(postfix+courier-imap+maildrop+cyrus-sasl+ extman+ SpamAssassin+ clamav+ amavisd-new搭建mail服务器)
1、 采用Centos 5.5系统也或者是rhel 5.5;
3、 本次采用的系统主机名为mail.xxt.cn。
http://gd.tuwien.ac.at/db/mysql/Downloads/MySQL-5.1/mysql-5.1.49.tar.gz
http://down1.iyunv.com/distfiles/cyrus-sasl-2.1.22.tar.gz
http://sunsite.bilkent.edu.tr/pub/apache/httpd/httpd-2.2.9.tar.gz
ftp://ftp.ru/pub/sunfreeware/SOURCES/php-5.2.6.tar.gz
http://down1.iyunv.com/distfiles/postfix-2.6.5.tar.gz
courier-authlib-0.62.4.tar.bz2
http://down1.iyunv.com/distfiles/courier-authlib-0.62.4.tar.bz2
courier-imap-4.8.0.tar.bz2
http://cdnetworks-kr-2.dl.sourceforge.net/project/courier/imap/4.8.0/courier-imap-4.8.0.tar.bz2
邮件投递代理,直观的讲就是把收到的邮件转发到用户的邮箱目录
http://cdnetworks-kr-2.dl.sourceforge.net/project/courier/maildrop/2.5.0/maildrop-2.5.0.tar.bz2
http://www.extmail.org/cgi-bin/download.cgi
http://www.extmail.org/cgi-bin/download.cgi
http://cpan.uchicago.edu/pub/CPAN/authors/id/C/CA/CAPTTOFU/DBD-mysql-3.0008.tar.gz
http://www.libgd.org/releases/gd-2.0.35.tar.bz2
http://www.cpan.org/modules/by-module/Time/Time-HiRes-1.9719.tar.gz
http://down1.iyunv.com/distfiles/File-Tail-0.99.3.tar.gz
http://oss.oetiker.ch/rrdtool/pub/ rrdtool-1.2.26.tar.gz
http://sourceforge.net/projects/clamav/files/clamav/
Mail-SpamAssassin-3.3.1.tar.gz
http://labs.renren.com/apache-mirror/spamassassin/source/Mail-SpamAssassin-3.3.1.tar.gz
连接MTA和内容检测工具(诸如病毒扫描工具和 SpamAssassin)的高性能接口程序
http://www.ijs.si/software/amavisd/amavisd-new-2.6.4.tar.gz
Convert-BinHex-1.119.tar.gz
http://down1.iyunv.com/distfiles/Convert-BinHex-1.119.tar.gz
# tar -zxvf mysql-5.1.49.tar.gz
# cd mysql-5.1.49
# groupadd mysql
# useradd -g mysql -s /sbin/nologin -M mysql
# ./configure --prefix=/usr/local/mysql --with-charset=gbk --with-extra-charsets=all --enable-thread-safe-client --enable-local-infile --with-low-memory
# make && make install
# cp support-files/my-medium.cnf /etc/my.cnf
# chown -R mysql.mysql /usr/local/mysql/
# /usr/local/mysql/bin/mysql_install_db --user=mysql
# chown -R mysql.mysql /usr/local/mysql/var/
# /usr/local/mysql/bin/mysqld_safe --user=mysql &
# cp support-files/mysql.server /etc/rc.d/init.d/mysqld
# chmod 755 /etc/rc.d/init.d/mysqld
# chkconfig --add mysqld
# chkconfig --levels 345 mysqld on
(3)配置库文件搜索路径
# echo "/usr/local/mysql/lib/mysql">>/etc/ld.so.conf
# ldconfig
#echo "export PATH=$PATH:/usr/local/mysql/bin">>/etc/profile
#source /etc/profile
# /usr/local/mysql/bin/mysqladmin -u root password "xxttest"
安装Apache有两个要注意的地方,因为我这里用的Postfix的后台管理是extman这个程序,而它是通过CGI的方式来进行管理的,所以这里启用了suexec的功能,还有一个是关于网站的存放路径的,如果不指定,那么在启用suexec后会出现 suexec-docroot的错误。
#tar -jxvf httpd-2.2.9.tar.bz2
#./configure --prefix=/usr/local/apache2 --enable-so --enable-rewrite --enable-mods-shared=all --enable-suexec --with-suexec-caller=daemon --with-suexec-docroot=/var/www
#vi /usr/local/apache2/conf/httpd.conf
找到DocumentRoot “/usr/local/apache2/htdocs”
修改为:DocumentRoot “/var/www”(后文中我们还会注释掉此行,以启用虚拟主机)
找到<Directory “/usr/local/apache2/htdocs”>
修改为:<Directory “/var/www”>
找到
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all //这句改为Allow from all
</Directory>
启动apache
#/usr/local/apache2/bin/apachectl start
(3) 添加系统服务和自启动
