免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
123下一页
最近访问板块 发新帖
查看: 16989 | 回复: 28

[Mail] 在CentOS5/RHEL5中安装Qmail商业邮件系统(转发) [复制链接]

论坛徽章:
0
发表于 2008-07-21 10:59 |显示全部楼层
系統性能簡介
本文是筆者在業余時間學習和研究Qmail系統時所做的筆記, 全部資料均來自Google網上所搜索到公開資源(Open Source),本文所涉及的所有需下載安裝的資源,均為以GPL授權,而且可提供商業用途的免費軟件.本手册遵守GPL协议,欢迎任何人士加入意见和修改.全文按功能分为十四节,因为太长所以分为多篇来发表.
===============================================================================
目錄指南
===============================================================================
第一節: 安装前的准备;
第二節: 安装Qmail的基本系统;
第三節: 安装协助Qmail运作的工具套件;
第四節: 安装vpopmail虚拟域名管理系统;
第五節: 安装病毒邮件防护系统ClamAV;
第六節: 安装垃圾邮件过滤系统SpamAssassin;
第七節: 設置Qmail的運行腳本;
第八節: 安装Qmailadmin和修正Domain Quota;
第九節: 安装Courier(authlib+imap+sqwebmail+maildrop)和配置SSL支持;
第十節: 安装SquirrelMail;
第十一節: 安装Horde-Webmail;
第十二節: 安装扫描程序qmail-scanner;
第十三節: 配置POP3的SSL支持;
第十四節: 安裝Vqadmin管理工具;

==============================================================================
性能簡介:
===============================================================================
按照本安裝手冊部屬配置的Qmail郵件系統,將會是一個具備完整功能的商業郵件系統,能滿足大中小型企業的電子商務需求,也適合于專門提供電郵服務的ISP網路公司.它具備专業和商業電郵系統的所有標準功能,能保證向商業用戶提供安全,穩定和高效的電子商務.
1) 支持多虚拟域名的设置,每臺主機可支持數千乃至更多個虛擬域名;
2) 支持數據庫來儲存管理信息,用戶信息儲存在MySQL數據庫中(無需Linux系統賬號),增
強了安全性和靈活性;
3) 支持賬戶數目限額和郵箱空間限額:
- 每个域名可设置最大空間容量和郵箱數目,用戶可自行调整郵箱账户的空間大小;
- 用户具有管理功能,包括增加和刪除帳號,設置別名,修改密码以及分配和調整空間;
- 用戶可設置無限制數量的別名(包括轉發);
4) 支持POP3协议接收电邮,支持SSL安全連接,支持SMTP認證;
5) 支持多種Webmail界面管理和收发电邮;
6) 自動掃描進出網關的電郵信息(包括接收,發送和轉發),可以設置使用QHPSI來進行高性能掃描,能有效阻止病毒電郵和过滤垃圾郵件;

===============================================================================
系統管理方式
===============================================================================
啟動Qmail系統: qmailctl start
停止Qmail系統: qmailctl stop

Qmail系統預設的腳本命令集: /var/qmail/bin/
TCP Server 的服務目錄路徑: /service(鏈接/var/qmail/supervise/)

添加,刪除和管理電郵命令集: /home/vpopmail/bin/

一個查詢電郵域名的操作范例:
--------------------------------------------------------------------------------
cd /home/vpopmail/bin/;
./vdominfo test.com                #返回信息如下:
- - - - - - - - - - - - - - - - - - - - - - - - -
domain: test.com
uid:    809
gid:    809
dir:    /home/vpopmail/domains/test.com
users:  2
- - - - - - - - - - - - - - - - - - - - - - - - -

一個添加電郵域名的操作范例:
--------------------------------------------------------------------------------
cd /home/vpopmail/bin/;
./vadddomain test.com;
Please enter password for postmaster:
enter password again:
--------------------------------------------------------------------------------

一個添加電郵帳號的操作范例:
--------------------------------------------------------------------------------
cd /home/vpopmail/bin/;
/vadduser email@test.com
Please enter password for email@test.com:
enter password again:
--------------------------------------------------------------------------------

一個刪除電郵帳號的操作范例:
--------------------------------------------------------------------------------
cd /home/vpopmail/bin/;
./vdeluser email@test.com
--------------------------------------------------------------------------------
一個刪除電郵域名的操作范例:
--------------------------------------------------------------------------------
cd /home/vpopmail/bin/;
./vdeldomain test.com
--------------------------------------------------------------------------------

一個用來添加域名(支持限額)腳本(/home/vpopmail/bin/adddomain.pl)的使用范例:
--------------------------------------------------------------------------------
cd /home/vpopmail/bin/;
./adddomain-hung.pl;
Please input the new domain:test.com
Please enter password for postmaster:
enter password again:
domain testhung1.com has been create success
Please set the pop user quota for the domain:5
set quota success!
--------------------------------------------------------------------------------

電郵域名及此域下的電郵賬戶在這里: /home/vpopmail/domains/
新收郵件目錄: /home/vpopmail/domains/yourdomain/youremailaccount/.Mkdir/new/
已讀郵件目錄: /home/vpopmail/domains/yourdomain/youremailaccount/.Mkdir/cur/

================================================================================
用戶使用方法
================================================================================
超級用戶管理頁面: http://xxx.xxx.xxx.xxx/cgi-bin/qmailadmin
[User Account]         请输入 postmaster
[Domain Name]          请输入 yourdomain
[Password]             请输入 postmasterpassword

普通用戶管理頁面: http://xxx.xxx.xxx.xxx/cgi-bin/qmailadmin
[User Account]         请输入 youremailaccount
[Domain Name]          请输入 yourdomain
[Password]             请输入 yourpassword

用戶網頁電郵: http://xxx.xxx.xxx.xxx/cgi-bin/sqwebmail
[User ID]              请输入 youremail@yourdomain
[Password]             请输入 yourpassword

用戶網頁電郵: http://xxx.xxx.xxx.xxx/squirrelmail/
帐号:                  youremail@yourdomain
密码:           yourpassword

用戶網頁電郵: http://xxx.xxx.xxx.xxx/horde/
使用者名稱:           youremail@yourdomain
密码      :           yourpassword

POP3客户端设置:
主机名称:   xxx.xxx.xxx.xxx
帐户名称:   youremailaccount@yourdomain
邮箱密码:   yourpassword
第一節:安装前的准备
检查Linux系统,调整适合Qmail系统运行的环境,配置用户,组权限和相关目录;
--------------------------------------------------------------------------------
1) 检查系统的C编译环境;
--------------------------------------------------------------------------------
因为Qmail源代码的安装配置档中使用了名称为"cc"的C编译器, 所以, 如果你的系统中没有
相应的名为"cc"的编译命令, 那么就必须修改安装配置档conf-cc和conf-ld, 确保安装程序
能找到适合的C编译器.
在Linux的命令提示行下, 敲入 cc 然后回车:
cc: no input files (注: 这是C编译器返回的反应信息)
如果您得到上面類似"no input files"的反應,這表明在您系統的缺省搜索訪問路徑上有一個
適合于本安裝的,的用的C編譯器.如果没有类似反应,请继续测试執行如下的C編譯命令:
/usr/bin/cc;
/usr/bin/gcc;
/usr/local/bin/cc;
/usr/local/bin/gcc;
/usr/ccs/bin/cc;
如果上面的測試命令沒有一個能起作用,请參考您的系统平台之相關說明文檔,确认您的系统中
有可用的C编译器及其正确的路径; 例如对于Red Hat Linux,可用如下RPM命令來查詢:
rpm -qa | grep gcc;
rpm -qa | grep egcs;
如果上面的測試命令有任何一個能起作用,说明你的系统中有可用的C编译器,但因為路径或名称
不符合本安装的要求,因此在安裝Qmail之前,需要修正Qmail的安裝資源中關于C編譯器的設置档.
在Qmail的源程序中,關于C編譯環境的配置參數包含在名為conf-cc和conf-ld的兩個文件中. 若
要修改配置档conf-cc和conf-ld,请用编辑器打开conf-cc和conf-ld文件, 然后置换文件中所有
的 "cc" 为适合您系統中的C编译器名称即可(通常是在第一行).例如, 如果你的系统中可用的C编译器名为"gcc", 或者是必须带路径访问的"/usr/bin/gcc",那么就请编辑conf-cc和conf-ld两个文件(这两个文件在qmail-1.03的资源当中,后面将要介绍如何下载这些资源), 将文件中的"cc"改为"gcc" 或者"/usr/bin/gcc".
请注意: RedHat系统虽然使用gcc,但通常会有一个名为/usr/bin/cc的连接,并指向/usr/bin/gcc,
这种情况下就不用修改配置档了. (由此亦可见,有另一个比修改配置档更简单的方法,就是建立一个名为 cc 的连接,指向您系统中可用的C编译器即可).

--------------------------------------------------------------------------------
2) 检查系统所需的必要组件(apache+php+mysql和named);
--------------------------------------------------------------------------------
#检查系统组件:
rpm –qa | grep httpd;
rpm –qa | grep php;
rpm –qa | grep mysqld;
rpm –qa | grep bind; (这是检查named, RedHat的Name Server预设是Bind)
请注意: 系统组件对保障Qmail邮件系统的高效运行至关重要,Qmail的各种特性,包括稳定性
和安全性都依赖于这些组件与Linxu操作系统的整合程度,如果尚未安装系统组件,建议重新
安装Linux操作系统,让操作系统的安装程序自动安装和调整这些系统组件,以达至最佳性能.

--------------------------------------------------------------------------------
3) 保证系统能自动启动如下三个组件(在项目前加入*号);
--------------------------------------------------------------------------------
setup; ->System Service;
*  httpd
*  mysqld
*  named
#手工启动相关服务的命令
service httpd start; 或者 service httpd restart;
service mysqld start; 或者 service mysqld restart;
service named start; 或者 service named restart;

--------------------------------------------------------------------------------
4) 关闭SELINUX;
--------------------------------------------------------------------------------
vi /etc/sysconfig/selinux;
#如果看到有此行: SELINUX=enforcing
#请改成如下: SELINUX=disabled
#SELINUX如有改动,必须保存并重新启动Linux: reboot
请注意: 本系统要求关闭SELinux,并非是因为SELinux不支持Qmail系列邮件系统,而是因为在
SELinux下配置完整功能的商业邮件服务相当麻烦.您如果有需要在邮件服务器中启用SELinux,
请参考下列网站:
官方网站: http://www.nsa.gov/selinux/
维基台湾: http://zh.wikipedia.org/wiki/SELinux
维基英文: http://en.wikipedia.org/wiki/SELinux
IBM DW : http://www.ibm.com/developerworks/cn/linux/s-selinux/index.html

--------------------------------------------------------------------------------
5) 如果RedHat系统安装了预设的套件sendmail或postfix,请先刪除它们;
--------------------------------------------------------------------------------
rpm -e --nodeps sendmail;
rpm -e --nodeps postfix;
rpm -e --nodeps sendmail-cf;
刪除sendmail的时候,也许会看到如下的警告信息(RPM删除套件前会备份相关的设置档):
warning: /var/log/mail/statistics saved as /var/log/mail/statistics.rpmsave
warning: /etc/mail/submit.cf saved as /etc/mail/submit.cf.rpmsave
說明: 上述套件其實無需刪除,但為保證Qmail系統的穩定運行,必須確認已經停止其服務,或
更改相應的服務端口,以及調整默認的鏈接.

