Shulou(Shulou.com)06/01 Report--

This article mainly shows you the "sample analysis of Postfix virtual users and virtual domains in Linux", which is easy to understand and well-organized. I hope it can help you solve your doubts. Let me lead you to study and study the "sample analysis of Postfix virtual users and virtual domains in Linux".

Postfix email Architecture based on Virtual user Virtual Domain

The above figure is an almost complete architecture diagram of the mail system, where user authentication is based on the Mysql database. No matter Postfix, Dovecot, webmail, all need to go to the Mysql database for user authentication.

1. Users can connect to postfix based on outlook and then connect to Mysql through Courier-authlib for authentication. If the authentication is successful, they can send email. Before we also use Cyrus-sasl for shadow user authentication, in fact, Cyrus-sasl also supports Mysql authentication. However, because the driver is more tedious than the underlying configuration, we choose Courier-authlib for authentication, but we can see from the above figure whether we are using postfix or using the Cyrus-sasl function library to connect with Courier-authlib. By the same token, Postfix can also connect directly to Courier-authlib, but it is more troublesome.

2. Users can connect to Dovecot based on outlook and then authenticate directly to mysql. After successful authentication, they can receive mail in Mailbox. This is relatively simple because Dovecot itself supports authentication to Mysql.

3. Users can send and receive email based on webmail, and also authenticate from Extmail/Extman to Mysql, and the authentication is successful. You can send email based on postfix and receive email based on Dovecot. But Extmail/Extman itself can go to Mailbox to receive email.

Courier-authlib

Courier is an excellent e-mail system, with a complete mail system: it provides MTA (Courier-MTA), MDA (Maildrop), MUA,MRA (Courier-IMAP), SASL (Courier-authlib) WebMail (sqwebmail) and other components.

Courier-authlib is the authentication library in the Courier component, and it is an independent sub-project in the courier component, which is used to provide authentication services for other components of Courier. Its authentication functions usually include verifying the account and password when logging in, obtaining information such as a home directory or mail directory related to an account, changing the password of the account, and so on. The implementation of authentication also includes authentication based on PAM through / etc/passwd and / etc/shadow, authentication based on GDBM or DB, authentication based on LDAP/MySQL/PostgreSQL and so on. Therefore, courier-authlib is also often used to integrate with other mail components other than courier (such as postfix) to provide authentication services.

Virtual user imaginary domain configuration

Install the ltdl dynamic module loader

[root@localhost ~] # yum install libtool-ltdl libtool-ltdl-devel

Install expect host to host communication

[root@localhost ~] # yum install expect

Create a user

[root@localhost] # groupadd-g 1001 vmail [root@localhost ~] # useradd vmail-u 1001-g 1001

Install Courier-authlib

[root@localhost ~] # tar xvf courier-authlib-0.66.1.tar.bz2-C / usr/src/ [root@localhost ~] # cd / usr/src/courier-authlib-0.66.1 [root@localhost courier-authlib-0.66.1] #. / configure\-- prefix=/usr/local/courier-authlib\-- sysconfdir=/etc\-- without-authpam\-- without-authshadow\-- without-authvchkpw\-- without-authpgsql\ # above without is not Support this type of authentication to avoid the need to install dependent packets-- with-authmysql\ # based on mysql authentication-- with-mysql-libs=/usr/lib64/mysql\-- with-mysql-includes=/usr/include/mysql\ # the header file and library file path of mysql must be correct-- with-redhat\ # if it is redhat, the system will optimize itself. If not, do not add-- with-authmysqlrc=/etc/authmysqlrc\ # configuration file provided to mysql to record how authentication interacts with data-- with-authdaemonrc=/etc/authdaemonrc\ # courier-authlib itself is a service process, so you also need a configuration file-- with-mailuser=vmail\-- with-mailgroup=vmail\ # users and groups for email management [root@smtp ~] # make & & make install

Adjust the configuration file

[root@localhost ~] # chmod 755 / usr/local/courier-authlib/var/spool/authdaemon # adjust the permissions of authdaemon (store process sockets) [root@localhost ~] # cp-p / etc/authdaemonrc.dist / etc/authdaemonrc # adjust the courier file name, because-- with-authdaemonrc=/etc/authdaemonrc specifies the file name [root@localhost ~] # cp-p / etc/authmysqlrc.dist / etc/authmysqlrc # adjust the file name to interact with mysql Because-- with-authmysqlrc=/etc/authmysqlrc specified the file name

Adjust the courier-authlib profile

[root@localhost ~] # vim / etc/authdaemonrcauthmodulelist= "authmysql" # specifies that the authentication module is authmysqlauthmodulelistorig= "authmysql" # the original module authenticated only retains authmysqldaemons=10 # modify the default startup process # DEBUT-LOGIN=2 # if you have problems with virtual user login, turn on the debugging function to see the log; otherwise, do not open it.

