参考http://bbs.chinaunix.net/thread-987344-1-1.html
http://linux.vbird.org/linux_server/0390postfix.php
Postfix-2.4.6
ftp://postfix.get7.biz/postfix/official/postfix-2.4.6.tar.gz
cyrus-sasl-2.1.22
http://download.chinaunix.net/download.php?id=24281&ResourceID=71
cyrus-sasl-2.1.22 + postfix-2.4.6查看当前sasl版本
#saslauthd -v关闭当前运行的SENDMAIL:
#/etc/rc.d/init.d/sendmail stop
禁止开机运行:
#chkconfig -levels 12345 sendmail off
或
#chkconfig sendmail off
关闭原有的sendmail:
# mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF
# mv /usr/bin/newaliases /usr/bin/newaliases.OFF
# mv /usr/bin/mailq /usr/bin/mailq.OFF
# chmod 755 /usr/sbin/sendmail.OFF /usr/bin/newaliases.OFF /usr/bin/mailq.OFF
安装sasl
#tar zxvf cyrus-sasl-2.1.22.tar.gz
#cd cyrus-sasl-2.1.22
#./configure –prefix=/usr/local/sasl2 (注意使用续行符)
–disable-gssapi
–disable-anon
–disable-sample
–disable-digest
–enable-plain
–enable-login
#make
#make install 关闭原有的sasl:
# mv /usr/lib/libsasl2.a /usr/lib/libsasl2.a.OFF
# mv /usr/lib/libsasl2.la /usr/lib/libsasl2.la.OFF
# mv /usr/lib/libsasl2.so.2.0.19 /usr/lib/libsasl2.so.2.0.19.OFF
# mv /usr/lib/sasl2 /usr/lib/sasl2.OFF
# rm /usr/lib/libsasl2.so
# rm /usr/lib/libsasl2.so.2
# ln -sv /usr/local/sasl2/lib/* /usr/lib postfix 2.3以后的版本会分别在/usr/local/lib和/usr/local/include中搜索sasl库文件及头文件,故还须将其链接至此目录中:
# ln -sv /usr/local/sasl2/lib/* /usr/local/lib
# ln -sv /usr/local/sasl2/include/sasl/* /usr/local/include创建运行时需要的目录并调试启动
# mkdir -pv /var/state/saslauthd
# /usr/local/sasl2/sbin/saslauthd -a shadow -d启动并测试
# /usr/local/sasl2/sbin/saslauthd -a shadow
# /usr/local/sasl2/sbin/testsaslauthd -u root -p root用户密码配置库文件搜索路径
# echo “/usr/local/sasl2/lib” >> /etc/ld.so.conf
# echo “/usr/local/sasl2/lib/sasl2” >> /etc/ld.so.conf
# ldconfig -v
开机自动启动(使用 sasldb时saslauthd可以取消)
# echo “/usr/local/sasl2/sbin/saslauthd -a shadow “>>/etc/rc.local
安装postfix
#tar zxvf postfix-2.4.6.tar.gz
#cd postfix-2.4.6
#make tidy
#make makefiles CCARGS=’-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/local/sasl2/include/sasl’ ‘AUXLIBS=-L/usr/local/sasl2/lib -lsasl2’
#groupadd -g 2525 postfix
#useradd -g postfix -u 2525 -s /sbin/nologin -M postfix
#groupadd -g 2526 postdrop
#useradd -g postdrop -u 2526 -s /bin/false -M postdrop
#make
#make install
按照以下的提示输入相关的路径([]号中的是缺省值,”]”后的是输入值)
tempdir: [/usr/local/src/ postfix-2.4.5] /tmp
config_directory: [/etc/postfix] /etc/postfix
daemon_directory: [/usr/libexec/postfix] /usr/local/postfix/libexec
command_directory: [/usr/sbin] /usr/local/postfix/sbin
queue_directory: [/var/spool/postfix]
sendmail_path: [/usr/sbin/sendmail]
newaliases_path: [/usr/bin/newaliases]
mailq_path: [/usr/bin/mailq]
mail_owner: [postfix]
setgid_group: [postdrop]
html_directory: [no]
manpages: [/usr/local/man] /usr/local/postfix/man
readme_directory: [no]
这里的postfix将安装在独立的目录/usr/local/postfix中,目的是为了方便管理;您亦可以采用默认安装的方式,可能这样使用起来会更为方便些;
# newaliases
修改以下几项为您需要的配置
myhostname = mail.c1gstudio.com
myorigin = c1gstudio.com
mydomain = c1gstudio.com
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 192.168.1.0/24, 127.0.0.0/8
启动postfix
#/usr/local/postfix/sbin/postfix start
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 mail.c1gstudio.com ESMTP Postfix
ehlo mail.c1gstudio.com
250-mail.c1gstudio.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM:[email protected]
250 2.1.0 Ok
RCPT TO:[email protected]
250 2.1.5 Ok
data
354 End data with .
subject:Mail test!
Mail test!!!
.
250 2.0.0 Ok: queued as AB94A1A561
quit
221 2.0.0 Bye
Connection closed by foreign host.
使用以下命令验正postfix是否支持cyrus风格的sasl认证,如果您的输出为以下结果,则是支持的:
# /usr/local/postfix/sbin/postconf -a
cyrus
dovecot
#vi /etc/postfix/main.cf
添加以下内容:
############################CYRUS-SASL############################
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!
#vi /usr/local/lib/sasl2/smtpd.conf
添加如下内容:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
让postfix重新加载配置文件
#/usr/local/postfix/sbin/postfix reload
添加smtp认证用户
===================
使用shadow认证
[root@dev ~]# groupadd mailuser
[root@dev ~]# adduser -g mailuser -s /sbin/nologin service
[root@dev ~]# passwd service
Changing password for user service.
New UNIX password:
BAD PASSWORD: it is too simplistic/systematic
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@dev ~]#
检查是否可以通过认证
[root@dev ~]# /usr/local/sasl2/sbin/testsaslauthd -u service -p 123456
0: OK “Success.”
生成base64备用
[root@dev ~]# perl -MMIME::Base64 -e ‘print encode_base64(“service”);’
c2VydmljZQ==
[root@dev ~]# perl -MMIME::Base64 -e ‘print encode_base64(“123456”);’
MTIzNDU2
[root@dev ~]# telnet localhost 25
REtOWTk5OXh4eA==
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 Welcome to our devmail.c1gstudio.com ESMTP,Warning: Version not Available!
ehlo localhost
250-devmail.c1gstudio.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
c2VydmljZQ==
334 UGFzc3dvcmQ6
MTIzNDU2
235 2.0.0 Authentication successful
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
250 2.1.5 Ok
data
354 End data with .
subject:hello 13:08
this is a test
.
250 2.0.0 Ok: queued as 0BABAD607EB
quit
221 2.0.0 Bye
Connection closed by foreign host.
#echo “/usr/local/postfix/sbin/postfix start” >> /etc/rc.d/rc.local
#/usr/local/postfix/sbin/postconf -n
可以查看邮件队列
#/usr/local/postfix/sbin/postqueue -p
清除队列
#/usr/local/postfix/sbin/postsuper -d all
去邮箱检查邮件已收到。
dreammail发送也成功。
网站esmtp发送成功。
使用sasldb验证
# vi /usr/local/lib/sasl2/smtpd.conf:
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: PLAIN LOGIN
找到myhostname的配置备用
# egrep myhostname /etc/postfix/main.cf
#saslpasswd2 -c -u mail.c1gstudio.com andy
输入密码
#cd /etc
#chown postfix sasldb2
查看用户
# sasldblistusers2
取消saslauthdb自启动
#vi /etc/rc.local
然后就可以使用了
测试下来投递速度差不多50封/s
[root@dev ~]# telnet xxx.xxx.xxx.xxx 25
Trying xxx.xxx.xxx.xxx …
telnet: connect to address 221.130.185.107: Connection refused
telnet: Unable to connect to remote host: Connection refused
把main.cf里的inet_interfaces改成all,再关闭后重开服务
postfix的日志分析工具有如下几种
pflogsumm
AWStats
Isoqlog
mailgraph等
更多的postfix logfile analysis在postfix.org的网站上有介绍
http://www.postfix.org/addon.html#logfile
1 下载
http://jimsun.linxnet.com/postfix_contrib.html
2 安装 Date::Calc
#perl -MCPAN -e shell
cpan> install Date::Calc
一路回车
3 安装pflogsumm(安装说明都在README里)
tar zxvf pflogsumm-1.1.0.tar.gz
cd pflogsumm-1.1.0
cp pflogsumm.pl /usr/local/bin/pflogsumm
chown bin:bin /usr/local/bin/pflogsumm
chmod 755 /usr/local/bin/pflogsumm
cp pflogsumm.1 /usr/local/man/man1/pflogsumm.1
chown bin:bin /usr/local/man/man1/pflogsumm.1
chmod 644 /usr/local/man/man1/pflogsumm.1
3 配置系统LANG(在pflogsumm-faq.txt中19条有讲)
vi /etc/sysconfig/i18n
LANG=”en_US”
4 运行命令,查看日志
/usr/local/bin/pflogsumm /var/log/maillog
或
pflogsumm `ls -rt /var/log/maillog*`
或
/usr/local/bin/pflogsumm -d today /var/log/maillog
或
/usr/local/bin/pflogsumm -d yesterday /var/log/maillog
更详细的用法,讲参照man pflogsumm
5 定时把报告发送到邮箱
0 5 * * * /usr/local/bin/pflogsumm -d yesterday /var/log/maillog | mail -s “Mail Report From mail.c1gstudio.com” [email protected]
No Responses (yet)
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.