企业级的邮件服务器-CentOS + Postfix + MailScanner

A step by step guide for building an enterprise class Email server。 :)
支援POP3, POP3s, IMAP, IMAPs。欢迎大家多多指教～

运行OS：CentOS 4.4（RedHat Enterprise Linux Advance Server）下载 Server版ISO（1 CD）, 全部套件版ISO（1 DVD）
套件配置：使用Postfix for SMTP，dovecot for POP3，MailScanner + Spamassasin + ClamAV做广告与病毒扫描。
前置安装
yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain
然后安装postfix, dovecot
yum install postfix dovecot
输入以下指令

postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
postconf -e 'mynetworks = 10.1.1.0/24'
编辑/usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
输入以下指令

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
要求输入Enter pass phrase for smtpd.key
请自行输入一组pass phrase
执行以下指令
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
继续输入
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
要求输入Enter pass phrase for smtpd.key
输入pass phrase
输入指令
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
dovecot预设只有IMAP IMAPS，现在要开启POP3 POP3s
vi /etc/dovecot.conf
找到以下段落。
[...]
# Base directory where to store runtime data.
#base_dir = /var/run/dovecot/
# Protocols we want to be serving:
# imap imaps pop3 pop3s
protocols = imap imaps pop3 pop3s
# IP or host address where to listen in for connections. It's not currently
# possible to specify multiple addresses. "*" listens in all IPv4 interfaces.
[...]
关闭sendmail，开启postfix, saslauthd, dovecot
chkconfig --levels 235 sendmail off
chkconfig --levels 235 postfix on
chkconfig --levels 235 saslauthd on
chkconfig --levels 235 dovecot on
/etc/init.d/sendmail stop
/etc/init.d/postfix start
/etc/init.d/saslauthd start
/etc/init.d/dovecot start
如果有问题，可以使用postconf检视postfix的参数
最后用telnet 0 25检查，在telnet之内输入以下命令
ehlo localhost
应该要看到echo回来以下几行
250-STARTTLS
250-AUTH
在我的伺服器上，echo回来的有
250-ha1
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250 8BITMIME
准备Mailscanner + clamav + spamassassin
先安装rpm-build
yum install rpm-build
下载Mailscanner rpm档案，官方网站http://www.mailscanner.info/。
具体下载目录在 /pub/CentOS/2011/07/Mailscanner/
解压缩，安装
tar zxvf MailScanner-4.56.8-1.rpm.tar.gz
cd MailScanner-4.56.8-1
./install.sh
根据传回的讯息作准备
Good, you appear to only have 1 copy of Perl installed.
I think you are running on RedHat Linux, Mandrake Linux or SUSE Linux.
You must have the following RPM packages installed before
you try and do anything else:
binutils glibc-devel gcc make
You are missing at least 1 of these.
Please install them all
(Read the manuals if you do not know how to do this).
Then come back and run this install.sh script again.
看得出来，缺少 binutils, glibc-devel, gcc,make. 安装
yum install glibc-devel
yum install gcc
再跑一次./install.sh（没意外的话就会把所有相关的src.rpm都编译同时安装...要花一段时间）
装完之后的讯息
To activate MailScanner run the following commands:
service sendmail stop
chkconfig sendmail off
chkconfig --level 2345 MailScanner on
service MailScanner start
For technical support, please read the MAQ at www.mailscanner.biz/maq/
and buy the book at www.mailscanner.info/store
----------------------------------------------------------
Please buy the MailScanner book from www.mailscanner.info!
It is a very useful administration guide and introduction
to MailScanner. All the proceeds go directly to making
MailScanner a better supported package than it is today.
要注意的，MailScanner预设去扫描sendmail，所以要改成postfix（当然没有再使用的sendmail也是要关掉）
service postfix stop
chkconfig postfix off
chkconfig --level 2345 MailScanner on
service MailScanner start
编辑MailScanner设定档案，参考文章：壹、贰。
vi /etc/MailScanner/MailScanner.conf
简单的解说
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Max Children = 5
设定 MailScanner 启动时, 最多产生几个子程序 (processing)
预设值 = 5 (主记忆体只有 64MB 时, 建议设定为 1)
Virus Scanning = yes
开启病毒扫瞄功能
预设值 = yes
Virus Scanners = clamav
指定病毒扫瞄套件
可一次指定多个扫毒套件, 以空白字元分隔即可
预设值 = none
Use SpamAssassin = yes
设定是否使用 SpamAssassin 套件来侦测广告信件
必须先安装 SpamAssassin 套件才可正常使用
预设值 = no
后续设定
chown postfix.postfix /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/quarantine
编辑postfix设定档。
/etc/postfix/main.cf
+ header_checks = regexp:/etc/postfix/header_checks
编辑/etc/postfix/header_checks
+ /^Received:/ HOLD
The effect of this is to tell Postfix to move all messages to the HOLD queue.

企业级的邮件服务器-CentOS + Postfix + MailScanner

相关推荐