[附言]
该附言或许不成其为什么许可证,但还是希望您尊重作者的愿望。
如果您发现有什么错误,请及时通知我,我将尽快作出修改。如果您在网上转载,那将是免费,但希望您附上本附言,并且注明出处的链接。如果您要把它用印刷物形式出版,请通过www.cnfug.org,或通过我的个人网站www.e-era.net跟本人接洽。
您在以本文作为根据配置电脑的时候,若出现任何故障,后果自负,与本作者无关。
Chapter 0. 准备数据库
详见mail.e-era.net.sql
Chapter 1. 安装相关软件
1.1 安装 cyrus-sasl2-saslauthd
mail# cd /usr/ports/security/cyrus-sasl2
下载加密口令认证补丁,否则只能明码认证
mail# fetch http://www.viperstrike.com/~lopaka/sysadmin/cyrus-sasl-mysql-encrypt/software-sources/patch
mail# mv patch files/patch-lib::chkpw.c
mail# make -DWITH_PGSQL -DWITH_DEV_URANDOM -DWITHOUT_OTP -DWITHOUT_CRAM -DWITHOUT_DIGEST -DWITHOUT_NTLM install clean
mail# cd /usr/ports/security/cyrus-sasl2-saslauthd
mail# make install clean
mail# ln -s /usr/local/lib/sasl2 /usr/lib/sasl2
1.2 安装 postfix 和 cyrus-sasl
mail# cd /usr/ports/mail/postfix
mail# make install clean
选择下面的内容:
[X] SASL2
[X] TLS
[X] PGSQL
回答下面的两问题:
You need user "postfix" added to group "mail".
Would you like me to add it [y]? y
Would you like to activate Postfix in /etc/mail/mailer.conf [n]? n
mail# cd /usr/local/etc/rc.d
mail# ln -s /usr/local/sbin/sendmail /usr/sbin/sendmail
如果/usr/sbin/sendmail存在就删了再做上链接
mail# echo ‘postfix: root’ /etc/aliases
mail# /usr/local/bin/newaliases
mail# chown postfix:postfix /etc/opiekeys
1.3 安装expect
用于Web客户端建立邮件用户
mail# cd /usr/ports/lang/expect
mail# make install clean
1.4 安装Courier-imap
mail# cd /usr/ports/mail/courier-authlib
mail# make install clean
选择
[X] POSTGRESQL
[X] AUTHUSERDB
mail# cd /usr/ports/mail/courier-imap
mail# make WITHOUT_OPENSSL=yes WITH_PGSQL=yes install clean
选择
[X] OPENSSL
[X] IPV6
mail# cd /usr/local/etc/courier-imap
mail# cp imapd.cnf.dist imapd.cnf
mail# cp pop3d.cnf.dist pop3d.cnf
Chapter 2. 配置邮件服务器
2.1 配置rc.conf,编辑/etc/rc.conf,加入
saslauthd_enable="YES"
sendmail_enable="YES"
sendmail_flags="-bd"
sendmail_pidfile="/var/spool/postfix/pid/master.pid"
sendmail_outbound_enable="NO"
sendmail_submit_enable="NO"
sendmail_msp_queue_enable="NO"
courier_authdaemond_enable="YES"
courier_imap_pop3d_enable="YES"
courier_imap_imapd_enable="YES"
2.2 配置cyrus-sasl2-saslauthd
(1)配置sasl的lib库
在/etc/defaults/rc.conf文件里的ldconfig_paths="/usr/local/lib后面加上/usr/local/lib/sasl2"
(2)创建/usr/lib/sasl2/Sendmail.conf 示例:Sendmail.conf
(3)建立smtpd.conf连接
mail# ln -s /usr/lib/sasl2/Sendmail.conf /usr/lib/sasl2/smtpd.conf
(4)编辑/usr/local/etc/rc.d/saslauthd.sh
command="${prefix}/sbin/${name} -r"
2.3 配置postfix 和 cyrus-sasl
(1)创建/etc/periodic.conf
daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"
(2)修改/usr/local/etc/postfix/main.cf,在文件最后加入以下内容
#======= BASE ==============
myhostname = mail.hzpc.cn
mydomain = hzpc.cn
home_mailbox = Maildir/
mydestination = $myhostname, $mydomain, $transport_maps
local_recipient_maps =
