2016年5月3日 星期二

在 CentOS7/RHEL7 上安裝設定 E-mail Server(四)

進階設定目標:
  • 大量建立 E-mail 使用者帳號,並使用 MySQL 進行管理!
進階設定流程:
  1. 追加安裝 dovecot-mysql 套件: 
    #yum -y install dovecot-mysql
  2. 驗證 postfix 是否有與 mysql 以及 dovecot 連上: 
    #postconf -m
#postconf -a
  3. 建立一個真實使用者以及放置郵件目錄: 
    #mkdir -p /var/www/mailbox/vmail
#groupadd -g 5000 vmail
#useradd -g 5000 -u 5000 -s /sbin/nologin -d /var/www/mailbox/vmail vmail
#chown -R vmail:vmail /var/www/mailbox/
#chmod -R 700 /var/www/mailbox/
  4. 修改 /etc/postfix/main.cf 基本設定: 
    #vim /etc/postfix/main.cf
#修改下列設定:
mynetworks_style = host
##mynetworks = 127.0.0.0/8, 192.168.100.0/24 <== 可註解該行

#追加下列設定:
## Vitual MailBox #####
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/www/mailbox/vmail
  5. 在 MySQL 中,建立資料表 domain, mailbox, alias, quota2: 
    #mysql -u root -p
MySQL(none)>create database MailBox;
MySQL(none)>use MailBox;
MySQL(MailBox)>CREATE TABLE domain (
              >domain varchar(255) NOT NULL default '',
              >description varchar(255) NOT NULL default '',
              >aliases int(10) NOT NULL default '0',
              >mailboxes int(10) NOT NULL default '0',
              >maxquota int(10) NOT NULL default '0',
              >transport varchar(255) default NULL,
              >backupmx tinyint(1) NOT NULL default '0',
              >created datetime NOT NULL default '0000-00-00 00:00:00',
              >modified datetime NOT NULL default '0000-00-00 00:00:00',
              >active tinyint(1) NOT NULL default '1',
              >PRIMARY KEY (domain),
              >KEY domain (domain)
              >)ENGINE=MyISAM COMMENT='Virtual Domains';


                           
MySQL(MailBox)>CREATE TABLE mailbox (
              >username varchar(255) NOT NULL default '',
              >password varchar(255) NOT NULL default '',
              >name varchar(255) NOT NULL default '',
              >maildir varchar(255) NOT NULL default '',
              >quota int(10) NOT NULL default '0',
              >domain varchar(255) NOT NULL default '',
              >created datetime NOT NULL default '0000-00-00 00:00:00',
              >modified datetime NOT NULL default '0000-00-00 00:00:00',
              >active tinyint(1) NOT NULL default '1',
              >PRIMARY KEY (username),
              >KEY username (username)
              >)ENGINE=MyISAM COMMENT='Virtual Mailboxes';


    MySQL(MailBox)>CREATE TABLE alias ( 
              >address varchar(255) NOT NULL default '',
              >goto text NOT NULL, 
              >domain varchar(255) NOT NULL default '',
              >created datetime NOT NULL default '0000-00-00 00:00:00',
              >modified datetime NOT NULL default '0000-00-00 00:00:00',
              >active tinyint(1) NOT NULL default '1',
              >PRIMARY KEY (address),
              >KEY address (address)
              >)ENGINE=MyISAM COMMENT='Virtual Aliases';


    MySQL(MailBox)>CREATE TABLE IF NOT EXISTS `quota2` (
              >username varchar(100) NOT NULL,
              >bytes bigint(20) NOT NULL default '0',
              >messages int(11) NOT NULL default '0',
              >PRIMARY KEY  (`username`)
              >)ENGINE=MyISAM DEFAULT CHARSET=latin1;
  6. 在 MySQL 中,新增使用者,並且授權: 
    MySQL(MailBox)>use mysql;
              >CREATE USER 'mailbox'@'localhost' IDENTIFIED BY 'mailbox@123';
              >GRANT ALL PRIVILEGES ON MailBox.* TO 'mailbox'@'localhost';
  7. 將 postfix 連上 mysql : 
    #vim /etc/postfix/mysql_virtual_alias_maps.cf
user = mailbox
password = mailbox@123
hosts = localhost
dbname = MailBox
query = SELECT goto from alias WHERE address = '%s' AND active = '1'



    #vim /etc/postfix/mysql_virtual_domains_maps.cf
user = mailbox
password = mailbox@123
hosts = localhost
dbname = MailBox
query = SELECT domain FROM domain WHERE domain = '%s' AND backupmx = '0' AND active = '1'



    #vim /etc/postfix/mysql_virtual_mailbox_maps.cf
user = mailbox
password = mailbox@123
hosts = localhost
dbname = MailBox
query = SELECT maildir FROM mailbox WHERE username = '%s' AND active = '1'
  8. 設定 mailbox 大小: 
    # vim /etc/postfix/main.cf
#追加下列幾行
virtual_create_maildirsize = yes
virtual_maildir_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
  9. 設定相對應檔案內容/etc/postfix/mysql_virtual_mailbox_limit_maps.cf: 
    user = mailbox
password = mailbox@123
hosts = localhost
dbname = MailBox
table = mailbox
select_field = quota
where_field = username
additional_conditions = and active = '1'
  10. 修改 /etc/dovecot/dovecot.conf 檔案內容: 
    # vim /etc/dovecot/dovecot.conf
protocols = imap pop3 lmtp
  11. 修改 /etc/dovecot/conf.d/10-auth.conf 檔案內容: 
    # vim /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no
  12. 修改 /etc/dovecot/conf.d/10-mail.conf 檔案內容: 
    # vim /etc/dovecot/conf.d/10-mail.conf
mail_location = Maildir:/var/www/mailbox/vmail/%d/%n
namespace {
           type = private
           separator = .
           prefix = INBOX.
           inbox = yes
           hidden = no
           }
  13. 設定 pop3 以及 imap 的 quota : 
    #vim /etc/dovecot/conf.d/10-mail.conf
mail_plugins = $mail_plugins quota