--------------------------------------------------------------------------------
6) 为了避免已经存在的文件导致相关命令不能正确运行,请先删除以下目录;
--------------------------------------------------------------------------------
rm -rf /var/qmail;
rm -rf /var/log/qmail;
rm -rf /service;
请注意: 这里假设以上目录在您的系统中并未使用,如果在您的系统已经有其他程序应用了
上述目录,请谨慎考虑删除这些目录可那能引起的后果;

--------------------------------------------------------------------------------
7) 需要预先检查的用户和组;
--------------------------------------------------------------------------------
运行Qmail系統需要在Linux系统中添加两个新组和7个新用户,在Qmail的源程序中有一個名為
INSTALL.ids的文件,此文件包含了介紹如何在各種系統中添加用戶和組的命令.如下是此文件
中開頭部分所介紹的,在Solaris,Linux和FreeBSD中添加用戶和組的命令:
vi INSTALL.ids;
On some systems there are commands that make this easy. Solaris and
Linux:
   # groupadd nofiles
   # useradd -g nofiles -d /var/qmail/alias alias
   # useradd -g nofiles -d /var/qmail qmaild
   # useradd -g nofiles -d /var/qmail qmaill
   # useradd -g nofiles -d /var/qmail qmailp
   # groupadd qmail
   # useradd -g qmail -d /var/qmail qmailq
   # useradd -g qmail -d /var/qmail qmailr
   # useradd -g qmail -d /var/qmail qmails

FreeBSD 2.2:
   # pw groupadd nofiles
   # pw useradd alias -g nofiles -d /var/qmail/alias -s /nonexistent
   # pw useradd qmaild -g nofiles -d /var/qmail -s /nonexistent
   # pw useradd qmaill -g nofiles -d /var/qmail -s /nonexistent
   # pw useradd qmailp -g nofiles -d /var/qmail -s /nonexistent
   # pw groupadd qmail
   # pw useradd qmailq -g qmail -d /var/qmail -s /nonexistent
   # pw useradd qmailr -g qmail -d /var/qmail -s /nonexistent
   # pw useradd qmails -g qmail -d /var/qmail -s /nonexistent
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

在本安装手冊中所配置的Qmail系統的運行用戶和組,與上述方式產生的用戶和組稍有不同,因為我們指定了这些组和用户的GID和UID. 采用固定的用戶ID來運行Qmail系統的目的,是為了方便系統后續的升級和遷移等維護工作,這對于需要眾多郵件主機,以及經常需要在各主機之間遷移郵箱用戶的系統,是值得采用的方式.如下是本安裝手冊中將會使用的GID和UID:
GID: 801, 802
UID: 800,801,802.803,804,805,806
Linux系统使用GID和UID来识别用户身份,如果/etc/passwd档中出现两个以上重复ID,那么只有最后一个ID才会是有效用户. 所以,如果您的系統中已經存在这些GID或UID的話,那么安装过程就可能无法正确产生相关的目录和文件,Qmail系统可能会因此而失败.因此,建议您在执行安装之前, 首先检查一下您當前的系统中的用戶和組, 是否已经有别的用戶和組正在使用上述GID和UID. 如果发现系统已经存在上述GID和UID, 那么就要首先修改这些ID数值,以免产生重复ID. 为了保持系统一致性,连续性和易迁移性, 建议您针对你的系统的特性,选择一个并不常用的UID和GID来安装Qmail.尽量采用统一UID和GID来安装您的所有Qmail系统,可以避免系統在后續的維護工作中修改系統的GID和UID.

--------------------------------------------------------------------------------
參考資料: 如要修改操作系统现有用户的GID和UID,请参照如下方法:
--------------------------------------------------------------------------------
vi /etc/passwd;
请记住您要修改的相关ID和其对应的用户名,改完GID和UID后,記得要修改系統中所有此用戶
的文件和目綠,可参照如下的FIND命令来达到目的:
find / -uid [UID] –exec chown [USER] {} \;
find / -gid [GID] –exec chown [GROUP] {} \;
上述[UID]和[GID]为旧用户的ID数值,而[USER]和[GROUP]则是此ID相对应的用户名,例如,若
用户htt原先的UID和GID为801,那么:
find / -uid 801 -exec chown htt {} \; (查找UID为101的文件和目录,改为用户htt的新UID
find / -gid 801 -exec chown .htt {} \; (查找GID为101的文件和目录,改为组htt的新GID  

--------------------------------------------------------------------------------
建立Qmail系统的运行目录,设置系统的用户和组以及相关权限;
--------------------------------------------------------------------------------
#逐步执行如下系列命令,产生运行Qmail系统所需的用户,组和相关目录:
groupadd -g 801 qmail;
groupadd -g 802 nofiles;
mkdir -p /var/qmail; (这是qmail运行程序的目录)
chown root.qmail /var/qmail;
useradd -g nofiles -d /var/qmail/alias -s /sbin/nologin -p'*' -u 800 alias;
useradd -g nofiles -d /var/qmail -M -s /sbin/nologin -p'*' -u 801 qmaild;
useradd -g nofiles -d /var/qmail -M -s /sbin/nologin -p'*' -u 802 qmaill;
useradd -g nofiles -d /var/qmail -M -s /sbin/nologin -p'*' -u 803 qmailp;
useradd -g qmail -d /var/qmail -M -s /sbin/nologin -p'*' -u 804 qmailq;
useradd -g qmail -d /var/qmail -M -s /sbin/nologin -p'*' -u 805 qmailr;
useradd -g qmail -d /var/qmail -M -s /sbin/nologin -p'*' -u 806 qmails;
mkdir /var/log/qmail;
mkdir /var/log/qmail/qmail-send;
mkdir /var/log/qmail/qmail-smtpd;
mkdir /var/log/qmail/qmail-pop3d;
chown -R qmaill:root /var/log/qmail;
chmod -R 750 /var/log/qmail;
mkdir /var/qmail/supervise;
mkdir -p /var/qmail/supervise/qmail-smtpd/log;
mkdir -p /var/qmail/supervise/qmail-send/log;
mkdir -p /var/qmail/supervise/qmail-pop3d/log;
chmod +t /var/qmail/supervise/qmail-smtpd;
chmod +t /var/qmail/supervise/qmail-send;
chmod +t /var/qmail/supervise/qmail-pop3d;

--------------------------------------------------------------------------------
附录: 为了方便安装,可以建立一个名为qmail-adduser.sh的脚本程序:
--------------------------------------------------------------------------------
#!/bin/sh
PATH=/usr/local/bin:/usr/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/sbin
#An automation script to start the installation of qmail, ucspi-tcp and daemontools
#Specially formulated for Redhat, Fedora, RHEL and Whitebox Linux.
echo "Creating initial qmail directories..."
echo
sleep 2
groupadd -g 801 qmail
groupadd -g 802 nofiles
mkdir -p /var/qmail
chown root.qmail /var/qmail;
echo "Done!"
echo
sleep 2
echo "Creating all needed users and groups..."
echo
sleep 2

#######
#Script to add users and groups for Redhat, Fedora, RHEL and Whitebox type distros
useradd -g nofiles -d /var/qmail/alias -s /sbin/nologin -p'*' -u 800 alias
useradd -g nofiles -d /var/qmail -s /sbin/nologin -p'*' -u 801 qmaild
useradd -g nofiles -d /var/qmail -s /sbin/nologin -p'*' -u 802 qmaill
useradd -g nofiles -d /var/qmail -s /sbin/nologin -p'*' -u 803 qmailp
useradd -g qmail -d /var/qmail -s /sbin/nologin -p'*' -u 804 qmailq
useradd -g qmail -d /var/qmail -s /sbin/nologin -p'*' -u 805 qmailr
useradd -g qmail -d /var/qmail -s /sbin/nologin -p'*' -u 806 qmails

#######
echo "Done!"
echo
sleep 2
echo "Next, we setup special logging directories..."
echo
sleep 2
mkdir /var/log/qmail;
mkdir /var/log/qmail/qmail-send;
mkdir /var/log/qmail/qmail-smtpd;
mkdir /var/log/qmail/qmail-pop3d;
mkdir /var/log/qmail/qmail-pop3ds;
chown -R qmaill:root /var/log/qmail;
chmod -R 750 /var/log/qmail;
echo "Done!"
echo
sleep 2
echo "And set up the supervise script directories..."
echo
sleep 2
mkdir /var/qmail/supervise;
mkdir -p /var/qmail/supervise/qmail-smtpd/log;
mkdir -p /var/qmail/supervise/qmail-send/log;
mkdir -p /var/qmail/supervise/qmail-pop3d/log;
mkdir -p /var/qmail/supervise/qmail-pop3ds/log;
chmod +t /var/qmail/supervise/qmail-smtpd;
chmod +t /var/qmail/supervise/qmail-send;
chmod +t /var/qmail/supervise/qmail-pop3d;
chmod +t /var/qmail/supervise/qmail-pop3ds;
echo "All steps completed!"
echo
sleep 2

论坛徽章:
0
发表于 2008-07-21 11:00 |显示全部楼层
第二節:安装Qmail的基本系统
================================================================================
1) 下载Qmail主程序(請選擇a或者b方式):
================================================================================

--------------------------------------------------------------------------------
(a) 下載qmail-1.03資源;
--------------------------------------------------------------------------------
参考网址: http://www.qmail.org/top.html
请注意: 本安装不采用下面(b)方式中附带修补漏洞的netqmail, 因为本安装将要采用一个流行的Qmail扩展组件spamcontrol,此组件已经修补了相关漏洞和做了大量改进, 但它并不兼容netqmail,所以本安装必须采用原始版本qmail-1.03.tar.gz.(也就是说,本安装后面的步骤是沿续此步骤的a方式的资源)

cd /usr/local/src/qmail/;
wget http://cr.yp.to/software/qmail-1.03.tar.gz;
tar zxvf qmail-1.03.tar.gz;
cd /usr/local/src/qmail/qmail-1.03/;
先做個備份,因為后面部分補丁的安裝不兼容spamcontrol,而需此原始資源:
cp -p Makefile Makefile.org;
cp -p qmail-smtpd.c qmail-smtpd.c.org;

--------------------------------------------------------------------------------
(b) 下載官方推荐的netqmail-1.05;
--------------------------------------------------------------------------------
如果您不需要安装Spamcontrol,那么建议下载含有官方推荐补丁的netqmail-1.05.tar.gz,此
下载档亦在官方网站发布,不仅包含上述qmail-1.03.tar.gz源代码, 还有qmail本身以及相关
套件的重要补丁,这些补丁修正了一些漏洞,不足和兼容性问题(但可能不适合于某些操作系统
平台);
参考网址: http://www.qmail.org/netqmail/
cd /usr/local/src/qmail/;
wget http://qmail.org/netqmail-1.05.tar.gz;
tar -zxvf netqmail-1.05.tar.gz;
cd netqmail-1.05; (此目录含有qmail的源代码和补丁,请参考README说明执行修补步骤)
./collate.sh; (自动解压并打上补丁,产生一个netqmail-1.05目录,请注意是否有错误信息)
vi ./collate.sh;        (看看collate.sh这个脚本作了些什么)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#!/bin/sh
set -e
echo ""
echo "You should see 7 lines of text below.  If you see anything"
echo "else, then something might be wrong."
echo "[1] Extracting qmail-1.03... "
gunzip -c qmail-1.03.tar.gz | tar xf -
cd qmail-1.03
echo "[2] Patching qmail-1.03 into netqmail-1.05.  Look for errors below:"
patch <../netqmail-1.05.patch | wc -l
echo "[4] The previous line should say 24 if you used GNU patch."
echo "[5] Renaming qmail-1.03 to netqmail-1.05..."
cd ..
mv qmail-1.03 netqmail-1.05
set +e

if [ `find ./netqmail-1.05/ -type f | grep -v '.orig$' | xargs cat | wc -c` -ne 815871 ] ; then
  echo "Patch didn't apply successfully."
  exit 1
fi
echo "[6] Continue installing qmail using the instructions found at:"
echo "[7] http://www.lifewithqmail.org/lwq.html#installation"
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
请注意: 脚本collate.sh是修补qmail-1.03本身的补丁程序,netqmail-1.05还包含几个相关
套件的补丁程序, 放在other-patches目录下面, 如果这些套件是采用源代码方式安装的,请
参考README说明执行修补步骤.但如果后续步骤采用RPM方式安装相关套件,而RPM套件若已经
修补了相关漏洞,则不必再进行修补.

