as4+postfix+cyrus-sasl+mysql+postfixadmin+courier-imap+courier-maildrop+squirrelmail+clamav+spamassassin+amavisd-new
我以前那篇文章中密码加密有问题(密码一加密,smtp认证就通不过),所以利用这个周末更新一下。这次sasl密码验证机制改为authdaemond(感谢网友606),并把测试部分单独列出来。很多人问起我的安装环境,我安装linux的时候,只选了开发工具,其他的都没选,还有,这些软件包安装的时候都没有依赖性问题,有的话,我也提出来了。
1.安装 mysql 5.0.15
# wget http://dev.mysql.com/get/Downloads/MySQL-5.0/mysql-5.0.15.tar.gz/from/http://mysql.new21.com/
# tar zxvf mysql-5.0.15.tar.gz
# cd cd mysql-5.0.15
# groupadd mysql
# useradd -g mysql mysql
# CFLAGS="-O3" CXX=gcc CXXFLAGS="-O3 -felide-constructors -fno-exceptions -fno-rtti" /
./configure --prefix=/usr/local/mysql /
--enable-assembler --with-mysqld-ldflags=-all-static --with-charset=gbk
# make
# make install
# cp support-files/my-medium.cnf /etc/my.cnf
设置自启动
# cp support-files/mysql.server /etc/rc.d/init.d/mysqld
# chmod 755 /etc/rc.d/init.d/mysqld
# chkconfig --add mysqld
安装完以后要初始化数据库
# cd /usr/local/mysql
# /usr/local/mysql/bin/mysql_install_db --user=mysql
# chown -R root .
# chown -R mysql var
# chgrp -R mysql .
好了,至此mysql安装完毕,你可以这样起动你的mysql服务
# service mysqld start
为了能让系统找到mysql,请运行如下命令
# PATH=$PATH:/usr/local/mysql/bin
# export PATH
# echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf
# ldconfig
2.安装 apache 2.0.55
# wget http://apache.freelamp.com/httpd/httpd-2.0.55.tar.bz2
# tar jxvf httpd-2.0.55.tar.bz2
# cd httpd-2.0.55
# ./configure --prefix=/usr/local/apache
# make
# make install
设置自启动
# cp support/apachectl /etc/init.d/httpd
修改/etc/init.d/httpd
# vi /etc/init.d/httpd(前面几行改成如下样子)
#!/bin/sh
#
# Startup script for the Apache Web Server
# chkconfig: - 85 15
# description: Apache is a World Wide Web server. It is used to serve /
# HTML files and CGI.
# processname: httpd
# pidfile: /usr/local/apache/log/httpd.pid
# config: /usr/local/apache/conf/httpd.conf
# chkconfig --add httpd
# chmod 755 /etc/init.d/httpd
# chkconfig httpd on
创建网页根目录
# mkdir /var/www
修改apache配置文件
# vi /usr/local/apache/conf/httpd.conf
//存放网页的目录,原来为DocumentRoot "",改成:
DocumentRoot "/var/www"
//这句应该和DocumentRoot 的目录保持一致,原来为,改成:
//Indexes:当在目录中找不到DirectoryIndex列表中指定的文件就生成当前目录的文件列表
//FollowSymlinks:允许符号链接跟随,访问不在本目录下的文件
Options Indexes FollowSymLinks
//禁止读取.htaccess配置文件的内容
AllowOverride None
//指定先执行Allow(允许)访问规则,再执行Deny(拒绝)访问规则
Order allow,deny
//设置Allow(允许)访问规则,允许所有连接
Allow from all
启动服务
# service httpd start
3.安装php 4.4.1
# wget http://cn.php.net/get/php-4.4.1.tar.bz2/from/this/mirror
# tar jxvf php-4.4.1.tar.bz2
# cd php-4.4.1
# ./configure /
--prefix=/usr/local/php /
--with-mysql=/usr/local/mysql /
--with-apxs2=/usr/local/apache/bin/apxs
# make
# make install
# cp php.ini-dist /usr/local/php/lib/php.ini
# vi /usr/local/php/lib/php.ini
;default_charset = "iso-8859-1"
在这行下面加一行
default_charset = "gbk"
# vi /usr/local/apache/conf/httpd.conf
找到#AddType application/x-tar .tgz 这行,在下面加两行
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
找到下面一行在后面加上index.php,这表示网站的默认页也能够为index.php
DirectoryIndex index.html index.html.var index.php
注意:改变了http.conf后,要重启apache服务
4.安装 cyrus-sasl 2.1.21
先关闭as4默认安装的sasl
# mv /usr/lib/sasl /usr/lib/sasl.OFF
# mv /usr/lib/sasl2 /usr/lib/sasl2.OFF
编译安装cyrus-sasl2.1.21
