qmailrocks 安装指南 －（网上最全并有后期升级维护的qmail应用打包解决方案）

leera

qmailrocks 安装指南 －（网上最全并有后期升级维护的qmail应用打包解决方案）

本文档参考
[url]http://www.qmailrocks.com/introduction.htm[/url]
网上最全的带后期升级维护的qmail应用打包解决方案，本文结合实际经验写出以下文档。

Qmailrocks.org Pre-Installation Checklist

需要预先安装的软件
  Apache,PHP,Perl,GCC,MySQL-Client,MySQL-Server,MySQL-Devel,OpenSSL,OpenSSL-devel,libssl-dev,wget,patch & patchutils
不需要的软件
  Postfix,任何POP服务，任何SMTP服务
Perl需要安装哪些模块
  Digest::SHA1
  Digest::HMAC
  Net::DNS
  Time::HiRes
  HTML::Tagset
  HTML::Parser
需要打开的端口：
     流出端口： 25SMTP，110POP，143IMAP，783SPAMASSASSIN，993IMAPS
     流入端口：25SMTP，80HTTP，110POP，143IMAP，443HTTPS，783SPAMASSASSIN，993IMAPS
###########################################################
下载需要的软件
mkdir /downloads
cd /downloads
wget [url]http://www.qmailrocks.org/downloads/qmailrocks.tar.gz[/url]
tar zxvf qmailrocks.tar.gz
###########################################################
环境初始化脚本：
/downloads/qmailrocks/scripts/install/qmr_install_linux-s1.script
如果这个脚本正常运行，表示帐户，组，权限，目录等安装环境已经具备，否则需要手工建立

qmail的补丁，qmailrocks已经把qmail的相关补丁集合为1个整体大补丁。
/downloads/qmailrocks/scripts/util/qmail_big_patches.script
正常运行后表示qmail补丁全部打齐全了 。

下面开始安装qmail
cd /usr/src/qmail/qmail-1.03
make man && make setup check
./config-fast your_fqdn_hostname (ex: ./config-fast mail.mydomain.com)
make cert
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:Georgia
Locality Name (eg, city) [Newbury]:Atlanta
Organization Name (eg, company) [My Company Ltd]:qmailrocks.org
Organizational Unit Name (eg, section) []:mail
Common Name (eg, your name or your server's hostname) []:mail.qmailrocks.org
Email Address []:postmaster@thisdomain.org
证书的位置：/var/qmail/control/servercert.pem
证书的快捷方式：/var/qmail/control/clientcert.pem
设置证书的权限：chown -R vpopmail:qmail /var/qmail/control/clientcert.pem /var/qmail/control/servercert.pem


安装  ucspi-tcp...
cd /usr/src/qmail/ucspi-tcp-0.88/
RH 9/RHEL/Fedora/Slackware 用户需要安装补丁
patch < /downloads/qmailrocks/patches/ucspi-tcp-0.88.errno.patch
cd /usr/src/qmail/ucspi-tcp-0.88/
make && make setup check

安装daemontools....
cd /package/admin/daemontools-0.76/src
RH 9/RHEL/Fedora/Slackware 用户需要安装补丁
patch < /downloads/qmailrocks/patches/daemontools-0.76.errno.patch
cd /package/admin/daemontools-0.76
package/install

ps -aux 可以看到svs进程启动了
###########################################################
安装EZmlm
cd /downloads/qmailrocks/
tar zxvf ezmlm-0.53-idx-0.41.tar.gz
cd ezmlm-0.53-idx-0.41
make && make setup
###########################################################
安装自动回复
cd /downloads/qmailrocks
tar zxvf autorespond-2.0.5.tar.gz
cd autorespond-2.0.5
make && make install
###########################################################
安装Vpopmail
QMR 提供了mysql认证方式和非mysql认证方式
这里仅对mysql认证方式进行阐述
Vpopmail with MySQL
mkdir ~vpopmail/etc
chown vpopmail:vchkpw ~vpopmail/etc

