结合《RHEL6服务器Mail服务》进行部署。
1、查看解析域名
# nslookup mail.cluster.com
Server: 10.10.10.15
Address: 10.10.10.15#53
Name: mail.cluster.com
Address: 10.10.10.15
# nslookup --验证邮件交换记录
> set type=mx
> cluster.com --这里写域,不是域名
Server: 10.10.10.15
Address: 10.10.10.15#53
cluster.com mail exchanger = 0 10.10.10.15.
2、配置main.cf
# vim /etc/postfix/main.cf
myhostname = mail.cluster.com
mydomain = cluster.com
myorigin = $mydomain
inet_interfaces = all ---把原来的localhost注释掉
mydestination = $myhostname, localhost.$mydomain, localhost,$mydomain
mynetworks =127.0.0.0/8,10.1.1.0/24,172.16.0.0/16
3、安装杀毒软件
(1)建立身份用户
# groupadd -g 108 clamav
# useradd -g clamav -u 108 clamav
(2)安装和编译
# tar xvf clamav-0.97.6.tar.gz -C /usr/src
# cd /usr/src/clamav-0.97.6
# ./configure
# make -j2 && make install
4、配置
(1)配置病毒库和更新病毒库
#vim /usr/local/etc/freshclam.conf
# Example ---删除或者注释掉
DatabaseDirectory /var/lib/clamav
DatabaseOwner clamav ---病毒库相关文件的拥有者
DatabaseMirror db.cn.clamav.net
DatabaseMirror database.clamav.net
Checks 24
NotifyClamd /usr/local/etc/clamd.conf
# mkdir -p /var/lib/clamav
# chown clamav:clamav /var/lib/clamav/
# tar xvf clamav-db.tar -C /var/lib/clamav/
----解压旧版本的病毒库
升级病毒库
# freshclam
(2)配置杀毒软件主配置文件
#vim /usr/local/etc/clamd.conf
#Example
LogFile /tmp/clamd.log
PidFile /var/run/clamd.pid
DatabaseDirectory /var/lib/clamav
LocalSocket /tmp/clamd.socket
User clamav
将启动脚本拷贝到相应目录
# cp /usr/local/sbin/clamd /etc/rc.d/init.d/
# chmod 755 /etc/rc.d/init.d/clamd
启动杀毒软件
# service clamd start
# ls /tmp/clamd.socket
/tmp/clamd.socket ---如有,就代表启动成功
(3)扫描病毒和删除病毒文件
# clamscan /usr/src/clamav-0.97.6/test/ 仅仅扫描
# clamscan --remove=yes /usr/src/clamav-0.97.6/test/ 删除感染了病毒的文件
5、将杀毒软件与postfix结合
(1)安装插件clamstmp
# tar xvf clamsmtp-1.10.tar.gz -C /usr/src
# cd /usr/src/clamsmtp-1.10/
# ./configure && make -j 2 && make install
# cp scripts/clamsmtpd.sh /etc/rc.d/init.d/clamstmpd
# chmod 755 !$
# cp scripts/virus_action.sh /usr/local/bin/virus_action.sh
# chmod 775 /usr/local/bin/virus_action.sh
# cp doc/clamsmtpd.conf /usr/local/etc/
(2)编辑插件配置文件
# vim /usr/local/etc/clamsmtpd.conf
OutAddress: 10026 ----把杀毒软件过滤后,没有问题的邮件发送本机10026端口
Listen: 0.0.0.0:10025
ClamAddress: /tmp/clamd.socket
Header: X-Virus-Scanned: ClamAV using ClamSMTP
Action: drop
Quarantine: on
User: clamav
VirusAction: /usr/local/bin/virus_action.sh
# vim /usr/local/bin/virus_action.sh
file="/tmp/virus.log"
dir="/tmp/quarantine/"
# mkdir -p /tmp/quarantine/
# chown clamav:clamav /tmp/quarantine/
# /etc/rc.d/init.d/clamstmpd start ---没有返回报错就对了
# lsof -i:10025
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
clamsmtpd 32275 clamav 3u IPv4 98568 0t0 TCP *:10025 (LISTEN)
(3)配置postfix主配置文件
# vim /etc/postfix/master.cf
.......在配置文件最后添加:让postfix监听10026端口.....
