linux as5.5下测试postfix+cyrus-imap+cyrus-sasl

测试环境：

cat /proc/version
Linux version 2.6.18-194.el5xen

[root@mail ~]# rpm -qa |grep sasl
cyrus-sasl-plain-2.1.22-5.el5_4.3
cyrus-sasl-lib-2.1.22-5.el5_4.3
cyrus-sasl-md5-2.1.22-5.el5_4.3
cyrus-sasl-2.1.22-5.el5_4.3
cyrus-sasl-devel-2.1.22-5.el5_4.3

[root@mail ~]# rpm -qa |grep postfix
postfix-2.3.3-2.1.el5_2

[root@mail ~]# rpm -qa |grep cyrus-imap
cyrus-imapd-utils-2.3.7-7.el5_4.3
cyrus-imapd-perl-2.3.7-7.el5_4.3
cyrus-imapd-2.3.7-7.el5_4.3

以上全为linux as 5.5所带的版本，记得删除sendmail



服务起动命令：

service saslauthd start

chkconfig --level 0123456 saslauthd on

service postfix start

chkconfig --level 0123456 postfix on

service cyrus-imapd start

chkconfig --level 0123456 cyrus-imapd on

配置cyrus-imap本地验证shadow

[root@mail ~]# saslauthd -v #查看cyrus-sasl验证支持
saslauthd 2.1.22
authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap

[root@mail ~]# saslauthd -a shadow #选择验证方式

[root@mail ~]# ps -ef |grep saslauthd
root 2794 1 0 10:05 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
root 2795 2794 0 10:05 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
root 2796 2794 0 10:05 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
root 2797 2794 0 10:05 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
root 2798 2794 0 10:05 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
root 3656 3594 0 10:21 pts/1 00:00:00 grep saslauthd

配置imap服务器

[root@mail ~]# vi /etc/imapd.conf

configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt

cyrus imap采用的是4.3BSD 格式的syslog，

vi /etc/syslog 并加入下面两行

local6.debug /var/log/imapd.log
auth.debug /var/log/auth.log

　　生成两个空白的日志文件

touch /var/log/imapd.log /var/log/auth.log

创建相应的配置目录根据我们前面的配置文件进行设置

cd /var
mkdir imap
chown cyrus mail

chgrp mail mail

chmod 750 mail

cd /var/spool
mkdir imap
chown cyrus mail

chgrp mail mail

chmod 750 imap
cd /usr
mkdir sieve
chown cyrus sieve
chgrp mail sieve
chmod 750 sieve

cd /var/imap
chattr +S user quota user/* quota/*
chattr +S /var/spool/imap /var/spool/imap/*

　　如果你使用的是senmail作MTA则需要执行下面一句

chattr +S /var/spool/mqueue

　　编辑/etc/services文件，如果文件中没有一下内容，则加入下面的几行

pop3 110/tcp
imap 143/tcp
imsp 406/tcp
acap 674/tcp
imaps 993/tcp
pop3s 995/tcp
kpop 1109/tcp
sieve 2000/tcp
lmtp 2003/tcp
fud 4201/udp

　　查看/etc/inetd.conf文或/etc/xinetd.d目录下是否有关于imap, imaps, pop3, pop3s, kpop, lmtp 和 sieve的内容，如果有则删去相应的内容

　　重新启动inet或xinet进程

/etc/rc.d/init.d/inet resart

　　或

/etc/rc.d/init.d/xinet restart

　　配置主进程文件：在原代码文件下的master/config目录下有相应的参考配置文件，我们选择最基本的安装文件

cp master/conf/small.conf /etc/cyrus.conf

　　如果你的cyrus imap在编译过程中有加入对openssl等的支持，则可以使用normal.conf
cp master/conf/normal.conf /etc/cyrus.conf

编辑/etc/cyrus.conf
　　把

lmtpunix cmd='lmtpd' listen='/var/imap/socket/lmtp' prefork=0

　　替换成

lmtpunix cmd='lmtpd' listen='/var/imap/socket/lmtp' prefork=1

[root@mail ~]# service cyrus-imapd restart
正在关闭 cyrus-imapd：[确定]
导出 cyrus-imapd 数据库：[确定]
导入 cyrus-imapd 数据库：[确定]
启动 cyrus-imapd：[确定]
[[root@mail ~]# telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK mail.local.vic-cn.com Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-7.el5_4.3 server ready

quit
+OK
Connection closed by foreign host.

建立mailbox

[root@mail ~]# id cyrus

uid=76(cyrus) gid=12(mail) groups=12(mail),76(saslauth) context=root:system_r:unconfined_t:SystemLow-SystemHigh
[root@mail ~]# su cyrus

bash-3.2$ cyradm -u cyrus localhost
IMAP Password:
localhost.localdomain> help #cyrus-imap管理界面
authenticate, login, auth authenticate to server
chdir, cd change current directory
createmailbox, create, cm create mailbox
deleteaclmailbox, deleteacl, dam remove ACLs from mailbox
deletemailbox, delete, dm delete mailbox
disconnect, disc disconnect from current server
exit, quit exit cyradm
help, ? show commands
info display mailbox/server metadata
listacl, lam, listaclmailbox list ACLs on mailbox
listmailbox, lm list mailboxes
listquota, lq list quotas on specified root
listquotaroot, lqr, lqm show quota roots and quotas for mailbox
mboxcfg, mboxconfig configure mailbox
reconstruct reconstruct mailbox (if supported)
renamemailbox, rename, renm rename (and optionally relocate) mailbox
server, servername, connect show current server or connect to server
setaclmailbox, sam, setacl set ACLs on mailbox
setinfo set server metadata
setquota, sq set quota on mailbox or resource
subscribe, sub subscribe to a mailbox
unsubscribe, unsub unsubscribe from a mailbox
version, ver display version info of current server
xfermailbox, xfer transfer (relocate) a mailbox to a different server
localhost.localdomain> cm user.test
localhost.localdomain> sq user.test 100000
quota:100000
localhost.localdomain> lm
user.mail (\HasNoChildren) user.test (\HasNoChildren)
user.mis (\HasNoChildren) user.wiz (\HasNoChildren)
user.postmaste (\HasNoChildren)
localhost.localdomain> lq user.test
STORAGE 0/100000 (0%)

创建了用户邮箱user.test后，只有该用户对该邮件信箱具有完全控制的权限。即使是管理员cyrus也无权。
想要删除它，必须赋予管理员完全控制的权限(setacl命令)，可以用listacl命令查看用户对该信箱的访问权限。

localhost.localdomain> listacl user.test
test lrswipkxtecda
localhost.localdomain> dm user.test #删除邮箱
deletemailbox: Permission denied
localhost.localdomain> setacl user.test cyrus all
localhost.localdomain> dm user.test
localhost.localdomain> cm user.test
localhost.localdomain> sq user.test 100000
quota:100000
localhost.localdomain> exit
bash-3.2$ exit
exit

[root@mail ~]# ls /var/spool/imap/t/user #建立好邮箱后会生成相应目录
test
[root@mail ~]# useradd test -g mail -s /sbin/nologin

[root@mail ~]# id test
uid=502(test) gid=12(mail) groups=12(mail) context=root:system_r:unconfined_t:SystemLow-SystemHigh
[root@mail ~]# imtest -m login -a test localhost #测试imap test用户登录
S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS] mail.test.com Cyrus IMAP4 v2.3.7-Invoca-RPM-2.3.7-7.el5_4.3 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN test {4}
S: + go ahead
C:
S: L01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH] User logged in
Authenticated.
Security strength factor: 0
. logout
* BYE LOGOUT received
. OK Completed
Connection closed.

配置postfix

[root@mail /]# cat ./usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login

[root@mail ~]# vi /etc/postfix/main.cf

[root@mail ~]#

[root@mail ~]# postconf -n #main.cf的配置结果
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/spool/imap
mailbox_command = /usr/bin/procmail -a -o -a $DOMAIN -d $LOGNAME
mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost, $mydomain
mydomain = test.com
myhostname = test.com
mynetworks_style = class
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
relay_domains = $mydestination
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_client_restrictions = permit_sasl_authenticated
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = ''
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 550



[root@mail ~]# service saslauthd restart
停止 saslauthd：[确定]
启动 saslauthd：[确定]
[root@mail ~]# service cyrus-imapd restart
正在关闭 cyrus-imapd：[确定]
导出 cyrus-imapd 数据库：[确定]
导入 cyrus-imapd 数据库：[确定]
启动 cyrus-imapd：[确定]
[root@mail ~]# service postfix restart
关闭 postfix：[确定]
启动 postfix： [确定]
[root@mail ~]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.test.com ESMTP Postfix
helo microsoft.com
250 mail.test.com
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@mail ~]#

以上测试不足之处，请高手指点