[附言]
本文使用MySQL作为认证数据库!
该附言或许不成其为什么许可证,但还是希望您尊重作者的愿望。
如果您发现有什么错误,请及时通知我,我将尽快作出修改。如果您在网上转载,那将是免费,但希望您附上本附言,并且注明出处的链接。如果您要把它用印刷物形式出版,请通过www.cnfug.org,或通过我的个人网站www.e-era.net跟本人接洽。
本文在FreeBSD4.10和5.3上安装测试通过,登录认证没有采用PAM方式。看了很多资料,但大多都是使用PAM,不明白cyrus-sasl2-saslauthd早就可以与MySQL、PgSQL进行认证了,为什么还在用第三方软件PAM来实现认证呢?
您在以本文作为根据配置电脑的时候,若出现任何故障,后果自负,与本作者无关。
Chapter 0. 准备数据库
| 代码: | #建立两个数据库用户
#======================postfix==================================
INSERT INTO user (host,user,password) VALUES('localhost','postfix','');
update user set password=password('postfix') where User='postfix';
FLUSH PRIVILEGES;
GRANT ALL ON mail.* TO postfix@localhost IDENTIFIED BY "postfix";
#======================courier==================================
INSERT INTO user (host,user,password) VALUES ('localhost','courier','');
update user set password=password('courier') where User='courier';
FLUSH PRIVILEGES;
GRANT select,insert,update on mail.* TO courier;
#建立数据库
#=======================MAIL.SQL=================================
#Create mail database
CREATE DATABASE mail;
use mail;
#Create the aliases table
CREATE TABLE aliases (
alias varchar(255) NOT NULL default '',
rcpt varchar(255) default NULL,
PRIMARY KEY (alias)
) TYPE=MyISAM;
#Create the transport table
CREATE TABLE transport (
domain char(128) NOT NULL default '',
transport char(128) NOT NULL default '',
UNIQUE KEY domain (domain)
) TYPE=MyISAM;
#Create the virtua_users table
CREATE TABLE virtual_users (
unique_id int(32) unsigned NOT NULL auto_increment,
mail char(128) NOT NULL default '',
password char(128) default NULL,
uid int(10) unsigned default '125',
gid int(10) unsigned default '125',
home char(255) default NULL,
maildir char(255) default NULL,
date_add date default NULL,
time_add time default NULL,
domain char(128) default NULL,
name char(255) default NULL,
imapok tinyint(3) unsigned default '1',
quota char(255) default '52428800',###缺省邮箱大小50M
nickname varchar(10) default NULL,
realname varchar(10) default NULL,
office varchar(20) default NULL,
PRIMARY KEY (id),
KEY unique_id (unique_id)
) TYPE=MyISAM;
|
Chapter 1. 安装相关软件
1.1 安装 cyrus-sasl2-saslauthd
mail# cd /usr/ports/security/cyrus-sasl2
下载加密口令认证补丁,否则只能明码认证
mail# fetch http://www.viperstrike.com/~lopaka/sysadmi...e-sources/patch
mail# mv patch files/patch-lib::chkpw.c
mail# make -DWITH_MYSQL -DWITH_DEV_URANDOM -DWITHOUT_OTP -DWITHOUT_CRAM -DWITHOUT_DIGEST -DWITHOUT_NTLM install clean
mail# cd /usr/ports/security/cyrus-sasl2-saslauthd
mail# make install clean
mail# ln -s /usr/local/lib/sasl2 /usr/lib/sasl2
1.2 安装 postfix 和 cyrus-sasl
mail# mv /usr/bin/newaliases /usr/bin/newaliases.OFF
mail# mv /usr/bin/mailq /usr/bin/mailq.OFF
mail# mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF
mail# mv /etc/rc.sendmail /etc/sendmail.OFF
mail# cd /usr/ports/mail/postfix
mail# make install clean
选择下面的内容:
[X] SASL2
[X] TLS
[X] MYSQL
mail# cd /usr/local/etc/rc.d
mail# ln -s /usr/local/sbin/sendmail /usr/sbin/sendmail
mail# echo ‘postfix: root’ >> /etc/aliases
mail# /usr/local/bin/newaliases
mail# chown postfix:postfix /etc/opiekeys
1.3 安装expect
用于Web客户端建立邮件用户
mail# cd /usr/ports/lang/expect
mail# make install clean
1.4 安装Courier-imap
mail# cd /usr/ports/mail/courier-authlib
mail# make install clean
选择
[X] MYSQL
[X] AUTHUSERDB
mail# cd /usr/ports/mail/courier-imap
mail# make WITHOUT_OPENSSL=yes WITH_MYSQL=yes install clean
选择
[X] OPENSSL
[X] IPV6
mail# cd /usr/local/etc/courier-imap
mail# cp imapd.cnf.dist imapd.cnf
mail# cp pop3d.cnf.dist pop3d.cnf
Chapter 2. 配置邮件服务器
2.1 配置rc.conf,编辑/etc/rc.conf,加入
| 代码: | saslauthd_enable="YES"
sendmail_enable="YES"
sendmail_flags="-bd"
sendmail_pidfile="/var/spool/postfix/pid/master.pid"
sendmail_outbound_enable="NO"
sendmail_submit_enable="NO"
sendmail_msp_queue_enable="NO"
courier_authdaemond_enable="YES"
