qmail + vpopmail +squirrelmail安装经验谈

作者：www307 2007-07-02

内容导航：

第1页： qmail + vpopmail +squirrelmail.. 第2页： qmail + vpopmail +squirrelmail..

参考文档： http://www.pipeline.com.au/staff/mbowe/isp/webmail-server.htm
http://www.jerfu.com/toaster/FullToaster_1.0.6.html
http://shupp.org/toaster/

本文将结合以上三个文档，介绍自己在 Solaris 8 下和 RedHat 7.2 下的安装经验。
LAMP 的安装，不再赘述，包括 SSL 的支持也不在这里叙述。笔者尽量用简明的
安装脚本来解释安装中需要注意的问题。

作者：FreeLAMP.com 徐永久
最后更新：2003年6月10日星期二

各种软件的下载地点在文后列出。我喜欢把下载以后的文件集中在一个目录存放，
假设我们把下载后的文件存放的目录叫做 $QM_GZDIR 表示存放 qmail 相关的 .tar.gz 的目录。
在下面的安装脚本中，你可以用 export QM_GZDIR=/root/download/qmail 等来使用这个变量。

一、安装 UCSPI-TCP

cd /usr/local/src
tar xzf $QM_GZDIR/ucspi-tcp-0.88.tar.gz
chown -R root.root ucspi-tcp-0.88
cd ucspi-tcp-0.88
# 对 rblsmtpd 打补丁，使之能够使用所有最新的 RBL 区
# 这个补丁可以定制一个错误信息返回给发信人。
patch -p0 rblsmtpd.c < $QM_GZDIR/ucspi-rss.diff
# 修改 rblsmtpd.c 以增加错误文本的最大长度，从 200个字符修改为 500 个。
# 这样就可以把足够说明问题的信息返回给被 RBL 过滤掉的发件人。

vi rblsmtpd.c
去 166 行，修改

if (text.len > 200) text.len = 200;

为：

if (text.len > 500) text.len = 500;

make
make setup check

二、安装 DAEMONTOOLS

mkdir -p /package
chmod 1755 /package
cd /package
tar xzfp $QM_GZDIR/daemontools-0.76.tar.gz
cd admin/daemontools-0.76
package/install

安装完毕，用 ps -ef|grep sv 就可以看到有进程在跑了。
需要注意的是，在 Solaris 上需要修改 /etc/inittab 中的
SV:123456:respawn:/command/svscanboot
为：
SV:123456:respawn:/command/svscanboot </dev/null >/dev/msglog 2>&1
才可以看到进程运行。
无论是 Solaris 还是 Linux ，如果不想 daemontools 运行，可以注释掉
inittab 中的这句话，然后用 init q 命令重新刷新一下运行级别即可。

三、安装 qmail
这部分是最冗长，也是最核心的部分。各人有各人的做法，真的是千奇百怪。
或许是系统的体例或者习惯不一样吧，例如很多的文档喜欢把 .tar.gz 解压到
/var/src 下，我认为 Linux 下的作风是 /usr/local/src ，因此我固执的把这种作风
移植到了 Solaris 上面。

cd /usr/local/src
groupadd nofiles
useradd -g nofiles -d /var/qmail qmaild
useradd -g nofiles -d /var/qmail qmaill
useradd -g nofiles -d /var/qmail qmailp
useradd -g nofiles -d /var/qmail/alias alias
groupadd qmail
useradd -g qmail -d /var/qmail qmailq
useradd -g qmail -d /var/qmail qmailr
useradd -g qmail -d /var/qmail qmails
tar xzf $QM_GZDIR/qmail-1.03.tar.gz
cd qmail-1.03
# 对 dns 打补丁
patch -p1 < $QM_GZDIR/qmail-103.patch
# 对 qmailqueue 打补丁
# 这个补丁能支持其他一些流行的附加产品，例如 Qmail-Scanner
patch -p1 < $QM_GZDIR/qmailqueue-patch
# 针对 qmail-local 和 qmail-pop3d 能和 maildir++ quota 兼容而打补丁
patch < $QM_GZDIR/qmail-maildir++.patch
# 针对本地时间戳打补丁，使邮件头上的时间显示为本地时间而不是 GMT。
patch -p1 < $QM_GZDIR/qmail-date-localtime.patch.txt
# 支持 badmailfrom 的日志记录以及 badrcptto 功能。
patch < $QM_GZDIR/qmail-badmailfrom-badrcptto.patch.txt
# 修改qmail-smtpd.c ，以防止远程服务器发送非法格式的邮件，导致服务死循环。
vi qmail-smtpd.c
在大约 51 行左右把 straynewline 函数的 451 修改成 553

