FreeBSD8.0+postfix+sasl2+mysql+maildrop+ExtMan+Mai
-------------------Changelog 20091218
-------------------
增加 安装amavisd-new出现*** Error code 1错误解决方法
修正 https访问不正常提示没权限
增加 ports.tar直接使用,不用每次安装都要下载
增加 ExtMan/1.0.1后台显示freebsd-cmd
修正 ExtMan/1.0.1后台显示信息
增加 修改MYSQL数据库位置方法
修正 ExtMan/1.0.1后台图形日志没有开机启动
增加 修改WIN下面hosts文件,方便测试
增加 WEB配置,不仅仅只是邮件服务器
本文省略部分请看
FreeBSD7.0+postfix+sasl2+mysql+maildrop+ExtMan+Mailman+ClamAv完全安装
http://bbs3.chinaunix.net/thread-1119098-1-1.html
FreeBSD7.1+postfix+sasl2+mysql+maildrop+ExtMan+Mailman+ClamAv完全安装
http://bbs3.chinaunix.net/thread-1389722-1-1.html
FreeBSD邮件交流群QQ群: (1610895)
参考文章:
1.
http://www.extmail.org/docs/extmail_solution_freebsd/
2.
http://www.yiyou.org/docs/freebsd_postfix_03/
在本例中,机器名:mail.extmail.org
域名:extmail.org
默认网关:192.168.1.1
IP地址:192.168.1.8
整个邮件解决方案由如下软件组成:
功能模块 内容 备注
操作系统(OS) FreeBSD是一个优秀的unix操作系统,基于宽松的BSD协议
邮件传输代理(MTA) Postfix邮件传输代理
数据库/目录服务 MySQL 可选MySQL或其他版本
邮件投递代理(MDA) maildrop 支持过滤和强大功能
Web帐户管理后台 extman 支持无限域名、无限用户
POP3 服务器 Courier-IMAP支持pop3/pop3s/imap/imaps,功能强大,可根据需要选择
WebMail 系统 ExtMail支持多语言、全部模板化,功能基本齐全
防病毒软件(Anti-Virus) ClamAV最热门的开源杀毒软件
内容过滤器 Amavisd-new Content-Filter软件,支持与clamav/sa的挂接
内容级别的反垃圾邮件工具 SpamAssassin 著名的SA,可以支持大量规则,但速度较慢
SMTP认证库 Cyrus SASL 标准的SASL实现库,可以支持Courier authlib
其他数据认证库 Courier Authlib是maildrop, courier-imap等服务的关键部件
日志分析及显示 mailgraph_ext 在ExtMan中已经包含了
Web 服务器 Apache 最新版的apache服务器,默认支持ssl模块
maillist软件 Mailman 功能强大的邮件列表软件,支持基于web的管理
操作系统安装
操作系统迷你安装
http://bbs3.chinaunix.net/thread-1602387-1-1.html
安装时的注意事项
1,磁盘分区
由于是邮件系统,相关的日志和queue都会保存在var分区内,因此var分区要有足够的空间。以一块硬盘73G/内存3G的服务器为例,可做如下分区:
/512m
swap 4096m
/var 5g
/tmp 512m
/usr 8g(尽量保证有10G左右)
/home 50g(剩下所有的空间)
2,软件包的选择
我们的邮件系统是要对外服务的,所以尽可能少的选择软件包,安装时建议选择Minimal,然后进入Custom选择doc,info,man,src即可。
配置
1,编辑/etc/rc.conf确保有如下内容:
[ - ]CODE:
sshd_enable="YES"
named_enable="YES"
sendmail_enable="NONE"
编辑/etc/resolv.conf确保第一条nameserver记录是127.0.0.1,这样本地DNS缓存才有效,类似如下:
[ - ]CODE:
domainextmail.org
nameserver 127.0.0.1
nameserver 61.153.177.199
然后执行如下命令:
/etc/rc.d/named start
2,根据硬件的配置重新编译内核(省略)
更新ports
[ - ]CODE:
pkg_add -r cvsup-without-gui
rehash
cvsup -gL2 /usr/share/examples/cvsup/ports-supfile -h cvsup.freebsdchina.org
或者
cvsup -L 2 -h cvsup2.cn.FreeBSD.org /usr/share/examples/cvsup/ports-supfile
或者下载ports.tar直接使用
下载ports.tar(提取码 5b0ecc79)
上传然后将ports.tar移动到/usr下,解压
mv ports.tar /usr/
tar zxvf ports.tar
整个系统的安装全过程都要求以root身份执行。并能够访问Internet。
安装前的准备
下面的安装过程中弹出安装选择IPV6的一律取消,文档里面有提示选择的
按提示选择,没有的地方就按默认选择。
增加一个存储邮件的帐号和组(vmail)
执行如下命令
[ - ]CODE:
pw group add vmail -g 1000
pw user add vmail -u 1000 -g 1000 -s /sbin/nologin -d /dev/null
给test用户创建路径
需要一个测试帐号
test@extmail.org
,需要准备该账号的路径。
[ - ]CODE:
mkdir -p /home/domains/extmail.org/test/Maildir/new
mkdir -p /home/domains/extmail.org/test/Maildir/cur
mkdir -p /home/domains/extmail.org/test/Maildir/tmp
chown -R vmail:vmail /home/domains/
chmod -R 700 /home/domains/
ExtMan的安装
由于在安装过程中要使用ExtMan里面带的文件,因此在此先安装ExtMan。安装时根据个人需要选择MySQL或者mysql支持。
[ - ]CODE:
cd /usr/ports/mail/extman/ && make install clean
安装时选择mysql
小技巧
cd /usr/ports/databases/mysql50-server/
ee Makefile
CONFIGURE_ARGS= --localstatedir=/var/db/mysql
改为
CONFIGURE_ARGS= --localstatedir=/home/db/mysql
安装完MYSQL之后修改/usr/local/etc/rc.d/mysql-server大概34行
ee /usr/local/etc/rc.d/mysql-server
${mysql_dbdir="/var/db/mysql"}
改为
${mysql_dbdir="/home/db/mysql"}
安装mysql
[ - ]CODE:
cd /usr/ports/databases/mysql50-server/ && make WITH_CHARSET=gbk WITH_XCHARSET=all WITH_PROC_SCOPE_PTH=yes BUILD_OPTIMIZED=yes BUILD_STATIC=yes SKIP_DNS_CHECK=yes WITHOUT_INNODB=yes install clean
