相关下载:
courier-authlib
http://sourceforge.net/project/showfiles.php?group_id=5404
cyrus-sasl
ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/
maildrop
http://sourceforge.net/project/showfiles.php?group_id=5404
第一部分
(一)安装 CentOS 5.1。在这,我们只默认安装一些必要的软件包;其他如 X-Windows 等,不安装。
(二)修改系统的默认语言。上面步骤安装完 CentOS 5.1 后,默认的系统语言是 zh_CN.UTF-8,为了下面的安装,我们将其更改为 en.UTF-8,如下:
引用:
#vi /etc/sysconfig/i18n
LANG="en.UTF-8"
#LANG="zh_CN.UTF-8"
(一)安装 MySQL
# /usr/sbin/groupadd -g 27 mysql
# /usr/sbin/useradd -c "MySQL Server" -u 27 -d /usr/local/mysql -g mysql -s /bin/bash -M mysql
# tar zxvf mysql-5.0.45.tar.gz
# cd mysql-5.0.45
# ./configure \
--prefix=/usr/local/mysql \
--sysconfdir=/etc \
--enable-thread-safe-client \
--enable-local-infile \
--with-unix-socket-path=/var/lib/mysql/mysql.sock \
--with-charset=gbk \
--with-extra-charset=all \
--with-low-memory
# make
# make install
# cp /usr/local/mysql/share/mysql/my-medium.cnf /etc/my.cnf
# cd /usr/local/mysql
# chown -R mysql .
# chgrp -R mysql .
# bin/mysql_install_db --user=mysql
# chown -R root .
# chown -R mysql var
# bin/mysqld_safe --user=mysql &
# cd /usr/local/src/mysql-5.0.45 (这里的目录指的是原压缩包解压后的目录)
# cp support-files/mysql.server /etc/rc.d/init.d/mysqld
# chmod 755 /etc/rc.d/init.d/mysqld
加入自动启动服务队列:
# echo "/etc/rc.d/init.d/mysqld start" >> /etc/rc.local
添加 mysql-root 密码:
# /usr/local/mysql/bin/mysqladmin -uroot password 新密码
配置库文件搜索路径:
# echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf
# ldconfig (这一步骤,千万不要忘记了哦)
# ldconfig -v
添加 /usr/local/mysql/bin 到环境变量 PATH 中:
# export PATH=$PATH:/usr/local/mysql/bin
检查下 PATH 中是否写入了 /usr/local/mysql/bin 路径:
# echo $PATH
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/usr/local/mysql/bin
测试 MySQL :
# /etc/rc.d/init.d/mysqld start
Starting MySQL [ OK ]
(注意:以上方式安装好 MySQL 后,其 mysql.sock 文件位于 /var/lib/mysql 目录下。)
(二)安装 perl-DBI ,DBD::Mysql 和 Unix::syslogd
ExtMail 将会用到 perl 的 DBD::Mysql 和 Unix::Syslog 功能,您可以去
http://search.cpan.org 搜索下载原码包进行安装。
推荐用 perl -MCPAN -e shell 来安装,如:
# tar zxvf Unix-Syslog-1.0.tar.gz
# cd Unix-Syslog-1.0
# perl Makefile.PL
# make
# make install
# tar zxvf DBI-1.58.tar.gz
# cd DBI-1.58
# perl Makefile.PL
# make
# make install
DBD-Mysql 目前最新版本为 4.005,但它和系统中的 perl 结合使用时会造成 extmail 无法正常使用,因此我们采用 3 的版本:
# tar zxvf DBD-mysql-3.0002_4.tar.gz
# cd DBD-mysql-3.0002_4
# perl Makefile.PL
(此步骤中如果出现类同 Can't exec "mysql_config": No such file or directory at Makefile.PL line 76. 的错误是因为您的 mysql 的 bin 目录没有输出至 $PATH 环境变量中)
# make
# make install
(三)安装 rrdtool 所需的软件包
# rpm -ivh freetype-2.2.1-19.el5.i386.rpm
# rpm -ivh freetype-demos-2.2.1-19.el5.i386.rpm
# rpm -ivh freetype-devel-2.2.1-19.el5.i386.rpm
# rpm -ivh libart_lgpl-devel-2.3.17-4.i386.rpm
# rpm -Uvh libpng-1.2.10-7.1.el5_0.1.i386.rpm
# rpm -Uvh libpng-devel-1.2.10-7.1.el5_0.1.i386.rpm
(四)安装 Time::HiRes 和 File::Tail 和 rrdtool-1.2.26
安装 Time::HiRes
# tar zxvf Time-HiRes-1.9711.tar.gz
# cd Time-HiRes-1.9711
# perl Makefile.PL
# make
# make install
安装 File::Tail
