文章归档

Postfix Mail Server Manage ( 邮件服务器管理 )

发布于 2008-11-04
by

@. Queue 管理

#mailq # 使用 mailq 检查曾经发经发送的电邮

-Queue ID——-Size——Arrival Time——Sender/Recipient——-
D7982233D37 2936 Fri May 6 00:18:16 2daniel@12.hinet.net

#postcat /var/spool//deferred/1/17461233D42 # 把在 queue 内的电邮内容显示出来
#postsuper -d A1F23E009A # 删除 mail queue 内还未发送的信件
#postsuper -d ALL # 删除所有 mailq

@. Mail 邮件内容过滤管理

Postfix 的邮件的分析与过滤管理:采用 header_checks 及 body_checks 的方式,其为正规表示法 ( Regular Expression, RE ) 来进行设定,其方式是真对邮件的 Header 及 Body 去过滤,何谓 Header?即邮件上面的资讯 ( 包括 寄件者 From:、收件者 To:、地址、与信件标题 Subject: 等 )。何谓 Body?即是对方寄信给你的时所书写的内容。

#vi /usr/local/etc/postfix/main.cf

阅读更多 »

Share
发表评论?

透過 shell script 發送 email

发布于 2008-11-02
by

 如果想用 script 發送郵件,可以用 實現:

# echo “email content” | mail -s “email subject” you@emaildomain

以上語句會發送一封標題為 “email subject” 的電郵到 you@emaildomain,其中 “email content” 為電郵內容。 以下簡單的兩行 shell script 便會將檔案系統使用量,透過電郵發送給指定的電郵信箱:

 #!/bin/sh /bin/df -h | /usr/bin/mail -s “server capacity” you@emaildomain

来自:http://www.real-blog.com/-bsd-notes/444

Share
发表评论?

郵件伺服器Part-5:OpenWebMail

发布于 2008-10-17
by

情提要:郵件伺服器 Part-4:MailWatch

系統使用CentOS 5.1
郵件伺服器全系列:+Dovecot+SASL+Procmail+Postgrey+Mailscanner+Spamassassin+ClamAV+Mailscanner-mrtg+MailWatch+Openwebmail+MySPAM


OpenWebMail為一功能強大的網頁郵件程式,可提供使用在無郵件軟體時,可以瀏覽器收發郵件。

1.安裝apache2

yum install httpd mod_ssl
chkconfig httpd on
service httpd start


2.安裝相關元件

yum install perl-suidperl gcc gcc-c++ elinks


3.下載openwebmail元件

cd /var/www
elinks turtle.ee.ncku.edu.tw/openwebmail/download/current
下載openwebmail-current.tar.gz


cd /usr/local/src
elinks turtle.ee.ncku.edu.tw/openwebmail/download/packages
下載CGI.pm-3.05.tar.gz
MIME-Base64-3.01.tar.gz
Text-Iconv-1.2.tar.gz
libiconv-1.9.1.tar.gz
libnet-1.19.tar.gz


4.安裝CGI.pm套件

cd /usr/local/src
tar -zxvf CGI.pm-3.05.tar.gz
cd CGI.pm-3.05
perl Makefile.PL
make
make install


5.安裝MIME-Base64套件

cd /usr/local/src
tar -zxvf MIME-Base64-3.01.tar.gz
cd MIME-Base64-3.01
perl Makefile.PL
make
make install


6.安裝libnet套件

cd /usr/local/src
tar -zxvf libnet-1.19.tar.gz
cd libnet-1.19
perl Makefile.PL (詢問時回答no)
make
make install


7.安裝Text-Iconv-1.2套件

cd /usr/local/src
tar -zxvf libiconv-1.9.1.tar.gz
cd libiconv-1.9.1
./configure
make
make install

cd /usr/local/src
tar -zxvf Text-Iconv-1.2.tar.gz
cd Text-Iconv-1.2
perl Makefile.PL
make
make test
make install


8.解壓縮openwebmail

cd /var/www
tar -zxvBpf openwebmail-current.tar.gz
mv data/openwebmail html/
rm -rf openwebmail-current.tar.gz data


