在CentOS5/RHEL5中安裝Qmail商業郵件系統(轉發)

火星人 @ 2014-03-04 , reply:0


在CentOS5/RHEL5中安裝Qmail商業郵件系統(轉發)

系統性能簡介
本文是筆者在業余時間學習和研究Qmail系統時所做的筆記, 全部資料均來自Google網上所搜索到公開資源(Open Source),本文所涉及的所有需下載安裝的資源,均為以GPL授權,而且可提供商業用途的免費軟體.本手冊遵守GPL協議,歡迎任何人士加入意見和修改.全文按功能分為十四節,因為太長所以分為多篇來發表.
===============================================================================
目錄指南
===============================================================================
第一節: 安裝前的準備;
第二節: 安裝Qmail的基本系統;
第三節: 安裝協助Qmail運作的工具套件;
第四節: 安裝vpopmail虛擬域名管理系統;
第五節: 安裝病毒郵件防護系統ClamAV;
第六節: 安裝垃圾郵件過濾系統SpamAssassin;
第七節: 設置Qmail的運行腳本;
第八節: 安裝Qmailadmin和修正Domain Quota;
第九節: 安裝Courier(authlib+imap+sqwebmail+maildrop)和配置SSL支持;
第十節: 安裝SquirrelMail;
第十一節: 安裝Horde-Webmail;
第十二節: 安裝掃描程序qmail-scanner;
第十三節: 配置POP3的SSL支持;
第十四節: 安裝Vqadmin管理工具;

==============================================================================
性能簡介:
===============================================================================
按照本安裝手冊部屬配置的Qmail郵件系統,將會是一個具備完整功能的商業郵件系統,能滿足大中小型企業的電子商務需求,也適合於專門提供電郵服務的ISP網路公司.它具備專業和商業電郵系統的所有標準功能,能保證向商業用戶提供安全,穩定和高效的電子商務.
1) 支持多虛擬域名的設置,每臺主機可支持數千乃至更多個虛擬域名;
2) 支持數據庫來儲存管理信息,用戶信息儲存在MySQL數據庫中(無需Linux系統賬號),增
強了安全性和靈活性;
3) 支持賬戶數目限額和郵箱空間限額:
- 每個域名可設置最大空間容量和郵箱數目,用戶可自行調整郵箱賬戶的空間大小;
- 用戶具有管理功能,包括增加和刪除帳號,設置別名,修改密碼以及分配和調整空間;
- 用戶可設置無限制數量的別名(包括轉發);
4) 支持POP3協議接收電郵,支持SSL安全連接,支持SMTP認證;
5) 支持多種Webmail界面管理和收發電郵;
6) 自動掃描進出網關的電郵信息(包括接收,發送和轉發),可以設置使用QHPSI來進行高性能掃描,能有效阻止病毒電郵和過濾垃圾郵件;

===============================================================================
系統管理方式
===============================================================================
啟動Qmail系統: qmailctl start
停止Qmail系統: qmailctl stop

Qmail系統預設的腳本命令集: /var/qmail/bin/
TCP Server 的服務目錄路徑: /service(鏈接/var/qmail/supervise/)

添加,刪除和管理電郵命令集: /home/vpopmail/bin/

一個查詢電郵域名的操作範例:
--------------------------------------------------------------------------------
cd /home/vpopmail/bin/;
./vdominfo test.com                #返回信息如下:
- - - - - - - - - - - - - - - - - - - - - - - - -
domain: test.com
uid:    809
gid:    809
dir:    /home/vpopmail/domains/test.com
users:  2
- - - - - - - - - - - - - - - - - - - - - - - - -

一個添加電郵域名的操作範例:
--------------------------------------------------------------------------------
cd /home/vpopmail/bin/;
./vadddomain test.com;
Please enter password for postmaster:
enter password again:
--------------------------------------------------------------------------------

一個添加電郵帳號的操作範例:
--------------------------------------------------------------------------------
cd /home/vpopmail/bin/;
/vadduser email@test.com
Please enter password for email@test.com:
enter password again:
--------------------------------------------------------------------------------

一個刪除電郵帳號的操作範例:
--------------------------------------------------------------------------------
cd /home/vpopmail/bin/;
./vdeluser email@test.com
--------------------------------------------------------------------------------
一個刪除電郵域名的操作範例:
--------------------------------------------------------------------------------
cd /home/vpopmail/bin/;
./vdeldomain test.com
--------------------------------------------------------------------------------

一個用來添加域名(支持限額)腳本(/home/vpopmail/bin/adddomain.pl)的使用範例:
--------------------------------------------------------------------------------
cd /home/vpopmail/bin/;
./adddomain-hung.pl;
Please input the new domain:test.com
Please enter password for postmaster:
enter password again:
domain testhung1.com has been create success
Please set the pop user quota for the domain:5
set quota success!
--------------------------------------------------------------------------------

電郵域名及此域下的電郵賬戶在這里: /home/vpopmail/domains/
新收郵件目錄: /home/vpopmail/domains/yourdomain/youremailaccount/.Mkdir/new/
已讀郵件目錄: /home/vpopmail/domains/yourdomain/youremailaccount/.Mkdir/cur/

================================================================================
用戶使用方法
================================================================================
超級用戶管理頁面: http://xxx.xxx.xxx.xxx/cgi-bin/qmailadmin
         請輸入 postmaster
          請輸入 yourdomain
             請輸入 postmasterpassword

普通用戶管理頁面: http://xxx.xxx.xxx.xxx/cgi-bin/qmailadmin
         請輸入 youremailaccount
          請輸入 yourdomain
             請輸入 yourpassword

用戶網頁電郵: http://xxx.xxx.xxx.xxx/cgi-bin/sqwebmail
              請輸入 youremail@yourdomain
             請輸入 yourpassword

用戶網頁電郵: http://xxx.xxx.xxx.xxx/squirrelmail/
帳號:                  youremail@yourdomain
密碼:           yourpassword

用戶網頁電郵: http://xxx.xxx.xxx.xxx/horde/
使用者名稱:           youremail@yourdomain
密碼      :           yourpassword

POP3客戶端設置:
主機名稱:   xxx.xxx.xxx.xxx
帳戶名稱:   youremailaccount@yourdomain
郵箱密碼:   yourpassword
第一節:安裝前的準備
檢查Linux系統,調整適合Qmail系統運行的環境,配置用戶,組許可權和相關目錄;
--------------------------------------------------------------------------------
1) 檢查系統的C編譯環境;
--------------------------------------------------------------------------------
因為Qmail源代碼的安裝配置檔中使用了名稱為"cc"的C編譯器, 所以, 如果你的系統中沒有
相應的名為"cc"的編譯命令, 那麼就必須修改安裝配置檔conf-cc和conf-ld, 確保安裝程序
能找到適合的C編譯器.
在Linux的命令提示行下, 敲入 cc 然後回車:
cc: no input files (注: 這是C編譯器返回的反應信息)
如果您得到上面類似"no input files"的反應,這表明在您系統的預設搜索訪問路徑上有一個
適合於本安裝的,的用的C編譯器.如果沒有類似反應,請繼續測試執行如下的C編譯命令:
/usr/bin/cc;
/usr/bin/gcc;
/usr/local/bin/cc;
/usr/local/bin/gcc;
/usr/ccs/bin/cc;
如果上面的測試命令沒有一個能起作用,請參考您的系統平台之相關說明文檔,確認您的系統中
有可用的C編譯器及其正確的路徑; 例如對於Red Hat Linux,可用如下RPM命令來查詢:
rpm -qa | grep gcc;
rpm -qa | grep egcs;
如果上面的測試命令有任何一個能起作用,說明你的系統中有可用的C編譯器,但因為路徑或名稱
不符合本安裝的要求,因此在安裝Qmail之前,需要修正Qmail的安裝資源中關於C編譯器的設置檔.
在Qmail的源程序中,關於C編譯環境的配置參數包含在名為conf-cc和conf-ld的兩個文件中. 若
要修改配置檔conf-cc和conf-ld,請用編輯器打開conf-cc和conf-ld文件, 然後置換文件中所有
的 "cc" 為適合您系統中的C編譯器名稱即可(通常是在第一行).例如, 如果你的系統中可用的C編譯器名為"gcc", 或者是必須帶路徑訪問的"/usr/bin/gcc",那麼就請編輯conf-cc和conf-ld兩個文件(這兩個文件在qmail-1.03的資源當中,後面將要介紹如何下載這些資源), 將文件中的"cc"改為"gcc" 或者"/usr/bin/gcc".
請注意: RedHat系統雖然使用gcc,但通常會有一個名為/usr/bin/cc的連接,並指向/usr/bin/gcc,
這種情況下就不用修改配置檔了. (由此亦可見,有另一個比修改配置檔更簡單的方法,就是建立一個名為 cc 的連接,指向您系統中可用的C編譯器即可).

--------------------------------------------------------------------------------
2) 檢查系統所需的必要組件(apache+php+mysql和named);
--------------------------------------------------------------------------------
#檢查系統組件:
rpm –qa | grep httpd;
rpm –qa | grep php;
rpm –qa | grep mysqld;
rpm –qa | grep bind; (這是檢查named, RedHat的Name Server預設是Bind)
請注意: 系統組件對保障Qmail郵件系統的高效運行至關重要,Qmail的各種特性,包括穩定性
和安全性都依賴於這些組件與Linxu操作系統的整合程度,如果尚未安裝系統組件,建議重新
安裝Linux操作系統,讓操作系統的安裝程序自動安裝和調整這些系統組件,以達至最佳性能.

--------------------------------------------------------------------------------
3) 保證系統能自動啟動如下三個組件(在項目前加入*號);
--------------------------------------------------------------------------------
setup; ->System Service;
*  httpd
*  mysqld
*  named
#手工啟動相關服務的命令
service httpd start; 或者 service httpd restart;
service mysqld start; 或者 service mysqld restart;
service named start; 或者 service named restart;

--------------------------------------------------------------------------------
4) 關閉SELINUX;
--------------------------------------------------------------------------------
vi /etc/sysconfig/selinux;
#如果看到有此行: SELINUX=enforcing
#請改成如下: SELINUX=disabled
#SELINUX如有改動,必須保存並重新啟動Linux: reboot
請注意: 本系統要求關閉SELinux,並非是因為SELinux不支持Qmail系列郵件系統,而是因為在
SELinux下配置完整功能的商業郵件服務相當麻煩.您如果有需要在郵件伺服器中啟用SELinux,
請參考下列網站:
官方網站: http://www.nsa.gov/selinux/
維基台灣: http://zh.wikipedia.org/wiki/SELinux
維基英文: http://en.wikipedia.org/wiki/SELinux
IBM DW : http://www.ibm.com/developerworks/cn/linux/s-selinux/index.html

--------------------------------------------------------------------------------
5) 如果RedHat系統安裝了預設的套件sendmail或postfix,請先刪除它們;
--------------------------------------------------------------------------------
rpm -e --nodeps sendmail;
rpm -e --nodeps postfix;
rpm -e --nodeps sendmail-cf;
刪除sendmail的時候,也許會看到如下的警告信息(RPM刪除套件前會備份相關的設置檔):
warning: /var/log/mail/statistics saved as /var/log/mail/statistics.rpmsave
warning: /etc/mail/submit.cf saved as /etc/mail/submit.cf.rpmsave
說明: 上述套件其實無需刪除,但為保證Qmail系統的穩定運行,必須確認已經停止其服務,或
更改相應的服務埠,以及調整默認的鏈接.

