本文介绍使用FreeBSD+Postfix+Mysql+cyrus-sasl+Courier-ima+Maildrop+spamassasin+clamav来架构一个具有多域名,有webmail防病毒和垃圾邮件并有web管理界面的邮件系统。实现发邮件数量限制。类似于163的那种,一天只能发多少封邮件。
Jacky, $Revision: 5.5 bate $Date: 2007-12-13
系统主要采用Maildrop + spamassassin + clamav来对病毒过滤和垃圾邮件过滤。
本文在5.3、5.4、5.5、6.0、6.1、6.2上安装测试通过,病毒过滤放弃采用MailScanner。主要采用执行效率更高的Maildrop来对邮件过滤和垃圾邮件过滤,配置更容易,并且降低了系统开消。让系统更加稳定,经过严格病毒邮件测试成功率达到了98%。垃圾邮件过滤基本上达到了85%的成功率。
目 录
1、软件安装
1.1 系统安装
1.2 同步ports
1.3 安装MySQL
1.4 安装Lighttpd
1.5 安装PHP
1.6 安装PHP扩展
1.7 安装PHPmyadmin
1.8 安装Cyrus-sasl2
1.9 安装Postfix
1.10 安装Courier-imap
1.11 安装Maildrop
1.12 安装Spamassassin
1.13 安装clamav
1.14 安装milter-limit
2、配置系统
2.1 配置lighttpd
2.2 配置sasl2
2.3 配置courier-authlib
2.4 配置postfix
2.5 修改配额警告信息
2.6 配置spamassassin
2.7 配置maildroprc规则
2.8 配置milter-limit
2.9 access.db生成脚本
3、Webmail和webadmin安装
3.1 导入数据库
3.2 配置管理工具
3.3 配置webmail
3.4 创建目录
4、启动服务
5、测试邮件系统
5.1测试邮件收发
5.1.1 生成用户base64编码
5.1.2 生成密码base64编码
5.2 测试验证与发送
5.3 测试pop
6、Webmail截图
系统安装
FreeBSD6.2
详见安装手册
http://cnsnap.cn.freebsd.org/doc/zh_CN.GB2312/books/handbook/install.html
同步ports
mail# csup -g -L 2 -h cvsup.tw.freebsd.org /usr/share/examples/cvsup/ports-supfile
安装MySQL
mail# cd /usr/ports/databases/mysql50-server
mail# make install WITH_CHARSET=utf8 WITH_XCHARSET=all BUILD_OPTIMIZED=yes BUILD_STATIC=yes WITH_NDB=yes clean
mail# echo 'mysql_enable="YES"' >> /etc/rc.conf
mail# /usr/local/etc/rc.d/mysql-server start
安装Lighttpd
mail# pw adduser vmail -u 1003 -d /var/empty -s /sbin/nologin
mail# cd /usr/ports/www/lighttpd/
mail# make install clean
Options for lighttpd 1.4.18_1
[X] BZIP2 Enable Bzip2 support
[X] CML Enable Cache Meta Language support
[ ] FAM Enable fam/gamin support
[ ] GDBM Enable gdbm storage support
[ ] IPV6 Enable IPV6 support
[X] MAGNET Enable magnet support
[X] MEMCACHE Enable memcached storage support
[X] MYSQL Enable MYSQL support
[ ] OPENLDAP Enable LDAP support
[X] OPENSSL Enable SSL support
[ ] VALGRIND Enable valgrind support
mail# echo 'lighttpd_enable="YES"' >> /etc/rc.conf
安装PHP
mail# cd /usr/ports/lang/php5
mail# make install clean
Options for php5 5.2.5
[X] CLI Build CLI version
[X] CGI Build CGI version
[ ] APACHE Build Apache module
[ ] DEBUG Enable debug
[X] SUHOSIN Enable Suhosin protection system (not for jails)
[X] MULTIBYTE Enable zend multibyte support
[ ] IPV6 Enable ipv6 support
[X] MAILHEAD Enable mail header patch
[ ] REDIRECT Enable force-cgi-redirect support (CGI only)
[ ] DISCARD Enable discard-path support (CGI only)
[X] FASTCGI Enable fastcgi support (CGI only)
[X] PATHINFO Enable path-info-check support (CGI only)
安装PHP扩展
mail# cd /usr/ports/lang/php5-extensions
mail# make install clean
Options for php5-extensions 1.1
[X] BCMATH bc style precision math functions
[X] BZ2 bzip2 library support
[X] CALENDAR calendar conversion support
[X] CTYPE ctype functions
[X] CURL CURL support
[ ] DBA dba support
[ ] DBASE dBase library support
[X] DOM DOM support
[ ] EXIF EXIF support
[ ] FILEINFO fileinfo support
[X] FILTER input filter support
[ ] FRIBIDI FriBidi support
[X] FTP FTP support
[X] GD GD library support
[ ] GETTEXT gettext library support
[ ] GMP GNU MP support
[X] HASH HASH Message Digest Framework
[X] ICONV iconv support
[X] IMAP IMAP support
[ ] INTERBASE Interbase 6 database support (Firebird)
