Preface
Ed's FreeBSD postfix cyrus sasl2 mysql Virtual Mail How-To
This how-to will describe the steps required to create a virtual mail email server using FreeBSD, postfix (SMTP server), cyrus (POP3 and IMAP server), sasl2 (auth server), and MySQL (holds all addresses, passwords, aliases, and domains). Additionally it will use MD5 hashed/crypted passwords for security, and provide access to administer the users, domains, aliases, passwords via a web front-end as well as provide web access to email.
While I have a fully working virtual mail setup that this document describes, and others have successfully followed it as well, this is still a work in progress as I fill in any blanks left over and fix other minor errors. As it stands, it'll get you something like ~99% there if not completely. Everything seems to be here and accurate, but don't be surprised if something is missing or somewhat different when you attempt it. -
Why would you want to read/follow this how-to?
This is for anyone who wants to, or plans to, host one or more domains on a single machine and have bob@domain1.tld and bob@domain2.tld be completely different accounts. Most people will only host one domain, perhaps a couple, just for themselves and have no need for seperate bob@ users. But if you do need a seperate bob@ user for each domain, or want a "sealed system" w/o real user logins on the system, then this is for you. To do all of this we'll be using postfix, cyrus, sasl2, mysql, apache ( php4), squirrelmail ( vlogin, quota, and avelsieve plugins), and postfixadmin.
So will I have to have a bunch of CNAMEs and virtual hosts and stuff?
No, aside from the web interface portion if desired. Your users login names will be stuff like fu@domain1.tld and bar@domain2.tld. This isn't a wholly uncommon practice at any other ISP your users may have used before.
One of the other how-tos on this I read they stored the passwords as plaintext. What about this one?
Nope. There is a patch for sasl2 which allows the use of DES, MD5, and Blowfish crypted/hashed passwords. The MD5 hashed passwords you'll end up using from this are compatible with the FreeBSD passwords in the system passwd file.
I want to use Courier IMAP instead of Cyrus. Is that covered? Can you help me with that?
No, I can't help you with that and it isn't covered. If you want to use Courier IMAP with Postfix for a virtual mail system there are dozens of how-tos on that already. In fact, going that route is quite a bit easier.
I'd like to use PostgreSQL instead of MySQL. Can I and how?
Yes and No. Postfix can be made to use pgsql easily. Cyrus itself doesn't use either, but cyrus-sasl2 does. A friend tried to use pgsql and had errors compiling cyrus-sasl2 with the "frost" patches applied. Postfixadmin, as of 2.1.0, supports both MySQL and PgSQL. The big stumbling block to using PgSQL instead of MySQL is support in cyrus-sasl2. If anyone goes the PgSQL route mostly following this and gets it all to work feel free to email me the changes you needed to do so I can add them as a footnote or something.
Wow, this takes a lot of work!
Sure does, but following this how-to reduces the amount of work due to research and troubleshooting by more than 50%. No wonder it is so much easier to, you know, pay someone else to host your email and deal with all of the upgrade hassles.
I have users in my default domain (somedomain.com) and they can login using just their name (bob) in addition to their full email address (bob@somedomain.com). Is there a way to force them to use their full email address?
None that I am aware of short of using a different default domain. You might be able to use some sort of proxy for your remote pop3/imap connections, but that would very likely break SSL/TLS which would be even worse.
I want to use one installation of SquirrelMail and just point a bunch of different Apache virtual hosts at it (webmail.domain1.tld, www.domain2.tld/mail/, etc.). Can I do that, and how?
In this how-to we use Apache, SquirrelMail, and the SquirrelMail plugin vlogin to enable just that. I don't cover the addition of several Apache virtual hosts, but that's really all that needs to be done.
Some things to keep in mind
You got this off the internet - don't trust everything you find on the internet. Buyer beware. You might get what you paid for. You might get a whole lot more than what you paid for.
Your mileage will vary.
If you lose data, your job, or whatever, don't blame me - this is all at your own risk.
I use FreeBSD whenever possible and wrote this document for FreeBSD. If you use Linux this will still help you, but things will be Different and I won't help you - It can be done on Linux with minor changes, but you're on your own.
A lot of this document glosses over tons of stuff hardly ever mentioning the actualy install and/or readme documents that come with each piece of software mentioned here. We're basicly just blowing through things assuming that the defaults will be the same for you as they are for me right now. When in doubt, read the install, readme, and upgrading docs. In fact, you should read those anyway even if you follow this and it works right the first time.
Security is a problem in some cases here. Like I said, we're going to blow through some things just to get your virtual mail setup up and running. As an admin it is your job to understand your system and to take the needed steps to make it as secure as possible. This document isn't going to tell you all of those steps and it isn't meant for n00bs.
If you find a typo, or that something has changed since some piece of software has been upgraded, feel free to send me you're notes on that and I'll try and get this updated ASAP.
If you've used this before, or are just curious, you might find the Change Log to be of value.
What you'll need
A working FreeBSD 6.0 (or newer) system. FreeBSD 6.1 is highly recommended.
An up-to-date perl (5.8.6 ) just because upgrading perl later will be a pain in the ass. If using FreeBSD 5.3.x you'll very likely have to install a full perl from ports anyway.
sudo - If you don't know what this is you need to stop right here and not even consider this undertaking. At all. Period.
joe - Because I like it, vi bothers me, and emacs is the wrong answer.
MySQL 4.1.x
cyrus-sasl2
Cyrus 2.3.x
postfix 2.3.x
apache
PHP
phpMyAdmin - Optional though generally handy in case you need a quick peek at the tables and don't have shell access.
postfixadmin
squirrelmail
compatibility
vlogin
quota_usage
avelsieve
Happy fun compile/install/configure time
FreeBSD
You should be installing FreeBSD 6 these days. This how-to was originally written using 4.11-Rel and updated for 5.4-Rel, but everything applies to 6-Rel (and newer) with almost no exceptions. You're pretty much on your own with this step, but a base no-frills install with ports is all you need. You won't be needing X11 for any of this so don't install that unless you have some other need.
Be sure to CVSup your system to get the latest fixes and a current ports collection. Rebuild at least your kernel if there were any source changes (and trust me, there will have been some). For maximum security you should buildworld as well to make sure you get all updates to the system installed at once. Documenting how to cvsup the system and build the kernel and world are way beyond the scope of this document.
You're also going to probably want to setup a basic firewall on the system. I recommend using pf but ipfw and ipf both will do all of the basics. Again, this step is totally beyond the scope of this document.
perl
Get perl updated/installed if needed.
sudo
sudo allows you to run things as the super user (hence the name) or even as another user. It's very handy. Compile and install:
QUOTE:
cd /usr/ports/security/sudo
make install
|
设为首页
加入收藏
总编信箱