此文结合上一篇《RHEL6服务器Mail服务》进行部署
1、查看解析域名
# nslookup mail.cluster.com Server: 10.10.10.15 Address: 10.10.10.15#53 Name: mail.cluster.com Address: 10.10.10.15 # nslookup --验证邮件交换记录 > set type=mx > cluster.com --这里写域,不是域名 Server: 10.10.10.15 Address: 10.10.10.15#53 cluster.com mail exchanger = 0 10.10.10.15.
2、配置main.cf
# vim /etc/postfix/main.cf myhostname = mail.cluster.com mydomain = cluster.com myorigin = $mydomain inet_interfaces = all ---把原来的localhost注释掉 mydestination = $myhostname, localhost.$mydomain, localhost,$mydomain mynetworks =127.0.0.0/8,10.1.1.0/24,172.16.0.0/16
3、安装杀毒软件
(1)建立身份用户
# groupadd -g 108 clamav # useradd -g clamav -u 108 clamav
(2)安装和编译
# tar xvf clamav-0.97.6.tar.gz -C /usr/src # cd /usr/src/clamav-0.97.6 # ./configure # make -j2 && make install
4、配置
(1)配置病毒库和更新病毒库
#vim /usr/local/etc/freshclam.conf # Example ---删除或者注释掉 DatabaseDirectory /var/lib/clamav DatabaseOwner clamav ---病毒库相关文件的拥有者 DatabaseMirror db.cn.clamav.net DatabaseMirror database.clamav.net Checks 24 NotifyClamd /usr/local/etc/clamd.conf # mkdir -p /var/lib/clamav # chown clamav:clamav /var/lib/clamav/
# tar xvf clamav-db.tar -C /var/lib/clamav/ ----解压旧版本的病毒库
升级病毒库 # freshclam
(2)配置杀毒软件主配置文件
#vim /usr/local/etc/clamd.conf #Example LogFile /tmp/clamd.log PidFile /var/run/clamd.pid DatabaseDirectory /var/lib/clamav LocalSocket /tmp/clamd.socket User clamav 将启动脚本拷贝到相应目录 # cp /usr/local/sbin/clamd /etc/rc.d/init.d/ # chmod 755 /etc/rc.d/init.d/clamd 启动杀毒软件 # service clamd start # ls /tmp/clamd.socket /tmp/clamd.socket ---如有,就代表启动成功
(3)扫描病毒和删除病毒文件
# clamscan /usr/src/clamav-0.97.6/test/ 仅仅扫描 # clamscan --remove=yes /usr/src/clamav-0.97.6/test/ 删除感染了病毒的文件
5、将杀毒软件与postfix结合
(1)安装插件clamstmp
# tar xvf clamsmtp-1.10.tar.gz -C /usr/src # cd /usr/src/clamsmtp-1.10/ # ./configure && make -j 2 && make install # cp scripts/clamsmtpd.sh /etc/rc.d/init.d/clamstmpd # chmod 755 !$ # cp scripts/virus_action.sh /usr/local/bin/virus_action.sh # chmod 775 /usr/local/bin/virus_action.sh # cp doc/clamsmtpd.conf /usr/local/etc/
(2)编辑插件配置文件
# vim /usr/local/etc/clamsmtpd.conf OutAddress: 10026 ----把杀毒软件过滤后,没有问题的邮件发送本机10026端口 Listen: 0.0.0.0:10025 ClamAddress: /tmp/clamd.socket Header: X-Virus-Scanned: ClamAV using ClamSMTP Action: drop Quarantine: on User: clamav VirusAction: /usr/local/bin/virus_action.sh # vim /usr/local/bin/virus_action.sh file="/tmp/virus.log" dir="/tmp/quarantine/" # mkdir -p /tmp/quarantine/ # chown clamav:clamav /tmp/quarantine/ # /etc/rc.d/init.d/clamstmpd start ---没有返回报错就对了 # lsof -i:10025 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME clamsmtpd 32275 clamav 3u IPv4 98568 0t0 TCP *:10025 (LISTEN)
(3)配置postfix主配置文件
# vim /etc/postfix/master.cf
.......在配置文件最后添加:让postfix监听10026端口.....
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
-o smtp_enforce_tls=no
127.0.0.1:10026 inet n - n - 16 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
# vim /etc/postfix/main.cf
content_filter = scan:[127.0.0.1]:10025 ---增加内容过滤的配置
总结:
mail邮件 ---> 25:Postfix ---> 10025:clamstmpd ---> /tmp/clamd.socket 杀毒软件来扫描 ----> 10026:Postfix
重启postfix,让配置生效
# service postfix restart
(4)测试
(1)发送一封本地普通邮件,然后查看杀毒软件是否已经成功和postfix结合。
#cat /var/mail/root
From abc@ns1.cluster.com Wed Oct 9 07:34:33 2013
Return-Path: <abc@ns1.cluster.com>
X-Original-To: root@cluster.com
Delivered-To: root@cluster.com
Received: from mail.cluster.com (localhost [127.0.0.1])
by mail.cluster.com (Postfix) with ESMTP id 99AC7E61FE
for <root@cluster.com>; Wed, 9 Oct 2013 07:34:33 +0000 (GMT)
Received: from ns1.cluster.com (localhost [127.0.0.1])
by mail.cluster.com (Postfix) with ESMTP id 7B168E61FD
for <root@cluster.com>; Wed, 9 Oct 2013 07:34:33 +0000 (GMT)
From: "abc" <abc@ns1.cluster.com>
To: root@cluster.com
Subject: i am root
Date: Wed, 9 Oct 2013 08:34:33 +0100
Message-Id: <20131009073353.M63430@ns1.cluster.com>
X-Mailer: OpenWebMail 2.53
X-OriginatingIP: 192.168.140.1 (abc)
MIME-Version: 1.0
Content-Type: text/plain;
charset=iso-8859-1
X-Virus-Scanned: ClamAV using ClamSMTP -----这个头信息就是杀毒软件自动在每一封邮件中添加的,如果可以看到此头信息表示杀毒软件邮件和postfix结合成功
hhhhhhhhh
hahahahhahaha
(2)发送一封本地带有病毒的邮件
# mutt -f /var/mail/root --用root身份发发送远程邮件。
带病毒的邮件将会被杀毒软件截取存放到/tmp/quarantine/中
# ls /tmp/quarantine/
virus.1bSmxn -------此文件为病毒文件
可以cat一下此病毒文件
# cat /tmp/quarantine/virus.1bSmxn
Received: by mail.cluster.com (Postfix, from userid 0)
id 71E4EE5B2D; Wed, 9 Oct 2013 06:58:09 +0000 (GMT)
Date: Wed, 9 Oct 2013 06:58:09 +0000
From: root <root@ns1.cluster.com>
To: abc@cluster.com
Subject: hhhh you du
Message-ID: <20131009065809.GA6277@ns1.cluster.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="IS0zKkzwUGydFO0o"
Content-Disposition: inline
User-Agent: Mutt/1.5.20 (2009-12-10)
--IS0zKkzwUGydFO0o
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
dhfsdhflasdjfasldf
asdfhasdlfhsdlf
sadkfhasdlfhas
Content-Type: application/octet-stream
Content-Disposition: p_w_upload; filename="clam.7z" -----带病毒文件clam.7z,下面是病毒代码
Content-Transfer-Encoding: base64
N3q8ryccAAO+RgDk+AAAAAAAAABSAAAAAAAAAGbo8T8AJpaGHffyAWsCdZSPp7576Esp80t8
9288RTOTR2aUNxbIWCe6tJsSudsJfjIg6huLUZxwelrgmROyvJBSP3IkMNeRb2jg2uMPPFRt
T8/tWOjESj58ReY/w248nmGHcmhtJN/5l2TbdpW0awdnh9i0E90t99cXzOD17wxkBpmRC2OS
OIBcjweWvs1+5xghQ27pbjkVvZCLjCY6SsinhghLSeysGaEmhGlK6q489xZaGitz3geNaI/J
eXNz9B6d9Q7VTW5OKcEOWxUe3ix7wD/tF+sSl1E09SsgUOV/TzhIs5kDP+Ku/uMoKDRCXrgG
7vyzdtQsn2lIAAEEBgABCYD4AAcLAQABIwMBAQVdAAABAAyCIAAICgH9PAfvAAAFARETAGMA
bABhAG0ALgBlAHgAZQAAABQKAQAAAy33vhbKARUGAQAggKSBAAA=
--IS0zKkzwUGydFO0o--
--------至此杀毒软件和postfix结合搭建mail服务器完成-------------------
转载于:https://blog.51cto.com/sbwolftotem/1307425
956
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
