实验环境:
网络域名:51test.com
DNS主机名称:mail.51test.com
DNS主机IP地址:192.168.1.233
邮件主机名称:mail.51test.com
邮件主机IP地址:192.168.1.233
操作系统:centos4.3
不启动SELinux服务:
1、DNS服务器的配置:
dns: mail.51test.com
MX: mail.51test.com
2、安装所需要的软件清单:
postfix-2.2.5-3.rhel4.rpm
postfix-pflogsumm-2.1.5-4.2.rhel4.rpm ---〉没装?
cyrus-sasl-2.1.19-5.rhel4.i386.rpm
dovecot-0.99.11-2.rhel4.1.rpm
httpd-2.0.52-12.ent.rpm
perl-Text-Iconv-1.4-1.2.el4.rf.i386.rpm
perl-suidperl-5.8.5-12.1.1.i386.rpm
perl-Compress-Zlib-1.34-1.2.el4.rf.i386.rpm
perl-CGI-SpeedyCGI-2.22-1.2.el4.rf.i386.rpm
perl-5.8.5-12.1.i386.rpm---〉没装
openwebmail-2.51-1.i386.rpm
3、postfix的安装过程:
4.3自带.已经装了.
4、启动postfix + dovecot服务过程:
# service postfix start
Starting postfix: [ 确定 ]
# service dovecot start
启动 Dovecot Imap: [ 确定 ]
5、修改/etc/dovecot.conf文件:
#protocols = imap imap3
更改为:
protocols = imap imap3 pop3 pop3s (启动imap imap3 pop3 pop3s功能)
# service dovecot restart(重新启动dovecot服务)
停止 Dovecot Imap: [ 确定 ]
启动 Dovecot Imap: [ 确定 ]
6.1修改/etc/postfix/main.cf文件:
#myhostname = host.domain.tld
更改为:
myhostname = mail.51test.com (指定运行Postfix邮件系统的主机名称)
#mydomain = domain.tld
更改为:
mydomain = 51test.com (指定Postfix邮件系统使用的域名比例:easy.com)
#myorigin = $mydomain
更改为:
myorigin = 51test.com (指定发件人所在的域名比例:easy.com)
#inet_interfaces = all
更改为:
Inet_interfaces =all (指定Postfix邮件系统监视的网络接口)
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain, ,
更改为:
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain, , (指定Postfix接收邮件时收件人的域名)
relay_domains = $mydestination ← 变为此状态,定义允许转发的域名
#mynetworks = 168.100.189.0/28, 127.0.0.0/8 ← 找到此行,依照自己的内网情况修改
↓
mynetworks = 192.168.1.0/24, 127.0.0.0/8 ← 变为此状态,指定内网和本地的IP地址范围
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) ← 找到这一行,接此行添加如下行:
smtpd_banner = $myhostname ESMTP unknow ← 添加这一行,不显示SMTP服务器的相关信息
在配置文件的文尾,添加如下行:
#SASL SMTP验证
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated ,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_non_fqdn_recipient,
reject_unauth_destination
smtpd_client_restrictions = permit_sasl_authenticated
6.2 配置SMTP认证的相关选项
[root@sample ~]# vi /usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
log_level:3
mech_list:PLAIN LOGIN
[root@sample ~]# vi /etc/sysconfig/saslauthd
FLAGS=pam ← 定义认证方式为pam
6.3关闭sendmail服务及设置默认MTA
因为在用Postfix作为SMTP服务器的前提下,我们不准备再用sendmail,所以将sendmail服务关掉,以确保安全及节省系统资源。
[root@sample ~]# /etc/rc.d/init.d/sendmail stop ← 关闭sendmail服务
Shutting down sendmail: [ OK ]
Shutting down sm-client: [ OK ]
[root@sample ~]# chkconfig sendmail off ← 关闭sendmail自启动
[root@sample ~]# chkconfig --list sendmail ← 确认sendmail自启动已被关闭(都为off就OK)
sendmail 0:off 1:off 2:off 3:off 4:off 5:off 6:off
6.4然后再将默认的MTA设置为Postfix。
[root@sample ~]# alternatives --config mta ← 设置默认MTA
There are 2 programs which provide 'mta'.
Selection Command
-----------------------------------------------
*+ 1 /usr/sbin/sendmail.sendmail ← 当前状态:sendmail为默认MTA
2 /usr/sbin/sendmail.postfix
Enter to keep the current selection[+], or type selection number: 2 ← 在这里输入2,使Postfix成为默认MTA
6.5最后,启动SMTP认证及Postfix服务,并设置相应服务为自启动。
[root@sample ~]# chkconfig saslauthd on ← 将SMTP-Auth设置为自启动
[root@sample ~]# chkconfig --list saslauthd ← 确认SMTP-Auth服务状态
saslauthd 0:off 1:off 2:on 3:on 4:on 5:on 6:off ← 确认2~5为on的状态就OK
[root@sample ~]# /etc/rc.d/init.d/saslauthd start ← 启动SMTP-Auth
Starting saslauthd: [ OK ]
[root@sample ~]# chkconfig postfix on ← 将Postfix设置为自启动
[root@sample ~]# chkconfig --list postfix ← 确认Postfix服务状态
postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off ← 确认2~5为on的状态就OK
[root@sample ~]# /etc/rc.d/init.d/postfix start ← 启动Postfix
Starting postfix: [ OK ]
至此,就完成了SMTP服务器方面的配置.
7、端口测试:
#telnet localhost 25
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
Escape character is '^]'.
220 gdgz51.3322.org ESMTP Postfix
ehlo localhost
250-gdgz51.3322.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN <----认证OK
250-AUTH=LOGIN PLAIN
250 8BITMIME
quit
221 Bye
Connection closed by foreign host.
# telnet localhost 110
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
Escape character is '^]'.
+OK dovecot ready.
user szj
+OK
pass xdfsdf
+OK Logged in.
list
+OK 0 messages:
.
quit
+OK Logging out.
Connection closed by foreign host.
8、安装openwebmail 2.51软件:
# service httpd restart (启动httpd服务)
停止 httpd: [ 确定 ]
启动 httpd: [ 确定 ]
# rpm -ivh perl-5.8.5-12.1.i386.rpm --->没装?
# rpm -ivh perl-CGI-SpeedyCGI-2.22-1.2.el4.rf.i386.rpm
# rpm -ivh perl-Compress-Zlib-1.34-1.2.el4.rf.i386.rpm
# rpm -ivh perl-suidperl-5.8.5-12.1.1.i386.rpm
# rpm -ivh perl-Text-Iconv-1.4-1.2.el4.rf.i386.rpm
# rpm -ivh openwebmail-2.51-1.i386.rpmwarning: openwebmail-2.51-1.i386.rpm: V3 DSA signature: NOKEY, key ID
cfb164d8
Preparing... ######################################### [100%]
1:openwebmail ###################################### [100%]
# cd /var/www/cgi-bin/openwebmail/
# ./openwebmail-tool.pl --init
9、修改 /var/www/cgi-bin/openwebmail/etc/openwebmail.conf 文件:
domainnames auto
更改为:
domainnames 51test.com (更改为自己定义的域名)
default_language en
更改为:
default_language zh_CN.GB2312 (更改为简体中文版介面)
default_iconset Cool3D.Englist
更改为:
default_iconset Cool3D.Chinese.Simplified (更改为中文3D按键)
10、修改/var/www/cgi-bin/openwebmail/etc/defaults/openwebmail.conf文件:
smtpserver 127.0.0.1
更改为:
smtpserver 192.168.1.223 (更改smtp服务器的地址)
authpop3_server localhost
更改为:
authpop3_server 192.168.1.223 (更改pop3服务器的地址)
11、修改/var/www/cgi-bin/openwebmail/etc/defaults/dbm.conf文件:
dbmopen_ext none
更改为:
dbmopen_ext .db
dbmopen_haslock no
更改为:
dbmopen_haslock yes
smtpserver 192.168.1.223 (添加smtp服务器的地址)
12.1继续运行openwebmail-tool.pl文件:
# ./openwebmail-tool.pl --init
Send the site report?(Y/n) y (输入y,然后按回车键)
12.2 添加系统用户和密码
#useradd -s /sbin/nologin szjj
#passwd szjj
13.扩展功能(可以不做):
1).增加限制用户发送电子邮的权限:
用户权限说明:
Fandy不受发送限制(可以无限制的发送和接收Interanl、internet的电子邮件);
Yer、Biao受到发送限制(只可以发送和接收Internal内的电子邮件);
# useradd fandy(增加本地用户:fandy)
# useradd yer(增加本地用户:yer)
# useradd biao(增加本地用户:biao)
# passwd yer(设置本地yer用户的密码)
Changing password for user yer.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
# passwd fandy(设置本地fandy用户的密码)
Changing password for user fandy.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
# passwd biao(设置本地biao用户的密码)
Changing password for user biao.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
在main.cf文件中增加以下的代码:
# restrictions
smtpd_restriction_classes = local_only
local_only = check_recipient_access hash:/etc/postfix/local_domains, reject
smtpd_recipient_restrictions =check_sender_access
hash:/etc/postfix/local_senderspermit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_sender,reject_non_f
qdn_recipient,reject_unauth_destination,reject_unauth_pipelining,reject_invalid_hostname
在/etc/postfix/目录下建立local_senders文件,内容如下:
local_only
local_only
在/etc/postfix/目录下建立local_domains文件,内容如下:
51test.com OK
mail.51test.com OK
为local_senders、local_domains两个文件建立hash:
# postmap hash:/etc/postfix/local_senders
# postmap hash:/etc/postfix/local_domains
当和两个用户向其它域发送邮件时会出现以下的
错误信息:
554 5.7.1 <>: Sender address rejected: Access denied
554 5.7.1 <>: Sender address rejected: Access denied
14。打开服务器的110和25端口
如果对外有防火墙或者路由器,也要把它们的110和25口对外打开,否则会收不到信.
15.Postfix安装笔记2之防毒,过滤篇
15.1.下载MailScanner, ClamAV 0.88
#wget
#wget
# tar -zxvf MailScanner-4.51.5-1.rpm.tar.gz
#tar -zxvf install-Clam-SA.tar.gz
# cd MailScanner-4.51.5-1
# ./install.sh
# cd install-Clam-SA
# ./install.sh
注: 这两步的过程比较长,可以先泡杯茶…….
15.2.配置:
vi /etc/mail/spamassassin/init.pre
激活下面两个插件(去掉前面的 # ):
loadplugin Mail::SpamAssassin::Plugin::DCC
loadplugin Mail::SpamAssassin::Plugin::Razor2
# vi /etc/MailScanner/MailScanner.conf
修改下面几项:
Run As User = postfix
Run As Group = postfix
MTA = postfix
%org-name% = yayaa.net
%org-long-name% = YY
%web-site% =
确保下面几项正确:
Incoming Queue Dir = /var/spool/mqueue.in
Outgoing Queue Dir = /var/spool/mqueue
Virus Scanners = auto
Use SpamAssassin = yes
#mkdir /var/spool/mqueue
#chown postfix:postfix /var/spool/mqueue
#chown postfix:postfix /var/spool/MailScanner/incoming
#chown postfix:postfix /var/spool/MailScanner/quarantine
#chown -R postfix:postfix /var/spool/mqueue.in
#chown –R postfix:postfix /var/spool/postfix
开机自启动:
#chkconfig spamassassin on
#service spamassassin restart
#chkconfig postfix off
# chkconfig MailScanner on
15.3.定时自动更新
使用CCERT 中文垃圾邮件过滤规则集Chinese_rules.cf
#wget -N -P /usr/share/spamassassin
定时更新:SA
# crontab –e
0 0 1 * * wget -N -P /usr/share/spamassassin restart;/etc/init.d/spamassassin restart
# sa-learn --sync -D -p user_prefs (建立学习系统)
#sa-learn --dump all(查看自学习的数据信息)
定时更新:ClamAV
#vi /usr/local/etc/freshclam.conf
去掉下面几句前面的 #
UpdateLogFile /var/log/freshclam.log
LogSyslog
PidFile /var/run/freshclam.pid
#vi /usr/local/etc/clamd.conf
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 2M
LogTime
PidFile /var/run/clamd.pid
LogSyslog
ScanMail
#touch /var/log/freshclam.log
#chmod 644 /var/log/freshclam.log
#chown clamav:clamav /var/log/freshclam.log
#mkdir /var/log/clamav
#touch /var/log/clamav/clamd.log
#chown –R clamav:clamav /var/log/clamav
#chmod –R 644 /var/log/clamav
#crontab –e
0 1 * * * freshclam --quiet -l /var/log/freshclam.log
15.4.重新启动,测试
#reboot
#tail –f /var/log/maillog |grep MailScanner
16、测试webmail方式收发电子邮件:
在ie中输入以下地址:
17。用OUTLOOK或者FOXMAIL测试。
选中”我的服务器要求身份验证“
自己给自己写封信,发,再收。测试。
给外网的邮箱发信,再回复。测试。
阅读(2008) | 评论(0) | 转发(0) |