实验环境: 网络域名:51test.com DNS主机名称:mail.51test.com DNS主机IP地址:192.168.1.233 邮件主机名称:mail.51test.com 邮件主机IP地址:192.168.1.233 操作系统:centos4.3 不启动SELinux服务: 1、DNS服务器的配置: dns: mail.51test.com MX: mail.51test.com 2、安装所需要的软件清单: postfix-2.2.5-3.rhel4.rpm postfix-pflogsumm-2.1.5-4.2.rhel4.rpm ---〉没装? cyrus-sasl-2.1.19-5.rhel4.i386.rpm dovecot-0.99.11-2.rhel4.1.rpm httpd-2.0.52-12.ent.rpm perl-Text-Iconv-1.4-1.2.el4.rf.i386.rpm perl-suidperl-5.8.5-12.1.1.i386.rpm perl-Compress-Zlib-1.34-1.2.el4.rf.i386.rpm perl-CGI-SpeedyCGI-2.22-1.2.el4.rf.i386.rpm perl-5.8.5-12.1.i386.rpm---〉没装 openwebmail-2.51-1.i386.rpm 3、postfix的安装过程: 4.3自带.已经装了. 4、启动postfix dovecot服务过程: # service postfix start Starting postfix: [ 确定 ] # service dovecot start 启动 Dovecot Imap: [ 确定 ] 5、修改/etc/dovecot.conf文件: #protocols = imap imap3 更改为: protocols = imap imap3 pop3 pop3s (启动imap imap3 pop3 pop3s功能) # service dovecot restart(重新启动dovecot服务) 停止 Dovecot Imap: [ 确定 ] 启动 Dovecot Imap: [ 确定 ] 6.1修改/etc/postfix/main.cf文件: #myhostname = host.domain.tld 更改为: myhostname = mail.51test.com (指定运行Postfix邮件系统的主机名称) #mydomain = domain.tld 更改为: mydomain = 51test.com (指定Postfix邮件系统使用的域名比例:easy.com) #myorigin = $mydomain 更改为: myorigin = 51test.com (指定发件人所在的域名比例:easy.com) #inet_interfaces = all 更改为: Inet_interfaces =all (指定Postfix邮件系统监视的网络接口) #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain, www.$mydomain , ftp.$mydomain 更改为: mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain, www.$mydomain , ftp.$mydomain (指定Postfix接收邮件时收件人的域名) relay_domains = $mydestination ← 变为此状态,定义允许转发的域名 #mynetworks = 168.100.189.0/28, 127.0.0.0/8 ← 找到此行,依照自己的内网情况修改 ↓ mynetworks = 192.168.1.0/24, 127.0.0.0/8 ← 变为此状态,指定内网和本地的IP地址范围 #smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) ← 找到这一行,接此行添加如下行: smtpd_banner = $myhostname ESMTP unknow ← 添加这一行,不显示SMTP服务器的相关信息 在配置文件的文尾,添加如下行: #SASL SMTP验证 smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated , reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unauth_destination smtpd_client_restrictions = permit_sasl_authenticated 6.2 配置SMTP认证的相关选项 [root@sample ~]# vi /usr/lib/sasl2/smtpd.conf pwcheck_method: saslauthd log_level:3 mech_list:PLAIN LOGIN [root@sample ~]# vi /etc/sysconfig/saslauthd FLAGS=pam ← 定义认证方式为pam 6.3关闭sendmail服务及设置默认MTA 因为在用Postfix作为SMTP服务器的前提下,我们不准备再用sendmail,所以将sendmail服务关掉,以确保安全及节省系统资源。 [root@sample ~]# /etc/rc.d/init.d/sendmail stop ← 关闭sendmail服务 Shutting down sendmail: [ OK ] Shutting down sm-client: [ OK ] [root@sample ~]# chkconfig sendmail off ← 关闭sendmail自启动 [root@sample ~]# chkconfig --list sendmail ← 确认sendmail自启动已被关闭(都为off就OK) sendmail 0:off 1:off 2:off 3:off 4:off 5:off 6:off 6.4然后再将默认的MTA设置为Postfix。 [root@sample ~]# alternatives --config mta ← 设置默认MTA There are 2 programs which provide 'mta'. Selection Command ----------------------------------------------- * 1 /usr/sbin/sendmail.sendmail ← 当前状态:sendmail为默认MTA 2 /usr/sbin/sendmail.postfix Enter to keep the current selection[ ], or type selection number: 2 ← 在这里输入2,使Postfix成为默认MTA 6.5最后,启动SMTP认证及Postfix服务,并设置相应服务为自启动。 [root@sample ~]# chkconfig saslauthd on ← 将SMTP-Auth设置为自启动 [root@sample ~]# chkconfig --list saslauthd ← 确认SMTP-Auth服务状态 saslauthd 0:off 1:off 2:on 3:on 4:on 5:on 6:off ← 确认2~5为on的状态就OK [root@sample ~]# /etc/rc.d/init.d/saslauthd start ← 启动SMTP-Auth Starting saslauthd: [ OK ] [root@sample ~]# chkconfig postfix on ← 将Postfix设置为自启动 [root@sample ~]# chkconfig --list postfix ← 确认Postfix服务状态 postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off ← 确认2~5为on的状态就OK [root@sample ~]# /etc/rc.d/init.d/postfix start ← 启动Postfix Starting postfix: [ OK ] 至此,就完成了SMTP服务器方面的配置. 7、端口测试: #telnet localhost 25 Trying 127.0.0.1... Connected to localhost (127.0.0.1). Escape character is '^]'. 220 gdgz51.3322.org ESMTP Postfix ehlo localhost 250-gdgz51.3322.org 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN quit 221 Bye Connection closed by foreign host. # telnet localhost 110 Trying 127.0.0.1... Connected to localhost (127.0.0.1). Escape character is '^]'. OK dovecot ready. user szj OK pass xdfsdf OK Logged in. list OK 0 messages: . quit OK Logging out. Connection closed by foreign host. 8、安装openwebmail 2.51软件: # service httpd restart (启动httpd服务) 停止 httpd: [ 确定 ] 启动 httpd: [ 确定 ] # rpm -ivh perl-5.8.5-12.1.i386.rpm --->没装? # rpm -ivh perl-CGI-SpeedyCGI-2.22-1.2.el4.rf.i386.rpm # rpm -ivh perl-Compress-Zlib-1.34-1.2.el4.rf.i386.rpm # rpm -ivh perl-suidperl-5.8.5-12.1.1.i386.rpm # rpm -ivh perl-Text-Iconv-1.4-1.2.el4.rf.i386.rpm # rpm -ivh openwebmail-2.51-1.i386.rpmwarning: openwebmail-2.51-1.i386.rpm: V3 DSA signature: NOKEY, key ID cfb164d8 Preparing... ######################################### [100%] 1:openwebmail ###################################### [100%] # cd /var/www/cgi-bin/openwebmail/ # ./openwebmail-tool.pl --init 9、修改 /var/www/cgi-bin/openwebmail/etc/openwebmail.conf 文件: domainnames auto 更改为: domainnames 51test.com (更改为自己定义的域名) default_language en 更改为: default_language zh_CN.GB2312 (更改为简体中文版介面) default_iconset Cool3D.Englist 更改为: default_iconset Cool3D.Chinese.Simplified (更改为中文3D按键) 10、修改/var/www/cgi-bin/openwebmail/etc/defaults/openwebmail.conf文件: smtpserver 127.0.0.1 更改为: smtpserver 192.168.1.223 (更改smtp服务器的地址) authpop3_server localhost 更改为: authpop3_server 192.168.1.223 (更改pop3服务器的地址) 11、修改/var/www/cgi-bin/openwebmail/etc/defaults/dbm.conf文件: dbmopen_ext none 更改为: dbmopen_ext .db dbmopen_haslock no 更改为: dbmopen_haslock yes smtpserver 192.168.1.223 (添加smtp服务器的地址) 12.1继续运行openwebmail-tool.pl文件: # ./openwebmail-tool.pl --init Send the site report?(Y/n) y (输入y,然后按回车键) 12.2 添加系统用户和密码 #useradd -s /sbin/nologin szjj #passwd szjj 13.扩展功能(可以不做): 1).增加限制用户发送电子邮的权限: 用户权限说明: Fandy不受发送限制(可以无限制的发送和接收Interanl、internet的电子邮件); Yer、Biao受到发送限制(只可以发送和接收Internal内的电子邮件); # useradd fandy(增加本地用户:fandy) # useradd yer(增加本地用户:yer) # useradd biao(增加本地用户:biao) # passwd yer(设置本地yer用户的密码) Changing password for user yer. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully. # passwd fandy(设置本地fandy用户的密码) Changing password for user fandy. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully. # passwd biao(设置本地biao用户的密码) Changing password for user biao. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully. 