`

postfix全功能配置

阅读更多
postfix+extmail
环境:CentOS release 5.3 (Final) 32位 内核2.6.18-128.el5
删除系统的cyrus-sasl
#rpm -qa|grep cyrus-sasl
#rpm -e --nodeps cyrus-sasl cyrus-sasl-devel-2.1.22-4 cyrus-sasl-plain-2.1.22-4
删除系统自带的sendmail
#rpm -qa|grep sendmail
#rpm -e --nodeps sendmail-8.13.8-2.el5

删除系统自带的mysql
#rpm -qa|grep mysql
#rpm -e --nodeps mysql-5.0.45-7.el5

ps:要是rpm -qa|grep cyrus-sasl是出现两个相同的安装包,加--allmatches参数就可以删除
添加用户
groupadd postfix  -g 1000
groupadd vmail    -g 1001 
groupadd -g 1002 postdrop
groupadd mysql
groupadd  -g 1004 vgroup
useradd -g mysql mysql
useradd  -u 1001  -g 1001 -M -s /sbin/nologin vmail
useradd  -u 1000  -g 1000 -M -s /sbin/nologin postfix
useradd -g vgroup -u 1004 -M -s /sbin/nologin vuser
useradd -g postdrop -u 1002 -M -s /bin/false postdrop

安装apache
#wget http://labs.renren.com/apache-mirror//httpd/httpd-2.2.21.tar.gz
#wget http://www.fastcgi.com/dist/fcgi-2.4.0.tar.gz
#wget http://www.fastcgi.com/dist/mod_fastcgi-2.4.6.tar.gz
#tar -zxvf httpd-2.2.21.tar.gz
#cd httpd-2.2.21
#./configure --prefix=/usr/local/apache --enable-so --enable-cgi --enable-suexec --enable-modules=most --enable-mods-shared=most --with-suexec-caller=vmail --with-suexec-docroot=/var/www/extsuite
#make
#make install
#vi /usr/local/apache/conf/httpd.conf
在最后加上
NameVirtualHost *:80
Include conf/vhost_*.conf

#vi  /usr/local/apache/conf/vhost_extmail.conf
# VirtualHost for ExtMail Solution
<VirtualHost *:80>
ServerName mail.extmail.org
DocumentRoot /var/www/extsuite/extmail/html/

ScriptAlias /extmail/cgi/ /var/www/extsuite/extmail/cgi/
Alias /extmail /var/www/extsuite/extmail/html/

ScriptAlias /extman/cgi/ /var/www/extsuite/extman/cgi/
Alias /extman /var/www/extsuite/extman/html/
<Directory /var/www/extsuite>
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
# Suexec config
SuexecUserGroup vmail vmail
</VirtualHost>

ps:
出现Internal Server Error
检查tailf /usr/local/apache/logs/suexec_log
#suexec -V //看看suexec的目录设置和vhost_extmail.conf列配置是否一致

Unix::Syslog not found, please install it first! (in cleanup) Undefined subroutine &Ext::Logger::do_closelog called at /var/www/html/extsuite/extmail/libs/Ext/Logger.pm line 86.
缺少Unix::Syslog
#perl -MCPAN -e shell
#cpan> install Unix::Syslog

安装mysql
#wget http://mysql.ntu.edu.tw/Downloads/MySQL-5.1/mysql-5.1.57.tar.gz
#tar -zxvf mysql-5.1.57.tar.gz
#cd mysql-5.1.57
#./configure --prefix=/usr/local/mysql --with-charset=gbk --with-extra-charsets=all --enable-thread-safe-client --localstatedir=/var/data
#make
#make install
#cp support-files/my-medium.cnf /etc/my.cnf
#cp support-files/mysql.server /etc/rc.d/init.d/mysqld
#chmod 755 /etc/rc.d/init.d/mysqld
#chkconfig --add mysqld
#chkconfig mysqld on
初始化数据库
#/usr/local/mysql/bin/mysql_install_db --user=mysql
启动数据库
#service mysqld start

设置环境变量
#echo "/usr/local/mysql/lib/mysql">>/etc/ld.so.conf
#ldconfig
#echo "export PATH=$PATH:/usr/local/mysql/bin">>/etc/profile
#source /etc/profile

