CentOS 7 基于 Postfix Dovecot Extmail 搭建邮件服务器

发表于 阅读次数: 本文字数: 2.6k 阅读时长 ≈ 10 分钟

简介

安装环境:CENTOS 7.3 Mysql Nginx Postfix Dovecot
web 模块是最先需要确定的,因为它决定了邮箱系统最核心的数据结构,这里选用国产的 extmail,其他所有模块都按照 extmail 的结构进行配置修改。
如果在main.cf里设置virtual_transport = virtual,就表示对于包含在 virtual_mailbox_domains域名里的邮件,都使用 virtual 进行投递。
用户信息存储方式也有很多可选的,比如 mysql,ldap 等。这里选 mysql,原因是各个模块,包括 extmail 等对这个支持最好最方便最简单。在投递邮件的时候,需要确定一些数据,比如收件用户的 Maildir 的路径,保存邮件用的 uid,gid,邮箱容量等,这些数据需要 courier-authlib 来提供。
整个系统模块间的作用和关系是:
postfix 作为 MTA(Mail Transfer Agent), 负责创建 smtp 服务(smtpd)接收本域用户或其他域名服务器投递来的邮件,负责向其他服务器投递(发送)邮件,管理邮件队列;
courier-authlibmaildrop 提供与用户相关的信息查询;
dovecot 提供系统的 POP3IMAP 服务,同时给 postfix 提供 SMTPSASL 认证服务。

部署过程

创建邮箱存储目录 /var/mail,子目录结构为 ./[domain]/[username]

一、准备工作

  1. 关闭Selinux,关闭firewalld防火墙
  2. 由于CentOS7默认安装的是MariaDB,所以要添加MySQL的yum源,有些编译需要的devel包只有epel扩展源有,所以把epel源也一并添加。
1
2
3
4
wget http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm
rpm -ivh mysql-community-release-el7-5.noarch.rpm
wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -ivh epel-release-latest-7.noarch.rpm
  1. 安装编译环境及其他所需要的包
1
2
3
4
yum install nginx vim gcc gcc-c++ openssl openssl-devel db4-devel ntpdate \
mysql mysql-devel mysql-server bzip2 php-mysql cyrus-sasl-md5 perl-GD perl-DBD-MySQL \
perl-GD perl-CPAN perl-CGI perl-CGI-Session cyrus-sasl-lib cyrus-sasl-plain cyrus-sasl \
cyrus-sasl-devel libtool-ltdl-devel telnet mail libicu-devel  -y

二、安装postfix

1.卸载系统自带的postfix,删除postfix用户,重新指定uidgid创建新用户postfixpostdrop

1
2
3
4
5
6
7
yum remove postfix -y
userdel postfix
groupdel postdrop
groupadd -g 5000 postfix
useradd -g postfix -u 5000 -s /sbin/nologin -M postfix
groupadd -g 5001 postdrop
useradd -g postdrop -u 5001 -s /sbin/nologin -M postdrop

再把存放邮件目录授权给新建的用户

1
2
chown vmail:vmail /var/mail
chmod 700 /var/mail

2.下载源码包并编译安装

1
2
3
4
5
6
wget ftp://ftp.cuhk.edu.hk/pub/packages/mail-server/postfix/official/postfix-3.3.2.tar.gz
tar xf postfix-3.3.2.tar.gz
cd postfix-3.3.2
make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DUSE_TLS ' \
'AUXLIBS=-L/usr/lib64/mysql -lmysqlclient -lz -lrt -lm -L/usr/lib64/sasl2 -lsasl2   -lssl -lcrypto'
make && make install

make install 的时候会有个交互式的界面,自定义一些目录,我们这里只更改第二项临时文件目录为 /tmp/extmail,其他的全部默认。

3.改目录的属主和属组

1
2
3
4
chown -R postfix:postdrop /var/spool/postfix
chown -R postfix:postdrop /var/lib/postfix/
chown root /var/spool/postfix
chown -R root /var/spool/postfix/pid

4.修改postfix的配置文件

1
vim /etc/postfix/main.cf
1
2
3
4
5
6
7
8
myhostname = mail.example.com        //设置主机名
mydomain = example.com        //指定域名
myorigin = $mydomain        //指明发件人所在的域名
inet_interfaces =         //all指定postfix系统监听的网络接口
mynetworks_style = host        //指定信任网段类型
mynetworks = 192.168.100.1/24, 127.0.0.0/8        //指定信任的客户端
relay_domains = $mydestination        //指定允许中转邮件的域名
alias_maps = hash:/etc/aliases        //设置邮件的别名