9.修改openwebmail密碼檔

cd /var/www/cgi-bin/openwebmail
cp etc/defaults/auth_unix.conf etc/auth_unix.conf
vim etc/auth_unix.conf


passwdfile_encrypted /etc/shadow
passwdmkdb none


10.修改openwebmail安裝設定檔

vim etc/openwebmail.conf


mailspooldir /var/spool/
ow_cgidir /var/www/cgi-bin/openwebmail

ow_htmldir /var/www/html/openwebmail
ow_htmlurl /openwebmail

spellcheck /usr/bin/ispell


11.初始化openwebmail

cd /var/www/cgi-bin/openwebmail/
cp etc/defaults/dbm.conf etc/
vim etc/dbm.conf


dbm_ext .db
dbmopen_ext .db
dbmopen_haslock no


/var/www/cgi-bin/openwebmail/openwebmail-tool.pl –init
cp /var/www/cgi-bin/openwebmail/misc/patches/iconv.pl.fake /var/www/cgi-bin/openwebmail/shares/iconv.pl

chown -R root:root /var/www/html/
chown -R root:root /var/www/cgi-bin/
chmod -R 777 /var/www/cgi-bin/openwebmail/etc/sessions


12.修改suidperl

cd /var/www/cgi-bin/openwebmail
perl misc/tools/wrapsuid/wrapsuid.pl /var/www/cgi-bin/openwebmail/
chmod 4555 /usr/bin/suidperl


13.新增openwebmail log

touch /var/log/openwebmail.log
chown root:apache /var/log/openwebmail.log


14.重新啟動apache2

service httpd restart


15.修改index

cp /var/www/html/openwebmail/redirect.html /var/www/html/index.html



唉呦~MIS先生

Share
发表评论?

郵件伺服器 Part-3-4:Mailscanner-mrtg

发布于 2008-10-17
by

3.前情提要:郵件伺服器Part-2:MailScanner+ClamAV+SpamAssassin

4.前情提要:郵件伺服器Part-3:MailScanner-mrtg

系統使用CentOS 5.1
郵件伺服器全系列:+Dovecot+SASL+Procmail+Postgrey+Mailscanner+Spamassassin+ClamAV+Mailscanner-mrtg+MailWatch+Openwebmail+MySPAM

Mailscanner-mrtg可偵測伺服器各項資源、效能並產生紀錄網頁

1.安裝SNMP

yum -y install net-snmp net-snmp-utils


2.SNMP的設定

vim /etc/snmp/snmpd.conf


com2sec local localhost public
com2sec mynetwork 192.168.0.0/24 public
group MyRWGroup v1 local
group MyROGroup v1 mynetwork
group MyRWGroup v2c local
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
view all included .1 80
access MyROGroup “” any noauth prefix all none none
access MyRWGroup “” any noauth prefix all all all
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root (configure /etc/snmp/snmp.local.conf)
pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat



3.啟動SNMP

/etc/rc.d/init.d/snmpd start
chkconfig snmpd on
chkconfig –list snmpd


4.安裝MRTG

yum -y install mrtg


5.安裝Mailscanner-MRTG
下載http://sourceforge.net/project/showfiles.php?group_id=68848

rpm -ivh mailscanner-mrtg-0.10.00-1.noarch.rpm


6.修改Mailscanner-MRTG設定

vim /etc/MailScanner/mailscanner-mrtg.conf


 修改下列參數:

MTA = postfix (設定使用的MTA)
Incoming Queue Dir = /var/spool/postfix/hold (收信佇列目錄)
Outgoing Queue Dir = /var/spool/postfix/incoming (寄信佇列目錄)

MailScanner Work Directory = /var/spool/MailScanner/incoming (MailScanner目錄)
Spool Directory = /var/spool/mailscanner-mrtg (MailScanner-mrtg目錄)
# MailScanner Work Directory及Spool Directory是使用df指令來取得磁碟空間,如果沒有獨立的分割區,可以直接改成/var

Use SNMP = yes (使用SNMP)
SNMP Community = public (SNMP設定)
#CPU負載、記憶體用量、網路流量需要使用SNMP


vim /etc/mrtg/mailscanner-mrtg.cfg


Workdir: /var/www/html/mailscanner-mrtg (Mailscanner-MRTG網頁目錄)
IconDir: /mrtg/
WriteExpires: Yes
Interval: 5
Refresh: 300
Language: big5 (設定網頁使用的語系)


