POSTFIX邮局系统搭建全过程

POSTFIX邮局系统搭建全过程

postfix+courier-imap+maildrop+cyrus-sasl+ extman+ SpamAssassin+ clamav+ amavisd-new搭建mail服务器)

作者:刘运锋

第一篇:邮件系统搭建

 

一、系统环境:

1、  采用Centos 5.5系统也或者是rhel 5.5

2、  内存最好为512M以上;

3、  本次采用的系统主机名为mail.xxt.cn

二、所需安装源码包列表:

软件

作用

下载地址

mysql-5.1.49.tar.gz

数据库用于存储包括管理员在内的用户信息

http://gd.tuwien.ac.at/db/mysql/Downloads/MySQL-5.1/mysql-5.1.49.tar.gz

cyrus-sasl-2.1.22.tar.gz

验证方法

http://down1.chinaunix.net/distfiles/cyrus-sasl-2.1.22.tar.gz

httpd-2.2.9.tar.gz

提供web服务

http://sunsite.bilkent.edu.tr/pub/apache/httpd/httpd-2.2.9.tar.gz

php-5.2.6.tar.gz

提供PHP服务

ftp://ftp.ru/pub/sunfreeware/SOURCES/php-5.2.6.tar.gz

postfix-2.6.5.tar.gz

邮件服务器主程序

http://down1.chinaunix.net/distfiles/postfix-2.6.5.tar.gz

courier-authlib-0.62.4.tar.bz2

cyrus-sasl一起做验证

http://down1.chinaunix.net/distfiles/courier-authlib-0.62.4.tar.bz2

courier-imap-4.8.0.tar.bz2

提供Pop3IMAP服务

http://cdnetworks-kr-2.dl.sourceforge.net/project/courier/imap/4.8.0/courier-imap-4.8.0.tar.bz2

maildrop-2.5.0.tar.bz2

邮件投递代理,直观的讲就是把收到的邮件转发到用户的邮箱目录

http://cdnetworks-kr-2.dl.sourceforge.net/project/courier/maildrop/2.5.0/maildrop-2.5.0.tar.bz2

extman-1.0.0.tar.gz

提供extman后台管理功能

http://www.extmail.org/cgi-bin/download.cgi

extmail-1.2.tar.gz

提供webmail前端服务功能

http://www.extmail.org/cgi-bin/download.cgi

DBD-mysql-3.0008.tar.gz

 

http://cpan.uchicago.edu/pub/CPAN/authors/id/C/CA/CAPTTOFU/DBD-mysql-3.0008.tar.gz

gd-2.0.35.tar.bz2

图形化日志

http://www.libgd.org/releases/gd-2.0.35.tar.bz2

Time-HiRes-1.9719.tar.gz

图形化日志

http://www.cpan.org/modules/by-module/Time/Time-HiRes-1.9719.tar.gz

File-Tail-0.99.3.tar.gz

图形化日志

http://down1.chinaunix.net/distfiles/File-Tail-0.99.3.tar.gz

rrdtool-1.2.26.tar.gz

图形化日志(高版本没有通过编译)

http://oss.oetiker.ch/rrdtool/pub/ rrdtool-1.2.26.tar.gz

clamav-0.96.1.tar.gz

反病毒工具(请根据情况及时更新到最新)

http://sourceforge.net/projects/clamav/files/clamav/

Mail-SpamAssassin-3.3.1.tar.gz

邮件过滤器

http://labs.renren.com/apache-mirror/spamassassin/source/Mail-SpamAssassin-3.3.1.tar.gz

amavisd-new-2.6.4.tar.gz

连接MTA和内容检测工具(诸如病毒扫描工具和 SpamAssassin)的高性能接口程序

http://www.ijs.si/software/amavisd/amavisd-new-2.6.4.tar.gz

Convert-BinHex-1.119.tar.gz

Amavis依赖包

http://down1.chinaunix.net/distfiles/Convert-BinHex-1.119.tar.gz

 

 

 

 

三、安装与配置工作:

1、  安装并配置MYSQL

1)安装mysql


# tar -zxvf mysql-5.1.49.tar.gz
# cd mysql-5.1.49
# groupadd mysql
# useradd -g mysql -s /sbin/nologin -M mysql
# ./configure --prefix=/usr/local/mysql --with-charset=gbk   --with-extra-charsets=all --enable-thread-safe-client --enable-local-infile --with-low-memory
# make && make install
# cp support-files/my-medium.cnf  /etc/my.cnf
# chown -R mysql.mysql /usr/local/mysql/
# /usr/local/mysql/bin/mysql_install_db --user=mysql
# chown -R mysql.mysql /usr/local/mysql/var/

 

2)启动数据库服务,并添加到自启动

# /usr/local/mysql/bin/mysqld_safe --user=mysql &
# cp support-files/mysql.server  /etc/rc.d/init.d/mysqld
# chmod 755 /etc/rc.d/init.d/mysqld
# chkconfig --add mysqld
# chkconfig  --levels  345  mysqld  on

 

3)配置库文件搜索路径

# echo "/usr/local/mysql/lib/mysql">>/etc/ld.so.conf
# ldconfig
#echo "export PATH=$PATH:/usr/local/mysql/bin">>/etc/profile
#source /etc/profile

 

4)添加root密码

# /usr/local/mysql/bin/mysqladmin -u root password "xxttest"

 

2、  安装apache

安装Apache有两个要注意的地方,因为我这里用的Postfix的后台管理是extman这个程序,而它是通过CGI的方式来进行管理的,所以这里启用了suexec的功能,还有一个是关于网站的存放路径的,如果不指定,那么在启用suexec后会出现 suexec-docroot的错误。

(1)       安装apache

#tar -jxvf httpd-2.2.9.tar.bz2

#cd httpd-2.2.9

#./configure --prefix=/usr/local/apache2 --enable-so --enable-rewrite --enable-mods-shared=all --enable-suexec --with-suexec-caller=daemon --with-suexec-docroot=/var/www

