| 名称 | 用途 | 下载地址 |
| Apache (httpd-
|
Web方式管理邮件 | [url]www.apache.org[/url] |
| Php (php-
|
Php 解释器,与apache一起使用 | [url]www.php.org[/url] |
| Mysql (mysql-
|
用数据库存储用户信息 | [url]www.mysql.com[/url] |
| Postfixadmin(postfix-
|
邮件帐号后台web管理工具 | [url]http://sourceforge.net/projects/postfixadmin/[/url] |
| SASL(cyrus-sasl-
|
验证方法 | [url]http://ftp.andrew.cmu.edu/pub/cyrus-mail/[/url] |
| Authlib(courier-authlib-
|
与SASL一起做验证 | [url]http://www.courier-mta.org/download.php[/url] |
| Postfix | 邮件系统主程序 | [url]http://www.postfix.org[/url] |
| Courier-imap (courier-imap-
|
Pop3及IMAP服务 |
[url]http://www.courier-mta.org/[/url]
|
| Perl (perl-
|
解释器 | [url]http://www.cpan.org[/url] |
| Maildrop (maildrop-
|
邮件投递代理,直观的讲就是把收到的邮件转发到用户的邮箱目录 | [url]http://www.courier-mta.org/[/url] |
| Clamav (clamav-0.91.2.tar.gz) | 杀毒软件 | [url]http://www.clamav.org/[/url] |
| amavisd-new(amavisd-new-
|
扫描邮件病毒 |
[url]http://www.ijs.si/software/amavisd[/url]
|
| Spamassassin(SpamAssassin
|
防垃圾邮件 | [url]http://spamassassin.apache.org/[/url] |
| Pcre (pcre-7.2.tar.bz2) | 安装Imap需要-- Perl兼容正则表达式 | [url]http://www.pcre.org[/url] |
| Extmail (extmail-
|
webmail | [url]http://www.extmail.org[/url] |
 |
| 图 1 |
|
1、SASL
(1)列出包
rpm -qa | grep sasl
cyrus-sasl-
|
| 用户名 | 组名 | 作用 | 备注 |
| mysql | Mysql | 数据库mysql运行用户 |
|
| vmail | Vmail | Postfix虚拟邮件帐号所使用的用户及组 | uid,gid:1001,1001 |
| postfix | Postfix | Postfix主程序使用的帐号和组 |
|
|
|
Postdrop | Postfix setgid_group | setgid_group=postdrop |
| amavis | Amavis | 邮件扫描 |
|
| clamav | Clamav | 病毒扫描 |
|
| [root@mail ~]# grep postdrop /etc/postfix/main.cf setgid_group = postdrop |
cd httpd-2.2.0
./configure -prefix=/usr/local/apache -enable-so //选项prefix,enanle前面是两个"-"
make
make install 上述步骤执行完毕后,将生成目录/usr/local/apache,进入这个目录检查一下,看相关的文件和目录是否存在?下图是一个正确安装apache后的目录结构:
 |
| 图 2 |
cd mysql-5.0.41
./configure -prefix=/usr/local/mysql
make,make install //安装完成 useradd mysql
cp support-files/my-medium.cnf /etc/my.cnf
cd /usr/local/mysql
/usr/local/mysql/bin/mysql_install_db --user=mysql //初始化数据库
chown -R root .
chown -R mysql var
chgrp -R mysql . echo "/usr/local/mysql/lib/mysql">>/etc/ld.so.conf ldconfig echo "export PATH=$PATH:/usr/local/mysql/bin">>/etc/profile source /etc/profile 红色字体这几行命令如果不在此处执行的话,以后在安装courier-authlib将出现不少麻烦,切记!!设置mysql路径的目的是将来需要使用mysql-config文件. 3、php cd //进/roor目录
tar zxvf php-5.2.3.tar.gz
cd php-5.2.3 ./configure -prefix=/usr/local/php -with-apxs2=/usr/local/apache/bin/apxs -with-mysql=/usr/local/mysql //如果不先安装mysql,这一步将不能进行下去 make;make install cp php.ini-dist /usr/local/php/lib/php.ini 在配置过程中,除了指定安装目录外,还有-with-apxs2和-with-mysql这两个选项。-with-apxs2的作用是与 apache的工具apxs配合,产生模块文件到目录/usr/local/apache/modules/,同时在apache的配置文件中写入一行 "LoadModule php5_module modules/libphp5.so";
| [root@myest modules]# ll total 12212 -rw-r--r-- 1 root root 8873 Jul 30 14:55 httpd.exp -rwxr-xr-x 1 root root 12473318 Jul 31 09:29 libphp5.so |
| vi test.php<? phpinfo(); ?> |
 |
| 图 3 |
cd courier-authlib-0.59.3
./configure --with-redhat --with-authmysql=yes --with-mailuser=vmail\ --with-mailgroup=vmail --with-mysql-libs=/usr/local/mysql/lib/mysql\ --with-mysql-includes=/usr/local/mysql/include/mysql\
--prefix=/usr/local/authlib --without-stdheaderdir
make
make install
make install-configure 一般情况下,anthlib的安装应该是容易完成的。安装完成后,我们先找出配置文件中authdaemonvar的设置,这个值是干什么用的呢?它是后面SASL验证SMTP所必须的,因此需要先把它找出来,以便后面的配置能够准确无误。关于这个问题的教训,在配置sasl的时候再做说明。在我的安装中,authdaemonvar的设置如下:
| [root@mail ~]# grep "authdaemonvar" /usr/local/authlib/etc/authlib/authdaemonrc ##NAME: authdaemonvar:2 # authdaemonvar is here, but is not used directly by authdaemond. It's authdaemonvar=/usr/local/authlib/var/spool/authdaemon |
|
vi /usr/local/authlib/etc/authlib/authdaemonrc authmodulelist="authmysql" authmodulelistorig="authmysql" DEBUG_LOGIN=2 修改上面3项,其他的项保持不便。这个修改前2行表示用mysql认证模块;把DEBUG_LOGIN的值有默认的“0”改成“2”的用意是运行postfix时有更多的信息输出,通过生成的日志以帮助排错。 |
|
