UbuntuHelp:PostfixCompleteVirtualMailSystemHowto1/zh
来自Ubuntu中文
目录
预处理,清理环境
用root用户登入
su -
重新配置dpkg
输入
dpkg-reconfigure dash
后,系统若问你,输入No
Install dash as /bin/sh? <-- No
取消掉AppArmor
如果有AppArmor的话,disable掉
/etc/init.d/apparmor stop update-rc.d -f apparmor remove aptitude remove apparmor apparmor-utils
安装包
安装要使用到的软件及模块
包括Postfix, Courier, Saslauthd, MySQL, and phpMyAdmin
apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl postfix-tls libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl phpmyadmin apache2 libapache2-mod-php5 php5 php5-mysql libpam-smbpass
安装过程中如果出现以下问题,这样回答
New password for the MySQL "root" user: <-- yourrootsqlpassword Repeat password for the MySQL "root" user: <-- yourrootsqlpassword Create directories for web-based administration? <-- No General type of mail configuration: <-- Internet Site System mail name: <-- server1.example.com SSL certificate required <-- Ok Web server to reconfigure automatically: <-- apache2 Configure database for phpmyadmin with dbconfig-common? <-- No
对postfix打补丁
获得编译postfix环境所需要的软件,可能有c编译器或一些库文件,其中关系不需关心
apt-get build-dep postfix
切换到/usr/src下后,获取postfix的源代码,为编译做准备
cd /usr/src apt-get source postfix
查看当前postfix版本号,为打补丁做准备
postconf -d | grep mail_version
<note important> 因版本不同,请按相应版本来操作,看到的类似“mail_version = 2.7.0” </note>
下载补丁包,对postfix源文件补丁,最后buildpackage
wget http://vda.sourceforge.net/VDA/postfix-vda-2.7.0.patch cd postfix-2.7.0 patch -p1 < ../postfix-vda-2.7.0.patch dpkg-buildpackage cd ..
离开postfix-2.7.0,你会看到编译完的各个“.deb”文件,你要做的就是安装其中2个(因版本不同,名字也不同)
dpkg -i postfix_2.7.0-1_i386.deb postfix-mysql_2.7.0-1_i386.deb
为postfix/courier搭建数据库
先给自己的数据库的root设置密码(这里假设设置为6个x)
mysqladmin -u root -p password xxxxxx
然后shell会问你当前mysql密码,因为是空,就直接回车,这样mysql密码就设置成xxxxxx了
在shell环境里先建立一个库,名字为mail(当然也可以在mysql下建立)
mysqladmin -u root -p create mail
进入到mysql里去,会提示输入root密码,“xxxxxx“
mysql -u root -p
创建一个用户和密码,并为其设置数据库权限(这里的用户为mail_admin,密码为mail_admin_password)
GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost' IDENTIFIED BY 'mail_admin_password'; GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost.localdomain' IDENTIFIED BY 'mail_admin_password'; FLUSH PRIVILEGES;
在数据库里创建表
USE mail; CREATE TABLE domains ( domain varchar(50) NOT NULL, PRIMARY KEY (domain) ) TYPE=MyISAM; CREATE TABLE forwardings ( source varchar(80) NOT NULL, destination TEXT NOT NULL, PRIMARY KEY (source) ) TYPE=MyISAM; CREATE TABLE users ( email varchar(80) NOT NULL, password varchar(20) NOT NULL, quota INT(10) DEFAULT '10485760', PRIMARY KEY (email) ) TYPE=MyISAM; CREATE TABLE transport ( domain varchar(128) NOT NULL default , transport varchar(128) NOT NULL default , UNIQUE KEY domain (domain) ) TYPE=MyISAM; quit;
配置postfix
mysql检查
<note important> 确保mysql配置文件里有这行,如果没有就改成这行,bind-address = 127.0.0.1 </note>
可以用命令查看
grep bind-address /etc/mysql/my.cnf
确认mysql已经运行
netstat -tap | grep mysql 如有以下行说明已经运行 tcp 0 0 localhost.localdo:mysql *:* LISTEN 2726/mysqld
创建postfix-mysql联系文件
创建6个map文件,使postfix可以使用到mysql
1.创建虚拟域文件,postfix可以通过该文件去mysql读取有哪些虚拟域存在
vi /etc/postfix/mysql-virtual_domains.cf
#mysql-virtual_domains.cf内容 user = mail_admin password = mail_admin_password dbname = mail query = SELECT domain AS virtual FROM domains WHERE domain='%s' hosts = 127.0.0.1
2.创建转发文件,postfix可以通过该文件去mysql读取转发条件来进行转发
vi /etc/postfix/mysql-virtual_forwardings.cf
#mysql-virtual_forwardings.cf内容 user = mail_admin password = mail_admin_password dbname = mail query = SELECT destination FROM forwardings WHERE source='%s' hosts = 127.0.0.1
3.创建虚拟邮箱文件,postfix可以通过该文件去mysql读取哪些虚拟邮箱存在
vi /etc/postfix/mysql-virtual_mailboxes.cf
#mysql-virtual_mailboxes.cf内容 user = mail_admin password = mail_admin_password dbname = mail query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM users WHERE email='%s' hosts = 127.0.0.1
4.创建email2email文件
vi /etc/postfix/mysql-virtual_email2email.cf
#mysql-virtual_email2email.cf内容 user = mail_admin password = mail_admin_password dbname = mail query = SELECT email FROM users WHERE email='%s' hosts = 127.0.0.1
