extmail 防垃圾搭建
2013-12-02 14:35
549 查看
extmail邮件系统搭建
制作EMOS yum
1.wget ftp://www6.extmail.org/emos/EMOS_1.5_Beta2_x86_64.iso 2.mount -t iso9660 -o loop EMOS_1.5_Beta2_x86_64.iso /mnt/EMOS
3.yum install createrepo
4.cd /mnt&createrepo .
5.mkdir CentOS#mv *.repo ./CentOS
6.vi EMOS.repo
[EMOS]
name=EMOS
baseurl=file:///mnt/
enabled=1
gpgcheck=0
7.yum clean all&yum list 如果光盘中缺少的软件,可以切换回中科源进行更新
安装postfix
8.yum install postfix&checkconfig postfix on
9.rpm -e sendmail
10.postconf -n>/etc/postfix/main2.cf&mv main.cf main.cf.old&mv main2.cf main.cf
11.vi main.cf
# hostname
mynetworks = 127.0.0.1
myhostname = mail.extmail.org
mydestination = $mynetworks $myhostname
# banner
mail_name = Postfix - by extmail.org
smtpd_banner = $myhostname ESMTP $mail_name
# response immediately
smtpd_error_sleep_time = 0s
# Message and return code control
message_size_limit = 5242880
mailbox_size_limit = 5242880
show_user_unknown_table_name = no
# Queue lifetime control
bounce_queue_lifetime = 1d
maximal_queue_lifetime = 1d
安装courier-authlib
12.yum install courier-authlib&yum install courier-authlib-mysql
13.vi /etc/authlib/authmysqlrc
MYSQL_SERVER localhost
MYSQL_USERNAME extmail
MYSQL_PASSWORD extmail
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_PORT 3306
MYSQL_OPT 0
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD uidnumber
MYSQL_GID_FIELD gidnumber
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD homedir
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD maildir
MYSQL_QUOTA_FIELD quota
MYSQL_SELECT_CLAUSE SELECT username,password,"",uidnumber,gidnumber,\
CONCAT('/home/domains/',homedir), \
CONCAT('/home/domains/',maildir), \
quota, \
name \
FROM mailbox \
WHERE username = '$(local_part)@$(domain)'
14.vi /etc/authlib/authdeamonrc
authmodulelist="authmysql"
authmodulelistorig="authmysql"
15.service courier-authlib start & chomd 755 /var/spool/authdaemon/
安装maildrop
16.yum install maildrop
17.vi /etc/postfix/master.cf
maildrop unix - n n - - pipe
flags=DRhu user=vuser argv=maildrop -w 90 -d ${user}@${nexthop} ${recipient} ${user} ${extension} {nexthop}
18.vi /etc/postfix/main.cf
maildrop_destination_recipient_limit=1
19.test #maildrop -v ,and diskplay License,see COPYing for additional information.
配置APACHE
20.vi /etc/httpd/conf/httpd.conf
NameVirualHost *:80
include conf/vhost_*.conf
21.vi vhost_extmail.conf
# VirtualHost for ExtMail Solution
<VirtualHost *:80>
ServerName mail.extmail.org
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi/ /var/www/extsuite/extmail/cgi/
Alias /extmail /var/www/extsuite/extmail/html/
ScriptAlias /extman/cgi/ /var/www/extsuite/extman/cgi/
Alias /extman /var/www/extsuite/extman/html/
# Suexec config
SuexecUserGroup vuser vgroup
</VirtualHost>
22.chkconfig httpd on
安装EXTMAIL
23.yum install extsuite-webmail
24.cd /var/www/extsuite/extmail
25.cp webmail.cf.default webmail.cf
26.vi webmail.cf
SYS_MYSQL_USER=extmail
SYS_MYSQL_PASS=extmail
SYS_MYSQL_DB=extmail
27.chown -R vuser:vgroup /var/www/extsuite/extmail/cgi
安装EXTMAN
28.yum install extsuite-webman
29.chown -R vuser:vgroup /var/www/extsuite/extman/cgi/
30.mkdir /tmp/extman #chown -R vuser:vgroup /tmp/extman
安装MYSQL
31.yum install mysql-server & service mysqld start &chkconfig mysqld on
32.mysql -u root -p </var/www/extsuite/extman/docs/extmail.sql
33.mysql -u root -p </var/www/extsuite/extman/docs/init.sql
设置邮件虚拟域和虚拟用户配置文件
34.cd /var/www/extsuite/extman/docs
35.cp mysql_virtual_*_maps.cf /etc/postfix & rm mysql_virtual_limit_maps.cf
36.vi /etc/postfix/main.cf
# extmail config here
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_transport = maildrop:
37.service postfix restart
38.测试extman登录,如果开启selinux,使用audit2allow等命令将现行规则导入内核
39.配置图形化日志/usr/local/mailgraph_ext/mailgraph-init start
/var/www/extsuite/extman/daemon/cmdserver --daemon
echo "/usr/local/mailgraph_ext/mailgraph-init start" >>/etc/rc.d/rc.local&echo "/var/www/extsuite/extman/daemon/cmdserver -v -d" >>/etc/rc.d/rc.local
安装配置cyrus-sasl
40.rpm -e cyrus-sasl --nodeps&yum install cyrus-sasl
vi /etc/postfix/main.cf
test #perl -e 'use MIME::Base64;print encode_base64("postmaster\@extmail.org")
display cG9zdG1hc3RlckBleHRtYWlsLm9yZw==
# perl -e ‘use MIME::Base64; print encode_base64(”extmail”)’
ZXh0bWFpbA==
telnet localhost 25
shell
# yum install extsuite-slockd
配置resolv.conf
请确认/etc/resolv.conf里的dns服务器是离你的邮件服务器最近,速度最快的dns server,slockd很依赖dns的好坏,因此给系统配置一个快速的dns能大幅度提高处理速度。以下给出一个配置仅供参考:
shell
# vi /etc/resolv.conf
增加以下内容:
nameserver 202.96.209.6
上述dns服务器是上海电信的DNS服务器,对于非广东朋友,请改为离你最近的DNS服务器IP,如果可能的话,请配置一个简单的bind,成为本地的 dns cache server,可以获得最高性能。这里略过这一步骤,但您必须确保dns的配置是正确并且可靠的,否则slockd将不能工作!
