在CentOS5中安裝Qmail商業郵件系統

chengkinhung

UID: 41838
帖子: 175
积分: 402
在线时间: 1 天 18 小时

21^# chengkinhung 发表于 2007-07-26 08:56

===============================================================================
4) 配置自动启动脚本:
===============================================================================
cp /usr/local/libexec/imapd.rc /etc/rc.d/init.d/imap;
cp /usr/local/libexec/imapd-ssl.rc /etc/rc.d/init.d/imaps;

/usr/local/sbin/authdaemond stop;
/usr/local/sbin/authdaemond start;

/etc/rc.d/init.d/imap stop;
/etc/rc.d/init.d/imaps stop;
/etc/rc.d/init.d/imap start;
/etc/rc.d/init.d/imaps start;

测试连接:
telnet localhost 143

-------------------------------------------------------------------------------
vi /etc/rc.d/rc.local; #请在authdaemond后面加入下面两行:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/usr/local/sbin/authdaemond start
/etc/rc.d/init.d/imap start
/etc/rc.d/init.d/imaps start
-------------------------------------------------------------------------------

请注意:
Courier-IMAP does not use inetd or xinetd. Any inetd or xinetd configuration
settings for the IMAP and POP3 ports must be turned off. Courier-IMAP will not
start if inetd or xinetd is listening for IMAP or POP3 connections.
===============================================================================

===============================================================================
5) 安装sqwebmail(webmail):
===============================================================================
参考网站: http://www.courier-mta.org/sqwebmail/
下载资源: http://www.courier-mta.org/download.php#sqwebmail

cd /usr/local/src/qmail/courier/;
wget http://prdownloads.sourceforge.n ... bmail-5.1.5.tar.bz2;
或者下載最新版本:
wget http://prdownloads.sourceforge.n ... bmail-5.1.6.tar.bz2;

tar jxvf sqwebmail-5.1.6.tar.bz2;
cd sqwebmail-5.1.6;

-------------------------------------------------------------------------------
設定環境參數:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
INCS=-I/usr/include/mysql;
export INCS;
LIBS='-L/usr/lib/mysql -lmysqlclient -lz';
export LIBS;
CPPFLAGS=-I/usr/include/mysql;
export CPPFLAGS;
LDFLAGS=-L/usr/lib/mysql;
export LDFLAGS;
-------------------------------------------------------------------------------

mkdir /var/www/sqwebmail/; (建立安裝目录)

-------------------------------------------------------------------------------
安装pcre-devel; #sqwebmail编译需要pcre资源,否则报错
-------------------------------------------------------------------------------
yum list | grep pcre; #先检查一下是否已经安装pcre套件
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
pcre.i386 4.5-3.2.RHEL4 installed
pcre-devel.i386 4.5-3.2.RHEL4 base
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
yum install pcre-devel;
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
开始安装:
-------------------------------------------------------------------------------
./configure \
--with-cachedir \
--without-gzip \
--enable-webpass=yes \
--enable-softtimeout=1800 \
--enable-autopurge=7 \
--enable-maxpurge=90 \
--enable-unicode \
--enable-cgibindir=/var/www/cgi-bin \
--prefix=/var/www/sqwebmail \
--enable-imagedir=/var/www/html/images/sqwebmail \
--enable-imageurl=/images/sqwebmail/ \
--with-maxargsize=20971520 \
--with-maxformargsize=20971520 \
--with-maxmsgsize=20971520 \
--without-ispell \
--with-authshadow \
--without-authmysql \
--with-authldap \
--with-authuserdb \
--with-authpwd \
--without-authpam \
--with-authvchkpw \
--without-authdaemon

make configure-check;
make;
make check;
make install-strip; # Do a make install if this doesn't work
make install-configure; # Install configuration files

检查安装生成的相关目录和权限是否正确:
ll /var/www/sqwebmail/; #这是程序主目录
ll /var/www/cgi-bin/sqwebmail; #这是web界面的cgi程序文件
ll /var/www/html/images/sqwebmail/; #这是web界面的图象资源目录

考虑安全因素,应将sqwebmail的属主设定为vpopmail.vchkpw用户和群组:
chown vpopmail.vchkpw /var/www/cgi-bin/sqwebmail;

/var/www/sqwebmail/libexec/sqwebmaild.rc start; #启动服务
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
设置开机自动启动:
-------------------------------------------------------------------------------
vi /etc/rc.d/rc.local; #加入如下一行:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/www/sqwebmail/libexec/sqwebmaild.rc start
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
设置定时执行清理cache的任务:
-------------------------------------------------------------------------------
vi /etc/crontab; #加入如下一行:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
20 * * * * root /var/www/sqwebmail/share/sqwebmail/cleancache.pl
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
测试安装结果: 打開瀏覽器,对应您的域名或者IP地址,输入如下连接:
-------------------------------------------------------------------------------
http://xxx.xxx.xxx.xxx/cgi-bin/sqwebmail

注意: 请在[User ID]中输入电邮地址全名,例如postmaster@test.com, 在[Password]中
输入此邮件用户帐号的密码.
-------------------------------------------------------------------------------
===============================================================================

===============================================================================
6) 安装maildrop(mail delivery agent with filtering abilities):
===============================================================================
maildrop是Courier mail server的一部分,用于Courier Mail Server的邮件过滤发送代理,
它可用来替代procmail作为本地邮件的发送代理.如果你想使用sqwebmail的郵件過濾(mail
filtering),你就必須安裝maildrop作為傳輸代理. 绝大多数用户使用maildrop都是因为其
过滤能力强,过滤语言灵活,支持Quota,并且可与MySQL/LDAP及小型dbm对接,可外挂各种程序,
如SpamAssassin和杀毒软件,甚至SMS等,实现复杂的功能. (例如在本安裝系统后面將會安装
Qmail-Scanner就要使用Maildrop中的reformmime功能)

参考网站: http://www.courier-mta.org/maildrop/
下载资源: http://www.courier-mta.org/download.php#maildrop

cd /usr/local/src/qmail/courier;
wget http://prdownloads.sourceforge.net/courier/maildrop-2.0.3.tar.bz2;
或者下載最新版本:
wget http://prdownloads.sourceforge.net/courier/maildrop-2.0.4.tar.bz2;
tar jxvf maildrop-2.0.4.tar.bz2;
cd maildrop-2.0.4;

./configure \
--enable-maildirquota;
make;
make install-strip; #If make install-strip fails, try make install.
make install-man; #
cd ..;

/usr/local/bin/maildrop -v; #检查安装结果
-------------------------------------------------------------------------------
maildrop 2.0.4 Copyright 1998-2005 Double Precision, Inc.
GDBM extensions enabled.
Courier Authentication Library extension enabled.
Maildir quota extension enabled.
This program is distributed under the terms of the GNU General Public
License. See COPYING for additional information.
-------------------------------------------------------------------------------
请注意: 如果没有出现"Courier Authentication Library extension enabled",说明你的
maidrop还不支持courier auth，请检查原因(可試試指定authlib路径)再重新编译.
===============================================================================　　　　　　

chengkinhung

UID: 41838
帖子: 175
积分: 402
在线时间: 1 天 18 小时

22^# chengkinhung 发表于 2007-07-26 09:00

SquirrelMail和Horde-Webmail都是用PHP语言开发的Web界面电邮客户端软件, 这两个软件
各有自己的特色,您可以选择安装其中的任何一个,当然如果您愿意,也可以同时安装这两个
Webmail,以提供更加丰富灵活的商业服务.

===============================================================================
1) 下载和安装squirrelmail
===============================================================================
参考网站: http://www.squirrelmail.org/
下载资源: http://www.squirrelmail.org/download.php

mkdir /usr/local/src/qmail/squirrelmail/;
mkdir /usr/local/src/qmail/horde/;
cd /usr/local/src/qmail/squirrelmail/;

wget http://nchc.dl.sourceforge.net/s ... lmail-1.4.9a.tar.gz;
tar zxvf squirrelmail-1.4.9a.tar.gz;
mv squirrelmail-1.4.9a /var/www/squirrelmail; #squirrelmail必须设置成web访问的目录

下载语言套件(自版本1.4.4之后,语言套件从squirrelmail中分离出来,必须独立下载):
wget http://nchc.dl.sourceforge.net/s ... 4.9-20070106.tar.gz;
mkdir all_locales-1.4.9-20070106;
tar -zxvf all_locales-1.4.9-20070106.tar.gz -C ./all_locales-1.4.9-20070106/;
cd all_locales-1.4.9-20070106.tar.gz;
./install; #此脚本将语言套件的三个子目录复制到指定目录下,执行过程如下:
-------------------------------------------------------------------------------
Please enter path to your squirrelmail installation:/var/www/squirrelmail/
cp: overwrite `/var/www/squirrelmail/help/en_US/search.hlp'? y
cp: overwrite `/var/www/squirrelmail/help/en_US/basic.hlp'? y
cp: overwrite `/var/www/squirrelmail/help/en_US/FAQ.hlp'? y
cp: overwrite `/var/www/squirrelmail/help/en_US/main_folder.hlp'? y
cp: overwrite `/var/www/squirrelmail/help/en_US/compose.hlp'? y
cp: overwrite `/var/www/squirrelmail/help/en_US/addresses.hlp'? y
cp: overwrite `/var/www/squirrelmail/help/en_US/options.hlp'? y
cp: overwrite `/var/www/squirrelmail/help/en_US/read_mail.hlp'? y
cp: overwrite `/var/www/squirrelmail/help/en_US/folders.hlp'? y
-------------------------------------------------------------------------------
===============================================================================