# tar zxvf File-Tail-0.99.3.tar.gz
# cd File-Tail-0.99.3
# perl Makefile.PL
# make
# make install
安装 rrdtool-1.2.26
(建议使用下面 rpm 包方式来安装 rrdtool)
# rpm -ivh rrdtool-1.2.23-3.el5.i386.rpm
# rpm -ivh rrdtool-perl-1.2.23-3.el5.i386.rpm
=================================
# tar zxvf rrdtool-1.2.26.tar.gz
# cd rrdtool-1.2.26
# ./configure
# make
# make install
=================================
(五)安装 httpd 所需的软件包
# rpm -ivh apr-devel-1.2.7-11.i386.rpm
# rpm -ivh apr-docs-1.2.7-11.i386.rpm
# rpm -ivh apr-util-devel-1.2.7-6.i386.rpm
# rpm -ivh apr-util-docs-1.2.7-6.i386.rpm
(六)安装 httpd
# rpm -ivh httpd-2.2.3-11.el5.centos.i386.rpm
# rpm -ivh httpd-manual-2.2.3-11.el5.centos.i386.rpm
# rpm -ivh httpd-devel-2.2.3-11.el5.centos.i386.rpm
加入自动启动服务队列:
# echo "/etc/rc.d/init.d/httpd start" >> /etc/rc.local
(七)安装 mod_fastcgi 和 FCGI
# tar xzvf mod_fastcgi-2.4.6.tar.gz
# cd mod_fastcgi-2.4.6
# cp Makefile.AP2 Makefile
# make top_dir=/usr/lib/httpd install
检查下 mod_fastcgi 模块有没有安装到 http 中:
# ls -l /etc/httpd/modules/mod_fastcgi.so
# mkdir /var/lib/fcgi
# mkdir /var/lib/fcgi/dynamic
# chmod 777 /var/lib/fcgi
# chmod 777 /var/lib/fcgi/dynamic
# tar zxvf FCGI-0.67.tar.gz
# cd FCGI-0.67
# perl Makefile.PL
# make
# make install
(八)安装 courier-authlib
# tar jxvf courier-authlib-0.60.2.tar.bz2
# cd courier-authlib-0.60.2
# /usr/sbin/groupadd -g 1000 vgroup
# /usr/sbin/useradd -g 1000 -u 1000 -M -s /bin/false vuser
# ./configure \
--prefix=/usr/local/courier-authlib \
--without-stdheaderdir \
--without-authuserdb \
--without-authpam \
--without-authldap \
--without-authpwd \
--without-authshadow \
--without-authvchkpw \
--without-authpgsql \
--without-authcustom \
--with-authmysql \
--with-mysql-libs=/usr/local/mysql/lib/mysql \
--with-mysql-includes=/usr/local/mysql/include/mysql \
--with-redhat \
--with-mailuser=vuser \
--with-mailgroup=vgroup
(因为改变了 courier-authlib 的安装位置,所以需要加选项 --without-stdheaderdir)
(编译 courier-authlib 必须要加入--with-mailuser,--with-mailgroup 这两项;否则在 postfix 收取邮件的时候就会出现错误,在 /var/log/maillog 日志文件中可以看到这个错误提示:
temporary failure. Command output: ERR: authdaemon: s_connect() failed: Permission denied maildrop: Temporary authentication failure. )
(如果是用 RPM 安装的话,就必须敲这条命令 chmod 755 /usr/local/courier-authlib/var/spool/authdaemon
该目录权限不正确修改,maildrop及postfix等将无法正确获取用户的信息及密码认证。)
# make
# make install
# make install-migrate
# make install-configure
# echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf
# ldconfig
# ldconfig -v
(备注:如果没有运行 ldconfig 命令,则在安装完 maildrop,运行 maildrop -v 时会出现错误:maildrop:error while loading shared libraries: libcourierauth.so.0)
# cp courier-authlib.sysvinit /etc/rc.d/init.d/courier-authlib
# chmod 755 /etc/rc.d/init.d/courier-authlib
加入自动启动服务队列:
# echo "/etc/rc.d/init.d/courier-authlib start" >> /etc/rc.local
# cd /usr/local/courier-authlib/etc/authlib
编辑 authdaemonrc 文件:
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=10
编辑 authmysqlrc 文件:
MYSQL_SERVER localhost
MYSQL_USERNAME extmail
MYSQL_PASSWORD extmail
MYSQL_SOCKET /tmp/mysql.sock (注意这里哦!)
