RHEL4上安裝基於postfix的全功能郵件伺服器(全部使用目前最新源碼包構建)

火星人 @ 2014-03-04 , reply:0
←手機掃碼閱讀

RHEL4上安裝基於postfix的全功能郵件伺服器(全部使用目前最新源碼包構建)

本文凝聚了作者不少的安裝經驗,寫出來供各位同仁參考指正,也為自己留一個「備份」,以便以後安裝時作為參照!
安裝過程中借鑒了不少google出來的文章,是你們先行的足跡為作者今天的成功打下了基礎,在此先行謝過!
轉載請註明出處:http://marion.cublog.cn


所用軟體包:(本文中,以下軟體包都將在/usr/local/src中存放)

Postfix-2.4.5
Mysql-5.0.45
Sasl-2.1.22
DB-4.5.20
Openssl-0.98e
httpd-2.2.4
Php-5.2.3
courier-authlib-0.59.3
courier-imap-4.1.3
Extmail-1.0.2
Extman-0.2.2
maildrop-2.0.4
clamav-0.91.2
amavisd-new
SpamAssassin-3.2.3

系統邏輯結構



前提:開始前請確保您已經配置好指向此郵件伺服器MX記錄及其它DNS設置;本示例中的域名為benet.org,郵件伺服器FQDN為mail.benet.org,IP地址為192.168.1.6;同時,如果您的伺服器事先已經安裝了sendmail,請卸載之;

一、安裝mysql-5.0.45

#groupadd mysql
#useradd -g mysql -s /bin/false -M mysql
#tar zxvf mysql-5.0.45.tar.gz
#cd mysql-5.0.45

#./configure
--prefix=/usr/local/mysql
--enable-thread-safe-client
--enable-local-infile
--with-charset=gbk
--with-extra-charset=all
--with-low-memory
#make
#make install
#cp support-files/my-medium.cnf  /etc/my.cnf
#cd  /usr/local/mysql
#chown -R mysql .
#chgrp -R mysql .
#bin/mysql_install_db --user=mysql
#chown -R root .
#chown -R mysql var
#bin/mysqld_safe --user=mysql &

#cd  /usr/local/src/mysql-5.0.45     (這裡的目錄指的是原壓縮包解壓后的目錄)
#cp  support-files/mysql.server  /etc/rc.d/init.d/mysqld
#chmod  700  /etc/rc.d/init.d/mysqld
加入自動啟動服務隊列:
#chkconfig --add mysqld
#chkconfig  --level  345  mysqld  on

測試
#/usr/local/mysql/bin/mysqladmin  ping
#/usr/local/mysql/bin/mysqladmin  version
#/usr/local/mysql/bin/mysql

添加root密碼
#/usr/local/mysql/bin/mysqladmin -uroot -p 舊密碼 password 新密碼
說明:此時mysql的root用戶的密碼為空

配置庫文件搜索路徑
# echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf
# ldconfig -v

添加/usr/local/mysql/bin到環境變數PATH中
#export PATH=$PATH:/usr/local/mysql/bin


二、安裝openssl-0.9.8e

# tar zxvf openssl-0.9.8e.tar.gz
# cd openssl-0.9.8e
# ./config shared zlib
# make
# make test
# make install
# mv /usr/bin/openssl /usr/bin/openssl.OFF
# mv /usr/include/openssl /usr/include/openssl.OFF
# rm /usr/lib/libssl.so
# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
# ln -s /usr/local/ssl/include/openssl /usr/include/openssl
# ln -sv /usr/local/ssl/lib/libssl.so.0.9.8  /usr/lib/libssl.so

配置庫文件搜索路徑
# echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
# ldconfig -v

檢測安裝結果
# openssl version
OpenSSL 0.9.8e 23 Feb 2007


三、安裝sasl-2.1.22

#tar zxvf cyrus-sasl-2.1.22.tar.gz
#cd cyrus-sasl-2.1.22
#./configure --prefix=/usr/local/sasl2            (注意使用續行符)
--disable-gssapi
--disable-anon
--disable-sample
--disable-digest
--enable-plain
--enable-login
--enable-sql
--with-mysql=/usr/local/mysql
--with-mysql-includes=/usr/local/mysql/include/mysql --with-mysql-libs=/usr/local/mysql/lib/mysql  --with-authdaemond=/usr/local/courier-authlib/var/spool/authdaemon/socket
#make
#make install

關閉原有的sasl:
# mv /usr/lib/libsasl2.a  /usr/lib/libsasl2.a.OFF
# mv /usr/lib/libsasl2.la  /usr/lib/libsasl2.la.OFF
# mv /usr/lib/libsasl2.so.2.0.19  /usr/lib/libsasl2.so.2.0.19.OFF
# mv /usr/lib/sasl2  /usr/lib/sasl2.OFF
# rm /usr/lib/libsasl2.so
# rm /usr/lib/libsasl2.so.2

# ln -sv /usr/local/sasl2/lib/*  /usr/lib

postfix 2.3以後的版本會分別在/usr/local/lib和/usr/local/include中搜索sasl庫文件及頭文件,故還須將其鏈接至此目錄中:
# ln -sv /usr/local/sasl2/lib/*  /usr/local/lib
# ln -sv /usr/local/sasl2/include/sasl/*  /usr/local/include

創建運行時需要的目錄並調試啟動
# mkdir -pv /var/state/saslauthd      
# /usr/local/sasl2/sbin/saslauthd  -a  shadow  pam  -d

啟動並測試
# /usr/local/sasl2/sbin/saslauthd -a shadow pam
# /usr/local/sasl2/sbin/testsaslauthd -u root -p root用戶密碼

配置庫文件搜索路徑
# echo "/usr/local/sasl2/lib" >> /etc/ld.so.conf
# echo "/usr/local/sasl2/lib/sasl2" >> /etc/ld.so.conf
# ldconfig -v

開機自動啟動
# echo "/usr/local/sasl2/sbin/saslauthd -a shadow pam">>/etc/rc.local


四、安裝BerkeleyDB

#tar zxvf db-4.5.20.tar.gz
#cd db-4.5.20/build_unix
#../dist/configure --prefix=/usr/local/BerkeleyDB
#make
#make install

修改相應的頭文件指向
# mv  /usr/include/db4  /usr/inculde/db4.OFF
# rm  /usr/include/db_cxx.h
# rm  /usr/include/db.h
# rm  /usr/include/db_185.h
# ln -sv /usr/local/BerkeleyDB/include  /usr/include/db4
# ln -sv /usr/local/BerkeleyDB/include/db.h  /usr/include/db.h
# ln -sv /usr/local/BerkeleyDB/include/db_cxx.h  /usr/include/db_cxx.h

