CentOS5+Postfix+SpamAssassin打造全功能的邮件服务器
CentOS5.3安装postfix+extmail邮件系统
CentOS5.3安装postfix+extmail邮件系统作者:哈密瓜bbs:Blog:系统所有环境都是采用yum安装改变系统语言关闭selinuxvi/etc/selinux/config去除IPV6修改网关vi/etc/sysconfig/network设IPvi/etc/sysconfig/network-scripts/ifcfg-eth0定义yum的非官方库关闭不需要的服务chkconfig mcstrans offchkconfig restorecond offchkconfig ip6tables offchkconfig iptables offchkconfig netfs off安装必需软件yum-y install ntsysv ntp telnet wget rsync vixie-cron logwatch perl-Unix-Syslog perl-Net-Daemon perl-PlRPC perl-DBI perl-DBD-MySQL freetype-demos freetype-devel libart_lgpl-devel libpng libpng-devel perl-Time-HiRes perl-Time-HiRes-Value perl-File-Tail perl-libwww-perl perl-HTML-Parser perl-HTML-Tagset perl-IO-stringy perl-IO-Multiplex perl-MailTools perl-TimeDate perl-Convert-ASN1perl-Convert-BinHex perl-MIME-tools perl-FCGI perl-GD rrdtool rrdtool-perl apr-devel apr-docs apr-util-devel apr-util-docs giflib libgdiplus mono-core dbus-sharp dbus-sharp-devel dbus-glib-devel dbh dbh-devel pcre pcre-devel httpd httpd-devel httpd-manual mysql mysql-devel mysql-server cyrus-sasl cyrus-sasl-plain bind bind-chroot amavisd-new clamd clamav clamav-db spamassassin bison bzip2-devel expect fam-devel flex freetype-devel gcc gcc-c++gdbm-devel libc-client-devel libjpeg-devel libmcrypt libmcrypt-devel libpng-devel libxslt-devel make rpm-build mod_ssl php php-gd php-mysql php-mbstring php-mcrypt phpmyadmin perl-Mon perl-Authen-PAM perl-Filter perl-Net_SSLeay.pm perl-Convert-BER perl-URI perl-XML-SAX perl-Crypt-Blowfish perl-Crypt-CBC perl-Date-Calc ncurses-devel net-snmp-devel libtool openssl openssl-devel openssl-perl pam-devel pkgconfig postgresql-devel zlib-devel启动mysql和apahcechkconfig httpd onchkconfig mysqld on升级包yum-y update重启系统reboot重新生成rpm包安装postfixcd/usr/local/srcwget /centos/5/os/SRPMS/postfix-2.3.3-2.src.rpmrpm-ivh postfix-2.3.3-2.src.rpmcd/usr/src/redhat/SPECSrpm-Uvh/usr/src/redhat/RPMS/i386/postfix-2.3.*新建邮件用户、组/usr/sbin/groupadd-g1000vgroup/usr/sbin/useradd-g1000-u1000-M-s/bin/false vuser安装courier-authlibcd/usr/local/srcwget /courier/courier-authlib-0.61.0.tar.bz2tar jxvf courier-authlib-0.61.0.tar.bz2ldconfigldconfig-vcp courier-authlib.sysvinit/etc/rc.d/init.d/courier-authlibchmod755/etc/rc.d/init.d/courier-authlibchkconfig--add courier-authlibchkconfig courier-authlib onchmod755/usr/local/courier-authlib/var/spool/authdaemonmv/usr/local/courier-authlib/etc/authlib/authmysqlrc/usr/local/courier-authlib/etc/authlib/authmysqlrc.bak设置smtpdservice courier-authlib startln-s/usr/local/courier-authlib/bin/courierauthconfig/usr/bin/courierauthconfig 安装maildorpcd/usr/local/srcwget /courier/maildrop-2.0.4.tar.bz2tar jvxf maildrop-2.0.4.tar.bz2安装courier-imapcd/usr/local/srcwget /courier/courier-imap-4.4.1.tar.bz2tar jvxf courier-imap-4.4.1.tar.bz2cp/usr/local/courier-imap/etc/imapd.dist/usr/local/courier-imap/etc/imapdcp/usr/local/courier-imap/etc/imapd-ssl.dist/usr/local/courier-imap/etc/imapd-ssl cp/usr/local/courier-imap/etc/pop3d.dist/usr/local/courier-imap/etc/pop3dcp/usr/local/courier-imap/etc/pop3d-ssl.dist/usr/local/courier-imap/etc/pop3d-ssl cp courier-imap.sysvinit/etc/rc.d/init.d/courier-imapdchmod755/etc/rc.d/init.d/courier-imapdchkconfig--add courier-imapd配置pop将extmail,extman,slock安装包上传安装extmailcd/usr/local/srcmkdir/var/www/extsuitetar-zxvf extmail-1.0.5.tar.gzcp-r extmail-1.0.5/var/www/extsuite/extmailcd/var/www/extsuite/extmailcp webmail.cf.default webmail.cfchown-R vuser:vgroup/var/www/extsuite/extmail/cgi/安装extmancd/usr/local/srctar-zxvf extman-0.2.5.tar.gzcp-r extman-0.2.5/var/www/extsuite/extman/chown-R vuser:vgroup/var/www/extsuite/extman/cgi/mkdir/var/www/extsuite/extman/tmpchown-R vuser:vgroup/var/www/extsuite/extman/tmpvi/var/www/extsuite/extman/docs/init.sql将改为你的域名比如导入数据库mysql-u root-p</var/www/extsuite/extman/docs/extmail.sqlmysql-u root-p</var/www/extsuite/extman/docs/init.sql生成extmail系统管理员的用户目录cd/var/www/extsuite/extman/tools./maildirmake.pl/home/domains//postmaster/Maildirchown-R vuser:vgroup/home/domainscp-r/var/www/extsuite/extman/addon/mailgraph_ext//usr/local/mailgraph_ext/ echo"/usr/local/mailgraph_ext/mailgraph-init start">>/etc/rc.d/rc.local echo"/usr/local/mailgraph_ext/qmonitor-init start">>/etc/rc.d/rc.local安装slockdcd/usr/local/srctar-zxvf slockd-0.2.tar.gzcp-r slockd-0.2/usr/local/slockdecho"/usr/local/slockd/slockd-init start">>/etc/rc.d/rc.local配置apache安装fastcgi模块cd/usr/local/srcwget /dist/mod_fastcgi-2.4.6.tar.gztar xfz mod_fastcgi-2.4.6.tar.gzcd mod_fastcgi-2.4.6ln-s../../usr/lib/httpd/build/etc/httpd/buildcp Makefile.AP2Makefilemake top_dir=/etc/httpd installecho"/var/www/extsuite/extmail/dispatch-init start">>/etc/rc.d/rc.local/var/www/extsuite/extmail/dispatch-init start配置phpmyadminln-s/usr/share/phpmyadmin/var/www/extsuite/phpmyadmin注:初始安装账户extmail,extman密码可能有点问题登陆不进去,这个可以用phpmyadmin来设置密码,默认phpmyadmin root密码为空$1$ITIH4eKD$s9C2wHpLQXOLkzY5U1jYL.=extmail而后再从extman后台去修改密码就可以了。
CentOS上安装配置Postfix + Extmail 邮件服务系统
RHEL/CentOS上安装配置Postfix + Extmail 邮件服务系统一、文档简介:本文以最简单方便的方法在centos 5.2 上安装全功能邮件系统,此文适合REDHAT所有系列,在文中,能用RPM 安装的,我们将采用rpm 安装,如果rpm没有的,我们将创建自己的rpm。
