概要:計劃部署郵件伺服器,參考網路眾多文章,有些信息不全,有些設置比較含糊,遂自己按部就班逐一安裝測試下來,根據自己的安裝過程實現 虛擬域-用戶,POP3,POP3S,IMAP,IMAPS,網頁郵件,SMTP,SMTPS,防病毒,防垃圾郵件的郵件伺服器。
目前為一台伺服器安裝所有軟體,計劃將收件和發件分離,多台發件伺服器負載均衡,待日後有設備進行測試。
生產條件:虛擬機 AMD Turion Neo X2 Dual L625(1.6Ghz) 512M內存
所安裝的軟體: 如果複製黏貼配置,請注意自動換行問題,我是先用文本編輯器寫的,會有換行問題。
安裝過程需要安裝軟體
#yum install -y php-common php-pdo php-cli perl-IO-Zlib perl-Archive-Tar perl-Digest-SHA1 perl-Socket6 perl-IO-Socket-INET6 perl-Net-SSLeay perl-IO-Socket-SSL perl-Digest-HMAC perl-Net-IP perl-Net-DNS db4-devel e2fsprogs-devel krb5-devel zlib-devel openssl-devel mysql-devel cyrus-sasl-devel db*-devel gcc php-gd cyrus-sasl-lib cyrus-sasl-plain
cyrus-sasl-md5 cyrus-sasl-sql
1.CentOS 5.4 64位
操作系統,不多講
2.Mysql
資料庫,存儲域,用戶等信息。
3.Dovecot
提供POP,IMAP功能
4.Postfix
MTA,關鍵的東西,收發都靠它。
5.Cyrus-sasl
SMTP驗證時所使用
6.Apache
HTTP,網頁郵件及Postfixadmin使用的到
7.PHP
網頁郵件及Postfixadmin使用
8.Postfixadmin
管理虛擬域及虛擬用戶使用
9.MailScanner
調用殺毒軟體和反垃圾郵件程序
10.Clamav
著名的Linux殺毒軟體
11.Spamassassin
過濾垃圾郵件
12.Squirrelmail
提供Webmail
安裝過程:
安裝過程需要安裝軟體
#yum install -y php-common php-pdo php-cli perl-IO-Zlib perl-Archive-Tar perl-Digest-SHA1 perl-Socket6 perl-IO-Socket-INET6 perl-Net-SSLeay perl-IO-Socket-SSL perl-Digest-HMAC perl-Net-IP perl-Net-DNS db4-devel e2fsprogs-devel krb5-devel zlib-devel openssl-devel mysql-devel cyrus-sasl-devel db*-devel gcc php-gd cyrus-sasl-lib cyrus-sasl-plain
cyrus-sasl-md5 cyrus-sasl-sql
1.操作系統安裝
系統默認安裝,不選中任何軟體,X-windows也不安裝,具體過程請百度。
2.安裝Mysql
#yum install -y mysql
#yum install -y mysql-server
#yum install -y php-mysql
#yum install -y mysql-devel
#yum install -y mysql-connector-odbc
#yum install -y mod_auth_mysql
#yum install -y libdbi-dbd-mysql
創建資料庫
#mysql -u root -p //自行設置root密碼
mysql> CREATE DATABASE postfix;
mysql> CREATE USER 'postfix'@'localhost' IDENTIFIED BY 'password';
mysql> GRANT ALL PRIVILEGES ON `postfix` . * TO 'postfix'@'localhost';
3.安裝Dovecot
#yum install -y dovecot
編輯/etc/dovecot.conf,內容如下:
base_dir = /var/run/dovecot/
protocols = imap imaps pop3 pop3s
listen = *
ssl_disable = no
ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
login_dir = /var/run/dovecot/login
default_mail_env = maildir:/var/spool/mail/%u/
auth default {
mechanisms = plain login digest-md5 cram-md5
passdb sql {
args = /etc/dovecot-mysql.conf
}
userdb sql {
args = /etc/dovecot-mysql.conf
}
}
first_valid_uid = 501
編輯/etc/dovecot-mysql.conf 內容如下:
driver = mysql
connect = host=/var/lib/mysql/mysql.sock dbname=postfix user=postfix password=postfix
default_pass_scheme = CRYPT
password_query = SELECT password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, 500 AS uid, 500 AS gid FROM mailbox WHERE username = '%u'
生成證書(安裝完openssl之後)
# mkdir /etc/ssl/certs
# mkdir /etc/ssl/private
#cd /usr/share/doc/dovecot-1.0/examples
#sh mkcert.sh
4.安裝Postfix
因光碟自帶和網上下載的一些RPM包不支持SSL及Mysql,所以需要自行下載源碼編譯安裝
先刪除系統自帶的sendmail
#rpm -e sendmail --nodeps
#groupadd postfix
#groupadd postdrop
#useradd postfix -g postfix -c "Postfix User" -d /dev/null -s /sbin/nologin //postfix的uid和gid找到,後面有較多地方用的到,我的為500 500,此後都用這兩個
#wget http://xxx.com/postfix-2.4.3.tar.gz //自行到官網下載Postfix源碼
#tar zxvf postfix-2.4.3.tar.gz
#cd postfix-2.4.3
#make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_TLS -DUSE_CYRUS_SASL -DUSE_SASL_AUTH -I/usr/include/sasl' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib -lssl -lcrypto -lsasl2'