# cp /usr/local/apache2/bin/apachectl /etc/rc.d/init.d/httpd
# vi /etc/rc.d/init.d/httpd
# description: Activates/Deactivates Apache Web Server
# tar -zxvf php-5.2.6.tar.gz
# cd php-5.2.6
# ./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql=/usr/local/mysql/ --with-mysqli=/usr/local/mysql/bin/mysql_config --with-config-file-path=/usr/local/php --with-zlib --enable-mbstring=all
# make && make install
# cp php.ini-dist /usr/local/php/php.ini
# vi /usr/local/apache2/conf/httpd.conf
添加:
AddType application/x-httpd-php .php
AddType application/x-httpd-php .php3
AddType application/x-httpd-php .phtml
找到DirectoryIndex index.html
修改为DirectoryIndex index.html index.php
# chcon -c -v -R -u system_u -r object_r -t textrel_shlib_t /usr/local/apache2/modules/libphp5.so
# service httpd restart
# setenforce 1
httpd: Syntax error on line 105 of /usr/local/apache2/conf/httpd.conf: Cannot load /usr/local/apache2/modules/libphp5.so into server: /usr/local/apache2/modules/libphp5.so: cannot restore segment prot after reloc: Permission denied
#useradd -g 1000 -u 1000 -M -s /sbin/nologin vmail
# tar -jxvf courier-authlib-0.62.4.tar.bz2
# cd courier-authlib-0.62.4
#./configure --prefix=/usr/local/courier-authlib --without-stdheaderdir --sysconfdir=/etc --without-authuserdb --without-authpam --without-authldap --without-authpwd --without-authshadow --without-authvchkpw --without-authpgsql --without-authcustom --with-authmysql --with-mysql-libs=/usr/local/mysql/lib/mysql --with-mysql-includes=/usr/local/mysql/inculde/mysql --with-redhat --with-mailuser=vmail --with-mailgroup=vmail
# echo "/usr/local/courier-authlib/lib/courier-authlib/">>/etc/ld.so.conf
# vi /etc/authlib/authdaemonrc
authmodulelist="authmysql"
authmodulelistorig="authmysql"
# vi /etc/authlib/authmysqlrc
MYSQL_SOCKET /tmp/mysql.sock
MYSQL_CRYPT_PWFIELD password
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD concat("/var/mailbox/",homedir)
MYSQL_MAILDIR_FIELD concat("/var/mailbox/",maildir)
MYSQL_QUOTA_FIELD concat(quota,"S")
# cp courier-authlib.sysvinit /etc/rc.d/init.d/courier-authlib
# chmod 755 /etc/rc.d/init.d/courier-authlib
# chkconfig --add courier-authlib
# chkconfig courier-authlib on
# service courier-authlib start
# chmod a+x /usr/local/courier-authlib/var/spool/authdaemon
# tar -jxvf courier-imap-4.8.0.tar.bz2
# ./configure --prefix=/usr/local/courier-imap --with-redhat --enable-unicode --disable-root-check --with-trashquota --without-ipv6 COURIERAUTHCONFIG="/usr/local/courier-authlib/bin/courierauthconfig"
# vi /usr/local/courier-imap/etc/pop3d
# vi /usr/local/courier-imap/etc/imapd
(3) 启动及加入自动运行队列
# cp courier-imap.sysvinit /etc/rc.d/init.d/courier-imapd
# chmod 755 /etc/rc.d/init.d/courier-imapd
# chkconfig --add courier-imapd
# chkconfig courier-imapd on
# service courier-imapd start
# rpm -qa |grep cyrus-sasl |xargs rpm -e --nodeps
# tar -zxvf cyrus-sasl-2.1.22.tar.gz
# ./configure --enable-plain --enable-cram --enable-digest --enable-login --enable-sql --disable-anon --disable-ntlm --disable-gssapi --disable-krb4 --disable-otp --disable-srp --disable-srp-setpass --with-mysql=/usr/local/mysql --with-mysql-includes=/usr/local/mysql/include/mysql --with-mysql-libs=/usr/local/mysql/lib/mysql --with-authdaemond=/usr/local/courier-authlib/var/spool/authdaemon/socket
# ln -sv /usr/local/lib/sasl2 /usr/lib/sasl2
# echo "/usr/local/lib">>/etc/ld.so.conf
# vi /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
authdaemond_path:/usr/local/courier-authlib/var/spool/authdaemon/socket
