postfix搭建
postfix搭建
RHEL5.4下最新源码搭建
LAMP+Postfix+Dovecot+Squirrelmail+Extmail+Extman+SpamAssassin防垃圾邮件
2011/02/14 第二版
实验目的:
实验软件包:(都存放到Web服务器的/home下)软件下载地址:
http://apache.freelamp.com/httpd/httpd-2.2.15.tar.gz
ftp://mirror2.dataphone.se/pub/mysql/Downloads/MySQL-5.1/mysql-5.1.44.tar.gz
http://cn.php.net/distributions/php-5.2.13.tar.gz
ftp://ftp.cuhk.edu.hk/pub/packages/mail-server/postfix/official/postfix-2.6.5.tar.gz
http://vda.sourceforge.net/VDA/postfix-2.6.5-vda-ng.patch.gz
http://www.dovecot.org/releases/1.2/dovecot-1.2.11.tar.gz
http://cdnetworks-kr-2.dl.sourceforge.net/project/squirrelmail/stable/1.4.18/squirrelmail-1.4.18.tar.gz
http://cdnetworks-kr-2.dl.sourceforge.net/project/squirrelmail/locales/1.4.18-20090526/zh_CN-1.4.18-20090526.tar.gz
http://www.extmail.org/
http://cdnetworks-kr-2.dl.sourceforge.net/project/courier/authlib/0.63.0/courier-authlib-0.63.0.tar.bz2
http://cpan.wenzk.com/authors/id/T/TI/TIMB/DBI-1.610_90.tar.gz
http://cpan.wenzk.com/authors/id/M/MH/MHARNISCH/Unix-Syslog-1.1.tar.gz
http://219.239.26.3/download/1777723/1895218/1/gz/56/157/1258516540472_925/DBD-mysql-4.013.tar.gz
http://cpan.wenzk.com/authors/id/L/LD/LDS/GD-2.44.tar.gz
http://cpan.wenzk.com/authors/id/M/MG/MGRABNAR/File-Tail-0.99.3.tar.gz
http://www.mailscanner.info/files/4/rpm/MailScanner-4.79.11-1.rpm.tar.gz
实验环境:RHEL5.4
Mail Server:192.168.0.10/24 主机名mail.crazylinux.com
Dns server: 192.168.0.20/24 主机名dns.crazylinux.com
Clinet: 192.168.0.100/24
前提条件:
在所有linux主机上配置yum仓库,把DVD光盘挂在到本地/media下,红色字体代表修改后结果
[root@localhost ~]# cat /etc/yum.repos.d/rhel-debuginfo.repo
[rhel-debuginfo]
name=Red Hat Enterprise Linux $releasever - $basearch - Debug
baseurl=file:///media/Server //指定本地/media
enabled=1 //开启仓库
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
关闭所有linux防火墙与SELINUX
[root@localhost bin]# iptables -F
[root@localhost bin]# iptables -X
[root@localhost bin]# iptables -Z
[root@localhost bin]# setenforce 0
[root@localhost bin]# service iptables save
一、DNS环境的搭建
1、 设置主机名并安装DNS相关软件包
[root@ localhost ~]# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=dns.crazylinux.com
[root@localhost ~]# yum -y install bind bind-devel bind-chroot caching-nameserver
2、配置DNS主配置文件
[root@dns ~]# cd /var/named/chroot/etc/
[root@dns etc]# cp -p named.caching-nameserver.conf named.conf
[root@dns etc]# cat named.conf
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { any; };
allow-query-cache { any; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { any; };
match-destinations { any; };
recursion yes;
include "/etc/named.rfc1912.zones";
};
[root@dns etc]# vim named.rfc1912.zones 在文件最后添加
zone "crazylinux.com" IN {
type master;
file "cl.zheng";
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "cl.fan";
};
3、配置区域文件
[root@dns etc]# cd /var/named/chroot/var/named/
[root@dns named]# cp -p named.zero cl.zheng
[root@dns named]# cp -p named.zero cl.fan
[root@dns named]# cat cl.zheng
$TTL 86400
@ IN SOA localhost. root.localhost. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns.crazylinux.com.
dns IN A 192.168.0.20
mail IN A 192.168.0.10
[root@dns named]# cat cl.fan
$TTL 86400
@ IN SOA localhost. root.localhost. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns.crazylinux.com.
