使用Postfix,Courier,MySQL和SquirrelMail虚拟化用户和域
TIPSMAKE.com -Postfix是MTA(邮件运输代理),由Wietse Venema在IBM的TJ Watson Research Center工作时撰写。 后缀功能:易于管理,快速安全。 只需需要带有普通硬件的服务器,Postfix就可以每天传输数百万封电子邮件。在下面的文章中,我们将向您展示如何在虚拟用户和域上安装基本的后缀邮件服务器(IE用户和域存储在MySQL数据库中)。
>>>在deuten squeze / ubuntu 11.0的Nginx(LEMP)上运行Squrrrelmail
此外,本文将显示安装和配置快递(Courier-Pop3,Courier-Imap)的过程,Courier可以从中验证Postfix使用的MySQL数据库。结果,Postfix服务器可以进行身份验证smtp-auth,,,,TLS和配额(默认情况下,配额不是在Postfix中内置的,我们将适当修补Postfix)。密码将存储在加密数据库的形式。同时,我们将向您展示如何安装Amavisd,Spamassassin和Clamav,以便可以扫描并检查这些电子邮件中的垃圾邮件和病毒。最后,我们将安装Squirrelmail网络邮件接口,以便用户可以读取和发送邮件,更改密码。
概述
一个优势虚拟的' 环境 (虚拟的MySQL数据库中的用户和域)是,与基本'相比,它大大提高了性能真实的'基于用户的系统设置。使用虚拟设置,您的邮件服务器可以处理数千个域和用户。此外,管理也变得更容易,因为在添加新用户 /域或编辑现有帐户时,您只需要处理MySQL数据库即可。不邮政图需要命令来创建数据库文件,而无需重新加载后缀。 MySQL数据库的管理可以通过Web工具进行phpmyadmin(将安装在本教程中)。第三个优势是用户将拥有一个电子邮件地址,该电子邮件地址是用户名而不是用户名和令人讨厌的电子邮件。
1。一些笔记
在这里,我们使用Fedora 15 x86_64系统,具有静态IP地址192.168.0.100和主机名server1.example.com。您需要确保防火墙和Selinux被禁用。
2。需要一些软件
首先,我们需要更新系统上可用的软件包:
百胜更新
然后安装一些必要的软件:
Yum GroupInstall“开发工具”
Yum GroupInstall“开发图书馆”
3。安装apache,mysql,phpmyadmin
该软件套件可以通过以下命令行同时安装(包括为courier-imap构建的软件包):
yum install ntp httpd mysql-server php php-mysql php-mbstring rpm gcc build mysql-devel openssl-devel cyrus-sasl-devel pkgconfig zlib-devel phpMyAdmin pcre-devel openldap-devel postgresql-devel expect libtool-ltdl-devel openldap -servers libtool gdbm-devel pam-devel gamin-devel libidn-devel
4。安装Courier-Imap,Courier-Authlib和MailDrop
不幸的是,RPM软件包不适用于Courier-Imap,Courier-Authlib和MailDrop。因此,我们需要构建它供使用。 RPM软件包不应构建根,如果Courier-Imap检测到软件包在root上运行的情况下,它将拒绝编译。因此,我们将创建一个普通帐户(例如,Quantrimang)并分配一个密码:
USERADD -M -S / bin / bash quantrimang
Passwd Quantrimang
然后我们使用sudo命令,以便Quantrimang可以编译并安装RPM软件包。但是首先,让Quantrimang使用sudo运行所有命令:
Visudo
在打开的文件中,在行中root all =(all)全部添加了类似的行Quantrimang以下:
[.] ## Allow root to run any commands anywhere root ALL = (ALL) ALL quantrimang ALL = (ALL) ALL [.]
现在是时候构建RPM软件包了。首先成为Quantrimang:
su quantrimang
接下来创建建筑环境:
mkdir $ home / rpm
mkdir $ home / rpm / source
mkdir $ home / rpm / specs
mkdir $ home / rpm / build
mkdir $ home / rpm / buildroot
mkdir $ home / rpm / srpms
mkdir $ home / rpm / rpms
mkdir $ home / rpm / rpms / i386
mkdir $ home / rpm / rpms / x86_64
echo“%_topdir $ home / rpm” >> $ home / .rpmmacros
创建下载文件夹并下载源文件这里:
mkdir $ home /下载
CD $ HOME /下载
WGET https://sourceforge.net/projects/courier/files/authlib/0.63.0/courier-authlib-0.63.0.tar.bz2/download
WGET https://sourceforge.net/projects/courier/files/imap/4.9.3/courier-imap-4.9.3.tar.bz2/download
WGET https://sourceforge.net/projects/courier/files/maildrop/2.5.4/maildrop-2.5.4.4.4.4.4.tar.bz2/download
仍在$ home /下载,我们构建Courier-Authlib:
sudo rpmbuild -ta courier-authlib-0.63.0.tar.bz2
完成后,可以在/ root / rpmbuild / rpms / x86_64((/ root / rpmbuild / rpms / i386如果您正在运行i386系统):
sudo ls -l / root / rpmbuild / rpms / x86_64
RPM的可用包装显示如下:
[quantrimang @ server1 downloads] $ sudo ls -l / root / rpmbuild / RPMS / x86_64 total 520 -rw-r - r-- 1 root root 123448 May 25 18:06 courier-authlib-0.63.0-1.fc15 .x86_64.rpm -rw-r - r-- 1 root root 265144 May 25 18:06 courier-authlib-debuginfo-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 34876 May 25 18:06 courier-authlib-devel-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 17448 May 25 18:06 courier-authlib-ldap-0.63. 0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 13808 May 25 18:06 courier-authlib-mysql-0.63.0-1.fc15.x86_64.rpm -rw-r-- r-- 1 root root 13020 May 25 18:06 courier-authlib-pgsql-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 8276 May 25 18:06 courier-authlib -pipe-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 34108 May 25 18:06 courier-authlib-userdb-0.63.0-1.fc15.x86_64.rpm [ quantrimang @ server1 downloads] $
选择您想要的软件包,然后在下面类似地安装它:
sudo rpm -ivh /root/rpmbuild/RPMS/x86_64/courier-authlib-0.63.0-1.fc15.x86_64.rpm /root/rpmbuild/RPMS/x86_64/courier-authlib-mysql-0.63.0-1.fc15 .x86_64.rpm /root/rpmbuild/rpms/x86_64/courier-authlib-devel-0.63.0-1.fc15.x86_64.rpm
回到下载文件夹:
CD $ HOME /下载
运行以下命令来创建接收 /允许更改的目录(否则Courier-Imap将会失败):
sudo mkdir / var / cache / ccache / tmp
sudo chmod o + rwx / var / cache / ccache /
sudo chmod 777 / var / cache / ccache / tmp
现在,再次运行rpmbuild,请注意,不要通过sudo,因为编译器不允许其作为root运行。
rpmbuild -ta courier-imap-4.9.3.3.tar.bz2
然后将RPM包在$ home / rpm / rpms / x86_64(($ home / rpm / rpms / i386如果是i386系统):
CD $ HOME / rpm / rpms / x86_64
运行以下命令:
LS -L
您将收到可用的RPM软件包:
[quantrimang @ server1 x86_64] $ LS -L
总计1040
-rw-rw-r-- 1 Quantrimang Quantrimang 315872 5月25日18:33 Courier-Imap-4.9.3-1.15.x86_64.rpm
-RW-RW-R-- 1 Quantrimang Quantrimang 743200 5月25日18:33 Courier-Imap-debuginfo-4.9.3-1.1.15.x86_64.rpm
[quantrimang @ server1 x86_64] $
使用以下命令安装courier-imap:
sudo rpm -ivh courier-imap-4.9.3-1.15.x86_64.rpm
回到下载文件夹:
CD $ HOME /下载
跑步rpmbuild构建MailDrop包:
sudo rpmbuild -ta maildrop -2.5.4.4.tar.bz2
然后可以找到RPM包装/ root / rpmbuild / rpms / x86_64((/ root / rpmbuild / rpms / i386使用i386系统)。
sudo ls -l / root / rpmbuild / rpms / x86_64
可用的RPM软件包已列出:
[quantrimang @ server1 downloads] $ sudo ls -l / root / rpmbuild / RPMS / x86_64 total 1628 -rw-r - r-- 1 root root 123448 May 25 18:06 courier-authlib-0.63.0-1.fc15 .x86_64.rpm -rw-r - r-- 1 root root 265144 May 25 18:06 courier-authlib-debuginfo-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 34876 May 25 18:06 courier-authlib-devel-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 17448 May 25 18:06 courier-authlib-ldap-0.63. 0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 13808 May 25 18:06 courier-authlib-mysql-0.63.0-1.fc15.x86_64.rpm -rw-r-- r-- 1 root root 13020 May 25 18:06 courier-authlib-pgsql-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 8276 May 25 18:06 courier-authlib -pipe-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 34108 May 25 18:06 courier-authlib-userdb-0.63.0-1.fc15.x86_64.rpm - rw-r - r-- 1 root root 278520 May 25 18:50 maildrop-2.5.4-1.15.x86_64.rpm -rw-r - r-- 1 root root 685672 May 25 18:50 maildrop-debuginfo- 2.5.4-1.15.x86_64.rpm -rw-r - r-- 1 root root 99924 May 25 18:50 maildrop-devel-2.5.4-1.15.x86_64.rpm -rw-r - r-- 1 root root 63968 May 25 18:50 maildrop-man-2.5.4-1.15.x86_64.rpm [quantrimang @ server1 downloads] $
使用以下命令安装MailDrop:
sudo rpm -ivh/root/rpmbuild/rpms/x86_64/maildrop-2.5.4-1.15.x86_64.rpm
编译并成功安装必要的软件包后,您可以返回命令:
出口
5。将补丁配额补丁应用于Postfix
我们必须获取Postfix RPM源,使用配额修补程序进行修补,构建一个新的Postfix RPM软件包并安装:
CD / USR / SRC
WGET https://ftp-stud.fht-esslingen.de/pub/mirrors/fedora/linux/releases/15/everything/source/source/srpms/postfix/postfix-2.8.2-2-2-2.fc15.src.rpm.rpm
RPM -IVH Postfix-2.8.2-2.fc15.src.rpm
出现以下警告,您可以忽略它:
警告:不存在的无名用户 - dùngroot
警告:不存在无名企业组 - 使用root
CD / root / rpmbuild / rap源
WGET https://vda.sourceforge.net/vda/postfix-vda-v10-2.8.2.2.patch
CD / root / rpmbuild / specs /
我们需要修复postfix.spec文件:
en Postfix.spec
并添加patch0:PostFix-VDA-V10-2.8.2.Patch到#patches部分,添加%patch0 -p1 -b .vda-v10 to%设置-Q
[.] # Patches Patch0: postfix-vda-v10-2.8.2.patch Patch1: postfix-2.7.0-config.patch Patch2: postfix-2.6.1-files.patch Patch3: postfix-alternatives.patch Patch8 : postfix-large-fs.patch Patch9: pflogsumm-1.1.3-datecalc.patch [.]% prep% setup -q # Apply obligatory patches% patch0 -p1 -b .vda-v10% patch1 -p1 -b .config% patch2 -p1 -b .files% patch3 -p1 -b .alternatives% patch8 -p1 -b .large-fs [.]
然后构建具有配额和MySQL支持的新的Postfix RPM软件包:
rpmbuild -ba Postfix.spec
转到后缀RPM目录/ root / rpmbuild / rpms / x86_64((/ root / rpmbuild / rpms / i386如果是i386系统):
CD / root / rpmbuild / rpms / x86_64
运行命令:
LS -L
您将收到可用的软件包:
[root @ server1 x86_64] # ls -l total 8308 -rw-r - r-- 1 root root 123528 Jun 20 16:33 courier-authlib-0.63.0-1.fc15.x86_64.rpm -rw-r- -r-- 1 root root 265100 Jun 20 16:33 courier-authlib-debuginfo-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 34876 Jun 20 16:33 courier- authlib-devel-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 17452 Jun 20 16:33 courier-authlib-ldap-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 13812 Jun 20 16:33 courier-authlib-mysql-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 13040 Jun 20 16:33 courier-authlib-pgsql-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 8280 Jun 20 16:33 courier-authlib-pipe-0.63.0-1. fc15.x86_64.rpm -rw-r - r-- 1 root root 34144 Jun 20 16:33 courier-authlib-userdb-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 278628 Jun 20 18:29 maildrop-2.5.4-1.15.x86_64.rpm -rw-r - r-- 1 root root 685320 Jun 20 18:29 maildrop-debuginfo-2.5.4-1.15.x86_64.rpm -rw-r - r-- 1 root root 99920 Jun 20 18:29 maildrop-devel-2.5.4-1.15.x86_6 4.rpm -rw-r - r-- 1 root root 63964 Jun 20 18:29 maildrop-man-2.5.4-1.15.x86_64.rpm -rw-r - r-- 1 root root 2170848 Jun 20 18 : 40 postfix-2.8.2-2.fc15.x86_64.rpm -rw-r - r-- 1 root root 4599208 Jun 20 18:40 postfix-debuginfo-2.8.2-2.fc15.x86_64.rpm -rw -r - r-- 1 root root 63536 Jun 20 18:40 postfix-perl-scripts-2.8.2-2.fc15.x86_64.rpm [root @ server1 x86_64] #
选择所需的软件包,并按照以下方式安装它:
RPM -IVH Postfix-2.8.2-2.fc15.x86_64.rpm
6。安装MySQL的密码并配置PhpMyAdmin
首先,我们开始mysql:
chkconfig - levels 235 mysqld on
/etc/init.d/mysqld start
然后为根帐户设置MySQL密码:
mysql_secure_installation
[root @ server1 ~] # mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In hàng lệnh để đăng nhập vào MySQL để thực hiện nó, sẽ cần phải mật khẩu hiện thời cho người chủ root. Nếu đã đã được cài đặt MySQL, và bạn không đặt tên mật khẩu nhưng nào, mật khẩu sẽ được trống, vì bạn nên chỉ đăng nhập vào đây. Enter current password cho root (nhập cho không): OK, đã successfully dùng mật khẩu, chuyển đổi khi .
