2003-07-10 21:36 
老徐 由 徐永久 发表于 2003年07月10日 03:40。
参考文档:
http://www.pipeline.com.au/staff/mbowe/isp/webmail-server.htm
http://www.jerfu.com/toaster/FullToaster_1.0.6.html
http://shupp.org/toaster/
本文将结合以上三个文档,介绍自己在 Solaris 8 下和 RedHat 7.2 下的安装经验。 LAMP 的安装,不再赘述,包括 SSL 的支持也不在这里叙述。笔者尽量用简明的 安装脚本来解释安装中需要注意的问题。
作者:FreeLAMP.com 徐永久
最后更新:2003年6月10日 星期二
各种软件的下载地点在文后列出。我喜欢把下载以后的文件集中在一个目录存放,
假设我们把下载后的文件存放的目录叫做 $QM_GZDIR 表示存放 qmail 相关的 .tar.gz 的目录。
在下面的安装脚本中,你可以用 export QM_GZDIR=/root/download/qmail 等来使用这个变量。
一、安装 UCSPI-TCP
cd /usr/local/src
tar xzf $QM_GZDIR/ucspi-tcp-0.88.tar.gz
chown -R root.root ucspi-tcp-0.88
cd ucspi-tcp-0.88
# 对 rblsmtpd 打补丁,使之能够使用所有最新的 RBL 区
# 这个补丁可以定制一个错误信息返回给发信人。
patch -p0 rblsmtpd.c < $QM_GZDIR/ucspi-rss.diff
# 修改 rblsmtpd.c 以增加错误文本的最大长度,从 200个字符修改为 500 个。
# 这样就可以把足够说明问题的信息返回给被 RBL 过滤掉的发件人。
vi rblsmtpd.c
去 166 行,修改
if (text.len > 200) text.len = 200;
为:
if (text.len > 500) text.len = 500;
make
make setup check
二、安装 DAEMONTOOLS
mkdir -p /package
chmod 1755 /package
cd /package
tar xzfp $QM_GZDIR/daemontools-0.76.tar.gz
cd admin/daemontools-0.76
package/install
安装完毕,用 ps -ef|grep sv 就可以看到有进程在跑了。
需要注意的是,在 Solaris 上需要修改 /etc/inittab 中的
SV:123456:respawn:/command/svscanboot
为:
SV:123456:respawn:/command/svscanboot /dev/msglog 2>&1
才可以看到进程运行。
无论是 Solaris 还是 Linux ,如果不想 daemontools 运行,可以注释掉
inittab 中的这句话,然后用 init q 命令重新刷新一下运行级别即可。
三、安装 qmail
这部分是最冗长,也是最核心的部分。各人有各人的做法,真的是千奇百怪。
或许是系统的体例或者习惯不一样吧,例如很多的文档喜欢把 .tar.gz 解压到
/var/src 下,我认为 Linux 下的作风是 /usr/local/src ,因此我固执的把这种作风
移植到了 Solaris 上面。
cd /usr/local/src
groupadd nofiles
useradd -g nofiles -d /var/qmail qmaild
useradd -g nofiles -d /var/qmail qmaill
useradd -g nofiles -d /var/qmail qmailp
useradd -g nofiles -d /var/qmail/alias alias
groupadd qmail
useradd -g qmail -d /var/qmail qmailq
useradd -g qmail -d /var/qmail qmailr
useradd -g qmail -d /var/qmail qmails
tar xzf $QM_GZDIR/qmail-1.03.tar.gz
cd qmail-1.03
# 对 dns 打补丁
patch -p1 < $QM_GZDIR/qmail-103.patch
# 对 qmailqueue 打补丁
# 这个补丁能支持其他一些流行的附加产品,例如 Qmail-Scanner
patch -p1 < $QM_GZDIR/qmailqueue-patch
# 针对 qmail-local 和 qmail-pop3d 能和 maildir++ quota 兼容而打补丁
patch < $QM_GZDIR/qmail-maildir++.patch
# 针对本地时间戳打补丁,使邮件头上的时间显示为本地时间而不是 GMT。
patch -p1 < $QM_GZDIR/qmail-date-localtime.patch.txt
# 支持 badmailfrom 的日志记录以及 badrcptto 功能。
patch < $QM_GZDIR/qmail-badmailfrom-badrcptto.patch.txt
# 修改qmail-smtpd.c ,以防止远程服务器发送非法格式的邮件,导致服务死循环。
vi qmail-smtpd.c
在大约 51 行左右把 straynewline 函数的 451 修改成 553
make
make setup check
(cd ~alias; touch .qmail-postmaster .qmail-mailer-daemon .qmail-root)
chmod 644 ~alias/.qmail*
./config-fast mail.abc.com
cp $QM_GZDIR/qmailctl.txt /var/qmail/bin/qmailctl
chmod 755 /var/qmail/bin/qmailctl
ln -s /var/qmail/bin/qmailctl /etc/rc.d/init.d/qmail
ln -s /var/qmail/bin/qmailctl /usr/bin
mkdir -p /var/qmail/supervise/qmail-send/log
mkdir -p /var/qmail/supervise/qmail-smtpd/log
mkdir -p /var/qmail/supervise/qmail-pop3d/log
chmod +t /var/qmail/supervise/qmail-send
chmod +t /var/qmail/supervise/qmail-smtpd
chmod +t /var/qmail/supervise/qmail-pop3d
vi /var/qmail/supervise/qmail-send/run
