CentOS-6.6大型企业级邮件系统架设-postfix+dovecot+mysql+postf

CentOS-6.6大型企业 级邮件系统架设-postfix+dovecot+mysql+postfixadmin+roundcube+防病毒过滤

postfix（发件）+dovecot（收件）+mysql（数据库）+postfixadmin（帐号管理）+roundcube（WEB收发邮件） 为架设此邮件系统参考了很多资料，非常感谢各位大大的文章，文章大部分内容为大神们的内容集合 我的文库下载豆不够用了，请有需要下载的朋友，多多支持我，非常感谢

安装sasl的包，关闭selinux，建立软链接 ln -s /usr/local/lib/sasl2 /usr/lib/sasl2

php修改php.ini里的配置文件以限制上传文件大小 如果使用了nginx，也需要更改nginx里的配置文件

先配好：samb dns 所需的文件还有以下所需的手动安装包放在： 链接：http://pan.http://www.njliaohua.com//s/1gdIYPph 密码：x6bo

注意点： 1:关闭selinux

2:注意/var/lib/php/session的属组是不是vmail。默认为apache 3:注意安装sasl的所有包包括 python-saslwrapper，cyrus-sasl* 4:注意安装dovecot的包，不然可能提示不能找到mysql的驱动

5:如果他说管理邮箱不是有效的邮箱，可以更改main.cf里的email_check改成NO,后果未知 一.安装配置LAMP

②创建一个vmail用户，用作管理虚拟邮箱的文件夹 useradd -u 2000 -d /home/vmail -m -s /sbin/nologin vmail ③安装并配置LAMP环境

1 yum -y install httpd mysql mysql-devel mysql-server php php-pecl-Fileinfo php-mcrypt php-devel php-mysql php-common php-mbstring php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc pcre pcre-devel 2 整合Apache与PHP

[root@mail ~]# vi /etc/httpd/conf/httpd.conf

#增加下面现行

AddType application/x-httpd-php .php #apache解析php程序 PHPIniDir \指定php.ini配置文件路径 #修改这一行增加index.php

DirectoryIndex index.php index.html index.html.var #修改apache运行的用户和组,原来默认是apache User vmail Group vmail

增加ServerName localhost:80 vi /var/www/html/index.php

phpinfo(); ?>

启动httpd service httpd start 能看到php的info 二.安装配置postfixadmin 1 下载postfixadmin wget

http://nchc.dl.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.3.6/postfixadmin-2.3.6.tar.gz 解压缩并放入 /var/www/html里。改为postfixadmin 修改配置文件

root@mail html]# cd postfixadmin/ #修改前先备份一下配置文件

[root@mail postfixadmin]# cp config.inc.php config.inc.php.bak [root@mail postfixadmin]# cp setup.php setup.php.bak [root@mail postfixadmin]# vi config.inc.php #找到下面几行并修改 $CONF['configured'] = true;

$CONF['database_type'] = 'mysql'; $CONF['database_host'] = 'localhost'; $CONF['database_user'] = 'postfix';

$CONF['database_password'] = 'postfix'; $CONF['database_name'] = 'postfix';

$CONF['admin_email'] = 'jun@jungp.comm'; $CONF['encrypt'] = 'dovecot:CRAM-MD5';

$CONF['dovecotpw'] = \$CONF['domain_path'] = 'YES';

$CONF['domain_in_mailbox'] = 'NO'; $CONF['aliases'] = '1000'; $CONF['mailboxes'] = '1000'; $CONF['maxquota'] = '1000'; $CONF['fetchmail'] = 'NO'; $CONF['quota'] = 'YES';

$CONF['used_quotas'] = 'YES'; $CONF['new_quota_table'] = 'YES'; 为postfixadmin创建Mysql数据库与权限 service mysqld start

mysqladmin -u root password 'time-out' #给root用户增加密码 mysql -u root -p

mysql>create database postfix;

mysql>use postfix;选择数据

mysql>CREATE USER 'postfix'@'localhost' IDENTIFIED BY 'postfix'; 切换到root

mysql>grant all on postfix.* to postfix@'localhost' identified by 'postfix'; mysql> flush privileges;

mysql>grant all on postfix.* to postfix@'%' identified by 'postfix';

mysql>SELECT DISTINCT CONCAT('User: ''',user,'''@''',host,''';') AS query FROM mysql.user;查看所有用户 mysql> revoke all on *.* from sss@localhost ; 取消sss用户的所有权限的功能

mysql>Delete from user where user = \ 彻底的删除用户 mysql>drop user 用户名; mysql>flush privileges ; 修改所有者与所有组

chown -R vmail.vmail postfixadmin/

注意/var/lib/php/session的属组是不是vmail。默认为apache 然后可以打开内部IP/postfixadmin/setup.php进行配置

