1、概述1.1、系统目标　　Maildir邮件存储格式　　smtp认证　　邮件地址和系统帐号分开　　多域支持　　web管理帐号、别名、域等资料　　pop3/imap支持webmail支持　　集成mysql数据库　　集成垃圾邮件过滤　　集成防病毒1.2、TODO1.3、系统架构　　+---------------------------------------------------+　　| |　　| 25/25 25/25 110/993 143/995 80/443 |　　| Incoming Outgoing POP3 IMAP WEB-MAIL |　　| /\ /\ /\ /\ /\ |　　| || || || || || |　　| \/ \/ \/ \/ \/ |　　+-------------------+---------------+---------------+　　| Postfix | | Squirrelmail |　　| | +---------------+　　| | Courier-imap |　　| |-------------------------------+　　| | Courier-authlib |　　|-------------------+-------------------------------| 　　| Cyrus-SASL |　　|---------------------------------------------------+　　| MySQL |　　+---------------------------------------------------+2、软件包的安装sarge:#apt-get install postfix postfix-tls postfix-mysql libsasl2 libsasl2-modules libsasl2-modules-sql courier-base courier-pop courier-imap courier-authdaemon courier-authmysql mysql-server-4.1 mysql-client-4.1 apache php4 php4-mysql squirrelmail squirrelmail-locales php4-pear imapproxy3、配置3.1、apache修改/etc/apache/httpd.conf加入PHP4支持# And for PHP 4.x, use:#AddType application/x-httpd-php .phpAddType application/x-httpd-php-source .phpssarge:#/etc/init.d/apache restart #重启apachesarge:#l# netstat -ln|grep 80tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN3.2、mysqlsarge:#wget http://high5.net/page7_files/postfixadmin-2.1.0.tgzsarge:#tar zxvf postfixadmin-2.1.0.tgz -C /var/www/sarge:#ln -s /var/www/postfixadmin-2.1.0 /var/www/postfixsarge:#mysql < /var/www/postfix/DATABASE_MYSQL.TXT 　 sarge:#cp /var/www/postfix/config.inc.php.sample /var/www/postfix/config.inc.php可以修改config.inc.php中的相关参数以符合你的需求,这里在mysql里存放密码用明方式，$CONF['encrypt'] = 'cleartext';用浏览器打开http://sargeIP/postfix/ 点setup，一般情况下不会有什么问题。按照提示，删除setup.php文件sarge:#rm /var/www/postfix/setup.phpsarge:#/etc/init.d/mysql restartsarge:# netstat -ln|grep 3306tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTENsarge# mysqlWelcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 245 to server version: 4.1.11-Debian_4sarge7-logType 'help;' or '\h' for help. Type '\c' to clear the buffer.mysql> grant select,insert,update,delete,create,drop on postfix.* to 'postfix'@'127.0.0.1' IDENTIFIED BY 'postfix';Query OK, 0 rows affected (0.00 sec)mysql>添加postfix帐户，密码为postfix,实际应用时更改成一个合理的密码，该用户只能从127.0.0.1连接mysql服务器。　3.3、postfix修改/etc/postfix/main.cf,添加下面的内容#=============sasl2====================#smtpd_sasl_auth_enable = yessmtpd_sasl_application_name = smtpdbroken_sasl_auth_clients = yessmtpd_sasl_local_domain = test.comsmtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains, reject_unauth_destinationsmtpd_sasl_security_options = noanonymoussmtpd_client_restrictions = permit_sasl_authenticated,reject_invalid_hostname,# reject_non_fqdn_hostname,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_sender_domain,reject_unknown_recipient_domain,permit_mynetworks,reject_unauth_destination,reject_rbl_client relays.ordb.org,reject_rbl_client list.dsbl.org,reject_rbl_client sbl.spamhaus.org,reject_rbl_client cbl.abuseat.org,reject_rbl_client dul.dnsbl.sorbs.net,permitsmtpd_data_restrictions =reject_unauth_pipelining,permit#=================mysql================#virtual_transport = virtualvirtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql_mailbox_domains.cfvirtual_mailbox_base = /var/mailbox/virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql_mailbox_maps.cfvirtual_minimum_uid = 33virtual_uid_maps = static:33virtual_gid_maps = static:33virtual_alias_maps = mysql:/etc/postfix/mysql/mysql_alias_maps.cfmydestination = $myhostname, localhost.