echo "localhost|0|vpopmailuser|password|vpopmail" > ~vpopmail/etc/vpopmail.mysql
chmod 640 ~vpopmail/etc/vpopmail.mysql
mysql -u root -p
CREATE DATABASE vpopmail;
GRANT select,insert,update,delete,create,drop ON vpopmail.* TO vpopmailuser@localhost IDENTIFIED BY 'password';
quit
mysql -u vpopmailuser -p 测试登录一下
cd /downloads/qmailrocks
tar zxvf vpopmail-5.4.13.tar.gz
cd vpopmail-5.4.13
./configure --enable-logging=p --enable-auth-module=mysql --disable-many-domains --enable-sql-logging --enable-valias
make && make install-strip
注意： 如果你用的是gcc3.x 可能出错：
In file included from vconvert.c:35:
vmysql.h:53:22: missing terminating " character
vmysql.h:60:35: missing terminating " character
make[2]: *** [vconvert.o] Error 1
如果出错，打补丁 patch < /downloads/qmailrocks/patches/vmysql.patch
再make;make install
###########################################################
安装Vqadmin
cd /downloads/qmailrocks
tar zxvf vqadmin-2.3.6.tar.gz
cd vqadmin-2.3.6
./configure --enable-cgibindir=/path/to/your/cgi-bin --enable-htmldir=/path/to/your/html/directory
(Example: ./configure --enable-cgibindir=/var/www/cgi-bin --enable-htmldir=/var/www/html )
make && make install-strip
修改httpd.conf
<Directory "/path/to/your/cgi-bin/vqadmin">
deny from all
Options ExecCGI
AllowOverride AuthConfig
Order deny,allow
</Directory>

cd /path/to/your/cgi-bin/vqadmin
vi .htaccess
AuthType Basic
AuthUserFile /path/to/where/you/want/to/store/the/password/file/.htpasswd
AuthName vQadmin
require valid-user
satisfy any

chown apache .htaccess
htpasswd -bc /path/to/where/you/want/to/store/the/password/file/.htpasswd admin admin_password
chmod 644 /path/to/where/you/want/to/store/the/password/file/.htpasswd

apachectl stop
apachectl start
如果以上配置都正确的话，可以用[url]http://www.yourdomain.com/cgi-bin/vqadmin/vqadmin.cgi[/url]
来管理了。
###########################################################

安装 Maildrop
cd /downloads/qmailrocks
tar zxvf maildrop-1.6.3.tar.gz
cd maildrop-1.6.3
./configure --prefix=/usr/local --exec-prefix=/usr/local --enable-maildrop-uid=root --enable-maildrop-gid=vchkpw --enable-maildirquota
make && make install-strip && make install-man

###########################################################
安装Qmailadmin
cd /downloads/qmailrocks
tar zxvf qmailadmin-1.2.9.tar.gz
cd qmailadmin-1.2.9
./configure --enable-cgibindir=/path/to/your/cgi-bin --enable-htmldir=/path/to/your/html/directory
make && make install-strip
###########################################################
结束安装
这个脚本做了一些结束安装的步骤
/downloads/qmailrocks/scripts/finalize/linux/finalize_linux.script
然后
vi /var/qmail/supervise/qmail-pop3d/run
Find "mail.example.com" and change it to your server's hostname. For example: mail.mydomain.com.
vi /var/qmail/supervise/qmail-smtpd/run
Find "mail.example.com" and change it to your server's hostname. For example: mail.mydomain.com
qmailctl stop
echo '127.:allow,RELAYCLIENT=""' >> /etc/tcp.smtp
qmailctl cdb

echo some_address > /var/qmail/alias/.qmail-root
where "some_address" is the system user or email address you want these addresses aliased to.
echo some_address> /var/qmail/alias/.qmail-postmaster
where "some_address" is the system user or email address you want these addresses aliased to.
echo some_address> /var/qmail/alias/.qmail-mailer-daemon
where "some_address" is the system user or email address you want these addresses aliased to.
ln -s /var/qmail/alias/.qmail-root /var/qmail/alias/.qmail-anonymous
chmod 644 /var/qmail/alias/.qmail*
###########################################################
卸载Sendmail，postfix邮件程序
sendmail：
rpm -qa | grep sendmail
sendmail-x.x.x.x
sendmail-doc-x.x.x.x
sendmail-devel-x.x.x.x
sendmail-cf-x.x.x.x
/etc/rc.d/init.d/sendmail stop
rpm -e --nodeps sendmail-x.x.x.x
rpm -e --nodeps sendmail-doc-x.x.x.x
rpm -e --nodeps sendmail-devel-x.x.x.x
rpm -e --nodeps sendmail-cf-x.x.x.x
或者这样处理：
/etc/rc.d/init.d/sendmail stop (to stop Sendmail)
mv /usr/lib/sendmail /usr/lib/sendmail.old
mv /usr/sbin/sendmail /usr/sbin/sendmail.old
chmod 0 /usr/lib/sendmail.old /usr/sbin/sendmail.old

postfix
rpm -qa | grep postfix
postfix-x.x-x
/etc/rc.d/init.d/postfix stop
rpm -e --nodeps postfix-x.x-x

建立假的连接
ln -s /var/qmail/bin/sendmail /usr/lib/sendmail
ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail
###########################################################
配置文件存在及权限检查
/downloads/qmailrocks/scripts/util/qmr_inst_check