#!/bin/sh
exec env - PATH="/var/qmail/bin:$PATH" qmail-start ./Maildir/
vi /var/qmail/supervise/qmail-send/log/run
#!/bin/sh
# Keep 30 logs of max 10Mb each
#
# They will get rotated when they reach 10Mb in size,
# or at midnight when our crontab script fires (whichever event comes 1st)
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s10000000 n30 /var/log/qmail/send
vi /var/qmail/supervise/qmail-smtpd/run
#!/bin/sh
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
exec /usr/local/bin/softlimit -m 2000000 \
/usr/local/bin/tcpserver \
-v -x /home/vpopmail/etc/tcp.smtp.cdb \
-c 20 -R -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
/usr/local/bin/rblsmtpd -b -C \
-r 'relays.ordb.org:Your message was rejected because the mail server you use is configured to allow OPEN RELAY - More detailed information regarding this problem is available from http://www.ordb.org/lookup/?%IP% - Please forward this error through to your email server support staff for easy resolution.' \
-r 'inputs.relays.osirusoft.com:Your message was rejected because the mail server you use is either configured to allow OPEN RELAY - More information regarding this problems is available at http://relays.osirusoft.com/cgi-bin/rbcheck.cgi?addr=%IP% - Please forward this error to your email server support staff for resolution.' \
-r 'proxies.relays.monkeys.com:Your message was rejected because the message was sent from an OPEN PROXY - More information regarding this problems is available at http://www.monkeys.com/upl/listed-ip-0.cgi?ip=%IP% - Please forward this error to your email server support staff for resolution.' \
/var/qmail/bin/qmail-smtpd 2>&1
vi /var/qmail/supervise/qmail-smtpd/log/run
#!/bin/sh
# Keep 30 logs of max 10Mb each
#
# They will get rotated when they reach 10Mb in size,
# or at midnight when our crontab script fires (whichever event comes 1st)
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s10000000 n30 /var/log/qmail/smtpd
vi /var/qmail/supervise/qmail-pop3d/run
#!/bin/sh
exec /usr/local/bin/softlimit -m 3000000 \
/usr/local/bin/tcpserver \
-v -x /etc/tcp.pop3.cdb -c 30 -R 0 pop3 \
/var/qmail/bin/qmail-popup mail.abc.com \
/home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 2>&1
vi /var/qmail/supervise/qmail-pop3d/log/run
#!/bin/sh
# Keep 30 logs of max 10Mb each
# They will get rotated when they reach 10Mb in size,
# or at midnight when our crontab script fires (whichever event comes 1st)
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s10000000 n30 /var/log/qmail/pop3d
修改 crontab ,使之每天转储 qmail 的日志文件。
crontab -e
0 0 * * * /usr/local/bin/svc -a /service/qmail-smtpd/log
0 0 * * * /usr/local/bin/svc -a /service/qmail-send/log
0 0 * * * /usr/local/bin/svc -a /service/qmail-pop3d/log
chmod 755 /var/qmail/supervise/qmail-send/run
chmod 755 /var/qmail/supervise/qmail-send/log/run
chmod 755 /var/qmail/supervise/qmail-smtpd/run
chmod 755 /var/qmail/supervise/qmail-smtpd/log/run
chmod 755 /var/qmail/supervise/qmail-pop3d/run
chmod 755 /var/qmail/supervise/qmail-pop3d/log/run
mkdir /var/log/qmail