Thiết lập mật khẩu gốc cần thiết mà không thể đăng nhập vào MySQL
root user without the proper authoring.
Set root password? [Y / n] New password: Re-enter new password: Password updated successfully!
Reloading privilege tables .
. Success!
Vì mặc định, một cài đặt MySQL có một người dùng không rõ, Allow anyone
để đăng nhập vào MySQL không có thể có một người dùng đăng nhập cho cho
more. Đây được sử dụng chỉ để kiểm tra, và để tạo cài đặt
go a bit smoother. Bạn nên gỡ bỏ chúng trước khi chuyển vào
production environment.
Remove anonymous users? [Y / n] . Success!
Thường, root nên chỉ được phép phép kết nối từ 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login command? [Y / n] . Success!
By default, MySQL comes with a database được xác định 'thử' mà có thể
access. Đây không phải được xác định chỉ cho thử thử, và nên được gỡ bỏ trước khi chuyển vào một cơ sở dữ liệu.
Remove test database and access to it? [Y / n] - Dropping test database .
. Success!
- Removing privileges on test database .
. Success!
Reloading the privilege tables will ensure that all changes do so far
sẽ xử lý ngay ngay.
Reload privilege tables now? [Y / n] . Success!
Cleaning up .
All done! If you've completed all steps theo đây, bạn MySQL
cài đặt nên được bảo vệ.
Thanks for dùng MySQL!
[root @ server1 ~] #
接下来,我们配置phpmyadmin。更改apache,以便phpmyadmin允许其他连接(不仅是来自Localhost)在段落中创建评论。
# phpMyAdmin - Web based MySQL browser written in php # # Only allowed localhost by default # # But allowing phpMyAdmin to anyone other than localhost should be considered # dangerous unless đã xác định của SSL không được xác định # bị Danger khi được xác định bởi SSL Alias / phpMyAdmin usr / share / phpMyAdmin # # Order Deny, Allow # Deny from All # Allow from 127.0.0.1 # Allow from :: 1 # Order Deny, Allow Deny from All Allow from 127.0.0.1 Allow from :: 1 # These directories not request over HTTP - taken from the original # phpMyAdmin upstream tarball # Order Deny, Allow Deny from All Allow from Order Order Deny, Allow Deny from All Order Deny, Allow Deny from All Allow from None # This configuration prevents mod_security at phpMyAdmin directories from # filtering SQL etc. This may break your mod_security implementation. # # # # SecRuleInheritance Off # #
为Apache创建引导路径并激活它:
chkconfig - levels 235 httpd on
/etc/init.d/httpd start
现在您可以访问链接https://server1.example.com/phpmyadmin/或者https://192.168.0.100/phpmyadmin/在浏览器上,然后登录根用户名和密码root mysql。
7。创建Postfix / Courier的MySQL数据库
首先,我们创建一个名称邮件的DB:
mysqladmin -u root -p创建邮件
Mysql壳旁边:
mysql -u root -p
在mysql外壳上,我们创建一个mail_admin用户使用密码mail_admin_password(用您自己的密码替换)用基本权利,例如选择,插入,更新和删除在邮件数据库上。 Postfix和Courier将使用此用户连接到邮件数据库:
授予选择,插入,更新,删除邮件。 * to'mail_admin' @'localhost'由'mail_admin_password'确定;
授予选择,插入,更新,删除邮件。 * to'mail_admin'@'localhost.localdomain'由'mail_admin_password'确定;
冲洗特权;
仍在MySQL外壳中,我们创建了后缀和快递需要的表:
使用邮件;
创建表域(
域varchar(50)不为空,
主键(域))
引擎= myisam;
创建桌子转发(
源varchar(80)不为空,
目的地文本而不是null,
主键(来源))
引擎= myisam;
创建表用户(
电子邮件varchar(80)不是零,
密码varchar(20)不为空,
bigint配额(20)默认为“ 10485760”,
主键(电子邮件)
)引擎= myisam;
创建表运输(
域varchar(128)不是默认值'',
传输varchar(128)不是默认值'',
唯一的关键域(域)
)引擎= myisam;
辞职;
通过使用辞职命令;我们将离开MySQL外壳,返回Linux Shell。
域表将存储每个虚拟域以获取后缀以接收电子邮件(例如emame.com)。
领域emame.com
这偏转表用于指向另一封电子邮件的电子邮件,例如指向[email protected]到[email protected]。
来源 目的地info @ example.comsales @ example.com
这用户表将所有虚拟帐户信息和密码存储使用邮箱配额值(在此示例中,默认值为10485760字节等效10MB)。
电子邮件 密码 配额[email protected]。 (加密形式的“秘密”)10485760
这运输对于高级用户,表是一个可选的选项,它允许为每个用户或整个域以及所有邮件转发到另一台服务器。例如:
领域 运输example.comsmtp:[1.2.3.4]
emame.com1.2.3.4在这里,整个电子邮件都将转到通过使用IP地址的服务器的SMTP协议,,,,不要对DNS MX记录进行搜索括号意味着'
'(对于IP地址)。如果您使用完全合格的域名(FQDN),则
Localhost不需要标记。127.0.0.18。配置Postfix现在,我们需要告诉PostFix它可以在数据库中找到所有信息。首先需要创建6个文本文件,然后通知Postfix以连接到IP地址上的MySQL127.0.0.1而不是Localhost。我们必须这样做,因为Postfix正在Chroot监狱中运行,并且无法访问MySQL插座,因此,如果不调整它,它将尝试通过
。使用时
,Postfix将通过TCP连接到MySQL,而Chroot监狱中没有任何问题。
user = mail_admin password = mail_admin_password dbname = mail query = SELECT domain AS virtual FROM domains WHERE domain = '% s' hosts = 127.0.0.1
创建6个文本文件:
user = mail_admin password = mail_admin_password dbname = mail query = SELECT destination FROM forwardings WHERE source = '% s' hosts = 127.0.0.1
