postfix郵件系統0511

postfix郵件系統0511

as4+postfix+cyrus-sasl+mysql+postfixadmin+courier-imap+courier-maildrop+squirrelmail+clamav+spamassassin+amavisd-new

轉載請註明出處
最後更新日期：2005年11月5日
2004年10左右成稿

我以前那篇文章中密碼加密有問題（密碼一加密，smtp認證就通不過），所以利用這個周末更新一下。這次sasl密碼驗證機制改為authdaemond（感謝網友606），並把測試部分單獨列出來。很多人問起我的安裝環境，我安裝linux的時候，只選了開發工具，其他的都沒選，還有，這些軟體包安裝的時候都沒有依賴性問題，有的話，我也提出來了。

1.安裝 mysql 5.0.15
# wget http://dev.mysql.com/get/Downloads/MySQL-5.0/mysql-5.0.15.tar.gz/from/http://mysql.new21.com/
# tar zxvf mysql-5.0.15.tar.gz
# cd cd mysql-5.0.15
# groupadd mysql
# useradd -g mysql mysql
# CFLAGS="-O3" CXX=gcc CXXFLAGS="-O3 -felide-constructors -fno-exceptions -fno-rtti" \
./configure --prefix=/usr/local/mysql \
--enable-assembler --with-mysqld-ldflags=-all-static --with-charset=gbk
# make
# make install
# cp support-files/my-medium.cnf /etc/my.cnf

設置自啟動
# cp support-files/mysql.server /etc/rc.d/init.d/mysqld
# chmod 755 /etc/rc.d/init.d/mysqld
# chkconfig --add mysqld

安裝完以後要初始化資料庫
# cd /usr/local/mysql
# /usr/local/mysql/bin/mysql_install_db --user=mysql
# chown -R root .
# chown -R mysql var
# chgrp -R mysql .

好了，至此mysql安裝完畢，你可以這樣起動你的mysql服務
# service mysqld start

為了能讓系統找到mysql，請運行如下命令
# PATH=$PATH:/usr/local/mysql/bin
# export PATH
# echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf
# ldconfig

2.安裝 apache 2.0.55
# wget http://apache.freelamp.com/httpd/httpd-2.0.55.tar.bz2
# tar jxvf httpd-2.0.55.tar.bz2
# cd httpd-2.0.55
# ./configure --prefix=/usr/local/apache
# make
# make install

設置自啟動
# cp support/apachectl /etc/init.d/httpd

修改/etc/init.d/httpd
# vi /etc/init.d/httpd(前面幾行改成如下樣子)
#!/bin/sh
#
# Startup script for the Apache Web Server
# chkconfig: - 85 15
# description: Apache is a World Wide Web server. It is used to serve \
# HTML files and CGI.
# processname: httpd
# pidfile: /usr/local/apache/log/httpd.pid
# config: /usr/local/apache/conf/httpd.conf

# chkconfig --add httpd
# chmod 755 /etc/init.d/httpd
# chkconfig httpd on

創建網頁根目錄
# mkdir /var/www

修改apache配置文件
# vi /usr/local/apache/conf/httpd.conf
//存放網頁的目錄,原來為DocumentRoot ""，改成：
DocumentRoot "/var/www"
//這句應該和DocumentRoot 的目錄保持一致，原來為<Directory "">，改成：
<Directory "/var/www">
//Indexes：當在目錄中找不到DirectoryIndex列表中指定的文件就生成當前目錄的文件列表
//FollowSymlinks：允許符號鏈接跟隨，訪問不在本目錄下的文件
Options Indexes FollowSymLinks
//禁止讀取.htaccess配置文件的內容
AllowOverride None
//指定先執行Allow（允許）訪問規則，再執行Deny（拒絕）訪問規則
Order allow,deny
//設置Allow（允許）訪問規則，允許所有連接
Allow from all
</Directory>

啟動服務
# service httpd start

3.安裝php 4.4.1
# wget http://cn.php.net/get/php-4.4.1.tar.bz2/from/this/mirror
# tar jxvf php-4.4.1.tar.bz2
# cd php-4.4.1
# ./configure \
--prefix=/usr/local/php \
--with-mysql=/usr/local/mysql \
--with-apxs2=/usr/local/apache/bin/apxs
# make
# make install
# cp php.ini-dist /usr/local/php/lib/php.ini

