开源中文网

您的位置: 首页 > FreeBSD > 正文

在FreeBSD 上组建ISP级的邮件系统

来源:  作者:

软件简介:

所需软件 软件作用
FreeBSD 提供稳定的操作
postfix MTA邮件系统传输代理
MySQL 后台数据库
Cyrus-SASL2 发信认证
Courier-IMAP 提供POP3/IMAP服务
maildrop MDA 邮件投递代理
amavisd-new 提供内容过滤,调用clamav杀毒,调用spamassassin进行邮件评分
clamav 杀毒
Extman 后台用户管理
ExtMail 一个高效率的webmail

 

作者:冯勇 fengyongchuang # yahoo.com.cn (≠&键盘人生$:71633908)

日期:2006-03-09

技术支持网站:www.extmail.org

 

QQ群:

网管之家: 5929685
网管之家-UNIX:3791457
Extmail 群/postfix 1: 6769767
Extmail 群/postfix 2: 18051473

版权所有,复制或转载时请保留作者信息。尊重他人的劳动成果就等于尊重自己。

如有问题请到下面网址提问:

http://www.extmail.org/forum/archive/2/0603/1216.html

 

前言

1、感谢HZQBBC 多年来的帮助,让我对LINUX /UNIX 有所了解。

3、本文通过一步一个软件,一个软件一次性设置的方式让你了解如何组建一个邮件系统。

4、建议:良好的电脑基础会使你事半功倍,至少你要明白互联网上的一些常用服务的原理,如:web/ftp/dns/mail(mta/mua/mda)及了解什么是TCP/IP协议。

5、如果对BSD 操作不熟建议看Freebsd 的Handbook。

http://cnsnap.cn.freebsd.org/doc/zh_CN.GB2312/books/handbook/index.html

6、如果英文不太好请建议使用IBM 智能词典。

http://www.google.com/search?hl=zh-CN&q=IBM%E6%99%BA%E8%83%BD%E8%AF%8D%E5%85%B8&lr=

7、要多想多做多动脑,要懂得如何去使用google/baidu 寻找你需要的东西,可能你遇到的问题人家已经遇过并解决了。

8、认真观察安装过程、日志文件是寻找错误的关键。

9、古语云:冰冻三尺非一日之寒,当你第N 次安装失败时,千万别恢心,成功往往就与你擦肩而过。回头认真看文档,回想自己的操作,整理好思路。相信自己一定会成功。

10、FreeBSD 通过ports 安装总是花上不少时间在下载文件及编译, 建议你多喝水或为自己准备一杯咖啡,编译的时候走走运动一下也是个不错的主意。

更新:

1、接上编<Freebsd 6.0 +Postfix + MySQL+Cyrus-SASL2 +Courier-IMAP + Clamav+Mailscanner+Extman+Extmail>对内容进行了修改。

2、把mailscanner 换成amavisd-new。

3、增加了maildrop 作为邮件的投递代理。

4、更详细的安装过程。

5、以HTML 方式发布,方便兄弟们复制命令。

6、去掉了zend/ftp/openssl 的安装 。

7、加入了atni-spam.org.cn 的cdl服务 从而更有效拒绝垃圾邮件。

8、修正文中多处语言上的错误,并对网页进行简单的美工(2007-05-01)。

 

快速索引

一、设置你的DNS

二、安装Freebsd

三、安装mysql

四、安装apahce

五、安装邮件系统

六、测试系统

七、安装反垃圾邮件

八、安装extmail/extman

 

 

一、设置你的DNS

很多人经常问为什么我的邮件服务器向163.com /sina.com/yahoo.com.cn...都能收到,为什么回复的邮件却收不到,原因很简单,因为这些服务器不能找到你的域名的A记录或MX 记录。很多人在安装时使用的域都是不合法的域名,即未经注册的DNS FQDN(完全限定名)。如果你没有申请合法的域名,可以到 comexe.cn 3322.org 申请一个动态域名来收发邮件。

本例中以 extmail.org 这个域为例 ,主机名为mail ,邮件服务器建立在DDNS 之上。
打开windows 的CMD 使用nslookup 查询extmail.org 的MX记录,如果你自己拥有固定IP可以创建自己的DNS,如果你使用的是新网或其它域名供应商,进入后台添加一个记录即可,供体参考DNS 相关的内容。

 
C:\>nslookup -type=mx extmail.org 221.4.66.66
Server:  ns2.cnc-gd.net
Address:  221.4.66.66

DNS request timed out.
    timeout was 2 seconds.
Non-authoritative answer:
extmail.org     MX preference = 20, mail exchanger = mx.extmail.org

extmail.org     nameserver = ns2.xinnetdns.com
extmail.org     nameserver = ns.xinnet.cn
extmail.org     nameserver = ns.xinnetdns.com
extmail.org     nameserver = ns2.xinnet.cn
mx.extmail.org  internet address = 210.21.119.139
ns.xinnet.cn    internet address = 210.51.171.209
ns.xinnetdns.com        internet address = 210.51.170.66
ns2.xinnet.cn   internet address = 210.51.170.67
ns2.xinnetdns.com       internet address = 210.51.170.67

