POSTFIX反病毒反垃圾邮件系统安装

原创 2004年09月04日 14:27:00
孤独的鹰(cnhawk) <xwzheng@sina.com>

1.分区:


1G /


1G swap


3G /var 邮件存储在这里所以设置比较大


1G /tmp


1G /home


3G /usr


剩下 /data


2.用户


添加cnhawk用户,口令另行约定,cnhawk用户需加入wheel组,root口令另行约定


3. packages安装


选择最小化安装


选中


在custom选项里选中


compat3x


compat4x


man


ports


4.rc.conf


设定:


sendmail_enable="NONE"


5. 安装mysql


A.可以在ports中安装


Cd /usr/ports/databases/mysql323-server


Make install


安装的mysql的版本是mysql-3.23.58


B.以下是手动安装mysql-3.23.55


1)添加mysql用户组及mysql用户


hawk# pw groupadd mysql


hawk# pw useradd mysql -g mysql -s /nonexistent


2)配置安装


hawk# tar zxvf mysql-3.23.55.tar.gz


hawk# cd mysql-3.23.55


hawk# ./configure --prefix=/usr/local/mysql --with-low-memory /


--with-charset=gb2312 --without-debug


hawk# make


hawk# make install


hawk# scripts/mysql_install_db


hawk# chown -R root /usr/local/mysql


hawk# chown -R mysql /usr/local/mysql/var


hawk# chgrp -R mysql /usr/local/mysql


hawk# cp support-files/my-medium.cnf /etc/my.cnf


hawk# ln -s /usr/local/mysql/bin/safe_mysqld /usr/local/bin/safe_mysqld


hawk# ln -s /usr/local/mysql/bin/mysqladmin /usr/local/bin/mysqladmin


hawk# ln -s /usr/local/mysql/bin/mysql /usr/local/bin/mysql


hawk# ln -s /usr/local/mysql/lib/mysql /usr/local/lib/mysql


3)编辑用户数据库


以下是建库的语句


use mysql;


#======================postfix==================================


INSERT INTO user (host,user,password) VALUES('localhost','postfix','');


update user set password=password('hawk') where User='postfix';


FLUSH PRIVILEGES;


GRANT ALL ON mail.* TO postfix@localhost IDENTIFIED BY "hawk";


#======================courier==================================


INSERT INTO user (host,user,password) VALUES ('localhost','courier','');


update user set password=password('hawk') where User='courier';


FLUSH PRIVILEGES;


GRANT select,insert,update on mail.* TO courier;


#=======================MAIL.SQL=================================


#Create mail database


CREATE DATABASE mail;


use mail;


#Create the aliases table


CREATE TABLE aliases (


alias varchar(255) NOT NULL default '',


rcpt varchar(255) default NULL,


PRIMARY KEY (alias)


) TYPE=MyISAM;


#Create the transport table


CREATE TABLE transport (


domain char(128) NOT NULL default '',


transport char(128) NOT NULL default '',


UNIQUE KEY domain (domain)


) TYPE=MyISAM;


#Create thevirtua_users table


CREATE TABLE virtual_users (


unique_id int(32) unsigned NOT NULL auto_increment,


id char(128) NOT NULL default '',


password char(128) default NULL,


uid int(10) unsigned default '2003',


gid int(10) unsigned default '2003',


home char(255) default NULL,


maildir char(255) default NULL,


date_add date default NULL,


time_add time default NULL,


domain char(128) default NULL,


name char(255) default NULL,


imapok tinyint(3) unsigned default '1',


quota char(255) default '10485760',


PRIMARY KEY (id),


KEY unique_id (unique_id)


) TYPE=MyISAM;


#Create address table //该部分是为使用igenus而增加的。


CREATE TABLE address (


id int(32) unsigned NOT NULL auto_increment,


unique_id int(32) NOT NULL default '0',


name char(255) NOT NULL default ' ',


email char(255) NOT NULL default ' ',


PRIMARY KEY (id),


key unique_id (unique_id)


) TYPE=MyISAM;


#==========================================================


4)设置自启:


hawk# edit /usr/local/etc/rc.d/mysqld.sh


示例:mysqld.sh


#!/bin/sh


case "$1" in


start)


if [ -x /usr/local/mysql/bin/safe_mysqld ]; then


/usr/local/mysql/bin/safe_mysqld --user=mysql & > /dev/null && echo -n ' mysqld'


fi


;;


stop)


/usr/bin/killall mysqld > /dev/null 2>&1 && echo -n ' mysqld'


;;


*)


echo ""


echo "Usage: `basename $0` { start | stop }"


echo ""


exit 64


;;


esac


hawk# chmod 755 /usr/local/etc/rc.d/mysqld.sh


6.安装cyrus-sasl


1)安装cyrus-sasl-2.1.12


hawk# tar -zxvf cyrus-sasl-2.1.12.tar.gz


hawk# cd cyrus-sasl-2.1.12


hawk# ./configure --disable-sample --disable-pwcheck --disable-cram /


--disable-digest --disable-krb4 --disable-gssapi --disable-anon /


--with-saslauthd=/var/run/saslauthd --enable-plain --enable-login


hawk# make


hawk# make install


hawk# ln -s /usr/local/lib/sasl2 /usr/lib/sasl2


2)配置sasl的lib库


hawk# edit /etc/defaults/rc.conf


(在ldconfig_paths="/usr/loca/lib后面加上/usr/local/lib/sasl2")


hawk# shutdown -r now(使其生效)


