FreeBSD(基本系统) + Postfix(MTA 邮件传输代理) + MySQL(后台数据库,
用户保存用户信息) + Cyrus -SASL2(发信认证) + Courier -IMAP(提供POP3/IMAP服务) + MailDrop(MDA 邮件投递代理) + amavisd-new(内容过滤) + Spamassassin(反垃圾邮件) + Clamav(杀毒) + Extman (后台用户管理) + ExtMail( 一个高效率的webmail)
作者:冯勇 fengyongchuang # yahoo.com.cn (≠%26amp;键盘人生$:71633908)
日期:2006-03-09
技术支持网站:www.extmail.org
QQ群:
网管之家: 5929685
网管之家-UNIX:3791457
Extmail 群/postfix 1: 6769767
Extmail 群/postfix 2: 18051473
版权所有,复制或转载时请保留作者信息。尊重他人的劳动成果就等于尊重自己。
如有问题请到下面网址提问:
http://www.extmail.org/forum/archive/2/0603/1216.html
前言
1、感谢HZQBBC 多年来的帮助,让我对LINUX /UNIX 有所了解。
2、本人文笔不好,欢迎拍砖。
3、本文通过一步一个软件,一个软件一次性设置的方式让你了解如何组建一个邮件系统。
4、建议:良好的电脑基础会使你事半功倍,至少你要明白互联网上的一些常用服务的原理,如:web/ftp/dns/mail(mta/mua/mda)及了解什么是TCP/IP协议。
5、对了BSD 操作不熟的兄弟建议看Freebsd 的Handbook。
http://cnsnap.cn.freebsd.org/doc/zh_CN.GB2312/books/handbook/index.html
6、对于英文不太好的兄弟建议使用IBM 智能词典。
http://www.google.com/search?hl=zh-CN%26amp;q=IBM%E6%99%BA%E8%83%BD%E8%AF%8D%E5%85%B8%26amp;lr=
7、要多想多做多动脑(大脑生来就是为了思考的,不用会生锈),要懂得如何去使用google/baidu 寻找你需要的东西,可能你遇到的问题人家已经遇过并解决了。
8、认真观察安装过程、日志文件是寻找错误的关键。
9、古语云:冰冻三尺非一日之寒,当你第N 次安装失败时,千万别恢心,成功往往就与你擦肩而过。回头认真看文档,回想自己的操作,整理好思路。相信自己一定会成功。
10、FreeBSD 通过ports 安装总是花上不少时间在下载文件及编译, 建议你多喝水或为自己准备一杯咖啡,编译的时候走走运动一下也是个不错的主意。
最后献上我用了六年的座右铭:靠山山倒,靠人人倒,靠自己最好!
更新:
1、接上编<Freebsd 6.0 +Postfix + MySQL+Cyrus-SASL2 +Courier-IMAP + Clamav+Mailscanner+Extman+Extmail>对内容进行了修改。
2、把mailscanner 换成amavisd-new。
3、增加了maildrop 作为邮件的投递代理。
4、更详细的安装过程。
5、以HTML 方式发布,方便兄弟们复制命令。
6、去掉了zend/ftp/openssl 的安装 。
7、加入了atni-spam.org.cn 的cdl服务 从而更有效拒绝垃圾邮件。
快速索引
一、设置你的DNS
二、安装Freebsd
三、安装mysql
四、安装apahce
五、安装邮件系统
六、测试系统
七、安装反垃圾邮件
八、安装extmail/extman
一、设置你的DNS
很多人经常问为什么我的邮件服务器向163.com /sina.com/yahoo.com.cn...都能收到,为什么回复的邮件却收不到,原因很简单,因为这些服务器不能找到你的域名的A记录或MX 记录。很多人在安装时使用的域都是不合法的域名,即未经注册的DNS FQDN(完全限定名)。如果你没有申请合法的域名,可以到 comexe.cn 3322.org 申请一个动态域名来收发邮件。
本例中以 extmail.org 这个域为例 ,主机名为mail ,邮件服务器建立在DDNS 之上。
打开windows 的CMD 使用nslookup 查询extmail.org 的MX记录,如果你自己拥有固定IP可以创建自己的DNS,如果你使用的是新网或其它域名供应商,进入后台添加一个记录即可,供体参考DNS 相关的内容。
C:\>nslookup -type=mx extmail.org 221.4.66.66Server: ns2.cnc-gd.netAddress: 221.4.66.66DNS request timed out. timeout was 2 seconds.Non-authoritative answer:extmail.org MX preference = 20, mail exchanger = mx.extmail.orgextmail.org nameserver = ns2.xinnetdns.comextmail.org nameserver = ns.xinnet.cnextmail.org nameserver = ns.xinnetdns.comextmail.org nameserver = ns2.xinnet.cnmx.extmail.org internet address = 210.21.119.139ns.xinnet.cn internet address = 210.51.171.209ns.xinnetdns.com internet address = 210.51.170.66ns2.xinnet.cn internet address = 210.51.170.67ns2.xinnetdns.com internet address = 210.51.170.67作为windows 高手的你,这点小事难不到你吧 。