================================================================================
2) 下载spamcontrol:
================================================================================
参考网址: http://www.fehcom.de/qmail/spamcontrol.html
mkdir -p /usr/local/src/qmail/spamcontrol;
cd /usr/local/src/qmail/spamcontrol/;
wget http://www.fehcom.de/qmail/spamcontrol/spamcontrol-2418_tgz.bin;
下载关键性的相关补丁:
wget http://www.fehcom.de/qmail/spamc ... .90.1_output.patch_
wget http://www.fehcom.de/qmail/spamc ... ucspitls-0.4.patch_
wget http://www.fehcom.de//qmail/spamcontrol/badmimetypes
wget http://www.fehcom.de//qmail/spamcontrol/badloadertypes
解压spamcontrol-2418_tgz.bin会将资源文件释放在当前操作目录下,因此请先进入qmail的安装目录:
cd /usr/local/src/qmail/qmail-1.03;
tar -xzf ../spamcontrol/spamcontrol-2418_tgz.bin;
注意: 一定要在qmail安装目录下释放资源,才能保证更新相关文件.复制四个补丁,虽然本安装中下列补丁未必完全需要,但为了保持最新资源的完整性和一致性,请一并复制,以方便未来的维护调整和性能扩展:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/bin/cp -fp ../spamcontrol/badloadertypes ./
/bin/cp -fp ../spamcontrol/badmimetypes ./
/bin/cp -fp ../spamcontrol/clamav-0.90.1_output.patch_ ./
/bin/cp -fp ../spamcontrol/ucspi-ssl-0.70_ucspitls-0.4.patch_ ./
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

vi conf-spamcontrol;         (修改spamcontrol的配置文档,此处需要添加多行选项)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Configuration for SPAMCONTROL (no tabs allowed)
#
# Additional RELAYING
#
relaymailfrom=no # might be dangerous - use SMTP Auth
#
# Additional CONTROLLING
#
quitasap=no # close SMTP session in case of a filter condition (violates SMTP RFC)
reqbrackets=yes # qmail-smtpd requires brackets "<address>" in SMTP addresses
verp=yes # allow VERP addresses for RECIPIENTS
recipients550=no # in case of none-existing RECIPIENTS get a direct 550 reply instead a deferred bounce (via 450)
#
# SMTP AUTHENTICATION
#
authcram=no # additional CRAM-MD5 support; needs a CRAM-MD5 supporting PAM (ie. cmd5checkpw)
#
# LOADSHARING enhancements
#
moreipme=no # Scott Gifford's additional control files moreipme and notipme
#
# PERFORMCANCE enhancements
#
bigtodo=no # Bruce Guenter's BigToDo patch - consider raising conf-split in the first place

locals=yes
queue_extra=yes
tarpitting=yes
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
說明:
tarpitting        開啟TARPIT補丁,統計RCPT數目并按設置阻止或者延遲SMTP連線
./install_spamcontrol.sh;        (運行安装spamcontrol的安裝腳本)
--------------------------------------------------------------------------------

论坛徽章:
0
发表于 2008-07-21 11:01 |显示全部楼层
3) 安裝qmail-monitor監控電郵(可用做监控功能,如不需要监控收发电邮,可忽略此步骤)
===============================================================================
請注意: 監控進出電郵的原理是將所有SMTP連線復制一份,因此這將是非常消耗系統資源的設置.除非您確實需要此監控功能,而且您完全了解此監控原理,否則建議您暫時不要安裝此監控功能. 如果您是Qmail系統的初學者,或者您只需要構建一個標準的商業郵件系統,那么您可以忽略此安裝步驟.
參考網址: http://sourceforge.net/projects/qmail-monitor/
cd /usr/local/src/qmail/;
wget http://nchc.dl.sourceforge.net/s ... monitor-0.99.tar.gz
tar zxvf qmail-monitor-0.99.tar.gz
請注意: qmail-monitor-0.99同qmail的其他patch不兼容而無法安裝,必須手工修正.
cd /usr/local/src/qmail/qmail-1.03/
mv Makefile Makefile.spam
mv qmail-smtpd.c qmail-smtpd.c.spam
cp -p Makefile.org Makefile
cp -p qmail-smtpd.c.org qmail-smtpd.c
cd /usr/local/src/qmail/qmail-monitor-0.99
make install QMAIL_SRC=../qmail-1.03
檢查安裝是否完整:
ll ../qmail-1.03/monitor.*;        (如安裝正確,應返回如下內容)
-------------------------------------------------------------------------------
-rw-r--r-- 1 root root 100818 Jun 20 06:22 ../qmail-1.03/monitor.a
-rw-r--r-- 1 root root    472 Jun 20 06:22 ../qmail-1.03/monitor.h
-------------------------------------------------------------------------------
否則就要手工復制此兩個文件:
cp monitor.a monitor.h ../qmail-1.03/;
請注意,編譯時候若出現如下警告,按開發者提示所述,可以忽視此警告信息:
control.l:100: warning: passing argument 3 of &acirc;

论坛徽章:
0
发表于 2008-07-21 11:02 |显示全部楼层
5) 调整qmail同一时间可处理queue数量的最大值:
================================================================================
當本Qmail系統安裝完成之後,您將會在/var/qmail/control/目录下發現两个配置文档,可以
用来控制qmail同时处理queue的数量,此兩個文檔如下所示:

cat /var/qmail/control/concurrencyincoming;      #指示tcpserver可同时处理的连线数量
cat /var/qmail/control/concurrencyremote;        #指示qmail-remote可同时处理的线程数量
您可以通过调整上述数值,然后重新啟動qmail(或qmail-send), 来指示qmail在同一時間可以處理多少的郵件,以防止系統過載而崩潰。请注意: 如果您的Linux系统對资源的使用設置了限制措施,那么就必須確認相關的限制是否能支持上述設置數值.例如,请確認你已經把``descriptors''或``openfiles''的資源限制設成並列數量(concurrency)的兩倍加5;``maxproc''的資源限制(假如你的系統有這項設定的
話)設成並列數量(concurrency)的兩倍加4。否則每當郵件突然增多時,qmail將會不必要地延遲寄遞。
qmail有一個在編譯時設定的並行處理能力的限制,預設值為120。此设置由qmail的资源目录
下名为conf-spawn的文件控制,你可在編譯時修改conf-spawn文件中的數值。
vi /usr/local/src/qmail/qmail-1.03/conf-spawn;        #如下為conf-spawn的預設內容:
--------------------------------------------------------------------------------
120
This is a silent concurrency limit. You can't set it above 255. On some
systems you can't set it above 125. qmail will refuse to compile if the
limit is too high.
-------------------------------------------------------------------------------
如上所述,修改此数值一樣要考虑系统限制,可用如下方法查看当前Linux系统的资源配置项目:
ulimit -a -H;
-------------------------------------------------------------------------------
core file size          (blocks, -c) unlimited
data seg size           (kbytes, -d) unlimited
file size               (blocks, -f) unlimited
pending signals                 (-i) 1024
max locked memory       (kbytes, -l) 32
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
stack size              (kbytes, -s) unlimited
cpu time               (seconds, -t) unlimited
max user processes              (-u) 7679
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
-------------------------------------------------------------------------------
如上所示,open files限制为最大1024,说明在Linux系统下,conf-spawn可以调整为Qmail所能支持的最大极限255;當然也可以修改系統設置,例如增大"open files"的限制. 在此例中,"open files"是Linux
操作系统对一个进程打开的文件句柄数量的限制(也包含打开的SOCKET数量,可影響MySQL的并發連接數目).这个值可用ulimit命令来修改,但ulimit命令修改的數值只對當前登錄用戶的目前使用環境有效,系統重啟或者用戶退出後就會失效.若要令修改數值永久生效,則必須修改如下配置文檔:
vi /etc/security/limits.conf;        #例如修改相應用戶的最大文件句柄数量為16384
-------------------------------------------------------------------------------
root hard nofile 16384
root soft nofile 16384
amanda hard nofile 16384
amanda soft nofile 16384
apache hard nofile 16384
apache soft nofile 16384
qmail hard nofile 16384
qmail soft nofile 16384
vpopmail hard nofile 16384
vpopmail soft nofile 16384
mysql hard nofile 16384
mysql soft nofile 16384
-------------------------------------------------------------------------------
请注意: 上述"255"这个最大极限数值,是Qmail系统能同时处理的queue的最大极限,請不要把它誤解為Qmail單位時間內能處理的郵件數量.假設在您的郵件系統中concurrencyremote所設置的并行處理量為255,而且每個queue線程的平均處理時間為3.6秒,那么在理論上您的郵件系統每小時足以處理超過25萬封(3600x255/3.6=255,000)以上的電郵. 所以,如果您的郵件系統每天處理的郵件數目不超過100萬封的話,那么就基本上無須更多的并行處理能力.如果您覺得確實有需要修改此最大极限值, 以讓Qmail系統有同時處理超過255個queue線程的能力,那么您就必須修改qmail-1.03的源程序.关于如何修改此项极限值,请参考官方网站所介绍的补丁(http://qmail.org/big-concurrency.patch).

