debian 3.0(sarge)下postfix邮件系统解决方案--deb包安装法

出处：blog.chinaunix.net 作者：漠北色狼时间：2007-3-14 19:21:10

1、概述
1.1、系统目标
　　Maildir邮件存储格式
　　smtp认证
　　邮件地址和系统帐号分开
　　多域支持
　　web管理帐号、别名、域等资料
　　pop3/imap支持
webmail支持
　　集成mysql数据库
　　集成垃圾邮件过滤
　　集成防病毒
1.2、TODO

1.3、系统架构
　　+---------------------------------------------------+
　　| |
　　| 25/25 25/25 110/993 143/995 80/443 |
　　| Incoming Outgoing POP3 IMAP WEB-MAIL |
　　| /\ /\ /\ /\ /\ |
　　| || || || || || |
　　| \/ \/ \/ \/ \/ |
　　+-------------------+---------------+---------------+
　　| Postfix | | Squirrelmail |
　　| | +---------------+
　　| | Courier-imap |
　　| |-------------------------------+
　　| | Courier-authlib |
　　|-------------------+-------------------------------|
　　| Cyrus-SASL |
　　|---------------------------------------------------+
　　| MySQL |
　　+---------------------------------------------------+

2、软件包的安装
sarge:#apt-get install postfix postfix-tls postfix-mysql libsasl2 libsasl2-modules libsasl2-modules-sql courier-base courier-pop courier-imap courier-authdaemon courier-authmysql mysql-server-4.1 mysql-client-4.1 apache php4 php4-mysql squirrelmail squirrelmail-locales php4-pear imapproxy

3、配置
3.1、apache
修改/etc/apache/httpd.conf加入PHP4支持

# And for PHP 4.x, use:
#
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
sarge:#/etc/init.d/apache restart #重启apache
sarge:#l# netstat -ln|grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
3.2、mysql
sarge:#wget http://high5.net/page7_files/postfixadmin-2.1.0.tgz
sarge:#tar zxvf postfixadmin-2.1.0.tgz -C /var/www/
sarge:#ln -s /var/www/postfixadmin-2.1.0 /var/www/postfix
sarge:#mysql < /var/www/postfix/DATABASE_MYSQL.TXT 　
sarge:#cp /var/www/postfix/config.inc.php.sample /var/www/postfix/config.inc.php
可以修改config.inc.php中的相关参数以符合你的需求,这里在mysql里存放密码用明方式，$CONF['encrypt'] = 'cleartext';
用浏览器打开http://sargeIP/postfix/ 点setup，一般情况下不会有什么问题。按照提示，删除setup.php文件
sarge:#rm /var/www/postfix/setup.php
sarge:#/etc/init.d/mysql restart
sarge:# netstat -ln|grep 3306
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
sarge# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 245 to server version: 4.1.11-Debian_4sarge7-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> grant select,insert,update,delete,create,drop on postfix.* to 'postfix'@'127.0.0.1' IDENTIFIED BY 'postfix';
Query OK, 0 rows affected (0.00 sec)

mysql>
添加postfix帐户，密码为postfix,实际应用时更改成一个合理的密码，该用户只能从127.0.0.1连接mysql服务器。　
3.3、postfix
修改/etc/postfix/main.cf,添加下面的内容

#=============sasl2====================#
smtpd_sasl_auth_enable = yes
smtpd_sasl_application_name = smtpd
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain = test.com
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains, reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_client_restrictions = permit_sasl_authenticated,
reject_invalid_hostname,
# reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
reject_rbl_client relays.ordb.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
permit

smtpd_data_restrictions =
reject_unauth_pipelining,
permit

#=================mysql================#
virtual_transport = virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql_mailbox_domains.cf
virtual_mailbox_base = /var/mailbox/
virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql_mailbox_maps.cf
virtual_minimum_uid = 33
virtual_uid_maps = static:33
virtual_gid_maps = static:33
virtual_alias_maps = mysql:/etc/postfix/mysql/mysql_alias_maps.cf
mydestination = $myhostname, localhost.$mydomain, localhost
relayhost =
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +

sarge:#mkdir /etc/postfix/mysql
sarge:#vi /etc/postfix/mysql/mysql_mailbox_domains.cf

hosts = 127.0.0.1
user = postfix
password = postfix
dbname = postfix

table = domain
select_field = domain
where_field = domain
additional_conditions = and active='1'

sarge:#vi /etc/postfix/mysql/mysql_mailbox_maps.cf

hosts = 127.0.0.1
user = postfix
password = postfix
dbname = postfix

table = mailbox
select_field = maildir
where_field = username
additional_conditions = and active='1'

sarge:#vi /etc/postfix/mysql/mysql_alias_maps.cf

hosts = 127.0.0.1
user = postfix
password = postfix
dbname = postfix

table = alias
select_field = goto
where_field = address
additional_conditions = and active='1'

sarge:#vi /etc/postfix/sasl/smtpd.conf

pwcheck_method: auxprop
mech_list: plain login digest-md5 cram-md5
auxprop_plugin: sql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: postfix
sql_passwd: postfix
sql_database: postfix
sql_select: SELECT password FROM mailbox WHERE username='%u@%r' and domain='%r'and active='1'

关于smtpd.conf 更多的参数可参见http://www.clusting.com/cyrus/SASL/doc/options.html
sarge:#/etc/init.d/postfix restart
sarge:# netstat -ln|grep 25
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp6 0 0 :::25 :::* LISTEN
unix 2 [ ACC ] STREAM LISTENING 14125 private/relay

打开http://sarge_ip/postfix,对postfixadmin做一番初始化后
添加一个域：test.com #实际应用添加你实际的域名
添加一个帐户：admin@test.com #密码是admin,实际应用时，密码不要和用户名重复。
sarge:#mkdir /var/mailbox #邮件帐户存放邮件的地方
sarge:#chown -R 33:33 /var/mailbox #apache的运行帐户，这里要和main.cf和apache 设定一致。

sarge:#telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 sarge ESMTP Postfix (Debian/GNU)
ehlo sarge
250-sarge
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5
250-AUTH=LOGIN PLAIN DIGEST-MD5 CRAM-MD5
250 8BITMIME
mail from:"This is a test mail!"<admin@test.com>
250 Ok
rcpt to:<admin@test.com>
250 Ok
data
354 End data with <CR><LF>.<CR><LF>
This is a test mail.
.
250 Ok: queued as 39578C143
quit
221 Bye
Connection closed by foreign host.

现在就应该有/var/mailbox/admin@test.com/这个目录了
sarge:#more /var/mailbox/admin@test.com/new/1170923510.V802I40b7.sarge
Return-Path: <admin@test.com>
X-Original-To: admin@test.com
Delivered-To: admin@test.com
Received: from sarge (localhost.localdomain [127.0.0.1])
by sarge (Postfix) with ESMTP id 39578C143
for <admin@test.com>; Thu, 8 Feb 2007 16:27:16 +0800 (CST)
Message-Id: <20070208082716.39578C143@sarge>
Date: Thu, 8 Feb 2007 16:27:16 +0800 (CST)
From: admin@test.com
To: undisclosed-recipients:;

This is a test mail.
3.4、courier
sarge:#vi /etc/courier/authdaemonrc
最主要是下面这个参数
authmodulelist="authmysql"
sarge:#vi /etc/courier/authmysqlrc
内容为
MYSQL_SERVER 127.0.0.1
MYSQL_SOCKET /var/run/mysqld/mysqld.sock
MYSQL_USERNAME postfix
MYSQL_PASSWORD postfix
MYSQL_DATABASE postfix

MYSQL_USER_TABLE mailbox

MYSQL_LOGIN_FIELD username
MYSQL_CLEAR_PWFIELD password
#MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD '33'
MYSQL_GID_FIELD '33'
MYSQL_HOME_FIELD '/var/mailbox/'
MYSQL_MAILDIR_FIELD maildir
#MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(username,'@',-1),'/',SUBSTRING_INDEX
(username,'@',1),'/')
MYSQL_NAME_FIELD name
MYSQL_QUOTA_FIELD quota
MYSQL_WHERE_CLAUSE active='1'

sarge:#/etc/init.d/courier-authdaemon restart
sarge:#/etc/init.d/courier-imap restart
sarge:#/etc/init.d/courier-pop restart

