在FreeBSD7.0上构建基于postfix的邮件系统(第一部分)
在FreeBSD7.0上构建基于postfix的邮件系统第一部分本文参考http://www.chinaunix.net/jh/5/1119098.html,进行了细化整理,Mailman+ClamAv的安装在第二部分。1. 邮件系统邮件系统原理系统架构图+---------------------------------------------------+|
在FreeBSD7.0上构建基于postfix的邮件系统
第一部分
本文参考http://www.chinaunix.net/jh/5/1119098.html,进行了细化整理,Mailman+ClamAv的安装在第二部分。
1. 邮件系统
邮件系统原理
系统架构图
+---------------------------------------------------+ | | | 80/443 25/25 110/993 143/995 | | webmail smtp POP3 IMAP | | // // // // | | || || || || | | // // // // | +---------+-------------+---------------------------+ | | | | | extman |Postfix(MTA) | Courier-IMAP | | extmail |maildrop(MDA)| | | +---+ +-------+---------------------------+ | | | Cyrus-| | | | | SASL | | | | +-------+ | | | | Courier-authlib | | | | | +------+--------+-----------------------------------+ | MySQL | +---------------------------------------------------+
邮件解决方案软件构成
整个邮件解决方案由如下软件组成:
|
功能模块 |
内容 |
备注 |
|
操作系统(OS) |
FreeBSD |
FreeBSD是一个优秀的unix操作系统,基于宽松的BSD协议 |
|
数据库/目录服务 |
MySQL 5.0 |
可选openLDAP或NetScape LDAP,本文以MySQL为蓝本 |
|
Web 服务器 |
Apache 2.0.x |
Apache web服务器,支持ssl模块 |
|
SMTP认证库 |
Cyrus SASL 2.1x |
标准的SASL实现库,可以支持Courier authlib |
|
其他数据认证库 |
Courier Authlib 0.60 |
authlib是maildrop, courier-imap等服务的关键部件 |
|
邮件传输代理(MTA) |
Postfix 2.5.1 |
使用最新版本2.5.1 |
|
邮件投递代理(MDA) |
maildrop 2.0.x |
支持过滤和强大功能 |
|
POP3 服务器 |
Courier-IMAP |
支持pop3/pop3s/imap/imaps,功能强大,可根据需要选择 |
|
Web帐户管理后台 |
ExtMan 0.2.4 |
支持无限域名、无限用户 |
|
WebMail 系统 |
ExtMail 1.0.4 |
支持多语言、全部模板化,功能基本齐全 |
|
防病毒软件(AntiVirus) |
ClamAV 0.92 |
最热门的开源杀毒软件 |
|
SMTP阶段反垃圾邮件工具 |
Spam Locker 0.10 |
基于SMTP行为识别的Antispam软件,大量可选插件,本次没有安装 |
|
内容过滤器 |
Amavisd-new 2.5.x |
Content-Filter软件,支持与clamav/sa的挂接,本次没有安装 |
|
内容级别的反垃圾邮件工具 |
SpamAssassin |
著名的SA,可以支持大量规则,但速度慢,本次没有安装 |
|
日志分析及显示 |
mailgraph_ext |
在ExtMan中已经包含了 |
2. 基本环境安装
操作系统安装
操作系统的安装建议参考FreeBSD Handbook,在此仅给出链接,以避免不必要的重复劳动:
英文版
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install.html
中文版
http://cnsnap.cn.freebsd.org/doc/zh_CN.GB2312/books/handbook/install.html
安装时的注意事项
1,磁盘分区
由于是邮件系统,相关的日志和queue都会保存在var分区内,因此var分区要有足够的空间。以一块硬盘73G/内存3G的服务器为例,可做如下分区:
/ 512m
swap 4096m
/var 5g
/tmp 512m
/usr 8g(尽量保证有10G左右)
/home 50g(剩下所有的空间)
2,软件包的选择
邮件系统是要对外服务的,所以尽可能少的选择软件包,安装时建议选择Minimal,然后进入Custom选择doc,info,man,src即可。
配置
1,编辑/etc/rc.conf确保有如下内容:
sshd_enable="YES"
named_enable="YES"
sendmail_enable="NONE"
编辑/etc/resolv.conf确保第一条nameserver记录是127.0.0.1,这样本地DNS缓存才有效,类似如下:
domain extmail.org
nameserver 127.0.0.1
nameserver 202.106.0.20
然后执行如下命令:
/etc/rc.d/named start
2,根据硬件的配置重新编译内核,编译内核的办法参考FreeBSD Handbook,这里只给出链接:
英文版
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html
中文版
http://cnsnap.cn.freebsd.org/doc/zh_CN.GB2312/books/handbook/kernelconfig.html
编译后系统的性能将得到较大的提升.