#make

#make install

(2)     修改apache配置文件

#vi /usr/local/apache2/conf/httpd.conf  
找到DocumentRoot “/usr/local/apache2/htdocs”
修改为:DocumentRoot “/var/www”(后文中我们还会注释掉此行,以启用虚拟主机)

找到<Directory “/usr/local/apache2/htdocs”>
修改为:<Directory “/var/www”>

找到
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all        //
这句改为Allow from all
</Directory>

启动apache
#/usr/local/apache2/bin/apachectl start

 

(3)       添加系统服务和自启动
# cp /usr/local/apache2/bin/apachectl /etc/rc.d/init.d/httpd

# vi /etc/rc.d/init.d/httpd

添加(#!/bin/sh下面)

# chkconfig: 2345 10 90

# description: Activates/Deactivates Apache Web Server

然后添加为系统服务和开机器自启动

# chkconfig --add httpd

# chkconfig httpd on

 

3、  安装PHP

1)安装PHP

# tar -zxvf php-5.2.6.tar.gz
# cd php-5.2.6
# ./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql=/usr/local/mysql/ --with-mysqli=/usr/local/mysql/bin/mysql_config --with-config-file-path=/usr/local/php --with-zlib --enable-mbstring=all
# make && make install
# cp php.ini-dist /usr/local/php/php.ini

2)配置PHP

# vi /usr/local/apache2/conf/httpd.conf
添加:
AddType application/x-httpd-php .php

AddType application/x-httpd-php .php3

AddType application/x-httpd-php .phtml

 

找到DirectoryIndex index.html
修改为DirectoryIndex index.html index.php

 

(4)       修改selinux,启动apache

# setenforce 0

# chcon -c -v -R -u system_u -r object_r -t textrel_shlib_t /usr/local/apache2/modules/libphp5.so

# service httpd restart
# setenforce 1

如果不修改会提示:

httpd: Syntax error on line 105 of /usr/local/apache2/conf/httpd.conf: Cannot load /usr/local/apache2/modules/libphp5.so into server: /usr/local/apache2/modules/libphp5.so: cannot restore segment prot after reloc: Permission denied

 

4、  安装courier-authlib

(1)       首先需要安装expect

yum install expect

(2)       安装courier-authlib

#groupadd -g 1000 vmail

#useradd -g 1000 -u 1000 -M -s /sbin/nologin vmail

# tar -jxvf courier-authlib-0.62.4.tar.bz2

# cd courier-authlib-0.62.4

#./configure --prefix=/usr/local/courier-authlib --without-stdheaderdir --sysconfdir=/etc  --without-authuserdb --without-authpam --without-authldap --without-authpwd --without-authshadow --without-authvchkpw --without-authpgsql --without-authcustom --with-authmysql --with-mysql-libs=/usr/local/mysql/lib/mysql --with-mysql-includes=/usr/local/mysql/inculde/mysql --with-redhat --with-mailuser=vmail  --with-mailgroup=vmail

# make && make install

# make install-migrate

# make install-configure

更新lib库文件搜索路径

# echo "/usr/local/courier-authlib/lib/courier-authlib/">>/etc/ld.so.conf

# ldconfig

(3)       修改配置文件

# vi /etc/authlib/authdaemonrc

authmodulelist="authmysql"

authmodulelistorig="authmysql"

daemons=10

DEBUG_LOGIN=2


# vi  /etc/authlib/authmysqlrc

修改以下内容

MYSQL_SERVER            localhost

MYSQL_USERNAME          extmail

MYSQL_PASSWORD          extmail

MYSQL_SOCKET            /tmp/mysql.sock 

MYSQL_PORT              3306

MYSQL_DATABASE          extmail

MYSQL_USER_TABLE        mailbox

MYSQL_CRYPT_PWFIELD     password

MYSQL_UID_FIELD         "1000"

MYSQL_GID_FIELD         "1000"

MYSQL_LOGIN_FIELD       username

MYSQL_HOME_FIELD  concat("/var/mailbox/",homedir)

MYSQL_MAILDIR_FIELD     concat("/var/mailbox/",maildir)

MYSQL_QUOTA_FIELD    concat(quota,"S")

                  

(4)       启动及加入到自动运行队列

# cp courier-authlib.sysvinit /etc/rc.d/init.d/courier-authlib

# chmod 755 /etc/rc.d/init.d/courier-authlib

# chkconfig --add courier-authlib

# chkconfig courier-authlib on

# service courier-authlib start

# chmod a+x /usr/local/courier-authlib/var/spool/authdaemon

 

5、 安装courier-imap

(1)       安装courier-imap

# tar -jxvf courier-imap-4.8.0.tar.bz2 

# cd courier-imap-4.8.0

# ./configure --prefix=/usr/local/courier-imap --with-redhat --enable-unicode --disable-root-check --with-trashquota --without-ipv6 COURIERAUTHCONFIG="/usr/local/courier-authlib/bin/courierauthconfig"

# make && make install

# make install-configure

(2)       编辑配置文件启用pop3imap

# vi /usr/local/courier-imap/etc/pop3d

修改POP3DSTART=NO

POP3DSTART=YES

# vi /usr/local/courier-imap/etc/imapd

修改IMAPDSTART=NO

IMAPDSTART=YES

(3)       启动及加入自动运行队列

# cp courier-imap.sysvinit /etc/rc.d/init.d/courier-imapd

# chmod 755 /etc/rc.d/init.d/courier-imapd

# chkconfig --add courier-imapd

# chkconfig courier-imapd on

# service courier-imapd start

6、  安装cyrus-sasl

(1)       先卸载本机自带的sasl

# rpm -qa |grep cyrus-sasl |xargs rpm -e --nodeps

# rm -rf /usr/lib/sasl

# rm -rf /usr/lib/sasl2

(2)       安装cyrus-sasl

# tar -zxvf cyrus-sasl-2.1.22.tar.gz

# cd cyrus-sasl-2.1.22

# ./configure  --enable-plain  --enable-cram  --enable-digest --enable-login  --enable-sql --disable-anon  --disable-ntlm --disable-gssapi  --disable-krb4 --disable-otp --disable-srp --disable-srp-setpass --with-mysql=/usr/local/mysql --with-mysql-includes=/usr/local/mysql/include/mysql --with-mysql-libs=/usr/local/mysql/lib/mysql --with-authdaemond=/usr/local/courier-authlib/var/spool/authdaemon/socket