===============================================================================
2) 建立相关目录,并调整安全权限:
===============================================================================
chown -R root.root /var/www/squirrelmail;

-------------------------------------------------------------------------------
设置data目录的访问权限:
-------------------------------------------------------------------------------
目录data是用来储存用户参数,例如签证,名称和主题.当解压资源文档的时候,这个目录生成
在SquirrelMail目录下.此目录必须可被网站访问和写入,如果您的网站以"apache.apache"
身份运行,你可以执行如下命令指定目录权限:

chown -R apache.apache /var/www/squirrelmail/data;
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
新建立附件目录:
-------------------------------------------------------------------------------
用戶在webmail發送頁面中上載的附件會保存在一個臨時目錄中,直到此郵件發送完成之后才
刪除此附件.默認安裝下此臨時目錄在上述data目錄下,因为用户的个人邮件存储在此目录下,
您可能需要非常小心地设置它,以免導致安全漏洞.它应该属于网站运行身份之外的其它用户
(推荐使用ROOT做它的属主),而且网站应该有该目录的写入和执行权限,但不应该有读的权限.
您能够执行如下命令来达成目的:

mkdir -p /var/www/squirrelmail-attach;
chown -R root.apache /var/www/squirrelmail-attach;
chmod -R 730 /var/www/squirrelmail-attach;

请注意: attach目录无须在web访问路径下, 但必须在PHP的open_basedir路径下,否则上传
附件会因為"无法移动"而失败;
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
设置Apache访问目录: vi /etc/httpd/conf/httpd.conf;
-------------------------------------------------------------------------------
Alias /webmail "/var/www/squirrelmail/"
Alias /squirrelmail/ "/var/www/squirrelmail/"
<Directory "/var/www/squirrelmail">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
-------------------------------------------------------------------------------

重新启动Apache服務: service httpd restart;
測試安裝結果: http://xxx.xxx.xxx.xxx/squirrelmail/
===============================================================================

===============================================================================
3) 执行configure或者conf.pl脚本,调整相关参数:
===============================================================================
cd /var/www/squirrelmail/;
./configure; #此脚本其实是直接调用了config目录下的conf.pl脚本;

#必须设置如下选项,请选择如下操作步骤:

-----------------------------------------------------
A) 修改服务器设置参数,请选择主菜单第2个项目:
-----------------------------------------------------
>> 2. Server Settings #观察A和B项目内容
- - - - - - - - - - - - - - - - - - - - - - - - - - -
A. Update IMAP Settings : localhost:143 (other)
B. Update SMTP Settings : localhost:25
- - - - - - - - - - - - - - - - - - - - - - - - - - -
>> A Update IMAP Settings
>> 8 (把Server software的设置改成 courier)
-----------------------------------------------------

-----------------------------------------------------
B) 修改一般项设置参数,请选择主菜单第4个项目:
-----------------------------------------------------
>> 4 General Options
>> 1 (把Data Directoryand的设置改成 /var/www/squirrelmail/data/)
>> 2 (把Attachment Directoryand的设置改成 /var/www/squirrelmail-attach/)
-----------------------------------------------------

-----------------------------------------------------
C) 添加有用的插件,请选择主菜单第8个项目:
-----------------------------------------------------
=> 8 Plugins
-----------------------------------------------------

-----------------------------------------------------
B) 修改语言设置参数,请选择主菜单第10个项目:
-----------------------------------------------------
=> 10 Languages
=> 1 (把Default Language的设置改成 zh_TW)
=> 2 (把Default Charset的设置改成 BIG5)

=> 保存退出。
-----------------------------------------------------
===============================================================================

===============================================================================
4) 清理 SquirrelMail 資料目錄
===============================================================================
如果一个用户已经上载了附件但又取消该邮件,那么这个附件将会永远留在该目录中, 除非
您删除它.为了修正这个缺点,推荐您写一个cron job来删除此目录下的所有文件,例如:

rm -f /var/www/squirrelmail-attach/*;

然而,当这个cron job运行时,将会一并删除了当前正在发送邮件的用户的附件.為避免這種
錯誤,您可以采取如下两个措施:

(1)确保cron job运行非繁忙时间,希望没有人受影响;
(2)修改上述命令,例如用下面的指令可以刪除30天前建立的檔案:

find /var/www/squirrelmail-attach -type f -mtime +30 -exec rm {} \;

建議: 用以上指令建立一個 shell script，每天定時執行便不用人手操作了;

vi /root/qmail-scripts/remove-squirrelmail-attach.sh;
-------------------------------------------------------------------------------
find /var/www/squirrelmail-attach -type f -mtime +30 -exec rm {} \;
-------------------------------------------------------------------------------
chmod 755 /root/qmail-scripts/remove-squirrelmail-attach.sh;

vi /etc/crontab; (設置定時執行)
-------------------------------------------------------------------------------
30 5 * * * root /root/qmail-scripts/remove-squirrelmail-attach.sh
-------------------------------------------------------------------------------
===============================================================================

===============================================================================
5) 注意事项:
===============================================================================
-----------------------------------------------------
请注意APACHE和PHP中对上传文件的大小限制:
-----------------------------------------------------
vi php.ini .
- - - - - - - - - - - - - - - - - - - - - - - - - - -
; Maximum allowed size for uploaded files.
post_max_size = 8M
upload_max_filesize = 5M
memory_limit = 32M
- - - - - - - - - - - - - - - - - - - - - - - - - - -
-----------------------------------------------------

-------------------------------------------------------------------------------
注意: 请关闭PHP的register_globals功能,以免导致安全漏洞,如果你有其他应用程序需要
打开register_globals,请你在指定的目录中打开它,或者在SquirrelMail目录中关闭它;
-------------------------------------------------------------------------------
===============================================================================　　　　　　

chengkinhung

UID: 41838
帖子: 175
积分: 402
在线时间: 1 天 18 小时

23^# chengkinhung 发表于 2007-07-26 09:04

参考网站: http://www.horde.org/webmail/

Horde是另一个用PHP开发的包含各种组件的Framework,所有组件都需要依赖Horde套件本身
所提供的公用代码.所以,如果你只想安装web界面来收发电邮,您将需要安装Horde和IMP.

安装Horde 3.0以上版本要求PHP扩展功能,如:gettext,xml和domxml.

請注意: 在Redhat家族的各版本中,均可选择用RPM或者YUM方式来安装套件, 建议在可能的
情况下,尽量使用YUM来安装,因为YUM所安装的套件都是经官方检测后公布的最新正式版本.

==============================================================================
1) 检查当前运行的Apache和PHP版本:
==============================================================================
httpd -v; #CentOS5预置的Apache是2.2.3
------------------------------------------------------------------------------
Server version: Apache/2.2.3
Server built: Mar 21 2007 19:10:36
------------------------------------------------------------------------------

php -v; #CentOS5预置的PHP是5.1.6
------------------------------------------------------------------------------
PHP 5.1.6 (cli) (built: May 8 2007 19:51:21)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies
------------------------------------------------------------------------------

注意: 如前所述,PHP必须配置扩展模组,以提供Horde所需的功能.扩展模组既可在编译PHP
的时候在configure中加入,也可以在编译PHP之后再单独安装,然后在php.ini中設置加载.
因为重新编译PHP需要整合Apache和MySQL以及其他各种应用程序,过程复杂影响严重,所以
推荐您在安装部署LINUX系统的時候,就选择安裝上述组件,这样既可以保证系统的完整性,
稳定性和一致性,也可以籍由将模组编译并整合进入PHP程序本身的优化性能,来提高系统
的效率和速度. 如果发现某些扩展模組必须更新或者重新安装,则建议可用RPM或YUM命令
来单独安装该扩展模組,请参考下面几个步骤(7.2-7.8)来安装相关扩展模组.

另外,若要設置Horde在PHP的safe_mode模式下运行,需要调整很多参数; 如无必要, 请在
php.ini中关闭PHP的safe_mode模式.

