--
邮件服务器
你用过哪些邮件客户端?
大概分两类:
一类为 webmail 也就是类似www.126.com这种形式的web页面,客户只需要注册,然后登录使用,所有过程都是图形化,傻瓜化
另一类为 专门的邮件客户端软件 (如outlook,foxmail,thunderbird等)他们是需要在客户端进行一定的配置
MUA mail user agent 邮件用户代理 用于客户端发送邮件和阅读邮件
MTA mail tranfer agent 邮件传输代理 服务端软件,相当于是一个邮局,接收MUA发送过来的邮件,如果不是本地邮件,则发送给下一个MTA。
MDA mail delivery agent 邮件投递代理 将MTA所接收到的邮件,依照邮件的目的地将此邮件放到本机账号
深圳龙华 --》深圳龙华区邮局 --》北京朝阳区邮局--》朝阳区
MUA MTA MTA MDA
zhangsan@126.com 网易服务器 新浪服务器 lisi@sina.com
SMTP 允许中继
MTA 网易---------- MTA 新浪
| |
| |
|SMTP | MDA POP3
| |
zhangsan@126.com lisi@sina.com
发信人:zhangsan@126.com
收信人: lisi@sina.com
邮件协议:
发信:
SMTP simple mail transfer protocol 简单邮件传输协议 端口号 TCP 25
sendmail
smtps= smtp+ ssl/tls 端口465
收信:
POP3 post office protocol 邮局协议 ,连接到MTA,读取或者下载邮件. 端口号 110
pop3s=pop3+ssl/tls 端口995
IMAP internet message access protocal 网络报文访问协议 能在下载邮件前先下载邮件头信息,以供用户选择性的下载 端口号 143
imap3s=imap3+ssl/tls 端口993
-----------------------------
拷贝postfix权威指南.pdf
用rhel6默认的PDF查看器看的有可能是乱码,用rhel5的话不是乱码
就安装/share/soft/AdobeReader_chs-8.1.7-1.i486.rpm这个包
但是安装他需要很多依赖
解决方法一:把这个包加到软件仓库里createrepo,使用yum install来安装
解决方法二:不用把它加到软件仓库,只配置你系统ISO的yum就可以
yum install /share/soft/AdobeReader_chs-8.1.7-1.i486.rpm --直接去yum install 这个rpm包的全名,全自动帮你从yum里去寻找依赖性
--yum install ld-linux.so 还可以直接yum install一个库文件,也会自动帮你去查找属于哪个包和解决相关依赖性
-------------------------------
sendmail 单体式结构
qmail
postfix 模块化设计 参考postfix权威指南15,16页
postfix在本机的发信原理 参考postfix权威指南30页的图3-2
35页的图3-4
postfix
yum install postfix dovecot -y
--rhel6里默认的MTA就是postfix了, rhel5里拥有的system-switch-mail包可以切换postfix和sendmail这两个MTA,但在rhel6里已经没有了
/etc/init.d/sendmail stop --停掉sendmail(如果启动的话)
/etc/init.d/postfix start --启动postfix (注意不要把/etc/hosts文件的127.0.0.1的那两句给删掉,否则启不来)
# netstat -ntlup |grep :25
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 13999/master
tcp 0 0 ::1:25 :::* LISTEN 13999/master
# chkconfig sendmail off
# chkconfig postfix on
--从上面看到的是只监听127.0.0.1的25端口,那么现在只能在本机上给本地的用户发
===================================
--发送邮件方法一
[root@36 ~]# mail -s 'hello' root --s参数是定义主题
1111111111111111 --邮件正文
. --点号表示结束
Cc: --抄送,这里我直接回车表示结束
[root@li ~]# mail a --也是调用mail命令
Subject: hello a
i am root
.
Cc: b
查看邮件
cat /var/spool/mail/root
cat /var/mail/root
[root@36 ~]# mail -s 'hello2' root < /etc/fstab
--把/etc/fstab的内容做为邮件的正文来发
# echo "2222222" | mail -s "11111" mail1
# cat /etc/rc.local | mail -s "333333" mail1
发送邮件方法二:
[root@36 ~]# cat /etc/rc.local | sendmail -v user1
--邮件报警脚本,就可以按下面的方式来发送(nagios就是用类似下面的命令)
# printf "***** test ******\n\n姓名:张 三\n性别:男\n年龄:25\n职业:IT\n" |mail -s "haha" mail2
发邮件方法三: 参考权威指南24页
# yum install telnet
[root@li ~]# telnet 127.0.0.1 25 --对25端口也就是smtp协议进行验证
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 li.cluster.com ESMTP Sendmail 8.13.8/8.13.8; Fri, 3 Sep 2010 10:31:00 +0800
helo li.cluster.com --介绍自己,用help命令查看支持的命令集,help helo查看helo的用法
250 li.cluster.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
mail from:abc@qq.com --定义发送者,在这里随便定义
250 2.1.0 abc@qq.com... Sender ok
rcpt to:root@li.cluster.com --定义接收者,在这里是本机的root用户
250 2.1.5 root@li.cluster.com... Recipient ok
data --表示后面写的是邮件内容
354 Enter mail, end with "." on a line by itself
test mail from qq.com --邮件正文
. --点号表示内容结束
250 2.0.0 o832V0tl004576 Message accepted for delivery
quit --quit退出
221 2.0.0 li.cluster.com closing connection
发邮件方法四:
mutt 一个linux下的文本的MUA工具
yum install mutt -y
[root@36 ~]# mutt user1@36.web.com --使用root用户给user1用户发送邮件,并且有发送附件等功能
su - user1
mutt去查看
发送邮件方法五:
安装别的软件或者webmail,进行软件收发
问题:我用一个linux,如果发邮件到一个外网邮箱
答案:首先需要能上外网。直接用mail命令就可以做,mail -s "xxxx" xxxx@126.com
========================================
邮件发送也需要DNS的支持,并且,DNS要配置邮件交换记录
mail.cluster.com 公网域名
@cluster.com 邮件域
mail.abc.com 主机名
postfix+dovecot
|
|
----- DNS ----
linux客户端 windows客户端
张三(zhangsan) 李四(lisi)
zhangsan@cluster.com lisi@cluster.com
claws-mail outlook
linux客户端 DNS服务器 postfix服务器+dovecot服务器
172.16.2.35--------172.16.2.15--------172.16.2.15
|
|
|
客户端 windows xp
172.16.2.27
前期准备:
1,主机名和IP
2,时间同步
3,关闭iptables,selinux
4, 配置好yum
第一大步:配置DNS服务器和邮件交换记录
先在15上把主机名和域定义好
#hostname mail.abc.com
#vim /etc/hosts
172.16.2.15 mail.abc.com
#vim /etc/sysconfig/network
HOSTNAME=mail.abc.com
下面在172.16.2.15上做DNS
# yum install bind*
# vim /etc/named.conf
options {
listen-on port 53 { any; }; --改为any
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; --改为any
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
# vim cat /etc/named.rfc1912.zones
zone "cluster.com" IN { --加上这一段,我的邮件域为cluster.com,跟主机名mail.abc.com不一样,方便理解和区分
type master;
file "data/master.cluster.com.zone";
};
# vim /var/named/data/master.cluster.com.zone
$TTL 3600
@ IN SOA SDFSADFA. fsdfa. (
1234567890
30
30
30
3600 )
IN NS 172.16.2.15.
