postfix+cyrus-sasl+mysql+postfixadmin+courier-imap+squirrelmail+clamav+spamassassin
系统环境:RedhatAS4u3
系统软件:只装了一些GCC和一些系统管理相关的包
安装Mysql
安装MYSQL
# tar -zxf mysql-standard- 5.0.15 -linux-i686.tar.gz
# cp -r mysql-standard- 5.0.15 -linux-i686 /usr/local/mysql
# vi /usr/local/mysql/support-files/my-medium.cnf
在后面加上
max_connections = 1000
log-slow-queries
long_query_time = 5
注 max_connections 为允许的最大连接数
log-slow-queries 打开低速查询日志
long_query_time 低速查询的秒数(运行一句sql达到此时间记录在日志里)
然后COPY 它为 /etc/my.cnf 文件
# cp /usr/local/mysql/support-files/my-medium.cnf /etc/my.cnf
添加mysql用户及用户组
# groupadd mysql
# useradd -g mysql mysql
修改mysql目录权限
# chown -R root /usr/local/mysql
# chgrp -R mysql /usr/local/mysql
# chown -R mysql /usr/local/mysql/data
生成mysql系统数据库
# /usr/local/mysql/scripts/mysql_install_db --user=mysql&
(在执行上边的这个命令的时候,一定要在/usr/local/mysql目录下执行,否则会有意外的结果)
启动mysql服务
# /usr/local/mysql/bin/mysqld_safe --user=mysql&
如出现 Starting mysqld daemon with databases from /usr/local/mysql/data
代表正常启动mysql服务了, 按Ctrl + C 跳出
修改 mysql 的 root 密码
# /usr/local/mysql/bin/mysqladmin -u root -p password 123456
回车出现 Enter password: 最开始密码默认为空 继续回车即可
123456 即为你的新密码
安装Apache
解压源码包
# tar -zxf httpd- 2.0.55 .tar.gz
进入安装目录
# cd httpd- 2.0.55
配置apache安装信息
# ./configure --prefix=/usr/local/apache --enable-modules=so --enable-rewrite
执行make安装
# make; make install
安装完后
# vi /usr/local/apache/conf/httpd.conf
找到 prefork.c 下的
MaxClients 150
改为
ServerLimit 2000
MaxClients 1000
apache默认工作在prefork.c模式下,并发进程为150,超过后就无法访问,150是远远不够的,所以这里按自己网站的需求改, 如1000
由于apache默认最大并发进程是 256 所以要先设置 ServerLimit 2000 将服务器可设的最大并发数设为2000, 然后再设置最大并发数 MaxClients 1000
找到 #ServerName [url]www.example.com:80[/url] 在其下设置 ServerName 如下
ServerName [url]www.mysite.com[/url]
基中 [url]www.mysite.com[/url] 为你网站名,也可用IP代替
找到 DocumentRoot "/usr/local/apache/htdocs"
设置你的 WEB 服务器的根目录 如
DocumentRoot "/myweb"
找到 DirectoryIndex index.html index.html.var 改为
DirectoryIndex index.html index.php index.htm
找到 ForceLanguagePriority Prefer Fallback 在其下加上
AddDefaultCharset gb2312
改完后保存(vi 的用法请查 Linux vi 命令)
用下面命令启动WEB服务器
# /usr/local/apache/bin/apachectl start
查看自己的站点是否正常 [url]http://www.mysite.com[/url] 也可用IP
用 # /usr/local/apache/bin/apachectl stop 可停止服务
安装PHP
# tar -zxf php- 5.0.5 .tar.gz
# cd php-5.05
#./configure --prefix=/usr/local/php --with-apxs2=/apache/bin/apxs --with-mysql=/usr/local/mysql
(这是最基本的安装PHP)
# make
# make install
cyrus-sasl- 2.1.21
# wget [url]http://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-[/url] 2.1.21 .tar.gz
# tar zxvf cyrus-sasl- 2.1.21 .tar.gz
# cd cyrus-sasl- 2.1.21
# ./configure \
--disable-anon -enable-plain --enable-login \
--enable-sql --with-mysql=/usr/local/mysql \
--with-mysql-includes=/usr/local/mysql/include \
--with-mysql-libs=/usr/local/mysql/lib \
--with-authdaemond
# make
# make install
更新lib库
