架构基于FreeBSD和Postfix的IGENUS Webmail邮件系统

FreeBSD+Postfix+cyrus-sasl+Courier-imap+igenus+Clamav+amavisd-new

杨廷勇

本文介绍使用FreeBSD+Postfix+cyrus-sasl+Courier-imap+igenus+Clamav+amavisd-new来架构一个具有多域名，有webmai防病毒和垃圾邮件并有web管理界面的邮件系统。

Jacky, $Revision: 1.01 bate $Date: 2005-4-6

系统主要采用MySQL做为认证数据库。

本文在FreeBSD4.10和5.3上安装测试通过，登录认证放弃采用PAM方式。看了很多资料，但大多都是使用PAM，不明白cyrus-sasl2-saslauthd可以与MySQL、PgSQL进行认证了，为什么还在用第三方软件PAM来实现认证呢？

您在以本文作为根据配置电脑的时候，若出现任何故障，后果自负，与本人无关。

________________________________________

Table of Contents

Chapter 1. 系统安装

1.1 安装MySQL

1.2 安装Apache

1.3 安装PHP

1.4 安装openssl

1.5 安装phpMyAdmin

1.6 通过phpMyadmin设置数据库

1.7 安装cyrus-sasl2-saslauthd

1.8 安装 postfix 和 cyrus-sasl

1.9 安装expect

1.10 安装Courier-imap

Chapter 2. 配置邮件服务器

2.1 配置rc.conf

2.2 配置cyrus-sasl2-saslauthd

2.3 配置postfix 和 cyrus-sasl

2.4 配置Courier-imap

Chapter 3. 安装postfix管理工具

3.1安装本人开发的postfix管理工具

3.2 用户登录测试

Chapter 4. 防病毒与防垃圾邮件

4.1 安装Clamav

4.2 安装amavisd-new

4.3 安装配置Spamassassin

Chapter 5. 安装webmail

Chapter 6. 查看系统状态

________________________________________

Chapter 1. 系统安装

安装之前：因用户数据都保存在/var目录下，因此安装FreeBSD时/var的空间应尽量大。FreeBSD的版本为5.3，按最小化安装，软件包只安装cvsup，安装结束后用cvsup更新ports树。在文档中假设服务器的ip地址为192.168.0.2，域名为toping.net，主机名为mail.toping.net。

________________________________________

1.1 安装MySQL

mail# cd /usr/ports/databases/mysql323-server

mail# make install clean

编辑/etc/rc.conf，加入

mysql_enable="YES"

________________________________________

1.2 安装Apache

mail# cd /usr/ports/www/apache2

mail# make install clean

编辑/etc/rc.conf，加入

Apache2_enable="YES"

________________________________________

1.3 安装PHP

mail# cd /usr/ports/www/mod_php4

mail# make install clean

安装需要的PHP扩展模块

mail# cd /usr/ports/lang/php4-extensions

mail# make install clean

注：gettext需选中

最后在编辑/usr/local/etc/apache2/httpd.conf中加入：

#php_mod4

AddType application/x-httpd-php .php

AddType application/x-httpd-php-source .phps

________________________________________

1.4 安装openssl

mail# cd /usr/ports/security/openssl

mail# make install clean

________________________________________

1.5 安装phpMyAdmin

mail# cd /usr/ports/databases/phpmyadmin

mail# make install clean(在这里建议可以选择所有的选项)

安装装后默认的安装目录为：/usr/local/www下面你要做的就是移到/usr/local/www/data目录下面

mail# mv /usr/local/www/phpMyAdmin /usr/local/www/data/

修改/usr/local/www/phpMyAdmin/config.inc.php

$cfg['PmaAbsoluteUri'] = 'http://192.168.0.2/phpMyAdmin/';

$cfg['Servers'][$i]['auth_type'] = 'http'; // Authentication method (config, http or cookie based)?