IN MX 0 172.16.2.15. --加上这一句,MX是邮件交换记录,0代表优先级别,0-20,0代表优先级最高
mail IN A 172.16.2.15 --这个是邮件服务器的域名,因为我这里和DNS模拟做成同一台,所以IP相同
/etc/init.d/named restart
在客户端上把DNS指向DNS服务器,然后进行验证
--下面的验证是linux上做的,但是在XP的cmd命令行模式也是一样的命令来验证
# nslookup mail.cluster.com
Server: 172.16.2.15
Address: 172.16.2.15#53
Name: mail.cluster.com
Address: 172.16.2.15
# nslookup --验证邮件交换记录
> set type=mx
> cluster.com --这里写域,不是域名
Server: 172.16.2.15
Address: 172.16.2.15#53
cluster.com mail exchanger = 0 172.16.2.15.
=============================================================
第二大步:在linux客户端安装邮件客户端软件claws-mail
windows客户端自带outlook,不用安装
安装图形邮件客户端,这里使用claws-mail
[root@li ~]# ls /share/soft/mail_client/
claws-mail-3.5.0.tar.gz libetpan-0.57.tar.gz
tar xvf libetpan-0.57.tar.gz -C /usr/src/ --IMAP4和NNTP支持,要先装这个包才能编译claws-mail
tar xvf claws-mail-3.5.0.tar.gz -C /usr/src/
cd /usr/src/libetpan-0.57/
./configure
make
make install
cd /usr/src/claws-mail-3.5.0/
./configure
make
make install
--如果报libetpan版本比较老,你也可以不支持IMAP4和NNTP,使用下面的命令来编译./configure --disable-libetpan
--安装完成后,使用claws-mail &命令来打开,如果报找不到libetpan.so.13这个库文件,则使用下面的命令做一个软链接
# ln -s /usr/local/lib/libetpan.so.13 /lib/libetpan.so.13
--注意:如果用的是rhel6的64位的话,则ln -s /usr/local/lib/libetpan.so.13 /lib64/libetpan.so.13
检查是否安装成功,使用claws-mail & 能打开图形就表示成功了
===========================================================
第三大步:
在mail服务器上安装postfix和dovecot
# yum install postfix dovecot
综合配置一个简单的postfix邮件服务器
vim /etc/postfix/main.cf --参考postfix权威指南的52页
myhostname = mail.abc.com --本机主机名
mydomain = cluster.com --本机域名,postfix会自动扣除第一点号前的部分作为域名。如果不是FQDN形式的主机名,就一定要手动配置你的域名
myorigin = $mydomain --解释见权威指南53页
inet_interfaces = all --监听所有
mydestination = $myhostname, localhost.$mydomain, localhost ,$mydomain
--加上$mydomain,则表示可以直接以域名来收邮件
/etc/init.d/postfix restart
# netstat -ntlup |grep :25 --验证端口
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3289/master
tcp 0 0 :::25 :::* LISTEN 3289/master
假设公司这个邮件服务器有两个员工的账号,做为管理员在邮件服务器上创建这两个用户,并给密码(高级的做法,可以把账号做到数据库里来管理)
# useradd zhangsan
# useradd lisi
# echo 123 | passwd --stdin zhangsan
# echo 123 | passwd --stdin lisi
=====================================================
第四大步:
配置两个客户端(配置过程省略)
发邮件测试
zhangsan发一封邮件给lisi
lisi在点收信时会报连接到mail.cluster.com:110失败
因为还没有配置pop3,imap服务器
# vim /etc/dovecot/dovecot.conf
protocols = imap pop3 lmtp --打开这行的注释,在20行
login_trusted_networks = 172.16.2.0/24 --打开并配置这一行,表示能够成功登录的信任网络,大概在38行
# vim /etc/dovecot/conf.d/10-mail.conf
mail_location = mbox:~/mail:INBOX=/var/mail/%u --打开这行的注释,在25行
#/etc/init.d/dovecot restart
# netstat -ntlup |grep :110
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 4802/dovecot
tcp 0 0 :::110 :::* LISTEN 4802/dovecot
再测试邮件收发,都OK
如果在收信时,还是收不了,报类似下面的错误;或者在/var/log/maillog里也能找到下面的错误
Couldn't open INBOX: Internal error occurred. Refer to server log for more information
也就表示下面两个目录创建不出来,你可以对照我下面的权限,自己去创建,并修改权限等
[root@mail ~]# ll -d /home/zhangsan/mail/.imap/INBOX/
drwxrwx--- 2 zhangsan zhangsan 4096 Mar 17 15:23 /home/zhangsan/mail/.imap/INBOX/
[root@mail ~]# ll -d /home/lisi/mail/.imap/INBOX/
drwxrwx--- 2 lisi lisi 4096 Mar 17 15:23 /home/lisi/mail/.imap/INBOX/
==================================
实现两个域的互发
把DNS互相转发,两个域的客户端都能nslookup查到对方的域得到其邮件服务器的IP
就可以两边互相转发了
============================================================
总结:上面讲的只是邮件收发的基本原理,实际的邮件服务器在上面的基础上还有更多的功能,如:
1,邮件群发
2,虚拟邮件域(指一个邮件服务器可以做多个邮件域)
3, webmail (开发一个web界面程序由apache这种web服务器来提供web界面的管理,开源的有openwebmail,squirrelmail,extman等)
4, 邮件用户由数据库或者由ldap来管理(也就是邮件用户不是系统用户,而是放到类似mysql这样的数据库里,和数据连接)
5, 反垃圾邮件(现在反垃圾邮件可以使用DNS反向,域名黑名单,关键字评分等机制来实现,但不能从根本上解决垃圾邮件的问题)
6,邮件杀毒(装一个软件对邮件进行杀毒就可,开源的有clamAV等)
搭建一个完整的邮件服务器是很复杂的,就算搭建成功的话,维护起来出了问题也非常难排错;
所以除了大公司外,很多小公司也会选择花钱买一套邮件系统,这样会有完整的售后服务
如果公司很小,或刚起步,也可以选择一些大公司提供的企业邮件(如腾讯企业邮,网易企业邮这种,人数不多的话是免费的)
如果公司一定想要自己搭建一套的话,可以选择整合版本(如emos或zimbra等)
课后扩展:
安装emos1.5
/share/soft/EMOS_1.5_x86_64.iso
安装zimbra 8.6
/share/soft/zcs-8.6.0_GA_1153.RHEL6_64.20141215151155.tgz
====================================================================
下面是一整套开源邮件系统在linux下的搭建方法,目前只有在rhel5下才能实现(rhel6有兴趣自行升级版本去测试)
postfix+courier-imap+maildrop+courier-authlib+extmail+extman+spamassassin
postfix+postfixadmin+dovecot+mysql+squirrelmail+clamAV+amavisd-new+spamassassin
client
|
|
|
postfix+dovecot ------------>收件人
|
| 10024 10025
amavsid-new
|
|--------------|
clamav spamassassin
安装前准备
主机名
时间同步
关闭iptables ,selinux
yum配置OK
第一大步:
安装mysql,postfixadmin,httpd
# yum install httpd* mysql* php* -y
( or yum install httpd httpd-devel mysql* php php-devel php-mysql -y)
# /etc/init.d/mysqld start
安装postfixadmin (管理postfix的一个web界面的软件)
# mount 10.1.1.35:/share/soft /mnt
# cp /mnt/postfix+postfixadmin/postfixadmin-2.1.0.gz /root/
# tar xvf /root/postfixadmin-2.1.0.gz -C /var/www/html/
--解压到apache的家目录,这里apache是用的rpm版,没有改家目录的,所以就是/var/www/html/下====================================================================
下面是一整套开源邮件系统在linux下的搭建方法,目前只有在rhel5下才能实现(rhel6有兴趣自行升级版本去测试)
postfix+courier-imap+maildrop+courier-authlib+extmail+extman+spamassassin
postfix+postfixadmin+dovecot+mysql+squirrelmail+clamAV+amavisd-new+spamassassin
client
|
|
|