courier_imap_pop3d_enable="YES"
courier_imap_imapd_enable="YES" |
2.2 配置cyrus-sasl2-saslauthd
(1)配置sasl的lib库
| 代码: | | 在/etc/defaults/rc.conf文件里的ldconfig_paths="/usr/local/lib后面加上/usr/local/lib/sasl2" |
(2)创建/usr/lib/sasl2/Sendmail.conf
| 代码: | pwcheck_method: saslauthd auxprop
auxprop_plugin: sql
sql_engine: mysql
mech_list: PLAIN LOGIN
sql_hostnames: localhost
sql_user: postfix
sql_passwd: postfix
sql_database: mail
sql_select: select password from virtual_users where email='%u@%r' |
(3)建立smtpd.conf连接
mail# ln -s /usr/lib/sasl2/Sendmail.conf /usr/lib/sasl2/smtpd.conf
(4)编辑/usr/local/etc/rc.d/saslauthd.sh
| 代码: | | command="${prefix}/sbin/${name} -r" |
2.3 配置postfix 和 cyrus-sasl
(1)创建/etc/periodic.conf
| 代码: | daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO" |
(2)修改/usr/local/etc/postfix/main.cf,在文件最后加入以下内容
| 代码: | #======= BASE ==============
myhostname = mail.e-era.net
mydomain = e-era.net
home_mailbox = Maildir/
mydestination = $myhostname, $mydomain, $transport_maps
local_recipient_maps =
mailbox_command= /usr/local/bin/deliverquota -w 90 ~/Maildir
command_directory = /usr/local/sbin
#======= MYSQL =============
transport_maps = mysql:/usr/local/etc/postfix/transport.cf
virtual_gid_maps = mysql:/usr/local/etc/postfix/gids.cf
virtual_mailbox_base = /var/mail
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual.cf
virtual_maps = mysql:/usr/local/etc/postfix/mysql.aliases.cf
virtual_uid_maps = mysql:/usr/local/etc/postfix/uids.cf
#======= Quota ============
message_size_limit = 5242880 //限制每次发邮件的大小5MB(请将此注解删除)
virtual_mailbox_limit_inbox = no
virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/mailboxsize-mysql.cf
virtual_mailbox_limit_override = yes
virtual_maildir_extended = yes
virtual_create_maildirsize = yes
virtual_mailbox_limit = 52428800 //总邮箱的大小50MB(请将此注解删除)
#====== SASL ================
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated permit_auth_destination reject
#smtpd_sasl_local_domain = $mydomain
smtpd_client_restrictions = permit_sasl_authenticated |
(3)确认/usr/local/etc/postfix/master.cf的配置有如下内容
| 代码: | | virtual unix - n n - - virtual |
(4)编辑/usr/local/etc/postfix/transport.cf
| 代码: | user = postfix
password = postfix
dbname = mail
table = transport
select_field = transport
where_field = domain
hosts = localhost |
(5)编辑/usr/local/etc/postfix/gids.cf
| 代码: | user = postfix
password= postfix
dbname = mail
table = virtual_users
select_field = gid
where_field = email
hosts = localhost |
(6)编辑/usr/local/etc/postfix/uids.cf
| 代码: | user = postfix
password= postfix
dbname = mail
table = virtual_users
select_field = uid
where_field = email
hosts = localhost |
(7)编辑/usr/local/etc/postfix/mysql_virtual.cf
| 代码: | user = postfix
password= postfix
dbname = mail
table = virtual_users
select_field = maildir
where_field = email
hosts = localhost |
(
编辑/usr/local/etc/postfix/mysql.aliases.cf
| 代码: | user = postfix
password= postfix
dbname = mail
table = aliases
select_field = rcpt
where_field = alias
hosts = localhost |
(9)编辑/usr/local/etc/postfix/mailboxsize-mysql.cf
| 代码: | user = postfix
password = postfix
dbname = mail
table = virtual_users
select_field = quota
where_field = email
hosts = localhost |
2.4 配置Courier-imap
(1)修改/usr/local/etc/courier-imap/imapd
| 代码: | IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT AUTH=LOGIN AUTH=PLAIN AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE"
IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=LOGIN AUTH=PLAIN AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE"
IMAPDSTART=YES |
(2)修改/usr/local/etc/courier-imap/imapd-ssl
| 代码: | IMAPDSSLSTART=NO
IMAPDSTARTTLS=NO
POP3DSTART=YES |
(3)修改/usr/local/etc/courier-imap/pop3d
| 代码: | POP3AUTH="LOGIN CRAM-MD5 CRAM-SHA1"
POP3AUTH_ORIG="LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256"
