说明:关于邮件配置这几篇文章,主要参考的是作者sery博客,里边还有一些作者的内容.本篇配置,大部分软件版本与原作者的都不相同.同时,里边更新了一些新的内容,如WEBServer 采用nginx,系统版本采用CentOS5.3.这几篇命名为原创不是作者的本意,为了避免误解,现更改为转载.但,整篇配置确是作者一步步配置.在原作者的配置上也发现了一些新的问题.本人会继续开源软件的研究和实践.
起动php-cgi进程:
/usr/local/phpcgi/sbin/php-fpm start
4.NGINX安装
@nginx版本:0.7.57
步骤:
####################################################
# ./configure --user=vmail --group=vmail --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
# make && make install
###################################################
# more /usr/local/nginx/conf/fcgi.conf
#fastcgi.conf
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
二.邮件发送接收相关包的安装
再继续安装前先清理一下系统自带的一些软件
Sendmail相关包rpm –q sendmail
sendmail-8.13.8-2.el5
----------------------------------------------
清除:
rpm -e sendmail --nodeps
Sasl 相关包列出 rpm -qa|grep sasl
cyrus-sasl-2.1.22-4
cyrus-sasl-devel-2.1.22-4
cyrus-sasl-plain-2.1.22-4
cyrus-sasl-lib-2.1.22-4
---------------------------------------------
清除:
rpm -e --nodeps cyrus-sasl cyrus-sasl-devel cyrus-sasl-plain cyrus-sasl-lib
然后是创建以下用户及组
用户名 |
组名 |
作用 |
备注 |
mysql |
mysql |
数据库mysql运行用户 |
以上已创建 |
vmail |
vmail |
nginx 服务运行用户 |
以上已创建 |
vmail |
vmail |
Postfix虚拟邮件帐号所使用的用户及组 |
uid,gid:1001,1001 |
postfix |
Postfix |
Postfix主程序使用的帐号和组 |
Uid,gid:1000,1000 |
|
Postdrop |
Postfix setgid_group |
setgid_group=postdrop |
amavis |
amavis |
邮件扫描 |
|
clamav |
Clamav |
病毒扫描 |
|
ln -s /usr/src/kernels/2.6.18-128.el5-i686 /usr/src/linux //避免以下安装编译出现问题
一.安装courier-authlib
安装过程:
……………………………安装开始………………………………………………
Shell> tar jxvf courier-authlib-0.62.2.tar.bz2
Shell> cd courier-authlib-0.62.2
Shell>./configure
--with-mailuser=vmail --with-mailgroup=vmail
--with-mysql-libs=/usr/local/mysql/lib/mysql
--with-mysql-includes=/usr/local/mysql/include/mysql
--prefix=/usr/local/authlib
--without-stdheaderdir
Shell> make && make install
Shell> make install-configure
…………………………安装结束……………………………………………
---------------------------------------------------------
一般情况下,anthlib的安装应该是容易完成的。
配置:
配置authlib.在目录/usr/local/authlib/etc/authlib中,修改文件authdaemonrc及authmysqlrc。
vim /usr/local/authlib/etc/authlib/authdaemonrc
vi /usr/local/authlib/etc/authlib/authdaemonrc
修改上面3项,其他的项保持不变。这个修改前2行表示用mysql认证模块;把DEBUG_LOGIN的值有默认的“0”改成“2”的用意是运行postfix时有更多的信息输出,通过生成的日志以帮助排错。 |
vi /usr/local/authlib/etc/authlib/authmysqlrc MYSQL_DATABASE extmail MYSQL_SOCKET /usr/local/mysql/tmp/mysql.sock MYSQL_PORT 3306 DEFAULT_DOMAIN mail.test.com MYSQL_LOGIN_FIELD username MYSQL_NAME_FIELD name 特别注意MYSQL_UID_FIELD和MYSQL_GID_FIELD字段的值,这里是‘1001’,也可以是其它的,但一定要与vmail用户及组相一致(id vmail可以得出这2者的值) |
后续工作还有,所以现在还不能测试。
-------------------------------------------------------
二.安装SASL
cyrus-sasl-2.1.22.tar.gz
安装过程:
……………………………安装开始………………………………………………
Shell> tar zxvf cyrus-sasl-2.1.22.tar.gz
Shell> cd cyrus-sasl-2.1.22
Shell> ./configure --disable-anon
--disable-gssapi //授权
--disable-sample
--disable-digest //授权
--enable-plain
--enable-login
--enable-sql
--with-mysql=/usr/local/mysql
--with-mysql-includes=/usr/local/mysql/include/mysql
--with-mysql-libs=/usr/local/mysql/lib/mysql
--with-authdaemond=/usr/local/authlib/var/spool/authdaemon/socket
Shell> make
Shell> make install
…………………………安装结束……………………………………………
配置:
ln -s /usr/local/lib/sasl2 /usr/lib/sasl2 //sasl的安装目录是/usr/local/lib/sasl //安装结束后有Warning警告
echo “/usr/local/lib” >> ld.so.conf //否则postfix 编译里会找不到libsasl2.so.2
创建文件 /usr/local/lib/sasl2/smtpd.conf,并加入如下内容:
pwcheck_method: authdaemond mech_list: PLAIN LOGIN log_level: 3 authdaemond_path: /usr/local/authlib/var/spool/authdaemon/socket |
Sasl2需要使用文件/usr/local/authlib/var/spool/authdaemon/socket,但默认情况下,其属性是744,需要把它加上执行权限,以便文件属组(主)而外的其它用户可以执行。运行命令
chmod +x /usr/local/authlib/var/spool/authdaemon即可,如果不这样处理,smtp验证无一例外会失败的。
创建运行时需要的目录并调试启动
# mkdir -pv /var/state/saslauthd
# /usr/local/sbin/saslauthd -v //看看版本是不是2.1.22
saslauthd 2.1.22
authentication mechanisms: getpwent pam rimap shadow
# /usr/local/sbin/saslauthd -a shadow pam -d //正常不会报错
启动并测试
# /usr/local/sbin/saslauthd -a shadow pam
# /usr/local/sbin/testsaslauthd -u root -p password //正常显示0: OK "Success"成功
(Password改成机器登录账号root 的密码,这里不是账号不是指的MySQL账号密码。否则会提示:
0: NO "authentication failed",同时,注意这里测试不用开启authdaemond(authlib)
加入开机自启动
Echo “/usr/local/sbin/saslauthd -a shadow pam” >>/etc/rc.local
三.安装postfix
Make参数参考:安装源文件READ_FILES目录
# more README_FILES/MYSQL_README
安装过程:
……………………………安装开始………………………………………………
Shell> tar zxvf postfix-2.5.6.tar.gz
Shell> cd postfix-2.5.6
Shell> make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/local/include/sasl' 'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient -lz -lm -L/usr/local/lib -lsasl2'
@@注意:1. 如果没有Makefile文件,需要设置成make -f Makefile.init
2. /usr/local/mysql/include 如果此目录下还有mysql目录,应改成/usr/local/mysql/include/mysql
3. /usr/local/mysql/lib 如果此目录下还有mysql目录,应改成/usr/local/mysql/lib/mysql
如果没有意外,make这一步很快就执行完了,接下来就是安装,使用的命令是
Shell> make install
程序先自动执行一阵子,然后会进入交互状态,等待用户的输入,一般情况下,一路回车即可完成所有的安装。
最后:
生成别名二进制文件,这个步骤如果忽略,会造成postfix效率极低:
shell> /usr/bin/newaliases
…………………………安装结束……………………………………………
检验postfix是否支持sasl认证,如果输出为以下结果,则支持:
shell> /usr/sbin/postconf -a //postfix 安装没有指定目录
cyrus
dovecot
shell> /usr/sbin/postconf -m |grep mysql
mysql //没有的话需重新编译postfix
四.安装imap
Postfix只是实现邮件系统的smtp功能,pop3或imap则需要另外的软件来实现,这个软件就是courier-imap(当然也有别的软件可以选择)。
……………………………安装开始………………………………………………
Shell> tar jxvf courier-imap-4.4.1.tar.bz2
Shell> cd courier-imap-4.4.1
Shell>./configure
--prefix=/usr/local/imap
--with-RedHat
--disable-root-check
--enable-unicode=utf-8,iso-8859-1,gb2312,gbk,gb18030
--with-trashquota
--with-dirsync
--with-mysql-libs=/usr/local/mysql/lib/mysql --with-mysql-includes=/usr/local/mysql/include/mysql
--with-authmysql
--with-authmysql=yes
CPPFLAGS='-I/usr/local/authlib/include' LDFLAGS='-L/usr/local/authlib/lib/courier-authlib'
COURIERAUTHCONFIG='/usr/local/authlib/bin/courierauthconfig'
[以上时间长一些]
Shell> make
Shell> make install
Shell> make install-configure
……………………………安装结束………………………………………………
配置:
……………………………配置开始………………………………………………
修改配置文件/usr/local/imap/etc/pop3d及/usr/local/imap/etc/imapd。把/usr/local/imap
/etc/pop3d 文件的行“POP3DSTART=NO”改成“POP3DSTART=YES”,再依照这个形式把文件/usr/local/imap/etc/imapd的行“IMAPDSTART=NO”改成“IMAPDSTART=YES”即可。
加入开机启动:
cp courier-imap.sysvinit /etc/rc.d/init.d/imapd // courier-imap.sysvinit在安装源文件中
chmod +x /etc/rc.d/init.d/imapd
chkconfig --add imapd
[chkconfig --level 2345 imapd on]
Service imapd start //输出Starting Courier-IMAP server: imap pop3
检测:
netstat -tnl|egrep "110|143"
五.安装pcre
安装前先卸载系统自带的pcre-6.6-1.1
Rpm –e pcre
自带的pcre RPM包可能与一些有冲突,可以先卸载掉
Shell> rpm –e pcre如果提示libpcre.so.0与别的软件有依存关系。可以这样
先备份一下libpcre.so.0这个文件,然后。
Shell> rpm -e pcre –nodeps
……………………………安装开始………………………………………………
Shell> tar zxvf pcre-7.8.tar.gz
Shell> cd pcre-7.8
Shell> ./configure
Install prefix .................. : /usr/local
C preprocessor .................. : gcc -E
C compiler ...................... : gcc
C++ preprocessor ................ : g++ -E
C++ compiler .................... : g++
Linker .......................... : /usr/bin/ld
C preprocessor flags ............ :
C compiler flags ................ : -O2
C++ compiler flags .............. : -O2
Linker flags .................... :
Extra libraries ................. :
Build C++ library ............... : yes
Enable UTF-8 support ............ : no
Unicode properties .............. : no
Newline char/sequence ........... : lf
\R matches only ANYCRLF ......... : no
EBCDIC coding ................... : no
Rebuild char tables ............. : no
Use stack recursion ............. : yes
POSIX mem threshold ............. : 10
Internal link size .............. : 2
Match limit ..................... : 10000000
Match limit recursion ........... : MATCH_LIMIT
Build shared libs ............... : yes
Build static libs ............... : yes
Link pcregrep with libz ......... : no
Link pcregrep with libbz2 ....... : no
Link pcretest with libreadline .. : no
Shell> make
Shell> make install
……………………………安装结束………………………………………………
六.安装maildrop
注意%源码安装的,将courierauthconfig 命令链接到/usr/bin里,假设装在:
/usr/local/authlib/bin/courierauthconfig,则:
ln -s /usr/local/authlib/bin/courierauthconfig /usr/bin/courierauthconfig
这样编译出来的maildrop才会Courier Authentication Library extension enabled.
