Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1135077
  • 博文数量: 414
  • 博客积分: 10030
  • 博客等级: 上将
  • 技术积分: 4440
  • 用 户 组: 普通用户
  • 注册时间: 2008-10-05 21:42
文章分类

全部博文(414)

文章存档

2011年(1)

2009年(1)

2008年(412)

我的朋友

分类: LINUX

2008-10-09 21:52:18

实验环境:
    网络域名:51test.com
    DNS主机名称:mail.51test.com
    DNS主机IP地址:192.168.1.233
    邮件主机名称:mail.51test.com
    邮件主机IP地址:192.168.1.233
    操作系统:centos4.3
    不启动SELinux服务:
1、DNS服务器的配置:
  dns: mail.51test.com
  MX: mail.51test.com
2、安装所需要的软件清单:
    postfix-2.2.5-3.rhel4.rpm
    postfix-pflogsumm-2.1.5-4.2.rhel4.rpm ---〉没装?
    cyrus-sasl-2.1.19-5.rhel4.i386.rpm
    dovecot-0.99.11-2.rhel4.1.rpm
    httpd-2.0.52-12.ent.rpm
    perl-Text-Iconv-1.4-1.2.el4.rf.i386.rpm
    perl-suidperl-5.8.5-12.1.1.i386.rpm
    perl-Compress-Zlib-1.34-1.2.el4.rf.i386.rpm
    perl-CGI-SpeedyCGI-2.22-1.2.el4.rf.i386.rpm
    perl-5.8.5-12.1.i386.rpm---〉没装
    openwebmail-2.51-1.i386.rpm
   
3、postfix的安装过程:
   4.3自带.已经装了.
4、启动postfix + dovecot服务过程:
    # service postfix start
    Starting postfix:                             [ 确定 ]
    # service dovecot start
    启动 Dovecot Imap:                         [ 确定 ]
   
5、修改/etc/dovecot.conf文件:
    #protocols = imap imap3
    更改为:
    protocols = imap imap3 pop3 pop3s (启动imap imap3 pop3 pop3s功能)
    # service dovecot restart(重新启动dovecot服务)
    停止 Dovecot Imap:                           [ 确定 ]
    启动 Dovecot Imap:                           [ 确定 ]
   
6.1修改/etc/postfix/main.cf文件:
    #myhostname = host.domain.tld
    更改为:
    myhostname = mail.51test.com (指定运行Postfix邮件系统的主机名称)
    #mydomain = domain.tld
    更改为:
    mydomain = 51test.com (指定Postfix邮件系统使用的域名比例:easy.com)
   
    #myorigin = $mydomain
    更改为:
    myorigin = 51test.com (指定发件人所在的域名比例:easy.com)
   
    #inet_interfaces = all
    更改为:
    Inet_interfaces =all (指定Postfix邮件系统监视的网络接口)
   
    #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain,
,
    更改为:
    mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain,
, (指定Postfix接收邮件时收件人的域名)
    
relay_domains = $mydestination  ← 变为此状态,定义允许转发的域名
#mynetworks = 168.100.189.0/28, 127.0.0.0/8  ← 找到此行,依照自己的内网情况修改
 ↓
mynetworks = 192.168.1.0/24, 127.0.0.0/8  ← 变为此状态,指定内网和本地的IP地址范围
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)  ← 找到这一行,接此行添加如下行:
smtpd_banner = $myhostname ESMTP unknow  ← 添加这一行,不显示SMTP服务器的相关信息
在配置文件的文尾,添加如下行:
#SASL SMTP验证
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated ,
 reject_non_fqdn_sender,
 reject_unknown_sender_domain,
 reject_unknown_recipient_domain,
 reject_non_fqdn_recipient,
 reject_unauth_destination
smtpd_client_restrictions = permit_sasl_authenticated
 
6.2 配置SMTP认证的相关选项
[root@sample ~]# vi /usr/lib/sasl2/smtpd.conf 
pwcheck_method: saslauthd
log_level:3
mech_list:PLAIN LOGIN
[root@sample ~]# vi /etc/sysconfig/saslauthd
FLAGS=pam   ← 定义认证方式为pam

6.3关闭sendmail服务及设置默认MTA
因为在用Postfix作为SMTP服务器的前提下,我们不准备再用sendmail,所以将sendmail服务关掉,以确保安全及节省系统资源。
[root@sample ~]# /etc/rc.d/init.d/sendmail stop  ← 关闭sendmail服务
Shutting down sendmail:         [ OK ]
Shutting down sm-client:         [ OK ]
[root@sample ~]# chkconfig sendmail off  ← 关闭sendmail自启动
[root@sample ~]# chkconfig --list sendmail  ← 确认sendmail自启动已被关闭(都为off就OK)
sendmail 0:off 1:off 2:off 3:off 4:off 5:off 6:off

6.4然后再将默认的MTA设置为Postfix。
[root@sample ~]# alternatives --config mta  ← 设置默认MTA
There are 2 programs which provide 'mta'.
Selection Command
-----------------------------------------------
*+ 1 /usr/sbin/sendmail.sendmail  ← 当前状态:sendmail为默认MTA
 2 /usr/sbin/sendmail.postfix

Enter to keep the current selection[+], or type selection number: 2  ← 在这里输入2,使Postfix成为默认MTA

6.5最后,启动SMTP认证及Postfix服务,并设置相应服务为自启动。
[root@sample ~]# chkconfig saslauthd on  ← 将SMTP-Auth设置为自启动
[root@sample ~]# chkconfig --list saslauthd  ← 确认SMTP-Auth服务状态
saslauthd 0:off 1:off 2:on 3:on 4:on 5:on 6:off  ← 确认2~5为on的状态就OK
[root@sample ~]# /etc/rc.d/init.d/saslauthd start  ← 启动SMTP-Auth
Starting saslauthd:           [ OK ]
[root@sample ~]# chkconfig postfix on  ← 将Postfix设置为自启动
[root@sample ~]# chkconfig --list postfix  ← 确认Postfix服务状态
postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off  ← 确认2~5为on的状态就OK
[root@sample ~]# /etc/rc.d/init.d/postfix start  ← 启动Postfix
Starting postfix:            [ OK ]
至此,就完成了SMTP服务器方面的配置.

7、端口测试:
#telnet localhost 25
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
Escape character is '^]'.
220 gdgz51.3322.org ESMTP Postfix
ehlo localhost
250-gdgz51.3322.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN <----认证OK
250-AUTH=LOGIN PLAIN
250 8BITMIME
quit
221 Bye
Connection closed by foreign host.

# telnet localhost 110
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
Escape character is '^]'.
+OK dovecot ready.
user szj
+OK
pass xdfsdf
+OK Logged in.
list
+OK 0 messages:
.
quit
+OK Logging out.
Connection closed by foreign host.
 
8、安装openwebmail 2.51软件:
    # service httpd restart (启动httpd服务)
    停止 httpd:                               [ 确定 ]
    启动 httpd:                               [ 确定 ]
   
    # rpm -ivh perl-5.8.5-12.1.i386.rpm --->没装?
    # rpm -ivh perl-CGI-SpeedyCGI-2.22-1.2.el4.rf.i386.rpm
    # rpm -ivh perl-Compress-Zlib-1.34-1.2.el4.rf.i386.rpm
    # rpm -ivh perl-suidperl-5.8.5-12.1.1.i386.rpm
    # rpm -ivh perl-Text-Iconv-1.4-1.2.el4.rf.i386.rpm
   
# rpm -ivh openwebmail-2.51-1.i386.rpmwarning: openwebmail-2.51-1.i386.rpm: V3 DSA signature: NOKEY, key ID
cfb164d8
    Preparing...   ######################################### [100%]
    1:openwebmail   ###################################### [100%]
       
    # cd /var/www/cgi-bin/openwebmail/
    # ./openwebmail-tool.pl --init
   
9、修改 /var/www/cgi-bin/openwebmail/etc/openwebmail.conf 文件:
   
    domainnames       auto
    更改为:
    domainnames       51test.com (更改为自己定义的域名)
   
    default_language         en
    更改为:
    default_language     zh_CN.GB2312 (更改为简体中文版介面)
   
    default_iconset     Cool3D.Englist
    更改为:
    default_iconset     Cool3D.Chinese.Simplified (更改为中文3D按键)
10、修改/var/www/cgi-bin/openwebmail/etc/defaults/openwebmail.conf文件:
    smtpserver           127.0.0.1
    更改为:
    smtpserver           192.168.1.223 (更改smtp服务器的地址)
   
    authpop3_server           localhost
    更改为:
    authpop3_server           192.168.1.223 (更改pop3服务器的地址)
   
11、修改/var/www/cgi-bin/openwebmail/etc/defaults/dbm.conf文件:
   
    dbmopen_ext       none
    更改为:
    dbmopen_ext       .db
   
    dbmopen_haslock     no
    更改为:
    dbmopen_haslock     yes
   
    smtpserver         192.168.1.223 (添加smtp服务器的地址)
   
12.1继续运行openwebmail-tool.pl文件:
    # ./openwebmail-tool.pl --init
  
    Send the site report?(Y/n) y (输入y,然后按回车键)
  
12.2
添加系统用户和密码
   #useradd -s /sbin/nologin szjj
   #passwd szjj
13.扩展功能(可以不做):
1).增加限制用户发送电子邮的权限:
    用户权限说明:
    Fandy不受发送限制(可以无限制的发送和接收Interanl、internet的电子邮件);
    Yer、Biao受到发送限制(只可以发送和接收Internal内的电子邮件);
   
    # useradd fandy(增加本地用户:fandy)
    # useradd yer(增加本地用户:yer)
    # useradd biao(增加本地用户:biao)
   
    # passwd yer(设置本地yer用户的密码)
    Changing password for user yer.
    New UNIX password:
    Retype new UNIX password:
    passwd: all authentication tokens updated successfully.
   
    # passwd fandy(设置本地fandy用户的密码)
    Changing password for user fandy.
    New UNIX password:
    Retype new UNIX password:
    passwd: all authentication tokens updated successfully.
   
    # passwd biao(设置本地biao用户的密码)
    Changing password for user biao.
    New UNIX password:
    Retype new UNIX password:
    passwd: all authentication tokens updated successfully.
   
    在main.cf文件中增加以下的代码:
   
    # restrictions
    smtpd_restriction_classes = local_only
    local_only = check_recipient_access hash:/etc/postfix/local_domains, reject
    smtpd_recipient_restrictions =check_sender_access
hash:/etc/postfix/local_senderspermit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_sender,reject_non_f
qdn_recipient,reject_unauth_destination,reject_unauth_pipelining,reject_invalid_hostname
   
    在/etc/postfix/目录下建立local_senders文件,内容如下:
   
   
     local_only
   
   local_only
   
    在/etc/postfix/目录下建立local_domains文件,内容如下:
   
    51test.com         OK
    mail.51test.com     OK
   
    为local_senders、local_domains两个文件建立hash:
   
    # postmap hash:/etc/postfix/local_senders
    # postmap hash:/etc/postfix/local_domains
   
    当
两个用户向其它域发送邮件时会出现以下的
    错误信息:
    554 5.7.1 <
>: Sender address rejected: Access denied
    554 5.7.1 <
>: Sender address rejected: Access denied
   
14。打开服务器的110和25端口
如果对外有防火墙或者路由器,也要把它们的110和25口对外打开,否则会收不到信.
15.Postfix安装笔记2之防毒,过滤篇
15.1.下载MailScanner, ClamAV 0.88
#wget
#wget
 
# tar -zxvf MailScanner-4.51.5-1.rpm.tar.gz
#tar -zxvf install-Clam-SA.tar.gz
# cd MailScanner-4.51.5-1
# ./install.sh
# cd install-Clam-SA
# ./install.sh
注: 这两步的过程比较长,可以先泡杯茶…….
15.2.配置:
vi /etc/mail/spamassassin/init.pre
激活下面两个插件(去掉前面的 # ):
loadplugin Mail::SpamAssassin::Plugin::DCC 
loadplugin Mail::SpamAssassin::Plugin::Razor2
# vi /etc/MailScanner/MailScanner.conf
修改下面几项:
Run As User = postfix
Run As Group = postfix
MTA = postfix
%org-name% = yayaa.net
%org-long-name% = YY
%web-site% =

确保下面几项正确:
Incoming Queue Dir = /var/spool/mqueue.in
Outgoing Queue Dir = /var/spool/mqueue
Virus Scanners = auto
Use SpamAssassin = yes

#mkdir /var/spool/mqueue
#chown postfix:postfix /var/spool/mqueue
#chown postfix:postfix /var/spool/MailScanner/incoming
#chown postfix:postfix /var/spool/MailScanner/quarantine
#chown -R postfix:postfix /var/spool/mqueue.in
#chown –R postfix:postfix /var/spool/postfix

开机自启动:
#chkconfig spamassassin on
#service spamassassin restart
#chkconfig postfix off
# chkconfig MailScanner on

15.3.定时自动更新
使用CCERT 中文垃圾邮件过滤规则集Chinese_rules.cf
#wget -N -P /usr/share/spamassassin

定时更新:SA
# crontab –e
0 0 1 * * wget -N -P /usr/share/spamassassin
restart;/etc/init.d/spamassassin restart
# sa-learn --sync -D -p user_prefs (建立学习系统)
#sa-learn --dump all(查看自学习的数据信息)
定时更新:ClamAV
#vi /usr/local/etc/freshclam.conf
去掉下面几句前面的 #
UpdateLogFile /var/log/freshclam.log
LogSyslog
PidFile /var/run/freshclam.pid
#vi /usr/local/etc/clamd.conf
LogFile /var/log/clamav/clamd.log 
LogFileMaxSize 2M 
LogTime
PidFile /var/run/clamd.pid
LogSyslog
ScanMail
#touch /var/log/freshclam.log
#chmod 644 /var/log/freshclam.log
#chown clamav:clamav /var/log/freshclam.log 
#mkdir /var/log/clamav
#touch /var/log/clamav/clamd.log
#chown –R clamav:clamav /var/log/clamav
#chmod –R 644 /var/log/clamav
#crontab –e
0 1 * * * freshclam --quiet -l /var/log/freshclam.log

15.4.重新启动,测试
#reboot
#tail –f /var/log/maillog |grep MailScanner

16、测试webmail方式收发电子邮件:
    在ie中输入以下地址:
   

17。用OUTLOOK或者FOXMAIL测试。
    选中”我的服务器要求身份验证“
    自己给自己写封信,发,再收。测试。
    给外网的邮箱发信,再回复。测试。
 
阅读(2008) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~