二:配置文档说明
0. dns的配置见dns实战文档
1.apache2_php5_mysql5配置见lamp实战文档
2.涉及配置主要文件列表
cyrus-sasl:
/etc/sysconfig/saslauthd
/usr/lib/sasl2/smtpd.conf
/etc/pam.d/smtpd
dovecot:
/etc/dovecot.conf
/etc/dovecot-sql.conf
spamassassin:
/etc/mail/local.cf
clamav:
/etc/clamd.conf
amavisd-new:
/etc/amavisd.conf
postfix:
/etc/postfix/mast.cf
/etc/postfix/main.cf
/etc/postfix/mynetworks
/etc/postfix/filter_recipient_domains(可选)
/etc/postfix/mysql_relay_domains_maps.cf
/etc/postfix/mysql_virtual_alias_maps.cf
/etc/postfix/mysql_virtual_domains_maps.cf
/etc/postfix/mysql_virtual_mailbox_maps.cf
/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
____________________________________________________________________
三:具体配置文件内容及说明
0.配置cyrus-sasl
a. # vi /etc/sysconfig/saslauthd 内容如下:
#**************************************************
SOCKETDIR=/var/run/saslauthd
MECH=pam
FLAGS="r"
#**************************************************
b. # vi /usr/lib/sasl2/smtpd.conf内容如下:
#**************************************************
pwcheck_method:saslauthd
#**************************************************
c. # vi/etc/pam.d/smtpd 内容如下:
注意只有auth和account俩行,crypt=3为md5加密方式
这里特别提醒,name字段值一定要是mkdir字段的@前半部分
这里就要求在postfixadmin增加用户邮箱时注意的问题。
#**************************************************
#%PAM-1.0
auth sufficient pam_mysql.so verbose=0 user=postfix passwd=123456 host=localhost db=postfix table=mailbox usercolumn=name passwdcolumn=password crypt=3
account required pam_mysql.so verbose=0 user=postfix passwd=12345 host=localhost db=postfix table=mailbox usercolumn=name passwdcolumn=password crypt=3
#**************************************************
调试时候内容如下,需要为pam_mysql建立logtable表
注意只有auth和account俩行,crypt=3为md5加密方式
#**************************************************
#%PAM-1.0
auth sufficient pam_mysql.so verbose=1 user=postfix passwd=123456 host=localhost db=postfix table=mailbox usercolumn=name passwdcolumn=password crypt=3 logtable=logtable logmsgcolumn=logmsgcolumn logusercolumn=logusercolumn logpidcolumn=logpidcolumn loghostcolumn=loghostcolumn logrhostcolumn=logrhostcolumn logtimecolumn=logtimecolumn sqllog=true
account required pam_mysql.so verbose=1 user=postfix passwd=12345 host=localhost db=postfix table=mailbox usercolumn=name passwdcolumn=password crypt=3 logtable=logtable logmsgcolumn=logmsgcolumn logusercolumn=logusercolumn logpidcolumn=logpidcolumn loghostcolumn=loghostcolumn logrhostcolumn=logrhostcolumn logtimecolumn=logtimecolumn sqllog=true
#**************************************************
_________________________________________
隐藏重要步骤,需要联系。
———————————————————————
2.spamassassin:
/etc/mail/local.cf 内容如下:
可以通过web页面http://www.yrex.com/spam/spamconfig.php配置生成。
#****************************************************************
# SpamAssassin config file for version 3.x
# NOTE: NOT COMPATIBLE WITH VERSIONS 2.5 or 2.6
# See http://www.yrex.com/spam/spamconfig25.php for earlier versions
# Generated by http://www.yrex.com/spam/spamconfig.php (version 1.50)
# How many hits before a message is considered spam.
required_score 5.0
# Change the subject of suspected spam
rewrite_header subject *****SPAM*****
# Encapsulate spam in an attachment (0=no, 1=yes, 2=safe)
report_safe 1
# Enable the Bayes system
use_bayes 1
# Enable Bayes auto-learning
bayes_auto_learn 1
# Enable or disable network checks
skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 1
# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_languages all
# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales all
# Disabled scores. chinese subtitle or context problem
# 以下是防止中文内容误判增加的配置
score HEADER_8BITS 0
score HTML_COMMENT_8BITS 0
score SUBJ_FULL_OF_8BITS 0
score UPPERCASE_25_50 0
score UPPERCASE_50_75 0
score UPPERCASE_75_100 0
#******************************************************************
3.clamav:
/etc/clamd.conf 内容如下:
#******************************************************************
# 指定日志文件
LogFile /var/log/clamav/clamd.log
LogSyslog yes
LogFacility LOG_MAIL
# 开启调试日志,方便调试
LogVerbose yes
# 指定进程文件路径
PidFile /var/run/clamd.pid
# 指定病毒库路径,记得DatabaseDirectory指定目录下有daily.inc目录,
# 指定错误会报错:找不到daily.inc目录
DatabaseDirectory /usr/local/share/clamav/
# 指定clamd.socket路径
LocalSocket /var/run/clamd.socket
#******************************************************************
4.amavisd-new:
# vi /etc/amavisd.conf 以下是*部分*修改的地方,其他均为默认配置
#******************************************************************
# 使用clamav用户和组启动amavis
$daemon_user = 'clamav';
$daemon_group = 'clamav';
# 域名,这里为xiutuo.com
$mydomain = 'xiutuo.com';
# 指定amavis的主目录
$MYHOME = '/var/amavis';
$TEMPBASE = "$MYHOME/tmp";
$ENV{TMPDIR} = $TEMPBASE;
# 指定amavis的病毒隔离目录
$QUARANTINEDIR = '/var/virusmails'
# 指定bdb nanny/cache/snmp 库目录
$db_home = "$MYHOME/db";
# 指定为SpamAssassin工作目录
$helpers_home = "$MYHOME/var";
# 指定lock_file路径
$lock_file = "$MYHOME/var/amavisd.lock";
# 指定pid_file路径
$pid_file = "$MYHOME/var/amavisd.pid"
# 修改192.168.0.0/16为192.168.1.0/24
@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
10.0.0.0/8 172.16.0.0/12 192.168.1.0/24);
# 下面这句很重要,为外来连接设置的端口
# Configuring amavisd-new for incoming connections
$inet_socket_port = 10024;
# 主机名(全域名称)
# 设置通知admin邮箱,一旦用户发送病毒或者spam邮件可以通知的邮箱
$myhostname = 'xt.xiutuo.com';
$virus_admin = "xt\@$mydomain"; # notifications recip.
$mailfrom_notify_admin = "xt\@$mydomain"; # notifications sender
$mailfrom_notify_recip = "xt\@$mydomain"; # notifications sender
$mailfrom_notify_spamadmin = "xt\@$mydomain"; # notifications sender
# 下面俩句很重要, 转发端口配置
# Configuring the reinjection path
$notify_method = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter!
# 以下四个根据需要调成D_DISCARD或D_BOUNCE或D_REJECT或D_PASS
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_BOUNCE;
$final_spam_destiny = D_BOUNCE;
$final_bad_header_destiny = D_PASS;
$bad_header_quarantine_method = undef;
# 开启clamav杀毒功能,注意clamav的socket文件路径/var/run/clamd.socket,
# 一定要跟clamd.conf配置的一致
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamd.socket"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
#******************************************************************
5.postfix:
a. # vi /etc/postfix/mast.cf内容如下
#******************************************************************
# smtp定义,默认已有
smtp inet n - n - - smtpd
# 以下均默认配置
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
# 定义使用dovecot为lda(mta)
dovecot unix - n n - - pipe
flags=DRhu user=postfix:postfix argv=/usr/local/libexec/dovecot/deliver -d ${recipient}
# amavis-new和postfix整合的配置,配置成dedicated lmtp-client模式
smtp-amavis unix - - n - 2 lmtp
-o lmtp_data_done_timeout=1200
-o lmtp_send_xforward_command=yes
# amavis-new和postfix整合的配置
# Configuring a dedicated SMTP-server for message reinjection
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
#******************************************************************
b. # vi /etc/postfix/main.cf 内容如下
#******************************************************************
# 以下四项是编译安装时候自动配置路径参数
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
# 指定主机名(也就是全域名称)
myhostname = xt.xiutuo.com
# 指定域名
mydomain = xiutuo.com
myorigin = $myhostname
myorigin = $mydomain
# 指定postfix使用的网络接口,这里选择所有网络接口
inet_interfaces = all
unknown_local_recipient_reject_code = 550
# 指定本地网络,postfix本地网络发送邮件可以不使用认证,
# 但是需要配置本地网络地址,这里采用mynetworks文件来配置
mynetworks = $config_directory/mynetworks
# 指定relay_domains,通过mysql数据库
relay_domains = mysql:$config_directory/mysql_relay_domains_maps.cf
address_verify_map = btree:/var/spool/postfix/address_verify
# 记得去掉默认配置后面的nis项,否则出错:postfix NIS name do not set
alias_maps = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
# 指定postfix程序路径,这里sendmail其实是postfix的一个连接文件
sendmail_path = /usr/sbin/sendmail
# 指定newaliases程序路径
newaliases_path = /usr/bin/newaliases
# 指定mailq程序路径
mailq_path = /usr/bin/mailq
setgid_group = postdrop
# 以下几项是默认安装相关参数
# 不使用帮助的html文件
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /etc/postfix
local_recipient_maps = $virtual_mailbox_maps
readme_directory = no
#
#------------------------virtual configure-----------------------