编辑/etc/rc.conf
执行ee /etc/rc.conf
加入mysql_enable="YES"
复制 MySQL配置文件
[ - ]CODE:
cp /usr/local/share/mysql/my-huge.cnf /usr/local/etc/my.cnf
启动 mysql-server
/usr/local/bin/mysql_install_db --user=mysql
/usr/local/etc/rc.d/mysql-server start
修改root用户的密码
/usr/local/bin/mysqladmin -u root -p password
Enter password:
安装 openssl
cd /usr/ports/security/openssl/ && make install clean
安装配置文件
cp /usr/local/openssl/openssl.cnf.sample /usr/local/openssl/openssl.cnf
安装配置courier-imap POP3/IMAP
Courier-IMAP是一个提供POP3、IMAP服务的程序,能够很方便的配置使其支持加密协议POP3s、IMAPs。并良好的支持Maildir。
Courier-imap的安装
安装时选择(如果你使用MySQL认证,则选择AUTH_MYSQL):
OPENSSL
TRASHQUOTA
AUTH_MYSQL
执行cd /usr/ports/mail/courier-imap/ && make install clean
安装时选择 TRASHQUOTAAUTH_MYSQL
Authlib的配置
执行mv /usr/local/etc/authlib/authdaemonrc /usr/local/etc/authlib/authdaemonrc.bak
编辑/usr/local/etc/authlib/authdaemonrc文件,内容类似如下:
[ - ]CODE:
authmodulelist="authmysql"
authmodulelistorig="authmysql"
version="authdaemond.mysql"
daemons=5
authdaemonvar=/var/run/authdaemond
subsystem=mail
DEBUG_LOGIN=0
DEFAULTOPTIONS="wbnodsn=1"
LOGGEROPTS=""
增加/var/run/authdaemond的执行权限,在FreeBSD系统下,其他用户默认没有执行权限
执行chmod +x /var/run/authdaemond
执行mv /usr/local/etc/authlib/authmysqlrc /usr/local/etc/authlib/authmysqlrc.bak
编辑/usr/local/etc/authlib/authmysqlrc文件,内容类似如下:
[ - ]CODE:
MYSQL_SERVER localhost
MYSQL_USERNAME extmail
MYSQL_PASSWORD extmail
MYSQL_PORT 0
MYSQL_OPT 0
MYSQL_DATABASE extmail
MYSQL_SELECT_CLAUSE SELECT username,password,"",uidnumber,gidnumber,\
CONCAT('/home/domains/',homedir), \
CONCAT('/home/domains/',maildir), \
quota, \
name \
FROM mailbox \
WHERE username = '$(local_part)@$(domain)'
配置支持POP3s
拷贝一份配置文件
cp /usr/local/etc/courier-imap/pop3d.cnf.dist /usr/local/etc/courier-imap/pop3d.cnf
编辑/usr/local/etc/courier-imap/pop3d.cnf文件,类似如下:
[ - ]CODE:
RANDFILE = /usr/local/share/courier-imap/pop3d.rand
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
C=CN
ST=BJ
L=Bei Jing
O=Extmail
OU=extmail
CN=extmail.org
emailAddress=ppabc@qq.com
[ cert_type ]
nsCertType = server
执行如下命令产生供POP3s使用的证书
/usr/local/sbin/mkpop3dcert
配置支持IMAPs
拷贝一份配置文件
cp /usr/local/etc/courier-imap/imapd.cnf.dist /usr/local/etc/courier-imap/imapd.cnf
编辑/usr/local/etc/courier-imap/imapd.cnf文件,类似如下:
[ - ]CODE:
RANDFILE = /usr/local/share/courier-imap/imapd.rand
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
C=CN
ST=BJ
L=Bei Jing
O=Extmail
OU=extmail
CN=extmail.org
emailAddress=ppabc@qq.com
[ cert_type ]
nsCertType = server
执行如下命令产生供IMAP使用的证书
/usr/local/sbin/mkimapdcert
配置自动启动
编辑/etc/rc.conf文件,添加如下行:
[ - ]CODE:
courier_authdaemond_enable="YES"
courier_imap_pop3d_enable="YES"
courier_imap_imapd_enable="YES"
courier_imap_pop3d_ssl_enable="YES"
courier_imap_imapd_ssl_enable="YES"
这5行的作用分别是在开机时:启动authdaemond,启动pop3d,启动imapd,启动pop3d-ssl,启动imapd-ssl。也可以使用命令行来控制这些进程的启动或者停止。
/usr/local/etc/rc.d/courier-authdaemond start/stop
/usr/local/etc/rc.d/courier-imap-pop3d start/stop
/usr/local/etc/rc.d/courier-imap-imapd start/stop
/usr/local/etc/rc.d/courier-imap-pop3d-ssl start/stop
/usr/local/etc/rc.d/courier-imap-imapd-ssl start/stop
Postfix的安装和配置-MTA
MTA在邮件系统中处于非常重要的位置,他负责接收其他人给你发的信,并且负责把你的信转发到目的地。选择一个靠谱的MTA对建立邮件来说意义重大,因此我们使用Postfix!! 。另外MTA部分在邮件系统中的开发难度是最高的,起到的作用也是最大的,因此我们也常拿MTA的名字来称呼自己的邮件系统,比如:我常说我的邮件系统是Postfix。
安装postfix
安装时选择(如果你使用MySQL验证,可以选择MYSQL):
PCRE
SASL2
TLS
MYSQL
VDA
TEST
cd /usr/ports/mail/postfix/ && make install clean
安装时选择PCRE SASL2 TLS MYSQL VDA TEST