如果提示can't encrypt password with dovecotpw, see error log for details 原因是因为postfixadmin中config.inc.php

// If you use the dovecot encryption method: where is the dovecotpw binary located? $CONF['dovecotpw'] = \如果提示 无法保存密码，没有加密，记得修改

$rcmail_config['password_dovecotpw'] = '/usr/bin/doveadm pw'; 已经变成了

$CONF['dovecotpw'] = \

然后增加管理员成功后，进入ip/postfixadmin/login.php用创建的账号登陆。 如果出现404，修改/var/lib/php/session目录的权限，改为vmail:vmail

三 配置postfix邮件发送代理

注：Postfix用CentOS6.4系统自带的，因为CentOS6.4里面的postfix包已经支持mysql 1.查看postfix版本 1 2

[root@mail postfixadmin]# rpm -qa | grep postfix postfix-2.6.6-2.2.el6_1.x86_64 2.配置postfix

[root@mail ~]# vi /etc/postfix/main.cf

#基本配置

myhostname = www.jungp.comm mydomain = jungp.comm myorigin = $mydomain inet_interfaces = all

mynetworks_style = host

mynetworks = 192.168.0.0/24, 127.0.0.0/8

#虚拟域名配置

virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf

virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf # Additional for quota support virtual_create_maildirsize = yes virtual_mailbox_extended = yes

virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = yes

virtual_maildir_limit_message = Sorry, this user has exceeded their disk space quota, please try again later. virtual_overquota_bounce = yes

#Specify the user/group that owns the mail folders. I'm not sure if this is strictly necessary when using Dovecot's LDA.

virtual_uid_maps = static:2000 virtual_gid_maps = static:2000

#Specifies which tables proxymap can read: http://www.postfix.org/postconf.5.html#proxy_read_maps

proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps

[root@mail ~]# postconf #检查配置文件是否有错误

3.创建Mysql脚本(注意用户名和密码、DBNAME,我这里全是postfix) (1).创建/etc/postfix/mysql_virtual_domains_maps.cf文件

[root@mail ~]# vi /etc/postfix/mysql_virtual_domains_maps.cf user = postfix password = postfix hosts = localhost dbname = postfix

query = SELECT domain FROM domain WHERE domain='%s' AND active = '1' #optional query to use when relaying for backup MX

#query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1' (2).创建/etc/postfix/mysql_virtual_alias_maps.cf文件

[root@mail ~]# vi /etc/postfix/mysql_virtual_alias_maps.cf user = postfix password = postfix hosts = localhost dbname = postfix

query = SELECT goto FROM alias WHERE address='%s' AND active = '1'

(3).创建/etc/postfix/mysql_virtual_mailbox_maps.cf文件 [root@mail ~]# vi /etc/postfix/mysql_virtual_mailbox_maps.cf

user = postfix password = postfix hosts = localhost dbname = postfix

query = SELECT CONCAT(domain,'/',maildir) FROM mailbox WHERE username='%s' AND active = '1'

(4).创建/etc/postfix/mysql_virtual_mailbox_limit_maps.cf文件

[root@mail ~]# vi /etc/postfix/mysql_virtual_mailbox_limit_maps.cf

user = postfix password = postfix hosts = localhost dbname = postfix

query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'

4.SMTP 认证设定

(1).查看postfix支持的认证，默认支持dovecot [root@mail ~]# postconf -a cyrus dovecot

(2).修改/etc/postfix/main.cf配置文件 [root@mail ~]#vi /etc/postfix/main.cf smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot

smtpd_sasl_path = /var/run/dovecot/auth-client smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes

smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

5.使用Dovecot做为投递

[root@mail ~]# vi /etc/postfix/main.cf # TRANSPORT MAP

virtual_transport = dovecot

dovecot_destination_recipient_limit = 1

#修改master.cf文件

[root@mail ~]# vi /etc/postfix/master.cf

#在最后增加这两行,注意flags前面有两个空格，不然会报错

dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient} service saslauthd restart

