Mail Server –>postfix , cyrus-sasl2 , courier-imap,postfixadmin

和之前那篇mail server on freebsd 不同的地方
這邊sasl 認証的方法是透過authdaemon
之前的是saslauthd 和pam-mysql來做的

OS: FreeBSD 6.0
用到的套件
Apache
postfix
courier-imap
postfixadmin
mysql
php4

1、先安裝mysql
#cd /usr/ports/databases/mysql50-server
#make install
安裝結束後，建資料庫
#rehash
#mysql_install_db
開機啟動mysql
#mysql_enable=”YES”
啟動mysql
# /usr/local/etc/rc.d/mysql-server.sh start
因為這樣建完後資料庫的擁有人是root:wheel，所以要改成mysql
#chown -R mysql:mysql /var/db/mysql
然後為資料庫的root 更改密碼
#mysql
mysql>UPDATE user SET password=password(’你所想設的密碼’) where user=’root’;
mysql>FLUSH PRIVILEGES;
mysql>exit
接下來安裝apache
#cd /usr/ports/www/apache13
#make install
開機啟動apache
#vi /etc/rc.conf
apache_enable=”YES”
接下來安裝PHP4
#cd /usr/ports/lang/php4
#make install
再來安裝php的延伸套件(我選的套件還滿多的，是一些大部份你將來會用到的^^)
勾選bz2,ctype,ftp,gd,gettext,iconv,imagick,imap,mbstring,
mysql,overload,pcre,posix,session
,shmop,sockets,sysvmsg,sysvsem,sysvshm,tokenizer,xml,zip,zlib
#cd /usr/ports/lang/php4-extension
#make install clean
接下來就可以開始進入正題了
先裝cyrus-sasl2
原因是postfix 會用到sasl 所以須要比postfix先裝
#cd /usr/ports/security/cyrus-sasl2
#make install WITH_AUTHDAEMON=yes
裝好後配置sasl
#vi /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path: /var/run/authdaemond/socket
接來就可以開始裝postfix了
#cd /usr/ports/mail/postfix
#make install WITH_AUTHDAEMON=yes
然後勾選
SASL2和MySQL
安裝的時後會跳出一些問題要你選
例如Would you like to activate Postfix in /etc/mail/mailer.conf [n]?
都直接選預設的就好了
安裝完後會出現下列訊息
If you have postfix configured in your /etc/mail/mailer.conf (answered yes to
the previous question) and would like to enable postfix to start at boot time,
please set these variables in your /etc/rc.conf file:

sendmail_enable=”YES”
sendmail_flags=”-bd”
sendmail_pidfile=”/var/spool/postfix/pid/master.pid”
sendmail_procname=”/usr/local/libexec/postfix/master”
sendmail_outbound_enable=”NO”
sendmail_submit_enable=”NO”
sendmail_msp_queue_enable=”NO”

This will disable Sendmail completely, and allow you to use /etc/rc.d/sendmail
to start and stop postfix (FreeBSD 5.x and up). For FreeBSD 4.x, it will just
cause the system boot scripts to start sendmail for you.

Alternatively to the above settings, you can enable postfix to start with
the other local services, for example, after your database server starts if
you need it to be running for postfix. To do this, set in your rc.conf file:

sendmail_enable=”NO”
sendmail_submit_enable=”NO”
sendmail_outbound_enable=”NO”
sendmail_msp_queue_enable=”NO”

Then make the following symbolic link:

cd /usr/local/etc/rc.d
ln -s /usr/local/sbin/postfix postfix.sh

With either startup configuration, you will want to disable some
Sendmail-specific daily maintenance routines in your /etc/periodic.conf file:

daily_clean_hoststat_enable=”NO”
daily_status_mail_rejects_enable=”NO”
daily_status_include_submit_mailq=”NO”
daily_submit_queuerun=”NO”

