Freebsd 安装 webmail 的全过程

一、安装要用的软件

1.freebsd

2.php+mysql

3.ExtMan–>Web帐户管理后台

4.courier-imap–>Courier-IMAP是一个提供POP3、IMAP服务的程序,能够很方便的配置使其支持加密协议 POP3s、IMAPs

5.Postfix–>MTA在邮件系统中处于非常重要的位置,他负责接收其他人给你发的信,并且负责把你的信转发到目的地

6.Maildrop–>MDA-邮件分发代理。他从MTA那儿拿到信,然后存入您的邮箱里面并进行过滤

7.apache配置

8.Extmail–>支持多语言、全部模板化,功能基本齐全

extmail依耐软件–>图形日志

cd /usr/ports/databases/rrdtool && make install clean

cd /usr/ports/devel/p5-File-Tail && make install clean

cd /usr/ports/devel/p5-Time-HiRes && make install clean

9.amavisd-new–>内容/病毒过虑

10.clamav–>Clamav是一个比较好的杀毒程序,他被amavisd调用,可以查杀所有常见的病毒

11.mailman–>Mailman是一个比较好的邮件列表程序,功能非常强大,提供完美的Web端,权限可以分散管理

二、安装前准备

1.更新ports

2.编译内核

3.增加一个存储邮件的帐号和组(vmail)

执行如下命令

pw group add vmail -g 1000

pw user add vmail -u 1000 -g 1000 -s /sbin/nologin -d /dev/null

4.给test用户创建路径,需要一个测试帐号test@extmail.org, 需要准备该账号的路径

mkdir -p /maildata/domains/extmail.org/test/Maildir/new

mkdir -p /maildata/domains/extmail.org/test/Maildir/cur

mkdir -p /maildata/domains/extmail.org/test/Maildir/tmp

chown -R vmail:vmail /maildata/domains/

chmod -R 700 /maildata/domains/

三、安装ExtMan

由于在安装过程中要使用ExtMan里面带的文件,因此在此先安装ExtMan。安装时根据个人需要选择MySQL

cd /usr/ports/mail/extman/ && make config && make install clean

四、安装配置courier-imap POP3/IMAP

cd /usr/ports/mail/courier-imap/ && make config && make install clean

安装时选择(如果你使用MySQL认证,则选择AUTH_MYSQL): TRASHQUOTA AUTH_MYSQL

1.Authlib的配置

启动authdaemond: /usr/local/etc/rc.d/courier-authdaemond start

authdaemond启动完成后,检查/var/run/authdaemond下面是否产生 socket  文件

拷贝一份配置文件 cp /usr/local/etc/authlib/authdaemonrc /usr/local/etc/authlib/authdaemonrc.bak

(1).编辑ee /usr/local/etc/authlib/authdaemonrc文件,内容类似如下:

authmodulelist=”authmysql”

authmodulelistorig=”authmysql”

version=”authdaemond.mysql”

daemons=5

authdaemonvar=/var/run/authdaemond

subsystem=mail

DEBUG_LOGIN=0

DEFAULTOPTIONS=”wbnodsn=1″

LOGGEROPTS=””

增加/var/run/authdaemond的执行权限:chmod +x /var/run/authdaemond

拷贝一份配置文件 cp /usr/local/etc/authlib/authmysqlrc /usr/local/etc/authlib/authmysqlrc.bak

(2).编辑ee /usr/local/etc/authlib/authmysqlrc文件,内容类似如下:

MYSQL_SERVER localhost

MYSQL_USERNAME extmail

MYSQL_PASSWORD extmail

MYSQL_PORT 0

MYSQL_OPT 0

MYSQL_DATABASE extmail

MYSQL_SELECT_CLAUSE SELECT username,password,””,uidnumber,gidnumber,\

CONCAT(’/maildata/domains/’,homedir), \

CONCAT(’/maildata/domains/’,maildir), \

quota, \

name \

FROM mailbox \

WHERE username = ‘$(local_part)@$(domain)’

2.配置支持POP3s

拷贝一份配置文件 cp /usr/local/etc/courier-imap/pop3d.cnf.dist /usr/local/etc/courier-imap/pop3d.cnf