更新ports
根据你的情况执行
cvsup -gL2 /usr/share/examples/cvsup/ports-supfile -h cvsup.freebsdchina.org
或者
portsnap fetch && portsnap update
下载配置包
基本假定
整个系统的安装全过程都要求以root身份执行。并能够访问Internet。
安装前的准备
增加一个存储邮件的帐号和组(vmail)
执行如下命令
pw group add vmail -g 1000
pw user add vmail -u 1000 -g 1000 -s /sbin/nologin -d /dev/null
安装mysql
cd /usr/ports/databases/mysql50-server/ && make WITH_CHARSET=utf8 WITH_XCHARSET=all WITH_PROC_SCOPE_PTH=yes BUILD_OPTIMIZED=yes BUILD_STATIC=yes SKIP_DNS_CHECK=yes WITHOUT_INNODB=yes install clean
编辑/etc/rc.conf
ee /etc/rc.conf
mysql_enable="YES"
复制 MySQL 配置文件
cp /usr/local/share/mysql/my-small.cnf /usr/local/etc/my.cnf
ee /usr/local/etc/my.cnf
在[mysqld]组中加入下面的内容,部分内容看来如下
[mysqld]
bind_address=127.0.0.1
将mysql端口绑定到127.0.0.1主要因为该服务器只为本站提供服务,为了增加安全性,所以这样做。
启动 mysql-server
/usr/local/bin/mysql_install_db --user=mysql
/usr/local/etc/rc.d/mysql-server start
修改root用户的密码
/usr/local/bin/mysqladmin -u root -p password
Enter password:
安装 openssl
cd /usr/ports/security/openssl/ && make install clean
安装配置文件
cp /usr/local/openssl/openssl.cnf.sample /usr/local/openssl/openssl.cnf
安装apache
cd /usr/ports/www/apache2/ && make WITH_SUEXEC=yes SUEXEC_DOCROOT=/usr/local/www WITH_MPM=worker WITHOUT_IPV6=yes WITH_THREADS=yes install clean
3. 邮件服务器安装配置
安装配置courier-imap POP3/IMAP
安装courier-imap也会安装Courier-authlib
Courier-IMAP是一个提供POP3、IMAP服务的程序,能够很方便的配置使其支持加密协议POP3s、IMAPs。并良好的支持Maildir。
Courier-imap的安装
安装时选择(如果使用MySQL认证,则选择AUTH_MYSQL):
OPENSSL
TRASHQUOTA
AUTH_MYSQL
cd /usr/ports/mail/courier-imap/ && make install clean
安装时选择 TRASHQUOTA AUTH_MYSQL
Authlib的配置
mv /usr/local/etc/authlib/authdaemonrc /usr/local/etc/authlib/authdaemonrc.bak
编辑/usr/local/etc/authlib/authdaemonrc文件,内容类似如下:
authmodulelist="authmysql"
authmodulelistorig="authmysql"
version="authdaemond.mysql"
daemons=5
authdaemonvar=/var/run/authdaemond
subsystem=mail
DEBUG_LOGIN=0
DEFAULTOPTIONS="wbnodsn=1"
LOGGEROPTS=""
增加/var/run/authdaemond的执行权限,在FreeBSD系统下,其他用户默认没有执行权限
chmod +x /var/run/authdaemond
mv /usr/local/etc/authlib/authmysqlrc /usr/local/etc/authlib/authmysqlrc.bak
编辑/usr/local/etc/authlib/authmysqlrc文件,内容类似如下:
MYSQL_SERVER localhost
MYSQL_USERNAME extmail
MYSQL_PASSWORD extmail
MYSQL_PORT 0
MYSQL_OPT 0
MYSQL_DATABASE extmail
MYSQL_SELECT_CLAUSE SELECT username,password,"",uidnumber,gidnumber,/
CONCAT'/home/domains/',homedir), /
CONCAT('/home/domains/',maildir), /
quota, /
name /
FROM mailbox /
WHERE username = '$(local_part)@$(domain)'
配置支持POP3s
拷贝一份配置文件
cp /usr/local/etc/courier-imap/pop3d.cnf.dist /usr/local/etc/courier-imap/pop3d.cnf
编辑/usr/local/etc/courier-imap/pop3d.cnf文件,类似如下:
RANDFILE = /usr/local/share/courier-imap/pop3d.rand
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
C=CN
ST=BJ
L=Bei Jing
O=Extmail
OU=Extmail
CN=extmail.org
emailAddress=sunwindrain@sohu.com
[ cert_type ]
nsCertType = server
执行如下命令产生供POP3s使用的证书
/usr/local/sbin/mkpop3dcert
配置支持IMAPs
拷贝一份配置文件
cp /usr/local/etc/courier-imap/imapd.cnf.dist /usr/local/etc/courier-imap/imapd.cnf
编辑/usr/local/etc/courier-imap/imapd.cnf文件,类似如下:
RANDFILE = /usr/local/share/courier-imap/imapd.rand
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
