TShopping

 找回密碼
 註冊
搜索
查看: 1542|回復: 3

[分享] CentOS上安裝帶虛擬域,防病毒,反垃圾郵件的郵件服務器

[複製鏈接]
發表於 2012-1-8 19:43:55 | 顯示全部樓層 |閱讀模式
 
Push to Facebook Push to Plurk Push to Twitter 
轉載請註明出處:http://blog.sina.com.cn/mbbjf 版本:1.0]
概要:計劃部署郵件服務器,參考網絡眾多文章,有些信息不全,有些設置比較含糊,遂自己按部就班逐一安裝測試下來,根據自己的安裝過程實現 虛擬域-用戶,POP3,POP3S,IMAP,IMAPS,網頁郵件,SMTP,SMTPS,防病毒,防垃圾郵件的郵件服務器。
目前為一台服務器安裝所有軟件,計劃將收件和發件分離,多台發件服務器負載均衡,待日後有設備進行測試。

生產條件:虛擬機 AMD Turion Neo X2 Dual L625(1.6Ghz) 512M內存
所安裝的軟件:     如果複製黏貼配置,請注意自動換行問題,我是先用文本編輯器寫的,會有換行問題。
安裝過程需要安裝軟件
[root@mail ~]#yum install -y php-common php-pdo php-cli perl-IO-Zlib perl-Archive-Tar perl-Digest-SHA1 perl-Socket6 perl-IO-Socket-INET6 perl-Net-SSLeay perl-IO-Socket-SSL perl-Digest-HMAC perl-Net-IP perl-Net-DNS db4-devel e2fsprogs-devel krb5-devel zlib-devel openssl-devel mysql-devel cyrus-sasl-devel db*-devel gcc php-gd cyrus-sasl-lib cyrus-sasl-plain
cyrus-sasl-md5 cyrus-sasl-sql

1.CentOS 5.4 64位
操作系統,不多講
2.Mysql
數據庫,存儲域,用戶等信息。
3.Dovecot
提供POP,IMAP功能
4.Postfix
MTA,關鍵的東西,收發都靠它。
5.Cyrus-sasl
SMTP驗證時所使用
6.Apache
HTTP,網頁郵件及Postfixadmin使用的到
7.PHP
網頁郵件及Postfixadmin使用
8.Postfixadmin
管理虛擬域及虛擬用戶使用
9.MailScanner
調用殺毒軟件和反垃圾郵件程序
10.Clamav
著名的Linux殺毒軟件
11.Spamassassin
過濾垃圾郵件
12.Squirrelmail
提供Webmail

安裝過程:
安裝過程需要安裝軟件
[root@mail ~]#yum install -y php-common php-pdo php-cli perl-IO-Zlib perl-Archive-Tar perl-Digest-SHA1 perl-Socket6 perl-IO-Socket-INET6 perl-Net-SSLeay perl-IO-Socket-SSL perl-Digest-HMAC perl-Net-IP perl-Net-DNS db4-devel e2fsprogs-devel krb5-devel zlib-devel openssl-devel mysql-devel cyrus-sasl-devel db*-devel gcc php-gd cyrus-sasl-lib cyrus-sasl-plain
cyrus-sasl-md5 cyrus-sasl-sql
1.操作系統安裝
系統默認安裝,不選中任何軟件,X-windows也不安裝,具體過程請百度。
2.安裝Mysql
[root@mail ~]#yum install -y mysql
[root@mail ~]#yum install -y mysql-server
[root@mail ~]#yum install -y php-mysql
[root@mail ~]#yum install -y mysql-devel
[root@mail ~]#yum install -y mysql-connector-odbc
[root@mail ~]#yum install -y mod_auth_mysql
[root@mail ~]#yum install -y libdbi-dbd-mysql
創建數據庫
[root@mail ~]#mysql -u root -p      //自行設置root密碼
mysql>  CREATE DATABASE postfix;
mysql>   CREATE USER [email=]'postfix'@'localhost'[/email] IDENTIFIED BY 'password';
mysql>   GRANT ALL PRIVILEGES ON `postfix` . * TO [email=]'postfix'@'localhost'[/email];
3.安裝Dovecot
[root@rhel5 Server]#yum install -y dovecot
編輯/etc/dovecot.conf,內容如下:
base_dir = /var/run/dovecot/
protocols = imap imaps pop3 pop3s
listen = *
ssl_disable = no
ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
login_dir = /var/run/dovecot/login
default_mail_env = maildir:/var/spool/mail/%u/
auth default {
mechanisms = plain login digest-md5 cram-md5
  passdb sql {
    args = /etc/dovecot-mysql.conf
    }
  userdb sql {
    args = /etc/dovecot-mysql.conf
  }
}
first_valid_uid = 501

