企业级的邮件服务器-CentOS + Postfix + MailScanner

zhaoweiping 2011-07-18

A step by step guide for building an enterprise class Email server。 :)
支援POP3, POP3s, IMAP, IMAPs。欢迎大家多多指教~

  • 企业级的邮件服务器-CentOS + Postfix + MailScanner运行OS:CentOS 4.4(RedHat Enterprise Linux Advance Server)下载 Server版ISO(1 CD), 全部套件版ISO(1 DVD)
  • 套件配置:使用Postfix for SMTP,dovecot for POP3,MailScanner + Spamassasin + ClamAV做广告与病毒扫描。
  • 前置安装
    yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain
  • 然后安装postfix, dovecot
    yum install postfix dovecot
  • 输入以下指令
  • postconf -e 'smtpd_sasl_local_domain ='
    postconf -e 'smtpd_sasl_auth_enable = yes'
    postconf -e 'smtpd_sasl_security_options = noanonymous'
    postconf -e 'broken_sasl_auth_clients = yes'
    postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
    postconf -e 'inet_interfaces = all'
    postconf -e 'mynetworks = 10.1.1.0/24'
  • 编辑/usr/lib/sasl2/smtpd.conf
    pwcheck_method: saslauthd
    mech_list: plain login
  • 输入以下指令

    mkdir /etc/postfix/ssl
    cd /etc/postfix/ssl/
    openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
  • 要求输入Enter pass phrase for smtpd.key
  • 请自行输入一组pass phrase
  • 执行以下指令
    chmod 600 smtpd.key
    openssl req -new -key smtpd.key -out smtpd.csr
    openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
  • 继续输入
    openssl rsa -in smtpd.key -out smtpd.key.unencrypted
    mv -f smtpd.key.unencrypted smtpd.key
    openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
  • 要求输入Enter pass phrase for smtpd.key
  • 输入pass phrase
  • 输入指令
    postconf -e 'smtpd_tls_auth_only = no'
    postconf -e 'smtp_use_tls = yes'
    postconf -e 'smtpd_use_tls = yes'
    postconf -e 'smtp_tls_note_starttls_offer = yes'
    postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
    postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
    postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
    postconf -e 'smtpd_tls_loglevel = 1'
    postconf -e 'smtpd_tls_received_header = yes'
    postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
    postconf -e 'tls_random_source = dev:/dev/urandom'
  • dovecot预设只有IMAP IMAPS,现在要开启POP3 POP3s
    vi /etc/dovecot.conf
  • 找到以下段落。
    [...]
    # Base directory where to store runtime data.
    #base_dir = /var/run/dovecot/
    # Protocols we want to be serving:
    # imap imaps pop3 pop3s
    protocols = imap imaps pop3 pop3s
    # IP or host address where to listen in for connections. It's not currently
    # possible to specify multiple addresses. "*" listens in all IPv4 interfaces.
    [...]
  • 关闭sendmail,开启postfix, saslauthd, dovecot
    chkconfig --levels 235 sendmail off
    chkconfig --levels 235 postfix on
    chkconfig --levels 235 saslauthd on
    chkconfig --levels 235 dovecot on
    /etc/init.d/sendmail stop
    /etc/init.d/postfix start
    /etc/init.d/saslauthd start
    /etc/init.d/dovecot start
  • 如果有问题,可以使用postconf检视postfix的参数
  • 最后用telnet 0 25检查,在telnet之内输入以下命令
    ehlo localhost
  • 应该要看到echo回来以下几行
    250-STARTTLS
    250-AUTH
  • 在我的伺服器上,echo回来的有
    250-ha1
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH PLAIN LOGIN
    250-AUTH=PLAIN LOGIN
    250 8BITMIME
  • 准备Mailscanner + clamav + spamassassin
  • 先安装rpm-build
    yum install rpm-build
  • 下载Mailscanner rpm档案,官方网站http://www.mailscanner.info/。
  • 具体下载目录在 /pub/CentOS/2011/07/Mailscanner/

  • 解压缩,安装
    tar zxvf MailScanner-4.56.8-1.rpm.tar.gz
    cd MailScanner-4.56.8-1
    ./install.sh
  • 根据传回的讯息作准备
    Good, you appear to only have 1 copy of Perl installed.
    I think you are running on RedHat Linux, Mandrake Linux or SUSE Linux.
    You must have the following RPM packages installed before
    you try and do anything else:
    binutils glibc-devel gcc make
    You are missing at least 1 of these.
    Please install them all
    (Read the manuals if you do not know how to do this).
    Then come back and run this install.sh script again.
  • 看得出来,缺少 binutils, glibc-devel, gcc,make. 安装
    yum install glibc-devel
    yum install gcc
  • 再跑一次./install.sh(没意外的话就会把所有相关的src.rpm都编译同时安装...要花一段时间)
  • 装完之后的讯息
    To activate MailScanner run the following commands:
    service sendmail stop
    chkconfig sendmail off
    chkconfig --level 2345 MailScanner on
    service MailScanner start
    For technical support, please read the MAQ at www.mailscanner.biz/maq/
    and buy the book at www.mailscanner.info/store
    ----------------------------------------------------------
    Please buy the MailScanner book from www.mailscanner.info!
    It is a very useful administration guide and introduction
    to MailScanner. All the proceeds go directly to making
    MailScanner a better supported package than it is today.
  • 要注意的,MailScanner预设去扫描sendmail,所以要改成postfix(当然没有再使用的sendmail也是要关掉)
    service postfix stop
    chkconfig postfix off
    chkconfig --level 2345 MailScanner on
    service MailScanner start
  • 编辑MailScanner设定档案,参考文章:
    vi /etc/MailScanner/MailScanner.conf
  • 简单的解说
    Run As User = postfix
    Run As Group = postfix
    Incoming Queue Dir = /var/spool/postfix/hold
    Outgoing Queue Dir = /var/spool/postfix/incoming
    MTA = postfix
    Max Children = 5
    设定 MailScanner 启动时, 最多产生几个子程序 (processing)
    预设值 = 5 (主记忆体只有 64MB 时, 建议设定为 1)
    Virus Scanning = yes
    开启病毒扫瞄功能
    预设值 = yes
    Virus Scanners = clamav
    指定病毒扫瞄套件
    可一次指定多个扫毒套件, 以空白字元分隔即可
    预设值 = none
    Use SpamAssassin = yes
    设定是否使用 SpamAssassin 套件来侦测广告信件
    必须先安装 SpamAssassin 套件才可正常使用
    预设值 = no
  • 后续设定
    chown postfix.postfix /var/spool/MailScanner/incoming
    chown postfix.postfix /var/spool/MailScanner/quarantine
  • 编辑postfix设定档。
  • /etc/postfix/main.cf
    + header_checks = regexp:/etc/postfix/header_checks
  • 编辑/etc/postfix/header_checks
    + /^Received:/ HOLD
  • The effect of this is to tell Postfix to move all messages to the HOLD queue.

相关推荐

就是那个胖子 / 0评论 2020-06-15