作为windows 高手的你,这点小事难不到你吧 。

二、安装Freebsd

A、系统分区

很多人在使用自己的作业系统时,不知道如何对系统分区,对于分区方案没有最好的,只是跟据自己的情况去分。
下面是我的分区方案。

硬盘为120G ,/(根)1G 左右就差不多了,但考滤到/root 工作目录也在这里,所以分大一点。

/home/data 主要是用来存放Email /ftp用户的数据

/tmp 1G 也是考虑到临时文件多,所以给大也点。

/usr/ 10G 因为要安装软件,还有下载的软件,我没有装GUI 所以只分了10G我认为足够了。

/var 3G这个目录存放的东西比较多,如日志、邮件的临时目录,如果空间不够amavisd-new 无法解开邮件进行杀毒。

 %df -h
  Filesystem   Size    Used    Avail   Capacity   Mounted on
  /dev/ad0s1a   1.9G   481M   1.3G    26%       /
  devfs         1.0K    1.0K    0B      100%   /dev
  /dev/ad0s1g    92G    353M    84G    0%      /home/data
  /dev/ad0s1e    989M    224K    910M    0%    /tmp
  /dev/ad0s1f    9.7G    1.8G    7.1G    20%    /usr
  /dev/ad0s1d     2.9G   105M    2.6G     4%    /var 

 

用户可以跟据自己的需要进行分区。

B、安装基本系统

对于系统的安装,我选择了minimal(最小系统)和ports ,因为有些没必要的包就不装,减少系统体积,另外作为一台服务器,我从来不装GUI 。

下载BSD时,只需要下载DISK 1 就行了,缺少的软件包可以通过网络安装。

C、配置系统

如果你在安装后期没有配置系统,在系统启动完成后以root的身份登陆系统,运行sysinstall 进行设置,或通过ee编辑器编辑/etc/rc.conf文件,在这里提醒各位,一会大多数服务都需要在/etc/rc.conf加入启动内容才能正常启动。

设置好固定IP,或通过DHCP 自动分配置机器IP。使用SSH 客户端进行管理服务器将会为你的工作提供方便。

使用SSH 要注意:

a、不能用root直接登陆,需要添加一个新用户,指定到wheel 组,用此用户登陆后用使用 su - 提升到管理员。

b、 以我的SecureCRT 为例,Session options ->Authentication ->Primary 选择keyboard Interactive

c、如果你要使用像LINUX 一样的彩色显示,需要把 Emulation -> Terminal ->Xterm 选中ANSI Color 并在/etc/csh.cshrc加入

 

setenv LSCOLORS ExGxFxdxCxegedabagExEx 
setenv CLICOLOR yes
set autolist

 

然后执行

 

sed -i.bak -E s/set\ prompt/#set\ prompt/g /root/.cshrc

 

退出重新登陆即可看到彩色目录了。

 

D、更新软件包

采用Freebsd 最好的地方就是安装软件方便,还可以装到最新的软件包,这就是强大的posts 系统。如果你的系统在安装时没有选择posts ,具休如何操作看BSD 的handbook.

CVSUP 的站点很多,你可以选择离你最快的站点去更新posts ,具体查看 freebsd.org /freebsdchina.org.cn

在使用cvsup之前你必须连接到互联网,并需要安装cvsup 这个软件

假如你的服务器在内网里,并通过DMZ 进行IP映射,可以参考下面设置:

 

sshd_enable="YES"
fsck_y_enable="YES"
hostname="mail.extmail.org"
ifconfig_rl0="inet 192.168.1.1 netmask 255.255.255.0"
  defaultrouter="192.168.1.1"

 

如果你使用的是ADSL 拔号

a、修改/etc/ppp/ppp.conf

default:
set log Phase tun command # you can add more detailed logging if you wish
set ifaddr 10.0.0.1/0 10.0.0.2/0
 
adsl:
  set device PPPoE:vr0 # 将vr0 改为你拔号的网卡
  set authname 你的ADSL 帐号 
  set authkey 你的ADSL密码
  set dial
  set login
  add default HISADDR
 

b、/etc/rc.conf 内容

inetd_enable="YES"
sshd_enable="YES"
fsck_y_enable="YES"
hostname="mail.extmail.org"
ifconfig_rl0="inet 192.168.1.1 netmask 255.255.255.0" 
ppp_enable="YES" #YES or NO
ppp_mode="ddial" #"auto", "ddial", "direct" or "dedicated".
ppp_nat="YES" # if you want to enable nat for your local network, otherwise NO
ppp_profile="adsl" #/etc/ppp/ppp.conf
 

c、安装cvsup-without-gui

 

 %cd /usr/ports/net/cvsup-without-gui/
 %make install clean
 

 

d、更新ports
安装完cvsup软件后,对ports 进行更新

 

%/usr/local/bin/cvsup -gL 2 -h cvsup4.freebsdchina.org /usr/share/examples/cvsup/ports-supfile

 

三、安装数据库 MySQL

 

MySQL 版本很多,大家可以据自己需要自行选择喜欢的版本安装。

%cd /usr/ports/databases/mysql41-server/
%make install clean

在/etc/rc.conf 加入

mysql_enable="YES"

复制配置文件(非必需)

cp /usr/local/share/mysql/my-small.cnf /usr/local/etc/my.cnf

在此说明:

1、如果不在/etc/rc.conf 加入以上内容,手工是无法启动MySQL的。
2、如果你想知道这个软件应该在/etc/rc.conf加入什么内容,打开/usr/local/etc/rc.d 目录,找到此软件的启动脚本。然后打开文件,如果有详细的说明。
 

%/usr/local/etc/rc.d/mysql-server.sh start
 Starting mysql.