# wget http://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.21.tar.gz
# tar zxvf cyrus-sasl-2.1.21.tar.gz
# cd cyrus-sasl-2.1.21
# ./configure /
--disable-anon -enable-plain --enable-login /
--enable-sql --with-mysql=/usr/local/mysql /
--with-mysql-includes=/usr/local/mysql/include/mysql /
--with-mysql-libs=/usr/local/mysql/lib/mysql /
--with-authdaemond
# make
# make install
更新lib库
# echo "/usr/local/lib" >> /etc/ld.so.conf
# ldconfig
重要
# ln -s /usr/local/lib/sasl2 /usr/lib/sasl2
5.安装postfix 2.2.5
如果你的系统上原来有sendmail,先将其停止并将其文件改名
# /etc/init.d/sendmail stop
# chkconfig --level 0123456 sendmail off
# mv /usr/bin/newaliases /usr/bin/newaliases.orig
# mv /usr/bin/mailq /usr/bin/mailq.orig
# mv /usr/sbin/sendmail /usr/sbin/sendmail.orig
开始安装
# groupadd -g 12345 postfix
# useradd -u 12345 -g 12345 -c postfix -d/dev/null -s/sbin/nologin postfix
# groupadd -g 54321 postdrop
# wget ftp://postfix.cn99.com/postfix/official/postfix-2.2.5.tar.gz
# tar zxvf postfix-2.2.5.tar.gz
# cd postfix-2.2.5
(Building Postfix with SASL authentication and mysql support)
# make -f Makefile.init makefiles /
'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH -I/usr/local/include/sasl' /
'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient -lz -lm -L/usr/local/lib -lsasl2'
# make install
注意:
本例中Mysql安装在/usr/lcoal/mysql,sasl2安装在/usr/lib/sasl2。如果安装路径不同,请自行修改编译时CCARGS和AUXLIBS选项。
在执行make install的时候可能会得到如下的提示:
/usr/libexec/ld-elf.so.1: Shared object "libmysqlclient.so.12" not found
这是因为mysql不是安装在默认目录中的,所以需要告诉postfix应该到哪里去找libmysqlclient.so.12,使用ldconfig就可以达到这个目的
# echo /usr/local/mysql/lib/mysql >> /etc/ld.so.conf
# ldconfig
6.安装postfixadmin 2.1.0
建立apache和maildrop的用户和组
# groupadd vmail -g 1001
# useradd vmail -u 1001 -g 1001 -s/sbin/nologin -d/dev/null
# vi /usr/local/apache/conf/httpd.conf
把
User nobody
Group #-1
改为
User vmail
Group vmail
# wget http://high5.net/postfixadmin/do ... tfixadmin-2.1.0.tgz
# tar -zxvf postfixadmin-2.1.0.tgz
# mv postfixadmin-2.1.0 /var/www/postfixadmin
更改权限,假定运行apache的用户和组为vmail
# chown -R vmail:vmail /var/www/postfixadmin
# cd /var/www/postfixadmin
# chmod 640 *.php *.css
# cd /var/www/postfixadmin/admin/
# chmod 640 *.php .ht*
# cd /var/www/postfixadmin/images/
# chmod *.png
# cd /var/www/postfixadmin/languages/
# chmod 640 *.lang
# cd /var/www/postfixadmin/templates/
# chmod 640 *.tpl
# cd /var/www/postfixadmin/users/
# chmod 640 *.php
建立mysql表
# cd /var/www/postfixadmin
# mysql -u root < DATABASE_MYSQL.TXT
# cp config.inc.php.sample config.inc.php
# vi config.inc.php
本例中的配置如下:
$CONF['default_language'] = 'cn';
$CONF['database_type'] = 'mysql';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfixadmin';
$CONF['database_password'] = 'postfixadmin';
$CONF['database_name'] = 'postfix';
$CONF['encrypt'] = 'md5crypt';
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';
$CONF['quota'] = 'YES';
$CONF['quota_multiplier'] = '1024000';
邮箱的存储格式使用domain.ltd/username的形式,所以设置:
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';
然后打开浏览器,进入postfixadmin的欢迎界面,点击网页上的setup,看看检查是否通过,记得要删除setup.php文件。
# vi /etc/postfix/main.cf
#=====================BASE=========================
myhostname = www.test.com
mydomain = test.com
myorigin = $mydomain
mydestination = $myhostname localhost localhost.$mydomain
mynetworks = 127.0.0.0/8
