Postfix+Sasl+Courier-authlib+Dovecot+MySQL+extmail实现WebMail

ljhk · 发表于 2015-9-17 09:23:59

一、安装前的准备工作

当用户登录到postfix发送邮件时，调用cyrus-sasl的库函数，并通过courier-authlib来进行mysql认证，如认证通过，则可以发送邮件，如所发邮件是本机所接受的邮件，则直接通过postfix存储到mailbox中，而其他用户要想收邮件，dovecot可以实现pop3和imap的MDA功能，而此过程，可通过配置dovecot使用mysql来进行对收取邮件的认证；extmail是实现通过web来代替outlook来实现MUA功能的，用户登录web的认证，也能通过mysql来实现，extman的功能是可以通过用户的注册，修改密码等请求来对账户进行管理的，如同163邮箱一样。

1
2
3
4
5
6
7

关于邮件服务器的几个名词:
MUA=====》用户代理端，即用户使用的写信、收信客户端软件
MTA=====》邮件传送端，即常说的邮件服务器，用于转发、收取用户邮件。
MDA=====》邮件代理端，相当于MUA和MTA的中间人，可用于过滤垃圾邮件。
POP=====》邮局协议，用于MUA连接服务器收取用户邮件，通信端口110。
IMOP====》互联网应用协议，功能较POP多，通信端口143。
SMTP====》简单邮件传送协议，MUA连接MTA或MTA连接MTA发送邮件使用此协议，通信端口25。

postfix的官网: http://www.postfix.org/

Courier-authlib(邮件验证库)的官网: http://www.courier-mta.org/authlib/

Dovecot的官网: http://www.dovecot.org/
            ##IMAP/POP3服务器用以接收外界发送到本机的邮件

关于curus-sasl: http://www.linuxfromscratch.org/ ... lfs/cyrus-sasl.html
            ##用以实现用户认证服务

extmail官网:http://www.extmail.org/
         ##国内唯一开源免费的WebMail邮件服务器，最新开源版1.2版是09就发布了的，不过最近             可能会发布1.3版

①安装所需软件包:

1
2
3
4

# wget http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm
# rpm -ivh mysql-community-release-el7-5.noarch.rpm
# yum install httpd mysql mysql-server mysql-devel openssl openssl-devel dovecot dovecot-mysql tcl tcl-devel libart_lgpl libart_lgpl-devel libtool-ltdl libtool-ltdl-devel expect expect-devel gcc gcc-c++
# yum install cyrus-sasl-md5 perl-GD perl-DBD-MySQL perl-GD perl-CPAN perl-CGI perl-CGI-Session cyrus-sasl-lib cyrus-sasl-plain cyrus-sasl cyrus-sasl-devel telnet libicu-devel

注:由于centos7默认安装数据库为MariaDB，所以需要添加MySQL的yum源

②添加相关用户和组

1
2
3
4
5
6
7

# yum remove postfix ##删除centos7自带postfix
# userdel postfix
# groupdel postdrop
# groupadd -g 2525 postfix
# useradd -g postfix -u 2525 -s /sbin/nologin -M postfix
# groupadd -g 2526 postdrop
# useradd -g postdrop -u 2526 -s /sbin/nologin -M postdrop

注:postdrop - Postfix mail posting utility(直译:后缀邮件发送工具)