vi /usr/local/authlib/etc/authlib/authmysqlrc MYSQL_SERVER localhost MYSQL_USERNAME postfix MYSQL_PASSWORD postfix MYSQL_DATABASE postfix MYSQL_SOCKET /tmp/mysql.sock MYSQL_USER_TABLE mailbox #MYSQL_CRYPT_PWFIELD password MYSQL_CLEAR_PWFIELD password DEFAULT_DOMAIN sery.com MYSQL_UID_FIELD '1001' MYSQL_GID_FIELD '1001' MYSQL_LOGIN_FIELD username MYSQL_HOME_FIELD '/var/mailbox/' MYSQL_NAME_FIELD name MYSQL_MAILDIR_FIELD maildir MYSQL_QUOTA_FIELD concat(quota,’S’) MYSQL_WHERE_CLAUSE active='1' 照上面的格式修改,这是比较容易出错的地方,要特别小心。我曾经把MYSQL_USER_TABLE mailbox这一项的mailbox写成mailbov导致sasl验证一直没法通过!特别注意MYSQL_UID_FIELD和MYSQL_GID_FIELD字段的值,这里是‘1001’,也可以是其它的,但一定要与vmail用户及组相一致(id vmail可以得出这2者的值) |
cd cyrus-sasl-2.1.21
./configure --disable-anon -enable-plain --enable-login --enable-sql --with-mysql=/usr/local/mysql --with-mysql-includes=/usr/local/mysql/include/mysql --with-mysql-libs=/usr/local/mysql/lib/mysql --with-authdaemond
make
make install 如果在编译过程(make)出现错误,如“client.c:64: error: static declaration of 'global_callbacks' follows non-static declaration saslint.h:112…”,需要加一个补丁程序,然后再执行编译过程。补充:如果使用cyrus-sasl-2.1.21这个版本,则不会出现这个问题. 用vi在当前位置创建补丁文件,起名为sasl.patch,其内容包括:
|
--- cyrus-sasl-
static cmech_list_t *cmechlist; /* global var which holds the list */ -static sasl_global_callbacks_t global_callbacks; +sasl_global_callbacks_t global_callbacks; static int _sasl_client_active = 0; |
ln -s /usr/local/lib/sasl2 /usr/lib/sasl2 //sasl的安装目录是/usr/local/lib/sasl
echo "/usr/local/lib" >> /etc/ld.so.conf //指定动态连接库的位置
ldconfig //共享动态链接库生效 (2) 配置 创建文件 /usr/local/lib/sasl2/smtpd.conf,并加入如下内容:
| pwcheck_method: authdaemond mech_list: PLAIN LOGIN log_level: 3 authdaemond_path: /usr/local/authlib/var/spool/authdaemon/socket |
 |
| 图 4 |
◆安装和配置postfixadmin Postfixadmin是postfix邮件系统的web管理工具,有了这个工具,管理和维护用户帐号就方便多了。假如不用工具,就需要手动修改数据库,谁愿意这样做?安装postfixadmin比较简单,解压包postfixadmin-2.2.11.tar.gz,然后把它移动到某个目录下,其过程如下:
|
cd /root
tar zxvf postfixadmin-
|
| [root@mailserv2 postfixadmin]# pwd /var/www/postfixadmin [root@mailserv2 postfixadmin]ll total 236 drwxr-xr-x 2 vmail vmail 4096 Sep 16 16:06 ADDITIONS drwxr-xr-x 2 vmail vmail 4096 Sep 16 19:31 admin -rw-r--r-- 1 vmail vmail 1195 Sep 16 16:06 BACKUP_MX.TXT -rw-r--r-- 1 vmail vmail 10155 Sep 16 16:06 CHANGELOG.TXT -rw-r----- 1 vmail vmail 4700 Sep 16 16:14 config.inc.php -rw-r--r-- 1 vmail vmail 4694 Sep 16 16:06 config.inc.php.sample -rw-r----- 1 vmail vmail 3774 Sep 16 16:06 create-alias.php -rw-r----- 1 vmail vmail 7379 Sep 16 19:24 create-mailbox.php -rw-r--r-- 1 vmail vmail 4910 Sep 16 16:06 DATABASE_MYSQL.TXT -rw-r--r-- 1 vmail vmail 4955 Sep 16 16:06 DATABASE_PGSQL.TXT -rw-r----- 1 vmail vmail 2497 Sep 16 19:30 delete.php -rw-r----- 1 vmail vmail 1727 Sep 16 16:06 edit-active.php -rw-r----- 1 vmail vmail 3013 Sep 16 16:06 edit-alias.php -rw-r----- 1 vmail vmail 4026 Sep 16 16:06 edit-mailbox.php -rw-r----- 1 vmail vmail 25031 Sep 16 16:06 functions.inc.php drwxr-xr-x 2 vmail vmail 4096 Sep 16 16:06 images -rw-r----- 1 vmail vmail 3994 Sep 16 16:06 index.php -rw-r--r-- 1 vmail vmail 2655 Sep 16 16:06 INSTALL.TXT drwxr-xr-x 2 vmail vmail 4096 Sep 16 16:06 languages -rw-r--r-- 1 vmail vmail 1651 Sep 16 16:06 LANGUAGE.TXT -rw-r--r-- 1 vmail vmail 5375 Sep 16 16:06 LICENSE.TXT -rw-r----- 1 vmail vmail 1743 Sep 16 16:06 login.php -rw-r----- 1 vmail vmail 494 Sep 16 16:06 logout.php -rw-r----- 1 vmail vmail 869 Sep 16 16:06 main.php -rw-r--r-- 1 vmail vmail 981 Sep 16 16:06 motd-admin.txt.orig -rw-r--r-- 1 vmail vmail 262 Sep 16 16:06 motd.txt -rw-r--r-- 1 vmail vmail 262 Sep 16 16:06 motd-users.txt -rw-r----- 1 vmail vmail 4827 Sep 16 16:06 overview.php -rw-r----- 1 vmail vmail 2314 Sep 16 16:06 password.php -rwxr-xr-x 1 vmail vmail 392 Sep 16 16:08 postfix_chmod.sh -rw-r----- 1 vmail vmail 3233 Sep 16 16:06 search.php -rw-r----- 1 vmail vmail 2119 Sep 16 16:06 sendmail.php -rw-r----- 1 vmail vmail 5506 Sep 16 16:06 setup.php -rw-r----- 1 vmail vmail 4204 Sep 16 16:06 stylesheet.css -rw-r--r-- 1 vmail vmail 456 Sep 16 16:06 TABLE_BACKUP_MX.TXT -rw-r--r-- 1 vmail vmail 3737 Sep 16 16:06 TABLE_CHANGES.TXT drwxr-xr-x 2 vmail vmail 4096 Sep 16 16:06 templates -rw-r--r-- 1 vmail vmail 2303 Sep 16 16:06 UPGRADE.TXT drwxr-xr-x 2 vmail vmail 4096 Sep 16 16:06 users -rw-r----- 1 vmail vmail 1949 Sep 16 16:06 variables.inc.php -rw-r----- 1 vmail vmail 1965 Sep 16 16:06 viewlog.php drwxr-xr-x 2 vmail vmail 4096 Sep 16 16:06 VIRTUAL_VACATION |