启动qmail
qmailctl stop
qmailctl start
/service/qmail-send: up (pid 29956) 2 seconds
/service/qmail-send/log: up (pid 29960) 2 seconds
/service/qmail-smtpd: up (pid 29963) 2 seconds
/service/qmail-smtpd/log: up (pid 29968) 2 seconds
/service/qmail-pop3d: up (pid 29971) 2 seconds
/service/qmail-pop3d/log: up (pid 29972) 2 seconds
messages in queue: 0
messages in queue but not yet preprocessed: 0

测试登录
Let's test your new server's POP3 service...
telnet localhost 110
you should see something like this:
Trying 192.168.1.10...
Connected to 192.168.1.10.
Escape character is '^]'.
+OK <[email]16658.1054485137@yourserver.com[/email]>
user [email]postmaster@mydomain.com[/email] (enter your username here. remember to use the full e-mail address)
+OK
pass your_password
+OK
quit
+OK
Connection closed by foreign host.

从一个其他的网站给你的邮件服务器发一封信件，再登录用list指令
Trying 192.168.1.10...
Connected to 192.168.1.10.
Escape character is '^]'.
+OK <[email]16658.1054485137@yourserver.comt[/email]>
user [email]postmaster@mydomain.com[/email] (again, remember to log in with the full email address of the user)
+OK
pass your_password
+OK
list
+OK
1 323 (there's your message!)
.
quit
+OK
Connection closed by foreign host.

发件测试
telnet localhost 25

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 somewhere.anywhere.com ESMTP
ehlo localhost
250-somewhere.anywhere.com
250-AUTH LOGIN CRAM-MD5 PLAIN
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250-PIPELINING
250 8BITMIME
starttls
220 ready for tls
quit
quit
Connection closed by foreign host.

如果你遇到问题，检查：
f you happen to get an error that states "454 TLS not available: missing RSA private key (#4.3.0)" after you issue the "starttls" command, you will want to check 2 things:
1) Verify that the cert actually exists at /var/qmail/control/servercert.pem. If it's not there, go back to step 2 and repeat the cert creation step.
2) Verify that the cert is owned by vpopmail:qmail. If it's not, then make it so like this:
chown vpopmail:qmail /var/qmail/control/servercert.pem

leera

###########################################################

安装 Courier-imap/imaps with Courierpassd 新的收发件协议
Courier 编译的时候需要使用非rook权限
cd /downloads/qmailrocks/
tar jxvf courier-imap-4.0.2.tar.bz2
chown -R bsmith:wheel courier-imap-4.0.2
cd /downloads/qmailrocks/courier-imap-4.0.2
su bsmith
./configure --prefix=/usr/local --exec-prefix=/usr/local --with-authvchkpw --without-authldap --without-authmysql --disable-root-check --with-ssl --with-authchangepwdir=/usr/local/libexec/authlib --with-redhat
Note: the configure process will take a few minutes. Go grab a snack...
make && make check
Now we will exit out of our NON-ROOT USER and go back to being root...
exit
make install-strip && make install-configure
安装Courier的ssl支持
/usr/local/sbin/mkimapdcert
（ssl的证书需要是从Verisign 或者 Thawte那里购买正是的证书，否则邮件客户端会提示你正在连接非安全的 imap ssl server）
vi /usr/local/etc/imapd.cnf
change [email]postmaser@example.com[/email] an administrative email address
Save and exit
vi /usr/local/etc/imapd
Make sure that the following configuration exists: IMAPDSTART=YES
vi /usr/local/etc/imapd-ssl
Make sure that the following configuration exists: IMAPDSSLSTART=YES
Make sure that the following configuration exists: TLS_CERTFILE=/usr/local/share/imapd.pem
Save and exit the file.
MAXPERIP 参数 是指 每个IP的最大连接数量 在 /usr/local/etc/imapd 中，如果你的公司人员数量众多，并且都是从一个IP地址NAT出来，那么需要加大这个参数，默认是4。
vi /usr/local/etc/authlib/authdaemonrc
Around like 27, you should see the "authmodulelist" setting. Make sure that "authvchkpw" is the only module listed. Like so:
authmodulelist="authvchkpw"
Save and exit the file.
创建启动脚本：
cp /usr/local/libexec/imapd.rc /etc/rc.d/init.d/imap
cp /usr/local/libexec/imapd-ssl.rc /etc/rc.d/init.d/imaps

/usr/local/sbin/authdaemond stop
/usr/local/sbin/authdaemond start
/etc/rc.d/init.d/imap stop
/etc/rc.d/init.d/imaps stop
/etc/rc.d/init.d/imap start
/etc/rc.d/init.d/imaps start

测试登录
telnet localhost 143

Trying 192.168.1.10...
Connected to 192.168.1.10.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE STARTTLS] Courier-IMAP ready. Copyright 1998-2003 Double Precision, Inc. See COPYING for distribution information.
a login [email]postmaster@mydomain.com[/email] my_password
a OK LOGIN Ok. (successful login!)
a logout (logs you out)
* BYE Courier-IMAP server shutting down
a OK LOGOUT completed
Connection closed by foreign host.
Hint: The "a" that you see before my login commands is required.

