openwebmail整理篇

王朝other·作者佚名 2008-05-18

最近几天，我测试了一套openwebmail的webmail邮件服务器软件，该软件自由免费，对于一些中小型的公司做邮件系统比较合适，并且，功能还算比较齐全，所以，顺便将安装笔记整理了一下，以便让即将建设邮件系统的网络管理员们能够比较顺利的完成该系统的设置工作！！

另外，本人在安装过程中参考了部分网上资料，在此向他们表示感谢！！

系统环境：redhat 8.0

Open WebMail 基本安裝需求 :

sendmail-8.12.9-rbt.rh8.0.i386.rpm

imap-2001a-15.i386.rpm

perl-5.8.0-55.i386.rpm

cyrus-sasl-1.5.28.tar.gz

apche-1.3.26.tar.gz

CGI.pm-2.74.tar.gz

MIME-Base64-2.12.tar.gz

Text-Iconv-1.2.tar.gz

Authen-PAM-0.12.tar.gz

openwebmail-2.10.tgz

redhat8默认安装的是sendmail8.12.5 ,本测试环境中选择最新版本sendmail-8.12.9 所以先卸载旧版本：

rpm -e sendmail-8.12.5

一、安装sendmail+sasl支持：

1、安装认证库

如果先前已经安装有旧版本的 Cyrus SASL 请先将其移除，方法是手工删除/usr/lib/sasl或/usr/local/lib/sasl目录。

安装过程如下：

#cd /home/test

#tar xvfz cyrus-sasl-1.5.28.tar.gz

# cd cyrus-sasl-1.5.28

# ./configure -prefix=/usr --enable-login --with-pwcheck

# make

# make install

安装完成后，建立一个/var/pwcheck目录，pwcheck程序要用此目录。

接下来必须设置 sendmail 的使用者身分查验方式，这里使用系统帐号与密来进行验证：

安装结束以后，因为默认的安装路径为/usr/local/lib ，所以将认证库拷贝到/usr/lib中（openwebmail默认路径为/usr/lib)

# cp /usr/local/lib/lib* /usr/lib

# ln -s /usr/local/lib/sasl2 /usr/lib/sasl

# cd /usr/lib/sasl

# echo "pwcheck_method:pwcheck" > Sendmail.conf

2、安装sendmail :

# cd /home/test

# rpm -Uvh sendmail*.rpm

生成sendmail.cf文件，一般是编译sendmail.mc来生成sendmail.cf,这样的好处是通过编译，会查看出一些sendmail的设置错误

和漏洞。

# cd /etc/mail

# vi sendmail.mc (我的sendmail.mc内容如下）

divert(-1)dnl

dnl #

dnl # This is the sendmail macro config file for m4. If you make changes to

dnl # /etc/mail/sendmail.mc, you will need to regenerate the

dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is

dnl # installed and then performing a

dnl #

dnl # make -C /etc/mail

dnl #

include(`/usr/share/sendmail-cf/m4/cf.m4')dnl

VERSIONID(`setup for Red Hat Linux')dnl

OSTYPE(`linux')dnl

dnl #

dnl # Uncomment and edit the following line if your outgoing mail needs to

dnl # be sent out through an external mail server:

dnl #

dnl define(`SMART_HOST',`smtp.your.provider')

dnl #

define(`confDEF_USER_ID',``8:12'')dnl

define(`confTRUSTED_USER', `smmsp')dnl

dnl define(`confAUTO_REBUILD')dnl

define(`confTO_CONNECT', `1m')dnl

define(`confTRY_NULL_MX_LIST',true)dnl

define(`confDONT_PROBE_INTERFACES',true)dnl

define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl

define(`ALIAS_FILE', `/etc/aliases')dnl

dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl

define(`UUCP_MAILER_MAX', `2000000')dnl

define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl

define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl

define(`confAUTH_OPTIONS', `A')dnl

dnl #

dnl # The following allows relaying if the user authenticates, and disallows

dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links

dnl #

dnl define(`confAUTH_OPTIONS', `A p')dnl

dnl #

dnl # PLAIN is the preferred plaintext authentication method and used by

dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do

dnl # use LOGIN. Other mechanisms should be used if the connection is not

dnl # guaranteed secure.

