月度归档:2018年11月

postfix admin command

生成数据库 postmap hash:/etc/postfix/access
显示信件列表: postqueue -p
显示信件內容: postcat -q Queue_ID          //Queue_ID为信件代号;
刪除各別信件:postsuper -d Queue_ID
全部刪除: postsuper -d ALL
扣住信件: postsuper -h Queue_ID
回复: postsuper -H Queue_ID
重新排程:
postsuper -r Queue_ID
postsuper -r ALL
清除信件:
postqueue -f (全部)
postqueue -s 主机名称(个别对象)
要查看Postfix的当前主要配置文件的存放路径:
postconf -n
系统日志:tail -f /var/log/messages
邮件日志:tail -f /var/log/maillog
clamd相关: tail -f /var/log/clamav/clamd.log  tail -f /var/log/clamav/freshclam.log
maildrop相关:tail -f /var/log/maildrop.log
apache相关:tail -f /usr/local/httpd/logs/error_log  tail -f /usr/local/httpd/logs/suexec_log
mysql相关: tail -f /usr/local/mysql/data/linux.linux.com.err
测试amavisd: amavisd -d config debug-sa
测试spam: spamassassin -D --lint
测试maildrop: maildrop -V 10 -d test@test.com

重新加载postfix-sen的配置文件
postfix -c /etc/postfix-sen reload
查看postfix-sen下的邮件的数量
postqueue -c /etc/postfix-sen -p
删除postfix-mx2-staredm的所有邮件
postsuper -c /etc/postfix-sen -d ALL

grep  Queue_ID /var/log/maillog   //查看此邮件在邮件服务器发送状态;
-----------------------------------------------------------------------

linux commands

 

 

---------- find ------------

$ find <指定目录> <指定条件> <指定动作>
find / | egrep "sendmail|postfix" | egrep -v "share/doc"
find /etc -name '*srm*'
find / -amin -10 # 查找在系统中最后10分钟访问的文件
find / -atime -2 # 查找在系统中最后48小时访问的文件
find / -empty # 查找在系统中为空的文件或者文件夹
find / -group cat # 查找在系统中属于 groupcat的文件
find / -mmin -5 # 查找在系统中最后5分钟里修改过的文件
find / -mtime -1 #查找在系统中最后24小时里修改过的文件
find / -nouser #查找在系统中属于作废用户的文件
find / -user fred #查找在系统中属于FRED这个用户的文件

----------- locate -----------

$ locate /etc/sh
搜索etc目录下所有以sh开头的文件。

$ locate ~/m
搜索用户主目录下,所有以m开头的文件。

$ locate -i ~/m
搜索用户主目录下,所有以m开头的文件,并且忽略大小写。

----------

 

 

 

.

 

 

 

telnet smtp

用perl对用户标识和口令进行BASE64编码,登陆的时候用

perl -MMIME::Base64 -e 'print encode_base64("Username");'

网易邮箱客户端需要授权,密码是收取密码

perl -MMIME::Base64 -e 'print encode_base64("Password");'

 

 

telnet smtp.163.com 25    # 25端口

Trying 123.125.50.133...

Connected to smtp.163.com.
Escape character is '^]'.    # Ctrl + ] 进入命令
220 163.com Anti-spam GT for Coremail System (163com[20141201])
HELO smtp.163.com     # 握手
250 OK
AUTH LOGIN        # 登录
334 dXNlcm5hbWU6
UserName_Base64      # 用户标识
334 UGFzc3dvcmQ6
PassWord_Base64      # 口令
235 Authentication successful
MAIL FROM: <test@163.com>
250 Mail OK
RCPT TO: <dst@qq.com>
250 Mail OK
DATA           # 编辑内容
354 End data with <CR><LF>.<CR><LF>
SUBJECT: test by telnet

内容
.              # CRLF.CRLF结尾
554 DT:SPM 163 smtp3,DdGowADXp5QSS0NbadqVAA--.38636S2 1531136905,please see http://mail.163.com/help/help_spam_16.htm?ip=218.56.92.204&hostid=smtp3&time=1531136905
NOOP            # 循环不退出
250 OK
QUIT           # 退出
221 Bye
Connection closed by foreign host.

 

错误说明:

  •421 HL:REP 该IP发送行为异常,存在接收者大量不存在情况,被临时禁止连接。请检查是否有用户发送病毒或者垃圾邮件,并核对发送列表有效性;
•421 HL:ICC 该IP同时并发连接数过大,超过了网易的限制,被临时禁止连接。请检查是否有用户发送病毒或者垃圾邮件,并降低IP并发连接数量;
•421 HL:IFC 该IP短期内发送了大量信件,超过了网易的限制,被临时禁止连接。请检查是否有用户发送病毒或者垃圾邮件,并降低发送频率;
•421 HL:MEP 该IP发送行为异常,存在大量伪造发送域域名行为,被临时禁止连接。请检查是否有用户发送病毒或者垃圾邮件,并使用真实有效的域名发送;
•450 MI:CEL 发送方出现过多的错误指令。请检查发信程序;
•450 MI:DMC 当前连接发送的邮件数量超出限制。请减少每次连接中投递的邮件数量;
•450 MI:CCL 发送方发送超出正常的指令数量。请检查发信程序;
•450 RP:DRC 当前连接发送的收件人数量超出限制。请控制每次连接投递的邮件数量;
•450 RP:CCL 发送方发送超出正常的指令数量。请检查发信程序;
•450 DT:RBL 发信IP位于一个或多个RBL里。请参考http://www.rbls.org/关于RBL的相关信息;
•450 WM:BLI 该IP不在网易允许的发送地址列表里;
•450 WM:BLU 此用户不在网易允许的发信用户列表里;
•451 DT:SPM ,please try again 邮件正文带有垃圾邮件特征或发送环境缺乏规范性,被临时拒收。请保持邮件队列,两分钟后重投邮件。需调整邮件内容或优化发送环境;
•451 Requested mail action not taken: too much fail authentication 登录失败次数过多,被临时禁止登录。请检查密码与帐号验证设置;
•451 RP:CEL 发送方出现过多的错误指令。请检查发信程序;
•451 MI:DMC 当前连接发送的邮件数量超出限制。请控制每次连接中投递的邮件数量;
•451 MI:SFQ 发信人在15分钟内的发信数量超过限制,请控制发信频率;
•451 RP:QRC 发信方短期内累计的收件人数量超过限制,该发件人被临时禁止发信。请降低该用户发信频率;
•451 Requested action aborted: local error in processing 系统暂时出现故障,请稍后再次尝试发送;
•500 Error: bad syntaxU 发送的smtp命令语法有误;
•550 MI:NHD HELO命令不允许为空;
•550 MI:IMF 发信人电子邮件地址不合规范。请参考http://www.rfc-editor.org/关于电子邮件规范的定义;
•550 MI:SPF 发信IP未被发送域的SPF许可。请参考http://www.openspf.org/关于SPF规范的定义;
•550 MI:DMA 该邮件未被发信域的DMARC许可。请参考http://dmarc.org/关于DMARC规范的定义;
•550 MI:STC 发件人当天的连接数量超出了限定数量,当天不再接受该发件人的邮件。请控制连接次数;
•550 RP:FRL 网易邮箱不开放匿名转发(Open relay);
•550 RP:RCL 群发收件人数量超过了限额,请减少每封邮件的收件人数量;
•550 RP:TRC 发件人当天内累计的收件人数量超过限制,当天不再接受该发件人的邮件。请降低该用户发信频率;
•550 DT:SPM 邮件正文带有很多垃圾邮件特征或发送环境缺乏规范性。需调整邮件内容或优化发送环境;
•550 Invalid User 请求的用户不存在;
•550 User in blacklist 该用户不被允许给网易用户发信;
•550 User suspended 请求的用户处于禁用或者冻结状态;
•550 Requested mail action not taken: too much recipient  群发数量超过了限额;
•552 Illegal Attachment 不允许发送该类型的附件,包括以.uu .pif .scr .mim .hqx .bhx .cmd .vbs .bat .com .vbe .vb .js .wsh等结尾的附件;
•552 Requested mail action aborted: exceeded mailsize limit 发送的信件大小超过了网易邮箱允许接收的最大限制;
•553 Requested action not taken: NULL sender is not allowed 不允许发件人为空,请使用真实发件人发送;
•553 Requested action not taken: Local user only  SMTP类型的机器只允许发信人是本站用户;
•553 Requested action not taken: no smtp MX only  MX类型的机器不允许发信人是本站用户;
•553 authentication is required  SMTP需要身份验证,请检查客户端设置;
•554 DT:SPM 发送的邮件内容包含了未被许可的信息,或被系统识别为垃圾邮件。请检查是否有用户发送病毒或者垃圾邮件;
•554 DT:SUM 信封发件人和信头发件人不匹配;
•554 IP is rejected, smtp auth error limit exceed 该IP验证失败次数过多,被临时禁止连接。请检查验证信息设置;
•554 HL:IHU 发信IP因发送垃圾邮件或存在异常的连接行为,被暂时挂起。请检测发信IP在历史上的发信情况和发信程序是否存在异常;
•554 HL:IPB 该IP不在网易允许的发送地址列表里;
•554 MI:STC 发件人当天内累计邮件数量超过限制,当天不再接受该发件人的投信。请降低发信频率;
•554 MI:SPB 此用户不在网易允许的发信用户列表里;
•554 IP in blacklist 该IP不在网易允许的发送地址列表里。

 

 

 

 

.

