基于Linux和Postfix的郵件系統(tǒng)安裝手冊
====================================
本文介紹使用Linux+Postfix+Cyrus-SASL+Courier-IMAP+Tmail3.0+Spamassassin+Clamav+MailScanner
來架構一個具有多域名,有郵件列表、Webmail、防病毒、防垃圾郵件、Web管理界面的郵件系統(tǒng)。
本文在CentOS、RHEL上安裝測試通過,病毒過濾放棄采用amavisd。
主要采用執(zhí)行效率更高的MailSanner來對郵件過濾和垃圾郵件過濾,配置更容易,并且降低了系統(tǒng)開消。
讓系統(tǒng)更加穩(wěn)定,經(jīng)過嚴格病毒郵件測試成功率達到了100%。垃圾郵件過濾基本上達到了95%的成功率。
文檔目錄
1.安裝系統(tǒng)
2.關閉SELinux
3.設置YUM
4.安裝MySQL
5.安裝Apache
6.安裝PHP
7.安裝phpMyAdmin
8.設置數(shù)據(jù)庫:
9.增加Postfix的用戶和組
10.安裝Postfix
11.安裝Courier-authlib
12.設置authlib的環(huán)境變量
13.安裝Courier-IMAP
14.配置系統(tǒng)
15.配置SASL認證
16.配置Courier-IMAP
17.安裝Webmail
18.啟動服務測試
19.安裝Clamav
20.升級病毒庫
21.安裝Spamassassin
22.安裝MailScanner
23.設置MailScanner
24.測試病毒郵件
1.安裝系統(tǒng)
安裝之前:因用戶數(shù)據(jù)都保存在/var目錄下,因此安裝系統(tǒng)時/var的空間應盡量大。
系統(tǒng)的版本為最小化安裝,軟件包只安裝只裝開發(fā)包(development)。
在文檔中假設服務器的域名為test.com,主機名為mail.test.com。
請兄弟們仔細一些,注意空格和TAB。
2.關閉SELinux
[root@CentOS]# vi /etc/selinux/config
SELINUX=disable
[root@CentOS]# reboot
3.設置YUM
[root@CentOS yum.repos.d] vi CentOS-Base.repo
[base]
name=CentOS-4.3 - Base
baseurl=http://mirror.be10.com/centos/4.3/os/$basearch/
gpgcheck=1
gpgkey=http://mirror.be10.com/centos/RPM-GPG-KEY-centos4
#released updates
[update]
name=CentOS-4.3 - Updates
baseurl=http://mirror.be10.com/centos/4.3/updates/$basearch/
gpgcheck=1
gpgkey=http://mirror.be10.com/centos/RPM-GPG-KEY-centos4
#packages used/produced in the build but not released
[addons]
name=CentOS-4.3 - Addons
baseurl=http://mirror.be10.com/centos/4.3/addons/$basearch/
gpgcheck=1
gpgkey=http://mirror.be10.com/centos/RPM-GPG-KEY-centos4
#additional packages that may be useful
[extras]
name=CentOS-4.3 - Extras
baseurl=http://mirror.be10.com/centos/4.3/extras/$basearch/
gpgcheck=1
gpgkey=http://mirror.be10.com/centos/RPM-GPG-KEY-centos4
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-4.3 - Plus
baseurl=http://mirror.be10.com/centos/4.3/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirror.be10.com/centos/RPM-GPG-KEY-centos4
#contrib - packages by Centos Users
[contrib]
name=CentOS-4.3 - Contrib
baseurl=http://mirror.be10.com/centos/4.3/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirror.be10.com/centos/RPM-GPG-KEY-centos4
#packages in testing
[testing]
name=CentOS-4.3 - Testing
baseurl=http://mirror.be10.com/centos/4.3/testing/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirror.be10.com/centos/RPM-GPG-KEY-centos4
[root@CentOS yum.repos.d]# vi dag.repo
[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag
gpgcheck=1
enabled=1
[root@CentOS yum.repos.d]# yum update
4.安裝MySQL
[root@CentOS src]#yum install mysql-server
[root@CentOS src]#yum install mysql-devel
5.安裝Apache
[root@CentOS src]#yum install httpd
6.安裝PHP
[root@CentOS src]#yum install php
[root@CentOS src]#yum install php-mysql
[root@CentOS src]#yum install php-gd
[root@CentOS src]#yum install php-imap
yum install vsftpd
yum install clamav
yum install spamassassin
/usr/bin/freshclam
設置Apache
默認:
User apache
改為
User postfix
默認
Group apache
改為
Group postfix
默認
AddDefaultCharset UTF-8
改為
AddDefaultCharset gb2312
新加入:
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
7.安裝phpMyAdmin
[root@CentOS src]#tar zxf phpMyAdmin-2.8.0.3.tar.gz
[root@CentOS src]#mv phpMyAdmin-2.8.0.3 /var/www/html/sql/
8.設置數(shù)據(jù)庫
[root@CentOS src]#mysql
mysql> create database postfix;
mysql> use mysql;