配置庫文件搜索路徑
# echo "/usr/local/BerkeleyDB/lib" >> /etc/ld.so.conf
# ldconfig –v

五、安裝httpd-2.2.4

#tar jxvf httpd-2.2.4.tar.bz2
#cd httpd-2.2.4
#./configure
--prefix=/usr/local/apache
--sysconfdir=/etc/httpd
--enable-so
--enable-ssl
--with-ssl=/usr/local/ssl
--enable-track-vars
--enable-rewrite
--with-zlib
--enable-mods-shared=most  
--enable-suexec                      (後面extmail切換」運行時用戶」時要用到)
--with-suexec-caller=daemon  
#make
#make install

#echo "/usr/local/apache/bin/apachectl start" >> /etc/rc.local(系統啟動時服務自動啟動)

六、安裝php-5.2.3

# tar -zvxf php-5.2.3.tar.gz
# mkdir -p /usr/local/php
# cd php-5.2.3
# ./configure --prefix=/usr/local/php              
  --with-apxs2=/usr/local/apache/bin/apxs
  --with-mysql=/usr/local/mysql
  --with-mysqli=/usr/local/mysql/bin/mysql_config
  --with-xml
  --with-png
  --with-jpeg
  --with-zlib
  --with-freetype
  --with-gd  
  --enable-track-vars  
  --enable-mbstring=all
# make
# make install
# cp php.ini-dist  /usr/local/php/lib/php.ini

註:編輯apache配置文件httpd.conf,以apache支持php
# vi /etc/httpd/httpd.conf
1、添加如下二行
  AddType application/x-httpd-php  .php
  AddType application/x-httpd-php-source  .phps

2、定位至DirectoryIndex index.html
  修改為:
   DirectoryIndex  index.php  index.html

3、按照使用習慣,這裡將網站根目錄指定到/var/www:
找到DocumentRoot 「/usr/local/apache/htdocs」
修改為:DocumentRoot 「/var/www」(後文中我們還會註釋掉此行,以啟用虛擬主機)

找到<Directory 「/usr/local/apache/htdocs」>
修改為:<Directory 「/var/www」>

說明:這個對本文來說並非是不可少的。

七、安裝Postfix-2.4.5

1.安裝
#groupadd -g 2525 postfix
#useradd -g postfix -u 2525 -s /sbin/nologin -M postfix
#groupadd -g 2526 postdrop
#useradd -g postdrop -u 2526 -s /bin/false -M postdrop

#tar zxvf postfix-2.4.5.tar.gz
#cd postfix-2.4.5
#make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/local/sasl2/include/sasl -I/usr/local/BerkeleyDB/include  -DUSE_TLS -I/usr/local/ssl/include/openssl ' 'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient -lz -lm -L/usr/local/sasl2/lib -lsasl2 -L/usr/local/BerkeleyDB/lib -L/usr/local/ssl/lib -lssl -lcrypto'
#make
#make install

按照以下的提示輸入相關的路徑([]號中的是預設值,」]」后的是輸入值)

  install_root: [/] /
  tempdir: /tmp
  config_directory: /etc/postfix
  daemon_directory: /usr/local/postfix/libexec
  command_directory: /usr/local/postfix/sbin
  queue_directory:
  sendmail_path:
  newaliases_path:
  mailq_path:
  mail_owner:
  setgid_group:    
    html_directory: /var/www/postfix_html
    manpages: /usr/local/postfix/man   
    readme_directory:

說明:這裡的postfix將安裝在獨立的目錄/usr/local/postfix中,目的是為了方便管理;您亦可以採用默認安裝的方式,可能這樣使用起來會更為方便些;

生成別名二進位文件,這個步驟如果忽略,會造成postfix效率極低:
#  newaliases

2.進行一些基本配置,測試啟動postfix並進行發信
#vi /etc/postfix/main.cf
修改以下幾項為您需要的配置
myhostname = mail.benet.org
myorigin = benet.org
mydomain = benet.org
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 192.168.1.0/24, 127.0.0.0/8

說明:
myorigin參數用來指明發件人所在的域名;
mydestination參數指定postfix接收郵件時收件人的域名,即您的postfix系統要接收到哪個域名的郵件;
myhostname 參數指定運行postfix郵件系統的主機的主機名,默認情況下,其值被設定為本地機器名;
mydomain參數指定您的域名,默認情況下,postfix將myhostname的第一部分刪除而作為mydomain的值;
mynetworks 參數指定你所在的網路的網路地址,postfix系統根據其值來區別用戶是遠程的還是本地的,如果是本地網路用戶則允許其訪問;
inet_interfaces 參數指定postfix系統監聽的網路介面;

注意:
1、在postfix的配置文件中,參數行和註釋行是不能處在同一行中的;
2、任何一個參數的值都不需要加引號,否則,引號將會被當作參數值的一部分來使用;
3、每修改參數及其值后執行 postfix reload 即可令其生效;但若修改了inet_interfaces,則需重新啟動postfix;
4、如果一個參數的值有多個,可以將它們放在不同的行中,只需要在其後的每個行前多置一個空格即可;postfix會把第一個字元為空格或tab的文本行視為上一行的延續;

啟動postfix
/usr/local/postfix/sbin/postfix  start

連接postfix,驗正服務啟動狀況:
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.benet.org ESMTP Postfix
ehlo mail.benet.org
250-mail.benet.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:root@benet.org
250 2.1.0 Ok
rcpt to:redhat@benet.org
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
subject:Mail test!
Mail test!!!
.
250 2.0.0 Ok: queued as AB94A1A561
quit
221 2.0.0 Bye
Connection closed by foreign host.

切換到redhat用戶進行收信:
# su - redhat
$ mail
Mail version 8.1 6/6/93.  Type ? for help.
"/var/spool/mail/redhat": 1 message 1 new
>N  1 root@benet.org        Wed Sep  5 10:59  15/488   "Mail test!"
&

八、為postfix開啟基於cyrus-sasl的認證功能

使用以下命令驗正postfix是否支持cyrus風格的sasl認證,如果您的輸出為以下結果,則是支持的:
# /usr/local/postfix/sbin/postconf  -a
cyrus
dovecot

#vi /etc/postfix/main.cf
添加以下內容:
############################CYRUS-SASL############################
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!

