postfix+dovecot 及sendmail配置实例

yum install postfix*    dovecot   system-switch-mail  -y

[root@dns ~]#  rpm -qi system-switch-mail-0.5.25-12  --查看这个包,说明是一个MTA切换工具


[root@li named]# system-switch-mail --使用这条命令进行MTA的切换
[root@li named]# /etc/init.d/sendmail status --切换过后,默认关闭了sendmail
sendmail is stopped
[root@li named]# /etc/init.d/postfix status --并自动启动了posftfix
master (pid 4896) is running...

[root@dns ~]# vim /etc/postfix/main.cf


myhostname = dns.cluster.com --只修改主机名,主机名对postfix非常重要,当然如果不改,它自己会调用gethostname()去查询

[root@dns ~]# /etc/init.d/postfix restart


[root@dns ~]# mail user1 --给本地的user1用户发邮件

[root@dns ~]# su - user1 
[user1@dns ~]$ mail --切换到user1用户查看,可以收到邮件
Mail version 8.1 6/6/93.  Type ? for help.
"/var/spool/mail/user1": 1 message 1 new
>N  1 [email protected]  Sun May  8 10:26  14/454 
& 1

 

-------------------------------------------------------

两个sendmail的互发


sendmail         ----         sendmail

172.16.57.130      172.16.57.131

li.aaa.com    li.bbb.com

 

回顾一下邮件的配置过程


1,首先配置好主机名,三步, hostname  x.x.com   vim /etc/hosts   vim /etc/sysconfig/network
   最好用静态IP     vim /etc/sysconfig/network-scripts/ifcfg-eth0
   时间同步  ntpdate  x.x.x.x
   关闭iptables  service iptables stop
   selinux       vim /etc/selinux/config  确认是否为disabled
   配置好yum,为后面装包方便  
 


2.
我这里把DNS服务器做在172.16.57.1上

[root@dns ~]# vim /var/named/chroot/etc/named.conf

options {
        directory "/var/named";
};


zone "aaa.com" IN {
        type master;
        file "data/master.aaa.com.zone";
};

zone "bbb.com" IN {
        type master;
        file "data/master.bbb.com.zone";
};


[root@dns etc]# vim /var/named/chroot/var/named/data/master.aaa.com.zone


$TTL 86400
@       IN      SOA     li.cluster.com. root. (
                            2011081101
                                60
                                30
                                360
                                86400   )
        IN      NS      li.aaa.com.   
        IN      MX 0    li.aaa.com.
li      IN      A       172.16.57.130

 

[root@dns etc]# vim /var/named/chroot/var/named/data/master.bbb.com.zone


$TTL 86400
@       IN      SOA     li.cluster.com. root. (
                            2011081101
                                60
                                30
                                360
                                86400   )
        IN      NS      li.bbb.com.
        IN      MX 0    li.bbb.com.
li      IN      A       172.16.57.131


# /etc/init.d/named restart --启动DNS服务

 

--然后把两台邮件服务器的/etc/resolv.conf的DNS指向DNS服务器的IP 172.16.57.1  
[root@li ~]# nslookup    --两台都要这样验证aaa.com和bbb.com两个域的邮件交换记录OK
> set type=mx
> aaa.com
Server:         172.16.57.1
Address:        172.16.57.1#53

aaa.com mail exchanger = 0 li.aaa.com.
> bbb.com
Server:         172.16.57.1
Address:        172.16.57.1#53

bbb.com mail exchanger = 0 li.bbb.com.


3,在两台邮件服务器上安装sendmail邮件服务器相关软件包
[root@li ~]# yum install sendmail* dovecot m4 -y

 


4,配置邮件 --两边都做

[root@li named]# vim /etc/mail/sendmail.mc  --sendmail配置档

DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl  --改为0.0.0.0,监听所有

[root@li named]# vim /etc/dovecot.conf

protocols = imap imaps pop3 pop3s

[root@li named]# /etc/init.d/sendmail restart

[root@li named]# /etc/init.d/dovecot restart

netstat -ntl     验证端口  smtp (25)    pop3 (110)   imap (143)

 

5,验证,
自己给自己发  @主机名 @域名       OK
自己给别方发  @主机名 OK 
   @域名  不行

 

6,--实现自己给对方发用短域名OK 
在li.aaa.com里
 vim /etc/mail/local-host-names  --加上
li.aaa.com
aaa.com
在li.bbb.com里
vim /etc/mail/local-host-names  --加上
li.bbb.com
bbb.com

重启sendmail   /etc/init.d/sendmail  restart


再次验证
使用    @域名  互发  OK

 

--但注意的是上面的步骤做完后,两台sendmail之间可以使用mail -s互相跨域发送邮件;但是再用两个客户端的话,互相跨域发送邮件会报中继拒绝的错误

 

