우분투12 postfix-mysql mysql로 유저관리 설치
로빈아빠
본문
제목 우분투12 postfix-mysql mysql로 유저관리 설치
먼저 postfix, sasl2-bin 는 설치되어 있어야한다.
apt-get -y install postfix postfix-mysql postfix-doc
apt-get -y install libsasl2-2 libsasl2-modules libsasl2-modules-sql
apt-get -y libpam-mysql //libpam-smbpass
apt-get -y install courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl
## Create The MySQL Database For Postfix/Courier
phpmyadmin에서 mail DB 생성한다.
MYSQL_USERNAME mail_admin
MYSQL_PASSWORD mail_admin_password
MYSQL_DB mail
CREATE TABLE mail_domains (
domain varchar(50) NOT NULL,
PRIMARY KEY (domain) )
;
CREATE TABLE mail_forwardings (
source varchar(80) NOT NULL,
destination TEXT NOT NULL,
PRIMARY KEY (source) )
;
CREATE TABLE mail_users (
email varchar(80) NOT NULL,
password varchar(20) NOT NULL,
quota INT(10) DEFAULT '10485760',
PRIMARY KEY (email)
) ;
CREATE TABLE mail_transport (
domain varchar(128) NOT NULL default '',
transport varchar(128) NOT NULL default '',
UNIQUE KEY domain (domain)
) ;
### 테이블 설명
domain 테이블 : 가상 도메인 이름
domain
aaaaaaaa.org
forwarding 테이블: 포워딩으로 설정된 이메일 alias
source destination
info@aaaaaaaa.org sales@aaaaaaaa.org
user 테이블: 사용자 이메일과 암호화된 패스워드, quota의 기본 값은 10485760로 10Mb이다.
email password quota
sales@aaaaaaaa.org No9.E4skNvGa. ("secret" in encrypted form) 10485760
transport 테이블: 옵션으로 It allows to forward mails for single users, whole domains or all mails to another server.
domain transport
aaaaaaaa.org smtp:[1.2.3.4]
위 사례는 도메인 aaaaaaaa.org으로 오는 모든 메일이 smtp를 이용해 1.2.3.4로 전달한다.
the square brackets [] mean "do not make a lookup of the MX DNS record"
도메일 명을 이용하면 []를 사용하지 말라.
### Configure Postfix
postfix와 mysql의 통신은 127.0.0.1을 통해 이루어지고, mysqld 데몬에서 127.0.0.1주소와 바인딩을 해야한다.
vi /etc/mysql/my.cnf
bind-address = 127.0.0.1
/etc/init.d/mysql restart
Postfix와 mysql 설정을 위한 여섯개의 파일을 만든다.
혹은 첨부된 자료를 이용: postfix-mysq-cf.tar.bz2
#----------------------------------------
cat > /etc/postfix/mysql-virtual_domains.cf
user = mail_admin
password = mail_admin_password
dbname = mail
table = mail_domains
select_field = 'virtual'
where_field = domain
hosts = 127.0.0.1
cat > /etc/postfix/mysql-virtual_forwardings.cf
user = mail_admin
password = mail_admin_password
dbname = mail
table = mail_forwardings
select_field = destination
where_field = source
hosts = 127.0.0.1
cat > /etc/postfix/mysql-virtual_mailboxes.cf
user = mail_admin
password = mail_admin_password
dbname = mail
table = mail_users
select_field = CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
where_field = email
hosts = 127.0.0.1
cat > /etc/postfix/mysql-virtual_email2email.cf
user = mail_admin
password = mail_admin_password
dbname = mail
table = mail_users
select_field = email
where_field = email
hosts = 127.0.0.1
cat > /etc/postfix/mysql-virtual_transports.cf
user = mail_admin
password = mail_admin_password
dbname = mail
table = mail_transport
select_field = transport
where_field = domain
hosts = 127.0.0.1
cat > /etc/postfix/mysql-virtual_mailbox_limit_maps.cf
user = mail_admin
password = mail_admin_password
dbname = mail
table = mail_users
select_field = quota
where_field = email
hosts = 127.0.0.1
chmod o= /etc/postfix/mysql-virtual_*.cf
chgrp postfix /etc/postfix/mysql-virtual_*.cf
Now we create a user and group called vmail with the home directory /home/vmail. This is where all mail boxes will be stored.
groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /home/vmail -m
#----------------------------------------
위의 자료에서 select 구분형태로 바꾼것임
vi /etc/postfix/mysql-virtual_domains.cf
user = mail_admin
password = mail_admin_password
dbname = mail
query = SELECT domain AS virtual FROM mail_domains WHERE domain='%s'
hosts = 127.0.0.1
vi /etc/postfix/mysql-virtual_forwardings.cf
user = mail_admin
password = mail_admin_password
dbname = mail
query = SELECT destination FROM mail_forwardings WHERE source='%s'
hosts = 127.0.0.1
vi /etc/postfix/mysql-virtual_mailboxes.cf
user = mail_admin
password = mail_admin_password
dbname = mail
query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM mail_users WHERE email='%s'
hosts = 127.0.0.1
vi /etc/postfix/mysql-virtual_email2email.cf
user = mail_admin
password = mail_admin_password
dbname = mail
query = SELECT email FROM mail_users WHERE email='%s'
hosts = 127.0.0.1
vi /etc/postfix/mysql-virtual_transports.cf
user = mail_admin
password = mail_admin_password
dbname = mail
query = SELECT transport FROM mail_transport WHERE domain='%s'
hosts = 127.0.0.1
vi /etc/postfix/mysql-virtual_mailbox_limit_maps.cf
user = mail_admin
password = mail_admin_password
dbname = mail
query = SELECT quota FROM mail_users WHERE email='%s'
hosts = 127.0.0.1
mkdir -p /data
chmod o= /etc/postfix/mysql-virtual_*.cf
chgrp postfix /etc/postfix/mysql-virtual_*.cf
groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /data/vmail -m
#----------------------------------------
vmail 의 홈디렉토리는 메일이 저장되는 홈 디렉토리 이므로 적절한 공간에 위치해야 한다.
Postfix configuration
aaaaaaaa.org으로 해당 도메인으로 변경해서 설정을 진행한다.
mailbox_base를 변경하고자 하면 앞서 vmail 사용자 추가시 vmail의 홈디렉토리를 변경후 해당 디렉토리를 사용한다.
첨부 파일 참조: main.cf
아래 postconf 명령을 수행하거나, /etc/postfix/main.cf 를 수정해 넣는다.
postconf -e 'mydestination = $mydomain, $myhostname'
postconf -e 'mynetworks = 127.0.0.0/8'
postconf -e 'virtual_alias_domains ='
postconf -e 'virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf'
postconf -e 'virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf'
postconf -e 'virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf'
postconf -e 'virtual_mailbox_base = /data/vmail'
postconf -e 'virtual_uid_maps = static:5000'
postconf -e 'virtual_gid_maps = static:5000'
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_sasl_authenticated_header = yes'
postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf'
postconf -e 'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps'
##postconf -e 'virtual_overquota_bounce = yes'
##postconf -e 'virtual_create_maildirsize = yes'
##postconf -e 'virtual_mailbox_extended = yes'
##postconf -e 'virtual_mailbox_limit_override = yes'
##postconf -e 'virtual_maildir_limit_message = "The user you are trying to reach is over quota."'
##postconf -e 'virtual_maildir_extended = yes'
##postconf -e 'virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf'
Maildir 사용:
#postconf -e 'virtual_mailbox_extended = yes'
#----------------------------------------
6 Configure Saslauthd
vi /etc/default/saslauthd
Set START to yes 그리고, OPTIonS="-c -m /var/run/saslauthd" 을 아래와 같이 변경
START=yes
PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR} -r"
PIDFILE="${PWDIR}/saslauthd.pid"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
vi /etc/pam.d/smtp
auth required pam_mysql.so user=mail_admin passwd=mail_admin_password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
account sufficient pam_mysql.so user=mail_admin passwd=mail_admin_password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
vi /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: mail_admin
sql_database: mail
sql_passwd: mail_admin_password
sql_database: mail
sql_select: select password from mail_users where email = '%u'
#postfix 사용자를 sasl 그룹에 속하게 만들어 Postfix가 saslauthd를 접근하게 한다.
