Linux下Mail  实验汇总

                                                     作者：edwin

系统：rhel5.4

所需软件包：extmail-1[1][1].2.tar.gz extman-1[1][1].1.tar.gz File-Tail-0.99.3.tar.gz fp-Linux-i686-ws.tar.gz MailScanner-4.69.9-3.rpm.tar.gz phpMyAdmin-2.11.3-all-languages.tar.bz2 postfix-2.7-20090828.tar.gz

rrdtool-1.2.30.tar.tar slockd-0.10.tar.gz Time-HiRes-1.9715.tar.gz Unix-Syslog-1.1.tar.gz

简要说明：为了提高搭建速度，我们这里直接用本地yum安装

本地yum的配置方法如下

a.Mount /dev/cdrom /media

b.Vi /etc/yum.repos.d/rhel-debuginfo.repo

[Server]

name=Red Hat Enterprise Linux $releasever - $basearch - Server

baseurl=file:///media/Server #这里是你的cdrom路径

enabled=1  #

gpgcheck=1 #

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

注：centos下原理一样，标#的地方照这个改 然后 yum clean all 清空yum 缓存库 这样本地yum就能用了.

一、  Sendmail的基本配置：

1.  cd /etc/xinetd.d

2.  ls查看有没有ipop3和imap协议

3.  编辑vi /etc/xinetd.d/ipop3 把里面的disable=yes改为disable=no

4.  编辑vi /etc/xined.d/imap 把里面的disable=yes改为diable=no

5.  测试一下pop3和imap　telnet localhost 110(pop3邮局协议的端口)　telnet localhost 143(imap端口)

6.  退出的时候都用ctl+]然后回车在输入quit即可（测试后要记得重启xinetd服务）

7.  编辑vi /etc/mail/Sendmail.mc把里面的 dnl TRUST_AUTH_MECH(.........)和dnl define(`confAUTH_MECHANISMS`,.........)前面的dnl去了

8.  在添加两条DAEMON_OPTIONS(`port=25,name=MTA`)dnl和DAEMON_OPTIONS(`port=587,name=MSA,m=Ea`)dnl

9.  在DAEMON_OPTIONS(`port=smtp,Addr=127.0.0.1,name=smTA`)dnl和DAEMON_OPTIONS(`accept_Unres,Olvale_domains`)dnl前面加上dnl

10. 测试一下MTA telnet localhost 25回车输入ehlo test回车看见AUTH=..250说明成功退出和上面的一样

11. 做输入重定向m4 /etc/mail/Sendmail.mc>/etc/mail/Sendmail.cf

12. 重启Sendmail服务service Sendmail restart

13. 编辑 vi/etc/mail/access把允许转发的用户的IP或域名添加上去比如允许192.168.10.10的计算机通过
 编辑vi /etc/mail/access在里面加上192.168.10.10         RELAY 或是OK(允许转发与通过)

14. 编辑vi /etc/mail/local-host-names把邮件服务器使用的域名给添加上去

15.在做DNS的时候要在正向解析上添加一个　IN  MX 5(参数是设优先级的)

16.重起一下Sendmail服务

二、企业邮件设计：

rhel5.4+postfix+mysql+dovecot+extmail  system

1. installing mysql

a. yum install mysql mysql-server  mysql-devel php php-mysql -y

b. service mysqld start

2. postfix upgrade (系统自带的postfix不支持mysql 因此需要重新编译加载mysql的支持 这

里我用的是最新的稳定源码直接升级系统已有的postfix)

a. yum install postfix -y

b. alternatives set mta /usr/sbin/sendmail.postfix ; service sendmail stop

c. tar zxvf postfix-2.7-20090828.tar.gz –C /mnt

d. cd /mnt/postfix-2.7-20090828/;vi README_FILES/MYSQL_README

找到make -f Makefile.init makefiles /

        'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include' /  #改成/usr/include/mysql

        'AUXLIBS=-L/usr/local/mysql/lib -lmysqlclient -lz -lm'    #改成/usr/lib/mysql

黏贴等待编译，完成后输入make upgrade 或者make install

编译成功后输入postconf –m  看到mysql证明编译成功 否则重新编译

6. modify /etc/postfix/main.cf looks like:

a. myhostname = mail.edwin.com

b. mydomain = edwin.com

c. myorigin = $mydomain

d. inet_interfaces = all

e. mydestination = $myhostname, $mydomain

f. service postfix start

3. support for mysql looks like:

Mkdir /var/www/extsuite 只能建这个文件夹 这样比较方便配置

Tar zxvf extman-1[1][1].1.tar.gz –C /var/www/extsuite

Tar zxvf extmail-1[1][1].2.tar.gz

Mv extman-1[1][1].1 extman; mv extmail-1[1][1].2 extmail

a. cd /var/www/extsuite/extman/docs

b. cp mysql_virtual_alias_maps.cf mysql_virtual_domains_maps.cf

mysql_virtual_mailbox_maps.cf /etc/postfix (这三个文件是postfix从mysql中查询数据

用的 在extman中的docs目录中）

c. vi init.sql

输入%s/extmail.org/edwin.com 这个命令式用你自己的域名替换掉默认的域名 然后找到extmail 和extman 对应的密码的md5值替换成明文的123  这样是为了方便以后都用明文.

