2016年5月3日 星期二

在 CentOS7/RHEL7 上安裝設定 E-mail Server(四)

進階設定目標:
  • 大量建立 E-mail 使用者帳號,並使用 MySQL 進行管理!
進階設定流程:
  1. 追加安裝 dovecot-mysql 套件:
    #yum -y install dovecot-mysql
    
  2. 驗證 postfix 是否有與 mysql 以及 dovecot 連上:
    #postconf -m
    #postconf -a
    
  3. 建立一個真實使用者以及放置郵件目錄:
    #mkdir -p /var/www/mailbox/vmail
    #groupadd -g 5000 vmail
    #useradd -g 5000 -u 5000 -s /sbin/nologin -d /var/www/mailbox/vmail vmail
    #chown -R vmail:vmail /var/www/mailbox/
    #chmod -R 700 /var/www/mailbox/
    
  4. 修改 /etc/postfix/main.cf 基本設定:
    #vim /etc/postfix/main.cf
    #修改下列設定:
    mynetworks_style = host
    ##mynetworks = 127.0.0.0/8, 192.168.100.0/24 <== 可註解該行
    
    #追加下列設定:
    ## Vitual MailBox #####
    virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
    virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
    virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    virtual_mailbox_base = /var/www/mailbox/vmail
    
    
  5. 在 MySQL 中,建立資料表 domain, mailbox, alias, quota2:
    #mysql -u root -p
    MySQL(none)>create database MailBox;
    MySQL(none)>use MailBox;
    MySQL(MailBox)>CREATE TABLE domain (
                  >domain varchar(255) NOT NULL default '',
                  >description varchar(255) NOT NULL default '',
                  >aliases int(10) NOT NULL default '0',
                  >mailboxes int(10) NOT NULL default '0',
                  >maxquota int(10) NOT NULL default '0',
                  >transport varchar(255) default NULL,
                  >backupmx tinyint(1) NOT NULL default '0',
                  >created datetime NOT NULL default '0000-00-00 00:00:00',
                  >modified datetime NOT NULL default '0000-00-00 00:00:00',
                  >active tinyint(1) NOT NULL default '1',
                  >PRIMARY KEY (domain),
                  >KEY domain (domain)
                  >)ENGINE=MyISAM COMMENT='Virtual Domains';
    

                           
    MySQL(MailBox)>CREATE TABLE mailbox (
                  >username varchar(255) NOT NULL default '',
                  >password varchar(255) NOT NULL default '',
                  >name varchar(255) NOT NULL default '',
                  >maildir varchar(255) NOT NULL default '',
                  >quota int(10) NOT NULL default '0',
                  >domain varchar(255) NOT NULL default '',
                  >created datetime NOT NULL default '0000-00-00 00:00:00',
                  >modified datetime NOT NULL default '0000-00-00 00:00:00',
                  >active tinyint(1) NOT NULL default '1',
                  >PRIMARY KEY (username),
                  >KEY username (username)
                  >)ENGINE=MyISAM COMMENT='Virtual Mailboxes';
    

    MySQL(MailBox)>CREATE TABLE alias ( 
                  >address varchar(255) NOT NULL default '',
                  >goto text NOT NULL, 
                  >domain varchar(255) NOT NULL default '',
                  >created datetime NOT NULL default '0000-00-00 00:00:00',
                  >modified datetime NOT NULL default '0000-00-00 00:00:00',
                  >active tinyint(1) NOT NULL default '1',
                  >PRIMARY KEY (address),
                  >KEY address (address)
                  >)ENGINE=MyISAM COMMENT='Virtual Aliases';
    

    MySQL(MailBox)>CREATE TABLE IF NOT EXISTS `quota2` (
                  >username varchar(100) NOT NULL,
                  >bytes bigint(20) NOT NULL default '0',
                  >messages int(11) NOT NULL default '0',
                  >PRIMARY KEY  (`username`)
                  >)ENGINE=MyISAM DEFAULT CHARSET=latin1;
    
