软讯网络 > 操作系统 > Linux > build mailserver hand by hand

【标题】：build mailserver hand by hand
【关键字】：build,mailserver,hand,by,hand
【来源】：http://blog.chinaunix.net/article.php?articleId=47104&blogId=6566

build mailserver hand by hand

OpenLDAP + Postfix + Courier-imap + Courier-Authlib + Courier-maildrop + Cyrus-SASL Installation Notes

I have made a test of mail server those days. And Choose OpenLdap as the data backend(stored the data of virtual domain, user info, user mail etc), Postfix as MTA, and Courier-IMAP as the IMAP/POP3 Server.

OpenLDAP + Postfix + Dovecot Installation Notes
I have made a test of mail server those days. And Choose OpenLdap as the data backend(stored the data of virtual domain, user info, user mail etc), Postfix as MTA, and Courier-IMAP as the IMAP/POP3 Server.

Introduction

This howto provide an instruction to build an mail server using postfix, dovecot, OpenLDAP, Dovecot, Phamm, Cyrus-SASL and SquirrelMail

I built this environment on an Fedora Core 2 system.

Requirements
The Requirements List
Support for virtual domains and users: a single server with one IP address can host email for users at abc.com, and def.net, etc.
Quota Support for SMTP and IMAP per user.
SMTP relaying for authenticated users.
SMTP over SSL (TLS).
Access to mail through IMAP over SSL, POP.
Centralized storage of domain and user information in LDAP.
Web based interface for managing users and domains allowing limited access (passwords) by users.
Forwarding (alias) entries for virtual domains.
Web-based mail interface

Todo
Anti-spam support.
Antivirus support.
Quota support per domain.
Auto Reply.
The Big Picture

There are so many schemas to be chosen to support the virtual domains support. It depends on the Web administration tools and web mail client choose. I have choose the schema from phamm project to reduce the work to setup this tool for setup the and maintenance the ldap data easily.

The phamm schema:

attributetype ( 1.3.6.1.4.1.22339.1.1.1 NAME 'postfixTransport'
DESC 'A string directing postfix which transport to use'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.22339.1.1.2 NAME 'accountActive'
DESC 'A boolean telling whether an account is active or not'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.22339.1.1.3 NAME 'lastChange'
DESC 'Time in unix time of last change in entry'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.22339.1.1.4 NAME 'vd'
DESC 'A virtual domain managed by Phamm'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.22339.1.1.5 NAME 'mailbox'
DESC 'The absolute path to the mailbox for a mail account in a non-default location'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.22339.1.1.6 NAME 'quota'
DESC 'A string that represents the quota on a mailbox'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.22339.1.1.7 NAME 'clearPassword'
DESC 'A separate text that stores the mail account password in clear text'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)

attributetype ( 1.3.6.1.4.1.22339.1.1.8 NAME 'maildrop'
DESC 'RFC822 Mailbox - mail alias'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.22339.1.1.9 NAME 'mailsource'
DESC 'Message source'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributetype ( 1.3.6.1.4.1.22339.1.1.10 NAME 'editAliases'
DESC 'A boolean telling whether a domain manager can edit Aliases'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.22339.1.1.11 NAME 'editAccounts'
DESC 'A boolean telling whether a domain manager can edit Accounts'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.22339.1.1.12 NAME 'editAV'
DESC 'A boolean telling whether a domain manager can edit Antivirus'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.22339.1.1.13 NAME 'delete'
DESC 'A boolean telling whether this item is marked for deletion'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.22339.1.1.14 NAME 'forwardActive'
DESC 'A boolean telling whether this item is using forward'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.22339.1.1.15 NAME 'maxDomain'
DESC 'A string that represents the max domain for a VirtualAdmin'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.22339.1.1.16 NAME 'maxMail'
DESC 'A string that represents the max mail for a VirtualAdmin'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.22339.1.1.17 NAME 'maxAlias'
DESC 'A string that represents the max alias for a VirtualAdmin'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.22339.1.1.18 NAME 'maxQuota'
DESC 'A string that represents the max quota for a VirtualAdmin'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.22339.1.1.19 NAME 'adminID'
DESC 'A string that represents the dn of admin domain'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.22339.1.1.20 NAME 'vdHome'
DESC 'The absolute path to the virtual domain home'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.22339.1.1.21 NAME 'otherTransport'
DESC 'A string directing postfix which transport to use'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.22339.1.1.22 NAME 'creationDate'
DESC 'Timestamp of creation'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.22339.1.1.23 NAME 'otherPath'
DESC 'This path to help any application'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

