Shulou(Shulou.com)06/01 Report--

Editor to share with you how to install Postfix mail virtual users and virtual domains under Linux, I believe most people do not know much about it, so share this article for your reference. I hope you will gain a lot after reading this article. Let's learn about it together.

Postfix email Architecture based on Virtual user Virtual Domain

The above figure is an almost complete architecture diagram of the mail system, where user authentication is based on the Mysql database. No matter Postfix, Dovecot, webmail, all need to go to the Mysql database for user authentication.

1. Users can connect to postfix based on outlook and then connect to Mysql through Courier-authlib for authentication. If the authentication is successful, they can send email. Before we also use Cyrus-sasl for shadow user authentication, in fact, Cyrus-sasl also supports Mysql authentication. However, because the driver is more tedious than the underlying configuration, we choose Courier-authlib for authentication, but we can see from the above figure whether we are using postfix or using the Cyrus-sasl function library to connect with Courier-authlib. By the same token, Postfix can also connect directly to Courier-authlib, but it is more troublesome.

2. Users can connect to Dovecot based on outlook and then authenticate directly to mysql. After successful authentication, they can receive mail in Mailbox. This is relatively simple because Dovecot itself supports authentication to Mysql.

3. Users can send and receive email based on webmail, and also authenticate from Extmail/Extman to Mysql, and the authentication is successful. You can send email based on postfix and receive email based on Dovecot. But Extmail/Extman itself can go to Mailbox to receive email.

Courier-authlib

Courier is an excellent e-mail system, with a complete mail system: it provides MTA (Courier-MTA), MDA (Maildrop), MUA,MRA (Courier-IMAP), SASL (Courier-authlib) WebMail (sqwebmail) and other components.

Courier-authlib is the authentication library in the Courier component, and it is an independent sub-project in the courier component, which is used to provide authentication services for other components of Courier. Its authentication functions usually include verifying the account and password when logging in, obtaining information such as a home directory or mail directory related to an account, changing the password of the account, and so on. The implementation of authentication also includes authentication based on PAM through / etc/passwd and / etc/shadow, authentication based on GDBM or DB, authentication based on LDAP/MySQL/PostgreSQL and so on. Therefore, courier-authlib is also often used to integrate with other mail components other than courier (such as postfix) to provide authentication services.

Virtual user virtual domain configuration installation ltdl dynamic module loader [root@localhost ~] # yum install libtool-ltdl libtool-ltdl-devel installation expect host communication [root@localhost] # yum install expect create user [root@localhost ~] # groupadd-g 1001 vmail [root@localhost ~] # useradd vmail-u 1001-g 1001 install Courier-authlib [root@localhost ~] # tar xvf courier-authlib-0.66.1.tar.bz2-C / usr/src/ [ Root@localhost ~] # cd / usr/src/courier-authlib-0.66.1 [root@localhost courier-authlib-0.66.1] #. / configure\-- prefix=/usr/local/courier-authlib\-- sysconfdir=/etc\-- without-authpam\-- without-authshadow\-- without-authvchkpw\-- without-authpgsql\ # above without does not support this type of authentication to avoid the need to install dependent packets-with-authmysql\ # based on mysql recognition Certificate-- with-mysql-libs=/usr/lib64/mysql\-- with-mysql-includes=/usr/include/mysql\ # the header file and library file path of mysql must be correct-- with-redhat\ # if it is redhat, the system will optimize itself. If not, do not add-- with-authmysqlrc=/etc/authmysqlrc\ # configuration file provided to mysql Record how authentication interacts with data-- with-authdaemonrc=/etc/authdaemonrc\ # courier-authlib itself is a service process, so you also need a profile-- with-mailuser=vmail\-- with-mailgroup=vmail\ # users and groups for email management [root@smtp ~] # make & & make install adjustment profile [root@localhost] # chmod 755 / usr/local/courier-authlib/var/spool/authdaemon # adjust one Authdaemon permissions (store process sockets) [root@localhost ~] # cp-p / etc/authdaemonrc.dist / etc/authdaemonrc # adjust the courier file name Because-- with-authdaemonrc=/etc/authdaemonrc specifies the file name [root@localhost ~] # cp-p / etc/authmysqlrc.dist / etc/authmysqlrc # adjusts the file name to interact with mysql Adjust the courier-authlib configuration file [root@localhost ~] # vim / etc/authdaemonrcauthmodulelist= "authmysql" # because-with-authmysqlrc=/etc/authmysqlrc specifies that the authentication module is authmysqlauthmodulelistorig= "authmysql" # the original module only retains authmysqldaemons=10 # modify the default startup process # DEBUT-LOGIN=2 # if you have problems with virtual user login, turn on the debugging function to see the log Otherwise, do not open the authentication file [root@localhost ~] # vim / etc/authmysqlrcMYSQL_SERVER localhost # specify the Mysql server address MYSQL_USERNAME extmail # user name to connect to the database (if extmail is not used) Then you need to reassign your account in extman) MYSQL_PASSWORD extmail # user password MYSQL_PORT 3306 # specify the port of your mysql (not if you use socket to communicate) MYSQL_SOCKET / var/lib/mysql/mysql.sock # Mysql's socket file MYSQL_DATABASE extmail # stores the user's library (if you don't use extmail Then it has to be changed in extman) MYSQL_USER_TABLE mailbox # stores the user's table (mailbox is automatically generated by extman for us and cannot be changed) MYSQL_CRYPT_PWFIELD password # authentication password field MYSQL_UID_FIELD '1001' # vmail user's UIDMYSQL_GID_FIELD' 1001' # vmail user's GIDMYSQL_LOGIN_FIELD username # authentication account field MYSQL_HOME_FIELD concat ('/ var/mailbox/' Homedir) # concat is a function of mysql to connect / var/mailbox/ to homedir into a path (homedir is a variable of mysql for each user name) MYSQL_NAME_FIELD name # user full name field Default MYSQL_MAILDIR_FIELD concat ('/ var/mailbox/') Maildir) # Virtual user's mail directory Courier-authlib provides SysV service script [root@localhost] # cd / usr/src/courier-authlib-0.66.1/ [root@localhost courier-authlib-0.66.1] # cp courier-authlib.sysvinit / etc/rc.d/init.d/courier-authlib [root@localhost ~] # chmod 755 / etc/init.d/courier-authlib [root@localhost ~] # chkconfig-- add courier-authlib [root@localhost ~] # chkconfig courier-authlib on [root@localhost ~] # service courier-authlib startStarting Courier authentication services: authdaemond

