Install/iRedAPD/MySQL/zh CN

From iRedMail

(Difference between revisions)
Jump to: navigation, search
(Alter MySQL Table)
(配置 postfix)
 
(19 intermediate revisions not shown)
Line 3: Line 3:
{{Install/iRedAPD/MySQL/Languages}}
{{Install/iRedAPD/MySQL/Languages}}
-
= Summary & Feature List =
+
= 简介与功能列表 =
-
* iRedAPD is designed to work in conjunction with Postfix as an Access Policy Delegation daemon, with plugin support.
+
* iRedAPD 是由 iRedMail 团队开发的 Postfix policy daemon 程序,用于实现在 SMTP 会话阶段的高级访问控制。
-
* Currently, it works with both OpenLDAP and MySQL backend.
+
* 同时支持 OpenLDAP MySQL backend。
-
* Available plugins:
+
* 支持插件机制。
-
** ldap_maillist_access_policy: Used to restrict mail list access with OpenLDAP backend.
+
-
** sql_alias_access_policy: Used to restrict alias access with MySQL backend.
+
-
= Requirements =
+
{{iRedAPD/Plugins}}
-
* Python >= 2.4, core programming language.
+
 
-
* Python-MySQLdb, is the Python DB API-2.0 interface.
+
= 安装需求 =
-
* web.py >= 0.3.0, a web framework for python that is as simple as it is powerful.
+
* Python >= 2.4。核心编程语言。
-
* DBUtils, is a suite of tools providing solid, persistent and pooled connections to a database.
+
* Python-MySQLdb。Python 访问 MySQL 的数据库接口。
-
* iRedMail: All iRedMail versions should work as expected.
+
* web.py >= 0.3.0。一个简洁的 web 框架。
 +
* DBUtils。用于实现高效的数据库访问连接池,在大负载的情况下可以极大地保持数据库访问速度。
 +
* iRedMail。所有版本的 iRedMail 均适用。
= 改变 MySQL 表 =
= 改变 MySQL 表 =
Line 25: Line 25:
</pre>}}
</pre>}}
-
= Install required python modules =
+
= 安装系统需要的 python 模块 =
-
 
+
* RHEL/CentOS:
-
* on RHEL/CentOS:
+
{{cmd|<pre>
{{cmd|<pre>
# yum install MySQL-python python-setuptools
# yum install MySQL-python python-setuptools
Line 33: Line 32:
</pre>}}
</pre>}}
-
* on Debian/Ubuntu:
+
* Debian/Ubuntu:
{{cmd|<pre>
{{cmd|<pre>
$ sudo apt-get install python-setuptools python-mysqldb
$ sudo apt-get install python-setuptools python-mysqldb
Line 39: Line 38:
</pre>}}
</pre>}}
-
* on FreeBSD:
+
* FreeBSD:
 +
{{cmd|<pre>
 +
# cd /usr/ports/databases/py-MySQLdb
 +
# make install clean
 +
 
 +
# cd /usr/ports/www/webpy/
 +
# make install clean
 +
 
 +
# cd /usr/ports/databases/py-dbutils/
 +
# make install clean
 +
</pre>}}
-
= Download and configure iRedAPD =
+
= 下载和配置 iRedAPD =
-
* Download iRedAPD from [http://www.iredmail.org/download.html#iredapd download page].
+
* [http://www.iredmail.org/download.html#iredapd download page]下载iRedAPD.
-
* Copy iRedAPD to /opt/, set correct file permissions, and create symbol link.
+
* 复制 iRedAPD /opt/, 设置文件权限并创建软连接。
{{cmd|<pre>
{{cmd|<pre>
# tar xjf iRedAPD-x.y.z.tar.bz2 -C /opt/
# tar xjf iRedAPD-x.y.z.tar.bz2 -C /opt/
Line 50: Line 59:
</pre>}}
</pre>}}
-
* Copy necessary RC script to /etc/init.d/ (Linux) or /usr/local/etc/rc.d/ (FreeBSD):
+
* 复制启动脚本到 /etc/init.d/ (Linux) /usr/local/etc/rc.d/ (FreeBSD):
{{cmd|<pre>
{{cmd|<pre>
# cp /opt/iredapd/rc_scripts/iredapd /etc/init.d/iredapd
# cp /opt/iredapd/rc_scripts/iredapd /etc/init.d/iredapd
Line 56: Line 65:
</pre>}}
</pre>}}
-
* Copy sample setting file:
+
* 复制示例配置文件:
{{cmd|<pre>
{{cmd|<pre>
# cp /opt/iredapd/etc/iredapd.ini.sample /opt/iredapd/etc/iredapd.ini
# cp /opt/iredapd/etc/iredapd.ini.sample /opt/iredapd/etc/iredapd.ini
</pre>}}
</pre>}}
-
* Open /opt/iredapd/etc/iredapd.ini and set correct values:
+
* 编辑 /opt/iredapd/etc/iredapd.ini :
{{cfg|/opt/iredapd/etc/iredapd.ini|<pre>
{{cfg|/opt/iredapd/etc/iredapd.ini|<pre>
[general]
[general]
Line 97: Line 106:
</pre>}}
</pre>}}
-
* Start iRedAPD now.
+
* 启动 iRedAPD。
{{cmd|<pre>
{{cmd|<pre>
# /etc/init.d/iredapd start
# /etc/init.d/iredapd start
</pre>}}
</pre>}}
-
* Make iRedAPD start when boot your server.
+
* iRedAPD 开机启动。
-
** on RHEL/CentOS:{{cmd|<pre># chkconfig --level 345 iredapd on</pre>}}
+
** RHEL/CentOS:{{cmd|<pre># chkconfig --level 345 iredapd on</pre>}}
-
** on Debian/Ubuntu:{{cmd|<pre>$ update-rc.d iredapd defaults</pre>}}
+
** Debian/Ubuntu:{{cmd|<pre>$ update-rc.d iredapd defaults</pre>}}
-
** on FreeBSD, you should append below line to '''/etc/rc.conf''':{{cfg|/etc/rc.conf|<pre>iredapd_enable='YES'</pre>}}
+
** FreeBSD, 你需要在'''/etc/rc.conf'''配置文件里添加一行:{{cfg|/etc/rc.conf|<pre>iredapd_enable='YES'</pre>}}
-
= Configure postfix =
+
= 配置 postfix =
-
* Modify postfix setting '''smtpd_recipient_restrictions''' setting in '''/etc/postfix/main.cf''':
+
* 修改Postfix设置,在配置文件'''/etc/postfix/main.cf'''的 '''smtpd_recipient_restrictions''':
{{cfg|/etc/postfix/main.cf|<pre>
{{cfg|/etc/postfix/main.cf|<pre>
smtpd_recipient_restrictions =
smtpd_recipient_restrictions =
     ...
     ...
-
     check_policy_service inet:127.0.0.1:7777,    # <-- Insert this line
+
     check_policy_service inet:127.0.0.1:7777,    # <-- 插入这行
     permit_mynetworks,
     permit_mynetworks,
     permit_sasl_authenticated,
     permit_sasl_authenticated,
Line 119: Line 128:
</pre>}}
</pre>}}
-
* Restart postfix to make it work.
+
* 重启 postfix,让修改生效。
{{cmd|<pre># /etc/init.d/postfix restart</pre>}}
{{cmd|<pre># /etc/init.d/postfix restart</pre>}}
-
= Available access policy levels =
+
= 使用 logrotate 自动轮巡备份日志文件 =
-
There're five default policy rules for mail alias:
+
为 logrotate 程序添加文件用于轮巡备份 iRedAPD 的日志文件:
 +
{{cfg|/etc/logrotate.d/iredapd|<pre>
 +
/var/log/mail.log {
 +
    compress
 +
    daily
 +
    rotate 30
 +
    missingok
 +
 
 +
    # Use bzip2 for compress.
 +
    compresscmd /bin/bzip2
 +
    uncompresscmd /bin/bunzip2
 +
    compressoptions -9
 +
    compressext .bz2
 +
 
 +
    # Used on RHEL/CentOS.
 +
    postrotate
 +
        /bin/kill -HUP $(cat /var/run/syslogd.pid 2> /dev/null) 2> /dev/null || true
 +
    endscript
 +
 
 +
    # Used on Ubuntu.
 +
    #postrotate
 +
    #    invoke-rc.d sysklogd reload > /dev/null
 +
    #endscript
 +
}
 +
</pre>}}
 +
 
 +
= 可以设置的访问策略 =
 +
针对邮件的alias,有5种策略可以设置:
<table border="1">
<table border="1">
<tr>
<tr>
Line 132: Line 168:
<tr>
<tr>
-
<td>Unrestricted</td>
+
<td>无限制</td>
<td>Email is unrestricted, which means everyone can mail to this address.</td>
<td>Email is unrestricted, which means everyone can mail to this address.</td>
<td>public</td>
<td>public</td>
Line 138: Line 174:
<tr>
<tr>
-
<td>Domain Wide</td>
+
<td>只允许域内的用户发送邮件给 alias</td>
<td>Only users under same domain can send mail to this address.</td>
<td>Only users under same domain can send mail to this address.</td>
<td>domain</td>
<td>domain</td>
Line 144: Line 180:
<tr>
<tr>
-
<td>Members Only</td>
+
<td>只允许 alias 的成员发送邮件到 alias</td>
<td>Only members can send mail to this address.</td>
<td>Only members can send mail to this address.</td>
<td>membersOnly</td>
<td>membersOnly</td>
Line 150: Line 186:
<tr>
<tr>
-
<td>Moderators Only</td>
+
<td>只允许规定的管理员(moderators)发送邮件给 alias</td>
<td>Only moderators can send mail to this address.</td>
<td>Only moderators can send mail to this address.</td>
<td>moderatorsOnly</td>
<td>moderatorsOnly</td>
Line 156: Line 192:
<tr>
<tr>
-
<td>Members and Moderators Only</td>
+
<td>只允许 alias 的成员和管理员发送邮件给 alias</td>
<td>Only members and moderators can send mail to this address.</td>
<td>Only members and moderators can send mail to this address.</td>
<td>membersAndModeratorsOnly</td>
<td>membersAndModeratorsOnly</td>
Line 163: Line 199:
</table>
</table>
-
Note: Value of column 'accesspolicy' is case-insensitive.
+
备注:accesspolicy 值是'''不区分大小写'''的.
-
= Troubleshooting & Debug =
+
= 排错 & Debug =
-
If iRedAPD doesn't work as expected, you can simplily set '''log_level = debug''' in '''/opt/iredapd/etc/iredapd.ini''', restart iredapd and monitor its log file '''/var/log/iredapd.log''', create a new forum topic in [http://www.iredmail.org/forum/ iRedMail forum] and paste log message in forum topic.
+
如果iRedAPD工作不正常,你可以在'''/opt/iredapd/etc/iredapd.ini'''设置'''log_level = debug''' , 重启 iredapd 并观察log文件'''/var/log/iredapd.log''', [http://www.iredmail.org/bbs/ iRedMail 论坛] 发贴并附上日志信息。

Current revision as of 02:01, 31 March 2010

Contents


  • Read this tutorial in other languages

简介与功能列表

  • iRedAPD 是由 iRedMail 团队开发的 Postfix policy daemon 程序,用于实现在 SMTP 会话阶段的高级访问控制。
  • 同时支持 OpenLDAP 和 MySQL backend。
  • 支持插件机制。
Available Plugins
Plugin name Description Backend
ldap_maillist_access_policy Used to restrict mail list access OpenLDAP
sql_alias_access_policy Used to restrict alias access MySQL

安装需求

  • Python >= 2.4。核心编程语言。
  • Python-MySQLdb。Python 访问 MySQL 的数据库接口。
  • web.py >= 0.3.0。一个简洁的 web 框架。
  • DBUtils。用于实现高效的数据库访问连接池,在大负载的情况下可以极大地保持数据库访问速度。
  • iRedMail。所有版本的 iRedMail 均适用。

改变 MySQL 表

插件 sql_alias_access_policyvmail.alias 表里添加两列,用来保存访问策略和管理员的邮箱地址。

Terminal: 
mysql> USE vmail;
mysql> ALTER TABLE alias ADD COLUMN accesspolicy VARCHAR(30) NOT NULL DEFAULT '';
mysql> ALTER TABLE alias ADD COLUMN moderators TEXT NOT NULL DEFAULT '';

安装系统需要的 python 模块

  • RHEL/CentOS:
Terminal: 
# yum install MySQL-python python-setuptools
# easy_install web.py DBUtils
  • Debian/Ubuntu:
Terminal: 
$ sudo apt-get install python-setuptools python-mysqldb
$ sudo easy_install web.py DButils
  • FreeBSD:
Terminal: 
# cd /usr/ports/databases/py-MySQLdb
# make install clean

# cd /usr/ports/www/webpy/
# make install clean

# cd /usr/ports/databases/py-dbutils/
# make install clean

下载和配置 iRedAPD

  • download page下载iRedAPD.
  • 复制 iRedAPD 到 /opt/, 设置文件权限并创建软连接。
Terminal: 
# tar xjf iRedAPD-x.y.z.tar.bz2 -C /opt/
# ln -s /opt/iRedAPD-x.y.z /opt/iredapd
# chmod +x /opt/iredapd/src/iredapd.py
  • 复制启动脚本到 /etc/init.d/ (Linux) 或 /usr/local/etc/rc.d/ (FreeBSD):
Terminal: 
# cp /opt/iredapd/rc_scripts/iredapd /etc/init.d/iredapd
# chmod +x /etc/init.d/iredapd
  • 复制示例配置文件:
Terminal: 
# cp /opt/iredapd/etc/iredapd.ini.sample /opt/iredapd/etc/iredapd.ini
  • 编辑 /opt/iredapd/etc/iredapd.ini :
File: /opt/iredapd/etc/iredapd.ini 
[general]
# Listen address and port.
listen_addr     = 127.0.0.1
listen_port     = 7777

# Background/daemon mode: yes, no.
run_as_daemon   = yes

# Path to pid file.
pid_file        = /var/run/iredapd.pid

# Log type: file.
log_type        = file
log_file        = /var/log/iredapd.log

# Log level: info, warning, error, debug.
# 'info' is recommended for product use.
log_level       = info

# Backend: ldap, mysql.
backend     = mysql

[mysql]
# For MySQL backend only.
server      = 127.0.0.1
db          = vmail
user        = vmail
password    = Psaf68wsuVctYSbj4PJzRqmFsE0rlQ
alias_table = alias

# Enabled plugins.
plugins = sql_alias_access_policy
  • 启动 iRedAPD。
Terminal: 
# /etc/init.d/iredapd start
  • 让 iRedAPD 开机启动。
    • RHEL/CentOS:
Terminal: 
# chkconfig --level 345 iredapd on
    • Debian/Ubuntu:
Terminal: 
$ update-rc.d iredapd defaults
    • FreeBSD, 你需要在/etc/rc.conf配置文件里添加一行:
File: /etc/rc.conf 
iredapd_enable='YES'

配置 postfix

  • 修改Postfix设置,在配置文件/etc/postfix/main.cfsmtpd_recipient_restrictions:
File: /etc/postfix/main.cf 
smtpd_recipient_restrictions =
    ...
    check_policy_service inet:127.0.0.1:7777,     # <-- 插入这行
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    ...
  • 重启 postfix,让修改生效。
Terminal: 
# /etc/init.d/postfix restart

使用 logrotate 自动轮巡备份日志文件

为 logrotate 程序添加文件用于轮巡备份 iRedAPD 的日志文件:

File: /etc/logrotate.d/iredapd 
/var/log/mail.log {
    compress
    daily
    rotate 30
    missingok

    # Use bzip2 for compress.
    compresscmd /bin/bzip2
    uncompresscmd /bin/bunzip2
    compressoptions -9
    compressext .bz2 

    # Used on RHEL/CentOS.
    postrotate
        /bin/kill -HUP $(cat /var/run/syslogd.pid 2> /dev/null) 2> /dev/null || true
    endscript

    # Used on Ubuntu.
    #postrotate
    #    invoke-rc.d sysklogd reload > /dev/null
    #endscript
}

可以设置的访问策略

针对邮件的alias,有5种策略可以设置:

Policy Description Value of column 'accesspolicy'
无限制 Email is unrestricted, which means everyone can mail to this address. public
只允许域内的用户发送邮件给 alias Only users under same domain can send mail to this address. domain
只允许 alias 的成员发送邮件到 alias Only members can send mail to this address. membersOnly
只允许规定的管理员(moderators)发送邮件给 alias Only moderators can send mail to this address. moderatorsOnly
只允许 alias 的成员和管理员发送邮件给 alias Only members and moderators can send mail to this address. membersAndModeratorsOnly

备注:accesspolicy 值是不区分大小写的.

排错 & Debug

如果iRedAPD工作不正常,你可以在/opt/iredapd/etc/iredapd.ini设置log_level = debug , 重启 iredapd 并观察log文件/var/log/iredapd.log, 到 iRedMail 论坛 发贴并附上日志信息。

Retrieved from "http://www.iredmail.org/wiki/index.php?title=Install/iRedAPD/MySQL/zh_CN"
Personal tools