If you are using SASL, you need to make sure that postfix has access to read
the sasldb file. This is accomplished by adding postfix to group mail and
making the /usr/local/etc/sasldb* file(s) readable by group mail (this should
be the default for new installs).
內容就是和你說怎麼啟動postfix
和把sendmail的一些例行的maintenance關掉
不過FreeBSD6.0在啟動的方試我試過用他的方式
sendmail_enable=”YES”

sendmail_flags=”-bd”

sendmail_pidfile=”/var/spool/postfix/pid/master.pid”

sendmail_procname=”/usr/local/libexec/postfix/master”

sendmail_outbound_enable=”NO”

sendmail_submit_enable=”NO”

sendmail_msp_queue_enable=”NO”
不太行~~因為sendmail會比postfix 先啟
所以我們要開機就啟動postfix的話我們就先把sendmail給關了，再透過/usr/local/etc/rc.d/來啟
#vi /etc/rc.conf
sendmail_enable=”NONE”
#cd /usr/local/etc/rc.d
#ln -s /usr/loca/sbin/postfix postfix.sh
然後配置postfix
#cd /usr/local/etc/postfix
#vi main.cf

myhostname = 改成你的主機名

mydomain = 改成你的domain

myorigin = $mydomain

inet_interfaces = all

unknown_local_recipient_reject_code = 450

mynetworks_style = subnet

mynetworks = 127.0.0.0/8, 再加入你ip的網段

alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf

home_mailbox = Maildir/

mailbox_transport = virtual

virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf

virtual_gid_maps = static:125

virtual_mailbox_base = /home/mbox

virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf

virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf

virtual_mailbox_limit = 512000000

virtual_minimum_uid = 125

virtual_transport = virtual

virtual_uid_maps = static:125

virtual_mailbox_limit_inbox = yes

virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/mysql_virtual_vquota_maps.cf

virtual_mailbox_limit_override = yes

virtual_maildir_extended = yes

virtual_create_maildirsize = yes

message_size_limit = 50000000

maximal_queue_lifetime = 2d

bounce_queue_lifetime = 1d

broken_sasl_auth_clients = yes

smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_non_fqdn_hostname,
reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_unauth_destination, reject_unauth_pipelining,
reject_invalid_hostname, reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org, reject_rbl_client relays.ordb.org,
reject_rbl_client bl.spamcop.net, reject_rbl_client sbl.spamhaus.org,
check_client_access regexp:/usr/local/etc/postfix/regexp-access.cf

smtpd_sasl_auth_enable = yes

smtpd_sasl_local_domain = $myhostname

smtpd_sasl_security_options = noanonymous

smtpd_delay_reject = no

然後因為我們使用的是外部資料庫的方式
所以要配置外部資料庫的文件
#vi mysql_virtual_alias_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias WHERE address=’%s’ AND active = 1
#vi mysql_virtual_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain=’%s’
#optional query to use when relaying for backup MX 這行是註解
#query = SELECT domain FROM domain WHERE domain=’%s’ and backupmx = ‘0′ and active = ‘1′ 這行是註解
#vi mysql_virtual_mailbox_limit_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT quota FROM mailbox WHERE username=’%s’
#vi mysql_virtual_mailbox_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username=’%s’ AND active = 1
#vi regexp-access.cf
/[a-z0-9].dynamic.*/ 554 Service unavailable,Please see http://www.twia.org.tw/SPAM-930412(news).htm
這樣就把透過外部資料的postfix設定好了
然後我們要建存信的資料夾
#mkdir /home/mbox
#chown -R postfix:postfix /home/mbox
然後安裝postfixadmin
#cd /usr/ports/mail/postfixadmin
#make install clean
下面是裝好postfixadmin的訊息
To Install and use postfixadmin:

1. Create the MySQL Tables
————————–
In ${PREFIX}/www/postfixadmin/DATABASE.TXT you can find the table
structure that you need in order to configure Postfix Admin and Postfix
in general to work with Virtual Domains and Users

2. Configure
————
Check the ${PREFIX}/www/postfixadmin/config.inc.php file. There you
can specify settings that are relevant to your setup.

The default password for the admin part of Postfix Admin is admin/admin.
This is specified in the .htpasswd file in the admin directory. Make sure
that the location of the .htpasswd file matches your path.

