FREEBSD postfix on the use of the Anti-mail anti-virus system Postfix under the Anti-mail anti-virus system -------------------------------------------------------------------------------- Use version Uname - hawk# FreeBSD FreeBSD hawk.the9.com 4.9-RELEASE 4.9-RELEASE Gallery : Mon Oct 27, 2003 17:51:09 root@freebsd-stable.sentex.ca : /usr/obj/usr/src/sys/GENERIC from beginning for the i386                         1. Outline : 1G / 1G swap So here 3G /var mail stored in relatively large installed 1G /tmp 1G /home 3G /usr The remaining /data 2. Users Add cnhawk users, password separate agreement, users who have joined 车 cnhawk Group, a separate agreement root password 3. Packages installation Minimize installation options Selected Lane selected in the custom option Compat3x Compat4x Man Ports 4.rc.conf Set : Sendmail_enable= "NONE"         5. Mysql installation A. Can be installed in ports Cd /usr/ports/databases/mysql323-server Make install The version installed mysql mysql-3.23.58 B. Following is the manual installation mysql-3.23.55 1) Add a mysql user groups and user mysql Pw groupadd mysql hawk# Hawk# pw useradd mysql g mysql s /nonexistent 2) Installation configuration Hawk# tar zxvf mysql-3.23.55.tar.gz Hawk# cd mysql-3.23.55 Hawk#. /configure --prefix=/usr/local/mysql --with-low-memory \ --with-charset=gb2312' --without-debug Hawk# make Make install hawk# Hawk# scripts/mysql_install_db Hawk# chown-R root /usr/local/mysql Hawk# chown-R mysql /usr/local/mysql/var Hawk# chgrp-R mysql /usr/local/mysql Hawk# cp support-files/my-medium.cnf /etc/my.cnf Ln-s /usr/local/mysql/bin/safe_mysqld /usr/local/bin/safe_mysqld hawk# Ln-s /usr/local/mysql/bin/mysqladmin /usr/local/bin/mysqladmin hawk# Ln-s /usr/local/mysql/bin/mysql /usr/local/bin/mysql hawk# Ln-s /usr/local/mysql/lib/mysql /usr/local/lib/mysql hawk# 3) User Database Editor Following is the database language Use mysql; #======================postfix================================== INSERT INTO user (host, user, password) VALUES ( 'localhost', 'postfix', ''); Update user set password=password ( 'N29527') where User= 'postfix'; FLUSH PRIVILEGES; Mr. GRANT TO postfix@localhost IDENTIFIED BY ALL ON mail.* "N29527." #======================courier================================== INSERT INTO user (host, user, password) VALUES ( 'localhost' and 'courier', ''); Update user set password=password ( 'N29527') where User= 'courier'; FLUSH PRIVILEGES; Mr. GRANT select, insert, update on mail.* TO courier; #=======================MAIL.SQL================================= #Create Mail database CREATE DATABASE mail; Use mail; #Create The aliases table CREATE TABLE aliases ( Alias varchar (255) NOT NULL default '' Rcpt varchar (255) default NULL. PRIMARY KEY (alias) ) TYPE=MyISAM; #Create The transport table CREATE TABLE transport ( Domain char (128) NOT NULL default '' Transport char (128) NOT NULL default '' UNIQUE KEY domain (domain) ) TYPE=MyISAM; #Create Thevirtua_users table CREATE TABLE virtual_users ( Unique_id int (32) unsigned NOT NULL auto_increment, Id char (128) NOT NULL default '' Password char (128) default NULL. Uid int (10) unsigned default '2003' Forty int (10) unsigned default '2003' Home char (255) default NULL. Maildir char (255) default NULL. Date_add date default NULL. Time_add time default NULL. Domain char (128) default NULL. Name char (255) default NULL. Imapok tinyint (3) unsigned default 'one' Quota char (255) default '10485760,' PRIMARY KEY (id). KEY unique_id (unique_id) ) TYPE=MyISAM; #Create Address table for the use of part of the 4003rd igenus increased. CREATE TABLE address ( Id int (32) unsigned NOT NULL auto_increment, Unique_id int (32) NOT NULL default '0' Name char (255) NOT NULL default '' Email char (255) NOT NULL default '' PRIMARY KEY (id). Key unique_id (unique_id) ) TYPE=MyISAM; #========================================================== 4) provision of Kai : Hawk# /usr/local/etc/rc.d/mysqld.sh, 1976 Mysqld.sh examples : #!