[X] JSON JavaScript Object Serialization support
[ ] LDAP OpenLDAP support
[X] MBSTRING multibyte string support
[X] MCRYPT Encryption support
[X] MHASH Crypto-hashing support
[ ] MING ming shockwave flash support
[ ] MSSQL MS-SQL database support
[X] MYSQL MySQL database support
[ ] MYSQLI MySQLi database support
[X] NCURSES ncurses support (CLI only)
[ ] ODBC unixODBC support
[ ] OPENSSL OpenSSL support
[X] PCNTL pcntl support (CLI only)
[X] PCRE Perl Compatible Regular Expression support
[ ] PDF PDFlib support (implies GD)
[X] PDO PHP Data Objects Interface (PDO)
[X] PDO_SQLITE PDO sqlite driver
[ ] PGSQL PostgreSQL database support
[X] POSIX POSIX-like functions
[ ] PSPELL pspell support
[ ] READLINE readline support (CLI only)
[ ] RECODE recode support
[X] SESSION session support
[ ] SHMOP shmop support
[X] SIMPLEXML simplexml support
[ ] SNMP SNMP support
[ ] SOAP SOAP support
[ ] SOCKETS sockets support
[X] SPL Standard PHP Library
[X] SQLITE sqlite support
[ ] SYBASE_CT Sybase database support
[ ] SYSVMSG System V message support
[ ] SYSVSEM System V semaphore support
[ ] SYSVSHM System V shared memory support
[ ] TIDY TIDY support
[X] TOKENIZER tokenizer support
[ ] WDDX WDDX support (implies XML)
[X] XML XML support
[X] XMLREADER XMLReader support
[ ] XMLRPC XMLRPC-EPI support
[X] XMLWRITER XMLWriter support
[ ] XSL XSL support (Implies DOM)
[ ] YAZ YAZ support (ANSI/NISO Z39.50)
[X] ZIP ZIP support
[X] ZLIB ZLIB support
安装PHPmyadmin
mail# cd /usr/ports/databases/phpmyadmin
mail# make fetch
mail# cd /usr/ports/distfiles/
mail# tar -zxf phpMyAdmin-2.11.2.2-all-languages.tar.bz2
mail# mv phpMyAdmin-2.11.2.2-all-languages /usr/local/www/data/dbadmin
浏览地址
http://192.168.138.128/dbadmin/
安装Cyrus-sasl2
mail# cd /usr/ports/security/cyrus-sasl2
mail# make install clean
Options for cyrus-sasl 2.1.22
[ ] BDB Use Berkeley DB
[X] MYSQL Use MySQL
[ ] PGSQL Use PostgreSQL
[ ] SQLITE Use SQLite
[ ] DEV_URANDOM Use /dev/urandom
[ ] ALWAYSTRUE Enable the alwaystrue password verifier
[ ] KEEP_DB_OPEN Keep handle to Berkeley DB open
[X] AUTHDAEMOND Enable use of authdaemon
[X] LOGIN Enable LOGIN authentication
[X] PLAIN Enable PLAIN authentication
[X] CRAM Enable CRAM-MD5 authentication
[X] DIGEST Enable DIGEST-MD5 authentication
[ ] OTP Enable OTP authentication
[ ] NTLM Enable NTLM authentication
安装Postfix
mail# cd /usr/ports/mail/postfix
mail# make install clean
Options for postfix 2.4.6,1
[X] PCRE Perl Compatible Regular Expressions
[X] SASL2 Cyrus SASLv2 (Simple Auth. and Sec. Layer)
[ ] DOVECOT Dovecot SASL authentication method
[ ] SASLKRB If your SASL req. Kerberos select this option
[ ] SASLKRB5 If your SASL req. Kerberos5 select this option
[ ] SASLKMIT If your SASL req. MIT Kerberos5 select this option
[X] TLS Enable SSL and TLS support
[ ] BDB Berkeley DB (choose version with WITH_BDB_VER)
[X] MYSQL MySQL maps (choose version with WITH_MYSQL_VER)
[ ] PGSQL PostgreSQL maps (choose with DEFAULT_PGSQL_VER)
[ ] OPENLDAP OpenLDAP maps (choose ver. with WITH_OPENLDAP_VER)
[ ] CDB CDB maps lookups
[ ] NIS NIS maps lookups
[ ] VDA VDA (Virtual Delivery Agent)
[ ] TEST SMTP/LMTP test server and generator
mail# echo 'sendmail_enable="NO"' >> /etc/rc.conf
