邮件服务器（postfix + dovecot + extmail + extman + MailScanner + spamassassin + ClamAV ）-CSDN博客

删除系统自带的postfix，因为默认的不支持mysql虚拟认证，手动定制

# service postfix stop
# rpm --nodeps -e postfix
# userdel postfix
# groupdel postdrop

# groupadd -g 2525 postfix
# groupadd -g 2526 postdrop
# useradd -g postfix -u 2525 -s /sbin/nologin -M postfix
# useradd -g postdrop -u 2526 -s /sbin/nologin -M postdrop

# wget -c ftp://ftp.cuhk.edu.hk/pub/packages/mail-server/postfix/official/postfix-2.8.7.tar.gz
# tar -xvzf postfix-2.8.7.tar.gz
# cd postfix-2.8.7
# make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DUSE_TLS ' 'AUXLIBS=-L/usr/local/mysql/lib -lmysqlclient -lz -lm -L/usr/lib64/sasl2 -lsasl2 -lssl -lcrypto'
# make && make install
tempdir: [/root/software/postfix-2.8.7] /tmp
[注：其他默认]

# vim /etc/aliases
# postalias /etc/postfix/aliases

# vim /etc/postfix/main.cf
myhostname = mail.test.com
mydomain = test.com
myorigin = test.com
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 192.168.1.0/24, 127.0.0.0/8
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases

# rm -f /usr/lib/sendmail
# ln -s /usr/sbin/sendmail /usr/lib/sendmail
# chown -R postfix:root /var/spool/postfix
# chown postfix:postdrop /var/spool/postfix/maildrop
# chown postfix:postdrop /var/spool/postfix/public
# chown -R postfix:root /var/lib/postfix
# /usr/sbin/postfix start

测试：
telnet mail.test.com 25
ehlo mail.test.com
mail from:root@test.com
rcpt to:news@test.com
data
subject:Mail Test!
Hello World!
.
quit

=========================================================================================
Postfix虚拟认证配置
到官方 http://www.extmail.org/ 下载extman、extmail

# tar -xvzf extman-1.1.tar.gz
# sed -i 's/TYPE=/ENGINE=/g' extman-1.1/docs/extmail.sql
# mysql -uroot -pxinhuo123 < extman-1.1/docs/extmail.sql
# mysql -uroot -pxinhuo123 < extman-1.1/docs/init.sql

# vim /etc/postfix/main.cf
virtual_mailbox_base = /mailbox
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_domains =
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
virtual_transport = virtual
dovecot_destination_recipient_limit = 1
dovecot_destination_concurrency_limit = 1

smtpd_recipient_limit = 200
header_size_limit = 102400
message_size_limit = 20480000
mailbox_size_limit = 1024000000
virtual_mailbox_limit = 1024000000
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota!
virtual_overquota_bounce = yes

notify_classes = policy, resource, software
local_destination_concurrency_limit = 2
minimal_backoff_time = 1000s
maximal_backoff_time = 4000s
queue_run_delay = 1000s

# cp mysql_virtual_* /etc/postfix

【说明：启用虚拟域以后，需要取消中心域，即注释掉mydestination】

【smtp认证】
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
broken_sasl_auth_clients = yes
smtpd_sasl_application_name = smtpd
smtpd_banner = Welcome to $mydomain server!

【反垃圾】
smtpd_helo_required = yes
smtpd_delay_reject = yes
disable_vrfy_command = yes

smtpd_client_restrictions = check_client_access hash:/etc/postfix/client_access,
# reject_rbl_client sbl.spamhaus.org,
# reject_rbl_client relays.ordb.org,
# reject_rbl_client opm.blitzed.org,
# reject_rbl_client list.dsbl.org,
# reject_rbl_client cbl.abuseat.org,
# reject_rbl_client dul.dnsbl.sorbs.net,
# reject_rbl_client dun.dnsrbl.net

smtpd_helo_restrictions = reject_invalid_hostname,
check_helo_access hash:/etc/postfix/helo_access

smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
permit_auth_destination,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_unknown_sender_domain,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_pipeling,
reject_unauth_destination,
check_relay_domains,
reject_rbl_client multi.uribl.com,
reject_rbl_client dsn.rfc-ignorant.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client ix.dnsbl.manitu.net,
reject_rbl_client combined.rbl.msrbl.net,
reject_rbl_client rabl.nuclearelephant.com,
reject_rbl_client cbl.anti-spam.org.cn=127.0.8.2,
reject_rbl_client cdl.anti-spam.org.cn=127.0.8.4,
reject_rbl_client cblplus.anti-spam.org.cn=127.0.8.6,
reject_rbl_client cblless.anti-spam.org.cn=127.0.8.5,
permit

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
# reject_rhsbl_sender relays.ordb.org,
# reject_rhsbl_sender opm.blitzed.org,
# reject_rhsbl_sender dun.dnsrbl.net

smtpd_data_restrictions = reject_unauth_pipelining
header_checks = regexp:/etc/postfix/head_checks
body_checks = regexp:/etc/postfix/body_checks

# touch /etc/postfix/head_checks
# touch /etc/postfix/body_checks
# touch /etc/postfix/client_access
# touch /etc/postfix/sender_access
# touch /etc/postfix/helo_access

# postmap /etc/postfix/head_checks
# postmap /etc/postfix/body_checks
# postmap /etc/postfix/client_access
# postmap /etc/postfix/sender_access
# postmap /etc/postfix/helo_access

--------------------------------------------------------------------------------------------------------------------------------------------

登录认证【courier-authlib】
# wget -c http://mirror.bjtu.edu.cn/gnu/libtool/libtool-2.4.2.tar.gz
# tar -xvzf libtool-2.4.2.tar.gz
# cd libtool-2.4.2
# ./configure
# make && make install

# wget -c https://sourceforge.net/projects/courier/files/authlib-devel/20111230/courier-authlib-0.63.1.20111230.tar.bz2
# tar -jxvf courier-authlib-0.63.1.20111230.tar.bz2
# cd courier-authlib-0.63.1.20111230
# ./configure --prefix=/usr/local/courier-authlib \
--without-stdheaderdir \
--with-authmysql \
--with-mysql-libs=/usr/local/mysql/lib \
--with-mysql-includes=/usr/local/mysql/include/mysql
# make && make install
# make install-configure

# vim /usr/local/courier-authlib/etc/authlib/authdaemonrc
authmodulelist="authmysql"
authmodulelistorig="authmysql"
DEBUG_LOGIN=2 【正式环境改为0】

# vim /usr/local/courier-authlib/etc/authlib/authmysqlrc
MYSQL_SERVER localhost
MYSQL_USERNAME extmail
MYSQL_PASSWORD extmail
MYSQL_SOCKET /data2/mysql/mysql.sock
MYSQL_PORT 3306
MYSQL_DATABASE extmail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD '2525'
MYSQL_GID_FIELD '2525'
MYSQL_LOGIN_FIELD username
MYSQL_NAME_FIELD name
MYSQL_HOME_FIELD concat('/mailbox/',homedir)
MYSQL_MAILDIR_FIELD concat('/mailbox/',maildir)
MYSQL_QUOTA_FIELD quota

# vim /etc/sasl2/smtpd.conf
pwcheck_method: authdaemond
log_level: 3
authdaemond_path: /usr/local/courier-authlib/var/spool/authdaemon/socket

# chmod -R 755 /usr/local/courier-authlib/var/spool/authdaemon
# echo "/usr/local/courier-authlib/lib/courier-authlib" >> /etc/ld.so.conf
# ldconfig

# cp courier-authlib-0.63.1.20111230/courier-authlib.sysvinit /etc/init.d/courier-authlib
# chmod 755 /etc/init.d/courier-authlib
# chkconfig --level 235 courier-authlib on
# service courier-authlib start

=========================================================================================
邮件接收【dovecot】
# useradd -M -s /sbin/nologin -d /dev/null dovecot
# wget -c http://www.dovecot.org/releases/2.0/dovecot-2.0.17.tar.gz
# tar -xvzf dovecot-2.0.17.tar.gz
# cd dovecot-2.0.17
# ./configure --prefix=/usr/local/dovecot --sysconfdir=/usr/local/etc --with-mysql --disable-ipv6
# make && make install

# cp -r /usr/local/dovecot/share/doc/dovecot/example-config/* /usr/local/etc/dovecot/
# mv /usr/local/etc/dovecot/conf.d/10-ssl.conf /usr/local/etc/dovecot/conf.d/10-ssl.conf.bak

# vim /usr/local/etc/dovecot/dovecot.conf
protocols = imap pop3 lmtp
listen = *
base_dir = /var/run/dovecot
disable_plaintext_auth = no
shutdown_clients = yes
log_path = /var/log/dovecot.log
ssl = no
mail_location = maildir:/mailbox/%d/%n/Maildir
pop3_uidl_format = %08Xu%08Xv

auth_default_realm = test.com
default_login_user = dovecot
default_internal_user = dovecot
mail_uid = 2525
mail_gid = 2525
first_valid_uid = 2525
last_valid_uid = 2525

protocol imap {
login_executable = /usr/local/dovecot/libexec/dovecot/imap-login
mail_executable = /usr/local/dovecot/libexec/dovecot/imap
mail_plugins = quota imap_quota
imap_client_workarounds = outlook-idle delay-newmail
}

protocol pop3 {
mail_plugins = quota
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}

auth default {
mechanisms = plain login cram-md5

passdb sql {
args = /usr/local/etc/dovecot/dovecot-mysql.conf
}

userdb sql {
args = /usr/local/etc/dovecot/dovecot-mysql.conf
}

socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}

# vim /usr/local/etc/dovecot/dovecot-mysql.conf
driver = mysql
connect = host=localhost dbname=extmail user=extmail password=extmail
default_pass_scheme = CRYPT
password_query = SELECT username AS user,password AS password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, uidnumber AS uid, gidnumber AS gid FROM mailbox WHERE username = '%u'

# echo "/usr/local/dovecot/lib/dovecot" >> /etc/ld.so.conf
# ldconfig

# /usr/local/dovecot/bin/doveconf -n > dovecot-new.conf
# mv dovecot.conf dovecot.conf.bak
# mv dovecot-new.conf dovecot.conf
# /usr/local/dovecot/sbin/dovecot -c /usr/local/etc/dovecot/dovecot.conf

# echo "/usr/local/dovecot/sbin/dovecot -c /usr/local/etc/dovecot/dovecot.conf" >> /etc/rc.local

# mkdir -p /data4/mailbox/extmail.org/postmaster/Maildir
# chown -R postfix:postfix /data4/mailbox
# ln -s /data4/mailbox /mailbox
# killall dovecot
# /usr/local/dovecot/sbin/dovecot -c /usr/local/etc/dovecot/dovecot.conf

【测试】
/usr/local/courier-authlib/sbin/authtest -s login postmaster@extmail.org extmail

=========================================================================================
# yum -y install perl-CGI

# wget -c http://search.cpan.org/CPAN/authors/id/M/MH/MHARNISCH/Unix-Syslog-1.1.tar.gz
# tar -xvzf Unix-Syslog-1.1.tar.gz
# cd Unix-Syslog-1.1
# perl Makefile.PL
# make && make install

# yum -y install perl-DBI
# rpm -e perl-DBD-MySQL

# wget -c http://mirrors.163.com/cpan/authors/id/C/CA/CAPTTOFU/DBD-mysql-4.020.tar.gz
# tar -xvzf DBD-mysql-4.020.tar.gz
# cd DBD-mysql-4.020
# perl Makefile.PL --libs="-L/usr/local/mysql/lib -lmysqlclient -lz" --cflags=-I/usr/local/mysql/include
# make && make install

# tar -xvzf extmail-1.2.tar.gz -C /data1/www/
# mv /data1/www/extmail-1.2 /data1/www/extmail
# mv /data1/www/extmail/webmail.cf.default /data1/www/extmail/webmail.cf

# vim /data1/www/extmail/webmail.cf
SYS_CONFIG = /data1/www/extmail/
SYS_LANGDIR = /data1/www/extmail/lang
SYS_TEMPLDIR = /data1/www/extmail/html
SYS_MAILDIR_BASE = /mailbox
SYS_MYSQL_USER = extmail
SYS_MYSQL_PASS = extmail
SYS_MYSQL_DB = extmail
SYS_MYSQL_HOST = localhost
SYS_MYSQL_SOCKET = /data2/mysql/mysql.sock
SYS_AUTHLIB_SOCKET = /usr/local/courier-authlib/var/spool/authdaemon/socket
SYS_G_ABOOK_FILE_PATH = /data1/www/extmail/globabook.cf

# chown -R postfix:postfix /data1/www/extmail
# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin root@test.com
ServerName mail.test.com:80
DocumentRoot /data1/www/extmail/html

ScriptAlias /extmail/cgi/ /data1/www/extmail/cgi/
Alias /extmail /data1/www/extmail/html

<Directory "/data1/www/extmail/html">
Options +ExecCGI
AddHandler cgi-script .pl .cgi
Order allow,deny
Allow from all
AllowOverride all
</Directory>
</VirtualHost>

修改 apache 的启动用户和组为 postfix
User postfix
Group postfix

登陆账号信息：
http://mail.test.com
postmaster
extmail
extmail.org

=========================================================================================
# wget -c http://mirrors.ustc.edu.cn/CPAN/authors/id/L/LD/LDS/GD-2.46.tar.gz
# tar -xvzf GD-2.46.tar.gz
# cd GD-2.46
# perl Makefile.PL
# make && make install

# wget -c http://mirrors.ustc.edu.cn/CPAN/authors/id/M/MG/MGRABNAR/File-Tail-0.99.3.tar.gz
# tar -xvzf File-Tail-0.99.3.tar.gz
# cd File-Tail-0.99.3
# perl Makefile.PL
# make && make install

# yum -y install rrdtool rrdtool-perl

# tar -xvzf extman-1.1.tar.gz -C /data1/www/extmail
# mv /data1/www/extmail/extman-1.1 /data1/www/extmail/extman
# chown -R postfix:postfix /data1/www/extmail
# mv /data1/www/extmail/extman/webman.cf.default /data1/www/extmail/extman/webman.cf
# vim /data1/www/extmail/extman/webman.cf
SYS_CONFIG = /data1/www/extmail/extman/
SYS_LANGDIR = /data1/www/extmail/extman/lang
SYS_TEMPLDIR = /data1/www/extmail/extman/html
SYS_MAILDIR_BASE = /mailbox
SYS_SESS_DIR = /var/extman/
SYS_DEFAULT_UID = 2525
SYS_DEFAULT_GID = 2525
SYS_MYSQL_USER = webman
SYS_MYSQL_PASS = webman
SYS_MYSQL_DB = extmail
SYS_MYSQL_HOST = localhost
SYS_MYSQL_SOCKET = /data2/mysql/mysql.sock

# mkdir /var/extman
# chmod 777 /var/extman

# vim /usr/local/apache/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin root@test.com
ServerName mail.test.com:80
DocumentRoot /data1/www/extmail/html

ScriptAlias /extmail/cgi/ /data1/www/extmail/cgi/
Alias /extmail /data1/www/extmail/html

ScriptAlias /extman/cgi/ /data1/www/extmail/extman/cgi/
Alias /extman /data1/www/extmail/extman/html

<Directory "/data1/www/extmail/html">
Options +ExecCGI
AddHandler cgi-script .pl .cgi
Order allow,deny
Allow from all
AllowOverride all
</Directory>
</VirtualHost>

# cd /data1/www/extmail/extman/addon/mailgraph_ext
# mkdir /usr/local/mailgraph_ext
# cp mailgraph_ext.pl mailgraph-init qmonitor.pl /usr/local/mailgraph_ext
# /usr/local/mailgraph_ext/mailgraph-init start
# echo "/usr/local/mailgraph_ext/mailgraph-init start" >> /etc/rc.local

# /data1/www/extmail/extman/daemon/cmdserver -v -d
# echo "/data1/www/extmail/extman/daemon/cmdserver -v -d" >> /etc/rc.local

登陆账号信息：
http://mail.test.com/extman
root@extmail.org
extmail*123*

=========================================================================================
反邮件垃圾部分【Spamassassin】
# yum -y install spamassassin
# vim /etc/mail/spamassassin/local.cf
required_hits 10.0
required_score 6.0
rewrite_subject 0
rewrite_header Subject *****SPAM*****
report_safe 0
use_terse_report 0
use_bayes 1
bayes_auto_learn 1
skip_rbl_checks 1
use_razor2 0
use_pyzor 0
ok_languages all
ok_locales all
bayes_min_spam_num 200
bayes_learn_during_report 1
bayes_auto_learn_threshold_nonspam 0.0
bayes_auto_learn_threshold_spam 11.0
bayes_expiry_max_db_size 1500000

bayes_ignore_header X-Upstream-Spamfilter
bayes_ignore_header X-Upstream-SomethingElse
bayes_path /root/.spamassassin/bayes

score HEADER_8BITS 0
score HTML_COMMENT_8BITS 0
score SUBJ_FULL_OF_8BITS 0
score UPPERCASE_25_50 0
score UPPERCASE_50_75 0
score UPPERCASE_75_100 0
score FH_DATE_PAST_20XX 0.0

header RCVD_IN_CBL eval:check_rbl('cbl', 'cbl.anti-spam.org.cn.')
describe RCVD_IN_CBL Received via a relay in cbl.anti-spam.org.cn
tflags RCVD_IN_CBL net

header RCVD_IN_CDL eval:check_rbl('cdl-notfirsthop', 'cdl.anti-spam.org.cn.')
describe RCVD_IN_CDL CDL: dialup sender did non-local SMTP
tflags RCVD_IN_CDL net

score RCVD_IN_CBL 4.0
score RCVD_IN_CDL 3.0

# mkdir /root/.spamassassin/bayes
# chkconfig --level 235 spamassassin on
# service spamassassin start

=========================================================================================
反病毒部分【ClamAV】
# groupadd clamav
# useradd -g clamav -s /sbin/nologin -d /dev/null clamav

# yum -y install perl-IO-Socket-SSL

# wget -c http://mirror.team-cymru.org/CPAN/authors/id/J/JM/JMEHNLE/net-dns-resolver-programmable/Net-DNS-Resolver-Programmable-v0.003.tar.gz
# tar -xvzf Net-DNS-Resolver-Programmable-v0.003.tar.gz
# cd Net-DNS-Resolver-Programmable-v0.003
# perl Makefile.PL
# make && make install

# wget -c http://mirrors.xmu.edu.cn/CPAN/authors/id/J/JM/JMEHNLE/mail-spf/Mail-SPF-v2.007.tar.gz
# tar -xvzf Mail-SPF-v2.007.tar.gz
# cd Mail-SPF-v2.007
# perl Makefile.PL
# make && make install

# yum -y install perl-NetAddr-IP

# wget -c http://prdownloads.sourceforge.net/razor/razor-agents-2.84.tar.bz2
# tar -jxvf razor-agents-2.84.tar.bz2
# cd razor-agents-2.84
# perl Makefile.PL
# make && make install

# wget -c http://prdownloads.sourceforge.net/razor/razor-agents-sdk-2.07.tar.bz2
# tar -jxvf razor-agents-sdk-2.07.tar.bz2
# cd razor-agents-sdk-2.07
# perl Makefile.PL
# make && make install

# wget -c http://www.rhyolite.com/dcc/source/dcc.tar.Z
# tar -xvzf dcc.tar.Z
# cd dcc-1.3.140
# ./configure
# make && make install

# wget -c http://iweb.dl.sourceforge.net/project/clamav/clamav/0.97.3/clamav-0.97.3.tar.gz
# tar -xvzf clamav-0.97.3.tar.gz
# cd clamav-0.97.3
# ./configure --prefix=/usr/local/clamav --with-dbdir=/usr/local/clamav/share
# make && make install

# mkdir /var/log/clamav
# mkdir /var/run/clamav
# chown -R clamav:clamav /var/run/clamav
# chown -R clamav:clamav /var/log/clamav

# vim /usr/local/clamav/etc/clamd.conf
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 2M
LogTime yes
LogSyslog yes
LogFacility LOG_MAIL
LogVerbose yes
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /usr/local/clamav/share
LocalSocket /var/run/clamav/clamd.socket
StreamMaxLength 20M
MaxDirectoryRecursion 15
User clamav
ScanMail yes
ScanArchive yes

# vim /usr/local/clamav/etc/freshclam.conf
DatabaseDirectory /usr/local/clamav/share
UpdateLogFile /var/log/clamav/freshclam.log
LogFileMaxSize 2M
LogTime yes
LogVerbose yes
LogSyslog yes
LogFacility LOG_MAIL
PidFile /var/run/clamav/freshclam.pid
DatabaseOwner clamav
DatabaseMirror db.CN.clamav.net
DatabaseMirror database.clamav.net
Checks 12
NotifyClamd /usr/local/clamav/etc/clamd.conf

# echo "/usr/local/clamav/lib" >> /etc/ld.so.conf
# ldconfig

# echo "/usr/local/clamav/sbin/clamd" >> /etc/rc.local
# /usr/local/clamav/sbin/clamd
# /usr/local/clamav/bin/freshclam

# crontab -e
40 * * * * /usr/local/clamav/bin/freshclam >/dev/null 2>&1

=========================================================================================
邮件扫描【MailScanner】
# yum -y install rpm-build

# wget -c http://mirrors.163.com/cpan/authors/id/P/PM/PMQS/Compress-Raw-Zlib-2.027.tar.gz
# tar -xvzf Compress-Raw-Zlib-2.027.tar.gz
# cd Compress-Raw-Zlib
# perl Makefile.PL
# make && make install

【注：MailScanner自带的Compress-Raw-Zlib-2.027容易失败，所以手动编译安装】

# wget -c http://www.mailscanner.info/files/4/rpm/MailScanner-4.84.3-1.rpm.tar.gz
# tar -xvzf MailScanner-4.84.3-1.rpm.tar.gz
# cd MailScanner-4.84.3-1
# ./install.sh nodeps

# vim /etc/MailScanner/MailScanner.conf
%org-name% = test.com
%org-long-name% = mytest
%web-site% = mail.test.com
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Virus Scanners = clamav
Required SpamAssassin Score = 7
High SpamAssassin Score = 10
Spam Actions = deliver header "X-Spam-Status: Yes"
High Scoring Spam Actions = delete forward root@test.com
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
Use SpamAssassin = yes

# vim /etc/postfix/main.cf
header_checks = regexp:/etc/postfix/header_checks

# vim /etc/postfix/header_checks
/^Received:/ HOLD
【注：末行添加】

# mkdir /var/spool/MailScanner/spamassassin
# cd /var/spool/MailScanner
# chown -R postfix.postfix incoming quarantine spamassassin
# service MailScanner start
【注：去掉 /etc/rc.local 中的启动项 /usr/sbin/postfix start，因为启动 MailScanner 会自动启动它】

病毒邮件测试：
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

转载于:https://blog.51cto.com/sofar/782236