 

 

 

 

 

 

CentOS6.4+LAMP+Postfix+Dovecot+Postfixadmin+Roundcubemail (2)

大纲

十二、安装并配置病毒扫描与垃圾邮件过滤

十三、安装并配置managesieve插件

十四、常见问题分析

说明:我们继续接着上一博文继续往下面说(上一博文:http://freeloda.blog.51cto.com/2033581/1245492),首先我们来简单回忆一下我们上一篇博文的主要内容,我们说明了mail架构的主要部件,整个mail系统的工作流程,重点对比了,常规mail架构与精简mail架构的区别,重点说明了dovecot的优点,不仅能提供SASL认证,还是提供LDA功能,且效率大大的提高,不会占用太多有内存资源,然后我们具体演示了精简mail架构的配置过程,包括LAMP环境的搭建、Postfix配置、Dovecot配置、Postfixadmin配置、以及Roundcubemail的配置,完整搭建了整个邮件系统,但没有演示反垃圾邮件与邮件杀毒,在这一篇博文中我们重点讲解,反垃圾邮件与邮件杀毒,还有常见问题分析,好了下面我们就来说一说,嘿嘿!

十二、安装并配置病毒扫描与垃圾邮件过滤

1.安装安amavisd-new、clamav及spamassassin

[root@mail ~]# yum install -y  amavisd-new clamav clamav-devel clamd spamassassin

说明,amavisd-new、clamav及spamassassin可从RPMForge软件仓库安装,想想当年我们手动安装perl模块果,几十个模块一个个安装那叫一个苦B啊,嘿嘿,现在好了可以用yum直接安装,那叫一个爽!

2.查看amavisd-new、clamav及spamassassin开机自启动

[root@mail ~]# chkconfig --list | grep "amavisd\|clamd\|spamassassin"  
amavisd         0:off   1:off   2:on    3:on    4:on    5:on    6:off   
clamd           0:off   1:off   2:on    3:on    4:on    5:on    6:off   
spamassassin    0:off   1:off   2:off   3:off   4:off   5:off   6:off   
[root@mail ~]#

大家可以看到spamassassin是个服务是停止的开机没有启动,是因为amavisd-new直接将spamassassin作为一个模块使用,所以不需要守护进程,自然开机不需要启动,嘿嘿!

3.修改SpamAssassin配置文件

SpamAssassin作为amavisd-new的模块是需要特别配置,只要安装就行,但是你也可以定制它通过修改
[root@mail ~]# vim /etc/mail/spamassassin/local.cf
# These values can be overridden by editing ~/.spamassassin/user_prefs.cf   
# (see spamassassin(1) for details)
# These should be safe assumptions and allow for simple visual sifting  
# without risking lost emails.
required_hits 5  
report_safe 0   
rewrite_header Subject [SPAM]

我这里只是列出为给大家看一下,有需要的博友自行修改,我这里就不修改了!

4.修改ClamAV配置文件/etc/clamd.conf

说明,ClamAV的设定存放在/etc/clamd.conf内,我们修改/etc/clamd.conf配置文件让ClamAV知道,Amavisd-new将会利用本地的UNIX通讯端与它通信而不是利用tcp端口来与它通信!

[root@mail ~]# vim /etc/clamd.conf
#利用本地通信
LocalSocket /var/run/clamav/clamd.sock
#注释掉TCP通信端口
#TCPSocket 3310

5.修改Amavisd-new配置文件/etc/amavisd.conf

(1).通过去除以下数行的注释来停止检查病毒域垃圾邮件(由于下面数行默认是被注释掉的,因此病毒及垃圾邮件在预设中默认是被启动的)

[root@mail ~]# vim /etc/amavisd.con
# @bypass_virus_checks_maps = (1);  # controls running of anti-virus code  
# @bypass_spam_checks_maps  = (1);  # controls running of anti-spam code   
# $bypass_decode_parts = 1;         # controls running of decoders&dearchivers

(2).接着可以看到下面几行

$max_servers = 2;            # num of pre-forked children (2..30 is common), -m  
$daemon_user  = "amavis";     # (no default;  customary: vscan or amavis), -u   
$daemon_group = "amavis";     # (no default;  customary: vscan or amavis), -g   
$inet_socket_port = 10024;   # listen on this local TCP port(s)
# $notify_method  = 'smtp:[127.0.0.1]:10025';  
# $forward_method = 'smtp:[127.0.0.1]:10025';  # set to undef with milter!

说明,

$max_servers 设定同步执行的Amavisd-new进程数量,而且必须与/etc/postfix/master.cf内的amavisfeed服务的maxproc中相符合

$daemon_user及$daemon_group应该用来匹配Amavisd-new的用户及群组

$inet_socket_port   定义Amavisd-new将会在哪一个tcp端口接纳来自Postfix的连接

$notify_method及$forward_method定义Amavisd-new把邮件重新注入Postfix的途径

(3).以下是必须修改项

$mydomain = 'free.com';  #我这里是free.com域              
$MYHOME = '/var/amavis';                   
$helpers_home = "$MYHOME/var";             
$lock_file = "$MYHOME/var/amavisd.lock";   
$pid_file  = "$MYHOME/var/amavisd.pid";   
$myhostname = 'mail.free.com'; #我这里是mail.free.com主机

(4).下面是SpamAssassin设定来替换预设的SpamAssassin设置

$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level  
$sa_tag2_level_deflt = 6.2;  # add 'spam detected' headers at that level   
$sa_kill_level_deflt = 6.9;  # triggers spam evasive actions (e.g. blocks mail)   
$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent   
$sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From   
# $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off   
$penpals_bonus_score = 8;    # (no effect without a @storage_sql_dsn database)   
$penpals_threshold_high = $sa_kill_level_deflt;  # don't waste time on hi spam   
$bounce_killer_score = 100;  # spam score points to add for joe-jobbed bounces
$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger  
$sa_local_tests_only = 0;    # only tests which do not require internet access?

说明,默认不需要修改但你得知道它们和意义,可以方便的帮助我们设置垃圾邮件‘

$sa_tag_level_deflt  指定Amavisd-new由哪一个级别开始写入X-Spam-Flag、X-Spam-Score、X-Spam-Status等垃圾邮件资讯标头,假如你想为所有邮件加入资讯标头,请把此值设为 -999
$sa_tag2_level_deflt  指定由哪一个级别开始在垃圾邮件的标头上标签它们
$sa_kill_level_deflt  指定Amavisd-new由哪一个级别开始拦截和扣留邮件。这个用途很大,因为SpamAssassin在预设情况下不会这样做
$sa_dsn_cutoff_level  指定由哪一个级别开始寄件失败通告不会被发送给寄件人。由于多数垃圾邮件寄件者的地址都是伪造的,不为明显的垃圾邮件发送寄件失败通告是最合理的,要不然你只会加剧反向散寄的问题
$sa_quarantine_cutoff_level  指定哪一个级别开始不必扣留垃圾邮件。这个选项预设是被注释掉的,意思是所有邮件都会被扣留

(5).下面是发送通告的邮件地址(默认是管理员邮箱,接收垃圾邮件通告的邮箱)

$virus_admin               = "virusalert\@$mydomain";  # notifications recip.  
$mailfrom_notify_admin     = "virusalert\@$mydomain";  # notifications sender   
$mailfrom_notify_recip     = "virusalert\@$mydomain";  # notifications sender   
$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender

修改为,

$virus_admin               = "postmaster\@$mydomain";  # notifications recip.  
$mailfrom_notify_admin     = "postmaster\@$mydomain";  # notifications sender   
$mailfrom_notify_recip     = "postmaster\@$mydomain";  # notifications sender   
$mailfrom_notify_spamadmin = "postmaster\@$mydomain"; # notifications sender