vi /etc/postfix/mysql-virtual_domains.cf
user = mail_admin password = mail_admin_password dbname = mail query = SELECT CONCAT (SUBSTRING_INDEX (email, '@', - 1), '/', SUBSTRING_INDEX (email, '@', 1), '/') FROM users WHERE email = '% s' hosts = 127.0.0.1
vi /etc/postfix/mysql-virtual_forwardings.cf
user = mail_admin password = mail_admin_password dbname = mail query = SELECT email FROM users WHERE email = '% s' hosts = 127.0.0.1
vi /etc/postfix/mysql-virtual_mailboxes.cf
user = mail_admin password = mail_admin_password dbname = mail query = SELECT transport FROM transport WHERE domain = '% s' hosts = 127.0.0.1
vi /etc/postfix/mysql-virtual_email2email.cf
user = mail_admin password = mail_admin_password dbname = mail query = SELECT quota FROM users WHERE email = '% s' hosts = 127.0.0.1
在/etc/postfix/mysql-virtual_transports.cf中
vi /etc/postfix/mysql-virtual_mailbox_limit_maps.cf
vmailchmod o = /etc/postfix/mysql-virtual_*.cf/主 / vmailCHGRP Postfix /etc/postfix/mysql-virtual_j.d.cf现在我们创建一个用户和组
带有主目录的
。这将存储整个收件箱。
USERADD -G VMAIL -U 5000 VMAIL -D / HOME / VMAIL -MGroupAdd -G 5000 Vmailserver1.example.com
postconf -e 'myhostname = server1.example.com' postconf -e 'mydestination = server1.example.com, localhost, localhost.localdomain' postconf -e 'mynetworks = 127.0.0.0/8' postconf -e 'virtual_alias_domains =' postconf -e 'virtual_alias_maps = proxy: mysql: /etc/postfix/mysql-virtual_forwardings.cf, mysql: /etc/postfix/mysql-virtual_email2email.cf' postconf -e 'virtual_mailbox_domains = proxy: mysql: / etc / postfix / mysql- virtual_domains.cf 'postconf -e' virtual_mailbox_maps = proxy: mysql: /etc/postfix/mysql-virtual_mailboxes.cf 'postconf -e' virtual_mailbox_base = / home / vmail 'postconf -e' virtual_uid_maps = static: 5000 'postconf -e' virtual_gid_maps = static: 5000 'postconf -e' smtpd_sasl_auth_enable = yes' postconf -e 'broken_sasl_auth_clients = yes' postconf -e' smtpd_sasl_authenticated_header = yes' postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination' postconf -e ', reject_unauth_destination' postconf -e 'smtpd_use_tls' yes postconf -e 'smtpd_tls_cert_file = / etc / post fix / smtpd.cert 'postconf -e' smtpd_tls_key_file = /etc/postfix/smtpd.key 'postconf -e' transport_maps = proxy: mysql: /etc/postfix/mysql-virtual_transports.cf 'postconf -e' virtual_create_maildirsize = yes' postconf -e 'virtual_maildir_extended = yes' postconf -e' virtual_mailbox_limit_maps = proxy: mysql: /etc/postfix/mysql-virtual_mailbox_limit_maps.cf 'postconf -e' virtual_mailbox_limit_override = yes' postconf -e 'virtual_maildir_limit_message = "The user you are trying to "postconf -e 'virtual_overquota_bounce = yes' postconf -e' proxy_read_maps = $ local_recipient_maps $ mydestination $ virtual_alias_maps $ virtual_alias_domains $ virtual_mailbox_maps $ virtual_mailbox_domains $ relay_recipient_maps $ relay_domains $ canonical_maps $ sender_canonical_maps $ recipient_canonical_maps $ relocated_maps $ relocated_maps $ transport_canonical_maps $ rel_ated virtual_mailbox_limit_maps' postconf -e 'inet_interfaces = all'
接下来是后缀配置过程。确保您已更换
使用有效的FQDN,否则后缀可能无法正常工作。
然后创建TLS所需的SSL证书:
CD / ETC / POSTFIX
OpenSSL req -new -Outform pem -ouout smtpd.cert -newkey rsa:2048 -nodes -nodes -keyout smtpd.key -keykey -keyempor pem -days pem -days 365 -x509
国家名称(2个字母代码)[xx]:
州名称(全名)
:
局部名称(例如,城市)[默认城市]:
组织名称(例如,公司)[默认公司有限公司]:组织名称(例如,您的公司名称)。
组织单位名称(例如,部分)
:
通用名称(例如,您的名称或服务器的主机名)
电子邮件:系统的合格域名(例如“ server1.example.com”)。:
更改smtpd.key的权限:
pwcheck_method: authdaemond log_level: 3 mech_list: PLAIN LOGIN authdaemond_path: / var / spool / authdaemon / socket
chmod o = /etc/postfix/smtpd.key
9。Saslauthd配置
/etc/sasl2/smtpd.conf
编辑
文件如下:
vi /etc/sasl2/smtpd.conf
然后关闭sendmail并启动邮政编码,saslauthd,courier-authlib:
CHMOD 755 / var / spool / authdaemon
chkconfig-级别235 courier-authlib on
/etc/init.d/courier-authlib开始
chkconfig-级别235 sendmail off
/etc/init.d/sendmail stopchkconfig - levels 235 postfix on/etc/init.d/postfix startchkconfig-级别235 Saslauthd/etc/init.d/saslauthd start
10。配置快递
[.] authmodulelist = "authmysql" # authmodulelist = "authuserdb authpam authpgsql authldap authmysql authcustom authpipe" [.]
