在CentOS5/RHEL5中安装Qmail商业邮件系统(转发)

c2shield

3) 設置SMTP認證特性;
===============================================================================

-------------------------------------------------------------------------------
(a) 只允许本地(127.0.0.1)发送信件:
-------------------------------------------------------------------------------
echo '127.0.0.1:allow,RELAYCLIENT=""' >> /etc/tcp.smtp;
qmailctl cdb;        (需重新生成數據庫)
请注意: 因为本安装只是要设置POP3服务器,所以不允许外部主机relay发信;如果需要配置
通过SMTP发信的服务器,則需要具备SMTP认证功能.
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
(b) 通過/etc/tcp.smtp啟用SMTP認證;
-------------------------------------------------------------------------------
在Qmail系統中啟動SMTP認證功能非常簡單,只需在/etc/tcp.smtp中設置變數SMTPAUTH=""
即可.因此可將上述語句改為:
echo '127.0.0.1:allow,SMTPAUTH="",RELAYCLIENT=""' >> /etc/tcp.smtp;
qmailctl cdb;        (需重新生成數據庫)
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
(c) 通過qmail-smtpd腳本啟用SMTP認證;
-------------------------------------------------------------------------------
也可以在supervise的qmail-smtpd服務的run腳本中加入SMTPAUTH=""變量,來啟動SMTP認證功能,例如:
vi /var/qmail/supervise/qmail-smtpd/run;
----------------------------------------
#!/bin/sh
export BADMIMETYPE=""
export BADLOADERTYPE="M"
export SMTPAUTH=""
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
   ...
   ...
----------------------------------------
-------------------------------------------------------------------------------
請注意: 上述(a)與(b)中的變量SMTPAUTH=""指示qmail-smtpd采取plain認證方式,但這只是最新版本的spamcontrol(2.4.1的要求,舊版本則不需要加入變量.

===============================================================================
4) 建立Qmail的接收档生成脚本;
===============================================================================
vi /var/qmail/users/vpopmail-users-alias2recipients;
-------------------------------------------------------------------------------
#!/bin/sh
#LANG=C
QMAIL=/var/qmail

if [ -e $QMAIL/users/recipients ]; then
  if [ -e $QMAIL/users/recipients.bak ]; then
    rm -f $QMAIL/users/recipients.bak
  fi
  mv $QMAIL/users/recipients $QMAIL/users/recipients.bak
fi

for vdomainpath in `cat /var/qmail/users/assign | cut -d: -f 5 | grep -v -w -e '^\.$' | sort | uniq`; do
  if [ -d ${vdomainpath} ]; then
    cd ${vdomainpath}
    ls -l | grep ^d | awk '{print $9"@localhost"}' | sed -e 's/localhost/'${vdomainpath##*/}'/' | sort -u >> $QMAIL/users/recipients
    ls -l .qmail-*| grep -v .qmail-default  | tr -s " " | awk '{print $9}' | awk -F- '{print $2"@localhost"}' | sed -e 's/localhost/'${vdomainpath##*/}'/' | sed -e 's/:/./' | sed -e 's/:/./' | sort -u >> $QMAIL/users/recipients
  fi
done

if [ -s $QMAIL/users/recipients ]; then
  /var/qmail/bin/qmail-recipients
  qmailctl reload
else
  rm -f $QMAIL/users/recipients
  mv $QMAIL/users/recipients.bak $QMAIL/users/recipients
fi
-------------------------------------------------------------------------------
chmod 755 /var/qmail/users/vpopmail-users-alias2recipients;

===============================================================================
5) 建立Qmail的非法格式地址档生成脚本;
===============================================================================
vi /var/qmail/control/vpopmail-users-alias2badrcptto;
-------------------------------------------------------------------------------
#!/bin/sh
LANG=C
QMAIL=/var/qmail
VPOPMAIL=/home/vpopmail/domains

rm -rf $QMAIL/control/badrcptto
echo "*" > $QMAIL/control/badrcptto

for i in `ls -l $VPOPMAIL | grep ^d | awk '{print $9}'`
do
  cd  $VPOPMAIL/$i
  ls -l | grep ^d | awk '{print "!"$9"@localhost"}' | sed -e 's/localhost/'$i'/' | sort -u >> $QMAIL/control/badrcptto
done

for i in `ls -l $VPOPMAIL | grep ^d | awk '{print $9}'`
do
  cd  $VPOPMAIL/$i
  ls -l .qmail-*| grep -v .qmail-default  | tr -s " " | awk '{print $9}' | awk -F- '{print "!"$2"@localhost"}' | sed -e 's/localhost/'$i'/' | sort -u >> $QMAIL/control/badrcptto
done
-------------------------------------------------------------------------------
chmod 755 /var/qmail/control/vpopmail-users-alias2badrcptto;

===============================================================================
6) 建立Qmail的控制项脚本;
===============================================================================
echo ./Maildir > /var/qmail/control/defaultdelivery;
chmod 644 /var/qmail/control/defaultdelivery;

echo 100 > /var/qmail/control/concurrencyremote;
chmod 644 /var/qmail/control/concurrencyremote;

echo 255 > /var/qmail/control/concurrencyincoming;
chmod 644 /var/qmail/control/concurrencyincoming;

echo users/recipients.cdb > /var/qmail/control/recipients;
chmod 644 /var/qmail/control/recipients;

#控制回彈電郵的大小不能超過2K;
echo "2048" > /var/qmail/control/bouncemaxbytes;
chmod 644 /var/qmail/control/bouncemaxbytes;

ll /var/qmail/control/rcpthosts;               #(檢查主機列表文件是否已經存在);
echo "" > /var/qmail/control/rcpthosts;        #(若未有主機文件就必須手工建立);

复制qmail安装资源目录下的四个控制文档:
cp /usr/local/src/qmail/qmail-1.03/badmailfrom /var/qmail/control/;
cp /usr/local/src/qmail/qmail-1.03/badrcptto /var/qmail/control/;
cp /usr/local/src/qmail/qmail-1.03/badmimetypes /var/qmail/control/;
cp /usr/local/src/qmail/qmail-1.03/badloadertypes /var/qmail/control/;

上述四个控制文档必须从打过补丁(例如spamcontrol)的安装资源中复制,可用vi检查其内容:
vi /var/qmail/control/badmailfrom;
vi /var/qmail/control/badrcptto;
vi /var/qmail/control/badmimetypes;
vi /var/qmail/control/badloadertypes;

c2shield

7) badmimetypes 和 badloadertypes 的使用
===============================================================================
badmimetypes 和 badloadertypes 是一个在 smtp data 会话阶段的扫描功能, 由于不存在额外的进程调度, 并且 badmimetypes 及 badloadertypes 的数据均采用 cdb 结构,所以其扫描效率相当高. badmimetypes.cdb 是存放的需要过滤的MIME特征码,一般是取经过base64编码的MIME附件至少头9个字符, 例如下面的 badmimetypes 文檔內容:
vi /var/qmail/control/badmimetypes;
------------------------------------------------------------------------------
TVqQAAMAA
TVpQAAIAA
TVpAALQAc
TVpyAXkAX
TVrmAU4AA
TVrhARwAk
TVoFAQUAA
TVoAAAQAA
TVoIARMAA
TVouARsAA
TVrQAT8AA
TVrvAEQAe
# MyDoom (*.zip)
UEsDBAoAA
# *.zip 如果需要禁止所有 .zip 的附件, 可以取消下面一行的注释
# UEsDBAkAA
# *.z (gnu-zip)
# H4sIADWWb
# double Base 64 Windows Executable
VFZxUUFBT
# triple Base 64 Windows Executable
VkZaeFVVR
# Pif File
TVoAAAEAA
# Bagle
ZGltIGZpb
------------------------------------------------------------------------------
可以通过任何文本编辑器, 建立或者编辑 /var/qmail/control/badmimetypes 文件,然后使用 /var/qmail/bin/qmail-badmimetypes 生成 badmimetypes.cdb 供qmail-smtpd调用. 在Qmail系統中激活 badmimetypes 功能的方法是,在qmail-smtpd环境中增加BADMIMETYPE变量, 例如要通过tcp.smtp.cdb來調用badmimetypes,參考如下設置:
vi /etc/tcp.smtp;
------------------------------------------------------------------------------
:allow,BADMIMETYPE=""
------------------------------------------------------------------------------
通過在/var/qmail/supervise/qmail-smtpd/run中設置相同的變數,也可以達到目的:
vi /var/qmail/supervise/qmail-smtpd/run;
------------------------------------------------------------------------------
export BADMIMETYPE=""
------------------------------------------------------------------------------
badloadertypes 的原理与 badmimetypes 类似, 不同之处是 badmimetypes 仅仅对 MIME编码的开始至少9个字符进行匹配比较, 而 badloadertypes 匹配的是整行,也可以说是整个附件内容. badloadertypes 是存放的敏感的 windows 调用特征码, 例如Kernel32.dll,截取了其中的32.dll, 其相应的base64编码为MzIuZ,下面是一些基本的badloadertypes的特征码:
vi /var/qmail/control/badloadtypes;
------------------------------------------------------------------------------
# Kernel32.dll; BADLOADERTYPE='M'
Mi5kb
MzIuZ
MyLmR
MyLkR
Mi5ET
My5le
#LoadLibraryA; BADLOADERTYPE='A'
#AExvYWRMaWJyYXJ5QQAA
#GetProcAddress; BADLOADERTYPE='A' (false positive risk)
#AABHZXRQcm9jQWRkcmVzcwAA
------------------------------------------------------------------------------
通过使用 /var/qmail/bin/qmail-badloadertypes ,可以从 badloadertypes 生成數據庫badloadertypes.cdb, 以供 qmail-smtpd 使用. 在Qmail中激活badloadertypes功能的方法跟上述調用badmimetypes的方法一樣,也是必須在qmail-smtpd环境中增加變數 BADLOADERTYPE="M" 或者 BADLOADERTYPE="A".例如要通过tcp.smtp.cdb來調用badloadertypes,參考如下設置:
vi /etc/tcp.smtp;
------------------------------------------------------------------------------
:allow,BADLOADERTYPE="M"
------------------------------------------------------------------------------
通過在/var/qmail/supervise/qmail-smtpd/run中設置相同的變數,也可以達到目的:
vi /var/qmail/supervise/qmail-smtpd/run;
------------------------------------------------------------------------------
export BADLOADERTYPE="M"
------------------------------------------------------------------------------

===============================================================================
使用QHPSI(Qmail High Performance Scanner Interface - Qmail高性能掃描接口);
===============================================================================
QHPSI 是一个调用外部病毒扫描程序的接口, 邮件在进入 qmail-queue 程序中 fork 外部程序执行扫描, 不像qmail-scanner 一类的软件, 需要额外的程序和进程开销, 因此QHPSI效率很高.QHPSI 可以和现在流行的开源软件 clamav 完美结合. 配置的方法是在qmail-smtpd的环境中设置如下相關變數:
QHPSI                设置病毒扫描程序(AV),例如 clamdscan ;
QHPSIARG1        设置調用病毒扫描程序的相应参数;
QHAPSIARG2        设置調用病毒扫描程序的相应参数;
QHPSIARG3        设置調用病毒扫描程序的相应参数;
QHPSIRC         设置扫描程序的返回码,若AV扫描到病毒时返回码不是1,則用此指定;
QHPSIMINSIZE        设置扫描邮件的最小长度,單位為字節,避免掃描小郵件,節省系統開銷;
QHPSIMAXSIZE        设置扫描邮件的最大长度,單位為字節,避免掃描大郵件,防止系統延迟;
請注意: 利用QHPSI調用Clam AV來掃描病毒, 會遇到同利用Qmail-Scnnner來調用 Clam AV一樣的權限問題.請參考安裝Qmail-Scnnner中關于設置Clam AV權限的章節,將Clam AV設置成以root的身份來運行(因為SMTP的執行身份是qmailq).參考網址: http://www.fehcom.de/qmail/qmail.html
cd /usr/local/src/qmail/spamcontrol/;
wget http://www.fehcom.de/qmail/qhpsi/qhpsi-020_tgz.bin;
使用方法:
(a) 請參考在/etc/tcp.smtp中的設置調用Clam AV的范例:
-------------------------------------------------------------------------------
:allow,BASE64='',QHPSI='clamdscan',QHPSIARG1='--no-summary',REPLY554="{virus found}
-------------------------------------------------------------------------------
在qmail-smtpd中设置QHPSI来调用Clamv AV的范例:
-------------------------------------------------------------------------------
export BASE64=""
export QHPSI="clamdscan"
export QHPSIARG1="--no-summary"
export REPLY554="{virus found [see: http://www.fehcom.de/emailolicy.html]}"
-------------------------------------------------------------------------------
說明: 在上述設置中, BASE64='' 變數用于設置 QHPSI 僅僅對 base64 編碼的 MIME 附件才有效,其他類型的附件以及郵件正文內容則忽略掃描. 這樣設置可以節省系統開銷和提高掃描性能, 因為目前大部分病毒均使用 base64 編碼,并且通常只是存在于郵件的附件當中.但當然也不排除一部分 script 類型的病毒存在于 HTML 郵件的正文部分中,因此,您也可以根据實際情况來決定是否取消 BASE64 选项.
- The path of 'clamdscan' can be omitted, because it is in
  the standard path (/usr/local/bin).
- In the configuration file clamav.conf, the option
  'ScanMail' has to be enabled; clamd has to run as 'root'.
- The argument QHPSIARG1='--disable-summary' tells Clam AV
  to provide a single line output of the scan results.
- The argument QHPSIRC is not necessary, because
  'clanmdscan' return with 'RC=1' (the default) in
  case a virus infection is recognized.

