From iRedMail

(Difference between revisions)

Revision as of 08:40, 13 March 2010

简介与功能列表

iRedAPD 是由 iRedMail 团队开发的 Postfix policy daemon 程序，用于实现在 SMTP 会话阶段的高级访问控制。
同时支持 OpenLDAP 和 MySQL backend。
支持插件机制。

Available Plugins
Plugin name	Description	Backend
ldap_maillist_access_policy	Used to restrict mail list access	OpenLDAP
sql_alias_access_policy	Used to restrict alias access	MySQL

安装需求

Python >= 2.4。核心编程语言。
Python-MySQLdb。Python 访问 MySQL 的数据库接口。
web.py >= 0.3.0。一个简洁的 web 框架。
DBUtils。用于实现高效的数据库访问连接池，在大负载的情况下可以极大地保持数据库访问速度。
iRedMail。所有版本的 iRedMail 均适用。

改变 MySQL 表

插件 sql_alias_access_policy 在 vmail.alias 表里添加两列，用来保存访问策略和管理员的邮箱地址。

Terminal:

mysql> USE vmail;
mysql> ALTER TABLE alias ADD COLUMN accesspolicy VARCHAR(30) NOT NULL DEFAULT '';
mysql> ALTER TABLE alias ADD COLUMN moderators TEXT NOT NULL DEFAULT '';

安装系统需要的 python 模块

RHEL/CentOS:

Terminal:

# yum install MySQL-python python-setuptools
# easy_install web.py DBUtils

Debian/Ubuntu:

Terminal:

$ sudo apt-get install python-setuptools python-mysqldb
$ sudo easy_install web.py DButils

FreeBSD:

下载和配置 iRedAPD

从 download page下载iRedAPD.
复制 iRedAPD 到 /opt/, 设置文件权限并创建软连接。

Terminal:

# tar xjf iRedAPD-x.y.z.tar.bz2 -C /opt/
# ln -s /opt/iRedAPD-x.y.z /opt/iredapd
# chmod +x /opt/iredapd/src/iredapd.py

复制启动脚本到 /etc/init.d/ (Linux) 或 /usr/local/etc/rc.d/ (FreeBSD):

Terminal:

# cp /opt/iredapd/rc_scripts/iredapd /etc/init.d/iredapd
# chmod +x /etc/init.d/iredapd

复制示例配置文件:

Terminal:

# cp /opt/iredapd/etc/iredapd.ini.sample /opt/iredapd/etc/iredapd.ini

编辑 /opt/iredapd/etc/iredapd.ini :

File: /opt/iredapd/etc/iredapd.ini

[general]
# Listen address and port.
listen_addr     = 127.0.0.1
listen_port     = 7777

# Background/daemon mode: yes, no.
run_as_daemon   = yes

# Path to pid file.
pid_file        = /var/run/iredapd.pid

# Log type: file.
log_type        = file
log_file        = /var/log/iredapd.log

# Log level: info, warning, error, debug.
# 'info' is recommended for product use.
log_level       = info

# Backend: ldap, mysql.
backend     = mysql

[mysql]
# For MySQL backend only.
server      = 127.0.0.1
db          = vmail
user        = vmail
password    = Psaf68wsuVctYSbj4PJzRqmFsE0rlQ
alias_table = alias

# Enabled plugins.
plugins = sql_alias_access_policy

启动 iRedAPD。

Terminal:

# /etc/init.d/iredapd start

让 iRedAPD 开机启动。
- RHEL/CentOS:

Terminal:

# chkconfig --level 345 iredapd on

- Debian/Ubuntu:

Terminal:

$ update-rc.d iredapd defaults

- FreeBSD, 你需要在/etc/rc.conf配置文件里添加一行:

File: /etc/rc.conf

iredapd_enable='YES'

配置 postfix

修改Postfix设置，在配置文件/etc/postfix/main.cf的 smtpd_recipient_restrictions:

File: /etc/postfix/main.cf

smtpd_recipient_restrictions =
    ...
    check_policy_service inet:127.0.0.1:7777,     # <-- 插入这行
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    ...

重启 postfix，让修改生效。

Terminal:

# /etc/init.d/postfix restart

可以设置的访问策略

针对邮件的alias，有5种策略可以设置：

Policy	Description	Value of column 'accesspolicy'
无限制	Email is unrestricted, which means everyone can mail to this address.	public
只允许域内的用户发送邮件给 alias	Only users under same domain can send mail to this address.	domain
只允许 alias 的成员发送邮件到 alias	Only members can send mail to this address.	membersOnly
只允许规定的管理员（moderators）发送邮件给 alias	Only moderators can send mail to this address.	moderatorsOnly
只允许 alias 的成员和管理员发送邮件给 alias	Only members and moderators can send mail to this address.	membersAndModeratorsOnly

备注:'accesspolicy' 值是区分大小写的.

排错 & Debug

如果iRedAPD工作不正常，你可以在/opt/iredapd/etc/iredapd.ini设置log_level = debug , 重启 iredapd 并观察log文件/var/log/iredapd.log, 到 iRedMail 论坛发贴并附上日志信息。

@@ Line 121: / Line 121: @@
 {{cmd|<pre># /etc/init.d/postfix restart</pre>}}
-= Available access policy levels =
+= 可以设置的访问策略 =
-There're five default policy rules for mail alias:
+针对邮件的alias，有5种策略可以设置：
 <table border="1">
 <tr>

Install/iRedAPD/MySQL/zh CN

From iRedMail

Revision as of 08:40, 13 March 2010

Contents

简介与功能列表

安装需求

改变 MySQL 表

安装系统需要的 python 模块

下载和配置 iRedAPD

配置 postfix

可以设置的访问策略

排错 & Debug

Views

Personal tools

Navigation

Search

Toolbox