- 论坛徽章:
- 0
|
FreeBSD6.1 ExtMail Solution Howto
.line {border: 1px solid #ccc; padding:5px;}
.sm_title {font-weight: bold;}
pre {padding:5px}
body {font-size: 14px}
h3 {background-color: #ccc;padding:2px}
img {border:0px; margin-bottom:5px}
版权声明:
本文版权归作者所有,如其他个人、第三方网站或媒体报刊等需转载全文或节选,为支持我们的工作,请务必注明如下信息:
如果因此而给您带来麻烦,请您原谅,谢谢合作。
关于此文
本文档以2005-07-25的早期文档为蓝本,以ports系统为基础。所涉及软件全部是OpenSource软件,版权以GPL为主,作为企业应用没有任何版权/法律问题。
编写本文的初衷,是给那些希望快速架设邮件系统而不想过多了解复杂的系统知识的网管/用户,为了使软件之间的结合更紧密,部分软件的配置及测试方面进行了增强改进,因此本文的一些操作步骤作者不能保证在其他场合能完全适用,敬请注意。
本文假定读者是在FreeBSD 6.x平台上安装,并具有一定的Unix平台 /FreeBSD平台系统经验,懂得ports基本命令及常规的系统操作,如文件的删除,目录创建,改名,和vi编辑器的基本使用等。
文档目录
ExtMail Solution 结构
ExtMail Solution 是一个基于优秀开源软件的电子邮件系统解决方案,核心部件包括了Postfix, Amavisd-new, ClamAV, ExtMail 和ExtMan, Courier系列软件。是一个功能相对比较齐全的免费电子邮件系统。以下是其主要的特性列表:
- 支持SMTP/POP3/IMAP/HTTP协议
- 支持SMTPs/POP3s/IMAPs/HTTPs协议
- 支持SMTP认证及ESMTP
- 可支持大容量邮箱(大于1GB)
- 高速Web界面访问邮箱
- 完整的Web管理后台
- 在线服务端病毒过滤
- 内建内容过滤
- SMTP行为识别垃圾邮件
- 支持大量反垃圾邮件技术
- 图形化邮件日志分析
- 支持别名/多域/域管理员等
- 支持网络磁盘/POP3邮件
- 支持读/写HTML格式邮件
- 支持定制模板及多语言
- 支持邮件列表管理,基于WEB端
整个邮件解决方案由如下软件组成:
功能模块
内容
备注
操作系统(OS)
FreeBSD 6.x
FreeBSD是一个优秀的unix操作系统,基于宽松的BSD协议
邮件传输代理(MTA)
Postfix 2.3
使用2.3,ports中的postfix已经是最新的2.3版
数据库/目录服务
OpenLDAP 2.3
可选MySQL或其他LDAP ,本文以OpenLDAP为蓝本
邮件投递代理(MDA)
maildrop 2.0.x
支持过滤和强大功能
Web帐户管理后台
ExtMan 0.16-pre1
支持无限域名、无限用户
POP3 服务器
Courier-IMAP
支持pop3/pop3s/imap/imaps,功能强大,可根据需要选择
WebMail 系统
ExtMail 0.24-pre8
支持多语言、全部模板化,功能基本齐全
防病毒软件(Anti-Virus)
ClamAV 0.88
最热门的开源杀毒软件
SMTP阶段反垃圾邮件工具
Spam Locker 0.083
基于SMTP行为识别的Antispam软件,大量可选插件
内容过滤器
Amavisd-new 2.4.x
Content-Filter软件,支持与clamav/sa的挂接
内容级别的反垃圾邮件工具
SpamAssassin
著名的SA,可以支持大量规则,但速度慢
SMTP认证库
Cyrus SASL 2.1x
标准的SASL实现库,可以支持Courier authlib
其他数据认证库
Courier Authlib 0.58
authlib是maildrop, courier-imap等服务的关键部件
日志分析及显示
mailgraph_ext
在ExtMan中已经包含了
Web 服务器
Apache 2.2.x
最新版的apache服务器,默认支持ssl模块
maillist软件
Mailman2.1.x
功能强大的邮件列表软件,支持基于web的管理
操作系统安装
操作系统的安装建议参考FreeBSD Handbook,在此仅给出链接,以避免不必要的重复劳动:
安装时的注意事项
1,磁盘分区
由于是邮件系统,相关的日志和queue都会保存在var分区内,因此var分区要有足够的空间。以一块硬盘73G/内存2G的服务器为例,可做如下分区: / 512m
swap 4096m
/var 55g
/tmp 512m
/usr 13g(剩下所有的空间尽量保证有10G左右)
2,软件包的选择
我们的邮件系统是要对外服务的,所以尽可能少的选择软件包,安装时建议选择Minimal,然后进入Custom选择doc,info,man,src即可。
配置
1,编辑/etc/rc.conf确保有如下内容: sshd_enable="YES"
named_enable="YES"
sendmail_enable="NONE"
编辑/etc/resolv.conf确保第一条nameserver记录是127.0.0.1,类似如下: domain extmail.org
nameserver 127.0.0.1
nameserver 202.106.0.20
然后执行如下命令:
#cd /etc/namedb/ && sh make-localhost
2,根据硬件的配置重新编译内核,编译内核的办法参考FreeBSD Handbook,这里只给出链接:
编译后系统的性能将得到较大的提升.
更新ports
根据你的情况执行
cvsup -gL2 /usr/share/examples/cvsup/ports-supfile -h cvsup.freebsdchina.org 或者
portsnap fetch && portsnap update
下载ExtMail Solution软件包
基本假定
整个系统的安装全过程都要求以root身份执行,如果机器没有访问外部网络的能力,则事先下载好ExtMail Solution软件包,并用ftp以sysadmin帐户的身份,上载到服务器。
下载软件包我们统一将软件包下载到/root目录里。 su -
cd /root
fetch
http://www.extmail.org/source/ExtMail-Solution-FreeBSD-0.1.tar.gz
解压
目前最新的ExtMail-Solution软件包版本号为0.1,软件包文件名为:ExtMail-Solution-FreeBSD-0.1.tar.gz,下载回来后,在/root目录解开:
tar xfz ExtMail-Solution-FreeBSD-0.1.tar.gz
此外,我们假设本次安装默认域是extmail.org,主机名为:mail.extmail.org,IP地址为192.168.1.111, ExtMail Solution的文件目录是/root/ExtMail-Solution-0.1/
重要步骤:
我们进入/root/ExtMail-Solution-0.1/目录,该目录下包括如下文件/目录: conf/
docs/
src/
README
其中conf/目录是相关配置文件的一个参考,src目录则是存放webmail, anti-spam等相关软件的源码,而README则是说明文件,docs目录则是本文档相关的html及图片。
下文所涉及的操作,绝大部分都是发生在/root/ExtMail-Solution-0.1目录里,请确保当前目录为:/root/ExtMail-Solution-0.1
安装前的准备
增加一个存储邮件的帐号和组(vmail)执行如下命令 pw group add vmail -g 1000
pw user add vmail -u 1000 -g 1000 -s /sbin/nologin -d /dev/null
给test用户创建路径需要一个测试帐号test@extmail.org,需要准备该账号的路径。 mkdir -p /var/domains/extmail.org/test/Maildir/new
mkdir -p /var/domains/extmail.org/test/Maildir/cur
mkdir -p /var/domains/extmail.org/test/Maildir/tmp
chown -R vmail:vmail /var/domains/
chmod -R 700 /var/domains/
OpenLDAP的安装和配置
OpenLDAP的安装
安装时选择: SASL
TCP_WRAPPERS
BDB
DYNAMIC_BACKENDS
SLUPD
cd /usr/ports/net/openldap23-server/ && make install clean
OpenLDAP的配置
编辑/etc/hosts或者修改你的DNS服务器,增加如下两个域名。 192.168.1.111 ldap.extmail.org
192.168.1.111 ldap-master.extmail.org
拷贝extmail.schema到OpenLDAP的schema目录
cp conf/extmail.schema /usr/local/etc/openldap/schema/
编辑/usr/local/etc/openldap/slapd.conf文件,内容类似如下: include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/extmail.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix "dc=extmail.org"
rootdn "cn=Manager,dc=extmail.org"
rootpw secret
directory /var/db/openldap-data
index objectClass eq
编辑/usr/local/etc/openldap/ldap.conf文件,内容类似如下: BASE dc=extmail.org
URI ldap://ldap.extmail.org ldap://ldap-master.extmail.org:398
SIZELIMIT 12
TIMELIMIT 15
DEREF never
编辑/etc/rc.conf,增加如下一行
slapd_enable="YES"
启动并初始化LDAP /usr/local/etc/rc.d/slapd start
ldapadd -x -D 'cn=Manager,dc=extmail.org' -w secret -f conf/init.ldif
OpenLDAP配置完成
安装配置courier-imap POP3/IMAP
Courier-imap的安装
安装时选择: OPENSSL
TRASHQUOTA
AUTH_LDAP
cd /usr/ports/mail/courier-imap/ && make install clean
Authlib的配置
编辑/usr/local/etc/authlib/authdaemonrc文件,内容类似如下: authmodulelist="authldap"
authmodulelistorig="authldap"
daemons=5
authdaemonvar=/var/run/authdaemond
subsystem=mail
DEBUG_LOGIN=0
DEFAULTOPTIONS="wbnodsn=1"
LOGGEROPTS=""
编辑/usr/local/etc/authlib/authldaprc文件,内容类似如下: LDAP_PORT 389
LDAP_PROTOCOL_VERSION 3
LDAP_BASEDN o=extmailAccount,dc=extmail.org
LDAP_BINDDN cn=Manager,dc=extmail.org
LDAP_BINDPW secret
LDAP_TIMEOUT 5
LDAP_MAIL mail
LDAP_FILTER (active=1)
LDAP_GLOB_UID vmail
LDAP_GLOB_GID vmail
LDAP_HOMEDIR homeDirectory
LDAP_MAILROOT /var/domains
LDAP_MAILDIRQUOTA mailQuota
LDAP_CRYPTPW userPassword
LDAP_DEREF never
LDAP_TLS 0
配置支持POP3s拷贝一份配置文件
cp /usr/local/etc/courier-imap/pop3d.cnf.dist /usr/local/etc/courier-imap/pop3d.cnf
编辑/usr/local/etc/courier-imap/pop3d.cnf文件,类似如下: RANDFILE = /usr/local/share/courier-imap/pop3d.rand
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
C=CN
ST=BJ
L=Bei Jing
O=Extmail
OU=Extmail
CN=extmail.org
emailAddress=chifeng@gmail.com
[ cert_type ]
nsCertType = server
执行如下命令产生供POP3s使用的key
/usr/local/sbin/mkpop3dcert
配置支持IMAPs
拷贝一份配置文件
cp /usr/local/etc/courier-imap/imapd.cnf.dist /usr/local/etc/courier-imap/imapd.cnf 编辑/usr/local/etc/courier-imap/imapd.cnf文件,类似如下: RANDFILE = /usr/local/share/courier-imap/imapd.rand
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
C=CN
ST=BJ
L=Bei Jing
O=Extmail
OU=Extmail
CN=extmail.org
emailAddress=chifeng@gmail.com
[ cert_type ]
nsCertType = server
执行如下命令产生供IMAP使用的key
/usr/local/sbin/mkimapdcert
配置自动启动
编辑/etc/rc.conf文件,添加如下行: courier_authdaemond_enable="YES"
courier_imap_pop3d_enable="YES"
courier_imap_imapd_enable="YES"
courier_imap_pop3d_ssl_enable="YES"
courier_imap_imapd_ssl_enable="YES"
这5行的作用分别是在开机时:启动authdaemond,启动pop3d,启动imapd,启动pop3d-ssl,启动imapd-ssl。也可以使用命令行来控制这些进程的启动或者停止。 /usr/local/etc/rc.d/courier-authdaemond start/stop
/usr/local/etc/rc.d/courier-imap-pop3d.sh start/stop
/usr/local/etc/rc.d/courier-imap-imapd.sh start/stop
/usr/local/etc/rc.d/courier-imap-pop3d-ssl.sh start/stop
/usr/local/etc/rc.d/courier-imap-imapd-ssl.sh start/stop
Postfix的安装和配置-MTA
安装postfix
安装时选择: PCRE
SASL2
TLS
OPENLDAP
VDA
TEST
cd /usr/ports/mail/postfix/ && make install clean
配置postfix
编辑/etc/rc.conf,增加如下一行
postfix_enable="YES" 编辑/etc/aliases,确保有如下一行
postfix: root 编辑/etc/periodic.conf daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"
执行如下命令 newaliases
chown postfix:postfix /etc/opiekeys
postconf -e 'mydomain = extmail.org'
postconf -e 'myhostname = mail.extmail.org'
postconf -e 'myorigin = $mydomain'
postconf -e 'virtual_mailbox_base = /var/domains'
postconf -e 'virtual_uid_maps=static:1000'
postconf -e 'virtual_gid_maps=static:1000'
编辑/usr/local/etc/postfix/ldap_virtual_alias_maps.cf server_host = localhost
search_base = o=extmailAlias,dc=extmail.org
query_filter = (&(objectClass=extmailAlias)(mailLocalAddress=%s)(active=1))
result_attribute = mail
cache = no
bind = no
scope = sub
编辑/usr/local/etc/postfix/ldap_virtual_mailbox_maps.cf server_host = localhost
search_base = o=extmailAccount,dc=extmail.org
query_filter = (&(objectClass=extmailUser)(mail=%s)(active=1))
result_attribute = mailMessageStore
cache = no
bind = no
scope = sub
编辑/usr/local/etc/postfix/ldap_virtual_domains_maps.cf server_host = localhost
search_base = o=extmailAccount,dc=extmail.org
query_filter = (&(objectClass=extmailDomain)(virtualDomain=%s)(active=1))
result_attribute = virtualDomain
cache = no
bind = no
scope = sub
执行如下命令对查询表进行配置 postconf -e 'virtual_alias_maps = $alias_maps, ldap:/usr/local/etc/postfix/ldap_virtual_alias_maps.cf'
postconf -e 'virtual_mailbox_maps = ldap:/usr/local/etc/postfix/ldap_virtual_mailbox_maps.cf'
postconf -e 'virtual_mailbox_domains = ldap:/usr/local/etc/postfix/ldap_virtual_domains_maps.cf'
SMTP认证设置
编辑/usr/local/lib/sasl2/smtpd.conf pwcheck_method:authdaemond
log_level:3
mech_list:PLAIN LOGIN
authdaemond_path:/var/run/authdaemond/socket
对postfix做如下配置使支持smtp认证 postconf -e 'smtpd_sasl_auth_enable=yes'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_sasl_local_domain = $myhostname'
postfix反垃圾设置
此处的反垃圾邮件只是在MTA级的一些预防垃圾邮件的设置,可根据实际情况以及自己的需要进行调整。 postconf -e 'smtpd_helo_required=yes'
postconf -e 'smtpd_delay_reject=yes'
postconf -e 'disable_vrfy_command=yes'
postconf -e 'smtpd_client_restrictions = check_client_access hash:/usr/local/etc/postfix/client_access'
postconf -e 'smtpd_helo_restrictions=reject_invalid_hostname,check_helo_access hash:/usr/local/etc/postfix/helo_access'
postconf -e 'smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, check_sender_access hash:/usr/local/etc/postfix/sender_access'
postconf -e 'smtpd_recipient_restrictions=permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain'
postconf -e 'smtpd_data_restrictions=reject_unauth_pipelining'
postconf -e 'header_checks=/usr/local/etc/postfix/head_checks'
postconf -e 'body_checks=/usr/local/etc/postfix/body_checks'
touch /usr/local/etc/postfix/head_checks
touch /usr/local/etc/postfix/body_checks
touch /usr/local/etc/postfix/client_access
touch /usr/local/etc/postfix/sender_access
touch /usr/local/etc/postfix/helo_access
postmap /usr/local/etc/postfix/head_checks
postmap /usr/local/etc/postfix/body_checks
postmap /usr/local/etc/postfix/client_access
postmap /usr/local/etc/postfix/sender_access
postmap /usr/local/etc/postfix/helo_access
TLS设置
生成证书,在这里默认私钥的访问密码为123qwe98,请根据自己的情况决定,以后可能会用得到。 mkdir –p /usr/local/etc/postfix/certs/CA
cd /usr/local/etc/postfix/certs/CA
mkdir certs crl newcerts private
echo "01" > serial
touch index.txt
cp /usr/src/crypto/openssl/apps/openssl.cnf .
编辑openssl.cnf,确认dir参数的值是/usr/local/etc/postfix/certs/CA。然后继续执行如下命令,并根据情况输入信息。输入信息类似如下: Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BJ
Locality Name (eg, city) []:Bei Jing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Extmail
Organizational Unit Name (eg, section) []:extmail
Common Name (eg, YOUR name) []:extmail.org
Email Address []:chifeng@gmail.com
命令如下: openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days -3650 -config openssl.cnf
openssl req -nodes -new -x509 -keyout mykey.pem -out myreq.pem -days 3650 -config openssl.cnf
openssl x509 -x509toreq -in myreq.pem -signkey mykey.pem -out tmp.pem
openssl ca -config openssl.cnf -policy policy_anything -out mycert.pem -infiles tmp.pem
rm tmp.pem
cp cacert.pem mycert.pem mykey.pem /usr/local/etc/postfix/certs/
cd /usr/local/etc/postfix/certs/
chown root:wheel cacert.pem mycert.pem
chown cyrus:postfix mykey.pem
chmod 755 cacert.pem
chmod 644 mycert.pem
chmod 440 mykey.pem
ln -s cacert.pem `openssl x509 -noout -hash
配置postfix支持TLS postconf -e 'smtpd_use_tls=yes'
postconf -e 'smtpd_tls_auth_only=no'
postconf -e 'smtp_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem'
postconf -e 'smtp_tls_cert_file = /usr/local/etc/postfix/certs/mycert.pem'
postconf -e 'smtp_tls_key_file = /usr/local/etc/postfix/certs/mykey.pem'
postconf -e 'smtpd_tls_CAfile=/usr/local/etc/postfix/certs/cacert.pem'
postconf -e 'smtpd_tls_cert_file=/usr/local/etc/postfix/certs/mycert.pem'
postconf -e 'smtpd_tls_key_file=/usr/local/etc/postfix/certs/mykey.pem'
postconf -e 'smtpd_tls_received_header=yes'
postconf -e 'smtpd_tls_loglevel=3'
postconf -e 'smtpd_starttls_timeout=60s'
配置master.cf,添加如下信息 smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
Maildrop的安装和配置-MDA
安装maildrop安装时选择ldap
cd /usr/ports/mail/maildrop/ && make WITH_AUTHLIB=yes install clean
修改master.cf修改master.cf的maildrop,类似修改为: #maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
maildrop unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/local/bin/maildrop -w 90 -d ${recipient}
修改main.cfpostconf -e 'virtual_transport=maildrop:'
postconf -e 'maildrop_destination_concurrency_limit=1'
postconf -e 'maildrop_destination_recipient_limit=1'
编辑文件/usr/local/etc/maildroprc确保是如下内容: logfile "/var/domains/maildrop.log"
#logfile "/var/log/maildrop.log"
TEST="/bin/test -f"
#
# Check for custom user .mailfilter file
#
CUSTOM_FILTER="$HOME/.mailfilter"
`$TEST $CUSTOM_FILTER && exit 1 || exit 0`
if ( $RETURNCODE == 0 )
{
to "$HOME/Maildir"
}
安装配置apache
安装apache添加了这两个参数的意思是,支持suexec模块,改变suexec_docroot的路径
cd /usr/ports/www/apache22/ &&make WITH_SUEXEC=yes SUEXEC_DOCROOT=/usr/local/www install clean 安装过程中会要求安装python,安装时选择 THREADS
HUGE_STACK_SIZE
UCS4
PYMALLOC
FPECTL
配置/etc/rc.conf添加如下一行
apache22_enable="YES"
虚拟主机配置编辑/usr/local/etc/apache22/Includes/extmail.conf NameVirtualHost *:80
ServerName mail.extmail.org
DocumentRoot /usr/local/www/extmail/html/
ScriptAlias /extmail/cgi /usr/local/www/extmail/cgi/
Alias /extmail /usr/local/www/extmail/html/
ScriptAlias /extman/cgi "/usr/local/www/extman/cgi/"
Alias /extman "/usr/local/www/extman/html/"
SetHandler cgi-script
Options +ExecCGI
AllowOverride All
AllowOverride None
Options None
Order allow,deny
Allow from all
SuexecUserGroup vmail vmail
配置支持https复制一份证书到apache的目录 mkdir /usr/local/etc/apache22/certs/
cp /usr/local/etc/postfix/certs/*.pem /usr/local/etc/apache22/certs/
编辑文件/usr/local/etc/apache22/Includes/extmail-ssl.conf,内容如下 Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/run/ssl_scache(512000)
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/ssl_mutex
DocumentRoot "/usr/local/www/extmail/html"
ServerName mail.extmail.org:443
ScriptAlias /extmail/cgi /usr/local/www/extmail/cgi/
Alias /extmail /usr/local/www/extmail/html/
ScriptAlias /extman/cgi "/usr/local/www/extman/cgi/"
Alias /extman "/usr/local/www/extman/html/"
ServerAdmin chifeng@gmail.com
ErrorLog /var/log/httpd-error.log
TransferLog /var/log/httpd-access.log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
#SSLCertificateFile /usr/local/etc/apache22/server.crt
#SSLCertificateKeyFile /usr/local/etc/apache22/server.key
SSLCertificateFile /usr/local/etc/apache22/certs/mycert.pem
SSLCertificateKeyFile /usr/local/etc/apache22/certs/mykey.pem
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/httpd-ssl_request.log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SuexecUserGroup vmail vmail
重起一下apache
/usr/local/etc/rc.d/apache22.sh restart
安装配置Extman
安装extman
cp -Rfp src/extman-0.16-pre1 /usr/local/www/extman/
安装LDAP驱动
cd /usr/ports/databases/p5-DBD-LDAP/ && make install clean
配置extman编辑/usr/local/www/extman/webman.cf,修改对应的参数如下 SYS_CONFIG = /usr/local/www/extman/
SYS_LANGDIR = /usr/local/www/extman/lang
SYS_TEMPLDIR = /usr/local/www/extman/html
SYS_MAILDIR_BASE = /var/domains
SYS_PSIZE = 50
SYS_LANG = zh_CN
SYS_CHARSET = gb2312
SYS_DEFAULT_MAXQUOTA = 10000
SYS_DEFAULT_MAXALIAS = 10000
SYS_DEFAULT_MAXUSERS = 1000
SYS_DEFAULT_MAXNDQUOTA = 100
SYS_BACKEND_TYPE = ldap
SYS_LDAP_BASE = dc=extmail.org
SYS_LDAP_RDN = cn=Manager,dc=extmail.org
SYS_LDAP_PASS = secret
SYS_LDAP_HOST = localhost
SYS_LDAP_ATTR_USERNAME = mail
SYS_LDAP_ATTR_PASSWD = userPassword
其他设置执行如下命令 mkdir /var/lib
mkdir /tmp/extman/
chown –R vmail:vmail /tmp/extman/
chmod 700 /tmp/extman/
chmod 600 /usr/local/www/extman/webman.cf
cp extmail-0.24-pre8/libs/Ext/CGI.pm /usr/local/www/extman/libs/Ext/
cp extmail-0.24-pre8/libs/Ext/Config.pm /usr/local/www/extman/libs/Ext/
cp extmail-0.24-pre8/libs/Ext/Lang.pm /usr/local/www/extman/libs/Ext/
cp extmail-0.24-pre8/libs/Ext/Session.pm /usr/local/www/extman/libs/Ext/
cp extmail-0.24-pre8/libs/Ext/Utils.pm /usr/local/www/extman/libs/Ext/
cp extmail-0.24-pre8/libs/Ext/RFC822.pm /usr/local/www/extman/libs/Ext/
配置图形日志安装依赖软件 cd /usr/ports/net/rrdtool && make install clean
cd /usr/ports/devel/p5-File-Tail && make install clean
cd /usr/ports/devel/p5-Time-HiRes && make install clean
安装mailgraph_ext cp -Rfp extman-0.16-pre1/addon/mailgraph_ext/ /usr/local/mailgraph_ext
/usr/local/mailgraph_ext/mailgraph-init start
/usr/local/mailgraph_ext/qmonitor-init start
安装配置Extmail
安装extmail
cp -Rfp extmail-0.24-pre8 /usr/local/www/extmail 复制一份配置文件
cp /usr/local/www/extmail/webmail.cf.default /usr/local/www/extmail/webmail.cf 编辑/usr/local/www/extmail/webmail.cf,修改对应的参数如下 SYS_CONFIG = /usr/local/www/extmail/
SYS_LANGDIR = /usr/local/www/extmail/lang
SYS_TEMPLDIR = /usr/local/www/extmail/html
SYS_SESS_DIR = /tmp/extmail/
SYS_USER_LANG = zh_CN
SYS_USER_CHARSET = gb2312
SYS_MFILTER_ON = 1
SYS_AUTH_TYPE = ldap
SYS_MAILDIR_BASE = /var/domains
SYS_LDAP_BASE = dc=extmail.org
SYS_LDAP_RDN = cn=Manager,dc=extmail.org
SYS_LDAP_PASS = secret
SYS_LDAP_HOST = ldap.extmail.org
SYS_LDAP_ATTR_USERNAME = mail
SYS_LDAP_ATTR_DOMAIN = virtualDomain
SYS_LDAP_ATTR_PASSWD = userPassword
SYS_LDAP_ATTR_QUOTA = mailQuota
SYS_LDAP_ATTR_NDQUOTA = netdiskQuota
SYS_LDAP_ATTR_HOME = homeDirectory
SYS_LDAP_ATTR_MAILDIR = mailMessageStore
执行如下命令 mkdir /tmp/extmail
chown vmail:vmail /tmp/extmail/
chmod 700 /tmp/extmail
测试基本系统
到目前为止,一个基本的邮件系统已经安装完成,他支持了smtp,pop3,imap,webmail。并且支持对应的SSL加密smtps,pop3s,imaps,https。
测试pop3telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK Hello there.
user test@extmail.org
+OK Password required.
pass test
+OK logged in.
list
+OK POP3 clients that break here, they violate STD53.
.
quit
+OK Bye-bye.
Connection closed by foreign host.
测试smtp认证
通过以下命令获得test@extmail.org的用户名及密码的BASE64编码: perl -e 'use MIME::Base64; print encode_base64("test\@extmail.org")'
dGVzdEBleHRtYWlsLm9yZw==
perl -e 'use MIME::Base64; print encode_base64("test")'
dGVzdA==
然后本机测试,其过程如下 telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.extmail.org ESMTP Postfix - by extmail.org
ehlo demo.domain.tld
250-mail.extmail.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
dGVzdEBleHRtYWlsLm9yZw==
334 UGFzc3dvcmQ6
dGVzdA==
235 2.0.0 Authentication successful
quit
221 2.0.0 Bye
最后出现235 Authentication Successful 表明认证成功了。
测试smtpsmail# telnet localhost 25
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.localhostadmin.
Escape character is '^]'.
220 mail.extmail.org ESMTP Postfix
ehlo localhost
250-mail.extmail.org
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
STARTTLS
220 2.0.0 Ready to start TLS
^]
telnet> q
Connection closed.
测试pop3s/imaps
telnet连接本机的993,995端口出现如下提示: telnet localhost 993
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.localhostadmin.
Escape character is '^]'.
^]
telnet> q
Connection closed.
telnet localhost 995
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.localhostadmin.
Escape character is '^]'.
^]
telnet> q
Connection closed.
也可以在OutLook中如下设置进行测试
![]()
测试webmail/extman你能通过如下链接登陆webmail http://mail.extmail.org
https://mail.extmail.org
http://mail.extmail.org/extman
https://mail.extmail.org/extman
内容/病毒过虑
安装amavisd-new安装时选择 LDAP
MILTER
RAR
ARJ
LHA
ARC
ZOO
UNZOO
LZOP
FREEZE
cd /usr/ports/security/amavisd-new && make install clean
安装过程中会提示安装p5-Mail-SpamAssassin,请选择 AS_ROOT
DOMAINKEYS
SSL
PAZOR
SPF_QUERY
RELAY_COUNTRY
TOOLS
配置amavisd.conf修改/usr/local/etc/amavisd.conf文件中对应的选项,如下 $max_servers = 10;
$sa_spam_subject_tag = '[SPAM] ';
$mydomain = 'mail.extmail.org';
$myhostname = 'mail.extmail.org';
@local_domains_maps = qw(.);
$sa_tag_level_deflt = undef;
$sa_tag2_level_deflt = 5.0;
$sa_kill_level_deflt = 5.0;
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_DISCARD;
$virus_admin = "postmaster\@$mydomain";
$mailfrom_notify_admin = "postmaster\@$mydomain";
$mailfrom_notify_recip = "postmaster\@$mydomain";
$mailfrom_notify_spamadmin = "postmaster\@$mydomain";
@whitelist_sender_maps = read_hash("$MYHOME/white.lst");
@blacklist_sender_maps = read_hash("$MYHOME/black.lst");
$spam_quarantine_to = "spam\@$mydomain";
$virus_quarantine_to = "virus\@$mydomain";
$banned_quarantine_to = "spam\@$mydomain";
$hdrfrom_notify_admin = "Content Filter ";
执行如下操作 touch /var/amavis/white.txt
touch /var/amavis/black.txt
chown –R vscan:vscan /var/amavis/
配置postfix对amavisd-new的支持修改/usr/local/etc/postfix/master.cf,增加如下内容 smtp-amavis unix - - n - 4 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o receive_override_options=no_header_body_checks
修改content_filter
postconf –e 'content_filter = smtp-amavis:[localhost]:10024'
配置clamav
安装clamav
cd /usr/ports/security/clamav && make install clean
修改配置文件编辑/usr/local/etc/clamd.conf
User vscan编辑/usr/local/etc/freshclam.conf
DatabaseOwner vscan修改/etc/rc.conf增加两行 clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
修改/usr/local/etc/amavisd.conf,增加如下内容,使amavis-new对clamav的支持 ['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
修改权限设置chown –R vscan:vscan /var/run/clamav/
chown –R vscan:vscan /var/log/clamav/
chown –R vscan:vscan /var/db/clamav/
配置Spamassassin
配置
cd /usr/local/etc/mail/spamassassin/local.cf.sample /usr/local/etc/mail/spamassassin/local.cf 修改/usr/local/etc/mail/spamassassin/local.cf report_safe 1
use_bayes 0
auto_learn 0
bayes_auto_expire 1
skip_rbl_checks 1
use_razor2 0
use_dcc 0
use_pyzor 0
dns_available no
lock_method flock
修改/etc/rc.conf
spamd_enable="YES"
使用Chinese_rules.cf编辑脚本/var/cron/sa.sh #!/bin/sh
cd /tmp/
fetch -q http://www.ccert.edu.cn/spam/sa/Chinese_rules.cf
mv Chinese_rules.cf /usr/local/share/spamassassin/
/usr/local/etc/rc.d/amavisd forcerestart > /dev/null
增加执行权限
chmod +x /var/cron/sa.sh 编辑/etc/crontab,增加一行如下,每周6执行一次
0 0 * * 6 root /var/cron/sa.sh
测试杀毒/内容过滤测试杀毒 telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.extmail.org ESMTP Postfix - by extmail.org
mail from:
250 2.1.0 Ok
rcpt to:
250 2.1.5 Ok
data
354 End data with .
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
.
250 2.0.0 Ok: queued as BC24E85260
quit
221 2.0.0 Bye
Connection closed by foreign host.
maillog中出现如下日至则说明clamav和amavid-new正常工作
Aug 3 15:42:41 mail amavis[730]: (00730-01) Blocked INFECTED (Eicar-Test-Signature), LOCAL [127.0.0.1] [127.0.0.1] -> , quarantine: virus-4JnxM33M2NNc, Message-ID: , mail_id: 4JnxM33M2NNc, Hits: -, 212 ms
安装邮件列表软件mailman
安装mailman安装时选择: POSTFIX
CHINESE
cd /usr/ports/mail/mailman && make MAIL_GID=vmail CGI_GID=vmail install clean
配置/etc/rc.conf增加一行
mailman_enable="YES"
配置postfix支持touch /usr/local/mailman/data/aliases
touch /usr/local/mailman/data/virtual-mailman
postconf -e 'recipient_delimiter=+'
postconf -e 'alias_maps=hash:/etc/aliases, hash:/usr/local/mailman/data/aliases'
postalias /usr/local/mailman/data/aliases
postconf -e 'virtual_alias_maps = ldap:/usr/local/etc/postfix/ldap_virtual_alias_maps.cf, hash:/usr/local/mailman/data/virtual-mailman'
postalias /usr/local/mailman/data/aliases
postmap /usr/local/mailman/data/virtual-mailman
postconf -e 'default_privs = vmail'
postfix reload
配置mailmancd /usr/local/mailman
bin/genaliases
chown -R vmail:mailman /usr/local/mailman/data/aliases*
chown -R vmail:mailman /usr/local/mailman/data/virtual-mailman*
chmod 664 /usr/local/mailman/data/aliases*
chmod 664 /usr/local/mailman/data/virtual-mailman*
cp -Rfp icons/ cgi-bin/icons
cp /usr/local/www/icons/powerlogo.gif cgi-bin/icons/
修改管理员密码,在这里我默认为123qwe98
bin/mmsitepass 编辑/usr/local/mailman/Mailman/mm_cfg.py,增加如下内容 MTA = 'Postfix'
POSTFIX_STYLE_VIRTUAL_DOMAINS = ['lists.extmail.org']
add_virtualhost('lists.extmail.org','lists.extmail.org')
DEFAULT_EMAIL_HOST = 'lists.extmail.org'
DEFAULT_URL_HOST = 'lists.extmail.org'
DEFAULT_SERVER_LANGUAGE = 'zh_CN'
创建一个邮件列表mailmanmailman列表为必须创建的,管理员邮箱使用root@extmail.org,密码使用12345678
bin/newlist mailman
配置apache支持mailman
在文件/usr/local/etc/apache22/Includes/extmail.conf中添加如下内容。
ServerName lists.extmail.org
DocumentRoot /usr/local/mailman/cgi-bin/
ScriptAlias /mailman "/usr/local/mailman/cgi-bin/"
Alias /pipermail /usr/local/mailman/archives/public/
AddDefaultCharset Off
Options FollowSymLinks ExecCGI
AllowOverride None
Order allow,deny
Allow from all
测试以及通过web使用mailman你能通过如下链接管理和查看相关信息,使用密码12345678登陆mailman系统。也可以通过系统管理密码123qwe98创建新的邮件列表。 http://lists.extmail.org/mailman/admin/mailman
http://lists.extmail.org/mailman/listinfo/mailman
http://lists.extmail.org/mailman/create
更强大的功能在登陆列表的web管理界面后你能看到,比如调整显示界面为中文等等。
附加信息以下是补充的ExtMail Solution有关文档,提供了一些维护方法以及技巧等。
只使用pop3
如果你的邮件服务器只打算使用pop3功能不打算使用更多,你可以如下这么做:修改/etc/rc.conf,注释掉pop3s,imap,imaps对应的启动选项 courier_imap_pop3d_enable="YES"
#courier_imap_imapd_enable="YES"
#courier_imap_pop3d_ssl_enable="YES"
#courier_imap_imapd_ssl_enable="YES"
然后停止正在运行中的pop3s,imap,imaps进程 /usr/local/etc/rc.d/courier-imap-imapd-ssl.sh forcestop
/usr/local/etc/rc.d/courier-imap-imapd.sh forcestop
/usr/local/etc/rc.d/courier-imap-pop3d-ssl.sh forcestop
只使用smtp
修改/usr/local/etc/postfix/master.cf,注释掉对应的smtps选项 #smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
然后重新加载以下postfix
postfix reload
只使用https
有时候为了安全,我们可能只能使用https,那么在用户连http://mail.extmail.org的时候,就要自动重定向到https://mail.extmail.org 做起来很简单,修改我们的虚拟主机配置文件(extmail.conf),在虚拟主机配置内添加如下一条指令即可
Redirect / https://mail.extmail.org/ 注意:一定不能添加到ssl的配置文件中,也就是extmail-ssl.conf中,这样会造成重定向的循环。
postfix日常维护
启动postfix
postfix start停止postfix
postfix stop重新读取postfix配置文件
postfix reload立即投递队列中所有邮件(慎用)
postfix flush查看队列邮件 postqueue –p
mailq
postqueue –p |tail
修复队列以及任何权限错误
postfix check查看邮件系统日志
tail –f /var/log/maillog
结束语
通过此文档,读者应该能够较容易地架设一个功能较齐全的电子邮件系统。当使用一段时间后,用户将发现这个系统还有很多比较粗糙的地方,不尽人意。日后,本文档将继续保持更新,逐步将一些高级的设置方法公布出来,争取ExtMail Solution更加完整,力求完美。
TODO 列表
- 增加fastcgi支持
- 增加spam locker支持
- 更精细的Anti-Spam策略及关键字过滤
- 系统安全配置(基于防火墙)
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u/6088/showart_189582.html |
|
免费注册
发表于 2006-10-24 13:14