作者:阳光
时间:2009-09-03
QQ:537589532
MSN:[email protected]
注:本文章主要修改的部分是反垃圾,反病毒部分
viewtopic.php?f=54&t=209753
viewtopic.php?f=54&t=184827
viewtopic.php?f=54&t=208786
上面网站也为本人写的邮件服务器的搭建,供大家参考,如有更好的建议,望大家多跟贴。
软件环境:
操作系统(OS) ubuntu9.04 开源系统
邮件传输代理(MTA) Postfix 使用最新版本2.5.1
数据库/目录服务 MySQL 可选openLDAP或NetScape LDAP,本文以MySQL为蓝本
邮件投递代理(MDA) maildrop 支持过滤和强大功能
Web帐户管理后台 ExtMan 支持无限域名、无限用户
POP3 服务器 Courier-IMAP 只使用pop3部分,对于大部分企业而言完全足够
WebMail 系统 ExtMail 支持多语言、全部模板化,功能基本齐全
防病毒软件 Anti-Virus ClamAV 最热门的开源杀毒软件
SMTP阶段反垃圾邮件工具 Spam Locker 基于SMTP行为识别的Antispam软件,大量可选插件
内容级别的反垃圾邮件工具 dspam 速度快,自举学习垃圾邮件,能达到百分这九十九
SMTP认证库 Cyrus SASL 标准的SASL实现库,可以支持Courier authlib
其他数据认证库 Courier Authlib authlib是maildrop, courier-imap等服务的关键部件
日志分析及显示 mailgraph_ext 在ExtMan中已经包含了
以上的软件到ubuntu源上大部分的都找得到 extmail,extman,spam loocker可以到http://www.extmail.org/cgi-bin/download.cgi去下载最近的版本
好了垃圾话不多说了,现在我们开始我们的试验了:
首先我们把系统装好,我的主机名为mail.extmail.org,装上中文语言,升级系统,使用root权限登录到系统.
我们要装“LAMP” 注:apache2,php5,mysql,phpmyadmin
打开终端,执行
代码: 全选
sudo tasksel
代码: 全选
sudo apt-get install phpmyadmin
前面一步,我装了“openssh server”远程管理服务。我配置了“基于RSA key登陆”,这样更安全点。
代码: 全选
sudo ssh-keygen -t rsa
生成公有/私有RSA密匙对。
进入保证密匙的文件(/home/b/.ssh/id_rsa):
进入passphrase(empty for no passphrase):
再次进入同一passphrase:
你的验证文件保存在/home/b/.ssh/id_rsa.
你的公有密匙保存在 /home/b/.ssh/id_rsa.pub.
接下来修改apache2的配置文件。
代码: 全选
sudo gedit /etc/apache2/apache2.conf
代码: 全选
AddType application/x-httpd-php .php .htm .html
AddDefaultCharset UTF-8
ServerName 127.0.0.1
<IfModule dir_module>
DirectoryIndex index.htm index.html index.php
</IfModule>
代码: 全选
/etc/init.d/apache2 restart
/etc/init.d/mysql restart
代码: 全选
cd /opt/ZendOptimizer-3.3.3-linux-glibc23-i386
./install
代码: 全选
<?php
echo phpinfo();
?>
上面工作做完后,接下来我们来安装postfix courier sasl等:
代码: 全选
apt-get install postfix postfix-mysql postfix-pcre postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql libapache2-mod-auth-pam openssl phpmyadmin apache2 libapache2-mod-fastcgi libfcgi-perl libapache2-mod-php5 php5 php5-mysql build-essential libtool libnet-server-perl libnet-cidr-perl libberkeleydb-perl arc zoo lzop liblzo1 libstdc++5 libgd-gd2-perl libfile-tail-perl libdigest-sha1-perl libdigest-HMAC-perl libnet-ip-perl libnet-dns-perl libhtml-tagset-perl libhtml-parser-perl libio-stringy-perl libio-multiplex-perl libio-socket-ssl-perl libio-zlib-perl libnet-ssleay-perl libunix-syslog-perl libtimedate-perl libmailtools-perl libconvert-binhex-perl libconvert-tnef-perl libconvert-uulib-perl libcompress-zlib-perl libarchive-zip-perl perl-suid apache2-suexec
Create directories for web-based administration? <-- No
General type of mail configuration: <-- Internet Site
System mail name: <-- mail.extmail.org
以上做完以后请执行:
代码: 全选
a2enmod suexec //打开apache2 suexec支持
a2enmod fastcgi //打开apache2 fastcgi支持
sudo /etc/init.d/apache2 restart
我用的是ExtMail 1.1.0.tar.gz和ExtMan 1.0.0.tar.gz
代码: 全选
tar zxvf extmail-1.1.0.tar.gz
tar zxvf extman-1.0.0.tar.gz
mkdir /var/www/extsuite
mv extmail-1.1.0 /var/www/extsuite/extmail
mv extman-1.0.0 /var/www/extsuite/extman
cp /var/www/extsuite/extman/docs/mysql_virtual_*.cf /etc/postfix/