mkdir /var/log/qmail/smtpd
mkdir /var/log/qmail/send
mkdir /var/log/qmail/pop3d
chown -R qmaill /var/log/qmail
ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /var/qmail/supervise/qmail-pop3d /service
当您实施到这里的时候,运行 qmailctl start 你就可以看到四个 qmail 的进程在运行了。在我的机器上用
ps -ef|grep qmail 可以看到其中有如下四行:
qmails 18985 18975 0 16:28 ? 00:00:00 qmail-send
root 18993 18985 0 16:28 ? 00:00:00 qmail-lspawn ./Maildir/
qmailr 18994 18985 0 16:28 ? 00:00:00 qmail-rspawn
qmailq 18995 18985 0 16:28 ? 00:00:00 qmail-clean
这个时候,并不能保证你能用 telnet localhost 25 或者 110 正常登录了。
如果缺少 /home/vpopmail/etc/tcp.smtp 文件,那么系统也不能正常工作。
这个文件作在 /home/vpopmail 下的原因是 vpopmail 配置默认就在这里。
这个文件用于控制允许 relay 的服务器。
vi /home/vpopmail/etc/tcp.smtp
#——————————————————
# DESCRIPTION OF THE RULES TO REMIND ME OF HOW THIS FILE WORKS
#
# If you set ‘allow’, this means that our mail server will allow
# the specified ip range to make a TCP connection to our server
#
# If you set ‘deny’, this means that our mail server will not allow
# the specified ip range to make a TCP connection to our server
#
# If you set RELAYCLIENT=”", this means that the listed IP range is
# allowed to relay mail through our server
#
# If you dont set RELAYCLIENT=”", this means that the listed IP range
# will not be able to relay mail through our server
#
# If you set RBLSMTPD=”", this means that the listed IP ranges will
# not be checked against any of the RBL databases
#
# If you set RBLSMTPD=”some text here”, this means that an RBL lookup
# wont be performed, but the mail will be rejected with the specified
# text as a 4xx temp error message
#
# If you set RBLSMTPD=”-some text here”, this means that an RBL lookup
# wont be performed, but the mail will be rejected with the specified
# text as a 5xx perm error message
#
# If you do not set RBLSMTPD=”" or =”some text”, then an RBL lookup
# will be performed. If the lookup is successful, then RBLSMTPD will
# return your custom error message (as specified in the -r parameter
# in smtpd supervise script)
#—————————————————–
# HERE ARE THE RULES :
#—————————————————————-
# local class-c’s allowed to relay WITHOUT RBL checking
123.123.123.:allow,RELAYCLIENT=”",RBLSMTPD=”"
123.111.111.:allow,RELAYCLIENT=”",RBLSMTPD=”"
#—————————————————————-
# these ips are ones that we have setup so that they arent RBL checked
# usually because we have spoken with the owners of the mail server
# in question and for one reason or another they cannot update their
# config, and we still want to be able to receive mail from them.
#
# reminder text goes here for this entry so we know the story…
111.111.111.:allow,RBLSMTPD=”"
# reminder text goes here for this entry so we know the story…
222.222.222.222:allow,RBLSMTPD=”"
#—————————————————————–
# mailXX.offermail.net connecting regularly and sending invalid
# format messages causing exit with status 256 (bare linefeed normally)
# entry added 15/12/2001
# after looking at the mail coming from these servers it was found to be spam
216.242.75.100-116:allow,RBLSMTPD=”-Connections from this IP have been banned.”
