------------------------------------------------------------------------------------------------------
新增使用mailscanner来对进出邮件进行监管。new
修正上一个版本的一些理解性和文件性错误。
主要“加强”了病毒过滤和垃圾邮件过滤,更加节约系统资源,使系统配置更简单化。
垃圾邮件过滤基本上达到了95%的成功率
本文首次使用MailScanner+Clamav配合对邮件病毒进行过滤。
经过严格病毒邮件测试成功率达到了100%。
翻译了病毒邮件提示为中文提示,让系统更加的人性化。
演示:
http://mail.toping.net
用户名:demo@toping.net
密码:demo
------------------------------------------------------------------------------------------------------
Linux+Postfix+Cyrus-sasl+Courier-imap+Tmail3.0+spamassassin+Clamav+mailscanner
杨廷勇
Copyright %26copy; 2004、2005、2006
本文介绍使用Linux+Postfix+Cyrus-sasl+Courier-imap+Tmail3.0+spamassassin+Clamav+mailscanner
来架构一个具有多域名,有邮件列表、webmail、防病毒、防垃圾邮件、web管理界面的邮件系统。
Jacky, $Revision: 4.51 bate $Date: 2006-3-9
系统主要采用MailScanner+clamav+Spamassassin来对病毒过滤和垃圾邮件过滤。
本文在CentOS、REDHATas上安装测试通过,病毒过滤放弃采用amavisd。主要采用执行效率更高的MailSanner来对邮件过滤和垃圾邮件过滤,配置更容易,并且降低了系统开消。让系统更加稳定,经过严格病毒邮件测试成功率达到了100%。垃圾邮件过滤基本上达到了95%的成功率。
文档目录
1.安装系统
2.关闭selinux
3.设置YUM
4.安装mysql
5.安装apache
6.安装php
7.安装phpMyAdmin
8.设置数据库:
9.增加postfix的用户和组
10.安装postfix
11.安装Courier-authlib
12.设置authlib的环境变量
13.安装Courier-imap
14.配置系统
15.配置sasl认证
16.配置courier-imap
17.安装WebMail
18.启动服务测试
19.安装Clamav
20.升级病毒库
21.安装Spamassassin
22.安装MailScanner
23.设置MailScanner
24.测试病毒邮件
结束!
1.安装系统
安装之前:因用户数据都保存在/var目录下,因此安装系统时/var的空间应尽量大。系统的版本为最小化安装,软件包只安装只装开发包(development)。在文档中假设服务器的ip地址为192.168.0.2,域名为test.com,主机名为mail.test.com。所需的软件包我都打包好了。下载地址:http://www.toping.net/soft/src.tar.gz
请兄弟们仔细一些,注意空格和TAB。
祝兄弟们好运。本人水平有限。如果发现文章中有什么错误和不当的地方请发邮件:scyz@toping.net。我会在第一时间给予答复。
2.关闭selinux
[root@mail]# vi /etc/selinux/config
SELINUX=disable
[root@mail]# reboot
3.设置YUM
[root@mail yum.repos.d] vi CentOS-Base.repo
[base]
name=CentOS-4.2 - Base
baseurl=http://mirror.be10.com/centos/4.2/os/$basearch/
gpgcheck=1
gpgkey=http://mirror.be10.com/centos/RPM-GPG-KEY-centos4
#released updates
[update]
name=CentOS-4.2 - Updates
baseurl=http://mirror.be10.com/centos/4.2/updates/$basearch/
gpgcheck=1
gpgkey=http://mirror.be10.com/centos/RPM-GPG-KEY-centos4
#packages used/produced in the build but not released
[addons]
name=CentOS-4.2 - Addons
baseurl=http://mirror.be10.com/centos/4.2/addons/$basearch/
gpgcheck=1
gpgkey=http://mirror.be10.com/centos/RPM-GPG-KEY-centos4
#additional packages that may be useful
[extras]
name=CentOS-4.2 - Extras
baseurl=http://mirror.be10.com/centos/4.2/extras/$basearch/
gpgcheck=1
gpgkey=http://mirror.be10.com/centos/RPM-GPG-KEY-centos4
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-4.2 - Plus
baseurl=http://mirror.be10.com/centos/4.2/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirror.be10.com/centos/RPM-GPG-KEY-centos4
#contrib - packages by Centos Users
[contrib]
name=CentOS-4.2 - Contrib
baseurl=http://mirror.be10.com/centos/4.2/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirror.be10.com/centos/RPM-GPG-KEY-centos4
#packages in testing
[testing]
name=CentOS-4.2 - Testing
baseurl=http://mirror.be10.com/centos/4.2/testing/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirror.be10.com/centos/RPM-GPG-KEY-centos4