#vi /usr/local/lib/sasl2/smtpd.conf
添加如下內容:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

讓postfix重新載入配置文件
#/usr/local/postfix/sbin/postfix reload

# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 Welcome to our mail.benet.org ESMTP,Warning: Version not Available!
ehlo mail.benet.org
250-mail.benet.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN               (請確保您的輸出以類似兩行)
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN


九、讓postfix支持虛擬域和虛擬用戶

1、編輯/etc/postfix/main.cf,添加如下內容:
########################Virtual Mailbox Settings########################
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
##########################QUOTA Settings########################
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please Tidy your mailbox and try again later.
virtual_overquota_bounce = yes

2、添加為支持虛擬域和虛擬用戶所用到的配置文件

編輯/etc/postfix/mysql_virtual_alias_maps.cf ,添加如下內容:
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = alias
select_field = goto
where_field = address

編輯/etc/postfix/mysql_virtual_domains_maps.cf ,添加如下內容:
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = domain
select_field = description
where_field = domain

編輯/etc/postfix/mysql_virtual_mailbox_limit_maps.cf ,添加如下內容:
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = mailbox
select_field = quota
where_field = username

編輯/etc/postfix/mysql_virtual_mailbox_maps.cf ,添加如下內容:
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = mailbox
select_field = maildir
where_field = username


說明:
1、這裡用到的資料庫及用戶的建立可以後文中的extmail說明部分來實現,您可以參照那一部分來理解這裡指定的資料庫及其用戶名等;
2、以上新建文件亦可以從extman安裝文件中獲得,您也可以由此不用手動輸入;
3、虛擬用戶郵箱目錄我這裡沿用了/var/mailbox,你可以指定為別的目錄,比如常見到的/var/spool/mail,或者/home/domains等;但如果這裡做了修改,請在後文中用到時作了相應的修改;

十、安裝Courier authentication library

# tar jxvf courier-authlib-0.59.3.tar.bz2
# cd courier-authlib-0.59.3
#./configure
    --prefix=/usr/local/courier-authlib
    --sysconfdir=/etc
    --without-authpam
    --without-authldap
    --without-authpwd
    --without-authshadow
    --without-authvchkpw
    --without-authpgsql
    --with-authmysql
    --with-mysql-libs=/usr/local/mysql/lib/mysql
    --with-mysql-includes=/usr/local/mysql/include/mysql
    --with-redhat
    --with-authmysqlrc=/etc/authmysqlrc
    --with-authdaemonrc=/etc/authdaemonrc
    CFLAGS="-march=i686 -O2 -fexpensive-optimizations"  
    CXXFLAGS="-march=i686 -O2 -fexpensive-optimizations"
# make
# make install

# chmod 755 /usr/local/courier-authlib/var/spool/authdaemon
# cp /etc/authdaemonrc.dist  /etc/authdaemonrc
# cp /etc/authmysqlrc.dist  /etc/authmysqlrc

修改/etc/authdaemonrc 文件
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=10

編輯/etc/authmysqlrc 為以下內容,其中2525,2525 為postfix 用戶的UID和GID。
MYSQL_SERVER localhost
MYSQL_PORT 3306                   (指定你的mysql監聽的埠,這裡使用默認的3306)
MYSQL_USERNAME  extmail      (這時為後文要用的資料庫的所有者的用戶名)
MYSQL_PASSWORD extmail        (密碼)
MYSQL_SOCKET  /tmp/mysql.sock
MYSQL_DATABASE  extmail
MYSQL_USER_TABLE  mailbox
MYSQL_CRYPT_PWFIELD  password
MYSQL_UID_FIELD  '2525'
MYSQL_GID_FIELD  '2525'
MYSQL_LOGIN_FIELD  username
MYSQL_HOME_FIELD  concat('/var/mailbox/',homedir)
MYSQL_NAME_FIELD  name
MYSQL_MAILDIR_FIELD  concat('/var/mailbox/',maildir)

# cp courier-authlib.sysvinit /etc/init.d/courier-authlib
# chmod 755 /etc/init.d/courier-authlib
# chkconfig --add courier-authlib
# chkconfig --level 2345 courier-authlib on

#echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf
# ldconfig -v
# service courier-authlib start   (啟動服務)

十一、安裝Courier-IMAP

# tar jxvf courier-imap-4.1.3.tar.bz2
# cd courier-imap-4.1.3
./configure
  --prefix=/usr/local/courier-imap
  --with-redhat
  --enable-unicode
  --disable-root-check
  --with-trashquota
  --without-ipv6
  CPPFLAGS='-I/usr/local/ssl/include/openssl  -I/usr/local/courier-authlib/include'   
  LDFLAGS='-L/usr/local/courier-authlib/lib/courier-authlib'  
  COURIERAUTHCONFIG='/usr/local/courier-authlib/bin/courierauthconfig'
# make
# make install

# cp /usr/local/courier-imap/etc/imapd.dist /usr/local/courier-imap/etc/imapd
# cp /usr/local/courier-imap/etc/imapd-ssl.dist /usr/local/courier-imap/etc/imapd-ssl
# cp /usr/local/courier-imap/etc/pop3d.dist /usr/local/courier-imap/etc/pop3d
# cp /usr/local/courier-imap/etc/pop3d-ssl.dist /usr/local/courier-imap/etc/pop3d-ssl

配置Courier-IMAP,為用戶提供pop3服務:
vi /usr/local/courier-imap/etc/pop3d
POP3DSTART=YES

註:如果你想為用戶提供IMAP服務,則需在"/usr/local/courier-imap/etc/imapd"文件中設置"IMAPDSTART=yes";其它類同;

新建虛擬用戶郵箱所在的目錄,並將其許可權賦予postfix用戶:
#mkdir –pv /var/mailbox
#chown –R postfix /var/mailbox

#cp courier-imap.sysvinit /etc/rc.d/init.d/courier-imapd
#chmod 755 /etc/rc.d/init.d/courier-imapd
#chkconfig --add courier-imapd
#chkconfig --level 2345 courier-imapd on
#service courier-imapd start

接下來重新配置SMTP 認證,編輯 /usr/local/lib/sasl2/smtpd.conf ,確保其為以下內容:
pwcheck_method: authdaemond
log_level: 3
mech_list:PLAIN LOGIN
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket

[ 本帖最後由 marion 於 2008-7-19 16:17 編輯 ]
《解決方案》

2008年7月30號:更正筆誤一處;

十二、安裝Extmail-1.0.2

1、安裝
# tar zxvf extmail-1.0.2.tar.gz
# mkdir -pv /var/www/extsuite
# mv extmail-1.0.2 /var/www/extsuite/extmail
# cp /var/www/extsuite/extmail/webmail.cf.default  /var/www/extsuite/extmail/webmail.cf

2、修改主配置文件
#vi /var/www/extsuite/extmail/webmail.cf

部分修改選項的說明:

SYS_MESSAGE_SIZE_LIMIT = 5242880
用戶可以發送的最大郵件

SYS_USER_LANG = en_US
語言選項,可改作:
SYS_USER_LANG = zh_CN

SYS_MAILDIR_BASE = /home/domains
此處即為您在前文所設置的用戶郵件的存放目錄,可改作:
SYS_MAILDIR_BASE = /var/mailbox

