- 论坛徽章:
- 4
|
本帖最后由 3645636 于 2010-07-30 18:45 编辑
之前一直在使用postfix,也尝过qmail,一段时间内被postfix精密的配置参数所吸引,还有qmail的简略、实用,但大为恼火的是,Amavisd-new,MailScanner均不支持qmail,Qmail差不多已经名存实忙了!接着又试用了Sendmail,起初被网上妖魔化的议论所迷惑,什么漏洞百出,哪个着实吓退一批人的"配置文件",其实也没有哪么玄乎!openbsd、freebsd、RHEL、Centos缺省的MTA都是sendmail,如果真的哪么差劲,为什么这些著名的Unix/Linux都要缺省去安装sendmail包!milter的概念最早出现在sendmail,还有DKIM,postfix也随后加入了milter支持,但不是原生态的,很多milter插件需要sendmail libmilter函数库。也就是说,postfix要使用milter插件,必须要安装有sendmail,比喻milter-limit。
postfix配置简单明了,第三方插件也很多,Anti-Spam、Anti-Virus…… sendmail都支持这些,遗憾的是sendmail暂不支持DovecotSASL
这些我使用的milter有milter-limit、milter-clamc、spamass-milter- milter-clamc去搭配Clamav查杀病毒
复制代码- spamass-milter去呼叫Spamassassin探测垃圾邮件!
复制代码- milter-limit可以控制用户的发信频率,比喻每五分钟一封
复制代码 使用系统自带的rpm安装,包括sendmail-devel,sendmail-cf等一并安装上- #yum install sendmail* cyrus-sasl* cyrus-imapd
复制代码 当然你也可以不让sendmail呼叫哪么多milter,使用Amavisd-new或MailScanner,配置都非常简单明了!但amavisd-new搭配sendmail的话,要使用amaivsd-new-milter!
缺省的Sendmail只监听本地的回环地址,无法发挥他的功效,需要修改一下sendmail.mc,配置文件集中在/etc/mail/目录,注意我们使用了lmtp来投递,注释掉procmail相关的配置行。procmail也可以去调用Spamassassin- define(`confAUTH_OPTIONS', `A')dnl
- TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
- define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
- define(`confLOCAL_MAILER', `cyrusv2')dnl
- define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl
- DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
- dnl MAILER(procmail)dnl
- MAILER(cyrusv2)dnl
复制代码 修改/usr/lib/sasl2/Sendmail.conf,内容如下:修改/etc/sysconfig/saslauthd,验证方式为shadow确保/etc/cyrus.conf文件存在以下内容,sendmail会使用lmtp来投递邮件,默认启用了pop3 imap pop3ssl imapssl,如果需要就打开,不需要注释掉即可.- lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
复制代码 /etc/imapd.conf内容如下- configdirectory: /var/lib/imap
- partition-default: /var/spool/imap
- admins: cyrus root
- sievedir: /var/lib/imap/sieve
- sendmail: /usr/sbin/sendmail
- hashimapspool: true
- sasl_pwcheck_method: saslauthd
- sasl_mech_list: PLAIN LOGIN
- #tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
- #tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
- #tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
- allowanonymouslogin: no
复制代码 启动相应的服务
#service cyrud-imapd start
#service sendmail start
#service saslauthd start
观察sendmail是否启用了sasl验证.- [root@mail mail]# telnet localhost 25
- Trying 127.0.0.1...
- Connected to localhost.localdomain (127.0.0.1).
- Escape character is '^]'.
- 220 mail.jazz.com ESMTP Sendmail 8.13.8/8.13.8; Thu, 29 Jul 2010 15:13:40 +0800
- ehlo localhost
- 250-mail.jazz.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
- 250-ENHANCEDSTATUSCODES
- 250-PIPELINING
- 250-8BITMIME
- 250-SIZE
- 250-DSN
- 250-ETRN
- [color=RoyalBlue]250-AUTH LOGIN PLAIN[/color]
- 250-DELIVERBY
- 250 HELP
复制代码 使用任意的MUA进行发信和收信测试
现在安装spamassassin、clamav、milter-limit
可以使用rpm,或源码,我使用了源码
spamassassin安装,perl Makefile.pl make make install,也可以使用yum install spamassassin,方便起见,编译clamav时注意有个milter模块,但我并没有使用clamav自带的milter,而是使用milter-clamc
我只简要的记录一下安装milter-limit,milter-clamc模块!