# vi /usr/local/php/lib/php.ini
;default_charset = "iso-8859-1"
在這行下面加一行
default_charset = "gbk"

# vi /usr/local/apache/conf/httpd.conf
找到#AddType application/x-tar .tgz 這行，在下面加兩行
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
找到下面一行在後面加上index.php，這表示網站的默認頁也能夠為index.php
DirectoryIndex index.html index.html.var index.php
注意：改變了http.conf后，要重啟apache服務

4.安裝 cyrus-sasl 2.1.21
先關閉as4默認安裝的sasl
# mv /usr/lib/sasl /usr/lib/sasl.OFF
# mv /usr/lib/sasl2 /usr/lib/sasl2.OFF

編譯安裝cyrus-sasl2.1.21
# wget http://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.21.tar.gz
# tar zxvf cyrus-sasl-2.1.21.tar.gz
# cd cyrus-sasl-2.1.21
# ./configure \
--disable-anon -enable-plain --enable-login \
--enable-sql --with-mysql=/usr/local/mysql \
--with-mysql-includes=/usr/local/mysql/include/mysql \
--with-mysql-libs=/usr/local/mysql/lib/mysql \
--with-authdaemond
# make
# make install

更新lib庫
# echo "/usr/local/lib" >> /etc/ld.so.conf
# ldconfig

重要
# ln -s /usr/local/lib/sasl2 /usr/lib/sasl2

5.安裝postfix 2.2.5
如果你的系統上原來有sendmail，先將其停止並將其文件改名
# /etc/init.d/sendmail stop
# chkconfig --level 0123456 sendmail off
# mv /usr/bin/newaliases /usr/bin/newaliases.orig
# mv /usr/bin/mailq /usr/bin/mailq.orig
# mv /usr/sbin/sendmail /usr/sbin/sendmail.orig

開始安裝
# groupadd -g 12345 postfix
# useradd -u 12345 -g 12345 -c postfix -d/dev/null -s/sbin/nologin postfix
# groupadd -g 54321 postdrop
# wget ftp://postfix.cn99.com/postfix/official/postfix-2.2.5.tar.gz
# tar zxvf postfix-2.2.5.tar.gz
# cd postfix-2.2.5
(Building Postfix with SASL authentication and mysql support)
# make -f Makefile.init makefiles \
'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH -I/usr/local/include/sasl' \
'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient -lz -lm -L/usr/local/lib -lsasl2'
# make install

注意：
    本例中Mysql安裝在/usr/lcoal/mysql，sasl2安裝在/usr/lib/sasl2。如果安裝路徑不同，請自行修改編譯時CCARGS和AUXLIBS選項。
    在執行make install的時候可能會得到如下的提示：
/usr/libexec/ld-elf.so.1: Shared object "libmysqlclient.so.12" not found
    這是因為mysql不是安裝在默認目錄中的，所以需要告訴postfix應該到哪裡去找libmysqlclient.so.12，使用ldconfig就可以達到這個目的
# echo /usr/local/mysql/lib/mysql >> /etc/ld.so.conf
# ldconfig

6.安裝postfixadmin 2.1.0
建立apache和maildrop的用戶和組
# groupadd vmail -g 1001
# useradd vmail -u 1001 -g 1001 -s/sbin/nologin -d/dev/null

# vi /usr/local/apache/conf/httpd.conf
把
User nobody
Group #-1
改為
User vmail
Group vmail

# wget http://high5.net/postfixadmin/download.php?file=postfixadmin-2.1.0.tgz
# tar -zxvf postfixadmin-2.1.0.tgz
# mv postfixadmin-2.1.0 /var/www/postfixadmin
更改許可權，假定運行apache的用戶和組為vmail
# chown -R vmail:vmail /var/www/postfixadmin
# cd /var/www/postfixadmin
# chmod 640 *.php *.css
# cd /var/www/postfixadmin/admin/
# chmod 640 *.php .ht*
# cd /var/www/postfixadmin/images/
# chmod *.png
# cd /var/www/postfixadmin/languages/
# chmod 640 *.lang
# cd /var/www/postfixadmin/templates/
# chmod 640 *.tpl
# cd /var/www/postfixadmin/users/
# chmod 640 *.php