安装cyrus-sasl(Simple Authentication and Security Layer),简单的验证和安全层,smtp发信认证
#wget ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-sasl-2.1.25.tar.gz
#tar -zxvf cyrus-sasl-2.1.25.tar.gz
#./configure --prefix=/usr/local/sasl2 --disable-anon --enable-plain --enable-login --enable-sql --with-mysql=/usr/local/mysql --with-mysql-includes=/usr/local/mysql/include/mysql --with-mysql-libs=/usr/local/mysql/lib/mysql --with-authdaemond=/usr/local/courier-authlib/var/spool/authdaemon/socket
#make
#make install
关闭原有的sasl链接新的
#cd /usr/lib
#mv libsasl2.so.2.0.22 libsasl2.so.2.0.22.bak
#mv sasl2 sasl2.bak
#rm -rf libsasl2.so.2
#ln -sv /usr/local/sasl2/lib/*  /usr/lib
postfix 2.3以后的版本会分别在/usr/local/lib和/usr/local/include中搜索sasl库文件及头文件,故还须将其链接至此目录中
#ln -sv /usr/local/sasl2/include/sasl/*  /usr/local/include
创建运行所需目录并调试
#mkdir -pv /var/state/saslauthd
查看版本是否为2.1.25
#/usr/local/sasl2/sbin/saslauthd -v
saslauthd 2.1.25
authentication mechanisms: getpwent kerberos5 pam rimap shadow

#/usr/local/sasl2/sbin/saslauthd -a shadow pam -d //正常不会报错
saslauthd[17668] :main            : num_procs  : 5
saslauthd[17668] :main            : mech_option: NULL
saslauthd[17668] :main            : run_path   : /var/state/saslauthd
saslauthd[17668] :main            : auth_mech  : shadow
saslauthd[17668] :ipc_init        : using accept lock file: /var/state/saslauthd/mux.accept
saslauthd[17668] :detach_tty      : master pid is: 0
saslauthd[17668] :ipc_init        : listening on socket: /var/state/saslauthd/mux
saslauthd[17668] :main            : using process model
saslauthd[17669] :get_accept_lock : acquired accept lock
saslauthd[17668] :have_baby       : forked child: 17669
saslauthd[17668] :have_baby       : forked child: 17670
saslauthd[17668] :have_baby       : forked child: 17671
saslauthd[17668] :have_baby       : forked child: 17672
在这按ctrl +c
saslauthd[17672] :server_exit     : child exited: 17672
saslauthd[17671] :server_exit     : child exited: 17671
saslauthd[17670] :server_exit     : child exited: 17670
saslauthd[17669] :server_exit     : child exited: 17669
saslauthd[17668] :handle_sigchld  : child exited: 17669
saslauthd[17668] :handle_sigchld  : child exited: 17670
saslauthd[17668] :handle_sigchld  : child exited: 17671
saslauthd[17668] :server_exit     : pid file lock removed: /var/state/saslauthd/saslauthd.pid.lock
saslauthd[17668] :ipc_cleanup     : accept lock file removed: /var/state/saslauthd/mux.accept
saslauthd[17668] :ipc_cleanup     : socket removed: /var/state/saslauthd/mux
saslauthd[17668] :server_exit     : master exited: 0
启动
#/usr/local/sasl2/sbin/saslauthd -a shadow pam

配置库文件搜索路径
#echo "/usr/local/sasl2/lib" >> /etc/ld.so.conf
#echo "/usr/local/sasl2/lib/sasl2" >> /etc/ld.so.conf
#ldconfig

安装openssl
#wget http://www.openssl.org/source/openssl-1.0.0e.tar.gz
#tar -zxvf openssl-1.0.0e.tar.gz
#cd openssl-1.0.0e
#./config shared zlib --prefix=/usr/local/openssl
#make
#make test
#make install
#echo "/usr/local/openssl/lib" >> /etc/ld.so.conf
#ldconfig

安装postfix
#wget ftp://ftp.cuhk.edu.hk/pub/packages/mail-server/postfix/official/postfix-2.8.7.tar.gz
#tar -zxvf postfix-2.8.7.tar.gz
#cd postfix-2.8.7
# make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH -I/usr/local/sasl2/include/sasl/ -DUSE_CYRUS_SASL -I/usr/local/include -DUSE_TLS -I/usr/local/openssl/include' 'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient -lsasl2 -lz -lm -L/usr/local/sasl2/lib/sasl2 -lsasl2 -L/usr/local/openssl/lib  -lssl -lcrypto'
#make
#make install
以下基本上回车就行了
install_root: [/]
tempdir: [/software/postfix-2.8.7] /tmp
config_directory: [/etc/postfix]
command_directory: [/usr/sbin]
daemon_directory: [/usr/libexec/postfix]
data_directory: [/var/lib/postfix]
html_directory: [no]
mail_owner: [postfix]
mailq_path: [/usr/bin/mailq]
manpage_directory: [/usr/local/man]
newaliases_path: [/usr/bin/newaliases]
queue_directory: [/var/spool/postfix]
readme_directory: [no]
sendmail_path: [/usr/sbin/sendmail]
setgid_group: [postdrop]

生成别名二进制文件,这个步骤如果忽略,会造成postfix效率极低
#/usr/bin/newaliases
检验postfix是否支持sasl认证,如果输出为以下结果,则支持:
#postconf   -a
cyrus
dovecot
#postconf -m | grep mysql
mysql

启动postfix
#postfix start
#netstat -natlp|grep smtpd //看到25端口起来
#telnet IP 25 能看到“220 mail1.localdomain ESMTP Postfix”类似信息
测试postfix发信
telnet x.x.x.x 25
如果正常,您将会看到以下来自 IMC 的响应:
220 hostname.localdomnin Esmtp postfix
键入以下命令来通知 IMC 邮件源于何处:
MAIL FROM: test@test.com
您应得到如下响应:
250 OK
键入以下命令来通知 IMC 邮件的目标地址。
RCPT TO: *******@qq.com
您应看到如下响应:
250 OK
键入以下命令以通知 IMC 您已准备好发送数据:
DATA
您应看到如下响应:
354 Send data.

