linux23-postfix

ssl    安全套接层


sendmail  + tls  = smtps

 

[root@station245 /]# yum install sendmail* m4 dovecot -y


[root@station245 ~]# cd /etc/pki/tls/certs/

[root@station245 certs]# make sendmail.pem --生成密钥,写上相关信息
 

Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:guangdong
Locality Name (eg, city) [Newbury]:shenzheng
Organization Name (eg, company) [My Company Ltd]:uplooking
Organizational Unit Name (eg, section) []:it
Common Name (eg, your name or your server's hostname) []:station245
Email Address []:[email protected]

[root@station245 /]# vim /etc/mail/sendmail.mc   --修改sendmail主配置文件,打开下面五名的注释,注意要顶格

define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl

DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl


DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl  --并修改这句,监听所有

 

[root@station245 /]# /etc/init.d/sendmail restart --重启sendmail

===============================================================

pop3 + tls = pop3s (端口995)

[root@station245 /]# vim /etc/dovecot.conf

protocols = pop3 pop3s

ssl_cert_file = /etc/pki/tls/certs/sendmail.pem
ssl_key_file = /etc/pki/tls/certs/sendmail.pem

[root@station245 /]# /etc/init.d/dovecot restart


===============================================================

[root@station245 /]# yum install bind* -y

[root@station245 /]# vim /var/named/chroot/etc/named.conf


options {
        directory "/var/named";
};

zone "cluster.com" IN {
        type master;
        file "data/master.cluster.com.zone";
};

[root@station245 /]# vim /var/named/chroot/var/named/data/master.cluster.com.zone


$TTL 86400
@       IN      SOA     station245.cluster.com. root.   (
                                2010111401
                                240
                                360
                                120
                                86400   )
                IN      NS      station245.cluster.com.
                IN      MX 0    station245.cluster.com.
station245      IN      A       10.1.1.245


[root@station245 /]# /etc/init.d/named restart

=============================================================

验证:使用outlook验证,注意windows要把DNS指向10.1.1.245,
      在账号-属性-高级-把发送和接收的 此服务器要求安全连接SSL 两个选项打勾

使用mutt验证
[user2@station245 ~]$ mutt -f pops://[email protected]


使用claws-mails验证:

账号设置-SSL- 选择用SSL进行POP3连接和用SSL进行SMTP连接

然后发送邮件和接收邮件,会有证书的选项,选择接受保存就可以收发邮件了

 

-----------------------------------------------------------------


http + ssl = https (端口443)


[root@station245 /]# yum install openssl-* -y

[root@station245 /]# openssl req -new > station245.cluster.com
Generating a 1024 bit RSA private key
..++++++
.........................................++++++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase: --输入两次密码

Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:guangdown
Locality Name (eg, city) [Newbury]:shenzhen
Organization Name (eg, company) [My Company Ltd]:upl
Organizational Unit Name (eg, section) []:it
Common Name (eg, your name or your server's hostname) []:li
Email Address []:[email protected]

Please enter the following 'extra' attributes
A challenge password []:1234
An optional company name []:upl

[root@station245 /]# openssl rsa -in privkey.pem -out station245.cluster.com.key --生成station245.cluster.com.key
Enter pass phrase for privkey.pem:
writing RSA key


[root@station245 /]# openssl x509 -in station245.cluster.com -out station245.cluster.com.crt -req -signkey station245.cluster.com.key -days 365
Signature ok
subject=/C=CN/ST=guangdown/L=shenzhen/O=upl/OU=it/CN=li/[email protected]
Getting Private key

[root@station245 /]# mkdir /etc/httpd/key
[root@station245 /]# cp station245.cluster.com.crt /etc/httpd/key/
[root@station245 /]# cp station245.cluster.com.key /etc/httpd/key/

 

[root@station245 /]# yum install httpd* -y --安装rpm版apache
[root@station245 /]# yum install mod_ssl -y --安装ssl模块


[root@station245 /]# vim /etc/httpd/conf.d/ssl.conf

SSLCertificateFile /etc/httpd/key/station245.cluster.com.crt
SSLCertificateKeyFile /etc/httpd/key/station245.cluster.com.key


