版权声明:本文版权归作者所有,如其他个人、第三方网站或媒体报刊等需转载全文或节选,为支持我们的工作,请务必注明如下信息: 作者信息 文章原始出处:http://www.extmail.org/docs/extmail_solution_freebsd/ 项目首页:http://www.extmail.org 如果因此而给您带来麻烦,请您原谅,谢谢合作。
关于此文版本:0.14 作者:Qu Chifeng 项目主页:http://www.extmail.org 个人主页:http://www.chifeng.name 最后更新:2006-10-11 本文档以2005-07-25的早期文档为蓝本,以ports系统为基础。所涉及软件全部是OpenSource软件,版权以GPL为主,作为企业应用没有任何版权/法律问题。
编写本文的初衷,是给那些希望快速架设邮件系统而不想过多了解复杂的系统知识的网管/用户,为了使软件之间的结合更紧密,部分软件的配置及测试方面进行了增强改进,因此本文的一些操作步骤作者不能保证在其他场合能完全适用,敬请注意。
本文假定读者是在FreeBSD 6.x平台上安装,并具有一定的Unix平台 /FreeBSD平台系统经验,懂得ports基本命令及常规的系统操作,如文件的删除,目录创建,改名,和vi编辑器的基本使用等。
文档目录ExtMail Solution概述 操作系统安装 下载ExtMail Solution软件包 安装前的准备 OpenLDAP的安装和配置 安装配置Courier-IMAP MTA-Postfix配置 安装maildrop 配置Apache22 安装管理后台-ExtMan 安装Webmail-ExtMail 测试基本系统 内容/病毒过滤amavisd-new 杀毒程序clamav内容过滤Spamassassin测试杀毒/内容过滤安装邮件列表软件mailman 反垃圾邮件-Spam Locker 准备工作配置/测试与Postfix结合附加信息 只使用pop3只使用smtp只使用httpspostfix日常维护结束语 TODO列表 ChangeLog ExtMail Solution 结构ExtMail Solution 是一个基于优秀开源软件的电子邮件系统解决方案,核心部件包括了Postfix, Amavisd-new, ClamAV, ExtMail 和ExtMan, Courier系列软件。是一个功能相对比较齐全的免费电子邮件系统。以下是其主要的特性列表: 支持SMTP/POP3/IMAP/HTTP协议 支持SMTPs/POP3s/IMAPs/HTTPs协议 支持SMTP认证及ESMTP 可支持大容量邮箱(大于1GB) 高速Web界面访问邮箱 完整的Web管理后台 在线服务端病毒过滤 内建内容过滤 SMTP行为识别垃圾邮件 支持大量反垃圾邮件技术 图形化邮件日志分析 支持别名/多域/域管理员等 支持网络磁盘/POP3邮件 支持读/写HTML格式邮件 支持定制模板及多语言 支持邮件列表管理,基于WEB端
整个邮件解决方案由如下软件组成:
功能模块
内容
备注
操作系统(OS)
FreeBSD 6.x
FreeBSD是一个优秀的unix操作系统,基于宽松的BSD协议
邮件传输代理(MTA)
Postfix 2.3
使用2.3,ports中的postfix已经是最新的2.3版
数据库/目录服务
OpenLDAP 2.3
可选MySQL或其他LDAP ,本文以OpenLDAP为蓝本
邮件投递代理(MDA)
maildrop 2.0.x
支持过滤和强大功能
Web帐户管理后台
ExtMan 0.16-pre1
支持无限域名、无限用户
POP3 服务器
Courier-IMAP
支持pop3/pop3s/imap/imaps,功能强大,可根据需要选择
WebMail 系统
ExtMail 0.24-pre8
支持多语言、全部模板化,功能基本齐全
防病毒软件(Anti-Virus)
ClamAV 0.88
最热门的开源杀毒软件
SMTP阶段反垃圾邮件工具
Spam Locker 0.083
基于SMTP行为识别的Antispam软件,大量可选插件
内容过滤器
Amavisd-new 2.4.x
Content-Filter软件,支持与clamav/sa的挂接
内容级别的反垃圾邮件工具
SpamAssassin
著名的SA,可以支持大量规则,但速度慢
SMTP认证库
Cyrus SASL 2.1x
标准的SASL实现库,可以支持Courier authlib
其他数据认证库
Courier Authlib 0.58
authlib是maildrop, courier-imap等服务的关键部件
日志分析及显示
mailgraph_ext
在ExtMan中已经包含了
Web 服务器
Apache 2.2.x
最新版的apache服务器,默认支持ssl模块
maillist软件
Mailman2.1.x
功能强大的邮件列表软件,支持基于web的管理
操作系统安装操作系统的安装建议参考FreeBSD Handbook,在此仅给出链接,以避免不必要的重复劳动: 英文版
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install.html 中文版
http://cnsnap.cn.freebsd.org/doc/zh_CN.GB2312/books/handbook/install.html 安装时的注意事项
1,磁盘分区
由于是邮件系统,相关的日志和queue都会保存在var分区内,因此var分区要有足够的空间。以一块硬盘73G/内存2G的服务器为例,可做如下分区: / 512mswap 4096m /var 55g/tmp 512m/usr 13g(剩下所有的空间尽量保证有10G左右)
2,软件包的选择
我们的邮件系统是要对外服务的,所以尽可能少的选择软件包,安装时建议选择Minimal,然后进入Custom选择doc,info,man,src即可。
配置
1,编辑/etc/rc.conf确保有如下内容: sshd_enable="YES"named_enable="YES"sendmail_enable="NONE"
编辑/etc/resolv.conf确保第一条nameserver记录是127.0.0.1,类似如下: domain extmail.orgnameserver 127.0.0.1nameserver 202.106.0.20
然后执行如下命令: #cd /etc/namedb/ %26amp;%26amp; sh make-localhost
2,根据硬件的配置重新编译内核,编译内核的办法参考FreeBSD Handbook,这里只给出链接: 英文版
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html 中文版
http://cnsnap.cn.freebsd.org/doc/zh_CN.GB2312/books/handbook/kernelconfig.html 编译后系统的性能将得到较大的提升.