……………………………安装开始………………………………………………
Shell> tar jxvf maildrop-2.0.4.tar.bz2
Shell> cd maildrop-2.0.4
Shell>./configure
--enable-sendmail=/usr/sbin/sendmail
--enable-trusted-users='root vmail'
--enable-syslog=1
--enable-maildirquota
--enable-maildrop-uid=1001
--enable-maildrop-gid=1001
--with-trashquota
--with-dirsync
Shell> make
Shell> make install
Shell> cp /usr/local/bin/maildrop /usr/bin //可有可无
……………………………安装结束………………………………………………
验证安装是否成功:
Shell> maildrop –v
[root@localhost postfix]# /usr/local/bin/maildrop -v
maildrop 2.0.4 Copyright 1998-2005 Double Precision, Inc.
GDBM extensions enabled.
Courier Authentication Library extension enabled. //这行重要,没有的话要查一下原因
Maildir quota extension enabled.
This program is distributed under the terms of the GNU General Public
License. See COPYING for additional information.
FAQ:
如果没有显示Courier Authentication Library extension enabled.说明你的maidrop还不支持courier auth,请仔细检查,重新编译maildrop建议不要自定义目录安装,可以减少不必要的麻烦,删除很方便:直接在已经编译的源代码目录 make uninstall 就行
知道maildrop把邮件移动到哪个用户目录还是非常有必要的,这个操作就是maildrop的日志记录。这里我们创建一个新文件/etc/maildroprc,这个文件就2行内容:如果加入反SPAM,需要更改以下内容
[root@mail mailbox]# more /etc/maildroprc logfile "/var/log/maildrop.log" to "$HOME/$DEFAULT" |
Shell> touch /var/log/maildrop.log
Shell> chown vmail.vmail /var/log/maildrop.log
shell> chown vmail.vmail /var/mailbox
三.Webmail相关包安装
一.安装webmail
安装前先安装Unix-Syslog-1.1.tar.gz
http://search.cpan.org/CPAN/authors/id/M/MH/MHARNISCH/Unix-Syslog-1.1.tar.gz
Tar zxvf Unix-Syslog-1.1.tar.gz
cd Unix-Syslog-1.1
perl Makefile.PL
make
make install
安装:DBI-1.605.tar.gz(先安装)
DBD-mysql-4.010.tar.gz
安装extmail
……………………………安装开始………………………………………………
Shell> Mkdir -p /var/www/extsuite/extmail
将下载的extmail-1.0.4.tar.gz解压到 /var/www/extsuite/extmail下
Shell> cd /var/www/extsuite/extmail/
Shell> cp webmail.cf.default webmail.cf
[Shell> chown –R vmail.vmail /var/www/extsuite/extmail]
[shell> chmod +x /var/www/extsuite/extmail/cgi]
……………………………安装结束………………………………………………
简易配置
1. 修改nginx nginx.conf文件
#more /usr/local/nginx/conf/nginx.conf
user vmail vmail;
worker_processes 8;
#error_log /usr/local/nginx/logs/nginx_error.log crit;
error_log /usr/local/nginx/logs/nginx_error.log info;
pid /usr/local/nginx/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
}
http
{
include mime.types;
default_type application/octet-stream;
#charset gb2312;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
#limit_zone crawler $binary_remote_addr 10m;
server
{
listen 80;
server_name mail.test.com;
index index.html index.htm index.php index.cgi;
root /var/www/extsuite/extmail/html/;
location /extmail/cgi/ {
fastcgi_pass 127.0.0.1:12009;
fastcgi_index index.cgi;
fastcgi_param SCRIPT_FILENAME /var/www/extsuite/extmail/cgi/$fastcgi_script_name;
include fcgi.conf;
}
location ^~ /extmail/ {
alias /var/www/extsuite/extmail/html/;
}
location /extman/cgi/ {
fastcgi_pass 127.0.0.1:12009;
fastcgi_index index.cgi;
fastcgi_param SCRIPT_FILENAME /var/www/extsuite/extman/cgi/$fastcgi_script_name;
include fcgi.conf;
}
location ^~ /extman/ {
alias /var/www/extsuite/extman/html/;
}
location ^~ /status {
stub_status on;
access_log off;
#allow 192.168.0.0/24;
#deny all;
allow 59.108.107.66;
}
location ~ .*\.(php|php5)?$
{
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass 127.0.0.1:12009;
fastcgi_index index.cgi;
include fcgi.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 1h;
