参考文档: http://www.pipeline.com.au/staff/mbowe/isp/webmail-server.htm
http://www.jerfu.com/toaster/FullToaster_1.0.6.html
http://shupp.org/toaster/
本文将结合以上三个文档,介绍自己在 Solaris 8 下和 RedHat 7.2 下的安装经验。
LAMP 的安装,不再赘述,包括 SSL 的支持也不在这里叙述。笔者尽量用简明的
安装脚本来解释安装中需要注意的问题。
作者:FreeLAMP.com 徐永久
最后更新:2003年6月10日 星期二
各种软件的下载地点在文后列出。我喜欢把下载以后的文件集中在一个目录存放,
假设我们把下载后的文件存放的目录叫做 $QM_GZDIR 表示存放 qmail 相关的 .tar.gz 的目录。
在下面的安装脚本中,你可以用 export QM_GZDIR=/root/download/qmail 等来使用这个变量。
一、安装 UCSPI-TCP
cd /usr/local/src
tar xzf $QM_GZDIR/ucspi-tcp-0.88.tar.gz
chown -R root.root ucspi-tcp-0.88
cd ucspi-tcp-0.88
# 对 rblsmtpd 打补丁,使之能够使用所有最新的 RBL 区
# 这个补丁可以定制一个错误信息返回给发信人。
patch -p0 rblsmtpd.c < $QM_GZDIR/ucspi-rss.diff
# 修改 rblsmtpd.c 以增加错误文本的最大长度,从 200个字符修改为 500 个。
# 这样就可以把足够说明问题的信息返回给被 RBL 过滤掉的发件人。
vi rblsmtpd.c
去 166 行,修改
if (text.len > 200) text.len = 200;
为:
if (text.len > 500) text.len = 500;
make
make setup check
二、安装 DAEMONTOOLS
mkdir -p /package
chmod 1755 /package
cd /package
tar xzfp $QM_GZDIR/daemontools-0.76.tar.gz
cd admin/daemontools-0.76
package/install
安装完毕,用 ps -ef|grep sv 就可以看到有进程在跑了。
需要注意的是,在 Solaris 上需要修改 /etc/inittab 中的
SV:123456:respawn:/command/svscanboot
为:
SV:123456:respawn:/command/svscanboot </dev/null >/dev/msglog 2>&1
才可以看到进程运行。
无论是 Solaris 还是 Linux ,如果不想 daemontools 运行,可以注释掉
inittab 中的这句话,然后用 init q 命令重新刷新一下运行级别即可。
三、安装 qmail
这部分是最冗长,也是最核心的部分。各人有各人的做法,真的是千奇百怪。
或许是系统的体例或者习惯不一样吧,例如很多的文档喜欢把 .tar.gz 解压到
/var/src 下,我认为 Linux 下的作风是 /usr/local/src ,因此我固执的把这种作风
移植到了 Solaris 上面。
cd /usr/local/src
groupadd nofiles
useradd -g nofiles -d /var/qmail qmaild
useradd -g nofiles -d /var/qmail qmaill
useradd -g nofiles -d /var/qmail qmailp
useradd -g nofiles -d /var/qmail/alias alias
groupadd qmail
useradd -g qmail -d /var/qmail qmailq
useradd -g qmail -d /var/qmail qmailr
useradd -g qmail -d /var/qmail qmails
tar xzf $QM_GZDIR/qmail-1.03.tar.gz
cd qmail-1.03
# 对 dns 打补丁
patch -p1 < $QM_GZDIR/qmail-103.patch
# 对 qmailqueue 打补丁
# 这个补丁能支持其他一些流行的附加产品,例如 Qmail-Scanner
patch -p1 < $QM_GZDIR/qmailqueue-patch
# 针对 qmail-local 和 qmail-pop3d 能和 maildir++ quota 兼容而打补丁
patch < $QM_GZDIR/qmail-maildir++.patch
# 针对本地时间戳打补丁,使邮件头上的时间显示为本地时间而不是 GMT。
patch -p1 < $QM_GZDIR/qmail-date-localtime.patch.txt
# 支持 badmailfrom 的日志记录以及 badrcptto 功能。
patch < $QM_GZDIR/qmail-badmailfrom-badrcptto.patch.txt
# 修改qmail-smtpd.c ,以防止远程服务器发送非法格式的邮件,导致服务死循环。
vi qmail-smtpd.c
在大约 51 行左右把 straynewline 函数的 451 修改成 553
make
make setup check
(cd ~alias; touch .qmail-postmaster .qmail-mailer-daemon .qmail-root)
chmod 644 ~alias/.qmail*
./config-fast mail.abc.com
cp $QM_GZDIR/qmailctl.txt /var/qmail/bin/qmailctl
chmod 755 /var/qmail/bin/qmailctl
ln -s /var/qmail/bin/qmailctl /etc/rc.d/init.d/qmail
ln -s /var/qmail/bin/qmailctl /usr/bin
mkdir -p /var/qmail/supervise/qmail-send/log
mkdir -p /var/qmail/supervise/qmail-smtpd/log
mkdir -p /var/qmail/supervise/qmail-pop3d/log
chmod +t /var/qmail/supervise/qmail-send
chmod +t /var/qmail/supervise/qmail-smtpd
chmod +t /var/qmail/supervise/qmail-pop3d
vi /var/qmail/supervise/qmail-send/run
#!/bin/sh
exec env - PATH="/var/qmail/bin:$PATH" qmail-start ./Maildir/
vi /var/qmail/supervise/qmail-send/log/run
#!/bin/sh
# Keep 30 logs of max 10Mb each
#
# They will get rotated when they reach 10Mb in size,
# or at midnight when our crontab script fires (whichever event comes 1st)
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s10000000 n30 /var/log/qmail/send
vi /var/qmail/supervise/qmail-smtpd/run
#!/bin/sh
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
exec /usr/local/bin/softlimit -m 2000000 \
/usr/local/bin/tcpserver \
-v -x /home/vpopmail/etc/tcp.smtp.cdb \
-c 20 -R -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
/usr/local/bin/rblsmtpd -b -C \