更新ports
根据你的情况执行 cvsup -gL2 /usr/share/examples/cvsup/ports-supfile -h cvsup.freebsdchina.org
或者 portsnap fetch %26amp;%26amp; portsnap update
下载ExtMail Solution软件包基本假定整个系统的安装全过程都要求以root身份执行,如果机器没有访问外部网络的能力,则事先下载好ExtMail Solution软件包,并用ftp以sysadmin帐户的身份,上载到服务器。
下载软件包我们统一将软件包下载到/root目录里。 su - cd /rootfetch http://www.extmail.org/source/ExtMail-Solution-FreeBSD-0.1.tar.gz
校验对下载的文件做以下md5校验,确保文件在下载的过程中是完整的。 fetch http://www.extmail.org/source/md5sum.es_freebsd-0.1md5 ExtMail-Solution-FreeBSD-0.1.tar.gz
如果md5生成的字符串和fetch下来的md5值一样,则说明下载的过程中没有问题。由于软件包不断的变更,所以上述结果和您的结果可能不一致,请以下载的md5sum为准。
解压目前最新的ExtMail-Solution软件包版本号为0.1,软件包文件名为:ExtMail-Solution-FreeBSD-0.1.tar.gz,下载回来后,在/root目录解开:
tar xfz ExtMail-Solution-FreeBSD-0.1.tar.gz
此外,我们假设本次安装默认域是extmail.org,主机名为:mail.extmail.org,IP地址为192.168.1.111, ExtMail Solution的文件目录是/root/ExtMail-Solution-0.1/
重要步骤:
我们进入/root/ExtMail-Solution-0.1/目录,该目录下包括如下文件/目录: conf/docs/src/README
其中conf/目录是相关配置文件的一个参考,src目录则是存放webmail, anti-spam等相关软件的源码,而README则是说明文件,docs目录则是本文档相关的html及图片。
下文所涉及的操作,绝大部分都是发生在/root/ExtMail-Solution-0.1目录里,请确保当前目录为:/root/ExtMail-Solution-0.1
安装前的准备增加一个存储邮件的帐号和组(vmail)
执行如下命令 pw group add vmail -g 1000pw user add vmail -u 1000 -g 1000 -s /sbin/nologin -d /dev/null
给test用户创建路径
需要一个测试帐号test@extmail.org,需要准备该账号的路径。 mkdir -p /var/domains/extmail.org/test/Maildir/newmkdir -p /var/domains/extmail.org/test/Maildir/curmkdir -p /var/domains/extmail.org/test/Maildir/tmpchown -R vmail:vmail /var/domains/chmod -R 700 /var/domains/
OpenLDAP的安装和配置OpenLDAP的安装
安装时选择: SASLTCP_WRAPPERSBDBDYNAMIC_BACKENDSSLUPD
cd /usr/ports/net/openldap23-server/ %26amp;%26amp; make install clean
OpenLDAP的配置
编辑/etc/hosts或者修改你的DNS服务器,增加如下两个域名。 192.168.1.111 ldap.extmail.org192.168.1.111 ldap-master.extmail.org
拷贝extmail.schema到OpenLDAP的schema目录 cp conf/extmail.schema /usr/local/etc/openldap/schema/
编辑/usr/local/etc/openldap/slapd.conf文件,内容类似如下: include /usr/local/etc/openldap/schema/core.schemainclude /usr/local/etc/openldap/schema/cosine.schemainclude /usr/local/etc/openldap/schema/nis.schemainclude /usr/local/etc/openldap/schema/extmail.schemapidfile /var/run/openldap/slapd.pidargsfile /var/run/openldap/slapd.argsdatabase bdbsuffix "dc=extmail.org"rootdn "cn=Manager,dc=extmail.org"rootpw secretdirectory /var/db/openldap-dataindex objectClass eq
编辑/usr/local/etc/openldap/ldap.conf文件,内容类似如下: BASE dc=extmail.orgURI ldap://ldap.extmail.org ldap://ldap-master.extmail.org:398SIZELIMIT 12TIMELIMIT 15DEREF never
编辑/etc/rc.conf,增加如下一行 slapd_enable="YES"
启动并初始化LDAP /usr/local/etc/rc.d/slapd startldapadd -x -D 'cn=Manager,dc=extmail.org' -w secret -f conf/init.ldif
OpenLDAP配置完成
安装配置courier-imap POP3/IMAPCourier-imap的安装
安装时选择: OPENSSLTRASHQUOTAAUTH_LDAP
cd /usr/ports/mail/courier-imap/ %26amp;%26amp; make install clean
Authlib的配置
编辑/usr/local/etc/authlib/authdaemonrc文件,内容类似如下: authmodulelist="authldap"authmodulelistorig="authldap"daemons=5authdaemonvar=/var/run/authdaemondsubsystem=mailDEBUG_LOGIN=0DEFAULTOPTIONS="wbnodsn=1"LOGGEROPTS=""
增加/var/run/authdaemond的执行权限,在FreeBSD系统下,其他用户默认没有执行权限 chmod +x /var/run/authdaemond
编辑/usr/local/etc/authlib/authldaprc文件,内容类似如下: LDAP_URI ldap://ldap.extmail.orgLDAP_PORT 389LDAP_PROTOCOL_VERSION 3LDAP_BASEDN o=extmailAccount,dc=extmail.org LDAP_BINDDN cn=Manager,dc=extmail.orgLDAP_BINDPW secretLDAP_TIMEOUT 5LDAP_MAIL mailLDAP_FILTER (active=1)LDAP_GLOB_UID vmailLDAP_GLOB_GID vmailLDAP_HOMEDIR homeDirectoryLDAP_MAILROOT /var/domainsLDAP_MAILDIRQUOTA mailQuotaLDAP_CRYPTPW userPasswordLDAP_DEREF neverLDAP_TLS 0
配置支持POP3s
拷贝一份配置文件 cp /usr/local/etc/courier-imap/pop3d.cnf.dist /usr/local/etc/courier-imap/pop3d.cnf