建立mysql表
# cd /var/www/postfixadmin
# mysql -u root < DATABASE_MYSQL.TXT
# cp config.inc.php.sample config.inc.php
# vi config.inc.php
本例中的配置如下：
$CONF['default_language'] = 'cn';
$CONF['database_type'] = 'mysql';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfixadmin';
$CONF['database_password'] = 'postfixadmin';
$CONF['database_name'] = 'postfix';
$CONF['encrypt'] = 'md5crypt';
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';
$CONF['quota'] = 'YES';
$CONF['quota_multiplier'] = '1024000';

郵箱的存儲格式使用domain.ltd/username的形式，所以設置：
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';

然後打開瀏覽器，進入postfixadmin的歡迎界面，點擊網頁上的setup，看看檢查是否通過，記得要刪除setup.php文件。

# vi /etc/postfix/main.cf
#=====================BASE=========================
myhostname = www.test.com
mydomain = test.com
myorigin = $mydomain
mydestination = $myhostname localhost localhost.$mydomain
mynetworks = 127.0.0.0/8
inet_interfaces = all

#=====================Vritual Mailbox settings=========================
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:1001
virtual_gid_maps = static:1001
virtual_transport = maildrop
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1

#====================QUOTA========================
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes

#====================SASL========================
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_invalid_hostname,
  reject_non_fqdn_hostname,
  reject_unknown_sender_domain,
  reject_non_fqdn_sender,
  reject_non_fqdn_recipient,
  reject_unknown_recipient_domain,
  reject_unauth_pipelining,
  reject_unauth_destination,
  permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner=$myhostname ESMTP "Version not Available"

建立/var/mailbox並設置許可權
# mkdir /var/mailbox
# chown -R vmail:vmail /var/mailbox
# chmod -R ug+rwx,o-rwx /var/mailbox

建立/etc/postfix/mysql文件夾和MySQL查詢配置文件
# mkdir /etc/postfix/mysql
1、vi /etc/postfix/mysql/mysql_virtual_alias_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address

2、vi /etc/postfix/mysql/mysql_virtual_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = domain
select_field = description
where_field = domain
#additional_conditions = and backupmx = '0' and active = '1'

3、vi /etc/postfix/mysql/mysql_virtual_mailbox_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
#additional_conditions = and active = '1'

4、vi /etc/postfix/mysql/mysql_virtual_mailbox_limit_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = quota
where_field = username
#additional_conditions = and active = '1'

配置 /usr/local/lib/sasl2/smtpd.conf
sasl密碼驗證機製為authdaemond
# vi /usr/local/lib/sasl2/smtpd.conf
pwcheck_method:authdaemond
log_level:3
srp_mda:md5
password_format:crypt
mech_list:PLAIN LOGIN
authdaemond_path: /usr/local/var/spool/authdaemon/socket

7.安裝Courier-authlib 0.57
新版本的imap不再包含authentication library，必須先安裝 Courier authentication library
# wget http://www.courier-mta.org/beta/courier-authlib/courier-authlib-0.57.20051004.tar.bz2
# tar jxvf courier-authlib-0.57.20051004.tar.bz2
# cd courier-authlib-0.57.20051004
# ./configure \
--with-redhat \
--with-authmysql=yes \
--with-mailuser=vmail --with-mailgroup=vmail \
--with-mysql-libs=/usr/local/mysql/lib/mysql --with-mysql-includes=/usr/local/mysql/include/mysql/
# make
# make install
# make install-configure

重要
# chmod +x /usr/local/var/spool/authdaemon/

# vi /usr/local/etc/authlib/authdaemonrc
authmodulelist="authmysql"

# vi /usr/local/etc/authlib/authmysqlrc
MYSQL_SERVER localhost
MYSQL_SOCKET /tmp/mysql.sock
MYSQL_DATABASE postfix
MYSQL_USERNAME postfix
MYSQL_PASSWORD postfix
MYSQL_USER_TABLE mailbox
MYSQL_LOGIN_FIELD username
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD '1001'
MYSQL_GID_FIELD '1001'
MYSQL_HOME_FIELD '/var/mailbox/'
MYSQL_MAILDIR_FIELD maildir
MYSQL_NAME_FIELD name
MYSQL_QUOTA_FIELD concat(quota,'S')
MYSQL_WHERE_CLAUSE active='1'
DEFAULT_DOMAIN test.com
注意：確認在這個文件中不能用空格鍵（包括行尾），只能用tab鍵。
確認只使用單引號，比如：'/var/mailbox/','UID','GID'（本文為'1001'）
localhost不能用單引號
確認你的/etc/hosts文件中有localhost
編譯時如果支持Ipv6可能導致錯誤
MYSQL_GID_FIELD 和MYSQL_UID_FIELD是maildrop的UID和GID，而不是MySQL的

啟動服務
自啟動：
# cp courier-authlib.sysvinit /etc/rc.d/init.d/courier-authlib
# chmod 755 /etc/rc.d/init.d/courier-authlib
# chkconfig --level 0123456 courier-authlib on
手動啟動服務：
# authdaemond start

Go to top.

