CentOS LAMP Postfix Postfixadmin Virtual Mail Multi Domain SASL TLS SSL Dovecot MySQL 安裝步驟整理
系統基礎
檢查 hostname 是否有設定正確,hostname -f 如果跑不出正確結果,編輯 /etc/hosts 內容
#####安裝會用到的小工具
yum install epel-release ; yum list > yum.txt
yum install ftp traceroute telnet vim joe lynx bind-utils wget openssl ntpdate mail
#####修改時區
cp /usr/share/zoneinfo/Asia/Taipei /etc/localtime
ntpdate time.stdtime.gov.tw
加入 crontab
/10 ntpdate time.stdtime.gov.tw > /dev/null 2>&1
或者是直接安裝 ntp 服務
yum install -y ntp
vim /etc/ntp.conf
加入
restrict 192.168.10.0 mask 255.255.255.0
server time.stdtime.gov.tw iburst
server 192.168.10.243 iburst
service ntpd restart
#####關閉 SELINUX
vim /etc/sysconfig/selinux
SELINUX = disabled
##### 關閉防火牆服務,有需要再打開 #####
service iptables stop
chkconfig –level 235 iptables off
####系統重開機 套用關閉SELINUX
reboot
LAMP
## MYSQL 5 ##
yum install mysql mysql-server
chkconfig –levels 235 mysqld on
/etc/init.d/mysqld start
/usr/bin/mysql_secure_installation
## APACHE 2 ##
yum install httpd
chkconfig –levels 235 httpd on
##修改 httpd.conf 裡面的 ServerName 參數 ##
vim /etc/httpd/conf/httpd.conf
ServerName localhost:80
service httpd start
check http://ip_address
## PHP ##
yum install php php-gd php-mbstring php-mysql mod_ssl php-imap -y
##add a php file in /var/www/html check if php works
##新增一個 PHP 檔案 看看 php 是否可以正常運作
vim /var/www/html/1.php
<?php
phpinfo();
?>
lynx localhost/1.php
########## Enable HTTPS ######
yum install –y openssl mod_ssl
service httpd restart
apache 預設就幫我們做好了兩個憑證,位置在/etc/pki/tls/certs & /etc/pki/tls/private 底下
檔名分別叫做 localhost.crt / localhost.key
所以修改apache設定去抓這兩個檔案
修正
沒有預設做好憑證這回事,所以還是要自己做憑證出來
openssl genrsa -out ms.abc.com.key 1024
openssl req -new -key ms.abc.com.key -out ms.abc.com.csr
x509 -req -days 3650 -in ms.abc.com.csr -signkey ms.abc.com.key -out ms.abc.com.crt
mv ms.abc.com.crt /etc/pki/tls/certs/
mv ms.abc.com.key /etc/pki/tls/private/
vim /etc/httpd/conf.d/ssl.conf
找到 SSLCertificateFile 、 SSLCertificateKeyFile 這兩個參數
加入預設憑證的路徑
SSLCertificateFile /etc/pki/tls/certs/ms.abc.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/ms.abc.com.key
重啟 apache
service httpd restart
開啟 https 頁面測試看看
https://ip_address
一開始應該會出現錯誤憑證的畫面,這是因為我們的憑證是自己簽的,而不是透過第三方機構發的。不過無所謂,可以用就好~
不然還要花錢去申請..