# make && make install

(3)       共享链接库

# ln -sv /usr/local/lib/sasl2  /usr/lib/sasl2

# echo "/usr/local/lib">>/etc/ld.so.conf

# ldconfig

(4)       建立smtpd用户认证的配置文件

# vi /usr/local/lib/sasl2/smtpd.conf

pwcheck_method: saslauthd

mech_list: plain login

log_level:3

authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket

(5)       创建运行时需要的目录

# mkdir -pv /var/state/saslauthd   

(6)       启动并测试

# /usr/local/sbin/saslauthd -a shadow pam

# /usr/local/sbin/testsaslauthd -u root -p xxttest  // xxttest  root的密码

(7)       开机自动启动

# echo "/usr/local/sbin/saslauthd -a shadow pam">>/etc/rc.local

7、  安装postfix

(1)       首先卸载系统自带的sendmail

# service sendmail stop

# rpm -qa |grep sendmail |xargs rpm -e –nodeps

(2)       添加用户和安装

# groupadd -g 105 postfix

# useradd -g 105 -u 105 -M -s /sbin/nologin postfix

# groupadd -g 106 postdrop

# useradd -g 106 -u 106 -M -s /sbin/nologin postdrop

# tar -zxvf postfix-2.6.5.tar.gz

# cd postfix-2.6.5

# make makefiles "CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include/mysql -DUSE_CYRUS_SASL  -DUSE_SASL_AUTH -I/usr/local/include/sasl" "AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient -lz -lm -L/usr/local/lib -lsasl2"

# make

# make install

(3)       按照以下的提示输入相关的路径([]号中的是缺省值,”]”后的是输入值)

install_root: [/]

tempdir: [/root/postfix-2.6.5] /tmp  //其他的都是默认

config_directory: [/etc/postfix]

command_directory: [/usr/sbin]

daemon_directory: [/usr/libexec/postfix]

data_directory: [/var/lib/postfix]

html_directory: [no]

mail_owner: [postfix]

mailq_path: [/usr/bin/mailq]

manpage_directory: [/usr/local/man]

newaliases_path: [/usr/bin/newaliases]

queue_directory: [/var/spool/postfix]

readme_directory: [no]

sendmail_path: [/usr/sbin/sendmail]

setgid_group: [postdrop]

(4)       生成别名二进制文件

# newaliases

(5)       建立邮件存放目录

# mkdir -pv /var/mailbox

# chown -R vmail.vmail /var/mailbox

(6)       建立配置文件

# cd /etc/postfix/

# mv main.cf main.cf.old

# vi main.cf

添加下面的内容

#=====================BASE=========================

myhostname = mail.xxt.cn

mydomain = xxt.cn

myorigin = $mydomain

mydestination =

mynetworks = 192.168.0.0/16, 127.0.0.0/8

inet_interfaces = all  

readme_directory = no

sample_directory = /etc/postfix

sendmail_path = /usr/sbin/sendmail

html_directory = no

setgid_group = postdrop

command_directory = /usr/sbin

manpage_directory = /opt/postfix/man

daemon_directory = /usr/libexec/postfix

newaliases_path = /usr/bin/newaliases

mailq_path = /usr/bin/mailq

queue_directory = /var/spool/postfix

mail_owner = postfix

 

#=====================Vritual Mailbox settings=========================

virtual_mailbox_base = /var/mailbox

virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf

virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf

virtual_alias_domains =

virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf

virtual_uid_maps = static:1000

virtual_gid_maps = static:1000

virtual_transport = maildrop:

maildrop_destination_recipient_limit = 1

maildrop_destination_concurrency_limit = 1

 

#====================QUOTA========================

message_size_limit = 52428800

mailbox_size_limit = 209715200

virtual_mailbox_limit = 209715200

virtual_create_maildirsize = yes

virtual_mailbox_extended = yes

virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_limit_maps.cf

virtual_mailbox_limit_override = yes

virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.

virtual_overquota_bounce = yes

 

#====================SASL========================

broken_sasl_auth_clients = yes

smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination

smtpd_sasl_auth_enable = yes

smtpd_sasl_local_domain = $mydomain

smtpd_sasl_security_options = noanonymous

smtpd_sasl_application_name = smtpd

smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!

alias_maps = hash:/etc/aliases

(7)       添加为支持虚拟域和虚拟用户所用到的配置文件,其实是直接在extman中复制过去

# tar zxvf extman-1.0.0.tar.gz

# cd extman-1.0.0

# cp docs/mysql_virtual_* /etc/postfix/

(8)       启动postfix并加入到自启动

# /usr/sbin/postfix start

# echo "/usr/sbin/postfix start">>/etc/rc.local

8、 安装maildrop

(1)       安装和配置maildrop

# tar jxvf maildrop-2.5.0.tar.bz2

# cd maildrop-2.5.0

# ln -sv /usr/local/courier-authlib/bin/courierauthconfig /usr/bin/courierauthconfig

#yum install pcre-devel

#./configure  --prefix=/usr/local/maildrop --enable-sendmail=/usr/sbin/sendmail --enable-trusted-users="rootvmail"  --enable-syslog=1 --enable-maildirquota --enable-maildrop-uid=1000 --enable-maildrop-gid=1000  --with-trashquota--with-dirsync

# make && make install

# cp /usr/local/maildrop/bin/maildrop /usr/local/bin/

(2)       查看一下安装结果

# maildrop -v

maildrop 2.0.4 Copyright 1998-2005 Double Precision, Inc.

GDBM extensions enabled.

Courier Authentication Library extension enabled.  //要保证这一行显示

Maildir quota extension enabled.

This program is distributed under the terms of the GNU General Public

License. See COPYING for additional information.