   SENDMAIL  SENDMAIL
   li.aaa.com  li.bbb.com
  172.16.57.130  172.16.57.131  

    DNS
      li.cluster.com 
         172.16.57.1


  claw-mail 172.16.57.1     OUTLOOK 172.16.57.132
  [email protected]  [email protected]


如果还要另用MUA客户端软件来互相发的话,上面的两个邮件服务器还要允许这两个客户端的IP进行转发

  vim /etc/mail/access
  Connect:172.16.57                       RELAY
  /etc/init.d/sendmail restart

 

 

==================================================================

 


把上面其中一台换成postfix

 

   postfix  sendmail
   li.aaa.com  li.bbb.com
  172.16.57.130  172.16.57.131  

    DNS
      li.cluster.com 
         172.16.57.1


  claw-mail 172.16.57.1     OUTLOOK 172.16.57.132
  [email protected]  [email protected]

 


下面在li.aaa.com上的操作
[root@li ~]# yum install postfix* system-switch-mail -y


[root@li ~]# vim /etc/postfix/main.cf --配置参数格式参考PDF第41页
     --主要参数介绍参考PDF第52页


[root@li ~]# vim /etc/postfix/main.cf

myhostname = li.aaa.com  --定义自己的主机名

[root@li ~]# /etc/init.d/postfix restart

 

现在就可以自己与自己发送邮件
自己给sendmail发,也可以(因为sendmail那边的配置是OK的)
但sendmail给自己发,就不可以(因为postfix也是默认只监听127.0.0.1)

 

[root@li ~]# vim /etc/postfix/main.cf

inet_interfaces = all  --表示监听所有

[root@li ~]# /etc/init.d/postfix restart

 

现在sendmail给自己发,用长域名就可以了,短域名不可以


[root@li ~]# vim /etc/postfix/main.cf

mydestination = $myhostname, localhost.$mydomain, localhost,aaa.com
--在上面的基础上把mydestination后面加上aaa.com

[root@li ~]# /etc/init.d/postfix restart

现在sendmail给自己发,用短域名也可以了

 


把上面几个小例子综合配置一个postfix邮件服务器

 vim /etc/postfix/main.cf

myhostname = li.aaa.com --本机主机名
mydomain = aaa.com --本机域名,postfix会自动扣除第一点号前的部分作为域名。如果不是FQDN形式的主机名,就一定要手动配置你的域名
myorigin = $mydomain --当你在li.aaa.com以user1发送邮件,它会自动把你的发信地址改为[email protected]
inet_interfaces = all --监听所有
mydestination = $myhostname, localhost.$mydomain, localhost ,$mydomain
  --加上$mydomain,则表示可以直接以域名来收邮件
mynetworks = 172.16.57.0/24, 127.0.0.0/8 --信任网络,在这里也可以不配,因为默认值为subnet,也就是本网段内的都是信任网络

 /etc/init.d/postfix restart

 

===================================

再把另一台sendmail也换成postfix

   postfix  postfix
   li.aaa.com  li.bbb.com
  172.16.57.130  172.16.57.131  

    DNS
      li.cluster.com 
         172.16.57.1


  claw-mail 172.16.57.1     OUTLOOK 172.16.57.132
  [email protected]  [email protected]

 

做法和上面一样


然后测试两台postfix服务器的互发 长短域名 都OK


==========================================================

postfix   验证  --参考postfix中文权威指南的173页
  不自带验证
  需要sasl包来验证
  sasl( simple authentication and security layer)

yum install cyrus-sasl


/etc/init.d/saslauthd restart


cat /usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd


[root@li ~]# vim /etc/postfix/main.cf --加上下面一段
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_non_fqdn_hostname,
        reject_unknown_sender_domain,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unauth_destination,
        reject_unauth_pipelining,
        reject_invalid_hostname


/etc/init.d/postfix restart
/etc/init.d/saslauthd restart


--上面一系列的参数就是验证通过的规则,从上往下匹配,匹配一条后,就不再匹配
--permit_mynetworks
 这个参数就表示mynetworks这个参数配置的网段里的主机都是允许的,
也就是说,只要是你配置的信任网段里的主机,不管它们密码有没有写对,还是主
机名不符合FQDN,都是允许的
--permit_sasl_authenticated
 这个参数是需要邮件客户端把验证打勾,它表示:用户的密码要写对才允许通过


--所以上面的参数总结起来就是表示:
1,只要是mynetworks配置的信任网段就允许
2,如果不是信任的网段内的主机,则把验证打勾,然后就匹配第二条,只要用户名和密码正确也允许
3,拒绝非FQDN的主机名,拒绝未知的发送域,拒绝。。。。。。等等

 


例子1:
有permit_mynetworks此参数
那么只要是信任的网段,故意把用户的密码写错,也可以互发邮件


例子2。
注释permit_mynetworks这个参数,客户端也不把验证打勾。
然后发送测试。claws-mail报relay access deny
xp报 helo FQDN的主机名拒绝