一会有遇到要选择Y/N 先y 然后n在这里当安装到SASL2不要选择选择 MYSQL 其他默认
否则会有Postfix:Sql_select option missing错误出现
Postfix:Sql_select option missing问题解决及原因请看
http://ppabc.cn/wlwz/585.html
配置postfix
编辑/etc/rc.conf,增加如下一行
postfix_enable="YES"
编辑/etc/aliases,确保有如下一行
postfix: root
替换掉系统带的sendmail程序
mv /usr/sbin/sendmail /usr/sbin/sendmail.bak
cp /usr/local/sbin/sendmail /usr/sbin/sendmail
编辑/etc/periodic.conf,加入如下内容,禁掉sendmail的自动维护。
[ - ]CODE:
daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"
执行如下命令
[ - ]CODE:
/usr/local/sbin/postalias /etc/aliases
chown postfix:postfix /etc/opiekeys
/usr/local/sbin/postconf -e 'mydomain = extmail.org'
/usr/local/sbin/postconf -e 'myhostname = mail.extmail.org'
/usr/local/sbin/postconf -e 'myorigin = $mydomain'
/usr/local/sbin/postconf -e 'virtual_mailbox_base = /home/domains'
/usr/local/sbin/postconf -e 'virtual_uid_maps=static:1000'
/usr/local/sbin/postconf -e 'virtual_gid_maps=static:1000'
执行如下命令对查询表进行配置
[ - ]CODE:
cp /usr/local/www/extman/docs/mysql_virtual_* /usr/local/etc/postfix/
/usr/local/sbin/postconf -e 'virtual_alias_maps = $alias_maps, mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf'
/usr/local/sbin/postconf -e 'virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf'
/usr/local/sbin/postconf -e 'virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf'
SMTP认证设置
编辑/usr/local/lib/sasl2/smtpd.conf
[ - ]CODE:
pwcheck_method:authdaemond
log_level:3
mech_list:PLAIN LOGIN
authdaemond_path:/var/run/authdaemond/socket
对postfix做如下配置使支持smtp认证
[ - ]CODE:
/usr/local/sbin/postconf -e 'smtpd_sasl_auth_enable=yes'
/usr/local/sbin/postconf -e 'broken_sasl_auth_clients = yes'
/usr/local/sbin/postconf -e 'smtpd_sasl_local_domain = $myhostname'
postfix反垃圾设置
此处的反垃圾邮件只是在MTA级的一些预防垃圾邮件的设置,可根据实际情况以及自己的需要进行调整。
[ - ]CODE:
/usr/local/sbin/postconf -e 'smtpd_helo_required=yes'
/usr/local/sbin/postconf -e 'smtpd_delay_reject=yes'
/usr/local/sbin/postconf -e 'disable_vrfy_command=yes'
/usr/local/sbin/postconf -e 'smtpd_client_restrictions = check_client_access hash:/usr/local/etc/postfix/client_access'
/usr/local/sbin/postconf -e 'smtpd_helo_restrictions=reject_invalid_hostname,check_helo_access hash:/usr/local/etc/postfix/helo_access'
/usr/local/sbin/postconf -e 'smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, check_sender_access hash:/usr/local/etc/postfix/sender_access'
/usr/local/sbin/postconf -e 'smtpd_recipient_restrictions=permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain'
/usr/local/sbin/postconf -e 'smtpd_data_restrictions=reject_unauth_pipelining'
/usr/local/sbin/postconf -e 'header_checks = regexp:/usr/local/etc/postfix/head_checks'
/usr/local/sbin/postconf -e 'body_checks = regexp:/usr/local/etc/postfix/body_checks'
touch /usr/local/etc/postfix/head_checks
touch /usr/local/etc/postfix/body_checks
touch /usr/local/etc/postfix/client_access
touch /usr/local/etc/postfix/sender_access
touch /usr/local/etc/postfix/helo_access
/usr/local/sbin/postmap /usr/local/etc/postfix/head_checks
/usr/local/sbin/postmap /usr/local/etc/postfix/body_checks
/usr/local/sbin/postmap /usr/local/etc/postfix/client_access
/usr/local/sbin/postmap /usr/local/etc/postfix/sender_access
/usr/local/sbin/postmap /usr/local/etc/postfix/helo_access
TLS设置
生成证书,在这里默认私钥的访问密码为123qwe98,请根据自己的情况决定,以后可能会用得到。
[ - ]CODE:
mkdir -p /usr/local/etc/postfix/certs/CA
cd /usr/local/etc/postfix/certs/CA
mkdir certs crl newcerts private
echo "01" > serial
touch index.txt
cp /usr/local/openssl/openssl.cnf .
