- 论坛徽章:
- 0
|
1:为什么用centos,不下载编译其他更新的软件?
方便安装,升级.
2:为什么用openldap
支持mozilla,thunderbird在线地址簿,支持中心认证.openldap 用来保存用户密码帐号.
3:为什么用cyrus_sasl
支持postfix的smtp认证,配置方便.saslauthd在这个系统中起中心认证的作用.
SASL: Simple Authentication and Security Layer简单认证安全层,它提供了模块化的SMTP认证扩展,因此SMTP就可以在SASL之上构建自己的SMTP认证.
4:为什么cyrus_imapd
其实以前一直用courier.不过配置比sasl麻烦.效率应该比cyrus_imapd低.最重要的是centos不带.yum 升级不到.
cyrus_imapd简称imapd用来投递本地用户的邮件,用来提供pop,imap的服务.
5:为什么postfix
postfix专门发送邮件,用来提供smtp服务.
废话过:开始
先说说一些概念:
PAM: PAM的英文全称是Pluggable Authentication Module系统,即此程序是有关执行用户鉴别和帐号维护的服务。
smtp的认证过程:
smtp-->saslauthd-->pam-->ldap-->auth
pop的认证过程:
pop-->imapd-->saslauthd-->pam-->ldap-->auth
imap和pop类似:
imap-->imapd-->saslauthd-->pam--ldap-->auth
1.软件需求:
3张centos光盘.
2.安装时选择邮件服务器postfix,选择imapd,选择openldap,如果要webmail的话还可选上apache和.squirrelmail.
安装mta切换器.系统安装完成后切换邮件服务器为postfix.
3.开始工作
需要修改的配置文件:
cyrus_sasl的配置文件:/etc/sysconfig/saslauthd
"MECH=pam"
pam的配置文件:/etc/pam.d/
这里很多文件,只修改imap和pop相关的.
但是pam的ldap模块的配置文件在/etc/ldap.conf要将openldap的/etc/openldap/ldap.conf区分开,输入要bind的用户,密码base.修改
"
scope sub
pam_login_attribute uid
"
pop和imap
"
auth sufficient /lib/security/$ISA/pam_ldap.so
account sufficient /lib/security/$ISA/pam_ldap.so
"
或
"
auth sufficient pam_ldap.so
account sufficient pam_ldap.so
"
不过我把imap.sendmail 和imap.postfix都改了.
smtpd.conf的配置文件在/usr/lib/sasl和/usr/lib/sasl2
如果是64位的系统在/usr/lib64/sasl里和/usr/lib64/sasl2
"pwcheck_method: saslauthd"
imap.conf在/etc/
"
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus root
sieveusehomedir: false
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem
tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt
sasl_minimum_layer: 0
syslog_prefix: cyrus_imap
"
cyrus.conf在/etc/但没修改内容
postfix的配置文件在/etc/postfix
main.cf
"
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = host.domain.tld
mydomain = $myhostname
myorigin = $mydomain
inet_interfaces = localhost
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
local_recipient_maps =
unknown_local_recipient_reject_code = 550
mynetworks_style = host
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
home_mailbox = Mailbox
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
mailbox_transport = cyrus
fallback_transport = cyrus
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated
permit_auth_destination
reject
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_key_file = /usr/share/ssl/certs/cyrus-imapd.pem
smtpd_tls_cert_file = /usr/share/ssl/certs/cyrus-imapd.pem
smtpd_tls_CAfile = /usr/share/ssl/certs/ca-bundle.crt
smtpd_use_tls = yes
"
master.cf基本不需要修改,但是要注意64位os要修改cyrus行的lib为lib64
openldap
配置文件在/etc/openldap
请参考一般讲解openldap的文章.系统利用的是openldap自给带的schema.所以不存在自己编辑schema的问题.
参考teset用户的ldif
"
version: 1
dn: uid=test,ou=mailaccounts,dc=xxxxx,dc=zzzz
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: postfixUser
objectClass: person
objectClass: posixAccount
objectClass: top
cn: uid=test,ou=mailaccounts,dc=xxxxx,dc=zzzz
gidNumber: 12
homeDirectory: /var/spool/imap/t/user/test
mail: test@xxxxx.zzzz
sn: test
uid: test
uidNumber: 76
userPassword:: dGVzdA==
"
cyradm命令说明
进入imap管理界面
(请先为cyrus用户录入ldap信息,因为配好/etc/pam.d/imap后,cyradm命令直接到ldap里找密码了.有的文章说需要passwd cyrus,不过我觉得不需要.)
cyrus用户参考ldif
"
version: 1
dn: uid=cyrus,ou=mailaccounts,dc=xxxxx,dc=zzzz
objectClass: posixGroup
objectClass: posixAccount
objectClass: shadowAccount
objectClass: top
cn: uid=cyrus,ou=mailaccounts,dc=xxxxx,dc=zzzz
gidNumber: 12
homeDirectory: /var/lib/imap
loginShell: /bin/bash
uid: cyrus
uidNumber: 76
userPassword:: Y3lydXM=
"
进入cyradm管理界面:
cyradm -u cyrus localhost
输入密码后进入管理界面.
xxx.domain.>
"cm user.mingzi"建立mingzi用户的mailbox,注意cm mingzi是不行的.
"sam user.mingzi cyrus c"
"dm user.mingzi"删除mingzi用户的mailbox.
在录入openldap里mingzi用户的信息.
o k 测试一下吧,看看我说全没有.如果MUA测试成功建议用web测试:http://localhost/webmail---->基本上不用配.
建议:
1:调试ldap数据库用一种GUI环境.例如:JXplorer或者ldapbrowser,可以大大降低劳动强度.
2:在/etc/syslog.conf里加入"local4.debug /var/log/ldap.log",调试系统多看看/var/log/ldap.log和/var/log/maillog,还有/var/log/message
[ 本帖最后由 5day 于 2005-12-14 10:05 编辑 ] |
|