、前期准备
由于整个环境会设计比较多得依赖包,所以先实用yum将依赖包安装上!
查询
- for i in httpd-devel mysql-devel mysql-server php-xml php-pdo php-mbstring libtool-ltdl-devel expect-devel openldap-servers pcre-devel apr-devel apr-util-devel perl-DBD-MySQL libtool-itdl expect php-gd postgresql-devel libdbi ruby php-mcrypt php-mhash libmcrypt-devel libmhash-devel prel-unix-syslog ;do rpm -qa $i ;done
安装完后启动mysql httpd服务
- For i in mysqld httpd ; do service $i start ; done
认证数据库部分
- tar –xf extman-1.1.tar.gz
- cd extman-1.1/docs
- mysqladmin –uroot password “newbie”
- mysql –pnewbie < extmail.sql
- mysql –pnewbie < init.sql
安装认证中间件courier-authlib让MTA MAA来访问MYSQL
- tar –xf courier-authlib-0.63.0.tar.bz2
- cd courier-authlib-0.63.0
- ./configure
- Make && make install
安装完后创建并修改配置文件,文件中我们需要告诉他认证使用mysql,将mysql所需要的一些参数写入配置文件
- Cd /usr/local/etc/authlib/
- Cp authdaemonrc.dist authdaemonrc
- Vim authdaemonrc
- 将authmodulelist=“authmysql”
- authmodulelistorig=“authmysql”
- DEBUG_LOGIN=2
- DEFAULTOPTIONS=“wbnodsn=1”
创建authmysqlrc文件
Cp authmysqlrc.dist authmysqlrc
vi authmysqlrc
- MYSQL_SERVER localhost
- MYSQL_USERNAME extmail
- MYSQL_PASSWORD extmail
- MYSQL_SOCKET /var/lib/mysql/mysql.sock
- MYSQL_SELECT_CLAUSE SELECT username,password,"",uidnumber,gidnumber, \
- CONCAT('/home/data/domains/',homedir), \
- CONCAT('/home/data/domains/',maildir), \
- quota, \
- name \
- FROM mailbox \
- WHERE username = '$(local_part)@$(domain)'
Authlib为了方便管理,需要创建authlib启动脚本,使用systemV方式i
- cd courier-authlib-0.63.0
- cp courier-authlib.sysvinit /etc/init.d/courier-authlib
- chmod 755 /etc/init.d/courier-authlib
- chkconfig --add courier-authlib
- service courier-authlib start
- chkconfig courier-authlib on
pop与imap支持
接下来安装courier-imap 提供pop3和imap支持
tar xf courier-imap-4.7.0.tar.bz2
cd courier-imap-4.7.0
软件 需要普通永华来编译,我们使用zhoutao用户在编译
- Useradd zhoutao
- chown -R zhoutao .
- su student -c './configure --with-redhat'
- su zhoutao -c make
- make install
同样,为了方便管理,创建启动脚本和配置文件,并在配置文件中打开相应协议的支持
- Cp courier-imap.sysvinit /etc/init.d/courier-imap
- Chmod 755 /etc/init.d/courier-imap
- Chkconfig –add courier-imap
- Cd /usr/lib/courier-imap/etc/
- cp imapd-ssl.dist imapd-ssl
- cp imapd.dist imapd
- cp pop3d.dist pop3d
- cp pop3d-ssl.dist pop3d-ssl
修改以上4个配置文件
将IMAPDSTART IMAPDSSLSTART POP3DSTART POP3DSSLSTART 修改为yes
启动服务
service courier-imap start
chkconfig courier-imap on
SASL认证
发信认证我们会用到sasl包,自带rpm不支持mysql活着是authlib,需要卸载掉原有的sasl包,从新编译安装一个
- rpm -e --nodeps cyrus-sasl-devel cyrus-sasl-plain cyrus-sasl cyrus-sasl-lib
- tar -xf cyrus-sasl-2.1.22.tar.gz
- cd cyrus-sasl-2.1.22
- ./configure --disable-anon --enable-plain --enable-login --enable-sql --with-mysql --withauthdaemond="/
- usr/local/var/spool/authdaemon/socket" --with-mysql- include=/usr/include/mysql/ --with-mysql-libs=/usr/lib/mysql/ --with-openssl
- make && make install
生成sasl 的相关配置文件 ,Postfix会调用smtp.conf配置文件,所以你应该手工将此
文件生成,并且在此文件中声名使用authlib来认证。
- cat > /usr/local/lib/sasl2/smtpd.conf << ENDF
- pwcheck_method:authdaemond
- log_level:3
- mech_list:PLAIN LOGIN
- authdaemond_path:/usr/local/var/spool/authdaemon/socket
- ENDF
- rm -rf /usr/lib/sasl2
- ln -s /usr/local/lib/sasl2 /usr/lib
- ln -s /usr/local/lib/libsasl* /usr/lib/
安装postfix
- useradd -u 89 postfix -s /sbin/nologin
- useradd -u 90 -s /sbin/nologin postdrop
- cd $MY_PWD
- tar xf postfix-2.7.1.tar.gz
- cd postfix-2.7.1
- make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql
- -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/local/include/sasl' 'AUXLIBS=-L/usr/lib/mysql
- -lmysqlclient -L/usr/local/lib/sasl2 -lsasl2 -L/usr/lib -lssl -lcrypto -lz -lm'
- make
- make install
服务脚本,手工创建!
