[筆記] CentOS 6.6 + iRedmail 0.9.4 + postfixadmin 安裝筆記
本文于1160天之前發表,文章內容可能已經過時。
系統基礎設定
Clone from a fresh new install CentOS 6.6 in vmware
power on
新增DNS 伺服器 vi /etc/resolv.conf 刪除內容 新增以下資料 nameserver 168.95.1.1 nameserver 8.8.8.8 nameserver 8.8.4.4
啟動網路卡 cp /etc/sysconfig/network-scripts/ifcfg-eth2 /etc/sysconfig/network-scripts/ifcfg-eth3 vi /etc/sysconfig/network-scripts 刪除 MAC 修改底下的設定 BOOTPROTO=static
IPADDR=192.168.10.220
NETMASK=255.255.255.0 vi /etc/sysconfig/network NETWORKING=yes
HOSTNAME=iredmail
GATEWAY=192.168.10.246
service network restart
修改時區 yum install ntpdate –y cp /usr/share/zoneinfo/Asia/Taipei /etc/localtime ntpdate 192.168.10.243
reboot (讓hostname 生效) 登入
安裝基本指定 yum install –y wget telnet vim ftp epel-release bind-utils
下載 iredmail 進行安裝 wget https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.9.4.tar.bz2
tar xjf iRedMail-0.9.4.tar.bz2 cd iRedMail-0.9.4 bash iRedMail.sh
*
IredMail Install 1.mailbox directory , just keep it and next
3. backend choose , MySQL / OpenLDAP MySQL Here ( but seems some proble with global address book in SOGo)
4. your domain
5. your password to mail admin
6.WEBMAIL , Choose SOGo
*
開啟 https://hostname/iredmailadmin
建立三個USER做測試用 登入 https://hostname/SOGo
用其中一個帳號登入,收發信件測試 (前提是 DNS 還有防火牆 已經設定好了) 檢查通訊錄,發現 Global Address Book (公用通訊錄、全域通訊錄) 居然是空的 關機,再做一台來測試 OpenLDAP (VM真他X的方便) shutdown –h now
*
重複 基礎設定 、下載安裝包、進行安裝,改選openLDAP,一開始要輸入 dc=abc,dc=org , 再來輸入 abc.org 其他都一樣 安裝完後,多裝一個 phpldapadmin yum install phpldapadmin –y reboot
開啟 https://hostname/iredmailadmin
建立三個USER做測試用 p.s等了好久(5分鐘左右吧)才看到頁面,不知道是那邊的問題 (update: 應該是firefox的關係,重設後 OK )
要檢視憑證也是很久很久..
登入 https://hostname/SOGo
Global Address Book 還是看不到東西 但是RoundCubeMail 的通訊錄裡面有!!! 還要再研究看看,或者就不要管SOGo了,反正RoundCubeMail 本來就比較好看又好用!
RoundCubeMail的設定檔在 /var/www/roundcubemail/config/config.inc.php 有關LDAP ADDRESS BOOK的設定如下
> // Global LDAP address book.
> $config[‘ldap_public’][“global_ldap_abook”] = array(
> ‘name’ => ‘Global LDAP Address Book’,
> ‘hosts’ => array(‘127.0.0.1’),
> ‘port’ => 389,
> ‘use_tls’ => false,
> ‘ldap_version’ => ‘3’,
> ‘network_timeout’ => 10,
> ‘user_specific’ => true,
>
> // Search mail users under same domain.
