【原创】CentOS上安装带虚拟域,防病毒,反垃圾邮件的邮件服务器
[文章作者:江骏风 最后修改:2010年10月20日 转载请注明出处:http://blog.sina.com.cn/mbbjf 版本:1.0]概要:计划部署邮件服务器,参考网络众多文章,有些信息不全,有些设置比较含糊,遂自己按部就班逐一安装测试下来,根据自己的安装过程实现 虚拟域-用户,POP3,POP3S,IMAP,IMAPS,网页邮件,SMTP,SMTPS,防病毒,防垃圾邮件的邮件服务器。
目前为一台服务器安装所有软件,计划将收件和发件分离,多台发件服务器负载均衡,待日后有设备进行测试。
生产条件:虚拟机 AMD Turion Neo X2 Dual L625(1.6Ghz) 512M内存
所安装的软件: 如果复制黏贴配置,请注意自动换行问题,我是先用文本编辑器写的,会有换行问题。
安装过程需要安装软件
#yum install -y php-common php-pdo php-cli perl-IO-Zlib perl-Archive-Tar perl-Digest-SHA1 perl-Socket6 perl-IO-Socket-INET6 perl-Net-SSLeay perl-IO-Socket-SSL perl-Digest-HMAC perl-Net-IP perl-Net-DNS db4-devel e2fsprogs-devel krb5-devel zlib-devel openssl-devel mysql-devel cyrus-sasl-devel db*-devel gcc php-gd cyrus-sasl-lib cyrus-sasl-plain
cyrus-sasl-md5 cyrus-sasl-sql
1.CentOS 5.4 64位
操作系统,不多讲
2.Mysql
数据库,存储域,用户等信息。
3.Dovecot
提供POP,IMAP功能
4.Postfix
MTA,关键的东西,收发都靠它。
5.Cyrus-sasl
SMTP验证时所使用
6.Apache
HTTP,网页邮件及Postfixadmin使用的到
7.PHP
网页邮件及Postfixadmin使用
8.Postfixadmin
管理虚拟域及虚拟用户使用
9.MailScanner
调用杀毒软件和反垃圾邮件程序
10.Clamav
著名的Linux杀毒软件
11.Spamassassin
过滤垃圾邮件
12.Squirrelmail
提供Webmail
安装过程:
安装过程需要安装软件
#yum install -y php-common php-pdo php-cli perl-IO-Zlib perl-Archive-Tar perl-Digest-SHA1 perl-Socket6 perl-IO-Socket-INET6 perl-Net-SSLeay perl-IO-Socket-SSL perl-Digest-HMAC perl-Net-IP perl-Net-DNS db4-devel e2fsprogs-devel krb5-devel zlib-devel openssl-devel mysql-devel cyrus-sasl-devel db*-devel gcc php-gd cyrus-sasl-lib cyrus-sasl-plain
cyrus-sasl-md5 cyrus-sasl-sql
1.操作系统安装
系统默认安装,不选中任何软件,X-windows也不安装,具体过程请百度。
2.安装Mysql
#yum install -y mysql
#yum install -y mysql-server
#yum install -y php-mysql
#yum install -y mysql-devel
#yum install -y mysql-connector-odbc
#yum install -y mod_auth_mysql
#yum install -y libdbi-dbd-mysql
创建数据库
#mysql -u root -p //自行设置root密码
mysql>CREATE DATABASE postfix;
mysql> CREATE USER 'postfix'@'localhost' IDENTIFIED BY 'password';
mysql> GRANT ALL PRIVILEGES ON `postfix` . * TO 'postfix'@'localhost';
3.安装Dovecot
#yum install -y dovecot
编辑/etc/dovecot.conf,内容如下:
base_dir = /var/run/dovecot/
protocols = imap imaps pop3 pop3s
listen = *
ssl_disable = no
ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
login_dir = /var/run/dovecot/login
default_mail_env = maildir:/var/spool/mail/%u/
auth default {
mechanisms = plain login digest-md5 cram-md5
passdb sql {
args = /etc/dovecot-mysql.conf
}
userdb sql {
args = /etc/dovecot-mysql.conf
}
}
first_valid_uid = 501
编辑/etc/dovecot-mysql.conf 内容如下:
driver = mysql
connect = host=/var/lib/mysql/mysql.sock dbname=postfix user=postfix password=postfix
default_pass_scheme = CRYPT
password_query = SELECT password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, 500 AS uid, 500 AS gid FROM mailbox WHERE username = '%u'
生成证书(安装完openssl之后)
# mkdir /etc/ssl/certs
# mkdir /etc/ssl/private
#cd /usr/share/doc/dovecot-1.0/examples
#sh mkcert.sh
4.安装Postfix
因光盘自带和网上下载的一些RPM包不支持SSL及Mysql,所以需要自行下载源码编译安装
先删除系统自带的sendmail
#rpm -e sendmail --nodeps
#groupadd postfix
#groupadd postdrop
#useradd postfix -g postfix -c "Postfix User" -d /dev/null -s /sbin/nologin //postfix的uid和gid找到,后面有较多地方用的到,我的为500 500,此后都用这两个
#wgethttp://xxx.com/postfix-2.4.3.tar.gz //自行到官网下载Postfix源码
#tar zxvf postfix-2.4.3.tar.gz
#cd postfix-2.4.3
#make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_TLS -DUSE_CYRUS_SASL -DUSE_SASL_AUTH -I/usr/include/sasl' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib -lssl -lcrypto -lsasl2'