C=CN
ST=BJ
L=Bei Jing
O=Extmail
OU=Extmail
CN=extmail.org
emailAddress=sunwindrain@sohu.com
[ cert_type ]
nsCertType = server
执行如下命令产生供IMAP使用的证书
/usr/local/sbin/mkimapdcert
配置自动启动
编辑/etc/rc.conf文件,添加如下行:
courier_authdaemond_enable="YES"
courier_imap_pop3d_enable="YES"
courier_imap_imapd_enable="YES"
courier_imap_pop3d_ssl_enable="YES"
courier_imap_imapd_ssl_enable="YES"
这5行的作用分别是在开机时:启动authdaemond,启动pop3d,启动imapd,启动pop3d-ssl,启动imapd-ssl。也可以使用命令行来控制这些进程的启动或者停止。
/usr/local/etc/rc.d/courier-authdaemond start/stop
/usr/local/etc/rc.d/courier-imap-pop3d start/stop
/usr/local/etc/rc.d/courier-imap-imapd start/stop
/usr/local/etc/rc.d/courier-imap-pop3d-ssl start/stop
/usr/local/etc/rc.d/courier-imap-imapd-ssl start/stop
Postfix的安装和配置-MTA
MTA在邮件系统中处于非常重要的位置,负责接收其他人发的信,并且负责把信转发到目的地。选择一个可靠的MTA对建立邮件来说意义重大,因此选择Postfix)。另外MTA部分在邮件系统中的开发难度是最高的,起到的作用也是最大的,因此也常拿MTA的名字来称呼整个邮件系统,比如:常说的邮件系统Postfix。
安装postfix
安装时选择(如果使用MySQL验证,可以选择MYSQL):
PCRE
SASL2
TLS
MYSQL
VDA
TEST
cd /usr/ports/mail/postfix/ && make install clean
安装时选择PCRE SASL2 TLS MYSQL VDA TEST
postconf mail_version
配置postfix
编辑/etc/rc.conf,增加如下一行
postfix_enable="YES"
编辑/etc/aliases,确保有如下一行
postfix: root
替换掉系统带的sendmail程序
mv /usr/sbin/sendmail /usr/sbin/sendmail.bak
cp /usr/local/sbin/sendmail /usr/sbin/sendmail
编辑/etc/periodic.conf,加入如下内容,禁掉sendmail的自动维护。
daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"
执行如下命令
/usr/local/sbin/postalias /etc/aliases
chown postfix:postfix /etc/opiekeys
/usr/local/sbin/postconf -e 'mydomain = extmail.org'
/usr/local/sbin/postconf -e 'myhostname = mail.extmail.org'
/usr/local/sbin/postconf -e 'myorigin = $mydomain'
/usr/local/sbin/postconf -e 'virtual_mailbox_base = /home/domains'
/usr/local/sbin/postconf -e 'virtual_uid_maps=static:1000'
/usr/local/sbin/postconf -e 'virtual_gid_maps=static:1000'
执行如下命令对查询表进行配置
cp /usr/local/www/extman/docs/mysql_virtual_* /usr/local/etc/postfix/
/usr/local/sbin/postconf -e 'virtual_alias_maps = $alias_maps, mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf'
/usr/local/sbin/postconf -e 'virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf'
/usr/local/sbin/postconf -e 'virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf'
SMTP认证设置
编辑/usr/local/lib/sasl2/smtpd.conf
pwcheck_method:authdaemond
log_level:3
mech_list:PLAIN LOGIN
authdaemond_path:/var/run/authdaemond/socket
对postfix做如下配置使支持smtp认证
/usr/local/sbin/postconf -e 'smtpd_sasl_auth_enable=yes'
/usr/local/sbin/postconf -e 'broken_sasl_auth_clients = yes'
/usr/local/sbin/postconf -e 'smtpd_sasl_local_domain = $myhostname'
postfix反垃圾设置
此处的反垃圾邮件只是在MTA级的一些预防垃圾邮件的设置,可根据实际情况以及自己的需要进行调整。
/usr/local/sbin/postconf -e 'smtpd_helo_required=yes'
/usr/local/sbin/postconf -e 'smtpd_delay_reject=yes'
/usr/local/sbin/postconf -e 'disable_vrfy_command=yes'
/usr/local/sbin/postconf -e 'smtpd_client_restrictions = check_client_access hash:/usr/local/etc/postfix/client_access'
/usr/local/sbin/postconf -e 'smtpd_helo_restrictions=reject_invalid_hostname,check_helo_access hash:/usr/local/etc/postfix/helo_access'
/usr/local/sbin/postconf -e 'smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, check_sender_access hash:/usr/local/etc/postfix/sender_access'