|
[root@mailserv2 postfixadmin]# more config.inc.php
//
// Postfix Admin
// by Mischa Peters
// Postfix Admin Path // Set the location to your Postfix Admin installation here. $CONF['postfix_admin_url'] = ''; $CONF['postfix_admin_path'] = ''; // Language config // Language files are located in './languages'. $CONF['default_language'] = 'cn'; // Database Config // mysql = MySQL 3.23 and 4.0 // mysqli = MySQL 4.1 // pgsql = PostgreSQL $CONF['database_type'] = 'mysql'; $CONF['database_host'] = 'localhost'; $CONF['database_user'] = 'postfixadmin'; $CONF['database_password'] = 'postfixadmin'; $CONF['database_name'] = 'postfix'; $CONF['database_prefix'] = ''; …………………………省略若干………………………………………. // Mailboxes // If you want to store the mailboxes per domain set this to 'YES'. // Example: /usr/local/virtual/domain.tld/username@domain.tld $CONF['domain_path'] = 'YES'; // If you don't want to have the domain in your mailbox set this to 'NO'. // Example: /usr/local/virtual/domain.tld/username $CONF['domain_in_mailbox'] = 'NO'; …………………………省略若干………………………………………. // Default Domain Values // Specify your default values below. Quota in MB. $CONF['aliases'] = '1000'; $CONF['mailboxes'] = '1000'; $CONF['maxquota'] = '1000'; …………………………省略若干………………………………………. // Quota // When you want to enforce quota for your mailbox users set this to 'YES'. $CONF['quota'] = 'NO'; // You can either use '1024000' or '1048576' $CONF['quota_multiplier'] = '1024000'; …………………………省略若干………………………………………. ?> |
|
[root@mailserv2 postfixadmin]# more create-mailbox.php
//
// Postfix Admin
// by Mischa Peters
|
| [root@mailserv2 postfixadmin]# vi delete.php ……………………………………….省略很多……………………………… require ("./variables.inc.php"); require ("./config.inc.php"); require ("./functions.inc.php"); include ("./languages/" . check_language () . ".lang"); $SESSID_USERNAME = check_session(); ……………………………………….省略很多……………………………… $result = db_query ("SELECT * FROM mailbox WHERE username='$fDelete' AND domain='$fDomain'"); $userarray=explode("@",$fDelete); $user=$userarray[0]; $domain=$userarray[1]; system("sudo /usr/sbin/maildirdel.sh $domain $user"); ……………………………………….省略很多……………………………… ?> |
 |
| 图 5 |
| [root@mailserv2 ~] # cd /var/www/postfixadmin [root@mailserv2 ~] # mysql -u root < DATABASE_MYSQL.TXT |
| Alias /postfixadmin /var/www/postfixadmin
<Directory /var/www/postfixadmin>
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "/var/www/postfixadmin/admin"> AuthType Basic Options None AllowOverride None Order allow,deny Allow from all AuthName "sery.mail Access" AuthUserFile /usr/local/apache/conf/htpasswd Require valid-user </Directory> |
 |
| 图 6 |
 |
| 图 7 |
[root@mailserv2 ~]# tar zxvf postfix-2.2.11.tar.gz
[root@mailserv2 ~]# cd postfix-2.2.11
[root@mailserv2 postfix-2.2.11]# make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH -I/usr/local/include/sasl' 'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient -lz -lm -L/usr/local/lib -lsasl2' 如果没有意外,make这一步很快就执行完了,接下来就是安装,使用的命令是: [root@mailserv2 postfix-2.2.11]# make install 程序先自动执行一阵子,然后会进入交互状态,等待用户的输入,一般情况下,一路回车即可完成所有的安装。 (2)配置postfix。Postfix有本身有2个需要修改的配置文件/etc/postfix/main.cf和/etc/postfix/master.cf,因为我们要用mysql虚拟帐号,因此需要手动加一些配置文件,下面挨个来做这些配置。 ①main.cf。这个文件有很多行注释,察看起来不是很方便,先用命令 [root@mailserv2 postfix]# sed -n '/^#/!p' /etc/postfix/main.cf > /etc/postfix/main.cf.new 去掉注释行并生成新文件/etc/postfix/main.cf.new,然后再把它覆盖到 /etc/postfix/main.cf (cp /etc/postfix/main.cf.new /etc/postfix/main.cf)。修改后的文件如下所示: [root@mailserv2 postfix]# more main.cf
|