imap支持远程改密码
Note: Courierpassd will require that port 106 be open to at least local traffic (traffic from 127.0.0.1)
cd /downloads/qmailrocks
tar zxvf courierpassd-1.1.0-RC1.tar.gz
cd courierpassd-1.1.0-RC1
./configure
make && make install
If your server uses Xinetd, here's how you integrate Courierpassd into it:
cd /etc/xinetd.d
Here we create the xinetd script for courierpassd...
vi courierpassd
service courierpassd
{
port = 106
socket_type = stream
protocol = tcp
user = root
server = /usr/local/sbin/courierpassd
server_args = -s imap
wait = no
only_from = 127.0.0.1
instances = 4
disable = no
}
Note: You may want to add additional IP's to the "only_from" setting above, depending on your needs.
Save and exit.

If your server uses Inetd, here's how integrate Courierpassd into it:
vi /etc/inetd.conf
Add the following line:
courierpassd stream tcp nowait root /usr/local/sbin/courierpassd -s imap
Save and exit.

vi /etc/services
Append to following line to the /etc/services file:
courierpassd 106/tcp #for /etc/xinetd.d/courierpassd
If your system uses Xinetd, them we now want to restart Xinetd:
/etc/rc.d/init.d/xinetd restart
If your system uses Inetd, then we now want to restart Inetd
/etc/rc.d/init.d/inetd restart

测试修改密码：
root@redbox:/# telnet localhost 106
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
200 courierpassd v0.30 hello, who are you?
user [email]postmaster@qmailrocks.org[/email]
200 Your password please.
pass my_password (don't be a dumbass. Put your own password here)
200 Your new password please.
newpass my_new_password (don't be a dumbass. Put your new password here)
200 Password changed, thank-you.
quit
200 Bye.
Connection closed by foreign host.
root@redbox:/#

###########################################################
安装web客户端程序 Squirrelmail
1。php安装的时候需要一下配置参数
--enable-track-vars
--enable-force-cgi-redirect
--with-gettext
--with-mysql
2。php.ini文件里面file_uploads = On

下载最新的Squirrelmail.tar.gz
[url]http://www.squirrelmail.org/download.php[/url]
cd /var/www/html
tar zxvf /path/to/squirrelmail-x.x.x.tar.gz (enter whatever version you downloaded)
mv squirrelmail-x.x.x webmail
mkdir /var/sqattachements
chown -R apache:apache /var/sqattachements (or whatever user apache runs as)
cd webmail
chown -R apache:apache data (or whatever user apache runs as)
cd config
./conf.pl

General
-------
1. Domain : 1.2.3.4 (Enter the IP of your server here. Don't be an idiot and actually use 1.2.3.4)
2. Invert Time : false
3. Sendmail or SMTP : SMTP

IMAP Settings
--------------
4. IMAP Server : localhost
5. IMAP Port : 143
6. Authentication type : login
7. Secure IMAP (TLS) : false
8. Server software : other
9. Delimiter : detect

SMTP Settings
-------------
4. SMTP Server : localhost
5. SMTP Port : 25
6. POP before SMTP : false
7. SMTP Authentication : login
8. Secure SMTP (TLS) : false

在apache里面配置虚拟主机
<VirtualHost 1.2.3.4:80>
ServerName mail.mydomain.com
ServerAlias mail.*
ServerAdmin [email]postmaster@mydomain.com[/email]
DocumentRoot /var/www/webmail
</VirtualHost>
生效以后，可以用
[url]http://www.yourdomain.com/webmail[/url]
登录
Username: [email]postmaster@yourdomain.com[/email]
Password: your_password

安装 修改密码的插件
cd /path/to/squirrelmail_directory/plugins (example: cd /var/www/webmail/plugins)
wget [url]http://squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fchange_pass-2.7-1.4.x.tar.gz[/url]
Unpack the module...
tar zxvf change_pass-2.7-1.4.x.tar.gz
rm -rf change_pass-2.7-1.4.x.tar.gz
cd /path/to/squirrelmail_directory/config
./conf.pl
Choose the option for "plugins". On my version of Squirrelmail, this was option 8. Once you are in the modules menu you should see the "change_pass" module on the list of available, but inactive, modules. You can add the "change_pass" module by simply typing the number associated with the module and then hitting enter. Once the module appears on the active module list, go ahead and save the configuration changes and then exit out of the configuration tool.
###########################################################

杀毒及邮件过滤

perl的模块支持
You will need these Perl Modules:

Digest::SHA1
Digest::HMAC
Net::DNS
Time::HiRes
HTML::Tagset
HTML::Parser
Pod::Usage
Parse::Syslog
Statistics::Distributions
You will also need these other packages:
perl-suidperl
unzip

