在CentOS5/RHEL5中安装Qmail商业邮件系统(转发)

c2shield

系統性能簡介
本文是筆者在業余時間學習和研究Qmail系統時所做的筆記, 全部資料均來自Google網上所搜索到公開資源(Open Source),本文所涉及的所有需下載安裝的資源,均為以GPL授權,而且可提供商業用途的免費軟件.本手册遵守GPL协议,欢迎任何人士加入意见和修改.全文按功能分为十四节,因为太长所以分为多篇来发表.
===============================================================================
目錄指南
===============================================================================
第一節: 安装前的准备;
第二節: 安装Qmail的基本系统;
第三節: 安装协助Qmail运作的工具套件;
第四節: 安装vpopmail虚拟域名管理系统;
第五節: 安装病毒邮件防护系统ClamAV;
第六節: 安装垃圾邮件过滤系统SpamAssassin;
第七節: 設置Qmail的運行腳本;
第八節: 安装Qmailadmin和修正Domain Quota;
第九節: 安装Courier(authlib+imap+sqwebmail+maildrop)和配置SSL支持;
第十節: 安装SquirrelMail;
第十一節: 安装Horde-Webmail;
第十二節: 安装扫描程序qmail-scanner;
第十三節: 配置POP3的SSL支持;
第十四節: 安裝Vqadmin管理工具;

==============================================================================
性能簡介:
===============================================================================
按照本安裝手冊部屬配置的Qmail郵件系統,將會是一個具備完整功能的商業郵件系統,能滿足大中小型企業的電子商務需求,也適合于專門提供電郵服務的ISP網路公司.它具備专業和商業電郵系統的所有標準功能,能保證向商業用戶提供安全,穩定和高效的電子商務.
1) 支持多虚拟域名的设置,每臺主機可支持數千乃至更多個虛擬域名;
2) 支持數據庫來儲存管理信息,用戶信息儲存在MySQL數據庫中(無需Linux系統賬號),增
強了安全性和靈活性;
3) 支持賬戶數目限額和郵箱空間限額:
- 每个域名可设置最大空間容量和郵箱數目,用戶可自行调整郵箱账户的空間大小;
- 用户具有管理功能,包括增加和刪除帳號,設置別名,修改密码以及分配和調整空間;
- 用戶可設置無限制數量的別名(包括轉發);
4) 支持POP3协议接收电邮,支持SSL安全連接,支持SMTP認證;
5) 支持多種Webmail界面管理和收发电邮;
6) 自動掃描進出網關的電郵信息(包括接收,發送和轉發),可以設置使用QHPSI來進行高性能掃描,能有效阻止病毒電郵和过滤垃圾郵件;

===============================================================================
系統管理方式
===============================================================================
啟動Qmail系統: qmailctl start
停止Qmail系統: qmailctl stop

Qmail系統預設的腳本命令集: /var/qmail/bin/
TCP Server 的服務目錄路徑: /service(鏈接/var/qmail/supervise/)

添加,刪除和管理電郵命令集: /home/vpopmail/bin/

一個查詢電郵域名的操作范例:
--------------------------------------------------------------------------------
cd /home/vpopmail/bin/;
./vdominfo test.com                #返回信息如下:
- - - - - - - - - - - - - - - - - - - - - - - - -
domain: test.com
uid:    809
gid:    809
dir:    /home/vpopmail/domains/test.com
users:  2
- - - - - - - - - - - - - - - - - - - - - - - - -

一個添加電郵域名的操作范例:
--------------------------------------------------------------------------------
cd /home/vpopmail/bin/;
./vadddomain test.com;
Please enter password for postmaster:
enter password again:
--------------------------------------------------------------------------------

一個添加電郵帳號的操作范例:
--------------------------------------------------------------------------------
cd /home/vpopmail/bin/;
/vadduser email@test.com
Please enter password for email@test.com:
enter password again:
--------------------------------------------------------------------------------

一個刪除電郵帳號的操作范例:
--------------------------------------------------------------------------------
cd /home/vpopmail/bin/;
./vdeluser email@test.com
--------------------------------------------------------------------------------
一個刪除電郵域名的操作范例:
--------------------------------------------------------------------------------
cd /home/vpopmail/bin/;
./vdeldomain test.com
--------------------------------------------------------------------------------

一個用來添加域名(支持限額)腳本(/home/vpopmail/bin/adddomain.pl)的使用范例:
--------------------------------------------------------------------------------
cd /home/vpopmail/bin/;
./adddomain-hung.pl;
Please input the new domain:test.com
Please enter password for postmaster:
enter password again:
domain testhung1.com has been create success
Please set the pop user quota for the domain:5
set quota success!
--------------------------------------------------------------------------------

電郵域名及此域下的電郵賬戶在這里: /home/vpopmail/domains/
新收郵件目錄: /home/vpopmail/domains/yourdomain/youremailaccount/.Mkdir/new/
已讀郵件目錄: /home/vpopmail/domains/yourdomain/youremailaccount/.Mkdir/cur/

================================================================================
用戶使用方法
================================================================================
超級用戶管理頁面: http://xxx.xxx.xxx.xxx/cgi-bin/qmailadmin
[User Account]         请输入 postmaster
[Domain Name]          请输入 yourdomain
[Password]             请输入 postmasterpassword

