参考文档:
http://www.pipeline.com.au/staff/mbowe/isp/webmail-server.htm
http://www.jerfu.com/toaster/FullToaster_1.0.6.html
http://shupp.org/toaster/
本文将结合以上三个文档,介绍自己在 Solaris 8 下和 RedHat 7.2 下的安装经验。 LAMP 的安装,不再赘述,包括 SSL 的支持也不在这里叙述。笔者尽量用简明的安装脚本来解释安装中需要注意的问题。
作者:FreeLAMP.com 徐永久
最后更新:2003年6月10日 星期二
各种软件的下载地点在文后列出。我喜欢把下载以后的文件集中在一个目录存放,
假设我们把下载后的文件存放的目录叫做 $QM_GZDIR 表示存放 qmail 相关的 .tar.gz 的目录。
在下面的安装脚本中,你可以用 export QM_GZDIR=/root/download/qmail 等来使用这个变量。
一、安装 UCSPI-TCP
cd /usr/local/src
tar xzf $QM_GZDIR/ucspi-tcp-0.88.tar.gz
chown -R root.root ucspi-tcp-0.88
cd ucspi-tcp-0.88
# 对 rblsmtpd 打补丁,使之能够使用所有最新的 RBL 区
# 这个补丁可以定制一个错误信息返回给发信人。
patch -p0 rblsmtpd.c < $QM_GZDIR/ucspi-rss.diff
# 修改 rblsmtpd.c 以增加错误文本的最大长度,从 200个字符修改为 500 个。
# 这样就可以把足够说明问题的信息返回给被 RBL 过滤掉的发件人。
vi rblsmtpd.c
去 166 行,修改
if (text.len > 200) text.len = 200;
为:
if (text.len > 500) text.len = 500;
make
make setup check
二、安装 DAEMONTOOLS
mkdir -p /package
chmod 1755 /package
cd /package
tar xzfp $QM_GZDIR/daemontools-0.76.tar.gz
cd admin/daemontools-0.76
package/install
安装完毕,用 ps -ef|grep sv 就可以看到有进程在跑了。
需要注意的是,在 Solaris 上需要修改 /etc/inittab 中的
SV:123456:respawn:/command/svscanboot
为:
SV:123456:respawn:/command/svscanboot </dev/null >/dev/msglog 2>&1
才可以看到进程运行。
无论是 Solaris 还是 Linux ,如果不想 daemontools 运行,可以注释掉
inittab 中的这句话,然后用 init q 命令重新刷新一下运行级别即可。
三、安装 qmail
这部分是最冗长,也是最核心的部分。各人有各人的做法,真的是千奇百怪。
或许是系统的体例或者习惯不一样吧,例如很多的文档喜欢把 .tar.gz 解压到
/var/src 下,我认为 Linux 下的作风是 /usr/local/src ,因此我固执的把这种作风
移植到了 Solaris 上面。
cd /usr/local/src
groupadd nofiles
useradd -g nofiles -d /var/qmail qmaild
useradd -g nofiles -d /var/qmail qmaill
useradd -g nofiles -d /var/qmail qmailp
useradd -g nofiles -d /var/qmail/alias alias
groupadd qmail
useradd -g qmail -d /var/qmail qmailq
useradd -g qmail -d /var/qmail qmailr
useradd -g qmail -d /var/qmail qmails
tar xzf $QM_GZDIR/qmail-1.03.tar.gz
cd qmail-1.03
# 对 dns 打补丁
patch -p1 < $QM_GZDIR/qmail-103.patch
# 对 qmailqueue 打补丁
# 这个补丁能支持其他一些流行的附加产品,例如 Qmail-Scanner
patch -p1 < $QM_GZDIR/qmailqueue-patch
# 针对 qmail-local 和 qmail-pop3d 能和 maildir++ quota 兼容而打补丁
patch < $QM_GZDIR/qmail-maildir++.patch
# 针对本地时间戳打补丁,使邮件头上的时间显示为本地时间而不是 GMT。
patch -p1 < $QM_GZDIR/qmail-date-localtime.patch.txt
# 支持 badmailfrom 的日志记录以及 badrcptto 功能。
patch < $QM_GZDIR/qmail-badmailfrom-badrcptto.patch.txt
# 修改qmail-smtpd.c ,以防止远程服务器发送非法格式的邮件,导致服务死循环。
vi qmail-smtpd.c
在大约 51 行左右把 straynewline 函数的 451 修改成 553
make
make setup check
(cd ~alias; touch .qmail-postmaster .qmail-mailer-daemon .qmail-root)
chmod 644 ~alias/.qmail*
./config-fast mail.abc.com
cp $QM_GZDIR/qmailctl.txt /var/qmail/bin/qmailctl
chmod 755 /var/qmail/bin/qmailctl
ln -s /var/qmail/bin/qmailctl /etc/rc.d/init.d/qmail
ln -s /var/qmail/bin/qmailctl /usr/bin
mkdir -p /var/qmail/supervise/qmail-send/log
mkdir -p /var/qmail/supervise/qmail-smtpd/log
mkdir -p /var/qmail/supervise/qmail-pop3d/log
chmod +t /var/qmail/supervise/qmail-send
chmod +t /var/qmail/supervise/qmail-smtpd
chmod +t /var/qmail/supervise/qmail-pop3d
vi /var/qmail/supervise/qmail-send/run
#!/bin/sh
exec env - PATH="/var/qmail/bin:$PATH" qmail-start ./Maildir/
vi /var/qmail/supervise/qmail-send/log/run
#!/bin/sh
# Keep 30 logs of max 10Mb each
#
# They will get rotated when they reach 10Mb in size,
# or at midnight when our crontab script fires (whichever event comes 1st)
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s10000000 n30 /var/log/qmail/send
vi /var/qmail/supervise/qmail-smtpd/run
#!/bin/sh
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
exec /usr/local/bin/softlimit -m 2000000 \