SYS_MYSQL_USER = db_user
SYS_MYSQL_PASS = db_pass
以上兩句句用來設置連接資料庫伺服器所使用用戶名、密碼和郵件伺服器用到的資料庫,這裡修改為:
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail


SYS_MYSQL_HOST = localhost
指明資料庫伺服器主機名,這裡默認即可

SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock
連接資料庫的sock文件位置,這裡修改為:
SYS_MYSQL_SOCKET = /tmp/mysql.sock


SYS_MYSQL_TABLE = mailbox
SYS_MYSQL_ATTR_USERNAME = username
SYS_MYSQL_ATTR_DOMAIN = domain
SYS_MYSQL_ATTR_PASSWD = password
以上用來指定驗正用戶登錄里所用到的表,以及用戶名、域名和用戶密碼分別對應的表中列的名稱;這裡默認即可

SYS_AUTHLIB_SOCKET = /var/spool/authdaemon/socket
此句用來指明authdaemo socket文件的位置,這裡修改為:
SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket


3、apache相關配置

由於extmail要進行本地郵件的投遞操作,故必須將運行apache伺服器用戶的身份修改為您的郵件投遞代理的用戶;本例中打開了apache伺服器的suexec功能,故使用以下方法來實現虛擬主機運行身份的指定。此例中的MDA為postfix自帶,因此將指定為postfix用戶:
<VirtualHost *:80>
ServerName mail.benet.org
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
SuexecUserGroup postfix postfix
</VirtualHost>

修改 cgi執行文件屬主為apache運行身份用戶:
# chown -R postfix.postfix /var/www/extsuite/extmail/cgi/

如果您沒有打開apache伺服器的suexec功能,也可以使用以下方法解決:
# vi /etc/httpd/httpd.conf
User postfix
Group postfix

<VirtualHost *:80>
ServerName mail.benet.org
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi
Alias /extmail /var/www/extsuite/extmail/html
</VirtualHost>

4、依賴關係的解決

extmail將會用到perl的DBD::Mysql和Unix::syslogd功能,您可以去http://search.cpan.org搜索下載原碼包進行安裝。
# tar zxvf Unix-Syslog-0.100.tar.gz
# cd Unix-Syslog-0.100
# perl Makefile.PL
# make
# make install

DBD-Mysql目前最新的版本為DBD-mysql-4.005,但它和系統中的perl結合使用時會造成extmail無法正常使用,因此我們採用3的版本:
# tar zxvf DBD-mysql-3.0002_4.tar.gz  
# cd cd DBD-mysql-3.0002_4
# perl Makefile.PL   (此步驟中如果出現類同Can't exec "mysql_config": No such file or directory at Makefile.PL line 76.的錯誤是因為您的mysql的bin目錄沒有輸出至$PATH環境變數)
# make
# make install

十三、安裝Extman-0.2.2

1、安裝及基本配置

#tar zxvf  extman-0.2.2.tar.gz
# mv extman-0.2.2 /var/www/extsuite/extman

修改配置文件以符合本例的需要:
# vi /var/www/extsuite/extman/webman.cf

SYS_MAILDIR_BASE = /home/domains
此處即為您在前文所設置的用戶郵件的存放目錄,可改作:
SYS_MAILDIR_BASE = /var/mailbox

SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock
此處修改為:
SYS_MYSQL_SOCKET = /tmp/mysql.sock

使用extman源碼目錄下docs目錄中的extmail.sql和init.sql建立資料庫:

# cd /var/www/extsuite/extman/docs
# mysql -u root -p <extmail.sql
# mysql -u root -p <init.sql

修改cgi目錄的屬主:
# chown -R postfix.postfix /var/www/extsuite/extman/cgi/

如果extman訪問資料庫許可權不足的話,可採用以下命令將新生成的資料庫賦予webman用戶具有所有許可權:
mysql> GRANT all privileges on extmail.* TO webman@localhost IDENTIFIED BY 'webman';
mysql> GRANT all privileges on extmail.* TO webman@127.0.0.1 IDENTIFIED BY 'webman';

在apache的主配置文件中Extmail的虛擬主機部分,添加如下兩行:
ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi
Alias /extman /var/www/extsuite/extman/html

創建其運行時所需的臨時目錄,並修改其相應的許可權:
#mkdir  -pv  /tmp/extman
#chown postfix.postfix  /tmp/extman


好了,到此為止,重新啟動apache伺服器后,您的Webmail和Extman已經可以使用了,可以在瀏覽器中輸入指定的虛擬主機的名稱進行訪問,如下:
http://mail.benet.org

選擇管理即可登入extman進行後台管理了。默認管理帳號為:root@extmail.org  密碼為:extmail*123*

說明:
(1) 如果您安裝后無法正常顯示校驗碼,安裝perl-GD模塊會解決這個問題。如果想簡單,您可以到以下地址下載適合您的平台的rpm包,安裝即可:  http://dries.ulyssis.org/rpm/packages/perl-GD/info.html
(2) extman-0.2.2自帶了圖形化顯示日誌的功能;此功能需要rrdtool的支持,您需要安裝此些模塊才可能正常顯示圖形日誌。

2、(新增2007.9.18)配置Mailgraph_ext,使用Extman的圖形日誌:

接下來安裝圖形日誌的運行所需要的軟體包Time::HiRes、File::Tail和rrdtool,其中前兩個包您可以去http://search.cpan.org搜索並下載獲得,后一個包您可以到 http://oss.oetiker.ch/rrdtool/pub/?M=D下載獲得; 注意安裝順序不能改換。

安裝Time::HiRes
#tar zxvf Time-HiRes-1.9707.tar.gz
#cd Time-HiRes-1.9707
#perl Makefile.PL
#make
#make test
#make install

安裝File::Tail
#tar zxvf File-Tail-0.99.3.tar.gz
#cd File-Tail-0.99.3
#perl Makefile
#make
#make test
#make install

安裝rrdtool-1.2.23
#tar zxvf rrdtool-1.2.23.tar.gz
#cd rrdtool-1.2.23
#./configure --prefix=/usr/local/rrdtool
#make
#make install

創建必要的符號鏈接(Extman會到這些路徑下找相關的庫文件)
#ln -sv /usr/local/rrdtool/lib/perl/5.8.5/i386-linux-thread-multi/auto/RRDs/RRDs.so   /usr/lib/perl5/5.8.5/i386-linux-thread-multi/
#ln -sv /usr/local/rrdtool/lib/perl/5.8.5/RRDp.pm   /usr/lib/perl5/5.8.5
#ln -sv /usr/local/rrdtool/lib/perl/5.8.5/i386-linux-thread-multi/RRDs.pm   /usr/lib/perl5/5.8.5