Adjust the authentication file of email account through MYSQL

[root@localhost ~] # vim / etc/authmysqlrcMYSQL_SERVER localhost # specify the Mysql server address MYSQL_USERNAME extmail # user name to connect to the database (if you do not use extmail Then you need to reassign your account in extman) MYSQL_PASSWORD extmail # user password MYSQL_PORT 3306 # specify the port of your mysql (not if you use socket to communicate) MYSQL_SOCKET / var/lib/mysql/mysql.sock # Mysql's socket file MYSQL_DATABASE extmail # stores the user's library (if you don't use extmail Then it has to be changed in extman) MYSQL_USER_TABLE mailbox # stores the user's table (mailbox is automatically generated by extman for us and cannot be changed) MYSQL_CRYPT_PWFIELD password # authentication password field MYSQL_UID_FIELD '1001' # vmail user's UIDMYSQL_GID_FIELD' 1001' # vmail user's GIDMYSQL_LOGIN_FIELD username # authentication account field MYSQL_HOME_FIELD concat ('/ var/mailbox/' Homedir) # concat is a function of mysql to connect / var/mailbox/ to homedir into a path (homedir is a variable of mysql for each user name) MYSQL_NAME_FIELD name # user full name field Default MYSQL_MAILDIR_FIELD concat ('/ var/mailbox/',maildir) # mail directory for virtual users

Courier-authlib provides SysV service scripts

[root@localhost ~] # cd / usr/src/courier-authlib-0.66.1/ [root@localhost courier-authlib-0.66.1] # cp courier-authlib.sysvinit / etc/rc.d/init.d/courier-authlib [root@localhost ~] # chmod 755 / etc/init.d/courier-authlib [root@localhost ~] # chkconfig-add courier-authlib [root@localhost ~] # chkconfig courier-authlib on [root@localhost ~] # service courier-authlib startStarting Courier authentication services: authdaemond

PS: using pstree-a, you can see that authdaemond has generated 11 processes, we have started 10, but there is one main process responsible for generating other processes.

Establish a virtual user mailbox directory

[root@localhost ~] # mkdir-pv / var/mailbox [root@localhost ~] # chown-R vmail / var/mailbox

PS: mailbox directory owner is vmail

Change SASL authentication mode to authdaemond

The SMTP authentication of Postfix needs to connect to authdaemon through Cyrus-SASL to obtain authentication information.

[root@localhost ~] # vim / usr/lib64/sasl2/smtpd.conf#pwcheck_method: saslauthd#mech_list: PLAIN LOGIN# Note the previous experiment uses the parameter pwcheck_method: authdaemondlog_level: 3mech_list:PLAIN LOGINauthdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket verified by SASL

Let Postfix support virtual users and virtual domains

[root@localhost ~] # vim / etc/postfix/main.cf#Virtual Mailbox Settings#virtual_mailbox_base = / var/mailbox # user mailbox directory (as defined by this parameter MYSQL_HOME_FIELD) virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf # is used for query Account information (SQL statement is defined in this configuration file Use extmail user) virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf # to query the virtual domain virtual_alias_domains = virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf # to query the user alias virtual_uid_maps = static:1001virtual_gid_maps = static:1001 # each virtual user is mapped to the system user vmailvirtual_transport = virtual # to specify MDA specialization Delivery agent virtual_mailbox_limit for virtual users = 20971520 # disk quota

Install Httpd

[root@localhost ~] # yum install httpd

Install extman

You need to use extmail.sql and init.sql in the docs directory under the source code extman directory to set up the database extmail

[root@localhost ~] # tar zxvf extman-1.1.tar.gz-C / usr/src/ [root@localhost ~] # cd / usr/src/extman-1.1/docs [root@localhost docs] # service mysqld restart [root@localhost docs] # mysql-u root

< extmail.sql[root@localhost docs]# mysql -u root < init.sql[root@localhost docs]# mysql -u root -B -e "show databases;"Databaseinformation_schemaextmailmysqltest #对于MySQL-5.1以后版本，其中的服务脚本extmail.sql执行会有语法错误，因为MySQL-5.1使用的默认存储引擎是MyISAM，而在MySQL-5.1之后使用的是InnoDB存储引擎。可先使用如下命令修改extmail.sql配置文件而后再执行修改方法如下： sed -i 's@TYPE=MyISAM@ENGINE=InnoDB@g' extmail.sql #这里我使用的是PRM包，所以MySQL是5.1版本的，不用修改SQL脚本。 这两个SQL脚本会创建extmail数据库和表，以及extmail、webman用户。所以需要授予用户extmail访问extmail数据库的权限（生产环境中extmail给select权限，因为它只需要检索用户即可）。同时这里的密码设置为extmail同上面的配置文件一样，不然都要改。 mysql>