注意: 如果clamdscan是用TAR资源安装的,那么默认路径应该是/usr/local/bin/clamdscan和/usr/local/bin/clamscan,其配置文件则可能是/usr/local/etc/clamd.conf,相应的启动服务则是/usr/local/sbin/clamd.

用TAR资源安装的clamav所有的运行权限应该是root,如有需要,可运行如下命令:
chmod +s /usr/local/bin/clamdscan;
chmod +s /usr/local/bin/clamscan;

如欲在/etc/tcp.smtp中來設置,那么的相应設置是:
-------------------------------------------------------------------------------
:allow,BASE64='',QHPSI='/usr/local/bin/clamdscan',QHPSIARG1='--no-summary'
-------------------------------------------------------------------------------

在qmail-smtpd中设置QHPSI来调用Clamv AV的范例:
-------------------------------------------------------------------------------
export BASE64=""
export QHPSI="/usr/local/bin/clamdscan"
export QHPSIARG1="--no-summary"
export REPLY554="{virus found [see: http://www.fehcom.de/emailolicy.html]}"
-------------------------------------------------------------------------------

另外: 在QHPSI中调用clamdscan需要先在后台启动clamd服务,否则clamdscan无法调用扫描程序则会令 SMTP 连线失败.若在QHPSI中调用clamscan则不需要预先启动clamd服务, 因为clamscan 会在每次调用的时候自己启动一个独立的clamd服务,无需一个常驻内存的 clamd进程,但扫描性能则相对较弱.通常情况下,用clamdscan来调用常驻内存的clamd服务来执行扫描任务,速度比调用clamscan快上好几倍.

(b) 請參考在/etc/tcp.smtp中的設置調用 McAfee 的范例:
-------------------------------------------------------------------------------
:allow,QHPSI='uvscan',QHPSIARG1='--secure',QHPSIMAXSIZE='9000000',QHPSIRC='13'
-------------------------------------------------------------------------------
說明:

- The path of 'uvscan' is '/usr/lcoal/bin' and can be ommitted.
- 'uvscan' returns with RC=13 in case a virus is found,
  therefore, QHPSIRC has to provide this value.
- The virus scanning is omitted, if the size of the message
  exceeds 9.000.000 byte, ~ 8.5MB.

(c) 請參考在 qmail-inject 中使用 QHPSI的方法:
因為 qmail-start 不會傳遞環境變數到 qmail-queue 中, 所以如果您想附帶掃描寄出的電郵,您就必須在 qmail-inject 中設置相關的 QHPSI 變數, 請參考如下內容:
-------------------------------------------------------------------------------
#!/bin/sh
export QHPSI='clamdscan'
export QHPSIARG1='--no-summary'
exec /var/qmail/bin/qmail-queue
-------------------------------------------------------------------------------
(上述說法應有誤,因為qmail-inject和qmail-queue都是二進制執行文件)

請注意: 本安裝手冊最後部分還另外介紹了一個名為qmail-scanner的掃描腳本,如果您想使用qmail-scanner來執行病毒掃描功能,那么可以忽略此處的設置.當然,若在此選擇設置QHPSI來設置掃描功能,則后面的qmail-scanner安裝部分也可以忽略病毒掃描部分(但仍然需要qmail-scanner來呼叫垃圾掃描部分). 必須注意的是,若是從速度和效率角度來評價,無疑QHPSI的掃描性能是要比qmail-scanner更為優越的,因此建議您盡可能選擇使用QHPSI來調用病毒掃描任務.

c2shield

9) 运行相关脚本,进行qmail系统的初始化工作;
===============================================================================
生成recipients系統帳號:
/var/qmail/users/vpopmail-users-alias2recipients;
ll /var/qmail/users/;

生成recipients数据库:
/var/qmail/bin/qmail-recipients;

检查一下是否正确生成或者更新了相关文档:
ll /var/qmail/users/recipients.cdb;

/var/qmail/bin/qmail-badmimetypes;
/var/qmail/bin/qmail-badloadertypes;

请注意: 因为vpopmail-users-alias2recipients程序调用到/var/qmail/users/assign,和/var/qmail/users/recipients,然而此时两个文件并不存在(要等后面安装好 vpopmail,并执行./home/vpopmail/bin/vadddomain test.com password后才会产生), 所以会显示错误信息.

建立啟動service的鏈接:
ln -s /var/qmail/supervise/qmail-send /service;
ln -s /var/qmail/supervise/qmail-smtpd /service;
ln -s /var/qmail/supervise/qmail-pop3d /service;

設置定時執行任務:        (每30分鐘執行一次更新用戶列表)
-------------------------------------------------------------------------------
0-59/30 * * * * root /var/qmail/users/vpopmail-users-alias2recipients
-------------------------------------------------------------------------------

請注意: 因為svscan會自動掃描service目錄,一旦上述鏈接建立,Qmail系統就會自動啟動,可用 ps aux | grep qmail 命令查看啟動結果.请注意: 为了方便安装,可以将上述(1-9)步骤中的命令整理一下,将需要生成和复制的控制文件集合成一个安装资源(放在scripts目录下),写成一个脚本程序(名为mail-scripts.sh)来执行安装任务.

第八節：安裝Qmailadmin和修正Domain Quota
===============================================================================
1) 安装autorespond套件;
===============================================================================
http://www.inter7.com/index.php?page=development
mkdir /usr/local/src/qmail/qmailadmin;
cd /usr/local/src/qmail/qmailadmin/;
wget http://www.inter7.com/devel/autorespond-2.0.5.tar.gz;
tar zxvf autorespond-2.0.5.tar.gz;
cd autorespond-2.0.5;
make;
make install;
請注意: 本安裝會將autorespond安裝到/usr/bin/目錄下,后面安裝qmailadmin時必須要用這個路徑來指定其中的選項.

===============================================================================
2) 安装ezmlm - easy mail listing manager
===============================================================================
參考網站: http://www.ezmlm.org/archive/
功能簡介:
-------------------------------------------------------------------------------
ezmlm-0.53 is a qmail-based mailing list manager written by Dan J. Bernstein. It has all the basic functionality of a mailing list manager, such as subscriber address management including automated bounce handling as well as message distribution and archiving.ezmlm-0.53 是一個基于Qmail系統的郵件列表管理系統,由Dan J.Bernstein所開發.它具備郵件列表管理系統的所有基本功能,例如訂閱,地址管理,包括自動反彈處理, 還有消息發布和歸檔.
ezmlm-idx is an add-on to ezmlm. It adds multi-message threaded message retrieval from the archive, digests, message and subscription moderation, and a number of remote administration function. It modifies the configuration program ezmlm-make(1) so that it uses a text file template rather than compiled-in texts in list creation. In this manner, ezmlm-idx allows easy setup of lists in different languages and customization of default list setup. ezmlm-idx also adds MIME handling, and other support to streamline use with languages other than English. As an ezmlm add-on, ezmlm-idx does not work without ezmlm and tries to be compatible with ezmlm as much as possible. ezmlm-idx also modifies the ezmlm subscriber database to be case insensitive to avoid many unsubscribe problems.
---
ezmlm-idx 是ezmlm的一個附件.
---
說明: 上述文字摘錄自官方網站的FAQ,為方便理解,我翻譯了部分中文.
-------------------------------------------------------------------------------

首先安裝ezmlm:
-------------------------------------------------------------------------------
參考網站: http://pobox.com/~djb/ezmlm.html
cd /usr/local/src/qmail/qmailadmin/;
wget http://cr.yp.to/software/ezmlm-0.53.tar.gz;
wget http://www.ezmlm.org/archive/ezmlm-0.53.tar.gz;
tar zxvf ezmlm-0.53.tar.gz;
請注意: 如果在下一步驟(安裝ezmlm-idx)中采用(a)方式安裝TAR資源,那么可以暫時先忽略如下安裝步驟(因為安裝ezmlm-idx的TAR資源需要先打idx.patch補丁):
cd ezmlm-0.53/;
make;
make man;
make setup;
-------------------------------------------------------------------------------

再安裝ezmlm-idx附件(可選擇a或b方式):
-------------------------------------------------------------------------------
(a) 安裝TAR資源;
官方网站最新版本: http://www.ezmlm.org/archive/6.0.0/
wget http://www.ezmlm.org/archive/5.1.1/ezmlm-idx-5.1.1.tar.gz;
wget http://www.ezmlm.org/archive/6.0.0/ezmlm-idx-6.0.0.tar.gz;
tar zxvf ezmlm-idx-0.xx.tar.gz;
mv ezmlm-idx-0.xx/* ezmlm-0.53/;
上述命令需對應相應的版本,例如:
mv -f ezmlm-idx-5.1.1/* ezmlm-0.53/;
mv -f ezmlm-idx-6.0.0/* ezmlm-0.53/;
cd ezmlm-0.53;
patch < idx.patch;
make;
make man;
make setup;
如果make setup時出現如下編譯錯誤:
-------------------------------------------------------------
fatal: unable to read ezmlm-mktab-mysql: file does not exist
-------------------------------------------------------------
vi BIN;        (請先刪除如下兩行,然后再make setup一次)
-------------------------------------------------------------
c:::755:/:ezmlm-mktab-mysql:
c:::755:/:ezmlm-mktab-pgsql:
-------------------------------------------------------------

(b) 安裝RPM套件;
官方网站最新版本: http://www.ezmlm.org/archive/6.0.0/
wget http://www.ezmlm.org/archive/6.0.0/ezmlm-idx-6.0.0-1.i386.rpm;
rpm -ivh ezmlm-idx-6.0.0-1.i386.rpm;
Qmail官方网站所提供的ezmlm的最新版本:
http://www.qmail.org/rpms/ezmlm-idx.html
wget http://www.qmail.org/rpms/RPMS/e ... 112memphis.i386.rpm;
rpm -ivh ezmlm-idx-std-0.53.442-5.i386.rpm;
一个较新的RPM版本(ezmlm-idx-std-5.1.1-7.i386.rpm):
http://distro.ibiblio.org/pub/li ... s.System.group.html
wget http://distro.ibiblio.org/pub/li ... td-5.1.1-7.i386.rpm
rpm -ivh ezmlm-idx-std-5.1.1-7.i386.rpm;
-------------------------------------------------------------------------------
請注意: ezmlm的安裝至此即可,下列步驟若無興趣可忽略;
自動測試:
-------------------------------------------------------------------------------
./ezmlm-test;        (這是ezmlm-idx的測試程序,若成功則返回如下信息)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ezmlm-make (1/2):     OK
Using subdb plugin:   std
ezmlm-reject:         OK
ezmlm-[un|is]sub[n]:  OK
ezmlm-send:           OK
ezmlm-tstdig:         OK
ezmlm-weed:           OK
ezmlm-make (2/2):     OK
ezmlm-clean:          OK
ezmlm-store:          OK
ezmlm-return:         OK
ezmlm-warn (1/2):     OK
ezmlm-manage (1/2):   delivered manget1 to wrong address
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-------------------------------------------------------------------------------
手工測試:        (下列步驟參考自ezmlm-0.53安裝文檔的范例)
-------------------------------------------------------------------------------
1. 確認資源目錄下有ezmlm-make執行檔. Create a mailing list:
./ezmlm-make ~/testlist ~/.qmail-testlist me-testlist host
用您自己的電郵地址替換"me"和"host",例如:
./ezmlm-make ~/testlist ~/.qmail-testlist user1-testlist test.com;

2. Subscribe yourself to the list manually:
./ezmlm-sub ~/testlist user1@test.com;

3. Send a message to the list:
echo subject:testing | /var/qmail/bin/qmail-inject user1-testlist@test.com;
(您將會在user1@test.com郵箱中收到一條標題為:testing的消息)

4. View the list membership:
./ezmlm-list ~/testlist
(您將會看到的是只有一行,包含您的郵箱地址)

5. Unsubscribe yourself through e-mail:
/var/qmail/bin/qmail-inject user1-testlist-unsubscribe@test.com < /dev/null; When you receive the confirmation number, reply to complete your unsubscription. Use ezmlm-list to check that the list is empty.

