架构基于FreeBSD和Postfix的IGENUS Webmail邮件系统

王朝system·作者佚名 2008-05-31

本文介绍使用FreeBSD+Postfix+Cyrus-sasl+Courier-imap+igenus+spamassassin+Clamav+mailscanner+mailscanner-mrtg+mailman

来架构一个具有多域名，有邮件列表、webmail、防病毒、防垃圾邮件、web管理界面的邮件系统。

Jacky, $Revision: 4.51 bate $Date: 2005-12-03

系统主要采用MailScanner+clamav+Spamd+APF来对病毒过滤和垃圾邮件过滤。

本文在4.10、5.3、5.4、6.0上安装测试通过，病毒过滤放弃采用amavisd。主要采用执行效率更高的MailSanner来对邮件过滤和垃圾邮件过滤，配置更容易，并且降低了系统开消。让系统更加稳定，经过严格病毒邮件测试成功率达到了100%。垃圾邮件过滤基本上达到了95%的成功率。

Table of Contents

Chapter 1. 系统安装

1.1 安装MySQL

1.2 安装Apache

1.3 安装PHP

1.4 安装zend

1.5 安装openssl

1.6 安装phpMyAdmin

1.7 通过phpMyadmin设置数据库

1.8安装Courier-imap

1.9安装 postfix 和 cyrus-sasl

1.10 安装expect

Chapter 2. 配置邮件服务器

2.1 配置rc.conf

2.2 配置postfix 和 cyrus-sasl

2.3 配置Courier-imap

Chapter 3. 手动设置第一个用户并测试

Chapter 4. 安装postfix管理工具

4.1安装本人开发的postfix管理工具

4.2 用户登录测试

Chapter 5. 防病毒与防垃圾邮件

5.1 安装Clamav

5.2 安装MailScanner

5.3 安装配置Spamassassin

5.4修改Postfix设定档main.cf

5.5修改mailscanner.conf

5.6新增MailScanner所要用到的资料夹

5.7把病毒提示信息改为中文

5.8MailScanner监管进出邮件

5.9 邮件流量监控（mailscanner-mrtg）安装与设置

5.10．安装APF防垃圾邮件

Chapter 6. 安装webmail

Chapter 7邮件列表（mailman）

Chapter 8. 查看系统状态

Chapter 1. 系统安装

安装之前：因用户数据都保存在/var目录下，因此安装FreeBSD时/var的空间应尽量大。FreeBSD的版本为5.3，按最小化安装，软件包只安装cvsup，安装结束后用cvsup更新ports树。在文档中假设服务器的ip地址为192.168.0.2，域名为toping.net，主机名为mail.toping.net。

请兄弟们仔细一些，注意空格和TAB。

祝兄弟们好运。本人水平有限。如果发现文章中有什么错误和不当的地方请发邮件：scyz@toping.net。我会在第一时间给予答复。

1.1 安装MySQL

mail# cd /usr/ports/databases/mysql40-server

mail# make install clean

编辑/etc/rc.conf，加入

mysql_enable="YES"

1.2 安装Apache

mail# cd /usr/ports/www/apache2

mail# make install clean

编辑/etc/rc.conf，加入

Apache2_enable="YES"

1.3 安装PHP

mail# cd /usr/ports/www/mod_php4

mail# make install clean

我的选择：（注意别选DEBUG，否则会和ZEND有冲突）

[X] APACHE2 Use apache 2.x instead of apache 1.3.x

安装需要的PHP扩展模块

mail# cd /usr/ports/lang/php4-extensions

mail# make install clean

我选择了下面的模块：

[X] BCMATH bc style precision math functions

[X] BZ2 bzip2 library support

[X] CALENDAR calendar conversion support

[X] CRACK crack support

[X] CTYPE ctype functions

[X] CURL CURL support

[X] FTP FTP support

[X] GD GD library support

[X] GETTEXT gettext library support

[X] FILEINFO fileinfo support

[X] IMAP IMAP support

[X] MBSTRING multibyte string support

[X] MCAL Modular Calendar Access Library support

[X] MCRYPT Encryption support

[X] MCVE MCVE support

[X] MHASH Crypto-hashing support

[X] MYSQL MySQL database support

[X] PCRE Perl Compatible Regular Expression support

[X] POSIX POSIX-like functions

[X] SESSION session support

[X] TOKENIZER tokenizer support

[X] XML XML support

[X] ZLIB ZLIB support

最后在编辑/usr/local/etc/apache2/httpd.conf最后加入：

DirectoryIndex index.html index.html.var index.php

#注：在DirectoryIndex这里加入index.php,是为了让apache支持首页为index.php的首页文件

AddType application/x-httpd-php .php

AddType application/x-httpd-php-source .phps

Group www、User www修改为： Group postfix、User postfix

注：以上这一步要在postfix安装后再操作

1.4.安装zend

mail# cd /usr/ports/devel/ZendOptimizer

mail# make install clean

因为版权的问题，他不会自动下载。这里你需要到他的官方网站去下载ZendOptimizer-2.5.10a-freebsd4.3-i386.tar.gz到/usr/ports/distfiles目录下面后再安装。

