這篇是從別處參考過來,對於小型企業,幫助比較大,又省成本,所以貼在此處
在 Ubuntu 910 安裝 Postfix (as gateway) + MailScanner + ClamAV + Spamassassin
環境
OS: Ubuntu 910
Mail Gateway: Postfix + MailScanner + ClamAV + Spamassassin
Internal Mail Server: Exchange Server, 內部 IP 為: 192.168.1.1
postfix 2.6.5
MailScanner 4.74
Spamassassin 3.2.5
ClamAV 0.95.3
Primary MX: domain.com IN MX mail.domain.com. (MX 記錄指向 Mail Gateway)
安裝好Ubuntu 9.10,測試網路正常後進行安裝。
開啟一個終端機命令視窗。(以下粗體的部分是輸入指令)
先更新套件庫
sudo apt-get update
安裝 Postfix, Procmail並將 Postfix 設定成 Mail Gateway
sudo apt-get install postfix procmail
安裝postfix的時候會問你用途,選internet那一個選項,會幫你把相關設定做好。
安裝完postfix之後先將postfix 服務停止。
sudo /etc/init.d/postfix stop
編輯postfix設定檔
sudo gedit /etc/postfix/main.cf
-----設定檔內容---------------------------------------
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
myhostname = smtp.domain.com
mydomain = domain.com
myorigin = $mydomain
mydestination = $mydomain, localhost.$mydomain, localhost,
local_recipient_maps =(空白)
networks_style = host
relay_domain = domain.com
mailbox_command = procmail -a "$EXTENSION"
transport_maps = hash:/etc/postfix/transport
append_at_myorigin = no
header_checks = regexp:/etc/postfix/header_checks
message_size_limit = 25240000
bounce_size_limit = 100000
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination
mynetworks = 172.16.101.0/25
default_process_limit = 30
daemon_timeout = 1800s
-----------------------------------------------------------------------
sudo gedit /etc/postfix/transport
----設定檔內容-----------------------------------------------------
Icon7inc.com smtp:[192.168.1.1]
----------------------------------------------------------------------
sudo postmap /etc/postfix/transport
sudo /etc/init.d/postfix start
修改 NAT 配置, 將 tcp 25 指向 postfix_host:25。
從外部寄郵件到 someone@domain.com, 觀察 postfix 是否能 forward 給真正的 mail server (192.168.1.1)。
telnet 到 mail gateway 進行測試
安裝 MailScanner, ClamAV、Spamassassin,在這邊以往要安裝三個套件,現在只要安裝MailScanner就會自動安裝ClamAV及Spamassassin.
sudo apt-get install mailscanner à下完這個命令要檢查是否有安裝ClamAV及Spamassassin
如果沒有命令要這樣下
sudo apt-get install mailscanner clamav spamassassin
ClamAV 不需要設定就會正常工作。
設定MailScanner,這個設定檔很大,要修改的項目如下
sudo gedit /etc/MailScanner/MailScanner.conf
-----設定檔內容--------------------------------------------------------------------------
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Virus Scanning = yes
Virus Scanners = clamav
Use SpamAssassin = yes
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
Sign Clean Message = no (不要在每一封有掃過的信件加註 “This message has been scanned…”)
----------------------------------------------------------------------------------------------
新增一個目錄spamassassin在 /var/spool/MailScanner/之下
sudo mkdir /var/spool/MailScanner/spamassassin
新增一個目錄smtp_sccache在 /var/spool/postfix/之下
sudo mkdir /var/spool/postfix/smtp_sccache
把上面兩個新增的目錄設定成postfix這個user可以存取
sudo chown postfix:postfix /var/spool/MailScanner/*
sudo chown postfix:postfix /var/spool/ postfix/smtp_sccache
在/etc/postfix/ 下新增一個檔案 header_checks
sudo gedit /etc/postfix/header_checks
---------設定檔內容-------------------------------------------------------
/^Received:/ HOLD
--------------------------------------------------------------------------------
打開/etc/default/mailscanner修改內容
sudo gedit /etc/default/mailscanner
---------設定檔內容-------------------------------------------------------
run_mailscanner=1 (=0要改成=1)
--------------------------------------------------------------------------------
打開/etc/default/spamassassin修改內容
sudo gedit /etc/default/pamassassin
---------設定檔內容-------------------------------------------------------
ENABLED=1 (=0要改成=1)
--------------------------------------------------------------------------------
上面兩個設定一定要做,要不然MailScanner 和 Spamassassin會無法啟動
檢查/var/spool/postfix/etc下是否有service這個檔案,如果沒有複製一個過來。
sudo cp /etc/service /var/spool/postfix/etc
將service 啟動
sudo /etc/init.d/clamav-deamon start
sudo /etc/init.d/clamav-freshclam start
sudo /etc/init.d/spamassassin start
sudo /etc/init.d/mailscanner start
sudo postmap /etc/postfix/transport
sudo /etc/init.d/postfix start
修改 NAT 配置, 將 tcp 25 指向 postfix_host:25。
從外部寄郵件到 someone@domain.com, 觀察 postfix 是否能 forward 給真正的 mail server (192.168.1.1)。
telnet 到 mail gateway 進行測試