发信人: _slgx()
整理人: sungang(2003-05-11 23:20:13), 站内信件
|
(注意:本文发自[email protected](gogo),原文转载时就无作者及其email,如果发信人就是作者例外。)
本文並非 GPL
非營利轉載請保留作者不需另行通知
營利單位使用請email通知本人
所有需要的 package 皆在 ports 裡面 (相依部分不列出)
qmail MTA
vpopmail manage virtual domains and virtual accounts on a qmail mail server
courier-imap pop3 imapd
ucspi-tcp UNIX Client-Server Program Interface
amavisd-new amavisd-new is a performance-enhanced daemonized version of amavis-perl
Mail::SpamAssassin SpamAssassin is a mail filter
uvscan VirusScan
示意圖
(trans all mail to amavisd)
internet--<=>--- MTA-outside-------
192.168.100.254:25 |
jail 環境下做出來的 |
|
|
|--------amavisd-------<=--|
| 192.168.100.254:10024
|
|-=> (delivery mail to user's mail box)
MTA-inside with virtualdomain
localhost:10025
/\
/ \
pop3 imap
install
cd /usr/ports/vpopmail;make install ;
cd /usr/ports/mail/qmail;make enable-qmail;
cd /usr/ports/mail/courier-imap;make WITH_VPOPMAI=yes install
檢查 /etc/mail/mailer.conf 是否更改為 qmail
將會裝好 qmail vpopmail ucspi-tcp
config qmail (for MTA-inside)
1 vi /var/qmail/control/rcpthosts
填你要收信的 Domain
2 vi /var/qmail/control/smtproutes
填你ISP所提供的 relay smtp
注意 所填的 domain 前加冒號 ":"
3 vi /var/qmail/control/me
填你自己的 host
4 vi /var/qmail/control/defaultdomain
填你自己的 domain
5 /var/qmail/alias/ 有三個檔案 .qmail-mailer-daemon .qmail-postmaster \
.qmail-root
每日系統會寄出 diary report 到 root 轉到你的 virtualdomain 上的 user
這三個檔內容都是 userid@@your.virtualdomain
6 cp /var/qmail/boot/proc+df /var/qmail/rc
7 vi /var/qmail/relay.smtp 內容 只放一行 127.:allow,RELAYCLIENT=""
exec tcprules relay.smtp.cdb tmp < relay.smtp
8 vi /usr/local/etc/rc.d/smtp-inside.sh
內容為 /usr/local/bin/tcpserver -x /var/qmail/tcp.smtp.cdb -u 82 \
-g 81 127.0.0.1 10025 /var/qmail/bin/qmail-smtpd &
config vpopmail
1 /usr/local/vpopmail/bin/vadduser [email protected]
config courier-imap
不需特別的設定 將 courier-imap-imapd.sh.sample courier-imap-pop3d.sh.sample
改為 courier-imap-imapd.sh courier-imap-pop3d.sh
建立 jail 環境. 給 MTA-outside 使用
假設 jail 的根目錄為 /var/qmail-outside
mkdir /var/qmail-outside
cd /var/qmail-outside
cp -R /var/qmail .
mkdir bin
cp -R /bin/sh bin
mkdir etc
cp -R /etc/passwd etc
cp -R /etc/group etc
cp -R /etc/resolv.conf etc
mkdir usr
mkdir usr/bin
mkdir usr/libexec
mkdir usr/local
mkdir usr/localbin
cp -R /usr/bin/env usr/bin
cp -R /usr/lib/libc.* usr/lib
cp -R /usr/libexec/ld-elf.so* usr/libexec
cp -R /usr/local/bin/tcp* usr/local/bin
cd /var/qmail-outside/var/qmail/control
rm -rf virtualdomains
/var/qmail-outside/var/qmail/control/smtproutes
內容為 :127.0.0.1:10024 (注意含冒號)
vi /var/qmail-outside/var/qmail/relay.smtp/var/qmail-outside/var/qmail
修改為
127.:allow,RELAYCLIENT=""
192.168.100.:allow,RELAYCLIENT=""
