Postfix virtuális userek - Mysql - Courier Imapd
sze, 03/04/2009 - 23:06 | 
István
Postfix telepítése
A telepítéshez szükséges csomagok:
postfix
postfix-ldap
postfix-mysql
postfix-pcre
postfix-tls
A következõ beállításokat elvégezni:
# main.cf
transport_maps=mysql:/usr/local/etc/postfix/transport.cf
virtual_mailbox_maps=mysql:/usr/local/etc/postfix/mysql_virt.cf
virtual_uid_maps=mysql:/usr/local/etc/postfix/uids.cf
virtual_gid_maps=mysql:/usr/local/etc/postfix/gids.cf
virtual_mailbox_base=/usr/local/virtual
mydestination = $mydomain, $myhostname, $transport_maps
virtual_maps =mysql:/usr/local/etc/postfix/virtual.cf
# SASL2 konfiguráció hiányzik !!!
# master.cf -hez hozzáadni a köv. sort, ha még nem lenne ott
virtual unix - n n - - virtual
Majd létrehozni a következzõ fileokat a /usr/local/etc/postfix könyvtárban
# transport.cfuser=postfix
password=whatever
dbname=postfix
table=transport
select_field=transport
where_field=domain
hosts=localhost
# mysql_virt.cfuser=postfix
password= whatever
dbname=postfix
table=users
select_field=maildir
where_field=address
hosts=localhost
# uids.cfuser=postfix
password=whatever
dbname=postfix
table=users
select_field=uid
where_field=address
hosts=localhost
# gids.cfuser=postfix
password=whatever
dbname=postfix
table=users
select_field=gid
where_field=address
hosts=localhost
# virtual.cf
user=postfix
password=whatever
dbname=postfix
table=virtual
select_field=goto
where_field=address
hosts=localhost
Ha esetleg a fenti beállításokkal nem lehet a mysql szerverhez kapcsolódni, írd át a hosts= localhost -ot hosts = 127.0.0.1-re.
A user és a password mezõket minden fileban át kell írni érvényes, mysql-ben rögzített, postfix adatbázishoz hozzáférõ user/pass párosra.
Mysql telepítése:
Létre kell hozni a következõ táblákat:
#First Create the Database CREATE TABLE transport( # CREATE TABLE users ( # CREATE TABLE virtual (
CREATE DATABASE postfix;
use postfix;
#
# Table structure for table 'transport'
#
domain varchar(128) NOT NULL default '',
transport varchar(128) NOT NULL default '',
UNIQUE KEY domain (domain)
) TYPE=MyISAM;
# Table structure for table 'users'
#
id varchar(128) NOT NULL default '',
address varchar(128) NOT NULL default '',
crypt varchar(128) NOT NULL default '',
clear varchar(128) NOT NULL default '',
name varchar(128) NOT NULL default '',
uid smallint(5) unsigned NOT NULL default '1000',
gid smallint(5) unsigned NOT NULL default '1000',
home varchar(128) NOT NULL default '/',
domain varchar(128) NOT NULL default '',
maildir varchar(255) NOT NULL default '',
imapok tinyint(3) unsigned NOT NULL default '1',
bool1 tinyint(3) unsigned NOT NULL default '1',
bool2 tinyint(3) unsigned NOT NULL default '1',
PRIMARY KEY (id),
UNIQUE KEY id (id),
UNIQUE KEY address (address),
KEY id_2 (id),
KEY address_2 (address)
) TYPE=MyISAM;
# Table structure for table 'virtual'
#
address varchar(255) NOT NULL default '',
goto varchar(255) NOT NULL default '',
UNIQUE KEY address (address)
) TYPE=MyISAM;
Az adattáblák leírása:
| domain | Any domain you host. Including those you want to deliver to using local: as the transport. |
| transport | The transport method. All transport methods are legal, but usually either "local:" for local transport or "virtual:" for the virtual transport agent. |
Description of fields in virtual:
| address | This is the virtual address address@domain.tld which will be forwarded to the address in goto. For Postfix-style virtuals, this will also be the domain name. |
| goto | Where the virtual address above goes. This can be a comma-delimited list of addresses. It can include simply "user" entries for local users (root, postmaster, etc.), or, more commonly, complete user@domain.tld entries for users in virtual domains on your machine or for going out to other domains. |
Description of fields in users:
| id | username. Either user.domain.tld or user@domain.tld |
| address | email address. user@domain.com (if you use the second form above, this column can be omitted.) |
| crypt | The crypt() form of the password. The easies way to accomplish this is to use encrypt('password') in your insert query. |
| clear | Clear text password. (for support purposes or Cram-MD5) You really only need one of the two password forms. If you choose that one to be clear, make sure ALL of your users can handle Cram-MD5 authentication. |