7.產生index.html網頁

indexmaker –output=/var/www/html/mailscanner-mrtg/index.html /etc/mrtg/mailscanner-mrtg.cfg


8.測試參數檔

mrtg /etc/mrtg/mailscanner-mrtg.cfg


 需重覆執行到沒有錯誤,如超過三次請檢查設定檔

9.完成後可以在以下看到流量:


 

備註:
◎如MRTG的圖示無法顯示,請修改httpd設定

vim /etc/httpd/conf.d/mrtg.conf


Allow from localhost改成Allow from all


◎如要記錄MailScanner處理速度(Processing Speed),需修改MailScanner設定

vim /etc/MailScanner/MailScanner.conf


Log Speed = yes

MailWatch蒐集MailScanner郵件過濾的判定紀錄,可用於分析、管理規則的設定

1.安裝MYSQL及相關元件

yum install mysql mysql-server mod_auth_mysql perl-DBD-MySQL


2.安裝PHP及相關元件

yum install php php-gd php-pear php-mysql php-devel



3.設定啟動服務

chkconfig httpd on
chkconfig mysqld on


4.啟動服務

service mysqld start
service httpd start


5.設定MYSQL密碼

/usr/bin/mysqladmin -u root password ‘xxxxxx’


6.設定PHP

vim /etc/php.ini


short_open_tag = On
safe_mode = Off
register_globals = Off
magic_quotes_gpc = On
magic_quotes_runtime = Off
session.auto_start = 0


7.安裝MailWatch
下載http://sourceforge.net/project/showfiles.php?group_id=87163

tar -zxvf mailwatch-1.0.4.tar.gz


8.建立資料庫

cd /usr/local/src/mailwatch-1.0.4/

mysql -p < create.sql


產生mailscanner資料庫並建立資料表

9.修改MailWatch資料庫設定

vim MailWatch.pm


my($db_name) = ‘mailscanner’; (資料庫名稱)
my($db_host) = ‘localhost’; (資料庫位置)
my($db_user) = ‘root’; (使用者名稱)
my($db_pass) = ‘xxxxxx′; (使用者密碼)


10.複製設定檔

cp MailWatch.pm /usr/lib/MailScanner/MailScanner/CustomFunctions/


11.新增網頁使用者

mysql mailscanner -u root -p
Enter password: ******


mysql> INSERT INTO users VALUES (‘root’,md5(‘xxxxxx’),’root’,'A’,’0′,’0′,’0′,’0′,’0′);


11.設置網頁檔案

mv mailscanner /var/www/html/


12.修改網頁權限

cd /var/www/html/mailscanner

chown root:apache images

chmod ug+rwx images

chown root:apache images/cache

chmod ug+rwx images/cache


12.複製設定檔

cp conf.php.example conf.php


13.設定conf.php

vim conf.php


define(DB_TYPE, ‘mysql’);
define(DB_USER, ‘root’);
define(DB_PASS, ‘xxxxxx’);
define(DB_HOST, ‘localhost’);
define(DB_NAME, ‘mailscanner’);


14.設定MailScanner

vim /etc/MailScanner/MailScanner.conf


Quarantine User = root
Quarantine Group = apache (this should be the same group as your web server)
Quarantine Permissions = 0660
Quarantine Whole Message = yes
Quarantine Whole Message As Queue Files = no
Detailed Spam Report = yes
Include Scores In SpamAssassin Report = yes
Always Looked Up Last = &MailWatchLogging


15.設定黑白名單

vim /usr/local/src/mailwatch-1.0.4/SQLBlackWhiteList.pm


my($db_name) = ‘mailscanner’;
my($db_host) = ‘localhost’;
my($db_user) = ‘root’;
my($db_pass) = ‘!Q@W#E$R’;


cp /usr/local/src/mailwatch-1.0.4/SQLBlackWhiteList.pm /usr/lib/MailScanner/MailScanner/CustomFunctions/


vim /etc/MailScanner/MailScanner.conf


Is Definitely Not Spam = &SQLWhitelist
Is Definitely Spam = &SQLBlacklist


16. 修改SpamAssassin設定

vim /etc/MailScanner/spam.assassin.prefs.conf


加入

bayes_path /etc/MailScanner/bayes/bayes
bayes_file_mode 0660


17.建立新的bayes目錄

mkdir /etc/MailScanner/bayes
chown root:apache /etc/MailScanner/bayes
chmod g+rws /etc/MailScanner/bayes