/bin/sh Case "$ 1" in Start) [X] then if /usr/local/mysql/bin/safe_mysqld /usr/local/mysql/bin/safe_mysqld --user=mysql & "; /dev/null, Named echo-n 'mysqld' Fi ;; Stop) /usr/bin/killall Mysqld "; /dev/null 2>;&1, named echo-n 'mysqld' ;; *) Echo "" Echo "Usage : $ 0` `basename (start | stop)" Echo "" Exit 64 ;; Esac Hawk# chmod 755 /usr/local/etc/rc.d/mysqld.sh 6. Installation cyrus-sasl 1) Installation cyrus-sasl-2.1.12 Hawk# tar -zxvf cyrus-sasl-2.1.12.tar.gz Hawk# cd cyrus-sasl-2.1.12 Hawk#. /configure --disable-sample --disable-pwcheck --disable-cram \ --disable-digest --disable-krb4 --disable-gssapi --disable-anon \ --with-saslauthd=/var/run/saslauthd --enable-plain --enable-login Hawk# make Make install hawk# Ln-s /usr/local/lib/sasl2 /usr/lib/sasl2 hawk# 2) the distribution of the 1986-1991 Judge Secretary sasl Hawk# /etc/defaults/rc.conf, 1976 (Ldconfig_paths= "/usr/loca/lib insert /usr/local/lib/sasl2") Hawk# shutdown-r now (entry into force) 3) Operation saslauthd (if using direct pam authentication, the steps can be omitted) Examples saslauthd.sh #!/bin/sh Case "$ 1" in Start) [X] then if /usr/local/sbin/saslauthd /usr/local/sbin/saslauthd-Pam "; /dev/null, Named echo-n 'saslauthd' Fi ;; Stop) /usr/bin/killall Saslauthd "; /dev/null 2>;&1, named echo-n 'saslauthd' ;; *) Echo "" Echo "Usage : $ 0` `basename (start | stop)" Echo "" Exit 64 ;; Esac Hawk# mkdir /var/run/saslauthd Hawk# /usr/local/etc/rc.d/saslauthd.sh, 1976 Hawk# chmod 755 /usr/local/etc/rc.d/saslauthd.sh 4) the allocation of certification documents prepared postfix A) Use direct pam authentication : Hawk# echo pwcheck_method : pam "; /usr/local/lib/sasl2/smtpd.conf B) Use saslauthd Call pam authentication : Hawk# echo pwcheck_method : saslauthd "; /usr/lib/sasl2/smtpd.conf 7. Installation pam_mysql Pam_mysql-0.5 installation (due to the installation of translation FOSS passed, the use of ports installed freebsd4.9) 1) Installation Hawk# pkg_add-r gmake (pam_mysql need gmake) Hawk# cd /usr/ports/security/pam-mysql/ Hawk# cp /usr/local/lib/pam_mysql.so /usr/lib/ 2) Call mysql configuration support sasl certification pam.conf Hawk# /etc/pam.conf, 1976 (# add to the pop3 and imap) Add the following code : SMTP Diez sufficient pam_mysql.so user=postfix passwd=hawk host=localhost db=mail table=virtual_users usercolumn=id passwdcolumn=password crypt=1 SMTP account required pam_mysql.so user=postfix passwd=hawk host=localhost db=mail table=virtual_users usercolumn=id passwdcolumn=password crypt=1 (Note : The use of crypt password encryption, the use of passwords cyrpt=0 specifically, the use of password () encryption crypt=2) 8. Install postfix 1) stop handbook Hawk# mv /usr/bin/newaliases /usr/bin/newaliases.OFF Hawk# mv /usr/bin/mailq /usr/bin/mailq.OFF Hawk# mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF Hawk# mv /etc/rc.sendmail /etc/sendmail.OFF Hawk# /etc/rc.conf, 1976 (sendmail= "yes" insert #) 2) Add postfix users Hawk# pw groupadd postfix g 2003 Hawk# pw groupadd postdrop g 2004 Hawk# pw useradd postfix 2003 g 2003 - d-u-s /nologin /dev/null 3) Installation Installation postfix-2.0.10.tar.gz Hawk# tar zxvf postfix-2.0.10.tar.gz Hawk# cd postfix-2.0.10 If your mysql please use the following translation of this order is FOSS Hawk# make-f Makefile.init makefiles' CCARGS=-DUSE_SASL_AUTH -DHAS_MYSQL -I/usr/local/mysql/include/mysql -I/usr/local/include/sasl '' AUXLIBS=-L/usr/local/lib/ -L/usr/local/mysql/lib/mysql -lmysqlclient -lsasl2 -lz -lm ' If your mysql installation please use the following ports is the order Hawk# make-f Makefile.init makefiles' CCARGS=-DUSE_SASL_AUTH -DHAS_MYSQL -I/usr/local/include/mysql -I/usr/local/include/sasl '' AUXLIBS=-L/usr/local/lib/ -L/usr/local/lib/mysql -lmysqlclient -lsasl2 -lz -lm ' Hawk# make Hawk# make install (the first orders installation, the installation process suggested that if the wrong choice is suggested in the use of /tmp tmp) Hawk# make upgrade (upgrading old licensing orders) 4) Allocation Hawk# echo 'postfix : root' ";>; /etc/aliases Hawk# /usr/bin/newaliases (Note : If the document suggested postfix not open opiekeys enforcement : #hawk chown postfix:postfix /etc/opiekeys) A) editing main.cf /etc/posftix/main.cf examples : #======= BASE ============== Myhostname = hawk.the9.com Mydomain = the9.com Home_mailbox=Maildir/ Mydestination = $myhostname, $mydomain, $transport_maps Local_recipient_maps = empty Mailbox_command= /usr/lib/courier-imap/bin/deliverquota versus 90 ~/Maildir #======= MYSQL Based ============= Transport_maps = mysql:/etc/postfix/transport.cf Virtual_gid_maps = mysql:/etc/postfix/gids.cf Virtual_mailbox_base = /var/mail Virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual.cf Virtual_maps = mysql:/etc/postfix/mysql.aliases.cf Virtual_uid_maps = mysql:/etc/postfix/uids.cf #======= Quota ============ Message_size_limit = 2097152 4003rd 2MB limit the size of fat-mail Virtual_mailbox_limit_inbox = no Virtual_mailbox_limit_maps = mysql:/etc/postfix/mailboxsize-mysql.cf Virtual_mailbox_limit_override = yes Virtual_maildir_extended = yes Virtual_create_maildirsize = yes Virtual_mailbox_limit = 10485760 4003rd 10MB total mailbox size #====== SASL ================ Smtpd_sasl_auth_enable = yes Smtpd_sasl_security_options = noanonymous Broken_sasl_auth_clients = yes Permit_auth_destinatio reject smtpd_recipient_restrictions = permit_sasl_authenticated #smtpd_sasl_local_domain = $mydomain Smtpd_client_restrictions = permit_sasl_authenticated B) confirmed the allocation of the following contents /etc/postfix/master.cf Virtual Unix-nn --virtual C) /etc/posftix/transport.cf Editor Transport.cf examples : User = postfix Password = N29527 Dbname = mail Table = transport Select_field = transport Where_field = domain Hosts = localhost D) /etc/postfix/gids.cf Editor Gids.cf examples : User = postfix N29527 password= Dbname = mail Table = virtual_users Forty select_field = Id = where_field Hosts = localhost E) /etc/postfix/uids.cf Editor Uids.cf examples : User = postfix N29527 password= Dbname = mail Table = virtual_users Uid = select_field Id = where_field Hosts = localhost F) /etc/posftix/mysql_virtual.cf Editor Mysql_virtual.cf examples : User = postfix N29527 password= Dbname = mail Table = virtual_users Select_field = maildir Id = where_field Hosts = localhost G) mysql.aliases.cf editors /etc/postfix/mysql.aliases.cf examples : User = postfix N29527 password= Dbname = mail Table = aliases Select_field = rcpt Where_field = alias Hosts = localhost H) mailboxsize-mysql.cf editors /etc/postfix/mailboxsize-mysql.cf examples : User = postfix Password = N29527 Dbname = mail Table = virtual_users Select_field = quota Id = where_field Hosts = localhost 5) set up since the launch of Hawk# /usr/local/etc/rc.d/postfix-server.sh, 1976 Postfix-server.sh examples : #!/bin/sh Case "$ 1" in Start) [X] then if /usr/sbin/postfix /usr/sbin/postfix Start, named echo-n 'postfix' Fi ;; Stop) /usr/sbin/postfix Stop, named echo-n 'postfix' ;; *) Echo "" Echo "Usage : $ 0` `basename (start | stop)" Echo "" Exit 64 ;; Esac Hawk# chmod 755 /usr/local/etc/rc.d/postfix-server.sh 9. Installation expect.tar.gz (need tcl) Hawk# pkg_add tcl-8.3.5_2.tgz Hawk# tar zxvf expect-5.38.tar.gz Hawk# cd expect-5.38 Hawk#. /configure --enable-threads --with-tcl=/usr/local/lib/tcl8.3 --with-tclinclude=/usr/local/include/tcl8.3 Hawk# make Make install hawk# 10. Installation Courier-imap-1.7.1 (gmake need and expect) 1, the installation Remote install hawk# pkg_add-r gmake Hawk# pw useradd cnhawk g 车 (configure the software Usage run the script as normal user, not root) Hawk$ bunzip2 courier-imap-1.7.1.tar.bz2 Hawk$ tar xvf courier-imap-1.7.1.tar Hawk$ cd courier-imap-1.7.1 If your mysql please use the following translation of this order is FOSS Hawk$. /configure --without-ipv6 --enable-unicode \ --enable-workarounds-for-imap-client-bugs \ --with-mysql-libs=/usr/local/mysql/lib/mysql \ --with-mysql-includes=/usr/local/mysql/include/mysql If your mysql installation please use the following ports is the order Hawk$./configure --without-ipv6 --enable-unicode --enable-workarounds-for-imap-client-bugs --with-mysql-libs=/usr/local/lib/mysql --with-mysql-includes=/usr/local/include/mysql Hawk$ gmake Hawk# su root Gmake install hawk# Hawk# gmake install-configure 2) Allocation Editorial changes /usr/lib/courier-imap/etc/authmysqlrc authmysqlrc examples : ##VERSION : $Id : Authmysqlrc, v mrsam Exp $ 1.10 2002/04/02 23:41:41 # # Copyright 2000 Double Precision, Inc. See for COPYING # Distribution information. # # # # Do not alter lines that begin with, they are used when upgrading # This configuration. # # Authmysqlrc created from authmysqlrc.dist by sysconftool # # DO NOT INSTALL THIS FILE with world read permissions. This file # Might contain the MySQL admin password! # # Each line in this file must follow the following format : # # Field[spaces|tabs]value # # That is, the name of the field, followed by spaces or tabs, followed by # Field value. Trailing spaces are prohibited. ##NAME : LOCATION:0 # # The server name, userid, and