}
log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
access_log /usr/local/nginx/logs/access.log access;
}
}
2.extmail cgi脚本配置
#MAXFORK=5
MAXFORK=20
#MAXREQS=100
MAXREQS=500
#TIMEOUT=120
TIMEOUT=300
PORT=12009 #端口号与nginx.conf文件保持一致,
SU_UID=vmail
SU_GID=vmail
安装extman
……………………………安装开始………………………………………………
Shell> mv extman-0.2.3 /var/www/extsuite/extman
//Shell> chown -R vmail:vmail /var/www/extsuite/extman
创建extman运行时所需要临时目录
Shell> mkdir -pv /tmp/extman
Shell> chown -R vmail.vmail /tmp/extman
初始化数据库时,请更改init.sql中extmail.org的名称为自已域名
Shell> cd /var/www/extsuite/extman/docs/
//Shell> vi init.sql
将extmail.org 全部替换为mail.test.com(自己根据自己的域名替换)
修改cgi目录的属主:
# chown -R vmail.vmail /var/www/extsuite/extman/cgi/
Shell> mysql -u root -p < ./extmail.sql
Shell> mysql –u root –p < ./init.sql
Extmail 和 extman 详细配置
1. extmail 配置 vi webmail.cf
SYS_USER_LANG = en_US 改为SYS_USER_LANG = zh_CN
SYS_MAILDIR_BASE = /home/domains 右边改为 /var/mailbox
SYS_MYSQL_USER = db_user 右边改为extmail
SYS_MYSQL_PASS = db_pass 右边改为extmail
SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock 右边改为/usr/local/mysql/tmp/mysql.sock
SYS_AUTHLIB_SOCKET = /usr/local/authlib/var/spool/authdaemon/socket
………………………
2. extman 配置 vi webman.cf
SYS_MAILDIR_BASE = /home/domains 右边改为/var/mailbox
SYS_DEFAULT_UID = 1001
SYS_DEFAULT_GID = 1001
SYS_MYSQL_SOCKET = /usr/local/mysql/tmp/mysql.sock
SYS_CAPTCHA_ON = 0 //关闭图形验证码
起动NGINX和extmail cgi
/var/www/extsuite/extmail/dispatch-init start
/usr/local/nginx/sbin/nginx
测试:
输入网址:http://mail.test.com/extmail/cgi/index.cgi
管理员账号[email protected] extmail*123*
FAQ:
Can't open /tmp/extman//sid_e438c6f837880729ff491bd3f7ea3f01, No such file or directory
解决:mkdir -pv /tmp/extman
chown -R vmail.vmail /tmp/extman
apache 运行用户及组为vmail
二.安装webmail图形化日志
1. RRDTool安装
下载:http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.2.30.tar.gz
http://ftp.gnome.org/pub/gnome/sources/libart_lgpl/2.3/libart_lgpl-2.3.20.tar.gz(先安装)
步骤:
--------------------------------------------------------------------------------------------------
libart安装(包括了libart库文件,对平面图形的良好性能很有帮助)
# tar zxvf libart_lgpl-2.3.20.tar.gz && cd libart*
# ./configure --prefix=/usr/local/libart
# make && make install
RRDTool安装(Rrdtool 依赖libpng freetype libart库支持,安装这个前应先保证这几个库已安装上)
# tar zxvf rrdtool-1.2.30.tar.gz && cd rrd*
# more /doc/rrdbuild.txt (安装说明)
# export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:/usr/local/libart/lib/pkgconfig
# pkg-config --libs freetype2(检测一下是否可以找到freetype2)
-L/usr/local/lib -lfreetype -lz
# ./configure --prefix=/usr/local/rrdtool //本机需要连网
##############################################################################
配置信息:
----------------------------------------------------------------
Config is DONE!
With MMAP IO: yes
Perl Modules: perl_piped perl_shared
Perl Binary: /usr/bin/perl
Perl Version: 5.8.8
Perl Options: PREFIX=/usr/local/rrdtool LIB=/usr/local/rrdtool/lib/perl/5.8.8
Ruby Modules:
Ruby Binary: no
Ruby Options: sitedir=$(DESTDIR)/usr/local/rrdtool/lib/ruby
Build Tcl Bindings: no
Build Python Bindings: yes
Build rrdcgi: yes
Build librrd MT: yes
Type 'make' to compile the software and use 'make install' to
install everything to: /usr/local/rrdtool.
... that wishlist is NO JOKE. If you find RRDtool useful
make me happy. Go to http://tobi.oetiker.ch/wish and
place an order.