================================================================================
6) 开始安装qmail;
================================================================================
#若前面选择a方式,则进入并编译qmail-1.03的目录:
cd /usr/local/src/qmail/qmail-1.03/;
#若前面选择b方式,则进入并编译netqmail-1.05的目录:
cd /usr/local/src/qmail/netqmail-1.05/netqmail-1.05;
make man;
make setup check;
觀察編譯過程中的反應,若有任何錯誤,應查明原因并修正,然后make clean,再重新編譯;
./config-fast ***please input your domain***; (請注意要用您自己的主機域名)
请注意: 上述脚本的"***please input your domain***"此处必须输入FQDN(完全合格主机名称)主机名称,例如主机名称是abc.net, 那么就应该 是./config-fast abc.net;(在Linux下,如欲知道当前主机的名称,可用hostname命令查看). 再次提醒: abc.net只是一个举例, 您不应该在真实的安装中使用.(换句话说,如果你要安装的主机是you.net,那么就应该执行
./config-fast you.net)

论坛徽章:
0
发表于 2008-07-21 11:04 |显示全部楼层
第三節:安装协助Qmail运作的工具套件
================================================================================
Qmail系统需要助手程序协助,以达到最优性能; 请检视并安装如下四个基本套件:
daemontools-0.76-2.i386.rpm (监视工具)
supervise-scripts-3.5-1.noarch.rpm
ucspi-tcp-0.88-2macchi1.i686.rpm (tcpsever服务程序)
ucspi-unix-0.36-2macchi1.i686.rpm

================================================================================
1)下载Qmail的ucspi-tcp相关套件(请选择a,b或c任何一种方式均可):
================================================================================
ucspi-tcp由Dan Bernstein编写,相關参考网址如下:
http://cr.yp.to/ucspi-tcp.html        (這是由Dan Bernstein所維護的網頁)
http://cr.yp.to/ucspi-tcp/install.html
http://smarden.org/pape/djb/        (Gerrit Pape为ucspi-tcp所做的man帮助文档)

--------------------------------------------------------------------------------
(a) 下载编译Tarball原代码;
--------------------------------------------------------------------------------
下載資源: ftp://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
mkdir /usr/local/src/qmail/ucspi-tcp;
cd /usr/local/src/qmail/ucspi-tcp/;
wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz;
tar -zxvf ucspi-tcp-0.88.tar.gz;
安裝ucspi-tcp之前,需要先打上如下补丁,否则安装可能失败:
(a.1) 修正ucspi-tcp-0.88.isp.patch补丁;
参考網址: http://jeremy.kister.net/
cd /usr/local/src/qmail/ucspi-tcp/;
wget http://jeremy.kister.net/code/ucspi-tcp-0.88.isp.patch;
cd /usr/local/src/qmail/ucspi-tcp/ucspi-tcp-0.88/;
patch < ../ucspi-tcp-0.88.isp.patch;
注意: 本补丁不是一定必要的,但如果选择安装此补丁,会影响下面(2)的补丁安装方式.使用說明: 此补丁是組合補丁,包含如下多個補丁:
- - - - - - - - - - - - - - - - - - - - - - - -
rblsmtpd-nodefaultrbl.patch
rblsmtpd-nonrecursive-v4.patch
ucspi-tcp-0.88-periplimit.7.patch
- - - - - - - - - - - - - - - - - - - - - - - -
其中periplimit補丁是用来限制连线数量的,打上此补丁后,就可以在tcp.smtp文件中设置
每个主机(以IP或C类地址来标识)的并行连线数量,設置方法如下:
vi /etc/tcp.smtp;        (此步驟留待系統安裝完成後才有效)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
:allow,MAXCONNIP="2",MAXCONNC="5"
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
上述設定的意思是: 客戶端通過SMTP連線發送電郵時,相同的IP最多可以有两个同時進行的SMTP连线,而同一个C类地址则最多可以有五个同時進行的SMTP连线,通過控制SMTP的連線數目,就可以達到防止濫用電郵發送服務的目的.(修改完tcp.smtp后必須运行qmailctl cdb來重建数据库才能生效)工作原理: 當SMTP連線超過MAXCONNIP或MAXCONNC時, RBLSMTPD將會設置DROPMSG變數,因此,這也就等于要求在您的SMTPD啟動腳本(/service/qmail-smtpd/run)中,必須設置 rblsmtpd,設置方法如下:
vi /service/qmail-smtpd/run;        (如下是部分內容)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
exec softlimit -m 30000000 \
tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp rblsmtpd \
/var/qmail/bin/qmail-smtpd \
/home/vpopmail/bin/vchkpw /bin/true 2>&1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(a.2) 官方网站的netqmail-1.05中关于ucspi-tcp的三个补丁;
这三个文件均可从netqmail-1.05解压包中复制过来:
cd /usr/local/src/qmail/ucspi-tcp/;
cp /usr/local/src/qmail/netqmail-1.05/other-patches/ucspi-tcp-0.88.* ./;
cd /usr/local/src/qmail/ucspi-tcp/ucspi-tcp-0.88/;

(i) 修正ucspi-tcp-0.88.nodefaultrbl.patch        (此處不必執行)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
patch < ../ucspi-tcp-0.88.nodefaultrbl.patch;
请注意: 此补丁也是修改rblsmtpd.c文件,如果您已经按照前面的步骤(1)打了ucspi-tcp-0.88.isp.patch
补丁,那么在此就不用再打ucspi-tcp-0.88.nodefaultrbl.patch补丁了,因为ucspi-tcp-0.88.isp.patch
补丁所做的修改与此补丁完全相同.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

(ii) 修正ucspi-tcp-0.88.a_record.patch
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
patch < ../ucspi-tcp-0.88.a_record.patch;

请注意: 此补丁修改rblsmtpd.c文件,虽然ucspi-tcp-0.88.isp.patch补丁也是修改
rblsmtpd.c文件,但两者的修改并不相同,必须先打ucspi-tcp-0.88.isp.patch补丁,
再打ucspi-tcp-0.88.a_record.patch,先后次序不能颠倒,否则会出错;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

(iii) 修正ucspi-tcp-0.88.errno.patch        (此處不必執行)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
patch < ../ucspi-tcp-0.88.errno.patch;
请注意: 此补丁修改error.h文件,如果您已经按照前面的步骤(1)打了ucspi-tcp-0.88.isp.patch
补丁,那么在此就不用再打ucspi-tcp-0.88.errno.patch补丁了,因为ucspi-tcp-0.88.errno.patch
已经完全包含在ucspi-tcp-0.88.isp.patch补丁里面.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

上述补丁打好后,就可以开始编译:
make;
make setup check;

--------------------------------------------------------------------------------
(b) 下载RPM安装套件包;
--------------------------------------------------------------------------------
请区分i386和i686,如果你用的是很旧的电脑,也许应该用i386,现在的电脑基本上都可用
新版的i686,除非没有相应的版本套件.
i686版本:参考网址: http://dir.filewatcher.com/d/Other/i686/Utilities/System.0.0.htm
wget ftp://141.30.228.4/pub/mirrors/r ... 8-2macchi1.i686.rpm;
i386版本:参考官方网址: http://www.qmail.org/rpms/
wget http://www.qmail.org/rpms/RPMS/ucspi-tcp-0.88-112memphis.i386.rpm

接下来的安装命令将用i686版本,若你选择用i386版本,那么安装方法并无不同,只需将安装文件名称改用相关套件名称即可.
rpm -ivh ucspi-tcp-0.88-112memphis.i386.rpm;  

--------------------------------------------------------------------------------
(c) 下载RPM资源套件包;
--------------------------------------------------------------------------------
参考网址: http://www.qmail.org/rpms/ucspi-tcp.html
wget http://www.qmail.org/rpms/SRPMS/ucspi-tcp-0.88-112memphis.src.rpm;
wget http://www.qmail.org/rpms/SPECS/ucspi-tcp.patched.spec;
参考网址: http://www.cis.fiu.edu/support/m ... redhat-contrib.html
ftp://mirrors.cs.fiu.edu/pub/mir ... 88-2macchi1.src.rpm
重建RPM套件:
rpmbuild --rebuild ucspi-tcp-0.88-112memphis.src.rpm;
--------------------------------------------------------------------------------

================================================================================
2) 下载Qmail的ucspi-unix相关套件(请选择a,b,c或d任何一种方式均可):
================================================================================
--------------------------------------------------------------------------------
(a) 下载编译tarball源代码;
--------------------------------------------------------------------------------
参考网址: http://untroubled.org/ucspi-unix/
mkdir /usr/local/src/qmail/ucspi-unix/;
cd /usr/local/src/qmail/ucspi-unix/;
wget http://untroubled.org/ucspi-unix/ucspi-unix-0.36.tar.gz;
tar zxvf ucspi-unix-0.36.tar.gz;
cd ucspi-unix-0.36;
make;
./installer;
若此套件的tarball在CentOS中无法成功编译,请參考如下方法處理:
Note: If ucspi-unix fails during compilation with an error in env.c (sysdeps.h not found) you need to get bglibs and install it. After untarring the source, cd into the directory and run "make" followed by "make install". Try recompiling ucspi-unix again. If compilation of ucspi-unix finishes without an error, type "./installer" to install binaries and manuals into /usr/local/bin and /usr/local/man, respectively. In some cases the installer gives an error "installer error: Could not change directory to '/usr/local/man'". If you got this error just type "mkdir /usr/local/man" and then "./installer" again.
如上所述,先安裝biglibs:
參考網址: http://untroubled.org/bglibs
cd /usr/local/src/qmail/ucspi-unix/;
wget http://untroubled.org/bglibs/bglibs-1.102.tar.gz;
tar zxvf bglibs-1.102.tar.gz;
cd bglibs-1.102;
make;  (請注意: 此處編譯時間比較長)
make install;
然后再次安裝ucspi-unix-0.36:
cd /usr/local/src/qmail/ucspi-unix/ucspi-unix-0.36/;
make;
./installer;
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
(b) 下载安装RPM安装套件包;
--------------------------------------------------------------------------------
参考网址: http://dir.filewatcher.com/d/Other/i686/Utilities/System.0.0.htm
wget ftp://141.30.228.4/pub/mirrors/r ... 6-2macchi1.i686.rpm;
rpm -ivh ucspi-unix-0.36-2macchi1.i686.rpm;
或者下載安裝Qmail官方網站的鏈接版本:
wget http://www.qmail.org/rpms/RPMS/ucspi-tcp-0.88-112memphis.i386.rpm
rpm -ivh ucspi-unix-0.36-2macchi1.i686.rpm;
--------------------------------------------------------------------------------
  
--------------------------------------------------------------------------------
(c) 下载编译RPM资源套件包;
--------------------------------------------------------------------------------
参考网址: http://untroubled.org/ucspi-unix/
wget http://untroubled.org/ucspi-unix/ucspi-unix-0.36-1.src.rpm;
参考网址: http://www.cis.fiu.edu/support/m ... redhat-contrib.html
wget ftp://mirrors.cs.fiu.edu/pub/mir ... 36-2macchi1.src.rpm
重建RPM套件:
rpmbuild --rebuild ucspi-unix-0.36-1.src.rpm;
--------------------------------------------------------------------------------

(d) 用YUM命令安装ucspi-unix;
--------------------------------------------------------------------------------
yum list | grep ucspi-unix;
yum install ucspi-unix;
或者:
yum update ucspi-unix;
--------------------------------------------------------------------------------

================================================================================
3) 下载Qmail的daemontools相关套件(请选择a,b或c任何一种方式均可):
================================================================================
--------------------------------------------------------------------------------
(a) 下载编译tarball源代码;
--------------------------------------------------------------------------------
参考网址: http://cr.yp.to/daemontools.html
mkdir /usr/local/src/qmail/daemontools;
cd /usr/local/src/qmail/daemontools/;
wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz;
tar zxvf daemontools-0.76.tar.gz; (此处解压后将会产生一个名为admin的目录)需要先打补丁,否则安装可能失败,补丁文件可从netqmail-1.05包中复制过来:
cp ../netqmail-1.05/other-patches/daemontools-0.76.errno.patch ./;
cd admin/daemontools-0.76/src/;
patch < ../../../daemontools-0.76.errno.patch;
cd ../;
./package/install;
請注意: 安裝daemontools會檢查目錄/service,如果該目錄已經存在,daemontools會假設svscan已經安裝,而不會自動在/etc/inittab中添加內容,從而導致svscan無法啟動. 因此在安裝之前應先刪除/service目錄,否則就需要在安裝之后,再手工修改/etc/inittab配置,加上如下一行內容:
vi /etc/inittab;
- - - - - - - - - - - - - - - - - - - -
SV:123456:respawn:/command/svscanboot
- - - - - - - - - - - - - - - - - - - -
也可以干脆刪除/service目錄,然后再安裝daemontools一次.如果安裝成功,可用如下命令啟動svscan服務:
telinit q;
ps -ef | grep svscan;        (檢查啟動結果)
建议: 因为下面的另一个RPM套件supervise-scripts无法用tarball资源方式安装,而且它依赖daemontools的RPM套件,所以现在本系统只能采用RPM或者YUM方式来安装daemontools,因此建议用下面的(b)方式安装daemontools的rpm套件包)
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
(b) 下载daemontools的rpm套件包;
--------------------------------------------------------------------------------
请参考网址:
http://www.qmail.org/rpms/daemontools.html
http://summersoft.fay.ar.us/pub/qmail/daemontools/
mkdir /usr/local/src/qmail/daemontools;
cd /usr/local/src/qmail/daemontools/;
wget http://summersoft.fay.ar.us/pub/ ... ols-0.76-2.i386.rpm;
rpm -ivh daemontools-0.76-2.i386.rpm;
或者下載安裝Qmail官方網站的鏈接版本:
wget http://www.qmail.org/rpms/RPMS/d ... 112memphis.i386.rpm;
rpm -ivh daemontools-0.76-112memphis.i386.rpm;
注: 还不知道两个RPM的分别,猜测官方网站的版本应该是最新的吧.
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
(c) 用YUM命令安装daemontools;
--------------------------------------------------------------------------------
yum list | grep daemontools;
yum install daemontools;
或者:
yum update daemontools;
--------------------------------------------------------------------------------
注意: 因为下面的另一个RPM套件supervise-scripts无法用tarball资源方式安装,而且它
依赖daemontools的RPM套件,所以本系统目前只能采用RPM或YUM方式来安装daemontools.
================================================================================