--------------------------------------------------------------------------------
6) 為了避免已經存在的文件導致相關命令不能正確運行,請先刪除以下目錄;
--------------------------------------------------------------------------------
rm -rf /var/qmail;
rm -rf /var/log/qmail;
rm -rf /service;
請注意: 這裡假設以上目錄在您的系統中並未使用,如果在您的系統已經有其他程序應用了
上述目錄,請謹慎考慮刪除這些目錄可那能引起的後果;

--------------------------------------------------------------------------------
7) 需要預先檢查的用戶和組;
--------------------------------------------------------------------------------
運行Qmail系統需要在Linux系統中添加兩個新組和7個新用戶,在Qmail的源程序中有一個名為
INSTALL.ids的文件,此文件包含了介紹如何在各種系統中添加用戶和組的命令.如下是此文件
中開頭部分所介紹的,在Solaris,Linux和FreeBSD中添加用戶和組的命令:
vi INSTALL.ids;
On some systems there are commands that make this easy. Solaris and
Linux:
   # groupadd nofiles
   # useradd -g nofiles -d /var/qmail/alias alias
   # useradd -g nofiles -d /var/qmail qmaild
   # useradd -g nofiles -d /var/qmail qmaill
   # useradd -g nofiles -d /var/qmail qmailp
   # groupadd qmail
   # useradd -g qmail -d /var/qmail qmailq
   # useradd -g qmail -d /var/qmail qmailr
   # useradd -g qmail -d /var/qmail qmails

FreeBSD 2.2:
   # pw groupadd nofiles
   # pw useradd alias -g nofiles -d /var/qmail/alias -s /nonexistent
   # pw useradd qmaild -g nofiles -d /var/qmail -s /nonexistent
   # pw useradd qmaill -g nofiles -d /var/qmail -s /nonexistent
   # pw useradd qmailp -g nofiles -d /var/qmail -s /nonexistent
   # pw groupadd qmail
   # pw useradd qmailq -g qmail -d /var/qmail -s /nonexistent
   # pw useradd qmailr -g qmail -d /var/qmail -s /nonexistent
   # pw useradd qmails -g qmail -d /var/qmail -s /nonexistent
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

在本安裝手冊中所配置的Qmail系統的運行用戶和組,與上述方式產生的用戶和組稍有不同,因為我們指定了這些組和用戶的GID和UID. 採用固定的用戶ID來運行Qmail系統的目的,是為了方便系統后續的升級和遷移等維護工作,這對於需要眾多郵件主機,以及經常需要在各主機之間遷移郵箱用戶的系統,是值得採用的方式.如下是本安裝手冊中將會使用的GID和UID:
GID: 801, 802
UID: 800,801,802.803,804,805,806
Linux系統使用GID和UID來識別用戶身份,如果/etc/passwd檔中出現兩個以上重複ID,那麼只有最後一個ID才會是有效用戶. 所以,如果您的系統中已經存在這些GID或UID的話,那麼安裝過程就可能無法正確產生相關的目錄和文件,Qmail系統可能會因此而失敗.因此,建議您在執行安裝之前, 首先檢查一下您當前的系統中的用戶和組, 是否已經有別的用戶和組正在使用上述GID和UID. 如果發現系統已經存在上述GID和UID, 那麼就要首先修改這些ID數值,以免產生重複ID. 為了保持系統一致性,連續性和易遷移性, 建議您針對你的系統的特性,選擇一個並不常用的UID和GID來安裝Qmail.盡量採用統一UID和GID來安裝您的所有Qmail系統,可以避免系統在後續的維護工作中修改系統的GID和UID.

--------------------------------------------------------------------------------
參考資料: 如要修改操作系統現有用戶的GID和UID,請參照如下方法:
--------------------------------------------------------------------------------
vi /etc/passwd;
請記住您要修改的相關ID和其對應的用戶名,改完GID和UID后,記得要修改系統中所有此用戶
的文件和目綠,可參照如下的FIND命令來達到目的:
find / -uid –exec chown {} \;
find / -gid –exec chown {} \;
上述和為舊用戶的ID數值,而和則是此ID相對應的用戶名,例如,若
用戶htt原先的UID和GID為801,那麼:
find / -uid 801 -exec chown htt {} \; (查找UID為101的文件和目錄,改為用戶htt的新UID;)
find / -gid 801 -exec chown .htt {} \; (查找GID為101的文件和目錄,改為組htt的新GID;)  

--------------------------------------------------------------------------------
8) 建立Qmail系統的運行目錄,設置系統的用戶和組以及相關許可權;
--------------------------------------------------------------------------------
#逐步執行如下系列命令,產生運行Qmail系統所需的用戶,組和相關目錄:
groupadd -g 801 qmail;
groupadd -g 802 nofiles;
mkdir -p /var/qmail; (這是qmail運行程序的目錄)
chown root.qmail /var/qmail;
useradd -g nofiles -d /var/qmail/alias -s /sbin/nologin -p'*' -u 800 alias;
useradd -g nofiles -d /var/qmail -M -s /sbin/nologin -p'*' -u 801 qmaild;
useradd -g nofiles -d /var/qmail -M -s /sbin/nologin -p'*' -u 802 qmaill;
useradd -g nofiles -d /var/qmail -M -s /sbin/nologin -p'*' -u 803 qmailp;
useradd -g qmail -d /var/qmail -M -s /sbin/nologin -p'*' -u 804 qmailq;
useradd -g qmail -d /var/qmail -M -s /sbin/nologin -p'*' -u 805 qmailr;
useradd -g qmail -d /var/qmail -M -s /sbin/nologin -p'*' -u 806 qmails;
mkdir /var/log/qmail;
mkdir /var/log/qmail/qmail-send;
mkdir /var/log/qmail/qmail-smtpd;
mkdir /var/log/qmail/qmail-pop3d;
chown -R qmaill:root /var/log/qmail;
chmod -R 750 /var/log/qmail;
mkdir /var/qmail/supervise;
mkdir -p /var/qmail/supervise/qmail-smtpd/log;
mkdir -p /var/qmail/supervise/qmail-send/log;
mkdir -p /var/qmail/supervise/qmail-pop3d/log;
chmod +t /var/qmail/supervise/qmail-smtpd;
chmod +t /var/qmail/supervise/qmail-send;
chmod +t /var/qmail/supervise/qmail-pop3d;

--------------------------------------------------------------------------------
附錄: 為了方便安裝,可以建立一個名為qmail-adduser.sh的腳本程序:
--------------------------------------------------------------------------------
#!/bin/sh
PATH=/usr/local/bin:/usr/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/sbin
#An automation script to start the installation of qmail, ucspi-tcp and daemontools
#Specially formulated for Redhat, Fedora, RHEL and Whitebox Linux.
echo "Creating initial qmail directories..."
echo
sleep 2
groupadd -g 801 qmail
groupadd -g 802 nofiles
mkdir -p /var/qmail
chown root.qmail /var/qmail;
echo "Done!"
echo
sleep 2
echo "Creating all needed users and groups..."
echo
sleep 2

#######
#Script to add users and groups for Redhat, Fedora, RHEL and Whitebox type distros
useradd -g nofiles -d /var/qmail/alias -s /sbin/nologin -p'*' -u 800 alias
useradd -g nofiles -d /var/qmail -s /sbin/nologin -p'*' -u 801 qmaild
useradd -g nofiles -d /var/qmail -s /sbin/nologin -p'*' -u 802 qmaill
useradd -g nofiles -d /var/qmail -s /sbin/nologin -p'*' -u 803 qmailp
useradd -g qmail -d /var/qmail -s /sbin/nologin -p'*' -u 804 qmailq
useradd -g qmail -d /var/qmail -s /sbin/nologin -p'*' -u 805 qmailr
useradd -g qmail -d /var/qmail -s /sbin/nologin -p'*' -u 806 qmails

#######
echo "Done!"
echo
sleep 2
echo "Next, we setup special logging directories..."
echo
sleep 2
mkdir /var/log/qmail;
mkdir /var/log/qmail/qmail-send;
mkdir /var/log/qmail/qmail-smtpd;
mkdir /var/log/qmail/qmail-pop3d;
mkdir /var/log/qmail/qmail-pop3ds;
chown -R qmaill:root /var/log/qmail;
chmod -R 750 /var/log/qmail;
echo "Done!"
echo
sleep 2
echo "And set up the supervise script directories..."
echo
sleep 2
mkdir /var/qmail/supervise;
mkdir -p /var/qmail/supervise/qmail-smtpd/log;
mkdir -p /var/qmail/supervise/qmail-send/log;
mkdir -p /var/qmail/supervise/qmail-pop3d/log;
mkdir -p /var/qmail/supervise/qmail-pop3ds/log;
chmod +t /var/qmail/supervise/qmail-smtpd;
chmod +t /var/qmail/supervise/qmail-send;
chmod +t /var/qmail/supervise/qmail-pop3d;
chmod +t /var/qmail/supervise/qmail-pop3ds;
echo "All steps completed!"
echo
sleep 2
《解決方案》

第二節:安裝Qmail的基本系統
================================================================================
1) 下載Qmail主程序(請選擇a或者b方式):
================================================================================

--------------------------------------------------------------------------------
(a) 下載qmail-1.03資源;
--------------------------------------------------------------------------------
參考網址: http://www.qmail.org/top.html
請注意: 本安裝不採用下面(b)方式中附帶修補漏洞的netqmail, 因為本安裝將要採用一個流行的Qmail擴展組件spamcontrol,此組件已經修補了相關漏洞和做了大量改進, 但它並不兼容netqmail,所以本安裝必須採用原始版本qmail-1.03.tar.gz.(也就是說,本安裝後面的步驟是沿續此步驟的a方式的資源)

cd /usr/local/src/qmail/;
wget http://cr.yp.to/software/qmail-1.03.tar.gz;
tar zxvf qmail-1.03.tar.gz;
cd /usr/local/src/qmail/qmail-1.03/;
先做個備份,因為後面部分補丁的安裝不兼容spamcontrol,而需此原始資源:
cp -p Makefile Makefile.org;
cp -p qmail-smtpd.c qmail-smtpd.c.org;

--------------------------------------------------------------------------------
(b) 下載官方推薦的netqmail-1.05;
--------------------------------------------------------------------------------
如果您不需要安裝Spamcontrol,那麼建議下載含有官方推薦補丁的netqmail-1.05.tar.gz,此
下載檔亦在官方網站發布,不僅包含上述qmail-1.03.tar.gz源代碼, 還有qmail本身以及相關
套件的重要補丁,這些補丁修正了一些漏洞,不足和兼容性問題(但可能不適合於某些操作系統
平台);
參考網址: http://www.qmail.org/netqmail/
cd /usr/local/src/qmail/;
wget http://qmail.org/netqmail-1.05.tar.gz;
tar -zxvf netqmail-1.05.tar.gz;
cd netqmail-1.05; (此目錄含有qmail的源代碼和補丁,請參考README說明執行修補步驟)
./collate.sh; (自動解壓並打上補丁,產生一個netqmail-1.05目錄,請注意是否有錯誤信息)
vi ./collate.sh;        (看看collate.sh這個腳本作了些什麼)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#!/bin/sh
set -e
echo ""
echo "You should see 7 lines of text below.  If you see anything"
echo "else, then something might be wrong."
echo " Extracting qmail-1.03... "
gunzip -c qmail-1.03.tar.gz | tar xf -
cd qmail-1.03
echo " Patching qmail-1.03 into netqmail-1.05.  Look for errors below:"
patch <../netqmail-1.05.patch | wc -l
echo " The previous line should say 24 if you used GNU patch."
echo " Renaming qmail-1.03 to netqmail-1.05..."
cd ..
mv qmail-1.03 netqmail-1.05
set +e

if [ `find ./netqmail-1.05/ -type f | grep -v '.orig$' | xargs cat | wc -c` -ne 815871 ] ; then
  echo "Patch didn't apply successfully."
  exit 1
fi
echo " Continue installing qmail using the instructions found at:"
echo " http://www.lifewithqmail.org/lwq.html#installation"
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
請注意: 腳本collate.sh是修補qmail-1.03本身的補丁程序,netqmail-1.05還包含幾個相關
套件的補丁程序, 放在other-patches目錄下面, 如果這些套件是採用源代碼方式安裝的,請
參考README說明執行修補步驟.但如果後續步驟採用RPM方式安裝相關套件,而RPM套件若已經
修補了相關漏洞,則不必再進行修補.

