经过一系列测试发现，修改了/etc/postfix/master.cf，去掉了这两个的注释：

smtp inet n – – – – smtpd
#submission inet n – – – – smtpd
# -o smtpd_etrn_restrictions=reject
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps inet n – – – – smtpd
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n – – – – smtpd
-o smtpd_etrn_restrictions=reject
-o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes

这样就要求客户端必须使用TLS来连接，并必须通过验证。
暂时还不清楚是否对本机上的其他Web邮件服务是否有影响。

首先安装：
sudo aptitude install postfix postfix-mysql courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl postfix-tls libsasl2 libsasl2-modules libsasl2-modules-sql sasl2-bin openssl libpam-mysql amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 unzoo libnet-ph-perl libnet-snpp-perl libnet-telnet-perl nomarch lzop pax razor pyzor dcc-client

首先创建mysql数据库，因为原来已经创建，直接导入就可以了。
把原来的mysql-virtual*文件拷贝到/etc/postfix/目录下，注意若mysql用户密码发生变化，要进行相应的修改。
然后修改文件权限：

chmod o= /etc/postfix/mysql-virtual_*.cf
chgrp postfix /etc/postfix/mysql-virtual_*.cf

创建vmail用户：

groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /home/vmail -m

对/etc/postfix/main.cf进行修改定制：

postconf -e ‘myhostname = server1.example.com’
postconf -e ‘mydestination = server1.example.com, localhost, localhost.localdomain’
postconf -e ‘mynetworks = 127.0.0.0/8′
postconf -e ‘virtual_alias_domains =’
postconf -e ‘ virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf’
postconf -e ‘virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf’
postconf -e ‘virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf’
postconf -e ‘virtual_mailbox_base = /home/vmail’
postconf -e ‘virtual_uid_maps = static:5000′
postconf -e ‘virtual_gid_maps = static:5000′
postconf -e ‘smtpd_sasl_auth_enable = yes’
postconf -e ‘broken_sasl_auth_clients = yes’
postconf -e ‘smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination’
postconf -e ‘transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf’
postconf -e ‘content_filter = amavis:[127.0.0.1]:10024′
postconf -e ‘receive_override_options = no_address_mappings’

这部分需要具体检查，我把myorigin这个给注释掉了，对于多域名的邮件列表有影响。

saslauthd相关设置，和DEBIAN不大一样，和UBUNTU EDGY也不尽相同：

sudo rm -fdr /var/spool/postfix/var/run/saslauthd
sudo mv /var/run/saslauthd /var/spool/postfix/var/run/saslauthd
sudo ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd
sudo adduser postfix sasl

修改/etc/default/saslauthd文件，把START修改为yes。
修改/etc/pam.d/smtp文件：

auth required pam_mysql.so user=mail_admin passwd=mail_admin_password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1

account sufficient pam_mysql.so user=mail_admin passwd=mail_admin_password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1

对应的用户名密码数据库要进行替换。

修改/etc/courier/authdaemonrc文件，把authmodulelist的值变为”authmysql”。

修改/etc/init.d/postfix文件，在FILES部分：

FILES=”etc/localtime etc/services etc/resolv.conf etc/hosts \
etc/nsswitch.conf etc/nss_mdns.config etc/postfix/sasl/smtpd.conf etc/sasldb2″

这个原来是有sasldb2文件的，但是在ubuntu feisty下没有这个文件，但执行起来没有问题，比较奇怪。

修改/etc/courier/authmysqlrc文件：

MYSQL_SERVER localhost

MYSQL_USERNAME mail_admin

MYSQL_PASSWORD mail_admin_password

MYSQL_PORT 0

MYSQL_DATABASE mail

MYSQL_USER_TABLE users

MYSQL_CRYPT_PWFIELD password

#MYSQL_CLEAR_PWFIELD password

MYSQL_UID_FIELD 5000

MYSQL_GID_FIELD 5000

MYSQL_LOGIN_FIELD email

MYSQL_HOME_FIELD “/home/vmail”

MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,’@',-1),’/',SUBSTRING_INDEX(email,’@',1),’/')

重新启动服务：

/etc/init.d/courier-authdaemon restart
/etc/init.d/courier-imap restart
/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop restart
/etc/init.d/courier-pop-ssl restart
/etc/init.d/postfix restart
/etc/init.d/saslauthd restart

修改/etc/aliases文件，可以根据自己的需要进行修改。

修改vi /etc/amavis/conf.d/15-content_filter_mode文件，去掉几个注释：

use strict;

# You can modify this file to re-enable SPAM checking through spamassassin

# and to re-enable antivirus checking.

#

# Default antivirus checking mode

# Uncomment the two lines below to enable it back

#

@bypass_virus_checks_maps = (

\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

#

# Default SPAM checking mode

# Uncomment the two lines below to enable it back

#

@bypass_spam_checks_maps = (

\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

1; # insure a defined return

修改 /etc/amavis/conf.d/50-user文件，添加：

$pax=’pax’;

修改/etc/postfix/master.cf文件，添加：

[...]

amavis unix – - – - 2 smtp

-o smtp_data_done_timeout=1200

-o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n – - – - smtpd

-o content_filter=

-o local_recipient_maps=

-o relay_recipient_maps=

-o smtpd_restriction_classes=

-o smtpd_client_restrictions=

-o smtpd_helo_restrictions=

-o smtpd_sender_restrictions=

-o smtpd_recipient_restrictions=permit_mynetworks,reject

-o mynetworks=127.0.0.0/8

-o strict_rfc821_envelopes=yes

-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks

-o smtpd_bind_address=127.0.0.1

修改/etc/spamassassin/local.cf，添加：

[...]

# dcc

use_dcc 1

dcc_path /usr/bin/dccproc

dcc_add_header 1

dcc_dccifd_path /usr/sbin/dccifd

#pyzor

use_pyzor 1

pyzor_path /usr/bin/pyzor

pyzor_add_header 1

#razor

use_razor2 1

razor_config /etc/razor/razor-agent.conf

#bayes

use_bayes 1

use_bayes_rules 1

bayes_auto_learn 1

启动服务：

adduser clamav amavis
/etc/init.d/amavis restart
/etc/init.d/clamav-daemon restart
/etc/init.d/clamav-freshclam restart
/etc/init.d/postfix restart

参考：

http://www.howtoforge.com/virtual_postfix_mysql_quota_courier_ubuntu_edgy

http://wlx.westgis.ac.cn/322/

今天把服务器升级为etch，顺便把x和gnome都干掉了。然后想看看这个问题能不能解决，就又试验起来了。

http://www.python.org/cgi-bin/faqw-mm.py?query=virtual+domain&querytype=simple&casefold=yes&req=search

开始都是以为要查询virtual domain，进入了误区，结果一直无解。

官方文档：http://www.gnu.org/software/mailman/mailman-install/node13.html
看了上面的文档后，又实验了多种配置，还是有问题，发到新邮件列表的信一直自动转发到老邮件列表上，导致查无此人。

Reporting-MTA: dns; debian.westgis.ac.cn
Received-From-MTA: smtp; debian.westgis.ac.cn ([127.0.0.1])
Arrival-Date: Sat, 30 Dec 2006 12:09:02 +0800 (CST)
Original-Recipient: rfc822;westdc@lists.westgis.ac.cn
Final-Recipient: rfc822;westdc@list.cngis.org
Action: failed
Status: 5.1.1
Remote-MTA: dns; 127.0.0.1
Diagnostic-Code: smtp; 550 5.1.1 <westdc@list.cngis.org>: Recipient address rejected: User unknown in virtual mailbox table
Last-Attempt-Date: Sat, 30 Dec 2006 12:09:12 +0800 (CST)

修改mm_cfg.py里的相关参数，都试验了一遍，错误信息依旧。然后查看到syslog里的出错信息，也是邮件地址的后缀自动变换了，非常奇怪。
于是检查postfix的main.cf设置，看到：

myorigin = list.cngis.org

想到了是否和这个配置有关系，于是首先修改为另外一个地址，然后再次试验，错误依旧，但错误信息发生了变化！
于是把这个配置注释掉，万事大吉！
想想好像这个地方原来是专门为配置mailman而加上的，没想到错误会出现在这里。当时好像是参照网上的教程直接搬下来的，还是官方的文档可靠阿。

这个问题已经都快半年没有解决了，今天终于解决了，爽阿。
此办法的缺点：各域名之间不能创建同名的邮件列表，即不能同时创建a@dom1.org和a@dom2.org。这个问题在mailman 2.2的版本中得到了解决。

Dec 26 20:08:16 debian postfix/smtpd[2696]: warning: unknown[210.77.68.211]: SASL LOGIN authentication failed: authentication failure
Dec 26 20:08:21 debian postfix/smtpd[2696]: warning: unknown[210.77.68.211]: SASL LOGIN authentication failed: authentication failure

为了搞定这个问题，又彻底检查了一遍postfix的各个配置参数，google了无数站点，最终在这个站点找到了解决方法。
我最初的安装方案应该是采用了这个站点的方法，但后来我也修改了不少地方。

现在将我这次的修改记录一下：

1. 修改/etc/postfix/sasl/smtpd.conf文件，内容如下：

pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
log_level: 5

其中，log_level可以自己调整，若出现问题，可以调大，最大为7，然后到/var/log/mail.warn、/var/log/syslog、/var/log/auth.log等文件中查找相关信息。
2. 调整/etc/init.d/saslauthd文件，加入一个参数：

DAEMON_ARGS=” -r

这个参数本来的值是空的，我就是在这个地方给卡死了两天。
3. 调整saslauthd运行目录，令其可以运行在chroot环境下，因为在DEBIAN里，postfix是运行在chroot里的。

Move saslauthd’s socket dir inside Postfix’s chroot and create a link to keep everybody happy:

# mv /var/run/saslauthd /var/spool/postfix/var/run/saslauthd
# ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd

Add the postfix user to the sasl group:

# adduser postfix sasl

4. 修改/etc/init.d/postfix文件，主要是修改FILES文件定义：

FILES=”etc/localtime etc/services etc/resolv.conf etc/hosts \
etc/nsswitch.conf etc/nss_mdns.config etc/postfix/sasl/smtpd.conf etc/sasldb2″

然后重新启动服务：

# /etc/init.d/postfix restart
# /etc/init.d/saslauthd start

这个网站的FAQ里提供的内容：

Q.: Can Postfix query the MySQL db directly?
A.: No.

Q.: Why do you use libpam-mysql? saslauthd natively supports SQL.
A.: Because saslauthd only supports unencrypted password if you use a sql db as an authentication backend. That’s the reason for interfacing saslauthd with PAM. PAM, in turn, can use just anything.

Q.: My friend told me that /etc/postfix/sasl/smtpd.conf should contain

“pwcheck_method: pam”

A.: That was true for SASL < 2.x. Now you have to use saslauthd.

Q.: Why do you run saslauthd with the -r flag?
A.: Because my users authenticate as “user@domain”, not “user”. If you are in trouble check /var/log/auth.log .

Q.: Why did you move saslauthd’s socket to

/var/spool/postfix/var/run/saslauthd

?

A.: Because the smtp service runs chroot’ed.

Q.: Why did you add etc/postfix/sasl/smtpd.conf to the FILES variable?
A.: Because Postfix needs to access that file from inside the chroot. The init.d script copies the latest copy of that file inside the chroot at every restart.

Q.: How does the authentication chain work?
A.: Postfix connects to saslauthd via socket, which in turn asks PAM to authenticate the user which in turn queries the relevant MySQL table.

Q.: Are there any alternatives to libpam-mysql?
A.: Perhaps it’s possible to use authdaemon from the Courier package.

Q.: Why do you use 127.0.0.1 instead of localhost?
A.: In order to use a TCP socket instead of a unix socket. This way we don’t have to put MySQL’s unix socket inside Postfix’s chroot.

致谢：(Thanks to)
1. Luca Gibelli, http://www.nervous.it/txt/Postfix-SMTP-AUTH-4-DUMMIES.html
2. http://postfix.wiki.xs4all.nl/index.php

最后也没找到原因，取消了原来的SMTP验证模块，换了一个新的验证模块。
参考：

http://howtoforge.com/virtual_postfix_mysql_quota_courier

垃圾邮件处理也进一步增强了。

owner_request_special = no

alias_maps = hash:/etc/postfix/aliases,
hash:/usr/local/mailman/data/aliases
virtual_alias_maps = ,
hash:/usr/local/mailman/data/virtual-mailman

2. /etc/mailman/mm_cfg.py

MTA = ‘Postfix’
POSTFIX_STYLE_VIRTUAL_DOMAINS = ['list.cngis.org', list.mygis.org']

3. 生成两个文件

cd /usr/local/mailman
bin/genaliases
su
chmod 666 data/aliases*
touch data/virtual-mailman
touch data/virtual-mailman.db
chmod 666 data/virtual-mailman*

4、 生成默认的mail list
newlist mailman
5、 重新启动服务

/etc/init.d/postfix reload
/etc/init.d/mailman restart

可能以后新加入的mail list都需要postfix reload。
BTW：可惜目前的mailman不支持中文。
总结： 多看官方的安装文档，检查系统的LOG记录，遇到问题到GOOGLE搜索答案。