53.测试slockd
启动slockd
shell
# /usr/local/slockd/slockd-init start
此时slockd将启动,并进入非daemon方式的监听模式,接受来自10030端口的请求,命令行下将显示如下调试信息:
Starting spam locker daemon: slockd
starting child 2908
starting child 2909
打开另一个ssh/终端窗口:
shell
# cd /usr/local/slockd/tools
输入:
shell
# perl policy_sig -h localhost -p 10030 --helo FOOBAR --ip 192.168.0.1 --from test@foo.com --to test@bar.com
此时,程序应该返回如下错误信息:这表示slockd初步的正常工作了。
action=554 blocked using zen.spamhaus.org, see http://bl.extmail.org/cgi/rbl?192.168.0.1
设置slockd开机自启动
shell
# /usr/local/slockd/slockd-init start # echo “/usr/local/slockd/slockd-init start” >> /etc/rc.d/rc.local
54.配置Postfix
slockd调试正常后,必须配置postfix以使其打开对slockd的支持。
编辑main.cf文件
shell
# vi /etc/postfix/main.cf
将 check_policy_service inet:127.0.0.1:10030 这一行记录增加到smtpd_recipient_restrictions 里,例如:
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
check_policy_service inet:127.0.0.1:10030
重新启动postfix以使配置生效
shell
# service postfix restart
注意事项: 上述配置是将slockd的查询放到最后,这也是进一步提高资源利用律的办法,因为有部分功能postfix已实现了,所以就先由postfix检测,如果检测不到再由slockd完成。
55.安装dspam
Dspam的配置主要参考《Dspam+Amavis-new+SA-Clamav for EMOS》
链接: http://www.extmail.org/forum/viewthread.php?tid=10393&extra=&page=1
shell
# yum install dspam-mysql
56.导入 DSPAM 训练库
shell
# cd /root/
# wget http://www.extmail.org/download/misc/dspam/dspam-trained-data.sql.gz # gzip -d dspam-trained-data.sql.gz
# rm -rf /var/lib/mysql/dspam/ (备注:如果没有dspam的库,可以不用执行)
# mysql -u root -p -e “create database dspam”
# mysql -u root -p -e “grant all on dspam.* to dspam@localhost identified by ‘dspam’”
# mysql -u dspam -p dspam dspam < /root/dspam-trained-data.sql
DSPAM的token数据库的定时清理:
shell
# crontab -e
加入以下内容:
0 0 * * * /usr/bin/mysql -u dspam -p'dspam' dspam < /usr/share/dspam/sql/mysql/purge.sql
0 0 * * * /usr/bin/dspam_logrotate -a 30 -d /var/spool/dspam/data
57.配置 dspam.conf 文件
shell
# vi /etc/dspam/dspam.conf
变动内容如下:
DeliveryHost 127.0.0.1
DeliveryPort 10024
DeliveryIdent localhost
DeliveryProto SMTP
Trust extmail
Preference "signatureLocation=headers" # 'message' or 'headers'
Preference "showFactors=off"
MySQLUIDInSignature on
MySQLServer /var/lib/mysql/mysql.sock
MySQLUser dspam
MySQLPass dspam
MySQLDb dspam
MySQLCompress true
MySQLConnectionCache 10
ServerPort 10028
ServerQueueSize 32
ServerPID /var/spool/dspam/dspamd.pid
ServerMode auto
ServerPass.Relay1 "secret"
ServerParameters "--user extmail --deliver=innocent,spam"
ServerIdent "localhost.localdomain"
ClientHost 127.0.0.1
ClientPort 10028
ClientIdent "secret@Relay1"
58.启动 dspam 进程
shell
# chkconfig dspamd on
# service dspamd start
查看dspam启动进程
shell
# ps aux |grep dspam
显示以下内容:
dspam 18407 0.0 0.5 5452 1344 pts/0 S 19:16 0:00 /usr/sbin/dspamd --daemon
root 18412 0.0 0.2 5140 668 pts/0 S+ 19:17 0:00 grep dspamd
59.修改main.cf文件
shell
# vi /etc/postfix/main.cf
增加以下内容:
header_checks = regexp:/etc/postfix/dspam_header_checks
设置邮件标题过滤管理 以防止重复X-DSPAM-Signature标题,可以防止签名被报道为垃圾。这发生在当你从一个已经运行Dspam的服务器收到邮件,或被用于通过伪造的、滥发邮件来阻止你训练数据库,
shell
# vi /etc/postfix/dspam_header_checks
增加以下内容:
/^(X-DSPAM-.*)/ IGNORE
/^(X-Spam-.*)/ IGNORE
重启postfix :
shell
# service postfix restart
60.编辑 amavisd.conf 文件
shell
# vi /etc/amavisd/amavisd.conf
增加以下内容:
$dspam = '/usr/bin/dspam';
@spam_scanners = (
['SpamAssassin', 'Amavis::SpamControl::SpamAssassin'],
['DSPAM', 'Amavis::SpamControl::ExtProg', $dspam,
[ qw(--client --stdout --deliver=spam,innocent --mode=teft --user extmail)],
],
);
SA增加DSpam插件:
shell
# cd /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/
# wget http://www.extmail.org/download/misc/dspam/dspam.pm
编辑 local.cf 文件
shell
# cd /etc/mail/spamassassin/
# wget http://www.extmail.org/download/misc/dspam/dspam.cf # vi local.cf
在下面增加以下内容
include dspam.cf
编辑 init.pre 文件:
shell
# vi init.pre
在下面增加以下内容
loadplugin Mail::SpamAssassin::Plugin::dspam
重启amavisd
shell
# service amavisd restart
61.增加 extmail 的垃圾邮件举报
说明:
Extmail 1.0.9正式加入垃圾邮件举报功能,主要基于(xueron)的补丁包,并进行了一定的调整,使该功能可以兼容DSPAM及Spamassassin两种内容过滤软件的训练。
Extmail1.1.1加入(stvictor)提供的spamassassin举报功能,感谢!