|
(4)修改/usr/local/etc/courier-imap/pop3d-ssl
| 代码: | POP3DSSLSTART=NO
POP3_STARTTLS=NO |
(5)编辑修改/usr/local/etc/authlib/authmysqlrc 示例:authmysqlrc
| 代码: | ##VERSION: $Id: install.sgml,v 1.2 2004/11/02 06:04:15 wt Exp $
#
# Copyright 2000-2004 Double Precision, Inc. See COPYING for
# distribution information.
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
# authmysqlrc created from authmysqlrc.dist by sysconftool
#
# DO NOT INSTALL THIS FILE with world read permissions. This file
# might contain the MySQL admin password!
#
# Each line in this file must follow the following format:
#
# field[spaces|tabs]value
#
# That is, the name of the field, followed by spaces or tabs, followed by
# field value. Trailing spaces are prohibited.
##NAME: LOCATION:0
#
# The server name, userid, and password used to log in.
MYSQL_SERVER localhost
MYSQL_USERNAME courier
MYSQL_PASSWORD courier
##NAME: MYSQL_SOCKET:0
#
# MYSQL_SOCKET can be used with MySQL version 3.22 or later, it specifies the
# filesystem pipe used for the connection
#
MYSQL_SOCKET /tmp/mysql.sock
##NAME: MYSQL_PORT:0
#
# MYSQL_PORT can be used with MySQL version 3.22 or later to specify a port to
# connect to.
MYSQL_PORT 3306
##NAME: MYSQL_OPT:0
#
# Leave MYSQL_OPT as 0, unless you know what you're doing.
MYSQL_OPT 0
##NAME: MYSQL_DATABASE:0
#
# The name of the MySQL database we will open:
MYSQL_DATABASE mail
##NAME: MYSQL_USER_TABLE:0
#
# The name of the table containing your user data. See README.authmysqlrc
# for the required fields in this table.
MYSQL_USER_TABLE virtual_users
##NAME: MYSQL_CRYPT_PWFIELD:0
#
# Either MYSQL_CRYPT_PWFIELD or MYSQL_CLEAR_PWFIELD must be defined. Both
# are OK too. crypted passwords go into MYSQL_CRYPT_PWFIELD, cleartext
# passwords go into MYSQL_CLEAR_PWFIELD. Cleartext passwords allow
# CRAM-MD5 authentication to be implemented.
MYSQL_CRYPT_PWFIELD password
##NAME: MYSQL_CLEAR_PWFIELD:0
#
#
# MYSQL_CLEAR_PWFIELD clear
##NAME: MYSQL_DEFAULT_DOMAIN:0
#
# If DEFAULT_DOMAIN is defined, and someone tries to log in as 'user',
# we will look up 'user@DEFAULT_DOMAIN' instead.
#
#
# DEFAULT_DOMAIN example.com
##NAME: MYSQL_UID_FIELD:0
#
# Other fields in the mysql table:
#
# MYSQL_UID_FIELD - contains the numerical userid of the account
#
MYSQL_UID_FIELD uid
##NAME: MYSQL_GID_FIELD:0
#
# Numerical groupid of the account
MYSQL_GID_FIELD gid
##NAME: MYSQL_LOGIN_FIELD:0
#
# The login id, default is id. Basically the query is:
#
# SELECT MYSQL_UID_FIELD, MYSQL_GID_FIELD, ... WHERE id='loginid'
#
MYSQL_LOGIN_FIELD id
##NAME: MYSQL_HOME_FIELD:0
#
MYSQL_HOME_FIELD home
##NAME: MYSQL_NAME_FIELD:0
#
# The user's name (optional)
MYSQL_NAME_FIELD name
##NAME: MYSQL_MAILDIR_FIELD:0
#
# This is an optional field, and can be used to specify an arbitrary
# location of the maildir for the account, which normally defaults to
# $HOME/Maildir (where $HOME is read from MYSQL_HOME_FIELD).
#
# You still need to provide a MYSQL_HOME_FIELD, even if you uncomment this
# out.
#
MYSQL_MAILDIR_FIELD maildir
##NAME: MYSQL_DEFAULTDELIVERY:0
#
# Courier mail server only: optional field specifies custom mail delivery
# instructions for this account (if defined) -- essentially overrides
# DEFAULTDELIVERY from ${sysconfdir}/courierd
#
# MYSQL_DEFAULTDELIVERY defaultdelivery
##NAME: MYSQL_QUOTA_FIELD:0
#
# Define MYSQL_QUOTA_FIELD to be the name of the field that can optionally
# specify a maildir quota. See README.maildirquota for more information
#
MYSQL_QUOTA_FIELD quota
##NAME: MYSQL_AUXOPTIONS:0
#
# Auxiliary options. The MYSQL_AUXOPTIONS field should be a char field that
# contains a single string consisting of comma-separated "ATTRIBUTE=NAME"
# pairs. These names are additional attributes that define various per-account
# "options", as given in INSTALL's description of the "Account OPTIONS"
# setting.
#
# MYSQL_AUXOPTIONS_FIELD auxoptions
#
# You might want to try something like this, if you'd like to use a bunch
# of individual fields, instead of a single text blob:
#
# MYSQL_AUXOPTIONS_FIELD CONCAT("disableimap=",disableimap,",
#disablepop3=",disablepop3,",di
#sablewebmail=",disablewebmail,",sharedgroup=",sharedgroup)