#make
//如果是X86_64的話,make會出錯,make會去找/usr/local/mysql/lib/libmysqlclient.so,應該是找/usr/local/mysql/lib64/libmysqlclient.so
#cd /usr/lib/mysql
#mv mysql mysql.bak
#ln -s /usr/lib64/mysql /usr/lib/mysql //(給他做個軟鏈接),然後再執行make
#cd /root/postfix-2.4.3
#make
#make install
//make install 命令后的所有問題都直接回車。
編輯/etc/postfix/main.cf 內容如下:
myhostname = mail.test.com
mydomain = test.com
myorigin = $mydomain
mydestination = $myhostname localhost localhost.$mydomain
mynetworks = 127.0.0.0/8
inet_interfaces = all
virtual_mailbox_base = /var/spool/mail
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:500
virtual_gid_maps = static:500
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination,permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner=$myhostname ESMTP "Version not Available"
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
html_directory = no
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/local/man
daemon_directory = /usr/libexec/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix
//以下內容在main.cf可選
//增加本地域發送郵件到本地域也需要驗證
修改main.cf
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_sender_domain,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_unauth_destination,
permit
#列出本地用戶的列表,以便驗證 From: 本地域 To: 本地域
smtpd_sender_login_maps =
mysql:/usr/local/etc/postfix/mysql_virtual_sender_maps.cf,
mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
smtpd_reject_unlisted_sender = yes
#本地域向本地域發信也需要SMTP身份驗證
smtpd_sender_restrictions =
reject_sender_login_mismatch,
reject_authenticated_sender_login_mismatch,
reject_unauthenticated_sender_login_mismatch
# nano mysql_virtual_sender_maps.cf 內如如下
user = postfix
password = mbb123
hosts = localhost
dbname = postfix
table = mailbox
select_field = username
where_field = username
additional_conditions = AND active = '1'
#nano mysql_virtual_alias_maps.cf 內容如下
user = postfix
password = mbb123
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
additional_conditions = AND active = '1'
編輯/etc/postfix/mysql_virtual_alias_maps.cf 內容如下:
user = postfix
password = password
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
additional_conditions = AND active = '1'
編輯/etc/postfix/mysql_virtual_domains_maps.cf 內容如下:
user = postfix
password = password
hosts = localhost
dbname = postfix
table = domain
select_field = description
where_field = domain
additional_conditions = AND active = '1'
編輯/etc/postfix/mysql_virtual_mailbox_limit_maps.cf 內容如下:
user = postfix
password = password
hosts = localhost
dbname = postfix
table = mailbox
select_field = quota
where_field = username
additional_conditions = AND active = '1'
編輯/etc/postfix/mysql_virtual_mailbox_maps.cf 內容如下:
user = postfix
password = password
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
additional_conditions = AND active = '1'
配置SMTP 認證
//安裝Courier authentication library
到http://www.courier-mta.org/download.php#authlib下載
# tar jxvf courier-authlib-0.58.tar.bz2
# cd courier-authlib-0.58
# ./configure --prefix=/usr/local/courier-authlib --without-authpam --without-authldap --without-authpwd --without-authshadow --without-authvchkpw --without-authpgsql --with-authmysql --with-mysql-libs=/usr/lib/mysql --with-mysql-includes=/usr/include/mysql --with-redhat --with-authmysqlrc=/usr/local/courier-authlib/etc/authmysqlrc --with-authdaemonrc=/usr/local/courier-authlib/etc/authdaemonrc CFLAGS="-march=i686 -O2 -fexpensive-optimizations" CXXFLAGS="-march=i686 -O2 -fexpensive-optimizations"
//註明,如果是64位,此處應該是