二、安装Freebsd
A、系统分区
很多人在使用自己的作业系统时,不知道如何对系统分区,对于分区方案没有最好的,只是跟据自己的情况去分。
下面是我的分区方案。
硬盘为120G ,/(根)1G 左右就差不多了,但考滤到/root 工作目录也在这里,所以分大一点。
/home/data 主要是用来存放Email /ftp用户的数据
/tmp 1G 也是考虑到临时文件多,所以给大也点。
/usr/ 10G 因为要安装软件,还有下载的软件,我没有装GUI 所以只分了10G我认为足够了。
/var 3G这个目录存放的东西比较多,如日志、邮件的临时目录,如果空间不够amavisd-new 无法解开邮件进行杀毒。
%df -h Filesystem Size Used Avail Capacity Mounted on /dev/ad0s1a 1.9G 481M 1.3G 26% / devfs 1.0K 1.0K 0B 100% /dev /dev/ad0s1g 92G 353M 84G 0% /home/data /dev/ad0s1e 989M 224K 910M 0% /tmp /dev/ad0s1f 9.7G 1.8G 7.1G 20% /usr /dev/ad0s1d 2.9G 105M 2.6G 4% /var 以上方案不是最好的,咸鱼白菜各有所好。
B、安装基本系统
对于系统的安装,我选择了minimal(最小系统)和ports ,因为有些没必要的包就不装,减少系统体积,另外作为一台服务器,我从来不装GUI 。
下载BSD时,只需要下载DISK 1 就行了,缺少的软件包可以通过网络安装。
点击查看大图
C、配置系统
如果你在安装后期没有配置系统,在系统启动完成后以root的身份登陆系统,运行sysinstall 进行设置,或通过ee编辑器编辑/etc/rc.conf文件,在这里提醒各位,一会大多数服务都需要在/etc/rc.conf加入启动内容才能正常启动。
设置好固定IP,或通过DHCP 自动分配置机器IP。使用SSH 客户端进行管理服务器将会为你的工作提供方便。
使用SSH 要注意:
a、不能用root直接登陆,需要添加一个新用户,指定到wheel 组,用此用户登陆后用使用 su - 提升到管理员。
b、 以我的SecureCRT 为例,Session options ->Authentication ->Primary 选择keyboard Interactive
c、如果你要使用像LINUX 一样的彩色显示,需要把 Emulation -> Terminal ->Xterm 选中ANSI Color 并在/etc/csh.cshrc加入
setenv LSCOLORS ExGxFxdxCxegedabagExEx setenv CLICOLOR yesset autolist然后执行
sed -i.bak -E s/set\ prompt/#set\ prompt/g /root/.cshrc退出重新登陆即可看到彩色目录了。
D、更新软件包
采用Freebsd 最好的地方就是安装软件方便,还可以装到最新的软件包,这就是强大的posts 系统。如果你的系统在安装时没有选择posts ,具休如何操作看BSD 的handbook.
CVSUP 的站点很多,你可以选择离你最快的站点去更新posts ,具体查看 freebsd.org /freebsdchina.org.cn
在使用cvsup之前你必须连接到互联网,并需要安装cvsup 这个软件
假如你的服务器在内网里,并通过DMZ 进行IP映射,可以参考下面设置:
sshd_enable="YES"fsck_y_enable="YES"hostname="mail.extmail.org"ifconfig_rl0="inet 192.168.1.1 netmask 255.255.255.0" defaultrouter="192.168.1.1"如果你使用的是ADSL 拔号
a、修改/etc/ppp/ppp.conf
default:set log Phase tun command # you can add more detailed logging if you wishset ifaddr 10.0.0.1/0 10.0.0.2/0 adsl: set device PPPoE:vr0 # 将vr0 改为你拔号的网卡 set authname 你的ADSL 帐号 set authkey 你的ADSL密码 set dial set login add default HISADDR b、/etc/rc.conf 内容
inetd_enable="YES"sshd_enable="YES"fsck_y_enable="YES"hostname="mail.extmail.org"ifconfig_rl0="inet 192.168.1.1 netmask 255.255.255.0" ppp_enable="YES" #YES or NOppp_mode="ddial" #"auto", "ddial", "direct" or "dedicated".ppp_nat="YES" # if you want to enable nat for your local network, otherwise NOppp_profile="adsl" #/etc/ppp/ppp.conf c、安装cvsup-without-gui
%cd /usr/ports/net/cvsup-without-gui/ %make install clean d、更新ports
安装完cvsup软件后,对ports 进行更新
%/usr/local/bin/cvsup -gL 2 -h cvsup4.freebsdchina.org /usr/share/examples/cvsup/ports-supfile其实FreeBSD 一点也不难,我没有说错吧 !