GRANT all privileges on extmail.* TO extmail@localhost IDENTIFIED BY 'extmail';mysql > GRANT all privileges on extmail.* TO extmail@127.0.0.1 IDENTIFIED BY' extmail';mysql > flush privileges

Copy Postfix files from Extman that support virtual users and virtual domains and connect to mysql

[root@localhost ~] # cd / usr/src/extman-1.1/docs [root@localhost docs] # cp mysql_virtual_mailbox_maps.cf / etc/postfix/ [root@localhost docs] # cp mysql_virtual_domains_maps.cf / etc/postfix/ [root@localhost docs] # cp mysql_virtual_alias_maps.cf / etc/postfix/ [root@localhost docs] # cp mysql_virtual_limit_maps.cf / etc/postfix/

Open a file and have a look

[root@localhost ~] # cat / etc/postfix/mysql_virtual_domains_maps.cfuser = extmailpassword = extmailhosts = localhostdbname = extmailtable = domainselect_field = domainwhere_field = domainadditional_conditions = AND active ='1'

PS: therefore, the account password in the mysql authentication configuration file / etc/authmysqlrc needs to be used in many places, and all must be modified uniformly in the production environment.

Cancel the previously configured central domain

When using a virtual domain, you need to cancel the use of the central domain, myhostname, mydomain, myorigin, and mydestination, so the parameters that need to be added to the main.cf configuration file are as follows:

[root@localhost ~] # vim / etc/postfix/main.cf#Center Domain Settings#mynetworks = 127.0.0.0/8#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain#myhostname = smtp.ywnds.com#mydomain = ywnds.com#myorigin = $mydomain#home_mailbox = Maildir/

Configure Dovecot based on MySQL authentication

[root@localhost ~] # vim / etc/dovecot/dovecot.conf#Ssl = no#disable_plaintext_auth = no#mail_location = maildir:~/Maildir# comment out the lines of data that have just been added in the dovecot main configuration file / etc/dovecot/dovecot.conf [root@localhost ~] # vim / etc/dovecot/conf.d/10-mail.confmail_location = maildir:/var/mailbox/%d/%n/Maildir # add the extraction of the specified message on this line Location [root@localhost ~] # vim / etc/dovecot/conf.d/10-auth.confdisable_plaintext_auth = no # enable plaintext authentication (you can choose to turn this parameter off in the dovecot.conf configuration file) auth_mechanisms = plain login # support authentication method #! include auth-system.conf.ext # cancel default system verification! include auth-sql.conf.ext # enable mysql authentication # auth_verbose = yes # authentication detail log Debugging can open [root@localhost ~] # vim / etc/dovecot/conf.d/auth-sql.conf.extpassdb {driver = sql # args = / etc/dovecot/dovecot-sql.conf.ext args = / etc/dovecot/dovecot-sql.conf} userdb {driver = sql # args = / etc/dovecot/dovecot-sql.conf.ext args = / etc/dovecot/dovecot-sql.conf}

PS: the MySQL authentication file specifies that the user's account number and password need to be fetched from the database through the / etc/dovecot/dovecot-sql.conf file.

[root@localhost ~] # vim / etc/dovecot/dovecot-sql.confdriver = mysqlconnect = host=localhost dbname=extmail user=extmail password=extmaildefault_pass_scheme = CRYPTpassword_query = SELECT username AS user,password AS password FROM mailbox WHERE username ='% u'user_query = SELECT maildir,uidnumber AS uid,gidnumber AS gid FROM mailbox WHERE username ='% u' explain: Driver # Dovecot uses its own driver connection MySQLConnect # to connect to the local mysql; database extmail; user extmail; password extmail. # Note: if the mysql server is the local host, that is, host=localhost, if the mysql.sock file is not the default / var/lib/mysql/mysql.sock, you can use host= "path to the sock file" to specify the new location; # for example, the sock file location of the MySQL installed in the general binary format is / tmp/mysql.sock, accordingly, connect should define connect = host=/tmp/mysql.sock dbname=extmail user=extmail password=extmail as follows. Default_pass_scheme # indicates that our password is encrypted to store Password_query # find password query which field User_query # find account query which field PS:dovecot also provides such a configuration file template at / usr/share/doc/dovecot-2.0.9/example-config/dovecot-sql.conf.ext

Start all services

[root@localhost ~] # service dovecot restart [root@localhost ~] # service postfix restart [root@localhost ~] # service courier-authlib restart [root@localhost ~] # service mysqld restart

Test virtual user

[root@localhost] # / usr/local/courier-authlib/sbin/authtest-s login postmaster@extmail.org extmailAuthentication succeeded. The above is all the contents of the article "sample Analysis of Postfix Virtual users and Virtual domains in Linux". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.