一、资源说明  EMOS1.5系统,用yum升到CentOS5.6,并使用roundcubemail0.5.1替换extmail,申请免费域名 extmail.no-ip.org

二、EMOS1.5 系统安装(简略说明)

ip:192.168.1.69/24

网关:192.168.1.1

DNS:202.96.134.33

    202.96.128.86

主机名:mx.extmail.no-ip.org


安装时,去掉OpenLDAP服务器选项;其他则保留默认。

安装完系统后,第一次重启需要做一些配置

1.setup default domain :extmail.no-ip.org

2.setup default hostname: mx.extmail.no-ip.org

3.max message size config: 10

4.Backend Database selection: MySQL  (要使用LDAP作为后台数据库的,用空格键移动光标选择)

5.webman/dspam root account password: seaman

6.MySQL/Dspam root password:wdxpw

7.Antispam Software selection: Dspam+Amavisd (这里可以选择只安装Dspam)

8.DSPAM pre-training data import: YES Download and import (通过空格键选择,默认是不导入)

9.TLS feature selection: TLS Enable TLS

10.Server type selection: Corp-Mail Suitable for office/business(一般用这个默认足够了,另外选项是Mail ISP,是给ISP用的,处理1K+的域名,10K+的用户)

11.Confirm configuration:  最后确认一些你前面的配置。 YES 则开始初始化配置 NO 则重新配置 ESC则不配置进行重启系统



三、yum升级

官方wiki(http://wiki.centos.org/zh/Manuals/ReleaseNotes/CentOS5.6#head-8a14bbe0a1b585b6870f7cee97bc04e5e33144b1)上看到如下一句话

假若从一个早于 5.5 版的 CentOS 5 发行版本升级,推荐的步骤如下:

[root@mx ~]yum clean all

[root@mx ~]yum update glibc\*

[root@mx ~]yum update yum\* rpm\* pyth\*

[root@mx ~]yum clean all

[root@mx ~]yum update mkinitrd nash

[root@mx ~]yum update selinux\*

[root@mx ~]yum update

[root@mx ~]# yum remove -y php php-common php-cli php-mbstring php-mysql php-pdo phpmyadmin php-ldap

[root@mx ~]# yum install -y httpd-devel libtool-ltdl libtool-ltdl-devel openssl-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libc-client libc-client-devel gd gd-devel libmcrypt libmcrypt-devel

[root@mx ~]# yum install -y php53 php53-mbstring php53-xml php53-intl php53-mysql

shutdown -r now



四、免费域名注册

1.可以到这个 http://www.no-ip.com 网站上注册,我注册的是 extmail.no-ip.org

2.下载一个noip软件并安装它,让它自动更新域名与IP对应。

[root@mx ~]# wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz

[root@mx ~]# tar zxvf noip-duc-linux.tar.gz

[root@mx ~]# cd noip-2.1.9-1/

[root@mx noip-2.1.9-1]# make

[root@mx noip-2.1.9-1]# make install

if [ ! -d /usr/local/bin ]; then mkdir -p /usr/local/bin;fi

if [ ! -d /usr/local/etc ]; then mkdir -p /usr/local/etc;fi

cp noip2 /usr/local/bin/noip2

/usr/local/bin/noip2 -C -c /tmp/no-ip2.conf


Auto configuration for Linux client of no-ip.com.


Please enter the login/email string for no-ip.com  wdxpw@126.com       《-- 注册域名的账号

Please ent er the password for user 'wdxpw@126.com'  ********           《-- 密码


Only one host [extmail.no-ip.org] is registered to this account.

It will be used.

Please enter an update interval:[30]  

Do you wish to run something at successful update?[N] (y/N)  ^M


New configuration file '/tmp/no-ip2.conf' created.


mv /tmp/no-ip2.conf /usr/local/etc/no-ip2.conf


3.运行no-ip软件

[root@mx noip-2.1.9-1]# /usr/local/bin/noip2

[root@mx noip-2.1.9-1]# noip2 -S      《--通过该命令可以查看运行状况

1 noip2 process active.