#
# Objects: 1.3.6.1.4.1.22339.1.2
#

objectclass ( 1.3.6.1.4.1.22339.1.2.1 NAME 'VirtualMailAccount'
SUP inetOrgPerson STRUCTURAL
DESC 'Mail account objects'
MUST ( mail $ vdHome $ mailbox $ accountActive $ lastChange $ delete )
MAY ( quota $ otherTransport $ creationDate ) )

objectclass ( 1.3.6.1.4.1.22339.1.2.2 NAME 'VirtualMailAlias'
SUP inetOrgPerson STRUCTURAL
DESC 'Mail aliasing/forwarding entry'
MUST ( mail $ maildrop $ accountActive $ lastChange )
MAY ( mailsource $ editAccounts $ creationDate ) )

objectclass ( 1.3.6.1.4.1.22339.1.2.3 NAME 'VirtualDomain'
SUP top STRUCTURAL
DESC 'Virtual Domain entry to be used with postfix transport maps'
MUST ( vd $ accountActive $ lastChange $ delete )
MAY ( postfixTransport $ description $ maxMail $ maxAlias $ maxQuota $ editAV $ adminID $ creationDate ) )

objectclass ( 1.3.6.1.4.1.22339.1.2.4 NAME 'VirtualForward'
SUP top AUXILIARY
DESC 'Forward setting for VirtualMailAccount'
MUST ( forwardActive )
MAY ( maildrop ) )

objectclass ( 1.3.6.1.4.1.22339.1.2.5 NAME 'VirtualAdmin'
SUP inetOrgPerson STRUCTURAL
DESC 'Virtual Admin entry'
MUST ( mail $ maxDomain $ accountActive $ lastChange )
MAY ( vd $ editAccounts ) )

objectclass ( 1.3.6.1.4.1.22339.1.2.6 NAME 'VirtualBackupDomain'
SUP top STRUCTURAL
DESC 'Virtual Backup Domain entry to be used for relay'
MUST ( vd $ accountActive $ lastChange $ delete )
MAY ( description ) )

objectclass ( 1.3.6.1.4.1.22339.1.2.7 NAME 'VirtualBackupMail'
SUP top AUXILIARY
DESC 'Virtual Backup Mail entry to be used for relay'
MUST ( mail $ accountActive $ lastChange )
MAY ( description ) )

objectclass ( 1.3.6.1.4.1.22339.1.2.8 NAME 'Yap'
SUP top AUXILIARY
DESC 'Yet another path'
MUST ( otherPath )
)

The architecture of the LDAP

Configuration of OpenLDAP
Please make sure that the OpenLDAP has been installed.
download phamm, the phamm schema will be used.
Copy the phamm.schema to the directory of openldap
modify the acl file of ldap.

The configure file of OpenLDAP as the follows.

The Schema

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/phamm.schema
include /etc/openldap/schema/ISPEnv2.schema
include /etc/openldap/schema/amavis.schema

backend bdb
database bdb

directory /var/lib/ldap/phamm
lastmod on
suffix dc=example,dc=com
rootdn cn=manager,dc=example,dc=com
rootpw i3yveIsxt9mSU
# specific for mail
index objectClass pres,eq
index mail eq,subinitial
index vd eq,pres

include /etc/openldap/phamm.acl

Notes: create the rootpw with the command slappasswd

The phamm.acl file as the follow.