authmodulelist/ etc / authlib / authdaemonrc现在,我们将告诉Courier再次验证MySQL数据库。首先,编辑
并改变价值
:
en / etc / authlib / authdaemonrc
MYSQL_SERVER localhost MYSQL_USERNAME mail_admin MYSQL_PASSWORD mail_admin_password MYSQL_PORT 0 users MYSQL_CRYPT_PWFIELD MYSQL_USER_TABLE MYSQL_DATABASE mail password password #MYSQL_CLEAR_PWFIELD MYSQL_GID_FIELD MYSQL_UID_FIELD 5000 5000 email MYSQL_LOGIN_FIELD MYSQL_HOME_FIELD "/ home / Vmail" MYSQL_MAILDIR_FIELD CONCAT (SUBSTRING_INDEX (email, '@', - 1), '/', SUBSTRING_INDEX (email, '@', 1), '/') #MYSQL_NAME_FIELD MYSQL_QUOTA_FIELD quota
/ etc / authlib / authmysqlrc
然后编辑
。确保输入内容的准确性。
cp / etc / authlib / authmysqlrc / etc / authlib / authmysqlrc_orig
/USR/lib/courier-imap/share/pop3d.pemcat / dev / null> / etc / authlib / authmysqlrc/USR/lib/courier-imap/etc/imapd.cnfen / etc / authlib / authmysqlrc/USR/lib/courier-imap/etc/pop3d.cnf快递重新启动:.cnfchkconfig-级别235 courier-imap onCN = Localhost/etc/init.d/courier-authlib restartserver1.example.com/etc/init.d/courier-imap重新启动您第一次启动courier-imap,它将自动生成身份验证文件/USR/lib/courier-imap/share/imapd.pem和
从文件。
和
。因为
rm -f imapd.pem文件包含RM -F POP3D.PEM行,我们的服务器被命名CN = Localhost因此,使用TLS连接可能会遇到麻烦。要解决此问题,让我们删除身份验证。/USR/lib/courier-imap/etc/imapd.cnfCD / USR / LIB / COURIER-IMAP /分享/USR/lib/courier-imap/etc/pop3d.cnf
cn = server1.example.com
[.] CN = server1.example.com [.]
。并更换行
[.] CN = server1.example.com [.]
在
和
经过
:
vi/usr/lib/courier-imap/etc/imapd.cnf
在/usr/lib/courier-imap/etc/pop3d.cnf中
然后重建这两个证书。
./mkimapdcert
/etc/init.d/courier-authlib restart./mkpop3dcert/etc/init.d/courier-imap重新启动。并重新启动Courier-Authlib,Courier-Imap:运行命令:
telnet localhost pop3
+好的你好
辞职
查看您的POP3服务器是否通过显示消息来正常工作
。 (类型
返回Linux Shell):
[root @ server1共享]#telnet localhost pop3
尝试:: 1。
连接到Localhost。
外国主机关闭的连接。逃生角色是'^]'。[root @ server1共享]#+好的,你好。11。编辑 / etc /别名+下次运气好。/ etc /别名
根
[.] postmaster: root root: [email protected] [.]
根
[.] postmaster: root root: administrator [.]
下一步是打开
。确保邮政局指出
和
例如,您的用户名或电子邮件:
vi / etc /别名
或这样(如果管理员属于您):
每当您修改 / etc /别名时,都必须运行命令:
然后重新启动后缀:新的/etc/init.d/postfix restart
12。安装Amavisd-New,Spamassassin和Clamav
要安装Amavisd-New,Spamassassin和Clamav同时运行以下命令:
yum安装amavisd-new spamassassin clamav clamav-data clamav-server clamav-update unzip bzip2/etc/amavisd/amavisd.conf
$ mydomain = 'example.com'; # một mặc định mặc định cho các phần khác
现在您需要执行此操作,编辑
$ mydomain = 'localhost'; # $ mydomain = 'example.com'; # một mặc định mặc định cho các đặt khác
文件。/etc/amavisd/amavisd.conf
$ sa_tag_level_deflt = 2.0; # add spam headers if at, or above that level $ sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level $ sa_kill_level_deflt = 6.9; # triggers evasive actions spam (eg blocks mail) $ sa_dsn_cutoff_level = 10; # spam level ở sau một số DSN không được gửi
在此文件中,我们需要更改5个位置:
$ sa_tag_level_deflt = 2.0; # add spam headers if at, or above that level $ sa_tag2_level_deflt = 4.0; # add 'spam detected' headers at that level $ sa_kill_level_deflt = $ sa_tag2_level_deflt; # triggers evasive actions spam (eg blocks mail) $ sa_dsn_cutoff_level = 10; # spam level ở sau mà một DSN không được gửi # $ sa_tag_level_deflt = 2.0; # add spam headers if at, or above that level # $ sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level # $ sa_kill_level_deflt = 6.9; # triggers spam evasive actions (eg blocks mail) # $ sa_dsn_cutoff_level = 10; # spam level ở sau một số DSN không được gửi
12.1:
改变城市
# @lookup_sql_dsn = # (['DBI: mysql: database = mail; host = 127.0.0.1; port = 3306', 'user1', 'passwd1'], # ['DBI: mysql: database = mail; host = host2 ',' username2 ',' password2 '], # ["DBI: SQLite: dbname = $ MYHOME / sql / mail_prefs.sqlite",' ',' ']); # @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database
12.2:
# @lookup_sql_dsn = # (['DBI: mysql: database = mail; host = 127.0.0.1; port = 3306', 'user1', 'passwd1'], # ['DBI: mysql: database = mail; host = host2 ',' username2 ',' password2 '], # ["DBI: SQLite: dbname = $ MYHOME / sql / mail_prefs.sqlite",' ',' ']); # @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database @lookup_sql_dsn = (['DBI: mysql: database = mail; host = 127.0.0.1; port = 3306', 'mail_admin', 'mail_admin_password']); $ sql_select_policy = 'SELECT "Y" as local FROM domains WHERE CONCAT ("@", domain) IN (% k)'; $ sql_select_white_black_list = undef; # undef disables SQL white / blacklisting $ recipient_delimiter = '+'; # (default is '+') $ replace_existing_extension = 1; # (default is false) $ localpart_is_case_sensitive = 0; # (default is false)
改变城市
# $ recipient_delimiter = '+'; # undef disables address extensions altogether # when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+
在这里,您可以根据需要调整垃圾邮件分数。
$recipient_delimiter = undef; # undef disables address extensions altogether # $recipient_delimiter = '+'; # undef disables address extensions altogether # when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+
12.3:改变
$final_virus_destiny = D_DISCARD; $final_banned_destiny = D_BOUNCE; $final_spam_destiny = D_DISCARD; $final_bad_header_destiny = D_BOUNCE;
城市
$final_virus_destiny = D_REJECT; $final_banned_destiny = D_REJECT; $final_spam_destiny = D_PASS; $final_bad_header_destiny = D_PASS; #$final_virus_destiny = D_DISCARD; #$final_banned_destiny = D_BOUNCE; #$final_spam_destiny = D_DISCARD; #$final_bad_header_destiny = D_BOUNCE;
改变12.4:城市
use strict; # a minimalistic configuration file for amavisd-new with all necessary settings # # see amavisd.conf-default for a list of all variables with their defaults; # see amavisd.conf-sample for a traditional-style commented file; # for more details see documentation in INSTALL, README_FILES/* # and at https://www.ijs.si/software/amavisd/amavisd-new-docs.html # COMMONLY ADJUSTED SETTINGS: # @bypass_virus_checks_maps = (1); # controls running of anti-virus code # @bypass_spam_checks_maps = (1); # controls running of anti-spam code # $bypass_decode_parts = 1; # controls running of decoders&dearchivers $max_servers = 2; # num of pre-forked children (2.30 is common), -m $daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u $daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g $mydomain = 'localhost'; #$mydomain = 'example.com'; # a convenient default for other settings $MYHOME = '/var/spool/amavisd'; # a convenient