postfix+dovecot ------------>收件人
|
| 10024 10025
amavsid-new
|
|--------------|
clamav spamassassin
安装前准备
主机名
时间同步
关闭iptables ,selinux
yum配置OK
第一大步:
安装mysql,postfixadmin,httpd
# yum install httpd* mysql* php* -y
( or yum install httpd httpd-devel mysql* php php-devel php-mysql -y)
# /etc/init.d/mysqld start
安装postfixadmin (管理postfix的一个web界面的软件)
# mount 10.1.1.35:/share/soft /mnt
# cp /mnt/postfix+postfixadmin/postfixadmin-2.1.0.gz /root/
# tar xvf /root/postfixadmin-2.1.0.gz -C /var/www/html/
--解压到apache的家目录,这里apache是用的rpm版,没有改家目录的,所以就是/var/www/html/下
# cd /var/www/html/
# mv postfixadmin-2.1.0/ postfixadmin --改一下名字,便于在web地址栏访问
# mysql < /var/www/html/postfixadmin/DATABASE_MYSQL.TXT --postfix有一个mysql数据库的导表的文件,使用这条命令,直接导入数据库,就会自动创建postfix要使用的一些表
# mysql --再次登录验证
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| postfix | --多了一个postfix库,是刚才导入的
| test |
+--------------------+
mysql> use postfix; --进入postfix库
mysql> show tables; --查看库里的表,下面这些表就是刚才导入的,目前是空表
+-------------------+
| Tables_in_postfix |
+-------------------+
| admin |
| alias |
| domain |
| domain_admins |
| log |
| mailbox |
| vacation |
# /etc/init.d/httpd restart
这里使用浏览器http://IP/postfixadmin 访问postfix的web安装界面
点setup安装,会有一个警告和一个错误 ,错误是提示找不到config.ini.php文件
警告解决方法:
vim /etc/php.ini
magic_quotes_gpc = ON --把这个改为ON
错误的解决方法:
# mv /var/www/html/postfixadmin/config.inc.php.sample /var/www/html/postfixadmin/config.inc.php --有一个模版配置文件,重命名
# rm /var/www/html/postfixadmin/setup.php -rf --删除安装的信息文件
# /etc/init.d/httpd restart
# vim /var/www/html/postfixadmin/config.inc.php --修改
$CONF['default_language'] = 'cn'; --如果想要中文界面的话,改为cn,当然系统要是中文的
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO'; --这两个与后面postfix的mailbox设置有关
--第一个改为YES,表示每一个虚拟域都有自己的邮箱;
--第二个配置为NO表示,不希望域表示在mailbox里
再次访问http://IP/postfixadmin --用一个中文系统(英文系统如果不想注销切换,可以 export LANG=zh )中文做客户端,使用firefox查看会发现有乱码,这是因为httpd的语言集不一致造成的
# vim /etc/httpd/conf/httpd.conf
AddDefaultCharset GB2312 --把UTF-8 ,改为GB2312
# /etc/init.d/httpd restart --重启服务后,再次访问web界面就OK了
-----------------------
使用下面地址,访问管理页面
http://IP/postfixadmin/admin --刚进来,会有新特性等信息,提示删除motd文件
# rm /var/www/html/postfixadmin/motd* -rf
再访问管理页面,就没有那些信息了
这里手动添加两个域,我这里加了一个aaa.com 和 bbb.com这两个域
再增加一个管理员, 同时能管理这两个域,我这里管理员为admin@aaa.com
修改完成后,因为这是管理页面,不对外开放,那么可以使用系统权限来对其进行限制
# chmod 000 /var/www/html/postfixadmin/admin/ --把这个目录权限改为000,那么管理页面就不能再访问了,如果想再进管理页面进行信息的修改的话,可以把这个目录权限改回755就可以了
--或者使用apache的目录控制来控制只有管理机可以登录此页面,或者使用apache的.htaccess功能把此目录的访问权限设置验证
===============================
# vim /etc/httpd/conf/httpd.conf
327 AllowOverride all --改为all,表示家目录下所有目录都支持.htaccess验证
--或者加上下面这一段,指定只有admin目录可以支持.htaccess验证
AllowOverride all
Order allow,deny
Allow from all
# vim /var/www/html/postfixadmin/admin/.htaccess --默认有此文件
AuthUserFile /var/www/html/postfixadmin/admin/.htpasswd --改这一句
AuthGroupFile /dev/null
AuthName "Postfix Admin"
AuthType Basic
require valid-user
# htpasswd /var/www/html/postfixadmin/admin/.htpasswd admin --修改此文件的admin用户的密码
New password:
Re-type new password:
Updating password for user admin
# /etc/init.d/httpd restart
================================================================
第二大步,安装postfix
这里我们不使用rpm版的postfix,因为rpm版默认不支持mysql,所以需要源码版重新编译
可以去redhat的ftp网站下载
ftp://ftp.redhat.com
ftp://ftp.redhat.com/redhat/linux/enterprise/5Server/en/os/SRPMS/
postfix-2.3.3-2.1.el5_2.src.rpm
# useradd -s /sbin/nologin brewbuilder
# rpm -ivh postfix-2.3.3-2.1.el5_2.src.rpm
# cd /usr/src/redhat/SPECS/
# ls
postfix.spec --这是rpm 的src包的配置文件
# vim postfix.spec
%define MYSQL 1 --把0改为1,让它支持mysql
# rpmbuild -ba postfix.spec --这里依赖性需要pcre-devel包,先确认安装这个包再rpmbuild -ba postfix.spec来编译postfix
编译完成后会看到
Wrote: /usr/src/redhat/SRPMS/postfix-2.3.3-2.1.src.rpm
Wrote: /usr/src/redhat/RPMS/i386/postfix-2.3.3-2.1.i386.rpm --编译出来的支持mysql的rpm包
Wrote: /usr/src/redhat/RPMS/i386/postfix-pflogsumm-2.3.3-2.1.i386.rpm
Wrote: /usr/src/redhat/RPMS/i386/postfix-debuginfo-2.3.3-2.1.i386.rpm
# rpm -ivh /usr/src/redhat/RPMS/i386/postfix-2.3.3-2.1.i386.rpm
--这里拷贝一个模版配置文件
# cp /mnt/postfix+postfixadmin/config_files/main.cf /etc/postfix/
cp: overwrite `/etc/postfix/main.cf'? y
--拷贝和数据库连接相关的几个配置文件
[root@station209 SPECS]# cp /mnt/postfix+postfixadmin/config_files/mysql_virtual_* /etc/postfix/
------------
--五个配置文件的配置内容如下
# cat /etc/postfix/main.cf
#=====================BASE=========================
myhostname = postfix.cluster.com
mydomain = cluster.com --这里改成服务器主机名
myorigin = $mydomain
mydestination = $myhostname localhost localhost.$mydomain
mynetworks = 127.0.0.0/8
inet_interfaces = all
#=====================Vritual Mailbox settings=========================
virtual_minimum_uid = 80 --这里要小于89,因为默认安装的postfix用户uid为89
virtual_mailbox_base = /var/spool/mail
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf --这里有mysql相关的,就是与mysql的连接设置
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:89
virtual_gid_maps = static:89
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
#====================QUOTA========================
message_size_limit = 52428800
mailbox_size_limit = 209715200
virtual_mailbox_limit = 209715200