複製mailgraph_ext到/usr/local,並啟動之
# cp -r /var/www/extsuite/extman/addon/mailgraph_ext  /usr/local  
# / usr/local/mailgraph_ext/mailgraph-init  start
# /usr/local/mailgraph_ext/qmonitor-init  start

添加到自動啟動隊列
echo "/usr/local/mailgraph_ext/mailgraph-init start" >> /etc/rc.local
echo "/usr/local/mailgraph_ext/qmonitor-init start" >> /etc/rc.local

好了,接下來您就可以到extman的後台查看圖表日誌了。效果如下圖:



注意:安裝以上軟體所之前,請確保您的系統已經安裝了tcl、tcl-devel、libart和libart-devel等相關的軟體包;

新續部分(2007.9.16)

十四、安裝maildrop-2.0.4

maildrop是一個使用C++編寫的用來代替本地MDA的帶有過濾功能郵件投遞代理,是courier郵件系統組件之一。它從標準輸入接受信息並投遞到用戶郵箱;maildrop既可以將郵件投遞到mailboxes格式郵箱,亦可以將其投遞到maildirs格式郵箱。同時,maildrop可以從文件中讀取入站郵件過濾指示,並由此決定是將郵件送入用戶郵箱或者轉發到其它地址等。和procmail不同的是,maildrop使用結構化的過濾語言,因此,郵件系統管理員可以開發自己的過濾規則並應用其中。

我們在此將使用maildrop來代替postfix自帶的MDA,並以此為基礎擴展後文的郵件殺毒和反垃圾郵件功能的調用;在此可能會修改前文中的許多設置,請確保您的設置也做了相應的修改。

1、安裝

將courier-authlib的頭文件及庫文件鏈接至/usr目錄(編譯maildrop時會到此目錄下找此些相關的文件):
# ln -sv /usr/local/courier-authlib/bin/courierauthconfig   /usr/bin
# ln -sv /usr/local/courier-authlib/include/*   /usr/include

maildrop需要pcre的支持,因此,接下來將首先安裝pcre
# tar jxvf pcre-7.3.tar.bz2
# cd pcre-7.3
# ./configure
# make
# make check
# make install

# groupadd -g 1001 vmail
# useradd -g vmail -u 1001 -M -s /sbin/nologin vmail
# tar jxvf maildrop-2.0.4.tar.bz2
# cd maildrop-2.0.4
# ./configure
    --enable-sendmail=/usr/sbin/sendmail
    --enable-trusted-users='root vmail'
    --enable-syslog=1 --enable-maildirquota
    --enable-maildrop-uid=1001
    --enable-maildrop-gid=1001
    --with-trashquota --with-dirsync
# make
# make install

檢查安裝結果,請確保有"Courier Authentication Library extension enabled."一句出現:
# maildrop -v
maildrop 2.0.4 Copyright 1998-2005 Double Precision, Inc.
GDBM extensions enabled.
Courier Authentication Library extension enabled.
Maildir quota extension enabled.
This program is distributed under the terms of the GNU General Public
License. See COPYING for additional information.


2、新建其配置文件/etc/maildroprc文件,首先指定maildrop的日誌記錄位置:
# vi /etc/maildroprc
添加:
logfile "/var/log/maildrop.log"

# touch /var/log/maildrop.log
# chown vmail.vmail /var/log/maildrop.log

3、配置Postfix

編輯master.cf
# vi /etc/postfix/master.cf
啟用如下兩行
maildrop  unix  -       n       n       -       -       pipe
   flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}

注意:定義transport的時候,即如上兩行中的第二行,其參數行必須以空格開頭,否則會出錯。

編輯main.cf
# vi /etc/postfix/main.cf
virtual_transport = virtual
修改為:
virtual_transport = maildrop

將下面兩項指定的UID和GID作相應的修改:
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
修改為:
virtual_uid_maps = static:1001
virtual_gid_maps = static:1001


4、編輯/etc/authmysqlrc

# vi /etc/authmysqrc
MYSQL_UID_FIELD  '2525'
MYSQL_GID_FIELD  '2525'
更改為:
MYSQL_UID_FIELD  '1001'
MYSQL_GID_FIELD  '1001'

注意:沒有此處的修改,maildrop可能會報告 「signal 0x06」的錯誤報告。

5、編輯/etc/httpd/httpd.conf,修改運行用戶:

如果啟用了suexec的功能,則將虛擬主機中指定的
SuexecUserGroup postfix postfix
修改為:
SuexecUserGroup vmail vmail

如果沒有使用上面的功能,則修改User和Group指令后的用戶為vmail
將前文中的如下項
User postfix
Group postfix
修改為:
User vmail
Group vmail

6、將用戶郵件所在的目錄/var/mailbox和extman的臨時目錄/tmp/extman的屬主和屬組指定為vmail
#chown -R vmail.vmail /var/mailbox
#chown -R vmail.vmail /tmp/extman


接下來重新啟動postfix和apache,進行發信測試后,如果日誌中的記錄類同以下項,則安裝成功

Sep 16 12:04:43 Ixor postfix/pipe: 46B491A5CB: to=<marion@test.com>, relay=maildrop, delay=2306, delays=2306/0.04/0/0.07, dsn=2.0.0, status=sent (delivered via maildrop service)

[ 本帖最後由 marion 於 2008-7-30 11:21 編輯 ]
《解決方案》

接下來安裝反病毒和反垃圾郵件的相關組件clamav、amavisd和SpamAssassin

ClamAV是一個unix系統平台上的開源反病毒工具,它是特地為在郵件網關上進行郵件掃描而設計的。整套軟體提供了許多的實用工具,包括一個可伸縮和可升級的多線程守護進程、一個命令行掃描工具和病毒庫自動升級工具。

SpamAssassin 是目前最好的、最流行的開源反垃圾郵件軟體之一。它是一個郵件過濾器,使用了多種反垃圾郵件技術,如:文本分析、貝葉斯過濾、DNS黑名單和分散式協同過濾資料庫等。

amavisd-new是一個連接MTA和內容檢測工具(諸如病毒掃描工具和SpamAssassin)的高性能介面程序,使用perl語言寫成。它一般通過SMTP、ESMTP或者LMTP和MTA進行通訊,當然也可以藉助於其它外部程序進行。同postfix(MTA)協同工作時表現尤佳。當它呼叫SpamAssassin進行內容過濾時,對於一封郵件只需要呼叫一次,而不管這封郵件將發往多少個收件人;同時,它亦會儘力保證實現每一位收件人的偏好設置,如接收/拒絕,檢測/不檢測,垃圾郵件級別等;它還會在郵件頭部分插入spam相關信息。