三、安装数据库 MySQL
MySQL 版本很多,大家可以据自己需要自行安装。
%cd /usr/ports/databases/mysql41-server/%make install clean在/etc/rc.conf 加入
mysql_enable="YES"复制配置文件(非必需)
cp /usr/local/share/mysql/my-small.cnf /usr/local/etc/my.cnf在此说明:
1、如果不在/etc/rc.conf 加入以上内容,手工是无法启动MySQL的。
2、如果你想知道这个软件应该在/etc/rc.conf加入什么内容,打开/usr/local/etc/rc.d 目录,找到此软件的启动脚本。然后打开文件,如果有详细的说明。
%/usr/local/etc/rc.d/mysql-server.sh start Starting mysql.如何去检查一个服务是否正常启动:1、通过ps查看进程,2、检查所打开的端口。
%ps aux|grep mysqlmysql 94899 0.2 0.5 1644 1240 p0 S 3:52PM 0:00.07 /bin/sh /usr/local/bin/mysqld_safe --mysql 94919 0.0 10.8 55564 27428 p0 S 3:52PM 0:01.54 /usr/local/libexec/mysqld --defaults-%%netstat -an|grep 3306tcp4 0 0 *.3306 *.* LISTENMySQL安装时,服务器的密码为空,建议你装好系统后,第一时间去更改密码。
%/usr/local/bin/mysqladmin -u root -p password 你的新密码 Enter password: 如果你服务器只供本站内部使用建议在 my.cnf 里加入下面内容,以增加服务器的安全性。
[mysqld]bind_address=127.0.0.1
四、安装Apache
1、安装apache server
作为网络的今天apache web服务器已经是街知港闻了。
%cd /usr/ports/www/apache22/%make install clean在/etc/rc.conf 中加入:
apache22_enable="YES"如果启动时出现httpd: Could not reliably determine the server's fully qualified domain name, using mail.sharesky.cn for ServerName 的错误,在/usr/local/etc/apache22/httpd.conf 约第144行的位置加入下面的内容。
ServerName mail.extmail.org启动apahce
%/usr/local/etc/rc.d/apache22.sh startPerforming sanity check on apache22 configuration:Syntax OKStarting apache22.2、安装PHP
%cd /usr/ports/www/mod_php4/%make install clean Options for mod_php4 4.4.2_1,1 x x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x x x [ ] DEBUG Enable debug x x x x [X] MULTIBYTE Enable zend multibyte support x x x x [ ] IPV6 Enable ipv6 support x x x x [X] OPENSSL Build static OpenSSL extension 在/usr/local/etc/apache22/httpd.conf 里加入
AddType application/x-httpd-php .phpAddType application/x-httpd-php-source .phps加入目录索引 index.php,约在httpd.conf 的212行
DirectoryIndex index.html index.phprestart或reload Apache 使之生效
%/usr/local/etc/rc.d/apache22.sh reloadPerforming sanity check on apache22 configuration:Syntax OKPerforming a graceful restart3、安装PHP 扩展
%cd /usr/ports/lang/php4-extensions/%make install clean在这里建议大家,如果没有必要尽量不要安装GD库免得浪费时间,大家可据自己需要选择安装模块
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Options for php4-extensions 1.0 x x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x x x [ ] BCMATH bc style precision math functions x x x x [X] BZ2 bzip2 library support x x x x [ ] CALENDAR calendar conversion support x x x x [ ] CRACK crack support x x x x [X] CTYPE ctype functions x x x x [X] CURL CURL support x x x x [ ] DBA dba support x x x x [ ] DBASE dBase library support x x x x [ ] DBX dbx support x x x x [ ] DIO Direct I/O support x x x x [ ] DOMXML DOM support x x x x [ ] EXIF EXIF support x x x x [ ] FILEINFO fileinfo support x x x x [ ] FILEPRO filePro support x x x x [ ] FRIBIDI FriBidi support x x [X] FTP FTP support x x x x [ ] GD GD library support x x x x [X] GETTEXT gettext library support x x x x [ ] GMP GNU MP support x x x x [X] ICONV iconv support x x x x [ ] IMAGICK ImageMagick support x x x x [X] IMAP IMAP support x x x x [ ] INTERBASE Interbase 6 database support (Firebird) x x x x [ ] LDAP OpenLDAP support x x x x [X] MBSTRING multibyte string support x x x x [ ] MCAL Modular Calendar Access Library support x x x x [X] MCRYPT Encryption support x x x x [ ] MCVE MCVE support x x x x [ ] MHASH Crypto-hashing support x x x x [ ] MING ming shockwave flash support x x x x [ ] MNOGOSEARCH mnoGoSearch support x x x x [ ] MSSQL MS-SQL database support x x x x [X] MYSQL MySQL database support x x x x [ ] NCURSES ncurses support (CLI only) x x x x [ ] ODBC unixODBC support x x x x [X] OPENSSL OpenSSL support x x x x [ ] ORACLE Oracle support x x x x [X] OVERLOAD user-space object overloading support x x x x [ ] PANDA panda support x x x x [ ] PCNTL pcntl support (CLI only) x x x x [X] PCRE Perl Compatible Regular Expression support x x x x [ ] PDF PDFlib support (implies GD) x x x x [ ] PFPRO PayFlow Pro support x x x x [ ] PGSQL PostgreSQL