inet_interfaces = all
#=====================Vritual Mailbox settings=========================
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:1001
virtual_gid_maps = static:1001
virtual_transport = maildrop
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
#====================QUOTA========================
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes
#====================SASL========================
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_unknown_sender_domain,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_unauth_destination,
permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner=$myhostname ESMTP "Version not Available"
建立/var/mailbox并设置权限
# mkdir /var/mailbox
# chown -R vmail:vmail /var/mailbox
# chmod -R ug+rwx,o-rwx /var/mailbox
建立/etc/postfix/mysql文件夹和MySQL查询配置文件
# mkdir /etc/postfix/mysql
1、vi /etc/postfix/mysql/mysql_virtual_alias_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
2、vi /etc/postfix/mysql/mysql_virtual_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = domain
select_field = description
where_field = domain
#additional_conditions = and backupmx = '0' and active = '1'
3、vi /etc/postfix/mysql/mysql_virtual_mailbox_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
#additional_conditions = and active = '1'
4、vi /etc/postfix/mysql/mysql_virtual_mailbox_limit_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = quota
where_field = username
#additional_conditions = and active = '1'
配置 /usr/local/lib/sasl2/smtpd.conf
sasl密码验证机制为authdaemond
# vi /usr/local/lib/sasl2/smtpd.conf
pwcheck_method:authdaemond
log_level:3
srp_mda:md5
password_format:crypt
mech_list:PLAIN LOGIN
authdaemond_path: /usr/local/var/spool/authdaemon/socket
7.安装Courier-authlib 0.57
新版本的imap不再包含authentication library,必须先安装 Courier authentication library
# wget http://www.courier-mta.org/beta/ ... 57.20051004.tar.bz2
# tar jxvf courier-authlib-0.57.20051004.tar.bz2
# cd courier-authlib-0.57.20051004
# ./configure /
--with-redhat /
--with-authmysql=yes /
--with-mailuser=vmail --with-mailgroup=vmail /
--with-mysql-libs=/usr/local/mysql/lib/mysql --with-mysql-includes=/usr/local/mysql/include/mysql/
# make
# make install
# make install-configure
重要
# chmod +x /usr/local/var/spool/authdaemon/
# vi /usr/local/etc/authlib/authdaemonrc
authmodulelist="authmysql"
# vi /usr/local/etc/authlib/authmysqlrc
MYSQL_SERVER localhost
MYSQL_SOCKET /tmp/mysql.sock
MYSQL_DATABASE postfix
MYSQL_USERNAME postfix
MYSQL_PASSWORD postfix
MYSQL_USER_TABLE mailbox
MYSQL_LOGIN_FIELD username
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD '1001'
MYSQL_GID_FIELD '1001'
MYSQL_HOME_FIELD '/var/mailbox/'
MYSQL_MAILDIR_FIELD maildir
MYSQL_NAME_FIELD name
MYSQL_QUOTA_FIELD concat(quota,'S')
MYSQL_WHERE_CLAUSE active='1'
DEFAULT_DOMAIN test.com
注意:确认在这个文件中不能用空格键(包括行尾),只能用tab键。
确认只使用单引号,比如:'/var/mailbox/','UID','GID'(本文为'1001')
localhost不能用单引号
确认你的/etc/hosts文件中有localhost
编译时如果支持Ipv6可能导致错误
MYSQL_GID_FIELD 和MYSQL_UID_FIELD是maildrop的UID和GID,而不是MySQL的
启动服务
自启动:
# cp courier-authlib.sysvinit /etc/rc.d/init.d/courier-authlib
# chmod 755 /etc/rc.d/init.d/courier-authlib
# chkconfig --level 0123456 courier-authlib on
手动启动服务:
# authdaemond start
Go to top.