| name | Users real name or whatever string you feel belongs here. (not required unless you tell Courier it's there.) |
| uid | virtual uid |
| gid | virtual gid (hint to make your life simpler: Make each domain have one and only one gid) |
| home | You can set this to just about anything above your maildir directory. Easiest (but not very secure) is to set it to "/". If you are running postfix chroot, this needs to be somewhere inside of the jail. For instance, "/var/spool/postfix/". And, yes, the maildirs must all be subdirectories of this directory. A mi esetünkben /usr/local/virtual |
| domain | user's domain name. This is far from necessary but comes in handy for support/programming purposes. |
| maildir | This is the users maildir. Use the full path. You don't have to, but use the full path. If this is a maildir, make sure that you include the trailing slash. (e.g. .../Maildir/ and NOT .../Maildir) Of course, if you want to use mbox (why, oh why?!) then you would need to exclude the slash. Konkrétan: user@domain.tld/Maildir/ |
| imapok | This field would allow one to prevent users from accessing their mail by setting it to 0 if you use the appropriate Courier setting in authmysqlrc of "MYSQL_WHERE_CLAUSE= imapok" This could be useful for torturing your users, among other things. |
| bool1 | Same as above. |
| bool2 | ditto. (yes, Kirby is an aspiring BOFH, how'd you guess?) |
További megjegyzések az adattáblákhoz:
Transport table:
The transport table is your transport map. It tells postfix what transport agent to use for each domain. It is not absolutely necessary if you want all of your users to be in the database. We do , however, highly recommend using a transport map. Having at least one domain handled with the local delivery agent means, among other things, simplicity if you have to deal with mailing lists later and that any users added to the system as system users will automatically receive mail properly. Even if you have domains explicitly defined in the mydestinations config option for postfix, you should make sure that every domain has a corresponding entry in the transport map. Another nice feature of the transport map is that you do not have to define mydestinations explicitly, simply add $transport_maps to mydestinations and you have all your domains added cleanly and effectively without having to reload Postfix when you add a domain.
Virtual table:
The virtual table is your virtual map. It is similar to aliases, but different. An entry in virtual cannot point to an executable or a file. It is simply address to address mapping. However, this doesn't mean it has to be one to one. You can have a single virtual alias point to multiple addresses in a comma-delimited list. The important thing to remember is that you can have either sendmail-style or postfix-style virtual domains. Under sendmail-style, all local aliases and users exist in the virtual domain's namespace as well. In other words, a local user jimbob would be able to recieve jimbob@virtual1.com, jimbob@virtual2.com, and jimbob@localmachinedomain.com all at the same time. This can cause a problem when hosting many domains (or only a few if you have more than one user named JimBob.) Enter postfix-style virtuals. With a postfix-style virtual, the virtual domain doesn't share anything. You must define every alias and/or user within that domain. One caveat is that this means root and postmaster aliases must be defined for every postfix-style virtual. In order to implement a postfix-style virtual, you will need one line in your virtual map that has the domain name on the left, and some random text on the right. One handy way of doing this in a database virtual table is to have an entry where address is the domain name and goto is the name of the domain owner, or some other informative little piece of text. A nice convention is to use sendmail-style virtuals on all of your domains that are delivered with the local delivery agent and postfix-style on all of your domains delivered with the virtual agent. For a more thorough description of the virtual table and sendmail-style vs. postfix-style virtuals, please read "man 5 virtual".
Az "address" mező mutatja a címzési alternatívát, a "goto" mező pedig, hogy hova legyen kézbesítve a levél. Több sor is lehet más-más address mezővel.