# echo "/usr/local/lib" >> /etc/ld.so.conf
# ldconfig
# ln -s /usr/local/lib/sasl2 /usr/lib/sasl2(做这部之前 最好先备份一下原来的!如果有的话)
安装postfix- 2.2.10
# mv /usr/bin/newaliases /usr/bin/newaliases.bak
# mv /usr/bin/mailq /usr/bin/mailq.bak
# mv /usr/sbin/sendmail /usr/sbin/sendmail.bak
安装之前先:
# groupadd -g 12345 postfix
# useradd -u 12345 -g 12345 -c postfix -d/dev/null -s/sbin/nologin postfix
# groupadd -g 54321 postdrop
# wget [url]ftp://postfix.cn99.com/postfix/official/postfix-[/url] 2.2.10 .tar.gz
# make -f Makefile.init makefiles \
'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include -DUSE_SASL_AUTH -I/usr/local/include/sasl' \
'AUXLIBS=-L/usr/local/mysql/lib/ -lmysqlclient -lz -lm -L/usr/local/lib -lsasl2'
# make install
在安装postfix时按照默认提示安装就好了,下边的配置文件也是根据默认安装postfix配置的
# echo /usr/local/mysql/lib >> /etc/ld.so.conf
# ldconfig
安装postfixadmin 2.1.0
建立apache和maildrop的用户和组
# groupadd vmail -g 1001
# useradd vmail -u 1001 -g 1001 -s/sbin/nologin -d/dev/null
# wget [url]http://high5.net/postfixadmin/download.php?file=postfixadmin-2.1.0.tgz[/url]
# tar -zxvf postfixadmin- 2.1.0 .tgz
# mv postfixadmin- 2.1.0 /usr/local/apache/htdocs/postfixadmin
修改postfixadmin目录下的权限为vmail
建立mysql表
# cd /usr/local/apache/htdocs/postfixadmin
# mysql -u root < DATABASE_MYSQL.TXT
# cp config.inc.php.sample config.inc.php
# vi config.inc.php
$CONF['default_language'] = 'cn';
$CONF['database_type'] = 'mysql';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfixadmin';
$CONF['database_password'] = 'postfixadmin';
$CONF['database_name'] = 'postfix';
$CONF['encrypt'] = 'md5crypt';
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';
$CONF['quota'] = 'YES';
$CONF['quota_multiplier'] = '1024000';
邮箱的存储格式使用domain.ltd/username的形式,所以设置:
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';
[url]http://www.yourdomain.com/postfixadmin/admin/index.php[/url]就能添加域,用户了
我配置的postfix main.cf文件
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
unknown_local_recipient_reject_code = 550
header_checks = regexp:/etc/postfix/header_checks
#############NEW ADD#####################
#=====================BASE=====================
myhostname = mail.test.com
mydomain = test.com
mydestination = $myhostname
local_recipient_maps =
local_transport = virtual
#=====================MySQL=====================
virtual_alias_maps = mysql:/tmail/etc/mysql/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:54321
virtual_mailbox_base = /mailbox/
virtual_mailbox_domains = mysql:/tmail/etc/mysql/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 5 1200 000
virtual_mailbox_maps = mysql:/tmail/etc/mysql/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 125
virtual_transport = virtual
virtual_uid_maps = static:12345
#=====================Quota=====================
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/tmail/etc/mysql/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please
try again later.
