POSTFIX下的反垃圾反病毒邮件系统
--------------------------------------------------------------------------------
使用版本为
hawk# uname -a
FreeBSD hawk.the9.com 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Mon Oct 27 17:51:09 GMT 2003 root@freebsd-stable.sentex.ca:/usr/obj/usr/src/sys/GENERIC i386
1.分区:
1G /
1G swap
3G /var 邮件存储在这里所以设置比较大
1G /tmp
1G /home
3G /usr
剩下 /data
2.用户
添加cnhawk用户,口令另行约定,cnhawk用户需加入wheel组,root口令另行约定
3. packages安装
选择最小化安装
选中
在custom选项里选中
compat3x
compat4x
man
ports
4.rc.conf
设定:
sendmail_enable="NONE"
5. 安装mysql
A.可以在ports中安装
Cd /usr/ports/databases/mysql323-server
Make install
安装的mysql的版本是mysql-3.23.58
B.以下是手动安装mysql-3.23.55
1)添加mysql用户组及mysql用户
hawk# pw groupadd mysql
hawk# pw useradd mysql -g mysql -s /nonexistent
2)配置安装
hawk# tar zxvf mysql-3.23.55.tar.gz
hawk# cd mysql-3.23.55
hawk# ./configure --prefix=/usr/local/mysql --with-low-memory --with-charset=gb2312 --without-debug
hawk# make
hawk# make install
hawk# scripts/mysql_install_db
hawk# chown -R root /usr/local/mysql
hawk# chown -R mysql /usr/local/mysql/var
hawk# chgrp -R mysql /usr/local/mysql
hawk# cp support-files/my-medium.cnf /etc/my.cnf
hawk# ln -s /usr/local/mysql/bin/safe_mysqld /usr/local/bin/safe_mysqld
hawk# ln -s /usr/local/mysql/bin/mysqladmin /usr/local/bin/mysqladmin
hawk# ln -s /usr/local/mysql/bin/mysql /usr/local/bin/mysql
hawk# ln -s /usr/local/mysql/lib/mysql /usr/local/lib/mysql
3)编辑用户数据库
以下是建库的语句
use mysql;
#======================postfix==================================
INSERT INTO user (host,user,password) VALUES('localhost','postfix','');
update user set password=password('hawk') where User='postfix';
FLUSH PRIVILEGES;
GRANT ALL ON mail.* TO postfix@localhost IDENTIFIED BY "hawk";
#======================courier==================================
INSERT INTO user (host,user,password) VALUES ('localhost','courier','');
update user set password=password('hawk') where User='courier';
FLUSH PRIVILEGES;
GRANT select,insert,update on mail.* TO courier;
#=======================MAIL.SQL=================================
#Create mail database
CREATE DATABASE mail;
use mail;
#Create the aliases table
CREATE TABLE aliases (
alias varchar(255) NOT NULL default '',
rcpt varchar(255) default NULL,
PRIMARY KEY (alias)
) TYPE=MyISAM;
#Create the transport table
CREATE TABLE transport (
domain char(128) NOT NULL default '',
transport char(128) NOT NULL default '',
UNIQUE KEY domain (domain)
) TYPE=MyISAM;
#Create thevirtua_users table
CREATE TABLE virtual_users (
unique_id int(32) unsigned NOT NULL auto_increment,
id char(128) NOT NULL default '',
password char(128) default NULL,
uid int(10) unsigned default '2003',
gid int(10) unsigned default '2003',
home char(255) default NULL,
maildir char(255) default NULL,
date_add date default NULL,
time_add time default NULL,
domain char(128) default NULL,
name char(255) default NULL,
imapok tinyint(3) unsigned default '1',
quota char(255) default '10485760',
PRIMARY KEY (id),
KEY unique_id (unique_id)
) TYPE=MyISAM;
#Create address table //该部分是为使用igenus而增加的。
CREATE TABLE address (
id int(32) unsigned NOT NULL auto_increment,
unique_id int(32) NOT NULL default '0',
name char(255) NOT NULL default ' ',
email char(255) NOT NULL default ' ',
PRIMARY KEY (id),
key unique_id (unique_id)
) TYPE=MyISAM;
#==========================================================
4)设置自启:
hawk# edit /usr/local/etc/rc.d/mysqld.sh
示例:mysqld.sh
#!/bin/sh
case "$1" in
start)
if [ -x /usr/local/mysql/bin/safe_mysqld ]; then