18.複製已經存在的bayes資料庫

cp /root/.spamassassin/bayes_* /etc/MailScanner/bayes
chown root:apache /etc/MailScanner/bayes/bayes_*
chmod g+rw /etc/MailScanner/bayes/bayes_*


19.測試SpamAssassin

spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf –lint


20.重新啟動MailScanner

service MailScanner restart



備註:
◎網頁中文化

說明 http://csc.ocean-pioneer.com/modules/news/article.php?storyid=17
檔案 http://csc.ocean-pioneer.com/docum/mailscanner.tar.gz
下載後覆蓋即可,中文測試時有些設定功能會失效,可能是版本不同造成的。


◎改網頁編碼
 若顯示Big5中文會出現亂碼,可以在/etc/httpd/conf.d下建立設定檔案

vim /etc/httpd/conf.d/mailwatch.conf


Alias /mailscanner /var/www/html/mailscanner

<Location /mailscanner>
Order allow,deny
allow from all
AddDefaultCharset Big5
</Location>


本文来自:唉呦~MIS先生

Share
[ 1 条评论 ]

郵件伺服器 Part-2:MailScanner+ClamAV+SpamAssassin

发布于 2008-10-17
by

前情提要:郵件伺服器 Part-1:+Dovecot+SASL+Procmail

系統使用CentOS 5.1
郵件伺服器全系列:Postfix+Dovecot+SASL+Procmail+Postgrey+Mailscanner+Spamassassin+ClamAV+Mailscanner-mrtg+MailWatch+Openwebmail+MySPAM

MailScanner+ClamAV+SpamAssassin可涵蓋郵件的內容及病毒過濾
A.安裝mailscanner
1.安裝相關元件

yum install patch rpm-build
yum install perl-MIME-tools
yum install gcc perl-Archive-Zip

2.下載MailScanner

cd /usr/local/src
elinks http://www.mailscanner.info/downloads.html

下載Version 4.70.7-1 for RedHat, Fedora and Mandrake (and other RPM-based distributions)

3.安裝MailScanner

cd /usr/local/src
tar -zxvf MailScanner-4.70.7-1.rpm.tar.gz
cd MailScanner-4.70.7-1
./install.sh

4.啟動MailScanner

service postfix stop
chkconfig postfix off
chkconfig –level 2345 MailScanner on
service MailScanner start

5.設定MailScanner設定檔案

vim /etc/MailScanner/MailScanner.conf

基本設定
Run As User = postfix (啟動的使用者)
Run As Group = postfix (啟動的群組)
Incoming Queue Dir = /var/spool/postfix/hold (收信佇列)
Outgoing Queue Dir = /var/spool/postfix/incoming (寄信佇列)
MTA = postfix (使用的MTA)
Max Children = 5 (產生子程序的上限)
Virus Scanning = yes (啟動病毒掃瞄)
Virus Scanners = clamav (設定掃毒套件,多個掃毒套件時以空白字元分隔)
Spam Checks = yes (啟動SPAM掃瞄)
Use SpamAssassin = yes (使用 SpamAssassin 偵測SPAM)
SpamAssassin Site Rules Dir = /etc//spamassassin (SpamAssassin規則檔路徑)
Deliver Unparsable TNEF = yes (增加使用Outlook的相容性)
High Scoring Spam Actions = deliver header “X-Spam-Status: Yes” (高積分時在header標記X-Spam)


效能調教(可參考修改)
Max Unscanned Bytes Per Scan = 300m (每批不被掃瞄大小的上限)
Max Unsafe Bytes Per Scan = 150m (每批被掃瞄大小的上限)
Max Unscanned Messages Per Scan = 300 (每批不被掃瞄數目的上限)
Max Unsafe Messages Per Scan = 300 (每批被掃瞄數目的上限)