[root@station245 /]# /etc/init.d/httpd restart

[root@station245 /]# netstat -ntlup |grep 443
tcp        0      0 :::443                      :::*                        LISTEN      15662/httpd     

 

使用客户端访问:
https://10.1.1.245/  --要用https,并下载证书才可以访问


====================================

 


postfix+courier-imap+maildrop+courier-authlib+extmail+extman+spamassassin

 

postfix+postfixadmin+dovecot+mysql+squirrelmail+clamAV+amavsid-new+spamassassin

 

  client
    |
    | 
    | 
  postfix ------------>收件人
    |  
    |   10024  10025
       amavsid-new  
     |
    |--------------| 
 clamav  spamassassin

 


========================================


安装前准备
主机名
时间同步
关闭iptables ,selinux
yum配置OK


第一大步:
安装mysql,postfixadmin,httpd


# yum install httpd*  mysql*   php*   -y


# /etc/init.d/mysqld start


安装postfixadmin  (管理postfix的一个web界面的软件)

# mount 10.1.1.35:/share/soft /mnt
# cp /mnt/postfix+postfixadmin/postfixadmin-2.1.0.gz /root/
# tar xvf /root/postfixadmin-2.1.0.gz -C /var/www/html/
--解压到apache的家目录,这里apache是用的rpm版,没有改家目录的,所以就是/var/www/html/下
# cd /var/www/html/
# mv postfixadmin-2.1.0/ postfixadmin  --改一下名字,便于在web地址栏访问

# mysql < /var/www/html/postfixadmin/DATABASE_MYSQL.TXT  --postfix有一个mysql数据库的导表的文件,使用这条命令,直接导入数据库,就会自动创建postfix要使用的一些表


# mysql --再次登录验证

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| postfix            |   --多了一个postfix库,是刚才导入的
| test               |
+--------------------+

mysql> use postfix;   --进入postfix库


mysql> show tables;  --查看库里的表,下面这些表就是刚才导入的,目前是空表
+-------------------+
| Tables_in_postfix |
+-------------------+
| admin             |
| alias             |
| domain            |
| domain_admins     |
| log               |
| mailbox           |
| vacation          |


# /etc/init.d/httpd restart

这里使用浏览器http://IP/postfixadmin  访问postfix的web安装界面

 

点setup安装,会有一个警告和一个错误  ,错误是提示找不到config.ini.php文件

警告解决方法:
vim /etc/php.ini
magic_quotes_gpc = ON --把这个改为ON


错误的解决方法:
# mv /var/www/html/postfixadmin/config.inc.php.sample /var/www/html/postfixadmin/config.inc.php --有一个模版配置文件,重命名


# rm /var/www/html/postfixadmin/setup.php -rf --删除安装的信息文件


# /etc/init.d/httpd restart


# vim /var/www/html/postfixadmin/config.inc.php  --修改

$CONF['default_language'] = 'cn';  --如果想要中文界面的话,改为cn,当然系统要是中文的

$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';  --这两个与后面postfix的mailbox设置有关
--第一个改为YES,表示每一个虚拟域都有自己的邮箱;
--第二个配置为NO表示,不希望域表示在mailbox里

 


再次访问http://IP/postfixadmin   --用一个中文系统(英文系统如果不想注销切换,可以 export LANG=zh )中文做客户端,使用firefox查看会发现有乱码,这是因为httpd的语言集不一致造成的


# vim /etc/httpd/conf/httpd.conf

 AddDefaultCharset GB2312    --把UTF-8 ,改为GB2312

# /etc/init.d/httpd restart  --重启服务后,再次访问web界面就OK了

 

-----------------------

 

使用下面地址,访问管理页面
http://IP/postfixadmin/admin   --刚进来,会有新特性等信息,提示删除motd文件


# rm /var/www/html/postfixadmin/motd* -rf

 

再访问管理页面,就没有那些信息了

这里手动添加两个域,我这里加了一个aaa.com 和 bbb.com这两个域

再增加一个管理员, 同时能管理这两个域,我这里管理员为[email protected]

