GentooVirtual Mailhosting System with Postfix Guide.docx
《GentooVirtual Mailhosting System with Postfix Guide.docx》由会员分享,可在线阅读,更多相关《GentooVirtual Mailhosting System with Postfix Guide.docx(24页珍藏版)》请在冰豆网上搜索。
GentooVirtualMailhostingSystemwithPostfixGuide
VirtualMailhostingSystemwithPostfixGuide
窗体顶端
Content:
窗体底端
1. Introduction
FormostGentoousers,asimplemailclientandfetchmailwilldo.However,ifyou'rehostingadomainwithyoursystem,you'llneedafullblownMTA(MailTransferAgent).Andifyou'rehostingmultipledomains,thenyou'lldefinitelyneedsomethingmorerobusttohandlealloftheemailforyourusers.Thissystemwasdesignedtobeanelegantsolutiontothatproblem.
Avirtualmailsystemneedstobeabletohandleemailfornumerousdomainswithmultipleusersoveravarietyofinterfaces.Thispresentssomeissuesthatmustbedealtwith.Forinstance,whatifyouhavetwousersondifferentdomainsthatwantthesameusername?
Ifyouareprovidingimapaccessandsmtp-auth,howdocombinethevariousauthenticationdaemonsintoasinglesystem?
Howdoyouprovidesecurityforthenumerouscomponentsthatcomprisethesystem?
Howdoyoumanageitall?
Thishowtowillshowyouhowtosetupwithamailsystemcapableofhandlingmailforasmanydomainsasyourhardwarecanhandle,supportsvirtualmailusersthatdon'trequireshellaccounts,hasdomainspecificusernames,canauthenticateweb,imap,smtp,andpop3clientsagainstasingledatabase,utilizessslfortransportlayersecurity,hasawebinterface,canhandlemailinglistsforanydomainonthemachine,andiscontrolledbyanice,centralandeasymysqldatabase.
Therearequiteavarietyofwaystogoaboutsettingupavirtualmailhostingsystem.Withsomayoptions,anothermaybethebestchoiceforyourspecificneeds.Considerinvestigatinghttp:
//www.qmail.org/andhttp:
//www.exim.org/toexploreyouroptions.
Thefollowingpackagesareusedinthissetup:
apache,courier-imap,courier-authlibpostfix,mod_php,phpmyadmin,squirrelmail,cyrus-sasl,mysql,php,andmailman.
MakesuretoturnonthefollowingUSEvariablesin/etc/make.confbeforecompilingthepackages:
USE="mysqlimaplibwwwmaildirsaslssl".Otherwiseyouwillmostlikelyhavetorecompilethingstogetthesupportyouneedforalltheprotocols.Further,it'sagoodideatoturnoffanyothermailandnetworkvariables,likeipv6.
Important:
Youneedadomainnametorunapublicmailserver,oratleastanMXrecordforadomain.Ideallyyouwouldhavecontrolofatleasttwodomainstotakeadvantageofyournewvirtualdomainfunctionality.
Important:
Makesure/etc/conf.d/hostnameissettotherighthostnameforyourmailserver.Youcanapplyanychangesyoumaketothisfilebyrunning/etc/init.d/hostnamerestart.Verifyyourhostnameissetcorrectlywithhostname.Alsoverifythattherearenoconflictingentriesin/etc/hosts.
Note:
Itisrecommendedthatyoureadthisentiredocumentandfamiliarizeyourselfwithallthestepsbeforeattemptingtheinstall.Ifyourunintoproblemswithanyofthesteps,checkthetroubleshootingguideattheendofthisdocument.Also,notallthereferencedpackagesarenecessary,thissetupisveryflexible.Forinstance,ifyoudonotdesireawebinterface,feelfreetoskipthesquirrelmailsection.
2. PostfixBasics
CodeListing 2.1:
Installpostfix
#emergepostfix
Warning:
VerifythatyouhavenotinstalledanyotherMTA,suchasssmtp,exim,ornetqmail,oryouwillsurelyhaveBIGproblems.