================================================================================
4) 下载Qmail的supervise-scripts相关套件(请选择a,b或c任何一种方式均可):
================================================================================
--------------------------------------------------------------------------------
(a) 下载编译tarball源代码;
--------------------------------------------------------------------------------
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(i) 先安装bglibs;        (若前面安裝ucspi-unix時已經安裝過bglibs,就不用再安裝了)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
参考网址: http://untroubled.org/bglibs/
cd /usr/local/src/qmail/;
wget http://untroubled.org/bglibs/bglibs-1.102.tar.gz;
tar zxvf bglibs-1.102.tar.gz;
cd bglibs-1.102;
make;
make install;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(ii) 再安裝supervise-scripts-3.5.tar.gz;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
参考网址: http://untroubled.org/supervise-scripts/

mkdir /usr/local/src/qmail/supervise-scripts/;
cd /usr/local/src/qmail/supervise-scripts/;
wget http://untroubled.org/supervise- ... -scripts-3.5.tar.gz;
tar zxvf supervise-scripts-3.5.tar.gz;
cd supervise-scripts-3.5;
make install-config;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

注意: 此tarball资源无法在CentOS中安装,原因不详,请使用下面(b或c)方式来安装.
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
(b) 下载supervise-scripts-3.5-1.noarch.rpm套件包;
--------------------------------------------------------------------------------
请参考网址: http://untroubled.org/supervise-scripts/
wget http://untroubled.org/supervise- ... ts-3.5-1.noarch.rpm;
rpm -ivh supervise-scripts-3.5-1.noarch.rpm;
請注意: supervise-scripts-3.5在CentOS5中安裝會出現錯誤,錯誤信息顯示如下:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Preparing...                ########################################### [100%]
   1:supervise-scripts      ########################################### [100%]
tail: cannot open `+23' for reading: No such file or directory
error: %post(supervise-scripts-3.5-1.noarch) scriptlet failed, exit status 1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(請按下面(d)步驟方法進行修正)
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
(c) 用YUM命令安装supervise-scripts;
--------------------------------------------------------------------------------
yum list | grep supervise-scripts;
yum install supervise-scripts;
或者:
yum update supervise-scripts;
請注意: supervise-scripts-3.5在CentOS5中安裝會出現錯誤,請按(d)步驟修正;
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
(d) 檢查安裝結果,并修正錯誤:        vi /etc/inittab;        
--------------------------------------------------------------------------------
(d.1) 在第22行之后插入如下两行:
SV:2345:respawn:/usr/bin/svscan-start /service
SX:S016:wait:/usr/bin/svscan-stopall /service

(d.2) 或者在最后面加入如下一行:
SV:123456:respawn:env - PATH=/usr/local/bin:/usr/sbin:/usr/bin:/bin svscan /service < /dev/null > /dev/console 2> /dev/console
注意: 因為supervise-scripts-3.5在某些系統下無法正確安裝,必須手工修正上述部分內容;
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
(e) 令init启动svscan:
--------------------------------------------------------------------------------
telinit q;
或者:
kill -1 1;
ps -ef | grep svscan;        (檢查啟動結果)

论坛徽章:
0
发表于 2008-07-21 11:05 |显示全部楼层
第四节:安装vpopmail虚拟域名管理系统
----------------------------------------------------------------------------------------------------------------------------------------
1) 在MySQL中建立vpopmail数据库;
----------------------------------------------------------------------------------------------------------------------------------------
CREATE DATABASE vpopmail;
GRANT SELECT ON vpopmail.* TO vpopmailread@localhost IDENTIFIED BY 'uBeSfIFmaRkwL';
GRANT ALL ON vpopmail.* TO vpopmail@localhost IDENTIFIED BY 'xLwMvPjDkZFLaEnQy';
quit;

注意: 此处授权两个用户访问vpopmail数据库,分别是vpopmailread和vpopmail,请记住其
对应的密码,因为下面配置VPOPMAIL系统访问此数据库的时候,需要使用这些密码. 请不要
使用过于简单的密码或者预设的密码,以提高系统的安全性.

----------------------------------------------------------------------------------------------------------------------------------------
2) 添加vpopmail运行身份的用户和组;
----------------------------------------------------------------------------------------------------------------------------------------
/usr/sbin/groupadd -g 809 vchkpw;
/usr/sbin/useradd -g vchkpw -u 809 vpopmail;

----------------------------------------------------------------------------------------------------------------------------------------
3) 下载和安装VPOPMAIL;
----------------------------------------------------------------------------------------------------------------------------------------
参考网站:
http://www.inter7.com/index.php?page=vpopmail
下载资源:
mkdir /usr/local/src/qmail/vpopmail;
cd /usr/local/src/qmail/vpopmail/;
wget http://jaist.dl.sourceforge.net/ ... pmail-5.4.17.tar.gz;
wget http://jaist.dl.sourceforge.net/ ... pmail-5.4.18.tar.gz;
wget http://jaist.dl.sourceforge.net/ ... mail-5.4.19a.tar.gz;
-------------------------------------------------------------------------------
请注意: vpopmail-5.4.18存在问题,它包含了一个新功能,可以在执行增加或者修改的命令(即是/var/qmail/bin目录下的工具程序)之后,以及删除命令之前执行一个指定路径下名为nchange的脚本文件.此功能在安装时使用选项enable-onchange-script来指定是否启用,但事实上,即使未指定次选项,或者指定enable-onchange-script=n,都会自动安装此功能,结果是当执行Qmail的bin目录下的命令之后,就会出现如下错误:
ONCHANGE script /home/vpopmail/etc/onchange not found.
或者:
ONCHANGE script /home/vpopmail/etc/onchange unable to fork.

如下是README.onchange中的说明:
If --enable-onchange-script is added to the ./configure commandmany vpopmail commands, and calls into the library will call thescript ~vpopmail/etc/onchange.  Commands that add or update call the script after making their changes.  Commands that delete something call the script before doing the delete.
网上也有修补onchange漏洞的报告,但未修补此安装漏洞,如果不用此功能,如下修补就不必了;
wget http://qmail.jms1.net/patches/vpopmail-5.4.18-onchange.fix.patch;
wget http://qmail.jms1.net/patches/vpopmail-5.4.18-onchange.fix.patch;
tar zxvf vpopmail-5.4.19a.tar.gz;
cd vpopmail-5.4.19;
patch < ../vpopmail-5.4.18-onchange.fix.patch;
記錄說明: 即使指定选项enable-onchange-script=n,也不能停止使用onchange功能;
-------------------------------------------------------------------------------
因為下面的編譯需要指定tcp.smtp文件,因此系統若無此文件,就必須先新建一個:
echo '127.0.0.1:allow,RELAYCLIENT=""' > /etc/tcp.smtp;
#MySQL在/var/lib/mysql/目录下未重新编译或者以yum安装;
./configure \
--enable-auth-logging=y \
--enable-logging=v \
--enable-log-name=vpopmail \
--enable-auth-module=mysql \
--enable-roaming-users=y \
--enable-onchange-script=n \
--enable-sqwebmail-pass=n \
--enable-many-domains=n \
--enable-passwd=y \
--disable-clear-passwd \
--enable-tcpserver-file=/etc/tcp.smtp \
--enable-incdir=/usr/include/mysql \
--enable-libdir=/usr/lib/mysql \
--enable-libs=mysqlclient \
--enable-ip-alias-domains=y \
--enable-qmail-ext=y \
--enable-mysql-replication=n \
--enable-valias=n
-----------------------------------------------
#MySQL在/var/lib/mysql/目录下重新编译过;
./configure \
--enable-auth-logging=y \
--enable-logging=v \
--enable-log-name=vpopmail \
--enable-auth-module=mysql \
--enable-roaming-users=n \
--enable-onchange-script=n \
--enable-sqwebmail-pass=n \
--enable-many-domains=n \
--enable-passwd=y \
--disable-clear-passwd \
--enable-tcpserver-file=/etc/tcp.smtp \
--enable-incdir=/var/lib/mysql/include/mysql \
--enable-libdir=/var/lib/mysql/lib/mysql \
--enable-libs=mysqlclient \
--enable-ip-alias-domains=y \
--enable-qmail-ext=y \
--enable-mysql-replication=n \
--enable-valias=n
-----------------------------------------------
#MySQL在/usr/local/mysql/目录下;
./configure \
--enable-auth-logging=y \
--enable-logging=v \
--enable-log-name=vpopmail \
--enable-auth-module=mysql \
--enable-roaming-users=n \
--enable-onchange-script=n \
--enable-sqwebmail-pass=n \
--enable-many-domains=n \
--enable-passwd=y \
--disable-clear-passwd \
--enable-tcpserver-file=/etc/tcp.smtp \
--enable-incdir=/usr/local/mysql/include/mysql \
--enable-libdir=/usr/local/mysql/lib/mysql \
--enable-libs=mysqlclient \
--enable-ip-alias-domains=y \
--enable-qmail-ext=y \
--enable-mysql-replication=n \
--enable-valias=n
-----------------------------------------------
make;
make install-strip;
注意事项:
-------------------------------------------------------------------------------
(a)在CentOS系统中,tcp.smtp路经是/etc/tcp.smtp,必须设定如下:
--enable-tcpserver-file=/etc/tcp.smtp
也可用'whereis tcp.smtp'来确定一下tcp.smtp的路经.

