postfix安裝

tengrid發表於2009-05-18
1.安裝mysql並建立使用者庫結構
匯入postfixadmin中自帶的使用者庫結構
tar zxf postfix/postfixadmin-2.1.0.gz
cd postfixadmin-2.1.0/
/usr/local/mysql/bin/mysql -u root < DATABASE_MYSQL.TXT

2.安裝Cyrus-sasl2
tar zxf postfix/cyrus-sasl-2.1.22.tar.gz
cd cyrus-sasl-2.1.22/
./configure --enable-plain --enable-cram --enable-digest --enable-login --enable-sql --disable-anon --disable-ntlm --disable-gssapi --disable-krb4 --disable-otp --disable-srp --disable-srp-setpass --with-authdaemond=/usr/local/var/spool/authdaemon/socket --with-mysql=/usr/local/mysql --with-mysql-includes=/usr/local/mysql/include/mysql --with-mysql-libs=/usr/local/mysql/lib/mysql
make
make install
ln -s  /usr/local/lib/sasl2 /usr/lib/sasl2
建立/usr/local/lib/sasl2/smtpd.conf檔案,內容如下
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path:/usr/local/var/spool/authdaemon/socket

3.安裝Postfix
groupadd -g 10000 postfix
useradd -u 10000 -d /nonexistent -s /bin/false -g postfix postfix
groupadd -g 10001 postdrop
因postfix-2.4版需要epoll支援,所以只能安裝postfix-2.3.12
tar zxf postfix/postfix-2.3.12.tar.gz
cd postfix-2.3.12/
make tidy
make makefiles CCARGS='-DHAS_MYSQL -DUSE_SASL_AUTH -DUSE_CYRUS_SASL \
-I/usr/local/mysql/include/mysql -I/usr/local/include/sasl'  AUXLIBS='-L/usr/local/mysql/lib/mysql -L/usr/local/lib \
-lmysqlclient -lm -lz -lsasl2'
make
ldconfig
make install
編輯/etc/postfix/main.cf檔案,修改和新增如下內容(部分內容在make install時的互動指令碼中完成設定)

queue_directory = /data/postfix_queues
myhostname = mail2.xxx.com
mydomain = xxx.com
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost
alias_maps = hash:/etc/postfix/aliases
home_mailbox = Maildir/

# virtual mailbox setup

virtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql_mailbox_domains.cf
virtual_mailbox_base = /data/postfix_mailbox/
virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql_mailbox_maps.cf
virtual_minimum_uid = 10000
virtual_uid_maps = static:10000
virtual_gid_maps = static:10000
virtual_alias_maps = mysql:/etc/postfix/mysql/mysql_alias_maps.cf

# SASL setup
smtpd_sasl_auth_enable = yes
smtpd_sasl_application_name = smtpd
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain = $mydomain
smtpd_recipient_restrictions = permit_mynetworks,
        permit_sasl_authenticated,reject_unauth_destination

# amavisd-new setup
content_filter = smtp-amavis:[127.0.0.1]:10024

同時根據/etc/postfix/main.cf檔案中的虛擬郵箱設定,建立如下目錄、檔案和對應內容,具體的使用者名稱和密碼取決於mysql中的設定

mkdir /etc/postfix/mysql

cat /etc/postfix/mysql/mysql_alias_maps.cf
user = postfix
password = postfix
dbname = postfix
hosts = localhost
table = alias
select_field = goto
where_field = address
additional_conditions = and active='1'

cat  /etc/postfix/mysql/mysql_mailbox_maps.cf
user = postfix
password = postfix
dbname = postfix
hosts = localhost
table = mailbox
select_field = maildir
where_field = username
additional_conditions = and active='1'

cat /etc/postfix/mysql/mysql_mailbox_domains.cf
user = postfix
password = postfix
dbname = postfix
hosts = localhost
table = domain
select_field = domain
where_field = domain
additional_conditions = and active='1'

