主要参考了以下这两篇文章
RHEL4上安装基于postfix的全功能邮件服务器(全部使用目前最新源码包构建)
http://bbs.chinaunix.net/thread-987344-1-1.html
RHEL5上安装Postfix+dovecot+MailScanner+spamassassin+f-prot+SquirrelMail
http://bbs.chinaunix.net/thread-982988-1-1.html
一、系统安装
宿主机系统:Windows XP
VMare版本:VMware Workstation 5.0.0 build-13124
虚拟机系统:RedHat Enterprise Linux 5.0
新建虚拟机系统,系统类型那里选择RedHat Enterprise Linux 4.0,硬盘空间请根据自己需要进行分配,其他默认
开启虚拟机,选择图形化安装向导,软件选择方面,请在以下相应栏目选择本例中会用到的软件:MySQL、Apache、PHP、Cyrus-sasl、SpamAssassin
1、桌面环境:不安装
2、应用程序:选择基于文本的互联网和编辑器
3、开发:开发工具、开发库里的软件包全部安装(这样做的目的,是防止在接下来的软件安装中,安装程序提示缺少某个包,如果你觉得哪些包没必要,请去除)
4、服务器:请根据上文所提软件包进行选择,邮件服务器中,安装Cyrus-sasl、SpamAssassin,其余不装
5、基本系统:注意去掉sendmail,X窗口也不装,其余默认。
二、准备工作
1、域名解释设置
@ MX记录 q1874.vicp.net.
www.q1874.cn CNAME记录 q1874.vicp.net.
2、花生壳 for linux 安装
下载:http://down1.tech.sina.com.cn/download/downContent/2005-11-25/16233.shtml
下载适合您的unix/linux版本的安装包文件,使用root身份解压缩安装包
# tar xzf phlinux-1.0-install.fc5.tar.gz
安装包文件将解压缩至phlinux_install目录中
# cd phlinux_install
执行安装脚本
# ./install.sh
执行安装脚本后,将自动以互动配置模式的phlinux程序
输入web服务的地址,直接回车
Runing phlinux for first configuration…
Peanuthull Linux-core 1.0 by oray.net, copyright 2005
No user configuration found, entering interactive mode automatically!
Peanuthull Linux-core Interactive startup.
Please input service address(press ENTER use phservice.oray.net):
输入花生壳服务器地址,直接回车
Please input server address(press ENTER use PH031.Oray.Net):
此处提示输入您的花生护照登陆名
Please input username(press ENTER use ):
此处提供输入花生护照登陆密码
Please input password:
系统提示是否保存配置文件,在这里输入yes回车.
Save to configuration file (/etc/phlinux.conf)?(yes/no):
以上操作完成,系统将自动登录花生壳服务器,用户可以通过web方式查看当前花生壳客户端的运行状态.
花生壳客户端使用 6160端口提供web检测服务,例如 http://192.168.1.126:6160/
此监测页面将完全的反应当前花生壳的运行状态.
也可通过以下命令在后台运行花生壳
#/usr/local/phlinux/phlinux -d
3、路由中的NAT设置
虚拟服务名称 内部主机 协议 外部端口 内部端口
smtp 192.168.126 tcp 25 25
pop 192.168.126 tcp 110 110
httpd 192.168.126 tcp 80 80
4、本例中,为使工作更加方便,在宿主系统中建立文件夹rhel5,共享,并设置为“允许网络用户可更改我的文件”
宿主系统IP为192.168.1.124,虚拟机系统IP为192.168.1.126,
虚拟机系统
#mkdir /mnt/share
将IP为192.168.1.124的XP系统中的共享rhel5挂载到/mnt/share下,rhxp和123456请分别改为你XP系统中的登录名和密码,需要什么软件,直接在xp下下载好,再放到rhel5下即可
#mount -t cifs -o username=rhxp,password=123456 //192.168.1.124/rhel5 /mnt/share
5、用以下命令检查sendmail与exim是否已安装,如果安装,请卸载之
#rpm -qa | grep sendmail
#rpm -qa | grep exim
卸载
#rpm -e –nodeps sendmail
#rpm -e –nodeps exim
6、用以下命令启动apche、mysqld服务
# service httpd start
# service mysqld start
# chkconfig –level 345 mysqld on
# chkconfig –level 345 httpd on
7、编辑apache配置文件httpd.conf,以apache支持php
# vi /etc/httpd/conf/httpd.conf
1、添加如下二行
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
2、定位至DirectoryIndex index.html
修改为:
DirectoryIndex index.php index.html
3、按照使用习惯,这里将网站根目录指定到/var/www:
找到DocumentRoot “/var/www/html”
修改为:DocumentRoot “/var/www”(后文中我们还会注释掉此行,以启用虚拟主机)
找到<Directory “/var/www/html”>
修改为:<Directory “/var/www”>
三、安装openssl-0.9.8e
# tar zxvf openssl-0.9.8e.tar.gz
# cd openssl-0.9.8e
# ./config shared zlib
# make
# make test
# make install
# mv /usr/bin/openssl /usr/bin/openssl.OFF
# mv /usr/include/openssl /usr/include/openssl.OFF
# rm /usr/lib/libssl.so
# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
# ln -s /usr/local/ssl/include/openssl /usr/include/openssl
# ln -sv /usr/local/ssl/lib/libssl.so.0.9.8 /usr/lib/libssl.so
配置库文件搜索路径
# echo “/usr/local/ssl/lib” >> /etc/ld.so.conf
# ldconfig -v
四、启动sasl