6. Retrieve the first message from the archive:
/var/qmail/bin/qmail-inject user1-testlist-get.1@test.com < /dev/null;
(您將會收到一個標題為:testing的消息備份)

7. 報告成功消息:
echo 'First M. Last'; cat `cat SYSDEPS` | mail djb-qst@koobera.math.uic.edu
請用您自己的名稱替代上面的'First M. Last',例如:
echo 'Jason Cheng'; cat `cat SYSDEPS` | mail djb-qst@koobera.math.uic.edu;
-------------------------------------------------------------------------------

配置CGI的網頁瀏覽界面:
-------------------------------------------------------------------------------
cp -p ezmlm-cgi /var/www/cgi-bin/;
chown root.root /var/www/cgi-bin/ezmlm-cgi;
chmod 4755 /var/www/cgi-bin/ezmlm-cgi;
vi /etc/ezmlm/ezcgirc;        (如果目錄/etc/ezmlm/不存在,請先建立)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Format for ezcgirc file
#listno;uid;listdir;listaddr;buttonbar;charset;style;bannerprog
0;0;/root/testlist;postmaster@test.com;[Home]=http://192.168.0.9/cgi-bin/ezmlm-cgi
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-------------------------------------------------------------------------------
安裝ezmlm-web;
-------------------------------------------------------------------------------
參考網站: https://systemausfall.org/toolforge/ezmlm-web/
下載資源: https://systemausfall.org/toolforge/ezmlm-web/download/
cd /usr/local/src/qmail/qmailadmin/;
wget https://systemausfall.org/toolfo ... lm-web-3.1.4.tar.gz;
tar zxvf ezmlm-web-3.1.4.tar.gz;
cd ezmlm-web-3.1.4/;
cp ezmlm-web.cgi /usr/local/bin/;
vi ezmlmwebrc;                        (檢查并修改必要的參數)
cp ezmlmwebrc /etc/ezmlm/;            (這是推薦目錄)
mkdir -p /usr/local/share/ezmlm-web;
cp -r lang /usr/local/share/ezmlm-web/;
cp -r template /usr/local/share/ezmlm-web/;
gcc -o index.cgi index.c;
cp index.cgi /var/www/cgi-bin/;
chmod 4755 /var/www/cgi-bin/index.cgi;
cp css/default.css /var/www/html/ezmlm-web.css;        (配合ezmlmwebrc中的HTML_CSS_FILE)
(... 安裝尚未成功 ...)
-------------------------------------------------------------------------------

c2shield

3) 下载qmailadmin最新版本
===============================================================================
参考网站: http://sourceforge.net/project/showfiles.php?group_id=6691
cd /usr/local/src/qmail/qmailadmin/;
wget http://jaist.dl.sourceforge.net/ ... admin-1.2.11.tar.gz;
tar -zxvf qmailadmin-1.2.11.tar.gz;
cd qmailadmin-1.2.11;
请注意: qmailadmin-1.2.11依然还不支持Domain Quota的动态分配和域名用户的自行調整,因此我们必须在configure之前手工修改原程序才能支持.关于修改的方法,请参考下一步骤所介绍的方法.為了簡化qmailadmin的安裝過程, 我將已經成功安裝的資源打包成一個名為qmailadmin-1.2.11.fixquota.tar.gz的壓縮檔案,可以直接使用.(若不想自己動手修改,就可以忽略下述第4步驟,直接跳到第5步驟開始安裝).

===============================================================================
4) 修改Domain Quota限制;
===============================================================================
qmailadmin源程序无法控制Domain Quota,邮件帐户可以设置任意大小的限制值而不受总Quota的控制.如要限制邮件帐户的Quota数值不能大于总的Domain Quota值,就必须在编译之前先修改qmailadmin的源程序.

-------------------------------------------------------------------------------
(a)如下是所需要修改的档案清单:
-------------------------------------------------------------------------------
所需修改的使用界面为:
html/add_user.html
html/mod_user.html
html/show_users.html

所需修改的各种语言的信息定义变量:
lang/en                                #英文语言的信息变量定义
lang/zh-cn                             #简体中文(gb2312)的信息变量定义

所需修改的原程序文件为:
limits.c
qmailadmin.c
qmailadminx.h
template.c
user.c                                #请注意新版中部分函数改名和参数调动问题
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
(b)修改使用界面;
-------------------------------------------------------------------------------
vi html/add_user.html;                #第44行需添加支持Quota的标记:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
<td align="left"><input type="text" size="16" name="quota" maxlength="128"> ##X901##+ ##X902##-</td>
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

vi html/mod_user.html;                #第98行(旧版为118行)改为如下:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
           ##X901##+  ##X902##-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

vi html/show_users.html;        #第42行改为如下:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
           ##X901##+ ##X902##-[
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
请注意: 上述修改使用了+和-做Quota的标记,是因为新版(qmailadmin-1.2.11)在其源程序(template.c)中已经使用了所有英语符号来做标记,所以必须使用别的符号来做配额的标记.我们这里选择用+(Domain Quota)和-(Used Quota)来做标记,也就是在template.c中CASE中选择了+和-来标记相关限额,上述修改中的所有涉及这个标记的修改,均是为了配合template.c中的修改.
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
(c) 修改各种语言的信息定义变量:
-------------------------------------------------------------------------------
vi lang/en;        #最后面添加五行如下:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
901 Whole storage:
902 Applied storage:
903 Over storage quota
904 Whole storage was totally used
905 setted storage must larger than the used storage
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

vi lang/zh-cn;        #参照说明补充两行,在最后面添加5行如下(注意用简体中文字):
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
316 修改密码
317 你不能删除管理者帐户
#上述两个定义参照lang/en中的定义(可能原程序遗漏了):
901 整个域总容量:
902 已分配容量:
903 设置的容量超过可用容量
904 已分配的容量已达到整个域总容量
905 设置的容量一定要大于已使用容量
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

如果要修改其他所有语言信息定义文件,可以先建立一个lang_fixquota.patch文件:
vi lang_fixquota.patch;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
901 Whole storage:
902 Applied storage:
903 Over storage quota
904 Whole storage was totally used
905 setted storage must larger than the used storage
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

然后用 cat 命令将lang_fixquota.patch文件的内容添加到相关文件中:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
cat fixquota.patch >> bg;
cat fixquota.patch >> cs;
cat fixquota.patch >> da;
cat fixquota.patch >> de;
cat fixquota.patch >> es;
cat fixquota.patch >> fi;
cat fixquota.patch >> fr;
cat fixquota.patch >> hu;
cat fixquota.patch >> it;
cat fixquota.patch >> ja;
cat fixquota.patch >> lt;
cat fixquota.patch >> nl;
cat fixquota.patch >> no;
cat fixquota.patch >> pl;
cat fixquota.patch >> pt-br;
cat fixquota.patch >> ru;
cat fixquota.patch >> sk;
cat fixquota.patch >> sv;
cat fixquota.patch >> tr;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
请注意: 上述语言信息定义格式采用阵列形式,左边数字是索引,右边文字为解释;在源程序中,语言信息定义是用阵列html_text[]来储存,因为新版qmailadmin改用数字来做索引,而且源程序中所定义的阵列长度是350。如果新添加的信息定义的索引数字大于350（例如我们上述所添加的索引数字为901，902，903，904 和 905，均大于350）, 在某些系统下可能无法正确储存阵列(取决于C语言的编译特性),由此而导致调用到此语言定义信息的相关页面无法正常显示,因此需要修正（增大）阵列长度.
vi qmailadmin.h;        #此头文件定义系统环境变数
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#define MAX_LANG_STR 350        // 找到定义MAX_LANG_STR的此行;
#define MAX_LANG_STR 950        // 将350修改为950;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
(d) 在limits.c, qmailadmin.c和qmailadminx.h中增加变量定义;
-------------------------------------------------------------------------------
vi limits.c;                (旧程序46行附近插入如下行
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
DefaultDomainQuota = Limits.diskquota;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
vi qmailadmin.c;        (旧程序82行附近插入如下行
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
int DefaultDomainQuota;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
vi qmailadminx.h;        (旧程序61行附近插入如下行
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
extern int DefaultDomainQuota;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
(e) 修改template.c源程序;
-------------------------------------------------------------------------------
vi template.c;               
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(e.1) 第41行处增加一行如下:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#include "qmailadmin.h"
#include "qmailadminx.h"
#define NOLIMIT_STR get_html_text("229")        #这是插入的新行
static char dchar[4];
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(e.2) 第53行处增加一行如下:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
static char NTmpBuf[500];
float count_users_quota();        #这是插入的新行
/*
* send an html template to the browser
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(e.3) 第79行处增加一行如下(send_template_now子函数):
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
struct vqpasswd *vpw;
char value[MAX_BUFF];
float UsedQuota = (count_users_quota())/1048576.0;        #这是插入的新行
  if (strstr(filename, "/")!= NULL||strstr(filename,"..")!=NULL) {
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(e.4) 第578行处增加两个case(+和-)共16行,因为新版(qmailadmin-1.2.11)其源程序中已
经使用了所有文字符号来做标记,所以必须使用别的符号来做配额的标记.例如用+(Domain
Quota)和-(Used Quota)来做标记:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
          case '+':                #这是新增加的case
               {
                 if (DefaultDomainQuota > 0) {
                    fprintf(actout, "%dM", DefaultDomainQuota);
                 } else {
                        fprintf(actout, "%s", NOLIMIT_STR);
                 }
               }
             break;

          case '-':                #这是新增加的case
               {
                 if (UsedQuota > 0.0) fprintf(actout, "%-2.2lfM", UsedQuota);
                 else fprintf(actout, "%s", NOLIMIT_STR);
               }
             break;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
提示: 可用如下的grep命令可查看当前版本中使用了那些符号作标记: grep 'case' template.c;
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
(f) 修改user.c源程序;
-------------------------------------------------------------------------------
(f.1) 第56行处增加一行如下:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#endif

float count_users_quota();        #这是插入的新行

int show_users(char *Username, char *Domain, time_t Mytime)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(f.2) 第333行处(adduser()子函数)需增加一个变量和IF条件语句如下:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  if ( MaxPopAccounts != -1 && CurPopAccounts >= MaxPopAccounts ) {
    sprintf(StatusMessage, sizeof(StatusMessage), "%s %d\n", html_text[199],
      MaxPopAccounts);
    show_menu(Username, Domain, Mytime);
    vclose();
    exit(0);
  }

#这是插入的变量和IF条件语句开始处
  float UsedQuota = count_users_quota();
  if ((DefaultDomainQuota > 0 && UsedQuota) >= (DefaultDomainQuota*1048576.0)) {
    snprintf (StatusMessage, sizeof(StatusMessage), "%s %dM\n", html_text[904],
      DefaultDomainQuota);
    show_menu(Username, Domain, Mytime);
    vclose();
    exit(0);
  }
#这是新插入的IF条件的结束处

  send_template( "add_user.html" );
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
说明: 在旧版本中用get_html_text("###")函数来调用语言定义信息,show_menu()也无须
参数;但在新版本中,则用html_text[###]数组来储存语言定义信息,而且show_menu()函数
也带有三个参数,变为show_menu(Username, Domain, Mytime).
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(f.3) 第391行处(addusernow()子函数)需增加一个变量和IF条件语句如下:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  if ( MaxPopAccounts != -1 && CurPopAccounts >= MaxPopAccounts ) {
    sprintf(StatusMessage, sizeof(StatusMessage), "%s %d\n", html_text[199],
      MaxPopAccounts);
    show_menu(Username, Domain, Mytime);
    vclose();
    exit(0);
  }

#这是插入的变量和IF条件语句如下
  float UsedQuota = count_users_quota();
  if ((DefaultDomainQuota > 0) && (UsedQuota >= (DefaultDomainQuota*1048576.0))) {
    sprintf(StatusMessage, sizeof(StatusMessage), "%s %dM\n", html_text[904],
      DefaultDomainQuota);
    show_menu(Username, Domain, Mytime);
    vclose();
    exit(0);
  }
#这是新插入的IF条件的结束处