How do I know if my server has these perl modules?
The following script will check your system for the above modules.
You MUST run this script as a NON-ROOT user!!
/downloads/qmailrocks/scripts/util/check_perlmods.script
If you see an output similar to this: /usr/lib/perl5/5.6.1/i386-linux/Time/HiRes.pm Your are good to go! However, if you get a "not found" type response for any of the above modules, you will need to install them.
Ok, so if I don't have the module(s), how do I down and install it(them)?
There are 3 main ways you can do this:
1. Redhat's "up2date" utility (reccomended): Redhat Network members can easily install every perl module and package that is required above with the exception of "Mail-Spamassassin", which is available in the "perlmods" directory of the Qmailrocks package. If you are a Redhat Network member and would like to see an example of how to install using the "up2date" utility, click here.
Important Note: The Parse::Syslog and Statistics::Distributions perl modules are currenly not available in RPM package format (at least I couldn't find any). These 3 modules will have to be installed via option 2 or 3
2. Qmailrocks included RPM packages: If you are not a member of Redhat Network, I've included RPM and source versions of all needed perl modules. These can be found in the "perlmods" directory of the Qmailrocks package. If you want to see an example of how to install these RPM's or source packages, click here. I try to keep these packages as current as possible, but you can always fine the latest versions at Redhat's download site.
3. Directly from CPAN: Go to [url]http://www.cpan.org[/url], get the module and install it. Alternatively, you can use the command line CPAN utility to connect to CPAN and install the module.

"unzip" and "perl-suidperl"  安装后
安装杀毒：
Installing Clam Anti Virus...
cd /downloads/qmailrocks/
rpm -Uvh clamav-x.x-x.x.rpm
rpm -Uvh clamav-devel-x.x-x.x.rpm
Now we'll do a few configuration settings to the /etc/clamd.conf file.
vi /etc/clamd.conf
"Example" - should already be commented out. However, if it is not, make sure that it is commented out (#)
"LogFile" - should be set to /var/log/clamav/clamd.log
"LogTime" - should be uncommmented.
"LogSyslog" - should be uncommented.
"User" - should be set to qscand
"ScanMail" - should be uncommented.

useradd -c "Qmail-Scanner Account" -s /bin/false qscand
Alright, now let's start Clamd...
/etc/init.d/clamd stop
/etc/init.d/clamd start

/usr/bin/freshclam -l /var/log/clamav/clam-update.log
[root@crescent clamav]# freshclam -l /var/log/clamav/clamav-update.log
ClamAV update process started at Sun Oct 24 23:36:22 2004
main.cvd is up to date (version: 27, sigs: 23982, f-level: 2, builder: tomek)
daily.cvd is up to date (version: 549, sigs: 1583, f-level: 3, builder: ccordes)

crontab -e (make sure you run this command as root)
25 1 * * * /usr/bin/freshclam --quiet -l /var/log/clamav/freshclam.log
Knowing Clam Anti Virus
1) Clam AV works pretty well right out of the box. However, there is a configuration file created at /etc/clamav.conf in case you want to customize it to your liking.
3) Clam logs to /var/log/clamav.log
4) When Clam detects an e-mail that contains a potential virus, the following will happen:
- a) Clam AV quarantines the e-mail in /var/spool/qmailscan/quarantine
- b) Clam AV will send a notification of the detection and quarantine to whoever you configure it to send notifications to. When we install Qmail-Scanner further down this page, we will tell it what people to notify when a virus is detected. If you configure Qmail-Scanner by my rules, it will send 1 notification to the system administrator. However, it can also send a notification to the sender and the recipient as well, if you configure it to do so.

安装Spamassassin...防止垃圾邮件
If you don't have the Mail::Spamassassin Perl module installed on your system, let's install it now...
cd /downloads/qmailrocks/perlmods/rpms/
rpm -Uvh perl-Mail-SpamAssassin-3.0.2-1.i386.rpm
Now let's install the Spamassassin RPMs
cd /downloads/qmailrocks/
rpm -Uvh spamassassin-3.0.2-1.i386.rpm spamassassin-tools-3.0.2-1.i386.rpm
or
rpm -Uvh --nodeps spamassassin-3.0.2-1.i386.rpm spamassassin-tools-3.0.2-1.i386.rpm

groupadd spamd
useradd -g spamd -s /home/spamd spamd

vi /etc/sysconfig/spamassassin
If the above file exists, replace its contents with the following line. If the file does not exist, create it and add the following line:
SPAMDOPTIONS="-x -u spamd -H /home/spamd -d"
Save and exit from the file.
vi /etc/mail/spamassassin/local.cf
Add the following line...
required_hits 5
Save and exit from the file.