解决:
把客户端验证打勾
再发送测试: 可以互发。因为它们是通过了permit_sasl_authenticated的验证

再把用户密码故意写错,发送测试,也通过不了

 

==========================================================

 

 

=============================================================

在上面的基础上加webmail功能

 

   postfix  postfix
   li.aaa.com  li.bbb.com
  172.16.57.130  172.16.57.131  
  --加openwebmail    --squirrelmail

    DNS
      li.cluster.com 
         172.16.57.1


  claw-mail 172.16.57.1     OUTLOOK 172.16.57.132
  [email protected]  [email protected]

 


--在130上做以下操作
openwebmail  一个网页的邮件收发工具,支持附件,网盘等各种功能
  
官方网站http://openwebmail.org/


软件包地址
ls /share/soft/openwebmail/
openwebmail-2.51-20050627.src.rpm  openwebmail-data-2.53-1.i386.rpm
openwebmail-2.53-1.i386.rpm        perl-Text-Iconv-1.7-2.el5.i386.rpm
openwebmail-2.53.tar.gz

 

[root@li /]# yum install perl-suidperl httpd httpd-devel -y   

[root@li openwebmail]# rpm -ivh perl-Text-Iconv-1.7-2.el5.i386.rpm

[root@li openwebmail]# useradd  -s /sbin/nologin tchung  --tchung这个用户是作者名,如果不加这个用户,下一步会报错说tchung用户不存在

[root@li openwebmail]# rpm -ivh openwebmail-data-2.53-1.i386.rpm openwebmail-2.53-1.i386.rpm   --这两个包要一起装,是互相依赖性的包

 

Permission and Ownership for openwebmail files have been fixed!

Please execute following tool first as a root:
/var/www/cgi-bin/openwebmail/openwebmail-tool.pl --init

After restarting httpd service, login with non-root account from
http://li.aaa.com/cgi-bin/openwebmail/openwebmail.pl
or http://li.aaa.com/webmail

If SELinux enabled, you may need to set it 'permissive' in
/etc/sysconfig/selinux or system-config-selinux

[root@li openwebmail]# /var/www/cgi-bin/openwebmail/openwebmail-tool.pl --init

初始化后


启动httpd 服务  /etc/init.d/httpd start 

 

 

--在131上加squirrelmail(rhel自带的 rpm 版webmail,基于php的)


[root@li ~]# yum install squirrelmail -y


[root@li ~]# vim /etc/squirrelmail/config.php


$provider_uri     = 'http://li.bbb.com/';

$domain           = 'bbb.com';   --写上自己的域,默认为localhost,如果你用lisi发信,在zhangsan那边收到的发信人为lisi@localhost。改成bbb.com就会正常显示为[email protected]

 

[root@li ~]# /etc/init.d/httpd restart

 

===============================================

上面两个webmail做OK后,就开始测试

在1这个linux客户端的firefox使用  http://li.aaa.com/webmail
  登录名:[email protected] --必须写全名
   密码: ***
 
在132这个xp客户端的IE 使用  http://li.bbb.com/webmail
  登录名: lisi    --不能写全名
  密码 :  ***

实现了两个用户使用webmail互发

 


=================================================================

 


postfix+courier-imap+maildrop+courier-authlib+extmail+extman+spamassassin

 

postfix+postfixadmin+dovecot+mysql+squirrelmail+clamAV+amavsid-new+spamassassin

 

  client
    |
    | 
    | 
  postfix ------------>收件人
    |  
    |   10024  10025
       amavsid-new  
     |
    |--------------| 
 clamav  spamassassin

 

安装前准备
主机名
时间同步
关闭iptables ,selinux
yum配置OK

 


第一大步:
安装mysql,postfixadmin,httpd


# yum install httpd*  mysql*   php*   -y
 ( or  yum install httpd httpd-devel  mysql*  php php-devel php-mysql -y)


# /etc/init.d/mysqld start


安装postfixadmin  (管理postfix的一个web界面的软件)

# mount 10.1.1.35:/share/soft /mnt
# cp /mnt/postfix+postfixadmin/postfixadmin-2.1.0.gz /root/
# tar xvf /root/postfixadmin-2.1.0.gz -C /var/www/html/
--解压到apache的家目录,这里apache是用的rpm版,没有改家目录的,所以就是/var/www/html/下
# cd /var/www/html/
# mv postfixadmin-2.1.0/ postfixadmin  --改一下名字,便于在web地址栏访问

# mysql < /var/www/html/postfixadmin/DATABASE_MYSQL.TXT  --postfix有一个mysql数据库的导表的文件,使用这条命令,直接导入数据库,就会自动创建postfix要使用的一些表


# mysql --再次登录验证

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| postfix            |   --多了一个postfix库,是刚才导入的
| test               |
+--------------------+

mysql> use postfix;   --进入postfix库


mysql> show tables;  --查看库里的表,下面这些表就是刚才导入的,目前是空表
+-------------------+
| Tables_in_postfix |
+-------------------+
| admin             |
| alias             |
| domain            |
| domain_admins     |
| log               |
| mailbox           |
| vacation          |


