注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

linux++的博客

LINUX+ORACLE+NBA+GAME=NET

 
 
 

日志

 
 

extmail安装  

2009-01-13 10:23:14|  分类: linux |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |

这几天在安装了一个mail系统,把安装过程记录一下,在我的机器中安装成功,但是大家在安装时一定要看提示,一定要细心,因为每个系统不一样,不可以照抄照做。

ExtMail Solution 是一个基于优秀开源软件的电子邮件系统解决方案,核心部件包括了Postfix, Amavisd-new, ClamAV, ExtMail 和ExtMan, Courier系列软件。是一个功能相对比较齐全的免费电子邮件系统。

一、配置selinux

屏蔽掉SELinux对MySQL及httpd的保护。方法如下:

setsebool httpd_disable_trans=1

setsebool mysqld_disable_trans=1

操作完毕后,重新启动mysql及apache,并将如下命令加入/etc/rc.d/rc.local以便服务器启动后能自动生效:

/usr/sbin/setsebool httpd_disable_trans=1
/usr/sbin/setsebool mysqld_disable_trans=1
/etc/init.d/mysqld restart
/etc/init.d/httpd restart

二、下载ExtMail Solution软件包

su - root

cd /root

wget http://www.extmail.org/source/ExtMail-Solution-Linux-0.2.tar.gz 

wget http://www.extmail.org/source/md5sum.es_linux-0.2

cat md5sum.es_linux-0.2

md5sum ExtMail-Solution-Linux-0.2.tar.gz

在/root目录解开:

tar xfz ExtMail-Solution-Linux-0.2.tar.gz

我们本次安装默认域是mail1.qyhw.org,主机名为:mail1.qyhw.org,ExtMail Solution的文件目录是/root/ExtMail-Solution-Linux-0.2/

我们进入/root/ExtMail-Solution-Linux-0.2/目录,绝大部分都是发生在/root/ExtMail-Solution-Linux-0.2目录里,请确保当前目录为:/root/ExtMail-Solution-Linux-0.2

配置Postfix MTA
删除冲突软件,sendmail,需要执行:
rpm -e --nodeps sendmail

安装postfix
rpm -ivh --nodeps RPMS/postfix-2.5.1-2ext.i386.rpm
postfix-2.5.5-3.ired.i386.rpm 这里我是安装的这个包,它带的这个我安装后,以后的配置中出现问题,大家最好是postconf -m查

看下是不是有mysql模块,有这个模块就可以


配置postfix
简化postfix配置:
postconf -n > /etc/postfix/main2.cf
mv /etc/postfix/main.cf /etc/postfix/main.cf.old
mv /etc/postfix/main2.cf /etc/postfix/main.cf

再编辑main.cf:

vi /etc/postfix/main.cf

增加如下内容:
# hostname
mynetworks = 210.51.173.189/32,172.20.0.0/16,127.0.0.0/8
myhostname = mail1.qyhw.org
mydestination = $mynetworks $myhostname $mydomain

mydomain = mail1.qyhw.org
inet_interfaces = all

# banner
mail_name = Postfix - by extmail.org
smtpd_banner = $myhostname ESMTP $mail_name

# response immediately
smtpd_error_sleep_time = 0s
unknown_local_recipient_reject_code = 450

# extmail config here
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_transport = maildrop:

编辑mysql_virtual_alias_maps.cf
vi /etc/postfix/mysql_virtual_alias_maps.cf

内容如下:
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = alias
select_field = goto
where_field = address

编辑mysql_virtual_domains_maps.cf
vi /etc/postfix/mysql_virtual_domains_maps.cf

内容如下:
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = domain
select_field = domain
where_field = domain
#additional_conditions = and backupmx ='0' and active ='1'

编辑mysql_virtual_mailbox_maps.cf
vi /etc/postfix/mysql_virtual_mailbox_maps.cf
内容如下:
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = mailbox
select_field = maildir
where_field = username
#additional_conditions = and active = '1'