指定phpmyadmin的认证方式为http方式。

在浏览器输入http://192.168. 0.2/phpMyAdmin/，首次进行登入的用户名为root密码为空，登入后可以修改你的密码。

________________________________________

1.6 通过phpMyadmin设置数据库

建立两个数据库用户

#======================postfix==================================

INSERT INTO user (host,user,password) VALUES('localhost','postfix','');

update user set password=password('admin123') where User='postfix';

FLUSH PRIVILEGES;

GRANT ALL ON mail.* TO postfix@localhost IDENTIFIED BY "admin123";

#======================courier==================================

INSERT INTO user (host,user,password) VALUES ('localhost','courier','');

update user set password=password('admin123') where User='courier';

FLUSH PRIVILEGES;

GRANT select,insert,update on mail.* TO courier;

建立数据库

#=======================MAIL.SQL=================================

CREATE TABLE domaininfo (

domain_id int(5) NOT NULL auto_increment,

domain varchar(25) NOT NULL default '',

alias varchar(30) default NULL,

passwd varchar(35) NOT NULL default '',

usernum int(5) NOT NULL default '0',

quota int(11) NOT NULL default '0',

des varchar(30) default NULL,

expire date NOT NULL default '0000-00-00',

active tinyint(1) NOT NULL default '1',

create_time datetime default NULL,

PRIMARY KEY (domain_id),

UNIQUE KEY domain (domain),

KEY domain_id (domain_id)

) TYPE=MyISAM COMMENT='domain information';

INSERT INTO domaininfo VALUES (1,'admin',NULL,'$1$.j3.t12.$I7MGf7ZD2HrWwUWQF88Mg1',0,0,'Super Admin','0000-00-00',1,'0000-00-00 00:00:00');

CREATE TABLE userinfo (

id int(11) NOT NULL auto_increment,

userid varchar(20) NOT NULL default '',

domain_id int(5) NOT NULL default '0',

address varchar(50) NOT NULL default '',

alias varchar(60) default NULL,

passwd varchar(35) NOT NULL default '',

realname varchar(20) default NULL,

quota int(11) NOT NULL default '0',

active tinyint(1) NOT NULL default '0',

homedir varchar(60) NOT NULL default '',

maildir varchar(60) NOT NULL default '',

create_time datetime NOT NULL default '0000-00-00 00:00:00',

PRIMARY KEY (id),

UNIQUE KEY address (address)

) TYPE=InnoDB COMMENT='User Information';

________________________________________

1.7 安装cyrus-sasl2-saslauthd

mail# cd /usr/ports/security/cyrus-sasl2

下载加密口令认证补丁，否则只能明码认证

mail# fetch http://www.viperstrike.com/~lopaka/sysadmin/cyrus-sasl-mysql-encrypt/software-sources/patch

mail# mv patch files/patch-lib::chkpw.c

mail# make -DWITH_MYSQL -DWITH_DEV_URANDOM -DWITHOUT_OTP -DWITHOUT_CRAM -DWITHOUT_DIGEST -DWITHOUT_NTLM install clean

mail# cd /usr/ports/security/cyrus-sasl2-saslauthd

mail# make install clean

mail# ln -s /usr/local/lib/sasl2 /usr/lib/sasl2

1.8 安装 postfix 和 cyrus-sasl

mail# cd /usr/ports/mail/postfix

mail# make install clean

选择下面的内容：

[X] SASL2

[X] TLS

[X] MYSQL

回答下面的两问题：

You need user "postfix" added to group "mail".

Would you like me to add it [y]? y

Would you like to activate Postfix in /etc/mail/mailer.conf [n]? n

mail# cd /usr/local/etc/rc.d

mail# ln -s /usr/local/sbin/sendmail /usr/sbin/sendmail

如果/usr/sbin/sendmail存在就删了再做上链接

mail# echo ‘postfix: root’ >> /etc/aliases

mail# /usr/local/bin/newaliases

mail# chown postfix:postfix /etc/opiekeys

1.9 安装expect

用于Web客户端建立邮件用户

mail# cd /usr/ports/lang/expect

mail# make install clean

1.10 安装Courier-imap

mail# cd /usr/ports/mail/courier-authlib

mail# make install clean

选择

[X] MYSQL

[X] AUTHUSERDB

mail# cd /usr/ports/mail/courier-imap

mail# make WITHOUT_OPENSSL=yes WITH_MYSQL=yes install clean

选择

[X] OPENSSL

[X] IPV6

mail# cd /usr/local/etc/courier-imap

mail# cp imapd.cnf.dist imapd.cnf

mail# cp pop3d.cnf.dist pop3d.cnf

________________________________________Chapter 2. 配置邮件服务器

本节主要讲述各种服务的参数配置。

________________________________________

2.1 配置rc.conf，编辑/etc/rc.conf，加入

CODE

saslauthd_enable="YES"

