• FreeBSD安装ExtMail

    [FreeBSD]
    post by Holmesian / 2009-4-18 17:04 Saturday

    搞了半天原来是要安装一个面向用户的webmail系统 重新弄过咯…… [quote]增加一个存储邮件的帐号和组(vmail)执行如下命令 pw group add vmail -g 1000 pw user add vmail -u 1000 -g 1000 -s /sbin/nologin -d /dev/null [/quote] [quote] mkdir -p /var/domains/ecjtu.net/test/Maildir/new mkdir -p /var/domains/ecjtu.net/test/Maildir/cur mkdir -p /var/domains/ecjtu.ne/test/Maildir/tmp chown -R vmail:vmail /var/domains/ chmod -R 700 /var/domains/ [/quote] [quote] 安装ExtMan。安装时根据个人需要选择MySQL支持。 cd /usr/ports/mail/extman/ && make install clean [/quote] [quote] 安装Courier-IMAP并选择使用AUTH_MYSQL方式认证 Courier-IMAP是一个提供POP3、IMAP服务的程序,能够很方便的配置使其支持加密协议POP3s、IMAPs。并良好的支持Maildir。 cd /usr/ports/mail/courier-imap/ && make install clean [/quote] [quote]Authlib的配置 编辑/usr/local/etc/authlib/authdaemonrc文件,内容类似如下: authmodulelist="authldap" authmodulelistorig="authldap" daemons=5 authdaemonvar=/var/run/authdaemond subsystem=mail DEBUG_LOGIN=0 DEFAULTOPTIONS="wbnodsn=1" LOGGEROPTS="" 增加/var/run/authdaemond的执行权限,在FreeBSD系统下,其他用户默认没有执行权限 chmod +x /var/run/authdaemond 编辑/usr/local/etc/authlib/authldaprc文件,内容类似如下: LDAP_URI ldap://ldap.extmail.org LDAP_PORT 389 LDAP_PROTOCOL_VERSION 3 LDAP_BASEDN o=extmailAccount,dc=extmail.org LDAP_BINDDN cn=Manager,dc=extmail.org LDAP_BINDPW secret LDAP_TIMEOUT 5 LDAP_MAIL mail LDAP_FILTER (active=1) LDAP_GLOB_UID vmail LDAP_GLOB_GID vmail LDAP_HOMEDIR homeDirectory LDAP_MAILROOT /var/domains LDAP_MAILDIRQUOTA mailQuota LDAP_CRYPTPW userPassword LDAP_DEREF never LDAP_TLS 0 配置支持POP3s 拷贝一份配置文件 cp /usr/local/etc/courier-imap/pop3d.cnf.dist /usr/local/etc/courier-imap/pop3d.cnf 编辑/usr/local/etc/courier-imap/pop3d.cnf文件,类似如下: RANDFILE = /usr/local/share/courier-imap/pop3d.rand [ req ] default_bits = 1024 encrypt_key = yes distinguished_name = req_dn x509_extensions = cert_type prompt = no [ req_dn ] C=CN ST=BJ L=Bei Jing O=Extmail OU=Extmail CN=extmail.org emailAddress=chifeng@gmail.com [ cert_type ] nsCertType = server 执行如下命令产生供POP3s使用的证书 /usr/local/sbin/mkpop3dcert 配置支持IMAPs 拷贝一份配置文件 cp /usr/local/etc/courier-imap/imapd.cnf.dist /usr/local/etc/courier-imap/imapd.cnf 编辑/usr/local/etc/courier-imap/imapd.cnf文件,类似如下: RANDFILE = /usr/local/share/courier-imap/imapd.rand [ req ] default_bits = 1024 encrypt_key = yes distinguished_name = req_dn x509_extensions = cert_type prompt = no [ req_dn ] C=CN ST=BJ L=Bei Jing O=Extmail OU=Extmail CN=extmail.org emailAddress=chifeng@gmail.com [ cert_type ] nsCertType = server 执行如下命令产生供IMAP使用的证书 /usr/local/sbin/mkimapdcert 配置自动启动 编辑/etc/rc.conf文件,添加如下行: courier_authdaemond_enable="YES" courier_imap_pop3d_enable="YES" courier_imap_imapd_enable="YES" courier_imap_pop3d_ssl_enable="YES" courier_imap_imapd_ssl_enable="YES" 这5行的作用分别是在开机时:启动authdaemond,启动pop3d,启动imapd,启动pop3d-ssl,启动imapd-ssl。也可以使用命令行来控制这些进程的启动或者停止。 /usr/local/etc/rc.d/courier-authdaemond start /usr/local/etc/rc.d/courier-imap-pop3d start /usr/local/etc/rc.d/courier-imap-imapd start /usr/local/etc/rc.d/courier-imap-pop3d-ssl start /usr/local/etc/rc.d/courier-imap-imapd-ssl start [/quote] [quote] Postfix的安装和配置-MTA MTA在邮件系统中处于非常重要的位置,他负责接收其他人给你发的信,并且负责把你的信转发到目的地。