配置Courier-Authlib
[root@cloned-XL-C512-00 ExtMail-Solution-Linux-0.2]# rpm -Uvh RPMS/libtool-libs-1.5.6-4.EL4.2.i386.rpm
[root@cloned-XL-C512-00 ExtMail-Solution-Linux-0.2]# rpm -ivh RPMS/courier-authlib-0.60.2-1ext.i386.rpm
[root@cloned-XL-C512-00 ExtMail-Solution-Linux-0.2]# rpm -ivh RPMS/courier-authlib-devel-0.60.2-1ext.i386.rpm
[root@cloned-XL-C512-00 ExtMail-Solution-Linux-0.2]# rpm -ivh RPMS/courier-authlib-mysql-0.60.2-1ext.i386.rpm
error: Failed dependencies:
        libcrypto.so.4 is needed by courier-authlib-mysql-0.60.2-1ext.i386
        libmysqlclient.so.14 is needed by courier-authlib-mysql-0.60.2-1ext.i386
        libmysqlclient.so.14(libmysqlclient_14) is needed by courier-authlib-mysql-0.60.2-1ext.i386
        libssl.so.4 is needed by courier-authlib-mysql-0.60.2-1ext.i386
[root@cloned-XL-C512-00 ExtMail-Solution-Linux-0.2]# 要解决这个关系,我们可另行安装两个包就可以了,我把包找好了
[root@cloned-XL-C512-00 ~]# rpm -ivh mysql.rpm
Preparing...                ########################################### [100%]
   1:mysql-libs             ########################################### [100%]
[root@cloned-XL-C512-00 ~]# rpm -ivh openssl.rpm
warning: openssl.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2
Preparing...                ########################################### [100%]
   1:openssl097a            ########################################### [100%]

编辑/etc/authlib/authmysqlrc文件,并将其内容清空,然后增加如下内容:

MYSQL_SERVER            localhost
MYSQL_USERNAME          extmail
MYSQL_PASSWORD          extmail
MYSQL_SOCKET            /var/lib/mysql/mysql.sock
MYSQL_PORT              3306
MYSQL_OPT               0
MYSQL_DATABASE          extmail
MYSQL_USER_TABLE        mailbox
MYSQL_CRYPT_PWFIELD     password
MYSQL_UID_FIELD         uidnumber
MYSQL_GID_FIELD         gidnumber
MYSQL_LOGIN_FIELD       username
MYSQL_HOME_FIELD        homedir
MYSQL_NAME_FIELD        name
MYSQL_MAILDIR_FIELD     maildir
MYSQL_QUOTA_FIELD       quota
MYSQL_SELECT_CLAUSE     SELECT username,password,"",uidnumber,gidnumber,\
                        CONCAT('/home/domains/',homedir),               \
                        CONCAT('/home/domains/',maildir),               \
                        quota,                                          \
                        name                                            \
                        FROM mailbox                                    \
                        WHERE username = '$(local_part)@$(domain)'

存盘退出后启动courier-authlib:

service courier-authlib start
如一切正常,命令行将返回如下信息:

Starting Courier authentication services: authdaemond


修改authdaemon socket目录权限

如果该目录权限不正确修改,maildrop及postfix等将无法正确获取用户的信息及密码认证:
chmod 755 /var/spool/authdaemon/


安装Maildrop

[root@cloned-XL-C512-00 ExtMail-Solution-Linux-0.2]# rpm -ivh RPMS/maildrop-2.0.4-1ext.i386.rpm
Preparing...                ########################################### [100%]
    Adding vmail group to system
    Adding vmail user to system
   1:maildrop               ########################################### [100%]
    ====================================================   
    Only root vuser postfix mail vmail can use -d option   
    ====================================================   
[root@cloned-XL-C512-00 ExtMail-Solution-Linux-0.2]# rpm -ivh RPMS/maildrop-man-2.0.4-1ext.i386.rpm
Preparing...                ########################################### [100%]
   1:maildrop-man           ########################################### [100%]
[root@cloned-XL-C512-00 ExtMail-Solution-Linux-0.2]#

 

配置master.cf
为了使Postfix支持Maildrop,必须修改/etc/postfix/master.cf文件,注释掉原来的maildrop的配置内容,并改为:
maildrop   unix        -       n        n        -        -        pipe
    flags=DRhu user=vuser argv=maildrop -w 90 -d ${user}@${nexthop} ${recipient} ${user} ${extension} {nexthop}

配置main.cf
由于maildrop不支持一次接收多个收件人,因此必须在main.cf里增加如下参数:

maildrop_destination_recipient_limit = 1
最后重新启动postfix即可

 