其他設定
Spam Subject Text = **SPAM** (普通SPAM的附加標題)
High Scoring Spam Subject Text = **SPAM** (高分SPAM的附加標題)

Send Notices = no (感染信件通知管理員)
Notices Include Full Headers = no (通知信件包含完整表頭)

Required SpamAssassin Score = 6 (普通SPAM積分)
High SpamAssassin Score = 10 (高SPAM積分)

Delivery Method = batch (批次掃描)

6.附件過濾設定(依需求調整)
 過濾附件副檔名屬性設定

vim /etc/MailScanner/filename.rules.conf

 過濾附件類型屬性設定

vim /etc/MailScanner/filetype.rules.conf

7.佇列環境配置

chown postfix.postfix /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/quarantine

8.設定postfix將信件移到佇列

vim /etc/postfix/main.cf


header_checks = regexp:/etc/postfix/header_checks

vim /etc/postfix/header_checks


/^Received:/ HOLD

9.規則設定
 設定郵件白名單

vim /etc/MailScanner/rules/spam.whitelist.rules



10.重新啟動MailScanner

service MailScanner restart





B.安裝SpamAssassin+clamav

yum install spamassassin


1.安裝razor

yum install perl-Razor-Agent


2.安裝pyzor

yum install pyzor


3.安裝dcc

cd /usr/local/src
elinks www.rhyolite.com/anti-spam/dcc/source

 下載dcc-dccd.tar.Z

tar -xzvf dcc-dccd.tar.Z
cd dcc-dccd-1.3.39/
./configure
make
make install



4.安裝unrar

yum install unrar


5.安裝ClamAV

yum install clamav-db clamav clamd


6.排程更新clamav病毒碼
 (每天0,12點更新病毒碼)

vim /etc/crontab


 0 0,12 * * * root /usr/bin/freshclam

7.啟動spamassassin

chkconfig spamassassin on
service spamassassin start


8.修改資料夾權限

chown postfix /var/spool/postfix



C.規則設定
1.spamassassin預設規則

vim /etc/mail/spamassassin/local.cf


2.可到下列網址取得基本設定

http://www.yrex.com/spam/spamconfig.php


 規則CF檔放置於/etc/mail/spamassassin/即可,中文規則需用上傳不可直接複製貼上複製

3.下載中文過濾規則

wget -N -P /etc/mail/spamassassin/ www.ccert.edu.cn/spam/sa/Chinese_rules.cf



D.啟動spamassassin自動學習
1.建立bayes資料庫

spamassassin –lint –config-file=/etc/MailScanner/spam.assassin.prefs.conf -D

 無資料庫時出現debug: bayes: no dbs present, cannot tie DB R/O: /var/spool/MailScanner/spamassassin/bayes_toks
 執行sa-learn –sync在/var/spool/MailScanner/spamassassin/裡建立bayes_seen/bayes_toks等資料庫檔案

2.建立黑名單帳號

useradd spam


3.建立白名單帳號

useradd nospam


4.收到誤判或漏判信件時,”以附加檔案方式轉寄”給blacklist或whitelist

5.學習黑名單

sa-learn –prefs-file=/etc/MailScanner/spam.assassin.prefs.conf –showdots –spam –mbox /var/mail/spam


6.學習白名單

sa-learn –prefs-file=/etc/MailScanner/spam.assassin.prefs.conf –showdots –ham –mbox /var/mail/nospam


7.每小時自動學習黑/白名單
 在/etc/cron.daily建立Script

vim /etc/cron.daily/spam-learn


#!/bin/sh
SPAM=/var/mail/spam
NOSPAM=/var/mail/nospam

LOGFILE=/var/log/spamlearn.log
CONF=/etc/MailScanner/spam.assassin.prefs.conf
LEARN=/usr/bin/sa-learn

date >> $LOGFILE
if [ -f $SPAM ]; then
BOX=${SPAM}.processing
mv $SPAM $BOX
sleep 5
$LEARN –prefs-file=$CONF –spam –mbox $BOX >> $LOGFILE 2>&1
rm -f $BOX
fi

if [ -f $NOSPAM ]; then
BOX=${NOSPAM}.processing
mv $NOSPAM $BOX
sleep 5
$LEARN –prefs-file=$CONF –ham –mbox $BOX >> $LOGFILE 2>&1
rm -f $BOX
fi
#


 重新啟動crond

/etc/init.d/crond restart


来自:唉呦~MIS先生

Share
发表评论?