# mkdir -pv /var/state/saslauthd
# /usr/local/sbin/saslauthd -a shadow pam
# /usr/local/sbin/testsaslauthd -u root -p xxttest // xxttest 为root的密码
# echo "/usr/local/sbin/saslauthd -a shadow pam">>/etc/rc.local
# rpm -qa |grep sendmail |xargs rpm -e –nodeps
# groupadd -g 105 postfix
# useradd -g 105 -u 105 -M -s /sbin/nologin postfix
# groupadd -g 106 postdrop
# useradd -g 106 -u 106 -M -s /sbin/nologin postdrop
# tar -zxvf postfix-2.6.5.tar.gz
# make makefiles "CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include/mysql -DUSE_CYRUS_SASL -DUSE_SASL_AUTH -I/usr/local/include/sasl" "AUXLIBS=-L/usr/local/mysql/lib/mysql -lmysqlclient -lz -lm -L/usr/local/lib -lsasl2"
(3) 按照以下的提示输入相关的路径([]号中的是缺省值,”]”后的是输入值)
install_root: [/]
tempdir: [/root/postfix-2.6.5] /tmp //其他的都是默认
config_directory: [/etc/postfix]
command_directory: [/usr/sbin]
daemon_directory: [/usr/libexec/postfix]
data_directory: [/var/lib/postfix]
html_directory: [no]
mail_owner: [postfix]
mailq_path: [/usr/bin/mailq]
manpage_directory: [/usr/local/man]
newaliases_path: [/usr/bin/newaliases]
queue_directory: [/var/spool/postfix]
readme_directory: [no]
sendmail_path: [/usr/sbin/sendmail]
setgid_group: [postdrop]
(4) 生成别名二进制文件
# newaliases
(5) 建立邮件存放目录
# mkdir -pv /var/mailbox
# chown -R vmail.vmail /var/mailbox
#=====================BASE=========================
mynetworks = 192.168.0.0/16, 127.0.0.0/8
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
command_directory = /usr/sbin
manpage_directory = /opt/postfix/man
daemon_directory = /usr/libexec/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
#=====================Vritual Mailbox settings=========================
virtual_mailbox_base = /var/mailbox
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000
virtual_transport = maildrop:
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
#====================QUOTA========================
message_size_limit = 52428800
mailbox_size_limit = 209715200
virtual_mailbox_limit = 209715200
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes
#====================SASL========================
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!
alias_maps = hash:/etc/aliases
(7) 添加为支持虚拟域和虚拟用户所用到的配置文件,其实是直接在extman中复制过去
# tar zxvf extman-1.0.0.tar.gz
# cp docs/mysql_virtual_* /etc/postfix/
# /usr/sbin/postfix start
# echo "/usr/sbin/postfix start">>/etc/rc.local
# tar jxvf maildrop-2.5.0.tar.bz2
# ln -sv /usr/local/courier-authlib/bin/courierauthconfig /usr/bin/courierauthconfig
#./configure --prefix=/usr/local/maildrop --enable-sendmail=/usr/sbin/sendmail --enable-trusted-users="rootvmail" --enable-syslog=1 --enable-maildirquota --enable-maildrop-uid=1000 --enable-maildrop-gid=1000 --with-trashquota--with-dirsync
# cp /usr/local/maildrop/bin/maildrop /usr/local/bin/
maildrop 2.0.4 Copyright 1998-2005 Double Precision, Inc.
Courier Authentication Library extension enabled. //要保证这一行显示
Maildir quota extension enabled.
