Skip to content

postfix+sasl2构建简单邮件服务器

参考http://bbs.chinaunix.net/thread-987344-1-1.html http://linux.vbird.org/linux_server/0390postfix.php

 Postfix-2.4.6 ftp://postfix.get7.biz/postfix/official/postfix-2.4.6.tar.gz

cyrus-sasl-2.1.22 http://download.chinaunix.net/download.php?id=24281&ResourceID=71

cyrus-sasl-2.1.22 + postfix-2.4.6 查看当前sasl版本 #saslauthd -v 关闭当前运行的SENDMAIL: #/etc/rc.d/init.d/sendmail stop 禁止开机运行: #chkconfig -levels 12345 sendmail off 或 #chkconfig sendmail off

关闭原有的sendmail:

mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF

mv /usr/bin/newaliases /usr/bin/newaliases.OFF

mv /usr/bin/mailq /usr/bin/mailq.OFF

chmod 755 /usr/sbin/sendmail.OFF  /usr/bin/newaliases.OFF /usr/bin/mailq.OFF

安装sasl #tar zxvf cyrus-sasl-2.1.22.tar.gz #cd cyrus-sasl-2.1.22 #./configure –prefix=/usr/local/sasl2            (注意使用续行符) –disable-gssapi –disable-anon –disable-sample –disable-digest –enable-plain –enable-login

#make #make install 关闭原有的sasl:

mv /usr/lib/libsasl2.a  /usr/lib/libsasl2.a.OFF

mv /usr/lib/libsasl2.la  /usr/lib/libsasl2.la.OFF

mv /usr/lib/libsasl2.so.2.0.19  /usr/lib/libsasl2.so.2.0.19.OFF

mv /usr/lib/sasl2  /usr/lib/sasl2.OFF

rm /usr/lib/libsasl2.so

rm /usr/lib/libsasl2.so.2

# ln -sv /usr/local/sasl2/lib/*  /usr/lib postfix 2.3以后的版本会分别在/usr/local/lib和/usr/local/include中搜索sasl库文件及头文件,故还须将其链接至此目录中:

ln -sv /usr/local/sasl2/lib/*  /usr/local/lib

ln -sv /usr/local/sasl2/include/sasl/*  /usr/local/include

创建运行时需要的目录并调试启动

mkdir -pv /var/state/saslauthd      

/usr/local/sasl2/sbin/saslauthd  -a  shadow   -d

启动并测试

/usr/local/sasl2/sbin/saslauthd -a shadow 

/usr/local/sasl2/sbin/testsaslauthd -u root -p root用户密码

配置库文件搜索路径

echo “/usr/local/sasl2/lib” >> /etc/ld.so.conf

echo “/usr/local/sasl2/lib/sasl2” >> /etc/ld.so.conf

ldconfig -v

开机自动启动(使用 sasldb时saslauthd可以取消)

echo “/usr/local/sasl2/sbin/saslauthd -a shadow “>>/etc/rc.local

安装postfix #tar zxvf postfix-2.4.6.tar.gz #cd postfix-2.4.6 #make tidy #make makefiles CCARGS=’-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/local/sasl2/include/sasl’ ‘AUXLIBS=-L/usr/local/sasl2/lib -lsasl2’

#groupadd -g 2525 postfix #useradd -g postfix -u 2525 -s /sbin/nologin -M postfix

#groupadd -g 2526 postdrop #useradd -g postdrop -u 2526 -s /bin/false -M postdrop

#make #make install

按照以下的提示输入相关的路径([]号中的是缺省值,”]”后的是输入值)

  install_root: [/] /   tempdir: [/usr/local/src/ postfix-2.4.5] /tmp   config_directory: [/etc/postfix] /etc/postfix   daemon_directory: [/usr/libexec/postfix] /usr/local/postfix/libexec   command_directory: [/usr/sbin] /usr/local/postfix/sbin   queue_directory: [/var/spool/postfix]   sendmail_path: [/usr/sbin/sendmail]   newaliases_path: [/usr/bin/newaliases]   mailq_path: [/usr/bin/mailq]   mail_owner: [postfix]   setgid_group: [postdrop]        html_directory: [no]      manpages: [/usr/local/man] /usr/local/postfix/man        readme_directory: [no] 这里的postfix将安装在独立的目录/usr/local/postfix中,目的是为了方便管理;您亦可以采用默认安装的方式,可能这样使用起来会更为方便些;
生成别名二进制文件,这个步骤如果忽略,会造成postfix效率极低: #  newaliases
#vi /etc/postfix/main.cf 修改以下几项为您需要的配置 myhostname = mail.c1gstudio.com myorigin = c1gstudio.com mydomain = c1gstudio.com mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks = 192.168.1.0/24, 127.0.0.0/8 启动postfix #/usr/local/postfix/sbin/postfix  start
# telnet localhost 25 Trying 127.0.0.1… Connected to localhost.localdomain (127.0.0.1). Escape character is ‘^]’. 220 mail.c1gstudio.com ESMTP Postfix ehlo mail.c1gstudio.com 250-mail.c1gstudio.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM:[email protected] 250 2.1.0 Ok RCPT TO:[email protected] 250 2.1.5 Ok data 354 End data with . subject:Mail test! Mail test!!! . 250 2.0.0 Ok: queued as AB94A1A561 quit 221 2.0.0 Bye Connection closed by foreign host. 使用以下命令验正postfix是否支持cyrus风格的sasl认证,如果您的输出为以下结果,则是支持的: # /usr/local/postfix/sbin/postconf  -a cyrus dovecot #vi /etc/postfix/main.cf 添加以下内容: ############################CYRUS-SASL############################ broken_sasl_auth_clients = yes smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sasl_application_name = smtpd smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!