exec tcprules relay.smtp.cdb tmp < relay.smtp
vi /var/qmail-outside/var/qmail/rc
修改為
----- start rc
#!/bin/sh
# Using splogger to send the log through syslog.
# Using procmail to deliver messages to /var/spool/mail/$USER by default.
case "$1" in
start)
exec env - PATH="/var/qmail/bin:$PATH" \
qmail-start '|preline procmail' splogger qmail&
exec /usr/local/bin/tcpserver -x /var/qmail/tcp.smtp.cdb -u 82 \
-g 81 0 25 /var/qmail/bin/qmail-smtpd &
exit 0
;;
stop)
exec killall qmail-send
;;
*)
echo "Usage: `basename $0` {start|stop}" >&2
exit 64
;;
esac
------- end rc
vi /usr/local/etc/rc.d/qmail-outside.sh
--start
jail /var/qmail-outside your.domain 192.168.100.254 /var/qmail/rc start
--end
cd /usr/ports/mail/p5-Mail-SpamAssassin;make install
cd /usr/ports/security/amavisd-new;make install
cd /usr/ports/security/vscan;make install
config amavisd
vi /usr/local/etc/amavisd.conf
$mydomain <== 改為你的 domain
以下兩行 unmark
$forward_method = 'smtp:127.0.0.1:10025'; # where to forward checked mail
$notify_method = $forward_method; # where to submit notifications
修改
$mailfrom_notify_spamadmin = "spamalert\@$mydomain";
unmark
$sa_spam_subject_tag = '***SPAM*** '; # (defaults to undef, disables)
@av_scanners 裡面只留以下那一段, 其餘全部都 mark 掉
### http://www.nai.com/
['NAI McAfee AntiVirus (uvscan)', 'uvscan',
'--secure -rv --summary --noboot {}', [0], [13],
qr/(?x) Found (?:
\ the\ (.+)\ (?:virus|trojan) |.spamassassin/
\ (?:virus|trojan)\ or\ variant\ ([^ ]+) |
:\ (.+)\ NOT\ a\ virus)/ ],
exec /usr/local/sbin/update_dat <=== 更新病毒碼
config Mail::SpamAssassin
cd ~vscan
mkdir .spamassassin/
cd .spamassassin/
vi user_prefs
內容為
--start
required_hits 5
rewrite_subject 1
use_razor1 0
use_razor2 1
ok_languages en zh
ok_locales en zh
score CASHCASHCASH 3.0
score CLICK_BELOW 1.5
score FORGED_MUA_OUTLOOK 3.6
score HEADER_8BITS 0.9
score INVALID_DATE 1.4
score MIME_LONG_LINE_QP 1.0
score MISSING_MIMEOLE 1.9
score NONEXISTENT_CHARSET 3.5
score NORMAL_HTTP_TO_IP 1.2
score NO_REAL_NAME 1.2
score OPT_IN 1.2
score RCVD_IN_RFCI 0.9
score SUBJ_FULL_OF_8BITS 0.9
# local
header FOXMAIL X-Mailer =~ /FoxMail/
describe FOXMAIL Foxmail with X-Mailer
score FOXMAIL 3.5
body H8H_COM /http:\/\/x-mail.h8h.com.tw/
describe H8H_COM Spammers from http://x-mail.h8h.com.tw
score H8H_COM 3.5
body SPAM_ZH /廣告/
describe SPAM_ZH Contain AD
score SPAM_ZH 0.5
--end
此檔案可以參考 Mail::SpamAssassin 的說明自行增減
完工測試
exec /usr/local/etc/rc.d/qmail.sh start
exec /usr/local/etc/rc.d/smtp-inside.sh
exec /usr/local/etc/rc.d/amavisd.sh start
exec /usr/local/etc/rc.d/qmail-outside.sh
exec /usr/local/etc/rc.d/courier-imap-imapd.sh start
exec /usr/local/etc/rc.d/courier-imap-pop3d.sh start
檢查 /var/log/maillog
注意事項
本例主機ip是以 192.168.100.254
SpamAssassin 的設定 只要使用 MTA-outside 為 mail relay 都有效.
user 沒有自訂 filter
與外界溝通 將 對外 ip 的 25 port 導到 192.168.100.254 的 port 25
若有未盡完善的地方請補充 |
|