Created By Johntino on 2004/11/24
安裝的作業系統:FC2
歡迎轉載,但請寫明出處!寫來自鳥園啦~~~
首先先再廢話一下,小弟的個人習慣(這樣你的系統至少會安全點):
系統安裝完後請先作下列的各個步驟:
1、請先用apt、yum 升級完所有套件的bug!
2、把用不到的東東先全部關掉後。
3、開啟自已想要的服務並加設防火牆。
4、安裝設定時,遇到問題請先看一下log檔,看看有啥疑難雜症log檔大概80%以上都會告訴你的!
開始安裝囉!
套件說明:
套件cyrus-sasl、dovecot、postfix、spamassassin全為FC2內建。
f-port、MailScanner為下載的rpm檔
一、cyrus-sasl rpm版的安裝設定:
引言回覆:
1、確認cyrus-sasl是否安裝了(安裝並測試帳號驗證的動作):
代碼:
# rpm -qa |grep cyrus-sasl
cyrus-sasl-2.1.18-2
2、新增修改smtpd.conf:
代碼:
# cd /usr/lib/sasl2
# echo 'pwcheck_method: saslauthd' > smtpd.conf
# echo 'mech_list:plain login' >> smtpd.conf
3、啟動sasl的daemon並測試:
代碼:
# service saslauthd start
# /usr/sbin/testsaslauthd -u 帳號 -p '密碼'
0: OK "Success." =>帳號驗證成功了
二、設定dovecot(imap、pop3):
引言回覆:
1、確認dovecot是否有安裝:
代碼:
# rpm -qa |grep dovecot
dovecot-0.99.10.5-0.FC2
2、設定用pop3來收取信件:
代碼:
#vi /etc/dovecot.conf
protocols = pop3 # imap imaps pop3 pop3s 支援的功能
3、啟動並測試:
代碼:
#service dovecot start
# telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK dovecot ready.
user 帳號
+OK
pass 密碼
+OK Logged in.
三、postfix-2.x rpm版的安裝設定
引言回覆:
1、確認postfix是否有安裝:
代碼:
# rpm -qa |grep postfix
postfix-2.0.18-4
2、將postfix加入到root的權限:
代碼:
# usermod -G root postfix
3、將只有localhost relay 註解掉:
代碼:
# vi /etc/postfix/main.cf
#inet_interfaces = localhost
4、修改接受的目的地位置:
代碼:
# vi /etc/postfix/main.cf
mydestination = $myhostname, localhost.$mydomain, $mydomain
5、新增sasl的設定到main.cf:
代碼:
# vi /etc/postfix/main.cf
smtpd_sasl_auth_enable = yes
smtpd_delay_reject=yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated permit_auth_destination reject
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
mailbox_size_limit = 5120000000
6、啟動postfix:
代碼:
# service postfix start
PS:到這裡postfix、sasl、dovecot就可以正常work了!如果不要防毒的人作到這裡就ok了!
五、讓postfix支援MailScanner、spamassassin、f-prot
引言回覆:
A、安裝 f-prot
引言回覆:
從http://files.f-prot.com/files/linux-x86/fp-linux-ws.rpm下載 f-prot套件
(可能會要你輸入基本資料,輸入就好!)
# rpm -ivh fp-linux-ws.rpm
B、安裝MailScanner
引言回覆:
下載http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailScanner-版本.rpm.tar.gz
(這裡可能會少些perl的套件,出現啥錯誤訊息!請造著錯誤訊息要的rpm裝完即可!)
代碼:
# tar zxf MailScanner-版本.rpm.tar.gz
# cd MailScanner-版本
# ./install.sh
C、安裝spamassassin
引言回覆:
1、確認spamassassin是否有安裝:
代碼:
# rpm -qa |grep spam
spamassassin-2.63-8
2、建立Mailscanner支援spamassassin所需的目錄:
代碼:
# mkdir /var/spool/MailScanner/spamassassin
# chmod 700 /var/spool/MailScanner/spamassassin
# chown postfix.postfix /var/spool/MailScanner/spamassassin
3、修改spamassassin的設定檔local.cf
代碼:
# vi /etc/mail/spamassassin/local.cf
# How many hits before a message is considered spam.
required_hits 5.0
# Whether to change the subject of suspected spam
rewrite_subject 1
# Text to prepend to subject if rewrite_subject is used
subject_tag *****SPAM*****
# Encapsulate spam in an attachment
report_safe 1
# Use terse version of the spam report
use_terse_report 0
# Enable the Bayes system
use_bayes 1
# Enable Bayes auto-learning
auto_learn 1
# Enable or disable network checks
skip_rbl_checks 1
use_razor2 0
use_dcc 0
use_pyzor 0
# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_languages all
# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales all
score HEADER_8BITS 0
score HTML_COMMENT_8BITS 0
score SUBJ_FULL_OF_8BITS 0
score UPPERCASE_25_50 0
score UPPERCASE_50_75 0
score UPPERCASE_75_100 0
score HEAD_ILLEGAL_CHARS 0
score SUBJ_ILLEGAL_CHARS 0
score X_PRIORITY_HIGH 0
4、啟動spamassassin
代碼:
# service spamassassin start
D、MailScanner設定
引言回覆:
1、修改MailScanner.conf
代碼:
# vi /etc/MailScanner/MailScanner.conf
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Virus Scanners = f-prot
Always Include SpamAssassin Report = yes
Use SpamAssassin = yes
Required SpamAssassin Score = 4
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamAssassin Install Prefix = /usr/bin
SpamAssassin Local Rules Dir = /etc/MailScanner
2、修改 postfix支援mailscanner
# vi /etc/postfix/main.cf 變更以下的值
代碼:
header_checks = regexp:/etc/postfix/header_checks
# vi /etc/postfix/header_checks 加入以下的值
代碼:
/^Received:/ HOLD
PS: 注意, 在 / 之前不可以有空白!3、變更目錄權限
代碼:
# chown postfix.postfix /var/spool/MailScanner/incoming
# chown postfix.postfix /var/spool/MailScanner/quarantine
4、停止postfix執行、啟動MailScanner
代碼:
# service postfix stop
# chkconfig postfix off
# service MailScanner start
PS:設定MailScanner,當MTA = postfix時,會自己啟動postfix,如有設定啟動postfix的請先將它停掉
5、定期更新病毒定義檔
代碼:
# crontab -e
0 4 * * * /usr/local/f-prot/tools/check-updates.pl -cron
並將原本在/etc/cron.hourly/update_virus_scanners 刪除掉
最後測試你的mail server 的防毒!
請到
http://www.testvirus.org,輸入你的e-mail 後,它會寄一封認證信到你輸入的mail!開啟他就能測試1-26封的病毒信了!
ps:之所以不用大家常用的clamav,是因為在這個網站中的第23封病毒測試信會漏掉,還有掃毒速度沒有比f-prot快,最後就是clamav的病毒定義檔比較少!所以我才用f-prot的!
-----
(三子: 幫個小忙排版一下, 這樣比較容易閱讀
)
登入
註冊
問答集
搜尋
害我在linux版中找半天,以為被砍了!