sendmail_enable="YES"

sendmail_flags="-bd"

sendmail_pidfile="/var/spool/postfix/pid/master.pid"

sendmail_outbound_enable="NO"

sendmail_submit_enable="NO"

sendmail_msp_queue_enable="NO"

courier_authdaemond_enable="YES"

courier_imap_pop3d_enable="YES"

courier_imap_imapd_enable="YES"

2.2 配置cyrus-sasl2-saslauthd

(1)配置sasl的lib库

CODE

在/etc/defaults/rc.conf文件里的ldconfig_paths="/usr/local/lib后面加上/usr/local/lib/sasl2"

(2)创建/usr/lib/sasl2/Sendmail.conf

CODE

pwcheck_method: saslauthd auxprop

auxprop_plugin: sql

sql_engine: mysql

mech_list: PLAIN LOGIN

sql_hostnames: localhost

sql_user: root

sql_passwd: hingscyz

sql_database: postfix

sql_select: select passwd from userinfo where address='%u@%r'

(3)建立smtpd.conf连接

mail# ln -s /usr/lib/sasl2/Sendmail.conf /usr/lib/sasl2/smtpd.conf

(4)编辑/usr/local/etc/rc.d/saslauthd.sh

CODE

command="${prefix}/sbin/${name} -r"

2.3 配置postfix 和 cyrus-sasl

(1)创建/etc/periodic.conf

CODE

daily_clean_hoststat_enable="NO"

daily_status_mail_rejects_enable="NO"

daily_status_include_submit_mailq="NO"

daily_submit_queuerun="NO"

(2)修改/usr/local/etc/postfix/main.cf，在文件最后加入以下内容

CODE

#======= BASE ==============

myhostname = mail.toping.net

mydomain = toping.net

home_mailbox = Maildir/

mydestination = $myhostname, $mydomain, $transport_maps

local_recipient_maps =

mailbox_command= /usr/local/bin/deliverquota -w 90 ~/Maildir

command_directory = /usr/local/sbin

#======= MYSQL =============

transport_maps = mysql:/usr/local/etc/postfix/transport.cf

virtual_gid_maps = mysql:/usr/local/etc/postfix/gids.cf

virtual_mailbox_base = /var/mail

virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual.cf

virtual_maps = mysql:/usr/local/etc/postfix/mysql.aliases.cf

virtual_uid_maps = mysql:/usr/local/etc/postfix/uids.cf

#======= Quota ============

message_size_limit = 5242880 //限制每次发邮件的大小5MB（请将此注解删除）

virtual_mailbox_limit_inbox = no

virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/mailboxsize-mysql.cf

virtual_mailbox_limit_override = yes

virtual_maildir_extended = yesevirtual_create_maildirsize = yes

virtual_mailbox_limit = 52428800 //总邮箱的大小50MB（请将此注解删除）

#====== SASL ================

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

broken_sasl_auth_clients = yes

smtpd_recipient_restrictions = permit_sasl_authenticated permit_auth_destination reject

#smtpd_sasl_local_domain = $mydomain

smtpd_client_restrictions = permit_sasl_authenticated

(3)确认/usr/local/etc/postfix/master.cf的配置有如下内容

CODE

virtual unix - n n - - virtual

(4)编辑/usr/local/etc/postfix/transport.cf

CODE

user = postfix

password = postfix

dbname = postfix

table = domaininfo

select_field = alias

where_field = domain

hosts = localhost

(5)编辑/usr/local/etc/postfix/gids.cf

CODE

user = postfix

password= postfix

dbname = postfix

table = userinfo

select_field = domain_id

where_field = id

hosts = localhost

(6)编辑/usr/local/etc/postfix/uids.cf

CODE

user = postfix

password= postfix

dbname = postfix

table = userinfo

select_field = userid

where_field = id

hosts = localhost

(7)编辑/usr/local/etc/postfix/mysql_virtual.cf

CODE

user = postfix

password= postfix

dbname = postfix

table = userinfo

select_field = maildir

where_field = id

hosts = localhost

(8)编辑/usr/local/etc/postfix/mysql.aliases.cf

CODE

user = postfix

password= postfix

dbname = postfix

table = domaininfo

select_field = domain

where_field = domain_id

hosts = localhost

(9)编辑/usr/local/etc/postfix/mailboxsize-mysql.cf

CODE

user = postfix

password = postfix

dbname = postfix

table = userinfo

select_field = quota

where_field = id

hosts = localhost

2.4 配置Courier-imap

(1)修改Courier相关设置，/usr/local/etc/courier-imap/imapd:

CODE

IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE"

(2)修改/usr/local/etc/courier-imap/pop3d

CODE

POP3AUTH="LOGIN CRAM-MD5 CRAM-SHA1"

(3)编辑修改/usr/local/etc/authlib/authmysqlrc 示例：authmysqlrc

CODE

##VERSION: $Id: authmysqlrc,v 1.18 2004/11/14 02:58:16 mrsam Exp $

# distribution information.

# Do not alter lines that begin with ##, they are used when upgrading

# this configuration.

# authmysqlrc created from authmysqlrc.dist by sysconftool

# DO NOT INSTALL THIS FILE with world read permissions. This file

# might contain the MySQL admin password!

# Each line in this file must follow the following format:

# field[spaces|tabs]value

# That is, the name of the field, followed by spaces or tabs, followed by

# field value. Trailing spaces are prohibited.

##NAME: LOCATION:0

# The server name, userid, and password used to log in.

MYSQL_SERVER localhost

MYSQL_USERNAME root

MYSQL_PASSWORD hingscyz

##NAME: MYSQL_SOCKET:0

# MYSQL_SOCKET can be used with MySQL version 3.22 or later, it specifies the

# filesystem pipe used for the connection

# MYSQL_SOCKET /var/mysql/mysql.sock

##NAME: MYSQL_PORT:0

# MYSQL_PORT can be used with MySQL version 3.22 or later to specify a port to

# connect to.

MYSQL_PORT 0

##NAME: MYSQL_OPT:0

# Leave MYSQL_OPT as 0, unless you know what you're doing.

MYSQL_OPT 0

##NAME: MYSQL_DATABASE:0

# The name of the MySQL database we will open:

MYSQL_DATABASE postfix

##NAME: MYSQL_USER_TABLE:0

# The name of the table containing your user data. See README.authmysqlrc

# for the required fields in this table.

MYSQL_USER_TABLE userinfo

##NAME: MYSQL_CRYPT_PWFIELD:0

# Either MYSQL_CRYPT_PWFIELD or MYSQL_CLEAR_PWFIELD must be defined. Both

# are OK too. crypted passwords go into MYSQL_CRYPT_PWFIELD, cleartext

# passwords go into MYSQL_CLEAR_PWFIELD. Cleartext passwords allow

# CRAM-MD5 authentication to be implemented.

MYSQL_CRYPT_PWFIELD passwd

##NAME: MYSQL_CLEAR_PWFIELD:0

# MYSQL_CLEAR_PWFIELD clear

##NAME: MYSQL_DEFAULT_DOMAIN:0

# If DEFAULT_DOMAIN is defined, and someone tries to log in as 'user',

# we will look up 'user@DEFAULT_DOMAIN' instead.

# DEFAULT_DOMAIN example.com

##NAME: MYSQL_UID_FIELD:0

# Other fields in the mysql table:

# MYSQL_UID_FIELD - contains the numerical userid of the account

MYSQL_UID_FIELD '125'

##NAME: MYSQL_GID_FIELD:0

# Numerical groupid of the account

MYSQL_GID_FIELD '125'