Process 2767, started as /root/noip-2.1.9-1/noip2, (version 2.1.9)

Using configuration from /usr/local/etc/no-ip2.conf

Last IP Address set 183.46.185.157    《--这个就是我的动态ip

Account wdxpw@126.com

configured for:

       host  extmail.no-ip.org

Updating every 30 minutes via /dev/eth0 with NAT enabled.

这样就可以将我们的域名和ip绑定起来


4.设定开机自动运行no-ip进行绑定

echo "/usr/local/bin/noip2" >> /etc/rc.d/rc.local



五、安装roundcubemail

1. 下载roundcube 并解压到/var/www/extsuite/

[root@mx ~]# wget http://nchc.dl.sourceforge.net/project/roundcubemail/roundcubemail/0.5.3/roundcubemail-0.5.3.tar.gz

[root@mx ~]# tar zxvf roundcubemail-0.5.3.tar.gz -C /var/www/extsuite/

[root@mx ~]# cd /var/www/extsuite/

[root@mx extsuite]# mv roundcubemail-0.5.3/ roundcubemail

[root@mx extsuite]# chown -R root.root roundcubemail/



2.创建数据库并授权

[root@mx extsuite]# mysql -uroot -p

Enter password:       <---输入wdxpw

mysql> CREATE DATABASE roundcubemail;

Query OK, 1 row affected (0.01 sec)


mysql> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcubemail@localhost IDENTIFIED BY 'seaman';

Query OK, 0 rows affected (0.00 sec)


mysql> flush privileges;

Query OK, 0 rows affected (0.00 sec)


mysql> \q

Bye


3.初始化数据库

[root@mx extsuite]# mysql -uroot -p roundcubemail < /var/www/extsuite/roundcubemail/SQL/mysql.initial.sql

Enter password:     <---输入wdxpw


4.配置数据库配置文件

[root@mx extsuite]# cd /var/www/extsuite/roundcubemail/config/

[root@mx config]# cp db.inc.php.dist db.inc.php

修改 db.inc.php 文件,做如下修改:

$rcmail_config['db_dsnw'] = 'mysql://roundcube:pass@localhost/roundcubemail';

改成

$rcmail_config['db_dsnw'] = 'mysql://roundcubemail:seaman@localhost/roundcubemail';


5.配置主配置文件

[root@mx config]# cp main.inc.php.dist main.inc.php


修改main.inc.php 文件,将如下几行:

$rcmail_config['default_host'] = '';

$rcmail_config['username_domain'] = '';

$rcmail_config['mail_domain'] = '';

$rcmail_config['smtp_server'] = '';

$rcmail_config['language'] = null;

$rcmail_config['create_default_folders'] = FALSE;

$rcmail_config['default_charset'] = 'ISO-8859-1';

$rcmail_config['timezone'] = Auto;

$rcmail_config['preview_pane'] = false;


修改下面几项内容:


$rcmail_config['default_host'] = 'localhost';

$rcmail_config['username_domain'] =  'extmail.no-ip.org';

$rcmail_config['mail_domain'] = 'extmail.no-ip.org';

$rcmail_config['smtp_server'] = 'localhost';

$rcmail_config['language'] = "zh_CN";

$rcmail_config['create_default_folders'] = TRUE;

$rcmail_config['default_charset'] = 'UTF-8';

$rcmail_config['timezone'] = 8;  

$rcmail_config['preview_pane'] = true;   <---设置默认启用邮件预览窗口



6.配置 apache 并重启它


修改/etc/httpd/conf/vhost_extmail.conf 文件,在<VirtualHost *:80>...</VirtualHost>之中:

注释掉以下几行:

DocumentRoot /var/www/extsuite/extmail/html/

ScriptAlias /extmail/cgi/      /var/www/extsuite/extmail/cgi/

Alias /extmail                 /var/www/extsuite/extmail/html/

Alias /phpmyadmin              /var/www/extsuite/phpmyadmin/

Alias /phpldapadmin            /var/www/extsuite/phpldapadmin/htdocs/


然后添加以下几行


DocumentRoot /var/www/extsuite/roundcubemail/

Alias /mail /var/www/extsuite/roundcubemail/

<Directory "/var/www/extsuite/roundcubemail/">

   Options -Indexes FollowSymLinks MultiViews

   AllowOverride None

   Order allow,deny

   allow from all

</Directory>


重启apache

[root@mx config]# service httpd restart

Stopping httpd:                                            [  OK  ]

Starting httpd:                                            [  OK  ]



7.禁止任何人访问 CHANGELOG、INSTALL、installer、LICENSE、 README、SQL、UPGRADING 并修改logs 和 temp目录的属主用户。

[root@mx roundcubemail]# cd ..