# /etc/init.d/httpd restart

这里使用浏览器http://IP/postfixadmin  访问postfix的web安装界面

 

点setup安装,会有一个警告和一个错误  ,错误是提示找不到config.ini.php文件

警告解决方法:
vim /etc/php.ini
magic_quotes_gpc = ON --把这个改为ON


错误的解决方法:
# mv /var/www/html/postfixadmin/config.inc.php.sample /var/www/html/postfixadmin/config.inc.php --有一个模版配置文件,重命名


# rm /var/www/html/postfixadmin/setup.php -rf --删除安装的信息文件


# /etc/init.d/httpd restart


# vim /var/www/html/postfixadmin/config.inc.php  --修改

$CONF['default_language'] = 'cn';  --如果想要中文界面的话,改为cn,当然系统要是中文的

$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';  --这两个与后面postfix的mailbox设置有关
--第一个改为YES,表示每一个虚拟域都有自己的邮箱;
--第二个配置为NO表示,不希望域表示在mailbox里

 

再次访问http://IP/postfixadmin   --用一个中文系统(英文系统如果不想注销切换,可以 export LANG=zh )中文做客户端,使用firefox查看会发现有乱码,这是因为httpd的语言集不一致造成的


# vim /etc/httpd/conf/httpd.conf

 AddDefaultCharset GB2312    --把UTF-8 ,改为GB2312

# /etc/init.d/httpd restart  --重启服务后,再次访问web界面就OK了


-----------------------

 

使用下面地址,访问管理页面
http://IP/postfixadmin/admin   --刚进来,会有新特性等信息,提示删除motd文件


# rm /var/www/html/postfixadmin/motd* -rf

 

再访问管理页面,就没有那些信息了

这里手动添加两个域,我这里加了一个aaa.com 和 bbb.com这两个域

再增加一个管理员, 同时能管理这两个域,我这里管理员为[email protected]

 

修改完成后,因为这是管理页面,不对外开放,那么可以使用系统权限来对其进行限制

# chmod 000 /var/www/html/postfixadmin/admin/  --把这个目录权限改为000,那么管理页面就不能再访问了,如果想再进管理页面进行信息的修改的话,可以把这个目录权限改回755就可以了
--或者使用apache的目录控制来控制只有管理机可以登录此页面,或者使用apache的.htaccess功能把此目录的访问权限设置验证


===============================
# vim /etc/httpd/conf/httpd.conf

327     AllowOverride all --改为all,表示家目录下所有目录都支持.htaccess验证

--或者加上下面这一段,指定只有admin目录可以支持.htaccess验证
<Directory "/var/www/html/postfixadmin/admin"> 
   AllowOverride all
   Order allow,deny
    Allow from all
</Directory>

# vim /var/www/html/postfixadmin/admin/.htaccess  --默认有此文件

AuthUserFile /var/www/html/postfixadmin/admin/.htpasswd  --改这一句 
AuthGroupFile /dev/null
AuthName "Postfix Admin"
AuthType Basic

<limit GET POST>
require valid-user
</limit>

# htpasswd /var/www/html/postfixadmin/admin/.htpasswd admin --修改此文件的admin用户的密码
New password:
Re-type new password:
Updating password for user admin

# /etc/init.d/httpd restart 

 

================================================================

 

第二大步,安装postfix
这里我们不使用rpm版的postfix,因为rpm版默认不支持mysql,所以需要源码版重新编译


可以去redhat的ftp网站下载
ftp://ftp.redhat.com

ftp://ftp.redhat.com/redhat/linux/enterprise/5Server/en/os/SRPMS/


postfix-2.3.3-2.1.el5_2.src.rpm

 

# useradd -s /sbin/nologin  brewbuilder
# rpm -ivh postfix-2.3.3-2.1.el5_2.src.rpm


# cd /usr/src/redhat/SPECS/
# ls
postfix.spec  --这是rpm 的src包的配置文件


# vim postfix.spec

%define MYSQL 1  --把0改为1,让它支持mysql

# rpmbuild -ba postfix.spec   --这里依赖性需要pcre-devel包,先确认安装这个包再rpmbuild -ba  postfix.spec来编译postfix

 


编译完成后会看到
Wrote: /usr/src/redhat/SRPMS/postfix-2.3.3-2.1.src.rpm
Wrote: /usr/src/redhat/RPMS/i386/postfix-2.3.3-2.1.i386.rpm  --编译出来的支持mysql的rpm包
Wrote: /usr/src/redhat/RPMS/i386/postfix-pflogsumm-2.3.3-2.1.i386.rpm
Wrote: /usr/src/redhat/RPMS/i386/postfix-debuginfo-2.3.3-2.1.i386.rpm