 

如何去检查一个服务是否正常启动:1、通过ps查看进程,2、检查所打开的端口。

%ps aux|grep mysql
mysql 94899  0.2  0.5  1644  1240  p0  S     3:52PM   0:00.07 /bin/sh /usr/local/bin/mysqld_safe --
mysql 94919  0.0 10.8 55564 27428  p0  S     3:52PM   0:01.54 /usr/local/libexec/mysqld --defaults-
%

%netstat -an|grep 3306
tcp4       0      0  *.3306                 *.*                    LISTEN

MySQL安装时,服务器的密码为空,建议你装好系统后,第一时间去更改密码。

%/usr/local/bin/mysqladmin -u root -p password 你的新密码 
Enter password: 

如果你服务器只供本站内部使用建议在 my.cnf 里加入下面内容,以增加服务器的安全性。

[mysqld]
bind_address=127.0.0.1

 

四、安装Apache

1、安装apache server

作为网络的今天apache web服务器已经是街知港闻了。

%cd /usr/ports/www/apache22/
%make install clean

在/etc/rc.conf 中加入:

apache22_enable="YES"

如果启动时出现httpd: Could not reliably determine the server's fully qualified domain name, using mail.sharesky.cn for ServerName 的错误,在/usr/local/etc/apache22/httpd.conf 约第144行的位置加入下面的内容。

ServerName mail.extmail.org

启动apahce

%/usr/local/etc/rc.d/apache22.sh start
Performing sanity check on apache22 configuration:
Syntax OK
Starting apache22.

2、安装PHP

%cd /usr/ports/lang/php4/
%make install clean
                  Options for mod_php4 4.4.2_1,1                    x  
               x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x  
               x x         [ ] DEBUG      Enable debug                            x x  
               x x         [X] MULTIBYTE  Enable zend multibyte support           x x  
               x x         [ ] IPV6       Enable ipv6 support                     x x  
               x x         [X] OPENSSL    Build static OpenSSL extension       

在/usr/local/etc/apache22/httpd.conf 里加入

AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

加入目录索引 index.php,约在httpd.conf 的212行

 DirectoryIndex index.html index.php

restart或reload Apache 使之生效

%/usr/local/etc/rc.d/apache22.sh reload
Performing sanity check on apache22 configuration:
Syntax OK
Performing a graceful restart

3、安装PHP 扩展

%cd /usr/ports/lang/php4-extensions/
%make install clean

在这里建议大家,如果没有必要尽量不要安装GD库免得浪费时间,大家可据自己需要选择安装模块

               lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
               x                 Options for php4-extensions 1.0                    x  
               x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x  
               x x  [ ] BCMATH       bc style precision math functions            x x  
               x x  [X] BZ2          bzip2 library support                        x x  
               x x  [ ] CALENDAR     calendar conversion support                  x x  
               x x  [ ] CRACK        crack support                                x x  
               x x  [X] CTYPE        ctype functions                              x x  
               x x  [X] CURL         CURL support                                 x x  
               x x  [ ] DBA          dba support                                  x x  
               x x  [ ] DBASE        dBase library support                        x x  
               x x  [ ] DBX          dbx support                                  x x  
               x x  [ ] DIO          Direct I/O support                           x x  
               x x  [ ] DOMXML       DOM support                                  x x  
               x x  [ ] EXIF         EXIF support                                 x x  
               x x  [ ] FILEINFO     fileinfo support                             x x  
               x x  [ ] FILEPRO      filePro support                              x x  
               x x  [ ] FRIBIDI      FriBidi support     
			     x x  [X] FTP          FTP support                                  x x  
               x x  [ ] GD           GD library support                           x x  
               x x  [X] GETTEXT      gettext library support                      x x  
               x x  [ ] GMP          GNU MP support                               x x  
               x x  [X] ICONV        iconv support                                x x  
               x x  [ ] IMAGICK      ImageMagick support                          x x  
               x x  [X] IMAP         IMAP support                                 x x  
               x x  [ ] INTERBASE    Interbase 6 database support (Firebird)      x x  
               x x  [ ] LDAP         OpenLDAP support                             x x  
               x x  [X] MBSTRING     multibyte string support                     x x  
               x x  [ ] MCAL         Modular Calendar Access Library support      x x  
               x x  [X] MCRYPT       Encryption support                           x x  
               x x  [ ] MCVE         MCVE support                                 x x  
               x x  [ ] MHASH        Crypto-hashing support                       x x  
			     x x  [ ] MING         ming shockwave flash support                 x x  
               x x  [ ] MNOGOSEARCH  mnoGoSearch support                          x x  
               x x  [ ] MSSQL        MS-SQL database support                      x x  
               x x  [X] MYSQL        MySQL database support                       x x  
               x x  [ ] NCURSES      ncurses support (CLI only)                   x x  
               x x  [ ] ODBC         unixODBC support                             x x  
               x x  [X] OPENSSL      OpenSSL support                              x x  
               x x  [ ] ORACLE       Oracle support                               x x  
               x x  [X] OVERLOAD     user-space object overloading support        x x  
               x x  [ ] PANDA        panda support                                x x  
               x x  [ ] PCNTL        pcntl support (CLI only)                     x x  
               x x  [X] PCRE         Perl Compatible Regular Expression support   x x  
               x x  [ ] PDF          PDFlib support (implies GD)                  x x  
               x x  [ ] PFPRO        PayFlow Pro support                          x x  
			     x x  [ ] PGSQL        PostgreSQL database support                  x x  
               x x  [X] POSIX        POSIX-like functions                         x x  
               x x  [ ] PSPELL       pspell support                               x x  
               x x  [ ] READLINE     readline support (CLI only)                  x x  
               x x  [ ] RECODE       recode support                               x x  
               x x  [X] SESSION      session support                              x x  
               x x  [ ] SHMOP        shmop support                                x x  
               x x  [ ] SNMP         SNMP support                                 x x  
               x x  [ ] SOCKETS      sockets support                              x x  
               x x  [ ] SYBASE_CT    Sybase database support                      x x  
               x x  [ ] SYSVMSG      System V message support                     x x  
               x x  [ ] SYSVSEM      System V semaphore support                   x x  
               x x  [ ] SYSVSHM      System V shared memory support               x x  
               x x  [X] TOKENIZER    tokenizer support                            x x  
			     x x  [ ] WDDX         WDDX support (implies XML)                   x x  
               x x  [X] XML          XML support                                  x x  
               x x  [ ] XMLRPC       XMLRPC-EPI support                           x x  
               x x  [ ] XSLT         XSLT Sablotron support                       x x  
               x x  [ ] YAZ          YAZ support (ANSI/NISO Z39.50)               x x  
               x x  [ ] YP           YP/NIS support                               x x  
               x x  [ ] ZIP          ZIP support                                  x x  
               x x  [X] ZLIB         ZLIB support                                 x x  
  

