前些时间了解了下OpenLDAP(
[url]http://waringid.blog.51cto.com/65148/79517[/url]
),加上近段时间公司对Exchange邮件服务器作了一些规范要求,需要统一各地区(香港,无锡,江西,清远)的邮件显示名.(各地区有不同的邮件服务器,通过Microsoft的MIIS实现所有的联系人同步),初步估算了下要修改的用户差不多有800人,如果使用手工处理的话,那将是一个噩梦.还好通过微软自带的工具搞定了这个事情,也让我重新认识了LDAP的威力.所以想起以前做过的Mysql的Postfix邮件系统(
[url]http://waringid.blog.51cto.com/65148/58412[/url]
),为了更好的了解LDAP相关的东东,于是就有了这篇文章.其实这篇文章的其它部份和以前的那篇文章是多不多的,只不过将数据库由Mysql改成了LDAP而已.如果你也对这个感兴趣,那么,一起来吧.
当然,开始之前都免不了要介绍一番,不然,看了半天也不知其所然.所以这里交待一下相关的系统及所需的软件及构建邮件后所拥有的功能.系统用的是RedHat AS 4,系统安装时所安装的组件和(
[url]http://waringid.blog.51cto.com/65148/79517[/url]
)文中所说的一致,只安装了"开发工具".而本文所用到的软件及下载地址可以参考(
[url]http://waringid.blog.51cto.com/65148/58144[/url]
),如果你想通过YUM的方式来安装相应的软件(这样是最方便的做法),你可以参考(
[url]http://waringid.blog.51cto.com/65148/51947[/url]
).最后完成的组件是:OpenLDAP+Sasl+Authlib+imap+maildrop+Apache+php+clamav+amavisd+extmail.相关的配置文件我会打包放在本文中,如果在配置中有什么问题可以参考一下.也欢迎大家一起讨论学习.
增加系统相关用户:
这其中的作用就不用我多说了吧,相信看过前面的文章或是了解过Postfix的人都应该很明白的.如果实在不清楚的话就去问Google吧,那里有最好的答案.
groupadd -g 1001 vmail groupadd postfix groupadd postdrop groupadd amavis groupadd clamav useradd vmail -g vmail -u 1001 useradd postfix -g postfix useradd amavis -g amavis useradd clamav -g clamav增加LDAP服务器记录:
这两台记录其实是LDAP客户端查询LDAP服务器的记录,在客户端的设置文件中(ldap.conf)会用到这些记录,当然,你可以更改成其它任何的名称,如果所有的软件都是安装在同一台服务器上的话,IP地址可以设成127.0.0.1,我这里设置的是实际的地址.
echo "192.168.44.64 ldap.test.com" >> /etc/hosts echo "192.168.44.64 ldap-master.test.com" >> /etc/hosts安装OpneLDAP:
你可以通过两种方式来安装,第一种是在安装系统是自已就安装了,你如果认为它的版本太低了,可以通过YUM的方式升级一下,也可以通过源代码的方式安装( [url]http://waringid.blog.51cto.com/65148/79517[/url] ),我这里是通过YUM的方式升级了一下,如果通过源代码安装的话,那后面的一些组件的安装时就需要注意一下路径了.
yum update openldap配置OpenLDAP:
配置LDAP需要用到extman中的schema文件,所以要先复制extman中的对于LDAP支持的schema文件到相应的地方.具体的操作如下:
tar zxvf extman-0.2.4.tar.gz
cd extman-0.2.4
cd docs
cp ./extmail.schema /etc/openldap/schema/ #复制相应的schema文件以支持Extmail
vi /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/extmail.schema # 这里需要用到它
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database ldbm # 数据库的存储方式可以是bdb及ldbm
suffix "dc=test.com"
rootdn "cn=Manager,dc=test.com"
rootpw {crypt}$1$s/DotdqM$B99BEOpyYJtD.CgJ34s721 #加密后的密码,
可以有多种方式,也可以使用明码
directory /var/lib/ldap
index objectClass eq
index mail,active,virtualDomain,mailLocalAddress eq,pres
配置LDAP客户端文件:
这个文件的目的是为了客户端在执行查询或其它相关操作时能找到相应的服务器,如果没这个设置,可能会出现找不到LDAP这样的错误.
vi /etc/openldap/ldap.conf HOST 127.0.0.1 BASE dc=test.com URI ldap://ldap.test.comldap://ldap-master.test.com:389 SIZELIMIT 12 TIMELIMIT 15 DEREF nerver启动LDAP:
当然,如果你是使用源码编译LDAP的话,可能这样启动不了,但是如果能以源码的方式成功安装OpenLDAP,相信启动它也不会很困难的.
