(6) [Mail]RHEL4上安裝基於postfix的全功能郵件服務器

 4、測試啓動

#/usr/local/sbin/amavisd

您也可以按如下命令調試啓動
#/usr/local/sbin/amavisd debug


5、修改postfix的配置，讓它能調用amavisd，以實現病毒及垃圾郵件的過濾

#vi /etc/postfix/master.cf
在文末添加如下內容：

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
#
amavisfeed unix    -       -       n       -       2     smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20
#
127.0.0.1:10025 inet n    -       n       -       -     smtpd
    -o content_filter=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o smtpd_restriction_classes=
    -o mynetworks=127.0.0.0/8
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
    -o local_header_rewrite_clients=

說明：注意每行“-o”前的空格；


#vi /etc/postifx/main.cf
在文末添加如下行：
content_filter=amavisfeed:[127.0.0.1]:10024

4、讓postfix重新加載主配置文件，並查看啓動情況

# postfix reload && tail -f /var/log/maillog

5、查看amavisd是否在監聽10024端口，並測試服務啓動情況：

# telnet localhost 10024
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
EHLO localhost
250-[127.0.0.1]
250-VRFY
250-PIPELINING
250-SIZE
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 XFORWARD NAME ADDR PROTO HELO
Quit  
221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
Connection closed by foreign host.

6、postfix重新加載配置文件後將授權並激活"127.0.0.1:10025"端口，一個正常的服務連接應該類同下面所示：

# telnet localhost 10025
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 Welcome to our mail.benet.org ESMTP,Warning: Version not Available
EHLO localhost
250-mail.benet.org
250-PIPELINING
250-SIZE 14336000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
QUIT
221 2.0.0 Bye
Connection closed by foreign host.

7、通過amavisd測試發信

]# telnet localhost 10024
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
HELO localhost
250 [127.0.0.1]
MAIL FROM:<>
250 2.1.0 Sender <> OK
RCPT TO:<postmaster>
250 2.1.5 Recipient <postmaster> OK
DATA
354 End data with <CR><LF>.<CR><LF>
From:Anti-Virus tester
To: MailServer Admin
Subject:amavisd test!
amavisd test!!
.
250 2.0.0 Ok: queued as 263FC1A609
quit
221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
Connection closed by foreign host.

接下來使用root用戶測試收信
# mail
Mail version 8.1 6/6/93.  Type ? for help.
"/var/spool/mail/root": 1 message 1 new
>N  1 Anti-Virus tester     Wed Sep 19 01:19  23/798   "amavisd test!"
& 1
Message 1:
From MAILER-DAEMON  Wed Sep 19 01:19:16 2007
X-Original-To: postmaster
Delivered-To: [email protected]
X-Quarantine-ID: <3gmvpc8RxPtn>
X-Virus-Scanned: amavisd-new at benet.org
X-Amavis-Alert: BAD HEADER, MIME error: error: unexpected end of header
From:Anti-Virus tester
To: MailServer Admin
Subject:amavisd test!
Date: Wed, 19 Sep 2007 01:19:15 +0800 (CST)

amavisd test!!
& 

十八、測試使用反病毒及反垃圾模塊

1、病毒郵件發送測試

登錄extmail，發送帶有病毒附件的郵件(病毒樣本文件後文附有)，查看發送情況:

# tail  -3  /var/log/clamav/clamd.log 

1. Reading databases from /usr/local/clamav/share
2. Database correctly reloaded (148100 signatures)
3. /var/amavis/tmp/amavis-20070918T225935-28502/parts/p002: Trojan.Downloader.Delf-747 FOUN

