yum install postfix* dovecot system-switch-mail -y
[root@dns ~]# rpm -qi system-switch-mail-0.5.25-12 --查看这个包,说明是一个MTA切换工具
[root@li named]# system-switch-mail --使用这条命令进行MTA的切换
[root@li named]# /etc/init.d/sendmail status --切换过后,默认关闭了sendmail
sendmail is stopped
[root@li named]# /etc/init.d/postfix status --并自动启动了posftfix
master (pid 4896) is running...
[root@dns ~]# vim /etc/postfix/main.cf
myhostname = dns.cluster.com --只修改主机名,主机名对postfix非常重要,当然如果不改,它自己会调用gethostname()去查询
[root@dns ~]# /etc/init.d/postfix restart
[root@dns ~]# mail user1 --给本地的user1用户发邮件
[root@dns ~]# su - user1
[user1@dns ~]$ mail --切换到user1用户查看,可以收到邮件
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/user1": 1 message 1 new
>N 1 [email protected] Sun May 8 10:26 14/454
& 1
-------------------------------------------------------
两个sendmail的互发
sendmail ---- sendmail
172.16.57.130 172.16.57.131
li.aaa.com li.bbb.com
回顾一下邮件的配置过程
1,首先配置好主机名,三步, hostname x.x.com vim /etc/hosts vim /etc/sysconfig/network
最好用静态IP vim /etc/sysconfig/network-scripts/ifcfg-eth0
时间同步 ntpdate x.x.x.x
关闭iptables service iptables stop
selinux vim /etc/selinux/config 确认是否为disabled
配置好yum,为后面装包方便
2.
我这里把DNS服务器做在172.16.57.1上
[root@dns ~]# vim /var/named/chroot/etc/named.conf
options {
directory "/var/named";
};
zone "aaa.com" IN {
type master;
file "data/master.aaa.com.zone";
};
zone "bbb.com" IN {
type master;
file "data/master.bbb.com.zone";
};
[root@dns etc]# vim /var/named/chroot/var/named/data/master.aaa.com.zone
$TTL 86400
@ IN SOA li.cluster.com. root. (
2011081101
60
30
360
86400 )
IN NS li.aaa.com.
IN MX 0 li.aaa.com.
li IN A 172.16.57.130
[root@dns etc]# vim /var/named/chroot/var/named/data/master.bbb.com.zone
$TTL 86400
@ IN SOA li.cluster.com. root. (
2011081101
60
30
360
86400 )
IN NS li.bbb.com.
IN MX 0 li.bbb.com.
li IN A 172.16.57.131
# /etc/init.d/named restart --启动DNS服务
--然后把两台邮件服务器的/etc/resolv.conf的DNS指向DNS服务器的IP 172.16.57.1
[root@li ~]# nslookup --两台都要这样验证aaa.com和bbb.com两个域的邮件交换记录OK
> set type=mx
> aaa.com
Server: 172.16.57.1
Address: 172.16.57.1#53
aaa.com mail exchanger = 0 li.aaa.com.
> bbb.com
Server: 172.16.57.1
Address: 172.16.57.1#53
bbb.com mail exchanger = 0 li.bbb.com.