3)运行saslauthd(如果使用pam直接认证,则该步骤可以省略)


示例saslauthd.sh


#!/bin/sh


case "$1" in


start)


if [ -x /usr/local/sbin/saslauthd ]; then


/usr/local/sbin/saslauthd -a pam > /dev/null && echo -n ' saslauthd'


fi


;;


stop)


/usr/bin/killall saslauthd > /dev/null 2>&1 && echo -n ' saslauthd'


;;


*)


echo ""


echo "Usage: `basename $0` { start | stop }"


echo ""


exit 64


;;


Esac


hawk# mkdir /var/run/saslauthd


hawk# edit /usr/local/etc/rc.d/saslauthd.sh


hawk# chmod 755 /usr/local/etc/rc.d/saslauthd.sh


4)准备postfix认证的配置文件


A)使用pam直接认证:


hawk# echo pwcheck_method: pam > /usr/local/lib/sasl2/smtpd.conf


B)使用saslauthd调用pam认证:


hawk# echo pwcheck_method: saslauthd > /usr/lib/sasl2/smtpd.conf


7. 安装 pam_mysql


安装 pam_mysql-0.5 (由于采用源码安装编译不能通过,故使用freebsd4.9 ports安装)


1)安装


hawk# pkg_add –r gmake (pam_mysql需要gmake)


hawk# cd /usr/ports/security/pam-mysql/


hawk# cp /usr/local/lib/pam_mysql.so /usr/lib/


2)配置pam.conf调用mysql支持sasl认证


hawk# edit /etc/pam.conf(将pop3 和imap的前面加上#)添加下列代码:


smtp auth sufficient pam_mysql.so user=postfix passwd=hawk host=localhost db=mail table=virtual_users usercolumn=id passwdcolumn=password crypt=1


smtp account required pam_mysql.so user=postfix passwd=hawk host=localhost db=mail table=virtual_users usercolumn=id passwdcolumn=password crypt=1


(注:密码使用crypt加密,如果使用明文密码cyrpt=0,如果使用password()加密crypt=2)


8.安装postfix


1)停止sendmail


hawk# mv /usr/bin/newaliases /usr/bin/newaliases.OFF


hawk# mv /usr/bin/mailq /usr/bin/mailq.OFF


hawk# mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF


hawk# mv /etc/rc.sendmail /etc/sendmail.OFF


hawk# edit /etc/rc.conf(在sendmail="YES"前面添加# )


2)添加postfix用户


hawk# pw groupadd postfix -g 2003


hawk# pw groupadd postdrop -g 2004


hawk# pw useradd postfix -u 2003 -g 2003 -d /dev/null -s /nologin


3)安装


安装postfix-2.0.10.tar.gz


hawk# tar zxvf postfix-2.0.10.tar.gz


hawk# cd postfix-2.0.10


如果你的mysql是源码编译请用下面这个命令


hawk# make -f Makefile.init makefiles 'CCARGS=-DUSE_SASL_AUTH -DHAS_MYSQL -I/usr/local/mysql/include/mysql -I/usr/local/include/sasl' 'AUXLIBS=-L/usr/local/lib/ -L/usr/local/mysql/lib/mysql -lmysqlclient -lsasl2 -lz -lm'


如果你的mysql是ports安装的请用下面这个命令


hawk# make -f Makefile.init makefiles 'CCARGS=-DUSE_SASL_AUTH -DHAS_MYSQL -I/usr/local/include/mysql -I/usr/local/include/sasl' 'AUXLIBS=-L/usr/local/lib/ -L/usr/local/lib/mysql -lmysqlclient -lsasl2 -lz -lm'


hawk# make


hawk# make install(第一次安装使用此命令,安装过程中如果提示错误则在提示选择tmp的时候使用/tmp)


hawk# make upgrade(升级老版本使用此命令)


4)配置


hawk# echo ‘postfix: root’ >> /etc/aliases


hawk# /usr/bin/newaliases


(注:如果提示postfix无法打开opiekeys文件则执行:#hawk chown postfix:postfix /etc/opiekeys)


A)编辑修改/etc/posftix/main.cf 示例:main.cf


#======= BASE ==============


myhostname = hawk.the9.com


mydomain = the9.com


home_mailbox=Maildir/


mydestination = $myhostname, $mydomain, $transport_maps


local_recipient_maps = 为空


mailbox_command= /usr/lib/courier-imap/bin/deliverquota -w 90 ~/Maildir


#======= MYSQL =============


transport_maps = mysql:/etc/postfix/transport.cf


virtual_gid_maps = mysql:/etc/postfix/gids.cf


virtual_mailbox_base = /var/mail


virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual.cf


virtual_maps = mysql:/etc/postfix/mysql.aliases.cf


virtual_uid_maps = mysql:/etc/postfix/uids.cf


#======= Quota ============


message_size_limit = 2097152 //限制每次发邮件的大小 2MB


virtual_mailbox_limit_inbox = no


virtual_mailbox_limit_maps = mysql:/etc/postfix/mailboxsize-mysql.cf


virtual_mailbox_limit_override = yes


virtual_maildir_extended = yes


virtual_create_maildirsize = yes


virtual_mailbox_limit = 10485760 //总邮箱的大小 10MB


#====== SASL ================


smtpd_sasl_auth_enable = yes


smtpd_sasl_security_options = noanonymous


broken_sasl_auth_clients = yes


smtpd_recipient_restrictions = permit_sasl_authenticated permit_auth_destinatio reject