  GetValue(TmpCGI,Newu, "newu=", sizeof(Newu));
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(f.4) 第409行(addusernow()子函数)需增加一个IF条件语句如下
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  // Coded added by jhopper
#ifdef MODIFY_QUOTA
  GetValue(TmpCGI, Quota, "quota=", sizeof(Quota));
#如下是新插入的行开始处,这是一个IF条件语句:
  if ((atof(Quota) > 0.0) && (atof(Quota) <= 500.0)) {
    if (quota_to_bytes(qconvert, Quota)) {
      sprintf(StatusMessage, html_text[314"));
      adduser();
      vclose();
      exit(0);
    } else if ((UsedQuota + (atof(Quota)*1048576.0)) > (DefaultDomainQuota*1048576.0)) {
      sprintf(StatusMessage, html_text[903"));
      adduser();
      vclose();
      exit(0);
    }
  } else {
    sprintf(StatusMessage, html_text[307"));
    adduser();
    vclose();
    exit(0);
  }
#这是新插入的IF条件语句的结束处:
#endif
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(f.5) 第503行需注释掉一个sprintf函数
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    /* report success */
/*    snprinth (StatusMessage, sizeof(StatusMessage), "%s %H@%H (%H) %s",
      html_text[2], Newu, Domain, Gecos,
      html_text[119]);
*/
  } else {
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(f.6) 第785行处需修改多行程序,修改后如下 可将整个#ifdef - #endif 替换掉)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#ifdef MODIFY_QUOTA
  /* strings used: 307 = "Invalid Quota", 308 = "Quota set to unlimited",
   * 309 = "Quota set to %s bytes"
   */
  if (AdminType == DOMAIN_ADMIN) {
    GetValue(TmpCGI, Quota, "quota=", sizeof(Quota));
    vpw = vauth_getpw(ActionUser, Domain);
    if ((strlen(Quota) == 0) || (strcmp (vpw->pw_shell, Quota) == 0)) {
      /* Blank or no change, do nothing */
    } else if ((atof(Quota) > 0.0) && (atof(Quota) <= 500.0)) {
      quotaptr = Quota;
      if (quota_to_bytes(qconvert, quotaptr)) {
        sprintf(StatusMessage, html_text[307"));
      } else if(strcmp(qconvert, vpw->pw_shell)==0) {
        /* unchanged, do nothing */
      } else {
        float UsedQuota = count_users_quota();
        vpw = vauth_getpw(ActionUser, Domain);
        float OldQuota = (atof(vpw->pw_shell));
        char path[256];
        long diskquota = 0, maxmsg = 0;
        snprintf(path, sizeof(path), "%s/Maildir", vpw->pw_dir);
        readuserquota(path, &diskquota, &maxmsg);
        if ((float)diskquota >= (atof(Quota)*1048576.0)) {
          sprintf(StatusMessage, html_text[905"));
        } else {
          if ((UsedQuota - OldQuota + (atof(Quota)*1048576.0)) > DefaultDomainQuota*1048576.0) {
            sprintf(StatusMessage, html_text[903"));
          } else if(vsetuserquota( ActionUser, Domain, qconvert )) {
            sprintf(StatusMessage, html_text[307"));
          } else {
            sprintf(StatusMessage, html_text[309], qconvert);
          }
        }
      }
    } else {
      sprintf(StatusMessage, html_text[307"));
    }
  }
#endif
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(f.7) 第1013行(最后面)增加一个函数
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
float count_users_quota()
{
  struct vqpasswd *pw;
  float ret = 0.0;

  pw = vauth_getall(Domain,1,0);
  while(pw!=NULL){
    if (strcmp(pw->pw_shell, "NOQUOTA") == 0) return -1.0;
    ret += atof(pw->pw_shell);
    pw = vauth_getall(Domain,0,0);
  }
  return ret;
}
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-------------------------------------------------------------------------------
请注意: 对于上述修改,我用diff命令(带 -ruN参数)做了一个patch档案,(请参考附录资源中的qmailadmin-1.2.11.fixquota.patch文档), 若有朋友嫌自己动手修改源程序麻烦, 也可以直接用下载此patch来使用.另外：Qmailadmin有关Quota限额的C源程序存在一个小小的BUG,它无法正确显示限额数值大于2048的数字（所有大于2048的数值都显示为2048），虽然真正有效的限额数值可以大于2048,但這個错误的显示却会使人相当困扰。

c2shield

5) 安装qmailadmin
===============================================================================
建立網頁主目錄:
mkdir /var/www/qmailadmin;
#一个标准（比较精简）的安装选项：
./configure \
--disable-ipauth \
--enable-modify-quota \
--enable-cgibindir=/var/www/cgi-bin \
--enable-htmllibdir=/var/www/qmailadmin \
--enable-htmldir=/var/www/html
#一个增强（比较丰富）的安装选项：
./configure \
--disable-ipauth \
--disable-user-index \
--enable-modify-quota \
--enable-vpopuser=vpopmail \
--enable-vpopgroup=vchkpw \
--enable-htmldir=/var/www/html \
--enable-cgibindir=/var/www/cgi-bin \
--enable-cgipath=/cgi-bin/qmailadmin \
--enable-imageurl=/images/qmailadmin \
--enable-imagedir=/var/www/html/images/qmailadmin \
--enable-htmllibdir=/var/www/qmailadmin \
--enable-qmaildir=/var/qmail \
--enable-ezmlmdir=/usr/local/bin/ezmlm \
--disable-ezmlm-mysql \
--enable-autoresponder-path=/usr/bin \
--enable-maxusersperpage=30 \
--enable-maxaliasesperpage=30 \
--enable-no-cache \
--enable-help

#相关选项的说明：
--enable-domain-autofill                #登錄ID自動補充主機名
  With autofill enabled, qmailadmin will search the file
  /var/qmail/control/virtualdomains for an entry that matches the
  hostname of the HTTP request.  So, if test.com appears in your
  virtualdomains file, <http://www.test.com/cgi-bin/qmailadmin>
  will pre-fill the domain field with "test.com".
  Note that with or without autofill enabled, you can pass parameters
  to qmailadmin to pre-fill the "User Account" and "Domain" fields.
  <http://www.test.com/cgi-bin/qmailadmin?dom=xyz.net&user=john> will
  prefill "Domain" with xyz.net and "User Account" with john.
--enable-spamcmd-needs-email        #
--enable-modify-spam
--enable-spam-command=CMD
--enable-modify-spam                #在管理頁面顯示垃圾掃描選項
--enable-vpopuser=vpopmail          #指定執行CGI程序的USER名稱
--enable-vpopgroup=vchkpw           #指定執行CGI程序的GROUP名稱
--enable-help                       #在登錄界面中顯示HELP鏈接

请注意： 关于垃圾扫描的选项,必须配合目前系统所安装的扫描功能特性.因為qmailadmin的CGI執行程序必須啟用suid功能,請確認您的cgi-bin目錄并不是在設置了'nosuid'選項的分區上(可在/etc/fstab上檢查到此選項).
make;
make install-strip;

===============================================================================
6) 测试安装结果:
===============================================================================
http://xxx.xxx.xxx.xxx/cgi-bin/qmailadmin
注意: 请在[User Account]中输入邮箱的用户帐号,例如postmaster, 在[Domain Name]中输入域名,例如test.com, 在[Password]中输入此邮件用户帐号的密码.

第九节：安装Courier(authlib+imap+sqwebmail+maildrop)和配置SSL支持
===============================================================================
1) 安装 Courier authentication library
===============================================================================
参考网站: http://www.courier-mta.org/
下载资源: http://www.courier-mta.org/download.php#authlib
mkdir /usr/local/src/qmail/courier/;
cd /usr/local/src/qmail/courier/;
wget http://prdownloads.sourceforge.n ... hlib-0.59.1.tar.bz2;
wget http://prdownloads.sourceforge.n ... hlib-0.59.1.tar.bz2;
wget http://prdownloads.sourceforge.n ... hlib-0.59.3.tar.bz2;
tar jxvf courier-authlib-0.59.3.tar.bz2;
cd courier-authlib-0.59.3;
請注意: courier-authlib-0.59.3 無法安裝成功,需按如下方法修正authvchkpw.c程序檔:
vi authvchkpw.c; (源程序缺少函數定義,請在第25行處插入如下補丁-請自行移除加號)
-------------------------------------------------------------------------------
static const char rcsid[]="$Id: authvchkpw.c,v 1.26 2007/04/22 18:53:30 mrsam Exp $";
+
+static int auth_vchkpw_login(const char *service, char *authdata,
+        int (*callback_func)(struct authinfo *, void *), void *callback_arg);
+
extern int auth_vchkpw_pre(const char *userid, const char *service,
        int (*callback)(struct authinfo *, void *),
-------------------------------------------------------------------------------

ll /usr/local/libexec/authlib;                #检查是否已有库目录
mkdir /usr/local/libexec/authlib;        #如果没有就要先建立

先設定環境參數:
-------------------------------------------------------------------------------
CPPFLAGS="-I/home/vpopmail/include"; export CPPFLAGS;
LDFLAGS="-L/home/vpopmail/lib"; export LDFLAGS;
-------------------------------------------------------------------------------

./configure \
--prefix=/usr/local \
--exec-prefix=/usr/local \
--without-authdaemon \
--without-stdheaderdir \
--without-authuserdb \
--without-authpam \
--without-authpwd \
--without-authshadow \
--without-authpgsql \
--without-authcustom \
--without-authldap \
--without-authmysql \
--disable-root-check \
--with-authvchkpw \
--with-ssl \
--with-authchangepwdir=/usr/local/libexec/authlib \
--with-redhat

make;
make check;
make install-strip;
make install-configure;
cd ..

vi /etc/rc.local;        #(設置開機自動啟動,请加入下面一行);
-------------------------------------------------------------------------------
/usr/local/sbin/authdaemond start;
-------------------------------------------------------------------------------
===============================================================================

===============================================================================
2) 安装 Courier-IMAP
===============================================================================
参考网站: http://www.courier-mta.org/
下载资源: http://www.courier-mta.org/download.php#imap
cd /usr/local/src/qmail/courier/;
wget http://prdownloads.sourceforge.n ... -imap-4.1.2.tar.bz2;
或者下載當前最新版:
wget http://prdownloads.sourceforge.n ... -imap-4.1.3.tar.bz2;
cp -p courier-imap-4.1.3.tar.bz2 /home/vpopmail/;
chown vpopmail.vchkpw /home/vpopmail/courier-imap-4.1.3.tar.bz2;
su - vpopmail;                #注意:按開發者指示,一定要转换成vpopmail用户来编译;
cd /home/vpopmail/;
tar jxvf courier-imap-4.1.3.tar.bz2;
cd courier-imap-4.1.3;
./configure \
--prefix=/usr/local \
--exec-prefix=/usr/local \
--without-ipv6 \
--with-authvchkpw \
--without-authldap \
--without-authmysql \
--disable-root-check \
--with-ssl \
--with-authchangepwdir=/usr/local/libexec/authlib \
--with-redhat
make;
make check;
exit;                                        #退出普通用户的身份,回到root的身份
cd /home/vpopmail/courier-imap-4.1.3/;        #回到刚才的安装目录
umask;                                        #检查root的umask是否022,如果不是,要先设置成022
make install-strip;                        #如果make install-strip失败,可试试make install;
make install-configure;

生成SSL证书:
ll /usr/local/share/imapd.pem;                #先检查一下是否已经有SSL证书
/usr/local/sbin/mkimapdcert;                #替IMAP-SSL产生一个SSL证书
ll /usr/local/share/imapd.pem;                #再检查一下是否已经产生SSL证书

注意事项:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
This will start and automated process that creates a self-signed imap-ssl X.509
certificate called imapd.pem. It should create this new certificate at
/usr/local/share/imapd.pem. If the certificate already exists, the "mkimapdcert"
tool will not let you overwrite it.

意思是说mkimapdcert工具会产生一个"self-signed"的认证文档 /usr/local/share/imapd.pem, 而如果此文档已存在, mkimapdcert工具不会覆盖它.

A Note on IMAP-SSL certificates: Keep in mind that since this SSL certificate is self-signed and is not from a "trusted" authority such as Verisign or Thawte, mail clients such as Outlook will give a warning when they attempt to connect to your IMAP-SSL server on port 995. The warning will state that the certificate is not from a "trusted" authority. While the warning is a bit ugly, it does NOT mean your IMAP-SSL connection is any less secure than it would be with a real certificate from Verisign or Thawte. All it means is that the SSL certificate was not generated
by a company which Microsoft recognizes as a "trusted" authority. From a security standpoint, however, your IMAP-SSL server is every bit as secure as it would be if you bought the certificate from Verisign or Thawte. If the warning is too inconvenient for your purposes, you will need to purchase a "real" certificate from a "trusted" authority such as Verisign or Thawte. Be prepared to shell out a good chunk of change if you do so.