修改 webmail.cf
shell
# vi /var/www/extsuite/extmail/webmail.cf
主要变动的内容如下:
SYS_SPAM_REPORT_ON = 1
SYS_SPAM_REPORT_TYPE = dspam
设置maidrop的全局过滤
shell
# vi /etc/maildroprc
内容如下:
# Decoder for high quality key word filtering
# Author: hzqbbc <hzqbbc@hzqbbc.com> - ExtMail Dev Team
DECODER="/var/www/extsuite/extmail/tools/decode -v"
if ((/^(From|Sender|Return-Path):.*MAILER\-DAEMON/))
{
BADSENDER=1
}
# Custom filter and auto deliver to Junk mailbox support
# need test command and other Unix command
`test -f $HOME/.mailfilter && exit 1 || exit 0`
# No customize filtering rules
if ( $RETURNCODE == 0 )
{
if (/^X-Spam-Flag:.*YES/ || /^X-DSPAM-Result:.*Spam/)
{
exception {
to "$HOME/Maildir/.Junk/."
}
}
}
62.配置DSPAM Web 界面
安装相关的rpm包:
shell
# yum install perl-GDGraph
# yum install perl-GD-Graph3d
# yum install dspam-web
创建dspam-web 认证用户:
shell
# cd /usr/share/dspam/webui/cgi-bin
# echo “extmail” > admins
# htpasswd -c .htpasswd extmail
输入认证密码
New password:
Re-type new password:
Adding password for user extmail
启动 dspam-web 守护进程
shell
# service dspam-webd start
这实际是启动了mini_httpd进程,查看 mini_httpd 是否启动正常:
shell
# ps aux |grep mini
显示以下内容:
dspam 18580 0.0 0.3 4152 820 ? Ss 20:05 0:00 mini_httpd -C /etc/dspam/webui.conf
root 18582 0.0 0.2 5316 668 pts/0 S+ 20:05 0:00 grep mini
重启 apache
shell
# service httpd restart
访问 dspam-web
http://mail.example.com/dspam
输入你在 .htpasswd 文件中创建的用户和密码
63.增加FCGI支持
下载地址: http://www.fastcgi.com/dist/mod_fastcgi-2.4.6.tar.gz
安装mod_fastcgi :
shell
# wget http://www.fastcgi.com/dist/mod_fastcgi-2.4.6.tar.gz # tar xfz mod_fastcgi-2.4.6.tar.gz
# cd mod_fastcgi-2.4.6
# cp Makefile.AP2 Makefile 注意:还原Makefile后情参考本地情况修改Makefile
# vi Makefile
# Makefile for Apache2
#
builddir = .
top_dir = /etc/httpd
top_srcdir = ${top_dir}
top_builddir = /usr/lib64/httpd
include /usr/lib64/httpd/build/special.mk
APXS = apxs
APACHECTL = apachectl
#DEFS=-Dmy_define=my_value
#INCLUDES=-Imy/include/dir
#LIBS=-Lmy/lib/dir -lmylib
#mail.daodaoly.net
INCLUDES=-I /usr/include/httpd -I /usr/include/apr-1
all: local-shared-build
clean:
-rm -f *.o *.lo *.slo *.la
# make install
安装perl-FCGI 除了Apache需要FCGI的支持外,extmail也需要相应的perl-FCGI模块。
shell
# yun install perl-FCGI
配置虚拟主机:
shell
# vi /etc/httpd/conf/vhost_extmail.conf
增加内容如下:
LoadModule fastcgi_module modules/mod_fastcgi.so
<Ifmodule mod_fastcgi.c>
FastCgiExternalServer /usr/bin/dispatch.fcgi -host 127.0.0.1:8888 -idle-timeout 240
</Ifmodule>
#同时,去掉如下行:
#ScriptAlias /extmail/cgi/ /var/www/extsuite/extmail/cgi/
#改为:
Alias /extmail/cgi/ /usr/bin/dispatch.fcgi/ #注意如果发现升级FCIG后主目录不符,可重新alias /extmail
<Location "/extmail/cgi">
SetHandler fastcgi-script
</Location>
重启Apache和fastcgi server开机自启动:
shell
# service httpd restart
# /var/www/extsuite/extmail/dispatch-init start
# echo “/var/www/extsuite/extmail/dispatch-init start” >> /etc/rc.d/rc.local
完。
另外:slockd严格策略导致邮件接受不正常,可以修改/usr/local/slockd/config/whitelist加入
tom.com
sogou.com
10086.cn
hotmail.com
189.cn
qq.com
yahoo.com
eyou.com
yeah.net
foxmail.com
wo.com.cn
各大邮局及其他单位企业邮局
制作EMOS yum
1.wget ftp://www6.extmail.org/emos/EMOS_1.5_Beta2_x86_64.iso 2.mount -t iso9660 -o loop EMOS_1.5_Beta2_x86_64.iso /mnt/EMOS
3.yum install createrepo
4.cd /mnt&createrepo .
