mail

Debian 邮件服务器安装手册

来源: ChinaUnix博客  日期: 2008.12.15 13:02 (共有0条评论) 我要评论

1.安装postfix
#apt-get install postfix postfix-doc postfix-tls postfix-mysql squirrelmail
2.安装sasl2
#apt-get install libsasl2 libsasl2-modules libsasl2-modules-sql sasl2-bin
#vi /etc/default/saslauthd
修改
START=yes

#/etc/init.d/saslauthd restart
3.安装mysql
#apt-get install mysql-server-5.0
#mysql –uroot –p

mysql>create database postfix;
mysql> GRANT ALL PRIVILEGES ON postfix.* TO postfix@"localhost" IDENTIFIED BY 'postfix' WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES;
4.安装apache2
#apt-get install apache2 libapache2-mod-php5
5.安装postfixadmin
#wget http://jaist.dl.sourceforge.net/sourceforge/postfixadmin/postfixadmin_2.2.0.tar.gz
#tar zxvf postfixadmin_2.2.0.tar.gz
#mv postfixadmin-2.2.0 /var/www/mailadmin
#cd /var/www/mailadmin
#vi config.inc.php
修改数据库连接
$CONF['database_type'] = 'mysql';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix';
$CONF['database_password'] = 'postfix';
$CONF['database_name'] = 'postfix';
$CONF['database_prefix'] = '';
修改密码编码
$CONF['encrypt'] = 'cleartext';
登陆postfixadmin管理界面
http://xxx.xxx.xxx.xxx/mailadmin/

注意:xxx.xxx.xxx.xxx为所在服务器IP地址,或者使用解析的域名
点击setup之后加入管理帐户
比如:账号:test@test.com密码:123456
#cd /var/www/mailadmin/
#mv setup.php setup.php.bak
#vi config.inc.php
修改$CONF['configured']
$CONF['configured'] = ture;
浏览器登陆http://xxx.xxx.xxx.xxx/mailadmin/
就会出现登陆界面:就可以用test@test.com/123456登陆管理了,先添加一个域,再添加一个测试邮件,例如:
域:test.com
邮件:t1@test.com/123456

6.配置postfix
6.1添加系统需求帐户
#useradd postfix
#useradd maildrop
6.2添加邮件主目录
#mkdir /home/mailbox
#chown –R 33.33 /home/mailbox

注:33是apache运行帐户
6.3编辑postfix主配置文件
#cd /etc/postfix
#vi main.cf
内容如下:
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = test.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = test.com localhost.com , localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
#=============sasl2====================#
smtpd_sasl_auth_enable = yes
smtpd_sasl_application_name = smtpd
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain =
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains, reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_client_restrictions = permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_sender_domain,reject_unknown_recipient_domain,permit_mynetworks,reject_unauth_destination,reject_rbl_client relays.ordb.org,reject_rbl_client list.dsbl.org,reject_rbl_client sbl.spamhaus.org,reject_rbl_client cbl.abuseat.org,reject_rbl_client dul.dnsbl.sorbs.net,permit

smtpd_data_restrictions =reject_unauth_pipelining,permit

#=================mysql================#
virtual_transport = virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql_mailbox_domains.cf
virtual_mailbox_base = /home/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql_mailbox_maps.cf
virtual_minimum_uid = 33
virtual_uid_maps = static:33
virtual_gid_maps = static:33
virtual_alias_maps = mysql:/etc/postfix/mysql/mysql_alias_maps.cf
mydestination = $myhostname, localhost.$mydomain, localhost
relayhost =
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +

创建虚拟配置文件:
#mkdir /etc/postfix/mysql
# vi /etc/postfix/mysql/mysql_mailbox_domains.cf
内容:
hosts = 127.0.0.1
user = postfix
password = postfix
dbname = postfix
table = domain
select_field = domain
where_field = domain
additional_conditions = and active='1'

# vi /etc/postfix/mysql/mysql_mailbox_maps.cf
内容:
hosts = 127.0.0.1
user = postfix
password = postfix
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
additional_conditions = and active='1'