#vi /usr/local/lib/sasl2/smtpd.conf 添加如下内容: pwcheck_method: saslauthd mech_list: PLAIN LOGIN

让postfix重新加载配置文件 #/usr/local/postfix/sbin/postfix reload

添加smtp认证用户

使用shadow认证 [root@dev ~]# groupadd mailuser [root@dev ~]# adduser -g mailuser -s /sbin/nologin service [root@dev ~]# passwd service Changing password for user service. New UNIX password: BAD PASSWORD: it is too simplistic/systematic Retype new UNIX password: passwd: all authentication tokens updated successfully. [root@dev ~]#

检查是否可以通过认证 [root@dev ~]# /usr/local/sasl2/sbin/testsaslauthd -u service -p 123456 0: OK “Success.”

生成base64备用 [root@dev ~]# perl -MMIME::Base64 -e ‘print encode_base64(“service”);’ c2VydmljZQ== [root@dev ~]# perl -MMIME::Base64 -e ‘print encode_base64(“123456”);’ MTIzNDU2 [root@dev ~]# telnet localhost 25 REtOWTk5OXh4eA== Trying 127.0.0.1… Connected to localhost.localdomain (127.0.0.1). Escape character is ‘^]’. 220 Welcome to our devmail.c1gstudio.com ESMTP,Warning: Version not Available! ehlo localhost 250-devmail.c1gstudio.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN auth login 334 VXNlcm5hbWU6 c2VydmljZQ== 334 UGFzc3dvcmQ6 MTIzNDU2 235 2.0.0 Authentication successful mail from:[email protected] 250 2.1.0 Ok rcpt to:[email protected] 250 2.1.5 Ok data 354 End data with . subject:hello 13:08 this is a test . 250 2.0.0 Ok: queued as 0BABAD607EB quit 221 2.0.0 Bye Connection closed by foreign host.

开机运行 #echo “/usr/local/postfix/sbin/postfix start” >> /etc/rc.d/rc.local
列出配置 #/usr/local/postfix/sbin/postconf -n 

可以查看邮件队列 #/usr/local/postfix/sbin/postqueue -p

清除队列 #/usr/local/postfix/sbin/postsuper -d all 去邮箱检查邮件已收到。 dreammail发送也成功。 网站esmtp发送成功。

========================== 使用sasldb验证 # vi /usr/local/lib/sasl2/smtpd.conf:     pwcheck_method: auxprop     auxprop_plugin: sasldb     mech_list: PLAIN LOGIN

找到myhostname的配置备用

egrep myhostname /etc/postfix/main.cf

#saslpasswd2 -c -u mail.c1gstudio.com andy 输入密码 #cd /etc #chown postfix sasldb2 查看用户

sasldblistusers2

取消saslauthdb自启动 #vi /etc/rc.local

然后就可以使用了 测试下来投递速度差不多50封/s

[root@dev ~]# telnet xxx.xxx.xxx.xxx 25 Trying xxx.xxx.xxx.xxx … telnet: connect to address 221.130.185.107: Connection refused telnet: Unable to connect to remote host: Connection refused 把main.cf里的inet_interfaces改成all,再关闭后重开服务

postfix的日志分析工具有如下几种

pflogsumm AWStats Isoqlog mailgraph 等 更多的postfix logfile analysis在postfix.org的网站上有介绍 http://www.postfix.org/addon.html#logfile 1 下载 http://jimsun.linxnet.com/postfix_contrib.html 2 安装 Date::Calc #perl -MCPAN -e shell cpan> install Date::Calc 一路回车 3 安装pflogsumm(安装说明都在README里) tar zxvf pflogsumm-1.1.0.tar.gz cd pflogsumm-1.1.0 cp pflogsumm.pl /usr/local/bin/pflogsumm chown bin:bin /usr/local/bin/pflogsumm chmod 755 /usr/local/bin/pflogsumm cp pflogsumm.1 /usr/local/man/man1/pflogsumm.1 chown bin:bin /usr/local/man/man1/pflogsumm.1 chmod 644 /usr/local/man/man1/pflogsumm.1 3 配置系统LANG(在pflogsumm-faq.txt中19条有讲) vi /etc/sysconfig/i18n LANG=”en_US” 4 运行命令,查看日志 /usr/local/bin/pflogsumm /var/log/maillog 或 pflogsumm `ls -rt /var/log/maillog*` 或 /usr/local/bin/pflogsumm -d today /var/log/maillog 或 /usr/local/bin/pflogsumm -d yesterday /var/log/maillog 更详细的用法,讲参照man pflogsumm 5 定时把报告发送到邮箱 0 5 * * * /usr/local/bin/pflogsumm -d yesterday /var/log/maillog | mail -s “Mail Report From mail.c1gstudio.com” [email protected]          

Posted in Mail/Postfix, 技术.

Tagged with , , , .

rev="post-137" No comments

By C1G 2008/03/05

No Responses (yet)

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.

« »