config_directory = /etc/postfixreadme_directory = nosample_directory = /etc/postfixsendmail_path = /usr/sbin/sendmailhtml_directory = nosetgid_group = postdropcommand_directory = /usr/sbinmanpage_directory = /usr/local/mandaemon_directory = /usr/libexec/postfixnewaliases_path = /usr/bin/newaliasesmailq_path = /usr/bin/mailqqueue_directory = /var/spool/postfixmail_owner = postfix###########################################################content_filter = smtp-amavis:[127.0.0.1]:10024max_use = 10 #=====================BASE=========================myhostname = mail2.sery.commydomain = mail.sery.commyorigin = $mydomainmydestination = $myhostname localhost localhost.$mydomainmynetworks = 127.0.0.0/8 220.94.159.0/24inet_interfaces = all #=====================Vritual Mailbox settings======================virtual_mailbox_base = /var/mailboxvirtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_maps.cfvirtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql_virtual_domains_maps.cfvirtual_alias_maps = mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cfvirtual_uid_maps = static:1001virtual_gid_maps = static:1001virtual_transport = maildropmaildrop_destination_recipient_limit = 1maildrop_destination_concurrency_limit = 1 #====================QUOTA========================message_size_limit = 14336000virtual_mailbox_limit = 20971520virtual_create_maildirsize = yesvirtual_mailbox_extended = yesvirtual_mailbox_limit_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_limit_maps.cfvirtual_mailbox_limit_override = yesvirtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.virtual_overquota_bounce = yes #====================SASL========================broken_sasl_auth_clients = yessmtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination,permitsmtpd_sasl_auth_enable = yessmtpd_sasl_local_domain =smtpd_sasl_security_options = noanonymoussmtpd_sasl_application_name = smtpdsmtpd_banner=$myhostname ESMTP "Version not Available" alias_maps = hash:/etc/aliasesunknown_local_recipient_reject_code = 450 |
| root@mailserv2 postfix]# id vmail uid=1001(vmail) gid=1001(vmail) groups=1001(vmail) |
|
[root@mailserv2 mysql]# more mysql_virtual_alias_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
[root@mailserv2 mysql]# more mysql_virtual_domains_maps.cf user = postfix password = postfix hosts = localhost dbname = postfix table = domain select_field = description where_field = domain [root@mailserv2 mysql]# more mysql_virtual_mailbox_limit_maps.cf user = postfix password = postfix hosts = localhost dbname = postfix table = mailbox select_field = quota where_field = username [root@mailserv2 mysql]# more mysql_virtual_mailbox_maps.cf user = postfix password = postfix hosts = localhost dbname = postfix table = mailbox select_field = maildir where_field = username |
|
[root@mailserv2 postfix]# more master.cf
#
# Postfix master process configuration file. For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/local/maildrop/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Cyrus
############################################################################# # antispam # ############################################################################# smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes localhost:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o mynetworks=127.0.0.0/8 -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 |
◆Corurier-imap安装配置 Postfix只是实现邮件系统的smtp功能,pop3或imap则需要另外的软件来实现,这个软件就是courier-imap(当然也有别的软件可以选择)。 (1)安装courier-imap
| [root@mailserv2 ~]# cd
[root@mailserv2 ~]# tar jxvf courier-imap-
|
Starting Courier-IMAP server: imap pop3 ◆安装courier-maildrop Maiidrop的作用是本地投递,即把收到的邮件移动到相应的用户目录。在前面配置postfix的时候,我们已经把与maildrop相关的东西写进文件/etc/postfix/master.cf了,因此这里就不再叙述。前面的步骤我们也提到过pcre 这个软件,它是安装maildrop所必须的,所以需要先安装这个软件(如果系统不存在这个软件的话)。
| [root@mailserv2 courier-imap-
|
| [root@mailserv2 ~]# maildrop �Cv
maildro
|
| [root@mailserv2 mailbox]# more /etc/maildroprc logfile "/var/mailbox/maildrop.log" to "$HOME/$DEFAULT" |
| [root@mailserv2 mailbox]# tail maildrop.log Date: Sat Oct 6 12:45:20 2007 From: "Saundra Y. Echols" <saundra@MS13.HINET.NET> Subj: No girls laugh at me now, haha, i laugh at them File: /mail/mailbox//sery.com/magazine/ (3355) |