virtual_overquota_bounce = yes
#====================SASL=====================
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_delay_reject= yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,permit_auth_destination,r
eject
smtpd_client_restrictions = permit_sasl_authenticated
建立用存储邮件的目录/mailbox/
# mkdir /mailbox
注意权限问题,改称postfix:postfix的署主属组好了
建立/etc/postfix/mysql文件夹和MySQL查询配置文件
# mkdir /etc/postfix/mysql
1、vi /etc/postfix/mysql/mysql_virtual_alias_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
2、vi /etc/postfix/mysql/mysql_virtual_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = domain
select_field = description
where_field = domain
#additional_conditions = and backupmx = '0' and active = '1'
3、vi /etc/postfix/mysql/mysql_virtual_mailbox_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
#additional_conditions = and active = '1'
4、vi /etc/postfix/mysql/mysql_virtual_mailbox_limit_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = quota
where_field = username
#additional_conditions = and active = '1'
配置 /usr/local/lib/sasl2/smtpd.conf(做这步之前最好先备份以下原有的)
sasl密码验证机制为authdaemond
# vi /usr/local/lib/sasl2/smtpd.conf
pwcheck_method:authdaemond
log_level:3
srp_mda:md5
password_format:crypt
mech_list:PLAIN LOGIN
authdaemond_path: /usr/local/var/spool/authdaemon/socket(最好把这个目录的权限设置成777,免得调试的时候有问题)
安装courier-authlib-0.58
# tar xvfj courier-authlib-0.58.tar.bz2
# cd courier-authlib-0.58
# ./configure \
--with-redhat \
--with-authmysql=yes \
--with-mailuser=vmail \
--with-mysql-libs=/usr/local/mysql/lib/ --with-mysql-includes=/usr/local/mysql/include
# make
# make install
# make install-configure
# chmod �CR /usr/local/var/spool/authdaemon/
# vi /usr/local/etc/authlib/authdaemonrc
authmodulelist="authmysql"
# vi /usr/lib/authlib/etc/authlib/authmysqlrc
MYSQL_SERVER localhost
MYSQL_SOCKET /tmp/mysql.sock
MYSQL_USERNAME postfix
MYSQL_PASSWORD postfix
MYSQL_PORT 0
MYSQL_OPT 0
MYSQL_DATABASE postfix
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD '12345'
MYSQL_GID_FIELD '54321'
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD '/mailbox/'
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD maildir
MYSQL_QUOTA_FIELD concat(quota,'S')
注意:确认在这个文件中不能用空格键(包括行尾),只能用tab键。
确认只使用单引号,比如:'/var/mailbox/','UID','GID'(本文为' 1001 ')
localhost不能用单引号
确认你的/etc/hosts文件中有localhost
启动服务
# /usr/lib/authlib/sbin/authdaemond start
安装courier-imap- 4.1.0
# tar jxvf courier-imap- 4.1.0 .tar.bz2
# cd courier-imap- 4.1.0
# ./configure --prefix=/usr/local/imap --with-redhat --enable-unicode --disable-root-check --
with-trashquota --without-ipv6 CPPFLAGS='-I/usr/lib/authlib/include'
COURIERAUTHCONFIG='/usr/lib/authlib/bin/courierauthconfig' CPPFLAGS='-
I/usr/lib/authlib/include'
# make
# make install-strip (先install-strip,如果失败,再make install)
# make install-configure
# vi /usr/local/imap/etc/pop3d
POP3DSTART=YES
