最近几天,我测试了一套openwebmail的webmail邮件服务器软件,该软件自由免费,对于一些中小型的公司做邮件系统比较合适,并且,功能还算比较齐全,所以,顺便将安装笔记整理了一下,以便让即将建设邮件系统的网络管理员们能够比较顺利的完成该系统的设置工作!!
另外,本人在安装过程中参考了部分网上资料,在此向他们表示感谢!!
系统环境:redhat 8.0
Open WebMail 基本安裝需求 :
sendmail-8.12.9-rbt.rh8.0.i386.rpm
sendmail-8.12.9-rbt.rh8.0.i386.rpm
imap-2001a-15.i386.rpm
perl-5.8.0-55.i386.rpm
cyrus-sasl-1.5.28.tar.gz
apche-1.3.26.tar.gz
CGI.pm-2.74.tar.gz
MIME-Base64-2.12.tar.gz
Text-Iconv-1.2.tar.gz
Authen-PAM-0.12.tar.gz
openwebmail-2.10.tgz
redhat8默认安装的是sendmail8.12.5 ,本测试环境中选择最新版本sendmail-8.12.9 所以先卸载旧版本:
rpm -e sendmail-8.12.5
一、安装sendmail+sasl支持:
1、安装认证库
如果先前已经安装有旧版本的 Cyrus SASL 请先将其移除,方法是手工删除/usr/lib/sasl或/usr/local/lib/sasl目录。
安装过程如下:
#cd /home/test
#tar xvfz cyrus-sasl-1.5.28.tar.gz
# cd cyrus-sasl-1.5.28
# ./configure -prefix=/usr --enable-login --with-pwcheck
# make
# make install
安装完成后,建立一个/var/pwcheck目录,pwcheck程序要用此目录。
接下来必须设置 sendmail 的使用者身分查验方式,这里使用系统帐号与密来进行验证:
安装结束以后,因为默认的安装路径为/usr/local/lib ,所以将认证库拷贝到/usr/lib中(openwebmail默认路径为/usr/lib)
# cp /usr/local/lib/lib* /usr/lib
# ln -s /usr/local/lib/sasl2 /usr/lib/sasl
# cd /usr/lib/sasl
# echo "pwcheck_method:pwcheck" > Sendmail.conf
2、安装sendmail :
# cd /home/test
# rpm -Uvh sendmail*.rpm
生成sendmail.cf文件,一般是编译sendmail.mc来生成sendmail.cf,这样的好处是通过编译,会查看出一些sendmail的设置错误
和漏洞。
# cd /etc/mail
# vi sendmail.mc (我的sendmail.mc内容如下)
divert(-1)dnl
dnl #
dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl # make -C /etc/mail
dnl #
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for Red Hat Linux')dnl
OSTYPE(`linux')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST',`smtp.your.provider')
dnl #
define(`confDEF_USER_ID',``8:12'')dnl
define(`confTRUSTED_USER', `smmsp')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl #
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
DAEMON_OPTIONS(`Port=25,Name=MTA')dnl
DAEMON_OPTIONS(`Port=587,Name=MSA,M=Ea')dnl
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl # make -C /usr/share/ssl/certs usage
dnl #
dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')
dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl # NOTE: binding both IPv4 and IPv6 daemon to the same port requires
dnl # a kernel patch
dnl #
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
dnl FEATURE(`accept_unresolvable_domains')dnl
dnl #
dnl FEATURE(`relay_based_on_MX')dnl
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl #
LOCAL_DOMAIN(`localhost.localdomain')dnl
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
dnl MASQUERADE_AS(`mydomain.com')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
dnl FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
dnl FEATURE(masquerade_entire_domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
其中:TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
将注视去掉,打开相应的认证机制,主要是为了支持outlook或foxmail ;
DAEMON_OPTIONS(`Port=25,Name=MTA')dnl
DAEMON_OPTIONS(`Port=587,Name=MSA,M=Ea')dnl