20 IN PTR dns.crazylinux.com.
10 IN PTR mail.crazylinux.com.
4、测试DNS (在clinet中把DNS指向192.168.0.20)
[root@dns named]# service named restart
[root@dns named]# chkconfig named on
[root@dns named]# cat /etc/resolv.conf
nameserver 192.168.0.20
[root@dns named]# host dns.crazylinux.com
dns.crazylinux.com has address 192.168.0.20
[root@dns named]# host mail.crazylinux.com
mail.crazylinux.com has address 192.168.0.10
二、LAMP环境的搭建
1、配置主机名并安装APACHE(配置源码包之前先安装GCC环境)
[root@ localhost ~]# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=mail.crazylinux.com
[root@mail ~]# rpm -e httpd --nodeps //卸载系统自带的httpd这个包
[root@mail ~]# cd /home/
[root@mail home]# tar -zxvf httpd-2.2.15.tar.gz -C /usr/src/
[root@mail home]# cd /usr/src/httpd-2.2.15/
[root@mail home]# yum -y install *gcc*
[root@mail httpd-2.2.15]# ./configure --prefix=/usr/local/apache2
--enable-so
--enable-rewrite
--enable-cgi
--enable-suexec
--with-suexec-caller=daemon --with-suexec-docroot=/usr/local/apache2/htdocs
[root@mail httpd-2.2.15]#make && make install
做个小技巧,实现开机自动启动APACHE
[root@mail httpd-2.2.15]#cd /usr/local/apache2/bin/
[root@mail bin]# vim apachectl
#!/bin/sh
# chkconfig: 35 85 15
# description: Apache is a World Wide Web Server
[root@mail bin]# cp apachectl /etc/init.d/apache
[root@mail bin]# chkconfig --add apache
[root@mail bin]# chkconfig apache on
[root@mail bin]# service apache start
httpd: apr_sockaddr_info_get() failed for mail.crazylinux.com
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
问题解决:
[root@mail bin]# vim /usr/local/apache2/conf/httpd.conf 把97行改成下面这个样子
97 ServerName mail.crazylinux.com
[root@mail bin]# pkill httpd
[root@mail bin]# service apache start
测试:在clinet上IE中输入服务器的ip
http://mail.crazylinux.com
2、安装配置MYSQL
[root@mail bin]# cd /home/
[root@mail home]# tar -zxvf mysql-5.1.44.tar.gz -C /usr/src/
[root@mail home]# cd /usr/src/mysql-5.1.44/
[root@mail mysql-5.1.44]#yum -y install libtermcap-devel
[root@mail mysql-5.1.44]#useradd -M -s /sbin/nologin mysql
[root@mail mysql-5.1.44]#./configure --prefix=/usr/local/mysql --with-mysqld-user=mysql
[root@mail mysql-5.1.44]#make
[root@mail mysql-5.1.44]#make install
[root@mail mysql-5.1.44]#cp support-files/my-medium.cnf /etc/my.cnf
[root@mail mysql-5.1.44]#/usr/local/mysql/bin/mysql_install_db --user=mysql
[root@mail mysql-5.1.44]#chown -R root:mysql /usr/local/mysql/
[root@mail mysql-5.1.44]# chown -R mysql /usr/local/mysql/var/
[root@mail mysql-5.1.44]# echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf
[root@mail mysql-5.1.44]#ldconfig
[root@mail mysql-5.1.44]#/usr/local/mysql/bin/mysqld_safe --user=mysql &
[root@mail mysql-5.1.44]# ps -e | grep mysql
6061 pts/0 00:00:00 mysqld_safe
6164 pts/0 00:00:00 mysqld
[root@mail mysql-5.1.44]#netstat -nutlp | grep mysql
tcp 0 0.0.0.0:3306 0.0.0.0:* LISTEN 6164/mysqld
[root@mail mysql-5.1.44]#cp support-files/mysql.server /etc/init.d/mysqld
[root@mail mysql-5.1.44]#chmod +x /etc/init.d/mysqld
[root@mail mysql-5.1.44]#chkconfig --add mysqld
[root@mail mysql-5.1.44]# chkconfig mysqld on
[root@mail mysql-5.1.44]# export PATH=$PATH:/usr/local/mysql/bin/
[root@mail mysql-5.1.44]#echo "PATH=$PATH:/usr/local/mysql/bin/" >> /etc/profile
[root@mail mysql-5.1.44]#mysqladmin -uroot password 123456
2、 安装依赖包
[root@mail mysql-5.1.44]#yum –y install php-pdo lm_sensors net-snmp php-snmp net-snmp-utils perl-Net-Daemon perl-PlRPC perl-DBI gd-* freetype-* fontconfig-* libjpeg-devel libmcrypt libpng zlib libxml libxml2-devel openssl-devel libcurl-devel
3、 安装配置PHP
[root@mail mysql-5.1.44]#cd /home/
[root@mail home]# tar -zxvf php-5.2.13.tar.gz -C /usr/src/
[root@mail home]# yum -y install *libxml2*
[root@mail home]# cd /usr/src/php-5.2.13/
