基于Linux和Postfix的邮件系统安装手册 ==================================== 本文介绍使用Linux+Postfix+Cyrus-SASL+Courier-IMAP+Tmail3.0+Spamassassin+Clamav+MailScanner 来架构一个具有多域名,有邮件列表、Webmail、防病毒、防垃圾邮件、Web管理界面的邮件系统。 本文在CentOS、RHEL上安装测试通过,病毒过滤放弃采用amavisd。 主要采用执行效率更高的MailSanner来对邮件过滤和垃圾邮件过滤,配置更容易,并且降低了系统开消。 让系统更加稳定,经过严格病毒邮件测试成功率达到了100%。垃圾邮件过滤基本上达到了95%的成功率。 文档目录 1.安装系统 2.关闭SELinux 3.设置YUM 4.安装MySQL 5.安装Apache 6.安装PHP 7.安装phpMyAdmin 8.设置数据库: 9.增加Postfix的用户和组 10.安装Postfix 11.安装Courier-authlib 12.设置authlib的环境变量 13.安装Courier-IMAP 14.配置系统 15.配置SASL认证 16.配置Courier-IMAP 17.安装Webmail 18.启动服务测试 19.安装Clamav 20.升级病毒库 21.安装Spamassassin 22.安装MailScanner 23.设置MailScanner 24.测试病毒邮件 1.安装系统 安装之前:因用户数据都保存在/var目录下,因此安装系统时/var的空间应尽量大。 系统的版本为最小化安装,软件包只安装只装开发包(development)。 在文档中假设服务器的域名为,主机名为mail.。 请兄弟们仔细一些,注意空格和TAB。 2.关闭SELinux [root@CentOS]# vi /etc/selinux/config SELINUX=disable [root@CentOS]# reboot 3.设置YUM [root@CentOS yum.repos.d] vi CentOS-Base.repo [base] name=CentOS-4.3 - Base baseurl=http://mirror./centos/4.3/os/$basearch/ gpgcheck=1 gpgkey=http://mirror./centos/RPM-GPG-KEY-centos4 #released updates [update] name=CentOS-4.3 - Updates baseurl=http://mirror./centos/4.3/updates/$basearch/ gpgcheck=1 gpgkey=http://mirror./centos/RPM-GPG-KEY-centos4 #packages used/produced in the build but not released [addons] name=CentOS-4.3 - Addons baseurl=http://mirror./centos/4.3/addons/$basearch/ gpgcheck=1 gpgkey=http://mirror./centos/RPM-GPG-KEY-centos4 #additional packages that may be useful [extras] name=CentOS-4.3 - Extras baseurl=http://mirror./centos/4.3/extras/$basearch/ gpgcheck=1 gpgkey=http://mirror./centos/RPM-GPG-KEY-centos4 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-4.3 - Plus baseurl=http://mirror./centos/4.3/centosplus/$basearch/ gpgcheck=1 enabled=0 gpgkey=http://mirror./centos/RPM-GPG-KEY-centos4 #contrib - packages by Centos Users [contrib] name=CentOS-4.3 - Contrib baseurl=http://mirror./centos/4.3/contrib/$basearch/ gpgcheck=1 enabled=0 gpgkey=http://mirror./centos/RPM-GPG-KEY-centos4 #packages in testing [testing] name=CentOS-4.3 - Testing baseurl=http://mirror./centos/4.3/testing/$basearch/ gpgcheck=1 enabled=0 gpgkey=http://mirror./centos/RPM-GPG-KEY-centos4 [root@CentOS yum.repos.d]# vi dag.repo [dag] name=Dag RPM Repository for Red Hat Enterprise Linux baseurl=http://apt./redhat/el$releasever/en/$basearch/dag gpgcheck=1 enabled=1 [root@CentOS yum.repos.d]# yum update 4.安装MySQL [root@CentOS src]#yum install mysql-server [root@CentOS src]#yum install mysql-devel 5.安装Apache [root@CentOS src]#yum install httpd 6.安装PHP [root@CentOS src]#yum install php [root@CentOS src]#yum install php-mysql [root@CentOS src]#yum install php-gd [root@CentOS src]#yum install php-imap yum install vsftpd yum install clamav yum install spamassassin /usr/bin/freshclam 设置Apache 默认: User apache 改为 User postfix 默认 Group apache 改为 Group postfix 默认 AddDefaultCharset UTF-8 改为 AddDefaultCharset gb2312 新加入: AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps 7.安装phpMyAdmin [root@CentOS src]#tar zxf phpMyAdmin-2.8.0.3.tar.gz [root@CentOS src]#mv phpMyAdmin-2.8.0.3 /var/www/html/sql/ 8.设置数据库 [root@CentOS src]#mysql mysql> create database postfix; mysql> use mysql; mysql> INSERT INTO user (Host, User, Password) VALUES ('localhost', 'postfix', password('postfix')); mysql> GRANT ALL ON postfix.* TO [email=postfix@localhost]postfix@localhost[/email] IDENTIFIED BY "postfix"; mysql> exit [root@CentOS src] mysql –u root –p postfix 9.增加postfix的用户和组 [root@CentOS src] groupadd -g 12345 postfix [root@CentOS src] useradd -u 12345 -g 12345 -c Postfix -d /dev/null -s /sbin/nologin postfix [root@CentOS src] groupadd -g 54321 postdrop 10.安装postfix [root@CentOS src] tar zxf postfix-2.2.10.tar.gz [root@CentOS src] cd postfix-2.2.10 [root@CentOS src] patch -p1 11.安装Courier-authlib [root@CentOS src] tar jxf Courier-authlib-0.58.tar.bz2 [root@CentOS src] cd Courier-authlib-0.58 [root@CentOS src] ./configure --prefix=/usr/lib/authlib --without-authpam \ --without-authcustom --without-authpgsql --without-authldap \ --without-authuserdb --without-authpwd --without-authshadow \ --without-authvchkpw --with-authmysql \ --with-authdaemonvar=/usr/lib/authlib/var \ --mandir=/usr/lib/man --without-stdheaderdir \ --sysconfdir=/usr/lib/authlib/etc \ --with-redhat [root@CentOS src] make [root@CentOS src] make install [root@CentOS src] make install-migrate [root@CentOS src] make install-configure 12.设置authlib的环境变量 [root@CentOS src] COURIERAUTHCONFIG=/usr/lib/authlib/bin/courierauthconfig [root@CentOS src] export COURIERAUTHCONFIG 13.安装Courier-IMAP [root@CentOS src] tar jxf courier-imap-4.1.0.tar.bz2 [root@CentOS src] cd courier-imap-4.0.6 [root@CentOS src] ./configure --prefix=/usr/lib/imapd \ --silent --without-authpgsql --without-ipv6 \ --with-redhat --with-authmysql \ --mandir=/usr/lib/man --disable-root-check [root@CentOS src] make [root@CentOS src] make install [root@CentOS src] make install-configure 14.配置系统 [root@CentOS src] rm -f /etc/aliases* [root@CentOS src] ln -s /etc/postfix/aliases /etc/aliases [root@CentOS src] echo 'root: postfix' >> /etc/postfix/aliases [root@CentOS src] /usr/bin/newaliases [root@CentOS src] chown -R postfix:postfix /var/mail [root@CentOS src] chown -R postfix:postfix /var/lib/php/session [root@CentOS src] vi /etc/postfix/main.cf command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 html_directory = no mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/local/man newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = no sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop unknown_local_recipient_reject_code = 550 header_checks = regexp:/etc/postfix/header_checks #=====================BASE======================= myhostname = mail. mydomain = mydestination = local_recipient_maps = local_transport = virtual #=====================MySQL====================== virtual_alias_maps = mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf virtual_gid_maps = static:54321 virtual_mailbox_base = / virtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 51200000 virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 125 virtual_transport = virtual virtual_uid_maps = static:12345 #=====================Quota====================== virtual_create_maildirsize = yes virtual_mailbox_extended = yes virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = yes virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later. virtual_overquota_bounce = yes #======================SASL====================== smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_delay_reject=yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_auth_destination, reject smtpd_client_restrictions = permit_sasl_authenticated [root@CentOS src] vi mysql_virtual_alias_maps.cf user = postfix password = postfix hosts = localhost dbname = postfix query = SELECT alias FROM userinfo WHERE address='%s' AND active = 1 [root@CentOS src] vi