#
#—————————————————————–
# heaps of spam from replyto of *@freeamateurhotties.com dec2001
64.228.127.:allow,RBLSMTPD=”-Connections refused due to spam from freeamateurhotties.com”
154.20.94.:allow,RBLSMTPD=”-Connections refused due to spam from freeamateurhotties.com”
154.20.96.:allow,RBLSMTPD=”-Connections refused due to spam from freeamateurhotties.com”
154.20.97.:allow,RBLSMTPD=”-Connections refused due to spam from freeamateurhotties.com”
154.20.98.:allow,RBLSMTPD=”-Connections refused due to spam from freeamateurhotties.com”
209.151.132.:allow,RBLSMTPD=”-Connections refused due to spam from freeamateurhotties.com”
209.151.131.:allow,RBLSMTPD=”-Connections refused due to spam from freeamateurhotties.com”
216.18.85.:allow,RBLSMTPD=”-Connections refused due to spam from freeamateurhotties.com”
#—————————————————————–
# himailer spam 15/7/02
61.230.72-75.:allow,RBLSMTPD=”-Connections refused due to spam from HiMailer.com”
#
#—————————————————————–
# Allow connections from localhost,
# allow relay (cause the WebMail server runs on localhost),
# and dont do RBL lookup
127.0.0.1:allow,RELAYCLIENT=”",RBLSMTPD=”"
#—————————————————————–
# Everyone else can make connections to our server, but not allowed to relay
# RBL lookups are performed
:allow
接下来配置 /home/vpopmail/etc/tcp.pop3 文件,这个文件控制允许存取 pop3
服务的机器,在有人攻击 pop3 服务器的时候,可以用这个文件阻止攻击者的 IP 地址。
vi /home/vpopmail/etc/tcp.pop3
# Allow any client to connect to us via POP3
# If people are abusing POP3 such as denial-of-service on POP3,
# you can add their ips here to block them out
:allow
# 然后重新建立 /home/vpopmail/etc/tcp.smtp 以及 /home/vpopmail/etc/tcp.pop3 的数据库文件
qmailctl cdb (需要修改脚本 qmailctl 的脚本,cdb 那段的目录修改为 /home/vpopmail )
假定你已经删除机器上原来安装的 sendmail 或者 postfix 之类的程序,然后:
ln -s /var/qmail/bin/sendmail /usr/lib
ln -s /var/qmail/bin/sendmail /usr/sbin
# 把 postmaster@abc.com 作为弹回邮件的发送者。
echo ‘postmaster’ > /var/qmail/control/bouncefrom
# 让 qmail 发送两次弹回的邮件给 doublebounce@abc.com
echo ‘doublebounce’ > /var/qmail/control/doublebounceto
echo ‘abc.com’ > /var/qmail/control/doublebouncehost
# 如果需要丢弃两次弹回的邮件,就采用:
echo ‘#’ > ~alias/.qmail-doublebounce
# 把邮件最大设为 20MB。
echo ’20480000′ > /var/qmail/control/databytes
# 邮件队列最多等待 4天。
echo ’345600′ > /var/qmail/control/queuelifetime
qmailctl restart 我们可以用 telnet localhost 25 和 110 来分别测试服务运行的情况了。
四、安装 Vpopmail
groupadd -g 89 vchkpw
useradd -g vchkpw -u 89 vpopmail
cd /usr/local/src
