postfix+courier-authlib+courier-imap+cyrus-sasl2+TLS+kaspersky

对于本系统的postfix服务器，是基于mysql的虚拟用户，以及防病毒防垃圾邮件处理。

mysql服务器的安装myql是数据库服务，在postfix里面提供主要的任务就是用来保户邮件帐户与密码

mysql服务器是采用源码的方式进行安装。

./configure --prefix=/usr/local/mysql

make

make install

cp support-files/my-medium.cnf /etc/my.cnf

cd /usr/local/mysql

bin/mysql_install_db --user=mysql

chown -R root .

chown -R mysql var

chgrp -R mysql .

/usr/local/mysql/bin/mysqladmin -u root password 'new-password'

ln -s /usr/local/mysql/share/mysql/mysql.server /usr/local/etc/rc.d/mysql.sh

安装apache服务器/usr/ports/www/apache21 make install

如果产生错误就采用下面的方式进行安装 make -f Makefile CC=gcc install

安装php的支持对于如何利用php支持apache不在本文档的范围之内，请自行查询相关手册

/usr/ports/lang/php4

make install

[X] APACHE2 Use apache 2.x instead of apache 1.3.x │ │

[ ] DEBUG Enable debug │ │

[X] MULTIBYTE Enable zend multibyte support │ │

[ ] IPV6 Enable ipv6 support │ │

[X] OPENSSL Build static OpenSSL extension

安装php对mysql的支持/usr/ports/databases/php4-mysql make install

安装php的所必须的函数库/usr/ports/www/php4-session make install

安装phpmyadmin/usr/ports/databases/phpmyadmin [X] BZ2 bzip2 library support │ │ [X] GD GD library support │ │ [ ] MYSQLI Improved MySQL support (PHP5, MySQL 4.1 only) │ │ [X] OPENSSL OpenSSL support │ │ [X] PDF PDFlib suppor t (implies GD) │ │ [X] ZLIB ZLIB support │ │ [X] MCRYPT MCrypt library support │ │ [X] MBSTRING Multi-byte character-set string support make install

以上把这些支持都装好，也都是为以后postfix铺路，对于php还缺少什么函数可以以后跟具需要进行安装请自行配置好phpmyadmin在本文里没有介绍安装postfixadminpostfixadmin是通过web方式管理postfix的一种解决方案，我们主要是把postfixadmin的数据库导入到mysql数据库里，之后通过web的方式来管理。

/usr/ports/mail/postfixadmin

make install

安装postfix 安装postfix主程序,安装到这一步骤的时候必须要把域名配置完毕。

/usr/ports/mail/postfix

make install

│ │ [ ] NOPCRE DISABLE Perl Compatible Regular Expressions │ │

│ │ [ ] SASL Cyrus SASLv1 (Simple Authentication and Security Layer) │ │

│ │ [X] SASL2 Cyrus SASLv2 (Simple Authentication and Security Layer) │ │

│ │ [ ] SASLKRB If your SASL requires Kerberos select this option │ │ │ │ [ ] SASLKRB5 If your SASL requires Kerberos5 select this option │ │

│ │ [ ] SPF SPF support │ │

│ │ [X] TLS SSL and TLS │ │

│ │ [ ] DB3 Berkeley DB3 (required if SASL also built with DB3)%26amp;nb sp; │ │

│ │ [ ] DB40 Berkeley DB4.0 (required if SASL also built with DB4.0) │ │

│ │ [ ] DB41 Berkeley DB4.1 (required if SASL also built with DB4.1) │ │

│ │ [ ] DB42 Berkeley DB4.2 (required if SASL also built with DB4.2) │ │

│ │ [ ] DB43 Berkeley DB4.3 (required if SASL also built with DB4.3) │ │

│ │ [X] MySQL MySQL map lookups (choose version with WITH_MYSQL_VER) │ │

│ │ [ ] PgSQL PostgreSQL map lookups (choose with DEFAULT_PGSQL_VER) │ │

│ │ [ ] OpenLDAP OpenLDAP map lookups (choose ver. with WITH_OPENLDAP_VER) │ │

│ │ [ ] NIS NIS map lookups │ │

选中SASL2的认证方式与MySQL的数据库还有TLS认证支持，因为在安装postfix时选择了SASL2，但是过会儿我们要删除掉SASL2，因为我们需要在安装SASL2的时候还需要加载一些参数。(呵呵其实先安装好SASL2也可以)

Added group "postfix".