dnl #

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

DAEMON_OPTIONS(`Port=25,Name=MTA')dnl

DAEMON_OPTIONS(`Port=587,Name=MSA,M=Ea')dnl

dnl #

dnl # Rudimentary information on creating certificates for sendmail TLS:

dnl # make -C /usr/share/ssl/certs usage

dnl #

dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')

dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')

dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')

dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')

dnl #

dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's

dnl # slapd, which requires the file to be readble by group ldap

dnl #

dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl

dnl #

dnl define(`confTO_QUEUEWARN', `4h')dnl

dnl define(`confTO_QUEUERETURN', `5d')dnl

dnl define(`confQUEUE_LA', `12')dnl

dnl define(`confREFUSE_LA', `18')dnl

define(`confTO_IDENT', `0')dnl

dnl FEATURE(delay_checks)dnl

FEATURE(`no_default_msa',`dnl')dnl

FEATURE(`smrsh',`/usr/sbin/smrsh')dnl

FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl

FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl

FEATURE(redirect)dnl

FEATURE(always_add_domain)dnl

FEATURE(use_cw_file)dnl

FEATURE(use_ct_file)dnl

dnl #

dnl # The -t option will retry delivery if e.g. the user runs over his quota.

dnl #

FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl

FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl

FEATURE(`blacklist_recipients')dnl

EXPOSED_USER(`root')dnl

dnl #

dnl # The following causes sendmail to only listen on the IPv4 loopback address

dnl # 127.0.0.1 and not on any other network devices. Remove the loopback

dnl # address restriction to accept email from the internet or intranet.

dnl #

dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

dnl #

dnl # The following causes sendmail to additionally listen to port 587 for

dnl # mail from MUAs that authenticate. Roaming users who can't reach their

dnl # preferred sendmail daemon due to port 25 being blocked or redirected find

dnl # this useful.

dnl #

dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl

dnl #

dnl # The following causes sendmail to additionally listen to port 465, but

dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed

dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't

dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS

dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps

dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.

dnl #

dnl # For this to work your OpenSSL certificates must be configured.

dnl #

dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl

dnl #

dnl # The following causes sendmail to additionally listen on the IPv6 loopback

dnl # device. Remove the loopback address restriction listen to the network.

dnl #

dnl # NOTE: binding both IPv4 and IPv6 daemon to the same port requires

dnl # a kernel patch

dnl #

dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl

dnl #

dnl # We strongly recommend not accepting unresolvable domains if you want to

dnl # protect yourself from spam. However, the laptop and users on computers

dnl # that do not have 24x7 DNS do need this.

dnl #

dnl FEATURE(`accept_unresolvable_domains')dnl

dnl #

dnl FEATURE(`relay_based_on_MX')dnl

dnl #

dnl # Also accept email sent to "localhost.localdomain" as local email.

dnl #

LOCAL_DOMAIN(`localhost.localdomain')dnl

dnl #

dnl # The following example makes mail from this host and any additional

dnl # specified domains appear to be sent from mydomain.com

dnl #

dnl MASQUERADE_AS(`mydomain.com')dnl

dnl #

dnl # masquerade not just the headers, but the envelope as well

dnl #

dnl FEATURE(masquerade_envelope)dnl

dnl #

dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well

dnl #

dnl FEATURE(masquerade_entire_domain)dnl

dnl #

dnl MASQUERADE_DOMAIN(localhost)dnl

dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl

dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl

dnl MASQUERADE_DOMAIN(mydomain.lan)dnl

MAILER(smtp)dnl

MAILER(procmail)dnl

其中：TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

将注视去掉，打开相应的认证机制，主要是为了支持outlook或foxmail ；

DAEMON_OPTIONS(`Port=25,Name=MTA')dnl

DAEMON_OPTIONS(`Port=587,Name=MSA,M=Ea')dnl

是添加的，设置相应的mta and msa的所用端口;

dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')

dnl FEATURE(`accept_unresolvable_domains'