================================================================================
2) 下載spamcontrol:
================================================================================
參考網址: http://www.fehcom.de/qmail/spamcontrol.html
mkdir -p /usr/local/src/qmail/spamcontrol;
cd /usr/local/src/qmail/spamcontrol/;
wget http://www.fehcom.de/qmail/spamcontrol/spamcontrol-2418_tgz.bin;
下載關鍵性的相關補丁:
wget http://www.fehcom.de/qmail/spamc ... .90.1_output.patch_
wget http://www.fehcom.de/qmail/spamc ... ucspitls-0.4.patch_
wget http://www.fehcom.de//qmail/spamcontrol/badmimetypes
wget http://www.fehcom.de//qmail/spamcontrol/badloadertypes
解壓spamcontrol-2418_tgz.bin會將資源文件釋放在當前操作目錄下,因此請先進入qmail的安裝目錄:
cd /usr/local/src/qmail/qmail-1.03;
tar -xzf ../spamcontrol/spamcontrol-2418_tgz.bin;
注意: 一定要在qmail安裝目錄下釋放資源,才能保證更新相關文件.複製四個補丁,雖然本安裝中下列補丁未必完全需要,但為了保持最新資源的完整性和一致性,請一併複製,以方便未來的維護調整和性能擴展:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/bin/cp -fp ../spamcontrol/badloadertypes ./
/bin/cp -fp ../spamcontrol/badmimetypes ./
/bin/cp -fp ../spamcontrol/clamav-0.90.1_output.patch_ ./
/bin/cp -fp ../spamcontrol/ucspi-ssl-0.70_ucspitls-0.4.patch_ ./
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

vi conf-spamcontrol;         (修改spamcontrol的配置文檔,此處需要添加多行選項)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Configuration for SPAMCONTROL (no tabs allowed)
#
# Additional RELAYING
#
relaymailfrom=no # might be dangerous - use SMTP Auth
#
# Additional CONTROLLING
#
quitasap=no # close SMTP session in case of a filter condition (violates SMTP RFC)
reqbrackets=yes # qmail-smtpd requires brackets "<address>" in SMTP addresses
verp=yes # allow VERP addresses for RECIPIENTS
recipients550=no # in case of none-existing RECIPIENTS get a direct 550 reply instead a deferred bounce (via 450)
#
# SMTP AUTHENTICATION
#
authcram=no # additional CRAM-MD5 support; needs a CRAM-MD5 supporting PAM (ie. cmd5checkpw)
#
# LOADSHARING enhancements
#
moreipme=no # Scott Gifford's additional control files moreipme and notipme
#
# PERFORMCANCE enhancements
#
bigtodo=no # Bruce Guenter's BigToDo patch - consider raising conf-split in the first place

locals=yes
queue_extra=yes
tarpitting=yes
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
說明:
tarpitting        開啟TARPIT補丁,統計RCPT數目並按設置阻止或者延遲SMTP連線
./install_spamcontrol.sh;        (運行安裝spamcontrol的安裝腳本)
--------------------------------------------------------------------------------
《解決方案》

3) 安裝qmail-monitor監控電郵(可用做監控功能,如不需要監控收發電郵,可忽略此步驟)
===============================================================================
請注意: 監控進出電郵的原理是將所有SMTP連線復制一份,因此這將是非常消耗系統資源的設置.除非您確實需要此監控功能,而且您完全了解此監控原理,否則建議您暫時不要安裝此監控功能. 如果您是Qmail系統的初學者,或者您只需要構建一個標準的商業郵件系統,那麼您可以忽略此安裝步驟.
參考網址: http://sourceforge.net/projects/qmail-monitor/
cd /usr/local/src/qmail/;
wget http://nchc.dl.sourceforge.net/s ... monitor-0.99.tar.gz
tar zxvf qmail-monitor-0.99.tar.gz
請注意: qmail-monitor-0.99同qmail的其他patch不兼容而無法安裝,必須手工修正.
cd /usr/local/src/qmail/qmail-1.03/
mv Makefile Makefile.spam
mv qmail-smtpd.c qmail-smtpd.c.spam
cp -p Makefile.org Makefile
cp -p qmail-smtpd.c.org qmail-smtpd.c
cd /usr/local/src/qmail/qmail-monitor-0.99
make install QMAIL_SRC=../qmail-1.03
檢查安裝是否完整:
ll ../qmail-1.03/monitor.*;        (如安裝正確,應返回如下內容)
-------------------------------------------------------------------------------
-rw-r--r-- 1 root root 100818 Jun 20 06:22 ../qmail-1.03/monitor.a
-rw-r--r-- 1 root root    472 Jun 20 06:22 ../qmail-1.03/monitor.h
-------------------------------------------------------------------------------
否則就要手工復制此兩個文件:
cp monitor.a monitor.h ../qmail-1.03/;
請注意,編譯時候若出現如下警告,按開發者提示所述,可以忽視此警告信息:
control.l:100: warning: passing argument 3 of &acirc;
《解決方案》

5) 調整qmail同一時間可處理queue數量的最大值:
================================================================================
當本Qmail系統安裝完成之後,您將會在/var/qmail/control/目錄下發現兩個配置文檔,可以
用來控制qmail同時處理queue的數量,此兩個文檔如下所示:

cat /var/qmail/control/concurrencyincoming;      #指示tcpserver可同時處理的連線數量
cat /var/qmail/control/concurrencyremote;        #指示qmail-remote可同時處理的線程數量
您可以通過調整上述數值,然後重新啟動qmail(或qmail-send), 來指示qmail在同一時間可以處理多少的郵件,以防止系統過載而崩潰。請注意: 如果您的Linux系統對資源的使用設置了限制措施,那麼就必須確認相關的限制是否能支持上述設置數值.例如,請確認你已經把``descriptors''或``openfiles''的資源限制設成並列數量(concurrency)的兩倍加5;``maxproc''的資源限制(假如你的系統有這項設定的
話)設成並列數量(concurrency)的兩倍加4。否則每當郵件突然增多時,qmail將會不必要地延遲寄遞。
qmail有一個在編譯時設定的並行處理能力的限制,預設值為120。此設置由qmail的資源目錄
下名為conf-spawn的文件控制,你可在編譯時修改conf-spawn文件中的數值。
vi /usr/local/src/qmail/qmail-1.03/conf-spawn;        #如下為conf-spawn的預設內容:
--------------------------------------------------------------------------------
120
This is a silent concurrency limit. You can't set it above 255. On some
systems you can't set it above 125. qmail will refuse to compile if the
limit is too high.
-------------------------------------------------------------------------------
如上所述,修改此數值一樣要考慮系統限制,可用如下方法查看當前Linux系統的資源配置項目:
ulimit -a -H;
-------------------------------------------------------------------------------
core file size          (blocks, -c) unlimited
data seg size           (kbytes, -d) unlimited
file size               (blocks, -f) unlimited
pending signals                 (-i) 1024
max locked memory       (kbytes, -l) 32
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
stack size              (kbytes, -s) unlimited
cpu time               (seconds, -t) unlimited
max user processes              (-u) 7679
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
-------------------------------------------------------------------------------
如上所示,open files限制為最大1024,說明在Linux系統下,conf-spawn可以調整為Qmail所能支持的最大極限255;當然也可以修改系統設置,例如增大"open files"的限制. 在此例中,"open files"是Linux
操作系統對一個進程打開的文件句柄數量的限制(也包含打開的SOCKET數量,可影響MySQL的並發連接數目).這個值可用ulimit命令來修改,但ulimit命令修改的數值只對當前登錄用戶的目前使用環境有效,系統重啟或者用戶退出後就會失效.若要令修改數值永久生效,則必須修改如下配置文檔:
vi /etc/security/limits.conf;        #例如修改相應用戶的最大文件句柄數量為16384
-------------------------------------------------------------------------------
root hard nofile 16384
root soft nofile 16384
amanda hard nofile 16384
amanda soft nofile 16384
apache hard nofile 16384
apache soft nofile 16384
qmail hard nofile 16384
qmail soft nofile 16384
vpopmail hard nofile 16384
vpopmail soft nofile 16384
mysql hard nofile 16384
mysql soft nofile 16384
-------------------------------------------------------------------------------
請注意: 上述"255"這個最大極限數值,是Qmail系統能同時處理的queue的最大極限,請不要把它誤解為Qmail單位時間內能處理的郵件數量.假設在您的郵件系統中concurrencyremote所設置的并行處理量為255,而且每個queue線程的平均處理時間為3.6秒,那麼在理論上您的郵件系統每小時足以處理超過25萬封(3600x255/3.6=255,000)以上的電郵. 所以,如果您的郵件系統每天處理的郵件數目不超過100萬封的話,那麼就基本上無須更多的并行處理能力.如果您覺得確實有需要修改此最大極限值, 以讓Qmail系統有同時處理超過255個queue線程的能力,那麼您就必須修改qmail-1.03的源程序.關於如何修改此項極限值,請參考官方網站所介紹的補丁(http://qmail.org/big-concurrency.patch).

