yum install mysql mysql-devel mysql-server
groupadd -r -g 65501 vacation
useradd -r -u 65501 -g vacation -d /var/spool/vacation -s /sbin/nologin vacation
mkdir /var/spool/vacation
groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /data/vmail -m
- 编译安装postfix-2.8.0(SSL+MYSQL支持)
//下载地址
wget ftp://ftp.cuhk.edu.hk/pub/packages/mail-server/postfix/official/postfix-2.8.20.tar.gz
tar -zvxf postfix-3.2.5.tar.gz
cd postfix-3.2.5
make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SSL -I/usr/include/openssl/ -DUSE_TLS' 'AUXLIBS=-L/usr/lib64/mysql -lmysqlclient -lz -lm -lssl -lcrypto'
make && make install
//编译失败重新编译
make clean
//从新创建main.cf
cd /etc/postfix
mv main.cf main.cf-bak
vi main.cf
//输入一下内容
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
unknown_local_recipient_reject_code = 550
################################################################################
myhostname = mail.hunting-team.com
mydomain = hunting-team.com
myorigin = $mydomain
mydestination =
mynetworks = 0.0.0.0/0
inet_interfaces = all
home_mailbox = Maildir/
############################################################################
#5000为vmail用户id和组id
virtual_alias_maps = mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /data/vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 5000
virtual_transport = virtual
virtual_uid_maps = static:5000
#################################################################################
message_size_limit = 52428800
mailbox_size_limit = 209715200
virtual_mailbox_limit = 209715200
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_overquota_bounce = yes
#################################################################################
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth-client
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_unknown_sender_domain,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_unauth_destination
##############################################################################
alias_maps = hash:/etc/aliases
###################################SSL需要##########################################
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_loglevel=3
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
smtpd_tls_cert_file = /etc/tls/mail_cert.pem
smtpd_tls_key_file = /etc/tls/privkey.pem
tls_random_source = dev:/dev/urandom
tls_daemon_random_source = dev:/dev/urandom
smtpd_tls_auth_only = yes
###############################自动回复需要#################################################
transport_maps = hash:/etc/postfix/transport
vacation_destination_recipient_limit = 1
vi /etc/postfix/master.cf
-----------------------------------------------分割线---------------------------------------------
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-----------------------------------------------分割线---------------------------------------------
//最后添加(自动回复支持)
vacation unix - n n - - pipe flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} ${recipient}
cd /etc/postfix/mysql
vi mysql_virtual_mailbox_maps.cf
user = root
password = password
hosts = localhost
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'
#expansion_limit = 100
vi mysql_virtual_mailbox_limit_maps.cf
user = root
password = password
hosts = localhost
dbname = postfix
query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'
vi mysql_virtual_domains_maps.cf
user = root
password = password
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'
#query = SELECT domain FROM domain WHERE domain='%s'
#optional query to use when relaying for backup MX
#query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1'
#expansion_limit = 100
vi mysql_virtual_alias_maps.cf
user = root
password = password
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'
#expansion_limit = 100
vi mysql_virtual_alias_domain_maps.cf
user = root
password = password
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'
vi mysql_virtual_alias_domain_mailbox_maps.cf
user = root
password = password
hosts = localhost
dbname = postfix
query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1'
vi mysql_virtual_alias_domain_catchall_maps.cf
# handles catch-all settings of target-domain
user = root
password = password
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'
//转发脚本添加
cd /xxxx/postfixadmin/VIRTUAL_VACATION
sudo cp vacation.pl /var/spool/vacation/vacation.pl
sudo chown -R vacation:vacation /var/spool/vacation
sudo chmod -R 700 /var/spool/vacation
//脚本依赖安装