mysql> INSERT INTO user (Host, User, Password) VALUES ('localhost', 'postfix', password('postfix'));
mysql> GRANT ALL ON postfix.* TO
[email=postfix@localhost]postfix@localhost[/email]
IDENTIFIED BY "postfix";
mysql> exit
[root@CentOS src] mysql –u root –p postfix
9.增加postfix的用戶和組
[root@CentOS src] groupadd -g 12345 postfix
[root@CentOS src] useradd -u 12345 -g 12345 -c Postfix -d /dev/null -s /sbin/nologin postfix
[root@CentOS src] groupadd -g 54321 postdrop
10.安裝postfix
[root@CentOS src] tar zxf postfix-2.2.10.tar.gz
[root@CentOS src] cd postfix-2.2.10
[root@CentOS src] patch -p1
11.安裝Courier-authlib
[root@CentOS src] tar jxf Courier-authlib-0.58.tar.bz2
[root@CentOS src] cd Courier-authlib-0.58
[root@CentOS src] ./configure --prefix=/usr/lib/authlib --without-authpam \
--without-authcustom --without-authpgsql --without-authldap \
--without-authuserdb --without-authpwd --without-authshadow \
--without-authvchkpw --with-authmysql \
--with-authdaemonvar=/usr/lib/authlib/var \
--mandir=/usr/lib/man --without-stdheaderdir \
--sysconfdir=/usr/lib/authlib/etc \
--with-redhat
[root@CentOS src] make
[root@CentOS src] make install
[root@CentOS src] make install-migrate
[root@CentOS src] make install-configure
12.設置authlib的環(huán)境變量
[root@CentOS src] COURIERAUTHCONFIG=/usr/lib/authlib/bin/courierauthconfig
[root@CentOS src] export COURIERAUTHCONFIG
13.安裝Courier-IMAP
[root@CentOS src] tar jxf courier-imap-4.1.0.tar.bz2
[root@CentOS src] cd courier-imap-4.0.6
[root@CentOS src] ./configure --prefix=/usr/lib/imapd \
--silent --without-authpgsql --without-ipv6 \
--with-redhat --with-authmysql \
--mandir=/usr/lib/man --disable-root-check
[root@CentOS src] make
[root@CentOS src] make install
[root@CentOS src] make install-configure
14.配置系統(tǒng)
[root@CentOS src] rm -f /etc/aliases*
[root@CentOS src] ln -s /etc/postfix/aliases /etc/aliases
[root@CentOS src] echo 'root: postfix' >> /etc/postfix/aliases
[root@CentOS src] /usr/bin/newaliases
[root@CentOS src] chown -R postfix:postfix /var/mail
[root@CentOS src] chown -R postfix:postfix /var/lib/php/session
[root@CentOS src] vi /etc/postfix/main.cf
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
unknown_local_recipient_reject_code = 550
header_checks = regexp:/etc/postfix/header_checks
#=====================BASE=======================
myhostname = mail.test.com
mydomain = test.com
mydestination =
local_recipient_maps =
local_transport = virtual
#=====================MySQL======================
virtual_alias_maps = mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:54321
virtual_mailbox_base = /
virtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 125
virtual_transport = virtual
virtual_uid_maps = static:12345
#=====================Quota======================
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes
#======================SASL======================
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_delay_reject=yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_auth_destination, reject
smtpd_client_restrictions = permit_sasl_authenticated
[root@CentOS src] vi mysql_virtual_alias_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT alias FROM userinfo WHERE address='%s' AND active = 1
[root@CentOS src] vi mysql_virtual_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT domain FROM domaininfo WHERE domain='%s'
[root@CentOS src] vi mysql_virtual_mailbox_limit_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT quota FROM userinfo WHERE address='%s'
[root@CentOS src] vi mysql_virtual_mailbox_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT maildir FROM userinfo WHERE address='%s' AND active = 1
15.配置SASL認證
[root@CentOS src] vi /usr/lib/sasl2/smtpd.conf
pwcheck_method: authdaemond
log_level: 3
mech_list: plain login
authdaemond_path:/usr/lib/authlib/var/socket
16.配置Courier-IMAP
[root@CentOS src] vi /usr/lib/authlib/etc/authlib/authmysqlrc
#############下面兩個字段之間的空白必須為Tab符###############
MYSQL_SERVER localhost
MYSQL_USERNAME postfix
MYSQL_PASSWORD postfix
MYSQL_PORT 0
MYSQL_OPT 0
MYSQL_DATABASE postfix
MYSQL_USER_TABLE userinfo
MYSQL_CRYPT_PWFIELD passwd
MYSQL_UID_FIELD '12345'
MYSQL_GID_FIELD '54321'
MYSQL_LOGIN_FIELD address
MYSQL_HOME_FIELD homedir
MYSQL_NAME_FIELD realname
MYSQL_MAILDIR_FIELD maildir
MYSQL_QUOTA_FIELD quota
[root@CentOS src] vi /usr/lib/authlib/etc/authlib/authdaemonrc
authmodulelist="authmysql"
authmodulelistorig="authmysql"
version="authdaemond.mysql"
daemons=5
subsystem=mail
DEBUG_LOGIN=0
DEFAULTOPTIONS="wbnodsn=1"
[root@CentOS src] vi /usr/lib/imapd/etc/pop3d
默認POP3DSTART=NO 改為POP3DSTART=YES
[root@CentOS src] vi /usr/lib/imapd/etc/imapd
默認IMAPDSTART=NO 改為IMAPDSTART=YES
[root@CentOS src] chmod +x /usr/lib/authlib/var/
[root@CentOS src] cp courier-authlib /etc/rc.d/init.d/
[root@CentOS src] chmod 755 /etc/rc.d/init.d/courier-authlib
[root@CentOS src] chkconfig --add courier-authlib
[root@CentOS src] cp courier-imap /etc/rc.d/init.d/
[root@CentOS src] chmod 755 /etc/rc.d/init.d/courier-imap
[root@CentOS src] chkconfig --add courier-imap
17.安裝Webmail
[root@CentOS src] vi /var/www/html/webmail/config/config_inc.php
$CFG_BASEPATH = "/var/www/html/webmail/temp"; //臨時目錄
define(MYSQL_HOST, 'localhost'); //數(shù)據(jù)庫主機名
define(MYSQL_USER, 'postfix'); //數(shù)據(jù)庫用戶名
define(MYSQL_PASS, 'postfix'); //數(shù)據(jù)庫密碼
define(MYSQL_DATA, 'postfix'); //數(shù)據(jù)庫名稱
$CFG_NETDISK_PATH = "/var/mail/netdisk"; //文件管理存儲目錄
[root@CentOS src] vi /var/www/html/webmail/webadmin/include/config.inc.php
define(mysql_HOST, 'localhost'); //數(shù)據(jù)庫主機名
define(mysql_USER, 'postfix'); //數(shù)據(jù)庫用戶名
define(mysql_PASS, 'postfix'); //數(shù)據(jù)庫密碼
define(mysql_DATA, 'postfix'); //數(shù)據(jù)庫名稱
[root@CentOS src] mkdir /var/mail/netdisk
[root@CentOS src] chown –R postfix:postfix /var/mail/netdisk
[root@CentOS src] mkdir /var/www/html/webmail/temp
[root@CentOS src] chown –R postfix:postfix /var/www/html/webmail/temp
18.啟動服務測試
[root@CentOS src] chkconfig httpd on
[root@CentOS src] chkconfig mysqld on
[root@CentOS src] service httpd start
[root@CentOS src] service mysqld start
[root@CentOS src] service courier-authlib start
[root@CentOS src] service courier-imap start
[root@CentOS src] postfix start
通過后臺加入域名和用戶名(本文檔中的域名為:test.com、用戶名:
test@test.com)
[root@CentOS src] perl -MMIME::Base64 -e 'print encode_base64("test\@test.com");'
dGVzdEB0ZXN0LmNvbQ==
[root@CentOS src] perl -MMIME::Base64 -e 'print encode_base64("000000");'
MDAwMDAw
[root@CentOS src] telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.test.com ESMTP Postfix
ehlo mail
250-mail.test.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250 8BITMIME
auth login
334 VXNlcm5hbWU6
dGVzdEB0ZXN0LmNvbQ== //用戶名(
test@test.com)
334 UGFzc3dvcmQ6
MDAwMDAw // 密碼(000000)
235 Authentication successful //表示成功驗證通過
19.安裝Clamav
[root@CentOS src] rpm --import
http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt[root@CentOS src] rpm --import RPM-GPG-KEY.dag.txt
[root@CentOS src] rpm -q gpg-pubkey --qf "%{summary} -> %{version}-%{release}\n"
gpg(CentOS-4 key ) -> 443e1821-421f218f
gpg(Dag Wieers (Dag Apt Repository v1.0) ) -> 6b8d79e6-3f49313d
[root@CentOS src] vi /etc/yum.repos.d/dag.repo
[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag
gpgcheck=1
enabled=1
[root@CentOS src] yum update
[root@CentOS src] yum install clamav
20.升級病毒庫
[root@CentOS src] /usr/bin/freshclam
ClamAV update process started at Thu Mar 9 17:23:21 2006
main.cvd is up to date (version: 36, sigs: 44686, f-level: 7, builder: tkojm)
daily.cvd is up to date (version: 1319, sigs: 1376, f-level: 7, builder: ccordes)
21.安裝Spamassassin
[root@CentOS src] yum install spamassassin
[root@CentOS src] service spamassassin start
22.安裝MailScanner
[root@CentOS src] tar zxf MailScanner-4.51.5-1.rpm.tar.gz
[root@CentOS src] MailScanner-4.51.5-1/install.sh
23.設置MailScanner
[root@CentOS src] chkconfig sendmail off
[root@CentOS src] chkconfig --level 2345 MailScanner on
[root@CentOS src] vi /etc/MailScanner/MailScanner.conf
%org-name% = test.com
%org-long-name% = wooxian
%web-site% =
http://www.test.com/%report-dir% = /etc/MailScanner/reports/cn
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Virus Scanners = clamav
Always Include SpamAssassin Report = yes
Use SpamAssassin = yes
Required SpamAssassin Score = 6
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamAssassin Install Prefix = /usr/bin
SpamAssassin Local Rules Dir = /etc/MailScanner
[root@CentOS src] yum install unrar
[root@CentOS src] unrar x ../src/cn.rar
[root@CentOS src] mv cn /etc/MailScanner/reports/
[root@CentOS src] mv /etc/postfix/header_check /etc/postfix/header_check.bak
[root@CentOS src] vi /etc/postfix/header_check
/^Received:/ HOLD
[root@CentOS src] chown –R postfix:postfix /var/spool/MailScanner/*
[root@CentOS src] postfix stop
[root@CentOS src] service MailScanner start
24.測試病毒郵件
[root@CentOS src] telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.test.com ESMTP Postfix
ehlo mail
250-mail.test.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250 8BITMIME
auth login
334 VXNlcm5hbWU6
dGVzdEB0ZXN0LmNvbQ== //用戶名(
test@test.com)
334 UGFzc3dvcmQ6
MDAwMDAw // 密碼(000000)
235 Authentication successful //表示成功驗證通過
MAIL FROM:
250 Ok
RCPT TO:
250 Ok
DATA
354 End data with .
Subject:Virus test
[email=X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H]X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H[/email]
*
.
250 Ok: queued as F0C221CC20 //出現(xiàn)F0C221CC20這行表示MailScanner運行成功了
quit
221 Bye
Connection closed by foreign host.
收到郵件后會在主題會變成:{Virus?} Virus test
郵件內容會是以下內容:
警告: 此郵件有一個或多個附加檔案被移除
警告: 附加檔案名稱: (詳細訊息).
警告: 請參考此信件附加檔案 "test.com-Attachment-Warning.txt" 取得更詳細的資料
此訊息由 MailScanner 電子郵件防護系統(tǒng)發(fā)出
--------------------------------------------------------------------
原有郵件附加檔案為 "詳細訊息" 被列入拒絕處理的名單.
且被替換為此訊息.
若您仍希望收到*被感染的*附加檔案,,請聯(lián)絡系統(tǒng)管理者.包含以下內容:
Thu Mar 9 15:57:25 2006 病毒偵測報告:
ClamAV: msg-3682-1.txt contains Eicar-Test-Signature
求助問題: 檢查 the test.com () MailScanner 機器的 /var/spool/MailScanner/quarantine/20060309 (編號 639F13F97B.BBC3F).
--
系統(tǒng)管理者
以上內容出現(xiàn)表示MailScanner的病毒過濾生效。并成功運行??!
本文來自ChinaUnix博客,如果查看原文請點:http://blog.chinaunix.net/u/5795/showart_104618.html