1.组件
操作系统centos5.4
postfix:MTA
clamd:反病毒引擎
spamassassin:反垃圾邮件
amavisd-new:是邮件代理服务器(MTA)和防毒软件之间的中间件
fail2ban:防止邮箱暴力破解
2.工作原理
第一步:postfix 接收邮件(MTA)
postfix,通过25端口,接受所有的邮件
第二步:邮件交给amavisd-new
amavisd-new负责调用clamd对邮件进行病毒扫描,负责调用SpamAssassin对邮件内容进行过滤;amavisd-new通过10025端口还给postfix
第三步:邮件返还给postfx
第四步:postfix在传递给exchange
3.安装过程
停止sendmail服务,防止25端口占用
(1)设定cdrom源 和EPEL源,这步省略
(2)yum安装postfix、fail2ban
# yum –y install fail2ban
# servic fail2ban start
# yum –y install postfix
(3)yum安装安装病毒过滤组件clamd
#groupadd clamav
#useradd -g clamav -s /sbin/nologin -M clamav
#groupadd amavis
#useradd -g amavis -s /sbin/nologin -M amavis
#yum install clamd
#vim /etc/clamd.conf
修改
User amavis
#chown -R amavis.amavis /var/log/clamav
#chown -R amavis.amavis /var/run/clamav
#service clamd start
# vim /etc/freshclam.conf
修改
DatabaseOwneramavis
#chown -R amavis.amavis /var/lib/clamav
#freshclam
(4)yum安装反垃圾邮件spamassassin
#yum install spamassassin
#vim /etc/mail/spamassassin/local.cf
########new###################
required_score5.0
rewrite_headerSubject ****SPAM****
report_safe 1
use_bayes 1
bayes_auto_learn 1
skip_rbl_checks 1
use_razor2 0
use_pyzor 0
ok_locales all
#service spamassassin start
(5)yum安装amavisd-new
#yum install amavisd-new
#gpasswd -a clamav amavis
#usermod -G amavis clamav
#chown amavis.amavis /var/spool/amavisd
#chown amavis.amavis /var/spool/amavisd/tmp
#chmod 750 /var/spool/amavisd/tmp
#vim /etc/amavisd/amavisd.conf
修改
$daemon_user = 'amavis';
$daemon_group= 'amavis'; #yum安装时会自动创建组和账户
$mydomain= 'example.com'; # Exchange或者其它邮件系统的邮件域
$myhostname='mail.example.com';# Exchange域
$virus_admin ="postmaster\@$mydomain";
$mailfrom_notify_admin = "postmaster\@$mydomain";
$mailfrom_notify_recip = "postmaster\@$mydomain";
$mailfrom_notify_spamadmin= "postmaster\@$mydomain";
virus_admin_maps=> ["postmaster\@$mydomain"],(指定报告病毒和垃圾邮件时发送系统邮件的用户身份)
spam_admin_maps => ["postmaster\@$mydomain"],
########NEW##########
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n","/var/run/clamav/clamd.sock"],
qr/\bOK$/m, qr/\bFOUND$/m,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/m],
#service amavisd start
(6)postfix关联clam、spamassassin和amavisd-new
# vim /etc/postfix/master.cf
###########add#############
amavisfeed unix - - n - 2 smtp
-osmtp_data-done_timeout=1200
-odisable_dns_lookup=yes
127.0.0.1:10025 inet n - n - - smtpd
-ocontent_filter=
-olocal_recipient_maps=
-orelay_recipient_maps=
-osmtpd_restriction_classes=
-osmtpd_client_restrictions=
-osmtpd_helo_restrictions=
-osmtpd_sender_restrictions=
-osmtpd_recipient_restrictions=permit_mynetworks,reject
-omynetworks=127.0.0.0/8
-ostrict_rfc821_envelopes=yes
# vim/etc/postfix/main.cf
smtpd_client_restrictions =
reject_rbl_client rbl.anti-spam.cn
content_filter = amavisfeed:[127.0.0.1]:10024
receive_override_options= no_address_mappings
# service postfix start
# netstat -nltp
ActiveInternet connections (only servers)
ProtoRecv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 20719/master
tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 20540/amavisd (mast
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 20719/master
tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 6243/clamd
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 19863/spamd.pid
# chkconfig clamd on
# chkconfig spamassassin on
# chkconfig amavisd on
# chkconfig postfix on
# chkconfig fail2ban on
4.邮件网关设置
# vim /etc/postfix/main.cf
relay_domains = test.com
# vim /etc/postfix/transport
test.com relay:[192.168.0.1]
# postmap /etc/postfix/transport
# service postfix reload
5.exchange不需做任何修改,包括DNS MX记录,因为是只过略入网请求。
5.防火墙发布,省略
总结:此文借鉴了很多网上的东西才得以完成,非常感谢。测试效果还算不错,仅供大家参考。