5.创建代传文件,postfix可以通过该文件去mysql读取传输代理条件来进行转发
vi /etc/postfix/mysql-virtual_transports.cf
#mysql-virtual_transports.cf内容 user = mail_admin password = mail_admin_password dbname = mail query = SELECT transport FROM transport WHERE domain='%s' hosts = 127.0.0.1
6.创建邮箱配额文件,postfix可以通过该文件去mysql读取某个账户的邮箱配额
vi /etc/postfix/mysql-virtual_mailbox_limit_maps.cf
#mysql-virtual_mailbox_limit_maps.cf内容 user = mail_admin password = mail_admin_password dbname = mail query = SELECT quota FROM users WHERE email='%s' hosts = 127.0.0.1
修改前面创建的6个文件,包括他们的权限和组权限
chmod o= /etc/postfix/mysql-virtual_*.cf chgrp postfix /etc/postfix/mysql-virtual_*.cf
添加一个组,添加一个用户
groupadd -g 5000 vmail useradd -g vmail -u 5000 vmail -d /home/vmail -m
配置postfix的配置文件
<note important> 请注意第一第二行的server1.example.com请做相应改变 </note>
postconf -e 'myhostname = server1.example.com' postconf -e 'mydestination = server1.example.com, localhost, localhost.localdomain' postconf -e 'mynetworks = 127.0.0.0/8' postconf -e 'virtual_alias_domains =' postconf -e 'virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf' postconf -e 'virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf' postconf -e 'virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf' postconf -e 'virtual_mailbox_base = /home/vmail' postconf -e 'virtual_uid_maps = static:5000' postconf -e 'virtual_gid_maps = static:5000' postconf -e 'smtpd_sasl_auth_enable = yes' postconf -e 'broken_sasl_auth_clients = yes' postconf -e 'smtpd_sasl_authenticated_header = yes' postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination' postconf -e 'smtpd_use_tls = yes' postconf -e 'smtpd_tls_cert_file = /etc/postfix/smtpd.cert' postconf -e 'smtpd_tls_key_file = /etc/postfix/smtpd.key' postconf -e 'transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf' postconf -e 'virtual_create_maildirsize = yes' postconf -e 'virtual_maildir_extended = yes' postconf -e 'virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf' postconf -e 'virtual_mailbox_limit_override = yes' postconf -e 'virtual_maildir_limit_message = "The user you are trying to reach is over quota."' postconf -e 'virtual_overquota_bounce = yes' postconf -e 'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps'
创建ssl证书
切换到postfix配置目录,通过openssl生成证书
cd /etc/postfix openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509
系统会问你:(可以随便乱写)
Country Name (2 letter code) [AU]: <-- 国家简称,输入CN State or Province Name (full name) [Some-State]: <-- China Locality Name (eg, city) []: <-- ShangHai Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- THI Organizational Unit Name (eg, section) []: <-- MIS Common Name (eg, YOUR name) []: <-- yourname Email Address []: <-- [email protected]
修改刚创建的smtpd.key的权限
chmod o= /etc/postfix/smtpd.key
配置sasl认证
建立目录
mkdir -p /var/spool/postfix/var/run/saslauthd
然后编辑/etc/default/saslauthd文件,设置START为yes,把OPTIONS="-c -m /var/run/saslauthd"这行改成OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
vi /etc/default/saslauthd
#/etc/default/saslauthd文件的部分内容 START=yes OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
创建/etc/pam.d/smtp文件,加入以下2行内容(数据库的用户名密码需做相应更改)
vi /etc/pam.d/smtp
#/etc/pam.d/smtp文件的部分内容 auth required pam_mysql.so user=mail_admin passwd=mail_admin_password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1 account sufficient pam_mysql.so user=mail_admin passwd=mail_admin_password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
创建/etc/postfix/sasl/smtpd.conf文件,加入以下内容(数据库的用户名密码需做相应更改)
vi /etc/postfix/sasl/smtpd.conf
#/etc/postfix/sasl/smtpd.conf文件的部分内容 pwcheck_method: saslauthd mech_list: plain login allow_plaintext: true auxprop_plugin: mysql sql_hostnames: 127.0.0.1 sql_user: mail_admin sql_passwd: mail_admin_password sql_database: mail sql_select: select password from users where email = '%u'
创建2个用户
adduser postfix sasl
重启postfix和saslauth
/etc/init.d/postfix restart /etc/init.d/saslauthd restart
配置Courier