 

# rpm -ivh /usr/src/redhat/RPMS/i386/postfix-2.3.3-2.1.i386.rpm

 


--这里拷贝一个模版配置文件
# cp /mnt/postfix+postfixadmin/config_files/main.cf /etc/postfix/
cp: overwrite `/etc/postfix/main.cf'? y

--拷贝和数据库连接相关的几个配置文件
[root@station209 SPECS]# cp /mnt/postfix+postfixadmin/config_files/mysql_virtual_* /etc/postfix/


------------

--五个配置文件的配置内容如下


# cat /etc/postfix/main.cf

#=====================BASE=========================
myhostname = postfix.cluster.com 
mydomain = cluster.com   --这里改成服务器主机名
myorigin = $mydomain
mydestination = $myhostname localhost localhost.$mydomain
mynetworks = 127.0.0.0/8
inet_interfaces = all
#=====================Vritual Mailbox settings=========================
virtual_minimum_uid = 80 --这里要小于89,因为默认安装的postfix用户uid为89
virtual_mailbox_base = /var/spool/mail
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf  --这里有mysql相关的,就是与mysql的连接设置
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:89
virtual_gid_maps = static:89
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
#====================QUOTA========================
message_size_limit = 52428800
mailbox_size_limit = 209715200
virtual_mailbox_limit = 209715200
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes
#====================SASL========================
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination,permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner=$myhostname ESMTP "Version not Available"

readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
html_directory = no
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/local/man
daemon_directory = /usr/libexec/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix


vim /etc/postfix/mysql_virtual_mailbox_maps.cf

user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username


vim /etc/postfix/mysql_virtual_mailbox_limit_maps.cf

user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = quota
where_field = username

vim /etc/postfix/mysql_virtual_domains_maps.cf

user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = domain
select_field = description
where_field = domain

vim /etc/postfix/mysql_virtual_alias_maps.cf

user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address


-----------------------------

停止sendmail,启动postfix,也可以使用system-swith-mail去切换MTA
# /etc/init.d/sendmail stop

# /etc/init.d/postfix start

修改邮件目录的属主
# chown postfix.postfix /var/spool/mail/ -R


安装验证sasl包

yum install cyrus-sasl  -y


/etc/init.d/saslauthd   start

chkconfig saslauthd  on

 

-------------------------------------------------------------------


第三大步:
安装dovecot

# yum install dovecot -y

--拷贝两个配置文件的模版
[root@station209 SPECS]# cp /mnt/postfix+postfixadmin/config_files/dovecot* /etc
cp: overwrite `/etc/dovecot.conf'? y

 


------------------
--两个配置文件内容如下:

# cat /etc/dovecot.conf

base_dir=/var/run/dovecot
protocols=imap pop3
listen=*
disable_plaintext_auth = no
ssl_disable = yes
mail_location = maildir:/var/spool/mail/%d/%n

auth default {
        mechanisms = PLAIN LOGIN CRAM-MD5 DIGEST-MD5
        passdb sql {
                args = /etc/dovecot-mysql.conf
        }
        userdb sql {
                args = /etc/dovecot-mysql.conf
        }
        socket listen {
                client {
                        path = /var/run/dovecot/auth-client
                        mode = 0660
                        user = postfix
                        group = postfix
                }
        }
}
first_valid_uid = 89


# cat /etc/dovecot-mysql.conf

driver = mysql
connect = host=/var/lib/mysql/mysql.sock dbname=postfix user=postfix password=postfix
default_pass_scheme = MD5
password_query = SELECT password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, 89 AS uid, 89 AS gid FROM mailbox WHERE username = '%u'

--启动服务
# /etc/init.d/dovecot start

 

--------------------------------------------------------------------------

第四大步:安装一个webmail     这里用squirrelmail

# yum install squirrelmail -y

# vim /etc/squirrelmail/config.php

$provider_uri     = 'http://IP/postfixadmin/users';

$squirrelmail_default_language = 'zh_CN';


# chown apache.apache /var/lib/squirrelmail/prefs/ 
# chown apache.apache /var/spool/squirrelmail/attach/
# chown root.apache /etc/squirrelmail/config.php

# /etc/init.d/httpd restart

 

可以使用http://IP/webmail/  来使用用户登录


----------------------------------------------------------


第五大步:测试

1,首先创建测试用户
通过http://IP/postfixadmin  使用创建的管理员[email protected]登录

登录后,创建每个域都创建二个用户用来测试
我这里创建的四个用户分别是  
[email protected]
[email protected]
[email protected]
[email protected]

这些新建的用户信息都可以在mysql数据库的postfix库里查看的

 

2,使用xp的outlook来进行收发邮件的测试
注意:使用outlook填用户时记得写全名也就是[email protected]这种格式,因为这里有多个域,不写全的话会有错误