/usr/local/bin/tcpserver \
-v -x /home/vpopmail/etc/tcp.smtp.cdb \
-c 20 -R -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
/usr/local/bin/rblsmtpd -b -C \
-r 'relays.ordb.org:Your message was rejected because the mail server you use is configured to allow OPEN RELAY - More detailed information regarding this problem is available from http://www.ordb.org/lookup/?%IP% - Please forward this error through to your email server support staff for easy resolution.' \
-r 'inputs.relays.osirusoft.com:Your message was rejected because the mail server you use is either configured to allow OPEN RELAY - More information regarding this problems is available at http://relays.osirusoft.com/cgi-bin/rbcheck.cgi?addr=%IP% - Please forward this error to your email server support staff for resolution.' \
-r 'proxies.relays.monkeys.com:Your message was rejected because the message was sent from an OPEN PROXY - More information regarding this problems is available at http://www.monkeys.com/upl/listed-ip-0.cgi?ip=%IP% - Please forward this error to your email server support staff for resolution.' \
/var/qmail/bin/qmail-smtpd 2>&1
vi /var/qmail/supervise/qmail-smtpd/log/run
#!/bin/sh
# Keep 30 logs of max 10Mb each
#
# They will get rotated when they reach 10Mb in size,
# or at midnight when our crontab script fires (whichever event comes 1st)
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s10000000 n30 /var/log/qmail/smtpd
vi /var/qmail/supervise/qmail-pop3d/run
#!/bin/sh
exec /usr/local/bin/softlimit -m 3000000 \
/usr/local/bin/tcpserver \
-v -x /etc/tcp.pop3.cdb -c 30 -R 0 pop3 \
/var/qmail/bin/qmail-popup mail.abc.com \
/home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 2>&1
vi /var/qmail/supervise/qmail-pop3d/log/run
#!/bin/sh
# Keep 30 logs of max 10Mb each
# They will get rotated when they reach 10Mb in size,
# or at midnight when our crontab script fires (whichever event comes 1st)
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s10000000 n30 /var/log/qmail/pop3d
修改 crontab ,使之每天转储 qmail 的日志文件。
crontab -e
0 0 * * * /usr/local/bin/svc -a /service/qmail-smtpd/log
0 0 * * * /usr/local/bin/svc -a /service/qmail-send/log
0 0 * * * /usr/local/bin/svc -a /service/qmail-pop3d/log
chmod 755 /var/qmail/supervise/qmail-send/run
chmod 755 /var/qmail/supervise/qmail-send/log/run
chmod 755 /var/qmail/supervise/qmail-smtpd/run
chmod 755 /var/qmail/supervise/qmail-smtpd/log/run
chmod 755 /var/qmail/supervise/qmail-pop3d/run
chmod 755 /var/qmail/supervise/qmail-pop3d/log/run
mkdir /var/log/qmail
mkdir /var/log/qmail/smtpd
mkdir /var/log/qmail/send
mkdir /var/log/qmail/pop3d
chown -R qmaill /var/log/qmail
ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /var/qmail/supervise/qmail-pop3d /service
当您实施到这里的时候,运行 qmailctl start 你就可以看到四个 qmail 的进程在运行了。在我的机器上用
ps -ef|grep qmail 可以看到其中有如下四行:
qmails 18985 18975 0 16:28 ? 00:00:00 qmail-send
root 18993 18985 0 16:28 ? 00:00:00 qmail-lspawn ./Maildir/
qmailr 18994 18985 0 16:28 ? 00:00:00 qmail-rspawn
qmailq 18995 18985 0 16:28 ? 00:00:00 qmail-clean
这个时候,并不能保证你能用 telnet localhost 25 或者 110 正常登录了。
如果缺少 /home/vpopmail/etc/tcp.smtp 文件,那么系统也不能正常工作。
这个文件作在 /home/vpopmail 下的原因是 vpopmail 配置默认就在这里。
这个文件用于控制允许 relay 的服务器。
vi /home/vpopmail/etc/tcp.smtp
#------------------------------------------------------