编辑/usr/local/etc/courier-imap/pop3d.cnf文件,类似如下: RANDFILE = /usr/local/share/courier-imap/pop3d.rand[ req ]default_bits = 1024encrypt_key = yesdistinguished_name = req_dnx509_extensions = cert_typeprompt = no[ req_dn ]C=CNST=BJL=Bei JingO=ExtmailOU=ExtmailCN=extmail.orgemailAddress=chifeng@gmail.com[ cert_type ]nsCertType = server
执行如下命令产生供POP3s使用的key /usr/local/sbin/mkpop3dcert
配置支持IMAPs
拷贝一份配置文件 cp /usr/local/etc/courier-imap/imapd.cnf.dist /usr/local/etc/courier-imap/imapd.cnf
编辑/usr/local/etc/courier-imap/imapd.cnf文件,类似如下: RANDFILE = /usr/local/share/courier-imap/imapd.rand[ req ]default_bits = 1024encrypt_key = yesdistinguished_name = req_dnx509_extensions = cert_typeprompt = no[ req_dn ]C=CNST=BJL=Bei JingO=ExtmailOU=ExtmailCN=extmail.orgemailAddress=chifeng@gmail.com[ cert_type ]nsCertType = server
执行如下命令产生供IMAP使用的key /usr/local/sbin/mkimapdcert
配置自动启动
编辑/etc/rc.conf文件,添加如下行: courier_authdaemond_enable="YES"courier_imap_pop3d_enable="YES"courier_imap_imapd_enable="YES"courier_imap_pop3d_ssl_enable="YES"courier_imap_imapd_ssl_enable="YES"
这5行的作用分别是在开机时:启动authdaemond,启动pop3d,启动imapd,启动pop3d-ssl,启动imapd-ssl。也可以使用命令行来控制这些进程的启动或者停止。 /usr/local/etc/rc.d/courier-authdaemond start/stop/usr/local/etc/rc.d/courier-imap-pop3d.sh start/stop/usr/local/etc/rc.d/courier-imap-imapd.sh start/stop/usr/local/etc/rc.d/courier-imap-pop3d-ssl.sh start/stop/usr/local/etc/rc.d/courier-imap-imapd-ssl.sh start/stop
Postfix的安装和配置-MTA安装postfix
安装时选择: PCRESASL2TLSOPENLDAPVDATEST
cd /usr/ports/mail/postfix/ %26amp;%26amp; make install clean
配置postfix
编辑/etc/rc.conf,增加如下一行 postfix_enable="YES"
编辑/etc/aliases,确保有如下一行 postfix: root
替换掉系统带的sendmail程序 mv /usr/sbin/sendmail /usr/sbin/sendmail.bakcp /usr/local/sbin/sendmail /usr/sbin/sendmail
编辑/etc/periodic.conf daily_clean_hoststat_enable="NO"daily_status_mail_rejects_enable="NO"daily_status_include_submit_mailq="NO"daily_submit_queuerun="NO"
执行如下命令 newaliaseschown postfix:postfix /etc/opiekeyspostconf -e 'mydomain = extmail.org'postconf -e 'myhostname = mail.extmail.org'postconf -e 'myorigin = $mydomain'postconf -e 'virtual_mailbox_base = /var/domains'postconf -e 'virtual_uid_maps=static:1000'postconf -e 'virtual_gid_maps=static:1000'
编辑/usr/local/etc/postfix/ldap_virtual_alias_maps.cf server_host = localhostsearch_base = o=extmailAlias,dc=extmail.orgquery_filter = (%26amp;(objectClass=extmailAlias)(mailLocalAddress=%s)(active=1))result_attribute = mailcache = nobind = noscope = sub
编辑/usr/local/etc/postfix/ldap_virtual_mailbox_maps.cf server_host = localhostsearch_base = o=extmailAccount,dc=extmail.orgquery_filter = (%26amp;(objectClass=extmailUser)(mail=%s)(active=1))result_attribute = mailMessageStorecache = nobind = noscope = sub
编辑/usr/local/etc/postfix/ldap_virtual_domains_maps.cf server_host = localhostsearch_base = o=extmailAccount,dc=extmail.orgquery_filter = (%26amp;(objectClass=extmailDomain)(virtualDomain=%s)(active=1))result_attribute = virtualDomaincache = nobind = noscope = sub
执行如下命令对查询表进行配置 postconf -e 'virtual_alias_maps = $alias_maps, ldap:/usr/local/etc/postfix/ldap_virtual_alias_maps.cf'postconf -e 'virtual_mailbox_maps = ldap:/usr/local/etc/postfix/ldap_virtual_mailbox_maps.cf'postconf -e 'virtual_mailbox_domains = ldap:/usr/local/etc/postfix/ldap_virtual_domains_maps.cf'
SMTP认证设置
编辑/usr/local/lib/sasl2/smtpd.conf pwcheck_method:authdaemondlog_level:3mech_list:PLAIN LOGINauthdaemond_path:/var/run/authdaemond/socket
对postfix做如下配置使支持smtp认证 postconf -e 'smtpd_sasl_auth_enable=yes'postconf -e 'broken_sasl_auth_clients = yes'postconf -e 'smtpd_sasl_local_domain = $myhostname'
postfix反垃圾设置