-- Tobi Oetiker
---------------------------------------------------------------- ########################################################################
# make && make install
2.安装File-Tail perl模块
下载:http://search.cpan.org/CPAN/authors/id/M/MG/MGRABNAR/File-Tail-0.99.3.tar.gz
基本步骤:
# tar zxvf File-Tail-0.99.3.tar.gz && cd File*
# perl Makefile.PL
# make && make install
以下是安装信息:
cp Tail.pm blib/lib/File/Tail.pm
Manifying blib/man3/File::Tail.3pm
Installing /usr/lib/perl5/site_perl/5.8.8/File/Tail.pm
Installing /usr/share/man/man3/File::Tail.3pm
Writing /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/File/Tail/.packlist
Appending installation info to /usr/lib/perl5/5.8.8/i386-linux-thread-multi/perllocal.pod
3.启动图形日志服务测试
Shell> cp -r /var/www/extsuite/extman/addon/mailgraph_ext /usr/local/
其它设置:(因为rrdtool安装在非标准目录,所以其perl模块找不到,拷备到标准目录即可)
cp -r /usr/local/rrdtool/lib/perl/5.8.8/i386-linux-thread-multi/* /usr/lib/perl5/5.8.8/i386-linux-thread-multi/
shell> /usr/local/mailgraph_ext/mailgraph-init start
shell> /usr/local/mailgraph_ext/qmonitor-init start
加入到开机启动:
Shell> echo “/usr/local/mailgraph_ext/mailgraph-init start”>>/etc/rc.local
Echo > echo “/usr/local/mailgraph_ext/qmonitor-init start”>>/etc/rc.local
图形日志测试
测试页:http://mail.test.com/extman/cgi/index.cgi
默认登录账号:[email protected]/ extmail*123*
三.邮件系统配置测试补充
1. postfix配置
#########################################################
# more master.cf
# sed -e '/^#/d' -e '/^$/d' master.cf
smtp inet n - n - - smtpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/local/bin/maildrop -d ${recipient}
# more main.cf
[root@MailSer1 postfix]# sed -e '/^#/d' -e '/^$/d' main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = mail.test.com
mydomain = test.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
unknown_local_recipient_reject_code = 550
mynetworks = 192.168.0.0/24,127.0.0.0/8
relay_domains = $mydestination
alias_maps = $alias_database
defer_transports =
mail_spool_directory = /var/spool/mail
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /etc/postfix
readme_directory = no
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination,permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $domain
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql_virtual_domains_maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:1001 #vmail
virtual_gid_maps = static:1001 #vmai
virtual_transport = maildrop
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
message_size_limit = 200000000
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes
mydestination =
添加为支持虚拟域和虚拟用户所用到的配置文件
1. 添加为支持虚拟域和虚拟用户所用到的配置文件
创建目录/etc/postfix/mysql,然后手动创建四个配置文件:mysql_virtual_alias_maps.cf,mysql_virtual_domains_maps.cf,mysql_virtual_mailbox_limit_maps.cf,mysql_virtual_mailbox_maps.cf。这4个文件的内容分别如下:
*也可以直接从extman解压包的docs目录下直接挎备以下几个文件*
Shell> mkdir –p /etc/postfix/mysql
Shell> more mysql_virtual_alias_maps.cf
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = alias
select_field = goto
where_field = address
additional_conditions = AND active = '1'
shell> more mysql_virtual_domains_maps.cf
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = domain
select_field = domain
where_field = domain
additional_conditions = AND active = '1'
shell> more mysql_virtual_mailbox_limit_maps.cf
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = mailbox
select_field = quota
where_field = username
additional_conditions = AND active = '1'
shell> more mysql_virtual_mailbox_maps.cf
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = mailbox
select_field = maildir
where_field = username
additional_conditions = AND active = '1'
2. webmail登录美化
登录界面美化:
在文件/var/www/extsuite/extmail/html/default/index.html 加入下面的标识,可以得到不同
<%domain%> |
邮件域的下拉列表,从而方便用户的使用。
在文件/var/www/extsuite/extman/html/default/index.html 加入下面的标识,可以得到不同
value=[email protected] class=login_input>
3. 认证发信测试
登录webmail,在mail.test.com域添加一用户test密码是123456
[root@MailSer1 mailbox]# nc localhost 25
220 mail.test.com ESMTP Postfix (2.5.6)
ehlo mail.test.com
250-mail.test.com
250-PIPELINING
250-SIZE 200000000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
dGVzdA==
334 UGFzc3dvcmQ6
MTIzNDU2
235 2.7.0 Authentication successful
4. webmail管理账号
管理账号:[email protected]/123456
5. maillog日志
第一次通过webmail本地账号发信日志(/var/log/maillog)
具体操作:
通过webmail管理后台,添加test/test1两个账号,登录test向test1发信
#####################################################################
May 12 14:56:43 MailSer1 postfix/smtpd[2979]: connect from MailSer1[127.0.0.1]
May 12 14:56:43 MailSer1 postfix/smtpd[2979]: 7AE618166: client=MailSer1[127.0.0.1]
May 12 14:56:43 MailSer1 postfix/cleanup[2987]: 7AE618166: message-id=[email protected]
May 12 14:56:43 MailSer1 postfix/smtpd[2979]: disconnect from MailSer1[127.0.0.1]
May 12 14:56:43 MailSer1 postfix/qmgr[2185]: 7AE618166: from=[email protected], size=597, nrcpt=1 (queue active)
May 12 14:56:44 MailSer1 authdaemond: received userid lookup request: [email protected]
May 12 14:56:44 MailSer1 authdaemond: authmysql: trying this module
May 12 14:56:44 MailSer1 authdaemond: authmysqllib: connected. Versions: header 50041, client 50041, server 50041
May 12 14:56:44 MailSer1 authdaemond: SQL query: SELECT username, password, "", '1001', '1001', '/var/mailbox/', maildir, concat(quota,' S'), name, "" FROM mailbox WHERE username = '[email protected] (active='1')
May 12 14:56:44 MailSer1 authdaemond: Authenticated: sySUSErname=
May 12 14:56:44 MailSer1 authdaemond: Authenticated: clearpasswd=
May 12 14:56:44 MailSer1 postfix/pipe[2989]: 7AE618166: to=[email protected], relay=maildrop, delay=1, delays=0.22/0.09/0/0.72, dsn=2.0.0, status=sent (delivered via maildrop service)
May 12 14:56:44 MailSer1 postfix/qmgr[2185]: 7AE618166: removed
##############################################################
以下是登录test1图片:有了新邮件
查看邮件内容:
外部发信测试,我已经做好了DNS解析(mail.test.com)
现通过126邮箱向test1发信,以下是maillog
############################################################
May 12 15:05:24 MailSer1 postfix/smtpd[3161]: connect from m14-22.126.com[220.181.14.22]
May 12 15:05:24 MailSer1 postfix/smtpd[3161]: 65FF38166: client=m14-22.126.com[220.181.14.22]
May 12 15:05:24 MailSer1 postfix/cleanup[3169]: 65FF38166: message-id=<17317745.993581242112006936.JavaMail.coremail@bj126app107.126.com>
May 12 15:05:24 MailSer1 postfix/qmgr[2185]: 65FF38166: from=
May 12 15:05:24 MailSer1 postfix/smtpd[3161]: disconnect from m14-22.126.com[220.181.14.22]
May 12 15:05:24 MailSer1 authdaemond: received userid lookup request: [email protected]
May 12 15:05:24 MailSer1 authdaemond: authmysql: trying this module
May 12 15:05:24 MailSer1 authdaemond: authmysqllib: connected. Versions: header 50041, client 50041, server 50041
May 12 15:05:24 MailSer1 authdaemond: SQL query: SELECT username, password, "", '1001', '1001', '/var/mailbox/', maildir, concat(quota,' S'), name, "" FROM mailbox WHERE username = '[email protected]' AND (active='1')
May 12 15:05:24 MailSer1 authdaemond: Authenticated: sySUSErname=
May 12 15:05:24 MailSer1 authdaemond: Authenticated: clearpasswd=
May 12 15:05:24 MailSer1 postfix/pipe[3171]: 65FF38166: to=[email protected], relay=maildrop, delay=0.19, delays=0.1/0.04/0/0.06, dsn=2.0.0, status=sent (delivered via maildrop service)
May 12 15:05:24 MailSer1 postfix/qmgr[2185]: 65FF38166: removed
###############################################################
查看test1邮箱:收信没有问题
向外部邮箱发信测试,也没有问题向外部邮箱发信测试,也没有问题
四.邮件反垃圾和反病毒
一.邮件反病毒和垃圾邮件过滤
1.反病毒
抗病毒使用软件是clamav
下载:http://jaist.dl.sourceforge.net/sourceforge/clamav/clamav-0.95.tar.gz
安装:
#################################################################
# tar zxvf clamav-0.95.tar.gz &&cd clamav-0.95*
# useradd clamav
# ./configure --prefix=/usr/local/clamav
--with-dbdir=/usr/local/share/clamav //定义病毒数据库目录
# make && make install
################################################################
基本配置:
###################################################################
Clamav有2个配置文件,一个主配置文件/usr/local/clamav/etc/clamd.conf,一个病毒更新配置文件 /usr/local/clamav/etc/ freshclam.conf。现把修改好的配置文件列于下面:
[root@mail etc]# sed -e '/^#/d' -e '/^$/d' clamd.conf
LogFile /var/log/clamav/clamd.log
LogSyslog yes
LogVerbose yes
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /usr/local/share/clamav
LocalSocket /var/run/clamav/clamd.socket
StreamMaxLength 100M //附件大小,超过100M不扫描
User amavis
ScanMail yes
ScanArchive yes
[root@mail etc]# sed -e '/^#/d' -e '/^$/d' freshclam.conf
DatabaseDirectory /usr/local/share/clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose yes
LogSyslog yes
PidFile /var/run/clamav/freshclam.pid
DatabaseOwner amavis
DatabaseMirror db.CN.clamav.net
