企业级的邮件服务器-CentOS + Postfix + MailScanner
A step by step guide for building an enterprise class Email server。 :)
支援POP3, POP3s, IMAP, IMAPs。欢迎大家多多指教~
运行OS:CentOS 4.4(RedHat Enterprise Linux Advance Server)下载 Server版ISO(1 CD), 全部套件版ISO(1 DVD) - 套件配置:使用Postfix for SMTP,dovecot for POP3,MailScanner + Spamassasin + ClamAV做广告与病毒扫描。
- 前置安装
yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain
- 然后安装postfix, dovecot
yum install postfix dovecot
- 输入以下指令
postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
postconf -e 'mynetworks = 10.1.1.0/24'- 编辑/usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login - 输入以下指令
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 - 要求输入Enter pass phrase for smtpd.key
- 请自行输入一组pass phrase
- 执行以下指令
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt - 继续输入
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 - 要求输入Enter pass phrase for smtpd.key
- 输入pass phrase
- 输入指令
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom' - dovecot预设只有IMAP IMAPS,现在要开启POP3 POP3s
vi /etc/dovecot.conf
- 找到以下段落。
[...]
# Base directory where to store runtime data.
#base_dir = /var/run/dovecot/
# Protocols we want to be serving:
# imap imaps pop3 pop3s
protocols = imap imaps pop3 pop3s
# IP or host address where to listen in for connections. It's not currently
# possible to specify multiple addresses. "*" listens in all IPv4 interfaces.
[...] - 关闭sendmail,开启postfix, saslauthd, dovecot
chkconfig --levels 235 sendmail off
chkconfig --levels 235 postfix on
chkconfig --levels 235 saslauthd on
chkconfig --levels 235 dovecot on
/etc/init.d/sendmail stop
/etc/init.d/postfix start
/etc/init.d/saslauthd start
/etc/init.d/dovecot start - 如果有问题,可以使用postconf检视postfix的参数
- 最后用telnet 0 25检查,在telnet之内输入以下命令
ehlo localhost
- 应该要看到echo回来以下几行
250-STARTTLS
250-AUTH - 在我的伺服器上,echo回来的有
250-ha1
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250 8BITMIME - 准备Mailscanner + clamav + spamassassin
- 先安装rpm-build
yum install rpm-build
- 下载Mailscanner rpm档案,官方网站http://www.mailscanner.info/。
具体下载目录在 /pub/CentOS/2011/07/Mailscanner/
- 解压缩,安装
tar zxvf MailScanner-4.56.8-1.rpm.tar.gz
cd MailScanner-4.56.8-1
./install.sh - 根据传回的讯息作准备
Good, you appear to only have 1 copy of Perl installed.
I think you are running on RedHat Linux, Mandrake Linux or SUSE Linux.
You must have the following RPM packages installed before
you try and do anything else:
binutils glibc-devel gcc make
You are missing at least 1 of these.
Please install them all
(Read the manuals if you do not know how to do this).
Then come back and run this install.sh script again. - 看得出来,缺少 binutils, glibc-devel, gcc,make. 安装
yum install glibc-devel
yum install gcc - 再跑一次./install.sh(没意外的话就会把所有相关的src.rpm都编译同时安装...要花一段时间)
- 装完之后的讯息
To activate MailScanner run the following commands:
service sendmail stop
chkconfig sendmail off
chkconfig --level 2345 MailScanner on
service MailScanner start
For technical support, please read the MAQ at www.mailscanner.biz/maq/
and buy the book at www.mailscanner.info/store
----------------------------------------------------------
Please buy the MailScanner book from www.mailscanner.info!
It is a very useful administration guide and introduction
to MailScanner. All the proceeds go directly to making
MailScanner a better supported package than it is today. - 要注意的,MailScanner预设去扫描sendmail,所以要改成postfix(当然没有再使用的sendmail也是要关掉)
service postfix stop
chkconfig postfix off
chkconfig --level 2345 MailScanner on
service MailScanner start - 编辑MailScanner设定档案,参考文章:壹、贰。
vi /etc/MailScanner/MailScanner.conf
- 简单的解说
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Max Children = 5
设定 MailScanner 启动时, 最多产生几个子程序 (processing)
预设值 = 5 (主记忆体只有 64MB 时, 建议设定为 1)
Virus Scanning = yes
开启病毒扫瞄功能
预设值 = yes
Virus Scanners = clamav
指定病毒扫瞄套件
可一次指定多个扫毒套件, 以空白字元分隔即可
预设值 = none
Use SpamAssassin = yes
设定是否使用 SpamAssassin 套件来侦测广告信件
必须先安装 SpamAssassin 套件才可正常使用
预设值 = no - 后续设定
chown postfix.postfix /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/quarantine - 编辑postfix设定档。
- /etc/postfix/main.cf
+ header_checks = regexp:/etc/postfix/header_checks
- 编辑/etc/postfix/header_checks
+ /^Received:/ HOLD
- The effect of this is to tell Postfix to move all messages to the HOLD queue.
相关推荐
happyfreeangel 2020-06-18
fcds00 2020-05-31
就是那个胖子 2020-03-28
nanbiebao 2020-03-06
suosuo 2020-02-20
tianchaoshangguo 2019-12-20
huangzonggui 2019-12-14
fcds00 2019-12-05
chenzelin 2019-11-21
codemanship 2019-11-21
futurezone 2011-01-25
gnulinux 2008-07-21
89291041 2019-11-04
kaiwangic 2010-09-14
xianhe0 2008-09-16
尚 2010-05-21
冯冯领队 2019-10-22
小菜鸟 2016-04-29