以下配置在zimbra8.5中测试,未在其他版本中测试过,不能保证是否有效。
安装如下:
系统环境:CentOS 6.5 x86_64
Zimbra版本:zimbra 8.5.0
1.zimbra官网:http://www.zimbra.com/ 进入官网下载开源版本,
我此时下载的为http://files2.zimbra.com/downloads/8.5.0_GA/zcs-8.5.0_GA_3042.RHEL6_64.20140828192005.tgz
2.zimbra不支持32位系统安装,请使用64为系统;
3.zimbra在安装时要检测MX,所以要在之前配置好dns MX解析;
4.安装会安装到/opt目录,请确保/opt目录由足够空间
安装前:
1.关闭selinux,编辑/etc/selinux/config
SELINUX=disabled
2.开放防火墙端口,编辑/etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 7071 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8087 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 993 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 995 -j ACCEPT
3.配置主机名,编辑/etc/sysconfig/network
HOSTNAME=mail.domain.com
4.配置hosts,编辑/etc/hosts
10.172.250.121 mail.domain.com
5.关闭sendmail或postfix服务,避免25端口被占用
/etc/init.d/sendmail stop
chkconfig sendmail off
/etc/init.d/postfix stop
chkconfig postfix off
6.重启服务器,确保所有配置生效
# reboot
一、安装dnsmasq
1.安装dnsmasq
# yum install dnsmasq bind-utils
2.配置dnsmasq
# cp /etc/dnsmasq.conf /etc/dnsmasq.conf.bak
添加以下到/etc/dnsmasq.conf
no-resolv
server=127.0.0.1
domain=domain.com
mx-host=domain.com,mail.domain.com,5
添加以下到/etc/resolv.conf
nameserver 127.0.0.1
启动dnsmasq
# /etc/init.d/dnsmasq start
测试:
[root@mail ~]# dig domian.com MX
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> domain.com MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38013
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;domain.com. IN MX
;; ANSWER SECTION:
domain.com. 0 IN MX 5 mail.domain.com.
;; ADDITIONAL SECTION:
mail.domain.com. 0 IN A 10.172.250.121
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Oct 22 14:20:02 2014
;; MSG SIZE rcvd: 73
[root@mail ~]#
测试成功。
二、安装zimbra
1.解压
# tar -zxvf zcs-8.5.0_GA_3042.RHEL6_64.20140828192005.tgz
# cd zcs-8.5.0_GA_3042.RHEL6_64.20140828192005
2.运行安装脚本
# ./install.sh
到此处填写y,继续
Do you agree with the terms of the software license agreement? [N] y
到下面发现少包:
Checking for prerequisites...
FOUND: NPTL
MISSING: nc
FOUND: sudo-1.8.6p3-12
FOUND: libidn-1.18-2
FOUND: gmp-4.3.1-7
FOUND: libaio-0.3.107-10
FOUND: libstdc++-4.4.7-4
FOUND: unzip-6.0-1
Checking for suggested prerequisites...
FOUND: perl-5.10.1
FOUND: sysstat
FOUND: sqlite
###ERROR###
One or more prerequisite packages are missing.
Please install them before running this installer.
Installation cancelled.
安装缺失的包nc:# yum -y install nc
再次运行安装脚本,安装日志如下:
[root@mail zcs-8.5.0_GA_3042.RHEL6_64.20140828192005]# ./install.sh
Operations logged to /tmp/install.log.28012
Checking for existing installation...
zimbra-ldap...NOT FOUND
zimbra-logger...NOT FOUND
zimbra-mta...NOT FOUND
zimbra-dnscache...NOT FOUND
zimbra-snmp...NOT FOUND
zimbra-store...NOT FOUND
zimbra-apache...NOT FOUND
zimbra-spell...NOT FOUND
zimbra-convertd...NOT FOUND
zimbra-memcached...NOT FOUND
zimbra-proxy...NOT FOUND
zimbra-archiving...NOT FOUND
zimbra-cluster...NOT FOUND
zimbra-core...NOT FOUND
PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE.
ZIMBRA, INC. ("ZIMBRA") WILL ONLY LICENSE THIS SOFTWARE TO YOU IF YOU
FIRST ACCEPT THE TERMS OF THIS AGREEMENT. BY DOWNLOADING OR INSTALLING
THE SOFTWARE, OR USING THE PRODUCT, YOU ARE CONSENTING TO BE BOUND BY
THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS
AGREEMENT, THEN DO NOT DOWNLOAD, INSTALL OR USE THE PRODUCT.