5.mkdir CentOS#mv *.repo ./CentOS
6.vi EMOS.repo
[EMOS]
name=EMOS
baseurl=file:///mnt/
enabled=1
gpgcheck=0
7.yum clean all&yum list 如果光盘中缺少的软件,可以切换回中科源进行更新
安装postfix
8.yum install postfix&checkconfig postfix on
9.rpm -e sendmail
10.postconf -n>/etc/postfix/main2.cf&mv main.cf main.cf.old&mv main2.cf main.cf
11.vi main.cf
# hostname
mynetworks = 127.0.0.1
myhostname = mail.extmail.org
mydestination = $mynetworks $myhostname
# banner
mail_name = Postfix - by extmail.org
smtpd_banner = $myhostname ESMTP $mail_name
# response immediately
smtpd_error_sleep_time = 0s
# Message and return code control
message_size_limit = 5242880
mailbox_size_limit = 5242880
show_user_unknown_table_name = no
# Queue lifetime control
bounce_queue_lifetime = 1d
maximal_queue_lifetime = 1d
安装courier-authlib
12.yum install courier-authlib&yum install courier-authlib-mysql
13.vi /etc/authlib/authmysqlrc
MYSQL_SERVER localhost
MYSQL_USERNAME extmail
MYSQL_PASSWORD extmail
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_PORT 3306
MYSQL_OPT 0
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD uidnumber
MYSQL_GID_FIELD gidnumber
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD homedir
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD maildir
MYSQL_QUOTA_FIELD quota
MYSQL_SELECT_CLAUSE SELECT username,password,"",uidnumber,gidnumber,\
CONCAT('/home/domains/',homedir), \
CONCAT('/home/domains/',maildir), \
quota, \
name \
FROM mailbox \
WHERE username = '$(local_part)@$(domain)'
14.vi /etc/authlib/authdeamonrc
authmodulelist="authmysql"
authmodulelistorig="authmysql"
15.service courier-authlib start & chomd 755 /var/spool/authdaemon/
安装maildrop
16.yum install maildrop
17.vi /etc/postfix/master.cf
maildrop unix - n n - - pipe
flags=DRhu user=vuser argv=maildrop -w 90 -d ${user}@${nexthop} ${recipient} ${user} ${extension} {nexthop}
18.vi /etc/postfix/main.cf
maildrop_destination_recipient_limit=1
19.test #maildrop -v ,and diskplay License,see COPYing for additional information.
配置APACHE
20.vi /etc/httpd/conf/httpd.conf
NameVirualHost *:80
include conf/vhost_*.conf
21.vi vhost_extmail.conf
# VirtualHost for ExtMail Solution
<VirtualHost *:80>
ServerName mail.extmail.org
DocumentRoot /var/www/extsuite/extmail/html/
ScriptAlias /extmail/cgi/ /var/www/extsuite/extmail/cgi/
Alias /extmail /var/www/extsuite/extmail/html/
ScriptAlias /extman/cgi/ /var/www/extsuite/extman/cgi/
Alias /extman /var/www/extsuite/extman/html/
# Suexec config
SuexecUserGroup vuser vgroup
</VirtualHost>
22.chkconfig httpd on
安装EXTMAIL
23.yum install extsuite-webmail
24.cd /var/www/extsuite/extmail
25.cp webmail.cf.default webmail.cf
26.vi webmail.cf
SYS_MYSQL_USER=extmail
SYS_MYSQL_PASS=extmail
SYS_MYSQL_DB=extmail
27.chown -R vuser:vgroup /var/www/extsuite/extmail/cgi
安装EXTMAN
28.yum install extsuite-webman
29.chown -R vuser:vgroup /var/www/extsuite/extman/cgi/
30.mkdir /tmp/extman #chown -R vuser:vgroup /tmp/extman
安装MYSQL
31.yum install mysql-server & service mysqld start &chkconfig mysqld on
32.mysql -u root -p </var/www/extsuite/extman/docs/extmail.sql
33.mysql -u root -p </var/www/extsuite/extman/docs/init.sql
设置邮件虚拟域和虚拟用户配置文件
34.cd /var/www/extsuite/extman/docs
35.cp mysql_virtual_*_maps.cf /etc/postfix & rm mysql_virtual_limit_maps.cf
36.vi /etc/postfix/main.cf
# extmail config here
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_transport = maildrop:
37.service postfix restart
38.测试extman登录,如果开启selinux,使用audit2allow等命令将现行规则导入内核
39.配置图形化日志/usr/local/mailgraph_ext/mailgraph-init start
/var/www/extsuite/extman/daemon/cmdserver --daemon
echo "/usr/local/mailgraph_ext/mailgraph-init start" >>/etc/rc.d/rc.local&echo "/var/www/extsuite/extman/daemon/cmdserver -v -d" >>/etc/rc.d/rc.local
安装配置cyrus-sasl
40.rpm -e cyrus-sasl --nodeps&yum install cyrus-sasl
vi /etc/postfix/main.cf
# smtpd related config smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, # SMTP sender login matching config smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, reject_authenticated_sender_login_mismatch, reject_unauthenticated_sender_login_mismatch smtpd_sender_login_maps = mysql:/etc/postfix/mysql_virtual_sender_maps.cf, mysql:/etc/postfix/mysql_virtual_alias_maps.cf # SMTP AUTH config here broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous41.vi /usr/lib/sasl2/smtpd.conf
pwcheck_method: authdaemond log_level: 3 mech_list: PLAIN LOGIN authdaemond_path:/var/spool/authdaemon/socketservice postfix start
test #perl -e 'use MIME::Base64;print encode_base64("postmaster\@extmail.org")
display cG9zdG1hc3RlckBleHRtYWlsLm9yZw==
# perl -e ‘use MIME::Base64; print encode_base64(”extmail”)’
ZXh0bWFpbA==
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.extmail.org ESMTP Postfix - by extmail.org
ehlo demo.domain.tld << 输入内容
250-mail.extmail.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login << 输入内容
334 VXNlcm5hbWU6
cG9zdG1hc3RlckBleHRtYWlsLm9yZw== << 输入内容
334 UGFzc3dvcmQ6
ZXh0bWFpbA== << 输入内容
235 2.0.0 Authentication successful
quit << 输入内容
221 2.0.0 Bye
安装 重新下载编译imap4.2.0 ,EOMS光盘中的imap需要0.60以上的authlib,不与考虑。默认安装/usr/lib/courier-imap/
42.还原imapd/pop3d.dist,不启动imap服务,只启动pop3d,涉及到的AUTH 改为 LOGIN PLAIN
43.cp courier-imap.sysvinit /etc/rc.d/init.d/imapd #chmod 755 #chkconfig -add imapd
44.测试telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK Hello there.