[root@mail php-5.2.13]#./configure --prefix=/usr/local/php5
--with-apxs2=/usr/local/apache2/bin/apxs
--with-mysql=/usr/local/mysql
Make --enable-sockets
--enable-mbstring
--with-config-file-path=/usr/local/php5
(./configure --prefix=/usr/local/php5 -with-apxs2=/usr/local/apache2/bin/apxs --with-mysql=/usr/local/mysql --enable-sockets --enable-mbstring --with-config-file-path=/usr/local/php5 --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --enable-xml --disable-rpath --enable-discard-path --enable-safe-mode --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curlwrappers --enable-mbregex --enable-force-cgi-redirect --with-mcrypt=/usr/local/libmcrytp --with-gd --enable-gd-native-ttf --with-openssl --enable-pcntl --with-zlib --enable-pdo)
[root@mail php-5.2.13]#make
[root@mail php-5.2.13]#make test
[root@mail php-5.2.13]#make install
[root@mail php-5.2.13]#cp php.ini-dist /usr/local/php5/php.ini
在APACHE里添加php,使APACHE支持PHP
[root@mail php-5.2.13]# vim /usr/local/apache2/conf/httpd.conf
53 LoadModule php5_module modules/libphp5.so
54 AddType application/x-httpd-php .php
167 <IfModule dir_module>
168 DirectoryIndex index.php index.html
169 </IfModule>
5、测试PHP与APACHE的协同工作
[root@mail php-5.2.13]# cat /usr/local/apache2/htdocs/index.php
<?php
phpinfo();
?>
[root@mail php-5.2.13]#service apache stop
[root@mail php-5.2.13]#service apache start
测试:在client的IE中输入http://mail.crazylinux.com
三、Mail Server的搭建
1、 Postfix的搭建
[root@mail ~]# service sendmail stop
[root@mail ~]# chkconfig sendmail off
[root@mail ~]# groupadd -g 1200 postdrop
[root@mail ~]# groupadd -g 1000 postfix
[root@mail ~]# useradd -M -u 1000 -g postfix -G postdrop -s /sbin/nologin postfix
[root@mail ~]# cd /home/
[root@mail home]# tar -zxvf postfix-2.6.5.tar.gz -C /usr/src/
[root@mail home]# cp postfix-2.6.5-vda-ng.patch.gz /usr/src/
[root@mail home]# cd /usr/src/
[root@mail src]# gunzip postfix-2.6.5-vda-ng.patch.gz
[root@mail src]# cd postfix-2.6.5
[root@mail postfix-2.6.5]# patch -p1 < ../postfix-2.6.5-vda-ng.patch
[root@mail postfix-2.6.5]#yum -y install db*-devel cyrus-sasl-devel
[root@mail postfix-2.6.5]#make makefiles
'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include/mysql
-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl'
'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient
-lz -lm -L/usr/lib/sasl2 -lsasl2'
注解:CCARGS主要是提供额外参数
AUXLIBS指出位于标准位置之外的额外函数库
[root@mail postfix-2.6.5]# make
[root@mail postfix-2.6.5]#make install/et
[root@mail postfix-2.6.5]#cd /etc/postfix/
[root@mail postfix]# postconf -n > main2.cf
[root@mail postfix]# mv main.cf main.cf.bak
[root@mail postfix]# mv main2.cf main.cf
[root@mail postfix]# vim /etc/postfix/main.cf
17 inet_interfaces = 192.168.0.10, 127.0.0.1 //监听ip
18 myhostname = mail.crazylinux.com //主机名
19 mydomain = crazylinux.com //使用邮件域
20 myorigin = $mydomain //外发邮件时发件人的邮件域名
21 mydestination = $mydomain, $myhostname //可接受邮件地址域名
22 home_mailbox = Maildir/ //邮件存储位置和格式
[root@mail postfix]# postfix start
[root@mail postfix]# echo " /usr/sbin/postfix start" >> /etc/rc.local
[root@mail postfix]# netstat -antp | grep :25
[root@mail postfix]# groupadd mailusers
[root@mail postfix]# useradd -g mailusers -s /sbin/nologin tom
[root@mail postfix]# useradd -g mailusers -s /sbin/nologin jerry
[root@mail postfix]# passwd tom
[root@mail postfix]# passwd jerry
[root@mail postfix]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.crazylinux.com ESMTP Postfix
helo localhost
250 mail.crazylinux.com
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Subject: A test mail
Hello,
This is a test mail
.
250 2.0.0 Ok: queued as B43F7EA86B
quit
221 2.0.0 Bye
Connection closed by foreign host.