# ./configure --prefix=/usr/local/courier-authlib --without-authpam --without-authldap --without-authpwd --without-authshadow --without-authvchkpw --without-authpgsql --with-authmysql --with-mysql-libs=/usr/lib/mysql --with-mysql-includes=/usr/include/mysql --with-redhat --with-authmysqlrc=/usr/local/courier-authlib/etc/authmysqlrc --with-authdaemonrc=/usr/local/courier-authlib/etc/authdaemonrc
# make
# make install
# chmod 755 /usr/local/courier-authlib/var/spool/authdaemon/
# cp /usr/local/courier-authlib/etc/authdaemonrc.dist /usr/local/courier-authlib/etc/authdaemonrc
設置Postfix對authdaemond的許可權
# chown postfix.postfix /var/spool/authdaemon/
# chown postfix.postfix /var/spool/authdaemon/socket
修改/usr/local/courier-authlib/etc/authdaemonrc 文件
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=10
編輯/usr/local/courier-authlib/etc/authmysqlrc 為以下內容,其中500,500 為postfix 用戶的UID和GID。
MYSQL_SERVER localhost
MYSQL_USERNAME postfix
MYSQL_PASSWORD password
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_DATABASE postfix
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD '500'
MYSQL_GID_FIELD '500'
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD concat('/var/spool/mail/',maildir)
MYSQL_MAILDIR_FIELD concat('/var/spool/mail/',maildir)
MYSQL_NAME_FIELD name
# cp courier-authlib.sysvinit /etc/init.d/courier-authlib
# chkconfig --level 35 courier-authlib on
# chmod 755 /etc/init.d/courier-authlib
# service courier-authlib start
# cp /usr/local/courier-authlib/etc/authmysqlrc /etc/authlib
# cp /usr/local/courier-authlib/etc/authdaemonrc /etc/authlib
增加SSL功能,配置SMTPS服務
在/etc/postfix/main.cf 增加以下內容
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/smtpd.pem
smtpd_tls_CAfile = /etc/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
生成證書
# mkdir /etc/ssl
# cd /etc/ssl
# openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650
# chown postfix /var/spool/mail/
//修改 postfix支持mailscanner
# vi /etc/postfix/main.cf
變更以下的值
header_checks = regexp:/etc/postfix/header_checks
# vi /etc/postfix/header_checks
/^Received:/ HOLD
//注意, 在 / 之前不可以有空白!
5.安裝Cyrus-sasl
# yum install expect
然後到http://www.thatfleminggent.com/packages/centos/5/x86_64/repoview/system_environment.daemons.group.html下載courier-autulib和courier-mysql並安裝
#tar zvfx cyrus-sasl-2.1.22.tar.gz
#cd cyrus-sasl-2.1.22
#export LDFLAGS="-lpthread"
#./configure --with-mysql --enable-anon --enable-plain --enable-login --disable-krb4 --disable-otp --disable-cram --disable-digest --disable-gssapi --with-pam --with-authdaemond=/var/spool/authdaemon/socket
#make
#make install
#rm -rf /usr/lib/sasl
#rm -rf /usr/lib/sasl2
#ln -s /usr/local/lib/sasl2 /usr/lib/
#為了讓postfix能找到sasl,請運行如下命令:
#echo "/usr/local/lib" >> /etc/ld.so.conf
#ldconfig
#nano /usr/lib/sasl2/smtpd.conf
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path:/var/spool/authdaemon/socket
6.安裝Apache
#yum install httpd
#yum install httpd-manual
7.安裝PHP
#yum install php
8.安裝Postfixadmin
//下載postfixadmin源碼
# tar xvf postfixadmin-2.1.0.gz
#mv postfixadmin-2.1.0 /var/www/html/postadmin
#cp /var/www/html/postadmin/config.inc.php.sample /var/www/html/postadmin/config.inc.php
#修改config.inc.php相應配置
打開瀏覽器訪問 http://IP/postadmin,然後按提示增加虛擬域名test.com
# vi /etc/httpd/conf/httpd.conf
9.安裝MailScanner
//到http://www.mailscanner.info/下載源碼安裝
#cd /MailScanner-4.81.4-1
#./install.sh
//配置/etc/MailScanner/MailScanner.conf 修改(此處留驗證:JF)以下內容:
%org-name% = test.com
%org-long-name% = test
%web-site% = mail.test.com
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Incoming Work User = postfix
Incoming Work Group = postfix
Quarantine User = postfix
Quarantine Group = postfix
Virus Scanners = clamav
Always Include SpamAssassin Report = yes
Sign Clean Messages = no
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamAssassin Install Prefix = /usr/bin
Log speed = yes
Log Spam = yes
Log Silent Viruses = yes
Mark Unscanned Messages = no
Notify Senders = no
Phishing Modify Subject = yes
Log Dangerous HTML Tages = yes
//配置/etc/MailScanner/virus.scanner.conf 修改以下內容:
clamav /usr/lib/MailScanner/clamav-wrapper /usr/
#mkdir /var/spool/MailScanner/spamassassin /var/spool/MailScanner/.spamassassin
#chown -R postfix.postfix /var/spool/MailScanner/*
10.安裝clamav
//下載clamav clamav-db clamav-devel clamd
# rpm -ivh clamav-db* clamav-0.9*
#rpm -ivh clamav-devel* clamd*
//編輯 /etc/clamd.conf 修改以下內容:
ScanHTML yes
ArchiveMaxFileSize 15M
ArchiveMaxRecursion 10
ArchiveMaxFiles 1500
ClamukoScanOnOpen yes
ClamukoScanOnClose yes
ClamukoScanOnExec yes
ClamukoMaxFileSize 10M
//手動更新clamav
#freshclam
//修改定時升級clamav
#corntab -e
//增加以下內容保存退出
0 2 * * * root /usr/bin/freshclam --quiet -l /var/log/clamav/clamd.log
11.安裝Spamassassin
#yum install spamassassin
12.安裝Squirrelmail
#cd /var/www/html
//下載Squirrelmail源碼
# tar zxvf squirrelmail-1.4.10a.tar.gz
# mv squirrelmail-1.4.10a webmail
# cd webmail/
# cd config
# ./conf.pl
//選擇1進入Organization Preferences,進行編輯
1. Organization Name : test.com
2. Organization Logo : ../images/sm_logo.png
3. Org. Logo Width/Height : (308/111)
4. Organization Title : SquirrelMail $version
5. Signout Page :
6. Top Frame : _top
7. Provider link : http://mail.test.com/
8. Provider name : test
//按R退出
//選擇2進入server settings,進行編輯
1. Domain : test.com
2. Invert Time : false
3. Sendmail or SMTP : SMTP
A. Update IMAP Settings : localhost:143 (other)
B. Update SMTP Settings : localhost:25
//按R退出
//選擇4進入General options,進行編輯
1. Data Directory : /var/www/html/webmail/
2. Attachment Directory : /var/www/html/webmail/attach/
3. Directory Hash Level : 0
4. Default Left Size : 150
5. Usernames in Lowercase : true
6. Allow use of priority : true
7. Hide SM attributions : true
8. Allow use of receipts : true
9. Allow editing of identity : true
Allow editing of name : true
Remove username from header : false
10. Allow server thread sort : false
11. Allow server-side sorting : false
12. Allow server charset search : false
13. Enable UID support : true
14. PHP session name : SQMSESSID
15. Location base :
//改好之後保存退出
#makedir /var/www/html/webmail/attach
#chmod 777 /var/www/html/webmail/attach
# chown -R apache:root webmail
//將以下服務設置為自動啟動,去除postfix和sendmail的自啟動
MailScanner clamd dovecot httpd mysqld saslauthd spamassassin
//iptables 設置 110,25,143,995,993,443埠通過
reboot, 大功告成
[火星人 ] CentOS上安裝帶虛擬域,防病毒,反垃圾郵件的郵件伺服器已經有342次圍觀
