注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

從頭再來 Blog

一切將會如小生命的誕生一樣,從頭再來.....

 
 
 

日志

 
 

用Linux建立电邮网关  

2009-04-08 20:55:18|  分类: Linux |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |

转自: http://cha.homeip.net/blog/archives/2007/11/_mail_gateway.html

建立防毒、過濾垃圾郵件的 Mail Gateway

  • 在 FC6 安裝 Postfix (as gateway) + MailScanner + ClamAV + Spamassassin
  • 將 Sendmail 設定成 Mail Gateway

環境

  • Mail Gateway: Postfix + MailScanner + ClamAV + Spamassassin (based on Fedora Core 6)
  • Internal Mail Server: 任一種郵件伺服器, 假設內部 IP 為: 192.168.1.1
  • Primary MX: domain.com IN MX mail.domain.com. (MX 記錄指向 Mail Gateway)

安裝 Postfix, 並將 Postfix 設定成 Mail Gateway

yum install postfix

service sendmail stop

chkconfig sendmail off

vi /etc/postfix/main.cf

myhostname = mail.domain.com
mydomain = domain.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $mydomain, localhost.$mydomain, localhost
local_recipient_maps = (空白)
networks_style = host
relay_domains = domain.com
transport_maps = hash:/etc/postfix/transport
append_at_myorigin = no

vi /etc/postfix/transport

domain.com    smtp:[192.168.1.1]

postmap /etc/postfix/transport

service postfix start

修改 NAT 配置, 將 tcp 25 指向 postfix_host:25, 並從外部寄郵件到 someone@domain.com, 觀察 postfix 是否能 forward 給真正的 mail server (192.168.1.1), 或 telnet 到 mail gateway 進行測試

安裝 ClamAV、MailScanner

下載 ClamAV

groupadd clamav

useradd -g clamav -s /sbin/nologin -M clamav

tar zxf clamav-0.91.2.tar.gz

cd clamav-0.91.2

./configure && make && make install

vi /usr/local/etc/clamd.conf

#Example

vi /usr/local/etc/freshclam.conf

#Example

vi /etc/ld.so.conf

#加入
/usr/local/lib

ldconfig

freshclam

下載 MailScanner

 安装前先安装以下lib库:  [针对ubuntu或者debian平台]
apt-get install libconvert-tnef-perl libdbd-sqlite3-perl libfilesys-df-perl
apt-get install libmailtools-perl libmime-tools-perl libmime-perl
apt-get install libnet-cidr-perl libsys-syslog-perl libio-stringy-perl
apt-get install libfile-temp-perl

tar zxf MailScanner-4.65.3-1.rpm.tar.gz

cd MailScanner-4.65.3-1

./install.sh

vi /etc/MailScanner/MailScanner.conf

Run As User = postfix
Run As Group = www-data
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix

Quarantine User = postfix
Quarantine Group = www-data

Virus Scanning = yes
Virus Scanners = clamav
Use SpamAssassin = yes
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin

Sign Clean Message = no (不在信尾加註 "This message has been scanned...")

mkdir /var/spool/MailScanner/spamassassin

chown postfix:postfix /var/spool/MailScanner/*

vi /etc/postfix/main.cf

header_checks = regexp:/etc/postfix/header_checks

vi /etc/postfix/header_checks

/^Received:/ HOLD

service postfix stop

service MailScanner start

將 Sendmail 設定成 Mail Gateway

環境

  • Fedora Core 3, Sendmail 8.13.1-2
  • Primary MX: domain.com IN MX mail.domain.com.

yum install sendmail-cf

vi /etc/sysconfig/network

HOSTNAME=mail.domain.com

vi /etc/hosts

127.0.0.1    mail.domain.com mail localhost.localdomain localhost

vi /etc/mail/sendmail.mc

DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0,Name=MTA')
FEATURE(`accept_unresolveble_domains')
FEATURE(`mailertable')

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

vi /etc/mail/access

#加入
domain.com    RELAY

makemap hash /etc/mail/access.db < /etc/mail/access

vi /etc/mail/mailertable

#加入
domain.com    smtp:[192.168.1.1]

makemap hash /etc/mail/mailertable.db < /etc/mail/mailertable

service sendmail restart

確認 "domain.com" 不在清單中

sendmail -bt -C /etc/mail/sendmail.cf

Enter <ruleset> <address>
> $=w
mail
localhost.localdomain
localhost
mail.domain.com
[127.0.0.1]
>/quit

確認 mailertable 是否設定正確

sendmail -bv someone@domain.com

someone@domain.com... deliverable: mailer smtp, host [192.168.1.1], user someone@domain.com

測試 mal gateway 能否正常轉信給真正的 mail server

telnet mail.domain.com 25

ehlo localhost
mail from: someone@somewhere.com
rcpt to: someone@domain.com
data
subject: this is a test
.
quit


===  将 MailScanner 日志单独写入 MailScanner.log 文件

(1)在 /etc/MailScanner/MailScanner.conf 中,修改下面这个参数:

Syslog Facility = mail

改为

Syslog Facility = local0

(2)在 /etc/syslog.conf 中增加相应的一行:

local0.info                                        /var/log/MailScanner.log

(注明:中间空格处用 TAB 键)

(3)生成一下日志文件:

# touch /var/log/MailScanner.log

(4)重启一下 MailScanner 服务和 syslogd 系统日志服务:

# /etc/rc.d/init.d/MailScanner restart
# /etc/rc.d/init.d/syslogd restart

(5)验证一下,成功了:

# tail -f /var/log/MailScanner.log



------- 用MailWatch 来管理 MailScanner ------

去官網下載MailWatch

http://sourceforge.net/project/showfiles.php?group_id=87163

目前最新版本是1.04

解壓縮下載來的檔案

tar  -zxvf  mailwatch-1.0.4.tar.gz

cd mailwatch

執行以下指令

mysql -p < create.sql

這會產生一個名為mailscanner的資料庫並建立資料表等等

修改MailWatch.pm以下項目為你的資訊

my($db_name) = ‘mailscanner’;  #資料庫名稱
my($db_host) = ‘localhost’;  #資料庫位置
my($db_user) = ‘root’;  #使用者名稱
my($db_pass) = ‘123456′;  #使用者密碼

接下來複製到/usr/share/MailScanner/MailScanner/CustomFunctions/底下

新增網頁使用者  指令如下

mysql mailscanner -u root -p
Enter password: ******

mysql> INSERT INTO users VALUES (’<username>‘,md5(’<password>‘),’<name>‘,’A',’0′,’0′,’0′,’0′,’0′);

修改紅色部份 [这里的红色部分是指登录MailWatch时的用户名及密码]

 

Step 2 : WEB介面設定

將檔案移置網頁跟目錄

mv mailscanner /var/www/

修改部分權限讓apache可以存取

cd  /var/www/mailscanner

chown www-data:www-data images

chmod ug+rwx images

chown www-data:www-data images/cache

chmod ug+rwx images/cache

接著將conf.php.example複製成conf.php

cp  conf.php.example  conf.php

將以下資訊一樣設定好

define(DB_TYPE, ‘mysql’);
define(DB_USER, ‘root’);
define(DB_PASS, ‘123456′);
define(DB_HOST, ‘localhost’);
define(DB_NAME, ‘mailscanner’);

 

Step 3 : MailScanner設定

編輯/etc/MailScanner/MailScanner.conf 如下

  • Quarantine User = postfix
  • Quarantine Group = www-data
  • Quarantine Permissions = 0660
  • Quarantine Whole Message = yes
  • Quarantine Whole Message As Queue Files = no
  • Detailed Spam Report = yes
  • Include Scores In SpamAssassin Report = yes
  • Always Looked Up Last = &MailWatchLogging

 

Step 3 : 黑白名單設定

修改SQLBlackWhiteList.pm 中的資料庫資料並一樣複製到/usr/share/MailScanner/MailScanner/CustomFunctions/底下

修改/etc/MailScanner/MailScanner.conf 如下

  • Is Definitely Not Spam = &SQLWhitelist
  • Is Definitely Spam = &SQLBlacklist
  • 基本上這樣就已經完成設定了,當然其中更詳細的設定可以參考官方的說明

    http://mailwatch.sourceforge.net/doku.php?id=mailwatch:documentation:install

    MailWatch的說明真的寫的很詳細

    另外我有碰到Quarantine無法讀取或找不到,基本上都是權限設定有錯

    可以執行tools底下的fix_quarantine_permissions



    ==========  MailWatch BUG 修正 =============


    1) mailwatch安装以后,如果学习邮件,会提示message id找不到

    其实这是程序设计的不完善的地方,postfix队列ID是用.分割的。修改一下mailwatch的代码就可以了

    Change the following in /var/www/mailscanner/do_message_ops.php
    file:
       把         $id = $Regs[1];

      修改为:  $id = str_replace("_", ".",$Regs[1]);

    2) 如果提示没有找到message在quarantine

    需要修改 /etc/MailScaner/MailScanner.conf
    Spam Actions = store deliver header "X-Spam-Status: Yes"
    High Scoring Spam Actions = store
    Non Spam Actions = store deliver header "X-Spam-Status: No"


    3) 如果学习的时候提示
    SA Learn: error code 13 returned from sa-learn: bayes: expire_old_tokens: locker: safe_lock: cannot create lockfile /root/.spamassassin/bayes.mutex: Permission denied bayes: locker: safe_lock: cannot create lockfile /root/.spamassassin/bayes.mutex: Permission denied Learned tokens from 0 message(s) (1 message(s) examined)

    需要配置bayes的路径

    Move the Bayesian Databases and set-up permissions (skip this if you don't use bayes)Edit /etc/MailScanner/spam.assassin.prefs.conf and set:

      bayes_path /etc/MailScanner/bayes/bayes
    • bayes_file_mode 0660
    Create the ‘new’ bayes directory, make the directory owned by the same group as the web server user and make the directory setgid:
        # mkdir /etc/MailScanner/bayes   
        # chown root:apache /etc/MailScanner/bayes   
        # chmod g+rws /etc/MailScanner/bayes   
          Copy the existing bayes databases and set the permissions:
       
       # cp /root/.spamassassin/bayes_* /etc/MailScanner/bayes   
       # chown root:apache /etc/MailScanner/bayes/bayes_*   
       # chmod g+rw /etc/MailScanner/bayes/bayes_*
         Test SpamAssassin to make sure that it is using the new databases correctly:
       
       # spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint
      评论这张
     
    阅读(1188)| 评论(0)
    推荐 转载

    历史上的今天

    在LOFTER的更多文章

    评论

    <#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
     
     
     
     
     
     
     
     
     
     
     
     
     
     

    页脚

    网易公司版权所有 ©1997-2017