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes
#====================SASL========================
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination,permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner=$myhostname ESMTP "Version not Available"
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
html_directory = no
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/local/man
daemon_directory = /usr/libexec/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix
vim /etc/postfix/mysql_virtual_mailbox_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
vim /etc/postfix/mysql_virtual_mailbox_limit_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = quota
where_field = username
vim /etc/postfix/mysql_virtual_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = domain
select_field = description
where_field = domain
vim /etc/postfix/mysql_virtual_alias_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
-----------------------------
停止sendmail,启动postfix,也可以使用system-swith-mail去切换MTA
# /etc/init.d/sendmail stop
# /etc/init.d/postfix start
修改邮件目录的属主
# chown postfix.postfix /var/spool/mail/ -R
安装验证sasl包
yum install cyrus-sasl -y
/etc/init.d/saslauthd start
chkconfig saslauthd on
-------------------------------------------------------------------
第三大步:
安装dovecot
# yum install dovecot -y
--拷贝两个配置文件的模版
[root@station209 SPECS]# cp /mnt/postfix+postfixadmin/config_files/dovecot* /etc
cp: overwrite `/etc/dovecot.conf'? y
------------------
--两个配置文件内容如下:
# cat /etc/dovecot.conf
base_dir=/var/run/dovecot
protocols=imap pop3
listen=*
disable_plaintext_auth = no
ssl_disable = yes
mail_location = maildir:/var/spool/mail/%d/%n
auth default {
mechanisms = PLAIN LOGIN CRAM-MD5 DIGEST-MD5
passdb sql {
args = /etc/dovecot-mysql.conf
}
userdb sql {
args = /etc/dovecot-mysql.conf
}
socket listen {
client {
path = /var/run/dovecot/auth-client
mode = 0660
user = postfix
group = postfix
}
}
}
first_valid_uid = 89
# cat /etc/dovecot-mysql.conf
driver = mysql
connect = host=/var/lib/mysql/mysql.sock dbname=postfix user=postfix password=postfix
default_pass_scheme = MD5
password_query = SELECT password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, 89 AS uid, 89 AS gid FROM mailbox WHERE username = '%u'
--启动服务
# /etc/init.d/dovecot start
--------------------------------------------------------------------------
第四大步:安装一个webmail 这里用squirrelmail
# yum install squirrelmail -y
# vim /etc/squirrelmail/config.php
$provider_uri = 'http://IP/postfixadmin/users';
$squirrelmail_default_language = 'zh_CN';
# chown apache.apache /var/lib/squirrelmail/prefs/
# chown apache.apache /var/spool/squirrelmail/attach/
# chown root.apache /etc/squirrelmail/config.php
# /etc/init.d/httpd restart
可以使用http://IP/webmail/ 来使用用户登录
----------------------------------------------------------
第五大步:测试
1,首先创建测试用户
通过http://IP/postfixadmin 使用创建的管理员admin@aaa.com登录
登录后,创建每个域都创建二个用户用来测试
我这里创建的四个用户分别是
zhangsan@aaa.com
zhangsan@bbb.com
lisi@aaa.com
lisi@bbb.com
这些新建的用户信息都可以在mysql数据库的postfix库里查看的
2,使用xp的outlook来进行收发邮件的测试
注意:使用outlook填用户时记得写全名也就是user@domain.com这种格式,因为这里有多个域,不写全的话会有错误
我这里使用zhangsan@aaa.com登录outlook,登录后点发送/接收按钮会收到admin@aaa.com的欢迎邮件表示OK
我使用zhangsan@aaa.com发送给lisi@aaa.com,直接发送不了,因为我们配置了验证的
所以在outlook要点 工具-->帐户-->属性-->服务器-->最下面的我的服务器要求身份验证打勾
再次发送,然后使用lisi@aaa.com登录squirrelmail来接收,测试 OK
--补充:
邮件以前用系统用户的话,会存放在/var/mail/zhangsan这个文件里
现在会存放在下面的目录里的一个文件里
# ls /var/spool/mail/aaa.com/zhangsan/cur/
----------------
注意上面的服务可以全部设置成开机自动启动
chkconfig httpd on
chkconfig mysqld on
chkconfig postfix on
chkconfig dovecot on
chkconfig saslauthd on
=============================================================
# ls /share/soft/amavisd_clamav_spam/
继续安装
amavisd-new + clamav + spamassassin
先修改postfix的文件
vim /etc/postfix/main.cf --加上下面两句
soft_bounce=yes
content_filter = smtp-amavis:[127.0.0.1]:10024
vim /etc/postfix/master.cf --加上下面一大段配置
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
/etc/init.d/postfix restart --加完了上面的两段配置后重启postfix
安装clamav
[root@postfix amavisd_clamav_spam]# ls clam --直接安装下面这三个rpm包
clamav-0.92-1.el5.rf.i386.rpm
clamav-db-0.92-1.el5.rf.i386.rpm
clamd-0.92-1.el5.rf.i386.rpm
[root@postfix amavisd_clamav_spam]# rpm -ivh clam* --安装
[root@postfix ~]# vim /etc/clamd.conf --主配置文件,我这里用默认配置,不修改
[root@postfix ~]# vim /etc/freshclam.conf --下载病毒库的配置文件,我这里也是默认配置,不修改
[root@postfix ~]# /etc/init.d/clamd start
Starting Clam AntiVirus Daemon: [ OK ]
[root@postfix ~]# chkconfig clamd on
[root@postfix ~]# tail /var/log/clamav/clamd.log
Mon Aug 15 15:32:32 2011 -> Algorithmic detection enabled.
Mon Aug 15 15:32:32 2011 -> Portable Executable support enabled.
Mon Aug 15 15:32:32 2011 -> ELF support enabled.
Mon Aug 15 15:32:32 2011 -> Detection of broken executables enabled.
Mon Aug 15 15:32:32 2011 -> Mail files support enabled.
Mon Aug 15 15:32:32 2011 -> Mail: Recursion level limit set to 64.
Mon Aug 15 15:32:32 2011 -> OLE2 support enabled.
Mon Aug 15 15:32:32 2011 -> PDF support disabled.
Mon Aug 15 15:32:32 2011 -> HTML support enabled.
Mon Aug 15 15:32:32 2011 -> Self checking every 1800 seconds.
.
