歡迎您光臨本站 註冊首頁

FREEBSD上的使用POSTFIX的反垃圾反病毒郵件系統

←手機掃碼閱讀     火星人 @ 2014-03-05 , reply:0

FREEBSD上的使用POSTFIX的反垃圾反病毒郵件系統

POSTFIX下的反垃圾反病毒郵件系統   

--------------------------------------------------------------------------------


使用版本為
hawk# uname -a
FreeBSD hawk.the9.com 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003 root@freebsd-stable.sentex.ca:/usr/obj/usr/src/sys/GENERIC i386
                       
1.分區:
1G        /
1G        swap  
3G        /var   郵件存儲在這裡所以設置比較大
1G        /tmp
1G        /home
3G        /usr
剩下        /data

2.用戶
添加cnhawk用戶,口令另行約定,cnhawk用戶需加入wheel組,root口令另行約定

3. packages安裝
選擇最小化安裝
選中
在custom選項里選中
compat3x
compat4x
man
ports

4.rc.conf
設定:
sendmail_enable="NONE"
       
5. 安裝mysql
A.可以在ports中安裝
Cd /usr/ports/databases/mysql323-server
Make install
安裝的mysql的版本是mysql-3.23.58
B.以下是手動安裝mysql-3.23.55
1)添加mysql用戶組及mysql用戶
hawk# pw groupadd mysql
hawk# pw useradd mysql -g mysql -s /nonexistent
2)配置安裝
hawk# tar zxvf mysql-3.23.55.tar.gz
hawk# cd mysql-3.23.55
hawk# ./configure --prefix=/usr/local/mysql --with-low-memory \
--with-charset=gb2312 --without-debug
hawk# make
hawk# make install
hawk# scripts/mysql_install_db
hawk# chown -R root /usr/local/mysql
hawk# chown -R mysql /usr/local/mysql/var
hawk# chgrp -R mysql /usr/local/mysql
hawk# cp support-files/my-medium.cnf /etc/my.cnf
hawk# ln -s /usr/local/mysql/bin/safe_mysqld /usr/local/bin/safe_mysqld
hawk# ln -s /usr/local/mysql/bin/mysqladmin /usr/local/bin/mysqladmin
hawk# ln -s /usr/local/mysql/bin/mysql /usr/local/bin/mysql
hawk# ln -s /usr/local/mysql/lib/mysql /usr/local/lib/mysql
3)編輯用戶資料庫
以下是建庫的語句
use mysql;
#======================postfix==================================
INSERT INTO user (host,user,password) VALUES('localhost','postfix','');
update user set password=password('hawk') where User='postfix';
FLUSH PRIVILEGES;
GRANT ALL ON mail.* TO postfix@localhost IDENTIFIED BY "hawk";
#======================courier==================================
INSERT INTO user (host,user,password) VALUES ('localhost','courier','');
update user set password=password('hawk') where User='courier';
FLUSH PRIVILEGES;
GRANT select,insert,update on mail.* TO courier;
#=======================MAIL.SQL=================================

#Create mail database

CREATE DATABASE mail;
use mail;

#Create the aliases table

CREATE TABLE aliases (
alias varchar(255) NOT NULL default '',
rcpt varchar(255) default NULL,
PRIMARY KEY (alias)
) TYPE=MyISAM;

#Create the transport table

CREATE TABLE transport (
domain char(128) NOT NULL default '',
transport char(128) NOT NULL default '',
UNIQUE KEY domain (domain)
) TYPE=MyISAM;

#Create thevirtua_users table

CREATE TABLE virtual_users (
unique_id int(32) unsigned NOT NULL auto_increment,
id char(128) NOT NULL default '',
password char(128) default NULL,
uid int(10) unsigned default '2003',
gid int(10) unsigned default '2003',
home char(255) default NULL,
maildir char(255) default NULL,
date_add date default NULL,
time_add time default NULL,
domain char(128) default NULL,
name char(255) default NULL,
imapok tinyint(3) unsigned default '1',
quota char(255) default '10485760',
PRIMARY KEY (id),
KEY unique_id (unique_id)
) TYPE=MyISAM;

#Create address table //該部分是為使用igenus而增加的。

CREATE TABLE address (
id int(32) unsigned NOT NULL auto_increment,
unique_id int(32) NOT NULL default '0',
name char(255) NOT NULL default ' ',
email char(255) NOT NULL default ' ',
PRIMARY KEY (id),
key unique_id (unique_id)
) TYPE=MyISAM;
#==========================================================

