(postfix+dovecot+mysql+extmail)
理论基础:
配置:
系统环境:Rhel6 x86_64 selinux and iptables disabled
主机: 192.168.122.186 server86.example.com mail.extmail.org
相关网址:rpm.pbone.net www.eicar.org
所需的包:
extmail-1.2.tar.gz extman-1.1.tar.gz Unix-Syslog-1.1.tar.gz perl-GD-2.45-1.el6.rfx.x86_64.rpm rrdtool-perl-1.3.8-6.el6.x86_64.rpm perl-File-Tail-0.99.3-8.el6.noarch.rpm cyrus-sasl-sql-2.1.23-13.el6.x86_64.rpm postfix-2.10.0.tar.gz thunderbird-17.0.2-1.el6.remi.x86_64.rpm clamav-0.97.6-1.el6.rf.x86_64.rpm clamav-db-0.97.6-1.el6.rf.x86_64.rpm clamav-milter-0.97.6-1.el6.rf.x86_64.rpm clamd-0.97.6-1.el6.rf.x86_64.rpm sendmail-milter-8.14.4-8.el6.x86_64.rpm MailScanner-4.84.5-3.rpm.tar.gz
rarlinux-3.8.0.tar.gz
1.配置mysql
[root@server86 ~]# yum install mysql-server -y
[root@server86 ~]# vim /etc/hosts
192.168.122.186 server86.example.com
[root@server86 ~]# /etc/init.d/mysqld start
[root@server86 ~]# chkconfig mysqld on
[root@server86 ~]# mkdir -p /var/www/extsuite
[root@server86 kernel]# tar zxf extmail-1.2.tar.gz -C /var/www/extsuite/
[root@server86 kernel]# tar zxf extman-1.1.tar.gz -C /var/www/extsuite/
[root@server86 kernel]# cd /var/www/extsuite/
[root@server86 extsuite]# mv extmail-1.2/ extmail
[root@server86 extsuite]# mv extman-1.1/ extman
[root@server86 extsuite]# cd /var/www/extsuite/extman/docs/
[root@server86 docs]# mysql < extmail.sql (导入extmail自带数据库)
[root@server86 docs]# mysql < init.sql (导入extmail测试用户)
至此mysql配置完毕!!!
2.配置postfix
[root@server86 ~]# yum install postfix -y
[root@server86 ~]# /etc/init.d/postfix start
[root@server86 ~]# chkconfig postfix on
[root@server86 ~]# useradd -u 600 -s /sbin/nologin vmail
[root@server86 ~]# cp /var/www/extsuite/extman/docs/mysql_virtual_alias_maps.cf /var/www/extsuite/extman/docs/mysql_virtual_domains_maps.cf /var/www/extsuite/extman/docs/mysql_virtual_mailbox_maps.cf /etc/postfix/
[root@server86 ~]# postconf -e inet_interfaces=all
[root@server86 ~]# postconf -e virtual_mailbox_base=/home/vmail/
[root@server86 ~]# postconf -e virtual_uid_maps=static:600
[root@server86 ~]# postconf -e virtual_gid_maps=static:600
[root@server86 ~]# postconf -e virtual_alias_maps=mysql:/etc/postfix/mysql_virtual_alias_maps.cf
[root@server86 ~]# postconf -e virtual_mailbox_domains=mysql:/etc/postfix/mysql_virtual_domains_maps.cf
[root@server86 ~]# postconf -e virtual_mailbox_maps=mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
[root@server86 ~]# /etc/init.d/postfix restart
[root@server86 new]# mail [email protected]
若配置成功会在/home/vmail/下建立extmail.org/postmaster/Maildir/目录,邮件存放在/Maildir/new/中。
至此postfix配置完毕!!!
