Postfix anti-virus anti-spam system installation

xiaoxiao2021-03-06 74

Lonely Hawk

Zone:

1G /

1G swap

3G / var mail is stored here, so set a relatively large

1G / TMP

1g / home

3G / USR

Left / DATA

2. User

Add a CNHAWK user, the password is further agreed, and the CNHAWK user needs to join the WHEEL group, and the root password is still agreed.

3. Packages installation

Select minimize installation

Choose

Select in the Custom Options

Compat3x

Compat4x

MAN

ports

4.rc.conf

set up:

Sendmail_enable = "none"

5. Install MySQL

A. Can be installed in Ports

CD / usr / ports / databases / mysql323-server

Make Install

The installed mysql version is mysql-3.23.58

B. The following is manually installing mysql-3.23.55

1) Add mysql user group and mysql user

Hawk # Pw GroupAdd MySQL

Hawk # pw useeradd mysql -g mysql -s / nonexistent

2) Configure installation

Hawk # tar zxvf mysql-3.23.55.tar.gz

Hawk # cd mysql-3.23.55

Hawk # ./configure --prefix = / usr / local / mysql --with-low-memory /

--with-charset = GB2312 --WITHOUT-Debug

Hawk # make

Hawk # make install

Hawk # scripts / mysql_install_db

Hawk # chown -r root / usr / local / mysql

Hawk # chown -r mysql / usr / local / mysql / var

Hawk # chgrp -r mysql / usr / local / mysql

Hawk # cp support-files / my-medium.cnf /etc/my.cnf

HAWK # ln -s / usr / local / mysql / bin / safe_mysqld / usr / local / bin / safe_mysqld

Hawk # ln -s / usr / local / mysql / bin / mysqladmin / usr / local / bin / mysqladmin

Hawk # ln -s / usr / local / mysql / bin / mysql / usr / local / bin / mysql

Hawk # ln -s / usr / local / mysql / lib / mysql / usr / local / lib / mysql

3) Edit User Database

The following is the statement of the establishment of the library

Use mysql;

# ====================== ============================== =========

INSERT INTO USER (Host, User, Password) Values ('localhost', 'postfix', '');

Update user set password = password ('hawk') where user = 'postfix'; flush privileges;

Grant All on mail. * To postfix @ localhost identified by "hawk";

# ====================== Courier ============================= =========

INSERT INTO USER (Host, User, Password) Values ('localhost', 'coier');

Update user set password = password ('hawk') where user = 'channel';

Flush privileges;

Grant SELECT, INSERT, UPDATE ON Mail. * To Courier

# ======================= ============================ ==========

#Create mail database

Create Database Mail;

Use mail;

#Create the aliases TABLE

CREATE TABLE Aliases

Alias varchar (255) Not null default ',

RCPT VARCHAR (255) Default NULL,

Primary Key (Alias)

) TYPE = MyISAM;

#Create the transport table

CREATE TABLE TRANSPORT

Domain char (128) Not null default ',

TRANSPORT Char (128) Not null default ',

UNIQUE Key Domain (Domain)

) TYPE = MyISAM;

#Create thevirtua_users Table

Create Table Virtual_Users

Unique_id int (32) Unsigned Not Null Auto_Increment,

ID char (128) Not null default '',

Password char (128) Default Null,

Uid Int (10) unsigned default '2003',

GID INT (10) unsigned default '2003',

Home char (255) Default Null, Maildir Char (255) Default Null,

Date_add Date Default NULL,

Time_add Time Default NULL,

Domain char (128) Default Null,

Name Char (255) Default Null,

Imapok Tinyint (3) Unsigned Default '1',

Quota char (255) Default '10485760',

Primary Key (ID),

Key Unique_ID (unique_id)

) TYPE = MyISAM;

#Create address Table / / This section is incremented by using IGENUS.

Create Table Address

ID INT (32) Unsigned Not Null Auto_Increment,

Unique_id int (32) Not Null Default '0',

Name Char (255) Not Null Default '',

Email char (255) Not null default '',

Primary Key (ID),

Key Unique_ID (unique_id)

) TYPE = MyISAM;

# ===================================================== =========

4) Set the self-start:

Hawk # edit /usr/local/etc/rc.d/mysqld.sh

Example: mysqld.sh

#! / bin / sh

Case "$ 1" in

START)

IF [-x / usr / local / mysql / bin / safe_mysqld]; then

/ usr / local / mysql / bin / safe_mysqld --user = mysql &> / dev / null && echo -n 'mysqld'

;

STOP)

/ usr / bin / killall mysqld> / dev / null 2> & 1 && echo -n 'mysqld'

;

echo ""

echo "USAGE:` Basename $ 0` {start | stop} "

echo ""

EXIT 64

;

ESAC

Hawk # chmod 755 /usr/local/etc/rc.d/mysqld.sh

6. Install Cyrus-SASL

1) Install Cyrus-SASL-2.1.12

Hawk # tar -zxvf cyrus-sasl-2.1.12.tar.gz

Hawk # CD Cyrus-SASL-2.1.12

Hawk # ./configure --disable-sample --disable-pwcheck --disable-cram /

--Disable-Digest - Disable-KRB4 - Disable-gssapi --disable-anon / - with-saslauthd = / var / run / saslauthd --enable-plain --enable-login