部分软件简介:1、AMP ---apache(web服务) 、mysql(数据库)、php(非必需) 的简称2、postfix --mta 邮件系统核心3、courier-authlib--一个为courier-imap,maildrop,sasl2 提供用户信息的后台进程序4、courier-imap --提供pop3,pop3s,imap,imaps 服务的程序5、amavisd-new --提供内容过滤6、clamav -- 著名的杀毒软件7、extmail --一个著名的webmail程序8、extman --与extmail集成的后台管理程序9、slockd --一个基于smtp阶段的反垃圾邮件程序10、vhmgr --由本文作者编写,用于管理apache,ftp,mysql 的虚拟主机管理程序。
安装环境:centos 5.2域名机器名:域名:二、安装系统安装系统时,选择“customize software selection”(自定义安装),在package group selection 对话框里选择:[*]base[*]devlopment libraries[*]development tools[*]editors[*]text-base internet其它不选择。
在setup agnet(或进入系统后运行setup) 里选择firewall configuration 将security level 与SELinux 改为disabled,目的是为了避免在安装调试时产生不必要的麻烦,在系统安装完成后,可以自己去调试安全部分,在这里将不作详细介绍。
Cent OS 5.5下postfix+extmail+mysql邮件服务器
Cent OS 5.5 下Postfix + extmail + mysql邮件系统安装与配置一.安装mysql数据库首先卸载系统自带的mysql# rpm -e mysql --nodeps# tar zxvf BAK/mysql-5.1.43.tar.gz# cd mysql-5.1.43/# ./configure --prefix=/usr/local/mysql --enable-thread-safe-client --enable-shared --enable-stati c --enable-local-infile --with-extra-charsets=all --with-pthread --with-unix-socket-path=/tmp/my sql.socket --with-mysqld-ldflags=-all-static --with-client-ldflags=-all-static --with-big-tables --wit h-embedded-server --with-embedded-privilege-control --enable-assembler# make -j 4# make install# useradd mysql -s /sbin/nologin -d /dev/null# cp support-files/f /etc/f# vi /etc/f在[mysqld]添加: bind-address = localhost# cp support-files/mysql.server /etc/init.d/mysqld# chkconfig --add mysqld# chkconfig --level 2345 mysqld on# chmod 755 /etc/init.d/mysqld# chown -R mysql.mysql /usr/local/mysql/# /usr/local/mysql/bin/mysql_install_db --user=mysql# service mysqld start# /usr/local/mysql/bin/mysqladmin -u root password 'izptecmail'# mysql -uroot -p# echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf# ldconfig# ldconfig -v二.安装apache web服务(需要编译suexec)# tar zxvf BAK/httpd-2.2.14.tar.gz# cd httpd-2.2.14/# ./configure --prefix=/usr/local/apache --enable-modules=all --enable-mods-shared=all --enabl e-cache --enable-disk-cache --enable-mem-cache --enable-substitute --enable-expires --enable-headers --enable-proxy --enable-proxy-http --enable-ssl --with-ssl=/usr/local/ssl --enable-http --enable-vhost-alias --with-zlib --enable-suexec --with-suexec-caller=vmail --with-suexec-docroot =/var/www/html/ --enable-rewrite --enable-so --with-mpm=worker# mkdir -p /var/www/html/# groupadd -g 1000 vmail# useradd -g vmail -u 1000 -s /sbin/nologin -M vmail# make# make install# echo "/usr/local/apache/bin/apachectl start" >> /etc/rc.local# vi /usr/local/apache/conf/httpd.conf修改apache配置文件;# /usr/local/apache/bin/apachectl start三.安装php首先安装php程序所需要的依赖包# yum install freetype* glib* jpegsrc* libart_lgpl* libpng* libxml* libjpeg* zlib* libmcrypt* gd*# tar zxvf BAK/php-5.2.6.tar.gz# cd php-5.2.6/# ./configure --prefix=/usr/local/php --enable-exif --with-gd --enable-gd-native-ttf --enable-gd-ji s-conv --with-jpeg-dir --with-png-dir --with-zlib-dir --with-freetype-dir --enable-mbstring --with-m ysql=/usr/local/mysql --with-mysql-sock=/tmp/mysql.socket --enable-embedded-mysqli --enabl e-shmop --enable-soap --enable-sockets --enable-sqlite-utf8 --enable-sysvmsg --enable-sysvse m --enable-sysvshm --enable-wddx --enable-zip --with-pcre-dir --enable-maintainer-zts --enable-zend-multibyte --with-apxs2=/usr/local/apache/bin/apxs --with-config-file-path=/usr/local/php/et c/ --with-mysqli=/usr/local/mysql/bin/mysql_config --with-gettext --with-mcrypt# make# make install# cp php.ini-dist /usr/local/php/etc/php.ini# vi /usr/local/php/etc/php.ini---------------------------------------;include_path = ".:/php/includes" 改为include_path = ".:/usr/local/php/lib/php"---------------------------------------四.安装courier-authlib库(验证登陆)# tar jxvf BAK/courier-authlib-0.63.0.tar.bz2# cd courier-authlib-0.63.0/# CFLAGS="-march=i686 -O2 -fexpensive-optimizations" CXXFLAGS="-march=i686 -O2 -fexpe nsive-optimizations"# ./configure --prefix=/usr/local/courier-authlib --sysconfdir=/etc --without-authpam --without-a uthldap --without-authpwd --without-authshadow --without-authvchkpw --without-authpgsql --wi th-authmysql --with-mysql-libs=/usr/local/mysql/lib/mysql --with-mysql-includes=/usr/local/mys ql/include/mysql --with-redhat --with-authmysqlrc=/etc/authmysqlrc --with-authdaemonrc=/etc/ authdaemonrc# make# make install# chmod 755 /usr/local/courier-authlib/var/spool/authdaemon# cp /etc/authdaemonrc.dist /etc/authdaemonrc# vi /etc/authdaemonrc修改为以下配置:authmodulelist="authmysql"authmodulelistorig="authmysql"daemons=15authdaemonvar=/usr/local/courier-authlib/var/spool/authdaemonDEBUG_LOGIN=0DEFAULTOPTIONS=""LOGGEROPTS=""--------------------------------------------------------------# cp /etc/authmysqlrc.dist /etc/authmysqlrc# vi /etc/authmysqlrc修改为以下配置:MYSQL_SERVER localhostMYSQL_USERNAME rootMYSQL_PASSWORD izptecmailMYSQL_SOCKET /tmp/mysql.socketMYSQL_PORT 3306MYSQL_OPT 0MYSQL_DATABASE extmailMYSQL_USER_TABLE mailboxMYSQL_CRYPT_PWFIELD passwordMYSQL_UID_FIELD 1000MYSQL_GID_FIELD 1000MYSQL_LOGIN_FIELD usernameMYSQL_HOME_FIELD homedirMYSQL_NAME_FIELD nameMYSQL_MAILDIR_FIELD maildirMYSQL_QUOTA_FIELD quotaMYSQL_SELECT_CLAUSE SELECT username,password,"",uidnumber,gidnumber,\CONCAT('/home/domains/',homedir), \CONCAT('/home/domains/',maildir), \quota, \name \FROM mailbox \WHERE username = '$(local_part)@$(domain)'--------------------------------------------------------------# cp courier-authlib.sysvinit /etc/init.d/courier-authlib# chmod 755 /etc/init.d/courier-authlib# chkconfig --add courier-authlib# chkconfig --level 2345 courier-authlib on# pstree | grep authdaemond显示init-+-courierlogger---authdaemond---15*[authdaemond] 表示安装成功;五.