service ldap start修改并导入初始化文件:
vi /tmp/extman-0.2.4/docs/init.ldif # extman的初始化文件 :1,$ s/extmail.org/test.com/g # 将原有的extmail.org替换为test.com ldapadd -x -D "cn=Manager,dc=test.com" -w password \ -f /tmp/extman-0.2.4/docs/init.ldif # 导入初始化文件安装BerkeleyDB:
tar zxvf db-4.5.20.tar.gz cd db-4.5.20/build_unix ../dist/configure --prefix=/usr/local/BerkeleyDB make make install mv /usr/include/db4 /usr/include/db4.off rm /usr/include/db_cxx.h rm /usr/include/db.h rm /usr/include/db_185.h ln -sv /usr/local/BerkeleyDB/include /usr/include/db4 ln -sv /usr/local/BerkeleyDB/include/db.h /usr/include/db.h ln -sv /usr/local/BerkeleyDB/include/db_cxx.h /usr/include/db_cxx.h echo "/usr/local/BerkeleyDB/lib" >> /etc/ld.so.conf ldconfig -v安装Apache:
tar xvf httpd-2.2.4.tar.gz cd httpd-2.2.4 ./configure --prefix=/usr/local/httpd --sysconfdir=/etc --enable-so \ --enable-ssl --enable-track-vars --enable-rewrite --with-zlib \ --enable-mods-shared=most --enable-suexec --with-suexec-caller=daemon \ --with-suexec-docroot=/var/www/ make make install echo "/usr/local/httpd/bin/apachectl start" >> /etc/rc.local安装PNG支持:
tar zxvf libpng-1.2.16.tar.gz cd libpng-1.2.16 ./configure --prefix=/usr/local/png make make install echo "/usr/local/png/lib" >>/etc/ld.so.conf ldconfig -v ln -sv /usr/local/png/lib/* /usr/lib/ ln -sv /usr/local/png/lib/* /usr/local/lib/安装JPEG支持:
mkdir /usr/local/jpeg mkdir /usr/local/jpeg/bin mkdir /usr/local/jpeg/lib mkdir /usr/local/jpeg/include mkdir /usr/local/jpeg/man mkdir /usr/local/jpeg/man/man1 tar zxvf jpegsrc.v6b.tar.gz cd jpeg-6b/ ./configure --prefix=/usr/local/jpeg --enable-shared --enable-static make make install echo "/usr/local/jpeg/lib/" >> /etc/ld.so.conf ldconfig -v ln -sv /usr/local/jpeg/lib/* /usr/lib/ ln -sv /usr/local/jpeg/lib/* /usr/local/lib/安装Freetype支持:
tar zxvf freetype-2.3.2.tar.gz cd freetype-2.3.2 ./configure --prefix=/usr/local/freetype make make install echo "/usr/local/freetype/lib/" >> /etc/ld.so.conf ldconfig -v ln -sv /usr/local/freetype/lib/* /usr/lib/ ln -sv /usr/local/freetype/lib/* /usr/local/lib/安装Fontconfig支持:
tar zxvf fontconfig-2.4.0.tar.gz cd fontconfig-2.4.0 ./configure --prefix=/usr/local/fontconfig \ --with-freetype-config=/usr/local/freetype/bin/freetype-config make make install echo "/usr/local/fontconfig/lib/" >> /etc/ld.so.conf ldconfig -v ln -sv /usr/local/fontconfig/lib/* /usr/lib/ ln -sv /usr/local/fontconfig/lib/* /usr/local/lib/安装相关支持:
rpm -ivh freetype-devel-2.1.9-1.i386.rpm rpm -ivh fontconfig-devel-2.2.3-7.i386.rpm rpm -ivh xorg-x11-devel-6.8.1-23.EL.i386.rpm安装XPM支持:
tar zxvf xpm-3.4k.tar.gz cd xpm-3.4k xmkmf -a make make install安装GD支持:
tar zxvf gd-2.0.34.tar.gz cd gd-2.0.34 ./configure --prefix=/usr/local/gd --with-png=/usr/local/png/ \ --with-jpeg=/usr/local/jpeg/ --with-freetyp=/usr/local/freetype/ \ --with-fontconfig =/usr/local/fontconfig/--with-xpm cp /usr/local/png/include/png.h ./ cp /usr/local/png/include/pngconf.h ./ make make install ln -sv /usr/local/gd/lib/* /usr/lib/ ln -sv /usr/local/gd/lib/* /usr/local/lib/安装courier-authlib:
tar jxvf courier-authlib-0.59.3.tar.bz2 cd courier-authlib-0.59.3 ./configure --with-redhat \ --with-mailuser=vmail --with-mailgroup=vmail \ --with-authldaprc=/etc/authlib/authldaprc --sysconfdir=/etc \ --prefix=/usr/local/authlib --without-stdheaderdir make make install make install-configure echo "/usr/local/authlib/lib/courier-authlib" >> /etc/ld.so.conf ldconfig -v cp courier-authlib.sysvinit /etc/init.d/courier-authlib chmod 755 /etc/init.d/courier-authlib chkconfig --add courier-authlib chkconfig --level 2345 courier-authlib on service courier-authlib start chmod +x /usr/local/authlib/var/spool/authdaemon设置配置文件authdaemonrc:
vi /etc/authlib/authdaemonrc authmodulelist="authldap" authmodulelistorig="authldap" DEBUG_LOGIN=2配置authldaprc:
LDAP_URI ldap://ldap.test.com LDAP_PORT 389 LDAP_PROTOCOL_VERSION 3 LDAP_TIMEOUT 5 LDAP_MAIL mail LDAP_FILTER (active=1) LDAP_GLOB_UID vmail LDAP_GLOB_GID vmail LDAP_HOMEDIR homeDirectory LDAP_MAILROOT /var/domains LDAP_MAILDIRQUOTA mailQuota LDAP_CRYPTPW userPassword LDAP_DEREF never LDAP_TLS 0安装Sasl:
tar zxvf cyrus-sasl-2.1.21.tar.gz cd cyrus-sasl-2.1.21 ./configure --prefix=/usr/local/sasl2 \ --disable-anon -enable-plain --enable-login --enable-ldapdb \ --with-ldap=/usr/ \ --with-authdaemond=/usr/local/authlib/var/spool/authdaemon/socket make make install mv /usr/lib/sasl2 /usr/lib/sasl2.OFF ln -sv /usr/local/sasl2/lib/* /usr/lib ln -sv /usr/local/sasl2/lib/* /usr/local/lib ln -sv /usr/local/sasl2/include/sasl/* /usr/local/include mkdir -pv /var/state/saslauthd echo "/usr/local/sasl2/lib" >> /etc/ld.so.conf echo "/usr/local/sasl2/lib/sasl2" >> /etc/ld.so.conf echo "/usr/local/sasl2/sbin/saslauthd -a shadow ldao">>/etc/rc.local /usr/local/sasl2/sbin/saslauthd -a shadow ldap设置Sasl配置文件:
vi /usr/local/lib/sasl2/smtpd.conf pwcheck_method:authdaemond mech_list:PLAIN LOGIN log_level:3 authdaemond_path:/usr/local/authlib/var/spool/authdaemon/socket安装并配置PHP:
tar zxvf php-5.2.3.tar.gz cd php-5.2.3 ./configure --prefix=/usr/local/php \ --with-ldap=/usr --with-ldap-sasl=/usr/local/sasl2 \ --with-apxs2=/usr/local/httpd/bin/apxs --sysconfdir=/etc \ --with-libxml-dir=/usr/include/libxml2/libxml --with-gd=/usr/local/gd \ --with-png=/usr/local/png/ --with-jpeg=/usr/local/jpeg/ \ --with-xpm --with-zlib --enable-debug --enable-magic-quotes \ --enable-libgcc --enable-ftp --enable-mbstring=all \ --enable-sockets --with-gnu-ld --with-gettext make make install cp php.ini-recommended /etc/php.ini停用系统默认的Sendmail:
/etc/init.d/sendmail stop chkconfig --level 0123456 sendmail off mv /usr/bin/newaliases /usr/bin/newaliases.orig mv /usr/bin/mailq /usr/bin/mailq.orig mv /usr/sbin/sendmail /usr/sbin/sendmail.orig rpm -e --nodeps sendmail安装Postfix:
在这里就需要注意一下,因为YUM安装方式及源码安装方式下,OpenLDAP的存放路径是不一样的,所以如果是使用源码安装的话,一定要注意这里引用LDAP时的路径.