#make
//如果是X86_64的话,make会出错,make会去找/usr/local/mysql/lib/libmysqlclient.so,应该是找/usr/local/mysql/lib64/libmysqlclient.so
#cd /usr/lib/mysql
#mv mysql mysql.bak
#ln -s /usr/lib64/mysql /usr/lib/mysql //(给他做个软链接),然后再执行make
#cd /root/postfix-2.4.3
#make
#make install
//make install 命令后的所有问题都直接回车。
编辑/etc/postfix/main.cf 内容如下:
myhostname = mail.test.com
mydomain = test.com
myorigin = $mydomain
mydestination = $myhostname localhost localhost.$mydomain
mynetworks = 127.0.0.0/8
inet_interfaces = all
virtual_mailbox_base = /var/spool/mail
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:500
virtual_gid_maps = static:500
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination,permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner=$myhostname ESMTP "Version not Available"
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
html_directory = no
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/local/man
daemon_directory = /usr/libexec/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix
//以下内容在main.cf可选
//增加本地域发送邮件到本地域也需要验证
修改main.cf
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_sender_domain,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_unauth_destination,
permit
#列出本地用户的列表,以便验证 From: 本地域 To: 本地域
smtpd_sender_login_maps =
mysql:/usr/local/etc/postfix/mysql_virtual_sender_maps.cf,
mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
smtpd_reject_unlisted_sender = yes
#本地域向本地域发信也需要SMTP身份验证
smtpd_sender_restrictions =
reject_sender_login_mismatch,
reject_authenticated_sender_login_mismatch,
reject_unauthenticated_sender_login_mismatch
# nano mysql_virtual_sender_maps.cf 内如如下
user = postfix
password = mbb123
hosts = localhost
dbname = postfix
table = mailbox
select_field = username
where_field = username
additional_conditions = AND active = '1'
#nano mysql_virtual_alias_maps.cf内容如下
user = postfix
password = mbb123
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
additional_conditions = AND active = '1'
编辑/etc/postfix/mysql_virtual_alias_maps.cf 内容如下:
user = postfix
password = password
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
additional_conditions = AND active = '1'
编辑/etc/postfix/mysql_virtual_domains_maps.cf 内容如下:
user = postfix
password = password
hosts = localhost
dbname = postfix
table = domain
select_field = description
where_field = domain
additional_conditions = AND active = '1'
编辑/etc/postfix/mysql_virtual_mailbox_limit_maps.cf 内容如下:
user = postfix
password = password
hosts = localhost
dbname = postfix
table = mailbox
select_field = quota
where_field = username
additional_conditions = AND active = '1'
编辑/etc/postfix/mysql_virtual_mailbox_maps.cf 内容如下:
user = postfix
password = password
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
additional_conditions = AND active = '1'
配置SMTP 认证
//安装Courier authentication library
到http://www.courier-mta.org/download.php#authlib下载
# tar jxvf courier-authlib-0.58.tar.bz2
#cd courier-authlib-0.58
# ./configure --prefix=/usr/local/courier-authlib --without-authpam --without-authldap --without-authpwd --without-authshadow --without-authvchkpw --without-authpgsql--with-authmysql --with-mysql-libs=/usr/lib/mysql --with-mysql-includes=/usr/include/mysql --with-redhat--with-authmysqlrc=/usr/local/courier-authlib/etc/authmysqlrc--with-authdaemonrc=/usr/local/courier-authlib/etc/authdaemonrc CFLAGS="-march=i686 -O2 -fexpensive-optimizations" CXXFLAGS="-march=i686 -O2 -fexpensive-optimizations"
//注明,如果是64位,此处应该是
# ./configure --prefix=/usr/local/courier-authlib --without-authpam --without-authldap --without-authpwd --without-authshadow --without-authvchkpw --without-authpgsql--with-authmysql --with-mysql-libs=/usr/lib/mysql --with-mysql-includes=/usr/include/mysql --with-redhat --with-authmysqlrc=/usr/local/courier-authlib/etc/authmysqlrc--with-authdaemonrc=/usr/local/courier-authlib/etc/authdaemonrc
# make
# make install
# chmod 755 /usr/local/courier-authlib/var/spool/authdaemon/
# cp /usr/local/courier-authlib/etc/authdaemonrc.dist /usr/local/courier-authlib/etc/authdaemonrc
设置Postfix对authdaemond的权限
# chown postfix.postfix /var/spool/authdaemon/
# chown postfix.postfix /var/spool/authdaemon/socket
修改/usr/local/courier-authlib/etc/authdaemonrc 文件
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=10
编辑/usr/local/courier-authlib/etc/authmysqlrc 为以下内容,其中500,500 为postfix 用户的UID和GID。
MYSQL_SERVER localhost
MYSQL_USERNAME postfix
MYSQL_PASSWORD password
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_DATABASE postfix
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD '500'
MYSQL_GID_FIELD '500'
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD concat('/var/spool/mail/',maildir)
MYSQL_MAILDIR_FIELD concat('/var/spool/mail/',maildir)
MYSQL_NAME_FIELD name
# cp courier-authlib.sysvinit /etc/init.d/courier-authlib
# chkconfig --level 35 courier-authlib on
# chmod 755 /etc/init.d/courier-authlib
# service courier-authlib start
# cp /usr/local/courier-authlib/etc/authmysqlrc /etc/authlib
# cp /usr/local/courier-authlib/etc/authdaemonrc /etc/authlib
增加SSL功能,配置SMTPS服务
在/etc/postfix/main.cf 增加以下内容
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/smtpd.pem
smtpd_tls_CAfile = /etc/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
生成证书
#mkdir /etc/ssl
#cd /etc/ssl
# openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650
# chown postfix /var/spool/mail/
//修改 postfix支持mailscanner
# vi /etc/postfix/main.cf
变更以下的值
header_checks = regexp:/etc/postfix/header_checks
# vi /etc/postfix/header_checks
/^Received:/ HOLD
//注意, 在 / 之前不可以有空白!
5.安装Cyrus-sasl
# yum install expect
然后到http://www.thatfleminggent.com/packages/centos/5/x86_64/repoview/system_environment.daemons.group.html下载courier-autulib和courier-mysql并安装
#tar zvfx cyrus-sasl-2.1.22.tar.gz
#cd cyrus-sasl-2.1.22
#export LDFLAGS="-lpthread"
#./configure --with-mysql --enable-anon --enable-plain --enable-login --disable-krb4 --disable-otp --disable-cram --disable-digest --disable-gssapi --with-pam --with-authdaemond=/var/spool/authdaemon/socket
#make
#make install
#rm -rf /usr/lib/sasl
#rm -rf /usr/lib/sasl2
#ln -s /usr/local/lib/sasl2 /usr/lib/
#为了让postfix能找到sasl,请运行如下命令:
#echo "/usr/local/lib" >> /etc/ld.so.conf
#ldconfig
#nano /usr/lib/sasl2/smtpd.conf
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path:/var/spool/authdaemon/socket
6.安装Apache
#yum install httpd
#yum install httpd-manual
7.安装PHP
#yum install php
8.安装Postfixadmin
//下载postfixadmin源码
# tar xvf postfixadmin-2.1.0.gz
#mv postfixadmin-2.1.0 /var/www/html/postadmin
#cp /var/www/html/postadmin/config.inc.php.sample /var/www/html/postadmin/config.inc.php