#
# This will let you define fields called "disableimap", etc, with the end result
# being something that the OPTIONS parser understands.
##NAME: MYSQL_WHERE_CLAUSE:0
#
# This is optional, MYSQL_WHERE_CLAUSE can be basically set to an arbitrary
# fixed string that is appended to the WHERE clause of our query
#
# MYSQL_WHERE_CLAUSE server='mailhost.example.com'
##NAME: MYSQL_SELECT_CLAUSE:0
#
# (EXPERIMENTAL)
# This is optional, MYSQL_SELECT_CLAUSE can be set when you have a database,
# which is structuraly different from proposed. The fixed string will
# be used to do a SELECT operation on database, which should return fields
# in order specified bellow:
#
# username, cryptpw, clearpw, uid, gid, home, maildir, quota, fullname, options
#
# The username field should include the domain (see example below).
#
# Enabling this option causes ignorance of any other field-related
# options, excluding default domain.
#
# There are two variables, which you can use. Substitution will be made
# for them, so you can put entered username (local part) and domain name
# in the right place of your query. These variables are:
# $(local_part), $(domain), $(service)
#
# If a $(domain) is empty (not given by the remote user) the default domain
# name is used in its place.
#
# $(service) will expand out to the service being authenticated: imap, imaps,
# pop3 or pop3s. Courier mail server only: service will also expand out to
# "courier", when searching for local mail account's location. In this case,
# if the "maildir" field is not empty it will be used in place of
# DEFAULTDELIVERY. Courier mail server will also use esmtp when doing
# authenticated ESMTP.
#
# This example is a little bit modified adaptation of vmail-sql
# database scheme:
#
# MYSQL_SELECT_CLAUSE SELECT CONCAT(popbox.local_part, '@', popbox.domain_name),
/
# CONCAT('{MD5}', popbox.password_hash), /
# popbox.clearpw, /
# domain.uid, /
# domain.gid, /
# CONCAT(domain.path, '/', popbox.mbox_name), /
# '', /
# domain.quota, /
# '', /
# CONCAT("disableimap=",disableimap,",disablepop3=", /
# disablepop3,",disablewebmail=",disablewebmail, /
# ",sharedgroup=",sharedgroup) /
# FROM popbox, domain /
# WHERE popbox.local_part = '$(local_part)' /
# AND popbox.domain_name = '$(domain)' /
# AND popbox.domain_name = domain.domain_name
##NAME: MYSQL_ENUMERATE_CLAUSE:0
#
# {EXPERIMENTAL}
# Optional custom SQL query used to enumerate accounts for authenumerate,
# in order to compile a list of accounts for shared folders. The query
# should return the following fields: name, uid, gid, homedir, maildir
#
# Example:
# MYSQL_ENUMERATE_CLAUSE SELECT CONCAT(popbox.local_part, '@',
#popbox.domain_name),