更新病毒库
# freshclam --一个命令就可以去更新病毒库
ClamAV update process started at Mon Aug 15 15:32:32 2011
Downloading main.cvd [ 11%] --它会去下载病毒库,这里是下载主病毒库到11%
--实际情况可以写一个自动更新的命令用crontab去定时更新
更新病毒库过后,启动服务
/etc/init.d/clamd start --如果这里报配置文件找不到的,注意可能是配置文件里 example没有注释
服务启动过后,使用
clamscan 扫描
============================================================
spam spamer
安装spamassassin
[root@postfix ~]# yum install spamassassin --安装完后,先不配置,再去安装amavisd-new,因为amavisd-new需要先装spamassassin
下面安装amavisd-new,但因为依赖性有近20个
所以用rpm一个个的安装比较麻烦
--下面是rpm的安装方法
[root@postfix amavisd_clamav_spam]# rpm -ivh amavisd-new-2.5.2-1.el5.rf.i386.rpm --安装此包依赖性非常多,需要细心慢慢来安装
warning: amavisd-new-2.5.2-1.el5.rf.i386.rpm: Header V3 DSA signature: NOKEY, key ID 6b8d79e6
error: Failed dependencies:
arc >= 5.21e is needed by amavisd-new-2.5.2-1.el5.rf.i386
cabextract is needed by amavisd-new-2.5.2-1.el5.rf.i386
freeze is needed by amavisd-new-2.5.2-1.el5.rf.i386
lha is needed by amavisd-new-2.5.2-1.el5.rf.i386
lzop is needed by amavisd-new-2.5.2-1.el5.rf.i386
ncompress is needed by amavisd-new-2.5.2-1.el5.rf.i386
nomarch >= 1.2 is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(Archive::Zip) >= 1.14 is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(BerkeleyDB) is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(Convert::TNEF) is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(Convert::UUlib) is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(IO::Stringy) is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(MIME::Entity) is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(MIME::Parser) is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(MIME::Tools) >= 5.420 is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(MIME::Words) is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(Net::Server) >= 0.87 is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(Net::Server) >= 0.93 is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(Unix::Syslog) is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl-MailTools is needed by amavisd-new-2.5.2-1.el5.rf.i386
ripole is needed by amavisd-new-2.5.2-1.el5.rf.i386
unarj is needed by amavisd-new-2.5.2-1.el5.rf.i386
unrar >= 2.71 is needed by amavisd-new-2.5.2-1.el5.rf.i386
zoo >= 2.10 is needed by amavisd-new-2.5.2-1.el5.rf.i386
[root@postfix amavisd_clamav_spam]# rpm -ivh --nodocs perl-File-Temp-0.19-1.el5.rf.noarch.rpm
--使用--nodocs参数不安装文档包,因为有一个文档文件与系统原来的perl包有冲突;或者使用--force强制安装覆盖
rpm -ivh perl-Archive-Zip-1.23-1.el5.rf.noarch.rpm
rpm -ivh perl-BerkeleyDB-0.32-1.el5.rf.i386.rpm
rpm -ivh perl-Convert-BinHex-1.119-2.2.el5.rf.noarch.rpm
rpm -ivh perl-Convert-UUlib-1.051-1.2.el5.rf.i386.rpm
rpm -ivh perl-Unix-Syslog-1.0-1.el5.rf.i386.rpm
rpm -ivh perl-IO-stringy-2.110-1.2.el5.rf.noarch.rpm
rpm -ivh perl-Net-Server-0.97-1.el5.rf.noarch.rpm
rpm -ivh zoo-2.10-2.2.el5.rf.i386.rpm
rpm -ivh lzo-1.08-4.2.el5.rf.i386.rpm
rpm -ivh lzop-1.01-2.el5.rf.i386.rpm
rpm -ivh unrar-3.7.4-1.el5.rf.i386.rpm
rpm -ivh unarj-2.63-0.a.2.el5.rf.i386.rpm
rpm -ivh ripole-0.2.0-1.2.el5.rf.i386.rpm
rpm -ivh lha-1.14i-19.2.2.el5.rf.i386.rpm
rpm -ivh freeze-2.5.0-1.2.el5.rf.i386.rpm
rpm -ivh arc-5.21o-1.el5.rf.i386.rpm
rpm -ivh nomarch-1.4-1.el5.rf.i386.rpm
rpm -ivh cabextract-1.2-1.el5.rf.i386.rpm
# yum install ncompress --此包去光盘里安装,或者使用yum
=============================
--还有下面三个包安装不上去
120 rpm -ivh perl-Convert-TNEF-0.17-3.2.el5.rf.noarch.rpm
121 rpm -ivh perl-MIME-tools-5.425-1.el5.test.noarch.rpm
122 rpm -ivh perl-MailTools-2.02-1.el5.rf.noarch.rpm
解决:直接yum install *perl* --cd 出来再yum install
===========================
--yum install *perl* 之后,就可以安装了
# rpm -ivh perl-MailTools-2.02-1.el5.rf.noarch.rpm
# rpm -ivh perl-MIME-tools-5.425-1.el5.test.noarch.rpm
# rpm -ivh perl-Convert-TNEF-0.17-3.2.el5.rf.noarch.rpm
# rpm -ivh amavisd-new-2.5.2-1.el5.rf.i386.rpm --终于成功安装 @_@
--下面就是使用yum的安装方法
这里我们自己配置yum软件仓库,使用yum来安装
--我这里在真实机上,先在下面的目录里创建repodata目录
# createrepo /share/soft/amavisd_clamav_spam/
# cp /share/soft/amavisd_clamav_spam/ /share/yum -rf --/share/yum为我真实机上ftp匿名用户登录的家目录
--然后在邮件服务器的yum配置文件里加上下面一段
# vim /etc/yum.repos.d/rhel-debuginfo.repo
[amavisd]
name=amavisd
baseurl=ftp://2.2.2.10/amavisd_clamav_spam
enabled=1
gpgcheck=0
# yum install amavisd* -y
==============================================================
# cp /amavisd_clamav_spam/config/amavisd.conf /etc/
cp: overwrite `/etc/amavisd.conf'? y
--拷贝配置文件,覆盖原配置文件
[root@postfix doc]# vim /etc/amavisd.conf
$mydomain = 'aaa.com'; --改成你相对的域,为你的邮件域之一
@local_domains_maps = ( [".$mydomain", ".bbb.com"] );
--写上自己的虚拟域
$sa_tag2_level_deflt = 8.5; --改成8.5分方便测试
[root@postfix doc]# touch /var/amavis/whitelist
[root@postfix doc]# touch /var/amavis/blacklist
[root@postfix doc]# /etc/init.d/amavisd restart --启动
[root@postfix doc]# chkconfig amavisd on
====================================================
配置spamassassin
[root@postfix doc]# cp /amavisd_clamav_spam/config/local.cf /etc/mail/spamassassin/