4、安装phpmyadmin 管理数据库

为了去除无聊的安装过程,这里选择手工安装,先下载软件包,然后解压,再复制到/usr/local/www/apache22/data 下面

%cd /usr/ports/databases/phpmyadmin/
%make fetch
%cd /usr/ports/distfile
%tar jxvf phpMyAdmin-2.7.0-pl2.tar.bz2
%cp -r /usr/ports/distfiles/phpMyAdmin-2.7.0-pl2 /usr/local/www/apache22/data/phpmyadmin

大家注意,可能你下载的版本与我下载的不一样,不能照搬。

设置phpmyadmin

%cd /usr/local/www/apache22/data/phpmyadmin/
%ee config.default.php 

将$cfg['Servers'][$i]['auth_type'] = 'config'; 改为

$cfg['Servers'][$i]['auth_type']     = 'http'; 

打开http://ip/phpmyadmin 就可以管理你的mysql 数据库了

5、安装extman

extman 是extmail用户后台管理系统,官方网站为www.extmail.org 下载解压

%tar zxvf extman-13-20060102.tar.gz
%cd extman-0.13-20060102/docs
%mysql -u root -p <extmail.sql //在这里可以修改修改extmail数据库用户和密码。修改后其他地
Enter password:                //方应该做相应的修改
%mysql -u root -p <init.sql //在这里我修改了邮件的域为我自己的 。 不要修改密码。密码是加密
Enter password:             //过的

extmail.sql添加了两个MySQL用户

1、只读用户:extmail 密码:extmail

2、读/写用户:webman 密码:webman

init.sql 里,对extmail数据库添加了下面的记录

a、添加了一个别名记录 support@extmail.org ->test@extmail.org

b、增加了 extmail.org 域

c、增加了test@extmail.org的邮箱密码为test。

d、增加了extman 的管理员root@extmail.org 密码为extmail

//这上面的我没修改,。0.22跟0.24有区别了

 

五、安装邮件系统

安装下面三个软件要注意先后顺序

1、安装 Courier-IMAP

%cd /usr/ports/mail/courier-imap/
%make install clean

选择openssl、MySQL //貌似这里没openssl

在/etc/rc.conf 加入

courier_authdaemond_enable="YES"
courier_imap_pop3d_enable="YES"
courier_imap_imapd_enable="YES"

修改authdaemond的权限

%/usr/local/etc/rc.d/courier-authdaemond.sh start
%chmod -R  +x /var/run/authdaemond/ 

authdaemond 启动完成后,检查/var/run/authdaemond 下面是否产生socket 文件,因为认证时是通过这个文件读取密码的。

设置/usr/local/etc/authlib/authdaemonrc

%mv authdaemonrc authdaemonrc.bak 
ee authdaemonrc   //修改它们的权限为 couier 刚开这里是root的权限,提示authlib 错误
 

在authdaemonrc 加入下面的内容

authmodulelist="authmysql"
authmodulelistorig="authmysql"
version="authdaemond.mysql"
daemons=5                             
authdaemover=/var/run/authdaemond     
subsystem=mail                        
DEBUG_LOGIN=2                         
DEFAULTOPTIONS="wbnodsn=1" 

上面DEBUG_LOGIN=2 是为了调试方便,等系统完全测试完成,可改为 0,即不显示调试信息。

设置/usr/local/etc/authlib/authmysqlrc

%mv authmysqlrc authmysqlrc.bak
ee authmysqlrc

加入下面的内容

MYSQL_SERVER    localhost
MYSQL_USERNAME  extmail
MYSQL_PASSWORD  extmail
MYSQL_PORT      0
MYSQL_OPT       0
MYSQL_DATABASE  extmail

MYSQL_SELECT_CLAUSE     SELECT username,password,"",uidnumber,gidnumber,\
                        CONCAT('/home/data/domains/',homedir),               \
                        CONCAT('/home/data/domains/',maildir),               \
                        quota,                                          \
                        name                                            \
                        FROM mailbox                                    \
                        WHERE username = '$(local_part)@$(domain)' 

大家要注意,我的邮件保存的目录是/home/data/domains ,你可以跟据你的需要改为自己的目录。

用户名和密码是extmail 这个具体需要看extman 软件包中的docs 目录中的extmail.sql,很多人无法通上发信认证,很可能以上面两个文件配置有关。

创建pop3/imap 的配置文件

%cp pop3d.cnf.dist pop3d.cnf
%cp imapd.cnf.dist imapd.cnf

修改/usr/local/etc/courier-imap/pop3d (不修改也行)

POP3AUTH="LOGIN CRAM-MD5 CRAM-SHA1"

修改/usr/local/etc/courier-imap/imapd(不修改也行)

IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA"


