对于本系统的postfix服务器,是基于mysql的虚拟用户,以及防病毒防垃圾邮件处理。
myql是数据库服务,在postfix里面提供主要的任务就是用来保户邮件帐户与密码
mysql服务器是采用源码的方式进行安装。
对于如何利用php支持apache不在本文档的范围之内,请自行查询相关手册
postfixadmin是通过web方式管理postfix的一种解决方案,我们主要是把postfixadmin的数据库导入到mysql数据库里,之后通过web的方式来管理。
安装postfix主程序,安装到这一步骤的时候必须要把域名配置完毕。
/usr/ports/security/cyrus-sasl2
因为前面在装postfix的时候己经装了所以,在这里要删掉重新安装
Step1:
导入与配置postfixadmin的数据库
Step2:
配置postfix
############################################################################################
vi main.cf #以下的为更改部份,有些参数请参照postfix手册自行设备请不要照搬照抄
myhostname = lnyk.2288.org
mydomain = lnyk.2288.org #此参数请自行设置,因为本人用的是动态域名所以这样设置
mydestination = localhost
mynetworks = 127.0.0.0/8, /usr/local/etc/postfix/mynetworks #设置为本地网络与本主机地址可以转发邮件
relay_domains = $mydestination #可以转发的域为mydestination的这个变量也就是loclahost.
alias_maps = hash:/etc/aliases #设置这个参数的主要功能是以后把发往root的邮件都转发到postmaster这个邮? 恼驶Ю铩?
recipient_delimiter = +
home_mailbox = Maildir/ #采用的是Maildir方式储存邮件帐户
smtpd_banner = $myhostname ESMTP
local_destination_concurrency_limit = 5
default_destination_concurrency_limit = 50
###########Virtual User##############
virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:125
virtual_mailbox_base = /usr/local/mail/virtual //邮件存放的位置
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf //读取数据库虚拟域
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 125
virtual_transport = virtual
virtual_uid _maps = static:125
# Additional for quota support
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota,please try again later.
virtual_overquota_bounce = yes
########use MySQL also to store your Backup MX domains add###########
#relay_domains = proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf
############################################################################################
touch mynetworks
vi mysql_virtual_alias_maps.cf
user = postfix
passw ord = postfix
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
query = SELECT goto FROM alias WHERE address='%s'
vi mysql_virtual_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = domain
select_field = description
where_field = domain
query = SELECT description FROM domain WHERE domain='%s'
vi mysql_virtual_mailbox_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
query = SELECT maildir FROM mailbox&n bsp;WHERE username='%s'
vi mysql_virtual_mailbox_limit_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = quota
where_field = username
query = SELECT quota FROM mailbox WHERE username='%s'
vi mysql_relay_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = domain
select_field = domain
where_field = domain
additional_conditions = and backupmx = '1'
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '1'
Step3:
配置SASL2的认证
需要配置main.cf
#####################################
配置smtpd.conf认证方式
echo 'courier_authdaemond_enable="YES"' >> /etc/rc.conf
***注意这个权限的设置***
www# ls -la /var/run/authdaemond/
total 6
drw-r----- 2 courier courier 512 7 4 11:41 .
drwxr-xr-x 5 root wheel 512 7 4 11:41 ..
-rw-r--r-- 1 root courier 5 7 4 11:41 pid
-rw------- 1 root courier 0 7 4 11:41 pid.lock
srwxrwxrwx 1 root courier 0 7 4 11:41 socket
www# chmod +x /var/run/authdaemond
www# ls -la /var/run/authdaemond/
total 6
drwxr-x--x 2 courier courier 512 7&nb sp;4 11:41 .
drwxr-xr-x 5 root wheel 512 7 4 11:41 ..
