Centos 7 安裝完了已經預裝了Postfix , 至于Dovecot 和 SASL 可以用YUM安裝 , 跟著前面的方式安裝設置好
yum install dovecot
yum install cyrus*
修改/etc/postfix/main.cf
myhostname = xx.xxx.com <<< hostname
mydomain = XXXX.com <<<請寫入domain資料
myorigin = $mydomain <<使用domain作為信件來源主機
inet_interfaces = all <<<監聽信件服務的介面,通常會使用 all
mydestination = $mydomain, $myhostname, localhost.$mydomain, localhost <<<可以接受信件的主機名稱
mynetworks = xxx.xxx.xxx.xxx/xx, 127.0.0.0/8 << 網絡IP及子網絡數據
下面這兩行可能也需要修改, 也就是去掉#
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
到了這里postfix基本上完成設置, 但是還必需設置SASL認證, 加上這幾行:
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
增加下面這部分開通SSL功能
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/pki/tls/certs/mail.pem
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.pem
smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtp_tls_key_file = /etc/pki/tls/certs/mail.pem
smtp_tls_cert_file = /etc/pki/tls/certs/mail.pem
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
防止重複發送郵件:
enable_original_recipient = no
Set this for Procmail ( about raw 455)
mailbox_command = /bin/procmail
****************************************************************
SSL需要認證,在這里選擇了放在 /etc/pki/tls/certs/的證書, 重復一次如何做:
cd /etc/pki/tls/certs/
make mail.pem
openssl x509 -in mail.pem -out mail.der
****************************************************************
根據MailScanner要求把下面這行的 # 移走或者是直接加上:
header_checks = regexp:/etc/postfix/header_checks
儲存離開 /etc/postfix/main.cf
然后修改 /etc/postfix/master.cf
第11行拿走#
smtp inet n - n - - smtpd
第16行拿走#
submission inet n - n - - smtpd
加上下面兩段, 開通465 及587 端口可以SMTP
再為 MailScanner 修改 /etc/postfix/header_checks 這個File , 將下面這行加上:
/^Received:/ HOLD
啟動 :
systemctl restart dovecot
systemctl start postfix
telnet localhost smtp
ehlo localhost
應該有這兩行:
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
chown postfix.postfix /var/spool/MailScanner/spamassassin
chown -R postfix.postfix /var/spool/MailScanner/incoming
chown -R postfix.postfix /var/spool/MailScanner/quarantine
systemctl restart MailScanner
Restart postfix
systemctl restart postfix
核對看有什么問題
postfix reload
啟動MailScanner
systemctl start MailScanner
重啟一次Dovecot
systemctl restart dovecot
______________________________________________________________
systemctl enable postfix
2, 如果有修改 /etc/aliases, 需要執行 newaliases 這個指令
newaliases
3, 必需修改 /etc/MailScanner/defaults 設定run_mailscanner=1 才可以將服務啟動
run_mailscanner=1
4, 如果要設置郵箱大小, 需要加上下面的一段:
mailbox_size_limit = <<< 0 是沒有限制, 單位是 bytes, 例如10 M = 10240000
5, 如果要設置郵件大小, 需要加上下面的一段:
message_size_limit = <<< 0 是沒有限制, 單位是 bytes, 例如10 M = 10240000
可以用 postconf 這個工具檢查postfix 的 message 限制 :
postconf message_size_limit
__________________________________________________________________
刪除下面這兩個套件,除非有用及有配置,否則Postfix 會報錯
rpm -e cyrus-sasl-ldap
rpm -e cyrus-sasl-sql
-------------------------------------------------------------------------------------
增加/var/apool/postfix/.pyzor 這個Directory , 并且給與777權限
mkdir 0777 /var/spool/postfix/.pyzor
否則會報錯
__________________________________________________________________
You will need to ensure that the user “postfix” can write to /var/spool/MailScanner/incoming and /var/spool/MailScanner/quarantine:
Reference Link:
MailScanner for postfix : https://www.mailscanner.info/postfix/