键入以下命令以添加主题行:
Subject: test message
然后按两次 Enter 键。
该命令看不到任何响应。
备注: 两个 Enter 命令符合 RFC 822 规则,即 822 命令后必须跟空行。

键入以下命令来添加邮件正文:
This is a test message
您将看不到来自该命令的响应。
在紧接着的空行处键入句号,然后按 ENTER 键。
您应看到如下响应:
250 OK



配置postfix
#vi /etc/postfix/main.cf
---------------------------------------------------------------------------------------------
config_directory = /etc/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
html_directory = no
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/local/man
daemon_directory = /usr/libexec/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix
###########################################################
content_filter = smtp-amavis:[127.0.0.1]:10024
max_use = 10

#=====================BASE=========================
myhostname = mail2.sery.com //主机名称
mydomain = mail.sery.com //域名
myorigin = $mydomain //组织名称,邮件标头上面的 mail from 的那个地址
mydestination = $myhostname localhost localhost.$mydomain //指定postfix系统要接收到哪个域名的邮件
mynetworks = 127.0.0.0/8 220.94.159.0/24 //允许不使用smtp发信认证的网段
inet_interfaces = all //监听的网卡接口

#=====================Vritual Mailbox settings======================
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql_virtual_domains_maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:1001
virtual_gid_maps = static:1001
virtual_transport = maildrop
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1

#====================QUOTA========================
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes

#====================SASL========================
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination,permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner=$myhostname ESMTP "Version not Available"

alias_maps = hash:/etc/aliases
unknown_local_recipient_reject_code = 450


#mkdir /etc/postfix/mysql
#vi mysql_virtual_alias_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address

#vi mysql_virtual_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = domain
select_field = description
where_field = domain

#vi mysql_virtual_mailbox_limit_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = quota
where_field = username

#vi mysql_virtual_mailbox_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username

#vi /usr/lib/sasl2/smtpd.conf
pwcheck_method: authdaemond
mech_list: PLAIN LOGIN
log_level: 3
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket

安装imap
Internet Message Access Protocol(缩写为IMAP,以前称作交互邮件访问协议)是一个应用层协议,用来从本地邮件客户端(如Microsoft Outlook、Outlook Express、Foxmail、Mozilla Thunderbird)访问远程服务器上的邮件。
IMAP 由Mark Crispin设计,对于邮件访问提供了相对于广泛使用的POP3邮件协议的另外一种选择。基本上,两者都允许一个邮件客户端访问邮件服务器上存储的信息。一些只在IMAP中存在的重要方面包括:

支持连接和断开两种操作模式。当使用POP3时,客户端只会连接在服务器上一段的时间,直到它下载完所有新信息,客户端即断开连接。在IMAP中,只要用户界面是活动的和下载信息内容是需要的,客户端就会一直连接在服务器上。对于有很多或者很大邮件的用户来说,使用IMAP4模式可以获得更快的响应时间。
支持多个客户同时连接到一个邮箱。POP3协议假定邮箱当前的连接是唯一的连接。相反,IMAP4协议允许多个用户同时访问邮箱同时提供一种机制让客户能够感知其他当前连接到这个邮箱的用户所做的操作。
支持访问消息中的MIME部分和部分获取。几乎所有的Internet 邮件都是以MIME格式传输的。MIME允许消息包含一个树型结构,这个树型结构的叶子节点都是单一内容类型而非叶子节点都是多块类型的组合。IMAP4协议允许客户端获取任何独立的MIME部分和获取信息的一部分或者全部。这些机制使得用户无需下载附件就可以浏览消息内容或者在获取内容的同时浏览。
支持在服务器保留消息状态信息。通过使用在IMAP4协议中定义的标志客户端可以跟踪消息状态,例如邮件是否被读取,回复,或者删除。这些标识存储在服务器,所以多个客户在不同时间访问一个邮箱可以感知其他用户所做的操作。
支持在服务器上访问多个邮箱。IMAP4客户端可以在服务器上创建,重命名,或删除邮箱(通常以文件夹形式显现给用户)。支持多个邮箱还允许服务器提供对于共享和公共文件夹的访问。
支持服务器端搜索。IMAP4提供了一种机制给客户使客户可以要求服务器搜索符合多个标准的信息。在这种机制下客户端就无需下载邮箱中所有信息来完成这些搜索。
支持一个定义良好的扩展机制。吸取早期Internet协议的经验,IMAP的扩展定义了一个明确的机制。很多对于原始协议的扩展已被提议并广泛使用。无论使用POP3还是IMAP4来获取消息,客户端使用SMTP协议来发送。邮件客户可能是POP客户端或者IMAP客户端,但都会使用SMTP。
大多数邮件程序的目录服务还使用LDAP。

