之前想做,可是坛子里边没有相应的文章,幸得何老大的指点和互联网上找的文章,东拼西凑做了出来。上星期上线,效果很好,就是灰名单截了不少合法的邮件,但是不知道如何放行。
觉得还是把自己的配置过程贴出来,好让后来者少走弯路,如果里边有错误请指正,因为我对postfix不是太熟悉,谢谢
注:mydomain1.com及mydomain2.com是需要转递邮件的两个域名
1.安装freebsd 6.1
cvsup source 并且 make world
cvsup ports
修改/etc/rc.conf,加入:
sendmail_enable = "NO"
sendmail_submit_enable = "NO"
sendmail_outbound_enable = "NO"
sendmail_msp_queue_enable = "NO"
修改/etc/periodic.conf
daily_clean_hoststat_enable = "NO"
daily_status_mail_rejects_enable = "NO"
daily_status_include_submit_mailq = "NO"
daily_submit_queuerun = "NO"
2.安装postfix
cd /usr/ports/mail/postfix
make install clean
安装过程当中的选项选择默认选项
3.配置postfix为邮件网关
修改/usr/local/etc/postfix/main.cf以下行:
mynetworks = 127.0.0.0/8 10.40.0.0/24 #10.40.0.0/24根据自己的内网ip修改
myorigin = mydomain1.com
mydestination =
local_recipient_maps =
local_transport = error:local mail delivery is disabled
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual
relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients
transport_maps = hash:/usr/local/etc/postfix/transport
relay_domains = mydomain1.com mydomain2.com
parent_domain_matches_subdomains = debug_peer_list smtpd_access_maps
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destiantion #此时不修改此项也行,因为后边安装clam也要修改
修改/usr/local/etc/postfix/virtual,加入:
postmaster [email protected]
新建/usr/local/etc/postfix/relay_recipients,内容为转递的邮件地址:
[email protected] x
[email protected] x
...
[email protected] x
...
修改/usr/local/etc/postfix/transport,加入:
mydomain1.com smtp:[10.40.0.3]:8025 #10.40.0.3为最终MTA的地址,8025是这个MTA的smtp端口,如果MTA的地址是ip,则必须用[]括住
mydomain2.com smtp:[10.40.0.3]:8025
运行/usr/local/sbin/postmap /usr/local/etc/postfix/virtual
运行/usr/local/sbin/postmap /usr/local/etc/postfix/relay_recipients
运行/usr/local/sbin/postmap /usr/local/etc/postfix/transport
这三个文件每次修改都要重新运行对应的命令,已生成.db文件
4.安装amavisd-new(抄自http://www.extmail.org/docs/extmail_solution_freebsd/)
cd /usr/ports/security/amavisd-new
make install clean
确保选择
LDAP
MILTER
RAR
ARJ
LHA
ARC
ZOO
UNZOO
LZOP
FREEZE
修改/usr/local/etc/amavisd.conf
$max_servers = 10;
$sa_spam_subject_tag = '[SPAM] ';
$mydomain = 'mydomain1.com';
$myhostname = 'mail.mydomain1.com';
@local_domains_maps = qw(.);
$sa_tag_level_deflt = undef;
$sa_tag2_level_deflt = 5.0;
$sa_kill_level_deflt = 5.0;
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_DISCARD;
$virus_admin = "postmaster\@$mydomain";
$mailfrom_notify_admin = "postmaster\@$mydomain";
$mailfrom_notify_recip = "postmaster\@$mydomain";
$mailfrom_notify_spamadmin = "postmaster\@$mydomain";
@whitelist_sender_maps = read_hash("$MYHOME/white.lst");
@blacklist_sender_maps = read_hash("$MYHOME/black.lst");
$spam_quarantine_to = "spam\@$mydomain";
$virus_quarantine_to = "virus\@$mydomain";
$banned_quarantine_to = "spam\@$mydomain";
$hdrfrom_notify_admin = "Content Filter ";
运行
touch /var/amavis/white.txt
touch /var/amavis/black.txt
chown –R vscan:vscan /var/amavis/
修改/usr/local/etc/postfix/main.cf,增加:
smtp-amavis unix - - n - 4 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o receive_override_options=
运行
postconf -e 'content_filter = smtp-amavis:[localhost]:10024'
postconf -e 'receive_override_options = no_address_mappings'
5.安装clamav(抄自http://www.extmail.org/docs/extmail_solution_freebsd/)
cd /usr/ports/security/clamav
make install clean
修改usr/local/etc/clamd.conf
User vscan
修改/usr/local/etc/freshclam.conf
DatabaseOwner vscan
修改/usr/local/etc/amavisd.conf,增加
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
运行
chown –R vscan:vscan /var/run/clamav/
chown –R vscan:vscan /var/log/clamav/
chown –R vscan:vscan /var/db/clamav/
6.配置Spamassassin(抄自http://www.extmail.org/docs/extmail_solution_freebsd/)
cp /usr/local/etc/mail/spamassassin/local.cf.sample /usr/local/etc/mail/spamassassin/local.cf
修改/usr/local/etc/mail/spamassassin/local.cf
report_safe 1
use_bayes 0
auto_learn 0
bayes_auto_expire 1
skip_rbl_checks 1
use_razor2 0
use_dcc 0
use_pyzor 0
dns_available no
lock_method flock
新建/var/cron/sa.sh
#!/bin/sh
cd /tmp/
fetch -q http://www.ccert.edu.cn/spam/sa/Chinese_rules.cf
mv Chinese_rules.cf /usr/local/share/spamassassin/
/usr/local/etc/rc.d/amavisd forcerestart > /dev/null
执行chmod +x /var/cron/sa.sh
修改/etc/crontab,增加
0 0 * * 6 root /var/cron/sa.sh
修改/etc/rc.conf,增加
postfix_enable="YES"
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
spamd_enable="YES"
amavisd_enable="YES"
7.安装slockd
下载slockd.tar.gz
tar zxf slockd.tar.gz
mv slockd /usr/local/
修改/usr/local/slockd/config/main.cf
去掉log_file的注释
修改/usr/local/etc/postfix/main.cf
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
check_policy_service inet:127.0.0.1:10030
修改/etc/rc.conf
slockd_enable="YES"
reboot,搞定
