Postfix+Sasl+Courier-authlib+Dovecot+MySQL+extmail 邮件系统部署

# yum remove postfix ##删除系统自带postfix
# userdel postfix
# groupdel postdrop
# groupadd -g 2525 postfix
# useradd -g postfix -u 2525 -s /sbin/nologin -M postfix
# groupadd -g 2526 postdrop
# useradd -g postdrop -u 2526 -s /sbin/nologin -M postdrop

yum install httpd mysql mysql-server mysql-devel openssl openssl-devel dovecot dovecot-mysql tcl tcl-devel libart_lgpl libart_lgpl-devel libtool-ltdl libtool-ltdl-devel expect expect-devel gcc gcc-c++ cyrus-sasl-md5 perl-GD perl-DBD-MySQL perl-GD perl-CPAN perl-CGI perl-CGI-Session cyrus-sasl-lib cyrus-sasl-plain cyrus-sasl cyrus-sasl-devel telnet libicu-devel -y

安装postfix

wget ftp://ftp.cuhk.edu.hk/pub/packages/mail-server/postfix/official/postfix-3.0.2.tar.gz
tar xf postfix-3.0.2.tar.gz 
cd postfix-3.0.2

make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DUSE_TLS ' 'AUXLIBS=-L/usr/lib64/mysql -lmysqlclient -lz -lrt -lm -L/usr/lib64/sasl2 -lsasl2 -lssl -lcrypto'
make
make install

Please specify the owner of the Postfix queue. Specify an account with
numerical user ID and group ID values that are not used by any other
accounts on the system.
mail_owner: [postfix]

Please specify the final destination pathname for the installed Postfix
mailq command. This is the Sendmail-compatible mail queue listing command.
mailq_path: [/usr/bin/mailq]

Please specify the final destination directory for the Postfix on-line
manual pages. You can no longer specify “no” here.
manpage_directory: [/usr/local/man]

Please specify the final destination pathname for the installed Postfix
newaliases command. This is the Sendmail-compatible command to build
alias databases for the Postfix local delivery agent.
newaliases_path: [/usr/bin/newaliases]

Please specify the final destination directory for Postfix queues.
queue_directory: [/var/spool/postfix]

Please specify the final destination directory for the Postfix README
files. Specify “no” if you do not want to install these files.
readme_directory: [no]

Please specify the final destination pathname for the installed Postfix
sendmail command. This is the Sendmail-compatible mail posting interface.
sendmail_path: [/usr/sbin/sendmail]

Please specify the group for mail submission and for queue management
commands. Specify a group name with a numerical group ID that is
not shared with other accounts, not even with the Postfix mail_owner
account. You can no longer specify “no” here.
setgid_group: [postdrop]

[root@ipython ~]# newaliases  #生成别名文件
[root@ipython ~]# ll /etc/aliases.db
-rw-r–r– 1 root root 12288 Jul 8 13:24 /etc/aliases.db

测试邮件发送

[root@ipython postfix]# telnet localhost
Trying ::...
telnet: connect to address ::: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
 ipython.localdomain ESMTP Postfix
ehlo localhost
-ipython.localdomain
-PIPELINING
-SIZE
-VRFY
-ETRN
-ENHANCEDSTATUSCODES
-8BITMIME
 DSN
mail from:root@localhost
 2.1. Ok
rcpt to:deo@localhost
 2.1. Ok
data
 End data with <CR><LF>.<CR><LF>
Subject:hello test
.
 2.0. Ok: queued as AF46E2615D4
quit
 2.0. Bye
Connection closed by foreign host.

部署dns

[root@mail ~]# yum install bind bind-utils -y

[root@mail ~]# hostname
mail.deo.com

# vi /etc/named.conf
    #    listen-on port  { 127.0.0.1; };
    #    listen-on-v6 port  { ::; };          ##注释或删除以上两行[root@mail ~]# cat /etc/named.rfc1912.zones  #到最后添加如下内容zone "deo.com" IN {
        type master;
        file "deo.com.zone";
        allow-update { none; };
        allow-transfer { none; };
};zone "80.16.172.in-addr.arpa" IN {
        type master;
        file "172.16.80.zone";
        allow-update { none; };
        allow-transfer { none; };
};[root@mail ~]# named-checkconf /etc/named.conf  #检查配置

[root@mail named]# vim /var/named/172.16.80.zone

[root@mail named]# chgrp named deo.com.zone 172.16..zone
[root@mail named]# chmod  deo.com.zone 172.16..zone
[root@mail named]# named-checkzone "deo.com" deo.com.zone
zone deo.com/IN: loaded serial
OK
[root@mail named]# named-checkzone "80.16.172.in-addr.arpa" 172.16..zone
zone 80.16..in-addr.arpa/IN: loaded serial
OK[root@mail named]# /etc/init.d/named start

[root@mail named]# dig -t MX deo.com @172.16.80.128

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> -t MX deo.com @172.16.80.128
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6781
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; QUESTION SECTION:
;deo.com. IN MX

;; ANSWER SECTION:
deo.com. 600 IN MX 10 mail.deo.com.

;; AUTHORITY SECTION:
deo.com. 600 IN NS ns.deo.com.