不像大多数旧的Internet协议,IMAP4生来支持加密注册机制。IMAP4中也支持明文传输密码。因为加密机制的使用需要客户端和服务器双方的一致,明文密码的使用是在在一些客户端和服务器类型不同的情况下(例如Microsoft Windows客户端和非Windows服务器)。使用SSL也可以对IMAP4的通信进行加密,通过将在SSL上的IMAP4通信通过993端口传输或者在IMAP4线程创建的时候声明“”“STARTTLS”。

IMAP4使用端口143在TCP/IP连接上工作。

它与POP3协议的主要区别是用户可以不用把所有的邮件全部下载,可以通过客户端直接对服务器上的邮件进行操作
IMAP它只下载邮件的主题,并不是把所有的邮件内容都下载下来,而是你邮箱当中还保留着邮件的副本,没有把你原邮箱中的邮件删除,你用邮件客户软件阅读邮件时才下载邮件的内容。较好支持这两种协议的邮件客户端有:ThunderMail,Foxmail,outlook等

新版本的imap不再包含authentication library,必须先安装 Courier authentication library
#wget http://cdnetworks-kr-2.dl.sourceforge.net/project/courier/authlib/0.63.0/courier-authlib-0.63.0.tar.bz2
#tar -jxvf courier-authlib-0.63.0.tar.bz2
#cd courier-authlib-0.63.0
#yum -y install expect //安装expect,不然编译会有Warning 提示
#./configure --with-redhat --with-authmysql=yes --with-authldap=yes --with-mailuser=vmail --with-mailgroup=vmail --with-mysql-libs=/usr/local/mysql/lib/mysql --with-mysql-includes=/usr/local/mysql/include/mysql --prefix=/usr/local/courier-authlib --without-stdheaderdir CFLAGS="-march=i686 -O2 -fexpensive-optimizations" CXXFLAGS="-march=i686 -O2 -fexpensive-optimizations"
#make
#make install
#make install-configure
#grep "authdaemonvar" /usr/local/courier-authlib/etc/authlib/authdaemonrc
#chmod 755 /usr/local/courier-authlib/var/spool/authdaemon
#vi /usr/local/courier-authlib/etc/authlib/authdaemonrc
authmodulelist="authmysql"
authmodulelistorig="authmysql"
DEBUG_LOGIN=2
修改上面3项,其他的项保持不变。这个修改前2行表示只使用mysql认证模块;把DEBUG_LOGIN的值由默认的“0”改成“2”的用意是运行postfix时有更多的信息输出,通过生成的日志以帮助排错。
#vi /usr/local/courier-authlib/etc/authlib/authmysqlrc
MYSQL_SERVER localhost
MYSQL_USERNAME extmail
MYSQL_PASSWORD extmail
MYSQL_DATABASE extmail
MYSQL_SOCKET /tmp/mysql.sock
MYSQL_USER_TABLE mailbox
#MYSQL_CRYPT_PWFIELD password
MYSQL_CLEAR_PWFIELD password
DEFAULT_DOMAIN 9666sr.cn
MYSQL_UID_FIELD '1001'
MYSQL_GID_FIELD '1001'
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD concat('/data/domains/',maildir)
MYSQL_NAME_FIELD name
#MYSQL_MAILDIR_FIELD maildir
MYSQL_MAILDIR_FIELD concat('/data/domains/',maildir)
MYSQL_QUOTA_FIELD concat(quota,'S')
MYSQL_WHERE_CLAUSE active='1'
MYSQL_SELECT_CLAUSE     SELECT username,password,"",uidnumber,gidnumber,CONCAT('/data/domains/',homedir),CONCAT('/data/domains/',maildir),quota,name FROM mailbox WHERE username = '$(local_part)@$(domain)'
注意:确认在这个文件中不能用空格键,只能用tab键。 确认只使用单引号,比如:'/var/mailbox/','UID','GID' ,localhost不能用单引号,确认你的/etc/hosts文件中有localhost
编译时如果支持Ipv6可能导致错误 ,MYSQL_GID_FIELD 和MYSQL_UID_FIELD是maildrop的UID和GID,而不是MySQL的。 如果想使用md5密码,把MYSQL_CLEAR_PWFIELD password改成MYSQL_CRYPT_PWFIELD password
#echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf
#ldconfig
#ldconfig -v|grep courier
加开机启动
#cp courier-authlib.sysvinit /etc/init.d/courier-authlib
#chmod 755 /etc/init.d/courier-authlib
#chkconfig --add courier-authlib
启动
#/etc/init.d/courier-authlib start
检测是否启动
#ps -ef|grep courier-authlib //可以看到进程