3.配置extmail(前台)
[root@server86 ~]# yum install httpd -y
[root@server86 ~]# cd /var/www/extsuite/extmail/
[root@server86 extmail]# less INSTALL (查看如何配置)
[root@server86 extmail]# vim /etc/httpd/conf/httpd.conf
NameVirtualHost *:80
<VirtualHost *:80>
ServerName mail.extmail.org
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
SuexecUserGroup vmail vmail
</VirtualHost>
[root@server86 ~]# /etc/init.d/httpd restart
[root@server86 ~]# chkconfig httpd on
[root@server86 ~]# vim /etc/hosts
192.168.122.186 mail.extmail.org
此时访问mail.extmail.org会出现如下错误:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, root@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Apache/2.2.15 (Red Hat) Server at mail.extmail.org Port 80解决方法如下:
[root@server86 extmail]# chown -R vmail.vmail cgi/
此时访问mail.extmail.org会出现如下错误:
Can't locate CGI.pm in @INC (@INC contains: /var/www/extsuite/extmail/libs /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at /var/www/extsuite/extmail/libs/Ext/CGI.pm line 20. BEGIN failed--compilation aborted at /var/www/extsuite/extmail/libs/Ext/CGI.pm line 20. Compilation failed in require at /var/www/extsuite/extmail/libs/Ext/App.pm line 23. BEGIN failed--compilation aborted at /var/www/extsuite/extmail/libs/Ext/App.pm line 23. Compilation failed in require at /var/www/extsuite/extmail/libs/Ext/App/Login.pm line 16. BEGIN failed--compilation aborted at /var/www/extsuite/extmail/libs/Ext/App/Login.pm line 16. Compilation failed in require at index.cgi line 20.
解决方法如下:
[root@server86 extmail]# yum install perl-CGI -y
此时访问mail.extmail.org会出现如下错误:
Can't locate /var/www/cgi-bin/extmail//lang//en_US in @INC (@INC contains: /var/www/extsuite/extmail/libs /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at /var/www/extsuite/extmail/libs/Ext/Lang.pm line 65.
解决方法如下:
[root@server86 extmail]# cp webmail.cf.default webmail.cf
此时访问mail.extmail.org会出现如下错误:
Unix::Syslog not found, please install it first! (in cleanup) Undefined subroutine &Ext::Logger::do_closelog called at /var/www/extsuite/extmail/libs/Ext/Logger.pm line 86.
解决方法如下:
方法一:
[root@server86 kernel]# vim /var/www/extsuite/extmail/webmail.cf
SYS_LOG_ON = 0 (不记录日志)
方法二:
[root@server86 kernel]# yum install perl-ExtUtils-MakeMaker make gcc -y
[root@server86 kernel]# tar zxf Unix-Syslog-1.1.tar.gz
[root@server86 kernel]# cd Unix-Syslog-1.1
[root@server86 Unix-Syslog-1.1]# perl Makefile.PL
[root@server86 Unix-Syslog-1.1]# make && make install
此时登录会出现如下错误:
connect('database=extmail;host=localhost;mysql_socket=/var/lib/mysql/mysql.sock','db_user',...) failed: Access denied for user 'db_user'@'localhost' (using password: YES) at /var/www/extsuite/extmail/libs/Ext/Auth/MySQL.pm line 45
解决方法如下:
[root@server86 extmail]# vim webmail.cf
SYS_MAILDIR_BASE = /home/vmail
SYS_CRYPT_TYPE = plain (如果之前在导入extmail测试用户前有将密码更改为明文密码的话才需修改次参数)
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
此时extmail配置完毕!!!
4.配置extman(后台)
[root@server86 ~]# cd /var/www/extsuite/extman/
[root@server86 extman]# less INSTALL (查看如何配置)
[root@server86 extman]# vim /etc/httpd/conf/httpd.conf
NameVirtualHost *:80
<VirtualHost *:80>
ServerName mail.extmail.org
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi
Alias /extman /var/www/extsuite/extman/html
SuexecUserGroup vmail vmail
</VirtualHost>
[root@server86 extman]# /etc/init.d/httpd restart
此时访问mail.extmail.org/extman会出现如下错误:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, root@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Apache/2.2.15 (Red Hat) Server at mail.extmail.org Port 80
解决方法如下:
[root@server86 extman]# chown vmail.vmail -R cgi/
此时访问mail.extmail.org/extman会出现如下错误:
Can't locate /var/www/cgi-bin/extman//lang//en_US in @INC (@INC contains: /var/www/extsuite/extman/libs /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at / var/www/extsuite/extman/libs/Ext/Lang.pm line 65.
解决方法如下:
[root@server86 extman]# cp webman.cf.default webman.cf
此时会出现登录界面无验证码图片的错误:
解决方法如下:
方法一:
[root@server86 kernel]# vim /var/www/extsuite/extman/webman.cf
SYS_CAPTCHA_ON = 0 (不进行校验码校验)
方法二:
[root@server86 kernel]# yum localinstall perl-GD-2.45-1.el6.rfx.x86_64.rpm -y
[root@server86 kernel]# vim /var/www/extsuite/extman/webman.cf
# sys_captcha_len
SYS_CAPTCHA_LEN = 4 ( 设置校验码长度)
此时即使你输入正确的密码和验证码也无法登录成功!!