  6. 在 MySQL 中,新增使用者,並且授權:
    MySQL(MailBox)>use mysql;
                  >CREATE USER 'mailbox'@'localhost' IDENTIFIED BY 'mailbox@123';
                  >GRANT ALL PRIVILEGES ON MailBox.* TO 'mailbox'@'localhost';
    
  7. 將 postfix 連上 mysql :
    #vim /etc/postfix/mysql_virtual_alias_maps.cf
    user = mailbox
    password = mailbox@123
    hosts = localhost
    dbname = MailBox
    query = SELECT goto from alias WHERE address = '%s' AND active = '1'
    
    

    #vim /etc/postfix/mysql_virtual_domains_maps.cf
    user = mailbox
    password = mailbox@123
    hosts = localhost
    dbname = MailBox
    query = SELECT domain FROM domain WHERE domain = '%s' AND backupmx = '0' AND active = '1'
    
    

    #vim /etc/postfix/mysql_virtual_mailbox_maps.cf
    user = mailbox
    password = mailbox@123
    hosts = localhost
    dbname = MailBox
    query = SELECT maildir FROM mailbox WHERE username = '%s' AND active = '1'
    
    
  8. 設定 mailbox 大小:
    # vim /etc/postfix/main.cf
    #追加下列幾行
    virtual_create_maildirsize = yes
    virtual_maildir_extended = yes
    virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
    virtual_mailbox_limit_override = yes
    virtual_maildir_limit_message = "The user you are trying to reach is over quota."
    virtual_overquota_bounce = yes
    
  9. 設定相對應檔案內容/etc/postfix/mysql_virtual_mailbox_limit_maps.cf:
    user = mailbox
    password = mailbox@123
    hosts = localhost
    dbname = MailBox
    table = mailbox
    select_field = quota
    where_field = username
    additional_conditions = and active = '1'
    
    
  10. 修改 /etc/dovecot/dovecot.conf 檔案內容:
    # vim /etc/dovecot/dovecot.conf
    protocols = imap pop3 lmtp 
    
  11. 修改 /etc/dovecot/conf.d/10-auth.conf 檔案內容:
    # vim /etc/dovecot/conf.d/10-auth.conf
    disable_plaintext_auth = no
    
  12. 修改 /etc/dovecot/conf.d/10-mail.conf 檔案內容:
    # vim /etc/dovecot/conf.d/10-mail.conf
    mail_location = Maildir:/var/www/mailbox/vmail/%d/%n
    namespace {
               type = private
               separator = .
               prefix = INBOX.
               inbox = yes
               hidden = no
               }
    
  13. 設定 pop3 以及 imap 的 quota :
    #vim /etc/dovecot/conf.d/10-mail.conf
    mail_plugins = $mail_plugins quota
    
    #vim /etc/dovecot/conf.d/20-imap.conf
    mail_plugins = $mail_plugins imap_quota
    
    #vim /etc/dovecot/conf.d/20-pop3.conf
    pop3_uidl_format = %08Xu%08Xv
    mail_plugins = $mail_plugins quota
    
    #vim /etc/dovecot/conf.d/15-lda.conf
    postmaster_address = postmaster@localhost
    lda_mailbox_autocreate = yes
    lda_mailbox_autosubscribe = yes
    protocol lda {
    mail_plugins = $mail_plugins quota
    }
    
    #vim /etc/dovecot/conf.d/90-quota.conf 
    dict {
      quotadict = mysql:/etc/dovecot/dovecot-dict-quota.conf
    }
    plugin {
      quota = dict:user::proxy::quotadict
    }
    
    #vim /etc/dovecot/dovecot-dict-quota.conf
    connect = host=localhost dbname=MailBox user=mailbox password=mailbox@123
    map {
         pattern = priv/quota/storage
         table = quota2
         username_field = username
         value_field = bytes
        }
    map {
         pattern = priv/quota/messages
         table = quota2
         username_field = username
         value_field = messages
        }
    
    
  14. 追加 cram-md5 加密機制:
    #vim /etc/dovecot/conf.d/10-auth.conf
    #auth default {
                   auth_mechanisms = plain login cram-md5
    #}
    
