echo ""; echo ""; echo ""; echo ""; if(!is_admin){echo "";} » FreeBSD下使用Apache+Postfix+vm-pop3d+SASL2(Login验证,使用sasldb2.db)+Open Webmail搭建带虚拟域的邮件服务器解决方案 仲子说

2007-10-14

FreeBSD下使用Apache+Postfix+vm-pop3d+SASL2(Login验证,使用sasldb2.db)+Open Webmail搭建带虚拟域的邮件服务器解决方案

Posted in Apache, 网络安全, FreeBSD/Unix服务器 at 22:58 Author:仲远

标签:

?????????????????????????????????????????????????????????????FreeBSD????????????????????????Web????????POP3?????????SMTP????????????????????????????????????????????????????????????????

??????????????????????????????????????????????????????????????????????????????????????????????????????????????

?????????????????????????????????????????????????????FreeBSD????????????(POSTFIX)????FreeBSD ???ISP???????????Postfix????FreeBSD?????????? Mail Server ?? — Postfix ????Postfix????????How Postfix uses SASL authentication information??????????????bug??????????http://www.wangzhongyuan.com/archives/219.html???????????????????
??????FreeBSD6.1????????????????????apache-2.2.4?cyrus-sasl-2.1.22?openssl-0.9.8e?openwebmail-2.52_3?postfix-2.4.1,1?vm-pop3d-1.1.6_2?

(1)??CVSUP
????????????????????????????????freebsd ports?????????????????bug?????????????????????????????????????????????????????????

  1. # cvsup -gL 2 -h cvsup.freebsdchina.org /usr/share/examples/cvsup/ports-supfile

??#????????????????????????????cvsup??????google????????????

?????ports????????????postfix????2.4.5?????????/usr/ports/mail/postfix/work???????postfix-2.4.5????????postfix-2.4.1??????????????????????/usr/ports/mail/postfix/??Makefile??PORTVERSION?2.4.5??2.4.1??????

(2)??????????????????????apache+openssl???????????????????????????????????

  1. # cd /usr/ports/security/openssl
  2. # make install
  3. # make clean
  4. # cd /usr/ports/www/apache2
  5. # make install
  6. # make clean
  7. # vi /etc/rc.conf
  8. ?? apache2_enable="YES"

(3)?? vm-pop3d

  1. # cd /usr/ports/mail/vm-pop3d
  2. # make install clean

????pop3???????Courier-IMAP?????????????????????????vm-pop3??????????~~????Courier-IMAP?ports???????courier_authdaemond?????????sasl2??smtp???????????????????MYSQL?????????????????????????courier_authdaemond?????????SMTP?SASL2????????POP3?IMAP??????Mysql????????????????????????vm-pop3d???????????????

  1. # cd /usr/local/etc/rc.d
  2. # mv vm-pop3d.sh.sample vm-pop3d.sh

(4)??????????????SASL2??Login???Postfix?

Postfix?Wietse Venema?IBM?GPL???????MTA????????????????sendmail???Postfix?????????????Postfix?????????????????sendmail?????????Postfix???????sendmail????????postfix???PC?????????????

????Postfix?????????SMTP?????????????????????open-relay?????????????????????????????????????????????????????????????????????????????????????????????????????ISP????

????????Login?????????????????????????????????????????????????????????????SASL2?patch???????????hash????????????????????SASL2??????????

PLAIN - sasl_checkpass()???????
auxprop - ??auxiliary property?????userPassword???????????????/etc/sasldb2?freebsd???/usr/local/etc/sasldb2.db????????????????????????(????????)?
saslauthd - ??saslauthd?????-a????saslauthd??????-n??saslauthd????(??????????????????????????)?
Courier-IMAP - ??Courier-IMAP?authdaemond????????saslauthd(?????????)?
pwcheck - ?????????????????freebsd???ports?????????????????????/usr/local/sbin/pwcheck??

??????Postfix????SASL?????????????auxprop?????????????

????Postfix?

  1. # cd /usr/ports/mail/postfix/
  2. # make install clean

???????Postfix??????????SASL2????????????????/usr/ports/security/cyrus-sasl2?????????Postfix??????PCRE?SASL2?TLS?VDA???SASL2??????LOGIN?PLAIN?CRAM?DIGEST?OTP?NTLM???????authdaemon?????????????AUTHDAEMOND????

??ports??postfix????????????web???????????foxmail?outlook?????????????????postfix??????????????SMTP??????????????Postfix??????????????