大意是说"self-signed"证书会引起如Outlook之类的客户端邮件系统产生一个"not from a trusted authority"警告.也就是说Outlook通过995端口进行SSL连线时会弹出一个"安全凭证无法验证"的警告.
-------------------------------------------------------------------------------
注意: 必需在安裝 vpopmail 之後才可以安裝 courier-imap 套件。這樣 authvchkpw 模組才會被建立.

c2shield

3) 检查并修改安装程序产生的相关文件,配置SSL支持:
===============================================================================
ll /etc/pam.d/imap;                        #检查是否生成imap文件
ll /etc/pam.d/pop3;                        #检查是否生成pop3文件
ll /usr/local/etc/;                        #检查相关配置文档是否符合要求

-------------------------------------------------------------------------------
vi /usr/local/etc/imapd.cnf;                #修改管理者的电邮地址
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
emailAddress=postmaster@example.com
#请将电邮地址改成您的管理者电邮地址,例如:
emailAddress=postmaser@2068.net
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
vi /usr/local/etc/imapd;                #设置IMAPD的启动状态
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
请将 IMAPDSTART=NO 改为 IMAPDSTART=YES
如需要可将 MAXPERIP=4 改成 MAXPERIP=10         (同一IP最大連線數目,其實默认值4已足够)
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
vi /usr/local/etc/imapd-ssl;                #配置SSL支持参数
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
请将 IMAPDSSLSTART=NO 改为 IMAPDSSLSTART=YES

保证设置中如下行(如果没有此行,则手工添加一行即可):
TLS_CERTFILE=/usr/local/share/imapd.pem

如需要可添加一行 MAXPERIP=4                 (默认未设限制)
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
vi /usr/local/etc/authlib/authdaemonrc;        #设置认证模式
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
authmodulelist="authvchkpw authpipe"
找到上面那行(在第27行),请改为如下(保证只有authvchkpw):
authmodulelist="authvchkpw"

注意: 请不要修改 authmodulelistorig="authvchkpw authpipe" 此行设置;
-------------------------------------------------------------------------------
===============================================================================

===============================================================================
4) 配置自动启动脚本:
===============================================================================
cp /usr/local/libexec/imapd.rc /etc/rc.d/init.d/imap;
cp /usr/local/libexec/imapd-ssl.rc /etc/rc.d/init.d/imaps;

/usr/local/sbin/authdaemond stop;
/usr/local/sbin/authdaemond start;

/etc/rc.d/init.d/imap stop;
/etc/rc.d/init.d/imaps stop;
/etc/rc.d/init.d/imap start;
/etc/rc.d/init.d/imaps start;

测试连接:
telnet localhost 143

-------------------------------------------------------------------------------
vi /etc/rc.d/rc.local;                #请在authdaemond后面加入下面两行:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/usr/local/sbin/authdaemond start
/etc/rc.d/init.d/imap start
/etc/rc.d/init.d/imaps start
-------------------------------------------------------------------------------

请注意:
Courier-IMAP does not use inetd or xinetd. Any inetd or xinetd configuration
settings for the IMAP and POP3 ports must be turned off. Courier-IMAP will not
start if inetd or xinetd is listening for IMAP or POP3 connections.
===============================================================================

===============================================================================
5) 安装sqwebmail(webmail):
===============================================================================
参考网站: http://www.courier-mta.org/sqwebmail/
下载资源: http://www.courier-mta.org/download.php#sqwebmail

cd /usr/local/src/qmail/courier/;
wget http://prdownloads.sourceforge.n ... bmail-5.1.5.tar.bz2;
或者下載最新版本:
wget http://prdownloads.sourceforge.n ... bmail-5.1.6.tar.bz2;

tar jxvf sqwebmail-5.1.6.tar.bz2;
cd sqwebmail-5.1.6;

-------------------------------------------------------------------------------
設定環境參數:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
INCS=-I/usr/include/mysql;
export INCS;
LIBS='-L/usr/lib/mysql -lmysqlclient -lz';
export LIBS;
CPPFLAGS=-I/usr/include/mysql;
export CPPFLAGS;
LDFLAGS=-L/usr/lib/mysql;
export LDFLAGS;
-------------------------------------------------------------------------------

mkdir /var/www/sqwebmail/;        (建立安裝目录)

-------------------------------------------------------------------------------
安装pcre-devel;                #sqwebmail编译需要pcre资源,否则报错
-------------------------------------------------------------------------------
yum list | grep pcre;        #先检查一下是否已经安装pcre套件
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
pcre.i386                                4.5-3.2.RHEL4          installed
pcre-devel.i386                          4.5-3.2.RHEL4          base
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
yum install pcre-devel;
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
开始安装:
-------------------------------------------------------------------------------
./configure \
--with-cachedir \
--without-gzip \
--enable-webpass=yes \
--enable-softtimeout=1800 \
--enable-autopurge=7 \
--enable-maxpurge=90 \
--enable-unicode \
--enable-cgibindir=/var/www/cgi-bin \
--prefix=/var/www/sqwebmail \
--enable-imagedir=/var/www/html/images/sqwebmail \
--enable-imageurl=/images/sqwebmail/ \
--with-maxargsize=20971520 \
--with-maxformargsize=20971520 \
--with-maxmsgsize=20971520 \
--without-ispell \
--with-authshadow \
--without-authmysql \
--with-authldap \
--with-authuserdb \
--with-authpwd \
--without-authpam \
--with-authvchkpw \
--without-authdaemon

make configure-check;
make;
make check;
make install-strip;            # Do a make install if this doesn't work
make install-configure;        # Install configuration files

检查安装生成的相关目录和权限是否正确:
ll /var/www/sqwebmail/;                       #这是程序主目录
ll /var/www/cgi-bin/sqwebmail;                #这是web界面的cgi程序文件
ll /var/www/html/images/sqwebmail/;           #这是web界面的图象资源目录

考虑安全因素,应将sqwebmail的属主设定为vpopmail.vchkpw用户和群组:
chown vpopmail.vchkpw /var/www/cgi-bin/sqwebmail;

/var/www/sqwebmail/libexec/sqwebmaild.rc start;                #启动服务
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
设置开机自动启动:
-------------------------------------------------------------------------------
vi /etc/rc.d/rc.local;        #加入如下一行:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/www/sqwebmail/libexec/sqwebmaild.rc start
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
设置定时执行清理cache的任务:
-------------------------------------------------------------------------------
vi /etc/crontab;        #加入如下一行:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
20 * * * * root /var/www/sqwebmail/share/sqwebmail/cleancache.pl
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
测试安装结果: 打開瀏覽器,对应您的域名或者IP地址,输入如下连接:
-------------------------------------------------------------------------------
http://xxx.xxx.xxx.xxx/cgi-bin/sqwebmail

注意: 请在[User ID]中输入电邮地址全名,例如postmaster@test.com, 在[Password]中输入此邮件用户帐号的密码.
-------------------------------------------------------------------------------

===============================================================================
6) 安装maildrop(mail delivery agent with filtering abilities):
===============================================================================
maildrop是Courier mail server的一部分,用于Courier Mail Server的邮件过滤发送代理, 它可用来替代procmail作为本地邮件的发送代理.如果你想使用sqwebmail的郵件過濾(mail filtering),你就必須安裝maildrop作為傳輸代理. 绝大多数用户使用maildrop都是因为其过滤能力强,过滤语言灵活,支持Quota,并且可与MySQL/LDAP及小型dbm对接,可外挂各种程序,如SpamAssassin和杀毒软件,甚至SMS等,实现复杂的功能. (例如在本安裝系统后面將會安装Qmail-Scanner就要使用Maildrop中的eformmime功能)参考网站: http://www.courier-mta.org/maildrop/
下载资源: http://www.courier-mta.org/download.php#maildrop
cd /usr/local/src/qmail/courier;
wget http://prdownloads.sourceforge.net/courier/maildrop-2.0.3.tar.bz2;
或者下載最新版本:
wget http://prdownloads.sourceforge.net/courier/maildrop-2.0.4.tar.bz2;
tar jxvf maildrop-2.0.4.tar.bz2;
cd maildrop-2.0.4;
./configure \
--enable-maildirquota;
make;
make install-strip;        #If make install-strip fails, try make install.
make install-man;        #
cd ..;
/usr/local/bin/maildrop -v;        #检查安装结果
-------------------------------------------------------------------------------
maildrop 2.0.4 Copyright 1998-2005 Double Precision, Inc.
GDBM extensions enabled.
Courier Authentication Library extension enabled.
Maildir quota extension enabled.
This program is distributed under the terms of the GNU General Public
License. See COPYING for additional information.
-------------------------------------------------------------------------------
请注意: 如果没有出现"Courier Authentication Library extension enabled",说明你的maidrop还不支持courier auth，请检查原因(可試試指定authlib路径)再重新编译.

第十节：安装SquirrelMail
SquirrelMail和Horde-Webmail都是用PHP语言开发的Web界面电邮客户端软件, 这两个软件各有自己的特色,您可以选择安装其中的任何一个,当然如果您愿意,也可以同时安装这两个Webmail,以提供更加丰富灵活的商业服务.

c2shield

1) 下载和安装squirrelmail
===============================================================================
参考网站: http://www.squirrelmail.org/
下载资源: http://www.squirrelmail.org/download.php
mkdir /usr/local/src/qmail/squirrelmail/;
mkdir /usr/local/src/qmail/horde/;
cd /usr/local/src/qmail/squirrelmail/;
wget http://nchc.dl.sourceforge.net/s ... lmail-1.4.9a.tar.gz;
tar zxvf squirrelmail-1.4.9a.tar.gz;
mv squirrelmail-1.4.9a /var/www/squirrelmail;        #squirrelmail必须设置成web访问的目录
下载语言套件(自1.4.4之后,语言套件从squirrelmail中分离出来,必须独立下载):
wget http://nchc.dl.sourceforge.net/s ... 4.9-20070106.tar.gz;
mkdir all_locales-1.4.9-20070106;
tar -zxvf all_locales-1.4.9-20070106.tar.gz -C ./all_locales-1.4.9-20070106/;
cd all_locales-1.4.9-20070106.tar.gz;
./install;        #此脚本将语言套件的三个子目录复制到指定目录下,执行过程如下:
-------------------------------------------------------------------------------
Please enter path to your squirrelmail installation:/var/www/squirrelmail/
cp: overwrite `/var/www/squirrelmail/help/en_US/search.hlp'? y
cp: overwrite `/var/www/squirrelmail/help/en_US/basic.hlp'? y
cp: overwrite `/var/www/squirrelmail/help/en_US/FAQ.hlp'? y
cp: overwrite `/var/www/squirrelmail/help/en_US/main_folder.hlp'? y
cp: overwrite `/var/www/squirrelmail/help/en_US/compose.hlp'? y
cp: overwrite `/var/www/squirrelmail/help/en_US/addresses.hlp'? y
cp: overwrite `/var/www/squirrelmail/help/en_US/options.hlp'? y
cp: overwrite `/var/www/squirrelmail/help/en_US/read_mail.hlp'? y
cp: overwrite `/var/www/squirrelmail/help/en_US/folders.hlp'? y
-------------------------------------------------------------------------------
===============================================================================
2) 建立相关目录,并调整安全权限:
===============================================================================
chown -R root.root /var/www/squirrelmail;

-------------------------------------------------------------------------------
设置data目录的访问权限:
-------------------------------------------------------------------------------
目录data是用来储存用户参数,例如签证,名称和主题.当解压资源文档的时候,这个目录生成在SquirrelMail目录下.此目录必须可被网站访问和写入,如果您的网站以"apache.apache"身份运行,你可以执行如下命令指定目录权限:
chown -R apache.apache /var/www/squirrelmail/data;
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
新建立附件目录:
-------------------------------------------------------------------------------
用戶在webmail發送頁面中上載的附件會保存在一個臨時目錄中,直到此郵件發送完成之后才刪除此附件.默認安裝下此臨時目錄在上述data目錄下,因为用户的个人邮件存储在此目录下,您可能需要非常小心地设置它,以免導致安全漏洞.它应该属于网站运行身份之外的其它用户(推荐使用ROOT做它的属主),而且网站应该有该目录的写入和执行权限,但不应该有读的权限.您能够执行如下命令来达成目的:
mkdir -p /var/www/squirrelmail-attach;
chown -R root.apache /var/www/squirrelmail-attach;
chmod -R 730 /var/www/squirrelmail-attach;
请注意: attach目录无须在web访问路径下, 但必须在PHP的open_basedir路径下,否则上传附件会因為"无法移动"而失败;
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
设置Apache访问目录: vi /etc/httpd/conf/httpd.conf;
-------------------------------------------------------------------------------
Alias /webmail "/var/www/squirrelmail/"
Alias /squirrelmail/ "/var/www/squirrelmail/"
<Directory "/var/www/squirrelmail">
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
-------------------------------------------------------------------------------

重新启动Apache服務: service httpd restart;
測試安裝結果: http://xxx.xxx.xxx.xxx/squirrelmail/

===============================================================================
3) 执行configure或者conf.pl脚本,调整相关参数:
===============================================================================
cd /var/www/squirrelmail/;
./configure;        #此脚本其实是直接调用了config目录下的conf.pl脚本;
#必须设置如下选项,请选择如下操作步骤:

-----------------------------------------------------
A) 修改服务器设置参数,请选择主菜单第2个项目:
-----------------------------------------------------
>> 2. Server Settings        #观察A和B项目内容
- - - - - - - - - - - - - - - - - - - - - - - - - - -
A.  Update IMAP Settings   : localhost:143 (other)
B.  Update SMTP Settings   : localhost:25
- - - - - - - - - - - - - - - - - - - - - - - - - - -
>> A Update IMAP Settings
>> 8 (把Server software的设置改成 courier)
-----------------------------------------------------

-----------------------------------------------------
B) 修改一般项设置参数,请选择主菜单第4个项目:
-----------------------------------------------------
>> 4 General Options
>> 1 (把Data Directoryand的设置改成 /var/www/squirrelmail/data/)
>> 2 (把Attachment Directoryand的设置改成 /var/www/squirrelmail-attach/)
-----------------------------------------------------