#修改config.inc.php相应配置
打开浏览器访问 http://IP/postadmin,然后按提示增加虚拟域名test.com
# vi /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/postadmin" >
Options None
DirectoryIndex index.php
AllowOverride None
Order allow,deny
Allow from all
</Directory>
9.安装MailScanner
//到http://www.mailscanner.info/下载源码安装
#cd /MailScanner-4.81.4-1
#./install.sh
//配置/etc/MailScanner/MailScanner.conf 修改(此处留验证:JF)以下内容:
%org-name% = test.com
%org-long-name% = test
%web-site% = mail.test.com
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Incoming Work User = postfix
Incoming Work Group = postfix
Quarantine User = postfix
Quarantine Group = postfix
Virus Scanners = clamav
Always Include SpamAssassin Report = yes
Sign Clean Messages = no
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamAssassin Install Prefix = /usr/bin
Log speed = yes
Log Spam = yes
Log Silent Viruses = yes
Mark Unscanned Messages = no
Notify Senders = no
Phishing Modify Subject = yes
Log Dangerous HTML Tages = yes
//配置/etc/MailScanner/virus.scanner.conf 修改以下内容:
clamav /usr/lib/MailScanner/clamav-wrapper /usr/
#mkdir /var/spool/MailScanner/spamassassin /var/spool/MailScanner/.spamassassin
#chown -R postfix.postfix /var/spool/MailScanner/*
10.安装clamav
//下载clamav clamav-db clamav-devel clamd
# rpm -ivh clamav-db* clamav-0.9*
#rpm -ivh clamav-devel* clamd*
//编辑 /etc/clamd.conf修改以下内容:
ScanHTML yes
ArchiveMaxFileSize 15M
ArchiveMaxRecursion 10
ArchiveMaxFiles 1500
ClamukoScanOnOpen yes
ClamukoScanOnClose yes
ClamukoScanOnExec yes
ClamukoMaxFileSize 10M
//手动更新clamav
#freshclam
//修改定时升级clamav
#corntab -e
//增加以下内容保存退出
0 2 * * * root /usr/bin/freshclam --quiet -l /var/log/clamav/clamd.log
11.安装Spamassassin
#yum install spamassassin
12.安装Squirrelmail
#cd /var/www/html
//下载Squirrelmail源码
# tar zxvf squirrelmail-1.4.10a.tar.gz
# mv squirrelmail-1.4.10a webmail
# cd webmail/
# cd config
# ./conf.pl
//选择1进入Organization Preferences,进行编辑
1.Organization Name : test.com
2.Organization Logo : ../images/sm_logo.png
3.Org. Logo Width/Height : (308/111)
4.Organization Title : SquirrelMail $version
5.Signout Page :
6.Top Frame : _top
7.Provider link : http://mail.test.com/
8.Provider name : test
//按R退出
//选择2进入server settings,进行编辑
1.Domain : test.com
2.Invert Time : false
3.Sendmail or SMTP : SMTP
A.Update IMAP Settings : localhost:143 (other)
B.Update SMTP Settings : localhost:25
//按R退出
//选择4进入General options,进行编辑
1.Data Directory : /var/www/html/webmail/
2.Attachment Directory : /var/www/html/webmail/attach/
3.Directory Hash Level : 0
4.Default Left Size : 150
5.Usernames in Lowercase : true
6.Allow use of priority : true
7.Hide SM attributions : true
8.Allow use of receipts : true
9.Allow editing of identity : true
Allow editing of name : true
Remove username from header : false
10. Allow server thread sort : false
11. Allow server-side sorting : false
12. Allow server charset search : false
13. Enable UID support : true
14. PHP session name : SQMSESSID
15. Location base :
//改好之后保存退出
#makedir /var/www/html/webmail/attach
#chmod 777 /var/www/html/webmail/attach
# chown -R apache:root webmail
//将以下服务设置为自动启动,去除postfix和sendmail的自启动
MailScanner clamd dovecot httpd mysqld saslauthd spamassassin
//iptables 设置 110,25,143,995,993,443端口通过
reboot,大功告成 这个是我目前发现最详细的步骤,顶死楼主啊...很适合俺们这种全小白新手... 写的真详细,有空的时候偶测试下。谢谢楼主
页:
[1]