mailbox_command= /usr/local/bin/deliverquota -w 90 ~/Maildir
command_directory = /usr/local/sbin
#======= PGSQL =============
transport_maps = pgsql:/usr/local/etc/postfix/transport.cf
virtual_gid_maps = pgsql:/usr/local/etc/postfix/gids.cf
virtual_mailbox_base = /var/mail
virtual_mailbox_maps = pgsql:/usr/local/etc/postfix/pgsql_virtual.cf
virtual_maps = pgsql:/usr/local/etc/postfix/pgsql.aliases.cf
virtual_uid_maps = pgsql:/usr/local/etc/postfix/uids.cf
#======= Quota ============
message_size_limit = 5242880 //限制每次发邮件的大小5MB(请将此注解删除)
virtual_mailbox_limit_inbox = no
virtual_mailbox_limit_maps = pgsql:/usr/local/etc/postfix/mailboxsize-pgsql.cf
virtual_mailbox_limit_override = yes
virtual_maildir_extended = yes
virtual_create_maildirsize = yes
virtual_mailbox_limit = 52428800 //总邮箱的大小50MB(请将此注解删除)
#====== SASL ================
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated permit_auth_destination reject
#smtpd_sasl_local_domain = $mydomain
smtpd_client_restrictions = permit_sasl_authenticated
(3)确认/usr/local/etc/postfix/master.cf的配置有如下内容
virtual unix - n n - - virtual
(4)编辑/usr/local/etc/postfix/transport.cf 示例:transport.cf
(5)编辑/usr/local/etc/postfix/gids.cf 示例:gids.cf
(6)编辑/usr/local/etc/postfix/uids.cf 示例:uids.cf
(7)编辑/usr/local/etc/postfix/pgsql_virtual.cf 示例:pgsql_virtual.cf
(8)编辑/usr/local/etc/postfix/pgsql.aliases.cf 示例:pgsql.aliases.cf
(9)编辑/usr/local/etc/postfix/mailboxsize-pgsql.cf 示例:mailboxsize-pgsql.cf
2.4 配置Courier-imap
(1)修改/usr/local/etc/courier-imap/imapd
IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT AUTH=LOGIN AUTH=PLAIN AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE"
IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=LOGIN AUTH=PLAIN AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE"
IMAPDSTART=YES
(2)修改/usr/local/etc/courier-imap/imapd-ssl
IMAPDSSLSTART=NO
IMAPDSTARTTLS=NO
POP3DSTART=YES
(3)修改/usr/local/etc/courier-imap/pop3d
POP3AUTH="LOGIN CRAM-MD5 CRAM-SHA1"
POP3AUTH_ORIG="LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256"
(4)修改/usr/local/etc/courier-imap/pop3d-ssl
POP3DSSLSTART=NO
POP3_STARTTLS=NO
(5)编辑修改/usr/local/etc/authlib/authpgsqlrc 示例:authmysqlrc
(4)编辑/usr/local/etc/authlib/authdaemonrc
authmodulelist="authpgsql authpam authuserdb"
authmodulelistorig="authpgsql authpam authuserdb"
version="authdaemond.pgsql"
重启服务器
(5)接着检查端口,应该有如下端口打开:
mail# netstat -an |grep LISTEN
tcp4 0 0 *.110 *.* LISTEN
tcp6 0 0 *.110 *.* LISTEN
tcp4 0 0 *.143 *.* LISTEN
tcp6 0 0 *.143 *.* LISTEN
tcp4 0 0 *.25 *.* LISTEN
Chapter 3. 设置域、用户并测试
3.0 准备Crypt密码
#======== crypt.php ========#
if (isset($_POST['SUBMIT'])){
echo "您的明文密码是:".$_POST['PassWord']."
您的Crypt密码是:";
echo crypt($_POST['PassWord']);
}else{
?
}
?