配置Apache
编辑httpd.conf:
vi /etc/httpd/conf/httpd.conf

在730行左右,屏蔽掉AddDefaultCharset:
#AddDefaultCharset UTF-8

使apache开机默认启动:

chkconfig httpd on


虚拟主机设置
编辑/etc/httpd/conf/httpd.conf文件,在最后一行加上:

NameVirtualHost *:80
Include conf/vhost_*.conf


编辑/etc/httpd/conf/vhost_extmail.conf,里面定义虚拟主机的相关内容,包括主目录,以及ExtMail和ExtMan的相关配置,Suexec

的设置等。
# VirtualHost for ExtMail Solution
<VirtualHost *:80>
ServerName mail.extmail.org
DocumentRoot /var/www/extsuite/extmail/html/

ScriptAlias /extmail/cgi/ /var/www/extsuite/extmail/cgi/
Alias /extmail/ /var/www/extsuite/extmail/html/

ScriptAlias /extman/cgi/ /var/www/extsuite/extman/cgi/
Alias /extman/ /var/www/extsuite/extman/html/

# Suexec config
SuexecUserGroup vuser vgroup
</VirtualHost>

重新启动apache:
service httpd restart
注意:此时重新启动apache会产生以下警告信息,可不必理会

Starting httpd: Warning: DocumentRoot [/var/www/extsuite/extmail/html/] does not exist


安装ExtMail
建立/var/www/extsuite并复制源码到该目录,相关命令:
mkdir /var/www/extsuite
tar -zxvf src/extmail-1[1][1].0.4.tar.gz -C src
cp -r src/extmail-1.0.4 /var/www/extsuite/extmail
cd /var/www/extsuite/extmail
cp webmail.cf.default webmail.cf
cd $OLDPWD

注意:上面命令行中最后一个cd $OLDPWD是返回原始路径(即ExtMail Solution软件包根目录)

安装perl-Unix-Syslog包
rpm -ivh RPMS/perl-Unix-Syslog-1.0-1ext.i386.rpm

编辑webmail.cf
修改/var/www/extsuite/extmail/webmail.cf里的其他参数,主要变动的内容见下:

SYS_USER_LANG = zh_CN
SYS_USER_CHARSET = gb2312

SYS_MFILTER_ON = 1
SYS_NETDISK_ON = 1
SYS_SHOW_SIGNUP = 1

SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
SYS_MYSQL_DB = extmail

SYS_G_ABOOK_TYPE = file
SYS_G_ABOOK_FILE_CHARSET = gb2312


其中SYS_MFILTER_ON及SYS_NETDISK_ON 设置为1是为了打开网络磁盘和过滤器;SYS_SHOW_SIGNUP控制首页是否显示免费注册邮箱按钮

;全局地址本默认为ldap格式,现在也改为文本格式,并将地址本的转换编码改为GB2312

更新cgi目录权限
由于SuEXEC的需要,必须将extmail的cgi目录修改成vuser:vgroup权限:

chown -R vuser:vgroup /var/www/extsuite/extmail/cgi/
安装ExtMan - web后台
在ExtMail-Solution软件包根目录下执行:

tar -zxvf src/extman-0[1][1].2.4.tar.gz -C src
cp -r src/extman-0.2.4 /var/www/extsuite/extman/

 

配置webman.cf
修改/var/www/extsuite/extman/webman.cf内SYS_CHARSET及SYS_LANG参数为:

SYS_CAPTCHA_ON = 1
# SYS_CAPTCHA_ON参数控制首页是否采用校验码登陆
SYS_CHARSET = gb2312
SYS_LANG = zh_CN

其他参数基本上可以使用默认值。

安装perl-GD包
rpm -ivh RPMS/perl-GD-2.35-2ext.i386.rpm

更新cgi目录权限
由于SuEXEC的需要,必须将extman的cgi目录修改成vuser:vgroup权限:

chown -R vuser:vgroup /var/www/extsuite/extman/cgi/


确认MySQL状态
在执行mysql操作前,必须确认它已被正确安装并启动,可以用rpm命令查询mysql server的安装情况,用ps ax的办法查看进程列表是