这个地方要注意上面这句后面有个点,也可以执行cp /usr/local/openssl/openssl.cnf /usr/local/etc/postfix/certs/CA/
编辑openssl.cnf 其中 dir = /usr/local/etc/postfix/certs/CA 这个地方一定要看,很多朋友证书不能生成就是因为这个地方
编辑openssl.cnf,确认dir参数的值是/usr/local/etc/postfix/certs/CA。然后继续执行如下命令,并根据情况输入信息。输入信息类似如下:
Country Name (2 letter code) :CN
State or Province Name (full name) :BJ
Locality Name (eg, city) []:Bei Jing
Organization Name (eg, company) :Extmail
Organizational Unit Name (eg, section) []:extmail
Common Name (eg, YOUR name) []:extmail.org
Email Address []:ppabc@qq.com
这里的信息是 POP3s 证书 IMAP 证书 下面输入信息要一致
命令如下:
openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650 -config openssl.cnf
按照前面输入的信息输入
openssl req -nodes -new -x509 -keyout mykey.pem -out myreq.pem -days 3650 -config openssl.cnf
按照前面输入的信息输入
[ - ]CODE:
openssl x509 -x509toreq -in myreq.pem -signkey mykey.pem -out tmp.pem
openssl ca -config openssl.cnf -policy policy_anything -out mycert.pem -infiles tmp.pem
rm tmp.pem
cp cacert.pem /usr/local/etc/postfix/certs/
cp mycert.pem /usr/local/etc/postfix/certs/
cp mykey.pem /usr/local/etc/postfix/certs/
cd /usr/local/etc/postfix/certs/
chown root:wheel cacert.pem mycert.pem
chown root:postfix mykey.pem
chmod 755 cacert.pem
chmod 644 mycert.pem
chmod 440 mykey.pem
ln -s cacert.pem `openssl x509 -noout -hash
[ - ]CODE:
/usr/local/sbin/postconf -e 'smtpd_use_tls=yes'
/usr/local/sbin/postconf -e 'smtpd_tls_auth_only=no'
/usr/local/sbin/postconf -e 'smtp_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem'
/usr/local/sbin/postconf -e 'smtp_tls_cert_file = /usr/local/etc/postfix/certs/mycert.pem'
/usr/local/sbin/postconf -e 'smtp_tls_key_file = /usr/local/etc/postfix/certs/mykey.pem'
/usr/local/sbin/postconf -e 'smtpd_tls_CAfile=/usr/local/etc/postfix/certs/cacert.pem'
/usr/local/sbin/postconf -e 'smtpd_tls_cert_file=/usr/local/etc/postfix/certs/mycert.pem'
/usr/local/sbin/postconf -e 'smtpd_tls_key_file=/usr/local/etc/postfix/certs/mykey.pem'
/usr/local/sbin/postconf -e 'smtpd_tls_received_header=yes'
/usr/local/sbin/postconf -e 'smtpd_tls_loglevel=3'
/usr/local/sbin/postconf -e 'smtpd_starttls_timeout=60s'
/usr/local/etc/postfix/master.cf
配置master.cf,添加如下信息
[ - ]CODE:
smtps inetn - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
Maildrop的安装和配置-MDA
MDA-邮件分发代理。他从MTA那儿拿到信,然后存入您的邮箱里面。MDA在投递邮件到您的目录里面时,会先对邮件进行一些过滤,过滤规则会根据您的配置文件来进行。1,进行全局过滤设置,读取/etc/maildroprc(Linux)或者/usr/local/etc/maildroprc(BSD),根据配置该配置文件执行相应的操作,影响到所有用户;2,根据每个用户的配置进行过滤,读取$HOME/.mailfilter,根据每个用户的设置进行相应的操作,仅影响单个用户。基于这样的特点,WEBMAIL通过编辑$HOME/.mailfilter可以实现一些特色化的东西,比如:黑白名单、SPAM自动转入垃圾邮件夹、SMS提醒等等。
安装maildrop
cd /usr/ports/mail/maildrop/ && make WITH_AUTHLIB=yes install clean
安装时选择mysql
修改master.cf /usr/local/etc/postfix/master.cf
修改master.cf的maildrop,类似修改为:
[ - ]CODE:
#maildropunix- n n - - pipe
#flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
maildropunix- n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/local/bin/maildrop -w 90 -d ${recipient}
/usr/local/etc/postfix/main.cf
修改main.cf
[ - ]CODE:
/usr/local/sbin/postconf -e 'virtual_transport=maildrop:'
/usr/local/sbin/postconf -e 'maildrop_destination_concurrency_limit=1'
/usr/local/sbin/postconf -e 'maildrop_destination_recipient_limit=1'
编辑文件/usr/local/etc/maildroprc
确保是如下内容:
[ - ]CODE:
logfile "/home/domains/maildrop.log"
#logfile "/var/log/maildrop.log"
TEST="/bin/test -f"
#
# Check for custom user .mailfilter file
#
CUSTOM_FILTER="$HOME/.mailfilter"
`$TEST $CUSTOM_FILTER && exit 1 || exit 0`
if ( $RETURNCODE == 0 )
{
to "$HOME/Maildir"
}
[ 本帖最后由 ppabc 于 2009-12-19 16:16 编辑 ]
安装配置Apache
安装apache
添加了这两个参数的意思是,支持suexec模块,改变suexec_docroot的路径。但在本文中并没有在虚拟主机中使用suexec,在此编译进去是为了方便测试,以及方便以后可能会使用到的朋友。其他选项使用默认的即可。
cd /usr/ports/www/apache22/ && make WITH_SUEXEC=yes SUEXEC_DOCROOT=/usr/local/www WITH_MPM=worker WITHOUT_IPV6=yes WITH_THREADS=yes install clean
使用默认的即可
配置/etc/rc.conf
添加如下一行
apache22_enable="YES"
修改apache的配置文件/usr/local/etc/apache22/httpd.conf,使apache运行时的权限为vmail:vmail
User vmail
Group vmail
虚拟主机配置
编辑/usr/local/etc/apache22/Includes/extmail.conf
[ - ]CODE:
NameVirtualHost *:80
ServerName mail.extmail.org
DocumentRoot /usr/local/www/extmail/html/
ScriptAlias /extmail/cgi /usr/local/www/extmail/cgi/
Alias /extmail /usr/local/www/extmail/html/
ScriptAlias /extman/cgi "/usr/local/www/extman/cgi/"
Alias /extman "/usr/local/www/extman/html/"
SetHandler cgi-script
Options +ExecCGI
# AllowOverride All
AllowOverride None
Options None
Order allow,deny
Allow from all
# SuexecUserGroup vmail vmail
配置支持https
复制一份证书到apache的目录
mkdir -p /usr/local/etc/apache22/certs/
cp /usr/local/etc/postfix/certs/*.pem /usr/local/etc/apache22/certs/