mail# echo 'sendmail_submit_enable="NO"' >> /etc/rc.conf
mail# echo 'sendmail_outbound_enable="NO"' >> /etc/rc.conf
mail# echo 'sendmail_msp_queue_enable="NO"' >> /etc/rc.conf
mail# echo 'postfix_enable="YES"' >> /etc/rc.conf
安装Courier-imap
mail# cd /usr/ports/mail/courier-imap
mail# make install clean
Options for courier-imap 4.3.0
[X] OPENSSL Build with OpenSSL support
[ ] FAM Build in fam support for IDLE command
[ ] DRAC Build in DRAC support
[X] TRASHQUOTA Include deleted mails in the quota
[ ] GDBM Use gdbm db instead of system bdb
[ ] IPV6 Build with IPv6 support
[ ] AUTH_LDAP LDAP support
[X] AUTH_MYSQL MySQL support
[ ] AUTH_PGSQL PostgreSQL support
[ ] AUTH_USERDB Userdb support
[ ] AUTH_VCHKPW Vpopmail/vchkpw support
mail# echo 'courier_authdaemon="YES"' >> /etc/rc.conf
mail# echo 'courier_imap_imapd_enable="YES"' >> /etc/rc.conf
mail# echo 'courier_imap_pop3d_enable="YES"' >> /etc/rc.conf
mail# chmod +x /var/run/authdaemond/
安装Maildrop
mail# cd /usr/ports/mail/maildrop
mail# make WITH_AUTHLIB=yes install clean
Options for maildrop 2.0.4
[ ] AUTH_LDAP LDAP support
[X] AUTH_MYSQL MySQL support
[ ] AUTH_PGSQL PostgreSQL support
[ ] AUTH_USERDB Userdb support
[ ] AUTH_VCHKPW Vpopmail/vchkpw support
安装Spamassassin
mail# cd /usr/ports/mail/p5-Mail-SpamAssassin
mail# make install clean
Options for p5-Mail-SpamAssassin 3.2.3
[X] AS_ROOT Run spamd as root (recommended)
[X] SPAMC Build spamd/spamc (not for amavisd)
[X] SACOMPILE sa-compile
[X] DKIM DKIM/DomainKeys Identified Mail
[X] SSL Build with SSL support for spamd/spamc
[X] GNUPG Install GnuPG (for sa-update)
[X] MYSQL Add MySQL support
[ ] PGSQL Add PostreSQL support
[X] RAZOR Add Vipul's Razor support
[X] SPF_QUERY Add SPF query support
[X] RELAY_COUNTRY Relay country support
echo 'spamd_enable="YES"' >> /etc/rc.conf
echo 'spamd_flags="-m 40 -u spamd -H /var/spool/spamd"' >> /etc/rc.conf
安装clamav
mail# cd /usr/ports/security/clamav
mail# make install clean
echo 'clamav_clamd_enable="YES"' >> /etc/rc.conf
echo 'clamav_freshclam_enable="YES"' >> /etc/rc.conf
安装milter-limit
mail# cd /usr/ports/databases/db43
mail# make install clean
mail# cd /usr/ports/mail/sendmail
mail# make fetch
mail# cd /usr/ports/distfiles/
mail# tar -zxf sendmail.8.14.2.tar.gz
mail# cd sendmail-8.14.2/
mail# sh Build -c
mail# sh Build install
mail# cd /usr/home/jacky/src/com/snert/src/lib
mail# ./configure --prefix=/usr/local/snert --with-db=/usr/local/include/db43
mail# make build
mail# cd ../milter-limit
mail# ./configure --enable-run-user=postfix --enable-run-group=postfix
mail# make build
mail# make install
配置系统
配置lighttpd
mail# mkdir /usr/local/www/data/
mail# mkdir /var/run/lighttpd/
mail# chown -R vmail:vmail /var/run/lighttpd
mail# touch /var/log/lighttpd.access.log
mail# chown -R vmail:vmail /var/log/lighttpd.access.log
mail# chmod 755 /var/log/lighttpd.access.log
mail# chown vmail:vmail /var/log/lighttpd.error.log
配置文件lighttpd.conf
mail# ee /usr/local/etc/lighttpd.conf
复制内容到剪贴板
代码:
server.modules = (
"mod_rewrite",
"mod_redirect",
"mod_alias",
"mod_access",
"mod_cml",
"mod_status",
"mod_fastcgi",
"mod_evhost",
"mod_compress",
"mod_expire",
"mod_secdownload",
"mod_accesslog" )
server.document-root = "/usr/local/www/data/"