九、安装并配置dovecot邮件检索代理

说明：dovecot 1.X 与 dovecot 2.X配置文件的区别，1.X所以的配置都在同文件中而2.X是多个文件存放的（/etc/dovecot/dovecot.conf 和 /etc/dovecot/conf.d/），所有2.X配置文件比较分散，我把需要修改的配置文件的内容列出来

1.修改dovecot配置文件

(1).修改/etc/dovecot/dovecot.conf #主配置文件 [root@mail ~]# vi /etc/dovecot/dovecot.conf protocols = imap pop3 listen = * dict {

quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext }

!include conf.d/*.conf

(2).修改/etc/dovecot/conf.d/10-auth.conf

[root@mail ~]# vi /etc/dovecot/conf.d/10-auth.conf disable_plaintext_auth = no

auth_mechanisms = plain login cram-md5 !include auth-sql.conf.ext

(3).修改/etc/dovecot/conf.d/10-mail.conf

[root@mail ~]# vi /etc/dovecot/conf.d/10-mail.conf mail_location = maildir:%hMaildir mbox_write_locks = fcntl

(4).修改/etc/dovecot/conf.d/10-master.conf

[root@mail ~]# vi /etc/dovecot/conf.d/10-master.conf service imap-login { inet_listener imap { }

inet_listener imaps { } }

service pop3-login {

inet_listener pop3 { }

inet_listener pop3s { } }

service lmtp {

unix_listener lmtp { } }

service imap { }

service pop3 { }

service auth {

unix_listener auth-userdb { mode = 0600 user = vmail group = vmail }

#新加下面一段，为smtp做认证 unix_listener auth-client { mode = 0600 user = postfix group = postfix } }

service auth-worker { }

service dict {

unix_listener dict { mode = 0600 user = vmail group = vmail } }

(5).修改/etc/dovecot/conf.d/15-lda.conf

[root@mail ~]# vi /etc/dovecot/conf.d/15-lda.conf protocol lda {

mail_plugins = quota

postmaster_address = jun@jungp.comm #管理员邮箱 }

(6).修改/etc/dovecot/conf.d/20-imap.conf

[root@mail ~]# vi /etc/dovecot/conf.d/20-imap.conf protocol imap {

mail_plugins = quota imap_quota }

(7).修改/etc/dovecot/conf.d/20-pop3.conf

[root@mail ~]# vi /etc/dovecot/conf.d/20-pop3.conf protocol pop3 {

pop3_uidl_format = XuXv mail_plugins = quota }

(8).修改/etc/dovecot/conf.d/90-quota.conf

[root@mail ~]# vi /etc/dovecot/conf.d/90-quota.conf plugin {

quota_rule = *:storage=1G }

plugin { }

plugin {

quota = dict:User quota::proxy::quota }

plugin { }

(9).增加/etc/dovecot/dovecot-sql.conf.ext

[root@mail ~]# vi /etc/dovecot/dovecot-sql.conf.ext driver = mysql

connect = host=localhost dbname=postfix user=postfix password=postfix default_pass_scheme = CRAM-MD5

user_query = SELECT CONCAT('/var/vmail/', maildir) AS home, 2000 AS uid, 2000 AS gid, CONCAT('*:bytes=', quota) as quota_rule FROM mailbox WHERE username = '%u' AND active='1'

password_query = SELECT username AS user, password, CONCAT('/var/vmail/', maildir) AS userdb_home, 2000 AS userdb_uid, 2000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = '%u' AND active='1' mkdir -p /var/vmail/

(10).增加/etc/dovecot/dovecot-dict-sql.conf.ext

[root@mail ~]# vi /etc/dovecot/dovecot-dict-sql.conf.ext

connect = host=localhost dbname=postfix user=postfix password=postfix map {

pattern = priv/quota/storage table = quota2

username_field = username value_field = bytes }

map {

pattern = priv/quota/messages table = quota2

username_field = username

value_field = messages }

2.重新启动服务

service saslauthd restart ps aux | grep saslauthd

[root@mail ~]# service postfix restart

关闭 postfix： [确定] 启动 postfix： [确定] [root@mail ~]# service dovecot restart

停止 Dovecot Imap： [失败] 正在启动 Dovecot Imap： [确定] 至此dovecot配置全部完成，^_^ ……

当我们执行postfixadmin的备份，会出现以下警告，并不能实现备份！ (1).修改/var/www/html/admin/backup.php文件

[root@mail admin]# vi /var/www/html/admin/backup.php

#增加一行（如下图）

date_default_timezone_set('PRC');