 

修改完成后,因为这是管理页面,不对外开放,那么可以使用系统权限来对其进行限制

# chmod 000 /var/www/html/postfixadmin/admin/  --把这个目录权限改为000,那么管理页面就不能再访问了,如果想再进管理页面进行信息的修改的话,可以把这个目录权限改回755就可以了
--或者使用apache的目录控制来控制只有管理机可以登录此页面,或者使用apache的.htaccess功能把此目录的访问权限设置验证


===============================
# vim /etc/httpd/conf/httpd.conf

327     AllowOverride all --改为all,表示家目录下所有目录都支持.htaccess验证

--或者加上下面这一段,指定只有admin目录可以支持.htaccess验证
<Directory "/var/www/html/postfixadmin/admin"> 
   AllowOverride all
   Order allow,deny
    Allow from all
</Directory>

# vim /var/www/html/postfixadmin/admin/.htaccess  --默认有此文件

AuthUserFile /var/www/html/postfixadmin/admin/.htpasswd  --改这一句 
AuthGroupFile /dev/null
AuthName "Postfix Admin"
AuthType Basic

<limit GET POST>
require valid-user
</limit>

# htpasswd /var/www/html/postfixadmin/admin/.htpasswd admin --修改此文件的admin用户的密码
New password:
Re-type new password:
Updating password for user admin

# /etc/init.d/httpd restart 


================================================================


第二大步,安装postfix
这里我们不使用rpm版的postfix,因为rpm版默认不支持mysql,所以需要源码版重新编译


可以去redhat的ftp网站下载
ftp://ftp.redhat.com

postfix-2.3.3-2.1.el5_2.src.rpm


# useradd -s /sbin/nologin  brewbuilder
# rpm -ivh postfix-2.3.3-2.1.el5_2.src.rpm


# cd /usr/src/redhat/SPECS/
# ls
postfix.spec  --这是rpm 的src包的配置文件


# vim postfix.spec

%define MYSQL 1  --把0改为1,让它支持mysql

# rpmbuild -ba postfix.spec   --这里依赖性需要pcre-devel包,先确认安装这个包再rpmbuild -ba  postfix.spec来编译postfix

 


编译完成后会看到
Wrote: /usr/src/redhat/SRPMS/postfix-2.3.3-2.1.src.rpm
Wrote: /usr/src/redhat/RPMS/i386/postfix-2.3.3-2.1.i386.rpm  --编译出来的支持mysql的rpm包
Wrote: /usr/src/redhat/RPMS/i386/postfix-pflogsumm-2.3.3-2.1.i386.rpm
Wrote: /usr/src/redhat/RPMS/i386/postfix-debuginfo-2.3.3-2.1.i386.rpm

 

# rpm -ivh /usr/src/redhat/RPMS/i386/postfix-2.3.3-2.1.i386.rpm

 

--这里拷贝一个模版配置文件
# cp /mnt/postfix+postfixadmin/config_files/main.cf /etc/postfix/
cp: overwrite `/etc/postfix/main.cf'? y

--拷贝和数据库连接相关的几个配置文件
[root@station209 SPECS]# cp /mnt/postfix+postfixadmin/config_files/mysql_virtual_* /etc/postfix/


------------

--五个配置文件的配置内容如下


# cat /etc/postfix/main.cf

#=====================BASE=========================
myhostname = postfix.cluster.com 
mydomain = cluster.com   --这里改成服务器主机名
myorigin = $mydomain
mydestination = $myhostname localhost localhost.$mydomain
mynetworks = 127.0.0.0/8
inet_interfaces = all
#=====================Vritual Mailbox settings=========================
virtual_minimum_uid = 80 --这里要小于89,因为默认安装的postfix用户uid为89
virtual_mailbox_base = /var/spool/mail
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf  --这里有mysql相关的,就是与mysql的连接设置
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_uid_maps = static:89
virtual_gid_maps = static:89
virtual_transport = virtual
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
#====================QUOTA========================
message_size_limit = 52428800
mailbox_size_limit = 209715200
virtual_mailbox_limit = 209715200
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes
#====================SASL========================
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination,permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_banner=$myhostname ESMTP "Version not Available"

readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
html_directory = no
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/local/man
daemon_directory = /usr/libexec/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix


vim /etc/postfix/mysql_virtual_mailbox_maps.cf

user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username


vim /etc/postfix/mysql_virtual_mailbox_limit_maps.cf

user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = quota
where_field = username

vim /etc/postfix/mysql_virtual_domains_maps.cf

user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = domain
select_field = description
where_field = domain

vim /etc/postfix/mysql_virtual_alias_maps.cf

user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address


-----------------------------

停止sendmail,启动postfix,也可以使用system-swith-mail去切换MTA
# /etc/init.d/sendmail stop

# /etc/init.d/postfix start

修改邮件目录的属主
# chown postfix.postfix /var/spool/mail/ -R


安装验证sasl包

yum install cyrus-sasl  -y


/etc/init.d/saslauthd   start

chkconfig saslauthd  on


=====================================================

 

-------------------------------------------------------------------


第三大步:
安装dovecot

# yum install dovecot -y

--拷贝两个配置文件的模版
[root@station209 SPECS]# cp /mnt/postfix+postfixadmin/config_files/dovecot* /etc
cp: overwrite `/etc/dovecot.conf'? y

 


------------------
--两个配置文件内容如下:

# cat /etc/dovecot.conf

base_dir=/var/run/dovecot
protocols=imap pop3
listen=*
disable_plaintext_auth = no
ssl_disable = yes
mail_location = maildir:/var/spool/mail/%d/%n

auth default {
        mechanisms = PLAIN LOGIN CRAM-MD5 DIGEST-MD5
        passdb sql {
                args = /etc/dovecot-mysql.conf
        }
        userdb sql {
                args = /etc/dovecot-mysql.conf
        }
        socket listen {
                client {
                        path = /var/run/dovecot/auth-client
                        mode = 0660
                        user = postfix
                        group = postfix
                }
        }
}
first_valid_uid = 89


# cat /etc/dovecot-mysql.conf

driver = mysql
connect = host=/var/lib/mysql/mysql.sock dbname=postfix user=postfix password=postfix
default_pass_scheme = MD5
password_query = SELECT password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, 89 AS uid, 89 AS gid FROM mailbox WHERE username = '%u'

--启动服务
# /etc/init.d/dovecot start

 

--------------------------------------------------------------------------

第四大步:安装一个webmail     这里用squirrelmail

# yum install squirrelmail -y

# vim /etc/squirrelmail/config.php

$provider_uri     = 'http://IP/postfixadmin/users';

$squirrelmail_default_language = 'zh_CN';


# chown apache.apache /var/lib/squirrelmail/prefs/ 
# chown apache.apache /var/spool/squirrelmail/attach/
# chown root.apache /etc/squirrelmail/config.php

# /etc/init.d/httpd restart

 

可以使用http://IP/webmail/  来使用用户登录

 

----------------------------------------------------------


第五大步:测试

1,首先创建测试用户
通过http://IP/postfixadmin  使用创建的管理员[email protected]登录

登录后,创建每个域都创建二个用户用来测试
我这里创建的四个用户分别是  
[email protected]
[email protected]
[email protected]
[email protected]

这些新建的用户信息都可以在mysql数据库的postfix库里查看的

 

2,使用xp的outlook来进行收发邮件的测试
注意:使用outlook填用户时记得写全名也就是[email protected]这种格式,因为这里有多个域,不写全的话会有错误

我这里使用[email protected]登录outlook,登录后点发送/接收按钮会收到[email protected]的欢迎邮件表示OK

我使用[email protected]发送给[email protected],直接发送不了,因为我们配置了验证的

所以在outlook要点  工具-->帐户-->属性-->服务器-->最下面的我的服务器要求身份验证打勾


再次发送,然后使用[email protected]登录squirrelmail来接收,测试 OK


--?squirrelmail现在只能收不能发????????