[root@mail yum.repos.d]# vi dag.repo
[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag
gpgcheck=1
enabled=1
[root@mail yum.repos.d]# yum update
4.安装mysql
[root@mail build]#yum install mysql-server
[root@mail build]#yum install mysql-devel
5.安装apache
[root@mail build]#yum install httpd
6.安装php
[root@mail build]#yum install php
[root@mail build]#yum install php-mysql
[root@mail build]#yum install php-gd
[root@mail build]#yum install php-imap
yum install vsftpd
yum install clamav
yum install spamassassin
/usr/bin/freshclam
设置apache
默认:
User apache
改为
User postfix
默认
Group apache
改为
Group postfix
默认
AddDefaultCharset UTF-8
改为
AddDefaultCharset gb2312
新加入:
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
7.安装phpMyAdmin
[root@mail build]#tar –zxf ../src/phpMyAdmin-2.8.0.1.tar.gz
[root@mail build]#mv phpMyAdmin-2.8.0.1 /var/www/html/dbadmin/
[root@mail build]#cp /var/www/html/dbadmin/libraries/config.default.php /var/www/html/dbadmin/dbadmin/libraries/config.inc.php (line 1.)
8.设置数据库
[root@mail build]#mysql
Mysql create datases postfix;
Mysql use mysql;
Mysql INSERT INTO user (host,user,password) VALUES('localhost','postfix','');
Mysql update user set password=password('postfix') where User='postfix';
Mysql GRANT ALL ON postfix.* TO postfix@localhost IDENTIFIED BY "postfix";
Mysql exit
[root@mail build] tar –zxf ../src/webmail.tar.gz
[root@mail build] mysql –u root –p postfix
9.增加postfix的用户和组
[root@mail build] groupadd -g 12345 postfix
[root@mail build] useradd -u 12345 -g 12345 -c postfix -d/dev/null -s/sbin/nologin postfix
[root@mail build] groupadd -g 54321 postdrop
10.安装postfix
[root@mail build] tar –zxf ../src/postfix-2.2.8.tar.gz
[root@mail build] cd postfix-2.2.8
[root@mail build] patch -p1
[root@mail build] make -f Makefile.init makefiles \n'CCARGS=-DUSE_SASL_AUTH -DHAS_MYSQL -I/usr/include/mysql -I/usr/include/sasl' \n'AUXLIBS=-L/usr/lib/mysql -L/usr/lib/sasl2 -lmysqlclient -lsasl2 -lz -lm'
[root@mail build] make
[root@mail build] make install
执行make install这里会出现很多问题,但postfix已经为我们设置好了默认的答案,直接使用这些答案就可以使postfix正常工作了,所以我们只要直接按回车就可以了
11.安装Courier-authlib
[root@mail build] tar –jxf ../src/courier-authlib-0.58.tar.gz
[root@mail build] cd courier-authlib-0.58
[root@mail build] ./configure --prefix=/usr/lib/authlib --without-authpam \n--without-authcustom --without-authpgsql --without-authldap \n--without-authuserdb --without-authpwd --without-authshadow \n--without-authvchkpw --with-authmysql \n--with-authdaemonvar=/usr/lib/authlib/var \n--mandir=/usr/lib/man --without-stdheaderdir \n--sysconfdir=/usr/lib/authlib/etc \n--with-redhat
[root@mail build] make
[root@mail build] make install
[root@mail build] make install-migrate
[root@mail build] make install-configure
12.设置authlib的环境变量
[root@mail build] COURIERAUTHCONFIG=/usr/lib/authlib/bin/courierauthconfig
[root@mail build] export COURIERAUTHCONFIG
13.安装Courier-imap
[root@mail build] tar –jxf ../src/courier-imap-4.0.6.tar.gz
[root@mail build] cd courier-imap-4.0.6