十一、安装并配置WebMail(Roundcubemail) 1.解压并重命名

[root@mail ~]# tar -xf roundcubemail-0.9.2.tar.gz -C /var/www/html/ [root@mail ~]# cd /var/www/html/ [root@mail html]# ls

admin index.php phpmyadmin roundcubemail-0.9.2 [root@mail html]# mv roundcubemail-0.9.2 webmail [root@mail html]# ls

admin index.php phpmyadmin webmail

配置http.conf设置多端口多站点 Listen 80

DocumentRoot \

ServerAdmin jun1.jungp.comm

DocumentRoot \ ServerName localhost ServerAlias localhost

ErrorLog \

CustomLog \

Listen 8080

DocumentRoot \

ServerAdmin jun2.jungp.comm

DocumentRoot \ ServerName localhost

ErrorLog \

CustomLog \

2.配置WebMail

打开 http://192.168.0.2/installer/可以查看哪些OK了 pear install Net_IDNA2 yum install php-pear* 3.修改php.ini

[root@mail installer]# vi /etc/php.ini date.timezone = Asia/Shanghai 4.修改apache中PHPini的位置

[root@mail installer]# vi /etc/httpd/conf/httpd.conf PHPIniDir \

[root@mail installer]# service httpd restart

Stopping httpd: [ OK ] Starting httpd: [ OK ] 5.修改所有Web文件的所属者与所属组 [root@mail ~]# cd /var/www/html/ [root@mail html]# ll total 16

drwxrwxr-x 14 1000 1010 4096 Jul 11 05:25 admin -rw-r--r-- 1 root root 18 Jul 11 04:12 index.php drwxr-xr-x 9 root root 4096 Jul 11 04:17 phpmyadmin drwxr-xr-x 11 501 80 4096 Jun 16 23:10 webmail [root@mail html]# chown -R vmail.vmail admin

[root@mail html]# chown -R vmail.vmail phpmyadmin [root@mail html]# chown -R vmail.vmail webmail [root@mail html]# ll total 16

drwxrwxr-x 14 vmail vmail 4096 Jul 11 05:25 admin -rw-r--r-- 1 root root 18 Jul 11 04:12 index.php drwxr-xr-x 9 vmail vmail 4096 Jul 11 04:17 phpmyadmin drwxr-xr-x 11 vmail vmail 4096 Jun 16 23:10 webmail 6.查看session保存位置

[root@mail html]# vi /etc/php.ini

session.save_path = \

7.修改session文件的所属组

[root@mail html]# cd /var/lib/php/ [root@mail php]# ll total 4

drwxrwx--- 2 root apache 4096 Feb 22 10:56 session [root@mail php]# chown -R .vmail session/ [root@mail php]# ll total 4

drwxrwx--- 2 root vmail 4096 Feb 22 10:56 session

9.单击NEXT我们继续进行设置（下面是必须配置的选项） (1).配置webmail的显示名称

一般配置的是登录页面显示的名称

(2).配置Webmail数据库相关（我这里全部设置是,roundcubemail） (3).配置IMAP

(4).配置SMTP服务器 (5).配置完成效果如下，（大家可以看到我们配置好的选项都被列出来了，我们得下载两个配置文件main.inc.php和db.inc.php并上传到时服务器中） (6).上传至服务器相关目录中

[root@mail ~]# cd /var/www/html/webmail/config/

[root@mail config]# ll total 92

-rw-r--r-- 1 root root 2905 Jul 10 22:15 db.inc.php -rw-r--r-- 1 vmail vmail 2893 Jun 16 23:10 db.inc.php.dist -rw-r--r-- 1 root root 38438 Jul 10 22:15 main.inc.php -rw-r--r-- 1 vmail vmail 38414 Jun 16 23:10 main.inc.php.dist -rw-r--r-- 1 vmail vmail 2731 Jun 16 23:10 mimetypes.php (7). 给WebMail授权

mysql> CREATE DATABASE roundcubemail; mysql> use roundcubemail;

mysql> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcubemail@localhost IDENTIFIED BY 'roundcubemail'; mysql> FLUSH PRIVILEGES;