编辑 ee /usr/local/etc/courier-imap/pop3d.cnf文件,内容类似如下:

RANDFILE = /usr/local/share/courier-imap/pop3d.rand

[ req ]

default_bits = 1024

encrypt_key = yes

distinguished_name = req_dn

x509_extensions = cert_type

prompt = no

[ req_dn ]

C=CN

ST=BJ

L=Bei Jing

O=BeingLAN Mail Server

OU=BeingLAN

CN=beinglan

emailAddress=entere@126.com

[ cert_type ]

nsCertType = server

执行如下命令产生供POP3s使用的证书 /usr/local/sbin/mkpop3dcert

3.配置支持IMAPs

拷贝一份配置文件 cp /usr/local/etc/courier-imap/imapd.cnf.dist /usr/local/etc/courier-imap/imapd.cnf

编辑 ee /usr/local/etc/courier-imap/imapd.cnf文件,内容类似如下:

RANDFILE = /usr/local/share/courier-imap/imapd.rand

[ req ]

default_bits = 1024

encrypt_key = yes

distinguished_name = req_dn

x509_extensions = cert_type

prompt = no

[ req_dn ]

C=CN

ST=BJ

L=Bei Jing

O=BeingLAN

OU=BeingLAN

CN=beinglan

emailAddress=entere@126.com

[ cert_type ]

nsCertType = server

执行如下命令产生供POP3s使用的证书 /usr/local/sbin/mkimapdcert

4.配置自动启动

编辑/etc/rc.conf文件,添加如下行:

courier_authdaemond_enable=”YES”

courier_imap_pop3d_enable=”YES”

courier_imap_imapd_enable=”YES”

courier_imap_pop3d_ssl_enable=”YES”

courier_imap_imapd_ssl_enable=”YES”

这5行的作用分别是在开机时:启动authdaemond,启动pop3d,启动imapd,启动pop3d-ssl,启动imapd-ssl

也可以使用命令行来控制这些进程的启动或者停止:

/usr/local/etc/rc.d/courier-authdaemond start/stop

/usr/local/etc/rc.d/courier-imap-pop3d start/stop

/usr/local/etc/rc.d/courier-imap-imapd start/stop

/usr/local/etc/rc.d/courier-imap-pop3d-ssl start/stop

/usr/local/etc/rc.d/courier-imap-imapd-ssl start/stop

五、安装和配置Postfix-MTA

注:可在此之前安装cyrus-sasl2->SMTP认证库

cd /usr/ports/security/cyrus-sasl2 && make install WITH_AUTHDAEMON=yes

cd /usr/ports/mail/postfix/ && make config  && make install clean

安装时选择(如果你使用MySQL验证,可以选择MYSQL):PCRE SASL2 TLS MYSQL VDA TEST

Would you like me to add it [y]?y

Would you like to activate Postfix in /etc/mail/mailer.conf [n]? n

1.配置postfix

编辑/etc/rc.conf,增加如下一行:postfix_enable=”YES”

编辑/etc/aliases,确保有如下一行:postfix: root

替换掉系统带的sendmail程序:

mv /usr/sbin/sendmail /usr/sbin/sendmail.bak

cp /usr/local/sbin/sendmail /usr/sbin/sendmail

编辑/etc/periodic.conf,加入如下内容,禁掉sendmail的自动维护。

daily_clean_hoststat_enable=”NO”

daily_status_mail_rejects_enable=”NO”

daily_status_include_submit_mailq=”NO”

daily_submit_queuerun=”NO”

执行如下命令:

postalias /etc/aliases

chown postfix:postfix /etc/opiekeys

postconf -e ‘mydomain = extmail.org’

postconf -e ‘myhostname = mail.extmail.org’

postconf -e ‘myorigin = $mydomain’

postconf -e ‘virtual_mailbox_base = /maildata/domains’

postconf -e ‘virtual_uid_maps=static:1000′

postconf -e ‘virtual_gid_maps=static:1000′

执行如下命令对查询表进行配置:

cp /usr/local/www/extman/docs/mysql_virtual_* /usr/local/etc/postfix/

/usr/local/sbin/postconf -e ‘virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf’

/usr/local/sbin/postconf -e ‘virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf’

/usr/local/sbin/postconf -e ‘virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf’