default for other settings, -H $TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T $ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc. $QUARANTINEDIR = undef; # -Q # $quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine # $release_format = 'resend'; # 'attach', 'plain', 'resend' # $report_format = 'arf'; # 'attach', 'plain', 'resend', 'arf' # $daemon_chroot_dir = $MYHOME; # chroot directory or undef, -R $db_home = "$MYHOME/db"; # dir for bdb nanny/cache/snmp databases, -D # $helpers_home = "$MYHOME/var"; # working directory for SpamAssassin, -S $lock_file = "/var/run/amavisd/amavisd.lock"; # -L $pid_file = "/var/run/amavisd/amavisd.pid"; # -P #NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually $log_level = 0; # verbosity 0.5, -d $log_recip_templ = undef; # disable by-recipient level-0 log entries $DO_SYSLOG = 1; # log via syslogd (preferred) $syslog_facility = 'mail'; # Syslog facility as a string # eg: mail, daemon, user, local0, . local7 $syslog_priority = 'debug'; # Syslog base (minimal) priority as a string, # choose from: emerg, alert, crit, err, warning, notice, info, debug $enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny) $enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1 $nanny_details_level = 2; # nanny verbosity: 1: traditional, 2: detailed $enable_dkim_verification = 1; # enable DKIM signatures verification $enable_dkim_signing = 1; # load DKIM signing code, keys defined by dkim_key @local_domains_maps = ( [".$mydomain"] ); # list of all local domains @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ); $unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter # option(s) -p overrides $inet_socket_port and $unix_socketname $inet_socket_port = 10024; # listen on this local TCP port(s) # $inet_socket_port = [10024,10026]; # listen on multiple TCP ports $policy_bank{'MYNETS'} = { # mail originating from @mynetworks originating => 1, # is true in MYNETS by default, but let's make it explicit os_fingerprint_method => undef, # don't query p0f for internal clients }; # it is up to MTA to re-route mail from authenticated roaming users or # from internal hosts to a dedicated TCP port (such as 10026) for filtering $interface_policy{'10026'} = 'ORIGINATING'; $policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users originating => 1, # declare that mail was submitted by our smtp client allow_disclaimers => 1, # enables disclaimer insertion if available # notify administrator of locally originating malware virus_admin_maps => ["virusalert@$mydomain"], spam_admin_maps => ["virusalert@$mydomain"], warnbadhsender => 1, # forward to a smtpd service providing DKIM signing service forward_method => 'smtp:[127.0.0.1]:10027', # force MTA conversion to 7-bit (eg before DKIM signing) smtpd_discard_ehlo_keywords => ['8BITMIME'], bypass_banned_checks_maps => [1], # allow sending any file names and types terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option }; $interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname # Use with amavis-release over a socket or with Petr Rehor's amavis-milter.c # (with amavis-milter.c from this package or old amavis.c client use 'AM.CL'): $policy_bank{'AM.PDP-SOCK'} = { protocol => 'AM.PDP', auth_required_release => 0, # do not require secret_id for amavisd-release }; $sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 4.0; # add 'spam detected' headers at that level $sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions (eg blocks mail) $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent #$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level #$sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level #$sa_kill_level_deflt = 6.9; # triggers spam evasive actions (eg blocks mail) #$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent $sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From # $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off $penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn database) $penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam $bounce_killer_score = 100; # spam score points to add for joe-jobbed bounces $sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger $sa_local_tests_only = 0; # only tests which do not require internet access? # @lookup_sql_dsn = # ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'], # ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'], # ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] ); # @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database @lookup_sql_dsn = ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'mail_admin', 'mail_admin_password'] ); $sql_select_policy = 'SELECT "Y" as local FROM domains WHERE CONCAT("@",domain) IN (%k)'; $sql_select_white_black_list = undef; # undef disables SQL white/blacklisting $recipient_delimiter = '+'; # (default is '+') $replace_existing_extension = 1; # (default is false) $localpart_is_case_sensitive = 0; # (default is false) # $timestamp_fmt_mysql = 1; # if using MySQL *and* msgs.time_iso is TIMESTAMP; # defaults to 0, which is good for non-MySQL or if msgs.time_iso is CHAR(16) $virus_admin = undef; # notifications recip. $mailfrom_notify_admin = undef; # notifications sender $mailfrom_notify_recip = undef; # notifications sender $mailfrom_notify_spamadmin = undef; # notifications sender $mailfrom_to_quarantine = ''; # null return path; uses original sender if undef @addr_extension_virus_maps = ('virus'); @addr_extension_banned_maps = ('banned'); @addr_extension_spam_maps = ('spam'); @addr_extension_bad_header_maps = ('badh'); $recipient_delimiter = undef; # undef disables address extensions altogether # $recipient_delimiter = '+'; # undef disables address extensions altogether # when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+ $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin'; # $dspam = 'dspam'; $MAXLEVELS = 14; $MAXFILES = 1500; $MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced) $MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced) $sa_spam_subject_tag = '***SPAM*** '; $defang_virus = 1; # MIME-wrap passed infected mail $defang_banned = 1; # MIME-wrap passed mail containing banned name # for defanging bad headers only turn on certain minor