Hawk # make

Hawk # make install

Hawk # ln -s / usr / local / lib / sasl2 / usr / lib / sasl2

2) Configure the LIB library of SASL

Hawk # edit /etc/defaults/rc.conf

(In ldconfig_paths = "/ usr / loca / lib) plus / usr / local / lib / sasl2")

Hawk # shutdown -r now (make it effective)

3) Run Saslauthd (if you use PAM direct authentication, this step can be omitted)

Example Saslauthd.sh

#! / bin / sh

Case "$ 1" in

START)

IF [-x / usr / local / sbin / saslauthd]; then

/ usr / local / sbin / saslauthd -a pam> / dev / null && echo -n 'saslauthd'

;

STOP)

/ usr / bin / killall saslauthd> / dev / null 2> & 1 && echo -n 'saslauthd'

;

echo ""

echo "USAGE:` Basename $ 0` {start | stop} "

echo ""

EXIT 64

;

ESAC

Hawk # mkdir / var / run / saslautd

Hawk # edit /usr/local/etc/rc.d/saslauthd.sh

Hawk # chmod 755 /usr/local/etc/rc.d/saslauthd.sh

4) Prepare the Profile of PostFix authentication

A) Direct authentication using PAM:

Hawk # echo pwcheck_method: Pam> /usr/local/lib/sasl2/smtpd.conf

B) Call PAM certification using Saslauthd:

Hawk # echo pwcheck_method: saslauthd> /usr/lib/sasl2/smtpd.conf

7. Install PAM_MYSQL

Install PAM_MYSQL-0.5 (due to the use of source installation compile, use freebsd4.9 ports installation)

1) Installation

Hawk # pkg_add -r gmake (PAM_MYSQL requires gmake)

Hawk # CD / USR / PORTS / Security / PAM-MySQL /

Hawk # cp /usr/local/lib/pam_mysql.so / usr / lib /

2) Configure Pam.conf call mysql support SASL certification

Hawk # edit /etc/pam.conf Add the following code to add the POP3 and IMAP:

SMTP Auth Sufficient Pam_Mysql.so User = Postfix Passwd = Hawk Host = LocalHost DB = Mail Table = Virtual_Users UserColumn = ID PasswdColumn = Password Crypt = 1

smtp account required pam_mysql.so user = postfix passwd = hawk host = localhost db = mail table = virtual_users usercolumn = id passwdcolumn = password crypt = 1 (Note: crypt password encryption, if cleartext cyrpt = 0, if using password ( Encryption CRYPT = 2)

8. Install Postfix

1) Stop Sendmail

Hawk # mv / usr / bin / newaliases /usr/bin/newaliases.off

HAWK # mv / usr / bin / mailq /usr/bin/mailq.off

Hawk # mv / usr / sbin / sendmail /usr/sbin/sendmail.off

Hawk # mv /etc/rc.sendmail /etc/sendmail.off

Hawk # edit /etc/rc.conf (in Sendmail = "YES", add #)

2) Add postfix users

Hawk # pw groupadd postfix -g 2003

Hawk # pw groupadd posddrop -g 2004

Hawk # pw useeradd postfix -u 2003 -g 2003 -d / dev / null -s / nologin

3) Installation

Install postfix-2.0.10.tar.gz

Hawk # tar zxvf postfix-2.0.10.tar.gz

Hawk # cd postfix-2.0.10

If your mysql is the source code compile, use the following command.

Hawk # make -f makefile.init makefiles' ccargs = -duse_sasl_auth -dhas_mysql -i / usr / local / mysql / include / mysql -i / usr / local / include / sasl '' auxlibs = -L / usr / local / lib / -L / usr / local / mysql / lib / mysql -lmysqlclient -lsasl2 -lz -lm '

If your MySQL is Ports installed, please use the following command.

Hawk # make -f makefile.init makefiles' ccargs = -duse_sasl_auth -dhas_mysql -i / usr / local / include / mysql -i / usr / local / include / sasl '' auxlibs = -l / usr / local / lib / L / usr / local / lib / mysql -lmysqlclient -lsasl2 -lz -lm '

Hawk # make

Hawk # make install (for the first installation, use this command during installation, use / TMP when prompted to select TMP)

Hawk # make Upgrade (Upgrade Old Release Use this command)

4) Configuration

Hawk # echo 'Postfix: root' >> / etc / aliases

Hawk # / usr / bin / newaliases

(Note: If you prompt Postfix unable to open the OpieKeys file: #hawk chown postfix: postfix / etc / opiekey

A) Edit Modify /etc/posftix/main.cf Example: main.cf

# ======= Base =============== mHostname = hawk.the9.com

Mydomain = the9.com

Home_mailbox = maildir /

MyDestination = $ MyHostName, $ MyDomain, $ TRANSPORT_MAPS

Local_recipient_maps = is empty

Mailbox_command = / usr / lib / channela-imap / bin / deliverquota -w 90 ~ / maildir