/usr/local/sbin/postconf -e ‘virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf’

/usr/local/sbin/postconf -e ‘virtual_mailbox_limit_override = yes’

/usr/local/sbin/postconf -e ‘virtual_maildir_limit_message = Sorry,the user’s Maildir has overdrawn his diskspace quota,tray again later’

2.SMTP认证设置

创建/usr/local/lib/sasl2/smtpd.conf  并加入下面的内容,注意最后一行不要有空格或tab键

pwcheck_method:authdaemond

log_level:3

mech_list:PLAIN LOGIN

authdaemond_path:/var/run/authdaemond/socket

对postfix做如下配置使支持smtp认证

/usr/local/sbin/postconf -e ’smtpd_sasl_auth_enable = yes’

/usr/local/sbin/postconf -e ‘broken_sasl_auth_clients = yes’

/usr/local/sbin/postconf -e ’smtpd_sasl_local_domain = $myhostname’

3.postfix反垃圾设置

此处的反垃圾邮件只是在MTA级的一些预防垃圾邮件的设置,可根据实际情况以及自己的需要进行调整

/usr/local/sbin/postconf -e ’smtpd_helo_required=yes’

/usr/local/sbin/postconf -e ’smtpd_delay_reject=yes’

/usr/local/sbin/postconf -e ‘disable_vrfy_command=yes’

/usr/local/sbin/postconf -e ’smtpd_client_restrictions = check_client_access hash:/usr/local/etc/postfix/client_access’

/usr/local/sbin/postconf -e ’smtpd_helo_restrictions=reject_invalid_hostname,check_helo_access hash:/usr/local/etc/postfix/helo_access’

/usr/local/sbin/postconf -e ’smtpd_sender_restrictions =permit_mynetworks, reject_sender_login_mismatch,reject_authenticated_sender_login_mismatch, reject_unauthenticated_sender_login_mismatchreject_non_fqdn_sender, reject_unknown_sender_domain, check_sender_access hash:/usr/local/etc/postfix/sender_access’

/usr/local/sbin/postconf -e ’smtpd_recipient_restrictions=permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain’

/usr/local/sbin/postconf -e ’smtpd_data_restrictions=reject_unauth_pipelining’

/usr/local/sbin/postconf -e ‘header_checks = regexp:/usr/local/etc/postfix/head_checks’

/usr/local/sbin/postconf -e ‘body_checks = regexp:/usr/local/etc/postfix/body_checks’

touch /usr/local/etc/postfix/head_checks

touch /usr/local/etc/postfix/body_checks

touch /usr/local/etc/postfix/client_access

touch /usr/local/etc/postfix/sender_access

touch /usr/local/etc/postfix/helo_access

/usr/local/sbin/postmap /usr/local/etc/postfix/head_checks

/usr/local/sbin/postmap /usr/local/etc/postfix/body_checks

/usr/local/sbin/postmap /usr/local/etc/postfix/client_access

/usr/local/sbin/postmap /usr/local/etc/postfix/sender_access

/usr/local/sbin/postmap /usr/local/etc/postfix/helo_access

4.设置支持 TLS 建议安装 openssl  稳定版以减少出错的机率 [可以不配置]

生成证书,在这里默认私钥的访问密码为123qwe98,请根据自己的情况决定,以后可能会用得到

执行下面的命令:

mkdir -p /usr/local/etc/postfix/certs/CA

cd /usr/local/etc/postfix/certs/CA

mkdir certs crl newcerts private

echo “01″ > serial

touch index.txt

cp /usr/src/crypto/openssl/apps/openssl.cnf .