- #!/bin/sh
- #
- # postfix Postfix Mail Transfer Agent
- #
- # chkconfig: 2345 80 30
- # description: Postfix is a Mail Transport Agent, which is the program \
- # that moves mail from one machine to another.
- # processname: master
- # pidfile: /var/spool/postfix/pid/master.pid
- # config: /etc/postfix/main.cf
- # config: /etc/postfix/master.cf
- #
- # $Revision: 2.2 $
- #
- # Written by Package Author: Simon J Mudd <[email protected]>
- # 25/02/99: Mostly s/sendmail/postfix/g by John A. Martin <[email protected]>
- # 23/11/00: Changes & suggestions by Ajay Ramaswamy <[email protected]>
- # 20/01/01: Changes to fall in line with RedHat 7.0 style
- # 23/02/01: Fix a few untidy problems with help from Daniel Roesen.
- # Source function library.
- . /etc/rc.d/init.d/functions
- # Source networking configuration.
- . /etc/sysconfig/network
- # Check that networking is up.
- [ ${NETWORKING} = "no" ] && exit 0
- [ -x /usr/sbin/postfix ] || exit 0
- [ -d /etc/postfix ] || exit 0
- [ -d /var/spool/postfix ] || exit 0
- RETVAL=0
- start() {
- # Start daemons.
- echo -n "Starting postfix: "
- /usr/sbin/postfix start 2>/dev/null 1>&2 && success || failure
- RETVAL=$?
- [ $RETVAL -eq 0 ] && touch /var/lock/subsys/postfix
- echo
- return $RETVAL
- }
- stop() {
- # Stop daemons.
- echo -n "Shutting down postfix: "
- /usr/sbin/postfix stop 2>/dev/null 1>&2 && success || failure
- RETVAL=$?
- [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/postfix
- echo
- return $RETVAL
- }
- reload() {
- echo -n "Reloading postfix: "
- /usr/sbin/postfix reload 2>/dev/null 1>&2 && success || failure
- RETVAL=$?
- echo
- return $RETVAL
- }
- restart() {
- stop
- start
- }
- abort() {
- /usr/sbin/postfix abort 2>/dev/null 1>&2 && success || failure
- return $?
- }
- flush() {
- /usr/sbin/postfix flush 2>/dev/null 1>&2 && success || failure
- return $?
- }
- check() {
- /usr/sbin/postfix check 2>/dev/null 1>&2 && success || failure
- return $?
- }
- # See how we were called.
- case "$1" in
- start)
- start
- ;;
- stop)
- stop
- ;;
- restart)
- restart
- ;;
- reload)
- reload
- ;;
- abort)
- abort
- ;;
- flush)
- flush
- ;;
- check)
- check
- ;;
- status)
- status master
- ;;
- condrestart)
- # don't use /var/lock/subsys/postfix, check for postfix running directly
- daemon_directory=$(postconf -h daemon_directory)
- $daemon_directory/master -t 2>/dev/null && : || restart
- ;;
- *)
- echo "Usage: postfix {start|stop|restart|reload|abort|flush|check|status|condrestart}"
- exit 1
- esac
- exit $?