Added group "maildrop".

Added user "postfix".

You need user "postfix" added to group "mail".

Would you like me to add it [y]? y

添加postfix组与postfix用户时选择y

修改/etc/rc.conf文件

#停止sendmail的运行脚本

sendmail_enable="NONE"

cd /usr/local/etc/rc.d

ln -s /usr/local/sbin/postfix postfix.sh

安装cyrus-sasl2/usr/ports/security/cyrus-sasl2

因为前面在装postfix的时候己经装了所以，在这里要删掉重新安装

make deinstall

make install WITH_AUTHDAEMON=yes

安装courier-authlib %26amp; courier-imap /usr/ports/security/courier-authlib make WITH_MYSQL=yes install │ │ [ ] GDBM Use gdbm%26amp;nbs p;instead of system bdb │ │ │ │ [ ] AUTH_LDAP LDAP support │ │ │ │ [X] AUTH_MYSQL MySQL support │ │ │ │ [ ] AUTH_PGSQL PostgreSQL support │ │ │ │ [ ] AUTH_USERDB Userdb support ; │ │ │ │ [ ] AUTH_VCHKPW Vpopmail/vchkpw support

哈哈现在发现ports真是越来越好了！！！顺便说一下SASL2的认证方式就主要是靠courier-authlib来完成，所以比以往要省去了很多事情。 /usr/ports/mail/courier-imap make WITH_MYSQL=yes install │ │ [X] OPENSSL Build with OpenSSL support │ │ │ │ [ ] FAM Build in fam support for IDLE command │ │ │ │ %26amp;nbs p;[ ] DRAC Build in DRAC support │ │ │ │ [ ] TRASHQUOTA Include deleted mails in the quota │ │ │ │ [ ] GDBM Use gdbm db instead of system bdb │ │ │ │ [X] IPV6 Build with IPv6 support │ │ │ │ [ ] AUTH _LDAP LDAP support │ │ │ │ [X] AUTH_MYSQL MySQL support │ │ │ │ [ ] AUTH_PGSQL PostgreSQL support │ │ │ │ [ ] AUTH_USERDB Userdb support │ │ │ │ [ ] AUTH_VCHKPW Vpopmail/vchkpw support │ │ │ │ │ │

其实就是主要选择MYSQL的认证支持ports真是越作越详细真是太棒了！当这些主要的安装程序安装好后，接下来的就是配置了！ INSTALL %26amp; SETUP POSTFIX Step1:

导入与配置postfixadmin的数据库

cd /usr/local/www/postfixadmin

mysql -u root

Step2:

配置postfix

cd /usr/local/etc/postfix

mkdir -p /usr/local/mail/virtual #建立虚拟邮件帐户的目录

chown postfix:postfix /usr/local/mail/vir tual #付予虚拟邮件帐户的目录所有权者

chmod 751 /usr/local/mail/virtual #付予虚拟邮件帐户的目录权限

############################################################################################

vi main.cf #以下的为更改部份，有些参数请参照postfix手册自行设备请不要照搬照抄

myhostname = lnyk.2288.org

mydomain = lnyk.2288.org #此参数请自行设置，因为本人用的是动态域名所以这样设置

mydestination = localhost

mynetworks = 127.0.0.0/8, /usr/local/etc/postfix/mynetworks #设置为本地网络与本主机地址可以转发邮件

relay_domains = $mydestination #可以转发的域为mydestination的这个变量也就是loclahost.

alias_maps = hash:/etc/aliases #设置这个参数的主要功能是以后把发往root的邮件都转发到postmaster这个邮? 恼驶Ю铩?