# saslauthd -a shadow pam
# testsaslauthd -u root -p 系统root密码
# echo “saslauthd -a shadow pam” >> /etc/rc.local
五、安装Postfix-2.4.3
1.安装
#rpm -ivh mysql-devel-5.0.22-2.1.i386.rpm (可在装系统的时候装上)
#rpm -ivh db4-devel-4.3.29-9.fc6.i386.rpm (可在装系统的时候装上)
#groupadd -g 2525 postfix
#useradd -g postfix -u 2525 -s /sbin/nologin -M postfix
#groupadd -g 2526 postdrop
#useradd -g postdrop -u 2526 -s /bin/false -M postdrop
#tar zxvf Postfix-2.4.3.tar.gz
#cd Postfix-2.4.3
#make makefiles ‘CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DUSE_TLS -I/usr/local/ssl/include/openssl ‘ ‘AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib -L/usr/include/sasl -lsasl2 -L/usr/local/ssl/lib -lssl -lcrypto’
#make
#make install
按照以下的提示输入相关的路径([]号中的是缺省值,”]”后的是输入值)
install_root: [/] /
tempdir: [/usr/local/src/Postfix-2.4.3] /tmp
config_directory: [/etc/postfix]
daemon_directory: [/usr/libexec/postfix] /usr/local/postfix/libexec
command_directory: [/usr/sbin] /usr/local/postfix/sbin
queue_directory: [/var/spool/postfix]
sendmail_path: [/usr/sbin/sendmail]
newaliases_path: [/usr/bin/newaliases]
mailq_path: [/usr/bin/mailq]
mail_owner: [postfix]
setgid_group: [postdrop]
html_directory: [no] /var/www/postfix_html
manpages: [/usr/local/man] /usr/local/postfix/man
readme_directory: [no]
说明:这里的postfix将安装在独立的目录/usr/local/postfix中,目的是为了方便管理;您亦可以采用默认安装的方式,可能这样使用起来会更为方便些;
生成别名二进制文件,这个步骤如果忽略,会造成postfix效率极低:
# newaliases
2.进行一些基本配置,测试启动postfix并进行发信
#vi /etc/postfix/main.cf
修改以下几项为您需要的配置
myhostname = mail.q1874.cn
myorigin = $mydomain
mydomain = mail.q1874.cn
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 192.168.1.0/24, 127.0.0.0/8
说明:
myorigin参数用来指明发件人所在的域名;
mydestination参数指定postfix接收邮件时收件人的域名,即您的postfix系统要接收到哪个域名的邮件;
myhostname 参数指定运行postfix邮件系统的主机的主机名,默认情况下,其值被设定为本地机器名;
mydomain参数指定您的域名,默认情况下,postfix将myhostname的第一部分删除而作为mydomain的值;
mynetworks 参数指定你所在的网络的网络地址,postfix系统根据其值来区别用户是远程的还是本地的,如果是本地网络用户则允许其访问;
inet_interfaces 参数指定postfix系统监听的网络接口;
注意:
1、在postfix的配置文件中,参数行和注释行是不能处在同一行中的;
2、任何一个参数的值都不需要加引号,否则,引号将会被当作参数值的一部分来使用;
3、每修改参数及其值后执行 postfix reload 即可令其生效;但若修改了inet_interfaces,则需重新启动postfix;
4、如果一个参数的值有多个,可以将它们放在不同的行中,只需要在其后的每个行前多置一个空格即可;postfix会把第一个字符为空格或tab的文本行视为上一行的延续;
启动postfix,不要安装exim 或用 service exim stop停止它,否则它会把25端口占用,导致postfix无法启动
/usr/local/postfix/sbin/postfix start
连接postfix,验正服务启动状况:开头部分是英文的为手工输入,这里特别说明下,
因为之前输入了telnet localhost 25后就在那里等,以为ehlo mail.q1874.cn会自动出现,结果每次都超时,
直到后来在网上搜索才知道要手工输入。
# telnet localhost 25
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 mail.q1874.cn ESMTP Postfix
ehlo mail.q1874.cn
250-mail.q1874.cn
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:root@q1874.cn
250 2.1.0 Ok
rcpt to:redhat@q1874.cn
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
subject:Mail test!
Mail test!!!
.
250 2.0.0 Ok: queued as AB94A1A561
quit
221 2.0.0 Bye
Connection closed by foreign host.
切换到redhat用户进行收信:
# su – redhat
$ mail
Mail version 8.1 6/6/93. Type ? for help.
“/var/spool/mail/redhat”: 1 message 1 new
>N 1 root@q1874.cn Wed Sep 5 10:59 15/488 “Mail test!”
&
六、为postfix开启基于cyrus-sasl的认证功能
使用以下命令验正postfix是否支持cyrus风格的sasl认证,如果您的输出为以下结果,则是支持的:
# /usr/local/postfix/sbin/postconf -a
cyrus
dovecot
#vi /etc/postfix/main.cf
添加以下内容:
############################CYRUS-SASL############################
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!