/
# domain.uid, /
# domain.gid, /
# CONCAT(domain.path, '/', popbox.mbox_name), /
# '' /
# FROM popbox, domain /
# WHERE popbox.local_part = '$(local_part)' /
# AND popbox.domain_name = '$(domain)' /
# AND popbox.domain_name = domain.domain_name
##NAME: MYSQL_CHPASS_CLAUSE:0
#
# (EXPERIMENTAL)
# This is optional, MYSQL_CHPASS_CLAUSE can be set when you have a database,
# which is structuraly different from proposed. The fixed string will
# be used to do an UPDATE operation on database. In other words, it is
# used, when changing password.
#
# There are four variables, which you can use. Substitution will be made
# for them, so you can put entered username (local part) and domain name
# in the right place of your query. There variables are:
# $(local_part) , $(domain) , $(newpass) , $(newpass_crypt)
#
# If a $(domain) is empty (not given by the remote user) the default domain
# name is used in its place.
# $(newpass) contains plain password
# $(newpass_crypt) contains its crypted form
#
# MYSQL_CHPASS_CLAUSE UPDATE popbox /
# SET clearpw='$(newpass)', /
# password_hash='$(newpass_crypt)' /
# WHERE local_part='$(local_part)' /
# AND domain_name='$(domain)'
#
|
(4)编辑/usr/local/etc/authlib/authdaemonrc
| 代码: | authmodulelist="authmysql authpam authuserdb"
authmodulelistorig="authmysql authpam authuserdb"
version="authdaemond.mysql" |
重启服务器
(5)接着检查端口,应该有如下端口打开:
mail# netstat -an |grep LISTEN
| 代码: | tcp4 0 0 *.110 *.* LISTEN
tcp6 0 0 *.110 *.* LISTEN
tcp4 0 0 *.143 *.* LISTEN
tcp6 0 0 *.143 *.* LISTEN
tcp4 0 0 *.25 *.* LISTEN
|
Chapter 3. 设置域、用户并测试
3.1 设置第一个用户
用crypt.php生成密码:$1$qn1DoKGc$WImkcvfT9NPgYm57AfetK.
| 代码: | #建立用户数据
use mail;
insert aliases values('postmaster@e-era.net','webmaster@e-era.net');
insert transport values('e-era.net','virtual:');
INSERT INTO virtual_users (id,home,password,maildir,date_add,time_add,domain,name)
VALUES ('webmaster@e-era.net','/var/mail/',encrypt('888888'),'e-era.net/webmaster/Maildir/','2005-03-10','16:28:24','e-era.net','webmaster'); |
设置用户的目录与权限:
mail# mkdir -p /var/mail/e-era.net/webmaster
mail# /usr/local/bin/maildirmake /var/mail/e-era.net/webmaster/Maildir
mail# chmod -R 700 /var/mail/e-era.net/
mail# chown -R postfix:postfix /var/mail/e-era.net
至此用户设置完毕,这里只使用一个域名,同理可以设置多个域名。
3.2 用户登录测试
使用任何其它的邮件客户端程序来测试,如foxmail、Outlook Express等等。
3.3 建立其他用户
用crypt.php生成密码:$1$qn1DoKGc$WImkcvfT9NPgYm57AfetK.