http://www.postfix.org/postdrop.1.html

③启动依赖服务

1
2
3
4

# systemctl start mysql.service
# chkconfig mysqld on
# systemctl start saslauthd.service
# chkconfig saslauthd on

二、安装配置postfix

①安装postfix

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

# wget ftp://ftp.cuhk.edu.hk/pub/packag ... ostfix-3.0.2.tar.gz
# tar -zxvf postfix-3.0.2.tar.gz
# cd postfix-3.0.2/
# make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DUSE_TLS ' 'AUXLIBS=-L/usr/lib64/mysql -lmysqlclient -lz -lrt -lm -L/usr/lib64/sasl2 -lsasl2 -lssl -lcrypto'
  ###CCARGS参数:为编译器提供额外的参数
  ###AUXLIBS参数:指出位于标准位置之外的额外函数库
  ### -DUSE:使其可使用SASL、TLS功能
  ###-I:指出标准的额外头文件的存放目录
  ###-DHAS_MYSQL:使其支持MySQL驱动
   ###-lz=====>压缩库文件
   ###-lm=====>模块文件
# make
# make install
install_root: [/]       ##指定postfix的安装目录
tempdir: [/root/postfix-3.0.2] /tmp/postfix       ##指定临时文件目录
config_directory: [/etc/postfix]       ##指定配置文件目录
command_directory: [/usr/sbin]          ##指定命令文件目录
daemon_directory: [/usr/libexec/postfix]       ##指定守护进程目录
data_directory: [/var/lib/postfix]       ##指定数据文件目录
html_directory: [no] /var/www/html/postfix       ##指定HTML的目录
mail_owner: [postfix]       ##指定postfix的所有者队列
mailq_path: [/usr/bin/mailq]          ##指定mailq命令的路径
manpage_directory: [/usr/local/man]       ##指定man手册安装目录
newaliases_path: [/usr/bin/newaliases]
queue_directory: [/var/spool/postfix]
readme_directory: [no]
sendmail_path: [/usr/sbin/sendmail]
setgid_group: [postdrop]
shlib_directory: [no]          ##指定共享库文件
meta_directory: [/etc/postfix]    ##指定可执行文件目录

编译出现的错误1:

1
2
3
4
5

make -f Makefile.in MAKELEVEL= Makefiles
(echo "# Do not edit -- this file documents how Postfix was built for your machine."; /bin/sh makedefs) >makedefs.tmp
makedefs:行726: gcc: 未找到命令
make: *** [Makefiles] 错误 1
make: *** [makefiles] 错误 2

未安装gcc

编译出现的错误2:

1
2
3
4
5
6

make -f Makefile.in MAKELEVEL= Makefiles
(echo "# Do not edit -- this file documents how Postfix was built for your machine."; /bin/sh makedefs) >makedefs.tmp
No <db.h> include file found.
Install the appropriate db*-devel package first.
make: *** [Makefiles] 错误 1
make: *** [makefiles] 错误 2

在编译时出现上述错误的原因是相应软件包没有安装完全造成的，至于网络上所说的安装DB4-devel包之类的不靠谱，libdb4(Berkeley DB)安装后依然报如上错误。

②启动postfix
问题1:

1
2
3
4
5
6
7
8

# postfix start
postfix/postfix-script: warning: not owned by postfix: /var/lib/postfix/.
postfix/postfix-script: warning: not owned by postfix: /var/lib/postfix/./master.lock
postfix/postfix-script: warning: not owned by postfix: /var/spool/postfix/private
postfix/postfix-script: warning: not owned by postfix: /var/spool/postfix/public
postfix/postfix-script: warning: not owned by group postdrop: /var/spool/postfix/public
postfix/postfix-script: starting the Postfix mail system
postfix/postfix-script: fatal: mail system startup failed

解决方法:

1
2
3
4

# chown -R postfix.postfix /var/lib/postfix/./master.lock
# chown -R postfix.postfix /var/spool/postfix/private
# chown -R postfix.postdrop /var/spool/postfix/public
# postfix start

问题2:

1
2
3
4

# postfix start
postfix/postfix-script: warning: not owned by postfix: /var/lib/postfix/.
postfix/postfix-script: starting the Postfix mail system
postfix/postfix-script: fatal: mail system startup failed

解决方法:

1	# chown -R postfix.postfix /var/lib/postfix/.

③生成别名二进制文件：

1	# newaliases

三、配置postfix并测试

①配置postfix

1
2
3
4
5
6
7
8
9
10
11

# vi /etc/postfix/main.cf
myhostname = mail.zhi.com       #设定Mail服务器域名
mydomain = zhi.com             ##指定域名
myorigin = zhi.com             ##指定发件人地址
inet_interfaces = all          ##指定postfix系统监听的网络接口
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
                                       ##指定postfix接收邮件时收件人的域名
mynetworks_style = subnet  ##指定信任网段类型，即允许转发的来源网段，可选subnet子网，class                            网段，host本机
mynetworks = 192.168.10.0/24, 127.0.0.0/8    ##允许转发的来源IP
relay_domains = $mydestination       ## 指定允许中转邮件的域名
inet_protocols = ipv4             ##指定支持的协议