[root@mail build] ./configure –prefix=/usr/lib/imapd \n--silent --without-authpgsql --without-ipv6 \n--with-redhat --with-authmysql \n--mandir=/usr/lib/man --disable-root-check
[root@mail build] make
[root@mail build] make install
[root@mail build] make install-configure
14.配置系统
[root@mail build] mv /etc/aliases /etc/aliases.bak
[root@mail build] ln -s /etc/postfix/aliases /etc/aliases
[root@mail build] echo 'root: postfix'/etc/postfix/aliases
[root@mail build] /usr/bin/newaliases
[root@mail build] mv /var/mail /var/mail.bak
[root@mail build] mkdir /var/mail
[root@mail build] chown -R postfix:postfix /var/mail
[root@mail build] mv /etc/postfix/main.cf /etc/postfix/main.cf.bak
[root@mail build] vi /etc/postfix/main.cf
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
unknown_local_recipient_reject_code = 550
header_checks = regexp:/etc/postfix/header_checks
#############NEW ADD#####################
#=====================BASE=====================
myhostname = mail.test.com
mydomain = test.com
mydestination = $myhostname
local_recipient_maps =
local_transport = virtual
#=====================MySQL=====================
virtual_alias_maps = mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:54321
virtual_mailbox_base = /
virtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 125
virtual_transport = virtual
virtual_uid_maps = static:12345
#=====================Quota=====================
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes
#====================SASL=====================
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_delay_reject=yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,permit_auth_destination,reject
smtpd_client_restrictions = permit_sasl_authenticated
[root@mail build] vi mysql_virtual_alias_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT alias FROM userinfo WHERE address='%s' AND active = 1
[root@mail build] vi mysql_virtual_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT domain FROM domaininfo WHERE domain='%s'
[root@mail build] vi mysql_virtual_mailbox_limit_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT quota FROM userinfo WHERE address='%s'
[root@mail build] vi mysql_virtual_mailbox_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT maildir FROM userinfo WHERE address='%s' AND active = 1
15.配置sasl认证
[root@mail build] vi /usr/lib/sasl2/smtpd.conf
pwcheck_method: authdaemond
log_level: 3
mech_list: plain login
authdaemond_path:/usr/lib/authlib/var/socket
16.配置courier-imap
[root@mail build] mv /usr/lib/authlib/etc/authlib/authmysqlrc /usr/lib/authlib/etc/authlib/authmysqlrc.bak
[root@mail build] vi /usr/lib/authlib/etc/authlib/authmysqlrc
MYSQL_SERVER localhost
MYSQL_USERNAME postfix
MYSQL_PASSWORD postfix
MYSQL_PORT 0
MYSQL_OPT 0
MYSQL_DATABASE postfix
MYSQL_USER_TABLE userinfo
MYSQL_CRYPT_PWFIELD passwd
MYSQL_UID_FIELD '12345'
MYSQL_GID_FIELD '54321'
MYSQL_LOGIN_FIELD address
MYSQL_HOME_FIELD homedir
MYSQL_NAME_FIELD realname
MYSQL_MAILDIR_FIELD maildir
MYSQL_QUOTA_FIELD quota