contents categories: $defang_by_ccat{+CC_BADH.",3"} = 1; # NUL or CR character in header $defang_by_ccat{+CC_BADH.",5"} = 1; # header line longer than 998 characters $defang_by_ccat{+CC_BADH.",6"} = 1; # header field syntax error # OTHER MORE COMMON SETTINGS (defaults may suffice): # $myhostname = 'host.example.com'; # must be a fully-qualified domain name! # $notify_method = 'smtp:[127.0.0.1]:10025'; # $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter! $final_virus_destiny = D_REJECT; $final_banned_destiny = D_REJECT; $final_spam_destiny = D_PASS; $final_bad_header_destiny = D_PASS; #$final_virus_destiny = D_DISCARD; #$final_banned_destiny = D_BOUNCE; #$final_spam_destiny = D_DISCARD; #$final_bad_header_destiny = D_BOUNCE; # $bad_header_quarantine_method = undef; # $os_fingerprint_method = 'p0f:*:2345'; # to query p0f-analyzer.pl ## hierarchy by which a final setting is chosen: ## policy bank (based on port or IP address) -> *_by_ccat ## *_by_ccat (based on mail contents) -> *_maps ## *_maps (based on recipient address) -> final configuration value # SOME OTHER VARIABLES WORTH CONSIDERING (see amavisd.conf-default for all) # $warnbadhsender, # $warnvirusrecip, $warnbannedrecip, $warnbadhrecip, (or @warn*recip_maps) # # @bypass_virus_checks_maps, @bypass_spam_checks_maps, # @bypass_banned_checks_maps, @bypass_header_checks_maps, # # @virus_lovers_maps, @spam_lovers_maps, # @banned_files_lovers_maps, @bad_header_lovers_maps, # # @blacklist_sender_maps, @score_sender_maps, # # $clean_quarantine_method, $virus_quarantine_to, $banned_quarantine_to, # $bad_header_quarantine_to, $spam_quarantine_to, # # $defang_bad_header, $defang_undecipherable, $defang_spam # REMAINING IMPORTANT VARIABLES ARE LISTED HERE BECAUSE OF LONGER ASSIGNMENTS @keep_decoded_original_maps = (new_RE( qr'^MAIL$', # ret ain full original message for virus checking qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, # qr'^Zip archive data', # don't trust Archive::Zip )); # for $banned_namepath_re (a new-style of banned table) see amavisd.conf-sample $banned_filename_re = new_RE( ### BLOCKED ANYWHERE # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components qr'^.(exe-ms|dll)$', # banned file(1) types, rudimentary # qr'^.(exe|lha|tnef|cab|dll)$', # banned file(1) types ### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES: # [ qr'^.(gz|bz2)$' => 0 ], # allow any in gzip or bzip2 [ qr'^.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives qr'.(pif|scr)$'i, # banned extensions - rudimentary # qr'^.zip$', # block zip type ### BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES: # [ qr'^.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within these archives qr'^application/x-msdownload$'i, # block these MIME types qr'^application/x-msdos-program$'i, qr'^application/hta$'i, # qr'^message/partial$'i, # rfc2046 MIME type # qr'^message/external-body$'i, # rfc2046 MIME type # qr'^(application/x-msmetafile|image/x-wmf)$'i, # Windows Metafile MIME type # qr'^. wmf$', # Windows Metafile file(1) type # block certain double extensions in filenames qr'.[^./]*[A-Za-z][^./]*.s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.s]*$'i, # qr'{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}}?'i, # Class ID CLSID, strict # qr'{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}}?'i, # Class ID extension CLSID, loose qr'.(exe|vbs|pif|scr|cpl)$'i, # banned extension - basic # qr'.(exe|vbs|pif|scr|cpl|bat|cmd|com)$'i, # banned extension - basic+cmd # qr'.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta| # inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst| # ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs| # wmf|wsc|wsf|wsh)$'ix, # banned ext - long # qr'.(ani|cur|ico)$'i, # banned cursors and icons filename # qr'^.ani$', # banned animated cursor file(1) type # qr'.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab. ); # See https://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631 # and https://www.cknow.com/vtutor/vtextensions.htm # ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING @score_sender_maps = ({ # a by-recipient hash lookup table, # results from all matching recipient tables are summed # ## per-recipient personal tables (NOTE: positive: black, negative: white) # '[email protected]' => [{'[email protected]' => 10.0}], # '[email protected]' => [{'.ebay.com' => -3.0}], # '[email protected]' => [{'[email protected]' => -7.0, # '.cleargreen.com' => -5.0}], ## site-wide opinions about senders (the '.' matches any recipient) '.' => [ # the _first_ matching sender determines the score boost new_RE( # regexp-type lookup table, just happens to be all soft-blacklist [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0], [qr'^(greatcasino|investments|lose_weight_today|market.alert)@'i=> 5.0], [qr'^(money2you|MyGreenCard|new.tld.registry|opt-out|opt-in)@'i=> 5.0] , [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0], [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0], [qr'^(your_friend|greatoffers)@'i => 5.0], [qr'^(inkjetplanet|marketopt|MakeMoney)d*@'i => 5.0], ), # read_hash("/var/amavis/sender_scores_sitewide"), { # a hash-type lookup table (associative array) '[email protected]' => -3.0, '[email protected]' => -3.0, '[email protected]' => -3.0, '[email protected]' => -3.0, 'securityfocus.com' => -3.0, '[email protected]' => -3.0, '[email protected]' => -3.0, '[email protected]' => -3.0, '[email protected]'=> -3.0, '[email protected]' => -3.0, 'spamassassin.apache.org' => -3.0, '[email protected]' => -3.0, '[email protected]' => -3.0, '[email protected]' => -3.0, '[email protected]' => -3.0, 'sendmail-announce-request@lists. sendmail.org' => -3.0, '[email protected]' => -3.0, '[email protected]' => -3.0, '[email protected]' => -3.0, '[email protected]' => -3.0, '[email protected]' => -3.0, '[email protected]' => -3.0, '[email protected]' => -3.0, '[email protected]' => -3.0, '[email protected]' => -3.0, '[email protected]' => -5.0, '[email protected]' => -3.0, 'returns.groups.yahoo.com' => -3.0, '[email protected]' => -3.0, lc('[email protected]') => -3.0, lc('[email protected]') => -5.0, # soft-blacklisting (positive score) '[email protected]' => 3.0, '.example.net' => 1.0, }, ], # end