網上看了其它人的,自己編譯了,記錄一下!
Qmail相關
一:軟體說明
netqmail-1.06.tar.gz Qmail主程式
toaster-scripts-0.9.1.tar.gz 腳本程式
ucspi-tcp-0.88.tar.gz 協助啟動和管理的守護程式
vpopmail-5.4.33.tar.gz 以qmail為基礎的虛拟域管理包,其允許在一個IP位址添加多個虛拟域
checkpassword-0.90.tar.gz 認證程式
daemontools-0.76.tar.gz 是inetd和winetd的代替品,用它來監聽qmail-send,qmail-smtpd,qmail-pop3d
vqadmin 通過WEB添加域
qmailadmin 通過WEB管理vpopmail域的極好工具
文檔:lifewithqmail.org
二:安裝說明
0:禁用sendmail
service sendmail stop
chkconfig sendmail off
rpm -e --nodeps sendmail
yum install httpd php php-mysql mysql mysql-server mysql-devel gdbm gdbm-devel openssl openssl-devel stunnel krb5-devel gcc gcc-c++ libtool libtool-devel
1:安裝 Qmail
建立主目錄
mkdir /var/qmail
cd qmailsetup/netqmail-1.06/
添加使用者
cp INSTALL.ids IDS
vi IDS #删除與系統不相關的行.
chmod 700 IDS; ./IDS
或者
groupadd nofiles &&\
useradd -g nofiles -d /var/qmail/alias -s /sbin/nologin -p'*' alias &&\
useradd -g nofiles -d /var/qmail -s /sbin/nologin -p'*' qmaild &&\
useradd -g nofiles -d /var/qmail -s /sbin/nologin -p'*' qmaill &&\
useradd -g nofiles -d /var/qmail -s /sbin/nologin -p'*' qmailp &&\
groupadd qmail &&\
useradd -g qmail -d /var/qmail -s /sbin/nologin -p'*' qmailq &&\
useradd -g qmail -d /var/qmail -s /sbin/nologin -p'*' qmailr &&\
useradd -g qmail -d /var/qmail -s /sbin/nologin -p'*' qmails
--------編譯
make setup check
假如域名是example.com,主機名是dlphin,config-fast 指令行應該這樣寫:
./config-fast dolphin.example.com
ln -s /var/qmail/bin/sendmail /usr/lib/sendmail
ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail
2:安裝 ucspi-tcp
patch < ../netqmail-1.06/other-patches/ucspi-tcp-0.88.errno.patch
make && make setup check
3:安裝 daemontools (注意安裝位置)
mkdir /package; chmod 1755 /package; cd /package
tar xvf daemontools-0.76.tar.gz
cd /package/admin/daemontools-0.76
cd src
patch < /root/qmailsetup/netqmail-1.06/other-patches/daemontools-0.76.errno.patch
cd ..
package/install
檢查svscan是否在運作
ps -ef | grep svscan
4:Qmail啟動腳本
複制相關啟動腳本到相關檔案夾,腳本在附件裡(qmail-conf.tar)
chmod 755 /var/qmail/rc
echo ./Maildir/ > /var/qmail/control/defaultdelivery
chmod 755 /var/qmail/bin/qmailctl
ln -s /var/qmail/bin/qmailctl /usr/bin
5:supervise 腳本
mkdir -p /var/log/qmail/{pop3ds,smtpd,pop3d,smtpds}
chown -R qmaill /var/log/qmail
chmod -R 750 /var/log/qmail
chmod -R 755 /var/qmail/supervise/
cd /var/qmail/supervise; chmod +t *
echo 20 > /var/qmail/control/concurrencyincoming
chmod 644 /var/qmail/control/concurrencyincoming
下面這個連結一定要做
ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /var/qmail/supervise/qmail-pop3d /var/qmail/supervise/qmail-pop3ds /var/qmail/supervise/qmail-smtpds /service
6:建立系統别名(似乎沒必要?)
别名 目的
postmaster RFC 2821 标準要求, 指向郵件系統管理者(也就是你)
mailer-daemon 反彈郵件事實上的标準接收者
root 轉發特權使用者, 根(root)使用者的郵件給系統管理者
abuse 事實上的郵件濫用(垃圾郵件)舉報位址
建立這些系統别名, 取決于你想讓這些郵件發送到哪裡(一個本地使用者或者一個遠端位址)并且适當的建立一個.qmail 檔案集合. 舉個例子, 加入你想讓本地使用者 dave 接收發給系統管理者和郵件管理者的郵件, 就這麼作:
echo dave > /var/qmail/alias/.qmail-root
echo dave > /var/qmail/alias/.qmail-postmaster
ln -s .qmail-postmaster /var/qmail/alias/.qmail-mailer-daemon
ln -s .qmail-postmaster /var/qmail/alias/.qmail-abuse
chmod 644 /var/qmail/alias/.qmail-root /var/qmail/alias/.qmail-postmaster
在 INSTALL.alias 檔案裡面有更詳細的細節.
7:檢查qmail狀态
qmailctl stat
/service/qmail-send: up (pid 13355) 665 seconds
/service/qmail-send/log: up (pid 13356) 665 seconds
/service/qmail-smtpd: up (pid 13357) 665 seconds
/service/qmail-smtpd/log: up (pid 13358) 665 seconds
messages in queue: 0
messages in queue but not yet preprocessed: 0
檢查程序錯誤消息
ps -efl | grep "service errors" | grep -v grep
8:安裝checkpassword
patch < /root/qmailsetup/netqmail-1.06/other-patches/checkpassword-0.90.errno.patch
make; make setup check
測試
Simulate a failed POP login:
# /var/qmail/bin/qmail-popup blah /bin/checkpassword pwd
+OK <...@blah>
user Frodo
+OK
pass Friend
-ERR authorization failed
9:安裝vpopmail
CREATE DATABASE vpopmail;
GRANT SELECT ON vpopmail.* TO vpopmailread@localhost IDENTIFIED BY 'password';
GRANT ALL ON vpopmail.* TO vpopmail@localhost IDENTIFIED BY 'password';
flush privileges;
quit;
添加vpopmail運作使用者群組
groupadd -g 809 vchkpw && useradd -g vchkpw -d /home/vpopmail -s /sbin/nologin -p'*' -u 809 vpopmail
編譯
./configure \
--enable-auth-logging=y --enable-logging=v \
--enable-log-name=vpopmail --enable-auth-module=mysql \
--enable-onchange-script=n \
--enable-sqwebmail-pass=n --enable-many-domains=n \
--enable-passwd=y --disable-clear-passwd \
--enable-tcpserver-file=/etc/tcp.smtp --enable-incdir=/usr/include/mysql \
--enable-libdir=/usr/lib/mysql --enable-libs=mysqlclient \
--enable-ip-alias-domains=y --enable-qmail-ext=y \
--enable-mysql-replication=n --enable-valias=n
可選:--enable-vpopuser=vpopmail --enable-vpopgroup=vchkpw
-----------
如果啟用漫遊
--enable-roaming-users=y
40 * * * * /home/vpopmail/bin/clearopensmtp 2>&1 > /dev/null
支援漫遊使用者的原理是當某個漫遊使用者使用pop3取信以後,則在某斷時間内允許該位址通過郵件伺服器的轉發信件。
make && make install-strip
修改資料庫連接配接
echo "localhost|3306|vpopmail|password|vpopmail">/home/vpopmail/etc/vpopmail.mysql
chmod 640 /home/vpopmail/etc/vpopmail.mysql
chown -R vpopmail.vchkpw /home/vpopmail/etc
建立虛拟域(此處為 test.com)
/home/vpopmail/bin/vadddomain test.com;
/home/vpopmail/bin/vadduser [email protected]; (根據提示設定[email protected]的密碼)
tcp.smtp檔案定義了是否對某個網絡設定RELAYCLIENT環境變量,配置允許連接配接郵件伺服器的網絡
echo '127.0.0.1:allow,RELAYCLIENT=""' > /home/vpopmail/etc/tcp.smtp
cd /home/vpopmail/etc ; tcprules tcp.smtp.cdb tcp.smtp.tmp < tcp.smtp
qmailctl cdb
10:安裝SMTPS
cd /etc/pki/tls/certs
生成證書
make stunnel.pem
cp -rf stunnel.pem /etc/stunnel/
openssl req -new -x509 -nodes -out servercert.pem -days 3650 -keyout servercert.pem
mv servercert.pem /var/qmail/control/
ln -s /var/qmail/control/servercert.pem /var/qmail/control/clientcert.pem
chown -R vpopmail:qmail /var/qmail/control/clientcert.pem /var/qmail/control/servercert.pem
chmod 600 /var/qmail/control/servercert.pem
qmailctl restart
netstat -tnl #現在應該可以監聽995,465了
11: 安裝 Courier-IMAP
./configure --prefix=/usr/local --exec-prefix=/usr/local --with-authvchkpw \ --without-authldap --without-authmysql --disable-root-check --with-ssl \ --with-authchangepwdir=/usr/local/libexec/authlib --with-redhat
make && make check
make install-strip && make install-configure
cp courier-authlib.sysvinit /etc/init.d/courier-authlib
chmod 755 /etc/init.d/courier-authlib &&\
ln -s /etc/init.d/courier-authlib /etc/rc0.d/K30courier-authlib &&\
ln -s /etc/init.d/courier-authlib /etc/rc1.d/K30courier-authlib &&\
ln -s /etc/init.d/courier-authlib /etc/rc2.d/S80courier-authlib &&\
ln -s /etc/init.d/courier-authlib /etc/rc3.d/S80courier-authlib &&\
ln -s /etc/init.d/courier-authlib /etc/rc4.d/S80courier-authlib &&\
ln -s /etc/init.d/courier-authlib /etc/rc5.d/S80courier-authlib &&\
ln -s /etc/init.d/courier-authlib /etc/rc6.d/K30courier-authlib
su vpopmail
chown -R vpopmail:vchkpw courier-imap-4.1.2
這個目錄不能在/root下面,否則權限不夠
exit
建立證書
/usr/local/sbin/mkimapdcert
sed -i 's/@example.com/@test.com/g' /usr/local/etc/imapd.cnf
sed -i '403s/NO/YES/' /usr/local/etc/imapd
開啟MD5驗證
sed -i 's/THREAD=REFERENCES\ SORT\ QUOTA\ IDLE/THREAD=REFERENCES\ SORT\ QUOTA\ IDLE\ AUTH=CRAM-MD5/' /usr/local/etc/imapd
sed -i 's/IMAPDSSLSTART=NO/IMAPDSSLSTART=YES/g' /usr/local/etc/imapd-ssl
sed -i '27s/authuserdb\ authpwd\ authshadow\ authcustom\ authvchkpw\ authpipe/authvchkpw/' /usr/local/etc/authlib/authdaemonrc
cp courier-imap.sysvinit /etc/init.d/courier-imap
chmod 755 /etc/init.d/courier-imap &&\
ln -s /etc/init.d/courier-imap /etc/rc0.d/K30courier-imap &&\
ln -s /etc/init.d/courier-imap /etc/rc1.d/K30courier-imap &&\
ln -s /etc/init.d/courier-imap /etc/rc2.d/S80courier-imap &&\
ln -s /etc/init.d/courier-imap /etc/rc3.d/S80courier-imap &&\
ln -s /etc/init.d/courier-imap /etc/rc4.d/S80courier-imap &&\
ln -s /etc/init.d/courier-imap /etc/rc5.d/S80courier-imap &&\
ln -s /etc/init.d/courier-imap /etc/rc6.d/K30courier-imap
12: 安裝Autorespond
make && make install
13: 安裝ezmlm
make && make setup
14: 安裝Qmailadmin
./configure --enable-cgibindir=/var/www/cgi-bin --enable-htmldir=/var/www/html --enable-ezmlmdir=/usr/local/bin/ezmlm --enable-autoresponder-bin=/usr/bin --enable-modify-quota
make
make install-strip
15:安裝MailDrop
./configure --prefix=/usr/local --exec-prefix=/usr/local --enable-maildrop-uid=root --enable-maildrop-gid=vchkpw --enable-maildirquota
make && make install-strip && make install-man
16:安裝TNEF reader(解開微軟郵件附件用)
./configure && make && make install
17:安裝Clamav
groupadd clamav; useradd -g clamav -d /dev/null -s /sbin/nologin clamav
touch /var/log/freshclam.log
chmod 644 /var/log/freshclam.log
chown clamav:clamav /var/log/freshclam.log
cp freshclam /etc/init.d/freshclam #複制腳本過去,腳本在附件裡
chmod 755 /etc/init.d/freshclam &&\
ln -s /etc/init.d/freshclam /etc/rc0.d/K30freshclam &&\
ln -s /etc/init.d/freshclam /etc/rc1.d/K30freshclam &&\
ln -s /etc/init.d/freshclam /etc/rc2.d/S80freshclam &&\
ln -s /etc/init.d/freshclam /etc/rc3.d/S80freshclam &&\
ln -s /etc/init.d/freshclam /etc/rc4.d/S80freshclam &&\
ln -s /etc/init.d/freshclam /etc/rc5.d/S80freshclam &&\
ln -s /etc/init.d/freshclam /etc/rc6.d/K30freshclam
# add freshclam.log to logrotate
cp freshclam.logrotate /etc/logrotate.d/freshclam #複制腳本過去,腳本在附件裡
# run clamd under daemontools
mkdir -p /var/qmail/supervise/clamd/log
mkdir -p /var/log/{clamd,clamav}
chown clamav.clamav -R /var/log/clamav/
chmod 644 -R /var/log/clamav/
cp clamd.run /var/qmail/supervise/clamd/run #複制腳本過去,腳本在附件裡
cp clamd.log.run /var/qmail/supervise/clamd/log/run #複制腳本過去,腳本在附件裡
chmod 755 /var/qmail/supervise/clamd/run
chmod 755 /var/qmail/supervise/clamd/log/run
# Start clamd and freshclam
ln -s /var/qmail/supervise/clamd /service
/etc/init.d/freshclam start
sed -i 's:^Example:#Example:;s:#DatabaseDirectory\ /var/lib/clamav:DatabaseDirectory\ /var/lib/clamav:;s:#UpdateLogFile\ /var/log/freshclam.log:UpdateLogFile\ /var/log/freshclam.log:;s:#LogSyslog:LogSyslog:;s:#PidFile\ /var/run/freshclam.pid:PidFile\ /var/run/freshclam.pid:' /usr/local/etc/freshclam.conf
sed -i 's:#FixStaleSocket\ yes:FixStaleSocket\ yes:;s:#LocalSocket\ /tmp/clamd.socket:LocalSocket\ /var/clamav/clamd.socket:;s:^Example:#Example:;s:#DatabaseDirectory\ /var/lib/clamav:DatabaseDirectory\ /var/lib/clamav:;s:#LogFile\ /tmp/clamd.log:LogFile\ /var/log/clamav/clamd.log:;s:#LogFileMaxSize\ 2M:LogFileMaxSize\ 2M:;s:#LogTime:LogTime:;s:#PidFile\ /var/run/clamd.pid:PidFile /var/run/clamd.pid:;s:#LogSyslog:LogSyslog:;s:#ScanMail:ScanMail:' /usr/local/etc/clamd.conf
cp clamd /etc/init.d/
chkconfig clamd on
mkdir /var/lib/clamav /var/clamav
chown clamav:clamav /var/lib/clamav
#更新clamscan病毒庫
freshclam --verbose
#把freshclam加入crontab 定時更新病毒庫,自動掃描/home目錄
crontab -e
0 1 * * * freshclam --quiet -l /var/log/freshclam.log
0 6 * * * /usr/local/bin/clamscan --recursive --infected --log=/var/log/clamscan.log /home
18:安裝DSPAM (反垃圾郵件)
./configure --with-dspam-owner=vpopmail --with-dspam-group=vchkpw \
--with-delivery-agent=/usr/local/bin/maildrop \
--enable-daemon --enable-clamav --enable-syslog --enable-preferences-extension \
--enable-long-usernames --enable-domain-scale --enable-virtual-users \
--prefix=/usr/local/dspam --with-dspam-mode=2510 \
--with-storage-driver=mysql_drv --with-mysql-includes=/usr/include/mysql \
--with-mysql-libraries=/usr/lib/mysql --with-logdir=/var/log/dspam/
cd src/tools.mysql_drv
mysql -u root -p -e "create database dspam"
mysql -u root -p -e "grant all on dspam.* to dspam@localhost identified by 'bian'"
cat mysql_objects-4.1.sql | mysql dspam -p
cat virtual_users.sql | mysql dspam -p
vi /usr/local/dspam/etc/dspam.conf #修改或增加
EnablePlusedDetail on
PlusedCharacter -
PlusedUserLowercase on
QuarantineMailbox -quarantine
Trust root
Trust dspam
Trust vpopmail
Tokenizer osb
ImprobabilityDrive on
Preference "signatureLocation=headers"
MySQLServer /var/lib/mysql/mysql.sock
MySQLUser dspam
MySQLPass password
MySQLDb dspam
MySQLCompress true
MySQLReconnect true
MySQLConnectionCache 10
MySQLUIDInSignature on
ServerPID /var/run/dspam.pid
===================================
vi /home/vpopmail/domains/example.com/.qmail-default
|/usr/local/dspam/bin/dspam --user $EXT@$HOST --deliver=innocent,spam --mode=teft --feature=tb=N,no,wh --stdout | /usr/local/bin/maildrop /home/vpopmail/global_mailfilter
vi /home/vpopmail/domains/example.com/.qmail-spam
|/usr/local/dspam/bin/dspam --user $SENDER --mode=teft --class=spam --source=error
chown vpopmail.vchkpw .qmail-spam
#安裝DSPAM WEBGUI
mkdir /var/www/dspam
cp -r webgui/cgi-bin/* /var/www/dspam/
cp -f webgui/htpdocs/* /var/www/dspam
rm -f Makefile* && rm -f templates/Makefile*
chown -R vpopmail:vchkpw /var/www/dspam
cd /var/www/dspam
chmod 444 *.* && chmod 554 *.cgi && chmod 555 templates && chmod 444 templates/*
vi /var/www/dspam/configure.pl
$CONFIG{'DSPAM_ARGS'}
= "--deliver=innocent --class=innocent --source=error --user %CURRENT_USER% -d %u"
改為:
= "--deliver=innocent --class=innocent --feature=wh,no,tb --source=error --user $ENV{'REMOTE_USER'} --stdout | /var/qmail/bin/qmail-inject $ENV{'REMOTE_USER'}";
vi /etc/httpd/conf/httpd.conf
增加:
Listen 88
<VirtualHost *:88>
ServerName dspam.test.com
SuexecUserGroup vpopmail vchkpw
DocumentRoot /var/www/dspam
CustomLog /var/log/httpd/logs/dspam.access combined
ErrorLog /var/log/httpd/logs/dspam.errors
Alias / "/var/www/dspam/"
<Directory "/var/www/dspam/">
DirectoryIndex dspam.cgi
Options +ExecCGI -Includes +Indexes
Addhandler cgi-script .cgi
AuthName "DSPAM LOGIN"
Require valid-user
Order allow,deny
Allow from all
AuthType Basic
AuthUserFile /var/www/dspam/.htpasswd
</Directory>
</VirtualHost>
====================
htpasswd -c /var/www/dspam/.htpasswd [email protected] #添加使用者和密碼
三:測試
1)以上安裝完成後,最好重新開機下伺服器
2)通過指令行測試收發郵件
=====================開始SMTP發信操作==========================
[root@onki control]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 test.com ESMTP
ehlo mail.test.com
250-test.com
250-PIPELINING
250 8BITMIME
mail from:[email protected]
250 ok
rcpt to:[email protected]
data
354 go ahead
this is a test!
.
250 ok 1318501063 qp 7668
quit
221 test.com
Connection closed by foreign host.
======================開始POP3收信操作==========================
[root@onki control]# telnet localhost 110 #telnet登入110端口
+OK <[email protected]>
user [email protected] # 使用者名
+OK
pass mypassword # 登入密碼
stat # 檢視郵箱狀态
+OK 1 240
list # 郵件清單
1 240
top 1 0 # 檢視指定郵件的郵件頭,0表示檢視整個郵件頭,其它正整數表示限制傳回多少行。
Return-Path: <>
Delivered-To: [email protected]
Received: (qmail 7740 invoked from network); 13 Oct 2011 10:24:39 -0000
Received: from localhost (HELO mail.test.com) (127.0.0.1)
by test.com with SMTP; 13 Oct 2011 10:24:39 -0000
retr 1 # 擷取指定郵件
Received: from localhost (HELO mail.onki.cn) (127.0.0.1)
by onki.cn with SMTP; 13 Oct 2011 10:24:39 -0000
dele 1 # 删除第1封郵件
quit # 退出
======================================
openssl s_client -connect localhost:465
測試 telnet localhost 25 差不多
openssl s_client -connect localhost:995
測試 telnet localhost 110 差不多
IMAPS測試
openssl s_client -connect localhost:993
a01 login [email protected] user
a01 OK LOGIN Ok.
a02 list "" *
* LIST (\Marked \HasNoChildren) "." "INBOX"
a02 OK LIST completed
a20 logout
* BYE Courier-IMAP server shutting down
a20 OK LOGOUT completed
closed
IMAP測試
telnet localhost 143
其它和IMAPS一樣
四:其它說明 (網上其它兄弟的,有些沒遇到過)
1:如果在foxmail或其他軟體中,收信正常,發信有錯誤,請把/var/qmail/supervise/qmail-smtpd/run中添加的域名去 掉,然後把/home/vpopmail/etc/tcp.smtp.cdb所有者與組修改為vpopmail.vchkpw即可
2:/home/vpopmail/etc/defaultdomain (foxmail中無法僅使用名稱,而要使用全稱才能取信的功能)
3:關于qmail-pop3d/run與qmail-pop3ds/run中填寫域名的問題,在run中會有'hostname',需要寫入自己的域名,這時候填寫應該把‘’也去掉,
不然會出現類似/home/Maildir之類的錯誤,特别提醒下!
4:給外網發信出現,The server reply: 553 sorry,that domain isn't in my list of allowed rcpthosts錯誤
需要修改/var/qmail/control/rcpthosts檔案,添加相關域名