在FreeBSD下架设安全的Mail Server及webmail
一、准备工作
1.一台服务器或可充当服务器的电脑
2.FreeBSD的安装盘,DVD格式的
二、安装步骤
1.安装FreeBSD操作系统
2.portsnap更新ports树
3.编译需要的软件
进入/usr/ports/www/nginx执行make config
选择如下
[X] FILE_AIO
[X] HTTP_MODULE
[X] HTTP_CACHE_MODULE
[X] HTTP_GZIP_STATIC_MODULE
[X] HTTP_PERL_MODULE
[X] HTTP_REALIP_MODULE
[X] HTTP_REWRITE_MODULE
[X] HTTP_SECURE_LINK_MODULE
[X] HTTP_SSL_MODULE
[X] HTTP_SUB_MODULE
[X] HTTP_XSLT_MODULE
[X] WWW
然后make install clean
进入/usr/port/lang/php52执行make config
[X] CLI
[X] CGI
[X] REDIRECT
[X] DISCARD
[X] FASTCGI
[X] FPM
[X] PATHINFO
执行make install clean
进入/usr/ports/lang/php52-extensions执行make config
[X] BZ2
[X] CALENDAR
[X] CTYPE
[X] CURL
[X] DOM
[X] FILEINFO
[X] FILTER
[X] GD
[X] GETTEXT
[X] HASH
[X] ICONV
[X] IMAP
[X] JSON
[X] MBSTRING
[X] MCRYPT
[X] MHASH
[X] MYSQL
[X] MYSQLI
[X] OPENSSL
[X] PCNTL
[X] PCRE
[X] PDO
[X] PDO_MYSQL
[X] POSIX
[X] SESSION
[X] SIMPLEXML
[X] SNMP
[X] SOCKETS
[X] SPL
[X] SYSVMSG
[X] SYSVSEM
[X] SYSVSHM
[X] TOKENIZER
[X] XML
[X] XMLREADER
[X] XMLRPC
[X] XMLWRITER
[X] XSL
[X] ZIP
[X] ZLIB
执行make install clean
进入/usr/ports/databases/mysql55-server执行make config
[X] OPENSSL
执行make install clean
进入/usr/port/mail/courier-imap执行make config
[X] AUTH_MYSQL
make install clean
进入/usr/ports/mail/postfix执行make config
[X] PCRE
[X] SASL2
[X] TLS
[X] MYSQL
[X] VDA
make install clean
进入/usr/ports/security/clamav执行make config
[X] ARC
[X] ARJ
[X] LHA
[X] UNZOO
[X] UNRAR
[X] LLVM
[X] TESTS
[X] MILTER
[X] ICONV Enable ICONV support
make install clean
进入/usr/ports/security/amavisd-new执行make config
[X] MYSQL
[X] SASL
[X] SPAMASSASSIN
[X] FILE
[X] RAR
[X] UNRAR
[X] ARJ
[X] LHA
[X] ARC
[X] CAB
[X] RPM
[X] ZOO
[X] LZOP
[X] FREEZE
[X] P7ZIP
[X] MSWORD
make install clean
进入/usr/ports/mail/p5-Mail-SpamAssassin执行make config
[X] AS_ROOT
[X] SPAMC
[X] DKIM
[X] SSL
[X] GNUPG
[X] MYSQL
执行make install clean
进入/usr/ports/mail/postfixadmin执行make config
[X] MYSQL
[X] MYSQLI
执行make install clean
软件安装工作完成,进入配置阶段,我很喜欢FreeBSD的一点就是,软件编译完成之后,所有的配置文件都会放在/usr/local/etc下,不需要你到处去找conf或者etc文件夹。
4.配置文件
重要第一步
打开/etc/rc.conf写入
nginx_enable="YES"
mysql_enable="YES"
php_fpm_enable="YES"
进入/usr/local/etc/rc.d依次执行
#./nginx start
#./mysql-server start
#./php-fpm start
配置你的nginx和php,打开你的网站,直到你看见http://localhost/postfixadmin的安装界面,安装他。
进入/usr/local/etc/postfix
打开main.cf,到文件尾加入下列代码
#======= BASE ==============
#myhostname = mail
#mydomain = raytoon.cn
home_mailbox = maildir/
#mydestination = $myhostname
#local_recipient_maps =
command_directory = /usr/local/sbin
local_transport = virtual
#======= MYSQL =============
virtual_gid_maps = static:80
virtual_mailbox_base = /data/mail/virtual
virtual_uid_maps = static:80
virtual_minimum_uid = 80
virtual_alias_maps = mysql:/usr/local/etc/postfix/virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/virtual_mailbox_maps.cf
#======= Quota ============
message_size_limit = 5242880
virtual_mailbox_limit_inbox = no
virtual_mailbox_limit_override = yes
virtual_maildir_extended = yes
