- 论坛徽章:
- 0
|
用下列方法,能收不能发,一切均正常。
This is the Postfix program at host mail.glnc.edu.cn.
I'm sorry to have to inform you that the message returned
below could not be delivered to one or more destinations.
For further assistance, please send mail to <postmaster>;
If you do so, please include this problem report. You can
delete your own text from the message returned below.
The Postfix program
<bsdunix02@163.com>;: host 127.0.0.1[127.0.0.1] said: 554 5.1.0
<bsdunix02@163.com>;: Recipient address rejected: Access denied (in reply to
end of DATA command)
FREEBSD上的使用POSTFIX的反垃圾反病毒邮件系统
http://www.chinaunix.net 作者:孤独的鹰 发表于:2003-12-02 16:24:41
POSTFIX下的反垃圾反病毒邮件系统
--------------------------------------------------------------------------------
使用版本为
hawk# uname -a
FreeBSD hawk.the9.com 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003 root@freebsd-stable.sentex.ca:/usr/obj/usr/src/sys/GENERIC i386
1.分区:
1G /
1G swap
3G /var 邮件存储在这里所以设置比较大
1G /tmp
1G /home
3G /usr
剩下 /data
2.用户
添加cnhawk用户,口令另行约定,cnhawk用户需加入wheel组,root口令另行约定
3. packages安装
选择最小化安装
选中
在custom选项里选中
compat3x
compat4x
man
ports
4.rc.conf
设定:
sendmail_enable="NONE"
5. 安装mysql
A.可以在ports中安装
Cd /usr/ports/databases/mysql323-server
Make install
安装的mysql的版本是mysql-3.23.58
B.以下是手动安装mysql-3.23.55
1)添加mysql用户组及mysql用户
hawk# pw groupadd mysql
hawk# pw useradd mysql -g mysql -s /nonexistent
2)配置安装
hawk# tar zxvf mysql-3.23.55.tar.gz
hawk# cd mysql-3.23.55
hawk# ./configure --prefix=/usr/local/mysql --with-low-memory \
--with-charset=gb2312 --without-debug
hawk# make
hawk# make install
hawk# scripts/mysql_install_db
hawk# chown -R root /usr/local/mysql
hawk# chown -R mysql /usr/local/mysql/var
hawk# chgrp -R mysql /usr/local/mysql
hawk# cp support-files/my-medium.cnf /etc/my.cnf
hawk# ln -s /usr/local/mysql/bin/safe_mysqld /usr/local/bin/safe_mysqld
hawk# ln -s /usr/local/mysql/bin/mysqladmin /usr/local/bin/mysqladmin
hawk# ln -s /usr/local/mysql/bin/mysql /usr/local/bin/mysql
hawk# ln -s /usr/local/mysql/lib/mysql /usr/local/lib/mysql
3)编辑用户数据库
以下是建库的语句
use mysql;
#======================postfix==================================
INSERT INTO user (host,user,password) VALUES('localhost','postfix','');
update user set password=password('hawk') where User='postfix';
FLUSH PRIVILEGES;
GRANT ALL ON mail.* TO postfix@localhost IDENTIFIED BY "hawk";
#======================courier==================================
INSERT INTO user (host,user,password) VALUES ('localhost','courier','');
update user set password=password('hawk') where User='courier';
FLUSH PRIVILEGES;
GRANT select,insert,update on mail.* TO courier;
#=======================MAIL.SQL=================================
#Create mail database
CREATE DATABASE mail;
use mail;
#Create the aliases table
CREATE TABLE aliases (
alias varchar(255) NOT NULL default '',
rcpt varchar(255) default NULL,
PRIMARY KEY (alias)
) TYPE=MyISAM;
#Create the transport table
CREATE TABLE transport (
domain char(12 NOT NULL default '',
transport char(12 NOT NULL default '',
UNIQUE KEY domain (domain)
) TYPE=MyISAM;
#Create thevirtua_users table
CREATE TABLE virtual_users (
unique_id int(32) unsigned NOT NULL auto_increment,
id char(12 NOT NULL default '',
password char(12 default NULL,
uid int(10) unsigned default '2003',
gid int(10) unsigned default '2003',
home char(255) default NULL,
maildir char(255) default NULL,
date_add date default NULL,
time_add time default NULL,
domain char(12 default NULL,
name char(255) default NULL,
imapok tinyint(3) unsigned default '1',
quota char(255) default '10485760',
PRIMARY KEY (id),
KEY unique_id (unique_id)
) TYPE=MyISAM;
#Create address table //该部分是为使用igenus而增加的。
CREATE TABLE address (