Users table:
The users table is the heart and soul of this whole thing. Transport and Virtual can easily be done as text files, but the users table makes this all worthwhile. While the other two tables are used only by Postfix, this table is shared between Postfix and Courier. That leads to interesting decisions in design. First of all, some will note the different id and address fields. In some cases, these fields may be identical. In that case, remove the address field, and replace address in all postfix config files with id. The reason there are two different fields is so you can use user.domain.tld, or user.somenumber or something along those lines rather than user@domain.tld as a username. If you plan on using user@domain.tld for logins and never changing it, don't waste space on an address field. Another important thing to remember is that the encrypted form of the password must be encrypted using the OS crypt(), not with MySQL's default encryption algorithm. This can be done by using crypt=encrypt('password') in your insert or update statement. You can increase the security of this by giving encrypt a second argument of a two-character salt. If you write a user management program to handle your data additions and updates, then creating it randomly will be useful. You can then use encrypt('password','salt') for the improved security. You also should note that you can have as many or as few (including none) of the fields beginning with "imapok" above. Those fields are not required, but can come in handy as mentioned in the table description. Also, remember that if you would like to use the maildir quota extension in courier-imap, you will need to add a quota field to hold that. Probably an unsigned int would be more than sufficient.
Further Notes on the Database:
You might, after looking at the above, be wondering why on a few data type and indexing choices. Well, according to the mysql docs, varchar is faster in lookups and takes less space than char, so that's why it is used for all strings here. As for the size of integers, it was just logical choosing based on potential size of the values. In the case of the essentially boolean values, even the tinyint given to them is too much. These could easily be defined as "int(1) unsigned" if MySQL allows. You could also go with ENUM as a data type for these. See MySQL docs for more details. As for indexing and such, it's a good idea to have both id and address unique and indexed for faster lookups since almost every select performed on the users table will include either id or address in the where clause. On transport, it's a good idea to index the domain field. On virtual, you definitely want address indexed. Your virtual table will get very large, very quickly, when you consider that every virtual domain will have three minimum entries. As you can see, the general idea is to index any field that is likely to show up in a where clause in database query. One other thing on the database: If you run Postfix in a chroot jail, and you are using localhost as your mysql server, you might want to add a hardlink to the mysql socket somewhere inside the jail/sandbox you are running in. Of course, this will likely break when you restart the MySQL server. Instead, it would be better to just use TCP. You can even use TCP with everything on the same system. Consult the MySQL documentation for details.
Courier Imapd
A szükséges csomagok:
courier-authdaemon
courier-authmysql
courier-base
courier-imap
és lehet még a: courier-pop
Az authmysqlrc -be a következõ sorokat illesszük: (minden elõzõ sort ami eredetileg benne van kommentezzük ki!)
#Contents of authmysqlrc
MYSQL_SERVER localhost #your mysql server
MYSQL_USERNAME courier
MYSQL_PASSWORD whatever
MYSQL_SOCKET /tmp/mysql.sock #necessary if you are on localhost
MYSQL_DATABASE maildb
MYSQL_USER_TABLE users
MYSQL_CRYPT_PWFIELD crypt
MYSQL_CLEAR_PWFIELD clear
MYSQL_UID_FIELD uid
MYSQL_GID_FIELD gid
MYSQL_LOGIN_FIELD id
MYSQL_HOME_FIELD home
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD maildir
MYSQL_WHERE_CLAUSE imapok=1 AND bool1=1 AND bool2=1
Majd az authdaemonrc -ben pedig módosítsük a authmodulelist-et
authmodulelist="authmysql authpam" #replace authpam with whatever your local auth is, authpwd, authsasl, whatever.
# If you only want users who are in the database to login, then only use authmysql above
version="authdaemond.mysql"
A filerendszeren
Minden usernek a fenti konfigurációk alapján a következõ alkönyvtárban kell lenniük: /usr/local/virtual. A Maildirek létrehozásakor a következõ szerint érdemes eljárni:
mkdir /usr/local/virtual/user@domain.tld
maildirmake /usr/local/virtual/user@domain.tld/Maildir
chown vuid.vguid /usr/local/virtual/user@domain.tld -R
Nagyon oda kell figyelni, hogy a korrekt uid és gid értékeket bejegyezzük a létrehozott Maildir könyvtárakon!
Tags:
Hello, could you please let
Submitted by Bill (nem ellenőrzött) on h, 08/02/2010 - 21:05.Hello, could you please let me know the name of the Drupal theme you are using for your website and where I can download it from?
this is my own first drupal
Submitted by István on v, 05/15/2011 - 14:32.this is my own first drupal theme what i made
Hozzászólás