4.安裝courier-authlib
tar jxf postfix/courier-authlib-0.59.3.tar.bz2
cd courier-authlib-0.59.3/
./configure --without-authpam --without-authldap --without-authpwd --without-authshadow --without-authvchkpw --without-authpgsql  --without-authcustom --without-authpipe --without-authuserdb --with-authmysql --with-mysql-libs=/usr/local/mysql/lib/mysql --with-mysql-includes=/usr/local/mysql/include/mysql --with-mailuser=postfix --with-mailgroup=postfix
make
make install
echo "/usr/local/lib/courier-authlib" >> /etc/ld.so.conf
ldconfig
make install-configure

修改/usr/local/etc/authlib/authmysqlrc檔案為如下內容
MYSQL_SERVER            localhost
MYSQL_USERNAME          postfix
MYSQL_PASSWORD          postfix

MYSQL_SOCKET            /tmp/mysql.sock

MYSQL_PORT              3306

MYSQL_OPT               0

MYSQL_DATABASE          postfix

MYSQL_USER_TABLE        mailbox

MYSQL_CRYPT_PWFIELD     password

DEFAULT_DOMAIN          xxx.com

MYSQL_UID_FIELD         10000

MYSQL_GID_FIELD         10000

MYSQL_LOGIN_FIELD       username

MYSQL_HOME_FIELD        '/data/postfix_mailbox/'

MYSQL_NAME_FIELD        name

MYSQL_MAILDIR_FIELD     maildir

MYSQL_QUOTA_FIELD       quota

MYSQL_WHERE_CLAUSE active='1'

5.安裝Courier-imap
以普通使用者執行下列命令
tar jxf postfix/courier-imap-4.1.3.tar.bz2
cd courier-imap-4.1.3/
./configure --enable-unicode --with-trashquota --without-ipv6
make
su
make install
make install-configure

6.安裝postfixadmin
tar zxf postfix/postfixadmin-2.1.0.gz
cd postfixadmin-2.1.0/
cp config.inc.php.sample config.inc.php
cd /data/htdocs/postfixadmin
chmod 640 *.php *.css
cd /data/htdocs/postfixadmin/admin/
chmod 640 *.php .ht*
cd /data/htdocs/postfixadmin/images/
chmod 640 *.gif *.png
cd /data/htdocs/postfixadmin/languages/
chmod 640 *.lang
cd /data/htdocs/postfixadmin/templates/
chmod 640 *.tpl
cd /data/htdocs/postfixadmin/users/
chmod 640 *.php

7.安裝apache和php
tar zxf postfix/httpd-2.2.4.tar.gz
cd httpd-2.2.4
./configure --enable-so --enable-rewrite --prefix=/usr/local/apache-2.2.4 --enable-mods-shared=all
make
make install
cd /usr/local/
ln -s apache-2.2.4/ apache
tar zxf postfix/c-client.tar.Z
cd imap-2006j/
make slx SSLTYPE=none

tar zxf postfix/php-4.4.7.tar.gz
cd php-4.4.7/
./configure --prefix=/usr/local/php --with-mysql=/usr/local/mysql \
--with-apxs2=/usr/local/apache2/bin/apxs --with-config-file-path=/usr/local/php/etc --enable-versioning --enable-ftp \
--with-imap=/usr/src/imap-2007/ --enable-sockets
make
make install
cp php.ini-recommended /usr/local/php/etc/php.ini

8.postfix啟動步驟
/usr/local/mysql/bin/mysqld_safe --user=mysql &
postfix start
/usr/local/sbin/authdaemond start
/usr/lib/courier-imap/libexec/imapd.rc start
/usr/lib/courier-imap/libexec/pop3d.rc start

測試SMTP服務
由於在發信認證時使用的是BASE64 編碼,所以要把使用者名稱和密碼轉BASE64 格式
root@xxx:/home/admin# printf '\\0test' |mmencode
dGVzdEBwYWlwYWkuY29tAHRlc3RAcGFpcGFpLmNvbQB0ZXN0
root@xxx:/home/admin#  printf '' |mmencode
dGVzdEBwYWlwYWkuY29t
root@xxx:/home/admin# perl -MMIME::Base64 -e 'print encode_base64("test\@xxx.com");'
dGVzdEBwYWlwYWkuY29t
root@xxx:/home/admin# perl -MMIME::Base64 -e 'print encode_base64("test");'
dGVzdA==

admin@xxx:~$ telnet 192.*.*.* 25
Trying 192.*.*.*...
Connected to 192.*.*.*.
Escape character is '^]'.
220 mail_new.xxx.com ESMTP Postfix
EHLO xxx.com
250-mail_new.xxx.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN dGVzdEBwYWlwYWkuY29tAHRlc3RAcGFpcGFpLmNvbQB0ZXN0
235 2.0.0 Authentication successful
MAIL FROM:test@xxx.com
250 2.1.0 Ok
RCPT TO:test@xxx.com
250 2.1.5 Ok
DATA
354 End data with .
test mail 1
.
250 2.0.0 Ok: queued as 5447BA4803F
QUIT
221 2.0.0 Bye

admin@xxx:~$ telnet 192.*.*.* 25
Trying 192.*.*.*...
Connected to 192.*.*.*.
Escape character is '^]'.
220 mail_new.xxx.com ESMTP Postfix
EHLO xxx.com
250-mail_new.xxx.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH LOGIN
334 VXNlcm5hbWU6
dGVzdEBwYWlwYWkuY29t
334 UGFzc3dvcmQ6
dGVzdA==
235 2.0.0 Authentication successful
MAIL FROM:xyz@163.com
250 2.1.0 Ok
RCPT TO:test@xxx.com
250 2.1.5 Ok
DATA
354 End data with .
to:any@any.com
from:
subject:Telnet test

test mail 2
.
250 2.0.0 Ok: queued as C117FA4803F
QUIT
221 2.0.0 Bye




測試POP3服務
admin@xxx:~$ telnet 192.*.*.*  110
Trying 192.*.*.*...
Connected to 192.*.*.*.
Escape character is '^]'.
+OK Hello there.
USER
+OK Password required.
PASS test
+OK logged in.
LIST
+OK POP3 clients that break here, they violate STD53.
1 447
2 459
.
STAT
+OK 2 906
RETR 2
+OK 459 octets follow.
Return-Path: <>
X-Original-To:
Delivered-To:
Received: from xxx.com (unknown [192.*.*.*])
        by mail_new.xxx.com (Postfix) with ESMTP id C117FA4803F
        for <>; Tue,  7 Aug 2007 11:52:39 +0800 (CST)
Message-Id: <>
Date: Tue,  7 Aug 2007 11:52:39 +0800 (CST)
From:
To: undisclosed-recipients:;

test mail 2
.
QUIT
+OK Bye-bye.

測試IMAP服務
admin@monitor:~$ telnet 192.*.*.* 143
Trying 192.*.*.*...
Connected to 192.*.*.*.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2005 Double Precision, Inc.  See COPYING for distribution information.
. LOGIN test
. OK LOGIN Ok.
. list "" "*"
* LIST (\Unmarked \HasNoChildren) "." "INBOX"
. OK LIST completed
. select INBOX
* FLAGS (\Draft \Answered \Flagged \Deleted \Seen \Recent)
* OK [PERMANENTFLAGS (\* \Draft \Answered \Flagged \Deleted \Seen)] Limited
* 2 EXISTS
* 2 RECENT
* OK [UIDVALIDITY 1186461175] Ok
* OK [MYRIGHTS "acdilrsw"] ACL
. OK [READ-WRITE] Ok
. create INBOX.test3
. OK "INBOX.test3" created.
. status INBOX.test3 (messages)
* STATUS "INBOX.test3" (MESSAGES 0)
. OK STATUS Completed.
. copy 1 INBOX.test3
. OK [COPYUID 1186461785 1 1] COPY completed.
. status INBOX.test3 (messages)
* STATUS "INBOX.test3" (MESSAGES 1)
. OK STATUS Completed.
. list "" "*"
* LIST (\HasNoChildren) "." "INBOX.test3"
* LIST (\Unmarked \HasChildren) "." "INBOX"
. OK LIST completed
. delete INBOX.test3
. OK Folder deleted.
. list "" "*"
* LIST (\Unmarked \HasNoChildren) "." "INBOX"
. OK LIST completed
. status INBOX (messages)
* STATUS "INBOX" (MESSAGES 2)
. OK STATUS Completed.
. fetch 1 flags
* 1 FETCH (FLAGS (\Seen \Recent))
. OK FETCH completed.
. fetch 1 rfc822.header
* 1 FETCH (RFC822.HEADER {434}
Return-Path: <>
X-Original-To:
Delivered-To:
Received: from xxx.com (unknown [172.16.130.36])
        by mail_new.xxx.com (Postfix) with ESMTP id 5447BA4803F
        for <>; Tue,  7 Aug 2007 11:09:18 +0800 (CST)
Message-Id: <>
Date: Tue,  7 Aug 2007 11:09:18 +0800 (CST)
From:
To: undisclosed-recipients:;

)
. OK FETCH completed.
. fetch 1 rfc822.text
* 1 FETCH (RFC822.TEXT {13}
test mail 1
)
. OK FETCH completed.
. capability
* CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION
. OK CAPABILITY completed
. getquotaroot inbox
* QUOTAROOT "inbox" "ROOT"
* QUOTA "ROOT"
. OK GETQUOTAROOT Ok.
. getacl inbox
* ACL "inbox" "owner" "acdilrsw" "administrators" "acdilrsw"
. OK GETACL completed.
. logout
* BYE Courier-IMAP server shutting down
. OK LOGOUT completed


9.安裝amavisd-new+clamav+SpamAssassin

groupadd clamav
useradd -g clamav -s/bin/false -d /nonexistent clamav
tar zxf postfix/clamav-0.91.1.tar.gz
cd clamav-0.91.1/
./configure
make
make install
ldconfig
mkdir /var/run/clamav
chmod 700 /var/run/clamav
chown clamav.clamav /var/run/clamav
mkdir /var/log/clamav
chmod 744 /var/log/clamav
chown clamav.clamav /var/log/clamav
配置檔案位於
/usr/local/etc/freshclam.conf
/usr/local/etc/clamd.conf
修改/usr/local/etc/clamd.conf檔案如下內容
LogFile /var/log/clamav/clamd.log

LogFileMaxSize 10M

LogTime yes

LogClean yes

LogFacility LOG_MAIL

PidFile /var/run/clamav/clamd.pid

LocalSocket /var/run/clamav/clamd

User clamav

修改/usr/local/etc/freshclam.conf檔案如下內容
UpdateLogFile /var/log/clamav/freshclam.log

LogFacility LOG_MAIL

PidFile /var/run/clamav/freshclam.pid

DatabaseMirror db.cn.clamav.net

DatabaseMirror database.clamav.net

NotifyClamd /usr/local/etc/clamd.conf


啟動clamd
/usr/local/sbin/clamd
透過crontab每天升級clamav病毒庫
30 6 * * * /usr/local/bin/freshclam >/dev/null 2>&1

安裝file的新版本
tar xzf postfix/file-4.21.tar.gz
cd file-4.21/
./configure
make
make install
ldconfig
tar zxf postfix/amavisd-new-2.5.2.tar.gz
cd amavisd-new-2.5.2/
mkdir /data/amavis
mkdir /data/amavis/tmp
mkdir /data/amavis/var
mkdir /data/amavis/db
mkdir /data/amavis/home
chown -R clamav.clamav /data/amavis
chmod -R 750 /data/amavis
amavisd.conf檔案配置選項的詳細描述位於amavisd.conf-sample檔案中
cp amavisd.conf /etc/
chown root:clamav /etc/amavisd.conf
chmod 640 /etc/amavisd.conf
mkdir /data/amavis/virusmails
chown clamav.clamav /data/amavis/virusmails
chmod 750 /data/amavis/virusmails
根據amavisd-new文件安裝必須的perl模組
perl -MCPAN -e shell
修改/etc/amavisd.conf檔案如下內容
$daemon_user  = 'clamav';     # (no default;  customary: vscan or amavis), -u
$daemon_group = 'clamav';     # (no default;  customary: vscan or amavis), -g

$mydomain = 'xxx.com';   # a convenient default for other settings

$MYHOME = '/data/amavis';   # a convenient default for other settings, -H
$TEMPBASE = "$MYHOME/tmp";   # working directory, needs to exist, -T

$inet_socket_port = 10024;   # listen on this local TCP port(s)

$virus_admin               = undef;  # notifications recip.
$spam_admin             = undef;

$final_virus_destiny      = D_DISCARD;
$final_banned_destiny     = D_DISCARD;
$final_spam_destiny       = D_DISCARD;

['ClamAV-clamd',
   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
   qr/\bOK$/, qr/\bFOUND$/,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

使用下面的命令除錯
/usr/local/sbin/amavisd debug
/usr/local/sbin/amavisd debug-sa
使用下面的命令啟動、停止、重新載入配置檔案
/usr/local/sbin/amavisd start | stop | reload

wget
根據SpamAssassin文件安裝必須的perl模組
perl -MCPAN -e shell

由於新版本的Mail-SpamAssassin存在bug,透過cpan方式安裝時無法透過make test,因此必須以普通使用者make、make test,再以root身份make install
tar zxf postfix/Mail-SpamAssassin-3.2.3.tar.gz
cd Mail-SpamAssassin-3.2.3/
su admin
perl Makefile.PL
make
make test
exit
make install

修改/etc/mail/spamassassin/local.cf檔案如下內容
# Enable Bayes auto-learning. 開啟貝葉斯自動學習功能
auto_learn 1

# Enable or Disable network checks. 略過 RBLs 檢查、使用 Razor version 2、使用 DCC (Distributed Checksum Clearinghouse)、使用 Pyzor
skip_rbl_checks 0
#use_razor2 1
use_dcc 1
use_pyzor 1

# Blacklist. 黑名單,判定減 + 100 分
#blacklist_from *@sohu.com *@mailfb.com

# Whitelist . 白名單,判定加 — 100 分
whitelist_from

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
# - chinese
ok_languages zh en

# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales zh en

# Disabled scores. 防止中文主旨和中文收件者誤判,建議再加上下列幾行
score HEADER_8BITS 0
score HTML_COMMENT_8BITS 0
score SUBJ_FULL_OF_8BITS 0
score UPPERCASE_25_50 0
score UPPERCASE_50_75 0
score UPPERCASE_75_100 0

score NO_REAL_NAME 4.000
score SPF_FAIL 10.000
score SPF_HELO_FAIL 10.000
score BAYES_99 4.300
score BAYES_90 3.500
score BAYES_80 3.000

10.postfix+amavisd-new+clamav+SpamAssassin啟動步驟(逆序執行即為停止步驟)
/usr/local/mysql/bin/mysqld_safe --user=mysql &
/usr/local/sbin/clamd
/usr/local/sbin/amavisd start
postfix start
/usr/local/sbin/authdaemond start
/usr/lib/courier-imap/libexec/imapd.rc start
/usr/lib/courier-imap/libexec/pop3d.rc start

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/94384/viewspace-600323/,如需轉載,請註明出處,否則將追究法律責任。

相關文章