[root@mail build] mv /usr/lib/authlib/etc/authlib/authdaemonrc /usr/lib/authlib/etc/authlib/authdaemonrc.bak
[root@mail build] vi /usr/lib/authlib/etc/authlib/authdaemonrc
authmodulelist="authmysql"
authmodulelistorig="authmysql"
version="authdaemond.mysql"
daemons=5
subsystem=mail
DEBUG_LOGIN=0
DEFAULTOPTIONS="wbnodsn=1"
[root@mail build] vi /usr/lib/imapd/etc/pop3d
默认
POP3DSTART=NO
改为
POP3DSTART=YES
[root@mail build] vi /usr/lib/imapd/etc/imapd
默认
IMAPDSTART=NO
改为
IMAPDSTART=YES
[root@mail build] chmod +x /usr/lib/authlib/var/
17.安装WebMail
[root@mail build] mv Tmail /var/www/html/webmail
[root@mail build] vi /var/www/html/webmail/config/config_inc.php
$CFG_BASEPATH = "/var/www/html/webmail/temp"; //临时目录
// Mysql
define(MYSQL_HOST, 'localhost'); //数据库主机名
define(MYSQL_USER, 'postfix'); //数据库用户名
define(MYSQL_PASS, 'postfix'); //数据库密码
define(MYSQL_DATA, 'postfix'); //数据库名称
$CFG_NETDISK_PATH = "/var/mail/netdisk"; //文件管理存储目录
[root@mail build] vi /var/www/html/webmail/webadmin/include/config.inc.php
// Mysql
define(MYSQL_HOST, 'localhost'); //数据库主机名
define(MYSQL_USER, 'postfix'); //数据库用户名
define(MYSQL_PASS, 'postfix'); //数据库密码
define(MYSQL_DATA, 'postfix'); //数据库名称
[root@mail build] mkdir /var/mail/netdisk
[root@mail build] chown –R postfix:postfix /var/mail/netdisk
[root@mail build] mkdir /var/www/html/webmail/temp
[root@mail build] chown –R postfix:postfix /var/www/html/webmail/temp
[root@mail build] cp courier-authlib-0.58/courier-authlib.sysvinit /etc/rc.d/init.d/courier-authlib
[root@mail build] chmod 755 /etc/rc.d/init.d/courier-authlib
[root@mail build] chkconfig –-add courier-authlib
[root@mail build] cp courier-imap-4.0.6/courier-imap.sysvinit /etc/rc.d/init.d/courier-imap
[root@mail build] chmod 755 /etc/rc.d/init.d/courier-imap
[root@mail build] chkconfig –-add courier-imap
18.启动服务测试
[root@mail build] chkconfig httpd on
[root@mail build] chkconfig mysqld on
[root@mail build] service httpd start
[root@mail build] service mysqld start
[root@mail build] service courier-authlib start
[root@mail build] service courier-imap start
[root@mail build] postfix start
通过后台加入域名和用户名(本文档中的域名为:test.com、用户名:test@test.com)
[root@mail build] perl -MMIME::Base64 -e 'print encode_base64("test@test.com");'
dGVzdEB0ZXN0LmNvbQ==
[root@mail build] perl -MMIME::Base64 -e 'print encode_base64("000000");'
MDAwMDAw
[root@mail build] telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.test.com ESMTP Postfix
ehlo mail
250-mail.test.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250 8BITMIME
auth login
334 VXNlcm5hbWU6
dGVzdEB0ZXN0LmNvbQ== //用户名(test@test.com)
334 UGFzc3dvcmQ6
MDAwMDAw // 密码(000000)
235 Authentication successful //表示成功验证通过
19.安装Clamav
[root@mail build] rpm --import http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
[root@mail build] rpm --import RPM-GPG-KEY.dag.txt
[root@mail build] rpm -q gpg-pubkey --qf "%{summary} - %{version}-%{release}
"
gpg(CentOS-4 key centos-4key@centos.org) - 443e1821-421f218f
gpg(Dag Wieers (Dag Apt Repository v1.0) dag@wieers.com) - 6b8d79e6-3f49313d