# 虚拟域和用户配置相关参数
virtual_mailbox_domains = mysql:$config_directory/mysql_virtual_domains_maps.cf
virtual_mailbox_base = /var/vmail
virtual_mailbox_maps = mysql:$config_directory/mysql_virtual_mailbox_maps.cf
virtual_alias_maps = mysql:$config_directory/mysql_virtual_alias_maps.cf
virtual_minimum_uid = 500
# 这里就是虚拟用户映射的真实用户postfix和组postfix,postfix的uid和gid都是12345
virtual_uid_maps = static:12345
virtual_gid_maps = static:12345
# 使用dovecot作为本地投递代理mta(或者叫lda)
virtual_transport = dovecot
#
#---------------------end virtual configure---------------------
#
# 这里采用cyrus-sasl-auth,所以注释dovecot-sasl-auth配置行
#---------------------dovecot-sasl-auth configure---------------
#dovecot_destination_recipient_limit = 1
#
# 启用sasl验证
#smtpd_sasl_auth_enable = yes
# 指定sasl验证方式为dovcecot-sasl-auth
#smtpd_sasl_type = dovecot
#smtpd_sasl_authenticated_header = yes
#smtpd_sasl_security_options = noanonymous
# 邮件客户端用户验证
#smtp_sasl_password_maps = mysql:$config_directory/mysql_virtual_mailbox_maps.cf
#smtpd_sasl_path = /var/spool/postfix/private/auth
#broken_sasl_auth_clients = yes
#
#------------------end dovecot-sasl-auth configure--------------
#
#---------------------cyrus-sasl-auth configure-----------------
# 启用sasl验证
smtpd_sasl_auth_enable = yes
# 指定sasl验证方式为cyrus-sasl-auth
smtpd_sasl_type = cyrus
# 这个就是对应cyrus-sasl配置文件/usr/lib/sasl2/smtpd.conf和/etc/pam.d/smtpd
# 如果smtpd_sasl_path = smtp,就对应/usr/lib/sasl2/smtp.conf和/etc/pam.d/smtp了。
# 如果cyrus-sasl是源码安装,请找对应路径。
smtpd_sasl_path = smtpd
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
#broken_sasl_auth_clients = yes
#
#------------------end cyrus-sasl-auth configure--------------
smtpd_helo_required = yes
disable_vrfy_command = yes
non_fqdn_reject_code = 450
invalid_hostname_reject_code = 450
maps_rbl_reject_code = 450
# 收信规则
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
permit_tls_clientcerts,
reject_unauth_destination,
reject_invalid_helo_hostname,
warn_if_reject reject_non_fqdn_helo_hostname,
warn_if_reject reject_unknown_helo_hostname,
warn_if_reject reject_unknown_client,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
warn_if_reject reject_unverified_sender,
reject_unverified_recipient,
check_helo_access cidr:$config_directory/mynetworks.deny,
check_helo_access cidr:$config_directory/reserved_ip.deny,
check_sender_mx_access cidr:$config_directory/reserved_ip.deny,
check_recipient_access hash:/etc/postfix/filter_recipient_domains
reject_rbl_client cbl.abuseat.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client opm.blitzed.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net=127.0.0.2,
reject_rbl_client dnsbl.sorbs.net=127.0.0.3,
reject_rbl_client dnsbl.sorbs.net=127.0.0.4,
reject_rbl_client dnsbl.sorbs.net=127.0.0.5,
reject_rbl_client dnsbl.sorbs.net=127.0.0.7,
reject_rbl_client dnsbl.sorbs.net=127.0.0.9,
reject_rbl_client dnsbl.sorbs.net=127.0.0.11,
reject_rbl_client dnsbl.sorbs.net=127.0.0.12,
warn_if_reject reject_rhsbl_sender dsn.rfc-ignorant.org,
warn_if_reject reject_rhsbl_sender abuse.rfc-ignorant.org,
warn_if_reject reject_rhsbl_sender whois.rfc-ignorant.org,
warn_if_reject reject_rhsbl_sender bogusmx.rfc-ignorant.org,
warn_if_reject reject_rhsbl_sender postmaster.rfc-ignorant.org,
permit
smtpd_data_restrictions =
reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit
# clamav过滤规则设置
content_filter=smtp-amavis:[127.0.0.1]:10024
#******************************************************************
c. # vi /etc/postfix/mynetworks 内容如下
这里我本地网络是192.168.1.0/24 和本地环回(默认配置)
**当测试sasl认证的时候,请去除192.168.1.0/24,切记。
#******************************************************************
127.0.0.0/8
192.168.1.0/24
#******************************************************************
d. # vi /etc/postfix/filter_recipient_domains 可选
格式是一个域名字段:如
xiutuo.com
然后生成filter_recipient_domains.db文件
# postmap /etc/postfix/filter_recipient_domains
e. # vi /etc/postfix/mysql_relay_domains_maps.cf 内容如下
#******************************************************************
user = postfix
password = 123456
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '1'
#******************************************************************
f. # vi /etc/postfix/mysql_virtual_alias_maps.cf 内容如下
#******************************************************************
user = postfix
password = 123456
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'
#******************************************************************
g. # vi /etc/postfix/mysql_virtual_domains_maps.cf 内容如下
#******************************************************************
user = postfix
password = 123456
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1'
#******************************************************************
h. # vi /etc/postfix/mysql_virtual_mailbox_maps.cf 内容如下
#******************************************************************
user = postfix
password = 123456
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'
#******************************************************************
j. # vi /etc/postfix/mysql_virtual_mailbox_limit_maps.cf 内容如下
#******************************************************************
user = postfix
password = 123456
dbname = postfix
query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'
#******************************************************************
————————————————————————————————————
淘宝购买此方案 