編輯/etc/dovecot-mysql.conf 內容如下:
driver = mysql
connect = host=/var/lib/mysql/mysql.sock dbname=postfix user=postfix password=postfix
default_pass_scheme = CRYPT
password_query = SELECT password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, 500 AS uid, 500 AS gid FROM mailbox WHERE username = '%u'
生成證書(安裝完openssl之後)
[root@mail ~]# mkdir /etc/ssl/certs
[root@mail ~]# mkdir /etc/ssl/private
[root@mail ~]#cd /usr/share/doc/dovecot-1.0/examples
[root@mail ~]#sh mkcert.sh

4.安裝Postfix
因光盤自帶和網上下載的一些RPM包不支持SSL及Mysql,所以需要自行下載源碼編譯安裝
先刪除系統自帶的sendmail
[root@mail ~]#rpm -e sendmail --nodeps
[root@mail ~]#groupadd postfix
[root@mail ~]#groupadd postdrop
[root@mail ~]#useradd postfix -g postfix -c "Postfix User" -d /dev/null -s /sbin/nologin       //postfix的uid和gid找到,後面有較多地方用的到,我的為500 500,此後都用這兩個
[root@mail ~]#wget  http://xxx.com/postfix-2.4.3.tar.gz   //自行到官網下載Postfix源碼
[root@mail ~]#tar zxvf postfix-2.4.3.tar.gz
[root@mail ~]#cd postfix-2.4.3
[root@mail ~]#make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_TLS -DUSE_CYRUS_SASL -DUSE_SASL_AUTH -I/usr/include/sasl' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib -lssl -lcrypto -lsasl2'
[root@mail ~]#make
//如果是X86_64的話,make會出錯,make會去找/usr/local/mysql/lib/libmysqlclient.so,應該是找/usr/local/mysql/lib64/libmysqlclient.so
[root@mail ~]#cd /usr/lib/mysql
[root@mail ~]#mv mysql mysql.bak
[root@mail ~]#ln -s /usr/lib64/mysql /usr/lib/mysql     //(給他做個軟鏈接),然後再執行make
[root@mail ~]#cd /root/postfix-2.4.3
[root@mail ~]#make
[root@mail ~]#make install
//make install 命令後的所有問題都直接回車。
編輯/etc/postfix/main.cf 內容如下:
myhostname = mail.test.com
mydomain = test.com
myorigin = $mydomain
mydestination = $myhostname localhost localhost.$mydomain
mynetworks = 127.0.0.0/8
inet_interfaces = all
virtual_mailbox_base = /var/spool/mail
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:500
virtual_gid_maps = static:500
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
message_size_limit = 14336000
virtual_mailbox_limit = 20971520
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination,permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner=$myhostname ESMTP "Version not Available"
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
html_directory = no
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/local/man
daemon_directory = /usr/libexec/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix
//以下內容在main.cf可選
//增加本地域發送郵件到本地域也需要驗證
修改main.cf
smtpd_recipient_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unknown_sender_domain,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_recipient_domain,
    reject_unauth_pipelining,
    reject_unauth_destination,
    permit
#列出本地用戶的列表,以便驗證 From: 本地域 To: 本地域
smtpd_sender_login_maps =
    mysql:/usr/local/etc/postfix/mysql_virtual_sender_maps.cf,
    mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf

smtpd_reject_unlisted_sender = yes
#本地域向本地域發信也需要SMTP身份驗證
smtpd_sender_restrictions =
    reject_sender_login_mismatch,
    reject_authenticated_sender_login_mismatch,
    reject_unauthenticated_sender_login_mismatch

