System
System or Package Install Guide 提供安裝系統或是程式套件等等的安裝說明,以及注意事項,或是安裝過程的一些心得筆記。
2 months, 1 week ago in System by MoyaTseng
目前知名的 webmail 有:
- roundcube
- squirrelmail
- openwebmail
- horde
不太有名的:
- jegue
- telaen
- UebiMiau
其他還有很多版本,不過,能夠不用 database support 的,而且支援 imap/pop3d 以及 ajax 的,好像只有 horde dimp。但是 horde dimp 不知道為什麼,很容易卡住,運作不動。而且,設定又太過複雜了。畢竟 horde 不是只支援 webmail!但是我並不想要太複雜的 webmail 系統,所以測過幾次後,決定放棄 horde。
另外目前在用的是 squirrelmail,但是他的頁面設計真的滿醜的,而且很久以來都沒有什麼進步,修整版和 plugins 又不相容,所以經過兩年的試用後,也不想繼續用這一套了。
而 roundcube 又是很怪異的非得支援 mysql 不可,對於這一點,我相當感冒。雖然看起來功能很不錯,但是還是不想用。
telaen 則是 bug 一堆,跑一下就可以看到一堆 error log 了,看起來沒有整理的很好。而且也沒有如同離線的讀信軟體那種 preview 功能,感覺太過陽春了一些。
不過 UebiMiau 好像也差不多有同樣的問題,真是難搞。
jegue 我沒跑成功,算了。
openwebmail 不支援 Maildir/ 的信件格式,也不考慮。
看起來要找一個合適的 open source PHP 的 webmail 還真的滿難的。
4 months, 2 weeks ago in System by MoyaTseng
2.6.1 已經釋出了,所以提供新的 patch。其實是大同小異的,不過不做新的,我自己做的 ports local/amavisd-new 裝不起來,所以只好先做給它了~
--- amavisd.orig 2008-06-29 08:37:58.000000000 +0800
+++ amavisd 2008-08-21 19:28:52.000000000 +0800
@@ -2026,6 +2026,7 @@
use subs @EXPORT_OK;
use Errno qw(ENOENT EACCES EAGAIN ESRCH);
+use POSIX qw(isprint);
use IO::File ();
use Digest::MD5 2.22; # need 'clone' method
# use Encode; # Perl 5.8 UTF-8 support
@@ -2077,13 +2078,74 @@
}
}
-sub safe_decode($$;$) {
- if (!$unicode_aware) { $_[1] } # just return the second argument
- else {
+sub isbig5($)
+{
+ my $code = shift;
+
+ if (length($code) >= 2)
+ {
+ my @code = split '', $code;
+ if (ord($code[0]) < 161)
+ {
+ return (0);
+ }
+ else
+ {
+ if (((ord($code[1]) >= 64) && (ord($code[1]) <= 126)) ||
+ ((ord($code[1]) >= 161) && (ord($code[1]) <= 254)))
+ {
+ return (1);
+ }
+ }
+ }
+ return (0);
+}
+
+sub isbig5str($)
+{
+ my $astr = shift;
+ my $alen = length($astr);
+ my $rlen = 0;
+
+ while ($rlen < $alen)
+ {
+ if (isbig5(substr($astr, $rlen, $alen - $rlen)))
+ {
+ $rlen += 2;
+ }
+ elsif (isprint(substr($astr, $rlen, 1)))
+ {
+ $rlen += 1;
+ }
+ else
+ {
+ return (0);
+ }
+ }
+ return (1);
+}
+
+sub safe_decode($$;$)
+{
+ if (!$unicode_aware)
+ {
+ $_[1];
+ } # just return the second argument
+ else
+ {
my($encoding,$str,$check) = @_;
- $check = 0 if !defined($check);
- my($taint) = substr($str,0,0); # taintedness of the string
- $taint . Encode::decode($encoding,untaint($str),$check); # preserve taint
+ $check = 0 if !defined($check);
+ my($taint) = substr($str,0,0); # taintedness of the string
+ my($u_str) = untaint($str);
+ my($d_str) = $taint . Encode::decode($encoding,$u_str,$check); # preserve
+ if (($d_str eq $u_str) && isbig5str($u_str))
+ {
+ $taint . Encode::decode("big5",$u_str,$check)
+ }
+ else
+ {
+ $d_str;
+ }
}
}
@@ -12554,7 +12616,7 @@
Amavis::Lookup::RE->new(@$Amavis::Conf::map_full_type_to_short_type_re);
# default location of the config file if none specified
-push(@config_files, '/etc/amavisd.conf') if !@config_files;
+push(@config_files, '/usr/local/etc/amavisd.conf') if !@config_files;
# Read and evaluate config files, which may override default settings
Amavis::Conf::include_config_files(@config_files);
Amavis::Conf::supply_after_defaults();
4 months, 2 weeks ago in System by MoyaTseng
收到 Sympa 版本 5.4.3 已經釋出的消息很久了,但是一直都沒有想要更新。最近因為經常要發送「靜思晨語。法譬如水」的關係,覺得這個服務有點變得比較重要了,所以想要把他更新一下。並且調整一些系統上的架構,把資料的穩定性提高一些。
有幾件工作要進行的:
- 更新到 sympa-5.4.3
- 後端資料庫增強 replication 的能力,避免發生 single point failure 的狀況,造成服務中斷或訂閱資料遺失的問題。
- 既有的資料的定期備份到 NAS 上去儲存。
目前只先進行第 1,2 兩項,至於 NAS 那邊,雖然已經有設備了,但是還沒有時間去研究要如何設定他?怎麼樣才能正常備份,所以先放著。以後再找時間處理。
上次更新 sympa 到 5.3.4 已經是去年二月份的事情了,超過一年沒有更新,其實也滿不安心的。但是就算是去年更新到 sympa-5.3.4 也都是自力救濟,因為 FreeBSD ports 到目前為止都還停留在 5.3.2 的版本。那已經是 2006 年的版本了。
這次和上次有些地方稍微省略了一些,比如說繁體中文的翻譯已經預設就具備了,所以這次不用自己翻到昏過去。在 2008/5/8 發佈安裝程序的時候,!FreeBSD 的 ports 還沒有支援完整需要的 perl extension,不過到了 2008/8/19 在確認的時候,已經該有的都有了。
以下是一些重要的安裝過程的筆記,提供日後如果還要更新版本的時候,可以拿來參考用。不外乎就是要確認程式版本相容性,需要的套件有沒有都裝到之類的。以及啟動時的設定也要準備好。
sympa-5.4.3 的 database schema 和 5.3.4 的又有很大的差異,所以如果已經有舊的資料,建議先用 pg_dump -a -D sympa 的方式,把資料 dump 出來,至於 schema 就直接用新的版本即可。等建立好了新的資料庫之後,再把舊的資料倒回去就可以了。
加上 -D 可以讓 pg_dump 在到資料出來的時候,採用 INSERT 的語法,並且加上 schema 的部分,在倒回去的時候比較不會出亂子。因為新舊的 schema 順序不同,不用這種方式去倒資料的話,可能回倒不回去資料庫當中。至於 -a 嗎?就是說我只要資料就好了,不需要給我 create table 的 SQL command,反正用不到,就不用麻煩倒給我了。
忙了一整天,總算搞定。可以趕上今天深夜要發送明天的靜思晨語的需要。
需要的套件
建立目錄
mkdir /usr/ports/local/sympa
建立 Makefile
# New ports collection makefile for: sympa5
# Date created: 8 May 2008
# Whom: Kuo-Feng Tseng <kftseng@iyard.org>
#
# $FreeBSD: ports/local/sympa5/Makefile,v 1.11 2008/05/08 21:43:40 kftseng Exp $
#
PORTNAME= sympa
PORTVERSION= 5.4.3
CATEGORIES= local
MASTER_SITES?= http://www.sympa.org/distribution/
MAINTAINER= kftseng@iyard.org
COMMENT= Sympa is an electronic mailing list manager
BUILD_DEPENDS+= ${SITE_PERL}/Archive/Zip.pm:${PORTSDIR}/archivers/p5-Archive-Zip \
${SITE_PERL}/IO/Stringy.pm:${PORTSDIR}/devel/p5-IO-stringy \
${SITE_PERL}/SOAP/Lite.pm:${PORTSDIR}/net/p5-SOAP-Lite \
${SITE_PERL}/Locale/TextDomain.pm:${PORTSDIR}/devel/p5-Locale-libintl \
${SITE_PERL}/Regexp/Common.pm:${PORTSDIR}/textproc/p5-Regexp-Common \
${SITE_PERL}/${PERL_ARCH}/Template.pm:${PORTSDIR}/www/p5-Template-Toolkit \
${SITE_PERL}/${PERL_ARCH}/XML/LibXML.pm:${PORTSDIR}/textproc/p5-XML-LibXML \
${SITE_PERL}/Crypt/CipherSaber.pm:${PORTSDIR}/security/p5-Crypt-CipherSaber \
${SITE_PERL}/Net/LDAP.pm:${PORTSDIR}/net/p5-perl-ldap \
${SITE_PERL}/${PERL_ARCH}/DBI.pm:${PORTSDIR}/databases/p5-DBI \
${SITE_PERL}/MHonArc/UTF8.pm:${PORTSDIR}/www/mhonarc \
${SITE_PERL}/MIME/Charset.pm:${PORTSDIR}/mail/p5-MIME-Charset \
${SITE_PERL}/MIME/EncWords.pm:${PORTSDIR}/mail/p5-MIME-EncWords \
${SITE_PERL}/${PERL_ARCH}/Crypt/OpenSSL/X509.pm:${PORTSDIR}/security/p5-Crypt-OpenSSL-X509 \