3. Configure Apache
——————-
Add a line in your httpd.conf to allow the use of .htaccess file.

Options Indexes
AllowOverride AuthConfig

這時後我們要把postfixadmin加入 httpd.conf
#vi /usr/local/etc/apache/httpd.conf

Options Indexes

AllowOverride AuthConfig

#加入下面這行是因為FreeBSD的Apache DocumentRoot 是在/usr/local/www/data，
#但是postfixadmin 卻是在/usr/local/www/底下。
Alias /postfixadmin/ “/usr/local/www/postfix/”
匯入postfixadmin的table
#mysql -u root -p < /usr/local/www/postfixadmin/DATABASE_MYSQL.TXT
然後新增一個mysql 的user postfix
#mysql -u root -p
mysql>use mysql;
mysql>GRANT ALL ON postfix.* TO postfix@localhost IDENTIFIED BY “postfix”;
mysql>exit
然後配置postfixadmin
#vi /usr/local/www/postfixadmin/config.inc.php
$CONF[’postfix_admin_url’] = ‘改成你的網址’;
$CONF[’postfix_admin_path’] = ‘你postfixadmin的資料夾位置’;
$CONF[’default_language’] = ‘tw’;
$CONF[’database_type’] = ‘mysql’;
$CONF[’database_host’] = ‘localhost’;
$CONF[’database_user’] = ‘postfix’;
$CONF[’database_password’] = ‘postfix’;
$CONF[’database_name’] = ‘postfix’;
$CONF[’database_prefix’] = ‘’;
$CONF[’quota’] = ‘YES’;
因為postfixadmin的繁体中文少了一行charset 會造成網頁編碼怪怪的
所以我們把他加上去這樣postfixadmin的中文化就ok了
#vi /usr/local/www/postfixadmin/language/tw.lang
$PALANG[’charset’] = ‘big5′;
然後安裝IMAP
#cd /usr/ports/mail/courier-imap
#make install clean
配置IMAP
#cd /usr/local/etc/authlib/
#vi authdaemonrc
authmodulelist=”authmysql”
authmodulelistorig=”authmysql”
#vi authmysqlrc

MYSQL_SERVER localhost

MYSQL_USERNAME postfix (就是剛剛你在開mysql postfix這個user)

MYSQL_PASSWORD secret (就是剛剛你在開mysql postfix這個user的密碼)

MYSQL_SOCKET /tmp/mysql.sock

MYSQL_PORT 3306

MYSQL_OPT 0

MYSQL_DATABASE postfix

MYSQL_USER_TABLE mailbox

MYSQL_CRYPT_PWFIELD password

DEFAULT_DOMAIN 你的domain

MYSQL_UID_FIELD 125(POSTFIX 的uid)

MYSQL_GID_FIELD 125(POSTFIX 的gid)

MYSQL_LOGIN_FIELD username

MYSQL_HOME_FIELD ‘/home/mbox/’

MYSQL_NAME_FIELD name

MYSQL_MAILDIR_FIELD maildir

(在authmysqlrc這邊只能用tab，不能用空白，且在開頭不能有空格)

開機自動啟動IMAP
#vi /etc/rc.conf
courier_authdaemond_enable=”YES”
courier_imap_imapd_enable=”YES”
courier_imap_pop3d_enable=”YES”
然後最後更改authdaemon資料夾的權限讓sasl 可執行
#chmod +x /var/run/authdaemon
裝到這邊基本上你的mail server 已經成功了

若是要可以用webmail的話
很簡單的我們裝個squirrelmail就行了
這邊不能裝openwebmail，原因是我們用的mail儲存格式是maildir
而openwebmail是mailbox
所以要裝有支援maildir 的webmail
#cd /usr/ports/mail/squirrelmail
配置squirrelmail
配置方法有兩種你可以用他的configure的這個執行檔
或是你可以直接修改/usr/local/www/squirrelmail/config/config.php這個檔案
這邊用的方式是執行configure這個檔案
#/usr/local/www/squirrelmail/configure
進去後選Language再選default language
把en_US改成zh_TW

改完存檔離開就是中文的了

JohnPuPu/94.12.15

UPDATED 20060622 01:07

加裝 ClamAV+Amavisd-new

加裝 Clamav
#cd /usr/ports/security/clamav
#make install clean # 全都沒選

Options for clamav 0.87.1

[ ] MILTER Compile the milter interface
[ ] CURL Support URL downloading
[ ] LIBUNRAR Support for external Unrar library

編輯啟動檔 #vi /etc/rc.conf

clamav_clamd_enable=”YES” # 讓 clamav 於開機時自動啟動
clamav_freshclam_enable=”YES” # 讓 freshclam 於開機時自動以 daemon 方式啟動

clamd.conf內容的話，都是用預設的。

再加裝 Amavisd-new
#cd /usr/ports/security/amavisd-new/
#make install clean # 全都不選

Options for amavisd-new 2.3.3,1

[ ] MYSQL MySQL support
[ ] PGSQL PgSQL support
[ ] LDAP LDAP support
[ ] MILTER sendmail milter support

#vi /usr/local/etc/amavisd.conf

$mydomain = ‘改成你的domain’; #例如$mydomain = ‘twbsd.net’;

