iRedmail 中使用iRedAPD限制邮件帐户收取邮件
13 Nov 2012iRedAPD的具体安装使用方法见以下地址
http://www.iredmail.org/wiki/index.php?title=Install/iRedAPD/MySQL/zh_CN (在外面)
按照方法我在'accesspolicy'字段中加了'domain'值就是不起作用。后来看了一下/opt/iredapd/src/plugins/sqlaliasaccess_policy.py这个文件
他的SQL查询语句是这样写的
SELECT accesspolicy, goto, moderators
FROM alias
WHERE
address=%s
AND address <> goto
AND domain=%s
AND active=1
LIMIT 1
在mysql里运行了一下没值返回,后来看了一下数据库里的‘alias’表里的'goto'字段的值是和address相同的所以取不出来值,
本来是把'goto'字段清空的,但在postfix log 里有以下的警告:
postfix/proxymap[17453]: warning: table "mysql:/etc/postfix/mysql/virtual_alias_maps.cf": empty lookup result for: "service@XXX.com" -- ignored
还是把/opt/iredapd/src/plugins/sqlaliasaccess_policy.py这个文件改掉吧
SELECT accesspolicy, goto, moderators
FROM alias
WHERE
address=%s
AND address=goto
AND domain=%s
AND active=1
LIMIT 1
附件:
iRedAPD的具体安装使用方法的文档一般访问不了,转一下吧
Install/iRedAPD/MySQL/zh CN
| ## Contents [hide] * [1 简介与功能列表](http://www.iredmail.org/wiki/index.php?title=Install/iRedAPD/MySQL/zh_CN#.E7.AE.80.E4.BB.8B.E4.B8.8E.E5.8A.9F.E8.83.BD.E5.88.97.E8.A1.A8) * [2 安装需求](http://www.iredmail.org/wiki/index.php?title=Install/iRedAPD/MySQL/zh_CN#.E5.AE.89.E8.A3.85.E9.9C.80.E6.B1.82) * [3 改变 MySQL 表](http://www.iredmail.org/wiki/index.php?title=Install/iRedAPD/MySQL/zh_CN#.E6.94.B9.E5.8F.98_MySQL_.E8.A1.A8) * [4 安装系统需要的 python 模块](http://www.iredmail.org/wiki/index.php?title=Install/iRedAPD/MySQL/zh_CN#.E5.AE.89.E8.A3.85.E7.B3.BB.E7.BB.9F.E9.9C.80.E8.A6.81.E7.9A.84_python_.E6.A8.A1.E5.9D.97) * [5 下载和配置 iRedAPD](http://www.iredmail.org/wiki/index.php?title=Install/iRedAPD/MySQL/zh_CN#.E4.B8.8B.E8.BD.BD.E5.92.8C.E9.85.8D.E7.BD.AE_iRedAPD) * [6 配置 postfix](http://www.iredmail.org/wiki/index.php?title=Install/iRedAPD/MySQL/zh_CN#.E9.85.8D.E7.BD.AE_postfix) * [7 使用 logrotate 自动轮巡备份日志文件](http://www.iredmail.org/wiki/index.php?title=Install/iRedAPD/MySQL/zh_CN#.E4.BD.BF.E7.94.A8_logrotate_.E8.87.AA.E5.8A.A8.E8.BD.AE.E5.B7.A1.E5.A4.87.E4.BB.BD.E6.97.A5.E5.BF.97.E6.96.87.E4.BB.B6) * [8 可以设置的访问策略](http://www.iredmail.org/wiki/index.php?title=Install/iRedAPD/MySQL/zh_CN#.E5.8F.AF.E4.BB.A5.E8.AE.BE.E7.BD.AE.E7.9A.84.E8.AE.BF.E9.97.AE.E7.AD.96.E7.95.A5) * [9 排错 & Debug](http://www.iredmail.org/wiki/index.php?title=Install/iRedAPD/MySQL/zh_CN#.E6.8E.92.E9.94.99_.26_Debug) |
Read this tutorial in other languages
- English
- Chinese
简介与功能列表
iRedAPD 是由 iRedMail 团队开发的 Postfix policy daemon 程序,用于实现在 SMTP 会话阶段的高级访问控制。
同时支持 OpenLDAP 和 MySQL backend。
支持插件机制。
| Used to restrict mail list access | OpenLDAP |
| Used to restrict alias access | MySQL |
安装需求
Python >= 2.4。核心编程语言。
Python-MySQLdb。Python 访问 MySQL 的数据库接口。
web.py >= 0.3.0。一个简洁的 web 框架。
DBUtils。用于实现高效的数据库访问连接池,在大负载的情况下可以极大地保持数据库访问速度。
iRedMail。所有版本的 iRedMail 均适用。
改变 MySQL 表
插件 sqlaliasaccess_policy 在 vmail.alias 表里添加两列,用来保存访问策略和管理员的邮箱地址。
| *Terminal: * |
|
安装系统需要的 python 模块
- RHEL/CentOS:
| **Terminal: ** |
| # yum install MySQL-python python-setuptools # easy_install web.py DBUtils |
- Debian/Ubuntu:
| **Terminal: ** |
| $ sudo apt-get install python-setuptools python-mysqldb $ sudo easy_install web.py DButils |
- FreeBSD:
| **Terminal: ** |
| # cd /usr/ports/databases/py-MySQLdb # make install clean # cd /usr/ports/www/webpy/ # make install clean # cd /usr/ports/databases/py-dbutils/ # make install clean |
下载和配置 iRedAPD
从 download page下载iRedAPD.
复制 iRedAPD 到 /opt/, 设置文件权限并创建软连接。
| **Terminal: ** |
| # tar xjf iRedAPD-x.y.z.tar.bz2 -C /opt/ # ln -s /opt/iRedAPD-x.y.z /opt/iredapd # chmod +x /opt/iredapd/src/iredapd.py |
- 复制启动脚本到 /etc/init.d/ (Linux) 或 /usr/local/etc/rc.d/ (FreeBSD):
| **Terminal: ** |
| # cp /opt/iredapd/rc_scripts/iredapd /etc/init.d/iredapd # chmod +x /etc/init.d/iredapd |
- 复制示例配置文件:
| **Terminal: ** |
| # cp /opt/iredapd/etc/iredapd.ini.sample /opt/iredapd/etc/iredapd.ini |
- 编辑 /opt/iredapd/etc/iredapd.ini :
| File: _**/opt/iredapd/etc/iredapd.ini**_ |
| [general] # Listen address and port. listen_addr = 127.0.0.1 listen_port = 7777 # Background/daemon mode: yes, no. run_as_daemon = yes # Path to pid file. pid_file = /var/run/iredapd.pid # Log type: file. log_type = file log_file = /var/log/iredapd.log # Log level: info, warning, error, debug. # 'info' is recommended for product use. log_level = info # Backend: ldap, mysql. backend = mysql [mysql] # For MySQL backend only. server = 127.0.0.1 db = vmail user = vmail password = Psaf68wsuVctYSbj4PJzRqmFsE0rlQ alias_table = alias # Enabled plugins. plugins = sql_alias_access_policy |
- 启动 iRedAPD。
| **Terminal: ** |
| # /etc/init.d/iredapd start |
让 iRedAPD 开机启动。
- RHEL/CentOS:
| **Terminal: ** |
| # chkconfig --level 345 iredapd on |
- Debian/Ubuntu:
| **Terminal: ** |
| $ update-rc.d iredapd defaults |
- FreeBSD, 你需要在/etc/rc.conf配置文件里添加一行:
| File: _**/etc/rc.conf**_ |
| iredapd_enable='YES' |
配置 postfix
- 修改Postfix设置,在配置文件/etc/postfix/main.cf的 smtpdrecipientrestrictions:
| File: _**/etc/postfix/main.cf**_ |
| smtpd_recipient_restrictions = ... check_policy_service inet:127.0.0.1:7777, # <-- 插入这行 permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, ... |
- 重启 postfix,让修改生效。
| **Terminal: ** |
| # /etc/init.d/postfix restart |
使用 logrotate 自动轮巡备份日志文件
为 logrotate 程序添加文件用于轮巡备份 iRedAPD 的日志文件:
| File: /etc/logrotate.d/iredapd |
|
可以设置的访问策略
针对邮件的alias,有5种策略可以设置:
| 无限制 | Email is unrestricted, which means everyone can mail to this address. | public |
| 只允许域内的用户发送邮件给 alias | Only users under same domain can send mail to this address. | domain |
| 只允许 alias 的成员发送邮件到 alias | Only members can send mail to this address. | membersOnly |
| 只允许规定的管理员(moderators)发送邮件给 alias | Only moderators can send mail to this address. | moderatorsOnly |
| 只允许 alias 的成员和管理员发送邮件给 alias | Only members and moderators can send mail to this address. | membersAndModeratorsOnly |
排错 & Debug
如果iRedAPD工作不正常,你可以在/opt/iredapd/etc/iredapd.ini设置log_level = debug , 重启 iredapd 并观察log文件/var/log/iredapd.log, 到 iRedMail 论坛 发贴并附上日志信息。