下载地址：

http://downloads.zend.com/optimizer/2.5.10/ZendOptimizer-2.5.10a-freebsd4.3-i386.tar.gz

完成后在/usr/local/etc/php.ini中加入：

[Zend]

zend_optimizer.optimization_level=15

zend_extension_manager.optimizer="/usr/local/lib/php/20020429/Optimizer"

zend_extension_manager.optimizer_ts="/usr/local/lib/php/20020429/Optimizer_TS"

zend_extension="/usr/local/lib/php/20020429/ZendExtensionManager.so"

zend_extension_ts="/usr/local/lib/php/20020429/ZendExtensionManager_TS.so"

重启apache安装完成。

1.5 安装openssl

mail# cd /usr/ports/security/openssl

mail# make install clean

1.6 安装phpMyAdmin

mail# cd /usr/ports/databases/phpmyadmin

mail# make fetch

注：(在这里建议直接下载后复制安装)

mail# cd /usr/ports/distfiles

mail# tar –zxvf PhpMyadmin-x.tar.gz

mail# mv /usr/local/www/phpMyAdmin-x /usr/local/www/data/dbadmin

修改/usr/local/www/data/dbadmin/config.inc.php

$cfg['PmaAbsoluteUri'] = 'http://192.168.0.2/dbadmin/';

$cfg['Servers'][$i]['auth_type'] = 'http'; // Authentication method (config, http or cookie based)?

注：指定phpmyadmin的认证方式为http方式。

在浏览器输入http://192.168. 0.2/dbadmin/，首次进行登入的用户名为root密码为空，登入后可以修改你的密码。

1.7 通过phpMyadmin设置数据库

建立postfix数据库(注意：数据库名称为postfix)：

mail# mysql –u root –p

mysql# CREATE DATABASE `postfix` ;

mysql# use postfix;

下面为sql语句：

CREATE TABLE domaininfo (

domain_id int(5) NOT NULL auto_increment,

domain varchar(25) NOT NULL default '',

alias varchar(30) default NULL,

passwd varchar(35) NOT NULL default '',

usernum int(5) NOT NULL default '0',

quota int(11) NOT NULL default '0',

des varchar(30) default NULL,

expire date NOT NULL default '0000-00-00',

active tinyint(1) NOT NULL default '1',

create_time datetime default NULL,

PRIMARY KEY (domain_id),

UNIQUE KEY domain (domain),

KEY domain_id (domain_id)

) TYPE=MyISAM COMMENT='domain information';

INSERT INTO domaininfo VALUES (1,'admin',NULL,'$1$.j3.t12.$I7MGf7ZD2HrWwUWQF88Mg1',0,0,'Super Admin','0000-00-00',1,'0000-00-00 00:00:00');

CREATE TABLE userinfo (

id int(11) NOT NULL auto_increment,

userid varchar(20) NOT NULL default '',

domain_id int(5) NOT NULL default '0',

address varchar(50) NOT NULL default '',

alias varchar(60) default NULL,

passwd varchar(35) NOT NULL default '',

realname varchar(20) default NULL,

quota int(11) NOT NULL default '0',

active tinyint(1) NOT NULL default '0',

homedir varchar(60) NOT NULL default '',

maildir varchar(60) NOT NULL default '',

create_time datetime NOT NULL default '0000-00-00 00:00:00',

`fax` varchar(20) NOT NULL default '',

`telephone` varchar(15) NOT NULL default '',

`sex` int(1) NOT NULL default '0',

`year` int(4) NOT NULL default '0',

`MONTH` int(2) NOT NULL default '0',

`DAY` int(2) NOT NULL default '0',

`education` varchar(4) NOT NULL default '',

`marital` int(1) NOT NULL default '0',

`occupation` varchar(15) NOT NULL default '',

`companyname` varchar(30) NOT NULL default '',

`province` varchar(6) NOT NULL default '',

PRIMARY KEY (id),

UNIQUE KEY address (address)

) TYPE=InnoDB COMMENT='User Information';

注：对于初学者，建议以上操作都在phpmyadmin中操作更加的简便，如果后面要使用igenus请导入原来igenus的sql。

建立数据库用户并授以相应的权限

mail# mysql –u root –p

mysql# use mysql;

mysql# INSERT INTO user (host,user,password) VALUES('localhost','postfix','');

mysql# update user set password=password('postfix') where User='postfix';

mysql# GRANT ALL ON postfix.* TO postfix@localhost IDENTIFIED BY "postfix";