tar xzf $QM_GZDIR/vpopmail-5.3.20.tar.gz
cd vpopmail-5.3.20
chmod 600 vmysql.h
vi vmysql.h
#define MYSQL_UPDATE_USER “vpopmailuser”
#define MYSQL_UPDATE_PASSWD “vpoppasswd”
#define MYSQL_READ_USER “vpopmailuser”
#define MYSQL_READ_PASSWD “vpoppasswd”
修改为适合自己的用户名和口令。
在 MySQL 上建立数据库 vpopmail ,并用
grant 命令给以上的用户名和口令赋权限。
配置命令:
./configure –enable-mysql=y –enable-roaming-users=y –enable-mysql-logging=y –enable-clear-passwd=y \
–enable-default-domain=yourdomain.com –enable-defaultquota=50M \
–enable-incdir=/opt/mysql/include/mysql –enable-libdir=/opt/mysql/lib/mysql
make
make install-strip
vi /home/vpopmail/domains/.quotawarn.msg
可以建立磁盘限额报警信息。
也可以提醒发件人,收件人的磁盘已满:
echo “Message rejected. Not enough storage space in user’s mailbox to accept message.” > /home/vpopmail/domains/.over-quota.msg
五、安装 COURIER IMAP
cd /usr/local/src
tar xjf $QM_GZDIR/courier-imap-1.7.3.tar.bz2
cd courier-imap-1.7.3
vi maildir/maildirpurgetmp.c
在大约 64 行,把
&& stat_buf.st_ctime < current_time - nage)
修改为:
&& stat_buf.st_mtime < current_time - nage)
主要解决 IMAP 文件夹同步等按邮件到达时间还是按修改时间的问题。
./configure \
--disable-root-check \
--without-authdaemon \
--with-authvchkpw
(这一步会花比较长的时间,请耐心等候)
make
// make check ; 用于检查错误 --enable-workarounds-for-imap-client-bugs
make install-strip
make install-configure
vi /usr/lib/courier-imap/etc/imapd
(注意是 /usr/lib 不是 /usr/local 有的文档写 /usr/local 是不对的)
设置或者修改如下参数:
MAXDAEMONS=40 <- IMAP 服务的最多数目
MAXPERIP=100 <- 每个 IP 地址允许的最多连接数
TCPDOPTS="-nodnslookup -noidentlookup -user=vpopmail -group=vchkpw" <-用指定的用户和组运行 IMAP 服务
AUTHMODULES="authvchkpw" <-用 authvchkpw 作口令认证
IMAP_EMPTYTRASH=Trash:7,Sent:30 <-垃圾箱中的邮件7天后自动删除,已发送邮件 30 天。
IMAPDSTART=YES 设置 imapd 为启动。
vi /usr/lib/courier-imap/libexec/imapd.rc
修改:
/usr/lib/courier-imap/libexec/couriertcpd -address=$ADDRESS \
为:
/usr/lib/courier-imap/libexec/couriertcpd -address=$ADDRESS \
-user=vpopmail -group=vchkpw
六、测试
测试 POP3 服务:
telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
+OK Hello there.
user user@abc.com
+OK Password required.
pass [password]
+OK logged in.
quit
+OK Bye-bye.
Connection closed by foreign host.
测试 IMAP 服务:
telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
* OK Courier-IMAP ready. Copyright 1998-2001 Double Precision, Inc. See COPYING for distribution information.
a001 login user@abc.com [password]
a001 OK LOGIN Ok.
a001 logout
* BYE Courier-IMAP server shutting down
a001 OK LOGOUT completed
Connection closed by foreign host.