8.安裝Courier-imap 4.0.6
# wget http://www.courier-mta.org/beta/imap/courier-imap-4.0.6.20051004.tar.bz2
# tar jxvf courier-imap-4.0.6.20051004.tar.bz2
# cd courier-imap-4.0.6.20051004
# ./configure \
--prefix=/usr/local/imap \
--with-redhat \
--disable-root-check \
--enable-unicode=utf-8,iso-8859-1,gb2312,gbk,gb18030 \
--with-trashquota \
--with-dirsync
# make
# make install-strip （先install-strip，如果失敗，再make install）
# make install-configure

# vi /usr/local/imap/etc/pop3d
POP3DSTART=YES

# vi /usr/local/imap/etc/imapd
IMAPDSTART=YES

讓imap自啟動：
# cp courier-imap.sysvinit /etc/rc.d/init.d/courier-imap
# chmod 755 /etc/rc.d/init.d/courier-imap
# chkconfig --level 0123456 courier-imap on

Go to top.

9.安裝Courier-maildrop 2.0.1
先裝pcre
# wget http://optusnet.dl.sourceforge.net/sourceforge/pcre/pcre-6.3.tar.bz2
# tar jxvf pcre-6.3.tar.bz2
# cd pcre-6.3
# ./configure
# make
# make install

# wget http://optusnet.dl.sourceforge.net/sourceforge/courier/maildrop-2.0.1.tar.bz2
# tar jxvf maildrop-2.0.1.tar.bz2
# cd maildrop-2.0.1
# ./configure \
--prefix=/usr/local/maildrop \
--enable-sendmail=/usr/sbin/sendmail \
--enable-trusted-users='root vmail' \
--enable-syslog=1 \
--enable-maildirquota \
--enable-maildrop-uid=1001 \
--enable-maildrop-gid=1001 \
--with-trashquota \
--with-dirsync
# make
# make install
# cp /usr/local/maildrop/bin/maildrop /usr/bin
# chmod a+rx /usr/bin/maildrop

運行maildrop -v應該有如下提示信息：
maildrop 2.0.0 Copyright 1998-2005 Double Precision, Inc.
GDBM extensions enabled.
Courier Authentication Library extension enabled.
Maildir quota extension enabled.
This program is distributed under the terms of the GNU General Public
License. See COPYING for additional information.

新建/etc/maildroprc文件
# vi /etc/maildroprc
logfile "/var/mailbox/maildrop.log"
to "$HOME/$DEFAULT"

# chmod a+r /etc/maildroprc

配置Postfix
# vi /etc/postfix/master.cf
maildrop unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/local/maildrop/bin/maildrop -w 90 -d ${recipient}

由於maildrop沒有建立及刪除maildir的功能，因此由腳本實現（是否有什麼安全隱患？）
# vi /etc/sudoers
vmail ALL = NOPASSWD: /usr/sbin/maildirmake.sh , /usr/sbin/maildirdel.sh

新建/usr/sbin/maildirmake.sh文件
# vi /usr/sbin/maildirmake.sh
#!/bin/bash
set -e
if [ ! -d /var/mailbox/$1 ]
then
mkdir /var/mailbox/$1
fi
chown -R vmail:vmail /var/mailbox/$1
cd "/var/mailbox/$1"
/usr/local/imap/bin/maildirmake $2
chown -R vmail:vmail /var/mailbox/$1/$2

新建/usr/sbin/maildirdel.sh文件
# vi /usr/sbin/maildirmake.sh
#!/bin/bash
rm -rf /var/mailbox/$1/$2

# chmod 755 /usr/sbin/maildirmake.sh
# chmod 755 /usr/sbin/maildirdel.sh

更改postfixadmin目錄及postfixadmin/admin目錄下的create-mailbox.php文件
在這兩個文件的$tQuota = $CONF['maxquota'];行后加一行（postfixadmin/admin目錄下的大概在200行，postfixadmin目錄下的大概在？行）：
# vi /var/www/postfixadmin/admin/create-mailbox.php (vi /var/www/postfixadmin/create-mailbox.php)
system("sudo /usr/sbin/maildirmake.sh $fDomain ".$_POST['fUsername']);