================================================================================
6) 開始安裝qmail;
================================================================================
#若前面選擇a方式,則進入並編譯qmail-1.03的目錄:
cd /usr/local/src/qmail/qmail-1.03/;
#若前面選擇b方式,則進入並編譯netqmail-1.05的目錄:
cd /usr/local/src/qmail/netqmail-1.05/netqmail-1.05;
make man;
make setup check;
觀察編譯過程中的反應,若有任何錯誤,應查明原因並修正,然後make clean,再重新編譯;
./config-fast ***please input your domain***; (請注意要用您自己的主機域名)
請注意: 上述腳本的"***please input your domain***"此處必須輸入FQDN(完全合格主機名稱)主機名稱,例如主機名稱是abc.net, 那麼就應該 是./config-fast abc.net;(在Linux下,如欲知道當前主機的名稱,可用hostname命令查看). 再次提醒: abc.net只是一個舉例, 您不應該在真實的安裝中使用.(換句話說,如果你要安裝的主機是you.net,那麼就應該執行
./config-fast you.net)
《解決方案》

第三節:安裝協助Qmail運作的工具套件
================================================================================
Qmail系統需要助手程序協助,以達到最優性能; 請檢視並安裝如下四個基本套件:
daemontools-0.76-2.i386.rpm (監視工具)
supervise-scripts-3.5-1.noarch.rpm
ucspi-tcp-0.88-2macchi1.i686.rpm (tcpsever服務程序)
ucspi-unix-0.36-2macchi1.i686.rpm

================================================================================
1)下載Qmail的ucspi-tcp相關套件(請選擇a,b或c任何一種方式均可):
================================================================================
ucspi-tcp由Dan Bernstein編寫,相關參考網址如下:
http://cr.yp.to/ucspi-tcp.html        (這是由Dan Bernstein所維護的網頁)
http://cr.yp.to/ucspi-tcp/install.html
http://smarden.org/pape/djb/        (Gerrit Pape為ucspi-tcp所做的man幫助文檔)

--------------------------------------------------------------------------------
(a) 下載編譯Tarball原代碼;
--------------------------------------------------------------------------------
下載資源: ftp://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
mkdir /usr/local/src/qmail/ucspi-tcp;
cd /usr/local/src/qmail/ucspi-tcp/;
wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz;
tar -zxvf ucspi-tcp-0.88.tar.gz;
安裝ucspi-tcp之前,需要先打上如下補丁,否則安裝可能失敗:
(a.1) 修正ucspi-tcp-0.88.isp.patch補丁;
參考網址: http://jeremy.kister.net/
cd /usr/local/src/qmail/ucspi-tcp/;
wget http://jeremy.kister.net/code/ucspi-tcp-0.88.isp.patch;
cd /usr/local/src/qmail/ucspi-tcp/ucspi-tcp-0.88/;
patch < ../ucspi-tcp-0.88.isp.patch;
注意: 本補丁不是一定必要的,但如果選擇安裝此補丁,會影響下面(2)的補丁安裝方式.使用說明: 此補丁是組合補丁,包含如下多個補丁:
- - - - - - - - - - - - - - - - - - - - - - - -
rblsmtpd-nodefaultrbl.patch
rblsmtpd-nonrecursive-v4.patch
ucspi-tcp-0.88-periplimit.7.patch
- - - - - - - - - - - - - - - - - - - - - - - -
其中periplimit補丁是用來限制連線數量的,打上此補丁后,就可以在tcp.smtp文件中設置
每個主機(以IP或C類地址來標識)的并行連線數量,設置方法如下:
vi /etc/tcp.smtp;        (此步驟留待系統安裝完成後才有效)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
:allow,MAXCONNIP="2",MAXCONNC="5"
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
上述設定的意思是: 客戶端通過SMTP連線發送電郵時,相同的IP最多可以有兩個同時進行的SMTP連線,而同一個C類地址則最多可以有五個同時進行的SMTP連線,通過控制SMTP的連線數目,就可以達到防止濫用電郵發送服務的目的.(修改完tcp.smtp后必須運行qmailctl cdb來重建資料庫才能生效)工作原理: 當SMTP連線超過MAXCONNIP或MAXCONNC時, RBLSMTPD將會設置DROPMSG變數,因此,這也就等於要求在您的SMTPD啟動腳本(/service/qmail-smtpd/run)中,必須設置 rblsmtpd,設置方法如下:
vi /service/qmail-smtpd/run;        (如下是部分內容)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
exec softlimit -m 30000000 \
tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp rblsmtpd \
/var/qmail/bin/qmail-smtpd \
/home/vpopmail/bin/vchkpw /bin/true 2>&1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(a.2) 官方網站的netqmail-1.05中關於ucspi-tcp的三個補丁;
這三個文件均可從netqmail-1.05解壓包中複製過來:
cd /usr/local/src/qmail/ucspi-tcp/;
cp /usr/local/src/qmail/netqmail-1.05/other-patches/ucspi-tcp-0.88.* ./;
cd /usr/local/src/qmail/ucspi-tcp/ucspi-tcp-0.88/;

(i) 修正ucspi-tcp-0.88.nodefaultrbl.patch        (此處不必執行)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
patch < ../ucspi-tcp-0.88.nodefaultrbl.patch;
請注意: 此補丁也是修改rblsmtpd.c文件,如果您已經按照前面的步驟(1)打了ucspi-tcp-0.88.isp.patch
補丁,那麼在此就不用再打ucspi-tcp-0.88.nodefaultrbl.patch補丁了,因為ucspi-tcp-0.88.isp.patch
補丁所做的修改與此補丁完全相同.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

(ii) 修正ucspi-tcp-0.88.a_record.patch
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
patch < ../ucspi-tcp-0.88.a_record.patch;

請注意: 此補丁修改rblsmtpd.c文件,雖然ucspi-tcp-0.88.isp.patch補丁也是修改
rblsmtpd.c文件,但兩者的修改並不相同,必須先打ucspi-tcp-0.88.isp.patch補丁,
再打ucspi-tcp-0.88.a_record.patch,先後次序不能顛倒,否則會出錯;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

(iii) 修正ucspi-tcp-0.88.errno.patch        (此處不必執行)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
patch < ../ucspi-tcp-0.88.errno.patch;
請注意: 此補丁修改error.h文件,如果您已經按照前面的步驟(1)打了ucspi-tcp-0.88.isp.patch
補丁,那麼在此就不用再打ucspi-tcp-0.88.errno.patch補丁了,因為ucspi-tcp-0.88.errno.patch
已經完全包含在ucspi-tcp-0.88.isp.patch補丁裡面.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

上述補丁打好后,就可以開始編譯:
make;
make setup check;

--------------------------------------------------------------------------------
(b) 下載RPM安裝套件包;
--------------------------------------------------------------------------------
請區分i386和i686,如果你用的是很舊的電腦,也許應該用i386,現在的電腦基本上都可用
新版的i686,除非沒有相應的版本套件.
i686版本:參考網址: http://dir.filewatcher.com/d/Other/i686/Utilities/System.0.0.htm
wget ftp://141.30.228.4/pub/mirrors/r ... 8-2macchi1.i686.rpm;
i386版本:參考官方網址: http://www.qmail.org/rpms/
wget http://www.qmail.org/rpms/RPMS/ucspi-tcp-0.88-112memphis.i386.rpm

接下來的安裝命令將用i686版本,若你選擇用i386版本,那麼安裝方法並無不同,只需將安裝文件名稱改用相關套件名稱即可.
rpm -ivh ucspi-tcp-0.88-112memphis.i386.rpm;  

--------------------------------------------------------------------------------
(c) 下載RPM資源套件包;
--------------------------------------------------------------------------------
參考網址: http://www.qmail.org/rpms/ucspi-tcp.html
wget http://www.qmail.org/rpms/SRPMS/ucspi-tcp-0.88-112memphis.src.rpm;
wget http://www.qmail.org/rpms/SPECS/ucspi-tcp.patched.spec;
參考網址: http://www.cis.fiu.edu/support/m ... redhat-contrib.html
ftp://mirrors.cs.fiu.edu/pub/mir ... 88-2macchi1.src.rpm
重建RPM套件:
rpmbuild --rebuild ucspi-tcp-0.88-112memphis.src.rpm;
--------------------------------------------------------------------------------

================================================================================
2) 下載Qmail的ucspi-unix相關套件(請選擇a,b,c或d任何一種方式均可):
================================================================================
--------------------------------------------------------------------------------
(a) 下載編譯tarball源代碼;
--------------------------------------------------------------------------------
參考網址: http://untroubled.org/ucspi-unix/
mkdir /usr/local/src/qmail/ucspi-unix/;
cd /usr/local/src/qmail/ucspi-unix/;
wget http://untroubled.org/ucspi-unix/ucspi-unix-0.36.tar.gz;
tar zxvf ucspi-unix-0.36.tar.gz;
cd ucspi-unix-0.36;
make;
./installer;
若此套件的tarball在CentOS中無法成功編譯,請參考如下方法處理:
Note: If ucspi-unix fails during compilation with an error in env.c (sysdeps.h not found) you need to get bglibs and install it. After untarring the source, cd into the directory and run "make" followed by "make install". Try recompiling ucspi-unix again. If compilation of ucspi-unix finishes without an error, type "./installer" to install binaries and manuals into /usr/local/bin and /usr/local/man, respectively. In some cases the installer gives an error "installer error: Could not change directory to '/usr/local/man'". If you got this error just type "mkdir /usr/local/man" and then "./installer" again.
如上所述,先安裝biglibs:
參考網址: http://untroubled.org/bglibs
cd /usr/local/src/qmail/ucspi-unix/;
wget http://untroubled.org/bglibs/bglibs-1.102.tar.gz;
tar zxvf bglibs-1.102.tar.gz;
cd bglibs-1.102;
make;  (請注意: 此處編譯時間比較長)
make install;
然後再次安裝ucspi-unix-0.36:
cd /usr/local/src/qmail/ucspi-unix/ucspi-unix-0.36/;
make;
./installer;
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
(b) 下載安裝RPM安裝套件包;
--------------------------------------------------------------------------------
參考網址: http://dir.filewatcher.com/d/Other/i686/Utilities/System.0.0.htm
wget ftp://141.30.228.4/pub/mirrors/r ... 6-2macchi1.i686.rpm;
rpm -ivh ucspi-unix-0.36-2macchi1.i686.rpm;
或者下載安裝Qmail官方網站的鏈接版本:
wget http://www.qmail.org/rpms/RPMS/ucspi-tcp-0.88-112memphis.i386.rpm
rpm -ivh ucspi-unix-0.36-2macchi1.i686.rpm;
--------------------------------------------------------------------------------
  
--------------------------------------------------------------------------------
(c) 下載編譯RPM資源套件包;
--------------------------------------------------------------------------------
參考網址: http://untroubled.org/ucspi-unix/
wget http://untroubled.org/ucspi-unix/ucspi-unix-0.36-1.src.rpm;
參考網址: http://www.cis.fiu.edu/support/m ... redhat-contrib.html
wget ftp://mirrors.cs.fiu.edu/pub/mir ... 36-2macchi1.src.rpm
重建RPM套件:
rpmbuild --rebuild ucspi-unix-0.36-1.src.rpm;
--------------------------------------------------------------------------------

(d) 用YUM命令安裝ucspi-unix;
--------------------------------------------------------------------------------
yum list | grep ucspi-unix;
yum install ucspi-unix;
或者:
yum update ucspi-unix;
--------------------------------------------------------------------------------

================================================================================
3) 下載Qmail的daemontools相關套件(請選擇a,b或c任何一種方式均可):
================================================================================
--------------------------------------------------------------------------------
(a) 下載編譯tarball源代碼;
--------------------------------------------------------------------------------
參考網址: http://cr.yp.to/daemontools.html
mkdir /usr/local/src/qmail/daemontools;
cd /usr/local/src/qmail/daemontools/;
wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz;
tar zxvf daemontools-0.76.tar.gz; (此處解壓后將會產生一個名為admin的目錄)需要先打補丁,否則安裝可能失敗,補丁文件可從netqmail-1.05包中複製過來:
cp ../netqmail-1.05/other-patches/daemontools-0.76.errno.patch ./;
cd admin/daemontools-0.76/src/;
patch < ../../../daemontools-0.76.errno.patch;
cd ../;
./package/install;
請注意: 安裝daemontools會檢查目錄/service,如果該目錄已經存在,daemontools會假設svscan已經安裝,而不會自動在/etc/inittab中添加內容,從而導致svscan無法啟動. 因此在安裝之前應先刪除/service目錄,否則就需要在安裝之後,再手工修改/etc/inittab配置,加上如下一行內容:
vi /etc/inittab;
- - - - - - - - - - - - - - - - - - - -
SV:123456:respawn:/command/svscanboot
- - - - - - - - - - - - - - - - - - - -
也可以乾脆刪除/service目錄,然後再安裝daemontools一次.如果安裝成功,可用如下命令啟動svscan服務:
telinit q;
ps -ef | grep svscan;        (檢查啟動結果)
建議: 因為下面的另一個RPM套件supervise-scripts無法用tarball資源方式安裝,而且它依賴daemontools的RPM套件,所以現在本系統只能採用RPM或者YUM方式來安裝daemontools,因此建議用下面的(b)方式安裝daemontools的rpm套件包)
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
(b) 下載daemontools的rpm套件包;
--------------------------------------------------------------------------------
請參考網址:
http://www.qmail.org/rpms/daemontools.html
http://summersoft.fay.ar.us/pub/qmail/daemontools/
mkdir /usr/local/src/qmail/daemontools;
cd /usr/local/src/qmail/daemontools/;
wget http://summersoft.fay.ar.us/pub/ ... ols-0.76-2.i386.rpm;
rpm -ivh daemontools-0.76-2.i386.rpm;
或者下載安裝Qmail官方網站的鏈接版本:
wget http://www.qmail.org/rpms/RPMS/d ... 112memphis.i386.rpm;
rpm -ivh daemontools-0.76-112memphis.i386.rpm;
注: 還不知道兩個RPM的分別,猜測官方網站的版本應該是最新的吧.
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
(c) 用YUM命令安裝daemontools;
--------------------------------------------------------------------------------
yum list | grep daemontools;
yum install daemontools;
或者:
yum update daemontools;
--------------------------------------------------------------------------------
注意: 因為下面的另一個RPM套件supervise-scripts無法用tarball資源方式安裝,而且它
依賴daemontools的RPM套件,所以本系統目前只能採用RPM或YUM方式來安裝daemontools.
================================================================================