4)設置自啟:
hawk# edit /usr/local/etc/rc.d/mysqld.sh
示例:mysqld.sh
#!/bin/sh
case "$1" in
start)
if [ -x /usr/local/mysql/bin/safe_mysqld ]; then
/usr/local/mysql/bin/safe_mysqld --user=mysql & >; /dev/null && echo -n ' mysqld'
fi
;;
stop)
/usr/bin/killall mysqld >; /dev/null 2>;&1 && echo -n ' mysqld'
;;
*)
echo ""
echo "Usage: `basename $0` { start | stop }"
echo ""
exit 64
;;
esac

hawk# chmod 755 /usr/local/etc/rc.d/mysqld.sh

6.安裝cyrus-sasl
1)安裝cyrus-sasl-2.1.12
hawk# tar -zxvf cyrus-sasl-2.1.12.tar.gz
hawk# cd cyrus-sasl-2.1.12
hawk# ./configure --disable-sample --disable-pwcheck --disable-cram \
--disable-digest --disable-krb4 --disable-gssapi --disable-anon \
--with-saslauthd=/var/run/saslauthd --enable-plain --enable-login
hawk# make
hawk# make install
hawk# ln -s /usr/local/lib/sasl2 /usr/lib/sasl2
2)配置sasl的lib庫
hawk# edit /etc/defaults/rc.conf
(在ldconfig_paths="/usr/loca/lib後面加上/usr/local/lib/sasl2")
hawk# shutdown -r now(使其生效)
3)運行saslauthd(如果使用pam直接認證,則該步驟可以省略)
示例saslauthd.sh
#!/bin/sh
case "$1" in
start)
if [ -x /usr/local/sbin/saslauthd ]; then
/usr/local/sbin/saslauthd -a pam >; /dev/null && echo -n ' saslauthd'
fi
;;
stop)
/usr/bin/killall saslauthd >; /dev/null 2>;&1 && echo -n ' saslauthd'
;;
*)
echo ""
echo "Usage: `basename $0` { start | stop }"
echo ""
exit 64
;;
Esac

hawk# mkdir /var/run/saslauthd
hawk# edit /usr/local/etc/rc.d/saslauthd.sh
hawk# chmod 755 /usr/local/etc/rc.d/saslauthd.sh
4)準備postfix認證的配置文件
A)使用pam直接認證:
hawk# echo pwcheck_method: pam >; /usr/local/lib/sasl2/smtpd.conf
B)使用saslauthd調用pam認證:
hawk# echo pwcheck_method: saslauthd >; /usr/lib/sasl2/smtpd.conf

7. 安裝 pam_mysql
安裝 pam_mysql-0.5 (由於採用源碼安裝編譯不能通過,故使用freebsd4.9 ports安裝)
1)安裝
hawk# pkg_add –r gmake (pam_mysql需要gmake)
hawk# cd /usr/ports/security/pam-mysql/
hawk# cp /usr/local/lib/pam_mysql.so /usr/lib/
2)配置pam.conf調用mysql支持sasl認證
hawk# edit /etc/pam.conf(將pop3 和imap的前面加上#)添加下列代碼:
smtp auth sufficient pam_mysql.so user=postfix passwd=hawk host=localhost db=mail table=virtual_users usercolumn=id passwdcolumn=password crypt=1
smtp account required pam_mysql.so user=postfix passwd=hawk host=localhost db=mail table=virtual_users usercolumn=id passwdcolumn=password crypt=1
(註:密碼使用crypt加密,如果使用明文密碼cyrpt=0,如果使用password()加密crypt=2)