${SITE_PERL}/HTML/StripScripts/Parser.pm:${PORTSDIR}/www/p5-HTML-StripScripts-Parser \
${SITE_PERL}/Locale/Maketext/Lexicon/Gettext.pm:${PORTSDIR}/devel/p5-Locale-Maketext-Lexicon
RUN_DEPENDS= ${BUILD_DEPENDS}
LATEST_LINK= sympa5
USE_APACHE= 1.3+
CONFLICTS= sympa-4* sympa-5.[0-1]* sympa-5.2.1* sympa-5.2.2* sympa-5.2.4*
DB_TYPE?=mysql
PORTDOCS= *
.if defined(WITHOUT_NLS)
PLIST_SUB+= NLS="@comment "
.else
PLIST_SUB+= NLS=""
.endif
.include <bsd.port.pre.mk>
.if ${PERL_LEVEL} < 500806
IGNORE= needs Perl 5.8.6 or above (lang/perl5.8)
.endif
.if defined(WITH_FASTCGI)
BUILD_DEPENDS+= ${LOCALBASE}/${APACHEMODDIR}/mod_fcgid.so:${PORTSDIR}/www/mod_fcgid
BUILD_DEPENDS+= ${SITE_PERL}/${PERL_ARCH}/FCGI.pm:${PORTSDIR}/www/p5-FastCGI
.endif
.if ${DB_TYPE} == "Oracle"
BUILD_DEPENDS+= ${SITE_PERL}/${PERL_ARCH}/DBD/Oracle.pm:${PORTSDIR}/databases/p5-DBD-Oracle
.else
.if ${DB_TYPE} == "Pg"
BUILD_DEPENDS+= ${SITE_PERL}/${PERL_ARCH}/DBD/Pg.pm:${PORTSDIR}/databases/p5-DBD-Pg
.else
.if ${DB_TYPE} == "Sybase"
BUILD_DEPENDS+= ${SITE_PERL}/${PERL_ARCH}/DBD/Sybase.pm:${PORTSDIR}/databases/p5-DBD-Sybase
.else
.if ${DB_TYPE} == "mysql"
BUILD_DEPENDS+= ${SITE_PERL}/${PERL_ARCH}/DBD/mysql.pm:${PORTSDIR}/databases/p5-DBD-mysql
.endif
.endif
.endif
.endif
HAS_CONFIGURE= yes
USE_PERL5= yes
CONFIGURE_ARGS+=--prefix=${PREFIX} \
--with-confdir=${PREFIX}/etc/sympa \
--with-initdir=${PREFIX}/etc/rc.d \
--with-etcdir=${PREFIX}/etc/sympa \
--with-cgidir=${PREFIX}/sympa/cgi-bin \
--with-iconsdir=${PREFIX}/sympa/icons \
--with-sbindir=${PREFIX}/sbin \
--with-libdir=${PREFIX}/lib/sympa \
--with-libexecdir=${PREFIX}/libexec/sympa \
--with-datadir=${DATADIR} \
--with-expldir=${PREFIX}/sympa/expl \
--with-lockdir=/var/spool/lock \
--with-piddir=/var/run/sympa \
--with-localedir=${PREFIX}/share/locale \
--with-mandir=${PREFIX}/man \
--with-docdir=${DOCSDIR} \
--with-sampledir=${EXAMPLESDIR} \
--with-spooldir=${PREFIX}/sympa/spool
.if defined(SENDMAIL_ALIASES_PATH)
CONFIGURE_ARGS+=--with-sendmail_aliases=${SENDMAIL_ALIASES_PATH}
.endif
.if defined(VIRTUAL_ALIASES_PATH)
CONFIGURE_ARGS+=--with-virtual_aliases=${VIRTUAL_ALIASES_PATH}
.endif
.if defined(NEWALIASES_PATH)
CONFIGURE_ARGS+=--with-newaliases=${NEWALIASES_PATH}
.endif
.if defined(NEWALIASES_ARG)
CONFIGURE_ARGS+=--with-newaliases_arg=${NEWALIASES_ARG}
.endif
.if defined(POSTMAP_PATH)
CONFIGURE_ARGS+=--with-postmap=${POSTMAP_PATH}
.endif
.if defined(POSTMAP_ARG)
CONFIGURE_ARGS+=--with-postmap_arg=${POSTMAP_ARG}
.endif
.if defined(MHONARC_PATH)
CONFIGURE_ARGS+=--with-mhonarc=${MHONARC_PATH}
.endif
.if defined(OPENSSL_PATH)
CONFIGURE_ARGS+=--with-openssl=${OPENSSL_PATH}
.endif
CONFIGURE_ENV+= lt_cv_sys_max_cmd_len=${CONFIGURE_MAX_CMD_LEN}
MAKE_ENV?= PERL_EXTUTILS_AUTOINSTALL=--skip
MAN8= alias_manager.8 archived.8 bounced.8 sympa.8
pre-fetch:
@${ECHO} ""
@${ECHO} "You may use the following build options:"
@${ECHO} ""
@${ECHO} " DB_TYPE=type Optional: mysql, Oracle, Pg or Sybase"
@${ECHO} " WITH_FASTCGI Use FastCGI instead of plain CGI"
@${ECHO} ""
post-extract:
post-patch:
${MV} ${WRKSRC}/src/etc/script/sympa ${WRKSRC}/src/etc/script/sympa.sh
@${REINPLACE_CMD} -E 's,^(INITSRC.*=.*sympa)$$,\1.sh,' \
${WRKSRC}/src/etc/script/Makefile
.if defined(WITHOUT_NLS)
@${REINPLACE_CMD} -e 's, locale$$,,g' \
-e 's, installlocale,,g' \
${WRKSRC}/Makefile.in
.else
@${REINPLACE_CMD} -e 's, checklocales,,' \
${WRKSRC}/po/Makefile
.endif
.if defined(NOPORTDOCS)
@${REINPLACE_CMD} -e 's, installdoc,,g' \
${WRKSRC}/Makefile.in
.endif
@${FIND} ${WRKSRC} -name "*.orig" -a -exec ${RM} -f {} \;
pre-install:
@PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
post-install:
@PKG_PREFIX=${PREFIX} DB_TYPE=${DB_TYPE} WITH_FASTCGI=${WITH_FASTCGI} \
${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
cp ${FILESDIR}/sympa.conf ${TARGETDIR}/etc/sympa
cp ${FILESDIR}/wwsympa.conf ${TARGETDIR}/etc/sympa
post-deinstall:
@PKG_PREFIX=${PREFIX} ${SH} ${PKGDEINSTALL} ${PKGNAME} POST-DEINSTALL
.include <bsd.port.post.mk>
建立 distinfo
make makesum
建立 patch files
- 舊有的 Patch Files 都不太適用了,所以我自己全部調整過。
- files/patch-Makefile.in
--- Makefile.in-orig 2008-05-08 14:15:03.000000000 +0800
+++ Makefile.in 2008-05-08 15:00:21.000000000 +0800
@@ -612,7 +612,7 @@
$(MAKE) PERL='${PERL}' clean) || exit 1; \
done;
-install: importantchanges installdir installsrc installwws installwebtt2 installmailtt2 installlocale installman installscript installsample installconfig installdoc installsoap nextstep
+install: installdir installsrc installwws installwebtt2 installmailtt2 installlocale installman installscript installsample installconfig installdoc installsoap nextstep
nextstep:
@echo ""
@@ -797,17 +797,6 @@
fi \
done \
fi
- @if [ ! -f $(DESTDIR)$(CONFDIR)/sympa.conf ] ; then \
- echo "First installation : creating archives and bounce directories..."; \
- for dir in bounce arc ; do \
- if [ ! -d $(DESTDIR)$(DIR)/$$dir ] ; then \
- echo "Creating $(DESTDIR)$(DIR)/$$dir"; \
- mkdir -p $(DESTDIR)$(DIR)/$$dir; \
- chown $(USER) $(DESTDIR)$(DIR)/$$dir; \
- chgrp $(GROUP) $(DESTDIR)$(DIR)/$$dir; \
- fi \
- done \
- fi
installconfig:
mkdir -p $(DESTDIR)$(CONFDIR)
@@ -823,14 +812,7 @@
INITCONF='1'; \
fi \
fi \
- done; \
- if [ "$$INITCONF" ] ; then \
- echo "###############################################"; \
- echo "It seems to be your first installation of Sympa"; \
- echo "The following wizard will help you create your $(CONFDIR)/sympa.conf and $(CONFDIR)/wwsympa.conf :"; \
- DESTDIR=$(DESTDIR); export DESTDIR; \
- $(PERL) -I $(DESTDIR)$(LIBDIR) $(DESTDIR)$(SBINDIR)/sympa_wizard.pl; \
- fi
+ done;
build_rh_rpm: clean
@echo "Building RedHat RPM in $(RPMTOPDIR) ..."