我这里使用[email protected]登录outlook,登录后点发送/接收按钮会收到[email protected]的欢迎邮件表示OK

我使用[email protected]发送给[email protected],直接发送不了,因为我们配置了验证的

所以在outlook要点  工具-->帐户-->属性-->服务器-->最下面的我的服务器要求身份验证打勾


再次发送,然后使用[email protected]登录squirrelmail来接收,测试 OK

 

--补充:
邮件以前用系统用户的话,会存放在/var/mail/zhangsan这个文件里
现在会存放在下面的目录里的一个文件里
# ls /var/spool/mail/aaa.com/zhangsan/cur/

 

----------------

注意上面的服务可以全部设置成开机自动启动
chkconfig httpd on
chkconfig mysqld on
chkconfig postfix on
chkconfig dovecot on
chkconfig saslauthd  on

 

 


=============================================================

 

# ls /share/soft/amavisd_clamav_spam/


继续安装
amavisd-new +      clamav    +  spamassassin

 

先修改postfix的文件 
vim /etc/postfix/main.cf --加上下面两句

soft_bounce=yes
content_filter = smtp-amavis:[127.0.0.1]:10024


vim /etc/postfix/master.cf   --加上下面一大段配置

smtp-amavis unix -      -       n       -       2       smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes
        -o disable_dns_lookups=yes

127.0.0.1:10025 inet    n       -       n       -       -     smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o smtpd_error_sleep_time=0
        -o smtpd_soft_error_limit=1001
        -o smtpd_hard_error_limit=1000


/etc/init.d/postfix  restart      --加完了上面的两段配置后重启postfix


安装clamav

[root@postfix amavisd_clamav_spam]# ls clam --直接安装下面这三个rpm包
clamav-0.92-1.el5.rf.i386.rpm
clamav-db-0.92-1.el5.rf.i386.rpm
clamd-0.92-1.el5.rf.i386.rpm

[root@postfix amavisd_clamav_spam]# rpm -ivh clam*   --安装


[root@postfix ~]# vim /etc/clamd.conf  --主配置文件,我这里用默认配置,不修改
[root@postfix ~]# vim /etc/freshclam.conf  --下载病毒库的配置文件,我这里也是默认配置,不修改


[root@postfix ~]# /etc/init.d/clamd start
Starting Clam AntiVirus Daemon:                           [  OK  ]

 

[root@postfix ~]# chkconfig clamd on


[root@postfix ~]# tail /var/log/clamav/clamd.log
Mon Aug 15 15:32:32 2011 -> Algorithmic detection enabled.
Mon Aug 15 15:32:32 2011 -> Portable Executable support enabled.
Mon Aug 15 15:32:32 2011 -> ELF support enabled.
Mon Aug 15 15:32:32 2011 -> Detection of broken executables enabled.
Mon Aug 15 15:32:32 2011 -> Mail files support enabled.
Mon Aug 15 15:32:32 2011 -> Mail: Recursion level limit set to 64.
Mon Aug 15 15:32:32 2011 -> OLE2 support enabled.
Mon Aug 15 15:32:32 2011 -> PDF support disabled.
Mon Aug 15 15:32:32 2011 -> HTML support enabled.
Mon Aug 15 15:32:32 2011 -> Self checking every 1800 seconds.
.


更新病毒库
# freshclam --一个命令就可以去更新病毒库
ClamAV update process started at Mon Aug 15 15:32:32 2011
Downloading main.cvd [ 11%] --它会去下载病毒库,这里是下载主病毒库到11%

--实际情况可以写一个自动更新的命令用crontab去定时更新


更新病毒库过后,启动服务
/etc/init.d/clamd  start    --如果这里报配置文件找不到的,注意可能是配置文件里 example没有注释


服务启动过后,使用
clamscan    扫描

 


============================================================

 


spam    spamer  


安装spamassassin    


[root@postfix ~]# yum install spamassassin  --安装完后,先不配置,再去安装amavisd-new,因为amavisd-new需要先装spamassassin

 

 