# ======= mysql =============

TRANSPORT_MAPS = mysql: /etc/postfix/transport.cf

Virtual_gid_maps = mysql: /etc/postfix/gIDS.cf

Virtual_mailbox_base = / var / mail

Virtual_mailbox_maps = mysql: /etc/postfix/mysql_virtual.cf

Virtual_maps = mysql: /etc/postfix/mysql.aliases.cf

Virtual_UID_MAPS = mysql: /etc/postfix/uids.cf

# ======= quota =============

Message_size_limit = 2097152 // Limits 2MB of each email

Virtual_mailbox_limit_inbox = no

Virtual_mailbox_limit_maps = mysql: /etc/postfix/mailboxsize-mysql.cf

Virtual_mailbox_limit_override = yes

Virtual_mAildir_extended = YES

Virtual_create_maildirsize = yes

Virtual_mailbox_limit = 10485760 / / The size of the total mailbox 10MB

# ====== SASL ================================================================================================================================================================================

SMTPD_SASL_AUTH_ENABLE = YES

SMTPD_SASL_SECURITY_OPTIONS = Noanonymous

Broken_SASL_AUTH_CLIENTS = YES

SMTPD_RECIPIENT_RESTRICTIONS = permit_sasl_authenticated permit_auth_destinatio reject

#SMTPD_SASL_LOCAL_DOMAIN = $ MyDomain

SMTPD_CLIENT_RESTRICTIONS = permit_sasl_authenticated

B) Confirm that the configuration of /etc/postfix/master.cf is as follows

Virtual UNIX - N N - Virtual

C) Edit /etc/posftix/Transport.cf Example: Transport.cf

User = postfix

Password = hawk

DBNAME = MAIL

Table = Transport

SELECT_FIELD = TRANSPORT

Where_field = Domain

Hosts = localhost

D) Edit /etc/postfix/gids.cf

Example: gids.cf

User = postfix

Password = hawk

DBNAME = MAIL

Table = Virtual_Users

SELECT_FIELD = GID

Where_field = id

Hosts = localhost

E) edit /etc/postfix/uids.cf

Example: uids.cf

User = postfix

Password = hawk

DBNAME = MAIL

Table = Virtual_Users

SELECT_FIELD = UID

Where_field = id

Hosts = localhost

F) Edit /etc/posftix/mysql_virtual.cf

Example: mysql_virtual.cf

User = postfix

Password = hawk

DBNAME = MAIL

Table = Virtual_Users

SELECT_FIELD = MAILDIR

Where_field = id

Hosts = localhost

G) Edit /etc/postfix/mysql.aliases.cf Example: mysql.aliases.cf

User = postfix

Password = hawk

DBNAME = MAIL

Table = aliases

SELECT_FIELD = RCPT

Where_field = alias

Hosts = localhost

H) Edit /etc/postfix/mailboxxsize-mysql.cf Example: MailboxSize-mysql.cf

User = postfix

Password = hawk

DBNAME = MAIL

Table = Virtual_Users

SELECT_FIELD = quota

Where_field = id

Hosts = localhost

5) Set self-start

Hawk # edit /usr/local/etc/rc.d/postfix-server.sh

Example: postfix-server.sh

#! / bin / sh

Case "$ 1" in

START)

IF [-x / usr / sbin / postfix]; then

/ usr / sbin / postfix start && echo -n 'postfix'

;

STOP)

/ usr / sbin / postfix stop && echo -n 'postfix'

;

echo ""

echo "USAGE:` Basename $ 0` {start | stop} "

echo ""

EXIT 64

;

ESAC

Hawk # chmod 755 /usr/local/tc/rc.d/postfix-server.sh9. Installing Expect.Tar.gz (NEED TCL)

Hawk # pkg_add TCL-8.3.5_2.tgz

Hawk # TAR ZXVF EXPECT-5.38.TAR.GZ

Hawk # CD Expect-5.38

Hawk # ./configure --enable-threads --with-tcl = / usr / local / lib / tcl 8.3 --with-tclinclude = / usr / local / include / TCL8.3

Hawk # make

Hawk # make install

10. Install Courier-IMAP-1.7.1 (NEED GMAKE, EXPECT)

1, installation

Hawk # pkg_add -r gmake remote installation package

Hawk # pw useradd CNHAWK -G Wheel (The Software Must Run The Configure Script As Normal User, Not root)

HAWK $ BUNZIP2 COURIER-IMAP-1.7.1.tar.bz2

Hawk $ TAR XVF Courier-IMAP-1.7.1.tar

HAWK $ CD Courier-IMAP-1.7.1

If your mysql is the source code compile, use the following command.

Hawk $ ./configure --without-ipv6 --enable-unicode /

--Nable-Workarounds-for-imap-client-bugs /

--with-mysql-libs = / usr / local / mysql / lib / mysql /

--with-mysql-incrudes = / usr / local / mysql / include / mysql

If your mysql is Ports installation, please use the following command.