cp: overwrite `/etc/mail/spamassassin/local.cf'? y
[root@postfix doc]# cat /etc/mail/spamassassin/local.cf
# These values can be overridden by editing ~/.spamassassin/user_prefs.cf
# (see spamassassin(1) for details)
# These should be safe assumptions and allow for simple visual sifting
# without risking lost emails.
required_hits 8.5 --这里改为8.5分
# Text to prepend to subject if rewrite_subject is used
rewrite_header Subject *****SPAM*****
# Encapsulate spam in an attachment
report_safe 0
# Enable the Bayes system
use_bayes 1
# Enable Bayes auto-learning
bayes_auto_learn 1
# Enable or disable network checks
skip_rbl_checks 1
# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales zh en
ok_languages zh en
score HEADER_8BITS 0
score HTML_COMMENT_8BITS 0
score SUBJ_FULL_OF_8BITS 0
score UPPERCASE_25_50 0
score UPPERCASE_50_75 0
score UPPERCASE_75_100 0
score NO_REAL_NAME 4.000
score SPF_FAIL 10.000
score SPF_HELO_FAIL 10.000
score BAYES_99 4.300
score BAYES_90 3.500
score BAYES_80 3.000
[root@postfix doc]# vim /etc/mail/spamassassin/v310.pre --修改它,打开下面一句
loadplugin Mail::SpamAssassin::Plugin::TextCat
[root@postfix doc]# cp /amavisd_clamav_spam/config/Chinese_rules.cf /usr/share/spamassassin/
--拷贝中文规则文件到规则目录
[root@postfix doc]# /etc/init.d/spamassassin start --启动服务
[root@postfix doc]# chkconfig spamassassin on
确认端口:
[root@postfix doc]# netstat -ntlup |grep 100
tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 8072/amavisd (maste
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 7656/master
[root@postfix doc]# netstat -ntlup |grep :25
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 7656/master
[root@postfix doc]# netstat -ntlup |grep :110
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 7040/dovecot
[root@postfix doc]# netstat -ntlup |grep :783
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 8146/spamd.pid
[root@postfix doc]# netstat -ntlup |grep 3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 3048/mysqld
[root@postfix ~]# netstat -ntlup |grep :3310
tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 7772/clamd
===========================================================
病毒邮件测试:
在http://www.eicar.org/anti_virus_test_file.htm 网站上可以下载病毒测试文件
发邮件,附件里把eicar.com放上去
[root@postfix doc]# ls /amavisd_clamav_spam/config/eicar.com
/amavisd_clamav_spam/config/eicar.com
发送后,发现不能收到,
但在服务器上可以看到被放到病毒目录里去了
[root@postfix doc]# ls /var/virusmails/virus-RLOHHpWvOjyI
/var/virusmails/virus-RLOHHpWvOjyI
# cd /var/www/html/
# mv postfixadmin-2.1.0/ postfixadmin --改一下名字,便于在web地址栏访问
# mysql < /var/www/html/postfixadmin/DATABASE_MYSQL.TXT --postfix有一个mysql数据库的导表的文件,使用这条命令,直接导入数据库,就会自动创建postfix要使用的一些表
# mysql --再次登录验证
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| postfix | --多了一个postfix库,是刚才导入的
| test |
+--------------------+
mysql> use postfix; --进入postfix库
mysql> show tables; --查看库里的表,下面这些表就是刚才导入的,目前是空表
+-------------------+
| Tables_in_postfix |
+-------------------+
| admin |
| alias |
| domain |
| domain_admins |
| log |
| mailbox |
| vacation |
# /etc/init.d/httpd restart
这里使用浏览器http://IP/postfixadmin 访问postfix的web安装界面
点setup安装,会有一个警告和一个错误 ,错误是提示找不到config.ini.php文件
警告解决方法:
vim /etc/php.ini
magic_quotes_gpc = ON --把这个改为ON
错误的解决方法:
# mv /var/www/html/postfixadmin/config.inc.php.sample /var/www/html/postfixadmin/config.inc.php --有一个模版配置文件,重命名
# rm /var/www/html/postfixadmin/setup.php -rf --删除安装的信息文件
# /etc/init.d/httpd restart
# vim /var/www/html/postfixadmin/config.inc.php --修改
$CONF['default_language'] = 'cn'; --如果想要中文界面的话,改为cn,当然系统要是中文的
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO'; --这两个与后面postfix的mailbox设置有关
--第一个改为YES,表示每一个虚拟域都有自己的邮箱;
--第二个配置为NO表示,不希望域表示在mailbox里
再次访问http://IP/postfixadmin --用一个中文系统(英文系统如果不想注销切换,可以 export LANG=zh )中文做客户端,使用firefox查看会发现有乱码,这是因为httpd的语言集不一致造成的
# vim /etc/httpd/conf/httpd.conf
AddDefaultCharset GB2312 --把UTF-8 ,改为GB2312
# /etc/init.d/httpd restart --重启服务后,再次访问web界面就OK了
-----------------------
使用下面地址,访问管理页面
http://IP/postfixadmin/admin --刚进来,会有新特性等信息,提示删除motd文件
# rm /var/www/html/postfixadmin/motd* -rf
再访问管理页面,就没有那些信息了
这里手动添加两个域,我这里加了一个aaa.com 和 bbb.com这两个域
再增加一个管理员, 同时能管理这两个域,我这里管理员为admin@aaa.com
修改完成后,因为这是管理页面,不对外开放,那么可以使用系统权限来对其进行限制
# chmod 000 /var/www/html/postfixadmin/admin/ --把这个目录权限改为000,那么管理页面就不能再访问了,如果想再进管理页面进行信息的修改的话,可以把这个目录权限改回755就可以了
--或者使用apache的目录控制来控制只有管理机可以登录此页面,或者使用apache的.htaccess功能把此目录的访问权限设置验证
===============================
# vim /etc/httpd/conf/httpd.conf
327 AllowOverride all --改为all,表示家目录下所有目录都支持.htaccess验证
--或者加上下面这一段,指定只有admin目录可以支持.htaccess验证
AllowOverride all
Order allow,deny
Allow from all
# vim /var/www/html/postfixadmin/admin/.htaccess --默认有此文件
AuthUserFile /var/www/html/postfixadmin/admin/.htpasswd --改这一句
AuthGroupFile /dev/null
AuthName "Postfix Admin"
AuthType Basic
require valid-user
# htpasswd /var/www/html/postfixadmin/admin/.htpasswd admin --修改此文件的admin用户的密码
New password:
Re-type new password:
Updating password for user admin
# /etc/init.d/httpd restart
================================================================
第二大步,安装postfix
这里我们不使用rpm版的postfix,因为rpm版默认不支持mysql,所以需要源码版重新编译
可以去redhat的ftp网站下载
ftp://ftp.redhat.com
ftp://ftp.redhat.com/redhat/linux/enterprise/5Server/en/os/SRPMS/
postfix-2.3.3-2.1.el5_2.src.rpm
# useradd -s /sbin/nologin brewbuilder
# rpm -ivh postfix-2.3.3-2.1.el5_2.src.rpm
# cd /usr/src/redhat/SPECS/
# ls
postfix.spec --这是rpm 的src包的配置文件
# vim postfix.spec
%define MYSQL 1 --把0改为1,让它支持mysql
# rpmbuild -ba postfix.spec --这里依赖性需要pcre-devel包,先确认安装这个包再rpmbuild -ba postfix.spec来编译postfix
编译完成后会看到
Wrote: /usr/src/redhat/SRPMS/postfix-2.3.3-2.1.src.rpm
Wrote: /usr/src/redhat/RPMS/i386/postfix-2.3.3-2.1.i386.rpm --编译出来的支持mysql的rpm包
Wrote: /usr/src/redhat/RPMS/i386/postfix-pflogsumm-2.3.3-2.1.i386.rpm
Wrote: /usr/src/redhat/RPMS/i386/postfix-debuginfo-2.3.3-2.1.i386.rpm
# rpm -ivh /usr/src/redhat/RPMS/i386/postfix-2.3.3-2.1.i386.rpm
--这里拷贝一个模版配置文件
# cp /mnt/postfix+postfixadmin/config_files/main.cf /etc/postfix/
cp: overwrite `/etc/postfix/main.cf'? y
--拷贝和数据库连接相关的几个配置文件
