差異處

這裏顯示兩個版本的差異處。

連向這個比對檢視

兩邊的前次修訂版 前次修改
下次修改		 前次修改
tech:install_mail [2015/09/19 23:16] – [- 安裝 MailScanner] jonathantech:install_mail [2021/01/16 14:51] (目前版本) – 更換 Plugin jonathan
行 1: 行 1:
 +====== 安裝 Mail Server 程序 =====
 +<note>
 +  * 目前我已經改用 iRedMail 來當郵件主機
 +  * 請參考 - [[tech/iredmail]]
 +</note>
  
 +<style box float-left>
 +**相關頁面:**
 +----
 +  * [[tech/mail]]
 +  * [[tech/install_spf_dkim]]
 +</quote>
 +
 +===== - 先設定 hosts =====
 +<code sh>
 +vi /etc/hosts
 +</code><file>
 +:
 +127.0.0.1               e-plast-mail mail.e-plast.com.tw localhost
 +:
 +</file>
 +
 +===== - 安裝基本郵件系統元件 =====
 +CentOS 內之預設版本:
 +<quote>
 +  * sendmail-8.13.1-3.2.el4
 +  * dovecot-0.99.11-8.EL4
 +  * cyrus-sasl-2.1.19-14
 +  * cyrus-sasl-devel-2.1.19-14
 +  * cyrus-sasl-plain-2.1.19-14
 +  * cyrus-sasl-md5-2.1.19-14
 +  * perl-5.8.5-36.RHEL4
 +  * spamassassin-3.1.9-1.el4
 +</quote>
 +++++詳細安裝程序|
 +<file>
 +su - root
 +yum install sendmail sendmail-cf dovecot cyrus-sasl cyrus-sasl-devel cyrus-sasl-plain cyrus-sasl-md5 perl spamassassin
 +</file>
 +++++
 +
 +
 +==== - cyrus-sasl ====
 +++++cyrus-sasl 設定程序|
 +<note>
 +  * CentOS 6
 +    * 更改 /etc/sasl2/Sendmail.conf
 +  * CentOS 5
 +    * 64 bits 環境就更改 /usr/**lib64**/sasl2/Sendmail.conf
 +    * 32 bits 環境就更改 /usr/**lib**/sasl2/Sendmail.conf
 +</note>
 +<code|h vi /usr/lib64/sasl2/Sendmail.conf>
 +log_level: 3
 +pwcheck_method: saslauthd
 +mech_list: PLAIN LOGIN 
 +</code>
 +<file>
 +chkconfig saslauthd on
 +service saslauthd restart
 +</file>
 +++++
 +
 +==== - sendmail ====
 +++++sendmail 設定程序|
 +<code|h vi /etc/mail/sendmail.mc>
 +:
 +TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
 +define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
 +:
 +DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
 +:
 +</code>
 +<note>
 +在 TRUST_AUTH_MECH 處要去掉前面 **dnl** 否則還是不會有 smtp 認證的設定功能
 +</note>
 +<file>
 +cd /etc/mail
 +mv sendmail.cf sendmail.cf.back1
 +m4 sendmail.mc > sendmail.cf
 +</file>
 +++++
 +++++加入接受的 Domain Name|
 +<code|h vi /etc/mail/local-host-names>
 +# local-host-names - include all aliases for your machine here.
 +ichiayi.com
 +mail.ichiayi.com
 +corp.ichiayi.com
 +server.ichiayi.com
 +trysoft.tw
 +mail.trysoft.tw
 +xdsl.uimt.com
 +</code>
 +++++
 +++++編輯信任 IP 定義|
 +<code|h vi /etc/mail/access>
 +:
 +localhost.localdomain           RELAY
 +localhost                       RELAY
 +127.0.0.1                       RELAY
 +61.67.71.91                     RELAY
 +:
 +</code>
 +++++
 +++++編輯 Aliases 定義|
 +<code|h vi /etc/aliases>
 +:
 +# Person who should get root's mail
 +root:           [email protected]
 +
 +# Other persons aliases
 +jonathan:       jtsai
 +photo:          tryweb
 +backup:         tryweb
 +
 +# Mail List
 +# G2B2C Mail List
 +boxteam:        :include: /etc/mail/boxteam.txt
 +moeateam:       :include: /etc/mail/moeateam.txt
 +</code>
 +<file>
 +newaliases
 +</file>
 +++++
 +  * 與 sendmail 相關設定全部定義好後重新啟動 sendmail
 +<file>
 +service sendmail restart
 +</file>
 +++++確認是否設定正確 smtp 寄信具有身份認證功能簡單檢測方式:|
 +
 +  - 輸入 **telnet localhost 25**<file>
 +[root@centos5 mail]# telnet localhost 25
 +Trying 127.0.0.1...
 +Connected to vm-mail.ichiayi.com (127.0.0.1).
 +Escape character is '^]'.
 +220 vm-mail.ichiayi.com ESMTP Sendmail 8.13.8/8.13.8; Fri, 14 Mar 2008 07:12:12 +0800
 +</file>
 +  - 輸入 smtp 命令 **ehlo localhost**<file>
 +250-vm-mail.ichiayi.com Hello centos5 [127.0.0.1], pleased to meet you
 +250-ENHANCEDSTATUSCODES
 +250-PIPELINING
 +250-8BITMIME
 +250-SIZE
 +250-DSN
 +250-AUTH LOGIN PLAIN
 +250-DELIVERBY
 +250 HELP
 +</file>
 +  - 這時如果沒有出現 **AUTH LOGIN PLAIN** 那就是設定有問題,可能是 sendmail.mc 內的 TRUST_AUTH_MECH 定義前面 dnl 沒拿掉的問題
 +  - 最後透過 **quit** 離開 smtp 互動模式<file>
 +quit
 +221 2.0.0 vm-mail.ichiayi.com closing connection
 +Connection closed by foreign host.
 +[root@centos5 mail]#