Hawk $. / Configure --without-ipv6 --enable-unicode --enable-workrounds-for-imap-client-bugs --with-mysql-libs = / usr / local / lib / mysql --with-mysql- INCLUDES = / usr / local / include / mysql

HAWK $ GMAKE

Hawk # su root

Hawk # gmake install

Hawk # Gmake Install-Configure

2) Configuration

Sample example: Authmysqlrc

## Version: $ ID: Authmysqlrc, V 1.10 2002/04/02 23:41:41 MRSAM EXP $

# distribution information.

# Do not alter lines That Begin with ##, they is used by # @@ Upgrading

# this configuration.

# authmysqlrc create from authmysqlrc.dist by sysconftool

# Do not install this file with world read permissions. This file

# Might Contain The MySQL Admin Password!

# Each line in this file must follow the folload format:

# Field [Spaces | Tabs] Value

# That IS, The name of the field, Followed by Spaces or Tabs, Followed By # Field Value. Trailing Spaces Are Prohibited.

## Name: location: 0

# The Server Name, UserId, and password used to log in.

MySQL_Server Localhost

MySQL_USERNAME COURER

MySQL_Password Hawk

## Name: mysql_socket: 0

# Mysql_socket can be used with mysql version 3.22 or Later, IT Specifier the

# FileSystem Pipe Used for the connection

Mysql_socket /tmp/mysql.sock

## Name: MySQL_Port: 0

# MySQL_Port Can Be Used with MySQL Version 3.22 or Later To Specify A Port To

# Connect TO.

MySQL_Port 3306

## Name: mysql_opt: 0

# Leave mysql_opt as 0, unless you know what you're doing.

MySQL_OPT 0

## Name: MySQL_Database: 0

# The name of the mysql Database We will open:

MySQL_DATABASE MAIL

## Name: mysql_user_table: 0

# The name of the Table Containing your user data. See readme.authmysqlrc

# for the required fields in this table.

MySQL_USER_TABLE VIRTUAL_USERS

## Name: mysql_crypt_pwfield: 0

# Either mysql_crypt_pwfield or mysql_clear_pwfield must be defined. Both

# area ok Too. Crypted passwords Go Into mysql_crypt_pwfield, Cleartext

# Passwords Go INTO mysql_clear_pwfield. Cleartext Passwords Allow

# CRAM-MD5 Authentication to Be Implement.

MySQL_Crypt_PWFIELD PASSWORD

## Name: mysql_clear_pwfield: 0

# Mysql_clear_pwfield clear

## Name: MySQL_DEFAULT_DOMAIN: 0

# IF default_domain is defined, and someone Tries to log in as 'user',

# we will look up 'user @ default_domain' instead.

# Default_domain example.com

## Name: mysql_uid_field: 0

# Other Fields in The MySQL Table:

# Mysql_uid_field - Contains The nameical userid of the account

MySQL_UID_FIELD UID

## Name: mysql_gid_field: 0 #

# Numeric GroupID of the account

MySQL_GID_FIELD GID

## Name: mysql_login_field: 0

# The login id, default is id. Basically The Query IS:

# SELECT MySQL_UID_FIELD, MySQL_GID_FIELD, ... WHERE ID = 'loginid'

Mysql_login_field ID

## Name: mysql_home_field: 0

MySQL_HOME_FIELD HOME

## Name: mysql_name_field: 0

# The user's name (optional)

MySQL_NAME_FIELD NAME

## Name: mysql_maildir_field: 0

# This is an optional field, and can be used to specify an arbitrary

# location of the maildir for the account, Which Normal DEFAULTS TO

# $ Home / maildir (where $ home is read from mysql_home_field).

# You STILL NEED TO PROVIDE A MYSQL_HOME_FIELD, EVEN IF you uncomment this

# OUT.

MySQL_MAILDIR_FIELD MAILDIR

## Name: mysql_quota_field: 0

# Define mysql_quota_field to be the name of the field That Can OptionAlly

# Specify a maildir quota. See Readme.mailsairda for more information

MySQL_QUOTA_FIELD quota

## Name: mysql_where_clause: 0

# This is optional, mysql_where_clause can Be Basically set to an arbitrary

# fixed string this is appended to the where clause of uery

Mysql_where_clause iMapok = 1

## Name: mysql_select_clause: 0

# (Experimental)

# This isbotional, mysql_select_clause can be set when you have a database,

# Which is structural Different from proposed. The Fixed String Will

# be used to do a select operation on Database, Which SHOULD RETURN FIELDS

# in Order Specified Bellow:

# Username, Cryptpw, Uid, GID, Clearpw, Home, Maildir, Quota, Fullname

# Enabling this option causes ignorance of any other field-related

# Options, Excluding Default Domain.

# There is TWO Variables, Which You Can Use. Substitution Will Be Made # for the, so you can put entered UserName

# in The Right Place of Your Query. Thase Variables Are:

# $ (local_part) and $ (Domain)

# IF a $ (domain) IS Empty (Not Given By THE Remote User) The Default Domain

# Name is buy in its place.