License Terms for the Zimbra Collaboration Suite:
http://www.zimbra.com/license/zimbra-public-eula-2-5.html
Do you agree with the terms of the software license agreement? [N] y
Checking for prerequisites...
FOUND: NPTL
FOUND: nc-1.84-22
FOUND: sudo-1.8.6p3-12
FOUND: libidn-1.18-2
FOUND: gmp-4.3.1-7
FOUND: libaio-0.3.107-10
FOUND: libstdc++-4.4.7-4
FOUND: unzip-6.0-1
Checking for suggested prerequisites...
FOUND: perl-5.10.1
FOUND: sysstat
FOUND: sqlite
Prerequisite check complete.
Checking for installable packages
Found zimbra-core
Found zimbra-ldap
Found zimbra-logger
Found zimbra-mta
Found zimbra-dnscache
Found zimbra-snmp
Found zimbra-store
Found zimbra-apache
Found zimbra-spell
Found zimbra-memcached
Found zimbra-proxy
Select the packages to install
Install zimbra-ldap [Y] y
Install zimbra-logger [Y] y
Install zimbra-mta [Y] y
Install zimbra-dnscache [Y] y
Install zimbra-snmp [Y] y
Install zimbra-store [Y] y
Install zimbra-apache [Y] y
Install zimbra-spell [Y] y
Install zimbra-memcached [Y] y
Install zimbra-proxy [Y] y
Checking required space for zimbra-core
Checking space for zimbra-store
Checking required packages for zimbra-store
zimbra-store package check complete.
Installing:
zimbra-core
zimbra-ldap
zimbra-logger
zimbra-mta
zimbra-dnscache
zimbra-snmp
zimbra-store
zimbra-apache
zimbra-spell
zimbra-memcached
zimbra-proxy
The system will be modified. Continue? [N] y
Removing /opt/zimbra
Removing zimbra crontab entry...done.
Cleaning up zimbra init scripts...done.
Cleaning up /etc/ld.so.conf...done.
Cleaning up /etc/prelink.conf...done.
Cleaning up /etc/security/limits.conf...done.
Finished removing Zimbra Collaboration Server.
Installing packages
zimbra-core......zimbra-core-8.5.0_GA_3042.RHEL6_64-20140828192005.x86_64.rpm...done
zimbra-ldap......zimbra-ldap-8.5.0_GA_3042.RHEL6_64-20140828192005.x86_64.rpm...done
zimbra-logger......zimbra-logger-8.5.0_GA_3042.RHEL6_64-20140828192005.x86_64.rpm...done
zimbra-mta......zimbra-mta-8.5.0_GA_3042.RHEL6_64-20140828192005.x86_64.rpm...done
zimbra-dnscache......zimbra-dnscache-8.5.0_GA_3042.RHEL6_64-20140828192005.x86_64.rpm...done
zimbra-snmp......zimbra-snmp-8.5.0_GA_3042.RHEL6_64-20140828192005.x86_64.rpm...done
zimbra-store......zimbra-store-8.5.0_GA_3042.RHEL6_64-20140828192005.x86_64.rpm...done
zimbra-apache......zimbra-apache-8.5.0_GA_3042.RHEL6_64-20140828192005.x86_64.rpm...done
zimbra-spell......zimbra-spell-8.5.0_GA_3042.RHEL6_64-20140828192005.x86_64.rpm...done
zimbra-memcached......zimbra-memcached-8.5.0_GA_3042.RHEL6_64-20140828192005.x86_64.rpm...done
zimbra-proxy......zimbra-proxy-8.5.0_GA_3042.RHEL6_64-20140828192005.x86_64.rpm...done
Operations logged to /tmp/zmsetup10222014-145244.log
Installing LDAP configuration database...done.
Setting defaults.../opt/zimbra/postfix/sbin/postconf: warning: inet_protocols: disabling IPv6 name/address support: Address family not supported by protocol
DNS ERROR resolving MX for mail.domain.com
It is suggested that the domain name have an MX record configured in DNS
Change domain name? [Yes] yes
Create domain: [mail.domain.com] domain.com
MX: mail.domain.com (10.172.250.121)
Interface: 10.172.250.121
Interface: 127.0.0.1
done.