|
[root@mailserv2 ~]# more /usr/sbin/maildirmake.sh
#!/bin/bash
set -e
if [ ! -d /var/mailbox/$1 ]
then
mkdir /var/mailbox/$1
fi
chown -R vmail:vmail /var/mailbox/$1
cd "/var/mailbox/$1"
/usr/local/imap/bin/maildirmake $2
mkdir /var/mailbox/$1/$2/Maildir
chown -R vmail:vmail /var/mailbox/$1/$2
[root@mailserv2 ~]# more /usr/sbin/maildirdel.sh #!/bin/bash rm -rf /var/mailbox/$1/$2 |
| [root@mailserv2 ~]# useradd clamav [root@mailserv2 ~]# cd [root@mailserv2 ~]# cd clamav-0.91.2 [root@mailserv2 ~]# ./configure --prefix=/usr/local/clamav --with-dbdir=/usr/local/share/clamav --disable-zlib-vcheck [root@mailserv2 ~]# make [root@mailserv2 ~]# make install |
| [root@mailserv2 ~]# more /usr/local/clamav/etc/freshclam.conf | sed -n '/^#/!p'
DatabaseDirectory /usr/local/share/clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose yes
LogSyslog yes
LogFacility LOG_MAIL
DatabaseOwner amavis
DatabaseMirror db.CN.clamav.net
DatabaseMirror database.clamav.net [root@mailserv2 ~]# more /usr/local/clamav/etc/clamd.conf | sed -n '/^#/!p' LogFile /var/log/clamav/clamd.log LogSyslog yes LogVerbose yes PidFile /var/run/clamav/clamd.pid DatabaseDirectory /usr/local/share/clamav LocalSocket /var/run/clamav/clamd.socket StreamMaxLength |
| [root@mailserv2 ~]# more /root/clamav.sh
#!/bin/bash
# create directory for clamav
mkdir /var/log/clamav chmod -R 744 /var/log/clamav chown -R amavis:amavis /var/log/clamav chown -R amavis.amavis /usr/local/share/clamav mkdir /var/run/clamav chmod 700 /var/run/clamav chown amavis.amavis /var/run/clamav |
| [root@mailserv2 ~]# more /root/amavis.sh
#!/bin/bash
cd /root
tar amavisd-new-2.5.2.tar.gzcd amavisd-new-2.5.2mkdir -p /var/amavis /var/amavis/tmp /var/amavis/var /var/amavis/db chown -R amavis:amavis /var/amavis chmod -R 750 /var/amavis cp amavisd /usr/local/sbin/ chown root /usr/local/sbin/amavisd chmod 755 /usr/local/sbin/amavisd cp amavisd.conf /etc/ chown root /etc/amavisd.conf chmod 644 /etc/amavisd.conf mkdir /var/virusmails chown amavis:amavis /var/virusmails chmod 750 /var/virusmails |
| $max_servers=8; $daemon_user = 'amavis'; $daemon_group = 'amavis'; $mydomain = 'sery.com'; $db_home = "$MYHOME/db"; $inet_socket_port = 10024; $sa_tag_level_deflt = -100; $sa_tag2_level_deflt = 6.3; $sa_kill_level_deflt = $sa_tag2_level_deflt; $virus_admin = "virusalert@$mydomain"; $sa_spam_subject_tag = '***SPAM*** '; $notify_method = $forward_method; $forward_method = 'smtp:127.0.0.1:10025'; $final_virus_destiny = D_DISCARD; $final_banned_destiny = D_DISCARD; $final_spam_destiny = D_PASS; ['ClamAV-clamd', &ask_daemon, ["CONTSCAN {}n", "/var/run/clamav/clamd.socket"], qr/bOK$/, qr/bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], |
| [root@mailserv2 ~]# cd [root@mailserv2 ~]# tar zxvf BerkeleyDB-0.32.tar.gz [root@mailserv2 ~]# cd BerkeleyDB-0.32 [root@mailserv2 ~]# perl Makefile.PL [root@mailserv2 ~]# make [root@mailserv2 ~]# make install |
| DirectoryIndex index.html index.php index.cgi
ScriptAlias /extmail/cgi/ /var/www/extsuite/extmail/cgi/
<Directory "/var/www/extsuite/extmail/cgi">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
Alias /extmail /var/www/extsuite/extmail/html <Directory /var/www/extsuite/extmail/html> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> |
 |
| 图 8 |
| [root@mailserv2 extmail]# more webmail.cf
# sys_config, the config file and webmail programe root
SYS_CONFIG = /var/www/extsuite/extmail/