----------------

注意上面的服务可以全部设置成开机自动启动
chkconfig httpd on
chkconfig mysqld on
chkconfig postfix on
chkconfig dovecot on
chkconfig saslauthd  on

 

 

=============================================================

 


继续安装
amavisd-new +      clamav    +  spamassassin

 

先修改postfix的文件 
vim /etc/postfix/main.cf --加上下面两句

soft_bounce=yes
content_filter = smtp-amavis:[127.0.0.1]:10024


vim /etc/postfix/master.cf   --加上下面一大段配置

smtp-amavis unix -      -       n       -       2       smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes
        -o disable_dns_lookups=yes

127.0.0.1:10025 inet    n       -       n       -       -     smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o smtpd_error_sleep_time=0
        -o smtpd_soft_error_limit=1001
        -o smtpd_hard_error_limit=1000


/etc/init.d/postfix  restart      --加完了上面的两段配置后重启postfix


安装clamav

[root@postfix amavisd_clamav_spam]# ls clam --直接安装下面这三个rpm包
clamav-0.92-1.el5.rf.i386.rpm
clamav-db-0.92-1.el5.rf.i386.rpm
clamd-0.92-1.el5.rf.i386.rpm

[root@postfix amavisd_clamav_spam]# rpm -ivh clam*   --安装


[root@postfix ~]# vim /etc/clamd.conf  --主配置文件,我这里用默认配置,不修改
[root@postfix ~]# vim /etc/freshclam.conf  --下载病毒库的配置文件,我这里也是默认配置,不修改


[root@postfix ~]# /etc/init.d/clamd start
Starting Clam AntiVirus Daemon:                           [  OK  ]

 

[root@postfix ~]# chkconfig clamd on


[root@postfix ~]# tail /var/log/clamav/clamd.log
Mon Aug 15 15:32:32 2011 -> Algorithmic detection enabled.
Mon Aug 15 15:32:32 2011 -> Portable Executable support enabled.
Mon Aug 15 15:32:32 2011 -> ELF support enabled.
Mon Aug 15 15:32:32 2011 -> Detection of broken executables enabled.
Mon Aug 15 15:32:32 2011 -> Mail files support enabled.
Mon Aug 15 15:32:32 2011 -> Mail: Recursion level limit set to 64.
Mon Aug 15 15:32:32 2011 -> OLE2 support enabled.
Mon Aug 15 15:32:32 2011 -> PDF support disabled.
Mon Aug 15 15:32:32 2011 -> HTML support enabled.
Mon Aug 15 15:32:32 2011 -> Self checking every 1800 seconds.
.


更新病毒库
# freshclam --一个命令就可以去更新病毒库
ClamAV update process started at Mon Aug 15 15:32:32 2011
Downloading main.cvd [ 11%] --它会去下载病毒库,这里是下载主病毒库到11%

--实际情况可以写一个自动更新的命令用crontab去定时更新


更新病毒库过后,启动服务
/etc/init.d/clamd  start    --如果这里报配置文件找不到的,注意可能是配置文件里 example没有注释


服务启动过后,使用
clamscan    扫描


============================================================

 


spam    spamer  


安装spamassassin    


[root@postfix ~]# yum install spamassassin  --安装完后,先不配置,再去安装amavisd-new,因为amavisd-new需要先装spamassassin

 


下面安装amavisd-new,但因为依赖性有近20个

所以用rpm一个个的安装比较麻烦

这里我们自己配置yum软件仓库,使用yum来安装

--我这里在真实机上,先在下面的目录里创建repodata目录
# createrepo /share/soft/amavisd_clamav_spam/

# cp /share/soft/amavisd_clamav_spam/ /share/yum -rf --/share/yum为我真实机上ftp匿名用户登录的家目录


--然后在邮件服务器的yum配置文件里加上下面一段
# vim /etc/yum.repos.d/rhel-debuginfo.repo
[amavisd]
name=amavisd
baseurl=ftp://2.2.2.10/amavisd_clamav_spam
enabled=1
gpgcheck=0