普通用戶管理頁面: http://xxx.xxx.xxx.xxx/cgi-bin/qmailadmin
[User Account]         请输入 youremailaccount
[Domain Name]          请输入 yourdomain
[Password]             请输入 yourpassword

用戶網頁電郵: http://xxx.xxx.xxx.xxx/cgi-bin/sqwebmail
[User ID]              请输入 youremail@yourdomain
[Password]             请输入 yourpassword

用戶網頁電郵: http://xxx.xxx.xxx.xxx/squirrelmail/
帐号:                  youremail@yourdomain
密码:           yourpassword

用戶網頁電郵: http://xxx.xxx.xxx.xxx/horde/
使用者名稱:           youremail@yourdomain
密码      :           yourpassword

POP3客户端设置:
主机名称:   xxx.xxx.xxx.xxx
帐户名称:   youremailaccount@yourdomain
邮箱密码:   yourpassword
第一節:安装前的准备
检查Linux系统,调整适合Qmail系统运行的环境,配置用户,组权限和相关目录;
--------------------------------------------------------------------------------
1) 检查系统的C编译环境;
--------------------------------------------------------------------------------
因为Qmail源代码的安装配置档中使用了名称为"cc"的C编译器, 所以, 如果你的系统中没有
相应的名为"cc"的编译命令, 那么就必须修改安装配置档conf-cc和conf-ld, 确保安装程序
能找到适合的C编译器.
在Linux的命令提示行下, 敲入 cc 然后回车:
cc: no input files (注: 这是C编译器返回的反应信息)
如果您得到上面類似"no input files"的反應,這表明在您系統的缺省搜索訪問路徑上有一個
適合于本安裝的,的用的C編譯器.如果没有类似反应,请继续测试執行如下的C編譯命令:
/usr/bin/cc;
/usr/bin/gcc;
/usr/local/bin/cc;
/usr/local/bin/gcc;
/usr/ccs/bin/cc;
如果上面的測試命令沒有一個能起作用,请參考您的系统平台之相關說明文檔,确认您的系统中
有可用的C编译器及其正确的路径; 例如对于Red Hat Linux,可用如下RPM命令來查詢:
rpm -qa | grep gcc;
rpm -qa | grep egcs;
如果上面的測試命令有任何一個能起作用,说明你的系统中有可用的C编译器,但因為路径或名称
不符合本安装的要求,因此在安裝Qmail之前,需要修正Qmail的安裝資源中關于C編譯器的設置档.
在Qmail的源程序中,關于C編譯環境的配置參數包含在名為conf-cc和conf-ld的兩個文件中. 若
要修改配置档conf-cc和conf-ld,请用编辑器打开conf-cc和conf-ld文件, 然后置换文件中所有
的 "cc" 为适合您系統中的C编译器名称即可(通常是在第一行).例如, 如果你的系统中可用的C编译器名为"gcc", 或者是必须带路径访问的"/usr/bin/gcc",那么就请编辑conf-cc和conf-ld两个文件(这两个文件在qmail-1.03的资源当中,后面将要介绍如何下载这些资源), 将文件中的"cc"改为"gcc" 或者"/usr/bin/gcc".
请注意: RedHat系统虽然使用gcc,但通常会有一个名为/usr/bin/cc的连接,并指向/usr/bin/gcc,
这种情况下就不用修改配置档了. (由此亦可见,有另一个比修改配置档更简单的方法,就是建立一个名为 cc 的连接,指向您系统中可用的C编译器即可).

--------------------------------------------------------------------------------
2) 检查系统所需的必要组件(apache+php+mysql和named);
--------------------------------------------------------------------------------
#检查系统组件:
rpm –qa | grep httpd;
rpm –qa | grep php;
rpm –qa | grep mysqld;
rpm –qa | grep bind; (这是检查named, RedHat的Name Server预设是Bind)
请注意: 系统组件对保障Qmail邮件系统的高效运行至关重要,Qmail的各种特性,包括稳定性
和安全性都依赖于这些组件与Linxu操作系统的整合程度,如果尚未安装系统组件,建议重新
安装Linux操作系统,让操作系统的安装程序自动安装和调整这些系统组件,以达至最佳性能.

--------------------------------------------------------------------------------
3) 保证系统能自动启动如下三个组件(在项目前加入*号);
--------------------------------------------------------------------------------
setup; ->System Service;
*  httpd
*  mysqld
*  named
#手工启动相关服务的命令
service httpd start; 或者 service httpd restart;
service mysqld start; 或者 service mysqld restart;
service named start; 或者 service named restart;

--------------------------------------------------------------------------------
4) 关闭SELINUX;
--------------------------------------------------------------------------------
vi /etc/sysconfig/selinux;
#如果看到有此行: SELINUX=enforcing
#请改成如下: SELINUX=disabled
#SELINUX如有改动,必须保存并重新启动Linux: reboot
请注意: 本系统要求关闭SELinux,并非是因为SELinux不支持Qmail系列邮件系统,而是因为在
SELinux下配置完整功能的商业邮件服务相当麻烦.您如果有需要在邮件服务器中启用SELinux,
请参考下列网站:
官方网站: http://www.nsa.gov/selinux/
维基台湾: http://zh.wikipedia.org/wiki/SELinux
维基英文: http://en.wikipedia.org/wiki/SELinux
IBM DW : http://www.ibm.com/developerworks/cn/linux/s-selinux/index.html