此处的反垃圾邮件只是在MTA级的一些预防垃圾邮件的设置,可根据实际情况以及自己的需要进行调整。 postconf -e 'smtpd_helo_required=yes'postconf -e 'smtpd_delay_reject=yes'postconf -e 'disable_vrfy_command=yes'postconf -e 'smtpd_client_restrictions = check_client_access hash:/usr/local/etc/postfix/client_access'postconf -e 'smtpd_helo_restrictions=reject_invalid_hostname,check_helo_access hash:/usr/local/etc/postfix/helo_access'postconf -e 'smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, check_sender_access hash:/usr/local/etc/postfix/sender_access'postconf -e 'smtpd_recipient_restrictions=permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain'postconf -e 'smtpd_data_restrictions=reject_unauth_pipelining'postconf -e 'header_checks = regexp:/usr/local/etc/postfix/head_checks'postconf -e 'body_checks = regexp:/usr/local/etc/postfix/body_checks'touch /usr/local/etc/postfix/head_checkstouch /usr/local/etc/postfix/body_checkstouch /usr/local/etc/postfix/client_accesstouch /usr/local/etc/postfix/sender_accesstouch /usr/local/etc/postfix/helo_accesspostmap /usr/local/etc/postfix/head_checkspostmap /usr/local/etc/postfix/body_checkspostmap /usr/local/etc/postfix/client_accesspostmap /usr/local/etc/postfix/sender_accesspostmap /usr/local/etc/postfix/helo_access
TLS设置
生成证书,在这里默认私钥的访问密码为123qwe98,请根据自己的情况决定,以后可能会用得到。 mkdir -p /usr/local/etc/postfix/certs/CAcd /usr/local/etc/postfix/certs/CAmkdir certs crl newcerts privateecho "01" serialtouch index.txtcp /usr/src/crypto/openssl/apps/openssl.cnf .
编辑openssl.cnf,确认dir参数的值是/usr/local/etc/postfix/certs/CA。然后继续执行如下命令,并根据情况输入信息。输入信息类似如下: Country Name (2 letter code) [AU]:CNState or Province Name (full name) [Some-State]:BJLocality Name (eg, city) []:Bei JingOrganization Name (eg, company) [Internet Widgits Pty Ltd]:ExtmailOrganizational Unit Name (eg, section) []:extmailCommon Name (eg, YOUR name) []:extmail.orgEmail Address []:chifeng@gmail.com
命令如下: openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days -3650 -config openssl.cnf openssl req -nodes -new -x509 -keyout mykey.pem -out myreq.pem -days 3650 -config openssl.cnfopenssl x509 -x509toreq -in myreq.pem -signkey mykey.pem -out tmp.pemopenssl ca -config openssl.cnf -policy policy_anything -out mycert.pem -infiles tmp.pemrm tmp.pemcp cacert.pem mycert.pem mykey.pem /usr/local/etc/postfix/certs/cd /usr/local/etc/postfix/certs/chown root:wheel cacert.pem mycert.pemchown cyrus:postfix mykey.pemchmod 755 cacert.pemchmod 644 mycert.pemchmod 440 mykey.pemln -s cacert.pem `openssl x509 -noout -hash
配置postfix支持TLS postconf -e 'smtpd_use_tls=yes'postconf -e 'smtpd_tls_auth_only=no'postconf -e 'smtp_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem'postconf -e 'smtp_tls_cert_file = /usr/local/etc/postfix/certs/mycert.pem'postconf -e 'smtp_tls_key_file = /usr/local/etc/postfix/certs/mykey.pem'postconf -e 'smtpd_tls_CAfile=/usr/local/etc/postfix/certs/cacert.pem'postconf -e 'smtpd_tls_cert_file=/usr/local/etc/postfix/certs/mycert.pem'postconf -e 'smtpd_tls_key_file=/usr/local/etc/postfix/certs/mykey.pem'postconf -e 'smtpd_tls_received_header=yes'postconf -e 'smtpd_tls_loglevel=3'postconf -e 'smtpd_starttls_timeout=60s'
配置master.cf,添加如下信息 smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject
Maildrop的安装和配置-MDA安装maildrop
安装时选择ldap cd /usr/ports/mail/maildrop/ %26amp;%26amp; make WITH_AUTHLIB=yes install clean
修改master.cf
修改master.cf的maildrop,类似修改为: #maildrop unix - n n - - pipe# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}maildrop unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/local/bin/maildrop -w 90 -d ${recipient}
修改main.cf