编辑openssl.cnf,确认dir参数的值是/usr/local/etc/postfix/certs/CA。

然后继续执行如下命令,并根据情况输入信息。输入信息类似如下:

Country Name (2 letter code) [AU]:CN

State or Province Name (full name) [Some-State]:BJ

Locality Name (eg, city) []:Bei Jing

Organization Name (eg, company) [Internet Widgits Pty Ltd]:Extmail

Organizational Unit Name (eg, section) []:extmail

Common Name (eg, YOUR name) []:extmail.org

Email Address []:entere@126.com

命令如下:

openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650 -config openssl.cnf

openssl req -nodes -new -x509 -keyout mykey.pem -out myreq.pem -days 3650 -config openssl.cnf

openssl x509 -x509toreq -in myreq.pem -signkey mykey.pem -out tmp.pem

openssl ca -config openssl.cnf -policy policy_anything -out mycert.pem -infiles tmp.pem

rm tmp.pem

cp cacert.pem mycert.pem mykey.pem /usr/local/etc/postfix/certs/

cd /usr/local/etc/postfix/certs/

chown root:wheel cacert.pem mycert.pem

chown root:postfix mykey.pem

chmod 755 cacert.pem

chmod 644 mycert.pem

chmod 440 mykey.pem

ln -s cacert.pem `openssl x509 -noout -hash < cacert.pem `.0

配置postfix支持TLS

postconf -e ’smtpd_use_tls=yes’

postconf -e ’smtpd_tls_auth_only=no’

postconf -e ’smtp_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem’

postconf -e ’smtp_tls_cert_file = /usr/local/etc/postfix/certs/mycert.pem’

postconf -e ’smtp_tls_key_file = /usr/local/etc/postfix/certs/mykey.pem’

postconf -e ’smtpd_tls_CAfile=/usr/local/etc/postfix/certs/cacert.pem’

postconf -e ’smtpd_tls_cert_file=/usr/local/etc/postfix/certs/mycert.pem’

postconf -e ’smtpd_tls_key_file=/usr/local/etc/postfix/certs/mykey.pem’

postconf -e ’smtpd_tls_received_header=yes’

postconf -e ’smtpd_tls_loglevel=3′

postconf -e ’smtpd_starttls_timeout=60s’

配置master.cf,添加如下信息:

smtps     inet  n       –       n       –       –       smtpd

-o smtpd_tls_wrappermode=yes

-o smtpd_sasl_auth_enable=yes

-o smtpd_client_restrictions=permit_sasl_authenticated,reject

六、安装和配置Maildrop-MDA

cd /usr/ports/mail/maildrop/ && make WITH_AUTHLIB=yes install clean

安装时选择mysql

1.修改master.cf的maildrop,类似修改为:

#maildrop  unix  –       n       n       –       –       pipe

#  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}

maildrop  unix  –       n       n       –       –       pipe

flags=DRhu user=vmail:vmail argv=/usr/local/bin/maildrop -w 90 -d ${recipient}

===========================

这里注意flags前面是有空格的

===========================

2.修改main.cf ee/usr/local/etc/postfix/main.cf

/usr/local/sbin/postconf -e ‘virtual_transport=maildrop:’

/usr/local/sbin/postconf -e ‘maildrop_destination_concurrency_limit=1′

/usr/local/sbin/postconf -e ‘maildrop_destination_recipient_limit=1′

3.编辑文件 ee /usr/local/etc/maildroprc 确保是如下内容:

logfile “/maildata/domains/maildrop.log”

#logfile “/var/log/maildrop.log”

TEST=”/bin/test -f”

#

# Check for custom user .mailfilter file

#

CUSTOM_FILTER=”$HOME/.mailfilter”

`$TEST $CUSTOM_FILTER && exit 1 || exit 0`

if ( $RETURNCODE == 0 )

{

to “$HOME/Maildir”

}

七、配置apache

1.修改apache的配置文件/usr/local/etc/apache22/httpd.conf,使apache运行时的权限为 vmail:vmail

User vmail

Group vmail

2.虚拟主机配置编辑ee /usr/local/etc/apache22/Includes/extmail.conf

NameVirtualHost *:80

<VirtualHost *:80>

ServerName mail.beinglan.com

DocumentRoot /usr/local/www/extmail/html/

ScriptAlias /extmail/cgi /usr/local/www/extmail/cgi/

Alias /extmail /usr/local/www/extmail/html/

ScriptAlias /extman/cgi “/usr/local/www/extman/cgi/”

Alias /extman “/usr/local/www/extman/html/”

<Location “/extman/cgi”>

SetHandler cgi-script

Options +ExecCGI

AllowOverride All

</Location>

<Directory “/usr/local/www”>

AllowOverride None

Options None

Order allow,deny

Allow from all

</Directory>

# SuexecUserGroup gumail gumail

</VirtualHost>

3.配置支持https [可不配置]