3,在两台邮件服务器上安装sendmail邮件服务器相关软件包
[root@li ~]# yum install sendmail* dovecot m4 -y
4,配置邮件 --两边都做
[root@li named]# vim /etc/mail/sendmail.mc --sendmail配置档
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl --改为0.0.0.0,监听所有
[root@li named]# vim /etc/dovecot.conf
protocols = imap imaps pop3 pop3s
[root@li named]# /etc/init.d/sendmail restart
[root@li named]# /etc/init.d/dovecot restart
netstat -ntl 验证端口 smtp (25) pop3 (110) imap (143)
5,验证,
自己给自己发 @主机名 @域名 OK
自己给别方发 @主机名 OK
@域名 不行
6,--实现自己给对方发用短域名OK
在li.aaa.com里
vim /etc/mail/local-host-names --加上
li.aaa.com
aaa.com
在li.bbb.com里
vim /etc/mail/local-host-names --加上
li.bbb.com
bbb.com
重启sendmail /etc/init.d/sendmail restart
再次验证
使用 @域名 互发 OK
--但注意的是上面的步骤做完后,两台sendmail之间可以使用mail -s互相跨域发送邮件;但是再用两个客户端的话,互相跨域发送邮件会报中继拒绝的错误
SENDMAIL SENDMAIL
li.aaa.com li.bbb.com
172.16.57.130 172.16.57.131
DNS
li.cluster.com
172.16.57.1
claw-mail 172.16.57.1 OUTLOOK 172.16.57.132
[email protected] [email protected]
如果还要另用MUA客户端软件来互相发的话,上面的两个邮件服务器还要允许这两个客户端的IP进行转发
vim /etc/mail/access
Connect:172.16.57 RELAY
/etc/init.d/sendmail restart
==================================================================
把上面其中一台换成postfix
postfix sendmail
li.aaa.com li.bbb.com
172.16.57.130 172.16.57.131
DNS
li.cluster.com
172.16.57.1
claw-mail 172.16.57.1 OUTLOOK 172.16.57.132
[email protected] [email protected]
下面在li.aaa.com上的操作
[root@li ~]# yum install postfix* system-switch-mail -y
[root@li ~]# vim /etc/postfix/main.cf --配置参数格式参考PDF第41页
--主要参数介绍参考PDF第52页
[root@li ~]# vim /etc/postfix/main.cf
myhostname = li.aaa.com --定义自己的主机名
[root@li ~]# /etc/init.d/postfix restart
现在就可以自己与自己发送邮件
自己给sendmail发,也可以(因为sendmail那边的配置是OK的)
但sendmail给自己发,就不可以(因为postfix也是默认只监听127.0.0.1)
[root@li ~]# vim /etc/postfix/main.cf
inet_interfaces = all --表示监听所有
[root@li ~]# /etc/init.d/postfix restart
现在sendmail给自己发,用长域名就可以了,短域名不可以
[root@li ~]# vim /etc/postfix/main.cf
mydestination = $myhostname, localhost.$mydomain, localhost,aaa.com
--在上面的基础上把mydestination后面加上aaa.com
[root@li ~]# /etc/init.d/postfix restart
现在sendmail给自己发,用短域名也可以了
把上面几个小例子综合配置一个postfix邮件服务器
vim /etc/postfix/main.cf
myhostname = li.aaa.com --本机主机名
mydomain = aaa.com --本机域名,postfix会自动扣除第一点号前的部分作为域名。如果不是FQDN形式的主机名,就一定要手动配置你的域名
myorigin = $mydomain --当你在li.aaa.com以user1发送邮件,它会自动把你的发信地址改为[email protected]
inet_interfaces = all --监听所有
mydestination = $myhostname, localhost.$mydomain, localhost ,$mydomain
--加上$mydomain,则表示可以直接以域名来收邮件
mynetworks = 172.16.57.0/24, 127.0.0.0/8 --信任网络,在这里也可以不配,因为默认值为subnet,也就是本网段内的都是信任网络
/etc/init.d/postfix restart
===================================
再把另一台sendmail也换成postfix
postfix postfix
li.aaa.com li.bbb.com
172.16.57.130 172.16.57.131
DNS
li.cluster.com
172.16.57.1
claw-mail 172.16.57.1 OUTLOOK 172.16.57.132
[email protected] [email protected]
做法和上面一样
然后测试两台postfix服务器的互发 长短域名 都OK
==========================================================
postfix 验证 --参考postfix中文权威指南的173页
不自带验证
需要sasl包来验证
sasl( simple authentication and security layer)
yum install cyrus-sasl
/etc/init.d/saslauthd restart
cat /usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
[root@li ~]# vim /etc/postfix/main.cf --加上下面一段
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_unknown_sender_domain,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname
/etc/init.d/postfix restart
