RHEL5+Postfix+MySql+

八、为postfix开启基于cyrus-sasl的认证功能

使用以下命令验正postfix是否支持cyrus风格的sasl认证，如果您的输出为以下结果，则是支持的：

# /usr/local/postfix/sbin/postconf -a

cyrus

dovecot

#vim /etc/postfix/main.cf

添加以下内容：

############################CYRUS-SASL############################

broken_sasl_auth_clients = yes

smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination

smtpd_sasl_auth_enable = yes

smtpd_sasl_local_domain = $myhostname

smtpd_sasl_security_options = noanonymous

smtpd_sasl_application_name = smtpd

smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!

#vim /usr/local/lib/sasl2/smtpd.conf(可能是vim /usr/ lib/sasl2/smtpd.conf)

添加如下内容：

pwcheck_method: saslauthd

mech_list: PLAIN LOGIN

让postfix重新加载配置文件

#/usr/local/postfix/sbin/postfix reload

# telnet localhost 25

Trying 127.0.0.1...

Connected to localhost.localdomain (127.0.0.1).

Escape character is '^]'.

220 Welcome to our mail.benet.org ESMTP,Warning: Version not Available!

ehlo mail.benet.org

250-mail.benet.org

250-PIPELINING

250-SIZE 10240000

250-VRFY

250-ETRN

250-AUTH PLAIN LOGIN

250-AUTH=PLAIN LOGIN （请确保您的输出以类似两行）

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

九、让postfix支持虚拟域和虚拟用户

1、编辑/etc/postfix/main.cf，添加如下内容：

########################Virtual Mailbox Settings########################

virtual_mailbox_base = /var/mailbox

virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf

virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf

virtual_alias_domains =

virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf

virtual_uid_maps = static:2525

virtual_gid_maps = static:2525

virtual_transport = virtual

maildrop_destination_recipient_limit = 1

maildrop_destination_concurrency_limit = 1

##########################QUOTA Settings########################

message_size_limit = 14336000

virtual_mailbox_limit = 20971520

virtual_create_maildirsize = yes

virtual_mailbox_extended = yes

virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf

virtual_mailbox_limit_override = yes

virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again later.

virtual_overquota_bounce = yes

2、添加为支持虚拟域和虚拟用户所用到的配置文件

编辑/etc/postfix/mysql_virtual_alias_maps.cf ，添加如下内容：

user = extmail

password = extmail

hosts = localhost

dbname = extmail

table = alias

select_field = goto

where_field = address

编辑/etc/postfix/mysql_virtual_domains_maps.cf ，添加如下内容：

user = extmail

password = extmail

hosts = localhost

dbname = extmail

table = domain

select_field = description

where_field = domain

编辑/etc/postfix/mysql_virtual_mailbox_limit_maps.cf ，添加如下内容：

user = extmail

password = extmail

hosts = localhost

dbname = extmail

table = mailbox

select_field = quota

where_field = username

编辑/etc/postfix/mysql_virtual_mailbox_maps.cf ，添加如下内容：

user = extmail

password = extmail

hosts = localhost

dbname = extmail

table = mailbox

select_field = maildir

where_field = username

说明：

1、这里用到的数据库及用户的建立可以后文中的extmail说明部分来实现，您可以参照那一部分来理解这里指定的数据库及其用户名等；

2、以上新建文件亦可以从extman安装文件中获得，您也可以由此不用手动输入；

3、虚拟用户邮箱目录我这里沿用了/var/mailbox，你可以指定为别的目录，比如常见到的/var/spool/mail，或者/home/domains等；但如果这里做了修改，请在后文中用到时作了相应的修改；

十、安装Courier authentication library

# tar jxvf courier-authlib-0.61.0.tar.bz2

# cd courier-authlib-0.61.0

#./configure

--prefix=/usr/local/courier-authlib

--sysconfdir=/etc

--without-authpam

--without-authldap

--without-authpwd

--without-authshadow

--without-authvchkpw

--without-authpgsql

--with-authmysql

--with-mysql-libs=/usr/local/mysql/lib/mysql

--with-mysql-includes=/usr/local/mysql/include/mysql

--with-redhat

--with-authmysqlrc=/etc/authmysqlrc

--with-authdaemonrc=/etc/authdaemonrc

CFLAGS="-march=i686 -O2 -fexpensive-optimizations"

CXXFLAGS="-march=i686 -O2 -fexpensive-optimizations"

(./configure --prefix=/usr/local/courier-authlib --sysconfdir=/etc --without-authpam --without-authldap --without-authpwd --without-authshadow --without-authvchkpw --without-authpgsql --with-authmysql --with-mysql-libs=/usr/local/mysql/lib/mysql --with-mysql-includes=/usr/local/mysql/include/mysql --with-redhat --with-authmysqlrc=/etc/authmysqlrc --with-authdaemonrc=/etc/authdaemonrc CFLAGS="-march=i686 -O2 -fexpensive-optimizations" CXXFLAGS="-march=i686 -O2 -fexpensive-optimizations")

# make

# make install

# make install-migrate

# make install-configure

# chmod 755 /usr/local/courier-authlib/var/spool/authdaemon

# cp /etc/authdaemonrc.dist /etc/authdaemonrc

# cp /etc/authmysqlrc.dist /etc/authmysqlrc

修改/etc/authdaemonrc 文件

authmodulelist="authmysql"

authmodulelistorig="authmysql"

daemons=10

编辑/etc/authmysqlrc 为以下内容，其中2525，2525 为postfix 用户的UID和GID。

MYSQL_SERVER localhost

MYSQL_PORT 3306 (指定你的mysql监听的端口，这里使用默认的3306)

MYSQL_USERNAME extmail (这时为后文要用的数据库的所有者的用户名)

MYSQL_PASSWORD extmail (密码)

MYSQL_SOCKET /tmp/mysql.sock

MYSQL_DATABASE extmail

MYSQL_USER_TABLE mailbox

MYSQL_CRYPT_PWFIELD password

MYSQL_UID_FIELD '2525'

MYSQL_GID_FIELD '2525'

MYSQL_LOGIN_FIELD username

MYSQL_HOME_FIELD concat('/var/mailbox/',maildir)

MYSQL_NAME_FIELD name

MYSQL_MAILDIR_FIELD concat('/var/mailbox/',maildir)

# cp courier-authlib.sysvinit /etc/init.d/courier-authlib

# chmod 755 /etc/init.d/courier-authlib

# chkconfig --add courier-authlib

# chkconfig --level 2345 courier-authlib on

#echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf

# ldconfig -v

# service courier-authlib start (启动服务)