RHEL5上安装邮件系统Postfix+CyrusSASL+dovecot

默认方式安装RHEL5,不选中任何类型服务器(如WEB服务器,开发服务器,虚拟服务器等)

安装postfix

[root@rhel5 ~]# /etc/rc.d/init.d/sendmail stop

关闭 sm-client:                                            [确定]

关闭 sendmail:                                            [确定]

[root@rhel5 ~]# chkconfig sendmail off

[root@rhel5 Server]# rpm -ivh postfix-2.3.3-2.i386.rpm

[root@rhel5 Server]# vi /etc/postfix/main.cf

myhostname = mail.mailidc.cn    #设置运行postfix服务的邮件主机的主机名、域名

mydomain = mailidc.cn      

myorigin = $mydomain      #设置由本机寄出的邮件所使用的域名或主机名称

inet_interfaces = all         #设置postfix服务监听的网络接口

mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost    #设置可接收邮件的主机名称或域名

mynetworks = 127.0.0.1         #设置可转发哪些网络的邮件

relay_domains = $mydestination  #设置可转发哪些网域的邮件

保存文件。

检查postfix的配置:

[root@rhel5 Server]# postconf –n

[root@rhel5 ~]# chkconfig postfix on

將postfix加入到root的组:

# usermod -G root postfix


SMTP认证的配置

安装cyrus-sasl

1、确认cyrus-sasl是否安装了

[root@rhel5 Server]# rpm -qa|grep cyrus

cyrus-sasl-plain-2.1.22-4

cyrus-sasl-lib-2.1.22-4

cyrus-sasl-2.1.22-4


Cyrus-SASL V2的密码验证机制

[root@rhel5 ~]# saslauthd -v

saslauthd 2.1.22

authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap

我们准备用的是shadow的密码验证机制。

vi /etc/sysconfig/saslauthd

MECH=shadow

启动sasl的daemon并测试:

# service saslauthd start

# /usr/sbin/testsaslauthd -u 帐号 -p '密码'

0: OK "Success."   =>帐号验证成功了

[root@rhel5 ~]# chkconfig saslauthd on


设置postfix启用SMTP认证

[root@rhel5 Server]# vi /etc/postfix/main.cf

smtpd_sasl_auth_enable = yes

smtpd_sasl_local_domain= ''

smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,

           reject_unauth_destination

broken_sasl_auth_clients = yes

smtpd_client_restrictions = permit_sasl_authenticated

smtpd_sasl_security_options = noanonymous

wq!保存

此外,由于当postfix要使用SMTP认证时,会读取/usr/lib/sasl2/smtpd.conf文件的内容以确定所采用的认证方式,所以必须保证/usr/lib/sasl2/smtpd.conf文件的内容是:

pwcheck_method: saslauthd


安装设定dovecot(imap、pop3):

1、确认dovecot是否有安装:

[root@rhel5 ~]# rpm -qa|grep dovecot

dovecot-1.0-1.2.rc15.el5

2、设定用pop3来收取信件:

#vi /etc/dovecot.conf

protocols = pop3   #  imap imaps pop3 pop3s 支持的功能

3、启动并测试:

#service dovecot start

# telnet localhost 110

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

+OK dovecot ready.

user 账号

+OK

pass 密码

+OK Logged in.

[root@rhel5 ~]# chkconfig dovecot on

到这里postfix、Cyrus SASL、dovecot就可以正常工作了。


让postfix支持MailScanner、spamassassin、f-prot

A、安装 F-PROT (F-PROT Antivirus for Linux)

从http://files.f-prot.com/files/linux-x86/fp-linux-ws.rpm下载 f-prot

[root@rhel5 ~]# rpm -ivh fp-linux-ws.rpm

B、安装MailScanner

下载http://www.mailscanner.info/file ... 4.60.8-1.rpm.tar.gz

版本.rpm.tar.gz

(这里可能会少些perl的套件,出现错误讯息!请照着错误讯息要的rpm装完即可!)

# tar zxvf MailScanner-4.60.8-1.rpm.tar.gz

# cd MailScanner-4.60.8-1

# ./install.sh

C、安装spamassassin

1、确认spamassassin是否有安装:

# rpm -qa |grep spam

如没有安装就安装该包

[root@rhel5 Server]# rpm -ivh spamassassin-3.1.7-4.el5.i386.rpm

2建立Mailscanner支持spamassassin所需的目录:

# mkdir /var/spool/MailScanner/spamassassin

# chmod 700 /var/spool/MailScanner/spamassassin

# chown postfix.postfix /var/spool/MailScanner/spamassassin

3、修改spamassassin的设定档local.cf

可到站点http://www.yrex.com/spam/spamconfig.php自动生成local.cf的内容。

# vi /etc/mail/spamassassin/local.cf

# How many hits before a message is considered spam.

required_hits           5.0

# Whether to change the subject of suspected spam

rewrite_subject         1

# Text to prepend to subject if rewrite_subject is used

subject_tag             *****SPAM*****

# Encapsulate spam in an attachment

report_safe             1

# Use terse version of the spam report

use_terse_report        0

# Enable the Bayes system

use_bayes               1

# Enable Bayes auto-learning

auto_learn              1

# Enable or disable network checks

skip_rbl_checks         1

use_razor2              0

use_dcc                 0

use_pyzor               0

# Mail using languages used in these country codes will not be marked

# as being possibly spam in a foreign language.

ok_languages            all

# Mail using locales used in these country codes will not be marked

# as being possibly spam in a foreign language.

ok_locales              all

4、启动spamassassin

# service spamassassin start


MailScanner设定

1修改MailScanner.conf

# vi /etc/MailScanner/MailScanner.conf

Run As User = postfix

Run As Group = postfix

Incoming Queue Dir = /var/spool/postfix/hold

Outgoing Queue Dir = /var/spool/postfix/incoming

MTA = postfix

Virus Scanners = f-prot

Always Include SpamAssassin Report = yes

Use SpamAssassin = yes

Required SpamAssassin Score = 4

SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin

SpamAssassin Install Prefix = /usr/bin

SpamAssassin Local Rules Dir = /etc/MailScanner

2、修改 postfix支持mailscanner

# vi /etc/postfix/main.cf

变更以下的值

header_checks = regexp:/etc/postfix/header_checks

# vi /etc/postfix/header_checks

/^Received:/ HOLD

注意, 在 / 之前不可以有空白!

3、变更目录权限

# chown postfix.postfix /var/spool/MailScanner/incoming

# chown postfix.postfix /var/spool/MailScanner/quarantine

停止postfix执行、启动MailScanner

# service postfix stop

# chkconfig postfix off

# service MailScanner start

设定MailScanner,当MTA = postfix时,会自己启动postfix,如有设定启动postfix的请先将它停掉

4、定期更新病毒定义文件

# crontab -e

0 4 * * * /usr/local/f-prot/tools/check-updates.pl

并将原本在/etc/cron.hourly/update_virus_scanners 删除掉


测试SpamAssassin

发一封邮件带如下内容,接收后,标题应该带有标记:

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

这样,我们就已经搭建起一个基本的邮件系统。