Linux下Mail 實驗彙總

                          Linux下Mail  實驗彙總

                                                     作者：edwin

系統：rhel5.4

所需軟件包：extmail-1[1][1].2.tar.gz extman-1[1][1].1.tar.gz File-Tail-0.99.3.tar.gz fp-Linux-i686-ws.tar.gz MailScanner-4.69.9-3.rpm.tar.gz phpMyAdmin-2.11.3-all-languages.tar.bz2 postfix-2.7-20090828.tar.gz

rrdtool-1.2.30.tar.tar slockd-0.10.tar.gz Time-HiRes-1.9715.tar.gz Unix-Syslog-1.1.tar.gz

簡要說明：爲了提高搭建速度，我們這裏直接用本地yum安裝

本地yum的配置方法如下

a.Mount /dev/cdrom /media

b.Vi /etc/yum.repos.d/rhel-debuginfo.repo

[Server]

name=Red Hat Enterprise Linux $releasever - $basearch - Server

baseurl=file:///media/Server #這裏是你的cdrom路徑

enabled=1  #

gpgcheck=1 #

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

注：centos下原理一樣，標#的地方照這個改 然後 yum clean all 清空yum 緩存庫 這樣本地yum就能用了.

一、  Sendmail的基本配置：

1.  cd /etc/xinetd.d

2.  ls查看有沒有ipop3和imap協議

3.  編輯vi /etc/xinetd.d/ipop3 把裏面的disable=yes改爲disable=no

4.  編輯vi /etc/xined.d/imap 把裏面的disable=yes改爲diable=no

5.  測試一下pop3和imap　telnet localhost 110(pop3郵局協議的端口)　telnet localhost 143(imap端口)

6.  退出的時候都用ctl+]然後回車在輸入quit即可（測試後要記得重啓xinetd服務）

7.  編輯vi /etc/mail/Sendmail.mc把裏面的 dnl TRUST_AUTH_MECH(.........)和dnl define(`confAUTH_MECHANISMS`,.........)前面的dnl去了

8.  在添加兩條DAEMON_OPTIONS(`port=25,name=MTA`)dnl和DAEMON_OPTIONS(`port=587,name=MSA,m=Ea`)dnl

9.  在DAEMON_OPTIONS(`port=smtp,Addr=127.0.0.1,name=smTA`)dnl和DAEMON_OPTIONS(`accept_Unres,Olvale_domains`)dnl前面加上dnl

10. 測試一下MTA telnet localhost 25回車輸入ehlo test回車看見AUTH=..250說明成功退出和上面的一樣

11. 做輸入重定向m4 /etc/mail/Sendmail.mc>/etc/mail/Sendmail.cf

12. 重啓Sendmail服務service Sendmail restart

13. 編輯 vi/etc/mail/access把允許轉發的用戶的IP或域名添加上去比如允許192.168.10.10的計算機通過
 編輯vi /etc/mail/access在裏面加上192.168.10.10         RELAY 或是OK(允許轉發與通過)

14. 編輯vi /etc/mail/local-host-names把郵件服務器使用的域名給添加上去

15.在做DNS的時候要在正向解析上添加一個　IN  MX 5(參數是設優先級的)

16.重起一下Sendmail服務

二、企業郵件設計：

rhel5.4+postfix+mysql+dovecot+extmail  system

1. installing mysql

a. yum install mysql mysql-server  mysql-devel php php-mysql -y

b. service mysqld start

2. postfix upgrade (系統自帶的postfix不支持mysql 因此需要重新編譯加載mysql的支持 這

裏我用的是最新的穩定源碼直接升級系統已有的postfix)

a. yum install postfix -y

b. alternatives set mta /usr/sbin/sendmail.postfix ; service sendmail stop

c. tar zxvf postfix-2.7-20090828.tar.gz –C /mnt

d. cd /mnt/postfix-2.7-20090828/;vi README_FILES/MYSQL_README

找到make -f Makefile.init makefiles /

        'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include' /  #改成/usr/include/mysql

        'AUXLIBS=-L/usr/local/mysql/lib -lmysqlclient -lz -lm'    #改成/usr/lib/mysql

黏貼等待編譯，完成後輸入make upgrade 或者make install

編譯成功後輸入postconf –m  看到mysql證明編譯成功 否則重新編譯

6. modify /etc/postfix/main.cf looks like:

a. myhostname = mail.edwin.com

b. mydomain = edwin.com

c. myorigin = $mydomain

d. inet_interfaces = all

e. mydestination = $myhostname, $mydomain

f. service postfix start

3. support for mysql looks like:

Mkdir /var/www/extsuite 只能建這個文件夾 這樣比較方便配置

Tar zxvf extman-1[1][1].1.tar.gz –C /var/www/extsuite

Tar zxvf extmail-1[1][1].2.tar.gz

Mv extman-1[1][1].1 extman; mv extmail-1[1][1].2 extmail

a. cd /var/www/extsuite/extman/docs

b. cp mysql_virtual_alias_maps.cf mysql_virtual_domains_maps.cf

mysql_virtual_mailbox_maps.cf /etc/postfix (這三個文件是postfix從mysql中查詢數據

用的 在extman中的docs目錄中）

c. vi init.sql

輸入%s/extmail.org/edwin.com 這個命令式用你自己的域名替換掉默認的域名 然後找到extmail 和extman 對應的密碼的md5值替換成明文的123  這樣是爲了方便以後都用明文.

d.給mysql設置密碼

mysqladmin –uroot  password “edwin”  #mysql 的初始密碼是空的 所以可以不加 –p 參數

service mysqld restart

mysql –uroot –pedwin <extmail.sql

mysql –uroot –pedwin <init.sql

useradd -g 600 virtual

e. modify /etc/postfix/main.cf looks like

以下參數可以通過命令postconf –d 看出來

postconf –e virtual_mailbox_base=/home/virtual  #postconf –e 可直接修改main.cf文件 也可手工加

postconf –e virtual_uid_maps=static:600

 postconf –e virtual_gid_maps=static:600

postconf –e virtual_alias_maps=mysql:/etc/postfix/mysql_virtual_alias_maps.cf

postconf –e virtual_mailbox_domains=mysql:/etc/postfix/mysql_virtual_domains_maps.cf

postconf –e virtual_mailbox_maps=mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf

4. support for sasl looks like:

a. postconf –e smtpd_sasl_auth_enable=yes

b. postconf –e smtpd_sasl_security_options=noanonymous

c. postconf –e smtpd_sasl_type=dovecot

d. postconf –e smtpd_sasl_path=private/auth

e. postconf –e “smtpd_recipient_restrictions=permit_sasl_authenticated, permit_tls_clientcerts,permit_mynetworks, reject_unauth_destination”

5. support for tls looks like:

a. cd /etc/pki/tls/certs; ./makedummycert mail.pem

b. postconf –e smtpd_tls_CApath=/etc/pki/tls/certs

c. postconf –e smtpd_tls_cert_file=/etc/pki/tls/certs/mail.pem

d. postconf –e smtpd_tls_key_file=/etc/pki/tls/certs/mail.pem

e. postconf –e smtpd_tls_loglevel=0

f. postconf –e smtpd_tls_received_header=yes

g. postconf –e smtpd_tls_security_level=may

h. postconf –e smtpd_tls_session_cache_database=btree:/var/lib/postfix/smtpd_tls_session_cache.db

i. postconf –e tls_random_source=dev:/dev/urandom

6. configure the dovecot looks like: (對MUA收信的支持)

a. cd /etc/pki/tls/certs; make dovecot.pem; cp dovecot.pem ../../dovecot/certs/; cp dovecot.pem

../../dovecot/private/

b. modify the /etc/dovecot.conf:

protocols = imap imaps pop3 pop3s

ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem

ssl_key_file = /etc/pki/dovecot/private/dovecot.pem

mail_location = maildir:/home/virtual/%d/%n/Maildir

first_valid_uid = 600

auth default {

mechanisms = plain login digestmd5

crammd5

ntlm rpa gssapi

passdb sql {

args = /etc/dovecotsql.

conf

}

userdb sql {

args = /etc/dovecotsql.

conf

}

user = nobody

socket listen {

client {

path = /var/spool/postfix/private/auth

mode = 0660

user = postfix

group = postfix

}

}

}

c. modify the /etc/dovecotsql.

conf: (收信是要對用戶進行驗證 下面的配置是讓dovecot 從

mysql中查詢相應的數據)

cp /usr/share/doc/dovecot1.0/examples/dovecotsql.conf  /etc;vi /etc/ dovecotsql.conf

driver = mysql

connect = host=localhost dbname=extmail user=extmail password=extmail

default_pass_scheme = PLAIN

password_query = SELECT username as user, password FROM mailbox WHERE username

= '%u'

user_query = SELECT maildir, 500 AS uid, 500 AS gid FROM mailbox WHERE username =

'%u'

7. installing extmail and extman (http://www.extmail.org/cgibin/download.cgi)

a. cd extmail; cp webmail.cf.default webmail.cf

b. modify webmail.cf looks like:

SYS_MAILDIR_BASE = /home/virtual

SYS_CRYPT_TYPE = plain

SYS_MYSQL_USER = extmail

SYS_MYSQL_PASS = extmail

c.cd ../extman ; modify webman.cf looks like:

SYS_MAILDIR_BASE = /home/virtual

SYS_CAPTCHA_LEN = 4

SYS_CRYPT_TYPE = plain

8. mkdir /tmp/extman; chown virtual /tmp/extman

9. configure httpd add following lines:

a. NameVirtualHost *:80

b. <VirtualHost *:80>

ServerName extmail.example.com

DocumentRoot /var/www/extsuite/extmail/html/

ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi

ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi

Alias /extman /var/www/extsuite/extman/html

Alias /extmail /var/www/extsuite/extmail/html

SuexecUserGroup virtual virtual

</VirtualHost>

10. rpm -ivh perlGD2.351. el5.rf.i386.rpm #如果不知道裝那個包就 yum install perl* 就行了

11. tar zxf TimeHiRes1.9715.tar.gz

a. cd TimeHiRes1.9715

b. perl Makefile.PL && make && make test && make install  #perl 編譯

12. tar zxf FileTail0.99.3.tar.gz

a. cd FileTail0.99.3

b. perl Makefile.PL && make && make test && make install

13. yum install libart_lgpl libart_lgpl-devel freetype freetype-devel tcl tcl-devel libpng libpng-devel python python-devel ruby ruby-devel -y

14. tar zxf rrdtool1.2.26.tar.gz

a. cd rrdtool1.2.26

b. ./configure –prefix=/usr/local/rrdtool

c. make && make install

d. ln -s /usr/local/rrdtool/lib/perl/5.8.8/RRDp.pm /usr/lib/perl5/5.8.8/

e. ln -s /usr/local/rrdtool/lib/perl/5.8.8/i386linuxthreadmulti/RRDs.pm /usr/lib/perl5/5.8.8/

f. ln -s /usr/local/rrdtool/lib/perl/5.8.8/i386linuxthreadmulti/auto/RRDs/RRDs.so/usr/lib/perl5/5.8.8/i386linuxthreadmulti/

15. cd /var/www/extsuite/extman/addon

16. cp rmailgraph_ext/ /usr/local/

17. /usr/local/mailgraph_ext/mailgraphinit start

18. /usr/local/mailgraph_ext/qmonitorinit start

9. ok! you can test via firefox!

Installing antivirus antispam for postfix

1. Install Spamassassin

a) yum install spamassassin -y

b) wget –N –P /usr/share/spamassassin www.ccert.edu.cn/spam/sa/Chinese_rules.cf

c) Service spamassassin start

2. Install Fprot

a) Wget http://files.f-prot.com/files/linuxx86/fplinuws.rpm

b) rpm –ivh fplinuxws.rpm

c) /usr/local/f-prot/tools/checkupdates.pl ( edit crontab if you want it to auto update)

3. Install MailScanner

a) Download from http://www.mailscanner.info/downloads.html

b) tar zxvf MailScanner4.69.93.rpm.tar.gz

c) cd MailScanner

d) ./install.sh

e) mkdir /var/spool/MailScanner/spamassassin; chown postfix.postfix /var/spool/MailScanner/*

f) vi /etc/MailScanner/MailScanner.conf (change follow lines, like so)

Run As User = postfix

Run As Group = postfix

Incoming Queue Dir = /var/spool/postfix/hold

Outgoing Queue Dir = /var/spool/postfix/incoming

MTA = postfix

Virus Scanners = f-prot

Always Include Spamassassin report = yes

Use Spamassassin = yes

SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin

g) echo /^Received:/ HOLD >>/etc/postfix/header_checks

postmap /etc/postfix/header_checks (make sure uncomment header_checks in /etc/postfix/main.cf)

h) postfix stop; chkconfig postfix off

i) service MailScanner start

j) chkconfig MailScanner on

4. Virus test

a) Download “eicar.com” from http://www.eicar.org/anti_virus_test_file.htm

b) mail test include “eicar.com”.# 這裏就可以過濾掉病毒eicar.com

Mail 服務擴展

ADDITIONAL SECTION:

1. 加強貝式分析廣告信件需要安裝密碼學演算和特徵比對的 Razor Pyzor Dcc

1. Install Razor and Razoragent

Download razor from: http://razor.sourceforge.net/

tar jxvf razoragentssdk2.07.tar.bz2

cd razoragentssdk2.07

perl Makefile.PL && make && make install

tar jxvf razoragents2.84.tar.bz2

cd razoragents2.84

perl Makefile.PL && make && make install

razoradmin

register

user=

[email protected] pass=

test

2. Install Pyzor

wget http://jaist.dl.sourceforge.net/sourceforge/pyzor/pyzor0.4.0.tar.bz2

tar jxvf pyzor0.4.0.tar.bz2

cd pyzor0.4.0

python setup.py build && python setup.py install

chmod -R a+rX /usr/share/doc/pyzor /usr/lib/python2.4/sitepackages/pyzor /usr/bin/pyzor /usr/bin/pyzord

3. Install DCC

wget http://www.rhyolite.com/antispam/dcc/source/dcc.tar.Z

tar zxvf dcc.tar.Z

cd dcc1.3.90

./configure && make && make install

好了，一個完整的企業郵件系統就結束了，你在客戶端可以通過http：//mail.edwin.com來看到效果

對了phpmyadmin可以這樣使用

Tar jxvf phpMyAdmin-2.11.3-all-languages.tar.bz2 –C /var/www/extsuite/extmail/html/

Cd /var/www/extsuite/extmail/html/ ；mv phpMyAdmin-2.11.3-all-languages phpadmin

然後你輸入

http：//mail.edwin.com/phpadmin就可以用網頁直接管理您的mysql了，當然這只是在公網的情況下，自己配置的話要用dns的，這裏就不做詳解，下來再寫吧。

                                                                               Edwin

2010.10.28