# vi /usr/local/imap/etc/imapd
IMAPDSTART=YES
手工启动服务
# /usr/local/imap/libexec/imapd.rc start
# /usr/local/imap/libexec/pop3.rc start
装到这里一个邮件的基本服务就全了这时你要是安装顺利的话应该看到了25,110,143,3306,80端口在运行了
安装webmail:squirrelmail- 1.4.7
我在写这篇文档的时候已经有1.5。*版本了但是我在安装中文语言包的时候不知道为什么就添加不上,所以我就退了一步选择了1.4的版本
# wget [url]http://keihanna.dl.sourceforge.net/sourceforge/squirrelmail/squirrelmail-1.4.5.tar.bz2[/url]
# wget [url]http://optusnet.dl.sourceforge.net/sourceforge/squirrelmail/zh_CN-1.4.5-20050904.tar.bz2[/url] 中文语言包
# tar jxvf squirrelmail- 1.4.5 .tar.bz2 -C /usr/local/apache/webmail
# tar jxvf zh_CN- 1.4.5 - 2005 0904.tar.bz2 -C /usr/local/apache/webmail/
在配置squirrelmail之前先下载三个插件:
#wget [url]http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fquota_usage-1.3-1.2.7.tar.gz[/url](显示邮件使用情况)
# wget [url]http://www.squirrelmail.org/plugins/compatibility-2.0.2.tar.gz[/url] (修改密码)
# wget [url]http://www.squirrelmail.org/plugins/change_mysqlpass-3.2-1.2.8.tar.gz[/url] (修改密码)
把这三个插件解压到squirrelmail的plugin目录下
# tar zxvf quota_usage-1.3- 1.2.7 .tar.gz -C /usr/local/apache/webmail/plugins/
# tar zxvf compatibility- 2.0.2 .tar.gz -C /usr/local/apache/webmail/plugins/
# tar zxvf change_mysqlpass-3.2- 1.2.8 .tar.gz -C /usr/local/apache/webmail/plugins/
配置webmail
# cd /usr/local/apache/webmail /plugins/quota_usage
# cp config.php.sample config.php
配置Change MySQL Password
# cd /usr/local/apache/webmail/plugins/change_mysqlpass
# cp config.php.sample config.php
# vi config.php
更改如下几个变量:
$mysql_database = 'postfix';
$mysql_table = 'mailbox';
$mysql_userid_field = 'username';
$mysql_password_field ='password';
$mysql_manager_id = 'postfix';
$mysql_manager_pw = 'postfix';
$mysql_unixcrypt = 0;
$mysql_MD5crypt = 1;
$use_ssl_for_password_change = 0;
配置squirrelmail
# cd /usr/local/apache/webmail
# ./configure
进入10. Languages
把1. Default Language : 的en_US改成zh_CN。
进入8. Plugins,添加三个插件
登陆你的webmail把
登陆进邮箱后如在屏幕的左上角看到邮箱的使用情况,你还会看到一条警告信息:
Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /var/www/squirrelmail/plugins/change_mysqlpass/functions.php on line 129
这是由于数据库结构不一致造成的,你只要把functions.php中的129行注释调即可(在行首加//)
安装clamav
在安装防病毒库的时候一定要安装最新的版本要不然的话不能升级
到 [url]www.clamav.org[/url]去下载最新的版本
# tar zxvf clamav-0.88.4.tar.gz
# cd clamav-0.88
# groupadd clamav
# useradd -g clamav -s/sbin/nologin -d/dev/null clamav
#./configure --prefix=/usr/local/clamav --with-dbdir=/usr/local/share/clamav --disable-zlib-vcheck
# make
# make check
# make install
编辑/usr/local/clamav/etc/clamd.conf
# vi /usr/local/clamav/etc/clamd.conf
#Verbose logging with syslog
LogSyslog
LogVerbose
LogFacility LOG_MAIL
LogFile /var/log/clamav/clamd.log(这行最好也注释掉,反正我注释了)
#Change pid file location
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /usr/local/share/clamav
#Set the clamav socket
LocalSocket /var/run/clamav/clamd
#Close the connection when this limit is exceeded