複製代碼

#tail -15 /var/log/maillog

1. Sep 18 23:36:40 mail postfix/pickup[28925]: 8C1681A609: uid=1001 from=<[email][email protected][/email]>
2. Sep 18 23:36:40 mail postfix/cleanup[29002]: 8C1681A609: message-id=<[email][email protected][/email]>
3. Sep 18 23:36:40 mail postfix/qmgr[28924]: 8C1681A609: from=<[email][email protected][/email]>, size=83658, nrcpt=1 (queue active)
4. Sep 18 23:36:43 mail clamd[28473]: /var/amavis/tmp/amavis-20070918T225935-28502/parts/p002: Trojan.Downloader.Delf-747 FOUND 
5. Sep 18 23:36:44 mail postfix/smtpd[29011]: connect from mail[127.0.0.1]
6. Sep 18 23:36:44 mail postfix/smtpd[29011]: CDF9B1A602: client=mail[127.0.0.1]
7. Sep 18 23:36:44 mail postfix/cleanup[29002]: CDF9B1A602: message-id=<[email][email protected][/email]>
8. Sep 18 23:36:44 mail postfix/smtpd[29011]: disconnect from mail[127.0.0.1]
9. Sep 18 23:36:44 mail postfix/qmgr[28924]: CDF9B1A602: from=<[email][email protected][/email]>, size=2230, nrcpt=1 (queue active)
10. Sep 18 23:36:44 mail amavis[28502]: (28502-05) Blocked INFECTED (Trojan.Downloader.Delf-747), <[email][email protected][/email]> -> <[email][email protected][/email]>, quarantine: virus-7mnx1DHavOWC, Message-ID: <[email][email protected][/email]>, mail_id: 7mnx1DHavOWC, Hits: -, size: 83658, 4203 ms
11. Sep 18 23:36:45 mail postfix/smtp[29006]: 8C1681A609: to=<[email][email protected][/email]>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.7, delays=0.42/0.05/0.12/4.1, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=28502-05 - VIRUS: Trojan.Downloader.Delf-747)
12. Sep 18 23:36:45 mail postfix/qmgr[28924]: 8C1681A609: removed
13. Sep 18 23:36:45 mail postfix/local[29014]: CDF9B1A602: to=<[email][email protected][/email]>, orig_to=<[email][email protected][/email]>, relay=local, delay=0.28, delays=0.12/0.09/0/0.07, dsn=2.0.0, status=sent (delivered to mailbox)
14. Sep 18 23:36:45 mail postfix/qmgr[28924]: CDF9B1A602: removed

複製代碼

說明：此附件中帶有特洛伊病毒，請不要作爲危害別人之用，而對於您的操作不慎而給您帶來的後果，作者不負任何責任；病毒樣本如下：
 soe.rar (58.95 KB) 

2、垃圾郵件測試

登錄extmail，新建一封郵件，拷貝以下內容作爲郵件正文，並查看發送情況:

This is the GTUBE, the
        Generic
        Test for
        Unsolicited
        Bulk
        Email

If your spam filter supports it, the GTUBE provides a test by which you
can verify that the filter is installed correctly and is detecting incoming
spam. You can send yourself a test mail containing the following string of
characters (in upper case and with no white spaces and line breaks):

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

查看發送結果：
#tail -15 /var/log/maillog

1. Sep 19 00:04:07 mail spamd[29060]: logger: removing stderr method 
2. Sep 19 00:04:11 mail spamd[29062]: rules: meta test FM_DDDD_TIMES_2 has dependency 'FH_HOST_EQ_D_D_D_D' with a zero score 
3. Sep 19 00:04:11 mail spamd[29062]: rules: meta test FM_SEX_HOSTDDDD has dependency 'FH_HOST_EQ_D_D_D_D' with a zero score 
4. Sep 19 00:04:11 mail spamd[29062]: rules: meta test HS_PHARMA_1 has dependency 'HS_SUBJ_ONLINE_PHARMACEUTICAL' with a zero score 
5. Sep 19 00:04:11 mail spamd[29062]: spamd: server started on port 783/tcp (running version 3.2.3) 
6. Sep 19 00:04:12 mail spamd[29062]: spamd: server pid: 29062 
7. Sep 19 00:04:12 mail spamd[29062]: spamd: server successfully spawned child process, pid 29064 
8. Sep 19 00:04:12 mail spamd[29062]: spamd: server successfully spawned child process, pid 29065 
9. Sep 19 00:04:12 mail spamd[29062]: prefork: child states: II 
10. Sep 19 00:06:44 mail postfix/pickup[28925]: E37651A60E: uid=1001 from=<[email][email protected][/email]>
11. Sep 19 00:06:44 mail postfix/cleanup[29073]: E37651A60E: message-id=<[email][email protected][/email]>
12. Sep 19 00:06:45 mail postfix/qmgr[28924]: E37651A60E: from=<[email][email protected][/email]>, size=1041, nrcpt=1 (queue active)
13. Sep 19 00:07:01 mail amavis[28502]: (28502-06) Blocked SPAM, <[email][email protected][/email]> -> <[email][email protected][/email]>, quarantine: spam-7ui+Zpn7-M00.gz, Message-ID: <[email][email protected][/email]>, mail_id: 7ui+Zpn7-M00, Hits: 1004.576, size: 1040, 12805 ms
14. Sep 19 00:07:01 mail postfix/smtp[29079]: E37651A60E: to=<[email][email protected][/email]>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=1.8/1.5/4.9/9.9, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=28502-06, DISCARD(bounce.suppressed))
15. Sep 19 00:07:01 mail postfix/qmgr[28924]: E37651A60E: removed

複製代碼