编辑文件/usr/local/etc/apache22/Includes/extmail-ssl.conf,内容如下
[ - ]CODE:
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialogbuiltin
SSLSessionCache shmcb:/var/run/ssl_scache(512000)
SSLSessionCacheTimeout300
SSLMutexfile:/var/run/ssl_mutex
DocumentRoot "/usr/local/www/extmail/html"
ServerName mail.extmail.org:443
ScriptAlias /extmail/cgi /usr/local/www/extmail/cgi/
Alias /extmail /usr/local/www/extmail/html/
ScriptAlias /extman/cgi "/usr/local/www/extman/cgi/"
Alias /extman "/usr/local/www/extman/html/"
ServerAdmin ppabc@qq.com
ErrorLog /var/log/httpd-error.log
TransferLog /var/log/httpd-access.log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
#SSLCertificateFile /usr/local/etc/apache22/server.crt
#SSLCertificateKeyFile /usr/local/etc/apache22/server.key
SSLCertificateFile /usr/local/etc/apache22/certs/mycert.pem
SSLCertificateKeyFile /usr/local/etc/apache22/certs/mykey.pem
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/httpd-ssl_request.log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
#SuexecUserGroup vmail vmail
# //另外加上,以前HTTPS无权限访问就是因为这里
SetHandler cgi-script
Options +ExecCGI
# AllowOverride All
AllowOverride None
Options None
Order allow,deny
Allow from all
安装配置Extmail
Extmail 是一个以perl语言编写,面向大容量/ISP级应用,免费的高性能Webmail软件。完整的支持Maildir++, 多字符、多语言支持,支持模版技术、方便的为自己定制界面等等。
安装extmail
安装不需要选择MySQL,mysql,因为在安装ExtMan的时候已经把这些包装上了。
cd /usr/ports/mail/extmail && make install clean
安装不需要选择MySQL
复制一份配置文件
cp /usr/local/www/extmail/webmail.cf.default /usr/local/www/extmail/webmail.cf
编辑/usr/local/www/extmail/webmail.cf,修改对应的参数如下
[ - ]CODE:
SYS_CONFIG = /usr/local/www/extmail/
SYS_LANGDIR = /usr/local/www/extmail/lang
SYS_TEMPLDIR = /usr/local/www/extmail/html
SYS_SESS_DIR = /var/tmp/extmail/
SYS_LOG_TYPE = file
SYS_USER_LANG = zh_CN
SYS_USER_CHARSET = utf-8
SYS_AUTH_TYPE = mysql
SYS_MAILDIR_BASE = /home/domains
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
SYS_MYSQL_DB = extmail
SYS_MYSQL_HOST = localhost
SYS_MYSQL_SOCKET = /tmp/mysql.sock
执行如下命令
[ - ]CODE:
mkdir /var/tmp/extmail
chown vmail:vmail /var/tmp/extmail/
chmod 777 /var/tmp/extmail
touch /var/log/extmail.log
chown vmail:vmail /var/log/extmail.log
chown -R vmail:vmail /usr/local/www/extmail/
chown vmail:vmail /var/log/extmail.log
配置ExtMan
ExtMan是一个基于Web的邮件帐号管理系统。可以通过他来管理邮件帐号、管理员帐号和域名等,默认的超级用户是
root@extmail.org
,密码是extmail*123* ExtMan还集成了mailgraph,可以ExtMan内看到整个邮件系统的相关状态流量图。使用ExtMan来管理您的邮件系统将使工作变得更加轻松。之前我们已经安装了ExtMan,在此直接配置webman.cf即可。
配置extman
编辑/usr/local/www/extman/webman.cf,修改对应的参数如下
[ - ]CODE:
SYS_CONFIG = /usr/local/www/extman/
SYS_LANGDIR = /usr/local/www/extman/lang
SYS_TEMPLDIR = /usr/local/www/extman/html
SYS_MAILDIR_BASE = /home/domains
SYS_SESS_DIR = /var/tmp/extman/
SYS_PSIZE = 50
SYS_LANG = zh_CN
SYS_DEFAULT_MAXQUOTA = 10000
SYS_DEFAULT_MAXALIAS = 10000
SYS_DEFAULT_MAXUSERS = 1000
SYS_DEFAULT_MAXNDQUOTA = 100
SYS_BACKEND_TYPE = mysql
SYS_CRYPT_TYPE = md5crypt
SYS_MYSQL_USER = webman
SYS_MYSQL_PASS = webman
SYS_MYSQL_DB = extmail
SYS_MYSQL_HOST = localhost
SYS_MYSQL_SOCKET = /tmp/mysql.sock
下载 效果和hosts.rar 里面有个conf.tar解压后extmail]webmail.cf和extman]webman.cf
效果和hosts.rar (提取码 91bfcfd4)
如果不想那么麻烦MYSQL密码没改过的话,可以直接FTP传上去覆盖
[ - ]CODE:
mv /usr/local/www/extmail/webmail.cf /usr/local/www/extmail/webmail.cf.bak
cp /home/ppabc1/extmail]webmail.cf /usr/local/www/extmail/webmail.cf
mv /usr/local/www/extman/webman.cf /usr/local/www/extmail/webmail.cf.bak
cp /home/ppabc1/extman]webman.cf /usr/local/www/extman/webman.cf
其他设置
执行如下命令
[ - ]CODE:
mkdir /var/lib
mkdir /var/tmp/extman/
chown -R vmail:vmail /var/tmp/extman/
chmod 777 /var/tmp/extman/
chmod 755 /usr/local/www/extman/webman.cf
unlink /usr/local/www/extman/libs/HTML/KTemplate.pm
cp /usr/local/www/extmail/libs/HTML/KTemplate.pm /usr/local/www/extman/libs/HTML/
配置图形日志
安装依赖软件遇到要选择 取消IPV6 其他默认就可以
cd /usr/ports/databases/rrdtool && make install clean
cd /usr/ports/devel/p5-File-Tail && make install clean
cd /usr/ports/devel/p5-Time-HiRes && make install clean
安装mailgraph_ext
cp -Rfp /usr/local/www/extman/addon/mailgraph_ext/ /usr/local/mailgraph_ext
/usr/local/mailgraph_ext/mailgraph-init start
下载 效果和hosts.rar 里面有个conf.tar解压后freebsd-cmd
效果和hosts.rar (提取码 91bfcfd4)
cp /home/ppabc1/freebsd-cmd /usr/local/www/extman/daemon/cmd_plugin/
编辑/etc/rc.local加入下面两行
/usr/local/mailgraph_ext/mailgraph-init start
/usr/local/www/extman/daemon/cmdserver -v -d
执行下
chmod 777/usr/local/www/extman/daemon/cmdserver
/usr/local/www/extman/daemon/cmdserver --daemon
进入extmandocs目录,导入 msyql数据
cd /usr/local/www/extman/docs
/usr/local/bin/mysql -uroot -p
提示mysql 出错
Can't call method "prepare" on an undefined value at /usr/local/www/extman/libs/Ext/Mgr/MySQL.pm line 139.
