安裝 Mail Server 程序 [Jonathan's Wiki 筆記]

本頁是唯讀的，您可以看到原始碼，但不能更動它。您如果覺得它不應被鎖上，請詢問管理員。
====== 安裝 Mail Server 程序 =====
<note>
  * 目前我已經改用 iRedMail 來當郵件主機
  * 請參考 - [[tech/iredmail]]
</note>

<style box float-left>
**相關頁面:**
----
  * [[tech/mail]]
  * [[tech/install_spf_dkim]]
</quote>

===== - 先設定 hosts =====
<code sh>
vi /etc/hosts
</code><file>
:
127.0.0.1               e-plast-mail mail.e-plast.com.tw localhost
:
</file>

===== - 安裝基本郵件系統元件 =====
CentOS 內之預設版本:
<quote>
  * sendmail-8.13.1-3.2.el4
  * dovecot-0.99.11-8.EL4
  * cyrus-sasl-2.1.19-14
  * cyrus-sasl-devel-2.1.19-14
  * cyrus-sasl-plain-2.1.19-14
  * cyrus-sasl-md5-2.1.19-14
  * perl-5.8.5-36.RHEL4
  * spamassassin-3.1.9-1.el4
</quote>
++++詳細安裝程序|
<file>
su - root
yum install sendmail sendmail-cf dovecot cyrus-sasl cyrus-sasl-devel cyrus-sasl-plain cyrus-sasl-md5 perl spamassassin
</file>
++++


==== - cyrus-sasl ====
++++cyrus-sasl 設定程序|
<note>
  * CentOS 6
    * 更改 /etc/sasl2/Sendmail.conf
  * CentOS 5
    * 64 bits 環境就更改 /usr/**lib64**/sasl2/Sendmail.conf
    * 32 bits 環境就更改 /usr/**lib**/sasl2/Sendmail.conf
</note>
<code|h vi /usr/lib64/sasl2/Sendmail.conf>
log_level: 3
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN 
</code>
<file>
chkconfig saslauthd on
service saslauthd restart
</file>
++++

==== - sendmail ====
++++sendmail 設定程序|
<code|h vi /etc/mail/sendmail.mc>
:
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
:
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
:
</code>
<note>
在 TRUST_AUTH_MECH 處要去掉前面 **dnl** 否則還是不會有 smtp 認證的設定功能
</note>
<file>
cd /etc/mail
mv sendmail.cf sendmail.cf.back1
m4 sendmail.mc > sendmail.cf
</file>
++++
++++加入接受的 Domain Name|
<code|h vi /etc/mail/local-host-names>
# local-host-names - include all aliases for your machine here.
ichiayi.com
mail.ichiayi.com
corp.ichiayi.com
server.ichiayi.com
trysoft.tw
mail.trysoft.tw
xdsl.uimt.com
</code>
++++
++++編輯信任 IP 定義|
<code|h vi /etc/mail/access>
:
localhost.localdomain           RELAY
localhost                       RELAY
127.0.0.1                       RELAY
61.67.71.91                     RELAY
:
</code>
++++
++++編輯 Aliases 定義|
<code|h vi /etc/aliases>
:
# Person who should get root's mail
root:           tryweb@ichiayi.com

# Other persons aliases
jonathan:       jtsai
photo:          tryweb
backup:         tryweb

# Mail List
# G2B2C Mail List
boxteam:        :include: /etc/mail/boxteam.txt
moeateam:       :include: /etc/mail/moeateam.txt
</code>
<file>
newaliases
</file>
++++
  * 與 sendmail 相關設定全部定義好後重新啟動 sendmail
<file>
service sendmail restart
</file>
++++確認是否設定正確 smtp 寄信具有身份認證功能簡單檢測方式:|

  - 輸入 **telnet localhost 25**<file>
[root@centos5 mail]# telnet localhost 25
Trying 127.0.0.1...
Connected to vm-mail.ichiayi.com (127.0.0.1).
Escape character is '^]'.
220 vm-mail.ichiayi.com ESMTP Sendmail 8.13.8/8.13.8; Fri, 14 Mar 2008 07:12:12 +0800
</file>
  - 輸入 smtp 命令 **ehlo localhost**<file>
250-vm-mail.ichiayi.com Hello centos5 [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
</file>
  - 這時如果沒有出現 **AUTH LOGIN PLAIN** 那就是設定有問題，可能是 sendmail.mc 內的 TRUST_AUTH_MECH 定義前面 dnl 沒拿掉的問題
  - 最後透過 **quit** 離開 smtp 互動模式<file>
quit
221 2.0.0 vm-mail.ichiayi.com closing connection
Connection closed by foreign host.
[root@centos5 mail]#
</file>
++++