user test@extmail.org << 输入内容
+OK Password required.
pass extmail << 输入内容
+OK logged in.
list << 输入内容
+OK POP3 clients that break here, they violate STD53.
.
quit << 输入内容
+OK Bye-bye.
Connection closed by foreign host. 注意SMTP POP3测试前提存在extmail.org域及用户test
45.安装amavisd-new
shell
# yum install amavisd-new
设置相关目录权限:
shell
# chown -R amavis.amavis /var/spool/vscan/
46.配置SpamAssassin
Amavisd-new 通过Mail::SpamAssassin 模块来调用SA的功能,因此这里配置SA和常规配置SA软件有些区别,主要集中在修改local.cf文件上。
增加中文规则: 用于处理中文(简体)垃圾邮件。
shell
# wget -N -P /usr/share/spamassassin www.ccert.edu.cn/spam/sa/Chinese_rules.cf
设置规则自动更新:
shell
# /usr/bin/crontab -e
然后输入如下的内容:
0 0 1 * * wget -N -P /usr/share/spamassassin www.ccert.edu.cn/spam/sa/Chinese_rules.cf; /etc/init.d/amavisd restart
存盘退出即可。最后运行以下调试命令以确认amavisd没有错误:
shell
# /usr/sbin/amavisd -c /etc/amavisd.conf debug
如果没有异常提示或报错退出则表示一切都正常,按ctrl+c终止,然后正常启动,若提示pid不存在等错误,不必理会。
47.设置amavisd开机自启:
shell
# service amavisd start
# chkconfig amavisd on
48.安装ClamAV
shell
# yum install clamd
编辑clamd.conf文件
shell
# vi /etc/clamd.conf
去掉 ‘LocalSocket /var/run/clamav/clamd.sock’的注释,并注释掉 ‘TCPSocket 3310’,我们将使用unix socket而不是TCP,两者不可并存。
变动内容见下:
# Default: disabled
LocalSocket /var/run/clamav/clamd.sock
#TCPSocket 3310
设置相关目录权限:
将clamav加到amavis运行组里,并调整目录权限,否则clamav将无法扫描amavisd-new产生的临时文件
shell
# gpasswd -a clamav amavis
# usermod -G amavis clamav
# chown amavis.amavis /var/spool/vscan
# chmod 750 /var/spool/vscan
# chown amavis.amavis /var/spool/vscan/tmp
# chmod 750 /var/spool/vscan/tmp
默认的/var/spool/vscan 目录属性是:
drwxr-x--- 5 amavis amavis
对于clamav用户而言,则无任何权限访问该目录,因此maillog里amavisd-new会提示:
May 19 08:38:53 as3 amavis[1752]: (01752-01) ask_av (ClamAV-clamd) FAILED - unexpected result: /var/spool/vscan/tmp/amavis-20050519T
083853-01752/parts: Access denied. ERROR\n
May 19 08:38:53 as3 amavis[1752]: (01752-01) WARN: all primary virus scanners failed, considering backups
启动ClamAV及开机自启:
shell
# service clamd start
# freshclam –daemon
49.配置amavisd.con文件
修改amavisd.conf
shell
# vi /etc/amavisd.conf
修改的主要参数如下:
$mydomain = 'extmail.org';
$db_home = "$MYHOME/db";
$lock_file = "$MYHOME/amavisd.lock"; # -L
$pid_file = "$MYHOME/amavisd.pid"; # -P
$myhostname = 'mail.extmail.org';
@local_domains_maps = qw(.);
@mynetworks = qw( 127.0.0.0/8 );
对本地发出的邮件不进行内容过滤
$policy_bank{'MYNETS'} = { # mail originating from @mynetworks
originating => 1, # is true in MYNETS by default, but let's make it explicit
os_fingerprint_method => undef, # don't query p0f for internal clients
allow_disclaimers => 1, # enables disclaimer insertion if available
bypass_spam_checks_maps => [1],
bypass_banned_checks_maps => [1],
bypass_header_checks_maps => [1],
};
$sa_spam_modifies_subj = 0; # 当邮件被认为是垃圾邮件时,是否修改邮件的主题
$remove_existing_x_scanned_headers= 1; # 凡是经过 Amavisd 过滤的邮件,都会在邮件头中被加入一行邮件头信息
$remove_existing_spam_headers = 1;
# 修改投递/拦截的方法:
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_PASS;