一般就是 数据库没导入所导致的
重起一下apache
/usr/local/sbin/apachectl restart
测试基本系统
到目前为止,一个基本的邮件系统已经安装完成,他支持了smtp,pop3,imap,webmail。并且支持对应的SSL加密smtps,pop3s,imaps,https。
测试pop3 (省略)
测试smtp认证(省略)
测试smtps (省略)
测试pop3s/imaps(省略)
下载 效果和hosts.rar 里面有个mailetc.rar
下载效果和hosts.rar (提取码 91bfcfd4)
修改WIN下面hosts文件,我做了个批处理mailetc.rar
解压后点 开启.bat 就可以用浏览器直接访问
http://mail.zhank.com/
测试webmail/extman
你能通过如下链接登陆webmail
http://mail.extmail.org/
https://mail.extmail.org/
http://mail.extmail.org/extman
https://mail.extmail.org/extman
内容/病毒过虑
安装amavisd-new
amavisd-new是一个类似Mailscanner的解信的程序,他可以调用外部的杀毒/反垃圾来对邮件进行过滤,很方便的实现病毒过滤,内容过滤。amavisd和mailscanner的不同在于,他使用SMTP协议通信,处理完后再回传给Postfix,整个过程不会对Postfix造成任何结构上的影响。Mailscanner必须监视Postfix的Hold队列,采用比较暴力的做法。
cd /usr/ports/security/amavisd-new && make install clean
安装时选择 BDB MILTER SPAMASSASSIN FILE RAR UNRAR ARJ LHA ARC CAB RPM ZOO UNZOO LZOP FREEZE P7ZIP
如果在这里安装遇到要选择IPV6记得全部取消掉
安装amavisd-new
*** Error code 1
Stop in /usr/ports/archivers/rar.
*** Error code 1
如果出现这个错误是因为选择了RAR
错误是 rarbsd 没装上,可以去下载
http://www.rarlab.com/rar/rarbsd-3.9.0.tar.gz
下载后 复制到
mv rarbsd-3.9.0.tar.gz /usr/ports/distfiles/
安装就可以了
修改/etc/rc.conf增加如下一行,系统启动时自动运行amavisd
amavisd_enable="YES"
配置amavisd.conf
修改/usr/local/etc/amavisd.conf文件中对应的选项,如下
[ - ]CODE:
$max_servers = 10;
$sa_spam_subject_tag = ' ';
$mydomain = 'mail.extmail.org';
$myhostname = 'mail.extmail.org';
@local_domains_maps = qw(.);
$sa_tag_level_deflt= undef;
$sa_tag2_level_deflt = 5.0;
$sa_kill_level_deflt = 5.0;
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_DISCARD;
$virus_admin = "postmaster\@$mydomain";
$mailfrom_notify_admin = "postmaster\@$mydomain";
$mailfrom_notify_recip = "postmaster\@$mydomain";
$mailfrom_notify_spamadmin = "postmaster\@$mydomain";
@whitelist_sender_maps = read_hash("$MYHOME/white.lst");
@blacklist_sender_maps = read_hash("$MYHOME/black.lst");
$spam_quarantine_to = "spam\@$mydomain";
$virus_quarantine_to = "virus\@$mydomain";
$banned_quarantine_to = "spam\@$mydomain";
$hdrfrom_notify_admin = "Content Filter ";
执行如下操作
[ - ]CODE:
touch /var/amavis/white.txt
touch /var/amavis/black.txt
cp /var/amavis/white.txt /var/amavis/white.lst
cp /var/amavis/black.txt /var/amavis/black.lst
chown -R vscan:vscan /var/amavis/
配置postfix对amavisd-new的支持
修改/usr/local/etc/postfix/master.cf,增加如下内容
[ - ]CODE:
smtp-amavisunix - - n - 4 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o receive_override_options=
修改content_filter ,receive_override_options这两项,禁止地址展开/影射,否则遇到别名时会产生冗余邮件。但是打开这一项receive_override_options后会和邮件列表程序相冲突,导致邮件列表的aliases不能打开。所以如果使用了邮件列表,则不要设置receive_override_options这一项。
/usr/local/sbin/postconf -e 'content_filter = smtp-amavis::10025'
/usr/local/sbin/postconf -e 'receive_override_options = no_address_mappings'
这个 地方要注意如果使用了邮件列表,则不要设置receive_override_options这一项
配置clamav
Clamav是一个比较好的杀毒程序,他被amavisd调用,可以查杀所有常见的病毒,在邮件系统中我们用它来对邮件进行查毒,
cd /usr/ports/security/clamav && make install clean
安装时选择 ARC ARJ LHA UNZOO UNRAR
修改配置文件
编辑/usr/local/etc/clamd.conf
User vscan
编辑/usr/local/etc/freshclam.conf
DatabaseOwner vscan
修改/etc/rc.conf增加两行
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
修改/usr/local/etc/amavisd.conf,增加如下内容,使amavis-new对clamav的支持
[ - ]CODE:
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
修改权限设置
chown -R vscan:vscan /var/run/clamav/
chown -R vscan:vscan /var/log/clamav/
chown -R vscan:vscan /var/db/clamav/
启动clamav。clamav有2个daemon需要启动,一个是用来查病毒的clamd,另外一个是用来更新病毒库的freshclam,他们分别通过如下脚本启动。
/usr/local/etc/rc.d/clamav-clamd start
/usr/local/etc/rc.d/clamav-freshclam start
配置Spamassassin
开源软件中最好的内容过滤程序,做内容过滤的必选。
配置
cp /usr/local/etc/mail/spamassassin/local.cf.sample /usr/local/etc/mail/spamassassin/local.cf
修改/usr/local/etc/mail/spamassassin/local.cf
[ - ]CODE:
report_safe 1
use_bayes 0
auto_learn 0