postconf -e 'virtual_transport=maildrop:'postconf -e 'maildrop_destination_concurrency_limit=1'postconf -e 'maildrop_destination_recipient_limit=1'
编辑文件/usr/local/etc/maildroprc
确保是如下内容: logfile "/var/domains/maildrop.log"#logfile "/var/log/maildrop.log"TEST="/bin/test -f"## Check for custom user .mailfilter file#CUSTOM_FILTER="$HOME/.mailfilter"`$TEST $CUSTOM_FILTER %26amp;%26amp; exit 1 || exit 0`if ( $RETURNCODE == 0 ){ to "$HOME/Maildir"}
安装配置apache安装apache
添加了这两个参数的意思是,支持suexec模块,改变suexec_docroot的路径。但在本文中并没有在虚拟主机中使用suexec,在此编译进去是为了方便测试,以及方便以后可能会使用到的朋友。 cd /usr/ports/www/apache22/ %26amp;%26amp;make WITH_SUEXEC=yes SUEXEC_DOCROOT=/usr/local/www install clean
安装过程中会要求安装python,安装时选择 THREADSHUGE_STACK_SIZEUCS4PYMALLOCFPECTL
配置/etc/rc.conf
添加如下一行 apache22_enable="YES"
修改apache的配置文件/usr/local/etc/apache22/httpd.conf,使apache运行时的权限为vmail:vmail User vmailGroup vmail
虚拟主机配置
编辑/usr/local/etc/apache22/Includes/extmail.conf NameVirtualHost *:80 ServerName mail.extmail.org DocumentRoot /usr/local/www/extmail/html/ ScriptAlias /extmail/cgi /usr/local/www/extmail/cgi/ Alias /extmail /usr/local/www/extmail/html/ ScriptAlias /extman/cgi "/usr/local/www/extman/cgi/" Alias /extman "/usr/local/www/extman/html/" SetHandler cgi-script Options +ExecCGI AllowOverride All AllowOverride None Options None Order allow,deny Allow from all # SuexecUserGroup vmail vmail
配置支持https
复制一份证书到apache的目录 mkdir /usr/local/etc/apache22/certs/cp /usr/local/etc/postfix/certs/*.pem /usr/local/etc/apache22/certs/
编辑文件/usr/local/etc/apache22/Includes/extmail-ssl.conf,内容如下 Listen 443AddType application/x-x509-ca-cert .crtAddType application/x-pkcs7-crl .crlSSLPassPhraseDialog builtinSSLSessionCache shmcb:/var/run/ssl_scache(512000)SSLSessionCacheTimeout 300SSLMutex file:/var/run/ssl_mutexDocumentRoot "/usr/local/www/extmail/html"ServerName mail.extmail.org:443ScriptAlias /extmail/cgi /usr/local/www/extmail/cgi/Alias /extmail /usr/local/www/extmail/html/ScriptAlias /extman/cgi "/usr/local/www/extman/cgi/"Alias /extman "/usr/local/www/extman/html/"ServerAdmin chifeng@gmail.comErrorLog /var/log/httpd-error.logTransferLog /var/log/httpd-access.logSSLEngine onSSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL#SSLCertificateFile /usr/local/etc/apache22/server.crt#SSLCertificateKeyFile /usr/local/etc/apache22/server.keySSLCertificateFile /usr/local/etc/apache22/certs/mycert.pemSSLCertificateKeyFile /usr/local/etc/apache22/certs/mykey.pem SSLOptions +StdEnvVars SSLOptions +StdEnvVars
BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0CustomLog /var/log/httpd-ssl_request.log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"#SuexecUserGroup vmail vmail
重起一下apache /usr/local/etc/rc.d/apache22.sh restart
安装配置Extman安装extman
cp -Rfp src/extman-0.16-pre1 /usr/local/www/extman/
安装LDAP驱动
cd /usr/ports/databases/p5-DBD-LDAP/ %26amp;%26amp; make install clean
配置extman
编辑/usr/local/www/extman/webman.cf,修改对应的参数如下 SYS_CONFIG = /usr/local/www/extman/ SYS_LANGDIR = /usr/local/www/extman/lang SYS_TEMPLDIR = /usr/local/www/extman/html SYS_MAILDIR_BASE = /var/domains SYS_PSIZE = 50SYS_LANG = zh_CNSYS_CHARSET = gb2312 SYS_DEFAULT_MAXQUOTA = 10000SYS_DEFAULT_MAXALIAS = 10000SYS_DEFAULT_MAXUSERS = 1000SYS_DEFAULT_MAXNDQUOTA = 100SYS_BACKEND_TYPE = ldapSYS_LDAP_BASE = dc=extmail.orgSYS_LDAP_RDN = cn=Manager,dc=extmail.orgSYS_LDAP_PASS = secretSYS_LDAP_HOST = localhostSYS_LDAP_ATTR_USERNAME = mailSYS_LDAP_ATTR_PASSWD = userPassword
其他设置