$final_bad_header_destiny = D_PASS;
# 配置Amavisd与Clamav结合
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);
@av_scanners_backup = (
['ClamAV-clamscan', 'clamscan',
"--stdout --no-summary -r --tempdir=$TEMPBASE {}",
[0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);
amavisd.conf常用参数说明:
$max_servers = 10; 设置最大可使用的进程数
$sa_spam_subject_tag = '[SPAM] '; 加 [SPAM] 标记
$mydomain = 'mail.extmail.org'; 设置域名
$myhostname = 'mail.extmail.org'; 设置主机名
@local_domains_maps = qw(.); 对所有的域检查
$sa_tag2_level_deflt = 5.0; 超过这个分数,允许在邮件标题加入[SPAM] 标记
$sa_kill_level_deflt = 5.0; 超过这个分数,直接將信件备份后删除
$final_virus_destiny: 检测到病毒时的动作
$final_banned_destiny: 检测到受禁止的内容时的动作
$final_spam_destiny: 检测到垃圾邮件、广告邮件(spam)时的动作
$final_bad_header_destiny: 检测到不良信件时的动作
默认有以下几种动作:
D_PASS: 无论信件是否有问题,都会将信件发给收件人
D_DISCARD: 信件将被丢弃,并且不会告知收件人及发件人
D_BOUNCE: 信件不会发送给收件人,但会通知发件人邮件没有被投递
D_REJECT: 邮件不会被投递给收件人,但会通知发件人邮件被拒绝
注意事项:
上述$mydomain参数与$myhostname参数相同,主要是为了方便之后的病毒/垃圾汇报邮件发给系统管理员时,能投递到本地的别名里,再转交到虚拟域的特定用户。
50.配置Postfix 集成amavisd-new
增加邮件别名
shell
# vi /etc/postfix/aliases
增加如下信息,注意:默认的aliases数据库里已有一条virusalert的别名,请删除,再输入下面的别名记录,并确保所有记录都是唯一的:
virusalert: root
spam.police: root
postfix: test@extmail.org
保存并执行newaliases命令生成新的别名数据库,重新启动amavisd:
shell
# newaliases
# service amavisd restart
编辑master.cf文件:
shell
# vi /etc/postfix/master.cf
增加如下内容:
smtp-amavis unix - - n - 3 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=10
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
编辑main.cf文件:
shell
# vi /etc/postfix/main.cf
增加如下内容:
# Content-Filter
content_filter = smtp-amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
注意:receive_override_options 这里必须增加,禁止地址展开/影射,否则如果遇到别名的时候会引起冗余邮件的产生。
重启postfix :
shell
# service postfix restart
重新启动amavisd:
shell
# service amavisd restart
51.测试Clamav
shell
# telnet localhost 25
其过程如下:
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.extmail.org ESMTP Postfix - by extmail.org
mail from:<postmaster@extmail.org> << 输入内容
250 2.1.0 Ok
rcpt to:<test@extmail.org> << 输入内容
250 2.1.5 Ok
data << 输入内容
354 End data with .
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* << 输入内容
.
250 2.0.0 Ok: queued as BC24E85260
quit << 输入内容
221 2.0.0 Bye
Connection closed by foreign host.
在邮件日志里,应该有相应的信息出现:
Mar 22 06:43:15 localhost amavis[15405]: (15405-01) Blocked INFECTED (Eicar-Test-Signature), [192.168.0.235] ->, quarantine:
virus-mI6vbjkWZ2Tz, Message-ID: <003401c88c1a$74706360$eb00a8c0@nbk00045>, mail_id: mI6vbjkWZ2Tz, Hits: -, size: 1757, 474 ms
如果看到类似这样的日志,表明Clamav+Amavisd-new工作正常。52.安装Spam_Lockershell
# yum install extsuite-slockd
配置resolv.conf
请确认/etc/resolv.conf里的dns服务器是离你的邮件服务器最近,速度最快的dns server,slockd很依赖dns的好坏,因此给系统配置一个快速的dns能大幅度提高处理速度。以下给出一个配置仅供参考:
shell
# vi /etc/resolv.conf
增加以下内容:
nameserver 202.96.209.6
上述dns服务器是上海电信的DNS服务器,对于非广东朋友,请改为离你最近的DNS服务器IP,如果可能的话,请配置一个简单的bind,成为本地的 dns cache server,可以获得最高性能。这里略过这一步骤,但您必须确保dns的配置是正确并且可靠的,否则slockd将不能工作!