##NAME: MYSQL_LOGIN_FIELD:0

# The login id, default is id. Basically the query is:

# SELECT MYSQL_UID_FIELD, MYSQL_GID_FIELD, ... WHERE id='loginid'

MYSQL_LOGIN_FIELD address

##NAME: MYSQL_HOME_FIELD:0

MYSQL_HOME_FIELD homedir

##NAME: MYSQL_NAME_FIELD:0

# The user's name (optional)

MYSQL_NAME_FIELD realname

##NAME: MYSQL_MAILDIR_FIELD:0

# This is an optional field, and can be used to specify an arbitrary

# location of the maildir for the account, which normally defaults to

# $HOME/Maildir (where $HOME is read from MYSQL_HOME_FIELD).

# You still need to provide a MYSQL_HOME_FIELD, even if you uncomment this

# out.

MYSQL_MAILDIR_FIELD maildir

##NAME: MYSQL_DEFAULTDELIVERY:0

# Courier mail server only: optional field specifies custom mail delivery

# instructions for this account (if defined) -- essentially overrides

# DEFAULTDELIVERY from ${sysconfdir}/courierd

# MYSQL_DEFAULTDELIVERY defaultdelivery

##NAME: MYSQL_QUOTA_FIELD:0

# Define MYSQL_QUOTA_FIELD to be the name of the field that can optionally

# specify a maildir quota. See README.maildirquota for more information

MYSQL_QUOTA_FIELD quota

##NAME: MYSQL_AUXOPTIONS:0

# Auxiliary options. The MYSQL_AUXOPTIONS field should be a char field that

# contains a single string consisting of comma-separated "ATTRIBUTE=NAME"

# pairs. These names are additional attributes that define various per-account

# "options", as given in INSTALL's description of the "Account OPTIONS"

# setting.

# MYSQL_AUXOPTIONS_FIELD auxoptions

# You might want to try something like this, if you'd like to use a bunch

# of individual fields, instead of a single text blob:

# MYSQL_AUXOPTIONS_FIELD CONCAT("disableimap=",disableimap,",disablepop3=",disablepop3,",disablewebmail=",disablewebmail,",sharedgroup=

",sharedgroup)