如下是运行Horde所需编译PHP時的configure参数范例(僅供參考):
------------------------------------------------------------------------------
./configure \
--with-apxs=/usr/sbin/apxs \
--with-gettext --with-dom --with-mcrypt --with-imap \
--with-iconv --enable-mbstring=all --enable-mbregex \
--with-gd --with-png-dir=/usr --with-jpeg-dir=/usr \
--with-mime-magic=/user/share/misc/magic.mime \
[--with-mysql|--with-pgsql|--with-oci8]

請注意: 必須先安裝擴展模組(參考后續步驟),然后後再重新編譯PHP,才能使模組生效;
------------------------------------------------------------------------------
==============================================================================

==============================================================================
2) 安装php-domxml套件;
==============================================================================
rpm -qa | grep php-domxml; #检查是否安装php-domxml的RPM套件;
yum list | grep php-domxml; #用yum命令检查是否安装php-domxml;

yum install php-domxml; #如有需要,可用yum命令安装php-domxml;
或者:
yum update php-domxml; #如有需要,可用yum命令更新php-domxml;

請注意,新版本PHP的XML模組改為php-xml,上述相應的安裝命令可改為:

rpm -qa | grep php-xml; #检查是否安装php-xml的RPM套件;
yum list | grep php-xml; #用yum命令检查是否安装php-xml;

yum install php-xml; #如有需要,可用yum命令安装php-xml;
或者:
yum update php-xml; #如有需要,可用yum命令更新php-xml;
==============================================================================

==============================================================================
3) 安装php-gd套件(PHP 5);
==============================================================================
rpm -qa | grep php-gd; #检查是否安装php-gd的RPM套件;
yum list | grep php-gd; #用yum命令检查是否安装php-gd;

yum install php-gd; #如有需要,可用yum命令安装php-gd;
或者:
yum update php-gd; #如有需要,可用yum命令更新php-gd;

请注意: 如果不成功(在旧版FC2上不支持php-gd),请试试 yum install gd;
==============================================================================

==============================================================================
4) 安装libc-client套件;
==============================================================================
rpm -qa | grep libc-client; #
yum list | grep libc-client; #

yum install libc-client; #如有需要,可用yum命令安装;
yum install libc-client-devel; #可一并安装此套件的开发工具(非必要);
==============================================================================

==============================================================================
5) 安装php-imap套件;
==============================================================================
rpm -qa | grep php-imap;
yum list | grep php-imap;

yum install php-imap;

請注意,如下是節錄官方網站的建議,如果您遇到其所述之問題,可參考其解決方案:
Horde Groupware Webmail Edition requires the UW-IMAP c-client library to provide
IMAP and/or POP3 support. If you notice strange behavior when running Horde
Groupware Webmail Edition (e.g. blank screens when accessing certain messages,
blank message bodies) you should always try recompiling PHP with a different
version of c-client. The different versions of the c-client library and PHP do
not always work well together, and often all it takes is to recompile with a
different c-client version and the problems will go away.
==============================================================================

==============================================================================
6) 安装php-mbstring套件;
==============================================================================
rpm -qa | grep php-mbstring;
yum list | grep php-mbstring;

yum install php-mbstring;
==============================================================================　　　　　　

chengkinhung

UID: 41838
帖子: 175
积分: 402
在线时间: 1 天 18 小时

24^# chengkinhung 发表于 2007-07-26 09:09

7) 安装pear中的相关套件;
===============================================
參考網站: http://pear.php.net/
yum list | grep php-devel; #安装pear需要调用PHP的开发工具phpize;
yum install php-devel; #用yum命令安装PHP开发工具;

看看是否还有遗漏的pear套件需要安装:

yum list | grep php-pear; (CentOS4.4中的搜尋結果)
------------------------------------------------------------------------------
php-pear.i386                         4.3.9-3.22.3          installed
pearpc.i386                            0.3.1-1.2.el4.rf    dag
php-pear-excel.noarch                   0.9.0-1.el4.rf       dag
php-pear-log.noarch                   1.9.3-1.2.el4.rf    dag
php-pear-mail_mime.noarch             1.3.1-1.2.el4.rf    dag
php-pear-ole.noarch                   0.5-2.2.el4.rf       dag
php-pear-phpunit.noarch                1.3.1-1.2.el4.rf    dag
------------------------------------------------------------------------------

yum list | grep php-pear; (CentOS5中的搜尋結果)
------------------------------------------------------------------------------
php-pear.noarch                         1:1.4.9-4             installed
php-pear-date.noarch                   1.4.6-1.el5.rf       dag
php-pear-excel.noarch                   0.9.0-1.el5.rf       dag
php-pear-file.noarch                   1.2.2-1.el5.rf       dag
php-pear-log.noarch                   1.9.3-1.el5.rf       dag
php-pear-mail_mime.noarch             1.3.1-1.el5.rf       dag
php-pear-ole.noarch                   0.5-2.el5.rf          dag
------------------------------------------------------------------------------

yum install php-pear-date; #
yum install php-pear-ole; #
yum install php-pear-excel; #肯能會跟php-pear-1.4.9-4有沖突錯誤;
yum install php-pear-file; #
yum install php-pear-log; #肯能會跟php-pear-1.4.9-4有沖突錯誤;
yum install php-pear-mail_mime; #肯能會跟php-pear-1.4.9-4有沖突錯誤;

yum list | grep php-pecl;
------------------------------------------------------------------------------
php-pecl-fileinfo.i386                1.0.4-1.el5.rf       dag
php-pecl-mailparse.i386                2.1.1-1.el5.rf       dag
php-pecl-memcache.i386                2.1.2-1.el5.rf       dag
php-pecl-session_mysql.i386             1.9-1.el5.rf          dag

yum install php-pecl-fileinfo;
yum install php-pecl-mailparse;
yum install php-pecl-memcache;
yum install php-pecl-session_mysql;
------------------------------------------------------------------------------

请注意: 用YUM安装pear模块会自动在pear中做好相关配置,pear自身也有命令可安装模块,
如果相关模块没有YUM套件可供安装,那么也可以嘗試用pear自己的命令来安装.

pear list; #显示当前pear已经安装的套件列表;

请注意: Horde官方网站推荐使用Fileinfo和memcache. 因为Fileinfo允许Horde GWE模块
通过分析文件内容来猜测其MIME类型,如果不启用Fileinfo, Horde GWE将会调用它自己的
PHP 代码来执行MIME匹配, 然而这种匹配是较慢速和不精确的, 而且其所能检测的类型比
PECL扩展功能所能检测的类型更少.

执行如下pear命令安装套件: #如有需要,可用whereis pear检查当前pear路经;
pecl install fileinfo;
pecl install memcache;

檢查安裝結果(請留意生成so路径):
ll /usr/lib/php4/fileinfo.so;
ll /usr/lib/php4/memcache.so;
在CentOS5中可能是如下路徑:
ll /usr/lib/php/modules/fileinfo.so;
ll /usr/lib/php/modules/memcache.so;

如有需要,可以执行如下命令安装相关模块(正常情况下相关模块应该已经配置好了):
pear install -o Log Mail Mail_Mime DB Date File;
pear -d preferred_state=beta install -a Services_Weather;

如有需要,赋予模块文件执行权限:
chmod 755 /usr/lib/php4/fileinfo.so;
chmod 755 /usr/lib/php4/memcache.so;

說明:
pear list-all; (顯示所有套件)
pear list; (顯示已裝套件)

pear list; #再检查一下,显示新安装的套件列表;
------------------------------------------------------------------------------
Installed packages:
===================
Package       Version State
Archive_Tar 1.1    stable
Console_Getopt 1.2    stable
DB          1.6.2 stable
Fileinfo    1.0.4 stable #注: 这是新安装的
HTTP          1.2.2 stable
Mail          1.1.3 stable
Net_SMTP    1.2.3 stable
Net_Socket    1.0.1 stable
PEAR          1.3.2 stable
XML_Parser    1.0.1 stable
XML_RPC       1.1.0 stable
memcache    2.1.0 stable #注: 这是新安装的
------------------------------------------------------------------------------

注意: 运行上述pear命令,會调用到PHP功能,而且必须引用或者写入/var和/usr以及/tmp等
目录,请确认HTTPD和PHP具有讀寫相关目錄的权限.例如,请检查php.ini文件中的safe_mode
和open_basedir设置是否适当.
==============================================================================

8) 配置PHP扩展模组,检查PHP的相关扩展功能是否正确安装和正常调用;
==============================================================================
若上述PHP擴展模組是用YUM命令自動安裝的(或者是下載RPM套件來安裝的),安裝程序也許
已經自動將其so文件復制到PHP的模組目錄下(/usr/lib/php4/或/usr/lib/php/modules),
并會自動在PHP的配置文檔掃描目錄(由編譯項目with-config-file-scan-dir所指定,通常
是/etc/php.d/)下生成附加的ini文件, 那么PHP在啟動時就會自動掃描這些目錄下的相關
文件,并自動加載相關模塊.

但上述两个用pear命令产生的模块,則可能不會自動配置其在PHP中的加載項目, 而必须您
自己手工去修改php.ini中的設置,令PHP在啟動時加载相關项目, 才能使PHP正确调用擴展
模組的功能(所以本手冊極力推薦用YUM或RPM方式來安裝);

當Horde安裝完成後,您可以利用它所提供的測試頁面(test.php)來檢查各項功能是否正常,
您也可以用PHP的phpinfo()函數的返回信息,來判斷當前PHP是否已經正確加載相關模組,或
也可以用如下命令行方式,來檢查當前PHP所能支持的模組:
/usr/bin/php -i | grep '[sS]upport';

如果相關模組并未顯示在檢測信息中,就必須調整設置,方法如下:

首先检查php.ini中extension_dir的設置值,找出擴展模組的文檔路徑,例如:

extension_dir = /usr/lib/php4
或者:
extension_dir = "/usr/lib/php/modules"

然后檢查此路徑和相關的擴展模塊的模組文件:

ll /usr/lib/php4/; #检查一下这个目录中都有什么模组文件(*.so);
ll /etc/php.d/; #检查一下附加文件,对比上述模组文件(*.ini);

要配置PHP正确调用扩展模组的功能,首先要将扩展模块的so文件放置在指定的模块目录下.