是添加的,设置相应的mta and msa的所用端口;
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
dnl FEATURE(`accept_unresolvable_domains'
要注掉, 允许通过网络连接Sendmail,并禁止不可解析的域名relay邮件 ;
最后保存。
3、编译sendmail.mc 生成sendmail.cf文件
# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
# echo "chinafood.org" > local-host-names
# sendmail -bd -q20m (启动sendmail)
# pwcheck & (启动认证程序)
二、检测结果。
1、检测SASL是否工作
#telnet localhost 25
输出类似如下:
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 chinafood.chinafood.org ESMTP Sendmail 8.12.9/8.12.9; Mon, 14 Jul 2003 14:37:27 +0800
ehlo chinafood.org
250-chinafood.chinafood.org Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 2000000
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
quit (退出)
只要输出有LOGIN PLAIN就OK!了;
到这里,sendmail就配置完了,你可以添加一个用户试试看,邮件用户是系统用户,如:
#useradd test
#passwd test (设置密码)
设置你的foxmail or outlook,要设置上用户需要smtp认证。
三、pop3安装。
redhat8.0中有它的rpm包,是imap-2001a-15.i386.rpm
# rpm -ivh imap-2001a-15.i386.rpm
修改/etc/xinetd.d/ipop3
把其中disable =yes更改为disable =no
# /etc/rc.d/init.d/xinetd restart --重起pop3服务
[root@fyhtest xinetd.d]# telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK POP3 localhost v2001.78rh server ready
有以上显示,为正确。
四:安装openwebmail:
1、编译apache
#cd /home/test
# tar xzvf apache_1.3.26.tar.gz
# cd apache_1.3.26
# ./configure --prefix=/usr/httpd --enable-module=most --enable-shared=max
# make
# make install
然后设置站点,并修改如下行:
DocumentRoot "/usr/httpd/htdocs"
ScriptAlias /cgi-bin/ "/usr/httpd/cgi-bin/"
AddHandler cgi-script .cgi .pl
2、安装其他软件:
perl:
# rpm -Uvh perl-5.8.0-55.i386.rpm
CGI.pm:
# tar xzvf CGI.pm-2.74.tar.gz
# cd CGI.pm-2.7.4
# perl Makefile
# make
# make install
一下软件安装方法相同,在此不再介绍:
MIME-Base64-2.12.tar.gz
Text-Iconv-1.2.tar.gz
Authen-PAM-0.12.tar.gz
openwebmail安装配置:
# tar xzvf openwebmail-2.10.tgz
# cp -R cgi-bin /usr/httpd/
# cd data
# cp -R openwebmail /usr/httpd/htdocs
# chmod -R 755 /usr/httpd/cgi-bin
# chmod 4755 /usr/sbin/perl (设置perl的suid为)
# ln -s /usr/sbin/perl /usr/sbin/suidperl (openwebmail默认用suidperl解释)
1、修改:/usr/httpd/cgi-bin/openwebmail/auth_unix.pl文件:
my $unix_passwdfile_plaintext="/etc/passwd";
my $unix_passwdfile_encrypted="/etc/shadow";
my $unix_passwdmkdb="none";
2、修改 /usr/httpd/cgi-bin/openwebmail/etc/openwebmail.conf (我的文件内容如下)
domainnames auto
auth_module auth_unix.pl
mailspooldir /var/spool/mail
dbm_ext .db
dbmopen_ext %dbm_ext%
dbmopen_haslock no
ow_cgidir /usr/httpd/cgi-bin/openwebmail
ow_cgiurl /cgi-bin/openwebmail
ow_htmldir /usr/httpd/htdocs/openwebmail
ow_htmlurl /openwebmail
logfile /var/log/openwebmail.log
spellcheck /usr/bin/ispell
<default_signature>
--
Open WebMail Project (http://openwebmail.org)
</default_signature>
然后运行/usr/httpd/cgi-bin/openwebmail/openwebmail-tool.pl --init
并启动apache:
/usr/httpd/bin/apachectl start
到此,你可以浏览一下看安装是否成功:http://youdomain/cgi-bin/openwebmail/openwebmail.pl
如我的地址:http://211.154.167.60/cgi-bin/openwebmail/openwebmail.pl