RHEL5上安裝支持虛擬域,查殺病毒,垃圾過濾的郵件系統
RHEL5上安裝郵件系統Postfix+dovecot+MailScanner+spamassassin+f-prot+PostfixAdmin+SquirrelMail
作者:LEO http://zqli.cublog.cn/
概要:
本文講述在安裝了RHEL5上,配置一台Postfix郵件伺服器的過程。實現虛擬域、虛擬用戶、POP3、POP3S、SMTP、SMTPS、IMAP、IMAPS、防毒、防SPAM、網頁郵件功能。
涉及的軟體
1. Red Hat Enterprise Linux Server release 5 (Tikanga)
2. MySQL
系統自帶
用於存儲虛擬域、虛擬用戶等信息。
3. Apache
系統自帶
運行網頁郵件SquirrelMail和PostfixAdmin時使用。
4. PHP
系統自帶
運行網頁郵件SquirrelMail和PostfixAdmin時使用。
5. Cyrus-sasl
系統自帶
實現帶驗證的SMTP時使用。
6. Courier authentication library
從http://download.chinaunix.net/下載
實現帶驗證的SMTP時使用。
7. Postfix
從http://www.postfix.org 下載
一個MTA,雖然RHEL 4 自帶Postfix,但因為其不支持SSL及Mysql,所以我們需要自行編譯。
8. PostfixAdmin
從http://www.postfixadmin.com/ 下載
虛擬域、虛擬用戶等信息是放在Mysql內的,安裝PostfixAdmin后,就可以用瀏覽器管理這些信息。
9. SquirrelMail
系統自帶或從http://www.squirrelmail.org/download.php下載
一個基於IMAP的Webmail客戶端。
10. Dovecot
系統自帶
提供POP3,POP3S,IMAP,IMAPS功能。
11. F-prot
從http://www.f-prot.com 下載,Linux workstation 版個人使用是免費的
提供殺毒功能,據說速度和病毒庫比開源的Clamav好。
12. SpamAssassin
系統自帶
提供過濾垃圾郵件功能。
13. MailScanner
從http://www.mailscanner.info/ 下載
Postfix 是使用MailScanner 調用f-prot 與SpamAssassin,或者其它調用方法效率更好,但MailScanner配置比較直觀。
作者:LEO http://zqli.cublog.cn/
配置過程
1. 基本軟體安裝
默認方式安裝RHEL5,不選中任何類型伺服器(如WEB伺服器,開發伺服器,虛擬伺服器等),安裝上文中提及「系統自帶」的軟體。
下載其它需要的軟體。
安裝MySQL
# rpm -ivh mysql-5.0.22-2.1.i386.rpm
# rpm -ivh mysql-server-5.0.22-2.1.i386.rpm
# chkconfig mysqld on
安裝Apache
# rpm -ivh httpd-2.2.3-6.el5.i386.rpm
# rpm -ivh httpd-manual-2.2.3-6.el5.i386.rpm
# chkconfig httpd on
安裝PHP
# rpm -ivh php-common-5.1.6-5.el5.i386.rpm
# rpm -ivh php-pdo-5.1.6-5.el5.i386.rpm
# rpm -ivh php-mysql-5.1.6-5.el5.i386.rpm
# rpm -ivh php-cli-5.1.6-5.el5.i386.rpm
# rpm -ivh php-5.1.6-5.el5.i386.rpm
安裝Cyrus-sasl
# rpm –ivh cyrus-sasl-2.1.22-4.i386.rpm
安裝squirrelmail
# rpm -ivh squirrelmail-1.4.8-4.el5.noarch.rpm
安裝dovecot
# rpm -ivh dovecot-1.0-1.2.rc15.el5.i386.rpm
安裝spamassassin
# rpm -ivh perl-IO-Zlib-1.04-4.2.1.noarch.rpm
# rpm -ivh perl-Archive-Tar-1.30-1.fc6.noarch.rpm
# rpm -ivh perl-Digest-SHA1-2.11-1.2.1.i386.rpm
# rpm -ivh perl-Socket6-0.19-3.fc6.i386.rpm
# rpm -ivh perl-IO-Socket-INET6-2.51-2.fc6.noarch.rpm
# rpm -ivh perl-Net-SSLeay-1.30-4.fc6.i386.rpm
# rpm -ivh perl-IO-Socket-SSL-1.01-1.fc6.noarch.rpm
# rpm -ivh perl-Digest-HMAC-1.01-15.noarch.rpm
# rpm -ivh perl-Net-IP-1.25-2.fc6.noarch.rpm
# rpm -ivh perl-Net-DNS-0.59-1.fc6.i386.rpm
# rpm -ivh spamassassin-3.1.7-4.el5.i386.rpm
# tar xvf postfixadmin-2.1.0.gz
# mv postfixadmin-2.1.0 /var/www/html/pa
# service mysqld start
# mysql -uroot < /var/www/html/pa/DATABASE_MYSQL.TXT
# cp /var/www/html/pa/config.inc.php.sample /var/www/html/pa/config.inc.php
打開瀏覽器訪問 http://IP/pa,然後按提示增加兩個虛擬域名mailidc.cn 和 zqli.com,增加兩個虛擬用戶leo@mailidc.cn,zqli@zqli.com
# vi /etc/httpd/conf/httpd.conf
加入以下內容,加強安全性,要不每個人不經認證都可以用postfixadmin
<Directory "/var/www/html/pa" >
Options FollowSymLinks
DirectoryIndex index.php
AllowOverride None
AuthType Basic
authname Private
authuserfile /var/phpaccess/leo
require valid-user
Order allow,deny
Allow from all
</Directory>
注意/var/phpaccess/leo是我的密碼文件名
# mkdir /var/phpaccess
# touch /var/phpaccess/leo
# cd /var/phpaccess/
# htpasswd -c leo leo #添加用戶leo
New password:
Re-type new password:
Adding password for user leo
然後我們就可以打開網頁瀏覽器來訪問了
http://ip/pa
至此postfixadmin配置完畢。在這裡我推薦對mysql比較了解的人更改默認的postfix連接密碼:默認數據名為postfix,用戶名密碼都是postfix。我們下面的配置還是用回默認的用戶名和密碼。
作者:LEO http://zqli.cublog.cn/
安裝postfix所依賴的包
# rpm -ivh db4-devel-4.3.29-9.fc6.i386.rpm
# rpm -ivh e2fsprogs-devel-1.39-8.el5.i386.rpm
# rpm -ivh krb5-devel-1.5-17.i386.rpm
# rpm -ivh zlib-devel-1.2.3-3.i386.rpm
# rpm -ivh openssl-devel-0.9.8b-8.3.el5.i386.rpm
# rpm -ivh mysql-devel-5.0.22-2.1.i386.rpm
# rpm -ivh cyrus-sasl-devel-2.1.22-4.i386.rpm
編譯、配置Postfix
先刪除sendmail
# rpm -e sendmail –nodeps
# groupadd postfix
# groupadd postdrop
# useradd postfix -g postfix -c "Postfix user" -d /dev/null -s /sbin/nologin
# tar zxvf postfix-2.4.3.tar.gz
# make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_TLS -DUSE_CYRUS_SASL -DUSE_SASL_AUTH -I/usr/include/sasl' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib -lssl -lcrypto -lsasl2'
# make
# make install
註:「make install」命令后的所有問題都直接敲回車鍵即可。
編輯/etc/postfix/main.cf 為以下內容
#=====================BASE=========================
myhostname = mail.mailidc.cn
mydomain = mailidc.cn
myorigin = $mydomain
mydestination = $myhostname localhost localhost.$mydomain
mynetworks = 192.168.1.0/24 127.0.0.0/8
inet_interfaces = all
#=====================Vritual Mailbox settings=========================
virtual_mailbox_base = /var/spool/mail
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:501
virtual_gid_maps = static:502
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
#====================QUOTA========================
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes
#====================SASL========================
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination,permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner=$myhostname ESMTP "Version not Available"
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
html_directory = no
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/local/man
daemon_directory = /usr/libexec/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix
編輯/etc/postfix/mysql_virtual_alias_maps.cf 為以下內容
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
編輯/etc/postfix/mysql_virtual_domains_maps.cf 為以下內容
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = domain
select_field = description
where_field = domain
編輯/etc/postfix/mysql_virtual_mailbox_limit_maps.cf 為以下內容
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = quota
where_field = username
編輯/etc/postfix/mysql_virtual_mailbox_maps.cf 為以下內容
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
配置SMTP 認證
編輯 /usr/lib/sasl2/smtpd.conf 為以下內容
pwcheck_method: authdaemond
log_level: 3
mech_list: plain login
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket
安裝Courier authentication library
# tar jxvf courier-authlib-0.58.tar.bz2
# cd courier-authlib-0.58
# ./configure --prefix=/usr/local/courier-authlib --without-authpam --without-authldap --without-authpwd --without-authshadow --without-authvchkpw --without-authpgsql --with-authmysql --with-mysql-libs=/usr/lib/mysql --with-mysql-includes=/usr/include/mysql --with-redhat --with-authmysqlrc=/usr/local/courier-authlib/etc/authmysqlrc --with-authdaemonrc=/usr/local/courier-authlib/etc/authdaemonrc CFLAGS="-march=i686 -O2 -fexpensive-optimizations" CXXFLAGS="-march=i686 -O2 -fexpensive-optimizations"
# make
# make install
# chmod 755 /usr/local/courier-authlib/var/spool/authdaemon/
# cp /usr/local/courier-authlib/etc/authdaemonrc.dist /usr/local/courier-authlib/etc/authdaemonrc
修改/usr/local/courier-authlib/etc/authdaemonrc 文件
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=10
編輯/usr/local/courier-authlib/etc/authmysqlrc 為以下內容,其中501,502 為postfix 用戶的UID和GID。
MYSQL_SERVER localhost
MYSQL_USERNAME postfix
MYSQL_PASSWORD postfix
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_DATABASE postfix
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD '501'
MYSQL_GID_FIELD '502'
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD concat('/var/spool/mail/',maildir)
MYSQL_MAILDIR_FIELD concat('/var/spool/mail/',maildir)
MYSQL_NAME_FIELD name
# cp courier-authlib.sysvinit /etc/init.d/courier-authlib
# chkconfig --level 35 courier-authlib on
# chmod 755 /etc/init.d/courier-authlib
# service courier-authlib start
此時你已經擁有一台帶驗證的SMTP 伺服器,用Outlook 、Foxmail測試一下吧,用戶名採用usename@domainName.com 形式。到了這一步,可以正常地發信了。
作者:LEO http://zqli.cublog.cn/
增加SSL功能,配置SMTPS服務
在/etc/postfix/main.cf 增加以下內容
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/smtpd.pem
smtpd_tls_CAfile = /etc/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
生成證書
# mkdir /etc/ssl
# cd /etc/ssl
# openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650
重新啟動postfix
# postfix reload
這時SMTPS功能應該能正常工作了。有能力測試的網友們請驗證一下這功能。
配置Dovecot,增加IMAP,IMAPS,POP3,POP3S功能
由於Dovecot 是系統自帶的,配置兩個文件,再生成證書就可以了。
編輯 /etc/dovecot.conf 為以下內容
base_dir = /var/run/dovecot/
protocols = imap imaps pop3 pop3s
listen = *
ssl_disable = no
ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
login_dir = /var/run/dovecot/login
default_mail_env = maildir:/var/spool/mail/%u/
auth default {
mechanisms = plain login digest-md5 cram-md5
passdb sql {
args = /etc/dovecot-mysql.conf
}
userdb sql {
args = /etc/dovecot-mysql.conf
}
}
first_valid_uid = 501
編輯 /etc/dovecot-mysql.conf 為以下內容
driver = mysql
connect = host=/var/lib/mysql/mysql.sock dbname=postfix user=postfix password=postfix
default_pass_scheme = CRYPT
password_query = SELECT password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, 501 AS uid, 502 AS gid FROM mailbox WHERE username = '%u'
生成證書
# mkdir /etc/ssl/certs
# mkdir /etc/ssl/private
# cd /usr/share/doc/dovecot-1.0/examples
# sh mkcert.sh
啟動Dovecot 服務
# chown postfix /var/spool/mail/
# service dovecot start
# chkconfig --level 35 dovecot on
順利的話,此時SMTP、SMTPS、POP3、POP3S已經配置完成。
作者:LEO http://zqli.cublog.cn
《解決方案》
作者:LEO http://zqli.cublog.cn/
在http://www.squirrelmail.org/下載軟體squirrelmail
# tar zxvf squirrelmail-1.4.10a.tar.gz
# mv squirrelmail-1.4.10a webmail
# cd webmail/
# cd config
# ./conf.pl
SquirrelMail Configuration : Read: config_default.php (1.4.0)
---------------------------------------------------------
Main Menu --
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages
D. Set pre-defined settings for specific IMAP servers
C Turn color on
S Save data
Q Quit
Command >>
1、選擇1,進入組織設置
Organization Preferences
1. Organization Name : SquirrelMail
2. Organization Logo : ../images/sm_logo.png
3. Org. Logo Width/Height : (308/111)
4. Organization Title : SquirrelMail $version
5. Signout Page :
6. Top Frame : _top
7. Provider link : http://www.squirrelmail.org/
8. Provider name : SquirrelMail
R Return to Main Menu
C Turn color on
S Save data
Q Quit
2、選擇2,進入伺服器選項
General
-------
1. Domain : mailidc.cn
2. Invert Time : false
3. Sendmail or SMTP : SMTP
A. Update IMAP Settings : localhost:143 (other)
B. Update SMTP Settings : localhost:25
R Return to Main Menu
C Turn color on
S Save data
Q Quit
3、選擇4,進入全局設置
---------------------------------------------------------------
1. Data Directory : /var/www/html/webmail/
2. Attachment Directory : /var/www/html/webmail/attach/
3. Directory Hash Level : 0
4. Default Left Size : 150
5. Usernames in Lowercase : true
6. Allow use of priority : true
7. Hide SM attributions : true
8. Allow use of receipts : true
9. Allow editing of identity : true
Allow editing of name : true
Remove username from header : false
10. Allow server thread sort : false
11. Allow server-side sorting : false
12. Allow server charset search : false
13. Enable UID support : true
14. PHP session name : SQMSESSID
15. Location base :
#########################################################
4、改好后選擇保存並退出。再檢查config/config.php文件,如果$data_dir為空的話,再把正確的值填入。這是它的一個BUG。
將整個目錄拷貝到DocumentRoot下,將目錄改名為webmail,拷貝webmail/data目錄到$data_dir 設置的地方,再建立設置的attachment目錄,一起CHMOD 777 即可。
# chown -R apache:root webmail
安裝 F-PROT (F-PROT Antivirus for Linux)
從http://files.f-prot.com/files/linux-x86/fp-linux-ws.rpm下載 f-prot
# rpm -ivh fp-linux-ws.rpm
確認spamassassin是否有安裝:
# rpm -qa |grep spam
如沒有安裝就安裝該包
# rpm -ivh spamassassin-3.1.7-4.el5.i386.rpm
修改spamassassin的設定檔local.cf
可到站點http://www.yrex.com/spam/spamconfig.php自動生成local.cf的內容。
# vi /etc/mail/spamassassin/local.cf
# SpamAssassin config file for version 3.x
# NOTE: NOT COMPATIBLE WITH VERSIONS 2.5 or 2.6
# See http://www.yrex.com/spam/spamconfig25.php for earlier versions
# Generated by http://www.yrex.com/spam/spamconfig.php (version 1.50)
# How many hits before a message is considered spam.
required_score 5.0
# Change the subject of suspected spam
rewrite_header subject *****SPAM*****
# Encapsulate spam in an attachment (0=no, 1=yes, 2=safe)
report_safe 1
# Enable the Bayes system
use_bayes 1
# Enable Bayes auto-learning
bayes_auto_learn 1
# Enable or disable network checks
skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 1
# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_languages all
# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales all
啟動SpamAssassin
# service spamassassin start
# chkconfig --level 35 spamassassin on
安裝MailScanner
下載http://www.mailscanner.info/files/4/rpm/MailScanner-4.60.8-1.rpm.tar.gz
版本.rpm.tar.gz
# tar zxvf MailScanner-4.60.8-1.rpm.tar.gz
# cd MailScanner-4.60.8-1
# ./install.sh
建立Mailscanner支持spamassassin所需的目錄:
# mkdir /var/spool/MailScanner/spamassassin
# chmod 700 /var/spool/MailScanner/spamassassin
# chown postfix.postfix /var/spool/MailScanner/spamassassin
作者:LEO http://zqli.cublog.cn/
MailScanner設定
1修改MailScanner.conf
# vi /etc/MailScanner/MailScanner.conf
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Virus Scanners = f-prot
Always Include SpamAssassin Report = yes
Use SpamAssassin = yes
Required SpamAssassin Score = 4
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamAssassin Install Prefix = /usr/bin
SpamAssassin Local Rules Dir = /etc/MailScanner
2、修改 postfix支持mailscanner
# vi /etc/postfix/main.cf
變更以下的值
header_checks = regexp:/etc/postfix/header_checks
# vi /etc/postfix/header_checks
/^Received:/ HOLD
注意, 在 / 之前不可以有空白!
3、變更目錄許可權
# chown -R postfix.postfix /var/spool/MailScanner/incoming
# chown postfix.postfix /var/spool/MailScanner/quarantine
停止postfix執行、啟動MailScanner
# postfix stop
# service MailScanner start
設定MailScanner,當MTA = postfix時,會自己啟動postfix,如有設定啟動postfix的請先將它停掉
定期更新病毒定義文件
# crontab -e
0 4 * * * /usr/local/f-prot/tools/check-updates.pl
並將原本在/etc/cron.hourly/update_virus_scanners 刪除掉
測試SpamAssassin
發一封郵件帶如下內容,接收后,標題應該帶有標記:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
測試防毒功能
可以到網上找一些病毒樣本或
登錄:http://www.windowsecurity.com/emailsecuritytest/
發送一些測試郵件來測試郵件系統的防病毒功能。
這樣,我們就已經搭建起一個基本的郵件系統。
作者:LEO http://zqli.cublog.cn/
提示:
如果要郵箱的存儲格式使用domain.ltd/username的形式,要這樣設置:
# vi /var/www/html/pa/config.inc.php
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';
# vi /etc/dovecot.conf
default_mail_env = maildir:/var/spool/mail/%d/%n
《解決方案》
好不容易解決了很多問題,終於把文檔搞出來了,希望大家支持~~~~
《解決方案》
強人,強烈支持!
先CP,以後有需要再安裝!
《解決方案》
頂一下,正在照著配置。中間遇到了一些問題,不知道弄玩能不能收發郵件。
《解決方案》