DatabaseMirror database.clamav.net
##################################################################
这2个文件有很多注释,我用sed把它过滤掉了。Clamd.conf中,有"User amavis"这样一行。为什么不用默认的用户clamav而使用amavis呢?这样做的目的是为了与amavis-new结合在一起。既然没有这个用户,就手动创建一个(useradd amavis)。接下来需要手动创建一些目录并赋予相应的权限,用来记录日志等用途;我把它作成一个shell脚本,直接执行即可,脚本的内容如下所示:
######################################################
[root@mailserv2 ~]# more /root/clamav.sh
#!/bin/bash
# create directory for clamav
mkdir /usr/local/share/clamav
mkdir /var/log/clamav
chmod -R 744 /var/log/clamav
chown -R amavis:amavis /var/log/clamav
chown -R amavis.amavis /usr/local/share/clamav
mkdir /var/run/clamav
chmod 700 /var/run/clamav
chown amavis.amavis /var/run/clamav
#####################################################
# /usr/local/clamav/bin/freshclam 手动更新病毒库。
2.反垃圾
下载:http://www.ijs.si/software/amavisd/amavisd-new-2.6.2.tar.gz
安装:
#################################################################
通过脚本一步到位:注意目录及版本
[root@mail virus]# vi /usr/local/bin/amavis.sh
#!/bin/bash
cd /usr/local/src/virus
tar zxvf amavisd-new-2.6.2.tar.gz && cd amavisd*
mkdir -p /var/amavis /var/amavis/tmp /var/amavis/var /var/amavis/db
chown -R amavis:amavis /var/amavis
chmod -R 750 /var/amavis
cp amavisd /usr/local/sbin/
chown root /usr/local/sbin/amavisd
chmod 755 /usr/local/sbin/amavisd
cp amavisd.conf /etc/
chown root /etc/amavisd.conf
chmod 644 /etc/amavisd.conf
mkdir /var/virusmails
chown amavis:amavis /var/virusmails
chmod 750 /var/virusmails
################################################################
执行完脚本后别忘记检查一下是否都按我们的意愿工作,如/usr/local/sbin目录是否有文件amavisd。
Amavisd的配置文件/etc/amavisd.conf比较复杂,需要修改的内容如下:
$max_servers=8;
$daemon_user = 'amavis';
$daemon_group = 'amavis';
$mydomain = 'mail.test.com';
$db_home = "$MYHOME/db";
$inet_socket_port = 10024;
$sa_tag_level_deflt = 5.0;
$sa_tag2_level_deflt = 6.2;
$sa_kill_level_deflt = $sa_tag2_level_deflt;
$virus_admin = "virusalert@$mydomain";
$sa_spam_subject_tag = '***SPAM*** ';
$forward_method = 'smtp:127.0.0.1:10025';
$notify_method = $forward_method;
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_PASS;
['ClamAV-clamd',
&ask_daemon, ["CONTSCAN {}n", "/var/run/clamav/clamd"],
qr/bOK$/, qr/bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
上述修改确认无误后,执行 # /usr/local/sbin/amavisd debug 测试amavis。一般而言,测试皆不能正常进行,因为所需要的很多perl模块很可能没有被安装。还好,报错信息给出了所需的模块。这时你需要到www.cpan.org下载相关的模块,然后安装;也可能遇到包依赖,再下载依赖的包,安装这个依赖,再反回来安装先前那个包,如此反复,很是烦人,极考验人的耐性。等到/usr/local/sbin/amavisd debug 输出没有错误方才完成。有另外一种方法,即运行 [root@mailserv2 ~]# perl -MCPAN -e shell ,然后执行 cpan> install Time::HiRes 这样的命令挨个安装缺少的perl模块。根据我的经验,这样干很耗时,并且有的模块用这种方法安装还不灵,所以还不如在网站下载模块安装有效。
# /usr/local/sbin/amavisd debug
ERROR: MISSING REQUIRED BASIC MODULES:
IO::Stringy
Compress::Zlib
MIME::Words
MIME::Head
MIME::Body
MIME::Entity
MIME::Parser
MIME::Decoder
MIME::Decoder::Base64
MIME::Decoder::Binary
MIME::Decoder::QuotedPrint
MIME::Decoder::NBit
MIME::Decoder::UU
MIME::Decoder::Gzip64
Net::Server
Net::Server::PreFork
BEGIN failed--compilation aborted at /usr/local/sbin/amavisd line 234.
根据以上缺少内容,边安装边调试
安装Mail/SpamAssassin.pm相关perl模块
REQUIRED module missing: HTML::Parser
optional module missing: Mail::SPF
optional module missing: Mail::SPF::Query
optional module missing: IP::Country
optional module missing: Razor2
optional module missing: Net::Ident
optional module missing: IO::Socket::INET6
optional module missing: IO::Socket::SSL
optional module missing: Mail::DomainKeys
optional module missing: Mail::DKIM
optional module missing: LWP::UserAgent
optional module missing: HTTP::Date
optional module missing: Archive::Tar
optional module missing: IO::Zlib
optional module missing: Encode::Detect
最终调试结果部分:
May 12 17:01:02.413 test.com /usr/local/sbin/amavisd[25969]: ANTI-VIRUS code loaded
May 12 17:01:02.413 test.com /usr/local/sbin/amavisd[25969]: ANTI-SPAM code loaded
May 12 17:01:02.414 test.com /usr/local/sbin/amavisd[25969]: ANTI-SPAM-SA code loaded
3. mail:: spamassassin配置如下
# more /etc/mail/spamassassin/local.cf
#####################################
required_hits 5
use_bayes 1
bayes_auto_learn 1
skip_rbl_checks 0
use_razor2 1
use_pyzor 0
#####################################
# chown –R amavis.amavis /usr/share/spamassassin
# chmod –R 777 /usr/share/spamassassin
以上两步不这样做,mail:: spamassassin配置文件不会起作用.
