF['database_name'] = 'postfix';
$CONF['admin_email'] = 'postmaster@sst888.com';
$CONF['encrypt'] = 'dovecot:CRAM-MD5';
$CONF['dovecotpw'] = "/usr/bin/doveadm pw";
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';
$CONF['aliases'] = '1000';
$CONF['mailboxes'] = '1000';
$CONF['maxquota'] = '1000';
$CONF['fetchmail'] = 'NO';
$CONF['quota'] = 'YES';
$CONF['used_quotas'] = 'YES';
$CONF['new_quota_table'] = 'YES';

#Mysql中建库并授权,后面配置都需要于现在授权信息一致
/etc/init.d/mysqld start
mysql
mysql> create database postfix;
mysql> grant all on postfix.* to postfix@'localhost' identified by 'postfix';
mysql> flush privileges;
#测试能否登录
mysql -upostfix -ppostfix
#修改所有者和所有组
chown -R vmail.vmail /var/www/html/postfixadmin/
chown -R vmail.vmail /var/lib/php/session/


3、 配置Postfixadmin

• 图文配置请点击查看！
  
• 图文配置详情及常见错误排除
  

四、   配置Postfix
1、 安装postfix


#yum安装postfix
yum remove -y sendmail && yum install postfix

2、 配置postfix

• 修改postfix配置文件
  

#vim /etc/postfix/main.cf
#修改以下参数
myhostname = mail.free.com
mydomain = free.com
myorigin = $mydomain
inet_interfaces = all
mynetworks_style = host
mynetworks = 192.168.18/24, 127.0.0.0/8
#添加以下参数
#虚拟域名配置
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
# Additional for quota support
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, this user has exceeded their disk space quota, please try again later.
virtual_overquota_bounce = yes
#Specify the user/group that owns the mail folders. I'm not sure if this is strictly necessary when using Dovecot's LDA.
virtual_uid_maps = static:2000
virtual_gid_maps = static:2000
#Specifies which tables proxymap can read: http://www.postfix.org/postconf.5.html#proxy_read_maps
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
#SASL SUPPORT FOR CLIENTS
# Turns on sasl authorization
smtpd_sasl_auth_enable = yes
#Use dovecot for authentication
smtpd_sasl_type = dovecot
# Path to UNIX socket for SASL
smtpd_sasl_path = /var/run/dovecot/auth-client
#Disable anonymous login. We don't want to run an open relay for spammers.
smtpd_sasl_security_options = noanonymous
#Adds support for email software that doesn't follow RFC 4954.
#This includes most versions of Microsoft Outlook before 2007.
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =  permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
# TRANSPORT MAP
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1


#vim /etc/postfix/master.cf
#注意flags前面的空格
dovecot   unix  -       n       n       -       -       pipe
flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient}

• 　　创建Mysql脚本
  
  
  
  • 请注意user password dbname 要和上面配置postfixadmin中授权的一致。
    
  
  

#vim /etc/postfix/mysql_virtual_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'
#optional query to use when relaying for backup MX
#query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1'

# vim /etc/postfix/mysql_virtual_alias_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'

#vim /etc/postfix/mysql_virtual_mailbox_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT CONCAT(domain,'/',maildir) FROM mailbox WHERE username='%s' AND active = '1'

#vim /etc/postfix/mysql_virtual_mailbox_limit_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'
五、   配置Dovecot
1、 修改配置文件

• 以下配置都是在原文件基础上修改
  

#vim /etc/dovecot/dovecot.conf
protocols = imap pop3
listen = *
dict {
quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
!include conf.d/*.conf

#vim /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no
auth_mechanisms = plain login cram-md5
!include auth-sql.conf.ext


#vim /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:%hMaildir
mbox_write_locks = fcntl

#vim /etc/dovecot/conf.d/10-master.conf
service imap-login {
inet_listener imap {
}
inet_listener imaps {
}
}
service pop3-login {
inet_listener pop3 {
}
inet_listener pop3s {
}
}
service lmtp {
unix_listener lmtp {
}
}
service imap {
}
service pop3 {
}
service auth {
unix_listener auth-userdb {
mode = 0600
user = vmail
group = vmail
}
#新加下面一段，为smtp做认证
unix_listener auth-client {
mode = 0600
user = postfix
group = postfix
}
}
service auth-worker {
}
service dict {
unix_listener dict {
mode = 0600
user = vmail
group = vmail
}
}

#vim /etc/dovecot/conf.d/15-lda.conf
protocol lda {
mail_plugins = quota
postmaster_address = postmaster@sst888.com #管理员邮箱
}