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
-o smtp_enforce_tls=no
127.0.0.1:10026 inet n - n - 16 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
# vim /etc/postfix/main.cf
content_filter = scan:[127.0.0.1]:10025 ---增加内容过滤的配置
总结:
mail邮件 ---> 25:Postfix ---> 10025:clamstmpd ---> /tmp/clamd.socket 杀毒软件来扫描 ----> 10026:Postfix
重启postfix,让配置生效
# service postfix restart
(4)测试
(1)发送一封本地普通邮件,然后查看杀毒软件是否已经成功和postfix结合。
#cat /var/mail/root
From abc@ns1.cluster.com Wed Oct 9 07:34:33 2013
Return-Path: <abc@ns1.cluster.com>
X-Original-To: root@cluster.com
Delivered-To: root@cluster.com
Received: from mail.cluster.com (localhost [127.0.0.1])
by mail.cluster.com (Postfix) with ESMTP id 99AC7E61FE
for <root@cluster.com>; Wed, 9 Oct 2013 07:34:33 +0000 (GMT)
Received: from ns1.cluster.com (localhost [127.0.0.1])
by mail.cluster.com (Postfix) with ESMTP id 7B168E61FD
for <root@cluster.com>; Wed, 9 Oct 2013 07:34:33 +0000 (GMT)
From: "abc" <abc@ns1.cluster.com>
To: root@cluster.com
Subject: i am root
Date: Wed, 9 Oct 2013 08:34:33 +0100
Message-Id: <20131009073353.M63430@ns1.cluster.com>
X-Mailer: OpenWebMail 2.53
X-OriginatingIP: 192.168.140.1 (abc)
MIME-Version: 1.0
Content-Type: text/plain;
charset=iso-8859-1
X-Virus-Scanned: ClamAV using ClamSMTP -----这个头信息就是杀毒软件自动在每一封邮件中添加的,如果可以看到此头信息表示杀毒软件邮件和postfix结合成功
hhhhhhhhh
hahahahhahaha
(2)发送一封本地带有病毒的邮件
# mutt -f /var/mail/root --用root身份发发送远程邮件。
带病毒的邮件将会被杀毒软件截取存放到/tmp/quarantine/中
# ls /tmp/quarantine/
virus.1bSmxn -------此文件为病毒文件
可以cat一下此病毒文件
# cat /tmp/quarantine/virus.1bSmxn
Received: by mail.cluster.com (Postfix, from userid 0)
id 71E4EE5B2D; Wed, 9 Oct 2013 06:58:09 +0000 (GMT)
Date: Wed, 9 Oct 2013 06:58:09 +0000
From: root <root@ns1.cluster.com>
To: abc@cluster.com
Subject: hhhh you du
Message-ID: <20131009065809.GA6277@ns1.cluster.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="IS0zKkzwUGydFO0o"
Content-Disposition: inline
User-Agent: Mutt/1.5.20 (2009-12-10)
--IS0zKkzwUGydFO0o
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
dhfsdhflasdjfasldf
asdfhasdlfhsdlf
sadkfhasdlfhas
Content-Type: application/octet-stream
Content-Disposition: attachment; filename="clam.7z" -----带病毒文件clam.7z,下面是病毒代码
Content-Transfer-Encoding: base64
N3q8ryccAAO+RgDk+AAAAAAAAABSAAAAAAAAAGbo8T8AJpaGHffyAWsCdZSPp7576Esp80t8
9288RTOTR2aUNxbIWCe6tJsSudsJfjIg6huLUZxwelrgmROyvJBSP3IkMNeRb2jg2uMPPFRt
T8/tWOjESj58ReY/w248nmGHcmhtJN/5l2TbdpW0awdnh9i0E90t99cXzOD17wxkBpmRC2OS
OIBcjweWvs1+5xghQ27pbjkVvZCLjCY6SsinhghLSeysGaEmhGlK6q489xZaGitz3geNaI/J
eXNz9B6d9Q7VTW5OKcEOWxUe3ix7wD/tF+sSl1E09SsgUOV/TzhIs5kDP+Ku/uMoKDRCXrgG
7vyzdtQsn2lIAAEEBgABCYD4AAcLAQABIwMBAQVdAAABAAyCIAAICgH9PAfvAAAFARETAGMA
bABhAG0ALgBlAHgAZQAAABQKAQAAAy33vhbKARUGAQAggKSBAAA=
--IS0zKkzwUGydFO0o--
至此杀毒软件和postfix结合搭建mail服务器完成。
RHEL5上安装Extmail邮件系统:http://www.linuxdiyf.com/linux/6630.html
CentOS下Extmail的搭建:http://www.linuxdiyf.com/linux/10556.html
Ubuntu Evolution Email客户端的配置:http://www.linuxdiyf.com/linux/8125.html