================================================================================
4) 下載Qmail的supervise-scripts相關套件(請選擇a,b或c任何一種方式均可):
================================================================================
--------------------------------------------------------------------------------
(a) 下載編譯tarball源代碼;
--------------------------------------------------------------------------------
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(i) 先安裝bglibs;        (若前面安裝ucspi-unix時已經安裝過bglibs,就不用再安裝了)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
參考網址: http://untroubled.org/bglibs/
cd /usr/local/src/qmail/;
wget http://untroubled.org/bglibs/bglibs-1.102.tar.gz;
tar zxvf bglibs-1.102.tar.gz;
cd bglibs-1.102;
make;
make install;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(ii) 再安裝supervise-scripts-3.5.tar.gz;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
參考網址: http://untroubled.org/supervise-scripts/

mkdir /usr/local/src/qmail/supervise-scripts/;
cd /usr/local/src/qmail/supervise-scripts/;
wget http://untroubled.org/supervise- ... -scripts-3.5.tar.gz;
tar zxvf supervise-scripts-3.5.tar.gz;
cd supervise-scripts-3.5;
make install-config;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

注意: 此tarball資源無法在CentOS中安裝,原因不詳,請使用下面(b或c)方式來安裝.
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
(b) 下載supervise-scripts-3.5-1.noarch.rpm套件包;
--------------------------------------------------------------------------------
請參考網址: http://untroubled.org/supervise-scripts/
wget http://untroubled.org/supervise- ... ts-3.5-1.noarch.rpm;
rpm -ivh supervise-scripts-3.5-1.noarch.rpm;
請注意: supervise-scripts-3.5在CentOS5中安裝會出現錯誤,錯誤信息顯示如下:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Preparing...                ###########################################
   1:supervise-scripts      ###########################################
tail: cannot open `+23' for reading: No such file or directory
error: %post(supervise-scripts-3.5-1.noarch) scriptlet failed, exit status 1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(請按下面(d)步驟方法進行修正)
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
(c) 用YUM命令安裝supervise-scripts;
--------------------------------------------------------------------------------
yum list | grep supervise-scripts;
yum install supervise-scripts;
或者:
yum update supervise-scripts;
請注意: supervise-scripts-3.5在CentOS5中安裝會出現錯誤,請按(d)步驟修正;
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
(d) 檢查安裝結果,並修正錯誤:        vi /etc/inittab;        
--------------------------------------------------------------------------------
(d.1) 在第22行之後插入如下兩行:
SV:2345:respawn:/usr/bin/svscan-start /service
SX:S016:wait:/usr/bin/svscan-stopall /service

(d.2) 或者在最後面加入如下一行:
SV:123456:respawn:env - PATH=/usr/local/bin:/usr/sbin:/usr/bin:/bin svscan /service < /dev/null > /dev/console 2> /dev/console
注意: 因為supervise-scripts-3.5在某些系統下無法正確安裝,必須手工修正上述部分內容;
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
(e) 令init啟動svscan:
--------------------------------------------------------------------------------
telinit q;
或者:
kill -1 1;
ps -ef | grep svscan;        (檢查啟動結果)
《解決方案》

第四節:安裝vpopmail虛擬域名管理系統
----------------------------------------------------------------------------------------------------------------------------------------
1) 在MySQL中建立vpopmail資料庫;
----------------------------------------------------------------------------------------------------------------------------------------
CREATE DATABASE vpopmail;
GRANT SELECT ON vpopmail.* TO vpopmailread@localhost IDENTIFIED BY 'uBeSfIFmaRkwL';
GRANT ALL ON vpopmail.* TO vpopmail@localhost IDENTIFIED BY 'xLwMvPjDkZFLaEnQy';
quit;

注意: 此處授權兩個用戶訪問vpopmail資料庫,分別是vpopmailread和vpopmail,請記住其
對應的密碼,因為下面配置VPOPMAIL系統訪問此資料庫的時候,需要使用這些密碼. 請不要
使用過於簡單的密碼或者預設的密碼,以提高系統的安全性.

----------------------------------------------------------------------------------------------------------------------------------------
2) 添加vpopmail運行身份的用戶和組;
----------------------------------------------------------------------------------------------------------------------------------------
/usr/sbin/groupadd -g 809 vchkpw;
/usr/sbin/useradd -g vchkpw -u 809 vpopmail;

----------------------------------------------------------------------------------------------------------------------------------------
3) 下載和安裝VPOPMAIL;
----------------------------------------------------------------------------------------------------------------------------------------
參考網站:
http://www.inter7.com/index.php?page=vpopmail
下載資源:
mkdir /usr/local/src/qmail/vpopmail;
cd /usr/local/src/qmail/vpopmail/;
wget http://jaist.dl.sourceforge.net/ ... pmail-5.4.17.tar.gz;
wget http://jaist.dl.sourceforge.net/ ... pmail-5.4.18.tar.gz;
wget http://jaist.dl.sourceforge.net/ ... mail-5.4.19a.tar.gz;
-------------------------------------------------------------------------------
請注意: vpopmail-5.4.18存在問題,它包含了一個新功能,可以在執行增加或者修改的命令(即是/var/qmail/bin目錄下的工具程序)之後,以及刪除命令之前執行一個指定路徑下名為nchange的腳本文件.此功能在安裝時使用選項enable-onchange-script來指定是否啟用,但事實上,即使未指定次選項,或者指定enable-onchange-script=n,都會自動安裝此功能,結果是當執行Qmail的bin目錄下的命令之後,就會出現如下錯誤:
ONCHANGE script /home/vpopmail/etc/onchange not found.
或者:
ONCHANGE script /home/vpopmail/etc/onchange unable to fork.

如下是README.onchange中的說明:
If --enable-onchange-script is added to the ./configure commandmany vpopmail commands, and calls into the library will call thescript ~vpopmail/etc/onchange.  Commands that add or update call the script after making their changes.  Commands that delete something call the script before doing the delete.
網上也有修補onchange漏洞的報告,但未修補此安裝漏洞,如果不用此功能,如下修補就不必了;
wget http://qmail.jms1.net/patches/vpopmail-5.4.18-onchange.fix.patch;
wget http://qmail.jms1.net/patches/vpopmail-5.4.18-onchange.fix.patch;
tar zxvf vpopmail-5.4.19a.tar.gz;
cd vpopmail-5.4.19;
patch < ../vpopmail-5.4.18-onchange.fix.patch;
記錄說明: 即使指定選項enable-onchange-script=n,也不能停止使用onchange功能;
-------------------------------------------------------------------------------
因為下面的編譯需要指定tcp.smtp文件,因此系統若無此文件,就必須先新建一個:
echo '127.0.0.1:allow,RELAYCLIENT=""' > /etc/tcp.smtp;
#MySQL在/var/lib/mysql/目錄下未重新編譯或者以yum安裝;
./configure \
--enable-auth-logging=y \
--enable-logging=v \
--enable-log-name=vpopmail \
--enable-auth-module=mysql \
--enable-roaming-users=y \
--enable-onchange-script=n \
--enable-sqwebmail-pass=n \
--enable-many-domains=n \
--enable-passwd=y \
--disable-clear-passwd \
--enable-tcpserver-file=/etc/tcp.smtp \
--enable-incdir=/usr/include/mysql \
--enable-libdir=/usr/lib/mysql \
--enable-libs=mysqlclient \
--enable-ip-alias-domains=y \
--enable-qmail-ext=y \
--enable-mysql-replication=n \
--enable-valias=n
-----------------------------------------------
#MySQL在/var/lib/mysql/目錄下重新編譯過;
./configure \
--enable-auth-logging=y \
--enable-logging=v \
--enable-log-name=vpopmail \
--enable-auth-module=mysql \
--enable-roaming-users=n \
--enable-onchange-script=n \
--enable-sqwebmail-pass=n \
--enable-many-domains=n \
--enable-passwd=y \
--disable-clear-passwd \
--enable-tcpserver-file=/etc/tcp.smtp \
--enable-incdir=/var/lib/mysql/include/mysql \
--enable-libdir=/var/lib/mysql/lib/mysql \
--enable-libs=mysqlclient \
--enable-ip-alias-domains=y \
--enable-qmail-ext=y \
--enable-mysql-replication=n \
--enable-valias=n
-----------------------------------------------
#MySQL在/usr/local/mysql/目錄下;
./configure \
--enable-auth-logging=y \
--enable-logging=v \
--enable-log-name=vpopmail \
--enable-auth-module=mysql \
--enable-roaming-users=n \
--enable-onchange-script=n \
--enable-sqwebmail-pass=n \
--enable-many-domains=n \
--enable-passwd=y \
--disable-clear-passwd \
--enable-tcpserver-file=/etc/tcp.smtp \
--enable-incdir=/usr/local/mysql/include/mysql \
--enable-libdir=/usr/local/mysql/lib/mysql \
--enable-libs=mysqlclient \
--enable-ip-alias-domains=y \
--enable-qmail-ext=y \
--enable-mysql-replication=n \
--enable-valias=n
-----------------------------------------------
make;
make install-strip;
注意事項:
-------------------------------------------------------------------------------
(a)在CentOS系統中,tcp.smtp路經是/etc/tcp.smtp,必須設定如下:
--enable-tcpserver-file=/etc/tcp.smtp
也可用'whereis tcp.smtp'來確定一下tcp.smtp的路經.