更改postfixadmin目錄及postfixadmin/admin目錄下的delete.php文件
在這兩個文件的$result = db_query ("SELECT * FROM mailbox WHERE username='$fDelete' AND domain='$fDomain'");行后加幾行：
# vi /var/www/postfixadmin/admin/delete.php (vi /var/www/postfixadmin/delete.php)
$userarray=explode("@",$fDelete);
$user=$userarray;
$domain=$userarray;
system("sudo /usr/sbin/maildirdel.sh $domain $user");

10.測試
啟動所有服務
# service httpd start
# service mysqld start
# postfix start
# service courier-authlib start
# service courier-imap start

# netstat -ant | grep "LISTEN"
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 :::110 :::* LISTEN
tcp 0 0 :::143 :::* LISTEN
tcp 0 0 :::80 :::* LISTEN

在postfixadmin中建立一測試帳戶test@test.com

測試smtp
# perl -MMIME::Base64 -e 'print encode_base64("test\@test.com");'
dGVzdEB0ZXN0LmNvbQ==
# perl -MMIME::Base64 -e 'print encode_base64("test");'
dGVzdA==

# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 www.test.com ESMTP "Version not Available"
ehlo www.test.com
250-www.test.com
250-PIPELINING
250-SIZE 14336000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
auth login
334 VXNlcm5hbWU6
dGVzdEB0ZXN0LmNvbQ==
334 UGFzc3dvcmQ6
dGVzdA==
235 Authentication successful

測試POP3和IMAP
# telnet localhost 110
+OK Hello there
user test@test.com
+OK Password required.
pass test
+OK Logged in.
quit
+OK bye-bye

測試maildrop
# maildrop -V 9 -d test@test.com
maildrop: authlib: groupid=1001
maildrop: authlib: userid=1001
maildrop: authlib: logname=test@test.com, home=/var/mailbox/, mail=test.com/test/
maildrop: Changing to /var/mailbox/

ctrl+c退出

Go to top.

11.webmail

11.1.安裝squirrelmail 1.4.5
下載squirrelmail及中文包
# wget http://keihanna.dl.sourceforge.net/sourceforge/squirrelmail/squirrelmail-1.4.5.tar.bz2
# wget http://optusnet.dl.sourceforge.net/sourceforge/squirrelmail/zh_CN-1.4.5-20050904.tar.bz2
把squirreelmail解壓到/var/www目錄下。
# tar jxvf squirrelmail-1.4.5.tar.bz2 -C /var/www/
# mv /var/www/squirrelmail-1.4.5/ /var/www/squirrelmail
解壓中文包
# tar jxvf zh_CN-1.4.5-20050904.tar.bz2 -C /var/www/squirrelmail/

在配置squirrelmail之前先下載三個插件：
Quota Usage Version 1.3
# wget http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fquota_usage-1.3-1.2.7.tar.gz
Compatibility Version 2.0.2
# wget http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fcompatibility-2.0.2.tar.gz
Change MySQL Password Version 3.2
# wget http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fchange_mysqlpass-3.2-1.2.8.tar.gz

把這三個插件解壓到squirrelmail的plugin目錄下
# tar zxvf quota_usage-1.3-1.2.7.tar.gz -C /var/www/squirrelmail/plugins/
# tar zxvf compatibility-2.0.2.tar.gz -C /var/www/squirrelmail/plugins/
# tar zxvf change_mysqlpass-3.2-1.2.8.tar.gz -C /var/www/squirrelmail/plugins/
第一個插件是用來顯示郵箱的使用情況的；第二個和第三個插件是用來修改密碼的。
如果不想裝這些插件，請跳過。

配置Quota Usage
# cd /var/www/squirrelmail/plugins/quota_usage
# cp config.php.sample config.php

配置Change MySQL Password
# cd /var/www/squirrelmail/plugins/change_mysqlpass
# cp config.php.sample config.php
# vi config.php
更改如下幾個變數：
$mysql_database = 'postfix';
$mysql_table = 'mailbox';
$mysql_userid_field = 'username';
$mysql_password_field ='password';
$mysql_manager_id = 'postfix';
$mysql_manager_pw = 'postfix';
$mysql_unixcrypt = 0;
$mysql_MD5crypt = 1;
$use_ssl_for_password_change = 0;

