FreeBSD邮件服务器架设-lsstarboy-ChinaUnix博客

注：没有注明安装选项的按照默认选项安装

cd /usr/ports/databases/mysql51-server/ make WITH_XCHARSET=all BUILD_STATIC=yes BUILD_OPTIMIZED=yes install clean

在/etc/rc.conf中加入：

mysql_enable="YES" mysql_dbdir="/home/mysqldb"

启动mysql

/usr/local/etc/rc.d/mysql-server start

cd /usr/ports/mail/extman make install clean

extman安装选项

MYSQL

perl安装选项

PERL_64BITINT
THREADS
USE_PERL

cd /usr/ports/mail/extmail/ make install clean

extmail安装选项

MYSQL

安装cyrus-sasl2时需要打一个补丁，否则会导致smtp认证失败。这是freebsd升级到8.0后才有的问题，以后cyrus-sasl2更新时应该能解决这个问题吧。

lib-checkpw.c.diff

下载上面的补丁，存放至/tmp/

cd /usr/ports/security/cyrus-sasl2 make patch

cyrus-sasl2安装选项

AUTHDAEMOND
LOGIN
PLAIN
CRAM
DIGEST

cd work/cyrus-sasl-2.1.23/lib patch checkpw.c < /tmp/lib-checkpw.c.diff cd ../../.. make install clean

cd /usr/ports/mail/postfix make install clean

postfix安装选项

PCRC
SASL2
TLS
MYSQL
VDA

You need user “postfix” added to group “mail”.选择y

Would you like to activate Postfix in /etc/mail/mailer.conf选择n

cd /usr/ports/mail/maildrop/ make WITH_AUTHLIB=yes install clean

maildrop安装选项

AUTH_MYSQL

cd /usr/ports/mail/courier-imap/ make install clean

courier-imap安装选项

TRASHQUOTA
AUTH_MYSQL

cd /usr/ports/www/apache22 make SUEXEC_DOCROOT=/usr/local/www install clean

apache安装选项

AUTH_BASIC
AUTH_DIGEST
AUTHN_FILE
AUTHN_DBM
AUTHN_ANON
AUTHN_DEFAULT
AUTHN_ALIAS
AUTHZ_HOST
AUTHZ_GROUPFILE
AUTHZ_USER
AUTHZ_DBM
AUTHZ_OWNER
AUTHZ_DEFAULT
ACTIONS
ALIAS
ASIS
AUTOINDEX
CERN_META
CGI
CHARSET_LITE
DEFLATE
DIR
DUMPIO
ENV
EXPIRES
HEADERS
IMAGEMAP
INCLUDE
INFO
LOG_CONFIG
LOGIO
MIME
MIME_MAGIC
NEGOTIATION
REWRITE
SETENVIF
STATUS
UNIQUE_ID
VHOST_ALIAS
FILTER
VERSION
PATCH_PROXY_CONNECT
SUEXEC

cd /usr/ports/databases/rrdtool make install

python安装选项

THREADS
UCS4
PYMALLOC

cd /usr/ports/devel/p5-File-Tail make install cd /usr/ports/devel/p5-Time-HiRes make install

添加dspam用户

pw group add dspam -g 1001 pw user add dspam -u 1001 -g 1001 -s /sbin/nologin -d /nonexistent cd /usr/ports/mail/dspam make DSPAM_OWNER=dspam DSPAM_HOME_OWNER=dspam install clean

dspam安装选项

SYSLOG
DEBUG
DAEMON
CLAMAV
CLAMAV_LOCAL
MYSQL51
MYSQL_COMPRESS
MYSQL_LOCAL
HASH
VIRT_USERS
LONG_USERNAMES
DOMAIN-SCALE
SENDMAIL_LDA
WebUI

make install clean

clamav安装选项

ARC
ARJ
LHA
UNZOO
UNRAR
ICONV

pw group add vmail -g 1000 pw user add vmail -u 1000 -g 1000 -s /sbin/nologin

mkdir -p /home/domains/nio.name chown -R vmail:vmail /home/domains/

在/etc/rc.conf中加入

mysql_enable="YES" mysql_dbdir="/home/mysqldb"