8.安裝postfix
1)停止sendmail
hawk# mv /usr/bin/newaliases /usr/bin/newaliases.OFF
hawk# mv /usr/bin/mailq /usr/bin/mailq.OFF
hawk# mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF
hawk# mv /etc/rc.sendmail /etc/sendmail.OFF
hawk# edit /etc/rc.conf(在sendmail="YES"前面添加# )
2)添加postfix用戶
hawk# pw groupadd postfix -g 2003
hawk# pw groupadd postdrop -g 2004
hawk# pw useradd postfix -u 2003 -g 2003 -d /dev/null -s /nologin
3)安裝
安裝postfix-2.0.10.tar.gz
hawk# tar zxvf postfix-2.0.10.tar.gz
hawk# cd postfix-2.0.10
如果你的mysql是源碼編譯請用下面這個命令
hawk# make -f Makefile.init makefiles 'CCARGS=-DUSE_SASL_AUTH -DHAS_MYSQL -I/usr/local/mysql/include/mysql -I/usr/local/include/sasl' 'AUXLIBS=-L/usr/local/lib/ -L/usr/local/mysql/lib/mysql -lmysqlclient -lsasl2 -lz -lm'
如果你的mysql是ports安裝的請用下面這個命令
hawk# make -f Makefile.init makefiles 'CCARGS=-DUSE_SASL_AUTH -DHAS_MYSQL -I/usr/local/include/mysql -I/usr/local/include/sasl' 'AUXLIBS=-L/usr/local/lib/ -L/usr/local/lib/mysql -lmysqlclient -lsasl2 -lz -lm'
hawk# make
hawk# make install(第一次安裝使用此命令,安裝過程中如果提示錯誤則在提示選擇tmp的時候使用/tmp)
hawk# make upgrade(升級老版本使用此命令)
4)配置
hawk# echo 『postfix: root』 >;>; /etc/aliases
hawk# /usr/bin/newaliases
(註:如果提示postfix無法打開opiekeys文件則執行:#hawk chown postfix:postfix /etc/opiekeys)
A)編輯修改/etc/posftix/main.cf 示例:main.cf
#======= BASE ==============
myhostname = hawk.the9.com
mydomain = the9.com
home_mailbox=Maildir/
mydestination = $myhostname, $mydomain, $transport_maps
local_recipient_maps = 為空
mailbox_command= /usr/lib/courier-imap/bin/deliverquota -w 90 ~/Maildir
#======= MYSQL =============
transport_maps = mysql:/etc/postfix/transport.cf
virtual_gid_maps = mysql:/etc/postfix/gids.cf
virtual_mailbox_base = /var/mail
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual.cf
virtual_maps = mysql:/etc/postfix/mysql.aliases.cf
virtual_uid_maps = mysql:/etc/postfix/uids.cf
#======= Quota ============
message_size_limit = 2097152 //限制每次發郵件的大小 2MB
virtual_mailbox_limit_inbox = no
virtual_mailbox_limit_maps = mysql:/etc/postfix/mailboxsize-mysql.cf
virtual_mailbox_limit_override = yes
virtual_maildir_extended = yes
virtual_create_maildirsize = yes
virtual_mailbox_limit = 10485760 //總郵箱的大小 10MB
#====== SASL ================
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated permit_auth_destinatio reject
#smtpd_sasl_local_domain = $mydomain
smtpd_client_restrictions = permit_sasl_authenticated
B)確認/etc/postfix/master.cf的配置有如下內容
virtual unix - n n - - virtual
C)編輯/etc/posftix/transport.cf
示例:transport.cf
user = postfix
password = hawk
dbname = mail
table = transport
select_field = transport
where_field = domain
hosts = localhost
D)編輯/etc/postfix/gids.cf
示例:gids.cf
user = postfix
password= hawk
dbname = mail
table = virtual_users
select_field = gid
where_field = id
hosts = localhost
E)編輯/etc/postfix/uids.cf
示例:uids.cf
user = postfix
password= hawk
dbname = mail
table = virtual_users
select_field = uid
where_field = id
hosts = localhost
F)編輯/etc/posftix/mysql_virtual.cf
示例:mysql_virtual.cf
user = postfix
password= hawk
dbname = mail
table = virtual_users
select_field = maildir
where_field = id
hosts = localhost
G)編輯/etc/postfix/mysql.aliases.cf 示例:mysql.aliases.cf
user = postfix
password= hawk
dbname = mail
table = aliases
select_field = rcpt
where_field = alias
hosts = localhost
H)編輯/etc/postfix/mailboxsize-mysql.cf 示例:mailboxsize-mysql.cf
user = postfix
password = hawk
dbname = mail
table = virtual_users
select_field = quota
where_field = id
hosts = localhost
5)設置自啟動
hawk# edit /usr/local/etc/rc.d/postfix-server.sh
示例:postfix-server.sh
#!/bin/sh
case "$1" in
start)
if [ -x /usr/sbin/postfix ]; then
/usr/sbin/postfix start && echo -n ' postfix'
fi
;;
stop)
/usr/sbin/postfix stop && echo -n ' postfix'
;;
*)
echo ""
echo "Usage: `basename $0` { start | stop }"
echo ""
exit 64
;;
esac
hawk# chmod 755 /usr/local/etc/rc.d/postfix-server.sh

9.安裝expect.tar.gz(need tcl)
hawk# pkg_add tcl-8.3.5_2.tgz
hawk# tar zxvf expect-5.38.tar.gz
hawk# cd expect-5.38
hawk# ./configure --enable-threads --with-tcl=/usr/local/lib/tcl8.3 --with-tclinclude=/usr/local/include/tcl8.3
hawk# make
hawk# make install

10.安裝Courier-imap-1.7.1(need gmake、expect)
1、安裝
hawk# pkg_add  -r gmake 遠程安裝包
hawk# pw useradd cnhawk -g wheel(the software MUST run the configure script as normal user, not root)
hawk$ bunzip2 courier-imap-1.7.1.tar.bz2
hawk$ tar xvf courier-imap-1.7.1.tar
hawk$ cd courier-imap-1.7.1
如果你的mysql是源碼編譯請用下面這個命令
hawk$ ./configure --without-ipv6 --enable-unicode \
--enable-workarounds-for-imap-client-bugs \
--with-mysql-libs=/usr/local/mysql/lib/mysql \
--with-mysql-includes=/usr/local/mysql/include/mysql
如果你的mysql是ports安裝請用下面這個命令
Hawk$./configure --without-ipv6 --enable-unicode --enable-workarounds-for-imap-client-bugs --with-mysql-libs=/usr/local/lib/mysql --with-mysql-includes=/usr/local/include/mysql
hawk$ gmake
hawk# su root
hawk# gmake install
hawk# gmake install-configure
2)配置
編輯修改/usr/lib/courier-imap/etc/authmysqlrc 示例:authmysqlrc
##VERSION: $Id: authmysqlrc,v 1.10 2002/04/02 23:41:41 mrsam Exp $
#
# Copyright 2000 Double Precision, Inc. See COPYING for
# distribution information.
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
# authmysqlrc created from authmysqlrc.dist by sysconftool
#
# DO NOT INSTALL THIS FILE with world read permissions. This file
# might contain the MySQL admin password!
#
# Each line in this file must follow the following format:
#
# fieldvalue
#
# That is, the name of the field, followed by spaces or tabs, followed by
# field value. Trailing spaces are prohibited.

##NAME: LOCATION:0
#
# The server name, userid, and password used to log in.

MYSQL_SERVER localhost
MYSQL_USERNAME courier
MYSQL_PASSWORD hawk

##NAME: MYSQL_SOCKET:0
#
# MYSQL_SOCKET can be used with MySQL version 3.22 or later, it specifies the
# filesystem pipe used for the connection
#
MYSQL_SOCKET /tmp/mysql.sock

##NAME: MYSQL_PORT:0
#
# MYSQL_PORT can be used with MySQL version 3.22 or later to specify a port to
# connect to.

MYSQL_PORT 3306

##NAME: MYSQL_OPT:0
#
# Leave MYSQL_OPT as 0, unless you know what you're doing.

MYSQL_OPT 0

##NAME: MYSQL_DATABASE:0
#
# The name of the MySQL database we will open:

MYSQL_DATABASE mail

##NAME: MYSQL_USER_TABLE:0
#
# The name of the table containing your user data. See README.authmysqlrc
# for the required fields in this table.

MYSQL_USER_TABLE virtual_users

##NAME: MYSQL_CRYPT_PWFIELD:0
#
# Either MYSQL_CRYPT_PWFIELD or MYSQL_CLEAR_PWFIELD must be defined. Both
# are OK too. crypted passwords go into MYSQL_CRYPT_PWFIELD, cleartext
# passwords go into MYSQL_CLEAR_PWFIELD. Cleartext passwords allow
# CRAM-MD5 authentication to be implemented.

MYSQL_CRYPT_PWFIELD password

##NAME: MYSQL_CLEAR_PWFIELD:0
#
#
# MYSQL_CLEAR_PWFIELD clear

##NAME: MYSQL_DEFAULT_DOMAIN:0
#
# If DEFAULT_DOMAIN is defined, and someone tries to log in as 'user',
# we will look up 'user@DEFAULT_DOMAIN' instead.
#
#
# DEFAULT_DOMAIN example.com

##NAME: MYSQL_UID_FIELD:0
#
# Other fields in the mysql table:
#
# MYSQL_UID_FIELD - contains the numerical userid of the account
#
MYSQL_UID_FIELD uid

##NAME: MYSQL_GID_FIELD:0
#
# Numerical groupid of the account

MYSQL_GID_FIELD gid

##NAME: MYSQL_LOGIN_FIELD:0
#
# The login id, default is id. Basically the query is:
#
# SELECT MYSQL_UID_FIELD, MYSQL_GID_FIELD, ... WHERE id='loginid'
#

MYSQL_LOGIN_FIELD id

##NAME: MYSQL_HOME_FIELD:0
#

MYSQL_HOME_FIELD home

##NAME: MYSQL_NAME_FIELD:0
#
# The user's name (optional)

MYSQL_NAME_FIELD name

##NAME: MYSQL_MAILDIR_FIELD:0
#
# This is an optional field, and can be used to specify an arbitrary
# location of the maildir for the account, which normally defaults to
# $HOME/Maildir (where $HOME is read from MYSQL_HOME_FIELD).
#
# You still need to provide a MYSQL_HOME_FIELD, even if you uncomment this
# out.
#
MYSQL_MAILDIR_FIELD maildir

##NAME: MYSQL_QUOTA_FIELD:0
#
# Define MYSQL_QUOTA_FIELD to be the name of the field that can optionally
# specify a maildir quota. See README.maildirquota for more information
#
MYSQL_QUOTA_FIELD quota

##NAME: MYSQL_WHERE_CLAUSE:0
#
# This is optional, MYSQL_WHERE_CLAUSE can be basically set to an arbitrary
# fixed string that is appended to the WHERE clause of our query
#
MYSQL_WHERE_CLAUSE imapok=1

##NAME: MYSQL_SELECT_CLAUSE:0
#
# (EXPERIMENTAL)
# This is optional, MYSQL_SELECT_CLAUSE can be set when you have a database,
# which is structuraly different from proposed. The fixed string will
# be used to do a SELECT operation on database, which should return fields
# in order specified bellow:
#
# username, cryptpw, uid, gid, clearpw, home, maildir, quota, fullname
#
# Enabling this option causes ignorance of any other field-related
# options, excluding default domain.
#
# There are two variables, which you can use. Substitution will be made
# for them, so you can put entered username (local part) and domain name
# in the right place of your query. These variables are:
# $(local_part) and $(domain)
#
# If a $(domain) is empty (not given by the remote user) the default domain
# name is used in its place.
#
# This example is a little bit modified adaptation of vmail-sql
# database scheme:
#
# MYSQL_SELECT_CLAUSE SELECT popbox.local_part, \
# CONCAT('{MD5}', popbox.password_hash), \
# popbox.clearpw, \
# domain.uid, \
# domain.gid, \
# CONCAT(domain.path, '/', popbox.mbox_name), \
# '', \
# domain.quota, \
# '', \
# FROM popbox, domain \
# WHERE popbox.local_part = '$(local_part)' \
# AND popbox.domain_name = '$(domain)' \
# AND popbox.domain_name = domain.domain_name
#
##NAME: MYSQL_CHPASS_CLAUSE:0
#
# (EXPERIMENTAL)
# This is optional, MYSQL_CHPASS_CLAUSE can be set when you have a database,
# which is structuraly different from proposed. The fixed string will
# be used to do an UPDATE operation on database. In other words, it is
# used, when changing password.
#
# There are four variables, which you can use. Substitution will be made
# for them, so you can put entered username (local part) and domain name
# in the right place of your query. There variables are:
# $(local_part) , $(domain) , $(newpass) , $(newpass_crypt)
#
# If a $(domain) is empty (not given by the remote user) the default domain
# name is used in its place.
# $(newpass) contains plain password
# $(newpass_crypt) contains its crypted form
#
# MYSQL_CHPASS_CLAUSE UPDATE popbox \
# SET clearpw='$(newpass)', \
# password_hash='$(newpass_crypt)' \
# WHERE local_part='$(local_part)' \
# AND domain_name='$(domain)'
#
編輯修改/usr/lib/courier-imap/etc/authdaemonrc
version="authdaemond.mysql"
3)設置自啟動
hawk# cd /usr/local/etc/rc.d
hawk# ln -s /usr/lib/courier-imap/libexec/imapd.rc imapd.sh
hawk# ln -s /usr/lib/courier-imap/libexec/pop3d.rc pop3d.sh
hawk# chmod 755 imapd.sh
hawk# chmod 755 pop3d.sh

現在開始測試:
1)設置用戶:
hawk# mysql
mysql>; use mail;
在資料庫里你可以看到
mysql>; show tables;
+----------------+
| Tables_in_mail |
+----------------+
| aliases        |
| transport      |
| virtual_users  |
+----------------+
mysql>; desc aliases;
+-------+--------------+------+-----+---------+-------+
| Field | Type         | Null | Key | Default | Extra |
+-------+--------------+------+-----+---------+-------+
| alias | varchar(255) |      | PRI |         |       |
| rcpt  | varchar(255) | YES  |     | NULL    |       |
+-------+--------------+------+-----+---------+-------+
mysql>; insert aliases values('postmaster@the9.com','cnhawk@the9.com');
mysql>; insert aliases values('postmaster@freebsd.net','cnhawk@freebsd.net');
mysql>; select * from aliases;
+--------------------------+--------------------+
| alias                    | rcpt               |
+--------------------------+--------------------+
| postmaster@the9.com | cnhawk@the9.com |
| postmaster@freebsd.net   | cnhawk@freebse.net   |
+--------------------------+--------------------+
mysql>; desc transport;
+-----------+-----------+------+-----+---------+-------+
| Field     | Type      | Null | Key | Default | Extra |
+-----------+-----------+------+-----+---------+-------+
| domain    | char(128) |      | PRI |         |       |
| transport | char(128) |      |     |         |       |
+-----------+-----------+------+-----+---------+-------+
mysql>; insert transport values('the9.com','virtual:');
mysql>; insert transport values('freebsd.net','virtual:');
mysql>; select * from transport;
+---------------+-----------+
| domain        | transport |
+---------------+-----------+
| nankai.edu.cn | virtual:  |
| freebsd.net   | virtual:  |
+---------------+-----------+
mysql>; desc virtual_users;
+-----------+---------------------+------+-----+----------+----------------+
| Field     | Type                | Null | Key | Default  | Extra          |
+-----------+---------------------+------+-----+----------+----------------+
| unique_id | int(32) unsigned    |      | MUL | NULL     | auto_increment |
| id        | char(128)           |      | PRI |          |                |
| password  | char(128)           | YES  |     | NULL     |                |
| uid       | int(10) unsigned    | YES  |     | 104      |                |
| gid       | int(10) unsigned    | YES  |     | 104      |                |
| home      | char(255)           | YES  |     | NULL     |                |
| maildir   | char(255)           | YES  |     | NULL     |                |
| date_add  | date                | YES  |     | NULL     |                |
| time_add  | time                | YES  |     | NULL     |                |
| domain    | char(128)           | YES  |     | NULL     |                |
| name      | char(255)           | YES  |     | NULL     |                |
| imapok    | tinyint(3) unsigned | YES  |     | 1        |                |
| quota     | char(255)           | YES  |     | 10485760 |                |
+-----------+---------------------+------+-----+----------+----------------+
mysql>; INSERT INTO virtual_users
mysql>; (id,home,password,maildir,date_add,time_add,domain,name)
mysql>; VALUES ('cnhawk@the9.com','/var/mail/',encrypt('cnhawk'),
mysql>; 'the9.com/cnhawk/Maildir/','2003-04-23','01:18:24','the9.com','cnhawk');
mysql>; INSERT INTO virtual_users
mysql>; (id,home,password,maildir,date_add,time_add,domain,name)
mysql>; VALUES ('hawk@freebsd.net','/var/mail/',encrypt('hawk'),
mysql>; 'freebsd.net/hawk/Maildir/','2003-04-23','01:18:24','freebsd.net','hawk');
mysql>; quit
2)設置用戶的目錄與許可權:
hawk# mkdir -p /var/mail/the9.com/cnhawk
hawk# mkdir -p /var/mail/freebsd.net/hawk
hawk# cd /usr/lib/courier-imap/bin
hawk# ./maildirmake /var/mail/the9.com/cnhawk/Maildir
hawk# ./maildirmake /var/mail/freebsd.net/hawk/Maildir
hawk# chmod -R 700 /var/mail/the9.com/
hawk# chmod -R 700 /var/mail/freebsd.net/
hawk# chown -R postfix:postfix /var/mail/the9.com
hawk# chown -R postfix:postfix /var/mail/freebsd.net
至此用戶設置完畢,這裡僅僅使用兩個虛擬域,同理可以設置若干個虛擬域,如:mail.com
3)用戶登錄測試:

hawk# telnet 127.0.0.1 110
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
+OK Hello there.
user cnhawk@the9.com
+OK Password required.
pass cnhawk
+OK logged in. (OK,pop 登錄成功)
quit
+OK Bye-bye.
Connection closed by foreign host.
也可以使用任何其它的郵件客戶端程序來測試,如foxmail、Outlook Express等等。

然後安裝webmail
安裝igenus
1.安裝:
hawk # cd /usr/ports/www/apache2
hawk # make install
hawk# cd /usr/ports/www/mod_php4
hawk# make install
hawk# cd /var/mail
hawk# tar zxvf igenus_docn.tar.gz
hawk# edit /usr/local/apache/conf/httpd.conf
2.配置:
1)Group nobody、User nobody
修改為: Group postfix、User postfix
2)DocumentRoot "/usr/local/apache/htdocs"
修改為:DocumentRoot "/var/mail/webmail"
3) 查找 AddDefaultCharset ISO-8859-1  
改為AddDefaultCharset GB2312 #中文支持
添加AddType application/x-httpd-php .php #php支持
4)修改config_inc.php文件
$CFG_BASEPATH = "/var/mail/webmail";
$CFG_MYSQL_HOST = 'localhost';
$CFG_MYSQL_USER = 'postfix';
$CFG_MYSQL_PASS = 'hawk';(同以上密碼,均可以自己修改)
$CFG_MYSQL_DB = 'mail';
5) 編輯/usr/local/etc/php.ini,修改:
Cp /usr/local/etc/php.ini-dist /usr/local/etc/php.ini
  register_globals = On
3.使用:
最後在瀏覽器的URL中輸入:
http://IP  因為沒有DNS 有了DNS就好了 可以直接定位域名


1. 修改/etc/php.ini
max_execution_time = 30 #改為60 (增加處理腳本的時間限制)
memory_limit = 8M #改為40M (這樣才能發10M的附件)
post_max_size = 2M #改為10M
upload_max_filesize = 2M #改為10M

2. 修改/etc/httpd/conf.d/php.conf
<Files *.php>;
    SetOutputFilter PHP
    SetInputFilter PHP
    LimitRequestBody 524288  #把524288改為10485760
</Files>;
這裡的 LimitRequestBody 524288 限定了上傳附件的上限為512k, 將其改為10M

3. 修改/etc/postfix/main.cf, 添加如下語句:
message_size_limit = 14336000
postfix的默認值是10M, 但這指的是郵件正文和編碼后附件的總和, 經過base64編碼,附件的大小會增加35%左右, 因此這裡設定可接受郵件的大小為14M
可以使用如下命令查看postfix的有關設定:
/usr/sbin/postconf | grep size  

4. 重起apache和postfix.


反垃圾郵件 反病毒郵件部分

1.安裝McAfee uvscan
BSD上的最新的版本是vbsd424e,雖然是試用但是可以升級也沒有功能限制。
最新病毒庫的版本是dat-4306.tar = b4af8aa33b670d15cc43ebf6f4967498
如何你的ports中的病毒庫不是最新的版本 可以修改ports中的文件 可以去www.nai.com上面直接下載
安裝McAfee AntiVirus
hawk# cd /usr/ports/security/vscan
hawk# make install clean

2.AMaViS的安裝
AMaViS是uvscan和postfix之間的一個橋樑,完成郵件解碼,交給uvscan查毒,然後再處理,轉發操作。
2.1在ports中安裝
我這裡的版本號是amavisd-new-20030616

hawk# cd /usr/ports/security/amavisd-new/
# make install clean

hawk# cd /usr/local/etc
hawk# cp amavisd.conf-dist amavisd.conf
hawk# chown vscan amavisd.conf
hawk# chmod 750 amavisd.conf

hawk# chown vscan /usr/local/sbin/amavisd
hawk# chmod 750 /usr/local/sbin/amavisd

修改 amavisd.conf
$mydomain = 'the9.com'; (修改成你自己的)
$TEMPBASE = "/tmp";
$forward_method = 'smtp:127.0.0.1:10025';
$notify_method = $forward_method;

以下的可以根據你的伺服器情況設定
$virus_admin = "vscan\@$mydomain"
$mailfrom_notify_admin = "vscan\@$mydomain";
$mailfrom_notify_recip = "vscan\@$mydomain";
$mailfrom_notify_spamadmin = "vscan\@$mydomain";

# $QUARANTINEDIR = '/var/virusmails';

2.2修改postfix
在 /etc/postfix/master.cf 中
smtp      inet  n       -       n       -       -       smtpd
改為如下:
smtp-amavis   unix   -   -   n   -   2     smtp
    -o smtp_data_done_timeout=1200
    -o disable_dns_lookups=yes
127.0.0.1:10025   inet   n   -   n   -   -     smtpd
    -o content_filter=
注意 關於127.0.0.1:10025 的 content_filter 為空白,是因為在 postfix 的 main.cf 中,先前已有定義 content_filter 的話,可能會造成在本地郵件不停的轉寄給自己,要是有這樣的情況發生,postfix 的日誌中會出現以下信息「Error: too many hops 」。
測試
hawk# /usr/local/sbin/postfix stop
hawk# /usr/local/sbin/postfix start

hawk# su - vscan
hawk# /usr/local/sbin/amavisd debug

啟動另一個終端:
hawk# telnet 127.0.0.1 10024
Trying 127.0.0.1...
Connected to localhost.the9.com.
Escape character is '^]'.
220 ESMTP amavisd-new service ready
MAIL FROM:<cnhawk@the9.com>;
250 2.1.0 Sender cnhawk@the9.com OK
RCPT TO:<cnhawk@the9.com>;
250 2.1.5 Recipient cnhawk@the9.com OK
DATA
354 End data with <CR>;<LF>;.<CR>;<LF>;
Subject: Test 2

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
.
250 2.5.0 Ok, id=00116-02, BOUNCE <-- 出現這個表示系統已經認出這個郵件中含有 Virus
QUIT

2.3安裝配置 Spamassassin
在最新的AMaVisd-new已經結合了Spamassassin功能,所以只要用 ports安裝了 AMaVisd-ne,那 Spamassassin 也已經安裝好了。
Port:   amavisd-new-20030616.p5
Path:   /usr/ports/security/amavisd-new
Info:   Performance-enhanced daemonized version of amavis-perl
Maint:  blaz@si.FreeBSD.org
Index:  security
B-deps:
R-deps: arc-5.21e.8_1 freeze-2.5_1 lha-1.14i_1 lzo-1.08_1 lzop-1.01 p5-Archive-Tar-1.05 p5-Archive-Zip-1.06 p5-Authen-SASL-2.04 p5-Compress-Zlib-1.22 p5-Convert-TNEF-0.17 p5-Convert-UUlib-0.213 p5-Digest-HMAC-1.01 p5-Digest-MD5-2.27 p5-Digest-Nilsimsa-0.06 p5-Digest-SHA1-2.04 p5-File-Spec-0.82 p5-HTML-Parser-3.31 p5-HTML-Tagset-3.03 p5-IO-1.20 p5-IO-stringy-2.108 p5-MIME-Base64-2.20 p5-MIME-Tools-5.411a_2 p5-Mail-SpamAssassin-2.55 p5-Mail-Tools-1.58 p5-Net-1.16,1 p5-Net-DNS-0.40 p5-Net-Server-0.85 p5-PodParser-1.24 p5-Test-Harness-2.28 p5-Test-Simple-0.47_1 p5-Time-HiRes-1.50,1 p5-URI-1.25 p5-Unix-Syslog-0.100 razor-agents-2.36 unarj-2.43_1 unrar-3.20,2 zoo-2.10.1

如果伺服器不需要 Spamassassin 的功能那這個步驟可以取消。
添加需要的用戶
hawk# pw useradd spam -c "Spam Bayes Learner" -d /var/empty -s /sbin/nologin
hawk# pw useradd notspam -c "Not Spam Bayes Learner" -d /var/empty -s /sbin/nologin

修改 /usr/local/etc/mail/spamassassin/local.cf

use_bayes 1
bayes_path /var/amavis/.spamassassin/bayes
auto_learn 1
auto_learn_threshold_nonspam -2
auto_learn_threshold_spam 15

修改 /usr/local/etc/amavisd.conf
$max_servers = 2;
$max_requests = 10;
$child_timeout=5*60;

@bypass_virus_checks_acl = qw( . );
@local_domains_acl = ( ".$mydomain" );

$final_spam_destiny = D_PASS;

read_hash(\%whitelist_sender, '/var/amavis/whitelist');
read_hash(\%blacklist_sender, '/var/amavis/blacklist');
read_hash(\%spam_lovers, '/var/amavis/spam_lovers');

# SpamAssassin settings

#$sa_local_tests_only = 1;
$sa_auto_whitelist = 1;
$sa_mail_body_size_limit = 64*1024;
$sa_tag_level_deflt = 4.0;
$sa_tag2_level_deflt = 6.3;
$sa_kill_level_deflt = $sa_tag2_level_deflt;
$sa_spam_subject_tag = '***SPAM*** ';
建立所需要的文件
hawk# touch /var/amavis/whitelist
hawk# touch /var/amavis/blacklist
hawk# touch /var/amavis/spam_lovers

hawk# chown vscan /var/amavis/whitelist
hawk# chown vscan /var/amavis/blacklist
hawk# chown vscan /var/amavis/spam_lovers

hawk# echo spam@the9.com >;>; /var/amavis/spam_lovers
hawk# echo notspam@the9.com >;>; /var/amavis/spam_lovers

修改/usr/local/etc/postfix/main.cf
添加
content_filter = smtp-amavis::10024
建立自動學習體系
Bayesian Learning Script
hawk# vi /usr/local/sbin/my-sa-learn.sh
#!/bin/sh
if [ -e /var/mail/spam ]; then
    /usr/local/bin/sa-learn --spam -p /var/amavis/.spamassassin/user_prefs --mbox /var/mail/spam
    rm /var/mail/spam >; /dev/null
fi

if [ -e /var/mail/notspam ]; then
   /usr/local/bin/sa-learn --ham -p /var/amavis/.spamassassin/user_prefs --mbox /var/mail/notspam
    rm /var/mail/notspam >; /dev/null
fi
建立Bayes學習知識庫:
hawk# /usr/bin/sa-learn --rebuild -p /var/amavis/.spamassassin/user_prefs
這樣就可以自動學習了
hawk# chmod 700 /usr/local/sbin/my-sa-learn.sh
hawk# crontab -e
5 0 * * * /usr/local/sbin/my-sa-learn.sh

下面重新啟動服務讓設置生效
hawk# /usr/local/etc/rc.d/postfix.sh stop
hawk# /usr/local/etc/rc.d/postfix.sh start
hawk# /usr/local/etc/rc.d/amavisd.sh stop
hawk# /usr/local/etc/rc.d/amavisd.sh start

要是使用 Spamassassin 的 spamd,也需要重新啟動。
啟動 AMaVisd 時,確認是否有找到反病毒軟體

hawk# cat /var/log/maillog |grep NAI
Dec  1 03:37:07 hawk amavis: Found primary av scanner NAI McAfee AntiVirus (uvscan) at /usr/local/bin/uvscan
Dec  1 15:36:00 hawk amavis: Found primary av scanner NAI McAfee AntiVirus (uvscan) at /usr/local/bin/uvscan
Dec  1 16:14:28 hawk amavis: Found primary av scanner NAI McAfee AntiVirus (uvscan) at /usr/local/bin/uvscan
要是有這樣的信息說明已經找到殺毒軟體

病毒更新腳本
需要wget支持
先安裝wget
hawk# pkg_add –r wget
安裝完畢
hawk# vi /usr/local/libexec/uvscan/update-dat.sh
添加下面的內容
#!/bin/sh
#
# update-dat.sh
#
cd /usr/local/libexec/uvscan/
wget -q -O readme.txt http://download.nai.com/products/datfiles/4.x/nai/readme.txt >;/dev/null
AVVER=`head -11 readme.txt | grep '4' | head -1 | sed -e 's/^.*\(4*\).*$/\1/'`
if [ ! -f dat-$AVVER.tar ]; then
    for i in *.tar ; do
        mv $i $i.old
    done
    if wget http://download.nai.com/products/datfiles/4.x/nai/dat-$AVVER.tar >;/dev/null ; then
        for i in *.dat ; do
            cp -p $i $i.bak
        done
        if tar xf dat-$AVVER.tar ; then
            rm -f *.old
            echo `date` Successfully updated AntiVirus DAT files to $AVVER
        fi
    fi
fi

然後放入crontab 定時自動運行就可以自動更新病毒文件了。



草草寫好
感謝CHINAUNIX的朋友幫忙
《解決方案》

FREEBSD上的使用POSTFIX的反垃圾反病毒郵件系統

測試完全通過 我在加緊完善文檔
《解決方案》

FREEBSD上的使用POSTFIX的反垃圾反病毒郵件系統

基本所有功能夠測試通過
《解決方案》

FREEBSD上的使用POSTFIX的反垃圾反病毒郵件系統

good
《解決方案》

FREEBSD上的使用POSTFIX的反垃圾反病毒郵件系統

不錯。潑點冷水:

我想你安裝 cyrus-sasl2 的意圖是要做 smtp auth,但是在你的文章里好像沒有 smtp auth 的測試。另外,據我所知 cyrus-sasl2 還不支持 mysql 中加密的 password,不知你準備怎麼解決這個問題?
《解決方案》

FREEBSD上的使用POSTFIX的反垃圾反病毒郵件系統

OK, 不好意思,忘記了你是用 pam。
《解決方案》

FREEBSD上的使用POSTFIX的反垃圾反病毒郵件系統

smtp auth可以通過,我做了忘記寫了,等等補上
《解決方案》

FREEBSD上的使用POSTFIX的反垃圾反病毒郵件系統

《解決方案》

FREEBSD上的使用POSTFIX的反垃圾反病毒郵件系統

原帖由 "znsoft" 發表:


sasl1是支持mysql加密口令的:)

你肯定嗎?sasl1 本身並不支持 mysql,對 mysql 的支持是通過 patch 實現的,這個 patch 後來被加入了 sasl2,從而使 sasl2 正式支持 mysql。如果 sasl1 就支持 mysql 加密口令,那沒有理由在 sasl2 里不支持。

等我再去讀讀 code ...
《解決方案》

FREEBSD上的使用POSTFIX的反垃圾反病毒郵件系統

添加截圖
http://album3.chinaren.com/album/98/62/51246298/1208940.jpg

[火星人 ] FREEBSD上的使用POSTFIX的反垃圾反病毒郵件系統已經有768次圍觀

http://coctec.com/docs/service/show-post-44089.html