Postfix's Courier-authlib detailed

Cureier Authentication Library:
Courier-authlib is an authentication library in the Courier component, which is a separate subproject in the courier component that provides authentication services for other components of courier. The authentication function usually includes checking the account number and password at the time of login, obtaining information about the home directory or mail directory, changing the password of the account, etc. and the implementation of its certification also includes based on Pam through/ETC/PASSWD and/etc/shadow certification, based on GDBM or DB certification, based on LDAP/MYSQL/POSTGRESQL certification. As a result, courier-authlib is also often used to integrate with other mail components (such as postfix) other than courier to provide authentication services.

Configuration file:
/etc/authmysqlrc
Provides configuration for email account authentication via MySQL

/etc/ahutdaemonrc


0. Install the dependent packages:
#yum-y install Libtool-ltdl libtool-ltdl-devel expect perl-dbd-mysql tcl tcl-devel LIBART_LGPL libart_lgpl-devel Libtool -ltdl Libtool-ltdl-devel

The Libtool-ltdl package is a dynamic module loader, and some programs rely on it to load certain modules to provide a runtime environment.

Expect package provides inter-host communication

1. Compile and install:
#tar XF courier-authlib-xxx.tar.bz2
#cd coutier-authlib-xxx
#./configure \
--prefix=/usr/local/courier-authlib \
--SYSCONFDIR=/ETC \
--without-authpam \
--without-authshadow \
--WITHOUT-AUTHVCHKPW \
--without-authpgsql \
--without-authsqlite \
--with-authmysql \
--with-mysql-libs=/usr/lib/mysql \
--with-mysql-includes=/usr/include/mysql \
--with-redhat \
--WITH-AUTHMYSQLRC=/ETC/AUTHMYSQLRC \
--WITH-AUTHDAEMONRC=/ETC/AUTHDAEMONRC \
--with-mailuser=postfix \
--with-mailgroup=postfix \
--with-ltdl-lib=/usr/lib \
--with-ltdl-include=/usr/includee
#make
#make Install


Compilation-Related options: Select Depending on the situation.
--prefix=/usr/local/courier-authlib
--sysconfdir=/etc
--without-authpam does not support PAM-based authentication
--without-authshadow does not support shadow-based authentication
--WITHOUT-AUTHVCHKPW does not support VCHKPW-based authentication
--without-authpgsql does not support Pgsql-based authentication
--without-authsqlite does not support Sqlitle-based authentication
--with-authmysql based on MySQL authentication
--with-mysql-libs=/usr/lib/mysql specifying MySQL library file path
--with-mysql-includes=/usr/include/mysql specifying MySQL header file path
--with-redhat Automatic optimization of the Redhat system, do not use this option for other systems.
--WITH-AUTHMYSQLRC=/ETC/AUTHMYSQLRC specifying the MYSQLRC profile location
--WITH-AUTHDAEMONRC=/ETC/AUTHDAEMONRC specifying the daemon configuration file location
--with-mailuser=postfix Specifying Messaging Management users
--with-mailgroup=postfix Specifying user groups
--with-ltdl-lib=/usr/lib Specify Ltdl library location, requires LIBTOOL-LTDL and Libtool-ltdl-devel package
--with-ltdl-include=/usr/include Specifies the Ltdl header file location. Requires Libtool-ltdl and Libtool-ltdl-devel packages
--WITH-AUTHDAEMONVAR=/VAR/SPOOL/AUTHDAEMON Specifies the socket socket file location. Do not specify default under/usr/local/courier-authlib/var/spool/authdaemon

2. Copy the SysV script:
#cp Courier-authlib.sysvinit/etc/rc.d/init.d/courier-authlib
#chmod 755/etc/init.d/courier-authlib

3. Compiling the smtpd.conf file
#vim/usr/lib/sasl2/smtpd.conf
The Pwchech_menthod:authdaemond password authentication method is changed to the service through Cuorier-authlib, not the CRYUS-SASL service.
Mech_list:plain LOGIN
Authdaemond_path=/usr/local/courier-authlib/var/spool/authdaemon/socket Specifies the service process location, using the socket (socket) method.

4. Set the Socket folder permissions and copy the configuration file:
#chmod 755/usr/usr/local/courier-authlib/var/spool/authdaemon/
#cp/ETC/AUTHDAEMONRC.DIST/ETC/AUTHDAEMONRC
#cp/ETC/AUTHMYSQLRC.DIST/ETC/AUTHMYSQLRC

5. Configuring AUTHMYSQLRC Files and AUTHDAEMONRC
#vim/ETC/AUTHDAEMONRC
authmodulelist= "Authmysql" Designated authentication module
Ahtumodulelistorig= "Authmysql" Specifies authentication of the original module module
daemons=10 default number of startup processes
AUTHDAEMONVAR=/USR/LOCAL/COURIER-AUTHLIB/VAR/SPOOL/ATUHDAEMON Specifies the socket file location. If the compilation is not specified can be modified here, note that the folder to be created well in advance.
Debug_login=0 whether debugging is enabled. 0 means not enabled, 1 means enabled, and 2 means that password logging is enabled at the same time.