of site-wide tables }); @decoders = ( ['mail', &do_mime_decode], ['asc', &do_ascii], ['uue', &do_ascii], ['hqx', &do_ascii], ['ync', &do_ascii], ['F', &do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ], ['Z', &do_uncompress, ['uncompress','gzip -d','zcat'] ], ['gz', &do_uncompress, 'gzip -d'], ['gz', &do_gunzip], ['bz2', &do_uncompress, 'bzip2 -d'], ['lzo', &do_uncompress, 'lzop -d'], ['rpm', &do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ], ['cpio', &do_pax_cpio, ['pax','gcpio','cpio'] ], ['tar', &do_pax_cpio, ['pax','gcpio','cpio'] ], ['deb', &do_ar, 'ar'], # ['a', &do_ar, 'ar'], # unpacking .a seems an overkill ['zip', &do_unzip], ['7z', &do_7zip, ['7zr','7za','7z'] ], ['rar', &do_unrar, ['rar','unrar'] ], ['arj', &do_unarj, ['arj','unarj'] ], ['arc', &do_arc, ['nomarch','arc'] ], ['zoo', &do_zoo, ['zoo','unzoo'] ], ['lha', &do_lha, 'lha'], # ['doc', &do_ole, 'ripole'], ['cab', &do_cabextract, 'cabextract'], ['tnef', &do_tnef_ext, 'tnef'], ['tnef', &do_tnef], # ['sit', &do_unstuff, 'unstuff'], # broken/u nsafe decoder ['exe', &do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ], ); @av_scanners = ( # ### https://www.clanfield.info/sophie/ (https://www.vanja.com/tools/sophie/) # ['Sophie', # &ask_daemon, ["{}/n", '/var/run/sophie'], # qr/(?x)^ 0+ ( : | [00rn]* $)/m, qr/(?x)^ 1 ( : | [00rn]* $)/m, # qr/(?x)^ [-+]? d+ : (.*?) [00rn]* $/m ], # ### https://www.csupomona.edu/~henson/www/projects/SAVI-Perl/ # ['Sophos SAVI', &sophos_savi ], # ### https://www.clamav.net/ ['ClamAV-clamd', &ask_daemon, ["CONTSCAN {}n", "/var/spool/amavisd/clamd.sock"], qr/bOK$/m, qr/bFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], # # NOTE: run clamd under the same user as amavisd, or run it under its own # # uid such as clamav, add user clamav to the amavis group, and then add # # AllowSupplementaryGroups to clamd.conf; # # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in # # this entry; when running chrooted one may prefer socket "$MYHOME/clamd". # ### https://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred) # # note that Mail::ClamAV requires per l to be build with threading! # ['Mail::ClamAV', &ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/m ], # ### https://www.openantivirus.org/ # ['OpenAntiVirus ScannerDaemon (OAV)', # &ask_daemon, ["SCAN {}n", '127.0.0.1:8127'], # qr/^OK/m, qr/^FOUND: /m, qr/^FOUND: (.+)/m ], # ### https://www.vanja.com/tools/trophie/ # ['Trophie', # &ask_daemon, ["{}/n", '/var/run/trophie'], # qr/(?x)^ 0+ ( : | [00rn]* $)/m, qr/(?x)^ 1 ( : | [00rn]* $)/m, # qr/(?x)^ [-+]? d+ : (.*?) [00rn]* $/m ], # ### https://www.grisoft.com/ # ['AVG Anti-Virus', # &ask_daemon, ["SCAN {}n", '127.0.0.1:55555'], # qr/^200/m, qr/^403/m, qr/^403 .*?: ([^rn]+)/m ], # ### https://www.f-prot.com/ # ['F-Prot fpscand', # F-PROT Antivirus for BSD/Linux/Solaris, version 6 # &ask_daemon, # ["SCAN FILE {}/*n", '127.0.0.1:10200'], # qr/^(0|8|64) /m, # qr/^([1235679]|1[01345]) |<[^>:]*(?i)(infected|suspicious|unwanted)/m, # qr/(?i)<[^>:]*(?:infected|suspicious|unwanted)[^>:]*: ([^>]*)>/m ], # ### https://www.f-prot.com/ # ['F-Prot f-protd', # old version # &ask_daemon, # ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0rnrn", # ['127.0.0.1:10200', '127.0.0.1:10201', '127.0.0.1:10202', # '127.0.0.1:10203', '127.0.0.1:10204'] ], # qr/(?i)
]*>clean/m, # qr/(?i)
]*>infected/m, # qr/(?i)(.+)/m ], # ### https://www.sald.com/, https://www.dials.ru/english/, https://www.drweb.ru/ # ['DrWebD', &ask_daemon, # DrWebD 4.31 or later # [pack('N',1). # DRWEBD_SCAN_CMD # pack('N',0x00280001). # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES # pack('N', # path length # length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")). # '{}/*'. # path # pack('N',0). # content size # pack('N',0), # '/var/drweb/run/drwebd.sock', # # '/var/amavis/var/run/drwebd.sock', # suitable for chroot # # '/usr/local/drweb/run/drwebd.sock', # FreeBSD drweb ports default # # '127.0.0.1:3000', # or over an inet socket # ], # qr/Ax00[x10x11][x00x10]x00/sm, # IS_CLEAN,EVAL_KEY; SKIPPED # qr/Ax00[x00x01][x00x10][x20x40x80]/sm,# KNOWN_V,UNKNOWN_V,V._MODIF # qr/A.{12}(?:infected with )?([^x00]+)x00/sm, # ], # # NOTE: If using amavis-milter, change length to: # # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx"). ### https://www.kaspersky.com/ (kav4mailservers) ['KasperskyLab AVP - aveclient', ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient', '/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'], '-p /var/run/aveserver -s {}/*', [0,3,6,8], qr/b(INFECTED|SUSPICION|SUSPICIOUS)b/m, qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.+)/m, ], # NOTE: one may prefer [0],[2,3,4,5], depending on how suspicious, # currupted or protected archives are to be handled ### https://www.kaspersky.com/ ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'], '-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ? qr/infected: (.+)/m, sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"}, sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, ], ### The kavdaemon and AVPDaemonClient have been removed from Kasperky ### products and replaced by aveserver and aveclient ['KasperskyLab AVPDaemonClient', [ '/opt/AVP/kavdaemon', 'kavdaemon', '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient', '/opt/AVP/AvpTeamDream', 'AvpTeamDream', '/opt/AVP/avpdc', 'avpdc' ], "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^rn]+)/m ], # change the startup-script in /etc/init.d/kavd to: # DPARMS="-* -Y -dl -f=/var/amavis /var/amavis" # (or perhaps: DPARMS="-I0 -Y -* /var/amavis" ) # adjusting /var/amavis above to match your $TEMPBASE. # The '-f=/var/amavis' is needed if not running it as root, so it # can find, read, and write its pid file, etc., see 'man kavdaemon'. # defUnix.prf: there must be an entry "*/var/amavis" (or whatever # directory $TEMPBASE specifies) in the 'Names=' section. # cd /opt/AVP/DaemonClients; configure; cd Sample; make # cp AvpDaemonClient /opt/AVP/ # su - vscan -c "${P
![解锁Android主屏幕布局的最终指南[所有品牌]](https://ksfboa.com/tech/jacki/wp-content/uploads/cache/2025/05/android-main-screen.jpg)
![[5个解决方案]当您忘记iPhone代码时,如何解锁iPhone?](https://ksfboa.com/tech/jacki/wp-content/uploads/cache/2025/05/passixer-interface.png)