recipient_delimiter = +

home_mailbox = Maildir/ #采用的是Maildir方式储存邮件帐户

smtpd_banner = $myhostname ESMTP

local_destination_concurrency_limit = 5

default_destination_concurrency_limit = 50

###########Virtual User##############

virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf

virtual_gid_maps = static:125

virtual_mailbox_base = /usr/local/mail/virtual //邮件存放的位置

virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf //读取数据库虚拟域

virtual_mailbox_limit = 51200000

virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf

virtual_minimum_uid = 125

virtual_transport = virtual

virtual_uid _maps = static:125

# Additional for quota support

virtual_create_maildirsize = yes

virtual_mailbox_extended = yes

virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf

virtual_mailbox_limit_override = yes

virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota,please try again later.

virtual_overquota_bounce = yes

########use MySQL also to store your Backup MX domains add###########

#relay_domains = proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf

############################################################################################

touch mynetworks

vi mysql_virtual_alias_maps.cf

user = postfix

passw ord = postfix

hosts = localhost

dbname = postfix

table = alias

select_field = goto

where_field = address

query = SELECT goto FROM alias WHERE address='%s'

vi mysql_virtual_domains_maps.cf

user = postfix

password = postfix

hosts = localhost

dbname = postfix

table = domain

select_field = description

where_field = domain

query = SELECT description FROM domain WHERE domain='%s'

vi mysql_virtual_mailbox_maps.cf

user = postfix

password = postfix

hosts = localhost

dbname = postfix

table = mailbox

select_field = maildir

where_field = username

query = SELECT maildir FROM mailbox%26amp;n bsp;WHERE username='%s'

vi mysql_virtual_mailbox_limit_maps.cf

user = postfix

password = postfix

hosts = localhost

dbname = postfix

table = mailbox

select_field = quota

where_field = username

query = SELECT quota FROM mailbox WHERE username='%s'

vi mysql_relay_domains_maps.cf

user = postfix

password = postfix

hosts = localhost

dbname = postfix

table = domain

select_field = domain

where_field = domain

additional_conditions = and backupmx = '1'

query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '1'

Step3:

配置SASL2的认证

需要配置main.cf

##########SASL AUTH#########

smtpd_sasl_auth_e nable = yes

broken_sasl_auth_clients = yes

smtpd_sasl_local_domain = $myhostname

smtpd_sasl_security_options = noanonymous

smtpd_recipient_restrictions =

permit_mynetworks,

permit_sasl_authenticated,

reject_non_fqdn_hostname,

reject_non_fqdn_sender,

reject_non_fqdn_recipient,

reject_unauth_destination,

reject_unauth_pipelining,

reject_invalid_hostname,

reject_rbl_client opm.blitzed.org,

reject_rbl_client list.dsbl.org,

reject_rbl_client bl.spamcop.net,

reject_rbl_client cbl.anti-spam.org.cn,

reject_rbl_client cdl.anti-spam.org.cn,

reject_rbl_client cblplus.anti-spam.org.cn,

reject_rbl_client sbl-xbl.spamhaus.org

#####################################

配置smtpd.conf认证方式

vi /usr/local/lib/sasl2/smtpd.conf

pwcheck_method: authdaemond

log_level: 3

mech_list:%26amp;nbs p;PLAIN LOGIN

authdaemond_path:/var/run/authdaemond/socket

echo 'courier_authdaemond_enable="YES"' /etc/rc.conf

***注意这个权限的设置***

www# ls -la /var/run/authdaemond/

total 6

drw-r----- 2 courier courier 512 7 4 11:41 .

drwxr-xr-x 5 root wheel 512 7 4 11:41 ..

-rw-r--r-- 1 root courier 5 7 4 11:41 pid

-rw------- 1 root courier 0 7 4 11:41 pid.lock

srwxrwxrwx 1 root courier 0 7 4 11:41 socket

www# chmod +x /var/run/authdaemond

www# ls -la /var/run/authdaemond/

total 6

drwxr-x--x 2 courier courier 512 7%26amp;nb sp;4 11:41 .

drwxr-xr-x 5 root wheel 512 7 4 11:41 ..