server.errorlog = "/var/log/lighttpd.error.log"
index-file.names = ( "index.php", "index.html",
"index.htm", "default.htm" )
server.event-handler = "freebsd-kqueue" # needed on OS X
mimetype.assign = (
".pdf" => "application/pdf",
".sig" => "application/pgp-signature",
".spl" => "application/futuresplash",
".class" => "application/octet-stream",
".ps" => "application/postscript",
".torrent" => "application/x-bittorrent",
".dvi" => "application/x-dvi",
".gz" => "application/x-gzip",
".pac" => "application/x-ns-proxy-autoconfig",
".swf" => "application/x-shockwave-flash",
".tar.gz" => "application/x-tgz",
".tgz" => "application/x-tgz",
".tar" => "application/x-tar",
".zip" => "application/zip",
".mp3" => "audio/mpeg",
".m3u" => "audio/x-mpegurl",
".wma" => "audio/x-ms-wma",
".wax" => "audio/x-ms-wax",
".ogg" => "application/ogg",
".wav" => "audio/x-wav",
".gif" => "image/gif",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".png" => "image/png",
".xbm" => "image/x-xbitmap",
".xpm" => "image/x-xpixmap",
".xwd" => "image/x-xwindowdump",
".css" => "text/css",
".html" => "text/html",
".htm" => "text/html",
".js" => "text/javascript",
".asc" => "text/plain",
".c" => "text/plain",
".cpp" => "text/plain",
".log" => "text/plain",
".conf" => "text/plain",
".text" => "text/plain",
".txt" => "text/plain",
".dtd" => "text/xml",
".xml" => "text/xml",
".mpeg" => "video/mpeg",
".mpg" => "video/mpeg",
".mov" => "video/quicktime",
".qt" => "video/quicktime",
".avi" => "video/x-msvideo",
".asf" => "video/x-ms-asf",
".asx" => "video/x-ms-asf",
".wmv" => "video/x-ms-wmv",
".bz2" => "application/x-bzip",
".tbz" => "application/x-bzip-compressed-tar",
".tar.bz2" => "application/x-bzip-compressed-tar",
"" => "application/octet-stream",
)
accesslog.filename = "/var/log/lighttpd.access.log"
url.access-deny = ( "~", ".inc" )
$HTTP["url"] =~ "\.pdf$" {
server.range-requests = "disable"
}
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
server.pid-file = "/var/run/lighttpd.pid"
server.username = "vmail"
server.groupname = "vmail"
fastcgi.server = ( ".php" =>
( "localhost" =>
(
"socket" => "/var/run/lighttpd/php-fastcgi.socket",
"bin-path" => "/usr/local/bin/php-cgi"
)
)
)配置sasl2
mail# ee /usr/local/lib/sasl2/smtpd.conf
复制内容到剪贴板
代码:
pwcheck_method: auxprop
auxprop_plugin: sql
allowanonymouslogin: no
allowplaintext: yes
mech_list: PLAIN LOGIN
srp_mda: md5
password_format: crypt
sql_user: tmail
sql_passwd: tmail
sql_hostnames: localhost
sql_database: tmail
sql_select: select crypt from tmail_users where email='%u@%r' and smtpaccess='Y'配置courier-authlib
mail# ee /usr/local/etc/authlib/authdaemonrc
复制内容到剪贴板
代码:
authmodulelist="authmysql"
authmodulelistorig="authmysql"
daemons=5
authdaemonvar=/var/run/authdaemond
subsystem=mail
DEBUG_LOGIN=2
DEFAULTOPTIONS="wbnodsn=1"
LOGGEROPTS=""mail# ee /usr/local/etc/authlib/authmysqlrc
复制内容到剪贴板
代码:
MYSQL_SERVER localhost
MYSQL_USERNAME tmail
MYSQL_PASSWORD tmail
MYSQL_PORT 0
MYSQL_OPT 0
MYSQL_DATABASE tmail
MYSQL_USER_TABLE tmail_users
MYSQL_CRYPT_PWFIELD crypt
#MYSQL_CLEAR_PWFIELD clear
MYSQL_UID_FIELD uid
MYSQL_GID_FIELD gid
MYSQL_LOGIN_FIELD email
MYSQL_HOME_FIELD homedir
MYSQL_NAME_FIELD realname
MYSQL_MAILDIR_FIELD maildir
MYSQL_QUOTA_FIELD quota