/etc/init.d/saslauthd restart
--上面一系列的参数就是验证通过的规则,从上往下匹配,匹配一条后,就不再匹配
--permit_mynetworks
这个参数就表示mynetworks这个参数配置的网段里的主机都是允许的,
也就是说,只要是你配置的信任网段里的主机,不管它们密码有没有写对,还是主
机名不符合FQDN,都是允许的
--permit_sasl_authenticated
这个参数是需要邮件客户端把验证打勾,它表示:用户的密码要写对才允许通过
--所以上面的参数总结起来就是表示:
1,只要是mynetworks配置的信任网段就允许
2,如果不是信任的网段内的主机,则把验证打勾,然后就匹配第二条,只要用户名和密码正确也允许
3,拒绝非FQDN的主机名,拒绝未知的发送域,拒绝。。。。。。等等
例子1:
有permit_mynetworks此参数
那么只要是信任的网段,故意把用户的密码写错,也可以互发邮件
例子2。
注释permit_mynetworks这个参数,客户端也不把验证打勾。
然后发送测试。claws-mail报relay access deny
xp报 helo FQDN的主机名拒绝
解决:
把客户端验证打勾
再发送测试: 可以互发。因为它们是通过了permit_sasl_authenticated的验证
再把用户密码故意写错,发送测试,也通过不了
==========================================================
=============================================================
在上面的基础上加webmail功能
postfix postfix
li.aaa.com li.bbb.com
172.16.57.130 172.16.57.131
--加openwebmail --squirrelmail
DNS
li.cluster.com
172.16.57.1
claw-mail 172.16.57.1 OUTLOOK 172.16.57.132
[email protected] [email protected]
--在130上做以下操作
openwebmail 一个网页的邮件收发工具,支持附件,网盘等各种功能
官方网站http://openwebmail.org/
软件包地址
ls /share/soft/openwebmail/
openwebmail-2.51-20050627.src.rpm openwebmail-data-2.53-1.i386.rpm
openwebmail-2.53-1.i386.rpm perl-Text-Iconv-1.7-2.el5.i386.rpm
openwebmail-2.53.tar.gz
[root@li /]# yum install perl-suidperl httpd httpd-devel -y
[root@li openwebmail]# rpm -ivh perl-Text-Iconv-1.7-2.el5.i386.rpm
[root@li openwebmail]# useradd -s /sbin/nologin tchung --tchung这个用户是作者名,如果不加这个用户,下一步会报错说tchung用户不存在
[root@li openwebmail]# rpm -ivh openwebmail-data-2.53-1.i386.rpm openwebmail-2.53-1.i386.rpm --这两个包要一起装,是互相依赖性的包
Permission and Ownership for openwebmail files have been fixed!
Please execute following tool first as a root:
/var/www/cgi-bin/openwebmail/openwebmail-tool.pl --init
After restarting httpd service, login with non-root account from
http://li.aaa.com/cgi-bin/openwebmail/openwebmail.pl
or http://li.aaa.com/webmail
If SELinux enabled, you may need to set it 'permissive' in
/etc/sysconfig/selinux or system-config-selinux
[root@li openwebmail]# /var/www/cgi-bin/openwebmail/openwebmail-tool.pl --init
初始化后
启动httpd 服务 /etc/init.d/httpd start
--在131上加squirrelmail(rhel自带的 rpm 版webmail,基于php的)
[root@li ~]# yum install squirrelmail -y
[root@li ~]# vim /etc/squirrelmail/config.php
$provider_uri = 'http://li.bbb.com/';
$domain = 'bbb.com'; --写上自己的域,默认为localhost,如果你用lisi发信,在zhangsan那边收到的发信人为lisi@localhost。改成bbb.com就会正常显示为[email protected]了
[root@li ~]# /etc/init.d/httpd restart
===============================================
上面两个webmail做OK后,就开始测试
在1这个linux客户端的firefox使用 http://li.aaa.com/webmail
登录名:[email protected] --必须写全名
密码: ***
在132这个xp客户端的IE 使用 http://li.bbb.com/webmail
登录名: lisi --不能写全名
密码 : ***
实现了两个用户使用webmail互发
=================================================================
postfix+courier-imap+maildrop+courier-authlib+extmail+extman+spamassassin
postfix+postfixadmin+dovecot+mysql+squirrelmail+clamAV+amavsid-new+spamassassin
client
|
|
|
postfix ------------>收件人
|
| 10024 10025
amavsid-new
|
|--------------|
clamav spamassassin
安装前准备
主机名
时间同步
关闭iptables ,selinux
yum配置OK
第一大步:
安装mysql,postfixadmin,httpd
# yum install httpd* mysql* php* -y
( or yum install httpd httpd-devel mysql* php php-devel php-mysql -y)
# /etc/init.d/mysqld start
安装postfixadmin (管理postfix的一个web界面的软件)