/usr/local/sbin/postconf -e 'smtpd_recipient_restrictions=permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain'
/usr/local/sbin/postconf -e 'smtpd_data_restrictions=reject_unauth_pipelining'
/usr/local/sbin/postconf -e 'header_checks = regexp:/usr/local/etc/postfix/head_checks'
/usr/local/sbin/postconf -e 'body_checks = regexp:/usr/local/etc/postfix/body_checks'
touch /usr/local/etc/postfix/head_checks
touch /usr/local/etc/postfix/body_checks
touch /usr/local/etc/postfix/client_access
touch /usr/local/etc/postfix/sender_access
touch /usr/local/etc/postfix/helo_access
/usr/local/sbin/postmap /usr/local/etc/postfix/head_checks
/usr/local/sbin/postmap /usr/local/etc/postfix/body_checks
/usr/local/sbin/postmap /usr/local/etc/postfix/client_access
/usr/local/sbin/postmap /usr/local/etc/postfix/sender_access
/usr/local/sbin/postmap /usr/local/etc/postfix/helo_access
TLS设置
生成证书,在这里默认私钥的访问密码为123qwe98,请根据自己的情况决定,以后可能会用得到。
mkdir -p /usr/local/etc/postfix/certs/CA
cd /usr/local/etc/postfix/certs/CA
mkdir certs crl newcerts private
echo "01" > serial
touch index.txt
cp /usr/local/openssl/openssl.cnf .
编辑openssl.cnf,确认dir参数的值是/usr/local/etc/postfix/certs/CA。然后继续执行如下命令,并根据情况输入信息。输入信息类似如下:
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BJ
Locality Name (eg, city) []:Bei Jing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Extmail
Organizational Unit Name (eg, section) []:extmail
Common Name (eg, YOUR name) []:extmail.org
Email Address []:sunwindrain@sohu.com
命令如下:
openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650 -config openssl.cnf
Enter PEM pass phrase:great
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BJ
Locality Name (eg, city) []:Bei Jing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Extmail
Organizational Unit Name (eg, section) []:extmail
Common Name (eg, YOUR name) []:extmail.org
Email Address []:sunwindrain@sohu.com
openssl req -nodes -new -x509 -keyout mykey.pem -out myreq.pem -days 3650 -config openssl.cnf
openssl x509 -x509toreq -in myreq.pem -signkey mykey.pem -out tmp.pem
openssl ca -config openssl.cnf -policy policy_anything -out mycert.pem -infiles tmp.pem
rm tmp.pem
cp cacert.pem /usr/local/etc/postfix/certs/
cp mycert.pem /usr/local/etc/postfix/certs/
cp mykey.pem /usr/local/etc/postfix/certs/
cd /usr/local/etc/postfix/certs/
chown root:wheel cacert.pem mycert.pem
chown root:postfix mykey.pem
chmod 755 cacert.pem
chmod 644 mycert.pem
chmod 440 mykey.pem
ln -s cacert.pem `openssl x509 -noout -hash < cacert.pem `.0
配置postfix支持TLS
/usr/local/sbin/postconf -e 'smtpd_use_tls=yes'
/usr/local/sbin/postconf -e 'smtpd_tls_auth_only=no'
/usr/local/sbin/postconf -e 'smtp_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem'
/usr/local/sbin/postconf -e 'smtp_tls_cert_file = /usr/local/etc/postfix/certs/mycert.pem'
/usr/local/sbin/postconf -e 'smtp_tls_key_file = /usr/local/etc/postfix/certs/mykey.pem'
/usr/local/sbin/postconf -e 'smtpd_tls_CAfile=/usr/local/etc/postfix/certs/cacert.pem'
/usr/local/sbin/postconf -e 'smtpd_tls_cert_file=/usr/local/etc/postfix/certs/mycert.pem'
