Postfix与MySQL的虚拟域配置

Postfix + mysql + postfixadmin + dovecot

Os: Openbsd
dependence:
    apache,php,mysql,postfix,postfixadmin,dovecot,mailscanner, clamav

apache+php+postfixadmin来做后台的数据库管理
mysql和dovecot用于认证用户
mailscanner, clamav用作垃圾邮件的过滤和病毒扫描

1. install apache with php support

2. install mysql

#groupadd mysql
#useradd -g mysql mysql
#gunzip #cd mysql-VERSION
#./configure --prefix=/usr/local/mysql
#make
#make install
#cp support-files/my-medium.cnf /etc/my.cnf
#cd /usr/local/mysql
#chown -R mysql .
#chgrp -R mysql .
#bin/mysql_install_db --user=mysql

(you can see the following information here:
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/local/mysql/bin/mysqladmin -u root password 'new-password'
/usr/local/mysql/bin/mysqladmin -u root -h xia.gfed.net password 'new-password'
See the manual for more instructions.
You can start the MySQL daemon with:
cd /usr/local/mysql ; /usr/local/mysql/bin/mysqld_safe &

)

chown -R root .
chown -R mysql var
bin/mysqld_safe --user=mysql &

3.install postfixadmin
unzip postfixadmin-[version].tar.gz to your Apache DocumentRoot folder.

#tar zxvf postfixadmin-[version].tar.gz
#mv postfixadmin-[version] postfixadmin
or
#ln -s postfixadmin-[version] postfixadmin

Create database for postfixadmin
#mysql -u root -p

to check if database was created:
#mysql -u root
>show databases;

if you can see a database named "postfix". it means database is ready.

用户可以通过http://xxxx.xxx.xxx.xxx/postfixadmin/admin进入配置页面，这很不安全，所以用认证的方式来进行访问控制

modify apache configuration file (httpd.conf) for postfixadmin, add following lines into it:

Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
AuthName "Postfixadmin Access"
AuthType Basic
AuthUserFile /usr/local/httpd/conf/htpasswd.users
Require valid-user

to build httpasswd.users file, this is tha authz file for each users:
htpasswd -c /usr/local/httpd/conf/htpasswd.users postfixadmin

#cp config.inc.php.sample to config.inc.php

open your browser to open http://127.0.0.1/postfixadmin/
根据页面的提示， 将conf.inc.php.sample改名为conf.inc.php
然后将setup.php删除或者改名
remove ro rename setup.php
#rm setup.php
#mv setup.php setup.php_old

open your browser again to open http://127.0.0.1/postfixadmin/
now, create virtual domain and users

4.add vmail user and vmail
增加vmail用户和组，并指定uid和gid

# groupadd -g 5000 vmail
# useradd -g vmail -u 5000 -d /home/vmail -m vmail

#id vmail
uid=5000(vmail) gid=5000(vmail) groups=5000(vmail)

5,install dovecot and config it
安装dovecot，
usually, dovecot configuration file located in  /etc/dovecot or /etc/dovecot/dovecot.conf

dovecot.conf main strutcure below:

1st, we need to define protocol we want
2nd, setup protocol one by one
3rd, setup auth

we set imap and pop for example

example below:
#we use imap pop and imaps pops
protocols = imap imaps pop3 pop3s
#define imap
protocol imap {
  listen = 127.0.0.1
  ssl_listen = *
  imap_client_workarounds = outlook-idle delay-newmail
}
#disable plaintext
disable_plaintext_auth = yes
verbose_ssl = yes

first_valid_uid = 5000
last_valid_uid = 5000

#this mail_location is very important, you must setup it according to your setting.
mail_location = maildir:/home/vmail/%d/%u\@%d/
重要！！这里的格式是/home/vamil／domain名／用户名＠domainq名,需根据自己的来改变配置
#define pop3
protocol pop3 {
  pop3_uidl_format = %08Xu%08Xv
  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
  listen = 127.0.0.1
  ssl_listen = *
}

#define auth
#we use mysql to build virtual user, so we use mysql to do the auth
auth default {
  mechanisms = plain login

  passdb sql {
    args = /etc/dovecot/dovecot-sql.conf
  }
  userdb sql {
    args = /etc/dovecot/dovecot-sql.conf
  }
  userdb prefetch {
  }

edit /etc/dovecot/docecot-sql.conf

driver = mysql
cOnnect= host=localhost dbname=postfix user=root password=123456
default_pass_scheme = MD5
user_query = SELECT '/home/vmail/%d/%u' as home, 'maildir:/home/vmail/%d/%u' as mail, 5000 AS uid, 5000 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'
password_query = SELECT username as user, password, '/home/vmail/%d/%u' as userdb_home, 'maildir:/home/vmail/%d/%u' as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'

Now dovecot should works

6, config postfix

主要的文件为/etc/postfix/main.cf, 还有一个容易忽略的文件/etc/postfix/dynamicmaps.cf

请确保在dynamicmaps.cf中有下面这条与mysql相关的语句：
mysql   /usr/lib/postfix/dict_mysql.so          dict_mysql_open

edit /etc/postfix/main.cf
example below:

------------------------------------file start---------------------------------
## Base
myhostname = mail.huaxinit.com
mydomain = huaxinit.com
myorigin = $mydomain
biff = no
append_dot_mydomain = no
delay_warning_time = 4h

## VIRTUAL
## define virtual user
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 5000
virtual_transport = virtual
virtual_uid_maps = static:5000

## SASL
## use dovecot to do the auth
mtpd_sasl_auth_enable = yes
smtpd_sasl_security_optiOns= noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
broken_sasl_auth_clients = yes

## SSL/TLS
##enable ssl/tls
smtpd_tls_auth_Only= no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/postfix_smtp.key
smtpd_tls_cert_file = /etc/postfix/ssl/postfix_smtp.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

## Quota
#max mail size is 10M
message_size_limit = 104857600
virtual_mailbox_limit_inbox = no
virtual_mailbox_limit_override = yes
virtual_maildir_extended = yes
virtual_create_maildirsize = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit = 104857600

## Anti-spam, Anti-virus
header_checks = regexp:/etc/postfix/anti-spam/header_checks

6. Mailscanner and clamav
install mailscnner and clamav

edit /usr/local/etc/MailScanner/MailScanner.conf, make these line look like this example:

Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Virus Scanners = clamav
Use SpamAssassin = yes

make folders which Mailscanner need:

mkdir /var/spool/MailScanner
mkdir /var/spool/MailScanner/incoming
mkdir /var/spool/MailScanner/quarantine
chown postfix:postfix /var/spool/MailScanner/incoming
chown postfix:postfix /var/spool/MailScanner/quarantine
touch /usr/local/etc/MailScanner/rules/bounce.rules
chmod -R 777 /var/spool/postfix
cp /usr/local/etc/MailScanner/mcp/10_example.cf.sample /usr/local/etc/MailScanner/mcp/10_example.cf
cp /usr/local/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf.sample /usr/local/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf

then start Mailscanner

7. enable smtps (port 465)
edit /etc/postfix/master.cf

smtps     inet  n       -       -       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictiOns=permit_sasl_authenticated,reject

8. start your postfix and have fun