#smtpd_sasl_local_domain = $mydomain


smtpd_client_restrictions = permit_sasl_authenticated


B)确认/etc/postfix/master.cf的配置有如下内容


virtual unix - n n - - virtual


C)编辑/etc/posftix/transport.cf


示例:transport.cf


user = postfix


password = hawk


dbname = mail


table = transport


select_field = transport


where_field = domain


hosts = localhost


D)编辑/etc/postfix/gids.cf


示例:gids.cf


user = postfix


password= hawk


dbname = mail


table = virtual_users


select_field = gid


where_field = id


hosts = localhost


E)编辑/etc/postfix/uids.cf


示例:uids.cf


user = postfix


password= hawk


dbname = mail


table = virtual_users


select_field = uid


where_field = id


hosts = localhost


F)编辑/etc/posftix/mysql_virtual.cf


示例:mysql_virtual.cf


user = postfix


password= hawk


dbname = mail


table = virtual_users


select_field = maildir


where_field = id


hosts = localhost


G)编辑/etc/postfix/mysql.aliases.cf 示例:mysql.aliases.cf


user = postfix


password= hawk


dbname = mail


table = aliases


select_field = rcpt


where_field = alias


hosts = localhost


H)编辑/etc/postfix/mailboxsize-mysql.cf 示例:mailboxsize-mysql.cf


user = postfix


password = hawk


dbname = mail


table = virtual_users


select_field = quota


where_field = id


hosts = localhost


5)设置自启动


hawk# edit /usr/local/etc/rc.d/postfix-server.sh


示例:postfix-server.sh


#!/bin/sh


case "$1" in


start)


if [ -x /usr/sbin/postfix ]; then


/usr/sbin/postfix start && echo -n ' postfix'


fi


;;


stop)


/usr/sbin/postfix stop && echo -n ' postfix'


;;


*)


echo ""


echo "Usage: `basename $0` { start | stop }"


echo ""


exit 64


;;


esac


hawk# chmod 755 /usr/local/etc/rc.d/postfix-server.sh


9.安装expect.tar.gz(need tcl)


hawk# pkg_add tcl-8.3.5_2.tgz


hawk# tar zxvf expect-5.38.tar.gz


hawk# cd expect-5.38


hawk# ./configure --enable-threads --with-tcl=/usr/local/lib/tcl8.3 --with-tclinclude=/usr/local/include/tcl8.3


hawk# make


hawk# make install


10.安装Courier-imap-1.7.1(need gmake、expect)


1、安装


hawk# pkg_add -r gmake 远程安装包


hawk# pw useradd cnhawk -g wheel(the software MUST run the configure script as normal user, not root)


hawk$ bunzip2 courier-imap-1.7.1.tar.bz2


hawk$ tar xvf courier-imap-1.7.1.tar


hawk$ cd courier-imap-1.7.1


如果你的mysql是源码编译请用下面这个命令


hawk$ ./configure --without-ipv6 --enable-unicode /


--enable-workarounds-for-imap-client-bugs /


--with-mysql-libs=/usr/local/mysql/lib/mysql /


--with-mysql-includes=/usr/local/mysql/include/mysql


如果你的mysql是ports安装请用下面这个命令


Hawk$./configure --without-ipv6 --enable-unicode --enable-workarounds-for-imap-client-bugs --with-mysql-libs=/usr/local/lib/mysql --with-mysql-includes=/usr/local/include/mysql


hawk$ gmake


hawk# su root


hawk# gmake install


hawk# gmake install-configure


2)配置


编辑修改/usr/lib/courier-imap/etc/authmysqlrc 示例:authmysqlrc


##VERSION: $Id: authmysqlrc,v 1.10 2002/04/02 23:41:41 mrsam Exp $


#


# Copyright 2000 Double Precision, Inc. See COPYING for


# distribution information.


#


# Do not alter lines that begin with ##, they are used when upgrading


# this configuration.


#


# authmysqlrc created from authmysqlrc.dist by sysconftool


#


# DO NOT INSTALL THIS FILE with world read permissions. This file


# might contain the MySQL admin password!


#


# Each line in this file must follow the following format:


#


# field[spaces|tabs]value


#


# That is, the name of the field, followed by spaces or tabs, followed by


# field value. Trailing spaces are prohibited.


##NAME: LOCATION:0


#


# The server name, userid, and password used to log in.


MYSQL_SERVER localhost


MYSQL_USERNAME courier


MYSQL_PASSWORD hawk


##NAME: MYSQL_SOCKET:0


#


# MYSQL_SOCKET can be used with MySQL version 3.22 or later, it specifies the


# filesystem pipe used for the connection


#


MYSQL_SOCKET /tmp/mysql.sock


##NAME: MYSQL_PORT:0


#


# MYSQL_PORT can be used with MySQL version 3.22 or later to specify a port to


# connect to.


MYSQL_PORT 3306


##NAME: MYSQL_OPT:0


#


# Leave MYSQL_OPT as 0, unless you know what you're doing.


MYSQL_OPT 0


##NAME: MYSQL_DATABASE:0


#


# The name of the MySQL database we will open:


MYSQL_DATABASE mail


##NAME: MYSQL_USER_TABLE:0


#


# The name of the table containing your user data. See README.authmysqlrc


# for the required fields in this table.


MYSQL_USER_TABLE virtual_users


##NAME: MYSQL_CRYPT_PWFIELD:0


#


# Either MYSQL_CRYPT_PWFIELD or MYSQL_CLEAR_PWFIELD must be defined. Both


# are OK too. crypted passwords go into MYSQL_CRYPT_PWFIELD, cleartext


# passwords go into MYSQL_CLEAR_PWFIELD. Cleartext passwords allow


# CRAM-MD5 authentication to be implemented.


MYSQL_CRYPT_PWFIELD password


##NAME: MYSQL_CLEAR_PWFIELD:0


#


#


# MYSQL_CLEAR_PWFIELD clear


##NAME: MYSQL_DEFAULT_DOMAIN:0


#


# If DEFAULT_DOMAIN is defined, and someone tries to log in as 'user',


# we will look up 'user@DEFAULT_DOMAIN' instead.


#


#


# DEFAULT_DOMAIN example.com


##NAME: MYSQL_UID_FIELD:0


#


# Other fields in the mysql table:


#


# MYSQL_UID_FIELD - contains the numerical userid of the account


#


MYSQL_UID_FIELD uid


##NAME: MYSQL_GID_FIELD:0


#


# Numerical groupid of the account


MYSQL_GID_FIELD gid


##NAME: MYSQL_LOGIN_FIELD:0


#


# The login id, default is id. Basically the query is:


#


# SELECT MYSQL_UID_FIELD, MYSQL_GID_FIELD, ... WHERE id='loginid'


#


MYSQL_LOGIN_FIELD id


##NAME: MYSQL_HOME_FIELD:0


#


MYSQL_HOME_FIELD home


##NAME: MYSQL_NAME_FIELD:0


#


# The user's name (optional)


MYSQL_NAME_FIELD name


##NAME: MYSQL_MAILDIR_FIELD:0


#


# This is an optional field, and can be used to specify an arbitrary


# location of the maildir for the account, which normally defaults to


# $HOME/Maildir (where $HOME is read from MYSQL_HOME_FIELD).


#


# You still need to provide a MYSQL_HOME_FIELD, even if you uncomment this


# out.


#


MYSQL_MAILDIR_FIELD maildir


##NAME: MYSQL_QUOTA_FIELD:0


#


# Define MYSQL_QUOTA_FIELD to be the name of the field that can optionally


# specify a maildir quota. See README.maildirquota for more information


#


MYSQL_QUOTA_FIELD quota


##NAME: MYSQL_WHERE_CLAUSE:0


#


# This is optional, MYSQL_WHERE_CLAUSE can be basically set to an arbitrary


# fixed string that is appended to the WHERE clause of our query


#


MYSQL_WHERE_CLAUSE imapok=1


##NAME: MYSQL_SELECT_CLAUSE:0


#


# (EXPERIMENTAL)


# This is optional, MYSQL_SELECT_CLAUSE can be set when you have a database,


# which is structuraly different from proposed. The fixed string will


# be used to do a SELECT operation on database, which should return fields


# in order specified bellow:


#


# username, cryptpw, uid, gid, clearpw, home, maildir, quota, fullname


#


# Enabling this option causes ignorance of any other field-related


# options, excluding default domain.


#


# There are two variables, which you can use. Substitution will be made


# for them, so you can put entered username (local part) and domain name


# in the right place of your query. These variables are:


# $(local_part) and $(domain)


#


# If a $(domain) is empty (not given by the remote user) the default domain


# name is used in its place.


#


# This example is a little bit modified adaptation of vmail-sql


# database scheme:


#


# MYSQL_SELECT_CLAUSE SELECT popbox.local_part, /


# CONCAT('{MD5}', popbox.password_hash), /


# popbox.clearpw, /


# domain.uid, /


# domain.gid, /


# CONCAT(domain.path, '/', popbox.mbox_name), /


# '', /


# domain.quota, /


# '', /


# FROM popbox, domain /


# WHERE popbox.local_part = '$(local_part)' /


# AND popbox.domain_name = '$(domain)' /


# AND popbox.domain_name = domain.domain_name


#


##NAME: MYSQL_CHPASS_CLAUSE:0


#


# (EXPERIMENTAL)


# This is optional, MYSQL_CHPASS_CLAUSE can be set when you have a database,


# which is structuraly different from proposed. The fixed string will


# be used to do an UPDATE operation on database. In other words, it is


# used, when changing password.


#


# There are four variables, which you can use. Substitution will be made


# for them, so you can put entered username (local part) and domain name


# in the right place of your query. There variables are:


# $(local_part) , $(domain) , $(newpass) , $(newpass_crypt)


#


# If a $(domain) is empty (not given by the remote user) the default domain


# name is used in its place.


# $(newpass) contains plain password


# $(newpass_crypt) contains its crypted form


#


# MYSQL_CHPASS_CLAUSE UPDATE popbox /


# SET clearpw='$(newpass)', /


# password_hash='$(newpass_crypt)' /


# WHERE local_part='$(local_part)' /


# AND domain_name='$(domain)'


#


编辑修改/usr/lib/courier-imap/etc/authdaemonrc


version="authdaemond.mysql"


3)设置自启动


hawk# cd /usr/local/etc/rc.d


hawk# ln -s /usr/lib/courier-imap/libexec/imapd.rc imapd.sh


hawk# ln -s /usr/lib/courier-imap/libexec/pop3d.rc pop3d.sh


hawk# chmod 755 imapd.sh


hawk# chmod 755 pop3d.sh


现在开始测试:


1)设置用户:


hawk# mysql


mysql> use mail;


在数据库里你可以看到


mysql> show tables;


+----------------+


| Tables_in_mail |


+----------------+


| aliases |


| transport |


| virtual_users |


+----------------+


mysql> desc aliases;


+-------+--------------+------+-----+---------+-------+


| Field | Type | Null | Key | Default | Extra |


+-------+--------------+------+-----+---------+-------+


| alias | varchar(255) | | PRI | | |


| rcpt | varchar(255) | YES | | NULL | |


+-------+--------------+------+-----+---------+-------+


mysql> insert aliases values('postmaster@the9.com','cnhawk@the9.com');


mysql> insert aliases values('postmaster@freebsd.net','cnhawk@freebsd.net');


mysql> select * from aliases;


+--------------------------+--------------------+


| alias | rcpt |


+--------------------------+--------------------+


| postmaster@the9.com | cnhawk@the9.com |


| postmaster@freebsd.net | cnhawk@freebse.net |


+--------------------------+--------------------+


mysql> desc transport;


+-----------+-----------+------+-----+---------+-------+


| Field | Type | Null | Key | Default | Extra |


+-----------+-----------+------+-----+---------+-------+


| domain | char(128) | | PRI | | |


| transport | char(128) | | | | |


+-----------+-----------+------+-----+---------+-------+


mysql> insert transport values('the9.com','virtual:');


mysql> insert transport values('freebsd.net','virtual:');


mysql> select * from transport;


+---------------+-----------+


| domain | transport |


+---------------+-----------+


| nankai.edu.cn | virtual: |


| freebsd.net | virtual: |


+---------------+-----------+


mysql> desc virtual_users;


+-----------+---------------------+------+-----+----------+----------------+


| Field | Type | Null | Key | Default | Extra |


+-----------+---------------------+------+-----+----------+----------------+


| unique_id | int(32) unsigned | | MUL | NULL | auto_increment |


| id | char(128) | | PRI | | |


| password | char(128) | YES | | NULL | |


| uid | int(10) unsigned | YES | | 104 | |


| gid | int(10) unsigned | YES | | 104 | |


| home | char(255) | YES | | NULL | |


| maildir | char(255) | YES | | NULL | |


| date_add | date | YES | | NULL | |


| time_add | time | YES | | NULL | |


| domain | char(128) | YES | | NULL | |


| name | char(255) | YES | | NULL | |


| imapok | tinyint(3) unsigned | YES | | 1 | |


| quota | char(255) | YES | | 10485760 | |


+-----------+---------------------+------+-----+----------+----------------+


mysql> INSERT INTO virtual_users


mysql> (id,home,password,maildir,date_add,time_add,domain,name)


mysql> VALUES ('cnhawk@the9.com','/var/mail/',encrypt('cnhawk'),


mysql> 'the9.com/cnhawk/Maildir/','2003-04-23','01:18:24','the9.com','cnhawk');


mysql> INSERT INTO virtual_users


mysql> (id,home,password,maildir,date_add,time_add,domain,name)


mysql> VALUES ('hawk@freebsd.net','/var/mail/',encrypt('hawk'),


mysql> 'freebsd.net/hawk/Maildir/','2003-04-23','01:18:24','freebsd.net','hawk');


mysql> quit


2)设置用户的目录与权限:


hawk# mkdir -p /var/mail/the9.com/cnhawk


hawk# mkdir -p /var/mail/freebsd.net/hawk


hawk# cd /usr/lib/courier-imap/bin


hawk# ./maildirmake /var/mail/the9.com/cnhawk/Maildir


hawk# ./maildirmake /var/mail/freebsd.net/hawk/Maildir


hawk# chmod -R 700 /var/mail/the9.com/


hawk# chmod -R 700 /var/mail/freebsd.net/


hawk# chown -R postfix:postfix /var/mail/the9.com


hawk# chown -R postfix:postfix /var/mail/freebsd.net


至此用户设置完毕,这里仅仅使用两个虚拟域,同理可以设置若干个虚拟域,如:mail.com


3)用户登录测试:


先用perl的mod来产生这个base64编码,安装ports在/usr/ports/converters/p5-MIME-Base64/


先获取plain字符窜。为了获得plain字符串,必须要用base64编码


hawk# perl -MMIME::Base64 -e 'print encode_base64("cnhawk/@the9.com");'


在@前面的加个/才可以成功得到字符串


Y25oYXdrQHRoZTkuY29t


hawk# perl -MMIME::Base64 -e 'print encode_base64("cnhawk");'


Y25oYXdr


%telnet 127.0.0.1 25


Trying 127.0.0.1...


Connected to 0.


Escape character is '^]'.


220 hawk.the9.com ESMTP Postfix


ehlo hawk


250-hawk.the9.com


250-PIPELINING


250-SIZE 2097152


250-VRFY


250-ETRN


250-AUTH LOGIN PLAIN OTP


250-AUTH=LOGIN PLAIN OTP


250-XVERP


250 8BITMIME


auth login


334 VXNlcm5hbWU6


Y25oYXdrQHRoZTkuY29t (此为用户名id:cnhawk@the9.com)


334 UGFzc3dvcmQ6


Y25oYXdr (此为用户密码password:cnhawk)


235 Authentication successful


quit


221 Bye


Connection closed by foreign host.


hawk# telnet 127.0.0.1 110


Trying 127.0.0.1....