Add the ldif file to the OpenLDAP, please refer to the phamm’s example file.

The Postfix Configuration

Main.cf
debug_peer_level = 2
#maildrop_destination_recipient_limit = 1
home_mailbox = Maildir/
ldap_bind_dn = cn=phamm,o=hosting,dc=example,dc=com
ldap_bind_pw = rhx
ldap_search_base = o=hosting,dc=example,dc=com
ldap_domain = dc=example,dc=com
ldap_server_host = localhost
ldap_server_port = 389

# transports
transport_server_host = $ldap_server_host
transport_search_base = $ldap_search_base
transport_query_filter =
(&(&(vd=%s)(objectClass=VirtualDomain))(accountActive=TRUE)(delete=FALSE))
transport_result_attribute = postfixTransport
transport_cache = no
transport_bind = yes
transport_scope = one
transport_bind_dn = $ldap_bind_dn
transport_bind_pw = $ldap_bind_pw

# aliases
aliases_server_host = $ldap_server_host
aliases_search_base = $ldap_search_base
aliases_query_filter =
(&(&(objectClass=VirtualMailAlias)(mail=%s))(accountActive=TRUE))
aliases_result_attribute = maildrop
aliases_bind = yes
aliases_cache = no
aliases_bind_dn = $ldap_bind_dn
aliases_bind_pw = $ldap_bind_pw

# VirtualForward
virtualforward_server_host = $ldap_server_host
virtualforward_search_base = $ldap_search_base
virtualforward_query_filter =
(&(&(objectClass=VirtualMailAccount)(mail=%s))(forwardActive=TRUE)(accountActive=TRUE)(delete=FALSE))
virtualforward_result_attribute = maildrop
virtualforward_bind = yes
virtualforward_cache = no
virtualforward_bind_dn = $ldap_bind_dn
virtualforward_bind_pw = $ldap_bind_pw

# Accounts
accounts_server_host = $ldap_server_host
accounts_search_base = $ldap_search_base
accounts_query_filter =
(&(&(objectClass=VirtualMailAccount)(mail=%s))(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE))
accounts_result_attribute = mailbox
accounts_cache = no
accounts_bind = yes
accounts_bind_dn = $ldap_bind_dn
accounts_bind_pw = $ldap_bind_pw

accountsmap_server_host = $ldap_server_host
accountsmap_search_base = $ldap_search_base
accountsmap_query_filter =
(&(&(objectClass=VirtualMailAccount)(mail=%s))(forwardActive=FALSE)(accountActive=TRUE)(delete=FALSE))
accountsmap_result_attribute = mail
accountsmap_cache = no
accountsmap_bind = yes
accountsmap_bind_dn = $ldap_bind_dn
accountsmap_bind_pw = $ldap_bind_pw

# transport_maps
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
transport_maps = hash:/etc/postfix/transport, ldap:gnarwl, ldap:transport
mydestination = $transport_maps, localhost, $myhostname, localhost.$mydomain,
$mydomain
virtual_maps = hash:/etc/postfix/virtual, ldap:virtualforward, ldap:aliases,
ldap:accountsmap

# virtual accounts for delivery
virtual_mailbox_base = /home/vmail/domains
virtual_mailbox_maps = ldap:accounts
virtual_minimum_uid = 101
virtual_uid_maps = static:10011
virtual_gid_maps = static:10011

local_recipient_maps = proxy:unix:passwd.byname, $alias_maps,
$virtual_mailbox_maps

Courier-autlib configuration.

Courier-IMAP
Courier-Maildrop

Troubleshooting
Phamm
Gnarwl
Cyrus-SASL

openldap log setup

/etc/syslog.conf
local4.* /var/log/openldap

authlib testing

authtest user@domain.com

filter?