/usr/local/sbin/postconf -e 'smtpd_tls_key_file=/usr/local/etc/postfix/certs/mykey.pem'
/usr/local/sbin/postconf -e 'mtpd_tls_received_header=yes'
/usr/local/sbin/postconf -e 'smtpd_tls_loglevel=3'
/usr/local/sbin/postconf -e 'mtpd_starttls_timeout=60s'
/usr/local/etc/postfix/master.cf
配置master.cf,添加如下信息
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
Maildrop的安装和配置-MDA
MDA-邮件分发代理。他从MTA那儿拿到信,然后存入您的邮箱里面。MDA在投递邮件到您的目录里面时,会先对邮件进行一些过滤,过滤规则会根据您的配置文件来进行。1,进行全局过滤设置,读取/etc/maildroprc(Linux)或者/usr/local/etc/maildroprc(BSD),根据配置该配置文件执行相应的操作,影响到所有用户;2,根据每个用户的配置进行过滤,读取$HOME/.mailfilter,根据每个用户的设置进行相应的操作,仅影响单个用户。基于这样的特点,WEBMAIL通过编辑$HOME/.mailfilter可以实现一些特色化的东西,比如:黑白名单、SPAM自动转入垃圾邮件夹、SMS提醒等等。
安装maildrop
cd /usr/ports/mail/maildrop/ && make WITH_AUTHLIB=yes install clean
安装时选择mysql
修改/usr/local/etc/postfix/master.cf
修改master.cf的maildrop,类似修改为:
#maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
maildrop unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/local/bin/maildrop -w 90 -d ${recipient}
/usr/local/etc/postfix/main.cf
修改main.cf
/usr/local/sbin/postconf -e 'virtual_transport=maildrop:'
/usr/local/sbin/postconf -e 'maildrop_destination_concurrency_limit=1'
/usr/local/sbin/postconf -e 'maildrop_destination_recipient_limit=1'
编辑文件/usr/local/etc/maildroprc
确保是如下内容:
logfile "/home/domains/maildrop.log"
#logfile "/var/log/maildrop.log"
TEST="/bin/test -f"
# Check for custom user .mailfilter file
#
CUSTOM_FILTER="$HOME/.mailfilter"
`$TEST $CUSTOM_FILTER && exit 1 || exit 0`
if ( $RETURNCODE == 0 )
{
to "$HOME/Maildir"
}
ExtMan的安装
由于在安装过程中要使用ExtMan里面带的文件,因此在此先安装ExtMan。安装时根据个人需要选择MySQL或者mysql支持。
cd /usr/ports/mail/extman/ && make install clean
安装时选择mysql
配置ExtMan
ExtMan是一个基于Web的邮件帐号管理系统。可以通过他来管理邮件帐号、管理员帐号和域名等,默认的超级用户是 root@extmail.org,密码是extmail*123* ExtMan还集成了mailgraph,可以ExtMan内看到整个邮件系统的相关状态流量图。使用ExtMan来管理您的邮件系统将使工作变得更加轻松。之前我们已经安装了ExtMan,在此直接配置webman.cf即可。
配置extman
编辑/usr/local/www/extman/webman.cf,修改对应的参数如下
SYS_CONFIG = /usr/local/www/extman/
SYS_LANGDIR = /usr/local/www/extman/lang
SYS_TEMPLDIR = /usr/local/www/extman/html
SYS_MAILDIR_BASE = /home/domains
SYS_SESS_DIR = /var/tmp/extman/
SYS_PSIZE = 50
SYS_LANG = zh_CN
SYS_GROUPMAIL_SENDER = postmaster@extmail.org
SYS_DEFAULT_MAXQUOTA = 10000
SYS_DEFAULT_MAXALIAS = 10000
SYS_DEFAULT_MAXUSERS = 1000
SYS_DEFAULT_MAXNDQUOTA = 100
SYS_BACKEND_TYPE = mysql
# if mysql, all relate paramters should prefix as SYS_MYSQL
SYS_MYSQL_USER = webman
SYS_MYSQL_PASS = webman
SYS_MYSQL_DB = extmail
SYS_MYSQL_HOST = localhost
SYS_MYSQL_SOCKET = /tmp/mysql.sock
#请确认mysql的sock文件是否在此目录,我进行过修改
# table name
SYS_MYSQL_TABLE = manager
SYS_MYSQL_ATTR_USERNAME = username
SYS_MYSQL_ATTR_PASSWD = password
# comment it if you only want to save crypted password
# we highly recommend that you disable the following line :)
# SYS_MYSQL_ATTR_CLEARPW = clearpwd
初如化邮件系统数据
进入extman安装目录docs目录,导入msyql数据
cd /usr/local/www/extman/docs
建立邮件系统所需数据库:
/usr/local/bin/mysql -uroot -p <extmail.sql
Enter password:
初始化:
/usr/local/bin/mysql -uroot -p < init.sql
Enter password:
生成默认后台管理帐号:root@extmail.org 密码:extmail*123*
生成默认的邮件帐号:postmaster@extmail.org 密码:extmail