tar zxvf postfix-2.5-20071006.tar.gz cd postfix-2.5-20071006 make -f Makefile.init makefiles \ 'CCARGS=-DHAS_LDAP -I/usr/local/include -DUSE_SASL_AUTH -DUSE_CYRUS_SASL \ -I/usr/local/sasl2/include/sasl -I/usr/local/BerkeleyDB/include -DUSE_TLS -I-DUSE_TLS \ -I/usr/include/openssl' \ 'AUXLIBS=-L/usr/local/lib -lldap -llber -L/usr/local/sasl2/lib -lsasl2 \ -L/usr/local/BerkeleyDB/lib -L/usr/lib -lssl -lcrypto' make make install newaliases #安装时会有交互的信息,我这里没有贴出来,可以参考以前的文章建立邮件存储文件夹:
mkdir -pv /var/mailbox chown -R vmail:vmail /var/mailbox/ chmod -R 700 /var/mailbox/设置Postfix配置文件:
mv /etc/postfix/main.cf /etc/postfix/main.cf.bak mv /etc/postfix/master.cf /etc/postfix/master.cf.bak touch /etc/postfix/main.cf touch /etc/postfix/master.cf postalias /etc/aliases设置main.cf文件:
queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix mail_owner = postfix myhostname = mail.test.com mydomain = test.com myorigin = $mydomain inet_interfaces = all mydestination = unknown_local_recipient_reject_code = 550 mynetworks = 192.168.44.0/24, 127.0.0.0/8 ############################CYRUS-SASL############################ broken_sasl_auth_clients = yes smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender, reject_non_fqdn_recipient,reject_unknown_recipient_domain, reject_unauth_pipelining,reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $mydomain smtpd_sasl_security_options = noanonymous smtpd_sasl_application_name = smtpd smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available! #############################SASL-END################################## #############################Virtual Mailbox Settings#################### virtual_mailbox_base=/var/mailbox virtual_mailbox_maps=ldap:/etc/postfix/ldap_virtual_mailbox_maps.cf virtual_mailbox_domains=ldap:/etc/postfix/ldap_virtual_domains_maps.cf virtual_alias_domains= virtual_alias_maps=ldap:/etc/postfix/ldap_virtual_alias_maps.cf virtual_uid_maps=static:1001 virtual_gid_maps=static:1001 virtual_transport=maildrop maildrop_destination_recipient_limit=1 maildrop_destination_concurrency_limit=1 #################################Mailbox END############################### #################################Quota Settings############################ message_size_limit=1433600 virtual_mailbox_limit=20791520 virtual_create_maildirsize=yes virtual_mailbox_extended=yes virtual_mailbox_limit_maps=ldap:/etc/postfix/ldap_virtual_limit_maps.cf virtual_mailbox_limit_override=yes virtual_maildir_limit_message= Sorry,The User's maildir has overdrawn his diskspace quota, Please try again later. virtual_overquota_bounce=yes ################################Quota END################################# ################################Amavis Start############################## content_filter=amavisfeed:[127.0.0.1]:10024 max_use=10 ################################Amavis END################################ debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail mailq_path = /usr/bin/mailq setgid_group = postdrop html_directory = /var/www/postfix_html manpage_directory = /usr/local/man sample_directory = /etc/postfix readme_directory = no复制main.cf中设置的支持文件:
这里复制过去后要做一些小小的修改,因为extman默认的管理域名都是extmail.org,而我则希望变成自定义的test.com,所以这些文件中的所有有关extmail.org的记录要全部改成test.com.
cp /tmp/extmain-0.2.4/docs/ldap* /etc/postfix/设置master.cf文件:
vi /etc/postfix/master.cf
smtp inet n - n - - smtpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/bin/maildrop -w 90 -d ${recipient}
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
cyrus unix - n n - - pipe
user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#################################AntiSpamm Start #######################
############################
amavisfeed unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
#
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o local_header_rewrite_clients=
#################################AntiSpamm End #############################
######################
配置Apache:mkdir -pv /var/www/extsuite vi /etc/httpd.conf <VirtualHost *:80> ServerName mail.test.com DocumentRoot /var/www/extsuite/extmail/html/ ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi Alias /extmail /var/www/extsuite/extmail/html ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi Alias /extman /var/www/extsuite/extman/html SuexecUserGroup vmail vmail Alias /phpadmin /var/www/phpadmin </VirtualHost>增加Apache的虚拟主机支持:
cp /etc/extra/httpd-vhosts.conf /etc/extra/httpd-vhosts.conf.bak # 这个文件中的内容和上面是一样的,这里就不贴出来了安装PCRE及Zlib:
这个主要是为了支持后面的一些组件.
