实验环境:
网络域名:51test.com
DNS主机名称:mail.51test.com
DNS主机IP地址:192.168.1.233
邮件主机名称:mail.51test.com
邮件主机IP地址:192.168.1.233
操作系统:centos4.3
不启动SELinux服务:
1、DNS服务器的配置:
dns: mail.51test.com
MX: mail.51test.com
2、安装所需要的软件清单:
postfix-2.2.5-3.rhel4.rpm
postfix-pflogsumm-2.1.5-4.2.rhel4.rpm
---〉没装?
cyrus-sasl-2.1.19-5.rhel4.i386.rpm
dovecot-0.99.11-2.rhel4.1.rpm
httpd-2.0.52-12.ent.rpm
perl-Text-Iconv-1.4-1.2.el4.rf.i386.rpm
perl-suidperl-5.8.5-12.1.1.i386.rpm
perl-Compress-Zlib-1.34-1.2.el4.rf.i386.rpm
perl-CGI-SpeedyCGI-2.22-1.2.el4.rf.i386.rpm
perl-5.8.5-12.1.i386.rpm---〉没装
openwebmail-2.51-1.i386.rpm
3、postfix的安装过程:
4.3自带.已经装了.
4、启动postfix +
dovecot服务过程:
# service postfix start
Starting
postfix: [ 确定 ]
# service dovecot
start
启动 Dovecot Imap: [ 确定 ]
5、修改/etc/dovecot.conf文件:
#protocols =
imap imap3
更改为:
protocols = imap imap3 pop3 pop3s (启动imap
imap3 pop3 pop3s功能)
# service
dovecot restart(重新启动dovecot服务)
停止 Dovecot
Imap: [ 确定 ]
启动 Dovecot
Imap: [ 确定 ]
6.1
修改/etc/postfix/main.cf文件:
#myhostname = host.domain.tld
更改为:
myhostname = mail.51test.com (指定运行Postfix邮件系统的主机名称)
#mydomain = domain.tld
更改为:
mydomain = 51test.com
(指定Postfix邮件系统使用的域名比例:easy.com)
#myorigin = $mydomain
更改为:
myorigin = 51test.com (指定发件人所在的域名比例:easy.com)
#inet_interfaces = all
更改为:
Inet_interfaces =all
(指定Postfix邮件系统监视的网络接口)
#mydestination = $myhostname,
localhost.$mydomain, localhost, $mydomain, mail.$mydomain, ,
更改为:
mydestination = $myhostname, localhost.$mydomain, localhost,
$mydomain, mail.$mydomain, , (指定Postfix接收邮件时收件人的域名)
relay_domains =
$mydestination ←
变为此状态,定义允许转发的域名
#mynetworks =
168.100.189.0/28, 127.0.0.0/8 ← 找到此行,依照自己的内网情况修改
↓
mynetworks =
192.168.1.0/24, 127.0.0.0/8 ← 变为此状态,指定内网和本地的IP地址范围
#smtpd_banner =
$myhostname ESMTP $mail_name ($mail_version) ← 找到这一行,接此行添加如下行:
smtpd_banner = $myhostname ESMTP unknow ← 添加这一行,不显示SMTP服务器的相关信息
在配置文件的文尾,添加如下行:
#SASL SMTP验证
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options
= noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions
= permit_sasl_authenticated ,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_non_fqdn_recipient,
reject_unauth_destination
smtpd_client_restrictions
= permit_sasl_authenticated
6.2 配置SMTP认证的相
关选项
[root@sample
~]# vi /usr/lib/sasl2/smtpd.conf
pwcheck_method:
saslauthd
log_level:3
mech_list:PLAIN LOGIN
[root@sample ~]# vi /etc/sysconfig/saslauthd
FLAGS=pam ←
定义认证方式为pam
6.3关闭sendmail服
务及设置默认MTA
因为在用Postfix作为SMTP服务器的前提下,我们不准备再用sendmail,所以将sendmail
服务关掉,以确保安全及节省系统资源。
[root@sample ~]# /etc/rc.d/init.d/sendmail
stop ← 关闭sendmail服务
Shutting down
sendmail: [ OK ]
Shutting down
sm-client: [ OK ]
[root@sample ~]#
chkconfig sendmail off
← 关闭sendmail自启动
[root@sample ~]# chkconfig
--list sendmail ←
确认sendmail自启动已被关闭(都为off就OK)
sendmail 0:off
1:off 2:off 3:off 4:off 5:off 6:off
6.4然后再将默认的MTA设置为Postfix。
[root@sample
~]# alternatives --config mta ← 设置默认MTA
There are 2 programs which provide
'mta'.
Selection Command
-----------------------------------------------
*+ 1 /usr/sbin/sendmail.sendmail
← 当前状态:sendmail为默认MTA
2 /usr/sbin/sendmail.postfix
Enter to keep the current
selection[+], or type selection number: 2 ← 在这里输入2,使Postfix成为默认MTA
6.5最
后,启动SMTP认证及Postfix服务,并设置相应服务为自启动。
[root@sample ~]# chkconfig saslauthd on ←
将SMTP-Auth设置为自启动
[root@sample ~]# chkconfig
--list saslauthd ← 确认SMTP-Auth服务状态
saslauthd
0:off 1:off 2:on 3:on 4:on 5:on 6:off ← 确认2~5为on的状态就OK
[root@sample ~]# /etc/rc.d/init.d/saslauthd start ← 启动SMTP-Auth
Starting saslauthd: [ OK ]
[root@sample ~]# chkconfig
postfix on ← 将Postfix设置为自启动
[root@sample
~]# chkconfig --list postfix ← 确认Postfix服务状态
postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off ←
确认2~5为on的状态就OK
[root@sample ~]# /etc/rc.d/init.d/postfix
start ← 启动Postfix
Starting
postfix: [ OK ]
至此,就完成了SMTP服务器方
面的配置.
7、端口测试:
#telnet localhost 25
Trying 127.0.0.1...
Connected to localhost
(127.0.0.1).
Escape character is '^]'.
220 gdgz51.3322.org ESMTP
Postfix
ehlo localhost
250-gdgz51.3322.org
250-PIPELINING
250-SIZE
10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN <----认证OK
250-AUTH=LOGIN
PLAIN
250 8BITMIME
quit
221 Bye
Connection closed by foreign host.
# telnet localhost 110
Trying
127.0.0.1...
Connected to localhost (127.0.0.1).
Escape character
is '^]'.
+OK dovecot ready.
user szj
+OK
pass xdfsdf
+OK Logged in.
list
+OK 0
messages:
.
quit
+OK Logging out.
Connection
closed by foreign host.
8、安装openwebmail 2.51软件:
# service httpd restart (启动httpd服务)
停止 httpd: [ 确定 ]
启动
httpd: [ 确定 ]
# rpm -ivh
perl-5.8.5-12.1.i386.rpm --->没装?
# rpm -ivh
perl-CGI-SpeedyCGI-2.22-1.2.el4.rf.i386.rpm
# rpm -ivh
perl-Compress-Zlib-1.34-1.2.el4.rf.i386.rpm
# rpm -ivh
perl-suidperl-5.8.5-12.1.1.i386.rpm
# rpm -ivh
perl-Text-Iconv-1.4-1.2.el4.rf.i386.rpm
# rpm -ivh
openwebmail-2.51-1.i386.rpmwarning: openwebmail-2.51-1.i386.rpm: V3 DSA
signature: NOKEY, key ID
cfb164d8
Preparing...
######################################### [100%]
1:openwebmail
###################################### [100%]
# cd
/var/www/cgi-bin/openwebmail/
# ./openwebmail-tool.pl --init
9、修改
/var/www/cgi-bin/openwebmail/etc/openwebmail.conf 文件:
domainnames auto
更改为:
domainnames 51test.com
(更改为自己定义的域名)
default_language en
更改为:
default_language zh_CN.GB2312 (更改为简体中文版介面)
default_iconset Cool3D.Englist
更改为:
default_iconset Cool3D.Chinese.Simplified (更改为中文3D按键)
10、修改/var/www/cgi-bin/openwebmail/etc
/defaults/openwebmail.conf文件:
smtpserver 127.0.0.1
更改为:
smtpserver 192.168.1.223 (更改smtp服务器的地址)
authpop3_server localhost
更改为:
authpop3_server 192.168.1.223 (更改pop3服务器的地址)
11、修改/var/www/cgi-bin/openwebmail/etc/defaults/dbm.conf文
件:
dbmopen_ext none
更改为:
dbmopen_ext .db
dbmopen_haslock no
更改为:
dbmopen_haslock yes
smtpserver 192.168.1.223
(添加smtp服务器的地址)
12.1继续运行
openwebmail-tool.pl文件:
# ./openwebmail-tool.pl --init
Send the site report?(Y/n) y (输入y,然后按回车键)
12.2 添加系统用户和密码
#useradd -s /sbin/nologin szjj
#passwd szjj
13.扩展功能(可以不做):
1).
增加限制用户发送电子邮的权限:
用户权限说明:
Fandy不受发送限制(可以无限制的发送和接收Interanl、internet的电子邮件);
Yer、Biao受到发送限制(只可以发送和接收Internal内的电子邮件);
# useradd
fandy(增加本地用户:fandy)
# useradd yer(增加本地用户:yer)
# useradd
biao(增加本地用户:biao)
# passwd yer(设置本地yer用户的密码)
Changing password for user yer.
New UNIX password:
Retype
new UNIX password:
passwd: all authentication tokens updated
successfully.
# passwd fandy(设置本地fandy用户的密码)
Changing password for user fandy.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens
updated successfully.
# passwd biao(设置本地biao用户的密码)
Changing password for user biao.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens
updated successfully.
在main.cf文件中增加以下的代码:
#
restrictions
smtpd_restriction_classes = local_only
local_only = check_recipient_access hash:/etc/postfix/local_domains,
reject
smtpd_recipient_restrictions
=check_sender_access
hash:/etc/postfix/local_senderspermit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_sender,reject_non_f
qdn_recipient,reject_unauth_destination,reject_unauth_pipelining,reject_invalid_hostname
在/etc/postfix/目录下建立local_senders文件,内容如下:
local_only
local_only
在/etc/postfix/目录下建立local_domains文件,内容如下:
51test.com OK
mail.51test.com OK
为local_senders、local_domains两个文件建立hash:
# postmap
hash:/etc/postfix/local_senders
# postmap
hash:/etc/postfix/local_domains
当和两个用户向其它域
发送邮件时会出现以下的
错误信息:
554 5.7.1 <>: Sender address rejected: Access denied
554
5.7.1 <>: Sender address rejected: Access denied
14。打开服务器的110和25端口
如果对外有防火墙或者路由器,也要把它们的110和25口对外打开,否则会收不到信.
15.Postfix安装笔记2之防毒,过滤篇
15.1.下载MailScanner, ClamAV 0.88
#wget
#wget
# tar -zxvf MailScanner-4.51.5-1.rpm.tar.gz
#tar
-zxvf install-Clam-SA.tar.gz
# cd MailScanner-4.51.5-1
#
./install.sh
# cd install-Clam-SA
# ./install.sh
注:
这两步的过程比较长,可以先泡杯茶…….
15.2.配置:
vi
/etc/mail/spamassassin/init.pre
激活下面两个插件(去掉前面的 # ):
loadplugin
Mail::SpamAssassin::Plugin::DCC ???
loadplugin
Mail::SpamAssassin::Plugin::Razor2
# vi
/etc/MailScanner/MailScanner.conf
修改下面几项:
Run As User = postfix
Run
As Group = postfix
MTA = postfix
%org-name% = yayaa.net
%org-long-name%
= YY
%web-site% =
确保下面几项正确:
Incoming
Queue Dir = /var/spool/mqueue.in
Outgoing Queue Dir =
/var/spool/mqueue
Virus Scanners = auto
Use SpamAssassin = yes
#mkdir /var/spool/mqueue
#chown
postfix:postfix /var/spool/mqueue
#chown postfix:postfix
/var/spool/MailScanner/incoming
#chown postfix:postfix
/var/spool/MailScanner/quarantine
#chown -R postfix:postfix
/var/spool/mqueue.in
#chown –R postfix:postfix /var/spool/postfix
开机自启动:
#chkconfig
spamassassin on
#service spamassassin restart
#chkconfig postfix
off
# chkconfig MailScanner on
15.3.
定时自动更新
使用CCERT 中文垃圾邮件过滤规则集Chinese_rules.cf
#wget -N -P
/usr/share/spamassassin
定时更新:SA
# crontab –e
0 0 1 * * wget -N -P
/usr/share/spamassassin restart;/etc/init.d/spamassassin restart
# sa-learn
--sync -D -p user_prefs (建立学习系统)
#sa-learn --dump all(查看自学习的数据信息)
定
时更新:ClamAV
#vi /usr/local/etc/freshclam.conf
去掉下面几句前面的 #
UpdateLogFile
/var/log/freshclam.log
LogSyslog
PidFile /var/run/freshclam.pid
#vi /usr/local/etc/clamd.conf
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 2M
LogTime
PidFile /var/run/clamd.pid
LogSyslog
ScanMail
#touch
/var/log/freshclam.log
#chmod 644 /var/log/freshclam.log
#chown
clamav:clamav /var/log/freshclam.log
#mkdir /var/log/clamav
#touch
/var/log/clamav/clamd.log
#chown –R clamav:clamav /var/log/clamav
#chmod
–R 644 /var/log/clamav
#crontab –e
0 1 * * * freshclam --quiet -l
/var/log/freshclam.log
15.4.重新启动,测试
#reboot
#tail –f
/var/log/maillog |grep MailScanner
16、测试webmail方式收发电子邮件:
在ie中输入以下地址:
17。用OUTLOOK或者FOXMAIL测试。
选中”我的服务器要求身份验证“
自己给自己写封信,发,再收。测试。
给外网的邮箱发信,再回复。测试。
---------------end---------------
|
|
注意: 1。“loadplugin Mail::SpamAssassin::Plugin::DCC ???”实际是没有后面的3个问号的。有疑问的地方做电子笔记时加问号,纯属个人习惯问题。 2。如果没有“loadplugin Mail::SpamAssassin::Plugin::DCC”,请自行添加后测试。 时间久了,没测试环境,暂无法测试。谅解 |
--------------------------------------- ISP级别MAIL系统: CENTOS(基本系统) + Postfix(MTA 邮件传输代理) + MySQL(后台数据库,用户保存用户信息) + Cyrus -SASL2(发信认证) + Courier -IMAP(提供POP3/IMAP服务) + MailDrop(MDA 邮件投递代理) + amavisd-new(内容过滤) + Spamassassin(反垃圾邮件) + Clamav(杀毒) + 后台用户管理 + 高效率的webmail
|
阅读(1251) | 评论(0) | 转发(0) |