##date.timezone
vim /etc/php.ini
date.timezone = Asia/Taipei
service httpd restart
## LAMP DONE
POSTFIX
## POSTFIX / DOVECOT ##
Cyrus
yum -y install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain
**#######################################################
Generate SSL Sign Key
#######################################################**
openssl genrsa -des3 -out ms.abc.com.key 2048
chmod 600 ms.abc.com.key
openssl req -new -key ms.abc.com..key -out ms.abc.com..csr
openssl x509 -req -days 3650 -in ms.abc.com..csr -signkey ms.abc.com.key -out ms.abc.com..crt
openssl rsa -in ms.abc.com..key -out ms.abc.com..key.nopass
mv -f ms.abc.com..key.nopass ms.abc.com..key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
chmod 600 ms.abc.com.key
chmod 600 cakey.pem
mkdir /etc/ssl/private
mv ms.abc.com.key /etc/ssl/private/
mv ms.abc.com.crt /etc/ssl/certs/
mv cakey.pem /etc/ssl/private/
mv cacert.pem /etc/ssl/certs/
**#######################################################
Add TLS Settings to /etc/postfix/main.cf
#######################################################**
postconf -e ‘smtpd_tls_auth_only = no’
postconf -e ‘smtp_use_tls = yes’
postconf -e ‘smtpd_use_tls = yes’
postconf -e ‘smtp_tls_note_starttls_offer = yes’
postconf -e ‘smtpd_tls_key_file = /etc/ssl/private/ms.abc.com.key’
postconf -e ‘smtpd_tls_cert_file = /etc/ssl/certs/ms.abc.com.crt’
postconf -e ‘smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem’
postconf -e ‘smtpd_tls_loglevel = 1’
postconf -e ‘smtpd_tls_received_header = yes’
postconf -e ‘smtpd_tls_session_cache_timeout = 3600s’
postconf -e ‘tls_random_source = dev:/dev/urandom’
postconf -e ‘myhostname = ms.abc.com’
postconf -e ‘mydomain = abc.com ‘
**#######################################################
/etc/postfix/main.cf should be like this
#######################################################**
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailbox_command =
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = abc.com
myhostname = ms.abc.com
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
##### POSTFIX CONFIG #####
postconf -e ‘inet_interfaces = all’
postconf -e ‘mynetworks = 127.0.0.0/8’
postconf -e ‘smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination’
postconf -e ‘mailbox_command =’
#########SASL##############
postconf -e ‘broken_sasl_auth_clients = yes’
postconf -e ‘smtpd_sasl_auth_enable = yes’
postconf -e ‘smtpd_sasl_local_domain = ‘
postconf -e ‘smtpd_sasl_path = private/auth’
postconf -e ‘smtpd_sasl_security_options = noanonymous’
postconf -e ‘smtpd_sasl_type = dovecot’
##### TLS , check the cert file location #####
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/certs/ms.abc.com.crt
smtpd_tls_key_file = /etc/ssl/private/ms.abc.com.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
### Virtual Mail ###
**#######################################################################################
Create cf files
#######################################################################################
**vim /etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
user = postfixadmin
password = postfixadmin
hosts = localhost
dbname = mail
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = ‘%d’ and alias.address = CONCAT(‘@’, alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active=’1’
vim /etc/postfix/sql/mysql_virtual_alias_domain_maps.cf
user = postfixadmin
password = postfixadmin
hosts = localhost
dbname = mail
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = ‘%d’ and alias.address = CONCAT(‘%u’, ‘@’, alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active=’1’
vim /etc/postfix/sql/mysql_virtual_domains_maps.cf
user = postfixadmin
password = postfixadmin
hosts = localhost
dbname = mail
query = SELECT domain FROM domain WHERE domain=’%s’ AND active = ‘1’
vim /etc/postfix/sql/mysql_virtual_mailbox_maps.cf
user = postfixadmin
password = postfixadmin
hosts = localhost
dbname = mail
query = SELECT maildir FROM mailbox WHERE username=’%s’ AND active = ‘1’
vim /etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
user = postfixadmin
password = postfixadmin
hosts = localhost
dbname = mail