-rw-r--r-- 1 root courier 5 7 4 11:41 pid
-rw------- 1 root courier 0 7 4 11:41 pid.lock
srwxrwxrwx 1 root courier 0 7 4 11:41 socket
Step4:
配置authmysqlrc
***注意在配置这个文件时不要有空格,用TAB来代替空格***
Step5:
做最后的调整
vi /etc/aliases
postmaster: root
root: postmaster@lnyk.2288.org
www# newaliases
www# cp /etc/mail/aliases.db /etc/
启动所有进程进行测试
www# telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 lnyk.2288.org ESMTP
EHLO lnyk.2288.org
250-lnyk.2288.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
##################TLS 认证支持SUPPORT####################
www# mkdir /usr/local/etc/postfix/ssl
www# cd /usr/local/etc/postfix/ssl/
############################################################################################
www# cp /usr/src/crypto/openssl/apps/CA.pl .
www# perl CA.pl -newca
A certificate filename (or enter to create)
Making CA certificate ...
Generating a 1024 bit RSA private key
.......................++++++
....................................................++++++
writing new private key to './demoCA/private/cakey.pem'
Enter PEM pass phrase: "密码"
Verifying - Enter PEM pass phrase: "确认密码"
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about&n bsp;to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:LN
Locality Name (eg, city) []:YingKou
Organization Name (eg, company) [Internet Widgits Pty Ltd]:postfix mail
Organizational Unit Name (eg, section) []:postfix mail
Common Name (eg, YOUR name) []:dyd
Email Address []:webmaster@lnyk.2288.org
www# ls
CA .pl demoCA
www# openssl req -new -nodes -keyout mailkey.pem \
? -out mailreq.pem -days 365
Generating a 1024 bit RSA private key
..........................++++++
....++++++
writing new private key to 'mailkey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field wi ll be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:LN
Locality Name (eg, city) []:YingKou
Organization Name (eg, company) [Internet Widgits Pty Ltd]:postfix mail
Organizational Unit Name (eg, section) []:postfix mail
Common Name (eg, YOUR name) []:dyd
Email Address []:webmaster@lnyk.2288.org
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: "密码不用"
An optional company name []:
www# openssl ca -out mail_signed_cert.pem -infil es mailreq.pem
Using configuration from /etc/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem: ?"密码"
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number:
ea:92:3c:86:ec:a4:11:7f
Validity
Not Before: Jul 12 10:55:26 2005 GMT
Not After : Jul 12 10:55:26 2006 GMT
Subject:
countryName = CN
stateOrProvinceName ; = LN
organizationName = postfix mail
organizationalUnitName = postfix mail
commonName = dyd
emailAddress = webmaster@lnyk.2288.org
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
F5:6B:65:2F:E3:7E:A2:00:60:40:FD:A1:B1:20:2E:01:71:15:1F:E5
X509v3 Authority Key Identifier:
keyid:AE:1C:40:AA:96:D6:1A:D5:5A:6B:21:9C:E0:22:ED:25:DC:E7:18:3F
DirName:/C=CN/ST=LN/L=YingKou/O=postfix mail/OU=postfix mail/CN=dyd/emailAddress=webmaster@lnyk.2288.org
serial:EA:92:3C:86:EC:A4:11:7E
Certificate is to be certified until Jul 12 10:55:26 2006 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
###########################################################################################
##生成pop3d.pem密钥
www# cd /usr/local/share/courier-imap
www# openssl req -new -x509 -days 365 -nodes -out /usr/local/share/courier-imap/pop3d.pem -keyout /usr/local/share/courier-imap/pop3d.pem
Generating a 1024 bit RSA private key
....++++++
..................................++++++
writing new private key to '/usr/local/share/courier-imap/pop3d.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is&n bsp;called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:LN
Locality Name (eg, city) []:YingKou
Organization Name (eg, company) [Internet Widgits Pty Ltd]:postfix mail
Organizational Unit Name (eg, section) []:postfix mail
Common Name (eg, YOUR name) []:dyd
Email Address []:webmaster@lnyk.2288.org
www# ls