> ‘base_dn’ => ‘domainName=%d,o=domains,dc=abc,dc=org’,
> ‘bind_dn’ => ‘mail=%u@%d,ou=Users,domainName=%d,o=domains,dc=abc,dc=org’,
>
> ‘hidden’ => false,
> ‘searchonly’ => false,
> ‘writable’ => false,
>
> ‘search_fields’ => array(‘mail’, ‘cn’, ‘sn’, ‘givenName’, ‘street’, ‘telephoneNumber’, ‘mobile’, ‘stree’, ‘postalCode’),
>
>
>
底下這是欄位對應
> // mapping of contact fields to directory attributes
> ‘fieldmap’ => array(
> ‘name’ => ‘cn’,
> ‘surname’ => ‘sn’,
> ‘firstname’ => ‘givenName’,
> ‘title’ => ‘title’,
> ‘email’ => ‘mail:‘,
> ‘phone:work’ => ‘telephoneNumber’,
> ‘phone:mobile’ => ‘mobile’,
> ‘street’ => ‘street’,
> ‘zipcode’ => ‘postalCode’,
> ‘locality’ => ‘l’,
> ‘department’ => ‘departmentNumber’,
> ‘notes’ => ‘description’,
> ‘name’ => ‘cn’,
> ‘surname’ => ‘sn’,
> ‘firstname’ => ‘givenName’,
> ‘title’ => ‘title’,
> ‘email’ => ‘mail:‘,
> ‘phone:work’ => ‘telephoneNumber’,
> ‘phone:mobile’ => ‘mobile’,
> ‘phone:workfax’ => ‘facsimileTelephoneNumber’,
> ‘street’ => ‘street’,
> ‘zipcode’ => ‘postalCode’,
> ‘locality’ => ‘l’,
> ‘department’ => ‘departmentNumber’,
> ‘notes’ => ‘description’,
> ‘photo’ => ‘jpegPhoto’,
> ),
*
$CONF[‘setup_password’] = ‘7d4b2b0def324a8dc0:80e26d5c’; 存檔後離開 接著在安裝畫面填入你剛剛輸入的密碼「明文」,不是那個字串,而是你剛剛輸入的安裝密碼 建立一個系統管理者帳號、密碼 都完成之後,會提示一個連結讓你前往登入,或者自己開啟
然後新增幾個使用者進行測試,而且postfixadmin 內建就可以建立別名,不用像 iredmail 一樣,要透過 mysql 、openldap 之類的方式去建立!
別名的建立畫面
測試寄送歡迎信件,應該OK了
接著登入之前安裝的 roundcubemail 去收發郵件測試正常, 不過通訊錄還是抓舊的全域通訊錄,應該還是要透過 phpldapadmin 去修改吧,在想是不是乾脆不要用這個功能,改用現在的方式,去AD抓帳號回來好了。 再到手機上測試之前建立的Exchange 帳號也是正常收發! 看起來應該大致可以用了!
修正RoundCubeMail 的通訊錄
// 1 - users can add, edit and delete contacts (full permissions)
// 2 - users can add but not edit or delete contacts
// 3 - users can add and edit but not delete contacts
$config[‘globaladdressbook_perms’] = 3; 設定誰是這個通訊錄的擁有者,理論上應該設定給管理公用通訊錄的人 // global address book admin user
// admin user(s) can always add/edit/delete entries, overrides readonly
// either a single username, an array of usernames, or a regular expression, see README for more info
$config[‘globaladdressbook_admin’] = null; 存檔後離開,在roundcubemail 的通訊錄中,就可以看到多了一個「公用通訊錄」 每個使用者都可以看到,以目前的設定來說,每個人都可以去編輯,但是不能刪除
*
設定ROUNDCUBEMAIL去抓AD 的帳號,不過目前搞不定使用者通訊錄排序的問題,群組的排序倒是OK
新增DNS 伺服器 vi /etc/resolv.conf 刪除內容 新增以下資料 nameserver 168.95.1.1 nameserver 8.8.8.8 nameserver 8.8.4.4