复制一份证书到apache的目录

mkdir /usr/local/etc/apache22/certs/

cp /usr/local/etc/postfix/certs/*.pem /usr/local/etc/apache22/certs/

编辑文件/usr/local/etc/apache22/Includes/extmail-ssl.conf,内容如下

Listen 443

AddType application/x-x509-ca-cert .crt

AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin

SSLSessionCache        shmcb:/var/run/ssl_scache(512000)

SSLSessionCacheTimeout  300

SSLMutex  file:/var/run/ssl_mutex

<VirtualHost _default_:443>

DocumentRoot “/usr/local/www/extmail/html”

ServerName mail.extmail.org:443

ScriptAlias /extmail/cgi /usr/local/www/extmail/cgi/

Alias /extmail /usr/local/www/extmail/html/

ScriptAlias /extman/cgi “/usr/local/www/extman/cgi/”

Alias /extman “/usr/local/www/extman/html/”

ServerAdmin chifeng@gmail.com

ErrorLog /var/log/httpd-error.log

TransferLog /var/log/httpd-access.log

SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

#SSLCertificateFile /usr/local/etc/apache22/server.crt

#SSLCertificateKeyFile /usr/local/etc/apache22/server.key

SSLCertificateFile /usr/local/etc/apache22/certs/mycert.pem

SSLCertificateKeyFile /usr/local/etc/apache22/certs/mykey.pem

<FilesMatch “\.(cgi|shtml|phtml|php)$”>

SSLOptions +StdEnvVars

</FilesMatch>

<Directory “/usr/local/www/apache22/cgi-bin”>

SSLOptions +StdEnvVars

</Directory>

BrowserMatch “.*MSIE.*” \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

CustomLog /var/log/httpd-ssl_request.log \

“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”

