As the single point of failure of e-mail filtering company's Exchange environment without hardware devices do want to spend more money to invest in this area, so I want to implement a redundancy scheme by Postfix tool.
postfix is Wietse Venema in IBM 's GPL agreement under development in the MTA (Mail Transfer Agent) software, is an open source linux world's Mail Transfer Agent tool, you can achieve anti-spam and antivirus functionality through a number of components.
Related components:
postfix+clamd+spamassassin+amavisd-new
clamd anti-virus engine
spamassassin antispam
amavisd-new is the intermediary between the software mail proxy server (MTA) and anti-virus software
Fundamental:
The first step: postfix receive mail
postfix, through port 25, to accept all mail, this step is well understood.
Step two: the message to amavisd-new
In the Linux mail system, amavisd-new is critical ah. Can be understood, postfix, all the extra features, we need him to achieve.
From the above picture, we can see, postfix, after receiving the mail down to amavisd-new, let him think of ways to solve the problem of anti-virus, spam filtering.
To the anti-virus software
By clamd, linux antivirus software to check whether the message with the virus.
To SpamAssassin
Spam filtering is achieved by him.
The third step: amavisd-new back through port 10025 postfix
When all the work is completed, to postfx, postfix passed to exchange
The entire installation process
The main reference documentation
http://blog.linuxphp.org/archives/657/
Operating system version Centos 6.3
1 configuration dns vim /etc/resolv.conf
Add a can parse LAN DNSIP
2 配置hosts vim /etc/hosts
So that it can resolve its own
For example, 1.1.1.1 postfix.contoso.com
A mounting configuration so as to complete the basic Postfix mailer
1 modify configuration files
vim /etc/postfix/main.cf:
2 vim / etc / postfix / transport, add the following at the end of the configuration file.
3 vim /etc/postfix/master.cf remained the original contents of the default file
4 Execute the following command to make transport to take effect
folders transportation
5 start service:
6 view ports:
7 use powershell send-mailmessage test sending mail, 10.7.2.53 is this station postfix server:
8 found that the client already received
Add two related virus and anti-spam filter assembly components
Create the relevant account:
Add ClamAV required to run the group and user:
groupadd ClamAV
useradd -g ClamAV -s / sbin / nologin -M ClamAV
add a user with the use of amavisd-new amavis (yum install time we are created by default)
groupadd amavis
useradd -g amavis -s / sbin / nologin -M amavis
本次组件的安装为了方便主要使用yum安装也可以使用源码安装。
1 安装Clamd(版本0.98.1)
yum install clamd (yum安装会自动创建clam组和账户这个需要后边更改一下)
发现默认的源没有相关的软件
我们需要将其他服务器的/etc/yum.repos.d目录下面的源文件拷贝到这台服务器上
到postfix服务器上查看已经有了相关的文件,并执行yum makecache使其生效
再次执行yum install clamd的时候虽然有了相关组件但又发现了错误
需要更改/etc/yum.repos.d/epel.repo中的以下内容
再运行 yum makecache 然后再运行yum install clamd 发现已经可以安装了
启动服务service clamd start,会有病毒库过期的提示:
使用freshclam更新一下病毒库,重启一下clamd服务已经正常了:
修改配置文件内容,/etc/clamd.conf 因为默认的用户是clam我们需要改为amavis
默认的用户:
修改完的用户:
重启服务失败:
原来是目录权限的问题:
修改目录权限:
删除/var/log/clamav目录线面的这两个文件:
再起重启服务,还是有问题:
目录权限问题:
重启服务成功:
修改病毒库更新的配置文件
先检查配置文件/etc/freshclam.conf
默认账户:
更新后的账户
配置文件更改完以后会出现病毒库更新错误
还是权限的问题需要修改权限至下面的截图:
更新成功:
2 安装spamassassin(版本3.3.1)
yum install spamassassin 这个是正常的。
修改配置文件/etc/mail/spamassassin/local.cf
required_score 5.0
rewrite_header Subject *****SPAM*****
report_safe 1
use_bayes 1
bayes_auto_learn 1
skip_rbl_checks 1
use_razor2 0
use_pyzor 0
ok_locales all
启动服务:
3安装amavisd-new(版本2.8.0)
yum install amavisd-new 一切顺利
设置相关目录权限:
将clamav加到amavis运行组里,并调整目录权限,否则clamav将无法扫描amavisd-new产生的临时文件
# gpasswd -a clamav amavis
# usermod -G amavis clamav
# chown amavis.amavis /var/spool/amavisd
# chmod 750 /var/spool/amavisd
# chown amavis.amavis /var/spool/amavisd/tmp
# chmod 750 /var/spool/amavisd/tmp
修改相关的配置文件/etc/amavisd/amavisd.conf内容。
$daemon_user = 'amavis';#yum安装的时候会自动创建账户$daemon_group = 'amavis';#yum安装的时候会自动创建组和账户
$mydomain = 'contoso.com'; #此处是你的Exchange或者其它邮件系统的邮件域
$virus_admin = "postmaster\@$mydomain";
$mailfrom_notify_admin = "postmaster\@$mydomain";
$mailfrom_notify_recip = "postmaster\@$mydomain";
$mailfrom_notify_spamadmin = "postmaster\@$mydomain";
$mailfrom_to_quarantine = '';
virus_admin_maps => ["postmaster\@$mydomain"] (指定报告病毒和垃圾邮件时发送系统邮件的用户身份)
spam_admin_maps => ["postmaster\@$mydomain"]
取消以下内容的注释并修改相关内容。
将配置文件中的以下内容修改成以下内容
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
qr/\bOK$/m, qr/\bFOUND$/m,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
这是默认的配置文件。
启动服务,正常。
service amavisd start
三 所有组件安装完毕需要将所有的组件与postfix关联
修改/etc/postfix/master.cf 添加以下内容
smtp-amavis unix - - n - 2 smtp
-o smtp_data-done_timeout=1200
-o disable_dns_lookup=yes
#符号前面有一个空格用于连续下面的内容
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
修改/etc/postfix/main.cf 添加以下内容:
content_filter=amavisfeed:[127.0.0.1]:10024
重启一下服务,相关的端口已经启动:
我们将相关的服务设置为开机启动:
四 相关的一些测试:
1我们先发送一份正常的邮件:
查看相关的日志,没有检测到病毒。邮件已经传送成功:
2 我们发送一份带病毒的邮件。
查看一下日志发现被隔离了。
然后会产生一封退信:
说明病毒过滤成功了。
3 测试反垃圾邮件功能.
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 xt.contoso.com ESMTP Postfix
ehlo localhost //打招呼
250-xt.contoso.com
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:<[email protected] > // 发件人
250 2.1.0 Ok
rcpt to:<xiaosong.li1@contoso.com//收件人
250 2.1.5 Ok
data //邮件内容
354 End data with . //下面那行为测试内容
Subject: XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
. //以.结束邮件内容
250 2.0.0 Ok: queued as BC24E85260
quit //退出
221 2.0.0 Bye
Connection closed by foreign host.
发送方出现了退信
整个方案测试成功