#vim /etc/dovecot/conf.d/20-imap.conf
protocol imap {
mail_plugins = quota imap_quota
}

#vim /etc/dovecot/conf.d/20-pop3.conf
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
mail_plugins = quota
}

#vim /etc/dovecot/conf.d/90-quota.conf
plugin {
quota_rule = *:storage=1G
}
plugin {
}
plugin {
quota = dict:User quota::proxy::quota
}
plugin {
}

2、 添加配置文件

• 以下配置文件为新添加文件
  

#vim /etc/dovecot/dovecot-sql.conf.ext
driver = mysql
connect = host=localhost dbname=postfix user=postfix password=postfix
default_pass_scheme = CRAM-MD5
user_query = SELECT CONCAT('/var/vmail/', maildir) AS home, 2000 AS uid, 2000 AS gid, CONCAT('*:bytes=', quota) as quota_rule FROM mailbox WHERE username = '%u' AND active='1'
password_query = SELECT username AS user, password, CONCAT('/var/vmail/', maildir) AS userdb_home, 2000 AS userdb_uid, 2000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = '%u' AND active='1'


#vim /etc/dovecot/dovecot-dict-sql.conf.ext
connect = host=localhost dbname=postfix user=postfix password=postfix
map {
pattern = priv/quota/storage
table = quota2
username_field = username
value_field = bytes
}
map {
pattern = priv/quota/messages
table = quota2
username_field = username
value_field = messages
}
六、   测试SMTP和POP3服务
1、 新建域及用户

• 新建邮箱域名
  
• 新建邮箱用户
  
• 新建域及用户图文详情
  

2、 测试SMTP协议


#telnet localhost smtp
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.ali.com ESMTP Postfix
ehlo sst888.com
250-mail.ali.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN CRAM-MD5
250-AUTH=PLAIN LOGIN CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.

3、 测试POP3协议


#telnet localhost pop3
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK Dovecot ready.
user test@sst888.com
+OK
pass test123456
+OK Logged in.
quit
+OK Logging out.
Connection closed by foreign host.
七、   配置Roundcubemail
1、 下载roundcubemail


# 下载解压并改名
cd /var/www/html &&wget https://downloads.sourceforge.net/project/roundcubemail/roundcubemail/1.0.6/roundcubemail-1.0.6.tar.gz && tar xvf roundcubemail-1.0.6.tar.gz && mv roundcubemail-1.0.6/ webmail

2、 配置roundcubemail


#更改时区
#vim /etc/php.ini
date.timezone = Asia/Shanghai
#更改所有者所有组
chown vmail.vmail -R /var/www/html/webmail/
#重启Apache
/etc/init.d/httpd restart
# Mysql授权，稍后配置需要用到
# mysql
mysql> CREATE DATABASE roundcubemail;
mysql> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcubemail@localhost IDENTIFIED BY 'roundcubemail';
mysql> FLUSH PRIVILEGES;

• 　　http://邮件服务器IP/webmail/installer.php 进行配置 图文配置详情
  
  
• 　　登陆 http://服务器IP/webmail 使用邮件系统
  
  

八、 相关善后工作
1、 安全配置项目


#删除安装记录信息文件
rm  -rf /var/www/html/webmail/installer/
# config 目录涉及账号信息
# 修改配置 使用目录容器 禁止访问
# vim /etc/httpd/conf/httpd.conf
<Location /webmail/config/>
Order allow,deny
Deny from all
</Location>

2、 开启相关服务


#开机启动
chkconfig httpd on
chkconfig mysqld on
chkconfig dovecot on
chkconfig postfix on
九、 常见错误指引

• 收信正常，发信异常。
  
• error，send mail falt
  
  
  
  • 请仔细检查 postfix 配置
    
  
  

• 连接IMAP失败。
  
• 发信正常，收信异常。
  
• ERR Authentication failed. 认证失败
  
  
  
  • 请仔细检查 dovecot 配置
    
  
  

• webmail登录页面输入账号密码后会重新返回登录页面
  

#修改session所有者和所有组
chown -R vmail.vmail /var/lib/php/session/
#重启Apache
/etc/init.d/httpd restart

• fatal: no SASL authentication mechanisms
  

#安装SASL组件
yum install  cyrus-sasl* -y

• can’t proc_open /usr/bin/doveadmpw
  
• can’t encrypt password with dovecotpw
  

#查看postfixadmin配置文件，doveadm pw 之间有空格
vim /var/www/html/postfixadmin/config.inc.php
$CONF['dovecotpw'] = "/usr/bin/doveadm pw";

• 参考文档 share you knowledge