注：这里加用户名和密码都为：postfix。并授权对postfix数据库进行操作

1.8 安装Courier-imap

mail# cd /usr/ports/mail/courier-imap

mail# make install clean

我的选择：

[X] OPENSSL Build with OpenSSL support

[X] AUTH_MYSQL MySQL support

在/etc/rc.conf中加入：

courier_authdaemond_enable="YES"

courier_imap_pop3d_enable="YES"

courier_imap_imapd_enable="YES"

mail# cd /usr/local/etc/courier-imap

mail# cp imapd.cnf.dist imapd.cnf

mail# cp pop3d.cnf.dist pop3d.cnf

mail# /usr/local/etc/rc.d/courier-authdaemond.sh start

注：此时会在/var/run/authdaemond/下产生socket，如果没有下面这一步下面的认证无法通过。

mail# chmod +x /var/run/authdaemond

1.9 安装 postfix 和 cyrus-sasl

mail# cd /usr/ports/security/cyrus-sasl2

mail# make install WITH_AUTHDAEMON=yes

mail# make clean

创建/usr/local/lib/sasl2/smtpd.conf

pwcheck_method: authdaemond

log_level: 3

mech_list: PLAIN LOGIN

authdaemond_path:/var/run/authdaemond/socket

更详细的参数设置请看：

http://www.toping.net/bbs/htm_data/7/0508/330.html

至此，认证部分基本完成。

安装postfix

mail# cd /usr/ports/mail/postfix

mail# make install clean

我的选择：

[X] VDA VDA (Virtual Delivery Agent)

[X] MySQL MySQL map lookups (choose version with WITH_MYSQL_VER)

[X] TLS SSL and TLS

[X] SASL2 Cyrus SASLv2 (Simple Authentication and Security Layer)

回答下面的两问题：

You need user "postfix" added to group "mail".[是否将postfix用户加到mail用户组]

Would you like me to add it [y]? y

Would you like to activate Postfix in /etc/mail/mailer.conf [n]? n

在/etc/rc.conf中加入postfix启动所需的启动选项

在/etc/rc.conf中加入：

sendmail_enable="YES"

sendmail_flags="-bd"

sendmail_pidfile="/var/spool/postfix/pid/master.pid"

sendmail_procname="/usr/local/libexec/postfix/master"

sendmail_outbound_enable="NO"

sendmail_submit_enable="NO"

sendmail_msp_queue_enable="NO"

设置postfix启动所需

mail# ln -s /usr/local/sbin/sendmail /usr/sbin/sendmail

注：如果/usr/sbin/sendmail存在就删了再做上链接，如果升级内核和升级系统后要重新做这一步。

mail# echo ‘postfix: root’ /etc/aliases

mail# /usr/local/bin/newaliases

mail# chown postfix:postfix /etc/opiekeys

1.10 安装expect

用于Web客户端建立邮件用户

mail# cd /usr/ports/lang/expect

mail# make install clean

Chapter 2. 配置邮件服务器

本节主要讲述各种服务的参数配置。

2.1 配置rc.conf，编辑/etc/rc.conf

下面是前面所装软件都加入了启动选项的rc.conf配置：

mysql_enable="YES"

apache2_enable="YES"

courier_authdaemond_enable="YES"

courier_imap_pop3d_enable="YES"

courier_imap_imapd_enable="YES"

sendmail_enable="YES"

sendmail_flags="-bd"

sendmail_pidfile="/var/spool/postfix/pid/master.pid"

sendmail_procname="/usr/local/libexec/postfix/master"

sendmail_outbound_enable="NO"

sendmail_submit_enable="NO"

sendmail_msp_queue_enable="NO"

2.2 配置postfix 和 cyrus-sasl

(1)修改/usr/local/etc/postfix/main.cf，在文件最后加入以下内容

mail# ee /usr/local/etc/postfix/main.cf

smtpd_helo_required = yes

strict_rfc821_envelopes = yes

smtpd_etrn_restrictions = permit_mynetworks, reject

#=====================BASE=====================

myhostname = mail.toping.net

mydomain = toping.net

mydestination = $myhostname

local_recipient_maps =

command_directory = /usr/local/sbin

local_transport = virtual

#=====================MySQL=====================

virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf

virtual_gid_maps = static:125

virtual_mailbox_base = /

virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf

virtual_mailbox_limit = 51200000

virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf

virtual_minimum_uid = 125

virtual_transport = virtual

virtual_uid_maps = static:125

#=====================Quota=====================

virtual_create_maildirsize = yes

virtual_mailbox_extended = yes

virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf

virtual_mailbox_limit_override = yes

virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.