tar jxvf pcre-7.2.tar.bz2 cd pcre-7.2 ./confugure make make install tar zxvf zlib-1.2.3.tar.gz cd zlib-1.2.3 ./configure --prefix=/usr --shared make make install安装courier-imap组件:
export COURIERAUTHCONFIG=/usr/local/authlib/bin/courierauthconfig tar jxvf courier-imap-4.1.3.tar.bz2 cd courier-imap-4.1.3 ./configure --prefix=/usr/local/imap -with-redhat --disable-root-check \ --sysconfdir=/etc --enable-unicode=utf-8,iso-8859-1,gb2312,gbk,gb18030 \ --with-trashquota --with-dirsync --disable-root-check make make install make install-configure cp courier-imap.sysvinit /usr/local/imap/sbin/imapd chmod +x /usr/local/imap/sbin/imapd /usr/local/imap/sbin/imapd start cp courier-imap.sysvinit /etc/rc.d/init.d/courier-imapd chmod 755 /etc/rc.d/init.d/courier-imapd chkconfig --add courier-imapd chkconfig --level 2345 courier-imapd on安装maildrop组件:
tar jxvf maildrop-2.0.4.tar.bz2 cd maildrop-2.0.4 ln -sv /usr/local/authlib/bin/courierauthconfig /usr/bin ln -sv /usr/local/authlib/include/* /usr/include ./configure --prefix=/usr/local/maildrop --enable-sendmail=/usr/sbin/sendmail \ --enable-trusted-users='root vmail' --enable-syslog=1 --enable-maildirquota \ --enable-maildrop-uid=1001 --enable-maildrop-gid=1001 --with-trashquota --with-dirsync make make install cp /usr/local/maildrop/bin/maildrop /usr/bin maildrop -v ##这里一定要测试一下是否安装成功,要有authlib的提示才行
设置maildroprc文件:
vi /etc/maildroprc
logfile "/var/log/maildrop.log"
TEST="/bin/test -f"
#
# Check for custom user .mailfilter file
#
CUSTOM_FILTER="$HOME/.mailfilter"
`$TEST $CUSTOM_FILTER && exit 1 || exit 0`
if ( $RETURNCODE == 0 )
{
to "$HOME/Maildir"
}
安装clamav:tar zxvf clamav-0.91.2.tar.gz cd clamav-0.91.2 ./configure --prefix=/usr/local/clamav \ --with-dbdir=/usr/local/share/clamav --disable-zlib-vcheck \ --sysconfdir=/etc/clamav make make install mkdir /var/log/clamav chmod -R 744 /var/log/clamav chown -R amavis:amavis /var/log/clamav chown -R amavis.amavis /usr/local/share/clamav mkdir /var/run/clamav chmod 700 /var/run/clamav chown amavis.amavis /var/run/clamav设置clamav的freshclam.cf:
mv /etc/clamav/freshclam.conf /etc/clamav/freshclam.conf.old vi /etc/clamav/freshclam.conf DatabaseDirectory /usr/local/share/clamav UpdateLogFile /var/log/clamav/freshclam.log LogVerbose yes LogSyslog yes LogFacility LOG_MAIL PidFile /var/run/freshclam.pid DatabaseOwner amavis DatabaseMirror db.CN.clamav.net DatabaseMirror database.clamav.net设置clamav的clamd.conf文件:
mv /etc/clamav/clamd.conf /etc/clamav/clamd.conf.old vi /etc/clamav/clamd.conf LogFile /var/log/clamav/clamd.log LogFacility LOG_MAIL LogVerbose yes PidFile /var/run/clamav/clamd.pid DatabaseDirectory /usr/local/share/clamav LocalSocket /var/run/clamav/clamd.socket StreamMaxLength 20M User amavis ScanPDF yes ScanMail yes PhishingSignatures yes ScanArchive yes设定防病毒软件clamav的升级及启动时间:
cp contrib/init/RedHat/clamd /etc/rc.d/init.d/clamd cp contrib/init/RedHat/clamav-milter /etc/rc.d/init.d/clamav-milter chkconfig --add clamd chkconfig --add clamav-milter chkconfig --level 2345 clamd on chkconfig --level 2345 clamav-milter on echo "/usr/local/clamav/lib" >> /etc/ld.so.conf ldconfig -v vi /etc/rc.d/init.d/clamd progdir="/usr/local/clamav/sbin" service clamd start crontab -e 37 * * * * /usr/local/clamav/bin/freshclam /usr/local/clamav/bin/freshclam安装amavisd:
tar zxvf amavisd-new-2.5.2.tar.gz cd amavisd-new-2.5.2 mkdir -p /var/amavis /var/amavis/tmp /var/amavis/var /var/amavis/db chown -R amavis:amavis /var/amavis chmod -R 750 /var/amavis cp amavisd /usr/local/sbin/ chown root /usr/local/sbin/amavisd chmod 755 /usr/local/sbin/amavisd cp amavisd.conf /etc/ chown root /etc/amavisd.conf chmod 644 /etc/amavisd.conf mkdir /var/virusmails chown amavis:amavis /var/virusmails chmod 750 /var/virusmails配置amavisd:
vi /etc/amavisd.conf
use strict;
$max_servers = 8; # num of pre-forked children (2..15 is common), -m
$daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u
$daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g
$mydomain = 'test.com'; # a convenient default for other settings
$MYHOME = '/var/amavis'; # a convenient default for other settings, -H
$TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T
$ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc.
