問題描述:
當我第一次編譯好postfix的時候,添加進去了sasl和tls
第一次配置:測試postfix是支持sasl和tls的
[root@node01 ~]# vim /etc/sasl2/smtpd.conf pwcheck_method: auxprop auxprop_plugin:sql mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM sql_engine: mysql sql_hostnames:localhost sql_user: extmail sql_passwd: extmail sql_database: extmail sql_select: SELECT password FROM mailbox WHERE username = '%u@%r'
[root@node01 ~]# vim /etc/postfix/main.cf readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:800 virtual_mailbox_base = /home/vmail virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_uid_maps = static:800 smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_cache #smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,permit tls clientcerts,reject unauth destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = smtpd smtpd_sasl_type = cyrus smtpd_tls_CApath = /etc/pki/tls/certs smtpd_tls_received_header = yes smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth destination smtpd_tls_auth_only = yes
[root@node1 sasl2]# telnet localhost 25 Trying ::1... Connected to localhost. Escape character is '^]'. ehlo localhost 220 node1.mah.com ESMTP Postfix 250-node1.mah.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH LOGIN CRAM-MD5 DIGEST-MD5 PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
第二次:於是我繼續安裝了MailScanner:結果沒有了
250-AUTH LOGIN CRAM-MD5 DIGEST-MD5 PLAIN
[root@node01 ~]# telnet localhost smtp Trying ::1... Connected to localhost. Escape character is '^]'. 220 node01.mah.com ESMTP Postfix ehlo localhost 250-node01.mah.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
第二次配置時:
[root@node01 ~]# vim /etc/sasl2/smtpd.conf pwcheck_method: auxprop auxprop_plugin:sql mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM sql_engine: mysql sql_hostnames: localhost sql_user: extmail sql_passwd: extmail sql_database: extmail sql_select: SELECT password FROM mailbox WHERE username = '%u@%r'
[root@node01 ~]# vim /etc/postfix/main.cf html_directory = no # manpage_directory: The location of the Postfix on-line manual pages. # manpage_directory = /usr/share/man # sample_directory: The location of the Postfix sample configuration files. # This parameter is obsolete as of Postfix 2.1. # sample_directory = /usr/share/doc/postfix-2.6.6/samples # readme_directory: The location of the Postfix README files. # readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:800 virtual_mailbox_base = /home/vmail virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_uid_maps = static:800 smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_cache #smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,permit tls clientcerts,reject unauth destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = smtpd smtpd_sasl_type = cyrus smtpd_tls_CApath = /etc/pki/tls/certs smtpd_tls_received_header = yes smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth destination smtpd_tls_auth_only = yes
這是我安裝MailScanner +clamav+spammasassin時候的主要操作:
yum install spamassassin sa-compile -D freshclam /etc/init.d/clamd start [root@node1 MailScanner]# pwd /etc/MailScanner [root@node1 MailScanner]# ls archives.filename.rules.conf country.domains.conf MailScanner.conf phishing.safe.sites.conf spam.assassin.prefs.conf archives.filetype.rules.conf filename.rules.conf mcp reports spam.lists.conf conf.d filetype.rules.conf phishing.bad.sites.conf rules virus.scanners.conf [root@node1 MailScanner]# vim MailScanner.conf Run As User = postfix #將MailScanner運行程序的用戶身份設置成postfix Run As Group = postfix #將MailScanner運行程序的用戶組身份設置成postfix MTA = postfix #Virus Scanners = auto Virus Scanners = clamd #使用clamd作爲掃描程序 #Clamd Socket = /tmp/clamd.socket Clamd Socket = /var/run/clamav/clamd.sock Incoming Work User = clamav Incoming Work Group = clamav #Incoming Work Permissions = 0600 #修改此行 Incoming Work Permissions = 0640 #Spam Actions = deliver header "X-Spam-Status: Yes" #將此行註釋並添加,也許不應該將這行註釋,對於6分以上10分一下的垃圾郵件依然投遞,只是會在這個郵件header中添加一個垃圾的標記,這樣發給收件人,由收件人判斷是不是垃圾郵件 #如果判斷是垃圾,動作:delete Spam Actions = delete #High Scoring Spam Actions = store #修改此行如下面 #如果判斷是高分的垃圾,動作:delete High Scoring Spam Actions = delete #設置待過濾處理的郵件隊列目錄,MailScanner負責過濾所有的郵件,當MailScanner接收到一個郵件的時候,首先,將郵件放入等待過濾目錄中; #Incoming Queue Dir = /var/spool/mqueue.in Incoming Queue Dir = /var/spool/postfix/hold #設置過濾處理後的郵件隊列目錄; #MailScanner過濾後,將得分不高的,被認爲不是垃圾郵件的郵件,放入incoming隊列中,等待寄送,當系統資源空閒的時候,將郵件從incomming隊列放入active隊列中,active將郵件寄送,寄送失敗的話,就將郵件從active隊列中寄送到defferred隊列中,如果,等待了很久很久(具體我已經不清楚查資料)後,郵件仍無法寄出,那麼就將郵件放入bounce隊列中,等待返回給發送者; #Outgoing Queue Dir = /var/spool/mqueue #修改 Outgoing Queue Dir = /var/spool/postfix/incoming
[root@node1 ~]# telnet localhost smtp Trying ::1... Connected to localhost. Escape character is '^]'. 220 node1.mah.com ESMTP Postfix ehlo localhost 250-node1.mah.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from:<bill> 250 2.1.0 Ok rcpt to:<muahao> 250 2.1.5 Ok data 354 End data with <CR><LF>.<CR><LF> Today is fun! . 250 2.0.0 Ok: queued as DD8BB42DFD ^] telnet> q Connection closed.
[root@node1 log]# tail -40 /var/log/maillog Apr 2 15:20:40 node1 postfix/smtpd[26273]: connect from localhost[::1] Apr 2 15:21:13 node1 postfix/smtpd[26273]: DD8BB42DFD: client=localhost[::1] Apr 2 15:21:33 node1 postfix/cleanup[26280]: DD8BB42DFD: hold: header Received: from localhost (localhost [IPv6:::1])??by node1.mah.com (Postfix) with ESMTP id DD8BB42DFD??for <muahao>; Thu, 2 Apr 2015 15:21:02 +0800 (CST) from localhost[::1]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<localhost> Apr 2 15:21:33 node1 postfix/cleanup[26280]: DD8BB42DFD: message-id=<[email protected]> Apr 2 15:21:37 node1 postfix/smtpd[26273]: disconnect from localhost[::1]