在FreeBSD下架设安全的Mail Server及webmail

 

FreeBSD下架设安全的Mail Serverwebmail

一、准备工作

1.一台服务器或可充当服务器的电脑

2.FreeBSD的安装盘,DVD格式的

二、安装步骤

1.安装FreeBSD操作系统

2.portsnap更新ports

3.编译需要的软件

进入/usr/ports/www/nginx执行make config

选择如下

[X] FILE_AIO
[X] HTTP_MODULE
[X] HTTP_CACHE_MODULE
[X] HTTP_GZIP_STATIC_MODULE
[X] HTTP_PERL_MODULE
[X] HTTP_REALIP_MODULE
[X] HTTP_REWRITE_MODULE
[X] HTTP_SECURE_LINK_MODULE
[X] HTTP_SSL_MODULE
[X] HTTP_SUB_MODULE
[X] HTTP_XSLT_MODULE
[X] WWW

然后make install clean

进入/usr/port/lang/php52执行make config

[X] CLI
[X] CGI
[X] REDIRECT
[X] DISCARD
[X] FASTCGI
[X] FPM
[X] PATHINFO

执行make install clean

进入/usr/ports/lang/php52-extensions执行make config

[X] BZ2
[X] CALENDAR
[X] CTYPE
[X] CURL
[X] DOM
[X] FILEINFO
[X] FILTER
[X] GD
[X] GETTEXT
[X] HASH
[X] ICONV
[X] IMAP
[X] JSON
[X] MBSTRING
[X] MCRYPT
[X] MHASH
[X] MYSQL
[X] MYSQLI
[X] OPENSSL
[X] PCNTL
[X] PCRE
[X] PDO
[X] PDO_MYSQL
[X] POSIX
[X] SESSION
[X] SIMPLEXML
[X] SNMP
[X] SOCKETS
[X] SPL
[X] SYSVMSG
[X] SYSVSEM
[X] SYSVSHM
[X] TOKENIZER
[X] XML
[X] XMLREADER
[X] XMLRPC
[X] XMLWRITER
[X] XSL
[X] ZIP
[X] ZLIB

执行make install clean

进入/usr/ports/databases/mysql55-server执行make config

[X] OPENSSL

执行make install clean

进入/usr/port/mail/courier-imap执行make config

[X] AUTH_MYSQL

make install clean

进入/usr/ports/mail/postfix执行make config

[X] PCRE
[X] SASL2
[X] TLS
[X] MYSQL
[X] VDA

make install clean

进入/usr/ports/security/clamav执行make config

[X] ARC
[X] ARJ
[X] LHA
[X] UNZOO
[X] UNRAR
[X] LLVM
[X] TESTS
[X] MILTER
[X] ICONV Enable ICONV support

make install clean

进入/usr/ports/security/amavisd-new执行make config

[X] MYSQL
[X] SASL
[X] SPAMASSASSIN
[X] FILE
[X] RAR
[X] UNRAR
[X] ARJ
[X] LHA
[X] ARC
[X] CAB
[X] RPM
[X] ZOO
[X] LZOP
[X] FREEZE
[X] P7ZIP
[X] MSWORD

make install clean

进入/usr/ports/mail/p5-Mail-SpamAssassin执行make config

[X] AS_ROOT
[X] SPAMC
[X] DKIM
[X] SSL
[X] GNUPG
[X] MYSQL

执行make install clean

进入/usr/ports/mail/postfixadmin执行make config

[X] MYSQL
[X] MYSQLI

执行make install clean

软件安装工作完成,进入配置阶段,我很喜欢FreeBSD的一点就是,软件编译完成之后,所有的配置文件都会放在/usr/local/etc下,不需要你到处去找conf或者etc文件夹。

4.配置文件

重要第一步

打开/etc/rc.conf写入

nginx_enable="YES"
mysql_enable="YES"
php_fpm_enable="YES"

进入/usr/local/etc/rc.d依次执行

#./nginx start

#./mysql-server start

#./php-fpm start

配置你的nginxphp,打开你的网站,直到你看见http://localhost/postfixadmin的安装界面,安装他。

进入/usr/local/etc/postfix

打开main.cf,到文件尾加入下列代码

#======= BASE ==============
#myhostname = mail
#mydomain = raytoon.cn
home_mailbox = maildir/
#mydestination = $myhostname
#local_recipient_maps =
command_directory = /usr/local/sbin
local_transport = virtual

