/ 中存储网

CentOS 5系统安装基于Postfix的邮件系统

2014-07-13 20:15:16 来源:中存储网
目录:
目标:配置一个功能齐全的Mail系统
1)安装 需要的软件包
2)DNS相关配置
2.1)建立正向反向和MX记录
2.2)测试DNS配置
3)安装Postfix
4) 配置Postfix
4.1)配置Postfix的主配置文件 /etc/postfix/main.cf
4.2)配置Postfix虚拟 用户的配置文件
5)配置dovecot (IMAP/IMAPS/POP3/POP3S)
5.1)配置dovecot的主配置文件 /etc/dovecot.conf
5.2)配置dovecot的mysql认证配置文件
6)测试发信认证及收信
6.1)LOGIN 登录测试
6.2)pop3收信测试
7)安装Extmail-1.0.2
7.1)解压安装
7.2)修改Extmail主配 置文件
7.3)APACHE相关配置
7.4)Extmail依赖关系的解决
8)安装Extman-0.2.2
8.1)解 压安装
8.2)修改Extman的主配置文件
8.3)APACHE相关配置
9)开启Apache/Mysql/Bind,并让他 们自启动
10)安装反垃圾SpamAssassin
11)安装反病毒Clamav
12)安装MailScanner

1)安装需要的软件包
Mysql部分
[root@mailtest /]# rpm -qa|grep mysql
mysql-connector-odbc-3.51.12-2.2
mysql-devel-5.0.22-2.1
mysql-server-5.0.22-2.1
mod_auth_mysql-3.0.0-3.1
php-mysql-5.1.6-15.el5
mysql-5.0.22-2.1
libdbi-dbd-mysql-0.8.1a-1.2.2


Http部分
[root@mailtest /]# rpm -qa|grep http
httpd-2.2.3-6.el5.centos.1


Php部分
[root@mailtest /]# rpm -qa|grep php
php-mysql-5.1.6-5.el5
php-5.1.6-5.el5
php-mbstring-5.1.6-5.el5
php-common-5.1.6-5.el5
php-cli-5.1.6-5.el5
php-pdo-5.1.6-5.el5
php-gd-5.1.6-5.el5


Perl部分
[root@mailtest noarch]# rpm -qa|grep perl
perl-HTML-Tagset-3.10-2.1.1
perl-Digest-HMAC-1.01-15
perl-HTML-Parser-3.56-1
perl-Sys-Hostname-Long-1.4-1
perl-Net-DNS-0.59-1.fc6
perl-XML-SAX-0.14-5
perl-IO-stringy-2.108-1
perl-DBI-1.56-1
perl-5.8.8-10
mod_perl-2.0.2-6.1
perl-Socket6-0.19-3.fc6
perl-IO-Socket-INET6-2.51-2.fc6
perl-IO-String-1.08-1.1.1
perl-Convert-ASN1-0.20-1.1
perl-TimeDate-1.16-3
perl-MIME-tools-5.420-1
perl-DBD-SQLite-1.13-1
perl-BSD-Resource-1.28-1.fc6.1
perl-DBD-MySQL-3.0007-1.fc6
perl-IO-Zlib-1.04-4.2.1
perl-Digest-SHA1-2.11-1.2.1
perl-Archive-Tar-1.30-1.fc6
perl-IO-Socket-SSL-1.01-1.fc6
perl-LDAP-0.33-3.fc6
perl-libwww-perl-5.805-1.1.1
perl-MailTools-1.71-1
perl-Convert-TNEF-0.17-1
perl-Filesys-Df-0.90-1
perl-URI-1.35-3
perl-Compress-Zlib-1.42-1.fc6
perl-Net-IP-1.25-2.fc6
perl-XML-NamespaceSupport-1.09-1.2.1
perl-Net-CIDR-0.11-1
perl-Archive-Zip-1.16-1
perl-String-CRC32-1.4-2.fc6
perl-Net-SSLeay-1.30-4.fc6
perl-Convert-BinHex-1.119-2



Spamassassin部分
[root@mailtest /]# rpm -qa|grep spamassassin
spamassassin-3.1.7-4.el5



Dovecot部分
[root@mailtest /]# rpm -qa|grep dovecot
dovecot-1.0-1.2.rc15.el5  #imap imaps pop3 pop3s



Cyrus-sasl部分
[root@mailtest /]# rpm -qa|grep cyrus-sasl
cyrus-sasl-lib-2.1.22-4
cyrus-sasl-plain-2.1.22-4
cyrus-sasl-devel-2.1.22-4
cyrus-sasl-2.1.22-4
cyrus-sasl-md5-2.1.22-4
cyrus-sasl-sql-2.1.22-4


Spamassassin所依赖的包
perl-Archive-Tar-1.30-1.fc6.noarch.rpm    
perl-IO-Socket-SSL-1.01-1.fc6.noarch.rpm
perl-Compress-Zlib-1.42-1.fc6.i386.rpm     
perl-IO-Zlib-1.04-4.2.1.noarch.rpm
perl-Digest-HMAC-1.01-15.noarch.rpm        
perl-Net-DNS-0.59-1.fc6.i386.rpm
perl-Digest-SHA1-2.11-1.2.1.i386.rpm       
perl-Net-IP-1.25-2.fc6.noarch.rpm
perl-HTML-Parser-3.55-1.fc6.i386.rpm       
perl-Net-SSLeay-1.30-4.fc6.i386.rpm
perl-HTML-Tagset-3.10-2.1.1.noarch.rpm     
perl-Socket6-0.19-3.fc6.i386.rpm
perl-IO-Socket-INET6-2.51-2.fc6.noarch.rpm 