[root@mail build] vi /etc/yum.repos.d/dag.repo
[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag
gpgcheck=1
enabled=1
[root@mail build] yum update
[root@mail build] yum install clamav
20.升级病毒库
[root@mail build] /usr/bin/freshclam
ClamAV update process started at Thu Mar 9 17:23:21 2006
main.cvd is up to date (version: 36, sigs: 44686, f-level: 7, builder: tkojm)
daily.cvd is up to date (version: 1319, sigs: 1376, f-level: 7, builder: ccordes)
21.安装Spamassassin
[root@mail build] yum install spamassassin
[root@mail build] service spamassassin start
22.安装MailScanner
[root@mail build] tar –zxf ../src/MailScanner-4.51.5-1.rpm.tar.gz
[root@mail build] MailScanner-4.51.5-1/install.sh
23.设置MailScanner
[root@mail build] chkconfig sendmail off
[root@mail build] chkconfig --level 2345 MailScanner on
[root@mail build] vi /etc/MailScanner/MailScanner.conf
%org-name% = toping.net
%org-long-name% = wooxian
%web-site% = www.toping.net
%report-dir% = /etc/MailScanner/reports/cn
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Virus Scanners = clamav
Always Include SpamAssassin Report = yes
Use SpamAssassin = yes
Required SpamAssassin Score = 6
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamAssassin Install Prefix = /usr/bin
SpamAssassin Local Rules Dir = /etc/MailScanner
[root@mail build] yum install unrar
[root@mail build] unrar x ../src/cn.rar
[root@mail build] mv cn /etc/MailScanner/reports/
[root@mail build] mv /etc/postfix/header_check /etc/postfix/header_check.bak
[root@mail build] vi /etc/postfix/header_check
/^Received:/ HOLD
[root@mail build] chown –R postfix:postfix /var/spool/MailScanner/*
[root@mail build] postfix stop
[root@mail build] service MailScanner start
24.测试病毒邮件
[root@mail build] telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.test.com ESMTP Postfix
ehlo mail
250-mail.test.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250 8BITMIME
auth login
334 VXNlcm5hbWU6
dGVzdEB0ZXN0LmNvbQ== //用户名(test@test.com)
334 UGFzc3dvcmQ6
MDAwMDAw // 密码(000000)
235 Authentication successful //表示成功验证通过
MAIL FROM:test@test.com
250 Ok
RCPT TO:test@test.com
250 Ok
DATA
354 End data with .
Subject:Virus test
X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
.
250 Ok: queued as F0C221CC20 //出现F0C221CC20这行表示mailscanner运行成功了
quit
221 Bye
Connection closed by foreign host.
收到邮件后会在主题会变成:{Virus?} Virus test
邮件内容会是以下内容:
警告: 此邮件有一个或多个附加档案被移除
警告: 附加档案名称: (详细讯息).
警告: 请参考此信件附加档案 "toping.net-Attachment-Warning.txt" 取得更详细的资料
此讯息由 MailScanner 电子邮件防护系统发出
--------------------------------------------------------------------
原有邮件附加档案为 "详细讯息" 被列入拒绝处理的名单.
且被替换为此讯息.
若您仍希望收到*被感染的*附加档案,,请联络系统管理者.包含以下内容:
Thu Mar 9 15:57:25 2006 病毒侦测报告:
ClamAV: msg-3682-1.txt contains Eicar-Test-Signature
求助问题: 检查 the toping.net () MailScanner 机器的 /var/spool/MailScanner/quarantine/20060309 (编号 639F13F97B.BBC3F).
--
系统管理者
以上内容出现表示mailscanner的病毒过滤生效。并成功运行!!
到此一台具有反垃圾和反病毒的邮件服务器建成了,希望我的文档对邮件服务器爱好者能有所帮助~! 如果文档中有任何问题可以发邮件给我指出来我会马上改正。谢谢大家!祝大家好运!!scyz at toping.net