query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = ‘%d’ and mailbox.username = CONCAT(‘%u’, ‘@’, alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active=’1’
vim /etc/postfix/sql/mysql_virtual_alias_maps.cf
user = postfixadmin
password = postfixadmin
hosts = localhost
dbname = mail
query = SELECT goto FROM alias WHERE address=’%s’ AND active = ‘1’
#expansion_limit = 100
vim /etc/postfix/sql/mysql_virtual_mailbox_limit_maps.cf
user = postfixadmin
password = postfixadmin
hosts = localhost
dbname = mail
query = SELECT quota FROM mailbox WHERE username=’%s’ AND active = ‘1’
postconf -e ‘virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf’
postconf -e ‘virtual_gid_maps = static:5000’
postconf -e ‘virtual_mailbox_base = /home/vmail’
postconf -e ‘virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf’
postconf -e ‘virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf’
postconf -e ‘virtual_transport = virtual’
postconf -e ‘virtual_uid_maps = static:5000’
Others
postconf -e ‘unknown_local_recipient_reject_code = 550’
**#######################################################################################
add vmail user/group for virtual mail
uid should be the same with main.cf
#######################################################################################**
groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /home/vmail
chown vmail:vmail /home/vmail
############### MYSQL ###############
mysql -u root -p
create database mail;
create user ‘postfixadmin‘@’localhost’ identified by ‘postfixadmin’;
grant all privileges on mail.* to ‘postfixadmin‘@’localhost’;
flush privileges;
quit
#########Postfixadmin ###################
wget http://nchc.dl.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.93/postfixadmin-2.93.tar.gz
tar zxvf postfixadmin-2.93.tar.gz
mv postfixadmin-2.93 postfixadmin
mv postfixadmin /var/www/html/
cd /var/www/html/postfixadmin
vim config.inc.php
$CONF[‘configured’] = false; –> $CONF[‘configured’] = true;
$CONF[‘database_type’] = ‘mysqli’;
$CONF[‘database_host’] = ‘localhost’;
$CONF[‘database_user’] = ‘postfix’; –> $CONF[‘database_user’] = ‘postfixadmin’;
$CONF[‘database_password’] = ‘postfixadmin’;
$CONF[‘database_name’] = ‘postfix’; –> $CONF[‘database_name’] = ‘mail’;
open http://ip_address/postfixadmin/setup.php
Error: Smarty template compile directory templates_c is not writable.
Please make it writable.
If you are using SELinux or AppArmor, you might need to adjust their setup to allow write access.
chmod a+rw -R /var/www/html/postfixadmin/templates_c
open http://ip_address/postfixadmin/setup.php
change setup password (two digit , two letters , will fix later) and new password will be generated
vim /var/www/html/postfixadmin/config.ini.php
Replace
$CONF[‘setup_password’] = ‘changeme’;
to
$CONF[‘setup_password’] = ‘0287c360cbc407f4e18e520651a1c1b8:3a8a82f252f00a8593c0bfc9fa006a98deee2b32’;
create a new mail master
go http://ip_address/postfixadmin/login.php using the account last step
change the password limitation
vim /var/www/html/postfixadmin/config.inc.php
$CONF[‘password_validation’] = array(
# ‘/regular expression/‘ => ‘$PALANG key (optional: + parameter)’,
‘/.{5}/‘ => ‘password_too_short 5’, # minimum length 5 characters
#’/([a-zA-Z].){3}/‘ => ‘password_no_characters 3’, # must contain at least 3 characters –>
‘/([a-zA-Z].){0}/‘ => ‘password_no_characters 3’, # must contain at least 0 characters –>
#’/([0-9].){2}/‘ => ‘password_no_digits 2’, # must contain at least 2 digits –>
‘/([0-9].){0}/‘ => ‘password_no_digits 2’, # must contain at least 0 digits –>
);
**######################################################
create a new virtual domain and virtual user
check if the records exists
######################################################*
mysql -u root -p
use mail;
show tables;
select from domain;
select * from alias;
exit
in /var/log/maillog , there should be a welcome messages from postmaster to the acouunt you just created
Jan 13 13:37:25 mssop postfix/qmgr[2396]: 632D740A18: from=<postmaster@abc.com.tw>, size=489, nrcpt=1 (queue active)
Jan 13 13:37:25 mssop postfix/smtpd[2965]: disconnect from localhost[::1]