配置squirrelmail
# cd /var/www/squirrelmail
# ./configure
進入10. Languages
把1. Default Language : 的en_US改成zh_CN。
進入8. Plugins，添加這三個插件

# chown -R vmail:vmail /var/www/squirrelmail/data/
# chmod -R 730 /var/www/squirrelmail/data/

打開瀏覽器輸入http://192.168.0.5/squirrelmail/，用test@test.com登陸，你將會在屏幕的左上角看到郵箱的使用情況，你還會看到一條警告信息：
Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /var/www/squirrelmail/plugins/change_mysqlpass/functions.php on line 129
這是由於資料庫結構不一致造成的，你只要把functions.php中的129行註釋調即可（在行首加//）

Go to top.

12.安裝clamav 0.87
# wget http://optusnet.dl.sourceforge.net/sourceforge/clamav/clamav-0.87.tar.gz
# tar zxvf clamav-0.87.tar.gz
# cd clamav-0.87
# groupadd clamav
# useradd -g clamav -s/sbin/nologin -d/dev/null clamav
# ./configure --prefix=/usr/local/clamav --with-dbdir=/usr/local/share/clamav --disable-zlib-vcheck
# make
# make check
# make install

編輯/usr/local/clamav/etc/clamd.conf
# vi /usr/local/clamav/etc/clamd.conf
#Verbose logging with syslog
LogSyslog
LogVerbose
LogFacility LOG_MAIL
LogFile /var/log/clamav/clamd.log
#Change pid file location
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /usr/local/share/clamav
#Set the clamav socket
LocalSocket /var/run/clamav/clamd
#Close the connection when this limit is exceeded
StreamMaxLength 10M
#Don't run clamd as root
User amavis
#Newer versions require you to uncomment this
ScanMail
ScanArchive

編輯/usr/local/clamav/etc/freshclam.conf
# vi /usr/local/clamav/etc/freshclam.conf
DatabaseDirectory /usr/local/share/clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogSyslog
LogVerbose
DatabaseOwner amavis
#Check for updates every two hours. That is the official recommendation
Checks 12
DatabaseMirror db.CN.clamav.net
DatabaseMirror database.clamav.net
NotifyClamd

注意：一定要註釋掉上面兩個文件中Example那行

添加amavis用戶和組
# groupadd amavis
# useradd -g amavis -s /sbin/nologin -d /dev/null amavis

創建日誌文件夾並設置許可權
# mkdir /var/log/clamav
# chmod -R 744 /var/log/clamav
# chown -R amavis:amavis /var/log/clamav

# chown -R amavis.amavis /usr/local/share/clamav
# mkdir /var/run/clamav
# chmod 700 /var/run/clamav
# chown amavis.amavis /var/run/clamav

手動更新病毒庫
# /usr/local/clamav/bin/freshclam

啟動
# /usr/local/clamav/sbin/clamd

Go to top.

13.安裝amavisd-new 2.3.3

# wget http://www.ijs.si/software/amavisd/amavisd-new-2.3.3.tar.gz
# tar zxvf amavisd-new-2.3.3.tar.gz
# cd amavisd-new-2.3.3

# mkdir -p /var/amavis /var/amavis/tmp /var/amavis/var /var/amavis/db
# chown -R amavis:amavis /var/amavis
# chmod -R 750 /var/amavis

# cp amavisd /usr/local/sbin/
# chown root /usr/local/sbin/amavisd
# chmod 755 /usr/local/sbin/amavisd

# cp amavisd.conf /etc/
# chown root /etc/amavisd.conf
# chmod 644 /etc/amavisd.conf

# cp amavisd_init.sh /etc/rc.d/init.d/amavisd
# chmod 744 /etc/rc.d/init.d/amavisd
# chkconfig --add amavisd
# chkconfig amavisd on
# vi /etc/rc.d/init.d/amavisd
prog="/usr/local/sbin/amavisd"

病毒郵件存放目錄
# mkdir /var/virusmails
# chown amavis:amavis /var/virusmails
# chmod 750 /var/virusmails

Go to top.