安装Courier-IMAP(提供POP3/IMAP服务):
#wget http://cdnetworks-kr-2.dl.sourceforge.net/project/courier/imap/4.9.3/courier-imap-4.9.3.tar.bz2
#tar -jxvf courier-imap-4.9.3.tar.bz2
#cd courier-imap-4.9.3
#./configure --prefix=/usr/local/courier-imap --with-redhat --enable-unicode --disable-root-check --with-trashquota --without-ipv6 CPPFLAGS='-I/usr/local/courier-authlib/include' COURIERAUTHCONFIG='/usr/local/courier-authlib/bin/courierauthconfig'
#make
#make install
#make install-configure
#vi /usr/local/courier-imap/etc/pop3d
"POP3DSTART=NO"改成"POP3DSTART=YES"
#vi /usr/local/courier-imap/etc/imapd
"IMAPDSTART=NO"改成"IMAPDSTART=YES"
加开机启动
#cp courier-imap.sysvinit /etc/rc.d/init.d/courier-imap
#chmod 755 /etc/rc.d/init.d/courier-imap
#chkconfig --add courier-imap
启动
#service courier-imap start
检测是否启动
#netstat -natlp|egrep "110|143"

安装maildrop
#wget http://cdnetworks-kr-2.dl.sourceforge.net/project/courier/maildrop/2.5.4/maildrop-2.5.4.tar.bz2
#tar -jxvf maildrop-2.5.4.tar.bz2
#cd maildrop-2.5.4
#yum -y install pcre-devel //安装pcre-devel,不然编译报错configure: error: pcre.h not found - install PCRE from www.pcre.org 
#ln -sv /usr/local/courier-authlib/bin/courierauthconfig /usr/bin/courierauthconfig //这样编译出来的maildrop才会有Courier Authentication Library extension enabled
#./configure --enable-sendmail=/usr/sbin/sendmail  --enable-trusted-users='root vmail' --enable-syslog=1 --enable-maildirquota  --enable-maildrop-uid=1001  --enable-maildrop-gid=1001 --enable-authlib --with-trashquota --with-dirsync
#make
#make install
#cp /usr/local/maildrop/bin/maildrop /usr/bin
#maildrop -v
maildrop 2.5.4 Copyright 1998-2005 Double Precision, Inc.
GDBM/DB extensions enabled.
Courier Authentication Library extension enabled.
Maildir quota extension are now always enabled.
This program is distributed under the terms of the GNU General Public
License. See COPYING for additional information.

#touch /etc/maildroprc
#vi /etc/maildroprc
logfile "/var/log/maildrop.log"
#touch /var/log/maildrop.log
#chown vmail:vmail /var/log/maildrop.log
配置postfix支持maildrop
#vi /etc/postfix/master.cf
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -w 90 -d ${user}@${nexthop} ${recipient} ${user} ${extension} {nexthop}
#vi /etc/postfix/main.cf
virtual_transport = maildrop:
virtual_uid_maps = static:1001
virtual_gid_maps = static:1001

安装extman+extmail
http://www.extmail.org/download
下载需要填一些信息,随便填就可以
#mkdir -p /var/www/extsuite/
#tar -zxvf extmail-1.2.tar.gz -C /var/www/extsuite/
#tar -zxvf extman-1.1.tar.gz -C /var/www/extsuite/
#cd /var/www/extsuite/
#mv extmail-1.2 extmail
#mv extman-1.1 extman
#cd  extmail
#cp webmail.cf.default webmail.cf
#vi webmail.cf
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
SYS_MYSQL_DB = extmail
更新cgi目录权限 由于SuEXEC的需要,必须将extmail的cgi目录修改成vuser:vgroup权限
#chown -R vmail:vmail /var/www/extsuite/extmail/cgi/
#cd extman
#cp webman.cf.default webman.cf
#vi webman.cf

更新cgi目录权限 由于SuEXEC的需要,必须将extman的cgi目录修改成vmail:vmail权限
#chown -R vmail:vmail /var/www/extsuite/extman/cgi/
链接基本库到Extmail
#mkdir /tmp/extman
#chown -R vmail:vmail /tmp/extman
初始化数据库
#mysql -u root -p < /var/www/extsuite/extman/docs/extmail.sql
#mysql -u root -p < /var/www/extsuite/extman/docs/init.sql
设置虚拟域和虚拟用户的配置文件
#cd /var/www/extsuite/extman/docs
#cp mysql_virtual_alias_maps.cf /etc/postfix/
#cp mysql_virtual_domains_maps.cf /etc/postfix/
#cp mysql_virtual_mailbox_maps.cf /etc/postfix/
#cp mysql_virtual_sender_maps.cf /etc/postfix/
extman默认管理帐号为:root@extmail.org   密码为:extmail*123*
进入系统不显示系统信息,提示" No such file or directory",解决办法
#/var/www/extsuite/extman/daemon/cmdserver --daemon
安装GD库,解决登陆验证码显示不了的问题
#http://cpan.communilink.net/authors/id/L/LD/LDS/GD-2.46.tar.gz
#tar -zxvf GD-2.46.tar.gz
#cd GD-2.46
#perl Makefile.PL
#make
#make install