/usr/local/mysql/bin/safe_mysqld --user=mysql & > /dev/null && echo -n ' mysqld'
fi
;;
stop)
/usr/bin/killall mysqld > /dev/null 2>&1 && echo -n ' mysqld'
;;
*)
echo ""
echo "Usage: `basename $0` { start | stop }"
echo ""
exit 64
;;
esac
hawk# chmod 755 /usr/local/etc/rc.d/mysqld.sh
6.安装cyrus-sasl
1)安装cyrus-sasl-2.1.12
hawk# tar -zxvf cyrus-sasl-2.1.12.tar.gz
hawk# cd cyrus-sasl-2.1.12
hawk# ./configure --disable-sample --disable-pwcheck --disable-cram --disable-digest --disable-krb4 --disable-gssapi --disable-anon --with-saslauthd=/var/run/saslauthd --enable-plain --enable-login
hawk# make
hawk# make install
hawk# ln -s /usr/local/lib/sasl2 /usr/lib/sasl2
2)配置sasl的lib库
hawk# edit /etc/defaults/rc.conf
(在ldconfig_paths="/usr/loca/lib后面加上/usr/local/lib/sasl2")
hawk# shutdown -r now(使其生效)
3)运行saslauthd(如果使用pam直接认证,则该步骤可以省略)
示例saslauthd.sh
#!/bin/sh
case "$1" in
start)
if [ -x /usr/local/sbin/saslauthd ]; then
/usr/local/sbin/saslauthd -a pam > /dev/null && echo -n ' saslauthd'
fi
;;
stop)
/usr/bin/killall saslauthd > /dev/null 2>&1 && echo -n ' saslauthd'
;;
*)
echo ""
echo "Usage: `basename $0` { start | stop }"
echo ""
exit 64
;;
Esac
hawk# mkdir /var/run/saslauthd
hawk# edit /usr/local/etc/rc.d/saslauthd.sh
hawk# chmod 755 /usr/local/etc/rc.d/saslauthd.sh
4)准备postfix认证的配置文件
A)使用pam直接认证:
hawk# echo pwcheck_method: pam > /usr/local/lib/sasl2/smtpd.conf
B)使用saslauthd调用pam认证:
hawk# echo pwcheck_method: saslauthd > /usr/lib/sasl2/smtpd.conf
7. 安装 pam_mysql
安装 pam_mysql-0.5 (由于采用源码安装编译不能通过,故使用freebsd4.9 ports安装)
1)安装
hawk# pkg_add –r gmake (pam_mysql需要gmake)
hawk# cd /usr/ports/security/pam-mysql/
hawk# cp /usr/local/lib/pam_mysql.so /usr/lib/
2)配置pam.conf调用mysql支持sasl认证
hawk# edit /etc/pam.conf(将pop3 和imap的前面加上#)添加下列代码:
smtp auth sufficient pam_mysql.so user=postfix passwd=hawk host=localhost db=mail table=virtual_users usercolumn=id passwdcolumn=password crypt=1
smtp account required pam_mysql.so user=postfix passwd=hawk host=localhost db=mail table=virtual_users usercolumn=id passwdcolumn=password crypt=1
(注:密码使用crypt加密,如果使用明文密码cyrpt=0,如果使用password()加密crypt=2)
8.安装postfix
1)停止sendmail
hawk# mv /usr/bin/newaliases /usr/bin/newaliases.OFF
hawk# mv /usr/bin/mailq /usr/bin/mailq.OFF
hawk# mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF
hawk# mv /etc/rc.sendmail /etc/sendmail.OFF
hawk# edit /etc/rc.conf(在sendmail="YES"前面添加# )
2)添加postfix用户
hawk# pw groupadd postfix -g 2003
hawk# pw groupadd postdrop -g 2004
hawk# pw useradd postfix -u 2003 -g 2003 -d /dev/null -s /nologin
3)安装
安装postfix-2.0.10.tar.gz
hawk# tar zxvf postfix-2.0.10.tar.gz
hawk# cd postfix-2.0.10
如果你的mysql是源码编译请用下面这个命令
hawk# make -f Makefile.init makefiles 'CCARGS=-DUSE_SASL_AUTH -DHAS_MYSQL -I/usr/local/mysql/include/mysql -I/usr/local/include/sasl' 'AUXLIBS=-L/usr/local/lib/ -L/usr/local/mysql/lib/mysql -lmysqlclient -lsasl2 -lz -lm'
如果你的mysql是ports安装的请用下面这个命令
hawk# make -f Makefile.init makefiles 'CCARGS=-DUSE_SASL_AUTH -DHAS_MYSQL -I/usr/local/include/mysql -I/usr/local/include/sasl' 'AUXLIBS=-L/usr/local/lib/ -L/usr/local/lib/mysql -lmysqlclient -lsasl2 -lz -lm'
hawk# make
hawk# make install(第一次安装使用此命令,安装过程中如果提示错误则在提示选择tmp的时候使用/tmp)
hawk# make upgrade(升级老版本使用此命令)
4)配置
hawk# echo ‘postfix: root’ >> /etc/aliases
hawk# /usr/bin/newaliases
(注:如果提示postfix无法打开opiekeys文件则执行:#hawk chown postfix:postfix /etc/opiekeys)
A)编辑修改/etc/posftix/main.cf 示例:main.cf
#======= BASE ==============
myhostname = hawk.the9.com