# cat /home/jerry/Maildir/new/1278291993.V802I128e25M248809.localhost.localdomain
Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.crazylinux.com (Postfix) with SMTP id B43F7EA86B
for <[email protected]>; Mon, 5 Jul 2010 09:05:48 +0800 (CST)
Subject: A test mail
Message-Id: <[email protected]>
Date: Mon, 5 Jul 2010 09:05:48 +0800 (CST)
From: [email protected]
To: undisclosed-recipients:;
Hello,
This is a test mail
2、 Dovecot的搭建
[root@mail ~]# useradd -M -s /sbin/nologin dovecot
[root@mail ~]# cd /home/
[root@mail home]# tar -zxvf dovecot-1.2.11.tar.gz -C /usr/src/
[root@mail home]# cd /usr/src/dovecot-1.2.11/
[root@mail dovecot-1.2.11]#yum -y install pam-devel
[root@mail dovecot-1.2.11]#./configure --sysconfdir=/etc --with-mysql
[root@mail dovecot-1.2.11]#make
[root@mail dovecot-1.2.11]# make install
[root@mail dovecot-1.2.11]#cp /etc/dovecot-example.conf /etc/dovecot.conf
[root@mail dovecot-1.2.11]#vim /etc/dovecot.conf
24 protocols = pop3 imap
48 disable_plaintext_auth = no
89 ssl = no
218 mail_location = maildir:~/Maildir
[root@mail dovecot-1.2.11]#cat /etc/pam.d/dovecot
auth required pam_nologin.so
auth include system-auth
account include system-auth
session include system-auth
[root@mail dovecot-1.2.11]#/usr/local/sbin/dovecot -c /etc/dovecot.conf
[root@mail dovecot-1.2.11]# echo "/usr/local/sbin/dovecot -c /etc/dovecot.conf" >> /etc/rc.local
[root@mail dovecot-1.2.11]#netstat -tulnp | grep dovecot
tcp 0 0.0.0.0:110 0.0.0.0:* LISTEN 18303/dovecot
tcp 0 0.0.0.0:143 0.0.0.0:* LISTEN 18303/dovecot
[root@mail dovecot-1.2.11]#telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK Dovecot ready.
user jerry
+OK
pass 123
+OK Logged in.
list
+OK 1 messages:
1 512
.
retr 1
+OK 512 octets
Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.crazylinux.com (Postfix) with SMTP id B43F7EA86B
for <[email protected]>; Mon, 5 Jul 2010 09:05:48 +0800 (CST)
Subject: A test mail
Message-Id: <[email protected]>
Date: Mon, 5 Jul 2010 09:05:48 +0800 (CST)
From: [email protected]
To: undisclosed-recipients:;
Hello,
This is a test mail
.
quit
+OK Logging out.
Connection closed by foreign host.
3、SquirrelMail的配置
[root@mail ~]# cd /home/
[root@mail home]# tar -zxvf squirrelmail-1.4.18.tar.gz -C /usr/local/apache2/htdocs/
[root@mail home]# cd /usr/local/apache2/htdocs/
[root@mail htdocs]# mv squirrelmail-1.4.18/ webmail
[root@mail htdocs]# cd webmail/
[root@mail webmail]# tar -zxvf /home/zh_CN-1.4.18-20090526.tar.gz
[root@mail webmail]# mkdir -p attach data
[root@mail webmail]# chown -R daemon:daemon attach/ data/
[root@mail webmail]# chmod 730 attach/
[root@mail webmail]# cp config/config_default.php config/config.php
[root@mail webmail]# vim config/config.php
118 $domain = 'crazylinux.com';
146 $smtpServerAddress = 'localhost';
151 $smtpPort = 25;
210 $imapPort = 143;
231 $imap_server_type = 'dovecot';
499 $data_dir = '/usr/local/apache2/htdocs/webmail/data/';
517 $attachment_dir = '/usr/local/apache2/htdocs/webmail/attach/';
1012 $squirrelmail_default_language = 'zh_CN';
1027 $default_charset = 'zh_CN.UTF-8';
[root@mail webmail]# vim /usr/local/apache2/conf/httpd.conf
99 ServerName mail.crazylinux.com:80
[root@mail webmail]# pkill httpd
[root@mail webmail]# service apache start
如果是php5.3版的需要修改几个参数:
(因为php是5.3版,具体详情看http://crazylinux.blog.51cto.com/)
[root@mail webmail]# vim /usr/local/php5/php.ini
514 error_reporting = E_ALL & ~E_DEPRECATED
996 date.timezone = Asia/Shanghai
[root@mail webmail]# service apache stop
[root@mail webmail]# service apache start
测试:
4、设置SMTP用户认证
[root@mail webmail]# rpm -qa | grep -i "sasl"
cyrus-sasl-plain-2.1.22-5.el5
cyrus-sasl-lib-2.1.22-5.el5
cyrus-sasl-2.1.22-5.el5
cyrus-sasl-devel-2.1.22-5.el5
[root@mail webmail]# cp /usr/lib/sasl2/Sendmail.conf /usr/lib/sasl2/smtpd.conf
[root@mail webmail]# cat /usr/lib/sasl2/smtpd.conf
pwcheck_method:saslauthd
[root@mail webmail]# service saslauthd restart
[root@mail webmail]# chkconfig saslauthd on
[root@mail webmail]# vim /etc/postfix/main.cf
23 mailbox_size_limit = 524288000 //限制用户邮箱大小500M
24 message_size_limit = 50889600 //限制可发送邮件大小50M
25 alias_maps = hash:/etc/aliases //实现邮件别名群发
26 smtpd_sasl_auth_enable = yes
27 smtpd_sasl_security_options = noanonymous
28 mynetworks = 127.0.0.1
29 smtpd_recipient_restrictions =
30 permit_mynetworks,
31 permit_sasl_authenticated,
32 reject_unauth_destination
[root@mail webmail]# postfix reload
测试SMTP认证
[root@mail webmail]# printf "tom" | openssl base64
dG9t
[root@mail webmail]# printf "123" | openssl base64
MTIz
[root@mail webmail]# telnet mail.crazylinux.com 25
Trying 192.168.0.10...