啟動網路卡 cp /etc/sysconfig/network-scripts/ifcfg-eth2 /etc/sysconfig/network-scripts/ifcfg-eth3 vi /etc/sysconfig/network-scripts 刪除 MAC 修改底下的設定 BOOTPROTO=static
IPADDR=192.168.10.220
NETMASK=255.255.255.0 vi /etc/sysconfig/network NETWORKING=yes
HOSTNAME=iredmail
GATEWAY=192.168.10.246
service network restart
修改時區 yum install ntpdate –y cp /usr/share/zoneinfo/Asia/Taipei /etc/localtime ntpdate 192.168.10.243
reboot (讓hostname 生效) 登入
安裝基本指定 yum install –y wget telnet vim ftp epel-release bind-utils
下載 iredmail 進行安裝 wget https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.9.4.tar.bz2
tar xjf iRedMail-0.9.4.tar.bz2 cd iRedMail-0.9.4 bash iRedMail.sh
*
IredMail Install 1.mailbox directory , just keep it and next
3. backend choose , MySQL / OpenLDAP MySQL Here ( but seems some proble with global address book in SOGo)
4. your domain
5. your password to mail admin
6.WEBMAIL , Choose SOGo
離開這個畫面後,會開始進行安裝,並且詢問一些問題都按 y ,完成後,會產生一個 iRedMail.tips 裡面有帳號、密碼等資訊 接著安裝 phpmyadmin yum install –y phpmyadmin 重開機套用 reboot
*
開啟 https://hostname/iredmailadmin
建立三個USER做測試用 登入 https://hostname/SOGo
用其中一個帳號登入,收發信件測試 (前提是 DNS 還有防火牆 已經設定好了) 檢查通訊錄,發現 Global Address Book (公用通訊錄、全域通訊錄) 居然是空的 關機,再做一台來測試 OpenLDAP (VM真他X的方便) shutdown –h now
*
重複 基礎設定 、下載安裝包、進行安裝,改選openLDAP,一開始要輸入 dc=abc,dc=org , 再來輸入 abc.org 其他都一樣 安裝完後,多裝一個 phpldapadmin yum install phpldapadmin –y reboot
開啟 https://hostname/iredmailadmin
建立三個USER做測試用 p.s
Global Address Book 還是看不到東西 但是RoundCubeMail 的通訊錄裡面有!!! 還要再研究看看,或者就不要管SOGo了,反正RoundCubeMail 本來就比較好看又好用!
RoundCubeMail的設定檔在 /var/www/roundcubemail/config/config.inc.php 有關LDAP ADDRESS BOOK的設定如下
> // Global LDAP address book.
> $config[‘ldap_public’][“global_ldap_abook”] = array(
> ‘name’ => ‘Global LDAP Address Book’,
> ‘hosts’ => array(‘127.0.0.1’),
> ‘port’ => 389,
> ‘use_tls’ => false,
> ‘ldap_version’ => ‘3’,
> ‘network_timeout’ => 10,
> ‘user_specific’ => true,
>
> // Search mail users under same domain.
> ‘base_dn’ => ‘domainName=%d,o=domains,dc=abc,dc=org’,
> ‘bind_dn’ => ‘mail=%u@%d,ou=Users,domainName=%d,o=domains,dc=abc,dc=org’,
>
> ‘hidden’ => false,
> ‘searchonly’ => false,
> ‘writable’ => false,
>
> ‘search_fields’ => array(‘mail’, ‘cn’, ‘sn’, ‘givenName’, ‘street’, ‘telephoneNumber’, ‘mobile’, ‘stree’, ‘postalCode’),
>
>
>
底下這是欄位對應
> // mapping of contact fields to directory attributes
> ‘fieldmap’ => array(
> ‘name’ => ‘cn’,
> ‘surname’ => ‘sn’,
