postfix+slockd做邮件网关

发表于 2009-01-09 更新于 2025-02-15 分类于 mail

之前想做，可是坛子里边没有相应的文章，幸得何老大的指点和互联网上找的文章，东拼西凑做了出来。上星期上线，效果很好，就是灰名单截了不少合法的邮件，但是不知道如何放行。觉得还是把自己的配置过程贴出来，好让后来者少走弯路，如果里边有错误请指正，因为我对postfix不是太熟悉，谢谢

注：mydomain1.com及mydomain2.com是需要转递邮件的两个域名

1.安装freebsd 6.1 cvsup source 并且 make world cvsup ports 修改/etc/rc.conf，加入： sendmail_enable = “NO” sendmail_submit_enable = “NO” sendmail_outbound_enable = “NO” sendmail_msp_queue_enable = “NO” 修改/etc/periodic.conf daily_clean_hoststat_enable = “NO” daily_status_mail_rejects_enable = “NO” daily_status_include_submit_mailq = “NO” daily_submit_queuerun = “NO”

2.安装postfix cd /usr/ports/mail/postfix make install clean 安装过程当中的选项选择默认选项

3.配置postfix为邮件网关修改/usr/local/etc/postfix/main.cf以下行： mynetworks = 127.0.0.0/8 10.40.0.0/24 #10.40.0.0/24根据自己的内网ip修改 myorigin = mydomain1.com mydestination = local_recipient_maps = local_transport = error:local mail delivery is disabled virtual_alias_maps = hash:/usr/local/etc/postfix/virtual relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients transport_maps = hash:/usr/local/etc/postfix/transport relay_domains = mydomain1.com mydomain2.com parent_domain_matches_subdomains = debug_peer_list smtpd_access_maps smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destiantion #此时不修改此项也行，因为后边安装clam也要修改

修改/usr/local/etc/postfix/virtual，加入： postmaster postmaster@mydomain1.com

新建/usr/local/etc/postfix/relay_recipients，内容为转递的邮件地址： user1@mydomain1.com x user2@mydomain1.com x … user1@mydomain2.com x …

修改/usr/local/etc/postfix/transport，加入： mydomain1.com smtp:[10.40.0.3]:8025 #10.40.0.3为最终MTA的地址，8025是这个MTA的smtp端口，如果MTA的地址是ip，则必须用[]括住 mydomain2.com smtp:[10.40.0.3]:8025

运行/usr/local/sbin/postmap /usr/local/etc/postfix/virtual 运行/usr/local/sbin/postmap /usr/local/etc/postfix/relay_recipients 运行/usr/local/sbin/postmap /usr/local/etc/postfix/transport 这三个文件每次修改都要重新运行对应的命令，已生成.db文件

4.安装amavisd-new（抄自http://www.extmail.org/docs/extmail\_solution\_freebsd/） cd /usr/ports/security/amavisd-new make install clean 确保选择 LDAP MILTER RAR ARJ LHA ARC ZOO UNZOO LZOP FREEZE

修改/usr/local/etc/amavisd.conf $max_servers = 10; $sa_spam_subject_tag = '[SPAM] '; $mydomain = 'mydomain1.com'; $myhostname = 'mail.mydomain1.com'; @local_domains_maps = qw(.); $sa_tag_level_deflt = undef; $sa_tag2_level_deflt = 5.0; $sa_kill_level_deflt = 5.0; $final_virus_destiny = D_DISCARD; $final_banned_destiny = D_DISCARD; $final_spam_destiny = D_DISCARD; $virus_admin = “postmaster\@$mydomain”; $mailfrom_notify_admin = “postmaster\@$mydomain”; $mailfrom_notify_recip = “postmaster\@$mydomain”; $mailfrom_notify_spamadmin = “postmaster\@$mydomain”; @whitelist_sender_maps = read_hash(“$MYHOME/white.lst”); @blacklist_sender_maps = read_hash(“$MYHOME/black.lst”); $spam_quarantine_to = “spam\@$mydomain”; $virus_quarantine_to = “virus\@$mydomain”; $banned_quarantine_to = “spam\@$mydomain”; $hdrfrom_notify_admin = “Content Filter “;

运行 touch /var/amavis/white.txt touch /var/amavis/black.txt chown –R vscan:vscan /var/amavis/

修改/usr/local/etc/postfix/main.cf，增加： smtp-amavis unix - - n - 4 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes

127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o receive_override_options=

运行 postconf -e 'content_filter = smtp-amavis:[localhost]:10024' postconf -e 'receive_override_options = no_address_mappings'

5.安装clamav（抄自http://www.extmail.org/docs/extmail\_solution\_freebsd/） cd /usr/ports/security/clamav make install clean 修改usr/local/etc/clamd.conf User vscan 修改/usr/local/etc/freshclam.conf DatabaseOwner vscan 修改/usr/local/etc/amavisd.conf，增加 ['ClamAV-clamd', \&ask_daemon, [“CONTSCAN {}\n”, “/var/run/clamav/clamd”], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], 运行 chown –R vscan:vscan /var/run/clamav/ chown –R vscan:vscan /var/log/clamav/ chown –R vscan:vscan /var/db/clamav/

6.配置Spamassassin（抄自http://www.extmail.org/docs/extmail\_solution\_freebsd/） cp /usr/local/etc/mail/spamassassin/local.cf.sample /usr/local/etc/mail/spamassassin/local.cf 修改/usr/local/etc/mail/spamassassin/local.cf report_safe 1 use_bayes 0 auto_learn 0 bayes_auto_expire 1 skip_rbl_checks 1 use_razor2 0 use_dcc 0 use_pyzor 0 dns_available no lock_method flock 新建/var/cron/sa.sh #!/bin/sh cd /tmp/ fetch -q http://www.ccert.edu.cn/spam/sa/Chinese\_rules.cf mv Chinese_rules.cf /usr/local/share/spamassassin/ /usr/local/etc/rc.d/amavisd forcerestart > /dev/null 执行chmod +x /var/cron/sa.sh 修改/etc/crontab，增加 0 0 * * 6 root /var/cron/sa.sh

修改/etc/rc.conf，增加 postfix_enable=”YES” clamav_clamd_enable=”YES” clamav_freshclam_enable=”YES” spamd_enable=”YES” amavisd_enable=”YES”

7.安装slockd 下载slockd.tar.gz tar zxf slockd.tar.gz mv slockd /usr/local/ 修改/usr/local/slockd/config/main.cf 去掉log_file的注释修改/usr/local/etc/postfix/main.cf smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, check_policy_service inet:127.0.0.1:10030 修改/etc/rc.conf slockd_enable=”YES”

reboot，搞定