/etc/rc.d/init.d/spamassassin start
Now let's see if Spamassassin is running...
ps aux | grep spamd
spamd 3734 0.2 2.0 24992 20808 ? S 14:21 0:01 /usr/bin/spamd -x -u spamd -H /home/spamd -d

＊＊！！！ setup 设置自启动

[[i] 本帖最后由 leera 于 2006-7-26 18:29 编辑 [/i]]

leera

###########################################################
安装qmail－scanner 和日志
cd /downloads/qmailrocks
tar zxvf qmail-scanner-1.25.tgz
tar zxvf qms-analog-0.4.2.tar.gz
cd qms-analog-0.4.2
make all
cp qmail-scanner-1.25-st-qms-YYYYMMDD.patch /downloads/qmailrocks/qmail-scanner-1.25/
cd /downloads/qmailrocks/qmail-scanner-1.25
patch -p1 < qmail-scanner-1.25-st-qms-YYYYMMDD.patch

qms-config-script 已经将qmail-scanner的大部分设置工作做好
cd /downloads/qmailrocks/qmail-scanner-1.25
vi qms-config
#!/bin/sh

if [ "$1" != "install" ]; then
INSTALL=
else
INSTALL="--install"
fi

./configure --domain yourdomain.com \
--admin postmaster \
--local-domains "yourdomain.com,yourotherdomain.com" \
--add-dscr-hdrs yes \
--dscr-hdrs-text "X-Antivirus-MYDOMAIN" \
--ignore-eol-check yes \
--sa-quarantine 0 \
--sa-delete 0 \
--sa-reject no \
--sa-subject ":SPAM:" \
--sa-delta 0 \
--sa-alt yes \
--sa-debug no \
--notify admin \
"$INSTALL"

修改yourdomain.com字样
chmod 755 qms-config
./qms-config
Answer YES to all questions.
./qms-config install

setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g
A successful database build should produce the following output:
perlscanner: generate new DB file from /var/spool/qmailscan/quarantine-attachments.txt
perlscanner: total of 9 entries.

chown -R qscand:qscand /var/spool/qmailscan
vi /var/qmail/supervise/qmail-smtpd/run
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" ; export QMAILQUEUE
change softlimit to 40000000
Note: It is absolutely vital that you change the "Softlimit" setting in this script. If you don't, qmail may fail to deliver mail!!!

#!/bin/sh
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" ; export QMAILQUEUE
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exit 1
fi
exec /usr/local/bin/softlimit -m 40000000 \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
/var/qmail/bin/qmail-smtpd your_domain.com \
/home/vpopmail/bin/vchkpw /usr/bin/true 2>&1

如果你的服务器 does NOT allow for setuid functionality，请看官方文档[url]http://www.qmailrocks.com/qmailscanner_rh.htm[/url]
qmailctl stop
qmailctl start
And a quick check of the qmail processes, just to be safe..
qmailctl stat

测试安装是否成功：
cd /downloads/qmailrocks/qmail-scanner-1.25/contrib
chmod 755 test_installation.sh
./test_installation.sh -doit
setting QMAILQUEUE to /var/qmail/bin/qmail-scanner-queue.pl for this test...
Sending standard test message - no viruses...
done!
Sending eicar test virus - should be caught by perlscanner module...
done!
Sending eicar test virus with altered filename - should only be caught by commercial anti-virus modules (if you have any)...
Sending bad spam message for anti-spam testing - In case you are using SpamAssassin...
Done!
Finished test. Now go and check Email for [email]postmaster@mydomain.com[/email]

关于定制 Spamassassin 请看官方文档

###########################################################

qmail日志分析统计
cd /downloads/qmailrocks/
tar zxvf qmailanalog-0.70.tar.gz
cd qmailanalog-0.70
RH 9/RHEL/Fedora/Slackware  用户需要打补丁
patch < /downloads/qmailrocks/patches/0.70-errno.patch
make && make setup check

cd /downloads/qmailrocks/
tar zxvf qlogtools-3.1.tar.gz
cd qlogtools-3.1
RH 9/RHEL/Fedora/Slackware  用户需要打补丁
patch < /downloads/qmailrocks/patches/qlogtools_errno.patch
mkdir /usr/local/man (if directory already exists, you're good to go)
make
./installer

cp /downloads/qmailrocks/qms-analog-0.4.2/qmailstats /var/qmail/bin
vi /var/qmail/bin/qmailstats
修改[email]your_postmaster@yourdomain.com[/email] 2个地方
#!/bin/sh
## qms-analog and qmailanalog invocation script
##
## Note: For better readability of the nightly stats email, set your email
## client font to a fixed width font - then all the columns line up
## very nicely.
##

