/ 中存储网

FreeBSD7.0系统中安装配置postfix邮件服务器过程

2014-07-13 20:23:19 来源:中存储网
安装了3次,终于根据官网整理出来了自己的安装文档:
一、安装要用的软件
1.freebsd
2.php+mysql
3.ExtMan–>Web帐户管理后台
4.courier-imap–>Courier-IMAP是一个提供POP3、IMAP服务的程序,能够很方便的配置使其支持加密协议POP3s、IMAPs
5.Postfix–>MTA在邮件系统中处于非常重要的位置,他负责接收其他人给你发的信,并且负责把你的信转发到目的地
6.Maildrop–>MDA-邮件分发代理。他从MTA那儿拿到信,然后存入您的邮箱里面并进行过滤
7.apache配置
8.Extmail–>支持多语言、全部模板化,功能基本齐全
extmail依耐软件–>图形日志
cd /usr/ports/databases/rrdtool && make install clean
cd /usr/ports/devel/p5-File-Tail && make install clean
cd /usr/ports/devel/p5-Time-HiRes && make install clean
9.amavisd-new–>内容/病毒过虑
10.clamav–>Clamav是一个比较好的杀毒程序,他被amavisd调用,可以查杀所有常见的病毒
11.mailman–>Mailman是一个比较好的邮件列表程序,功能非常强大,提供完美的Web端,权限可以分散管理
二、安装前准备
1.更新ports
2.编译内核
3.增加一个存储邮件的帐号和组(vmail)
执行如下命令
pw group add vmail -g 1000
pw user add vmail -u 1000 -g 1000 -s /sbin/nologin -d /dev/null
4.给test用户创建路径,需要一个测试帐号test@extmail.org,需要准备该账号的路径
mkdir -p /maildata/domains/extmail.org/test/Maildir/new
mkdir -p /maildata/domains/extmail.org/test/Maildir/cur
mkdir -p /maildata/domains/extmail.org/test/Maildir/tmp
chown -R vmail:vmail /maildata/domains/
chmod -R 700 /maildata/domains/
三、安装ExtMan
由于在安装过程中要使用ExtMan里面带的文件,因此在此先安装ExtMan。安装时根据个人需要选择MySQL
cd /usr/ports/mail/extman/ && make config && make install clean
四、安装配置courier-imap POP3/IMAP
cd /usr/ports/mail/courier-imap/ && make config && make install clean
安装时选择(如果你使用MySQL认证,则选择AUTH_MYSQL): TRASHQUOTA AUTH_MYSQL
1.Authlib的配置
启动authdaemond: /usr/local/etc/rc.d/courier-authdaemond start
authdaemond启动完成后,检查/var/run/authdaemond下面是否产生 socket  文件
拷贝一份配置文件 cp /usr/local/etc/authlib/authdaemonrc /usr/local/etc/authlib/authdaemonrc.bak
(1).编辑ee /usr/local/etc/authlib/authdaemonrc文件,内容类似如下:
authmodulelist=”authmysql”
authmodulelistorig=”authmysql”
version=”authdaemond.mysql”
daemons=5
authdaemonvar=/var/run/authdaemond
subsystem=mail
DEBUG_LOGIN=0
DEFAULTOPTIONS=”wbnodsn=1″
LOGGEROPTS=”"
增加/var/run/authdaemond的执行权限:chmod +x /var/run/authdaemond
拷贝一份配置文件 cp /usr/local/etc/authlib/authmysqlrc /usr/local/etc/authlib/authmysqlrc.bak
(2).编辑ee /usr/local/etc/authlib/authmysqlrc文件,内容类似如下:
MYSQL_SERVER localhost
MYSQL_USERNAME extmail
MYSQL_PASSWORD extmail
MYSQL_PORT 0
MYSQL_OPT 0
MYSQL_DATABASE extmail
MYSQL_SELECT_CLAUSE SELECT username,password,”",uidnumber,gidnumber,
CONCAT(’/maildata/domains/’,homedir),
CONCAT(’/maildata/domains/’,maildir),
quota,
name
FROM mailbox
WHERE username = ‘$(local_part)@$(domain)’
2.配置支持POP3s
拷贝一份配置文件 cp /usr/local/etc/courier-imap/pop3d.cnf.dist /usr/local/etc/courier-imap/pop3d.cnf
编辑 ee /usr/local/etc/courier-imap/pop3d.cnf文件,内容类似如下:
RANDFILE = /usr/local/share/courier-imap/pop3d.rand
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
C=CN
ST=BJ
L=Bei Jing
O=BeingLAN Mail Server
OU=BeingLAN
CN=beinglan
emailAddress=entere@126.com
[ cert_type ]
nsCertType = server
执行如下命令产生供POP3s使用的证书 /usr/local/sbin/mkpop3dcert
3.配置支持IMAPs
拷贝一份配置文件 cp /usr/local/etc/courier-imap/imapd.cnf.dist /usr/local/etc/courier-imap/imapd.cnf
编辑 ee /usr/local/etc/courier-imap/imapd.cnf文件,内容类似如下:
RANDFILE = /usr/local/share/courier-imap/imapd.rand
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
C=CN
ST=BJ
L=Bei Jing
O=BeingLAN
OU=BeingLAN
CN=beinglan
emailAddress=entere@126.com
[ cert_type ]
nsCertType = server
执行如下命令产生供POP3s使用的证书 /usr/local/sbin/mkimapdcert
4.配置自动启动
编辑/etc/rc.conf文件,添加如下行:
courier_authdaemond_enable=”YES”
courier_imap_pop3d_enable=”YES”
courier_imap_imapd_enable=”YES”
courier_imap_pop3d_ssl_enable=”YES”
courier_imap_imapd_ssl_enable=”YES”
这5行的作用分别是在开机时:启动authdaemond,启动pop3d,启动imapd,启动pop3d-ssl,启动imapd-ssl
也可以使用命令行来控制这些进程的启动或者停止:
/usr/local/etc/rc.d/courier-authdaemond start/stop
/usr/local/etc/rc.d/courier-imap-pop3d start/stop
/usr/local/etc/rc.d/courier-imap-imapd start/stop
/usr/local/etc/rc.d/courier-imap-pop3d-ssl start/stop
/usr/local/etc/rc.d/courier-imap-imapd-ssl start/stop
五、安装和配置Postfix-MTA
注:可在此之前安装cyrus-sasl2->SMTP认证库
cd /usr/ports/security/cyrus-sasl2 && make install WITH_AUTHDAEMON=yes
cd /usr/ports/mail/postfix/ && make config  && make install clean
安装时选择(如果你使用MySQL验证,可以选择MYSQL):PCRE SASL2 TLS MYSQL VDA TEST
Would you like me to add it [y]?y
Would you like to activate Postfix in /etc/mail/mailer.conf [n]? n
1.配置postfix
编辑/etc/rc.conf,增加如下一行:postfix_enable=”YES”
编辑/etc/aliases,确保有如下一行:postfix: root
替换掉系统带的sendmail程序:
mv /usr/sbin/sendmail /usr/sbin/sendmail.bak
cp /usr/local/sbin/sendmail /usr/sbin/sendmail
编辑/etc/periodic.conf,加入如下内容,禁掉sendmail的自动维护。
daily_clean_hoststat_enable=”NO”
daily_status_mail_rejects_enable=”NO”
daily_status_include_submit_mailq=”NO”
daily_submit_queuerun=”NO”
执行如下命令:
postalias /etc/aliases
chown postfix:postfix /etc/opiekeys
postconf -e ‘mydomain = extmail.org’
postconf -e ‘myhostname = mail.extmail.org’
postconf -e ‘myorigin = $mydomain’
postconf -e ‘virtual_mailbox_base = /maildata/domains’
postconf -e ‘virtual_uid_maps=static:1000′
postconf -e ‘virtual_gid_maps=static:1000′
执行如下命令对查询表进行配置:
cp /usr/local/www/extman/docs/mysql_virtual_* /usr/local/etc/postfix/
/usr/local/sbin/postconf -e ‘virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf’
/usr/local/sbin/postconf -e ‘virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf’
/usr/local/sbin/postconf -e ‘virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf’
/usr/local/sbin/postconf -e ‘virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf’
/usr/local/sbin/postconf -e ‘virtual_mailbox_limit_override = yes’
/usr/local/sbin/postconf -e ‘virtual_maildir_limit_message = Sorry,theuser’s Maildir has overdrawn his diskspace quota,tray again later’
2.SMTP认证设置
创建/usr/local/lib/sasl2/smtpd.conf  并加入下面的内容,注意最后一行不要有空格或tab键
pwcheck_method:authdaemond
log_level:3
mech_list:PLAIN LOGIN
authdaemond_path:/var/run/authdaemond/socket
对postfix做如下配置使支持smtp认证
/usr/local/sbin/postconf -e ’smtpd_sasl_auth_enable = yes’
/usr/local/sbin/postconf -e ‘broken_sasl_auth_clients = yes’
/usr/local/sbin/postconf -e ’smtpd_sasl_local_domain = $myhostname’
3.postfix反垃圾设置
此处的反垃圾邮件只是在MTA级的一些预防垃圾邮件的设置,可根据实际情况以及自己的需要进行调整
/usr/local/sbin/postconf -e ’smtpd_helo_required=yes’
/usr/local/sbin/postconf -e ’smtpd_delay_reject=yes’
/usr/local/sbin/postconf -e ‘disable_vrfy_command=yes’
/usr/local/sbin/postconf -e ’smtpd_client_restrictions = check_client_access hash:/usr/local/etc/postfix/client_access’
/usr/local/sbin/postconf -e’smtpd_helo_restrictions=reject_invalid_hostname,check_helo_accesshash:/usr/local/etc/postfix/helo_access’
/usr/local/sbin/postconf -e ’smtpd_sender_restrictions=permit_mynetworks,reject_sender_login_mismatch,reject_authenticated_sender_login_mismatch,reject_unauthenticated_sender_login_mismatchreject_non_fqdn_sender,reject_unknown_sender_domain, check_sender_accesshash:/usr/local/etc/postfix/sender_access’
/usr/local/sbin/postconf -e’smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated, reject_unauth_destination,reject_non_fqdn_recipient, reject_unknown_recipient_domain’
/usr/local/sbin/postconf -e ’smtpd_data_restrictions=reject_unauth_pipelining’
/usr/local/sbin/postconf -e ‘header_checks = regexp:/usr/local/etc/postfix/head_checks’
/usr/local/sbin/postconf -e ‘body_checks = regexp:/usr/local/etc/postfix/body_checks’
touch /usr/local/etc/postfix/head_checks
touch /usr/local/etc/postfix/body_checks
touch /usr/local/etc/postfix/client_access
touch /usr/local/etc/postfix/sender_access
touch /usr/local/etc/postfix/helo_access
/usr/local/sbin/postmap /usr/local/etc/postfix/head_checks
/usr/local/sbin/postmap /usr/local/etc/postfix/body_checks
/usr/local/sbin/postmap /usr/local/etc/postfix/client_access
/usr/local/sbin/postmap /usr/local/etc/postfix/sender_access
/usr/local/sbin/postmap /usr/local/etc/postfix/helo_access
4.设置支持 TLS 建议安装 openssl  稳定版以减少出错的机率 [可以不配置]
生成证书,在这里默认私钥的访问密码为123qwe98,请根据自己的情况决定,以后可能会用得到
执行下面的命令:
mkdir -p /usr/local/etc/postfix/certs/CA
cd /usr/local/etc/postfix/certs/CA
mkdir certs crl newcerts private
echo “01″ > serial
touch index.txt
cp /usr/src/crypto/openssl/apps/openssl.cnf .
编辑openssl.cnf,确认dir参数的值是/usr/local/etc/postfix/certs/CA。
然后继续执行如下命令,并根据情况输入信息。输入信息类似如下:
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BJ
Locality Name (eg, city) []:Bei Jing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Extmail
Organizational Unit Name (eg, section) []:extmail
Common Name (eg, YOUR name) []:extmail.org
Email Address []:entere@126.com
命令如下:
openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650 -config openssl.cnf
openssl req -nodes -new -x509 -keyout mykey.pem -out myreq.pem -days 3650 -config openssl.cnf
openssl x509 -x509toreq -in myreq.pem -signkey mykey.pem -out tmp.pem
openssl ca -config openssl.cnf -policy policy_anything -out mycert.pem -infiles tmp.pem
rm tmp.pem
cp cacert.pem mycert.pem mykey.pem /usr/local/etc/postfix/certs/
cd /usr/local/etc/postfix/certs/
chown root:wheel cacert.pem mycert.pem
chown root:postfix mykey.pem
chmod 755 cacert.pem
chmod 644 mycert.pem
chmod 440 mykey.pem
ln -s cacert.pem `openssl x509 -noout -hash
配置postfix支持TLS
postconf -e ’smtpd_use_tls=yes’
postconf -e ’smtpd_tls_auth_only=no’
postconf -e ’smtp_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem’
postconf -e ’smtp_tls_cert_file = /usr/local/etc/postfix/certs/mycert.pem’
postconf -e ’smtp_tls_key_file = /usr/local/etc/postfix/certs/mykey.pem’
postconf -e ’smtpd_tls_CAfile=/usr/local/etc/postfix/certs/cacert.pem’
postconf -e ’smtpd_tls_cert_file=/usr/local/etc/postfix/certs/mycert.pem’
postconf -e ’smtpd_tls_key_file=/usr/local/etc/postfix/certs/mykey.pem’
postconf -e ’smtpd_tls_received_header=yes’
postconf -e ’smtpd_tls_loglevel=3′
postconf -e ’smtpd_starttls_timeout=60s’
配置master.cf,添加如下信息:
smtps     inet  n       -       n       -       -       smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
六、安装和配置Maildrop-MDA
cd /usr/ports/mail/maildrop/ && make WITH_AUTHLIB=yes install clean
安装时选择mysql
1.修改master.cf的maildrop,类似修改为:
#maildrop  unix  -       n       n       -       -       pipe
#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
maildrop  unix  -       n       n       -       -       pipe
flags=DRhu user=vmail:vmail argv=/usr/local/bin/maildrop -w 90 -d ${recipient}
===========================
这里注意flags前面是有空格的
===========================
2.修改main.cf ee/usr/local/etc/postfix/main.cf
/usr/local/sbin/postconf -e ‘virtual_transport=maildrop:’
/usr/local/sbin/postconf -e ‘maildrop_destination_concurrency_limit=1′
/usr/local/sbin/postconf -e ‘maildrop_destination_recipient_limit=1′
3.编辑文件 ee /usr/local/etc/maildroprc 确保是如下内容:
logfile “/maildata/domains/maildrop.log”
#logfile “/var/log/maildrop.log”
TEST=”/bin/test -f”
#
# Check for custom user .mailfilter file
#
CUSTOM_FILTER=”$HOME/.mailfilter”
`$TEST $CUSTOM_FILTER && exit 1 || exit 0`
if ( $RETURNCODE == 0 )
{
to “$HOME/Maildir”
}
七、配置apache
1.修改apache的配置文件/usr/local/etc/apache22/httpd.conf,使apache运行时的权限为vmail:vmail
User vmail
Group vmail
2.虚拟主机配置编辑ee /usr/local/etc/apache22/Includes/extmail.conf
NameVirtualHost *:80
ServerName mail.beinglan.com
DocumentRoot /usr/local/www/extmail/html/
ScriptAlias /extmail/cgi /usr/local/www/extmail/cgi/
Alias /extmail /usr/local/www/extmail/html/
ScriptAlias /extman/cgi “/usr/local/www/extman/cgi/”
Alias /extman “/usr/local/www/extman/html/”
SetHandler cgi-script
Options +ExecCGI
AllowOverride All
AllowOverride None
Options None
Order allow,deny
Allow from all
# SuexecUserGroup gumail gumail
3.配置支持https [可不配置]
复制一份证书到apache的目录
mkdir /usr/local/etc/apache22/certs/
cp /usr/local/etc/postfix/certs/*.pem /usr/local/etc/apache22/certs/
编辑文件/usr/local/etc/apache22/Includes/extmail-ssl.conf,内容如下
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache        shmcb:/var/run/ssl_scache(512000)
SSLSessionCacheTimeout  300
SSLMutex  file:/var/run/ssl_mutex
DocumentRoot “/usr/local/www/extmail/html”
ServerName mail.extmail.org:443
ScriptAlias /extmail/cgi /usr/local/www/extmail/cgi/
Alias /extmail /usr/local/www/extmail/html/
ScriptAlias /extman/cgi “/usr/local/www/extman/cgi/”
Alias /extman “/usr/local/www/extman/html/”
ServerAdminchifeng@gmail.com
ErrorLog /var/log/httpd-error.log
TransferLog /var/log/httpd-access.log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
#SSLCertificateFile /usr/local/etc/apache22/server.crt
#SSLCertificateKeyFile /usr/local/etc/apache22/server.key
SSLCertificateFile /usr/local/etc/apache22/certs/mycert.pem
SSLCertificateKeyFile /usr/local/etc/apache22/certs/mykey.pem
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
BrowserMatch “.*MSIE.*”
nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
CustomLog /var/log/httpd-ssl_request.log
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x ”%r” %b”
#SuexecUserGroup vmail vmail
4.重起一下apache
/usr/local/etc/rc.d/apache22.sh restart
八、安装配置Extmail
安装不需要选择MySQL,LDAP,因为在安装ExtMan的时候已经把这些包装上了。
cd /usr/ports/mail/extmail && make install clean
1.配置extmail
cp /usr/local/www/extmail/webmail.cf.default /usr/local/www/extmail/webmail.cf
编辑/usr/local/www/extmail/webmail.cf,修改对应的参数如下
SYS_CONFIG = /usr/local/www/extmail/
SYS_LANGDIR = /usr/local/www/extmail/lang
SYS_TEMPLDIR = /usr/local/www/extmail/html
SYS_SESS_DIR = /var/tmp/extmail/
SYS_LOG_TYPE = file
SYS_USER_LANG = zh_CN
SYS_USER_CHARSET = utf-8
SYS_AUTH_TYPE = mysql
SYS_MAILDIR_BASE = /maildata/domains
SYS_mysql_BASE = dc=extmail.org
SYS_mysql_RDN = cn=Manager,dc=extmail.org
SYS_mysql_PASS = extmail
SYS_mysql_HOST = mysql.extmail.org
SYS_mysql_ATTR_USERNAME = mail
SYS_mysql_ATTR_DOMAIN = virtualDomain
SYS_mysql_ATTR_PASSWD = userPassword
SYS_mysql_ATTR_QUOTA = mailQuota
SYS_mysql_ATTR_NDQUOTA = netdiskQuota
SYS_mysql_ATTR_HOME = homeDirectory
SYS_mysql_ATTR_MAILDIR = mailMessageStore
执行如下命令
mkdir /var/tmp/extmail
chown vmail:vmail /var/tmp/extmail/
chmod 777 /var/tmp/extmail
touch /var/log/extmail.log
chown vmail:vmail /var/log/extmail.log
chown -R vmail:vmail /usr/local/www/extmail/
2.配置extman
cp /usr/local/www/extmail/webman.cf.default /usr/local/www/extmail/webman.cf
SYS_CONFIG = /usr/local/www/extman/
SYS_LANGDIR = /usr/local/www/extman/lang
SYS_TEMPLDIR = /usr/local/www/extman/html
SYS_MAILDIR_BASE = /maildata/domains
SYS_SESS_DIR = /var/tmp/extman/
SYS_PSIZE = 50
SYS_LANG = zh_CN
SYS_DEFAULT_MAXQUOTA = 10000
SYS_DEFAULT_MAXALIAS = 10000
SYS_DEFAULT_MAXUSERS = 1000
SYS_DEFAULT_MAXNDQUOTA = 100
SYS_BACKEND_TYPE = mysql
SYS_mysql_BASE = dc=extmail.org
SYS_mysql_RDN = cn=Manager,dc=extmail.org
SYS_mysql_PASS = webman
SYS_mysql_HOST = localhost
SYS_mysql_ATTR_USERNAME = mail
SYS_mysql_ATTR_PASSWD = userPassword
其他设置
执行如下命令
mkdir /var/tmp/extman/
chown –R vmail:vmail /var/tmp/extman/
chmod 777 /var/tmp/extman/
chmod 755 /usr/local/www/extman/webman.cf
unlink /usr/local/www/extman/libs/HTML/KTemplate.pm
cp /usr/local/www/extmail/libs/HTML/KTemplate.pm /usr/local/www/extman/libs/HTML/
九、配置图形日志
安装依赖软件
cd /usr/ports/databases/rrdtool && make install clean
cd /usr/ports/devel/p5-File-Tail && make install clean
cd /usr/ports/devel/p5-Time-HiRes && make install clean
安装mailgraph_ext
cp -Rfp /usr/local/www/extman/addon/mailgraph_ext/ /usr/local/mailgraph_ext
/usr/local/mailgraph_ext/mailgraph-init start
/usr/local/mailgraph_ext/qmonitor-init start
十、extmail数据库的导入
进入extmail的docs 目录,导入 msyql 数据
cd /usr/local/www/extman/docs
cd extman-0.2.4/docs/
/usr/local/bin/mysql -uroot -p
Enter password:
/usr/local/bin/mysql -uroot -p
Enter password:
默认密码root@extmail.orgextmail*123*
默认数据库位置/var/db/mysql/extmail
到目前为止,一个基本的邮件系统已经安装完成,他支持了smtp,pop3,imap,webmail。并且支持对应的SSL加密smtps,pop3s,imaps,https。
十一、内容/病毒过虑amavisd-new
cd /usr/ports/security/amavisd-new && make install clean
安装时选择 BDB MILTER SPAMASSASSIN FILE RAR UNRAR ARJ LHA ARC CAB RPM ZOO UNZOO LZOP FREEZE P7ZIP
1.修改/etc/rc.conf增加如下一行,系统启动时自动运行amavisd
amavisd_enable=”YES”
spamd_enable=”YES”
2.配置amavisd.conf   修改 ee /usr/local/etc/amavisd.conf文件中对应的选项,如下
$max_servers = 10;
$sa_spam_subject_tag = ‘[SPAM] ‘;
$mydomain = ‘extmail.org’;
$myhostname = ‘extmail.org’;
@local_domains_maps = qw(.);
$sa_tag_level_deflt = undef;
$sa_tag2_level_deflt = 5.0;
$sa_kill_level_deflt = 5.0;
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_DISCARD;
$virus_admin = “postmaster@$mydomain”;
$mailfrom_notify_admin = “postmaster@$mydomain”;
$mailfrom_notify_recip = “postmaster@$mydomain”;
$mailfrom_notify_spamadmin = “postmaster@$mydomain”;
@whitelist_sender_maps = read_hash(”$MYHOME/white.lst”);
@blacklist_sender_maps = read_hash(”$MYHOME/black.lst”);
$spam_quarantine_to = “spam@$mydomain”;
$virus_quarantine_to = “virus@$mydomain”;
$banned_quarantine_to = “spam@$mydomain”;
$hdrfrom_notify_admin = “Content Filter “;
执行如下操作
touch /var/amavis/white.txt
touch /var/amavis/black.txt
chown –R vscan:vscan /var/amavis/
3. 配置postfix对amavisd-new的支持  修改ee /usr/local/etc/postfix/master.cf 增加如下内容
smtp-amavis unix – - n – 4 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
========================
注意哦,这里也是有空格的
========================
127.0.0.1:10025 inet n – n – - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o receive_override_options=
========================
注意哦,这里也是有空格的
========================
修改content_filter,receive_override_options这两项,禁止地址展开/影射,否则遇到别名时会产生冗余邮件。但是打开这一项receive_override_options后会和邮件列表程序相冲突,导致邮件列表的aliases不能打开。:(所以如果使用了邮件列表,则不要设置receive_override_options这一项。
postconf -e ‘content_filter = smtp-amavis:[localhost]:10024′
postconf -e ‘receive_override_options = no_address_mappings’
十二、安装配置clamav Clamav是一个比较好的杀毒程序,他被amavisd调用
cd /usr/ports/security/clamav && make install clean
安装时选择 ARC ARJ LHA UNZOO UNRAR
1.修改配置文件
编辑/usr/local/etc/clamd.conf
User vscan
编辑/usr/local/etc/freshclam.conf
DatabaseOwner vscan
修改/etc/rc.conf增加两行
clamav_clamd_enable=”YES”
clamav_freshclam_enable=”YES”
2.修改/usr/local/etc/amavisd.conf,增加如下内容,使amavis-new对clamav的支持
['ClamAV-clamd',
&ask_daemon, ["CONTSCAN {}n", "/var/run/clamav/clamd"],
qr/bOK$/, qr/bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
3.修改权限设置
chown –R vscan:vscan /var/run/clamav/
chown –R vscan:vscan /var/log/clamav/
chown –R vscan:vscan /var/db/clamav/
4.启动clamav。clamav有2个daemon需要启动,一个是用来查病毒的clamd,另外一个是用来更新病毒库的freshclam,他们分别通过如下脚本启动。
/usr/local/etc/rc.d/clamav-clamd start
/usr/local/etc/rc.d/clamav-freshclam start
5.配置Spamassassin 开源软件中最好的内容过滤程序,做内容过滤的必选。[可以不配]
cp /usr/local/etc/mail/spamassassin/local.cf.sample /usr/local/etc/mail/spamassassin/local.cf
修改/usr/local/etc/mail/spamassassin/local.cf
report_safe             1
use_bayes               0
auto_learn              0
bayes_auto_expire       1
skip_rbl_checks         1
use_razor2              0
use_dcc                 0
use_pyzor               0
dns_available           no
lock_method             flock
使用Chinese_rules.cf
fetch得到这个规则后可以看到,他从2006年10月2日以来,都没有再更新过了,因此是否仍然使用该规则取决于您自己。如果仍然想继续使用,按照如下的操作即可。
-rw-r–r– 1 root wheel 55342 Oct 2 2006 Chinese_rules.cf
编辑脚本/var/cron/sa.sh
#!/bin/sh
cd /tmp/
fetch -qhttp://www.ccert.edu.cn/spam/sa/Chinese_rules.cf
mv Chinese_rules.cf /usr/local/share/spamassassin/
/usr/local/etc/rc.d/amavisd forcerestart > /dev/null
增加执行权限
chmod +x /var/cron/sa.sh
编辑/etc/crontab,增加一行如下,每周6执行一次
0 0 * * 6 root /var/cron/sa.sh
6.可以通过如下脚本来启动他们
/usr/local/etc/rc.d/clamav-clamd restart
/usr/local/etc/rc.d/amavisd restart
/usr/local/etc/rc.d/postfix restart
十三、安装邮件列表软件mailman
Mailman是一个比较好的邮件列表程序,功能非常强大,提供完美的Web端,权限可以分散管理,多个开源组织都在使用。
cd /usr/ports/mail/mailman && make MAIL_GID=mailman CGI_GID=vmail install clean
安装时选择:POSTFIX CHINESE
1.配置/etc/rc.conf 增加一行: mailman_enable=”YES”
2.配置postfix支持
touch /usr/local/mailman/data/aliases
touch /usr/local/mailman/data/virtual-mailman
/usr/local/sbin/postconf -e ‘recipient_delimiter=+’
/usr/local/sbin/postconf -e ‘alias_maps=hash:/etc/aliases, hash:/usr/local/mailman/data/aliases’
postalias /usr/local/mailman/data/aliases
/usr/local/sbin/postconf -e ‘virtual_alias_maps =mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf,hash:/usr/local/mailman/data/virtual-mailman’
postalias /usr/local/mailman/data/aliases
postmap /usr/local/mailman/data/virtual-mailman
/usr/local/sbin/postconf -e ‘default_privs = mailman’
postfix reload
3.配置mailman
cd /usr/local/mailman
/usr/local/mailman/bin/genaliases
chown -R gumail:mailman /usr/local/mailman/data/aliases*
chown -R gumail:mailman /usr/local/mailman/data/virtual-mailman*
chmod 664 /usr/local/mailman/data/aliases*
chmod 664 /usr/local/mailman/data/virtual-mailman*
cp -Rfp icons/ cgi-bin/icons