$mydomain, localhostrelayhost =mailbox_command = procmail -a "$EXTENSION"mailbox_size_limit = 0recipient_delimiter = +sarge:#mkdir /etc/postfix/mysqlsarge:#vi /etc/postfix/mysql/mysql_mailbox_domains.cfhosts = 127.0.0.1user = postfixpassword = postfixdbname = postfixtable = domainselect_field = domainwhere_field = domainadditional_conditions = and active='1'sarge:#vi /etc/postfix/mysql/mysql_mailbox_maps.cfhosts = 127.0.0.1user = postfixpassword = postfixdbname = postfixtable = mailboxselect_field = maildirwhere_field = usernameadditional_conditions = and active='1'sarge:#vi /etc/postfix/mysql/mysql_alias_maps.cfhosts = 127.0.0.1user = postfixpassword = postfixdbname = postfixtable = aliasselect_field = gotowhere_field = addressadditional_conditions = and active='1'sarge:#vi /etc/postfix/sasl/smtpd.confpwcheck_method: auxpropmech_list: plain login digest-md5 cram-md5auxprop_plugin: sqlsql_engine: mysqlsql_hostnames: 127.0.0.1sql_user: postfixsql_passwd: postfixsql_database: postfixsql_select: SELECT password FROM mailbox WHERE username='%u@%r' and domain='%r'and active='1'关于smtpd.conf 更多的参数可参见http://www.clusting.com/cyrus/SASL/doc/options.htmlsarge:#/etc/init.d/postfix restartsarge:# netstat -ln|grep 25tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTENtcp6 0 0 :::25 :::* LISTENunix 2 [ ACC ] STREAM LISTENING 14125 private/relay打开http://sarge_ip/postfix,对postfixadmin做一番初始化后添加一个域：test.com #实际应用添加你实际的域名添加一个帐户：[email protected] #密码是admin,实际应用时，密码不要和用户名重复。sarge:#mkdir /var/mailbox #邮件帐户存放邮件的地方sarge:#chown -R 33:33 /var/mailbox #apache的运行帐户，这里要和main.cf和apache 设定一致。sarge:#telnet 127.0.0.1 25Trying 127.0.0.1...Connected to 127.0.0.1.Escape character is '^]'.220 sarge ESMTP Postfix (Debian/GNU)ehlo sarge250-sarge250-PIPELINING250-SIZE 10240000250-VRFY250-ETRN250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5250-AUTH=LOGIN PLAIN DIGEST-MD5 CRAM-MD5250 8BITMIMEmail from:"This is a test mail!"<[email protected]>250 Okrcpt to:<[email protected]>250 Okdata354 End data with <CR><LF>.<CR><LF>This is a test mail..250 Ok: queued as 39578C143quit221 ByeConnection closed by foreign host.现在就应该有/var/mailbox/[email protected]/这个目录了sarge:#more /var/mailbox/[email protected]/new/1170923510.V802I40b7.sargeReturn-Path: <[email protected]>X-Original-To: [email protected]: [email protected]: from sarge (localhost.localdomain [127.0.0.1])by sarge (Postfix) with ESMTP id 39578C143for <[email protected]>; Thu, 8 Feb 2007 16:27:16 +0800 (CST)Message-Id: <20070208082716.39578C143@sarge>Date: Thu, 8 Feb 2007 16:27:16 +0800 (CST)From: [email protected]: undisclosed-recipients:;This is a test mail.3.4、couriersarge:#vi /etc/courier/authdaemonrc最主要是下面这个参数authmodulelist="authmysql"sarge:#vi /etc/courier/authmysqlrc内容为MYSQL_SERVER 127.0.0.1MYSQL_SOCKET /var/run/mysqld/mysqld.sockMYSQL_USERNAME postfixMYSQL_PASSWORD postfixMYSQL_DATABASE postfixMYSQL_USER_TABLE mailboxMYSQL_LOGIN_FIELD usernameMYSQL_CLEAR_PWFIELD password#MYSQL_CRYPT_PWFIELD passwordMYSQL_UID_FIELD '33'MYSQL_GID_FIELD '33'MYSQL_HOME_FIELD '/var/mailbox/'MYSQL_MAILDIR_FIELD maildir#MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(username,'@',-1),'/',SUBSTRING_INDEX(username,'@',1),'/')MYSQL_NAME_FIELD nameMYSQL_QUOTA_FIELD quotaMYSQL_WHERE_CLAUSE active='1'sarge:#/etc/init.d/courier-authdaemon restartsarge:#/etc/init.d/courier-imap restartsarge:#/etc/init.d/courier-pop restart注意MYSQL_CLEAR_PWFIELD password 用明文方式去抓mysql中的用户密码，和postfixadmin的config.inc.php中的设置一致。重点注意：如果想在mysql中存放的用户为md5crypt方式，而不是明文，那么postfixadmin的config.inc.php 中的参数要改回$CONF['encrypt'] = 'md5crypt';authmysqlrc配置文件中的MYSQL_CLEAR_PWFIELD password要换成MYSQL_CRYPT_PWFIELD password,先前建立好的帐户必须更新密码。smtpd.conf中添加password_format: crypt 。尽管这样，imap和pop3认证可以通过，smtp发信时，smtp服务器不能通过，需要给cyrus-sasl打个patch。相关资料请参考http://blog.matroid.org/display/26smtp服务，除了上文使用的认证方式之外，常用的还有saslauthd and PAM。3.5、mailscannersarge:#wget http://www.mailscanner.info/files/4/tar/MailScanner-install-4.54.6-1.tar.gzsarge:#wget http://www.mailscanner.info/files/4/install-Clam-SA.tar.gz #ClamAV 0.88.2 and SpamAssassin 3.1.3 easy installation packagesarge:#tar zxvf MailScanner-install-4.54.6-1.tar.gz -C /tmpsarge:#cd /tmp/MailScanner-install-4.54.6-1/sarge:#./install.shsarge:#export EDITOR=vi #默认编辑器使用vi,也可以直接写入/etc/profile or $HOME/.profile,然后source /etc/profile or source $HOME/.profilesarge:#crontab -e 37 5 * * * /opt/MailScanner/bin/update_phishing_sites58 23 * * * /opt/MailScanner/bin/clean.quarantine42 * * * * /opt/MailScanner/bin/update_virus_scanners3,23,43 * * * * /opt/MailScanner/bin/check_mailscannersarge:#tar zxvf install-Clam-SA.tar.gz -C /tmpsarge:#cd /tmp/install-Clam-SAsarge:#./install.sh #安装clamav and SpamAssassin修改/opt/MailScanner/etc/MailScanner.conf：Run As User = postfixRun As Group = postfixIncoming Queue Dir = /var/spool/postfix/holdOutgoing Queue Dir = /var/spool/postfix/incomingMTA = postfixVirus Scanners = clamavUse SpamAssassin = yessarge:#chown postfix:postfix /var/spool/MailScanner/incomingsarge:#chown postfix:postfix /var/spool/MailScanner/quarantine修改/etc/postfix/main.cf:#=============mailscanner===============#header_checks = regexp:/etc/postfix/header_checks新建/etc/postfix/header_checks:/^Received:/ HOLDsarge:#vi /etc/init.d/MailScannercase $1 instart)/opt/MailScanner/bin/check_mailscanner[ $? -eq 0 ] && echo "mailscanner start successful";;stop);;esacsarge:#ln -s /etc/init.d/MailScanner /etc/rc2.d/S19MailScannersarge:#ln -s /etc/init.d/MailScanner /etc/rc3.d/S19MailScannersarge:#ln -s /etc/init.d/MailScanner /etc/rc4.d/S19MailScannersarge:#ln -s /etc/init.d/MailScanner /etc/rc5.d/S19MailScannersarge:#ln -s /etc/init.d/MailScanner /etc/rc0.d/K81MailScannersarge:#ln -s /etc/init.d/MailScanner /etc/rc1.d/K81MailScanner sarge:#ln -s /etc/init.d/MailScanner /etc/rc6.d/K81MailScannersarge:#/etc/init.d/postfix restartsarge:#/etc/init.d/MailScanner start3.6、webmailsarge:#/usr/sbin/squirrelmail-configure #根据你的具体情况配置一下sarge:#ln -s /usr/share/squirrelmail /var/www/webmail