- files/patch-src-alias_manager.pl
--- src/alias_manager.pl.orig Wed Jan 4 21:16:30 2006
+++ src/alias_manager.pl Thu Aug 9 22:40:18 2007
@@ -43,7 +43,7 @@
my $tmp_alias_file = $Conf{'tmpdir'}.'/sympa_aliases.'.time;
-my $alias_wrapper = '--MAILERPROGDIR--/aliaswrapper';
+my $alias_wrapper = '--LIBEXECDIR--/aliaswrapper';
my $lock_file = '--EXPL_DIR--/alias_manager.lock';
my $default_domain;
my $path_to_queue = '--MAILERPROGDIR--/queue';
- files/patch-src-etc-script-sympa
--- src/etc/script/sympa.orig Mon Apr 16 17:28:17 2007
+++ src/etc/script/sympa Thu Aug 9 21:44:03 2007
@@ -101,7 +101,7 @@
# startparam=""
# fi
- if [ ${OSTYPE} = "Slack" -o ${OSTYPE} = "IRIX" -o ${OSTYPE} = "SunOS" -o ${OSTYPE} = "Debian" -o ${OSTYPE} = "Suse" ]; then
+ if [ ${OSTYPE} = "FreeBSD" -o ${OSTYPE} = "Slack" -o ${OSTYPE} = "IRIX" -o ${OSTYPE} = "SunOS" -o ${OSTYPE} = "Debian" -o ${OSTYPE} = "Suse" ]; then
$sympadir/$1.pl $startparam && echo "success" || echo "failure"
else
$sympadir/$1.pl $startparam && success || failure
@@ -159,7 +159,7 @@
pid=`head -1 --PIDDIR--/$1.pid`
running=`ps -A | grep "$pid"`
if [ "$running" != "" ]; then
- if [ ${OSTYPE} = "Slack" -o ${OSTYPE} = "IRIX" -o ${OSTYPE} = "SunOS" -o ${OSTYPE} = "Debian" -o ${OSTYPE} = "Suse" ]; then
+ if [ ${OSTYPE} = "FreeBSD" -o ${OSTYPE} = "Slack" -o ${OSTYPE} = "IRIX" -o ${OSTYPE} = "SunOS" -o ${OSTYPE} = "Debian" -o ${OSTYPE} = "Suse" ]; then
kill -TERM $pid && echo "success" || echo "failure"
else
kill -TERM $pid && success || failure
- files/patch-src-sympa_wizard.pl
--- src/sympa_wizard.pl.orig Sun Mar 4 18:41:19 2007
+++ src/sympa_wizard.pl Thu Aug 9 21:47:07 2007
@@ -92,13 +92,13 @@
'advice' =>''},
{'name' => 'arc_path',
- 'default' => '--DIR--/arc',
+ 'default' => '--DIR--/sympa/arc',
'query' => 'Where to store HTML archives',
'file' => 'wwsympa.conf','edit' => '1',
'advice' =>'Better if not in a critical partition'},
{'name' => 'bounce_path',
- 'default' => '--DIR--/bounce',
+ 'default' => '--DIR--/sympa/bounce',
'query' => 'Where to store bounces',
'file' => 'wwsympa.conf',
'advice' =>'Better if not in a critical partition'},
@@ -340,14 +340,14 @@
'advice' =>''},
{'name' => 'mhonarc',
- 'default' => '/usr/bin/mhonarc',
+ 'default' => '/usr/local/bin/mhonarc',
'query' => 'Path to MhOnarc mail2html pluggin',
'file' => 'wwsympa.conf','edit' => '1',
'advice' =>'This is required for HTML mail archiving'},
{'title' => 'S/MIME pluggin'},
{'name' => 'openssl',
- 'sample' => '/usr/local/bin/openssl',
+ 'sample' => '/usr/bin/openssl',
'query' => 'Path to OpenSSL',
'file' => 'sympa.conf','edit' => '1',
'advice' =>'Sympa knowns S/MIME if openssl is installed'},
- files/patch-web_tt2-arcsearch.tt2
--- web_tt2/arcsearch.tt2.orig Fri Nov 3 21:43:20 2006
+++ web_tt2/arcsearch.tt2 Thu Aug 9 22:01:13 2007
@@ -14,7 +14,7 @@
[% IF how == 'phrase' %]
[%|loc%](This sentence,[%END%]
-[% ELSIF how == 'any' %]
+[% ELSIF how == 'all' %]
[%|loc%](All of these words,[%END%]
[% ELSE %]
[%|loc%](Each of these words,[%END%]
建立資料庫
- 如果可以的話,為了降低 database crash 風險,建議最好同時裝兩台 database server,並且設定同樣的 sympa 帳號與資料庫。
- 然後在 sympa 的主機上,安裝 pgpool-II,設定 replication_mode=true 和 load_balance_mode=true。並將 sympa 連線的設定改到 pgpool-II 之上即可。
建立資料庫及連結資料庫的帳號
- 建立帳號
% create_user -S -D -R -U pgsql -P sympa
- 建立資料庫
% create_db -U pgsql -O sympa -E SQL_ASCII sympa
Database Schema for PostgreSQL
-- PostgreSQL Database creation script
CREATE DATABASE sympa;
-- Connect to DB
\connect sympa
DROP TABLE user_table;
CREATE TABLE user_table (
email_user varchar (100) NOT NULL,
gecos_user varchar (150),
cookie_delay_user int4,
password_user varchar (40),
lang_user varchar (10),
attributes_user varchar (255),
data_user varchar (255),
CONSTRAINT ind_user PRIMARY KEY (email_user)
);
DROP TABLE subscriber_table;
CREATE TABLE subscriber_table (
list_subscriber varchar (50) NOT NULL,
user_subscriber varchar (100) NOT NULL,
custom_attribute_subscriber varchar (500),
robot_subscriber varchar (80) NOT NULL,
date_subscriber timestamp with time zone NOT NULL,
update_subscriber timestamp with time zone,
visibility_subscriber varchar (20),
reception_subscriber varchar (20),
topics_subscriber varchar (200),
bounce_subscriber varchar (35),
bounce_score_subscriber int4,
bounce_address_subscriber varchar (100),
comment_subscriber varchar (150),
subscribed_subscriber smallint,
included_subscriber smallint,
include_sources_subscriber varchar(50),
CONSTRAINT ind_subscriber PRIMARY KEY (robot_subscriber,list_subscriber,user_subscriber)
);
CREATE INDEX subscriber_idx ON subscriber_table (robot_subscriber,list_subscriber,user_subscriber);
CREATE INDEX subscriber_idx2 ON subscriber_table (user_subscriber);
DROP TABLE admin_table;
CREATE TABLE admin_table (
list_admin varchar(50) NOT NULL,
user_admin varchar(100) NOT NULL,
robot_admin varchar(80) NOT NULL,
role_admin varchar(15) NOT NULL,
date_admin timestamp with time zone NOT NULL,
update_admin timestamp with time zone,
reception_admin varchar(20),
visibility_admin varchar(20),
comment_admin varchar(150),
subscribed_admin smallint,
included_admin smallint,
include_sources_admin varchar(50),
info_admin varchar(150),
profile_admin varchar(15),
CONSTRAINT ind_admin PRIMARY KEY (robot_admin, list_admin, role_admin, user_admin)
);
CREATE INDEX admin_idx ON admin_table(robot_admin, list_admin, role_admin, user_admin);
CREATE INDEX admin_idx2 ON admin_table(user_admin);
DROP TABLE netidmap_table;
CREATE TABLE netidmap_table (
netid_netidmap varchar (100) NOT NULL,
serviceid_netidmap varchar (100) NOT NULL,
robot_netidmap varchar (80) NOT NULL,
email_netidmap varchar (100),
CONSTRAINT ind_netidmap PRIMARY KEY (netid_netidmap, serviceid_netidmap, robot_netidmap)
);
CREATE INDEX netidmap_idx ON netidmap_table(netid_netidmap, serviceid_netidmap, robot_netidmap);
DROP TABLE logs_table;
CREATE TABLE logs_table (
id_logs bigint NOT NULL,
date_logs int4 NOT NULL,
robot_logs varchar (80),
list_logs varchar (50),
action_logs varchar (50) NOT NULL,
parameters_logs varchar (100),
target_email_logs varchar (100),
user_email_logs varchar (100),
msg_id_logs varchar (255),
status_logs varchar (10) NOT NULL,
error_type_logs varchar (150),
client_logs varchar (100),
daemon_logs varchar (10) NOT NULL,
CONSTRAINT ind_logs PRIMARY KEY (id_logs)
);
CREATE INDEX logs_idx ON logs_table(id_logs);
DROP TABLE session_table;
CREATE TABLE session_table (
id_session int8 NOT NULL,
start_date_session int4 NOT NULL,
date_session int4 NOT NULL,
remote_addr_session varchar(60),
robot_session varchar(80),
email_session varchar(100),
hit_session int4,
data_session varchar(255),
CONSTRAINT ind_session PRIMARY KEY (id_session)
);
CREATE INDEX session_idx ON session_table(id_session);