-r ''relays.ordb.org:Your message was rejected because the mail server you use is configured to allow OPEN RELAY - More detailed information regarding this problem is available from http://www.ordb.org/lookup/?%IP% - Please forward this error through to your email server support staff for easy resolution.'' \
-r ''inputs.relays.osirusoft.com:Your message was rejected because the mail server you use is either configured to allow OPEN RELAY - More information regarding this problems is available at http://relays.osirusoft.com/cgi-bin/rbcheck.cgi?addr=%IP% - Please forward this error to your email server support staff for resolution.'' \
-r ''proxies.relays.monkeys.com:Your message was rejected because the message was sent from an OPEN PROXY - More information regarding this problems is available at http://www.monkeys.com/upl/listed-ip-0.cgi?ip=%IP% - Please forward this error to your email server support staff for resolution.'' \
/var/qmail/bin/qmail-smtpd 2>&1
vi /var/qmail/supervise/qmail-smtpd/log/run
#!/bin/sh
# Keep 30 logs of max 10Mb each
#
# They will get rotated when they reach 10Mb in size,
# or at midnight when our crontab script fires (whichever event comes 1st)
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s10000000 n30 /var/log/qmail/smtpd
vi /var/qmail/supervise/qmail-pop3d/run
#!/bin/sh
exec /usr/local/bin/softlimit -m 3000000 \
/usr/local/bin/tcpserver \
-v -x /etc/tcp.pop3.cdb -c 30 -R 0 pop3 \
/var/qmail/bin/qmail-popup mail.abc.com \
/home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 2>&1
vi /var/qmail/supervise/qmail-pop3d/log/run
#!/bin/sh
# Keep 30 logs of max 10Mb each
# They will get rotated when they reach 10Mb in size,
# or at midnight when our crontab script fires (whichever event comes 1st)
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s10000000 n30 /var/log/qmail/pop3d
修改 crontab ,使之每天转储 qmail 的日志文件。
crontab -e
0 0 * * * /usr/local/bin/svc -a /service/qmail-smtpd/log
0 0 * * * /usr/local/bin/svc -a /service/qmail-send/log
0 0 * * * /usr/local/bin/svc -a /service/qmail-pop3d/log
chmod 755 /var/qmail/supervise/qmail-send/run
chmod 755 /var/qmail/supervise/qmail-send/log/run
chmod 755 /var/qmail/supervise/qmail-smtpd/run
chmod 755 /var/qmail/supervise/qmail-smtpd/log/run
chmod 755 /var/qmail/supervise/qmail-pop3d/run
chmod 755 /var/qmail/supervise/qmail-pop3d/log/run
mkdir /var/log/qmail
mkdir /var/log/qmail/smtpd
mkdir /var/log/qmail/send
mkdir /var/log/qmail/pop3d
chown -R qmaill /var/log/qmail
ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /var/qmail/supervise/qmail-pop3d /service
当您实施到这里的时候,运行 qmailctl start 你就可以看到四个 qmail 的进程在运行了。在我的机器上用
ps -ef|grep qmail 可以看到其中有如下四行:
qmails 18985 18975 0 16:28 ? 00:00:00 qmail-send
root 18993 18985 0 16:28 ? 00:00:00 qmail-lspawn ./Maildir/
qmailr 18994 18985 0 16:28 ? 00:00:00 qmail-rspawn
qmailq 18995 18985 0 16:28 ? 00:00:00 qmail-clean
这个时候,并不能保证你能用 telnet localhost 25 或者 110 正常登录了。
如果缺少 /home/vpopmail/etc/tcp.smtp 文件,那么系统也不能正常工作。
这个文件作在 /home/vpopmail 下的原因是 vpopmail 配置默认就在这里。
这个文件用于控制允许 relay 的服务器。
vi /home/vpopmail/etc/tcp.smtp
#------------------------------------------------------
# DESCRIPTION OF THE RULES TO REMIND ME OF HOW THIS FILE WORKS
#
# If you set ''allow'', this means that our mail server will allow
# the specified ip range to make a TCP connection to our server
#
# If you set ''deny'', this means that our mail server will not allow
# the specified ip range to make a TCP connection to our server
#
# If you set RELAYCLIENT="", this means that the listed IP range is
# allowed to relay mail through our server
#
# If you dont set RELAYCLIENT="", this means that the listed IP range
# will not be able to relay mail through our server
#
# If you set RBLSMTPD="", this means that the listed IP ranges will
# not be checked against any of the RBL databases
#
# If you set RBLSMTPD="some text here", this means that an RBL lookup
# wont be performed, but the mail will be rejected with the specified
# text as a 4xx temp error message
#
# If you set RBLSMTPD="-some text here", this means that an RBL lookup
# wont be performed, but the mail will be rejected with the specified
# text as a 5xx perm error message
#
# If you do not set RBLSMTPD="" or ="some text", then an RBL lookup
# will be performed. If the lookup is successful, then RBLSMTPD will
# return your custom error message (as specified in the -r parameter
# in smtpd supervise script)
#-----------------------------------------------------
