[筆記] CentOS 6.6 + iRedmail 0.9.4 + postfixadmin 安裝筆記

未分類 centos iredmail postfix postfixadmin virtual domain 2016/01/27

本文發表於2473天之前，文章內容可能已經過時，如有疑問，請聯繫作者。

系統基礎設定 Clone from a fresh new install CentOS 6.6 in vmware power on

新增DNS 伺服器 vi /etc/resolv.conf 刪除內容新增以下資料 nameserver 168.95.1.1 nameserver 8.8.8.8 nameserver 8.8.4.4

啟動網路卡 cp /etc/sysconfig/network-scripts/ifcfg-eth2 /etc/sysconfig/network-scripts/ifcfg-eth3 vi /etc/sysconfig/network-scripts 刪除 MAC 修改底下的設定 BOOTPROTO=static
IPADDR=192.168.10.220
NETMASK=255.255.255.0 vi /etc/sysconfig/network NETWORKING=yes
HOSTNAME=iredmail
GATEWAY=192.168.10.246
service network restart

修改時區 yum install ntpdate –y cp /usr/share/zoneinfo/Asia/Taipei /etc/localtime ntpdate 192.168.10.243

reboot (讓hostname 生效) 登入

安裝基本指定 yum install –y wget telnet vim ftp epel-release bind-utils

下載 iredmail 進行安裝 wget https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.9.4.tar.bz2

tar xjf iRedMail-0.9.4.tar.bz2 cd iRedMail-0.9.4 bash iRedMail.sh

*
IredMail Install 1.mailbox directory , just keep it and next

2.choose web server ( apache here , more familiar)

3. backend choose , MySQL / OpenLDAP MySQL Here ( but seems some proble with global address book in SOGo)

4. your domain

5. your password to mail admin

6.WEBMAIL , Choose SOGo

離開這個畫面後，會開始進行安裝，並且詢問一些問題都按 y ，完成後，會產生一個 iRedMail.tips 裡面有帳號、密碼等資訊接著安裝 phpmyadmin yum install –y phpmyadmin 重開機套用 reboot

*
開啟 https://hostname/iredmailadmin

建立三個USER做測試用登入 https://hostname/SOGo

用其中一個帳號登入，收發信件測試 (前提是 DNS 還有防火牆已經設定好了) 檢查通訊錄，發現 Global Address Book (公用通訊錄、全域通訊錄) 居然是空的關機，再做一台來測試 OpenLDAP (VM真他X的方便) shutdown –h now

*
重複基礎設定、下載安裝包、進行安裝，改選openLDAP，一開始要輸入 dc=abc,dc=org , 再來輸入 abc.org 其他都一樣安裝完後，多裝一個 phpldapadmin yum install phpldapadmin –y reboot

開啟 https://hostname/iredmailadmin

建立三個USER做測試用 p.s ~~等了好久(5分鐘左右吧)才看到頁面，不知道是那邊的問題~~ (update: 應該是firefox的關係，重設後 OK ) ~~要檢視憑證也是很久很久..~~ 登入 https://hostname/SOGo

Global Address Book 還是看不到東西但是RoundCubeMail 的通訊錄裡面有！！！還要再研究看看，或者就不要管SOGo了，反正RoundCubeMail 本來就比較好看又好用！

RoundCubeMail的設定檔在 /var/www/roundcubemail/config/config.inc.php 有關LDAP ADDRESS BOOK的設定如下
> // Global LDAP address book.
> $config[‘ldap_public’][“global_ldap_abook”] = array(
>     ‘name’              => ‘Global LDAP Address Book’,
>     ‘hosts’             => array(‘127.0.0.1’),
>     ‘port’              => 389,
>     ‘use_tls’           => false,
>     ‘ldap_version’      => ‘3’,
>     ‘network_timeout’   => 10,
>     ‘user_specific’     => true,
>
>     // Search mail users under same domain.
>     ‘base_dn’       => ‘domainName=%d,o=domains,dc=abc,dc=org’,
>     ‘bind_dn’       => ‘mail=%u@%d,ou=Users,domainName=%d,o=domains,dc=abc,dc=org’,
>
>     ‘hidden’        => false,
>     ‘searchonly’    => false,
>     ‘writable’      => false,
>
>     ‘search_fields’ => array(‘mail’, ‘cn’, ‘sn’, ‘givenName’, ‘street’, ‘telephoneNumber’, ‘mobile’, ‘stree’, ‘postalCode’),
>
>
>

