CenTOS 5.6安装基于Postfix的邮件发送系统
(Postfix+Mysql+Mailscanner+Mailwatch
)
目标:配置一台只用于发送邮件Mail系统,信任内网主机不设认证.
通过域名与IP地址控制客户机邮件主机使用的权限.
外部邮件直接发送,如果是内部邮件relay回内部邮件服务器。
基于MailScanner 记录邮件。
Mailwatch直观浏览.
目录:
1)服务器相关信息
2)安装需要的软件包
3)DNS相关配置
4)安装配置Postfix
5)安装配置MailScanner
6) 安装配置Mailwatch
一、服务器相关信息
1. 服务器型号:IBM
操作系统:Cent OS 5.6
主机名:mx01.test.com
2.网络设置
.网卡设置
DEVICE=eth0
BOOTPROTO=none
HWADDR=
ONBOOT=yes
IPADDR=192.168.4.3
NETMASK=255.255.255.0
GATEWAY=
TYPE=Ethernet
DNS设置
vim /etc/resolv.conf
nameserver 192.168.4.1
nameserver 192.168.4.2
二.安装需要的软件包
1、在安装maiscanner时要用到rpm-build,如果centos 5.6没有安装,手动安装遇到点问题.
# yum install rpm-build
注意,安装完rpm-build后要手动建立建立以下五个文件夹,否则安装mailscanner时会报错,具体原因不清。
/usr/src/redhat/
|-- BUILD
|-- RPMS
|-- SOURCES
|-- SPECS
|
`-- SRPMS
2、安装mysql, mysql-server, php, php-gd, php-devel,php-mysql ,httpd
# yum install mysql mysql-server php php-gd php-devel php-mysql httpd
三、添加MX记录
1)建立正向反向和MX记录
@
mx 10 mx01.test.com.
mx01 A 192.168.4.3
四、安装postfix.
1) Sendmail是Centos 默认安装的MTA服务,在安装postfix前先将停止.
# /etc/init.d/SendMail stop
# yum install Postfix
# rpm –e SendMail
# /etc/init.d/postfix start
2.) 对Postfix进行配置。
设置邮件主机使用权限与过滤机制。
通过postfix的mynetworks配置用户的使用权限与过滤,只让公司内部主机与规定域名才有relay权限。
配置postfix的配置文件main.cf
mynetworks=172.0.0.0/8,192.168.4.0/24, hash:/etc/postfix/access
# nano /etc/postfix/access
192.168.1
ACCEPT
192.168.2
ACCEPT
# postmap hash:/etc/postfix/access
基于transport 实现内部邮件Relay.
1 配置允许本地转发的域用户
relay_domains =$mydestination
local_recipient_maps = $alias_maps hash:/etc/postfix/relay_recipients
relay_recipients 文件的配置
[root@mx01]# cat relay_recipients
@test.com mail
# postmap hash:/etc/postfix/relay_recipients
2 定义转发到内部邮件服务器的邮件。
transport_maps = hash:/etc/postfix/transport
[root@mx01]# nano transport
test.com
relay:[192.168.10.198] #内部邮件主机
mx.abc.com
relay:[192.168.10.198]
*
smtp:[192.168.4.20] #其他的邮件发送到邮件网关
[root@mx01]# postmap hash:/etc/postfix/transport
C、配置Postfix的主配置文件 /etc/postfix/main.cf, 以下是修改过的项.
#=====================BASE=========================
myhostname = mx01.test.com #postfix服务的邮件主机的主机名,建虚拟域时不要建这个同名的
mydomain = mx01.test.com #postfix服务的邮件主机的域名
myorigin = $mydomain #设置由本机寄出的邮件所使用的域名或主机名称
mydestination = $myhostname, $mydomain
#设置可接收邮件的主机名称或域名
mynetworks = 127.0.0.0/8,192.168.4.0/24,hash:/etc/postfix/access
#设置可转发哪些网络的邮件,不需要认证的网段
inet_interfaces = all #设置postfix服务监听的网络接口
relay_domains = $mydestination #设置可转发哪些网域的邮件
local_recipient_maps = $alias_maps hash:/etc/postfix/relay_recipients
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
transport_maps = hash:/etc/postfix/transport
#====================QUOTA========================
message_size_limit = 5242880 #每个邮件最大尺寸5M
#####===========
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
mail_owner = postfix
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
五、安装MailScanner
MailScanner-4.83.5-1.rpm.tar.gz
tar -zvxf MailScanner-4.83.5-1.rpm.tar.gz
cd
./install.sh
修改MailScanner.conf
# vi /etc/MailScanner/MailScanner.conf
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Virus Scanners = none
Use SpamAssassin = no
修改 postfix支持mailscanner
# vi /etc/postfix/main.cf
变更以下的值
header_checks = regexp:/etc/postfix/header_checks
# vi /etc/postfix/header_checks
/^Received:/ HOLD
注意, 在 / 之前不可以有空白!