> ‘firstname’ => ‘givenName’,
> ‘title’ => ‘title’,
> ‘email’ => ‘mail:‘,
> ‘phone:work’ => ‘telephoneNumber’,
> ‘phone:mobile’ => ‘mobile’,
> ‘street’ => ‘street’,
> ‘zipcode’ => ‘postalCode’,
> ‘locality’ => ‘l’,
> ‘department’ => ‘departmentNumber’,
> ‘notes’ => ‘description’,
> ‘name’ => ‘cn’,
> ‘surname’ => ‘sn’,
> ‘firstname’ => ‘givenName’,
> ‘title’ => ‘title’,
> ‘email’ => ‘mail:‘,
> ‘phone:work’ => ‘telephoneNumber’,
> ‘phone:mobile’ => ‘mobile’,
> ‘phone:workfax’ => ‘facsimileTelephoneNumber’,
> ‘street’ => ‘street’,
> ‘zipcode’ => ‘postalCode’,
> ‘locality’ => ‘l’,
> ‘department’ => ‘departmentNumber’,
> ‘notes’ => ‘description’,
> ‘photo’ => ‘jpegPhoto’,
> ),
*
安裝 PostfixAdmin 取代 iRedMail 預載的陽春管理介面
wget http://nchc.dl.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.93/postfixadmin-2.93.tar.gz
tar zxvf postfixadmin-2.93.tar.gz
mv postfixadmin-2.93 pfa
mv pfa /var/www/html
編輯 httpd 設定
vim /etc/httpd/conf.d/pfa.conf
要安全性的再自己修改 allow / deny 順序和限制
> Alias /pfa “/var/www/pfa/“
> <Directory “/var/www/pfa/“>
> Order allow,deny
> Allow from all
> Options -Indexes
> </Directory>
新增 PostfixAdmin 資料庫
mysql –u root –p
輸入 root 密碼,進入 mysql 介面
執行以下指令,建立一個資料庫叫postfix ,一個使用者帳號 postfix 密碼 postfixadmin ,並指定讓使用者postfix可以讀寫 postfix 資料庫
CREATE DATABASE postfix;
CREATE USER ‘postfix‘@’localhost’ IDENTIFIED BY ‘postfixadmin’;
GRANT ALL PRIVILEGES ON ‘postfix’. * TO ‘postfix‘@’localhost’;
離開mysql 介面
編輯 postfixadmin 設定檔
vim /var/www/pfa/config.inc.php
修改以下設定
> $CONF[‘configured’] = true;
>
> $CONF[‘database_type’] = ‘mysqli’;
> $CONF[‘database_user’] = ‘postfix’;
> $CONF[‘database_password’] = ‘postfixadmin’;
> $CONF[‘database_name’] = ‘postfix’;
存檔後離開,開啟postfixadmin 安裝頁面
http://ip_address/pfa/setup.php
應該會提示有個目錄要有讀寫權限 chmod a+rw –R /var/www/pfa/templates_c 重整安裝頁面 安裝過程其實很簡單 注意一下密碼安全性原則,不得小於五個字,至少要有三個英文、兩個數字(我是直接拿掉這段,省得麻煩) 安裝過程中會要求你設定一組安裝密碼,然後系統會產生一組編碼過後的字串 將這組字串填入 config.inc.php vim /var/www/pfa/config.inc.php 註解掉第一個 setup_password 變數,然後填入剛剛系統產生的編碼字串 #$CONF[‘setup_password’] = ‘changeme’;$CONF[‘setup_password’] = ‘7d4b2b0def324a8dc0:80e26d5c’; 存檔後離開 接著在安裝畫面填入你剛剛輸入的密碼「明文」,不是那個字串,而是你剛剛輸入的安裝密碼 建立一個系統管理者帳號、密碼 都完成之後,會提示一個連結讓你前往登入,或者自己開啟
http://ip_address/pfa/login.php
填入剛剛輸入的管理者帳號(全部,包含 @ 後面的域名) 和密碼,登入管理介面,這邊可以順便改語系,內建有繁體中文( 感動! ) 接著先新建一個網域
然後新增幾個使用者進行測試,而且postfixadmin 內建就可以建立別名,不用像 iredmail 一樣,要透過 mysql 、openldap 之類的方式去建立!