virtual_overquota_bounce = yes

#====================SASL=====================

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

broken_sasl_auth_clients = yes

smtpd_delay_reject=yes

smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,permit_auth_destination,reject

smtpd_client_restrictions = permit_sasl_authenticated

更详细的参数设置请看论坛：

http://www.toping.net/bbs/htm_data/7/0601/871.html

(4)编辑/usr/local/etc/postfix/mysql_virtual_alias_maps.cf

mail# ee /usr/local/etc/postfix/mysql_virtual_alias_maps.cf

user = postfix

password = postfix

hosts = localhost

dbname = postfix

query = SELECT alias FROM userinfo WHERE address='%s' AND active = 1

(5)编辑/usr/local/etc/postfix/mysql_virtual_domains_maps.cf

mail# ee /usr/local/etc/postfix/mysql_virtual_domains_maps.cf

user = postfix

password = postfix

hosts = localhost

dbname = postfix

query = SELECT domain FROM domaininfo WHERE domain='%s'

(6)编辑/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf

mail# ee /usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf

user = postfix

password = postfix

hosts = localhost

dbname = postfix

query = SELECT maildir FROM userinfo WHERE address='%s' AND active = 1

(7)编辑/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf

mail# ee /usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf

user = postfix

password = postfix

hosts = localhost

dbname = postfix

query = SELECT quota FROM userinfo WHERE address='%s'

2.3 配置Courier-imap

(1)修改Courier相关设置，/usr/local/etc/courier-imap/imapd：

IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA"

(2)修改/usr/local/etc/courier-imap/pop3d

POP3AUTH="LOGIN CRAM-MD5 CRAM-SHA1"

(3)编辑修改/usr/local/etc/authlib/authmysqlrc

mail# mv /usr/local/etc/authlib/authmysqlrc /usr/local/etc/authlib/authmysqlrc_bak

mail# ee /usr/local/etc/authlib/authmysqlrc

MYSQL_SERVER localhost //数据库主机地址

MYSQL_USERNAME postfix //数据库用户名

MYSQL_PASSWORD postfix //数据库密码

MYSQL_PORT 0

MYSQL_OPT 0

MYSQL_DATABASE postfix //数据库名称

MYSQL_USER_TABLE userinfo

MYSQL_CRYPT_PWFIELD passwd

MYSQL_UID_FIELD '125'

MYSQL_GID_FIELD '125'

MYSQL_LOGIN_FIELD address

MYSQL_HOME_FIELD homedir

MYSQL_NAME_FIELD realname

MYSQL_MAILDIR_FIELD maildir

MYSQL_QUOTA_FIELD quota

注：这里得用tab键来跳格

(4)编辑/usr/local/etc/authlib/authdaemonrc

mail# mv /usr/local/etc/authlib/authdaemonrc /usr/local/etc/authlib/authdaemonrc_bak

mail# ee /usr/local/etc/authlib/authdaemonrc

authmodulelist="authmysql"

authmodulelistorig="authmysql"

version="authdaemond.mysql"

daemons=5

authdaemonvar=/var/run/authdaemond

subsystem=mail

DEBUG_LOGIN=0

DEFAULTOPTIONS="wbnodsn=1"

重启服务器

Chapter 3.手动设置第一个用户并测试

本章介绍如何开通用户，并且测试系统是否正常。

注：增加用户时请到这里生成加密后的密码后直接插入到数据库中就可以了。

http://www.toping.net/soft

mail# mysql

mysql use postfix;

mysql show tables;

+-------------------+

| Tables_in_postfix |

+-------------------+

| address |

| admin |

| card |

| domaininfo |

| lastauth |

| logs |

| message |

| personal |

| scheduler |

| stow |

| userinfo |

| vpopmail |

+-------------------+

12 rows in set (0.00 sec)

增加域名和管理员

mysql desc domaininfo;

+-------------+-------------+------+-----+------------+----------------+

+-------------+-------------+------+-----+------------+----------------+

| usernum | int(5) | | | 0 | |

| quota | int(11) | | | 0 | |

| des | varchar(30) | YES | | NULL | |

+-------------+-------------+------+-----+------------+----------------+

10 rows in set (0.00 sec)

mysql INSERT INTO `domaininfo` VALUES (7, 'toping.net', NULL, '$1$jNXThQXq$KPjm.WE2f2yX5rceY48vX. ', 50, 500, NULL, '0000-00-00', 1, '2005-04-19 23:19:11');

Query OK, 1 row affected (0.00 sec)

注：这里的toping.net的管理密码为：admin123

mysql desc userinfo;

+-------------+-------------+------+-----+---------------------+----------------+

