/ 中存储网

CentOS系统安装配置Nginx+Postfix+Extmail邮件服务器

2014-07-13 20:22:07 来源:中存储网

说明:关于邮件配置这几篇文章,主要参考的是作者sery博客,里边还有一些作者的内容.本篇配置,大部分软件版本与原作者的都不相同.同时,里边更新了一些新的内容,如WEBServer 采用nginx,系统版本采用CentOS5.3.这几篇命名为原创不是作者的本意,为了避免误解,现更改为转载.但,整篇配置确是作者一步步配置.在原作者的配置上也发现了一些新的问题.本人会继续开源软件的研究和实践.
 

系统平台:CentOS5.3
1. nginx……………………………………………web server
2. Mysql…………………………………………… 用数据库存储用户信息
3. Php………………………………………………php(fastcgi)
4. Authlib………………………………………… 与sasl一起做验证
5. Sasl ……………………………………………验证方法
6. Postfix ……………………………………… smtp邮件发送服务主程序
7. Courier-imap…………………………………pop3 邮件接收主程序
8. Pcre ……………………………………………安装Imap需要perl正则表达式
9. Maildrop…………………………………………邮件投递代理,邮件转发到用户邮箱
10. clamav……………………………………………杀毒软件
11. amavisd-new………………………………………邮件病毒扫描
12. Mail-SpamAssassin………………………………防垃圾邮件
CentOS5.3系统安装包,一定要选的6个包。
1、system tools
2、administration tools
3、development tools
4、development libraries
5、network servers (5.1为network services)
6. base             (5.1没有单独列出)
相关软件下载地址:
       http://prdownloads.sourceforge.net/courier/courier-authlib-0.62.2.tar.bz2
       http://asg3.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.22.tar.gz
       http://jaist.dl.sourceforge.net/sourceforge/pcre/pcre-7.8.tar.gz
       http://www.postfix.cn/source/official/postfix-2.5.6.tar.gz
       http://nchc.dl.sourceforge.net/sourceforge/courier/courier-imap-4.4.1.tar.bz2
       http://switch.dl.sourceforge.net/sourceforge/courier/maildrop-2.0.4.tar.bz2
       http://fontconfig.org/release/fontconfig-2.6.0.tar.gz
       ftp://ftp.openpkg.org/sources/DST/xpm/xpm-3.4k.tar.gz
以下是具体安装步骤:
一.PHP(FastCGI)环境
一.PHP(FastCGI)环境
   1.MySQL安装 
  @版本:mysql-5.0.41.tar.gz
   安装过程:
  ……………………………安装开始………………………………………………
# groupadd mysql 
# useradd -g mysql  mysql
#./configure --prefix=/usr/local/mysql --with-extra-charsets=gb2312,gbk
 --with-unix-socket-path=/usr/local/mysql/tmp/mysql.sock 
 --with-mysqld-ldflags=-all-static --with-client-ldflags=-all-static 
 --sysconfdir=/etc --enable-assembler
# make && make install
# scripts/mysql_install_db --user=mysql     //数据库安装
# bin/mysqld_safe --user=mysql &   //起动mysqld
…………………………安装结束……………………………………………
echo "/usr/local/mysql/lib/mysql">> /etc/ld.so.conf //postfix编译里会用到
基本操作:
1.     起动/关闭MySQL
/usr/local/mysql/bin/mysqld_safe &
/usr/local/mysql/bin/mysqladmin -u root –p shutdown
2.     设置密码
mysqladmin -u root password 'new-password'     
3. 添加 /usr/local/webserver/mysql5/bin 到环境变量
   vi /etc/profile
       export PATH=$PATH:/usr/local/mysql/bin
2. GD相关安装
      1. @版本libpng-1.2.29.tar.gz
###################################################
shell> tar zxvf libpng-1.2.29.tar.gz
shell> cd libpng-1.2.29
shell> ./configure
shell> make
shell> make install
###################################################  
 2.版本jpegsrc.v6b.tar.gz
#############################################################
shell> tar zxvf jpegsrc.v6b.tar.gz
shell> cd jpeg-6b
/***
**由于jpeg的安装脚本中,没有创建文件夹,因此我们得手动给他创建好文件夹**/
Shell> mkdir –p /usr/local/jpeg/bin
Shell> mkdir  /usr/local/jpeg/lib
Shell> mkdir  /usr/local/jpeg/include
Shell> mkdir  /usr/local/jpeg/man
Shell> mkdir  /usr/local/jpeg/man1
Shell> mkdir  /usr/local/jpeg/man/man1
/*生成共享*/
Shell> ./configure --prefix=/usr/local/jpeg --enable-shared --enable-static
Shell> make && make install   
 #################################################
3. @版本freetype-2.3.7.tar.gz
#############################################
shell> tar zxvf freetype-2.3.7.tar.gz
shell> cd freetype-2.3.7
shell>  ./configure    //不指定目录,方便以下RRDTool安装
shell> make && make install
##############################################
4.@版本 fontconfig-2.6.0.tar.gz
   #################################################
Shell> tar zxvf fontconfig-2.6.0.tar.gz && cd font*
Shell> ./configure --prefix=/usr/local/fontconfig --with-freetype-config=/usr/local/bin/freetype-config
Shell> make && make install
 ##################################################
5. @版本 gd-2.0.35.tar.gz
GD库安装以前先把以上几个安装上,这个安装是有一定顺序的。
###############################################
Shell> tar zxvf gd-2.0.35.tar.gz
Shell> cd gd-2.0.35
Shell> ./configure --prefix=/usr/local/gd
 --with-png 
--with-jpeg=/usr/local/jpeg 
 --with-freetype
--with-fontconfig=/usr/local/fontconfig
Shell> make && make install
###############################################
** Configuration summary for gd 2.0.34:
   Support for PNG library:          yes
   Support for JPEG library:         yes
   Support for Freetype 2.x library:    yes
   Support for Fontconfig library:     yes
   Support for Xpm library:          no
   Support for pthreads:             yes
faq:
1> cd . && /bin/sh /usr/local/src/gd-2.0.35/config/missing --run aclocal-1.9 -I config
aclocal:configure.ac:64: warning: macro `AM_ICONV' not found in library
 cd . && /bin/sh /usr/local/src/gd-2.0.35/config/missing --run automake-1.9 --foreign
cd . && /bin/sh /usr/local/src/gd-2.0.35/config/missing --run autoconf
configure.ac:64: error: possibly undefined macro: AM_ICONV
      If this token and others are legitimate, please use m4_pattern_allow.
      See the Autoconf documentation.
make: *** [configure] Error 1
解决:
重新make 一下,如果不行,可以安装下边的包
安装gettext包
安装方式: shell>  yum install gettext 或通过手动下载gettext包
3.PHP(FastCGI)模式安装
  @php版本:5.2.6
  #gzip -cd php-5.2.9-fpm-0.5.10.diff.gz | patch -d php- 5.2.9 -p1
步骤: 
 ###########################################################
#./configure --prefix=/usr/local/phpcgi --with-config-file-path=/usr/local/phpcgi/etc  --with-mysql=/usr/local/mysql --with-gd=/usr/local/gd --with-jpeg-dir=/usr/local/jpeg --with-png-dir=/usr/local/lib --with-freetype-dir=/usr/local/lib --enable-mbstring --enable-mbregex --enable-bcmath --enable-sockets --with-xsl --with-curl --with-curlwrappers --enable-fastcgi --enable-force-cgi-redirect --enable-discard-path --with-openssl --enable-fpm
# make && make install
#cp php.ini-recommended /usr/local/phpcgi/etc/php.ini
######################################################
# /usr/local/phpcgi/etc/php-fpm.conf
/usr/local/phpcgi/logs/php-fpm.pid  
/usr/local/phpcgi/logs/php-fpm.log  
    notice  
    10  
    1m  
    5s  
    yes  
      default  
      127.0.0.1:9000  
        -1  
        0666  
        /usr/sbin/sendmail -t -i  
        1  
        vmail  
        vmail  
        static  
        25  
10  
5  
25  
      0s  
      0s  
      logs/slow.log  
      51200  
      0  
      yes  
      500  
      127.0.0.1  
$HOSTNAME  
/usr/local/bin:/usr/bin:/bin  
        /tmp  
        /tmp  
        /tmp  
        $OSTYPE  
$MACHTYPE  
        2  

