2006-6-23
作者:Firebat
QQ:7199023
MSN:firebat0@msn.com
本文简单介绍了基于FreeBSD的电子邮件系统的一种实现方法,使用postfix+sasl2+courier-imap+mysql +amavisd+spamd+clamav构建电子邮件系统后台和验证系统,使用apache+php+postfixadmin+squirrelmail构建webmail。整个系统建成后能够提供smtp/pop3/imap/webmail服务,并能够验证smtp登陆,过滤垃圾邮件和扫描邮件中的病毒。本文所介绍的方法在FreeBSD 5.4和FreeBSD 6.1下均能正常操作。
0、更新ports
pkg_add –r cvsup
rehash
cvsup –h cvs.freebsdchina.org /usr/share/examples/cvsup/ports-supfile
1、安装软件
①安装cyrus-sasl2
sasl2是smtp验证所需要的软件包,由于postfix安装时采用默认配置,使得sasl不支持courier-authdaemond,因此需要首先用指定的选项进行安装。
cd /usr/ports/security/cyrus-sasl2
make WITH_AUTHDAEMON=yes install clean
②安装expect
cd /usr/ports/lang/expect
make install clean
③安装postfix,安装时选中[SASL2]、[MySQL]、[VDA],sasl2用于smtp验证,mysql用于存放数据表,vda用于支持虚拟投递。
cd /usr/ports/mail/postfix
make install clean
④安装courier-imap,通过make config加上对mysql的支持。
cd /usr/ports/mail/courier-imap
make config
make install clean
⑤安装clamav
cd /usr/ports/security/clamav
make install clean
⑥安装amavisd,安装过程中会自动把spamd也安装上。在make config中加入mysql支持。
cd /usr/ports/security/amavisd-new
make config
make install clean
⑦安装apache。安装完成后编辑httpd.conf将主目录设置为/usr/local/www
cd /usr/ports/www/apache22
make install clean
⑧安装php。更新ports后的php安装方式有所变化,首先在make config需要选中[Apache]以编译apache模块,安装完成后在httpd.conf中修改2处配置:
a、在DirectoryIndex中加入index.php
b、加入AddType application/x-httpd-php .php
cd /usr/ports/lang/php4
make config
make install clean
⑨安装php4-extensions。根据需要选择模块,保证[MYSQL]、[PCRE]、[SESSION]被选中。
cd /usr/ports/lang/php4-extensions
make config
make install clean
⑩安装postfixadmin。安装完成后将网页移动至/usr/www/data/
cd /usr/ports/mail/postfixadmin
make install clean
mv /usr/local/www/postfixadmin /usr/local/www/data/
○11安装squirrelmail
cd /usr/ports/mail/squirrelmail
make install clean
至此,所需软件全部安装完毕,下面将依次进行配置。
2、配置文件
①配置sasl
ee /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path: /var/run/authdaemond/socket
②配置mysql数据库
chmod –R mysql:mysql /var/db/mysql
cd /usr/local/bin/
./mysql_install_db
cd /usr/local/libexec
./mysqld –user=mysql&
cd /usr/local/www/postfixadmin
mysql –uroot –p < DATABASE_MYSQL.TXT
③配置postfix
使用和apache一样的用户来读取邮件目录,因为apache用户为www,id:80,所以要注意/usr/local/etc/postfix/main.cf中的用户id。
mkdir –p /usr/local/virtual
chmod –R www:www /usr/local/virtual
ee /usr/local/etc/postfix/main.cf
在最后添加:
#======= BASE ==============
#myhostname =
#mydomain = example.com
home_mailbox = maildir/
#mydestination = $myhostname
#local_recipient_maps =
#======= MYSQL =============
virtual_gid_maps = static:80
virtual_mailbox_base = /usr/local/virtual
virtual_uid_maps = static:80
virtual_minimum_uid = 80
virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql/virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql/virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql/virtual_mailbox_maps.cf
#======= Quota ============
message_size_limit = 5242880
virtual_mailbox_limit_inbox = no
virtual_mailbox_limit_override = yes
virtual_maildir_extended = yes
virtual_create_maildirsize = yes
virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/mysql/virtual_mailbox_limit_maps.cf
virtual_mailbox_limit = 52428800
#======== SASL ================