郵件伺服器 Part-1:Postfix+Dovecot+SASL+Procmail

发布于 2008-10-17
by

系統使用CentOS 5.1
郵件伺服器全系列:+Dovecot+SASL+Procmail+Postgrey+Mailscanner+Spamassassin+ClamAV+Mailscanner-mrtg+MailWatch+Openwebmail+MySPAM

一、移除sendmail,安裝POSFIX
/etc/init.d/sendmail stop
yum install postfix
rpm -e sendmail
chkconfig –add postfix
/etc/init.d/postfix start

二、安裝cyrus-sasl
yum install cyrus-sasl

1.設定SASL啟動
chkconfig saslauthd on
service saslauthd start

2.修改SASL設定
vim /usr/lib/sasl2/smtpd.conf

pwcheck_method: saslauthd
#mech_list: PLAIN LOGIN

三、安裝Procmail
yum install procmail

1.設定Procmail
vim /etc/procmailrc

LOGFILE=/var/log/procmail/procmail.log

(其餘指令依需求設定)

2.建立LOG檔
mkdir /var/log/procmail
touch /var/log/procmail/procmail.log
chmod 644 /var/log/procmail/procmail.log

3.設定logrotate
vim /etc/logrotate.d/procmail

/var/log/procmail/procmail.log {
monthly
size=10M
rotate 5
nocompress
}

四、安裝dovecot(pop3與imap)
yum install dovecot

1.編輯dovecot
vim /etc/dovecot.conf

啟用POP3
protocols = pop3

啟用純文字驗證功能
disable_plaintext_auth = no

偽裝歡迎訊息
login_greeting = Microsoft Exchange 2000 POP3 server version 6.0.6603.0 (ex.roc.corp) ready. 

2.啟動dovecot
chkconfig dovecot on
service dovecot start

3.變更郵件檔權限
chmod a+rwxt /var/

五、設定Postfix
vim /etc/postfix/main.cf

1.對所有界面服務
#inet_interfaces = localhost
inet_interfaces = all

mail_owner = postfix
2.設定主機名稱及網域設定
mynetworks = 192.168.0.0/24, 127.0.0.0/8
mynetworks_style = host
myhostname = mail.domain.com
mydomain = domain.com

3.設定procmail過濾
mailbox_command = /usr/bin/procmail

4.設定使用SASL
EX.
#SMTP sasl Auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_application_name = smtpd

#開啟 smtp 認證
smtpd_sasl_auth_enable = yes 

#client端的相容性
broken_sasl_auth_clients = yes

#允許sasl認證,接收本機為最後一站的信件
smtpd_recipient_restrictions = permit_sasl_authenticated permit_auth_destination rejec

#允許用戶端sasl認證
smtpd_client_restrictions = permit_sasl_authenticated

#允許非匿名的使用者
smtpd_sasl_security_options = noanonymous

#sasl的本地網域
smtpd_sasl_local_domain = $myhostname

#阻擋網域名稱錯誤
smtpd_sender_restrictions = reject_unknown_sender_domain

#阻擋動態IP的主機
smtpd_client_restrictions = check_client_access regexp:/etc/postfix/access

設定驗證項目
每個驗證項目前需空格,最後一項不加”,” 

5.針對client的ip/domain設限
EX.
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_client_access hash:/etc/postfix/access,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client xbl.spamhaus.org,
reject_rbl_client dsbl.dnsbl.net.au