設定
/usr/local/etc/sympa/sympa.conf
## Configuration file for Sympa
## many parameters are optional (defined in src/Conf.pm)
## refer to the documentation for a detailed list of parameters
###\\\\ Directories and file location ////###
## Directory containing mailing lists subdirectories
home /usr/local/sympa/expl
## Sendmail Alias File
sendmail_aliases /etc/mail/aliases.sympa
## Directory for configuration files ; it also contains scenari/ and templates/ directories
etc /usr/local/etc/sympa
## File containing Sympa PID while running.
## Sympa also locks this file to ensure that it is not running more than once. Caution : user sympa need to write access without special privilegee.
pidfile /var/run/sympa/sympa.pid
## Umask used for file creation by Sympa
umask 027
## Directory containing available NLS catalogues (Message internationalization)
localedir /usr/local/share/locale
## The main spool containing various specialized spools
## All spool are created at runtime by sympa.pl
spool /usr/local/sympa/spool
## Incoming spool
queue /usr/local/sympa/spool/msg
## Bounce incoming spool
queuebounce /usr/local/sympa/spool/bounce
## The directory where Sympa stores static contents (CSS, members pictures, documentation) directly delivered by Apache
static_content_path /usr/local/static_content
## The URL mapped with the static_content_path directory defined above
static_content_url /static-sympa
###\\\\ Syslog ////###
## The syslog facility for sympa
## Do not forget to edit syslog.conf
syslog LOCAL1
## Communication mode with syslogd is either unix (via Unix sockets) or inet (use of UDP)
log_socket_type unix
## Log intensity
## 0 : normal, 2,3,4 for debug
log_level 0
###\\\\ General definition ////###
## Main robot hostname
domain [主要的 hostname]
## Listmasters email list comma separated
## Sympa will associate listmaster privileges to these email addresses (mail and web interfaces). Some error reports may also be sent to these addresses.
listmaster [資料庫管理員的 email]
## Local part of sympa email adresse
## Effective address will be [EMAIL]@[HOST]
email sympa
## Who is able to create lists
## This parameter is a scenario, check sympa documentation about scenarios if you want to define one
create_list public_listmaster
###\\\\ Tuning ////###
## Use of binary version of the list config structure on disk: none | binary_file
## Set this parameter to "binary_file" if you manage a big amount of lists (1000+) ; it should make the web interface startup faster
cache_list_config none
## Secret used by Sympa to make MD5 fingerprint in web cookies secure
## Should not be changed ! May invalid all user password
cookie [一個整數,系統更新的話還是要保留舊的整數,不然會無法登入系統]
## comma separated list of operation for which blacklist filter is applyed
## set this parameter to "none" hidde blacklist feature
use_blacklist send,create_list
###\\\\ Internationalization ////###
## Default lang (ca | cs | de | el | es | et_EE | en_US | fr | hu | it | ja_JP | ko | nl | oc | pt_BR | ru | sv | tr | zh_CN | zh_TW)
## This is the default language used by Sympa
lang zh_TW
## Supported languages
## This is the set of language that will be proposed to your users for the Sympa GUI. Don't select a language if you don't have the proper locale packages installed.
#supported_lang ca,cs,de,el,es,et_EE,en_US,fr,hu,it,ja_JP,ko,nl,oc,pt_BR,ru,sv,tr,zh_CN,zh_TW
supported_lang en_US,zh_TW,zh_CN
###\\\\ Errors management ////###
## Bouncing email rate for warn list owner
bounce_warn_rate 10
## Bouncing email rate for halt the list (not implemented)
## Not yet used in current version, Default is 50
bounce_halt_rate 50
## Task name for expiration of old bounces
expire_bounce_task daily
## Welcome message return-path
## If set to unique, new subcriber is removed if welcome message bounce
welcome_return_path unique
###\\\\ MTA related ////###
## Path to the MTA (sendmail, postfix, exim or qmail)
## should point to a sendmail-compatible binary (eg: a binary named 'sendmail' is distributed with Postfix)
sendmail /usr/local/sbin/sendmail
## Maximum number of recipients per call to Sendmail. The nrcpt_by_domain.conf file allows a different tuning per destination domain.
nrcpt 25
## Max. number of different domains per call to Sendmail
avg 10
## Max. number of Sendmail processes (launched by Sympa) running simultaneously
## Proposed value is quite low, you can rise it up to 100, 200 or even 300 with powerfull systems.
maxsmtp 40
###\\\\ Pluggin ////###
## Path to the antivirus scanner engine
## supported antivirus : McAfee/uvscan, Fsecure/fsav, Sophos, AVP and Trend Micro/VirusWall
#antivirus_path /usr/local/uvscan/uvscan
## Antivirus pluggin command argument
#antivirus_args --secure --summary --dat /usr/local/uvscan
###\\\\ S/MIME pluggin ////###
## Path to OpenSSL
## Sympa knowns S/MIME if openssl is installed
#openssl /usr/bin/openssl
## The directory path use by OpenSSL for trusted CA certificates
#capath /usr/local/etc/sympa/ssl.crt
## This parameter sets the all-in-one file where you can assemble the Certificates of Certification Authorities (CA)
#cafile /usr/local/apache/conf/ssl.crt/ca-bundle.crt
## User CERTs directory
ssl_cert_dir /usr/local/sympa/expl/X509-user-certs
## Password used to crypt lists private keys
#key_passwd your_password
###\\\\ Database ////###
## Database type (mysql | Pg | Oracle | Sybase | SQLite)
## be carefull to the case
db_type Pg
## Name of the database
## with SQLite, the name of the DB corresponds to the DB file
db_name sympa
## The host hosting your sympa database
db_host [資料庫主機的 hostname]
db_port [資料庫主機連線的 PORT]
## Database user for connexion
db_user sympa
## Database password (associated to the db_user)
## What ever you use a password or not, you must protect the SQL server (is it a not a public internet service ?)
db_passwd [連接資料庫的密碼]