安装courier-imap (提供pop3服务)# tar jxvf BAK/courier-imap-4.0.3.tar.bz2# cd courier-imap-4.0.3/# ./configure --prefix=/usr/local/courier-imap --with-redhat --enable-unicode --disable-root-chec k --with-trashquota --without-ipv6 CPPFLAGS='-I/usr/include/openssl -I/usr/local/courier-authlib/i nclude' LDFLAGS='-L/usr/local/courier-authlib/lib/courier-authlib' COURIERAUTHCONFIG='/usr/lo cal/courier-authlib/bin/courierauthconfig'# make# make install# cp /usr/local/courier-imap/etc/imapd.dist /usr/local/courier-imap/etc/imapd# cp /usr/local/courier-imap/etc/imapd-ssl.dist /usr/local/courier-imap/etc/imapd-ssl# cp /usr/local/courier-imap/etc/pop3d.dist /usr/local/courier-imap/etc/pop3d# cp /usr/local/courier-imap/etc/pop3d-ssl.dist /usr/local/courier-imap/etc/pop3d-ssl# vi /usr/local/courier-imap/etc/pop3d修改POP3DSTART字段,改为YES;如果需要提供imapd服务,编译/usr/local/courier-imap/etc/imoa pd的IMAPDSTART字段;# mkdir -p /home/domains/# chown -R vmail.vmail /home/domains/# chmod 755 /etc/init.d/courier-imapd# chkconfig --add courier-imapd# chkconfig --level 2345 courier-imapd on# netstat -tupln查看110端口是否开启,如开启则pop3服务正常;六.安装Cyrus-sasl (认证)# tar jxvf BAK/cyrus-sasl-2.1.22.tar.bz2# cd cyrus-sasl-2.1.22/# ./configure --prefix=/usr/local/sasl2 --disable-gssapi --disable-anon --disable-sample --disable-digest --enable-plain --enable-login --enable-sql --with-mysql=/usr/local/mysql --with-mysql-incl udes=/usr/local/mysql/include/mysql --with-mysql-libs=/usr/local/mysql/lib/mysql--with-authdae mond=/usr/local/courier-authlib/var/spool/authdaemon/socket# make# make install# chkconfig --level 2345 saslauthd off# cd /usr/lib******# mv libsasl2.a libsasl2.a.OFF# mv libsasl2.so.2.0.22 libsasl2.so.2.0.22.OFF# mv sasl2 sasl2.OFF# rm libsasl2.so libsasl2.so.2# ln -sv /usr/local/sasl2/lib/* .******进入/usr/lib64 同上修改sasl库链接关系;进入/usr/local/lib/库链接关系;同时链接头文件到/usr/loca/include;# ln -sv /usr/local/sasl2/include/sasl /usr/local/include/sasl# mkdir -pv /var/state/saslauthd# /usr/local/sasl2/sbin/saslauthd -a shadow pam -d输出:saslauthd[20634] :main : num_procs : 5saslauthd[20634] :main : mech_option: NULLsaslauthd[20634] :main : run_path : /var/state/saslauthdsaslauthd[20634] :main : auth_mech : shadowsaslauthd[20634] :ipc_init : using accept lock file: /var/state/saslauthd/mux.accept saslauthd[20634] :detach_tty : master pid is: 0saslauthd[20634] :ipc_init : listening on socket: /var/state/saslauthd/muxsaslauthd[20634] :main : using process modelsaslauthd[20635] :get_accept_lock : acquired accept locksaslauthd[20634] :have_baby : forked child: 20635saslauthd[20634] :have_baby : forked child: 20636saslauthd[20634] :have_baby : forked child: 20637saslauthd[20634] :have_baby : forked child: 20638表示正常,Ctrl+c 结束;# /usr/local/sasl2/sbin/saslauthd -a shadow pam# pstree | grep saslauthd显示|-saslauthd---4*[saslauthd],表示程序启动;# /usr/local/sasl2/sbin/testsaslauthd -u root -p (root 用户密码)显示0: OK "Success." 测试成功# echo “/usr/local/sasl2/lib” >> /etc/ld.so.conf# echo “/usr/local/sasl2/lib/sasl2” >> /etc/ld.so.conf# ldconfig -v# echo “/usr/local/sasl2/sbin/saslauthd -a shadow pam” >> /etc/rc.local# vi /usr/local/sasl2/lib/sasl2/smtpd.conf------------------------------------------------------------pwcheck_method: authdaemondlog_level: 3mech_list: PLAIN LOGINauthdaemond_path: /usr/local/courier-authlib/var/spool/authdaemon/socket------------------------------------------------------------# vi /etc/init.d/saslauthd------------------------------------------------------------修改为:SOCKETDIR=/var/state/saslauthdMECH="shadow pam"注释:#if test -x ${path}.${MECH} ; then# path=/usr/sbin/saslauthd.$MECH#fi------------------------------------------------------------# vi /etc/sysconfig/saslauthd------------------------------------------------------------SOCKETDIR=/var/state/saslauthdMECH="shadow pam"------------------------------------------------------------# chkconfig --level 2345 saslauthd on七.