例如: 上一步骤中pear命令所生成的so文件,已经自动放置在PHP的模组目录下,可选择如下
(a)或(b)两种方法中的任意一种,來配置PHP加载模组文件:

------------------------------------------------------------------------------
a) 在/etc/php.d/目录下手工创建一个ini文件,让PHP自动扫描识别扩展模组;
------------------------------------------------------------------------------
vi /etc/php.d/fileinfo.ini; #请输入如下两行内容
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
; Enable mysql fileinfo module
extension=fileinfo.so
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
chown root.root /etc/php.d/fileinfo.ini;
chmod 644 /etc/php.d/fileinfo.ini;

vi /etc/php.d/memcache.ini; #请输入如下两行内容
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
; Enable memcache extension module
extension=memcache.so
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
chown root.root /etc/php.d/memcache.ini;
chmod 644 /etc/php.d/memcache.ini;
------------------------------------------------------------------------------

------------------------------------------------------------------------------
b) 在php.ini配置文件中添加扩展模组加载语句;
------------------------------------------------------------------------------
vi /etc/php.ini; #添加如下两行,加载上述两个模组:
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
extension=fileinfo.so
extension=memcache.so
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
------------------------------------------------------------------------------

然后重新啟動HTTPD服務,令PHP加載擴展模組之后,就可用web頁面顯示 phpinfo() 函数的
返回信息,請搜索一下 phpinfo()的輸出內容,以判斷PHP是否正确加载了上述擴展模組.也
可以直接用如下命令來顯示PHP的加載結果:
/usr/bin/php -i | grep '[sS]upport' | grep fileinfo;
/usr/bin/php -i | grep '[sS]upport' | grep memcache;

------------------------------------------------------------------------------
參考附录: PHP配置文件上载支持:
------------------------------------------------------------------------------
File upload support is required to allow attachments in mail composition and to
allow various importing features to work (e.g. importing PGP or S/MIME keys,
importing mbox files). To enable file upload support:

In your php.ini file, the following line must be present:

file_uploads = On

Your temporary upload directory must be writable to the user the web server is
running as. If you leave the configuration option upload_tmp_dir blank in php.ini,
PHP will use the default directory compiled into it (normally /tmp on Unix-like
systems).

Set the maximum size of the uploaded files via the upload_max_filesize configuration
option in php.ini. For example, to allow 5 MB attachments, place the following
line in your php.ini file:

upload_max_filesize = 5M

If either file_uploads is turned off, or your temporary upload directory is not
writable by the server, all file upload functionality will be disabled by Horde
Groupware Webmail Edition and will not be available to the user.

disabled memory_limit :

If PHP's internal memory limit is turned on and if not set high enough Horde
will not be able to handle large data items (e.g. large mail attachments in IMP).
If possible, you should disable the PHP memory limit by recompiling PHP without
the "--enable-memory-limit" flag. If this is not possible, then you should set
the value of memory_limit in php.ini to a sufficiently high value(Default value
of memory_limit: 32M).
------------------------------------------------------------------------------　　　　　　

chengkinhung

UID: 41838
帖子: 175
积分: 402
在线时间: 1 天 18 小时

25^# chengkinhung 发表于 2007-07-26 09:15

9) 开始安装Horde

参考网站: http://www.horde.org/webmail/
下載資源: http://www.horde.org/download/

mkdir /usr/local/src/qmail/horde;
cd /usr/local/src/qmail/horde/;

wget http://ftp.horde.org/pub/horde-webmail/horde-webmail-1.0.1.tar.gz;
tar zxvf horde-webmail-1.0.1.tar.gz;
mv horde-webmail-1.0.1 /var/www/html/horde; #目录horde必须在DocumentRoot下
cd /var/www/html/horde/;

先配置horde将要使用的mysql数据库:
-------------------------------------------------
mysql -u root -h localhost;
mysql> CREATE DATABASE horde;
mysql> GRANT ALL ON horde.* TO horde@localhost IDENTIFIED BY 'F5wMvP8Dzk3L4EnQ';
mysql> QUIT;
-------------------------------------------------
注意: 考慮安全因素,請不要使用過于簡單的密碼;

./scripts/setup.php; #进入互动配置界面,调整相关参数,操作界面如下:
-------------------------------------------------------------------------------
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
What is the root path on your web server for this installation? [/horde]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

如上显示,默认目录就是/horde(无需修改),直接按[Enter]键,显示操作菜单如下:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Configuration Menu
(0) Exit
(1) Configure database settings
(2) Create database or tables
(3) Configure administrator settings

Type your choice: 1 #选择操作菜单(1),配置數據庫參數;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

显示(1)子操作菜单如下:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
What database backend should we use? [false]
(false) [None]
(dbase) dBase
(ibase) Firebird/InterBase
(fbsql) Frontbase
(ifx) Informix
(msql) mSQL
(mssql) MS SQL Server
(mysql) MySQL
(mysqli) MySQL (mysqli)
(oci8) Oracle
(odbc) ODBC
(pgsql) PostgreSQL
(sqlite) SQLite
(sybase) Sybase

Type your choice: mysql #配置使用mysql数据库,输入"mysql"
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

配置连接数据库的连线性质:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Request persistent connections? [0]
(1) Yes
(0) No

Type your choice: 1 #使用持续连接
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

配置连接mysql数据库的用户名称(用前面刚建立的mysql用户horde):
Username to connect to the database as* [] horde #输入"horde"

配置连接mysql数据库的用户密码(用前面刚建立的mysql用户密码):
Password to connect with [] F5wMvP8Dzk3L4EnQ

配置连接数据库的连接方式(可使用socket方式):
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
How should we connect to the database? [unix]
(unix) UNIX Sockets
(tcp) TCP/IP

Type your choice: unix #输入unix,将使用socket连接数据库
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

指定socket文件的路径(用ps aux | grep mysql命令可发现mysql.sock的位置):
Location of UNIX socket [] /var/lib/mysql/mysql.sock #输入sock的完整路径

指定数据库名称(用前面刚建立的mysql数据库horde):
Database name to use* [] horde #输入数据库名称horde

配置内部使用的字符集:
Internally used charset* [iso-8859-1] #无须输入,直接按[Enter],使用缺省配置

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Configuration Menu
(0) Exit
(1) Configure database settings
(2) Create database or tables
(3) Configure administrator settings

Type your choice: 3
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

设置管理者用户名称(这里使用电邮地址作为用户名称):
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Specify a mail user who should have administrator permissions
(optional): postmaster@home.25u.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Configuration Menu
(0) Exit
(1) Configure database settings
(2) Create database or tables
(3) Configure administrator settings

Type your choice: 0
Thank you for using Horde Groupware Webmail Edition!
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
--------------------------------------------------------------------------------

上述操作命令可能有误,如有需要,可以用mysqldump导入scripts/sql目录下的mysql脚本:
--------------------------------------------------------------------------------

vi /var/www/html/horde/scripts/sql/groupware.mysql.sql; #修改开头指定密码部分
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
REPLACE INTO user (host, user, password)
VALUES (
      'localhost',
      'horde',
      PASSWORD('F5wMvP8Dzk3L4EnQ')
);
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

如果相關記錄已經在前面的SQL命令中執行過了,也可以注釋如下語句:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-- USE mysql;

-- REPLACE INTO user (host, user, password)
--    VALUES (
--       'localhost',
--       'horde',
--       PASSWORD('F5wMvP8Dzk3L4EnQ')
-- );

-- REPLACE INTO db (host, db, user, select_priv, insert_priv, update_priv,
--                delete_priv, create_priv, drop_priv, index_priv)
--    VALUES (
--       'localhost',
--       'horde',
--       'horde',
--       'Y', 'Y', 'Y', 'Y',
--       'Y', 'Y', 'Y'
-- );

-- Make sure that priviliges are reloaded.
-- FLUSH PRIVILEGES;

-- CREATE DATABASE horde; #数据库已经存在,可以用--禁止此句,否则会失败
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

mysql < /var/www/html/horde/scripts/sql/groupware.mysql.sql;
--------------------------------------------------------------------------------

自动生成的conf.php可能不完全符合系统的配置,需要手工调整部分参数:
-----------------------------------------------------
vi /var/www/html/horde/config/conf.php;
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
$conf['mailer']['params']['sendmail_path'] = '/var/qmail/bin/sendmail';
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
请注意: 发送电邮需要指定上述参数;
-----------------------------------------------------

安装Gollem;
-----------------------------------------------------
参考网站: http://www.horde.org/gollem/
下载资源: http://www.horde.org/download/app/?app=gollem

cd /usr/local/src/qmail/horde/;
wget ftp://ftp.horde.org/pub/gollem/gollem-h3-1.0.3.tar.gz;
tar zxvf gollem-h3-1.0.3.tar.gz;
mv gollem-h3-1.0.3 /var/www/html/horde/gollem;

vi /var/www/html/horde/config/registry.php; #找到applications['gollem']节
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
$this->applications['gollem'] = array(
'fileroot' => dirname(__FILE__) . '/../gollem',
'webroot' => $this->applications['horde']['webroot'] . '/gollem',
'name' => _("File Manager"),
'status' => 'inactive',
'menu_parent' => 'myaccount',
'provides' => 'files',
);