# This esample is a little bit modified adaptation of vmail-sql

# Database Scheme:

# MySQL_SELECT_CLASE SELECT POPBOX.LOCAL_PART, /

# Concat ('{md5}', popbox.password_hash), /

# Popbox.clearpw, /

# domain.uid, /

# domain.gid, /

# Concat (domain.path, '/', popbox.mbox_name), /

# '', /

# domain.quota, /

# '', /

# From popbox, domain /

# Where popbox.local_part = '$ (local_part)' /

# And popbox.domain_name = '$ (domain)' /

# And popbox.domain_name = domain.domain_name

## Name: mysql_chpass_clause: 0

# (Experimental)

# This is optional, mysql_chpass_clause can be set when you have a database,

# Which is structural Different from proposed. The Fixed String Will

# be used to do an update Operation on Database. in Other Words, IS

# uED, WHEN Changing password.

# There Are Four Variables, Which You Can Use. Substitution Will Be Made

# for them, so you can put entered Username (Local Part) and domain name

# in The Right Place of Your Query. There Variables Are:

# $ (local_part), $ (Domain), $ (NewPass), $ (NewPass_crypt)

# IF a $ (domain) IS Empty (Not Given By THE Remote User) The Default Domain

# Name is buy in its place.

# $ (newpass) Contains Plain Password

# $ (newpass_crypt) Contains ITS Crypted Form

# Mysql_chpass_clause Update Popbox /

# Set clearpw = '$ (newpass)', /

# Password_hash = '$ (newpass_crypt)' /

# Where local_part = '$ (local_part)' /

# And domain_name = '$ (domain)'

Edit Modification / USR / LIB / COURIER-IMAP / ETC / Authdaemonrc

Version = "authdaemond.mysql"

3) Set self-start

Hawk # cd /usr/local/etc/rc.d

Hawk # ln -s /usr/lib/courier-imap/libexec/imapd.rc imapd.sh

Hawk # ln -s /usr/lib/courier-imap/libexec/pop3d.rc pop3d.sh

Hawk # chmod 755 iMapd.sh

Hawk # chmod 755 pop3d.sh

Start testing now:

1) Set the user:

Hawk # mysql

Mysql> Use mail;

You can see in the database

mysql> show tables;

--------------

| TABLES_IN_MAIL |

--------------

| aliases |

| TRANSPORT |

| Virtual_Users |

--------------

mysql> desc aliases;

------- -------------- ---- ----- ------- --- ----

------- -------------- ---- ----- ------- --- ----

------- -------------- ---- ----- ------- --- ----

MySQL> Insert Aliases Values ('PostMaster@the9.com ',' cnhawk@the9.com ");

MySQL> Insert Aliases Values ('PostMaster@freebsd.net ',' cnhawk@freebsd.net ');

mysql> Select * from aliases;

------------------------------------

| alias | RCPT |

------------------------------------

Postmaster@the9.com

CNHAWK@the9.com

Postmaster@freebsd.net

CNHAWK@freebse.net

------------------------------------

Mysql> desc transport;

--------- --------- ---- ----- -------- - -----

--------- --------- ---- ----- -------- - -----

MySQL> Insert Transport Values ('T9.com', 'Virtual:');

Mysql> Insert Transport Values ('Freebsd.net'); 'Virtual:');

mysql> Select * from transport;

-------------- -----------

| Domain | Transport |

-------------- -----------

| nankai.edu.cn | Virtual: |

| FreeBSD.NET | Virtual: |

-------------- -----------

Mysql> desc Virtual_Users;

--------- -------------------- ------ ---- - -------- ----------------

--------- -------------------- ------ ---- - -------- ----------------

| ID | Char (128) | | Pri | | |

| UID | INT (10) Unsigned | Yes | | 104 | |

| GID | INT (10) Unsigned | Yes | | 104 |

| Imapok | Tinyint (3) Unsigned | Yes | | 1 | |

| Quota | Char (255) | Yes | | 10485760 |

--------- -------------------- ------ ---- - -------- ----------------

Mysql> Insert Into Virtual_Usersmysql> (ID, Home, Password, MAILDIR, DATE_ADD, TIME_ADD, DOMAIN, NAME

Mysql> VALUES ('cnhawk@the9.com', '/ var / mail / ", Encrypt (' cnhawk '),

MySQL> 'the9.com/cnhawk/mails'', '' 2003-04-23', '01:18:24', 'kethe9.com' ,'cnhawk');

MySQL> Insert Into Virtual_Users

MySQL> (ID, Home, Password, MAILDIR, DATE_ADD, TIME_ADD, DOMAIN, NAME

Mysql> Values ('hawk@freebsd.net', '/ var / mail /', encrypt ('hawk'),

MySQL> 'Freebsd.net/hawk/mails'', '2003-04-23', '01:18:24','freebsd.net' ,'Hawk');

Mysql> quit

2) Set the user's directory and permissions:

Hawk # mkdir -p /var/mail/the9.com/cnhawk

Hawk # mkdir -p /var/mail/freebsd.net/hawk

HAWK # CD / USR / lib / channel - imap / bin

Hawk # ./maildirmake /var/mail/the9.com/cnhawk/mAildir

Hawk # ./maildirmake /var/mail/freebsd.net/hawk/mAildir

Hawk # chmod -r 700 /var/mail/the9.com/

Hawk # chmod -r 700 /var/mail/freebsd.net/

Hawk # chown -r postfix: postfix / var/mail/the9.com

Hawk # chown -r postfix: postfix /var/mail/freebsd.net

When the user is set, only two virtual domains are used here, and they can set several virtual domains, such as mail.com.