# This will let you define fields called "disableimap", etc, with the end result

# being something that the OPTIONS parser understands.

##NAME: MYSQL_WHERE_CLAUSE:0

# This is optional, MYSQL_WHERE_CLAUSE can be basically set to an arbitrary

# fixed string that is appended to the WHERE clause of our query

# MYSQL_WHERE_CLAUSE server='mailhost.example.com'

##NAME: MYSQL_SELECT_CLAUSE:0

# (EXPERIMENTAL)

# This is optional, MYSQL_SELECT_CLAUSE can be set when you have a database,

# which is structuraly different from proposed. The fixed string will

# be used to do a SELECT operation on database, which should return fields

# in order specified bellow:

# username, cryptpw, clearpw, uid, gid, home, maildir, quota, fullname, options

# The username field should include the domain (see example below).

# Enabling this option causes ignorance of any other field-related

# options, excluding default domain.

# There are two variables, which you can use. Substitution will be made

# for them, so you can put entered username (local part) and domain name

# in the right place of your query. These variables are:

# $(local_part), $(domain), $(service)

# If a $(domain) is empty (not given by the remote user) the default domain

# name is used in its place.

# $(service) will expand out to the service being authenticated: imap, imaps,

# pop3 or pop3s. Courier mail server only: service will also expand out to

# "courier", when searching for local mail account's location. In this case,

# if the "maildir" field is not empty it will be used in place of

# DEFAULTDELIVERY. Courier mail server will also use esmtp when doing

# authenticated ESMTP.

# This example is a little bit modified adaptation of vmail-sql

# database scheme:

# MYSQL_SELECT_CLAUSE SELECT CONCAT(popbox.local_part, '@', popbox.domain_name), \

# CONCAT('{MD5}', popbox.password_hash), \

# popbox.clearpw, \

# domain.uid, \

# domain.gid, \

# CONCAT(domain.path,np''/''', popbox.mbox_name), \

# &p'''''', \

# domain.quota, \

# &nbpbp'''''', \

# CONCAT("disableimap=",disableimap,",disablepop3=", \

# disablepop3,",disablewebmail=",disablewebmail, \

# ",sharedgroup=",sharedgroup) \

# FROM popbox, domain \

# WHERE popbox.local_partbp=nbsp;''''lclpart)'''' \

# AND popbox.domain_naebp=&nbs;'''(omain)'''' \

# AND popbox.domain_name = domain.domain_name

##NAME: MYSQL_ENUMERATE_CLAUSE:1

# {EXPERIMENTAL}

# Optional custom SQL query used to enumerate accounts for authenumerate,

# in order to compile a list of accounts for shared folders. The query

# should return the following fields: name, uid, gid, homedir, maildir, options

# Example:

# MYSQL_ENUMERATE_CLAUSE SELECT CONCAT(popbox.lc_r,&bp''''@'''', popbox.domain_name), \

# domain.uid, \

# domain.gid, \

# CONCATda.at,ns;''''/'''', popbox.mbox_name), \

# &nbs;s;ns;nsp;'''''''', \

# &nbs;bp COCAT(''sharedgroup='''', sharedgroup) \

# FROM popbox, domain \

# WHERE popbox.olprt =nbsp;''$(local_part)'''' \

# AND popbox.oi_ame&nsp;=&bp''''$(domain)'''' \

# AND popbox.domain_name = domain.domain_name

##NAME: MYSQL_CHPASS_CLAUSE:0

# (EXPERIMENTAL)

# This is optional, MYSQL_CHPASS_CLAUSE can be set when you have a database,

# which is structuraly different from proposed. The fixed string will

# be used to do an UPDATE operation on database. In other words, it is

# used, when changing password.

# There are four variables, which you can use. Substitution will be made

# for them, so you can put entered username (local part) and domain name

# in the right place of your query. There variables are:

# $(local_part) , $(domain) , $(newpass) , $(newpass_crypt)

# If a $(domain) is empty (not given by the remote user) the default domain

# name is used in its place.

# $(newpass) contains plain password

# $(newpass_crypt) contains its crypted form

# MYSQL_CHPASS_CLAUSE UPDATE popbox \

# SET np&bsp;&nsp;clap=''''$(newpass)'''', \

# &s;nbsp;passwor_hash'''$(newpass_crypt)'''' \

# WHERE&b;nsp; ocal_at''''$(local_part)'''' \

# AND &b;nsp;&nsp;doannme=''''$(domain)''''

(4)编辑/usr/local/etc/authlib/authdaemonrc

CODE

authmodulelist="authmysql authpam authuserdb"

authmodulelistorig="authmysql authpam authuserdb"

version="authdaemond.mysql"

重启服务器

________________________________________

Chapter 3.安装postfix管理工具

本节主要介绍如何安装和使用本人开发的postfix管理工具。

________________________________________

3.1安装本人开发的postfix管理工具来设置第一个域名和用户

下载本站开发的postfix管理工具

稍后发布和制作安装文档。。。。。。。。。。

3.2 用户登录测试

用户登录测试

安装p5-MIME-Base64

mail# cd /usr/ports/converters/p5-MIME-Base64/

mail# make install clean

通过p5-MIME-Base64来取得用户名和密码的base64编码

mail# perl MM:Base64 -e ''''print encode_base(wbaster\@toping.net");''''

d2VibWFzdGVyQHRvcGluZy5uZXQ=

mail# perl MM:Base64 -e ''''print&npecde_base64("000000");''''

MDAwMDAw

发送邮件：

mail# telnet 127.0.0.1 25

Trying 127.0.0.1...

Connected to 0.

Escapenphrace&bp;is ''''^]''''.

220 mail.toping.net ESMTP Postfix

ehlo mail

250-mail.toping.net

250-PIPELINING

250-SIZE 4194304

250-VRFY

250-ETRN

250-AUTH NTLM LOGIN PLAIN OTP

250-AUTH=NTLM LOGIN PLAIN OTP

250 8BITMIME

auth login

334 VXNlcm5hbWU6

d2VibWFzdGVyQHRvcGluZy5uZXQ= //此为用户名id：webmaster@toping.net

334 UGFzc3dvcmQ6

MDAwMDAw //此为用户密码password：000000

235 Authentication successful

MAIL FROM:webmaster@toping.net //告诉服务器发件人的Email地址

250 Ok

RCPT TO:webmaster@toping.net //告诉服务器收件人的地址

250 OK

DATA //告诉服务器开始写信

354 End data with <CR><LF>.<CR><LF>

SUBJECT:test //subject后面填写的是邮件的主题

test

. //换行后输入.后按回车,表示信件内容书写完毕

250 Ok: queued as 58DC71D5

quit //发送信件，结束对话，退出SMTP服务器

221 Bye

Connection closed by foreign host

收取邮件：

mail# telnet 127.0.0.1 110

Trying 127.0.0.1...