注:主机名需与Mail服务器域名一致

②snmp登录并测试邮件发送:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

[iyunv@mail ~]# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 mail.zhi.com ESMTP Postfix
ehlo localhost                ##握手
250-mail.zhi.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8
mail from:root@localhost       ##指定发送邮件的账号
250 2.1.0 Ok
rcpt to:sd@localhost             ##指定接收邮件的账号
250 2.1.5 Ok
data                            ##输入data命令，开始写邮件
354 End data with <CR><LF>.<CR><LF>
Subject:test postfix          ##邮件主题
hello                ##内容
.                         ##表示邮件完成
250 2.0.0 Ok: queued as A49F33EA87E
quit                   ##退出
221 2.0.0 Bye
Connection closed by foreign host.

③查看是否收到邮件:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

$ sudo mail       ##进入该用户，sudo到mail查看
Heirloom Mail version 12.5 7/5/10.  Type ? for help.
"/var/spool/mail/sd": 1 message 1 new          ##提示有一封新邮件
>N  1 root@localhost       Fri Sep 11 11:30  15/452 "t test postfix"  ##邮件列表
& 1                ##输入1进行查看，有多封邮件时，输入对应编号即可查看
Message  1:
From root@localhost  Fri Sep 11 11:30:46 2015
Return-Path: <root@localhost>
X-Original-To: sd@localhost
Delivered-To: sd@localhost
Subject:tr
Subject:test postfix
Date: Fri, 11 Sep 2015 11:29:08 +0800 (CST)
From: root@localhost
Status: R
hello

四、配置DNS服务器

①测试邮件发送

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

[iyunv@mail ~]# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 mail.zhi.com ESMTP Postfix
helo localhost
250 mail.zhi.com
ehlo localhost
250-mail.zhi.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8
mail from:admin@google.com
250 2.1.0 Ok
rcpt to:sd@zhi.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
subject : google
hello,welcome to google......
.
250 2.0.0 Ok: queued as 606F53EA87E
quit
221 2.0.0 Bye
Connection closed by foreign host.

②登录该用户进行查看

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

$ sudo mail
Heirloom Mail version 12.5 7/5/10.  Type ? for help.
"/var/spool/mail/sd": 2 messages 1 unread
1 root@localhost       Fri Sep 11 11:30  16/463 "t test postfix"
>U  2 admin@google.com    Fri Sep 11 13:41  15/469 "google"
& 2
Message  2:
From admin@google.com  Fri Sep 11 13:41:45 2015
Return-Path: <admin@google.com>
X-Original-To: sd@zhi.com
Delivered-To: sd@zhi.com
subject: google
Date: Fri, 11 Sep 2015 13:40:04 +0800 (CST)
From: admin@google.com
Status: RO
hello,welcome to google......

注:这里显示是Google发来的邮件，但事实并不是这样，所有我们需要DNS来防止地址伪造

③安装Bind服务器并配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

# yum install bind bind-utils
# vi /etc/named.conf
# listen-on port 53 { 127.0.0.1; };
# listen-on-v6 port 53 { ::1; };       ##注释或删除以上两行
# vi /etc/named.rfc1912.zones       ##配置区域文件
zone  "zhi.com" IN {                   ##定义正向区域
   type master;                      ##定义为主域名服务器
   file "zhi.com.zone";                ##指定区域资源文件位置
   allow-update { none; };          ##禁止更新
   allow-transfer { none;};          ##禁止区域传送
};
zone "10.168.192.in-addr.arpa" IN {          ##定义反向区域
   type master;
   file "192.168.10.zone";
   allow-update { none; };
   allow-transfer { none;};
};
# named-checkconf /etc/named.conf ##检测配置
# cd /var/named/
# vi zhi.com.zone             ##新建区域资源文件位置
$TTL  600
@          IN          SOA       ns.zhi.com       admin.zhi.com. (
                                          2015091111
                                          2H
                                          10M
                                          3D
                                          1D)
                        IN       NS ns
                        IN       MX 10 mail
www                      IN       A    192.168.10.128
ns                      IN       A    192.168.10.128
mail                   IN       A    192.168.10.128
# cp zhi.com.zone 192.168.10.zone
# vi 192.168.10.zone
$TTL  600
@          IN          SOA       ns.zhi.com       admin.zhi.com. (
                                          2015091111
                                          2H
                                          10M
                                          3D
                                          1D)
                        IN       NS ns.zhi.com.
1                      IN       PTR ns.zhi.com
1                      IN       PTR mail.zhi.com
1                      IN       PTR www.zhi.com
# named-checkzone "zhi.com" zhi.com.zone
zone zhi.com/IN: loaded serial 2015091111
OK
# named-checkzone "10.168.192.in-addr.arpa" 192.168.10.zone
zone 10.168.192.in-addr.arpa/IN: loaded serial 2015091111
OK