(3)       配置maildrop的日志文件

# vi /etc/maildroprc

logfile "/var/log/maildrop.log"

to "$HOME/Maildir"

VERBOSE="4"

# touch /var/log/maildrop.log

# chown vmail.vmail /var/log/maildrop.log

(4)       配置Postfix

# vi /etc/postfix/master.cf

去掉下面两行前面的#

maildrop  unix  -       n       n       -       -       pipe

flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}

第二行改为

flags=DRhu user=vmail argv=/usr/local/bin/maildrop -w 90 -d ${user}@${nexthop} ${recipient} ${user} ${extension} {nexthop}

 

此处要注意argv=后边的maildrop要加上路径,否则会出现

temporary failure. Command output: pipe: fatal: pipe_command: execvp maildrop: No such file or directory

注意maildrop unix这行前边不能有空格,要不会出现以下错误提示

warning: connect to transport maildrop: No such file or directory

Oct 31 23:21:24 localhost postfix/error[2235]: BE0AE27DAF6: to=<[email protected]>,relay=none,delay=1443,delays=1443/0.24/0/0.02,dsn=4.3.0, status=deferred (mail transport unavailable)

注意flags=Drhu这一行前边有两个空格,要不会出现以下错(fatal: /etc/postfix/master.cf: line 100: bad transport type: user= vmail)。


注意前面要保留两个空格,不然会有问题

9、  安装配置ExtmailExtman  

(1)       安装和配置Extmail

# tar -zxvf extmail-1.2.tar.gz

# mkdir /var/www/extsuite

# mv extmail-1.2  /var/www/extsuite/extmail

# cd /var/www/extsuite/extmail/

# cp webmail.cf.default webmail.cf

# vi webmail.cf

部分修改选项的说明:

 

SYS_USER_LANG = en_US

语言选项,可改作:

SYS_USER_LANG = zh_CN

 

SYS_MAILDIR_BASE = /home/domains

此处即为您在前文所设置的用户邮件的存放目录,可改作:

SYS_MAILDIR_BASE = /var/mailbox

 

SYS_MYSQL_USER = db_user

SYS_MYSQL_PASS = db_pass

以上两句句用来设置连接数据库服务器所使用用户名、密码和邮件服务器用到的数据库,这里修改为:

SYS_MYSQL_USER = extmail

SYS_MYSQL_PASS = extmail

 

 

SYS_MYSQL_HOST = localhost

指明数据库服务器主机名,这里默认即可

 

SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock

连接数据库的sock文件位置,这里修改为:

SYS_MYSQL_SOCKET = /tmp/mysql.sock

 

 

SYS_MYSQL_TABLE = mailbox

SYS_MYSQL_ATTR_USERNAME = username

SYS_MYSQL_ATTR_DOMAIN = domain

SYS_MYSQL_ATTR_PASSWD = password

以上用来指定验正用户登录里所用到的表,以及用户名、域名和用户密码分别对应的表中列的名称;这里默认即可

 

SYS_AUTHLIB_SOCKET = /var/spool/authdaemon/socket

此句用来指明authdaemo socket文件的位置,这里修改为:

SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket

 

修改 cgi执行文件属主为apache运行身份用户:

# chown -R vmail.vmail /var/www/extsuite/extmail/cgi/

(2)       安装配置Extman

                   # mv extman-1.0.0  /var/www/extsuite/extman

                   #cd  /var/www/extsuite/extman

                   # mv webman.cf.default webman.cf

修改配置文件以符合本例的需要:

# vi /var/www/extsuite/extman/webman.cf

 

SYS_MAILDIR_BASE = /home/domains

此处即为您在前文所设置的用户邮件的存放目录,可改作:

SYS_MAILDIR_BASE = /var/mailbox

 

SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock

此处修改为:

SYS_MYSQL_SOCKET = /tmp/mysql.sock

(3)       使用extman源码目录下docs目录中的extmail.sqlinit.sql建立数据库:

# cd /var/www/extsuite/extman

# mysql -u root -p <docs/extmail.sql

# mysql -u root -p <docs/init.sql

(4)       修改cgi目录的属主:

chown -R vmail.vmail /var/www/extsuite/extman/cgi

(5)       extmanextmail需要Perl-Unix-SyslogDBD-Mysqlperl-GD的支持

#perl -MCPAN -e  shell

然后一路回车后出现:

cpan>

然后我们输入:

cpan>install Unix::Syslog

cpan>install GD

cpan>install DBI

-----cpan>install DBD::mysql # DBD-Mysql目前最新的版本为DBD-mysql-4.006,但它和系统中的perl结合使用时会造成extmail无法正常使用,因此我们采用 3的版本

# tar -zxvf DBD-mysql-3.0008_1.tar.gz

# cd DBD-mysql-3.0008_1  

# perl Makefile.PL

# make

# make install

(6)       建立extmanextmail的目录

# mkdir /tmp/extman

# chown -R vmail.vmail /tmp/extman/

# mkdir /tmp/extmail

# chown -R vmail.vmail /tmp/extmail/

(7)       apache相关配置

# vi /usr/local/apache2/conf/httpd.conf

去掉这行前面的#

Include conf/extra/httpd-vhosts.conf

 

# vi /usr/local/apache2/conf/extra/httpd-vhosts.conf

去后面的<VirtualHost>两段

<VirtualHost *:80>

....

</VirtualHost>

添加下面内容

<VirtualHost *:80>

ServerName mail.xxt.cn

DocumentRoot /var/www/extsuite/

ScriptAlias /extmail/cgi/ /var/www/extsuite/extmail/cgi/

Alias /extmail/ /var/www/extsuite/extmail/html/

ScriptAlias /extman/cgi/ /var/www/extsuite/extman/cgi/

Alias /extman/ /var/www/extsuite/extman/html/

SuexecUserGroup vmail vmail

</VirtualHost>

(8)       重启一下apache服务器

#service httpd restart

到此,就全配置完了

在浏览器中输入http://mail.xxt.cn/extman进入管理界面,默认内置账号是[email protected],密码是 extmail*123*,添加一个域和用户

http://mail.xxt.cn/extmail中登陆

 

第二篇:图像化日志安装

 

10、              安装图形化日志

(1)       安装gd-2.0.35

# tar -jxvf gd-2.0.35.tar.bz2

# cd gd-2.0.35

# ./configure --with-png --with-freetype --with-jpeg --with-zlib --with-fontconfig

# make

如果GD报错:configure.ac:64: warning: macro `AM_ICONV' not found in library你就make clean一下,然后再make

如果你安装别的出现libtool没有找到,你就从/usr/bin/libtool cp 一个过来用就好了!