把下面這段前面的# 拿掉

[’ClamAV-clamd’,
&ask_daemon, [”CONTSCAN {}n”, “/var/run/clamav/clamd”],
qr/bOK$/, qr/bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

還有這個也要 #

[’Mail::ClamAV’, &ask_clamav, “*”, [0], [1], qr/^INFECTED: (.+)/],

就像這樣

# ### http://www.clamav.net/
[’ClamAV-clamd’,
&ask_daemon, [”CONTSCAN {}n”, “/var/run/clamav/clamd”],
qr/bOK$/, qr/bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: the easiest is to run clamd under the same user as amavisd; match the
# # socket name (LocalSocket) in clamav.conf to the socket name in this entry
# # When running chrooted one may prefer: [”CONTSCAN {}n”,”$MYHOME/clamd”],

# ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred)
[’Mail::ClamAV’, &ask_clamav, “*”, [0], [1], qr/^INFECTED: (.+)/],

剩下的話，就都讓他預設就可以了。

#update 2008/08/11
[‘ClamAV-clamd’,
&ask_daemon, [“CONTSCAN {}n”, “/var/run/clamav/clamd.sock”],
qr/bOK$/, qr/bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
現在似乎要改成這樣
把
/var/run/clamav/clamd 換成 /var/run/clamav/clamd.sock

#mkdir /var/log/amavis
#chown vscan:vscan amavis
#cd amavis
#touch amavis.log
#chown vscan amavis.log
#cd /var
#chown -R vscan:clamav amavis
把clamav 加到vscan group去
#vim /etc/group
vscan:*:110:clamav
編輯啟動檔 #vi /etc/rc.conf 增加：
amavisd_enable=”YES” # rc.conf 裡讓 amavisd 開機自動 up

#vim /usr/local/etc/mail/spamassassin/local.cf

# How many hits before a message is considered spam. 得分多少以上就會被判定為垃圾郵件.
required_hits 10

# Whether to change the subject of suspected spam. 在垃圾郵件上之標題上加上註記.
rewrite_header Subject ****SPAM(_SCORE_)****

# Encapsulate spam in an attachment.
# 要如何處理垃圾郵件。因為郵件還會經過防毒程式的處理，所以必須設定為 0。
# 0：將資訊寫入郵件表頭。
# 1：將垃圾郵件轉為附件。
# 2：將垃圾郵件轉為純文字附件。
report_safe 0

# Use terse version of the spam report. 用精簡的方式來回報垃圾給管理者
use_terse_report 0

# Enable the Bayes system. 使用貝氏學習系統
use_bayes 1

# Enable Bayes auto-learning. 開起貝氏自動學習功能
auto_learn 1

# Enable or Disable network checks. 略過 RBLs 之檢查、使用 Razor version 2、使用 DCC (Distributed Checksum Clearinghouse)、>使用 Pyzor
skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
# – chinese
#ok_languages zh en

# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales all

# Disabled scores. 防止中文主旨和中文收件者誤判，建議再加上下列幾行
score HEADER_8BITS 0
score HTML_COMMENT_8BITS 0
score SUBJ_FULL_OF_8BITS 0
score UPPERCASE_25_50 0
score UPPERCASE_50_75 0
score UPPERCASE_75_100 0
score BASE64_ENC_TEXT 0
score DATE_IN_PAST_03_06 0
score FROM_NAME_NO_SPACES 0
score X_MSMAIL_PRIORITY_HIGH 0
score X_PRIORITY_HIGH 0
score TO_TXT 100
score RATWARE_HASH_2 100
score RATWARE_HASH_2_V2 100
score RATWARE_JIXING 100
score HEAD_ILLEGAL_CHARS 1
score SUBJ_ILLEGAL_CHARS 1
score FROM_ILLEGAL_CHARS 1
score BAYES_99 2
score BAYES_70 1
blacklist_from *.www-mailserver.com
blacklist_from *.mailserver.idv.tw
whitelist_from *.blah.blah.com.tw

# local domain from but ip not match. 網域和 ip 不符，疑為垃圾信件
header __FROM_TEATIME Received =~ /from ntut.idv.tw/i
header __FROM_TEATIME_IP Received =~ /[88.88.88.88]/
meta FROM_TEATIME_BUT_IP_ERROR (__FROM_TEATIME)
describe FROM_TEATIME_BUT_IP_ERROR From ntut.idv.tw but ip not match
score FROM_TEATIME_BUT_IP_ERROR 8
allow_user_rules 1
always_add_headers 0
rewrite_subject 0

基本上，這樣應該就都好了