(b)MySQL的路经也要符合系统的真实情况,如果手工编译的,可能是如下:
--enable-incdir=/usr/local/mysql/include/mysql \
--enable-libdir=/usr/local/mysql/lib/mysql \

(c)完全禁止SMTP轉發:
--enable-roaming-users=n        #禁止漫游
--enable-roaming-users=y        #允許漫游
持漫遊用戶的原理是:當某個漫遊用戶通過pop3取信以,則在某段時間內允許該地址通過郵件服務器轉發信件。vpopmail安裝完成后,通過cron來定時運行程序如下:
40 * * * * /home/vpopmail/bin/clearopensmtp 2>&1 > /dev/null
也就是每40分鐘清除允許relay的IP地址的列表,則當某個用戶首先通過pop3取信件(因為通過pop3收取信件是需要認証的,則可以保証這是合法的用戶)結束以,則用戶在來的40分鐘以內可以通過該郵件系統轉發郵件,之后就不允許通過該系統轉發郵件。

(d)关于是否替每个domains建立一个table的优化选择:
预设的编译设置下,vpopmail会替每个domains建立一个table(--disable-many-domains),来保存这个domains管理和账户资料.但其实vpopmail也可以将所有domains的账户资料都保存在一个table里面. 如果您有大量的域名,而且每个域名只有少量帐号(例如5-10个),那么采用每个域名用各自的数据表的方式,将会降低性能.这种情况下若采用所有域名保存在同一个数据表的方法(--enable-many-domains),可能会更好.
-------------------------------------------------------------------------------

----------------------------------------------------------------------------------------------------------------------------------------
4) 建立vpopmail用以连接MySQL数据库的配置文档;
----------------------------------------------------------------------------------------------------------------------------------------
vpopmail系统将采用先前建立数据库时候所授权的用户vpopmailread和vpopmail来访问MySQL,您必须在此处填入这两个用户的密码.
vi /home/vpopmail/etc/vpopmail.mysql;
-------------------------------------------------------------------------------
# MYSQL CONNECTION SETTINGS FOR VPOPMAIL
#
# Line 1 defines the connection to use for database reads,
# Line 2 defines the connection to use for database updates/writes.
#
# If you omit line 2, then the same settings will be
# used for both read and write.
#
# settings for each line:
# host|port|user|password|database
#
localhost|0|vpopmailread|uBeSfIFmaRkwL|vpopmail
localhost|0|vpopmail|xLwMvPjDkZFLaEnQy|vpopmail
#
# Note:
#   The value of host may be either a hostname or an IP address.
#   If host is 'localhost', then sockets (Unix) or named pipes (Windows)
#   will be used instead of TCP/IP to connect to the server.
-------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------
5) 调整预设的配额文件(可按適合自己的需求來調整);
----------------------------------------------------------------------------------------------------------------------------------------
vi /home/vpopmail/etc/vlimits.default;
-------------------------------------------------------------------------------
maxpopaccounts          5
maxforwards             -1
maxautoresponders       -1
maxmailinglists         X
# quota for entire domain, in megabytes
# example shows a domain with a 100MB quota and a limit of 10,000 messages
#quota                  100
quota                   150
#maxmsgcount            10000

# default quota for newly created users (in bytes)
# example shows a user with a 20MB quota and a limit of 1000 messages
default_quota           31457280
#default_maxmsgcount    1000
-------------------------------------------------------------------------------

----------------------------------------------------------------------------------------------------------------------------------------
6) 设置自动运行;
----------------------------------------------------------------------------------------------------------------------------------------
vi /etc/crontab;        #設置每小時的第40分鐘重置一下漫游列表
-------------------------------------------------------------------------------
40 * * * * root /home/vpopmail/bin/clearopensmtp 2>&1 > /dev/null
-------------------------------------------------------------------------------

----------------------------------------------------------------------------------------------------------------------------------------
7) 建立一個名为test.com的测试虛擬域:
----------------------------------------------------------------------------------------------------------------------------------------
/home/vpopmail/bin/vadddomain test.com;
/home/vpopmail/bin/vadduser user1@test.com; (根據提示設定user1@test.com的口令)
/home/vpopmail/bin/vdeluser user1@test.com;
/home/vpopmail/bin/vdeldomain test.com;
提示: 执行vdeldomain会即时更新qmail系统文件,例如重生/var/qmail/users/cdb数据库;

----------------------------------------------------------------------------------------------------------------------------------------
建立一个开设新邮件域名的perl脚本;
----------------------------------------------------------------------------------------------------------------------------------------
vi /home/vpopmail/bin/adddomain.pl;
-------------------------------------------------------------------------------
#!/usr/bin/perl
$c="";
$str="";
$n="";
$num="";
$path="";

print "please input the new domain:";
while($c ne "\n" {
  $str=$str.$c;
  $c=getc();
}
`/home/vpopmail/bin/vadddomain $str`;
print "domain $str has been create success\n";

while(1) {
  print "please set the pop user quota for the domain:";
  while($n ne "\n" {
    $num=$num.$n;
    $n=getc();
  }
  if(!($num=~m/[^0-9]/)) {
    $quota=$num;
    last;
  }
  $num="";
  $n="";
}

$path=`/home/vpopmail/bin/vdominfo -d $str`;
$path=~s/[\s\r]//g;
$file="$path/.qmailadmin-limits";
open(FD,">$file";
print FD "maxpopaccounts $quota";
print FD "\n";
print FD "maxmailinglists 0\n";
print FD "maxforwards -1\n";
print FD "maxautoresponders -1\n";
print FD "maxmailinglists X\n";
print FD "default_quota 31457280\n";
$domainquota=$quota*30;
print FD "quota $domainquota";
print FD "\n";
close(FD);
`chmod g-w $file`;
print "set quota success!\n";
-------------------------------------------------------------------------------
chmod 755 /home/vpopmail/bin/adddomain.pl;
请注意: 因为qmail的domains目录下预设只保存100个域名,当超过100个的时候qmail会自动增加子目录,子目录名称按数字(0-9)和大写字母(A-Z)排列. 上述脚本经过修改之后,可支持子目录自动定位(即可在增加新Domain后,立即取出新Domain的路径).說明: 上述腳本執行後,除了在vpopmail和qmail系統中添加域名之外,還會添加一個名為".qmailadmin-limits"的配額設置文檔;可參考如下范例來開設虛擬域名:
/home/vpopmail/bin/adddomain.pl;
-------------------------------------------------------------------------------
Please input the new domain:home.uplooking.com
Please enter password for postmaster:
enter password again:
ONCHANGE script /home/vpopmail/etc/onchange not found.
domain home.uplooking.com has been create success
Please set the pop user quota for the domain:5
set quota success!
-------------------------------------------------------------------------------

vi /home/vpopmail/domains/home.uplooking.com/.qmailadmin-limits;        (檢查配額內容)
-------------------------------------------------------------------------------
maxpopaccounts 5
maxmailinglists 0
maxforwards -1
maxautoresponders -1
maxmailinglists X
default_quota 31457280
quota 150
-------------------------------------------------------------------------------

论坛徽章:
0
发表于 2008-07-21 11:06 |显示全部楼层
第五節: 安装病毒邮件防护系统ClamAV
Clam AntiVirus是專為UNIX而設的GPL防毒軟件,主要用於郵件伺服器(附件掃描)。整套軟件包括多執行緒常駐程式、指令式掃描器和自動網上更新工具(作為優秀的防毒軟件,最重要的當然是經常更新病毒資料庫)。透過這些由Clam AntiVirus套裝軟件所分發的共用檔案庫程式,讓您自由結合軟件.
以下是其主要功能:
-------------------------------------------------------------------------------
指令式掃描器
快速及多執行緒的常駐程式
可結合sendmail使用的milter介面
支援數碼簽署的病毒資料庫更新功具
病毒掃描器C檔案庫
on-access掃描功能(Linux&reg;及FreeBSD&reg;)
每天多次更新病毒資料庫(病毒識別碼的總數可參閱網頁)
內置支援RAR (2.0)、Zip、Gzip、Bzip2、Tar、MS OLE2、MS Cabinet檔案、MS CHM (壓縮HTML)、MS SZDD
內置支援mbox、Maildir和原始郵件檔案
內置支援用UPX、FSG和Petite壓縮的Portable Executable檔案
-------------------------------------------------------------------------------

ClamAV的基本安装包含了三个二进制工具(在/usr/bin目录下):
-------------------------------------------------------------------------------
freshclam - As you know an anti-virus solution is only as good as the latest virus updates it has. This tool is used to update the virus databases on your system. It downloads the latest virus updates from the internet and keeps your anti-virus solution upto date.

clamscan - This is the tool that actually checks your files to see if they are infected.

sigtool - When you download the latest virus updates from the net, there should be a way of verifying the validity of the update. This is achieved by the sigtool. It is used to verify the digital signatures of databases and list virus signature names among other things.
-------------------------------------------------------------------------------

===============================================================================
1) 检查系统所需相关套件和用户帐号(ClamAV需要zlib,bzip和gmp套件支持):
===============================================================================
-------------------------------------------------------------------------------
用RPM命令检查是否已经安装如下套件:
-------------------------------------------------------------------------------
rpm -qa | grep zlib;
rpm -qa | grep zlib-devel;
rpm -qa | grep bzip2;
rpm -qa | grep bzip2-devel;
rpm -qa | grep gmp;
rpm -qa | grep gmp-devel;
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
如果没有安装相关套件,可用如下命令安装:
-------------------------------------------------------------------------------
yum install zlib;
yum install zlib-devel;
yum install bzip2;
yum install bzip2-devel;
yum install gmp;
yum install gmp-devel;
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
检查openssl套件:
-------------------------------------------------------------------------------
rpm -qa | grep openssl;
yum list | grep openssl;        #检查是否需要安装或更新

yum install openssl;
yum update openssl;
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
建立用户帐户:
-------------------------------------------------------------------------------
如果是第一次安装,系统应该还没有相关帐号,就要新建立:
groupadd clamav;
useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav;
请注意: 后面将介绍的RPM和YUM安装方法会自动安装用户帐号,如果采用这两种方法安装,可以忽略建立用户的步骤; 但为了提高安全性和统一性, 建议一并使用上述命令手工建立用户帐户.請注意: 因为本系统的clamav将要结合qmail-scanner来扫描电邮,即通过 qmail-scanner腳本来调用ClamAV的掃描功能, 因此ClamAV的日志文件权限必须设置成qmail-scanner的执行者具有读写權限,否則會導致無法接受電郵;
-------------------------------------------------------------------------------

===============================================================================
2) 安装ClamAV防病毒系统(如下A,B和C三种方法可任选其一);
===============================================================================
-------------------------------------------------------------------------------
A) YUM在线安装方法(简单方便,推荐用此方法):
-------------------------------------------------------------------------------
yum list clamav;
yum install clamav;                (會連帶自動安裝clamav-db)
yum install clamav-devel;
yum install clamav-milter;        (僅sendmail需要,會連帶自動安裝clamd)
yum install clamd;                (若不安裝clamav-milter,就必須自行安裝clamd)
請注意: clamav-milter是專門為sendmail而設計的快速呼叫程序,如果您不使用sendmail,或者想通過mail-scanner之類的腳本來呼叫ClamAV,則不必安裝和啟動clamav-milter.
vi /etc/passwd;                #为提高安全性,请将bash项目改为/bin/false,如下所示:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
clamav:104:104:Clam Anti Virus Checker:/var/clamav:/bin/false
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
請注意: /etc/shells 中必須有 /bin/false
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
B) RPM安装方法;
-------------------------------------------------------------------------------
参考网站:
http://www.clamav.net/
http://www.clamav.net/download/sources/
http://crash.fce.vutbr.cz/crash-hat/5/clamav/
下载RPM套件:
wget http://crash.fce.vutbr.cz/crash- ... v-0.90.1-0.i386.rpm;
wget http://crash.fce.vutbr.cz/crash- ... b-0.90.1-0.i386.rpm;
wget http://crash.fce.vutbr.cz/crash- ... l-0.90.1-0.i386.rpm;
wget http://crash.fce.vutbr.cz/crash- ... r-0.90.1-0.i386.rpm;
wget http://crash.fce.vutbr.cz/crash- ... r-0.90.1-0.i386.rpm;
wget http://crash.fce.vutbr.cz/crash-hat/5/clamav/clamav.spec;
下载RPM资源:#如有需要,可用此src资源rebuild符合当前系统需要的rpm套件
wget http://crash.fce.vutbr.cz/crash- ... av-0.90.1-0.src.rpm;
rpm -ivh clamav-0.90.1-0.i386.rpm;
rpm -ivh clamav-db-0.90.1-0.i386.rpm;
rpm -ivh --nodeps clamav-milter-0.90.1-0.i386.rpm;
rpm -ivh clamav-server-0.90.1-0.i386.rpm;
請注意: 安裝clamav-milter時會尋找sendmail和sendmail-cf依賴關系,因此可用nodeps參數忽略其依賴關系.
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
C) 二进制资源安装方法(本系统必须使用此安装方法);
-------------------------------------------------------------------------------
wget http://freshmeat.net/redir/clama ... lamav-0.90.1.tar.gz;
wget http://freshmeat.net/redir/clama ... lamav-0.90.3.tar.gz;
tar zxvf clamav-0.90.1.tar.gz;
cd clamav-0.90.1;
請注意: 此處編譯的關鍵地方是指定了 ClamAV 的運行者, 因此必須先建立相關用戶和組.例如, 如果您打算采用(b)方式, 在下面的配置选项中指定用户 qscand 作为运行 ClamAV的使用者身份,那么请先执行如下增加用户的Linux命令:
groupadd qscand;
useradd -g qscand -s /bin/false -c "Qmail-Scanner Account" qscand;
打補丁,新版本不用打)
wget http://www.fehcom.de/qmail/spamc ... .88.2_output.patch_;
請注意: 最新版補丁其實是包含在spamcontrol的資源中:
cp /usr/local/src/qmail/qmail-1.03/*_output.patch_ ./
tar zxvf clamav-0.90.3.tar.gz;
cd clamav-0.90.3;
patch ../*_output.patch_;