MYSQL_AUXOPTIONS_FIELD CONCAT("disableimap=",disableimap,",disablepop3=",disablepop3,",disablewebmail=",disablewebmail,",sharedgroup=",sharedgroup)
MYSQL_WHERE_CLAUSE access='y'配置postfix
mail# mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF
mail# ln -s /usr/local/sbin/sendmail /usr/sbin/sendmail
mail# chmod 755 /usr/sbin/sendmail
mail# ee /usr/local/etc/postfix/main.cf
在结尾加入下面的内容
复制内容到剪贴板
代码:
#-----------------New Add lines--------------------------------------------------
smtpd_recipient_limit = 15
bounce_queue_lifetime = 12h
maximal_queue_lifetime = 24h
myhostname = postfix.cn
smtp_helo_name = $myhostname
local_transport = maildrop
mailbox_transport = maildrop
#disable_dns_lookups = yes
smtpd_error_sleep_time = 0
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
default_process_limit = 500
mydestination = mysql:/usr/local/etc/postfix/mysql/mysql-mydest.cf
virtual_transport_maps = mysql:/usr/local/etc/postfix/mysql/mysql-transport.cf
#virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql/mysql-virtual.cf
virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql/mysql-alias.cf
recipient_bcc_maps = mysql:/usr/local/etc/postfix/mysql/mysql-autobbc-in.cf
sender_bcc_maps = mysql:/usr/local/etc/postfix/mysql/mysql-autobbc-out.cf
local_recipient_maps = $virtual_mailbox_maps $virtual_maps
virtual_mailbox_base = /var/mail
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql/mysql-virtual-maps.cf
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_maildir_suffix = Maildir/
virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/mysql/mysql-virtual-quota.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes
virtual_uid_maps = mysql:/usr/local/etc/postfix/mysql/mysql-virtual-uid.cf
virtual_gid_maps = mysql:/usr/local/etc/postfix/mysql/mysql-virtual-gid.cf
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_client_access mysql:/usr/local/etc/postfix/mysql/mysql-access.cf,
permit_auth_destination,
reject
smtpd_sender_login_maps = mysql:/usr/local/etc/postfix/mysql/mysql-smtpd-login.cf
smtpd_reject_unlisted_sender = yes
smtpd_sender_restrictions =
reject_non_fqdn_sender,
reject_unknown_sender_domain,
# reject_unknown_client,
check_sender_access mysql:/usr/local/etc/postfix/mysql/mysql-access.cf,
reject_sender_login_mismatch,
reject_authenticated_sender_login_mismatch,
reject_unauthenticated_sender_login_mismatch,
permit
smtpd_recipient_restrictions =
permit_mynetworks,
check_client_access mysql:/usr/local/etc/postfix/mysql/mysql-access.cf,
permit_sasl_authenticated,
reject_unknown_hostname,
reject_unknown_sender_domain,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_unauth_destination,
# reject_rbl_client cblless.anti-spam.org.cn,
permit
default_destination_recipient_limit = 1
local_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
message_size_limit = 104857600
#smtpd_milters = unix:/var/run/milter/milter-limit.socket
smtpd_recipient_limit = 10
bounce_queue_lifetime = 12h
maximal_queue_lifetime = 24h
smtpd_peername_lookup = no
smtpd_delay_reject = yes
smtpd_proxy_timeout = 180s
smtpd_helo_required = yes
strict_rfc821_envelopes = yesmail# ee /usr/local/etc/postfix/mysql/mysql-access.cf
复制内容到剪贴板
代码:
hosts = localhost
user = tmail
password = tmail
dbname = tmail