id int(32) unsigned NOT NULL auto_increment,
unique_id int(32) NOT NULL default '0',
name char(255) NOT NULL default ' ',
email char(255) NOT NULL default ' ',
PRIMARY KEY (id),
key unique_id (unique_id)
) TYPE=MyISAM;
#==========================================================
4)设置自启:
hawk# edit /usr/local/etc/rc.d/mysqld.sh
示例:mysqld.sh
#!/bin/sh
case "$1" in
start)
if [ -x /usr/local/mysql/bin/safe_mysqld ]; then
/usr/local/mysql/bin/safe_mysqld --user=mysql & >; /dev/null && echo -n ' mysqld'
fi
;;
stop)
/usr/bin/killall mysqld >; /dev/null 2>;&1 && echo -n ' mysqld'
;;
*)
echo ""
echo "Usage: `basename $0` { start | stop }"
echo ""
exit 64
;;
esac
hawk# chmod 755 /usr/local/etc/rc.d/mysqld.sh
6.安装cyrus-sasl
1)安装cyrus-sasl-2.1.12
hawk# tar -zxvf cyrus-sasl-2.1.12.tar.gz
hawk# cd cyrus-sasl-2.1.12
hawk# ./configure --disable-sample --disable-pwcheck --disable-cram \
--disable-digest --disable-krb4 --disable-gssapi --disable-anon \
--with-saslauthd=/var/run/saslauthd --enable-plain --enable-login
hawk# make
hawk# make install
hawk# ln -s /usr/local/lib/sasl2 /usr/lib/sasl2
2)配置sasl的lib库
hawk# edit /etc/defaults/rc.conf
(在ldconfig_paths="/usr/loca/lib后面加上/usr/local/lib/sasl2"
hawk# shutdown -r now(使其生效)
3)运行saslauthd(如果使用pam直接认证,则该步骤可以省略)
示例saslauthd.sh
#!/bin/sh
case "$1" in
start)
if [ -x /usr/local/sbin/saslauthd ]; then
/usr/local/sbin/saslauthd -a pam >; /dev/null && echo -n ' saslauthd'
fi
;;
stop)
/usr/bin/killall saslauthd >; /dev/null 2>;&1 && echo -n ' saslauthd'
;;
*)
echo ""
echo "Usage: `basename $0` { start | stop }"
echo ""
exit 64
;;
Esac
hawk# mkdir /var/run/saslauthd
hawk# edit /usr/local/etc/rc.d/saslauthd.sh
hawk# chmod 755 /usr/local/etc/rc.d/saslauthd.sh
4)准备postfix认证的配置文件
A)使用pam直接认证:
hawk# echo pwcheck_method: pam >; /usr/local/lib/sasl2/smtpd.conf
B)使用saslauthd调用pam认证:
hawk# echo pwcheck_method: saslauthd >; /usr/lib/sasl2/smtpd.conf
7. 安装 pam_mysql
安装 pam_mysql-0.5 (由于采用源码安装编译不能通过,故使用freebsd4.9 ports安装)
1)安装
hawk# pkg_add –r gmake (pam_mysql需要gmake)
hawk# cd /usr/ports/security/pam-mysql/
hawk# cp /usr/local/lib/pam_mysql.so /usr/lib/
2)配置pam.conf调用mysql支持sasl认证
hawk# edit /etc/pam.conf(将pop3 和imap的前面加上#)添加下列代码:
smtp auth sufficient pam_mysql.so user=postfix passwd=hawk host=localhost db=mail table=virtual_users usercolumn=id passwdcolumn=password crypt=1
smtp account required pam_mysql.so user=postfix passwd=hawk host=localhost db=mail table=virtual_users usercolumn=id passwdcolumn=password crypt=1
(注:密码使用crypt加密,如果使用明文密码cyrpt=0,如果使用password()加密crypt=2)
8.安装postfix
1)停止sendmail
hawk# mv /usr/bin/newaliases /usr/bin/newaliases.OFF
hawk# mv /usr/bin/mailq /usr/bin/mailq.OFF
hawk# mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF
hawk# mv /etc/rc.sendmail /etc/sendmail.OFF
hawk# edit /etc/rc.conf(在sendmail="YES"前面添加# )
2)添加postfix用户
hawk# pw groupadd postfix -g 2003
hawk# pw groupadd postdrop -g 2004
hawk# pw useradd postfix -u 2003 -g 2003 -d /dev/null -s /nologin
3)安装
安装postfix-2.0.10.tar.gz
hawk# tar zxvf postfix-2.0.10.tar.gz
hawk# cd postfix-2.0.10
如果你的mysql是源码编译请用下面这个命令
hawk# make -f Makefile.init makefiles 'CCARGS=-DUSE_SASL_AUTH -DHAS_MYSQL -I/usr/local/mysql/include/mysql -I/usr/local/include/sasl' 'AUXLIBS=-L/usr/local/lib/ -L/usr/local/mysql/lib/mysql -lmysqlclient -lsasl2 -lz -lm'
如果你的mysql是ports安装的请用下面这个命令
hawk# make -f Makefile.init makefiles 'CCARGS=-DUSE_SASL_AUTH -DHAS_MYSQL -I/usr/local/include/mysql -I/usr/local/include/sasl' 'AUXLIBS=-L/usr/local/lib/ -L/usr/local/lib/mysql -lmysqlclient -lsasl2 -lz -lm'
hawk# make
hawk# make install(第一次安装使用此命令,安装过程中如果提示错误则在提示选择tmp的时候使用/tmp)
hawk# make upgrade(升级老版本使用此命令)
4)配置
hawk# echo ‘postfix: root’ >;>; /etc/aliases
hawk# /usr/bin/newaliases
(注:如果提示postfix无法打开opiekeys文件则执行:#hawk chown postfix:postfix /etc/opiekeys)
A)编辑修改/etc/posftix/main.cf 示例:main.cf
#======= BASE ==============
myhostname = hawk.the9.com
mydomain = the9.com
home_mailbox=Maildir/
mydestination = $myhostname, $mydomain, $transport_maps
local_recipient_maps = 为空
mailbox_command= /usr/lib/courier-imap/bin/deliverquota -w 90 ~/Maildir
#======= MYSQL =============
transport_maps = mysql:/etc/postfix/transport.cf
virtual_gid_maps = mysql:/etc/postfix/gids.cf
virtual_mailbox_base = /var/mail
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual.cf
virtual_maps = mysql:/etc/postfix/mysql.aliases.cf
virtual_uid_maps = mysql:/etc/postfix/uids.cf
#======= Quota ============
message_size_limit = 2097152 //限制每次发邮件的大小 2MB
virtual_mailbox_limit_inbox = no
virtual_mailbox_limit_maps = mysql:/etc/postfix/mailboxsize-mysql.cf
virtual_mailbox_limit_override = yes
virtual_maildir_extended = yes
virtual_create_maildirsize = yes
virtual_mailbox_limit = 10485760 //总邮箱的大小 10MB
#====== SASL ================
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated permit_auth_destinatio reject
#smtpd_sasl_local_domain = $mydomain
smtpd_client_restrictions = permit_sasl_authenticated
B)确认/etc/postfix/master.cf的配置有如下内容
virtual unix - n n - - virtual
C)编辑/etc/posftix/transport.cf
示例:transport.cf
user = postfix
password = hawk
dbname = mail
table = transport
select_field = transport
where_field = domain
hosts = localhost
D)编辑/etc/postfix/gids.cf
示例:gids.cf
user = postfix
password= hawk
dbname = mail
table = virtual_users
select_field = gid
where_field = id
hosts = localhost
E)编辑/etc/postfix/uids.cf
示例:uids.cf
user = postfix
password= hawk
dbname = mail
table = virtual_users
select_field = uid
where_field = id
hosts = localhost
F)编辑/etc/posftix/mysql_virtual.cf
示例:mysql_virtual.cf
user = postfix
password= hawk
dbname = mail
table = virtual_users
select_field = maildir
where_field = id
hosts = localhost
G)编辑/etc/postfix/mysql.aliases.cf 示例:mysql.aliases.cf
user = postfix
password= hawk
dbname = mail
table = aliases
select_field = rcpt
where_field = alias
hosts = localhost
H)编辑/etc/postfix/mailboxsize-mysql.cf 示例:mailboxsize-mysql.cf
user = postfix
password = hawk
dbname = mail
table = virtual_users
select_field = quota
where_field = id
hosts = localhost
5)设置自启动
hawk# edit /usr/local/etc/rc.d/postfix-server.sh
示例:postfix-server.sh
#!/bin/sh
case "$1" in
start)
if [ -x /usr/sbin/postfix ]; then
/usr/sbin/postfix start && echo -n ' postfix'
fi
;;
stop)
/usr/sbin/postfix stop && echo -n ' postfix'
;;
*)
echo ""
echo "Usage: `basename $0` { start | stop }"
echo ""
exit 64
;;
esac
hawk# chmod 755 /usr/local/etc/rc.d/postfix-server.sh
9.安装expect.tar.gz(need tcl)
hawk# pkg_add tcl-8.3.5_2.tgz
hawk# tar zxvf expect-5.38.tar.gz
hawk# cd expect-5.38
hawk# ./configure --enable-threads --with-tcl=/usr/local/lib/tcl8.3 --with-tclinclude=/usr/local/include/tcl8.3
hawk# make
hawk# make install
10.安装Courier-imap-1.7.1(need gmake、expect)
1、安装
hawk# pkg_add -r gmake 远程安装包
hawk# pw useradd cnhawk -g wheel(the software MUST run the configure script as normal user, not root)
hawk$ bunzip2 courier-imap-1.7.1.tar.bz2
hawk$ tar xvf courier-imap-1.7.1.tar
hawk$ cd courier-imap-1.7.1
如果你的mysql是源码编译请用下面这个命令
hawk$ ./configure --without-ipv6 --enable-unicode \
--enable-workarounds-for-imap-client-bugs \
--with-mysql-libs=/usr/local/mysql/lib/mysql \
--with-mysql-includes=/usr/local/mysql/include/mysql
如果你的mysql是ports安装请用下面这个命令
Hawk$./configure --without-ipv6 --enable-unicode --enable-workarounds-for-imap-client-bugs --with-mysql-libs=/usr/local/lib/mysql --with-mysql-includes=/usr/local/include/mysql