(a)指定用户clamav和组clamav来运行clamd:
./configure \
--sysconfdir=/etc \
--with-user=clamav \
--with-group=clamav \
--enable-milter;

(b)指定以root来运行clamd,以结合QHPSI的掃描方法:
./configure \
--sysconfdir=/etc \
--with-user=root \
--with-group=root \
--disable-zlib-vcheck \
--enable-milter;

(c)指定用户qscand和组qscand来运行ClamAV,以结合后面qmail-qscand的安装:
./configure \
--sysconfdir=/etc \
--with-user=qscand \
--with-group=qscand \
--disable-zlib-vcheck \
--enable-milter;

注意: 因為本系统需要结合qmail-qscand来执行病毒扫描和用syslog来记录日志,所以若在
此編譯步驟中指定用户qscand来運行ClamAV, 就可以統一上述兩個系統的使用者,否则將要
在后面相關步驟中修改ClamAV的日志文档的属性,令qmail-qscand的脚本有权读写ClamAV的
日志文档.如果選擇使用QHPSI來調用ClamAV,那么...???...
make;
make install;
請注意: 用tar資源安裝的預設路徑是/usr/local/bin/,若設置QHPSI請留意匹配相應設置.
-------------------------------------------------------------------------------

===============================================================================
3) 配置和调整ClamAV的设置;
===============================================================================
-------------------------------------------------------------------------------
(a) 设置系统自动啟動clamav-milter和clamd;
-------------------------------------------------------------------------------
chkconfig clamav-milter on
chkconfig clamd on
service clamav-milter start
service clamd start
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
(b) 修改設置文檔;
-------------------------------------------------------------------------------
vi /etc/sysconfig/clamav-milter;        #预设符合要求,一般不用修改
vi /etc/freshclam.conf;        #必须按说明注释掉freshclam.conf开头处一行如下:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Comment or remove the line below.
#Example                #注释此行,设置此行没有任何意义,只是确保执行修改动作
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
vi /etc/clamd.conf;        #必须按说明注释掉clamd.conf开头处一行如下:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Comment or remove the line below.
#Example                #注释此行,设置此行没有任何意义,只是确保执行修改动作
ScanMail yes                #必須打開ScanMail這個選項(其實默認已經開啟)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

请注意: 为保证安全,千万不要打开Clam AntiVirus的二进制执行文件的SGID和SUID;
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
(c) 調整sendmail的掃描參數(如果您需要sendmail的話);
-------------------------------------------------------------------------------
ClamAV-milter是專門給sendmail呼叫用的,因此必須修改sendmail設定.如果您不需要直接由sendmail呼叫ClamAV-milter,例如是利用MailScanner來呼叫ClamAV的, 那么您就不需要啟動ClamAV-milter(其實根本都不用安裝ClamAV-milter),但是可能要另外安裝 ClamAV 的perl module.如果安裝clamav-milter時未取消sm-client的支持,那么當clamav-milter啟動時候,它就會自動檢查 /etc/mail/sendmail.cf 中是否已經配置了相應的掃描選項, 若檢查不到相應的掃描設置, clamav-milter 就無法正常啟動, 而必須先在 /etc/mail/sendmail.mc 中設置clmilter掃描選項,然后再編譯成/etc/mail/sendmail.cf控制文檔,或者干脆刪除sendmail,令clamav-milter無法尋找到/etc/mail/sendmail.cf.
設置sendmail調用clamav-milter掃描功能的方法如下:
vi /etc/mail/sendmail.mc;        (必須在OSTYPE(`linux')dnl之後)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
OSTYPE(`linux')dnl
INPUT_MAIL_FILTER(`clmilter',`S=local:/var/clamav/clmilter.socket,T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS',`clmilter')
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

請注意:如果你也同時使用 milter-greylist,應該先放 milter-greylist 的設定,然後才放 clamav-milter。這樣當一封電子郵件到達時,Sendmail 會先呼叫 milter-greylist然後才呼叫 clamav-milter。整個設定如下:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
OSTYPE(`linux')dnl
INPUT_MAIL_FILTER(`greylist',`S=local:/var/milter-greylist/milter-greylist.sock')
define(`confMILTER_MACROS_CONNECT', `j, {if_addr}')
define(`confMILTER_MACROS_HELO', `{verify}, {cert_subject}')
define(`confMILTER_MACROS_ENVFROM', `i, {auth_authen}')
INPUT_MAIL_FILTER(`clamav-milter',`S=local:/var/run/clamav/clamav-milter.sock,F=, T=S:4m;R:4m')dnl
define(`ConfINPUT_MAIL_FILTERS', `clamav-milter')dnl
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

make -C /etc/mail;                (重新編譯sendmail.cf控制文檔)
service sendmail restart;
請注意: 因為本系統無需使用sendmail功能,上述設置只是因為clamav-milter安裝時需要尋找sm-client的支持,因此順便介紹一下在sendmail系統中使用clamav的方法. 如果覺得上述配置比較麻煩,那么建議您在安裝clamav-milter時候用--nodeps參數取消 sm-client的支持,這樣就可以忽略本步驟.
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
(d) 啟動 clamav 相關服務:
-------------------------------------------------------------------------------
service clamd start;
service clamav-milter start;        (啟動clamav-milter可能需時較長)
-------------------------------------------------------------------------------

===============================================================================
4) 测试并设置定时更新任务,并观察返回信息:
===============================================================================
-------------------------------------------------------------------------------
测试更新命令是否能顺利执行:
-------------------------------------------------------------------------------
/usr/bin/freshclam;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ClamAV update process started at Fri Mar 30 10:00:53 2007
main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder: tkojm)
daily.inc is up to date (version: 2965, sigs: 20319, f-level: 14, builder: ccordes)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ll /var/log/clamav/freshclam.log;        #检查一下更新记录档
如果返回错误信息,或者没有生成更新日志文档,请按如下步骤处理后在测试:
touch /var/log/clamav/freshclam.log;
chmod 600 /var/log/clamav/freshclam.log;
对应前面的安装所用的用户身份,请确保此目录的属性有相应权限:
chown -R clamav.clamav /var/log/clamav/;
注意: 此处测试用clamav来设置日志文档的权限, 如果您要在后面的安裝中使用clamav结合qmail-scanner来扫描电邮(即通过qmail-scanner来调用ClamAV,而非使用QHPSI), 那么后面的安装步骤全部完成后,ClamAV的日志文件权限必须设置成qmail-scanner的执行者有权读写;
说明: 可用如下参数,指定更新日志文档;
/usr/bin/freshclam --quiet -l /var/log/clam-update.log
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
设置定时更新病毒库的任务:
-------------------------------------------------------------------------------
vi /etc/crontab;        #如下定时任务中使用了--quiet参数,将不返回非错误信息
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
26 03 * * * root /usr/bin/freshclam --quiet
38 15 * * * root /usr/bin/freshclam --quiet
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
请注意: 按照官方网站的建议,因为大部分用户预设在每小时的开头0-3分钟更新,造成网络
非常拥塞,请尽量在别的分钟段内执行更新任务;
-------------------------------------------------------------------------------

论坛徽章:
0
发表于 2008-07-21 11:07 |显示全部楼层
第六节:安装垃圾邮件过滤系统SpamAssassin
===============================================================================
1) 安装Mail-SpamAssassin(可按如下A和B方法任选其一);
===============================================================================
-------------------------------------------------------------------------------
A) YUM安装方法:
-------------------------------------------------------------------------------
rpm -qa | grep spamassassin;        #检查是否已经安装
yum list | grep spamassassin;       #检查可用资源
yum install spamassassin;           #新安装
或者:
yum update spamassassin;            #更新
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
B) TAR资源安装方法:
-------------------------------------------------------------------------------
参考网站: http://spamassassin.apache.org/
下载资源: http://spamassassin.apache.org/downloads.cgi?update=200702131100
mkdir /usr/local/src/qmail/spamassassin;
cd /usr/local/src/qmail/spamassassin/;
wget http://apache.hkmirror.org/spama ... sassin-3.1.8.tar.gz;
或者:
wget http://apache.hkmirror.org/spama ... sassin-3.2.1.tar.gz;
tar zxvf Mail-SpamAssassin-3.2.1.tar.gz;
cd Mail-SpamAssassin-3.2.1;
請注意,安裝TAR之前,應先檢查系統是否安裝了預設的RPM:
rpm -qa | grep spam;
如有安裝RPM,可以先刪除:
rpm -e spamassassin;
export LANG=en_US;
perl Makefile.PL;
make;
make install;
如有需要,可将tar资源编译成rpm资源:
rpmbuild -tb Mail-SpamAssassin-3.1.8.tar.gz;
ls /usr/src/redhat/BUILD/Mail-SpamAssassin-3.1.8;
-------------------------------------------------------------------------------

===============================================================================
2) 调整配置Mail-SpamAssassin;
===============================================================================
增加一个用来运行Mail-SpamAssassin的用户:
groupadd spamd;
useradd -g spamd -s /bin/false spamd;
vi /etc/sysconfig/spamassassin;        #指定Mail-SpamAssassin以上述用户运行,改成如下:
-------------------------------------------------------------------------------
# Options to spamd
#SPAMDOPTIONS="-d -c -m5 -H"                        #这是原文
SPAMDOPTIONS="-x -u spamd -H /home/spamd -d"        #改成如此
-------------------------------------------------------------------------------
請注意: 如果用TAR安裝,可能不存在上述文件,那么則新建即可;
vi /etc/mail/spamassassin/local.cf;                #设置扫描参数
-------------------------------------------------------------------------------
# SpamAssassin config file for version 2.5x
# generated by http://www.yrex.com/spam/spamconfig.php (version 1.01)
# How many hits before a message is considered spam.
required_hits           5.0
# Whether to change the subject of suspected spam
rewrite_subject         1
# Text to prepend to subject if rewrite_subject is used
subject_tag             *****SPAM*****
# Encapsulate spam in an attachment
report_safe             1
# Use terse version of the spam report
use_terse_report        0
# Enable the Bayes system
use_bayes               1
# Enable Bayes auto-learning
auto_learn              1
# Enable or disable network checks
skip_rbl_checks         0
use_razor2              1
use_dcc                 1
use_pyzor               1
# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
# - chinese english
ok_languages            zh en
# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales              en zh
-------------------------------------------------------------------------------