--------------------------------------------------------------------------------
5) 如果RedHat系统安装了预设的套件sendmail或postfix,请先刪除它们;
--------------------------------------------------------------------------------
rpm -e --nodeps sendmail;
rpm -e --nodeps postfix;
rpm -e --nodeps sendmail-cf;
刪除sendmail的时候，也许会看到如下的警告信息(RPM删除套件前会备份相关的设置档)：
warning: /var/log/mail/statistics saved as /var/log/mail/statistics.rpmsave
warning: /etc/mail/submit.cf saved as /etc/mail/submit.cf.rpmsave
說明: 上述套件其實無需刪除,但為保證Qmail系統的穩定運行,必須確認已經停止其服務,或
更改相應的服務端口,以及調整默認的鏈接.

--------------------------------------------------------------------------------
6) 为了避免已经存在的文件导致相关命令不能正确运行,请先删除以下目录;
--------------------------------------------------------------------------------
rm -rf /var/qmail;
rm -rf /var/log/qmail;
rm -rf /service;
请注意: 这里假设以上目录在您的系统中并未使用,如果在您的系统已经有其他程序应用了
上述目录,请谨慎考虑删除这些目录可那能引起的后果;

--------------------------------------------------------------------------------
7) 需要预先检查的用户和组;
--------------------------------------------------------------------------------
运行Qmail系統需要在Linux系统中添加两个新组和7个新用户,在Qmail的源程序中有一個名為
INSTALL.ids的文件,此文件包含了介紹如何在各種系統中添加用戶和組的命令.如下是此文件
中開頭部分所介紹的,在Solaris,Linux和FreeBSD中添加用戶和組的命令:
vi INSTALL.ids;
On some systems there are commands that make this easy. Solaris and
Linux:
   # groupadd nofiles
   # useradd -g nofiles -d /var/qmail/alias alias
   # useradd -g nofiles -d /var/qmail qmaild
   # useradd -g nofiles -d /var/qmail qmaill
   # useradd -g nofiles -d /var/qmail qmailp
   # groupadd qmail
   # useradd -g qmail -d /var/qmail qmailq
   # useradd -g qmail -d /var/qmail qmailr
   # useradd -g qmail -d /var/qmail qmails

FreeBSD 2.2:
   # pw groupadd nofiles
   # pw useradd alias -g nofiles -d /var/qmail/alias -s /nonexistent
   # pw useradd qmaild -g nofiles -d /var/qmail -s /nonexistent
   # pw useradd qmaill -g nofiles -d /var/qmail -s /nonexistent
   # pw useradd qmailp -g nofiles -d /var/qmail -s /nonexistent
   # pw groupadd qmail
   # pw useradd qmailq -g qmail -d /var/qmail -s /nonexistent
   # pw useradd qmailr -g qmail -d /var/qmail -s /nonexistent
   # pw useradd qmails -g qmail -d /var/qmail -s /nonexistent
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

在本安装手冊中所配置的Qmail系統的運行用戶和組,與上述方式產生的用戶和組稍有不同,因為我們指定了这些组和用户的GID和UID. 采用固定的用戶ID來運行Qmail系統的目的,是為了方便系統后續的升級和遷移等維護工作,這對于需要眾多郵件主機,以及經常需要在各主機之間遷移郵箱用戶的系統,是值得采用的方式.如下是本安裝手冊中將會使用的GID和UID:
GID: 801, 802
UID: 800,801,802.803,804,805,806
Linux系统使用GID和UID来识别用户身份,如果/etc/passwd档中出现两个以上重复ID,那么只有最后一个ID才会是有效用户. 所以,如果您的系統中已經存在这些GID或UID的話,那么安装过程就可能无法正确产生相关的目录和文件,Qmail系统可能会因此而失败.因此,建议您在执行安装之前, 首先检查一下您當前的系统中的用戶和組, 是否已经有别的用戶和組正在使用上述GID和UID. 如果发现系统已经存在上述GID和UID, 那么就要首先修改这些ID数值,以免产生重复ID. 为了保持系统一致性,连续性和易迁移性, 建议您针对你的系统的特性,选择一个并不常用的UID和GID来安装Qmail.尽量采用统一UID和GID来安装您的所有Qmail系统,可以避免系統在后續的維護工作中修改系統的GID和UID.