代码: 全选
chmod o= /etc/postfix/mysql_virtual_*.cf
chgrp postfix /etc/postfix/mysql_virtual_*.cf
mkdir /var/www/extsuite/extmail/tmp
mkdir /var/www/extsuite/extman/tmp
chown -R vmail:vmail /var/www/extsuite/extmail/tmp
chown -R vmail:vmail /var/www/extsuite/extman/tmp
chown -R vmail:vmail /var/www/extsuite/extman/tools
chown -R vmail:vmail /var/www/extsuite/extmail/cgi/
chown -R vmail:vmail /var/www/extsuite/extman/cgi/
新建一个用户vmail组为vmail uid和gid为1000,不允放登录。用户下用来存放所有的用户的邮件
代码: 全选
groupadd -g 1000 vmail
useradd -m -g vmail -u 1000 -d /home/vmail -s /bin/bash vmail
注:如果打算使用默认用户vuser修改uid和gid 由于程序中默认使用的为vuser:vgroup,其uid:gid为1000:1000。而当前采用了一个新建用户vmail,所以需修改程序中的所有相关参数,具体操作如下:
代码: 全选
cd /var/www/extsuite/extmail/
cp webmail.cf.default webmail.cf
gedit webmail.cf
以下为修改部份:
代码: 全选
SYS_SPAM_REPORT_ON = 1
SYS_SPAM_REPORT_TYPE = dspam
SYS_SESS_DIR = /var/www/extsuite/extmail/tmp
SYS_UPLOAD_TMPDIR = /var/www/extsuite/extmail/tmp
SYS_MESSAGE_SIZE_LIMIT = 102400000
SYS_MAILDIR_BASE = /home/vmail
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
SYS_MYSQL_DB = extmail
SYS_MYSQL_HOST = localhost
SYS_MYSQL_SOCKET = /var/run/mysqld/mysqld.sock
SYS_AUTHLIB_SOCKET = /var/run/courier/authdaemon/socket
代码: 全选
gedit ../extman/webman.cf
代码: 全选
SYS_MAILDIR_BASE = /home/vmail
SYS_SESS_DIR = /var/www/extsuite/extman/tmp
SYS_MYSQL_USER = webman
SYS_MYSQL_PASS = webman
SYS_MYSQL_DB = extmail
SYS_MYSQL_HOST = localhost
SYS_MYSQL_SOCKET = /var/run/mysqld/mysqld.sock
SYS_GROUPMAIL_SENDER = [email protected]
请依顺做如下修改
代码: 全选
gedit dispatch-init
SU_UID=vmail
SU_GID=vmail
代码: 全选
gedit dispatch_lig.sh
BASE=/var/www/extsuite/extmail
$BASE/tools/suid-with -u vmail -g vmail /usr/bin/perl $BASE/dispatch.fcgi
代码: 全选
cd ../extman/
代码: 全选
gedit tools/setid.pl
set_gid('vmail');
set_uid('vmail');
代码: 全选
gedit tools/adminctl.pl
--setgid=vmail
--setuid=vmail
代码: 全选
gedit tools/userctl.pl
--setgid=vmail
--setuid=vmail
代码: 全选
gedit tools/aliasctl.pl
--setgid=vmail
--setuid=vmail
代码: 全选
gedit tools/domainctl.pl
--setgid=vmail
--setuid=vmail
代码: 全选
gedit contrib/passwd2ext.pl
my $sock = '/var/run/mysqld/mysqld.sock';
my $uid = '1000';
my $gid = '1000';
代码: 全选
gedit libs/Ext/Mgr/LDAP.pm
uidNumber => $opt{uidnumber} || '1000', //349行
gidNumber => $opt{gidnumber} || '1000', //350行
︰
uidNumber => $opt{uidnumber} || '1000', //541行
gidNumber => $opt{gidnumber} || '1000', //542行
代码: 全选
gedit docs/init.ldif
uidNumber: 1000
gidNumber: 1000
代码: 全选
gedit /var/www/extsuite/extman/docs/init.sql
修改18行中的uid和gid
INSERT INTO `mailbox` VALUES ('[email protected]','postmaster','$1$phz1mRrj$3ok6BjeaoJYWDBsEPZb5C0','','PostMaster','','extmail.org/postmaster/Maildir/','extmail.org/postmaster','104857600S','52428800S','extmail.org',1000,1000,'2007-02-14 15:10:04','2010-11-08',1,0,0,0,0,0,0,0,'my question', 'my answer');
代码: 全选
gedit /var/www/extsuite/extman/docs/extmail.sql
修改uid和gid
CREATE TABLE mailbox (
︰
︰
129行 uidnumber int(6) NOT NULL default '1000',
130行 gidnumber int(6) NOT NULL default '1000',
︰)
数据库初始化
执行以下命令导入mysql数据库结构及初始化数据,注意必须逐行输入以下命令.
代码: 全选
mysql -u root -p < /var/www/extsuite/extman/docs/extmail.sql
mysql -u root -p < /var/www/extsuite/extman/docs/init.sql
代码: 全选
cd /var/www/extsuite/extman/tools
./maildirmake.pl /home/vmail/extmail.org/postmaster/Maildir
chown -R vmail:vmail /home/vmail/extmail.org/
修改/etc/postfix/mysql_virtual_*.cf,将其中的localhost均改为127.0.0.1
代码: 全选
cd /etc/postfix/
cp main.cf main.cf_backup
gedit main.cf
代码: 全选
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
debug_peer_level = 2
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
######hostname#######
mydomain = extmail.org
myhostname = mail.$mydomain
myorigin = $mydomain
mydestination = mail.$mydomain, localhost.$mydomain, localhost
mynetworks = 127.0.0.1
#### banner ######
mail_name = Ubuntu9.04 (Postfix)
smtpd_banner = $myhostname ESMTP $mail_name
#####response immediately########
smtpd_error_sleep_time = 0s
unknown_local_recipient_reject_code = 550
##### Message and return code control#######
message_size_limit = 102400000
mailbox_size_limit = 102400000
show_user_unknown_table_name = no
#### Queue lifetime control #####
bounce_queue_lifetime = 1d
maximal_queue_lifetime = 1d
######### virtual config############
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_limit_maps.cf
virtual_mailbox_base = /home/vmail
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_overquota_bounce = yes
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the your Maildir has overdrawn your diskspace quota, please free up some of spaces of your mailbox try again.
### TLS configuration ########
smtpd_use_tls = yes
smtpd_tls_auth_only = no
smtp_tls_CAfile = /etc/postfix/tls/smtpd.pem
smtp_tls_cert_file = /etc/postfix/tls/smtpd.pem
smtp_tls_key_file = /etc/postfix/tls/smtpd.pem
smtpd_tls_CAfile = /etc/postfix/tls/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/tls/smtpd.pem
smtpd_tls_key_file = /etc/postfix/tls/smtpd.pem
smtpd_tls_received_header = yes
smtpd_tls_loglevel = 0
smtpd_starttls_timeout = 60s
代码: 全选
mkdir /etc/postfix/tls
cd /etc/postfix/tls
openssl req -new -outform PEM -out smtpd.pem -newkey rsa:2048 -nodes -keyout smtpd.pem -keyform PEM -days 365 -x509
Country Name (2 letter code) [AU]: //国家
State or Province Name (full name) [Some-State]: //省
Locality Name (eg, city) []: //城市
Organization Name (eg, company) [Internet Widgits Pty Ltd]: //组织名称
Organizational Unit Name (eg, section) []: 组织单位名称
Common Name (eg, YOUR name) []: 通用名称
Email Address []: 邮件地址
更改smtpd.key权限
代码: 全选
chmod o= /etc/postfix/tls/smtpd.pem
代码: 全选
gedit /etc/postfix/master.cf
代码: 全选
# Other configure
#
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
代码: 全选
/etc/init.d/postfix restart
接下来是Apache2配置:
我们可以新建一个站点,如果你的服务器,只是做邮件服务器,你可以直接修改默认的配置文件,不过修改前,还是要备份一下
代码: 全选
cp /etc/apache2/sites-enabled/000-default /etc/apache2/sites-enabled/000-default_backup
gedit /etc/apache2/sites-enabled/000-default
代码: 全选
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi/ /var/www/extsuite/extmail/cgi/
Alias /extmail /var/www/extsuite/extmail/html/
ScriptAlias /extman/cgi/ /var/www/extsuite/extman/cgi/
Alias /extman /var/www/extsuite/extman/html/
Alias /phpmyadmin /usr/share/phpmyadmin/
ErrorLog /var/log/apache2/extmail-error.log
CustomLog /var/log/apache2/extmail-access.log combined
# Suexec config
SuexecUserGroup vmail vmail
</VirtualHost>
我到sites-available下新建了一个extmail的文件件,里面的代码是这样(参考)
代码: 全选
<VirtualHost *:80>
ServerName mail.extmail.org
ServerAdmin [email protected]
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi/ /var/www/extsuite/extmail/cgi/
Alias /extmail /var/www/extsuite/extmail/html/
ScriptAlias /extman/cgi/ /var/www/extsuite/extman/cgi/
Alias /extman /var/www/extsuite/extman/html/
Alias /phpmyadmin /usr/share/phpmyadmin/
ErrorLog /var/log/apache2/extmail-error.log
CustomLog /var/log/apache2/extmail-access.log combined
# Suexec config
SuexecUserGroup vmail vmail
</VirtualHost>
代码: 全选
MAXFORK=10
代码: 全选
/var/www/extsuite/extmail/dispatch-init start
代码: 全选
echo "/var/www/extsuite/extmail/dispatch-init start" >> /etc/rc.local
/etc/init.d/apache2 restart
http://localhost/extman/cgi/index.cgi 或者是 http://yourdomain/extman/cgi/index.cgi
后台用户名:[email protected] 密码:extmail*123*
前台用户名:[email protected] 密码:extmail
现在我们来做SMTP认证
1.更改saslauthd
代码: 全选
gedit /etc/default/saslauthd
代码: 全选
START=yes 设置开机自动启动
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
内容如下:
代码: 全选
auth required pam_mysql.so user=extmail passwd=extmail host=127.0.0.1 db=extmail table=mailbox usercolumn=username passwdcolumn=password crypt=1
account sufficient pam_mysql.so user=extmail passwd=extmail host=127.0.0.1 db=extmail table=mailbox usercolumn=username passwdcolumn=password crypt=1
3.由于postfix处于chroot,要想调用到saslauthd 必须更改socket文件
代码: 全选
mkdir -p /var/spool/postfix/var/run/saslauthd
gedit /etc/postfix/sasl/smtpd.conf
代码: 全选
pwcheck_method:saslauthd
mech_list:plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: extmail
sql_password: extmail
sql_database: extmail
log_level:7
sql_select: SELECT password FROM mailbox WHERE username='%u@%r' and domain='%r'
代码: 全选
gedit /etc/postfix/main.cf
代码: 全选
###########SMTP AUTH config###############
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
###########smtpd related config############
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_sender_login_mismatch, reject_unknown_sender_domain, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, check_recipient_maps
添加用户
代码: 全选
adduser postfix sasl
代码: 全选
/etc/init.d/postfix restart
/etc/init.d/saslauthd restart
telnet localhost 25
ehlo localhost
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
出现这两项表示 sasl 配置成功
然后继续操作
auth login
334 VXNlcm5hbWU6
cG9zdG1hc3RlckBleHRtYWlsLm9yZw==
334 UGFzc3dvcmQ6
ZXh0bWFpbA==
235 2.0.0 Authentication successful
quit
221 2.0.0 Bye
如果出现Authentication successful 表示没有问题了
POP验证
代码: 全选
gedit /etc/courier/authdaemonrc
代码: 全选
authmodulelist="authmysql"
代码: 全选
cp /etc/courier/authmysqlrc /etc/courier/authmysqlrc_orig
cat /dev/null > /etc/courier/authmysqlrc
gedit /etc/courier/authmysqlrc
代码: 全选
MYSQL_SERVER 127.0.0.1
MYSQL_USERNAME extmail
MYSQL_PASSWORD extmail
MYSQL_SOCKET /var/run/mysqld/mysqld.sock
MYSQL_PORT 3306
MYSQL_OPT 0
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD uidnumber
MYSQL_GID_FIELD gidnumber
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD homedir
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD maildir
MYSQL_QUOTA_FIELD quota
MYSQL_SELECT_CLAUSE SELECT username,password,"",uidnumber,gidnumber,\
CONCAT('/home/vmail/',homedir), \
CONCAT('/home/vmail/',maildir), \
quota, \
name, \
CONCAT("disablesmtpd=",disablesmtpd, \
",disablesmtp=",disablesmtp, \
",disablewebmail=",disablewebmail, \
",disablenetdisk=",disablenetdisk, \
",disableimap=",disableimap, \
",disablepop3=",disablepop3, \
",netdiskquota=",netdiskquota) \
FROM mailbox \
WHERE username = '$(local_part)@$(domain)'
编辑/etc/courier/pop3d修改下面参数
代码: 全选
MAILDIRPATH=/home/vmail/
编辑/etc/courier/imapd修改下面参数
代码: 全选
MAILDIRPATH=/home/vmail/
代码: 全选
/etc/init.d/courier-authdaemon restart
/etc/init.d/courier-imap restart
/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop restart
/etc/init.d/courier-pop-ssl restart
代码: 全选
authtest -s login [email protected] extmail
Authentication succeeded.
Authenticated: [email protected] (uid 1000, gid 1000)
Home Directory: /home/vmail/extmail.org/postmaster
Maildir: /home/vmail/extmail.org/postmaster/Maildir/
Quota: 104857600S
Encrypted Password: $1$phz1mRrj$3ok6BjeaoJYWDBsEPZb5C0
Cleartext Password: extmail
Options:disablesmtpd=0,disablesmtp=0,disablewebmail=0,disablenetdisk=0,disableimap=0,disablepop3=0,netdiskquota=52428800S
如果出现error请检查数据库连接,分析mail.log。 一般都是input/output
Tips: chown daemon:vmail /var/run/courier/authdaemon 可能避免错误
测试pop3
telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK Hello there.
user [email protected]
+OK Password required.
pass extmail
+OK logged in.
list
+OK POP3 clients that break here, they violate STD53.
.
quit
+OK Bye-bye.
Connection closed by foreign host.
如果出现问题请仔细分析日志
MDA配置
概念:MDA mail deliver agent其实就是邮件投递代理,postfix本身有很多邮件投递代理,由于我们的环境虚拟域所以可以使用postfix自己的virtual 这个代理,但是它必须创建一个用户来执行投递操作,main.cf中有记录象这样:
代码: 全选
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000
virtual_transport = virtual
安装Maildrop
代码: 全选
apt-get install maildrop
代码: 全选
gedit /etc/maildropmysql.config
代码: 全选
hostname 127.0.0.1
port 3306
database extmail
dbuser extmail
dbpw extmail
dbtable mailbox
default_uidnumber 1000
default_gidnumber 1000
uidnumber_field uidnumber
gidnumber_field gidnumber
uid_field username
homedirectory_field concat('/home/vmail/',homedir,'/')
maildir_field concat('/home/vmail/',maildir)
quota_field quota
mailstatus_field active
代码: 全选
gedit /etc/maildroprc
代码: 全选
logfile "/var/log/maildrop.log"
代码: 全选
gedit /var/log/maildrop.log
chown vmail:vmail /var/log/maildrop.log
chmod 766 /var/log/maildrop.log
内容为下面:
代码: 全选
/var/log/maildrop.log {
daily
notifempty
missingok
rotate 5
compress
create 766 vmail vmail
sharedscripts
}
代码: 全选
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=maildrop -w 90 -d ${user}@${nexthop} ${recipient} ${user} ${extension} {nexthop}
代码: 全选
###### Maildrop config ########
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 2
virtual_transport = maildrop:
代码: 全选
X-Comment: Rename/Copy this file to quotawarnmsg, and make appropriate changes
X-Comment: See deliverquota man page for more information
From: Mail Delivery System <[email protected]>
Reply-To: [email protected]
To: Valued Customer:;
Subject: Mail quota warning
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Your mailbox on the server is now more than 90% full. So that you can continue
to receive mail you need to remove some messages from your mailbox.
代码: 全选
apt-get install mailgraph
cp -r /var/www/extsuite/extman/addon/mailgraph_ext/ /usr/local/mailgraph_ext
代码: 全选
MAIL_LOG=/var/log/mail.log
代码: 全选
cp /var/www/extsuite/extman/addon/mailgraph_ext/mailgraph-init /etc/init.d/mailgraph
update-rc.d mailgraph start 20 2 3 4 5 . stop 20 0 1 6 .
cp /var/www/extsuite/extman/addon/mailgraph_ext/qmonitor-init /etc/init.d/qmonitor
update-rc.d qmonitor start 20 2 3 4 5 . stop 20 0 1 6 .
代码: 全选
/usr/local/mailgraph_ext/mailgraph-init start
代码: 全选
/etc/init.d/mailgraph start
/etc/init.d/qmonitor start
代码: 全选
chmod 755 /var/run/courier/authdaemon
在/etc/rc.local下把这个加了上去
代码: 全选
chmod 755 /var/run/courier/authdaemon
到此,本系统基本上是安装完毕了。
下面我们来学习,反垃圾邮件,和反病毒
我使用的为clamav+dspam+slockd
代码: 全选
sudo apt-get install clamav clamav-daemon clamtk libnet-dns-perl libmail-spf-query-perl libnet-ph-perl libnet-snpp-perl libnet-telnet-perl pyzor razor arj bzip2 cabextract cpio file gzip lha nomarch pax rar unrar unzip zip zoo lzop arc lzop
代码: 全选
dpkg-reconfigure clamav-base
我们来更新clamav,执行:
代码: 全选
sudo freshclam
代码: 全选
/etc/init.d/clamav-daemon restart
/etc/init.d/clamav-freshclam restart
代码: 全选
0 3 * * * root /usr/bin/freshclam --quiet -l /var/log/clamav/clamav.log ##每天3点升级
代码: 全选
apt-get install dspam libdspam7-drv-mysql libdspam7
root密码:最后删除数据库时要用道
输入“libdspam7-drv-my”的密码:
确认密码
接下来,我们修改/etc/dspam/dspam.conf
以下为需要修改的部分:
代码: 全选
StorageDriver /usr/lib/dspam/libmysql_drv.so
TrustedDeliveryAgent "/usr/sbin/sendmail"
DeliveryHost 127.0.0.1
DeliveryPort 10025
DeliveryIdent dspam
DeliveryProto SMTP
Preference "signatureLocation=headers"
Preference "spamSubject=SPAM"
Opt out
TrackSources spam
ClamAVPort 3310
ClamAVHost 127.0.0.1
ClamAVResponse dspam
ServerMode auto
ServerPass.Relay1 "secret"
ServerParameters "--deliver=innocent -d %u"
ServerDomainSocketPath "/var/run/dspam/dspam.sock"
代码: 全选
gedit /etc/dspam/dspam.d/mysql.conf
代码: 全选
MySQLServer /var/run/mysqld/mysqld.sock
MySQLUser libdspam7-drv-my
MySQLPass root
MySQLDb libdspam7drvmysql
MySQLCompress true
MySQLConnectionCache 20
MySQLUIDInSignature on
代码: 全选
START=yes
代码: 全选
/etc/init.d/dspam restart
代码: 全选
crontab -e
代码: 全选
0 0 * * * /usr/bin/mysql -u libdspam7-drv-my -p'root' libdspam7drvmysql < /usr/share/doc/libdspam7-drv-mysql/purge-4.1.sql
0 0 * * * /usr/bin/dspam_logrotate -a 30 -d /var/spool/dspam/data
代码: 全选
gedit /etc/postfix/dspam_filter_access
代码: 全选
/^(spam|ham)@.*$/ OK
/./ FILTER dspam:dspam
代码: 全选
chown root.postfix /etc/postfix/dspam_filter_access
代码: 全选
gedit /etc/aliases
代码: 全选
ham: [email protected]
spam: [email protected]
代码: 全选
postalias /etc/aliases
代码: 全选
gedit /etc/postfix/transports
代码: 全选
spam.spam dspam-retrain:spam
ham.ham dspam-retrain:innocent
代码: 全选
postmap /etc/postfix/transports
gedit /etc/postfix/dspam_check_aliases
代码: 全选
/^.*(spam|ham)@.*$/ REJECT
代码: 全选
postmap /etc/postfix/dspam_check_aliases
代码: 全选
gedit /etc/postfix/main.cf
代码: 全选
###########smtpd related config############
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_sender_login_mismatch, reject_unknown_sender_domain, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, check_recipient_maps
代码: 全选
###########smtpd related config############
smtpd_client_restrictions = check_client_access pcre:/etc/postfix/dspam_filter_access
dspam_destination_recipient_limit = 1
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_sender_login_mismatch, reject_unknown_sender_domain, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, reject_unauth_destination, check_recipient_access pcre:/etc/postfix/dspam_check_aliases, check_sender_access pcre:/etc/postfix/dspam_check_aliases
transport_maps = hash:/etc/postfix/transports
请将那例代码全部考到,文件的最后面:
代码: 全选
dspam unix - n n - - pipe
flags=Ru user=dspam argv=/usr/bin/dspam --client --deliver=innocent,spam --user ${recipient} --mail-from=${sender}
dspam-retrain unix - n n - - pipe
flags=Rhq user=dspam argv=/usr/bin/dspam --client --mode=teft --class=$nexthop --source=error --user dspam
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
代码: 全选
cd /opt
wget http://spamassassin.apache.org/publiccorpus/20050311_spam_2.tar.bz2
wget http://spamassassin.apache.org/publiccorpus/20030228_easy_ham_2.tar.bz2
代码: 全选
tar xvfj 20050311_spam_2.tar.bz2
tar xvfj 20030228_easy_ham_2.tar.bz2
代码: 全选
dspam_train test spam_2/ easy_ham_2/
代码: 全选
TRAINING COMPLETE
Training Snapshot:
dspam
TP: 1314 TN: 1401 FP: 0 FN: 83 SC: 8 NC: 0
SHR: 94.06% HSR: 0.00% OCA: 97.03%
Overall Statistics:
dspam
TP: 1314 TN: 1401 FP: 0 FN: 83 SC: 8 NC: 0
SHR: 94.06% HSR: 0.00% OCA: 97.03%
代码: 全选
/etc/init.d/dspam restart
代码: 全选
dspam 9133 0.0 0.2 6928 1252 ? S 09:21 0:00 /usr/bin/dspam --daemon
root 12988 0.0 0.1 3560 780 pts/1 D+ 11:03 0:00 grep dspam
里面的内容应该为这样:
代码: 全选
# Decoder for high quality key word filtering
# Author: hzqbbc <[email protected]> - ExtMail Dev Team
DECODER="/var/www/extsuite/extmail/tools/decode -v"
if ((/^(From|Sender|Return-Path):.*MAILER\-DAEMON/))
{
BADSENDER=1
}
# Auto deliver to Junk mailbox support if there is no custom
# mailfilter, need test command and correct PATH env
`test -f $HOME/.mailfilter && exit 1 || exit 0`
# No customize filtering rules
if ( $RETURNCODE == 0 )
{
if (/^X-Spam-Flag:.*YES/ || /^X-DSPAM-Result:.*Spam/)
{
exception {
to "$HOME/Maildir/.Junk/."
}
}
}
logfile "/var/log/maildrop.log"
代码: 全选
apt-get install dspam-webfrontend
里面的内容看起来像这样
代码: 全选
#
# This is a sample config that
# should be encapsulated into
# a VirtualHost section.
SuexecUserGroup dspam dspam
Addhandler cgi-script .cgi
Options +ExecCGI -Indexes
Alias /dspam /var/www/dspam/
<Directory /var/www/dspam/>
Addhandler cgi-script .cgi
Options +ExecCGI -Indexes
DirectoryIndex dspam.cgi
# Note: you have to add www-data to the 'shadow'
# group to make this work. You whould
# better change for another authentication bakend
AuthPAM_Enabled on
AuthBasicAuthoritative Off
AuthType Basic
AllowOverride None
AuthName "DSPAM Control Center"
AuthUserFile /etc/dspam/webfrontend.htpasswd
Require valid-user
</Directory>
新建一个叫/etc/apache2/sites-available/dspam的文件
文件中的内容为:
代码: 全选
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName dspam.extmail.org
SuexecUserGroup dspam dspam
Addhandler cgi-script .cgi
Options +ExecCGI -Indexes
DocumentRoot /var/www/dspam/
<Directory /var/www/dspam/>
Addhandler cgi-script .cgi
Options +ExecCGI -Indexes
DirectoryIndex dspam.cgi
# Note: you have to add www-data to the 'shadow'
# group to make this work. You whould
# better change for another authentication bakend
AuthPAM_Enabled on
AuthBasicAuthoritative Off
AuthType Basic
AllowOverride None
AuthName "DSPAM Control Center"
AuthUserFile /etc/dspam/webfrontend.htpasswd
Require valid-user
</Directory>
ErrorLog /var/log/apache2/dspam-error.log
CustomLog /var/log/apache2/dspam-access.log combined
</VirtualHost>
代码: 全选
a2ensite dspam
/etc/init.d/apache2 restart
代码: 全选
htpasswd -c /etc/dspam/webfrontend.htpasswd root
确认密码
http://localhost/dspam
http://yourdomain
测试 ClamAV
首先在/etc/clamav/clamav.conf文件中设置支持病毒邮件查杀确认 ScanMail ture ,重新启动clamav程序后,使用邮件客户端连接服务器发送一封带有病毒字符串的信件(包含 EICAR 病毒字符串的文件附件http://www.eicar.org/anti_virus_test_file.htm)。下面字符串用于触发病毒扫描程序在没有附加实际病毒的情况下识别已感染病毒的电子邮件:
代码: 全选
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
# ClamAVResponse: //clamav响应:
# reject (reject or drop the message with a permanent failure) //拒绝通过;拒绝或丢弃此邮件同时作为永久性错误
# accept (accept the message and quietly drop the message) //接收通过;接收并丢弃此邮件
# spam (treat as spam and quarantine/tag/whatever) //判断为垃圾邮件;当做垃圾邮件条件对待,隔离、加标记等
代码: 全选
ClamAVPort 3310
ClamAVHost 127.0.0.1
ClamAVResponse spam
扫描时发现病毒邮件会直接删除,clamav会在日志中记录不反馈其他提示,/var/log/clamav/clamd.log中可以查看到类似记录:
代码: 全选
Mon May 25 18:15:01 2009 -> stream 2015: Eicar-Test-Signature FOUND
代码: 全选
3143: [05/25/2009 18:36:05] Connection to 127.0.0.1:3310 failed: Connection refused
在 ubuntu 上安装 Spam Locker 比较简单了,大部分 perl 包在上面已经安装了。
我们从www.extmail.org下载最新的 slockd-0.99.tar.gz 我们将它解压,并放到/usr/local下面
代码: 全选
tar zxvf slockd-0.99.tar.gz
mv slockd /usr/local/slockd
代码: 全选
setsid 1
log_file /var/log/slockd.log
将 /usr/local/slockd/slockd-init 复制到 /etc/init.d 目录下,然后建立启动关闭服务的链接文件:
代码: 全选
cp /usr/local/slockd/slockd-init /etc/init.d/slockd
update-rc.d slockd start 19 2 3 4 5 . stop 21 0 1 6 .
代码: 全选
/var/log/slockd.log {
daily
notifempty
missingok
rotate 5
compress
create 644 root root
sharedscripts
}
代码: 全选
/etc/init.d/slockd start
代码: 全选
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access pcre:/etc/postfix/dspam_check_aliases, check_sender_access pcre:/etc/postfix/dspam_check_aliases
代码: 全选
check_policy_service inet:127.0.0.1:10030
代码: 全选
/etc/init.d/postfix reload
启动/测试 slockd
在/usr/local/slockd目录下,执行
代码: 全选
./slockd
代码: 全选
tail -f /var/log/slockd.log
代码: 全选
perl policy_sig -h localhost -p 10030 --helo FOOBAR \ --ip 192.168.0.1 --from [email protected] --to [email protected]
代码: 全选
action=504 <FOOBAR>: rejected, see http://bl.extmail.org/cgi/why?fqdn
ps 先看一下 spam lock 的进程还有没有
代码: 全选
ps aux |grep slockd
root 20821 1.9 5.1 48736 19708 ? S 13:19 0:08 gedit /usr/local/slockd/config/whitelist
root 21005 0.0 1.1 7592 4344 ? SNs 13:20 0:00 slockd (master)
root 21007 0.0 1.8 11636 7084 ? SN 13:20 0:00 slockd (idle)
root 21014 0.0 1.8 11612 7068 ? SN 13:20 0:00 slockd (idle)
root 21047 0.0 0.2 3560 820 pts/1 S+ 13:26 0:00 grep slockd
到此所有的工作都己做完,来测试你的邮件系统吧