This program is distributed under the terms of the GNU General Public
License. See COPYING for additional information.
logfile "/var/log/maildrop.log"
# touch /var/log/maildrop.log
# chown vmail.vmail /var/log/maildrop.log
# vi /etc/postfix/master.cf
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -w 90 -d ${user}@${nexthop} ${recipient} ${user} ${extension} {nexthop}
此处要注意argv=后边的maildrop要加上路径,否则会出现
temporary failure. Command output: pipe: fatal: pipe_command: execvp maildrop: No such file or directory
注意maildrop unix这行前边不能有空格,要不会出现以下错误提示
warning: connect to transport maildrop: No such file or directory
Oct 31 23:21:24 localhost postfix/error[2235]: BE0AE27DAF6: to=<jjq002@abc.com>,relay=none,delay=1443,delays=1443/0.24/0/0.02,dsn=4.3.0, status=deferred (mail transport unavailable)
注意flags=Drhu这一行前边有两个空格,要不会出现以下错(fatal: /etc/postfix/master.cf: line 100: bad transport type: user= vmail)。
# tar -zxvf extmail-1.2.tar.gz
# mkdir /var/www/extsuite
# mv extmail-1.2 /var/www/extsuite/extmail
# cd /var/www/extsuite/extmail/
# cp webmail.cf.default webmail.cf
SYS_MAILDIR_BASE = /home/domains
此处即为您在前文所设置的用户邮件的存放目录,可改作:
SYS_MAILDIR_BASE = /var/mailbox
以上两句句用来设置连接数据库服务器所使用用户名、密码和邮件服务器用到的数据库,这里修改为:
SYS_MYSQL_HOST = localhost
SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock
SYS_MYSQL_SOCKET = /tmp/mysql.sock
SYS_MYSQL_TABLE = mailbox
SYS_MYSQL_ATTR_USERNAME = username
SYS_MYSQL_ATTR_DOMAIN = domain
SYS_MYSQL_ATTR_PASSWD = password
以上用来指定验正用户登录里所用到的表,以及用户名、域名和用户密码分别对应的表中列的名称;这里默认即可
SYS_AUTHLIB_SOCKET = /var/spool/authdaemon/socket
此句用来指明authdaemo socket文件的位置,这里修改为:
SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket
修改 cgi执行文件属主为apache运行身份用户:
# chown -R vmail.vmail /var/www/extsuite/extmail/cgi/
# mv extman-1.0.0 /var/www/extsuite/extman
#cd /var/www/extsuite/extman
# mv webman.cf.default webman.cf
# vi /var/www/extsuite/extman/webman.cf
SYS_MAILDIR_BASE = /home/domains
此处即为您在前文所设置的用户邮件的存放目录,可改作:
SYS_MAILDIR_BASE = /var/mailbox
SYS_MYSQL_SOCKET = /var/lib/mysql/mysql.sock
SYS_MYSQL_SOCKET = /tmp/mysql.sock
(3) 使用extman源码目录下docs目录中的extmail.sql和init.sql建立数据库:
# cd /var/www/extsuite/extman
# mysql -u root -p <docs/extmail.sql
# mysql -u root -p <docs/init.sql
chown -R vmail.vmail /var/www/extsuite/extman/cgi
(5) extman和extmail需要Perl-Unix-Syslog、DBD-Mysql和perl-GD的支持
cpan>install Unix::Syslog
-----cpan>install DBD::mysql # DBD-Mysql目前最新的版本为DBD-mysql-4.006,但它和系统中的perl结合使用时会造成extmail无法正常使用,因此我们采用 3的版本
# tar -zxvf DBD-mysql-3.0008_1.tar.gz
# chown -R vmail.vmail /tmp/extman/
# chown -R vmail.vmail /tmp/extmail/
# vi /usr/local/apache2/conf/httpd.conf
Include conf/extra/httpd-vhosts.conf
# vi /usr/local/apache2/conf/extra/httpd-vhosts.conf
DocumentRoot /var/www/extsuite/
ScriptAlias /extmail/cgi/ /var/www/extsuite/extmail/cgi/
Alias /extmail/ /var/www/extsuite/extmail/html/
ScriptAlias /extman/cgi/ /var/www/extsuite/extman/cgi/
Alias /extman/ /var/www/extsuite/extman/html/
SuexecUserGroup vmail vmail
在浏览器中输入http://mail.xxt.cn/extman进入管理界面,默认内置账号是root@extmail.org,密码是 extmail*123*,添加一个域和用户
在http://mail.xxt.cn/extmail中登陆
# tar -jxvf gd-2.0.35.tar.bz2
# ./configure --with-png --with-freetype --with-jpeg --with-zlib --with-fontconfig
如果GD报错:configure.ac:64: warning: macro `AM_ICONV' not found in library你就make clean一下,然后再make
如果你安装别的出现libtool没有找到,你就从/usr/bin/libtool cp 一个过来用就好了!