2、安装 Cyrus-SASL2 

%cd /usr/ports/security/cyrus-sasl2
%make install WITH_AUTHDAEMON=yes  //这里应该改为make WITH_AUTHDAEMON=yes install clean 应该是这里在7.0有makeconfig 选项。把mysql 去掉。不然会提示sql_select 什么错误 也可以在config里直接选择authademon make install clean 就ok了

创建 /usr/local/lib/sasl2/smtpd.conf 加入下面的内容

pwcheck_method:authdaemond
log_level:3
mech_list:PLAIN LOGIN
authdaemond_path:/var/run/authdaemond/socket

3、安装Postfix

%cd /usr/ports/mail/postfix
%make install clean

选择SASL2 、TLS、MySQL、VDA ,安装过程中有两个提问,直接按回车,使用系统默认的回答。

%echo postfix: root >> /etc/aliases
%/usr/local/bin/newaliases
%ln -s /usr/local/sbin/sendmail /usr/sbin/sendmail

如果出现ln: /usr/sbin/sendmail: File exists 提示,把/usr/sbin/sendmail改名再链接。

设置postfix 随系统启动

postfix_enable="YES"                  
sendmail_enable="NO"                  
sendmail_submit_enable="NO"           
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

创建/etc/periodic.conf 加入下面的内容

daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"

配置/usr/local/etc/postfix/main.cf ,在你安装时,只需要修改####BASE#### 部分即可

%mv main.cf main.cf.bak

这个配置文件已经加入了maildrop的支持

###################BASE##################
myhostname=mail.extmail.org   #机器的名字
mydomain = extmail.org		#你的域名
mydestination = $myhostname
local_recipient_maps = 
command_directory = /usr/local/sbin
#local_transport = virtual
smtpd_banner = extmail.org ESMTP Mail System
message_size_limit = 14680064		#邮件大小
#mailbox_size_limit = 512000000
#################MySQL################
virtual_alias_maps =mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
#virtual_gid_maps = static:125
#virtual_gid_maps = static:1000
virtual_mailbox_base = /home/data/domains  #邮件保存的目录
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
#virtual_mailbox_limit = 512000000
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
#virtual_minimum_uid = 125
#virtual_minimum_uid = 1000
#virtual_transport = virtual
virtual_transport = maildrop:
maildrop_destination_recipient_limit = 1 

#virtual_uid_maps = static:125
#virtual_uid_maps = static:1000
################Quota################
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry,the user's Maildir has overdrawn his diskspace quota ,please tray again later.
virtual_overquota_bounce = yes

##############SASL####################
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

smtpd_recipient_restrictions = 
 permit_mynetworks,
 permit_sasl_authenticated,
 reject_unauth_destination,
 reject_unauth_pipelining,
 reject_invalid_hostname,

 reject_rbl_client cbl.anti-spam.org.cn			#CBL 服务器 具体请看anti-spam.org.cn
#注意上面几行前面是有空格的。


readme_directory = no
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
html_directory = no
setgid_group = maildrop
manpage_directory = /usr/local/man
daemon_directory = /usr/local/libexec/postfix
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix

以下四个文件在extman 软件包Docs 目录里,使用时,直接复制到/usr/local/etc/postfix 目录即可。

mysql_virtual_alias_maps.cf

user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = alias
select_field = goto
where_field = address
additional_conditions = AND active = '1'

mysql_virtual_domains_maps.cf

user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = domain
select_field = description
where_field = domain
additional_conditions = AND active = '1'

mysql_virtual_mailbox_maps.cf

user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = mailbox
select_field = maildir
where_field = username
additional_conditions = AND active = '1'

mysql_virtual_mailbox_limit_maps.cf

user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = mailbox
select_field = quota
where_field = username
additional_conditions = AND active = '1'

至此postfix 基本设置完成,但还不能收发邮件。

4、安装maildrop

我们在设置邮件服务器时MTA 部分还是使用posfix 本身的帐户进行处理邮件,由于maildrop 不能和postfix 与同一用户身份处理邮件,所以我们新开一个用户用户maildrop 处理。

添加vgroup

pw groupadd vgroup -g 1000

添加vuser

%pw useradd vuser -g 1000 -u 1000 -s /sbin/nologin -d /sbin/nologin -c "virtual mail user"

安装maildrop,记得要把WITH_AUTHLIB=yes 加上

%cd /usr/ports/mail/maildrop
%make install WITH_AUTHLIB=yes //修改为make WITH_AUTHLIB=yes install clean 

选择AUTH_MYSQL

        lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
               x                    Options for maildrop 2.0.1                      x  
               x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x  
               x x            [ ] AUTH_LDAP    LDAP support                       x x  
               x x            [X] AUTH_MYSQL   MySQL support                      x x  
               x x            [ ] AUTH_PGSQL   PostgreSQL support                 x x  
               x x            [ ] AUTH_USERDB  Userdb support                     x x  
               x x            [ ] AUTH_VCHKPW  Vpopmail/vchkpw support            x x  

修改/usr/local/etc/postfix/master.cf ,把maildrop 原先已有的记录注译(即删除旧记录),加上下面的内容

maildrop unix -     n     n     -     -     pipe
  flags=DRhu user=vuser argv=/usr/local/bin/maildrop -d ${user}@${nexthop} ${recipient} ${user} ${extension} ${nexthop}

设置邮件存储目录

%mkdir -p /home/data/domains/extmail.org/test
%/usr/local/bin/maildirmake /home/data/domains/extmail.org/test/Maildir
%chown -R 1000:1000 /home/data/domains/

 

至此,我们的邮件系统基础部分已经安装完成了。重启系统,开始进行测试。

 

六、测试系统

1、测试maildrop 是否正常

建议进入系统后去检查/etc/rc.conf 中的服务是否正常。

注意邮件系统用户名格式是:user@domain.ltd ,是支持多域的,和平时用的有点不一样。

用SecureCRT 新开 二个窗口,其中一个用于输入命令,一个查看maillog

%tail -f /var/log/maillog

观察下面的操作,证明maildrop 已投递正常

%echo "test" | maildrop -V 10 -d test@extmail.org
maildrop: authlib: groupid=1000
maildrop: authlib: userid=1000
maildrop: authlib: logname=test@extmail.org, home=/home/data/domains/extmail.org/test, mail=/home/data/domains/extmail.org/test/Maildir/
maildrop: Changing to /home/data/domains/extmail.org/test
Message start at 0 bytes, envelope sender=test@extmail.org
maildrop: Attempting .mailfilter
WARN: quota string '5242880' not parseable
maildrop: Delivery complete.

maillog 将会有如下显示

Mar 10 14:39:58 mail authdaemond: Authenticated: sysusername=, sysuserid=1000, sysgroupid=1000, 
homedir=/home/data/domains/extmail.org/test, address=test@extmail.org, fullname=Test user, 
maildir=/home/data/domains/extmail.org/test/Maildir/, quota=5242880, options=
Mar 10 14:39:58 mail authdaemond: Authenticated: clearpasswd=, passwd={crypt}uywiuN.XggXXc

2、测试postfix

由于在发信认证时使用的是BASE64 编码,所以要把用户名和密码转BASE64 格式,在此前需要安装 p5-MIME-BASE64

%cd /usr/ports/converters/p5-MIME-Base64/
%make install

测试用户test@extmail.org 密码 test

%perl -MMIME::Base64 -e 'print encode_base64("test\@extmail.org");'                   
dGVzdEBleHRtYWlsLm9yZw==
%perl -MMIME::Base64 -e 'print encode_base64("test");'      
dGVzdA==

看下面的测试过程

%telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 sharesky.cn ESMTP Mail System
ehlo test.com
250-mail.extmail.org
250-PIPELINING
250-SIZE 14680064
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
auth login
334 VXNlcm5hbWU6
dGVzdEBleHRtYWlsLm9yZw==
334 UGFzc3dvcmQ6
dGVzdA==
235 Authentication successful
mail from:<test@test.com>
250 Ok
rcpt to:<test@extmail.org>
250 Ok
data
354 End data with .
this is a test.
.
250 Ok: queued as 23CEE5C38
quit
221 Bye
Connection closed by foreign host.

下面是系统所产生的maillog

Mar 10 14:47:45 mail postfix/smtpd[1090]: connect from localhost[127.0.0.1]
Mar 10 14:47:57 mail authdaemond: Authenticated: sysusername=<null>, sysuserid=1000, sysgroupid=1000, homedir=/home/data/domains/extmail.org/test, 
address=test@extmail.org, fullname=Test user, maildir=/home/data/domains/extmail.org/test/Maildir/, quota=5242880, options=
Mar 10 14:47:57 mail authdaemond: Authenticated: clearpasswd=test, passwd={crypt}uywiuN.XggXXc
Mar 10 14:48:13 mail postfix/smtpd[1090]: 23CEE5C38: client=localhost[127.0.0.1], sasl_method=login, sasl_username=test@extmail.org
Mar 10 14:48:18 mail postfix/cleanup[1135]: 23CEE5C38: message-id=<20060310144813.23CEE5C38@mail.extmail.org>
Mar 10 14:48:18 mail postfix/qmgr[669]: 23CEE5C38: from=<test@test.com>, size=341, nrcpt=1 (queue active)
Mar 10 14:48:19 mail authdaemond: Authenticated: sysusername=, sysuserid=1000, sysgroupid=1000, homedir=/home/data/domains/extmail.org/test, 
address=test@extmail.org, fullname=Test user, maildir=/home/data/domains/extmail.org/test/Maildir/, quota=5242880, options=
Mar 10 14:48:19 mail authdaemond: Authenticated: clearpasswd=, passwd={crypt}uywiuN.XggXXc
Mar 10 14:48:19 mail postfix/pipe[1136]: 23CEE5C38: to=<test@extmail.org>, relay=maildrop, delay=14, status=sent (extmail.org)
Mar 10 14:48:19 mail postfix/qmgr[669]: 23CEE5C38: removed
Mar 10 14:48:20 mail postfix/smtpd[1090]: disconnect from localhost[127.0.0.1]

测试pop3收邮件

%telnet localhost 110
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK Hello there.
user test@extmail.org
+OK Password required.
pass test
+OK logged in.
list
+OK POP3 clients that break here, they violate STD53.
1 6
2 403
.

retr 1
+OK 6 octets follow.
test
.
retr 2
+OK 403 octets follow.
Return-Path: <test@test.com>
Delivered-To: test@extmail.org
Received: from test.com (localhost [127.0.0.1])
        by mail.extmail.org (Postfix) with ESMTP id 23CEE5C38
        for <test@extmail.org>; Fri, 10 Mar 2006 14:48:05 +0000 (UTC)
Message-Id: <20060310144813.23CEE5C38@mail.extmail.org>
Date: Fri, 10 Mar 2006 14:48:05 +0000 (UTC)
From: test@test.com
To: undisclosed-recipients:;

this is a test.
.

quit
+OK Bye-bye.
Connection closed by foreign host.

所产生的maillog

Mar 10 16:17:56 mail authdaemond: Authenticated: sysusername=, sysuserid=1000, sysgroupid=1000, homedir=/home/data/domains/extmail.org/test, address=test@extmail.org, fullname=Test user, maildir=/home/data/domains/extmail.org/test/Maildir/, quota=5242880, options=
Mar 10 16:17:56 mail authdaemond: Authenticated: clearpasswd=test, passwd={crypt}uywiuN.XggXXc
Mar 10 16:17:57 mail pop3d: LOGIN, user=test@extmail.org, ip=[127.0.0.1]
Mar 10 16:18:15 mail pop3d: LOGOUT, user=test@extmail.org, ip=[127.0.0.1], top=0, retr=397, time=18

至此,我们已经成功安装了一个邮件系统,下面我们再去增加内容过滤和反垃圾邮件部分。

 

七、安装反垃圾邮件

1、安装amavisd-new

内容过滤我们采用了amavisd-new ,主要考滤到amavsid-new 配置方便,当然你也可以使用mailscanner。

%cd /usr/ports/security/amavisd-new/
%make install clean

只选择MYSQL

在安装Amavisd-new 时,系统会自动把Spamassassin 装上去

               lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
               x             Options for p5-Mail-SpamAssassin 3.1.0_6               x  
               x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x  
               x x   [X] AS_ROOT        Run spamd as root (recommended)           x x  
               x x   [ ] DOMAINKEYS     DomainKeys support                        x x  
               x x   [X] SSL            Build with SSL support for spamd/spamc    x x  
               x x   [X] MYSQL          Add MySQL support                         x x  
               x x   [ ] PGSQL          Add PostreSQL support                     x x  
               x x   [ ] RAZOR          Add Vipul's Razor support                 x x  
               x x   [ ] SPF_QUERY      Add SPF query support                     x x  
               x x   [ ] RELAY_COUNTRY  Relay country support                     x x  
               x x   [X] TOOLS          Install SpamAssassin tools                x x  

在/etc/rc.conf 加入下面的内容

amavisd_enable="YES"
spamd_enable="YES"

修改 /usr/local/etc/amavisd.conf

$mydomain = 'extmail.org'; 

垃圾邮件病毒通知

$virus_admin               = "postmaster\@$mydomain";  # notifications recip.
$mailfrom_notify_admin     = "postmaster\@$mydomain";  # notifications sender
$mailfrom_notify_recip     = "postmaster\@$mydomain";  # notifications sender
$mailfrom_notify_spamadmin = "postmaster\@$mydomain"; # notifications sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef

去除对附件的转换

$banned_filename_re = new_RE(
#把中间的内容全部加上#
);

加入对Clamav 的支持

# ### http://www.clamav.net/
 ['ClamAV-clamd',
   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
   qr/\bOK$/, qr/\bFOUND$/,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], 

在/usr/local/etc/postfix/main.cf 加入

content_filter = smtp-amavis:[127.0.0.1]:10024

在/usr/local/etc/postfix/master.cf 加入

smtp-amavis unix -   -   n     -       2  smtp 
        -o smtp_data_done_timeout=1200 
        -o disable_dns_lookups=yes 
                                                                                 
127.0.0.1:10025 inet n -       n       -       -  smtpd 
        -o content_filter= 
        -o local_recipient_maps= 
        -o relay_recipient_maps= 
        -o smtpd_restriction_classes= 
        -o smtpd_client_restrictions= 
        -o smtpd_helo_restrictions= 
        -o smtpd_sender_restrictions= 
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8 

重启postfix

%/usr/local/etc/rc.d/postfix.sh restart
postfix/postfix-script: stopping the Postfix mail system
postfix/postfix-script: starting the Postfix mail system

对于Spamassassin 配置文件/usr/local/etc/mail/spamassassin/local.cf 请参考

http://spamassassin.apache.org/

配置工具

http://www.yrex.com/spam/spamconfig.php

调试amavisd-new

%su vscan
$ /etc/sbin/amavisd debug

如果没有出现任何错误,证明你的amavisd-new 正常。

2、安装Clamav

clamav 用于邮件杀毒

%cd /usr/ports/security/clamav
%make install clean

可以什么都不选,直接回车

clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"

修改/usr/local/etc/clamd.conf 让其以vscan 身份运行(约145行)

#User clamav
User vscan

修改/usr/local/etc/freshclam.conf

#DatabaseOwner clamav
DatabaseOwner vscan

修目录权限

%chown -R vscan:vscan /var/log/clamav
%chown -R vscan:vscan /var/run/clamav
%chown -R vscan:vscan /var/db/clamav

启动clamav 与 自动更新

%/usr/local/etc/rc.d/clamav-clamd.sh start
%/usr/local/etc/rc.d/clamav-freshclam.sh start

3、测试

%telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.mold.com.cn.
Escape character is '^]'.
220 extmail.org ESMTP Mail System
ehlo test.com
250-mail.mold.com.cn
250-PIPELINING
250-SIZE 14680064
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
mail from:<test@test.com>
250 Ok
rcpt to:<test@extmail.org>
250 Ok
data
354 End data with .
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
.
250 Ok: queued as F19692E084
quit
221 Bye
Connection closed by foreign host.