StreamMaxLength 10M
#Don't run clamd as root
User amavis
#Newer versions require you to uncomment this
ScanMail
ScanArchive
编辑/usr/local/clamav/etc/freshclam.conf
# vi /usr/local/clamav/etc/freshclam.conf
DatabaseDirectory /usr/local/share/clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogSyslog
LogVerbose
DatabaseOwner amavis
#Check for updates every two hours. That is the official recommendation
Checks 12
DatabaseMirror db.CN.clamav.net
DatabaseMirror database.clamav.net
NotifyClamd
注意:一定要注释掉上面两个文件中Example那行
添加amavis用户和组
# groupadd amavis
# useradd -g amavis -s /sbin/nologin -d /dev/null amavis
创建日志文件夹并设置权限
# mkdir /var/log/clamav
# chmod -R 744 /var/log/clamav
# chown -R amavis:amavis /var/log/clamav
# chown -R amavis.amavis /usr/local/share/clamav
# mkdir /var/run/clamav
# chmod 700 /var/run/clamav
# chown amavis.amavis /var/run/clamav
手动更新病毒库
# /usr/local/clamav/bin/freshclam
main.cvd is up to date (version:, sigs:, f-level:, builder: tkojm)
daily.cvd is up to date (version:, sigs: , f-level:, builder: ccordes)显示成功了,我把一些病毒库的版本去掉了
安装Spamassassin
去网上找一个安装包,最好是新点的包像防病毒犯垃圾这些东西是月新越好啊
我就不提供下载地址了
# tar zxvf Mail-SpamAssassin- 3.1.4 .tar.gz
# cd Mail-SpamAssassin- 3.1.4
# perl Makefile.PL
估计会提示你很多错误不要紧张
# perl -MCPAN -e shell
去下载你缺的东西
启动spamd
# /usr/bin/spamd --daemonize --pidfile /var/run/spamd.pid
安装MailScanner
MailScanner也是需要你去下载较新的版本而且这个安装比较简单因为它提供了一个install.sh的脚本就是安装的时间比较长(而且我在装这个的时候北京要下雨了,这急得我)
vi /etc/MailScanner/MailScanner.conf
%org-name% = test.com
%org-long-name% = test
%web-site% = mail.test.com
%report-dir% = /etc/MailScanner/reports/cn
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Virus Scanners = clamav
Always Include SpamAssassin Report = yes
Use SpamAssassin = yes
Required SpamAssassin Score = 6
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamAssassin Install Prefix = /usr/bin
SpamAssassin Local Rules Dir = /etc/MailScanner
下载中文垃圾垃圾邮件过滤规则Chinese_rules.cf
# wget -N -P /usr/share/spamassassin [url]www.ccert.edu.cn/spam/sa/Chinese_rules.cf[/url]
# vi /etc/postfix/header_check
/^Received:/ HOLD
(做这步前先备份原来的文件)
启动MailScannner
# service MailScanner start
测试病毒邮件
发送一封含有X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* 的邮件
测试病毒邮件
发送一封含有X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* 的邮件,
收到邮件后会在主题会变成:{Virus?} Virus test
邮件内容会是以下内容:
警告: 此邮件有一个或多个附加档案被移除
警告: 附加档案名称: (详细讯息).
警告: 请参考此信件附加档案 "toping.net-Attachment-Warning.txt" 取得更详细的资料
此讯息由 MailScanner 电子邮件防护系统发出
-----------------------------------------
原有邮件附加档案为 "详细讯息" 被列入拒绝处理的名单.
且被替换为此讯息.
若您仍希望收到*被感染的*附加档案,,请联络系统管理者.包含以下内容:
病毒侦测报告:
ClamAV: msg-3682-1.txt contains Eicar-Test-Signature
求助问题: 检查 the toping.net () MailScanner 机器的 /var/spool/MailScanner/quarantine/ 2006 0309 (编号 639F13F97B.BBC3F).
-系统管理者
以上内容出现表示mailscanner的病毒过滤生效。并成功运行!!
估计很难有人一次就配置成功的,不管遇到什么问题看看日志有的时候就是一个目录的权限问题 或者是其他的细节问题