# DESCRIPTION OF THE RULES TO REMIND ME OF HOW THIS FILE WORKS
#
# If you set 'allow', this means that our mail server will allow
# the specified ip range to make a TCP connection to our server
#
# If you set 'deny', this means that our mail server will not allow
# the specified ip range to make a TCP connection to our server
#
# If you set RELAYCLIENT="", this means that the listed IP range is
# allowed to relay mail through our server
#
# If you dont set RELAYCLIENT="", this means that the listed IP range
# will not be able to relay mail through our server
#
# If you set RBLSMTPD="", this means that the listed IP ranges will
# not be checked against any of the RBL databases
#
# If you set RBLSMTPD="some text here", this means that an RBL lookup
# wont be performed, but the mail will be rejected with the specified
# text as a 4xx temp error message
#
# If you set RBLSMTPD="-some text here", this means that an RBL lookup
# wont be performed, but the mail will be rejected with the specified
# text as a 5xx perm error message
#
# If you do not set RBLSMTPD="" or ="some text", then an RBL lookup
# will be performed. If the lookup is successful, then RBLSMTPD will
# return your custom error message (as specified in the -r parameter
# in smtpd supervise script)
#-----------------------------------------------------
# HERE ARE THE RULES :
#----------------------------------------------------------------
# local class-c's allowed to relay WITHOUT RBL checking
123.123.123.:allow,RELAYCLIENT="",RBLSMTPD=""
123.111.111.:allow,RELAYCLIENT="",RBLSMTPD=""
#----------------------------------------------------------------
# these ips are ones that we have setup so that they arent RBL checked
# usually because we have spoken with the owners of the mail server
# in question and for one reason or another they cannot update their
# config, and we still want to be able to receive mail from them.
#
# reminder text goes here for this entry so we know the story...
111.111.111.:allow,RBLSMTPD=""
# reminder text goes here for this entry so we know the story...
222.222.222.222:allow,RBLSMTPD=""
#-----------------------------------------------------------------
# mailXX.offermail.net connecting regularly and sending invalid
# format messages causing exit with status 256 (bare linefeed normally)
# entry added 15/12/2001
# after looking at the mail coming from these servers it was found to be spam
216.242.75.100-116:allow,RBLSMTPD="-Connections from this IP have been banned."
#
#-----------------------------------------------------------------
# heaps of spam from replyto of *@freeamateurhotties.com dec2001
64.228.127.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
154.20.94.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
154.20.96.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
154.20.97.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
154.20.98.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
209.151.132.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
209.151.131.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
216.18.85.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
#-----------------------------------------------------------------
# himailer spam 15/7/02
61.230.72-75.:allow,RBLSMTPD="-Connections refused due to spam from HiMailer.com"
#
#-----------------------------------------------------------------
# Allow connections from localhost,
# allow relay (cause the WebMail server runs on localhost),
# and dont do RBL lookup
127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""
#-----------------------------------------------------------------
# Everyone else can make connections to our server, but not allowed to relay
# RBL lookups are performed
:allow