变更目录权限
# chown postfix.postfix /var/spool/MailScanner/incoming
# chown postfix.postfix /var/spool/MailScanner/quarantine
停止postfix执行、启动MailScanner
# service postfix stop
# chkconfig postfix off
# service MailScanner start
设定MailScanner,当MTA = postfix时,会自己启动postfix,如有设定启动postfix的请先将它停掉
六、安装mailwatch
网上下载最新版mailwatch-1.0.5.tar.gz
MailWatch需要php-gd模块支持,因此,没有安装 php-gd请用下面命令安装php-gd模块。
shell#yum install -y php-gd
1.解压软件
shell# tar zxvf mailwatch-1.0.5.tar.gz -C /usr/local/
shell# cd /usr/local/
shell# ln -s mailwatch-1.0.5/ mailwatch
2.数据库相关设置
初始化数据库
shell# mysql -uroot -p < /usr/local/mailwatch/create.sql
建立
mysql用户
shell# mysql -u root -p
mysql> GRANT ALL ON mailscanner.* TO mailwatch@localhost IDENTIFIED BY 'passwd';
mysql> GRANT FILE ON *.* TO mailwatch@localhost IDENTIFIED BY 'passwd';
mysql> FLUSH PRIVILEGES;
建立
web管理用户
shell# mysql mailscanner -u mailwatch -p
Enter password: ******
mysql> use mailscanner;
mysql> INSERT INTO users (username,password,type) VALUES ('admin',md5('passwd'),'A');
3. MailWatch相关配置
将
MailWatch.pm复制到 /usr/lib/MailScanner/MailScanner/ CustomFunctions目录中,对于非
rpm安装的复制到 /opt/MailScanner/lib/MailScanner/MailScanner/ CustomFunctions目录中。
shell# cd /usr/local/mailwatch
shell# cp MailWatch.pm /usr/lib/MailScanner/MailScanner/CustomFunctions/
修改
/usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm文件,将
$db_user和$db_pass改成建立好my sql用户和密码:
将下面内容:
my($db_user) = 'root';
my($db_pass) = '';
改成:
my($db_user) = 'mailwatch';
my($db_pass) = 'passwd';
4.黑名单/白名单设置
shell# cp SQLBlackWhiteList.pm /usr/lib/MailScanner/MailScanner/CustomFunctions/
修改
/usr/lib/MailScanner/MailScanner/CustomFunctions/SQLBlackWhiteList.pm文件
my($db_user) = 'root';
my($db_pass) = '';
改成:
my($db_user) = 'mailwatch';
my($db_pass) = 'passwd';
5. Web相关配置
shell# cd /usr/local/mailwatch
shell# mv mailscanner/ /var/www/html/
shell# chown root:apache /var/www/html/mailscanner/
shell# chown root.apache /var/www/html/mailscanner/images
shell# chown root.apache /var/www/html/mailscanner/images/cache/
shell# chmod -R ug+rwx /var/www/html/mailscanner/images
shell# chmod -R ug+rwx /var/www/html/mailscanner/images/cache/
配置apache,建立
mailwatch web配置文件
将
/var/www/html/mailscanner/conf.php.example复制成
/var/www/html/mailscanner/conf.php
shell# cp /var/www/html/mailscanner/conf.php.example /var/www/html/mailscanner/conf.php
修改
/var/www/html/mailscanner/conf.php文件,将
DB_U SER和 DB_PASS
define(DB_USER, 'mailwatch');
define(DB_PASS, 'passwd');
6.修改MailScanner配置
修改
/etc/MailScanner/MailScanner.conf
Quarantine Permissions = 0660
Always Looked Up Last = &MailWatchLogging
Is Definitely Not Spam = &SQLWhitelist
Is Definitely Spam = &SQLBlacklist
重启动 MailScanner
七、测试
mailwatch浏览地址http://192.168.4.3/mailscanner/