$this->applications['gollem-menu'] = array(
'status' => 'block',
'app' => 'gollem',
'blockname' => 'tree_menu',
'menu_parent' => 'gollem',
);
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
一般情况下, Horde中预设的注册信息无须调整;

设置配置文件,将Gollem中config目录下的.dist文件复制成.php文件:

cd /var/www/html/horde/gollem/config; #用如下script执行复制文件的命令
for foo in *.dist; do cp $foo `basename $foo .dist`; done

用管理者身份在web浏览器中登陆:
http://xxx.xxx.xxx.xxx/horde/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-> 选择[设定]菜单;
-> 选择档案总管(gollem);
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -

按[产生档案总管设定]按钮之后,会产生如下信息:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
<?php
/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
// $Horde: gollem/config/conf.xml,v 1.5.2.2 2005/12/11 18:31:18 slusarz Exp $
$conf['manager']['date_format'] = '%x';
$conf['backend']['backend_list'] = 'shown';
$conf['menu']['apps'] = array();
$conf['user']['alternate_login'] = false;
$conf['user']['redirect_on_logout'] = false;
/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
将上述内容保存成conf.php配置文件: vi /var/www/html/horde/gollem/config/conf.php;

或者按照當前網頁的提示,將上述變更信息保存成PHP可執行文件horde_setup_upgrade.php(此文件會保存到臨時目錄/tmp/下),然后在服務器中手動執行horde_setup_upgrade.php,此程序會自動生成conf.php配置文件;
--------------------------------------------------------------------------------

测试网页:
http://your-server/horde/test.php
http://your-server/horde/imp/test.php

调整网站的安全权限:
--------------------------------------------------------------------------------
chown root.apache /var/www/html/horde/config/*;
chmod 0440 /var/www/html/horde/config/*;

chown root.apache /var/www/html/horde/gollem/config/*;
chmod 0440 /var/www/html/horde/gollem/config/*;
--------------------------------------------------------------------------------

请注意: Horde的访问目录必须直接放置在DocumentRoot之下,并且名为horde,例如上面的例子中是用/var/www/html/horde/目录.如果要放置别的位置,或者不用horde名称,就必须调整相关参数.　　　　　　

chengkinhung

UID: 41838
帖子: 175
积分: 402
在线时间: 1 天 18 小时

26^# chengkinhung 发表于 2007-07-26 09:20

1) 安装perl-Time-HiRes套件;
===============================================================================
(a) 安裝RPM資源;
-------------------------------------------------------------------------------
参考网站:
[url]http://perldoc.perl.org/Time/HiRes.html[/url]
[url]http://search.cpan.org/~jhi/Time-HiRes-1.9707/HiRes.pm[/url]

下载资源:
[url]http://www.rpmfind.net/linux/rpm2html/search.php?query=perl-Time-HiRes[/url]
[url]ftp://rpmfind.net/linux/PLD/dists/ac/ready/i386/perl-Time-HiRes-1.66-2.i386.rpm[/url];

检查系统是否有预设安装的perl-Time-HiRes套件:
rpm -qa | grep perl-Time-HiRes;
yum list | grep perl-Time-HiRes;

如果 CentOS4 预设安装了perl-Time-HiRes-1.55-3套件, 就不必再安装了. 如果没有安装,
可用yum命令自动安装,也可以在上述网站中寻找最新的RPM套件,下载并安装. 例如:

yum install perl-Time-HiRes;
-------------------------------------------------------------------------------

(b) 安裝TAR資源;
-------------------------------------------------------------------------------
参考网站: [url]http://search.cpan.org/dist/Time-HiRes/[/url]

mkdir /usr/local/src/qmail/qmail-scanner;
cd /usr/local/src/qmail/qmail-scanner/;
wget [url]http://search.cpan.org/CPAN/authors/id/J/JH/JHI/Time-HiRes-1.9707.tar.gz[/url];
tar zxvf Time-HiRes-1.9707.tar.gz;
cd Time-HiRes-1.9707;
perl Makefile.PL
make;
make test;
make install;
-------------------------------------------------------------------------------
===============================================================================

2) 安装perl-Digest-SHA1套件;
===============================================================================
参考网站: [url]http://cpan.org/modules/by-module/Digest/[/url]
下载资源:
[url]http://rpmfind.net/linux/rpm2html/search.php?query=perl-Digest-SHA1[/url]
[url]ftp://rpmfind.net/linux/trustix/releases/trustix-3.0.5/i586/trustix/rpms/perl-digest-sha1-2.11-2tr.i586.rpm[/url]

检查系统是否有预设安装的perl-Digest-SHA1套件:
rpm -qa | grep perl-Digest-SHA1;
yum list | grep perl-Digest-SHA1;

预设CentOS5会安装perl-Digest-SHA1.i386的2.11-1.2.1版本套件. 如果没有预设安装,
可用yum命令自动安装,也可以在上述网站中寻找最新的RPM套件,下载并安装. 例如:

yum install perl-Digest-SHA1;
===============================================================================

3) 安装perl-DB_File套件;
===============================================================================
参考网站: [url]http://cpan.uwinnipeg.ca/module/DB_File[/url]
下载资源: [url]http://cpan.uwinnipeg.ca/cpan/authors/id/P/PM/PMQS/DB_File-1.815.tar.gz[/url]

cd /usr/local/src/qmail/qmail-scanner/;
wget [url]http://cpan.uwinnipeg.ca/cpan/authors/id/P/PM/PMQS/DB_File-1.815.tar.gz[/url];
tar zxvf DB_File-1.815.tar.gz;
cd DB_File-1.815;
perl Makefile.PL;
make;
make test;
make install;
===============================================================================

4) 安装perl-suidperl套件;
===============================================================================
rpm -qa | grep perl-suidperl;
yum list | grep perl-suidperl;
yum install perl-suidperl;

目前CentOS5中所用的套件版本是perl-suidperl-5.8.8-10;
===============================================================================

5) 安装qmail-scanner;
===============================================================================
Qmail-Scanner 是一个插件,使得Qmail服务器能够按特定特性来扫描通过网关的电邮.典型
的用法是同反病毒和反垃圾邮件系统的功能相结合.

参考网站:
[url]http://tldp.org/HOWTO/Qmail-ClamAV-HOWTO/x182.html[/url]
[url]http://qmail-scanner.sourceforge.net/[/url]

下载资源:
[url]http://prdownloads.sourceforge.net/qmail-scanner/qmail-scanner-2.01.tgz?download[/url]

cd /usr/local/src/qmail/qmail-scanner/;
wget [url]http://jaist.dl.sourceforge.net/sourceforge/qmail-scanner/qmail-scanner-2.01.tgz[/url];
tar zxvf qmail-scanner-2.01.tgz;
cd qmail-scanner-2.01;

groupadd qscand;
useradd -g qscand -s /bin/false -c "Qmail-Scanner Account" qscand;

設置用 qmailscanner 來調用 calmav 和 spamassassin 的編譯參數:
-------------------------------------------------------------------------------
./configure \
--qs-user qscand \
--admin postmaster \
--domain home.25u.com \
--scanners clamdscan,fast_spamassassin \
--notify recips \
--qmail-queue-binary /var/qmail/bin/qmail-queue \
--redundant no \
--max-scan-size 1000000 \
--log-details syslog \
--max-zip-size 10000000 \
--install;
-------------------------------------------------------------------------------
若前面安裝spamcontrol時使用了QHPSI來調用ClamAV,那么此處可忽略clamdscan的調用:
-------------------------------------------------------------------------------
./configure \
--qs-user qscand \
--admin postmaster \
--domain home.25u.com \
--scanners fast_spamassassin \
--notify recips \
--qmail-queue-binary /var/qmail/bin/qmail-queue \
--redundant no \
--max-scan-size 1000000 \
--log-details syslog \
--max-zip-size 10000000 \
--install;
-------------------------------------------------------------------------------

相关编译选项的说明:
--qs-user qscand #执行用户,预设是qscand;
--admin postmaster #接收電郵的管理者用戶名稱,与下面的domain结合成管理者的电邮地址;
--domain [xxx.1632.net] #请用安装主机的FQDN名称(例如home.25u.com);
--scanners #所調用的掃描程序
--redundant no #忽略扫描zip和raw附件;
--max-scan-size 5000000 #大于5M的邮件将忽略扫描;
--log-details syslog #日志记录到syslog中;
--max-zip-size 10000000 #不扫描压缩前超过10M的附件;

請注意: 關于max-zip-size,系統默認是1G,但這是警示數值,文檔中特別强调要修改此數值;

观察安装过程并按提示操作; #安装过程和选择操作如下:
-------------------------------------------------------------------------------
Building Qmail-Scanner 2.01...

This script will search your system for the virus scanners it knows
about, and will ensure that all external programs
qmail-scanner-queue.pl uses are explicitly pathed for performance
reasons.