# sys_langdir, the i18n dir SYS_LANGDIR = /var/www/extsuite/extmail/lang # sys_templdir, the template dir SYS_TEMPLDIR = /var/www/extsuite/extmail/html # sys_warn, show system warning or not, default to yes SYS_SHOW_WARN = 0 # sys_permit_noquota, permit an account without qouta? SYS_PERMIT_NOQUOTA = 1 # sys_sess_dir, the session dir SYS_SESS_DIR = /tmp/ # sys_log_on = 1 | 0 - enable logging or not SYS_LOG_ON = 1 # sys_log_type = file|syslog|nsyslog, syslog will save login # or error info into mail.*, nsyslog is a replacement to syslog # that will send log message to network syslogd SYS_LOG_TYPE = syslog # sys_log_file - path to log file, if sys_log_type = file SYS_LOG_FILE = /var/log/extmail.log # sys_sess_timeout, session timeout, default 3 hours (3h) format: # number+(s|m|h|d|M|y); or only number, the 0 means that the # session will last for 0 seconds, but if you specify the # sys_sess_cookie_only = 1 then it means the session will expire # after you close your browser :) SYS_SESS_TIMEOUT = 0 # sys_sess_cookie_only = 0|1 use cookie only or include cgi "sid" # parameter ? if set to true(1), the session will be expired after # sys_sess_timeout if there is no any active request from browser SYS_SESS_COOKIE_ONLY = 1 # sys_user_psize, user default page_size SYS_USER_PSIZE = 10 # sys_user_tsize, user mail subject truncate size, valid type: # auto => full text # screen1 => 800x600 # screen2 => 1024x768 # screen3 => 1280x1024 SYS_USER_SCREEN = auto # sys_user_lang, user default language SYS_USER_LANG = en_US # sys_user_template, user default template SYS_USER_TEMPLATE = default # sys_user_charset, user default charset SYS_USER_CHARSET = utf-8 # sys_user_trylocal, user default outgoing encoding mechanism SYS_USER_TRYLOCAL = 1 # sys_user_timezone, user default timezone SYS_USER_TIMEZONE = +0800 # sys_user_* default parameters SYS_USER_CCSENT = 0 SYS_USER_SHOW_HTML = 1 SYS_USER_COMPOSE_HTML = 1 SYS_USER_CONV_LINK =1 SYS_USER_ADDR2ABOOK = 1 # sys_min_pass_len, minimal password length, default 2 SYS_MIN_PASS_LEN = 2 # sys_mfilter_on, default is off SYS_MFILTER_ON = 1 # sys_netdisk_on, default is off SYS_NETDISK_ON = 0 # sys_debug_on, default is off SYS_DEBUG_ON = 0 # sys auth type, mysql/ldap/authlib SYS_AUTH_TYPE = mysql # maildir_base, the base dir of user maildir, use absolute path # if not set. SYS_MAILDIR_BASE = /var/mailbox # sys_auth_schema, vpopmail1/vpopmail2/virtual # vpopmail1 => all user accounts in one table # vpopmail2 => accounts in per domain table SYS_AUTH_SCHEMA = virtual # crypt_type, the default encrypt type of password, possible type # currently is crypt|cleartext|plain|md5|md5crypt|plain-md5|ldap-md5|sha|sha1 SYS_CRYPT_TYPE = md5crypt # if mysql, all relate parameters should prefix as SYS_MYSQL SYS_MYSQL_USER = postfix SYS_MYSQL_PASS = postfix SYS_MYSQL_DB = postfix SYS_MYSQL_HOST = localhost SYS_MYSQL_SOCKET = /tmp/mysql.sock # table name SYS_MYSQL_TABLE = mailbox SYS_MYSQL_ATTR_USERNAME = username SYS_MYSQL_ATTR_DOMAIN = domain SYS_MYSQL_ATTR_PASSWD = password # sys_mysql_attr_clearpw - attribute to save clear password, useful for # postmaster withdraw the original passwd if the end user forgot, but # we highly recommend that you don't enable it for security reason # SYS_MYSQL_ATTR_CLEARPW = clearpwd SYS_MYSQL_ATTR_QUOTA = quota SYS_MYSQL_ATTR_NDQUOTA = netdiskquota SYS_MYSQL_ATTR_HOME = homedir SYS_MYSQL_ATTR_MAILDIR = maildir # service enable/disable attributes # comment them out if you don't want their function SYS_MYSQL_ATTR_DISABLEWEBMAIL = disablewebmail SYS_MYSQL_ATTR_DISABLENETDISK = disablenetdisk SYS_MYSQL_ATTR_ACTIVE = active # if ldap, all relate parameters should prefix as SYS_LDAP SYS_LDAP_BASE = o=extmailAccount,dc=example.com SYS_LDAP_RDN = cn=Manager,dc=example.com SYS_LDAP_PASS = secret SYS_LDAP_HOST = localhost # ldif attributes SYS_LDAP_ATTR_USERNAME = mail SYS_LDAP_ATTR_DOMAIN = virtualDomain SYS_LDAP_ATTR_PASSWD = userPassword # sys_ldap_attr_clearpw - attribute to save clear password, useful for # postmaster withdraw the original passwd if the end user forgot, but # we highly recommend that you don't enable it for security reason # SYS_LDAP_ATTR_CLEARPW = clearPassword SYS_LDAP_ATTR_QUOTA = mailQuota SYS_LDAP_ATTR_NDQUOTA = netdiskQuota SYS_LDAP_ATTR_HOME = homeDirectory SYS_LDAP_ATTR_MAILDIR = mailMessageStore # service enable/disable attributes # comment them out if you don't want their function SYS_LDAP_ATTR_DISABLEWEBMAIL = disablewebmail