修改权限
- Chmod 755 /etc/init.d/postfix
- Chkconfig –add postfix
修改postfix主配置文件
- myhostname = mail.zhoutao.com
- mydomain = zhoutao.com
- mydestination = $myhostname, localhost
使postfix支持虚拟域
- message_size_limit = 14680064
- virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
- virtual_mailbox_base = /home/data/domains
- virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
- virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
- virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_limit_maps.cf
- virtual_transport = maildrop
- maildrop_destination_recipient_limit = 1
- smtpd_sasl_auth_enable = yes
- smtpd_sasl2_auth_enable = yes
- smtpd_sasl_security_options = noanonymous
- broken_sasl_auth_clients = yes
- smtpdsmtpd_sasl_path = smtpd
- smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_unauth_pipelining,reject_invalid_hostname
为了让postfix可以和extman联用 所以将extman目录下mysql_virtual开头的配置
文件拷到postfix目录下
cp extman-1.1/docs/mysql_virtual_* /etc/postfix
现在可以启动服务了
service postfix start
chkconfig postfix on
MDA的安装
安装maildrop 以扩展邮件投递功能 ,maildrop是一个优秀的MDA,我们让postfix
在投递邮件时使用maildrop。
- tar xf maildrop-2.4.3.tar.bz2
- cd maildrop-2.4.3
- ./configure --enable-authlib --with-devel --enable-userdb --enable-maildirquota --enablesyslog=
- 1 --enable-trusted-users='root mail daemon postmaster qmaild mmdf' --enablerestrict-
- trusted=0 --enable-sendmail=/usr/sbin/sendmail
- make && make install
- ln -s /usr/local/bin/maildrop /usr/bin/
我们并不希望maildrop在投递邮件是以root身份投递,所以建个普通用户。
- groupadd -g 1000 vgroup
- useradd -g 1000 -u 1000 -s /sbin/nologin -d /dev/null vuser
配置 /etc/postfix/master.cf 文件 ,让postfix可以调用maildrop。
vi /etc/postfix/master.cf
在最后面加入下面内容:
- maildrop unix - n n - - pipe
- flags==DRhu user=vuser argv=/usr/bin/maildrop -d ${user}@${nexthop} ${recipient} ${user} ${extension} ${nexthop}
特别注意flags 前面要有一个坑爹的空格,要不然有报错!
创建邮件存储目录 并建个测试域
- mkdir -p /home/data/domains/extmail.org/postmaster
- maildirmake /home/data/domains/extmail.org/postmaster/Maildir
- chown -R vuser:vgroup /home/data/domains/
- service postfix restart
测试 maildrop
- [root@localhost ~]# echo "test" | maildrop -V 10 -d [email protected]
maildrop: authlib: groupid=1000 maildrop: authlib: userid=1000 maildrop: authlib: [email protected], home=/home/data/domains/extmail.org/postmaster, mail=/home/data/domains/extmail.org/postmaster/Maildir/ maildrop: Changing to /home/data/domains/extmail.org/postmaster Message start at 0 bytes, envelope [email protected] maildrop: Attempting .mailfilter maildrop: Delivery complete. |
出现上以信息说明 authlib,maildrop 工作正常
Webmail安装
项目中我们还需要通过web方式进行收发邮件,所以需要修改apache 配置
修改/etc/httpd/conf/httpd.conf,因为投递邮件时maildrop 是以 vuser:group用户身
份投递,所以 修改apache所有者,生成extman和extmail所需要的配置信息。
user vuser
group vgroup
[root@localhost ~]# cd /etc/httpd/conf.d/
[root@localhost conf.d]# vim extmail.conf
- Alias /extman/cgi/ /var/www/extsuite/extman/cgi/
- Alias /extman /var/www/extsuite/extman/html/
- <Location "/extman/cgi">
- SetHandler cgi-script
- Options +ExecCGI
- </Location>
- # config for ExtMail
- Alias /extmail/cgi/ /var/www/extsuite/extmail/cgi/
- Alias /extmail /var/www/extsuite/extmail/html/
- <Location "/extmail/cgi">
- SetHandler cgi-script
- Options +ExecCGI
- </Location>
apache配置完后安装extmail和extman
- mkdir /var/www/extsuite
解压extman和extmail 并cp到apache目录下
- cp -r extmail-1.2 /var/www/extsuite/extmail
- cp -r extman-1.1 /var/www/extsuite/extman
切换到/var/www/extsuite/extmail目录下 ,配置extman和extmail。首先生成主配
置文件,并在主配置文件中修改相应选项。