出现的错误:

1
2
3

# named-checkzone "10.168.192.in-addr.arpa" 192.168.10.zone
zone 10.168.192.in-addr.arpa/IN: NS 'ns.zhi.com.10.168.192.in-addr.arpa' has no address records (A or AAAA)
zone 10.168.192.in-addr.arpa/IN: not loaded due to errors.

原因:区域资源文件编辑不完整，切记NS记录后域名的“.”。

④更改权限并启动Bind

1
2
3
4
5
6

# chgrp named zhi.com.zone 192.168.10.zone ##更改组名
# chmod 640 zhi.com.zone 192.168.10.zone ##更改权限
# named-checkzone "zhi.com" zhi.com.zone ##检查语法
# named-checkzone "10.168.192.in-addr.arpa" 192.168.10.zone
# systemctl start named.service
# chkconfig named on

⑤测试DNS

1	# dig -t MX zhi.com @192.168.10.128 ##查看MX记录

1	# dig -t A mail.zhi.com ##查询A记录

1	# dig -t A mail.zhi.com @192.168.10.128

1	# dig -x 192.168.10.128 @192.168.10.128 ##查看反向解析

问题及解决方法:

1
2
3
4
5
6
7
8

# dig -t MX zhi.com @192.168.10.128
; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7_1.5 <<>> -t MX zhi.com @192.168.10.128
;; global options: +cmd
;; connection timed out; no servers could be reached
# vi /etc/named.conf
# listen-on port 53 { 127.0.0.1; };
# listen-on-v6 port 53 { ::1; }; ##监听IP出错，更改或将该两行注释、删除
# systemctl restart named.service

五、为postfix开启基于cyrus-sasl的认证功能

①验证postfix是否支持cyrus风格的sasl认证

1
2
3

# /usr/sbin/postconf -a
cyrus
dovecot

②配置postfix

1
2
3
4
5
6
7
8
9
10

# vi /etc/postfix/main.cf
############################CYRUS-SASL############################
broken_sasl_auth_clients = yes ##使用SSL验证客户端身份
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination    ###收件人限定
smtpd_sasl_auth_enable = yes    ##启用SSL认证
smtpd_sasl_local_domain = $myhostname ##SSL认证的本地域
smtpd_sasl_security_options = noanonymous ##不支持匿名用户
smtpd_sasl_path = smtpd       ##指定需使用SSL认证的程序
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!
                                                         ##欢迎信息

1
2
3

# vi /usr/lib64/sasl2/smtpd.conf    ##新建文件并添加如下
pwcheck_method: saslauthd          ##指定密码检查方法
mech_list: PLAIN LOGIN                ##指定认证机制

1
2
3

# postfix reload ##重新加载postfix
postfix/postfix-script: refreshing the Postfix mail system
# systemctl start saslauthd.service

③验证一下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

# telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 Welcome to our localhost.localdomain ESMTP,Warning: Version not Available!
ehlo mail.zhi.com
250-localhost.localdomain
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN ##出现以上两行说明cyrus-sasl认证功能已添加成功
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8
quit
221 2.0.0 Bye
Connection closed by foreign host.