安装DBD-mysql
#wget http://cpan.wenzk.com/authors/id/C/CA/CAPTTOFU/DBD-mysql-4.020.tar.gz
#tar -zxvf DBD-mysql-4.020.tar.gz
#cd DBD-mysql-4.020
#perl Makefile.PL
#make
#make install
安装DBD-mysql报如下错
Can't locate DBI/DBD.pm in @INC (@INC contains:
缺少DBI,
#wget http://mirrors.sohu.com/CPAN/authors/id/T/TM/TMTM/Class-DBI-mysql-1.00.tar.gz
#tar -zxvf  Class-DBI-mysql-1.00.tar.gz
#cd Class-DBI-mysql-1.00
#perl Makefile.PL
#make
#make install

ps:
**UNRECOVERABLE ERROR**
Could not find gdlib-config in the search path. Please install libgd 2.0.28 or higher.
安装libgd
#wget http://www.eduunix.ccut.edu.cn/index2/libgd/gd-2.0.35.tar.gz
#yum install gettext//不安装这个make的时候可能报configure.ac:64: error: possibly undefined macro: AM_ICONV
#tar -zxvf gd-2.0.35.tar.gz
#cd gd-2.0.35
#./configure
#make
#make install

配置extman图形日志
安装Time::HiRes和File::Tail
#perl -MCPAN -e shell
#cpan>install Time::HiRes
#cpan>install File::Tail
安装rrdtool
安装依赖关系
#wget http://pkgconfig.freedesktop.org/releases/pkg-config-0.23.tar.gz
#tar -zxvf pkg-config-0.23.tar.gz
#cd pkg-config-0.23
#./configure  CFLAGS="-O3 -fPIC"
#make
#make install

#wget http://oss.oetiker.ch/rrdtool/pub/libs/zlib-1.2.3.tar.gz
#tar -zxvf zlib-1.2.3.tar.gz
#cd zlib-1.2.3
#./configure CFLAGS="-O3 -fPIC" --shared
#make
#make install

#wget http://oss.oetiker.ch/rrdtool/pub/libs/libpng-1.2.18.tar.gz
#tar -zxvf libpng-1.2.18.tar.gz
#cd libpng-1.2.18
#env CFLAGS="-O3 -fPIC"
#./configure
#make
#make install

#wget http://oss.oetiker.ch/rrdtool/pub/libs/freetype-2.3.5.tar.gz
#tar -zxvf freetype-2.3.5.tar.gz
#cd freetype-2.3.5
#./configure CFLAGS="-O3 -fPIC"
#make
#make install

#wget http://oss.oetiker.ch/rrdtool/pub/libs/libxml2-2.6.32.tar.gz
#tar -zxvf libxml2-2.6.32.tar.gz
#cd libxml2-2.6.32
#./configure  CFLAGS="-O3 -fPIC"
#make
#make install

#wget http://oss.oetiker.ch/rrdtool/pub/libs/fontconfig-2.4.2.tar.gz
#tar -zxvf fontconfig-2.4.2.tar.gz
#cd fontconfig-2.4.2
#./configure CFLAGS="-O3 -fPIC"
#make
#make install

#wget http://oss.oetiker.ch/rrdtool/pub/libs/pixman-0.10.0.tar.gz
#tar -zxvf pixman-0.10.0.tar.gz
#cd pixman-0.10.0
#./configure CFLAGS="-O3 -fPIC"
#make
make install

#wget http://oss.oetiker.ch/rrdtool/pub/libs/cairo-1.6.4.tar.gz
#tar -zxvf cairo-1.6.4.tar.gz
#cd cairo-1.6.4
#./configure --enable-xlib=no --enable-xlib-render=no --enable-win32=no CFLAGS="-O3 -fPIC"
#make
#make install

#wget http://oss.oetiker.ch/rrdtool/pub/libs/glib-2.15.4.tar.gz
#tar -zxvf glib-2.15.4.tar.gz
#cd glib-2.15.4
#./configure CFLAGS="-O3 -fPIC"
#make
#make install

#wget http://oss.oetiker.ch/rrdtool/pub/libs/pango-1.21.1.tar.bz2
#tar -jxvf pango-1.21.1.tar.bz2
#cd pango-1.21.1
#./configure  CFLAGS="-O3 -fPIC" --without-x
#make
#make install