(b)MySQL的路經也要符合系統的真實情況,如果手工編譯的,可能是如下:
--enable-incdir=/usr/local/mysql/include/mysql \
--enable-libdir=/usr/local/mysql/lib/mysql \

(c)完全禁止SMTP轉發:
--enable-roaming-users=n        #禁止漫遊
--enable-roaming-users=y        #允許漫遊
持漫遊用戶的原理是:當某個漫遊用戶通過pop3取信以,則在某段時間內允許該地址通過郵件服務器轉發信件。vpopmail安裝完成後,通過cron來定時運行程序如下:
40 * * * * /home/vpopmail/bin/clearopensmtp 2>&1 > /dev/null
也就是每40分鐘清除允許relay的IP地址的列表,則當某個用戶首先通過pop3取信件(因為通過pop3收取信件是需要認証的,則可以保証這是合法的用戶)結束以,則用戶在來的40分鐘以內可以通過該郵件系統轉發郵件,之後就不允許通過該系統轉發郵件。

(d)關於是否替每個domains建立一個table的優化選擇:
預設的編譯設置下,vpopmail會替每個domains建立一個table(--disable-many-domains),來保存這個domains管理和賬戶資料.但其實vpopmail也可以將所有domains的賬戶資料都保存在一個table裡面. 如果您有大量的域名,而且每個域名只有少量帳號(例如5-10個),那麼採用每個域名用各自的數據表的方式,將會降低性能.這種情況下若採用所有域名保存在同一個數據表的方法(--enable-many-domains),可能會更好.
-------------------------------------------------------------------------------

----------------------------------------------------------------------------------------------------------------------------------------
4) 建立vpopmail用以連接MySQL資料庫的配置文檔;
----------------------------------------------------------------------------------------------------------------------------------------
vpopmail系統將採用先前建立資料庫時候所授權的用戶vpopmailread和vpopmail來訪問MySQL,您必須在此處填入這兩個用戶的密碼.
vi /home/vpopmail/etc/vpopmail.mysql;
-------------------------------------------------------------------------------
# MYSQL CONNECTION SETTINGS FOR VPOPMAIL
#
# Line 1 defines the connection to use for database reads,
# Line 2 defines the connection to use for database updates/writes.
#
# If you omit line 2, then the same settings will be
# used for both read and write.
#
# settings for each line:
# host|port|user|password|database
#
localhost|0|vpopmailread|uBeSfIFmaRkwL|vpopmail
localhost|0|vpopmail|xLwMvPjDkZFLaEnQy|vpopmail
#
# Note:
#   The value of host may be either a hostname or an IP address.
#   If host is 'localhost', then sockets (Unix) or named pipes (Windows)
#   will be used instead of TCP/IP to connect to the server.
-------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
5) 調整預設的配額文件(可按適合自己的需求來調整);
----------------------------------------------------------------------------------------------------------------------------------------
vi /home/vpopmail/etc/vlimits.default;
-------------------------------------------------------------------------------
maxpopaccounts          5
maxforwards             -1
maxautoresponders       -1
maxmailinglists         X
# quota for entire domain, in megabytes
# example shows a domain with a 100MB quota and a limit of 10,000 messages
#quota                  100
quota                   150
#maxmsgcount            10000

# default quota for newly created users (in bytes)
# example shows a user with a 20MB quota and a limit of 1000 messages
default_quota           31457280
#default_maxmsgcount    1000
-------------------------------------------------------------------------------

----------------------------------------------------------------------------------------------------------------------------------------
6) 設置自動運行;
----------------------------------------------------------------------------------------------------------------------------------------
vi /etc/crontab;        #設置每小時的第40分鐘重置一下漫遊列表
-------------------------------------------------------------------------------
40 * * * * root /home/vpopmail/bin/clearopensmtp 2>&1 > /dev/null
-------------------------------------------------------------------------------

----------------------------------------------------------------------------------------------------------------------------------------
7) 建立一個名為test.com的測試虛擬域:
----------------------------------------------------------------------------------------------------------------------------------------
/home/vpopmail/bin/vadddomain test.com;
/home/vpopmail/bin/vadduser user1@test.com; (根據提示設定user1@test.com的口令)
/home/vpopmail/bin/vdeluser user1@test.com;
/home/vpopmail/bin/vdeldomain test.com;
提示: 執行vdeldomain會即時更新qmail系統文件,例如重生/var/qmail/users/cdb資料庫;

----------------------------------------------------------------------------------------------------------------------------------------
8) 建立一個開設新郵件域名的perl腳本;
----------------------------------------------------------------------------------------------------------------------------------------
vi /home/vpopmail/bin/adddomain.pl;
-------------------------------------------------------------------------------
#!/usr/bin/perl
$c="";
$str="";
$n="";
$num="";
$path="";

print "please input the new domain:";
while($c ne "\n") {
  $str=$str.$c;
  $c=getc();
}
`/home/vpopmail/bin/vadddomain $str`;
print "domain $str has been create success\n";

while(1) {
  print "please set the pop user quota for the domain:";
  while($n ne "\n") {
    $num=$num.$n;
    $n=getc();
  }
  if(!($num=~m/[^0-9]/)) {
    $quota=$num;
    last;
  }
  $num="";
  $n="";
}

$path=`/home/vpopmail/bin/vdominfo -d $str`;
$path=~s/[\s\r]//g;
$file="$path/.qmailadmin-limits";
open(FD,">$file");
print FD "maxpopaccounts $quota";
print FD "\n";
print FD "maxmailinglists 0\n";
print FD "maxforwards -1\n";
print FD "maxautoresponders -1\n";
print FD "maxmailinglists X\n";
print FD "default_quota 31457280\n";
$domainquota=$quota*30;
print FD "quota $domainquota";
print FD "\n";
close(FD);
`chmod g-w $file`;
print "set quota success!\n";
-------------------------------------------------------------------------------
chmod 755 /home/vpopmail/bin/adddomain.pl;
請注意: 因為qmail的domains目錄下預設只保存100個域名,當超過100個的時候qmail會自動增加子目錄,子目錄名稱按數字(0-9)和大寫字母(A-Z)排列. 上述腳本經過修改之後,可支持子目錄自動定位(即可在增加新Domain后,立即取出新Domain的路徑).說明: 上述腳本執行後,除了在vpopmail和qmail系統中添加域名之外,還會添加一個名為".qmailadmin-limits"的配額設置文檔;可參考如下範例來開設虛擬域名:
/home/vpopmail/bin/adddomain.pl;
-------------------------------------------------------------------------------
Please input the new domain:home.uplooking.com
Please enter password for postmaster:
enter password again:
ONCHANGE script /home/vpopmail/etc/onchange not found.
domain home.uplooking.com has been create success
Please set the pop user quota for the domain:5
set quota success!
-------------------------------------------------------------------------------

vi /home/vpopmail/domains/home.uplooking.com/.qmailadmin-limits;        (檢查配額內容)
-------------------------------------------------------------------------------
maxpopaccounts 5
maxmailinglists 0
maxforwards -1
maxautoresponders -1
maxmailinglists X
default_quota 31457280
quota 150
-------------------------------------------------------------------------------
《解決方案》

第五節: 安裝病毒郵件防護系統ClamAV
Clam AntiVirus是專為UNIX而設的GPL防毒軟體,主要用於郵件伺服器(附件掃描)。整套軟體包括多執行緒常駐程式、指令式掃描器和自動網上更新工具(作為優秀的防毒軟體,最重要的當然是經常更新病毒資料庫)。透過這些由Clam AntiVirus套裝軟體所分發的共用檔案庫程式,讓您自由結合軟體.
以下是其主要功能:
-------------------------------------------------------------------------------
指令式掃描器
快速及多執行緒的常駐程式
可結合sendmail使用的milter介面
支援數碼簽署的病毒資料庫更新功具
病毒掃描器C檔案庫
on-access掃描功能(Linux&reg;及FreeBSD&reg;)
每天多次更新病毒資料庫(病毒識別碼的總數可參閱網頁)
內置支援RAR (2.0)、Zip、Gzip、Bzip2、Tar、MS OLE2、MS Cabinet檔案、MS CHM (壓縮HTML)、MS SZDD
內置支援mbox、Maildir和原始郵件檔案
內置支援用UPX、FSG和Petite壓縮的Portable Executable檔案
-------------------------------------------------------------------------------

ClamAV的基本安裝包含了三個二進位工具(在/usr/bin目錄下):
-------------------------------------------------------------------------------
freshclam - As you know an anti-virus solution is only as good as the latest virus updates it has. This tool is used to update the virus databases on your system. It downloads the latest virus updates from the internet and keeps your anti-virus solution upto date.

clamscan - This is the tool that actually checks your files to see if they are infected.

sigtool - When you download the latest virus updates from the net, there should be a way of verifying the validity of the update. This is achieved by the sigtool. It is used to verify the digital signatures of databases and list virus signature names among other things.
-------------------------------------------------------------------------------

===============================================================================
1) 檢查系統所需相關套件和用戶帳號(ClamAV需要zlib,bzip和gmp套件支持):
===============================================================================
-------------------------------------------------------------------------------
用RPM命令檢查是否已經安裝如下套件:
-------------------------------------------------------------------------------
rpm -qa | grep zlib;
rpm -qa | grep zlib-devel;
rpm -qa | grep bzip2;
rpm -qa | grep bzip2-devel;
rpm -qa | grep gmp;
rpm -qa | grep gmp-devel;
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
如果沒有安裝相關套件,可用如下命令安裝:
-------------------------------------------------------------------------------
yum install zlib;
yum install zlib-devel;
yum install bzip2;
yum install bzip2-devel;
yum install gmp;
yum install gmp-devel;
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
檢查openssl套件:
-------------------------------------------------------------------------------
rpm -qa | grep openssl;
yum list | grep openssl;        #檢查是否需要安裝或更新

yum install openssl;
yum update openssl;
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
建立用戶帳戶:
-------------------------------------------------------------------------------
如果是第一次安裝,系統應該還沒有相關帳號,就要新建立:
groupadd clamav;
useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav;
請注意: 後面將介紹的RPM和YUM安裝方法會自動安裝用戶帳號,如果採用這兩種方法安裝,可以忽略建立用戶的步驟; 但為了提高安全性和統一性, 建議一併使用上述命令手工建立用戶帳戶.請注意: 因為本系統的clamav將要結合qmail-scanner來掃描電郵,即通過 qmail-scanner腳本來調用ClamAV的掃描功能, 因此ClamAV的日誌文件許可權必須設置成qmail-scanner的執行者具有讀寫權限,否則會導致無法接受電郵;
-------------------------------------------------------------------------------