注意MYSQL_CLEAR_PWFIELD password 用明文方式去抓mysql中的用户密码，和postfixadmin的config.inc.php中的设置一致。

重点注意：如果想在mysql中存放的用户为md5crypt方式，而不是明文，那么postfixadmin的config.inc.php 中的参数要改回$CONF['encrypt'] = 'md5crypt';authmysqlrc配置文件中的MYSQL_CLEAR_PWFIELD password要换成MYSQL_CRYPT_PWFIELD password,先前建立好的帐户必须更新密码。smtpd.conf中添加password_format: crypt 。尽管这样，imap和pop3认证可以通过，smtp发信时，smtp服务器不能通过，需要给cyrus-sasl打个patch。相关资料请参考http://blog.matroid.org/display/26
smtp服务，除了上文使用的认证方式之外，常用的还有saslauthd and PAM。
3.5、mailscanner
sarge:#wget http://www.mailscanner.info/files/4/tar/MailScanner-install-4.54.6-1.tar.gz
sarge:#wget http://www.mailscanner.info/files/4/install-Clam-SA.tar.gz #ClamAV 0.88.2 and SpamAssassin 3.1.3 easy installation package
sarge:#tar zxvf MailScanner-install-4.54.6-1.tar.gz -C /tmp
sarge:#cd /tmp/MailScanner-install-4.54.6-1/
sarge:#./install.sh
sarge:#export EDITOR=vi #默认编辑器使用vi,也可以直接写入/etc/profile or $HOME/.profile,然后source /etc/profile or source $HOME/.profile

sarge:#crontab -e
37 5 * * * /opt/MailScanner/bin/update_phishing_sites
58 23 * * * /opt/MailScanner/bin/clean.quarantine
42 * * * * /opt/MailScanner/bin/update_virus_scanners
3,23,43 * * * * /opt/MailScanner/bin/check_mailscanner

sarge:#tar zxvf install-Clam-SA.tar.gz -C /tmp
sarge:#cd /tmp/install-Clam-SA
sarge:#./install.sh #安装clamav and SpamAssassin

修改/opt/MailScanner/etc/MailScanner.conf：
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Virus Scanners = clamav
Use SpamAssassin = yes

sarge:#chown postfix:postfix /var/spool/MailScanner/incoming
sarge:#chown postfix:postfix /var/spool/MailScanner/quarantine

修改/etc/postfix/main.cf:
#=============mailscanner===============#
header_checks = regexp:/etc/postfix/header_checks

新建/etc/postfix/header_checks:
/^Received:/ HOLD

sarge:#vi /etc/init.d/MailScanner
case $1 in
start)
/opt/MailScanner/bin/check_mailscanner
[ $? -eq 0 ] && echo "mailscanner start successful"
;;
stop)
;;
esac
sarge:#ln -s /etc/init.d/MailScanner /etc/rc2.d/S19MailScanner
sarge:#ln -s /etc/init.d/MailScanner /etc/rc3.d/S19MailScanner
sarge:#ln -s /etc/init.d/MailScanner /etc/rc4.d/S19MailScanner
sarge:#ln -s /etc/init.d/MailScanner /etc/rc5.d/S19MailScanner
sarge:#ln -s /etc/init.d/MailScanner /etc/rc0.d/K81MailScanner
sarge:#ln -s /etc/init.d/MailScanner /etc/rc1.d/K81MailScanner
sarge:#ln -s /etc/init.d/MailScanner /etc/rc6.d/K81MailScanner

sarge:#/etc/init.d/postfix restart
sarge:#/etc/init.d/MailScanner start
3.6、webmail
sarge:#/usr/sbin/squirrelmail-configure #根据你的具体情况配置一下
sarge:#ln -s /usr/share/squirrelmail /var/www/webmail

邮件服务器

debian 3.0(sarge)下postfix邮件系统解决方案--deb包安装法