Saturday, January 23, 2010

Ubuntu 上的 email server 與 antivirus

這篇是從別處參考過來,對於小型企業,幫助比較大,又省成本,所以貼在此處

在 Ubuntu 910 安裝 Postfix (as gateway) + MailScanner + ClamAV + Spamassassin

環境

OS: Ubuntu 910

Mail Gateway: Postfix + MailScanner + ClamAV + Spamassassin

Internal Mail Server: Exchange Server, 內部 IP 為: 192.168.1.1

postfix 2.6.5

MailScanner 4.74

Spamassassin 3.2.5

ClamAV 0.95.3



Primary MX: domain.com IN MX mail.domain.com. (MX 記錄指向 Mail Gateway)

安裝好Ubuntu 9.10,測試網路正常後進行安裝。

開啟一個終端機命令視窗。(以下粗體的部分是輸入指令)

先更新套件庫

sudo apt-get update

安裝 Postfix, Procmail並將 Postfix 設定成 Mail Gateway

sudo apt-get install postfix procmail

安裝postfix的時候會問你用途,選internet那一個選項,會幫你把相關設定做好。

安裝完postfix之後先將postfix 服務停止。

sudo /etc/init.d/postfix stop

編輯postfix設定檔

sudo gedit /etc/postfix/main.cf

-----設定檔內容---------------------------------------

smtpd_banner = $myhostname ESMTP $mail_name

biff = no

append_dot_mydomain = no

# TLS parameters

smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem

smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key

smtpd_use_tls = yes

smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache

smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

myhostname = smtp.domain.com

mydomain = domain.com

myorigin = $mydomain

mydestination = $mydomain, localhost.$mydomain, localhost,

local_recipient_maps =(空白)

networks_style = host

relay_domain = domain.com

mailbox_command = procmail -a "$EXTENSION"

transport_maps = hash:/etc/postfix/transport

append_at_myorigin = no

header_checks = regexp:/etc/postfix/header_checks

message_size_limit = 25240000

bounce_size_limit = 100000

smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination

mynetworks = 172.16.101.0/25

default_process_limit = 30

daemon_timeout = 1800s

-----------------------------------------------------------------------

sudo gedit /etc/postfix/transport

----設定檔內容-----------------------------------------------------

Icon7inc.com smtp:[192.168.1.1]

----------------------------------------------------------------------

sudo postmap /etc/postfix/transport

sudo /etc/init.d/postfix start

修改 NAT 配置, 將 tcp 25 指向 postfix_host:25。

從外部寄郵件到 someone@domain.com, 觀察 postfix 是否能 forward 給真正的 mail server (192.168.1.1)。

telnet 到 mail gateway 進行測試

安裝 MailScanner, ClamAV、Spamassassin,在這邊以往要安裝三個套件,現在只要安裝MailScanner就會自動安裝ClamAV及Spamassassin.

sudo apt-get install mailscanner à下完這個命令要檢查是否有安裝ClamAV及Spamassassin

如果沒有命令要這樣下

sudo apt-get install mailscanner clamav spamassassin

ClamAV 不需要設定就會正常工作。

設定MailScanner,這個設定檔很大,要修改的項目如下

sudo gedit /etc/MailScanner/MailScanner.conf

-----設定檔內容--------------------------------------------------------------------------

Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix

Virus Scanning = yes
Virus Scanners = clamav
Use SpamAssassin = yes
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin

Sign Clean Message = no (不要在每一封有掃過的信件加註 “This message has been scanned…”)

----------------------------------------------------------------------------------------------

新增一個目錄spamassassin在 /var/spool/MailScanner/之下

sudo mkdir /var/spool/MailScanner/spamassassin

新增一個目錄smtp_sccache在 /var/spool/postfix/之下

sudo mkdir /var/spool/postfix/smtp_sccache

把上面兩個新增的目錄設定成postfix這個user可以存取

sudo chown postfix:postfix /var/spool/MailScanner/*

sudo chown postfix:postfix /var/spool/ postfix/smtp_sccache

在/etc/postfix/ 下新增一個檔案 header_checks

sudo gedit /etc/postfix/header_checks

---------設定檔內容-------------------------------------------------------

/^Received:/ HOLD

--------------------------------------------------------------------------------

打開/etc/default/mailscanner修改內容

sudo gedit /etc/default/mailscanner

---------設定檔內容-------------------------------------------------------

run_mailscanner=1 (=0要改成=1)

--------------------------------------------------------------------------------

打開/etc/default/spamassassin修改內容

sudo gedit /etc/default/pamassassin

---------設定檔內容-------------------------------------------------------

ENABLED=1 (=0要改成=1)

--------------------------------------------------------------------------------

上面兩個設定一定要做,要不然MailScanner 和 Spamassassin會無法啟動

檢查/var/spool/postfix/etc下是否有service這個檔案,如果沒有複製一個過來。

sudo cp /etc/service /var/spool/postfix/etc

將service 啟動

sudo /etc/init.d/clamav-deamon start

sudo /etc/init.d/clamav-freshclam start

sudo /etc/init.d/spamassassin start

sudo /etc/init.d/mailscanner start

sudo postmap /etc/postfix/transport

sudo /etc/init.d/postfix start

修改 NAT 配置, 將 tcp 25 指向 postfix_host:25。

從外部寄郵件到 someone@domain.com, 觀察 postfix 是否能 forward 給真正的 mail server (192.168.1.1)。

telnet 到 mail gateway 進行測試