d.给mysql设置密码

mysqladmin –uroot  password “edwin”  #mysql 的初始密码是空的 所以可以不加 –p 参数

service mysqld restart

mysql –uroot –pedwin <extmail.sql

mysql –uroot –pedwin <init.sql

useradd -g 600 virtual

e. modify /etc/postfix/main.cf looks like

以下参数可以通过命令postconf –d 看出来

postconf –e virtual_mailbox_base=/home/virtual  #postconf –e 可直接修改main.cf文件 也可手工加

postconf –e virtual_uid_maps=static:600

 postconf –e virtual_gid_maps=static:600

postconf –e virtual_alias_maps=mysql:/etc/postfix/mysql_virtual_alias_maps.cf

postconf –e virtual_mailbox_domains=mysql:/etc/postfix/mysql_virtual_domains_maps.cf

postconf –e virtual_mailbox_maps=mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf

4. support for sasl looks like:

a. postconf –e smtpd_sasl_auth_enable=yes

b. postconf –e smtpd_sasl_security_options=noanonymous

c. postconf –e smtpd_sasl_type=dovecot

d. postconf –e smtpd_sasl_path=private/auth

e. postconf –e “smtpd_recipient_restrictions=permit_sasl_authenticated, permit_tls_clientcerts,permit_mynetworks, reject_unauth_destination”

5. support for tls looks like:

a. cd /etc/pki/tls/certs; ./makedummycert mail.pem

b. postconf –e smtpd_tls_CApath=/etc/pki/tls/certs

c. postconf –e smtpd_tls_cert_file=/etc/pki/tls/certs/mail.pem

d. postconf –e smtpd_tls_key_file=/etc/pki/tls/certs/mail.pem

e. postconf –e smtpd_tls_loglevel=0

f. postconf –e smtpd_tls_received_header=yes

g. postconf –e smtpd_tls_security_level=may

h. postconf –e smtpd_tls_session_cache_database=btree:/var/lib/postfix/smtpd_tls_session_cache.db

i. postconf –e tls_random_source=dev:/dev/urandom

6. configure the dovecot looks like: (对MUA收信的支持)

a. cd /etc/pki/tls/certs; make dovecot.pem; cp dovecot.pem ../../dovecot/certs/; cp dovecot.pem

../../dovecot/private/

b. modify the /etc/dovecot.conf:

protocols = imap imaps pop3 pop3s

ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem

ssl_key_file = /etc/pki/dovecot/private/dovecot.pem

mail_location = maildir:/home/virtual/%d/%n/Maildir

first_valid_uid = 600

auth default {

mechanisms = plain login digestmd5

crammd5

ntlm rpa gssapi

passdb sql {

args = /etc/dovecotsql.

conf

}

userdb sql {

args = /etc/dovecotsql.

conf

}

user = nobody

socket listen {

client {

path = /var/spool/postfix/private/auth

mode = 0660

user = postfix

group = postfix

}

}

}

c. modify the /etc/dovecotsql.

conf: (收信是要对用户进行验证 下面的配置是让dovecot 从

mysql中查询相应的数据)

cp /usr/share/doc/dovecot1.0/examples/dovecotsql.conf  /etc;vi /etc/ dovecotsql.conf

driver = mysql

connect = host=localhost dbname=extmail user=extmail password=extmail

default_pass_scheme = PLAIN

password_query = SELECT username as user, password FROM mailbox WHERE username

= '%u'

user_query = SELECT maildir, 500 AS uid, 500 AS gid FROM mailbox WHERE username =

'%u'

7. installing extmail and extman (http://www.extmail.org/cgibin/download.cgi)

a. cd extmail; cp webmail.cf.default webmail.cf

b. modify webmail.cf looks like:

SYS_MAILDIR_BASE = /home/virtual

SYS_CRYPT_TYPE = plain

SYS_MYSQL_USER = extmail

SYS_MYSQL_PASS = extmail

c.cd ../extman ; modify webman.cf looks like:

SYS_MAILDIR_BASE = /home/virtual

SYS_CAPTCHA_LEN = 4

SYS_CRYPT_TYPE = plain

8. mkdir /tmp/extman; chown virtual /tmp/extman

9. configure httpd add following lines:

a. NameVirtualHost *:80

b. <VirtualHost *:80>

ServerName extmail.example.com

DocumentRoot /var/www/extsuite/extmail/html/

ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi

ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi

Alias /extman /var/www/extsuite/extman/html

Alias /extmail /var/www/extsuite/extmail/html

SuexecUserGroup virtual virtual

</VirtualHost>

10. rpm -ivh perlGD2.351. el5.rf.i386.rpm #如果不知道装那个包就 yum install perl* 就行了

11. tar zxf TimeHiRes1.9715.tar.gz

a. cd TimeHiRes1.9715

b. perl Makefile.PL && make && make test && make install  #perl 编译

12. tar zxf FileTail0.99.3.tar.gz

a. cd FileTail0.99.3

b. perl Makefile.PL && make && make test && make install

13. yum install libart_lgpl libart_lgpl-devel freetype freetype-devel tcl tcl-devel libpng libpng-devel python python-devel ruby ruby-devel -y