$QUARANTINEDIR = '/var/virusmails'; # -Q
$log_level = 0; # verbosity 0..5, -d
$log_recip_templ = undef; # disable by-recipient level-0 log entries
$DO_SYSLOG = 1; # log via syslogd (preferred)
$syslog_facility = 'mail'; # Syslog facility as a string
$syslog_priority = 'debug'; # Syslog base (minimal) priority as a string,
$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1
$nanny_details_level = 2; # nanny verbosity: 1: traditional, 2: detailed
@local_domains_maps = ( [".$mydomain"] ); # list of all local domains
@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
$unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter
$inet_socket_port = 10024; # listen on this local TCP port(s)
$policy_bank{'MYNETS'} = { # mail originating from @mynetworks
originating => 1, # is true in MYNETS by default, but let's make it explicit
os_fingerprint_method => undef, # don't query p0f for internal clients
};
$policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users
originating => 1, # declare that mail was submitted by our smtp client
allow_disclaimers => 1, # enables disclaimer insertion if available
virus_admin_maps => ["postmaster\@$mydomain"],
spam_admin_maps => ["postmaster\@$mydomain"],
warnbadhsender => 1,
forward_method => 'smtp:[127.0.0.1]:10025',
smtpd_discard_ehlo_keywords => ['8BITMIME'],
bypass_banned_checks_maps => [1], # allow sending any file names and types
terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option
};
$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname
$policy_bank{'AM.PDP-SOCK'} = {
protocol => 'AM.PDP',
auth_required_release => 0, # do not require secret_id for amavisd-release
};
$sa_tag_level_deflt = 100; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.3; # add 'spam detected' headers at that level
$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions (e.g. blocks mail)
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
$penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn database)
$penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam
$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0; # only tests which do not require internet access?
$virus_admin = "postmaster\@$mydomain"; # notifications recip.
$mailfrom_notify_admin = "postmaster\@$mydomain"; # notifications sender
$mailfrom_notify_recip = "postmaster\@$mydomain"; # notifications sender
$mailfrom_notify_spamadmin = "postmaster\@$mydomain"; # notifications sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
@addr_extension_virus_maps = ('virus');
@addr_extension_banned_maps = ('banned');
@addr_extension_spam_maps = ('spam');
@addr_extension_bad_header_maps = ('badh');
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
$sa_spam_subject_tag = '***SPAM*** ';
$defang_virus = 1; # MIME-wrap passed infected mail
$defang_banned = 1; # MIME-wrap passed mail containing banned name
$defang_by_ccat{+CC_BADH.",3"} =1;
$defang_by_ccat{+CC_BADH.",5"} = 1; # header line longer than 998 characters
$defang_by_ccat{+CC_BADH.",6"} = 1; # header field syntax error
$notify_method = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter!
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_PASS;
@keep_decoded_original_maps = (new_RE(
qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
));
$banned_filename_re = new_RE(
qr'^\.(exe-ms|dll)$', # banned file(1) types, rudimentary
[ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives
qr'.\.(pif|scr)$'i, # banned extensions - rudimentary
qr'^application/x-msdownload$'i, # block these MIME types
qr'^application/x-msdos-program$'i,
qr'^application/hta$'i,
qr'\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i,
qr'.\.(exe|vbs|pif|scr|cpl)$'i, # banned extension - basic
);
@score_sender_maps = ({ # a by-recipient hash lookup table,
'.' => [ # the _first_ matching sender determines the score boost
new_RE( # regexp-type lookup table, just happens to be all soft-blacklist
[qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0],
[qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
[qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
[qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0],
[qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0],
[qr'^(your_friend|greatoffers)@'i => 5.0],
[qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0],
),
{ # a hash-type lookup table (associative array)
'[email]nobody@cert.org[/email]' => -3.0,
'[email]cert-advisory@us-cert.gov[/email]' => -3.0,
'[email]owner-alert@iss.net[/email]' => -3.0,
'[email]slashdot@slashdot.org[/email]' => -3.0,
'securityfocus.com' => -3.0,
'[email]ntbugtraq@listserv.ntbugtraq.com[/email]' => -3.0,
'[email]security-alerts@linuxsecurity.com[/email]' => -3.0,
'[email]mailman-announce-admin@python.org[/email]' => -3.0,
'[email]amavis-user-admin@lists.sourceforge.net[/email]'=> -3.0,
'[email]amavis-user-bounces@lists.sourceforge.net[/email]' => -3.0,
'spamassassin.apache.org' => -3.0,