如果不能退出用 Ctrl-] 退出到 telnet> 状态,然后 quit 退出。
七、安装 Squirrelmail
cd /usr/local/apache/htdocs
tar -xzf $QM_GZDIR/squirrelmail-1.4.0.tar.gz
mv squirrelmail-1.4.0 webmail
cd webmail
mkdir attachment
chown -R www.www data
chown -R www.www attachment
chmod 733 attachment
./configure
这个脚本应该比较简单了,但是需要注意的是,需要把 IMAP 配置修改为 courier 类型。
configure 时有关于 Inbox/Trash/Sent 等邮件夹的命名,需要和 /usr/lib/courier-imap/etc/imapd 中的邮件夹对应起来。
修改语言的地方是 locale/zh_CN/LC_MESSAGES 下的 squirrelmail.po 。
修改完毕后,用 msgfmt -o squirrelmail.mo squirrelmail.po 来格式化一下。
另外有一些好的 Plugin 可以去 www.squirrelmail.org 下载,但是国内封锁了这个地址,需要用代理服务器才能访问,建议您寻找合适的代理服务器去访问。
在 Linux Console 下用 wget 去下载这些 plugin 时,需要设置:
export http_proxy=”ns.proserv.co.jp:80″
然后就可以用 wget 下载了。
八、需要注意的其他事项:
1、安装 PHP 时需要配置的 php.ini 的参数:
max_execution_time=60
memory_limit=10M
post_max_size=8M
upload_max_filesize=8M
file_uploads=On
log_errors=On
error_log=/usr/local/apache/logs/php.error
如果你看到没有这个错误文件产生,需要 touch 这个文件,并让 www 用户有权写这个文件。
然后重新启动 apache 就应该可以了。
需要说明的是,您的 php.ini 并不一定使用以上的目录,您需要建立一个页面 test.php
phpinfo();
?>
查找 php.ini,确认您的 php.ini 的路径是否和自己建立的一致。
另外用 CGI 方式的 php 程序,可以在命令行下用 php -i|grep php.ini 知道 php.ini的路径。
建立 SquirrelMail 用户配置文件的数据库,
建议建立在 vpopmail 数据库上。
CREATE TABLE address_book (
owner varchar(128) DEFAULT ” NOT NULL,
nickname varchar(16) DEFAULT ” NOT NULL,
firstname varchar(128) DEFAULT ” NOT NULL,
lastname varchar(128) DEFAULT ” NOT NULL,
email varchar(128) DEFAULT ” NOT NULL,
label varchar(255),
PRIMARY KEY (owner,nickname),
KEY firstname (firstname,lastname)
);
CREATE TABLE userprefs (
user varchar(128) DEFAULT ” NOT NULL,
prefkey varchar(64) DEFAULT ” NOT NULL,
prefval blob DEFAULT ” NOT NULL,
PRIMARY KEY (user,prefkey)
);
quit
===============================================
附件:
文件下载记录:
wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz
wget http://cr.yp.to/software/qmail-1.03.tar.gz
wget http://www.ckdhr.com/ckd/qmail-103.patch
wget http://www.qmail.org/qmailqueue-patch
wget http://www.shupp.org/patches/qmail-maildir++.patch
wget ftp://ftp.pipeline.com.au/PipeInt/Sources/Linux/WebMail/qmail-date-localtime.patch.txt
wget ftp://ftp.pipeline.com.au/pipeint/sources/linux/WebMail/qmail-badmailfrom-badrcptto.patch.txt
wget ftp://ftp.pipeline.com.au/pipeint/sources/linux/WebMail/qmailctl.txt
wget http://www.inter7.com/devel/vpopmail-5.3.20.tar.gz
wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
wget http://www.qmail.org/ucspi-rss.diff
wget http://apache.linuxforum.net/dist/httpd/httpd-2.0.45.tar.gz
wget http://flow.dl.sourceforge.net/sourceforge/squirrelmail/squirrelmail-1.4.0.tar.bz2
wget http://telia.dl.sourceforge.net/sourceforge/courier/courier-imap-1.7.3.tar.bz2
wget http://telia.dl.sourceforge.net/sourceforge/courier/maildrop-1.5.3.tar.bz2
wget http://telia.dl.sourceforge.net/sourceforge/qmail-scanner/qmail-scanner-1.15.tgz
wget http://www.jerfu.com/downloads/toaster/idx.shupp.patch.gz
wget http://www.jerfu.com/downloads/toaster/toaster-scripts.tar.gz
wget http://www.spamassassin.org/released/Mail-SpamAssassin-2.31.tar.gz
wget http://www.tiski.de/linux/patches/vpopmail/patch-quotafix-1.06.gz
关于 qmail vpopmail 的原理问题,将另文详细解说。
发表于 Uncategorized 
标签: 