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated permit_auth_destination reject
#smtpd_sasl_local_domain = $mydomain
smtpd_client_restrictions = permit_sasl_authenticated
几个配置文件:
cd /usr/local/etc/postfix/
mkdir mysql
cd mysql
1、ee virtual_alias_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
2、ee virtual_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = domain
select_field = description
where_field = domain
3、ee virtual_mailbox_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
4、ee virtual_mailbox_limit_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = quota
where_field = username
④配置courier-authdaemond
cd /usr/local/etc/rc.d
./courier-authdaemond.sh start
chmod o+x /var/run/authdaemond
cd /usr/local/etc/authlib
ee authdaemonrc
修改authmodulelist和authmodulelistorig
authmodulelist="authmysql"
authmodulelistorig="authmysql"
添加
version="authaemond.mysql"
courier-imap
ee authmysqlrc
DEFAULT_DOMAIN example.com
MYSQL_CRYPT_PWFIELD password
MYSQL_DATABASE postfix
MYSQL_GID_FIELD '80'
MYSQL_HOME_FIELD '/usr/local/virtual'
MYSQL_LOGIN_FIELD username
MYSQL_MAILDIR_FIELD maildir
MYSQL_NAME_FIELD name
MYSQL_OPT 0
MYSQL_PASSWORD postfix
#MYSQL_PORT 0
#MYSQL_QUOTA_FIELD quota
MYSQL_SERVER localhost
MYSQL_UID_FIELD '80'
MYSQL_USERNAME postfix
MYSQL_USER_TABLE mailbox
这里用户也修改为80,注意中间不是空格,是TAB键,在Unix系统中,很多都是用TAB键的。也请特别注意其中的引号。
⑤配置amavisd
cd /usr/local/etc/postfix
ee master.cf
在文件最后添加
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_check
ee main.cf
在文件最后添加
#============AMVISD=============
content_filter=smtp-amavis:[127.0.0.1]:10024
⑥配置clamav
ee /usr/local/etc/clamd.conf
取消下列选项前的#号注释
ScanOLE2
ScanMail
ScanHTML
ScanArchive
ScanRAR
⑦配置启动项
ee /etc/rc.conf
添加下列条目
sendmail_enable="NONE"
postfix_enable="YES"
apache22_enable="YES"
mysql_enable="YES"
courier_authdaemond_enable="YES"
courier_imap_imapd_enable="YES"
courier_imap_pop3d_enable="YES"
amavisd_enable="YES"
amavis_milter_enable="YES"
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
spamd_enable="YES"
⑧重起电脑
reboot
⑨配置postfixadmin
cd /usr/local/www/data/postfixadmin
ee config.inc.php
$CONF['default_language'] = 'cn';
$CONF['admin_email'] = 'postmaster@example.com';
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';
通过http://localhost/postfixadmin/setup.php查看是否安装成功。
进入http://localhot/postfixadmin/admin进入管理页面,建立虚拟域和用户。
观察/usr/local/virtual下是否出现对应的域名目录和用户目录
⑩配置squirrelmail
cd /usr/local/www/data/squirrelmail
./configure
选择10. Languages
设置如下
1. Default Language : zh_CN
2. Default Charset : gb2312
保存退出
进入http://localhost/squirrelmail/测试邮箱。
注意:除了在authmysqlrc中DEFAULT_DOMAIN指定的域外,其他域用户登陆都需要输入完整的电子邮件地址。
3、小结
与Windows相比,FreeBSD的邮件系统安装配置较为烦琐,但其性能和灵活性则更为强大。由于FreeBSD完善的包管理机制,在安装过程中不必考虑各个软件包的依赖性和下载问题,这也是FreeBSD优于linux的地方。
本文主要是从操作步骤上进行简单的介绍,跟随本文的步骤可以安装好邮件系统,但只有深入了解其运行原理和配置方法才能更好的运用。本文所使用的各个ports中的pkg-descr中包含了官方网站的地址,除了cyrus的网站外,都提供了丰富的文档,这些文档是我们配置和使用的最终依据。
构件邮件系统的过程中难免出现问题,解决问题的主要办法是查看日志文件。最重要的日志文件是/var/log/maillog,courier/sasl/postfix/amavisd/clamav等一系列软件都将日志信息写入该文件,为我们排除问题提供了重要依据。
回字有四样写法,邮件系统也有不同的实现方法,采用postfix/vm-pop3d/openwebmail同样支持虚拟域和用户,而sasl2也带了自己saslauthd。在/usr/ports/mail和/usr/ports/security中提供了丰富的c/s、b/s软件,各位朋友可以尝试不同的组合,找到最适合自己的解决方案。