14. tar zxf rrdtool1.2.26.tar.gz

a. cd rrdtool1.2.26

b. ./configure –prefix=/usr/local/rrdtool

c. make && make install

d. ln -s /usr/local/rrdtool/lib/perl/5.8.8/RRDp.pm /usr/lib/perl5/5.8.8/

e. ln -s /usr/local/rrdtool/lib/perl/5.8.8/i386linuxthreadmulti/RRDs.pm /usr/lib/perl5/5.8.8/

f. ln -s /usr/local/rrdtool/lib/perl/5.8.8/i386linuxthreadmulti/auto/RRDs/RRDs.so/usr/lib/perl5/5.8.8/i386linuxthreadmulti/

15. cd /var/www/extsuite/extman/addon

16. cp rmailgraph_ext/ /usr/local/

17. /usr/local/mailgraph_ext/mailgraphinit start

18. /usr/local/mailgraph_ext/qmonitorinit start

9. ok! you can test via firefox!

Installing antivirus antispam for postfix

1. Install Spamassassin

a) yum install spamassassin -y

b) wget –N –P /usr/share/spamassassin www.ccert.edu.cn/spam/sa/Chinese_rules.cf

c) Service spamassassin start

2. Install Fprot

a) Wget http://files.f-prot.com/files/linuxx86/fplinuws.rpm

b) rpm –ivh fplinuxws.rpm

c) /usr/local/f-prot/tools/checkupdates.pl ( edit crontab if you want it to auto update)

3. Install MailScanner

a) Download from http://www.mailscanner.info/downloads.html

b) tar zxvf MailScanner4.69.93.rpm.tar.gz

c) cd MailScanner

d) ./install.sh

e) mkdir /var/spool/MailScanner/spamassassin; chown postfix.postfix /var/spool/MailScanner/*

f) vi /etc/MailScanner/MailScanner.conf (change follow lines, like so)

Run As User = postfix

Run As Group = postfix

Incoming Queue Dir = /var/spool/postfix/hold

Outgoing Queue Dir = /var/spool/postfix/incoming

MTA = postfix

Virus Scanners = f-prot

Always Include Spamassassin report = yes

Use Spamassassin = yes

SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin

g) echo /^Received:/ HOLD >>/etc/postfix/header_checks

postmap /etc/postfix/header_checks (make sure uncomment header_checks in /etc/postfix/main.cf)

h) postfix stop; chkconfig postfix off

i) service MailScanner start

j) chkconfig MailScanner on

4. Virus test

a) Download “eicar.com” from http://www.eicar.org/anti_virus_test_file.htm

b) mail test include “eicar.com”.# 这里就可以过滤掉病毒eicar.com

Mail 服务扩展

ADDITIONAL SECTION:

1. 加强贝式分析广告信件需要安装密码学演算和特征比对的 Razor Pyzor Dcc

1. Install Razor and Razoragent

Download razor from: http://razor.sourceforge.net/

tar jxvf razoragentssdk2.07.tar.bz2

cd razoragentssdk2.07

perl Makefile.PL && make && make install

tar jxvf razoragents2.84.tar.bz2

cd razoragents2.84

perl Makefile.PL && make && make install

razoradmin

register

user=

test@4bo.cn pass=

test

2. Install Pyzor

wget http://jaist.dl.sourceforge.net/sourceforge/pyzor/pyzor0.4.0.tar.bz2

tar jxvf pyzor0.4.0.tar.bz2

cd pyzor0.4.0

python setup.py build && python setup.py install

chmod -R a+rX /usr/share/doc/pyzor /usr/lib/python2.4/sitepackages/pyzor /usr/bin/pyzor /usr/bin/pyzord

3. Install DCC

wget http://www.rhyolite.com/antispam/dcc/source/dcc.tar.Z

tar zxvf dcc.tar.Z

cd dcc1.3.90

./configure && make && make install

好了，一个完整的企业邮件系统就结束了，你在客户端可以通过http：//mail.edwin.com来看到效果

对了phpmyadmin可以这样使用

Tar jxvf phpMyAdmin-2.11.3-all-languages.tar.bz2 –C /var/www/extsuite/extmail/html/

Cd /var/www/extsuite/extmail/html/ ；mv phpMyAdmin-2.11.3-all-languages phpadmin

然后你输入

http：//mail.edwin.com/phpadmin就可以用网页直接管理您的mysql了，当然这只是在公网的情况下，自己配置的话要用dns的，这里就不做详解，下来再写吧。

                                                                               Edwin

2010.10.28