如果想改为自己想要的帐号,请修改init.sql脚本。
给postmanager@extmail.org用户创建路径:
mkdir -p /home/domains/extmail.org/postmaster/Maildir/new
mkdir -p /home/domains/extmail.org/postmaster/Maildir/cur
mkdir -p /home/domains/extmail.org/postmaster/Maildir/tmp
chown -R vmail:vmail /home/domains/
chmod -R 700 /home/domains/
安装配置Extmail
Extmail 是一个以perl语言编写,面向大容量/ISP级应用,免费的高性能Webmail软件。完整的支持Maildir++, 多字符、多语言支持,支持模版技术、方便的为自己定制界面等等。
安装extmail
安装不需要选择MySQL,mysql,因为在之前已经安装了。
cd /usr/ports/mail/extmail && make install clean
安装不需要选择MySQL
复制一份配置文件
cp /usr/local/www/extmail/webmail.cf.default /usr/local/www/extmail/webmail.cf
编辑/usr/local/www/extmail/webmail.cf,修改对应的参数如下
SYS_CONFIG = /usr/local/www/extmail
SYS_LANGDIR = /usr/local/www/extmail/lang
SYS_TEMPLDIR = /usr/local/www/extmail/html
SYS_SESS_DIR = /var/tmp/extmail/
SYS_LOG_TYPE = file
SYS_USER_LANG = zh_CN
SYS_USER_CHARSET = utf-8
SYS_MAILDIR_BASE = /home/domains
# if mysql, all relate parameters should prefix as SYS_MYSQL
SYS_MYSQL_BASE = dc=heightwl.com
SYS_MYSQL_RDN = cn=Manager,dc=heightwl.com
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
SYS_MYSQL_DB = extmail
SYS_MYSQL_HOST = localhost
SYS_MYSQL_SOCKET = /tmp/mysql.sock
# table name
SYS_MYSQL_TABLE = mailbox
SYS_MYSQL_ATTR_USERNAME = username
SYS_MYSQL_ATTR_DOMAIN = domain
SYS_MYSQL_ATTR_PASSWD = password
# sys_mysql_attr_clearpw - attribute to save clear password, useful for
# postmaster withdraw the original passwd if the end user forgot, but
# we highly recommend that you don';t enable it for security reason
SYS_MYSQL_ATTR_CLEARPW = clearpwd
SYS_MYSQL_ATTR_QUOTA = quota
SYS_MYSQL_ATTR_NDQUOTA = netdiskquota
SYS_MYSQL_ATTR_HOME = homedir
SYS_MYSQL_ATTR_MAILDIR = maildir
# service enable/disable attributes
# comment them out if you don't want their function
SYS_MYSQL_ATTR_DISABLEWEBMAIL = disablewebmail
SYS_MYSQL_ATTR_DISABLENETDISK = disablenetdisk
SYS_MYSQL_ATTR_DISABLEPWDCHANGE = disablepwdchange
SYS_MYSQL_ATTR_ACTIVE = active
执行如下命令
mkdir /var/tmp/extmail
chown vmail:vmail /var/tmp/extmail/
chmod 777 /var/tmp/extmail
touch /var/log/extmail.log
chown vmail:vmail /var/log/extmail.log
chown -R vmail:vmail /usr/local/www/extmail/
其他设置
执行如下命令
mkdir /var/lib
mkdir /var/tmp/extman/
chown –R vmail:vmail /var/tmp/extman/
chmod 777 /var/tmp/extman/
chmod 755 /usr/local/www/extman/webman.cf
unlink /usr/local/www/extman/libs/HTML/KTemplate.pm
cp /usr/local/www/extmail/libs/HTML/KTemplate.pm /usr/local/www/extman/libs/HTML/
配置Apache
配置/etc/rc.conf
添加如下一行
apache2_enable="YES"
修改apache的配置文件/usr/local/etc/apache2/httpd.conf,使apache运行时的权限为vmail:vmail
User vmail
Group vmail
虚拟主机配置
编辑/usr/local/etc/apache2/Includes/extmail.conf
NameVirtualHost *:80
<VirtualHost *:80>
ServerName mail.extmail.org
DocumentRoot /usr/local/www/extmail/html/
ScriptAlias /extmail/cgi /usr/local/www/extmail/cgi/
Alias /extmail /usr/local/www/extmail/html/
ScriptAlias /extman/cgi "/usr/local/www/extman/cgi/"
Alias /extman "/usr/local/www/extman/html/"
<Location "/extman/cgi">
SetHandler cgi-script
Options +ExecCGI
AllowOverride All
</Location>
<Directory "/usr/local/www">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