选择一个靠谱的MTA对建立邮件来说意义重大,因此我们使用Postfix!! :-)。另外MTA部分在邮件系统中的开发难度是最高的,起到的作用也是最大的,因此我们也常拿MTA的名字来称呼自己的邮件系统,比如:我常说我的邮件系统是Postfix。安装postfix 安装时选择: PCRE SASL2 TLS MYSQL VDA TEST cd /usr/ports/mail/postfix/ && make install clean [/quote] [quote] 配置postfix 编辑/etc/rc.conf,增加如下一行 postfix_enable="YES" 编辑/etc/aliases,确保有如下一行 postfix: root 替换掉系统带的sendmail程序 mv /usr/sbin/sendmail /usr/sbin/sendmail.bak cp /usr/local/sbin/sendmail /usr/sbin/sendmail 编辑/etc/periodic.conf,加入如下内容,禁掉sendmail的自动维护。 daily_clean_hoststat_enable="NO" daily_status_mail_rejects_enable="NO" daily_status_include_submit_mailq="NO" daily_submit_queuerun="NO" 执行如下命令 postalias /etc/aliases chown postfix:postfix /etc/opiekeys postconf -e 'mydomain =ecjtu.net' postconf -e 'myhostname = mail.ecjtu.net' postconf -e 'myorigin = $mydomain' postconf -e 'virtual_mailbox_base = /var/domains' postconf -e 'virtual_uid_maps=static:1000' postconf -e 'virtual_gid_maps=static:1000' 执行如下命令对查询表进行配置 cp /usr/local/www/extman/docs/ldap_virtual_* /usr/local/etc/postfix/ postconf -e 'virtual_alias_maps = $alias_maps, ldap:/usr/local/etc/postfix/ldap_virtual_alias_maps.cf' postconf -e 'virtual_mailbox_maps = ldap:/usr/local/etc/postfix/ldap_virtual_mailbox_maps.cf' postconf -e 'virtual_mailbox_domains = ldap:/usr/local/etc/postfix/ldap_virtual_domains_maps.cf' [/quote] [quote] postfix反垃圾设置 此处的反垃圾邮件只是在MTA级的一些预防垃圾邮件的设置,可根据实际情况以及自己的需要进行调整。 postconf -e 'smtpd_helo_required=yes' postconf -e 'smtpd_delay_reject=yes' postconf -e 'disable_vrfy_command=yes' postconf -e 'smtpd_client_restrictions = check_client_access hash:/usr/local/etc/postfix/client_access' postconf -e 'smtpd_helo_restrictions=reject_invalid_hostname,check_helo_access hash:/usr/local/etc/postfix/helo_access' postconf -e 'smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, check_sender_access hash:/usr/local/etc/postfix/sender_access' postconf -e 'smtpd_recipient_restrictions=permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain' postconf -e 'smtpd_data_restrictions=reject_unauth_pipelining' postconf -e 'header_checks = regexp:/usr/local/etc/postfix/head_checks' postconf -e 'body_checks = regexp:/usr/local/etc/postfix/body_checks' touch /usr/local/etc/postfix/head_checks touch /usr/local/etc/postfix/body_checks touch /usr/local/etc/postfix/client_access touch /usr/local/etc/postfix/sender_access touch /usr/local/etc/postfix/helo_access postmap /usr/local/etc/postfix/head_checks postmap /usr/local/etc/postfix/body_checks postmap /usr/local/etc/postfix/client_access postmap /usr/local/etc/postfix/sender_access postmap /usr/local/etc/postfix/helo_access [/quote] [size=6]/etc/postfix/master.cf /etc/postfix/master.cf[/size] [quote] SMTP认证设置 编辑/usr/local/lib/sasl2/smtpd.conf pwcheck_method:authdaemond log_level:3 mech_list:PLAIN LOGIN authdaemond_path:/var/run/authdaemond/socket 对postfix做如下配置使支持smtp认证 postconf -e 'smtpd_sasl_auth_enable=yes' postconf -e 'broken_sasl_auth_clients = yes' postconf -e 'smtpd_sasl_local_domain = $myhostname' TLS设置 生成证书,在这里默认私钥的访问密码为123qwe98,请根据自己的情况决定,以后可能会用得到。 mkdir -p /usr/local/etc/postfix/certs/CA cd /usr/local/etc/postfix/certs/CA mkdir certs crl newcerts private echo "01" > serial touch index.txt cp /usr/src/crypto/openssl/apps/openssl.cnf . 编辑openssl.cnf,确认dir参数的值是/usr/local/etc/postfix/certs/CA。然后继续执行如下命令,并根据情况输入信息。输入信息类似如下: Country Name (2 letter code) [AU]:CN State or Province Name (full name) [Some-State]:BJ Locality Name (eg, city) []:Bei Jing Organization Name (eg, company) [Internet Widgits Pty Ltd]:EcjtuMail Organizational Unit Name (eg, section) []:EcjtuMail Common Name (eg, YOUR name) []:ecjtu.net Email Address []:Holmesian@qq.com 命令如下: openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650 -config openssl.cnf openssl req -nodes -new -x509 -keyout mykey.pem -out myreq.pem -days 3650 -config openssl.cnf openssl x509 -x509toreq -in myreq.pem -signkey mykey.pem -out tmp.pem openssl ca -config openssl.cnf -policy policy_anything -out mycert.pem -infiles tmp.pem rm tmp.pem cp cacert.pem mycert.pem mykey.pem /usr/local/etc/postfix/certs/ cd /usr/local/etc/postfix/certs/ chown root:wheel cacert.pem mycert.pem chown root:postfix mykey.pem chmod 755 cacert.pem chmod 644 mycert.pem chmod 440 mykey.pem ln -s cacert.pem `openssl x509 -noout -hash < cacert.pem `.0 配置postfix支持TLS postconf -e 'smtpd_use_tls=yes' postconf -e 'smtpd_tls_auth_only=no' postconf -e 'smtp_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem' postconf -e 'smtp_tls_cert_file = /usr/local/etc/postfix/certs/mycert.pem' postconf -e 'smtp_tls_key_file = /usr/local/etc/postfix/certs/mykey.pem' postconf -e 'smtpd_tls_CAfile=/usr/local/etc/postfix/certs/cacert.pem' postconf -e 'smtpd_tls_cert_file=/usr/local/etc/postfix/certs/mycert.pem' postconf -e 'smtpd_tls_key_file=/usr/local/etc/postfix/certs/mykey.pem' postconf -e 'smtpd_tls_received_header=yes' postconf -e 'smtpd_tls_loglevel=3' postconf -e 'smtpd_starttls_timeout=60s' 配置master.cf,添加如下信息 smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject [/quote] [quote] Maildrop的安装和配置-MDA MDA-邮件分发代理。他从MTA那儿拿到信,然后存入您的邮箱里面。MDA在投递邮件到您的目录里面时,会先对邮件进行一些过滤,过滤规则会根据您的配置文件来进行。1,进行全局过滤设置,读取/etc/maildroprc(Linux)或者/usr/local/etc/maildroprc(BSD),根据配置该配置文件执行相应的操作,影响到所有用户;2,根据每个用户的配置进行过滤,读取$HOME/.mailfilter,根据每个用户的设置进行相应的操作,仅影响单个用户。基于这样的特点,WEBMAIL通过编辑$HOME/.mailfilter可以实现一些特色化的东西,比如:黑白名单、SPAM自动转入垃圾邮件夹、SMS提醒等等。 安装maildrop 安装时选择ldap cd /usr/ports/mail/maildrop/ && make WITH_AUTHLIB=yes install clean 修改master.cf 修改master.cf的maildrop,类似修改为: #maildrop unix - n n - - pipe # flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} maildrop unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/local/bin/maildrop -w 90 -d ${recipient} 修改main.cf postconf -e 'virtual_transport=maildrop:' postconf -e 'maildrop_destination_concurrency_limit=1' postconf -e 'maildrop_destination_recipient_limit=1' 编辑文件/usr/local/etc/maildroprc 确保是如下内容: logfile "/var/domains/maildrop.log" #logfile "/var/log/maildrop.log" TEST="/bin/test -f" # # Check for custom user .mailfilter file # CUSTOM_FILTER="$HOME/.mailfilter" `$TEST $CUSTOM_FILTER && exit 1 || exit 0` if ( $RETURNCODE == 0 ) { to "$HOME/Maildir" } [/quote] 乱七八糟的问题奇多 ./adminctl.pl –mode=mod –managername=‘root@extmail.org’ –password=‘12345678’

    标签: freebsd extmail webmail
    « 容易郁闷的周末 | FreeBSD装openwebmail»

    发表评论: