Install/iRedAPD/MySQL/zh CN

From iRedMail

Revision as of 08:29, 13 March 2010 by Shake.chen (Talk | contribs)
Jump to: navigation, search

Contents


  • Read this tutorial in other languages

简介与功能列表

  • iRedAPD 是由 iRedMail 团队开发的 Postfix policy daemon 程序,用于实现在 SMTP 会话阶段的高级访问控制。
  • 同时支持 OpenLDAP 和 MySQL backend。
  • 支持插件机制。
Available Plugins
Plugin name Description Backend
ldap_maillist_access_policy Used to restrict mail list access OpenLDAP
sql_alias_access_policy Used to restrict alias access MySQL

安装需求

  • Python >= 2.4。核心编程语言。
  • Python-MySQLdb。Python 访问 MySQL 的数据库接口。
  • web.py >= 0.3.0。一个简洁的 web 框架。
  • DBUtils。用于实现高效的数据库访问连接池,在大负载的情况下可以极大地保持数据库访问速度。
  • iRedMail。所有版本的 iRedMail 均适用。

改变 MySQL 表

插件 sql_alias_access_policyvmail.alias 表里添加两列,用来保存访问策略和管理员的邮箱地址。

Terminal: 
mysql> USE vmail;
mysql> ALTER TABLE alias ADD COLUMN accesspolicy VARCHAR(30) NOT NULL DEFAULT '';
mysql> ALTER TABLE alias ADD COLUMN moderators TEXT NOT NULL DEFAULT '';

安装系统需要的 python 模块

  • RHEL/CentOS:
Terminal: 
# yum install MySQL-python python-setuptools
# easy_install web.py DBUtils
  • Debian/Ubuntu:
Terminal: 
$ sudo apt-get install python-setuptools python-mysqldb
$ sudo easy_install web.py DButils
  • FreeBSD:

下载和配置 iRedAPD

  • download page下载iRedAPD.
  • 复制 iRedAPD 到 /opt/, 设置文件权限并创建软连接。
Terminal: 
# tar xjf iRedAPD-x.y.z.tar.bz2 -C /opt/
# ln -s /opt/iRedAPD-x.y.z /opt/iredapd
# chmod +x /opt/iredapd/src/iredapd.py
  • 复制启动脚本到 /etc/init.d/ (Linux) 或 /usr/local/etc/rc.d/ (FreeBSD):
Terminal: 
# cp /opt/iredapd/rc_scripts/iredapd /etc/init.d/iredapd
# chmod +x /etc/init.d/iredapd
  • 复制示例配置文件:
Terminal: 
# cp /opt/iredapd/etc/iredapd.ini.sample /opt/iredapd/etc/iredapd.ini
  • 编辑 /opt/iredapd/etc/iredapd.ini :
File: /opt/iredapd/etc/iredapd.ini 
[general]
# Listen address and port.
listen_addr     = 127.0.0.1
listen_port     = 7777

# Background/daemon mode: yes, no.
run_as_daemon   = yes

# Path to pid file.
pid_file        = /var/run/iredapd.pid

# Log type: file.
log_type        = file
log_file        = /var/log/iredapd.log

# Log level: info, warning, error, debug.
# 'info' is recommended for product use.
log_level       = info

# Backend: ldap, mysql.
backend     = mysql

[mysql]
# For MySQL backend only.
server      = 127.0.0.1
db          = vmail
user        = vmail
password    = Psaf68wsuVctYSbj4PJzRqmFsE0rlQ
alias_table = alias

# Enabled plugins.
plugins = sql_alias_access_policy
  • 启动 iRedAPD。
Terminal: 
# /etc/init.d/iredapd start
  • 让 iRedAPD 开机启动。
    • RHEL/CentOS:
Terminal: 
# chkconfig --level 345 iredapd on
    • Debian/Ubuntu:
Terminal: 
$ update-rc.d iredapd defaults
    • FreeBSD, 你需要在/etc/rc.conf配置文件里添加一行:
File: /etc/rc.conf 
iredapd_enable='YES'

配置 postfix

  • 修改Postfix设置,在配置文件/etc/postfix/main.cfsmtpd_recipient_restrictions:
File: /etc/postfix/main.cf 
smtpd_recipient_restrictions =
    ...
    check_policy_service inet:127.0.0.1:7777,     # <-- 插入这行
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    ...
  • 重启 postfix,让修改生效。
Terminal: 
# /etc/init.d/postfix restart

Available access policy levels

There're five default policy rules for mail alias:

Policy Description Value of column 'accesspolicy'
Unrestricted Email is unrestricted, which means everyone can mail to this address. public
Domain Wide Only users under same domain can send mail to this address. domain
Members Only Only members can send mail to this address. membersOnly
Moderators Only Only moderators can send mail to this address. moderatorsOnly
Members and Moderators Only Only members and moderators can send mail to this address. membersAndModeratorsOnly

Note: Value of column 'accesspolicy' is case-insensitive.

Troubleshooting & Debug

If iRedAPD doesn't work as expected, you can simplily set log_level = debug in /opt/iredapd/etc/iredapd.ini, restart iredapd and monitor its log file /var/log/iredapd.log, create a new forum topic in iRedMail forum and paste log message in forum topic.

Retrieved from "http://www.iredmail.org/wiki/index.php?title=Install/iRedAPD/MySQL/zh_CN"
Personal tools