底下這是欄位對應
> // mapping of contact fields to directory attributes
> ‘fieldmap’ => array(
>       ‘name’          => ‘cn’,
>       ‘surname’       => ‘sn’,
>       ‘firstname’     => ‘givenName’,
>       ‘title’         => ‘title’,
>       ‘email’         => ‘mail:‘,
>       ‘phone:work’    => ‘telephoneNumber’,
>       ‘phone:mobile’ => ‘mobile’,
>       ‘street’        => ‘street’,
>       ‘zipcode’       => ‘postalCode’,
>       ‘locality’      => ‘l’,
>       ‘department’    => ‘departmentNumber’,
>       ‘notes’         => ‘description’,
>       ‘name’          => ‘cn’,
>       ‘surname’       => ‘sn’,
>       ‘firstname’     => ‘givenName’,
>       ‘title’         => ‘title’,
>       ‘email’         => ‘mail:‘,
>       ‘phone:work’    => ‘telephoneNumber’,
>       ‘phone:mobile’ => ‘mobile’,
>       ‘phone:workfax’ => ‘facsimileTelephoneNumber’,
>       ‘street’        => ‘street’,
>       ‘zipcode’       => ‘postalCode’,
>       ‘locality’      => ‘l’,
>       ‘department’    => ‘departmentNumber’,
>       ‘notes’         => ‘description’,
>       ‘photo’         => ‘jpegPhoto’,
> ),

*

安裝 PostfixAdmin 取代 iRedMail 預載的陽春管理介面

wget http://nchc.dl.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.93/postfixadmin-2.93.tar.gz

tar zxvf postfixadmin-2.93.tar.gz mv postfixadmin-2.93 pfa mv pfa /var/www/html 編輯 httpd 設定 vim /etc/httpd/conf.d/pfa.conf 要安全性的再自己修改 allow / deny 順序和限制
> Alias /pfa “/var/www/pfa/“
> <Directory “/var/www/pfa/“>
> Order allow,deny
> Allow from all
> Options -Indexes
> </Directory> 新增 PostfixAdmin 資料庫 mysql –u root –p 輸入 root 密碼，進入 mysql 介面執行以下指令，建立一個資料庫叫postfix ，一個使用者帳號 postfix 密碼 postfixadmin ，並指定讓使用者postfix可以讀寫 postfix 資料庫 CREATE DATABASE postfix;
CREATE USER ‘postfix‘@’localhost’ IDENTIFIED BY ‘postfixadmin’;
GRANT ALL PRIVILEGES ON ‘postfix’. * TO ‘postfix‘@’localhost’;
離開mysql 介面編輯 postfixadmin 設定檔 vim /var/www/pfa/config.inc.php 修改以下設定
> $CONF[‘configured’] = true;
>
> $CONF[‘database_type’] = ‘mysqli’;
> $CONF[‘database_user’] = ‘postfix’;
> $CONF[‘database_password’] = ‘postfixadmin’;
> $CONF[‘database_name’] = ‘postfix’; 存檔後離開，開啟postfixadmin 安裝頁面

http://ip_address/pfa/setup.php

應該會提示有個目錄要有讀寫權限 chmod a+rw –R /var/www/pfa/templates_c 重整安裝頁面安裝過程其實很簡單注意一下密碼安全性原則，不得小於五個字，至少要有三個英文、兩個數字(我是直接拿掉這段，省得麻煩) 安裝過程中會要求你設定一組安裝密碼，然後系統會產生一組編碼過後的字串將這組字串填入 config.inc.php vim /var/www/pfa/config.inc.php 註解掉第一個 setup_password 變數，然後填入剛剛系統產生的編碼字串 #$CONF[‘setup_password’] = ‘changeme’;
$CONF[‘setup_password’] = ‘7d4b2b0def324a8dc0:80e26d5c’; 存檔後離開接著在安裝畫面填入你剛剛輸入的密碼「明文」，不是那個字串，而是你剛剛輸入的安裝密碼建立一個系統管理者帳號、密碼都完成之後，會提示一個連結讓你前往登入，或者自己開啟

http://ip_address/pfa/login.php

填入剛剛輸入的管理者帳號(全部，包含 @ 後面的域名) 和密碼，登入管理介面，這邊可以順便改語系，內建有繁體中文( 感動！ ) 接著先新建一個網域

然後新增幾個使用者進行測試，而且postfixadmin 內建就可以建立別名，不用像 iredmail 一樣，要透過 mysql 、openldap 之類的方式去建立！