# mount 10.1.1.35:/share/soft /mnt
# cp /mnt/postfix+postfixadmin/postfixadmin-2.1.0.gz /root/
# tar xvf /root/postfixadmin-2.1.0.gz -C /var/www/html/
--解压到apache的家目录,这里apache是用的rpm版,没有改家目录的,所以就是/var/www/html/下
# cd /var/www/html/
# mv postfixadmin-2.1.0/ postfixadmin --改一下名字,便于在web地址栏访问
# mysql < /var/www/html/postfixadmin/DATABASE_MYSQL.TXT --postfix有一个mysql数据库的导表的文件,使用这条命令,直接导入数据库,就会自动创建postfix要使用的一些表
# mysql --再次登录验证
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| postfix | --多了一个postfix库,是刚才导入的
| test |
+--------------------+
mysql> use postfix; --进入postfix库
mysql> show tables; --查看库里的表,下面这些表就是刚才导入的,目前是空表
+-------------------+
| Tables_in_postfix |
+-------------------+
| admin |
| alias |
| domain |
| domain_admins |
| log |
| mailbox |
| vacation |
# /etc/init.d/httpd restart
这里使用浏览器http://IP/postfixadmin 访问postfix的web安装界面
点setup安装,会有一个警告和一个错误 ,错误是提示找不到config.ini.php文件
警告解决方法:
vim /etc/php.ini
magic_quotes_gpc = ON --把这个改为ON
错误的解决方法:
# mv /var/www/html/postfixadmin/config.inc.php.sample /var/www/html/postfixadmin/config.inc.php --有一个模版配置文件,重命名
# rm /var/www/html/postfixadmin/setup.php -rf --删除安装的信息文件
# /etc/init.d/httpd restart
# vim /var/www/html/postfixadmin/config.inc.php --修改
$CONF['default_language'] = 'cn'; --如果想要中文界面的话,改为cn,当然系统要是中文的
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO'; --这两个与后面postfix的mailbox设置有关
--第一个改为YES,表示每一个虚拟域都有自己的邮箱;
--第二个配置为NO表示,不希望域表示在mailbox里
再次访问http://IP/postfixadmin --用一个中文系统(英文系统如果不想注销切换,可以 export LANG=zh )中文做客户端,使用firefox查看会发现有乱码,这是因为httpd的语言集不一致造成的
# vim /etc/httpd/conf/httpd.conf
AddDefaultCharset GB2312 --把UTF-8 ,改为GB2312
# /etc/init.d/httpd restart --重启服务后,再次访问web界面就OK了
-----------------------
使用下面地址,访问管理页面
http://IP/postfixadmin/admin --刚进来,会有新特性等信息,提示删除motd文件
# rm /var/www/html/postfixadmin/motd* -rf
再访问管理页面,就没有那些信息了
这里手动添加两个域,我这里加了一个aaa.com 和 bbb.com这两个域
再增加一个管理员, 同时能管理这两个域,我这里管理员为[email protected]
修改完成后,因为这是管理页面,不对外开放,那么可以使用系统权限来对其进行限制
# chmod 000 /var/www/html/postfixadmin/admin/ --把这个目录权限改为000,那么管理页面就不能再访问了,如果想再进管理页面进行信息的修改的话,可以把这个目录权限改回755就可以了
--或者使用apache的目录控制来控制只有管理机可以登录此页面,或者使用apache的.htaccess功能把此目录的访问权限设置验证
===============================
# vim /etc/httpd/conf/httpd.conf
327 AllowOverride all --改为all,表示家目录下所有目录都支持.htaccess验证
--或者加上下面这一段,指定只有admin目录可以支持.htaccess验证
<Directory "/var/www/html/postfixadmin/admin">
AllowOverride all
Order allow,deny
Allow from all
</Directory>
# vim /var/www/html/postfixadmin/admin/.htaccess --默认有此文件
AuthUserFile /var/www/html/postfixadmin/admin/.htpasswd --改这一句
AuthGroupFile /dev/null
AuthName "Postfix Admin"
AuthType Basic
<limit GET POST>
require valid-user
</limit>
# htpasswd /var/www/html/postfixadmin/admin/.htpasswd admin --修改此文件的admin用户的密码
New password:
Re-type new password:
Updating password for user admin
# /etc/init.d/httpd restart
================================================================
第二大步,安装postfix
这里我们不使用rpm版的postfix,因为rpm版默认不支持mysql,所以需要源码版重新编译
可以去redhat的ftp网站下载
ftp://ftp.redhat.com
ftp://ftp.redhat.com/redhat/linux/enterprise/5Server/en/os/SRPMS/
postfix-2.3.3-2.1.el5_2.src.rpm
# useradd -s /sbin/nologin brewbuilder
# rpm -ivh postfix-2.3.3-2.1.el5_2.src.rpm
# cd /usr/src/redhat/SPECS/
# ls
postfix.spec --这是rpm 的src包的配置文件
# vim postfix.spec
%define MYSQL 1 --把0改为1,让它支持mysql
# rpmbuild -ba postfix.spec --这里依赖性需要pcre-devel包,先确认安装这个包再rpmbuild -ba postfix.spec来编译postfix
编译完成后会看到