Connected to 0

Escapenphrace&bp;is ''''^]''''

+OK Hello there

user webmaster@toping.net m

+OK Password required

pass 000000

+OK logged in

list

+OK POP3 clients that break here, they violate STD53

1 2217

retr 1 //返回第一封信的全部内容

+OK 2217 octets follow.

Return-Path: <webmaster@toping.net>

X-Original-To: webmaster@toping.net

Delivered-To: webmaster@toping.net

Received: from mail (localhost.toping.net [127.0.0.1])

by mail.toping.net (Postfix) with ESMTP id 58DC71D5

for <webmaster@toping.net>; Mon, 9 Aug 2004 21:11:20 +0800 (CST)

SUBJECT:test

Message-Id: <20040809131120.58DC71D5@mail.toping.net>

Date: Mon, 9 Aug 2004 21:11:20 +0800 (CST)

From: webmaster@toping.net

To: undisclosed-recipients:;

test

dele 1 //删除

+OK Deleted

quit

+OK Bye-bye

Connection closed by foreign host

也可以使用任何其它的邮件客户端程序来测试，如foxmail、Outlook Express等等。

________________________________________

Chapter 4. 防病毒与防垃圾邮件

本章介绍病毒与垃圾邮件的防范。

________________________________________

4.1 安装Clamav

mail# cd /usr/ports/security/clamav

mail# make install clean

注：MILTER不用选中

重启服务器

测试

mail# clamscan -r -i /usr/local/www/data

----------- SCAN SUMMARY -----------

Known viruses: 32358

Scanned directories: 47

Scanned files: 866

Infected files: 0

Data scanned: 10.32 MB

I/O buffer size: 131072 bytes

Time: 41.750 sec (0 m 41 s)

升级病毒库

mail# freshclam

ClamAV update process started at Mon Apr 4 10:52:27 2005

main.cvd is up to date (version: 30, sigs: 31086, f-level: 4, builder: tkojm)

daily.cvd is up to date (version: 804, sigs: 1381, f-level: 4, builder: arnaud)

________________________________________

4.2 安装amavisd-new

版本20040701。

mail# cd /usr/ports/security/amavisd-new

mail# make install clean

选中MySQL

编辑/etc/rc.conf，加入

amavisd_enable="YES"

修改/usr/local/etc/amavisd.Cofb>mydomai =nbsp;''''example.com';成mydomain&nbs;=&nbp'''toping.net '''';

$rad_method =&nbp;'''stp:[127.0.0.1]:10025'''';

的注释去掉

修改/usr/local/etc/postfix/master.cf，最后加入

##########################3amavis######################################

smtp-amavis unix - - y - 2 smtp -o smtp_data_done_timeout=1200

127.0.0.1:10025 inet n - n - - smtpd

-o content_filter=

-o local_recipient_maps=

-o relay_recipient_maps=

-o smtpd_restriction_classes=

-o smtpd_client_restrictions=

-o smtpd_helo_restrictions=

-o smtpd_sender_restrictions=

-o smtpd_recipient_restrictions=permit_mynetworks,reject

-o mynetworks=127.0.0.0/8

-o strict_rfc821_envelopes=yes

-o smtpd_error_sleep_time=0

-o smtpd_soft_error_limit=1001

-o smtpd_hard_error_limit=1000

重启服务器

________________________________________

4.3 安装配置Spamassassin

在新的AMaVisd-new已经结合了Spamassassin功能，所以只要用 ports安装了 AMaVisd-new，那Spamassassin 也已经安装好了。

添加需要的用户

mail# pw useradd spam -c "Spam Bayes Learner" -d /var/empty -s /sbin/nologin

mail# pw useradd notspam -c "Not Spam Bayes Learner" -d /var/empty -s /sbin/nologin

修改/usr/local/etc/mail/spamassassin/local.cf

use_bayes 1

bayes_path /var/amavis/.spamassassin/bayes

auto_learn 1

auto_learn_threshold_nonspam -2

auto_learn_threshold_spam 15

修改/usr/local/etc/amavisdcf在mydoman&nbs;&bp;''''toping.net'''';一段下面增加

$max_requests&nbssp;= 10;