8.安装Courier-imap 4.0.6
# wget http://www.courier-mta.org/beta/ ... .6.20051004.tar.bz2
# tar jxvf courier-imap-4.0.6.20051004.tar.bz2
# cd courier-imap-4.0.6.20051004
# ./configure /
--prefix=/usr/local/imap /
--with-redhat /
--disable-root-check /
--enable-unicode=utf-8,iso-8859-1,gb2312,gbk,gb18030 /
--with-trashquota /
--with-dirsync
# make
# make install-strip (先install-strip,如果失败,再make install)
# make install-configure
# vi /usr/local/imap/etc/pop3d
POP3DSTART=YES
# vi /usr/local/imap/etc/imapd
IMAPDSTART=YES
让imap自启动:
# cp courier-imap.sysvinit /etc/rc.d/init.d/courier-imap
# chmod 755 /etc/rc.d/init.d/courier-imap
# chkconfig --level 0123456 courier-imap on
Go to top.
9.安装Courier-maildrop 2.0.1
先装pcre
# wget http://optusnet.dl.sourceforge.n ... re/pcre-6.3.tar.bz2
# tar jxvf pcre-6.3.tar.bz2
# cd pcre-6.3
# ./configure
# make
# make install
# wget http://optusnet.dl.sourceforge.n ... ldrop-2.0.1.tar.bz2
# tar jxvf maildrop-2.0.1.tar.bz2
# cd maildrop-2.0.1
# ./configure /
--prefix=/usr/local/maildrop /
--enable-sendmail=/usr/sbin/sendmail /
--enable-trusted-users='root vmail' /
--enable-syslog=1 /
--enable-maildirquota /
--enable-maildrop-uid=1001 /
--enable-maildrop-gid=1001 /
--with-trashquota /
--with-dirsync
# make
# make install
# cp /usr/local/maildrop/bin/maildrop /usr/bin
# chmod a+rx /usr/bin/maildrop
运行maildrop -v应该有如下提示信息:
maildrop 2.0.0 Copyright 1998-2005 Double Precision, Inc.
GDBM extensions enabled.
Courier Authentication Library extension enabled.
Maildir quota extension enabled.
This program is distributed under the terms of the GNU General Public
License. See COPYING for additional information.
新建/etc/maildroprc文件
# vi /etc/maildroprc
logfile "/var/mailbox/maildrop.log"
to "$HOME/$DEFAULT"
# chmod a+r /etc/maildroprc
配置Postfix
# vi /etc/postfix/master.cf
maildrop unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/local/maildrop/bin/maildrop -w 90 -d ${recipient}
由于maildrop没有建立及删除maildir的功能,因此由脚本实现(是否有什么安全隐患?)