#======= MYSQL =============
virtual_gid_maps = static:80
virtual_mailbox_base = /data/mail/virtual
virtual_uid_maps = static:80
virtual_minimum_uid = 80
virtual_alias_maps = mysql:/usr/local/etc/postfix/virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/virtual_mailbox_maps.cf

#======= Quota ============
message_size_limit = 5242880
virtual_mailbox_limit_inbox = no
virtual_mailbox_limit_override = yes
virtual_maildir_extended = yes
virtual_mailbox_extend = yes
virtual_mailbox_limit_override = yes
virtual_create_maildirsize = yes
virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/virtual_mailbox_limit_maps.cf
virtual_mailbox_limit = 52428800

#======== SASL ================
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl2_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_delay_reject=yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_auth_destination,reject
smtpd_client_restrictions = permit_sasl_authenticated
#smtpd_sasl_local_domain = $mydomain
smtpd_helo_required = yes
strict_rfc821_envelopes = yes

保存退出,注意80是用户和组ID,如果你的nginx用户和组ID不是80,你就需要改这两个数字新建/usr/local/etc/postfix/virtual_mailbox_limit_maps.cf

user = root
password = xxxxxxx
hosts = localhost
dbname = postfix
table = mailbox
select_field = quota
where_field = username

保存退出

新建/usr/local/etc/postfix/virtual_alias_maps.cf

user = root
password = xxxxxxx
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address

保存退出

新建/usr/local/etc/postfix/virtual_domains_maps.cf

user = root
password = xxxxxxxx
hosts = localhost
dbname = postfix
table = domain
select_field = description
where_field = domain

保存退出

新建/usr/local/etc/postfix/virtual_mailbox_maps.cf

user = root
password = xxxxxxxx
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username

保存退出

打开/usr/local/etc/authlib/authdaemonrc,找到authmodulelist=删除其他选项,只留authmysql,找到authmodulelistorig=删除其他,只保留authmysql。加入version="authaemond.mysql"

保存退出

打开/usr/local/etc/authlib/authmysqlrc

DEFAULT_DOMAIN your.domian
MYSQL_CRYPT_PWFIELD password
MYSQL_DATABASE postfix
MYSQL_GID_FIELD '80'
MYSQL_HOME_FIELD '/data/mail/virtual'
MYSQL_LOGIN_FIELD username
MYSQL_MAILDIR_FIELD maildir
MYSQL_NAME_FIELD name
MYSQL_OPT 0
MYSQL_PASSWORD xxxxxxxxxx
MYSQL_PORT 3306
#MYSQL_QUOTA_FIELD quota
MYSQL_SERVER 127.0.0.1
MYSQL_UID_FIELD '80'
MYSQL_USERNAME root
MYSQL_USER_TABLE mailbox

保存退出

进入/usr/local/lib/sasl2/

新建文件smtpd.conf

pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path: /var/run/authdaemond/socket

保存退出

然后进入/etc,编辑rc.conf,加入

clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
clamav_milter_enable="YES"
spamd_enable="YES"

sendmail_enable="NONE"
sendmail_submit_enable="NO"
sendmail_outbound_enbale="NO"
#sendmail_msp_queue_enable="NO"
postfix_enable="YES"
courier_authdaemond_enable="YES"
courier_imap_imapd_enable="YES"
courier_imap_imapd_ssl_enable="YES"
courier_imap_pop3d_enable="YES"
courier_imap_pop3d_ssl_enable="YES"
amavisd_enable="YES"
amavisd_pidfile="/var/amavis/amavisd.pid"
amavisd_ram="512m"
amavis_milter_enable="YES"
amavis_p0fanalyzer_enable="YES"
amavis_p0fanalyzer_p0f_filter="tcp dst port 25"

重启电脑,如果你不想重启,就在/etc下运行

#sh rc

#rehash

#newaliases

如果你还想使用sslimappop3,就需要用openssl生成比较合法的pem文件

5.安装webmail

进入/usr/ports/mail/atmail

执行make config

[X] MBSTRING
[X] ICONV

执行make install clean

完成,这里需要说明,atmail安装完成后,你需要去/usr/local/www/atmail下面执行#php lang.php all

然后你才能使用中文,否则你只有英文可以用。但是默认没有简体中文,只有繁体的。

imapdpostfix有任何问题可以去/var/log/maillog里面tail跟踪。

 

你可能感兴趣的:(职场,安全,休闲)