  1. # vim /usr/local/etc/postfix/main.cf
  2. ??????
  3. virtual_alias_maps=hash:/usr/local/etc/postfix/virtual
  4. alias_maps=hash:/usr/local/etc/postfix/aliases
  5. default_privs=nobody
  6. allow_mail_to_commands = alias,forward,include
  7. allow_mail_to_files = alias,forward,include
  8. smtpd_client_restrictions = permit_sasl_authenticated
  9. smtpd_sasl_auth_enable= yes
  10. smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
  11. smtpd_sasl_authenticated_header = yes
  12. broken_sasl_auth_clients = yes
  13. smtpd_sasl_path = smtpd
  14. smtpd_sasl_security_options = noanonymous

???smtpd_client_restrictions????Postfix??????????????????SASL2??????????????????Postfix2.3????????????Postfix2.3???????????????Postfix????SASL???????????????????

smtpd_sasl_auth_enable= yes: ??SASL???
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination: ????????SMTP????????????????????????????
smtpd_sasl_authenticated_header = yes: ??????????
broken_sasl_auth_clients = yes: ???????Outlook???????Postfix2.3??????
smtpd_sasl_path = smtpd: ??Cyrus SASL?Postfix???????????????????????Cyrus SASL??????????/usr/local/lib/sasl2/smtp.conf?

?????SASL2?????Login???????????authdaemond????????SASL?????????????

  1. # vim /usr/local/lib/sasl2/smtpd.conf
  2. ???????
  3. pwcheck_method: auxprop
  4. auxprop_plugin: sasldb
  5. mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5

?????????Cyrus SASL????????????????????????????????SASL???password file????/usr/local/etc/sasldb2.db??????????????????????????????????????????????????????????????????????????????

  1. # saslpasswd2 -c -u wangzhongyuan.com test

???????????????test (at) wangzhongyuan.com?????????SASL2??????????????????????????????????????????

  1. # sasldblistusers2

???????????????????????????????????????????????????Apache?????????????????xxxxxxx1.com?xxxxxxx2.com??????????xxxxxxx1.com?????????SASL2??????????wangzhongyuan.com?????????????????xxxxxxx1.com??wangzhongyuan.com????????

  1. # cd /usr/local/etc/postfix/
  2. # vim virtual
  3. ???????
  4. xxxxxxx1.com  anything
  5. test@xxxxxxxn1.com  test.xxxxxxx1.com
  6. xxxxxxx2.com  anything
  7. test@xxxxxxxn2.com  test.xxxxxxx2.com
  8. ???????????????virtual.db??????:
  9. # postmap virtual
  10.  
  11. # vim aliases
  12. ???????
  13. test.xxxxxxx1.com:/var/spool/virtual/xxxxxxx1.com/test
  14. test.xxxxxxx2.com:/var/spool/virtual/xxxxxxx2.com/test
  15. ???????????????aliases.db?????:
  16. # postalias aliases

?????????????????????/usr/local/etc/postfix/virtual??/usr/local/etc/postfix/aliases??????????postmap?postalias??????????.db???

?????SASL2???????Postfix???????????????????Mysql?????????????????????????Postfix??????????

(5)????Web????Open Webmail

  1. # cd /usr/ports/mail/openwebmail/
  2. # make WITH_QUOTA=yes install clean

????openwebmail??wangzhongyuan.com?????????

  1. # vim /usr/local/www/cgi-bin/openwebmail/etc/sites.conf/wangzhongyuan.com
  2. ???????
  3. auth_module auth_vdomain.pl
  4. auth_withdomain yes
  5. mailspooldir /var/spool/virtual/wangzhongyuan.com
  6. use_syshomedir no
  7. use_homedirspools no
  8. enable_autoreply no
  9. enable_setforward no
  10. enable_vdomain yes
  11. vdomain_admlist test
  12. vdomain_maxuser 500
  13. vdomain_vmpop3_pwdpath /usr/local/etc/virtual
  14. vdomain_vmpop3_pwdname passwd
  15. vdomain_vmpop3_mailpath /var/spool/virtual
  16. vdomain_postfix_aliases /usr/local/etc/postfix/aliases
  17. vdomain_postfix_virtual /usr/local/etc/postfix/virtual
  18. vdomain_postfix_postalias /usr/local/sbin/postalias
  19. vdomain_postfix_postmap /usr/local/sbin/postmap
  20. # quota
  21. quota_module quota_du.pl
  22. quota_limit 104800 //set the size of mail box
  23. quota_threshold 85
  24. delmail_ifquotahit no
  25. delfile_ifquotahit no

?????vdomain_admlist test??????????????test@xxxxxxx1.com?????????????Open Webmail?????????????????????????????????????????quota_limit 104800??????????104800????K????????????100?M?

????Open Webmail??????