# nano mysql_virtual_sender_maps.cf    內如如下
user = postfix
password = mbb123
hosts = localhost
dbname = postfix
table = mailbox
select_field = username
where_field = username
additional_conditions = AND active = '1'
#nano mysql_virtual_alias_maps.cf  內容如下
user = postfix
password = mbb123
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
additional_conditions = AND active = '1'

編輯/etc/postfix/mysql_virtual_alias_maps.cf 內容如下:
user = postfix
password = password
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
additional_conditions = AND active = '1'

編輯/etc/postfix/mysql_virtual_domains_maps.cf 內容如下:
user = postfix
password = password
hosts = localhost
dbname = postfix
table = domain
select_field = description
where_field = domain
additional_conditions = AND active = '1'

編輯/etc/postfix/mysql_virtual_mailbox_limit_maps.cf 內容如下:
user = postfix
password = password
hosts = localhost
dbname = postfix
table = mailbox
select_field = quota
where_field = username
additional_conditions = AND active = '1'

編輯/etc/postfix/mysql_virtual_mailbox_maps.cf 內容如下:
user = postfix
password = password
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
additional_conditions = AND active = '1'
配置SMTP 認證
//安裝Courier authentication library
http://www.courier-mta.org/download.php#authlib下載
[root@mail ~]# tar jxvf courier-authlib-0.58.tar.bz2
[root@mail ~]#  cd courier-authlib-0.58
[root@mail courier-authlib-0.58]# ./configure --prefix=/usr/local/courier-authlib --without-authpam --without-authldap --without-authpwd --without-authshadow --without-authvchkpw --without-authpgsql  --with-authmysql --with-mysql-libs=/usr/lib/mysql --with-mysql-includes=/usr/include/mysql --with-redhat  --with-authmysqlrc=/usr/local/courier-authlib/etc/authmysqlrc  --with-authdaemonrc=/usr/local/courier-authlib/etc/authdaemonrc CFLAGS="-march=i686 -O2 -fexpensive-optimizations" CXXFLAGS="-march=i686 -O2 -fexpensive-optimizations"
//註明,如果是64位,此處應該是
[root@mail courier-authlib-0.58]# ./configure --prefix=/usr/local/courier-authlib --without-authpam --without-authldap --without-authpwd --without-authshadow --without-authvchkpw --without-authpgsql  --with-authmysql --with-mysql-libs=/usr/lib/mysql --with-mysql-includes=/usr/include/mysql --with-redhat --with-authmysqlrc=/usr/local/courier-authlib/etc/authmysqlrc  --with-authdaemonrc=/usr/local/courier-authlib/etc/authdaemonrc

[root@mail courier-authlib-0.58]# make
[root@mail courier-authlib-0.58]# make install
[root@mail courier-authlib-0.58]# chmod 755 /usr/local/courier-authlib/var/spool/authdaemon/
[root@mail courier-authlib-0.58]# cp /usr/local/courier-authlib/etc/authdaemonrc.dist /usr/local/courier-authlib/etc/authdaemonrc
設置Postfix對authdaemond的權限
[root@mail ~]# chown postfix.postfix /var/spool/authdaemon/
[root@mail ~]# chown postfix.postfix /var/spool/authdaemon/socket

修改/usr/local/courier-authlib/etc/authdaemonrc 文件
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=10

編輯/usr/local/courier-authlib/etc/authmysqlrc 為以下內容,其中500,500 為postfix 用戶的UID和GID。
MYSQL_SERVER         localhost
MYSQL_USERNAME       postfix
MYSQL_PASSWORD       password
MYSQL_SOCKET         /var/lib/mysql/mysql.sock
MYSQL_DATABASE       postfix
MYSQL_USER_TABLE     mailbox
MYSQL_CRYPT_PWFIELD   password
MYSQL_UID_FIELD       '500'
MYSQL_GID_FIELD       '500'
MYSQL_LOGIN_FIELD     username
MYSQL_HOME_FIELD     concat('/var/spool/mail/',maildir)
MYSQL_MAILDIR_FIELD   concat('/var/spool/mail/',maildir)
MYSQL_NAME_FIELD     name