===============================================================================
2) 安裝ClamAV防病毒系統(如下A,B和C三種方法可任選其一);
===============================================================================
-------------------------------------------------------------------------------
A) YUM在線安裝方法(簡單方便,推薦用此方法):
-------------------------------------------------------------------------------
yum list clamav;
yum install clamav;                (會連帶自動安裝clamav-db)
yum install clamav-devel;
yum install clamav-milter;        (僅sendmail需要,會連帶自動安裝clamd)
yum install clamd;                (若不安裝clamav-milter,就必須自行安裝clamd)
請注意: clamav-milter是專門為sendmail而設計的快速呼叫程序,如果您不使用sendmail,或者想通過mail-scanner之類的腳本來呼叫ClamAV,則不必安裝和啟動clamav-milter.
vi /etc/passwd;                #為提高安全性,請將bash項目改為/bin/false,如下所示:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
clamav:x:104:104:Clam Anti Virus Checker:/var/clamav:/bin/false
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
請注意: /etc/shells 中必須有 /bin/false
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
B) RPM安裝方法;
-------------------------------------------------------------------------------
參考網站:
http://www.clamav.net/
http://www.clamav.net/download/sources/
http://crash.fce.vutbr.cz/crash-hat/5/clamav/
下載RPM套件:
wget http://crash.fce.vutbr.cz/crash- ... v-0.90.1-0.i386.rpm;
wget http://crash.fce.vutbr.cz/crash- ... b-0.90.1-0.i386.rpm;
wget http://crash.fce.vutbr.cz/crash- ... l-0.90.1-0.i386.rpm;
wget http://crash.fce.vutbr.cz/crash- ... r-0.90.1-0.i386.rpm;
wget http://crash.fce.vutbr.cz/crash- ... r-0.90.1-0.i386.rpm;
wget http://crash.fce.vutbr.cz/crash-hat/5/clamav/clamav.spec;
下載RPM資源:#如有需要,可用此src資源rebuild符合當前系統需要的rpm套件
wget http://crash.fce.vutbr.cz/crash- ... av-0.90.1-0.src.rpm;
rpm -ivh clamav-0.90.1-0.i386.rpm;
rpm -ivh clamav-db-0.90.1-0.i386.rpm;
rpm -ivh --nodeps clamav-milter-0.90.1-0.i386.rpm;
rpm -ivh clamav-server-0.90.1-0.i386.rpm;
請注意: 安裝clamav-milter時會尋找sendmail和sendmail-cf依賴關系,因此可用nodeps參數忽略其依賴關系.
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
C) 二進位資源安裝方法(本系統必須使用此安裝方法);
-------------------------------------------------------------------------------
wget http://freshmeat.net/redir/clama ... lamav-0.90.1.tar.gz;
wget http://freshmeat.net/redir/clama ... lamav-0.90.3.tar.gz;
tar zxvf clamav-0.90.1.tar.gz;
cd clamav-0.90.1;
請注意: 此處編譯的關鍵地方是指定了 ClamAV 的運行者, 因此必須先建立相關用戶和組.例如, 如果您打算採用(b)方式, 在下面的配置選項中指定用戶 qscand 作為運行 ClamAV的使用者身份,那麼請先執行如下增加用戶的Linux命令:
groupadd qscand;
useradd -g qscand -s /bin/false -c "Qmail-Scanner Account" qscand;
打補丁,新版本不用打)
wget http://www.fehcom.de/qmail/spamc ... .88.2_output.patch_;
請注意: 最新版補丁其實是包含在spamcontrol的資源中:
cp /usr/local/src/qmail/qmail-1.03/*_output.patch_ ./
tar zxvf clamav-0.90.3.tar.gz;
cd clamav-0.90.3;
patch ../*_output.patch_;

(a)指定用戶clamav和組clamav來運行clamd:
./configure \
--sysconfdir=/etc \
--with-user=clamav \
--with-group=clamav \
--enable-milter;

(b)指定以root來運行clamd,以結合QHPSI的掃描方法:
./configure \
--sysconfdir=/etc \
--with-user=root \
--with-group=root \
--disable-zlib-vcheck \
--enable-milter;

(c)指定用戶qscand和組qscand來運行ClamAV,以結合後面qmail-qscand的安裝:
./configure \
--sysconfdir=/etc \
--with-user=qscand \
--with-group=qscand \
--disable-zlib-vcheck \
--enable-milter;

注意: 因為本系統需要結合qmail-qscand來執行病毒掃描和用syslog來記錄日誌,所以若在
此編譯步驟中指定用戶qscand來運行ClamAV, 就可以統一上述兩個系統的使用者,否則將要
在後面相關步驟中修改ClamAV的日誌文檔的屬性,令qmail-qscand的腳本有權讀寫ClamAV的
日誌文檔.如果選擇使用QHPSI來調用ClamAV,那麼...???...
make;
make install;
請注意: 用tar資源安裝的預設路徑是/usr/local/bin/,若設置QHPSI請留意匹配相應設置.
-------------------------------------------------------------------------------

===============================================================================
3) 配置和調整ClamAV的設置;
===============================================================================
-------------------------------------------------------------------------------
(a) 設置系統自動啟動clamav-milter和clamd;
-------------------------------------------------------------------------------
chkconfig clamav-milter on
chkconfig clamd on
service clamav-milter start
service clamd start
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
(b) 修改設置文檔;
-------------------------------------------------------------------------------
vi /etc/sysconfig/clamav-milter;        #預設符合要求,一般不用修改
vi /etc/freshclam.conf;        #必須按說明註釋掉freshclam.conf開頭處一行如下:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Comment or remove the line below.
#Example                #註釋此行,設置此行沒有任何意義,只是確保執行修改動作
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
vi /etc/clamd.conf;        #必須按說明註釋掉clamd.conf開頭處一行如下:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Comment or remove the line below.
#Example                #註釋此行,設置此行沒有任何意義,只是確保執行修改動作
ScanMail yes                #必須打開ScanMail這個選項(其實默認已經開啟)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

請注意: 為保證安全,千萬不要打開Clam AntiVirus的二進位執行文件的SGID和SUID;
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
(c) 調整sendmail的掃描參數(如果您需要sendmail的話);
-------------------------------------------------------------------------------
ClamAV-milter是專門給sendmail呼叫用的,因此必須修改sendmail設定.如果您不需要直接由sendmail呼叫ClamAV-milter,例如是利用MailScanner來呼叫ClamAV的, 那麼您就不需要啟動ClamAV-milter(其實根本都不用安裝ClamAV-milter),但是可能要另外安裝 ClamAV 的perl module.如果安裝clamav-milter時未取消sm-client的支持,那麼當clamav-milter啟動時候,它就會自動檢查 /etc/mail/sendmail.cf 中是否已經配置了相應的掃描選項, 若檢查不到相應的掃描設置, clamav-milter 就無法正常啟動, 而必須先在 /etc/mail/sendmail.mc 中設置clmilter掃描選項,然後再編譯成/etc/mail/sendmail.cf控制文檔,或者乾脆刪除sendmail,令clamav-milter無法尋找到/etc/mail/sendmail.cf.
設置sendmail調用clamav-milter掃描功能的方法如下:
vi /etc/mail/sendmail.mc;        (必須在OSTYPE(`linux')dnl之後)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
OSTYPE(`linux')dnl
INPUT_MAIL_FILTER(`clmilter',`S=local:/var/clamav/clmilter.socket,T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS',`clmilter')
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

請注意:如果你也同時使用 milter-greylist,應該先放 milter-greylist 的設定,然後才放 clamav-milter。這樣當一封電子郵件到達時,Sendmail 會先呼叫 milter-greylist然後才呼叫 clamav-milter。整個設定如下:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
OSTYPE(`linux')dnl
INPUT_MAIL_FILTER(`greylist',`S=local:/var/milter-greylist/milter-greylist.sock')
define(`confMILTER_MACROS_CONNECT', `j, {if_addr}')
define(`confMILTER_MACROS_HELO', `{verify}, {cert_subject}')
define(`confMILTER_MACROS_ENVFROM', `i, {auth_authen}')
INPUT_MAIL_FILTER(`clamav-milter',`S=local:/var/run/clamav/clamav-milter.sock,F=, T=S:4m;R:4m')dnl
define(`ConfINPUT_MAIL_FILTERS', `clamav-milter')dnl
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

make -C /etc/mail;                (重新編譯sendmail.cf控制文檔)
service sendmail restart;
請注意: 因為本系統無需使用sendmail功能,上述設置只是因為clamav-milter安裝時需要尋找sm-client的支持,因此順便介紹一下在sendmail系統中使用clamav的方法. 如果覺得上述配置比較麻煩,那麼建議您在安裝clamav-milter時候用--nodeps參數取消 sm-client的支持,這樣就可以忽略本步驟.
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
(d) 啟動 clamav 相關服務:
-------------------------------------------------------------------------------
service clamd start;
service clamav-milter start;        (啟動clamav-milter可能需時較長)
-------------------------------------------------------------------------------

===============================================================================
4) 測試並設置定時更新任務,並觀察返回信息:
===============================================================================
-------------------------------------------------------------------------------
測試更新命令是否能順利執行:
-------------------------------------------------------------------------------
/usr/bin/freshclam;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ClamAV update process started at Fri Mar 30 10:00:53 2007
main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder: tkojm)
daily.inc is up to date (version: 2965, sigs: 20319, f-level: 14, builder: ccordes)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ll /var/log/clamav/freshclam.log;        #檢查一下更新記錄檔
如果返回錯誤信息,或者沒有生成更新日誌文檔,請按如下步驟處理后在測試:
touch /var/log/clamav/freshclam.log;
chmod 600 /var/log/clamav/freshclam.log;
對應前面的安裝所用的用戶身份,請確保此目錄的屬性有相應許可權:
chown -R clamav.clamav /var/log/clamav/;
注意: 此處測試用clamav來設置日誌文檔的許可權, 如果您要在後面的安裝中使用clamav結合qmail-scanner來掃描電郵(即通過qmail-scanner來調用ClamAV,而非使用QHPSI), 那麼後面的安裝步驟全部完成後,ClamAV的日誌文件許可權必須設置成qmail-scanner的執行者有權讀寫;
說明: 可用如下參數,指定更新日誌文檔;
/usr/bin/freshclam --quiet -l /var/log/clam-update.log
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
設置定時更新病毒庫的任務:
-------------------------------------------------------------------------------
vi /etc/crontab;        #如下定時任務中使用了--quiet參數,將不返回非錯誤信息
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
26 03 * * * root /usr/bin/freshclam --quiet
38 15 * * * root /usr/bin/freshclam --quiet
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
請注意: 按照官方網站的建議,因為大部分用戶預設在每小時的開頭0-3分鐘更新,造成網路
非常擁塞,請盡量在別的分鐘段內執行更新任務;
-------------------------------------------------------------------------------
《解決方案》

第六節:安裝垃圾郵件過濾系統SpamAssassin
===============================================================================
1) 安裝Mail-SpamAssassin(可按如下A和B方法任選其一);
===============================================================================
-------------------------------------------------------------------------------
A) YUM安裝方法:
-------------------------------------------------------------------------------
rpm -qa | grep spamassassin;        #檢查是否已經安裝
yum list | grep spamassassin;       #檢查可用資源
yum install spamassassin;           #新安裝
或者:
yum update spamassassin;            #更新
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
B) TAR資源安裝方法:
-------------------------------------------------------------------------------
參考網站: http://spamassassin.apache.org/
下載資源: http://spamassassin.apache.org/downloads.cgi?update=200702131100
mkdir /usr/local/src/qmail/spamassassin;
cd /usr/local/src/qmail/spamassassin/;
wget http://apache.hkmirror.org/spama ... sassin-3.1.8.tar.gz;
或者:
wget http://apache.hkmirror.org/spama ... sassin-3.2.1.tar.gz;
tar zxvf Mail-SpamAssassin-3.2.1.tar.gz;
cd Mail-SpamAssassin-3.2.1;
請注意,安裝TAR之前,應先檢查系統是否安裝了預設的RPM:
rpm -qa | grep spam;
如有安裝RPM,可以先刪除:
rpm -e spamassassin;
export LANG=en_US;
perl Makefile.PL;
make;
make install;
如有需要,可將tar資源編譯成rpm資源:
rpmbuild -tb Mail-SpamAssassin-3.1.8.tar.gz;
ls /usr/src/redhat/BUILD/Mail-SpamAssassin-3.1.8;
-------------------------------------------------------------------------------