53.测试slockd
启动slockd
shell
# /usr/local/slockd/slockd-init start
此时slockd将启动,并进入非daemon方式的监听模式,接受来自10030端口的请求,命令行下将显示如下调试信息:
Starting spam locker daemon: slockd
starting child 2908
starting child 2909
打开另一个ssh/终端窗口:
shell
# cd /usr/local/slockd/tools
输入:
shell
# perl policy_sig -h localhost -p 10030 --helo FOOBAR --ip 192.168.0.1 --from test@foo.com --to test@bar.com
此时,程序应该返回如下错误信息:这表示slockd初步的正常工作了。
action=554 blocked using zen.spamhaus.org, see http://bl.extmail.org/cgi/rbl?192.168.0.1
设置slockd开机自启动
shell
# /usr/local/slockd/slockd-init start # echo “/usr/local/slockd/slockd-init start” >> /etc/rc.d/rc.local
54.配置Postfix
slockd调试正常后,必须配置postfix以使其打开对slockd的支持。
编辑main.cf文件
shell
# vi /etc/postfix/main.cf
将 check_policy_service inet:127.0.0.1:10030 这一行记录增加到smtpd_recipient_restrictions 里,例如:
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
check_policy_service inet:127.0.0.1:10030
重新启动postfix以使配置生效
shell
# service postfix restart
注意事项: 上述配置是将slockd的查询放到最后,这也是进一步提高资源利用律的办法,因为有部分功能postfix已实现了,所以就先由postfix检测,如果检测不到再由slockd完成。
55.安装dspam
Dspam的配置主要参考《Dspam+Amavis-new+SA-Clamav for EMOS》
链接: http://www.extmail.org/forum/viewthread.php?tid=10393&extra=&page=1
shell
# yum install dspam-mysql
56.导入 DSPAM 训练库
shell
# cd /root/
# wget http://www.extmail.org/download/misc/dspam/dspam-trained-data.sql.gz # gzip -d dspam-trained-data.sql.gz
# rm -rf /var/lib/mysql/dspam/ (备注:如果没有dspam的库,可以不用执行)
# mysql -u root -p -e “create database dspam”
# mysql -u root -p -e “grant all on dspam.* to dspam@localhost identified by ‘dspam’”
# mysql -u dspam -p dspam dspam < /root/dspam-trained-data.sql
DSPAM的token数据库的定时清理:
shell
# crontab -e
加入以下内容:
0 0 * * * /usr/bin/mysql -u dspam -p'dspam' dspam < /usr/share/dspam/sql/mysql/purge.sql
0 0 * * * /usr/bin/dspam_logrotate -a 30 -d /var/spool/dspam/data
57.配置 dspam.conf 文件
shell
# vi /etc/dspam/dspam.conf
变动内容如下:
DeliveryHost 127.0.0.1
DeliveryPort 10024
DeliveryIdent localhost
DeliveryProto SMTP
Trust extmail
Preference "signatureLocation=headers" # 'message' or 'headers'
Preference "showFactors=off"
MySQLUIDInSignature on
MySQLServer /var/lib/mysql/mysql.sock
MySQLUser dspam
MySQLPass dspam
MySQLDb dspam
MySQLCompress true
MySQLConnectionCache 10
ServerPort 10028
ServerQueueSize 32
ServerPID /var/spool/dspam/dspamd.pid
ServerMode auto
ServerPass.Relay1 "secret"
ServerParameters "--user extmail --deliver=innocent,spam"
ServerIdent "localhost.localdomain"
ClientHost 127.0.0.1
ClientPort 10028
ClientIdent "secret@Relay1"
58.启动 dspam 进程
shell
# chkconfig dspamd on
# service dspamd start
查看dspam启动进程
shell
# ps aux |grep dspam
显示以下内容:
dspam 18407 0.0 0.5 5452 1344 pts/0 S 19:16 0:00 /usr/sbin/dspamd --daemon
root 18412 0.0 0.2 5140 668 pts/0 S+ 19:17 0:00 grep dspamd
59.修改main.cf文件
shell
# vi /etc/postfix/main.cf
增加以下内容:
header_checks = regexp:/etc/postfix/dspam_header_checks
设置邮件标题过滤管理 以防止重复X-DSPAM-Signature标题,可以防止签名被报道为垃圾。这发生在当你从一个已经运行Dspam的服务器收到邮件,或被用于通过伪造的、滥发邮件来阻止你训练数据库,
shell
# vi /etc/postfix/dspam_header_checks
增加以下内容:
/^(X-DSPAM-.*)/ IGNORE
/^(X-Spam-.*)/ IGNORE
重启postfix :
shell
# service postfix restart
60.编辑 amavisd.conf 文件
shell
# vi /etc/amavisd/amavisd.conf
增加以下内容:
$dspam = '/usr/bin/dspam';
@spam_scanners = (
['SpamAssassin', 'Amavis::SpamControl::SpamAssassin'],
['DSPAM', 'Amavis::SpamControl::ExtProg', $dspam,
[ qw(--client --stdout --deliver=spam,innocent --mode=teft --user extmail)],
],
);
SA增加DSpam插件:
shell
# cd /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/
# wget http://www.extmail.org/download/misc/dspam/dspam.pm
编辑 local.cf 文件
shell
# cd /etc/mail/spamassassin/
# wget http://www.extmail.org/download/misc/dspam/dspam.cf # vi local.cf
在下面增加以下内容
include dspam.cf
编辑 init.pre 文件:
shell
# vi init.pre
在下面增加以下内容
loadplugin Mail::SpamAssassin::Plugin::dspam
重启amavisd
shell
# service amavisd restart
61.增加 extmail 的垃圾邮件举报
说明:
Extmail 1.0.9正式加入垃圾邮件举报功能,主要基于(xueron)的补丁包,并进行了一定的调整,使该功能可以兼容DSPAM及Spamassassin两种内容过滤软件的训练。
Extmail1.1.1加入(stvictor)提供的spamassassin举报功能,感谢!