database support x x x x [X] POSIX POSIX-like functions x x x x [ ] PSPELL pspell support x x x x [ ] READLINE readline support (CLI only) x x x x [ ] RECODE recode support x x x x [X] SESSION session support x x x x [ ] SHMOP shmop support x x x x [ ] SNMP SNMP support x x x x [ ] SOCKETS sockets support x x x x [ ] SYBASE_CT Sybase database support x x x x [ ] SYSVMSG System V message support x x x x [ ] SYSVSEM System V semaphore support x x x x [ ] SYSVSHM System V shared memory support x x x x [X] TOKENIZER tokenizer support x x x x [ ] WDDX WDDX support (implies XML) x x x x [X] XML XML support x x x x [ ] XMLRPC XMLRPC-EPI support x x x x [ ] XSLT XSLT Sablotron support x x x x [ ] YAZ YAZ support (ANSI/NISO Z39.50) x x x x [ ] YP YP/NIS support x x x x [ ] ZIP ZIP support x x x x [X] ZLIB ZLIB support x x 4、安装phpmyadmin 管理数据库
为了去除无聊的安装过程,这里选择手工安装,先下载软件包,然后解压,再复制到/usr/local/www/apache22/data 下面
%cd /usr/ports/databases/phpmyadmin/%make fetch%cd /usr/ports/distfile%tar jxvf phpMyAdmin-2.7.0-pl2.tar.bz2%cp -r /usr/ports/distfiles/phpMyAdmin-2.7.0-pl2 /usr/local/www/apache22/data/phpmyadmin大家注意,可能你下载的版本与我下载的不一样,不能照搬。
设置phpmyadmin
%cd /usr/local/www/apache22/data/phpmyadmin/%ee config.default.php 将$cfg['Servers'][$i]['auth_type'] = 'config'; 改为
$cfg['Servers'][$i]['auth_type'] = 'http'; 打开http://ip/phpmyadmin 就可以管理你的mysql 数据库了
5、安装extman
extman 是extmail用户后台管理系统,官方网站为www.extmail.org 下载解压
%tar zxvf extman-13-20060102.tar.gz%cd extman-0.13-20060102/docs%mysql -u root -p extmail.sql添加了两个MySQL用户1、只读用户:extmail 密码:extmail2、读/写用户:webman 密码:webman init.sql 里,对extmail数据库添加了下面的记录a、添加了一个别名记录 support@extmail.org ->test@extmail.orgb、增加了 extmail.org 域 c、增加了test@extmail.org的邮箱密码为test。d、增加了extman 的管理员root@extmail.org 密码为extmail 五、安装邮件系统安装下面三个软件要注意先后顺序1、安装 Courier-IMAP%cd /usr/ports/mail/courier-imap/%make install clean选择openssl、MySQL在/etc/rc.conf 加入courier_authdaemond_enable="YES"courier_imap_pop3d_enable="YES"courier_imap_imapd_enable="YES"修改authdaemond的权限%/usr/local/etc/rc.d/courier-authdaemond.sh start%chmod -R +x /var/run/authdaemond/ authdaemond 启动完成后,检查/var/run/authdaemond 下面是否产生socket 文件,因为认证时是通过这个文件读取密码的。设置/usr/local/etc/authlib/authdaemonrc%mv authdaemonrc authdaemonrc.bakee authdaemonrc在authdaemonrc 加入下面的内容authmodulelist="authmysql"authmodulelistorig="authmysql"version="authdaemond.mysql"daemons=5 authdaemover=/var/run/authdaemond subsystem=mail DEBUG_LOGIN=2 DEFAULTOPTIONS="wbnodsn=1" 上面DEBUG_LOGIN=2 是为了调试方便,等系统完全测试完成,可改为 0,即不显示调试信息。 设置/usr/local/etc/authlib/authmysqlrc%mv authmysqlrc authmysqlrc.bakee authmysqlrc加入下面的内容MYSQL_SERVER localhostMYSQL_USERNAME extmailMYSQL_PASSWORD extmailMYSQL_PORT 0MYSQL_OPT 0MYSQL_DATABASE extmailMYSQL_SELECT_CLAUSE SELECT username,password,"",uidnumber,gidnumber,\ CONCAT('/home/data/domains/',homedir), \ CONCAT('/home/data/domains/',maildir), \ quota, \ name \ FROM mailbox \ WHERE username = '$(local_part)@$(domain)' 大家要注意,我的邮件保存的目录是/home/data/domains ,你可以跟据你的需要改为自己的目录。用户名和密码是extmail 这个具体需要看extman 软件包中的docs 目录中的extmail.sql,很多人无法通上发信认证,很可能以上面两个文件配置有关。创建pop3/imap 的配置文件%cp pop3d.cnf.dist pop3d.cnf%cp imapd.cnf.dist imapd.cnf修改/usr/local/etc/courier-imap/pop3d (不修改也行) POP3AUTH="LOGIN CRAM-MD5 CRAM-SHA1"修改/usr/local/etc/courier-imap/imapd(不修改也行) IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA"2、安装 Cyrus-SASL2 %cd /usr/ports/security/cyrus-sasl2%make install WITH_AUTHDAEMON=yes创建 /usr/local/lib/sasl2/smtpd.conf 加入下面的内容 pwcheck_method:authdaemondlog_level:3mech_list:PLAIN LOGINauthdaemond_path:/var/run/authdaemond/socket3、安装Postfix%cd /usr/ports/mail/postfix%make install clean选择SASL2 、TLS、MySQL、VDA ,安装过程中有两个提问,直接按回车,使用系统默认的回答。 %echo postfix: root >> /etc/aliases%/usr/local/bin/newaliases%ln -s /usr/local/sbin/sendmail /usr/sbin/sendmail如果出现ln: /usr/sbin/sendmail: File exists 提示,把/usr/sbin/sendmail改名再链接。