--------------------------------------------------------------------------------
參考資料: 如要修改操作系统现有用户的GID和UID,请参照如下方法:
--------------------------------------------------------------------------------
vi /etc/passwd;
请记住您要修改的相关ID和其对应的用户名,改完GID和UID后,記得要修改系統中所有此用戶
的文件和目綠,可参照如下的FIND命令来达到目的:
find / -uid [UID] –exec chown [USER] {} \;
find / -gid [GID] –exec chown [GROUP] {} \;
上述[UID]和[GID]为旧用户的ID数值,而[USER]和[GROUP]则是此ID相对应的用户名,例如,若
用户htt原先的UID和GID为801,那么:
find / -uid 801 -exec chown htt {} \; (查找UID为101的文件和目录,改为用户htt的新UID
find / -gid 801 -exec chown .htt {} \; (查找GID为101的文件和目录,改为组htt的新GID  

--------------------------------------------------------------------------------
建立Qmail系统的运行目录,设置系统的用户和组以及相关权限;
--------------------------------------------------------------------------------
#逐步执行如下系列命令,产生运行Qmail系统所需的用户,组和相关目录:
groupadd -g 801 qmail;
groupadd -g 802 nofiles;
mkdir -p /var/qmail; (这是qmail运行程序的目录)
chown root.qmail /var/qmail;
useradd -g nofiles -d /var/qmail/alias -s /sbin/nologin -p'*' -u 800 alias;
useradd -g nofiles -d /var/qmail -M -s /sbin/nologin -p'*' -u 801 qmaild;
useradd -g nofiles -d /var/qmail -M -s /sbin/nologin -p'*' -u 802 qmaill;
useradd -g nofiles -d /var/qmail -M -s /sbin/nologin -p'*' -u 803 qmailp;
useradd -g qmail -d /var/qmail -M -s /sbin/nologin -p'*' -u 804 qmailq;
useradd -g qmail -d /var/qmail -M -s /sbin/nologin -p'*' -u 805 qmailr;
useradd -g qmail -d /var/qmail -M -s /sbin/nologin -p'*' -u 806 qmails;
mkdir /var/log/qmail;
mkdir /var/log/qmail/qmail-send;
mkdir /var/log/qmail/qmail-smtpd;
mkdir /var/log/qmail/qmail-pop3d;
chown -R qmaill:root /var/log/qmail;
chmod -R 750 /var/log/qmail;
mkdir /var/qmail/supervise;
mkdir -p /var/qmail/supervise/qmail-smtpd/log;
mkdir -p /var/qmail/supervise/qmail-send/log;
mkdir -p /var/qmail/supervise/qmail-pop3d/log;
chmod +t /var/qmail/supervise/qmail-smtpd;
chmod +t /var/qmail/supervise/qmail-send;
chmod +t /var/qmail/supervise/qmail-pop3d;

--------------------------------------------------------------------------------
附录: 为了方便安装,可以建立一个名为qmail-adduser.sh的脚本程序:
--------------------------------------------------------------------------------
#!/bin/sh
PATH=/usr/local/bin:/usr/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/sbin
#An automation script to start the installation of qmail, ucspi-tcp and daemontools
#Specially formulated for Redhat, Fedora, RHEL and Whitebox Linux.
echo "Creating initial qmail directories..."
echo
sleep 2
groupadd -g 801 qmail
groupadd -g 802 nofiles
mkdir -p /var/qmail
chown root.qmail /var/qmail;
echo "Done!"
echo
sleep 2
echo "Creating all needed users and groups..."
echo
sleep 2

#######
#Script to add users and groups for Redhat, Fedora, RHEL and Whitebox type distros
useradd -g nofiles -d /var/qmail/alias -s /sbin/nologin -p'*' -u 800 alias
useradd -g nofiles -d /var/qmail -s /sbin/nologin -p'*' -u 801 qmaild
useradd -g nofiles -d /var/qmail -s /sbin/nologin -p'*' -u 802 qmaill
useradd -g nofiles -d /var/qmail -s /sbin/nologin -p'*' -u 803 qmailp
useradd -g qmail -d /var/qmail -s /sbin/nologin -p'*' -u 804 qmailq
useradd -g qmail -d /var/qmail -s /sbin/nologin -p'*' -u 805 qmailr
useradd -g qmail -d /var/qmail -s /sbin/nologin -p'*' -u 806 qmails

#######
echo "Done!"
echo
sleep 2
echo "Next, we setup special logging directories..."
echo
sleep 2
mkdir /var/log/qmail;
mkdir /var/log/qmail/qmail-send;
mkdir /var/log/qmail/qmail-smtpd;
mkdir /var/log/qmail/qmail-pop3d;
mkdir /var/log/qmail/qmail-pop3ds;
chown -R qmaill:root /var/log/qmail;
chmod -R 750 /var/log/qmail;
echo "Done!"
echo
sleep 2
echo "And set up the supervise script directories..."
echo
sleep 2
mkdir /var/qmail/supervise;
mkdir -p /var/qmail/supervise/qmail-smtpd/log;
mkdir -p /var/qmail/supervise/qmail-send/log;
mkdir -p /var/qmail/supervise/qmail-pop3d/log;
mkdir -p /var/qmail/supervise/qmail-pop3ds/log;
chmod +t /var/qmail/supervise/qmail-smtpd;
chmod +t /var/qmail/supervise/qmail-send;
chmod +t /var/qmail/supervise/qmail-pop3d;
chmod +t /var/qmail/supervise/qmail-pop3ds;
echo "All steps completed!"
echo
sleep 2