別名的建立畫面
Update: 更新歡迎信件無法寄出的錯誤
經過這樣的修改,postfixadmin 預設有一個發送歡迎信件給新帳號的功能會發生錯誤 maillog 裡面會出現 Sender address rejected: not logged in; 這樣的狀況 修改postfixadmin的設定 vim /var/www/pfa/config.inc.php 修改 admin_email $CONF[‘admin_email’] = ‘postmaster@iredmail.abc.org’; //本來是 postmaster@abc.org , 改成 postmaster@hostname.abc.org測試寄送歡迎信件,應該OK了
接著登入之前安裝的 roundcubemail 去收發郵件測試正常, 不過通訊錄還是抓舊的全域通訊錄,應該還是要透過 phpldapadmin 去修改吧,在想是不是乾脆不要用這個功能,改用現在的方式,去AD抓帳號回來好了。 再到手機上測試之前建立的Exchange 帳號也是正常收發! 看起來應該大致可以用了!
修正RoundCubeMail 的通訊錄
用人家寫好的plugin 來新增一個公用通訊錄
https://github.com/JohnDoh/Roundcube-Plugin-Global-Address-Book
下載並解壓縮到 /var/www/roundcubemail/plugins/globaladdressbook 在config 裡面啟用 vim /var/www/roundcubemail/config/config.inc.php 在 plugins 的地方加入 globaladdressbook $config[‘plugins’] = array(‘managesieve’, ‘password’,’globaladdressbook’); 簡單設定一下 vim /var/www/roundcubemail/plugins/globaladdressbook/config.inc.php 設定通訊錄的讀寫權限 // 0 - global address book is read only// 1 - users can add, edit and delete contacts (full permissions)
// 2 - users can add but not edit or delete contacts
// 3 - users can add and edit but not delete contacts
$config[‘globaladdressbook_perms’] = 3; 設定誰是這個通訊錄的擁有者,理論上應該設定給管理公用通訊錄的人 // global address book admin user
// admin user(s) can always add/edit/delete entries, overrides readonly
// either a single username, an array of usernames, or a regular expression, see README for more info
$config[‘globaladdressbook_admin’] = null; 存檔後離開,在roundcubemail 的通訊錄中,就可以看到多了一個「公用通訊錄」 每個使用者都可以看到,以目前的設定來說,每個人都可以去編輯,但是不能刪除
*
設定ROUNDCUBEMAIL去抓AD 的帳號,不過目前搞不定使用者通訊錄排序的問題,群組的排序倒是OK
//update 使用者通訊錄的排序也搞定啦! //底下這行本來被註解掉了,取消註解 $config[‘addressbook_sort_col’] = ‘name’; 改一下config vim /var/www/roundcubemail/config/config.inc.php
// Global LDAP address book.
$config[‘ldap_public’][“global_ldap_abook”] = array(
‘name’ => ‘Global LDAP Address Book’,
‘hosts’ => array(‘192.168.10.243’), //改成AD 的IP
‘port’ => 389,
‘use_tls’ => false,
# ‘ldap_version’ => ‘3’, //註解掉這行
# ‘network_timeout’ => 10, //註解掉這行
‘user_specific’ => true, // Search mail users under same domain. //修改和AD連線的設定, base_dn , bind_dn , bind_pass 都要設定,如果沒設定DN/pass 會發生驗證錯誤,找不到資料的情況
‘base_dn’=> ‘DC=abc,DC=com, DC=tw’,
‘bind_dn’ => ‘abc@abc.com.tw’,
‘bind_pass’ => ‘abcabc’,
‘writable’ => false, //設定USER搜尋通訊錄時,要尋哪些欄位,欄位越多,搜尋時間越久,為了省時間,只設定搜尋兩個欄位 ‘search_fields’ => array(‘mail’, ‘cn’),// ‘sn’, ‘givenName’, ‘street’),//, ‘telephoneNumber’, ‘mobile’, ‘stree’, ‘postalCode’), //底下這些其實可有可無,大部分的欄位對應都在下面的 fieldmap//然後AD的欄位很奇怪,不管怎麼抓,就是很固執,我有測試去抓 description 欄位來當作顯示名稱 (surname) 但就是沒作用…而且似乎會拖慢速度//但是在聯絡人的內容卻有出現設定的描述欄位的資料,就很奇怪,不知道怎麼抓#’name_field’ => ‘cn’, // this field represents the contact’s name