請注意: 上述設置在升級到3.2.1之后會報錯,是因為相關參數名稱已改,請用如下設置:
-------------------------------------------------------------------------------
# This is the right place to customize your installation of SpamAssassin.
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
# Only a small subset of options are listed below
###########################################################################
#   Add *****SPAM***** to the Subject header of spam e-mails
rewrite_header Subject *****SPAM*****
#   Save spam messages as a message/rfc822 MIME attachment instead of
#   modifying the original message (0: off, 2: use text/plain instead)
report_safe 1
#   Set which networks or hosts are considered 'trusted' by your mail
#   server (i.e. not spammers)
# trusted_networks 212.17.35.
#   Set file-locking method (flock is not safe over NFS, but is faster)
# lock_method flock
#   Set the threshold at which a message is considered spam (default: 5.0)
required_score 5.0
#   Use Bayesian classifier (default: 1)
use_bayes 1
#   Bayesian classifier auto-learning (default: 1)
bayes_auto_learn 1
#   Set headers which may provide inappropriate cues to the Bayesian
#   classifier
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status
# Use terse version of the spam report
#use_terse_report        0
# Enable Bayes auto-learning
#auto_learn              1
# Enable or disable network checks
skip_rbl_checks         0
use_razor2              1
#use_dcc                 1
use_pyzor               1
# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
# - chinese english
#ok_languages            zh en
# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales              en zh
-------------------------------------------------------------------------------

相关说明:
required_hits           5.0 (点数超过5就认为是垃圾邮件)
===============================================================================

===============================================================================
3) 设置开机自动运行:
===============================================================================
检查如下文件是否存在:
ll /etc/rc.d/init.d/spamassassin;
检查系统是否已经设置spamassassin服务:
setup->System Service
寻找是否有名为spamassassin的服务存在,如果有,则加上*标记,设置为开机自动启动;
一般情况下,用YUM方法安装,会自动设置spamassassin服务,如果用TAR资源安装,则必须手工设置(为了区别系统原先预设的spamassassin服务名称,可使用另一个名称,如spamd:
cp spamd/redhat-rc-script.sh /etc/rc.d/init.d/spamd;
chkconfig --add spamd;             #将init.d目录下名为spamd的程序设置为service服务
chkconfig spamd on;                #将服务spamd设置为开机自动启动
/etc/rc.d/init.d/spamd start;        #手工启动spamd
或者:
/etc/rc.d/init.d/spamassassin start;
测试扫描功能:
spamassassin -t < sample-spam.txt;
spamassassin -t < sample-nonspam.txt;

检查扫描结果:
ll /root/.spamassassin/;
(注: 以当前用户身份(root)扫描,会在家目录下产生.spamassassin目录和相关文件)

论坛徽章:
0
发表于 2008-07-21 11:09 |显示全部楼层
第七節:建立Qmail的運行腳本===============================================================================
1) 建立Qmail的service运行脚本(qmail-pop3d,qmail-smtpd和qmail-send)
===============================================================================
如果下列相關目錄尚未建立,請先建立:
mkdir /service;        (此目錄應該在安裝daemontools時自動產生)
mkdir -p /var/qmail/supervise/qmail-pop3d/log;
mkdir -p /var/qmail/supervise/qmail-smtpd/log;
mkdir -p /var/qmail/supervise/qmail-send/log;
vi /var/qmail/supervise/qmail-pop3d/run;
-------------------------------------------------------------------------------
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec tcpserver -H -R -v -c 100 0 110 qmail-popup home.uplooking.com \
/home/vpopmail/bin/vchkpw qmail-pop3d Maildir 2>&1
-------------------------------------------------------------------------------

vi /var/qmail/supervise/qmail-pop3d/log/run;
-------------------------------------------------------------------------------
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec setuidgid qmaill multilog t s1000000 n20 /var/log/qmail/qmail-pop3d 2>&1
-------------------------------------------------------------------------------

vi /var/qmail/supervise/qmail-smtpd/run;
-------------------------------------------------------------------------------
#!/bin/sh
export BASE64=""
export QHPSI="clamdscan"
export QHPSIARG1="--no-summary"
export REPLY554="{virus found} [see: http://www.fehcom.de/emailolicy.html]"
export BADMIMETYPE=""
export BADLOADERTYPE="M"
export SMTPAUTH=""
export BOUNCEMAXBYTES=""
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exit 1
fi
exec softlimit -m 30000000 \
tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp rblsmtpd \
/var/qmail/bin/qmail-smtpd \
/home/vpopmail/bin/vchkpw /bin/true 2>&1
-------------------------------------------------------------------------------

vi /var/qmail/supervise/qmail-smtpd/log/run;
-------------------------------------------------------------------------------
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec setuidgid qmaill multilog t s1000000 n20 /var/log/qmail/qmail-smtpd 2>&1
-------------------------------------------------------------------------------

vi /var/qmail/supervise/qmail-send/run;
-------------------------------------------------------------------------------
#!/bin/sh
exec /var/qmail/rc
-------------------------------------------------------------------------------

vi /var/qmail/supervise/qmail-send/log/run;
-------------------------------------------------------------------------------
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec setuidgid qmaill multilog t s1000000 n20 /var/log/qmail/qmail-send 2>&1
-------------------------------------------------------------------------------

設置上述腳本的執行權限:
chmod 751 /var/qmail/supervise/qmail-pop3d/run;
chmod 751 /var/qmail/supervise/qmail-pop3d/log/run;
chmod 751 /var/qmail/supervise/qmail-smtpd/run;
chmod 751 /var/qmail/supervise/qmail-smtpd/log/run;
chmod 751 /var/qmail/supervise/qmail-send/run;
chmod 751 /var/qmail/supervise/qmail-send/log/run;
===============================================================================


===============================================================================
2) 建立Qmail的运行控制脚本rc和服務控制腳本qmailctl;
===============================================================================
vi /var/qmail/rc;
-------------------------------------------------------------------------------
#!/bin/sh
exec env - PATH="/var/qmail/bin;$PATH" \
qmail-start "`cat /var/qmail/control/defaultdelivery`"
-------------------------------------------------------------------------------
chmod 755 /var/qmail/rc;

vi /var/qmail/bin/qmailctl;
-------------------------------------------------------------------------------
#!/bin/sh
# For Red Hat chkconfig
# chkconfig: - 80 30
# description: the qmail MTA
PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin
export PATH
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
case "$1" in
start)
echo "Starting qmail..."
echo ""
if svok /service/qmail-send ; then
svc -u /service/qmail-send /service/qmail-send/log
echo "Starting qmail-send"
else
echo "qmail-send supervise not running"
fi
if svok /service/qmail-smtpd ; then
svc -u /service/qmail-smtpd /service/qmail-smtpd/log
echo "Starting qmail-smtpd"
else
echo "qmail-smtpd supervise not running"
fi
if svok /service/qmail-pop3d ; then
svc -u /service/qmail-pop3d /service/qmail-pop3d/log
echo "Starting qmail-pop3d"
else
echo "qmail-pop3d supervise not running"
fi
if [ -d /var/lock/subsys ]; then
touch /var/lock/subsys/qmail
fi
;;
stop)
echo "Stopping qmail..."
echo ""
echo " qmail-smtpd"
svc -d /service/qmail-smtpd /service/qmail-smtpd/log
echo " qmail-send"
svc -d /service/qmail-send /service/qmail-send/log
echo " qmail-pop3d"
svc -d /service/qmail-pop3d /service/qmail-pop3d/log
if [ -f /var/lock/subsys/qmail ]; then
rm /var/lock/subsys/qmail
fi
;;
stat)
svstat /service/qmail-send
svstat /service/qmail-send/log
svstat /service/qmail-smtpd
svstat /service/qmail-smtpd/log
svstat /service/qmail-pop3d
svstat /service/qmail-pop3d/log
qmail-qstat
;;
doqueue|alrm|flush)
echo "Flushing timeout table and sending ALRM signal to qmail-send."
/var/qmail/bin/qmail-tcpok
svc -a /service/qmail-send
;;
queue)
qmail-qstat
qmail-qread
;;
reload|hup)
echo "Sending HUP signal to qmail-send."
svc -h /service/qmail-send
;;
pause)
echo "Pausing qmail-send"
svc -p /service/qmail-send
echo "Pausing qmail-smtpd"
svc -p /service/qmail-smtpd
echo "Pausing qmail-pop3d"
svc -p /service/qmail-pop3d
;;
cont)
echo "Continuing qmail-send"
svc -c /service/qmail-send
echo "Continuing qmail-smtpd"
svc -c /service/qmail-smtpd
echo "Continuing qmail-pop3d"
svc -c /service/qmail-pop3d
;;
restart)
echo "Restarting qmail:"
echo "* Stopping qmail-smtpd."
svc -d /service/qmail-smtpd /service/qmail-smtpd/log
echo "* Sending qmail-send SIGTERM and restarting."
svc -t /service/qmail-send /service/qmail-send/log
echo "* Sending qmail-pop3d SIGTERM and restarting."
svc -t /service/qmail-pop3d /service/qmail-pop3d/log
echo "* Restarting qmail-smtpd."
svc -u /service/qmail-smtpd /service/qmail-smtpd/log
;;
cdb)
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
chmod 644 /etc/tcp.smtp.cdb
echo "Reloaded /etc/tcp.smtp."
;;
help)
cat <<HELP
stop -- stops mail service (smtp connections refused, nothing goes out)
start -- starts mail service (smtp connection accepted, mail can go out)
pause -- temporarily stops mail service (connections accepted, nothing leaves)
cont -- continues paused mail service
stat -- displays status of mail service
cdb -- rebuild the tcpserver cdb file for smtp
restart -- stops and restarts smtp, sends qmail-send a TERM & restarts it
doqueue -- schedules queued messages for immediate delivery
reload -- sends qmail-send HUP, rereading locals and virtualdomains
queue -- shows status of queue
alrm -- same as doqueue
flush -- same as doqueue
hup -- same as reload
HELP
;;
*)
echo "Usage: $0 {start|stop|restart|doqueue|flush|reload|stat|pause|cont|cdb|queue|help}"
exit 1
;;
esac

exit 0

-------------------------------------------------------------------------------
chmod 755 /var/qmail/bin/qmailctl;
ln -s /var/qmail/bin/qmailctl /usr/bin;

论坛徽章:
0
发表于 2008-07-21 11:09 |显示全部楼层
不错,我的安装后,杀毒软件有点问题。
我会好好学习学习你的。谢谢!
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

SACC2019中国系统架构师大会

【数字转型 架构演进】SACC2019中国系统架构师大会,8.5折限时优惠重磅来袭!
2019年10月31日~11月2日第11届中国系统架构师大会(SACC2019)将在北京隆重召开。四大主线并行的演讲模式,1个主会场、20个技术专场、超千人参与的会议规模,100+来自互联网、金融、制造业、电商等领域的嘉宾阵容,将为广大参会者提供一场最具价值的技术交流盛会。

限时8.5折扣期:2019年9月30日前


----------------------------------------

大会官网>>
  

北京盛拓优讯信息技术有限公司. 版权所有 16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122
中国互联网协会会员  联系我们:huangweiwei@it168.com
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP