Skip to content


postfix+sasl2构建简单邮件服务器

参考http://bbs.chinaunix.net/thread-987344-1-1.html
http://linux.vbird.org/linux_server/0390postfix.php

 Postfix-2.4.6
ftp://postfix.get7.biz/postfix/official/postfix-2.4.6.tar.gz

cyrus-sasl-2.1.22
http://download.chinaunix.net/download.php?id=24281&ResourceID=71

cyrus-sasl-2.1.22 + postfix-2.4.6查看当前sasl版本
#saslauthd -v
关闭当前运行的SENDMAIL:
#/etc/rc.d/init.d/sendmail stop
禁止开机运行:
#chkconfig -levels 12345 sendmail off

#chkconfig sendmail off

关闭原有的sendmail:
# mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF
# mv /usr/bin/newaliases /usr/bin/newaliases.OFF
# mv /usr/bin/mailq /usr/bin/mailq.OFF
# chmod 755 /usr/sbin/sendmail.OFF  /usr/bin/newaliases.OFF /usr/bin/mailq.OFF

安装sasl
#tar zxvf cyrus-sasl-2.1.22.tar.gz
#cd cyrus-sasl-2.1.22
#./configure –prefix=/usr/local/sasl2            (注意使用续行符)
–disable-gssapi
–disable-anon
–disable-sample
–disable-digest
–enable-plain
–enable-login

#make
#make install 关闭原有的sasl:
# mv /usr/lib/libsasl2.a  /usr/lib/libsasl2.a.OFF
# mv /usr/lib/libsasl2.la  /usr/lib/libsasl2.la.OFF
# mv /usr/lib/libsasl2.so.2.0.19  /usr/lib/libsasl2.so.2.0.19.OFF
# mv /usr/lib/sasl2  /usr/lib/sasl2.OFF
# rm /usr/lib/libsasl2.so
# rm /usr/lib/libsasl2.so.2

# ln -sv /usr/local/sasl2/lib/*  /usr/lib postfix 2.3以后的版本会分别在/usr/local/lib和/usr/local/include中搜索sasl库文件及头文件,故还须将其链接至此目录中:
# ln -sv /usr/local/sasl2/lib/*  /usr/local/lib
# ln -sv /usr/local/sasl2/include/sasl/*  /usr/local/include
创建运行时需要的目录并调试启动
# mkdir -pv /var/state/saslauthd      
# /usr/local/sasl2/sbin/saslauthd  -a  shadow   -d
启动并测试
# /usr/local/sasl2/sbin/saslauthd -a shadow 
# /usr/local/sasl2/sbin/testsaslauthd -u root -p root用户密码
配置库文件搜索路径
# echo “/usr/local/sasl2/lib” >> /etc/ld.so.conf
# echo “/usr/local/sasl2/lib/sasl2” >> /etc/ld.so.conf
# ldconfig -v
开机自动启动(使用 sasldb时saslauthd可以取消)
# echo “/usr/local/sasl2/sbin/saslauthd -a shadow “>>/etc/rc.local
安装postfix
#tar zxvf postfix-2.4.6.tar.gz
#cd postfix-2.4.6
#make tidy
#make makefiles CCARGS=’-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/local/sasl2/include/sasl’ ‘AUXLIBS=-L/usr/local/sasl2/lib -lsasl2’

#groupadd -g 2525 postfix
#useradd -g postfix -u 2525 -s /sbin/nologin -M postfix

#groupadd -g 2526 postdrop
#useradd -g postdrop -u 2526 -s /bin/false -M postdrop

#make
#make install

按照以下的提示输入相关的路径([]号中的是缺省值,”]”后的是输入值)

  install_root: [/] /
  tempdir: [/usr/local/src/ postfix-2.4.5] /tmp
  config_directory: [/etc/postfix] /etc/postfix
  daemon_directory: [/usr/libexec/postfix] /usr/local/postfix/libexec
  command_directory: [/usr/sbin] /usr/local/postfix/sbin
  queue_directory: [/var/spool/postfix]
  sendmail_path: [/usr/sbin/sendmail]
  newaliases_path: [/usr/bin/newaliases]
  mailq_path: [/usr/bin/mailq]
  mail_owner: [postfix]
  setgid_group: [postdrop]   
    html_directory: [no] 
    manpages: [/usr/local/man] /usr/local/postfix/man   
    readme_directory: [no]
这里的postfix将安装在独立的目录/usr/local/postfix中,目的是为了方便管理;您亦可以采用默认安装的方式,可能这样使用起来会更为方便些;
生成别名二进制文件,这个步骤如果忽略,会造成postfix效率极低:
#  newaliases
#vi /etc/postfix/main.cf
修改以下几项为您需要的配置
myhostname = mail.c1gstudio.com
myorigin = c1gstudio.com
mydomain = c1gstudio.com
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 192.168.1.0/24, 127.0.0.0/8
启动postfix
#/usr/local/postfix/sbin/postfix  start
# telnet localhost 25
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 mail.c1gstudio.com ESMTP Postfix
ehlo mail.c1gstudio.com
250-mail.c1gstudio.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM:root@c1gstudio.com
250 2.1.0 Ok
RCPT TO:redhat@c1gstudio.com
250 2.1.5 Ok
data
354 End data with .
subject:Mail test!
Mail test!!!
.
250 2.0.0 Ok: queued as AB94A1A561
quit
221 2.0.0 Bye
Connection closed by foreign host.
使用以下命令验正postfix是否支持cyrus风格的sasl认证,如果您的输出为以下结果,则是支持的:
# /usr/local/postfix/sbin/postconf  -a
cyrus
dovecot
#vi /etc/postfix/main.cf
添加以下内容:
############################CYRUS-SASL############################
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!