'[email]notification-return@lists.sophos.com[/email]' => -3.0,
'[email]owner-postfix-users@postfix.org[/email]' => -3.0,
'[email]owner-postfix-announce@postfix.org[/email]' => -3.0,
'[email]owner-sendmail-announce@lists.sendmail.org[/email]' => -3.0,
'[email]sendmail-announce-request@lists.sendmail.org[/email]' => -3.0,
'[email]donotreply@sendmail.org[/email]' => -3.0,
'ca+[email]envelope@sendmail.org[/email]' => -3.0,
'[email]noreply@freshmeat.net[/email]' => -3.0,
'[email]owner-technews@postel.acm.org[/email]' => -3.0,
'[email]ietf-123-owner@loki.ietf.org[/email]' => -3.0,
'[email]cvs-commits-list-admin@gnome.org[/email]' => -3.0,
'[email]rt-users-admin@lists.fsck.com[/email]' => -3.0,
'[email]clp-request@comp.nus.edu.sg[/email]' => -3.0,
'[email]surveys-errors@lists.nua.ie[/email]' => -3.0,
'[email]emailnews@genomeweb.com[/email]' => -5.0,
'[email]yahoo-dev-null@yahoo-inc.com[/email]' => -3.0,
'returns.groups.yahoo.com' => -3.0,
'[email]clusternews@linuxnetworx.com[/email]' => -3.0,
lc('[email]lvs-users-admin@LinuxVirtualServer.org[/email]') => -3.0,
lc('[email]owner-textbreakingnews@CNNIMAIL12.CNN.COM[/email]') => -5.0,
# soft-blacklisting (positive score)
'[email]sender@example.net[/email]' => 3.0,
'.example.net' => 1.0,
},
], # end of site-wide tables
});
@decoders = (
['mail', \&do_mime_decode],
['asc', \&do_ascii],
['uue', \&do_ascii],
['hqx', \&do_ascii],
['ync', \&do_ascii],
['F', \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ],
['Z', \&do_uncompress, ['uncompress','gzip -d','zcat'] ],
['gz', \&do_uncompress, 'gzip -d'],
['gz', \&do_gunzip],
['bz2', \&do_uncompress, 'bzip2 -d'],
['lzo', \&do_uncompress, 'lzop -d'],
['rpm', \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ],
['cpio', \&do_pax_cpio, ['pax','gcpio','cpio'] ],
['tar', \&do_pax_cpio, ['pax','gcpio','cpio'] ],
['deb', \&do_ar, 'ar'],
['zip', \&do_unzip],
['7z', \&do_7zip, ['7zr','7za','7z'] ],
['rar', \&do_unrar, ['rar','unrar'] ],
['arj', \&do_unarj, ['arj','unarj'] ],
['arc', \&do_arc, ['nomarch','arc'] ],
['zoo', \&do_zoo, ['zoo','unzoo'] ],
['lha', \&do_lha, 'lha'],
['doc', \&do_ole, 'ripole'],
['cab', \&do_cabextract, 'cabextract'],
['tnef', \&do_tnef_ext, 'tnef'],
['tnef', \&do_tnef],
['exe', \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ],
);
@av_scanners = (
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.socket"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);
@av_scanners_backup = (
['ClamAV-clamscan', 'clamscan',
"--stdout --no-summary -r --tempdir=$TEMPBASE {}",
[0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);
1; # insure a defined return
测试amavisd:
一般来讲,第一次启用的时候会提示有很多的Perl支持包没有安装,这里可以通过自动或手动的方式来进行安装,不过自动的方式最后还是有一部份安装不上,手工安装的方法可以参考我以前的那篇文章.
/usr/local/sbin/amavisd debug cpan ##设置CPAN自动安装 perl MCPAN -e shell install Time::HiRes IO::Wrap IO::Stringy Unix::Syslog Compress::Zlib MIME::Words \ MIME::Head MIME::Body MIME::Entity MIME::Parser MIME::Decoder MIME::Decoder::Base64 \ MIME::Decoder::Binary MIME::Decoder::QuotedPrint MIME::Decoder::NBit \ MIME::Decoder::UU MIME::Decoder::Gzip64 Net::Server Net::Server::PreFork安装完了后再测试,如果自动安装不了就改为手动,直到测试成功.这里可能是最考验耐心的时候.
测试spamassassin并启动amavisd及postfix:
vi /etc/mail/spamassassin/local.cf required_score 5.0 report_safe 1 lock_method flock required_score 5.0 use_bayes 1 use_pyzor 0 use_razor2 0 bayes_auto_learn 0 ok_locales all spamassassin -d --lint /usr/bin/spamd -d echo "/usr/bin/spamd -d" >> /etc/rc.local /usr/local/sbin/amavisd postfix start测试Postfix:
安装并设置extmail
tar zxvf extmail-1.0.4.tar.gz mv extmail-1.0.4 /var/www/extsuite/extmail tar zxvf extman-0.2.4.tar.gz mv extman-0.2.4 /var/www/extsuite/extman cd /var/www/extsuite/extmail/ cp webmail.cf.default webmail.cf vi webmail.cf vi ../extman/webman.cf更改和建立相关文件:
mkdir /tmp/extman chown -R vmail:vmail /tmp/extman chown -R vmail:vmail /var/www/extsuite/extmail chown -R vmail:vmail /var/www/extsuite/extman touch /var/log/maildrop.log chown vmail.vmail /var/log/maildrop.log设置webmail.cf:
# sys_config, the config file and webmail programe root SYS_CONFIG = /var/www/extsuite/extmail/ # sys_langdir, the i18n dir SYS_LANGDIR = /var/www/extsuite/extmail/lang # sys_templdir, the template dir SYS_TEMPLDIR = /var/www/extsuite/extmail/html # sys_warn, show system warning or not, default to yes SYS_SHOW_WARN = 0 # sys_permit_noquota, permit an account without qouta? SYS_PERMIT_NOQUOTA = 1 # sys_sess_dir, the session dir SYS_SESS_DIR = /tmp/ # sys_log_on = 1 | 0 - enable logging or not SYS_LOG_ON = 1 # sys_log_type = file|syslog|nsyslog, syslog will save login # or error info into mail.