# make install

(2)       安装Time-HiRes

# tar -zxvf Time-HiRes-1.9719.tar.gz

# cd Time-HiRes-1.9719

# perl Makefile.PL

# make

# make test

# make install

(3)       安装File-Tail

# tar -zxvf File-Tail-0.99.3.tar.gz

# cd File-Tail-0.99.3

# perl Makefile.PL

# make

# make test

# make install

(4)       安装rrdtool(用最新版的编译没通过)

#yum install tcl-devel

#yum install libpng

# yum install freetype

# yum install  libart_lgpl-devel

# tar -zxvf rrdtool-1.2.26.tar.gz

# cd rrdtool-1.2.26

# ./configure --prefix=/usr/local/rrdtool --enable-perl-site-install=/usr/lib/perl5/

# make

# make install

(5)       复制mailgraph_ext/usr/local,并启动之

# cp -r /var/www/extsuite/extman/addon/mailgraph_ext  /usr/local 

# /usr/local/mailgraph_ext/mailgraph-init  start

# /usr/local/mailgraph_ext/qmonitor-init  start

(6)       添加到自动启动队列

echo "/usr/local/mailgraph_ext/mailgraph-init start" >>/etc/rc.local

echo "/usr/local/mailgraph_ext/qmonitor-init start" >>/etc/rc.local

 

 

第三篇:邮件反垃圾和病毒处理

ClamAV是一个unix系统平台上的开源反病毒工具,它是特地为在邮件网关上进行邮件扫描而设计的。整套软件提供了许多的实用工具,包括一个可伸缩和可升级的多线程守护进程、一个命令行扫描工具和病毒库自动升级工具。

 

SpamAssassin 是目前最好的、最流行的开源反垃圾邮件软件之一。它是一个邮件过滤器,使用了多种反垃圾邮件技术,如:文本分析、贝叶斯过滤、DNS黑名单和分布式协同过滤数据库等。

 

amavisd-new是一个连接MTA和内容检测工具(诸如病毒扫描工具和 SpamAssassin)的高性能接口程序,使用perl语言写成。它一般通过SMTPESMTP或者LMTPMTA进行通讯,当然也可以借助于其它外部程序进行。同postfixMTA)协同工作时表现尤佳。当它呼叫SpamAssassin进行内容过滤时,对于一封邮件只需要呼叫一次,而不管这封邮件将发往多少个收件人;同时,它亦会尽力保证实现每一位收件人的偏好设置,如接收/拒绝,检测/不检测,垃圾邮件级别等;它还会在邮件头部分插入 spam相关信息。

 

11、安装ClamAV

(1)       升级安装ClamAV的支持

最新的clamav-0.96.1需要zlib-1.2.2以上的版本的支持,而centos5上的版本为zlib-1.2.3因此不需要升级,但是为了确保,最好还是确认下:

#rpm  -qa | grep zlib

zlib-1.2.3-3

zlib-devel-1.2.3-3

如果不是最新的,请使用yum update zlib进行升级。

(2)       安装ClamAV

添加ClamAV运行所需的组和用户:

#groupadd clamav

#useradd -g clamav -s /sbin/nologin -M clamav

 

添加配合amavisd-new使用的用户amavis

#groupadd amavis

#useradd -g amavis -s /sbin/nologin -M amavis

 

#tar zxvf clamav-0.96.1.tar.gz

#cd clamav-0.96.1

#./configure --prefix=/usr/local/clamav --with-dbdir=/usr/local/clamav/share --sysconfdir=/etc/clamav

#make

#make check

#make install

(3)       配置Clam AntiVirus

编辑主配置文件:

#vi /etc/clamav/clamd.conf

 

注释掉第八行的Example,如下:

# Example

 

找到如下行

#LogFile /tmp/clamd.log

#PidFile /var/run/clamd.pid

LocalSocket /tmp/clamd.socket

#DatabaseDirectory /var/lib/clamav

#User clamav

修改为:

LogFile /var/log/clamav/clamd.log

PidFile /var/run/clamav/clamd.pid

LocalSocket /var/run/clamav/clamd.socket

DatabaseDirectory /usr/local/clamav/share

User amavis

 

启用以下选项

LogSyslog yes

LogFacility LOG_MAIL

LogVerbose yes

StreamMaxLength 20M   (后面的数值应该与邮件服务器允许的最大附件值相一致)

 

 

编辑更新进程的配置文件

#vi /etc/clamav/freshclam.conf

 

注释掉Example,如下:

# Example

 

找到如下行

#DatabaseDirectory /var/lib/clamav

#UpdateLogFile /var/log/freshclam.log

分别修改为:

DatabaseDirectory /usr/local/clamav/share

UpdateLogFile /var/log/clamav/freshclam.log

 

启用以下选项:

DatabaseMirror db.XY.clamav.net   (您可以去clamav官方网站查看升级服务器并添加至此处db.CN.clamav.net)

LogSyslog yes

LogFacility LOG_MAIL

LogVerbose yes

 

(4)       建立日志所在的目录、进程与socket所在的目录,并让它属于clamav用户:

# mkdir -v /var/log/clamav

# chown -R amavis.amavis /var/log/clamav

# mkdir -v /var/run/clamav

# chmod 700 /var/run/clamav

# chown -R amavis.amavis /var/run/clamav

 

建立日志文件

#touch   /var/log/clamav/freshclam.log

#chown   clamav.clamav   /var/log/clamav/freshclam.log

(5)       配置crontab,让Clam AntiVirus每小时检测一次新的病毒库:

# crontab -e

添加:

37 * * * * /usr/local/clamav/bin/freshclam

(6)       配置库文件搜索路径:

# echo “/usr/local/clamav/lib”>> /etc/ld.so.conf

# ldconfig

(7)       配置clamav开机自动启动

# echo /usr/local/clamav/sbin/clamd /etc/rc.local

11、              安装SpamAssassin-3.3.1

1

依赖关系的解决,安装Spamassassin需要很多perl模块的支持,以下是所需模块列表及安装方法;必须的软件包:

Digest::SHA1

HTML::Parser

Net::DNS

LWP (aka libwww-perl)

HTTP::Date

IO::Zlib

Archive::Tar

 

可选的软件包,其中有些后面的amavisd也有可能会用到:

MIME::Base64

DB_File

Net::SMTP

Mail::SPF

IP::Country::Fast

Net::Ident

IO::Socket::INET6

IO::Socket::SSL

Compress::Zlib

Time::HiRes

Mail::DKIM

Mail::DomainKeys

DBI *and* DBD driver/modules

Encode::Detect

Apache::Test

Razor2

 

推荐使用CPAN自动安装(你的主机要能连上Internet),它能够自动下载安装,并能解决安装过程中的依赖关系。您可以使用类同的以下的命令来进行安装:

#perl -MCPAN -e shell

cpan> install Digest::SHA1

………………

 

如果您的主机无法直接连接到Internet,您也可以到http://search.cpan.org上搜索下载所需要的软件包,而后使用类同的下列命令安装:

 

#tar zxvf 软件包.tar.gz

#cd 软件包

#perl Makefile.PL

#make

#make test

#make install

说明:某些软件包安装的过程中可能需要已经列出的其它软件包的支持(可以先尝试安装Spamassassin,然后按提示补充所需软件包),请安照提示自行调整安装顺序。另外,其中有个软件包安装过程中可能要求声明环境变量LC_ALL,此时,可输入如下命令,并重新进行软件包的编译安装即可。

#export LC_ALL=C

2)安装Mail-SpamAssassin-3.3.1

#tar jxvf Mail-SpamAssassin-3.3.1.tar.bz2

#cd Mail-SpamAssassin-3.3.1

#perl Makefile.PL

#make

#make check

#make install

 

编辑主配置文件/etc/mail/spamassassin/local.cf

required_hits 10.0

rewrite_subject 1

required_score 5.0

rewrite_header Subject *****SPAM*****

report_safe     1

use_bayes    1

bayes_auto_learn        1

skip_rbl_checks       1

use_razor2    0

use_pyzor    0

ok_locales    all

 

在这部分安装的过程中可能会遇到一些问题,请使用perl -MCPAN -e shell之后>cpan install spamassassin.

注:笔者在安装的过程中也遇到了Mail::SPF这个模块儿无法安装的情况,这个需要更新CPAN的版本才可以解决。很简单,这里不再详述。

 

3)测试spamassassin

#spamassassin -t < sample-nonspam.txt > nonspam.out

#spamassassin -t < sample-spam.txt > spam.out

4)查看测试结果:

#less nonspam.out

#less spam.out

5)检查配置文件

#spamassassin -d --lint

6)启动进程,并将其加入到自动启动队列

#/usr/bin/spamd -d

#echo "/usr/bin/spamd -d" >> /etc/rc.local

12、              安装amavisd-new

(1)       依赖关系的解决

以下为官方声明所必须的软件包列表,使用perl -MCPAN -e shell进行安装

Archive::Zip

Compress::Zlib

Convert::TNEF 

Convert::UUlib

MIME::Base64

MIME::Parser

Mail::Internet

Net::Server

Digest::MD5

IO::Stringy

Time::HiRes

Unix::Syslog

BerkeleyDB 

有些可能在上面已经安装,但是为了保险起见,还是建议逐个验证一遍。

(2)       创建运行时目录,并赋予amavis用户(前文中所建)

# mkdir -pv /var/amavis/{tmp,var,db,home}
# chown -R amavis:amavis /var/amavis
#chmod -R 750 /var/amavis

(3)       安装amavisd-new-2.6.4

# tar -zxvf amavisd-new-2.6.4.tar.gz

# cd amavisd-new-2.6.4

拷贝服务端至$PATH中指定的目录,推荐拷贝至/usr/local/sbin

#cp amavisd /usr/local/sbin/

#chown root /usr/local/sbin/amavisd

#chmod 755 /usr/local/sbin/amavisd

拷贝主配置文件至/etc,并修改相应的权限:

#cp amavisd.conf /etc

# chown root:amavis /etc/amavisd.conf

# chmod 640 /etc/amavisd.conf

创建amavisd运行中所需要的隔离区域:

# mkdir -v /var/virusmails

# chown amavis:amavis /var/virusmails/

# chmod 750 /var/virusmails/

(4)       编辑主配置文件

#vi /etc/amavisd.conf

 

确保您的如下选项的值如下文所示:

$daemon_user   = 'amavis';

$daemon_group = 'amavis';

$mydomain = 'xxt.cn'; (此处可更改为自己的DNS)

 

$virus_admin             = "postmaster/@$mydomain"; 

$mailfrom_notify_admin     = "postmaster/@$mydomain"; 

$mailfrom_notify_recip     = "postmaster/@$mydomain"; 

$mailfrom_notify_spamadmin = "postmaster/@$mydomain";

$mailfrom_to_quarantine = '';

 

virus_admin_maps => ["postmaster/@$mydomain"] (指定报告病毒和垃圾邮件时发送系统邮件的用户身份)

spam_admin_maps   => ["postmaster/@$mydomain"]

 

启用ClamAV,(大概在第363)去掉如下行前的注释符:

#['ClamAV-clamd',

#     /&ask_daemon, ["CONTSCAN {}/n", "/var/run/clamav/clamd"],

# qr//bOK$/, qr//bFOUND$/,

#    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

#     ['Mail::ClamAV', /&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/],---375

 

并将如上行中的/var/run/clamav/clamd修改为:/var/run/clamav/clamd.socket

(5)       测试启动

#/usr/local/sbin/amavisd

也可以按如下命令调试启动:

#/usr/local/sbin/amavisd debug

注意加到开机启动中

echo “/usr/local/sbin/amavisd”>>etc/rc.d/rc.local

 

可能会遇到下面的错误:

fetch_modules: error loading optional module MIME/Decoder/BinHex.pm:

  Can't locate Convert/BinHex.pm in @INC (@INC contains: /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.8/i386-linux-thread-multi /usr/lib/perl5/5.8.8) at /usr/lib/perl5/site_perl/5.8.8/MIME/Decoder/BinHex.pm line 43.

  BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/MIME/Decoder/BinHex.pm line 43.

  Compilation failed in require at /usr/local/sbin/amavisd line 197.

这个时候就需要下载Convert-BinHex-1.119.tar.gz,安装后再启动。

#tar -zxvf Convert-BinHex-1.119.tar.gz

#cd Convert-BinHex-1.119

#perl Makefile.PL

#make

#make install

13、              配置postfix,让它能调用amavisd,以实现病毒及垃圾邮件的过滤

(1)       配置/etc/postfix/master.cf

#vi /etc/postfix/master.cf

在文末添加如下内容:

# ==========================================================================

# service type   private unpriv   chroot   wakeup   maxproc command + args

#             (yes) (yes) (yes) (never) (100)

# ==========================================================================

#

amavisfeed unix -    -    n    -    2     smtp

-o smtp_data_done_timeout=1200

-o smtp_send_xforward_command=yes

-o disable_dns_lookups=yes

-o max_use=20

#

127.0.0.1:10025 inet n -    n    -    -     smtpd

-o content_filter=

-o smtpd_delay_reject=no

-o smtpd_client_restrictions=permit_mynetworks,reject

-o smtpd_helo_restrictions=

-o smtpd_sender_restrictions=

-o smtpd_recipient_restrictions=permit_mynetworks,reject

-o smtpd_data_restrictions=reject_unauth_pipelining

-o smtpd_end_of_data_restrictions=

-o smtpd_restriction_classes=

-o mynetworks=127.0.0.0/8,192.168.0.0/16

-o smtpd_error_sleep_time=0

-o smtpd_soft_error_limit=1001

-o smtpd_hard_error_limit=1000

-o smtpd_client_connection_count_limit=0

-o smtpd_client_connection_rate_limit=0

-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters

-o local_header_rewrite_clients=

 

说明:注意每行“-o”前的空格;

(2)       修改/etc/postfix/main.cf

#vi /etc/postfix/main.cf

在文末添加如下行:

content_filter=amavisfeed:[127.0.0.1]:10024

(3)       postfix重新加载主配置文件,并查看启动情况

# postfix reload && tail -f /var/log/maillog

(4)       查看amavisd是否在监听10024端口,并测试服务启动情况:

[root@mail postfix]# telnet localhost 10024

Trying 127.0.0.1...

Connected to localhost.localdomain (127.0.0.1).

Escape character is '^]'.

220 [127.0.0.1] ESMTP amavisd-new service ready

ehlo localhost

250-[127.0.0.1]

250-VRFY

250-PIPELINING

250-SIZE

250-ENHANCEDSTATUSCODES

250-8BITMIME

250-DSN

250 XFORWARD NAME ADDR PORT PROTO HELO SOURCE

quit

221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel

Connection closed by foreign host.

(5)       postfix重新加载配置文件后将授权并激活"127.0.0.1:10025"端口,一个正常的服务连接应该类同下面所示:

[root@mail postfix]#  telnet localhost 10025

Trying 127.0.0.1...

Connected to localhost.localdomain (127.0.0.1).

Escape character is '^]'.

220 Welcome to our mail.xxt.cn ESMTP,Warning: Version not Available!

EHLO localhost

250-mail.xxt.cn

250-PIPELINING

250-SIZE 52428800

250-VRFY

250-ETRN

250-AUTH PLAIN LOGIN

250-AUTH=PLAIN LOGIN

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

quit

221 2.0.0 Bye

Connection closed by foreign host.

(6)       通过amavisd测试发信

[root@mail ~]# telnet localhost 10024

Trying 127.0.0.1...

Connected to localhost.localdomain (127.0.0.1).

Escape character is '^]'.

220 [127.0.0.1] ESMTP amavisd-new service ready

HELO localhost

250 [127.0.0.1]

MAIL FROM:<>

250 2.1.0 Sender <> OK

RCPT TO:<lyf>

250 2.1.5 Recipient <lyf> OK

DATA

354 End data with <CR><LF>.<CR><LF>

<lyf>

From:Anti-Virus tester

To: MailServer Admin

Subject:amavisd test!

amavisd test!!

.

250 2.0.0 Ok, id=32278-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 3FE6A7488EB

quit

221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel

Connection closed by foreign host.

(7)       使用EXTmail登陆lyf用户查看邮件的情况,如果收到则说明功能正常。

14、              测试使用反病毒及反垃圾模块

(1)       病毒邮件发送测试

登录extmail,发送带有病毒附件的邮件(病毒样本在一个压缩包中),查看发送情况:

#tail –f /var/log/maillog

Aug 11 18:07:13 mail clamd[4821]: SelfCheck: Database status OK.