mysql_virtual_domains_maps.cf user = postfix password = postfix hosts = localhost dbname = postfix query = SELECT domain FROM domaininfo WHERE domain='%s' [root@CentOS src] vi mysql_virtual_mailbox_limit_maps.cf user = postfix password = postfix hosts = localhost dbname = postfix query = SELECT quota FROM userinfo WHERE address='%s' [root@CentOS src] vi mysql_virtual_mailbox_maps.cf user = postfix password = postfix hosts = localhost dbname = postfix query = SELECT maildir FROM userinfo WHERE address='%s' AND active = 1 15.配置SASL认证 [root@CentOS src] vi /usr/lib/sasl2/smtpd.conf pwcheck_method: authdaemond log_level: 3 mech_list: plain login authdaemond_path:/usr/lib/authlib/var/socket 16.配置Courier-IMAP [root@CentOS src] vi /usr/lib/authlib/etc/authlib/authmysqlrc #############下面两个字段之间的空白必须为Tab符############### MYSQL_SERVER localhost MYSQL_USERNAME postfix MYSQL_PASSWORD postfix MYSQL_PORT 0 MYSQL_OPT 0 MYSQL_DATABASE postfix MYSQL_USER_TABLE userinfo MYSQL_CRYPT_PWFIELD passwd MYSQL_UID_FIELD '12345' MYSQL_GID_FIELD '54321' MYSQL_LOGIN_FIELD address MYSQL_HOME_FIELD homedir MYSQL_NAME_FIELD realname MYSQL_MAILDIR_FIELD maildir MYSQL_QUOTA_FIELD quota [root@CentOS src] vi /usr/lib/authlib/etc/authlib/authdaemonrc authmodulelist="authmysql" authmodulelistorig="authmysql" version="authdaemond.mysql" daemons=5 subsystem=mail DEBUG_LOGIN=0 DEFAULTOPTIONS="wbnodsn=1" [root@CentOS src] vi /usr/lib/imapd/etc/pop3d 默认POP3DSTART=NO 改为POP3DSTART=YES [root@CentOS src] vi /usr/lib/imapd/etc/imapd 默认IMAPDSTART=NO 改为IMAPDSTART=YES [root@CentOS src] chmod +x /usr/lib/authlib/var/ [root@CentOS src] cp courier-authlib /etc/rc.d/init.d/ [root@CentOS src] chmod 755 /etc/rc.d/init.d/courier-authlib [root@CentOS src] chkconfig --add courier-authlib [root@CentOS src] cp courier-imap /etc/rc.d/init.d/ [root@CentOS src] chmod 755 /etc/rc.d/init.d/courier-imap [root@CentOS src] chkconfig --add courier-imap 17.安装Webmail [root@CentOS src] vi /var/www/html/webmail/config/config_inc.php $CFG_BASEPATH = "/var/www/html/webmail/temp"; //临时目录 define(MYSQL_HOST, 'localhost'); //数据库主机名 define(MYSQL_USER, 'postfix'); //数据库用户名 define(MYSQL_PASS, 'postfix'); //数据库密码 define(MYSQL_DATA, 'postfix'); //数据库名称 $CFG_NETDISK_PATH = "/var/mail/netdisk"; //文件管理存储目录 [root@CentOS src] vi /var/www/html/webmail/webadmin/include/config.inc.php define(mysql_HOST, 'localhost'); //数据库主机名 define(mysql_USER, 'postfix'); //数据库用户名 define(mysql_PASS, 'postfix'); //数据库密码 define(mysql_DATA, 'postfix'); //数据库名称 [root@CentOS src] mkdir /var/mail/netdisk [root@CentOS src] chown –R postfix:postfix /var/mail/netdisk [root@CentOS src] mkdir /var/www/html/webmail/temp [root@CentOS src] chown –R postfix:postfix /var/www/html/webmail/temp 18.启动服务测试 [root@CentOS src] chkconfig httpd on [root@CentOS src] chkconfig mysqld on [root@CentOS src] service httpd start [root@CentOS src] service mysqld start [root@CentOS src] service courier-authlib start [root@CentOS src] service courier-imap start [root@CentOS src] postfix start 通过后台加入域名和用户名(本文档中的域名为:、用户名: test@ ) [root@CentOS src] perl -MMIME::Base64 -e 'print encode_base64("test\@");' dGVzdEB0ZXN0LmNvbQ== [root@CentOS src] perl -MMIME::Base64 -e 'print encode_base64("000000");' MDAwMDAw [root@CentOS src] telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 mail. ESMTP Postfix ehlo mail 250-mail. 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250 8BITMIME auth login 334 VXNlcm5hbWU6 dGVzdEB0ZXN0LmNvbQ== //用户名( test@ ) 334 UGFzc3dvcmQ6 MDAwMDAw // 密码(000000) 235 Authentication successful //表示成功验证通过 19.