Postfix所依赖的包
db4-devel-4.3.29-9.fc6.i386.rpm
e2fsprogs-devel-1.39-8.el5.i386.rpm
krb5-devel-1.5-17.i386.rpm
zlib-devel-1.2.3-3.i386.rpm
openssl-devel-0.9.8b-8.3.el5.i386.rpm
mysql-devel-5.0.22-2.1.i386.rpm
cyrus-sasl-devel-2.1.22-4.i386.rpm


gcc所依赖的包
libgomp-4.1.1-52.el5.i386.rpm
gcc-4.1.1-52.el5.i386.rpm


其他软件包
perl-libwww-perl-5.805-1.1.1.noarch.rpm
avahi-compat-howl-0.6.16-1.el5.i386.rpm
openldap-servers-sql-2.3.27-5.i386.rpm
perl-LDAP-0.33-3.fc6.noarch.rpm
kernel-devel-2.6.18-8.el5.i686.rpm
elfutils-libelf-0.125-3.el5.i386.rpm
elfutils-libelf-devel-0.125-3.el5.i386.rpm
rpm-build-4.4.2-37.el5.i386.rpm

建议安装与系统管理相关的两个包
nmap-4.11-1.1.i386.rpm
sysstat-7.0.0-3.el5.i386.rpm
下 面的两个软件包用于clamav的数字签名
gmp-devel-4.1.4-10.el5
gmp-4.1.4-10.el5

2)DNS相关配置
2.1)建立正向反向和MX记录
[root@mailtest ~]# cat /var/named/named.test.hk
$TTL 86400
@                         IN          SOA        test.hk.         test1.test.hk  (
1997022700 ; Serial
28800      ; Refresh
14400      ; Retry
3600000    ; Expire
86400 )    ; Minimum
IN          NS         mailtest
test.hk.                IN          MX  5      mail.test.hk.
mail                    IN          A          10.10.119.204
mailtest                IN          A          10.10.119.204
[root@mailtest ~]# cat /var/named/named.10.10.119
$TTL 86400
@                         IN          SOA        test.hk.         test1.test.hk  (
1997022700 ; Serial
28800      ; Refresh
14400      ; Retry
3600000    ; Expire
86400 )    ; Minimum
IN             NS      mailtest
204                  IN             PTR     mail.test.hk.
204                  IN             PTR     mailtest.test.hk.
[root@mailtest ~]# hostname
mailtest.test.hk


2.2)测试DNS配置
[root@mailtest ~]# nslookup mail.test.hk
Server:         10.10.119.204
Address:        10.10.119.204#53


Name:   mail.test.hk
Address: 10.10.119.204

[root@mailtest ~]# nslookup mailtest.test.hk
Server:         10.10.119.204
Address:        10.10.119.204#53

Name:   mailtest.test.hk
Address: 10.10.119.204

[root@mailtest ~]# nslookup 10.10.119.204
Server:         10.10.119.204
Address:        10.10.119.204#53

204.119.10.10.in-addr.arpa      name = mail.test.hk.
204.119.10.10.in-addr.arpa      name = mailtest.test.hk.

[root@mailtest ~]# ping mailtest.test.hk
PING mailtest.test.hk (10.10.119.204) 56(84) bytes of data.
64 bytes from mailtest.test.hk (10.10.119.204): icmp_seq=1 ttl=64 time=0.793 ms
64 bytes from mailtest.test.hk (10.10.119.204): icmp_seq=2 ttl=64 time=0.046 ms
64 bytes from mailtest.test.hk (10.10.119.204): icmp_seq=3 ttl=64 time=0.040 ms

--- mailtest.test.hk ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.040/0.293/0.793/0.353 ms
[root@mailtest ~]# ping mail.test.hk
PING mail.test.hk (10.10.119.204) 56(84) bytes of data.
64 bytes from mail.test.hk (10.10.119.204): icmp_seq=1 ttl=64 time=0.395 ms
64 bytes from mail.test.hk (10.10.119.204): icmp_seq=2 ttl=64 time=0.037 ms
64 bytes from mail.test.hk (10.10.119.204): icmp_seq=3 ttl=64 time=0.038 ms

--- mail.test.hk ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.037/0.156/0.395/0.169 ms

Note:DNS的配置错误多看Bind的日志文件/var/log/messages


3)安装Postfix
虽然CentOS 5自带Postfix,但因为其不支持SSL及Mysql/LDAP,所以我们需要自行编译


[root@mailtest /]# rpm -e sendmail --nodeps   #卸载系统自带的sendmail
[root@mailtest /]# groupadd postfix    #添加postfix用户
[root@mailtest /]# groupadd postdrop    #添加postdrop组
[root@mailtest /]# useradd postfix -g postfix -G postdrop -c "Postfix User" -d /dev/null -s /sbin/nologin #添加postfix用户
[root@mailtest /]# mkdir -pv /tmp/postfix   #建立postfix的临时目录
[root@mailtest /]# chown -R postfix.postfix /tmp/postfix #给postfix的临时目录相关权限
[root@mailtest /]# mkdir -pv /home/domains/   #建立虚拟邮件用户的邮件存放目录
[root@mailtest /]# chown -R postfix.postfix /home/  #给虚拟邮件用户的邮件存放目录相关权限
[root@mailtest /]# tar zxvf postfix-2.4.6.tar.gz        #解压postfix包
[root@mailtest /]# cd postfix-2.4.6          #进入postfix解压目录
[root@mailtest postfix-2.4.5]# make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_TLS -DUSE_CYRUS_SASL -DUSE_SASL_AUTH -I/usr/include/sasl -DHAS_LDAP' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib -lssl -lcrypto -lsasl2 -L/usr/lib/openldap -llber -lldap'


#配置编译环境支持sasl/tls/mysql/ldap.相关编译参数参考readme文件
#在64bit的机器上安装,要将 参数里面的lib换成lib64       


[root@mailtest postfix-2.4.6]# make  #编译postfix
[root@mailtest postfix-2.4.6]# make install #安装postfix文件到相应目录并配置
Note:make install命令后的所有问题都直接敲回车键即可。最好能改下临时目录到/tmp/postfix

生成别名二进制文件,这个步骤如果忽略,会造成postfix效率极低:
[root@mailtest postfix-2.4.6]#  newaliases


4)配置Postfix
4.1)配置Postfix的主配置文件 /etc/postfix/main.cf
#=====================BASE=========================
myhostname = mail.test.hk     #postfix服务的邮件主机的主机名,建虚拟域时不要建这个同名的
mydomain = test.hk      #postfix服务的邮件主机的域名
myorigin = $mydomain      #设置由本机寄出的邮件所使用的域名或主机名称
mydestination = $myhostname localhost localhost.$mydomain #设置可接收邮件的主机名称或域名
mynetworks = 10.10.119.0/24 127.0.0.0/8    #设置可转发哪些网络的邮件,不需要认证的网段
inet_interfaces = all      #设置postfix服务监听的网络接口
#relay_domains = $mydestination     #设置可转发哪些网域的邮件


#=====================Vritual Mailbox settings=========================
virtual_mailbox_base = /home/domains
virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:501
virtual_gid_maps = static:502
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1

#====================QUOTA========================
message_size_limit = 5242880  #每个邮件最大尺寸5M
mailbox_size_limit = 209715200  #邮箱大小限制200M
virtual_mailbox_limit = 209715200 #虚拟邮箱大小限制200M
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql/mysql_virtual_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes

#====================SASL========================
smtpd_sasl_type = dovecot    #使用dovecot进行验证
smtpd_sasl_path = /var/run/dovecot/auth-client  #与dovecot.conf中如下的的path一致
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_unknown_sender_domain,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_unauth_destination,
permit

# From: 本地域           To: 任何地址      必须认证且验证用户和From:必须一致
# From: 任何非本地地址   To: 本地地址     无需认证
# From: 任何非本地       To: 任何地址     拒绝

#列出本地用户的列表,以便验证 From: 本地域 To: 本地域
#smtpd_sender_login_maps =
#    mysql:/etc/postfix/mysql/mysql_virtual_sender_maps.cf,
#    mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf

#smtpd_reject_unlisted_sender = yes

#本地域向本地域发信也需要SMTP身份验证
#smtpd_sender_restrictions =
#    reject_sender_login_mismatch,
#    reject_authenticated_sender_login_mismatch,
#    reject_unauthenticated_sender_login_mismatch


#smtpd_error_sleep_time = 1s
#smtpd_soft_error_limit = 10
#smtpd_hard_error_limit = 20



smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner=$myhostname ESMTP "Version not Available"


readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
html_directory = no
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/local/man
daemon_directory = /usr/libexec/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix

#====================SSL/TLS========================
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/smtpd.pem
smtpd_tls_CAfile = /etc/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom


生成证书
[root@mailtest postfix]# mkdir /etc/ssl
[root@mailtest postfix]# cd /etc/ssl
[root@mailtest ssl]# openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650
Generating a 1024 bit RSA private key
..++++++
..++++++
writing new private key to 'smtpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:GD
Locality Name (eg, city) [Newbury]:DG
Organization Name (eg, company) [My Company Ltd]:www.test.hk
Organizational Unit Name (eg, section) []:PROC
Common Name (eg, your name or your server's hostname) []:www.test.hk
Email Address []:test1@test.hk



4.2)配置Postfix虚拟用户的配置文件
[root@mailtest mysql]# vi /etc/postfix/mysql/mysql_virtual_alias_maps.cf
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = alias
select_field = goto
where_field = address
additional_conditions = AND active = '1'


[root@mailtest mysql]# vi /etc/postfix/mysql/mysql_virtual_domains_maps.cf
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = domain
select_field = domain
where_field = domain
additional_conditions = AND active = '1'

[root@mailtest mysql]# vi /etc/postfix/mysql/mysql_virtual_limit_maps.cf
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = mailbox
select_field = quota
where_field = username
additional_conditions = AND active = '1'

[root@mailtest mysql]# vi /etc/postfix/mysql/mysql_virtual_mailbox_maps.cf
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = mailbox
select_field = maildir
where_field = username
additional_conditions = AND active = '1'

5)配置dovecot
5.1)配置dovecot的主配置文件/etc/dovecot.conf
[root@mailtest /]# cp /etc/dovecot.conf /etc/dovecot.conf-orig #备份一份dovecot的原始配置文件
[root@mailtest /]# vi /etc/dovecot.conf    #编辑dovecot配置文件
base_dir=/var/run/dovecot
protocols=imap imaps pop3 pop3s
listen=*
mail_location = maildir:/vmail/domains/%d/%n/Maildir  #虚拟用户maildir形式的邮箱路径(和Extmail一致)
auth default {
mechanisms = plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi  #认证方法(ldap认证不支持除plain login外的)
passdb sql {       #去掉前面的注释
args = /etc/dovecot-sql.conf     #定义mysql文件路径
userdb sql {       #去掉前面的注释
args = /etc/dovecot-sql.conf     #定义mysql文件路径
socket listen {
client {
path = /var/run/dovecot/auth-client
      mode = 0660
      user = postfix      #添加
      group = postfix      #添加
    }        #去掉前面的注释
  }        #去掉前面的注释
}

5.2)配置dovecot的mysql认证配置文件
[root@mailtest ~]# more /etc/dovecot-sql.conf
driver = mysql
connect = host=/var/lib/mysql/mysql.sock dbname=extmail user=extmail password=extmail
default_pass_scheme = MD5
#password_query = select username as user,password from mailbox where substring(username,1,instr(username,'@')-1) = '%n' and active='1'  #这样些的话,不同的域有相同的用户的话会出现多个匹配导致认证失败
password_query = select username as user,password from mailbox where username = '%u' and active='1'
user_query = select maildir as home,501 as uid ,502 as gid from mailbox where username='%u' and active='1'


6)测试发信认证及收信
您可以通过登录postfixadmin新建虚拟域和虚拟用户,也可以直接在mysql中进行创建;
本 示例中创建了一个虚拟域:test.hk,并创建了两个虚拟用户:
和,密码分别为test1和test2


由于login认证采用Base64编码格式,故先将用户test1@test.hk的登录名和密码进行相应的编码:
[root@mailtest postfix]# perl -e 'use MIME::Base64; print encode_base64("test1@test.hk")'
dGVzdDFAdGVzdC5oaw==

[root@mailtest postfix]# perl -e 'use MIME::Base64; print encode_base64("test1")'
dGVzdDE=

6.1)LOGIN登录测试:
C:>telnet 10.10.119.204 25
220 mail.test.hk ESMTP "Version not Available"
ehlo mail
250-mail.test.hk
250-PIPELINING
250-SIZE 5242880
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH LOGIN
334 VXNlcm5hbWU6
dGVzdDFAdGVzdC5oaw==
334 UGFzc3dvcmQ6
dGVzdDE=
235 2.0.0 Authentication successful
mail from:test1@test.hk
250 2.1.0 Ok
rcpt to:test2@test.hk
250 2.1.5 Ok
data
354 Please start mail input.
test send mail
.
quit
221 Closing connection. Good bye.

Connection to host lost.
C:>


6.2)POP3收信测试
先对用户进 行Base64编码,而后认证登入,测试pop3收信
[root@mailtest postfix]# perl -e 'use MIME::Base64; print encode_base64("test2@test.hk")'
dGVzdDJAdGVzdC5oaw==
[root@mailtest postfix]# perl -e 'use MIME::Base64; print encode_base64("test2")'
dGVzdDI=



C:>telnet 10.10.119.204 110
+OK Dovecot ready.
AUTH LOGIN
+ VXNlcm5hbWU6
dGVzdDJAdGVzdC5oaw==
+ UGFzc3dvcmQ6
dGVzdDI=
+OK Logged in.
LIST
+OK 1 messages:
1 1410
.
RETR 1
+OK 1410 octets
Return-Path: <>
X-Original-To:
Delivered-To:
Received: from d2800js7mh1x (unknown [10.10.119.250])
        by mail.test.hk (Postfix) with ESMTP id E8D9413B540
        for <>; Fri, 16 Nov 2007 08:23:43 +0800 (CST)
Message-ID: <>
From: "test1" <>
To: <>
Subject: test.hk
Date: Fri, 16 Nov 2007 10:02:55 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0003_01C82837.DBACB3E0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198


This is a multi-part message in MIME format.

------=_NextPart_000_0003_01C82837.DBACB3E0
Content-Type: text/plain;
        charset="gb2312"
Content-Transfer-Encoding: quoted-printable

test.hk
------=_NextPart_000_0003_01C82837.DBACB3E0
Content-Type: text/html;
        charset="gb2312"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dgb2312">
<META content=3D"MSHTML 6.00.2900.3199" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>test.hk</FONT></DIV></BODY></HTML>

------=_NextPart_000_0003_01C82837.DBACB3E0--


.


7)安装Extmail-1.0.2
7.1)解压安装
# tar zxvf extmail-1.0.2.tar.gz
# mkdir -pv /var/www/extsuite
# mv extmail-1.0.2 /var/www/extsuite/extmail
# cp /var/www/extsuite/extmail/webmail.cf.default  /var/www/extsuite/extmail/webmail.cf

7.2)修改Extmail主配置文件
#vi /var/www/extsuite/webmail.cf
部分修改选项的说明:

SYS_SESS_DIR = /tmp/
临时目录选项,可改作:
SYS_SESS_DIR = /tmp/extmail/

然后建立目录并附权限
[root@mailtest extmail]# mkdir /tmp/extmail
[root@mailtest extmail]# chown -R postfix.postfix /tmp/extmail/

SYS_MESSAGE_SIZE_LIMIT = 5242880
用户可以发送的最大邮件

SYS_USER_LANG = en_US
语言选项,可改作:
SYS_USER_LANG = zh_CN

SYS_LOG_TYPE = syslog
LOG选项,如果用syslog,需要安装Unix:syslog模块,此处选择用ASCII 文件作为日志
SYS_LOG_TYPE = file

生成extmail日志文件并赋予权限
[root@mailtest extmail]# touch /var/log/extmail.log
[root@mailtest extmail]# chown postfix.postfix /var/log/extmail.log


SYS_MAILDIR_BASE = /home/domains


SYS_MYSQL_USER = db_user
SYS_MYSQL_PASS = db_pass
SYS_MYSQL_DB = extmail
以上三句用来设置连接数据库服务器所使用用户名、密码和邮件服务器用到的数据库,这里修改为:
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
SYS_MYSQL_DB = extmail

7.3)APACHE相关配置
由于extmail要进行本地邮件的投递操作,故必须将运行apache服务器用户的身份修改为您的邮件投递 代理的用户;本例中打开了apache服务器的suexec功能,故使用以下方法来实现虚拟主机运行身份的指定。此例中的MDA为postfix自带,因 此将指定为postfix用户:

备份一份Apache的主配置文件
[root@mailtest soft]# cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf-orig

注释掉#DocumentRoot "/var/www/html"启用基于域名的虚拟主机
<VirtualHost mail.test.hk:80>
ServerName mail.test.hk
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
SuexecUserGroup postfix postfix
</VirtualHost>


修改 cgi执行文件属主为apache运行身份用户:
[root@mailtest soft]# chown -R postfix.postfix /var/www/extsuite/extmail/cgi/


如果您没有打开apache服务器的suexec功能,也可以使用以下方法解决:
[root@mailtest soft]# vi /etc/httpd/config/httpd.conf
User postfix
Group postfix

<VirtualHost mail.test.hk:80>
ServerName mail.test.hk
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi
Alias /extman /var/www/extsuite/extman/html
</VirtualHost>

7.4)Extmail依赖关系的解决
extmail将会用到perl的DBD::Mysql和Unix::syslogd功能,对于第一 个模块,我是安装OS自带的RPM包,第二个模块没有使用,前面有说明
perl-DBD-MySQL-3.0007-1.fc6


下面是网上的方法解决依赖问题
extmail将会用到perl的DBD::Mysql和Unix::syslogd功能,您可以去http://search.cpan.org搜索下载原码包进行安装。
# tar zxvf Unix-Syslog-0.100.tar.gz
# cd Unix-Syslog-0.100
# perl Makefile.PL
# make
# make install


DBD-Mysql目前最新的版本为DBD-mysql-4.005,但它和系统中的perl结合使用时会造成extmail无法正常使用,因此我 们采用3的版本:
# tar zxvf DBD-mysql-3.0002_4.tar.gz 
# cd cd DBD-mysql-3.0002_4
# perl Makefile.PL   (此步骤中如果出现类同Can't exec "mysql_config": No such file or directory at Makefile.PL line 76.的错误是因为您的mysql的bin目录没有输出至$PATH环境变量)
# make
# make install

8)安装Extman-0.2.2
8.1)解压安装
[root@mailtest soft]#  tar zxvf  extman-0.2.2.tar.gz
[root@mailtest soft]#  mv extman-0.2.2 /var/www/extsuite/extman


8.2)修改Extman的主配置文件
[root@mailtest soft]# vi /var/www/extsuite/extman/webman.cf


SYS_SESS_DIR = /tmp/
临时目录选项,可改作:
SYS_SESS_DIR = /tmp/extman/

然后建立目录并附权限
[root@mailtest extmail]# mkdir -pv /tmp/extman
[root@mailtest extmail]# chown -R postfix.postfix /tmp/extman/


修改cgi执行文件属主为apache运行身份用户
[root@mailtest soft]#  chown -R postfix.postfix /var/www/extsuite/extman/cgi/



8.3)APACHE相关配置
在apache的主配置文件中Extmail的虚拟主机部分,添加如下两行:
ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi
Alias /extman /var/www/extsuite/extman/html


最后虚拟主机的配置文件成为下面的这个样子
<VirtualHost mail.test.hk:80>
ServerName mail.test.hk
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi
Alias /extman /var/www/extsuite/extman/html
SuexecUserGroup postfix postfix
</VirtualHost>


配置Mailgraph_ext,使用Extman的图形日志:
接下来安装图形日志的运行所需要的软件包Time::HiRes、 File::Tail和rrdtool,其中前两个包您可以去http://search.cpan.org搜 索并下载获得,后一个包您可以到 http://oss.oetiker.ch/rrdtool/pub/?M=D下 载获得; 注意安装顺序不能改换。


安装Time::HiRes
#tar zxvf Time-HiRes-1.9707.tar.gz
#cd Time-HiRes-1.9707
#perl Makefile.PL
#make
#make test
#make install

安装File::Tail
#tar zxvf File-Tail-0.99.3.tar.gz
#cd File-Tail-0.99.3
#perl Makefile.PL
#make
#make test
#make install

安装rrdtool-1.2.26
#tar zxvf rrdtool-1.2.26.tar.gz
#cd rrdtool-1.2.26
#./configure --prefix=/usr/local/rrdtool
#make
#make install

创建必要的符号链接(Extman会到这些路径下找相关的库文件)
#ln -sv /usr/local/rrdtool/lib/perl/5.8.8/i386-linux-thread-multi/auto/RRDs/RRDs.so   /usr/lib/perl5/5.8.8/i386-linux-thread-multi/
#ln -sv /usr/local/rrdtool/lib/perl/5.8.8/RRDp.pm   /usr/lib/perl5/5.8.8
#ln -sv /usr/local/rrdtool/lib/perl/5.8.8/i386-linux-thread-multi/RRDs.pm   /usr/lib/perl5/5.8.8

复制mailgraph_ext到/usr/local,并启动之
# cp -r /var/www/extsuite/extman/addon/mailgraph_ext  /usr/local 
# /usr/local/mailgraph_ext/mailgraph-init  start
# /usr/local/mailgraph_ext/qmonitor-init  start

添加到自动启动队列
echo "/usr/local/mailgraph_ext/mailgraph-init start" >> /etc/rc.local
echo "/usr/local/mailgraph_ext/qmonitor-init start" >> /etc/rc.local


注意:安装以上软件所之前,请确保您的系统已经安装了tcl、tcl-devel、freetype、freetype-devel、 libart_lgpl和libart_lgpl-devel等相关的软件包



9)开启Apache/Mysql/Bind,并让他们自启动
[root@mailtest /]# chkconfig --level 2345 httpd on
[root@mailtest /]# chkconfig --level 2345 mysqld on
[root@mailtest /]# chkconfig --level 2345 named on
[root@mailtest /]# service httpd start
[root@mailtest /]# service mysqld start
[root@mailtest /]# service named start



10)安装反垃圾SpamAssassin
安装系统自带的spamassassin包


11)安装反病毒Clamav
从下面的网站下载clamav
http://www.clamav.net/download

[root@mail ~]# groupadd clamav
[root@mail ~]# useradd -g clamav -s /bin/nologin -c "Clam AntiVirus" clamav
[root@mail ~]# mkdir /etc/clamav
[root@mail ~]# chown -R clamav.clamav  /etc/clamav

[root@mail ~]# tar zxvf clamav-0.91.2.tar.gz
[root@mail clamav-0.91.2]# cd clamav-0.91.2
[root@mail clamav-0.91.2]# ./configure --sysconfdir=/etc/clamav
[root@mail clamav-0.91.2]# make
[root@mail clamav-0.91.2]# make install

配置clamav的主配置文件
#vi /etc/clamav/clamd.conf
请先将文件中的 Example 这行删除掉或在其前面加上 # 注释掉
去掉注释或更改下面行的值
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 2M
PidFile /home/clamav/clamd.pid
DatabaseDirectory /usr/local/share/clamav
LocalSocket /home/clamav/clamd.sock
ScanMail yes
ScanArchive yes
ArchiveMaxFiles 1000
MaxThreads 200
MaxDirectoryRecursion 15
User clamav
这样 clamav 就基本可以工作了

接下来要下载病毒资料库
首先编辑 /etc/clamav/freshclam.conf 文件
[root@mail clamav-0.91.2]#  vi /etc/clamav/freshclam.conf
请先将文件中的 Example 这行删除掉或在其前面加上 # 注释掉
去掉次行注释并修改为  UpdateLogFile /var/log/clamav/freshclam.log


在 DatabaseMirror database.clamav.net 行下面在加入几个地址,更多地址请参考文档 clamav.pdf
DatabaseMirror clamav.inet6.fr
DatabaseMirror clamav.netopia.pt
DatabaseMirror clamav.sonic.net


这样该文件就可以了。若升级数据库时无法连接就注释掉DatabaseMirror database.clamav.net 行,留下剩下的行.
下 面生成/var/log/freshclam.log 文件
[root@mail clamav-0.91.2]# mkdir /var/log/clamav
touch /var/log/clamav/clamd.log
touch /var/log/clamav/freshclam.log
chmod 600 /var/log/clamav/freshclam.log
chmod 600 /var/log/clamav/clamd.log
chown clamav /var/log/clamav/clamd.log
chown clamav /var/log/clamav/freshclam.log


运行数据库的更新
[root@mail clamav-0.91.2]#  freshclam -d -c 2   (-d 选项为该命令以 daemon 方式运行 -c 2 这个选项的意思是每天检查2次数据库更新)
[root@mail clamav-0.91.2]#  freshclam --quiet --stdout 手动更新数据库


更新结束后请到 /usr/src/clamav-0.91.2/test 目录下检查数据库里所认知的病毒数量
执行 clamscan test


建议用户做成启动脚本
/etc/rc3.d/S91clamav 内容如下:
/usr/local/bin/freshclam -d -c 2
/usr/local/sbin/clamd


12)安装MailScanner
MailScanner-4.65.3-1.rpm.tar.gz
tar -zvxf MailScanner-4.65.3-1.rpm.tar.gz
cd
./install.sh


可以将里面的src.rpm用rpmbuild --rebuild **.src.rpm
然后到/usr/src/redhat /RPMS/noarch去安装生成的rpm包


建立Mailscanner支持spamassassin所需的目录:
# mkdir /var/spool/MailScanner/spamassassin
# chmod 700 /var/spool/MailScanner/spamassassin
# chown postfix.postfix /var/spool/MailScanner/spamassassin

修改spamassassin的配置文件
vi /etc/mail/spamassassin/local.cf
# How many hits before a message is considered spam.
required_hits           5.0
# Text to prepend to subject if rewrite_subject is used
rewrite_header Subject             *****SPAM*****
# Encapsulate spam in an attachment
report_safe             1
# Enable the Bayes system
use_bayes               1
# Enable or disable network checks
skip_rbl_checks         1
use_razor2              0
use_pyzor               0
# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales              all


修改MailScanner.conf
# vi /etc/MailScanner/MailScanner.conf
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Virus Scanners = clamav
Always Include SpamAssassin Report = yes
Use SpamAssassin = yes
Required SpamAssassin Score = 4
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamAssassin Install Prefix = /usr/bin
SpamAssassin Local Rules Dir = /etc/MailScanner


#我在最新的mailscanner上安装,需要将SpamAssassin Local Rules Dir = /etc/MailScanner设置为/etc/mail/spamassassin,否则maillog里面每5秒出现启动mailscanner的 日志,所有的邮件都在队列里面

修改 postfix支持mailscanner
# vi /etc/postfix/main.cf
变更以下的值
header_checks = regexp:/etc/postfix/header_checks
# vi /etc/postfix/header_checks
/^Received:/ HOLD
注意, 在 / 之前不可以有空白!

变更目录权限
# chown postfix.postfix /var/spool/MailScanner/incoming
# chown postfix.postfix /var/spool/MailScanner/quarantine
停止postfix执行、 启动MailScanner
# service postfix stop
# chkconfig postfix off
# service MailScanner start
设定MailScanner,当MTA = postfix时,会自己启动postfix,如有设定启动postfix的请先将它停掉
定期更新病毒定义文件
# crontab -e
0 4 * * * /usr/local/bin/freshclam


FAQ
1)进入postfixadmin的管理页面出现下面的警告提示
Warning: Magic Quotes: OFF (using internal function!)
postfixadmin 2.1有这个警告
最新的版本2.2默认是要关 闭这个的(也即默认是OK)


要想2.1版本消除这个警告,修改/etc/php.ini文件
[root@mailtest /]# vi /etc/php.ini
; Magic quotes for incoming GET/POST/Cookie data.
#magic_quotes_gpc = Off
magic_quotes_gpc = On 《==打开这一个就可以消除警告

; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off
magic_quotes_runtime = On


2)如何显示dovecot的所有配置
[root@mailtest ~]# dovecot -a


3)如何显示postfix的所有配置
[root@mailtest ~]# postconf -n


4)如何检查配置文件是否正确
[root@mailtest ~]# postfix check
这个检查程序秉持“没有 消息就是好消息”的Unix优良传统,如果你的系统一切无误,它不会出现任何信息;否则,它会将查出来的问题显示在屏幕上,并同时记录在日志文件里。


5)检查日志
[root@mailtest ~]# egrep '(reject|warning|error|fatal|panic):' /var/log/maillog

6)/var/log/maillog出现下面的
Nov 19 12:06:00 mailtest postfix/smtpd[2055]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled

修改alias_maps,去掉nis:mail.aliases
[root@mailtest postfix]# postconf -v |grep nis
alias_maps = hash:/etc/aliases, nis:mail.aliases


7)在postfix中配置RBL/CBL
reject_rbl_client cbl.anti-spam.org.cn=127.0.8.2
reject_rbl_client cdl.anti-spam.org.cn=127.0.8.4
reject_rbl_client cblplus.anti-spam.org.cn=127.0.8.6
reject_rbl_client cblless.anti-spam.org.cn=127.0.8.5



reject_rbl_client cbl.anti-spam.org.cn   #CBL 服务器 具体请看anti-spam.org.cn
可以用多个 reject_rbl_client  分隔依次使用多个RBL



如果您想先测试一下RBL服务是否工作正常,可以在reject_maps_rbl指令和reject_rbl_client指令前加上 warning_if_reject来改变默认的拒绝动作为警告(警告信息会在邮件日志中看到)。等确认工作正常后再去掉警告指令



postfix 设置了RBL后无法收到邮件 退信内容
Non-authoritative answer
Recursive queries supported by this server
Query for 5.209.96.202.sbl.spamhaus.org type=255 class=1
这是因为设置了RBL后没有加验证码需要修改 main.cf  在 cbl.anti-spam.org.cn后加入验证码
        reject_rbl_client cbl.anti-spam.org.cn=127.0.8.2
        reject_rbl_client cdl.anti-spam.org.cn=127.0.8.4
        reject_rbl_client cblplus.anti-spam.org.cn=127.0.8.6
        reject_rbl_client cblless.anti-spam.org.cn=127.0.8.5
然后重新加载服务 /etc/init.d/postfix reload


加入
smtpd_client_restrictions = permit_sasl_authenticated,
  reject_rbl_client cbl.abuseat.org,
  reject_rbl_client bl.spamcop.net,
  reject_rbl_client zen.spamhaus.org,
  reject_rbl_client cblless.anti-spam.org.cn,
  reject_rbl_client dsn.rfc-ignorant.org,
  reject_rbl_client relays.ordb.org

垃圾邮件就大大减少了。呵呵!

CBL/CDL/CBL+/CBL-的配置参数

名称   地址                            测试地址                              返回状态码
CBL  cbl.anti-spam.org.cn   2.0.0.127.cbl.anti-spam.org.cn.  127.0.8.2
CDL  cdl.anti-spam.org.cn   0.0.0.240.cdl.anti-spam.org.cn.  127.0.8.4
CBL+  cblplus.anti-spam.org.cn  2.0.0.127.cblplus.anti-spam.org.cn.  127.0.8.6
CBL-  cblless.anti-spam.org.cn  2.0.0.127.cblless.anti-spam.org.cn.  127.0.8.5

CBL+ --是CBL和CDL的合集
CBL- --是CBL+中去掉了全部的CML
BML    --大型邮件运营商列表会影响到我们的CBL/CBL+/CBL-等黑名单的IP地址的收录
TML  --可信邮件服务器地址,不属于主要邮件运营商,但在反垃圾邮件方面做过切实工作,并能积极响应垃圾邮件投诉的邮件服务器地址。加入TML可以邮件服务器 不但可确保不会被加入到CBL-中,而且可以确保意外发生的一些垃圾邮件发送并不会导致您的邮件发送被阻


8)如何让Postfix直接支持SpamAssassin
在/etc/postfix/master.cf中添加下面倒数3行
smtp      inet  n       -       n       -       -       smtpd
 -o content_filter=spamassassin
spamassassin unix  -       n       n       -       -       pipe
 user=nobody argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}


9)如何利用sendmail的mailer支持postfix
smtp      inet  n       -       n       -       -       smtpd -o content_filter=clamav
clamav    unix  -       n       n       -       -       pipe 
 flags=R user=clamav argv=/usr/local/bin/clamfilter -F -f ${sender} -- ${recipient}


10)如何用MySQL做postfix的后台
如本例


11)如何用OpenLDAP做后台,
需下面的perl模块支持
perl-XML-NamespaceSupport-1.09-1.2.1.noarch.rpm
perl-XML-SAX-0.14-5.noarch.rpm
perl-Convert-ASN1-0.20-1.1.noarch.rpm
perl-LDAP-0.33-3.fc6.noarch.rpm        


[root@mailtest ldap]# cat /etc/dovecot-ldap.conf
hosts = 10.10.119.204:389
dn = cn=Manager,dc=extmail.org
dnpass = 123456
ldap_version = 3
base =  o=extmailAccount,dc=extmail.org
deref = never
scope = subtree
user_attrs = mail,homeDirectory,,,uidNumber,gidNumber
user_filter = (&(objectClass=extmailUser)(mail=%u)(active=1))
pass_attrs = mail,userPassword
pass_filter = (&(objectClass=extmailUser)(mail=%u)(active=1))
default_pass_scheme = CRYPT
user_global_uid = postfix
user_global_gid = postfix
auth_bind = yes



[root@mailtest docs]# cat ldap_virtual_alias_maps.cf
server_host = localhost
search_base = o=extmailAlias,dc=extmail.org
query_filter = (&(objectClass=extmailAlias)(mailLocalAddress=%s)(active=1))
result_attribute = mail
cache = no
bind = no
scope = sub


[root@mailtest docs]# cat ldap_virtual_domains_maps.cf
server_host = localhost
search_base = o=extmailAccount,dc=extmail.org
query_filter = (&(objectClass=extmailDomain)(virtualDomain=%s)(active=1))
result_attribute = virtualDomain
cache = no
bind = no
scope = sub

[root@mailtest docs]# cat ldap_virtual_mailbox_maps.cf
server_host = localhost
search_base = o=extmailAccount,dc=extmail.org
query_filter = (&(objectClass=extmailUser)(mail=%s)(active=1))
result_attribute = mailMessageStore
cache = no
bind = no
scope = sub


[root@mailtest docs]# cat ldap_virtual_limit_maps.cf
server_host = localhost
search_base = o=extmailAccount,dc=extmail.org
query_filter = (&(objectClass=extmailUser)(mail=%s)(active=1))
result_attribute = mailQuota
cache = no
bind = no
scope = sub


然后修改/etc/postfix/main.cf中相关的mysql为ldap
并配置ectmail/extman的配置参数文件 webmail.cf为ldap认证和相关参数


参数
sender_bcc_maps=hash:/etc/postfix/sender_maps
recipient_bcc_maps=hash:/etc/postfix/recipient_maps