六、安装Courier authentication library

①安装courier-unicode

1
2
3
4
5
6

# wget http://nchc.dl.sourceforge.net/p ... unicode-1.3.tar.bz2
# tar -jxvf courier-unicode-1.3.tar.bz2
# cd courier-unicode-1.3
# ./confgure
# make
# make install

错误1:如configure出现/libtool: line 1125: g++: command not found是由于缺少gcc的C++模块，
yum install gcc-c++即可。
错误2:courier-unicode-1.4是刚推出的，CentOS7系统configure时老出错，换成1.3版本即编译成功。

注:编译安装courier-authlib时会提示安装该程序，我第二次安装时先编译该程序后再编译courier-authlib，提示找不到文件或目录，不能进行指定，所有最好还是先编译courier-authlib，等提示了在编译courier-unicode。

②安装courier-authlib

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

# wget http://nchc.dl.sourceforge.net/p ... hlib-0.66.3.tar.bz2
# tar -jxvf courier-authlib-0.66.3.tar.bz2
# cd courier-authlib-0.66.3/
#./configure \
--prefix=/usr/local/courier-authlib \
--sysconfdir=/etc \
--without-authpam \
--without-authshadow \
--without-authvchkpw \
--without-authpgsql \
--with-authmysql \
--with-mysql-libs=/usr/lib64/mysql \
--with-mysql-includes=/usr/include/mysql \
--with-redhat \
--with-authmysqlrc=/etc/authmysqlrc \
--with-authdaemonrc=/etc/authdaemonrc \
--with-mailuser=postfix \
--with-mailgroup=postfix
# make
# make install

1
2
3

# chmod 755 /usr/local/courier-authlib/var/spool/authdaemon
# cp /etc/authdaemonrc.dist /etc/authdaemonrc
# cp /etc/authmysqlrc.dist /etc/authmysqlrc

1
2
3
4

# vi /etc/authdaemonrc ##修改如下内容
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=10

③配置其通过mysql进行邮件帐号认证

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

# vi /etc/authmysqlrc
MYSQL_SERVER       localhost
MYSQL_USERNAME    extmail
MYSQL_PASSWORD    extmail
MYSQL_SOCKET       /var/lib/mysql/mysql.sock
MYSQL_PORT       3306
MYSQL_DATABASE    extmail
MYSQL_USER_TABLE mailx
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD    '2525'
MYSQL_GID_FIELD    '2525'
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD concat('/var/mailbox/',homedir)
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD concat('/var/mailbox/',maildir)

④添加相关系统服务

1
2
3
4
5
6
7
8
9
10
11
12
13
14

# cd courier-authlib-0.66.3/
# cp courier-authlib.sysvinit /etc/rc.d/init.d/courier-authlib  ##添加服务脚本
# chmod 755 /etc/init.d/courier-authlib
# chkconfig --add courier-authlib
# chkconfig courier-authlib on
# echo "/usr/local/courier-authlib/lib/courier-authlib" >>/etc/ld.so.conf.d/courier-authlib.conf                   ##添加库文件
# ldconfig -v |grep courier                   ##查看库文件是否载入
/usr/local/courier-authlib/lib/courier-authlib:
libcourierauthcommon.so -> libcourierauthcommon.so
libcourierauthsaslclient.so -> libcourierauthsaslclient.so
libcourierauthsasl.so -> libcourierauthsasl.so
libcourierauth.so -> libcourierauth.so
# systemctl start courier-authlib.service    ##开启服务
# ps -aux |grep courier       ##查看进程是否启动

⑤配置postfix和courier-authlib
新建虚拟用户邮箱所在的目录，并将其权限赋予postfix用户:

1
2
3
4
5

# mkdir –pv /var/mailbox
# chown -R postfix /var/mailbox
# vi /usr/lib64/sasl2/smtpd.conf ##增加如下内容
log_level: 3
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket

七、配置postfix支持虚拟域和虚拟用户

编辑/etc/postfix/main.cf文件，添加如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

# vi /etc/postfix/main.cf
########################Virtual Mailbox Settings########################
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
##########################QUOTA Settings########################
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again later.
virtual_overquota_bounce = yes

八、配置dovecot

1
2
3
4
5
6
7
8
9
10
11
12
13

# vi /etc/dovecot/dovecot.conf          ##添加如下内容
protocols = imap pop3
mail_location = maildir:/var/mailbox/%d/%n/Maildir
  ……
auth default {
mechanisms = plain
passdb sql {
      args = /etc/dovecot-mysql.conf
}
userdb sql {
      args = /etc/dovecot-mysql.conf
}
……

1
2
3
4
5
6

# vi /etc/dovecot/dovecot-mysql.conf
driver = mysql
connect = host=localhost dbname=extmail user=extmail password=extmail
default_pass_scheme = CRYPT
password_query = SELECT username AS user,password AS password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, uidnumber AS uid, gidnumber AS gid FROM mailbox WHERE username = '%u'