 +</file>
 +++++
 +
 +==== dovecot 設定程序 ====
 +  * CentOS 5 <code|h vi /etc/dovecot.conf>
 +:
 +protocols = imap pop3
 +:
 +</code><file>
 +chkconfig dovecot on
 +service dovecot restart
 +</file>
 +  * CentOS 6 <code|h vi /etc/dovecot/dovecot.conf>
 +:
 +protocols = imap pop3
 +:
 +!include_try /etc/dovecot/local.conf
 +</code><code|h vi /etc/dovecot/local.conf>
 +mail_privileged_group = mail
 +</code><code|h vi /etc/dovecot/conf.d/10-auth.conf>
 +:
 +disable_plaintext_auth = no
 +:
 +</code><code|h vi /etc/dovecot/conf.d/10-mail.conf>
 +:
 +mail_location = mbox:~/mail:INBOX=/var/mail/%u
 +:
 +</code>
 +  * 設定 imaps/pop3s
 +    * 建立 SSL 加密所需要憑證<code sh>
 +
 +</code>
 +===== - 安裝防毒過濾系統  clamav =====
 +
 +  * http://heanet.dl.sourceforge.net/sourceforge/clamav/
 +<code sh>
 +yum install clamav clamd
 +service clamd start
 +chkconfig clamd on
 +</code>
 +++++詳細 Source 下載安裝程序|
 +<file>
 +su - root
 +yum install zlib zlib-devel
 +cd MailSource
 +wget http://heanet.dl.sourceforge.net/sourceforge/clamav/clamav-0.94.tar.gz
 +tar -zxvf clamav-0.94.tar.gz
 +cd clamav-0.94
 +useradd clamav
 +./configure
 +make
 +make install
 +</file>
 +安裝前要先建立 clamav 的帳號與群組, 如果 zlib 版本低於 1.2.2 則需要加上 --disable-zlib-vcheck 參數
 +++++
 +===== - 安裝 MailScanner =====
 +  * https://www.mailscanner.info/downloads/
 +++++詳細安裝程序|
 +<file>
 +su - root
 +yum install rpm-build binutils glibc-devel gcc make
 +mkdir -p /root/MailSource
 +cd /root/MailSource
 +wget https://s3.amazonaws.com/msv5/release/MailScanner-5.0.3-7.rhel.tar.gz
 +tar -zxvf MailScanner-5.0.3-7.rhel.tar.gz
 +cd MailScanner-5.0.3-7
 +./install.sh
 +</file>
 +
 +++++
 +==== - 設定 MailScanner 定義檔 ====
 +  * 新安裝編輯 /etc/MailScanner/MailScanner.conf
 +++++vi /etc/MailScanner/MailScanner.conf|
 +<file>
 +:
 +%org-name% = Trysoft
 +:
 +%org-long-name% = Trysoft Corp.
 +:
 +%web-site% = www.ichiayi.com
 +:
 +Virus Scanners = auto
 +:
 +Sign Clean Messages = no
 +:
 +Spam Subject Text = [*Trysoft-SPAM*]
 +:
 +High Scoring Spam Subject Text = [*Trysoft-SPAM*]
 +:
 +Send Notices = no
 +:
 +Spam List = SBL+XBL spamhaus-PBL CBL DSBL spamhaus-ZEN  # You can un-comment this to enable them
 +:
 +Is Definitely Spam = %rules-dir%/spam.blacklist.rules
 +:
 +Spam Actions = store
 +:
 +High Scoring Spam Actions = store
 +:
 +SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
 +:
 +SpamAssassin Install Prefix = /usr
 +:
 +</file>
 +++++
 +  * 升級的自動調整設定方式
 +++++upgrade_MailScanner_conf|
 +<file>
 +cd /etc/MailScanner
 +upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > MailScanner.new
 +mv -f MailScanner.conf MailScanner.old
 +mv -f MailScanner.new  MailScanner.conf
 +</file>
 +++++
 +==== - 設定 sendmail 與 MailScanner 啟動方式 ====
 +  * 設定 sendmail + MailScanner 啟動方式<file>
 +service sendmail stop
 +chkconfig sendmail off
 +chkconfig MailScanner on
 +service MailScanner start
 +</file>
 +
 +  * 當出現 MailScanner: No programs allowed (msg-xxxxx-xxx.txt) 的誤判病毒問題, 可以直接改 /etc/MailScanner/filetype.rules.conf 內容後, 重新啟動 MailScanner 解決<code sh>
 +vi /etc/MailScanner/filetype.rules.conf
 +</code><file>
 +:
 +deny    self-extract    No self-extracting archives     No self-extracting archives allowed
 +#deny   executable      No executables          No programs allowed
 +#EXAMPLE: deny  -       x-dosexec       No DOS executables      No DOS programs allowed
 +#deny   ELF             No executables          No programs allowed
 +deny    Registry        No Windows Registry entries     No Windows Registry files allowed
 +
 +#deny   MPEG            No MPEG movies          No MPEG movies allowed
 +:
 +</file><code sh>
 +service MailScanner restart
 +</code>
 +
 +=== 參考網址資料 ===
 +  * http://phorum.study-area.org/index.php/topic,50001.0.html
 +  * http://i-yow.blogspot.com/2008/07/part-2mailscannerclamavspamassassin.html
 +
 +{{tag>mail 安裝 郵件}}