(6).设置ClamAV的部分

# ### http://www.clamav.net/
#['ClamAV-clamd',   
#  \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],   
#  qr/\bOK$/m, qr/\bFOUND$/m,   
#  qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],

修改为,
#去掉相关注释就行

# ### http://www.clamav.net/
 ['ClamAV-clamd',   
   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],   
   qr/\bOK$/m, qr/\bFOUND$/m,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],

说明,/var/run/clamav/clamd.sock这个设定必须与我们先前在/etc/clamd.conf内输入的LocalSocket /var/run/clamav/clamd.sock设定相一致。

6.修改Postfix配置文件

(1).修改/etc/postfix/master.cf

[root@mail ~]# vim /etc/postfix/master.cf
# ==========================================================================  
# # service type  private unpriv  chroot  wakeup  maxproc command + args   
# #               (yes)   (yes)   (yes)   (never) (100)   
# # ==========================================================================   
# #   
amavisfeed unix    -       -       n       -       2     smtp   
            -o smtp_data_done_timeout=1200   
            -o smtp_send_xforward_command=yes   
            -o smtp_tls_note_starttls_offer=no   
            -o disable_dns_lookups=yes   
            -o max_use=20

说明,请注意在maxproc栏内的数值 2 必须要与/etc/amavisd.conf内的$max_servers设定一致。有关各选项的详细解释请参阅Amavisd-new的文档(vim /usr/share/doc/amavisd-new-2.8.0/README.postfix)。然后我们定义一个专用的服务把邮件重新注入Postfix。我们为此在/etc/postfix/master.cf内加入一个在localhost(127.0.0.1)的tcp 10025端口(/etc/amavisd.conf的预设值)上监听的smtp服务:

# ========================================================================== 
# # service type  private unpriv  chroot  wakeup  maxproc command + args  
# #               (yes)   (yes)   (yes)   (never) (100)  
# # ==========================================================================  
127.0.0.1:10025 inet n    -       n       -       -     smtpd  
            -o content_filter=  
            -o smtpd_delay_reject=no  
            -o smtpd_client_restrictions=permit_mynetworks,reject  
            -o smtpd_helo_restrictions=  
            -o smtpd_sender_restrictions=  
            -o smtpd_recipient_restrictions=permit_mynetworks,reject  
            -o smtpd_data_restrictions=reject_unauth_pipelining  
            -o smtpd_end_of_data_restrictions=  
            -o smtpd_restriction_classes=  
            -o mynetworks=127.0.0.0/8  
            -o smtpd_error_sleep_time=0  
            -o smtpd_soft_error_limit=1001
            -o smtpd_hard_error_limit=1000 
            -o smtpd_client_connection_count_limit=0  
            -o smtpd_client_connection_rate_limit=0  
            -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings  
            -o local_header_rewrite_clients=  
            -o smtpd_milters=  
            -o local_recipient_maps=

注意,以上两项首行前面一定不能有空格,否则会出错!!!

(2).修改/etc/postfix/main.cf加入以下设定来启用邮件过滤

[root@mail ~]# vim /etc/postfix/main.cf
#filter mail
content_filter = amavisfeed:[127.0.0.1]:10024

(3).重启postfix服务

[root@mail ~]# service postfix restart  
Shutting down postfix:                                     [  OK  ]   
Starting postfix:                                          [  OK  ]

7.启动clamd及amavisd服务:

[root@mail ~]# service clamd start  
Starting Clam AntiVirus Daemon: LibClamAV Warning: **************************************************   
LibClamAV Warning: ***  The virus database is older than 7 days!  ***   
LibClamAV Warning: ***   Please update it as soon as possible.    ***   
LibClamAV Warning: **************************************************   
                                                          [  OK  ]
[root@mail ~]# service amavisd start  
Starting Mail Virus Scanner (amavisd):                     [  OK  ]   
[root@mail ~]#

9.测试

(1).利用telnet测试amavisd这个服务正在127.0.0.1:10024上监听

[root@mail ~]# telnet localhost 10024  
Trying ::1...   
telnet: connect to address ::1: Connection refused   
Trying 127.0.0.1...   
Connected to localhost.   
Escape character is '^]'.   
220 [127.0.0.1] ESMTP amavisd-new service ready   
ehlo free.com   
250-[127.0.0.1]   
250-VRFY   
250-PIPELINING   
250-SIZE   
250-ENHANCEDSTATUSCODES   
250-8BITMIME   
250-DSN   
250 XFORWARD NAME ADDR PORT PROTO HELO IDENT SOURCE   
quit   
221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel   
Connection closed by foreign host.   
[root@mail ~]#

(2).测试Postfix的smtpd正在127.0.0.1:10025上监听

[root@mail ~]# telnet localhost 10025  
Trying ::1...   
telnet: connect to address ::1: Connection refused   
Trying 127.0.0.1...   
Connected to localhost.   
Escape character is '^]'.   
220 mail.free.com ESMTP Postfix   
ehlo free.com  
250-mail.free.com   
250-PIPELINING   
250-SIZE 10240000   
250-VRFY   
250-ETRN   
250-AUTH PLAIN LOGIN CRAM-MD5   
250-AUTH=PLAIN LOGIN CRAM-MD5   
250-ENHANCEDSTATUSCODES   
250-8BITMIME   
250 DSN   
quit   
221 2.0.0 Bye   
Connection closed by foreign host.   
[root@mail ~]

(3).垃圾邮件的测试

[root@mail ~]#  cd /usr/share/doc/spamassassin-3.3.1/ 
[root@mail spamassassin-3.3.1]# sendmail test@free.com < sample-spam.txt      
[root@mail spamassassin-3.3.1]# tail -f /var/log/maillog   
Jul 11 09:15:46 mail postfix/cleanup[17529]: 6AB1E23776: message-id=<GTUBE1.1010101@example.net>   
Jul 11 09:15:46 mail postfix/qmgr[17492]: 6AB1E23776: from=<root@free.com>, size=1657, nrcpt=1 (queue active)   
Jul 11 09:15:46 mail amavis[17520]: (17520-01) Passed SPAM {RelayedTaggedInbound,Quarantined}, <root@free.com> -> <test@free.com>, quarantine: spam-rnWvh9AXIRB2.gz, Message-ID: <GTUBE1.1010101@example.net>, mail_id: rnWvh9AXIRB2, Hits: 1005.069, size: 933, queued_as: 6AB1E23776, 2403 ms   
Jul 11 09:15:46 mail postfix/smtp[17533]: D927923774: to=<test@free.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.7, delays=0.21/0.07/0.02/2.4, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6AB1E23776)\

从日志中我们可以看出进行了垃圾邮件过滤,嘿嘿,但效果不明显我们用Webmail测试一下,效果如下,

这就是我们刚才测试的垃圾邮件,嘿嘿!下面我们再发一封测试一下,

这是我们用test@free.com发给loda@free.com的邮件,我们用loda@free.com接收一下看看效果,

可以看到,当loda接收到这封邮件时,被标记为垃圾邮件!至此所有演示全部完成,嘿嘿,下面我们查看一下所启动的所有服务!

10.查看所有的服务与端口

[root@mail spamassassin-3.3.1]# netstat -ntulp  
Active Internet connections (only servers)   
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name  
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      1188/mysqld        
tcp        0      0 0.0.0.0:110                 0.0.0.0:*                   LISTEN      1211/dovecot       
tcp        0      0 0.0.0.0:143                 0.0.0.0:*                   LISTEN      1211/dovecot       
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1050/sshd          
tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN      17489/master       
tcp        0      0 0.0.0.0:993                 0.0.0.0:*                   LISTEN      1211/dovecot       
tcp        0      0 0.0.0.0:995                 0.0.0.0:*                   LISTEN      1211/dovecot       
tcp        0      0 127.0.0.1:10024             0.0.0.0:*                   LISTEN      17517/amavisd (mast    
tcp        0      0 127.0.0.1:10025             0.0.0.0:*                   LISTEN      17489/master       
tcp        0      0 :::80                       :::*                        LISTEN      16150/httpd        
tcp        0      0 :::22                       :::*                        LISTEN      1050/sshd          
tcp        0      0 :::25                       :::*                        LISTEN      17489/master       
udp        0      0 0.0.0.0:68                  0.0.0.0:*                               16825/dhclient     
[root@mail spamassassin-3.3.1]#