$child_timeout=5*60;

@bypass_virus_checks_acl = qw( . );

@local_domains_acl = ( ".$mydomain" );

$final_spam_destiny = D_PASS;

read_hs\witelist_sender,&nsp;'''var/amavis/whitelist'''');

read_hs\backlist_sender,&nsp;'''var/amavis/blacklist'''');

rahs(\%spam_lovers,&nbs;'''vr/amavis/spam_lovers'''');

建立所需要的文件

mail# touch /var/amavis/whitelist

mail# touch /var/amavis/blacklist

mail# touch /var/amavis/spam_lovers

mail# chown vscan /var/amavis/whitelist

mail# chown vscan /var/amavis/blacklist

mail# chown vscan /var/amavis/spam_lovers

mail# echo spam@toping.net >> /var/amavis/spam_lovers

mail# echo notspam@toping.ne >> /var/amavis/spam_lovers

修改/usr/local/etc/postfix/main.cf，添加

content_filter = smtp-amavis:[127.0.0.1]:10024

建立自动学习体系

mail# vi /usr/local/sbin/my-sa-learn.sh

#!/bin/sh

if [ -e /var/mail/spam ]; then

/usr/local/bin/sa-learn --spam -p /var/amavis/.spamassassin/user_prefs --mbox /var/mail/spam

rm /var/mail/spam > /dev/null

if [ -e /var/mail/notspam ]; then

/usr/local/bin/sa-learn --ham -p /var/amavis/.spamassassin/user_prefs --mbox /var/mail/notspam

rm /va/mail/notspam > /dev/null

mail# chmod a+x /usr/local/sbin/my-sa-learn.sh

建立学习知识库：

mail# /usr/local/bin/sa-learn --sync -p /var/amavis/.spamassassin/user_prefs

加入自动运行校?

mail# crontab -e

5 0 * * * /usr/local/sbin/my-sa-learn.sh

重启服务器

测试

mail# su - vscascan

mail# /usr/local/sbin/amavisd debug

启动另一个终端：

mail# telnet 127.0.0.1 10024

Trying 127.0.0.1...

Connected to localhost.toping.net.

Escapenphrace&bp;is ''''^]''''.

220 [127.0.0.1] ESMTP amavisd-new service ready

MAIL FROM:<webmaster@toping.net>

250 2.1.0 Sender webmaster@toping.net OK

RCPT TO:<webmaster@toping.net>

250 2.1.5 Recipient webmaster@toping.net OK

DATA

354 End data with <CR><LF>.<CR><LF>

Subject: test

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

250 2.7.1 Ok, discarded, id=00228-01 - VIRUS: Eicar-Test-Signature

//出现这一行表示系统已经认出这个邮件中含有 Virus

quit

________________________________________

Chapter 5. 安装webmail

如何使用本人修改的iGENUS webmail 2.0.2 release

________________________________________

webmail使用igenus，版本是iGENUS webmail 2.0.2 release

建议下载本人修改的iGENUS webmail 2.0.2 release

下载igenus到/usr/local/www/data/目录后解压

安装文档参考官方网站。

安装autorespond。

mail# cd /usr/ports/mail/autorespond

mail# make install clean

修改/usr/local/etc/apache/httpd.conf

Group www、User www修改为： Group postfix、User postfix

mail# cd /usr/local/www/data

mail# chown -R postfix:postfix phpMyAdmin

mail# cd /usr/local/l/etc

mail# cp php.ini-dist php.ini

修改/usr/local/etc/php.ini

register_globals = On

max_execution_time = 30 //改为60 (增加处疟镜氖奔湎拗?

memory_limit = 8M //改为40M (这样才, 能发10M的附件)

post_max_size = 8M //改为10M

upload_max_filesize = 2M //改为10M

重启apache

mail# /usr/local/etc/rc.d/apache.sh restart

________________________________________

Chapter 6. 查看系统状态

本节主要讲述phpSysInfo工具的安装和配置

________________________________________

安装phpSysInfo(2.2)

mail# cd /usr/ports/www/phpSysInfo

mail# make install clean

mail# cd /usr/local/www/data-dist/phpSysInfo

mail# cp config.php.new config.php