接下来配置 /home/vpopmail/etc/tcp.pop3 文件,这个文件控制允许存取 pop3
服务的机器,在有人攻击 pop3 服务器的时候,可以用这个文件阻止攻击者的 IP 地址。
vi /home/vpopmail/etc/tcp.pop3
# Allow any client to connect to us via POP3
# If people are abusing POP3 such as denial-of-service on POP3,
# you can add their ips here to block them out
:allow
# 然后重新建立 /home/vpopmail/etc/tcp.smtp 以及 /home/vpopmail/etc/tcp.pop3 的数据库文件
qmailctl cdb (需要修改脚本 qmailctl 的脚本,cdb 那段的目录修改为 /home/vpopmail )
假定你已经删除机器上原来安装的 sendmail 或者 postfix 之类的程序,然后:
ln -s /var/qmail/bin/sendmail /usr/lib
ln -s /var/qmail/bin/sendmail /usr/sbin
# 把 postmaster@abc.com 作为弹回邮件的发送者。
echo 'postmaster' > /var/qmail/control/bouncefrom
# 让 qmail 发送两次弹回的邮件给 doublebounce@abc.com
echo 'doublebounce' > /var/qmail/control/doublebounceto
echo 'abc.com' > /var/qmail/control/doublebouncehost
# 如果需要丢弃两次弹回的邮件,就采用:
echo '#' > ~alias/.qmail-doublebounce
# 把邮件最大设为 20MB。
echo '20480000' > /var/qmail/control/databytes
# 邮件队列最多等待 4天。
echo '345600' > /var/qmail/control/queuelifetime
qmailctl restart 我们可以用 telnet localhost 25 和 110 来分别测试服务运行的情况了。
四、安装 Vpopmail
groupadd -g 89 vchkpw
useradd -g vchkpw -u 89 vpopmail
cd /usr/local/src
tar xzf $QM_GZDIR/vpopmail-5.3.20.tar.gz
cd vpopmail-5.3.20
chmod 600 vmysql.h
vi vmysql.h
#define MYSQL_UPDATE_USER "vpopmailuser"
#define MYSQL_UPDATE_PASSWD "vpoppasswd"
#define MYSQL_READ_USER "vpopmailuser"
#define MYSQL_READ_PASSWD "vpoppasswd"
修改为适合自己的用户名和口令。
在 MySQL 上建立数据库 vpopmail ,并用
grant 命令给以上的用户名和口令赋权限。
配置命令:
./configure --enable-mysql=y --enable-roaming-users=y --enable-mysql-logging=y --enable-clear-passwd=y \
--enable-default-domain=yourdomain.com --enable-defaultquota=50M \
--enable-incdir=/opt/mysql/include/mysql --enable-libdir=/opt/mysql/lib/mysql
make
make install-strip
vi /home/vpopmail/domains/.quotawarn.msg
可以建立磁盘限额报警信息。
也可以提醒发件人,收件人的磁盘已满:
echo "Message rejected. Not enough storage space in user's mailbox to accept message." > /home/vpopmail/domains/.over-quota.msg
五、安装 COURIER IMAP
cd /usr/local/src
tar xjf $QM_GZDIR/courier-imap-1.7.3.tar.bz2
cd courier-imap-1.7.3
vi maildir/maildirpurgetmp.c
在大约 64 行,把
&& stat_buf.st_ctime < current_time - nage)
修改为:
&& stat_buf.st_mtime < current_time - nage)
主要解决 IMAP 文件夹同步等按邮件到达时间还是按修改时间的问题。
./configure \
--disable-root-check \
--without-authdaemon \
--with-authvchkpw
(这一步会花比较长的时间,请耐心等候)
make
// make check ; 用于检查错误 --enable-workarounds-for-imap-client-bugs
make install-strip
make install-configure
vi /usr/lib/courier-imap/etc/imapd
(注意是 /usr/lib 不是 /usr/local 有的文档写 /usr/local 是不对的)
设置或者修改如下参数:
MAXDAEMONS=40 <- IMAP 服务的最多数目
MAXPERIP=100 <- 每个 IP 地址允许的最多连接数
TCPDOPTS="-nodnslookup -noidentlookup -user=vpopmail -group=vchkpw" <-用指定的用户和组运行 IMAP 服务
AUTHMODULES="authvchkpw" <-用 authvchkpw 作口令认证
IMAP_EMPTYTRASH=Trash:7,Sent:30 <-垃圾箱中的邮件7天后自动删除,已发送邮件 30 天。
IMAPDSTART=YES 设置 imapd 为启动。
vi /usr/lib/courier-imap/libexec/imapd.rc
修改:
/usr/lib/courier-imap/libexec/couriertcpd -address=$ADDRESS \
为:
/usr/lib/courier-imap/libexec/couriertcpd -address=$ADDRESS \
-user=vpopmail -group=vchkpw
六、测试
测试 POP3 服务:
telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
+OK Hello there.
user user@abc.com
+OK Password required.
pass [password]
+OK logged in.
quit
+OK Bye-bye.
Connection closed by foreign host.
测试 IMAP 服务:
telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
* OK Courier-IMAP ready. Copyright 1998-2001 Double Precision, Inc. See COPYING for distribution information.
a001 login user@abc.com [password]
a001 OK LOGIN Ok.
a001 logout
* BYE Courier-IMAP server shutting down
a001 OK LOGOUT completed
Connection closed by foreign host.