#vi /usr/local/lib/sasl2/smtpd.conf
添加如下内容:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

让postfix重新加载配置文件
#/usr/local/postfix/sbin/postfix reload

添加smtp认证用户
===================
使用shadow认证
[root@dev ~]# groupadd mailuser
[root@dev ~]# adduser -g mailuser -s /sbin/nologin service
[root@dev ~]# passwd service
Changing password for user service.
New UNIX password:
BAD PASSWORD: it is too simplistic/systematic
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@dev ~]#

检查是否可以通过认证
[root@dev ~]# /usr/local/sasl2/sbin/testsaslauthd -u service -p 123456
0: OK “Success.”

生成base64备用
[root@dev ~]# perl -MMIME::Base64 -e ‘print encode_base64(“service”);’
c2VydmljZQ==
[root@dev ~]# perl -MMIME::Base64 -e ‘print encode_base64(“123456”);’
MTIzNDU2
[root@dev ~]# telnet localhost 25
REtOWTk5OXh4eA==
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 Welcome to our devmail.c1gstudio.com ESMTP,Warning: Version not Available!
ehlo localhost
250-devmail.c1gstudio.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
c2VydmljZQ==
334 UGFzc3dvcmQ6
MTIzNDU2
235 2.0.0 Authentication successful
mail from:root@c1gstudio.com
250 2.1.0 Ok
rcpt to:admin@c1gstudio.com
250 2.1.5 Ok
data
354 End data with .
subject:hello 13:08
this is a test
.
250 2.0.0 Ok: queued as 0BABAD607EB
quit
221 2.0.0 Bye
Connection closed by foreign host.

开机运行
#echo “/usr/local/postfix/sbin/postfix start” >> /etc/rc.d/rc.local
列出配置
#/usr/local/postfix/sbin/postconf -n 

可以查看邮件队列
#/usr/local/postfix/sbin/postqueue -p

清除队列
#/usr/local/postfix/sbin/postsuper -d all
去邮箱检查邮件已收到。
dreammail发送也成功。
网站esmtp发送成功。

==========================
使用sasldb验证
# vi /usr/local/lib/sasl2/smtpd.conf:
    pwcheck_method: auxprop
    auxprop_plugin: sasldb
    mech_list: PLAIN LOGIN

找到myhostname的配置备用
# egrep myhostname /etc/postfix/main.cf

#saslpasswd2 -c -u mail.c1gstudio.com andy
输入密码
#cd /etc
#chown postfix sasldb2
查看用户
# sasldblistusers2
取消saslauthdb自启动
#vi /etc/rc.local

然后就可以使用了
测试下来投递速度差不多50封/s

[root@dev ~]# telnet xxx.xxx.xxx.xxx 25
Trying xxx.xxx.xxx.xxx …
telnet: connect to address 221.130.185.107: Connection refused
telnet: Unable to connect to remote host: Connection refused
把main.cf里的inet_interfaces改成all,再关闭后重开服务

postfix的日志分析工具有如下几种

pflogsumm
AWStats
Isoqlog
mailgraph
更多的postfix logfile analysis在postfix.org的网站上有介绍

http://www.postfix.org/addon.html#logfile

1 下载
http://jimsun.linxnet.com/postfix_contrib.html
2 安装 Date::Calc
#perl -MCPAN -e shell
cpan> install Date::Calc

一路回车
3 安装pflogsumm(安装说明都在README里)
tar zxvf pflogsumm-1.1.0.tar.gz
cd pflogsumm-1.1.0
cp pflogsumm.pl /usr/local/bin/pflogsumm
chown bin:bin /usr/local/bin/pflogsumm
chmod 755 /usr/local/bin/pflogsumm

cp pflogsumm.1 /usr/local/man/man1/pflogsumm.1
chown bin:bin /usr/local/man/man1/pflogsumm.1
chmod 644 /usr/local/man/man1/pflogsumm.1

3 配置系统LANG(在pflogsumm-faq.txt中19条有讲)
vi /etc/sysconfig/i18n
LANG=”en_US”

4 运行命令,查看日志
/usr/local/bin/pflogsumm /var/log/maillog

pflogsumm `ls -rt /var/log/maillog*`

/usr/local/bin/pflogsumm -d today /var/log/maillog

/usr/local/bin/pflogsumm -d yesterday /var/log/maillog

更详细的用法,讲参照man pflogsumm

5 定时把报告发送到邮箱
0 5 * * * /usr/local/bin/pflogsumm -d yesterday /var/log/maillog | mail -s “Mail Report From mail.c1gstudio.com” postmaster@c1gstudio.com
 

 

 

 

 

 

 

Posted in Mail/Postfix, 技术.

Tagged with , , , .


No Responses (yet)

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.