編輯/etc/amavisd.conf，修改下面這幾行
# vi /etc/amavisd.conf
$max_servers=8;
$daemon_user = 'amavis';
$daemon_group = 'amavis';
$mydomain = 'test.com';
$db_home = "$MYHOME/db";
$inet_socket_port = 10024;
$sa_tag_level_deflt = -100;
$sa_tag2_level_deflt = 6.3;
$sa_kill_level_deflt = $sa_tag2_level_deflt;
$virus_admin = "virusalert\@$mydomain";
$sa_spam_subject_tag = '***SPAM*** ';
$notify_method = $forward_method;
$forward_method = 'smtp:127.0.0.1:10025';
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_DISCARD;
['ClamAV-clamd',
  \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
  qr/\bOK$/, qr/\bFOUND$/,
  qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

測試amavis
# /usr/local/sbin/amavisd debug
ERROR: MISSING REQUIRED BASIC MODULES:
Time::HiRes
IO::Wrap
Unix::Syslog
Mail::Field
MIME::Words
Net::Server
BEGIN failed--compilation aborted at /usr/local/sbin/amavisd line 141.
根據出錯提示，缺什麼裝什麼，我的LANG變數為en_US.UTF-8
# perl -MCPAN -e shell
cpan> install Time::HiRes
cpan> install IO::Wrap
cpan> install Unix::Syslog
cpan> install Mail::Field
cpan> install Compress::Zlib
cpan> install MIME::Words
cpan> install Net::Server
cpan> install BerkeleyDB
cpan> install Convert::TNEF
cpan> install Convert::UUlib
cpan> install Archive::Tar
cpan> install Archive::Zip
cpan> install HTML::Parser
cpan> install DB_File
cpan> install Net::DNS (提示是否test, 選擇no)
cpan> install Digest::SHA1
cpan> install Mail::SpamAssassin (# export LANG=en_US)

期間MIME安裝會失敗，只好手動安裝，跳過測試
# cd /root/.cpan/build/MIME-tools-5.418/
# perl Makefile.PL
# make install

啟動
# /usr/local/sbin/amavisd start 或
# service amavisd start

Go to top.

設置postfix
修改/etc/postfix/main.cf
# vi /etc/postfix/main.cf (加入一行)
content_filter = amavis:127.0.0.1:10024
修改/etc/postfix/master.cf
# vi /etc/postfix/master.cf (在最後加上)
# amavisd-new
amavis unix - - n - 2 smtp
  -o smtp_data_done_timeout=1200
  -o smtp_send_xforward_command=yes
  -o disable_dns_lookups=yes

localhost:10025 inet n - n - - smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o relay_recipient_maps=
  -o mynetworks=127.0.0.0/8
  -o smtpd_helo_restrictions=
  -o smtpd_client_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o strict_rfc821_envelopes=yes
  -o smtpd_error_sleep_time=0
  -o smtpd_soft_error_limit=1001
  -o smtpd_hard_error_limit=1000

重新服務
# service postfix restart
# service clamd restart
# service amavisd restart

# netstat -ant | grep LISTEN (應該可以看到這兩個埠在監聽)
127.0.0.1.10024 *.* 0 0 49152 0 LISTEN
127.0.0.1.10025 *.* 0 0 49152 0 LISTEN

Go to top.

14.安裝Spamassassin
前面裝amavis的時候已經裝好了，如果沒裝，請按如下方式安裝

啟動spamd
# /usr/bin/spamd --daemonize --pidfile /var/run/spamd.pid

下載中文垃圾垃圾郵件過濾規則Chinese_rules.cf
# wget -N -P /usr/share/spamassassin www.ccert.edu.cn/spam/sa/Chinese_rules.cf

每次更新Chinese_rules.cf需要重啟spamd方法如下
# kill -HUP `cat /var/run/spamd.pid`

自動更新中文垃圾垃圾郵件過濾規則
# vi /etc/crontab (加一行)
0 0 1 * * root wget -N -P /usr/share/spamassassin www.ccert.edu.cn/spam/sa/Chinese_rules.cf;kill -HUP `cat /var/run/spamd.pid`

測試病毒掃描
給該test@test.com用戶發送郵件,包含以下內容:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
查看日誌，如果出現類似如下提示，則表明成功
Nov 6 22:06:20 localhost postfix/smtp: 9CEB657E22: to=<test@test.com>, relay=127.0.0.1, delay=2, status=sent (250 2.7.1 Ok, discarded, id=18262-01 - VIRUS: Eicar-Test-Signature)
郵件病毒掃描日誌將被記錄在/var/log/clamav/clamav.log中!