Aug 11 18:07:13 mail clamd[4821]: /var/amavis/tmp/amavis-20100811T165819-32278/parts/p493: VGEN.6.0 FOUND

Aug 11 18:07:13 mail clamd[4821]: /var/amavis/tmp/amavis-20100811T165819-32278/parts/p250: Jerusalem-USA FOUND

Aug 11 18:07:13 mail clamd[4821]: /var/amavis/tmp/amavis-20100811T165819-32278/parts/p251: DOS.PS-MPC.432 FOUND

Aug 11 18:07:13 mail clamd[4821]: /var/amavis/tmp/amavis-20100811T165819-32278/parts/p249: VGEN.6.0 FOUND

Aug 11 18:07:13 mail clamd[4821]: /var/amavis/tmp/amavis-20100811T165819-32278/parts/p252: Albania-429.A FOUND

Aug 11 18:07:13 mail clamd[4821]: /var/amavis/tmp/amavis-20100811T165819-32278/parts/p253: Albania.1 FOUND

Aug 11 18:07:13 mail clamd[4821]: /var/amavis/tmp/amavis-20100811T165819-32278/parts/p254: Albania.1 FOUND

Aug 11 18:07:13 mail clamd[4821]: /var/amavis/tmp/amavis-20100811T165819-32278/parts/p255: Small.130-gen FOUND

Aug 11 18:07:13 mail clamd[4821]: /var/amavis/tmp/amavis-20100811T165819-32278/parts/p256: Vgen.1065 FOUND

Aug 11 18:07:14 mail clamd[4821]: /var/amavis/tmp/amavis-20100811T165819-32278/parts/p258: Abraxas-1200 FOUND

Aug 11 18:07:14 mail clamd[4821]: /var/amavis/tmp/amavis-20100811T165819-32278/parts/p259: Abraxas-1214 FOUND

Aug 11 18:07:14 mail clamd[4821]: /var/amavis/tmp/amavis-20100811T165819-32278/parts/p260: Abraxas-15xx FOUND

Aug 11 18:07:14 mail clamd[4821]: /var/amavis/tmp/amavis-20100811T165819-32278/parts/p261: Abraxas-15xx FOUND

Aug 11 18:07:14 mail postfix/smtpd[350]: connect from localhost.localdomain[127.0.0.1]

Aug 11 18:07:14 mail postfix/smtpd[350]: AC4BD7488ED: client=localhost.localdomain[127.0.0.1]

Aug 11 18:07:14 mail postfix/cleanup[342]: AC4BD7488ED: message-id=<[email protected]>

Aug 11 18:07:15 mail postfix/smtpd[350]: disconnect from localhost.localdomain[127.0.0.1]

Aug 11 18:07:15 mail postfix/qmgr[32702]: AC4BD7488ED: from=<[email protected]>, size=12833, nrcpt=1 (queue active)

Aug 11 18:07:15 mail amavis[32278]: (32278-06) Blocked INFECTED (VGEN.6.0, Jerusalem-USA, DOS.PS-MPC.432, Albania-429.A, Albania.1, Small.130-gen, Vgen.1065, Abraxas-1200, Abraxas-1214, Abraxas-15xx, _0523_0001_001, ARCV-Made-255, ARCV-330, ARCV.562, ARCV.570, Ice.2, ARCV.773, DOS.Arcv.839, DOS.PS-MPC.447, ARCV.Anna.742, DOS.ARCV.745, DOS.Arcv.1183, Arcv.Christmas, ICE-9.A, Arcv.Ice.250, Gen.1575.B, Acid-670, AvatarAcid-674, DOS.Johanna, ARCV.Joanna.912, DOS.ARCV.Gen, Clonewar-923.A, Gen.649, Fire.795, DOS.X-2.Gen, Arcv-1060, ADA, Adolph.3, Advent, VCL.Shirley, Tic-1, Agip, AIDSII, AIDS.1, Dropper.5, BootSectorDr, Aircop-c, Hydra.3, Dropper.1, Alabama-B, Yale, DOS.Eddie, Redx, BadTaste, Amoeba.1, Pixel-296, Amstrad-740, Amstrad.1, Amstrad.2, Pixel-852, Jerusalem.9, Plastique.3, Plastique.2, AntiCAD-4096, Plastique.5, Jerusalem.2.Nemesis, Jerusalem.1, Andryushka.1, Andromeda.1140, Ohlala, Anthrax-E, Anti-D.2, Civil_War.561, V-1L, Plastique.1, Anti-Faggot, ChristmasViolator, Antimit, Antimon, VLADAnt...

Aug 11 18:07:15 mail amavis[32278]: (32278-06) ...ipode, DOS.Simulated.Virus, VGEN.10.0, VGEN.11.0, Anto-1, Pascal-400, Pascal-440, AntiPas-480, Pascal-529, AntiPas-605, Vgen.1334, V2000, April-1st.A, April-1st.E, Joke.Pani, Armageddon.C, Gen.742, DOS.Arara.1057, ARCV-4, VirTool.ARCV, Violator.1, Argentina, Ash.1, Ash-449, Ash.451, SillyC-737, ImpotentG, Ash-1602, Ash-1604, Asp, Astra-101, AT-133, AT-140.1, AT.144.B, AT.144.A, AT-149.B, VGEN.17.0, Atom-350, VCL.O.371, Atomic-480, Atomic, Attention.3, AT-II-114, ATII-118, AT-II-122, Atomic.2, Atom-Ant, Attitude.548, Attitude-724.825, Aurea.A, AustrPara.152, AustrPara.153.B, Austr.Para-155, Austr.Para-162, Austr.Para-187, Austr.Para-215, Austr.Parasite.3, Austr.Para-306, Austr.Para-338, Austr.Para-369, Austr.Para-377, AnkeHuber, DOS.Austr_Parasite.440, Austr.Para-482, DOS.Anke, Austr.Para-550, Austr.Para-588, Austr.Para-615, Austr.Para-784, Austr.Para-762, Gen.403.B, Clipper, DOS.AusTerm.3490, Austr.Para-VGADemo, DarkAvenger-1947), MYNETS LOCAL [127....

Aug 11 18:07:15 mail amavis[32278]: (32278-06) ...0.0.1] [127.0.0.1] <[email protected]> -> <[email protected]>, quarantine: virus-YeO+kSgVIMCX, Message-ID: <[email protected]>, mail_id: YeO+kSgVIMCX, Hits: -, size: 403109, 2439 ms

(2)       至此postfix的所有软件已经搭建完毕,就开始享受你自己的mail之旅吧!GOOD LUCK

参考文档:

1、  http://blog.yahunet.com/post-67.html

2、  http://hi.baidu.com/shengit/blog/item/d839502c7253a138349bf78c.html

 

 

你可能感兴趣的:(apache,mysql,socket,service,perl,extension)