| 代码: | #建立其他用户数据
use mail;
INSERT INTO virtual_users (id,home,password,maildir,date_add,time_add,domain,name)
VALUES ('demo@e-era.net','/var/mail/',encrypt('demo'),'e-era.net/demo/Maildir/','2005-03-10','16:28:24','e-era.net','demo'); |
设置用户的目录与权限:
mail# mkdir -p /var/mail/hzpc.cn/demo
mail# /usr/local/bin/maildirmake /var/mail/hzpc.cn/demo/Maildir
mail# chmod -R 700 /var/mail/hzpc.cn/
mail# chown -R postfix:postfix /var/mail/hzpc.cn
Chapter 4. 防病毒与防垃圾邮件
4.1 安装Clamav
mail# cd /usr/ports/security/clamav
mail# make install clean
注:MILTER不用选中
重启服务器
4.2 测试并升级病毒库
mail# clamscan -r -i /usr/local/www/data
----------- SCAN SUMMARY -----------
Known viruses: 22838
Scanned directories: 1
Scanned files: 31
Infected files: 0
Data scanned: 0.00 MB
I/O buffer size: 131072 bytes
Time: 1.298 sec (0 m 1 s)
升级病毒库
mail# freshclam
4.3 安装amavisd-new
mail# cd /usr/ports/security/amavisd-new
mail# make install clean
选中
[X] MYSQL
编辑/etc/rc.conf,加入
修改/usr/local/etc/amavisd.conf
| 代码: | $mydomain = 'example.com'; #改成$mydomain = 'e-era.net';
#$notify_method = 'smtp:[127.0.0.1]:10025';
#$forward_method = 'smtp:[127.0.0.1]:10025'; |
修改/usr/local/etc/postfix/master.cf,最后加入
| 代码: | smtp-amavis unix - - y - 2 smtp -o smtp_data_done_timeout=1200
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000 |
重启服务器
4.4 安装配置Spamassassin
在最新的AMaVisd-new已经结合了Spamassassin功能,所以只要用 ports安装了 AMaVisd-new,那Spamassassin 也已经安装好了。
添加需要的用户
mail# pw useradd spam -c "Spam Bayes Learner" -d /var/empty -s /sbin/nologin
mail# pw useradd notspam -c "Not Spam Bayes Learner" -d /var/empty -s /sbin/nologin
修改/usr/local/etc/mail/spamassassin/local.cf
| 代码: | use_bayes 1
bayes_path /var/amavis/.spamassassin/bayes
auto_learn 1
auto_learn_threshold_nonspam -2
auto_learn_threshold_spam 15 |
修改/usr/local/etc/amavisd.conf,在MUST BE SET (no useful default)一段下面增加
| 代码: | $max_requests = 10;
$child_timeout=5*60;
@bypass_virus_checks_acl = qw( . );
@local_domains_acl = ( ".$mydomain" );
$final_spam_destiny = D_PASS;
read_hash(/%whitelist_sender, '/var/amavis/whitelist');
read_hash(/%blacklist_sender, '/var/amavis/blacklist');
read_hash(/%spam_lovers, '/var/amavis/spam_lovers'); |
建立所需要的文件
mail# touch /var/amavis/whitelist
mail# touch /var/amavis/blacklist
mail# touch /var/amavis/spam_lovers
mail# chown vscan /var/amavis/whitelist
mail# chown vscan /var/amavis/blacklist
mail# chown vscan /var/amavis/spam_lovers
mail# echo spam@e-era.net >> /var/amavis/spam_lovers
mail# echo notspam@e-era.net >> /var/amavis/spam_lovers
修改/usr/local/etc/postfix/main.cf,添加
| 代码: | | [color=purple]content_filter = smtp-amavis:[127.0.0.1]:10024[/color] |
建立自动学习体系
mail# ee /usr/local/sbin/my-sa-learn.sh
| 代码: | #!/bin/sh
if [ -e /var/mail/spam ]; then
/usr/local/bin/sa-learn --spam -p /var/amavis/.spamassassin/user_prefs --mbox /var/mail/spam
rm /var/mail/spam > /dev/null
fi
if [ -e /var/mail/notspam ]; then
/usr/local/bin/sa-learn --ham -p /var/amavis/.spamassassin/user_prefs --mbox /var/mail/notspam
rm /va/mail/notspam > /dev/null
fi |
mail# chmod a+x /usr/local/sbin/my-sa-learn.sh
建立学习知识库:
mail# /usr/local/bin/sa-learn --rebuild -p /var/amavis/.spamassassin/user_prefs
加入自动运行:
mail# crontab -e
| 代码: | | 5 0 * * * /usr/local/sbin/my-sa-learn.sh |
重启服务器,完成
Chapter 5. 参考
Postfix集成环境(Postfix + MySQL + Cyrus-sasl2 + Courier-imap + iGENUS + Postfixadmin)
http://journal.cnfug.org/issue15/000088.html
Postfix oparty na bazie MySQL i panelu Postfixadmin
http://www.freebsd.hello.pl/files/modules....=article&sid=76
架构基于FreeBSD和Postfix的邮件系统
http://mske.com/index.php?option=content&t...id=10&Itemid=28
Postfix, Courier-Imap, mit Sasl2 und MySQL Authentifizierung
http://www.bsdforen.de/showthread.php?t=7225 |
