Ubuntu 12.04安装配置Postfix dovecot cyrus sasl(mysql虚拟用户)

本文是基于ubuntu 12.04配置的邮件服务器,利用postfix提供邮件smtp服务,dovecot提供pop3或imap代理收信服务。使用mysql管理和验证邮件用户。以下操作经本人亲试通过,涉及域名webres.wang的请替换为自己的。

一、安装必要包

  1. apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server dovecot-common dovecot-imapd dovecot-pop3d libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl telnet mailutils dovecot-mysql

二、设置MySQL数据库

  1. mysql -u root -p
  1. mysql> CREATE DATABASE mail;
  2. mysql> USE mail;
  3. mysql> GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO ‘mail_admin’@’localhost’ IDENTIFIED BY ‘password-for-mail_admin’;
  4. mysql> GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO ‘mail_admin’@’127.0.0.1’ IDENTIFIED BY ‘password-for-mail_admin’;
  5. mysql> FLUSH PRIVILEGES;
  6. mysql> CREATE TABLE domains (domain varchar(50) NOT NULL, PRIMARY KEY (domain) );
  7. mysql> CREATE TABLE forwardings (source varchar(80) NOT NULL, destination TEXT NOT NULL, PRIMARY KEY (source) );
  8. mysql> CREATE TABLE users (email varchar(80) NOT NULL, password varchar(20) NOT NULL, PRIMARY KEY (email) );
  9. mysql> CREATE TABLE transport ( domain varchar(128) NOT NULL default ”, transport varchar(128) NOT NULL default ”, UNIQUE KEY domain (domain) );
  10. mysql> quit

注:请替换password-for-mail_admin为用户mail_admin的密码,以下出现password-for-mail_admin的也请替换下。

三、配置Postfix使用MySQL

文件:/etc/postfix/mysql-virtual_domains.cf

  1. user = mail_admin
  2. password = password-for-mail_admin
  3. dbname = mail
  4. query = SELECT domain AS virtual FROM domains WHERE domain=’%s’
  5. hosts = 127.0.0.1

文件:/etc/postfix/mysql-virtual_forwardings.cf

  1. user = mail_admin
  2. password = password-for-mail_admin
  3. dbname = mail
  4. query = SELECT destination FROM forwardings WHERE source=’%s’
  5. hosts = 127.0.0.1

文件:/etc/postfix/mysql-virtual_mailboxes.cf

  1. user = mail_admin
  2. password = password-for-mail_admin
  3. dbname = mail
  4. query = SELECT CONCAT(SUBSTRING_INDEX(email,’@’,-1),’/’,SUBSTRING_INDEX(email,’@’,1),’/’) FROM users WHERE email=’%s’
  5. hosts = 127.0.0.1

文件:/etc/postfix/mysql-virtual_email2email.cf

  1. user = mail_admin
  2. password = password-for-mail_admin
  3. dbname = mail
  4. query = SELECT email FROM users WHERE email=’%s’
  5. hosts = 127.0.0.1

设置权限:

  1. chmod o= /etc/postfix/mysql-virtual_*.cf
  2. chgrp postfix /etc/postfix/mysql-virtual_*.cf

建立用户:

  1. groupadd -g 5000 vmail
  2. useradd -g vmail -u 5000 vmail -d /home/vmail -m

配置postfix:

  1. postconf -e ‘myhostname = webres.wang’
  2. postconf -e ‘mydestination = webres.wang, localhost, localhost.localdomain’
  3. postconf -e ‘mynetworks = 127.0.0.0/8’
  4. postconf -e ‘message_size_limit = 30720000’
  5. postconf -e ‘virtual_alias_domains =’
  6. postconf -e ‘virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf’
  7. postconf -e ‘virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf’
  8. postconf -e ‘virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf’
  9. postconf -e ‘virtual_mailbox_base = /home/vmail’
  10. postconf -e ‘virtual_uid_maps = static:5000’
  11. postconf -e ‘virtual_gid_maps = static:5000’
  12. postconf -e ‘smtpd_sasl_auth_enable = yes’
  13. postconf -e ‘broken_sasl_auth_clients = yes’
  14. postconf -e ‘smtpd_sasl_authenticated_header = yes’
  15. postconf -e ‘smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination’
  16. postconf -e ‘smtpd_use_tls = yes’
  17. postconf -e ‘smtpd_tls_cert_file = /etc/postfix/smtpd.cert’
  18. postconf -e ‘smtpd_tls_key_file = /etc/postfix/smtpd.key’
  19. postconf -e ‘proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps’
  20. postconf -e ‘virtual_transport = dovecot’
  21. postconf -e ‘local_transport = dovecot’

四、为postfix创建证书:

  1. cd /etc/postfix
  2. openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509

更改证书权限:

  1. chmod o= /etc/postfix/smtpd.key

五、配置saslauthd

  1. mkdir -p /var/spool/postfix/var/run/saslauthd
  2. cp -a /etc/default/saslauthd /etc/default/saslauthd.bak

编辑文件:/etc/default/saslauthd,按以下内容修改:

  1. START=yes
  2. DESC="SASL Authentication Daemon"
  3. NAME="saslauthd"
  4. MECHANISMS="pam"
  5. MECH_OPTIONS=""
  6. THREADS=5
  7. OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

文件:/etc/pam.d/smtp

  1. auth    required   pam_mysql.so user=mail_admin passwd=password-for-mail_admin host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
  2. account sufficient pam_mysql.so user=mail_admin passwd=password-for-mail_admin host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1

文件:/etc/postfix/sasl/smtpd.conf

  1. pwcheck_method: saslauthd
  2. mech_list: plain login
  3. allow_plaintext: true
  4. auxprop_plugin: sql
  5. sql_engine: mysql
  6. sql_hostnames: 127.0.0.1
  7. sql_user: mail_admin
  8. sql_passwd: password-for-mail_admin
  9. sql_database: mail
  10. sql_select: select password from users where email = ‘%u@%r’

设置权限:

  1. chmod o= /etc/pam.d/smtp
  2. chmod o= /etc/postfix/sasl/smtpd.conf

重启服务:

  1. adduser postfix sasl
  2. service postfix restart
  3. service saslauthd restart

六、配置Dovecot

文件:/etc/postfix/master.cf,按如下修改

取消submission配置的注释:

  1. #submission inet n       –       –       –       –       smtpd
  2. #  -o syslog_name=postfix/submission
  3. #  -o smtpd_tls_security_level=encrypt
  4. #  -o smtpd_sasl_auth_enable=yes
  5. #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  6. #  -o milter_macro_daemon_name=ORIGINATING
  7.  改为
  8. submission inet n       –       –       –       –       smtpd
  9.   -o syslog_name=postfix/submission
  10.   -o smtpd_tls_security_level=encrypt
  11.   -o smtpd_sasl_auth_enable=yes
  12.   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  13.   -o milter_macro_daemon_name=ORIGINATING

文件尾增加:

  1. dovecot   unix  –       n       n       –       –       pipe
  2.     flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}
  1. cp -a /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.bak

清空文件/etc/dovecot/dovecot.conf,加入如下:

  1. log_timestamp = "%Y-%m-%d %H:%M:%S "
  2. mail_location = maildir:/home/vmail/%d/%n/Maildir
  3. namespace {
  4.   inbox = yes
  5.   location =
  6.   prefix = INBOX.
  7.   separator = .
  8.   type = private
  9. }
  10. passdb {
  11.   args = /etc/dovecot/dovecot-sql.conf
  12.   driver = sql
  13. }
  14. protocols = imap pop3
  15. disable_plaintext_auth = no
  16. auth_mechanisms = plain login
  17. service auth {
  18.   unix_listener /var/spool/postfix/private/auth {
  19.     group = postfix
  20.     mode = 0660
  21.     user = postfix
  22.   }
  23.   unix_listener auth-master {
  24.     mode = 0600
  25.     user = vmail
  26.   }
  27.   user = root
  28. }
  29. ssl = required
  30. ssl_cert = </etc/ssl/certs/dovecot.pem
  31. ssl_key = </etc/ssl/private/dovecot.pem
  32. userdb {
  33.   args = uid=5000 gid=5000 home=/home/vmail/%d/%n allow_all_users=yes
  34.   driver = static
  35. }
  36. protocol lda {
  37.   auth_socket_path = /var/run/dovecot/auth-master
  38.   log_path = /home/vmail/dovecot-deliver.log
  39.   postmaster_address = [email protected]
  40. }
  41. protocol pop3 {
  42.   pop3_uidl_format = %08Xu%08Xv
  43. }
  1. cp -a /etc/dovecot/dovecot-sql.conf /etc/dovecot/dovecot-sql.conf.bak

文件:/etc/dovecot/dovecot-sql.conf

  1. driver = mysql
  2. connect = host=127.0.0.1 dbname=mail user=mail_admin password=password-for-mail_admin
  3. default_pass_scheme = CRYPT
  4. password_query = SELECT email as user, password FROM users WHERE email=’%u’;
  1. service dovecot restart
  2.  
  3.  
  4. chgrp vmail /etc/dovecot/dovecot.conf
  5. chmod g+r /etc/dovecot/dovecot.conf

七、设置Mail Aliases

文件/etc/aliases

  1. postmaster: root
  2. root: [email protected]

八、测试

  1. mysql -u root -p
  1. USE mail;
  2. INSERT INTO domains (domain) VALUES (‘webres.wang’);
  3. INSERT INTO users (email, password) VALUES (‘[email protected]’, ENCRYPT(‘password-for-sales’));
  4. quit

这里添加了一个[email protected]的用户,密码为password-for-sales

最后,可以使用邮件客户端,如foxmail进行收信和发信的测试。

Ubuntu 12.04安装PPTP

1、安装软件

  1. sudo apt-get install pptpd ufw

2、编辑/etc/ppp/pptpd-options

找到

  1. refuse-pap
  2. refuse-chap
  3. refuse-mschap

注释掉这三行,即在前面加#

3、接着同样的文件,添加DNS

  1. ms-dns 8.8.8.8
  2. ms-dns 8.8.4.4

4、编辑/etc/pptpd.conf

增加或修改:

  1. localip 10.99.99.99
  2. remoteip 10.99.99.100-199

5、编辑/etc/ppp/chap-secrets

添加用户和密码,格式为:

  1. [Username] [Service] [Password] [Allowed IP Address]

如:

  1. sampleusername pptpd samplepassword *

6、重启pptpd

  1. sudo /etc/init.d/pptpd restart

7、编辑/etc/sysctl.conf

增加:

  1. net.ipv4.ip_forward=1

立即生效:

  1. sudo sysctl -p

8、编辑/etc/default/ufw

把所有的默认策略更改为ACCEPT:

  1. DEFAULT_FORWARD_POLICY由DROP更改为ACCEPT
  2. DEFAULT_INPUT_POLICY由DROP更改为ACCEPT

9、编辑/etc/ufw/before.rules

增加:

  1. # NAT table rules
  2. *nat
  3.  
  4. :POSTROUTING ACCEPT [0:0]
  5. # Allow forward traffic to eth0
  6. -A POSTROUTING -s 10.99.99.0/24 -o eth0 -j MASQUERADE
  7.  
  8. # Process the NAT table rules
  9. COMMIT

10、启动ufw

  1. sudo ufw enable

11、使用客户端进行测试
如windows7,打开控制面板->网络和internet->网络和共享中心同,点击“设置新的连接和网络”,选择连接到工作区,接下来就按提示操作就好。