启动 postfix

1
systemctl start postfix

启动后注意查看 /var/log/maillog 里是否有错误消息

5.用 telnet 测试是否正常

  1. Yum install telnet
  2. Telnet 127.0.0.1 25
  3. 填写 发件人 MAIL FROM:<test@domain.com>
  4. 填写收件人 RCPT TO:xxxx@163.com
  5. 写邮件内容 DATA 回车
1
2
3
4
- 输入标题 `Subject: test message`
- 写内容 `test body`
- 以 . 结束
- 若提示 `250 2.0.0 Ok: queued as 88D6D32A94` 则说明已发送

三、安装dovecot

1.安装 dovecot

1
yum install -y dovecot dovecot-mysql

2.配置 dovecot

cd /etc/dovecot

1
vim dovecot.conf

添加下面几行

1
2
3
4
protocols = imap pop3
!include conf.d/*.conf
Listen = * 
Base_dir = /var/run/dovecot/

3.设置认证方式
cd conf.d
vim 10-auth.conf
disable_plaintext_auth = no

4.设置邮件存放目录

1
vim 10-mail.conf
1
2
3
mail_location = maildir:~/Maildir
mail_location = maildir:/var/mail/%d/%n/Maildir
mail_privileged_group = mail

5.配置不启用SSL加密
vim 10-ssl.conf
ssl = no
6.配置dovecot日志
vim 10-logging.conf

1
2
3
log_path = /var/log/dovecot.log
info_log_path = /var/log/dovecot.info
log_timestamp = "%Y-%m-%d %H:%M:%S "

7.修改 mysql 认证

1
2
cp auth-sql.conf.ext auth-sql.conf
Vim auth-sql.conf
1
2
3
4
5
6
7
passdb {  
  driver = sql  
  # Path for SQL configuration file, see example-config/dovecot-sql.conf.ext  
  args = /etc/dovecot/dovecot-mysql.conf}
userdb {  
  driver = sql  
  args = /etc/dovecot/dovecot-mysql.conf}

8.编辑 dovecot 通过 mysql 认证的配置文件

1
vim /etc/dovecot/dovecot-mysql.conf
1
2
3
4
5
driver = mysql
connect = host=localhost dbname=extmail user=extmail password=extmail
default_pass_scheme = CRYPT
password_query = SELECT username AS user,password AS password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, uidnumber AS uid, gidnumber AS gid FROM mailbox WHERE username = '%u'

四、安装 Courier-authlib

先下载courier-unicode-1.2并编译安装,否则编译会报如下错:
configure: error: The Courier Unicode Library 1.2 appears not to be installed. You may need to install a separate development subpackage, in addition to the main package

1
2
3
4
5
wget https://sourceforge.net/projects/courier/files/courier-unicode/1.2/courier-unicode-1.2.tar.bz2
tar xf courier-unicode-1.2.tar.bz2 
cd courier-unicode-1.2
./configure
make && make install

1.下载courier-authlib解压并编译

1
2
wget https://sourceforge.net/projects/courier/files/authlib/0.66.2/courier-authlib-0.66.2.tar.bz2 &&
tar xf courier-authlib-0.66.2.tar.bz2

编译:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
./configure \
--prefix=/usr/local/courier-authlib \
    --sysconfdir=/etc \
	--without-authpam \
	--without-authshadow \
	--without-authvchkpw \
	--without-authpgsql \
	--with-authmysql \
	--with-mysql-libs=/usr/lib64/mysql \
	--with-mysql-includes=/usr/include/mysql \
	--with-redhat \
	--with-authmysqlrc=/etc/authmysqlrc \
	--with-authdaemonrc=/etc/authdaemonrc \
	--with-mailuser=postfix

安装:

1
Make && make install

2.配置
chmod 755 /usr/local/courier-authlib/var/spool/authdaemon

1
2
cp /etc/authdaemonrc.dist  /etc/authdaemonrc
cp /etc/authmysqlrc.dist  /etc/authmysqlrc
  • 设置 Sql 模式
1
vim /etc/authdaemonrc
1
2
authmodulelist="authmysql"
authmodulelistorig="authmysql"
  • 配置 MySQL 参数
1
vim /etc/authmysqlrc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
MYSQL_SERVER            localhost
MYSQL_USERNAME          extmail
MYSQL_PASSWORD          extmail
MYSQL_SOCKET            /var/lib/mysql/mysql.sock
MYSQL_PORT               3306
MYSQL_DATABASE          extmail
MYSQL_USER_TABLE        mailbox
MYSQL_CRYPT_PWFIELD     password
DEFAULT_DOMAIN          test.com
MYSQL_UID_FIELD         '5000'
MYSQL_GID_FIELD         '5000'
MYSQL_LOGIN_FIELD       username
MYSQL_HOME_FIELD        concat('/var/mailbox/',homedir)
MYSQL_NAME_FIELD        name
MYSQL_MAILDIR_FIELD     concat('/var/mailbox/',maildir)