Jan 13 13:37:25 mssop postfix/virtual[2975]: 632D740A18: to=<mc@abc-taf.com>, relay=virtual, delay=0.16, delays=0.06/0.1/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
Jan 13 13:37:25 mssop postfix/qmgr[2396]: 632D740A18: removed
**#######################################################
###### Dovecot Config ########
#######################################################**
vim /etc/dovecot/conf.d/10-ssl.conf
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
vim /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no
auth_mechanisms = plain login
!include auth-sql.conf.ext
vim /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:/home/vmail/%d/%n
mail_privileged_group = mail
mbox_write_locks = fcntl
vim /etc/dovecot/conf.d/10-master.conf
service imap-login {
inet_listener imap {
}
inet_listener imaps {
}
}
service pop3-login {
inet_listener pop3 {
}
inet_listener pop3s {
}
}
service lmtp {
unix_listener lmtp {
}
}
service imap {
}
service pop3 {
}
service auth {
unix_listener auth-userdb {
}
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
}
service auth-worker {
}
service dict {
unix_listener dict {
}
}
vim /etc/dovecot/conf.d/auth-sql.conf.ext
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/home/vmail/%u
}
**###########################################################################
Create the dovecot-sql.conf.ext file for support dovecot-mysql
###########################################################################**
vim /etc/dovecot/dovecot-sql.conf.ext
driver = mysql
connect = host=127.0.0.1 dbname=mail user=postfixadmin password=postfixadmin
default_pass_scheme = MD5-CRYPT
password_query = SELECT username AS user,password FROM mailbox WHERE username = ‘%u’ AND active=’1’
user_query = SELECT maildir, 5000 AS uid, 5000 AS gid FROM mailbox WHERE username = ‘%u’ AND active=’1’
user_query = SELECT CONCAT(‘/home/vmail/‘, maildir) AS home, 5000 AS uid, 5000 AS gid, CONCAT(‘*:bytes=’, quota) AS quota_rule FROM mailbox WHERE username = ‘%u’ AND active=’1’
user_query = SELECT maildir, 5000 AS uid, 5000 AS gid, CONCAT(‘dict:storage=’,floor(quota/1000),’ proxy::quota’) as quota FROM mailbox WHERE username = ‘%u’ AND active=’1’
**############################################################################
########## install roundcubemail #################################
############################################################################**
yum install roundcubemail
vim /etc/httpd/conf.d/roundcubemail.conf
Alias /roundcubemail /usr/share/roundcubemail
change to
Alias /mail /usr/share/roundcubemail
<Directory /usr/share/roundcubemail/>
<IfModule mod_authz_core.c>
Apache 2.4
#Require local
</IfModule>
<IfModule !mod_authz_core.c>
Apache 2.2
#Order Deny,Allow
#Deny from all
#Allow from 127.0.0.1
#Allow from ::1
</IfModule>
</Directory>
Define who can access the installer
<Directory /usr/share/roundcubemail/installer/>
<IfModule mod_authz_core.c>
Apache 2.4
#Require local
</IfModule>
<IfModule !mod_authz_core.c>
Apache 2.2
#Order Deny,Allow
#Deny from all
#Allow from 127.0.0.1
#Allow from ::1
</IfModule>
</Directory>
create a database for roundcubemail
mysql -u root -p
create database rcmail;
create user ‘rcmail‘@’localhost’ identified by ‘rcmailpassword’;
grant all privileges on rcmail.* to ‘rcmail‘@’localhost’;
flush privileges;
service httpd reload
open http://ip_address/mail/installer/
check if any errors , if not , next , if so , fix it !
After Next , modify the database setting with last step you create
modify the SMTP Server with localhost , check “Use the current IMAP username and password for SMTP authentication”
language : zh_TW ( not sure if this works or not )
press create config file
copy the file to /etc/roundcubemail/config.inc.php
press continue
check if any errors
initialize database
test SMTP
with the first account/password you create in the postfixadmin section
test IMAP
mv /usr/share/roundcubemail/installer /usr/share/roundcubemail/installer.bak
login to roundcubemail
open https://ip_address/mail/
login with the account/password you create in the postfixadmin section
like username@domain.name
and there`s one mail waiting for you ~
Cong ! Everything works fine now ! ( it should be …..)