yum install perl-MIME-EncWords perl-MIME-Charset perl-Email-Valid perl-Mail-Sendmail perl-Log-Log4perl perl-Mail-Sender perl-DBD-MySQL perl-LockFile-Simple perl-Encode-HanExtra
//修改脚本
vi /var/spool/vacation/vacation.pl
our $db_type = ‘mysql’;
our $db_username = ‘postfix’;
our $db_password = ‘yourdbpasswd’;
our $db_name = ‘postfix’;
vi /etc/postfix/transport
//添加
autoreply.farseerai.com vacation
postmap /etc/postfix/transport
postfix reload
yum install dovecot dovecot-mysql
cd /etc/dovecot/
mv dovecot.conf dovecot.conf-bak
vi dovecot.conf
//输入一下内容
# debug関係
auth_debug_passwords = yes
auth_verbose = no
auth_debug = yes
protocols = imap pop3
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_location = maildir:/data/vmail/%d/%n
listen = *
disable_plaintext_auth = no
auth_mechanisms = PLAIN LOGIN CRAM-MD5
first_valid_uid = 5000
first_valid_gid = 5000
mail_plugins = quota
#ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_cert = </etc/tls/mail_cert.pem
#ssl_key = </etc/pki/dovecot/private/dovecot.pem
ssl_key = </etc/tls/privkey.pem
protocol imap {
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
mail_plugins = $mail_plugins imap_quota
}
protocol pop3 {
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
}
plugin {
quota = maildir:User quota
}
vi /etc/dovecot/dovecot-sql.conf.ext
//输入一下内容
driver = mysql
connect = host=localhost dbname=postfix user=root password=password
#postfixadmin 加密一样,使用MD5-CRYPT
default_pass_scheme = MD5-CRYPT
password_query = SELECT password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, 5000 AS uid, 5000 AS gid FROM mailbox WHERE username = '%u'
//vi /etc/dovecot/conf.d/10-master.conf
配置项修改为如下内容:
#default_process_limit = 100
#default_client_limit = 1000
# Default VSZ (virtual memory size) limit for service processes. This is mainly
# intended to catch and kill processes that leak memory before they eat up
# everything.
#default_vsz_limit = 256M
# Login user is internally used by login processes. This is the most untrusted
# user in Dovecot system. It shouldn't have access to anything at all.
#default_login_user = dovenull
# Internal user is used by unprivileged processes. It should be separate from
# login user, so that login processes can't disturb other processes.
#default_internal_user = dovecot
service imap-login {
inet_listener imap {
#port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
# Number of connections to handle before starting a new process. Typically
# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
# is faster. <doc/wiki/LoginProcess.txt>
#service_count = 1
# Number of processes to always keep waiting for more connections.
#process_min_avail = 0
# If you set service_count=0, you probably need to grow this.
#vsz_limit = 64M
}
service pop3-login {
inet_listener pop3 {
#port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
service lmtp {
unix_listener lmtp {
#mode = 0666
}
# Create inet listener only if you can't use the above UNIX socket
#inet_listener lmtp {
# Avoid making LMTP visible for the entire internet
#address =
#port =
#}
}
service imap {
# Most of the memory goes to mmap()ing files. You may need to increase this
# limit if you have huge mailboxes.
#vsz_limit = 256M
# Max. number of IMAP processes (connections)
#process_limit = 1024
}
service pop3 {
# Max. number of POP3 processes (connections)
#process_limit = 1024
}
service auth {
# auth_socket_path points to this userdb socket by default. It's typically
# used by dovecot-lda, doveadm, possibly imap process, etc. Its default
# permissions make it readable only by root, but you may need to relax these
# permissions. Users that have access to this socket are able to get a list
# of all usernames and get results of everyone's userdb lookups.
unix_listener auth-userdb {
# mode = 0600
# user = vmail
}
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
# Auth process is run as this user.
#user = $default_internal_user
}
service auth-worker {
# Auth worker process is run as root by default, so that it can access
# /etc/shadow. If this isn't necessary, the user should be changed to
# $default_internal_user.
#user = root
}
service dict {
# If dict proxy is used, mail processes should have access to its socket.
# For example: mode=0660, group=vmail and global mail_access_groups=vmail
unix_listener dict {
#mode = 0600
#user =
#group =
}
}
vi /etc/dovecot/conf.d/10-ssl.conf
修改为如下配置项:
##
## SSL settings
##
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = required
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
#ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_cert = </etc/tls/mail_cert.pem