項目說明:
#允許內網不必檢查
permit_mynetworks,

#SASL驗證
permit_sasl_authenticated,

#反解失敗就拒絕
reject_unknown_client,

#根據access清單拒絕client
check_client_access hash:/etc/postfix/access,

(先建立/etc/postfix/access檔案,拒絕動態ip的client

dynamic.apol.com.tw REJECT We can’t allow dynamic IP to relay!
dynamic.giga.net.tw REJECT We can’t allow dynamic IP to relay!
dynamic.hinet.net REJECT We can’t allow dynamic IP to relay!
dynamic.seed.net.tw REJECT We can’t allow dynamic IP to relay!
dynamic.tfn.net.tw REJECT We can’t allow dynamic IP to relay!
dynamic.ttn.net REJECT We can’t allow dynamic IP to relay!
dynamic.lsc.net.tw REJECT We can’t allow dynamic IP to relay!

postmap hash:/etc/postfix/access 來建立DB)

#使用正規表示式拒絕名稱中有dynamic的主機連線
check_client_access regexp:/etc/postfix/access_re

(請先建立 /etc/postfix/access_re
/dynamic/ REJECT )

#使用DNS Block List 黑名單機制
reject_rbl_client cbl.abuseat.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client xbl.spamhaus.org,
reject_rbl_client dsbl.dnsbl.net.au,

6.要求寄信前要提出helo的要求
smtpd_helo_required = yes

7.SMTP驗證HELO
EX.
smtpd_helo_restrictions =
permit_mynetworks,
reject_invalid_hostname,
check_helo_access hash:/etc/postfix/fake_helo 


#拒絕不正確/未知的helo domain
reject_invalid_hostname,
#reject_non_fqdn_hostname,
#reject_unknown_hostname,
#拒絕外界但是宣稱是自己domain的helo
check_helo_access hash:/etc/postfix/fake_helo

(拒絕外界但是宣稱是自己domain的helo
請先建立 /etc/postfix/fake_helo
內容 example.com REJECT
利用#postmap hash:/etc/postfix/fake_helo 建立DB)

#馬上拒絕不delay
smtpd_delay_reject = no

8.根據Mail from來限制
EX.
smtpd_sender_restrictions =
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain 


#拒收來自於外界卻宣稱發自內部的信件
#check_sender_access hash:/etc/postfix/fake_from,
(建立 /etc/postfix/fake_from
內容 example.com REJECT
使用 #postmap hash:/etc/postfix/fake_from)

#拒絕不正確和未知的domain
reject_non_fqdn_sender 


9.根據接收來限制
EX.
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_policy_service unix:/var/spool/postfix/postgrey/socket,
permit_auth_destination,
reject_unauth_destination 


#有鑑於有些廣告信都是以edm@xxx.com為sender
header_checks = regexp:/etc/postfix/hc
(建立一檔案 /etc/postfix/hc
內容 /^From:.*edm@/ REJECT
使用正規表示式過濾以edm@xxx.com為寄件人的廣告信)

10.偽裝登入POSTFIX時所顯示的訊息
smtpd_banner = Welcome to Microsoft Exchange 2003

11.佇列儲存時間
#寄出時間
maximal_queue_lifetime = 5d
#退信時間
bounce_queue_lifetime = 5d

12.每封信限制大小
message_size_limit = 512000000

13.每個帳號郵箱限制大小(無限)
mailbox_size_limit = 0 


——————————————————————–

SASL測試
1.啟動saslauthd啟動
/etc/rc.d/init.d/saslauthd start
service postfix reload 

2.測試
testsaslauthd -u user -p ‘password’
0: OK “Success.”–>成功

 

3.相關設定檔
/etc/sysconfig/saslauthd

主要是MECH=shadow

4.SASL驗證訊息
saslauthd -v
saslauthd 2.1.19
authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap

5.TELNET測試
telnet mail.domain.com 25

EHLO test.com

250-mail.domain.com
250-PIPELINING
250-SIZE 512000000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

六、七行會顯示目前的認證協定
———————————————————————

POSTFIX測試

1.檢查啟動
service postfix restart
netstat -tupln grep :25

postfix在port 25 listen

2.檢查postfix設定
#postconf
檢查預設值
#postconf -d

3.Telnet寄信
Client傳送信件給Server的程序為
HELO / EHLO 網域名稱
MAIL FROM: 寄件者e-mail
RCPT TO: 收件者e-mail
DATA 信件內容然後以 . 為結束
QUIT 寄信完離開

来自:唉呦~MIS先生
本文:地址

Share
发表评论?
Page 3 of 3123