+-------------+-------------+------+-----+---------------------+----------------+

| id | int(11) | | PRI | NULL | auto_increment |

| domain_id | int(5) | | | 0 | |

| quota | int(11) | | | 0 | |

| fax | varchar(20) | | | | |

| sex | int(1) | | | 0 | |

| year | int(4) | | | 0 | |

| MONTH | int(2) | | | 0 | |

| DAY | int(2) | | | 0 | |

| marital | int(1) | | | 0 | |

+-------------+-------------+------+-----+---------------------+----------------+

23 rows in set (0.00 sec)

mysql INSERT INTO `userinfo` VALUES (8, 'webmaster', 7, 'webmaster@toping.net', NULL,'$1$4DLQeNkz$QKCAQqg244XwvLl2SD11f0', 'webmaster', 209715200, 1, '/var/mail/toping.net/webmaster/', '/var/mail/toping.net/webmaster/Maildir/', '2005-04-20 23:45:17', '', '', 0, 0, 0, 0, '', 0, '', '', '');

注：这里的webmaster用户的邮箱密码为：000000

mysqlquit

设置用户的目录与权限：

Mail# mkdir -p /var/mail/toping.net/webmaster

Mail# /usr/local/bin/maildirmake /var/mail/toping.net/webmaster/Maildir

Mail# chmod -R 777 /var/mail/toping.net/

Mail# chown -R postfix:postfix /var/mail/toping.net

至此用户设置完毕，这里只使用一个域名，同理可以设置多个域名。

Chapter 4.安装postfix管理工具

本节主要介绍如何安装和使用本人开发的postfix管理工具。

4.1安装本人开发的postfix管理工具来设置第一个域名和用户

上传管理工具到网站目录

后修改include/config.inc.php中的

define(DOMAINSDIR,"/home/vmail");为define(DOMAINSDIR,"/var/mail");

define(MYSQL_HOST, 'localhost'); 为您的MySQL服务器的主机名

define(MYSQL_USER, 'root');为您的MySQL的用户名

define(MYSQL_PASS, 'mypasswd');为您的MySQL的密码

define(MYSQL_DATA, 'postfix'); 为您的邮件服务器的数据库

修改完成后运行：http://mail.toping.net/webadmin/index.php

完装完成！！

4.2 用户登录测试

用户登录测试

安装p5-MIME-Base64

mail# cd /usr/ports/converters/p5-MIME-Base64/

mail# make install clean

通过p5-MIME-Base64来取得用户名和密码的base64编码

mail# perl -MMIME::Base64 -e 'print encode_base64("webmaster\@toping.net");'

d2VibWFzdGVyQHRvcGluZy5uZXQ=

mail# perl -MMIME::Base64 -e 'print encode_base64("000000");'

MDAwMDAw

测试发送邮件（端口：25）：

mail# telnet 127.0.0.1 25

Trying 127.0.0.1...

Connected to 0.

Escape character is '^]'.

220 mail.toping.net ESMTP Postfix

ehlo mail

250-mail.toping.net

250-PIPELINING

250-SIZE 4194304

250-VRFY

250-ETRN

250-AUTH NTLM LOGIN PLAIN OTP

250-AUTH=NTLM LOGIN PLAIN OTP

250 8BITMIME

auth login

334 VXNlcm5hbWU6

d2VibWFzdGVyQHRvcGluZy5uZXQ= //此为用户名id：webmaster@toping.net

334 UGFzc3dvcmQ6

MDAwMDAw //此为用户密码password：000000

235 Authentication successful

MAIL FROM: //告诉服务器发件人的Email地址

250 Ok

RCPT TO: //告诉服务器收件人的地址

250 OK

DATA //告诉服务器开始写信

354 End data with .

SUBJECT:test //subject后面填写的是邮件的主题

test

. //换行后输入.后按回车,表示信件内容书写完毕

250 Ok: queued as 58DC71D5

quit //发送信件，结束对话，退出SMTP服务器

221 Bye

Connection closed by foreign host

测试收取邮件（端口：110）：

mail# telnet 127.0.0.1 110

Trying 127.0.0.1...

Connected to 0

Escape character is '^]'

+OK Hello there

user webmaster@toping.net

+OK Password required

pass 000000

+OK logged in

list

+OK POP3 clients that break here, they violate STD53

1 2217

retr 1 //返回第一封信的全部内容

+OK 2217 octets follow.