Wrote: /usr/src/redhat/SRPMS/postfix-2.3.3-2.1.src.rpm
Wrote: /usr/src/redhat/RPMS/i386/postfix-2.3.3-2.1.i386.rpm --编译出来的支持mysql的rpm包
Wrote: /usr/src/redhat/RPMS/i386/postfix-pflogsumm-2.3.3-2.1.i386.rpm
Wrote: /usr/src/redhat/RPMS/i386/postfix-debuginfo-2.3.3-2.1.i386.rpm
# rpm -ivh /usr/src/redhat/RPMS/i386/postfix-2.3.3-2.1.i386.rpm
--这里拷贝一个模版配置文件
# cp /mnt/postfix+postfixadmin/config_files/main.cf /etc/postfix/
cp: overwrite `/etc/postfix/main.cf'? y
--拷贝和数据库连接相关的几个配置文件
[root@station209 SPECS]# cp /mnt/postfix+postfixadmin/config_files/mysql_virtual_* /etc/postfix/
------------
--五个配置文件的配置内容如下
# cat /etc/postfix/main.cf
#=====================BASE=========================
myhostname = postfix.cluster.com
mydomain = cluster.com --这里改成服务器主机名
myorigin = $mydomain
mydestination = $myhostname localhost localhost.$mydomain
mynetworks = 127.0.0.0/8
inet_interfaces = all
#=====================Vritual Mailbox settings=========================
virtual_minimum_uid = 80 --这里要小于89,因为默认安装的postfix用户uid为89
virtual_mailbox_base = /var/spool/mail
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf --这里有mysql相关的,就是与mysql的连接设置
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:89
virtual_gid_maps = static:89
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
#====================QUOTA========================
message_size_limit = 52428800
mailbox_size_limit = 209715200
virtual_mailbox_limit = 209715200
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes
#====================SASL========================
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination,permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner=$myhostname ESMTP "Version not Available"
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
html_directory = no
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/local/man
daemon_directory = /usr/libexec/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix
vim /etc/postfix/mysql_virtual_mailbox_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
vim /etc/postfix/mysql_virtual_mailbox_limit_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = quota
where_field = username
vim /etc/postfix/mysql_virtual_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = domain
select_field = description
where_field = domain
vim /etc/postfix/mysql_virtual_alias_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
-----------------------------
停止sendmail,启动postfix,也可以使用system-swith-mail去切换MTA
# /etc/init.d/sendmail stop
# /etc/init.d/postfix start
修改邮件目录的属主
# chown postfix.postfix /var/spool/mail/ -R
安装验证sasl包
yum install cyrus-sasl -y
/etc/init.d/saslauthd start
chkconfig saslauthd on
-------------------------------------------------------------------
第三大步:
安装dovecot
# yum install dovecot -y
--拷贝两个配置文件的模版
[root@station209 SPECS]# cp /mnt/postfix+postfixadmin/config_files/dovecot* /etc
cp: overwrite `/etc/dovecot.conf'? y
------------------
--两个配置文件内容如下:
# cat /etc/dovecot.conf
base_dir=/var/run/dovecot
protocols=imap pop3
listen=*
disable_plaintext_auth = no
ssl_disable = yes
mail_location = maildir:/var/spool/mail/%d/%n
auth default {
mechanisms = PLAIN LOGIN CRAM-MD5 DIGEST-MD5
passdb sql {
args = /etc/dovecot-mysql.conf
}
userdb sql {
args = /etc/dovecot-mysql.conf