Connected to mail.crazylinux.com (192.168.0.10).
Escape character is '^]'.
220 mail.crazylinux.com ESMTP Postfix
ehlo localhost //宣告客户端主机地址
250-mail.crazylinux.com
250-PIPELINING
250-SIZE 50889600
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN //支持认证
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
554 5.7.1 <[email protected]>: Relay access denied //未使用smtp认证发信失败
AUTH LOGIN
334 VXNlcm5hbWU6
dG9t //使用tom用户BASE64编码
334 UGFzc3dvcmQ6
MTIz //密码123的BASE64编码
235 2.7.0 Authentication successful //用户通过认证
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
this is from [email protected]
.
250 2.0.0 Ok: queued as 9BCE5EA876
quit
221 2.0.0 Bye
Connection closed by foreign host.
客户端测试:
若不选择此项,将不允许向外域发送邮件
四、配置Postfix支持虚拟用户
1、建立虚拟用户数据库
[root@mail ~]# cd /home/
[root@mail home]# tar -zxvf extman-1.1.tar.gz -C /usr/src/
[root@mail home]# cd /usr/src/extman-1.1/docs/
[root@mail docs]# mysql -u root -p < extmail.sql
[root@mail docs]# mysql -u root -p < init.sql
[root@mail docs]# vim /etc/postfix/main.cf
21 #mydestination = $mydomain, $myhostname
33 virtual_mailbox_base = /mailbox
34 virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
35 virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
36 virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
37 virtual_uid_maps = static:1000
38 virtual_gid_maps = static:1000
[root@mail docs]# cp mysql_virtual_* /etc/postfix/
2、为虚拟用户设置SMTP发信认证
[root@mail docs]# cd /home/
[root@mail home]# tar -jxvf courier-authlib-0.63.0.tar.bz2 -C /usr/src/
[root@mail home]# cd /usr/src/courier-authlib-0.63.0/
[root@mail courier-authlib-0.63.0]# ./configure --prefix=/usr/local/courier-authlib
--without-stdheaderdir
--with-authmysql
--with-redhat
--with-mysql-libs=/usr/local/mysql/lib/mysql
--with-mysql-includes=/usr/local/mysql/include/mysql
如果报错,
configure 加上路径 --with-authmysql=/usr/local/mysql/lib/mysql
[root@mail courier-authlib-0.63.0]# make
[root@mail courier-authlib-0.63.0]# make install
[root@mail courier-authlib-0.63.0]# make install-configure
[root@mail courier-authlib-0.63.0]# echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf
[root@mail courier-authlib-0.63.0]# ldconfig
[root@mail courier-authlib-0.63.0]# cd /usr/local/courier-authlib/etc/authlib/
[root@mail authlib]# cp authdaemonrc authdaemonrc.bak
[root@mail authlib]# vim authdaemonrc
27 authmodulelist="authmysql"
34 authmodulelistorig="authmysql"
[root@mail authlib]# chmod -R 755 /usr/local/courier-authlib/var/spool/authdaemon/
[root@mail authlib]# cp authmysqlrc authmysqlrc.bak
[root@mail authlib]# vim authmysqlrc
26 MYSQL_SERVER localhost
27 MYSQL_USERNAME extmail
28 MYSQL_PASSWORD extmail
49 MYSQL_SOCKET /tmp/mysql.sock
68 MYSQL_DATABASE extmail
83 MYSQL_USER_TABLE mailbox
92 MYSQL_CRYPT_PWFIELD password
113 MYSQL_UID_FIELD uidnumber
119 MYSQL_GID_FIELD gidnumber
128 MYSQL_LOGIN_FIELD username
133 MYSQL_HOME_FIELD concat('/mailbox/',homedir)
139 MYSQL_NAME_FIELD name
150 MYSQL_MAILDIR_FIELD concat('/mailbox/',maildir)
[root@mail authlib]# cp /usr/src/courier-authlib-0.63.0/courier-authlib.sysvinit
/etc/init.d/courier-authlib
[root@mail authlib]# chmod 755 /etc/rc.d/init.d/courier-authlib
[root@mail authlib]# chkconfig --level 35 courier-authlib on