要注掉, 允许通过网络连接Sendmail,并禁止不可解析的域名relay邮件；

最后保存。

3、编译sendmail.mc 生成sendmail.cf文件

# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

# echo "chinafood.org" > local-host-names

# sendmail -bd -q20m (启动sendmail)

# pwcheck & (启动认证程序）

二、检测结果。

1、检测SASL是否工作

#telnet localhost 25

输出类似如下：

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

220 chinafood.chinafood.org ESMTP Sendmail 8.12.9/8.12.9; Mon, 14 Jul 2003 14:37:27 +0800

ehlo chinafood.org

250-chinafood.chinafood.org Hello localhost.localdomain [127.0.0.1], pleased to meet you

250-ENHANCEDSTATUSCODES

250-PIPELINING

250-8BITMIME

250-SIZE 2000000

250-DSN

250-ETRN

250-AUTH LOGIN PLAIN

250-DELIVERBY

250 HELP

quit （退出）

只要输出有LOGIN PLAIN就OK!了；

到这里，sendmail就配置完了，你可以添加一个用户试试看，邮件用户是系统用户,如：

#useradd test

#passwd test (设置密码）

设置你的foxmail or outlook,要设置上用户需要smtp认证。

三、pop3安装。

redhat8.0中有它的rpm包，是imap-2001a-15.i386.rpm

# rpm -ivh imap-2001a-15.i386.rpm

修改/etc/xinetd.d/ipop3

把其中disable =yes更改为disable =no

# /etc/rc.d/init.d/xinetd restart --重起pop3服务

[root@fyhtest xinetd.d]# telnet localhost 110

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

+OK POP3 localhost v2001.78rh server ready

有以上显示，为正确。

四：安装openwebmail:

1、编译apache

#cd /home/test

# tar xzvf apache_1.3.26.tar.gz

# cd apache_1.3.26

# ./configure --prefix=/usr/httpd --enable-module=most --enable-shared=max

# make

# make install

然后设置站点，并修改如下行：

DocumentRoot "/usr/httpd/htdocs"

ScriptAlias /cgi-bin/ "/usr/httpd/cgi-bin/"

AddHandler cgi-script .cgi .pl

2、安装其他软件：

perl:

# rpm -Uvh perl-5.8.0-55.i386.rpm

CGI.pm:

# tar xzvf CGI.pm-2.74.tar.gz

# cd CGI.pm-2.7.4

# perl Makefile

# make

# make install

一下软件安装方法相同，在此不再介绍：

MIME-Base64-2.12.tar.gz

Text-Iconv-1.2.tar.gz

Authen-PAM-0.12.tar.gz

openwebmail安装配置：

# tar xzvf openwebmail-2.10.tgz

# cp -R cgi-bin /usr/httpd/

# cd data

# cp -R openwebmail /usr/httpd/htdocs

# chmod -R 755 /usr/httpd/cgi-bin

# chmod 4755 /usr/sbin/perl (设置perl的suid为）

# ln -s /usr/sbin/perl /usr/sbin/suidperl (openwebmail默认用suidperl解释）

1、修改：/usr/httpd/cgi-bin/openwebmail/auth_unix.pl文件：

my $unix_passwdfile_plaintext="/etc/passwd";

my $unix_passwdfile_encrypted="/etc/shadow";

my $unix_passwdmkdb="none";

2、修改 /usr/httpd/cgi-bin/openwebmail/etc/openwebmail.conf (我的文件内容如下）

domainnames auto

auth_module auth_unix.pl

mailspooldir /var/spool/mail

dbm_ext .db

dbmopen_ext %dbm_ext%

dbmopen_haslock no

ow_cgidir /usr/httpd/cgi-bin/openwebmail

ow_cgiurl /cgi-bin/openwebmail

ow_htmldir /usr/httpd/htdocs/openwebmail

ow_htmlurl /openwebmail

logfile /var/log/openwebmail.log

spellcheck /usr/bin/ispell

<default_signature>

Open WebMail Project (http://openwebmail.org)

</default_signature>

然后运行/usr/httpd/cgi-bin/openwebmail/openwebmail-tool.pl --init

并启动apache:

/usr/httpd/bin/apachectl start

到此，你可以浏览一下看安装是否成功：http://youdomain/cgi-bin/openwebmail/openwebmail.pl

如我的地址：http://211.154.167.60/cgi-bin/openwebmail/openwebmail.pl