#vim/ETC/AUTHMYSQLRC
Mysql_server the address of the localhost MySQL server. LocalHost indicates that the native
Mysql_port 3306 MySQL's listening address
Mysql_username Extmail Specify the account to connect to MySQL. Because the back is to be managed with Extman, extmail the default user is extmail after installation.
Mysql_password extmail password for designated account
MYSQL_SOCKET/VAR/LIB/MYSQL/MYSQL.SOCK Specifies the MySQL socket location.
Mysql_database Extmail Specify the database to use
Mysql_user_table mailbox Specifies the table where the user data is stored
Mysql_crypt_pwfield Password Specify user password field
Mysql_uid_field ' 2525 ' specifies the UID for the uid,postfix of the access process is 2525.
Mysql_gid_field ' 2525 ' specifies the GID of the access process.
Mysql_login_field Username Specify user account fields
Mysql_home_field concat ('/var/mailbox/', homedir) specifies the location of the user's home directory. The virtual user does not have a home directory, so it is consistent with the mailbox directory. Contcat () is a function of MySQL that connects the contents of parentheses.
Mysql_name_field name Specifies the field of the user name
Mysql_maildir_field concat ('/var/mailbox/', MAILDIR) specifies the location of the user's mailbox directory.

6. Configure MAIN.CF to allow Postfix to support virtual domains and virtual users:
#vim/ETC/POSTFIX/MAIN.CF
####################### #Virtual Mailbox settings########################
Virtual_mailbox_base =/var/mailbox Specifies the path of the user's mail-hosting directory
Virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf The mapping table of the user's mailbox, accessing the specified file line lookup by means of MySQL. The file is a collection of query statements.
Virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf Virtual domain mapping table, the file is provided by Extman.
Virtual_alias_domains = alias domain
Virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf alias mapping table
Virtual_uid_maps = static:2525
Virtual_gid_maps = static:2525
Virtual_transport = Virtual Specifies another post agent MDA

######################### #QUOTA settings######################## Quota related
Message_size_limit = 14336000 message size display
Virtual_mailbox_limit = 20971520 Mailbox Size limit


7. Create a mailbox directory and modify SMTP authentication
#mkdir-P/var/mailbox
#chmod-R Postfix/var/mailbox
#vim/usr/lib/sasl2/smtpd.conf
Pwcheck_method:authdaemond
Log_level:3
Mech_list:plain LOGIN
Authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket


8. Create a database using the Extmail.sql and Init.sql in the Docs directory under the Extman source directory:
# Tar XF extman-xxx.tar.gz
# CD Extman-xxx/docs
# mysql-u Root-p < Extmail.sql SQL Scripts (xxx.sql) can be executed using the MySQL < Xxx.sql input redirection method.
# Mysql-u Root-p < Init.sql

#mysql-uroot-p
Mysql> GRANT All privileges the extmail.* to [e-mail protected] identified by ' Extmail '; Create Extmail user and authorize, password is extmail, it is best to give SELECT permission only in production environment.
Mysql> GRANT All privileges the extmail.* to [e-mail protected] identified by ' Extmail ';
mysql> FLUSH privileges;

# CP mysql*/etc/postfix/Copy the specified file in the past, if you modify the account, password, library, table and other information, you want to change the definition of the password in these files together, consistent.


Note: If you import the SQL Pin this report is wrong because the definition of the engine in the script is changed from type to engine, and the engines used are not the same, so the script needs to be modified.
#sed-i ' [email protected][email protected][email protected] ' Extmail.sql

9. Modify the main.cf file to annotate the relevant entry to enable the virtual domain
#vim/ETC/POSTFIX/MAIN.CF
#myhostname = Mailservername. DOMAIN
#myorigin = $mydomain
#mydomain = DOMAIN
#mydestination = $myhostname, localhost. $mydomain, localhost, $mydomain, ns. $mydomain or you can change your needs.
Mynetworks = 127.0.0.0/8 is only allowed for local relay.


10. View the virtual domain,
#mysql-uroot-p
Mysql> SHOW DATABASES;
mysql> use Extmail; The Extmal database was created from a SQL script.
Mysql> SHOW TABLES;
Mysql> SELECT * From DOMAIN\G Displays the domain table-related content vertically. This table contains information about the virtual domain.

Later, you can add the virtual domain via Extman, which is easier than directly manipulating MySQL.


11. Configure Dovecot to support virtual domains and virtual users
#vim/etc/dovecot.conf
Mail_location = Maildir:/var/mailbox/%d/%n/maildir Sets the location of the message,%d for the domain name, and%n for the user name. Are custom macros that are dovecot.
Auth Default {
mechanisms = Plain authentication mechanism using plain
PASSDB SQL {Using SQL authentication
args =/etc/dovecot-mysql.conf Specify query file
}
UserDB SQL {Using SQL authentication
args =/etc/dovecot-mysql.conf Specify query file
}

# vim/etc/dovecot-mysql.conf
Driver = MySQL
Connect = host=localhost dbname=extmail user=extmail password=extmail
Default_pass_scheme = CRYPT Default Encryption method
Password_query = SELECT username as user,password as password from mailbox WHERE username = '%u '
User_query = SELECT Maildir, uidnumber as UID, gidnumber as GID from mailbox WHERE username = '%u '

Description: If the MySQL server is a local host, that is Host=localhost, if the Mysql.sock file is not the default/var/lib/mysql/mysql.sock, you can specify a new location by using the host= "path to sock file".
For example, to compile and install Mysql,mysql socket default in/tmp, then Host=/tmp/mysql.sock


#systemctl Restart Dovecot

This article is from "Small Private blog" blog, please be sure to keep this source http://ggvylf.blog.51cto.com/784661/1668737

Postfix's Courier-authlib detailed