mydomain = the9.com
home_mailbox=Maildir/
mydestination = $myhostname, $mydomain, $transport_maps
local_recipient_maps = 为空
mailbox_command= /usr/lib/courier-imap/bin/deliverquota -w 90 ~/Maildir
#======= MYSQL =============
transport_maps = mysql:/etc/postfix/transport.cf
virtual_gid_maps = mysql:/etc/postfix/gids.cf
virtual_mailbox_base = /var/mail
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual.cf
virtual_maps = mysql:/etc/postfix/mysql.aliases.cf
virtual_uid_maps = mysql:/etc/postfix/uids.cf
#======= Quota ============
message_size_limit = 2097152 //限制每次发邮件的大小 2MB
virtual_mailbox_limit_inbox = no
virtual_mailbox_limit_maps = mysql:/etc/postfix/mailboxsize-mysql.cf
virtual_mailbox_limit_override = yes
virtual_maildir_extended = yes
virtual_create_maildirsize = yes
virtual_mailbox_limit = 10485760 //总邮箱的大小 10MB
#====== SASL ================
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated permit_auth_destinatio reject
#smtpd_sasl_local_domain = $mydomain
smtpd_client_restrictions = permit_sasl_authenticated
B)确认/etc/postfix/master.cf的配置有如下内容
virtual unix - n n - - virtual
C)编辑/etc/posftix/transport.cf
示例:transport.cf
user = postfix
password = hawk
dbname = mail
table = transport
select_field = transport
where_field = domain
hosts = localhost
D)编辑/etc/postfix/gids.cf
示例:gids.cf
user = postfix
password= hawk
dbname = mail
table = virtual_users
select_field = gid
where_field = id
hosts = localhost
E)编辑/etc/postfix/uids.cf
示例:uids.cf
user = postfix
password= hawk
dbname = mail
table = virtual_users
select_field = uid
where_field = id
hosts = localhost
F)编辑/etc/posftix/mysql_virtual.cf
示例:mysql_virtual.cf
user = postfix
password= hawk
dbname = mail
table = virtual_users
select_field = maildir
where_field = id
hosts = localhost
G)编辑/etc/postfix/mysql.aliases.cf 示例:mysql.aliases.cf
user = postfix
password= hawk
dbname = mail
table = aliases
select_field = rcpt
where_field = alias
hosts = localhost
H)编辑/etc/postfix/mailboxsize-mysql.cf 示例:mailboxsize-mysql.cf
user = postfix
password = hawk
dbname = mail
table = virtual_users
select_field = quota
where_field = id
hosts = localhost
5)设置自启动
hawk# edit /usr/local/etc/rc.d/postfix-server.sh
示例:postfix-server.sh
#!/bin/sh
case "$1" in
start)
if [ -x /usr/sbin/postfix ]; then
/usr/sbin/postfix start && echo -n ' postfix'
fi
;;
stop)
/usr/sbin/postfix stop && echo -n ' postfix'
;;
*)
echo ""
echo "Usage: `basename $0` { start | stop }"
echo ""
exit 64
;;
esac
hawk# chmod 755 /usr/local/etc/rc.d/postfix-server.sh
9.安装expect.tar.gz(need tcl)
hawk# pkg_add tcl-8.3.5_2.tgz
hawk# tar zxvf expect-5.38.tar.gz
hawk# cd expect-5.38
hawk# ./configure --enable-threads --with-tcl=/usr/local/lib/tcl8.3 --with-tclinclude=/usr/local/include/tcl8.3
hawk# make
hawk# make install
10.安装Courier-imap-1.7.1(need gmake、expect)
1、安装
hawk# pkg_add -r gmake 远程安装包
hawk# pw useradd cnhawk -g wheel(the software MUST run the configure script as normal user, not root)
hawk$ bunzip2 courier-imap-1.7.1.tar.bz2
hawk$ tar xvf courier-imap-1.7.1.tar
hawk$ cd courier-imap-1.7.1
如果你的mysql是源码编译请用下面这个命令
hawk$ ./configure --without-ipv6 --enable-unicode --enable-workarounds-for-imap-client-bugs --with-mysql-libs=/usr/local/mysql/lib/mysql --with-mysql-includes=/usr/local/mysql/include/mysql
如果你的mysql是ports安装请用下面这个命令
Hawk$./configure --without-ipv6 --enable-unicode --enable-workarounds-for-imap-client-bugs --with-mysql-libs=/usr/local/lib/mysql --with-mysql-includes=/usr/local/include/mysql