duanxiaoyu

伟大的楼主呀！

crazyidea

邮件监控地址下载变了
wget http://ncu.dl.sourceforge.net/so ... monitor-0.99.tar.gz

bitterness

楼主,佩服,YI力+耐心,

ruochen

找BZ大麻

这个文章好像是一个香港的工程师些的，去年作mail的实验
还直接和他用mail联系过

hehe110

“如果真的是很想用qmail，推荐用大麻的解决方案“

这个方案在哪里啊？
我也是在搞qmail ，整的我好累。
谢谢！

ruochen

qmail还是太麻烦
如果对开发很感兴趣的，以这个mail为基础还是很不错的


曾经配置过几次qmail，如果配置成全功能的，真的是很麻烦，
如果真的是很想用qmail，推荐用大麻的解决方案

hehe110

支持，顶！

c2shield

第十三节：配置POP3的SSL支持
===============================================================================
1) 增加POP3DS服务;
===============================================================================
/usr/local/share/mkpop3dcert;
cp -rp /usr/local/share/pop3d.pem /var/qmail/supervise/qmail-pop3ds/pop3ds.pem;

vi /var/qmail/supervise/qmail-pop3ds/run;
-------------------------------------------------------------------------------
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec tcpserver -H -R -v -c100 0 995 /usr/sbin/stunnel \
/var/qmail/supervise/qmail-pop3ds/pop3ds.conf
-------------------------------------------------------------------------------
chmod 751 /var/qmail/supervise/qmail-pop3ds/run;

vi /var/qmail/supervise/qmail-pop3ds/log/run;
-------------------------------------------------------------------------------
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec setuidgid qmaill multilog t s1000000 n20 /var/log/qmail/qmail-pop3ds 2>&1
-------------------------------------------------------------------------------
chmod 751 /var/qmail/supervise/qmail-pop3ds/log/run;

vi /var/qmail/supervise/qmail-pop3ds/pop3ds.conf;
-------------------------------------------------------------------------------
cert = /var/qmail/supervise/qmail-pop3ds/pop3ds.pem
foreground = yes
output = /var/log/qmail/qmail-pop3ds/pop3ds.log
debug = 5
client = no
exec = /var/qmail/bin/qmail-popup
execargs = /var/qmail/bin/qmail-popup test.com /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 2>&1
-------------------------------------------------------------------------------

ln -s /var/qmail/supervise/qmail-pop3ds /service;

svc-stop /service/qmail-pop3ds;
svc-start /service/qmail-pop3ds;
===============================================================================


===============================================================================
2) 修改qmailctl控制文档;
===============================================================================
vi /var/qmail/bin/qmailctl;
-------------------------------------------------------------------------------
#!/bin/sh
# For Red Hat chkconfig
# chkconfig: - 80 30
# description: the qmail MTA
PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin
export PATH
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
case "$1" in
start)
echo "Starting qmail..."
echo ""
if svok /service/qmail-send ; then
svc -u /service/qmail-send /service/qmail-send/log
echo "Starting qmail-send"
else
echo "qmail-send supervise not running"
fi
if svok /service/qmail-smtpd ; then
svc -u /service/qmail-smtpd /service/qmail-smtpd/log
echo "Starting qmail-smtpd"
else
echo "qmail-smtpd supervise not running"
fi
if svok /service/qmail-pop3d ; then
svc -u /service/qmail-pop3d /service/qmail-pop3d/log
echo "Starting qmail-pop3d"
else
echo "qmail-pop3d supervise not running"
fi
if svok /service/qmail-pop3ds ; then
svc -u /service/qmail-pop3ds /service/qmail-pop3ds/log
echo "Starting qmail-pop3ds"
else
echo "qmail-pop3ds supervise not running"
fi
if [ -d /var/lock/subsys ]; then
touch /var/lock/subsys/qmail
fi
;;
stop)
echo "Stopping qmail..."
echo ""
echo " qmail-smtpd"
svc -d /service/qmail-smtpd /service/qmail-smtpd/log
echo " qmail-send"
svc -d /service/qmail-send /service/qmail-send/log
echo " qmail-pop3d"
svc -d /service/qmail-pop3d /service/qmail-pop3d/log
echo " qmail-pop3ds"
svc -d /service/qmail-pop3ds /service/qmail-pop3ds/log
if [ -f /var/lock/subsys/qmail ]; then
rm /var/lock/subsys/qmail
fi
;;
stat)
svstat /service/qmail-send
svstat /service/qmail-send/log
svstat /service/qmail-smtpd
svstat /service/qmail-smtpd/log
svstat /service/qmail-pop3d
svstat /service/qmail-pop3d/log
svstat /service/qmail-pop3ds
svstat /service/qmail-pop3ds/log
qmail-qstat
;;
doqueue|alrm|flush)
echo "Flushing timeout table and sending ALRM signal to qmail-send."
/var/qmail/bin/qmail-tcpok
svc -a /service/qmail-send
;;
queue)
qmail-qstat
qmail-qread
;;
reload|hup)
echo "Sending HUP signal to qmail-send."
svc -h /service/qmail-send
;;
pause)
echo "Pausing qmail-send"
svc -p /service/qmail-send
echo "Pausing qmail-smtpd"
svc -p /service/qmail-smtpd
echo "Pausing qmail-pop3d"
svc -p /service/qmail-pop3d
echo "Pausing qmail-pop3ds"
svc -p /service/qmail-pop3ds
;;
cont)
echo "Continuing qmail-send"
svc -c /service/qmail-send
echo "Continuing qmail-smtpd"
svc -c /service/qmail-smtpd
echo "Continuing qmail-pop3d"
svc -c /service/qmail-pop3d
echo "Continuing qmail-pop3ds"
svc -c /service/qmail-pop3ds
;;
restart)
echo "Restarting qmail:"
echo "* Stopping qmail-smtpd."
svc -d /service/qmail-smtpd /service/qmail-smtpd/log
echo "* Sending qmail-send SIGTERM and restarting."
svc -t /service/qmail-send /service/qmail-send/log
echo "* Sending qmail-pop3d SIGTERM and restarting."
svc -t /service/qmail-pop3d /service/qmail-pop3d/log
echo "* Sending qmail-pop3ds SIGTERM and restarting."
svc -t /service/qmail-pop3ds /service/qmail-pop3ds/log
echo "* Restarting qmail-smtpd."
svc -u /service/qmail-smtpd /service/qmail-smtpd/log
;;
cdb)
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
chmod 644 /etc/tcp.smtp.cdb
echo "Reloaded /etc/tcp.smtp."
;;
help)
cat <<HELP
stop -- stops mail service (smtp connections refused, nothing goes out)
start -- starts mail service (smtp connection accepted, mail can go out)
pause -- temporarily stops mail service (connections accepted, nothing leaves)
cont -- continues paused mail service
stat -- displays status of mail service
cdb -- rebuild the tcpserver cdb file for smtp
restart -- stops and restarts smtp, sends qmail-send a TERM & restarts it
doqueue -- schedules queued messages for immediate delivery
reload -- sends qmail-send HUP, rereading locals and virtualdomains
queue -- shows status of queue
alrm -- same as doqueue
flush -- same as doqueue
hup -- same as reload
HELP
;;
*)
echo "Usage: $0 {start|stop|restart|doqueue|flush|reload|stat|pause|cont|cdb|queue|help}"
exit 1
;;
esac
exit 0

第十四：安裝Vqadmin管理工具===============================================================================
(1) 簡介;
Vqadmin是給主機管理者使用的管理工具.它可以同Qmailadmin一起使用,用戶可以用Qmailadmin來管理他們自己的域名,但不能添加和刪除域名,而主機管理者(提供虛擬郵箱服務的ISP公司)則可以用Vqadmin來添加和刪除域名.參考網頁: http://www.inter7.com/index.php?page=vqadmin
vqadmin is a web based control panel that allows system administrators to perform actions which require root access — for example, adding and deleting domains. The cgi is authenticated using Apache style htpasswd files. A user based ACL provides control over what actions can be performed, such as adding/deleting a domain or accessing user email account information to allow modification of user passwords and quotas. Account service restrictions include enabling or disabling of pop access, authentication based smtp relay control, courier-imap access and sqwebmail access. vqadmin and qmailadmin work together. While qmailadmin can be used to allow users to administer their own domains, they are unable to create new domains. Creation or deletion of domains is normally associated with the owner/admins of the machine. vqadmin is a root level tool for owner/admins or their technical support staff.
(2)特性(Features);
Add / Delete virtual email domains Change user passwords, quotas Turn off account services such as pop, imap, web email or smtp relay Written in C for speed Uses html templates Access control lists to limit groups of users to different levels of features Support for multiple languages based on dictionary files.

(3) 安裝和配置(Installing and configuring)vQadmin
cd /usr/local/src/qmail/vpopmail/;
wget http://www.inter7.com/vqadmin/vqadmin-2.3.2.tar.gz;
tar zxvf vqadmin-2.3.2.tar.gz;
cd vqadmin-2.3.2;

./configure;
觀察編譯結果(Current settings):
-----------------------------------------------------------
vpopmail directory = /home/vpopmail
               uid = 809
               gid = 809
       cgi-bin dir = /var/www/cgi-bin
       vqadmin dir = /var/www/cgi-bin/vqadmin
-----------------------------------------------------------
請注意: 上述資料是編譯程序自動檢測到的當前系統參數
make;
make install;        #或可執行 make install-strip;
檢查安裝結果:
ll /var/www/cgi-bin/vqadmin/;        #(正常應該顯示如下);
-----------------------------------------------------------
drwxr-xr-x 2 vpopmail vchkpw  4096 Jul  5 02:30 html
-rw-r--r-- 1 vpopmail vchkpw   864 Jul  5 02:30 vqadmin.acl
-rwsr-sr-x 1 root     root   96292 Jul  5 02:30 vqadmin.cgi
-----------------------------------------------------------

檢查訪問列表文檔內容:
Now you want to edit your vqadmin.acl file, which is your access list definitions. Please read that file for information on how to define users and usergroups.If you haven't changed anything else, and your libraries are set properly, typing 'make' here should compile the CGI with no errors. Once that's done, typing 'make install' should install the CGI. Any errors that appear during these two command-line operations are going to be very hard to document because of the system-specific nature of this portion of the installation. (See section 5)
vi /var/www/cgi-bin/vqadmin/vqadmin.acl; #(預設內容如下):
-----------------------------------------------------------
# Access List Definitions
# vol@inter7.com
# Default group contains permissions for all users
# not listed under any groups
# If the default group is not defined, users not
# listed under any other groups will have no
# permissions.
# Examples follow...
default - ...
# Access permissions:
# V View user information
# I View domain information
# M Modify user information
# U Modify domain information
# C Create user
# A Create domain
# D Delete user
# X Delete domain
# These features will still appear in the HTML templates
# if the user doesn't have access to them, however, they will
# get a permission denied error if they try to make use of
# them.
tech VI tech1user
admin VIMUDCA admin1user
# An asterisk in the features field specifies that you
# want all users in this group to have access to
# all features.
senior * admin
-----------------------------------------------------------
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
(4) 配置Apache訪問特性;
-------------------------------------------------------------------------------
vQadmin will require it's own CGI-allowed, access-protected, directory to operate. First, you will need to create a <Directory> tag inside your Apache configuration, which sets the directory to have ExecCGI permissions, allows the directory to override authority, and sets the directory to deny everyone by default. vQadmin will not function without this setup.

vi /etc/httpd/conf/httpd.conf; #指定CGI目錄權限
------------------------------------------------
<Directory "/var/www/cgi-bin/vqadmin">
    deny from all
    Options ExecCGI
    AllowOverride AuthConfig
    Order deny,allow
</Directory>
------------------------------------------------

After you've created the directory, you will need to create an htaccess for the directory so Apache knows how to authenticate users trying to access the directory. In our example directory /usr/local/apache/cgi-bin/vqadmin,you'd create a '.htaccess' file describing the uthentication we're using. You should store the password file somewhere the webserver isn't capable of displaying, such as the conf directory. The realm (AuthName) is not important, so you may call it whatever you'd like. You will want to chown the file to the webserver user, and chmod it 600.
vi /var/www/cgi-bin/vqadmin/.htaccess; #(請輸入或修正如下內容):
----------------------------------------------------------------
AuthType Basic
AuthUserFile /etc/httpd/conf/vqadmin.passwd
AuthName vqadmin
require valid-user
satisfy any
----------------------------------------------------------------
請注意: 上述AuthUserFile參數用來指定Apache的訪問用戶的密碼文檔;此路徑應根據當前系統的具體情況來設置,當然也同樣要考慮安全因素, 即必需屏蔽Apache對此文件的的讀取權限.
生成用戶和密碼:
/usr/bin/htpasswd -bc /etc/httpd/conf/vqadmin.passwd test test;
cat /etc/httpd/conf/vqadmin.passwd;        #(檢查生成結果,正常內容如下)
-------------------------------------------------------------------------------
test:y2YuuPonneHUU
-------------------------------------------------------------------------------

關于htpasswd命令的參考資料:
-------------------------------------------------------------------------------
Now, create a user.  In your Apache installation root directory, under the bin subdirectory is a program called 'htpasswd'.  This program is used to create, and maintain the vqadmin.passwd file.
  Usage:
        htpasswd [-cmdps] passwordfile username
        htpasswd -b[cmdps] passwordfile username password

   -c  Create a new file.
   -m  Force MD5 encryption of the password.
   -d  Force CRYPT encryption of the password (default).
   -p  Do not encrypt the password (plaintext).
   -s  Force SHA encryption of the password.
   -b  Use the password from the command line rather than prompting for it.
  On Windows and TPF systems the '-m' flag is used by default.
  On all other systems, the '-p' flag will probably not work.

We're only interested in the c (or maybe b) option for now. To create a vqadmin.passwd file, with a login of 'test', and a password of 'test'.
-------------------------------------------------------------------------------
提示: 可用 whereis htpasswd 命令尋找 htpasswd 的路徑;
That's it. Just remember that you made a user named 'test'!  You need to know this for configuring vqadmin.After you've done all this, you'll need to reload your configuration files.
使用方法:
重新啟動Apache服務,然后在IE中打開如下網址:
http://xxx.xxx.xxx.xxx/cgi-bin/vqadmin/vqadmin.cgi

c2shield

7) 配置ClamAV运行权限;(若前面的安裝步驟中用了QHPSI來調用ClamAV,則可忽略此步驟)
===============================================================================
为配合qmail-scanner同時調用ClamAV來掃描電郵,ClamAV必须配置为以qscand的身份來运行.
service clamd stop;

-------------------------------------------------------------------------------
(a)修改clamav的运行者身份:
-------------------------------------------------------------------------------
vi /etc/clamd.conf;        #找到User设置项目,请按如下修改:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#User clamav
User qscand
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

vi /etc/freshclam.conf;        #找到DatabaseOwner设置项目,请按如下修改:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#DatabaseOwner clamav
DatabaseOwner qscand
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
(b)修改DatabaseDirectory目录的用户所有权:
-------------------------------------------------------------------------------
vi /etc/clamd.conf;        #找到DatabaseDirectory设置项目,请注意此项目的值,例如:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
DatabaseDirectory /var/clamav
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
chown -R qscand:qscand /var/clamav;        #修改此目录的权限;