# yum install amavisd* -y


==============================================================


# cp /amavisd_clamav_spam/config/amavisd.conf /etc/
cp: overwrite `/etc/amavisd.conf'? y
--拷贝配置文件,覆盖原配置文件


[root@postfix doc]# vim /etc/amavisd.conf


$mydomain = 'aaa.com';  --改成你相对的域,为你的邮件域之一


@local_domains_maps = ( [".$mydomain", ".bbb.com"] );
--写上自己的虚拟域

$sa_tag2_level_deflt = 8.5;    --改成8.5分方便测试

 


[root@postfix doc]# touch /var/amavis/whitelist
[root@postfix doc]# touch /var/amavis/blacklist

[root@postfix doc]# /etc/init.d/amavisd restart  --启动
[root@postfix doc]# chkconfig amavisd on

 

====================================================

 

配置spamassassin 


[root@postfix doc]# cp /amavisd_clamav_spam/config/local.cf /etc/mail/spamassassin/
cp: overwrite `/etc/mail/spamassassin/local.cf'? y

 

[root@postfix doc]# cat /etc/mail/spamassassin/local.cf
# These values can be overridden by editing ~/.spamassassin/user_prefs.cf
# (see spamassassin(1) for details)

# These should be safe assumptions and allow for simple visual sifting
# without risking lost emails.

required_hits          8.5   --这里改为8.5分

# Text to prepend to subject if rewrite_subject is used
rewrite_header Subject  *****SPAM*****

# Encapsulate spam in an attachment
report_safe             0

# Enable the Bayes system
use_bayes               1

# Enable Bayes auto-learning
bayes_auto_learn        1

# Enable or disable network checks
skip_rbl_checks         1

# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales              zh en
ok_languages            zh en

score HEADER_8BITS       0
score HTML_COMMENT_8BITS 0
score SUBJ_FULL_OF_8BITS 0
score UPPERCASE_25_50    0
score UPPERCASE_50_75    0
score UPPERCASE_75_100   0

score NO_REAL_NAME  4.000
score SPF_FAIL      10.000
score SPF_HELO_FAIL 10.000
score BAYES_99      4.300
score BAYES_90      3.500
score BAYES_80      3.000

 

[root@postfix doc]# vim /etc/mail/spamassassin/v310.pre  --修改它,打开下面一句
loadplugin Mail::SpamAssassin::Plugin::TextCat

 

[root@postfix doc]# cp /amavisd_clamav_spam/config/Chinese_rules.cf /usr/share/spamassassin/
--拷贝中文规则文件到规则目录

 

[root@postfix doc]# /etc/init.d/spamassassin start --启动服务
[root@postfix doc]# chkconfig spamassassin on

 


确认端口:
[root@postfix doc]# netstat -ntlup |grep 100
tcp        0      0 127.0.0.1:10024             0.0.0.0:*                   LISTEN      8072/amavisd (maste
tcp        0      0 127.0.0.1:10025             0.0.0.0:*                   LISTEN      7656/master        
[root@postfix doc]# netstat -ntlup |grep :25
tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN      7656/master        
[root@postfix doc]# netstat -ntlup |grep :110
tcp        0      0 0.0.0.0:110                 0.0.0.0:*                   LISTEN      7040/dovecot       
[root@postfix doc]# netstat -ntlup |grep :783
tcp        0      0 127.0.0.1:783               0.0.0.0:*                   LISTEN      8146/spamd.pid
[root@postfix doc]# netstat -ntlup |grep 3306
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      3048/mysqld
[root@postfix ~]# netstat -ntlup |grep :3310
tcp        0      0 127.0.0.1:3310              0.0.0.0:*                   LISTEN      7772/clamd

 

===========================================================


病毒邮件测试:


在http://www.eicar.org/anti_virus_test_file.htm 网站上可以下载病毒测试文件

 

发邮件,附件里把eicar.com放上去

[root@postfix doc]# ls /amavisd_clamav_spam/config/eicar.com
/amavisd_clamav_spam/config/eicar.com  


发送后,发现不能收到,
但在服务器上可以看到被放到病毒目录里去了

[root@postfix doc]# ls /var/virusmails/virus-RLOHHpWvOjyI
/var/virusmails/virus-RLOHHpWvOjyI

你可能感兴趣的:(linux,postfix)