#adduser postfix sasl
#----------------------------------------
/etc/init.d/postfix restart
/etc/init.d/saslauthd restart
#----------------------------------------
7 Configure Courier
Courier를 MySql을 이용해 인증하게 설정한다.
vi /etc/courier/authdaemonrc
[...]
#authmodulelist="authpam"
authmodulelist="authmysql"
#DEBUG_LOGIN=0
DEBUG_LOGIN=2 <-- 디버그 용
[...]
vi /etc/syslog.conf
vi /etc/courier/authmysqlrc
#MYSQL_USERNAME admin
#MYSQL_PASSWORD admin
#MYSQL_DATABASE mysql
cp /etc/courier/authmysqlrc /etc/courier/authmysqlrc_orig
cat /dev/null > /etc/courier/authmysqlrc
vi /etc/courier/authmysqlrc
MYSQL_HOME 필드는 앞서 vmail의 홈 디렉토리, 즉 mail base의 디렉토리이다.
MYSQL_SERVER localhost
MYSQL_USERNAME mail_admin
MYSQL_PASSWORD mail_admin_password
MYSQL_PORT 0
MYSQL_DATABASE mail
MYSQL_USER_TABLE mail_users
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD 5000
MYSQL_GID_FIELD 5000
DEFAULT_DOMAIN aaaaaaaa.org
MYSQL_LOGIN_FIELD email
MYSQL_HOME_FIELD "/data/vmail"
MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
#----------------------------------------
#MYSQL_NAME_FIELD name <-- 막을것
MYSQL_QUOTA_FIELD quota
## 아니면
# 이것을 이렇게 바꾸어라. .2011-09-15 김성대
# MYSQL_LOGIN_FIELD substring_index(email,'@',1)
#MYSQL_CLEAR_PWFIELD password
Then restart Courier:
sudo /etc/init.d/courier-authdaemon restart
sudo /etc/init.d/courier-imap restart
sudo /etc/init.d/courier-imap-ssl restart
sudo /etc/init.d/courier-pop restart
sudo /etc/init.d/courier-pop-ssl restart
#----------------------------------------
Pop3 연결 테스트
telnet localhost pop3
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
+OK Hello there.
quit
+OK Better luck next time.
Connection closed by foreign host.
vi /etc/aliases
postmaster가 root를 가르키게 한다.
[...] postmaster: root
root: user_id@aaaaaaaa.org [...]
우분투, 데비안의 경우 sudo 사용자로 root가 지정되어 있다.
혹은 root: administrator 형식도 괜잖다.
$sudo newaliases
sudo /etc/init.d/postfix restart
#----------------------------------------
12 Test Postfix
Postfix 가 SMTP-AUTH 와 TLS로 준비되었는지 점거.
telnet localhost 25
...
ehlo localhost
250-gtko-ubuntu.bukwang
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH CRAM-MD5 NTLM DIGEST-MD5 LOGIN PLAIN
250-AUTH=CRAM-MD5 NTLM DIGEST-MD5 LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
...
quit
pop3 확인
$ telnet localhost pop3
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK Hello there.
user xxxxxxxxxx
+OK Password required.
pass 1234
+OK logged in.
imap 확인
$ telnet localhost imap
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION] Courier-IMAP ready. Copyright 1998-2005 Double Precision, Inc. See COPYING for distribution information.
imap login
imap OK LOGIN Ok.
13 Populate The Database And Test
사용자를 DB에 추가해 테스트 한다.
domains and users:
INSERT INTO `domains` (`domain`) VALUES ('bukwang');
INSERT INTO users(`email`, `password`, `quota`) VALUES ('gtko@bukwang', ENCRYPT('012345'), 10485760);
forwarding and transport 에 대한 설정이 필요하면
INSERT INTO `forwardings` (`source`, `destination`) VALUES ('info@aaaaaaaa.org', 'sales@aaaaaaaa.org');
INSERT INTO `transport` (`domain`, `transport`) VALUES ('aaaaaaaa.org', 'smtp:mail.aaaaaaaa.org');
The forwardings table can have entries like the following:
source destination
info@aaaaaaaa.org sales@aaaaaaaa.org Redirects emails for info@aaaaaaaa.org to sales@aaaaaaaa.org
@aaaaaaaa.org thomas@aaaaaaaa.org Creates a Catch-All account for thomas@aaaaaaaa.org. All emails to aaaaaaaa.org will arrive at thomas@aaaaaaaa.org, except those that exist in the users table (i.e., if sales@aaaaaaaa.org exists in the users table, mails to sales@aaaaaaaa.org will still arrive at sales@aaaaaaaa.org).