vi /etc/freshclam.conf;        #找到DatabaseDirectory设置项目,请注意此项目的值,例如:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
DatabaseDirectory /var/clamav
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
chown -R qscand:qscand /var/clamav;        #修改此目录的权限;
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
(c)修改PidFile和LocalSocket目录的用户所有权:
-------------------------------------------------------------------------------
vi /etc/clamd.conf;        #找到PidFile和LocalSocket设置项目,请注意此项目的值,例如:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PidFile /var/run/clamav/clamd.pid
LocalSocket /tmp/clamd
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
chown -R qscand:qscand /var/run/clamav;        #修改PidFile文件所在目录的权限;
chown -R qscand:qscand /tmp/clamd;        #修改LocalSocket目录的权限;

vi /etc/freshclam.conf;        #找到PidFile和LocalSocket设置项目,请注意此项目的值,例如:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#PidFile /var/run/freshclam.pid
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
若freshclam.conf中没有启动PidFile项目,可忽略此项目的修改,否则可参照上面修改;
若freshclam.conf中没有LocalSocket项目,可忽略此项目的修改,否则可参照上面修改;
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
(d)修改LogFile目录的用户所有权:
-------------------------------------------------------------------------------
vi /etc/clamd.conf;        #找到LogFile设置项目,请注意此项目的值,例如:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
LogFile /var/log/clamav/clamd.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
chown -R qscand:qscand /var/log/clamav;        #修改LogFile文件所在目录的权限;

vi /etc/freshclam.conf;        #找到UpdateLogFile设置项目,请注意此项目的值,例如:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
UpdateLogFile /var/log/clamav/freshclam.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
chown -R qscand:qscand /var/log/clamav;        #修改UpdateLogFile文件所在目录的权限;
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
(e)修改syslog生成日志文件的用户属性:
-------------------------------------------------------------------------------
vi /etc/logrotate.d/clamav;        #将如下create行中原文clamav该为qscand
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/log/clamav/clamd.log {
        missingok
        notifempty
        create 644 qscand qscand
        postrotate
                killall -HUP clamd 2>/dev/null || :
        endscript
}
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

vi /etc/logrotate.d/freshclam;        #将如下create行中原文clamav该为qscand
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/log/clamav/freshclam.log {
        missingok
        notifempty
        create 644 qscand qscand
}
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
请注意: 此处修改指定syslog生成新的轮循日志文件的用户属性,可以保证新日志符合权限要求,否则clamd会拒绝启动;
-------------------------------------------------------------------------------

service clamd start;        #重新启动clamd

注意: 上述修改必须小心检查,才可以确保clamav获得稳定持续的运行权限;
===============================================================================


===============================================================================
9. 执行qmail-scanner安装资源包中的测试程序:
===============================================================================
./contrib/test_installation.sh -doit;        #一切正常的话,应该返回如下信息:
-------------------------------------------------------------------------------
Sending standard test message - no viruses...
done!

Sending eicar test virus - should be caught by perlscanner module...
done!

Sending eicar test virus with altered filename - should only be caught by commercial anti-virus modules (if you have any)...

Sending bad spam message for anti-spam testing - In case you are using SpamAssassin...
Done!

Finished test. Now go and check Email sent to postmaster@hung.uplooking.com
-------------------------------------------------------------------------------

如果返回如下错误信息,是因为qmail-scanner和clamav运行身份无法协调的问题:
-------------------------------------------------------------------------------
Sending standard test message - no viruses...
qmail-inject: fatal: qq temporary problem (#4.3.0)
Bad error. qmail-inject died
-------------------------------------------------------------------------------
请参考上一步骤(配置ClamAV运行权限)中是否遗漏了需要修改的部分;
===============================================================================

===============================================================================
9) 设置扫描脚本,并在Qmail中应用扫描系统;
===============================================================================
修改扫描脚本,以符合我们的要求:
vi /var/qmail/bin/qmail-scanner-queue.pl;        #找到$spamc_subject='';改成如下:
-------------------------------------------------------------------------------
$spamc_subject='+++++Trash+++++';
-------------------------------------------------------------------------------

在qmail的smtpd启动脚本加入扫描语句:
vi /service/qmail-smtpd/run;        #在开始处加入QMAILQUEUE环境变数,如下:
-------------------------------------------------------------------------------
#!/bin/sh
export BASE64=""
export QHPSI="clamdscan"
export QHPSIARG1="--no-summary"
export REPLY554="{virus found [see: http://www.fehcom.de/emailolicy.html]}"
export BADMIMETYPE=""
export BADLOADERTYPE="M"
export SMTPAUTH=""
export BOUNCEMAXBYTES=""
QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl
export QMAILQUEUE
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exit 1
fi
exec softlimit -m 30000000 \
tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp rblsmtpd \
/var/qmail/bin/qmail-smtpd \
/home/vpopmail/bin/vchkpw /bin/true 2>&1
-------------------------------------------------------------------------------

重起qmail的smtpd并测试运行结果;
qmailctl restart;

观察主要的排错监测日志:
-------------------------------------------------------------------------------
vi /var/spool/qscan/quarantine.log;
vi /var/spool/qscan/qmail-queue.log;
vi /var/log/clamd.log;
vi /var/log/maillog;
-------------------------------------------------------------------------------