hawk$ gmake
hawk# su root
hawk# gmake install
hawk# gmake install-configure
2)配置
编辑修改/usr/lib/courier-imap/etc/authmysqlrc 示例:authmysqlrc
##VERSION: $Id: authmysqlrc,v 1.10 2002/04/02 23:41:41 mrsam Exp $
#
# Copyright 2000 Double Precision, Inc. See COPYING for
# distribution information.
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
# authmysqlrc created from authmysqlrc.dist by sysconftool
#
# DO NOT INSTALL THIS FILE with world read permissions. This file
# might contain the MySQL admin password!
#
# Each line in this file must follow the following format:
#
# field[spaces|tabs]value
#
# That is, the name of the field, followed by spaces or tabs, followed by
# field value. Trailing spaces are prohibited.
##NAME: LOCATION:0
#
# The server name, userid, and password used to log in.
MYSQL_SERVER localhost
MYSQL_USERNAME courier
MYSQL_PASSWORD hawk
##NAME: MYSQL_SOCKET:0
#
# MYSQL_SOCKET can be used with MySQL version 3.22 or later, it specifies the
# filesystem pipe used for the connection
#
MYSQL_SOCKET /tmp/mysql.sock
##NAME: MYSQL_PORT:0
#
# MYSQL_PORT can be used with MySQL version 3.22 or later to specify a port to
# connect to.
MYSQL_PORT 3306
##NAME: MYSQL_OPT:0
#
# Leave MYSQL_OPT as 0, unless you know what you're doing.
MYSQL_OPT 0
##NAME: MYSQL_DATABASE:0
#
# The name of the MySQL database we will open:
MYSQL_DATABASE mail
##NAME: MYSQL_USER_TABLE:0
#
# The name of the table containing your user data. See README.authmysqlrc
# for the required fields in this table.
MYSQL_USER_TABLE virtual_users
##NAME: MYSQL_CRYPT_PWFIELD:0
#
# Either MYSQL_CRYPT_PWFIELD or MYSQL_CLEAR_PWFIELD must be defined. Both
# are OK too. crypted passwords go into MYSQL_CRYPT_PWFIELD, cleartext
# passwords go into MYSQL_CLEAR_PWFIELD. Cleartext passwords allow
# CRAM-MD5 authentication to be implemented.
MYSQL_CRYPT_PWFIELD password
##NAME: MYSQL_CLEAR_PWFIELD:0
#
#
# MYSQL_CLEAR_PWFIELD clear
##NAME: MYSQL_DEFAULT_DOMAIN:0
#
# If DEFAULT_DOMAIN is defined, and someone tries to log in as 'user',
# we will look up 'user@DEFAULT_DOMAIN' instead.
#
#
# DEFAULT_DOMAIN example.com
##NAME: MYSQL_UID_FIELD:0
#
# Other fields in the mysql table:
#
# MYSQL_UID_FIELD - contains the numerical userid of the account
#
MYSQL_UID_FIELD uid
##NAME: MYSQL_GID_FIELD:0
#
# Numerical groupid of the account
MYSQL_GID_FIELD gid
##NAME: MYSQL_LOGIN_FIELD:0
#
# The login id, default is id. Basically the query is:
#
# SELECT MYSQL_UID_FIELD, MYSQL_GID_FIELD, ... WHERE id='loginid'
#
MYSQL_LOGIN_FIELD id
##NAME: MYSQL_HOME_FIELD:0
#
MYSQL_HOME_FIELD home
##NAME: MYSQL_NAME_FIELD:0
#
# The user's name (optional)
MYSQL_NAME_FIELD name
##NAME: MYSQL_MAILDIR_FIELD:0
#
# This is an optional field, and can be used to specify an arbitrary
# location of the maildir for the account, which normally defaults to
# $HOME/Maildir (where $HOME is read from MYSQL_HOME_FIELD).
#
# You still need to provide a MYSQL_HOME_FIELD, even if you uncomment this
# out.
#
MYSQL_MAILDIR_FIELD maildir
##NAME: MYSQL_QUOTA_FIELD:0
#
# Define MYSQL_QUOTA_FIELD to be the name of the field that can optionally
# specify a maildir quota. See README.maildirquota for more information
#
MYSQL_QUOTA_FIELD quota
##NAME: MYSQL_WHERE_CLAUSE:0
#
# This is optional, MYSQL_WHERE_CLAUSE can be basically set to an arbitrary
# fixed string that is appended to the WHERE clause of our query
#
MYSQL_WHERE_CLAUSE imapok=1
##NAME: MYSQL_SELECT_CLAUSE:0
#
# (EXPERIMENTAL)
# This is optional, MYSQL_SELECT_CLAUSE can be set when you have a database,
# which is structuraly different from proposed. The fixed string will
# be used to do a SELECT operation on database, which should return fields
# in order specified bellow:
#
# username, cryptpw, uid, gid, clearpw, home, maildir, quota, fullname
#
# Enabling this option causes ignorance of any other field-related
# options, excluding default domain.
#
# There are two variables, which you can use. Substitution will be made
# for them, so you can put entered username (local part) and domain name
# in the right place of your query. These variables are:
# $(local_part) and $(domain)
#
# If a $(domain) is empty (not given by the remote user) the default domain
# name is used in its place.
#
# This example is a little bit modified adaptation of vmail-sql
# database scheme:
#
# MYSQL_SELECT_CLAUSE SELECT popbox.local_part, \
# CONCAT('{MD5}', popbox.password_hash), \
# popbox.clearpw, \
# domain.uid, \
# domain.gid, \
# CONCAT(domain.path, '/', popbox.mbox_name), \
# '', \
# domain.quota, \
# '', \
# FROM popbox, domain \
# WHERE popbox.local_part = '$(local_part)' \
# AND popbox.domain_name = '$(domain)' \
# AND popbox.domain_name = domain.domain_name
#
##NAME: MYSQL_CHPASS_CLAUSE:0
#
# (EXPERIMENTAL)
# This is optional, MYSQL_CHPASS_CLAUSE can be set when you have a database,
# which is structuraly different from proposed. The fixed string will
# be used to do an UPDATE operation on database. In other words, it is
# used, when changing password.
#
# There are four variables, which you can use. Substitution will be made
# for them, so you can put entered username (local part) and domain name
# in the right place of your query. There variables are:
# $(local_part) , $(domain) , $(newpass) , $(newpass_crypt)
#
# If a $(domain) is empty (not given by the remote user) the default domain
# name is used in its place.
# $(newpass) contains plain password
# $(newpass_crypt) contains its crypted form
#
# MYSQL_CHPASS_CLAUSE UPDATE popbox \
# SET clearpw='$(newpass)', \
# password_hash='$(newpass_crypt)' \
# WHERE local_part='$(local_part)' \
# AND domain_name='$(domain)'
#
编辑修改/usr/lib/courier-imap/etc/authdaemonrc
version="authdaemond.mysql"
3)设置自启动
hawk# cd /usr/local/etc/rc.d
hawk# ln -s /usr/lib/courier-imap/libexec/imapd.rc imapd.sh
hawk# ln -s /usr/lib/courier-imap/libexec/pop3d.rc pop3d.sh
hawk# chmod 755 imapd.sh
hawk# chmod 755 pop3d.sh
现在开始测试:
1)设置用户:
hawk# mysql
mysql>; use mail;
在数据库里你可以看到
mysql>; show tables;
+----------------+
| Tables_in_mail |
+----------------+
| aliases |
| transport |
| virtual_users |
+----------------+
mysql>; desc aliases;
+-------+--------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------+--------------+------+-----+---------+-------+
| alias | varchar(255) | | PRI | | |
| rcpt | varchar(255) | YES | | NULL | |
+-------+--------------+------+-----+---------+-------+
mysql>; insert aliases values('postmaster@the9.com','cnhawk@the9.com');
mysql>; insert aliases values('postmaster@freebsd.net','cnhawk@freebsd.net');
mysql>; select * from aliases;
+--------------------------+--------------------+
| alias | rcpt |
+--------------------------+--------------------+
| postmaster@the9.com | cnhawk@the9.com |
| postmaster@freebsd.net | cnhawk@freebse.net |
+--------------------------+--------------------+
mysql>; desc transport;
+-----------+-----------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------+-----------+------+-----+---------+-------+
| domain | char(12 | | PRI | | |
| transport | char(12 | | | | |
+-----------+-----------+------+-----+---------+-------+
mysql>; insert transport values('the9.com','virtual:');
mysql>; insert transport values('freebsd.net','virtual:');
mysql>; select * from transport;
+---------------+-----------+
| domain | transport |
+---------------+-----------+
| nankai.edu.cn | virtual: |
| freebsd.net | virtual: |
+---------------+-----------+
mysql>; desc virtual_users;
+-----------+---------------------+------+-----+----------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-----------+---------------------+------+-----+----------+----------------+
| unique_id | int(32) unsigned | | MUL | NULL | auto_increment |
| id | char(12 | | PRI | | |
| password | char(12 | YES | | NULL | |
| uid | int(10) unsigned | YES | | 104 | |
| gid | int(10) unsigned | YES | | 104 | |
| home | char(255) | YES | | NULL | |
| maildir | char(255) | YES | | NULL | |
| date_add | date | YES | | NULL | |
| time_add | time | YES | | NULL | |
| domain | char(12 | YES | | NULL | |
| name | char(255) | YES | | NULL | |
| imapok | tinyint(3) unsigned | YES | | 1 | |
| quota | char(255) | YES | | 10485760 | |
+-----------+---------------------+------+-----+----------+----------------+
mysql>; INSERT INTO virtual_users
mysql>; (id,home,password,maildir,date_add,time_add,domain,name)
mysql>; VALUES ('cnhawk@the9.com','/var/mail/',encrypt('cnhawk'),
mysql>; 'the9.com/cnhawk/Maildir/','2003-04-23','01:18:24','the9.com','cnhawk');
mysql>; INSERT INTO virtual_users
mysql>; (id,home,password,maildir,date_add,time_add,domain,name)
mysql>; VALUES ('hawk@freebsd.net','/var/mail/',encrypt('hawk'),
mysql>; 'freebsd.net/hawk/Maildir/','2003-04-23','01:18:24','freebsd.net','hawk');
mysql>; quit
2)设置用户的目录与权限:
hawk# mkdir -p /var/mail/the9.com/cnhawk
hawk# mkdir -p /var/mail/freebsd.net/hawk
hawk# cd /usr/lib/courier-imap/bin
hawk# ./maildirmake /var/mail/the9.com/cnhawk/Maildir
hawk# ./maildirmake /var/mail/freebsd.net/hawk/Maildir
hawk# chmod -R 700 /var/mail/the9.com/
hawk# chmod -R 700 /var/mail/freebsd.net/
hawk# chown -R postfix:postfix /var/mail/the9.com
hawk# chown -R postfix:postfix /var/mail/freebsd.net
至此用户设置完毕,这里仅仅使用两个虚拟域,同理可以设置若干个虚拟域,如:mail.com
3)用户登录测试:
hawk# telnet 127.0.0.1 110
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
+OK Hello there.
user cnhawk@the9.com
+OK Password required.
pass cnhawk
+OK logged in. (OK,pop 登录成功)
quit
+OK Bye-bye.
Connection closed by foreign host.
也可以使用任何其它的邮件客户端程序来测试,如foxmail、Outlook Express等等。
然后安装webmail
安装igenus
1.安装:
hawk # cd /usr/ports/www/apache2
hawk # make install
hawk# cd /usr/ports/www/mod_php4
hawk# make install
hawk# cd /var/mail
hawk# tar zxvf igenus_docn.tar.gz
hawk# edit /usr/local/apache/conf/httpd.conf
2.配置:
1)Group nobody、User nobody
修改为: Group postfix、User postfix
2)DocumentRoot "/usr/local/apache/htdocs"
修改为:DocumentRoot "/var/mail/webmail"
3) 查找 AddDefaultCharset ISO-8859-1
改为AddDefaultCharset GB2312 #中文支持
添加AddType application/x-httpd-php .php #php支持
4)修改config_inc.php文件
$CFG_BASEPATH = "/var/mail/webmail";
$CFG_MYSQL_HOST = 'localhost';
$CFG_MYSQL_USER = 'postfix';
$CFG_MYSQL_PASS = 'hawk';(同以上密码,均可以自己修改)
$CFG_MYSQL_DB = 'mail';
5) 编辑/usr/local/etc/php.ini,修改:
Cp /usr/local/etc/php.ini-dist /usr/local/etc/php.ini
register_globals = On
3.使用:
最后在浏览器的URL中输入:
http://IP 因为没有DNS 有了DNS就好了 可以直接定位域名
1. 修改/etc/php.ini
max_execution_time = 30 #改为60 (增加处理脚本的时间限制)
memory_limit = 8M #改为40M (这样才能发10M的附件)
post_max_size = 2M #改为10M
upload_max_filesize = 2M #改为10M
2. 修改/etc/httpd/conf.d/php.conf
<Files *.php>;
SetOutputFilter PHP
SetInputFilter PHP
LimitRequestBody 524288 #把524288改为10485760
</Files>;
这里的 LimitRequestBody 524288 限定了上传附件的上限为512k, 将其改为10M
3. 修改/etc/postfix/main.cf, 添加如下语句:
message_size_limit = 14336000
postfix的默认值是10M, 但这指的是邮件正文和编码后附件的总和, 经过base64编码,附件的大小会增加35%左右, 因此这里设定可接受邮件的大小为14M
可以使用如下命令查看postfix的有关设定:
/usr/sbin/postconf | grep size
4. 重起apache和postfix.
反垃圾邮件 反病毒邮件部分
1.安装McAfee uvscan
BSD上的最新的版本是vbsd424e,虽然是试用但是可以升级也没有功能限制。
最新病毒库的版本是dat-4306.tar = b4af8aa33b670d15cc43ebf6f4967498
如何你的ports中的病毒库不是最新的版本 可以修改ports中的文件 可以去www.nai.com上面直接下载
安装McAfee AntiVirus
hawk# cd /usr/ports/security/vscan
hawk# make install clean
2.AMaViS的安装
AMaViS是uvscan和postfix之间的一个桥梁,完成邮件解码,交给uvscan查毒,然后再处理,转发操作。
2.1在ports中安装
我这里的版本号是amavisd-new-20030616
hawk# cd /usr/ports/security/amavisd-new/
# make install clean
hawk# cd /usr/local/etc
hawk# cp amavisd.conf-dist amavisd.conf
hawk# chown vscan amavisd.conf
hawk# chmod 750 amavisd.conf
hawk# chown vscan /usr/local/sbin/amavisd
hawk# chmod 750 /usr/local/sbin/amavisd
修改 amavisd.conf
$mydomain = 'the9.com'; (修改成你自己的)
$TEMPBASE = "/tmp";
$forward_method = 'smtp:127.0.0.1:10025';
$notify_method = $forward_method;
以下的可以根据你的服务器情况设定
$virus_admin = "vscan\@$mydomain"
$mailfrom_notify_admin = "vscan\@$mydomain";
$mailfrom_notify_recip = "vscan\@$mydomain";
$mailfrom_notify_spamadmin = "vscan\@$mydomain";
# $QUARANTINEDIR = '/var/virusmails';
2.2修改postfix
在 /etc/postfix/master.cf 中
smtp inet n - n - - smtpd
改为如下:
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
注意 关于127.0.0.1:10025 的 content_filter 为空白,是因为在 postfix 的 main.cf 中,先前已有定义 content_filter 的话,可能会造成在本地邮件不停的转寄给自己,要是有这样的情况发生,postfix 的日志中会出现以下信息「Error: too many hops 」。
测试
hawk# /usr/local/sbin/postfix stop
hawk# /usr/local/sbin/postfix start
hawk# su - vscan
hawk# /usr/local/sbin/amavisd debug
启动另一个终端:
hawk# telnet 127.0.0.1 10024
Trying 127.0.0.1...
Connected to localhost.the9.com.
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
MAIL FROM:<cnhawk@the9.com>;
250 2.1.0 Sender cnhawk@the9.com OK
RCPT TO:<cnhawk@the9.com>;
250 2.1.5 Recipient cnhawk@the9.com OK
DATA
354 End data with <CR>;<LF>;.<CR>;<LF>;
Subject: Test 2
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
.
250 2.5.0 Ok, id=00116-02, BOUNCE <-- 出现这个表示系统已经认出这个邮件中含有 Virus
QUIT
2.3安装配置 Spamassassin
在最新的AMaVisd-new已经结合了Spamassassin功能,所以只要用 ports安装了 AMaVisd-ne,那 Spamassassin 也已经安装好了。
Port: amavisd-new-20030616.p5
Path: /usr/ports/security/amavisd-new
Info: Performance-enhanced daemonized version of amavis-perl
Maint: blaz@si.FreeBSD.org
Index: security
B-deps:
R-deps: arc-5.21e.8_1 freeze-2.5_1 lha-1.14i_1 lzo-1.08_1 lzop-1.01 p5-Archive-Tar-1.05 p5-Archive-Zip-1.06 p5-Authen-SASL-2.04 p5-Compress-Zlib-1.22 p5-Convert-TNEF-0.17 p5-Convert-UUlib-0.213 p5-Digest-HMAC-1.01 p5-Digest-MD5-2.27 p5-Digest-Nilsimsa-0.06 p5-Digest-SHA1-2.04 p5-File-Spec-0.82 p5-HTML-Parser-3.31 p5-HTML-Tagset-3.03 p5-IO-1.20 p5-IO-stringy-2.108 p5-MIME-Base64-2.20 p5-MIME-Tools-5.411a_2 p5-Mail-SpamAssassin-2.55 p5-Mail-Tools-1.58 p5-Net-1.16,1 p5-Net-DNS-0.40 p5-Net-Server-0.85 p5-PodParser-1.24 p5-Test-Harness-2.28 p5-Test-Simple-0.47_1 p5-Time-HiRes-1.50,1 p5-URI-1.25 p5-Unix-Syslog-0.100 razor-agents-2.36 unarj-2.43_1 unrar-3.20,2 zoo-2.10.1
如果服务器不需要 Spamassassin 的功能那这个步骤可以取消。
添加需要的用户
hawk# pw useradd spam -c "Spam Bayes Learner" -d /var/empty -s /sbin/nologin
hawk# pw useradd notspam -c "Not Spam Bayes Learner" -d /var/empty -s /sbin/nologin
修改 /usr/local/etc/mail/spamassassin/local.cf
use_bayes 1
bayes_path /var/amavis/.spamassassin/bayes
auto_learn 1
auto_learn_threshold_nonspam -2
auto_learn_threshold_spam 15
修改 /usr/local/etc/amavisd.conf
$max_servers = 2;
$max_requests = 10;
$child_timeout=5*60;
@bypass_virus_checks_acl = qw( . );
@local_domains_acl = ( ".$mydomain" );
$final_spam_destiny = D_PASS;
read_hash(\%whitelist_sender, '/var/amavis/whitelist');
read_hash(\%blacklist_sender, '/var/amavis/blacklist');
read_hash(\%spam_lovers, '/var/amavis/spam_lovers');
# SpamAssassin settings
#$sa_local_tests_only = 1;
$sa_auto_whitelist = 1;
$sa_mail_body_size_limit = 64*1024;
$sa_tag_level_deflt = 4.0;
$sa_tag2_level_deflt = 6.3;
$sa_kill_level_deflt = $sa_tag2_level_deflt;
$sa_spam_subject_tag = '***SPAM*** ';
建立所需要的文件
hawk# touch /var/amavis/whitelist
hawk# touch /var/amavis/blacklist
hawk# touch /var/amavis/spam_lovers
hawk# chown vscan /var/amavis/whitelist
hawk# chown vscan /var/amavis/blacklist
hawk# chown vscan /var/amavis/spam_lovers
hawk# echo spam@the9.com >;>; /var/amavis/spam_lovers
hawk# echo notspam@the9.com >;>; /var/amavis/spam_lovers
修改/usr/local/etc/postfix/main.cf
添加
content_filter = smtp-amavis:[127.0.0.1]:10024
建立自动学习体系
Bayesian Learning Script
hawk# vi /usr/local/sbin/my-sa-learn.sh
#!/bin/sh
if [ -e /var/mail/spam ]; then
/usr/local/bin/sa-learn --spam -p /var/amavis/.spamassassin/user_prefs --mbox /var/mail/spam
rm /var/mail/spam >; /dev/null
fi
if [ -e /var/mail/notspam ]; then
/usr/local/bin/sa-learn --ham -p /var/amavis/.spamassassin/user_prefs --mbox /var/mail/notspam
rm /var/mail/notspam >; /dev/null
fi
建立Bayes学习知识库:
hawk# /usr/bin/sa-learn --rebuild -p /var/amavis/.spamassassin/user_prefs
这样就可以自动学习了
hawk# chmod 700 /usr/local/sbin/my-sa-learn.sh
hawk# crontab -e
5 0 * * * /usr/local/sbin/my-sa-learn.sh
下面重新启动服务让设置生效
hawk# /usr/local/etc/rc.d/postfix.sh stop
hawk# /usr/local/etc/rc.d/postfix.sh start
hawk# /usr/local/etc/rc.d/amavisd.sh stop
hawk# /usr/local/etc/rc.d/amavisd.sh start
要是使用 Spamassassin 的 spamd,也需要重新启动。
启动 AMaVisd 时,确认是否有找到反病毒软件
hawk# cat /var/log/maillog |grep NAI
Dec 1 03:37:07 hawk amavis[112]: Found primary av scanner NAI McAfee AntiVirus (uvscan) at /usr/local/bin/uvscan
Dec 1 15:36:00 hawk amavis[110]: Found primary av scanner NAI McAfee AntiVirus (uvscan) at /usr/local/bin/uvscan
Dec 1 16:14:28 hawk amavis[110]: Found primary av scanner NAI McAfee AntiVirus (uvscan) at /usr/local/bin/uvscan
要是有这样的信息说明已经找到杀毒软件
病毒更新脚本
需要wget支持
先安装wget
hawk# pkg_add –r wget
安装完毕
hawk# vi /usr/local/libexec/uvscan/update-dat.sh
添加下面的内容
#!/bin/sh
#
# update-dat.sh
#
cd /usr/local/libexec/uvscan/
wget -q -O readme.txt http://download.nai.com/products/datfiles/4.x/nai/readme.txt >;/dev/null
AVVER=`head -11 readme.txt | grep '4[0-9][0-9][0-9]' | head -1 | sed -e 's/^.*\(4[0-9]*\).*$/\1/'`
if [ ! -f dat-$AVVER.tar ]; then
for i in *.tar ; do
mv $i $i.old
done
if wget http://download.nai.com/products/datfiles/4.x/nai/dat-$AVVER.tar >;/dev/null ; then
for i in *.dat ; do
cp -p $i $i.bak
done
if tar xf dat-$AVVER.tar ; then
rm -f *.old
echo `date` Successfully updated AntiVirus DAT files to $AVVER
fi
fi
fi
然后放入crontab 定时自动运行就可以自动更新病毒文件了。
草草写好
感谢CHINAUNIX的朋友帮忙 |
|
免费注册
发表于 2004-03-03 11:56