[root@mail courier-authlib-0.58]# cp courier-authlib.sysvinit /etc/init.d/courier-authlib
[root@mail courier-authlib-0.58]# chkconfig --level 35 courier-authlib on
[root@mail courier-authlib-0.58]# chmod 755 /etc/init.d/courier-authlib
[root@mail courier-authlib-0.58]# service courier-authlib start
[root@mail authlib]# cp /usr/local/courier-authlib/etc/authmysqlrc /etc/authlib
[root@mail authlib]# cp /usr/local/courier-authlib/etc/authdaemonrc /etc/authlib

增加SSL功能,配置SMTPS服務
在/etc/postfix/main.cf 增加以下內容
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/smtpd.pem
smtpd_tls_CAfile = /etc/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

生成證書
[root@mail authlib]#  mkdir /etc/ssl
[root@mail authlib]#  cd /etc/ssl
[root@mail authlib]# openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650
[root@mail ~]# chown postfix /var/spool/mail/
//修改 postfix支持mailscanner
[root@mail ~]# vi /etc/postfix/main.cf
變更以下的值
header_checks = regexp:/etc/postfix/header_checks
[root@mail ~]# vi /etc/postfix/header_checks
/^Received:/ HOLD
//注意, 在 / 之前不可以有空白!

5.安裝Cyrus-sasl
[root@mail ~]# yum install expect
然後到http://www.thatfleminggent.com/packages/centos/5/x86_64/repoview/system_environment.daemons.group.html下載courier-autulib和courier-mysql並安裝
[root@mail ~]#tar zvfx cyrus-sasl-2.1.22.tar.gz
[root@mail ~]#cd cyrus-sasl-2.1.22
[root@mail cyrus-sasl-2.1.22]#export LDFLAGS="-lpthread"
[root@mail cyrus-sasl-2.1.22]#./configure --with-mysql --enable-anon --enable-plain --enable-login --disable-krb4 --disable-otp --disable-cram --disable-digest --disable-gssapi --with-pam --with-authdaemond=/var/spool/authdaemon/socket
[root@mail cyrus-sasl-2.1.22]#make
[root@mail cyrus-sasl-2.1.22]#make install
[root@mail cyrus-sasl-2.1.22]#rm -rf /usr/lib/sasl
[root@mail cyrus-sasl-2.1.22]#rm -rf /usr/lib/sasl2
[root@mail cyrus-sasl-2.1.22]#ln -s /usr/local/lib/sasl2 /usr/lib/
#為了讓postfix能找到sasl,請運行如下命令:
[root@mail cyrus-sasl-2.1.22]#echo "/usr/local/lib" >> /etc/ld.so.conf
[root@mail cyrus-sasl-2.1.22]#ldconfig
[root@mail cyrus-sasl-2.1.22]#nano /usr/lib/sasl2/smtpd.conf
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path:/var/spool/authdaemon/socket

6.安裝Apache
[root@mail ~]#yum install httpd
[root@mail ~]#yum install httpd-manual
7.安裝PHP
[root@mail ~]#yum install php
8.安裝Postfixadmin
//下載postfixadmin源碼
[root@mail ~]# tar xvf postfixadmin-2.1.0.gz
[root@mail ~]#mv postfixadmin-2.1.0 /var/www/html/postadmin
[root@mail ~]#cp /var/www/html/postadmin/config.inc.php.sample /var/www/html/postadmin/config.inc.php
[root@mail ~]#修改config.inc.php相應配置
打開瀏覽器訪問 http://IP/postadmin,然後按提示增加虛擬域名test.com  
[root@mail ~]# vi /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/postadmin" >
Options None
DirectoryIndex index.php
AllowOverride None
Order allow,deny
Allow from all
</Directory>
9.安裝MailScanner
//到http://www.mailscanner.info/下載源碼安裝
[root@mail ~]#cd /MailScanner-4.81.4-1
[root@mail ~]#./install.sh
//配置/etc/MailScanner/MailScanner.conf 修改(此處留驗證:JF)以下內容:
%org-name% = test.com
%org-long-name% = test
%web-site% = mail.test.com
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Incoming Work User = postfix
Incoming Work Group = postfix
Quarantine User = postfix
Quarantine Group = postfix
Virus Scanners = clamav
Always Include SpamAssassin Report = yes
Sign Clean Messages = no
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamAssassin Install Prefix = /usr/bin
Log speed = yes
Log Spam = yes
Log Silent Viruses = yes
Mark Unscanned Messages = no
Notify Senders = no
Phishing Modify Subject = yes
Log Dangerous HTML Tages = yes
//配置/etc/MailScanner/virus.scanner.conf 修改以下內容:
clamav /usr/lib/MailScanner/clamav-wrapper /usr/
[root@mail ~]#mkdir /var/spool/MailScanner/spamassassin /var/spool/MailScanner/.spamassassin
[root@mail ~]#chown -R postfix.postfix /var/spool/MailScanner/*
10.安裝clamav
//下載clamav clamav-db clamav-devel clamd
[root@mail ~]# rpm -ivh clamav-db* clamav-0.9*
[root@mail ~]#rpm -ivh clamav-devel* clamd*
//編輯 /etc/clamd.conf  修改以下內容:
ScanHTML yes
ArchiveMaxFileSize 15M
ArchiveMaxRecursion 10
ArchiveMaxFiles 1500
ClamukoScanOnOpen yes
ClamukoScanOnClose yes
ClamukoScanOnExec yes
ClamukoMaxFileSize 10M