所产生的maillog

Mar 10 18:19:25 mail postfix/smtpd[797]: connect from localhost[127.0.0.1]
Mar 10 18:19:25 mail postfix/smtpd[797]: CD31B5C25: client=localhost[127.0.0.1]
Mar 10 18:19:25 mail postfix/cleanup[793]: CD31B5C25: message-id=<VAQ0WNU5+REDjW@mail.extmail.org>
Mar 10 18:19:25 mail postfix/qmgr[789]: CD31B5C25: from=<virusalert@extmail.org>, size=1670, nrcpt=1 (queue active)
Mar 10 18:19:26 mail postfix/smtpd[797]: disconnect from localhost[127.0.0.1]
Mar 10 18:19:26 mail amavis[458]: (00458-01) Blocked INFECTED (Eicar-Test-Signature), [127.0.0.1] <?@[127.0.0.1]> -> <test@extmail.org>, quarantine: virus-Q0WNU5+REDjW, 
Message-ID: <20060310181918.954D75C24@mail.extmail.org>, mail_id: Q0WNU5+REDjW, Hits: -, 1567 ms
Mar 10 18:19:26 mail postfix/smtp[794]: 954D75C24: to=<test@extmail.org>, relay=127.0.0.1[127.0.0.1], delay=14, status=sent (250 2.7.1 Ok, discarded, id=00458-01 - VIRUS: Eicar-Test-Signature)
Mar 10 18:19:26 mail postfix/qmgr[789]: 954D75C24: removed
Mar 10 18:19:26 mail postfix/smtpd[791]: disconnect from localhost[127.0.0.1]

观看红色的地方,病毒已经找到,并隔离了。随之这封邮件被系统删除。

八、安装extmail /extman

1、设置apache 的运行身份

修改/usr/local/etc/apache22/httpd.conf

#User www
#Group www
User vuser
Group vgroup

在httpd.conf 加入下面的内容

Alias /extman/cgi/ /usr/local/www/apache22/cgi-bin/extman/cgi/
Alias /extman /usr/local/www/apache22/cgi-bin/extman/html/

<Location "/extman/cgi">
SetHandler cgi-script
Options +ExecCGI
AllowOverride All
</Location>


# config for ExtMail               
Alias /extmail/cgi/ /usr/local/www/apache22/cgi-bin/extmail/cgi/
Alias /extmail /usr/local/www/apache22/cgi-bin/extmail/html/

<Location "/extmail/cgi">
SetHandler cgi-script
Options +ExecCGI
AllowOverride All
</Location>

重启apahce

%/usr/local/etc/rc.d/apache22.sh restart
Performing sanity check on apache22 configuration:
Syntax OK
Stopping apache22.
Waiting for PIDS: 461.
Performing sanity check on apache22 configuration:
Syntax OK
Starting apache22.


2、安装extmail

从extmail官方网站:www.extmail.org 下载最新版式

tar zxvf extmail-23-20060219.tar.gz 
%cp -r  extmail-0.23-20060219/ /usr/local/www/apache22/cgi-bin/extmail

创建配置文件

%cd /usr/local/www/apache22/cgi-bin/extmail/
%cp webmail.cf.default webmail.cf

修改配置文件,我只把需要修改的地方贴出来

# sys_config, the config file and webmail programe root
SYS_CONFIG = /usr/local/www/apache22/cgi-bin/extmail/

# sys_langdir, the i18n dir
SYS_LANGDIR = /usr/local/www/apache22/cgi-bin/extmail/lang

# sys_templdir, the template dir
SYS_TEMPLDIR = /usr/local/www/apache22/cgi-bin/extmail/html
# sys_netdisk_on, default is off
SYS_NETDISK_ON = 1 
# maildir_base, the base dir of user maildir, use absolute path
# if not set.
SYS_MAILDIR_BASE = /home/data/domains
# if mysql, all relate paramters should prefix as SYS_MYSQL
SYS_MYSQL_USER = extmail   
SYS_MYSQL_PASS = extmail   
SYS_MYSQL_DB = extmail     
SYS_MYSQL_HOST = localhost
SYS_MYSQL_SOCKET = /tmp/mysql.sock  

打开你的浏览器,输入http://ip/extmail 即可看到登陆窗口

用户名:test

密码:test

域名:extmail.org

3、安装extman

从extmail 官方网站下载软件包,解压复制到/usr/local/www/apache22/cgi-bin目录。

%cd /usr/local/www/apache22/cgi-bin/extman/

编辑 webman.cf

# sys_config, the config file and webman programe root
SYS_CONFIG = /usr/local/www/apache22/cgi-bin/extman/

# sys_langdir, the i18n dir
SYS_LANGDIR = /usr/local/www/apache22/cgi-bin/extman/lang

# sys_templdir, the template dir
SYS_TEMPLDIR = /usr/local/www/apache22/cgi-bin/extman/html

# maildir_base, the base dir of user maildir, use absolute path
# if not set. 
SYS_MAILDIR_BASE = /home/data/domains
# if mysql, all relate paramters should prefix as SYS_MYSQL
SYS_MYSQL_USER = webman
SYS_MYSQL_PASS = webman
SYS_MYSQL_DB = extmail
SYS_MYSQL_HOST = localhost
SYS_MYSQL_SOCKET = /tmp/mysql.sock   

创建/tmp/extman

%mkdir /tmp/extman
%chmod 777 /tmp/extman/

创建软件包的链接

%cd extman/libs/Ext/
%./buildlink.sh build /usr/local/www/apache22/cgi-bin/extmail/libs/Ext/

打开浏览器输入http://ip/extman

用户名:root@extmail.org 密码:extmail

 

 

系统配置文件下载

rc.conf 内容

mysql_enable="YES"
apache22_enable="YES"

postfix_enable="YES"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

courier_authdaemond_enable="YES"
courier_imap_pop3d_enable="YES"
courier_imap_imapd_enable="YES"

amavisd_enable="YES"
spamd_enable="YES"
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"

End

fengyong 2006-03-10 19:19

 

2008-05-21 14:24 zhouxiangsheng

crastyl@163.com

 

Tags: FreeBSD
关于开源中文网 - 联系我们 - 广告服务 - 网站地图 - 版权声明