#wget http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.4.5.tar.gz
#tar -zxvf rrdtool-1.4.5.tar.gz
#cd rrdtool-1.4.5
#./configure --prefix=/usr/local/rrdtool --disable-tcl --disable-python
#make clean
#make
#make install
#cp -R  /var/www/html/extsuite/extman/addon/mailgraph_ext/  /usr/local/
#/usr/local/mailgraph_ext/mailgraph-init start

ps:
启动报错:
Can't locate RRDs.pm in @INC.....
#ln -sv /usr/local/rrdtool/lib/perl/5.8.8/i386-linux-thread-multi/RRDs.pm /usr/lib/perl5/5.8.8/
Can't locate loadable ojbect for module RRDs
#ln -sv /usr/local/rrdtool/lib/perl/5.8.8/i386-linux-thread-multi/auto/RRDs/RRDs.so /usr/lib/perl5/5.8.8/i386-linux-thread-multi/
(如果碰到少别的模块都可以用查找链接这种方法解决,找不到就是没安装咯,一个是pm模块,一个是so库)

安装amavisd-new
#wget http://www.amavis.org/amavisd-new-2.7.0.tar.gz
#tar -zxvf amavisd-new-2.7.0.tar.gz
#cd amavisd-new-2.7.0
需要安装的依赖
Compress::Zlib
  MIME::Words
  MIME::Head
  MIME::Body
  MIME::Entity
  MIME::Parser
  MIME::Decoder
  MIME::Decoder::Base64
  MIME::Decoder::Binary
  MIME::Decoder::QuotedPrint
  MIME::Decoder::NBit
  MIME::Decoder::UU
  MIME::Decoder::Gzip64
  Net::Server
  Net::Server::PreFork

#groupadd amavis
#groupadd clamav
#mkdir /var/amavis
#useradd -g amavis -u 1005 -d /var/amavis -s /bin/false amavis
#useradd -g clamav -M -s /sbin/nologin clamav
#mkdir /var/amavis/tmp /var/amavis/var /var/amavis/db /var/amavis/home
#chown -R amavis:amavis /var/amavis
#chmod -R 750 /var/amavis
#cp amavisd /usr/local/sbin/
#chown root /usr/local/sbin/amavisd
#chmod 755  /usr/local/sbin/amavisd
#cp amavisd.conf /etc/
#chown root:amavis /etc/amavisd.conf
#chmod 640 /etc/amavisd.conf
建立隔离区
#mkdir /var/virusmails
#chown amavis:amavis /var/virusmails
#chmod 750 /var/virusmails
#vi /etc/amavisd.conf 
确保您的如下选项的值如下文所示: 
$daemon_user   = 'amavis'; 
$daemon_group = 'amavis'; 
$mydomain = 'xxt.cn'; (此处可更改为自己的DNS域) 
$virus_admin             = "postmaster\@$mydomain"; 
$mailfrom_notify_admin     = "postmaster\@$mydomain"; 
$mailfrom_notify_recip     = "postmaster\@$mydomain"; 
$mailfrom_notify_spamadmin = "postmaster\@$mydomain"; 
$mailfrom_to_quarantine = ''; 
virus_admin_maps => ["postmaster\@$mydomain"] (指定报告病毒和垃圾邮件时发送系统邮件的用户身份) 
spam_admin_maps   => ["postmaster\@$mydomain"] 
启用ClamAV,(大概在第363行)去掉如下行前的注释符: 
#['ClamAV-clamd', 
#     \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], 
# qr/\bOK$/, qr/\bFOUND$/, 
#    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], 
#     ['Mail::ClamAV', \&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/],---在375行 
并将如上行中的/var/run/clamav/clamd修改为:/var/run/clamav/clamd.socket
测试启动
#/usr/local/sbin/amavisd  debug //查看报错信息
#/usr/local/sbin/amavisd //启动
可能会遇到下面的错误: 
fetch_modules: error loading optional module MIME/Decoder/BinHex.pm: 
Can't locate Convert/BinHex.pm in @INC (@INC contains: /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.8/i386-linux-thread-multi /usr/lib/perl5/5.8.8) at /usr/lib/perl5/site_perl/5.8.8/MIME/Decoder/BinHex.pm line 43. 
BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/MIME/Decoder/BinHex.pm line 43. 
Compilation failed in require at /usr/local/sbin/amavisd line 197. 
这个时候就需要下载Convert-BinHex-1.119.tar.gz,安装后再启动。 
#wget http://mirrors.ustc.edu.cn/CPAN/authors/id/E/ER/ERYQ/Convert-BinHex-1.119.tar.gz
#tar -zxvf Convert-BinHex-1.119.tar.gz
#cd Convert-BinHex-1.119
#perl Makefile.pl
#make
#make install