-rw-r--r-- 1 root courier 5 7 4 11:41 pid

-rw------- 1 root courier 0 7 4 11:41 pid.lock

srwxrwxrwx 1 root courier 0 7 4 11:41 socket

Step4:

配置authmysqlrc

***注意在配置这个文件时不要有空格，用TAB来代替空格***

cd /usr/local/etc/authlib

vi authmysqlrc

MYSQL_SERVER localhost

MYSQL_USERNAME postfix

MYSQL_PASSWORD postfix

MYSQL_SOCKET /tmp/mysql.sock #为了安全起见我将采用这种方式读取mysql数据库

#MYSQL_POR T 0

MYSQL_OPT 0

MYSQL_DATABASE postfix

MYSQL_USER_TABLE mailbox

MYSQL_CRYPT_PWFIELD password

MYSQL_UID_FIELD '125'

MYSQL_GID_FIELD '125'

MYSQL_LOGIN_FIELD username

MYSQL_HOME_FIELD '/usr/local/mail/virtual'

MYSQL_NAME_FIELD name

MYSQL_MAILDIR_FIELD maildir

############################################################################################

Step5:

做最后的调整

echo 'courier_imap_imapd_enable="YES"' /etc/rc.conf

echo 'courier_imap_pop3d_enable="YES"' /etc/rc.conf

vi /etc/aliases

postmaster: root

root: postmaster@lnyk.2288.org

www# newaliases

www# cp /etc/mail/aliases.db /etc/

启动所有进程进行测试

www# telnet localhost 25

Trying ::1...

telnet: connect to address ::1: Connection refused

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

220 lnyk.2288.org ESMTP

EHLO lnyk.2288.org

250-lnyk.2288.org

250-PIPELINING

250-SIZE 10240000

250-VRFY

250-ETRN

250-AUTH LOGIN PLAIN

250-AUTH=LOGIN PLAIN

250 8BITMIME

##################TLS 认证支持SUPPORT####################

www# mkdir /usr/local/etc/postfix/ssl

www# cd /usr/local/etc/postfix/ssl/

############################################################################################

www# cp /usr/src/crypto/openssl/apps/CA.pl .

www# perl CA.pl -newca

A certificate filename (or enter to create)

Making CA certificate ...

Generating a 1024 bit RSA private key

.......................++++++

....................................................++++++

writing new private key to './demoCA/private/cakey.pem'

Enter PEM pass phrase: "密码"

Verifying - Enter PEM pass phrase: "确认密码"

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about%26amp;n bsp;to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:CN

State or Province Name (full name) [Some-State]:LN

Locality Name (eg, city) []:YingKou

Organization Name (eg, company) [Internet Widgits Pty Ltd]:postfix mail

Organizational Unit Name (eg, section) []:postfix mail

Common Name (eg, YOUR name) []:dyd

Email Address []:webmaster@lnyk.2288.org

www# ls

CA .pl demoCA

www# openssl req -new -nodes -keyout mailkey.pem \

? -out mailreq.pem -days 365

Generating a 1024 bit RSA private key

..........................++++++

....++++++

writing new private key to 'mailkey.pem'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field wi ll be left blank.

-----

Country Name (2 letter code) [AU]:CN

State or Province Name (full name) [Some-State]:LN

Locality Name (eg, city) []:YingKou

Organization Name (eg, company) [Internet Widgits Pty Ltd]:postfix mail

Organizational Unit Name (eg, section) []:postfix mail

Common Name (eg, YOUR name) []:dyd

Email Address []:webmaster@lnyk.2288.org

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []: "密码不用"

An optional company name []:

www# openssl ca -out mail_signed_cert.pem -infil es mailreq.pem

Using configuration from /etc/ssl/openssl.cnf

Enter pass phrase for ./demoCA/private/cakey.pem: ?"密码"

Check that the request matches the signature

Signature ok

Certificate Details:

Serial Number:

ea:92:3c:86:ec:a4:11:7f

Validity

Not Before: Jul 12 10:55:26 2005 GMT

Not After : Jul 12 10:55:26 2006 GMT

Subject:

countryName = CN

stateOrProvinceName ; = LN

organizationName = postfix mail

organizationalUnitName = postfix mail

commonName = dyd

emailAddress = webmaster@lnyk.2288.org

X509v3 extensions:

X509v3 Basic Constraints:

CA:FALSE

Netscape Comment:

OpenSSL Generated Certificate

X509v3 Subject Key Identifier:

F5:6B:65:2F:E3:7E:A2:00:60:40:FD:A1:B1:20:2E:01:71:15:1F:E5

X509v3 Authority Key Identifier:

keyid:AE:1C:40:AA:96:D6:1A:D5:5A:6B:21:9C:E0:22:ED:25:DC:E7:18:3F

DirName:/C=CN/ST=LN/L=YingKou/O=postfix mail/OU=postfix mail/CN=dyd/emailAddress=webmaster@lnyk.2288.org

serial:EA:92:3C:86:EC:A4:11:7E

Certificate is to be certified until Jul 12 10:55:26 2006 GMT (365 days)

Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

###########################################################################################

##生成pop3d.pem密钥

www# cd /usr/local/share/courier-imap

www# openssl req -new -x509 -days 365 -nodes -out /usr/local/share/courier-imap/pop3d.pem -keyout /usr/local/share/courier-imap/pop3d.pem

Generating a 1024 bit RSA private key

....++++++

..................................++++++

writing new private key to '/usr/local/share/courier-imap/pop3d.pem'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is%26amp;n bsp;called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:CN

State or Province Name (full name) [Some-State]:LN

Locality Name (eg, city) []:YingKou

Organization Name (eg, company) [Internet Widgits Pty Ltd]:postfix mail

Organizational Unit Name (eg, section) []:postfix mail

Common Name (eg, YOUR name) []:dyd

Email Address []:webmaster@lnyk.2288.org

www# ls

mkimapdcert mkpop3dcert %26amp; nbsp; pop3d.pem

//在用TLS接收邮件成功后会在日志里面看到Oct 21 19:48:46 www pop3d-ssl: LOGIN, user=webmaster@lnyk.2288.org,

www# vi /usr/local/etc/postfix/main.cf

###########postfix TLS##############

smtp_use_tls = yes

smtpd_use_tls = yes

smtpd_tls_note_starttls_offer = yes

smtpd_tls_key_file = /usr/local/etc/postfix/ssl/mailkey.pem

smtpd_tls_cert_file = /usr/local/etc/postfix/ssl/mail_signed_cert.pem

smtpd_tls_CAfile = /usr/local/etc/postfix/ssl/demoCA/cacert.pem

smtpd_tls_loglevel = 1

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom

#############利用postfix与Kaspersky做为邮件认证病毒网关防护#######################

本方案可以解决因为kaspersky单独做为邮件网关时不能认证的问题，我之前的想法只是想让kaspersky支持SMTP的认证，但是看了关于kaspersky的handbook后也没有找到解决的方法(也许我看得不仔细)网上的查询结果也不尽人意，于是后来我想到了利用postfix做为认证网关(postfix只单纯的提供认证功能而不提供收发的功能)当postfix接收到邮件时postfix会首先检查邮件是否支持认证，如果不支持认证当即拒绝，如果支持认证postfix会把邮件relay到kaspersky的网关上检查是否有病毒，检查完毕来再通过kaspersky的网关forward到另一台postfix的邮件服务器上这个时候就可以解决掉因为只单独使用kaspersky网关而不能解决因为邮件认证的问题了

//下面的这个示意图只是kaspersky检查邮件时的示意图

------------------------------------------------

│SMTPGW %26amp;n bsp; │

│ Receiver Sender │

│ │ /\ │

│ \│/ /│\ │mail==

mail== │ \/ %26amp; nbsp; │ │

│ -------------------------------- │

│ │ Scanning Module │ │

│ -------------------------------- │

│ │ /\ │ /\ %26amp;nbs p; │

│ \│//│\ \│//│\ │

│ \/ │ \/ │ │

│ Spamtest filter AVE module │

│ %26amp;nbs p; │

------------------------------------------------

www# pkg_add scmsmtpgw-freebsd5.x-5.5.83.tgz

//以下可以跟具自己的需要进行设置

Configuring settings of Kaspersky Security SMTP-Gateway for

Linux/Unix.