==== dovecot 設定程序 ====
  * CentOS 5 <code|h vi /etc/dovecot.conf>
:
protocols = imap pop3
:
</code><file>
chkconfig dovecot on
service dovecot restart
</file>
  * CentOS 6 <code|h vi /etc/dovecot/dovecot.conf>
:
protocols = imap pop3
:
!include_try /etc/dovecot/local.conf
</code><code|h vi /etc/dovecot/local.conf>
mail_privileged_group = mail
</code><code|h vi /etc/dovecot/conf.d/10-auth.conf>
:
disable_plaintext_auth = no
:
</code><code|h vi /etc/dovecot/conf.d/10-mail.conf>
:
mail_location = mbox:~/mail:INBOX=/var/mail/%u
:
</code>
  * 設定 imaps/pop3s
    * 建立 SSL 加密所需要憑證<code sh>

</code>
===== - 安裝防毒過濾系統  clamav =====

  * http://heanet.dl.sourceforge.net/sourceforge/clamav/
<code sh>
yum install clamav clamd
service clamd start
chkconfig clamd on
</code>
++++詳細 Source 下載安裝程序|
<file>
su - root
yum install zlib zlib-devel
cd MailSource
wget http://heanet.dl.sourceforge.net/sourceforge/clamav/clamav-0.94.tar.gz
tar -zxvf clamav-0.94.tar.gz
cd clamav-0.94
useradd clamav
./configure
make
make install
</file>
安裝前要先建立 clamav 的帳號與群組, 如果 zlib 版本低於 1.2.2 則需要加上 --disable-zlib-vcheck 參數
++++
===== - 安裝 MailScanner =====
  * https://www.mailscanner.info/downloads/
++++詳細安裝程序|
<file>
su - root
yum install rpm-build binutils glibc-devel gcc make
mkdir -p /root/MailSource
cd /root/MailSource
wget https://s3.amazonaws.com/msv5/release/MailScanner-5.0.3-7.rhel.tar.gz
tar -zxvf MailScanner-5.0.3-7.rhel.tar.gz
cd MailScanner-5.0.3-7
./install.sh
</file>

++++
==== - 設定 MailScanner 定義檔 ====
  * 新安裝編輯 /etc/MailScanner/MailScanner.conf
++++vi /etc/MailScanner/MailScanner.conf|
<file>
:
%org-name% = Trysoft
:
%org-long-name% = Trysoft Corp.
:
%web-site% = www.ichiayi.com
:
Virus Scanners = auto
:
Sign Clean Messages = no
:
Spam Subject Text = [*Trysoft-SPAM*]
:
High Scoring Spam Subject Text = [*Trysoft-SPAM*]
:
Send Notices = no
:
Spam List = SBL+XBL spamhaus-PBL CBL DSBL spamhaus-ZEN  # You can un-comment this to enable them
:
Is Definitely Spam = %rules-dir%/spam.blacklist.rules
:
Spam Actions = store
:
High Scoring Spam Actions = store
:
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
:
SpamAssassin Install Prefix = /usr
:
</file>
++++
  * 升級的自動調整設定方式
++++upgrade_MailScanner_conf|
<file>
cd /etc/MailScanner
upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > MailScanner.new
mv -f MailScanner.conf MailScanner.old
mv -f MailScanner.new  MailScanner.conf
</file>
++++
==== - 設定 sendmail 與 MailScanner 啟動方式 ====
  * 設定 sendmail + MailScanner 啟動方式<file>
service sendmail stop
chkconfig sendmail off
chkconfig MailScanner on
service MailScanner start
</file>

  * 當出現 MailScanner: No programs allowed (msg-xxxxx-xxx.txt) 的誤判病毒問題, 可以直接改 /etc/MailScanner/filetype.rules.conf 內容後, 重新啟動 MailScanner 解決<code sh>
vi /etc/MailScanner/filetype.rules.conf
</code><file>
:
deny    self-extract    No self-extracting archives     No self-extracting archives allowed
#deny   executable      No executables          No programs allowed
#EXAMPLE: deny  -       x-dosexec       No DOS executables      No DOS programs allowed
#deny   ELF             No executables          No programs allowed
deny    Registry        No Windows Registry entries     No Windows Registry files allowed

#deny   MPEG            No MPEG movies          No MPEG movies allowed
:
</file><code sh>
service MailScanner restart
</code>

=== 參考網址資料 ===
  * http://phorum.study-area.org/index.php/topic,50001.0.html
  * http://i-yow.blogspot.com/2008/07/part-2mailscannerclamavspamassassin.html

{{tag>mail 安裝 郵件}}