设置postfix 随系统启动postfix_enable="YES" sendmail_enable="NO" sendmail_submit_enable="NO" sendmail_outbound_enable="NO"sendmail_msp_queue_enable="NO"创建/etc/periodic.conf 加入下面的内容daily_clean_hoststat_enable="NO"daily_status_mail_rejects_enable="NO"daily_status_include_submit_mailq="NO"daily_submit_queuerun="NO"配置/usr/local/etc/postfix/main.cf ,在你安装时,只需要修改####BASE#### 部分即可 %mv main.cf main.cf.bak这个配置文件已经加入了maildrop的支持###################BASE##################myhostname=mail.extmail.org #机器的名字mydomain = extmail.org #你的域名mydestination = $myhostnamelocal_recipient_maps = command_directory = /usr/local/sbin#local_transport = virtualsmtpd_banner = extmail.org ESMTP Mail Systemmessage_size_limit = 14680064 #邮件大小#mailbox_size_limit = 512000000#################MySQL################virtual_alias_maps =mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf#virtual_gid_maps = static:125#virtual_gid_maps = static:1000virtual_mailbox_base = /home/data/domains #邮件保存的目录virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf#virtual_mailbox_limit = 512000000virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf#virtual_minimum_uid = 125#virtual_minimum_uid = 1000#virtual_transport = virtualvirtual_transport = maildrop:maildrop_destination_recipient_limit = 1 #virtual_uid_maps = static:125#virtual_uid_maps = static:1000################Quota################virtual_create_maildirsize = yesvirtual_mailbox_extended = yesvirtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cfvirtual_mailbox_limit_override = yesvirtual_maildir_limit_message = Sorry,the user's Maildir has overdrawn his diskspace quota ,please tray again later.virtual_overquota_bounce = yes##############SASL####################smtpd_sasl_auth_enable = yessmtpd_sasl2_auth_enable = yessmtpd_sasl_security_options = noanonymousbroken_sasl_auth_clients = yessmtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, reject_rbl_client cbl.anti-spam.org.cn #CBL 服务器 具体请看anti-spam.org.cn#注意上面几行前面是有空格的。readme_directory = nosample_directory = /usr/local/etc/postfixsendmail_path = /usr/local/sbin/sendmailhtml_directory = nosetgid_group = maildropmanpage_directory = /usr/local/mandaemon_directory = /usr/local/libexec/postfixnewaliases_path = /usr/local/bin/newaliasesmailq_path = /usr/local/bin/mailqqueue_directory = /var/spool/postfixmail_owner = postfix以下四个文件在extman 软件包Docs 目录里,使用时,直接复制到/usr/local/etc/postfix 目录即可。mysql_virtual_alias_maps.cfuser = extmailpassword = extmailhosts = localhostdbname = extmailtable = aliasselect_field = gotowhere_field = addressadditional_conditions = AND active = '1'mysql_virtual_domains_maps.cfuser = extmailpassword = extmailhosts = localhostdbname = extmailtable = domainselect_field = descriptionwhere_field = domainadditional_conditions = AND active = '1'mysql_virtual_mailbox_maps.cfuser = extmailpassword = extmailhosts = localhostdbname = extmailtable = mailboxselect_field = maildirwhere_field = usernameadditional_conditions = AND active = '1'mysql_virtual_mailbox_limit_maps.cfuser = extmailpassword = extmailhosts = localhostdbname = extmailtable = mailboxselect_field = quotawhere_field = usernameadditional_conditions = AND active = '1'至此postfix 基本设置完成,但还不能收发邮件。4、安装maildrop我们在设置邮件服务器时MTA 部分还是使用posfix 本身的帐户进行处理邮件,由于maildrop 不能和postfix 与同一用户身份处理邮件,所以我们新开一个用户用户maildrop 处理。 添加vgroup pw groupadd vgroup -g 1000添加vuser%pw useradd vuser -g 1000 -u 1000 -s /sbin/nologin -d /sbin/nologin -c "virtual mail user"安装maildrop,记得要把WITH_AUTHLIB=yes 加上 %cd /usr/ports/mail/maildrop%make install WITH_AUTHLIB=yes选择AUTH_MYSQL lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Options for maildrop 2.0.1 x x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x x x [ ] AUTH_LDAP LDAP support x x x x [X] AUTH_MYSQL MySQL support x x x x [ ] AUTH_PGSQL PostgreSQL support x x x x [ ] AUTH_USERDB Userdb support x x x x [ ] AUTH_VCHKPW Vpopmail/vchkpw support x x 修改/usr/local/etc/postfix/master.cf ,把maildrop 原先已有的记录注译(即删除旧记录),加上下面的内容maildrop unix - n n - - pipe flags=DRhu user=vuser argv=/usr/local/bin/maildrop -d ${user}@${nexthop} ${recipient} ${user} ${extension} ${nexthop}设置邮件存储目录%mkdir -p /home/data/domains/extmail.org/test%/usr/local/bin/maildirmake /home/data/domains/extmail.org/test/Maildir%chown -R 1000:1000 domains/ 至此,我们的邮件系统基础部分已经安装完成了。