- cp webmail.cf.default webmail.cf
修改 webmail.cf 下面的选项
- SYS_SESS_DIR = /tmp/extmail
- SYS_MAILDIR_BASE = /home/data/domains
- SYS_MYSQL_USER = extmail
- SYS_MYSQL_PASS = extmail
切换到/var/www/extsuite/extman目录下
- cp webman.cf.default webman.cf
修改 webman.cf 下面的选项为邮件目录:
- SYS_MAILDIR_BASE = /home/data/domains
- mkdir /tmp/{extman,extmail}
- chown vuser:vgroup /tmp/ext*
另外extman为我们提供了一个友好的图形化日志工具,可以配置并启用这个后台日志
分析工具。
- cd /var/www/extsuite/extman/addon/
- cp -r mailgraph_ext /usr/local/
这个日志工具主要是基于perl语言,先安装该工具所需要的依赖包
rrdtool
perl-rrdtool
perl-GD
perl-File-Tail
启动日志分析工具
- /usr/local/mailgraph_ext/mailgraph-init start
- echo '/usr/local/mailgraph_ext/mailgraph-init start' >> /etc/rc.local
重启一下服务,测试一下
- service httpd restart
- service postfix restart
- chown -R vuser:vgroup /var/lib/php/session/
打开 浏 览 器,输 入 http://your_domain_name/extman
用户 为 :[email protected] 密码 为 :extmail*123*
垃圾邮件过滤
最后我们加入垃圾邮件的过滤,安装spamassassin,并生成/etc/maildroprc文件,以
便让maildrop在投递过程中调用spamassassin。
SpamAssassin 也会用到的一些 Perl 模块,请检查以后包是否安装了
perl-Time-HiRes
perl-Digest-SHA1
perl-HTML-Parser
perl-DB_File
perl-HTML-Tagset
perl-Razor-Agent
perl-DBI
perl-NetDNS
perl-URI
- yum install spamassassin
- cat > /etc/maildroprc << ENDF
- if ( $SIZE < 26144 )
- {
- exception {
- xfilter "/usr/bin/spamassassin --prefspath=$HOME/$DEFAULT/.spamassassin/user_prefs
- "
- }
- }
- if (/^X-Spam-Flag: *YES/)
- {
- exception {
- to "$HOME/$DEFAULT/.Spam/"
- }
- }
- else
- {
- exception {
- to "$HOME/$DEFAULT"
- }
- }
- ENDF
Spamassassinn的过滤模板在/etc/mail/spamassassin/local.cf,修改为:
vi /etc/mail/spamassassin/local.cf
- required_score 5.0
- rewrite_header Subject ********SPAM********
- report_safe 1
- use_bayes 1
- skip_rbl_checks 0
- ok_languages zh en
- ok_locales en ko
- score HEAD_ILLEGAL_CHARS 0
- score SUBJ_ILLEGAL_CHARS 0
- score DATE_IN_PAST_03_06 0
- score UPPERCASE_25_50 0
- score UPPERCASE_50_75 0
- score UPPERCASE_75_100 0
- score X_MSMAIL_PRIORITY_HIGH 0
- score X_PRIORITY_HIGH 0
- score TO_TXT 100
- score RATWARE_HASH_2 100
- score RATWARE_HASH_2_V2 100
- score BAYES_99 0.1
- score BAYES_80 0.1
- score BAYES_60 0.1
- score FROM_ILLEGAL_CHARS 0.1
- score MIME_BASE64_TEXT 0.1
- score NO_RDNS_DOTCOM_HELO 0.1
- score CHINA_HEADER 0.1
- score NO_REAL_NAME 0.2
- score HTML_MESSAGE 0.2
- score MIME_HTML_ONLY 0.2
- score MIME_HTML_ONLY_MULTI 0.2
- score FORGED_MUA_OUTLOOK 0.2
- score FORGED_HOTMAIL_RCVD 0.2
- score FORGED_OUTLOOK_TAGS 0.2
- score MAILTO_TO_SPAM_ADDR 0.2
- ## 黑白名单
- whitelist_from *@test.com
- blacklist_from
- ## 使用中国反垃圾邮件联盟的CBL/CDL
- ## URL: http://www.anti-spam.org.cn/
- header RCVD_IN_CBL eval:check_rbl('cbl', 'cbl.anti-spam.org.cn.')
- # describe RCVD_IN_CBL Received via a relay in cbl.anti-spam.org.cn
- tflags RCVD_IN_CBL net
- header RCVD_IN_CDL eval:check_rbl('cdl-notfirsthop', 'cdl.anti-spam.org.cn.')
- describe RCVD_IN_CDL CDL: dialup sender did non-local SMTP
- tflags RCVD_IN_CDL net
- score RCVD_IN_CBL 4.0
- score RCVD_IN_CDL 3.0
# 将spamassassin设定的为开机运行
- chkconfig spamassassin on
# 使用CCERT 中文垃圾邮件过滤规则集Chinese_rules.cf
- wget -N -P /usr/share/spamassassin
- http://www.ccert.edu.cn/spam/sa/Chinese_rules.cf
# 启动SpamAssassin
service spamassassin start
定期自动更新中文反垃圾邮件规则
crontab -e
# 加入
- 0 0 1 * * wget -N -P /usr/share/spamassassin
- http://www.ccert.edu.cn/spam/sa/Chinese_rules.cf ; /etc/init.d/spamassassin restart
# 建立SpamAssassin 的学习系统
- sa-learn --sync -D -p user_prefs
# 查看自学习的数据信息
- sa-learn --dump all
# 查看调试信息
- spamassassin --lint -D
再次打开浏览器测试。