[root@mx roundcubemail]# chmod 000 CHANGELOG INSTALL installer LICENSE README SQL UPGRADING

[root@mx roundcubemail]# chown -R apache.apache logs/ temp/



8. 在浏览器中输入http://192.168.1.68/ 进行登录(用户:postmaster,密码:extmail)

注意:登录extman 创建新用户时,必须给用户启用IMAP功能,否则登录roundcube后,你将发现只有收件箱,没有草稿箱,已发送邮件。。。。




六、安装roundcube的密码插件

1. 修改配置文件

[root@mx ~]# cd /var/www/extsuite/roundcubemail/plugins/password/

[root@mx password]# cp config.inc.php.dist config.inc.php


修改 /var/www/extsuite/roundcubemail/plugins/password/config.inc.php 文件,

将下面两行

$rcmail_config['password_db_dsn'] = '';

$rcmail_config['password_query'] = 'SELECT update_passwd(%c, %u)';


改成如下:

$rcmail_config['password_db_dsn'] = 'mysql://root:wdxpw@localhost/extmail';   <--其中wdxpw是mysqlserver管理员密码

$rcmail_config['password_query'] = "UPDATE mailbox SET password=ENCRYPT(%p,concat(_utf8'$1$',right(md5(rand()),8),_utf8'$')) WHERE username=%u LIMIT 1";    <--注意双引号和单引号


2. 制作中文提示文件

建立 zh_CN.inc 文件 ,放到 /var/www/extsuite/roundcubemail/plugins/password/localization 目录下。

注意:zh_CN.inc 文件必须用UTF-8编码保存,否则回乱码。

<?php

$labels = array();

$labels['changepasswd'] = '修改密码';

$labels['curpasswd'] = '旧密码:';

$ labels['newpasswd'] = '新密码:';

$labels['confpasswd'] = '新密码确认:';

$messages = array();

$messages['nopassword'] = '请输入新密码。';

$messages['nocurpassword'] = '请输入旧密码。';

$messages['passwordincorrect'] = '旧密码不正确。';

$messages['passwordinconsistency'] = '两次输入的新密码不匹配。';

$messages['crypterror'] = '加密失败,新密码修改失败。';

$messages['connecterror'] = '连接失败,新密码修改失败。';

$messages['internalerror'] = '密码保存失败。';

?>



3. 使插件生效

修改 /var/www/extsuite/roundcubemail/config/main.inc.php 文件


$rcmail_config['plugins'] = array('');

改成

$rcmail_config['plugins'] = array('password');


4. 用postmaster登录roundcubemail,在邮箱设置中找到“密码”页,将postmaster的默认密码:extmail 修改掉。



七、设置fail2ban 监控roundcubemail

1. 下载roundcube-fail2ban-plugin 插件,并解压到roundcube的插件目录


wget  http://cloud.github.com/downloads/mattrude/rc-plugin-fail2ban/roundcube-fail2ban-plugin.1.0.tgz

tar zxvf roundcube-fail2ban-plugin.1.0.tgz -C /var/www/extsuite/roundcubemail/plugins/

2. 修改 /etc/fail2ban/jail.conf,

以#号注释掉以下部分:

[webmail]

enabled = true

filter   = webmail

action   = iptables[name=httpd, port=http, protocol=tcp]

logpath = /var/log/maillog

bantime = 900

findtime = 300

maxretry = 5


在最后增加如下内容:

[roundcube]

enabled = true

filter = roundcube

action = iptables[name=roundcube, port=http, protocol=tcp]

logpath = /var/www/extsuite/roundcubemail/logs/userlogins

bantime = 900

findtime = 300

maxretry = 5


3. 创建 /etc/fail2ban/filter.d/roundcube.conf 文件,添加如下内容:

[Definition]

failregex = FAILED login for .* from <HOST>

ignoreregex =


4. 确保 /var/www/extsuite/roundcubemail/config/main.inc.php 文件,如下两行值

$rcmail_config['log_driver'] = 'file';

$rcmail_config['syslog_facility'] = LOG_USER;


5. 使插件生效

修改 /var/www/extsuite/roundcubemail/config/main.inc.php 文件


$rcmail_config['plugins'] = array('password');

改成

$rcmail_config['plugins'] = array('password','fail2ban');


重启fail2ban服务,并开始登录测试。(故意输入5次错误密码,然后刷新一下浏览器,发现你无法打开webmail了 再在终端里输入 iptables -L 可以在返回的信息底部可以看到你自己的ip地址。说明该地址被禁止访问web了)




八、安装globaladdressbook 插件

1. 下载

wget http://www.tehinterweb.co.uk/roundcube/plugins/globaladdressbook.tar.gz


2. 解压globaladdressbook.tar.gz到 roundcube的插件目录

tar zxvf globaladdressbook.tar.gz -C /var/www/extsuite/roundcubemail/plugins/


3. 配置插件

cd /var/www/extsuite/roundcubemail/plugins/globaladdressbook

cp config.inc.php.dist config.inc.php

vi config.inc.php    确保设置如下

$rcmail_config['globaladdressbook_re adonly'] = true;       《---设置为只读,管理员除外

$rcmail_config['globaladdressbook_groups'] = true;         《---设置全局地址本可以添加组

$rcmail_config['globaladdressbook_admin'] = 'postmaster@extmail.no-ip.org';    《---指定全局地址本的管理者

$rcmail_config['globaladdressbook_autocomplete'] = true;   《---设置写收件人地址时,可在下拉菜单中显示全局地址本中的邮箱地址


4. 使插件生效

vi /var/www/extsuite/roundcubemail/config/main.inc.php

$rcmail_config['plugins'] = array('password','fail2ban');

改成

$rcmail_config['plugins'] = array('password','fail2ban','globaladdressbook');



九、安装compose_addressbook 插件(这个插件是在写邮件时,显示地址本的插件)

1. 下载 jqueryui 和 compose_addressbook

wget http://roundcube-plugins.googlecode.com/files/jqueryui-1.8.6.tgz

wget http://roundcube-plugins.googlecode.com/files/compose_addressbook-4.0.tgz


2. 将这两个插件解压到roundcube的插件目录

tar zxvf jqueryui-1.8.6.tgz -C /var/www/extsuite/roundcubemail/plugins

tar zxvf compose_addressbook-4.0.tgz -C /var/www/extsuite/roundcubemail/plugins/


3. 配置插件

cd /var/www/extsuite/roundcubemail/plugins/jqueryui

cp config.inc.php.dist config.inc.php

cd /var/www/extsuite/roundcubemail/plugins/compose_addressbook

cp config.inc.php.dist config.inc.php


4. 使插件生效

vi /var/www/extsuite/roundcubemail/config/main.inc.php

$rcmail_config['plugins'] = array('password','fail2ban','globaladdressbook');

改成

$rcmail_config['plugins'] = array('password','fail2ban','globaladdressbook','jqueryui','compose_addressbook');


注:这个插件在IE6中显示有点不正常,需要做如下修改


将修改过的两个图片 mail_toolbar.gif和mail_toolbar.png 覆盖/var/www/extsuite/roundcubemail/skins/default/p_w_picpaths/ 路径下面的两个同名图片


vi /var/www/extsuite/roundcubemail/skins/default/mail.css


#messagetoolbar a.addrbook {

 background-position: -480px 0;

}


#messagetoolbar a.addrbookSel {

 background-position: -480px -32px;

}



十、安装ContextMenu 插件(右键浮动菜单)