Query OK, 0 rows affected (0.00 sec) 10.单击CONTINUE继续 11.单击初始化数据库按钮 12.初始化完成并查看数据库表 13.下面我们进行WebMail测试

postfix reload

/etc/init.d/clamd restart /etc/init.d/amavisd restart yum install clamd yum install amavisd*

十二、安装并配置病毒扫描与垃圾邮件过滤

1.安装安amavisd-new2.8、clamav及spamassassin

[root@mail ~]# yum install -y clamav clamav-devel clamd spamassassin

amavisd-new 2.8要手动下依赖包 先yum后卸载再rpm 2.查看amavisd-new、clamav及spamassassin开机自启动

大家可以看到spamassassin是个服务是停止的开机没有启动，是因为amavisd-new直接将spamassassin作为一个模块使用，所以不需要守护进程，自然开机不需要启动 3.修改SpamAssassin配置文件

SpamAssassin作为amavisd-new的模块是需要特别配置，只要安装就行，但是你也可以定制它通过修改 [root@mail ~]# vi /etc/mail/spamassassin/local.cf

# These values can be overridden by editing ~/.spamassassin/user_prefs.cf # (see spamassassin(1) for details)

# These should be safe assumptions and allow for simple visual sifting # without risking lost emails. required_hits 5 report_safe 0

rewrite_header Subject [SPAM]

我这里只是列出为给大家看一下，有需要的博友自行修改，我这里就不修改了 4.修改ClamAV配置文件/etc/clamd.conf

说明,ClamAV的设定存放在/etc/clamd.conf内,我们修改/etc/clamd.conf配置文件让ClamAV知道，Amavisd-new

将会利用本地的UNIX通讯端与它通信而不是利用tcp端口来与它通信！ [root@mail ~]# vi /etc/clamd.conf #利用本地通信

LocalSocket /var/run/clamav/clamd.sock

#注释掉TCP通信端口 #TCPSocket 3310

5.修改Amavisd-new配置文件/etc/amavisd.conf vi /etc/amavisd/amavisd.conf

(1).通过去除以下数行的注释来停止检查病毒域垃圾邮件（由于下面数行默认是被注释掉的，因此病毒及垃圾邮件在预设中默认是被启动的） [root@mail ~]# vi /etc/amavisd.conf

# @bypass_virus_checks_maps = (1); # controls running of anti-virus code # @bypass_spam_checks_maps = (1); # controls running of anti-spam code # $bypass_decode_parts = 1; # controls running of decoders&dearchivers (2).接着可以看到下面几行

$max_servers = 2; # num of pre-forked children (2..30 is common), -m $daemon_user = \ # (no default; customary: vscan or amavis), -u $daemon_group = \ # (no default; customary: vscan or amavis), -g $inet_socket_port = 10024; # listen on this local TCP port(s) # $notify_method = 'smtp:[127.0.0.1]:10025';

# $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter!

说明，

$max_servers 设定同步执行的Amavisd-new进程数量，而且必须与/etc/postfix/master.cf内的amavisfeed服务的maxproc中相符合

$daemon_user及$daemon_group应该用来匹配Amavisd-new的用户及群组

$inet_socket_port 定义Amavisd-new将会在哪一个tcp端口接纳来自Postfix的连接 $notify_method及$forward_method定义Amavisd-new把邮件重新注入Postfix的途径 (3).以下是必须修改项

$mydomain = 'jungp.comm'; #我这里是free.com域 $MYHOME = '/var/amavis'; $helpers_home = \ $lock_file = \ $pid_file = \

$myhostname = 'www.jungp.comm'; #我这里是mail.free.com主机 (4).下面是SpamAssassin设定来替换预设的SpamAssassin设置

$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level $sa_kill_level_deflt = 6.9; # triggers spam evasive actions (e.g. blocks mail) $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent $sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From # $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off $penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn database) $penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam $bounce_killer_score = 100; # spam score points to add for joe-jobbed bounces $sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger

$sa_local_tests_only = 0; # only tests which do not require internet access?