測試垃圾郵件掃描
給test@test.com用戶發送郵件,包含以下內容:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
查看日誌，如果出現類似如下提示，表明成功
Nov 6 22:10:51 localhost amavis: (18263-01) Blocked SPAM, LOCAL <test@test.com> -> <test@test.com>, quarantine: spam-JH2LSCT1MLYg.gz, Message-ID: <1451.192.168.1.10.1131286248.squirrel@192.168.1.21>, mail_id: JH2LSCT1MLYg, Hits: 1005.902, 3591 ms

Go to top.

15.啟動腳本
postfix的啟動腳本：
# cat /etc/rc.d/init.d/postfix
=================================================================
#!/bin/bash
#
# mailsys This shell script takes care of starting and stopping Postfix
# author : xingyu.wang <wxy@cngnu.org> 2004/1/28
#
# chkconfig: 2345 80 30
# description: Postfix is a Mail Transport Agent, which is the program
# that moves mail from one machine to another.
#
# processname: mailsys
# pidfile: /var/run/postfix.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -f /usr/sbin/postfix ] || exit 0
RETVAL=0
prog="Postfix"

start() {
# Start daemons.
echo -n $"Starting $prog: "
/usr/sbin/postfix start > /dev/null 2>&1 &

RETVAL=$?

if [ $RETVAL -eq 0 ]; then
touch /var/lock/subsys/postfix
success $"$prog start"
else
failure $"$prog start failure"
fi

echo
return $RETVAL
}

stop() {
# Stop daemons.
echo -n $"Shutting down $prog: "
/usr/sbin/postfix stop > /dev/null 2>&1 &
RETVAL=$?

if [ $RETVAL -eq 0 ]; then
rm -f /var/lock/subsys/postfix
success $"$prog stop"
else
failure $"$prog stop failure"
fi

echo
return $RETVAL
}

# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload)
stop
start
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart}"
exit 1
esac
exit $RETVA

# chmod 755 /etc/rc.d/init.d/postfix
# chkconfig --level 2345 postfix on

clamav的啟動腳本
# vi /etc/rc.d/init.d/clamd
=================================================================
#! /bin/bash
#
# crond Start/Stop the clam antivirus daemon.
#
# chkconfig: 2345 90 60
# description: clamdis a standard UNIX program that scans for Viruses.
# processname: clamd
# config: /usr/local/clamav/etc/clamd.conf
# pidfile: /var/run/clamav/clamd.pid

# Source function library.
. /etc/rc.d/init.d/functions

RETVAL=0

# See how we were called.

prog="clamd"
progdir="/usr/local/clamav/sbin"

# Source configuration
if [ -f /etc/sysconfig/$prog ] ; then
. /etc/sysconfig/$prog
fi

start() {
echo -n $"Starting $prog: "
daemon $progdir/$prog
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/run/clamav/clamd.pid
return $RETVAL
}

stop() {
echo -n $"Stopping $prog: "
killproc $prog
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/run/clamav/clamd.pid
return $RETVAL
}

rhstatus() {
status clamd
}

restart() {
stop
start
}

reload() {
echo -n $"Reloading clam daemon configuration: "
killproc clamd -HUP
retval=$?
echo
return $RETVAL
}

case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload)
reload
;;
status)
rhstatus
;;
condrestart)
[ -f /var/lock/subsys/clamd ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|status|reload|restart|condrestart}"
exit 1
esac

exit 0


# chmod 755 /etc/rc.d/init.d/clamd
# chkconfig --add clamd
# chkconfig clamd on

Go to top.



heracai@126.com

好，希望更多人分享心得。

論壇改版了，真受不了，發個長的還這麼麻煩。

樓主辛苦了，感謝。。。。。。。。。。。
您完整配置這個伺服器要很久吧。。
有一問題想請教一下，您在安裝時像這樣之類的CFLAGS="-O3" CXX=gcc CXXFLAGS="-O3 -felide-constructors -fno-exceptions -fno-rtti" \
./configure --prefix=/usr/local/mysql \
--enable-assembler --with-mysqld-ldflags=-all-static --with-charset=gbk
一些配置參數，您是怎麼知道的，是在安裝說明中看到的，還是總結出來的。因為看了之後有些地方的參數不明白其意思，只能照著做了，不但要知其然，更想知其所以然。想學習樓主的思路，不僅僅是操作。
再次感謝樓主精彩的文章。
學習中。。。。。。。。。

我也是看安裝說明的,具體什麼意思就不知道了,還請高人解釋一下。

Tags: