架构基于Free BSD和Postfix虚拟域邮件系统5.5
Copyright © 2004、2005、2006、2007、2008
本文介绍使用FreeBSD+Postfix+Mysql+cyrus-sasl+Courier-ima+Maildrop+spamassasin+clamav来架构一个具有多域名,有webmail防病毒和垃圾邮件并有web管理界面的邮件系统。实现发邮件数量限制。类似于163的那种,一天只能发多少封邮件。
Jacky, $Revision: 5.5 bate $Date: 2007-12-13
系统主要采用Maildrop + spamassassin + clamav来对病毒过滤和垃圾邮件过滤。
本文在5.3、5.4、5.5、6.0、6.1、6.2上安装测试通过,病毒过滤放弃采用MailScanner。主要采用执行效率更高的Maildrop来对邮件过滤和垃圾邮件过滤,配置更容易,并且降低了系统开消。让系统更加稳定,经过严格病毒邮件测试成功率达到了98%。垃圾邮件过滤基本上达到了85%的成功率。
目 录
1、软件安装
1.1 系统安装
1.2 同步ports
1.3 安装MySQL
1.4 安装Lighttpd
1.5 安装PHP
1.6 安装PHP扩展
1.7 安装PHPmyadmin
1.8 安装Cyrus-sasl2
1.9 安装Postfix
1.10 安装Courier-imap
1.11 安装Maildrop
1.12 安装Spamassassin
1.13 安装clamav
1.14 安装milter-limit
2、配置系统
2.1 配置lighttpd
2.2 配置sasl2
2.3 配置courier-authlib
2.4 配置postfix
2.5 修改配额警告信息
2.6 配置spamassassin
2.7 配置maildroprc规则
2.8 配置milter-limit
2.9 access.db生成脚本
3、Webmail和webadmin安装
3.1 导入数据库
3.2 配置管理工具
3.3 配置webmail
3.4 创建目录
4、启动服务
5、测试邮件系统
5.1测试邮件收发
5.1.1 生成用户base64编码
5.1.2 生成密码base64编码
5.2 测试验证与发送
5.3 测试pop
6、Webmail截图
系统安装
FreeBSD6.2
详见安装手册
http://cnsnap.cn.freebsd.org/doc/zh_CN.GB2312/books/handbook/install.html
同步ports
mail# csup -g -L 2 -h cvsup.tw.freebsd.org /usr/share/examples/cvsup/ports-supfile
安装MySQL
mail# cd /usr/ports/databases/mysql50-server
mail# make install WITH_CHARSET=utf8 WITH_XCHARSET=all BUILD_OPTIMIZED=yes BUILD_STATIC=yes WITH_NDB=yes clean
mail# echo 'mysql_enable="YES"' >> /etc/rc.conf
mail# /usr/local/etc/rc.d/mysql-server start
安装Lighttpd
mail# pw adduser vmail -u 1003 -d /var/empty -s /sbin/nologin
mail# cd /usr/ports/www/lighttpd/
mail# make install clean
Options for lighttpd 1.4.18_1
[X] BZIP2 Enable Bzip2 support
[X] CML Enable Cache Meta Language support
[ ] FAM Enable fam/gamin support
[ ] GDBM Enable gdbm storage support
[ ] IPV6 Enable IPV6 support
[X] MAGNET Enable magnet support
[X] MEMCACHE Enable memcached storage support
[X] MYSQL Enable MYSQL support
[ ] OPENLDAP Enable LDAP support
[X] OPENSSL Enable SSL support
[ ] VALGRIND Enable valgrind support
mail# echo 'lighttpd_enable="YES"' >> /etc/rc.conf
安装PHP
mail# cd /usr/ports/lang/php5
mail# make install clean
Options for php5 5.2.5
[X] CLI Build CLI version
[X] CGI Build CGI version
[ ] APACHE Build Apache module
[ ] DEBUG Enable debug
[X] SUHOSIN Enable Suhosin protection system (not for jails)
[X] MULTIBYTE Enable zend multibyte support
[ ] IPV6 Enable ipv6 support
[X] MAILHEAD Enable mail header patch
[ ] REDIRECT Enable force-cgi-redirect support (CGI only)
[ ] DISCARD Enable discard-path support (CGI only)
[X] FASTCGI Enable fastcgi support (CGI only)
[X] PATHINFO Enable path-info-check support (CGI only)
安装PHP扩展
mail# cd /usr/ports/lang/php5-extensions
mail# make install clean
Options for php5-extensions 1.1
[X] BCMATH bc style precision math functions
[X] BZ2 bzip2 library support
[X] CALENDAR calendar conversion support
[X] CTYPE ctype functions
[X] CURL CURL support
[ ] DBA dba support
[ ] DBASE dBase library support
[X] DOM DOM support
[ ] EXIF EXIF support
[ ] FILEINFO fileinfo support
[X] FILTER input filter support
[ ] FRIBIDI FriBidi support
[X] FTP FTP support
[X] GD GD library support
[ ] GETTEXT gettext library support
[ ] GMP GNU MP support
[X] HASH HASH Message Digest Framework
[X] ICONV iconv support
[X] IMAP IMAP support
[ ] INTERBASE Interbase 6 database support (Firebird)
[X] JSON JavaScript Object Serialization support
[ ] LDAP OpenLDAP support
[X] MBSTRING multibyte string support
[X] MCRYPT Encryption support
[X] MHASH Crypto-hashing support
[ ] MING ming shockwave flash support
[ ] MSSQL MS-SQL database support
[X] MYSQL MySQL database support
[ ] MYSQLI MySQLi database support
[X] NCURSES ncurses support (CLI only)
[ ] ODBC unixODBC support
[ ] OPENSSL OpenSSL support
[X] PCNTL pcntl support (CLI only)
[X] PCRE Perl Compatible Regular Expression support
[ ] PDF PDFlib support (implies GD)
[X] PDO PHP Data Objects Interface (PDO)
[X] PDO_SQLITE PDO sqlite driver
[ ] PGSQL PostgreSQL database support
[X] POSIX POSIX-like functions
[ ] PSPELL pspell support
[ ] READLINE readline support (CLI only)
[ ] RECODE recode support
[X] SESSION session support
[ ] SHMOP shmop support
[X] SIMPLEXML simplexml support
[ ] SNMP SNMP support
[ ] SOAP SOAP support
[ ] SOCKETS sockets support
[X] SPL Standard PHP Library
[X] SQLITE sqlite support
[ ] SYBASE_CT Sybase database support
[ ] SYSVMSG System V message support
[ ] SYSVSEM System V semaphore support
[ ] SYSVSHM System V shared memory support
[ ] TIDY TIDY support
[X] TOKENIZER tokenizer support
[ ] WDDX WDDX support (implies XML)
[X] XML XML support
[X] XMLREADER XMLReader support
[ ] XMLRPC XMLRPC-EPI support
[X] XMLWRITER XMLWriter support
[ ] XSL XSL support (Implies DOM)
[ ] YAZ YAZ support (ANSI/NISO Z39.50)
[X] ZIP ZIP support
[X] ZLIB ZLIB support
安装PHPmyadmin
mail# cd /usr/ports/databases/phpmyadmin
mail# make fetch
mail# cd /usr/ports/distfiles/
mail# tar -zxf phpMyAdmin-2.11.2.2-all-languages.tar.bz2
mail# mv phpMyAdmin-2.11.2.2-all-languages /usr/local/www/data/dbadmin
浏览地址
http://192.168.138.128/dbadmin/
安装Cyrus-sasl2
mail# cd /usr/ports/security/cyrus-sasl2
mail# make install clean
Options for cyrus-sasl 2.1.22
[ ] BDB Use Berkeley DB
[X] MYSQL Use MySQL
[ ] PGSQL Use PostgreSQL
[ ] SQLITE Use SQLite
[ ] DEV_URANDOM Use /dev/urandom
[ ] ALWAYSTRUE Enable the alwaystrue password verifier
[ ] KEEP_DB_OPEN Keep handle to Berkeley DB open
[X] AUTHDAEMOND Enable use of authdaemon
[X] LOGIN Enable LOGIN authentication
[X] PLAIN Enable PLAIN authentication
[X] CRAM Enable CRAM-MD5 authentication
[X] DIGEST Enable DIGEST-MD5 authentication
[ ] OTP Enable OTP authentication
[ ] NTLM Enable NTLM authentication
安装Postfix
mail# cd /usr/ports/mail/postfix
mail# make install clean
Options for postfix 2.4.6,1
[X] PCRE Perl Compatible Regular Expressions
[X] SASL2 Cyrus SASLv2 (Simple Auth. and Sec. Layer)
[ ] DOVECOT Dovecot SASL authentication method
[ ] SASLKRB If your SASL req. Kerberos select this option
[ ] SASLKRB5 If your SASL req. Kerberos5 select this option
[ ] SASLKMIT If your SASL req. MIT Kerberos5 select this option
[X] TLS Enable SSL and TLS support
[ ] BDB Berkeley DB (choose version with WITH_BDB_VER)
[X] MYSQL MySQL maps (choose version with WITH_MYSQL_VER)
[ ] PGSQL PostgreSQL maps (choose with DEFAULT_PGSQL_VER)
[ ] OPENLDAP OpenLDAP maps (choose ver. with WITH_OPENLDAP_VER)
[ ] CDB CDB maps lookups
[ ] NIS NIS maps lookups
[ ] VDA VDA (Virtual Delivery Agent)
[ ] TEST SMTP/LMTP test server and generator
mail# echo 'sendmail_enable="NO"' >> /etc/rc.conf
mail# echo 'sendmail_submit_enable="NO"' >> /etc/rc.conf
mail# echo 'sendmail_outbound_enable="NO"' >> /etc/rc.conf
mail# echo 'sendmail_msp_queue_enable="NO"' >> /etc/rc.conf
mail# echo 'postfix_enable="YES"' >> /etc/rc.conf
安装Courier-imap
mail# cd /usr/ports/mail/courier-imap
mail# make install clean
Options for courier-imap 4.3.0
[X] OPENSSL Build with OpenSSL support
[ ] FAM Build in fam support for IDLE command
[ ] DRAC Build in DRAC support
[X] TRASHQUOTA Include deleted mails in the quota
[ ] GDBM Use gdbm db instead of system bdb
[ ] IPV6 Build with IPv6 support
[ ] AUTH_LDAP LDAP support
[X] AUTH_MYSQL MySQL support
[ ] AUTH_PGSQL PostgreSQL support
[ ] AUTH_USERDB Userdb support
[ ] AUTH_VCHKPW Vpopmail/vchkpw support
mail# echo 'courier_authdaemon="YES"' >> /etc/rc.conf
mail# echo 'courier_imap_imapd_enable="YES"' >> /etc/rc.conf
mail# echo 'courier_imap_pop3d_enable="YES"' >> /etc/rc.conf
mail# chmod +x /var/run/authdaemond/
安装Maildrop
mail# cd /usr/ports/mail/maildrop
mail# make WITH_AUTHLIB=yes install clean
Options for maildrop 2.0.4
[ ] AUTH_LDAP LDAP support
[X] AUTH_MYSQL MySQL support
[ ] AUTH_PGSQL PostgreSQL support
[ ] AUTH_USERDB Userdb support
[ ] AUTH_VCHKPW Vpopmail/vchkpw support
安装Spamassassin
mail# cd /usr/ports/mail/p5-Mail-SpamAssassin
mail# make install clean
Options for p5-Mail-SpamAssassin 3.2.3
[X] AS_ROOT Run spamd as root (recommended)
[X] SPAMC Build spamd/spamc (not for amavisd)
[X] SACOMPILE sa-compile
[X] DKIM DKIM/DomainKeys Identified Mail
[X] SSL Build with SSL support for spamd/spamc
[X] GNUPG Install GnuPG (for sa-update)
[X] MYSQL Add MySQL support
[ ] PGSQL Add PostreSQL support
[X] RAZOR Add Vipul's Razor support
[X] SPF_QUERY Add SPF query support
[X] RELAY_COUNTRY Relay country support
echo 'spamd_enable="YES"' >> /etc/rc.conf
echo 'spamd_flags="-m 40 -u spamd -H /var/spool/spamd"' >> /etc/rc.conf
安装clamav
mail# cd /usr/ports/security/clamav
mail# make install clean
echo 'clamav_clamd_enable="YES"' >> /etc/rc.conf
echo 'clamav_freshclam_enable="YES"' >> /etc/rc.conf
安装milter-limit
mail# cd /usr/ports/databases/db43
mail# make install clean
mail# cd /usr/ports/mail/sendmail
mail# make fetch
mail# cd /usr/ports/distfiles/
mail# tar -zxf sendmail.8.14.2.tar.gz
mail# cd sendmail-8.14.2/
mail# sh Build -c
mail# sh Build install
mail# cd /usr/home/jacky/src/com/snert/src/lib
mail# ./configure --prefix=/usr/local/snert --with-db=/usr/local/include/db43
mail# make build
mail# cd ../milter-limit
mail# ./configure --enable-run-user=postfix --enable-run-group=postfix
mail# make build
mail# make install
配置系统
配置lighttpd
mail# mkdir /usr/local/www/data/
mail# mkdir /var/run/lighttpd/
mail# chown -R vmail:vmail /var/run/lighttpd
mail# touch /var/log/lighttpd.access.log
mail# chown -R vmail:vmail /var/log/lighttpd.access.log
mail# chmod 755 /var/log/lighttpd.access.log
mail# chown vmail:vmail /var/log/lighttpd.error.log
配置文件lighttpd.conf
mail# ee /usr/local/etc/lighttpd.conf
-
- server.modules = (
- "mod_rewrite",
- "mod_redirect",
- "mod_alias",
- "mod_access",
- "mod_cml",
- "mod_status",
- "mod_fastcgi",
- "mod_evhost",
- "mod_compress",
- "mod_expire",
- "mod_secdownload",
- "mod_accesslog" )
- server.document-root = "/usr/local/www/data/"
- server.errorlog = "/var/log/lighttpd.error.log"
- index-file.names = ( "index.php", "index.html",
- "index.htm", "default.htm" )
- server.event-handler = "freebsd-kqueue" # needed on OS X
- mimetype.assign = (
- ".pdf" => "application/pdf",
- ".sig" => "application/pgp-signature",
- ".spl" => "application/futuresplash",
- ".class" => "application/octet-stream",
- ".ps" => "application/postscript",
- ".torrent" => "application/x-bittorrent",
- ".dvi" => "application/x-dvi",
- ".gz" => "application/x-gzip",
- ".pac" => "application/x-ns-proxy-autoconfig",
- ".swf" => "application/x-shockwave-flash",
- ".tar.gz" => "application/x-tgz",
- ".tgz" => "application/x-tgz",
- ".tar" => "application/x-tar",
- ".zip" => "application/zip",
- ".mp3" => "audio/mpeg",
- ".m3u" => "audio/x-mpegurl",
- ".wma" => "audio/x-ms-wma",
- ".wax" => "audio/x-ms-wax",
- ".ogg" => "application/ogg",
- ".wav" => "audio/x-wav",
- ".gif" => "image/gif",
- ".jpg" => "image/jpeg",
- ".jpeg" => "image/jpeg",
- ".png" => "image/png",
- ".xbm" => "image/x-xbitmap",
- ".xpm" => "image/x-xpixmap",
- ".xwd" => "image/x-xwindowdump",
- ".css" => "text/css",
- ".html" => "text/html",
- ".htm" => "text/html",
- ".js" => "text/javascript",
- ".asc" => "text/plain",
- ".c" => "text/plain",
- ".cpp" => "text/plain",
- ".log" => "text/plain",
- ".conf" => "text/plain",
- ".text" => "text/plain",
- ".txt" => "text/plain",
- ".dtd" => "text/xml",
- ".xml" => "text/xml",
- ".mpeg" => "video/mpeg",
- ".mpg" => "video/mpeg",
- ".mov" => "video/quicktime",
- ".qt" => "video/quicktime",
- ".avi" => "video/x-msvideo",
- ".asf" => "video/x-ms-asf",
- ".asx" => "video/x-ms-asf",
- ".wmv" => "video/x-ms-wmv",
- ".bz2" => "application/x-bzip",
- ".tbz" => "application/x-bzip-compressed-tar",
- ".tar.bz2" => "application/x-bzip-compressed-tar",
- "" => "application/octet-stream",
- )
- accesslog.filename = "/var/log/lighttpd.access.log"
- url.access-deny = ( "~", ".inc" )
- $HTTP["url"] =~ "\.pdf$" {
- server.range-requests = "disable"
- }
- static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
- server.pid-file = "/var/run/lighttpd.pid"
- server.username = "vmail"
- server.groupname = "vmail"
- fastcgi.server = ( ".php" =>
- ( "localhost" =>
- (
- "socket" => "/var/run/lighttpd/php-fastcgi.socket",
- "bin-path" => "/usr/local/bin/php-cgi"
- )
- )
- )
配置sasl2
mail# ee /usr/local/lib/sasl2/smtpd.conf
-
- pwcheck_method: auxprop
- auxprop_plugin: sql
- allowanonymouslogin: no
- allowplaintext: yes
- mech_list: PLAIN LOGIN
- srp_mda: md5
- password_format: crypt
- sql_user: tmail
- sql_passwd: tmail
- sql_hostnames: localhost
- sql_database: tmail
- sql_select: select crypt from tmail_users where email='%u@%r' and smtpaccess='Y'
配置courier-authlib
mail# ee /usr/local/etc/authlib/authdaemonrc
-
- authmodulelist="authmysql"
- authmodulelistorig="authmysql"
- daemons=5
- authdaemonvar=/var/run/authdaemond
- subsystem=mail
- DEBUG_LOGIN=2
- DEFAULTOPTIONS="wbnodsn=1"
- LOGGEROPTS=""
mail# ee /usr/local/etc/authlib/authmysqlrc
-
- MYSQL_SERVER localhost
- MYSQL_USERNAME tmail
- MYSQL_PASSWORD tmail
- MYSQL_PORT 0
- MYSQL_OPT 0
- MYSQL_DATABASE tmail
- MYSQL_USER_TABLE tmail_users
- MYSQL_CRYPT_PWFIELD crypt
- #MYSQL_CLEAR_PWFIELD clear
- MYSQL_UID_FIELD uid
- MYSQL_GID_FIELD gid
- MYSQL_LOGIN_FIELD email
- MYSQL_HOME_FIELD homedir
- MYSQL_NAME_FIELD realname
- MYSQL_MAILDIR_FIELD maildir
- MYSQL_QUOTA_FIELD quota
- MYSQL_AUXOPTIONS_FIELD CONCAT("disableimap=",disableimap,",disablepop3=",disablepop3,",disablewebmail=",disablewebmail,",sharedgroup=",sharedgroup)
- MYSQL_WHERE_CLAUSE access='y'
配置postfix
mail# mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF
mail# ln -s /usr/local/sbin/sendmail /usr/sbin/sendmail
mail# chmod 755 /usr/sbin/sendmail
mail# ee /usr/local/etc/postfix/main.cf
在结尾加入下面的内容
-
- #-----------------New Add lines--------------------------------------------------
- smtpd_recipient_limit = 15
- bounce_queue_lifetime = 12h
- maximal_queue_lifetime = 24h
- myhostname = postfix.cn
- smtp_helo_name = $myhostname
- local_transport = maildrop
- mailbox_transport = maildrop
- #disable_dns_lookups = yes
- smtpd_error_sleep_time = 0
- smtpd_soft_error_limit = 10
- smtpd_hard_error_limit = 20
- default_process_limit = 500
- mydestination = mysql:/usr/local/etc/postfix/mysql/mysql-mydest.cf
- virtual_transport_maps = mysql:/usr/local/etc/postfix/mysql/mysql-transport.cf
- #virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql/mysql-virtual.cf
- virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql/mysql-alias.cf
- recipient_bcc_maps = mysql:/usr/local/etc/postfix/mysql/mysql-autobbc-in.cf
- sender_bcc_maps = mysql:/usr/local/etc/postfix/mysql/mysql-autobbc-out.cf
- local_recipient_maps = $virtual_mailbox_maps $virtual_maps
- virtual_mailbox_base = /var/mail
- virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql/mysql-virtual-maps.cf
- virtual_create_maildirsize = yes
- virtual_mailbox_extended = yes
- virtual_maildir_suffix = Maildir/
- virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/mysql/mysql-virtual-quota.cf
- virtual_mailbox_limit_override = yes
- virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
- virtual_overquota_bounce = yes
- virtual_uid_maps = mysql:/usr/local/etc/postfix/mysql/mysql-virtual-uid.cf
- virtual_gid_maps = mysql:/usr/local/etc/postfix/mysql/mysql-virtual-gid.cf
- broken_sasl_auth_clients = yes
- smtpd_sasl_auth_enable = yes
- smtpd_sasl_security_options = noanonymous
- smtpd_client_restrictions =
- permit_mynetworks,
- permit_sasl_authenticated,
- check_client_access mysql:/usr/local/etc/postfix/mysql/mysql-access.cf,
- permit_auth_destination,
- reject
- smtpd_sender_login_maps = mysql:/usr/local/etc/postfix/mysql/mysql-smtpd-login.cf
- smtpd_reject_unlisted_sender = yes
- smtpd_sender_restrictions =
- reject_non_fqdn_sender,
- reject_unknown_sender_domain,
- # reject_unknown_client,
- check_sender_access mysql:/usr/local/etc/postfix/mysql/mysql-access.cf,
- reject_sender_login_mismatch,
- reject_authenticated_sender_login_mismatch,
- reject_unauthenticated_sender_login_mismatch,
- permit
- smtpd_recipient_restrictions =
- permit_mynetworks,
- check_client_access mysql:/usr/local/etc/postfix/mysql/mysql-access.cf,
- permit_sasl_authenticated,
- reject_unknown_hostname,
- reject_unknown_sender_domain,
- reject_non_fqdn_sender,
- reject_non_fqdn_recipient,
- reject_unknown_recipient_domain,
- reject_unauth_pipelining,
- reject_unauth_destination,
- # reject_rbl_client cblless.anti-spam.org.cn,
- permit
- default_destination_recipient_limit = 1
- local_destination_concurrency_limit = 1
- maildrop_destination_recipient_limit = 1
- message_size_limit = 104857600
- #smtpd_milters = unix:/var/run/milter/milter-limit.socket
- smtpd_recipient_limit = 10
- bounce_queue_lifetime = 12h
- maximal_queue_lifetime = 24h
- smtpd_peername_lookup = no
- smtpd_delay_reject = yes
- smtpd_proxy_timeout = 180s
- smtpd_helo_required = yes
- strict_rfc821_envelopes = yes
mail# ee /usr/local/etc/postfix/mysql/mysql-access.cf
-
- hosts = localhost
- user = tmail