password used to log in. MYSQL_SERVER localhost MYSQL_USERNAME courier MYSQL_PASSWORD N29527 ##NAME : MYSQL_SOCKET:0 # # MYSQL_SOCKET can be used with MySQL version 3.22 or later, it specifies the # Filesystem pipe used for the connection # MYSQL_SOCKET /tmp/mysql.sock ##NAME : MYSQL_PORT:0 # # MYSQL_PORT can be used with MySQL version 3.22 or later to specify a port to # Connect to. MYSQL_PORT 3306 ##NAME : MYSQL_OPT:0 # # Leave MYSQL_OPT as 0, unless you know what you ''re doing. MYSQL_OPT 0 ##NAME : MYSQL_DATABASE:0 # # The name of the MySQL database we will open : MYSQL_DATABASE mail ##NAME : MYSQL_USER_TABLE:0 # # The name of the table containing your user data. See README.authmysqlrc # For the required fields in this table. MYSQL_USER_TABLE virtual_users ##NAME : MYSQL_CRYPT_PWFIELD:0 # # Either MYSQL_CRYPT_PWFIELD or MYSQL_CLEAR_PWFIELD must be defined. Both # Are OK too. Crypted passwords go into MYSQL_CRYPT_PWFIELD, cleartext # Passwords go into MYSQL_CLEAR_PWFIELD. Cleartext passwords allow # CRAM-MD5 authentication to be implemented. MYSQL_CRYPT_PWFIELD password ##NAME : MYSQL_CLEAR_PWFIELD:0 # # # MYSQL_CLEAR_PWFIELD clear ##NAME : MYSQL_DEFAULT_DOMAIN:0 # # If DEFAULT_DOMAIN is defined, and someone tries to log in as' user ' # We will look up 'user@DEFAULT_DOMAIN' instead. # # # DEFAULT_DOMAIN example.com ##NAME : MYSQL_UID_FIELD:0 # Other fields in the # mysql table : # # MYSQL_UID_FIELD - contains the account of the numerical userid # MYSQL_UID_FIELD uid ##NAME : MYSQL_GID_FIELD:0 # # Numerical groupid of the account Forty MYSQL_GID_FIELD ##NAME : MYSQL_LOGIN_FIELD:0 # The Login # id, the default is id. Basically the query is : # # SELECT MYSQL_UID_FIELD, MYSQL_GID_FIELD that. . . WHERE filled="f" 'loginid' # MYSQL_LOGIN_FIELD id ##NAME : MYSQL_HOME_FIELD:0 # MYSQL_HOME_FIELD home ##NAME : MYSQL_NAME_FIELD:0 # The user # 's name (optional) MYSQL_NAME_FIELD name ##NAME : MYSQL_MAILDIR_FIELD:0 # # This is an optional field, and can be used to specify an arbitrary # Location of the maildir for the account, which normally defaults to # $HOME/Maildir (Where $HOME is read from MYSQL_HOME_FIELD). # # You still need to provide a MYSQL_HOME_FIELD, even if you uncomment this # Out. # MYSQL_MAILDIR_FIELD maildir ##NAME : MYSQL_QUOTA_FIELD:0 # # Define MYSQL_QUOTA_FIELD to be the name of the field that can optionally # Specify a maildir quota. See for more information README.maildirquota # MYSQL_QUOTA_FIELD quota ##NAME : MYSQL_WHERE_CLAUSE:0 # # This is optional, can be basically set to an arbitrary MYSQL_WHERE_CLAUSE # Fixed string that is appended to the WHERE clause of our query # MYSQL_WHERE_CLAUSE imapok=1 ##NAME : MYSQL_SELECT_CLAUSE:0 # # (EXPERIMENTAL) # This is optional, MYSQL_SELECT_CLAUSE can be set when you have a database. # Which is different from proposed structuraly. The fixed string will # Be used to do a SELECT operation on database, which should return fields # In order specified bellow : # # Username, cryptpw, relational, Forty, clearpw, home, maildir, quota, fullname # # Enabling this option causes ignorance of any other field-related # Options, excluding default domain. # # There are two variables, which you can use. Substitution will be made # For them, so you can put entered username (local part) and domain name # In the right place of your query. These variables are : # $ (Local_part) and $ (domain) # If a # $ (domain) is empty (not given by the remote user), the default domain # Name is used in its place. # # This example is a little bit modified adaptation of vmail-sql # Database scheme : # # MYSQL_SELECT_CLAUSE SELECT popbox.local_part, \ # CONCAT ( '{MD5}' popbox.password_hash) \ # Popbox.clearpw, \ # Domain.uid, \ # Domain.gid, \ # CONCAT (domain.path, '/', popbox.mbox_name) \ # '', \ # Domain.quota, \ # '', \ # FROM popbox, domain \ WHERE popbox.local_part # = '$ (local_part)' \ # AND popbox.domain_name = '$ (domain)' \ # AND popbox.domain_name = domain.domain_name # ##NAME : MYSQL_CHPASS_CLAUSE:0 # # (EXPERIMENTAL) # This is optional, MYSQL_CHPASS_CLAUSE can be set when you have a database. # Which is different from proposed structuraly. The fixed string will # UPDATE be used to do an operation on databases. In other words, it is # Used, when changing password. # # There are four variables, which you can use. Substitution will be made # For them, so you can put entered username (local part) and domain name # In the right place of your query. There are variables : # $ (Local_part) $ (domain), ($ newpass) $ (newpass_crypt) # If a # $ (domain) is empty (not given by the remote user), the default domain # Name is used in its place. # ($ Newpass) contains plain password # $ (Newpass_crypt) contains its crypted form # UPDATE popbox \ # MYSQL_CHPASS_CLAUSE # SET clearpw= '($ newpass),' \ # Password_hash= '($ newpass_crypt)' \ # WHERE local_part= '$ (local_part)' \ # AND domain_name= '$ (domain)' # Editorial changes /usr/lib/courier-imap/etc/authdaemonrc Version= "authdaemond.mysql" 3) set up since the launch of Hawk# cd /usr/local/etc/rc.d Ln-s /usr/lib/courier-imap/libexec/imapd.rc imapd.sh hawk# Ln-s /usr/lib/courier-imap/libexec/pop3d.rc pop3d.sh hawk# Hawk# chmod 755 imapd.sh Hawk# chmod 755 pop3d.sh Now testing : 1) The provision of users : Hawk# mysql Mysql>; use mail; In the database, you can see Mysql>; show tables; +----------------+ | | Tables_in_mail +----------------+ | | aliases | | transport | | virtual_users +----------------+ Mysql>; desc aliases; +-------+--------------+------+-----+---------+-------+ Null Field | Type | | | | Key | Default | Extra +-------+--------------+------+-----+---------+-------+ | | alias varchar (255) | | | | | PRI | | rcpt varchar (255) NULL | | | | | yes +-------+--------------+------+-----+---------+-------+ Mysql>; insert aliases values ( 'postmaster@the9.com,' 'cnhawk@the9.com'); Mysql>; insert aliases values ( 'postmaster@freebsd.net,' 'cnhawk@freebsd.net'); Mysql>; select * from aliases; +--------------------------+--------------------+ Rcpt alias | | | +--------------------------+--------------------+ Postmaster@the9.com cnhawk@the9.com | | | Postmaster@freebsd.net cnhawk@freebse.net | | | +--------------------------+--------------------+ Mysql>; desc transport; +-----------+-----------+------+-----+---------+-------+ Null Field | Type | | | | Key | Default | Extra +-----------+-----------+------+-----+---------+-------+ Char domain | | (128) | | | | | PRI | | transport char (128) | | | | | +-----------+-----------+------+-----+---------+-------+ Mysql>; insert transport values ( 'the9.com' and 'virtual :'); Mysql>; insert transport values ( 'freebsd.net' and 'virtual :'); Mysql>; select * from transport; +---------------+-----------+ Transport domain | | | +---------------+-----------+ Nankai.edu.cn virtual : | | | Freebsd.net virtual : | | | +---------------+-----------+ Mysql>; desc virtual_users; +-----------+---------------------+------+-----+----------+----------------+ Null Field | Type | | | | Key | Default | Extra +-----------+---------------------+------+-----+----------+----------------+ | | unique_id int (32) unsigned Utterances | | | | NULL auto_increment | Char id | | (128) | | | | | PRI Char password | | (128) | yes NULL | | | | | | uid int (10) unsigned yes | | | | | 104 | | Forty int (10) unsigned yes | | | | | 104 | Home | char (255) NULL | | | | | yes | | maildir char (255) NULL | | | | | yes Both date | | | | | date_add NULL | | Both time | | | | | time_add NULL | | | | domain char (128) NULL | | | | | yes Char name | | (255) | yes NULL | | | | | | imapok tinyint (3) unsigned yes | | | | | 1 | | quota char (255) 10485760 | | | | | yes +-----------+---------------------+------+-----+----------+----------------+ INSERT INTO virtual_users mysql>; Mysql>; (ie, home, password, maildir, date_add, time_add, domain, name) Mysql>; VALUES ( 'cnhawk@the9.com,' '/var/mail/' encrypt ( 'cnhawk'). Mysql>; 'the9.com/cnhawk/Maildir/,' '2003-04-23', '01:18:24', 'the9.com,' 'cnhawk'); INSERT INTO virtual_users mysql>; Mysql>; (ie, home, password, maildir, date_add, time_add, domain, name) Mysql>; VALUES ( 'hawk@freebsd.net,' '/var/mail/' encrypt ( 'N29527'). Mysql>; 'freebsd.net/hawk/Maildir/,' '2003-04-23', '01:18:24', 'freebsd.net,' 'N29527'); Mysql>; quit 2) a user with a list of powers : Mkdir-p /var/mail/the9.com/cnhawk hawk# Mkdir-p /var/mail/freebsd.net/hawk hawk# Hawk# cd /usr/lib/courier-imap/bin Hawk#. /maildirmake /var/mail/the9.com/cnhawk/Maildir Hawk#. /maildirmake /var/mail/freebsd.net/hawk/Maildir Hawk# chmod-R 700 /var/mail/the9.com/ Hawk# chmod-R 700 /var/mail/freebsd.net/ Hawk# chown-R postfix:postfix /var/mail/the9.com Hawk# chown-R postfix:postfix /var/mail/freebsd.net With completion of installed users, the use of only two virtual domain here, empathy can set up several virtual domain, such as : mail.com 3) test : User Login Hawk# Telnet 127.0.0.1 110 Trying 0.0.0.0. . . Connected to 0. Escape character is' ^] '. +OK Hello there. User cnhawk@the9.com +OK Password required. Pass cnhawk +OK Logged in. (OK, recorded successful pop) Quit +OK Bye-bye. Connection closed by foreign host. Can also use any other mail client to test procedures, Foxmail, Outlook Express and so on. Before installing webmail Installation igenus 1. Installation : N29527 # cd /usr/ports/www/apache2 N29527 # make install Hawk# cd /usr/ports/www/mod_php4 Make install hawk# Hawk# cd /var/mail Hawk# tar zxvf igenus_docn.tar.gz Hawk# /usr/local/apache/conf/httpd.conf, 1976 2. Allocation : 1) Group nobody, nobody User Is amended as follows : Group postfix, User postfix 2) DocumentRoot "/usr/local/apache/htdocs" DocumentRoot amended as follows : "/var/mail/webmail" 3) Locating AddDefaultCharset ISO-8859-1 Chinese support to AddDefaultCharset # GB2312 Add AddType application/x-httpd-php. PHP support #php 4) Revise the document config_inc.php $CFG_BASEPATH = "/var/mail/webmail"; $CFG_MYSQL_HOST = 'Localhost'; $CFG_MYSQL_USER = 'Postfix'; $CFG_MYSQL_PASS = 'N29527'; (With the above code will be able to amend its own) $CFG_MYSQL_DB = 'Mail'; 5) Editing /usr/local/etc/php.ini revised : Cp /usr/local/etc/php.ini-dist /usr/local/etc/php.ini Register_globals = On 3. : Finally the URL in a browser : Input Http://IP no position directly in front of the DNS domain name with DNS 1. Laws /etc/php.ini Max_execution_time = 30 # 60 (Script increase the time limit) Memory_limit = 8M to 40M # (10M order issued in the annex) Post_max_size # = 2M to 10M # = 2M to 10M upload_max_filesize 2. Laws /etc/httpd/conf.d/php.conf "Files *.php>; SetOutputFilter PHP SetInputFilter PHP LimitRequestBody put 524,288 to 524,288 # 10485760 "/Files>; Upload here LimitRequestBody 524288 limit the annex to the maximum 512k, to read 10M 3. Laws /etc/postfix/main.cf, add the following lines : Message_size_limit = 14336000 10M postfix is the default values, it refers to the sum of the annex mail text and coding, after base64 encoding, annex 35% increase in the size, the size of 14M on journeys here set acceptable Mail Can be used to detect the following order : the creation of the postfix /usr/sbin/postconf | Grep size 4. Up the x and postfix. Some anti-virus anti-spam mail 1. Install McAfee uvscan The latest version of BSD is vbsd424e, but can be upgraded while the trial is not functional limitations. The latest version of the virus reservoir is dat-4306.tar = b4af8aa33b670d15cc43ebf6f4967498 How your ports of the virus database is not the latest version of the document could be amended ports can be downloaded directly to the above www.nai.com Install McAfee AntiVirus Hawk# cd /usr/ports/security/vscan Make install clean hawk# Installation 2.AMaViS AMaViS uvscan and postfix is a bridge between the complete decoding mail, uvscan to check narcotics, and then address the transmitting operation. 2.1 installed in ports The version here was the amavisd-new-20030616 Hawk# cd /usr/ports/security/amavisd-new/ # Make install clean Hawk# cd /usr/local/etc Hawk# cp amavisd.conf-dist amavisd.conf Hawk# chown vscan amavisd.conf Hawk# chmod 750 amavisd.conf Hawk# chown vscan /usr/local/sbin/amavisd Hawk# chmod 750 /usr/local/sbin/amavisd Laws amavisd.conf $mydomain = 'The9.com'; (Revise your own) $TEMPBASE = "/tmp"; $forward_method = 'Smtp:127.0.0.1:10025'; $notify_method = $forward_method; The following can determine your server $virus_admin = "Vscan\@$mydomain" $mailfrom_notify_admin = "Vscan\@$mydomain"; $mailfrom_notify_recip = "Vscan\@$mydomain"; $mailfrom_notify_spamadmin = "Vscan\@$mydomain"; # $QUARANTINEDIR = '/var/virusmails'; 220 Laws postfix /etc/postfix/master.cf In China SMTP inet n-n-- smtpd To read as follows : Smtp-amavis Unix--n-2 SMTP -o Smtp_data_done_timeout=1200 -o Disable_dns_lookups=yes 127.0.0.1:10025 inet n-n-- smtpd -o Content_filter= 127.0.0.1:10025 content_filter attention to the blank, it is because the main.cf postfix, content_filter definition earlier in the case, it may be kept in the local mail, send it to ourselves, if this is the case, postfix log will appear the following message "Error : too many hops." Test /usr/local/sbin/postfix Stop hawk# Hawk# /usr/local/sbin/postfix start Hawk# su-vscan Hawk# /usr/local/sbin/amavisd Killing Start another terminal : Hawk# Telnet 127.0.0.1 10024 Trying 127.0.0.1. . . Connected to localhost.the9.com. Escape character is' ^] '. 