-----------------------------------------------------
C) 添加有用的插件,请选择主菜单第8个项目:
-----------------------------------------------------
=> 8 Plugins
-----------------------------------------------------

-----------------------------------------------------
B) 修改语言设置参数,请选择主菜单第10个项目:
-----------------------------------------------------
=> 10 Languages
=> 1 (把Default Language的设置改成 zh_TW)
=> 2 (把Default Charset的设置改成 BIG5)

=> 保存退出。
-----------------------------------------------------

===============================================================================
4) 清理 SquirrelMail 資料目錄
===============================================================================
如果一个用户已经上载了附件但又取消该邮件,那么这个附件将会永远留在该目录中, 除非您删除它.为了修正这个缺点,推荐您写一个cron job来删除此目录下的所有文件,例如:
rm -f /var/www/squirrelmail-attach/*;
然而,当这个cron job运行时,将会一并删除了当前正在发送邮件的用户的附件.為避免這種錯誤,您可以采取如下两个措施:
(1)确保cron job运行非繁忙时间,希望没有人受影响;
(2)修改上述命令,例如用下面的指令可以刪除30天前建立的檔案:
find /var/www/squirrelmail-attach -type f -mtime +30 -exec rm {} \;
建議: 用以上指令建立一個 shell script，每天定時執行便不用人手操作了;
vi /root/qmail-scripts/remove-squirrelmail-attach.sh;
-------------------------------------------------------------------------------
find /var/www/squirrelmail-attach -type f -mtime +30 -exec rm {} \;
-------------------------------------------------------------------------------
chmod 755 /root/qmail-scripts/remove-squirrelmail-attach.sh;

vi /etc/crontab;        (設置定時執行)
-------------------------------------------------------------------------------
30 5 * * * root /root/qmail-scripts/remove-squirrelmail-attach.sh
-------------------------------------------------------------------------------

===============================================================================
5) 注意事项:
===============================================================================
-----------------------------------------------------
请注意APACHE和PHP中对上传文件的大小限制:
-----------------------------------------------------
vi php.ini .
- - - - - - - - - - - - - - - - - - - - - - - - - - -
; Maximum allowed size for uploaded files.
post_max_size = 8M
upload_max_filesize = 5M
memory_limit = 32M
- - - - - - - - - - - - - - - - - - - - - - - - - - -
-----------------------------------------------------

-------------------------------------------------------------------------------
注意: 请关闭PHP的register_globals功能,以免导致安全漏洞,如果你有其他应用程序需要打开register_globals,请你在指定的目录中打开它,或者在SquirrelMail目录中关闭它;

c2shield

第十一节：安装Horde-Webmail
参考网站: http://www.horde.org/webmail/

Horde是另一个用PHP开发的包含各种组件的Framework,所有组件都需要依赖Horde套件本身所提供的公用代码.所以,如果你只想安装web界面来收发电邮,您将需要安装Horde和IMP.安装Horde 3.0以上版本要求PHP扩展功能,如:gettext,xml和domxml.請注意: 在Redhat家族的各版本中,均可选择用RPM或者YUM方式来安装套件, 建议在可能的情况下,尽量使用YUM来安装,因为YUM所安装的套件都是经官方检测后公布的最新正式版本.
==============================================================================
1) 检查当前运行的Apache和PHP版本:
==============================================================================
httpd -v;        #CentOS5预置的Apache是2.2.3
------------------------------------------------------------------------------
Server version: Apache/2.2.3
Server built:   Mar 21 2007 19:10:36
------------------------------------------------------------------------------
php -v;                #CentOS5预置的PHP是5.1.6
------------------------------------------------------------------------------
PHP 5.1.6 (cli) (built: May  8 2007 19:51:21)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies
------------------------------------------------------------------------------

注意: 如前所述,PHP必须配置扩展模组,以提供Horde所需的功能.扩展模组既可在编译PHP的时候在configure中加入,也可以在编译PHP之后再单独安装,然后在php.ini中設置加载.因为重新编译PHP需要整合Apache和MySQL以及其他各种应用程序,过程复杂影响严重,所以推荐您在安装部署LINUX系统的時候,就选择安裝上述组件,这样既可以保证系统的完整性,稳定性和一致性,也可以籍由将模组编译并整合进入PHP程序本身的优化性能,来提高系统的效率和速度. 如果发现某些扩展模組必须更新或者重新安装,则建议可用RPM或YUM命令来单独安装该扩展模組,请参考下面几个步骤(7.2-7.来安装相关扩展模组.另外,若要設置Horde在PHP的safe_mode模式下运行,需要调整很多参数; 如无必要, 请在php.ini中关闭PHP的safe_mode模式.如下是运行Horde所需编译PHP時的configure参数范例(僅供參考):
------------------------------------------------------------------------------
./configure \
--with-apxs=/usr/sbin/apxs \
--with-gettext --with-dom --with-mcrypt --with-imap \
--with-iconv --enable-mbstring=all --enable-mbregex \
--with-gd --with-png-dir=/usr --with-jpeg-dir=/usr \
--with-mime-magic=/user/share/misc/magic.mime \
[--with-mysql|--with-pgsql|--with-oci8]
請注意: 必須先安裝擴展模組(參考后續步驟),然后後再重新編譯PHP,才能使模組生效;
------------------------------------------------------------------------------

==============================================================================
2) 安装php-domxml套件;
==============================================================================
rpm -qa | grep php-domxml;        #检查是否安装php-domxml的RPM套件;
yum list | grep php-domxml;       #用yum命令检查是否安装php-domxml;
yum install php-domxml;           #如有需要,可用yum命令安装php-domxml;
或者:
yum update php-domxml;            #如有需要,可用yum命令更新php-domxml;
請注意,新版本PHP的XML模組改為php-xml,上述相應的安裝命令可改為:
rpm -qa | grep php-xml;           #检查是否安装php-xml的RPM套件;
yum list | grep php-xml;          #用yum命令检查是否安装php-xml;
yum install php-xml;              #如有需要,可用yum命令安装php-xml;
或者:
yum update php-xml;               #如有需要,可用yum命令更新php-xml;

==============================================================================
3) 安装php-gd套件(PHP 5);
==============================================================================
rpm -qa | grep php-gd;                 #检查是否安装php-gd的RPM套件;
yum list | grep php-gd;                #用yum命令检查是否安装php-gd;
yum install php-gd;                    #如有需要,可用yum命令安装php-gd;
或者:
yum update php-gd;                     #如有需要,可用yum命令更新php-gd;
请注意: 如果不成功(在旧版FC2上不支持php-gd),请试试 yum install gd;

==============================================================================
4) 安装libc-client套件;
==============================================================================
rpm -qa | grep libc-client;            #
yum list | grep libc-client;           #
yum install libc-client;               #如有需要,可用yum命令安装;
yum install libc-client-devel;         #可一并安装此套件的开发工具(非必要);

==============================================================================
5) 安装php-imap套件;
==============================================================================
rpm -qa | grep php-imap;
yum list | grep php-imap;
yum install php-imap;
請注意,如下是節錄官方網站的建議,如果您遇到其所述之問題,可參考其解決方案:
Horde Groupware Webmail Edition requires the UW-IMAP c-client library to provide IMAP and/or POP3 support. If you notice strange behavior when running Horde Groupware Webmail Edition (e.g. blank screens when accessing certain messages, blank message bodies) you should always try recompiling PHP with a different version of c-client. The different versions of the c-client library and PHP do not always work well together, and often all it takes is to recompile with a different c-client version and the problems will go away.

==============================================================================
6) 安装php-mbstring套件;
==============================================================================
rpm -qa | grep php-mbstring;
yum list | grep php-mbstring;
yum install php-mbstring;

==============================================================================
7) 安装pear中的相关套件;
==============================================================================
參考網站: http://pear.php.net/
yum list | grep php-devel;            #安装pear需要调用PHP的开发工具phpize;
yum install php-devel;                #用yum命令安装PHP开发工具;
看看是否还有遗漏的pear套件需要安装:
yum list | grep php-pear;        (CentOS4.4中的搜尋結果)
------------------------------------------------------------------------------
php-pear.i386                            4.3.9-3.22.3           installed
pearpc.i386                              0.3.1-1.2.el4.rf       dag
php-pear-excel.noarch                    0.9.0-1.el4.rf         dag
php-pear-log.noarch                      1.9.3-1.2.el4.rf       dag
php-pear-mail_mime.noarch                1.3.1-1.2.el4.rf       dag
php-pear-ole.noarch                      0.5-2.2.el4.rf         dag
php-pear-phpunit.noarch                  1.3.1-1.2.el4.rf       dag
------------------------------------------------------------------------------

yum list | grep php-pear;        (CentOS5中的搜尋結果)
------------------------------------------------------------------------------
php-pear.noarch                          1:1.4.9-4              installed
php-pear-date.noarch                     1.4.6-1.el5.rf         dag
php-pear-excel.noarch                    0.9.0-1.el5.rf         dag
php-pear-file.noarch                     1.2.2-1.el5.rf         dag
php-pear-log.noarch                      1.9.3-1.el5.rf         dag
php-pear-mail_mime.noarch                1.3.1-1.el5.rf         dag
php-pear-ole.noarch                      0.5-2.el5.rf           dag
------------------------------------------------------------------------------

yum install php-pear-date;        #
yum install php-pear-ole;         #
yum install php-pear-excel;       #肯能會跟php-pear-1.4.9-4有沖突錯誤;
yum install php-pear-file;        #
yum install php-pear-log;          #肯能會跟php-pear-1.4.9-4有沖突錯誤;
yum install php-pear-mail_mime;    #肯能會跟php-pear-1.4.9-4有沖突錯誤;

yum list | grep php-pecl;
------------------------------------------------------------------------------
php-pecl-fileinfo.i386                   1.0.4-1.el5.rf         dag
php-pecl-mailparse.i386                  2.1.1-1.el5.rf         dag
php-pecl-memcache.i386                   2.1.2-1.el5.rf         dag
php-pecl-session_mysql.i386              1.9-1.el5.rf           dag
------------------------------------------------------------------------------

yum install php-pecl-fileinfo;
yum install php-pecl-mailparse;
yum install php-pecl-memcache;
yum install php-pecl-session_mysql;
请注意: 用YUM安装pear模块会自动在pear中做好相关配置,pear自身也有命令可安装模块,如果相关模块没有YUM套件可供安装,那么也可以嘗試用pear自己的命令来安装.
pear list;                        #显示当前pear已经安装的套件列表;
------------------------------------------------------------------------------
Installed packages:
------------------------------
Package        Version State
Archive_Tar    1.1     stable
Console_Getopt 1.2     stable
DB             1.6.2   stable
HTTP           1.2.2   stable
Mail           1.1.3   stable
Net_SMTP       1.2.3   stable
Net_Socket     1.0.1   stable
PEAR           1.3.2   stable
XML_Parser     1.0.1   stable
XML_RPC        1.1.0   stable
------------------------------------------------------------------------------
请注意: Horde官方网站推荐使用Fileinfo和memcache. 因为Fileinfo允许Horde GWE模块通过分析文件内容来猜测其MIME类型,如果不启用Fileinfo, Horde GWE将会调用它自己的PHP 代码来执行MIME匹配, 然而这种匹配是较慢速和不精确的, 而且其所能检测的类型比PECL扩展功能所能检测的类型更少.
执行如下pear命令安装套件:        #如有需要,可用whereis pear检查当前pear路经;
pecl install fileinfo;
pecl install memcache;
檢查安裝結果(請留意生成so路径):
ll /usr/lib/php4/fileinfo.so;
ll /usr/lib/php4/memcache.so;
在CentOS5中可能是如下路徑:
ll /usr/lib/php/modules/fileinfo.so;
ll /usr/lib/php/modules/memcache.so;

如有需要,可以执行如下命令安装相关模块(正常情况下相关模块应该已经配置好了):
pear install -o Log Mail Mail_Mime DB Date File;
pear -d preferred_state=beta install -a Services_Weather;
如有需要,赋予模块文件执行权限:
chmod 755 /usr/lib/php4/fileinfo.so;
chmod 755 /usr/lib/php4/memcache.so;
說明:
pear list-all;        (顯示所有套件)
pear list;            (顯示已裝套件)

pear list;                        #再检查一下,显示新安装的套件列表;
------------------------------------------------------------------------------
Installed packages:
===================
Package        Version State
Archive_Tar    1.1     stable
Console_Getopt 1.2     stable
DB             1.6.2   stable
Fileinfo       1.0.4   stable                #注: 这是新安装的
HTTP           1.2.2   stable
Mail           1.1.3   stable
Net_SMTP       1.2.3   stable
Net_Socket     1.0.1   stable
PEAR           1.3.2   stable
XML_Parser     1.0.1   stable
XML_RPC        1.1.0   stable
memcache       2.1.0   stable                #注: 这是新安装的
------------------------------------------------------------------------------
注意: 运行上述pear命令,會调用到PHP功能,而且必须引用或者写入/var和/usr以及/tmp等目录,请确认HTTPD和PHP具有讀寫相关目錄的权限.例如,请检查php.ini文件中的safe_mode和open_basedir设置是否适当.