安装Clamav [root@CentOS src] rpm --import http://dag./packages/RPM-GPG-KEY.dag.txt [root@CentOS src] rpm --import RPM-GPG-KEY.dag.txt [root@CentOS src] rpm -q gpg-pubkey --qf "%{summary} -> %{version}-%{release}\n" gpg(CentOS-4 key ) -> 443e1821-421f218f gpg(Dag Wieers (Dag Apt Repository v1.0) ) -> 6b8d79e6-3f49313d [root@CentOS src] vi /etc/yum.repos.d/dag.repo [dag] name=Dag RPM Repository for Red Hat Enterprise Linux baseurl=http://apt./redhat/el$releasever/en/$basearch/dag gpgcheck=1 enabled=1 [root@CentOS src] yum update [root@CentOS src] yum install clamav 20.升级病毒库 [root@CentOS src] /usr/bin/freshclam ClamAV update process started at Thu Mar 9 17:23:21 2006 main.cvd is up to date (version: 36, sigs: 44686, f-level: 7, builder: tkojm) daily.cvd is up to date (version: 1319, sigs: 1376, f-level: 7, builder: ccordes) 21.安装Spamassassin [root@CentOS src] yum install spamassassin [root@CentOS src] service spamassassin start 22.安装MailScanner [root@CentOS src] tar zxf MailScanner-4.51.5-1.rpm.tar.gz [root@CentOS src] MailScanner-4.51.5-1/install.sh 23.设置MailScanner [root@CentOS src] chkconfig sendmail off [root@CentOS src] chkconfig --level 2345 MailScanner on [root@CentOS src] vi /etc/MailScanner/MailScanner.conf %org-name% = %org-long-name% = wooxian %web-site% = http://www./ %report-dir% = /etc/MailScanner/reports/cn Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming MTA = postfix Virus Scanners = clamav Always Include SpamAssassin Report = yes Use SpamAssassin = yes Required SpamAssassin Score = 6 SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin SpamAssassin Install Prefix = /usr/bin SpamAssassin Local Rules Dir = /etc/MailScanner [root@CentOS src] yum install unrar [root@CentOS src] unrar x ../src/cn.rar [root@CentOS src] mv cn /etc/MailScanner/reports/ [root@CentOS src] mv /etc/postfix/header_check /etc/postfix/header_check.bak [root@CentOS src] vi /etc/postfix/header_check /^Received:/ HOLD [root@CentOS src] chown –R postfix:postfix /var/spool/MailScanner/* [root@CentOS src] postfix stop [root@CentOS src] service MailScanner start 24.测试病毒邮件 [root@CentOS src] telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 mail. ESMTP Postfix ehlo mail 250-mail. 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250 8BITMIME auth login 334 VXNlcm5hbWU6 dGVzdEB0ZXN0LmNvbQ== //用户名( test@ ) 334 UGFzc3dvcmQ6 MDAwMDAw // 密码(000000) 235 Authentication successful //表示成功验证通过 MAIL FROM: 250 Ok RCPT TO: 250 Ok DATA 354 End data with . Subject:Virus test [email=X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H]X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H[/email] * . 250 Ok: queued as F0C221CC20 //出现F0C221CC20这行表示MailScanner运行成功了 quit 221 Bye Connection closed by foreign host. 收到邮件后会在主题会变成:{Virus?} Virus test 邮件内容会是以下内容: 警告: 此邮件有一个或多个附加档案被移除 警告: 附加档案名称: (详细讯息). 警告: 请参考此信件附加档案 "-Attachment-Warning.txt" 取得更详细的资料 此讯息由 MailScanner 电子邮件防护系统发出 -------------------------------------------------------------------- 原有邮件附加档案为 "详细讯息" 被列入拒绝处理的名单. 且被替换为此讯息. 若您仍希望收到*被感染的*附加档案,,请联络系统管理者.包含以下内容: Thu Mar 9 15:57:25 2006 病毒侦测报告: ClamAV: msg-3682-1.txt contains Eicar-Test-Signature 求助问题: 检查 the () MailScanner 机器的 /var/spool/MailScanner/quarantine/20060309 (编号 639F13F97B.BBC3F). -- 系统管理者 以上内容出现表示MailScanner的病毒过滤生效。并成功运行!! 本文来自ChinaUnix博客,如果查看原文请点:http://blog./u/5795/showart_104618.html |
|