配置支持https
复制一份证书到apache的目录
mkdir /usr/local/etc/apache2/certs/
cp /usr/local/etc/postfix/certs/*.pem /usr/local/etc/apache2/certs/
编辑文件/usr/local/etc/apache2/Includes/extmail-ssl.conf,内容如下
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/run/ssl_scache(512000)
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/ssl_mutex
<VirtualHost _default_:443>
DocumentRoot "/usr/local/www/extmail/html"
ServerName mail.extmail.org:443
ScriptAlias /extmail/cgi /usr/local/www/extmail/cgi/
Alias /extmail /usr/local/www/extmail/html/
ScriptAlias /extman/cgi "/usr/local/www/extman/cgi/"
Alias /extman "/usr/local/www/extman/html/"
ServerAdmin sunwindrain@sohu.com
ErrorLog /var/log/httpd-error.log
TransferLog /var/log/httpd-access.log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
#SSLCertificateFile /usr/local/etc/apache2/server.crt
#SSLCertificateKeyFile /usr/local/etc/apache2/server.key
SSLCertificateFile /usr/local/etc/apache2/certs/mycert.pem
SSLCertificateKeyFile /usr/local/etc/apache2/certs/mykey.pem
<FilesMatch "/.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/www/apache2/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" /
nokeepalive ssl-unclean-shutdown /
downgrade-1.0 force-response-1.0
CustomLog /var/log/httpd-ssl_request.log /
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x /"%r/" %b"
#SuexecUserGroup vmail vmail
</VirtualHost>
重起一下apache
/usr/local/etc/rc.d/apache2 restart
配置图形日志
安装依赖软件
cd /usr/ports/databases/rrdtool && make install clean
cd /usr/ports/devel/p5-File-Tail && make install clean
cd /usr/ports/devel/p5-Time-HiRes && make install clean
安装mailgraph_ext
cp -Rfp /usr/local/www/extman/addon/mailgraph_ext/ /usr/local/mailgraph_ext
/usr/local/mailgraph_ext/mailgraph-init start
/usr/local/mailgraph_ext/qmonitor-init start
4. 测试邮件系统
到目前为止,一个基本的邮件系统已经安装完成,他支持了smtp,pop3,imap,webmail。并且支持对应的SSL加密smtps,pop3s,imaps,https。
测试pop3
telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.
Escape character is ';^]'
+OK Hello there.
user postmaster@extmail.org
+OK Password required.
pass test
+OK logged in.
list
+OK POP3 clients that break here, they violate STD53.
.
quit
+OK Bye-bye.
Connection closed by foreign host.
测试smtp认证
通过以下命令获得postmaster@extmail.org的用户名及密码的BASE64编码:
perl -e 'use MIME::Base64; print encode_base64("postmaster/@extmail.org")'
cG9zdG1hc3RlckBleHRtYWlsLm9yZw==
perl -e 'use MIME::Base64; print encode_base64("extmail")'
ZXh0bWFpbA==
然后本机测试,其过程如下
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'
220 mail.extmail.org ESMTP Postfix - by extmail.org
ehlo demo.domain.tld
250-mail.extmail.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
cG9zdG1hc3RlckBleHRtYWlsLm9yZw==
334 UGFzc3dvcmQ6
ZXh0bWFpbA==
235 2.0.0 Authentication successful
quit
221 2.0.0 Bye
最后出现235 Authentication Successful 表明认证成功了。
测试smtps
mail# telnet localhost 25
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.localhostadmin.
Escape character is '^]'
220 mail.extmail.org ESMTP Postfix
ehlo localhost
250-mail.extmail.org
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
STARTTLS
220 2.0.0 Ready to start TLS
^]
telnet> q
Connection closed.