## Database private extention to user table
## You need to extend the database format with these fields
#db_additional_user_fields age,address
## Database private extention to subscriber table
## You need to extend the database format with these fields
#db_additional_subscriber_fields billing_delay,subscription_expiration
###\\\\ Web interface ////###
## Sympa's main page URL
wwsympa_url http://epaper.iyard.net/w
/usr/local/etc/sympa/wwsympa.conf
###\\\\ Directories and file location ////###
## File containing archived PID while running.
archived_pidfile /var/run/sympa/archived.pid
## File containing bounced PID while running.
bounced_pidfile /var/run/sympa/bounced.pid
## File containing task_manager PID while running.
task_manager_pidfile /var/run/sympa/task_manager.pid
## Where to store HTML archives
## Better if not in a critical partition
arc_path /usr/local/sympa/arc
## Where to store bounces
## Better if not in a critical partition
bounce_path /usr/local/sympa/bounce
###\\\\ Syslog ////###
###\\\\ General definition ////###
###\\\\ Tuning ////###
## Password case (insensitive | sensitive)
## Should not be changed ! May invalid all user password
password_case insensitive
## HTTP cookies lifetime
cookie_expire 3600
## HTTP cookies validity domain
cookie_domain [登入系統 cookie 的 hostname]
###\\\\ Internationalization ////###
###\\\\ Errors management ////###
###\\\\ MTA related ////###
###\\\\ Pluggin ////###
## Path to MhOnarc mail2html pluggin
## This is required for HTML mail archiving
mhonarc /usr/local/bin/mhonarc
###\\\\ S/MIME pluggin ////###
###\\\\ Database ////###
###\\\\ Web interface ////###
## Is fast_cgi module for Apache (or Roxen) installed (0 | 1)
## This module provide much faster web interface
use_fast_cgi 1
## Title of main web page
title [提供的服務的名稱]
## Icons directory (web) location for Sympa
icons_url /icons
## Main page type (lists | home)
default_home home
啟動設定
apache22
- /usr/local/etc/apache22/vhosts/sympa.conf
LoadModule fcgid_module libexec/apache22/mod_fcgid.so
<IfModule mod_fcgid.c>
AddHandler fcgid-script .fcgi
</IfModule>
<VirtualHost *:80>
ServerAdmin webmaster@[server hostname]
DocumentRoot "/usr/local/www/sympa"
ServerName [server hostname]
AddDefaultCharset utf8
Alias /static-sympa/ /usr/local/static_content/
ScriptAlias /w /usr/local/sympa/cgi-bin/wwsympa-wrapper.fcgi
#ScriptAlias /ws /usr/local/sympa/cgi-bin/sympa_soap_server.fcgi
<Directory /usr/local/sympa/cgi-bin>
SetHandler fcgid-script
# SetHandler cgi-script
Allow from all
Options ExecCGI
</Directory>
<Directory "/usr/local/static_content">
Allow from all
</Directory>
<IfModule mod_rewrite.c>
RewriteEngine on
# RewriteCond %{SERVER_PORT} !443$
# RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
RewriteRule ^/$ http://%{SERVER_NAME}/w
</IfModule>
</VirtualHost>
5 months, 3 weeks ago in System by MoyaTseng
傳統上,大家都會採用 Cyrus-SASL2 來支援 SMTP AUTH 驗證,不過,這個 library 真的是太過臃腫了,而且每需要多一個功能就要再多掛程式上去,維護起來滿痛苦的。
所以經過調查後,確認 dovecot 是個相當不錯的替代方案。況且,dovecot 也同時支援 imap, pop3,所以只要裝一個 dovecot 就天下太平了,不需要和以往還要加裝一堆有的沒有的程式,也不用被一堆雜亂的設定整得死去活來。
在 2008/07/18 增加了,介紹 dovecot 的 imap/imaps 與 pop3/pop3s 的設定方式。
本文還不會涉及 Virtual Account 的建立的部分,這些部分,等到下次有機會在介紹吧!
安裝過程以架設在 FreeBSD 7 上為例。如果有需要裝在任何一個 linux 或早期 FreeBSD 版本的話,請自行發揮舉一反三的精神。設定方式其實都大同小異,應該不會很難理解。況且 dovecot 就有附上相當完整的說明文件,我也是直接看說明文件就架設起來的。
安裝
dovecot
- cd /usr/ports/mail/dovecot
- make config
[X] KQUEUE kqueue(2) support
[X] SSL SSL support
[X] IPV6 IPv6 support
[X] POP3 POP3 support
[X] LDA LDA support
[ ] GSSAPI GSSAPI support
[ ] VPOPMAIL VPopMail support
[ ] LDAP OpenLDAP support
[X] PGSQL PostgreSQL support
[ ] MYSQL MySQL support
[ ] SQLITE SQLite support
- make install clean
安裝 Postfix
- /usr/ports/mail/postfix
- make config
[X] PCRE Perl Compatible Regular Expressions
[ ] SASL2 Cyrus SASLv2 (Simple Auth. and Sec. Layer)
[X] DOVECOT Dovecot SASL authentication method
[ ] SASLKRB If your SASL req. Kerberos select this option
[ ] SASLKRB5 If your SASL req. Kerberos5 select this option
[ ] SASLKMIT If your SASL req. MIT Kerberos5 select this option
[X] TLS Enable SSL and TLS support
[X] BDB Berkeley DB (choose version with WITH_BDB_VER)
[ ] MYSQL MySQL maps (choose version with WITH_MYSQL_VER)
[X] PGSQL PostgreSQL maps (choose with DEFAULT_PGSQL_VER)
[ ] OPENLDAP OpenLDAP maps (choose ver. with WITH_OPENLDAP_VER)
[X] CDB CDB maps lookups
[ ] NIS NIS maps lookups
[X] VDA VDA (Virtual Delivery Agent)
[ ] TEST SMTP/LMTP test server and generator
- make install clean
設定
Dovecot
- 建立 Cert/Key File
- 編輯 /usr/local/share/dovecot/dovecot-openssl.cnf
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
# country (2 letter code)
C=TW
# State or Province Name (full name)
ST=Taiwan
# Locality Name (eg. city)
L=Taipei
# Organization (eg. company)
O=D-Life
# Organizational Unit Name (eg. section)
OU=IMAP server
# Common Name (*.example.com is also possible)
CN=[hostname]
# E-mail contact
emailAddress=postmaster@[hostname]
[ cert_type ]
nsCertType = server
- 修改 keygen script
SSLDIR=/usr/local/etc/dovecot/
OPENSSLCONFIG=/usr/local/share/dovecot/dovecot-openssl.cnf
OPENSSL=/usr/local/bin/openssl
- 產生 Keys
/usr/local/share/dovecot/mkcert.sh
- 更改檔案目錄讀取權限
chmod og-rwx /usr/local/etc/dovecot/* /usr/local/etc/dovecot
- 設定檔:/usr/local/etc/dovecot.conf
## Dovecot configuration file
base_dir=/var/run/dovecot
listen=127.0.0.1
disable_plaintext_auth = no
mail_location = maildir:~/Maildir
pop3_uidl_format=%08Xu%08Xv
log_path = /var/log/dovecot/error.log
info_log_path = /var/log/dovecot/info.log
log_timestamp = "%b %d %H:%M:%S "
#syslog_facility = mail
auth default {
mechanisms = PLAIN LOGIN
auth_cache_size = 1024
passdb pam {
args = cache_key=%u%r%l session=yes dovecot
}
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
# 與 IMAP/POP3 相關設定
ssl_disable = no
protocols = imap imaps pop3 pop3s
ssl_cert_file = /usr/local/etc/dovecot/certs/dovecot.pem
ssl_key_file = /usr/local/etc/dovecot/private/dovecot.pem
Postfix
- 檔案: /usr/local/etc/postfix/main.cf
- 設定支援的 SASL 套件,採用 dovecot
smtpd_sasl_type = dovecot
- 設定與 dovecot 認證通連的 unix socket
# Can be an absolute path, or relative to $queue_directory
smtpd_sasl_path = private/auth
- 設定啟用 SASL
# and the common settings to enable SASL:
smtpd_sasl_auth_enable = yes
- 在收信確認的時候,加上通過 SASL 驗證的可以收信,並禁止未通過認證的人發信
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
啟動設定
Dovecot
- 設定檔為: /etc/rc.conf
# Dovecot
dovecot_enable="YES"
- 啟動程序
/usr/local/etc/rc.d/dovecot start
Postfix
- 設定檔為: /etc/rc.conf
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
postfix_enable="YES"
- 啟動程序
/usr/local/etc/rc.d/postfix start
驗證測試
- 產生 PLAIN 認證要用到的驗證字串
perl -MMIME::Base64 -e 'print encode_base64("\0使用者帳號\0密碼");'
- 驗證程序
- 連線到 SMTP port 25
telnet localhost 25
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 cbs.ntu.edu.tw ESMTP Postfix
- 檢視是否有支援 PLAIN 的 AUTH 認證機制,有出現 250-AUTH PLAIN 即表示有支援
ehlo localhost
250-localhost
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
- 輸入驗證字串,如果出現 235 2.7.0 即表示成功,若出現 535 5.7.8 表示驗證失敗。最好是成功和失敗的狀況都要確認一下。
AUTH PLAIN [剛才利用 perl 指令所產生的字串]
- 驗證成功結果
235 2.7.0 Authentication successful
- 驗證失敗結果
535 5.7.8 Error: authentication failed:
- 結束程序
quit
221 2.0.0 Bye
5 months, 3 weeks ago in System by MoyaTseng
廣告信件以及病毒信件是很煩人的事情,現在廣告信件雖然有被起訴的前例,但是還是防不勝防,每天 SMTP server 收到的信件,大約有八成都是垃圾信件,能夠不讓這些信件進入系統是很重要的事情。
這邊只做架設的基本介紹而已,如果有需要更詳細的設定,可以參考相關套件所附的說明文件:
系統安裝
安裝 PostgreSQL-8.3
- 預留將來支援 virtual account 的能力
- cd /usr/ports/databases/postgresql83-server
- make config
[X] NLS Use internationalized messages
[X] PAM Build with PAM support (server only)
[ ] LDAP Build with LDAP authentication support
[ ] MIT_KRB5 Build with MIT's kerberos support