否有mysqld进程:

rpm -aq|grep -i mysql-server
正常情况下应该可以看到mysql-server被安装:

mysql-server-4.1.20-2.RHEL4.1.0.1
如果没有,则表示没有安装好mysql-server,可以从本软件包RPMS目录里安装,也可以找安装光盘安装:

rpm -ivh RPMS/mysql-server-4.1.20-2.RHEL4.1.0.1.i386.rpm
安装完毕后必须初始化mysql,然后重新启动

/usr/bin/mysql_install_db
service mysqld start

正常情况下将启动成功:

Starting MySQL:                                            [  OK  ]

然后用ps命令来检查mysqld是否正确运行:

ps ax|grep mysqld
正常情况下应出现如下的结果:

433 pts/0 S 0:00 /bin/sh /usr/bin/mysqld_safe --defaults-file=/etc/my.cnf --pid-file=/var/run/mysqld/mysqld.pid
466 pts/0 Sl 0:00 /usr/libexec/mysqld --defaults-file=/etc/my.cnf --basedir=/usr --datadir=/var/lib/mysql --

user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-locking --socket=/var/lib/mysql/mysql.sock
如果mysql没正确启动,请检查/var/log/mysqld.log里面的出错提示,进行处理:

tail /var/log/mysqld.log


数据库初始化
执行以下命令导入mysql数据库结构及初始化数据,注意必须逐行输入以下命令,root密码默认为空,不可直接用鼠标复制两行命令直

接输入,否则会报错!

mysql -u root -p < /var/www/extsuite/extman/docs/extmail.sql
mysql -u root -p < /var/www/extsuite/extman/docs/init.sql

链接基本库到Extmail

建立临时文件夹:
mkdir /tmp/extman
chown -R vuser:vgroup /tmp/extman

建立刚才导入mysql的postmaster@extmail.org帐户的Maildir,请输入如下命令:

cd /var/www/extsuite/extman/tools
./maildirmake.pl /home/domains/extmail.org/postmaster/Maildir
chown -R vuser:vgroup /home/domains/extmail.org
cd $OLDPWD


测试authlib
在命令行下执行:

/usr/sbin/authtest -s login postmaster@extmail.org extmail
结果如下:

Authentication succeeded.

     Authenticated: postmaster@extmail.org  (uid 1000, gid 1000)
    Home Directory: /home/domains/extmail.org/postmaster
           Maildir: /home/domains/extmail.org/postmaster/Maildir/
             Quota: 104857600S
Encrypted Password: $1$phz1mRrj$3ok6BjeaoJYWDBsEPZb5C0
Cleartext Password: extmail
           Options: (none)

这样表明ExtMan的正确安装,数据库也正确导入,courier-authlib能正确连接到mysql数据库

最后访问http://mail.extmail.org/extmail/,如无意外,将看到webmail的登陆页,不过此时还没有加正式的用户,所以不能登陆,

包括postmaster@extmail.org也不行。必须要登陆到http://mail.extmail.org/extman/ 里增加一个新帐户才能登陆。

ExtMan的默认超级管理员帐户:root@extmail.org,初始密码:extmail*123*,登陆成功后,建议将密码修改,以确保安全。

配置Mailgraph_ext
自ExtMan 0.14-pre2 开始,系统集成了Mailgraph_ext插件,该插件使extman具备图形化显示邮件日志的能力。mailgraph_ext融合了

mailgraph和queuegraph两个软件包,除增加了更多的日志分析及图形显示能力外,还重写了web模块,集成到ExtMan后台里,这样邮

件日志将只能给经过授权的用户查看,提高了安全性。

mailgraph_ext及Extman都需要安装rrdtool工具

必需的软件包


- Perl 5.6+ (建议5.8以上)
- rrdtool 及rrdtool的perl包,地址:
  http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/
- File::Tail (还需要Time::HiRes模块)

RHEL/CentOS一般自带了perl-Time-HiRes(1.5x)所以以下的rpm安装也许会报错(提示冲突),可以不必理会。如果想安装本文所带的

新版Time-HiRes模块,可以用如下命令删除系统自带的包:

rpm -e perl-Time-HiRes --nodeps


安装依赖包/RRDtool
[root@cloned-XL-C512-00 ExtMail-Solution-Linux-0.2]# rpm -ivh RPMS/rrdtool-1.2.12-2ext.i386.rpm RPMS/perl-rrdtool-