4.添加postfix反病毒和反垃圾
# more /etc/main.cf
content_filter = smtp-amavis:[127.0.0.1]:10024
max_use = 10
# more /etc/postfix/master.cf
# antispam #
#############################################################################
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
localhost:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o mynetworks=127.0.0.0/8
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
5./etc/rc.local起动文件
###############################################
# Start Nginx+extmailcgi
/var/www/extsuite/extmail/dispatch-init start
/usr/local/nginx/sbin/nginx
# mysql
/usr/local/mysql/bin/mysqld_safe --user=mysql &
# authlib
/usr/local/authlib/sbin/authdaemond start
# sasl
/usr/local/sbin/saslauthd -a shadow pam
# postfix
/usr/sbin/postfix start
# mailgraph
/usr/local/mailgraph_ext/mailgraph-init start
/usr/local/mailgraph_ext/qmonitor-init start
# spam
/usr/bin/spamd --daemonize --pidfile /var/run/spamd.pid
/usr/local/sbin/amavisd start
/usr/local/clamav/sbin/clamd
###############################################
测试一下反SPAM效果,以下是maillog日志
May 12 17:22:05 MailSer1 postfix/smtpd[2354]: connect from m15-74.126.com[220.181.15.74]
May 12 17:22:05 MailSer1 postfix/smtpd[2354]: 66871816F: client=m15-74.126.com[220.181.15.74]
May 12 17:22:05 MailSer1 postfix/cleanup[2362]: 66871816F: message-id=<[email protected]>
May 12 17:22:05 MailSer1 postfix/qmgr[2184]: 66871816F: from=
May 12 17:22:05 MailSer1 postfix/smtpd[2354]: disconnect from m15-74.126.com[220.181.15.74]
May 12 17:22:10 MailSer1 postfix/smtpd[2367]: connect from MailSer1[127.0.0.1]
May 12 17:22:10 MailSer1 postfix/smtpd[2367]: 7C5D78174: client=MailSer1[127.0.0.1]
May 12 17:22:10 MailSer1 postfix/cleanup[2362]: 7C5D78174: message-id=<[email protected]>
May 12 17:22:10 MailSer1 postfix/qmgr[2184]: 7C5D78174: from=
May 12 17:22:10 MailSer1 amavis[2198]: (02198-01) Passed CLEAN, [220.181.15.74] [59.108.107.66]
May 12 17:22:10 MailSer1 postfix/smtp[2364]: 66871816F: to=[email protected], relay=127.0.0.1[127.0.0.1]:10024, delay=5.2, delays=0.16/0.1/0.05/4.9, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02198-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 7C5D78174)
May 12 17:22:10 MailSer1 postfix/qmgr[2184]: 66871816F: removed
May 12 17:22:10 MailSer1 authdaemond: received userid lookup request: [email protected]
May 12 17:22:10 MailSer1 authdaemond: authmysql: trying this module
May 12 17:22:10 MailSer1 authdaemond: authmysqllib: connected. Versions: header 50041, client 50041, server 50041
May 12 17:22:10 MailSer1 authdaemond: SQL query: SELECT username, password, "", '1001', '1001', '/var/mailbox/', maildir, concat(quota,' S'), name, "" FROM mailbox WHERE username = '[email protected]' AND (active='1')
May 12 17:22:10 MailSer1 authdaemond: Authenticated: sySUSErname=
May 12 17:22:10 MailSer1 authdaemond: Authenticated: clearpasswd=
May 12 17:22:10 MailSer1 postfix/pipe[2370]: 7C5D78174: to=[email protected], relay=maildrop, delay=0.24, delays=0.04/0.09/0/0.11, dsn=2.0.0, status=sent (delivered via maildrop service)
May 12 17:22:10 MailSer1 postfix/qmgr[2184]: 7C5D78174: removed
可能出现的问题:
Hits值总为0,可能是mail:: spamassassin没有起作用,查看一下/usr/share/spamassassin/是否有访问权限,其属主为amavis
6.病毒库和反垃圾规则更新
[root@MailSer1 ~]# crontab -l
0 0 1 * * root wget -N -P /usr/share/spamassassin www.ccert.edu.cn/spam/sa/Chinese_rules.cf;kill -HUP `cat /var/run/spamd.pid`
00 00 * * * /usr/local/clamav/bin/freshclam
补充:
垃圾邮件分捡:
# more /etc/maildroprc
logfile "/var/log/maildrop.log"
if (/^X-Spam-Flag:.*YES/)
{
exception {
to "$HOME/$DEFAULT/.Junk/."
}
}
到此,整个邮件系统安装基本完成,在安装过程中,参考了网上很多资料,同时也发现了许多问题!这几篇文章难免还有一些不足,我会不断完善,也欢迎大家指正!