#ssl_key = </etc/pki/dovecot/private/dovecot.pem
ssl_key = </etc/tls/privkey.pem
# If key file is password protected, give the password here. Alternatively
# give it when starting dovecot with -p parameter. Since this file is often
# world-readable, you may want to place this setting instead to a different
# root owned 0600 file by using ssl_key_password = <path.
#ssl_key_password =
# PEM encoded trusted certificate authority. Set this only if you intend to use
# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
# followed by the matching CRL(s). (e.g. ssl_ca = </etc/pki/dovecot/certs/ca.pem)
#ssl_ca =
# Request client to send a certificate. If you also want to require it, set
# auth_ssl_require_client_cert=yes in auth section.
#ssl_verify_client_cert = no
# Which field from certificate to use for username. commonName and
# x500UniqueIdentifier are the usual choices. You'll also need to set
# auth_ssl_username_from_cert=yes.
#ssl_cert_username_field = commonName
# How often to regenerate the SSL parameters file. Generation is quite CPU
# intensive operation. The value is in hours, 0 disables regeneration
# entirely.
#ssl_parameters_regenerate = 168
# DH parameters length to use.
#ssl_dh_parameters_length = 1024
# SSL protocols to use
#ssl_protocols = !SSLv2 !SSLv3
# SSL ciphers to use
#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
yum -y install cyrus-sasl-plain cyrus-sasl-devel
mkdir /etc/tls/ -p
cd /etc/tls/
openssl req -new -x509 -nodes -out mail_cert.pem
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Guangdong
Locality Name (eg, city) [Default City]:dongguan
Organization Name (eg, company) [Default Company Ltd]:vqiu
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:mail.vqiu.cn
Email Address []:IT@vqiu.cn
-----
chmod 0600 /etc/tls/privkey.pem
- postfixadmin安装访问http://www.xxxx.com/postfixadmin/setup.php
vim config.inc.php
#### 查找 $CONF['configured'] = false; ###
改为
$CONF['configured'] = true;
###查找 $CONF['default_language'] = 'en'; ##
改为:
$CONF['default_language'] = 'cn';
####查找
$CONF['database_type'] = 'mysql';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix';
$CONF['database_password'] = 'postfixadmin';
$CONF['database_name'] = 'postfix';
$CONF['database_prefix'] = '';
改为:
$CONF['database_type'] = 'mysql';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'root';
$CONF['database_password'] = 'yourpassword';
$CONF['database_name'] = 'postfix';
$CONF['database_prefix'] = '';
自动回复支持:
$CONF['database_tables'] = array (
'admin' => 'admin',
'alias' => 'alias',
'alias_domain' => 'alias_domain',
'config' => 'config',
'domain' => 'domain',
'domain_admins' => 'domain_admins',
'fetchmail' => 'fetchmail',
'log' => 'log',
'mailbox' => 'mailbox',
'vacation' => 'vacation',
'vacation_notification' => 'vacation_notification',
'quota' => 'quota',
'quota2' => 'quota2',
);
$CONF['vacation'] = 'YES';
$CONF['vacation_domain'] = 'autoreply.hunting-team.com';
yum fetchmail perl-dbd-pg perl-lockfile-simple
mkdir /var/root/fetchmail -p
vi /etc/cron.d/fetchmail
*/2 * * * * mail /usr/bin/perl /data/www/object/postfixadmin/ADDITIONS/fetchmail.pl &>/dev/null
参考网址:
https://wiki.vpsget.com/index.php/Spamassassin_on_CentOS_6
yum install spamassassin
groupadd spamd
useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd
chown spamd:spamd /var/log/spamassassin
vi /etc/mail/spamassassin/local.cf
required_hits 5.0
report_safe 0
required_score 5
rewrite_header Subject [SPAM]
vi /etc/postfix/master.cf
# ====================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ====================================================================
smtp inet n - n - - smtpd -o content_filter=spamassassin
//最后添加
spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
//支持中文
/etc/mail/spamassassin目录下加入两个文件:Chinese_rules_GB2312.cf和Chinese_rules_UTF-8.cf
/etc/init.d/spamassassin restart
vi /etc/postfix/main.cf
header_checks = regexp:/etc/postfix/header_checks
vi /etc/postfix/header_checks
/^X-Spam-Flag:.YES/ DISCARD spam
service postfix restart
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