- password = tmail
- dbname = tmail
- query = select access from tmail_access where source='%s'
mail# ee /usr/local/etc/postfix/mysql/mysql-alias.cf
-
- hosts = localhost
- user = tmail
- password = tmail
- dbname = tmail
- table = tmail_virtual
- query = select alias from tmail_users where email = '%s'
mail# ee /usr/local/etc/postfix/mysql/mysql-autobbc-in.cf
-
- hosts = localhost
- user = tmail
- password = tmail
- dbname = tmail
- query = select autobbc from tmail_autobbc where email = '%s' AND come='1'
mail# ee /usr/local/etc/postfix/mysql/mysql-autobbc-out.cf
-
- hosts = localhost
- user = tmail
- password = tmail
- dbname = tmail
- query = select autobbc from tmail_autobbc where email = '%s' AND `out`='1'
mail# ee /usr/local/etc/postfix/mysql/mysql-autobbc.cf
-
- hosts = localhost
- user = tmail
- password = tmail
- dbname = tmail
- query = select autobbc from tmail_autobbc where email = '%s'
mail# ee /usr/local/etc/postfix/mysql/mysql-mydest.cf
-
- hosts = localhost
- user = tmail
- password = tmail
- dbname = tmail
- table = tmail_domaininfo
- query = select domain from tmail_domaininfo where domain='%s' AND yesno='1'
mail# ee /usr/local/etc/postfix/mysql/mysql-smtpd-login.cf
-
- hosts = localhost
- user = tmail
- password = tmail
- dbname = tmail
- query = select email from tmail_users where email = '%s'
mail# ee /usr/local/etc/postfix/mysql/mysql-transport.cf
-
- hosts = localhost
- user = tmail
- password = tmail
- dbname = tmail
- table = tmail_domaininfo
- query = select transport from tmail_domaininfo where domain = '%s'
mail# ee /usr/local/etc/postfix/mysql/mysql-virtual-gid.cf
-
- hosts = localhost
- user = tmail
- password = tmail
- dbname = tmail
- table = tmail_users
- query = select gid from tmail_users where email = '%s'
mail# ee /usr/local/etc/postfix/mysql/mysql-virtual-maps.cf
-
- hosts = localhost
- user = tmail
- password = tmail
- dbname = tmail
- table = tmail_users
- query = select maildir from tmail_users where email = '%s'
mail# ee /usr/local/etc/postfix/mysql/mysql-virtual-quota.cf
-
- hosts = localhost
- user = tmail
- password = tmail
- dbname = tmail
- table = tmail_users
- query = select quota from tmail_users where email='%s'
mail# ee /usr/local/etc/postfix/mysql/mysql-virtual-uid.cf
-
- hosts = localhost
- user = tmail
- password = tmail
- dbname = tmail
- table = tmail_users
- query = select uid from tmail_users where email = '%s'
mail# ee /usr/local/etc/postfix/mysql/mysql-virtual.cf
-
- hosts = localhost
- user = tmail
- password = tmail
- dbname = tmail
- table = tmail_virtual
- query = select destination from tmail_virtual where email='%s'
mail# ee /usr/local/etc/postfix/master.cf
注释掉Maildrop的行,并修改成下面的参数
-
- maildrop unix - n n - - pipe
- flags=DRhu user=vmail argv=/usr/local/bin/maildrop -w 90 -d ${user}@${nexthop} ${extension} ${recipient} ${user} ${nexthop} ${sender}
修改配额警告信息
mail# mv /usr/local/etc/quotawarnmsg.sample /usr/local/etc/quotawarnmsg
mail# ee /usr/local/etc/quotawarnmsg
-
- X-Comment: Rename/Copy this file to quotawarnmsg, and make appropriate changes
- X-Comment: See deliverquota man page for more information
- From: 系统管理员<webmaster@postfix.cn>
- Reply-To: webmaster@postfix.cn
- To: Valued Customer:;
- Subject: 邮件配额警告
- Mime-Version: 1.0
- Content-Type: text/plain; charset=iso-8859-1
- Content-Transfer-Encoding: 7bit
- 你的邮箱空间已到90%,如果你想正常使用,请从你的邮箱清除一些邮件.
- Your mailbox on the server is now more than 90% full. So that you can continue
- to receive mail you need to remove some messages from your mailbox.
配置spamassassin
mail# ee /usr/local/etc/mail/spamassassin/local.cf
-
- rewrite_header Subject [SPAM]
- report_safe 0
- required_score 10.0
- use_bayes 1
- bayes_auto_learn 1
配置maildroprc规则
mail# cat /usr/local/etc/maildroprc
-
- #logfile "/var/log/maildrop.log"
- SENDER="$5"
- DOMAIN="$4"
- USERS="$3"
- USER=$USERS@$DOMAIN
- #$LOGNAME
- #`echo $LOGNAME >> /tmp/sender`
- #`echo $SENDER >> /tmp/sender`
- exception {
- VIRUS_TAG=`/usr/local/bin/clamdscan -V`
- VIRUS_TAG="$VIRUS_TAG on $HOSTNAME"
- xfilter "/usr/local/bin/reformail -A 'X-Virus-Checker-Version: $VIRUS_TAG'"
- xfilter "/usr/local/bin/reformail -A 'X-Virus-Status: Clean'"
- }
- #blacklist
- `/bin/test -f $HOME/.blacklist`
- if ($RETURNCODE==0)
- {
- if ($SENDER ne '' && lookup($SENDER, '.blacklist'))
- {
- `/usr/local/bin/maildirmake -f Spamd "$DEFAULT"`
- to $HOME/Maildir/.Spamd/
- }
- }
- #whitelist
- `/bin/test -f $HOME/.whitelist`
- if ($RETURNCODE==0)
- {
- if ($SENDER ne '' && lookup($SENDER, '.whitelist'))
- {
- to $HOME/Maildir/
- }
- }
-
- if ($SIZE < 102400)
- {
- exception {
- # xfilter "/usr/local/bin/spamassassin --prefspath=$HOME/user_prefs"
- xfilter "/usr/local/bin/spamc -f -u $LOGNAME"
- }
- }
- else
- {
- to $HOME/Maildir/
- }
- #垃圾邮件过滤
- if (/^X-Spam-Status: Yes/ )
- {
- `/usr/local/bin/maildirmake -f Spamd "$DEFAULT"`
- to $HOME/Maildir/.Spamd/
- }
- #病毒邮件过滤
- if (`/usr/local/bin/clamscan --no-summary --stdout --unzip --unrar - | grep -c 'FOUND'` == 1)
- {
- to "./Maildir/.Spamd"
- }
- #自动回复
- `/bin/test -f $HOME/autoreply.cf`
- if ($RETURNCODE==0)
- {
- exception {
- cc "| mailbot -A 'X-Sender: $FROM' -A 'From: $FROM' -m '$HOME/autoreply.cf' $SENDMAIL -t -f $FROM''"
- }
- }
Webmail和webadmin安装
导入数据库
mail# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 108
Server version: 5.0.51 FreeBSD port: mysql-server-5.0.51
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> create database mail;
Query OK, 1 row affected (0.02 sec)
mysql> CREATE USER 'tmail'@'localhost' IDENTIFIED BY 'tmail;
mysql> GRANT USAGE ON * . * TO 'tmail'@'localhost' IDENTIFIED BY 'tmail' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
mysql> GRANT ALL PRIVILEGES ON `tmail` . * TO 'tmail'@'localhost' WITH GRANT OPTION ;
mysql> quit
mysql> mysql -u tmail -ptmail tmail < tmail.sql
配置管理工具
mail# ee /usr/local/www/data/mail/webadmin/config/config.inc.php
-
- <?php
- define(MAILDIR,"/var/mail");
- define(MISC, ".misc");
- define(MODE,0700);
- $PageSize = 15;
- $host = "localhost";
- $user = "tmail";
- $dbname = "tmail";
- $password = "tmail";
- $link = mysql_connect($host,$user,$password) or die(mysql_error());
- mysql_select_db($dbname,$link) or die (mysql_error());
- mysql_query("set names 'GBK'");
- //mysql_query(set query gbk);
- ?>
配置webmail
mail# ee /usr/local/www/data/mail/config/config.inc.php
-
- $CFG_BASEPATH = "/tmp/tmail/temp";