启动mysql

/usr/local/etc/rc.d/mysql-server start

cd /usr/local/www/extman/docs mysql < extmail.sql mysql < init.sql

编辑/usr/local/www/extman/webman.cf，真对如下选项进行修改

SYS_CONFIG = /usr/local/www/extman/ SYS_LANGDIR = /usr/local/www/extman/lang SYS_TEMPLDIR = /usr/local/www/extman/html SYS_PSIZE = 50 SYS_GROUPMAIL_SENDER = admin@nio.name SYS_LANG = zh_CN SYS_DEFAULT_MAXQUOTA = 20000 SYS_DEFAULT_MAXALIAS = 100 SYS_DEFAULT_MAXUSERS = 300 SYS_DEFAULT_MAXNDQUOTA = 20000 SYS_USER_DEFAULT_QUOTA = 1000 SYS_USER_DEFAULT_NDQUOTA = 500 SYS_USER_DEFAULT_EXPIRE = 5y SYS_MYSQL_SOCKET = /tmp/mysql.sock mkdir /tmp/extman/ chown -R vmail:vmail /tmp/extman/

配置cmdserver

cd /usr/local/www/extman/daemon/ chmod +x cmdserver

修改/usr/local/www/extman/daemon/cmd_plugin/freebsd-cmd

将my $mysql_init开头的那行改为

my $mysql_init = '/usr/local/etc/rc.d/mysql-server';

将my $dspam_init开头那行改为

my $dspam_init = '/usr/local/etc/rc.d/dspam';

启动cmdserver

/usr/local/www/extman/daemon/cmdserver --daemon

mkdir /var/lib ln -s /usr/local/www/extman/addon/mailgraph_ext /usr/local/ /usr/local/mailgraph_ext/mailgraph-init start

修改/usr/local/www/extmail/webmail.cf，对如下内容进行修改

SYS_CONFIG = /usr/local/www/extmail/ SYS_LANGDIR = /usr/local/www/extmail/lang SYS_TEMPLDIR = /usr/local/www/extmail/html SYS_USER_LANG = zh_CN SYS_MESSAGE_SIZE_LIMIT = 52428800 SYS_MFILTER_ON = 0 SYS_MYSQL_USER = extmail SYS_MYSQL_PASS = extmail SYS_MYSQL_SOCKET = /tmp/mysql.sock mkdir /tmp/extmail chown vmail:vmail /tmp/extmail/

注释掉/usr/local/www/extmail/libs/Ext/Logger/File.pm的45行

#printf $fh "$time $host extmail[$$]: $msg\n", @_;

否则登陆extmail后会提示

Insecure dependency in printf while running with -T switch at /usr/local/www/extmail/libs/Ext/Logger/File.pm line 45.

编辑/usr/local/etc/apache22/httpd.conf，取消如下vhost的注释组。

Include etc/apache22/extra/httpd-vhosts.conf

创建/usr/local/etc/apache22/Includes/extmail.conf，内容如下：

ServerName mail.nio.name DocumentRoot /usr/local/www/extmail/html/ ScriptAlias /extmail/cgi /usr/local/www/extmail/cgi/ Alias /extmail /usr/local/www/extmail/html/ AllowOverride None Options None Order allow,deny Allow from all SuexecUserGroup vmail vmail

创建/usr/local/etc/apache22/Includes/extman.conf，内容如下：

ServerName extman.nio.name DocumentRoot /usr/local/www/extman/html/ ScriptAlias /extman/cgi /usr/local/www/extman/cgi/ Alias /extman /usr/local/www/extman/html/ AllowOverride None Options None Order allow,deny Allow from all SuexecUserGroup vmail vmail chown -R vmail:vmail /usr/local/www/extmail chown -R vmail:vmail /usr/local/www/extman

编辑/etc/rc.conf，加入

apache22_enable="YES"

启动apache

/usr/local/etc/rc.d/apache22 start

由于在后面还要配置dspam，均要使用到mail.nio.name这个域名，因此需要使用一个跳转html，让页面自动进入extmail。

创建/usr/local/www/index.html，内容如下：

-Type" CONTENT="text/html; charset=utf-8">

登陆，修改管理员的默认密码，创建域nio.name，以及用户admin@nio.name和nio@nio.name。

关闭sendmail。在/etc/rc.conf中加入

sendmail_enable="NO" sendmail_submit_enable="NO" sendmail_outbound_enable="NO" sendmail_msp_queue_enable="NO"

关闭sendmail维护任务，创建/etc/periodic.conf，内容如下

daily_clean_hoststat_enable="NO" daily_status_mail_rejects_enable="NO" daily_status_include_submit_mailq="NO" daily_submit_queuerun="NO"

postconf -e 'mydomain = nio.name' //设置域名，就是本机的域名 postconf -e 'myhostname = mail.nio.name' //设置本机的FQDN，就是主机名+域名 postconf -e 'virtual_mailbox_base = /home/domains' //设置mailbox的目录 postconf -e 'virtual_uid_maps=static:1000' //设置使用mailbox的用户，就是vmail的uid postconf -e 'virtual_gid_maps=static:1000' //设置使用mailbox的组，就是vmail的gid postconf -e 'mynetworks = 127.0.0.1/32' //设置允许从本机发送邮件，给extmail用 postconf -e 'message_size_limit = 102400000' postconf -e 'virtual_mailbox_limit = 1024000000'

cp /usr/local/www/extman/docs/mysql_virtual_alias_maps.cf /usr/local/etc/postfix/ cp /usr/local/www/extman/docs/mysql_virtual_mailbox_maps.cf /usr/local/etc/postfix/ cp /usr/local/www/extman/docs/mysql_virtual_domains_maps.cf /usr/local/etc/postfix/ postconf -e 'virtual_alias_maps = $alias_maps, mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf' postconf -e 'virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf' postconf -e 'virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf'

创建/usr/local/lib/sasl2/smtpd.conf，内容如下

pwcheck_method:authdaemond log_level:3 mech_list:PLAIN LOGIN authdaemond_path:/var/run/authdaemond/socket

编辑/usr/local/etc/authlib/authdaemonrc，修改如下内容

authmodulelist="authmysql" authmodulelistorig="authmysql"

编辑/usr/local/etc/authlib/authmysqlrc，修改如下内容

MYSQL_SERVER localhost MYSQL_USERNAME extmail MYSQL_PASSWORD extmail MYSQL_PORT 3306 MYSQL_DATABASE extmail MYSQL_USER_TABLE mailbox MYSQL_CRYPT_PWFIELD password MYSQL_UID_FIELD uidnumber MYSQL_GID_FIELD gidnumber MYSQL_LOGIN_FIELD username MYSQL_HOME_FIELD homedir MYSQL_MAILDIR_FIELD maildir MYSQL_QUOTA_FIELD quota MYSQL_SELECT_CLAUSE SELECT username,password,"",uidnumber,gidnumber,\ CONCAT('/home/domains/',homedir), \ CONCAT('/home/domains/',maildir), \ quota, \ name \ FROM mailbox \ WHERE username = '$(local_part)@$(domain)'

postconf -e 'smtpd_sasl_auth_enable=yes' //开启smtpd的sasl认证 postconf -e 'broken_sasl_auth_clients = yes' //使postfix可以兼容一些非标准的MUA postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination' //允许relay认证的SMTP客户端

mkdir /var/run/authdaemond chmod 755 /var/run/authdaemond/

否则在maillog中会提示

warning: SASL authentication failure: cannot connect to Courier authdaemond: Permission denied

导致smtpd认证失败

在/etc/rc.conf中添加

postfix_enable="YES" courier_authdaemond_enable="YES" /usr/local/etc/rc.d/postfix start /usr/local/etc/rc.d/courier-authdaemond start

authtest nio@nio.name password //password是这个用户的密码 Authentication succeeded. Authenticated: nio@nio.name (uid 1000, gid 1000) Home Directory: /home/domains/nio.name/nio Maildir: /home/domains/nio.name/nio/Maildir/ Quota: 5242880S Encrypted Password: $1$vVXZqF2z$2msKkFgv/bR1RyYRKOM5D/ Cleartext Password: nio Options: wbnodsn=1

在/etc/rc.conf中添加

courier_imap_pop3d_enable="YES /usr/local/etc/rc.d/courier-imap-pop3d start

extmail在freebsd8下的黑白名单功能均正常，但对发件人、收件人、标题的过滤有问题，extmail生成的maildrop规则不正确，需要如下补丁。

extmail是1.2版本

此外，这部分可以不加。webmail的过滤没啥用。我直接就关了。

补丁MailFilter.pm.diff内容如下：

--- MailFilter.pm.orig 2010-02-02 15:51:22.000000000 +0800 +++ MailFilter.pm 2010-02-02 16:05:30.000000000 +0800 @@ -322,15 +322,15 @@ if ($rule->{from}) { $need_decode{from} = 1; - push @statements, "(\$FROM=~/.*".slashes($rule->{from}).".*/)"; + push @statements, "(\/^FROM:\.\*".slashes($rule->{from}).".*/)"; } if ($rule->{recipient}) { $need_decode{recipient} = 1; - push @statements, "(\$TO=~/.*".slashes($rule->{recipient}).".*/)"; + push @statements, "(\/^TO:\.\*".slashes($rule->{recipient}).".*/)"; } if ($rule->{subject}) { $need_decode{subject} = 1; - push @statements, "(\$SUBJECT=~/.*".slashes($rule->{subject}).".*/)"; + push @statements, "(\/SUBJECT:\.\*".slashes($rule->{subject}).".*/)"; } if ($hasattach) { push @statements, "(/^Content-Type: *multipart\\/mixed/)"; cd /usr/local/www/extmail/libs/Ext/ patch MailFilter.pm < MailFilter.pm.diff

创建数据库及用户

mysql create database dspam; grant all on dspam.* to 'dspam'@'localhost' identified by 'dspam';

创建数据库结构及初始化数据库

cd /usr/local/share/examples/dspam/mysql mysql -udspam -pdspam -Ddspam < mysql_objects-4.1.sql mysql -udspam -pdspam -Ddspam < virtual_users.sql

/usr/local/etc/dspam.conf配置如下：

Home /var/db/dspam StorageDriver /usr/local/lib/dspam/libmysql_drv.so DeliveryHost 127.0.0.1 DeliveryPort 10026 DeliveryIdent localhost DeliveryProto SMTP OnFail error Trust root Trust postfix Trust dspam Trust www TRust vmail Trust mail Trust mailnull Trust smmsp Trust daemon TrainingMode teft TestConditionalTraining on Feature whitelist Algorithm graham burton Tokenizer chain PValue bcr WebStats on AllowOverride enableBNR AllowOverride enableWhitelist AllowOverride fallbackDomain AllowOverride ignoreGroups AllowOverride ignoreRBLLookups AllowOverride localStore AllowOverride makeCorpus AllowOverride optIn AllowOverride optOut AllowOverride optOutClamAV AllowOverride processorBias AllowOverride RBLInoculate AllowOverride showFactors AllowOverride signatureLocation AllowOverride spamAction AllowOverride spamSubject AllowOverride statisticalSedation AllowOverride storeFragments AllowOverride tagNonspam AllowOverride tagSpam AllowOverride trainPristine AllowOverride trainingMode AllowOverride whitelistThreshold AllowOverride dailyQuarantineSummary ClamAVPort 3310 ClamAVHost 127.0.0.1 ClamAVResponse accept MySQLServer /tmp/mysql.sock MySQLUser dspam MySQLPass dspam MySQLDb dspam MySQLCompress true MySQLReconnect true MySQLUIDInSignature on HashRecMax 98317 HashAutoExtend on HashMaxExtents 0 HashExtentSize 49157 HashPctIncrease 10 HashMaxSeek 10 HashConnectionCache 10 Notifications off LocalMX 127.0.0.1 SystemLog on UserLog on Opt out ParseToHeaders on ChangeModeOnParse on ChangeUserOnParse full ServerPID /var/run/dspam.pid ServerMode auto ServerPass.Relay1 "secret" ServerParameters "--user dspam --deliver=innocent -d %u" ServerIdent "localhost.localdomain" ServerDomainSocketPath "/tmp/dspam.sock" ClientHost /tmp/dspam.sock ClientIdent "secret@Relay1" ProcessorURLContext on ProcessorBias on StripRcptDomain off touch /var/run/dspam.pid chown dspam:dspam /var/run/dspam.pid

启动dspam。在/etc/rc.conf中加入

dspam_enable="YES" /usr/local/etc/rc.d/dspam start

postconf -e 'dspam_destination_recipient_limit = 1' postconf -e 'smtpd_client_restrictions = permit_mynetworks,permit_sasl_authenticated,check_client_access pcre:/usr/local/etc/postfix/dspam_filter_access' postconf -e 'enable_original_recipient = no' //设置always_bbc后放置出现重复邮件 postconf -e 'always_bcc = admin@nio.name' //所有邮件都转发给管理员，这样管理员可以帮助学习垃圾邮件

创建/usr/local/etc/postfix/dspam_filter_access，内容如下：

/./ FILTER dspam postmap /usr/local/etc/postfix/dspam_filter_access

在/usr/local/etc/postfix/master.cf中加入

127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 dspam unix - n n - - pipe flags=DRhu user=dspam argv=/usr/local/bin/dspam --client --deliver=innocent,spam --user ${recipient} --mail-from=${sender}

修改/usr/local/etc/postfix/master.cf，修改

smtp inet n - n - - smtpd

为

smtp inet n - n - - smtpd -o content_filter=lmtp:unix:/tmp/dspam.sock

重启postfix

创建/usr/local/etc/apache22/Includes/dspam.conf

ServerName dspam.nio.name DocumentRoot /usr/local/www/dspam AddDefaultCharset UTF-8 AllowOverride None Options None Order allow,deny Allow from all DirectoryIndex dspam.cgi AddHandler cgi-script cgi pl Options +ExecCGI AuthType Basic AuthName "DSPAM Control Center" AuthUserFile /usr/local/www/dspam/htpasswd Require valid-user SuexecUserGroup dspam dspam chown -R dspam:dspam /usr/local/www/dspam/

cd /usr/local/www/dspam/ cp configure.pl.sample configure.pl cp default.prefs.sample default.pref echo dspam > admins htpasswd -c htpasswd dspam

下载dspam-unicode.tar.gz，解压缩后覆盖到/usr/local/www/dspam。

修改几个cgi文件中的路径为你本机中的路径。

chown -R dspam:dspam /usr/local/www/dspam/

cd /var/db/dspam ln -s /usr/local/www/dspam/default.prefs ./ chmod ug+w /usr/local/www/dspam/default.prefs

修改/usr/local/www/extmail/webmail.cf

SYS_SPAM_REPORT_ON = 1 SYS_SPAM_REPORT_TYPE = dspam

编辑/usr/local/www/extmail/tools/spam_report.pl，修改

my $dspam = '/usr/bin/dspamc --client --user extmail';

为

my $dspam = '/usr/local/bin/dspamc --client --user dspam';

postconf -e 'virtual_transport = maildrop:' postconf -e 'maildrop_destination_recipient_limit = 1' //maildrop不支持一次接收多个收件人

修改/usr/local/etc/postfix/master.cf，加入

maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}

logfile "/home/domains/maildrop.log" DECODER="/usr/local/www/extmail/tools/decode -v" if ((/^(From|Sender|Return-Path):.*MAILER\-DAEMON/)) { BADSENDER=1 } if ( /^X-DSPAM-Result:.*Spam.*/ ) { exception { to "$HOME/Maildir/.Junk/." } }

如果邮件内容老出现如下内容：

!DSPAM:1,49179586289971925617086!

将dspam的配置修改为

signatureLocation=headers

注意：需要修改如下几个文件中的signatureLocation

/var/db/dspam/data/local/dspam/dspam.prefs
/usr/local/etc/dspam.conf
/usr/local/www/dspam/default.prefs

修改后重启dspam即可。