# vi /etc/postfix/mysql/mysql_alias_maps.cf
内容:
hosts = 127.0.0.1
user = postfix
password = postfix
dbname = postfix
table = alias
select_field = goto
where_field = address
additional_conditions = and active='1'
6.4 配置smtpd
#vi /etc/postfix/sasl/smtpd.conf
内容:
pwcheck_method: auxprop
mech_list: plain login digest-md5 cram-md5
auxprop_plugin: sql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: postfix
sql_passwd: postfix
sql_database: postfix
sql_select: SELECT password FROM mailbox WHERE username='%u@%r' and domain='%r'and active='1'
注意:只支持明码认证
重启postfix和sasl
#/etc/init.d/postfix reload
#/etc/init.d/saslauthd restart
至此smtpd邮件服务已经安装完毕,可以在客户端,比如outlook或foxmail进行测试了。
7.安装pop3
7.1 安装
#apt-get install courier-base courier-pop courier-imap courier-authdaemon courier-authlib-mysql
7.2配置
# vi /etc/courier/authdaemonrc
加入
authmodulelist="authmysql"
#vi /etc/courier/ authmysql
加入
MYSQL_SERVER 127.0.0.1
MYSQL_SOCKET /var/run/mysqld/mysqld.sock
MYSQL_USERNAME postfix
MYSQL_PASSWORD postfix
MYSQL_DATABASE postfix
MYSQL_USER_TABLE mailbox
MYSQL_LOGIN_FIELD username
MYSQL_CLEAR_PWFIELD password
#MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD '33'
MYSQL_GID_FIELD '33'
MYSQL_HOME_FIELD '/home/mailbox/'
MYSQL_MAILDIR_FIELD maildir
#MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(username,'@',-1),'/',SUBSTRING_INDEX
(username,'@',1),'/')
MYSQL_NAME_FIELD name
MYSQL_QUOTA_FIELD quota
MYSQL_WHERE_CLAUSE active='1'
重启服务
#/etc/init.d/courier-authdaemon restart
#/etc/init.d/courier-imap restart
#/etc/init.d/courier-pop restart

注意:MYSQL_CLEAR_PWFIELD password 用明文方式去抓mysql中的用户密码,和postfixadmin的config.inc.php中的设置一致

本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u2/88527/showart_1721721.html

SpamAssassin 垃圾信標題加註**SPAM**

SpamAssassin 垃圾信標題加註**SPAM**

由 aliok 發表於 週二 9月 16, 2008 11:17 am
2008/07/09

現在 CentOS 5.2 並沒有提供這兩個rpm檔案。你必須自己建立rpm檔來安裝或者用tarbo的方式安裝,現在蔡神父有提供這二個建立好的rpm 檔來給大家下載使用,如果想要使用的請在 這裡下載。

--------------------------------------------------------------------------------

我們現在要安裝和設定 SpamAssassin。做這種工作你必須是 root:

su -
到哪兩個檔案的子目錄,然後安裝:

cd /home/username/rpmbuild/RPMS/i686
rpm -Uvh spamassassin-3.2.5-1.i686.rpm perl-Mail-SpamAssassin-3.2.5-1.i686.rpm

我自己比較喜歡用系統安裝,所以我不願意讓一般使用者改變需要的參數:

cd /etc/rc.d/init.d
編輯 spamassassin 檔案更改:

SPAMDOPTIONS="-d -c -m5 -H" ==> SPAMDOPTIONS="-d -x -m5 -H"

現在我們設定 SpamAssassin:

cd /etc/mail/spamassassin

編輯 local.cf。我自己使用的設定如下:

trusted_networks xxx.xxx.xxx/24 # 這是你 class c 之 IP
lock_method flock # 如果你在使用 NFS,請不要使用這個
required_score 5.0 # 成績超過 5.0 算是 spam
report_safe 0
use_auto_whitelist 0
use_bayes 0
use_bayes_rules 0
bayes_auto_learn 0
ok_languages all
ok_locales all

編輯 v310.pre。刪除註解符號 #:

#loadplugin Mail::SpamAssassin::Plugin::TextCat ==> loadplugin Mail::SpamAssassin::Plugin::TextCat