}
socket listen {
client {
path = /var/run/dovecot/auth-client
mode = 0660
user = postfix
group = postfix
}
}
}
first_valid_uid = 89
# cat /etc/dovecot-mysql.conf
driver = mysql
connect = host=/var/lib/mysql/mysql.sock dbname=postfix user=postfix password=postfix
default_pass_scheme = MD5
password_query = SELECT password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, 89 AS uid, 89 AS gid FROM mailbox WHERE username = '%u'
--启动服务
# /etc/init.d/dovecot start
--------------------------------------------------------------------------
第四大步:安装一个webmail 这里用squirrelmail
# yum install squirrelmail -y
# vim /etc/squirrelmail/config.php
$provider_uri = 'http://IP/postfixadmin/users';
$squirrelmail_default_language = 'zh_CN';
# chown apache.apache /var/lib/squirrelmail/prefs/
# chown apache.apache /var/spool/squirrelmail/attach/
# chown root.apache /etc/squirrelmail/config.php
# /etc/init.d/httpd restart
可以使用http://IP/webmail/ 来使用用户登录
----------------------------------------------------------
第五大步:测试
1,首先创建测试用户
通过http://IP/postfixadmin 使用创建的管理员[email protected]登录
登录后,创建每个域都创建二个用户用来测试
我这里创建的四个用户分别是
[email protected]
[email protected]
[email protected]
[email protected]
这些新建的用户信息都可以在mysql数据库的postfix库里查看的
2,使用xp的outlook来进行收发邮件的测试
注意:使用outlook填用户时记得写全名也就是[email protected]这种格式,因为这里有多个域,不写全的话会有错误
我这里使用[email protected]登录outlook,登录后点发送/接收按钮会收到[email protected]的欢迎邮件表示OK
我使用[email protected]发送给[email protected],直接发送不了,因为我们配置了验证的
所以在outlook要点 工具-->帐户-->属性-->服务器-->最下面的我的服务器要求身份验证打勾
再次发送,然后使用[email protected]登录squirrelmail来接收,测试 OK
--补充:
邮件以前用系统用户的话,会存放在/var/mail/zhangsan这个文件里
现在会存放在下面的目录里的一个文件里
# ls /var/spool/mail/aaa.com/zhangsan/cur/
----------------
注意上面的服务可以全部设置成开机自动启动
chkconfig httpd on
chkconfig mysqld on
chkconfig postfix on
chkconfig dovecot on
chkconfig saslauthd on
=============================================================
# ls /share/soft/amavisd_clamav_spam/
继续安装
amavisd-new + clamav + spamassassin
先修改postfix的文件
vim /etc/postfix/main.cf --加上下面两句
soft_bounce=yes
content_filter = smtp-amavis:[127.0.0.1]:10024
vim /etc/postfix/master.cf --加上下面一大段配置
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
/etc/init.d/postfix restart --加完了上面的两段配置后重启postfix
安装clamav
[root@postfix amavisd_clamav_spam]# ls clam --直接安装下面这三个rpm包
clamav-0.92-1.el5.rf.i386.rpm
clamav-db-0.92-1.el5.rf.i386.rpm
clamd-0.92-1.el5.rf.i386.rpm
[root@postfix amavisd_clamav_spam]# rpm -ivh clam* --安装
[root@postfix ~]# vim /etc/clamd.conf --主配置文件,我这里用默认配置,不修改
[root@postfix ~]# vim /etc/freshclam.conf --下载病毒库的配置文件,我这里也是默认配置,不修改
[root@postfix ~]# /etc/init.d/clamd start
Starting Clam AntiVirus Daemon: [ OK ]
[root@postfix ~]# chkconfig clamd on
[root@postfix ~]# tail /var/log/clamav/clamd.log
Mon Aug 15 15:32:32 2011 -> Algorithmic detection enabled.
Mon Aug 15 15:32:32 2011 -> Portable Executable support enabled.
Mon Aug 15 15:32:32 2011 -> ELF support enabled.
Mon Aug 15 15:32:32 2011 -> Detection of broken executables enabled.
Mon Aug 15 15:32:32 2011 -> Mail files support enabled.
Mon Aug 15 15:32:32 2011 -> Mail: Recursion level limit set to 64.
Mon Aug 15 15:32:32 2011 -> OLE2 support enabled.
Mon Aug 15 15:32:32 2011 -> PDF support disabled.
Mon Aug 15 15:32:32 2011 -> HTML support enabled.
Mon Aug 15 15:32:32 2011 -> Self checking every 1800 seconds.
.