十三、安装并配置managesieve插件

说明,managesieve插件实现邮件过滤和Vacation功能

1.在Doevecot2.0之后的版本,如果需要做邮件过滤的功能需要dovecot-pigeonhole扩展包的支持,

[root@mail ~]# yum install -y dovecot-pigeonhole

2.配置dovecot配置文件

[root@mail ~]# vim /etc/dovecot/dovecot.conf
protocols = imap pop3 sieve
[root@mail ~]# vim /etc/dovecot/conf.d/15-lda.conf
mail_plugins = quota sieve

3.重新启动dovecot

[root@mail ~]# service dovecot restart  
Stopping Dovecot Imap:                                     [  OK  ]   
Starting Dovecot Imap:                                     [  OK  ]

4. 查看Dovecot监听4190端口

[root@mail ~]# netstat -ntulp | grep 4190  
tcp        0      0 0.0.0.0:4190                0.0.0.0:*                   LISTEN      17998/dovecot      
[root@mail ~]#

5.managesieve配置文件修改,将模板复制成config.inc.php,做如下修改

[root@mail ~]# cd /var/www/html/webmail/plugins/managesieve/  
[root@mail managesieve]# ls   
Changelog  config.inc.php.dist  lib  localization  managesieve.js  managesieve.php  package.xml  skins  tests   
[root@mail managesieve]# cp config.inc.php.dist config.inc.php   
[root@mail managesieve]# vim config.inc.php   
#修改端口为
$rcmail_config['managesieve_port'] = 4190;

6.在主配置文件中使插件生效

[root@mail ~]# vim  /var/www/html/webmail/config/main.inc.php
$rcmail_config['plugins'] = array('managesieve');

7.效果测试

好了测试成功!Roundcubemail 插件很多,有需要的朋友自行增加就行,^_^……

十四、常见问题分析

说明,说实话这个常见问题分析真不好写,因为我并不知道大家会出什么问题,我这里只说明一下我遇到的一些问题!

1.复制的问题

安装或配置时,很多博友都喜欢复制博客中的内容,会带有一此空格或其它字符,配置文件对这些字符特别的敏感有一点字符可能就支出错,这个特别注意,我自己也遇到过好多次,明明配置都一样为什么你行我不行呢?嘿嘿,这个大家得特别留心!

2.postfix 相关

要查看Postfix的当前主要配置文件的存放路径:postconf -n

系统日志:tail -f /var/log/messages
邮件日志:tail -f /var/log/maillog
3.apache相关
apache相关:tail -f /usr/local/httpd/logs/error_log tail -f /usr/local/httpd/logs/suexec_log

注意,大家可以看到我这里apache运行的用户和组是vmail注意修改

[root@mail ~]# ps aux | grep httpd  
root     16150  0.0  0.0 317840   100 ?        Ss   05:59   0:01 /usr/sbin/httpd   
vmail    16152  0.0  6.5 430908 15428 ?        S    05:59   0:04 /usr/sbin/httpd   
vmail    16153  0.0  7.2 429640 17184 ?        S    05:59   0:04 /usr/sbin/httpd   
vmail    16154  0.0  6.2 428340 14884 ?        S    05:59   0:04 /usr/sbin/httpd   
vmail    16155  0.0  6.6 428624 15672 ?        S    05:59   0:04 /usr/sbin/httpd   
vmail    16156  0.0  5.9 425644 14120 ?        S    05:59   0:04 /usr/sbin/httpd   
vmail    16157  0.0  5.9 425368 14124 ?        S    05:59   0:04 /usr/sbin/httpd   
vmail    16158  0.0  7.2 428068 17224 ?        S    05:59   0:04 /usr/sbin/httpd   
vmail    16159  0.0  4.1 420924  9792 ?        S    05:59   0:04 /usr/sbin/httpd   
vmail    17061  0.0  6.4 427112 15280 ?        S    07:04   0:03 /usr/sbin/httpd   
vmail    17545  0.0  6.2 426612 14804 ?        S    09:18   0:02 /usr/sbin/httpd   
root     18152  0.0  0.3 103236   864 pts/1    S+   10:02   0:00 grep httpd   
[root@mail ~]#

修改方法,

[root@mail ~]# vim /etc/httpd/conf/httpd.conf
User vmail  
Group vmail

4.mysql相关
mysql相关: tail -f /usr/local/mysql/data/linux.linux.com.err

5.垃圾邮件相关
测试amavisd: amavisd -d config debug-sa

[root@mail ~]# amavisd -d config debug-sa   
The amavisd daemon is already running, PID: [17517]

测试spam: spamassassin -D –lint

[root@mail ~]# spamassassin -D --lint

6.clamd相关

查看  /var/log/clamav/clamd.log

[root@mail ~]# tail -f /var/log/clamav/clamd.log  
Thu Jul 11 09:10:39 2013 -> PDF support enabled.   
Thu Jul 11 09:10:39 2013 -> HTML support enabled.   
Thu Jul 11 09:10:39 2013 -> Self checking every 600 seconds.   
Thu Jul 11 09:22:02 2013 -> No stats for Database check - forcing reload   
Thu Jul 11 09:22:10 2013 -> Reading databases from /var/clamav   
Thu Jul 11 09:22:14 2013 -> Database correctly reloaded (1258735 signatures)   
Thu Jul 11 09:39:24 2013 -> SelfCheck: Database status OK.   
Thu Jul 11 09:49:24 2013 -> SelfCheck: Database status OK.   
Thu Jul 11 09:59:24 2013 -> SelfCheck: Database status OK.   
Thu Jul 11 10:09:24 2013 -> SelfCheck: Database status OK.

更新病毒库 freshclam

[root@mail clamav]# freshclam  
ClamAV update process started at Thu Jul 11 10:13:58 2013   
WARNING: Your ClamAV installation is OUTDATED!   
WARNING: Local version: 0.97.7 Recommended version: 0.97.8   
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)   
WARNING: getfile: daily-15077.cdiff not found on remote server (IP: 202.118.1.40)   
WARNING: getpatch: Can't download daily-15077.cdiff from db.cn.clamav.net   
WARNING: getfile: daily-15077.cdiff not found on remote server (IP: 200.236.31.1)   
WARNING: getpatch: Can't download daily-15077.cdiff from db.cn.clamav.net   
WARNING: getpatch: Can't download daily-15077.cdiff from db.cn.clamav.net   
WARNING: Incremental update failed, trying to download daily.cvd   
Downloading daily.cvd [100%]   
daily.cvd updated (version: 17485, sigs: 1458626, f-level: 63, builder: guitar)   
Downloading bytecode.cvd [100%]   
bytecode.cvd updated (version: 214, sigs: 41, f-level: 63, builder: neo)   
Database updated (2503054 signatures) from db.cn.clamav.net (IP: 202.118.1.40)   
Clamd successfully notified about the update.   
[root@mail clamav]#

查看更新日志

tail -f /var/log/clamav/freshclam.log

7.dovecot 相关

测试:telnet localhost 110  telnet localhost 143

8.总结

若发现某个服务个有问题或不能收发邮件,最好的方法就是查看相关日志文件,基本都上都是有记录的,只要发现错误,我们便能很快的解决问题!本人水平有限,只能说这么多了,嘿嘿!

来源: http://blog.51cto.com/freeloda/1246350

CentOS6.4+LAMP+Postfix+Dovecot+Postfixadmin+Roundcubemail (1)

大纲

一、mail 协议

二、mail 组件

三、mail 工作原理(两种对比)

四、安装前的准备工作

五、安装并配置LAMP环境

六、安装并配置postfixadmin

七、安装并配置phpmyadmin

八、配置postfix邮件发送代理

九、安装并配置dovecot邮件检索代理

十、测试SMTP与POP3服务

十一、安装并配置WebMail(Roundcubemail)

十二、安装并配置病毒扫描与垃圾邮件过滤

十三、安装并配置managesieve插件

十四、常见问题分析

注:系统,CentOS 6.4 X86_64 。软件,全部都是RPM包,有兴趣的博友可以尝试一下全部源码包安装!(所安装的主要软件如下,LAMP+Postfix+Dovecot+PostfixAdmin+Roundcubemail+Amavisd-new+ClamAV+SpamAssassin+Managesieve)

一、mail 协议

mail使用的协议有,

协议名称 协议类型 端口号
smtp tcp 25
pop3 tcp 110
smtps tcp 465
pop3s tcp 995
imap tcp 143
imaps tcp 993

二、mail 组件

1.MTA:mail transfer agent 邮件传输代理

常见软件,

Exchange(微软)
Sendmail 开源的软件 目前有50%的邮件服务器使用这个软件
Postfix  现在用的挺多
Qmail    昙花一现
Exim(英国剑桥大学开发的)