PATH=/usr/local/qmailanalog/bin:/var/qmail/bin:/bin:/usr/bin:/usr/local/bin
QMAILSTATS="/tmp/q.$$"
EMAILMSG="/tmp/qms.$$"
umask 077
DATE=`date +'%D'`

## prepare qmail log entries for qmailanalog routines
cat /var/log/qmail/qmail-send/* /var/log/qmail/qmail-pop3d/* /var/log/qmail/qmail-smtpd/* | tai64n2tai | awk '{$1=substr($1,1,index($1,".")+6);print}' | matchup > $QMAILSTATS 5>/dev/null

## build the email message header
echo "To: [email]your_postmaster@yourdomain.com[/email]" > $EMAILMSG
echo "From: [email]your_postmaster@yourdomain.com[/email]" >> $EMAILMSG
echo "Subject: Nightly Qmail Stats Report for $DATE" >> $EMAILMSG
echo "" >> $EMAILMSG
echo "" >> $EMAILMSG

## qms-analog invocation
#
# USAGE: qms-analog hours-of-history <sort-key>
#
# hours-of-history (0 - n) hours of history to collect
# 0 => all records
# sort-key (optional) sort key for account statistics
# msgbw (default) msg bandwidth - successful msgs
# alpha alphanumeric by account name
# virus number of viruses received
# saavg Spamassassin avg score
# sadet Spamassassin msgs detected
#
# Examples:
# "qms-analog 24" - use only records within the last 24 hours,
# sort by msg bandwidth
# "qms-analog 168" - use only records within the last 7 days,
# sort by msg bandwidth
# "qms-analog 0" - use all records, sort by msg bandwidth
# "qms-analog 0 alpha" - use all records, sort alphabetically
# "qms-analog 0 saavg" - use all records, sort by Spam average score
#
# Note: Add or remove statistical time frames to suit your preference -
# "last 24 hours" and "all records" are uncommented below by default.
##

#### Last 24 hours
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~ L a s t 2 4 H o u r s ~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
cat /var/spool/qmailscan/qms-events.log | qms-analog 24 >> $EMAILMSG
####

#### Last 7 days
#echo "" >> $EMAILMSG
#echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
#echo "~~~~~~~~~~~~~~~~~~~~~~~~~~ L a s t 7 D a y s ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
#cat /var/spool/qmailscan/qms-events.log | qms-analog 168 >> $EMAILMSG
####

#### Last 30 days
#echo "" >> $EMAILMSG
#echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
#echo "~~~~~~~~~~~~~~~~~~~~~~~~~~ L a s t 3 0 D a y s ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
#cat /var/spool/qmailscan/qms-events.log | qms-analog 5040 >> $EMAILMSG
####

#### All records in qms-events.log
echo "" >> $EMAILMSG
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~ A l l R e c o r d s ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
cat /var/spool/qmailscan/qms-events.log | qms-analog 0 >> $EMAILMSG
####

## qmailanalog invocation
echo "" >> $EMAILMSG
echo "" >> $EMAILMSG
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
zoverall < $QMAILSTATS >> $EMAILMSG
echo "" >> $EMAILMSG
echo "" >> $EMAILMSG
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
zfailures < $QMAILSTATS >> $EMAILMSG
echo "" >> $EMAILMSG
echo "" >> $EMAILMSG
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" >> $EMAILMSG
zdeferrals < $QMAILSTATS >> $EMAILMSG
echo "" >> $EMAILMSG

## pipe the message into qmail-inject
cat $EMAILMSG | qmail-inject

## delete temp files
rm -f $QMAILSTATS
rm -f $EMAILMSG



chmod 750 /var/qmail/bin/qmailstats
/var/qmail/bin/qmailstats

crontab -e
0 3 * * * /var/qmail/bin/qmailstats 1>/dev/null 2>/dev/null

###########################################################

安装 Qtrap 过滤关键字信件
cd /home/vpopmail
mkdir -p qtrap/logs
cd qtrap
cp /downloads/qmailrocks/scripts/qtrap/qtrap-2.0.0 ./qtrap.sh
vi qtrap.sh

You will see a block of code for the whitelist that looks like this:

whitelist_check () {
case $WHITELIST in
[email]address@somewhere.com[/email]|[email]address@somewhereelse.com[/email]|*entiredomain.com)
echo $SENDER found in whitelist on `date "+%D %H:%M:%S"` >> /home/vpopmail/qtrap/logs/qtrap.log
exit 0;;
*)
;;
esac
}

The email addresses in the bold red text above should be substituted with any email addresses that you wish to whitelist against the qtrap filter process. Whitelisted addresses will be allowed to send you mail that contains "banned" words. Un-whitelisted address will be scanned and their message deleted if it contains a banned word. As you can see above, you can specify an individual address ([email]address@somewhere.com[/email]) or you can simply whitelist an entire domain (*entiredomain.com).