# vi /etc/sudoers
vmail ALL = NOPASSWD: /usr/sbin/maildirmake.sh , /usr/sbin/maildirdel.sh
新建/usr/sbin/maildirmake.sh文件
# vi /usr/sbin/maildirmake.sh
#!/bin/bash
set -e
if [ ! -d /var/mailbox/$1 ]
then
mkdir /var/mailbox/$1
fi
chown -R vmail:vmail /var/mailbox/$1
cd "/var/mailbox/$1"
/usr/local/imap/bin/maildirmake $2
chown -R vmail:vmail /var/mailbox/$1/$2
新建/usr/sbin/maildirdel.sh文件
# vi /usr/sbin/maildirmake.sh
#!/bin/bash
rm -rf /var/mailbox/$1/$2
# chmod 755 /usr/sbin/maildirmake.sh
# chmod 755 /usr/sbin/maildirdel.sh
更改postfixadmin目录及postfixadmin/admin目录下的create-mailbox.php文件
在这两个文件的$tQuota = $CONF['maxquota'];行后加一行(postfixadmin/admin目录下的大概在200行,postfixadmin目录下的大概在?行):
# vi /var/www/postfixadmin/admin/create-mailbox.php (vi /var/www/postfixadmin/create-mailbox.php)
system("sudo /usr/sbin/maildirmake.sh $fDomain ".$_POST['fUsername']);
更改postfixadmin目录及postfixadmin/admin目录下的delete.php文件
在这两个文件的$result = db_query ("SELECT * FROM mailbox WHERE username='$fDelete' AND domain='$fDomain'");行后加几行:
# vi /var/www/postfixadmin/admin/delete.php (vi /var/www/postfixadmin/delete.php)
$userarray=explode("@",$fDelete);
$user=$userarray[0];
$domain=$userarray[1];
system("sudo /usr/sbin/maildirdel.sh $domain $user");
10.测试
启动所有服务
# service httpd start
# service mysqld start
# postfix start
# service courier-authlib start
# service courier-imap start
# netstat -ant | grep "LISTEN"
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 :::110 :::* LISTEN
tcp 0 0 :::143 :::* LISTEN
tcp 0 0 :::80 :::* LISTEN
?ostfixadmin中建立一测试帐户
[email protected]
测试smtp
# perl -MMIME::Base64 -e 'print encode_base64("test/@test.com");'
dGVzdEB0ZXN0LmNvbQ==
# perl -MMIME::Base64 -e 'print encode_base64("test");'
dGVzdA==
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 www.test.com ESMTP "Version not Available"
ehlo www.test.com
250-www.test.com
250-PIPELINING
250-SIZE 14336000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
auth login
334 VXNlcm5hbWU6
dGVzdEB0ZXN0LmNvbQ==
334 UGFzc3dvcmQ6
dGVzdA==
235 Authentication successful
测试POP3和IMAP
# telnet localhost 110
+OK Hello there
user
[email protected]
+OK Password required.
pass test
+OK Logged in.
quit
+OK bye-bye
测试maildrop
# maildrop -V 9 -d
[email protected]
maildrop: authlib: groupid=1001
maildrop: authlib: userid=1001
maildrop: authlib:
[email protected], home=/var/mailbox/, mail=test.com/test/
maildrop: Changing to /var/mailbox/
ctrl+c退出
Go to top.
11.webmail
11.1.安装squirrelmail 1.4.5
下载squirrelmail及中文包
# wget http://keihanna.dl.sourceforge.n ... lmail-1.4.5.tar.bz2
# wget http://optusnet.dl.sourceforge.n ... .5-20050904.tar.bz2
把squirreelmail解压到/var/www目录下。
# tar jxvf squirrelmail-1.4.5.tar.bz2 -C /var/www/
# mv /var/www/squirrelmail-1.4.5/ /var/www/squirrelmail
解压中文包
# tar jxvf zh_CN-1.4.5-20050904.tar.bz2 -C /var/www/squirrelmail/
在配置squirrelmail之前先下载三个插件:
Quota Usage Version 1.3
# wget http://www.squirrelmail.org/coun ... ge-1.3-1.2.7.tar.gz
Compatibility Version 2.0.2
# wget http://www.squirrelmail.org/coun ... bility-2.0.2.tar.gz
Change MySQL Password Version 3.2