起动php-cgi进程:
/usr/local/phpcgi/sbin/php-fpm start
4.NGINX安装
 @nginx版本:0.7.57
步骤: 
####################################################
# ./configure --user=vmail --group=vmail --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
# make && make install
###################################################
# more /usr/local/nginx/conf/fcgi.conf
#fastcgi.conf
fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx;
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;
fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;



二.邮件发送接收相关包的安装


 

再继续安装前先清理一下系统自带的一些软件

Sendmail相关包rpm –q sendmail

sendmail-8.13.8-2.el5

----------------------------------------------

清除:

rpm -e sendmail --nodeps

Sasl 相关包列出 rpm -qa|grep sasl

cyrus-sasl-2.1.22-4

cyrus-sasl-devel-2.1.22-4

cyrus-sasl-plain-2.1.22-4

cyrus-sasl-lib-2.1.22-4

---------------------------------------------

清除:

rpm -e --nodeps cyrus-sasl cyrus-sasl-devel cyrus-sasl-plain cyrus-sasl-lib
然后是创建以下用户及组

用户名

组名

作用

备注

mysql

mysql

数据库mysql运行用户

以上已创建

vmail

vmail

nginx 服务运行用户

以上已创建

vmail

vmail

Postfix虚拟邮件帐号所使用的用户及组

uid,gid:1001,1001

postfix

Postfix

Postfix主程序使用的帐号和组

 Uid,gid:1000,1000

Postdrop

Postfix  setgid_group

setgid_group=postdrop
1002

amavis

amavis

邮件扫描

clamav

Clamav

病毒扫描

















ln -s /usr/src/kernels/2.6.18-128.el5-i686 /usr/src/linux    //避免以下安装编译出现问题

一.安装courier-authlib

安装过程:

       ……………………………安装开始………………………………………………

       Shell> tar jxvf courier-authlib-0.62.2.tar.bz2

       Shell> cd courier-authlib-0.62.2

       Shell>./configure

--with-mailuser=vmail --with-mailgroup=vmail

 --with-mysql-libs=/usr/local/mysql/lib/mysql

 --with-mysql-includes=/usr/local/mysql/include/mysql

 --prefix=/usr/local/authlib

 --without-stdheaderdir

       Shell> make && make install

       Shell> make install-configure

…………………………安装结束……………………………………………


---------------------------------------------------------


一般情况下,anthlib的安装应该是容易完成的。

      配置:

配置authlib.在目录/usr/local/authlib/etc/authlib中,修改文件authdaemonrc及authmysqlrc。

vim /usr/local/authlib/etc/authlib/authdaemonrc

vi /usr/local/authlib/etc/authlib/authdaemonrc 
authmodulelist="authmysql"
authmodulelistorig="authmysql"
DEBUG_LOGIN=2

 

修改上面3项,其他的项保持不变。这个修改前2行表示用mysql认证模块;把DEBUG_LOGIN的值有默认的“0”改成“2”的用意是运行postfix时有更多的信息输出,通过生成的日志以帮助排错。

vi /usr/local/authlib/etc/authlib/authmysqlrc 
MYSQL_SERVER localhost
MYSQL_USERNAME extmail
MYSQL_PASSWORD extmail

MYSQL_DATABASE extmail

MYSQL_SOCKET /usr/local/mysql/tmp/mysql.sock

MYSQL_PORT              3306
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password  //这里需要注意
#MYSQL_CLEAR_PWFIELD password

DEFAULT_DOMAIN mail.test.com
MYSQL_UID_FIELD ‘1001’
MYSQL_GID_FIELD ‘1001’

MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD '/var/mailbox/'

MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD maildir
MYSQL_QUOTA_FIELD concat(quota,'S')
MYSQL_WHERE_CLAUSE active='1'

特别注意MYSQL_UID_FIELD和MYSQL_GID_FIELD字段的值,这里是‘1001’,也可以是其它的,但一定要与vmail用户及组相一致(id vmail可以得出这2者的值)

后续工作还有,所以现在还不能测试。

-------------------------------------------------------

二.安装SASL

cyrus-sasl-2.1.22.tar.gz

       安装过程:

       ……………………………安装开始………………………………………………

Shell> tar zxvf cyrus-sasl-2.1.22.tar.gz

Shell> cd cyrus-sasl-2.1.22

Shell> ./configure --disable-anon

 --disable-gssapi           //授权

 --disable-sample

 --disable-digest           //授权

 --enable-plain

 --enable-login

 --enable-sql

 --with-mysql=/usr/local/mysql

 --with-mysql-includes=/usr/local/mysql/include/mysql

 --with-mysql-libs=/usr/local/mysql/lib/mysql

--with-authdaemond=/usr/local/authlib/var/spool/authdaemon/socket

Shell> make

Shell> make install

…………………………安装结束……………………………………………

配置:

ln -s /usr/local/lib/sasl2 /usr/lib/sasl2  //sasl的安装目录是/usr/local/lib/sasl //安装结束后有Warning警告

echo “/usr/local/lib” >> ld.so.conf     //否则postfix 编译里会找不到libsasl2.so.2

    创建文件 /usr/local/lib/sasl2/smtpd.conf,并加入如下内容:

pwcheck_method: authdaemond

mech_list: PLAIN LOGIN

log_level: 3

authdaemond_path: /usr/local/authlib/var/spool/authdaemon/socket

    Sasl2需要使用文件/usr/local/authlib/var/spool/authdaemon/socket,但默认情况下,其属性是744,需要把它加上执行权限,以便文件属组(主)而外的其它用户可以执行。运行命令

chmod +x /usr/local/authlib/var/spool/authdaemon即可,如果不这样处理,smtp验证无一例外会失败的。

创建运行时需要的目录并调试启动
# mkdir -pv /var/state/saslauthd
# /usr/local/sbin/saslauthd -v //看看版本是不是2.1.22  

saslauthd 2.1.22

authentication mechanisms: getpwent  pam rimap shadow  
# /usr/local/sbin/saslauthd -a shadow pam -d //正常不会报错