#SuexecUserGroup vmail vmail

</VirtualHost>

4.重起一下apache

/usr/local/etc/rc.d/apache22.sh restart

八、安装配置Extmail

安装不需要选择MySQL,LDAP,因为在安装ExtMan的时候已经把这些包装上了。

cd /usr/ports/mail/extmail && make install clean

1.配置extmail

cp /usr/local/www/extmail/webmail.cf.default /usr/local/www/extmail/webmail.cf

编辑/usr/local/www/extmail/webmail.cf,修改对应的参数如下

SYS_CONFIG = /usr/local/www/extmail/

SYS_LANGDIR = /usr/local/www/extmail/lang

SYS_TEMPLDIR = /usr/local/www/extmail/html

SYS_SESS_DIR = /var/tmp/extmail/

SYS_LOG_TYPE = file

SYS_USER_LANG = zh_CN

SYS_USER_CHARSET = utf-8

SYS_AUTH_TYPE = mysql

SYS_MAILDIR_BASE = /maildata/domains

SYS_mysql_BASE = dc=extmail.org

SYS_mysql_RDN = cn=Manager,dc=extmail.org

SYS_mysql_PASS = extmail

SYS_mysql_HOST = mysql.extmail.org

SYS_mysql_ATTR_USERNAME = mail

SYS_mysql_ATTR_DOMAIN = virtualDomain

SYS_mysql_ATTR_PASSWD = userPassword

SYS_mysql_ATTR_QUOTA = mailQuota

SYS_mysql_ATTR_NDQUOTA = netdiskQuota

SYS_mysql_ATTR_HOME = homeDirectory

SYS_mysql_ATTR_MAILDIR = mailMessageStore

执行如下命令

mkdir /var/tmp/extmail

chown vmail:vmail /var/tmp/extmail/

chmod 777 /var/tmp/extmail

touch /var/log/extmail.log

chown vmail:vmail /var/log/extmail.log

chown -R vmail:vmail /usr/local/www/extmail/

2.配置extman

cp /usr/local/www/extmail/webman.cf.default /usr/local/www/extmail/webman.cf

SYS_CONFIG = /usr/local/www/extman/

SYS_LANGDIR = /usr/local/www/extman/lang

SYS_TEMPLDIR = /usr/local/www/extman/html

SYS_MAILDIR_BASE = /maildata/domains

SYS_SESS_DIR = /var/tmp/extman/

SYS_PSIZE = 50

SYS_LANG = zh_CN

SYS_DEFAULT_MAXQUOTA = 10000

SYS_DEFAULT_MAXALIAS = 10000

SYS_DEFAULT_MAXUSERS = 1000

SYS_DEFAULT_MAXNDQUOTA = 100

SYS_BACKEND_TYPE = mysql

SYS_mysql_BASE = dc=extmail.org

SYS_mysql_RDN = cn=Manager,dc=extmail.org

SYS_mysql_PASS = webman

SYS_mysql_HOST = localhost

SYS_mysql_ATTR_USERNAME = mail

SYS_mysql_ATTR_PASSWD = userPassword

其他设置

执行如下命令

mkdir /var/tmp/extman/

chown –R vmail:vmail /var/tmp/extman/

chmod 777 /var/tmp/extman/

chmod 755 /usr/local/www/extman/webman.cf

unlink /usr/local/www/extman/libs/HTML/KTemplate.pm

cp /usr/local/www/extmail/libs/HTML/KTemplate.pm /usr/local/www/extman/libs/HTML/

九、配置图形日志

安装依赖软件

cd /usr/ports/databases/rrdtool && make install clean

cd /usr/ports/devel/p5-File-Tail && make install clean

cd /usr/ports/devel/p5-Time-HiRes && make install clean

安装mailgraph_ext

cp -Rfp /usr/local/www/extman/addon/mailgraph_ext/ /usr/local/mailgraph_ext

/usr/local/mailgraph_ext/mailgraph-init start

/usr/local/mailgraph_ext/qmonitor-init start

十、extmail数据库的导入

进入extmail的docs 目录,导入 msyql 数据

cd /usr/local/www/extman/docs

cd extman-0.2.4/docs/

/usr/local/bin/mysql -uroot -p <extmail.sql

Enter password:

/usr/local/bin/mysql -uroot -p < init.sql

Enter password:

默认密码root@extmail.org extmail*123*

默认数据库位置/var/db/mysql/extmail

到目前为止,一个基本的邮件系统已经安装完成,他支持了smtp,pop3,imap,webmail。并且支持对应的SSL加密 smtps,pop3s,imaps,https。

十一、内容/病毒过虑amavisd-new

cd /usr/ports/security/amavisd-new && make install clean

安装时选择 BDB MILTER SPAMASSASSIN FILE RAR UNRAR ARJ LHA ARC CAB RPM ZOO UNZOO LZOP FREEZE P7ZIP

1.修改/etc/rc.conf增加如下一行,系统启动时自动运行amavisd

amavisd_enable=”YES”

spamd_enable=”YES”

2.配置amavisd.conf   修改 ee /usr/local/etc/amavisd.conf文件中对应的选项,如下

$max_servers = 10;

$sa_spam_subject_tag = ‘[SPAM] ‘;

$mydomain = ‘extmail.org’;

$myhostname = ‘extmail.org’;

@local_domains_maps = qw(.);

$sa_tag_level_deflt = undef;

$sa_tag2_level_deflt = 5.0;

$sa_kill_level_deflt = 5.0;

$final_virus_destiny = D_DISCARD;

$final_banned_destiny = D_DISCARD;

$final_spam_destiny = D_DISCARD;

$virus_admin = “postmaster\@$mydomain”;

$mailfrom_notify_admin = “postmaster\@$mydomain”;

$mailfrom_notify_recip = “postmaster\@$mydomain”;

$mailfrom_notify_spamadmin = “postmaster\@$mydomain”;

@whitelist_sender_maps = read_hash(”$MYHOME/white.lst”);

@blacklist_sender_maps = read_hash(”$MYHOME/black.lst”);

$spam_quarantine_to = “spam\@$mydomain”;

$virus_quarantine_to = “virus\@$mydomain”;

$banned_quarantine_to = “spam\@$mydomain”;

$hdrfrom_notify_admin = “Content Filter “;

执行如下操作

touch /var/amavis/white.txt

touch /var/amavis/black.txt

chown –R vscan:vscan /var/amavis/

3. 配置postfix对amavisd-new的支持  修改ee /usr/local/etc/postfix/master.cf 增加如下内容

smtp-amavis unix – – n – 4 smtp

-o smtp_data_done_timeout=1200

-o smtp_send_xforward_command=yes

-o disable_dns_lookups=yes

========================

注意哦,这里也是有空格的

========================

127.0.0.1:10025 inet n – n – – smtpd

-o content_filter=

-o local_recipient_maps=

-o relay_recipient_maps=

-o smtpd_restriction_classes=

-o smtpd_helo_restrictions=

-o smtpd_sender_restrictions=

-o smtpd_recipient_restrictions=permit_mynetworks,reject

-o mynetworks=127.0.0.0/8

-o strict_rfc821_envelopes=yes

-o smtpd_error_sleep_time=0

-o smtpd_soft_error_limit=1001

-o smtpd_hard_error_limit=1000

-o receive_override_options=

========================

注意哦,这里也是有空格的

========================

修改content_filter ,receive_override_options这两项,禁止地址展开/影射,否则遇到别名时会产生冗余邮件。但是打开这一项 receive_override_options后会和邮件列表程序相冲突,导致邮件列表的aliases不能打开。:(所以如果使用了邮件列表,则不 要设置receive_override_options这一项。

postconf -e ‘content_filter = smtp-amavis:[localhost]:10024′

postconf -e ‘receive_override_options = no_address_mappings’

十二、安装配置clamav Clamav是一个比较好的杀毒程序,他被amavisd调用

cd /usr/ports/security/clamav && make install clean

安装时选择 ARC ARJ LHA UNZOO UNRAR

1.修改配置文件

编辑/usr/local/etc/clamd.conf

User vscan

编辑/usr/local/etc/freshclam.conf

DatabaseOwner vscan

修改/etc/rc.conf增加两行

clamav_clamd_enable=”YES”

clamav_freshclam_enable=”YES”

2.修改/usr/local/etc/amavisd.conf,增加如下内容,使amavis-new对clamav的支持

[‘ClamAV-clamd’,

\&ask_daemon, [“CONTSCAN {}\n”, “/var/run/clamav/clamd”],

qr/\bOK$/, qr/\bFOUND$/,

qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

3.修改权限设置

chown –R vscan:vscan /var/run/clamav/

chown –R vscan:vscan /var/log/clamav/

chown –R vscan:vscan /var/db/clamav/

4.启动clamav。clamav有2个daemon需要启动,一个是用来查病毒的clamd,另外一个是用来更新病毒库的 freshclam,他们分别通过如下脚本启动。

/usr/local/etc/rc.d/clamav-clamd start

/usr/local/etc/rc.d/clamav-freshclam start

5.配置Spamassassin 开源软件中最好的内容过滤程序,做内容过滤的必选。[可以不配]

cp /usr/local/etc/mail/spamassassin/local.cf.sample /usr/local/etc/mail/spamassassin/local.cf

修改/usr/local/etc/mail/spamassassin/local.cf

report_safe             1

use_bayes               0

auto_learn              0

bayes_auto_expire       1

skip_rbl_checks         1

use_razor2              0

use_dcc                 0

use_pyzor               0

dns_available           no

lock_method             flock

使用Chinese_rules.cf

fetch得到这个规则后可以看到,他从2006年10月2日以来,都没有再更新过了,因此是否仍然使用该规则取决于您自己。如果仍然想继续使 用,按照如下的操作即可。

-rw-r–r– 1 root wheel 55342 Oct 2 2006 Chinese_rules.cf

编辑脚本/var/cron/sa.sh

#!/bin/sh

cd /tmp/

fetch -q http://www.ccert.edu.cn/spam/sa/Chinese_rules.cf

mv Chinese_rules.cf /usr/local/share/spamassassin/

/usr/local/etc/rc.d/amavisd forcerestart > /dev/null

增加执行权限

chmod +x /var/cron/sa.sh

编辑/etc/crontab,增加一行如下,每周6执行一次

0 0 * * 6 root /var/cron/sa.sh

6.可以通过如下脚本来启动他们

/usr/local/etc/rc.d/clamav-clamd restart

/usr/local/etc/rc.d/amavisd restart

/usr/local/etc/rc.d/postfix restart

You may also like...

发表评论