安装配置postfix# rpm -e sendmail --nodeps# tar zxvf BAK/postfix-2.6.5.tar.gz# cd postfix-2.6.5/# groupadd postdrop# useradd -M -s /sbin/nologin postfix# make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/local/sasl2/include/sasl -DUSE_TLS -I/usr/include/openssl' 'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient -lz -lm -L/usr/local/sasl2/lib -lsasl2 -L/usr/local/ssl/lib -lss l -lcrypto'# make# make install# /usr/bin/newaliases# vi /etc/postfix/main.cf------------------------------------------------------------#####################BASE#########################queue_directory = /var/spool/postfixcommand_directory = /usr/sbindaemon_directory = /usr/libexec/postfixdata_directory = /var/lib/postfixmail_owner = postfixunknown_local_recipient_reject_code = 550debug_peer_level = 2debugger_command =PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/binddd $daemon_directory/$process_name $process_id & sleep 5sendmail_path = /usr/sbin/sendmailnewaliases_path = /usr/bin/newaliasesmailq_path = /usr/bin/mailqsetgid_group = postdrophtml_directory = nomanpage_directory = /usr/local/mansample_directory = /etc/postfixreadme_directory = nomyhostname = mydomain = myorigin = $mydomaininet_interfaces = allmynetworks = 127.0.0.0/8------------------------------------------------------------测试postfix 发信功能# telnet localhost 25Trying 127.0.0.1...Connected to localhost.Escape character is '^]'.220 ESMTP Postfixhelo 250 mail from:root@250 2.1.0 Okrcpt to:hanyongming@250 2.1.5 Okdata354 End data with <CR><LF>.<CR><LF>from:root Test <root@>to:hanyongming@subject:Mail Test.Mail Test Date 2011-03-13..250 2.0.0 Ok: queued as DEF0D330054quit221 2.0.0 ByeConnection closed by foreign host.# /usr/sbin/postconf -a显示cyrusdovecot则表示postfix支持cyrus-sasl认证# vi /etc/postfix/main.cf------------------------------------------------------------添加以下内容:#####################CYRUS-SASL######################### broken_sasl_auth_clients = yessmtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destinationsmtpd_sasl_auth_enable = yessmtpd_sasl_authenticated_header = yessmtpd_sasl_local_domain = $myhostnamesmtpd_sasl_security_options = noanonymoussmtpd_sasl_path = smtpdsmtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available! --------------------------------------------------------------------# /usr/sbin/postfix reload验证认证是否生效# telnet localhost 25显示以下内容:Trying 127.0.0.1...Connected to localhost.Escape character is '^]'.220 Welcome to our ESMTP,Warning: Version not Available!ehlo 250-PIPELINING250-SIZE 10240000250-VRFY250-ETRN250-AUTH LOGIN PLAIN250-AUTH=LOGIN PLAIN250-ENHANCEDSTATUSCODES250-8BITMIME250 DSN^]telnet> qConnection closed.表示postfix验证生效;# vi /etc/postfix/main.cf---------------------------------------------------------------------添加虚拟域配置文件:#####################Virtual Mailbox Settings##################### virtual_mailbox_base = /home/doaminsvirtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cfvirtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf#virtual_alias_domains =virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cfvirtual_minimum_uid = 1000virtual_uid_maps = static:1000virtual_gid_maps = static:1000virtual_transport = maildropmaildrop_destination_recipient_limit = 1maildrop_destination_concurrency_limit = 1#####################QUOTA Settings######################## message_size_limit = 14336000virtual_mailbox_limit = 20971520virtual_create_maildirsize = yesvirtual_mailbox_extended = yesvirtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_limit_maps.cfvirtual_mailbox_limit_override = yesvirtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, pl ease Tidy your mailbox and try again later.virtual_overquota_bounce = yes----------------------------------------------------------------------八.安装extmail extman# tar zxvf BAK/extmail-1.2.tar.gz# cp -a extmail-1.2 /var/www/html/extmail# tar zxvf BAK/extman-1.1.tar.gz# cp -a extman-1.1 /var/www/html/extman# cd /var/www/html# cp extmail/webmail.cf.default extmail/webmail.cf# vi extmail/webmail.cf----------------------------------------------------------------------修改extmail的配置项:SYS_CONFIG = /var/www/html/extmail/SYS_LANGDIR = /var/www/html/extmail/langSYS_TEMPLDIR = /var/www/html/extmail/htmlSYS_USER_LANG = zh_CNSYS_MYSQL_USER = rootSYS_MYSQL_PASS = izptecmailSYS_MYSQL_DB = extmailSYS_MYSQL_HOST = localhostSYS_MYSQL_SOCKET = /tmp/mysql.socketSYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket SYS_G_ABOOK_FILE_PATH = /var/www/html/extmail/globabook.cf-----------------------------------------------------------------------# cp extman/webman.cf.default extman/webman.cf# vi extman/webman.cf-----------------------------------------------------------------------修改extman的配置项:SYS_CONFIG = /var/www/html/extman/SYS_LANGDIR = /var/www/html/extman/langSYS_TEMPLDIR = /var/www/html/extman/htmlSYS_MYSQL_USER = rootSYS_MYSQL_PASS = izptecmailSYS_MYSQL_DB = extmailSYS_MYSQL_HOST = localhostSYS_MYSQL_SOCKET = /tmp/mysql.socket安装数据库链接的perl模块:# tar zxvf BAK/Unix-Syslog-1.1.tar.gz# cd Unix-Syslog-1.1/# make# make install# tar zxvf BAK/DBI-1.604.tar.gz# cd DBI-1.604/# perl Makefile.PL# make# make install# tar zxvf BAK/DBD-mysql-4.006.tar.gz# cd DBD-mysql-4.006/# perl Makefile.PL --mysql_config=/usr/local/mysql/bin/mysql_config# tar zxvf BAK/GD-2.45.tar.gz# cd GD-2.45/# perl Makefile.PL# make# make install# cd /var/www/html/extman/docs/# /usr/local/mysql/bin/mysql -uroot -p <extmail.sql# /usr/local/mysql/bin/mysql -uroot -p <init.sql# cp mysql_virtual_alias_maps.cf /etc/postfix/# cp mysql_virtual_domains_maps.cf /etc/postfix/# cp mysql_virtual_limit_maps.cf /etc/postfix/# cp mysql_virtual_mailbox_maps.cf /etc/postfix/修改虚拟域配置文件内链接mysql数据库的用户名,密码;# vi /usr/local/apache/conf/httpd.conf----------------------------------------------------------修改apache配置文件User vmailGroup vmail<Directory />Options FollowSymLinksAllowOverride NoneOrder deny,allowAllow from all</Directory><VirtualHost *:80>ServerName DocumentRoot /var/www/html/extmail/html/ScriptAlias /extmail/cgi/ /var/www/html/extmail/cgi/Alias /extmail /var/www/html/extmail/html/ScriptAlias /extman/cgi/ /var/www/html/extman/cgi/Alias /extman /var/www/html/extman/html/SuexecUserGroup vmail vmail</VirtualHost>----------------------------------------------------------# chown -R vmail.vmail /var/www/html# mkdir -pv /tmp/extman# chown -R vmail.vmail /tmp/extman/# /usr/local/apache/bin/apachectl stop# /usr/local/apache/bin/apachectl startweb方式访问登录邮箱管理登录名:root@ 密码:extmail*123*新建域,新建邮箱账户;九.