解决方法如下:
[root@server86 extman]# vim webman.cf
SYS_MAILDIR_BASE = /home/vmail
SYS_SESS_DIR = /tmp/
SYS_CRYPT_TYPE = plain (如果之前在导入extmail测试用户前有将密码更改为明文密码的话才需修改次参数)
此时登录后System页面无法显示:
解决方法如下:
[root@server86 ~]# cd /var/www/extsuite/extman/daemon/
[root@server86 daemon]# ./cmdserver -d
此时点击System页面下的Graph Log会出现如下错误:
Can't locate RRDs.pm in @INC (@INC contains: /var/www/extsuite/extman/libs /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at /var/www/extsuite/extman/libs/Ext/GraphLog.pm line 23. BEGIN failed--compilation aborted at /var/www/extsuite/extman/libs/Ext/GraphLog.pm line 23. Compilation failed in require at /var/www/extsuite/extman/libs/Ext/MgrApp/ViewLog.pm line 22. BEGIN failed--compilation aborted at /var/www/extsuite/extman/libs/Ext/MgrApp/ViewLog.pm line 22. Compilation failed in require at viewlog.cgi line 18.
解决方法如下:
[root@server86 kernel]# yum localinstall rrdtool-perl-1.3.8-6.el6.x86_64.rpm -y
[root@server86 kernel]# cd /var/www/extsuite/extman/addon/
[root@server86 addon]# cp -r mailgraph_ext/ /usr/local/
[root@server86 addon]# cd /usr/local/mailgraph_ext/
[root@server86 mailgraph_ext]# ./mailgraph-init start
启动时会出现如下错误:
Starting mail statistics grapher: mailgraph_ext
Can't locate File/Tail.pm in @INC (@INC contains: /usr/local/lib64/perl5 / usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at /usr/local/mailgraph_ext/mailgraph_ext.pl line 296.
BEGIN failed--compilation aborted at /usr/local/mailgraph_ext/mailgraph_ext.pl line 296.
Starting queue statistics grapher: qmonitor
解决方法如下:
[root@server86 kernel]# yum localinstall perl-File-Tail-0.99.3-8.el6.noarch.rpm -y
至此extman配置完毕!!!
5.配置dovecot
[root@server86 ~]# yum install dovecot -y
[root@server86 ~]# yum install dovecot-mysql.x86_64 -y
[root@server86 ~]# /etc/init.d/dovecot start
[root@server86 ~]# chkconfig dovecot on
[root@server86 ~]# cd /etc/dovecot/
[root@server86 dovecot]# vim dovecot.conf
protocols = imap pop3 lmtp
[root@server86 dovecot]# cd /etc/dovecot/conf.d/
[root@server86 conf.d]# vim 10-mail.conf
mail_location = maildir:/home/vmail/%d/%n/Maildir
first_valid_uid = 600 (/first)
[root@server86 conf.d]# vim 10-auth.conf
disable_plaintext_auth = no (如果之前在导入extmail测试用户前有将密码更改为明文密码的话才需修改次参数)
auth_mechanisms = plain (如果之前在导入extmail测试用户前有将密码更改为明文密码的话才需修改次参数)
!include auth-sql.conf.ext
[root@server86 conf.d]# rpm -ql dovecot | grep dovecot-sql
[root@server86 conf.d]# cp /usr/share/doc/dovecot-2.0.9/example-config/dovecot- sql.conf.ext /etc/dovecot/
[root@server86 conf.d]# vim /etc/dovecot/dovecot-sql.conf.ext
driver = mysql
connect = host=localhost dbname=extmail user=extmail password=extmail
default_pass_scheme = plain
password_query = \
SELECT username, domain, password \
FROM mailbox WHERE username = '%u' AND domain = '%d'
user_query = SELECT maildir, 600 AS uid, 600 AS gid FROM mailbox WHERE username = '%u'
[root@server86 conf.d]# /etc/init.d/dovecot restart
[root@server86 dovecot]# telnet localhost 110 (测试收信)
Trying ::1...
Connected to localhost.
Escape character is '^]'.
+OK Dovecot ready.
user [email protected]
+OK
pass westos
+OK Logged in. (出现此提示说明配置成功)
list
+OK 1 messages:
1 823
.
quit
+OK Logging out.
Connection closed by foreign host.
[root@server86 kernel]# yum localinstall thunderbird-17.0.2-1.el6.remi.x86_64.rpm -y
[root@server86 kernel]# thunderbird
按上图配置添加用户,用thunderbird进行收发邮件!