@aaaaaaaa.org @anotherdomain.tld This redirects all emails to aaaaaaaa.org to the same user at anotherdomain.tld. E.g., emails to thomas@aaaaaaaa.org will be forwarded to thomas@anotherdomain.tld.
info@aaaaaaaa.org sales@aaaaaaaa.org, billing@anotherdomain.tld Forward emails for info@aaaaaaaa.org to two or more email addresses. All listed email addresses under destination receive a copy of the email.
The transport table can have entries like these:
domain transport
aaaaaaaa.org : Delivers emails for aaaaaaaa.org locally. This is as if this record would not exist in this table at all.
aaaaaaaa.org smtp:mail.anotherdomain.tld Delivers all emails for aaaaaaaa.org via smtp to the server mail.anotherdomain.com.
aaaaaaaa.org smtp:mail.anotherdomain.tld:2025 Delivers all emails for aaaaaaaa.org via smtp to the server mail.anotherdomain.com, but on port 2025, not 25 which is the default port for smtp.
aaaaaaaa.org
smtp:[1.2.3.4]
smtp:[1.2.3.4]:2025
smtp:[mail.anotherdomain.tld]
The square brackets prevent Postfix from doing lookups of the MX DNS record for the address in square brackets. Makes sense for IP addresses.
.aaaaaaaa.org smtp:mail.anotherdomain.tld Mail for any subdomain of aaaaaaaa.org is delivered to mail.anotherdomain.tld.
* smtp:mail.anotherdomain.tld All emails are delivered to mail.anotherdomain.tld.
joe@aaaaaaaa.org smtp:mail.anotherdomain.tld Emails for joe@aaaaaaaa.org are delivered to mail.anotherdomain.tld.
Please keep in mind that the order of entries in the transport table is important! The entries will be followed from the top to the bottom.
Important: Postfix uses a caching mechanism for the transports, therefore it might take a while until you changes in the transport table take effect. If you want them to take effect immediately, run
postfix reload
after you have made your changes in the transport table.
14 Send A Welcome Email For Creating Maildir
When you create a new email account and try to fetch emails from it (with POP3/IMAP) you will probably get error messages saying that the Maildir doesn't exist. The Maildir is created automatically when the first email arrives for the new account. Therefore it's a good idea to send a welcome email to a new account.
First, we install the mailx package:
apt-get install mailx
To send a welcome email to sales@aaaaaaaa.org, we do this:
mailx sales@aaaaaaaa.org
You will be prompted for the subject. Type in the subject (e.g. Welcome), then press ENTER, and in the next line type your message. When the message is finished, press ENTER again so that you are in a new line, then press CTRL+D; if you don't want to cc the mail, press ENTER again:
root@server1:/usr/local/sbin# mailx sales@aaaaaaaa.org
Subject: Welcome <-- ENTER
Welcome! Have fun with your new mail account. <-- ENTER
<-- CTRL+D
Cc: <-- ENTER
세팅이 다 끝난 후에 썬더버드등 을 통하여 메일을 보낼 때 보내고 받는 것에는 이상이 없지만 인증서와 관련하여 창이 계속 뜬다.
그것을 해결 하기 위해서는 먼저 /etc/courier/ 밑에 있는 imapd.cnf 파일을 알맞게 수정하여 준다.]
(작업 과정 중에 혹시 있을 일을 대비하여 복사본을 만들어 놓은 후 작업을 한다.)
cd /etc/courier
cp imapd.cnf imapd.cnf.orig
cp impad.pem imapd.pem.orig
vi imapd.cnf
[ req_dn ]
C=US ex) KO
ST=NY ex) SE ,SEOUL , KYUNGKIDO...
L=New York ex) SEOUL ,POCHUN , DONGJAKGU ....O=Courier Mail Server ex) Embedin CO.
댓글목록
등록된 댓글이 없습니다.