- // Mysql
- define(MYSQL_HOST, 'localhost');
- define(MYSQL_USER, 'tmail');
- define(MYSQL_PASS, 'tmail');
- define(MYSQL_DATA, 'tmail');
- $CFG_NETDISK_PATH = "/var/mail/netdisk";
创建目录
mail# mv /var/mail /var/mail.OFF
mail# mkdir /var/mail
mail# chown -R vmail:vmail /var/mail
mail# mkdir -p /tmp/tmail/temp
mail# chown -R vmail:vmail /tmp/tmail/temp
启动服务
mail# /usr/local/etc/rc.d/postfix start
mail# /usr/local/etc/rc.d/mysql-server start
mail# /usr/local/etc/rc.d/lighttpd start
mail# /usr/local/etc/rc.d/clamav-clamd start
mail# /usr/local/etc/rc.d/clamav-freshclam start
mail# /usr/local/etc/rc.d/courier-authdaemond start
mail# /usr/local/etc/rc.d/courier-imap-imapd.sh
mail# /usr/local/etc/rc.d/courier-imap-pop3d.sh
mail# /usr/local/etc/rc.d/sa-spamd
测试邮件系统
测试邮件收发
生成用户base64编码
mail# perl -MMIME::Base64 -e 'print encode_base64("test\@postfix.cn");'
生成密码base64编码
mail# perl -MMIME::Base64 -e 'print encode_base64("123456");'
测试验证与发送
mail# telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.test.com.
Escape character is '^]'.
220 postfix.cn ESMTP Postfix
ehlo mail
250-postfix.cn
250-PIPELINING
250-SIZE 104857600
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
dGVzdEBwb3N0Zml4LmNu
334 UGFzc3dvcmQ6
MTIzNDU2
235 2.0.0 Authentication successful
MAIL FROM:<test@postfix.cn>
250 2.1.0 Ok
RCPT TO:<test@postfix.cn>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
SUBJECT:test
This is a test mail;
.
250 2.0.0 Ok: queued as 8DF8E1CC20
quit
221 2.0.0 Bye
Connection closed by foreign host.
测试pop
mail# telnet localhost 110
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.test.com.
Escape character is '^]'.
+OK Hello there.
user test@postfix.cn
+OK Password required.
pass 123456
+OK logged in.
list
+OK POP3 clients that break here, they violate STD53.
1 724
2 724
3 2063
4 410
.
quit
+OK Bye-bye.
Connection closed by foreign host.
配置milter-limit(达到发送邮件数量的控制)
mail# ee /usr/local/etc/postfix/main.cf | grep milter
#新加入下面的行到mail.cf文件中,重新启动postfix
- smtpd_milters = unix:/var/run/milter/milter-limit.socket
access.db数据库文件自动生成脚本
mail# cat /usr/local/sbin/milter.php
#!/usr/local/bin/php
-
- <?php
- $access = "/etc/mail/access";
- $fp = fopen($access,'w+');
- $host ="localhost";
- $user = "tmail";
- $passwd = "tmail";
- $dbname = "tmail";
- $link = mysql_connect($host,$user,$passwd);
- mysql_select_db($dbname,$link);
- $query = "select * from tmail_users order by id desc";
- $rules = mysql_query($query,$link);
- while($rs = mysql_fetch_object($rules)){
- $limit = "milter-limit-From:".$rs->email." "."150/1d"."\n";
- if(fwrite($fp,$limit)===FALSE){
- echo "不能写入文件。请检查文件权限。";
- }
- }
- system("/usr/sbin/makemap hash /etc/mail/access < /etc/mail/access");
- system("/usr/local/etc/rc.d/milter-limit.sh restart");
- ?>
mail# chmod +x /usr/local/sbin/milter.php
把milter.php脚本加入到自动排程中去
mail# crontab -e
- 0 */2 * * * /usr/sbin/milter-limit.php
[ 本帖最后由 jacky 于 2007-12-13 15:33 编辑 ] |
发表于 2007-12-13 15:26
| 
发表于 2007-12-13 15:30
| 
发表于 2007-12-13 15:50
| 
辛苦了