至此dovecot配置完毕!!!
6.配置postfix的sasl认证
[root@server86 ~]# yum list cyrus*
[root@server86 ~]# yum install cyrus-sasl-plain.x86_64 -y
[root@server86 kernel]# yum localinstall cyrus-sasl-sql-2.1.23-13.el6.x86_64.rpm -y
[root@server86 kernel]# cd /usr/share/doc/postfix-2.6.6/README_FILES/
[root@server86 README_FILES]# less SASL_README(查看如何配置postfix)
[root@server86 README_FILES]# postconf -e smtpd_sasl_auth_enable=yes
[root@server86 README_FILES]# postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination"
[root@server86 README_FILES]# postconf -e smtpd_sasl_authenticated_header=yes
[root@server86 kernel]# tar zxf postfix-2.10.0.tar.gz
[root@server86 kernel]# cd postfix-2.10.0/README_FILES/
[root@server86 README_FILES]# less SASL_README (查看如何配置postfix)
[root@server86 README_FILES]# vim /etc/sasl2/smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: extmail
sql_passwd: extmail
sql_database: extmail
sql_select: SELECT password FROM mailbox WHERE username = '%u@%r'
[root@server86 README_FILES]# /etc/init.d/postfix restart
[root@server86 dovecot]# perl -MMIME::Base64 -e 'print encode_base64("\0postmaster\@extmail.org\0westos");' (此条命令可以在SASL_README 中找到)
AHBvc3RtYXN0ZXJAZXh0bWFpbC5vcmcAd2VzdG9z (通过此命令得到一加密字符串)
[root@server86 dovecot]# telnet localhost 25 (测试)
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 server86.example.com ESMTP Postfix
auth plain AHBvc3RtYXN0ZXJAZXh0bWFpbC5vcmcAd2VzdG9z
235 2.7.0 Authentication successful (看到此提示则说明配置成功)
[root@server86 kernel]# thunderbird
按上图配置thunderbird
配置成功在发邮件时需要输入用户密码。
至此postfix的sasl认证配置完毕!!!
7.配置postfix的TLS认证
[root@server86 ~]# cd /usr/share/doc/postfix-2.6.6/README_FILES/
[root@server86 README_FILES]# less TLS_README (查看如何配置postfix)
[root@server86 README_FILES]# postconf -e smtpd_tls_security_level=may
[root@server86 README_FILES]# postconf -e smtpd_tls_session_cache_database=
btree:/var/lib/postfix/smtpd_scache
[root@server86 README_FILES]# vim /etc/postfix/main.cf
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,permit_tls_clientcerts,reject_unauth_destination
[root@server86 README_FILES]# cd /etc/pki/tls/certs/
[root@server86 certs]# make postfix.pem (证书名称可任意)
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:shanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:server86.example.com
Email Address []:[email protected]
[root@server86 certs]# mv postfix.pem /etc/postfix/
[root@server86 certs]# postconf -e smtpd_tls_cert_file=/etc/postfix/postfix.pem
[root@server86 certs]# /etc/init.d/postfix restart
按上图配置thunderbird
配置成功在发邮件时需要先下载证书。
至此postfix的TLS认证配置完毕!!!
Mailsystem's subsystem(子系统)
1.安装反垃圾软件
[root@server86 ~]# yum install spamassassin -y
[root@server86 ~]# /etc/init.d/spamassassin start
2.安装反病毒软件
[root@server86 kernel]# yum localinstall clamav-0.97.6-1.el6.rf.x86_64.rpm clamav-db-0.97.6-1.el6.rf.x86_64.rpm clamav-milter-0.97.6-1.el6.rf.x86_64.rpm clamd-0.97.6-1.el6.rf.x86_64.rpm sendmail-milter-8.14.4-8.el6.x86_64.rpm -y
[root@server86 kernel]# /etc/init.d/clamd start
[root@server86 kernel]# /etc/init.d/clamav-milter start
[root@server86 kernel]# freshclam (更新病毒库)
注:通过执行rpm -ql clamav-db可以查看到病毒库在/var/clamav/下,并且更新病毒库后,会自动在/etc/cron.daily/中生成一个名为freshclam的日计划执行文件,每天自动更新一次病毒库
到www.eicar.org下载病毒eicar.com或者eicar.com.txt,用clamscan或clamdscan测试是否能扫描到病毒
3安装并配置MailScanner
[root@server86 kernel]# tar zxf MailScanner-4.84.5-3.rpm.tar.gz
[root@server86 kernel]# cd MailScanner-4.84.5-3
[root@server86 MailScanner-4.84.5-3]# ./install.sh
会出现如下错误:
(1)You need to install the patch command from your Linux distribution.