[root@station209 SPECS]# cp /mnt/postfix+postfixadmin/config_files/mysql_virtual_* /etc/postfix/
------------
--五个配置文件的配置内容如下
# cat /etc/postfix/main.cf
#=====================BASE=========================
myhostname = postfix.cluster.com
mydomain = cluster.com --这里改成服务器主机名
myorigin = $mydomain
mydestination = $myhostname localhost localhost.$mydomain
mynetworks = 127.0.0.0/8
inet_interfaces = all
#=====================Vritual Mailbox settings=========================
virtual_minimum_uid = 80 --这里要小于89,因为默认安装的postfix用户uid为89
virtual_mailbox_base = /var/spool/mail
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf --这里有mysql相关的,就是与mysql的连接设置
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:89
virtual_gid_maps = static:89
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
#====================QUOTA========================
message_size_limit = 52428800
mailbox_size_limit = 209715200
virtual_mailbox_limit = 209715200
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes
#====================SASL========================
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination,permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner=$myhostname ESMTP "Version not Available"
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
html_directory = no
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/local/man
daemon_directory = /usr/libexec/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix
vim /etc/postfix/mysql_virtual_mailbox_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
vim /etc/postfix/mysql_virtual_mailbox_limit_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = quota
where_field = username
vim /etc/postfix/mysql_virtual_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = domain
select_field = description
where_field = domain
vim /etc/postfix/mysql_virtual_alias_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
-----------------------------
停止sendmail,启动postfix,也可以使用system-swith-mail去切换MTA
# /etc/init.d/sendmail stop
# /etc/init.d/postfix start
修改邮件目录的属主
# chown postfix.postfix /var/spool/mail/ -R
安装验证sasl包
yum install cyrus-sasl -y
/etc/init.d/saslauthd start
chkconfig saslauthd on
-------------------------------------------------------------------
第三大步:
安装dovecot
# yum install dovecot -y
--拷贝两个配置文件的模版
[root@station209 SPECS]# cp /mnt/postfix+postfixadmin/config_files/dovecot* /etc
cp: overwrite `/etc/dovecot.conf'? y
------------------
--两个配置文件内容如下:
# cat /etc/dovecot.conf
base_dir=/var/run/dovecot
protocols=imap pop3
listen=*
disable_plaintext_auth = no
ssl_disable = yes
mail_location = maildir:/var/spool/mail/%d/%n
auth default {
mechanisms = PLAIN LOGIN CRAM-MD5 DIGEST-MD5
passdb sql {
args = /etc/dovecot-mysql.conf
}
userdb sql {
args = /etc/dovecot-mysql.conf
}
socket listen {
client {
path = /var/run/dovecot/auth-client
mode = 0660
user = postfix
group = postfix
}
}
}
first_valid_uid = 89
# cat /etc/dovecot-mysql.conf
driver = mysql
connect = host=/var/lib/mysql/mysql.sock dbname=postfix user=postfix password=postfix
default_pass_scheme = MD5
password_query = SELECT password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, 89 AS uid, 89 AS gid FROM mailbox WHERE username = '%u'
--启动服务
# /etc/init.d/dovecot start
--------------------------------------------------------------------------
第四大步:安装一个webmail 这里用squirrelmail
# yum install squirrelmail -y
# vim /etc/squirrelmail/config.php
$provider_uri = 'http://IP/postfixadmin/users';
$squirrelmail_default_language = 'zh_CN';
# chown apache.apache /var/lib/squirrelmail/prefs/
# chown apache.apache /var/spool/squirrelmail/attach/
# chown root.apache /etc/squirrelmail/config.php
# /etc/init.d/httpd restart
可以使用http://IP/webmail/ 来使用用户登录
----------------------------------------------------------
第五大步:测试
1,首先创建测试用户
通过http://IP/postfixadmin 使用创建的管理员admin@aaa.com登录
登录后,创建每个域都创建二个用户用来测试
我这里创建的四个用户分别是
zhangsan@aaa.com
zhangsan@bbb.com
lisi@aaa.com
lisi@bbb.com
这些新建的用户信息都可以在mysql数据库的postfix库里查看的
2,使用xp的outlook来进行收发邮件的测试
注意:使用outlook填用户时记得写全名也就是user@domain.com这种格式,因为这里有多个域,不写全的话会有错误
我这里使用zhangsan@aaa.com登录outlook,登录后点发送/接收按钮会收到admin@aaa.com的欢迎邮件表示OK
我使用zhangsan@aaa.com发送给lisi@aaa.com,直接发送不了,因为我们配置了验证的
所以在outlook要点 工具-->帐户-->属性-->服务器-->最下面的我的服务器要求身份验证打勾
再次发送,然后使用lisi@aaa.com登录squirrelmail来接收,测试 OK
--补充:
邮件以前用系统用户的话,会存放在/var/mail/zhangsan这个文件里
现在会存放在下面的目录里的一个文件里
# ls /var/spool/mail/aaa.com/zhangsan/cur/
----------------
注意上面的服务可以全部设置成开机自动启动
chkconfig httpd on
chkconfig mysqld on
chkconfig postfix on
chkconfig dovecot on
chkconfig saslauthd on
=============================================================
# ls /share/soft/amavisd_clamav_spam/
继续安装
amavisd-new + clamav + spamassassin
先修改postfix的文件
vim /etc/postfix/main.cf --加上下面两句
soft_bounce=yes
content_filter = smtp-amavis:[127.0.0.1]:10024
vim /etc/postfix/master.cf --加上下面一大段配置
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
/etc/init.d/postfix restart --加完了上面的两段配置后重启postfix
安装clamav
[root@postfix amavisd_clamav_spam]# ls clam --直接安装下面这三个rpm包
clamav-0.92-1.el5.rf.i386.rpm
clamav-db-0.92-1.el5.rf.i386.rpm
clamd-0.92-1.el5.rf.i386.rpm
[root@postfix amavisd_clamav_spam]# rpm -ivh clam* --安装
[root@postfix ~]# vim /etc/clamd.conf --主配置文件,我这里用默认配置,不修改
[root@postfix ~]# vim /etc/freshclam.conf --下载病毒库的配置文件,我这里也是默认配置,不修改
[root@postfix ~]# /etc/init.d/clamd start
Starting Clam AntiVirus Daemon: [ OK ]
[root@postfix ~]# chkconfig clamd on
[root@postfix ~]# tail /var/log/clamav/clamd.log
Mon Aug 15 15:32:32 2011 -> Algorithmic detection enabled.
Mon Aug 15 15:32:32 2011 -> Portable Executable support enabled.
Mon Aug 15 15:32:32 2011 -> ELF support enabled.
Mon Aug 15 15:32:32 2011 -> Detection of broken executables enabled.
Mon Aug 15 15:32:32 2011 -> Mail files support enabled.
Mon Aug 15 15:32:32 2011 -> Mail: Recursion level limit set to 64.
Mon Aug 15 15:32:32 2011 -> OLE2 support enabled.
Mon Aug 15 15:32:32 2011 -> PDF support disabled.
Mon Aug 15 15:32:32 2011 -> HTML support enabled.
Mon Aug 15 15:32:32 2011 -> Self checking every 1800 seconds.
.