query = select access from tmail_access where source='%s'mail# ee /usr/local/etc/postfix/mysql/mysql-alias.cf
复制内容到剪贴板
代码:
hosts = localhost
user = tmail
password = tmail
dbname = tmail
table = tmail_virtual
query = select alias from tmail_users where email = '%s'mail# ee /usr/local/etc/postfix/mysql/mysql-autobbc-in.cf
复制内容到剪贴板
代码:
hosts = localhost
user = tmail
password = tmail
dbname = tmail
query = select autobbc from tmail_autobbc where email = '%s' AND come='1'mail# ee /usr/local/etc/postfix/mysql/mysql-autobbc-out.cf
复制内容到剪贴板
代码:
hosts = localhost
user = tmail
password = tmail
dbname = tmail
query = select autobbc from tmail_autobbc where email = '%s' AND `out`='1'mail# ee /usr/local/etc/postfix/mysql/mysql-autobbc.cf
复制内容到剪贴板
代码:
hosts = localhost
user = tmail
password = tmail
dbname = tmail
query = select autobbc from tmail_autobbc where email = '%s'mail# ee /usr/local/etc/postfix/mysql/mysql-mydest.cf
复制内容到剪贴板
代码:
hosts = localhost
user = tmail
password = tmail
dbname = tmail
table = tmail_domaininfo
query = select domain from tmail_domaininfo where domain='%s' AND yesno='1'mail# ee /usr/local/etc/postfix/mysql/mysql-smtpd-login.cf
复制内容到剪贴板
代码:
hosts = localhost
user = tmail
password = tmail
dbname = tmail
query = select email from tmail_users where email = '%s'mail# ee /usr/local/etc/postfix/mysql/mysql-transport.cf
复制内容到剪贴板
代码:
hosts = localhost
user = tmail
password = tmail
dbname = tmail
table = tmail_domaininfo
query = select transport from tmail_domaininfo where domain = '%s'mail# ee /usr/local/etc/postfix/mysql/mysql-virtual-gid.cf
复制内容到剪贴板
代码:
hosts = localhost
user = tmail
password = tmail
dbname = tmail
table = tmail_users
query = select gid from tmail_users where email = '%s'mail# ee /usr/local/etc/postfix/mysql/mysql-virtual-maps.cf
复制内容到剪贴板
代码:
hosts = localhost
user = tmail
password = tmail
dbname = tmail
table = tmail_users
query = select maildir from tmail_users where email = '%s'mail# ee /usr/local/etc/postfix/mysql/mysql-virtual-quota.cf
复制内容到剪贴板
代码:
hosts = localhost
user = tmail
password = tmail
dbname = tmail
table = tmail_users
query = select quota from tmail_users where email='%s'mail# ee /usr/local/etc/postfix/mysql/mysql-virtual-uid.cf
复制内容到剪贴板
代码:
hosts = localhost
user = tmail
password = tmail
dbname = tmail
table = tmail_users
query = select uid from tmail_users where email = '%s'mail# ee /usr/local/etc/postfix/mysql/mysql-virtual.cf
复制内容到剪贴板
代码:
hosts = localhost
user = tmail
password = tmail
dbname = tmail
table = tmail_virtual
query = select destination from tmail_virtual where email='%s'mail# ee /usr/local/etc/postfix/master.cf
注释掉Maildrop的行,并修改成下面的参数
复制内容到剪贴板
代码:
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -w 90 -d ${user}@${nexthop} ${extension} ${recipient} ${user} ${nexthop} ${sender}修改配额警告信息
mail# mv /usr/local/etc/quotawarnmsg.sample /usr/local/etc/quotawarnmsg
mail# ee /usr/local/etc/quotawarnmsg
复制内容到剪贴板
代码:
X-Comment: Rename/Copy this file to quotawarnmsg, and make appropriate changes
X-Comment: See deliverquota man page for more information
From: 系统管理员<webmaster@postfix.cn>
Reply-To: webmaster@postfix.cn
To: Valued Customer:;
Subject: 邮件配额警告
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
你的邮箱空间已到90%,如果你想正常使用,请从你的邮箱清除一些邮件.