1 2	# systemctl start dovecot.service # chkconfig dovecot on

九、安装extman和extmail

①下载extman和extmail

1 2	# wget http://7xivyw.com1.z0.glb.clouddn.com/extmail-1.2.tar.gz # wget http://7xivyw.com1.z0.glb.clouddn.com/extman-1.1.tar.gz

②创建目录并解压extmail

1
2
3
4
5

# mkdir -p /var/www/extsuite
# tar -zxvf extmail-1.2.tar.gz
# mv extmail-1.2 /var/www/extsuite/extmail
# chown -R postfix.postfix /var/www/extsuite/extmail/cgi/
##修改extmail的cgi目录的属主和属组

③配置extmail

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

# cd /var/www/extsuite/extmail/
# cp webmail.cf.default  webmail.cf
# vi webmail.cf
SYS_SESS_DIR=/tmp/extmail
SYS_UPLOAD_TMPDIR=/tmp/extmail/upload
SYS_USER_LANG=zh_CN                      ##修改web界面显示的语言
SYS_MESSAGE_SIZE_LIMIT = 5242880          ##用户可以发送的最大邮件(默认5M)
SYS_MAILDIR_BASE = /var/mailbox             ##修改为前文中所设置的用户邮件的存放目录
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail          ##修改连接数据库的用户名和密码
SYS_MYSQL_HOST = localhost                   ##指定数据库主机名
SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock    ##连接数据库的sock文件的存放位置
SYS_MYSQL_TABLE = mailbox
SYS_MYSQL_ATTR_USERNAME = username
SYS_MYSQL_ATTR_DOMAIN = domain
SYS_MYSQL_ATTR_PASSWD = password
SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket
                                          ##指明authdaemon socket 的文件存放位置

④解决依赖关系

1	# yum install perl-Unix-Syslog

注:如无本软件，登录extmail页面时会提示错误，提示安装该软件。
如直接yum没有包，可以添加第三方yum源EPEL进行下载，方法参见本博。

⑤安装并配置extman

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

# tar -zxvf extman-1.1.tar.gz -C /var/www/extsuite/
# cd /var/www/extsuite/
# mv extman-1.1 extman
# cd extman
# cp webman.cf.default webman.cf
# vi webman.cf
SYS_MAILDIR_BASE = /var/mailbox       ##改为前文中所设置的用户邮件的存放目录
SYS_CAPTCHA_ON = 0                      ##关闭验证码
SYS_DEFAULT_SERVICES = webmail,smtpd,smtp,pop3,netdisk,imap ##添加对imap协议的支持
SYS_DEFAULT_UID = 2525                   ##设置用户ID
SYS_DEFAULT_GID = 2525                         ##设置用户组的ID
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail                ##连接数据库的用户名和密码
SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock ##连接数据库的sock文件的存放位置
# chown -R postfix.postfix /var/www/extsuite/extman/cgi##修改extman 的cgi目录的属主和属组
# mkdir -pv /tmp/extman
# chown postfix.postfix /tmp/extman

1
2
3
4
5
6
7
8
9
10
11

# cp /var/www/extsuite/extman/docs/mysql_virtual_*  /etc/postfix/
                              ##拷贝支持虚拟域和虚拟用户所用到的配置文件
# cd /var/www/extsuite/extman/docs
# sed -i  's/TYPE=MyISAM/ENGINE=MyISAM/g'  extmail.sql
# sed -i  's/TYPE=MyISAM/ENGINE=MyISAM/g'  init.sql  ##对以上两文件进行更改，不然会导入错误
# mysql -u root -p < extmail.sql
# mysql -u root -p < init.sql       ##导入以上两文件至MySQL数据库
# mysql -u root       ##这里我们是默认的，没有密码
mysql> grant all on extmail.* to extmail@'localhost' identified by 'extmail';
mysql> grant all on extmail.* to extmail@'127.0.0.1' identified by 'extmail';
mysql> flush privileges;    ##授予extmail用户访问extmail数据库权限并刷新权限

注:启用虚拟域后，需取消中心域，即注释掉myhostname, mydestination, mydomain, myorigin几个指令
问题:

1
2
3

# mysql -u root -p < extmail.sql
Enter password:
ERROR 1364 (HY000) at line 31: Field 'ssl_cipher' doesn't have a default value

解决方法:

1
2
3
4

# vi /etc/my.cnf
将sql-mode=STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
更改为sql_mode=NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
# systemctl restart mysql.service

⑥重启postfix

1
2
3

# postfix stop
# postfix check ##进行配置检查
# postfix start

十、配置httpd服务器

1
2
3
4
5
6
7
8
9
10
11
12
13

# vi /etc/httpd/conf/httpd.conf
User  postfix
Group postfix
<VirtualHost *:80>
ServerName mail.zhi.com
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
ScriptAlias /extman/cgi  /var/www/extsuite/extman/cgi
Alias /extman  /var/www/extsuite/extman/html
</VirtualHost>
#DocumentRoot /var/www/html    ##注释掉该行
# systemctl start httpd.service

1 2	# vi /etc/hosts 127.0.0.1 mail.zhi.com

在浏览器中输入mail.zhi.com:

提示:Unix::Syslog not found, please install it first!
解决方法:在第九部分安装extman和extmail中已经说过了，直接yum install perl-Unix-Syslog

刷新进入extmail页面

输入用户名和密码登录邮箱管理【默认用户名:root@extmail.org；默认密码:extmail*123*】

登录邮箱管理后出现的问题:

1	Can't open /tmp/extman//sid_c81e7e25d1009368071502ec9842fac0, No such file or directory

原因:extman的临时文件默认是放到/tmp/extman下的，CentOS、RHEL会不定期清理tmp文件夹下的文件

解决方法:

1
2
3
4

# mkdir -p /var/www/extsuite/extman/session
# chmod 777 -R /var/www/extsuite/extman/session
# vi /var/www/extsuite/extman/webman.cf
SYS_SESS_DIR = /var/www/extsuite/extman/session

成功登录后台

新建用户并测试

这里显示已经收到邮件

测试发送邮件至163邮件
(由于我们的域名并不存在，其他如QQ邮箱等会将邮件当垃圾邮件拦截，无法发送，还是163人性化)

也能发送成功，当然由于我们的域名不存在，所以无法回信了

问题1:

1 2	# tail -f /var/log/httpd/error_log Prototype mismatch: sub Encode::IMAPUTF7::decode ($$;$) vs none at /var/www/extsuite/extman/libs/Encode/IMAPUTF7.pm line 76

解决方法:

1
2
3
4
5
6
7

# wget https://cpan.metacpan.org/author ... MAPUTF7-1.05.tar.gz
# tar -zxvf Encode-IMAPUTF7-1.05.tar.gz
# cd Encode-IMAPUTF7-1.05/
# perl Makefile.PL
# cd lib/Encode/
# cp IMAPUTF7.pm /var/www/extsuite/extman/libs/Encode/
# systemctl restart httpd.service

问题2:
新建用户后登录提示:

1	Insecure dependency in sprintf while running with -T switch at /usr/lib64/perl5/vendor_perl/Unix/Syslog.pm line 59.

解决方法:

1 2	# vi /var/www/extsuite/extmail/cgi/index.cgi #!/usr/bin/perl -wT ##将该行的T去掉即可

问题3:
登录后台管理系统无法显示系统信息，提示No such file or directory，安装网络上说的
# ps aux | grep cmdserver
# kill -9 xxxx
# /var/www/extsuite/extman/daemon/cmdserver -v -d
并未解决问题，不知道是不是版本久远的原因啊

yi513 · 发表于 2015-10-9 18:34:26

顶起来

账号		自动登录	找回密码
密码			立即注册

VMware vcenter+vSphere 6.5 U2共享

【跟谁学】韩宇极简英语课-技术人员不得不

用Zabbix通过JMX方式监控weblogic

winhex数据恢复教程（非常巨大，内容丰富）

Symantec Backup Exec 2015 2016/2012 BE20

NetScaler VPX部署之：NetScaler Gateway调

zabbix3.4.1安装部署+微信推送信息+大屏显

[经验分享] Postfix+Sasl+Courier-authlib+Dovecot+MySQL+extmail实现WebMail

扫码加入运维网微信交流群