Return-Path:

X-Original-To: webmaster@toping.net

Delivered-To: webmaster@toping.net

Received: from mail (localhost.toping.net [127.0.0.1])

by mail.toping.net (Postfix) with ESMTP id 58DC71D5

for ; Mon, 9 Aug 2004 21:11:20 +0800 (CST)

SUBJECT:test

Message-Id:

Date: Mon, 9 Aug 2004 21:11:20 +0800 (CST)

From: webmaster@toping.net

To: undisclosed-recipients:;

test

dele 1 //删除

+OK Deleted

quit

+OK Bye-bye

Connection closed by foreign host

也可以使用任何其它的邮件客户端程序来测试，如foxmail、Outlook Express等等。

Chapter 5. 防病毒与防垃圾邮件

本章介绍病毒与垃圾邮件的防范。

5.1 安装Clamav

mail# cd /usr/ports/security/clamav

mail# make install clean

我的选择：

[X] MILTER Compile the milter interface

[X] CURL Support URL downloading

[X] LIBUNRAR Support for external Unrar library

要想clamav能自动的启动请在/etc/rc.conf中加入：

clamav_clamd_enable="YES"

clamav_freshclam_enable="YES"

重启服务器

测试杀毒

mail# clamscan -r -i /usr/local/www/data

----------- SCAN SUMMARY -----------

Known viruses: 41293

Engine version: 0.87.1

Scanned directories: 53

Scanned files: 602

Infected files: 0

Data scanned: 41.51 MB

Time: 18.294 sec (0 m 18 s)

升级病毒库

mail# freshclam

ClamAV update process started at Sun Dec 4 01:10:02 2005

main.cvd is up to date (version: 34, sigs: 39625, f-level: 5, builder: tkojm)

daily.cvd is up to date (version: 1200, sigs: 1669, f-level: 6, builder: tomek)

5.2 安装MailScanner

mail# cd /usr/ports/mail/mailscanner

mail# make install

第一次执行安装因此需执行make initial-config以建立基本配置文件

mail# make initial-config

mail# make clean

5.3 安装SpamAssassin

mail# cd /usr/ports/mail/p5-Mail-SpamAssassin

mail# make install clean

我的选择：

[X] AS_ROOT Run spamd as root (recommended)

[X] DOMAINKEYS DomainKeys support

[X] SSL Build with SSL support for spamd/spamc

[X] MYSQL Add MySQL support

[X] RAZOR Add Vipul's Razor support

[X] SPF_QUERY Add SPF query support

[X] RELAY_COUNTRY Relay country support

[X] TOOLS Install SpamAssassin tools

5.4修改Postfix设定档main.cf

mail# ee /usr/local/etc/postfix/main.cf

#header_checks = regexp:/usr/local/etc/postfix/header_checks //默认值

header_checks = regexp:/usr/local/etc/postfix/header_checks //把注释去掉

编辑/usr/local/etc/postfix/header_checks

mail# ee /usr/local/etc/postfix/header_checks

/^Received:/ HOLD //新加入

5.5修改mailscanner.conf

mail# ee /usr/local/etc/MailScanner/MailScanner.conf

#Run As User = //默认值

Run As User = postfix //修改后

#Run As Group = //默认值

Run As Group = postfix //修改后

#Incoming Queue Dir = /var/spool/mqueue.in //默认值

Incoming Queue Dir = /var/spool/postfix/hold //修改后

#Outgoing Queue Dir = /var/spool/mqueue //默认值

Outgoing Queue Dir = /var/spool/postfix/incoming //修改后

#MTA = sendmail //默认值

MTA = postfix //修改后

#Virus Scanners = none //默认值

Virus Scanners = clamav //修改后

#Use SpamAssassin = no //默认值

Use SpamAssassin = yes //修改后

5.6新增MailScanner所要用到的资料夹

mail# mkdir /var/spool/MailScanner

mail# mkdir /var/spool/MailScanner/incoming

mail# mkdir /var/spool/MailScanner/quarantine

mail# chown postfix:postfix /var/spool/MailScanner/incoming

mail# chown postfix:postfix /var/spool/MailScanner/quarantine

mail# touch /usr/local/etc/MailScanner/rules/bounce.rules //新建一个空白文件，要不然会出错。

mail# chmod –R 777 /var/spool/postfix

mail#cp /usr/local/etc/MailScanner/mcp/10_example.cf.sample /usr/local/etc/MailScanner/mcp/10_example.cf

mail#cp /usr/local/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf.sample /usr/local/etc/MailScanner/mcp/mcp.spam.assassin.prefs.conf

注：这里的倒数一、二行实际操作中为一行

重新启动服务器

测试病毒过滤：

mail# telnet localhost 25

Trying ::1...

telnet: connect to address ::1: Connection refused

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

220 mail.toping.net ESMTP Postfix

mail from:webmaster@toping.net

250 Ok

rcpt to:webmaster@toping.net

250 Ok

data

354 End data with .

Subject:Virus test

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

250 Ok: queued as F0C221CC20 //出现F0C221CC20这行表示mailscanner运行成功了

quit

221 Bye

Connection closed by foreign host.

5.7把病毒提示信息改为中文

预设系统提示信息为英文，可以下载我修改的中文包。

http://mail.toping.net/mailscanner/cn.rar

注：把下载下来的文件解压后放到/usr/local/share/MailScanner/reports/cn下面去

mail# ee /usr/local/etc/MailScanner/MailScanner.conf

#%report-dir% = /usr/local/share/MailScanner/reports/en //默认值(加载英文)

%report-dir% = /usr/local/share/MailScanner/reports/cn //修改后为读取中文

5.8.用MailScanner来监管进出邮件

mail# eeMailScanner.conf

Archive Mail = %rules-dir%/archive.rules

mail# ee archive.rules

方法一：互相备份, 以上这样并不会造成 loop

FromOrTo: a@toping.net yes forward b@toping.net

FromOrTo: b@toping.net yes forward a@toping.net

方法二：可以 forward 到复数信箱

FromOrTo: a@toping.net yes forward b@toping.net c@toping.net d@toping.net

方法三：同时备份到一个或多个档案及一个或多个信箱

FromOrTo: a@toping.net yes forward /var/spool/MailScanner/archive/a_user_backup.mbx /var/spool/MailScanner/archive/a_user_backup.mbx b@toping.net scyz2@163.com

注：以上为一行，该档案要先建立且确定该档案拥有者与 MailScanner.conf 的 Run As User = XXXXXXX 相同

方法四：备份到数据夹及多个信箱或档案

FromOrTo: a@toping.net yes forward /var/spool/MailScanner/archive/ b@toping.net scyz2@163.com /var/spool/MailScanner/archive/a_user_backup.mbx

注：以上为一行，权限同SAMPLE3；注意事项, 他会依日期再分数据夹, 日期数据夹内的文件名称 mail queue ID, 格式为 postfix mail queue 格式

更详细的mailscanner.cf的参数请看论坛：

http://www.toping.net/bbs/htm_data/7/0509/533.html

5.9.安装MailScanner-mrtg

mail# cd /usr/ports/mail/ mailscanner-mrtg

mail# make install clean

mailscanner-mrtg相关设置

mail# cd /usr/local/etc/mailscanner-mrtg //切换至mailscanner-mrtg 目录

mail# cp mailscanner-mrtg.conf.sample mailscanner-mrtg.conf

mail# cp mailscanner-mrtg.cfg.sample mailscanner-mrtg.cfg

mail# chmod 644 mailscanner-mrtg.conf //更改权限为可修改

mail# chmod 644 mailscanner-mrtg.cfg //更改权限为可修改

mail# ee mailscanner-mrtg.conf //修改mailscanner-mrtg.conf内容如下

#MTA = sendmail //默认值

MTA = postfix //修改后

#Where the MTA puts mail before MailScanner gets it

#Incoming Queue Dir = /var/spool/postfix.in/deferred/ # Postfix

#Incoming Queue Dir = /var/spool/exim.in/input/ # Exim

Incoming Queue Dir = /var/spool/mqueue.in/ # Sendmail //默认值

Incoming Queue Dir = /var/spool/postfix/hold # Postfix //修改后

#Where MailScanner puts your mail after it is scanned

#Outgoing Queue Dir = /var/spool/postfix/incoming/ # Postfix

#Outgoing Queue Dir = /var/spool/exim/input # Exim (?)

Outgoing Queue Dir = /var/spool/mqueue/ # Sendmail //默认值

Outgoing Queue Dir = /var/spool/postfix/incoming/ # Postfix //修改后(把#拿掉)

#Which interfaces to monitor (comma separated list)

Interfaces to Monitor = fxp0 //默认值

Interfaces to Monitor = vr0 //修改后(改成您的网卡吧)

mail# ee /usr/local/etc/apache/httpd.conf //修改apache配置以便读取mailscanner-mrtg数据

内容如下：

#MailScanner Setting

Alias /mailscanner-mrtg/ "/usr/local/www/mailscanner-mrtg/"

Step5.产生MailScanner-Mrtg流量图

mail# /usr/local/bin/mrtg /usr/local/etc/mailscanner-mrtg/mailscanner-mrtg.cfg

mail# crontab -e

*/10 * * * * /usr/local/bin/mrtg /usr/local/etc/mailscanner-mrtg/mailscanner-mrtg.cfg

5.10．安装APF防垃圾邮件

http://apf.org.cn

下载地址：

http://mail.toping.net/apf/apf.rar

下载最新的APF包解压到/usr/local/etc/postfix目录。

这时/usr/local/etc/postfix目录里边有一个apf-posftix.pl的文件

修改/usr/local/etc/postfix/master.cf

mail# ee /usr/local/etc/postfix/master.cf

加入：

apf unix - n n - - spawn

user=nobody argv=/usr/bin/perl /usr/local/etc/postfix/apf-postfix.pl

增加黑白名单：

1、IP黑名单：

ip_black_list.txt

2、IP白名单

ip_white_list.txt

3、域名黑名单

dn_black_list.txt

4、域名白名单

dn_white_list.txt

Chapter 6. 安装webmail

如何使用本人修改的iGENUS for Postfix 2.01

下载地址：

http://mail.toping.net/igenus/igenus_for_postfix_2.01.rar

webmail使用igenus，版本是iGENUS for Postfix 2.01

建议下载本人修改的iGENUS for Postfix 2.01

安装方法参考论坛：

http://www.toping.net/bbs/htm_data/7/0507/174.html

mail# cd /usr/local/www/data

mail# chown -R postfix:postfix phpMyAdmin

mail# cd /usr/local/etc

mail# cp php.ini-dist php.ini

修改/usr/local/etc/php.ini

webmail上传附件设置：

register_globals = On

max_execution_time = 30 //改为60 (增加处理脚本的时间限制)

memory_limit = 8M //改为40M (这样才能发10M的附件)

post_max_size = 8M //改为10M

upload_max_filesize = 2M //改为10M

重启apache

mail# /usr/local/etc/rc.d/apache2.sh restart

Chapter 7. 安装邮件列表（MAILMAN）安装

本节主要讲述邮件列表mailman的安装和配置

设置/etc/make.conf

mail# ee /etc/make.conf

# mail/mailman

MAIL_GID="mailman"

安装mailman

mail# portinstall -m BATCH=yes mail/mailman

配置apache(新加入)

mail# ee /usr/local/etc/apache2/httpd.conf

ScriptAlias /mailman "/usr/local/mailman/cgi-bin"

AllowOverride None

Options none

Order allow,deny

Allow from all

Alias /pipermail "/usr/local/mailman/archives/public"

AllowOverride None

Options +FollowSymlinks

Order allow,deny

Allow from all

用check_perms

mail# /usr/local/mailman/bin/check_perms -f

注：加上-f参数可以修复。

修改/usr/local/mailman/Mailman/mm_cfg.py，加上：

DEFAULT_EMAIL_HOST = 'lists.toping.net'

MTA = 'Postfix'

POSTFIX_STYLE_VIRTUAL_DOMAINS = ['lists.toping.net', 'toping.net']

添加一个邮件列表：

mail# /usr/local/mailman/bin/newlist mailman

把用户添加到邮件列表里测试，建一个文本文件，比如maillists.txt，一行一个邮件地址，然后执行如下命令：

mail# /usr/local/mailman/bin/add_members -n maillists.txt mailman

mail# ee postfix/main.cf

owner_request_special = no

recipient_delimiter = +

virtual_alias_maps = hash:/usr/local/mailman/data/virtual-mailman,

mysql:/usr/local/etc/postfix/mysql/mysql_virtual_alias_maps.cf

alias_maps = hash:/usr/local/mailman/data/aliases,hash:/usr/local/etc/postfix/aliases

mail# ee Default.py

DEFAULT_EMAIL_HOST = 'lists.toping.net'

DEFAULT_URL_HOST = 'lists.toping.net'

DEFAULT_URL_PATTERN = 'http://%s/mailman/'

DEFAULT_SERVER_LANGUAGE = 'zh_CN'

设置virtual-mailman

mail# ee /usr/local/mailman/data/virtual-mailman

lists.meilai.com anything

邮件列表的配置

Default.py和mm_cfg.py的配置是针对全局的，对全局配置文件的修改不会影响到已经存在的邮件列表。mailman提供了config_list这个命令来对单个邮件列表进行配置，先导出该邮件列表的配置：

mail# /usr/local/mailman/bin/config_list -o /tmp/config mailman

然后修改/tmp/config文件，里面有很多选项，可以根据自己的要求修改，比如加上回复到邮件列表的邮件头、去掉mailman自动加的边脚等等，最后把这个配置文件导回给邮件列表就可以了：

mail# /usr/local/mailman/bin/config_list -i /tmp/config mailman

下面你可以通过web去管理你的邮件列表：

http://lists.toping.net/mailman/admin/mailman

查看邮件列表信息：

http://lists.toping.net/mailman/listinfo/mailman/

功能太强大了，这里不一一的讲解，自己去发现吧

Chapter 7. 查看系统状态

本节主要讲述phpSysInfo工具的安装和配置

安装phpSysInfo(2.2)

mail# cd /usr/ports/www/phpSysInfo

mail# make install clean

mail# cd /usr/local/www/data-dist/phpSysInfo

mail# cp config.php.new config.php