==============================================================================
配置PHP扩展模组,检查PHP的相关扩展功能是否正确安装和正常调用;
==============================================================================
若上述PHP擴展模組是用YUM命令自動安裝的(或者是下載RPM套件來安裝的),安裝程序也許已經自動將其so文件復制到PHP的模組目錄下(/usr/lib/php4/或/usr/lib/php/modules),并會自動在PHP的配置文檔掃描目錄(由編譯項目with-config-file-scan-dir所指定,通常是/etc/php.d/)下生成附加的ini文件, 那么PHP在啟動時就會自動掃描這些目錄下的相關文件,并自動加載相關模塊.但上述两个用pear命令产生的模块,則可能不會自動配置其在PHP中的加載項目, 而必须您自己手工去修改php.ini中的設置,令PHP在啟動時加载相關项目, 才能使PHP正确调用擴展模組的功能(所以本手冊極力推薦用YUM或RPM方式來安裝);當Horde安裝完成後,您可以利用它所提供的測試頁面(test.php)來檢查各項功能是否正常,您也可以用PHP的phpinfo()函數的返回信息,來判斷當前PHP是否已經正確加載相關模組,或
也可以用如下命令行方式,來檢查當前PHP所能支持的模組:
/usr/bin/php -i | grep '[sS]upport';
如果相關模組并未顯示在檢測信息中,就必須調整設置,方法如下:首先检查php.ini中extension_dir的設置值,找出擴展模組的文檔路徑,例如:
extension_dir = /usr/lib/php4 或者: extension_dir = "/usr/lib/php/modules"
然后檢查此路徑和相關的擴展模塊的模組文件:
ll /usr/lib/php4/;                     #检查一下这个目录中都有什么模组文件(*.so);
ll /etc/php.d/;                        #检查一下附加文件,对比上述模组文件(*.ini);
要配置PHP正确调用扩展模组的功能,首先要将扩展模块的so文件放置在指定的模块目录下.
例如: 上一步骤中pear命令所生成的so文件,已经自动放置在PHP的模组目录下,可选择如下(a)或(b)两种方法中的任意一种,來配置PHP加载模组文件:
------------------------------------------------------------------------------
a) 在/etc/php.d/目录下手工创建一个ini文件,让PHP自动扫描识别扩展模组;
------------------------------------------------------------------------------
vi /etc/php.d/fileinfo.ini;        #请输入如下两行内容
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
; Enable mysql fileinfo module
extension=fileinfo.so
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
chown root.root /etc/php.d/fileinfo.ini;
chmod 644 /etc/php.d/fileinfo.ini;

vi /etc/php.d/memcache.ini;        #请输入如下两行内容
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
; Enable memcache extension module
extension=memcache.so
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
chown root.root /etc/php.d/memcache.ini;
chmod 644 /etc/php.d/memcache.ini;
------------------------------------------------------------------------------

------------------------------------------------------------------------------
b) 在php.ini配置文件中添加扩展模组加载语句;
------------------------------------------------------------------------------
vi /etc/php.ini;                #添加如下两行,加载上述两个模组:
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
extension=fileinfo.so
extension=memcache.so
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
------------------------------------------------------------------------------
然后重新啟動HTTPD服務,令PHP加載擴展模組之后,就可用web頁面顯示 phpinfo() 函数的
返回信息,請搜索一下 phpinfo()的輸出內容,以判斷PHP是否正确加载了上述擴展模組.也
可以直接用如下命令來顯示PHP的加載結果:
/usr/bin/php -i | grep '[sS]upport' | grep fileinfo;
/usr/bin/php -i | grep '[sS]upport' | grep memcache;
------------------------------------------------------------------------------
參考附录: PHP配置文件上载支持:
------------------------------------------------------------------------------
File upload support is required to allow attachments in mail composition and to allow various importing features to work (e.g. importing PGP or S/MIME keys, importing mbox files). To enable file upload support:
In your php.ini file, the following line must be present:
file_uploads = On

Your temporary upload directory must be writable to the user the web server is running as. If you leave the configuration option upload_tmp_dir blank in php.ini, PHP will use the default directory compiled into it (normally /tmp on Unix-like systems).

Set the maximum size of the uploaded files via the upload_max_filesize configuration option in php.ini. For example, to allow 5 MB attachments, place the following line in your php.ini file:
upload_max_filesize = 5M

If either file_uploads is turned off, or your temporary upload directory is not
writable by the server, all file upload functionality will be disabled by Horde
Groupware Webmail Edition and will not be available to the user.
disabled memory_limit :

If PHP's internal memory limit is turned on and if not set high enough Horde will not be able to handle large data items (e.g. large mail attachments in IMP). If possible, you should disable the PHP memory limit by recompiling PHP without the "--enable-memory-limit" flag. If this is not possible, then you should set the value of memory_limit in php.ini to a sufficiently high value(Default value of memory_limit: 32M).

c2shield

9) 开始安装Horde
==============================================================================
参考网站: http://www.horde.org/webmail/
下載資源: http://www.horde.org/download/
mkdir /usr/local/src/qmail/horde;
cd /usr/local/src/qmail/horde/;
wget http://ftp.horde.org/pub/horde-webmail/horde-webmail-1.0.1.tar.gz;
tar zxvf horde-webmail-1.0.1.tar.gz;
mv horde-webmail-1.0.1 /var/www/html/horde;        #目录horde必须在DocumentRoot下
cd /var/www/html/horde/;
先配置horde将要使用的mysql数据库:
------------------------------------------------------------------------------
mysql -u root -h localhost;
mysql> CREATE DATABASE horde;
mysql> GRANT ALL ON horde.* TO horde@localhost IDENTIFIED BY 'F5wMvP8Dzk3L4EnQ';
mysql> QUIT;
------------------------------------------------------------------------------
注意: 考慮安全因素,請不要使用過于簡單的密碼;
-------------------------------------------------------------------------------
./scripts/setup.php;                #进入互动配置界面,调整相关参数,操作界面如下:
-------------------------------------------------------------------------------
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
What is the root path on your web server for this installation? [/horde]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
如上显示,默认目录就是/horde(无需修改),直接按[Enter]键,显示操作菜单如下:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Configuration Menu
    (0) Exit
    (1) Configure database settings
    (2) Create database or tables
    (3) Configure administrator settings

Type your choice: 1                #选择操作菜单(1),配置數據庫參數;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

显示(1)子操作菜单如下:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
What database backend should we use? [false]
    (false) [None]
    (dbase) dBase
    (ibase) Firebird/InterBase
    (fbsql) Frontbase
    (ifx) Informix
    (msql) mSQL
    (mssql) MS SQL Server
    (mysql) MySQL
    (mysqli) MySQL (mysqli)
    (oci Oracle
    (odbc) ODBC
    (pgsql) PostgreSQL
    (sqlite) SQLite
    (sybase) Sybase

Type your choice: mysql                #配置使用mysql数据库,输入"mysql"
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

配置连接数据库的连线性质:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Request persistent connections? [0]
    (1) Yes
    (0) No

Type your choice: 1                #使用持续连接
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

配置连接mysql数据库的用户名称(用前面刚建立的mysql用户horde):
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Username to connect to the database as* [] horde        #输入"horde"
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

配置连接mysql数据库的用户密码(用前面刚建立的mysql用户密码):
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Password to connect with [] F5wMvP8Dzk3L4EnQ
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

配置连接数据库的连接方式(可使用socket方式):
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
How should we connect to the database? [unix]
    (unix) UNIX Sockets
    (tcp) TCP/IP

Type your choice: unix                #输入unix,将使用socket连接数据库
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

指定socket文件的路径(用ps aux | grep mysql命令可发现mysql.sock的位置):
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Location of UNIX socket [] /var/lib/mysql/mysql.sock        #输入sock的完整路径
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

指定数据库名称(用前面刚建立的mysql数据库horde):
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Database name to use* [] horde                #输入数据库名称horde
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

配置内部使用的字符集:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Internally used charset* [iso-8859-1]        #无须输入,直接按[Enter],使用缺省配置
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Configuration Menu
    (0) Exit
    (1) Configure database settings
    (2) Create database or tables
    (3) Configure administrator settings

Type your choice: 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

设置管理者用户名称(这里使用电邮地址作为用户名称):
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Specify a mail user who should have administrator permissions
(optional): postmaster@home.uplooking.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Configuration Menu
    (0) Exit
    (1) Configure database settings
    (2) Create database or tables
    (3) Configure administrator settings

Type your choice: 0
Thank you for using Horde Groupware Webmail Edition!
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
上述操作命令可能有误,如有需要,可以用mysqldump导入scripts/sql目录下的mysql脚本:
--------------------------------------------------------------------------------

vi /var/www/html/horde/scripts/sql/groupware.mysql.sql;        #修改开头指定密码部分
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
REPLACE INTO user (host, user, password)
    VALUES (
        'localhost',
        'horde',
        PASSWORD('F5wMvP8Dzk3L4EnQ')
);
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

如果相關記錄已經在前面的SQL命令中執行過了,也可以注釋如下語句:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-- USE mysql;

-- REPLACE INTO user (host, user, password)
--     VALUES (
--         'localhost',
--         'horde',
--         PASSWORD('F5wMvP8Dzk3L4EnQ')
-- );

-- REPLACE INTO db (host, db, user, select_priv, insert_priv, update_priv,
--                  delete_priv, create_priv, drop_priv, index_priv)
--     VALUES (
--         'localhost',
--         'horde',
--         'horde',
--         'Y', 'Y', 'Y', 'Y',
--         'Y', 'Y', 'Y'
-- );

-- Make sure that priviliges are reloaded.
-- FLUSH PRIVILEGES;

-- CREATE DATABASE horde;        #数据库已经存在,可以用--禁止此句,否则会失败
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

mysql < /var/www/html/horde/scripts/sql/groupware.mysql.sql;
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
自动生成的conf.php可能不完全符合系统的配置,需要手工调整部分参数:
--------------------------------------------------------------------------------
vi /var/www/html/horde/config/conf.php;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
$conf['mailer']['params']['sendmail_path'] = '/var/qmail/bin/sendmail';
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
请注意: 发送电邮需要指定上述参数;
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
安装Gollem;
--------------------------------------------------------------------------------
参考网站: http://www.horde.org/gollem/
下载资源: http://www.horde.org/download/app/?app=gollem
cd /usr/local/src/qmail/horde/;
wget ftp://ftp.horde.org/pub/gollem/gollem-h3-1.0.3.tar.gz;
tar zxvf gollem-h3-1.0.3.tar.gz;
mv gollem-h3-1.0.3 /var/www/html/horde/gollem;

vi /var/www/html/horde/config/registry.php;        #找到applications['gollem']节
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
$this->applications['gollem'] = array(
    'fileroot' => dirname(__FILE__) . '/../gollem',
    'webroot' => $this->applications['horde']['webroot'] . '/gollem',
    'name' => _("File Manager",
    'status' => 'inactive',
    'menu_parent' => 'myaccount',
    'provides' => 'files',
);

$this->applications['gollem-menu'] = array(
    'status' => 'block',
    'app' => 'gollem',
    'blockname' => 'tree_menu',
    'menu_parent' => 'gollem',
);
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
一般情况下, Horde中预设的注册信息无须调整;


设置配置文件,将Gollem中config目录下的.dist文件复制成.php文件:

cd /var/www/html/horde/gollem/config;        #用如下script执行复制文件的命令
for foo in *.dist; do cp $foo `basename $foo .dist`; done


用管理者身份在web浏览器中登陆:
http://xxx.xxx.xxx.xxx/horde/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-> 选择[设定]菜单;
-> 选择档案总管(gollem);
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

按[产生档案总管设定]按钮之后,会产生如下信息:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
<?php
/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
// $Horde: gollem/config/conf.xml,v 1.5.2.2 2005/12/11 18:31:18 slusarz Exp $
$conf['manager']['date_format'] = '%x';
$conf['backend']['backend_list'] = 'shown';
$conf['menu']['apps'] = array();
$conf['user']['alternate_login'] = false;
$conf['user']['redirect_on_logout'] = false;
/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
将上述内容保存成conf.php配置文件: vi /var/www/html/horde/gollem/config/conf.php;        
或者按照當前網頁的提示,將上述變更信息保存成PHP可執行文件horde_setup_upgrade.php
(此文件會保存到臨時目錄/tmp/下),然后在服務器中手動執行horde_setup_upgrade.php,
此程序會自動生成conf.php配置文件;
--------------------------------------------------------------------------------