执行如下命令 mkdir /var/libmkdir /tmp/extman/chown –R vmail:vmail /tmp/extman/chmod 700 /tmp/extman/chmod 600 /usr/local/www/extman/webman.cfcp extmail-0.24-pre8/libs/Ext/CGI.pm /usr/local/www/extman/libs/Ext/cp extmail-0.24-pre8/libs/Ext/Config.pm /usr/local/www/extman/libs/Ext/cp extmail-0.24-pre8/libs/Ext/Lang.pm /usr/local/www/extman/libs/Ext/cp extmail-0.24-pre8/libs/Ext/Session.pm /usr/local/www/extman/libs/Ext/cp extmail-0.24-pre8/libs/Ext/Utils.pm /usr/local/www/extman/libs/Ext/cp extmail-0.24-pre8/libs/Ext/RFC822.pm /usr/local/www/extman/libs/Ext/
配置图形日志
安装依赖软件 cd /usr/ports/net/rrdtool %26amp;%26amp; make install cleancd /usr/ports/devel/p5-File-Tail %26amp;%26amp; make install cleancd /usr/ports/devel/p5-Time-HiRes %26amp;%26amp; make install clean
安装mailgraph_ext cp -Rfp extman-0.16-pre1/addon/mailgraph_ext/ /usr/local/mailgraph_ext/usr/local/mailgraph_ext/mailgraph-init start/usr/local/mailgraph_ext/qmonitor-init start
安装配置Extmail安装extmail
cp -Rfp extmail-0.24-pre8 /usr/local/www/extmail
复制一份配置文件 cp /usr/local/www/extmail/webmail.cf.default /usr/local/www/extmail/webmail.cf
编辑/usr/local/www/extmail/webmail.cf,修改对应的参数如下 SYS_CONFIG = /usr/local/www/extmail/ SYS_LANGDIR = /usr/local/www/extmail/lang SYS_TEMPLDIR = /usr/local/www/extmail/htmlSYS_SESS_DIR = /tmp/extmail/ SYS_USER_LANG = zh_CNSYS_USER_CHARSET = gb2312SYS_MFILTER_ON = 1SYS_AUTH_TYPE = ldapSYS_MAILDIR_BASE = /var/domainsSYS_LDAP_BASE = dc=extmail.orgSYS_LDAP_RDN = cn=Manager,dc=extmail.orgSYS_LDAP_PASS = secretSYS_LDAP_HOST = ldap.extmail.orgSYS_LDAP_ATTR_USERNAME = mailSYS_LDAP_ATTR_DOMAIN = virtualDomainSYS_LDAP_ATTR_PASSWD = userPasswordSYS_LDAP_ATTR_QUOTA = mailQuotaSYS_LDAP_ATTR_NDQUOTA = netdiskQuotaSYS_LDAP_ATTR_HOME = homeDirectorySYS_LDAP_ATTR_MAILDIR = mailMessageStore
执行如下命令 mkdir /tmp/extmailchown vmail:vmail /tmp/extmail/chmod 700 /tmp/extmail
测试基本系统到目前为止,一个基本的邮件系统已经安装完成,他支持了smtp,pop3,imap,webmail。并且支持对应的SSL加密smtps,pop3s,imaps,https。
测试pop3
telnet localhost 110Trying 127.0.0.1...Connected to localhost.localdomain (127.0.0.1).Escape character is '^]'.+OK Hello there.user test@extmail.org+OK Password required.pass test+OK logged in.list+OK POP3 clients that break here, they violate STD53..quit+OK Bye-bye.Connection closed by foreign host.
测试smtp认证
通过以下命令获得test@extmail.org的用户名及密码的BASE64编码: perl -e 'use MIME::Base64; print encode_base64("test\@extmail.org")'dGVzdEBleHRtYWlsLm9yZw==perl -e 'use MIME::Base64; print encode_base64("test")'dGVzdA==
然后本机测试,其过程如下 telnet localhost 25Trying 127.0.0.1...Connected to localhost.localdomain (127.0.0.1).Escape character is '^]'.220 mail.extmail.org ESMTP Postfix - by extmail.orgehlo demo.domain.tld250-mail.extmail.org250-PIPELINING250-SIZE 10240000250-VRFY250-ETRN250-AUTH LOGIN PLAIN250-AUTH=LOGIN PLAIN250-ENHANCEDSTATUSCODES250-8BITMIME250 DSNauth login334 VXNlcm5hbWU6dGVzdEBleHRtYWlsLm9yZw==334 UGFzc3dvcmQ6dGVzdA==235 2.0.0 Authentication successfulquit221 2.0.0 Bye
最后出现235 Authentication Successful 表明认证成功了。
测试smtps
mail# telnet localhost 25Trying ::1...Trying 127.0.0.1...Connected to localhost.localhostadmin.Escape character is '^]'.220 mail.extmail.org ESMTP Postfixehlo localhost250-mail.extmail.org250-PIPELINING250-SIZE 10240000250-ETRN250-STARTTLS250-AUTH LOGIN PLAIN250-AUTH=LOGIN PLAIN250-ENHANCEDSTATUSCODES250-8BITMIME250 DSNSTARTTLS220 2.0.0 Ready to start TLS^]telnet qConnection closed.
测试pop3s/imaps
telnet连接本机的993,995端口出现如下提示: telnet localhost 993Trying ::1...telnet: connect to address ::1: Connection refusedTrying 127.0.0.1...Connected to localhost.localhostadmin.Escape character is '^]'.^]telnet qConnection closed.telnet localhost 995Trying ::1...telnet: connect to address ::1: Connection refusedTrying 127.0.0.1...Connected to localhost.localhostadmin.Escape character is '^]'.^]telnet qConnection closed.
也可以在OutLook中如下设置进行测试
测试webmail/extman
你能通过如下链接登陆webmail http://mail.extmail.orghttps://mail.extmail.org
http://mail.extmail.org/extmanhttps://mail.extmail.org/extman
内容/病毒过虑安装amavisd-new
安装时选择 LDAPMILTERRARARJLHAARCZOOUNZOOLZOPFREEZE
cd /usr/ports/security/amavisd-new %26amp;%26amp; make install clean
安装过程中会提示安装p5-Mail-SpamAssassin,请选择 AS_ROOTDOMAINKEYSSSLPAZORSPF_QUERYRELAY_COUNTRYTOOLS
修改/etc/rc.conf增加如下一行,系统启动时自动运行amavisd amavisd_enable="YES"
配置amavisd.conf
修改/usr/local/etc/amavisd.conf文件中对应的选项,如下 $max_servers = 10;$sa_spam_subject_tag = '[SPAM] ';$mydomain = 'mail.extmail.org';$myhostname = 'mail.extmail.org';@local_domains_maps = qw(.);$sa_tag_level_deflt = undef;$sa_tag2_level_deflt = 5.0;$sa_kill_level_deflt = 5.0;$final_virus_destiny = D_DISCARD;$final_banned_destiny = D_DISCARD;$final_spam_destiny = D_DISCARD;$virus_admin = "postmaster\@$mydomain";$mailfrom_notify_admin = "postmaster\@$mydomain";$mailfrom_notify_recip = "postmaster\@$mydomain";$mailfrom_notify_spamadmin = "postmaster\@$mydomain";@whitelist_sender_maps = read_hash("$MYHOME/white.lst");@blacklist_sender_maps = read_hash("$MYHOME/black.lst");$spam_quarantine_to = "spam\@$mydomain";$virus_quarantine_to = "virus\@$mydomain";$banned_quarantine_to = "spam\@$mydomain";$hdrfrom_notify_admin = "Content Filter ";
执行如下操作 touch /var/amavis/white.txttouch /var/amavis/black.txtchown –R vscan:vscan /var/amavis/
配置postfix对amavisd-new的支持
修改/usr/local/etc/postfix/master.cf,增加如下内容 smtp-amavis unix - - n - 4 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o receive_override_options=
修改content_filter ,receive_override_options这两项,禁止地址展开/影射,否则遇到别名时会产生冗余邮件。但是打开这一项receive_override_options后会和邮件列表程序相冲突,导致邮件列表的aliases不能打开。:(所以如果使用了邮件列表,则不要设置receive_override_options这一项。 postconf -e 'content_filter = smtp-amavis:[localhost]:10024'postconf -e 'receive_override_options = no_address_mappings'
配置clamav安装clamav
cd /usr/ports/security/clamav %26amp;%26amp; make install clean
修改配置文件
编辑/usr/local/etc/clamd.conf User vscan
编辑/usr/local/etc/freshclam.conf DatabaseOwner vscan
修改/etc/rc.conf增加两行 clamav_clamd_enable="YES"clamav_freshclam_enable="YES"
修改/usr/local/etc/amavisd.conf,增加如下内容,使amavis-new对clamav的支持 ['ClamAV-clamd', \%26amp;ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
修改权限设置
chown –R vscan:vscan /var/run/clamav/chown –R vscan:vscan /var/log/clamav/chown –R vscan:vscan /var/db/clamav/
配置Spamassassin配置
cp /usr/local/etc/mail/spamassassin/local.cf.sample /usr/local/etc/mail/spamassassin/local.cf
修改/usr/local/etc/mail/spamassassin/local.cf report_safe 1use_bayes 0auto_learn 0bayes_auto_expire 1skip_rbl_checks 1use_razor2 0use_dcc 0use_pyzor 0dns_available nolock_method flock
修改/etc/rc.conf
spamd_enable="YES"
使用Chinese_rules.cf
编辑脚本/var/cron/sa.sh #!/bin/shcd /tmp/fetch -q http://www.ccert.edu.cn/spam/sa/Chinese_rules.cfmv Chinese_rules.cf /usr/local/share/spamassassin//usr/local/etc/rc.d/amavisd forcerestart /dev/null
增加执行权限 chmod +x /var/cron/sa.sh
编辑/etc/crontab,增加一行如下,每周6执行一次 0 0 * * 6 root /var/cron/sa.sh
测试杀毒/内容过滤测试杀毒 telnet localhost 25Trying 127.0.0.1...Connected to localhost.localdomain (127.0.0.1).Escape character is '^]'.220 mail.extmail.org ESMTP Postfix - by extmail.orgmail from:250 2.1.0 Okrcpt to:250 2.1.5 Okdata354 End data with .X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*.250 2.0.0 Ok: queued as BC24E85260quit221 2.0.0 ByeConnection closed by foreign host.
maillog中出现如下日至则说明clamav和amavid-new正常工作 Aug 3 15:42:41 mail amavis[730]: (00730-01) Blocked INFECTED (Eicar-Test-Signature), LOCAL [127.0.0.1] [127.0.0.1] - , quarantine: virus-4JnxM33M2NNc, Message-ID: , mail_id: 4JnxM33M2NNc, Hits: -, 212 ms
安装邮件列表软件mailman安装mailman
安装时选择: POSTFIXCHINESE
cd /usr/ports/mail/mailman %26amp;%26amp; make MAIL_GID=mailman CGI_GID=vmail install clean
在此使用mailman做为MAIL_GID是为了避免在后期的维护中使用check_perms -f修复权限的时候,mailman会自动默认修改为mailman这个用户来转发邮件。而使用 CGI_GID=vmail作为mailman的CGI执行权限是为了跟extmail/extman执行cgi时的权限一致。
配置/etc/rc.conf
增加一行 mailman_enable="YES"
配置postfix支持
touch /usr/local/mailman/data/aliasestouch /usr/local/mailman/data/virtual-mailmanpostconf -e 'recipient_delimiter=+'postconf -e 'alias_maps=hash:/etc/aliases, hash:/usr/local/mailman/data/aliases'postalias /usr/local/mailman/data/aliasespostconf -e 'virtual_alias_maps = ldap:/usr/local/etc/postfix/ldap_virtual_alias_maps.cf, hash:/usr/local/mailman/data/virtual-mailman'postalias /usr/local/mailman/data/aliasespostmap /usr/local/mailman/data/virtual-mailmanpostconf -e 'default_privs = mailman'postfix reload
配置mailman
cd /usr/local/mailmanbin/genaliaseschown -R vmail:mailman /usr/local/mailman/data/aliases*chown -R vmail:mailman /usr/local/mailman/data/virtual-mailman*chmod 664 /usr/local/mailman/data/aliases*chmod 664 /usr/local/mailman/data/virtual-mailman*cp -Rfp icons/ cgi-bin/iconscp /usr/local/www/icons/powerlogo.gif cgi-bin/icons/
修改管理员密码,在这里我默认为123qwe98 bin/mmsitepass
编辑/usr/local/mailman/Mailman/mm_cfg.py,增加如下内容 MTA = 'Postfix'POSTFIX_STYLE_VIRTUAL_DOMAINS = ['lists.extmail.org']add_virtualhost('lists.extmail.org','lists.extmail.org')DEFAULT_EMAIL_HOST = 'lists.extmail.org'DEFAULT_URL_HOST = 'lists.extmail.org'DEFAULT_SERVER_LANGUAGE = 'zh_CN'
创建一个邮件列表mailman
mailman列表为必须创建的,管理员邮箱使用root@extmail.org,密码使用12345678 bin/newlist mailman
配置apache支持mailman
在文件/usr/local/etc/apache22/Includes/extmail.conf中添加如下内容。 ServerName lists.extmail.org DocumentRoot /usr/local/mailman/cgi-bin/ ScriptAlias /mailman "/usr/local/mailman/cgi-bin/" Alias /pipermail /usr/local/mailman/archives/public/ AddDefaultCharset Off Options FollowSymLinks ExecCGI AllowOverride None Order allow,deny Allow from all
测试以及通过web使用mailman
你能通过如下链接管理和查看相关信息,使用密码12345678登陆mailman系统。也可以通过系统管理密码123qwe98创建新的邮件列表。 http://lists.extmail.org/mailman/admin/mailmanhttp://lists.extmail.org/mailman/listinfo/mailmanhttp://lists.extmail.org/mailman/create
更强大的功能在登陆列表的web管理界面后你能看到,比如调整显示界面为中文等等。
附加信息以下是补充的ExtMail Solution有关文档,提供了一些维护方法以及技巧等。 只使用pop3如果你的邮件服务器只打算使用pop3功能不打算使用更多,你可以如下这么做:修改/etc/rc.conf,注释掉pop3s,imap,imaps对应的启动选项 courier_imap_pop3d_enable="YES"#courier_imap_imapd_enable="YES"#courier_imap_pop3d_ssl_enable="YES"#courier_imap_imapd_ssl_enable="YES"
然后停止正在运行中的pop3s,imap,imaps进程 /usr/local/etc/rc.d/courier-imap-imapd-ssl.sh forcestop/usr/local/etc/rc.d/courier-imap-imapd.sh forcestop/usr/local/etc/rc.d/courier-imap-pop3d-ssl.sh forcestop
只使用smtp修改/usr/local/etc/postfix/master.cf,注释掉对应的smtps选项 #smtps inet n - n - - smtpd# -o smtpd_tls_wrappermode=yes# -o smtpd_sasl_auth_enable=yes# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
然后重新加载以下postfix postfix reload
只使用https有时候为了安全,我们可能只能使用https,那么在用户连http://mail.extmail.org的时候,就要自动重定向到https://mail.extmail.org 做起来很简单,修改我们%26#8222;虚拟主机配置文件(extmail.conf),在虚拟主机配置内添加如下一条指令即可 Redirect / https://mail.extmail.org/
注意:一定不能添加到ssl的配置文件中,也就是extmail-ssl.conf中,这样会造成重定向的循环。
postfix日常维护启动postfix postfix start
停止postfix postfix stop
重新读取postfix配置文件 postfix reload
立即投递队列中所有邮件(慎用) postfix flush
查看队列邮件 postqueue –pmailqpostqueue –p |tail
修复队列以及任何权限错误 postfix check
查看邮件系统日志 tail –f /var/log/maillog
结束语通过此文档,读者应该能够较容易地架设一个功能较齐全的电子邮件系统。当使用一段时间后,用户将发现这个系统还有很多比较粗糙的地方,不尽人意。日后,本文档将继续保持更新,逐步将一些高级的设置方法公布出来,争取ExtMail Solution更加完整,力求完美。
TODO 列表增加fastcgi支持 增加spam locker支持 使用awstats来分析日志 更精细的Anti-Spam策略及关键字过滤 系统安全配置(基于防火墙)
ChangeLogv1.0 最初创建 by chifeng 2006-08-04 v1.1 增加了对下载包的md5验证 by hzqbbc 2006-08-07 v1.2 转换编码为utf8,修正了几处笔误 by chifeng 2006-08-31 v1.3 增加了receive_override_options设置说明,修改了amavisd自启动错误 by chifeng 2006-10-09 v1.4 修正了zhien指出的几处错误,再次感谢zhien兄的帮助!! by chifeng 2006-10-11