3.Courier-authlib添加服务启动脚本及启动服务:

1
2
3
4
5
6
[root@localhost  courier-authlib-0.66.2]# cp courier-authlib.sysvinit /etc/init.d/courier-authlib
[root@localhost  courier-authlib-0.66.2]# chmod +x /etc/init.d/courier-authlib
[root@localhost  courier-authlib-0.66.2]# chkconfig --add courier-authlib
[root@localhost  courier-authlib-0.66.2]# chkconfig courier-authlib on
[root@localhost  courier-authlib-0.66.2]# echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf.d/courier-authlib.conf
[root@localhost  courier-authlib-0.66.1]# ldconfig
1
service courier-authlib start

smtp以及虚拟用户相关的设置:
vim /usr/lib64/sasl2/smtpd.conf //文件不存在,需要创建

1
2
3
4
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket

vim /etc/postfix/main.cf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
##postfix支持SMTP##
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = ''
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
broken_sasl_auth_clients=yes
smtpd_client_restrictions = permit_sasl_authenticated
smtpd_sasl_security_options = noanonymous
##postfix支持虚拟用户##
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf   //这里的配置文件需在后面extman
里复制过来
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_transport = virtual

五、安装extmail

extmailextman 可到官网[http://www.extmail.org/download]自行下载
1.创建目录并解压
mkdir -p /var/www/extsuite
tar xf extmail-1.2.tar.gz -C /var/www/extsuite/
mv /var/www/extsuite/extmail-1.2/ /var/www/extsuite/extmail

2.更改extmail的配置文件
cd /var/www/extsuite/extmail

1
cp webmail.cf.default webmail.cf

编辑配置文件:Vim webmail.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
SYS_SESS_DIR = /tmp/extmail                 //更改属组为postfix
SYS_UPLOAD_TMPDIR = /tmp/extmail/upload   //需要使用 mkdir 创建
SYS_USER_LANG = zh_CN
SYS_MIN_PASS_LEN = 8
SYS_MAILDIR_BASE = /var/mailbox
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
SYS_MYSQL_DB = extmail
SYS_MYSQL_HOST = localhost
SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock
SYS_MYSQL_TABLE = mailbox
SYS_MYSQL_ATTR_USERNAME = username
SYS_MYSQL_ATTR_DOMAIN = domain
SYS_MYSQL_ATTR_PASSWD = password
SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket

3.建立临时文件目录与session目录
mkdir -p /tmp/extmail/upload
chown -R postfix.postfix /tmp/extmail/

六、安装extman

  1. 解压extman
    tar xf extman-1.1.tar.gz -C /var/www/extsuite/
    cd /var/www/extsuite/
    mv extman-1.1/ extman
  2. 更改 extman 配置
    cd extman
    cp webman.cf.default webman.cf
  3. 更改cgi目录属主属组
    chown -R postfix.postfix /var/www/extsuite/extman/cgi/
    chown -R postfix.postfix /var/www/extsuite/extmail/cgi/
  4. 导入数据库
    由于数据库不能识别TYPE= MyISAM ,所以这里直接导入会出错,先编辑extmail.sql数据库文件,将TYPE=MyISAM更改为ENGINE=MyISAM
1
2
vim docs/extmail.sql 
:% s/TYPE/ENGINE/g

再需要修改my.cnf配置文件

1
2
vim /etc/my.cnf
#sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES   //将这行注视掉,重启mysql,需要注意等数据库导入成功后,这项是不可以去掉注释的,不然mysql就启动不了。
1
2
mysql -uroot < extman/docs/extmail.sql 
mysql -uroot < extman/docs/init.sql
  1. 创建数据库用户 extmail 并授予权限
1
2
mysql> GRANT ALL ON extmail.* to extmail@'localhost' identified by 'extmail';
mysql> FLUSH PRIVILEGES;
  1. 复制配置文件
1
2
cd /var/www/extsuite/extman/docs/
cp mysql_virtual_* /etc/postfix/