[root@mail authlib]# service courier-authlib start
[root@mail authlib]# cat /usr/lib/sasl2/smtpd.conf
pwcheck_method:authdaemond
authdaemond_path: /usr/local/courier-authlib/var/spool/authdaemon/socket
3、修改Dovecot配置
[root@mail authlib]# vim /etc/dovecot.conf
218 mail_location = maildir:/mailbox/%d/%n/Maildir
837 auth default {
842 mechanisms = plain
950 passdb sql {
952 args = /etc/dovecot-mysql.conf
953 }
1028 userdb sql {
1030 args = /etc/dovecot-mysql.conf
1031 }
[root@mail authlib]# cp /etc/dovecot-sql-example.conf /etc/dovecot-mysql.conf
[root@mail authlib]# cat /etc/dovecot-mysql.conf
29 driver = mysql
63 connect = host=localhost dbname=extmail user=extmail password=extmail
70 default_pass_scheme = CRYPT
99 password_query = \
100 SELECT username AS user,password AS password \
101 FROM mailbox WHERE username = '%u'
116 user_query = SELECT maildir, uidnumber AS uid, gidnumber AS gid FROM mailbox WHERE us ername = '%u'
[root@mail authlib]# mkdir -p /mailbox/extmail.org/postmaster/Maildir/
[root@mail authlib]# chown -R postfix:postfix /mailbox/
[root@mail authlib]# pkill dovecot
[root@mail authlib]# dovecot
[root@mail authlib]# /usr/local/courier-authlib/sbin/authtest -s login [email protected] extmail
Authentication succeeded.
Authenticated: [email protected] (uid 1000, gid 1000)
Home Directory: /mailbox/extmail.org/postmaster
Maildir: /mailbox/extmail.org/postmaster/Maildir/
Quota: (none)
Encrypted Password: $1$phz1mRrj$3ok6BjeaoJYWDBsEPZb5C
Cleartext Password: extmail
Options: (none)
[root@mail authlib]# perl -e 'use MIME::Base64;
print encode_base64("postmaster\@extmail.org")'
cG9zdG1hc3RlckBleHRtYWlsLm9yZw==
[root@mail authlib]# perl -e 'use MIME::Base64; print encode_base64("extmail")'
ZXh0bWFpbA==
[root@mail authlib]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.crazylinux.com ESMTP Postfix
auth login
334 VXNlcm5hbWU6
cG9zdG1hc3RlckBleHRtYWlsLm9yZw==
334 UGFzc3dvcmQ6
ZXh0bWFpbA==
235 2.7.0 Authentication successful
quit
221 2.0.0 Bye
Connection closed by foreign host.
五、部署ExtMail
[root@mail ~]# cd /home/
[root@mail home]# tar -zxvf Unix-Syslog-1.1.tar.gz -C /usr/src/
[root@mail home]# tar -zxvf DBI-1.610_90.tar.gz -C /usr/src/
[root@mail home]# tar -zxvf DBD-mysql-4.013.tar.gz -C /usr/src/
[root@mail home]# cd /usr/src/Unix-Syslog-1.1/
[root@mail Unix-Syslog-1.1]# perl Makefile.PL
[root@mail Unix-Syslog-1.1]# make
[root@mail Unix-Syslog-1.1]# make install
[root@mail Unix-Syslog-1.1]# cd ../DBI-1.610_90/
[root@mail DBI-1.610_90]# perl Makefile.PL
[root@mail DBI-1.610_90]# make
[root@mail DBI-1.610_90]# make install
[root@mail DBI-1.610_90]# cd ../DBD-mysql-4.013/
[root@mail DBD-mysql-4.013]# perl Makefile.PL
[root@mail DBD-mysql-4.013]# make
[root@mail DBD-mysql-4.013]# make install
[root@mail DBD-mysql-4.013]# tar -zxvf /home/extmail-1.2.tar.gz
-C /usr/local/apache2/htdocs/
[root@mail DBD-mysql-4.013]# cd /usr/local/apache2/htdocs
[root@mail htdocs]# mv extmail-1.2/ extmail
[root@mail htdocs]# cd extmail/
[root@mail extmail]# chown -R postfix:postfix cgi
[root@mail extmail]# cp webmail.cf.default webmail.cf
[root@mail extmail]# vim webmail.cf
2 SYS_CONFIG = /usr/local/apache2/htdocs/extmail/