PS: using pstree-a, you can see that authdaemond has generated 11 processes, we have started 10, but there is one main process responsible for generating other processes.

Create a virtual user mailbox directory [root@localhost ~] # mkdir-pv / var/mailbox [root@localhost ~] # chown-R vmail / var/mailbox

PS: mailbox directory owner is vmail

Change SASL authentication mode to authdaemond

The SMTP authentication of Postfix needs to connect to authdaemon through Cyrus-SASL to obtain authentication information.

[root@localhost ~] # vim / usr/lib64/sasl2/smtpd.conf#pwcheck_method: saslauthd#mech_list: PLAIN LOGIN# Note previous experiment uses SASL authentication parameter pwcheck_method: authdaemondlog_level: 3mech_list:PLAIN LOGINauthdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket to let Postfix support virtual users and virtual domain [root@localhost] # vim / etc/postfix/main.cf# # Virtual Mailbox Settings#virtual_mailbox_base = / var/mailbox # user mailbox directory (as defined by this parameter MYSQL_HOME_FIELD) virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf # is used to query user account information (the SQL statement is defined in this configuration file Use extmail user) virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf # to query the virtual domain virtual_alias_domains = virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf # to query the user alias virtual_uid_maps = static:1001virtual_gid_maps = static:1001 # each virtual user is mapped to the system user vmailvirtual_transport = virtual # specifies that MDA is specifically for virtual use Household delivery Agent virtual_mailbox_limit = 20971520 # disk quota installation Httpd [root @ localhost ~] # yum install httpd installation extman

You need to use extmail.sql and init.sql in the docs directory under the source code extman directory to set up the database extmail

[root@localhost ~] # tar zxvf extman-1.1.tar.gz-C / usr/src/ [root@localhost ~] # cd / usr/src/extman-1.1/docs [root@localhost docs] # service mysqld restart [root@localhost docs] # mysql-u root [root@localhost docs] # mysql-u root [root@localhost docs] # mysql-u root-B-e "show databases;" Databaseinformation_schemaextmailmysqltest

# for later versions of MySQL-5.1, there will be syntax errors in the execution of the service script extmail.sql, because the default storage engine used by MySQL-5.1 is MyISAM, while the InnoDB storage engine is used after MySQL-5.1. You can use the following command to modify the extmail.sql configuration file before performing the modification as follows:

Sed-I's innovative TYPERATION MyISAMIC engineer innovative DBMS g' extmail.sql

# here I use the PRM package, so MySQL is version 5.1, and there is no need to modify the SQL script.

These two SQL scripts create extmail databases and tables, as well as extmail and webman users. So you need to give the user extmail access to the extmail database (extmail gives select permission in a production environment because it only needs to retrieve the user). At the same time, the password here is set to extmail, which is the same as the configuration file above, otherwise it will have to be changed.