Continue? ([Y]/N)
Y

The following binaries and scanners were found on your system:

mimeunpacker=/usr/local/bin/reformime

Content/Virus Scanners installed on your System

max-scan-size=5000000
clamdscan=/usr/bin/clamdscan (which means clamscan won't be used as clamdscan is better)
fast_spamassassin=/usr/bin/spamc

Qmail-Scanner details.

log-details=syslog
log-crypto=0
fix-mime=0
ignore-eol-check=0
debug=1
notify=recips
redundant-scanning=no
virus-admin=System Anti-Virus Administrator <[email]postmaster@hung.25u.com[/email]>
local-domains='hung.25u.com'
silent-viruses='klez','bugbear','hybris','yaha','braid','nimda','tanatos','sobig','winevar','palyh','fizzer','gibe','cailont','lovelorn','swen','dumaru','sober','hawawi','holar-i','mimail','poffer','bagle','worm.galil','mydoom','worm.sco','tanx','novarg','\@mm'
scanners="clamdscan","fast_spamassassin"

If that looks correct, I will now generate qmail-scanner-queue.pl
for your system...
Continue? ([Y]/N)
Y
Testing suid nature of /usr/bin/perl...
Looks OK...
Hit RETURN to create initial directory structure under /var/spool/qscan,
and install qmail-scanner-queue.pl under /var/qmail/bin:
perlscanner: generate new DB file from /var/spool/qscan/quarantine-events.txt
perlscanner: total of 12 entries.

Finished installation of initial directory structure for Qmail-Scanner
under /var/spool/qscan and qmail-scanner-queue.pl under /var/qmail/bin.

Finished. Please read README(.html) and then go over the script
(/var/qmail/bin/qmail-scanner-queue.pl) to check paths/etc.

"/var/qmail/bin/qmail-scanner-queue.pl -r" should return some well-known virus
definitions to show that the internal perlscanner component is working.

That's it!

            ****** FINAL TEST ******

Please log into an unpriviledged account and run
/var/qmail/bin/qmail-scanner-queue.pl -g

If you see the error "Can't do setuid", or "Permission denied", then
refer to the FAQ.

(e.g.  "setuidgid qmaild /var/qmail/bin/qmail-scanner-queue.pl -g")

That's it! To report success:

% (echo 'First M. Last'; cat SYSDEF)|mail [email]jhaar-s4vstats@crom.trimble.co.nz[/email]
Replace First M. Last with your name.
-------------------------------------------------------------------------------
请注意: 在本安装所配置的Qmail系统中,若要调整扫描病毒邮件和过滤垃圾邮件的参数,就
必须重新编译qmail-scanner,并在上述编译选项中指定您所需要的参数. 因为在Qmail系统,
所有扫描参数均在qmail-scanner-queue.pl脚本中设置,而該脚本是在编译 qmail-scanner
的时候按当前的编译选项来自动产生的.

检查安装结果:
ll /var/qmail/bin/qmail-scanner-queue.pl; #检查脚本权限,显示如下:
-------------------------------------------------------------------------------
-rwsr-xr-x  1 qscand qscand 109278 Apr  1 13:30 /var/qmail/bin/qmail-scanner-queue.pl
-------------------------------------------------------------------------------
如有需要,按如下方法纠正:
chown qscand.qscand /var/qmail/bin/qmail-scanner-queue.pl;
chmod 4755 /var/qmail/bin/qmail-scanner-queue.pl;

调整扫描参数,防止outlook分割邮件被误认为病毒邮件:
vi /var/spool/qscan/quarantine-events.txt; #找到如下行,在前面加上#符号禁止
-------------------------------------------------------------------------------
#message/partial.*    Policy-Content-Type: Message/partial MIME attachments blocked by policy
-------------------------------------------------------------------------------

请注意,手工修改quarantine-events.txt之后,必须运行如下命令生成db文件才能生效:
-------------------------------------------------------------------------------
/var/qmail/bin/qmail-scanner-queue.pl -g
-------------------------------------------------------------------------------

注意: 在安裝 qmail-scanner 之前,需要先安裝 SpamAssassin 和 Clam AntiVirus。
===============================================================================　　　　　　

chengkinhung

UID: 41838
帖子: 175
积分: 402
在线时间: 1 天 18 小时

27^# chengkinhung 发表于 2007-07-26 09:26

===============================================================================
6) 测试扫描功能,运行如下命令,观察所返回的结果:
===============================================================================
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -r; #返回信息如下:
-------------------------------------------------------------------------------
perlscanner: reading from /var/spool/qscan/quarantine-events.db
Virtual Header:       FILELENGTHTOOLONG
                     Content: ^is-set$
                     Description: Attachment Filename too long

File: happy99.exe
                     Size: 10000 bytes
                     Description: Happy99 Trojan virus

File: zipped_files.exe
                     Size: 120495 bytes
                     Description: W32/ExploreZip.worm.pak virus

Email Header: Date
                     Content: ^.{100,}$
                     Description: MIME Header Buffer Overflow

Email Header: Resent-Date
                     Content: ^.{100,}$
                     Description: MIME Header Buffer Overflow

Virtual Header:       FILEDOUBLEBARRELED
                     Content: ^is-set$
                     Description: Double-barreled extensions disallowed

Virtual Header:       FILECLSID
                     Content: ^is-set$
                     Description: Disallowed CLSID file extensions

File: eicar.com
                     Size: 69 bytes
                     Description: EICAR Test Virus

Email Header: Subject
                     Content: ^ILOVEYOU$
                     Description: Love Letter Virus/Trojan

Email Header: Content-Type
                     Content: ^message/partial.*$
                     Description: Message/partial MIME attachments blocked by policy

Email Header: Mime-Version
                     Content: ^.{100,}$
                     Description: MIME Header Buffer Overflow

Email Header: To
                     Content: ^ZVDOHYIK@yahoo.com|udtzqccc@yahoo.com|DTCELACB@yahoo.com|I1MCH2TH@yahoo.com|WPADJQ12@yahoo.com|smr@eurosport.com|bgnd2@canada.com|muwripa@fairesuivre.com|eccles@ballsy.net|S_Mentis@mail-x-change.com|YJPFJTGZ@excite.com|JGQZCD@excite.com|XHZJ3@excite.com|OZUNYLRL@excite.com|tsnlqd@excite.com|cxkawog@krovatka.net|ssdn@myrealbox.com$
                     Description: BadTrans Trojan virus

perlscanner: total of 12 entries found.
-------------------------------------------------------------------------------

setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z; #正常无返回信息

setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g; #返回信息如下:
-------------------------------------------------------------------------------
perlscanner: generate new DB file from /var/spool/qscan/quarantine-events.txt
perlscanner: total of 12 entries.
-------------------------------------------------------------------------------
===============================================================================

===============================================================================
7) 配置ClamAV运行权限;(若前面的安裝步驟中用了QHPSI來調用ClamAV,則可忽略此步驟)
===============================================================================
为配合qmail-scanner同時調用ClamAV來掃描電郵,ClamAV必须配置为以qscand的身份來运行.

service clamd stop;

-------------------------------------------------------------------------------
(a)修改clamav的运行者身份:
-------------------------------------------------------------------------------
vi /etc/clamd.conf; #找到User设置项目,请按如下修改:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#User clamav
User qscand
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

vi /etc/freshclam.conf; #找到DatabaseOwner设置项目,请按如下修改:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#DatabaseOwner clamav
DatabaseOwner qscand
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
(b)修改DatabaseDirectory目录的用户所有权:
-------------------------------------------------------------------------------
vi /etc/clamd.conf; #找到DatabaseDirectory设置项目,请注意此项目的值,例如:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
DatabaseDirectory /var/clamav
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
chown -R qscand:qscand /var/clamav; #修改此目录的权限;

vi /etc/freshclam.conf; #找到DatabaseDirectory设置项目,请注意此项目的值,例如:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
DatabaseDirectory /var/clamav
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
chown -R qscand:qscand /var/clamav; #修改此目录的权限;
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
(c)修改PidFile和LocalSocket目录的用户所有权:
-------------------------------------------------------------------------------
vi /etc/clamd.conf; #找到PidFile和LocalSocket设置项目,请注意此项目的值,例如:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PidFile /var/run/clamav/clamd.pid
LocalSocket /tmp/clamd
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
chown -R qscand:qscand /var/run/clamav; #修改PidFile文件所在目录的权限;
chown -R qscand:qscand /tmp/clamd; #修改LocalSocket目录的权限;

vi /etc/freshclam.conf; #找到PidFile和LocalSocket设置项目,请注意此项目的值,例如:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#PidFile /var/run/freshclam.pid
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
若freshclam.conf中没有启动PidFile项目,可忽略此项目的修改,否则可参照上面修改;
若freshclam.conf中没有LocalSocket项目,可忽略此项目的修改,否则可参照上面修改;
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
(d)修改LogFile目录的用户所有权:
-------------------------------------------------------------------------------
vi /etc/clamd.conf; #找到LogFile设置项目,请注意此项目的值,例如:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
LogFile /var/log/clamav/clamd.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
chown -R qscand:qscand /var/log/clamav; #修改LogFile文件所在目录的权限;

vi /etc/freshclam.conf; #找到UpdateLogFile设置项目,请注意此项目的值,例如:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
UpdateLogFile /var/log/clamav/freshclam.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
chown -R qscand:qscand /var/log/clamav; #修改UpdateLogFile文件所在目录的权限;
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
(e)修改syslog生成日志文件的用户属性:
-------------------------------------------------------------------------------
vi /etc/logrotate.d/clamav; #将如下create行中原文clamav该为qscand
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/log/clamav/clamd.log {
      missingok
      notifempty
      create 644 qscand qscand
      postrotate
            killall -HUP clamd 2>/dev/null || :
      endscript
}
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

vi /etc/logrotate.d/freshclam; #将如下create行中原文clamav该为qscand
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/log/clamav/freshclam.log {
      missingok
      notifempty
      create 644 qscand qscand
}
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
请注意: 此处修改指定syslog生成新**循日志文件的用户属性,可以保证新日志符合权限要求,否则clamd会拒绝启动;
-------------------------------------------------------------------------------

service clamd start; #重新启动clamd

注意: 上述修改必须小心检查,才可以确保clamav获得稳定持续的运行权限;
===============================================================================　　　　　　

chengkinhung

UID: 41838
帖子: 175
积分: 402
在线时间: 1 天 18 小时

28^# chengkinhung 发表于 2007-07-26 09:27

===============================================================================
8) 执行qmail-scanner安装资源包中的测试程序:
===============================================================================
./contrib/test_installation.sh -doit; #一切正常的话,应该返回如下信息:
-------------------------------------------------------------------------------
Sending standard test message - no viruses...
done!

Sending eicar test virus - should be caught by perlscanner module...
done!

Sending eicar test virus with altered filename - should only be caught by commercial anti-virus modules (if you have any)...

Sending bad spam message for anti-spam testing - In case you are using SpamAssassin...
Done!

Finished test. Now go and check Email sent to postmaster@hung.25u.com
-------------------------------------------------------------------------------

如果返回如下错误信息,是因为qmail-scanner和clamav运行身份无法协调的问题:
-------------------------------------------------------------------------------
Sending standard test message - no viruses...
qmail-inject: fatal: qq temporary problem (#4.3.0)
Bad error. qmail-inject died
-------------------------------------------------------------------------------
请参考上一步骤(配置ClamAV运行权限)中是否遗漏了需要修改的部分;
===============================================================================

===============================================================================
9) 设置扫描脚本,并在Qmail中应用扫描系统;
===============================================================================
修改扫描脚本,以符合我们的要求:
vi /var/qmail/bin/qmail-scanner-queue.pl; #找到$spamc_subject='';改成如下:
-------------------------------------------------------------------------------
$spamc_subject='+++++SPAM+++++';
-------------------------------------------------------------------------------
請注意: 這里所定義的標題"+++++SPAM+++++"是一個標記字段, 它將會附加到所有被判斷為
垃圾郵件的Subject內容前, 以便用戶可以在郵件客戶端(MUA)的應用軟件(例如 Outlook)中
使用過濾規則. 而且這個標題定義內容還將會被后面介紹的封鎖屏蔽垃圾郵件的設置所用到,
請參考《第15節: 進階使用設置》.

在qmail的smtpd启动脚本加入扫描语句:
vi /service/qmail-smtpd/run; #在开始处加入QMAILQUEUE环境变数,如下:
-------------------------------------------------------------------------------
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
export BASE64=""
export QHPSI="clamdscan"
export QHPSIARG1="--no-summary"
export REPLY554="{virus found [see: http://www.fehcom.de/emailpolicy.html]}"
export BADMIMETYPE=""
export BADLOADERTYPE="M"
export SMTPAUTH=""
export BOUNCEMAXBYTES=""
QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue.pl
export QMAILQUEUE
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exit 1
fi
exec softlimit -m 30000000 \
tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /usr/local/bin/rblsmtpd \
/var/qmail/bin/qmail-smtpd \
/home/vpopmail/bin/vchkpw /bin/true 2>&1
-------------------------------------------------------------------------------

重起qmail的smtpd并测试运行结果;
qmailctl restart;

观察主要的排错监测日志:
-------------------------------------------------------------------------------
vi /var/spool/qscan/quarantine.log;
vi /var/spool/qscan/qmail-queue.log;
vi /var/log/clamd.log;
vi /var/log/maillog;
-------------------------------------------------------------------------------
===============================================================================

　　　　　　

chengkinhung

UID: 41838
帖子: 175
积分: 402
在线时间: 1 天 18 小时

29^# chengkinhung 发表于 2007-07-26 09:29

===============================================================================
1) 增加POP3DS服务;
===============================================================================
/usr/local/share/mkpop3dcert;
cp -rp /usr/local/share/pop3d.pem /var/qmail/supervise/qmail-pop3ds/pop3ds.pem;

vi /var/qmail/supervise/qmail-pop3ds/run;
-------------------------------------------------------------------------------
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec tcpserver -H -R -v -c100 0 995 /usr/sbin/stunnel \
/var/qmail/supervise/qmail-pop3ds/pop3ds.conf
-------------------------------------------------------------------------------
chmod 751 /var/qmail/supervise/qmail-pop3ds/run;

vi /var/qmail/supervise/qmail-pop3ds/log/run;
-------------------------------------------------------------------------------
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec setuidgid qmaill multilog t s1000000 n20 /var/log/qmail/qmail-pop3ds 2>&1
-------------------------------------------------------------------------------
chmod 751 /var/qmail/supervise/qmail-pop3ds/log/run;

vi /var/qmail/supervise/qmail-pop3ds/pop3ds.conf;
-------------------------------------------------------------------------------
cert = /var/qmail/supervise/qmail-pop3ds/pop3ds.pem
foreground = yes
output = /var/log/qmail/qmail-pop3ds/pop3ds.log
debug = 5
client = no
exec = /var/qmail/bin/qmail-popup
execargs = /var/qmail/bin/qmail-popup test.com /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 2>&1
-------------------------------------------------------------------------------

ln -s /var/qmail/supervise/qmail-pop3ds /service;

svc-stop /service/qmail-pop3ds;
svc-start /service/qmail-pop3ds;
===============================================================================

===============================================================================
2) 修改qmailctl控制文档;
===============================================================================
vi /var/qmail/bin/qmailctl;
-------------------------------------------------------------------------------
#!/bin/sh

# For Red Hat chkconfig
# chkconfig: - 80 30
# description: the qmail MTA

PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin
export PATH

QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`

case "$1" in
start)
echo "Starting qmail..."
echo ""
if svok /service/qmail-send ; then
svc -u /service/qmail-send /service/qmail-send/log
echo "Starting qmail-send"
else
echo "qmail-send supervise not running"
fi
if svok /service/qmail-smtpd ; then
svc -u /service/qmail-smtpd /service/qmail-smtpd/log
echo "Starting qmail-smtpd"
else
echo "qmail-smtpd supervise not running"
fi
if svok /service/qmail-pop3d ; then
svc -u /service/qmail-pop3d /service/qmail-pop3d/log
echo "Starting qmail-pop3d"
else
echo "qmail-pop3d supervise not running"
fi
if svok /service/qmail-pop3ds ; then
svc -u /service/qmail-pop3ds /service/qmail-pop3ds/log
echo "Starting qmail-pop3ds"
else
echo "qmail-pop3ds supervise not running"
fi
if [ -d /var/lock/subsys ]; then
touch /var/lock/subsys/qmail
fi
;;
stop)
echo "Stopping qmail..."
echo ""
echo " qmail-smtpd"
svc -d /service/qmail-smtpd /service/qmail-smtpd/log
echo " qmail-send"
svc -d /service/qmail-send /service/qmail-send/log
echo " qmail-pop3d"
svc -d /service/qmail-pop3d /service/qmail-pop3d/log
echo " qmail-pop3ds"
svc -d /service/qmail-pop3ds /service/qmail-pop3ds/log
if [ -f /var/lock/subsys/qmail ]; then
rm /var/lock/subsys/qmail
fi
;;
stat)
svstat /service/qmail-send
svstat /service/qmail-send/log
svstat /service/qmail-smtpd
svstat /service/qmail-smtpd/log
svstat /service/qmail-pop3d
svstat /service/qmail-pop3d/log
svstat /service/qmail-pop3ds
svstat /service/qmail-pop3ds/log
qmail-qstat
;;
doqueue|alrm|flush)
echo "Flushing timeout table and sending ALRM signal to qmail-send."
/var/qmail/bin/qmail-tcpok
svc -a /service/qmail-send
;;
queue)
qmail-qstat
qmail-qread
;;
reload|hup)
echo "Sending HUP signal to qmail-send."
svc -h /service/qmail-send
;;
pause)
echo "Pausing qmail-send"
svc -p /service/qmail-send
echo "Pausing qmail-smtpd"
svc -p /service/qmail-smtpd
echo "Pausing qmail-pop3d"
svc -p /service/qmail-pop3d
echo "Pausing qmail-pop3ds"
svc -p /service/qmail-pop3ds
;;
cont)
echo "Continuing qmail-send"
svc -c /service/qmail-send
echo "Continuing qmail-smtpd"
svc -c /service/qmail-smtpd
echo "Continuing qmail-pop3d"
svc -c /service/qmail-pop3d
echo "Continuing qmail-pop3ds"
svc -c /service/qmail-pop3ds
;;
restart)
echo "Restarting qmail:"
echo "* Stopping qmail-smtpd."
svc -d /service/qmail-smtpd /service/qmail-smtpd/log
echo "* Sending qmail-send SIGTERM and restarting."
svc -t /service/qmail-send /service/qmail-send/log
echo "* Sending qmail-pop3d SIGTERM and restarting."
svc -t /service/qmail-pop3d /service/qmail-pop3d/log
echo "* Sending qmail-pop3ds SIGTERM and restarting."
svc -t /service/qmail-pop3ds /service/qmail-pop3ds/log
echo "* Restarting qmail-smtpd."
svc -u /service/qmail-smtpd /service/qmail-smtpd/log
;;
cdb)
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
chmod 644 /etc/tcp.smtp.cdb
echo "Reloaded /etc/tcp.smtp."
;;
help)
cat <<HELP
stop -- stops mail service (smtp connections refused, nothing goes out)
start -- starts mail service (smtp connection accepted, mail can go out)
pause -- temporarily stops mail service (connections accepted, nothing leaves)
cont -- continues paused mail service
stat -- displays status of mail service
cdb -- rebuild the tcpserver cdb file for smtp
restart -- stops and restarts smtp, sends qmail-send a TERM & restarts it
doqueue -- schedules queued messages for immediate delivery
reload -- sends qmail-send HUP, rereading locals and virtualdomains
queue -- shows status of queue
alrm -- same as doqueue
flush -- same as doqueue
hup -- same as reload
HELP
;;
*)
echo "Usage: $0 {start|stop|restart|doqueue|flush|reload|stat|pause|cont|cdb|queue|help}"
exit 1
;;
esac

exit 0
-------------------------------------------------------------------------------
===============================================================================　　　　　　

chengkinhung

UID: 41838
帖子: 175
积分: 402
在线时间: 1 天 18 小时

30^# chengkinhung 发表于 2007-07-26 09:31

(1) 簡介

Vqadmin是給主機管理者使用的管理工具.它可以同Qmailadmin一起使用,用戶可以用Qmailadmin
來管理他們自己的域名,但不能添加和刪除域名,而主機管理者(提供虛擬郵箱服務的ISP公司)則
可以用Vqadmin來添加和刪除域名.

參考網頁: http://www.inter7.com/index.php?page=vqadmin

vqadmin is a web based control panel that allows system administrators to perform
actions which require root access — for example, adding and deleting domains. The
cgi is authenticated using Apache style htpasswd files. A user based ACL provides
control over what actions can be performed, such as adding/deleting a domain or
accessing user email account information to allow modification of user passwords
and quotas. Account service restrictions include enabling or disabling of pop
access, authentication based smtp relay control, courier-imap access and sqwebmail
access.

vqadmin and qmailadmin work together. While qmailadmin can be used to allow users
to administer their own domains, they are unable to create new domains. Creation
or deletion of domains is normally associated with the owner/admins of the machine.
vqadmin is a root level tool for owner/admins or their technical support staff.

(2)特性(Features)

Add / Delete virtual email domains
Change user passwords, quotas
Turn off account services such as pop, imap, web email or smtp relay
Written in C for speed
Uses html templates
Access control lists to limit groups of users to different levels of features
Support for multiple languages based on dictionary files.

(3) 安裝和配置(Installing and configuring)vQadmin
--------------------------------------
cd /usr/local/src/qmail/vpopmail/;
wget http://www.inter7.com/vqadmin/vqadmin-2.3.2.tar.gz;
tar zxvf vqadmin-2.3.2.tar.gz;
cd vqadmin-2.3.2;

./configure;
觀察編譯結果(Current settings):
-----------------------------------------------------------
vpopmail directory = /home/vpopmail
            uid = 809
            gid = 809
   cgi-bin dir = /var/www/cgi-bin
   vqadmin dir = /var/www/cgi-bin/vqadmin
-----------------------------------------------------------
請注意: 上述資料是編譯程序自動檢測到的當前系統參數

make;
make install; #或可執行 make install-strip;

檢查安裝結果:
ll /var/www/cgi-bin/vqadmin/; #(正常應該顯示如下);
-----------------------------------------------------------
drwxr-xr-x 2 vpopmail vchkpw  4096 Jul  5 02:30 html
-rw-r--r-- 1 vpopmail vchkpw 864 Jul  5 02:30 vqadmin.acl
-rwsr-sr-x 1 root    root 96292 Jul  5 02:30 vqadmin.cgi
-----------------------------------------------------------

檢查訪問列表文檔內容:
Now you want to edit your vqadmin.acl file, which is your access list definitions.
Please read that file for information on how to define users and usergroups.

If you haven't changed anything else, and your libraries are set properly, typing
'make' here should compile the CGI with no errors. Once that's done, typing 'make
install' should install the CGI. Any errors that appear during these two command-line
operations are going to be very hard to document because of the system-specific
nature of this portion of the installation. (See section 5)

vi /var/www/cgi-bin/vqadmin/vqadmin.acl; #(預設內容如下):
-----------------------------------------------------------
#
# Access List Definitions
# vol@inter7.com
#

#
# Default group contains permissions for all users
# not listed under any groups
#
# If the default group is not defined, users not
# listed under any other groups will have no
# permissions.
#
# Examples follow...
#

default - ...

#
# Access permissions:
#
# V View user information
# I View domain information
# M Modify user information
# U Modify domain information
# C Create user
# A Create domain
# D Delete user
# X Delete domain
#
# These features will still appear in the HTML templates
# if the user doesn't have access to them, however, they will
# get a permission denied error if they try to make use of
# them.
#

tech VI tech1user
admin VIMUDCA admin1user

#
# An asterisk in the features field specifies that you
# want all users in this group to have access to
# all features.
#

senior * admin
-----------------------------------------------------------

-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
(4) 配置Apache訪問特性;
-------------------------------------------------------------------------------
vQadmin will require it's own CGI-allowed, access-protected, directory to operate.
First, you will need to create a <Directory> tag inside your Apache configuration,
which sets the directory to have ExecCGI permissions, allows the directory to
override authority, and sets the directory to deny everyone by default. vQadmin
will not function without this setup.

vi /etc/httpd/conf/httpd.conf; #指定CGI目錄權限
------------------------------------------------
<Directory "/var/www/cgi-bin/vqadmin">
deny from all
Options ExecCGI
AllowOverride AuthConfig
Order deny,allow
</Directory>
------------------------------------------------

After you've created the directory, you will need to create an htaccess for the
directory so Apache knows how to authenticate users trying to access the directory.
In our example directory /usr/local/apache/cgi-bin/vqadmin,you'd create a '.htaccess'
file describing the authentication we're using. You should store the password file
somewhere the webserver isn't capable of displaying, such as the conf directory.
The realm (AuthName) is not important, so you may call it whatever you'd like.
You will want to chown the file to the webserver user, and chmod it 600.

vi /var/www/cgi-bin/vqadmin/.htaccess; #(請輸入或修正如下內容):
----------------------------------------------------------------
AuthType Basic
AuthUserFile /etc/httpd/conf/vqadmin.passwd
AuthName vqadmin
require valid-user
satisfy any
----------------------------------------------------------------
請注意: 上述AuthUserFile參數用來指定Apache的訪問用戶的密碼文檔;此路徑應根據當前
系統的具體情況來設置,當然也同樣要考慮安全因素, 即必需屏蔽Apache對此文件的的讀取
權限.

生成用戶和密碼:
/usr/bin/htpasswd -bc /etc/httpd/conf/vqadmin.passwd test test;
cat /etc/httpd/conf/vqadmin.passwd; #(檢查生成結果,正常內容如下)
-------------------------------------------------------------------------------
test:y2YuuPonneHUU
-------------------------------------------------------------------------------

關于htpasswd命令的參考資料:
-------------------------------------------------------------------------------
Now, create a user.  In your Apache installation root directory, under the bin
subdirectory is a program called 'htpasswd'.  This program is used to create,
and maintain the vqadmin.passwd file.

  Usage:
htpasswd [-cmdps] passwordfile username
htpasswd -b[cmdps] passwordfile username password

-c  Create a new file.
-m  Force MD5 encryption of the password.
-d  Force CRYPT encryption of the password (default).
-p  Do not encrypt the password (plaintext).
-s  Force SHA encryption of the password.
-b  Use the password from the command line rather than prompting for it.
  On Windows and TPF systems the '-m' flag is used by default.
  On all other systems, the '-p' flag will probably not work.

We're only interested in the c (or maybe b) option for now. To create a
vqadmin.passwd file, with a login of 'test', and a password of 'test'.
-------------------------------------------------------------------------------
提示: 可用 whereis htpasswd 命令尋找 htpasswd 的路徑;

That's it. Just remember that you made a user named 'test'!  You need to know this
for configuring vqadmin.

After you've done all this, you'll need to reload your configuration files.

使用方法:
重新啟動Apache服務,然后在IE中打開如下網址:
http://xxx.xxx.xxx.xxx/cgi-bin/vqadmin/vqadmin.cgi　　　　　　