#vi /usr/lib/sasl2/smtpd.conf
添加如下内容:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
让postfix重新加载配置文件
#/usr/local/postfix/sbin/postfix reload
# telnet localhost 25
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 Welcome to our mail.q1874.cn ESMTP,Warning: Version not Available!
ehlo mail.q1874.cn
250-mail.q1874.cn
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN (请确保您的输出以类似两行)
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
七、让postfix支持虚拟域和虚拟用户
1、编辑/etc/postfix/main.cf,添加如下内容:
########################Virtual Mailbox Settings########################
virtual_mailbox_base = /var/spool/mail
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
##########################QUOTA Settings########################
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user’s maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again later.
virtual_overquota_bounce = yes
2、添加为支持虚拟域和虚拟用户所用到的配置文件
编辑/etc/postfix/mysql_virtual_alias_maps.cf ,添加如下内容:
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = alias
select_field = goto
where_field = address
编辑/etc/postfix/mysql_virtual_domains_maps.cf ,添加如下内容:
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = domain
select_field = description
where_field = domain
编辑/etc/postfix/mysql_virtual_mailbox_limit_maps.cf ,添加如下内容:
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = mailbox
select_field = quota
where_field = username
编辑/etc/postfix/mysql_virtual_mailbox_maps.cf ,添加如下内容:
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = mailbox
select_field = maildir
where_field = username
说明:
1、这里用到的数据库及用户的建立可以后文中的extmail说明部分来实现,您可以参照那一部分来理解这里指定的数据库及其用户名等;
2、以上新建文件亦可以从extman安装文件中获得,您也可以由此不用手动输入;
3、虚拟用户邮箱目录我这里沿用了/var/spool/mail,你可以指定为别的目录,比如常见到的/var/spool/mail,或者/home/domains等;但如果这里做了修改,请在后文中用到时作了相应的修改;
八、安装Courier authentication library
# tar jxvf courier-authlib-0.59.3.tar.bz2
# cd courier-authlib-0.59.3
./configure –prefix=/usr/local/courier-authlib –sysconfdir=/etc –without-authpam –without-authldap –without-authpwd –without-authshadow –without-authvchkpw –without-authpgsql –with-authmysql –with-mysql-libs==/usr/lib/mysql –with-mysql-includes==/usr/include/mysql –with-redhat –with-authmysqlrc=/etc/authmysqlrc –with-authdaemonrc=/etc/authdaemonrc CFLAGS=”-march=i686 -O2 -fexpensive-optimizations” CXXFLAGS=”-march=i686 -O2 -fexpensive-optimizations”
# make
# make install
# chmod 755 /usr/local/courier-authlib/var/spool/authdaemon
# cp /etc/authdaemonrc.dist /etc/authdaemonrc
# cp /etc/authmysqlrc.dist /etc/authmysqlrc
修改/etc/authdaemonrc 文件
authmodulelist=”authmysql”
authmodulelistorig=”authmysql”
daemons=10
编辑/etc/authmysqlrc 为以下内容,其中2525,2525 为postfix 用户的UID和GID。
MYSQL_SERVER localhost
MYSQL_PORT 3306 (指定你的mysql监听的端口,这里使用默认的3306)
MYSQL_USERNAME extmail (这时为后文要用的数据库的所有者的用户名)
MYSQL_PASSWORD extmail (密码)
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD ‘2525’
MYSQL_GID_FIELD ‘2525’
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD concat(‘/var/spool/mail/’,maildir)
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD concat(‘/var/spool/mail/’,maildir)
# cp courier-authlib.sysvinit /etc/init.d/courier-authlib
# chmod 755 /etc/init.d/courier-authlib
# chkconfig –add courier-authlib
# chkconfig –level 2345 courier-authlib on
#echo “/usr/local/courier-authlib/lib/courier-authlib” >> /etc/ld.so.conf
# ldconfig -v
# service courier-authlib start (启动服务)
九、安装Courier-IMAP
# tar jxvf courier-imap-4.1.3.tar.bz2
# cd courier-imap-4.1.3
./configure –prefix=/usr/local/courier-imap –with-redhat –enable-unicode –disable-root-check –with-trashquota –without-ipv6 CPPFLAGS=’-I/usr/local/ssl/include/openssl -I/usr/local/courier-authlib/include’ LDFLAGS=’-L/usr/local/courier-authlib/lib/courier-authlib’ COURIERAUTHCONFIG=’/usr/local/courier-authlib/bin/courierauthconfig’
#cd imap
#vi Makefile
将
CFLAGS = -I.. -I./.. -Wall -g -O2
修改为
CFLAGS = -I/usr/local/courier-authlib/include -I.. -I./.. -Wall -g -O2
#cd ..