Connected to 0.


Escape character is '^]'.


+OK Hello there.


user cnhawk@the9.com


+OK Password required.


pass cnhawk


+OK logged in. (OK,pop 登录成功)


quit


+OK Bye-bye.


Connection closed by foreign host.


也可以使用任何其它的邮件客户端程序来测试,如foxmail、Outlook Express等等。


然后安装webmail


安装igenus


1.安装:


hawk # cd /usr/ports/www/apache2


hawk # make install


hawk# cd /usr/ports/www/mod_php4


hawk# make install


hawk# cd /var/mail


hawk# tar zxvf igenus_docn.tar.gz


hawk# edit /usr/local/apache/conf/httpd.conf


2.配置:


1)Group nobody、User nobody


修改为: Group postfix、User postfix


2)DocumentRoot "/usr/local/apache/htdocs"


修改为:DocumentRoot "/var/mail/webmail"


3) 查找 AddDefaultCharset ISO-8859-1


改为AddDefaultCharset GB2312 #中文支持


添加AddType application/x-httpd-php .php #php支持


4)修改config_inc.php文件


$CFG_BASEPATH = "/var/mail/webmail";


$CFG_MYSQL_HOST = 'localhost';


$CFG_MYSQL_USER = 'postfix';


$CFG_MYSQL_PASS = 'hawk';(同以上密码,均可以自己修改)


$CFG_MYSQL_DB = 'mail';


5) 编辑/usr/local/etc/php.ini,修改:


Cp /usr/local/etc/php.ini-dist /usr/local/etc/php.ini


register_globals = On


3.使用:


最后在浏览器的URL中输入:


http://IP 因为没有DNS 有了DNS就好了 可以直接定位域名


1. 修改/etc/php.ini


max_execution_time = 30 #改为60 (增加处理脚本的时间限制)


memory_limit = 8M #改为40M (这样才能发10M的附件)


post_max_size = 2M #改为10M


upload_max_filesize = 2M #改为10M


2. 修改/etc/httpd/conf.d/php.conf


<Files *.php>


SetOutputFilter PHP


SetInputFilter PHP


LimitRequestBody 524288 #把524288改为10485760


</Files>


这里的 LimitRequestBody 524288 限定了上传附件的上限为512k, 将其改为10M


3. 修改/etc/postfix/main.cf, 添加如下语句:


message_size_limit = 14336000


postfix的默认值是10M, 但这指的是邮件正文和编码后附件的总和, 经过base64编码,附件的大小会增加35%左右, 因此这里设定可接受邮件的大小为14M


可以使用如下命令查看postfix的有关设定:


/usr/sbin/postconf | grep size


4. 重起apache和postfix.
反垃圾邮件 反病毒邮件部分
1.安装McAfee uvscan
BSD上的最新的版本是vbsd424e,虽然是试用但是可以升级也没有功能限制。
最新病毒库的版本是dat-4306.tar = b4af8aa33b670d15cc43ebf6f4967498
如何你的ports中的病毒库不是最新的版本 可以修改ports中的文件 可以去www.nai.com上面直接下载
安装McAfee AntiVirus
hawk# cd /usr/ports/security/vscan
hawk# make install clean
2.AMaViS的安装
AMaViS是uvscan和postfix之间的一个桥梁,完成邮件解码,交给uvscan查毒,然后再处理,转发操作。
2.1在ports中安装
我这里的版本号是amavisd-new-20030616
hawk# cd /usr/ports/security/amavisd-new/
# make install clean
hawk# cd /usr/local/etc
hawk# cp amavisd.conf-dist amavisd.conf
hawk# chown vscan amavisd.conf
hawk# chmod 750 amavisd.conf
hawk# chown vscan /usr/local/sbin/amavisd
hawk# chmod 750 /usr/local/sbin/amavisd
修改 amavisd.conf
$mydomain = 'the9.com'; (修改成你自己的)
$TEMPBASE = "/tmp";
$forward_method = 'smtp:127.0.0.1:10025';
$notify_method = $forward_method;
以下的可以根据你的服务器情况设定
$virus_admin = "vscan/@$mydomain"
$mailfrom_notify_admin = "vscan/@$mydomain";
$mailfrom_notify_recip = "vscan/@$mydomain";
$mailfrom_notify_spamadmin = "vscan/@$mydomain";
# $QUARANTINEDIR = '/var/virusmails';
2.2修改postfix
在 /etc/postfix/master.cf 中
smtp inet n - n - - smtpd
改为如下:
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
注意 关于127.0.0.1:10025 的 content_filter 为空白,是因为在 postfix 的 main.cf 中,先前已有定义 content_filter 的话,可能会造成在本地邮件不停的转寄给自己,要是有这样的情况发生,postfix 的日志中会出现以下信息「Error: too many hops 」。
测试
hawk# /usr/local/sbin/postfix stop
hawk# /usr/local/sbin/postfix start
hawk# su - vscan
hawk# /usr/local/sbin/amavisd debug
启动另一个终端:
hawk# telnet 127.0.0.1 10024
Trying 127.0.0.1...
Connected to localhost.the9.com.
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
MAIL FROM:<cnhawk@the9.com>
250 2.1.0 Sender cnhawk@the9.com OK
RCPT TO:<cnhawk@the9.com>
250 2.1.5 Recipient cnhawk@the9.com OK
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: Test 2
X5O!P%@AP[4/PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
.
250 2.5.0 Ok, id=00116-02, BOUNCE <-- 出现这个表示系统已经认出这个邮件中含有 Virus
QUIT
2.3安装配置 Spamassassin
在最新的AMaVisd-new已经结合了Spamassassin功能,所以只要用 ports安装了 AMaVisd-ne,那 Spamassassin 也已经安装好了。
Port: amavisd-new-20030616.p5
Path: /usr/ports/security/amavisd-new
Info: Performance-enhanced daemonized version of amavis-perl
Maint: blaz@si.FreeBSD.org
Index: security
B-deps:
R-deps: arc-5.21e.8_1 freeze-2.5_1 lha-1.14i_1 lzo-1.08_1 lzop-1.01 p5-Archive-Tar-1.05 p5-Archive-Zip-1.06 p5-Authen-SASL-2.04 p5-Compress-Zlib-1.22 p5-Convert-TNEF-0.17 p5-Convert-UUlib-0.213 p5-Digest-HMAC-1.01 p5-Digest-MD5-2.27 p5-Digest-Nilsimsa-0.06 p5-Digest-SHA1-2.04 p5-File-Spec-0.82 p5-HTML-Parser-3.31 p5-HTML-Tagset-3.03 p5-IO-1.20 p5-IO-stringy-2.108 p5-MIME-Base64-2.20 p5-MIME-Tools-5.411a_2 p5-Mail-SpamAssassin-2.55 p5-Mail-Tools-1.58 p5-Net-1.16,1 p5-Net-DNS-0.40 p5-Net-Server-0.85 p5-PodParser-1.24 p5-Test-Harness-2.28 p5-Test-Simple-0.47_1 p5-Time-HiRes-1.50,1 p5-URI-1.25 p5-Unix-Syslog-0.100 razor-agents-2.36 unarj-2.43_1 unrar-3.20,2 zoo-2.10.1
如果服务器不需要 Spamassassin 的功能那这个步骤可以取消。
添加需要的用户
hawk# pw useradd spam -c "Spam Bayes Learner" -d /var/empty -s /sbin/nologin
hawk# pw useradd notspam -c "Not Spam Bayes Learner" -d /var/empty -s /sbin/nologin
修改 /usr/local/etc/mail/spamassassin/local.cf
use_bayes 1
bayes_path /var/amavis/.spamassassin/bayes
auto_learn 1
auto_learn_threshold_nonspam -2
auto_learn_threshold_spam 15
修改 /usr/local/etc/amavisd.conf
$max_servers = 2;
$max_requests = 10;
$child_timeout=5*60;
@bypass_virus_checks_acl = qw( . );
@local_domains_acl = ( ".$mydomain" );
$final_spam_destiny = D_PASS;
read_hash(/%whitelist_sender, '/var/amavis/whitelist');
read_hash(/%blacklist_sender, '/var/amavis/blacklist');
read_hash(/%spam_lovers, '/var/amavis/spam_lovers');
# SpamAssassin settings
#$sa_local_tests_only = 1;
$sa_auto_whitelist = 1;
$sa_mail_body_size_limit = 64*1024;
$sa_tag_level_deflt = 4.0;
$sa_tag2_level_deflt = 6.3;
$sa_kill_level_deflt = $sa_tag2_level_deflt;
$sa_spam_subject_tag = '***SPAM*** ';
建立所需要的文件
hawk# touch /var/amavis/whitelist
hawk# touch /var/amavis/blacklist
hawk# touch /var/amavis/spam_lovers
hawk# chown vscan /var/amavis/whitelist
hawk# chown vscan /var/amavis/blacklist
hawk# chown vscan /var/amavis/spam_lovers
hawk# echo spam@the9.com >> /var/amavis/spam_lovers
hawk# echo notspam@the9.com >> /var/amavis/spam_lovers
修改/usr/local/etc/postfix/main.cf
添加
content_filter = smtp-amavis:[127.0.0.1]:10024
建立自动学习体系
Bayesian Learning Script
hawk# vi /usr/local/sbin/my-sa-learn.sh
#!/bin/sh
if [ -e /var/mail/spam ]; then
/usr/local/bin/sa-learn --spam -p /var/amavis/.spamassassin/user_prefs --mbox /var/mail/spam
rm /var/mail/spam > /dev/null
fi
if [ -e /var/mail/notspam ]; then
/usr/local/bin/sa-learn --ham -p /var/amavis/.spamassassin/user_prefs --mbox /var/mail/notspam
rm /var/mail/notspam > /dev/null
fi
建立Bayes学习知识库:
hawk# /usr/bin/sa-learn --rebuild -p /var/amavis/.spamassassin/user_prefs
这样就可以自动学习了
hawk# chmod 700 /usr/local/sbin/my-sa-learn.sh
hawk# crontab -e
5 0 * * * /usr/local/sbin/my-sa-learn.sh
下面重新启动服务让设置生效
hawk# /usr/local/etc/rc.d/postfix.sh stop
hawk# /usr/local/etc/rc.d/postfix.sh start
hawk# /usr/local/etc/rc.d/amavisd.sh stop
hawk# /usr/local/etc/rc.d/amavisd.sh start
要是使用 Spamassassin 的 spamd,也需要重新启动。
启动 AMaVisd 时,确认是否有找到反病毒软件
hawk# cat /var/log/maillog |grep NAI
Dec 1 03:37:07 hawk amavis[112]: Found primary av scanner NAI McAfee AntiVirus (uvscan) at /usr/local/bin/uvscan
Dec 1 15:36:00 hawk amavis[110]: Found primary av scanner NAI McAfee AntiVirus (uvscan) at /usr/local/bin/uvscan
Dec 1 16:14:28 hawk amavis[110]: Found primary av scanner NAI McAfee AntiVirus (uvscan) at /usr/local/bin/uvscan
要是有这样的信息说明已经找到杀毒软件
病毒更新脚本
需要wget支持
先安装wget
hawk# pkg_add –r wget
安装完毕
hawk# vi /usr/local/libexec/uvscan/update-dat.sh
添加下面的内容
#!/bin/sh
#
# update-dat.sh
#
cd /usr/local/libexec/uvscan/
wget -q -O readme.txt http://download.nai.com/p......tfiles/4.x/nai/readme.txt >/dev/null
AVVER=`head -11 readme.txt | grep '4[0-9][0-9][0-9]' | head -1 | sed -e 's/^.*/(4[0-9]*/).*$//1/'`
if [ ! -f dat-$AVVER.tar ]; then
for i in *.tar ; do
mv $i $i.old
done
if wget http://download.nai.com/p......es/4.x/nai/dat-$AVVER.tar >/dev/null ; then
for i in *.dat ; do
cp -p $i $i.bak
done
if tar xf dat-$AVVER.tar ; then
rm -f *.old
echo `date` Successfully updated AntiVirus DAT files to $AVVER
fi
fi
fi
然后放入crontab 定时自动运行就可以自动更新病毒文件了。
完成后的邮件界面,已经收到的病毒警告邮件,这些标题在amavisd.conf里修改就可以了

怎样为任何控件和区域添加提示信息:用自己封装的CTip类

MFC中有一个CToolTipCtrl类,想必大家都知道,近来我在一个项目中需要在ActiveX Control上为特定的控件或区域添加提示.开始使用CToolTipCtrl,但发现它根本就不工作.无...
  • flower
  • flower
  • 2000-09-26 13:56:00
  • 798

CentOS上安装带虚拟域,防病毒,反垃圾邮件的邮件服务器

概要:计划部署邮件服务器,参考网络众多文章,有些信息不全,有些设置比较含糊,遂自己按部就班逐一安装测试下来,根据自己的安装过程实现 虚拟域-用户,POP3,POP3S,IMAP,IMAPS,网页邮件,...
  • ahstudy
  • ahstudy
  • 2011-10-25 16:41:26
  • 1057

Postfix (3) 反垃圾邮件的措施(2)

本系统接着Postfix (3) 反垃圾邮件的措施(1)继续
  • php_boy
  • php_boy
  • 2011-08-04 12:58:05
  • 1767

spamassassin反垃圾邮件规则

http://wiki.apache.org/spamassassin/CustomRulesets
  • wangdeng1314
  • wangdeng1314
  • 2010-03-03 16:06:00
  • 689

FreeBSD下使用Port安装Postfix反垃圾、病毒邮件系统 For MySQL

[附言] 本文使用MySQL作为认证数据库! 该附言或许不成其为什么许可证,但还是希望您尊重作者...
  • alexdream
  • alexdream
  • 2007-09-21 16:16:00
  • 1741

Postfix上的反垃圾邮件的四个方法

在介绍如何配置Postfix的smtp配置之前有必要首先介绍一下它的背景和特点。Postfix是一个由IBM资助下由Wietse Venema 负责开发的自由软件工程的一个产物,其目的是为用户提供除s...
  • zhaozhanyong
  • zhaozhanyong
  • 2011-06-28 11:27:00
  • 1817

Postfix过滤垃圾邮件

在main.cf配置文件中的header_checks参数可以扫描邮件头,在邮件中查找特定的词语,包含这些词语的邮件将不被发送。下面是header_checks参数格式: header_chec...
  • zhaozhanyong
  • zhaozhanyong
  • 2011-06-28 11:29:00
  • 2973

postfix反垃圾邮件

postfix反垃圾邮件 #安装spamassassin 软件包 主要目录: #spamassassin 与 postfix 整合编辑postfix 主配置文件 vim /etc/postfix/...
  • w1781806162
  • w1781806162
  • 2015-06-11 17:08:49
  • 464

Exchange2010---反垃圾邮件配置

转自:http://ibm.chick.blog.163.com/blog/static/144201610201411222529309/     转自:http://bbs.winos.cn...
  • uiwgi
  • uiwgi
  • 2015-01-22 15:53:27
  • 3378

如何利用Postfix、Dovecot、MySQL与SpamAssassin配置一套邮件服务器

提供:ZStack云计算 内容介绍在本教程中,我们将利用Postfix、Dovecot、MySQL与SpamAssassin在Ubuntu 12.04上配置一套邮件服务器。遵循本教程的内容,大家将能够...
  • zstack_org
  • zstack_org
  • 2017-05-10 09:32:09
  • 1544
收藏助手
不良信息举报
您举报文章:POSTFIX反病毒反垃圾邮件系统安装
举报原因:
原因补充:

(最多只允许输入30个字)