Network Class : http://www.jisuanqinet.com/kexue/ip.html
465
inet n -
n -
- smtpd
-o
smtpd_enforce_tls=yes
-o
smtpd_sasl_auth_enable=yes
587
inet n -
n -
- smtpd
-o
smtpd_enforce_tls=yes
-o
smtpd_sasl_auth_enable=yes
再為 MailScanner 修改 /etc/postfix/header_checks 這個File , 將下面這行加上:
/^Received:/ HOLD
----------------------------------------------------------------------------------啟動 :
systemctl restart dovecot
systemctl start postfix
telnet localhost smtp
ehlo localhost
應該有這兩行:
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
這樣可以確認SASL可以SMTP
接著下來設置MailScanner (針對Postfix)
%org-name% = 公司簡稱 (不可輸入網域)
%org-long-name% = 公司全名或抬頭
%web-site%= 公司網站
Run As User = postfix
Run As Group = postfix
MTA = postfix
Virus Scanners = clamav
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
Deliver Unparsable TNEF = yes
Send Notices = no <<<通知系統管理者, 一般沒必要
Sign Clean Messages = no <<< 這行是宣告語, 覺得麻煩可以將它關閉
垃圾信顯示分數, _SCORE_ 是個變數
Spam Subject Text = {垃圾信:_SCORE_}
High Scoring Spam Subject Text = {Spam:_SCORE_}
MailScanner 檢查設定並提示錯誤
MailScanner --lint
修改權限相關:
mkdir /var/spool/MailScanner/spamassassinchown postfix.postfix /var/spool/MailScanner/spamassassin
chown -R postfix.postfix /var/spool/MailScanner/incoming
chown -R postfix.postfix /var/spool/MailScanner/quarantine
設定MailScanner開機啟動: vi /etc/MailScanner/defaults
run_mailscanner=1
啟動MailScanner:
systemctl enable MailScannersystemctl restart MailScanner
MailScanner 檢查設定並提示錯誤
MailScanner --lint
其他:
怎麽處理垃圾信Spam:
1.加抬頭:
Spam Actions = deliver header "X-Spam-Status: Yes"
2.直接刪除:
Spam Actions = delete
3.轉寄給 :
Spam Actions = forward user@domain.com
白名單設定:
vi /etc/MailScanner/rules/spam.whitelist.rules
From: xxxx.com yes
From: 192.168.0. yes
黑名單也一樣, 不過用不到就不用設置(但log檔會顯示找不到)
touch /etc/MailScanner/rules/spam.blacklist.rules
systemctl restart postfix
核對看有什么問題
postfix reload
啟動MailScanner
systemctl start MailScanner
重啟一次Dovecot
systemctl restart dovecot
______________________________________________________________
下面幾點注意:
1, 這版MailScanner似乎無法啟動Postfix, 只能開機啟動:systemctl enable postfix
2, 如果有修改 /etc/aliases, 需要執行 newaliases 這個指令
newaliases
3, 必需修改 /etc/MailScanner/defaults 設定run_mailscanner=1 才可以將服務啟動
run_mailscanner=1
4, 如果要設置郵箱大小, 需要加上下面的一段:
mailbox_size_limit = <<< 0 是沒有限制, 單位是 bytes, 例如10 M = 10240000
5, 如果要設置郵件大小, 需要加上下面的一段:
message_size_limit = <<< 0 是沒有限制, 單位是 bytes, 例如10 M = 10240000
可以用 postconf 這個工具檢查postfix 的 message 限制 :
postconf message_size_limit
__________________________________________________________________
刪除下面這兩個套件,除非有用及有配置,否則Postfix 會報錯
rpm -e cyrus-sasl-ldap
rpm -e cyrus-sasl-sql
-------------------------------------------------------------------------------------
增加/var/apool/postfix/.pyzor 這個Directory , 并且給與777權限
mkdir 0777 /var/spool/postfix/.pyzor
否則會報錯
__________________________________________________________________
You will need to ensure that the user “postfix” can write to /var/spool/MailScanner/incoming and /var/spool/MailScanner/quarantine:
chown postfix.postfix /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/quarantineReference Link:
MailScanner for postfix : https://www.mailscanner.info/postfix/
Network Class : http://www.jisuanqinet.com/kexue/ip.html
沒有留言:
張貼留言