220 [127.0.0.1] authentication service ready amavisd-new MAIL FROM:<cnhawk@the9.com>; 250 2.1.0 Sender cnhawk@the9.com OK RCPT TO:<cnhawk@the9.com>; 250 2.1.5 Recipient cnhawk@the9.com OK DATA 354 End data with the "CR>;<LF>;.<CR>;<LF>; Subject : Test 2 X5O!P%@AP[4\PZX54 (P^) 7CC) 7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* . 250 2.5.0 Ok, id=00116-02, BOUNCE "-- said such a system has identified this mail contains Virus QUIT Spamassassin 2.3 Installation and Configuration In the latest combination of Spamassassin AMaVisd-new already functional, so long as the use of ports installed AMaVisd-ne, Spamassassin has been installed as well. Port : amavisd-new-20030616.p5 Path : /usr/ports/security/amavisd-new Info : Performance-enhanced daemonized version of amavis-perl Maint : blaz@si.FreeBSD.org Index : security B-deps : R-deps : arc-5.21e.8_1 freeze-2.5_1 lha-1.14i_1 lzo-1.08_1 lzop-1.01 p5-Archive-Tar-1.05 p5-Archive-Zip-1.06 p5-Authen-SASL-2.04 p5-Compress-Zlib-1.22 p5-Convert-TNEF-0.17 p5-Convert-UUlib-0.213 p5-Digest-HMAC-1.01 p5-Digest-MD5-2.27 p5-Digest-Nilsimsa-0.06 p5-Di gest-SHA1-2.04 p5-File-Spec-0.82 p5-HTML-Parser-3.31 p5-HTML-Tagset-3.03 p5-IO-1.20 p5-IO-stringy-2.108 p5-MIME-Base64-2.20 p5-MIME-Tools-5.411a_2 p5-Mail-SpamAssassin-2.55 p5-Mail-Tools-1.58 p5-Net-1.16. 1 p5-Net-DNS-0.40 p5-Net-Server-0.85 p5-PodParser-1.24 p5-Test-Harness-2.28 p5-Test-Simple-0.47_1 p5-Time-HiRes-1.50. 1 p5-URI-1.25 p5-Unix-Syslog-0.100 razor-agents-2.36 unarj-2.43_1 unrar-3.20,2 zoo-2.10.1 If not Spamassassin server function that such a step could be abolished. Add the needs of users Hawk# pw useradd spam-c "Spam Bayes Learner" s-d /var/empty /sbin/nologin Hawk# pw useradd notspam-c "Not Spam Bayes Learner" s-d /var/empty /sbin/nologin Laws /usr/local/etc/mail/spamassassin/local.cf Use_bayes 1 Bayes_path /var/amavis/.spamassassin/bayes Auto_learn 1 Auto_learn_threshold_nonspam -2 Auto_learn_threshold_spam 15 Laws /usr/local/etc/amavisd.conf $max_servers = 2; $max_requests = 10; $child_timeout=5*60; bypass_virus_checks_acl = Po, qw (); local_domains_acl = (. " $mydomain "); $final_spam_destiny = D_PASS; Read_hash (\%whitelist_sender '/var/amavis/whitelist'); Read_hash (\%blacklist_sender '/var/amavis/blacklist'); Read_hash (\%spam_lovers' /var/amavis/spam_lovers'); # SpamAssassin settings #$sa_local_tests_only = 1; $sa_auto_whitelist = 1; $sa_mail_body_size_limit = 64*1024; $sa_tag_level_deflt = Castant $sa_tag2_level_deflt = 6.3; $sa_kill_level_deflt = $sa_tag2_level_deflt; $sa_spam_subject_tag = '***SPAM***'; Establish the required documentation Hawk# touch /var/amavis/whitelist Hawk# touch /var/amavis/blacklist Hawk# touch /var/amavis/spam_lovers Hawk# chown vscan /var/amavis/whitelist Hawk# chown vscan /var/amavis/blacklist Hawk# chown vscan /var/amavis/spam_lovers Hawk# echo spam@the9.com ";>; /var/amavis/spam_lovers Hawk# echo notspam@the9.com ";>; /var/amavis/spam_lovers Laws /usr/local/etc/postfix/main.cf Add Content_filter = smtp-amavis:[127.0.0.1]:10024 Create automatic learning systems Bayesian Learning Script Hawk# vi /usr/local/sbin/my-sa-learn.sh #!/bin/sh Then if [-e /var/mail/spam] /usr/local/bin/sa-learn --spam-P /var/amavis/.spamassassin/user_prefs --mbox /var/mail/spam Rm /var/mail/spam "; /dev/null Fi Then if [-e /var/mail/notspam] /usr/local/bin/sa-learn --ham-P /var/amavis/.spamassassin/user_prefs --mbox /var/mail/notspam Rm /var/mail/notspam "; /dev/null Fi Bayes build the knowledge base : study Hawk# /usr/bin/sa-learn --rebuild-p /var/amavis/.spamassassin/user_prefs This will automatically learn the Hawk# chmod 700 /usr/local/sbin/my-sa-learn.sh Hawk# crontab-e 5 0 * * * /usr/local/sbin/my-sa-learn.sh Now restart services to allow the entry into force /usr/local/etc/rc.d/postfix.sh Stop hawk# Hawk# /usr/local/etc/rc.d/postfix.sh start /usr/local/etc/rc.d/amavisd.sh Stop hawk# Hawk# /usr/local/etc/rc.d/amavisd.sh start If the spamd use Spamassassin also need to be restarted. AMaVisd start, to confirm whether anti-virus software is found NAI hawk# cat /var/log/maillog |grep Dec 1 03:37:07 N29527 amavis[112] : Found primary av scanner NAI McAfee AntiVirus (uvscan) at /usr/local/bin/uvscan Dec 1 15:36:00 N29527 amavis[110] : Found primary av scanner NAI McAfee AntiVirus (uvscan) at /usr/local/bin/uvscan Dec 1 16:14:28 N29527 amavis[110] : Found primary av scanner NAI McAfee AntiVirus (uvscan) at /usr/local/bin/uvscan If such a message anti-virus software have been found Script virus update Wget needs support Wget installed Hawk# pkg_add-r wget Installed Hawk# vi /usr/local/libexec/uvscan/update-dat.sh Add the following elements #!