# HERE ARE THE RULES :
#----------------------------------------------------------------
# local class-c''s allowed to relay WITHOUT RBL checking
123.123.123.:allow,RELAYCLIENT="",RBLSMTPD=""
123.111.111.:allow,RELAYCLIENT="",RBLSMTPD=""
#----------------------------------------------------------------
# these ips are ones that we have setup so that they arent RBL checked
# usually because we have spoken with the owners of the mail server
# in question and for one reason or another they cannot update their
# config, and we still want to be able to receive mail from them.
#
# reminder text goes here for this entry so we know the story...
111.111.111.:allow,RBLSMTPD=""
# reminder text goes here for this entry so we know the story...
222.222.222.222:allow,RBLSMTPD=""
#-----------------------------------------------------------------
# mailXX.offermail.net connecting regularly and sending invalid
# format messages causing exit with status 256 (bare linefeed normally)
# entry added 15/12/2001
# after looking at the mail coming from these servers it was found to be spam
216.242.75.100-116:allow,RBLSMTPD="-Connections from this IP have been banned."
#
#-----------------------------------------------------------------
# heaps of spam from replyto of *@freeamateurhotties.com dec2001
64.228.127.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
154.20.94.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
154.20.96.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
154.20.97.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
154.20.98.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
209.151.132.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
209.151.131.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
216.18.85.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
#-----------------------------------------------------------------
# himailer spam 15/7/02
61.230.72-75.:allow,RBLSMTPD="-Connections refused due to spam from HiMailer.com"
#
#-----------------------------------------------------------------
# Allow connections from localhost,
# allow relay (cause the WebMail server runs on localhost),
# and dont do RBL lookup
127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""
#-----------------------------------------------------------------
# Everyone else can make connections to our server, but not allowed to relay
# RBL lookups are performed
:allow
接下来配置 /home/vpopmail/etc/tcp.pop3 文件,这个文件控制允许存取 pop3
服务的机器,在有人攻击 pop3 服务器的时候,可以用这个文件阻止攻击者的 IP 地址。
vi /home/vpopmail/etc/tcp.pop3
# Allow any client to connect to us via POP3
# If people are abusing POP3 such as denial-of-service on POP3,
# you can add their ips here to block them out
:allow
# 然后重新建立 /home/vpopmail/etc/tcp.smtp 以及 /home/vpopmail/etc/tcp.pop3 的数据库文件
qmailctl cdb (需要修改脚本 qmailctl 的脚本,cdb 那段的目录修改为 /home/vpopmail )
假定你已经删除机器上原来安装的 sendmail 或者 postfix 之类的程序,然后:
ln -s /var/qmail/bin/sendmail /usr/lib
ln -s /var/qmail/bin/sendmail /usr/sbin
# 把 postmaster@abc.com 作为弹回邮件的发送者。
echo ''postmaster'' > /var/qmail/control/bouncefrom
# 让 qmail 发送两次弹回的邮件给 doublebounce@abc.com
echo ''doublebounce'' > /var/qmail/control/doublebounceto
echo ''abc.com'' > /var/qmail/control/doublebouncehost
qmail + vpopmail +squirrelmail安装经验谈
0
相关文章
关注我们