# make
# make install
# cp /usr/local/courier-imap/etc/imapd.dist /usr/local/courier-imap/etc/imapd
# cp /usr/local/courier-imap/etc/imapd-ssl.dist /usr/local/courier-imap/etc/imapd-ssl
# cp /usr/local/courier-imap/etc/pop3d.dist /usr/local/courier-imap/etc/pop3d
# cp /usr/local/courier-imap/etc/pop3d-ssl.dist /usr/local/courier-imap/etc/pop3d-ssl
配置Courier-IMAP,为用户提供pop3服务:
vi /usr/local/courier-imap/etc/pop3d
POP3DSTART=YES
注:如果你想为用户提供IMAP服务,则需在”/usr/local/courier-imap/etc/imapd”文件中设置”IMAPDSTART=yes”;其它类同;
将虚拟用户邮箱所在的目录权限赋予postfix用户:
#chown –R postfix /var/spool/mail
#cp courier-imap.sysvinit /etc/rc.d/init.d/courier-imapd
#chmod 755 /etc/rc.d/init.d/courier-imapd
#chkconfig –add courier-imapd
#chkconfig –level 2345 courier-imapd on
#service courier-imapd start
接下来重新配置SMTP 认证,编辑 /usr/lib/sasl2/smtpd.conf ,确保其为以下内容:
pwcheck_method: authdaemond
log_level: 3
mech_list:PLAIN LOGIN
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket
十、安装Extmail-1.0.2
1、安装
# tar zxvf extmail-1.0.2.tar.gz
# mkdir -pv /var/www/extsuite
# mv extmail-1.0.2 /var/www/extsuite/extmail
# cp /var/www/extsuite/extmail/webmail.cf.default /var/www/extsuite/extmail/webmail.cf
2、修改主配置文件
#vi /var/www/extsuite/extmail/webmail.cf
部分修改选项的说明:
SYS_MESSAGE_SIZE_LIMIT = 5242880
用户可以发送的最大邮件
SYS_USER_LANG = en_US
语言选项,可改作:
SYS_USER_LANG = zh_CN
SYS_MAILDIR_BASE = /home/domains
此处即为您在前文所设置的用户邮件的存放目录,可改作:
SYS_MAILDIR_BASE = /var/spool/mail
SYS_MYSQL_USER = db_user
SYS_MYSQL_PASS = db_pass
以上两句句用来设置连接数据库服务器所使用用户名、密码和邮件服务器用到的数据库,这里修改为:
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
SYS_MYSQL_HOST = localhost
指明数据库服务器主机名,这里默认即可
SYS_MYSQL_TABLE = mailbox
SYS_MYSQL_ATTR_USERNAME = username
SYS_MYSQL_ATTR_DOMAIN = domain
SYS_MYSQL_ATTR_PASSWD = password
以上用来指定验正用户登录里所用到的表,以及用户名、域名和用户密码分别对应的表中列的名称;这里默认即可
SYS_AUTHLIB_SOCKET = /var/spool/authdaemon/socket
此句用来指明authdaemo socket文件的位置,这里修改为:
SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket
3、apache相关配置
由于extmail要进行本地邮件的投递操作,故必须将运行apache服务器用户的身份修改为您的邮件投递代理的用户;本例中打开了apache服务器的suexec功能,故使用以下方法来实现虚拟主机运行身份的指定。此例中的MDA为postfix自带,因此将指定为postfix用户:
<VirtualHost *:80>
ServerName mail.q1874.cn
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
SuexecUserGroup postfix postfix
</VirtualHost>
修改 cgi执行文件属主为apache运行身份用户:
# chown -R postfix.postfix /var/www/extsuite/extmail/cgi/
如果您没有打开apache服务器的suexec功能,也可以使用以下方法解决:
# vi /etc/httpd/httpd.conf
User postfix
Group postfix
<VirtualHost *:80>
ServerName mail.q1874.cn
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
</VirtualHost>
4、依赖关系的解决
extmail将会用到perl的Unix::syslogd功能,您可以去http://search.cpan.org搜索下载原码包进行安装。
# tar zxvf Unix-Syslog-0.100.tar.gz
# cd Unix-Syslog-0.100
# perl Makefile.PL
# make
# make install
十一、安装Extman-0.2.2
1、安装及基本配置
#tar zxvf extman-0.2.2.tar.gz
# mv extman-0.2.2 /var/www/extsuite/extman
修改配置文件以符合本例的需要:
# vi /var/www/extsuite/extman/webman.cf
SYS_MAILDIR_BASE = /home/domains
此处即为您在前文所设置的用户邮件的存放目录,可改作:
SYS_MAILDIR_BASE = /var/spool/mail
使用extman源码目录下docs目录中的extmail.sql和init.sql建立数据库:
# cd /var/www/extsuite/extman/docs
# mysql -u root -p <extmail.sql
# mysql -u root -p <init.sql
修改cgi目录的属主:
# chown -R postfix.postfix /var/www/extsuite/extman/cgi/
如果extman访问数据库权限不足的话,可采用以下命令将新生成的数据库赋予webman用户具有所有权限:
mysql> GRANT all privileges on extmail.* TO webman@localhost IDENTIFIED BY ‘webman’;
mysql> GRANT all privileges on extmail.* TO webman@127.0.0.1 IDENTIFIED BY ‘webman’;
在apache的主配置文件中Extmail的虚拟主机部分,添加如下两行:
ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi
Alias /extman /var/www/extsuite/extman/html
创建其运行时所需的临时目录,并修改其相应的权限:
#mkdir -pv /tmp/extman
#chown postfix.postfix /tmp/extman
十二、安装maildrop-2.0.4
maildrop是一个使用C++编写的用来代替本地MDA的带有过滤功能邮件投递代理,是courier邮件系统组件之一。它从标准输入接受信息并投递到用户邮箱;maildrop既可以将邮件投递到mailboxes格式邮箱,亦可以将其投递到maildirs格式邮箱。同时,maildrop可以从文件中读取入站邮件过滤指示,并由此决定是将邮件送入用户邮箱或者转发到其它地址等。和procmail不同的是,maildrop使用结构化的过滤语言,因此,邮件系统管理员可以开发自己的过滤规则并应用其中。
我们在此将使用maildrop来代替postfix自带的MDA,并以此为基础扩展后文的邮件杀毒和反垃圾邮件功能的调用;在此可能会修改前文中的许多设置,请确保您的设置也做了相应的修改。
1、安装
将courier-authlib的头文件及库文件链接至/usr目录(编译maildrop时会到此目录下找此些相关的文件):
# ln -sv /usr/local/courier-authlib/bin/courierauthconfig /usr/bin
# ln -sv /usr/local/courier-authlib/include/* /usr/include
maildrop需要pcre的支持,因此,接下来将首先安装pcre
# tar jxvf pcre-7.3.tar.bz2
# cd pcre-7.3
# ./configure
# make
# make check
# make install
# groupadd -g 1001 vmail
# useradd -g vmail -u 1001 -M -s /sbin/nologin vmail
# tar jxvf maildrop-2.0.4.tar.bz2
# cd maildrop-2.0.4
#./configure –enable-sendmail=/usr/sbin/sendmail –enable-trusted-users=’root vmail’ –enable-syslog=1 –enable-maildirquota –enable-maildrop-uid=1001 –enable-maildrop-gid=1001 –with-trashquota –with-dirsync
# make
# make install
检查安装结果,请确保有”Courier Authentication Library extension enabled.”一句出现:
# maildrop -v
maildrop 2.0.4 Copyright 1998-2005 Double Precision, Inc.