3.1 设置第一个用户
建立用户数据
use mail;
insert into "aliases" values('postmaster@hzpc.cn','webmaster@hzpc.cn');
insert into "transport" values('hzpc.cn','virtual:');
INSERT INTO virtual_users ("email","home","password","maildir","domain","name")
VALUES ('webmaster@hzpc.cn','/var/mail/',md5('888888'),'hzpc.cn/webmaster/Maildir/','hzpc.cn','webmaster');
设置用户的目录与权限:
mail# mkdir -p /var/mail/hzpc.cn/webmaster
mail# /usr/local/bin/maildirmake /var/mail/hzpc.cn/webmaster/Maildir
mail# chmod -R 700 /var/mail/hzpc.cn/
mail# chown -R postfix:postfix /var/mail/hzpc.cn
至此用户设置完毕,这里只使用一个域名,同理可以设置多个域名。
3.2 用户登录测试
使用任何其它的邮件客户端程序来测试,如foxmail、Outlook Express等等。
3.3 建立其他用户
建立其他用户数据
use mail;
INSERT INTO virtual_users ("email","home","password","maildir","domain","name")
VALUES ('demo@hzpc.cn','/var/mail/',md5('888888'),'hzpc.cn/webmaster/Maildir/','hzpc.cn','webmaster');
设置用户的目录与权限:
mail# mkdir -p /var/mail/hzpc.cn/demo
mail# /usr/local/bin/maildirmake /var/mail/hzpc.cn/demo/Maildir
mail# chmod -R 700 /var/mail/hzpc.cn/
mail# chown -R postfix:postfix /var/mail/hzpc.cn
Chapter 4. 防病毒与防垃圾邮件
4.1 安装Clamav
mail# cd /usr/ports/security/clamav
mail# make install clean
注:MILTER不用选中
重启服务器
4.2 测试并升级病毒库
mail# clamscan -r -i /usr/local/www/data
----------- SCAN SUMMARY -----------
Known viruses: 22838
Scanned directories: 1
Scanned files: 31
Infected files: 0
Data scanned: 0.00 MB
I/O buffer size: 131072 bytes
Time: 1.298 sec (0 m 1 s)
升级病毒库
mail# freshclam
4.3 安装amavisd-new
mail# cd /usr/ports/security/amavisd-new
mail# make install clean
选中PGSQL
编辑/etc/rc.conf,加入
amavisd_enable="YES"
修改/usr/local/etc/amavisd.conf
$mydomain = 'example.com'; #改成$mydomain = 'e-era.net';
#$notify_method = 'smtp:[127.0.0.1]:10025';
#$forward_method = 'smtp:[127.0.0.1]:10025';
修改/usr/local/etc/postfix/master.cf,最后加入
smtp-amavis unix - - y - 2 smtp -o smtp_data_done_timeout=1200
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
重启服务器
4.4 安装配置Spamassassin
在最新的AMaVisd-new已经结合了Spamassassin功能,所以只要用 ports安装了 AMaVisd-new,那Spamassassin 也已经安装好了。
添加需要的用户
mail# pw useradd spam -c "Spam Bayes Learner" -d /var/empty -s /sbin/nologin
mail# pw useradd notspam -c "Not Spam Bayes Learner" -d /var/empty -s /sbin/nologin
修改/usr/local/etc/mail/spamassassin/local.cf
use_bayes 1
bayes_path /var/amavis/.spamassassin/bayes
auto_learn 1
auto_learn_threshold_nonspam -2
auto_learn_threshold_spam 15
修改/usr/local/etc/amavisd.conf,在MUST BE SET (no useful default)一段下面增加
$max_requests = 10;
$child_timeout=5*60;
@bypass_virus_checks_acl = qw( . );
@local_domains_acl = ( ".$mydomain" );
$final_spam_destiny = D_PASS;
read_hash(\%whitelist_sender, '/var/amavis/whitelist');
read_hash(\%blacklist_sender, '/var/amavis/blacklist');
read_hash(\%spam_lovers, '/var/amavis/spam_lovers');
建立所需要的文件
mail# touch /var/amavis/whitelist
mail# touch /var/amavis/blacklist
mail# touch /var/amavis/spam_lovers
mail# chown vscan /var/amavis/whitelist
mail# chown vscan /var/amavis/blacklist
mail# chown vscan /var/amavis/spam_lovers
mail# echo spam@hzpc.cn /var/amavis/spam_lovers
mail# echo notspam@hzpc.cn /var/amavis/spam_lovers
修改/usr/local/etc/postfix/main.cf,添加
content_filter = smtp-amavis:[127.0.0.1]:10024
建立自动学习体系
mail# ee /usr/local/sbin/my-sa-learn.sh
#!/bin/sh
if [ -e /var/mail/spam ]; then
/usr/local/bin/sa-learn --spam -p /var/amavis/.spamassassin/user_prefs --mbox /var/mail/spam
rm /var/mail/spam /dev/null
fi
if [ -e /var/mail/notspam ]; then
/usr/local/bin/sa-learn --ham -p /var/amavis/.spamassassin/user_prefs --mbox /var/mail/notspam
rm /va/mail/notspam /dev/null
fi
mail# chmod a+x /usr/local/sbin/my-sa-learn.sh
建立学习知识库:
mail# /usr/local/bin/sa-learn --rebuild -p /var/amavis/.spamassassin/user_prefs
加入自动运行:
mail# crontab -e
5 0 * * * /usr/local/sbin/my-sa-learn.sh
重启服务器,完成