別名的建立畫面

Update: 更新歡迎信件無法寄出的錯誤

經過這樣的修改，postfixadmin 預設有一個發送歡迎信件給新帳號的功能會發生錯誤 maillog 裡面會出現 Sender address rejected: not logged in; 這樣的狀況修改postfixadmin的設定 vim /var/www/pfa/config.inc.php 修改 admin_email $CONF[‘admin_email’] = ‘postmaster@iredmail.abc.org’; //本來是 postmaster@abc.org , 改成 postmaster@hostname.abc.org

測試寄送歡迎信件，應該OK了

接著登入之前安裝的 roundcubemail 去收發郵件測試正常，不過通訊錄還是抓舊的全域通訊錄，應該還是要透過 phpldapadmin 去修改吧，在想是不是乾脆不要用這個功能，改用現在的方式，去AD抓帳號回來好了。再到手機上測試之前建立的Exchange 帳號也是正常收發！看起來應該大致可以用了！

修正RoundCubeMail 的通訊錄

用人家寫好的plugin 來新增一個公用通訊錄

https://github.com/JohnDoh/Roundcube-Plugin-Global-Address-Book

下載並解壓縮到 /var/www/roundcubemail/plugins/globaladdressbook 在config 裡面啟用 vim /var/www/roundcubemail/config/config.inc.php 在 plugins 的地方加入 globaladdressbook $config[‘plugins’] = array(‘managesieve’, ‘password’,’globaladdressbook’); 簡單設定一下 vim /var/www/roundcubemail/plugins/globaladdressbook/config.inc.php 設定通訊錄的讀寫權限 // 0 - global address book is read only
// 1 - users can add, edit and delete contacts (full permissions)
// 2 - users can add but not edit or delete contacts
// 3 - users can add and edit but not delete contacts
$config[‘globaladdressbook_perms’] = 3; 設定誰是這個通訊錄的擁有者，理論上應該設定給管理公用通訊錄的人 // global address book admin user
// admin user(s) can always add/edit/delete entries, overrides readonly
// either a single username, an array of usernames, or a regular expression, see README for more info
$config[‘globaladdressbook_admin’] = null; 存檔後離開，在roundcubemail 的通訊錄中，就可以看到多了一個「公用通訊錄」每個使用者都可以看到，以目前的設定來說，每個人都可以去編輯，但是不能刪除

*
設定ROUNDCUBEMAIL去抓AD 的帳號，不過目前搞不定使用者通訊錄排序的問題，群組的排序倒是OK

//update 使用者通訊錄的排序也搞定啦！ //底下這行本來被註解掉了，取消註解 $config[‘addressbook_sort_col’] = ‘name’; 改一下config vim /var/www/roundcubemail/config/config.inc.php