mkimapdcert mkpop3dcert & nbsp; pop3d.pem
//在用TLS接收邮件成功后会在日志里面看到Oct 21 19:48:46 www pop3d-ssl: LOGIN, user=webmaster@lnyk.2288.org,
www# vi /usr/local/etc/postfix/main.cf
###########postfix TLS##############
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_note_starttls_offer = yes
smtpd_tls_key_file = /usr/local/etc/postfix/ssl/mailkey.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/ssl/mail_signed_cert.pem
smtpd_tls_CAfile = /usr/local/etc/postfix/ssl/demoCA/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
//下面的这个示意图只是kaspersky检查邮件时的示意图
------------------------------------------------
│SMTPGW &n bsp; │
│ Receiver Sender │
│ │ /\ │
│ \│/ /│\ │mail==>
mail==> │ \/ & nbsp; │ │
│ -------------------------------- │
│ │ Scanning Module │ │
│ -------------------------------- │
│ │ /\ │ /\ &nbs p; │
│ \│//│\ \│//│\ │
│ \/ │ \/ │ │
│ Spamtest filter AVE module │
│ &nbs p; │
------------------------------------------------
www# pkg_add scmsmtpgw-freebsd5.x-5.5.83.tgz
//以下可以跟具自己的需要进行设置
Configuring settings of Kaspersky Security SMTP-Gateway for
Linux/Unix.
Enter your fully qualified host name (to identify smtp-gateway
on the network): [www.dyd.com]:
lnyk.2288.org
Enter your fully qualified domain name (to identify relaying
rules and addressess of postmaster, admin and mail-daemon):
[www.dyd.com]:
lnyk.2288.org
Enter your listen interface in the following format x.x.x.x: z:
[0.0.0.0:25]:
Enter your subnet in the following format x.x.x.x or
x.x.x.x/x.x.x.x or x.x.x.x/y (to identify subnet that will mail
through smtp-gateway): [192.168.0.0/255.255.0.0]:
Enter your forward mail host in the following format x.x.x.x:z
(if you are not going to forward mail just press enter):
Installing license files.
License file (a file with .key extension) is your personal
license key. You need to install it to use the application.
To install it right now, just enter the path to the location of
your license file (enter an empty string to continue without key
file installation):
/usr/local/src/distfiles/
The license file /usr/local/src/distfiles/000AEA9B.KEY has been
installed.
Configuring KeepUp2Date proxy settings.
If you use an http proxy server to access the Internet, you need
to tell the Kaspersky Security SMTP-Gateway for Linux/Unix
KeepUp2Date component about it. Please enter the address of your
http proxy server in one of the following forms,
http://proxyIP:port or http://user:pass@proxyIP:port. If you
don't have or need a proxy server to access the Internet, enter
'no' here:
Latest ;anti-virus bases are an essential part of your anti-virus
protection. Do you want to download the latest anti-virus bases
right now to insure your application is up to date? (If you
answer 'yes', make sure you are connected to the Internet):
[yes]:
Kaspersky KeepUp2Date 5.5.83/BETA build #83
Copyright (C) Kaspersky Lab, 1997-2005.
Portions Copyright (C) Lan Crypto
Configuration file: /etc/kav/5.5/scm-smtpgw/smtpgw.conf
Getting product configuration
Getting updater configuration
Checking product license keys
Initializing
Trying to update from 'http://downloads2.kaspersky-labs.com'
Copying update ;description file
Downloading remote file master.xml
Checking update description file integrity
Parsing update description file
Downloading remote file soft.xml
Downloading remote file kasset.xml
Downloading remote file kavset.xml
Downloading remote file kas20.xml
Copying files
Downloading remote file soft.xml
Downloading remote file kasset.xml
Downloading remote file kavset.xml
Downloading remote file updcfg.xml
Downloading remote file black.lst
Checking license keys
Downloading remote file kas20.xml
Downloading remote file avcmhk4.dll
Downloading remote file avp.klb
Downloading remote file avp.set
Downloading remote file av p.vnd
Downloading remote file avp_ext.set
Downloading remote file avp_x.set
Downloading remote file black.lst
Checking license keys
Downloading remote file ca.avc
.............