2.MRA:mail retravial agent 邮件检索代理

常见软件,

courier-imap:pop3,imap4,imaps,pop3s (俄罗斯开发)
dovecot (主流)

3.MDA:mail delivery agent 邮件投递代理

常见软件,

procmail (postfix默认)
maildrop (功能强大,效率高)

4.MUA:mail user agent 邮件用户代理

常见软件,

outlook express
Foxmail
pine(linux)
mutt(linux,经常用到的)

5.Mailbox 信箱

mailbox
maildir (主流)
两者的主要区别,mailbox是把所有邮件放在同一个文件中,maildir把每个用户的邮件都单独存放

三、mail 工作原理

1.常规架构

如下图,

各组件具体说明

(1).常用的客户端

Mail Client:outlook,foxmail等
Web Browser:IE,Firefox,Chrome等

(2).Postfix,最常用的MTA,我们通过postfix来发送邮件

(3).Dovecot,最常用的MRA,我们通过dovecot来收发邮件

(4).amavisd-new,可以理解成一个代理,Postfix把邮件交给他,他负责联系杀毒和反垃圾

(5).SpamAssassin,防垃圾邮件,是邮件系统的基本功能,SpamAssassin,是最有名的,尤其是和Amavisd ClamAV结合起来,这是一个经得起考虑的组合

(6).ClamAV,对邮件进行病毒扫描

(7).Cyrus-SASL,认证函数库

(8).Courier-Authlib,调用mysql数据库进行认证

(9).WebMail,通过浏览器来管理收发邮件

(10).OpenLDAP或MySQL,虚拟用户或虚拟域的存放数据库

(11).Maildir或Mailbox,用来存放用户邮件,两者的区别在于maildir为每个用户单独存放邮件,mailbox是所有邮件都存放在同一文件

(12).phpLDAPadmin,管理LDAP工具,用来管理虚拟用户与虚拟域

2.具体工作流程

(1). 当邮件通过outlook或foxmail发送到服务器的25端口,postfix接受连接,它会做一些基本检查

  • 发送者是否在黑名单或者实时黑名单,如果在黑名单,马上拒绝
  • 是否是授权用户,是授权可以进行转发
  • 接收者是否是服务器的用户,在这里postfix调用Cyrus-SASL认证函数库,并通过Courier-Authlib去mysql数据中验证用户,如果不是,马上拒绝
  • 如果我们启用了灰名单,会进行判断是否会拒绝邮件或者接收

(2).postfix 把邮件通过10024端口交给amavis来处理,注意amavis,只会检查邮件而不会丢弃或者拒绝邮件(如上图)

(3).amavis调用SpamAssassin检查邮件是否是spam,如果SpamAssassin认为邮件是垃圾邮件,会给邮件打上标记spam(如下图)

(注:大家会看到,只会给邮件打上spam标记,我们还是可以收到这个邮件的)

(4).amavis调用ClamAV,看邮件是否含有病毒

(5).amavis把检查完的邮件,通过10025端口重新把邮件交回给postfix

(6).postfix把邮件交给LDA(local delivery agent),LDA是负责本地邮件投放到用户的邮箱,postfix默认使用 procmail 投递邮件(我们也可以使用其它投递代理如,maildrop)到 用户的邮箱并以maildir的方式存放在硬盘上

(7).用户使用邮件客户端,通过pop3或imap协议进行连接并管理邮件,webmail 是通过imap的方式来读取或管理邮件

总结,从上面的工作流程我们可以看到用Cyrus-SASL,Courier-authlib,Maildrop太麻烦了。一大堆组件,邮件系统本来就很杂。我以能简单则简单的原则进行了精简而且效率更高,Dovecot目前已经实现了SASL,而且Dovecot的SASL能够自动CACHE查询结果,这个是比较好的。并且Dovecot还可以当LDA使用。而Postfix也支持Dovecot的SASL验证。Postfix可以直接使用Dovecot的后台认证,不需要分开配置。(如果使用Courier,我们必须安装配置额外的认证软件,比如Saslauthd,配置这个,会是一个恶梦,如果出现问题,很难排错),并且Dovecot,可以很方便实现磁盘配额的功能。Dovecot作为Courier的可替换组件,Dovecot在磁盘读写量上比Courier减少25%左右,内存占用也比Courier节省10%到70%不等。好了,说了这么多下面我们来看一下,我们的精简架构!

3.精简架构

经过与上面的对比我们明显看到简单了许多,嘿嘿!下面我们说一下具体的工作流程,

(1).当邮件发送到服务器的25端口,postfix接受连接,它会做一些基本检查

  • 发送者是否在黑名单或者实时黑名单,如果在黑名单,马上拒绝
  • 是否是授权用户,是授权用户可以进行转发
  • 接收者是否是服务器的用户,Postfix通Dovecot提供的SASL进行认证,如果不是,马上拒绝
  • 如果我们启用了灰名单,会进行判断是否会拒绝邮件或者接收

(2).postfix 把邮件通过10024端口交给amavis来处理,注意amavis,只会检查邮件而不会丢弃或者拒绝邮件

(3).amavis调用SpamAssassin检查邮件是否是spam,如果SpamAssassin认为邮件是垃圾邮件,会给邮件打上标记spam(同上)

(4).amavis调用ClamAV,看邮件是否含有病毒

(5).amavis把检查完的邮件,通过10025端口重新把邮件交回给postfix

(6).postfix把邮件交给LDA(local delivery agent),LDA是负责本地邮件投放到用户的邮箱,(我们这里使用dovecot提供的LDA功能,而不是postfix提供的LDA)邮件会进入用户的邮箱,Dovecot会执行用户设置的filter,也就是Dovecot通过调用Sieve,放到相关的文件夹

(7).Dovecot 把邮件以maildir的方式存放在硬盘上。

(8).用户使用邮件客户端,通过pop3或imap协议进行连接。Webmail(RoundCubeMail),是通过imap的方式来读取邮件。

总结,经过上面的简单说明你应该知道整个邮件系统的工作流程了,下面我们将完整的搭建这套企业级的邮件系统!^_^……

四、安装前的准备工作

1.关闭防火墙与SELinux

[root@mail ~]# service iptables stop
iptables:清除防火墙规则:                                 [确定]
iptables:将链设置为政策 ACCEPT:filter                    [确定]
iptables:正在卸载模块:                                   [确定]
[root@mail ~]# service ip6tables stop
ip6tables:清除防火墙规则:                                [确定]
ip6tables:将 chains 设置为 ACCEPT 策略:filter            [确定]
:正在卸载模块:                                           [确定]
[root@mail ~]# chkconfig iptables off
[root@mail ~]# chkconfig ip6tables off
[root@mail ~]# vim /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@mail ~]# reboot

2.修改主机名

[root@mail ~]# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=mail.free.com
[root@mail ~]# reboot

3.下载并安装yum源

(1).163的yum源

(2).rpmforge软件仓库

[root@mail ~]# wget http://mirrors.163.com/.help/CentOS6-Base-163.repo
[root@mail ~]# wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
[root@mail ~]# ls
anaconda-ks.cfg  CentOS6-Base-163.repo  install.log  install.log.syslog  rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

(3).备份原有的yum源

[root@mail ~]# cd /etc/yum.repos.d/
[root@mail yum.repos.d]# ls
CentOS-Base.repo  CentOS-Debuginfo.repo  CentOS-Media.repo  CentOS-Vault.repo
[root@mail yum.repos.d]# mkdir backup
[root@mail yum.repos.d]# mv CentOS-* backup/
[root@mail yum.repos.d]# ls
backup
[root@mail yum.repos.d]#

(4). 增加新的yum源

[root@mail ~]# cp CentOS6-Base-163.repo /etc/yum.repos.d/
[root@mail ~]# rpm -ivh rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
warning: rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 6b8d79e6: NOKEY
Preparing...                ########################################### [100%]
   1:rpmforge-release       ########################################### [100%]
[root@mail ~]# ll /etc/yum.repos.d/
总用量 24
drwxr-xr-x 2 root root 4096 7月  10 22:00 backup
-rw-r--r-- 1 root root 2006 7月  10 22:01 CentOS6-Base-163.repo
-rw-r--r-- 1 root root  739 11月 13 2010 mirrors-rpmforge
-rw-r--r-- 1 root root  717 11月 13 2010 mirrors-rpmforge-extras
-rw-r--r-- 1 root root  728 11月 13 2010 mirrors-rpmforge-testing
-rw-r--r-- 1 root root 1113 11月 13 2010 rpmforge.repo
[root@mail ~]#