SYS_LDAP_ATTR_DISABLENETDISK = disablenetdisk SYS_LDAP_ATTR_ACTIVE = active # if authlib, all relate parameters should prefix as AUTHLIB SYS_AUTHLIB_SOCKET = /usr/local/authlib/var/spool/authdaemon/socket # Global Abook support # sys_g_abook_type, global abook type, valid is ldap|file, currently # only support ldap, file module is under development :-) SYS_G_ABOOK_TYPE = file # if ldap, all relate parameters should prefix as SYS_G_ABOOK_LDAP SYS_G_ABOOK_LDAP_HOST = localhost SYS_G_ABOOK_LDAP_BASE = ou=AddressBook,dc=example.com SYS_G_ABOOK_LDAP_ROOTDN = cn=Manager,dc=example.com SYS_G_ABOOK_LDAP_ROOTPW = secret SYS_G_ABOOK_LDAP_FILTER = objectClass=OfficePerson # if file, all relate parameters should prefix as SYS_G_ABOOK_FILE SYS_G_ABOOK_FILE_PATH = /var/www/extsuite/extmail/globabook.cf SYS_G_ABOOK_FILE_LOCK = 1 SYS_G_ABOOK_FILE_CONVERT = 0 SYS_G_ABOOK_FILE_CHARSET = utf-8 |
|
<TR>
<TD><%domain%></TD>
<TD><select name="domain" size="1" class="input_select"></option><option value="mail.sery.com">mail.sery.com</option><optionvalue="sery.com">sery.com</option></select><!--<INPUT TYPE="text" class="input_n" NAME="domain">--></TD>
</TR>
|
 |
| 图 9 |
|
################ normal services ############################
/usr/local/apache/bin/apachectl start
/usr/local/mysql/bin/mysqld_safe --user=mysql&
/usr/local/authlib/sbin/authdaemond start
############## postfix relatively ########################### postfix start /usr/local/imap/sbin/imapd start ################ antivirus and antispam ##################### /usr/bin/spamd --daemonize --pidfile /var/run/spamd.pid /usr/local/sbin/amavisd start /usr/local/clamav/sbin/clamd |
| [root@mailserv2 extmail]# crontab -l 0 0 1 * * root wget -N -P /usr/share/spamassassin [url]www.ccert.edu.cn/spam/sa/Chinese_rules.cf;kill[/url] -HUP `cat /var/run/spamd.pid` 00 00 * * * /usr/local/clamav/bin/freshclam |
| [root@mailserv2 virusalert]# more /usr/local/bin/data_backup.sh
#!/bin/bash
BackupPath=/var/data_bk
Mysql_bk_dir=$BackupPath/mysqlbk
Mail_bk_dir=$BackupPath/mailbk
LogFile=$BackupPath/backuplog
MailBoxDir=/var/mailbox
##################################################################### define mysql variables # ####################################################################NewFile="$Mysql_bk_dir"/postfix$(date +%Y%m%d).tgz DumpFile="$Mysql_bk_dir"/postfix$(date +%Y%m%d).sql OldFile="$Mysql_bk_dir"/postfix$(date +%Y%m%d --date='5 days ago').tgz DbUser=root DbPasswd=husb^R DbName=postfix ##################################################################### mysql backup proccess # ####################################################################echo "-------------------------------------------" >> $LogFile echo $(date +"%y-%m-%d %H:%M:%S") >> $LogFile echo "--------------------------" >> $LogFile #Delete Old File if [ -f $OldFile ] then rm -f $OldFile >> $LogFile 2>&1 echo "[$OldFile]Delete Old File Success!" >> $LogFile else echo "[$OldFile]No Old Backup File!" >> $LogFile fi if [ -f $NewFile ] then echo "[$NewFile]The Backup File is exists,Can't Backup!" >> $LogFile else cd $Mysql_bk_dir /usr/local/mysql/bin/mysqldump -u $DbUser -p$DbPasswd --opt $DbName > $DumpFile tar czf $NewFile postfix$(date +%Y%m%d).sql >> $LogFile 2>&1 echo "[$NewFile]Backup Success!" >> $LogFile rm -rf $DumpFile fi ####################################################################### backup mail's user directories and files # ######################################################################MailFileBk=$Mail_bk_dir/mail$(date +%Y%m%d).tgz OldMailFileBk=$Mail_bk_dir/mail$(date +%Y%m%d --date='14 days ago').tgz if [ -f $OldMailFileBk ] then rm -rf $OldMailFileBk fi if [ -f $MailFileBk ] then echo "[$MailFileBk]The Backup File is exists,Can't Backup!" >> $LogFile else cd /mail tar czf $MailFileBk mailbox >> $LogFile 2>&1 fi echo "-------------------------------------------" >> $LogFile |
