教你搭建反垃圾邮件系统

一、
邮件系统的安装1、软件包安装Postfix+Courier-IMAP+Cyrus-SASL+PAM_MySQL+MySQL这种安装方式简单易行，在Debian下的安装更加方便：# apt-get install courier-pop postfix-mysql postfix-tls courier-authdaemon\courier-authmysql libpam-mysql libsasl7 libsasl-modules-plain courier-imap如果你的系统本身没有mysql，
那么在上面的列表里还要加上mysql-server。apt在安装过程中会有简单的提示，要求填上系统的域名等信息。2、postfix的配置修改main.cf：添加：home_mailbox = Maildir/告诉postfix使用Maildir方式mydestination = $myhostname, $transport_maps告诉postfix发送$myhostname(本机)和$transport_maps(transport表里的域名)的邮件。alias_maps = mysql:/etc/postfix/mysql-aliases.cfrelocated_maps = mysql:/etc/postfix/mysql-relocated.cftransport_maps = mysql:/etc/postfix/mysql-transport.cfvirtual_maps = mysql:/etc/postfix/mysql-virtual.cf告诉postfix从
哪里找这些表。local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.bynamepostfix传递给本地收件人的几种方法。virtual_mailbox_base = /home/vmailvirtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cfvirtual_uid_maps = mysql:/etc/postfix/mysql-virtual-uid.cfvirtual_gid_maps = mysql:/etc/postfix/mysql-virtual-gid.cf虚拟用户的信息。broken_sasl_auth_clients = yessmtpd_sasl_auth_enable = yessmtpd_sasl_security_options = noanonymous启用sasl，必须验证才能发信。smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unknown_recipient_domain,reject_non_fqdn_recipient,check_relay_domains发信限制。还可以加上一些其他的参数：disable_vrfy_command = yes将vrfy功能关掉。3、与MySQL结合的配置及数据表结构注意：配置mysql相关部分要写127.0.0.1而不要写localhost，如果使用localhost，postfix会尝试socket连接。debian的postfix使用socket连接好像有问题。mysql不能使用skip-networking选项，要使用--bind-address=127.0.0.1让它监听在127.0.0.1。(非常
感谢Martin List-Petersen指点)还有要注意的是如果是自己编译的mysql，建议在启动的时候加上--socket=/var/run/mysqld/mysqld.sock参数，因为pam-mysql又需要使用这个socket。如果你的apache+php是自己编译的话，php又需要重新编译，配置的时候需要加上--with-mysql-sock=/var/run/mysqld/mysqld.sock参数。是不是比较烦?这
不过是个开始。MySQL的数据表：CREATE TABLE alias (id int(11) unsigned NOT NULL auto_increment,alias varchar(128) NOT NULL default '',destination varchar(128) NOT NULL default '',PRIMARY KEY (id)) TYPE=MyISAM;CREATE TABLE relocated (id int(11) unsigned NOT NULL auto_increment,email varchar(128) NOT NULL default '',destination varchar(128) NOT NULL default '',PRIMARY KEY (id)) TYPE=MyISAM;CREATE TABLE transport (id int(11) unsigned NOT NULL auto_increment,domain varchar(128) NOT NULL default '',destination varchar(128) NOT NULL default '',PRIMARY KEY (id),UNIQUE KEY domain (domain)) TYPE=MyISAM;CREATE TABLE users (id int(11) unsigned NOT NULL auto_increment,email varchar(128) NOT NULL default '',clear varchar(128) NOT NULL default '',name tinytext NOT NULL,uid int(11) unsigned NOT NULL default '1011',gid int(11) unsigned NOT NULL default '1011',homedir tinytext NOT NULL,maildir tinytext NOT NULL,quota tinytext NOT NULL,postfix enum('Y','N') NOT NULL default 'Y',PRIMARY KEY (id),UNIQUE KEY email (email)) TYPE=MyISAM;CREATE TABLE virtual (id int(11) unsigned NOT NULL auto_increment,email varchar(128) NOT NULL default '',destination varchar(128) NOT NULL default '',PRIMARY KEY (id)) TYPE=MyISAM;/etc/postfix目录下各mysql配置文件：mysql-aliases.cfuser = mysql-postfix-userpassword = mysql-postfix-passdbname = postfixtable = aliasselect_field = destinationwhere_field = aliashosts = 127.0.0.1mysql-relocated.cfuser = mysql-postfix-userpassword = mysql-postfix-passdbname = postfixtable = relocatedselect_field = destinationwhere_field = emailhosts = 127.0.0.1mysql-transport.cfuser = mysql-postfix-userpassword = mysql-postfix-passdbname = postfixtable = transportselect_field = destinationwhere_field = domainhosts = 127.0.0.1　TLS支持通过修改/usr/lib/ssl/misc/CA.pll脚本实现，以下修改后CA1.pl和未修改CA.pl之间的对比：*** CA.pl--- CA1.pl****************** 59,69 ****} elsif (/^-newcert$/) {# create a certificate! system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");$RET=$?;print "Certificate (and private key) is in newreq.pem\n"} elsif (/^-newreq$/) {# create a certificate request! system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");$RET=$?;print "Request (and private key) is in newreq.pem\n";} elsif (/^-newca$/) {--- 59,69 ----} elsif (/^-newcert$/) {# create