下面安装amavisd-new,但因为依赖性有近20个


所以用rpm一个个的安装比较麻烦

--下面是rpm的安装方法

[root@postfix amavisd_clamav_spam]# rpm -ivh amavisd-new-2.5.2-1.el5.rf.i386.rpm    --安装此包依赖性非常多,需要细心慢慢来安装
warning: amavisd-new-2.5.2-1.el5.rf.i386.rpm: Header V3 DSA signature: NOKEY, key ID 6b8d79e6
error: Failed dependencies:
        arc >= 5.21e is needed by amavisd-new-2.5.2-1.el5.rf.i386
        cabextract is needed by amavisd-new-2.5.2-1.el5.rf.i386
        freeze is needed by amavisd-new-2.5.2-1.el5.rf.i386
        lha is needed by amavisd-new-2.5.2-1.el5.rf.i386
        lzop is needed by amavisd-new-2.5.2-1.el5.rf.i386
        ncompress is needed by amavisd-new-2.5.2-1.el5.rf.i386
        nomarch >= 1.2 is needed by amavisd-new-2.5.2-1.el5.rf.i386
        perl(Archive::Zip) >= 1.14 is needed by amavisd-new-2.5.2-1.el5.rf.i386
        perl(BerkeleyDB) is needed by amavisd-new-2.5.2-1.el5.rf.i386
        perl(Convert::TNEF) is needed by amavisd-new-2.5.2-1.el5.rf.i386
        perl(Convert::UUlib) is needed by amavisd-new-2.5.2-1.el5.rf.i386
        perl(IO::Stringy) is needed by amavisd-new-2.5.2-1.el5.rf.i386
        perl(MIME::Entity) is needed by amavisd-new-2.5.2-1.el5.rf.i386
        perl(MIME::Parser) is needed by amavisd-new-2.5.2-1.el5.rf.i386
        perl(MIME::Tools) >= 5.420 is needed by amavisd-new-2.5.2-1.el5.rf.i386
        perl(MIME::Words) is needed by amavisd-new-2.5.2-1.el5.rf.i386
        perl(Net::Server) >= 0.87 is needed by amavisd-new-2.5.2-1.el5.rf.i386
        perl(Net::Server) >= 0.93 is needed by amavisd-new-2.5.2-1.el5.rf.i386
        perl(Unix::Syslog) is needed by amavisd-new-2.5.2-1.el5.rf.i386
        perl-MailTools is needed by amavisd-new-2.5.2-1.el5.rf.i386
        ripole is needed by amavisd-new-2.5.2-1.el5.rf.i386
        unarj is needed by amavisd-new-2.5.2-1.el5.rf.i386
        unrar >= 2.71 is needed by amavisd-new-2.5.2-1.el5.rf.i386
        zoo >= 2.10 is needed by amavisd-new-2.5.2-1.el5.rf.i386


[root@postfix amavisd_clamav_spam]# rpm -ivh --nodocs perl-File-Temp-0.19-1.el5.rf.noarch.rpm  
--使用--nodocs参数不安装文档包,因为有一个文档文件与系统原来的perl包有冲突;或者使用--force强制安装覆盖

 

rpm -ivh perl-Archive-Zip-1.23-1.el5.rf.noarch.rpm
rpm -ivh perl-BerkeleyDB-0.32-1.el5.rf.i386.rpm
rpm -ivh perl-Convert-BinHex-1.119-2.2.el5.rf.noarch.rpm
rpm -ivh perl-Convert-UUlib-1.051-1.2.el5.rf.i386.rpm
rpm -ivh perl-Unix-Syslog-1.0-1.el5.rf.i386.rpm
rpm -ivh perl-IO-stringy-2.110-1.2.el5.rf.noarch.rpm
rpm -ivh perl-Net-Server-0.97-1.el5.rf.noarch.rpm


rpm -ivh zoo-2.10-2.2.el5.rf.i386.rpm
rpm -ivh lzo-1.08-4.2.el5.rf.i386.rpm
rpm -ivh lzop-1.01-2.el5.rf.i386.rpm
rpm -ivh unrar-3.7.4-1.el5.rf.i386.rpm
rpm -ivh unarj-2.63-0.a.2.el5.rf.i386.rpm
rpm -ivh ripole-0.2.0-1.2.el5.rf.i386.rpm
rpm -ivh lha-1.14i-19.2.2.el5.rf.i386.rpm
rpm -ivh freeze-2.5.0-1.2.el5.rf.i386.rpm
rpm -ivh arc-5.21o-1.el5.rf.i386.rpm
rpm -ivh nomarch-1.4-1.el5.rf.i386.rpm
rpm -ivh cabextract-1.2-1.el5.rf.i386.rpm


yum install ncompress  --此包去光盘里安装,或者使用yum


=============================

--还有下面三个包安装不上去
  120  rpm -ivh perl-Convert-TNEF-0.17-3.2.el5.rf.noarch.rpm
  121  rpm -ivh perl-MIME-tools-5.425-1.el5.test.noarch.rpm
  122  rpm -ivh perl-MailTools-2.02-1.el5.rf.noarch.rpm

解决:直接yum install *perl*    --cd到另一个目录,再yum install

===========================
--yum install *perl* 之后,就可以再cd回去进行安装了
rpm -ivh perl-MailTools-2.02-1.el5.rf.noarch.rpm
rpm -ivh perl-MIME-tools-5.425-1.el5.test.noarch.rpm
rpm -ivh perl-Convert-TNEF-0.17-3.2.el5.rf.noarch.rpm


rpm -ivh amavisd-new-2.5.2-1.el5.rf.i386.rpm   --终于成功安装 @_@

 

 