[ ] HEIMDAL_KRB5 Builds with Heimdal kerberos support
[X] OPTIMIZED_CFLAGS Builds with compiler optimizations (-O3)
[X] XML Build with XML data type (server)
[X] TZDATA Use internal timezone database (server)
[ ] DEBUG Builds with debugging symbols
[ ] ICU Use ICU for unicode collation (server)
[X] INTDATE Builds with 64-bit date/time type (server)
- make install clean
安裝 pgpool-II
- cd /usr/ports/databases/pgpool-II
- make install clean
安裝 dovecot
- 預留將來支援 dovecot sasl 的能力,詳情參考 Postfix with Dovecot SASL
- cd /usr/ports/mail/dovecot
- make config
[X] KQUEUE kqueue(2) support
[X] SSL SSL support
[X] IPV6 IPv6 support
[X] POP3 POP3 support
[X] LDA LDA support
[ ] GSSAPI GSSAPI support
[ ] VPOPMAIL VPopMail support
[ ] LDAP OpenLDAP support
[X] PGSQL PostgreSQL support
[ ] MYSQL MySQL support
[ ] SQLITE SQLite support
- make install clean
安裝 Postfix
- /usr/ports/mail/postfix
- make config
[X] PCRE Perl Compatible Regular Expressions
[ ] SASL2 Cyrus SASLv2 (Simple Auth. and Sec. Layer)
[X] DOVECOT Dovecot SASL authentication method
[ ] SASLKRB If your SASL req. Kerberos select this option
[ ] SASLKRB5 If your SASL req. Kerberos5 select this option
[ ] SASLKMIT If your SASL req. MIT Kerberos5 select this option
[X] TLS Enable SSL and TLS support
[X] BDB Berkeley DB (choose version with WITH_BDB_VER)
[ ] MYSQL MySQL maps (choose version with WITH_MYSQL_VER)
[X] PGSQL PostgreSQL maps (choose with DEFAULT_PGSQL_VER)
[ ] OPENLDAP OpenLDAP maps (choose ver. with WITH_OPENLDAP_VER)
[X] CDB CDB maps lookups
[ ] NIS NIS maps lookups
[X] VDA VDA (Virtual Delivery Agent)
[ ] TEST SMTP/LMTP test server and generator
- make all install clean
安裝 Amavisd-New
- cd /usr/ports/security/amavisd-new
- make config
[X] BDB Use BerkeleyDB for nanny/cache/snmp
[ ] SQLITE Use SQLite for lookups
[ ] MYSQL Use MySQL for lookups/logging/quarantine
[X] PGSQL Use PgSQL for lookups/logging/quarantine
[ ] LDAP Use LDAP for lookups
[ ] SASL Use SASL authentication
[X] MILTER Sendmail milter support
[X] SPAMASSASSIN Use mail/p5-Mail-SpamAssassin
[ ] P0F Passive operating system fingerprinting
[X] ALTERMIME Use AlterMime for defanging/disclaimers
[X] FILE Use newer file(1) utility from ports
[X] RAR RAR support with archivers/rar
[X] UNRAR RAR support with archivers/unrar
[X] ARJ ARJ support with archivers/arj
[X] UNARJ ARJ support with archivers/unarj
[X] LHA LHA support with archivers/lha
[X] ARC ARC support with archivers/arc
[X] NOMARCH ARC support with archivers/nomarch
[X] CAB CAB support with archivers/cabextract
[X] RPM RPM support with archivers/rpm2cpio
[X] ZOO ZOO support with archivers/zoo
[X] UNZOO ZOO support with archivers/unzoo
[X] LZOP LZOP support with archivers/lzop
[X] FREEZE FREEZE support with archivers/freeze
[X] P7ZIP P7ZIP support with archivers/p7zip
[X] MSWORD Ms Word support with textproc/ripole
[X] TNEF Add external tnef decoder converters/tnef
- make all install clean
安裝 SpamAssassin
- cd /usr/ports/mail/p5-Mail-SpamAssassin
- make config
[X] AS_ROOT Run spamd as root (recommended)
[X] SPAMC Build spamd/spamc (not for amavisd)
[X] SACOMPILE sa-compile
[X] DKIM DKIM/DomainKeys Identified Mail
[X] SSL Build with SSL support for spamd/spamc
[X] GNUPG Install GnuPG (for sa-update)
[ ] MYSQL Add MySQL support
[X] PGSQL Add PostreSQL support
[X] RAZOR Add Vipul's Razor support
[X] SPF_QUERY Add SPF query support
[X] RELAY_COUNTRY Relay country support
- make all install clean
安裝 Clamav
- cd /usr/ports/security/clamav
- make config
[X] ARC Enable arch archives support
[X] ARJ Enable arj archives support
[X] LHA Enable lha archives support
[X] UNZOO Enable zoo archives support
[X] UNRAR Enable rar archives support
[ ] MILTER Compile the milter interface
[ ] LDAP libmilter was built with LDAP
[X] ICONV Enable ICONV support
[X] STDERR Print logs to stderr instead of stdout
[ ] EXPERIMENTAL Build experimental code
- make all install clean
安裝 Postgrey
- cd /usr/ports/mail/postgrey
- make all install clean
資料庫設定
- 以 PostgreSQL-8.3.3 為 Storage
- 存取帳號為 vscan
- 資料庫依使用目的不同,分別建立:
- mail_prefs
- mail_log
- mail_bayes
- mail_awl
- spamassassin
Amavisd-New
- mail_prefs 資料庫的相關 Tables
-- local users
CREATE TABLE users (
id serial PRIMARY KEY, -- unique id
priority integer NOT NULL DEFAULT '7', -- sort field, 0 is low prior.
policy_id integer NOT NULL DEFAULT '1' CHECK (policy_id >= 0),
-- JOINs with policy.id
email bytea NOT NULL UNIQUE, -- email address, non-rfc2822-quoted
fullname varchar(255) DEFAULT NULL, -- not used by amavisd-new
local char(1) -- Y/N (optional field, see note further down)
);
-- any e-mail address (non- rfc2822-quoted), external or local,
-- used as senders in wblist
CREATE TABLE mailaddr (
id serial PRIMARY KEY,
priority integer NOT NULL DEFAULT '7', -- 0 is low priority
email bytea NOT NULL UNIQUE
);
-- per-recipient whitelist and/or blacklist,
-- puts sender and recipient in relation wb (white or blacklisted sender)
CREATE TABLE wblist (
rid integer NOT NULL CHECK (rid >= 0), -- recipient: users.id
sid integer NOT NULL CHECK (sid >= 0), -- sender: mailaddr.id
wb varchar(10) NOT NULL, -- W or Y / B or N / space=neutral / score
PRIMARY KEY (rid,sid)
);
CREATE TABLE policy (
id serial PRIMARY KEY, -- 'id' this is the _only_ required field
policy_name varchar(32), -- not used by amavisd-new, a comment
virus_lover char(1) default NULL, -- Y/N
spam_lover char(1) default NULL, -- Y/N
banned_files_lover char(1) default NULL, -- Y/N
bad_header_lover char(1) default NULL, -- Y/N
bypass_virus_checks char(1) default NULL, -- Y/N
bypass_spam_checks char(1) default NULL, -- Y/N
bypass_banned_checks char(1) default NULL, -- Y/N
bypass_header_checks char(1) default NULL, -- Y/N
spam_modifies_subj char(1) default NULL, -- Y/N
virus_quarantine_to varchar(64) default NULL,
spam_quarantine_to varchar(64) default NULL,
banned_quarantine_to varchar(64) default NULL,
bad_header_quarantine_to varchar(64) default NULL,
clean_quarantine_to varchar(64) default NULL,
other_quarantine_to varchar(64) default NULL,
spam_tag_level real default NULL, -- higher score inserts spam info headers
spam_tag2_level real default NULL, -- inserts 'declared spam' header fields
spam_kill_level real default NULL, -- higher score triggers evasive actions
-- e.g. reject/drop, quarantine, ...
-- (subject to final_spam_destiny setting)
spam_dsn_cutoff_level real default NULL,
spam_quarantine_cutoff_level real default NULL,
addr_extension_virus varchar(64) default NULL,
addr_extension_spam varchar(64) default NULL,
addr_extension_banned varchar(64) default NULL,
addr_extension_bad_header varchar(64) default NULL,
warnvirusrecip char(1) default NULL, -- Y/N
warnbannedrecip char(1) default NULL, -- Y/N
warnbadhrecip char(1) default NULL, -- Y/N
newvirus_admin varchar(64) default NULL,
virus_admin varchar(64) default NULL,
banned_admin varchar(64) default NULL,
bad_header_admin varchar(64) default NULL,
spam_admin varchar(64) default NULL,
spam_subject_tag varchar(64) default NULL,
spam_subject_tag2 varchar(64) default NULL,
message_size_limit integer default NULL, -- max size in bytes, 0 disable
banned_rulenames varchar(64) default NULL -- comma-separated list of ...
-- names mapped through %banned_rules to actual banned_filename tables
);
- mail_log 資料庫相關的 Tables
-- R/W part of the dataset (optional)
-- May reside in the same or in a separate database as lookups database;
-- REQUIRES SUPPORT FOR TRANSACTIONS; specified in @storage_sql_dsn
--
-- Please create additional indexes on keys when needed, or drop suggested
-- ones as appropriate to optimize queries needed by a management application.
-- See your database documentation for further optimization hints.