十五、安裝clamav-0.91.2

最新的clamav-0.91.2需要zlib-1.2.2以上的版本的支持,而RHEL4上的版本為zlib-1.2.1,因此您需要先升級zlib

1、安裝zlib-1.2.3

#tar zvxf zlib-1.2.3.tar.gz
#cd zlib-1.2.3
#./configure --prefix=/usr --shared
#make
#make test

2、安裝clamav-0.91.2

添加ClamAV運行所需的組和用戶:
#groupadd clamav
#useradd -g clamav -s /sbin/nologin -M clamav

添加配合amavisd-new使用的用戶amavis
#groupadd amavis
#useradd -g amavis -s /sbin/nologin -M amavis

#tar zxvf clamav-0.91.2.tar.gz
#cd clamav-0.91.2
#./configure --prefix=/usr/local/clamav --with-dbdir=/usr/local/clamav/share --sysconfdir=/etc/clamav
#make
#make check
#make install

3、配置Clam AntiVirus:

編輯主配置文件:
#vi /etc/clamav/clamd.conf

註釋掉第八行的Example,如下:
# Example

找到如下行
#LogFile /tmp/clamd.log
#PidFile /var/run/clamd.pid
LocalSocket /tmp/clamd.socket
#DatabaseDirectory /var/lib/clamav
#User clamav
修改為:
LogFile /var/log/clamav/clamd.log
PidFile /var/run/clamav/clamd.pid
LocalSocket /var/run/clamav/clamd.socket
DatabaseDirectory /usr/local/clamav/share
User amavis

啟用以下選項
LogSyslog yes
LogFacility LOG_MAIL
LogVerbose yes
StreamMaxLength 20M  (後面的數值應該與郵件伺服器允許的最大附件值相一致)


編輯更新進程的配置文件
#vi /etc/clamav/freshclam.conf

註釋掉Example,如下:
# Example

找到如下行
#DatabaseDirectory /var/lib/clamav
#UpdateLogFile /var/log/freshclam.log
PidFile /var/run/freshclam.pid
分別修改為:
DatabaseDirectory /usr/local/clamav/share
UpdateLogFile /var/log/clamav/freshclam.log
PidFile /var/run/clamav/freshclam.pid

啟用以下選項:
DatabaseMirror db.XY.clamav.net  (這裡也可以把XY改成您的國家代碼來實現,比如,我們用cn來代替)
LogSyslog yes
LogFacility LOG_MAIL
LogVerbose yes

4、建立日誌所在的目錄、進程與socket所在的目錄,並讓它屬於clamav用戶:

# mkdir -v /var/log/clamav
# chown -R amavis.amavis /var/log/clamav
# mkdir -v /var/run/clamav
# chmod 700 /var/run/clamav
# chown -R amavis.amavis /var/run/clamav

建立freshlog的日誌文件
#touch  /var/log/clamav/freshclam.log
#chown  clamav.clamav  /var/log/clamav/freshclam.log

5、配置crontab,讓Clam AntiVirus每小時檢測一次新的病毒庫:

# crontab -e
添加:
37 * * * * /usr/local/clamav/bin/freshclam

6、配置庫文件搜索路徑:

# echo 「/usr/local/clamav/lib」 >> /etc/ls.so.conf
# ldconfig -v

7、配置clamav開機自動啟動

# cp contrib/init/RedHat/clamd  /etc/rc.d/init.d/clamd
# cp contrib/init/RedHat/clamav-milter  /etc/rc.d/init.d/clamav-milter
# chkconfig --add clamd
# chkconfig --add clamav-milter
# chkconfig --level 2345 clamd on
# chkconfig --level 2345 clamav-milter on

編輯/etc/rc.d/init.d/clamd,將服務進程的路徑指向剛才的安裝目錄
#vi /etc/rc.d/init.d/clamd
找到如下行
progdir="/usr/local/sbin"
修改為:
progdir="/usr/local/clamav/sbin"

啟動clamd
#service clamd start

十六、安裝Spamassassin-3.2.3    (2007.9.19新增)

1、依賴關係的解決,安裝Spamassassin需要很多perl模塊的支持,以下是所需模塊列表及安裝方法;

必須的軟體包:
Digest::SHA1
HTML::Parser
Net::DNS
LWP (aka libwww-perl)
HTTP::Date
IO::Zlib
Archive::Tar

可選的軟體包,其中有些後面的amavisd也有可能會用到:
MIME::Base64
DB_File
Net::SMTP
Mail::SPF
IP::Country::Fast
Net::Ident
IO::Socket::INET6
IO::Socket::SSL
Compress::Zlib
Time::HiRes
Mail::DKIM
Mail::DomainKeys
DBI *and* DBD driver/modules
Encode::Detect
Apache::Test
Razor2

推薦使用CPAN自動安裝(你的主機要能連上Internet),它能夠自動下載安裝,並能解決安裝過程中的依賴關係。您可以使用類同的以下的命令來進行安裝:
#perl -MCPAN -e shell
cpan> install Digest::SHA1
………………

如果您的主機無法直接連接到Internet,您也可以到http://search.cpan.org上搜索下載所需要的軟體包,而後使用類同的下列命令安裝:

#tar zxvf 軟體包.tar.gz
#cd 軟體包
#perl Makefile.PL
#make
#make test
#make install
說明:某些軟體包安裝的過程中可能需要已經列出的其它軟體包的支持(可以先嘗試安裝Spamassassin,然後按提示補充所需軟體包),請安照提示自行調整安裝順序。另外,其中有個軟體包安裝過程中可能要求聲明環境變數LC_ALL,此時,可輸入如下命令,並重新進行軟體包的編譯安裝即可。
#export LC_ALL=C

2、安裝Spamassassin-3.2.3

#tar jxvf Mail-SpamAssassin-3.2.3.tar.bz2
#cd Mail-SpamAssassin-3.2.3
#perl Makefile.PL
#make
#make check
#make istall

3、編輯主配置文件/etc/mail/spamassassin/local.cf

required_hits 10.0
rewrite_subject 1
required_score 5.0
rewrite_header Subject *****SPAM*****
report_safe     1
use_bayes       1
bayes_auto_learn        1
skip_rbl_checks         1
use_razor2      0
use_pyzor       0
ok_locales      all


4、測試spamassassin

#spamassassin -t < sample-nonspam.txt > nonspam.out
#spamassassin -t < sample-spam.txt > spam.out

查看測試結果:

#less nonspam.out
#less spam.out

5、檢查配置文件

#spamassassin -d --lint

6、啟動進程,並將其加入到自動啟動隊列

#/usr/bin/spamd -d
#echo "/usr/bin/spamd -d" >> /etc/rc.local

十七、安裝amavisd-new-2.5.2

1、依賴關係的解決

以下為官方聲明所必須的軟體包列表,你可以採用類同安裝Spamassassin一節中的perl模塊的安裝方法進行安裝

Archive::Zip   (Archive-Zip-x.xx) (1.14 or later should be used!)
Compress::Zlib (Compress-Zlib-x.xx) (1.35 or later)
Convert::TNEF  (Convert-TNEF-x.xx)
Convert::UUlib (Convert-UUlib-x.xxx) (1.08 or later, stick to new versions!)
MIME::Base64   (MIME-Base64-x.xx)
MIME::Parser   (MIME-Tools-x.xxxx) (latest version from CPAN - currently 5.420)
Mail::Internet (MailTools-1.58 or later have workarounds for Perl 5.8.0 bugs)
Net::Server    (Net-Server-x.xx) (version 0.88 finally does setuid right)
Digest::MD5    (Digest-MD5-x.xx) (2.22 or later)
IO::Stringy    (IO-stringy-x.xxx)
Time::HiRes    (Time-HiRes-x.xx) (use 1.49 or later, older can cause problems)
Unix::Syslog   (Unix-Syslog-x.xxx)
BerkeleyDB     with bdb library 3.2 or later (4.2 or later preferred)

2、安裝amavisd-new-2.5.2

創建運行時目錄,並賦予amavis用戶(前文中所建)
# mkdir -pv /var/amavis/{tmp,var,db,home}
# chown -R amavis:amavis /var/amavis
#chmod -R 750 /var/amavis

#tar zxvf amavisd-new-2.5.2.tar.gz
#cd amavisd-new-2.5.2

拷貝服務端至$PATH中指定的目錄,推薦拷貝至/usr/local/sbin:
#cp amavisd /usr/local/sbin/
#chown root /usr/local/sbin/amavisd
#chmod 755  /usr/local/sbin/amavisd

拷貝主配置文件至/etc,並修改相應的許可權:
#cp amavisd.conf /etc
# chown root:amavis /etc/amavisd.conf
# chmod 640 /etc/amavisd.conf

創建amavisd運行中所需要的隔離區域:
# mkdir -v /var/virusmails
# chown amavis:amavis /var/virusmails/
# chmod 750 /var/virusmails/

3、編輯主配置文件
#vi /etc/amavisd.conf

確保您的如下選項的值如下文所示:
$daemon_user  = 'amavis';
$daemon_group = 'amavis';
$mydomain = 'benet.org'; (此處可更改為您集體的域)

$virus_admin               = "postmaster\@$mydomain";  
$mailfrom_notify_admin     = "postmaster\@$mydomain";  
$mailfrom_notify_recip     = "postmaster\@$mydomain";  
$mailfrom_notify_spamadmin = "postmaster\@$mydomain";
$mailfrom_to_quarantine = '';

virus_admin_maps => ["postmaster\@$mydomain"]    (指定報告病毒和垃圾郵件時發送系統郵件的用戶身份)
spam_admin_maps  => ["postmaster\@$mydomain"]

啟用ClamAV,(大概在第355行)去掉如下行前的註釋符:
#['ClamAV-clamd',
#     \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
#    qr/\bOK$/, qr/\bFOUND$/,
#      qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
#     ['Mail::ClamAV', \&ask_clamav, "*", , , qr/^INFECTED: (.+)/],

並將如上行中的/var/run/clamav/clamd修改為:/var/run/clamav/clamd.socket

4、測試啟動

#/usr/local/sbin/amavisd

您也可以按如下命令調試啟動
#/usr/local/sbin/amavisd debug


5、修改postfix的配置,讓它能調用amavisd,以實現病毒及垃圾郵件的過濾

#vi /etc/postfix/master.cf
在文末添加如下內容:

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
#
amavisfeed unix    -       -       n       -       2     smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20
#
127.0.0.1:10025 inet n    -       n       -       -     smtpd
    -o content_filter=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o smtpd_restriction_classes=
    -o mynetworks=127.0.0.0/8
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
    -o local_header_rewrite_clients=

說明:注意每行「-o」前的空格;


#vi /etc/postifx/main.cf
在文末添加如下行:
content_filter=amavisfeed::10024

4、讓postfix重新載入主配置文件,並查看啟動情況

# postfix reload && tail -f /var/log/maillog

5、查看amavisd是否在監聽10024埠,並測試服務啟動情況:

# telnet localhost 10024
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 ESMTP amavisd-new service ready
EHLO localhost
250-
250-VRFY
250-PIPELINING
250-SIZE
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 XFORWARD NAME ADDR PROTO HELO
Quit  
221 2.0.0 amavisd-new closing transmission channel
Connection closed by foreign host.

6、postfix重新載入配置文件后將授權並激活"127.0.0.1:10025"埠,一個正常的服務連接應該類同下面所示:

# telnet localhost 10025
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 Welcome to our mail.benet.org ESMTP,Warning: Version not Available
EHLO localhost
250-mail.benet.org
250-PIPELINING
250-SIZE 14336000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
QUIT
221 2.0.0 Bye
Connection closed by foreign host.

7、通過amavisd測試發信

]# telnet localhost 10024
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 ESMTP amavisd-new service ready
HELO localhost
250
MAIL FROM:<>
250 2.1.0 Sender <> OK
RCPT TO:<postmaster>
250 2.1.5 Recipient <postmaster> OK
DATA
354 End data with <CR><LF>.<CR><LF>
From:Anti-Virus tester
To: MailServer Admin
Subject:amavisd test!
amavisd test!!
.
250 2.0.0 Ok: queued as 263FC1A609
quit
221 2.0.0 amavisd-new closing transmission channel
Connection closed by foreign host.