3) User login test:

First use Perl's MOD to generate this Base64 encoding, install ports in / usr / ports / converters / p5-mime-base64 /

Get the Plain character first. In order to get a Plain string, you must use Base64 encoding

Hawk # perl -mmime :: base64 -e 'print encode_base64 ("cnhawk/@the9.com");'

In the previous addition, you can successfully get a string

Y25OYXDRQHROZTKUY29T

Hawk # perl -mmime :: base64 -e 'print encode_base64 ("cnhawk");'

Y25OYXDR

% Telnet 127.0.0.1 25

Trying 127.0.0.1 ...

Connected to 0.

Escape Character is '^]'.

220 hawk.the9.com Esmtp Postfix

Ehlo hawk

250-hawk.the9.com

250-Pipelining

250-Size 2097152

250-VRFY250-ETRN

250-auth login plain otp

250-auth = login plain OTP

250-xverp

250 8bitmime

Auth login

334 vxnlcm5hbwu6

Y25OYXDRQHROZTKUY29T (this is the user name ID: cnhawk@the9.com)

334 UGFZC3DVCMQ6

Y25OYXDR (this is the user password Password: cnhawk)

235 Authentication Successful

quit

221 BYE

Connection Closed by Foreign Host.

Hawk # telnet 127.0.0.1 110

Trying 127.0.0.1 ....

Connected to 0.

Escape Character is '^]'.

Ok hello there.

User

CNHAWK@the9.com

OK Password Required.

Pass cnhawk

OK Logged in. (OK, POP login success)

quit

OK BYE-BYE.

Connection Closed by Foreign Host.

You can also test any other mail client program, such as Foxmail, Outlook Express, and more.

Then install Webmail

Install IGENUS

1. Install:

Hawk # CD / USR / PORTS / WWW / APACHE2

Hawk # make install

HAWK # CD / USR / PORTS / WWW / MOD_PHP4

Hawk # make install

Hawk # CD / VAR / MAIL

Hawk # tar zxvf igenus_docn.tar.gz

Hawk # edit /usr/local/apache/conf/httpd.conf

2. Configuration:

1) Group Nody, User Nobody

Modify to: Group Postfix, User Postfix

2) DocumentRoot "/ usr / local / apache / htdocs"

Modified to: DocumentRoot "/ var / mail / webmail"

3) Find AddDefaultCharset ISO-8859-1

Change to AddDefaultCharset GB2312 # 中文支持

Add AddType Application / X-httpd-php .php #PHP Support

4) Modify config_inc.php file

$ Cfg_basepath = "/ var / mail / webmail";

$ Cfg_mysql_host = 'localhost';

$ Cfg_mysql_user = 'postfix';

$ Cfg_mysql_pass = 'hawk'; (with the above password, you can modify yourself)

$ Cfg_mysql_db = 'mail';

5) Edit /usR/local/etc/php.ini, modify:

Cp /usr/local/etc/php.ini-dist /usr/local/etc/php.ini

Register_globals = on

3. Use:

Finally, entries in the browser's URL:

http: // ip

Because there is no DNS with DNS, you can directly locate the domain name.

Modify /etc/php.ini

Max_execution_time = 30 # is changed to 60 (increasing the time limit for processing scripts)

Memory_limit = 8m # is changed to 40M (this can send 10M accessories)

Post_max_size = 2m # changed to 10m

UPLOAD_MAX_FILESIZE = 2M # change to 10m

2. Modify /etc/httpd/conf.d/php.conf

SetOutputFilter PHP

SetInputFilter PHP

LimitRequestBody 524288 # Transform 524288 to 10485760

The LImitRequestBody 524288 here is limited to 512K of the upload attachment, and it is changed to 10m.

3. Modify /etc/postfix/main.cf, add the following statement:

Message_size_limit = 14336000

The default value of Postfix is 10m, but this refers to the sum of the body and the number of attachments after the encoding. After Base64 encoding, the size of the attachment will increase by about 35%, so set the acceptable email size of 14m.

You can use the following command to view the relevant settings of Postfix:

/ usr / sbin / postconf | GREP SIZE

4. Rain from Apache and Postfix.

Anti-spam anti-virus mail part

1. Install McAfee uvscan

The latest version on the BSD is VBSD424E, although trial but can be upgraded, there is no functional limit.

The latest virus library version is DAT-4306.TAR = B4AF8AA33B670D15CC43EBF6F4967498

How to do the latest version of the virus library in your ports You can modify the file in the ports to download directly from www.nai.com.

Install McAfee AntiVirus

Hawk # CD / USR / PORTS / Security / VSCAN

Hawk # make install clean

2.Amavis installation

Amavis is a bridge between UVScan and Postfix, completes mail decoding, handed over UVScan, and then processes, forwarded operations.