Your mailbox on the server is now more than 90% full. So that you can continue
to receive mail you need to remove some messages from your mailbox.配置spamassassin
mail# ee /usr/local/etc/mail/spamassassin/local.cf
复制内容到剪贴板
代码:
rewrite_header Subject [SPAM]
report_safe 0
required_score 10.0
use_bayes 1
bayes_auto_learn 1配置maildroprc规则
mail# cat /usr/local/etc/maildroprc
复制内容到剪贴板
代码:
#logfile "/var/log/maildrop.log"
SENDER="$5"
DOMAIN="$4"
USERS="$3"
USER=$USERS@$DOMAIN
#$LOGNAME
#`echo $LOGNAME >> /tmp/sender`
#`echo $SENDER >> /tmp/sender`
exception {
VIRUS_TAG=`/usr/local/bin/clamdscan -V`
VIRUS_TAG="$VIRUS_TAG on $HOSTNAME"
xfilter "/usr/local/bin/reformail -A 'X-Virus-Checker-Version: $VIRUS_TAG'"
xfilter "/usr/local/bin/reformail -A 'X-Virus-Status: Clean'"
}
#blacklist
`/bin/test -f $HOME/.blacklist`
if ($RETURNCODE==0)
{
if ($SENDER ne '' && lookup($SENDER, '.blacklist'))
{
`/usr/local/bin/maildirmake -f Spamd "$DEFAULT"`
to $HOME/Maildir/.Spamd/
}
}
#whitelist
`/bin/test -f $HOME/.whitelist`
if ($RETURNCODE==0)
{
if ($SENDER ne '' && lookup($SENDER, '.whitelist'))
{
to $HOME/Maildir/
}
}
if ($SIZE < 102400)
{
exception {
# xfilter "/usr/local/bin/spamassassin --prefspath=$HOME/user_prefs"
xfilter "/usr/local/bin/spamc -f -u $LOGNAME"
}
}
else
{
to $HOME/Maildir/
}
#垃圾邮件过滤
if (/^X-Spam-Status: Yes/ )
{
`/usr/local/bin/maildirmake -f Spamd "$DEFAULT"`
to $HOME/Maildir/.Spamd/
}
#病毒邮件过滤
if (`/usr/local/bin/clamscan --no-summary --stdout --unzip --unrar - | grep -c 'FOUND'` == 1)
{
to "./Maildir/.Spamd"
}
#自动回复
`/bin/test -f $HOME/autoreply.cf`
if ($RETURNCODE==0)
{
exception {
cc "| mailbot -A 'X-Sender: $FROM' -A 'From: $FROM' -m '$HOME/autoreply.cf' $SENDMAIL -t -f $FROM''"
}
}Webmail和webadmin安装
导入数据库
mail# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 108
Server version: 5.0.51 FreeBSD port: mysql-server-5.0.51
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> create database mail;
Query OK, 1 row affected (0.02 sec)
mysql> CREATE USER 'tmail'@'localhost' IDENTIFIED BY 'tmail;
mysql> GRANT USAGE ON * . * TO 'tmail'@'localhost' IDENTIFIED BY 'tmail' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
mysql> GRANT ALL PRIVILEGES ON `tmail` . * TO 'tmail'@'localhost' WITH GRANT OPTION ;
mysql> quit
mysql> mysql -u tmail -ptmail tmail < tmail.sql
配置管理工具
mail# ee /usr/local/www/data/mail/webadmin/config/config.inc.php
复制内容到剪贴板
代码:
<?php
define(MAILDIR,"/var/mail");
define(MISC, ".misc");
define(MODE,0700);
$PageSize = 15;
$host = "localhost";
$user = "tmail";
$dbname = "tmail";
$password = "tmail";
$link = mysql_connect($host,$user,$password) or die(mysql_error());
mysql_select_db($dbname,$link) or die (mysql_error());
mysql_query("set names 'GBK'");
//mysql_query(set query gbk);
?>配置webmail
mail# ee /usr/local/www/data/mail/config/config.inc.php
复制内容到剪贴板
代码:
$CFG_BASEPATH = "/tmp/tmail/temp";
// Mysql