//更新病毒代码库
//修改postfix只为relay的方式
vi /etc/main.cf
relayhost = [192.168.1.100]1025 //192.168.1.100与1025端口为kaspersky的地址与端口
//***注意***不要把这台postfix做为邮件的收发服务器,只是单纯的做为转发网关即可,还要有认证的支持,否则这台邮件服务器不会先做为网关只是直接收发或转发。
//重新启动postfix进程
www# /usr/local/etc/rc.d/postfix.sh reload
//配置Kaspersky Security SMTP-Gateway
www# vi /etc/kav/5.5/scm-smtpgw/smtpgw.conf
Hostname=lnyk.2288.org
Postmaster=postmaster@lnyk.2288.org
ProtectedDomains=lnyk.2288.org
[smtpgw.access]
RelayRule=allow fro m 192.168.1.0/255.255.255.0 to *
RelayRule=allow from any to *@lnyk.2288.org
RelayRule=deny from any to *
[smtpgw.forward]
ForwardRoute=any [localhost:25] <=postfix MTA端口
//***注意***此处不要照搬照抄,这个地址与端口是forward的postfix地址.
//启动Kaspersky Security SMTP-Gateway
www# /usr/local/etc/rc.d/scm-smtpgw.sh start
Starting spamtest licenser...
spamtest licenser was started
Starting spamtest filter...
spamtest filter was started
Starting smtpgw...
smtpgw was started
scm-smtpgw was started
//利用outlook发送一封邮件来测试
Oct 26 14:31:23 www smtpgw[2296]: jEV9GOLm15518: AV-SCANNED, group="policy", nrcpt=1, srcid=jEV9GOLm15518, status="infected", names="Troja n-Dropper.Win32.Agent.hx"
//通过测试可以得知道己经检查出病毒
自由广告区 |
分类导航 |
邮件新闻资讯: IT业界 | 邮件服务器 | 邮件趣闻 | 移动电邮 电子邮箱 | 反垃圾邮件|邮件客户端|网络安全 行业数据 | 邮件人物 | 网站公告 | 行业法规 网络技术: 邮件原理 | 网络协议 | 网络管理 | 传输介质 线路接入 | 路由接口 | 邮件存储 | 华为3Com CISCO技术 | 网络与服务器硬件 操作系统: Windows 9X | Linux&Uinx | Windows NT Windows Vista | FreeBSD | 其它操作系统 邮件服务器: 程序与开发 | Exchange | Qmail | Postfix Sendmail | MDaemon | Domino | Foxmail KerioMail | JavaMail | Winwebmail |James Merak&VisNetic | CMailServer | WinMail 金笛邮件系统 | 其它 | 反垃圾邮件: 综述| 客户端反垃圾邮件|服务器端反垃圾邮件 邮件客户端软件: Outlook | Foxmail | DreamMail| KooMail The bat | 雷鸟 | Eudora |Becky! |Pegasus IncrediMail |其它 电子邮箱: 个人邮箱 | 企业邮箱 |Gmail 移动电子邮件:服务器 | 客户端 | 技术前沿 邮件网络安全: 软件漏洞 | 安全知识 | 病毒公告 |防火墙 攻防技术 | 病毒查杀| ISA | 数字签名 邮件营销: Email营销 | 网络营销 | 营销技巧 |营销案例 邮件人才:招聘 | 职场 | 培训 | 指南 | 职场 解决方案: 邮件系统|反垃圾邮件 |安全 |移动电邮 |招标 产品评测: 邮件系统 |反垃圾邮件 |邮箱 |安全 |客户端 |