# wget http://www.squirrelmail.org/coun ... ss-3.2-1.2.8.tar.gz
把这三个插件解压到squirrelmail的plugin目录下
# tar zxvf quota_usage-1.3-1.2.7.tar.gz -C /var/www/squirrelmail/plugins/
# tar zxvf compatibility-2.0.2.tar.gz -C /var/www/squirrelmail/plugins/
# tar zxvf change_mysqlpass-3.2-1.2.8.tar.gz -C /var/www/squirrelmail/plugins/
第一个插件是用来显示邮箱的使用情况的;第二个和第三个插件是用来修改密码的。
如果不想装这些插件,请跳过。
配置Quota Usage
# cd /var/www/squirrelmail/plugins/quota_usage
# cp config.php.sample config.php
配置Change MySQL Password
# cd /var/www/squirrelmail/plugins/change_mysqlpass
# cp config.php.sample config.php
# vi config.php
更改如下几个变量:
$mysql_database = 'postfix';
$mysql_table = 'mailbox';
$mysql_userid_field = 'username';
$mysql_password_field ='password';
$mysql_manager_id = 'postfix';
$mysql_manager_pw = 'postfix';
$mysql_unixcrypt = 0;
$mysql_MD5crypt = 1;
$use_ssl_for_password_change = 0;
配置squirrelmail
# cd /var/www/squirrelmail
# ./configure
进入10. Languages
把1. Default Language : 的en_US改成zh_CN。
进入8. Plugins,添加这三个插件
# chown -R vmail:vmail /var/www/squirrelmail/data/
# chmod -R 730 /var/www/squirrelmail/data/
打开浏览器输入http://192.168.0.5/squirrelmail/,用
[email protected]登陆,你将会在屏幕的左上角看到邮箱的使用情况,你还会看到一条警告信息:
Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /var/www/squirrelmail/plugins/change_mysqlpass/functions.php on line 129
这是由于数据库结构不一致造成的,你只要把functions.php中的129行注释调即可(在行首加//)
12.安装clamav 0.87
# wget http://optusnet.dl.sourceforge.n ... /clamav-0.87.tar.gz
# tar zxvf clamav-0.87.tar.gz
# cd clamav-0.87
# groupadd clamav
# useradd -g clamav -s/sbin/nologin -d/dev/null clamav
# ./configure --prefix=/usr/local/clamav --with-dbdir=/usr/local/share/clamav --disable-zlib-vcheck
# make
# make check
# make install
编辑/usr/local/clamav/etc/clamd.conf
# vi /usr/local/clamav/etc/clamd.conf
#Verbose logging with syslog
LogSyslog
LogVerbose
LogFacility LOG_MAIL
LogFile /var/log/clamav/clamd.log
#Change pid file location
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /usr/local/share/clamav
#Set the clamav socket
LocalSocket /var/run/clamav/clamd
#Close the connection when this limit is exceeded
StreamMaxLength 10M
#Don't run clamd as root
User amavis
#Newer versions require you to uncomment this
ScanMail
ScanArchive
编辑/usr/local/clamav/etc/freshclam.conf
# vi /usr/local/clamav/etc/freshclam.conf
DatabaseDirectory /usr/local/share/clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogSyslog
LogVerbose
DatabaseOwner amavis
#Check for updates every two hours. That is the official recommendation
Checks 12
DatabaseMirror db.CN.clamav.net
DatabaseMirror database.clamav.net
NotifyClamd
注意:一定要注释掉上面两个文件中Example那行
添加amavis用户和组
# groupadd amavis
# useradd -g amavis -s /sbin/nologin -d /dev/null amavis
创建日志文件夹并设置权限
# mkdir /var/log/clamav
# chmod -R 744 /var/log/clamav
# chown -R amavis:amavis /var/log/clamav
# chown -R amavis.amavis /usr/local/share/clamav
# mkdir /var/run/clamav
# chmod 700 /var/run/clamav
# chown amavis.amavis /var/run/clamav
手动更新病毒库
# /usr/local/clamav/bin/freshclam
启动
# /usr/local/clamav/sbin/clamd
Go to top.