-- provide unique id for each e-mail address, avoids storing copies
CREATE TABLE maddr (
partition_tag integer DEFAULT 0, -- see $sql_partition_tag
id serial PRIMARY KEY,
email bytea NOT NULL, -- full e-mail address
domain varchar(255) NOT NULL, -- only domain part of the email address
-- with subdomain fields in reverse
CONSTRAINT part_email UNIQUE (partition_tag,email)
);
-- information pertaining to each processed message as a whole;
-- NOTE: records with NULL msgs.content should be ignored by utilities,
-- as such records correspond to messages just being processes, or were lost
CREATE TABLE msgs (
partition_tag integer DEFAULT 0, -- see $sql_partition_tag
mail_id varchar(12) NOT NULL PRIMARY KEY, -- long-term unique mail id
secret_id varchar(12) DEFAULT '', -- authorizes release of mail_id
am_id varchar(20) NOT NULL, -- id used in the log
time_num integer NOT NULL CHECK (time_num >= 0),
-- rx_time: seconds since Unix epoch
time_iso timestamp WITH TIME ZONE NOT NULL,-- rx_time: ISO8601 UTC ascii time
sid integer NOT NULL CHECK (sid >= 0), -- sender: maddr.id
policy varchar(255) DEFAULT '', -- policy bank path (like macro %p)
client_addr varchar(255) DEFAULT '', -- SMTP client IP address (IPv4 or v6)
size integer NOT NULL CHECK (size >= 0), -- message size in bytes
content char(1), -- content type: V/B/S/s/M/H/O/C:
-- virus/banned/spam(kill)/spammy(tag2)
-- /bad mime/bad header/oversized/clean
-- is NULL on partially processed mail
quar_type char(1), -- quarantined as: ' '/F/Z/B/Q/M/L
-- none/file/zipfile/bsmtp/sql/
-- /mailbox(smtp)/mailbox(lmtp)
quar_loc varchar(255) DEFAULT '', -- quarantine location (e.g. file)
dsn_sent char(1), -- was DSN sent? Y/N/q (q=quenched)
spam_level real, -- SA spam level (no boosts)
message_id varchar(255) DEFAULT '', -- mail Message-ID header field
from_addr varchar(255) DEFAULT '', -- mail From header field, UTF8
subject varchar(255) DEFAULT '', -- mail Subject header field, UTF8
host varchar(255) NOT NULL, -- hostname where amavisd is running
FOREIGN KEY (sid) REFERENCES maddr(id) ON DELETE RESTRICT
);
CREATE INDEX msgs_idx_sid ON msgs (sid);
CREATE INDEX msgs_idx_mess_id ON msgs (message_id); -- useful with pen pals
CREATE INDEX msgs_idx_time_iso ON msgs (time_iso);
CREATE INDEX msgs_idx_time_num ON msgs (time_num); -- optional
-- per-recipient information related to each processed message;
-- NOTE: records in msgrcpt without corresponding msgs.mail_id record are
-- orphaned and should be ignored and eventually deleted by external utilities
CREATE TABLE msgrcpt (
partition_tag integer DEFAULT 0, -- see $sql_partition_tag
mail_id varchar(12) NOT NULL, -- (must allow duplicates)
rid integer NOT NULL CHECK (rid >= 0),
-- recipient: maddr.id (duplicates allowed)
ds char(1) NOT NULL, -- delivery status: P/R/B/D/T
-- pass/reject/bounce/discard/tempfail
rs char(1) NOT NULL, -- release status: initialized to ' '
bl char(1) DEFAULT ' ', -- sender blacklisted by this recip
wl char(1) DEFAULT ' ', -- sender whitelisted by this recip
bspam_level real, -- spam level + per-recip boost
smtp_resp varchar(255) DEFAULT '', -- SMTP response given to MTA
FOREIGN KEY (rid) REFERENCES maddr(id) ON DELETE RESTRICT,
FOREIGN KEY (mail_id) REFERENCES msgs(mail_id) ON DELETE CASCADE
);
CREATE INDEX msgrcpt_idx_mail_id ON msgrcpt (mail_id);
CREATE INDEX msgrcpt_idx_rid ON msgrcpt (rid);
-- mail quarantine in SQL, enabled by $*_quarantine_method='sql:'
-- NOTE: records in quarantine without corresponding msgs.mail_id record are
-- orphaned and should be ignored and eventually deleted by external utilities
CREATE TABLE quarantine (
partition_tag integer DEFAULT 0, -- see $sql_partition_tag
mail_id varchar(12) NOT NULL, -- long-term unique mail id
chunk_ind integer NOT NULL CHECK (chunk_ind >= 0), -- chunk number, 1..
mail_text bytea NOT NULL, -- store mail as chunks of octects
PRIMARY KEY (mail_id,chunk_ind),
FOREIGN KEY (mail_id) REFERENCES msgs(mail_id) ON DELETE CASCADE
);
-- field msgrcpt.rs is primarily intended for use by quarantine management
-- software; the value assigned by amavisd is a space;
-- a short _preliminary_ list of possible values:
-- 'V' => viewed (marked as read)
-- 'R' => released (delivered) to this recipient
-- 'p' => pending (a status given to messages when the admin received the
-- request but not yet released; targeted to banned parts)
-- 'D' => marked for deletion; a cleanup script may delete it
SpamAssassin
- mail_awl
CREATE TABLE awl (
username varchar(100) NOT NULL default '',
email varchar(200) NOT NULL default '',
ip varchar(10) NOT NULL default '',
count bigint default '0',
totscore float default '0'
);
CREATE UNIQUE INDEX awl_pkey ON awl (username,email,ip);
- mail_bayes
CREATE LANGUAGE plpgsql;
CREATE TABLE bayes_expire (
id integer NOT NULL default '0',
runtime integer NOT NULL default '0'
) WITHOUT OIDS;
CREATE INDEX bayes_expire_idx1 ON bayes_expire (id);
CREATE TABLE bayes_global_vars (
variable varchar(30) NOT NULL default '',
value varchar(200) NOT NULL default '',
PRIMARY KEY (variable)
) WITHOUT OIDS;
INSERT INTO bayes_global_vars VALUES ('VERSION','3');
CREATE TABLE bayes_seen (
id integer NOT NULL default '0',
msgid varchar(200) NOT NULL default '',
flag character(1) NOT NULL default '',
PRIMARY KEY (id,msgid)
) WITHOUT OIDS;
CREATE TABLE bayes_token (
id integer NOT NULL default '0',
token bytea NOT NULL default '',
spam_count integer NOT NULL default '0',
ham_count integer NOT NULL default '0',
atime integer NOT NULL default '0',
PRIMARY KEY (id,token)
) WITHOUT OIDS;
CREATE INDEX bayes_token_idx1 ON bayes_token (token);
CREATE TABLE bayes_vars (
id serial NOT NULL,
username varchar(200) NOT NULL default '',
spam_count integer NOT NULL default '0',
ham_count integer NOT NULL default '0',
token_count integer NOT NULL default '0',
last_expire integer NOT NULL default '0',
last_atime_delta integer NOT NULL default '0',
last_expire_reduce integer NOT NULL default '0',
oldest_token_age integer NOT NULL default '2147483647',
newest_token_age integer NOT NULL default '0',
PRIMARY KEY (id)
) WITHOUT OIDS;
CREATE UNIQUE INDEX bayes_vars_idx1 ON bayes_vars (username);
CREATE OR REPLACE FUNCTION greatest_int (integer, integer)
RETURNS INTEGER
IMMUTABLE STRICT
AS 'SELECT CASE WHEN $1 < $2 THEN $2 ELSE $1 END;'
LANGUAGE SQL;
CREATE OR REPLACE FUNCTION least_int (integer, integer)
RETURNS INTEGER
IMMUTABLE STRICT
AS 'SELECT CASE WHEN $1 < $2 THEN $1 ELSE $2 END;'
LANGUAGE SQL;
CREATE OR REPLACE FUNCTION put_tokens(inuserid INTEGER,
intokenary BYTEA[],
inspam_count INTEGER,
inham_count INTEGER,
inatime INTEGER)
RETURNS VOID AS '
DECLARE
_token BYTEA;
new_tokens INTEGER := 0;
BEGIN
for i in array_lower(intokenary, 1) .. array_upper(intokenary, 1)
LOOP
_token := intokenary[i];
UPDATE bayes_token
SET spam_count = greatest_int(spam_count + inspam_count, 0),
ham_count = greatest_int(ham_count + inham_count, 0),
atime = greatest_int(atime, inatime)
WHERE id = inuserid
AND token = _token;
IF NOT FOUND THEN
-- we do not insert negative counts, just return true
IF NOT (inspam_count < 0 OR inham_count < 0) THEN
INSERT INTO bayes_token (id, token, spam_count, ham_count, atime)
VALUES (inuserid, _token, inspam_count, inham_count, inatime);
IF FOUND THEN
new_tokens := new_tokens + 1;
END IF;
END IF;
END IF;
END LOOP;
IF new_tokens > 0 AND inatime > 0 THEN
UPDATE bayes_vars
SET token_count = token_count + new_tokens,
newest_token_age = greatest_int(newest_token_age, inatime),
oldest_token_age = least_int(oldest_token_age, inatime)
WHERE id = inuserid;
ELSEIF new_tokens > 0 AND NOT inatime > 0 THEN
UPDATE bayes_vars
SET token_count = token_count + new_tokens
WHERE id = inuserid;
ELSEIF NOT new_tokens > 0 AND inatime > 0 THEN
UPDATE bayes_vars
SET newest_token_age = greatest_int(newest_token_age, inatime),
oldest_token_age = least_int(oldest_token_age, inatime)
WHERE id = inuserid;
END IF;
RETURN;
END;
' LANGUAGE 'plpgsql';
- spamassassin
CREATE TABLE userpref (
prefid bigserial NOT NULL unique primary key,
username varchar(100) NOT NULL,
preference varchar(30) NOT NULL,
value varchar(100) NOT NULL
);
CREATE INDEX userpref_username_idx ON userpref(username);
設定
使用帳號與 Group 設定
- amavisd 和 clamav 一般而言,在執行的時候都會採用同一個帳號,但是也可以分成不同的帳號。建議採用不同帳號。
- 使用各自獨立的帳號:
- amavisd 執行帳號預設為 vscan
- clamav 執行帳號預設為 clamav
- 修改 /etc/group 檔案,把 amavisd 執行時期的帳號 'vscan' 加入 'clamav' 的 Group 群組當中。
SpamAssassin
- /usr/local/etc/mail/spamassassin/local.cf
# Add *****SPAM***** to the Subject header of spam e-mails
rewrite_header Subject ***SPAM***
# Save spam messages as a message/rfc822 MIME attachment instead of modifying the original message (0: off, 2: use text/plain instead)