a certificate! system ("$REQ -new -x509 -nodes -keyout newreq.pem -out newreq.pem $DAYS");$RET=$?;print "Certificate (and private key) is in newreq.pem\n"} elsif (/^-newreq$/) {# create a certificate request! system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");$RET=$?;print "Request (and private key) is in newreq.pem\n";} elsif (/^-newca$/) {现在就可以使用修改的CA1.pl来签发证书：# cd /usr/local/ssl/misc# ./CA1.pl -newca# ./CA1.pl -newreq# ./CA1.pl -sign# cp demoCA/cacert.pem /etc/postfix/CAcert.pem# cp newcert.pem /etc/postfix/cert.pem# cp newreq.pem /etc/postfix/key.pem修改main.cf，添加：smtpd_tls_cert_file = /etc/postfix/cert.pemsmtpd_tls_key_file = /etc/postfix/privkey.pemsmtpd_use_tls = yestls_random_source = dev:/dev/urandomtls_daemon_random_source = dev:/dev/urandom重起postfix后就可以看到
250-STARTTLS很多邮件客户端对TLS的支持并不是非常好，建议使用stunnel来实现相应的smtp和pop3加密。# apt-get install stunnel证书：# openssl req -new -x509 -days 365 -nodes -config /etc/ssl/openssl.cnf -out stunnel.pem -keyout stunnel.pem# openssl gendh 512 >> stunnel.pem服务端：# stunnel -d 60025 -r 25 -s nobody -g nogroup# stunnel -d 60110 -r 110 -s nobody -g nogroup如果使用-n pop3等参数就只能用邮件客户端收信。客户端：建一个stunnel.conf文件：client = yes[pop3]accept = 127.0.0.1:110connect = 192.168.7.144:60110[smtp]accept = 127.0.0.1:25connect = 192.168.7.144:60025
然后启动stunnel.exe，在邮件客户
端的smtp和pop3的服务器都填127.0.0.1就可以了，这样从你到邮件服务器端的
数据传输就让stunnel给你加密了。4、测试用户# mkdir -p /home/vmail/test.org/san/# chown -R nobody.nogroup /home/vmail# chmod -R 700 /home/vmailmysql> use postfixmysql> insert into transport set domain='test.org', destination='virtual:';mysql> insert into users set email='san@test.org',clear='test',name='',uid='65534',gid='65534',homedir='home/vmail',maildir='test.org/san/';然后就可以使用客户端收发邮件，记得用户名是email地址。mysql-virtual.cfuser = mysql-postfix-userpassword = mysql-postfix-passdbname = postfixtable = virtualselect_field = destinationwhere_field = emailhosts = 127.0.0.1mysql-virtual-maps.cfuser = mysql-postfix-userpassword = mysql-postfix-passdbname = postfixtable = usersselect_field = maildirwhere_field = emailadditional_conditions = and postfix = 'y'hosts = 127.0.0.1mysql-virtual-uid.cfuser = mysql-postfix-userpassword = mysql-postfix-passdbname = postfixtable = usersselect_field = uidwhere_field = emailadditional_conditions = and postfix = 'y'hosts = 127.0.0.1mysql-virtual-gid.cfuser = mysql-postfix-userpassword = mysql-postfix-passdbname = postfixtable = usersselect_field = gidwhere_field = emailadditional_conditions = and postfix = 'y'hosts = 127.0.0.1修改Courier相关设置，/etc/courier/imapd:AUTHMODULES="authdaemon"IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECTTHREAD=REFERENCES SORT AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE"修改/etc/courier/pop3dAUTHMODULES="authdaemon"POP3AUTH="LOGIN CRAM-MD5 CRAM-SHA1"修改/etc/courier/authdaemonrcauthmodulelist="authmysql authpam"使用mysql验证和pam验证。修改/etc/courier/authmysqlrcMYSQL_SERVER 127.0.0.1MYSQL_USERNAME mysql-postfix-userMYSQL_PASSWORD mysql-postfix-pass#MYSQL_SOCKET /var/run/mysql/mysql.sockMYSQL_PORT 0MYSQL_OPT 0MYSQL_DATABASE postfixMYSQL_USER_TABLE usersMYSQL_LOGIN_FIELD emailMYSQL_CLEAR_PWFIELD clearMYSQL_UID_FIELD uidMYSQL_GID_FIELD gidMYSQL_HOME_FIELD homedirMYSQL_MAILDIR_FIELD maildirSASL library创建/etc/postfix/sasl/smtpd.conf：pwcheck_method: PAMPAM-MySQL创建/etc/pam.d/smtp：auth optional pam_mysql.so host=localhost db=postfix user=mysql-postfix-user passwd=mysql-postfix-pass table=usersusercolumn=email passwdcolumn=clear crypt=naccount required pam_mysql.so host=localhost db=postfix user=mysql-postfix-user passwd=mysql-postfix-pass usercolumn=email passwdcolumn=clear crypt=n责任编辑赵毅 zhaoyi#51cto.com TEL:（010）68476636-8001 给力(0票)动心(0票)废话(0票)专业(0票)标题党(0票)路过(0票) 原文：教你搭建
反垃圾邮件系统返回栏目回收站首页

时间： 2024-11-05 19:00:43

教你搭建反垃圾邮件系统

教你搭建反垃圾邮件系统的相关文章

rspamd 0.4.7发布反垃圾邮件系统

rspamd 0.5.0发布反垃圾邮件系统

rspamd 0.4.4发布反垃圾邮件系统

rspamd 0.4.2发布　反垃圾邮件系统

rspamd 0.4.1发布　反垃圾邮件系统

rspamd 0.4.6发布反垃圾邮件系统

云计算平台下一种新型反垃圾邮件系统的研究

梭子鱼助力中科科仪成功实施反垃圾邮件系统

构建反病毒反垃圾邮件系统(一)