重启系统,开始进行测试。 六、测试系统1、测试maildrop 是否正常建议进入系统后去检查/etc/rc.conf 中的服务是否正常。 注意邮件系统用户名格式是:user@domain.ltd ,是支持多域的,和平时用的有点不一样。用SecureCRT 新开 二个窗口,其中一个用于输入命令,一个查看maillog%tail -f /var/log/maillog观察下面的操作,证明maildrop 已投递正常 %echo "test" | maildrop -V 10 -d test@extmail.orgmaildrop: authlib: groupid=1000maildrop: authlib: userid=1000maildrop: authlib: logname=test@extmail.org, home=/home/data/domains/extmail.org/test, mail=/home/data/domains/extmail.org/test/Maildir/maildrop: Changing to /home/data/domains/extmail.org/testMessage start at 0 bytes, envelope sender=test@extmail.orgmaildrop: Attempting .mailfilterWARN: quota string '5242880' not parseablemaildrop: Delivery complete.maillog 将会有如下显示Mar 10 14:39:58 mail authdaemond: Authenticated: sysusername=, sysuserid=1000, sysgroupid=1000, homedir=/home/data/domains/extmail.org/test, address=test@extmail.org, fullname=Test user, maildir=/home/data/domains/extmail.org/test/Maildir/, quota=5242880, options=Mar 10 14:39:58 mail authdaemond: Authenticated: clearpasswd=, passwd={crypt}uywiuN.XggXXc2、测试postfix 由于在发信认证时使用的是BASE64 编码,所以要把用户名和密码转BASE64 格式,在此前需要安装 p5-MIME-BASE64%cd /usr/ports/converters/p5-MIME-Base64/%make install测试用户test@extmail.org 密码 test%perl -MMIME::Base64 -e 'print encode_base64("test\@extmail.org");' dGVzdEBleHRtYWlsLm9yZw==%perl -MMIME::Base64 -e 'print encode_base64("test");' dGVzdA==看下面的测试过程%telnet localhost 25Trying ::1...telnet: connect to address ::1: Connection refusedTrying 127.0.0.1...Connected to localhost.Escape character is '^]'.220 sharesky.cn ESMTP Mail Systemehlo test.com250-mail.extmail.org250-PIPELINING250-SIZE 14680064250-VRFY250-ETRN250-AUTH LOGIN PLAIN250-AUTH=LOGIN PLAIN250 8BITMIMEauth login334 VXNlcm5hbWU6dGVzdEBleHRtYWlsLm9yZw==334 UGFzc3dvcmQ6dGVzdA==235 Authentication successfulmail from:250 Okrcpt to:250 Okdata354 End data with .this is a test..250 Ok: queued as 23CEE5C38quit221 ByeConnection closed by foreign host.下面是系统所产生的maillogMar 10 14:47:45 mail postfix/smtpd[1090]: connect from localhost[127.0.0.1]Mar 10 14:47:57 mail authdaemond: Authenticated: sysusername=, sysuserid=1000, sysgroupid=1000, homedir=/home/data/domains/extmail.org/test, address=test@extmail.org, fullname=Test user, maildir=/home/data/domains/extmail.org/test/Maildir/, quota=5242880, options=Mar 10 14:47:57 mail authdaemond: Authenticated: clearpasswd=test, passwd={crypt}uywiuN.XggXXcMar 10 14:48:13 mail postfix/smtpd[1090]: 23CEE5C38: client=localhost[127.0.0.1], sasl_method=login, sasl_username=test@extmail.orgMar 10 14:48:18 mail postfix/cleanup[1135]: 23CEE5C38: message-id=<20060310144813.23CEE5C38@mail.extmail.org>Mar 10 14:48:18 mail postfix/qmgr[669]: 23CEE5C38: from=, size=341, nrcpt=1 (queue active)Mar 10 14:48:19 mail authdaemond: Authenticated: sysusername=, sysuserid=1000, sysgroupid=1000, homedir=/home/data/domains/extmail.org/test, address=test@extmail.org, fullname=Test user, maildir=/home/data/domains/extmail.org/test/Maildir/, quota=5242880, options=Mar 10 14:48:19 mail authdaemond: Authenticated: clearpasswd=, passwd={crypt}uywiuN.XggXXcMar 10 14:48:19 mail postfix/pipe[1136]: 23CEE5C38: to=, relay=maildrop, delay=14, status=sent (extmail.org)Mar 10 14:48:19 mail postfix/qmgr[669]: 23CEE5C38: removedMar 10 14:48:20 mail postfix/smtpd[1090]: disconnect from localhost[127.0.0.1]测试pop3收邮件%telnet localhost 110Trying ::1...telnet: connect to address ::1: Connection refusedTrying 127.0.0.1...Connected to localhost.Escape character is '^]'.+OK Hello there.user test@extmail.org+OK Password required.pass test+OK logged in.list+OK POP3 clients that break here, they violate STD53.1 62 403.retr 1+OK 6 octets follow.test.retr 2+OK 403 octets follow.Return-Path: Delivered-To: test@extmail.orgReceived: from test.com (localhost [127.0.0.1]) by mail.extmail.org (Postfix) with ESMTP id 23CEE5C38 for ; Fri, 10 Mar 2006 14:48:05 +0000 (UTC)Message-Id: <20060310144813.23CEE5C38@mail.extmail.org>Date: Fri, 10 Mar 2006 14:48:05 +0000 (UTC)From: test@test.comTo: undisclosed-recipients:;this is a test..quit+OK Bye-bye.Connection closed by foreign host.