为extman创建临时目录:

1
2
mkdir /tmp/extman
chown -R postfix.postfix /tmp/extman/
  1. 测试虚拟用户
    /usr/local/courier-authlib/sbin/authtest -s login postmaster@extmail.org extmail
1
2
3
4
5
6
7
8
Authentication succeeded.                //显示这个表示成功,测试时使用的是postmaster@extmail.org,因为我们导入的数据库init.sql里面自带了这个。
Authenticated: postmaster@extmail.org  (uid 5000, gid 5000)
Home Directory: /var/mailbox/extmail.org/postmaster  //这里需要注意/var/mailbox这个目录现在我们还没有创建,后面web访问的时候如果没有会报错,所以提前创建。
                   Maildir: /var/mailbox/extmail.org/postmaster/Maildir/
                   Quota: (none)
           Encrypted Password: $1$phz1mRrj$3ok6BjeaoJYWDBsEPZb5C0
               Cleartext Password: extmail
                   Options: (none)
  1. 测试smtp发信:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[root@localhost ~]# printf   "postmaster@extmail.org" | openssl base64
cG9zdG1hc3RlckBleHRtYWlsLm9yZw==
[root@localhost ~]#  printf   "extmail" | openssl base64
ZXh0bWFpbA==
[root@localhost ~]# telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.daen.com ESMTP Postfix
auth login
334 VXNlcm5hbWU6
cG9zdG1hc3RlckBleHRtYWlsLm9yZw==
334 UGFzc3dvcmQ6
ZXh0bWFpbA==
235 2.7.0 Authentication successful     //成功
quit
221 2.0.0 Bye
Connection closed by foreign host.

七、启动nginx实现web访问

Nginx本身并不能解析cgi,extmail 自带了解析 cgi 的程序,但是有些地方需要修改下:

1
2
3
[root@localhost ~]# vim /var/www/extsuite/extmail/dispatch-init
SU_UID=postfix
SU_GID=postfix

启动dispatch-init:

1
2
3
4
[root@localhost ~]# /var/www/extsuite/extmail/dispatch-init start
Starting extmail FCGI server...
[root@localhost ~]# /var/www/extsuite/extman/daemon/cmdserver -v -d 
loaded ok

添加nginx虚拟主机:
vim /etc/nginx/conf.d/extmail.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
server {
   listen       8080;
   server_name  mail.example.com;
   index index.html index.htm index.php index.cgi;
   root  /var/www/extsuite/extmail/html/;
   location /extmail/cgi/ {
             fastcgi_pass          127.0.0.1:8888;
             fastcgi_index         index.cgi;
             fastcgi_param  SCRIPT_FILENAME   /var/www/extsuite/extmail/cgi/$fastcgi_script_name;
             include               fcgi.conf;
        }
        location  /extmail/  {
             alias  /var/www/extsuite/extmail/html/;
        }
        location /extman/cgi/ {
             fastcgi_pass          127.0.0.1:8888;
             fastcgi_index         index.cgi;
             fastcgi_param  SCRIPT_FILENAME   /var/www/extsuite/extman/cgi/$fastcgi_script_name;
             include            fcgi.conf;
        }
        location /extman/ {
             alias  /var/www/extsuite/extman/html/;
        }
      access_log  /var/log/extmail_access.log;
}

创建fcgi.conf文件:
vim /etc/nginx/fcgi.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx;
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;
fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

安装Unix::Syslog:否则打开页面会无法显示提示需要安装Unix::Syslog

1
2
3
4
5
6
[root@localhost ~]# cd /usr/local/src/
[root@localhost /usr/local/src]# wget http://www.cpan.org/authors/id/M/MH/MHARNISCH/Unix-Syslog-1.1.tar.gz
[root@localhost /usr/local/src]# tar zxvf Unix-Syslog-1.1.tar.gz 
[root@localhost /usr/local/src]# cd Unix-Syslog-1.1
[root@localhost /usr/local/src/Unix-Syslog-1.1]# perl Makefile.PL
[root@localhost /usr/local/src/Unix-Syslog-1.1]# make && make install

启动nginx,访问服务器IP的8080端口即可

extman的登录账户为root@extmail.org密码为extmail*123*,首次使用需要先添加域,添加之后再修改域。
然后整个Web页面可以针对性的修改,作自由定制的登陆界面和自定义Logo.

Good Luck! And have fun!