當一封 email 已判定是 spam 時你如果想要在主題加 *****SPAM*****,你就在 /etc/mail/spamassassin/local.cf 加:

rewrite_header Subject *****SPAM*****

為了更了解這些設定參數的意義和知道對你自己環境所需要的其它參數,請執行以下指令:

perldoc Mail::SpamAssassin::Conf

現在要檢查設定參數是否正確:

spamassassin -x -D --lint

現在 SpamAssassin 已經設定好了,你如何告訴 Sendmail 要呼叫 SpamAssassin 掃描進來的郵件?你可以使用 Sendmail 的 milter ( spamass-milt) 來做這個工作,但是我自己喜歡用 procmail 來處理。

編輯 /etc/procmailrc ﹝建這個檔案如果不存在﹞,內容如下:

:0fc
* < 256000
| /usr/bin/spamc

:0
* ^X-Spam-Level: \*\*\*\*\*\*\*\*
/dev/null

註:SpamAssassin 只會處理郵件大小小於 256000 bytes。如果 Spam-Level 成績有八個以上的 * ﹝確定這是 spam 郵件﹞就丟掉。

一切準備好了。你必須啟動 SpamAssassin:

chkconfig spamassassin on
service spamassassin start

你可以測試 SpamAssassin 會不會抓 spam。執行以下指令:

cd /usr/share/doc/spamassassin-3.2.5
spamc < sample-spam.txt

這樣就好了。每次 Sendmail 收到郵件,SpamAssassin 會過濾這郵件判斷是否 spam。我建議同時使用 milter-greylist 效果非常好。現在你可以輕鬆了,怕你會無聊因為已經沒有可殺的 spam!

postfix+slockd做邮件网关

之前想做,可是坛子里边没有相应的文章,幸得何老大的指点和互联网上找的文章,东拼西凑做了出来。上星期上线,效果很好,就是灰名单截了不少合法的邮件,但是不知道如何放行。
觉得还是把自己的配置过程贴出来,好让后来者少走弯路,如果里边有错误请指正,因为我对postfix不是太熟悉,谢谢

注:mydomain1.com及mydomain2.com是需要转递邮件的两个域名

1.安装freebsd 6.1
cvsup source 并且 make world
cvsup ports
修改/etc/rc.conf,加入:
sendmail_enable = "NO"
sendmail_submit_enable = "NO"
sendmail_outbound_enable = "NO"
sendmail_msp_queue_enable = "NO"
修改/etc/periodic.conf
daily_clean_hoststat_enable = "NO"
daily_status_mail_rejects_enable = "NO"
daily_status_include_submit_mailq = "NO"
daily_submit_queuerun = "NO"

2.安装postfix
cd /usr/ports/mail/postfix
make install clean
安装过程当中的选项选择默认选项

3.配置postfix为邮件网关
修改/usr/local/etc/postfix/main.cf以下行:
mynetworks = 127.0.0.0/8 10.40.0.0/24 #10.40.0.0/24根据自己的内网ip修改
myorigin = mydomain1.com
mydestination =
local_recipient_maps =
local_transport = error:local mail delivery is disabled
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual
relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients
transport_maps = hash:/usr/local/etc/postfix/transport
relay_domains = mydomain1.com mydomain2.com
parent_domain_matches_subdomains = debug_peer_list smtpd_access_maps
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destiantion #此时不修改此项也行,因为后边安装clam也要修改

修改/usr/local/etc/postfix/virtual,加入:
postmaster postmaster@mydomain1.com

新建/usr/local/etc/postfix/relay_recipients,内容为转递的邮件地址:
user1@mydomain1.com x
user2@mydomain1.com x
...
user1@mydomain2.com x
...