--下面就是使用yum的安装方法

这里我们自己配置yum软件仓库,使用yum来安装

--我这里在真实机上,先在下面的目录里创建repodata目录
# createrepo /share/soft/amavisd_clamav_spam/

# cp /share/soft/amavisd_clamav_spam/ /share/yum -rf --/share/yum为我真实机上ftp匿名用户登录的家目录


--然后在邮件服务器的yum配置文件里加上下面一段
# vim /etc/yum.repos.d/rhel-debuginfo.repo
[amavisd]
name=amavisd
baseurl=ftp://2.2.2.10/amavisd_clamav_spam
enabled=1
gpgcheck=0

# yum install amavisd* -y


==============================================================


# cp /amavisd_clamav_spam/config/amavisd.conf /etc/
cp: overwrite `/etc/amavisd.conf'? y
--拷贝配置文件,覆盖原配置文件


[root@postfix doc]# vim /etc/amavisd.conf


$mydomain = 'aaa.com';  --改成你相对的域,为你的邮件域之一


@local_domains_maps = ( [".$mydomain", ".bbb.com"] );
--写上自己的虚拟域

$sa_tag2_level_deflt = 8.5;    --改成8.5分方便测试

 


[root@postfix doc]# touch /var/amavis/whitelist
[root@postfix doc]# touch /var/amavis/blacklist

[root@postfix doc]# /etc/init.d/amavisd restart  --启动
[root@postfix doc]# chkconfig amavisd on

 

====================================================

 

配置spamassassin 


[root@postfix doc]# cp /amavisd_clamav_spam/config/local.cf /etc/mail/spamassassin/
cp: overwrite `/etc/mail/spamassassin/local.cf'? y

 

[root@postfix doc]# cat /etc/mail/spamassassin/local.cf
# These values can be overridden by editing ~/.spamassassin/user_prefs.cf
# (see spamassassin(1) for details)

# These should be safe assumptions and allow for simple visual sifting
# without risking lost emails.

required_hits          8.5   --这里改为8.5分

# Text to prepend to subject if rewrite_subject is used
rewrite_header Subject  *****SPAM*****

# Encapsulate spam in an attachment
report_safe             0

# Enable the Bayes system
use_bayes               1

# Enable Bayes auto-learning
bayes_auto_learn        1

# Enable or disable network checks
skip_rbl_checks         1

# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales              zh en
ok_languages            zh en

score HEADER_8BITS       0
score HTML_COMMENT_8BITS 0
score SUBJ_FULL_OF_8BITS 0
score UPPERCASE_25_50    0
score UPPERCASE_50_75    0
score UPPERCASE_75_100   0

score NO_REAL_NAME  4.000
score SPF_FAIL      10.000
score SPF_HELO_FAIL 10.000
score BAYES_99      4.300
score BAYES_90      3.500
score BAYES_80      3.000

 

[root@postfix doc]# vim /etc/mail/spamassassin/v310.pre  --修改它,打开下面一句
loadplugin Mail::SpamAssassin::Plugin::TextCat

 

[root@postfix doc]# cp /amavisd_clamav_spam/config/Chinese_rules.cf /usr/share/spamassassin/
--拷贝中文规则文件到规则目录

 


[root@postfix doc]# /etc/init.d/spamassassin start --启动服务
[root@postfix doc]# chkconfig spamassassin on

 


确认端口:
[root@postfix doc]# netstat -ntlup |grep 100
tcp        0      0 127.0.0.1:10024             0.0.0.0:*                   LISTEN      8072/amavisd (maste
tcp        0      0 127.0.0.1:10025             0.0.0.0:*                   LISTEN      7656/master        
[root@postfix doc]# netstat -ntlup |grep :25
tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN      7656/master        
[root@postfix doc]# netstat -ntlup |grep :110
tcp        0      0 0.0.0.0:110                 0.0.0.0:*                   LISTEN      7040/dovecot       
[root@postfix doc]# netstat -ntlup |grep :783
tcp        0      0 127.0.0.1:783               0.0.0.0:*                   LISTEN      8146/spamd.pid
[root@postfix doc]# netstat -ntlup |grep 3306
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      3048/mysqld
[root@postfix ~]# netstat -ntlup |grep :3310
tcp        0      0 127.0.0.1:3310              0.0.0.0:*                   LISTEN      7772/clamd

 

===========================================================


病毒邮件测试:


在http://www.eicar.org/anti_virus_test_file.htm 网站上可以下载病毒测试文件

 

发邮件,附件里把eicar.com放上去

[root@postfix doc]# ls /amavisd_clamav_spam/config/eicar.com
/amavisd_clamav_spam/config/eicar.com  


发送后,发现不能收到,
但在服务器上可以看到被放到病毒目录里去了

[root@postfix doc]# ls /var/virusmails/virus-RLOHHpWvOjyI
/var/virusmails/virus-RLOHHpWvOjyI
 

你可能感兴趣的:(postfix,sendmail,Dovecot)