Openldap+Postfix+courier-imap+FreeBSD实现邮件服务(v1.1)
注:本文参照网上http://annapolislinux.org/docs/plc/postfix-courier-howto.txt这篇文章,在FreeBSD系统上进行实现,该文章可自由发布/修改,但在发布时请注明出处,谢谢合作。
name:zhangluoer
QQ:36752833
E-mail:zhangluoer@eyou.com
##########
#
install Openldap
##########
A》Openldap install
#cd /usr/ports/net/openldap21-server
#make install
#make clean
经过上面的动作,FreeBSD已经将openldap安装在系统上。就这么简单比在linux下安装软件要容易的多了。
B》Configure Openldap
1> Edit /usr/local/etc/openldap/ldap.conf
#used by (server) ldap client programs
#to connect to the ldap server
BASE dc=mycoll, dc=edu
HOST localhost
pam_crypt local
2>Edit /usr/local/etc/openldap/slapd.conf
这个配置文件不应该让同组和其它人看到,顾应设属性为 0700
include /etc/usr/local/openldap/shcema/core.schema
include /etc/usr/local/openldap/shcema/cosine.schema
include /etc/usr/local/openldap/shcema/nis.schema
include /etc/usr/local/openldap/shcema/inetorgperson.schema
# courier imap
include /etc/usr/local/openldap/shcema/authldap.schema
# postfix qmail
include /etc/usr/local/openldap/shcema/qmail.schema
注:authldap.shcema和qmail.schema系统中自带的是没有这两个文件的,所以可以到网上去下载这两个文件,但要注意下载后文件的格式如果不正确(一小点格式问题)就会在配置时不通过。特别是从windows下载后在FreeBSD中进行使用。
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
moduleload back_ldap.la
#prevents user froom looking at passwords
access to attr=userpassword,clearpassword
by anonymous auth
by self write
by dn="cn=admin,dc=365,dc=net" write
by dn="cn=courier,dc=365,dc=net" read
by * none
#files need access to this
access to attr=accountstatus
by dn="cn=admin,dc=365,dc=net" read
by dn="cn=courier,dc=365,dc=net" read
access to *
by dn="cn=admin,dc=365,dc=net" write
by users read
by self write
by * none
注:上面的格式同样重要,所有的“by……”语句前必须有一个tab制表位,我就是当初没有加上这个东西,让我找了半天毛病。
databate bdb
suffix "dc=365,dc=net"
rootdn "cn=admin,dc=365,dc=net"
rootpw secret
directory /usr/db/openldap-data
replogfile /usr/db/replication.log
loglevel 0
index cn,sn,mail,uid eq
index objectclass eq
3>Run Openldap
# cd /usr/local/libexec
# ./slapd
4>Add your Openldap data
Data in an LDAP database goes in Top down.You have to define the top level organization first before moving on. (这是一个技巧,就是当添加内容的时候,不要在文件的末尾添加,最好在文件的开头添加,这样的好处是不会碰上记录已经存在的问题。自己做时比较一下就会明白。)
# vi 365.net.ldif
dn:dc=365,dc=net
objectclass:dcobjectclass
objectclassrganization
dc=365
o:365
description:Top level of directory
dn:cn=admin,dc=365,dc=net
jectclassrganizationalRole
cn:admin
scriptionirectory Manager
scription:top level of the directory
dnu=people,dc=365,dc=net
objectclass:top
objectclassrganizationunit
ou:people
descritpion:people within 365.net (people information)
dnu=mailaccounts,dc=365,dc=net
objectclass:top
objectclassrganizationalunit
ou:mailaccounts
description:people with mallaccounts at 365.net
dn:cn=courier,dc=365,dc=net
objectclass:person
cn:courier
sn:courier
userpassword:yoursecret
description:courier daemons
dn:cn=postfix,dc=365,dc=net
objectclass:person
cn:postfix
:postfix
erpassword:yoursecret
scription:postfix daemons
注:上面是openldap中的基本结构,根目录为365.net,目录中有三个用户:admin、postfix、courier;两个容器: people、mailaccounts(其中people中存放个人资料,mailaccounts中存放用户的邮箱信息。)
365.net admin 、postfix 、courier
|
|___people zhxh、………还有更多的用户信息(比如:电话,邮编等)
|
|___ mailaccounts zhxh、………其它更多的用户邮箱信息
#ldapadd -W -D "cn=admin,dc=365,dc=net" -f 365.net.ldif -x
#vi first.ldif
dn:uid=zhxh,ou=mailaccounts,dc=365,dc=net
uid:zhxh
cn:zhxh
sn:zhxh
mail:zhxh@365.net
uidnumber:1001
gidnumber:1001
mailhost:mail.365.net
homedirectory:/home/zhxh/
mailmessagestore:/home/zhxh/maildir/
mailquota:200000000s,20000c
mailbox:zhxh/maildir/
objectclass:qmailuser
objectclass:couriermailaccount
objectclass:person
#ldapadd -W -D "cn=admin,dc=365,dc=net"
###########
#install postfix
###########
A》postfix install
# cd /usr/ports/mail/postfix-current
# make install
# make clean
B》configure postfix
# vi /usr/local/etc/postfix/main.cf
biff=no
smtp_banner=$myhostname Esmtp No NCE
debug_peer_level=2
delay_warning_time=4
command_directory=/usr/local/sbin
config_directory=/usr/local/etc/postfix
daemon_directory=/usr/local/libexec/postfix
mail_owner=postfix
myhostname=ldap.365.net
mydomain=365.net
myorigin=$mydomain
mydestion=$myhostname,$mydomain,localhost.$mydomain
mynetworks=127.0.0.0/8
masquerade_domain=$mydomain
masquerade_exceptions=root,mailer_daemon,postmaster
local_transport=virtual
local_recipient_maps=$virtual_mailbox_maps
virtual_mailbox_maps=ldap:ldapsource
recipient_limit=1
message_size_limit=10280000
mailbox_size_limit=20480000
virtual_uid_maps=ldap:ldapuid
virtual_gid_maps=static:1001
virtual_recipient_size_limit=200000000s,20000c
virtual_minimum_uid=500
virtual_mailbox_base=/home/
virtual_result_attribute=mailbox
virtual_mailbox_maps=ldap:ldapsource
virtual_maildir_extended=yes
ldapuid_timeout=10
ldapuid_server_host=ldap.365.net
ldapuid_server_port=389
ldapuid_search_base=ou=mailaccounts,dc=365,dc=net
ldapuid_domain=365.net
ldapuid_query_filter=(&(mail=%s)(accountstatus=active))
ldapuid_result_attribute=uidnumber
ldapuid_bind=yes
ldapuid_bind_dn=cn=postfix,dc=365,dc=net
ldapuid_bind_pw=yoursecret
ldapsource_timeout=10
ldapuid_server_host=ldap.365.net
ldapuid_server_port=389
ldapuid_search_base=ou=mailaccounts,dc=365,dc=net
ldapuid_domain=365.net
ldapuid_query_filter=(&(mail=%s)(accountstatus=active))
ldapuid_result_attribute=mailbox
ldapuid_bind=yes
ldapuid_bind_dn=cn=postfix,dc=365,dc=net
ldapuid_bind_pw=yoursecret
#some basic restrictions for SMTP Doucmented in the postfix document
smtpd_dient_restrictions=
smtpd_helo_restrictions=
smtp_sender_restrictions=
#classic way to configure postfix to user Pop-before-smtp
smtpd_reciplent_restrictions=permit_mynetworks,
reject_non_fqdn_recipient,
check_client_access hash:/var/lib/pop-before-smtp/hosts,
check_relay_domain,
reject_unauth_pipelining,
reject_non_fqdn_recipient,
permit_mynetworks,
reject_unknow_sender_domain,
reject_unknow_recipient_domain
reject_unauth_destination,
reject_invialid_hostname,
reject_non_fqdn_hostname,
permit
##########
#install courier-imap
##########
A》courier-imap install
#cd /usr/ports/mail/courier-imap
#make -DWITH_LDAP21
#make install
#make clean
B》configure courier-imap
#vi /usr/local/etc/courier-imap/imapd
ADDRESS=0
PORT=143
MAXDAEMONS=1000
MAXPERIP=8
PIDFILE=/var/run/courier-imap/imap.pid
TCPDOPTS="-nodnslookup -noidentlookup"
AUTHMODULES="authdaemon"
AUTHMODULES_ORIG="authdaemon"
IMAP_CAPABILITY="IMAPrevl CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT"
IMAP_CAPABILITY_ORIG="IMAPrevl CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT AUTH=CRAM_MD5 AUTH=CRAM-SHAL IDLE"
IMAP_IDLE_TIMEOUT=60
IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"
IMAP_DISABLETHREADSORT=0
IMAP_CHECK_ALL_FOLDERS=0
IMAP_OBSOLETE_CLIENT=0
IMAP_ULIMITD=65536
IMAP_USELOCKS=0
IMAP_EMPTYTRASH=Trash:1
IMAP_MOVE_EXPUNGE_TO_TRASH=1
IMAPDSTART=YES
注:上面的文字可能与原文件有些出入,但大部分都可以按照默认设置就可以了。不必太在意各别的单词。
#vi /usr/local/etc/courier-imap/authdaemonrc
authmodulelist="authldap"
authmodulelistorig="authcustom authcram authuserdb authldap authmysql
authpam"
daemons=5
version=""
authdaemonvar=/usr/local/var/courier-imap/authdaemon
#vi /usr/local/etc/courier-imap/authldaprc
LDAP_SERVER ldap.365.net
LDAP_PORT 389
LDAP_BASEDN ou=mailaccounts,dc=365,dc=net
LDAP_BINDDN cn=courier,dc=mycoll,dc=
LDAP_BINDPW yoursecret
LDAP_TIMEOUT 15
LDAP_MAIL mail
LDAP_DOMAIN mycoll.edu
LDAP_GLOB_GID vmail
LDAP_HOMEDIR homeDirectory
LDAP_MAILDIR mailDir
LDAP_MAILDIRQUOTA maildirQuota
LDAP_FULLNAME cn
LDAP_CRYPTPW userPassword
LDAP_UID uidNumber
LDAP_DEREF never
LDAP_TLS 0
仓促中做成此文,其中不乏有错文档中难勉有疏漏之处,不对的地方,还请不吝赐教。可以发邮件或留言。以后我会对它进行修改的,也希望大家能在FreeBSD上实现这个电子邮件系统。
以上的内容还会不定期进行修改,多多指教。
当初之所以会选择这个邮件系统的搭配,主要是以下的原因可以看这篇文章。
http://chinaunix.net/forum/viewtopic.php?t=145768&highlight=zhangluoer