测试网页:
http://your-server/horde/test.php
http://your-server/horde/imp/test.php

调整网站的安全权限:
--------------------------------------------------------------------------------
chown root.apache /var/www/html/horde/config/*;
chmod 0440 /var/www/html/horde/config/*;
chown root.apache /var/www/html/horde/gollem/config/*;
chmod 0440 /var/www/html/horde/gollem/config/*;
--------------------------------------------------------------------------------
请注意: Horde的访问目录必须直接放置在DocumentRoot之下,并且名为horde,例如上面的例子中是用/var/www/html/horde/目录.如果要放置别的位置,或者不用horde名称,就必须调整相关参数.

c2shield

第十二节：安装呼叫扫描程序的腳本qmail-scanner
mkdir /usr/local/src/qmail/qmail-scanner;
cd /usr/local/src/qmail/qmail-scanner/;
===============================================================================
1) 安装perl-Time-HiRes套件;
===============================================================================
-------------------------------------------------------------------------------
(a)        安裝RPM資源;
-------------------------------------------------------------------------------
参考网站:
http://perldoc.perl.org/Time/HiRes.html
http://search.cpan.org/~jhi/Time-HiRes-1.9707/HiRes.pm
下载资源:（在rpmfind.net中查找perl-time-hires）
http://www.rpmfind.net/linux/rpm ... ery=perl-Time-HiRes
ftp://rpmfind.net/linux/PLD/dist ... Res-1.66-2.i386.rpm;
检查系统是否有预设安装的perl-Time-HiRes套件:
rpm -qa | grep perl-Time-HiRes;
yum list | grep perl-Time-HiRes;
如果 CentOS4 预设安装了perl-Time-HiRes-1.55-3套件, 就不必再安装了. 如果没有安装,可用yum命令自动安装,也可以在上述网站中寻找最新的RPM套件,下载并安装. 例如:
yum install perl-Time-HiRes;

-------------------------------------------------------------------------------
(b) 安裝TAR資源;
-------------------------------------------------------------------------------
参考网站: http://search.cpan.org/dist/Time-HiRes/
cd /usr/local/src/qmail/qmail-scanner/;
wget http://search.cpan.org/CPAN/auth ... HiRes-1.9707.tar.gz;
tar zxvf Time-HiRes-1.9707.tar.gz;
cd Time-HiRes-1.9707;
perl Makefile.PL
make;
make test;
make install;
-------------------------------------------------------------------------------

===============================================================================
2) 安装perl-Digest-SHA1套件;
===============================================================================
参考网站: http://cpan.org/modules/by-module/Digest/
下载资源:
http://rpmfind.net/linux/rpm2htm ... ry=perl-Digest-SHA1
ftp://rpmfind.net/linux/trustix/ ... 1-2.11-2tr.i586.rpm
检查系统是否有预设安装的perl-Digest-SHA1套件:
rpm -qa | grep perl-Digest-SHA1;
yum list | grep perl-Digest-SHA1;
预设CentOS5会安装perl-Digest-SHA1.i386的2.11-1.2.1版本套件. 如果没有预设安装,可用yum命令自动安装,也可以在上述网站中寻找最新的RPM套件,下载并安装. 例如:
yum install perl-Digest-SHA1;

===============================================================================
3) 安装perl-DB_File套件;
===============================================================================
参考网站: http://cpan.uwinnipeg.ca/module/DB_File
下载资源: http://cpan.uwinnipeg.ca/cpan/au ... B_File-1.815.tar.gz
cd /usr/local/src/qmail/qmail-scanner/;
wget http://cpan.uwinnipeg.ca/cpan/au ... B_File-1.815.tar.gz;
tar zxvf DB_File-1.815.tar.gz;
cd DB_File-1.815;
perl Makefile.PL;
make;
make test;
make install;
===============================================================================

===============================================================================
4) 安装perl-suidperl套件;
===============================================================================
rpm -qa | grep perl-suidperl;
yum list | grep perl-suidperl;
yum install perl-suidperl;

目前CentOS5中所用的套件版本是perl-suidperl-5.8.8-10;
===============================================================================

===============================================================================
5) 安装qmail-scanner;
===============================================================================
Qmail-Scanner 是一个插件,使得Qmail服务器能够按特定特性来扫描通过网关的电邮.典型
的用法是同反病毒和反垃圾邮件系统的功能相结合.

参考网站:
http://tldp.org/HOWTO/Qmail-ClamAV-HOWTO/x182.html
http://qmail-scanner.sourceforge.net/

下载资源:
http://prdownloads.sourceforge.n ... r-2.01.tgz?download
cd /usr/local/src/qmail/qmail-scanner/;
wget http://jaist.dl.sourceforge.net/ ... il-scanner-2.01.tgz;
tar zxvf qmail-scanner-2.01.tgz;
cd qmail-scanner-2.01;
groupadd qscand;
useradd -g qscand -s /bin/false -c "Qmail-Scanner Account" qscand;
-------------------------------------------------------------------------------
./configure \
--qs-user qscand \
--admin postmaster \
--domain home.uplooking.com \
--scanners clamdscan,fast_spamassassin \
--notify recips \
--qmail-queue-binary /var/qmail/bin/qmail-queue \
--redundant no \
--max-scan-size 1000000 \
--log-details syslog \
--max-zip-size 10000000 \
--install;
-------------------------------------------------------------------------------
若前面安裝spamcontrol時使用了QHPSI來調用ClamAV,那么此處可忽略clamdscan的調用:
-------------------------------------------------------------------------------
./configure \
--qs-user qscand \
--admin postmaster \
--domain home.uplooking.com \
--scanners fast_spamassassin \
--notify recips \
--qmail-queue-binary /var/qmail/bin/qmail-queue \
--redundant no \
--max-scan-size 1000000 \
--log-details syslog \
--max-zip-size 10000000 \
--install;
-------------------------------------------------------------------------------

相关编译选项的说明:
--qs-user qscand          #执行用户,预设是qscand;
--admin postmaster        #接收電郵的管理者用戶名稱,与下面的domain结合成管理者的电邮地址;
--domain [xxx.1632.net]   #请用安装主机的FQDN名称(例如home.uplooking.com);
--scanners                #所調用的掃描程序
--redundant no            #忽略扫描zip和raw附件;
--max-scan-size 5000000   #大于5M的邮件将忽略扫描;
--log-details syslog      #日志记录到syslog中;
--max-zip-size 10000000   #不扫描压缩前超过10M的附件;
請注意: 關于max-zip-size,系統默認是1G,但這是警示數值,文檔中特別强调要修改此數值;观察安装过程并按提示操作;        #安装过程和选择操作如下:
-------------------------------------------------------------------------------
Building Qmail-Scanner 2.01...
This script will search your system for the virus scanners it knows about, and will ensure that all external programs qmail-scanner-queue.pl uses are explicitly pathed for performance reasons.
Continue? ([Y]/N)
Y
The following binaries and scanners were found on your system:
mimeunpacker=/usr/local/bin/reformime
Content/Virus Scanners installed on your System
max-can-size=5000000
clamdscan=/usr/bin/clamdscan (which means clamscan won't be used as clamdscan is better)
fast_spamassassin=/usr/bin/spamc
Qmail-Scanner details.
log-details=syslog
log-crypto=0
fix-mime=0
ignore-eol-check=0
debug=1
notify=recips
redundant-scanning=no
virus-admin=System Anti-Virus Administrator <postmaster@hung.uplooking.com>
local-domains='hung.uplooking.com'
silent-viruses='klez','bugbear','hybris','yaha','braid','nimda','tanatos','sobig','winevar','palyh','fizzer','gibe','cailont','lovelorn','swen','dumaru','sober','hawawi','holar-i','mimail','poffer','bagle','worm.galil','mydoom','worm.sco','tanx','novarg','\@mm'
scanners="clamdscan","fast_spamassassin"

If that looks correct, I will now generate qmail-scanner-queue.pl
for your system...
Continue? ([Y]/N)
Y
Testing suid nature of /usr/bin/perl...
Looks OK...
Hit RETURN to create initial directory structure under /var/spool/qscan,
and install qmail-scanner-queue.pl under /var/qmail/bin:
perlscanner: generate new DB file from /var/spool/qscan/quarantine-events.txt
perlscanner: total of 12 entries.

Finished installation of initial directory structure for Qmail-Scanner
under /var/spool/qscan and qmail-scanner-queue.pl under /var/qmail/bin.

Finished. Please read README(.html) and then go over the script
(/var/qmail/bin/qmail-scanner-queue.pl) to check paths/etc.

"/var/qmail/bin/qmail-scanner-queue.pl -r" should return some well-known virus
definitions to show that the internal perlscanner component is working.

That's it!



              ****** FINAL TEST ******

Please log into an unpriviledged account and run
/var/qmail/bin/qmail-scanner-queue.pl -g

If you see the error "Can't do setuid", or "Permission denied", then
refer to the FAQ.

(e.g.  "setuidgid qmaild /var/qmail/bin/qmail-scanner-queue.pl -g")
That's it! To report success:
   % (echo 'First M. Last'; cat SYSDEF)|mail jhaar-s4vstats@crom.trimble.co.nz
Replace First M. Last with your name.
-------------------------------------------------------------------------------
请注意: 在本安装所配置的Qmail系统中,若要调整扫描病毒邮件和过滤垃圾邮件的参数,就必须重新编译qmail-scanner,并在上述编译选项中指定您所需要的参数. 因为在Qmail系统,所有扫描参数均在qmail-scanner-queue.pl脚本中设置,而該脚本是在编译 qmail-scanner的时候按当前的编译选项来自动产生的.
检查安装结果:
ll /var/qmail/bin/qmail-scanner-queue.pl;        #检查脚本权限,显示如下:
-------------------------------------------------------------------------------
-rwsr-xr-x  1 qscand qscand 109278 Apr  1 13:30 /var/qmail/bin/qmail-scanner-queue.pl
-------------------------------------------------------------------------------
如有需要,按如下方法纠正:
chown qscand.qscand /var/qmail/bin/qmail-scanner-queue.pl;
chmod 4755 /var/qmail/bin/qmail-scanner-queue.pl;

调整扫描参数,防止outlook分割邮件被误认为病毒邮件:
vi /var/spool/qscan/quarantine-events.txt;        #找到如下行,在前面加上#符号禁止
-------------------------------------------------------------------------------
#message/partial.*      Policy-Content-Type:    Message/partial MIME attachments blocked by policy
-------------------------------------------------------------------------------

请注意,手工修改quarantine-events.txt之后,必须运行如下命令生成db文件才能生效:
-------------------------------------------------------------------------------
/var/qmail/bin/qmail-scanner-queue.pl -g
-------------------------------------------------------------------------------

注意: 在安裝 qmail-scanner 之前,需要先安裝 SpamAssassin 和 Clam AntiVirus。

===============================================================================
6) 测试扫描功能,运行如下命令,观察所返回的结果:
===============================================================================
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -r;        #返回信息如下:
-------------------------------------------------------------------------------
perlscanner: reading from /var/spool/qscan/quarantine-events.db
Virtual Header:         FILELENGTHTOOLONG
                        Content: ^is-set$
                        Description: Attachment Filename too long

File:   happy99.exe
                        Size: 10000 bytes
                        Description: Happy99 Trojan virus

File:   zipped_files.exe
                        Size: 120495 bytes
                        Description: W32/ExploreZip.worm.pak virus

Email Header:   Date
                        Content: ^.{100,}$
                        Description: MIME Header Buffer Overflow

Email Header:   Resent-Date
                        Content: ^.{100,}$
                        Description: MIME Header Buffer Overflow

Virtual Header:         FILEDOUBLEBARRELED
                        Content: ^is-set$
                        Description: Double-barreled extensions disallowed

Virtual Header:         FILECLSID
                        Content: ^is-set$
                        Description: Disallowed CLSID file extensions

File:   eicar.com
                        Size: 69 bytes
                        Description: EICAR Test Virus

Email Header:   Subject
                        Content: ^ILOVEYOU$
                        Description: Love Letter Virus/Trojan

Email Header:   Content-Type
                        Content: ^message/partial.*$
                        Description: Message/partial MIME attachments blocked by policy

Email Header:   Mime-Version
                        Content: ^.{100,}$
                        Description: MIME Header Buffer Overflow

Email Header:   To
                        Content: ^ZVDOHYIK@yahoo.com|udtzqccc@yahoo.com|DTCELACB@yahoo.com|I1MCH2TH@yahoo.com|WPADJQ12@yahoo.com|smr@eurosport.com|bgnd2@canada.com|muwripa@fairesuivre.com|eccles@ballsy.net|S_Mentis@mail-x-change.com|YJPFJTGZ@excite.com|JGQZCD@excite.com|XHZJ3@excite.com|OZUNYLRL@excite.com|tsnlqd@excite.com|cxkawog@krovatka.net|ssdn@myrealbox.com$
                        Description: BadTrans Trojan virus

perlscanner: total of 12 entries found.
-------------------------------------------------------------------------------

setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z;        #正常无返回信息

setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g;        #返回信息如下:
-------------------------------------------------------------------------------
perlscanner: generate new DB file from /var/spool/qscan/quarantine-events.txt
perlscanner: total of 12 entries.