GDBM extensions enabled.
Courier Authentication Library extension enabled.
Maildir quota extension enabled.
This program is distributed under the terms of the GNU General Public
License. See COPYING for additional information.
2、新建其配置文件/etc/maildroprc文件,首先指定maildrop的日志记录位置:
# vi /etc/maildroprc
添加:
logfile “/var/log/maildrop.log”
# touch /var/log/maildrop.log
# chown vmail.vmail /var/log/maildrop.log
3、配置Postfix
编辑master.cf
# vi /etc/postfix/master.cf
启用如下两行
maildrop unix – n n – – pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
注意:定义transport的时候,即如上两行中的第二行,其参数行必须以空格开头,否则会出错。
编辑main.cf
# vi /etc/postfix/main.cf
virtual_transport = virtual
修改为:
virtual_transport = maildrop
将下面两项指定的UID和GID作相应的修改:
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
修改为:
virtual_uid_maps = static:1001
virtual_gid_maps = static:1001
4、编辑/etc/authmysqlrc
# vi /etc/authmysqrc
MYSQL_UID_FIELD ‘2525’
MYSQL_GID_FIELD ‘2525’
更改为:
MYSQL_UID_FIELD ‘1001’
MYSQL_GID_FIELD ‘1001’
注意:没有此处的修改,maildrop可能会报告 “signal 0x06”的错误报告。
5、编辑/etc/httpd/httpd.conf,修改运行用户:
如果启用了suexec的功能,则将虚拟主机中指定的
SuexecUserGroup postfix postfix
修改为:
SuexecUserGroup vmail vmail
如果没有使用上面的功能,则修改User和Group指令后的用户为vmail
将前文中的如下项
User postfix
Group postfix
修改为:
User vmail
Group vmail
6、将用户邮件所在的目录/var/spool/mail和extman的临时目录/tmp/extman的属主和属组指定为vmail
#chown -R vmail.vmail /var/spool/mail
#chown -R vmail.vmail /tmp/extman
#chown -R vmail.vmail /var/www/extsuite/extmail/cgi/
#chown -R vmail.vmail /var/www/extsuite/extman/cgi/
接下来重新启动postfix和apache,进行发信测试后,如果日志中的记录类同以下项,则安装成功
Sep 16 12:04:43 Ixor postfix/pipe[14266]: 46B491A5CB: to=<marion@test.com>, relay=maildrop, delay=2306, delays=2306/0.04/0/0.07, dsn=2.0.0, status=sent (delivered via maildrop service)
(1) 如果您安装后无法正常显示校验码,安装perl-GD模块会解决这个问题。如果想简单,您可以到以下地址下载适合您的平台的rpm包,安装即可: http://dries.ulyssis.org/rpm/packages/perl-GD/info.html
# rpm -ivh /mnt/share/perl-GD-2.35-1.el5.rf.i386.rpm
(2) extman-0.2.2自带了图形化显示日志的功能;此功能需要rrdtool的支持,您需要安装此些模块才可能正常显示图形日志。
2、(新增2007.9.18)配置Mailgraph_ext,使用Extman的图形日志:
接下来安装图形日志的运行所需要的软件包Time::HiRes、File::Tail和rrdtool,其中前两个包您可以去http://search.cpan.org搜索并下载获得,后一个包您可以到 http://oss.oetiker.ch/rrdtool/pub/?M=D下载获得; 注意安装顺序不能改换。
安装Time::HiRes
#tar zxvf Time-HiRes-1.9707.tar.gz
#cd Time-HiRes-1.9707
#perl Makefile.PL
#make
#make test
#make install
安装File::Tail
#tar zxvf File-Tail-0.99.3.tar.gz
#cd File-Tail-0.99.3
#perl Makefile
#make
#make test
#make install
安装GD库
http://sourceforge.net/ 好多源代码包可以在上面找到
安装步骤:
先安装freetype,libpng,jpeg,再装GD
1.安装libpng
tar zxvf libpng-1.2.7.tar.tar
cd libpng-1.2.7
cd scripts/
mv makefile.linux ../makefile
cd ..
make
make install
注意,这里的makefile不是用./configure生成,而是直接从scripts/里拷一个
2.安装freetype
tar zxvf freetype-2.1.9.tar.gz
cd freetype-2.1.9
./configure
make
make install
3.安装Jpeg
tar zxvf jpegsrc.v6b.tar.gz
cd jpeg-6b/
./configure –enable-shared
make
make test
make install
注意,这里configure一定要带–enable-shared参数,不然,不会生成共享库
4.安装gettext
cp /usr/lib/libattr.* /lib/
tar xzf gettext-0.17.tar.gz
cd gettext-0.17
./configure
make
make install
5.安装GD
tar zxvf gd-2.0.33.tar.gz
cd gd-2.0.33
./configure –with-png –with-freetype –with-jpeg
make install
6.安装libart
tar xzf libart_lgpl-2.3.17.tar.gz
cd libart_lgpl-2.3.17/
./configure
make
make install
ln -s /usr/local/include/libart-2.0 /usr/include/libart-2.0
ln -s /usr/local/include/freetype2 /usr/include/freetype2
以上工作均是为安装rrdtool做准备,现在安装rrdtool-1.2.23
#tar zxvf rrdtool-1.2.23.tar.gz
#cd rrdtool-1.2.23
#./configure –prefix=/usr/local/rrdtool
#make
#make install
创建必要的符号链接(Extman会到这些路径下找相关的库文件)
ln -sv /usr/local/rrdtool/lib/perl/5.8.8/i386-linux-thread-multi/auto/RRDs/RRDs.so /usr/lib/perl5/5.8.5/i386-linux-thread-multi/
ln -sv /usr/local/rrdtool/lib/perl/5.8.8/RRDp.pm /usr/lib/perl5/5.8.5
ln -sv /usr/local/rrdtool/lib/perl/5.8.8/i386-linux-thread-multi/RRDs.pm /usr/lib/perl5/5.8.5
复制mailgraph_ext到/usr/local,并启动之
cp -r /var/www/extsuite/extman/addon/mailgraph_ext /usr/local
cp /usr/local/lib/libpng.so.0 /lib/libpng.so.0
/usr/local/mailgraph_ext/mailgraph-init start
/usr/local/mailgraph_ext/qmonitor-init start
添加到自动启动队列
echo “/usr/local/mailgraph_ext/mailgraph-init start” >> /etc/rc.local
echo “/usr/local/mailgraph_ext/qmonitor-init start” >> /etc/rc.local
好了,接下来您就可以到extman的后台查看图表日志了。
十三、安装clamav-0.91.2
最新的clamav-0.91.2需要zlib-1.2.2以上的版本的支持,而RHEL4上的版本为zlib-1.2.1,因此您需要先升级zlib
1、安装clamav-0.91.2
添加ClamAV运行所需的组和用户:
#groupadd clamav
#useradd -g clamav -s /sbin/nologin -M clamav
添加配合amavisd-new使用的用户amavis
#groupadd amavis
#useradd -g amavis -s /sbin/nologin -M amavis
#tar zxvf clamav-0.91.2.tar.gz
#cd clamav-0.91.2
#./configure –prefix=/usr/local/clamav –with-dbdir=/usr/local/clamav/share –sysconfdir=/etc/clamav
#make
#make check
#make install
2、配置Clam AntiVirus:
编辑主配置文件:
#vi /etc/clamav/clamd.conf
注释掉第八行的Example,如下:
# Example
找到如下行
#LogFile /tmp/clamd.log
#PidFile /var/run/clamd.pid
LocalSocket /tmp/clamd.socket
#DatabaseDirectory /var/lib/clamav
#User clamav
修改为:
LogFile /var/log/clamav/clamd.log
PidFile /var/run/clamav/clamd.pid
LocalSocket /var/run/clamav/clamd.socket
DatabaseDirectory /usr/local/clamav/share
User amavis
启用以下选项
LogSyslog yes
LogFacility LOG_MAIL
LogVerbose yes
StreamMaxLength 20M (后面的数值应该与邮件服务器允许的最大附件值相一致)
编辑更新进程的配置文件
#vi /etc/clamav/freshclam.conf
注释掉Example,如下:
# Example
找到如下行
#DatabaseDirectory /var/lib/clamav
#UpdateLogFile /var/log/freshclam.log
PidFile /var/run/freshclam.pid
分别修改为:
DatabaseDirectory /usr/local/clamav/share
UpdateLogFile /var/log/clamav/freshclam.log
PidFile /var/run/clamav/freshclam.pid
启用以下选项:
DatabaseMirror db.XY.clamav.net (这里也可以把XY改成您的国家代码来实现,比如,我们用cn来代替)
LogSyslog yes
LogFacility LOG_MAIL
LogVerbose yes
3、建立日志所在的目录、进程与socket所在的目录,并让它属于clamav用户:
# mkdir -v /var/log/clamav
# chown -R amavis.amavis /var/log/clamav
# mkdir -v /var/run/clamav
# chmod 700 /var/run/clamav
# chown -R amavis.amavis /var/run/clamav
建立freshlog的日志文件
#touch /var/log/clamav/freshclam.log
#chown clamav.clamav /var/log/clamav/freshclam.log
4、配置crontab,让Clam AntiVirus每小时检测一次新的病毒库:
# crontab -e
添加:
37 * * * * /usr/local/clamav/bin/freshclam
5、配置库文件搜索路径:
# echo “/usr/local/clamav/lib” >> /etc/ls.so.conf
# ldconfig -v
6、配置clamav开机自动启动
# cp contrib/init/RedHat/clamd /etc/rc.d/init.d/clamd
# cp contrib/init/RedHat/clamav-milter /etc/rc.d/init.d/clamav-milter
# chkconfig –add clamd
# chkconfig –add clamav-milter
# chkconfig –level 2345 clamd on
# chkconfig –level 2345 clamav-milter on
编辑/etc/rc.d/init.d/clamd,将服务进程的路径指向刚才的安装目录
#vi /etc/rc.d/init.d/clamd
找到如下行
progdir=”/usr/local/sbin”
修改为:
progdir=”/usr/local/clamav/sbin”
启动clamd
#service clamd start
十四、编辑Spamassassin-3.2.3主配置文件
1、编辑/etc/mail/spamassassin/local.cf
#vi /etc/mail/spamassassin/local.cf
required_hits 10.0
rewrite_subject 1
required_score 5.0
rewrite_header Subject *****SPAM*****
report_safe 1
use_bayes 1
bayes_auto_learn 1
skip_rbl_checks 1
use_razor2 0
use_pyzor 0
ok_locales all
2、检查配置文件
#spamassassin -d –lint
如果出现以下错误,可把local.cf里的rewrite_subject 1注释掉,即在前面加#,不影响使用
[1034] warn: config: failed to parse line, skipping: rewrite_subject 1
[1034] warn: lint: 1 issues detected, please rerun with debug enabled for more information
3、启动进程,并将其加入到自动启动队列
#/usr/bin/spamd -d
#echo “/usr/bin/spamd -d” >> /etc/rc.local
十五、安装amavisd-new-2.5.2
1、依赖关系的解决
以下为官方声明所必须的软件包列表,你可以采用以下方法进行安装
#perl -MCPAN -e shell
cpan> install Archive::Zip
Archive::Zip (Archive-Zip-x.xx) (1.14 or later should be used!)
Compress::Zlib (Compress-Zlib-x.xx) (1.35 or later)
Convert::TNEF (Convert-TNEF-x.xx)
Convert::UUlib (Convert-UUlib-x.xxx) (1.08 or later, stick to new versions!)
MIME::Base64 (MIME-Base64-x.xx)
MIME::Parser (MIME-Tools-x.xxxx) (latest version from CPAN – currently 5.420)
Mail::Internet (MailTools-1.58 or later have workarounds for Perl 5.8.0 bugs)
Net::Server (Net-Server-x.xx) (version 0.88 finally does setuid right)
Digest::MD5 (Digest-MD5-x.xx) (2.22 or later)
IO::Stringy (IO-stringy-x.xxx)
Time::HiRes (Time-HiRes-x.xx) (use 1.49 or later, older can cause problems)
Unix::Syslog (Unix-Syslog-x.xxx)
BerkeleyDB with bdb library 3.2 or later (4.2 or later preferred)
quit #退出cpan
2、安装amavisd-new-2.5.2
创建运行时目录,并赋予amavis用户(前文中所建)
# mkdir -pv /var/amavis/{tmp,var,db,home}
# chown -R amavis:amavis /var/amavis
#chmod -R 750 /var/amavis
#tar zxvf amavisd-new-2.5.2.tar.gz
#cd amavisd-new-2.5.2
拷贝服务端至$PATH中指定的目录,推荐拷贝至/usr/local/sbin:
#cp amavisd /usr/local/sbin/
#chown root /usr/local/sbin/amavisd
#chmod 755 /usr/local/sbin/amavisd
拷贝主配置文件至/etc,并修改相应的权限:
#cp amavisd.conf /etc
# chown root:amavis /etc/amavisd.conf
# chmod 640 /etc/amavisd.conf
创建amavisd运行中所需要的隔离区域:
# mkdir -v /var/virusmails
# chown amavis:amavis /var/virusmails/
# chmod 750 /var/virusmails/
3、编辑主配置文件
#vi /etc/amavisd.conf
确保您的如下选项的值如下文所示:
$daemon_user = ‘amavis’;
$daemon_group = ‘amavis’;
$mydomain = ‘q1874.cn’; (此处可更改为您集体的域)
$virus_admin = “postmaster\@$mydomain”;
$mailfrom_notify_admin = “postmaster\@$mydomain”;
$mailfrom_notify_recip = “postmaster\@$mydomain”;
$mailfrom_notify_spamadmin = “postmaster\@$mydomain”;
$mailfrom_to_quarantine = ”;
virus_admin_maps => [“postmaster\@$mydomain”] (指定报告病毒和垃圾邮件时发送系统邮件的用户身份)
spam_admin_maps => [“postmaster\@$mydomain”]
启用ClamAV,(大概在第355行)去掉如下行前的注释符:
#[‘ClamAV-clamd’,
# \&ask_daemon, [“CONTSCAN {}\n”, “/var/run/clamav/clamd”],
# qr/\bOK$/, qr/\bFOUND$/,
# qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# [‘Mail::ClamAV’, \&ask_clamav, “*”, [0], [1], qr/^INFECTED: (.+)/],
并将如上行中的/var/run/clamav/clamd修改为:/var/run/clamav/clamd.socket
4、测试启动
#/usr/local/sbin/amavisd
您也可以按如下命令调试启动
#/usr/local/sbin/amavisd debug
5、修改postfix的配置,让它能调用amavisd,以实现病毒及垃圾邮件的过滤
#vi /etc/postfix/master.cf
在文末添加如下内容:
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
#
amavisfeed unix – – n – 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
#
127.0.0.1:10025 inet n – n – – smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o local_header_rewrite_clients=
说明:注意每行“-o”前的空格;
#vi /etc/postifx/main.cf
在文末添加如下行:
content_filter=amavisfeed:[127.0.0.1]:10024
6、让postfix重新加载主配置文件,并查看启动情况
# postfix reload && tail -f /var/log/maillog
7、查看amavisd是否在监听10024端口,并测试服务启动情况:
# telnet localhost 10024
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 [127.0.0.1] ESMTP amavisd-new service ready
EHLO localhost
250-[127.0.0.1]
250-VRFY
250-PIPELINING
250-SIZE
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 XFORWARD NAME ADDR PROTO HELO
Quit
221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
Connection closed by foreign host.
8、postfix重新加载配置文件后将授权并激活”127.0.0.1:10025″端口,一个正常的服务连接应该类同下面所示:
# telnet localhost 10025
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 Welcome to our mail.q1874.cn ESMTP,Warning: Version not Available
EHLO localhost
250-mail.q1874.cn
250-PIPELINING
250-SIZE 14336000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
QUIT
221 2.0.0 Bye
Connection closed by foreign host.
9、通过amavisd测试发信
# telnet localhost 10024
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 [127.0.0.1] ESMTP amavisd-new service ready
HELO localhost
250 [127.0.0.1]
MAIL FROM:<>
250 2.1.0 Sender <> OK
RCPT TO:<postmaster>
250 2.1.5 Recipient <postmaster> OK
DATA
354 End data with <CR><LF>.<CR><LF>
From:Anti-Virus tester
To: MailServer Admin
Subject:amavisd test!
amavisd test!!
.
250 2.0.0 Ok: queued as 263FC1A609
quit
221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
Connection closed by foreign host.
接下来使用root用户测试收信
# mail
Mail version 8.1 6/6/93. Type ? for help.
“/var/spool/mail/root”: 1 message 1 new
>N 1 Anti-Virus tester Wed Sep 19 01:19 23/798 “amavisd test!”
& 1
Message 1:
From MAILER-DAEMON Wed Sep 19 01:19:16 2007
X-Original-To: postmaster
Delivered-To: postmaster@q1874.cn
X-Quarantine-ID: <3gmvpc8RxPtn>
X-Virus-Scanned: amavisd-new at q1874.cn
X-Amavis-Alert: BAD HEADER, MIME error: error: unexpected end of header
From:Anti-Virus tester
To: MailServer Admin
Subject:amavisd test!
Date: Wed, 19 Sep 2007 01:19:15 +0800 (CST)
amavisd test!!
十六、测试使用反病毒及反垃圾模块
1、病毒邮件发送测试
登录extmail,发送带有病毒附件的邮件(病毒样本文件http://bbs.chinaunix.net/attachment.php?aid=213887),查看发送情况:
2、垃圾邮件测试
登录extmail,新建一封邮件,拷贝以下内容作为邮件正文,并查看发送情况:
This is the GTUBE, the
Generic
Test for
Unsolicited
Bulk
Email
If your spam filter supports it, the GTUBE provides a test by which you
can verify that the filter is installed correctly and is detecting incoming
spam. You can send yourself a test mail containing the following string of
characters (in upper case and with no white spaces and line breaks):
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
查看发送结果:
#tail -15 /var/log/maillog
# tail -3 /var/log/clamav/clamd.log
大概花了三个星期,总算是弄好了,可以往公司的邮箱,163的邮箱发信,也可以正常收信,但无法向yahoo.cn发信,这是Yahoo的问题了,呵呵。一开始是按照marion大侠的文章做的,但一直不成功,不过我装的是RHEL AS 4.0,应该跟系统无关,后来看见zqli大侠的文章,是在RHEL5.0上实现的,然后就按照他的办法安装,看到后来,实在看不懂了,就又参考回marion的文章,所以,真的感谢Marion写了这么详细的文章,这里总结下这次的问题
1、Marion的文章中,邮箱的路径用的是/var/mailbox,但我用这个路径,用公司的邮箱发信过来,查看maillog,提示是找不到用户,
但如果我将路径改为/var/spool/mail,收信就正常,不知道是什么原因。
2、maildrop -V 9 -d admin@q1874.cn 这个命令可以检查帐号admin@q1874.cn的一些配置参数是否正确
3、/usr/local/postfix/sbin/postsuper -d ALL 可以删除所有未发出的邮件。
4、希网网络(http://www.3322.org/)的免费域名可以做MX记录,同样也有Linux下的客户端,那就不用花钱注册顶级域名了,昨天在Windows下用webmail试了下,可以正常收发信件,找个时间,再弄个希网网络的域名,让postfix管理两个域名的邮件,继续学习中!
5、安装本邮件系统出现的问题,有一部分可以在本博客中找到办法,还有很多错误解决办法放在邮箱上了,有空再整理下。
6、出了问题多看Log!