<郵件的反垃圾反病毒>

本章——傳送接收郵件的工具為雷鳥

 

安裝

# yum install dovecot-mysql.x86_64 dovecot.x86_64 -y

編輯檔案

vim 10-mail.conf

mail_location = maildir:/home/vmail/%d/%n/Maildir/ first_valid_uid = 800

開啟

!include auth-sql.conf.ext

# vim auth-sql.conf.ext

檔案提示讓找 args = /etc/dovecot/dovecot-sql.conf.ext  但/etc/dovecot目錄下沒有這個檔案。

提示可以參考模板： # Path for SQL configuration file, see example-config/dovecot-sql.conf.ext

/usr/share/doc/dovecot-2.0.9/example-config cp dovecot-sql.conf.ext /etc/dovecot/

 

# vim dovecot-sql.conf.ext　　//主要修改以下幾行

driver = mysql

connect = host=localhost dbname=extmail user=extmail password=extmail

default_pass_scheme = PLAIN

password_query = \   SELECT username, domain, password \   FROM mailbox WHERE username = '%u'

user_query = SELECT maildir, 800 AS uid, 800 AS gid FROM mailbox WHERE username = '%u'

重啟dovecot服務 測試豆腐塊是否成功：

# telnet localhost 110

user redhat@extmail.org pass redhat

豆腐塊SASL認證

首先檢視下幫助文件，怎麼安裝豆腐塊的SASl認證庫。

cd /usr/share/doc/postfix-2.6.6/README_FILES

# less SASL_README

檢視postfix的引數資訊 postconf -d | grep smtpd_sasl

將其寫入main.cf postfix的主配置檔案

postconf -e smtpd_sasl_auth_enable=yes

postconf -e smtpd_sasl_authenticated_header=yes

檢視SASL加密那些認證。

postconf -d | grep smtpd_recipient

postconf -e "smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, permit_sasl_authenticated"

smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, permit_sasl_authenticated

開啟SASL認證/認證頭。

smtpd_sasl_auth_enable = yes

smtpd_sasl_authenticated_header = yes

系統預設的幫助文件做的不怎麼好，自己找個包看。

postfix-2.10.2.tar.gz

tar zxf postfix-2.10.2.tar.gz cd postfix-2.10.2

less SASL_README

vim /etc/sasl2/smtpd.conf

pwcheck_method: auxprop

auxprop_plugin: sql

mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM

sql_engine: mysql

sql_hostnames: 127.0.0.1

sql_user: extmail

sql_passwd: extmail

sql_database: extmail sql_select: SELECT

password FROM mailbox WHERE username = '%u@%r'

yum list cyrus-sasl*

rpm -ivh cyrus-sasl-sql-2.1.23-13.el6_3.1.x86_64.rpm

yum install cyrus-sasl-md5.x86_64 cyrus-sasl-devel.x86_64  cyrus-sasl-plain.x86_64 -y

 

認證

postconf -d | grep smtpd_tls  //查詢下tls認證的項，寫入postfix主檔案

postconf -e smtpd_tls_security_level=encrypt cd /etc/pki/tls/certs/ make postfix.pem

postconf -e smtpd_tls_cert_file=/etc/pki/tls/certs/postfix.pem

postconf -e smtpd_tls_received_header=yes

postconf -e "smtpd_tls_session_cache_database=btree:/var/lib/postfix/smtpd_scache"

postconf -e smtpd_tls_auth_only=yes /etc/init.d/postfix restart /etc/init.d/clamd start

 

 

 

 郵件的反垃圾反病毒

yum install spamassassin -y cd /usr/share/spamassassin/

yum localinstall clam* -y

 下載病毒庫

# rm -rf virusdb/ # chown clamav.clamav *

# yum install -y rpm-build

# ./install.sh

# vim MailScanner.conf　　//下面的為這個庫要修改的選項引數

Incoming Queue Dir = /var/spool/postfix/hold

Outgoing Queue Dir = /var/spool/postfix/incoming Run As User = postfix Run As Group = postfix MTA = postfix

Incoming Work Group = clamav

Incoming Work Permissions = 0640

Virus Scanners = clamd

Monitors for ClamAV Updates = /var/clamav/*.cld /var/clamav/*.cvd

# rpm -ql clamd

# cd /var/run/clamav/ clamd.pid clamd.sock 

Clamd Socket = /var/run/clamav/clamd.sock

Always Include SpamAssassin Report = yes

SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin

Spam Actions = delete High Scoring Spam Actions = delete

[root@vm1 MailScanner]# mkdir spamassassin

# chown -R postfix.clamav .

# cd /etc/postfix/

# vim main.cf

把下面的#去掉

header_checks = regexp:/etc/postfix/header_checks

# vim header_checks　　低行下入 /^Received:/    HOLD

下面是檢測語法時 的報錯，和解決方案

MailScanner –lint

報錯解決方案：

ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf ERROR: is not correct, it should match X-yoursite-MailScanner-From

# cd /etc/MailScanner/

envelope_sender_header X-yoursite-MailScanner-From

報錯： config: failed to parse line, skipping, in "/etc/mail/spamassassin/mailscanner.cf": use_auto_whitelist 0

註釋掉此行 #use_auto_whitelist 0

報錯： Unrar is not installed, it should be in /usr/bin/unrar. This is required for RAR archives to be read to check filenames and filetypes. Virus scanning is not affected.

安裝軟體包 unrar-4.2.4-1.el6.x86_64.rpm

[root@vm1 MailScanner]# /etc/init.d/postfix status master is stopped

[root@vm1 MailScanner]# /etc/init.d/MailScanner start

Starting MailScanner daemons:          incoming postfix:                                 [  OK  ]          outgoing postfix:                                 [  OK  ]          MailScanner:                                      [  OK  ]

[root@vm1 MailScanner]# /etc/init.d/postfix

status master (pid  10891) is running...