安装maildrop邮件投递# tar zxvf BAK/pcre-8.10.tar.gz# cd pcre-8.10/# ./configure --enable-utf8 --enable-unicode-properties --enable-newline-is-any --enable-pcregr ep-libz --enable-pcregrep-libbz2# make# make install# tar jxvf BAK/maildrop-2.0.4.tar.bz2# cd maildrop-2.0.4/# ln -sv /usr/local/courier-authlib/bin/courierauthconfig /usr/bin# ln -sv /usr/local/courier-authlib/include/* /usr/include# ./configure --enable-sendmail=/usr/sbin/sendmail --enable-trusted-users='root vmail' --enabl e-syslog=1 --enable-maildirquota --enable-maildrop-uid=1000 --enable-maildrop-gid=1000 --wi th-trashquota --with-dirsync# make# make install# vi /etc/maildroprc---------------------------------------------------------添加以下内容:logfile "/var/log/maildrop.log"---------------------------------------------------------# touch /var/log/maildrop.log# chown -R vmail.vmail /var/log/maildrop.log# vi /etc/postfix/master.cf---------------------------------------------------------添加以下内容:maildrop unix - n n - - pipeflags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}---------------------------------------------------------# service courier-authlib restart# service courier-imapd restart# service saslauthd restart# /usr/sbin/postfix reload# /usr/local/apache/bin/apachectl restart建立邮箱收发邮件测试!。
邮件服务器解决方案
邮件服务器解决方案随着互联网的发展,邮件已经成为人们日常生活和工作中不可或缺的一部分。
邮件服务器作为邮件传输的关键设备,选择合适的邮件服务器解决方案对于保障邮件的安全、稳定和高效传输至关重要。
本文将介绍几种常见的邮件服务器解决方案,帮助您选择最适合自己需求的方案。
一、基于开源软件的1.1 使用Postfix作为邮件传输代理- Postfix是一种开源的邮件传输代理软件,具有轻量级、高效、安全等特点。
- Postfix支持多种邮件协议,如SMTP、POP3、IMAP等,适用于各种规模的邮件服务器。
- Postfix有丰富的插件和扩展功能,可以满足不同用户的需求。
1.2 配合Dovecot提供邮件存储服务- Dovecot是一种流行的开源邮件存储软件,支持多种邮件存储协议,如POP3、IMAP等。
- Dovecot提供高性能的邮件存储服务,支持多用户、多邮箱的管理。
- Dovecot与Postfix配合使用,可以实现完整的邮件服务器功能,包括邮件传输和存储。
1.3 使用SpamAssassin进行垃圾邮件过滤- SpamAssassin是一种开源的垃圾邮件过滤软件,可以有效识别和过滤垃圾邮件。
- SpamAssassin基于规则引擎和机器学习算法,可以不断学习和适应新的垃圾邮件特征。
- SpamAssassin可以与Postfix和Dovecot集成,提供全面的垃圾邮件过滤服务。
二、商业2.1 Microsoft Exchange Server- Microsoft Exchange Server是一种商业邮件服务器软件,提供全面的邮件服务,包括邮件传输、存储、日历、联系人等功能。
- Exchange Server与Microsoft Outlook等客户端软件集成紧密,提供便捷的邮件管理和协作功能。
- Exchange Server支持企业级的安全和可靠性需求,适用于大中型企业使用。
2.2 IBM Domino- IBM Domino是一种企业级邮件服务器软件,提供邮件、日历、联系人、协作等功能。
CENTOS5下配置mail服务器
CENTOS5下配置mail服务器[11月9日最后修正]2007-10-28 16:17CENTOS5,Fedora8下配置mail服务器在Fedora8下比CENTOS5下配置更顺利[QQ:48238398][抄来抄去,呵]说明:apache,php,mysql,为centos5自带的,就是说我装系统的时候,就选择上了:cyrus-sasl,postfix,courier-authlib,maildrop ,courier-imap 是通过源码编译的,写这个的目的就是,复制内容,照着一步步的做下去就能配置出来一个成功的可视化管理的mail服务器如果是rpm方式按装的msqyl,include及lib目录的位置/usr/include/mysql /usr/lib/mysql如果是编译的,位于你指定的目录下,如果编译mysql指定目录为/usr/local/mysql则位于/usr/local/mysql/include/mysql /usr/local/mysql/lib/mysql开始:::如果你的apache,php,mysqsl是centos5自带的,就是说不是你自己编译的,以下的代码可以复制粘贴直接用=cyrus-sasl=按装配置cyrus-sasl=cyrus-sasl=下载地址:ftp:///pub/cyrus-mail/=cryus-sasl=文件名:cyrus-sasl-2.1.22.tar.gz#rpm -qa|grep cyrus-sasl把查找出来的包都删除了#rpm -e --nodeps 包名#rm -rf /usr/lib/sasl#rm -rf /usr/lib/sasl2=cyrus-sasl=进入解压目录编译:#./configure \--enable-plain \--enable-cram \--enable-digest \--enable-login \--enable-sql \--disable-anon \--disable-ntlm \--disable-gssapi \--disable-krb4 \--disable-otp \--disable-srp \--disable-srp-setpass \-with-authdaemond=/usr/local/courier-authlib/var/spool/authdaemon/socket \--with-mysql#make#make install#ln -s /usr/local/lib/sasl2 /usr/lib/sasl2#vi /etc/ld.so.conf/usr/local/lib //增加该行# ldconfig# vi /usr/local/lib/sasl2/smtpd.conf加入以下四行pwcheck_method: authdaemondlog_level: 3mech_list: PLAIN LOGINauthdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket==postfix==按装配置postfix==postfix==下载地址:/download.html==postfix==文件名:postfix-2.4.6.tar.gz==postfix==进入解压目录编译:# yum install db*-devel*# make tidy# groupadd postfix -g 54321 //如果原来系统中有该用户则不需要再建# groupadd postdrop# useradd -s /bin/false -u 54321 -g postfix -G postdrop postfix==postfix==备注,我的mysql是rpm包装的,如果是你自己源码编译的,下边mysql路径会有变化#make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_CYRUS_SASL-DUSE_SASL_AUTH -I/usr/local/include/sasl' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lm -lz -L/usr/local/lib -lsasl2'#make#make install#mv /etc/aliases /etc/aliases.old#ln -s /etc/postfix/aliases /etc/aliases#echo 'root: admin@'>>/etc/postfix/aliases#/usr/bin/newaliases#postconf -n > /etc/postfix/main2.cf#mv /etc/postfix/main.cf /etc/postfix/main.cf.old#mv /etc/postfix/main2.cf /etc/postfix/main.cf# vi /etc/postfix/main.cf==postfix==main.cf加入以下内容# hostnamemynetworks = 127.0.0.1myhostname = mydomain = myorigin = $mydomainmydestination = $mynetworks $myhostname# bannermail_name = Postfix - by smtpd_banner = $myhostname ESMTP $mail_name# response immediatelysmtpd_error_sleep_time = 0sunknown_local_recipient_reject_code = 450# extmail config herevirtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cfvirtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cfvirtual_transport = maildrop:==postfix==main.cf内容结束==postfix==以下几个文件可以通过cp /var/www/html/extsuite/extman/docs/mysql_*/etc/postfix/得到==postfix==编辑mysql_virtual_alias_maps.cfvi /etc/postfix/mysql_virtual_alias_maps.cf内容如下:user = extmailpassword = extmailhosts = localhostdbname = extmailtable = aliasselect_field = gotowhere_field = address==postfix==编辑mysql_virtual_domains_maps.cfvi /etc/postfix/mysql_virtual_domains_maps.cf内容如下:user = extmailpassword = extmailhosts = localhostdbname = extmailtable = domainselect_field = descriptionwhere_field = domain#additional_conditions = and backupmx ='0' and active ='1'==postfix==编辑mysql_virtual_mailbox_maps.cfvi /etc/postfix/mysql_virtual_mailbox_maps.cf内容如下:。
Centos 5.6搭建构建安全可靠的sendmail邮件服务器
Centos 5.6搭建构建安全可靠的sendmail邮件服务器测试所用域名: Sendmail是UNIX/Linux环境中稳定性较好的一款邮件服务器软件,通过对Sendmail服务器的配置可以实现基本的邮件转发功能;dovecot服务器实现了POP3协议,可以与Sendmail 服务器协作工作,实现用户对邮件的收取功能;OpenWebmail是网页形式的邮件应用系统,可实现用户对邮件的发送、收取和管理功能。
通过对Sendmail、dovecot和penWebmail的综合管理,系统管理员可以构建出功能完美的邮件应用系统。
本次试验需求: (1)DNS域名解析;(2)SMTP认证功能; (3)pop3服务的配置; (4)用户别号,及群发邮件的功能; (5)sendmail结合apache和openwebmail实现网页收发邮件功能. 一.试验前的预备工作为了便利相关软件包的安装,我先搭建好本地YUM源。
我们先挂载好安装光盘: [root@mail ~] mount /dev/sda2 on / type t3 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/sda1 on /boot type ext3 (rw) tmpfs on /dev/shm type tmpfs (rw) none on /proc/sys/fs/bin_misc type binfmt_misc (rw) nrpc on /var/lib/nfs/rpc_pipefs typerpc_pipefs (rw) /dev/hdc on /mia type iso9660 (ro) 1. [root@mail mail] /etc/yum.repos.d 2. [root@mail yum.repos.d] vi CentOS-Media.repo [c5-media] name=CentOS-$releasever - Media baseurl=:///media/ gpgcheck=1 d=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 修改成以上内容,保存退出! 3. [root@mail yum.repos.d] CentOS-Base.repo CentOS-Base.repo.bak 4. [root@mail mail] yum clean all 通过这几步容易的修改,本地YUM源就搭建好了!开头下面的试验. 二.DNS 环境搭建 1.安装DNS前先修改主机名 dns可以单独作为服务器也可以与sendmail同一台服务器!这里我将他们都安装在同一台服务器中!可以通过修改 /etc/hosts 和 /etc/sysconfig/network 两个文件更改主机域名。
邮件服务器解决方案
邮件服务器解决方案概述:邮件服务器是一种用于发送、接收和存储电子邮件的服务器软件。
它是现代通信中不可或者缺的一部份,能够提供高效、安全和可靠的电子邮件服务。
本文将详细介绍邮件服务器解决方案的标准格式,包括架构设计、功能要求、安全性、性能优化和可扩展性等方面。
一、架构设计:1. 邮件服务器的架构应采用分层设计,包括前端和后端两个主要组件。
2. 前端组件负责接收和发送邮件,包括SMTP(Simple Mail Transfer Protocol)服务器和POP3(Post Office Protocol 3)/IMAP(Internet Message Access Protocol)服务器。
3. 后端组件负责存储和管理邮件,包括邮件存储数据库和邮件索引服务器。
4. 前端和后端组件之间通过适当的协议进行通信,确保数据的安全传输和高效处理。
二、功能要求:1. 邮件服务器应支持多用户和多域名的管理,能够为不同用户提供独立的邮件服务。
2. 支持发送和接收不同类型的邮件,包括纯文本邮件、HTML格式邮件和附件邮件等。
3. 提供用户管理功能,包括用户注册、登录、密码重置和账户管理等。
4. 支持邮件过滤和垃圾邮件过滤功能,确保用户收到的邮件是安全可信的。
5. 提供邮件搜索和归档功能,方便用户快速查找和管理邮件。
三、安全性:1. 邮件服务器应采用安全的传输协议,如SSL(Secure Sockets Layer)或者TLS(Transport Layer Security),保护邮件在传输过程中的安全性。
2. 支持用户身份验证机制,确保惟独授权用户才干发送和接收邮件。
3. 实施访问控制策略,限制非法用户对邮件服务器的访问。
4. 定期进行安全漏洞扫描和补丁更新,确保邮件服务器的安全性。
四、性能优化:1. 邮件服务器应具备高并发处理能力,能够同时处理大量的邮件请求。
2. 采用合适的存储方案,如使用高性能的数据库和分布式文件系统,以提高邮件的存储和检索速度。
CenTOS 5下面用自带的RPM包安装基于Postfix的邮件系统(MySQL)
CenTOS 5下面用自带的RPM包安装基于Postfix的邮件系统(MySQL) (Postfix+Mysql+Dovecot+Extmail+Extman+Mailscanner+Spamassassin+Clamav) Author:汪洋Nickname:ruochen / ruochen0926Date:20070927Version:1.0Contact: E-Mail:ruochen0926(at) QQ:967409Blog:/Note:参考了网上很多网友的帖子,都比较零散,不一一列出,如果在安装或者使用过程中有疑问,请到我的blog跟帖,我会尽快回复目录:目标:配置一个功能齐全的Mail系统1)安装需要的软件包2)DNS相关配置2.1)建立正向反向和MX记录2.2)测试DNS配置3)安装Postfix4)配置Postfix4.1)配置Postfix的主配置文件 /etc/postfix/main.cf4.2)配置Postfix虚拟用户的配置文件5)配置dovecot (IMAP/IMAPS/POP3/POP3S)5.1)配置dovecot的主配置文件/etc/dovecot.conf5.2)配置dovecot的mysql认证配置文件6)测试发信认证及收信6.1)LOGIN登录测试6.2)pop3收信测试7)安装Extmail-1.0.27.1)解压安装7.2)修改Extmail主配置文件7.3)APACHE相关配置7.4)Extmail依赖关系的解决8)安装Extman-0.2.28.1)解压安装8.2)修改Extman的主配置文件8.3)APACHE相关配置9)开启Apache/Mysql/Bind,并让他们自启动10)安装反垃圾SpamAssassin11)安装反病毒Clamav12)安装MailScanner1)安装需要的软件包Mysql部分[root@mailtest /]# rpm -qa|grep mysql mysql-connector-odbc-3.51.12-2.2 mysql-devel-5.0.22-2.1mysql-server-5.0.22-2.1mod_auth_mysql-3.0.0-3.1php-mysql-5.1.6-15.el5mysql-5.0.22-2.1libdbi-dbd-mysql-0.8.1a-1.2.2Http部分[root@mailtest /]# rpm -qa|grep http httpd-2.2.3-6.el5.centos.1Php部分[root@mailtest /]# rpm -qa|grep phpphp-mysql-5.1.6-5.el5php-5.1.6-5.el5php-mbstring-5.1.6-5.el5php-common-5.1.6-5.el5php-cli-5.1.6-5.el5php-pdo-5.1.6-5.el5php-gd-5.1.6-5.el5Perl部分[root@mailtest noarch]# rpm -qa|grep perl perl-HTML-Tagset-3.10-2.1.1perl-Digest-HMAC-1.01-15perl-HTML-Parser-3.56-1perl-Sys-Hostname-Long-1.4-1perl-Net-DNS-0.59-1.fc6perl-XML-SAX-0.14-5perl-IO-stringy-2.108-1perl-DBI-1.56-1perl-5.8.8-10mod_perl-2.0.2-6.1perl-Socket6-0.19-3.fc6perl-IO-Socket-INET6-2.51-2.fc6perl-IO-String-1.08-1.1.1perl-Convert-ASN1-0.20-1.1perl-TimeDate-1.16-3perl-MIME-tools-5.420-1perl-DBD-SQLite-1.13-1perl-BSD-Resource-1.28-1.fc6.1perl-DBD-MySQL-3.0007-1.fc6perl-IO-Zlib-1.04-4.2.1perl-Digest-SHA1-2.11-1.2.1perl-Archive-Tar-1.30-1.fc6perl-IO-Socket-SSL-1.01-1.fc6perl-LDAP-0.33-3.fc6perl-libwww-perl-5.805-1.1.1perl-MailTools-1.71-1perl-Convert-TNEF-0.17-1perl-Filesys-Df-0.90-1perl-URI-1.35-3perl-Compress-Zlib-1.42-1.fc6perl-Net-IP-1.25-2.fc6perl-XML-NamespaceSupport-1.09-1.2.1perl-Net-CIDR-0.11-1perl-Archive-Zip-1.16-1perl-String-CRC32-1.4-2.fc6perl-Net-SSLeay-1.30-4.fc6perl-Convert-BinHex-1.119-2Spamassassin部分[root@mailtest /]# rpm -qa|grep spamassassin spamassassin-3.1.7-4.el5Dovecot部分[root@mailtest /]# rpm -qa|grep dovecot dovecot-1.0-1.2.rc15.el5 #imap imaps pop3 pop3s Cyrus-sasl部分[root@mailtest /]# rpm -qa|grep cyrus-saslcyrus-sasl-lib-2.1.22-4cyrus-sasl-plain-2.1.22-4cyrus-sasl-devel-2.1.22-4cyrus-sasl-2.1.22-4cyrus-sasl-md5-2.1.22-4cyrus-sasl-sql-2.1.22-4Spamassassin所依赖的包perl-Archive-Tar-1.30-1.fc6.noarch.rpmperl-IO-Socket-SSL-1.01-1.fc6.noarch.rpmperl-Compress-Zlib-1.42-1.fc6.i386.rpmperl-IO-Zlib-1.04-4.2.1.noarch.rpmperl-Digest-HMAC-1.01-15.noarch.rpm perl-Net-DNS-0.59-1.fc6.i386.rpmperl-Digest-SHA1-2.11-1.2.1.i386.rpmperl-Net-IP-1.25-2.fc6.noarch.rpmperl-HTML-Parser-3.55-1.fc6.i386.rpmperl-Net-SSLeay-1.30-4.fc6.i386.rpmperl-HTML-Tagset-3.10-2.1.1.noarch.rpmperl-Socket6-0.19-3.fc6.i386.rpmperl-IO-Socket-INET6-2.51-2.fc6.noarch.rpmPostfix所依赖的包db4-devel-4.3.29-9.fc6.i386.rpme2fsprogs-devel-1.39-8.el5.i386.rpmkrb5-devel-1.5-17.i386.rpmzlib-devel-1.2.3-3.i386.rpmopenssl-devel-0.9.8b-8.3.el5.i386.rpmmysql-devel-5.0.22-2.1.i386.rpmcyrus-sasl-devel-2.1.22-4.i386.rpmgcc所依赖的包libgomp-4.1.1-52.el5.i386.rpmgcc-4.1.1-52.el5.i386.rpm其他软件包perl-libwww-perl-5.805-1.1.1.noarch.rpmavahi-compat-howl-0.6.16-1.el5.i386.rpmopenldap-servers-sql-2.3.27-5.i386.rpmperl-LDAP-0.33-3.fc6.noarch.rpmkernel-devel-2.6.18-8.el5.i686.rpmelfutils-libelf-0.125-3.el5.i386.rpmelfutils-libelf-devel-0.125-3.el5.i386.rpmrpm-build-4.4.2-37.el5.i386.rpm建议安装与系统管理相关的两个包nmap-4.11-1.1.i386.rpmsysstat-7.0.0-3.el5.i386.rpm下面的两个软件包用于clamav的数字签名gmp-devel-4.1.4-10.el5gmp-4.1.4-10.el52)DNS相关配置2.1)建立正向反向和MX记录[root@mailtest ~]# cat /var/named/named.test.hk$TTL 86400@ IN SOA test.hk. test1.test.hk ( 1997022700 ; Serial28800 ; Refresh14400 ; Retry3600000 ; Expire86400 ) ; MinimumIN NS mailtesttest.hk. IN MX 5 mail.test.hk.mail IN A 10.10.119.204mailtest IN A 10.10.119.204[root@mailtest ~]# cat /var/named/named.10.10.119$TTL 86400@ IN SOA test.hk. test1.test.hk (1997022700 ; Serial28800 ; Refresh14400 ; Retry3600000 ; Expire86400 ) ; MinimumIN NS mailtest204 IN PTR mail.test.hk.204 IN PTR mailtest.test.hk.[root@mailtest ~]# hostnamemailtest.test.hk2.2)测试DNS配置[root@mailtest ~]# nslookup mail.test.hkServer: 10.10.119.204Address: 10.10.119.204#53Name: mail.test.hkAddress: 10.10.119.204[root@mailtest ~]# nslookup mailtest.test.hkServer: 10.10.119.204Address: 10.10.119.204#53Name: mailtest.test.hkAddress: 10.10.119.204[root@mailtest ~]# nslookup 10.10.119.204Server: 10.10.119.204Address: 10.10.119.204#53204.119.10.10.in-addr.arpa name = mail.test.hk.204.119.10.10.in-addr.arpa name = mailtest.test.hk.[root@mailtest ~]# ping mailtest.test.hkPING mailtest.test.hk (10.10.119.204) 56(84) bytes of data.64 bytes from mailtest.test.hk (10.10.119.204): icmp_seq=1 ttl=64 time=0.793 ms 64 bytes from mailtest.test.hk (10.10.119.204): icmp_seq=2 ttl=64 time=0.046 ms 64 bytes from mailtest.test.hk (10.10.119.204): icmp_seq=3 ttl=64 time=0.040 ms--- mailtest.test.hk ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 2002msrtt min/avg/max/mdev = 0.040/0.293/0.793/0.353 ms[root@mailtest ~]# ping mail.test.hkPING mail.test.hk (10.10.119.204) 56(84) bytes of data.64 bytes from mail.test.hk (10.10.119.204): icmp_seq=1 ttl=64 time=0.395 ms64 bytes from mail.test.hk (10.10.119.204): icmp_seq=2 ttl=64 time=0.037 ms64 bytes from mail.test.hk (10.10.119.204): icmp_seq=3 ttl=64 time=0.038 ms--- mail.test.hk ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 2001msrtt min/avg/max/mdev = 0.037/0.156/0.395/0.169 msNote:DNS的配置错误多看Bind的日志文件/var/log/messages3)安装Postfix虽然CentOS 5自带Postfix,但因为其不支持SSL及Mysql/LDAP,所以我们需要自行编译[root@mailtest /]# rpm -e sendmail --nodeps #卸载系统自带的sendmail[root@mailtest /]# groupadd postfix #添加postfix用户[root@mailtest /]# groupadd postdrop #添加postdrop组[root@mailtest /]# useradd postfix -g postfix -G postdrop -c "Postfix User" -d/dev/null -s /sbin/nologin #添加postfix用户[root@mailtest /]# mkdir -pv /tmp/postfix #建立postfix的临时目录[root@mailtest /]# chown -R postfix.postfix /tmp/postfix #给postfix的临时目录相关权限[root@mailtest /]# mkdir -pv /home/domains/ #建立虚拟邮件用户的邮件存放目录[root@mailtest /]# chown -R postfix.postfix /home/ #给虚拟邮件用户的邮件存放目录相关权限[root@mailtest /]# tar zxvf postfix-2.4.6.tar.gz #解压postfix包[root@mailtest /]# cd postfix-2.4.6 #进入postfix解压目录[root@mailtest postfix-2.4.5]# make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_TLS -DUSE_CYRUS_SASL -DUSE_SASL_AUTH -I/usr/include/sasl -DHAS_LDAP' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib -lssl -lcrypto -lsasl2 -L/usr/lib/openldap -llber -lldap'#配置编译环境支持sasl/tls/mysql/ldap.相关编译参数参考readme文件#在64bit的机器上安装,要将参数里面的lib换成lib64[root@mailtest postfix-2.4.6]# make #编译postfix[root@mailtest postfix-2.4.6]# make install #安装postfix文件到相应目录并配置Note:make install命令后的所有问题都直接敲回车键即可。
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