define(MYSQL_HOST, 'localhost');
define(MYSQL_USER, 'tmail');
define(MYSQL_PASS, 'tmail');
define(MYSQL_DATA, 'tmail');
$CFG_NETDISK_PATH = "/var/mail/netdisk";创建目录
mail# mv /var/mail /var/mail.OFF
mail# mkdir /var/mail
mail# chown -R vmail:vmail /var/mail
mail# mkdir -p /tmp/tmail/temp
mail# chown -R vmail:vmail /tmp/tmail/temp
启动服务
mail# /usr/local/etc/rc.d/postfix start
mail# /usr/local/etc/rc.d/mysql-server start
mail# /usr/local/etc/rc.d/lighttpd start
mail# /usr/local/etc/rc.d/clamav-clamd start
mail# /usr/local/etc/rc.d/clamav-freshclam start
mail# /usr/local/etc/rc.d/courier-authdaemond start
mail# /usr/local/etc/rc.d/courier-imap-imapd.sh
mail# /usr/local/etc/rc.d/courier-imap-pop3d.sh
mail# /usr/local/etc/rc.d/sa-spamd
测试邮件系统
测试邮件收发
生成用户base64编码
mail# perl -MMIME::Base64 -e 'print encode_base64("test\@postfix.cn");'
复制内容到剪贴板
代码:
dGVzdEBwb3N0Zml4LmNu生成密码base64编码
mail# perl -MMIME::Base64 -e 'print encode_base64("123456");'
复制内容到剪贴板
代码:
MTIzNDU2测试验证与发送
mail# telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.test.com.
Escape character is '^]'.
220 postfix.cn ESMTP Postfix
ehlo mail
250-postfix.cn
250-PIPELINING
250-SIZE 104857600
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
dGVzdEBwb3N0Zml4LmNu
334 UGFzc3dvcmQ6
MTIzNDU2
235 2.0.0 Authentication successful
MAIL FROM:<test@postfix.cn>
250 2.1.0 Ok
RCPT TO:<test@postfix.cn>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
SUBJECT:test
This is a test mail;
.
250 2.0.0 Ok: queued as 8DF8E1CC20
quit
221 2.0.0 Bye
Connection closed by foreign host.
测试pop
mail# telnet localhost 110
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.test.com.
Escape character is '^]'.
+OK Hello there.
user test@postfix.cn
+OK Password required.
pass 123456
+OK logged in.
list
+OK POP3 clients that break here, they violate STD53.
1 724
2 724
3 2063
4 410
.
quit
+OK Bye-bye.
Connection closed by foreign host.
配置milter-limit(达到发送邮件数量的控制)
mail# ee /usr/local/etc/postfix/main.cf | grep milter
#新加入下面的行到mail.cf文件中,重新启动postfix
复制内容到剪贴板
代码:
smtpd_milters = unix:/var/run/milter/milter-limit.socketaccess.db数据库文件自动生成脚本
mail# cat /usr/local/sbin/milter.php
#!/usr/local/bin/php
复制内容到剪贴板
代码:
<?php
$access = "/etc/mail/access";
$fp = fopen($access,'w+');
$host ="localhost";
$user = "tmail";
$passwd = "tmail";
$dbname = "tmail";
$link = mysql_connect($host,$user,$passwd);
mysql_select_db($dbname,$link);
$query = "select * from tmail_users order by id desc";
$rules = mysql_query($query,$link);
while($rs = mysql_fetch_object($rules)){
$limit = "milter-limit-From:".$rs->email." "."150/1d"."\n";
if(fwrite($fp,$limit)===FALSE){
echo "不能写入文件。请检查文件权限。";
}
}
system("/usr/sbin/makemap hash /etc/mail/access < /etc/mail/access");
system("/usr/local/etc/rc.d/milter-limit.sh restart");
?>mail# chmod +x /usr/local/sbin/milter.php
把milter.php脚本加入到自动排程中去
mail# crontab -e
复制内容到剪贴板
代码:
0 */2 * * * /usr/sbin/milter-limit.php