virtual_mailbox_extend = yes
virtual_mailbox_limit_override = yes
virtual_create_maildirsize = yes
virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/virtual_mailbox_limit_maps.cf
virtual_mailbox_limit = 52428800
#======== SASL ================
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl2_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_delay_reject=yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_auth_destination,reject
smtpd_client_restrictions = permit_sasl_authenticated
#smtpd_sasl_local_domain = $mydomain
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
保存退出,注意80是用户和组ID,如果你的nginx用户和组ID不是80,你就需要改这两个数字新建/usr/local/etc/postfix/virtual_mailbox_limit_maps.cf
user = root
password = xxxxxxx
hosts = localhost
dbname = postfix
table = mailbox
select_field = quota
where_field = username
保存退出
新建/usr/local/etc/postfix/virtual_alias_maps.cf
user = root
password = xxxxxxx
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
保存退出
新建/usr/local/etc/postfix/virtual_domains_maps.cf
user = root
password = xxxxxxxx
hosts = localhost
dbname = postfix
table = domain
select_field = description
where_field = domain
保存退出
新建/usr/local/etc/postfix/virtual_mailbox_maps.cf
user = root
password = xxxxxxxx
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
保存退出
打开/usr/local/etc/authlib/authdaemonrc,找到authmodulelist=删除其他选项,只留authmysql,找到authmodulelistorig=删除其他,只保留authmysql。加入version="authaemond.mysql"
保存退出
打开/usr/local/etc/authlib/authmysqlrc
DEFAULT_DOMAIN your.domian
MYSQL_CRYPT_PWFIELD password
MYSQL_DATABASE postfix
MYSQL_GID_FIELD '80'
MYSQL_HOME_FIELD '/data/mail/virtual'
MYSQL_LOGIN_FIELD username
MYSQL_MAILDIR_FIELD maildir
MYSQL_NAME_FIELD name
MYSQL_OPT 0
MYSQL_PASSWORD xxxxxxxxxx
MYSQL_PORT 3306
#MYSQL_QUOTA_FIELD quota
MYSQL_SERVER 127.0.0.1
MYSQL_UID_FIELD '80'
MYSQL_USERNAME root
MYSQL_USER_TABLE mailbox
保存退出
进入/usr/local/lib/sasl2/
新建文件smtpd.conf
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path: /var/run/authdaemond/socket
保存退出
然后进入/etc,编辑rc.conf,加入
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
clamav_milter_enable="YES"
spamd_enable="YES"
sendmail_enable="NONE"
sendmail_submit_enable="NO"
sendmail_outbound_enbale="NO"
#sendmail_msp_queue_enable="NO"
postfix_enable="YES"
courier_authdaemond_enable="YES"
courier_imap_imapd_enable="YES"
courier_imap_imapd_ssl_enable="YES"
courier_imap_pop3d_enable="YES"
courier_imap_pop3d_ssl_enable="YES"
amavisd_enable="YES"
amavisd_pidfile="/var/amavis/amavisd.pid"
amavisd_ram="512m"
amavis_milter_enable="YES"
amavis_p0fanalyzer_enable="YES"
amavis_p0fanalyzer_p0f_filter="tcp dst port 25"
重启电脑,如果你不想重启,就在/etc下运行
#sh rc
#rehash
#newaliases
如果你还想使用ssl的imap或pop3,就需要用openssl生成比较合法的pem文件
5.安装webmail
进入/usr/ports/mail/atmail
执行make config
[X] MBSTRING
[X] ICONV
执行make install clean
完成,这里需要说明,atmail安装完成后,你需要去/usr/local/www/atmail下面执行#php lang.php all
然后你才能使用中文,否则你只有英文可以用。但是默认没有简体中文,只有繁体的。
imapd和postfix有任何问题可以去/var/log/maillog里面tail跟踪。