安装病毒扫描Mail::SpamAssassin
#perl -MCPAN -e shell
cpan> install Mail::SpamAssassin
#/usr/bin/spamd -d  //启动
#echo "/usr/bin/spamd -d" >> /etc/rc.local //设置开机启动
ps:安装不成功,会有提示缺少哪些依赖,缺什么安什么,都可以用CPAN自动安装




安装clamav
#wget http://cdnetworks-kr-2.dl.sourceforge.net/project/clamav/clamav/0.97.3/clamav-0.97.3.tar.gz
#tar -zxvf clamav-0.97.3.tar.gz
#cd clamav-0.97.3
#./configure --prefix=/usr/local/clamav --with-dbdir=/usr/local/clamav/share --sysconfdir=/etc/clamav
#make
#make check
#make install
配置
#vi /etc/clamav/clamd.conf 
注释掉第八行的Example,如下: 
# Example 
LogFile /var/log/clamav/clamd.log 
PidFile /var/run/clamav/clamd.pid 
LocalSocket /var/run/clamav/clamd.socket 
DatabaseDirectory /usr/local/clamav/share 
User amavis 
启用以下选项 
LogSyslog yes 
LogFacility LOG_MAIL 
LogVerbose yes 
StreamMaxLength 20M   (后面的数值应该与邮件服务器允许的最大附件值相一致) 

#vi /etc/clamav/freshclam.conf 
DatabaseDirectory /usr/local/clamav/share 
UpdateLogFile /var/log/clamav/freshclam.log 
启用以下选项: 
DatabaseMirror db.CN.clamav.net   (您可以去clamav官方网站查看升级服务器并添加至此处db.CN.clamav.net) 
LogSyslog yes 
LogFacility LOG_MAIL 
LogVerbose yes 

建立日志所在的目录、进程与socket所在的目录,并让它属于clamav用户
#mkdir -v /var/log/clamav 
#chown -R amavis.amavis /var/log/clamav 
#mkdir -v /var/run/clamav 
#chmod 700 /var/run/clamav 
#chown -R amavis.amavis /var/run/clamav 
建立日志文件 
#touch   /var/log/clamav/freshclam.log 
#chown   clamav.clamav   /var/log/clamav/freshclam.log 
配置库文件搜索路径:
#echo "/usr/local/clamav/lib">> /etc/ld.so.conf
#ldconfig
配置clamav开机启动
#echo "/usr/local/clamav/sbin/clamd" >> /etc/rc.local

配置postfix,让它能调用amavisd,以实现病毒及垃圾邮件的过滤
#vi /etc/postfix/master.cf 
在文末添加如下内容: 
smtp-amavis unix -    -    n    -    2     smtp 
-o smtp_data_done_timeout=1200 
-o smtp_send_xforward_command=yes 
-o disable_dns_lookups=yes 
-o max_use=20   
127.0.0.1:10025 inet n -    n    -    -     smtpd 
-o content_filter= 
-o smtpd_delay_reject=no 
-o smtpd_client_restrictions=permit_mynetworks,reject 
-o smtpd_helo_restrictions= 
-o smtpd_sender_restrictions= 
-o smtpd_recipient_restrictions=permit_mynetworks,reject 
-o smtpd_data_restrictions=reject_unauth_pipelining 
-o smtpd_end_of_data_restrictions= 
-o smtpd_restriction_classes= 
-o mynetworks=127.0.0.0/8,192.168.0.0/16 
-o smtpd_error_sleep_time=0 
-o smtpd_soft_error_limit=1001 
-o smtpd_hard_error_limit=1000 
-o smtpd_client_connection_count_limit=0 
-o smtpd_client_connection_rate_limit=0 
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters 
-o local_header_rewrite_clients= 
说明:注意每行“-o”前的空格 
#vi /etc/postfix/main.cf 
在文末添加如下行: 
content_filter = smtp-amavis:[127.0.0.1]:10024

配置完后重新加载postfix
#postfix reload

查看amavisd是否在监听10024端口,并测试服务启动情况
#telnet 127.0.0.1 10024
Trying 127.0.0.1...
Connected to lfa-mail-backup (127.0.0.1).
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
ehlo localhost
250-[127.0.0.1]
250-VRFY
250-PIPELINING
250-SIZE
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 XFORWARD NAME ADDR PORT PROTO HELO IDENT SOURCE
quit
221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
Connection closed by foreign host.

postfix重新加载配置文件后将授权并激活”127.0.0.1:10025″端口,一个正常的服务连接应该类同下面所示
# telnet 127.0.0.1 10025
Trying 127.0.0.1...
Connected to lfa-mail-backup (127.0.0.1).
Escape character is '^]'.
220 mail.9666sr.cn ESMTP "Version not Available"
ehlo localhost
250-mail.9666sr.cn
250-PIPELINING
250-SIZE 14336000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host
分享到:
评论

相关推荐

Global site tag (gtag.js) - Google Analytics