/bin/sh # # Update-dat.sh # Cd /usr/local/libexec/uvscan/ Wget-q-O readme.txt http://download.nai.com/products/datfiles/4.x/nai/readme.txt ";/dev/null AVVER=`head -11 readme.txt | grep '4[0-9][0-9][0-9]' | head -1 | sed - e 's/^.*\ (4[0-9]*\). *$/\1/ ' ` If [!] Then-f dat-$AVVER.tar For i in *.tar; do Mv $i $i.old Done If wget http://download.nai.com/products/datfiles/4.x/nai/dat-$AVVER.tar ";/dev/null; then For i in *.dat; do Cp-p $i $i.bak Done If tar xf dat-$AVVER.tar; then Rm-f *.old DAT files to echo `date` Successfully updated AntiVirus $AVVER Fi Fi Fi Crontab regularly placed on the automatic operation of the document will be automatically updated virus. Hastily prepared Thanks to a friend of mine CHINAUNIX FREEBSD postfix on the use of the Anti-mail anti-virus system I entirely through speeding up the improvement in test files FREEBSD postfix on the use of the Anti-mail anti-virus system All the basic functions through enough testing FREEBSD postfix on the use of the Anti-mail anti-virus system Good FREEBSD postfix on the use of the Anti-mail anti-virus system Yes. Pouring cold water on points : I would like you to install SMTP Diez cyrus-sasl2 intention is to be done, but not like in your article, SMTP Diez tests. Also, as far as I know does not support mysql cyrus-sasl2 the encrypted password, I do not know how you prepared to solve this problem? FREEBSD postfix on the use of the Anti-mail anti-virus system OK, sorry, forgot you use pam. FREEBSD postfix on the use of the Anti-mail anti-virus system SMTP Diez through, I had forgotten to write, and so on fill FREEBSD postfix on the use of the Anti-mail anti-virus system --> Sasl1 support encryption password : mysql) FREEBSD postfix on the use of the Anti-mail anti-virus system --> You sure? Sasl1 does not support mysql, mysql support is achieved through the patch, the patch was later joined sasl2 so sasl2 formal support mysql. If sasl1 supported mysql password encryption, it is no reason not to support sasl2 Lane. When I go to read code. . . FREEBSD postfix on the use of the Anti-mail anti-virus system Add Sectional Drawing [img]http://album3.chinaren.com/album/98/62/51246298/1208940.jpg[/img] FREEBSD postfix on the use of the Anti-mail anti-virus system Very good first accepted! FREEBSD postfix on the use of the Anti-mail anti-virus system Jiujiu, lonely eagle chicks. Cheerleading Cheerleading was on the freebsd. Witness the swelling of the chick. Cheerleading recently Linux loopholes really handy way. Happy FREEBSD postfix on the use of the Anti-mail anti-virus system : Shock : FREEBSD postfix on the use of the Anti-mail anti-virus system Surprised that the front 都ok, not only on anti-virus installed. DATA 354 End data with the "CR>;<LF>;.<CR>;<LF>; Subject : Test 2 X5O!P%@AP[4\PZX54 (P^) 7CC) 7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* . 450 4.4.1 Can 't connect to 127.0.0.1 port 10025, the 2848 Connection refused at /usr/local/sbin/amavisd line, "GEN3>; chunk 6. . id=01099-01 FREEBSD postfix on the use of the Anti-mail anti-virus system Yes. FREEBSD postfix on the use of the Anti-mail anti-virus system As its title. Can the redhat linux as on the allocation? Even the investigation but did not find what www.nai.com products for redhat Linux AS. Frank first one. FREEBSD postfix on the use of the Anti-mail anti-virus system As its title. Can the redhat linux as on the allocation? Even the investigation but did not find what www.nai.com products for redhat Linux AS. Frank first one. FREEBSD postfix on the use of the Anti-mail anti-virus system Can Linux use in the other platforms, such as Linux AS antimoine platform. I www.nai.com searched for a moment, does not seem relevant for Linux as a product antimoine Xie. [ Closed window ]