===============================================================================
2) 調整配置Mail-SpamAssassin;
===============================================================================
增加一個用來運行Mail-SpamAssassin的用戶:
groupadd spamd;
useradd -g spamd -s /bin/false spamd;
vi /etc/sysconfig/spamassassin;        #指定Mail-SpamAssassin以上述用戶運行,改成如下:
-------------------------------------------------------------------------------
# Options to spamd
#SPAMDOPTIONS="-d -c -m5 -H"                        #這是原文
SPAMDOPTIONS="-x -u spamd -H /home/spamd -d"        #改成如此
-------------------------------------------------------------------------------
請注意: 如果用TAR安裝,可能不存在上述文件,那麼則新建即可;
vi /etc/mail/spamassassin/local.cf;                #設置掃描參數
-------------------------------------------------------------------------------
# SpamAssassin config file for version 2.5x
# generated by http://www.yrex.com/spam/spamconfig.php (version 1.01)
# How many hits before a message is considered spam.
required_hits           5.0
# Whether to change the subject of suspected spam
rewrite_subject         1
# Text to prepend to subject if rewrite_subject is used
subject_tag             *****SPAM*****
# Encapsulate spam in an attachment
report_safe             1
# Use terse version of the spam report
use_terse_report        0
# Enable the Bayes system
use_bayes               1
# Enable Bayes auto-learning
auto_learn              1
# Enable or disable network checks
skip_rbl_checks         0
use_razor2              1
use_dcc                 1
use_pyzor               1
# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
# - chinese english
ok_languages            zh en
# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales              en zh
-------------------------------------------------------------------------------

請注意: 上述設置在升級到3.2.1之後會報錯,是因為相關參數名稱已改,請用如下設置:
-------------------------------------------------------------------------------
# This is the right place to customize your installation of SpamAssassin.
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
# Only a small subset of options are listed below
###########################################################################
#   Add *****SPAM***** to the Subject header of spam e-mails
rewrite_header Subject *****SPAM*****
#   Save spam messages as a message/rfc822 MIME attachment instead of
#   modifying the original message (0: off, 2: use text/plain instead)
report_safe 1
#   Set which networks or hosts are considered 'trusted' by your mail
#   server (i.e. not spammers)
# trusted_networks 212.17.35.
#   Set file-locking method (flock is not safe over NFS, but is faster)
# lock_method flock
#   Set the threshold at which a message is considered spam (default: 5.0)
required_score 5.0
#   Use Bayesian classifier (default: 1)
use_bayes 1
#   Bayesian classifier auto-learning (default: 1)
bayes_auto_learn 1
#   Set headers which may provide inappropriate cues to the Bayesian
#   classifier
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status
# Use terse version of the spam report
#use_terse_report        0
# Enable Bayes auto-learning
#auto_learn              1
# Enable or disable network checks
skip_rbl_checks         0
use_razor2              1
#use_dcc                 1
use_pyzor               1
# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
# - chinese english
#ok_languages            zh en
# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales              en zh
-------------------------------------------------------------------------------

相關說明:
required_hits           5.0 (點數超過5就認為是垃圾郵件)
===============================================================================

===============================================================================
3) 設置開機自動運行:
===============================================================================
檢查如下文件是否存在:
ll /etc/rc.d/init.d/spamassassin;
檢查系統是否已經設置spamassassin服務:
setup->System Service
尋找是否有名為spamassassin的服務存在,如果有,則加上*標記,設置為開機自動啟動;
一般情況下,用YUM方法安裝,會自動設置spamassassin服務,如果用TAR資源安裝,則必須手工設置(為了區別系統原先預設的spamassassin服務名稱,可使用另一個名稱,如spamd:
cp spamd/redhat-rc-script.sh /etc/rc.d/init.d/spamd;
chkconfig --add spamd;             #將init.d目錄下名為spamd的程序設置為service服務
chkconfig spamd on;                #將服務spamd設置為開機自動啟動
/etc/rc.d/init.d/spamd start;        #手工啟動spamd
或者:
/etc/rc.d/init.d/spamassassin start;
測試掃描功能:
spamassassin -t < sample-spam.txt;
spamassassin -t < sample-nonspam.txt;

檢查掃描結果:
ll /root/.spamassassin/;
(注: 以當前用戶身份(root)掃描,會在家目錄下產生.spamassassin目錄和相關文件)
《解決方案》

第七節:建立Qmail的運行腳本===============================================================================
1) 建立Qmail的service運行腳本(qmail-pop3d,qmail-smtpd和qmail-send)
===============================================================================
如果下列相關目錄尚未建立,請先建立:
mkdir /service;        (此目錄應該在安裝daemontools時自動產生)
mkdir -p /var/qmail/supervise/qmail-pop3d/log;
mkdir -p /var/qmail/supervise/qmail-smtpd/log;
mkdir -p /var/qmail/supervise/qmail-send/log;
vi /var/qmail/supervise/qmail-pop3d/run;
-------------------------------------------------------------------------------
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec tcpserver -H -R -v -c 100 0 110 qmail-popup home.uplooking.com \
/home/vpopmail/bin/vchkpw qmail-pop3d Maildir 2>&1
-------------------------------------------------------------------------------

vi /var/qmail/supervise/qmail-pop3d/log/run;
-------------------------------------------------------------------------------
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec setuidgid qmaill multilog t s1000000 n20 /var/log/qmail/qmail-pop3d 2>&1
-------------------------------------------------------------------------------

vi /var/qmail/supervise/qmail-smtpd/run;
-------------------------------------------------------------------------------
#!/bin/sh
export BASE64=""
export QHPSI="clamdscan"
export QHPSIARG1="--no-summary"
export REPLY554="{virus found} http://www.fehcom.de/emailolicy.html]"
export BADMIMETYPE=""
export BADLOADERTYPE="M"
export SMTPAUTH=""
export BOUNCEMAXBYTES=""
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exit 1
fi
exec softlimit -m 30000000 \
tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp rblsmtpd \
/var/qmail/bin/qmail-smtpd \
/home/vpopmail/bin/vchkpw /bin/true 2>&1
-------------------------------------------------------------------------------

vi /var/qmail/supervise/qmail-smtpd/log/run;
-------------------------------------------------------------------------------
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec setuidgid qmaill multilog t s1000000 n20 /var/log/qmail/qmail-smtpd 2>&1
-------------------------------------------------------------------------------

vi /var/qmail/supervise/qmail-send/run;
-------------------------------------------------------------------------------
#!/bin/sh
exec /var/qmail/rc
-------------------------------------------------------------------------------

vi /var/qmail/supervise/qmail-send/log/run;
-------------------------------------------------------------------------------
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec setuidgid qmaill multilog t s1000000 n20 /var/log/qmail/qmail-send 2>&1
-------------------------------------------------------------------------------

設置上述腳本的執行權限:
chmod 751 /var/qmail/supervise/qmail-pop3d/run;
chmod 751 /var/qmail/supervise/qmail-pop3d/log/run;
chmod 751 /var/qmail/supervise/qmail-smtpd/run;
chmod 751 /var/qmail/supervise/qmail-smtpd/log/run;
chmod 751 /var/qmail/supervise/qmail-send/run;
chmod 751 /var/qmail/supervise/qmail-send/log/run;
===============================================================================


===============================================================================
2) 建立Qmail的運行控制腳本rc和服務控制腳本qmailctl;
===============================================================================
vi /var/qmail/rc;
-------------------------------------------------------------------------------
#!/bin/sh
exec env - PATH="/var/qmail/bin;$PATH" \
qmail-start "`cat /var/qmail/control/defaultdelivery`"
-------------------------------------------------------------------------------
chmod 755 /var/qmail/rc;

vi /var/qmail/bin/qmailctl;
-------------------------------------------------------------------------------
#!/bin/sh
# For Red Hat chkconfig
# chkconfig: - 80 30
# description: the qmail MTA
PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin
export PATH
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
case "$1" in
start)
echo "Starting qmail..."
echo ""
if svok /service/qmail-send ; then
svc -u /service/qmail-send /service/qmail-send/log
echo "Starting qmail-send"
else
echo "qmail-send supervise not running"
fi
if svok /service/qmail-smtpd ; then
svc -u /service/qmail-smtpd /service/qmail-smtpd/log
echo "Starting qmail-smtpd"
else
echo "qmail-smtpd supervise not running"
fi
if svok /service/qmail-pop3d ; then
svc -u /service/qmail-pop3d /service/qmail-pop3d/log
echo "Starting qmail-pop3d"
else
echo "qmail-pop3d supervise not running"
fi
if [ -d /var/lock/subsys ]; then
touch /var/lock/subsys/qmail
fi
;;
stop)
echo "Stopping qmail..."
echo ""
echo " qmail-smtpd"
svc -d /service/qmail-smtpd /service/qmail-smtpd/log
echo " qmail-send"
svc -d /service/qmail-send /service/qmail-send/log
echo " qmail-pop3d"
svc -d /service/qmail-pop3d /service/qmail-pop3d/log
if [ -f /var/lock/subsys/qmail ]; then
rm /var/lock/subsys/qmail
fi
;;
stat)
svstat /service/qmail-send
svstat /service/qmail-send/log
svstat /service/qmail-smtpd
svstat /service/qmail-smtpd/log
svstat /service/qmail-pop3d
svstat /service/qmail-pop3d/log
qmail-qstat
;;
doqueue|alrm|flush)
echo "Flushing timeout table and sending ALRM signal to qmail-send."
/var/qmail/bin/qmail-tcpok
svc -a /service/qmail-send
;;
queue)
qmail-qstat
qmail-qread
;;
reload|hup)
echo "Sending HUP signal to qmail-send."
svc -h /service/qmail-send
;;
pause)
echo "Pausing qmail-send"
svc -p /service/qmail-send
echo "Pausing qmail-smtpd"
svc -p /service/qmail-smtpd
echo "Pausing qmail-pop3d"
svc -p /service/qmail-pop3d
;;
cont)
echo "Continuing qmail-send"
svc -c /service/qmail-send
echo "Continuing qmail-smtpd"
svc -c /service/qmail-smtpd
echo "Continuing qmail-pop3d"
svc -c /service/qmail-pop3d
;;
restart)
echo "Restarting qmail:"
echo "* Stopping qmail-smtpd."
svc -d /service/qmail-smtpd /service/qmail-smtpd/log
echo "* Sending qmail-send SIGTERM and restarting."
svc -t /service/qmail-send /service/qmail-send/log
echo "* Sending qmail-pop3d SIGTERM and restarting."
svc -t /service/qmail-pop3d /service/qmail-pop3d/log
echo "* Restarting qmail-smtpd."
svc -u /service/qmail-smtpd /service/qmail-smtpd/log
;;
cdb)
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
chmod 644 /etc/tcp.smtp.cdb
echo "Reloaded /etc/tcp.smtp."
;;
help)
cat <<HELP
stop -- stops mail service (smtp connections refused, nothing goes out)
start -- starts mail service (smtp connection accepted, mail can go out)
pause -- temporarily stops mail service (connections accepted, nothing leaves)
cont -- continues paused mail service
stat -- displays status of mail service
cdb -- rebuild the tcpserver cdb file for smtp
restart -- stops and restarts smtp, sends qmail-send a TERM & restarts it
doqueue -- schedules queued messages for immediate delivery
reload -- sends qmail-send HUP, rereading locals and virtualdomains
queue -- shows status of queue
alrm -- same as doqueue
flush -- same as doqueue
hup -- same as reload
HELP
;;
*)
echo "Usage: $0 {start|stop|restart|doqueue|flush|reload|stat|pause|cont|cdb|queue|help}"
exit 1
;;
esac

exit 0

-------------------------------------------------------------------------------
chmod 755 /var/qmail/bin/qmailctl;
ln -s /var/qmail/bin/qmailctl /usr/bin;
《解決方案》

不錯,我的安裝后,殺毒軟體有點問題。
我會好好學習學習你的。謝謝!




[火星人 via ] 在CentOS5/RHEL5中安裝Qmail商業郵件系統(轉發)已經有279次圍觀

http://www.coctec.com/docs/service/show-post-22190.html