    启动并测试
# /usr/local/sbin/saslauthd -a shadow pam 
# /usr/local/sbin/testsaslauthd -u root -p password //正常显示0: OK "Success"成功

       (Password改成机器登录账号root 的密码,这里不是账号不是指的MySQL账号密码。否则会提示:

    0: NO "authentication failed",同时,注意这里测试不用开启authdaemond(authlib)

       加入开机自启动

Echo “/usr/local/sbin/saslauthd -a shadow pam” >>/etc/rc.local

三.安装postfix

Make参数参考:安装源文件READ_FILES目录
    # more README_FILES/MYSQL_README

    安装过程:

       ……………………………安装开始………………………………………………

       Shell> tar zxvf postfix-2.5.6.tar.gz

       Shell> cd postfix-2.5.6

Shell> make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/local/include/sasl' 'AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient -lz -lm -L/usr/local/lib -lsasl2'

@@注意:1. 如果没有Makefile文件,需要设置成make -f Makefile.init

  2. /usr/local/mysql/include 如果此目录下还有mysql目录,应改成/usr/local/mysql/include/mysql

                3. /usr/local/mysql/lib 如果此目录下还有mysql目录,应改成/usr/local/mysql/lib/mysql

       如果没有意外,make这一步很快就执行完了,接下来就是安装,使用的命令是

       Shell> make install

程序先自动执行一阵子,然后会进入交互状态,等待用户的输入,一般情况下,一路回车即可完成所有的安装。

 

最后:
生成别名二进制文件,这个步骤如果忽略,会造成postfix效率极低:
shell> /usr/bin/newaliases

…………………………安装结束……………………………………………

检验postfix是否支持sasl认证,如果输出为以下结果,则支持:
shell> /usr/sbin/postconf  -a      //postfix 安装没有指定目录

cyrus
dovecot

       shell> /usr/sbin/postconf  -m |grep mysql

       mysql          //没有的话需重新编译postfix

四.安装imap

   Postfix只是实现邮件系统的smtp功能,pop3或imap则需要另外的软件来实现,这个软件就是courier-imap(当然也有别的软件可以选择)。

……………………………安装开始………………………………………………

Shell> tar jxvf courier-imap-4.4.1.tar.bz2

Shell> cd courier-imap-4.4.1

Shell>./configure

--prefix=/usr/local/imap

--with-RedHat

--disable-root-check

--enable-unicode=utf-8,iso-8859-1,gb2312,gbk,gb18030

--with-trashquota

--with-dirsync 

--with-mysql-libs=/usr/local/mysql/lib/mysql --with-mysql-includes=/usr/local/mysql/include/mysql

--with-authmysql

--with-authmysql=yes

 CPPFLAGS='-I/usr/local/authlib/include' LDFLAGS='-L/usr/local/authlib/lib/courier-authlib'

COURIERAUTHCONFIG='/usr/local/authlib/bin/courierauthconfig' 

[以上时间长一些]

Shell> make

Shell> make install

Shell> make install-configure

……………………………安装结束………………………………………………

配置:

……………………………配置开始………………………………………………

修改配置文件/usr/local/imap/etc/pop3d及/usr/local/imap/etc/imapd。把/usr/local/imap

/etc/pop3d 文件的行“POP3DSTART=NO”改成“POP3DSTART=YES”,再依照这个形式把文件/usr/local/imap/etc/imapd的行“IMAPDSTART=NO”改成“IMAPDSTART=YES”即可。

 

加入开机启动:

cp courier-imap.sysvinit /etc/rc.d/init.d/imapd     // courier-imap.sysvinit在安装源文件中

chmod +x /etc/rc.d/init.d/imapd

chkconfig --add imapd

[chkconfig --level 2345 imapd on]

Service imapd start  //输出Starting Courier-IMAP server: imap pop3

检测:

netstat -tnl|egrep "110|143"

 五.安装pcre

       安装前先卸载系统自带的pcre-6.6-1.1

Rpm –e pcre

自带的pcre RPM包可能与一些有冲突,可以先卸载掉

Shell> rpm –e pcre如果提示libpcre.so.0与别的软件有依存关系。可以这样

先备份一下libpcre.so.0这个文件,然后。

Shell> rpm -e pcre –nodeps

……………………………安装开始………………………………………………

Shell> tar zxvf pcre-7.8.tar.gz

Shell> cd  pcre-7.8

Shell> ./configure

Install prefix .................. : /usr/local

    C preprocessor .................. : gcc -E

    C compiler ...................... : gcc

    C++ preprocessor ................ : g++ -E

    C++ compiler .................... : g++

    Linker .......................... : /usr/bin/ld

    C preprocessor flags ............ :

    C compiler flags ................ : -O2

    C++ compiler flags .............. : -O2

    Linker flags .................... :

    Extra libraries ................. :

    Build C++ library ............... : yes

    Enable UTF-8 support ............ : no

    Unicode properties .............. : no

    Newline char/sequence ........... : lf

    R matches only ANYCRLF ......... : no

    EBCDIC coding ................... : no

    Rebuild char tables ............. : no

    Use stack recursion ............. : yes

    POSIX mem threshold ............. : 10

    Internal link size .............. : 2

    Match limit ..................... : 10000000

    Match limit recursion ........... : MATCH_LIMIT

    Build shared libs ............... : yes

    Build static libs ............... : yes

    Link pcregrep with libz ......... : no

    Link pcregrep with libbz2 ....... : no

    Link pcretest with libreadline .. : no

Shell> make

Shell> make install

……………………………安装结束………………………………………………

.安装maildrop

       注意%源码安装的,将courierauthconfig 命令链接到/usr/bin里,假设装在:
/usr/local/authlib/bin/courierauthconfig,则:
ln -s /usr/local/authlib/bin/courierauthconfig /usr/bin/courierauthconfig
这样编译出来的maildrop才会Courier Authentication Library extension enabled.

……………………………安装开始………………………………………………

       Shell> tar jxvf maildrop-2.0.4.tar.bz2

       Shell> cd maildrop-2.0.4

       Shell>./configure  

--enable-sendmail=/usr/sbin/sendmail

--enable-trusted-users='root vmail'

--enable-syslog=1

--enable-maildirquota

--enable-maildrop-uid=1001

--enable-maildrop-gid=1001

--with-trashquota

--with-dirsync

Shell> make

Shell> make install

Shell> cp /usr/local/bin/maildrop /usr/bin   //可有可无

……………………………安装结束………………………………………………

验证安装是否成功:

Shell> maildrop –v

[root@localhost postfix]# /usr/local/bin/maildrop -v

maildrop 2.0.4 Copyright 1998-2005 Double Precision, Inc.

GDBM extensions enabled.

Courier Authentication Library extension enabled.  //这行重要,没有的话要查一下原因

Maildir quota extension enabled.

This program is distributed under the terms of the GNU General Public

License. See COPYING for additional information.