Defining your "banned word" list:

within the qtrap.sh script you should see another section, below the whitelist section of code, that looks like this:

checkall () {
case $BANNED_WORDS in
porn|PORN|Sex|SEX)
printout $BANNED_WORDS
echo MESSAGE DROPPED from $SENDER because of $BANNED_WORDS on `date "+%D %H:%M:%S"` >> /home/vpopmail/qtrap/logs/qtrap.log
exit 99;;
*)
;;
esac
}

The portion of the above section that I've highlighted in RED is the array of "banned" words. Edit this array to your satisfaction. Make sure that each word is seperated by a pipe "|" and keep in mind that the array is case sensitive. So the words "SEX" and "Sex" are 2 different words. Also, excercise caution here. You don't want to ban words that are used in everyday e-mails. For example, you wouldn't want to ban the word "hello" or something like that. You should only ban words that you are 100% sure you would never see in a legitimate e-mail.


touch /home/vpopmail/qtrap/logs/qtrap.log
chown -R vpopmail:vchkpw /home/vpopmail/qtrap
chmod -R 755 /home/vpopmail/qtrap
cd /home/vpopmail/domains/yourdomain.com
vi .qmail-default
| /home/vpopmail/qtrap/qtrap.sh
Here's an example:
.qmail-default before:
| /home/vpopmail/bin/vdelivermail '' delete
.qmail-default after:
| /home/vpopmail/qtrap/qtrap.sh
| /home/vpopmail/bin/vdelivermail '' delete

/home/vpopmail/qtrap/logs/qtrap.log 会记录被屏蔽的邮件

###########################################################
如何管理 qmail邮件服务器

目录：

1.Making sure that all services start on boot
2.Maintaining the qmail queue
3.Maintaining qmail-scanner
4.Maintaining SpamAssassin
5.Maintaining Clam Antivirus
6.Maintaining current software versions
7.Maintaining the qmail logs
8.Maintaining administrative mailboxes
9.Maintaining other mailboxes
10.Backing up your qmail server


1.Making sure that all services start on boot
--For Redhat users--
/etc/rc.local

/etc/rc.d/init.d/imap start
/etc/rc.d/init.d/imaps start
/etc/rc.d/init.d/spamd start
/etc/rc.d/init.d/httpd start


2.Maintaining the qmail queue
Your qmail server's queue is located at /var/qmail/queue.
qmailctl stat
qmHandle        
queuelifetime /var/qmail/control/queuelifetime

3.Maintaining qmail-scanner
1) qmail-scanner logs /var/spool/qmailscan/qmail-queue.log
2) The virus quarantine area  /var/spool/qmailscan/quarantine/new
    Anytime you upgrade qmail-scanner, it's a good idea to refresh the qmail-scanner perlscanner database:
         Redhat/Fedora/RHEL:
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g  or   /var/qmail/bin/qmail-scanner-queue -g (for non setuid setups)

4.Maintaining SpamAssassin
[url]http://www.spamassassin.org[/url]
/etc/mail/spamassassin/local.cf
Anytime you upgrade SpamAssassin, it's a good idea to refresh the qmail-scanner perlscanner database:

Redhat/Fedora/RHEL:
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g  or   /var/qmail/bin/qmail-scanner-queue -g (for non setuid setups)

5.Maintaining Clam Antivirus
/usr/bin/freshclam --quiet -l /var/log/clamav/clam-update.log
3) Anytime you do decide to upgrade Clam Antivirus, you will need to update qmail-scanner's version file. This is easily done by running the following command:

Redhat/Fedora/RHEL:
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z   or   /var/qmail/bin/qmail-scanner-queue -z (for non setuid setups)

6.Maintaining current software versions in general
就看qmailrocks就可以了

7.Maintaining the qmail logs
/var/qmail/supervise/qmail-pop3d/run operated the pop server and is logged via /var/qmail/supervise/qmail-pop3d/log/run

/var/qmail/supervise/qmail-smtpd/run operates the smtp server and is logged via /var/qmail/supervise/qmail-smtpd/log/run

/var/qmail/supervise/qmail-send/run operates the mail processor and is logged via /var/qmail/supervise/qmail-send/log/run

8.Maintaining administrative mailboxes
9.Maintaining other mailboxes

10.Backing up your qmail server
/home/vpopmail
/var/qmail


###########################################################

客户端设置

[[i] 本帖最后由 leera 于 2006-7-26 18:30 编辑 [/i]]

platinum

如果有个自动编译安装配置程序就好了
等回头有时间我写一个 ^_^

leera

哈哈，这个自动化脚本你打算用啥语言写？perl，php，bash？

[ 本帖最后由 leera 于 2006-7-27 13:17 编辑 ]

platinum

bash + sed + dialog 应该不难解决

leera

是不是就想zend的安装那个样子？