1.2.12-2ext.i386.rpm
error: Failed dependencies:
        libart_lgpl_2.so.2 is needed by rrdtool-1.2.12-2ext.i386

[root@cloned-XL-C512-00 ~]# rpm -ivh libart_lgpl-2.3.17-4.i386.rpm
warning: libart_lgpl-2.3.17-4.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing...                ########################################### [100%]
   1:libart_lgpl            ########################################### [100%]
[root@cloned-XL-C512-00 ~]#
[root@cloned-XL-C512-00 ExtMail-Solution-Linux-0.2]# rpm -ivh RPMS/rrdtool-1.2.12-2ext.i386.rpm RPMS/perl-rrdtool-

1.2.12-2ext.i386.rpm
Preparing...                ########################################### [100%]
   1:perl-rrdtool           ########################################### [ 50%]
   2:rrdtool                ########################################### [100%]

[root@cloned-XL-C512-00 ExtMail-Solution-Linux-0.2]# rpm -ivh RPMS/perl-Time-HiRes-1.72-2ext.i386.rpm --force
Preparing...                ########################################### [100%]
   1:perl-Time-HiRes        ########################################### [100%]这一点我也没有办法了,我找不到包来,只

有force了

复制mailgraph_ext
执行以下命令:

cp -r /var/www/extsuite/extman/addon/mailgraph_ext/ /usr/local/mailgraph_ext/


启动进程
启动mailgraph_ext及qmonitor:

/usr/local/mailgraph_ext/mailgraph-init start
/usr/local/mailgraph_ext/qmonitor-init start

 

加入自启动

为了一开机就能自动执行上述进程,将上述命令加到rc.local 里面:
echo "/usr/local/mailgraph_ext/mailgraph-init start" >> /etc/rc.d/rc.local
echo "/usr/local/mailgraph_ext/qmonitor-init start" >> /etc/rc.d/rc.local

使用方法
等待大约15分钟左右,如果邮件系统有一定的流量,即可登陆到extman里,点“图形日志”即可看到图形化的日志。具体每天,周,

月,年的则点击相应的图片进入即可。
配置Cyrus-SASL 认证
RHEL4/CentOS4的cyrus-sasl默认没有打开authdaemon的支持,为了使用集中认证的authlib,必须打开这个支持。为此我们必须删除

系统的cyrus-sasl软件包,替换成打开了authdaemon支持的sasl软件包。首先要删除系统老的cyrus-sasl:

rpm -e --nodeps cyrus-sasl
然后安装新的支持authdaemon的软件包

[root@cloned-XL-C512-00 ExtMail-Solution-Linux-0.2]# rpm -ivh --nodeps RPMS/cyrus-sasl-2.1.19-5.EL4.i386.rpm
Preparing...                ########################################### [100%]
   1:cyrus-sasl             ########################################### [100%]
Postfix的SMTP认证需要透过Cyrus-SASL,连接到authdaemon获取认证信息,编辑/etc/postfix/main.cf,增加如下内容:

# smtpd related config
smtpd_recipient_restrictions =
    permit_mynetworks,
 permit_sasl_authenticated,
 reject_non_fqdn_hostname,
 reject_non_fqdn_sender,
 reject_non_fqdn_recipient,
 reject_unauth_destination,
 reject_unauth_pipelining,
 reject_invalid_hostname,
        permit
# SMTP AUTH config here
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous

其次用vi编辑/usr/lib/sasl2/smtpd.conf,确保其内容为:

pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path:/var/spool/authdaemon/socket

存盘退出后,重新启动postfix:

service postfix start


测试SMTP认证
通过以下命令获得postmaster@extmail.org的用户名及密码的BASE64编码:

perl -e 'use MIME::Base64; print encode_base64("postmaster\@extmail.org")'
cG9zdG1hc3RlckBleHRtYWlsLm9yZw==
perl -e 'use MIME::Base64; print encode_base64("extmail")'
ZXh0bWFpbA==

然后本机测试,其过程如下(蓝色的文字是我们输入/发送到Postfix的)

telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.extmail.org ESMTP Postfix - by extmail.org
ehlo demo.domain.tld
250-mail.extmail.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
cG9zdG1hc3RlckBleHRtYWlsLm9yZw==
334 UGFzc3dvcmQ6
ZXh0bWFpbA==
235 2.0.0