Once you have done that, please try running this script again.
解决方法如下:
[root@server86 MailScanner-4.84.5-3]# yum install patch -y
(2)./install.sh: line 107: rpmbuild: command not found
Your /usr/src/redhat, /usr/src/RPM or /usr/src/packages
tree is missing.
If you have access to an RPM called rpm-build or rpmbuild
then install it first and come back and try again.
解决方法如下:
[root@server86 MailScanner-4.84.5-3]# yum install rpm-build -y
[root@server86 MailScanner-4.84.5-3]# /etc/init.d/postfix stop
[root@server86 MailScanner-4.84.5-3]# chkconfig MailScanner on
[root@server86 MailScanner-4.84.5-3]# chkconfig postfix off
[root@server86 MailScanner-4.84.5-3]# vim /etc/MailScanner/MailScanner.conf
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Virus Scanners = clamd
Always Include SpamAssassin Report = yes
Use SpamAssassin = yes
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
Clamd Socket = /var/run/clamav/clamd.sock
Incoming Work Group = clamav
Incoming Work Permissions = 0640
[root@server86 MailScanner-4.84.5-3]# mkdir -p /var/spool/MailScanner/spamassassin
[root@server86 MailScanner-4.84.5-3]# chown postfix.clamav -R /var/spool/MailScanner/
此时执行MailScanner –lint检查配置参数可以查看到以下错误:
(1)Unrar is not installed, it should be in /usr/bin/unrar.
This is required for RAR archives to be read to check
filenames and filetypes. Virus scanning is not affected.(提示没有找到unrar,即不能对压缩文件进行病毒扫描)
解决方法如下:
[root@server86 MailScanner-4.84.5-3]# tar zxf rarlinux-3.8.0.tar.gz
[root@server86 MailScanner-4.84.5-3]# cd rar
[root@server86 MailScanner-4.84.5-3]# ln -s /root/kernel/rar/unrar /usr/bin/
[root@server86 MailScanner-4.84.5-3]# make install
(2)ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf
ERROR: is not correct, it should match X-yoursite-MailScanner-From
解决方法如下:
[root@server86 MailScanner-4.84.5-3]# vim /etc/MailScanner/spam.assassin.prefs.conf
envelope_sender_header X-yoursite-MailScanner-From
(3)Checking for SpamAssassin errors (if you use it)...
Using SpamAssassin results cache
Connected to SpamAssassin cache database
config: failed to parse line, skipping, in "/etc/mail/spamassassin/mailscanner.cf": use_auto_whitelist 0
SpamAssassin reported an error.
解决方法如下:
[root@server86 MailScanner-4.84.5-3]# vim /etc/MailScanner/spam.assassin.prefs.conf
#use_auto_whitelist 0
[root@server86 MailScanner-4.84.5-3]# postconf -e header_checks=regexp:/etc/postfix/header_checks
[root@server86 ~]# echo /^Received:/ HOLD >> /etc/postfix/header_checks
[root@server86 ~]# /etc/init.d/MailScanner restart
用thunderbird以附件的形式将eicar.com或者eicar.com.txt发送出去,对方不能收到且在/var/log/maillog日志中看到以下信息:
Jun 25 14:59:10 server86 MailScanner[13006]: Virus and Content Scanning: Starting
Jun 25 14:59:11 server86 MailScanner[13006]: Requeue: 3EFE822F05.A4269 to 1256822EFD
Jun 25 14:59:11 server86 postfix/qmgr[12982]: 1256822EFD: from=<[email protected]>, size=1697, nrcpt=1 (queue active)
Jun 25 14:59:11 server86 MailScanner[13006]: Uninfected: Delivered 1 messages
Jun 25 14:59:11 server86 MailScanner[13006]: Deleted 1 messages from processing-database
Jun 25 14:59:11 server86 postfix/local[13107]: 1256822EFD: to=<[email protected]>, orig_to=<[email protected]>, relay=local, delay=2.6, delays=2.2/0.23/0/0.19, dsn=2.0.0, status=sent (delivered to mailbox)
Jun 25 14:59:11 server86 postfix/qmgr[12982]: 1256822EFD: removed
至此反垃圾反病毒子系统配置完毕!!!