告诉courier应该从mysql来进行认证,修改/etc/courier/authdaemonrc,将authmodulelist改成“authmysql”
vi /etc/courier/authdaemonrc
#/etc/courier/authdaemonrc的部分内容 authmodulelist="authmysql"
修改/etc/courier/authmysqlrc文件,先备份一下,然后把文件清空,并输入新的内容
cp /etc/courier/authmysqlrc /etc/courier/authmysqlrc_orig cat /dev/null > /etc/courier/authmysqlrc vi /etc/courier/authmysqlrc
#/etc/courier/authmysqlrc的全部内容 MYSQL_SERVER localhost MYSQL_USERNAME mail_admin MYSQL_PASSWORD mail_admin_password MYSQL_PORT 0 MYSQL_DATABASE mail MYSQL_USER_TABLE users MYSQL_CRYPT_PWFIELD password #MYSQL_CLEAR_PWFIELD password MYSQL_UID_FIELD 5000 MYSQL_GID_FIELD 5000 MYSQL_LOGIN_FIELD email MYSQL_HOME_FIELD "/home/vmail" MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') #MYSQL_NAME_FIELD MYSQL_QUOTA_FIELD quota
自从ssl证书装好后,IMAP和POP3的ssl证书已经创建了,不过都是以CN为localhost来建立的,所以我们要改成以域名来重新生成 先删除原来生成的证书
cd /etc/courier rm -f /etc/courier/imapd.pem rm -f /etc/courier/pop3d.pem
然后配置imapd.cnf和pop3d.cnf这两个配置文件,将"CN="对应的localhost改成类似mail.abc.com
vi /etc/courier/imapd.cnf vi /etc/courier/pop3d.cnf
#/etc/courier/imapd.cnf和/etc/courier/pop3.cnf的部分内容 CN=mail.abc.com
用一下命令来重新生成证书
mkimapdcert mkpop3dcert
最后重启courier
/etc/init.d/courier-authdaemon restart /etc/init.d/courier-imap restart /etc/init.d/courier-imap-ssl restart /etc/init.d/courier-pop restart /etc/init.d/courier-pop-ssl restart
测试pop3
telnet localhost pop3
以下显示为配置正确
Trying ::1... Connected to localhost.localdomain. Escape character is '^]'. +OK Hello there. quit +OK Better luck next time. Connection closed by foreign host.
修改/etc/aliases
vi /etc/aliases
改成以下内容
[...] postmaster: root root: [email protected] [...]
或这个样子
[...] postmaster: root root: administrator [...]
每当你修改过aliases后,都要运行newaliases来进行刷新生效
newaliases
重启postfix
/etc/init.d/postfix restart
安装amavisd-new, SpamAssassin, And ClamAV
用以下命令进行安装
install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 libnet-ph-perl libnet-snpp-perl libnet-telnet-perl nomarch lzop pax
装完后,AppArmor可能还会回来,需要再删除一次
/etc/init.d/apparmor stop update-rc.d -f apparmor remove aptitude remove apparmor apparmor-utils
配置amavisd-new
修改配置文件15-content_filter_mode
vi /etc/amavis/conf.d/15-content_filter_mode
把它改成如下这个样子,一般为取消掉4行注释
use strict; # You can modify this file to re-enable SPAM checking through spamassassin # and to re-enable antivirus checking. # # Default antivirus checking mode # Please note, that anti-virus checking is DISABLED by # default. # If You wish to enable it, please uncomment the following lines: @bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); # # Default SPAM checking mode # Please note, that anti-spam checking is DISABLED by # default. # If You wish to enable it, please uncomment the following lines: @bypass_spam_checks_maps = ( \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); 1; # ensure a defined return
修改配置文件20-debian_defaults
vi /etc/amavis/conf.d/20-debian_defaults
改成如下的样子,正常情况一般不需要修改就已经是这个样子了
[...] $QUARANTINEDIR = "$MYHOME/virusmails"; $quarantine_subdir_levels = 1; # enable quarantine dir hashing $log_recip_templ = undef; # disable by-recipient level-0 log entries $DO_SYSLOG = 1; # log via syslogd (preferred) $syslog_ident = 'amavis'; # syslog ident tag, prepended to all messages $syslog_facility = 'mail'; $syslog_priority = 'debug'; # switch to info to drop debug output, etc $enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny) $enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1 $inet_socket_port = 10024; # default listening socket $sa_spam_subject_tag = '***SPAM*** '; $sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level $sa_kill_level_deflt = 6.31; # triggers spam evasive actions $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent [...] $final_virus_destiny = D_DISCARD; # (data not lost, see virus quarantine) $final_banned_destiny = D_BOUNCE; # D_REJECT when front-end MTA $final_spam_destiny = D_BOUNCE; $final_bad_header_destiny = D_PASS; # False-positive prone (for spam) [...]