Afterpostfixisinstalled,it'stimetoconfigureit.Changethefollowingoptionsin/etc/postfix/main.cf.Remembertoreplace$variableswithyourownnames.
CodeListing 2.2:
/etc/postfix/main.cf
myhostname=$host.domain.name
mydomain=$domain.name
inet_interfaces=all
mydestination=$myhostname,localhost.$mydomain$mydomain
mynetworks=.work/24,127.0.0.0/8
home_mailbox=.maildir/
local_destination_concurrency_limit=2
default_destination_concurrency_limit=10
Nextchangethefollowingin/etc/postfix/master.cf.Thiswillturnonverboseoutputfordebugging:
CodeListing 2.3:
/etc/postfix/master.cf
#servicetypeprivateunprivchrootwakeupmaxproccommand+args
#(yes)(yes)(yes)(never)(50)
#
==========================================================================
(Justaddthe"-v"afterthesmtpdinthefollowingline)
smtpinetn-n--smtpd-v
Next,edit/etc/mail/aliasestoaddyourlocalaliases.Thereshouldatleastbeanaliasforrootlike:
root:
your@email.address.
CodeListing 2.4:
Startingpostfixforthefirsttime
#/usr/bin/newaliases
(Thiswillinstallthenewaliases.Youonlyneedtodothis
whenyouupdateorinstallaliases.)
#/etc/init.d/postfixstart
Nowthatpostfixisrunning,fireupyourfavoriteconsolemailclientandsendyourselfanemail.Iusemuttforallmyconsolemail.Verifythatpostfixisdeliveringmailtolocalusers,oncethat'sdone,we'reontothenextstep.
Note:
Istronglyrecommendthatyouverifythisbasicpostfixsetupisfunctioningbeforeyouprogresstothenextstepofthehowto.
3. Courier-imap
CodeListing 3.1:
Installcourier-imapandcourier-authlib
#emergecourier-imapcourier-authlib
CodeListing 3.2:
Courier-imapconfiguration
#cd/etc/courier-imap
(Ifyouwanttousethesslcapabilitiesofcourier-imaporpop3,
you'llneedtocreatecertsforthispurpose.
Thisstepisrecommended.Ifyoudonotwanttousessl,skipthisstep.)
#nano-wf
#nano-wf
(ChangetheC,ST,L,CN,andemailparameterstomatchyourserver.)
#mkpop3dcert
#mkimapdcert
CodeListing 3.3:
Startthecourierservicesyouneed.
#/etc/init.d/courier-imapdstart
#/etc/init.d/courier-imapd-sslstart
#/etc/init.d/courier-pop3dstart
#/etc/init.d/courier-pop3d-sslstart
Startupyourfavoritemailclientandverifythatallconnectionsyou'vestartedworkforreceivingandsendingmail.Ofcourse,youwon'tbeabletologontoanyoftheservicesbecauseauthenticationhasn'tbeenconfiguredyet,butitiswisetocheckiftheconnectionsthemselvesworkornot.
Nowthatthebasicswork,we'regoingtodoawholebunchofstuffatoncetogettherestofthesystemrunning.Again,pleaseverifythatwhatwe'veinstalledalreadyworksbeforeprogressing.
4. Cyrus-sasl
Nextwe'regoingtoinstallcyrus-sasl.Saslisgoingtoplaytheroleofactuallypassingyourauthvariablestocourier-auth,whichwillinturnpassthatinformationtomysqlforauthenticationofsmtpusers.Forthishowto,we'llnoteventrytoverifythatsaslisworkinguntilmysqlissetupandcontainsatestuser.Whichisfinesincewe'llbeauthenticatingagainstmysqlintheendanyway.
CodeListing 4.1:
Configuringandinstallingthecyrus-saslebuild
#emergecyrus-sasl
Next,edit/etc/sasl2/smtpd.conf.