2. Install in Ports

My version number is amavisd-new-20030616

Hawk # CD / USR / PORTS / Security / Amavisd-New /

# make install clean

HAWK # CD / USR / local / etc

Hawk # cp amavisd.conf-dist Amavisd.conf

Hawk # chown vscan amavisd.conf

Hawk # chmod 750 Amavisd.conf

Hawk # chown vscan / usr / local / sbin / Amavisd

Hawk # chmod 750 / usr / local / sbin / amavisd

Modify amavisd.conf

$ MyDomain = 'THE9.com'; (Modified to your own)

$ TEMPBASE = "/ TMP";

$ forward_method = 'SMTP: 127.0.0.1: 10025';

$ notify_method = $ forward_method;

The following can be set according to your server situation

$ virus_admin = "vscan / @ $ mydomain"

$ MailFrom_notify_admin = "vscan / @ $ mydomain";

$ MailFrom_notify_recip = "vscan / @ $ mydomain";

$ MailFrom_notify_spamadmin = "vscan / @ $ mydomain";

# $ Quarantinedir = '/var/virusmails' ;2.2 Modify Postfix

In /etc/postfix/master.cf

SMTP INET N - N - - SMTPD

Change to the following:

SMTP-AMAVIS UNIX - - N - 2 SMTP

-o SMTP_DATA_DONE_TIMEOUT = 1200

-o disable_dns_lookups = yes

127.0.0.1:10025 INET N - N - - SMTPD

-o content_filter =

Pay attention to the 127.0.0.1:10025 content_filter is blank, because in the main.cf of Postfix, the previously defined const_filter may cause the local message to be forwarded to yourself, if there is such a situation, The following information will appear "Error: Too Many HOPS" in the log log of PostFix.

test

Hawk # / usr / local / sbin / postfix stop

Hawk # / usr / local / sbin / postfix start

Hawk # su - vscan

Hawk # / usr / local / sbin / amavisd debug

Start another terminal:

Hawk # telnet 127.0.0.1 10024

Trying 127.0.0.1 ...

Connected to localhost.the9.com.

Escape Character is '^]'.

220 [127.0.0.1] ESMTP AMAVISD-New Service Ready

Mail from:

250 2.1.0 Sender

CNHAWK@the9.com

RCPT TO:

250 2.1.5 Recipient

CNHAWK@the9.com

Data

354 END DATA with .

Subject: Test 2

X5O! P% @ AP [4 / PZX54 (P ^) 7cc) 7} $ EiCar-Standard-AntiVirus-Test-File! $ H H *

250 2.5.0 OK, ID = 00116-02, Bounce <- This indication system has recognized this message contains Virus

Quit

2.3 Installation Configuration Spamassassin

In the latest amavisd-new, the spamassassin feature has been combined, so as long as the Amavisd-Ne is installed with ports, the spamassassin has been installed.

Port: Amavisd-New-20030616.p5

PATH: / USR / PORTS / Security / Amavisd-New

Info: Performance-Enhanced Daemonized Version of Amavis-Perl

MAINT:

Blaz@si.freebsd.org

INDEX: Security

B-DEPS:

R-DEPS: ARC-5.21E.8_1 Freeze-2.5_1 LHA-1.14I_1 LZO-1.08_1 LZOP-1.01 P5-Archive-TAR-1.05 P5-Archive-Zip-1.06 P5-Authen-SASL-2.04 P5-compress ZLIB-1.22 P5-Convert-TNEF-0.17 P5-Convert-Uulib-0.213 P5-Digest-HMAC-1.01 P5-Digest-MD5-2.27 P5-Digest-NilsiMSA-0.06 P5-Digest-SHA1-2.04 P5-File-Spec -0.82 p5-HTML-PARSER-3.31 P5-HTML-TagSet-3.03 p5-IO-1.20 P5-IO-STRINGY-2.108 P5-MIME-BASE64-2.20 P5-MIME-TOOLS-5.411A_2 P5-Mail-spamassassin-2.55 P5-Mail-Tools-1.58 P5-Net-1.16, 1 P5-Net-DNS-0.40 P5-Net-Server-0.85 P5-P5-P5-P5-P5-P5-P5-P5-P5-P5-Harness-2.28 P5-Test-SIMPLE-0.47_1 P5- Time-Hires-1.50, 1 p5-uri-1.25 p5-unix-syslog-0.100 razor-agent-2.36 unarj-2.43_1 unRar-3.20, 2 ZOO-2.10.1 If the server does not need spamassassin's function that this step can be canceled .