;; ADDITIONAL SECTION:
mail.deo.com. 600 IN A 172.16.80.128
ns.deo.com. 600 IN A 172.16.80.128

;; Query time: 0 msec
;; SERVER: 172.16.80.128#53(172.16.80.128)
;; WHEN: Sun Jul 8 22:42:41 2018
;; MSG SIZE rcvd: 95

[root@mail named]# dig -t A mail.deo.com @172.16.80.128

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> -t A mail.deo.com @172.16.80.128
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46422
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;mail.deo.com. IN A

;; ANSWER SECTION:
mail.deo.com. 600 IN A 172.16.80.128

;; AUTHORITY SECTION:
deo.com. 600 IN NS ns.deo.com.

;; ADDITIONAL SECTION:
ns.deo.com. 600 IN A 172.16.80.128

;; Query time: 0 msec
;; SERVER: 172.16.80.128#53(172.16.80.128)
;; WHEN: Sun Jul 8 22:43:14 2018
;; MSG SIZE rcvd: 79

[root@mail named]# dig -x 172.16.80.128 @172.16.80.128

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6 <<>> -x 172.16.80.128 @172.16.80.128
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36878
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;128.80.16.172.in-addr.arpa. IN PTR

;; ANSWER SECTION:
128.80.16.172.in-addr.arpa. 600 IN PTR mail.deo.com.
128.80.16.172.in-addr.arpa. 600 IN PTR ns.deo.com.

;; AUTHORITY SECTION:
80.16.172.in-addr.arpa. 600 IN NS ns.deo.com.

;; ADDITIONAL SECTION:
ns.deo.com. 600 IN A 172.16.80.128

;; Query time: 0 msec
;; SERVER: 172.16.80.128#53(172.16.80.128)
;; WHEN: Sun Jul 8 22:44:07 2018
;; MSG SIZE rcvd: 117

修改postfix配置文件

[root@mail named]# grep “^[a-z]” /etc/postfix/main.cf

myhostname = mail.deo.com
mydomain = deo.com
myorigin = $myhostname
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost,$mydomain
mynetworks_style = subnet
mynetworks = 172.16.80.0/24,127.0.0.0/8
inet_protocols = ipv4

[root@mail named]# postfix stop

[root@mail named]# postfix start

[root@mail named]# telnet mail.deo.com 25
Trying 172.16.80.128…
Connected to mail.deo.com.
Escape character is ‘^]’.
220 mail.deo.com ESMTP Postfix
ehlo mail.deo.com
250-mail.deo.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:root@deo.com
250 2.1.0 Ok
rcpt to:deo@deo.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
hello123
.
250 2.0.0 Ok: queued as 6E6E92615FE
quit
221 2.0.0 Bye
Connection closed by foreign host.

部署dovecto 用来支撑pop3 协议

[root@mail named]# yum install dovecot -y

[root@mail named]# vim /etc/dovecot/dovecot.conf

protocols = imap pop3

postfix+saslauthd   用户认证

[root@mail named]# saslauthd -v  #列出支持的认证模块
saslauthd 2.1.23
authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap

[root@mail named]# vim /etc/sysconfig/saslauthd

#MECH=pam
MECH=shadow

[root@mail named]# /etc/init.d/saslauthd start

[root@mail named]# testsaslauthd -udeo -phello123  #测试该服务是否正常
0: OK “Success.”

验证postfix是否支持cyrus风格的sasl认证# /usr/sbin/postconf -a
cyrus
dovecot
配置postfixvi /etc/postfix/main.cf 

mynetworks = 127.0.0.0/8
  #mynetworks = 172.16.80.0/28, 127.0.0.0/8

# vi /etc/postfix/main.cf  #添加如下内容到最后即可，复制文件时候后面中文去掉，否则有可能乱码有问题
############################CYRUS-SASL############################
broken_sasl_auth_clients = yes    ##使用SSL验证客户端身份
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination       ###收件人限定
smtpd_sasl_auth_enable = yes       ##启用SSL认证
smtpd_sasl_local_domain = $myhostname    ##SSL认证的本地域
smtpd_sasl_security_options = noanonymous   ##不支持匿名用户
smtpd_sasl_path = smtpd        ##指定需使用SSL认证的程序
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!

vi /usr/lib64/sasl2/smtpd.conf ##新建文件并添加如下
pwcheck_method: saslauthd ##指定密码检查方法
mech_list: PLAIN LOGIN ##指定认证机制

log_level: 3  #测试时使用，生产中关闭

# postfix reload ##重新加载postfix

[root@mail named]# /etc/init.d/saslauthd restart

测试认证功能

[root@mail ~]# telnet localhost 25
Trying ::1…
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
220 Welcome to our mail.deo.com ESMTP,Warning: Version not Available!
ehlo mail.deo.com
250-mail.deo.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN   ##出现以上两行说明cyrus-sasl认证功能已添加成功
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

发送邮件测试

发送qq邮箱测试

Dovecot 配置 dovecot.conf 文件配置邮件接收的存储位置，要和postfix配置目录一致

/etc/dovecot/conf.d/10-mail.conf 去掉下面一行注释

mail_location = maildir:~/Maildir

[root@mail Maildir]# vim /etc/postfix/main.cf

home_mailbox = Maildir/

至此  邮件收发功能基本完成，下篇介绍虚拟域 虚拟用户

https://www.cnblogs.com/hellojackyleon/p/9286909.html