close

建立防毒、過濾垃圾郵件的 Mail Gateway

  • 在 FC6 安裝 Postfix (as gateway) + MailScanner + ClamAV + Spamassassin
  • 將 Sendmail 設定成 Mail Gateway

環境

  • Mail Gateway: Postfix + MailScanner + ClamAV + Spamassassin (based on Fedora Core 6)
  • Internal Mail Server: 任一種郵件伺服器, 假設內部 IP 為: 192.168.1.1
  • Primary MX: domain.com IN MX mail.domain.com. (MX 記錄指向 Mail Gateway)

安裝 Postfix, 並將 Postfix 設定成 Mail Gateway

yum install postfix

service sendmail stop

chkconfig sendmail off

vi /etc/postfix/main.cf

myhostname = mail.domain.com
mydomain = domain.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $mydomain, localhost.$mydomain, localhost
local_recipient_maps = (空白)
networks_style = host
relay_domains = domain.com
transport_maps = hash:/etc/postfix/transport
append_at_myorigin = no

vi /etc/postfix/transport

domain.com    smtp:[192.168.1.1]

postmap /etc/postfix/transport

service postfix start

修改 NAT 配置, 將 tcp 25 指向 postfix_host:25, 並從外部寄郵件到 someone@domain.com, 觀察 postfix 是否能 forward 給真正的 mail server (192.168.1.1), 或 telnet 到 mail gateway 進行測試

安裝 ClamAV、MailScanner

下載 ClamAV

groupadd clamav

useradd -g clamav -s /sbin/nologin -M clamav

tar zxf clamav-0.91.2.tar.gz

cd clamav-0.91.2

./configure && make && make install

vi /usr/local/etc/clamd.conf

#Example

vi /usr/local/etc/freshclam.conf

#Example

vi /etc/ld.so.conf

#加入
/usr/local/lib

ldconfig

freshclam

下載 MailScanner

tar zxf MailScanner-4.65.3-1.rpm.tar.gz

cd MailScanner-4.65.3-1

./install.sh

vi /etc/MailScanner/MailScanner.conf

Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix

Virus Scanning = yes
Virus Scanners = clamav
Use SpamAssassin = yes
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin

Sign Clean Message = no (不在信尾加註 "This message has been scanned...")

mkdir /var/spool/MailScanner/spamassassin

chown postfix:postfix /var/spool/MailScanner/*

vi /etc/postfix/main.cf

header_checks = regexp:/etc/postfix/header_checks

vi /etc/postfix/header_checks

/^Received:/ HOLD

service postfix stop

service MailScanner start

將 Sendmail 設定成 Mail Gateway

環境

  • Fedora Core 3, Sendmail 8.13.1-2
  • Primary MX: domain.com IN MX mail.domain.com.

yum install sendmail-cf

vi /etc/sysconfig/network

HOSTNAME=mail.domain.com

vi /etc/hosts

127.0.0.1    mail.domain.com mail localhost.localdomain localhost

vi /etc/mail/sendmail.mc

DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0,Name=MTA')
FEATURE(`accept_unresolveble_domains')
FEATURE(`mailertable')

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

vi /etc/mail/access

#加入
domain.com    RELAY

makemap hash /etc/mail/access.db < /etc/mail/access

vi /etc/mail/mailertable

#加入
domain.com    smtp:[192.168.1.1]

makemap hash /etc/mail/mailertable.db < /etc/mail/mailertable

service sendmail restart

確認 "domain.com" 不在清單中

sendmail -bt -C /etc/mail/sendmail.cf

Enter <ruleset> <address>
> $=w
mail
localhost.localdomain
localhost
mail.domain.com
[127.0.0.1]
>/quit

確認 mailertable 是否設定正確

sendmail -bv someone@domain.com

someone@domain.com... deliverable: mailer smtp, host [192.168.1.1], user someone@domain.com

測試 mal gateway 能否正常轉信給真正的 mail server

telnet mail.domain.com 25

ehlo localhost
mail from: someone@somewhere.com
rcpt to: someone@domain.com
data
subject: this is a test
.
quit

arrow
arrow
    全站熱搜
    創作者介紹
    創作者 安德森 的頭像
    安德森

    安德森技術備忘板

    安德森 發表在 痞客邦 留言(0) 人氣()

    E-mail轉寄