所产生的maillogMar 10 16:17:56 mail authdaemond: Authenticated: sysusername=, sysuserid=1000, sysgroupid=1000, homedir=/home/data/domains/extmail.org/test, address=test@extmail.org, fullname=Test user, maildir=/home/data/domains/extmail.org/test/Maildir/, quota=5242880, options=Mar 10 16:17:56 mail authdaemond: Authenticated: clearpasswd=test, passwd={crypt}uywiuN.XggXXcMar 10 16:17:57 mail pop3d: LOGIN, user=test@extmail.org, ip=[127.0.0.1]Mar 10 16:18:15 mail pop3d: LOGOUT, user=test@extmail.org, ip=[127.0.0.1], top=0, retr=397, time=18至此,我们已经成功安装了一个邮件系统,下面我们再去增加内容过滤和反垃圾邮件部分还成web部分,成功已经离我们不远了,鼓起干劲,冲啊~~!~!~!~~~RUSH... 七、安装反垃圾邮件1、安装amavisd-new内容过滤我们采用了amavisd-new ,主要考滤到amavsid-new 配置方便,当然你也可以使用mailscanner,还是那一句,咸鱼白菜,各有所好。%cd /usr/ports/security/amavisd-new/%make install clean只选择MYSQL在安装Amavisd-new 时,系统会自动把Spamassassin 装上去 lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Options for p5-Mail-SpamAssassin 3.1.0_6 x x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x x x [X] AS_ROOT Run spamd as root (recommended) x x x x [ ] DOMAINKEYS DomainKeys support x x x x [X] SSL Build with SSL support for spamd/spamc x x x x [X] MYSQL Add MySQL support x x x x [ ] PGSQL Add PostreSQL support x x x x [ ] RAZOR Add Vipul's Razor support x x x x [ ] SPF_QUERY Add SPF query support x x x x [ ] RELAY_COUNTRY Relay country support x x x x [X] TOOLS Install SpamAssassin tools x x 在/etc/rc.conf 加入下面的内容 amavisd_enable="YES"spamd_enable="YES"修改 /usr/local/etc/amavisd.conf$mydomain = 'extmail.org'; 垃圾邮件病毒通知$virus_admin = "postmaster\@$mydomain"; # notifications recip.$mailfrom_notify_admin = "postmaster\@$mydomain"; # notifications sender$mailfrom_notify_recip = "postmaster\@$mydomain"; # notifications sender$mailfrom_notify_spamadmin = "postmaster\@$mydomain"; # notifications sender$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef去除对附件的转换$banned_filename_re = new_RE(#把中间的内容全部加上#);加入对Clamav 的支持# ### http://www.clamav.net/ ['ClamAV-clamd', \%26amp;ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], 在/usr/local/etc/postfix/main.cf 加入content_filter = smtp-amavis:[127.0.0.1]:10024在/usr/local/etc/postfix/master.cf 加入smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 重启postfix%/usr/local/etc/rc.d/postfix.sh restartpostfix/postfix-script: stopping the Postfix mail systempostfix/postfix-script: starting the Postfix mail system对于Spamassassin 配置文件/usr/local/etc/mail/spamassassin/local.cf 请参考http://spamassassin.apache.org/配置工具http://www.yrex.com/spam/spamconfig.php 调试amavisd-new%su vscan$ /etc/sbin/amavisd debug如果没有出现任何错误,证明你的amavisd-new 正常。2、安装Clamavclamav 用于邮件杀毒%cd /usr/ports/security/clamav%make install clean可以什么都不选,直接回车clamav_clamd_enable="YES"clamav_freshclam_enable="YES"修改/usr/local/etc/clamd.conf 让其以vscan 身份运行(约145行)#User clamavUser vscan修改/usr/local/etc/freshclam.conf#DatabaseOwner clamavDatabaseOwner vscan修目录权限%chown -R vscan:vscan /var/log/clamav%chown -R vscan:vscan /var/run/clamav%chown -R vscan:vscan /var/db/clamav启动clamav 与 自动更新%/usr/local/etc/rc.d/clamav-clamd.sh start%/usr/local/etc/rc.d/clamav-freshclam.sh start3、测试%telnet localhost 25Trying ::1...telnet: connect to address ::1: Connection refusedTrying 127.0.0.1...Connected to localhost.mold.com.cn.Escape character is '^]'.220 extmail.org ESMTP Mail Systemehlo test.com250-mail.mold.com.cn250-PIPELINING250-SIZE 14680064250-VRFY250-ETRN250-AUTH LOGIN PLAIN250-AUTH=LOGIN PLAIN250 8BITMIMEmail from:250 Okrcpt to:250 Okdata354 End data with .X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*.250 Ok: queued as F19692E084quit221 ByeConnection closed by foreign host.