//手動更新clamav
[root@mail ~]#freshclam
//修改定時升級clamav
[root@mail ~]#corntab -e
//增加以下內容保存退出
0 2 * * * root /usr/bin/freshclam --quiet -l /var/log/clamav/clamd.log
11.安裝Spamassassin
[root@mail ~]#yum install spamassassin

12.安裝Squirrelmail
[root@mail ~]#cd /var/www/html
//下載Squirrelmail源碼
[root@mail html]# tar zxvf squirrelmail-1.4.10a.tar.gz
[root@mail html]# mv squirrelmail-1.4.10a webmail
[root@mail html]# cd webmail/
[root@mail webmail]# cd config
[root@mail config]# ./conf.pl
//選擇1進入Organization Preferences,進行編輯
1.  Organization Name      : test.com
2.  Organization Logo      : ../images/sm_logo.png
3.  Org. Logo Width/Height : (308/111)
4.  Organization Title     : SquirrelMail $version
5.  Signout Page           :
6.  Top Frame              : _top
7.  Provider link          : http://mail.test.com/
8.  Provider name          : test
//按R退出
//選擇2進入server settings,進行編輯
1.  Domain                 : test.com
2.  Invert Time            : false
3.  Sendmail or SMTP       : SMTP

A.  Update IMAP Settings   : localhost:143 (other)
B.  Update SMTP Settings   : localhost:25
//按R退出
//選擇4進入General options,進行編輯
1.  Data Directory              : /var/www/html/webmail/
2.  Attachment Directory        : /var/www/html/webmail/attach/
3.  Directory Hash Level        : 0
4.  Default Left Size           : 150
5.  Usernames in Lowercase      : true
6.  Allow use of priority       : true
7.  Hide SM attributions        : true
8.  Allow use of receipts       : true
9.  Allow editing of identity   : true
    Allow editing of name       : true
    Remove username from header : false
10. Allow server thread sort    : false
11. Allow server-side sorting   : false
12. Allow server charset search : false
13. Enable UID support          : true
14. PHP session name            : SQMSESSID
15. Location base               :
//改好之後保存退出
[root@mail html]#makedir /var/www/html/webmail/attach
[root@mail html]#chmod 777 /var/www/html/webmail/attach
[root@mail html]# chown -R apache:root webmail

//將以下服務設置為自動啟動,去除postfix和sendmail的自啟動
MailScanner clamd dovecot httpd mysqld saslauthd spamassassin
//iptables 設置 110,25,143,995,993,443端口通過
reboot,  大功告成

 

臉書網友討論
發表於 2013-11-9 00:59:43 | 顯示全部樓層
這個帖不错!!!!!  

版主招募中

發表於 2013-11-9 00:59:43 | 顯示全部樓層
自己知道了  


您需要登錄後才可以回帖 登錄 | 註冊 |

本版積分規則



Archiver|手機版|小黑屋|免責聲明|TShopping

GMT+8, 2016-12-7 10:08 , Processed in 0.058756 second(s), 18 queries .

本論壇言論純屬發表者個人意見,與 TShopping綜合論壇 立場無關 如有意見侵犯了您的權益 請寫信聯絡我們。

Powered by Discuz! X3.2

© 2001-2013 Comsenz Inc.

快速回復 返回頂部 返回列表