5 SYS_LANGDIR = /usr/local/apache2/htdocs/extmail/lang
8 SYS_TEMPLDIR = /usr/local/apache2/htdocs/extmail/html
127 SYS_MAILDIR_BASE = /mailbox
139 SYS_MYSQL_USER = extmail
140 SYS_MYSQL_PASS = extmail
141 SYS_MYSQL_DB = extmail
142 SYS_MYSQL_HOST = localhost
143 SYS_MYSQL_SOCKET = /tmp/mysql.sock
[root@mail extmail]# vim /usr/local/apache2/conf/httpd.conf
390 Include conf/extra/httpd-vhosts.conf
[root@mail extmail]# cat /usr/local/apache2/conf/extra/httpd-vhosts.conf
NameVirtualHost 192.168.0.10
<VirtualHost 192.168.0.10>
DocumentRoot "/usr/local/apache2/htdocs/extmail/html"
ServerName mail.crazylinux.com
ScriptAlias /extmail/cgi/ /usr/local/apache2/htdocs/extmail/cgi/
Alias /extmail /usr/local/apache2/htdocs/extmail/html/
SuexecUserGroup postfix postfix
</VirtualHost>
[root@mail extmail]# service apache stop
[root@mail extmail]# service apache start
验证:http://mail.crazylinux.com
六、部署Extman Web管理界面
[root@mail extmail]# cd /home/
[root@mail home]# tar -zxvf GD-2.44.tar.gz -C /usr/src/
[root@mail home]# tar -zxvf File-Tail-0.99.3.tar.gz -C /usr/src/
[root@mail home]# cd /usr/src/GD-2.44/
[root@mail ~]# yum -y install gd-devel
[root@mail GD-2.44]# perl Makefile.PL
[root@mail GD-2.44]# make
[root@mail GD-2.44]# make install
[root@mail GD-2.44]# cd ../File-Tail-0.99.3/
[root@mail File-Tail-0.99.3]# perl Makefile.PL
[root@mail File-Tail-0.99.3]# make
[root@mail File-Tail-0.99.3]# make install
[root@mail File-Tail-0.99.3]# cd /home/
[root@mail home]# rpm -ivh rrdtool-*
[root@mail home]# tar -zxvf extman-0.2.5.tar.gz -C /usr/local/apache2/htdocs/
[root@mail home]# cd /usr/local/apache2/htdocs/
[root@mail htdocs]# mv extman-0.2.5/ extman
[root@mail htdocs]# chown -R postfix:postfix /usr/local/apache2/htdocs/extman/cgi/
[root@mail htdocs]# mkdir /tmp/extman
[root@mail htdocs]# chown -R postfix:postfix /tmp/extman/
[root@mail htdocs]# vim extman/webman.cf
2 SYS_CONFIG = /usr/local/apache2/htdocs/extman/
5 SYS_LANGDIR = /usr/local/apache2/htdocs/extman/lang
8 SYS_TEMPLDIR = /usr/local/apache2/htdocs/extman/html
12 SYS_MAILDIR_BASE = /mailbox
127 SYS_MYSQL_USER = webman
128 SYS_MYSQL_PASS = webman
129 SYS_MYSQL_DB = extmail
130 SYS_MYSQL_HOST = localhost
131 SYS_MYSQL_SOCKET = /tmp/mysql.sock
[root@mail htdocs]# cat /usr/local/apache2/conf/extra/httpd-vhosts.conf
NameVirtualHost 192.168.0.10
<VirtualHost 192.168.0.10>
DocumentRoot "/usr/local/apache2/htdocs/extmail/html"
ServerName mail.crazylinux.com
ScriptAlias /extmail/cgi/ /usr/local/apache2/htdocs/extmail/cgi/
Alias /extmail /usr/local/apache2/htdocs/extmail/html/
ScriptAlias /extman/cgi/ /usr/local/apache2/htdocs/extman/cgi/
Alias /extman /usr/local/apache2/htdocs/extman/html/
SuexecUserGroup postfix postfix
</VirtualHost>
[root@mail htdocs]# service apache stop
[root@mail htdocs]# service apache start
测试:(密码缺省为extmail*123*,注意客户端与服务器时间同步)
[root@mail ~]# mkdir /usr/local/mailgraph_ext
[root@mail ~]# cd /usr/local/apache2/htdocs/extman/addon/mailgraph_ext/
[root@mail mailgraph_ext]# cp mailgraph_ext.pl qmonitor.pl /usr/local/mailgraph_ext/
[root@mail mailgraph_ext]# ln -sf
/usr/local/apache2/htdocs/extman/addon/mailgraph_ext/mailgraph-init /usr/sbin/
[root@mail mailgraph_ext]# ln -sf
