精华帖 (0) :: 良好帖 (0) :: 新手帖 (0) :: 隐藏帖 (0)
|
|
---|---|
作者 | 正文 |
发表时间:2010-06-21
最后修改:2010-08-09
基本上是按照 http://flurdy.com/docs/postfix 这个教程做的 推荐初次搭建邮件服务器的人看的书
LINUX系统管理技术手册(第2版) POSTFIX权威指南
这2本书里面讲了很多邮件服务器方面的基本概念,不明白的话配置文件的时候简直像猜大小
写几点要注意的地方
ln -s /tmp/mysql.sock /var/run/mysqld/mysqld.sock
配置postfix邮件系统要很多配置文件, 里面的某些配置文件里面是不会自动trim()的, 如: xxx = mysql 有一个认证模块的配置文件里面我在mysql后面多了一个空格,结果log一直提示我mysql模块未安装, 其实它说的是'mysql '模块,注意到没,引号里有一个空格,这个错误弄了老半天,最后在网上看到老外也提到了这点,才试着一个个去去除空格,结果就好了。。。
还有一个,就是配置ssl,生成证书的时候,他会让你写一些信息, 如下 Country Name (2 letter code) [AU]:cn
这里的Common Name一定要和你的邮件服务器的名字一样,其他无所谓, 这里也是碰壁了,网上查了才知道的,原文没有提到
最后就配置了mysql+postfix+sasl_ssl,配置文件记一下
mailserver.com
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # TLS parameters smtpd_tls_cert_file=/etc/postfix/postfix.cert smtpd_tls_key_file=/etc/postfix/postfix.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_tls_security_level = may smtpd_tls_security_level = may smtp_tls_note_starttls_offer = yes smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = mailserver.com myorigin = mailserver.com relayhost = mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all mynetworks_style = host local_recipient_maps = mydestination = alias_maps = hash:/etc/postfix/aliases alias_database = hash:/etc/postfix/aliases virtual_mailbox_base = /var/spool/mail/virtual virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit smtpd_sender_restrictions =permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit #smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org smtpd_recipient_restrictions = reject_unauth_pipelining, permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit smtpd_data_restrictions = reject_unauth_pipelining # how long if undelivered before sending warning update to sender delay_warning_time = 4h # will it be a permanent error or temporary unknown_local_recipient_reject_code = 450 # how long to keep message on queue before return as failed. # some have 3 days, I have 16 days as I am backup server for some people # whom go on holiday with their server switched off. maximal_queue_lifetime = 7d # max and min time in seconds between retries if connection failed minimal_backoff_time = 1000s maximal_backoff_time = 8000s # how long to wait when servers connect before receiving rest of data smtp_helo_timeout = 60s # how many address can be used in one message. # effective stopper to mass spammers, accidental copy in whole address list # but may restrict intentional mail shots. smtpd_recipient_limit = 999 # how many error before back off. smtpd_soft_error_limit = 3 # how many max errors before blocking it. smtpd_hard_error_limit = 12
这3个文件没什么可说的 注意后面没有空格就好了
authmodulelist="authmysql" 注意这个就好了 其他没改
这个也是照着教程上的改就好了 注意的就是 MYSQL_CRYPT_PWFIELD crypt # MYSQL_CLEAR_PWFIELD clear
这里没改
START=yes OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd" 就改了这2个地方
pwcheck_method:saslauthd mech_list: plain login cram-md5 digest-md5 log_level: 7 allow_plaintext: true auxprop_plugin: mysql sql_engine: mysql sql_hostnames: 127.0.0.1 sql_user: admin sql_passw: admin sql_database: maildb sql_select: select crypt from users where id='%u@%r' and enabled = 1
auth required pam_mysql.so user=mail passwd=aPASSWORD host=127.0.0.1 db=maildb table=users usercolumn=id passwdcolumn=crypt crypt=1 account sufficient pam_mysql.so user=mail passwd=aPASSWORD host=127.0.0.1 db=maildb table=users usercolumn=id passwdcolumn=crypt crypt=1
smtp inet n - - - - smtpd #submission inet n - - - - smtpd # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sasl_security_options=noanonymous,noplaintext -o smtpd_sasl_tls_security_options=noanonymous
配置amavis 基本上也是按照教程来的 然后用其他邮箱发邮件测试 看mail.log的输出 这里我就出了一个文件读取权限的错误 改 daemon_user 就好了 vi /etc/amavis/conf.d/ $mydomain = 'yourdomain'; $myhostname = 'yourdomain'; $daemon_user= 'amavis'; $daemon_group= 'amavis'; @local_domains_acl = qw(.); $log_level = 1; $syslog_priority = 'info'; $sa_kill_level_deflt = 8.0; # triggers spam evasive actions #$final_spam_destiny = D_PASS; $final_spam_destiny = D_DISCARD;
vi /etc/postfix/master.cf pickup fifo n - - 60 1 pickup -o content_filter= -o receive_override_options=no_header_body_checks amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
content_filter = amavis:[127.0.0.1]:10024
@bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); @bypass_spam_checks_maps = ( \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
在用javamail发邮件的时候出了问题 说 unable to find valid certification path to requested target 一看就是认证方面的 接着就上网找资料 重新配置认证文件,然后把认证文件导入到当前用到的jre\lib\security\cacerts中, 我很怀疑其实我原来的认证文件就可以的,只要导入到当前的jre中就可以
怎么导入呢 JDK/bin/keytool -import -file mailcert.pem -keystore %java_home%/jre/lib/security/cacerts 这里会问密码 是 changeit 这个对jdk都是一样的 默认密码 这里要注意的是你的java运行的时候用的那个jre你就要导入到那个里去,mailcert.pem就是你mailserver用到的认证文件
=========================================================== 配置认证文件 8.1 配置OpenSSL
声明:ITeye文章版权属于作者,受法律保护。没有作者书面许可不得转载。
推荐链接
|
|
返回顶楼 | |
浏览 3964 次