// Global LDAP address book.
$config[‘ldap_public’][“global_ldap_abook”] = array(
‘name’              => ‘Global LDAP Address Book’,
‘hosts’             => array(‘192.168.10.243’), //改成AD 的IP
‘port’              => 389,
‘use_tls’           => false,
#    ‘ldap_version’      => ‘3’, //註解掉這行
#    ‘network_timeout’   => 10, //註解掉這行
‘user_specific’     => true, // Search mail users under same domain. //修改和AD連線的設定， base_dn , bind_dn , bind_pass 都要設定，如果沒設定DN/pass 會發生驗證錯誤，找不到資料的情況
‘base_dn’=> ‘DC=abc,DC=com, DC=tw’,
‘bind_dn’ => ‘abc@abc.com.tw’,
‘bind_pass’ => ‘abcabc’,
‘writable’      => false, //設定USER搜尋通訊錄時，要尋哪些欄位，欄位越多，搜尋時間越久，為了省時間，只設定搜尋兩個欄位 ‘search_fields’ => array(‘mail’, ‘cn’),// ‘sn’, ‘givenName’, ‘street’),//, ‘telephoneNumber’, ‘mobile’, ‘stree’, ‘postalCode’), //~~底下這些其實可有可無，大部分的欄位對應都在下面的 fieldmap~~ //~~然後AD的欄位很奇怪，不管怎麼抓，就是很固執，我有測試去抓 description 欄位來當作顯示名稱 (surname) 但就是沒作用…而且似乎會拖慢速度~~ //~~但是在聯絡人的內容卻有出現設定的描述欄位的資料，就很奇怪，不知道怎麼抓~~
#’name_field’ => ‘cn’, // this field represents the contact’s name
#’firstname_field’ => ‘cn’, // this field represents the contact’s first name
#’surname_field’ => ‘cn’, // this field represents the contact’s last name
‘email_field’ => ‘mail’, // this field represents the contact’s e-mail
‘scope’ => ‘sub’, // search mode: sub|base|list //不知道幹嘛的
‘filter’ => ‘(&(mail=*)(!(msExchHideFromAddressLists=TRUE)))’, // all mail, except the exchange hidden ，抓取所有 mail 屬性有值的紀錄，除了某些刻意隱藏的
‘sort’ => ‘cn’, // The field to sort the listing by. //~~排序，不過我測試不出來，改成用 mail 排序也沒作用~~
‘fuzzy_search’ => TRUE ,// server allows wildcard search //預設值 // mapping of contact fields to directory attributes //這些都是預設值 AD 欄位跟 LDAP 的對應關係，請參考 https://www.manageengine.com/products/ad-manager/help/csv-import-management/active-directory-ldap-attributes.html

//這些都先註解掉
    ‘fieldmap’ => array(
#       ‘name’          => ‘cn’,
#      ‘surname’       => ‘sn’,
   #     ‘firstname’     => ‘givenName’,
    #    ‘title’         => ‘title’,
     #   ‘email’         => ‘mail:‘,
      # ‘phone:work’    => ‘telephoneNumber’,
#        ‘phone:mobile’ => ‘mobile’,
#        ‘street’        => ‘street’,
#        ‘zipcode’       => ‘postalCode’,
#        ‘locality’      => ‘l’,
#        ‘department’    => ‘departmentNumber’,
#       ‘notes’         => ‘description’,
#      ‘name’          => ‘cn’,
   #     ‘surname’       => ‘sn’,
    #    ‘firstname’     => ‘givenName’,
     #   ‘title’         => ‘title’,
#        ‘email’         => ‘mail:‘,
#       ‘phone:work’    => ‘telephoneNumber’,
#      ‘phone:mobile’ => ‘mobile’,
   #     ‘phone:workfax’ => ‘facsimileTelephoneNumber’,
    #    ‘street’        => ‘street’,
     #   ‘zipcode’       => ‘postalCode’,
#        ‘locality’      => ‘l’,
#       ‘department’    => ‘departmentNumber’,
#      ‘notes’         => ‘description’,
   #     ‘photo’         => ‘jpegPhoto’,
    ),
//fields_map 的內容改成這樣，留下兩個就夠了，其他有用到再開 > ‘fieldmap’ => array( ‘name’          => ‘displayName’ , ‘email’         => ‘mail:*’, ), > ‘sort’          => ‘cn’, //應該是沒作用
#    ‘scope’         => ‘sub’,
#    ‘filter’        => ‘(&(enabledService=mail)(enabledService=deliver)(enabledService=displayedInGlobalAddressBook)(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))’,
#    ‘fuzzy_search’ => true,
#    ‘vlv’           => false,   // Enable Virtual List View to more efficiently fetch paginated data (if server supports it)
#    ‘sizelimit’     => ‘0’,     // Enables you to limit the count of entries fetched. Setting this to 0 means no limit.
#    ‘timelimit’     => ‘0’,     // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit.
#    ‘referrals’     => false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups //底下這是群組的設定 ‘group_filters’ => array(
    ‘departments’ => array(
        ‘name’    => ‘群組’,
        ‘scope’   => ‘sub’,
        #’filter’ = > ‘(&(mail=)(objectClass=group))’,
    ‘filter’ => ‘(&(mail=)(objectClass=group)(!(msExchHideFromAddressLists=TRUE)))’,
        ‘name_attr’ => ‘description’,
        ‘email’     => ‘mail’,
   ),
), );
$config[‘autocomplete_addressbooks’] = array(‘sql’, ‘global_ldap_abook’);
群組信箱看到的畫面會是這樣