bayes_auto_expire 1
skip_rbl_checks 1
use_razor2 0
use_dcc 0
use_pyzor 0
dns_available no
lock_method flock
使用Chinese_rules.cf
fetch得到这个规则后可以看到,他从2006年10月2日以来,都没有再更新过了,因此是否仍然使用该规则取决于您自己。如果仍然想继续使用,按照如下的操作即可。
-rw-r--r-- 1 root wheel 55342 Oct 2 2006 Chinese_rules.cf
编辑脚本/var/cron/sa.sh
[ - ]CODE:
#!/bin/sh
cd /tmp/
fetch -q http://www.ccert.edu.cn/spam/sa/Chinese_rules.cf
mv Chinese_rules.cf /usr/local/share/spamassassin/
/usr/local/etc/rc.d/amavisd forcerestart > /dev/null
增加执行权限
chmod +x /var/cron/sa.sh
编辑/etc/crontab,增加一行如下,每周6执行一次
0 0 * * 6 root /var/cron/sa.sh
测试杀毒/内容过滤
测试杀毒。在做该测试之前,你需要确保你的clamd,amavisd,postfix都正常启动。可以通过如下脚本来启动他们。
/usr/local/etc/rc.d/clamav-clamd restart
/usr/local/etc/rc.d/amavisd restart
/usr/local/etc/rc.d/postfix restart
安装邮件列表软件mailman
Mailman是一个比较好的邮件列表程序,功能非常强大,提供完美的Web端,权限可以分散管理,多个开源组织都在使用。
安装mailman
cd /usr/ports/mail/mailman && make MAIL_GID=mailman CGI_GID=vmail install clean
安装时选择: POSTFIX CHINESE
在此使用mailman做为MAIL_GID是为了避免在后期的维护中使用check_perms -f修复权限的时候,mailman会自动默认修改为mailman这个用户来转发邮件。而使用 CGI_GID=vmail作为mailman的CGI执行权限是为了跟extmail/extman执行cgi时的权限一致。
配置/etc/rc.conf
增加一行
mailman_enable="YES"
配置postfix支持
[ - ]CODE:
touch /usr/local/mailman/data/aliases
touch /usr/local/mailman/data/virtual-mailman
/usr/local/sbin/postconf -e 'recipient_delimiter=+'
/usr/local/sbin/postconf -e 'alias_maps=hash:/etc/aliases, hash:/usr/local/mailman/data/aliases'
/usr/local/sbin/postalias /usr/local/mailman/data/aliases
/usr/local/sbin/postconf -e 'virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf, hash:/usr/local/mailman/data/virtual-mailman'
/usr/local/sbin/postalias /usr/local/mailman/data/aliases
/usr/local/sbin/postmap /usr/local/mailman/data/virtual-mailman
/usr/local/sbin/postconf -e 'default_privs = mailman'
/usr/local/sbin/postfix reload
配置mailman
[ - ]CODE:
cd /usr/local/mailman
/usr/local/mailman/bin/genaliases
chown -R vmail:mailman /usr/local/mailman/data/aliases*
chown -R vmail:mailman /usr/local/mailman/data/virtual-mailman*
chmod 664 /usr/local/mailman/data/aliases*
chmod 664 /usr/local/mailman/data/virtual-mailman*
cp -Rfp /usr/local/mailman/icons/ cgi-bin/icons
cp /usr/local/www/icons/powerlogo.gif cgi-bin/icons/
修改管理员密码,在这里我默认为123qwe98
/usr/local/mailman/bin/mmsitepass
编辑/usr/local/mailman/Mailman/mm_cfg.py,增加如下内容
[ - ]CODE:
MTA = 'Postfix'
POSTFIX_STYLE_VIRTUAL_DOMAINS = ['lists.extmail.org']
add_virtualhost('lists.extmail.org','lists.extmail.org')
DEFAULT_EMAIL_HOST = 'lists.extmail.org'
DEFAULT_URL_HOST = 'lists.extmail.org'
DEFAULT_SERVER_LANGUAGE = 'zh_CN'
创建一个邮件列表mailman
mailman列表为必须创建的,管理员邮箱使用
root@extmail.org
,密码使用12345678
/usr/local/mailman/bin/newlist mailman
配置apache支持mailman
在文件/usr/local/etc/apache22/Includes/extmail.conf中添加如下内容。
[ - ]CODE:
ServerName lists.extmail.org
DocumentRoot /usr/local/mailman/cgi-bin/
ScriptAlias /mailman "/usr/local/mailman/cgi-bin/"
Alias /pipermail /usr/local/mailman/archives/public/
AddDefaultCharset Off
Options FollowSymLinks ExecCGI
AllowOverride None
Order allow,deny
Allow from all
重启APACHE
/usr/local/sbin/apachectl restart
默认密码
root@extmail.org
extmail*123*
默认数据库位置/var/db/mysql/extmail
修改数据库位置/home/db/mysql/extmail
/usr/local/etc/apache22/extra/httpd-vhosts.conf
测试以及通过web使用mailman
你能通过如下链接管理和查看相关信息,使用密码12345678登陆mailman系统。也可以通过系统管理密码123qwe98创建新的邮件列表。
http://lists.extmail.org/mailman/admin/mailman
http://lists.extmail.org/mailman/listinfo/mailman
http://lists.extmail.org/mailman/create
更强大的功能在登陆列表的web管理界面后你能看到,比如调整显示界面为中文等等。
到这里邮件配置就全部结束,一台服务器只做邮件未免有些浪费,可以增加WEB的配置
[ 本帖最后由 ppabc 于 2009-12-21 10:14 编辑 ]
安装php
# cd /usr/ports/lang/php5
# make config
CLI Build CLI version
CGI Build CGI version
APACHE Build Apache module
[ ] DEBUG Enable debug
] SUHOSIN Enable Suhosin protection system