Enter your fully qualified host name (to identify smtp-gateway

on the network): [www.dyd.com]:

lnyk.2288.org

Enter your fully qualified domain name (to identify relaying

rules and addressess of postmaster, admin and mail-daemon):

[www.dyd.com]:

lnyk.2288.org

Enter your listen interface in the following format x.x.x.x: z:

[0.0.0.0:25]:

Enter your subnet in the following format x.x.x.x or

x.x.x.x/x.x.x.x or x.x.x.x/y (to identify subnet that will mail

through smtp-gateway): [192.168.0.0/255.255.0.0]:

Enter your forward mail host in the following format x.x.x.x:z

(if you are not going to forward mail just press enter):

Installing license files.

License file (a file with .key extension) is your personal

license key. You need to install it to use the application.

To install it right now, just enter the path to the location of

your license file (enter an empty string to continue without key

file installation):

/usr/local/src/distfiles/

The license file /usr/local/src/distfiles/000AEA9B.KEY has been

installed.

Configuring KeepUp2Date proxy settings.

If you use an http proxy server to access the Internet, you need

to tell the Kaspersky Security SMTP-Gateway for Linux/Unix

KeepUp2Date component about it. Please enter the address of your

http proxy server in one of the following forms,

http://proxyIP:port or http://user:pass@proxyIP:port. If you

don't have or need a proxy server to access the Internet, enter

'no' here:

Latest ;anti-virus bases are an essential part of your anti-virus

protection. Do you want to download the latest anti-virus bases

right now to insure your application is up to date? (If you

answer 'yes', make sure you are connected to the Internet):

[yes]:

Kaspersky KeepUp2Date 5.5.83/BETA build #83

Portions Copyright (C) Lan Crypto

Configuration file: /etc/kav/5.5/scm-smtpgw/smtpgw.conf

Getting product configuration

Getting updater configuration

Checking product license keys

Initializing

Trying to update from 'http://downloads2.kaspersky-labs.com'

Copying update ;description file

Downloading remote file master.xml

Checking update description file integrity

Parsing update description file

Downloading remote file soft.xml

Downloading remote file kasset.xml

Downloading remote file kavset.xml

Downloading remote file kas20.xml

Copying files

Downloading remote file soft.xml

Downloading remote file kasset.xml

Downloading remote file kavset.xml

Downloading remote file updcfg.xml

Downloading remote file black.lst

Checking license keys

Downloading remote file kas20.xml

Downloading remote file avcmhk4.dll

Downloading remote file avp.klb

Downloading remote file avp.set

Downloading remote file av p.vnd

Downloading remote file avp_ext.set

Downloading remote file avp_x.set

Downloading remote file black.lst

Checking license keys

Downloading remote file ca.avc

.............

//更新病毒代码库

//修改postfix只为relay的方式

vi /etc/main.cf

relayhost = [192.168.1.100]1025 //192.168.1.100与1025端口为kaspersky的地址与端口

//***注意***不要把这台postfix做为邮件的收发服务器，只是单纯的做为转发网关即可,还要有认证的支持,否则这台邮件服务器不会先做为网关只是直接收发或转发。

//重新启动postfix进程

www# /usr/local/etc/rc.d/postfix.sh reload

//配置Kaspersky Security SMTP-Gateway

www# vi /etc/kav/5.5/scm-smtpgw/smtpgw.conf

Hostname=lnyk.2288.org

Postmaster=postmaster@lnyk.2288.org

ProtectedDomains=lnyk.2288.org

[smtpgw.access]

RelayRule=allow fro m 192.168.1.0/255.255.255.0 to *

RelayRule=allow from any to *@lnyk.2288.org

RelayRule=deny from any to *

[smtpgw.forward]

ForwardRoute=any [localhost:25]

//***注意***此处不要照搬照抄,这个地址与端口是forward的postfix地址.

//启动Kaspersky Security SMTP-Gateway

www# /usr/local/etc/rc.d/scm-smtpgw.sh start

Starting spamtest licenser...

spamtest licenser was started

Starting spamtest filter...

spamtest filter was started

Starting smtpgw...

smtpgw was started

scm-smtpgw was started

//利用outlook发送一封邮件来测试

Oct 26 14:31:23 www smtpgw[2296]: jEV9GOLm15518: AV-SCANNED, group="policy", nrcpt=1, srcid=jEV9GOLm15518, status="infected", names="Troja n-Dropper.Win32.Agent.hx"

//通过测试可以得知道己经检查出病毒