#vim /etc/dovecot/conf.d/20-imap.conf
mail_plugins = $mail_plugins imap_quota

#vim /etc/dovecot/conf.d/20-pop3.conf
pop3_uidl_format = %08Xu%08Xv
mail_plugins = $mail_plugins quota

#vim /etc/dovecot/conf.d/15-lda.conf
postmaster_address = postmaster@localhost
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
protocol lda {
mail_plugins = $mail_plugins quota
}

#vim /etc/dovecot/conf.d/90-quota.conf 
dict {
  quotadict = mysql:/etc/dovecot/dovecot-dict-quota.conf
}
plugin {
  quota = dict:user::proxy::quotadict
}

#vim /etc/dovecot/dovecot-dict-quota.conf
connect = host=localhost dbname=MailBox user=mailbox password=mailbox@123
map {
     pattern = priv/quota/storage
     table = quota2
     username_field = username
     value_field = bytes
    }
map {
     pattern = priv/quota/messages
     table = quota2
     username_field = username
     value_field = messages
    }
  14. 追加 cram-md5 加密機制: 
    #vim /etc/dovecot/conf.d/10-auth.conf
#auth default {
               auth_mechanisms = plain login cram-md5
#}
  15. 設定 dovecot 帳密資料庫: 
    # vim /etc/dovecot/conf.d/10-auth.conf
!include auth-sql.conf.ext
# vim /etc/dovecot/conf.d/auth-sql.conf.ext
###反註解
userdb {
        driver = prefetch
}
  16. 設定真實的唯一使用者 vmail: 
    #vim /etc/dovecot/conf.d/10-master.conf
###反註解
service auth {
    unix_listener auth-userdb {
       mode = 0600
       user = vmail
       group = vmail
  }
}
service dict {
    unix_listener dict {
        mode = 0600
        user = vmail
        group = vmail
    }
}
  17. 編寫 dovecot 對 mysql 的設定檔: 
    # vim /etc/dovecot/dovecot-sql.conf.ext
driver = mysql
connect = host=localhost dbname=MailBox  user=mailbox password=mailbox@123
#default_pass_scheme = CRAM-MD5
default_pass_scheme = PLAIN
user_query = SELECT CONCAT('/var/www/mailbox/vmail/',domain,'/',name) AS home,5000 AS uid, \
5000 AS gid, CONCAT('*:bytes=', quota) as quota_rule FROM mailbox WHERE username = '%u' AND active='1'
password_query = SELECT username AS user, password, CONCAT('/var/www/mailbox/vmail/',domain,'/',name) \
AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid,CONCAT('*:bytes=', quota) as userdb_quota_rule \
FROM mailbox WHERE username = '%u' AND active='1'
  18. 設定 dovecot 連進 postfix: 
    #vim /etc/postfix/main.cf
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
# vim /etc/postfix/master.cf
dovecot   unix  -       n       n       -       -   pipe flags=DRhu user=vmail:vmail \
argv=/usr/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient}
  19. 重啟 dovecot 服務,測試是否有錯誤: 
    #systemctl restart dovecot
  20. 設定 SASL 讓 postfix 可以使用 smtp-auth: 
    #vim /etc/dovecot/conf.d/10-master.conf
 unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }
  21. 修改 /etc/postfix/main.cf 檔案內容: 
    #vim /etc/postfix/main.cf
##追加下列項目:
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain =

##修改下列項目,加入mysql 驗證機制:
smtpd_recipient_restrictions = 
       permit_sasl_authenticated,
            :
            : (以下省略)
  22. 重新啟動 Postfix、dovecot 服務: 
    #systemctl restart postfix
#systemctl restart dovecot
  23. 設定 SELinux: 
    # yum install setroubleshoot*
# grep dovecot /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
  24. 測試: 
    #systemctl restart postfix
#postmap -q test@example.com mysql:/etc/postfix/mysql_virtual_alias_maps.cf
  25. 檢查與驗證: 
    #mail -s "first test" test@example.com
(接著輸入下列內容:)
Hello World
.

(以上的小黑點一定要打)

#mailq
#less /var/log/maillog
#postmap -q test@example.com mysql:/etc/postfix/mysql_virtual_alias_maps.cf
  26. imap 的查驗方式: 
    #telnet localhost imap
a1 LOGIN 使用者帳號 使用者密碼
a2 LIST "" "*"
a3 EXAMINE INBOX
a4 FETCH 1 BODY[]
a5 LOGOUT

補充說明:
  • 解決一下 SELinux 的問題: 
    #grep imap /var/log/audit/audit.log | audit2allow -M mypol
#semodule -i mypol.pp
#grep dovecot-lda /var/log/audit/audit.log | audit2allow -M lda
#semodule -i lda.pp

參考資料:
  1. https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mariadb-on-centos-7
張貼者:
標籤: ,