说明，默认不需要修改但你得知道它们和意义，可以方便的帮助我们设置垃圾邮件‘

$sa_tag_level_deflt 指定Amavisd-new由哪一个级别开始写入X-Spam-Flag、X-Spam-Score、X-Spam-Status等垃圾邮件资讯标头，假如你想为所有邮件加入资讯标头，请把此值设为 -999 $sa_tag2_level_deflt 指定由哪一个级别开始在垃圾邮件的标头上标签它们 $sa_kill_level_deflt 指定Amavisd-new由哪一个级别开始拦截和扣留邮件。这个用途很大，因为SpamAssassin在预设情况下不会这样做

$sa_dsn_cutoff_level 指定由哪一个级别开始寄件失败通告不会被发送给寄件人。由于多数垃圾邮件寄件者的地址都是伪造的，不为明显的垃圾邮件发送寄件失败通告是最合理的，要不然你只会加剧反向散寄的问题

$sa_quarantine_cutoff_level 指定哪一个级别开始不必扣留垃圾邮件。这个选项预设是被注释掉的，意思是所有邮件都会被扣留

(5).下面是发送通告的邮件地址（默认是管理员邮箱，接收垃圾邮件通告的邮箱） 修改为，

$virus_admin = \ # notifications recip. $mailfrom_notify_admin = \ # notifications sender $mailfrom_notify_recip = \ # notifications sender $mailfrom_notify_spamadmin = \(6).设置ClamAV的部分

# ### http://www.clamav.net/ #['ClamAV-clamd',

# \\&ask_daemon, [\ # qr/\\bOK$/m, qr/\\bFOUND$/m,

# qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],

修改为，

#去掉相关注释就行

# ### http://www.clamav.net/ ['ClamAV-clamd',

\\&ask_daemon, [\ qr/\\bOK$/m, qr/\\bFOUND$/m,

qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],

说明，/var/run/clamav/clamd.sock这个设定必须与我们先前在/etc/clamd.conf内输入的LocalSocket /var/run/clamav/clamd.sock设定相一致。 6.修改Postfix配置文件

(1).修改/etc/postfix/master.cf

[root@mail ~]# vi /etc/postfix/master.cf

# ========================================================================== # # service type private unpriv chroot wakeup maxproc command + args # # (yes) (yes) (yes) (never) (100)

# # ========================================================================== # #

amavisfeed unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes

-o smtp_tls_note_starttls_offer=no -o disable_dns_lookups=yes -o max_use=20

说明，请注意在maxproc栏内的数值 2 必须要与/etc/amavisd.conf内的$max_servers设定一致。

有关各选项的详细解释请参阅Amavisd-new的文档（vi /usr/share/doc/amavisd-new-2.8.0/README.postfix）。 然后我们定义一个专用的服务把邮件重新注入Postfix。我们为此在/etc/postfix/master.cf内加入一个在localhost(127.0.0.1)的tcp 10025端口（/etc/amavisd.conf的预设值）上监听的smtp服务： # ========================================================================== # # service type private unpriv chroot wakeup maxproc command + args # # (yes) (yes) (yes) (never) (100)

# # ========================================================================== 127.0.0.1:10025 inet n - n - - smtpd -o content_filter=

-o smtpd_delay_reject=no

-o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions=

-o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000

-o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o

receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings

-o local_header_rewrite_clients= -o smtpd_milters=

-o local_recipient_maps=

注意，以上两项首行前面一定不能有空格，否则会出错！！！ (2).修改/etc/postfix/main.cf加入以下设定来启用邮件过滤 [root@mail ~]# vi /etc/postfix/main.cf #filter mail

content_filter = amavisfeed:[127.0.0.1]:10024 (3).重启postfix服务

7.启动clamd及amavisd服务： service clamd restart service amavisd restart

十三、安装并配置managesieve插件

说明，managesieve插件实现邮件过滤和Vacation功能

1.在Doevecot2.0之后的版本，如果需要做邮件过滤的功能需要dovecot-pigeonhole扩展包的支持 [root@mail ~]# yum install -y dovecot-pigeonhole 2.配置dovecot配置文件