  15. 設定 dovecot 帳密資料庫:
    # vim /etc/dovecot/conf.d/10-auth.conf
    !include auth-sql.conf.ext
    # vim /etc/dovecot/conf.d/auth-sql.conf.ext
    ###反註解
    userdb {
            driver = prefetch
    }
    
  16. 設定真實的唯一使用者 vmail:
    #vim /etc/dovecot/conf.d/10-master.conf
    ###反註解
    service auth {
        unix_listener auth-userdb {
           mode = 0600
           user = vmail
           group = vmail
      }
    }
    service dict {
        unix_listener dict {
            mode = 0600
            user = vmail
            group = vmail
        }
    }
    
    
  17. 編寫 dovecot 對 mysql 的設定檔:
    # vim /etc/dovecot/dovecot-sql.conf.ext
    driver = mysql
    connect = host=localhost dbname=MailBox  user=mailbox password=mailbox@123
    #default_pass_scheme = CRAM-MD5
    default_pass_scheme = PLAIN
    user_query = SELECT CONCAT('/var/www/mailbox/vmail/',domain,'/',name) AS home,5000 AS uid, \
    5000 AS gid, CONCAT('*:bytes=', quota) as quota_rule FROM mailbox WHERE username = '%u' AND active='1'
    password_query = SELECT username AS user, password, CONCAT('/var/www/mailbox/vmail/',domain,'/',name) \
    AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid,CONCAT('*:bytes=', quota) as userdb_quota_rule \
    FROM mailbox WHERE username = '%u' AND active='1'
    
  18. 設定 dovecot 連進 postfix:
    #vim /etc/postfix/main.cf
    virtual_transport = dovecot
    dovecot_destination_recipient_limit = 1
    # vim /etc/postfix/master.cf
    dovecot   unix  -       n       n       -       -   pipe flags=DRhu user=vmail:vmail \
    argv=/usr/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient}
    
  19. 重啟 dovecot 服務,測試是否有錯誤:
    #systemctl restart dovecot
    
  20. 設定 SASL 讓 postfix 可以使用 smtp-auth:
    #vim /etc/dovecot/conf.d/10-master.conf
     unix_listener /var/spool/postfix/private/auth {
        mode = 0666
        user = postfix
        group = postfix
      }
    
    
  21. 修改 /etc/postfix/main.cf 檔案內容:
    #vim /etc/postfix/main.cf
    ##追加下列項目:
    dovecot_destination_recipient_limit = 1
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    smtpd_sasl_auth_enable = yes
    smtpd_sasl2_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_sasl_local_domain =
    
    ##修改下列項目,加入mysql 驗證機制:
    smtpd_recipient_restrictions = 
           permit_sasl_authenticated,
                :
                : (以下省略)
    
  22. 重新啟動 Postfix、dovecot 服務:
    #systemctl restart postfix
    #systemctl restart dovecot
    
  23. 設定 SELinux:
    # yum install setroubleshoot*
    # grep dovecot /var/log/audit/audit.log | audit2allow -M mypol
    # semodule -i mypol.pp
    
  24. 測試:
    #systemctl restart postfix
    #postmap -q test@example.com mysql:/etc/postfix/mysql_virtual_alias_maps.cf
    
  25. 檢查與驗證:
    #mail -s "first test" test@example.com
    (接著輸入下列內容:)
    Hello World
    .
    
    (以上的小黑點一定要打)
    
    #mailq
    #less /var/log/maillog
    #postmap -q test@example.com mysql:/etc/postfix/mysql_virtual_alias_maps.cf
    
  26. imap 的查驗方式:
    #telnet localhost imap
    a1 LOGIN 使用者帳號 使用者密碼
    a2 LIST "" "*"
    a3 EXAMINE INBOX
    a4 FETCH 1 BODY[]
    a5 LOGOUT
    

補充說明:
  • 解決一下 SELinux 的問題:
    #grep imap /var/log/audit/audit.log | audit2allow -M mypol
    #semodule -i mypol.pp
    #grep dovecot-lda /var/log/audit/audit.log | audit2allow -M lda
    #semodule -i lda.pp
    

參考資料:
  1. https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mariadb-on-centos-7