       FAQ:

   如果没有显示Courier Authentication Library extension enabled.说明你的maidrop还不支持courier auth,请仔细检查,重新编译maildrop建议不要自定义目录安装,可以减少不必要的麻烦,删除很方便:直接在已经编译的源代码目录 make uninstall 就行

知道maildrop把邮件移动到哪个用户目录还是非常有必要的,这个操作就是maildrop的日志记录。这里我们创建一个新文件/etc/maildroprc,这个文件就2行内容:如果加入反SPAM,需要更改以下内容

[root@mail mailbox]# more /etc/maildroprc

logfile "/var/log/maildrop.log" 

to "$HOME/$DEFAULT"

Shell> touch /var/log/maildrop.log

Shell> chown vmail.vmail /var/log/maildrop.log
shell> chown vmail.vmail /var/mailbox


三.Webmail相关包安装

一.安装webmail

       安装前先安装Unix-Syslog-1.1.tar.gz

http://search.cpan.org/CPAN/authors/id/M/MH/MHARNISCH/Unix-Syslog-1.1.tar.gz

Tar zxvf Unix-Syslog-1.1.tar.gz

cd Unix-Syslog-1.1

perl Makefile.PL

make

make install

安装:DBI-1.605.tar.gz(先安装)

DBD-mysql-4.010.tar.gz

安装extmail

    ……………………………安装开始………………………………………………

Shell> Mkdir -p /var/www/extsuite/extmail

       将下载的extmail-1.0.4.tar.gz解压到 /var/www/extsuite/extmail下

       Shell> cd /var/www/extsuite/extmail/

Shell> cp webmail.cf.default webmail.cf

[Shell> chown –R vmail.vmail /var/www/extsuite/extmail]

[shell> chmod +x  /var/www/extsuite/extmail/cgi]

……………………………安装结束………………………………………………

 

简易配置

1.       修改nginx nginx.conf文件

#more /usr/local/nginx/conf/nginx.conf
user  vmail vmail;

worker_processes 8;

#error_log  /usr/local/nginx/logs/nginx_error.log  crit;
error_log  /usr/local/nginx/logs/nginx_error.log  info;


pid        /usr/local/nginx/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process. 
worker_rlimit_nofile 51200;

events 
{
  use epoll;
  worker_connections 51200;
}

http 
{
  include       mime.types;
  default_type  application/octet-stream;

  #charset  gb2312;
  server_names_hash_bucket_size 128;
  client_header_buffer_size 32k;
  large_client_header_buffers 4 32k;
  client_max_body_size 8m;
  sendfile on;
  tcp_nopush     on;

  keepalive_timeout 60;

  tcp_nodelay on;

  fastcgi_connect_timeout 300;
  fastcgi_send_timeout 300;
  fastcgi_read_timeout 300;
  fastcgi_buffer_size 64k;
  fastcgi_buffers 4 64k;
  fastcgi_busy_buffers_size 128k;
  fastcgi_temp_file_write_size 128k;

  gzip on;
  gzip_min_length  1k;
  gzip_buffers     4 16k;
  gzip_http_version 1.0;
  gzip_comp_level 2;
  gzip_types       text/plain application/x-javascript text/css application/xml;
  gzip_vary on;

  #limit_zone  crawler  $binary_remote_addr  10m;

  server
  {
    listen       80;
    server_name  mail.test.com;
    index index.html index.htm index.php index.cgi;
    root  /var/www/extsuite/extmail/html/;
   

      
    location  /extmail/cgi/ {
        fastcgi_pass  127.0.0.1:12009; 
fastcgi_index         index.cgi;
        fastcgi_param  SCRIPT_FILENAME   /var/www/extsuite/extmail/cgi/$fastcgi_script_name;
        include fcgi.conf;
   }

    location   ^~ /extmail/ {
        alias  /var/www/extsuite/extmail/html/;
   }

    location /extman/cgi/ {
        fastcgi_pass  127.0.0.1:12009; 
fastcgi_index         index.cgi;
        fastcgi_param  SCRIPT_FILENAME   /var/www/extsuite/extman/cgi/$fastcgi_script_name;
        include fcgi.conf;
   }

    location ^~ /extman/ {
        alias  /var/www/extsuite/extman/html/;
    }
    location ^~ /status {
       stub_status on;
       access_log   off;
       #allow 192.168.0.0/24;
       #deny all;
       allow 59.108.107.66;
    }
   location ~ .*.(php|php5)?$
    {      
      #fastcgi_pass  unix:/tmp/php-cgi.sock;
      fastcgi_pass  127.0.0.1:12009;
      fastcgi_index index.cgi;
      include fcgi.conf;
    }
    location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$
    {
expires      30d;
    }

    location ~ .*.(js|css)?$
    {
expires      1h;
    }   

    log_format  access  '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
    access_log  /usr/local/nginx/logs/access.log  access;
      }
}

  2.extmail cgi脚本配置

   #MAXFORK=5
   MAXFORK=20
   #MAXREQS=100
   MAXREQS=500
   #TIMEOUT=120
   TIMEOUT=300
   PORT=12009  #端口号与nginx.conf文件保持一致,
   SU_UID=vmail
   SU_GID=vmail

   安装extman

……………………………安装开始………………………………………………

Shell> mv extman-0.2.3 /var/www/extsuite/extman

//Shell> chown -R vmail:vmail /var/www/extsuite/extman

创建extman运行时所需要临时目录

Shell> mkdir  -pv /tmp/extman

Shell> chown -R vmail.vmail /tmp/extman

初始化数据库时,请更改init.sql中extmail.org的名称为自已域名

Shell> cd /var/www/extsuite/extman/docs/

//Shell> vi init.sql            

         将extmail.org 全部替换为mail.test.com(自己根据自己的域名替换)

 

修改cgi目录的属主:
# chown -R vmail.vmail /var/www/extsuite/extman/cgi/

Shell> mysql -u root -p < ./extmail.sql    

Shell> mysql –u root –p < ./init.sql

 

Extmail 和 extman 详细配置

1.       extmail 配置 vi  webmail.cf

SYS_USER_LANG = en_US  改为SYS_USER_LANG = zh_CN

SYS_MAILDIR_BASE = /home/domains 右边改为 /var/mailbox

SYS_MYSQL_USER = db_user 右边改为extmail

SYS_MYSQL_PASS = db_pass    右边改为extmail

SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock 右边改为/usr/local/mysql/tmp/mysql.sock

SYS_AUTHLIB_SOCKET = /usr/local/authlib/var/spool/authdaemon/socket

………………………

2.       extman 配置 vi webman.cf

SYS_MAILDIR_BASE = /home/domains 右边改为/var/mailbox

SYS_DEFAULT_UID = 1001

SYS_DEFAULT_GID = 1001

SYS_MYSQL_SOCKET = /usr/local/mysql/tmp/mysql.sock

SYS_CAPTCHA_ON = 0          //关闭图形验证码

起动NGINX和extmail cgi

/var/www/extsuite/extmail/dispatch-init start
/usr/local/nginx/sbin/nginx

测试:

输入网址:http://mail.test.com/extmail/cgi/index.cgi

管理员账号root@mail.test.com  extmail*123*       

       FAQ:

Can't open /tmp/extman//sid_e438c6f837880729ff491bd3f7ea3f01, No such file or directory

       解决:mkdir  -pv /tmp/extman

       chown -R vmail.vmail /tmp/extman

       apache 运行用户及组为vmail

二.安装webmail图形化日志

       1. RRDTool安装

下载:http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.2.30.tar.gz

          http://ftp.gnome.org/pub/gnome/sources/libart_lgpl/2.3/libart_lgpl-2.3.20.tar.gz(先安装)

步骤:

--------------------------------------------------------------------------------------------------
libart安装(包括了libart库文件,对平面图形的良好性能很有帮助)

# tar zxvf libart_lgpl-2.3.20.tar.gz && cd libart*

# ./configure --prefix=/usr/local/libart

# make && make install

RRDTool安装(Rrdtool 依赖libpng freetype libart库支持,安装这个前应先保证这几个库已安装上)
# tar zxvf rrdtool-1.2.30.tar.gz && cd rrd*

# more /doc/rrdbuild.txt (安装说明)

# export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:/usr/local/libart/lib/pkgconfig 
# pkg-config --libs freetype2(检测一下是否可以找到freetype2)
 -L/usr/local/lib -lfreetype -lz

# ./configure --prefix=/usr/local/rrdtool     //本机需要连网

##############################################################################

配置信息:

----------------------------------------------------------------

Config is DONE!