[root@mail ~]# vi /etc/dovecot/dovecot.conf protocols = imap pop3 sieve

[root@mail ~]# vi /etc/dovecot/conf.d/15-lda.conf mail_plugins = quota sieve

3.重新启动dovecot

[root@mail ~]# service dovecot restart

4. 查看Dovecot监听4190端口

[root@mail ~]# netstat -ntulp | grep 4190

tcp 0 0 0.0.0.0:4190 0.0.0.0:* LISTEN 17998/dovecot [root@mail ~]#

5.managesieve配置文件修改，将模板复制成config.inc.php，做如下修改 [root@mail ~]# cd /var/www/html/webmail/plugins/managesieve/ [root@mail managesieve]# ls

Changelog config.inc.php.dist lib localization managesieve.js managesieve.php package.xml skins tests

[root@mail managesieve]# cp config.inc.php.dist config.inc.php [root@mail managesieve]# vi config.inc.php #修改端口为

$rcmail_config['managesieve_port'] = 4190;

6.在主配置文件中使插件生效 1 2

[root@mail ~]# vi /var/www/html/webmail/config/main.inc.php $rcmail_config['plugins'] = array('managesieve');

十四，配置使用修改密码插件

roundcube自带修改密码插件但是没有使用

使用插件的方法是修改config/main.inc.php文件。里面

$rcmail_config['plugins'] = array('managesieve','password');就是启用插件

插件放在plugins目录下，插件目录的名字不能打错，一般和插件内的php文件名字相同

修改password下的config.inc.php文件，因为我是使用doveadm pw加密的。而doveadm pw的命令地址已经更换，所以需要指定该命令地址

$rcmail_config['password_driver'] = 'sql'; 使用sql来修改密码 $rcmail_config['password_confirm_current'] = true;

$rcmail_config['password_db_dsn'] = 'mysql://postfix:postfixpassword@localhost/postfix'; 这里是指的修改的数据库的类型，用户名，用户名密码 和数据库表

$rcmail_config['password_query'] = 'UPDATE mailbox SET password=%D WHERE username=%u LIMIT 1'; 这是修改数据库的命令。mailbox是webmail的表名， %D指的是使用dovecot方式加密

$rcmail_config['password_dovecotpw'] = '/usr/bin/doveadm pw'; 这是指定加密命令的位置，如果没有这一

句会提示密码无法加密 其他基本是默认配置

使用虚拟邮：#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, 十五，导入通讯录csv文件。

先导出一个vcard文件，然后转换成csv。将;全部换成,

保留表头First Name,Display Name,Nickname,Primary Email 就可以。不要用excel去编辑，否则导入以后中文是乱码，因为excel不是用utf8字符集 十六，一些其他的配置

1.web页面里默认可以允许随便编辑身份，并且能发送。 更改config/main.inc.php的$rcmail_config['identities_level'] // Set identities access level:

// 0 - many identities with possibility to edit all params

// 1 - many identities with possibility to edit all params but not email address // 2 - one identity with possibility to edit all params

// 3 - one identity with possibility to edit all params but not email address // 4 - one identity with possibility to edit only signature $rcmail_config['identities_level'] = 3; 默认是0，改为3

基本注意的就是权限，和命令的位置问题 2.Postfix对特定邮件地址限制发件人的设置

因公司需要将all@domain.com地址设置权限，只允许指定的人员可以给全体员工发邮件，做下笔记。 1. 修改/etc/postfix/main.cf 添加：

smtpd_restriction_classes = vip_rec

vip_rec = check_sender_access hash:/etc/postfix/local_domains,reject

修改smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,…………..加上check_recipient_access hash:/etc/postfix/local_recipients 即：

smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/local_recipients, permit_mynetworks, permit_sasl_authenticated,......(写在permit_mynetworks前面) 2. 创建local_recipients文件，设置收件人策略 #vi /etc/postfix/local_recipients 文件内容如下：

all@domain.com vip_rec 然后

#postmap local_recipients 生成hash

3.创建local_domains文件，设置发件人规则 #vi /etc/postfix/local_domains 文件内容如下： ceo@domain.com ok cto@domain.com ok 然后

#postmap local_domains 4.Reload postfix

#/etc/init.d/postfix reload

测试了一下，使用不在local_domains文件中的邮箱对all@domain.com发信会被拒绝，提示：554 5.7.1 Recipient address rejected: Access denied。

本文来源：https://www.bwwdw.com/article/vyo7.html