MYSQL_PORT 3306
MYSQL_OPT 0
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD uidnumber
MYSQL_GID_FIELD gidnumber
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD homedir
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD maildir
MYSQL_QUOTA_FIELD quota
MYSQL_SELECT_CLAUSE SELECT username,"",password,uidnumber,gidnumber, \
CONCAT('/home/domains/',homedir), \
CONCAT('/home/domains/',maildir), \
quota, \
name, \
CONCAT("disableimap=",disableimap,",disablepop3=", \
disablepop3,",disablewebmail=",disablewebmail, \
",disablesmtpd=",disablesmtpd,",disablesmtp=", \
disablesmtp,",disablenetdisk=",disablenetdisk, \
",netdiskquota=",netdiskquota) \
FROM mailbox \
WHERE username = '$(local_part)@$(domain)'
# /etc/rc.d/init.d/courier-authlib start (启动服务)
# chmod 755 /usr/local/courier-authlib/var/spool/authdaemon
(九)安装 cyrus-sasl-2.1.22
# rpm -qa|grep cyrus-sasl (把查找出来的包都删除了)
# rpm -e --nodeps cyrus-sasl-2.1.22-4 cyrus-sasl-plain-2.1.22-4 cyrus-sasl-devel-2.1.22-4 cyrus-sasl-lib-2.1.22-4
# rm -rf /usr/lib/sasl
# rm -rf /usr/lib/sasl2
# tar xzvf cyrus-sasl-2.1.22.tar.gz
# cd cyrus-sasl-2.1.22
# ./configure \
--enable-plain \
--enable-cram \
--enable-digest \
--enable-login \
--enable-sql \
--disable-anon \
--disable-ntlm \
--disable-gssapi \
--disable-krb4 \
--disable-otp \
--disable-srp \
--disable-srp-setpass \
--with-authdaemond=/usr/local/courier-authlib/var/spool/authdaemon/socket \
--with-mysql \
--with-mysql-includes=/usr/local/mysql/include/mysql \
--with-mysql-libs=/usr/local/mysql/lib/mysql
# make
# make install
# ln -s /usr/local/lib/sasl2 /usr/lib/sasl2
# echo "/usr/local/lib" >> /etc/ld.so.conf
# ldconfig
# ldconfig -v
# vi /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket
(十)安装 DB 库文件
# rpm -ivh giflib-4.1.3-7.1.el5.1.i386.rpm
# rpm -ivh libgdiplus-1.2.5-1.el5.centos.i386.rpm
# rpm -ivh mono-core-1.2.4-2.el5.centos.i386.rpm
# rpm -ivh dbus-sharp-0.63-8.el5.centos.i386.rpm
# rpm -ivh dbus-sharp-devel-0.63-8.el5.centos.i386.rpm
# rpm -ivh dbh-1.0.24-5.el5.centos.i386.rpm
# rpm -ivh dbh-devel-1.0.24-5.el5.centos.i386.rpm
# rpm -ivh dbus-glib-devel-0.70-5.i386.rpm
(十一)安装 postfix
postfix 需要使用到 pcre 软件包,因此我们需要先安装下面这两个软件包:
# rpm -Uvh pcre-6.6-2.el5_1.7.i386.rpm
# rpm -Uvh pcre-devel-6.6-2.el5_1.7.i386.rpm
# /etc/init.d/sendmail stop
# chkconfig --level 0123456 sendmail off
# tar zxvf postfix-2.4.6.tar.gz
# cd postfix-2.4.6
# make tidy
# /usr/sbin/groupadd postdrop -g 101
# /usr/sbin/groupadd postfix -g 102 (如果原来系统中有该用户则不需要再建)
# /usr/sbin/useradd -d /var/spool/postfix -s /bin/true -u 100 -g postfix -G postdrop postfix
# make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include/mysql -DUSE_CYRUS_SASL -DUSE_SASL_AUTH
-I/usr/local/include/sasl' 'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient -lm -lz -L/usr/local/lib -lsasl2'
# make
# make install
===================================
install_root: [/]
tempdir: [/mnt/softs/postfix-2.4.6] /tmp
config_directory: [/etc/postfix]
daemon_directory: [/usr/libexec/postfix]
command_directory: [/usr/sbin]
queue_directory: [/var/spool/postfix]
sendmail_path: [/usr/sbin/sendmail]
newaliases_path: [/usr/bin/newaliases]
mailq_path: [/usr/bin/mailq]
mail_owner: [postfix]
setgid_group: [postdrop]
manpage_directory: [/usr/local/man]
===================================
# mv /etc/aliases /etc/aliases.old
# ln -s /etc/postfix/aliases /etc/aliases
生成别名二进制文件,这个步骤如果忽略,会造成 postfix 效率极低:
# echo 'root:
admin@example.com'>>/etc/postfix/aliases