#’firstname_field’ => ‘cn’, // this field represents the contact’s first name
#’surname_field’ => ‘cn’, // this field represents the contact’s last name
‘email_field’ => ‘mail’, // this field represents the contact’s e-mail
‘scope’ => ‘sub’, // search mode: sub|base|list //不知道幹嘛的
‘filter’ => ‘(&(mail=*)(!(msExchHideFromAddressLists=TRUE)))’, // all mail, except the exchange hidden ,抓取所有 mail 屬性有值的紀錄,除了某些刻意隱藏的
‘sort’ => ‘cn’, // The field to sort the listing by. //排序,不過我測試不出來,改成用 mail 排序也沒作用‘fuzzy_search’ => TRUE ,// server allows wildcard search //預設值 // mapping of contact fields to directory attributes //這些都是預設值 AD 欄位跟 LDAP 的對應關係,請參考 https://www.manageengine.com/products/ad-manager/help/csv-import-management/active-directory-ldap-attributes.html
//這些都先註解掉
‘fieldmap’ => array(
# ‘name’ => ‘cn’,
# ‘surname’ => ‘sn’,
# ‘firstname’ => ‘givenName’,
# ‘title’ => ‘title’,
# ‘email’ => ‘mail:‘,
# ‘phone:work’ => ‘telephoneNumber’,
# ‘phone:mobile’ => ‘mobile’,
# ‘street’ => ‘street’,
# ‘zipcode’ => ‘postalCode’,
# ‘locality’ => ‘l’,
# ‘department’ => ‘departmentNumber’,
# ‘notes’ => ‘description’,
# ‘name’ => ‘cn’,
# ‘surname’ => ‘sn’,
# ‘firstname’ => ‘givenName’,
# ‘title’ => ‘title’,
# ‘email’ => ‘mail:‘,
# ‘phone:work’ => ‘telephoneNumber’,
# ‘phone:mobile’ => ‘mobile’,
# ‘phone:workfax’ => ‘facsimileTelephoneNumber’,
# ‘street’ => ‘street’,
# ‘zipcode’ => ‘postalCode’,
# ‘locality’ => ‘l’,
# ‘department’ => ‘departmentNumber’,
# ‘notes’ => ‘description’,
# ‘photo’ => ‘jpegPhoto’,
),
//fields_map 的內容 改成這樣,留下兩個就夠了,其他有用到再開 > ‘fieldmap’ => array( ‘name’ => ‘displayName’ , ‘email’ => ‘mail:*’, ), > ‘sort’ => ‘cn’, //應該是沒作用
# ‘scope’ => ‘sub’,
# ‘filter’ => ‘(&(enabledService=mail)(enabledService=deliver)(enabledService=displayedInGlobalAddressBook)(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))’,
# ‘fuzzy_search’ => true,
# ‘vlv’ => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it)
# ‘sizelimit’ => ‘0’, // Enables you to limit the count of entries fetched. Setting this to 0 means no limit.
# ‘timelimit’ => ‘0’, // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit.
# ‘referrals’ => false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups //底下這是群組的設定 ‘group_filters’ => array(
‘departments’ => array(
‘name’ => ‘群組’,
‘scope’ => ‘sub’,
#’filter’ = > ‘(&(mail=)(objectClass=group))’,
‘filter’ => ‘(&(mail=)(objectClass=group)(!(msExchHideFromAddressLists=TRUE)))’,
‘name_attr’ => ‘description’,
‘email’ => ‘mail’,
),
), );
$config[‘autocomplete_addressbooks’] = array(‘sql’, ‘global_ldap_abook’);
群組信箱看到的畫面會是這樣