MULTIBYTE Enable zend multibyte support
[ ] IPV6 Enable ipv6 support
[ ] REDIRECT Enable force-cgi-redirect support (CGI only)
[ ] DISCARD Enable discard-path support (CGI only)
FASTCGI Enable fastcgi support (CGI only)
PATHINFO Enable path-info-check support (CGI only)
# make install clean
#cp /usr/local/etc/php.ini-dist /usr/local/etc/php.ini
# cd /usr/ports/lang/php5-extensions/
# make config
#我选择了这些,你看你的需要增加了
[ - ]CODE:
BZ2 bzip2 library support
CALENDAR calendar conversion support
CTYPE ctype functions
DOM DOM support
FILTER input filter support
GDGD library support
GETTEXT gettext library support
HASHHASH Message Digest Framework
ICONV iconv support
JSONJavaScript Object Serialization support
MYSQL MySQL database support
PCREPerl Compatible Regular Expression support这个没 不过默认会有
PDO PHP Data Objects Interface (PDO)
PDO_SQLITEPDO sqlite driver
POSIX POSIX-like functions
SESSION session support
SIMPLEXML simplexml support
SPL Standard PHP Library
SQLITE sqlite support
TIDY TIDY support
TOKENIZER tokenizer support
XML XML support
XMLREADER XMLReader support
XMLWRITER XMLWriter support
YAZ YAZ support (/NISO Z39.50)
ZIP ZIP support
ZLIBZLIB support
也可以增加
MHash哈稀计算
MCrypt加密处理
Socket支持
# make install clean
安装Zend Optimizer
# cd /usr/ports/devel/ZendOptimizer/
make install clean
//你会看到以下提示:
[ - ]CODE:
//You have installed the ZendOptimizer package.
//Edit /usr/local/etc/php.ini and add:
//
//zend_optimizer.optimization_level=15
//zend_extension_manager.optimizer="/usr/local/lib/php/20060613/Optimizer"
//zend_extension_manager.optimizer_ts="/usr/local/lib/php/20060613/Optimizer_TS"
//zend_extension="/usr/local/lib/php/20060613/ZendExtensionManager.so"
//zend_extension_ts="/usr/local/lib/php/20060613/ZendExtensionManager_TS.so"
//********************************************************************************
# ee /usr/local/etc/php.ini
//如果你打开是空白.那一定是忘了
# cp /usr/local/etc/php.ini-dist /usr/local/etc/php.ini
//然后再
# ee /usr/local/etc/php.ini
//在最下边加上.
[ - ]CODE:
zend_optimizer.optimization_level=15
zend_extension_manager.optimizer="/usr/local/lib/php/20060613-zts/Optimizer"
zend_extension_manager.optimizer_ts="/usr/local/lib/php/20060613-zts/Optimizer_TS"
zend_extension="/usr/local/lib/php/20060613-zts/ZendExtensionManager.so"
zend_extension_ts="/usr/local/lib/php/20060613-zts/ZendExtensionManager_TS.so"
//先不要急着测试apache mysql php
编辑httpd.conf
#ee /usr/local/etc/apache22/httpd.conf
ServerAdmin
ppabc@qq.com
//再往下找..
Options Indexes FollowSymLinks
//改为Options FollowSymLinks
//防止被黑客目录浏览到配置文件
DirectoryIndex index.html index.php
//再往下找 怎么着?烦了...烦了睡觉去吧.这儿你不看别想解析php!
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
//再下面添加
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
//最下面
Include etc/apache22/extra/httpd-mpm.conf //把#去掉
Include etc/apache22/extra/httpd-vhosts.conf //把#去掉
//ESC退出保存
#ee /usr/local/etc/apache22/extra/httpd-mpm.conf
[ - ]CODE:
ServerLimit 3000
StartServers 5
MaxClients 5000
MinSpareThreads 75
MaxSpareThreads 300
ThreadsPerChild 50
MaxRequestsPerChild 80000
绑定其他域名
#ee /usr/local/etc/apache22/extra/httpd-vhosts.conf
[ - ]CODE:
ServerAdmin ppabc@qq.com
DocumentRoot "/home/ftp/web001"
ServerName web001.zhank.com
# ServerAlias www.web001.zhank.com
ErrorLog "/home/log/dummy-host.example.com-error_log"
CustomLog "/home/log/dummy-host.example.com-access_log" common
ServerAdmin ppabc@qq.com
DocumentRoot "/home/ftp/web002"
ServerName web002.zhank.com
ErrorLog "/home/log/dummy-host2.example.com-error_log"
CustomLog "/home/log/dummy-host2.example.com-access_log" common
到这里WEB配置就全部结束,其他设置根据自己的情况设置优化
有啥不对的地方和有更好的方法也请大家指出或补充,共同进步!
内网邮件VMware测试系统2.0发布 (基于FreeBSD8.0)
给需要测试或体验FB下构建邮件服务器的朋友使用
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u2/82341/showart_2157652.html
页:
[1]