Install/iRedAPD/MySQL/zh CN
From iRedMail
(Difference between revisions)
Shake.chen (Talk | contribs) (→Configure postfix) |
Shake.chen (Talk | contribs) (→配置 postfix) |
||
| Line 111: | Line 111: | ||
smtpd_recipient_restrictions = | smtpd_recipient_restrictions = | ||
... | ... | ||
| - | check_policy_service inet:127.0.0.1:7777, # <-- | + | check_policy_service inet:127.0.0.1:7777, # <-- 插入这行 |
permit_mynetworks, | permit_mynetworks, | ||
permit_sasl_authenticated, | permit_sasl_authenticated, | ||
| Line 118: | Line 118: | ||
</pre>}} | </pre>}} | ||
| - | * 重启 | + | * 重启 postfix,让修改生效。 |
{{cmd|<pre># /etc/init.d/postfix restart</pre>}} | {{cmd|<pre># /etc/init.d/postfix restart</pre>}} | ||
Revision as of 08:24, 13 March 2010
Contents |
- Read this tutorial in other languages
- English
- Chinese
简介与功能列表
- iRedAPD 是由 iRedMail 团队开发的 Postfix policy daemon 程序,用于实现在 SMTP 会话阶段的高级访问控制。
- 同时支持 OpenLDAP 和 MySQL backend。
- 支持插件机制。
| Plugin name | Description | Backend |
|---|---|---|
| ldap_maillist_access_policy | Used to restrict mail list access | OpenLDAP |
| sql_alias_access_policy | Used to restrict alias access | MySQL |
Requirements
- Python >= 2.4, core programming language.
- Python-MySQLdb, is the Python DB API-2.0 interface.
- web.py >= 0.3.0, a web framework for python that is as simple as it is powerful.
- DBUtils, is a suite of tools providing solid, persistent and pooled connections to a database.
- iRedMail: All iRedMail versions should work as expected.
改变 MySQL 表
插件 sql_alias_access_policy 在 vmail.alias 表里添加两列,用来保存访问策略和管理员的邮箱地址。
| Terminal: |
mysql> USE vmail; mysql> ALTER TABLE alias ADD COLUMN accesspolicy VARCHAR(30) NOT NULL DEFAULT ''; mysql> ALTER TABLE alias ADD COLUMN moderators TEXT NOT NULL DEFAULT ''; |
安装需要的 python 模块
- RHEL/CentOS:
| Terminal: |
# yum install MySQL-python python-setuptools # easy_install web.py DBUtils |
- Debian/Ubuntu:
| Terminal: |
$ sudo apt-get install python-setuptools python-mysqldb $ sudo easy_install web.py DButils |
- FreeBSD:
下载和配置 iRedAPD
- 从 download page下载iRedAPD.
- 复制 iRedAPD 到 /opt/, 设置文件权限并创建软连接。
| Terminal: |
# tar xjf iRedAPD-x.y.z.tar.bz2 -C /opt/ # ln -s /opt/iRedAPD-x.y.z /opt/iredapd # chmod +x /opt/iredapd/src/iredapd.py |
- 复制启动脚本到 /etc/init.d/ (Linux) 或 /usr/local/etc/rc.d/ (FreeBSD):
| Terminal: |
# cp /opt/iredapd/rc_scripts/iredapd /etc/init.d/iredapd # chmod +x /etc/init.d/iredapd |
- 复制示例配置文件:
| Terminal: |
# cp /opt/iredapd/etc/iredapd.ini.sample /opt/iredapd/etc/iredapd.ini |
- 编辑 /opt/iredapd/etc/iredapd.ini :
| File: /opt/iredapd/etc/iredapd.ini |
[general] # Listen address and port. listen_addr = 127.0.0.1 listen_port = 7777 # Background/daemon mode: yes, no. run_as_daemon = yes # Path to pid file. pid_file = /var/run/iredapd.pid # Log type: file. log_type = file log_file = /var/log/iredapd.log # Log level: info, warning, error, debug. # 'info' is recommended for product use. log_level = info # Backend: ldap, mysql. backend = mysql [mysql] # For MySQL backend only. server = 127.0.0.1 db = vmail user = vmail password = Psaf68wsuVctYSbj4PJzRqmFsE0rlQ alias_table = alias # Enabled plugins. plugins = sql_alias_access_policy |
- 启动 iRedAPD。
| Terminal: |
# /etc/init.d/iredapd start |
- 让 iRedAPD 开机启动。
- on RHEL/CentOS:
| Terminal: |
# chkconfig --level 345 iredapd on |
- on Debian/Ubuntu:
| Terminal: |
$ update-rc.d iredapd defaults |
- on FreeBSD, you should append below line to /etc/rc.conf:
| File: /etc/rc.conf |
iredapd_enable='YES' |
配置 postfix
- 修改Postfix设置,在配置文件/etc/postfix/main.cf的 smtpd_recipient_restrictions:
| File: /etc/postfix/main.cf |
smtpd_recipient_restrictions =
...
check_policy_service inet:127.0.0.1:7777, # <-- 插入这行
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
...
|
- 重启 postfix,让修改生效。
| Terminal: |
# /etc/init.d/postfix restart |
Available access policy levels
There're five default policy rules for mail alias:
| Policy | Description | Value of column 'accesspolicy' |
|---|---|---|
| Unrestricted | Email is unrestricted, which means everyone can mail to this address. | public |
| Domain Wide | Only users under same domain can send mail to this address. | domain |
| Members Only | Only members can send mail to this address. | membersOnly |
| Moderators Only | Only moderators can send mail to this address. | moderatorsOnly |
| Members and Moderators Only | Only members and moderators can send mail to this address. | membersAndModeratorsOnly |
Note: Value of column 'accesspolicy' is case-insensitive.
Troubleshooting & Debug
If iRedAPD doesn't work as expected, you can simplily set log_level = debug in /opt/iredapd/etc/iredapd.ini, restart iredapd and monitor its log file /var/log/iredapd.log, create a new forum topic in iRedMail forum and paste log message in forum topic.