更新病毒库
# freshclam --一个命令就可以去更新病毒库
ClamAV update process started at Mon Aug 15 15:32:32 2011
Downloading main.cvd [ 11%] --它会去下载病毒库,这里是下载主病毒库到11%
--实际情况可以写一个自动更新的命令用crontab去定时更新
更新病毒库过后,启动服务
/etc/init.d/clamd start --如果这里报配置文件找不到的,注意可能是配置文件里 example没有注释
服务启动过后,使用
clamscan 扫描
============================================================
spam spamer
安装spamassassin
[root@postfix ~]# yum install spamassassin --安装完后,先不配置,再去安装amavisd-new,因为amavisd-new需要先装spamassassin
下面安装amavisd-new,但因为依赖性有近20个
所以用rpm一个个的安装比较麻烦
--下面是rpm的安装方法
[root@postfix amavisd_clamav_spam]# rpm -ivh amavisd-new-2.5.2-1.el5.rf.i386.rpm --安装此包依赖性非常多,需要细心慢慢来安装
warning: amavisd-new-2.5.2-1.el5.rf.i386.rpm: Header V3 DSA signature: NOKEY, key ID 6b8d79e6
error: Failed dependencies:
arc >= 5.21e is needed by amavisd-new-2.5.2-1.el5.rf.i386
cabextract is needed by amavisd-new-2.5.2-1.el5.rf.i386
freeze is needed by amavisd-new-2.5.2-1.el5.rf.i386
lha is needed by amavisd-new-2.5.2-1.el5.rf.i386
lzop is needed by amavisd-new-2.5.2-1.el5.rf.i386
ncompress is needed by amavisd-new-2.5.2-1.el5.rf.i386
nomarch >= 1.2 is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(Archive::Zip) >= 1.14 is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(BerkeleyDB) is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(Convert::TNEF) is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(Convert::UUlib) is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(IO::Stringy) is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(MIME::Entity) is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(MIME::Parser) is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(MIME::Tools) >= 5.420 is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(MIME::Words) is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(Net::Server) >= 0.87 is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(Net::Server) >= 0.93 is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl(Unix::Syslog) is needed by amavisd-new-2.5.2-1.el5.rf.i386
perl-MailTools is needed by amavisd-new-2.5.2-1.el5.rf.i386
ripole is needed by amavisd-new-2.5.2-1.el5.rf.i386
unarj is needed by amavisd-new-2.5.2-1.el5.rf.i386
unrar >= 2.71 is needed by amavisd-new-2.5.2-1.el5.rf.i386
zoo >= 2.10 is needed by amavisd-new-2.5.2-1.el5.rf.i386
[root@postfix amavisd_clamav_spam]# rpm -ivh --nodocs perl-File-Temp-0.19-1.el5.rf.noarch.rpm
--使用--nodocs参数不安装文档包,因为有一个文档文件与系统原来的perl包有冲突;或者使用--force强制安装覆盖
rpm -ivh perl-Archive-Zip-1.23-1.el5.rf.noarch.rpm
rpm -ivh perl-BerkeleyDB-0.32-1.el5.rf.i386.rpm
rpm -ivh perl-Convert-BinHex-1.119-2.2.el5.rf.noarch.rpm
rpm -ivh perl-Convert-UUlib-1.051-1.2.el5.rf.i386.rpm
rpm -ivh perl-Unix-Syslog-1.0-1.el5.rf.i386.rpm
rpm -ivh perl-IO-stringy-2.110-1.2.el5.rf.noarch.rpm
rpm -ivh perl-Net-Server-0.97-1.el5.rf.noarch.rpm
rpm -ivh zoo-2.10-2.2.el5.rf.i386.rpm
rpm -ivh lzo-1.08-4.2.el5.rf.i386.rpm
rpm -ivh lzop-1.01-2.el5.rf.i386.rpm
rpm -ivh unrar-3.7.4-1.el5.rf.i386.rpm
rpm -ivh unarj-2.63-0.a.2.el5.rf.i386.rpm
rpm -ivh ripole-0.2.0-1.2.el5.rf.i386.rpm
rpm -ivh lha-1.14i-19.2.2.el5.rf.i386.rpm
rpm -ivh freeze-2.5.0-1.2.el5.rf.i386.rpm
rpm -ivh arc-5.21o-1.el5.rf.i386.rpm
rpm -ivh nomarch-1.4-1.el5.rf.i386.rpm
rpm -ivh cabextract-1.2-1.el5.rf.i386.rpm
# yum install ncompress --此包去光盘里安装,或者使用yum
=============================
--还有下面三个包安装不上去
120 rpm -ivh perl-Convert-TNEF-0.17-3.2.el5.rf.noarch.rpm
121 rpm -ivh perl-MIME-tools-5.425-1.el5.test.noarch.rpm
122 rpm -ivh perl-MailTools-2.02-1.el5.rf.noarch.rpm
解决:直接yum install *perl* --cd 出来再yum install
===========================
--yum install *perl* 之后,就可以安装了
# rpm -ivh perl-MailTools-2.02-1.el5.rf.noarch.rpm
# rpm -ivh perl-MIME-tools-5.425-1.el5.test.noarch.rpm
# rpm -ivh perl-Convert-TNEF-0.17-3.2.el5.rf.noarch.rpm
# rpm -ivh amavisd-new-2.5.2-1.el5.rf.i386.rpm --终于成功安装 @_@
--下面就是使用yum的安装方法
这里我们自己配置yum软件仓库,使用yum来安装
--我这里在真实机上,先在下面的目录里创建repodata目录
# createrepo /share/soft/amavisd_clamav_spam/
# cp /share/soft/amavisd_clamav_spam/ /share/yum -rf --/share/yum为我真实机上ftp匿名用户登录的家目录
--然后在邮件服务器的yum配置文件里加上下面一段
# vim /etc/yum.repos.d/rhel-debuginfo.repo
[amavisd]
name=amavisd
baseurl=ftp://2.2.2.10/amavisd_clamav_spam
enabled=1
gpgcheck=0
# yum install amavisd* -y
==============================================================
# cp /amavisd_clamav_spam/config/amavisd.conf /etc/
cp: overwrite `/etc/amavisd.conf'? y
--拷贝配置文件,覆盖原配置文件
[root@postfix doc]# vim /etc/amavisd.conf
$mydomain = 'aaa.com'; --改成你相对的域,为你的邮件域之一
@local_domains_maps = ( [".$mydomain", ".bbb.com"] );
--写上自己的虚拟域
$sa_tag2_level_deflt = 8.5; --改成8.5分方便测试
[root@postfix doc]# touch /var/amavis/whitelist
[root@postfix doc]# touch /var/amavis/blacklist
[root@postfix doc]# /etc/init.d/amavisd restart --启动
[root@postfix doc]# chkconfig amavisd on
====================================================
配置spamassassin
[root@postfix doc]# cp /amavisd_clamav_spam/config/local.cf /etc/mail/spamassassin/
cp: overwrite `/etc/mail/spamassassin/local.cf'? y
[root@postfix doc]# cat /etc/mail/spamassassin/local.cf
# These values can be overridden by editing ~/.spamassassin/user_prefs.cf
# (see spamassassin(1) for details)
# These should be safe assumptions and allow for simple visual sifting
# without risking lost emails.
required_hits 8.5 --这里改为8.5分
# Text to prepend to subject if rewrite_subject is used
rewrite_header Subject *****SPAM*****
# Encapsulate spam in an attachment
report_safe 0
# Enable the Bayes system
use_bayes 1
# Enable Bayes auto-learning
bayes_auto_learn 1
# Enable or disable network checks
skip_rbl_checks 1
# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales zh en
ok_languages zh en
score HEADER_8BITS 0
score HTML_COMMENT_8BITS 0
score SUBJ_FULL_OF_8BITS 0
score UPPERCASE_25_50 0
score UPPERCASE_50_75 0
score UPPERCASE_75_100 0
score NO_REAL_NAME 4.000
score SPF_FAIL 10.000
score SPF_HELO_FAIL 10.000
score BAYES_99 4.300
score BAYES_90 3.500
score BAYES_80 3.000
[root@postfix doc]# vim /etc/mail/spamassassin/v310.pre --修改它,打开下面一句
loadplugin Mail::SpamAssassin::Plugin::TextCat
[root@postfix doc]# cp /amavisd_clamav_spam/config/Chinese_rules.cf /usr/share/spamassassin/
--拷贝中文规则文件到规则目录
[root@postfix doc]# /etc/init.d/spamassassin start --启动服务
[root@postfix doc]# chkconfig spamassassin on
确认端口:
[root@postfix doc]# netstat -ntlup |grep 100
tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 8072/amavisd (maste
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 7656/master
[root@postfix doc]# netstat -ntlup |grep :25
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 7656/master
[root@postfix doc]# netstat -ntlup |grep :110
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 7040/dovecot
[root@postfix doc]# netstat -ntlup |grep :783
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 8146/spamd.pid
[root@postfix doc]# netstat -ntlup |grep 3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 3048/mysqld
[root@postfix ~]# netstat -ntlup |grep :3310
tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 7772/clamd
===========================================================
病毒邮件测试:
在http://www.eicar.org/anti_virus_test_file.htm 网站上可以下载病毒测试文件
发邮件,附件里把eicar.com放上去
[root@postfix doc]# ls /amavisd_clamav_spam/config/eicar.com
/amavisd_clamav_spam/config/eicar.com
发送后,发现不能收到,
但在服务器上可以看到被放到病毒目录里去了
[root@postfix doc]# ls /var/virusmails/virus-RLOHHpWvOjyI
/var/virusmails/virus-RLOHHpWvOjyI