report_safe 1
# Set which networks or hosts are considered 'trusted' by your mail server (i.e. not spammers)
# trusted_networks 212.17.35.
# Set file-locking method (flock is not safe over NFS, but is faster)
lock_method flock
# Set the threshold at which a message is considered spam (default: 5.0)
required_score 5.0
# Use Bayesian classifier (default: 1)
use_bayes 1
# Bayesian classifier auto-learning (default: 1)
bayes_auto_learn 1
# Set headers which may provide inappropriate cues to the Bayesian classifier
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status
# Database Connection Configuration
user_scores_dsn DBI:Pg:dbname=spamassassin;host=localhost
user_scores_sql_username [use database username]
user_scores_sql_password [database connect password]
user_awl_dsn DBI:Pg:mail_awl:localhost
user_awl_sql_username [connect database username]
user_awl_sql_password [connect database password]
user_awl_sql_table awl
bayes_store_module Mail::SpamAssassin::BayesStore::PgSQL
bayes_sql_dsn DBI:Pg:mail_bayes:localhost
bayes_sql_username [connect database username]
bayes_sql_password [connect database password]
# Options
score DCC_CHECK 1.000
score BAZOR2_CHECK 1.000
score BAYES_99 2.500
score BAYES_90 2.000
score BAYES_80 1.500
score HEAD_ILLEGAL_CHARS 0
score SUBJ_ILLEGAL_CHARS 0
score HEADER_8BITS 0
score HTML_COMMENT_8BITS 0
score SUBJ_FULL_OF_8BITS 0
score UPPERCASE_25_50 0
score UPPERCASE_50_75 0
score UPPERCASE_75_100 0
score FH_HOST_EQ_D_D_D_D 0.005
Amavisd-New
- 執行者帳號設定
$daemon_user = 'vscan'; # (no default; customary: vscan or amavis), -u
$daemon_group = 'vscan'; # (no default; customary: vscan or amavis), -g
- 資料庫存取設定: /usr/local/etc/amavisd.conf
# to prevent amavisd complain about 'types bytea and character varying cannot be matched'
# only for PostgreSQL as database backend.
$sql_allow_8bit_address = 1
@lookup_sql_dsn =
([ 'DBI:Pg:database=mail_prefs', '[connect to database username]', '[connect to database password]' ]);
@storage_sql_dsn =
([ 'DBI:Pg:database=mail_log', '[connect to database username]', '[connect to database password]' ]);
- 掃毒程式設定,Unix Socket 要與 clamav 中的設定一致: /var/run/clamav/clamd.sock
@av_scanners = (
# ### http://www.clamav.net/
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);
Clamav
- 因為我們把 amavisd 以及 clamav 區分為兩個獨立帳號,所以要修改 /usr/local/etc/clamd.conf 當中 AllowSupplementaryGroups 預設值為 yes
# Initialize supplementary group access (clamd must be started by root).
# Default: no
AllowSupplementaryGroups yes
- 提供 amavisd 連線的 unix socket
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /var/run/clamav/clamd.sock
與 Postfix 相關的支援設定
Amavisd-New
- 檔案 /usr/local/etc/amavisd.conf
- 接收來自於 Postfix 的連線請求的連線埠
$inet_socket_port = 10024;
- 預設由 Postfix 處理後轉出的連線埠,通常採用預設值即可,可以不必設定
$notify_method = 'smtp:[127.0.0.1]:20025';
$forward_method = 'smtp:[127.0.0.1]:20025';
系統設定
- 取消傳統的 sendmail 每日維護機制, 修改 /etc/periodic.conf 檔案:
- 內容
daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"
設定 Postfix 與 Amavisd-New 連線
- 設定 mail filter, 在 /usr/local/etc/postfix/main.cf 當中加入:
content_filter=smtp-amavis:[127.0.0.1]:10024
- 利用 stmp 把 mail 送到 Amavisd-New 去處理的設定,設定檔為: /usr/local/etc/postfix/master.cf
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o smtp_tls_note_starttls_offer=no
- 接收由 Amavisd 處理後回送的信件
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o local_header_rewrite_clients=
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=
-o strict_rfc821_envelopes=yes
讓 Postfix 支援 spamhaus 與 dnsbl 廣告攔截聯盟
- 檔案 /usr/local/etc/postfix/main.cf
- 設定內容
# Receive Mail Limitations
smtpd_recipient_restrictions =
permit_mynetworks,
check_recipient_access hash:/usr/local/etc/postfix/access,
check_sender_access hash:/usr/local/etc/postfix/access,
check_client_access hash:/usr/local/etc/postfix/access,
reject_unauth_destination,
reject_unknown_recipient_domain,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client dul.dnsbl.sorbs.net,
check_policy_service inet:127.0.0.1:10023,
permit
smtpd_client_restrictions =
permit_mynetworks,
check_recipient_access hash:/usr/local/etc/postfix/access,
check_sender_access hash:/usr/local/etc/postfix/access,
check_client_access hash:/usr/local/etc/postfix/access,
reject_unknown_sender_domain,
reject_unauth_pipelining
reject_unknown_client,
reject_unknown_hostname,
reject_invalid_hostname,
permit
smtpd_helo_restrictions =
permit_mynetworks,
check_recipient_access hash:/usr/local/etc/postfix/access,
check_sender_access hash:/usr/local/etc/postfix/access,
check_client_access hash:/usr/local/etc/postfix/access,
reject_rbl_client list.dsbl.org,
permit
smtpd_sender_restrictions =
permit_mynetworks,
check_recipient_access hash:/usr/local/etc/postfix/access,
check_sender_access hash:/usr/local/etc/postfix/access,
check_client_access hash:/usr/local/etc/postfix/access,
reject_unknown_sender_domain
reject_rhsbl_sender dsn.rfc-ignorant.org,
permit
其它額外的 postfix 設定
- 取消 VRFY 功能,防止利用 VRFY 來查帳號是否存在藉以發送廣告信的可能性:
# disable VRFY command
disable_vrfy_command = yes
- 改用 Maildir 的方式儲存信件
# DELIVERY TO MAILBOX
home_mailbox = Maildir/
啟動系統
Postgrey
- 設定 /etc/rc.conf
postgrey_enable="YES"
- 執行程式
/usr/local/etc/rc.d/postgrey start
- 修改 /usr/local/etc/postfix/main.cf,在 smtpd_recipient_restrictions 加入設定,之後重起 postfix
check_policy_service inet:127.0.0.1:10023
Clamav
- 設定 /etc/rc.conf
# Clamav
clamav_freshclam_enable="YES"
clamav_clamd_enable="YES"
- 執行程式
/usr/local/etc/rc.d/clamav-freshclam start
/usr/local/etc/rc.d/clamav-clamd start
SpamAssassin
- 設定 /etc/rc.conf
spamd_enable="YES"
- 執行程式
/usr/local/etc/rc.d/sa-spamd start
Amavisd
- 設定 /etc/rc.conf
amavisd_enable="YES"
- 執行程式
/usr/local/etc/rc.d/amavisd start
Postfix
- 設定 /etc/rc.conf
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
postfix_enable="YES"
- 執行程式
/usr/local/etc/rc.d/postfix start
|
|
|
Copyright © 1999-2009 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding Moya's Blog? Send feedback.
|
|