如果不能退出用 Ctrl-] 退出到 telnet> 状态,然后 quit 退出。
七、安装 Squirrelmail
cd /usr/local/apache/htdocs
tar -xzf $QM_GZDIR/squirrelmail-1.4.0.tar.gz
mv squirrelmail-1.4.0 webmail
cd webmail
mkdir attachment
chown -R www.www data
chown -R www.www attachment
chmod 733 attachment
./configure
这个脚本应该比较简单了,但是需要注意的是,需要把 IMAP 配置修改为 courier 类型。
configure 时有关于 Inbox/Trash/Sent 等邮件夹的命名,需要和 /usr/lib/courier-imap/etc/imapd 中的邮件夹对应起来。
修改语言的地方是 locale/zh_CN/LC_MESSAGES 下的 squirrelmail.po 。
修改完毕后,用 msgfmt -o squirrelmail.mo squirrelmail.po 来格式化一下。
另外有一些好的 Plugin 可以去 www.squirrelmail.org 下载,但是国内封锁了这个地址,需要用代理服务器才能访问,建议您寻找合适的代理服务器去访问。
在 Linux Console 下用 wget 去下载这些 plugin 时,需要设置:
export http_proxy="ns.proserv.co.jp:80"
然后就可以用 wget 下载了。
八、需要注意的其他事项:
1、安装 PHP 时需要配置的 php.ini 的参数:
max_execution_time=60
memory_limit=10M
post_max_size=8M
upload_max_filesize=8M
file_uploads=On
log_errors=On
error_log=/usr/local/apache/logs/php.error
如果你看到没有这个错误文件产生,需要 touch 这个文件,并让 www 用户有权写这个文件。
然后重新启动 apache 就应该可以了。
需要说明的是,您的 php.ini 并不一定使用以上的目录,您需要建立一个页面 test.php
<?php
phpinfo();
?>
查找 php.ini,确认您的 php.ini 的路径是否和自己建立的一致。
另外用 CGI 方式的 php 程序,可以在命令行下用 php -i|grep php.ini 知道 php.ini的路径。
建立 SquirrelMail 用户配置文件的数据库,
建议建立在 vpopmail 数据库上。
CREATE TABLE address_book (
owner varchar(128) DEFAULT '' NOT NULL,
nickname varchar(16) DEFAULT '' NOT NULL,
firstname varchar(128) DEFAULT '' NOT NULL,
lastname varchar(128) DEFAULT '' NOT NULL,
email varchar(128) DEFAULT '' NOT NULL,
label varchar(255),
PRIMARY KEY (owner,nickname),
KEY firstname (firstname,lastname)
);
CREATE TABLE userprefs (
user varchar(128) DEFAULT '' NOT NULL,
prefkey varchar(64) DEFAULT '' NOT NULL,
prefval blob DEFAULT '' NOT NULL,
PRIMARY KEY (user,prefkey)
);
quit
===============================================
附件:
文件下载记录:
wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz
wget http://cr.yp.to/software/qmail-1.03.tar.gz
wget http://www.ckdhr.com/ckd/qmail-103.patch
wget http://www.qmail.org/qmailqueue-patch
wget http://www.shupp.org/patches/qmail-maildir++.patch
wget ftp://ftp.pipeline.com.au/PipeInt/Sources/Linux/WebMail/qmail-date-localtime.patch.txt
wget ftp://ftp.pipeline.com.au/pipeint/sources/linux/WebMail/qmail-badmailfrom-badrcptto.patch.txt
wget ftp://ftp.pipeline.com.au/pipeint/sources/linux/WebMail/qmailctl.txt
wget http://www.inter7.com/devel/vpopmail-5.3.20.tar.gz
wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
wget http://www.qmail.org/ucspi-rss.diff
wget http://apache.linuxforum.net/dist/httpd/httpd-2.0.45.tar.gz
wget http://flow.dl.sourceforge.net/sourceforge/squirrelmail/squirrelmail-1.4.0.tar.bz2
wget http://telia.dl.sourceforge.net/sourceforge/courier/courier-imap-1.7.3.tar.bz2
wget http://telia.dl.sourceforge.net/sourceforge/courier/maildrop-1.5.3.tar.bz2
wget http://telia.dl.sourceforge.net/sourceforge/qmail-scanner/qmail-scanner-1.15.tgz
wget http://www.jerfu.com/downloads/toaster/idx.shupp.patch.gz
wget http://www.jerfu.com/downloads/toaster/toaster-scripts.tar.gz
wget http://www.spamassassin.org/released/Mail-SpamAssassin-2.31.tar.gz
wget http://www.tiski.de/linux/patches/vpopmail/patch-quotafix-1.06.gz
关于 qmail vpopmail 的原理问题,将另文详细解说。