接下來使用root用戶測試收信
# mail
Mail version 8.1 6/6/93.  Type ? for help.
"/var/spool/mail/root": 1 message 1 new
>N  1 Anti-Virus tester     Wed Sep 19 01:19  23/798   "amavisd test!"
& 1
Message 1:
From MAILER-DAEMON  Wed Sep 19 01:19:16 2007
X-Original-To: postmaster
Delivered-To: postmaster@benet.org
X-Quarantine-ID: <3gmvpc8RxPtn>
X-Virus-Scanned: amavisd-new at benet.org
X-Amavis-Alert: BAD HEADER, MIME error: error: unexpected end of header
From:Anti-Virus tester
To: MailServer Admin
Subject:amavisd test!
Date: Wed, 19 Sep 2007 01:19:15 +0800 (CST)

amavisd test!!
&

十八、測試使用反病毒及反垃圾模塊

1、病毒郵件發送測試

登錄extmail,發送帶有病毒附件的郵件(病毒樣本文件後文附有),查看發送情況:

# tail  -3  /var/log/clamav/clamd.log
Reading databases from /usr/local/clamav/share
Database correctly reloaded (148100 signatures)
/var/amavis/tmp/amavis-20070918T225935-28502/parts/p002: Trojan.Downloader.Delf-747 FOUN

#tail -15 /var/log/maillog
Sep 18 23:36:40 mail postfix/pickup: 8C1681A609: uid=1001 from=<marion@test.com>
Sep 18 23:36:40 mail postfix/cleanup: 8C1681A609: message-id=<20070918153640.8C1681A609@mail.benet.org>
Sep 18 23:36:40 mail postfix/qmgr: 8C1681A609: from=<marion@test.com>, size=83658, nrcpt=1 (queue active)
Sep 18 23:36:43 mail clamd: /var/amavis/tmp/amavis-20070918T225935-28502/parts/p002: Trojan.Downloader.Delf-747 FOUND
Sep 18 23:36:44 mail postfix/smtpd: connect from mail
Sep 18 23:36:44 mail postfix/smtpd: CDF9B1A602: client=mail
Sep 18 23:36:44 mail postfix/cleanup: CDF9B1A602: message-id=<VA7mnx1DHavOWC@mail.benet.org>
Sep 18 23:36:44 mail postfix/smtpd: disconnect from mail
Sep 18 23:36:44 mail postfix/qmgr: CDF9B1A602: from=<postmaster@benet.org>, size=2230, nrcpt=1 (queue active)
Sep 18 23:36:44 mail amavis: (28502-05) Blocked INFECTED (Trojan.Downloader.Delf-747), <marion@test.com> -> <marion@test.com>, quarantine: virus-7mnx1DHavOWC, Message-ID: <20070918153640.8C1681A609@mail.benet.org>, mail_id: 7mnx1DHavOWC, Hits: -, size: 83658, 4203 ms
Sep 18 23:36:45 mail postfix/smtp: 8C1681A609: to=<marion@test.com>, relay=127.0.0.1:10024, delay=4.7, delays=0.42/0.05/0.12/4.1, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=28502-05 - VIRUS: Trojan.Downloader.Delf-747)
Sep 18 23:36:45 mail postfix/qmgr: 8C1681A609: removed
Sep 18 23:36:45 mail postfix/local: CDF9B1A602: to=<root@benet.org>, orig_to=<postmaster@benet.org>, relay=local, delay=0.28, delays=0.12/0.09/0/0.07, dsn=2.0.0, status=sent (delivered to mailbox)
Sep 18 23:36:45 mail postfix/qmgr: CDF9B1A602: removed

說明:此附件中帶有特洛伊病毒,請不要作為危害別人之用,而對於您的操作不慎而給您帶來的後果,作者不負任何責任;病毒樣本如下:


2、垃圾郵件測試

登錄extmail,新建一封郵件,拷貝以下內容作為郵件正文,並查看發送情況:

This is the GTUBE, the
        Generic
        Test for
        Unsolicited
        Bulk
        Email

If your spam filter supports it, the GTUBE provides a test by which you
can verify that the filter is installed correctly and is detecting incoming
spam. You can send yourself a test mail containing the following string of
characters (in upper case and with no white spaces and line breaks):

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

查看發送結果:
#tail -15 /var/log/maillog
Sep 19 00:04:07 mail spamd: logger: removing stderr method
Sep 19 00:04:11 mail spamd: rules: meta test FM_DDDD_TIMES_2 has dependency 'FH_HOST_EQ_D_D_D_D' with a zero score
Sep 19 00:04:11 mail spamd: rules: meta test FM_SEX_HOSTDDDD has dependency 'FH_HOST_EQ_D_D_D_D' with a zero score
Sep 19 00:04:11 mail spamd: rules: meta test HS_PHARMA_1 has dependency 'HS_SUBJ_ONLINE_PHARMACEUTICAL' with a zero score
Sep 19 00:04:11 mail spamd: spamd: server started on port 783/tcp (running version 3.2.3)
Sep 19 00:04:12 mail spamd: spamd: server pid: 29062
Sep 19 00:04:12 mail spamd: spamd: server successfully spawned child process, pid 29064
Sep 19 00:04:12 mail spamd: spamd: server successfully spawned child process, pid 29065
Sep 19 00:04:12 mail spamd: prefork: child states: II
Sep 19 00:06:44 mail postfix/pickup: E37651A60E: uid=1001 from=<marion@test.com>
Sep 19 00:06:44 mail postfix/cleanup: E37651A60E: message-id=<20070918160643.E37651A60E@mail.benet.org>
Sep 19 00:06:45 mail postfix/qmgr: E37651A60E: from=<marion@test.com>, size=1041, nrcpt=1 (queue active)
Sep 19 00:07:01 mail amavis: (28502-06) Blocked SPAM, <marion@test.com> -> <marion@test.com>, quarantine: spam-7ui+Zpn7-M00.gz, Message-ID: <20070918160643.E37651A60E@mail.benet.org>, mail_id: 7ui+Zpn7-M00, Hits: 1004.576, size: 1040, 12805 ms
Sep 19 00:07:01 mail postfix/smtp: E37651A60E: to=<marion@test.com>, relay=127.0.0.1:10024, delay=18, delays=1.8/1.5/4.9/9.9, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=28502-06, DISCARD(bounce.suppressed))
Sep 19 00:07:01 mail postfix/qmgr: E37651A60E: removed

待續……

:好消息:在518、519、520、523、524樓,柳拂風朋友對本文做了大量擴充,建議朋友們參照!

在701、702樓,zenglingping朋友對本文做了不少的擴充,建議朋友們參照。

[ 本帖最後由 marion 於 2008-7-23 10:13 編輯 ]
《解決方案》

高人,非常感謝,真誠期待未完的部分!!!
《解決方案》

殺毒和防垃圾郵件的處理模塊正測試添加中……
《解決方案》

好  頂!!!
《解決方案》

嗯,是的,建議掛上Mcafee或者clamav 反垃圾郵件當然考慮用用hzq老大的spamlock啦
《解決方案》

頂起來
《解決方案》

嗯,KEXEN兄,請教hzqbbc的spamlock您是否在使用?效果想來應該不錯吧?
《解決方案》

以上的方法在CentOS5上面適用嗎?




[火星人 via ] RHEL4上安裝基於postfix的全功能郵件伺服器(全部使用目前最新源碼包構建)已經有345次圍觀

http://www.coctec.com/docs/service/show-post-12943.html