Add needed users

Hawk # pw useeradd spam -c "spam bayes learner" -d / var / empty -s / sbin / nologin

Hawk # pw useeradd notspam -c "not spam bayes learner" -d / var / empty -s / sbin / nologin

Modify /usr/local/etc/mail/spamassassin/local.cf

Use_bayes 1

Bayes_path /var/amavis/.spamassassin/bayes

Auto_learn 1

Auto_LEARN_THRESHOLD_NONSPAM-2

Auto_LEARN_THRESHOLD_SPAM 15

Modify /usr/local/etc/amavisd.conf

$ MAX_SERVERS = 2;

$ MAX_REQUESTS = 10;

$ child_timeout = 5 * 60;

@BYPASS_VIRUS_CHECKS_ACL = QW (.);

@local_domains_acl = (". $ mydomain");

$ final_spam_destiny = d_pass;

Read_hash (/% WhiteList_sender, '/ var / amavis / white);

Read_hash (/% blacklist_sender, '/ var / amavis / blacklist');

Read_hash (/% spam_lovers, '/ var / amavis / spam_lovers);

# Spamassassin settings

# $ sa_local_tests_only = 1;

$ sa_auto_whiteList = 1;

$ SA_MAIL_BODY_SIZE_LIMIT = 64 * 1024;

$ SA_TAG_LEVEL_DEFLT = 4.0;

$ SA_TAG2_LEVEL_DEFLT = 6.3;

$ SA_KILL_LEVEL_DEFLT = $ SA_TAG2_LEVEL_DEFLT; $ sa_spam_subject_tag = '*** spam ***';

Establish the required documents

Hawk # touch / var / amavis / whitelist

Hawk # touch / var / amavis / blacklist

Hawk # touch / var / amavis / spam_lovers

Hawk # chown vscan / var / amavis / whitelist

Hawk # chown vscan / var / Amavis / BlackList

Hawk # chown vscan / var / amavis / spam_lovers

Hawk # echo

Spam@the9.com

>> / VAR / AMAVIS / SPAM_LOVERS

Hawk # echo

NOTSPAM@the9.com

>> / VAR / AMAVIS / SPAM_LOVERS

Modify /usr/local/etc/postfix/main.cf

Add to

Content_filter = SMTP-AMAVIS: [127.0.0.1]: 10024

Establish an automatic learning system

Bayesian Learning Script

Hawk # vi /usr/local/sbin/my-sa-learn.sh

#! / bin / sh

IF [-e / var / mail / spam]; then

/ usr / local / bin / sa-learn --spam -p /var/amavis/.spamassassin/user_prefs - MBOX / VAR / MAIL / SPAM

RM / VAR / MAIL / SPAM> / dev / null

IF [-e / var / mail / notspam]; then

/ usr / local / bin / sa-learn --ham -p /var/amavis/.spamassassin/user_prefs - MBOX / VAR / MAIL / NOTSPAM

RM / VAR / MAIL / NOTSPAM> / dev / null

Establish a Bayes learning knowledge base:

Hawk # / usr / bin / sa-learn --rebuild -p /var/amavis/.spamassassin/user_prefs

This will be automatically learned.

Hawk # chmod 700 /usr/local/sbin/my-sa-learn.sh

Hawk # crontab -e

5 0 * * / /usr/local/sbin/my-sa-learn.sh

The restart of the service is restarted to make the settings take effect.

Hawk # /usr/local/etc/rc.d/postfix.sh stop

Hawk # /usr/local/etc/rc.d/postfix.sh start

Hawk # /usr/local/etc/rc.d/amavisd.sh stop

Hawk # /usr/local/etc/rc.d/amavisd.sh start

If you use Spamassassin's spamd, you also need to restart.

When you start AMAVISD, please confirm if there is an anti-virus software.

Hawk # cat / var / log / maillog | grep nai

Dec 1 03:37:07 Hawk Amavis [112]: Found Primary av scanner nai mcafee antivirus (uvscan) AT / usr / local / bin / uvscan

DEC 1 15:36:00 Hawk Amavis [110]: Found Primary av scanner nai mcafee antivirus (uvscan) AT / usr / local / bin / uvscan

DEC 1 16:14:28 hawk amavis [110]: Found Primary av scanner nai mcafee antivirus (uvscan) AT / usr / local / bin / uvscan If there is such information description, anti-virus software has been found

Virus update script

Need WGET support

Install WGET first

Hawk # pkg_add -r wget

Installed

Hawk # vi /usr/local/libexec/uvscan/Update-dat.sh

Add below

#! / bin / sh

# update-dat.sh

CD / USR / LOCAL / LIBEXEC / UVSCAN /

Wget -q -o readme.txt

http://download.nai.com/p......................... x/NAI/Readme.txt

> / dev / null

Avver = `head -11 readme.txt | grep '4 [0-9] [0-9] [0-9]' | Head -1 | SED -E 'S /^.*/ (4 [0-9 ] * /). * $ // 1 / '`

IF [! -f dat- $ avver.tar]; then

For i in * .tar; do

MV $ I $ I.OLD

DONE

IF wget

http://download.nai.com/p......-4.x/nai/dat- $avver.tar

> / dev / null; then

For i in * .dat; do

CP -P $ I $ I.BAK

DONE

IF TAR XF DAT- $ avver.tar; then

RM -F * .OLD

Echo `Date` SuccessFully Updated AntiVirus Dat Files To $ avVer

Then you can automatically update the virus file automatically in the crontab timing.

After completing the mail interface, the virus warning message has been received, these titles can be modified in Amavisd.conf.

转载请注明原文地址:https://www.9cbs.com/read-120249.html

9cbs

New Post(0)