修改/usr/local/etc/postfix/transport,加入:
mydomain1.com smtp:[10.40.0.3]:8025 #10.40.0.3为最终MTA的地址,8025是这个MTA的smtp端口,如果MTA的地址是ip,则必须用[]括住
mydomain2.com smtp:[10.40.0.3]:8025

运行/usr/local/sbin/postmap /usr/local/etc/postfix/virtual
运行/usr/local/sbin/postmap /usr/local/etc/postfix/relay_recipients
运行/usr/local/sbin/postmap /usr/local/etc/postfix/transport
这三个文件每次修改都要重新运行对应的命令,已生成.db文件

4.安装amavisd-new(抄自http://www.extmail.org/docs/extmail_solution_freebsd/)
cd /usr/ports/security/amavisd-new
make install clean
确保选择
LDAP
MILTER
RAR
ARJ
LHA
ARC
ZOO
UNZOO
LZOP
FREEZE

修改/usr/local/etc/amavisd.conf
$max_servers = 10;
$sa_spam_subject_tag = &#39;[SPAM] &#39;;
$mydomain = &#39;mydomain1.com&#39;;
$myhostname = &#39;mail.mydomain1.com&#39;;
@local_domains_maps = qw(.);
$sa_tag_level_deflt = undef;
$sa_tag2_level_deflt = 5.0;
$sa_kill_level_deflt = 5.0;
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_DISCARD;
$virus_admin = "postmaster\@$mydomain";
$mailfrom_notify_admin = "postmaster\@$mydomain";
$mailfrom_notify_recip = "postmaster\@$mydomain";
$mailfrom_notify_spamadmin = "postmaster\@$mydomain";
@whitelist_sender_maps = read_hash("$MYHOME/white.lst");
@blacklist_sender_maps = read_hash("$MYHOME/black.lst");
$spam_quarantine_to = "spam\@$mydomain";
$virus_quarantine_to = "virus\@$mydomain";
$banned_quarantine_to = "spam\@$mydomain";
$hdrfrom_notify_admin = "Content Filter ";

运行
touch /var/amavis/white.txt
touch /var/amavis/black.txt
chown –R vscan:vscan /var/amavis/

修改/usr/local/etc/postfix/main.cf,增加:
smtp-amavis unix - - n - 4 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes

127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o receive_override_options=

运行
postconf -e &#39;content_filter = smtp-amavis:[localhost]:10024&#39;
postconf -e &#39;receive_override_options = no_address_mappings&#39;

5.安装clamav(抄自http://www.extmail.org/docs/extmail_solution_freebsd/)
cd /usr/ports/security/clamav
make install clean
修改usr/local/etc/clamd.conf
User vscan
修改/usr/local/etc/freshclam.conf
DatabaseOwner vscan
修改/usr/local/etc/amavisd.conf,增加
[&#39;ClamAV-clamd&#39;,
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
运行
chown –R vscan:vscan /var/run/clamav/
chown –R vscan:vscan /var/log/clamav/
chown –R vscan:vscan /var/db/clamav/

6.配置Spamassassin(抄自http://www.extmail.org/docs/extmail_solution_freebsd/)
cp /usr/local/etc/mail/spamassassin/local.cf.sample /usr/local/etc/mail/spamassassin/local.cf
修改/usr/local/etc/mail/spamassassin/local.cf
report_safe 1
use_bayes 0
auto_learn 0
bayes_auto_expire 1
skip_rbl_checks 1
use_razor2 0
use_dcc 0
use_pyzor 0
dns_available no
lock_method flock
新建/var/cron/sa.sh
#!/bin/sh
cd /tmp/
fetch -q http://www.ccert.edu.cn/spam/sa/Chinese_rules.cf
mv Chinese_rules.cf /usr/local/share/spamassassin/
/usr/local/etc/rc.d/amavisd forcerestart > /dev/null
执行chmod +x /var/cron/sa.sh
修改/etc/crontab,增加
0 0 * * 6 root /var/cron/sa.sh

修改/etc/rc.conf,增加
postfix_enable="YES"
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
spamd_enable="YES"
amavisd_enable="YES"

7.安装slockd
下载slockd.tar.gz
tar zxf slockd.tar.gz
mv slockd /usr/local/
修改/usr/local/slockd/config/main.cf
去掉log_file的注释
修改/usr/local/etc/postfix/main.cf
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
check_policy_service inet:127.0.0.1:10030
修改/etc/rc.conf
slockd_enable="YES"

reboot,搞定