测试pop3s/imaps
telnet连接本机的993,995端口出现如下提示:
telnet localhost 993
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.localhostadmin.
Escape character is '^]'
^]
telnet> q
Connection closed.
telnet localhost 995
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.localhostadmin.
Escape character is '^]'
^]
telnet> q
Connection closed.
也可以在OutLook中如下设置进行测试
测试webmail/extman
你能通过如下链接登陆webmail
http://mail.extmail.org
https://mail.extmail.org
http://mail.extmail.org/extman
https://mail.extmail.org/extman
5. 问题及解决
只使用pop3
如果你的邮件服务器只打算使用pop3功能不打算使用更多,你可以如下这么做:修改/etc/rc.conf,注释掉pop3s,imap,imaps对应的启动选项
courier_imap_pop3d_enable="YES"
#courier_imap_imapd_enable="YES"
#courier_imap_pop3d_ssl_enable="YES"
#courier_imap_imapd_ssl_enable="YES"
然后停止正在运行中的pop3s,imap,imaps进程
/usr/local/etc/rc.d/courier-imap-imapd-ssl.sh forcestop
/usr/local/etc/rc.d/courier-imap-imapd.sh forcestop
/usr/local/etc/rc.d/courier-imap-pop3d-ssl.sh forcestop
/usr/local/etc/rc.d/courier-imap-imapd-ssl forcestop
/usr/local/etc/rc.d/courier-imap-imapd forcestop
/usr/local/etc/rc.d/courier-imap-pop3d-ssl forcestop
只使用smtp
修改/usr/local/etc/postfix/master.cf,注释掉对应的smtps选项
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
然后重新加载以下postfix
postfix reload
只使用https
有时候为了安全,我们可能只能使用https,那么在用户连http://mail.extmail.org的时候,就要自动重定向到https://mail.extmail.org 做起来很简单,修改我们虚拟主机配置文件(extmail.conf),在虚拟主机配置内添加如下一条指令即可
Redirect / https://mail.extmail.org/
注意:一定不能添加到ssl的配置文件中,也就是extmail-ssl.conf中,这样会造成重定向的循环。
postfix日常维护
启动postfix
postfix start 开始 postfix
postfix stop 停止 postfix
postfix reload 重新读取postfix配置文件
postfix flush 立即投递队列中所有邮件(慎用)
postqueue -p 查看队列邮件
mailq
postqueue -p |tail
postsuper -d queue_id 删掉邮件队列
postcat 查看队列里邮件内容
postsuper -d ALL hold/deffered... 删除某个队列里所有邮件
修复队列以及任何权限错误
postfix check
查看邮件系统日志
tail -f /var/log/maillog
天气信息关闭方法
编辑extmail/html/plugins/rpc_init.js引用:
rpc_url_list = [
//"http://rpc-srv01.extmail.net/phprpc/rpc.php",
//"http://rpc-srv02.extmail.net/phprpc/rpc.php",
//"http://rpc-srv03.extmail.net/phprpc/rpc.php",
];
rpc_plg_list = [
//"coolweather",
//"etnews",
];按上述的方法注释掉rpc服务器列表和插件列表,就可以全部关闭了。
extman后台不能登录
extman登录时验证码要求把时间对准,如果不能登录,尝试关闭用验证码校验登录。修改extman配置文件webman.cf:
SYS_CAPTCHA_ON = 0 请注意最好关闭浏览器重新打开再登录。
extmail收编码是gb2312的邮件乱码
extmail1.0.4收编码是gb2312的邮件乱码,选择编码为gb2312也不起作用,主要是由于perl的Text::Iconv模块造成的,尤其bsd平台上。把ext:Iconv模块删除问题就解决了。
附从网上找到的perl删除模块脚本:
#!/usr/local/bin/perl –w
use ExtUtils::Packlist;
use ExtUtils::Installed;
$ARGV[0] or die "Usage: $0 Module::Name/n";
my $mod = $ARGV[0];
my $inst = ExtUtils::Installed->new();
foreach my $item (sort($inst->files($mod))) {
print "removing $item/n";
unlink $item;
}
my $packfile = $inst->packlist($mod)->packlist_file();
print "removing $packfile/n";
unlink $packfile;
--未完待续--
在这里感谢extmail论坛老大hzqbbc对编码问题的回复,感谢网友Fedora8()对postfix问题的解答。
开源、云原生的融合云平台
更多推荐
0
0- 0
已为社区贡献1条内容
所有评论(0)