# tar -zxvf Time-HiRes-1.9719.tar.gz
# tar -zxvf File-Tail-0.99.3.tar.gz
(4) 安装rrdtool(用最新版的编译没通过)
# yum install libart_lgpl-devel
# tar -zxvf rrdtool-1.2.26.tar.gz
# ./configure --prefix=/usr/local/rrdtool --enable-perl-site-install=/usr/lib/perl5/
(5) 复制mailgraph_ext到/usr/local,并启动之
# cp -r /var/www/extsuite/extman/addon/mailgraph_ext /usr/local
# /usr/local/mailgraph_ext/mailgraph-init start
# /usr/local/mailgraph_ext/qmonitor-init start
echo "/usr/local/mailgraph_ext/mailgraph-init start" >>/etc/rc.local
echo "/usr/local/mailgraph_ext/qmonitor-init start" >>/etc/rc.local
ClamAV是一个unix系统平台上的开源反病毒工具,它是特地为在邮件网关上进行邮件扫描而设计的。整套软件提供了许多的实用工具,包括一个可伸缩和可升级的多线程守护进程、一个命令行扫描工具和病毒库自动升级工具。
SpamAssassin 是目前最好的、最流行的开源反垃圾邮件软件之一。它是一个邮件过滤器,使用了多种反垃圾邮件技术,如:文本分析、贝叶斯过滤、DNS黑名单和分布式协同过滤数据库等。
amavisd-new是一个连接MTA和内容检测工具(诸如病毒扫描工具和 SpamAssassin)的高性能接口程序,使用perl语言写成。它一般通过SMTP、ESMTP或者LMTP和MTA进行通讯,当然也可以借助于其它外部程序进行。同postfix(MTA)协同工作时表现尤佳。当它呼叫SpamAssassin进行内容过滤时,对于一封邮件只需要呼叫一次,而不管这封邮件将发往多少个收件人;同时,它亦会尽力保证实现每一位收件人的偏好设置,如接收/拒绝,检测/不检测,垃圾邮件级别等;它还会在邮件头部分插入 spam相关信息。
最新的clamav-0.96.1需要zlib-1.2.2以上的版本的支持,而centos5上的版本为zlib-1.2.3因此不需要升级,但是为了确保,最好还是确认下:
如果不是最新的,请使用yum update zlib进行升级。
#useradd -g clamav -s /sbin/nologin -M clamav
添加配合amavisd-new使用的用户amavis
#useradd -g amavis -s /sbin/nologin -M amavis
#tar zxvf clamav-0.96.1.tar.gz
#./configure --prefix=/usr/local/clamav --with-dbdir=/usr/local/clamav/share --sysconfdir=/etc/clamav
#vi /etc/clamav/clamd.conf
#PidFile /var/run/clamd.pid
LocalSocket /tmp/clamd.socket
#DatabaseDirectory /var/lib/clamav
LogFile /var/log/clamav/clamd.log
PidFile /var/run/clamav/clamd.pid
LocalSocket /var/run/clamav/clamd.socket
DatabaseDirectory /usr/local/clamav/share
StreamMaxLength 20M (后面的数值应该与邮件服务器允许的最大附件值相一致)
#vi /etc/clamav/freshclam.conf
#DatabaseDirectory /var/lib/clamav
#UpdateLogFile /var/log/freshclam.log
DatabaseDirectory /usr/local/clamav/share
UpdateLogFile /var/log/clamav/freshclam.log
DatabaseMirror db.XY.clamav.net (您可以去clamav官方网站查看升级服务器并添加至此处db.CN.clamav.net)
(4) 建立日志所在的目录、进程与socket所在的目录,并让它属于clamav用户:
# mkdir -v /var/log/clamav
# chown -R amavis.amavis /var/log/clamav
# mkdir -v /var/run/clamav
# chmod 700 /var/run/clamav
# chown -R amavis.amavis /var/run/clamav
#touch /var/log/clamav/freshclam.log
#chown clamav.clamav /var/log/clamav/freshclam.log
(5) 配置crontab,让Clam AntiVirus每小时检测一次新的病毒库:
37 * * * * /usr/local/clamav/bin/freshclam
# echo “/usr/local/clamav/lib”>> /etc/ld.so.conf
# echo /usr/local/clamav/sbin/clamd /etc/rc.local
依赖关系的解决,安装Spamassassin需要很多perl模块的支持,以下是所需模块列表及安装方法;必须的软件包:
可选的软件包,其中有些后面的amavisd也有可能会用到:
DBI *and* DBD driver/modules
推荐使用CPAN自动安装(你的主机要能连上Internet),它能够自动下载安装,并能解决安装过程中的依赖关系。您可以使用类同的以下的命令来进行安装:
cpan> install Digest::SHA1
如果您的主机无法直接连接到Internet,您也可以到http://search.cpan.org上搜索下载所需要的软件包,而后使用类同的下列命令安装:
说明:某些软件包安装的过程中可能需要已经列出的其它软件包的支持(可以先尝试安装Spamassassin,然后按提示补充所需软件包),请安照提示自行调整安装顺序。另外,其中有个软件包安装过程中可能要求声明环境变量LC_ALL,此时,可输入如下命令,并重新进行软件包的编译安装即可。
(2)安装Mail-SpamAssassin-3.3.1
#tar jxvf Mail-SpamAssassin-3.3.1.tar.bz2
#cd Mail-SpamAssassin-3.3.1
编辑主配置文件/etc/mail/spamassassin/local.cf
rewrite_header Subject *****SPAM*****
在这部分安装的过程中可能会遇到一些问题,请使用perl -MCPAN -e shell之后>cpan install spamassassin.
注:笔者在安装的过程中也遇到了Mail::SPF这个模块儿无法安装的情况,这个需要更新CPAN的版本才可以解决。很简单,这里不再详述。
#spamassassin -t < sample-nonspam.txt > nonspam.out
#spamassassin -t < sample-spam.txt > spam.out
#echo "/usr/bin/spamd -d" >> /etc/rc.local
以下为官方声明所必须的软件包列表,使用perl -MCPAN -e shell进行安装
有些可能在上面已经安装,但是为了保险起见,还是建议逐个验证一遍。
(2) 创建运行时目录,并赋予amavis用户(前文中所建)
# mkdir -pv /var/amavis/{tmp,var,db,home}
# chown -R amavis:amavis /var/amavis
#chmod -R 750 /var/amavis
# tar -zxvf amavisd-new-2.6.4.tar.gz
拷贝服务端至$PATH中指定的目录,推荐拷贝至/usr/local/sbin:
#cp amavisd /usr/local/sbin/
#chown root /usr/local/sbin/amavisd
#chmod 755 /usr/local/sbin/amavisd
# chown root:amavis /etc/amavisd.conf
# chmod 640 /etc/amavisd.conf
# mkdir -v /var/virusmails
# chown amavis:amavis /var/virusmails/
# chmod 750 /var/virusmails/
$daemon_group = 'amavis';
$mydomain = 'xxt.cn'; (此处可更改为自己的DNS域)
$virus_admin = "postmaster/@$mydomain";
$mailfrom_notify_admin = "postmaster/@$mydomain";
$mailfrom_notify_recip = "postmaster/@$mydomain";
$mailfrom_notify_spamadmin = "postmaster/@$mydomain";
$mailfrom_to_quarantine = '';
virus_admin_maps => ["postmaster/@$mydomain"] (指定报告病毒和垃圾邮件时发送系统邮件的用户身份)
spam_admin_maps => ["postmaster/@$mydomain"]
启用ClamAV,(大概在第363行)去掉如下行前的注释符:
# /&ask_daemon, ["CONTSCAN {}/n", "/var/run/clamav/clamd"],
# qr//bOK$/, qr//bFOUND$/,
# qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# ['Mail::ClamAV', /&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/],---在375行
并将如上行中的/var/run/clamav/clamd修改为:/var/run/clamav/clamd.socket
#/usr/local/sbin/amavisd debug
echo “/usr/local/sbin/amavisd”>>etc/rc.d/rc.local
fetch_modules: error loading optional module MIME/Decoder/BinHex.pm:
Can't locate Convert/BinHex.pm in @INC (@INC contains: /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.8/i386-linux-thread-multi /usr/lib/perl5/5.8.8) at /usr/lib/perl5/site_perl/5.8.8/MIME/Decoder/BinHex.pm line 43.
BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/MIME/Decoder/BinHex.pm line 43.
Compilation failed in require at /usr/local/sbin/amavisd line 197.
这个时候就需要下载Convert-BinHex-1.119.tar.gz,安装后再启动。
#tar -zxvf Convert-BinHex-1.119.tar.gz
13、 配置postfix,让它能调用amavisd,以实现病毒及垃圾邮件的过滤
(1) 配置/etc/postfix/master.cf
#vi /etc/postfix/master.cf
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
amavisfeed unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8,192.168.0.0/16
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o local_header_rewrite_clients=
(2) 修改/etc/postfix/main.cf
content_filter=amavisfeed:[127.0.0.1]:10024
(3) 让postfix重新加载主配置文件,并查看启动情况
# postfix reload && tail -f /var/log/maillog
(4) 查看amavisd是否在监听10024端口,并测试服务启动情况:
[iyunv@mail postfix]# telnet localhost 10024
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
250 XFORWARD NAME ADDR PORT PROTO HELO SOURCE
221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
Connection closed by foreign host.
(5) postfix重新加载配置文件后将授权并激活"127.0.0.1:10025"端口,一个正常的服务连接应该类同下面所示:
[iyunv@mail postfix]# telnet localhost 10025
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 Welcome to our mail.xxt.cn ESMTP,Warning: Version not Available!
Connection closed by foreign host.
[iyunv@mail ~]# telnet localhost 10024
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
250 2.1.5 Recipient <lyf> OK
354 End data with <CR><LF>.<CR><LF>
250 2.0.0 Ok, id=32278-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 3FE6A7488EB
221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
Connection closed by foreign host.
(7) 使用EXTmail登陆lyf用户查看邮件的情况,如果收到则说明功能正常。
登录extmail,发送带有病毒附件的邮件(病毒样本在一个压缩包中),查看发送情况:
#tail –f /var/log/maillog
Aug 11 18:07:13 mail clamd[4821]: SelfCheck: Database status OK.
Aug 11 18:07:13 mail clamd[4821]: /var/amavis/tmp/amavis-20100811T165819-32278/parts/p493: VGEN.6.0 FOUND
Aug 11 18:07:13 mail clamd[4821]: /var/amavis/tmp/amavis-20100811T165819-32278/parts/p250: Jerusalem-USA FOUND
Aug 11 18:07:13 mail clamd[4821]: /var/amavis/tmp/amavis-20100811T165819-32278/parts/p251: DOS.PS-MPC.432 FOUND
Aug 11 18:07:13 mail clamd[4821]: /var/amavis/tmp/amavis-20100811T165819-32278/parts/p249: VGEN.6.0 FOUND
Aug 11 18:07:13 mail clamd[4821]: /var/amavis/tmp/amavis-20100811T165819-32278/parts/p252: Albania-429.A FOUND
Aug 11 18:07:13 mail clamd[4821]: /var/amavis/tmp/amavis-20100811T165819-32278/parts/p253: Albania.1 FOUND
Aug 11 18:07:13 mail clamd[4821]: /var/amavis/tmp/amavis-20100811T165819-32278/parts/p254: Albania.1 FOUND
Aug 11 18:07:13 mail clamd[4821]: /var/amavis/tmp/amavis-20100811T165819-32278/parts/p255: Small.130-gen FOUND
Aug 11 18:07:13 mail clamd[4821]: /var/amavis/tmp/amavis-20100811T165819-32278/parts/p256: Vgen.1065 FOUND
Aug 11 18:07:14 mail clamd[4821]: /var/amavis/tmp/amavis-20100811T165819-32278/parts/p258: Abraxas-1200 FOUND
Aug 11 18:07:14 mail clamd[4821]: /var/amavis/tmp/amavis-20100811T165819-32278/parts/p259: Abraxas-1214 FOUND
Aug 11 18:07:14 mail clamd[4821]: /var/amavis/tmp/amavis-20100811T165819-32278/parts/p260: Abraxas-15xx FOUND
Aug 11 18:07:14 mail clamd[4821]: /var/amavis/tmp/amavis-20100811T165819-32278/parts/p261: Abraxas-15xx FOUND
Aug 11 18:07:14 mail postfix/smtpd[350]: connect from localhost.localdomain[127.0.0.1]
Aug 11 18:07:14 mail postfix/smtpd[350]: AC4BD7488ED: client=localhost.localdomain[127.0.0.1]
Aug 11 18:07:14 mail postfix/cleanup[342]: AC4BD7488ED: message-id=<VAYeO+kSgVIMCX@mail.xxt.cn>
Aug 11 18:07:15 mail postfix/smtpd[350]: disconnect from localhost.localdomain[127.0.0.1]
Aug 11 18:07:15 mail postfix/qmgr[32702]: AC4BD7488ED: from=<postmaster@xxt.cn>, size=12833, nrcpt=1 (queue active)
Aug 11 18:07:15 mail amavis[32278]: (32278-06) Blocked INFECTED (VGEN.6.0, Jerusalem-USA, DOS.PS-MPC.432, Albania-429.A, Albania.1, Small.130-gen, Vgen.1065, Abraxas-1200, Abraxas-1214, Abraxas-15xx, _0523_0001_001, ARCV-Made-255, ARCV-330, ARCV.562, ARCV.570, Ice.2, ARCV.773, DOS.Arcv.839, DOS.PS-MPC.447, ARCV.Anna.742, DOS.ARCV.745, DOS.Arcv.1183, Arcv.Christmas, ICE-9.A, Arcv.Ice.250, Gen.1575.B, Acid-670, AvatarAcid-674, DOS.Johanna, ARCV.Joanna.912, DOS.ARCV.Gen, Clonewar-923.A, Gen.649, Fire.795, DOS.X-2.Gen, Arcv-1060, ADA, Adolph.3, Advent, VCL.Shirley, Tic-1, Agip, AIDSII, AIDS.1, Dropper.5, BootSectorDr, Aircop-c, Hydra.3, Dropper.1, Alabama-B, Yale, DOS.Eddie, Redx, BadTaste, Amoeba.1, Pixel-296, Amstrad-740, Amstrad.1, Amstrad.2, Pixel-852, Jerusalem.9, Plastique.3, Plastique.2, AntiCAD-4096, Plastique.5, Jerusalem.2.Nemesis, Jerusalem.1, Andryushka.1, Andromeda.1140, Ohlala, Anthrax-E, Anti-D.2, Civil_War.561, V-1L, Plastique.1, Anti-Faggot, ChristmasViolator, Antimit, Antimon, VLADAnt...
Aug 11 18:07:15 mail amavis[32278]: (32278-06) ...ipode, DOS.Simulated.Virus, VGEN.10.0, VGEN.11.0, Anto-1, Pascal-400, Pascal-440, AntiPas-480, Pascal-529, AntiPas-605, Vgen.1334, V2000, April-1st.A, April-1st.E, Joke.Pani, Armageddon.C, Gen.742, DOS.Arara.1057, ARCV-4, VirTool.ARCV, Violator.1, Argentina, Ash.1, Ash-449, Ash.451, SillyC-737, ImpotentG, Ash-1602, Ash-1604, Asp, Astra-101, AT-133, AT-140.1, AT.144.B, AT.144.A, AT-149.B, VGEN.17.0, Atom-350, VCL.O.371, Atomic-480, Atomic, Attention.3, AT-II-114, ATII-118, AT-II-122, Atomic.2, Atom-Ant, Attitude.548, Attitude-724.825, Aurea.A, AustrPara.152, AustrPara.153.B, Austr.Para-155, Austr.Para-162, Austr.Para-187, Austr.Para-215, Austr.Parasite.3, Austr.Para-306, Austr.Para-338, Austr.Para-369, Austr.Para-377, AnkeHuber, DOS.Austr_Parasite.440, Austr.Para-482, DOS.Anke, Austr.Para-550, Austr.Para-588, Austr.Para-615, Austr.Para-784, Austr.Para-762, Gen.403.B, Clipper, DOS.AusTerm.3490, Austr.Para-VGADemo, DarkAvenger-1947), MYNETS LOCAL [127....
Aug 11 18:07:15 mail amavis[32278]: (32278-06) ...0.0.1] [127.0.0.1] <lyf@xxt.cn> -> <zhh@xxt.cn>, quarantine: virus-YeO+kSgVIMCX, Message-ID: <20100811100712.768407488EC@mail.xxt.cn>, mail_id: YeO+kSgVIMCX, Hits: -, size: 403109, 2439 ms
(2) 至此postfix的所有软件已经搭建完毕,就开始享受你自己的mail之旅吧!GOOD LUCK!
1、 http://blog.yahunet.com/post-67.html
2、 http://hi.baidu.com/shengit/blog/item/d839502c7253a138349bf78c.html
|