hawk$ gmake
hawk# su root
hawk# gmake install
hawk# gmake install-configure
2)配置
编辑修改/usr/lib/courier-imap/etc/authmysqlrc 示例:authmysqlrc
##VERSION: $Id: authmysqlrc,v 1.10 2002/04/02 23:41:41 mrsam Exp $
#
# Copyright 2000 Double Precision, Inc. See COPYING for
# distribution information.
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
# authmysqlrc created from authmysqlrc.dist by sysconftool
#
# DO NOT INSTALL THIS FILE with world read permissions. This file
# might contain the MySQL admin password!
#
# Each line in this file must follow the following format:
#
# field[spaces|tabs]value
#
# That is, the name of the field, followed by spaces or tabs, followed by
# field value. Trailing spaces are prohibited.
##NAME: LOCATION:0
#
# The server name, userid, and password used to log in.
MYSQL_SERVER localhost
MYSQL_USERNAME courier
MYSQL_PASSWORD hawk
##NAME: MYSQL_SOCKET:0
#
# MYSQL_SOCKET can be used with MySQL version 3.22 or later, it specifies the
# filesystem pipe used for the connection
#
MYSQL_SOCKET /tmp/mysql.sock
##NAME: MYSQL_PORT:0
#
# MYSQL_PORT can be used with MySQL version 3.22 or later to specify a port to
# connect to.
MYSQL_PORT 3306
##NAME: MYSQL_OPT:0
#
# Leave MYSQL_OPT as 0, unless you know what you're doing.
MYSQL_OPT 0
##NAME: MYSQL_DATABASE:0
#
# The name of the MySQL database we will open:
MYSQL_DATABASE mail
##NAME: MYSQL_USER_TABLE:0
#
# The name of the table containing your user data. See README.authmysqlrc
# for the required fields in this table.
MYSQL_USER_TABLE virtual_users
##NAME: MYSQL_CRYPT_PWFIELD:0
#
# Either MYSQL_CRYPT_PWFIELD or MYSQL_CLEAR_PWFIELD must be defined. Both
# are OK too. crypted passwords go into MYSQL_CRYPT_PWFIELD, cleartext
# passwords go into MYSQL_CLEAR_PWFIELD. Cleartext passwords allow
# CRAM-MD5 authentication to be implemented.
MYSQL_CRYPT_PWFIELD password
##NAME: MYSQL_CLEAR_PWFIELD:0
#
#
# MYSQL_CLEAR_PWFIELD clear
##NAME: MYSQL_DEFAULT_DOMAIN:0
#
# If DEFAULT_DOMAIN is defined, and someone tries to log in as 'user',
# we will look up 'user@DEFAULT_DOMAIN' instead.
#
#
# DEFAULT_DOMAIN example.com
##NAME: MYSQL_UID_FIELD:0
#
# Other fields in the mysql table:
#
# MYSQL_UID_FIELD - contains the numerical userid of the account
#
MYSQL_UID_FIELD uid
##NAME: MYSQL_GID_FIELD:0
#
# Numerical groupid of the account
MYSQL_GID_FIELD gid
##NAME: MYSQL_LOGIN_FIELD:0
#
# The login id, default is id. Basically the query is:
#
# SELECT MYSQL_UID_FIELD, MYSQL_GID_FIELD, ... WHERE id='loginid'
#
MYSQL_LOGIN_FIELD id
##NAME: MYSQL_HOME_FIELD:0
#
MYSQL_HOME_FIELD home
##NAME: MYSQL_NAME_FIELD:0
#
# The user's name (optional)
MYSQL_NAME_FIELD name
##NAME: MYSQL_MAILDIR_FIELD:0
#
# This is an optional field, and can be used to specify an arbitrary
# location of the maildir for the account, which normally defaults to
# $HOME/Maildir (where $HOME is read from MYSQL_HOME_FIELD).
#
# You still need to provide a MYSQL_HOME_FIELD, even if you uncomment this
# out.
#
MYSQL_MAILDIR_FIELD maildir
##NAME: MYSQL_QUOTA_FIELD:0
#
# Define MYSQL_QUOTA_FIELD to be the name of the field that can optionally
# specify a maildir quota. See README.maildirquota for more information
#
MYSQL_QUOTA_FIELD quota
##NAME: MYSQL_WHERE_CLAUSE:0
#
# This is optional, MYSQL_WHERE_CLAUSE can be basically set to an arbitrary
# fixed string that is appended to the WHERE clause of our query
#
MYSQL_WHERE_CLAUSE imapok=1
##NAME: MYSQL_SELECT_CLAUSE:0