  1. # mkdir -p /var/spool/virtual/wangzhongyuan.com
  2. # chown nobody /var/spool/virtual/wangzhongyuan.com
  3. # chgrp mail /var/spool/virtual/wangzhongyuan.com
  4.  
  5. # mkdir -p /usr/local/etc/virtual/wangzhongyuan.com
  6. # touch /usr/local/etc/virtual/wangzhongyuan.com/passwd
  7. # chmod 644 /usr/local/etc/virtual/wangzhongyuan.com/passwd
  8. # htpasswd /usr/local/etc/virtual/wangzhongyuan.com/passwd test
  9.  
  10. # chmod 755 /usr/local/www/cgi-bin/openwebmail/etc/users
  11. # sync
  12. # reboot

??htpasswd??????test???????????

??????????????????????????????????????????Web??????????????apache????DNS?????xxxxxxx1.com?ip?????????????test@xxxxxxx1.com????????????????????????????????????????xxxxxxx1.com??????Web????????

????Web?????apche????VirtualHost?????????????????????????????Ports?????Open Webmail????????????????????????/usr/local/www/cgi-bin/openwebmail????????/usr/local/www/data/openwebmail??????openwebmail???????/cgi-bin????????????/usr/local/www????????DocumentRoot??????

  1. <VirtualHost *:80>
  2. ServerName email.xxxxxxx1.com
  3. DocumentRoot "/usr/local/www"
  4. DirectoryIndex /cgi-bin/openwebmail/openwebmail.pl
  5. Alias /openwebmail "/usr/local/www/data/openwebmail"
  6. </VirtualHost>
  7.  
  8. <Directory "/usr/local/www/">
  9. AllowOverride All
  10. Options ExecCGI
  11. Order allow,deny
  12. Allow from all
  13. </Directory>

??apache?????????email.xxxxxxx1.com??????????????????????“DirectoryIndex /cgi-bin/openwebmail/openwebmail.pl”???????email.xxxxxxx1.com??email.xxxxxxx1.com/cgi-bin/openwebmail/openwebmail.pl ???Open Webmail?Alias /openwebmail “/usr/local/www/data/openwebmail”??????Openwebmail???????????????/openwebmail?????????/usr/local/www/data/openwebmail??

???????apache?httpd.conf?????????????????ScriptAlias /cgi-bin/ “/usr/local/www/apache22/cgi-bin/”????httpd.conf??“#AddHandler cgi-script .cgi”??“AddHandler cgi-script .cgi .pl”???apache?????pl???????????????httpd.conf??????apche??

????????????????????????????????????????????????????????????

????????????????????????????
?????http://www.wangzhongyuan.com/archives/219.html

本文可以自由转载,转载时请保留全文并注明出处:
转载自仲子说 [ http://www.wangzhongyuan.com/ ]
原文链接:

8 Comments »

  1. 王继玉 said,

    2007年October18日 at 9:32

    哦,无意中看到你的网站,不过都看不懂,呵呵~~~现在还在北京么?呵呵,加我QQ吧119387974

    呜呜,上面的居然要填那么多。

  2. 仲远 said,

    2007年October19日 at 2:15

    呵呵,第一次需要填的信息比较多,如果你是在同一台机器上进行评论的话,第二次就不用填啦:)

  3. tecer said,

    2007年October20日 at 0:26

    看了一下,简单实用,多谢校友提供这么好的东东,以后相关方面还望多指教。

  4. 仲远 said,

    2007年October20日 at 22:33

    呵呵,不敢当~~
    虽然文章比较长,其中啰唆的部分以及自己理解的部分写得比较多一些~~~
    如果从要安装的软件以及要配置的部分来看,应该是比使用Mysql方式进行验证要简单得许多许多~~

  5. 阿布 said,

    2007年October30日 at 11:13

    仲远先生,再接再厉,把杀毒、防垃圾邮件功能也搞上来。

    非常期待。

  6. cai said,

    2008年July27日 at 13:03

    朋友 谢谢你的文章
    有个问题想请教 如何在命令行中添加用户 而不用每次跑到WEB上面去添加
    (WEB上面添加会有提示错误 不过用户到是添加了)

    另外用户邮箱管理在命令行中常用操作有哪些? 谢谢 希望有空能回下:
    caidanfeng@hotmail.com

  7. hhesong said,

    2008年August9日 at 10:44

    为什么我本地发给本地的邮件,webmail提示发出去了,可是本地却接收不到.

  8. 快速祛痘印 said,

    2010年December30日 at 1:55

    哦,原来是这么回事啊,学习了

Leave a Comment

*
To prove you're a person (not a spam script), type the security text shown in the picture. Click here to regenerate some new text.
Click to hear an audio file of the anti-spam word