修改 webmail.cf
shell
# vi /var/www/extsuite/extmail/webmail.cf
主要变动的内容如下:
SYS_SPAM_REPORT_ON = 1
SYS_SPAM_REPORT_TYPE = dspam
设置maidrop的全局过滤
shell
# vi /etc/maildroprc
内容如下:
# Decoder for high quality key word filtering
# Author: hzqbbc <hzqbbc@hzqbbc.com> - ExtMail Dev Team
DECODER="/var/www/extsuite/extmail/tools/decode -v"
if ((/^(From|Sender|Return-Path):.*MAILER\-DAEMON/))
{
BADSENDER=1
}
# Custom filter and auto deliver to Junk mailbox support
# need test command and other Unix command
`test -f $HOME/.mailfilter && exit 1 || exit 0`
# No customize filtering rules
if ( $RETURNCODE == 0 )
{
if (/^X-Spam-Flag:.*YES/ || /^X-DSPAM-Result:.*Spam/)
{
exception {
to "$HOME/Maildir/.Junk/."
}
}
}
62.配置DSPAM Web 界面
安装相关的rpm包:
shell
# yum install perl-GDGraph
# yum install perl-GD-Graph3d
# yum install dspam-web
创建dspam-web 认证用户:
shell
# cd /usr/share/dspam/webui/cgi-bin
# echo “extmail” > admins
# htpasswd -c .htpasswd extmail
输入认证密码
New password:
Re-type new password:
Adding password for user extmail
启动 dspam-web 守护进程
shell
# service dspam-webd start
这实际是启动了mini_httpd进程,查看 mini_httpd 是否启动正常:
shell
# ps aux |grep mini
显示以下内容:
dspam 18580 0.0 0.3 4152 820 ? Ss 20:05 0:00 mini_httpd -C /etc/dspam/webui.conf
root 18582 0.0 0.2 5316 668 pts/0 S+ 20:05 0:00 grep mini
重启 apache
shell
# service httpd restart
访问 dspam-web
http://mail.example.com/dspam
输入你在 .htpasswd 文件中创建的用户和密码
63.增加FCGI支持
下载地址: http://www.fastcgi.com/dist/mod_fastcgi-2.4.6.tar.gz
安装mod_fastcgi :
shell
# wget http://www.fastcgi.com/dist/mod_fastcgi-2.4.6.tar.gz # tar xfz mod_fastcgi-2.4.6.tar.gz
# cd mod_fastcgi-2.4.6
# cp Makefile.AP2 Makefile 注意:还原Makefile后情参考本地情况修改Makefile
# vi Makefile
# Makefile for Apache2
#
builddir = .
top_dir = /etc/httpd
top_srcdir = ${top_dir}
top_builddir = /usr/lib64/httpd
include /usr/lib64/httpd/build/special.mk
APXS = apxs
APACHECTL = apachectl
#DEFS=-Dmy_define=my_value
#INCLUDES=-Imy/include/dir
#LIBS=-Lmy/lib/dir -lmylib
#mail.daodaoly.net
INCLUDES=-I /usr/include/httpd -I /usr/include/apr-1
all: local-shared-build
clean:
-rm -f *.o *.lo *.slo *.la
# make install
安装perl-FCGI 除了Apache需要FCGI的支持外,extmail也需要相应的perl-FCGI模块。
shell
# yun install perl-FCGI
配置虚拟主机:
shell
# vi /etc/httpd/conf/vhost_extmail.conf
增加内容如下:
LoadModule fastcgi_module modules/mod_fastcgi.so
<Ifmodule mod_fastcgi.c>
FastCgiExternalServer /usr/bin/dispatch.fcgi -host 127.0.0.1:8888 -idle-timeout 240
</Ifmodule>
#同时,去掉如下行:
#ScriptAlias /extmail/cgi/ /var/www/extsuite/extmail/cgi/
#改为:
Alias /extmail/cgi/ /usr/bin/dispatch.fcgi/ #注意如果发现升级FCIG后主目录不符,可重新alias /extmail
<Location "/extmail/cgi">
SetHandler fastcgi-script
</Location>
重启Apache和fastcgi server开机自启动:
shell
# service httpd restart
# /var/www/extsuite/extmail/dispatch-init start
# echo “/var/www/extsuite/extmail/dispatch-init start” >> /etc/rc.d/rc.local
完。
另外:slockd严格策略导致邮件接受不正常,可以修改/usr/local/slockd/config/whitelist加入
tom.com
sogou.com
10086.cn
hotmail.com
189.cn
qq.com
yahoo.com
eyou.com
yeah.net
foxmail.com
wo.com.cn
各大邮局及其他单位企业邮局
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 黑马韩前成Linux入门到精通の速搭建EXTmail邮件服务器
- extmail搭建
- POSTFIX+Extmail邮件系统搭建(完整版)系列之五
- Extmail邮件服务器centos搭建(一)
- Extmail简单搭建
- CentOS7下搭建postfix邮件服务器实现extmail的web访问
- postfix+extmail搭建web邮件服务器
- Extmail邮件服务器centos搭建(二)
- CentOS7下搭建postfix邮件服务器实现extmail的web访问 推荐
- Centos5.5搭建postfix邮件服务器:Postfix+extmail
- centos5.6 postfix+extmail 邮件服务器 搭建
- linux 下搭建开源的extmail 推荐
- EMOS-Extmail 搭建和部署实战笔记 三
- 在Lamp平台上基于postfix+mysql+dovecot+sasl+courier-authlib+extmail+extman搭建企业级邮件系统
- POSTFIX+Extmail邮件系统搭建(完整版)系列之一
- CentOS7下搭建postfix邮箱服务器并实现extmail的web访问
- Linux下源码搭建extmail邮件服务器
- 搭建postfix安装Extmail
- centos下Extmail的搭建
- POSTFIX+Extmail邮件系统搭建(完整版)系列之二