在main.cf文件中增加以下的代码: # restrictions smtpd_restriction_classes = local_only local_only = check_recipient_access hash:/etc/postfix/local_domains, reject smtpd_recipient_restrictions =check_sender_access hash:/etc/postfix/local_senderspermit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_sender,reject_non_f qdn_recipient,reject_unauth_destination,reject_unauth_pipelining,reject_invalid_hostname 在/etc/postfix/目录下建立local_senders文件,内容如下: yer@51test.com local_only biao@51test.com local_only 在/etc/postfix/目录下建立local_domains文件,内容如下: 51test.com OK mail.51test.com OK 为local_senders、local_domains两个文件建立hash: # postmap hash:/etc/postfix/local_senders # postmap hash:/etc/postfix/local_domains 当 yer@51test.com 和 biao@51test.com 两个用户向其它域发送邮件时会出现以下的 错误信息: 554 5.7.1 : Sender address rejected: Access denied 554 5.7.1 : Sender address rejected: Access denied 14。打开服务器的110和25端口 如果对外有防火墙或者路由器,也要把它们的110和25口对外打开,否则会收不到信. 15.Postfix安装笔记2之防毒,过滤篇 15.1.下载MailScanner, ClamAV 0.88 #wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailScanner-4.51.5-1.rpm.tar.gz #wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz # tar -zxvf MailScanner-4.51.5-1.rpm.tar.gz #tar -zxvf install-Clam-SA.tar.gz # cd MailScanner-4.51.5-1 # ./install.sh # cd install-Clam-SA # ./install.sh 注: 这两步的过程比较长,可以先泡杯茶……. 15.2.配置: vi /etc/mail/spamassassin/init.pre 激活下面两个插件(去掉前面的 # ): loadplugin Mail::SpamAssassin::Plugin::DCC loadplugin Mail::SpamAssassin::Plugin::Razor2 # vi /etc/MailScanner/MailScanner.conf 修改下面几项: Run As User = postfix Run As Group = postfix MTA = postfix %org-name% = yayaa.net %org-long-name% = YY %web-site% = www.yayaa.net 确保下面几项正确: Incoming Queue Dir = /var/spool/mqueue.in Outgoing Queue Dir = /var/spool/mqueue Virus Scanners = auto Use SpamAssassin = yes #mkdir /var/spool/mqueue #chown postfix:postfix /var/spool/mqueue #chown postfix:postfix /var/spool/MailScanner/incoming #chown postfix:postfix /var/spool/MailScanner/quarantine #chown -R postfix:postfix /var/spool/mqueue.in #chown –R postfix:postfix /var/spool/postfix 开机自启动: #chkconfig spamassassin on #service spamassassin restart #chkconfig postfix off # chkconfig MailScanner on 15.3.定时自动更新 使用CCERT 中文垃圾邮件过滤规则集Chinese_rules.cf #wget -N -P /usr/share/spamassassin www.ccert.edu.cn/spam/sa/Chinese_rules.cf 定时更新:SA # crontab –e 0 0 1 * * wget -N -P /usr/share/spamassassin www.ccert.edu.cn/spam/sa/Chinese_rules.cf;/etc/init.d/spamassassin restart;/etc/init.d/spamassassin restart # sa-learn --sync -D -p user_prefs (建立学习系统) #sa-learn --dump all(查看自学习的数据信息) 定时更新:ClamAV #vi /usr/local/etc/freshclam.conf 去掉下面几句前面的 # UpdateLogFile /var/log/freshclam.log LogSyslog PidFile /var/run/freshclam.pid #vi /usr/local/etc/clamd.conf LogFile /var/log/clamav/clamd.log LogFileMaxSize 2M LogTime PidFile /var/run/clamd.pid LogSyslog ScanMail #touch /var/log/freshclam.log #chmod 644 /var/log/freshclam.log #chown clamav:clamav /var/log/freshclam.log #mkdir /var/log/clamav #touch /var/log/clamav/clamd.log #chown –R clamav:clamav /var/log/clamav #chmod –R 644 /var/log/clamav #crontab –e 0 1 * * * freshclam --quiet -l /var/log/freshclam.log 15.4.重新启动,测试 #reboot #tail –f /var/log/maillog |grep MailScanner 16、测试webmail方式收发电子邮件: 在ie中输入以下地址: http://192.168.1.223/cgi-bin/openwebmail/openwebmail.pl 17。用OUTLOOK或者FOXMAIL测试。 选中”我的服务器要求身份验证“ 自己给自己写封信,发,再收。测试。 给外网的邮箱发信,再回复。测试。 |
|小黑屋|最新主题|手机版|微赢网络技术论坛 ( 苏ICP备08020429号 )
GMT+8, 2024-9-30 09:36 , Processed in 0.176686 second(s), 12 queries , Gzip On, MemCache On.
Powered by Discuz! X3.5
© 2001-2023 Discuz! Team.