Mysql > GRANT all privileges on extmail.* TO extmail@localhost IDENTIFIED BY 'extmail';mysql > GRANT all privileges on extmail.* TO extmail@127.0.0.1 IDENTIFIED BY' extmail';mysql > flush privileges Copy Postfix files from Extman that support virtual users and virtual domains and connect to mysql [root@localhost ~] # cd / usr/src/extman-1.1/docs [root@localhost docs] # cp mysql_virtual_mailbox_maps.cf / etc/postfix/ [root@localhost docs] # cp mysql_virtual_domains_maps.cf / etc/postfix/ [root@localhost docs] # cp mysql_virtual_alias_maps.cf / etc/postfix/ [root@localhost docs] # cp mysql_virtual_limit_maps.cf / etc/postfix/

Open a file and have a look

[root@localhost ~] # cat / etc/postfix/mysql_virtual_domains_maps.cfuser = extmailpassword = extmailhosts = localhostdbname = extmailtable = domainselect_field = domainwhere_field = domainadditional_conditions = AND active ='1'

PS: therefore, the account password in the mysql authentication configuration file / etc/authmysqlrc needs to be used in many places, and all must be modified uniformly in the production environment.

Cancel the previously configured central domain

When using a virtual domain, you need to cancel the use of the central domain, myhostname, mydomain, myorigin, and mydestination, so the parameters that need to be added to the main.cf configuration file are as follows:

[root@localhost ~] # vim / etc/postfix/main.cf#Center Domain Settings#mynetworks = 127.0.0.0/8#mydestination = $myhostname, localhost.$mydomain, localhost $mydomain#myhostname = smtp.ywnds.com#mydomain = ywnds.com#myorigin = $mydomain#home_mailbox = Maildir/ configuration Dovecot based on MySQL authentication [root@localhost] # vim / etc/dovecot/dovecot.conf#Ssl = no#disable_plaintext_auth = no#mail_location = maildir:~/Maildir# comment out the lines that have just been added in the dovecot main configuration file / etc/dovecot/dovecot.conf [root@localhost ~] # vim / etc/dovecot/conf.d/10 -mail.confmail_location = maildir:/var/mailbox/%d/%n/Maildir # add the extraction location of the specified message on this line [root@localhost ~] # vim / etc/dovecot/conf.d/10-auth.confdisable_plaintext_auth = no # enable plaintext authentication (you can choose to turn this parameter off in the dovecot.conf configuration file) auth_mechanisms = plain login # support authentication method #! include auth-system.conf.ext # cancel the default system Unified verification! include auth-sql.conf.ext # enable mysql verification # auth_verbose = yes # authentication detailed log Debugging can open [root@localhost ~] # vim / etc/dovecot/conf.d/auth-sql.conf.extpassdb {driver = sql # args = / etc/dovecot/dovecot-sql.conf.ext args = / etc/dovecot/dovecot-sql.conf} userdb {driver = sql # args = / etc/dovecot/dovecot-sql.conf.ext args = / etc/dovecot/dovecot-sql.conf}

PS: the MySQL authentication file specifies that the user's account number and password need to be fetched from the database through the / etc/dovecot/dovecot-sql.conf file.

[root@localhost ~] # vim / etc/dovecot/dovecot-sql.confdriver = mysqlconnect = host=localhost dbname=extmail user=extmail password=extmaildefault_pass_scheme = CRYPTpassword_query = SELECT username AS user,password AS password FROM mailbox WHERE username ='% u'user_query = SELECT maildir,uidnumber AS uid,gidnumber AS gid FROM mailbox WHERE username ='% u' explain: Driver # Dovecot uses its own driver connection MySQLConnect # to connect to the local mysql; database extmail; user extmail; password extmail. # Note: if the mysql server is the local host, that is, host=localhost, if the mysql.sock file is not the default / var/lib/mysql/mysql.sock, you can use host= "path to the sock file" to specify the new location; # for example, the sock file location of the MySQL installed in the general binary format is / tmp/mysql.sock, accordingly, connect should define connect = host=/tmp/mysql.sock dbname=extmail user=extmail password=extmail as follows. Default_pass_scheme # indicates that our password is encrypted to store Password_query # find password query which field User_query # find account query which field PS:dovecot also provides such a configuration file template Start all services at / usr/share/doc/dovecot-2.0.9/example-config/dovecot-sql.conf.ext [root@localhost ~] # service dovecot restart [root@localhost ~] # service postfix restart [root@localhost ~] # service courier-authlib restart [root@localhost ~] # service mysqld restart test virtual user [root@localhost ~] # / usr/local/courier-authlib/sbin/authtest-s login postmaster@extmail.org extmailAuthentication succeeded.

The above is all the contents of the article "how to install Postfix mail virtual users and virtual domains under Linux". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.