CentOS+Postfix+SpamAssassin打造全功能的邮件服务器原文出处:/2008/07/part-1postfixdovecotsaslprocmail.html系統使用CentOS 5.1郵件伺服器使用到的软件:PostfixDovecotSASLProcmailPostgreyMailscannerSpamassassinClamAVMailscanner-mrtgMailWatchOpenwebmailMySPAMPart-1:Postfix+Dovecot+SASL+Procmail一、移除sendmail,安裝POSFIX/etc/init.d/sendmail stopyum install postfixrpm -e sendmailchkconfig --add postfix/etc/init.d/postfix start二、安裝cyrus-saslyum install cyrus-sasl1.設定SASL啟動chkconfig saslauthd onservice saslauthd startpwcheck_method: saslauthd#mech_list: PLAIN LOGIN三、安裝Procmailyum install procmail1.設定Procmailvim /etc/procmailrcLOGFILE=/var/log/procmail/procmail.log(其餘指令依需求設定)2.建立LOG檔mkdir /var/log/procmailtouch /var/log/procmail/procmail.log chmod 644 /var/log/procmail/procmail.log3.設定logrotatevim /etc/logrotate.d/procmail/var/log/procmail/procmail.log {monthlysize=10Mrotate 5nocompress}四、安裝dovecot(pop3與imap)yum install dovecot1.編輯dovecotvim /etc/dovecot.conf啟用POP3啟用純文字驗證功能disable_plaintext_auth = no偽裝歡迎訊息login_greeting = Microsoft Exchange 2000 POP3 server version 6.0.6603.0 (ex.roc.corp) ready.2.啟動dovecotchkconfig dovecot onservice dovecot start3.變更郵件檔權限chmod a+rwxt /var/mail五、設定Postfixvim /etc/postfix/main.cf1.對所有界面服務#inet_interfaces = localhostinet_interfaces = allmail_owner = postfix2.設定主機名稱及網域設定mynetworks = 192.168.0.0/24, 127.0.0.0/8mynetworks_style = hostmyhostname = mydomain = 3.設定procmail過濾mailbox_command = /usr/bin/procmail4.設定使用SASLEX.#SMTP sasl Authsmtpd_sasl_auth_enable = yesbroken_sasl_auth_clients = yessmtpd_sasl_security_options = noanonymous#開啟 smtp 認證smtpd_sasl_auth_enable = yes#client端的相容性broken_sasl_auth_clients = yes#允許sasl認證,接收本機為最後一站的信件smtpd_recipient_restrictions = permit_sasl_authenticated permit_auth_destination rejec#允許用戶端sasl認證smtpd_client_restrictions = permit_sasl_authenticated#允許非匿名的使用者smtpd_sasl_security_options = noanonymous#sasl的本地網域smtpd_sasl_local_domain = $myhostname#阻擋網域名稱錯誤smtpd_sender_restrictions = reject_unknown_sender_domain#阻擋動態IP的主機smtpd_client_restrictions = check_client_access regexp:/etc/postfix/access設定驗證項目每個驗證項目前需空格,最後一項不加","5.針對client的ip/domain設限EX.smtpd_client_restrictions =permit_mynetworks,permit_sasl_authenticated,check_client_access hash:/etc/postfix/access,reject_rbl_client ,reject_rbl_client ,項目說明:#允許內網不必檢查permit_mynetworks,#SASL驗證permit_sasl_authenticated,#反解失敗就拒絕reject_unknown_client,#根據access清單拒絕clientcheck_client_access hash:/etc/postfix/access,(先建立/etc/postfix/access檔案,拒絕動態ip的client REJECT We can't allow dynamic IP to relay! .tw REJECT We can't allow dynamic IP to relay! REJECT We can't allow dynamic IP to relay! .tw REJECT We can't allow dynamic IP to relay! .tw REJECT We can't allow dynamic IP to relay! REJECT We can't allow dynamic IP to relay! .tw REJECT We can't allow dynamic IP to relay!postmap hash:/etc/postfix/access來建立DB)#使用正規表示式拒絕名稱中有dynamic的主機連線check_client_access regexp:/etc/postfix/access_re(請先建立 /etc/postfix/access_re/dynamic/ REJECT )#使用DNS Block List 黑名單機制reject_rbl_client ,reject_rbl_client ,6.要求寄信前要提出helo的要求smtpd_helo_required = yes7.SMTP驗證HELOEX.smtpd_helo_restrictions =permit_mynetworks,reject_invalid_hostname,check_helo_access hash:/etc/postfix/fake_helo#拒絕不正確/未知的helo domainreject_invalid_hostname,#reject_non_fqdn_hostname,#reject_unknown_hostname,#拒絕外界但是宣稱是自己domain的helocheck_helo_access hash:/etc/postfix/fake_helo(拒絕外界但是宣稱是自己domain的helo請先建立 /etc/postfix/fake_helo內容 REJECT利用#postmap hash:/etc/postfix/fake_helo建立DB)#馬上拒絕不delaysmtpd_delay_reject = no8.根據Mail from來限制EX.smtpd_sender_restrictions =permit_mynetworks,reject_non_fqdn_sender,reject_unknown_sender_domain#拒收來自於外界卻宣稱發自內部的信件#check_sender_access hash:/etc/postfix/fake_from,(建立 /etc/postfix/fake_from內容 REJECT使用 #postmap hash:/etc/postfix/fake_from)#拒絕不正確和未知的domainreject_non_fqdn_sender9.根據接收來限制EX.smtpd_recipient_restrictions =permit_mynetworks,permit_sasl_authenticated,check_policy_service unix:/var/spool/postfix/postgrey/socket, permit_auth_destination,reject_unauth_destination#有鑑於有些廣告信都是以edm@為sender header_checks = regexp:/etc/postfix/hc(建立一檔案 /etc/postfix/hc內容 /^From:.*edm@/ REJECT使用正規表示式過濾以edm@為寄件人的廣告信)10.偽裝登入POSTFIX時所顯示的訊息smtpd_banner = Welcome to Microsoft Exchange 200311.佇列儲存時間#寄出時間maximal_queue_lifetime = 5d#退信時間bounce_queue_lifetime = 5d12.每封信限制大小13.每個帳號郵箱限制大小(無限)mailbox_size_limit = 0--------------------------------------------------------------------SASL測試1.啟動saslauthd啟動/etc/rc.d/init.d/saslauthd startservice postfix reload2.測試testsaslauthd -u user -p 'password'0: OK "Success."-->成功3.相關設定檔/etc/sysconfig/saslauthd主要是MECH=shadow4.SASL驗證訊息saslauthd -vsaslauthd 2.1.19authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap5.TELNET測試telnet 25EHLO 250-PIPELINING250-SIZE 512000000250-VRFY250-ETRN250-AUTH PLAIN LOGIN250-AUTH=PLAIN LOGIN250 DSN六、七行會顯示目前的認證協定---------------------------------------------------------------------POSTFIX測試1.檢查啟動service postfix restartnetstat -tupln grep :25postfix在port 25 listen2.檢查postfix設定#postconf檢查預設值#postconf -d3.Telnet寄信Client傳送信件給Server的程序為HELO / EHLO 網域名稱MAIL FROM: 寄件者e-mailRCPT TO: 收件者e-mailDATA 信件內容然後以 . 為結束QUIT 寄信完離開Postgrey就是所謂的灰名單功能,利用垃圾郵件主機大多是"射後不理"的特性,拒絕第一次的連線,待正常郵件伺服器進行再嘗試時,才允許連線並加入白名單。