(5).清理yum缓存并更新系统

[root@mail ~]# yum clean all
Loaded plugins: fastestmirror
Cleaning repos: base extras rpmforge updates
Cleaning up Everything
Cleaning up list of fastest mirrors
[root@mail ~]# yum update

4.创建一个vmail用户,用作管理虚拟邮箱的文件夹

useradd -u 2000 -d /var/vmail -m -s /sbin/nologin vmail

五、安装并配置LAMP环境

说明:最新的PostfixAdmin2.3.6+Roundcubemail0.92的PHP环境要求是最低是PHP5.2,我这里RPM安装的是5.3.3

1.安装LAMP环境

[root@mail ~]#yum -y install httpd mysql mysql-devel mysql-server php php-pecl-Fileinfo php-mcrypt php-devel php-mysql php-common php-mbstring php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc pcre pcre-devel

2.整合Apache与PHP

[root@mail ~]# vim /etc/httpd/conf/httpd.conf
#增加下面现行
AddType application/x-httpd-php .php #apache解析php程序
PHPIniDir "/etc/php.ini" #指定php.ini配置文件路径
#修改这一行增加index.php
DirectoryIndex index.php index.html index.html.var
#修改apache运行的用户和组
User vmail
Group vmail

3.测试

[root@mail ~]# vim /var/www/html/index.php
<?
        phpinfo();
?>
[root@mail ~]# service httpd start
正在启动 httpd:httpd: Could not reliably determine the server's fully qualified domain name, using mail.free.com for ServerName
                                                           [确定]
[root@mail ~]#
注:会有个警告
[root@mail ~]# vim /etc/httpd/conf/httpd.conf
#增加一行
ServerName localhost:80
[root@mail ~]# service httpd restart #重新启动不会再有警告
停止 httpd:                                               [确定]
正在启动 httpd:                                           [确定]
[root@mail html]# chkconfig httpd on #加入开机自启动
[root@mail html]# chkconfig httpd --list
httpd           0:关闭  1:关闭  2:启用  3:启用  4:启用  5:启用  6:关闭
[root@mail html]#

测试效果如下,

看到这个图说明LAMP环境安装成功了,嘿嘿!顺便可以看一下imap这个很重要,嘿嘿!

六、安装并配置postfixadmin

1.查看所需软件

[root@mail ~]# ll
总用量 12804
-rw-------. 1 root root     970 6月  20 05:03 anaconda-ks.cfg
-rw-r--r--  1 root root    2006 9月   1 2011 CentOS6-Base-163.repo
-rw-r--r--. 1 root root   15709 6月  20 05:03 install.log
-rw-r--r--. 1 root root    4178 6月  20 05:01 install.log.syslog
-rw-r--r--  1 root root 7728693 7月   7 18:48 phpMyAdmin-4.0.4.1-all-languages.zip
-rw-r--r--  1 root root 1597001 7月   7 12:56 postfixadmin-2.3.6.tar.gz
-rw-r--r--  1 root root 3735505 7月   7 12:57 roundcubemail-0.9.2.tar.gz
-rw-r--r--  1 root root   12700 11月 13 2010 rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
[root@mail ~]#

2.解压并修改文件名

[root@mail ~]# tar xf postfixadmin-2.3.6.tar.gz -C /var/www/html/
[root@mail ~]# cd /var/www/html/
[root@mail html]# ls
index.php  postfixadmin-2.3.6
[root@mail html]# mv postfixadmin-2.3.6 postfixadmin
[root@mail html]# ls
index.php  postfixadmin
[root@mail html]#

3.配置并测试

[root@mail html]# cd postfixadmin/
#修改前先备份一下配置文件
[root@mail postfixadmin]# cp config.inc.php config.inc.php.bak
[root@mail postfixadmin]# cp setup.php setup.php.bak
[root@mail postfixadmin]# vim config.inc.php
#找到下面几行并修改
$CONF['configured'] = true;
$CONF['database_type'] = 'mysql';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix';
$CONF['database_password'] = 'postfix';
$CONF['database_name'] = 'postfix';
$CONF['admin_email'] = 'postmaster@free.com';
$CONF['encrypt'] = 'dovecot:CRAM-MD5';
$CONF['dovecotpw'] = "/usr/bin/doveadm pw";
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';
$CONF['aliases'] = '1000';
$CONF['mailboxes'] = '1000';
$CONF['maxquota'] = '1000';
$CONF['fetchmail'] = 'NO';
$CONF['quota'] = 'YES';
$CONF['used_quotas'] = 'YES';
$CONF['new_quota_table'] = 'YES';

4.为postfixadmin创建Mysql数据库与权限

[root@mail html]# service mysqld start
[root@mail html]# chkconfig mysqld on #加入开机自启动
[root@mail html]# chkconfig mysqld --list
mysqld          0:关闭  1:关闭  2:启用  3:启用  4:启用  5:启用  6:关闭
[root@mail html]#
[root@mail ~]# mysql
mysql> create database postfix;
mysql> grant all on postfix.* to postfix@'localhost' identified by 'postfix';
mysql> flush privileges;

测试一下能不能登录,

[root@mail html]# mysql -upostfix -ppostfix
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.1.69 Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| postfix            |
| test               |
+--------------------+
3 rows in set (0.00 sec)
mysql>
测试成功可能登录!

5.修改所有者与所有组

[root@mail html]# chown -R vmail.vmail postfixadmin/
[root@mail html]# ll
总用量 8
-rw-r--r--  1 root  root    18 7月  10 22:18 index.php
drwxrwxr-x 14 vmail vmail 4096 7月  10 22:57 postfixadmin
[root@mail html]#

6.具体配置过程如下图

(1).http://192.168.18.187/postfixadmin/setup.php

注:检查PHP环境,并初始化数据库

(2).创建设置密码并修改配置文件(我这里的密码是123456)

[root@mail postfixadmin]# vim config.inc.php    
$CONF['setup_password'] = '6471f6462d427bf547c07fb2a08fdecf:09a43f1679223
4050d298b7d0333c101d4bbd48e';

(3).创建管理员密码

先输入你刚才设置的密码,我这里是123456,然后输入管理员邮箱,我管理员密码!

出现错误,说没有dovecotpw,是因为我们还没安装dovecot,我们这里先来安装一下dovecot,后面再进行配置!

[root@mail postfixadmin]# yum install -y  dovecot dovecot-devel dovecot-mysql
[root@mail postfixadmin]# chkconfig dovecot on #加入开机自启动
[root@mail postfixadmin]# chkconfig dovecot --list
dovecot         0:关闭  1:关闭  2:启用  3:启用  4:启用  5:启用  6:关闭
[root@mail postfixadmin]#

我们再来设置一下管理员的账户与密码,(我这里设置是postmaster@free.com 密码:admin)

看这次设置成功,下面我们管理账户登录一下

http://192.168.18.187/postfixadmin/login.php

7.postfxiadmin不能自动创建目录,所以我们得增加自动建立目录的功能

(1).建立创建虚拟邮箱脚本,脚本名称 /usr/local/bin/maildir-creation.sh,脚本内容如下:

[root@mail ~]#vim /usr/local/bin/maildir-creation.sh
#!/bin/bash
#
HOME_DIR="/var/vmail"
USER_NAME="vmail"
GROUP_NAME="vmail"
if [ ! -d ${HOME_DIR}/$1 ] ; then
    mkdir ${HOME_DIR}/$1
    chown -R ${USER_NAME}.${GROUP_NAME} ${HOME_DIR}/$1
fi
mkdir ${HOME_DIR}/$1/$2
chown -R ${USER_NAME}.${GROUP_NAME} ${HOME_DIR}/$1/$2

(2).建立删除虚拟邮箱脚本,脚本名称 /usr/local/bin/maildir-deletion.sh ,脚本内容如下:

[root@mail ~]#vim /usr/local/bin/maildir-deletion.sh
#!/bin/bash
#
# vmta ALL = NOPASSWD: /usr/local/bin/maildir-deletion.sh
#
if [ $# -ne 2 ] ; then
  exit 127
fi
DOMAIN="$1"
USER="$2"
HOME_DIR="/var/vmail"
USER_DIR="${HOME_DIR}/${DOMAIN}/${USER}"
TRASH_DIR="${HOME_DIR}/deleted-maildirs"
DATE=`date "+%Y%m%d_%H%M%S"`
if [ ! -d "${TRASH_DIR}/${DOMAIN}" ] ; then
    mkdir -p "${TRASH_DIR}/${DOMAIN}"
fi
if [ -d "${USER_DIR}" ] ; then
    mv ${USER_DIR} ${TRASH_DIR}/${DOMAIN}/${USER}-${DATE}
fi

8.建立删除目录

[root@mail ~]# mkdir /var/vmail/deleted-maildirs
[root@mail ~]# chown -R vmail.vmail /var/vmail/deleted-maildirs/

9.赋予脚本可执行权限

[root@mail ~]# chmod 750 /usr/local/bin/maildir-*
[root@mail ~]# chown vmail.vmail /usr/local/bin/maildir-*

10.配置sudo

[root@mail ~]#vim /etc/sudoers
#在 /etc/sudoers 最后增加两行
vmail ALL = NOPASSWD: /usr/local/bin/maildir-creation.sh
vmail ALL = NOPASSWD: /usr/local/bin/maildir-deletion.sh
#在/etc/sudoers 注释掉下面内容
#Defaults    requiretty
:wq! #由于这个文件是只读的,所以得强制保存并退出

11.修改postfixadmin的相关文件

[root@mail ~]# cd /var/www/html/postfixadmin/
[root@mail postfixadmin]# vim create-mailbox.php
修改create-mailbox.php 文件,229行内容应该是:
db_log ($SESSID_USERNAME, $fDomain, 'create_mailbox', "$fUsername");
在该行前面增加下面一行,
system("sudo /usr/local/bin/maildir-creation.sh $fDomain ".$_POST['fUsername']);
[root@mail postfixadmin]# vim delete.php
修改delete.php 文件,146行内容应该是,
db_log ($SESSID_USERNAME, $fDomain, 'delete_mailbox', $fDelete);
在该行下面增加下面4行,
$userarray=explode("@",$fDelete);
$user=$userarray[0];
$domain=$userarray[1];
system("sudo /usr/local/bin/maildir-deletion.sh $domain $user");

好了至此postfixadmin配置全部完成,^_^……

七、安装并配置phpmyadmin

1.解压并重命令

[root@mail ~]# unzip phpMyAdmin-4.0.4.1-all-languages.zip
[root@mail ~]# mv phpMyAdmin-4.0.4.1-all-languages /var/www/html/
[root@mail ~]# cd /var/www/html/
[root@mail html]# ls
index.php  phpMyAdmin-4.0.4.1-all-languages  postfixadmin
[root@mail html]# mv phpMyAdmin-4.0.4.1-all-languages phpmyadmin
[root@mail html]# ls
index.php  phpmyadmin  postfixadmin
[root@mail html]#

2.修改配置文件

[root@mail html]# cd phpmyadmin/
[root@mail phpmyadmin]# cp config.sample.inc.php config.inc.php     
[root@mail phpmyadmin]#

3.给phpmyadmin授权

mysql> grant all on *.* to root@'localhost' identified by '123456';
Query OK, 0 rows affected (0.03 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)

4.测试

好了,登录成功,现在我们就可以用phpmyadmin来管理mysql数据库了,嘿嘿!

八、配置postfix邮件发送代理

注:Postfix用CentOS6.4系统自带的,因为CentOS6.4里面的postfix包已经支持mysql

1.查看postfix版本

[root@mail postfixadmin]# rpm -qa | grep postfix
postfix-2.6.6-2.2.el6_1.x86_64

2.配置postfix

[root@mail ~]# vim /etc/postfix/main.cf
#基本配置
myhostname = mail.free.com
mydomain = free.com
myorigin = $mydomain
inet_interfaces = all
mynetworks_style = host
mynetworks = 192.168.18/24, 127.0.0.0/8
#虚拟域名配置
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
# Additional for quota support
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, this user has exceeded their disk space quota, please try again later.
virtual_overquota_bounce = yes
#Specify the user/group that owns the mail folders. I'm not sure if this is strictly necessary when using Dovecot's LDA.
virtual_uid_maps = static:2000
virtual_gid_maps = static:2000
#Specifies which tables proxymap can read: http://www.postfix.org/postconf.5.html#proxy_read_maps
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
[root@mail ~]# postconf #检查配置文件是否有错误

3.创建Mysql脚本(注意用户名和密码、DBNAME,我这里全是postfix)
(1).创建/etc/postfix/mysql_virtual_domains_maps.cf文件

[root@mail ~]# vim /etc/postfix/mysql_virtual_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'
#optional query to use when relaying for backup MX
#query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1'

(2).创建/etc/postfix/mysql_virtual_alias_maps.cf文件

[root@mail ~]# vim /etc/postfix/mysql_virtual_alias_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'

(3).创建/etc/postfix/mysql_virtual_mailbox_maps.cf文件

[root@mail ~]# vim /etc/postfix/mysql_virtual_mailbox_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT CONCAT(domain,'/',maildir) FROM mailbox WHERE username='%s' AND active = '1'

(4).创建/etc/postfix/mysql_virtual_mailbox_limit_maps.cf文件

[root@mail ~]# vim /etc/postfix/mysql_virtual_mailbox_limit_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'

4.SMTP 认证设定

(1).查看postfix支持的认证,默认支持dovecot

[root@mail ~]# postconf -a
cyrus
dovecot

(2).修改/etc/postfix/main.cf配置文件

[root@mail ~]#vim /etc/postfix/main.cf
#SASL SUPPORT FOR CLIENTS
# Turns on sasl authorization
smtpd_sasl_auth_enable = yes
#Use dovecot for authentication
smtpd_sasl_type = dovecot
# Path to UNIX socket for SASL
smtpd_sasl_path = /var/run/dovecot/auth-client
#Disable anonymous login. We don't want to run an open relay for spammers.
smtpd_sasl_security_options = noanonymous
#Adds support for email software that doesn't follow RFC 4954.
#This includes most versions of Microsoft Outlook before 2007.
broken_sasl_auth_clients = yes
#
smtpd_recipient_restrictions =  permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

5.使用Dovecot做为投递

[root@mail ~]# vim /etc/postfix/main.cf
# TRANSPORT MAP
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
#修改master.cf文件
[root@mail ~]# vim /etc/postfix/master.cf
#在最后增加这两行,注意flags前面有两个空格,不然会报错
dovecot   unix  -       n       n       -       -       pipe,
  flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient}

九、安装并配置dovecot邮件检索代理

说明:dovecot 1.X 与 dovecot 2.X配置文件的区别,1.X所以的配置都在同文件中而2.X是多个文件存放的(/etc/dovecot/dovecot.conf 和 /etc/dovecot/conf.d/),所有2.X配置文件比较分散,我把需要修改的配置文件的内容列出来

1.修改dovecot配置文件

(1).修改/etc/dovecot/dovecot.conf #主配置文件

[root@mail ~]# vim /etc/dovecot/dovecot.conf
protocols = imap pop3
listen = *
dict {
  quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
!include conf.d/*.conf

(2).修改/etc/dovecot/conf.d/10-auth.conf

[root@mail ~]# vim /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no
auth_mechanisms = plain login cram-md5
!include auth-sql.conf.ext

(3).修改/etc/dovecot/conf.d/10-mail.conf

[root@mail ~]# vim /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:%hMaildir
mbox_write_locks = fcntl

(4).修改/etc/dovecot/conf.d/10-master.conf

[root@mail ~]# vim /etc/dovecot/conf.d/10-master.conf
service imap-login {
  inet_listener imap {
  }
  inet_listener imaps {
  }
}
service pop3-login {
  inet_listener pop3 {
  }
  inet_listener pop3s {
  }
}
service lmtp {
  unix_listener lmtp {
  }
}
service imap {
}
service pop3 {
}
service auth {
  unix_listener auth-userdb {
    mode = 0600
    user = vmail
    group = vmail
  }
#新加下面一段,为smtp做认证
  unix_listener auth-client {
    mode = 0600
    user = postfix
    group = postfix
  }
}
service auth-worker {
}
service dict {
  unix_listener dict {
    mode = 0600
    user = vmail
    group = vmail
  }
}

(5).修改/etc/dovecot/conf.d/15-lda.conf

[root@mail ~]# vim /etc/dovecot/conf.d/15-lda.conf
protocol lda {
  mail_plugins = quota
  postmaster_address = postmaster@free.com #管理员邮箱
}

(6).修改/etc/dovecot/conf.d/20-imap.conf

[root@mail ~]# vim /etc/dovecot/conf.d/20-imap.conf
protocol imap {
        mail_plugins = quota imap_quota
}

(7).修改/etc/dovecot/conf.d/20-pop3.conf

[root@mail ~]# vim /etc/dovecot/conf.d/20-pop3.conf
protocol pop3 {
  pop3_uidl_format = %08Xu%08Xv
  mail_plugins = quota
}

(8).修改/etc/dovecot/conf.d/90-quota.conf

[root@mail ~]# vim /etc/dovecot/conf.d/90-quota.conf
plugin {
  quota_rule = *:storage=1G
}
plugin {
}
plugin {
  quota = dict:User quota::proxy::quota
}
plugin {
}

(9).增加/etc/dovecot/dovecot-sql.conf.ext

[root@mail ~]# vim /etc/dovecot/dovecot-sql.conf.ext
driver = mysql
connect = host=localhost dbname=postfix user=postfix password=postfix
default_pass_scheme = CRAM-MD5
user_query = SELECT CONCAT('/var/vmail/', maildir) AS home, 2000 AS uid, 2000 AS gid, CONCAT('*:bytes=', quota) as quota_rule FROM mailbox WHERE username = '%u' AND active='1'
password_query = SELECT username AS user, password, CONCAT('/var/vmail/', maildir) AS userdb_home, 2000 AS userdb_uid, 2000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = '%u' AND active='1'

(10).增加/etc/dovecot/dovecot-dict-sql.conf.ext

[root@mail ~]# vim /etc/dovecot/dovecot-dict-sql.conf.ext
connect = host=localhost dbname=postfix user=postfix password=postfix
map {
  pattern = priv/quota/storage
  table = quota2
  username_field = username
  value_field = bytes
}
map {
  pattern = priv/quota/messages
  table = quota2
  username_field = username
  value_field = messages
}

2.重新启动服务

[root@mail ~]# service postfix restart
关闭 postfix:                                             [确定]
启动 postfix:                                             [确定]
[root@mail ~]# service dovecot restart
停止 Dovecot Imap:                                        [失败]
正在启动 Dovecot Imap:                                    [确定]

至此dovecot配置全部完成,^_^ ……
十、测试SMTP与POP3服务

1.postfixadmin创建虚拟域

注:新建free.com测试域!

2.postfixadmin创建测试箱

注:新建test@free.com和loda@free.com两个测试邮箱!

3.测试连接25端口

[root@mail ~]# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mail.free.com ESMTP Postfix
ehlo free.com
250-mail.free.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN CRAM-MD5
250-AUTH=PLAIN LOGIN CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@mail ~]#

注:连接成功!

4.测试连接110端口

[root@mail ~]# telnet localhost 110
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK Dovecot ready.
user 123@free.com
+OK
pass 123456
+OK Logged in.
quit
+OK Logging out.
Connection closed by foreign host.
[root@mail ~]#
注:可以看到,认证成功并登录成功!

5.查看自动创建的邮箱

[root@mail ~]# cd /var/vmail/
[root@mail vmail]# ll
总用量 8
drwxr-xr-x 2 vmail vmail 4096 7月  11 00:07 deleted-maildirs
drwx------ 3 vmail vmail 4096 7月  11 01:17 free.com
[root@mail vmail]# cd free.com/
[root@mail free.com]# ls
123
[root@mail free.com]#

注:已自动创建脚本,说明我们上面的脚本执行成功!

6.foxmail客户端测试收发邮件

如图,test@free.com 发给 loda@free.com 邮件

loda@free.com 成功收到邮件!

详细内容如下,

测试成功能发能收!

7.问题说明

如下图,当我们执行postfixadmin的备份,会出现以下警告,并不能实现备份!

从上图中我们可以看出,data.timezone时区问题引起的,下面我们就来解决一下!

(1).修改/var/www/html/admin/backup.php文件

[root@mail admin]# vim /var/www/html/admin/backup.php
#增加一行(如下图)
date_default_timezone_set('PRC');

(2).效果如下

注:postfixadmin备份成功!到此一个完整的邮件系统已完成,但是为了方便的浏览和管理文件,我们下面安装一下WebMail!

十一、安装并配置WebMail(Roundcubemail)

1.解压并重命名

[root@mail ~]# tar -xf roundcubemail-0.9.2.tar.gz -C /var/www/html/
[root@mail ~]# cd /var/www/html/
[root@mail html]# ls
admin  index.php  phpmyadmin  roundcubemail-0.9.2
[root@mail html]# mv roundcubemail-0.9.2 webmail
[root@mail html]# ls
admin  index.php  phpmyadmin  webmail
[root@mail html]#

2.配置WebMail

从图上可以看出date.timezone报错,下面我们来修正一下!

3.修改php.ini

[root@mail installer]# vim /etc/php.ini
date.timezone = Asia/Shanghai

4.修改apache中PHPini的位置

[root@mail installer]# vim /etc/httpd/conf/httpd.conf
PHPIniDir "/etc/php.ini"
[root@mail installer]# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]
[root@mail installer]#

5.修改所有Web文件的所属者与所属组

[root@mail ~]# cd /var/www/html/
[root@mail html]# ll
total 16
drwxrwxr-x 14 1000 1010 4096 Jul 11 05:25 admin
-rw-r--r--  1 root root   18 Jul 11 04:12 index.php
drwxr-xr-x  9 root root 4096 Jul 11 04:17 phpmyadmin
drwxr-xr-x 11  501   80 4096 Jun 16 23:10 webmail
[root@mail html]# chown -R vmail.vmail admin
[root@mail html]# chown -R vmail.vmail phpmyadmin
[root@mail html]# chown -R vmail.vmail webmail
[root@mail html]# ll
total 16
drwxrwxr-x 14 vmail vmail 4096 Jul 11 05:25 admin
-rw-r--r--  1 root  root    18 Jul 11 04:12 index.php
drwxr-xr-x  9 vmail vmail 4096 Jul 11 04:17 phpmyadmin
drwxr-xr-x 11 vmail vmail 4096 Jun 16 23:10 webmail

6.查看session保存位置

[root@mail html]# vim /etc/php.ini
session.save_path = "/var/lib/php/session"

7.修改session文件的所属组

[root@mail html]# cd /var/lib/php/
[root@mail php]# ll
total 4
drwxrwx--- 2 root apache 4096 Feb 22 10:56 session
[root@mail php]# chown -R .vmail session/
[root@mail php]# ll
total 4
drwxrwx--- 2 root vmail 4096 Feb 22 10:56 session
[root@mail php]#

8.效果如下

9.单击NEXT我们继续进行设置(下面是必须配置的选项)

(1).配置webmail的显示名称

(2).配置Webmail数据库相关(我这里全部设置是,roundcubemail)

(3).配置IMAP

(4).  配置SMTP服务器

(5).配置完成效果如下,(大家可以看到我们配置好的选项都被列出来了,我们得下载两个配置文件main.inc.php和db.inc.php并上传到时服务器中)

(6).上传至服务器相关目录中

[root@mail ~]# cd /var/www/html/webmail/config/
[root@mail config]# ll
total 92
-rw-r--r-- 1 root  root   2905 Jul 10 22:15 db.inc.php
-rw-r--r-- 1 vmail vmail  2893 Jun 16 23:10 db.inc.php.dist
-rw-r--r-- 1 root  root  38438 Jul 10 22:15 main.inc.php
-rw-r--r-- 1 vmail vmail 38414 Jun 16 23:10 main.inc.php.dist
-rw-r--r-- 1 vmail vmail  2731 Jun 16 23:10 mimetypes.php
[root@mail config]#

(7). 给WebMail授权

mysql> CREATE DATABASE roundcubemail;
Query OK, 1 row affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcubemail@localhost IDENTIFIED BY 'roundcubemail';
FLUSH PRIVILEGES;Query OK, 0 rows affected (0.01 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

10.单击CONTINUE继续

11.单击初始化数据库按钮

12.初始化完成并用phpmyadmin查看

可以看到已建立好的数据库文件!^_^……

13.下面我们进行WebMail测试

14.登录并进行收发邮件

可以看到发送成功,嘿嘿!下面我们用foxmail接收一下!

可以看到我们成功的收到了这封邮件测试成功!至些WebMail安装成功,下面我们就得说反垃圾邮件和邮件杀毒了,嘿嘿!

说明:由于整个mail邮件系统配置复杂,文字与图片较多我分了两篇进行说明!下一篇博文中CentOS6.4+LAMP+Postfix+Dovecot+Postfixadmin+Roundcubemail 打造企业级邮件服务器 (2)我们重点讲解,

十二、安装并配置病毒扫描与垃圾邮件过滤

十三、安装并配置managesieve插件

十四、常见问题分析

文章来源: http://blog.51cto.com/freeloda/1245492