*, nsyslog is a replacement to syslog # that will send log message to network syslogd SYS_LOG_TYPE = syslog # sys_log_file - path to log file, if sys_log_type = file SYS_LOG_FILE = /var/log/extmail.log # sys_sess_timeout, session timeout, default 3 hours (3h) format: # number+(s|m|h|d|M|y); or only number, the 0 means that the # session will last for 0 seconds, but if you specify the # sys_sess_cookie_only = 1 then it means the session will expire # after you close your browser :) SYS_SESS_TIMEOUT = 0 # sys_sess_cookie_only = 0|1 use cookie only or include cgi "sid" # parameter ? if set to true(1), the session will be expired after # sys_sess_timeout if there is no any active request from browser SYS_SESS_COOKIE_ONLY = 1 # sys_user_psize, user default page_size SYS_USER_PSIZE = 10 # sys_user_tsize, user mail subject truncate size, valid type: # auto => full text # screen1 => 800x600 # screen2 => 1024x768 # screen3 => 1280x1024 SYS_USER_SCREEN = auto # sys_user_lang, user default language SYS_USER_LANG = zh_CN # sys_app_type, the app type: WebMail or ExtMan? It must be the same # as prefix part of language package name, eg: WebMail::en_US SYS_APP_TYPE = WebMail # sys_user_template, user default template SYS_USER_TEMPLATE = default # sys_user_charset, user default charset SYS_USER_CHARSET = utf-8 # sys_user_trylocal, user default outgoing encoding mechanism SYS_USER_TRYLOCAL = 1 # sys_user_timezone, user default timezone SYS_USER_TIMEZONE = +0800 # sys_user_* default parameters SYS_USER_CCSENT = 1 SYS_USER_SHOW_HTML = 1 SYS_USER_COMPOSE_HTML = 1 SYS_USER_CONV_LINK =1 SYS_USER_ADDR2ABOOK = 1 # sys_message_size_limit, default message size limit per user # count as byte(s), eg: 5242880 means 5MB SYS_MESSAGE_SIZE_LIMIT = 5242880 # sys_min_pass_len, minimal password length, default 2 SYS_MIN_PASS_LEN = 2 # sys_mfilter_on, default is off SYS_MFILTER_ON = 1 # sys_netdisk_on, default is off SYS_NETDISK_ON = 1 # sys_show_signup, default is on, this feature need extman # 0.2.2 or higher version, built with signup serivce SYS_SHOW_SIGNUP = 1 # sys_debug_on, default is off SYS_DEBUG_ON = 1 # sys auth type, mysql/ldap/authlib SYS_AUTH_TYPE = ldap # maildir_base, the base dir of user maildir, use absolute path # if not set. SYS_MAILDIR_BASE = /var/mailbox # sys_auth_schema, vpopmail1/vpopmail2/virtual # vpopmail1 => all user accounts in one table # vpopmail2 => accounts in per domain table SYS_AUTH_SCHEMA = virtual # crypt_type, the default encrypt type of password, possible type # currently is crypt|cleartext|plain|md5|md5crypt|plain-md5|ldap-md5|sha|sha1 SYS_CRYPT_TYPE = md5crypt # if mysql, all relate parameters should prefix as SYS_MYSQL # SYS_MYSQL_USER = extmail # SYS_MYSQL_PASS = db_pass # SYS_MYSQL_DB = extmail # SYS_MYSQL_HOST = localhost # SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock # table name # SYS_MYSQL_TABLE = mailbox # SYS_MYSQL_ATTR_USERNAME = username # SYS_MYSQL_ATTR_DOMAIN = domain # SYS_MYSQL_ATTR_PASSWD = password # sys_mysql_attr_clearpw - attribute to save clear password, useful for # postmaster withdraw the original passwd if the end user forgot, but # we highly recommend that you don't enable it for security reason # SYS_MYSQL_ATTR_CLEARPW = clearpwd # SYS_MYSQL_ATTR_QUOTA = quota # SYS_MYSQL_ATTR_NDQUOTA = netdiskquota # SYS_MYSQL_ATTR_HOME = homedir # SYS_MYSQL_ATTR_MAILDIR = maildir # service enable/disable attributes # comment them out if you don't want their function # SYS_MYSQL_ATTR_DISABLEWEBMAIL = disablewebmail # SYS_MYSQL_ATTR_DISABLENETDISK = disablenetdisk # SYS_MYSQL_ATTR_DISABLEPWDCHANGE = disablepwdchange # SYS_MYSQL_ATTR_ACTIVE = active # if ldap, all relate parameters should prefix as SYS_LDAP SYS_LDAP_BASE = o=extmailAccount,dc=test.com SYS_LDAP_RDN = cn=Manager,dc=test.com SYS_LDAP_PASS = password SYS_LDAP_HOST = ldap.test.com # ldif attributes SYS_LDAP_ATTR_USERNAME = mail SYS_LDAP_ATTR_DOMAIN = virtualDomain SYS_LDAP_ATTR_PASSWD = userPassword # sys_ldap_attr_clearpw - attribute to save clear password, useful for # postmaster withdraw the original passwd if the end user forgot, but # we highly recommend that you don't enable it for security reason # SYS_LDAP_ATTR_CLEARPW = clearPassword SYS_LDAP_ATTR_QUOTA = mailQuota SYS_LDAP_ATTR_NDQUOTA = netdiskQuota SYS_LDAP_ATTR_HOME = homeDirectory SYS_LDAP_ATTR_MAILDIR = mailMessageStore # service enable/disable attributes # comment them out if you don't want their function # SYS_LDAP_ATTR_DISABLEWEBMAIL = disablewebmail # SYS_LDAP_ATTR_DISABLENETDISK = disablenetdisk # SYS_LDAP_ATTR_DISABLEPWDCHANGE = disablePasswdChange SYS_LDAP_ATTR_ACTIVE = active # if authlib, all relate parameters should prefix as AUTHLIB SYS_AUTHLIB_SOCKET = /var/spool/authdaemon/socket # Global Abook support # sys_g_abook_type, global abook type, valid is ldap|file, currently # only support ldap, file module is under development :-) SYS_G_ABOOK_TYPE = file # if ldap, all relate parameters should prefix as SYS_G_ABOOK_LDAP SYS_G_ABOOK_LDAP_HOST = localhost SYS_G_ABOOK_LDAP_BASE = ou=AddressBook,dc=example.com SYS_G_ABOOK_LDAP_ROOTDN = cn=Manager,dc=example.com SYS_G_ABOOK_LDAP_ROOTPW = secret SYS_G_ABOOK_LDAP_FILTER = objectClass=OfficePerson # if file, all relate parameters should prefix as SYS_G_ABOOK_FILE SYS_G_ABOOK_FILE_PATH = /var/www/extsuite/extmail/globabook.cf SYS_G_ABOOK_FILE_LOCK = 1 SYS_G_ABOOK_FILE_CONVERT = 0 SYS_G_ABOOK_FILE_CHARSET = utf-8设置webman.cf:
# sys_config, the config file and webman programe root SYS_CONFIG = /var/www/extsuite/extman/ # sys_langdir, the i18n dir SYS_LANGDIR = /var/www/extsuite/extman/lang # sys_templdir, the template dir SYS_TEMPLDIR = /var/www/extsuite/extman/html # maildir_base, the base dir of user maildir, use absolute path # if not set. SYS_MAILDIR_BASE = /var/mailbox # sys_warn, show system warning or not, default to yes SYS_SHOW_WARN = 0 # sys_sess_dir, the session dir SYS_SESS_DIR = /tmp/extman/ # sys_captcha_on 1|0 - to enable captcha feature or not SYS_CAPTCHA_ON = 0 # sys_captcha_key SYS_CAPTCHA_KEY = r3s9b6a7 # sys_captcha_len SYS_CAPTCHA_LEN = 6 # sys_purge_data - to completely destroy user's mailbox or not? SYS_PURGE_DATA = 0 # sys_sess_timeout, session timeout in seccond, default 6 hours # SYS_SESS_TIMEOUT = 21600 # sys_user_psize, user default page_size SYS_PSIZE = 50 # sys_user_lang, user default language SYS_LANG = zh_CN # sys_app_type, the app type: WebMail or ExtMan? It must be the same # as prefix part of language package name, eg: WebMail::en_US SYS_APP_TYPE = ExtMan # sys_template_name, the template name SYS_TEMPLATE_NAME = default # web management related restritions # sys_default_expire, valid value: ?y ?m ?d SYS_DEFAULT_EXPIRE = 1y # sys_groupmail_sender - sender for groupmail, this account must # exist or postfix or other mta will complain error SYS_GROUPMAIL_SENDER = [email]postmaster@test.com[/email] # sys_default_services, valid value: smtpd, smtp, webmail, netdisk, # imap and pop3, concatenate with "," as multiple values, eg: webmail,smtpauth SYS_DEFAULT_SERVICES = webmail,smtpd,smtp,pop3,netdisk # sys_isp_mode, yes|no - if yes, use our HashDir to spread # storage to multiple directories SYS_ISP_MODE = no # sys_domain_hashdir = yes|no, if yes we will enable domain hashdir # depend on sys_isp_mode = yes SYS_DOMAIN_HASHDIR = yes # sys_domain_hashdir_depth, the hash length and depth, format: # length x depth, eg: 2x1 => length =2, depth =1 # depend on sys_isp_mode = yes SYS_DOMAIN_HASHDIR_DEPTH = 2x2 # sys_user_hashdir = yes|no, if yes we will enable user hashdir # depend on sys_isp_mode = yes SYS_USER_HASHDIR = yes # sys_user_hashdir_depth, similar to sys_hashdir_domain_depth SYS_USER_HASHDIR_DEPTH = 2x2 # XXX FIXME # experimental feature, per domain tranport/routing capability # same config style as SYS_USER_ROUTING_LIST # SYS_DOMAIN_ROUTING_LIST = lmtp:mx1.extmail.org,lmtp:mx2.extmail.org # XXX FIXME # experimental feature, per user routing capability # please specify routing info, concatenate with "," as multiple list # members, eg: smtp:mx1.abc.com,smtp:mx2.abc.com # SYS_USER_ROUTING_LIST = smtp:[192.168.2.130],smtp:[192.168.2.128] # sys_min_uid, the minimal uid SYS_MIN_UID = 500 # sys_min_gid, the minimal gid SYS_MIN_GID = 100 # sys_default_uid, if not set, webman will ignore it SYS_DEFAULT_UID = 1001 # sys_default_gid, if not set, webman will ignore it SYS_DEFAULT_GID = 1001 # sys_quota_multiplier, in bytes, default to 1 MB SYS_QUOTA_MULTIPLIER = 1048576 # sys_quota_type, valid type: vda|courier SYS_QUOTA_TYPE = courier # maxquota, alias, users and netdisk quota for domain SYS_DEFAULT_MAXQUOTA = 10000 SYS_DEFAULT_MAXALIAS = 10000 SYS_DEFAULT_MAXUSERS = 1000 SYS_DEFAULT_MAXNDQUOTA = 500 # per user default quota, netdisk quota and expire SYS_USER_DEFAULT_QUOTA = 5 SYS_USER_DEFAULT_NDQUOTA = 5 SYS_USER_DEFAULT_EXPIRE = 1y # sys_backend_type mysql|ldap SYS_BACKEND_TYPE = ldap # sys_crypt_type: crypt|cleartext|plain|md5|md5crypt|plain-md5|ldap-md5|sha|sha1 SYS_CRYPT_TYPE = md5crypt # if mysql, all relate paramters should prefix as SYS_MYSQL SYS_MYSQL_USER = webman SYS_MYSQL_PASS = webman SYS_MYSQL_DB = extmail SYS_MYSQL_HOST = localhost SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock # table name SYS_MYSQL_TABLE = manager SYS_MYSQL_ATTR_USERNAME = username SYS_MYSQL_ATTR_PASSWD = password # comment it if you only want to save crypted password # we highly recommend that you disable the following line :) # SYS_MYSQL_ATTR_CLEARPW = clearpwd # if ldap, all relate paramters should prefix as SYS_LDAP SYS_LDAP_BASE = dc=test.com SYS_LDAP_RDN = cn=Manager,dc=test.com SYS_LDAP_PASS = password SYS_LDAP_HOST = localhost # ldif attributes SYS_LDAP_ATTR_USERNAME = mail SYS_LDAP_ATTR_PASSWD = userPassword # comment it if you only want to save crypted password # we highly recommend that you disable the following line :) # SYS_LDAP_ATTR_CLEARPW = clearPassword # sys_rrd_datadir, the full path of rrd data SYS_RRD_DATADIR = /var/lib # sys_rrd_tmpdir, the temp dir for graph SYS_RRD_TMPDIR = /tmp/viewlog # sys_rrd_queue_on, yes|no, show queue or not SYS_RRD_QUEUE_ON = yes安装phpldapadmin:
这个我的前一篇文章有介绍,这里就不啰嗦了,给两张图吧,它的安装和设置都不麻烦.而且配置文件的修改也只是很少的方面.
多域名测试:
邮件发送及日志测试:
221
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