make
make setup check
(cd ~alias; touch .qmail-postmaster .qmail-mailer-daemon .qmail-root)
chmod 644 ~alias/.qmail*
./config-fast mail.abc.com
cp $QM_GZDIR/qmailctl.txt /var/qmail/bin/qmailctl
chmod 755 /var/qmail/bin/qmailctl
ln -s /var/qmail/bin/qmailctl /etc/rc.d/init.d/qmail
ln -s /var/qmail/bin/qmailctl /usr/bin
mkdir -p /var/qmail/supervise/qmail-send/log
mkdir -p /var/qmail/supervise/qmail-smtpd/log
mkdir -p /var/qmail/supervise/qmail-pop3d/log
chmod +t /var/qmail/supervise/qmail-send
chmod +t /var/qmail/supervise/qmail-smtpd
chmod +t /var/qmail/supervise/qmail-pop3d

vi /var/qmail/supervise/qmail-send/run
#!/bin/sh
exec env - PATH="/var/qmail/bin:$PATH" qmail-start ./Maildir/

vi /var/qmail/supervise/qmail-send/log/run
#!/bin/sh
# Keep 30 logs of max 10Mb each
#
# They will get rotated when they reach 10Mb in size,
# or at midnight when our crontab script fires (whichever event comes 1st)
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s10000000 n30 /var/log/qmail/send

vi /var/qmail/supervise/qmail-smtpd/run
#!/bin/sh
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`

exec /usr/local/bin/softlimit -m 2000000 \
/usr/local/bin/tcpserver \
-v -x /home/vpopmail/etc/tcp.smtp.cdb \
-c 20 -R -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
/usr/local/bin/rblsmtpd -b -C \
-r 'relays.ordb.org:Your message was rejected because the mail server you use is configured to allow OPEN RELAY - More detailed information regarding this problem is available from http://www.ordb.org/lookup/?%IP% - Please forward this error through to your email server support staff for easy resolution.' \
-r 'inputs.relays.osirusoft.com:Your message was rejected because the mail server you use is either configured to allow OPEN RELAY - More information regarding this problems is available at http://relays.osirusoft.com/cgi-bin/rbcheck.cgi?addr=%IP% - Please forward this error to your email server support staff for resolution.' \
-r 'proxies.relays.monkeys.com:Your message was rejected because the message was sent from an OPEN PROXY - More information regarding this problems is available at http://www.monkeys.com/upl/listed-ip-0.cgi?ip=%IP% - Please forward this error to your email server support staff for resolution.' \
/var/qmail/bin/qmail-smtpd 2>&1

vi /var/qmail/supervise/qmail-smtpd/log/run
#!/bin/sh
# Keep 30 logs of max 10Mb each
#
# They will get rotated when they reach 10Mb in size,
# or at midnight when our crontab script fires (whichever event comes 1st)
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s10000000 n30 /var/log/qmail/smtpd

vi /var/qmail/supervise/qmail-pop3d/run
#!/bin/sh
exec /usr/local/bin/softlimit -m 3000000 \
/usr/local/bin/tcpserver \
-v -x /etc/tcp.pop3.cdb -c 30 -R 0 pop3 \
/var/qmail/bin/qmail-popup mail.abc.com \
/home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 2>&1

vi /var/qmail/supervise/qmail-pop3d/log/run
#!/bin/sh
# Keep 30 logs of max 10Mb each
# They will get rotated when they reach 10Mb in size,
# or at midnight when our crontab script fires (whichever event comes 1st)
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t s10000000 n30 /var/log/qmail/pop3d

修改 crontab ，使之每天转储 qmail 的日志文件。

crontab -e
0 0 * * * /usr/local/bin/svc -a /service/qmail-smtpd/log
0 0 * * * /usr/local/bin/svc -a /service/qmail-send/log
0 0 * * * /usr/local/bin/svc -a /service/qmail-pop3d/log

chmod 755 /var/qmail/supervise/qmail-send/run
chmod 755 /var/qmail/supervise/qmail-send/log/run
chmod 755 /var/qmail/supervise/qmail-smtpd/run
chmod 755 /var/qmail/supervise/qmail-smtpd/log/run
chmod 755 /var/qmail/supervise/qmail-pop3d/run
chmod 755 /var/qmail/supervise/qmail-pop3d/log/run
mkdir /var/log/qmail
mkdir /var/log/qmail/smtpd
mkdir /var/log/qmail/send
mkdir /var/log/qmail/pop3d
chown -R qmaill /var/log/qmail
ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /var/qmail/supervise/qmail-pop3d /service

当您实施到这里的时候，运行 qmailctl start 你就可以看到四个 qmail 的进程在运行了。在我的机器上用
ps -ef|grep qmail 可以看到其中有如下四行：
qmails 18985 18975 0 16:28 ? 00:00:00 qmail-send
root 18993 18985 0 16:28 ? 00:00:00 qmail-lspawn ./Maildir/
qmailr 18994 18985 0 16:28 ? 00:00:00 qmail-rspawn
qmailq 18995 18985 0 16:28 ? 00:00:00 qmail-clean

这个时候，并不能保证你能用 telnet localhost 25 或者 110 正常登录了。
如果缺少 /home/vpopmail/etc/tcp.smtp 文件，那么系统也不能正常工作。
这个文件作在 /home/vpopmail 下的原因是 vpopmail 配置默认就在这里。
这个文件用于控制允许 relay 的服务器。

vi /home/vpopmail/etc/tcp.smtp
#------------------------------------------------------
# DESCRIPTION OF THE RULES TO REMIND ME OF HOW THIS FILE WORKS
#
# If you set 'allow', this means that our mail server will allow
# the specified ip range to make a TCP connection to our server
#
# If you set 'deny', this means that our mail server will not allow
# the specified ip range to make a TCP connection to our server
#
# If you set RELAYCLIENT="", this means that the listed IP range is
# allowed to relay mail through our server
#
# If you dont set RELAYCLIENT="", this means that the listed IP range
# will not be able to relay mail through our server
#
# If you set RBLSMTPD="", this means that the listed IP ranges will
# not be checked against any of the RBL databases
#
# If you set RBLSMTPD="some text here", this means that an RBL lookup
# wont be performed, but the mail will be rejected with the specified
# text as a 4xx temp error message
#
# If you set RBLSMTPD="-some text here", this means that an RBL lookup
# wont be performed, but the mail will be rejected with the specified
# text as a 5xx perm error message
#
# If you do not set RBLSMTPD="" or ="some text", then an RBL lookup
# will be performed. If the lookup is successful, then RBLSMTPD will
# return your custom error message (as specified in the -r parameter
# in smtpd supervise script)
#-----------------------------------------------------
# HERE ARE THE RULES :
#----------------------------------------------------------------
# local class-c's allowed to relay WITHOUT RBL checking
123.123.123.:allow,RELAYCLIENT="",RBLSMTPD=""
123.111.111.:allow,RELAYCLIENT="",RBLSMTPD=""
#----------------------------------------------------------------
# these ips are ones that we have setup so that they arent RBL checked
# usually because we have spoken with the owners of the mail server
# in question and for one reason or another they cannot update their
# config, and we still want to be able to receive mail from them.
#
# reminder text goes here for this entry so we know the story...
111.111.111.:allow,RBLSMTPD=""
# reminder text goes here for this entry so we know the story...
222.222.222.222:allow,RBLSMTPD=""
#-----------------------------------------------------------------
# mailXX.offermail.net connecting regularly and sending invalid
# format messages causing exit with status 256 (bare linefeed normally)
# entry added 15/12/2001
# after looking at the mail coming from these servers it was found to be spam
216.242.75.100-116:allow,RBLSMTPD="-Connections from this IP have been banned."
#
#-----------------------------------------------------------------
# heaps of spam from replyto of *@freeamateurhotties.com dec2001
64.228.127.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
154.20.94.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
154.20.96.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
154.20.97.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
154.20.98.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
209.151.132.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
209.151.131.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
216.18.85.:allow,RBLSMTPD="-Connections refused due to spam from freeamateurhotties.com"
#-----------------------------------------------------------------
# himailer spam 15/7/02
61.230.72-75.:allow,RBLSMTPD="-Connections refused due to spam from HiMailer.com"
#
#-----------------------------------------------------------------
# Allow connections from localhost,
# allow relay (cause the WebMail server runs on localhost),
# and dont do RBL lookup
127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""
#-----------------------------------------------------------------
# Everyone else can make connections to our server, but not allowed to relay
# RBL lookups are performed
:allow

接下来配置 /home/vpopmail/etc/tcp.pop3 文件，这个文件控制允许存取 pop3
服务的机器，在有人攻击 pop3 服务器的时候，可以用这个文件阻止攻击者的 IP 地址。

vi /home/vpopmail/etc/tcp.pop3
# Allow any client to connect to us via POP3
# If people are abusing POP3 such as denial-of-service on POP3,
# you can add their ips here to block them out
:allow

# 然后重新建立 /home/vpopmail/etc/tcp.smtp 以及 /home/vpopmail/etc/tcp.pop3 的数据库文件
qmailctl cdb （需要修改脚本 qmailctl 的脚本，cdb 那段的目录修改为 /home/vpopmail ）

假定你已经删除机器上原来安装的 sendmail 或者 postfix 之类的程序，然后：

ln -s /var/qmail/bin/sendmail /usr/lib
ln -s /var/qmail/bin/sendmail /usr/sbin

# 把 postmaster@abc.com 作为弹回邮件的发送者。
echo 'postmaster' > /var/qmail/control/bouncefrom

# 让 qmail 发送两次弹回的邮件给 doublebounce@abc.com
echo 'doublebounce' > /var/qmail/control/doublebounceto
echo 'abc.com' > /var/qmail/control/doublebouncehost

1 2

【内容导航】

第1页：qmail + vpopmail +squirrelmail..

第2页：qmail + vpopmail +squirrelmail..

[责任编辑：李莲] [我要挑错]