13.安装amavisd-new 2.3.3
# wget http://www.ijs.si/software/amavisd/amavisd-new-2.3.3.tar.gz
# tar zxvf amavisd-new-2.3.3.tar.gz
# cd amavisd-new-2.3.3
# mkdir -p /var/amavis /var/amavis/tmp /var/amavis/var /var/amavis/db
# chown -R amavis:amavis /var/amavis
# chmod -R 750 /var/amavis
# cp amavisd /usr/local/sbin/
# chown root /usr/local/sbin/amavisd
# chmod 755 /usr/local/sbin/amavisd
# cp amavisd.conf /etc/
# chown root /etc/amavisd.conf
# chmod 644 /etc/amavisd.conf
# cp amavisd_init.sh /etc/rc.d/init.d/amavisd
# chmod 744 /etc/rc.d/init.d/amavisd
# chkconfig --add amavisd
# chkconfig amavisd on
# vi /etc/rc.d/init.d/amavisd
prog="/usr/local/sbin/amavisd"
病毒邮件存放目录
# mkdir /var/virusmails
# chown amavis:amavis /var/virusmails
# chmod 750 /var/virusmails
Go to top.
编辑/etc/amavisd.conf,修改下面这几行
# vi /etc/amavisd.conf
$max_servers=8;
$daemon_user = 'amavis';
$daemon_group = 'amavis';
$mydomain = 'test.com';
$db_home = "$MYHOME/db";
$inet_socket_port = 10024;
$sa_tag_level_deflt = -100;
$sa_tag2_level_deflt = 6.3;
$sa_kill_level_deflt = $sa_tag2_level_deflt;
$virus_admin = "virusalert/@$mydomain";
$sa_spam_subject_tag = '***SPAM*** ';
$notify_method = $forward_method;
$forward_method = 'smtp:127.0.0.1:10025';
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_DISCARD;
['ClamAV-clamd',
/&ask_daemon, ["CONTSCAN {}/n", "/var/run/clamav/clamd"],
qr//bOK$/, qr//bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
测试amavis
# /usr/local/sbin/amavisd debug
ERROR: MISSING REQUIRED BASIC MODULES:
Time::HiRes
IO::Wrap
Unix::Syslog
Mail::Field
MIME::Words
Net::Server
BEGIN failed--compilation aborted at /usr/local/sbin/amavisd line 141.
根据出错提示,缺什么装什么,我的LANG变量为en_US.UTF-8
# perl -MCPAN -e shell
cpan> install Time::HiRes
cpan> install IO::Wrap
cpan> install Unix::Syslog
cpan> install Mail::Field
cpan> install Compress::Zlib
cpan> install MIME::Words
cpan> install Net::Server
cpan> install BerkeleyDB
cpan> install Convert::TNEF
cpan> install Convert::UUlib
cpan> install Archive::Tar
cpan> install Archive::Zip
cpan> install HTML:arser
cpan> install DB_File
cpan> install Net:NS (提示是否test, 选择no)
cpan> install Digest::SHA1
cpan> install Mail::SpamAssassin (# export LANG=en_US)
期间MIME安装会失败,只好手动安装,跳过测试
# cd /root/.cpan/build/MIME-tools-5.418/
# perl Makefile.PL
# make install
启动
# /usr/local/sbin/amavisd start 或
# service amavisd start
Go to top.
设置postfix
修改/etc/postfix/main.cf
# vi /etc/postfix/main.cf (加入一行)
content_filter = amavis:127.0.0.1:10024
修改/etc/postfix/master.cf
# vi /etc/postfix/master.cf (在最后加上)
# amavisd-new
amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
localhost:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o mynetworks=127.0.0.0/8
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
重新服务
# service postfix restart
# service clamd restart
# service amavisd restart
# netstat -ant | grep LISTEN (应该可以看到这两个端口在监听)
127.0.0.1.10024 *.* 0 0 49152 0 LISTEN
127.0.0.1.10025 *.* 0 0 49152 0 LISTEN
Go to top.