#
# (EXPERIMENTAL)
# This is optional, MYSQL_SELECT_CLAUSE can be set when you have a database,
# which is structuraly different from proposed. The fixed string will
# be used to do a SELECT operation on database, which should return fields
# in order specified bellow:
#
# username, cryptpw, uid, gid, clearpw, home, maildir, quota, fullname
#
# Enabling this option causes ignorance of any other field-related
# options, excluding default domain.
#
# There are two variables, which you can use. Substitution will be made
# for them, so you can put entered username (local part) and domain name
# in the right place of your query. These variables are:
# $(local_part) and $(domain)
#
# If a $(domain) is empty (not given by the remote user) the default domain
# name is used in its place.
#
# This example is a little bit modified adaptation of vmail-sql
# database scheme:
#
# MYSQL_SELECT_CLAUSE SELECT popbox.local_part, # CONCAT('{MD5}', popbox.password_hash), # popbox.clearpw, # domain.uid, # domain.gid, # CONCAT(domain.path, '/', popbox.mbox_name), # '', # domain.quota, # '', # FROM popbox, domain # WHERE popbox.local_part = '$(local_part)' # AND popbox.domain_name = '$(domain)' # AND popbox.domain_name = domain.domain_name
#
##NAME: MYSQL_CHPASS_CLAUSE:0
#
# (EXPERIMENTAL)
# This is optional, MYSQL_CHPASS_CLAUSE can be set when you have a database,
# which is structuraly different from proposed. The fixed string will
# be used to do an UPDATE operation on database. In other words, it is
# used, when changing password.
#
# There are four variables, which you can use. Substitution will be made
# for them, so you can put entered username (local part) and domain name
# in the right place of your query. There variables are:
# $(local_part) , $(domain) , $(newpass) , $(newpass_crypt)
#
# If a $(domain) is empty (not given by the remote user) the default domain
# name is used in its place.
# $(newpass) contains plain password
# $(newpass_crypt) contains its crypted form
#
# MYSQL_CHPASS_CLAUSE UPDATE popbox # SET clearpw='$(newpass)', # password_hash='$(newpass_crypt)' # WHERE local_part='$(local_part)' # AND domain_name='$(domain)'
#
编辑修改/usr/lib/courier-imap/etc/authdaemonrc
version="authdaemond.mysql"
3)设置自启动
hawk# cd /usr/local/etc/rc.d
hawk# ln -s /usr/lib/courier-imap/libexec/imapd.rc imapd.sh
hawk# ln -s /usr/lib/courier-imap/libexec/pop3d.rc pop3d.sh
hawk# chmod 755 imapd.sh
hawk# chmod 755 pop3d.sh
现在开始测试:
1)设置用户:
hawk# mysql
mysql> use mail;
在数据库里你可以看到
mysql> show tables;
+----------------+
| Tables_in_mail |
+----------------+
| aliases |
| transport |
| virtual_users |
+----------------+
mysql> desc aliases;
+-------+--------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------+--------------+------+-----+---------+-------+
| alias | varchar(255) | | PRI | | |
| rcpt | varchar(255) | YES | | NULL | |
+-------+--------------+------+-----+---------+-------+
mysql> insert aliases values('postmaster@the9.com','cnhawk@the9.com');
mysql> insert aliases values('postmaster@freebsd.net','cnhawk@freebsd.net');
mysql> select * from aliases;
+--------------------------+--------------------+
| alias | rcpt |
+--------------------------+--------------------+
| postmaster@the9.com | cnhawk@the9.com |
| postmaster@freebsd.net | cnhawk@freebse.net |
+--------------------------+--------------------+
mysql> desc transport;
+-----------+-----------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------+-----------+------+-----+---------+-------+
| domain | char(128) | | PRI | | |
| transport | char(128) | | | | |
+-----------+-----------+------+-----+---------+-------+
mysql> insert transport values('the9.com','virtual:');
mysql> insert transport values('freebsd.net','virtual:');
mysql> select * from transport;
+---------------+-----------+
| domain | transport |
+---------------+-----------+
| nankai.edu.cn | virtual: |
| freebsd.net | virtual: |
+---------------+-----------+
mysql> desc virtual_users;
+-----------+---------------------+------+-----+----------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-----------+---------------------+------+-----+----------+----------------+
| unique_id | int(32) unsigned | | MUL | NULL | auto_increment |
| id | char(128) | | PRI | | |
| password | char(128) | YES | | NULL | |
| uid | int(10) unsigned | YES | | 104 | |
| gid | int(10) unsigned | YES | | 104 | |
| home | char(255) | YES | | NULL | |
| maildir | char(255) | YES | | NULL | |
| date_add | date | YES | | NULL | |
| time_add | time | YES | | NULL | |
| domain | char(128) | YES | | NULL | |
| name | char(255) | YES | | NULL | |
| imapok | tinyint(3) unsigned | YES | | 1 | |
| quota | char(255) | YES | | 10485760 | |
+-----------+---------------------+------+-----+----------+----------------+
mysql> INSERT INTO virtual_users
mysql> (id,home,password,maildir,date_add,time_add,domain,name)
mysql> VALUES ('cnhawk@the9.com','/var/mail/',encrypt('cnhawk'),
mysql> 'the9.com/cnhawk/Maildir/','2003-04-23','01:18:24','the9.com','cnhawk');
mysql> INSERT INTO virtual_users
mysql> (id,home,password,maildir,date_add,time_add,domain,name)
mysql> VALUES ('hawk@freebsd.net','/var/mail/',encrypt('hawk'),
mysql> 'freebsd.net/hawk/Maildir/','2003-04-23','01:18:24','freebsd.net','hawk');
mysql> quit
2)设置用户的目录与权限:
hawk# mkdir -p /var/mail/the9.com/cnhawk
hawk# mkdir -p /var/mail/freebsd.net/hawk
hawk# cd /usr/lib/courier-imap/bin
hawk# ./maildirmake /var/mail/the9.com/cnhawk/Maildir
hawk# ./maildirmake /var/mail/freebsd.net/hawk/Maildir
hawk# chmod -R 700 /var/mail/the9.com/
hawk# chmod -R 700 /var/mail/freebsd.net/
hawk# chown -R postfix:postfix /var/mail/the9.com
hawk# chown -R postfix:postfix /var/mail/freebsd.net
至此用户设置完毕,这里仅仅使用两个虚拟域,同理可以设置若干个虚拟域,如:mail.com
3)用户登录测试:
hawk# telnet 127.0.0.1 110
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
+OK Hello there.
user cnhawk@the9.com
+OK Password required.
pass cnhawk
+OK logged in. (OK,pop 登录成功)
quit
+OK Bye-bye.
Connection closed by foreign host.
也可以使用任何其它的邮件客户端程序来测试,如foxmail、Outlook Express等等。
然后安装webmail
安装igenus
1.安装:
hawk # cd /usr/ports/www/apache2
hawk # make install
hawk# cd /usr/ports/www/mod_php4
hawk# make install
hawk# cd /var/mail
hawk# tar zxvf igenus_docn.tar.gz
hawk# edit /usr/local/apache/conf/httpd.conf
2.配置:
1)Group nobody、User nobody
修改为: Group postfix、User postfix
2)DocumentRoot "/usr/local/apache/htdocs"
修改为:DocumentRoot "/var/mail/webmail"
3) 查找 AddDefaultCharset ISO-8859-1
改为AddDefaultCharset GB2312 #中文支持
添加AddType application/x-httpd-php .php #php支持
4)修改config_inc.php文件
$CFG_BASEPATH = "/var/mail/webmail";
$CFG_MYSQL_HOST = 'localhost';
$CFG_MYSQL_USER = 'postfix';
$CFG_MYSQL_PASS = 'hawk';(同以上密码,均可以自己修改)
$CFG_MYSQL_DB = 'mail';
5) 编辑/usr/local/etc/php.ini,修改:
Cp /usr/local/etc/php.ini-dist /usr/local/etc/php.ini
register_globals = On
3.使用:
最后在浏览器的URL中输入:
http://IP 因为没有DNS 有了DNS就好了 可以直接定位域名
1. 修改/etc/php.ini
max_execution_time = 30 #改为60 (增加处理脚本的时间限制)
memory_limit = 8M #改为40M (这样才能发10M的附件)
post_max_size = 2M #改为10M
upload_max_filesize = 2M #改为10M
2. 修改/etc/httpd/conf.d/php.conf
<Files *.php>
SetOutputFilter PHP
SetInputFilter PHP
LimitRequestBody 524288 #把524288改为10485760
</Files>
这里的 LimitRequestBody 524288 限定了上传附件的上限为512k, 将其改为10M
3. 修改/etc/postfix/main.cf, 添加如下语句:
message_size_limit = 14336000
postfix的默认值是10M, 但这指的是邮件正文和编码后附件的总和, 经过base64编码,附件的大小会增加35%左右, 因此这里设定可接受邮件的大小为14M
可以使用如下命令查看postfix的有关设定:
/usr/sbin/postconf | grep size
4. 重起apache和postfix.
反垃圾邮件 反病毒邮件部分
1.安装McAfee uvscan
BSD上的最新的版本是vbsd424e,虽然是试用但是可以升级也没有功能限制。
最新病毒库的版本是dat-4306.tar = b4af8aa33b670d15cc43ebf6f4967498
如何你的ports中的病毒库不是最新的版本 可以修改ports中的文件 可以去www.nai.com上面直接下载
安装McAfee AntiVirus
hawk# cd /usr/ports/security/vscan
hawk# make install clean
2.AMaViS的安装
AMaViS是uvscan和postfix之间的一个桥梁,完成邮件解码,交给uvscan查毒,然后再处理,转发操作。
2.1在ports中安装
我这里的版本号是amavisd-new-20030616
hawk# cd /usr/ports/security/amavisd-new/
# make install clean
hawk# cd /usr/local/etc
hawk# cp amavisd.conf-dist amavisd.conf
hawk# chown vscan amavisd.conf
hawk# chmod 750 amavisd.conf
hawk# chown vscan /usr/local/sbin/amavisd
hawk# chmod 750 /usr/local/sbin/amavisd
修改 amavisd.conf
$mydomain = 'the9.com'; (修改成你自己的)
$TEMPBASE = "/tmp";
$forward_method = 'smtp:127.0.0.1:10025';
$notify_method = $forward_method;
以下的可以根据你的服务器情况设定
$virus_admin = "vscan\@$mydomain"
$mailfrom_notify_admin = "vscan\@$mydomain";
$mailfrom_notify_recip = "vscan\@$mydomain";
$mailfrom_notify_spamadmin = "vscan\@$mydomain";
# $QUARANTINEDIR = '/var/virusmails';
2.2修改postfix
在 /etc/postfix/master.cf 中
smtp inet n - n - - smtpd
改为如下:
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
注意 关于127.0.0.1:10025 的 content_filter 为空白,是因为在 postfix 的 main.cf 中,先前已有定义 content_filter 的话,可能会造成在本地邮件不停的转寄给自己,要是有这样的情况发生,postfix 的日志中会出现以下信息「Error: too many hops 」。
测试
hawk# /usr/local/sbin/postfix stop
hawk# /usr/local/sbin/postfix start
hawk# su - vscan
hawk# /usr/local/sbin/amavisd debug
启动另一个终端:
hawk# telnet 127.0.0.1 10024
Trying 127.0.0.1...
Connected to localhost.the9.com.
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
MAIL FROM:<cnhawk@the9.com>
250 2.1.0 Sender cnhawk@the9.com OK
RCPT TO:<cnhawk@the9.com>
250 2.1.5 Recipient cnhawk@the9.com OK
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: Test 2
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
.
250 2.5.0 Ok, id=00116-02, BOUNCE <-- 出现这个表示系统已经认出这个邮件中含有 Virus
QUIT
2.3安装配置 Spamassassin
在最新的AMaVisd-new已经结合了Spamassassin功能,所以只要用 ports安装了 AMaVisd-ne,那 Spamassassin 也已经安装好了。
Port: amavisd-new-20030616.p5
Path: /usr/ports/security/amavisd-new
Info: Performance-enhanced daemonized version of amavis-perl
Maint: blaz@si.FreeBSD.org
Index: security
B-deps:
R-deps: arc-5.21e.8_1 freeze-2.5_1 lha-1.14i_1 lzo-1.08_1 lzop-1.01 p5-Archive-Tar-1.05 p5-Archive-Zip-1.06 p5-Authen-SASL-2.04 p5-Compress-Zlib-1.22 p5-Convert-TNEF-0.17 p5-Convert-UUlib-0.213 p5-Digest-HMAC-1.01 p5-Digest-MD5-2.27 p5-Digest-Nilsimsa-0.06 p5-Digest-SHA1-2.04 p5-File-Spec-0.82 p5-HTML-Parser-3.31 p5-HTML-Tagset-3.03 p5-IO-1.20 p5-IO-stringy-2.108 p5-MIME-Base64-2.20 p5-MIME-Tools-5.411a_2 p5-Mail-SpamAssassin-2.55 p5-Mail-Tools-1.58 p5-Net-1.16,1 p5-Net-DNS-0.40 p5-Net-Server-0.85 p5-PodParser-1.24 p5-Test-Harness-2.28 p5-Test-Simple-0.47_1 p5-Time-HiRes-1.50,1 p5-URI-1.25 p5-Unix-Syslog-0.100 razor-agents-2.36 unarj-2.43_1 unrar-3.20,2 zoo-2.10.1
如果服务器不需要 Spamassassin 的功能那这个步骤可以取消。
添加需要的用户
hawk# pw useradd spam -c "Spam Bayes Learner" -d /var/empty -s /sbin/nologin
hawk# pw useradd notspam -c "Not Spam Bayes Learner" -d /var/empty -s /sbin/nologin
修改 /usr/local/etc/mail/spamassassin/local.cf
use_bayes 1
bayes_path /var/amavis/.spamassassin/bayes
auto_learn 1
auto_learn_threshold_nonspam -2
auto_learn_threshold_spam 15
修改 /usr/local/etc/amavisd.conf
$max_servers = 2;
$max_requests = 10;
$child_timeout=5*60;
@bypass_virus_checks_acl = qw( . );
@local_domains_acl = ( ".$mydomain" );
$final_spam_destiny = D_PASS;
read_hash(\%whitelist_sender, '/var/amavis/whitelist');
read_hash(\%blacklist_sender, '/var/amavis/blacklist');
read_hash(\%spam_lovers, '/var/amavis/spam_lovers');
# SpamAssassin settings
#$sa_local_tests_only = 1;
$sa_auto_whitelist = 1;
$sa_mail_body_size_limit = 64*1024;
$sa_tag_level_deflt = 4.0;
$sa_tag2_level_deflt = 6.3;
$sa_kill_level_deflt = $sa_tag2_level_deflt;
$sa_spam_subject_tag = '***SPAM*** ';
建立所需要的文件
hawk# touch /var/amavis/whitelist
hawk# touch /var/amavis/blacklist
hawk# touch /var/amavis/spam_lovers
hawk# chown vscan /var/amavis/whitelist
hawk# chown vscan /var/amavis/blacklist
hawk# chown vscan /var/amavis/spam_lovers
hawk# echo spam@the9.com >> /var/amavis/spam_lovers
hawk# echo notspam@the9.com >> /var/amavis/spam_lovers
修改/usr/local/etc/postfix/main.cf
添加
content_filter = smtp-amavis:[127.0.0.1]:10024
建立自动学习体系
Bayesian Learning Script
hawk# vi /usr/local/sbin/my-sa-learn.sh
#!/bin/sh
if [ -e /var/mail/spam ]; then
/usr/local/bin/sa-learn --spam -p /var/amavis/.spamassassin/user_prefs --mbox /var/mail/spam
rm /var/mail/spam > /dev/null
fi
if [ -e /var/mail/notspam ]; then
/usr/local/bin/sa-learn --ham -p /var/amavis/.spamassassin/user_prefs --mbox /var/mail/notspam
rm /var/mail/notspam > /dev/null
fi
建立Bayes学习知识库:
hawk# /usr/bin/sa-learn --rebuild -p /var/amavis/.spamassassin/user_prefs
这样就可以自动学习了
hawk# chmod 700 /usr/local/sbin/my-sa-learn.sh
hawk# crontab -e
5 0 * * * /usr/local/sbin/my-sa-learn.sh
下面重新启动服务让设置生效
hawk# /usr/local/etc/rc.d/postfix.sh stop
hawk# /usr/local/etc/rc.d/postfix.sh start
hawk# /usr/local/etc/rc.d/amavisd.sh stop
hawk# /usr/local/etc/rc.d/amavisd.sh start
要是使用 Spamassassin 的 spamd,也需要重新启动。
启动 AMaVisd 时,确认是否有找到反病毒软件
hawk# cat /var/log/maillog |grep NAI
Dec 1 03:37:07 hawk amavis[112]: Found primary av scanner NAI McAfee AntiVirus (uvscan) at /usr/local/bin/uvscan
Dec 1 15:36:00 hawk amavis[110]: Found primary av scanner NAI McAfee AntiVirus (uvscan) at /usr/local/bin/uvscan
Dec 1 16:14:28 hawk amavis[110]: Found primary av scanner NAI McAfee AntiVirus (uvscan) at /usr/local/bin/uvscan
要是有这样的信息说明已经找到杀毒软件
病毒更新脚本
需要wget支持
先安装wget
hawk# pkg_add –r wget
安装完毕
hawk# vi /usr/local/libexec/uvscan/update-dat.sh
添加下面的内容
#!/bin/sh
#
# update-dat.sh
#
cd /usr/local/libexec/uvscan/
wget -q -O readme.txt http://download.nai.com/products/datfiles/4.x/nai/readme.txt >/dev/null
AVVER=`head -11 readme.txt | grep '4[0-9][0-9][0-9]' | head -1 | sed -e 's/^.*\(4[0-9]*\).*$/\1/'`
if [ ! -f dat-$AVVER.tar ]; then
for i in *.tar ; do
mv $i $i.old
done
if wget http://download.nai.com/products/datfiles/4.x/nai/dat-$AVVER.tar >/dev/null ; then
for i in *.dat ; do
cp -p $i $i.bak
done
if tar xf dat-$AVVER.tar ; then
rm -f *.old
echo `date` Successfully updated AntiVirus DAT files to $AVVER
fi
fi
fi
然后放入crontab 定时自动运行就可以自动更新病毒文件了。
草草写好
感谢CHINAUNIX的朋友帮忙