# /usr/bin/newaliases
# postconf -n > /etc/postfix/main2.cf
# mv /etc/postfix/main.cf /etc/postfix/main.cf.old
# mv /etc/postfix/main2.cf /etc/postfix/main.cf
# chown root.root /var/spool/postfix
# chmod 755 /var/spool/postfix
# vi /etc/postfix/main.cf
# hostname
mynetworks = 127.0.0.1
myhostname = mail.extmail.org
mydomain = extmai.com
myorigin = $mydomain
mydestination = $mynetworks $myhostname
# banner
mail_name = Postfix - by extmail.org
smtpd_banner = $myhostname ESMTP $mail_name
# response immediately
smtpd_error_sleep_time = 3s
unknown_local_recipient_reject_code = 550
# extmail config here
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_transport = maildrop:
# cp /var/www/extsuite/extman/docs/mysql_* /etc/postfix/
(需要将 ExtMail extman 包解压,见下文“CentOS 5.1 下用源码编译安装 ExtMail (第四部分)”;当然亦可以参照下面步骤创建)
编辑 mysql_virtual_alias_maps.cf
# vi /etc/postfix/mysql_virtual_alias_maps.cf
内容如下:
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = alias
select_field = goto
where_field = address
编辑 mysql_virtual_domains_maps.cf
# vi /etc/postfix/mysql_virtual_domains_maps.cf
内容如下:
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = domain
select_field = description
where_field = domain
#additional_conditions = and backupmx ='0' and active ='1'
编辑 mysql_virtual_mailbox_maps.cf
# vi /etc/postfix/mysql_virtual_mailbox_maps.cf
内容如下:
user = extmail
password = extmail
hosts = localhost
dbname = extmail
table = mailbox
select_field = maildir
where_field = username
#additional_conditions = and active = '1'
SMTP 认证需要透过 Cyrus-SASL,连接到 authdaemon 获取认证信息,编辑 /etc/postfix/main.cf,增加如下内容:
# vi /etc/postfix/main.cf
# smtpd related config
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
# SMTP AUTH config here
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
编辑 postfix 的启动脚本:
# vi /etc/rc.d/init.d/postfix
内容如下:
===============================================================
#!/bin/sh
#
# postfix Postfix Mail Transfer Agent
#
# chkconfig: 2345 80 30
# description: Postfix is a Mail Transport Agent, which is the program \
# that moves mail from one machine to another.
# processname: master
# pidfile: /var/spool/postfix/pid/master.pid
# config: /etc/postfix/main.cf
# config: /etc/postfix/master.cf
#
# $Revision: 2.4 $
#
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -x /usr/sbin/postfix ] || exit 0
[ -d /etc/postfix ] || exit 0
[ -d /var/spool/postfix ] || exit 0
RETVAL=0
start() {
# Start daemons.
echo -n "Starting postfix: "
/usr/sbin/postfix start 2>/dev/null 1>&2 && success || failure
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/postfix
echo
return $RETVAL
}
stop() {
# Stop daemons.
echo -n "Shutting down postfix: "
/usr/sbin/postfix stop 2>/dev/null 1>&2 && success || failure
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/postfix
echo
return $RETVAL
}
reload() {
echo -n "Reloading postfix: "
/usr/sbin/postfix reload 2>/dev/null 1>&2 && success || failure
RETVAL=$?
echo
return $RETVAL
}
restart() {
stop
start
}
abort() {
/usr/sbin/postfix abort 2>/dev/null 1>&2 && success || failure
return $?
}
flush() {
/usr/sbin/postfix flush 2>/dev/null 1>&2 && success || failure
return $?
}
check() {
/usr/sbin/postfix check 2>/dev/null 1>&2 && success || failure
return $?
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload)
reload
;;
abort)
abort
;;
flush)
flush
;;
check)
check
;;
status)
status master
;;
condrestart)
# don't use /var/lock/subsys/postfix, check for postfix running directly
daemon_directory=$(postconf -h daemon_directory)
$daemon_directory/master -t 2>/dev/null && : || restart
;;
*)
echo "Usage: postfix {start|stop|restart|reload|abort|flush|check|status|condrestart}"
exit 1
esac
exit $?
===============================================================
# chmod 755 /etc/rc.d/init.d/postfix
启动 postfix 服务:
#/etc/rc.d/init.d/postfix start
(十二)安装 maildrop
# tar jxvf maildrop-2.0.4.tar.bz2
# cd maildrop-2.0.4
# ln -s /usr/local/courier-authlib/bin/courierauthconfig /usr/bin/courierauthconfig
# ./configure \
--enable-sendmail=/usr/sbin/sendmail \
--enable-trusted-users='root vuser' \
--enable-syslog=1 \
--enable-maildirquota \
--enable-maildrop-uid=1000 \
--enable-maildrop-gid=1000 \
--with-trashquota \
--with-dirsync
# make
# make install
# cp /usr/local/bin/maildrop /usr/bin
# chmod a+rx /usr/bin/maildrop
# maildrop -v (检查信息,如果有 courier-authlib 则表示安装成功)
maildrop 2.0.4 Copyright 1998-2005 Double Precision, Inc.
GDBM extensions enabled.
Courier Authentication Library extension enabled.
Maildir quota extension enabled.
This program is distributed under the terms of the GNU General Public
License. See COPYING for additional information.
新建其配置文件 /etc/maildroprc 文件,首先指定 maildrop 的日志记录位置:
# vi /etc/maildroprc
logfile "/var/log/maildrop.log"
# touch /var/log/maildrop.log
# chown vuser.vgroup /var/log/maildrop.log
# chmod a+r /etc/maildroprc
(十三)安装 courier-imap
# tar jxvf courier-imap-4.1.3.tar.bz2
# cd courier-imap-4.1.3
# ./configure \
--prefix=/usr/local/courier-imap \
--with-redhat \
--enable-unicode \
--disable-root-check \
--with-trashquota \
--without-ipv6 COURIERAUTHCONFIG='/usr/local/courier-authlib/bin/courierauthconfig'
# make
# make install
# cp /usr/local/courier-imap/etc/imapd.dist /usr/local/courier-imap/etc/imapd
# cp /usr/local/courier-imap/etc/imapd-ssl.dist /usr/local/courier-imap/etc/imapd-ssl
# cp /usr/local/courier-imap/etc/pop3d.dist /usr/local/courier-imap/etc/pop3d
# cp /usr/local/courier-imap/etc/pop3d-ssl.dist /usr/local/courier-imap/etc/pop3d-ssl
# vi /usr/local/courier-imap/etc/pop3d
POP3DSTART=yes
注:如果你想为用户提供 IMAP 服务,可以在 /usr/local/courier-imap/etc/imapd 文件中设置 " IMAPDSTART=YES "。
# cp courier-imap.sysvinit /etc/rc.d/init.d/courier-imapd
# chmod 755 /etc/rc.d/init.d/courier-imapd
加入自动启动服务队列:
# echo "/etc/rc.d/init.d/courier-imapd start" >> /etc/rc.local
启动服务:
# /etc/rc.d/init.d/courier-imapd start
(一)安装 ExtMail 1.0.3 和 ExtMan 0.2.3
启动数据库 MySQL
# /etc/rc.d/init.d/mysql start [ OK ]
然后使用 ps 命令来检查 mysqld 是否正常启动:
# ps ax|grep mysqld
正常情况下应出现如下的结果:
1702 ? S 0:00 /bin/sh /usr/local/mysql/bin/mysqld_safe --datadir=/usr/local/mysql/var --pid-file=/usr/local/mysql/var/mail.extmail.org.pid
1735 ? Sl 0:00 /usr/local/mysql/libexec/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/var --user=mysql --pid-file=/usr/local/mysql/var/mail.extmail.org.pid --skip-external-locking --port=3306 --socket=/var/lib/mysql/mysql.sock
1959 pts/0 S+ 0:00 grep mysqld
导入 ExtMail 和 ExtMan 所需要的数据库:(以下假设 ExtMail 1.0.3 和 ExtMan 0.2.3 的安装文件放置于 /tmp 目录下)
# mkdir /var/www/extsuite
# cd /var/www/extsuite
# tar zxvf /tmp/extman-0.2.3.tar.gz
# tar zxvf /tmp/extmail-1.0.3.tar.gz
# mv extman-0.2.3 extman
# mv extmail-1.0.3 extmail
# mysql -u root -p < /var/www/extsuite/extman/docs/extmail.sql
# mysql -u root -p < /var/www/extsuite/extman/docs/init.sql
链接基本库到 Extmail
由于 ExtMan 的体系与 ExtMail 比较类似,因此 ExtMan 需要使用 ExtMail 中几个基础 perl 模块,在extman 的源码包里,包含了一个叫 buildlink.sh 的小脚本,该脚本完成了这些链接的工作,使用方法:
# cd /var/www/extsuite/extman/libs/Ext
# ./buildlink.sh build /var/www/extsuite/extmail/libs/Ext
# mkdir /var/www/extsuite/extman/tmp
# chown -R vuser:vgroup /var/www/extsuite/extman/tmp
# cp /var/www/extsuite/extman/docs/mysql_virtual_*.cf /etc/postfix/
# vi /var/www/extsuite/extman/webman.cf
# sys_sess_dir, the session dir
SYS_SESS_DIR = /var/www/extsuite/extman/tmp
操作完毕后,需要建立刚才导入 mysql 的
test@extmail.org 帐户的 Maildir,请输入如下命令:
# cd /var/www/extsuite/extman/tools
# ./maildirmake.pl /home/domains/extmail.org/test/Maildir
# chown -R vuser:vgroup /home/domains/extmail.org
测试 maildrop:
# maildrop -V 10 -d
test@extmail.org
执行后,应该会出现如下所示:
maildrop: authlib: groupid=1000
maildrop: authlib: userid=1000
maildrop: authlib: logname=test@extmail.org, home=/home/domains/extmail.org/test, mail=/home/domains/extmail.org/test/Maildir/
maildrop: Changing to /home/domains/extmail.org/test
(二)配置 ExtMail 和 ExtMan
因为之前我们已经安装好了 mod_fastcgi 和 FCGI 了,因此,现在我们只需要对 ExtMail 和 ExtMan 和 http 进行配置即可了:
# vi /etc/httpd/conf/httpd.conf
=========== 修改部分 =================
Listen 12.34.56.78:80
#Listen 80
=================================
=========== 新增加部分 =================
LoadModule fastcgi_module modules/mod_fastcgi.so
<IfModule mod_fastcgi.c>
FastCgiIpcDir /var/lib/fcgi
<IfModule>
NameVirtualHost 12.34.56.78
Include conf/mail.extmail.org.conf
=================================
注明:上面提及的 12.34.56.78 根据实际情况设置为服务器的 IP 地址。
# vi /etc/hosts //增加下面这行
12.34.56.78 mail.extmail.org mail
# vi /etc/httpd/conf/mail.extmail.org.conf
# VirtualHost for ExtMail Solution
# <VirtualHost *:80>
VirtualHost mail.extmail.org
ServerName mail.extmail.org
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi/ /var/www/extsuite/extmail/dispatch.fcgi/
Alias /extmail /var/www/extsuite/extmail/html
ScriptAlias /extman/cgi/ /var/www/extsuite/extmail/dispatch.fcgi/
Alias /extman /var/www/extsuite/extman/html
<Location "/extmail/cgi">
SetHandler fastcgi-script
</Location>
<Location "/extman/cgi">
SetHandler fastcgi-script
</Location>
</VirtualHost>
# cd /var/www/extsuite/extmail
# chmod 755 dispatch.fcgi
# chmod 755 dispatch-init
# chmod 755 dispatch_lig.sh
# chown -R vuser:vgroup cgi
# chmod -R 755 cgi
# cd /var/www/extsuite/extman
# chown -R vuser:vgroup cgi
# chmod -R 755 cgi
到此为止,ExtMail 和 ExtMan 的设置部分就结束了:
# /etc/rc.d/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
最后访问
http://mail.extmail.org/extmail/,如无意外,将看到 webmail 的登陆页,不过此时还没有加正式的用户,所以不能登陆,包括
test@extmail.org 也不行。必须要登陆到
http://mail.extmail.org/extman/ 里增加一个新帐户才能登陆。
ExtMan 的默认超级管理员帐户是
root@extmail.org,密码是 extmail,登陆成功后,建议将密码修改,以确保安全。
(三)postfix 的主要配置文件(范例)
=========== main.cf =================
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
# hostname
mynetworks = 127.0.0.1
myhostname = mail.extmail.org
mydomain = extmail.org
mydestination = $mynetworks, $myhostname
# banner
mail_name = Postfix - By $mydomain
smtpd_banner = $myhostname ESMTP $mail_name
# response immediately
smtpd_error_sleep_time = 3s
unknown_local_recipient_reject_code = 550
command_time_limit = 120s
smtp_data_done_timeout = 1800s
smtp_connect_timeout = 1200s
queue_run_delay = 300s
bounce_queue_lifetime = 3600s
maximal_queue_lifetime = 3600s
minimal_backoff_time = 600s
maximal_backoff_time = 3600s
# extmail config here
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_transport = maildrop:
# maildrop setting
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
# smtpd related config
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname
# SMTP sender login matching config
smtpd_sender_restrictions =
reject_sender_login_mismatch,
reject_authenticated_sender_login_mismatch,
reject_unauthenticated_sender_login_mismatch
smtpd_sender_login_maps =
mysql:/etc/postfix/mysql_virtual_sender_maps.cf,
mysql:/etc/postfix/mysql_virtual_alias_maps.cf
# SMTP AUTH config here
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
# Content-Filter
#header_checks = regexp:/etc/postfix/header_checks
receive_override_options = no_address_mappings
# Message and return code control
mailbox_size_limit = 419430400
message_size_limit = 41943040
show_user_unknown_table_name = no
# Base Config
line_length_limit = 40960
header_size_limit = 1024000
queue_minfree = 94371840
bounce_size_limit = 51200
smtp_destination_recipient_limit = 10
smtpd_client_connection_rate_limit = 50
smtpd_client_connection_count_limit = 50
===================================
=========== master.cf =================
#
# Postfix master process configuration file. For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
#flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
flags=DRhu user=vuser argv=maildrop -w 90 -d ${user}@${nexthop} ${recipient} ${user} ${extension} {nexthop}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus unix - n n - - pipe
user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail.postfix ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o receive_override_options=
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
这一部分,我主要讲述下如何在前面三部分的基础上,进行安装反垃圾邮件功能,防病毒邮件功能。
反垃圾邮件功能主要由 ExtMail 推荐使用的 slockd 和 spamassassin 来实现基于垃圾邮件的行为检测和基于垃圾邮件内容的检测。即目前通俗的说法就是第二代技术:内容检测;第一代技术:行为检测。
防病毒功能方面,我一直都是使用 McAfee for Linux 版本;其实 clamav 这个开源的反病毒程序也不错。视个人的要求了。
(一)安装 Spamassassin 所需要的一些 perl 模块
# rpm -ivh cabextract-1.2-1.el5.rf.i386.rpm
# rpm -ivh gamin-0.1.7-8.el5.i386.rpm
# rpm -ivh gamin-devel-0.1.7-8.el5.i386.rpm
# rpm -ivh gamin-python-0.1.7-8.el5.i386.rpm
# rpm -ivh nomarch-1.4-2.el5.i386.rpm
# rpm -ivh unrar-3.7.4-1.el5.rf.i386.rpm
# rpm -ivh DCC-1.3.66-21.el5.i386.rpm
# rpm -ivh DCC-debuginfo-1.3.66-21.el5.i386.rpm
# rpm -ivh pyzor-0.4.0-9.0.el5.noarch.rpm
# rpm -ivh perl-BSD-Resource-1.28-1.fc6.1.i386.rpm
# rpm -ivh mod_perl-2.0.2-6.3.el5.i386.rpm
# rpm -ivh perl-Compress-Zlib-1.42-1.fc6.i386.rpm
# rpm -ivh perl-IO-Zlib-1.04-4.2.1.noarch.rpm
# rpm -ivh perl-Archive-Tar-1.30-1.fc6.noarch.rpm
# rpm -ivh perl-Sys-Hostname-Long-1.4-2.0.el5.noarch.rpm
# rpm -ivh perl-Net-CIDR-Lite-0.20-2.1.el5.noarch.rpm
# rpm -ivh perl-Mail-SPF-Query-1.999.1-8.el5.noarch.rpm
# rpm -ivh perl-HTTP-Request-Form-0.952-1.2.el5.rf.noarch.rpm
# rpm -ivh perl-Digest-SHA1-2.11-1.2.1.i386.rpm
# rpm -ivh perl-LWP-Authen-Wsse-0.05-1.2.el5.rf.noarch.rpm
# rpm -ivh perl-RPC-XML-0.59-1.el5.rf.noarch.rpm
# rpm -ivh perl-Encode-Detect-1.00-1.el5.i386.rpm
# rpm -ivh perl-HTML-Tagset-3.10-2.1.1.noarch.rpm
# rpm -ivh perl-HTML-Parser-3.55-1.fc6.i386.rpm
# rpm -ivh perl-Net-IP-1.25-2.fc6.noarch.rpm
# rpm -ivh perl-Digest-HMAC-1.01-15.noarch.rpm
# rpm -ivh perl-Net-DNS-0.59-3.el5.i386.rpm
# rpm -ivh perl-Error-0.17010-1.el5.rf.noarch.rpm
# rpm -ivh perl-version-0.74-1.el5.rf.i386.rpm
# rpm -ivh perl-File-Tail-0.99.3-1.2.el5.rf.noarch.rpm
# rpm -ivh perl-File-Temp-0.20-1.el5.rf.noarch.rpm
# rpm -ivh perl-File-Type-0.22-1.el5.rf.noarch.rpm
# rpm -ivh perl-Sys-Hostname-Long-1.4-2.0.el5.noarch.rpm
# rpm -ivh perl-Mail-SPF-Query-1.999.1-8.el5.noarch.rpm
# rpm -ivh perl-NetAddr-IP-4.007-1.el5.rf.i386.rpm
# rpm -ivh perl-Mail-SPF-2.005-1.el5.rf.noarch.rpm
# rpm -ivh perl-Crypt-OpenSSL-RSA-0.25-1.el5.rf.i386.rpm
# rpm -ivh perl-Digest-SHA-5.45-1.el5.rf.i386.rpm
# rpm -ivh perl-TimeDate-1.16-5.el5.noarch.rpm
# rpm -ivh perl-MailTools-1.77-1.el5.centos.noarch.rpm
# rpm -ivh perl-Mail-DKIM-0.24-1.el5.i386.rpm
# rpm -ivh perl-Mail-DomainKeys-0.21-2.0.el5.noarch.rpm
# rpm -ivh perl-Net-Daemon-0.43-1.el5.rf.noarch.rpm
# rpm -ivh perl-PlRPC-0.2020-1.el5.rf.noarch.rpm
# rpm -ivh perl-DBI-1.601-1.el5.rf.i386.rpm
# rpm -ivh perl-Socket6-0.19-3.fc6.i386.rpm
# rpm -ivh perl-IO-Socket-INET6-2.51-2.fc6.noarch.rpm
# rpm -ivh perl-Net-SSLeay-1.30-4.fc6.i386.rpm
# rpm -ivh perl-IO-Socket-SSL-1.01-1.fc6.noarch.rpm
# rpm -ivh perl-libwww-perl-5.805-1.1.1.noarch.rpm
# rpm -ivh atrpms-70-1.noarch.rpm
# rpm -ivh razor-agents-2.82-17.el5.i386.rpm
# rpm -ivh perl-bignum-0.22-1.el5.rf.noarch.rpm
# rpm -ivh perl-Math-BigRat-0.19-1.noarch.rpm
(二)安装 Spamassassin
目前 spamassassin 其官方最新的稳定版本是 spamassassin-3.2.3,在这里为了让初次接触 spamassassin 的人能更好的先了解这个软件,所以安装的时候,用 rpm 包来安装。至于 tar.gz 包方式安装,我在之前也讲述过。(在本 blog 中可以找到)
# rpm -ivh spamassassin-3.2.3-45.el5.i386.rpm
安装完后,在系统中会建立两个主程序目录:
/etc/mail/spamassassin
/usr/share/spamassassin
其中 /etc/mail/spamassassin 目录中主要有其配置文件 local.cf
而 /usr/share/spamassassin 目录主要放置 spamassassin 的一些规则文件;建议以后有新的规则文件都放置到这里,不要输入到 local.cf 文件中。
(三)安装 MailScanner
MailScanner 目前官方最新稳定版本是 MailScanner-4.66.5-3,安装也很简单:
# tar zxvf MailScanner-4.66.5-3.rpm.tar.gz
# cd MailScanner-4.66.5-3
# ./install.sh
安装完后,会在系统的 /etc 目录下有个 MailScanner 的目录。MailScanner 的主要配置文件都在这个目录下。
# cd /var/spool/MailScanner
# mkdir spamassassin
# mkdir .spamassassin
# chown -R postfix.root *
# chown -R postfix.root .spamassassin
# chmod 0700 *
# chmod 0700 .spamassassin
(四)配置 postfix
安装好 MailScanner 后,需要对 postfix 做些设置:
# vi /etc/postfix/main.cf
# Content-Filter
header_checks = regexp:/etc/postfix/header_checks (增加这一行)
receive_override_options = no_address_mappings
# vi /etc/postfix/header_checks
# reject by subject or attachment file extension name
/^Received:/ HOLD (增加这一行;中间的空格用 TAB 键,切记!)