修改配置文件50-user
vi /etc/amavis/conf.d/50-user
改成如下样子,一般为添加一行 $pax='pax';
use strict; # # Place your configuration directives here. They will override those in # earlier files. # # See /usr/share/doc/amavisd-new/ for documentation and examples of # the directives you can use in this file # $pax='pax'; #------------ Do not modify anything below this line ------------- 1; # ensure a defined return
添加clamav和amavis用户,并重启这2个服务
adduser clamav amavis /etc/init.d/amavis restart /etc/init.d/clamav-daemon restart /etc/init.d/clamav-freshclam restart
配置postfix,使postfix使用clamav和amavis
postconf -e 'content_filter = amavis:[127.0.0.1]:10024' postconf -e 'receive_override_options = no_address_mappings'
修改postfix的master.cf文件,在文件末尾加上如下内容
vi /etc/postfix/master.cf
[...] amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_bind_address=127.0.0.1
重启postfix
/etc/init.d/postfix restart
检查是否成功运行
netstat -tap
如有下面显示表示成功,你应该能看到postfix的master监听10025口和25口,amavisd监听10024口,
Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:www *:* LISTEN 3497/apache2 tcp 0 0 *:ssh *:* LISTEN 563/sshd tcp 0 0 *:smtp *:* LISTEN 21685/master tcp 0 0 localhost.localdo:10024 *:* LISTEN 20534/amavisd (mast tcp 0 0 localhost.localdo:10025 *:* LISTEN 21685/master tcp 0 0 localhost.localdo:mysql *:* LISTEN 2726/mysqld tcp 0 52 server1.example.com:ssh 192.168.0.199:3488 ESTABLISHED 651/0 tcp6 0 0 [::]:imap2 [::]:* LISTEN 17866/couriertcpd tcp6 0 0 [::]:ssh [::]:* LISTEN 563/sshd tcp6 0 0 [::]:imaps [::]:* LISTEN 17899/couriertcpd tcp6 0 0 [::]:pop3s [::]:* LISTEN 17959/couriertcpd tcp6 0 0 [::]:pop3 [::]:* LISTEN 17926/couriertcpd
安装Razor, Pyzor And DCC 并配置 SpamAssassin
安装razor和pyzor
apt-get install razor pyzor
安装DCC,因DCC无法用apt-get安装,所以用源代码编译安装
cd /tmp wget http://www.dcc-servers.net/dcc/source/dcc-dccproc.tar.Z tar xzvf dcc-dccproc.tar.Z cd dcc-dccproc-1.3.134 ./configure --with-uid=amavis make make install chown -R amavis:amavis /var/dcc ln -s /var/dcc/libexec/dccifd /usr/local/bin/dccifd
现在我们告诉spamassassin来使用上面三个程序
vi /etc/spamassassin/local.cf
[...] #dcc use_dcc 1 dcc_path /usr/local/bin/dccproc #pyzor use_pyzor 1 pyzor_path /usr/bin/pyzor #razor use_razor2 1 razor_config /etc/razor/razor-agent.conf #bayes use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1
现在我们需要将spamassassin的DCC插件生效,修改/etc/spamassassin/v310.pre,打开相关行的注释,如下
[...] # DCC - perform DCC message checks. # # DCC is disabled here because it is not open source. See the DCC # license for more details. # loadplugin Mail::SpamAssassin::Plugin::DCC [...]
检查spamassassin配置是否成功,如果没有任何显示,表示成功
spamassassin --lint
重启amavisd-new
/etc/init.d/amavis restart
更新spamassassin列表
sa-update --no-gpg
添加计划任务
crontab -e
改成下面的样子,每2天的4点23分进行更新
23 4 */2 * * /usr/bin/sa-update --no-gpg &> /dev/null
创建配额警告脚本
在/usr/local/sbin/下创建quota_notify
cd /usr/local/sbin/ vi quota_notify
很长先不写了
添加执行权限
chmod 755 quota_notify
添加计划任务
crontab -e
改成下面的样子,每天0点检查
0 0 * * * /usr/local/sbin/quota_notify &> /dev/null