/usr/local/apache2/htdocs/extman/addon/mailgraph_ext/qmonitor-init /usr/sbin/
[root@mail mailgraph_ext]# mailgraph-init start
[root@mail mailgraph_ext]# qmonitor-init start
[root@mail mailgraph_ext]# echo "/usr/sbin/mailgraph-init start" >> /etc/rc.local
[root@mail mailgraph_ext]# echo "/usr/sbin/qmonitor-init start" >> /etc/rc.local
验证:
七、基于邮件地址的过滤
1、 根据客户端的主机名/地址过滤邮件
[root@mail ~]# echo "smtpd_client_restrictions = check_client_access
hash:/etc/postfix/access" >> /etc/postfix/main.cf
[root@mail ~]# cat /etc/postfix/access
192.168.0 REJECT
192.168.0.100 OK
bbc.com REJECT
[root@mail ~]# postmap /etc/postfix/access
2、 根据客户机HELO信息中的主机名地址过滤邮件
[root@mail ~]# vim /etc/postfix/main.cf
40 smtpd_helo_required = yes
41 smtpd_helo_restrictions = reject_invalid_hostname
3、 根据发件人的地址过滤
[root@mail ~]# vim /etc/postfix/main.cf
42 smtpd_sender_login_maps =
43 mysql:/etc/postfix/mysql_virtual_sender_maps.cf,
44 mysql:/etc/postfix/mysql_virtual_alias_maps.cf
45 smtpd_sender_restrictions =
46 permit_mynetworks,
47 reject_sender_login_mismatch,
48 reject_non_fqdn_sender,
49 reject_unknown_sender_domain,
50 check_sender_access hash:/etc/postfix/sender_access
[root@mail ~]# cat /etc/postfix/sender_access
[email protected] REJECT
marketing@ REJECT
fake.aptech.com REJECT
[root@mail ~]# postmap /etc/postfix/sender_access
4、 根据收件人的地址过滤
[root@mail ~]# vim /etc/postfix/main.cf
51 smtpd_recipient_restrictions =
52 permit_mynetworks,
53 permit_sasl_authenticated,
54 reject_unauth_destination,
55 reject_non_fqdn_recipient,
56 reject_unknown_recipient_domain
八、基于邮件内容过滤
1、安装并配置MailScanner扫描调度工具
[root@mail ~]# cd /home
[root@mail home]# tar -zxvf MailScanner-4.79.11-1.rpm.tar.gz -C /usr/src/
[root@mail home]# cd /usr/src/MailScanner-4.79.11-1/
[root@mail MailScanner-4.79.11-1]# yum -y install rpm-build
[root@mail MailScanner-4.79.11-1]# ./install.sh
[root@mail MailScanner-4.79.11-1]# vim /etc/MailScanner/MailScanner.conf
131 Run As User = postfix
136 Run As Group = postfix
165 Incoming Queue Dir = /var/spool/postfix/hold
169 Outgoing Queue Dir = /var/spool/postfix/incoming
196 MTA = postfix
2185 Required SpamAssassin Score = 7
2191 High SpamAssassin Score = 10
2390 Spam Actions = deliver header "X-Spam-Status: Yes"
2451 High Scoring Spam Actions = delete forward [email protected]
[root@mail ~]# vim /etc/postfix/main.cf
57 header_checks = regexp:/etc/postfix/header_checks
[root@mail ~]# echo "/^Received:/ HOLD" >> /etc/postfix/header_checks
[root@mail ~]# chown -R postfix:postfix /var/spool/MailScanner/incoming
[root@mail ~]# chown -R postfix:postfix /var/spool/MailScanner/quarantine
[root@mail ~]# service MailScanner start
[root@mail ~]# chkconfig --level 35 MailScanner on
2、安装并配置Spam Assassin垃圾邮件过滤器
[root@mail ~]# yum -y install spamassassin
[root@mail ~]# service spamassassin start
[root@mail ~]# chkconfig spamassassin on
3、安装并配置F-Prot病毒查杀软件
[root@mail ~]# cd /home/
[root@mail home]# tar -zxvf fp-Linux-i686-ws.tar.gz -C /opt/
[root@mail home]# cd /opt/f-prot/
[root@mail f-prot]# ./install-f-prot.pl
[root@mail f-prot]# /opt/f-prot/fpupdate //手动更新病毒库
[root@mail f-prot]# crontab –e
00 8 * * * /opt/f-prot/fpupdate
[root@mail f-prot]# service crond restart
[root@mail f-prot]# chkconfig crond on