1. 下载

wget http://www.tehinterweb.co.uk/roundcube/plugins/contextmenu.tar.gz


2. 将这个插件解压到roundcube的插件目录

tar zxvf contextmenu.tar.gz -C /var/www/extsuite/roundcubemail/plugins/


3. 配置插件 (该插件不需要做什么配置)


4. 使插件生效

vi /var/www/extsuite/roundcubemail/config/main.inc.php

$rcmail_config['plugins'] = array('password','fail2ban','globaladdressbook','jqueryui','compose_addressbook');

改成

$rcmail_config['plugins'] = array('password','fail2ban','globaladdressbook','jqueryui','compose_addressbook','contextmenu');



十一、安装awstats分析Web和mail日志

1)使用awstats分析Web日志

1. 下载http://sourceforge.net/projects/awstats/ 并安装awstats

wget http://nchc.dl.sourceforge.net/project/awstat s/AWStats/7.0/awstats-7.0.zip

[root@mx ~]# tar zxvf awstats-7.0.tar.gz -C /var/www/extsuite/

[root@mx ~]# cd /var/www/extsuite/

[root@mx extsuite]# mv awstats-7.0 awstats

[root@mx extsuite]# cd awstats/tools/

[root@mx tools]# ./awstats_configure.pl


----- AWStats awstats_configure 1.0 (build 1.9) (c) Laurent Destailleur -----

This tool will help you to configure AWStats to analyze statistics for

one web server. You can try to use it to let it do all that is possible

in AWStats setup, however following the step by step manual setup

documentation (docs/index.html) is often a better idea. Above all if:

- You are not an administrator user,

- You want to analyze downloaded log files without web server,

- You want to analyze mail or ftp log files instead of web log files,

- You need to analyze load balanced servers log files,

- You want to 'understand' all possible ways to use AWStats...

Read the AWStats documentation (docs/index.html).


-----> Running OS detected: Linux, BSD or Unix

Warning: AWStats standard directory on Linux OS is '/usr/local/awstats'.

If you want to use standard directory, you should first move all content

of AWStats distribution from current directory:

/var/www/extsuite/awstats

to standard directory:

/usr/local/awstats

And then, run configure.pl from this location.

Do you want to continue setup from this NON standard directory [yN] ? y


-----> Check for web server install


Enter full config file path of your Web server.

Example: /etc/httpd/httpd.conf

Example: /usr/local/apache2/conf/httpd.conf

Example: c:\Program files\apache group\apache\conf\httpd.conf

Config file path ('none' to skip web server setup):

> /etc/httpd/conf/vhost_extmail.conf


-----> Check and complete web server config file '/etc/httpd/conf/vhost_extmail.conf'

 All AWStats directives are already present.


-----> Update model config file '/var/www/extsuite/awstats/wwwroot/cgi-bin/awstats.model.conf'

 File awstats.model.conf updated.


-----> Need to create a new config file ?

Do you want me to build a new AWStats config/profile

file (required if first install) [y/N] ? y


-----> Define config file name to create

What is the name of your web site or profile analysis ?

Example: www.mysite.com

Example: demo

Your web site, virtual server or profile name:

> web


-----> Define config file path

In which directory do you plan to store your config file(s) ?

Default: /etc/awstats

Directory path to store config file(s) (Enter for default):

>


-----> Create config file '/etc/awstats/awstats.web.conf'

Config file /etc/awstats/awstats.web.conf created.


-----> Add update process inside a scheduler

Sorry, configure.pl does not support automatic add to cron yet.

You can do it manually by adding the following command to your cron:

/var/www/extsuite/awstats/wwwroot/cgi-bin/awstats.pl -update -config=web

Or if you have several config files and prefer having only one command:

/var/www/extsuite/awstats/tools/awstat s_updateall.pl now

Press ENTER to continue...



A SIMPLE config file has been created: /etc/awstats/awstats.web.conf

You should have a look inside to check and change manually main parameters.

You can then manually update your statistics for 'web' with command:

> perl awstats.pl -update -config=web

You can also read your statistics for 'web' with URL:

> http://localhost/awstats/awstats.pl?config=web


Press ENTER to finish...