所产生的maillogMar 10 18:19:25 mail postfix/smtpd[797]: connect from localhost[127.0.0.1]Mar 10 18:19:25 mail postfix/smtpd[797]: CD31B5C25: client=localhost[127.0.0.1]Mar 10 18:19:25 mail postfix/cleanup[793]: CD31B5C25: message-id=Mar 10 18:19:25 mail postfix/qmgr[789]: CD31B5C25: from=, size=1670, nrcpt=1 (queue active)Mar 10 18:19:26 mail postfix/smtpd[797]: disconnect from localhost[127.0.0.1]Mar 10 18:19:26 mail amavis[458]: (00458-01) Blocked INFECTED (Eicar-Test-Signature), [127.0.0.1] -> , quarantine: virus-Q0WNU5+REDjW, Message-ID: <20060310181918.954D75C24@mail.extmail.org>, mail_id: Q0WNU5+REDjW, Hits: -, 1567 msMar 10 18:19:26 mail postfix/smtp[794]: 954D75C24: to=, relay=127.0.0.1[127.0.0.1], delay=14, status=sent (250 2.7.1 Ok, discarded, id=00458-01 - VIRUS: Eicar-Test-Signature)Mar 10 18:19:26 mail postfix/qmgr[789]: 954D75C24: removedMar 10 18:19:26 mail postfix/smtpd[791]: disconnect from localhost[127.0.0.1]观看红色的地方,病毒已经找到,并隔离了。随之这封邮件被系统删除。至此空容过滤杀毒部分已经完,这个时候应该休息一下,喝杯水,接下来完成最后的工作。 八、安装extmail /extman 1、设置apache 的运行身份修改/usr/local/etc/apache22/httpd.conf #User www#Group wwwUser vuserGroup vgroup在httpd.conf 加入下面的内容Alias /extman/cgi/ /usr/local/www/apache22/cgi-bin/extman/cgi/Alias /extman /usr/local/www/apache22/cgi-bin/extman/html/SetHandler cgi-scriptOptions +ExecCGIAllowOverride All# config for ExtMail Alias /extmail/cgi/ /usr/local/www/apache22/cgi-bin/extmail/cgi/Alias /extmail /usr/local/www/apache22/cgi-bin/extmail/html/SetHandler cgi-scriptOptions +ExecCGIAllowOverride All重启apahce%/usr/local/etc/rc.d/apache22.sh restartPerforming sanity check on apache22 configuration:Syntax OKStopping apache22.Waiting for PIDS: 461.Performing sanity check on apache22 configuration:Syntax OKStarting apache22.2、安装extmail
从extmail官方网站:www.extmail.org 下载最新版式
tar zxvf extmail-23-20060219.tar.gz %cp -r extmail-0.23-20060219/ /usr/local/www/apache22/cgi-bin/extmail
创建配置文件
%cd /usr/local/www/apache22/cgi-bin/extmail/%cp webmail.cf.default webmail.cf
修改配置文件,我只把需要修改的地方贴出来
# sys_config, the config file and webmail programe rootSYS_CONFIG = /usr/local/www/apache22/cgi-bin/extmail/# sys_langdir, the i18n dirSYS_LANGDIR = /usr/local/www/apache22/cgi-bin/extmail/lang# sys_templdir, the template dirSYS_TEMPLDIR = /usr/local/www/apache22/cgi-bin/extmail/html# sys_netdisk_on, default is offSYS_NETDISK_ON = 1 # maildir_base, the base dir of user maildir, use absolute path# if not set.SYS_MAILDIR_BASE = /home/data/domains# if mysql, all relate paramters should prefix as SYS_MYSQLSYS_MYSQL_USER = extmail SYS_MYSQL_PASS = extmail SYS_MYSQL_DB = extmail SYS_MYSQL_HOST = localhostSYS_MYSQL_SOCKET = /tmp/mysql.sock
打开你的浏览器,输入http://ip/extmail 即可看到登陆窗口
用户名:test
密码:test
域名:extmail.org
从extmail 官方网站下载软件包,解压复制到/usr/local/www/apache22/cgi-bin目录。
%cd /usr/local/www/apache22/cgi-bin/extman/
编辑 webman.cf
# sys_config, the config file and webman programe rootSYS_CONFIG = /usr/local/www/apache22/cgi-bin/extman/# sys_langdir, the i18n dirSYS_LANGDIR = /usr/local/www/apache22/cgi-bin/extman/lang# sys_templdir, the template dirSYS_TEMPLDIR = /usr/local/www/apache22/cgi-bin/extman/html# maildir_base, the base dir of user maildir, use absolute path# if not set. SYS_MAILDIR_BASE = /home/data/domains# if mysql, all relate paramters should prefix as SYS_MYSQLSYS_MYSQL_USER = webmanSYS_MYSQL_PASS = webmanSYS_MYSQL_DB = extmailSYS_MYSQL_HOST = localhostSYS_MYSQL_SOCKET = /tmp/mysql.sock
创建/tmp/extman
%mkdir /tmp/extman%chmod 777 /tmp/extman/
创建软件包的链接
%cd extman/libs/Ext/%./buildlink.sh build /usr/local/www/apache22/cgi-bin/extmail/libs/Ext/
打开浏览器输入http://ip/extman
用户名:root@extmail.org 密码:extmail
系统配置文件下载
rc.conf 内容
mysql_enable="YES"apache22_enable="YES"postfix_enable="YES"sendmail_enable="NO"sendmail_submit_enable="NO"sendmail_outbound_enable="NO"sendmail_msp_queue_enable="NO"courier_authdaemond_enable="YES"courier_imap_pop3d_enable="YES"courier_imap_imapd_enable="YES"amavisd_enable="YES"spamd_enable="YES"clamav_clamd_enable="YES"clamav_freshclam_enable="YES"
由于水平有限,时间急促,文档中难免有错漏,如果你发现错误,或有更好的建议请告诉我,本人一定尽力做到最好。
感谢你的