| [root@mailserv2 ~]# crontab -l 0 0 1 * * root wget -N -P /usr/share/spamassassin [url]www.ccert.edu.cn/spam/sa/Chinese_rules.cf;kill[/url] -HUP `cat /var/run/spamd.pid` 00 01 * * * /usr/local/bin/data_backup.sh 00 00 * * * /usr/local/clamav/bin/freshclam |
| [root@mailserv2 ~]# more /usr/local/bin/kernel_optimize
#!/bin/bash
#kernel optimize optimize ,create by
#enable broadcast echo protection echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts #disble source routed packets #for f in /proc/sys/net/ipv4/conf/*/accept_source_rout; do # echo 0 > $f #done #enable tcp syn cookie protection echo 1 > /proc/sys/net/ipv4/tcp_syncookies #disable icmp redirect acceptance for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $f done #don't send redirect messages for f in /proc/sys/net/ipv4/conf/*/send_redirects; do echo 0 > $f done #drop spoofed packets for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f done #log packets with impossible addresses for f in /proc/sys/net/ipv4/conf/*/log_martians; do echo 1 > $f done |
|
[root@mailserv2 ~]# more /usr/local/bin/firewall
#!/bin/bash
#this is a common firewall created by
#define some variable IPT=/sbin/iptables CONNECTION_TRACKING="1" INTERNET="eth0" CLASS_A=" #Remove any existing rules $IPT -F $IPT -X #setting default firewall policy $IPT --policy OUTPUT ACCEPT $IPT --policy FORWARD DROP $IPT -P INPUT DROP
#stop firewall if [ "$1" = "stop" ] then echo "Filewall completely stopped!no firewall running!" exit 0 fi #setting for loopback interface $IPT -A INPUT -i lo -j ACCEPT $IPT -A OUTPUT -o lo -j ACCEPT # Stealth Scans and # Using ################################################################## # Source Address Spoofing and Other Bad Addresses # Refuse spoofed packets pretending to be from # the external interface.s IP address $IPT -A INPUT -i $INTERNET -s $IPADDR -j DROP # Refuse packets claiming to be from a Class A private network $IPT -A INPUT -i $INTERNET -s $CLASS_A -j DROP # Refuse packets claiming to be from a Class B private network $IPT -A INPUT -i $INTERNET -s $CLASS_B -j DROP # Refuse packets claiming to be from a Class C private network $IPT -A INPUT -i $INTERNET -s $CLASS_C -j DROP $IPT -A INPUT -i $INTERNET -s #enable ssh connect $IPT -A INPUT -i $INTERNET -p tcp --dport 22 -j ACCEPT $IPT -A INPUT -i $INTERNET -p tcp --dport 25 -j ACCEPT $IPT -A INPUT -i $INTERNET -p tcp --dport 80 -j ACCEPT $IPT -A INPUT -i $INTERNET -p tcp --dport 110 -j ACCEPT $IPT -A INPUT -i $INTERNET -p tcp --dport 143 -j ACCEPT $IPT -A INPUT -i $INTERNET -p tcp --dport 783 -j ACCEPT $IPT -A INPUT -i $INTERNET -p tcp -s 127.0.0.1 --dport 3306 -j ACCEPT $IPT -A INPUT -i $INTERNET -p tcp --dport 5666 -j ACCEPT $IPT -A INPUT -i $INTERNET -p tcp --dport 10024 -j ACCEPT $IPT -A INPUT -i $INTERNET -p tcp --dport 10025 -j ACCEPT $IPT -A INPUT -i $INTERNET -p udp --dport 123 -j ACCEPT $IPT -A INPUT -i $INTERNET -p icmp -j ACCEPT |
|
[root@mailserv2 ~]# more /etc/rc.local
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
touch /var/lock/subsys/local ################ normal services ############################ /usr/local/apache/bin/apachectl start /usr/local/mysql/bin/mysqld_safe --user=mysql& /usr/local/authlib/sbin/authdaemond start ############## postfix relatively ########################### postfix start /usr/local/imap/sbin/imapd start ################ antivirus and antispam ##################### /usr/bin/spamd --daemonize --pidfile /var/run/spamd.pid /usr/local/sbin/amavisd start /usr/local/clamav/sbin/clamd ############### system optimize ############################# /usr/local/bin/kernel_optimize /usr/local/bin/firewall ################### NRPE nagios remote plugin execute $$$$$$$$$ /usr/local/nrpe/bin/nrpe -c /usr/local/nrpe/etc/nrpe.cfg -d |
| mysql> use postfix; mysql> update mailbox set quota='524288000'; Query OK, 1 row affected (0.03 sec) Rows matched: 191 Changed: 1 Warnings: 0 |
 |
| 图 10 |
|
[root@mailserv2 ~]# ps auxww //部分进程快照
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
vmail 1481 0.0 1.2 12644 6568 ?
|
本文出自 “sery” 博客,转载请与作者联系!