          With MMAP IO: yes

          Perl Modules: perl_piped perl_shared

           Perl Binary: /usr/bin/perl

          Perl Version: 5.8.8

          Perl Options: PREFIX=/usr/local/rrdtool LIB=/usr/local/rrdtool/lib/perl/5.8.8

          Ruby Modules:

           Ruby Binary: no

          Ruby Options: sitedir=$(DESTDIR)/usr/local/rrdtool/lib/ruby

    Build Tcl Bindings: no

 Build Python Bindings: yes

          Build rrdcgi: yes

       Build librrd MT: yes

Type 'make' to compile the software and use 'make install' to

install everything to: /usr/local/rrdtool.

       ... that wishlist is NO JOKE. If you find RRDtool useful

make me happy. Go to http://tobi.oetiker.ch/wish and

place an order.

-- Tobi Oetiker <tobi@oetiker.ch>

---------------------------------------------------------------- ########################################################################
# make && make install

2.安装File-Tail perl模块
下载:http://search.cpan.org/CPAN/authors/id/M/MG/MGRABNAR/File-Tail-0.99.3.tar.gz
基本步骤:
# tar zxvf File-Tail-0.99.3.tar.gz && cd File*
# perl Makefile.PL
# make && make install
以下是安装信息:

       cp Tail.pm blib/lib/File/Tail.pm

Manifying blib/man3/File::Tail.3pm

Installing /usr/lib/perl5/site_perl/5.8.8/File/Tail.pm

Installing /usr/share/man/man3/File::Tail.3pm

Writing /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/File/Tail/.packlist

Appending installation info to /usr/lib/perl5/5.8.8/i386-linux-thread-multi/perllocal.pod

       3.启动图形日志服务测试

Shell> cp -r /var/www/extsuite/extman/addon/mailgraph_ext /usr/local/

其它设置:(因为rrdtool安装在非标准目录,所以其perl模块找不到,拷备到标准目录即可)
cp -r /usr/local/rrdtool/lib/perl/5.8.8/i386-linux-thread-multi/* /usr/lib/perl5/5.8.8/i386-linux-thread-multi/

 

              shell> /usr/local/mailgraph_ext/mailgraph-init start  

shell> /usr/local/mailgraph_ext/qmonitor-init start

           加入到开机启动:

Shell> echo “/usr/local/mailgraph_ext/mailgraph-init start”>>/etc/rc.local

           Echo > echo “/usr/local/mailgraph_ext/qmonitor-init start”>>/etc/rc.local

           图形日志测试

             测试页:http://mail.test.com/extman/cgi/index.cgi

             默认登录账号:root@mail.test.com/ extmail*123*

三.邮件系统配置测试补充

1.    postfix配置

#########################################################
# more master.cf

# sed -e '/^#/d' -e '/^$/d' master.cf

smtp      inet  n       -       n       -       -       smtpd

pickup    fifo  n       -       n       60      1       pickup

cleanup   unix  n       -       n       -       0       cleanup

qmgr      fifo  n       -       n       300     1       qmgr

tlsmgr    unix  -       -       n       1000?   1       tlsmgr

rewrite   unix  -       -       n       -       -       trivial-rewrite

bounce    unix  -       -       n       -       0       bounce

defer     unix  -       -       n       -       0       bounce

trace     unix  -       -       n       -       0       bounce

verify    unix  -       -       n       -       1       verify

flush     unix  n       -       n       1000?   0       flush

proxymap  unix  -       -       n       -       -       proxymap

proxywrite unix -       -       n       -       1       proxymap

smtp      unix  -       -       n       -       -       smtp

relay     unix  -       -       n       -       -       smtp

        -o smtp_fallback_relay=

showq     unix  n       -       n       -       -       showq

error     unix  -       -       n       -       -       error

retry     unix  -       -       n       -       -       error

discard   unix  -       -       n       -       -       discard

local     unix  -       n       n       -       -       local

virtual   unix  -       n       n       -       -       virtual

lmtp      unix  -       -       n       -       -       lmtp

anvil     unix  -       -       n       -       1       anvil

scache    unix  -       -       n       -       1       scache

maildrop  unix  -       n       n       -       -       pipe

  flags=DRhu user=vmail:vmail argv=/usr/local/bin/maildrop -d ${recipient}

# more main.cf

[root@MailSer1 postfix]# sed -e '/^#/d' -e '/^$/d' main.cf

queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/libexec/postfix

data_directory = /var/lib/postfix

mail_owner = postfix

myhostname = mail.test.com

mydomain = test.com

myorigin = $mydomain

inet_interfaces = all

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

unknown_local_recipient_reject_code = 550

mynetworks = 192.168.0.0/24,127.0.0.0/8

relay_domains = $mydestination

alias_maps = $alias_database

defer_transports = 

mail_spool_directory = /var/spool/mail

debug_peer_level = 2

debugger_command =

         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

         ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail

newaliases_path = /usr/bin/newaliases

mailq_path = /usr/bin/mailq

setgid_group = postdrop

html_directory = no

manpage_directory = /usr/local/man

sample_directory = /etc/postfix

readme_directory = no

broken_sasl_auth_clients = yes

smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination,permit

smtpd_sasl_auth_enable = yes

smtpd_sasl_local_domain = $domain

smtpd_sasl_security_options = noanonymous

smtpd_sasl_application_name = smtpd

smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)

virtual_mailbox_base = /var/mailbox

virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_maps.cf

virtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql_virtual_domains_maps.cf

virtual_alias_maps = mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf

virtual_uid_maps = static:1001       #vmail

virtual_gid_maps = static:1001       #vmai

virtual_transport = maildrop

maildrop_destination_recipient_limit = 1

maildrop_destination_concurrency_limit = 1

message_size_limit = 200000000

virtual_mailbox_limit = 20971520

virtual_create_maildirsize = yes

virtual_mailbox_extended = yes

virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_limit_maps.cf

virtual_mailbox_limit_override = yes

virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.

virtual_overquota_bounce = yes

mydestination =

添加为支持虚拟域和虚拟用户所用到的配置文件

1.       添加为支持虚拟域和虚拟用户所用到的配置文件

创建目录/etc/postfix/mysql,然后手动创建四个配置文件:mysql_virtual_alias_maps.cf,mysql_virtual_domains_maps.cf,mysql_virtual_mailbox_limit_maps.cf,mysql_virtual_mailbox_maps.cf。这4个文件的内容分别如下:

*也可以直接从extman解压包的docs目录下直接挎备以下几个文件*

 

Shell> mkdir –p /etc/postfix/mysql

Shell> more mysql_virtual_alias_maps.cf

user = extmail

password = extmail

hosts = localhost

dbname = extmail

table = alias

select_field = goto

where_field = address

additional_conditions = AND active = '1'

shell> more mysql_virtual_domains_maps.cf

user = extmail

password = extmail

hosts = localhost

dbname = extmail

table = domain

select_field = domain

where_field = domain

additional_conditions = AND active = '1'

shell> more mysql_virtual_mailbox_limit_maps.cf

user = extmail

password = extmail

hosts = localhost

dbname = extmail

table = mailbox

select_field = quota

where_field = username

additional_conditions = AND active = '1'

 

shell> more mysql_virtual_mailbox_maps.cf

user = extmail

password = extmail

hosts = localhost

dbname = extmail

table = mailbox

select_field = maildir

where_field = username

additional_conditions = AND active = '1'

2.       webmail登录美化

登录界面美化:
在文件/var/www/extsuite/extmail/html/default/index.html 加入下面的标识,可以得到不同

<TR>

<TD><%domain%></TD>

<TD><select name="domain" size="1" ></option><option value="mail.test.com">mail.test.com</option></select></TD>

</TR>

 

邮件域的下拉列表,从而方便用户的使用。

在文件/var/www/extsuite/extman/html/default/index.html 加入下面的标识,可以得到不同

<!-- END ERRMSG -->

<input name=username value=root@mail.test.com class=login_input>
 

3.       认证发信测试

登录webmail,在mail.test.com域添加一用户test密码是123456

[root@MailSer1 mailbox]# nc localhost 25

220 mail.test.com ESMTP Postfix (2.5.6)

ehlo mail.test.com

250-mail.test.com

250-PIPELINING

250-SIZE 200000000

250-VRFY

250-ETRN

250-AUTH PLAIN LOGIN

250-AUTH=PLAIN LOGIN

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

auth login

334 VXNlcm5hbWU6

dGVzdA==

334 UGFzc3dvcmQ6

MTIzNDU2

235 2.7.0 Authentication successful

       4. webmail管理账号

              管理账号:root@mail.test.com/123456

5. maillog日志

第一次通过webmail本地账号发信日志(/var/log/maillog)
    具体操作:

       通过webmail管理后台,添加test/test1两个账号,登录test向test1发信
#####################################################################

May 12 14:56:43 MailSer1 postfix/smtpd[2979]: connect from MailSer1[127.0.0.1]

May 12 14:56:43 MailSer1 postfix/smtpd[2979]: 7AE618166: client=MailSer1[127.0.0.1]

May 12 14:56:43 MailSer1 postfix/cleanup[2987]: 7AE618166: message-id=20090512065643.7AE618166@mail.test.com

May 12 14:56:43 MailSer1 postfix/smtpd[2979]: disconnect from MailSer1[127.0.0.1]

May 12 14:56:43 MailSer1 postfix/qmgr[2185]: 7AE618166: from=test@mail.test.com, size=597, nrcpt=1 (queue active)

May 12 14:56:44 MailSer1 authdaemond: received userid lookup request: test1@mail.test.com

May 12 14:56:44 MailSer1 authdaemond: authmysql: trying this module

May 12 14:56:44 MailSer1 authdaemond: authmysqllib: connected. Versions: header 50041, client 50041, server 50041

May 12 14:56:44 MailSer1 authdaemond: SQL query: SELECT username, password, "", '1001', '1001', '/var/mailbox/', maildir, concat(quota,' S'), name, "" FROM mailbox WHERE username = 'test1@mail.test.comAND (active='1')

May 12 14:56:44 MailSer1 authdaemond: Authenticated: sySUSErname=<null>, sysuserid=1001, sysgroupid=1001, homedir=/var/mailbox/, address=test1@mail.test.com, fullname=test1, maildir=mail.test.com/test1/Maildir/, quota=5242880S S, options=<null>

May 12 14:56:44 MailSer1 authdaemond: Authenticated: clearpasswd=<null>, passwd=$1$zm0l1Fcg$1ITtak8xWkMyrnzSdhGEK0

May 12 14:56:44 MailSer1 postfix/pipe[2989]: 7AE618166: to=test1@mail.test.com, relay=maildrop, delay=1, delays=0.22/0.09/0/0.72, dsn=2.0.0, status=sent (delivered via maildrop service)

May 12 14:56:44 MailSer1 postfix/qmgr[2185]: 7AE618166: removed

##############################################################
              以下是登录test1图片:有了新邮件

       

         查看邮件内容:

              

              外部发信测试,我已经做好了DNS解析(mail.test.com)
              现通过126邮箱向test1发信,以下是maillog
############################################################
       
       May 12 15:05:24 MailSer1 postfix/smtpd[3161]: connect from m14-22.126.com[220.181.14.22]

May 12 15:05:24 MailSer1 postfix/smtpd[3161]: 65FF38166: client=m14-22.126.com[220.181.14.22]

May 12 15:05:24 MailSer1 postfix/cleanup[3169]: 65FF38166: message-id=<17317745.993581242112006936.JavaMail.coremail@bj126app107.126.com>

May 12 15:05:24 MailSer1 postfix/qmgr[2185]: 65FF38166: from=<anxiongbo@126.com>, size=2254, nrcpt=1 (queue active)

May 12 15:05:24 MailSer1 postfix/smtpd[3161]: disconnect from m14-22.126.com[220.181.14.22]

May 12 15:05:24 MailSer1 authdaemond: received userid lookup request: test1@mail.test.com

May 12 15:05:24 MailSer1 authdaemond: authmysql: trying this module

May 12 15:05:24 MailSer1 authdaemond: authmysqllib: connected. Versions: header 50041, client 50041, server 50041

May 12 15:05:24 MailSer1 authdaemond: SQL query: SELECT username, password, "", '1001', '1001', '/var/mailbox/', maildir, concat(quota,' S'), name, "" FROM mailbox WHERE username = 'test1@mail.test.com'  AND (active='1')

May 12 15:05:24 MailSer1 authdaemond: Authenticated: sySUSErname=<null>, sysuserid=1001, sysgroupid=1001, homedir=/var/mailbox/, address=test1@mail.test.com, fullname=test1, maildir=mail.test.com/test1/Maildir/, quota=5242880S S, options=<null>

May 12 15:05:24 MailSer1 authdaemond: Authenticated: clearpasswd=<null>, passwd=$1$zm0l1Fcg$1ITtak8xWkMyrnzSdhGEK0

May 12 15:05:24 MailSer1 postfix/pipe[3171]: 65FF38166: to=test1@mail.test.com, relay=maildrop, delay=0.19, delays=0.1/0.04/0/0.06, dsn=2.0.0, status=sent (delivered via maildrop service)

May 12 15:05:24 MailSer1 postfix/qmgr[2185]: 65FF38166: removed
###############################################################
查看test1邮箱:收信没有问题

向外部邮箱发信测试,也没有问题向外部邮箱发信测试,也没有问题

四.邮件反垃圾和反病毒

一.邮件反病毒和垃圾邮件过滤
    1.反病毒

抗病毒使用软件是clamav

  下载:http://jaist.dl.sourceforge.net/sourceforge/clamav/clamav-0.95.tar.gz

 安装:
#################################################################
# tar zxvf clamav-0.95.tar.gz &&cd clamav-0.95*
useradd clamav
# ./configure --prefix=/usr/local/clamav

--with-dbdir=/usr/local/share/clamav      //定义病毒数据库目录

# make && make install
################################################################       
 基本配置:

 ###################################################################
 Clamav有2个配置文件,一个主配置文件/usr/local/clamav/etc/clamd.conf,一个病毒更新配置文件  /usr/local/clamav/etc/ freshclam.conf。现把修改好的配置文件列于下面:

[root@mail etc]# sed -e  '/^#/d' -e '/^$/d' clamd.conf

LogFile /var/log/clamav/clamd.log

LogSyslog yes

LogVerbose yes

PidFile /var/run/clamav/clamd.pid

DatabaseDirectory  /usr/local/share/clamav

LocalSocket /var/run/clamav/clamd.socket

StreamMaxLength 100M  //附件大小,超过100M不扫描

User amavis

ScanMail yes

ScanArchive yes

[root@mail etc]# sed -e  '/^#/d' -e '/^$/d' freshclam.conf

DatabaseDirectory  /usr/local/share/clamav

UpdateLogFile  /var/log/clamav/freshclam.log

LogVerbose yes

LogSyslog yes

PidFile /var/run/clamav/freshclam.pid

DatabaseOwner amavis

DatabaseMirror db.CN.clamav.net

DatabaseMirror database.clamav.net
 ##################################################################
       这2个文件有很多注释,我用sed把它过滤掉了。Clamd.conf中,有"User amavis"这样一行。为什么不用默认的用户clamav而使用amavis呢?这样做的目的是为了与amavis-new结合在一起。既然没有这个用户,就手动创建一个(useradd amavis)。接下来需要手动创建一些目录并赋予相应的权限,用来记录日志等用途;我把它作成一个shell脚本,直接执行即可,脚本的内容如下所示:

######################################################

[root@mailserv2 ~]# more  /root/clamav.sh

#!/bin/bash

# create directory for clamav
mkdir /usr/local/share/clamav
mkdir /var/log/clamav

chmod -R 744 /var/log/clamav

chown -R amavis:amavis /var/log/clamav

chown -R amavis.amavis /usr/local/share/clamav

mkdir /var/run/clamav

chmod 700 /var/run/clamav

chown amavis.amavis /var/run/clamav

#####################################################

# /usr/local/clamav/bin/freshclam 手动更新病毒库。

2.反垃圾
  下载:http://www.ijs.si/software/amavisd/amavisd-new-2.6.2.tar.gz

  安装:
#################################################################
通过脚本一步到位:注意目录及版本

[root@mail virus]# vi /usr/local/bin/amavis.sh

#!/bin/bash

cd /usr/local/src/virus

tar zxvf amavisd-new-2.6.2.tar.gz && cd amavisd*

mkdir -p /var/amavis /var/amavis/tmp /var/amavis/var /var/amavis/db

chown -R amavis:amavis /var/amavis

chmod -R 750 /var/amavis

cp amavisd /usr/local/sbin/

chown root /usr/local/sbin/amavisd

chmod 755 /usr/local/sbin/amavisd

cp amavisd.conf /etc/

chown root /etc/amavisd.conf

chmod 644 /etc/amavisd.conf

mkdir /var/virusmails

chown amavis:amavis /var/virusmails

chmod 750 /var/virusmails
################################################################     
执行完脚本后别忘记检查一下是否都按我们的意愿工作,如/usr/local/sbin目录是否有文件amavisd。

Amavisd的配置文件/etc/amavisd.conf比较复杂,需要修改的内容如下:

$max_servers=8;  
$daemon_user = 'amavis'; 
$daemon_group = 'amavis'; 
$mydomain = 'mail.test.com'; 
$db_home = "$MYHOME/db"; 
$inet_socket_port = 10024; 
$sa_tag_level_deflt = 5.0;  
$sa_tag2_level_deflt = 6.2;  
$sa_kill_level_deflt = $sa_tag2_level_deflt; 
$virus_admin = "virusalert@$mydomain"; 
$sa_spam_subject_tag = '***SPAM*** '; 
$forward_method = 'smtp:127.0.0.1:10025'; 

$notify_method = $forward_method;
$final_virus_destiny = D_DISCARD; 
$final_banned_destiny = D_DISCARD; 
$final_spam_destiny = D_PASS; 
['ClamAV-clamd', 
&ask_daemon, ["CONTSCAN {}n", "/var/run/clamav/clamd"], 
qr/bOK$/, qr/bFOUND$/, 
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],


上述修改确认无误后,执行 # /usr/local/sbin/amavisd debug 测试amavis。一般而言,测试皆不能正常进行,因为所需要的很多perl模块很可能没有被安装。还好,报错信息给出了所需的模块。这时你需要到www.cpan.org下载相关的模块,然后安装;也可能遇到包依赖,再下载依赖的包,安装这个依赖,再反回来安装先前那个包,如此反复,很是烦人,极考验人的耐性。等到/usr/local/sbin/amavisd debug 输出没有错误方才完成。有另外一种方法,即运行 [root@mailserv2 ~]# perl -MCPAN -e shell ,然后执行 cpan> install Time::HiRes 这样的命令挨个安装缺少的perl模块。根据我的经验,这样干很耗时,并且有的模块用这种方法安装还不灵,所以还不如在网站下载模块安装有效。


# /usr/local/sbin/amavisd debug

ERROR: MISSING REQUIRED BASIC MODULES:

  IO::Stringy

  Compress::Zlib

  MIME::Words

  MIME::Head

  MIME::Body

  MIME::Entity

  MIME::Parser

  MIME::Decoder

  MIME::Decoder::Base64

  MIME::Decoder::Binary

  MIME::Decoder::QuotedPrint

  MIME::Decoder::NBit

  MIME::Decoder::UU

  MIME::Decoder::Gzip64

  Net::Server

  Net::Server::PreFork

BEGIN failed--compilation aborted at /usr/local/sbin/amavisd line 234.

根据以上缺少内容,边安装边调试

安装Mail/SpamAssassin.pm相关perl模块

REQUIRED module missing: HTML::Parser

optional module missing: Mail::SPF

optional module missing: Mail::SPF::Query

optional module missing: IP::Country

optional module missing: Razor2

optional module missing: Net::Ident

optional module missing: IO::Socket::INET6

optional module missing: IO::Socket::SSL

optional module missing: Mail::DomainKeys

optional module missing: Mail::DKIM

optional module missing: LWP::UserAgent

optional module missing: HTTP::Date

optional module missing: Archive::Tar

optional module missing: IO::Zlib

optional module missing: Encode::Detect

最终调试结果部分:

May 12 17:01:02.413 test.com /usr/local/sbin/amavisd[25969]: ANTI-VIRUS code      loaded

May 12 17:01:02.413 test.com /usr/local/sbin/amavisd[25969]: ANTI-SPAM code       loaded

May 12 17:01:02.414 test.com /usr/local/sbin/amavisd[25969]: ANTI-SPAM-SA code    loaded

              3. mail:: spamassassin配置如下

       # more /etc/mail/spamassassin/local.cf
                     #####################################

required_hits 5

use_bayes 1

bayes_auto_learn 1

skip_rbl_checks 0

use_razor2 1

use_pyzor 0

#####################################
# chown –R amavis.amavis /usr/share/spamassassin
# chmod –R 777  /usr/share/spamassassin 
以上两步不这样做,mail:: spamassassin配置文件不会起作用.

         4.添加postfix反病毒和反垃圾
   # more /etc/main.cf

content_filter = smtp-amavis:[127.0.0.1]:10024

max_use = 10

# more /etc/postfix/master.cf

#                antispam                                                   #

 

#############################################################################

 

smtp-amavis unix - - n - 2 smtp

  -o smtp_data_done_timeout=1200

  -o smtp_send_xforward_command=yes

  -o disable_dns_lookups=yes

 

localhost:10025 inet n - n - - smtpd

  -o content_filter=

  -o local_recipient_maps=

  -o relay_recipient_maps=

  -o mynetworks=127.0.0.0/8

  -o smtpd_helo_restrictions=

  -o smtpd_client_restrictions=

  -o smtpd_sender_restrictions=

  -o smtpd_recipient_restrictions=permit_mynetworks,reject

  -o strict_rfc821_envelopes=yes

  -o smtpd_error_sleep_time=0

  -o smtpd_soft_error_limit=1001

  -o smtpd_hard_error_limit=1000

              5./etc/rc.local起动文件

                     ###############################################

                     # Start Nginx+extmailcgi

/var/www/extsuite/extmail/dispatch-init start
/usr/local/nginx/sbin/nginx

# mysql

 /usr/local/mysql/bin/mysqld_safe --user=mysql &

# authlib

/usr/local/authlib/sbin/authdaemond start

# sasl

/usr/local/sbin/saslauthd -a shadow pam

# postfix

/usr/sbin/postfix start

# mailgraph

/usr/local/mailgraph_ext/mailgraph-init start

/usr/local/mailgraph_ext/qmonitor-init start

# spam

/usr/bin/spamd --daemonize --pidfile /var/run/spamd.pid

/usr/local/sbin/amavisd start

/usr/local/clamav/sbin/clamd

###############################################

测试一下反SPAM效果,以下是maillog日志

May 12 17:22:05 MailSer1 postfix/smtpd[2354]: connect from m15-74.126.com[220.181.15.74]

May 12 17:22:05 MailSer1 postfix/smtpd[2354]: 66871816F: client=m15-74.126.com[220.181.15.74]

May 12 17:22:05 MailSer1 postfix/cleanup[2362]: 66871816F: message-id=<1511976.1120751242120155225.JavaMail.coremail@bj126app74.126.com>

May 12 17:22:05 MailSer1 postfix/qmgr[2184]: 66871816F: from=<anxiongbo@126.com>, size=2233, nrcpt=1 (queue active)

May 12 17:22:05 MailSer1 postfix/smtpd[2354]: disconnect from m15-74.126.com[220.181.15.74]

May 12 17:22:10 MailSer1 postfix/smtpd[2367]: connect from MailSer1[127.0.0.1]

May 12 17:22:10 MailSer1 postfix/smtpd[2367]: 7C5D78174: client=MailSer1[127.0.0.1]

May 12 17:22:10 MailSer1 postfix/cleanup[2362]: 7C5D78174: message-id=<1511976.1120751242120155225.JavaMail.coremail@bj126app74.126.com>

May 12 17:22:10 MailSer1 postfix/qmgr[2184]: 7C5D78174: from=<anxiongbo@126.com>, size=2669, nrcpt=1 (queue active)

May 12 17:22:10 MailSer1 amavis[2198]: (02198-01) Passed CLEAN, [220.181.15.74] [59.108.107.66] <anxiongbo@126.com> -> test@mail.test.com, Message-ID: <1511976.1120751242120155225.JavaMail.coremail@bj126app74.126.com>, mail_id: cPEEodFuFjcK, Hits: 2.9, size: 2233, queued_as: 7C5D78174, 4948 ms

May 12 17:22:10 MailSer1 postfix/smtp[2364]: 66871816F: to=test@mail.test.com, relay=127.0.0.1[127.0.0.1]:10024, delay=5.2, delays=0.16/0.1/0.05/4.9, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02198-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 7C5D78174)

May 12 17:22:10 MailSer1 postfix/qmgr[2184]: 66871816F: removed

May 12 17:22:10 MailSer1 authdaemond: received userid lookup request: test@mail.test.com

May 12 17:22:10 MailSer1 authdaemond: authmysql: trying this module

May 12 17:22:10 MailSer1 authdaemond: authmysqllib: connected. Versions: header 50041, client 50041, server 50041

May 12 17:22:10 MailSer1 authdaemond: SQL query: SELECT username, password, "", '1001', '1001', '/var/mailbox/', maildir, concat(quota,' S'), name, "" FROM mailbox WHERE username = 'test@mail.test.com'  AND (active='1')

May 12 17:22:10 MailSer1 authdaemond: Authenticated: sySUSErname=<null>, sysuserid=1001, sysgroupid=1001, homedir=/var/mailbox/, address=test@mail.test.com, fullname=test, maildir=mail.test.com/test/Maildir/, quota=5242880S S, options=<null>

May 12 17:22:10 MailSer1 authdaemond: Authenticated: clearpasswd=<null>, passwd=$1$92oqbXjU$g/EwkMIivyj0LPwVsP7CQ.

May 12 17:22:10 MailSer1 postfix/pipe[2370]: 7C5D78174: to=test@mail.test.com, relay=maildrop, delay=0.24, delays=0.04/0.09/0/0.11, dsn=2.0.0, status=sent (delivered via maildrop service)

May 12 17:22:10 MailSer1 postfix/qmgr[2184]: 7C5D78174: removed
可能出现的问题:

Hits值总为0,可能是mail:: spamassassin没有起作用,查看一下/usr/share/spamassassin/是否有访问权限,其属主为amavis

6.病毒库和反垃圾规则更新
              [root@MailSer1 ~]# crontab -l

0 0 1 * * root wget -N -P /usr/share/spamassassin www.ccert.edu.cn/spam/sa/Chinese_rules.cf;kill -HUP `cat /var/run/spamd.pid`

00 00 * * * /usr/local/clamav/bin/freshclam

补充

垃圾邮件分捡:

# more /etc/maildroprc 
logfile "/var/log/maildrop.log"  
if (/^X-Spam-Flag:.*YES/)
{
    exception {
        to "$HOME/$DEFAULT/.Junk/."
    }
}

到此,整个邮件系统安装基本完成,在安装过程中,参考了网上很多资料,同时也发现了许多问题!这几篇文章难免还有一些不足,我会不断完善,也欢迎大家指正!