下载地址:http://www.milter.info/ 需要要同时下载libsnert
libsnert-1.73.17 milter-clamc-0.6.20 milter-limit 0.14.86- tar zxf libsnert-1.73.17.tar.gz
- tar zxf milter-limit-0.14.tar.gz
- tar zxf milter-clamc-0.6.tar.gz
- cd com/snert/src/lib/
- ./configure
- make build
- cd ../milter-limit #编译milter-limit
- ./configure
- make build
- make install
- cd ../milter-clamc #编译milter-clamc
- ./configure
- make build
- make install
复制代码 编译安装spamass-milter,拿来它来呼叫spamassassin- tar zxf spamass-milter-0.3.1.tar.gz
- cd spamass-milter-0.3.1
- ./configure
- make
- make install
- cp contrib/spamass-milter-redhat.rc /etc/init.d/spamass-milter
- chmod a+x /etc/init.d/spamass-milter
复制代码 #这个角本需要修改一下,只需要改一下/spamass-milter的实际路径即可
clamav用源码或rpm都可以,注意这里并没有使用clamav的milter,而是使用了第三方的milter来呼叫clamav,因为支持tag,你自己安装之后便知道哪个好用。- ##启动spamassassin
- ##启动clamd
- ##启动spamass-milter
- ##启动milter-limit
- ##启动milter-clamc
- [root@mail spamass-milter-0.3.1]# /etc/init.d/spamd start
- 启动 spamd: [确定]
- [root@mail spamass-milter-0.3.1]# /etc/init.d/clamd start
- Starting Clam AntiVirus Daemon: [确定]
- [root@mail spamass-milter-0.3.1]# /etc/init.d/spamass-milter start
- Starting spamass-milter: [确定]
- [root@mail spamass-milter-0.3.1]# /etc/init.d/milter-limit start
- Starting milter-limit [ OK ]
- 启动milter-clamc我们需要单独加入一些参数,稍后你就明白,当然,你使用源码自带的角本也没问题,但后果是如果发现病毒文件,整封信件就删除了,这里的policy=tag,也就是给染毒的信件打上标记,标记的名称是**Virus**,会加入发信主题,也就是**Vrius** Subject,而Clamav自带的milter却将邮件删除,没这么多选项!policy的其它参数请参考文档。
- [root@mail spamass-milter-0.3.1]# /usr/local/sbin/milter-clamc \
- policy=tag \
- subject-tag=[**Virus**] \
- run-group=milter \
- run-user=milter
复制代码 查看所有相关的进程是否启动
[root@mail spamass-milter-0.3.1]# ps -A|grep milter
31865 ? 00:00:00 spamass-milter
31893 ? 00:00:00 milter-limit
31970 ? 00:00:00 milter-clamc
[root@mail spamass-milter-0.3.1]# ps -A|grep spamd
31806 ? 00:00:01 spamd
31807 ? 00:00:00 spamd
31808 ? 00:00:00 spamd
[root@mail spamass-milter-0.3.1]# ps -A|grep clamd
31841 ? 00:00:03 clamd
[root@mail spamass-milter-0.3.1]# ps -A|grep lmtp
31913 ? 00:00:00 lmtpd
[root@mail spamass-milter-0.3.1]# ps -A|grep sendmail
26629 ? 00:00:00 sendmail
26637 ? 00:00:00 sendmail
[root@mail spamass-milter-0.3.1]# ps -A|grep imapd
1560 ? 00:00:00 imapd
1567 ? 00:00:00 imapd
1613 ? 00:00:00 imapd
1614 ? 00:00:00 imapd
1615 ? 00:00:00 imapd
26997 ? 00:00:00 imapd
27012 ? 00:00:00 imapd
27013 ? 00:00:00 imapd
27014 ? 00:00:00 imapd
31974 ? 00:00:00 imapd
31975 ? 00:00:00 imapd
31976 ? 00:00:00 imapd
现在相应的milter 已经安装完毕,只需要找到socket的位置即可,
#调用spamassassin的milter
[root@mail ~]# ls /var/run/spamass.sock
/var/run/spamass.sock
#调用clamav的milter
[root@mail ~]# ls /var/run/milter/milter-clamc.socket
/var/run/milter/milter-clamc.socket
#控制发信频率的milter
[root@mail ~]# ls /var/run/milter/milter-limit.socket
/var/run/milter/milter-limit.socket
现在只需要将这些milter的相关信息写出sendmail.mc即可!- vi /etc/mail/sendmail.mc
- INPUT_MAIL_FILTER(`milter-clamc',`S=unix:/var/run/milter/milter-clamc.socket, T=C:20s;S:20s;R:20s;E:5m')dnl
- INPUT_MAIL_FILTER(`milter-limit',`S=unix:/var/run/milter/milter-limit.socket, T=C:10s;S:10s;R:10s;E:10s')dnl
- INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
- define(`confINPUT_MAIL_FILTERS', `milter-limit,milter-clamc,spamassassin')dnl
复制代码 测试,首先用垃圾邮件代码进行测试!
接下来我们看一下邮件的源码:
使用病毒邮件进行测试
查看邮件源码
接下来,我们再测试milter-limit
控制用户地址是192.168.0.1 每一分钟只能发信一封信件- vi /etc/mail/access
- #Add
- milter-limit-Connect:192.168.0.1 1/1m
- cd /etc/mail
- make restart
复制代码 一分钟之内发多封信件将拒绝,只能等于或小于1
|
|