14.安装Spamassassin
前面装amavis的时候已经装好了,如果没装,请按如下方式安装
启动spamd
# /usr/bin/spamd --daemonize --pidfile /var/run/spamd.pid
下载中文垃圾垃圾邮件过滤规则Chinese_rules.cf
# wget -N -P /usr/share/spamassassin www.ccert.edu.cn/spam/sa/Chinese_rules.cf
每次更新Chinese_rules.cf需要重启spamd方法如下
# kill -HUP `cat /var/run/spamd.pid`
自动更新中文垃圾垃圾邮件过滤规则
# vi /etc/crontab (加一行)
0 0 1 * * root wget -N -P /usr/share/spamassassin www.ccert.edu.cn/spam/sa/Chinese_rules.cf;kill -HUP `cat /var/run/spamd.pid`
测试病毒扫描
给该
[email protected]用户发送邮件,包含以下内容:
X5O!P%@AP[4/PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
查看日志,如果出现类似如下提示,则表明成功
Nov 6 22:06:20 localhost postfix/smtp[18276]: 9CEB657E22: to=<
[email protected]>, relay=127.0.0.1[127.0.0.1], delay=2, status=sent (250 2.7.1 Ok, discarded, id=18262-01 - VIRUS: Eicar-Test-Signature)
邮件病毒扫描日志将被记录在/var/log/clamav/clamav.log中!
测试垃圾邮件扫描
给
[email protected]用户发送邮件,包含以下内容:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
查看日志,如果出现类似如下提示,表明成功
Nov 6 22:10:51 localhost amavis[18263]: (18263-01) Blocked SPAM, LOCAL [127.0.0.1] [127.0.0.1] <
[email protected]> -> <
[email protected]>, quarantine: spam-JH2LSCT1MLYg.gz, Message-ID: <
[email protected]>, mail_id: JH2LSCT1MLYg, Hits: 1005.902, 3591 ms
15.启动脚本
postfix的启动脚本:
# cat /etc/rc.d/init.d/postfix
=================================================================
#!/bin/bash
#
# mailsys This shell script takes care of starting and stopping Postfix
# author : xingyu.wang <
[email protected]> 2004/1/28
#
# chkconfig: 2345 80 30
# description: Postfix is a Mail Transport Agent, which is the program
# that moves mail from one machine to another.
#
# processname: mailsys
# pidfile: /var/run/postfix.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -f /usr/sbin/postfix ] || exit 0
RETVAL=0
prog="Postfix"
start() {
# Start daemons.
echo -n $"Starting $prog: "
/usr/sbin/postfix start > /dev/null 2>&1 &
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
touch /var/lock/subsys/postfix
success $"$prog start"
else
failure $"$prog start failure"
fi
echo
return $RETVAL
}
stop() {
# Stop daemons.
echo -n $"Shutting down $prog: "
/usr/sbin/postfix stop > /dev/null 2>&1 &
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
rm -f /var/lock/subsys/postfix
success $"$prog stop"
else
failure $"$prog stop failure"
fi
echo
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload)
stop
start
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart}"
exit 1
esac
exit $RETVA
# chmod 755 /etc/rc.d/init.d/postfix
# chkconfig --level 2345 postfix on
clamav的启动脚本
# vi /etc/rc.d/init.d/clamd
=================================================================
#! /bin/bash
#
# crond Start/Stop the clam antivirus daemon.
#
# chkconfig: 2345 90 60
# description: clamdis a standard UNIX program that scans for Viruses.
# processname: clamd
# config: /usr/local/clamav/etc/clamd.conf
# pidfile: /var/run/clamav/clamd.pid
# Source function library.
. /etc/rc.d/init.d/functions
RETVAL=0
# See how we were called.
prog="clamd"
progdir="/usr/local/clamav/sbin"
# Source configuration
if [ -f /etc/sysconfig/$prog ] ; then
. /etc/sysconfig/$prog
fi
start() {
echo -n $"Starting $prog: "
daemon $progdir/$prog
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/run/clamav/clamd.pid
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/run/clamav/clamd.pid
return $RETVAL
}
rhstatus() {
status clamd
}
restart() {
stop
start
}
reload() {
echo -n $"Reloading clam daemon configuration: "
killproc clamd -HUP
retval=$?
echo
return $RETVAL
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload)
reload
;;
status)
rhstatus
;;
condrestart)
[ -f /var/lock/subsys/clamd ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|status|reload|restart|condrestart}"
exit 1
esac
exit 0
# chmod 755 /etc/rc.d/init.d/clamd
# chkconfig --add clamd
# chkconfig clamd on