Checking for port conflicts
Port conflict detected: 53 (zimbra-dnscache)
Port conflicts detected! - Press Enter/Return key to continue
Main menu
1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-logger: Enabled
4) zimbra-mta: Enabled
5) zimbra-dnscache: Enabled
6) zimbra-snmp: Enabled
7) zimbra-store: Enabled
+Create Admin User: yes
+Admin user to create: [email protected]
******* +Admin Password UNSET
+Anti-virus quarantine user: [email protected]
+Enable automated spam training: yes
+Spam training user: [email protected]
+Non-spam(Ham) training user: [email protected]
+SMTP host: mail.domain.com
+Web server HTTP port: 8080
+Web server HTTPS port: 8443
+Web server mode: https
+IMAP server port: 7143
+IMAP server SSL port: 7993
+POP server port: 7110
+POP server SSL port: 7995
+Use spell check server: yes
+Spell server URL: http://mail.domain.com:7780/aspell.php
+Enable version update checks: TRUE
+Enable version update notifications: TRUE
+Version update notification email: [email protected]
+Version update source email: [email protected]
+Install mailstore (service webapp): yes
+Install UI (zimbra,zimbraAdmin webapps): yes
8) zimbra-spell: Enabled
9) zimbra-proxy: Enabled
10) Default Class of Service Configuration:
s) Save config to file
x) Expand menu
q) Quit
Address unconfigured (**) items (? - help) 7
Store configuration
1) Status: Enabled
2) Create Admin User: yes
3) Admin user to create: [email protected]
** 4) Admin Password UNSET
5) Anti-virus quarantine user: [email protected]
6) Enable automated spam training: yes
7) Spam training user: [email protected]
8) Non-spam(Ham) training user: [email protected]
9) SMTP host: mail.domain.com
10) Web server HTTP port: 8080
11) Web server HTTPS port: 8443
12) Web server mode: https
13) IMAP server port: 7143
14) IMAP server SSL port: 7993
15) POP server port: 7110
16) POP server SSL port: 7995
17) Use spell check server: yes
18) Spell server URL: http://mail.domain.com:7780/aspell.php
19) Enable version update checks: TRUE
20) Enable version update notifications: TRUE
21) Version update notification email: [email protected]
22) Version update source email: [email protected]
23) Install mailstore (service webapp): yes
24) Install UI (zimbra,zimbraAdmin webapps): yes
Select, or 'r' for previous menu [r] 4
Password for [email protected] (min 6 characters): [yJVm9XbfhU] yJVm9XbfhU
Store configuration
1) Status: Enabled
2) Create Admin User: yes
3) Admin user to create: [email protected]
4) Admin Password set
5) Anti-virus quarantine user: [email protected]
6) Enable automated spam training: yes
7) Spam training user: [email protected]
8) Non-spam(Ham) training user: [email protected]
9) SMTP host: mail.domain.com
10) Web server HTTP port: 8080
11) Web server HTTPS port: 8443
12) Web server mode: https
13) IMAP server port: 7143
14) IMAP server SSL port: 7993
15) POP server port: 7110
16) POP server SSL port: 7995
17) Use spell check server: yes
18) Spell server URL: http://mail.domain.com:7780/aspell.php
19) Enable version update checks: TRUE
20) Enable version update notifications: TRUE
21) Version update notification email: [email protected]
22) Version update source email: [email protected]
23) Install mailstore (service webapp): yes
24) Install UI (zimbra,zimbraAdmin webapps): yes
Select, or 'r' for previous menu [r] r
Main menu
1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-logger: Enabled
4) zimbra-mta: Enabled
5) zimbra-dnscache: Enabled
6) zimbra-snmp: Enabled
7) zimbra-store: Enabled
8) zimbra-spell: Enabled
9) zimbra-proxy: Enabled
10) Default Class of Service Configuration:
s) Save config to file
x) Expand menu
q) Quit
*** CONFIGURATION COMPLETE - press 'a' to apply
Select from menu, or press 'a' to apply config (? - help) a
Save configuration data to a file? [Yes] yes
Save config in file: [/opt/zimbra/config.5533]
Saving config in /opt/zimbra/config.5533...done.
The system will be modified - continue? [No] yes
Operations logged to /tmp/zmsetup10222014-145244.log
Setting local config values...done.
Initializing core config...Setting up CA...done.
Deploying CA to /opt/zimbra/conf/ca ...done.
Creating SSL zimbra-store certificate...done.
Creating new zimbra-ldap SSL certificate...done.