CodeListing 4.2:
Startingsasl
#nano-w/etc/sasl2/smtpd.conf
mech_list:
PLAINLOGIN
pwcheck_method:
saslauthd
#nano-w/etc/conf.d/saslauthd
SASLAUTHD_OPTS="${SASLAUTH_MECH}-arimap-r"
SASLAUTHD_OPTS="${SASLAUTHD_OPTS}-Olocalhost"
#/etc/init.d/saslauthdstart
5. SSLCertsforPostfixandApache
Nextwe'regoingtomakeasetofsslcertificatesforpostfixandapache.
CodeListing 5.1:
Makingsslcerticates
#cd/etc/ssl/
#nano-wf
Changethefollowingdefaultvaluesforyourdomain:
countryName_default
stateOrProvinceName_default
localityName_default
0.organizationName_default
commonName_default
emailAddress_default.
(Ifthevariablesarenotalreadypresent,justaddtheminasensibleplace.)
#cdmisc
#./CA.pl-newreq-nodes
#./CA.pl-newca
#./CA.pl-sign
#cpnewcert.pem/etc/postfix
#cpnewkey.pem/etc/postfix
#cpdemoCA/cacert.pem/etc/postfix
(Nowwedothesamethingforapache.)
#opensslreq-new>new.cert.csr
#opensslrsa-inprivkey.pem-outnew.cert.key
#opensslx509-innew.cert.csr-outnew.cert.cert-req-signkeynew.cert.key-days365
(Justleavetheresultingcertificatesherefornow.
We'llinstallthemafterApacheisinstalled.)
6. AddingSSLandSASLsupporttoPostfix
Noweditthepostfixconfig'stomakeitawareofyournewsaslandsslcapabilities.Addthefollowingparameterstotheendofthefilewheretheywillbeeasytofind.
CodeListing 6.1:
/etc/postfix/main.cf
#nano-w/etc/postfix/main.cf
smtpd_sasl_auth_enable=yes
smtpd_sasl2_auth_enable=yes
smtpd_sasl_security_options=noanonymous
broken_sasl_auth_clients=yes
smtpd_sasl_local_domain=
(Thebroken_sasl_auth_clientsoptionandtheloginauthmethod
areforoutlookandoutlookexpressonlyandareundocumented.
Isn'thavingtohacksoftwareforstupid,broken,M$BSgreat?
smtpd_sasl_local_domainappendsadomainnametoclientsusing
smtp-auth.Makesureit'sblankoryourusernameswillget
mangledbypostfixandbeunabletoauth.)
smtpd_recipient_restrictions=
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
(Thenexttwooptionsenableoutgoingencryption.)
smtp_use_tls=yes
smtp_tls_note_starttls_offer=yes
smtpd_use_tls=yes
#smtpd_tls_auth_only=yes
smtpd_tls_key_file=/etc/postfix/newkey.pem
smtpd_tls_cert_file=/etc/postfix/newcert.pem
smtpd_tls_CAfile=/etc/postfix/cacert.pem
smtpd_tls_loglevel=3
smtpd_tls_received_header=yes
smtpd_tls_session_cache_timeout=3600s
tls_random_source=dev:
/dev/urandom
(smtpd_tls_auth_onlyiscommentedouttoeasetestingthesystem.
Youcanturnthisonlaterifyoudesire.)
#postfixreload
Nowwe'regoingtoverifythattheconfig'sweaddedwerepickedupbypostfix.Forthiswearegoingtousetelnet(providedbyforinstancenet-misc/netkit-telnetd)althoughyoucanalsousenc(providedbynet-analyzer/netcat):
CodeListing 6.2:
Verifyingsaslandtlssupport
#telnetlocalhost25
Trying127.0.0.1...
Connectedtolocalhost.
Escapecharacteris'^]'.
220ESMTPPostfix
EHLO
升级会员 