更新病毒库
# freshclam --一个命令就可以去更新病毒库
ClamAV update process started at Mon Aug 15 15:32:32 2011
Downloading main.cvd [ 11%] --它会去下载病毒库,这里是下载主病毒库到11%
--实际情况可以写一个自动更新的命令用crontab去定时更新
更新病毒库过后,启动服务
/etc/init.d/clamd start --如果这里报配置文件找不到的,注意可能是配置文件里 example没有注释
服务启动过后,使用
clamscan 扫描
============================================================
spam spamer
安装spamassassin
[root@postfix ~]# yum install spamassassin --安装完后,先不配置,再去安装amavisd-new,因为amavisd-new需要先装spamassassin
下面安装amavisd-new,但因为依赖性有近20个
所以用rpm一个个的安装比较麻烦
--下面是rpm的安装方法
[root@postfix amavisd_clamav_spam]# rpm -ivh amavisd-new-2.5.2-1.el5.rf.i386.rpm --安装此包依赖性非常多,需要细心慢慢来安装
warning: amavisd-new-2.5.2-1.el5.rf.i386.rpm: Header V3 DSA signature: NOKEY, key ID 6b8d79e6
error: Failed dependencies:
arc >= 5.21e is needed by amavisd-new-2.5.2-1.el5.rf.i386
cabextract is needed by amavisd-new-2.5.2-1.el5.rf.i386
freeze is needed by amavisd-new-2.5.2-1.el5.rf.i386
lha is needed by amavisd-new-2.5.2-1.el5.rf.i386
lzop is needed by amavisd-new-2.5.2-1.el5.rf.i386
ncompress is needed by amavisd-new-2.5.2-1.el5.rf.i386
nomarch >= 1.2 is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(Archive::Zip) >= 1.14 is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(BerkeleyDB) is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(Convert::TNEF) is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(Convert::UUlib) is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(IO::Stringy) is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(MIME::Entity) is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(MIME::Parser) is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(MIME::Tools) >= 5.420 is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(MIME::Words) is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(Net::Server) >= 0.87 is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(Net::Server) >= 0.93 is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(Unix::Syslog) is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl-MailTools is needed by amavisd-new-2.5.2-1.el5.rf.i386
ripole is needed by amavisd-new-2.5.2-1.el5.rf.i386
unarj is needed by amavisd-new-2.5.2-1.el5.rf.i386
unrar >= 2.71 is needed by amavisd-new-2.5.2-1.el5.rf.i386
zoo >= 2.10 is needed by amavisd-new-2.5.2-1.el5.rf.i386
[root@postfix amavisd_clamav_spam]# rpm -ivh --nodocs perl-File-Temp-0.19-1.el5.rf.noarch.rpm
--使用--nodocs参数不安装文档包,因为有一个文档文件与系统原来的perl包有冲突;或者使用--force强制安装覆盖
rpm -ivh perl-Archive-Zip-1.23-1.el5.rf.noarch.rpm
rpm -ivh perl-BerkeleyDB-0.32-1.el5.rf.i386.rpm
rpm -ivh perl-Convert-BinHex-1.119-2.2.el5.rf.noarch.rpm
rpm -ivh perl-Convert-UUlib-1.051-1.2.el5.rf.i386.rpm
rpm -ivh perl-Unix-Syslog-1.0-1.el5.rf.i386.rpm
rpm -ivh perl-IO-stringy-2.110-1.2.el5.rf.noarch.rpm
rpm -ivh perl-Net-Server-0.97-1.el5.rf.noarch.rpm
rpm -ivh zoo-2.10-2.2.el5.rf.i386.rpm
rpm -ivh lzo-1.08-4.2.el5.rf.i386.rpm
rpm -ivh lzop-1.01-2.el5.rf.i386.rpm
rpm -ivh unrar-3.7.4-1.el5.rf.i386.rpm
rpm -ivh unarj-2.63-0.a.2.el5.rf.i386.rpm
rpm -ivh ripole-0.2.0-1.2.el5.rf.i386.rpm
rpm -ivh lha-1.14i-19.2.2.el5.rf.i386.rpm
rpm -ivh freeze-2.5.0-1.2.el5.rf.i386.rpm
rpm -ivh arc-5.21o-1.el5.rf.i386.rpm
rpm -ivh nomarch-1.4-1.el5.rf.i386.rpm
rpm -ivh cabextract-1.2-1.el5.rf.i386.rpm
yum install ncompress --此包去光盘里安装,或者使用yum
=============================
--还有下面三个包安装不上去
120 rpm -ivh perl-Convert-TNEF-0.17-3.2.el5.rf.noarch.rpm
121 rpm -ivh perl-MIME-tools-5.425-1.el5.test.noarch.rpm
122 rpm -ivh perl-MailTools-2.02-1.el5.rf.noarch.rpm
解决:直接yum install *perl* --cd到另一个目录,再yum install
===========================
--yum install *perl* 之后,就可以再cd回去进行安装了
rpm -ivh perl-MailTools-2.02-1.el5.rf.noarch.rpm