Creating new zimbra-mta SSL certificate...done.
Creating new zimbra-proxy SSL certificate...done.
Installing mailboxd SSL certificates...done.
Installing MTA SSL certificates...done.
Installing LDAP SSL certificate...done.
Installing Proxy SSL certificate...done.
Initializing ldap...done.
Setting replication password...done.
Setting Postfix password...done.
Setting amavis password...done.
Setting nginx password...done.
Setting BES searcher password...done.
Creating server entry for mail.domain.com...done.
Setting Zimbra IP Mode...done.
Saving CA in ldap ...done.
Saving SSL Certificate in ldap ...done.
Setting spell check URL...done.
Setting service ports on mail.domain.com...done.
Setting zimbraFeatureTasksEnabled=TRUE...done.
Setting zimbraFeatureBriefcasesEnabled=TRUE...done.
Setting Master DNS IP address(es)...done.
Setting DNS cache tcp lookup preference...done.
Setting DNS cache udp lookup preference...done.
Setting DNS tcp upstream preference...done.
Setting MTA auth host...done.
Setting TimeZone Preference...done.
Initializing mta config...done.
Setting services on mail.domain.com...done.
Adding mail.domain.com to zimbraMailHostPool in default COS...done.
Creating domain domain.com...done.
Setting default domain name...done.
Creating domain domain.com...already exists.
Creating admin account [email protected].
Creating root alias...done.
Creating postmaster alias...done.
Creating user [email protected].
Creating user [email protected].
Creating user [email protected].
Setting spam training and Anti-virus quarantine accounts...done.
Initializing store sql database...done.
Setting zimbraSmtpHostname for mail.domain.com...done.
Configuring SNMP...done.
Setting up syslog.conf...done.
Starting servers...done.
Installing common zimlets...
com_zimbra_webex...done.
com_zimbra_phone...done.
com_zimbra_ymemoticons...done.
com_zimbra_attachcontacts...done.
com_zimbra_clientuploader...done.
com_zimbra_linkedinimage...done.
com_zimbra_proxy_config...done.
com_zimbra_tooltip...done.
com_zimbra_viewmail...done.
com_zimbra_attachmail...done.
com_zimbra_mailarchive...done.
com_zimbra_adminversioncheck...done.
com_zimbra_cert_manager...done.
com_zimbra_date...done.
com_zimbra_bulkprovision...done.
com_zimbra_url...done.
com_zimbra_email...done.
com_zimbra_srchhighlighter...done.
Finished installing common zimlets.
Restarting mailboxd...done.
Creating galsync account for default domain...done.
You have the option of notifying Zimbra of your installation.
This helps us to track the uptake of the Zimbra Collaboration Server.
The only information that will be transmitted is:
The VERSION of zcs installed (8.5.0_GA_3042_RHEL6_64)
The ADMIN EMAIL ADDRESS created ([email protected])
Notify Zimbra of your installation? [Yes] yes
Notifying Zimbra of installation via http://www.zimbra.com/cgi-bin/[email protected]
ERROR: Notification failed
Setting up zimbra crontab...done.
Moving /tmp/zmsetup10222014-145244.log to /opt/zimbra/log
Configuration complete - press return to exit
[root@mail zcs-8.5.0_GA_3042.RHEL6_64.20140828192005]#
一、反垃圾病毒邮件配置
1.增加权值
在文件/opt/zimbra/conf/amavisd.conf.in中找到# read_hash("/var/amavis/sender_scores_sitewide"),部分,大概在340行左右,将你要信任或不信任的域或邮箱名按照格式填入下面,赋予合适的分值,分值越大表示不信任,分值越小表示信任(可理解为-10.0为信任,+10.0为阻断)。
如:我需要信任123@abc这个邮箱,可以这样添加
'[email protected]' => -10.0, (不要忘了后面的逗号,将其分值减少增加被信任的机率)
如:我不信任[email protected]这个邮箱,可以这样添加
'[email protected]' => +10.0, (不要忘了后面的逗号,将其分值增加就会判为垃圾邮件)
重启服务:
[zimbra@mail ~]$ zmamavisdctl reload
2.添加黑白名单
在文件/opt/zimbra/conf/amavisd.conf.in末尾添加以下:
read_hash(%whitelist_sender,'/opt/zimbra/conf/whitelist');
read_hash(%blacklist_sender,'/opt/zimbra/conf/blacklist');
创建黑白名单文件:
# touch /opt/zimbra/conf/{whitelist,blacklist}
授予拥有者为zimbra用户:
# chown zimbra /opt/zimbra/conf/whitelist
# chown zimbra /opt/zimbra/conf/blacklist
分别在文件中添加你需要设为白名单或黑名单的邮箱名或域名(一行一个),如:
# cat /opt/zimbra/conf/whitelist
gmail.com
# cat /opt/zimbra/conf/blacklist
currantcantaloupechef.com
musicroyalties.net
mapleleafmail.com
重启服务:
[zimbra@mail ~]$ zmamavisdctl reload
3.使用RBL列表
可使用中国反垃圾邮件联盟(http://www.anti-spam.org.cn/ )的RBL,在邮件管理后台 主页--配置--全局设置--MTA 的RBL列表项中填入 cblless.anti-spam.org.cn 然后保存。
查看/opt/zimbra/postfix/conf/main.cf文件中的smtpd_recipient_restrictions项有没有 reject_rbl_client cblless.anti-spam.org.cn 这个内容,如果没有的话说明还没生效,在root用户下执行/opt/zimbra/postfix/sbin/postfix reload
说明:
我遇到的情况:使用此方法确实能阻断掉许多垃圾邮件,但使用我的gmail邮箱给我发送的时候也被阻断了,目前没有找到解决办法,阻断的日志内容如下:
Nov 30 00:06:16 mail postfix/smtpd[13458]: connect from mail-ie0-f175.google.com[209.85.223.175]
Nov 30 00:06:18 mail postfix/smtpd[13458]: Anonymous TLS connection established from mail-ie0-f175.google.com[209.85.223.175]: TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)
Nov 30 00:06:19 mail postfix/smtpd[13458]: NOQUEUE: filter: RCPT from mail-ie0-f175.google.com[209.85.223.175]:
Nov 30 00:06:19 mail postfix/smtpd[13458]: NOQUEUE: filter: RCPT from mail-ie0-f175.google.com[209.85.223.175]:
Nov 30 00:06:19 mail postfix/smtpd[13458]: NOQUEUE: reject: RCPT from mail-ie0-f175.google.com[209.85.223.175]: 554 5.7.1 Service unavailable; Client host [209.85.223.175] blocked using cblless.anti-spam.org.cn; Mail from 209.85.223.175 refused, see http://www.anti-spam.org.cn/rbl_search.action?ip=209.85.223.175; from=
Nov 30 00:06:19 mail postfix/smtpd[13458]: disconnect from mail-ie0-f175.google.com[209.85.223.175]
4.关键字过滤
在/opt/zimbra/data/spamassassin/localrules/目录下新建规则文件custom_spam_rules.cf
可在网上找其他组织已经做好的规则文件,如http://www.ccert.edu.cn/spam/sa/Chinese_rules.cf(此链接已失效)
内容如下:
加入你要过滤的关键字(中文或英文都行),第1行表示主题为“my new photo”,第2行表示描述主题中包含“my new photo”,第3行表示遇到这类的邮件则为这封邮件加20分(就直接判断为垃圾邮件给删除了),如果不想被直接删除,建议分值设低点,也避免误判,我这里是已经确定这样的为垃圾邮件就这样设了。
还有注意文中的CN_SUBJECT_1,CN_SUBJECT_2,CN_SUBJECT_3,CN_SUBJECT_4 ... 如需要继续设置则按此规则设置,我最开始没注意直接拷贝添加新的规则,结果只有最后一组规则生效,原因就是因为这个没修改。
header CN_SUBJECT_1 Subject =~ /my new photo/
describe CN_SUBJECT_1 Subject contains "my new photo"
score CN_SUBJECT_1 20.0
header CN_SUBJECT_2 Subject =~ /my photo/
describe CN_SUBJECT_2 Subject contains "my photo"
score CN_SUBJECT_2 20.0
header CN_SUBJECT_3 Subject =~ /my icc/
describe CN_SUBJECT_3 Subject contains "my icc"
score CN_SUBJECT_3 20.0
header CN_SUBJECT_4 Subject =~ /优惠/
describe CN_SUBJECT_4 Subject contains "优惠"
score CN_SUBJECT_4 1.523
header CN_SUBJECT_5 Subject =~ /发票/
describe CN_SUBJECT_5 Subject contains "发票"
score CN_SUBJECT_5 1.324
重启服务:
[zimbra@mail ~]$ zmamavisdctl reload