rpm -ivh perl-MIME-tools-5.425-1.el5.test.noarch.rpm
rpm -ivh perl-Convert-TNEF-0.17-3.2.el5.rf.noarch.rpm
rpm -ivh amavisd-new-2.5.2-1.el5.rf.i386.rpm --终于成功安装 @_@
--下面就是使用yum的安装方法
这里我们自己配置yum软件仓库,使用yum来安装
--我这里在真实机上,先在下面的目录里创建repodata目录
# createrepo /share/soft/amavisd_clamav_spam/
# cp /share/soft/amavisd_clamav_spam/ /share/yum -rf --/share/yum为我真实机上ftp匿名用户登录的家目录
--然后在邮件服务器的yum配置文件里加上下面一段
# vim /etc/yum.repos.d/rhel-debuginfo.repo
[amavisd]
name=amavisd
baseurl=ftp://2.2.2.10/amavisd_clamav_spam
enabled=1
gpgcheck=0
# yum install amavisd* -y
==============================================================
# cp /amavisd_clamav_spam/config/amavisd.conf /etc/
cp: overwrite `/etc/amavisd.conf'? y
--拷贝配置文件,覆盖原配置文件
[root@postfix doc]# vim /etc/amavisd.conf
$mydomain = 'aaa.com'; --改成你相对的域,为你的邮件域之一
@local_domains_maps = ( [".$mydomain", ".bbb.com"] );
--写上自己的虚拟域
$sa_tag2_level_deflt = 8.5; --改成8.5分方便测试
[root@postfix doc]# touch /var/amavis/whitelist
[root@postfix doc]# touch /var/amavis/blacklist
[root@postfix doc]# /etc/init.d/amavisd restart --启动
[root@postfix doc]# chkconfig amavisd on
====================================================
配置spamassassin
[root@postfix doc]# cp /amavisd_clamav_spam/config/local.cf /etc/mail/spamassassin/
cp: overwrite `/etc/mail/spamassassin/local.cf'? y
[root@postfix doc]# cat /etc/mail/spamassassin/local.cf
# These values can be overridden by editing ~/.spamassassin/user_prefs.cf
# (see spamassassin(1) for details)
# These should be safe assumptions and allow for simple visual sifting
# without risking lost emails.
required_hits 8.5 --这里改为8.5分
# Text to prepend to subject if rewrite_subject is used
rewrite_header Subject *****SPAM*****
# Encapsulate spam in an attachment
report_safe 0
# Enable the Bayes system
use_bayes 1
# Enable Bayes auto-learning
bayes_auto_learn 1
# Enable or disable network checks
skip_rbl_checks 1
# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales zh en
ok_languages zh en
score HEADER_8BITS 0
score HTML_COMMENT_8BITS 0
score SUBJ_FULL_OF_8BITS 0
score UPPERCASE_25_50 0
score UPPERCASE_50_75 0
score UPPERCASE_75_100 0
score NO_REAL_NAME 4.000
score SPF_FAIL 10.000
score SPF_HELO_FAIL 10.000
score BAYES_99 4.300
score BAYES_90 3.500
score BAYES_80 3.000
[root@postfix doc]# vim /etc/mail/spamassassin/v310.pre --修改它,打开下面一句
loadplugin Mail::SpamAssassin::Plugin::TextCat
[root@postfix doc]# cp /amavisd_clamav_spam/config/Chinese_rules.cf /usr/share/spamassassin/
--拷贝中文规则文件到规则目录
[root@postfix doc]# /etc/init.d/spamassassin start --启动服务
[root@postfix doc]# chkconfig spamassassin on
确认端口:
[root@postfix doc]# netstat -ntlup |grep 100
tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 8072/amavisd (maste
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 7656/master
[root@postfix doc]# netstat -ntlup |grep :25
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 7656/master
[root@postfix doc]# netstat -ntlup |grep :110
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 7040/dovecot
[root@postfix doc]# netstat -ntlup |grep :783
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 8146/spamd.pid
[root@postfix doc]# netstat -ntlup |grep 3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 3048/mysqld
[root@postfix ~]# netstat -ntlup |grep :3310
tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 7772/clamd
===========================================================
病毒邮件测试:
在http://www.eicar.org/anti_virus_test_file.htm 网站上可以下载病毒测试文件
发邮件,附件里把eicar.com放上去
[root@postfix doc]# ls /amavisd_clamav_spam/config/eicar.com
/amavisd_clamav_spam/config/eicar.com
发送后,发现不能收到,
但在服务器上可以看到被放到病毒目录里去了
[root@postfix doc]# ls /var/virusmails/virus-RLOHHpWvOjyI
/var/virusmails/virus-RLOHHpWvOjyI