建置 CentOS 7 Mail Gateway
使用的是最小安裝版本的CentOS 7 CentOS-7-x86_64-Minimal-1611.iso
下載點:
http://isoredirect.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-Minimal-1611.iso
安裝CentOS 7 完畢後,先把系統更新 一次
使用yum update
先說明一下我的環境架構
內部有兩台Exchang 2013 (CAS and MBX) ,所以架設這一台mail gateway 後直接修改 mx 紀錄外部郵件先導向這台mail gateway 過濾後 再丟到後端Exchange。
postfix 設定:
安裝好CentOS後postfix 預設就已經安裝了,所以不用特別在安裝
修改 /etc/postfix/main.cf
inet_interfaces = all
mydomain = pmail.idv.tw
relay_domains = pmail.idv.tw
transport_maps = hash:/etc/postfix/transport
修改/etc/postfix/transport
pmail.idv.tw smtp:192.168.2.3 => 這邊設定就是轉送pmail.idv.tw 網域郵件到該IP位置
修改完畢執行以下指令會產生 transport.db 此功能才會生效,如果有新增修改資訊要執行一次才會更新。
postmap /etc/postfix/transport
設定開機啟用
systemctl start postfix
systemctl enable postfix
安裝clamav
yum -y install epel-release
yum install clamav
yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
安裝完畢後 兩個設定檔
/etc/freshclam.conf
/etc/clamd.d/scan.conf
編輯這兩個檔案 將Example 這個字串刪除
手動更新病毒碼
freshclam
設定每小時更新病毒碼
crontab -e
0 * * * * /usr/bin/freshclam –quiet
Install Spamassassin
yum install spamassassin
sa-update
設定開機啟動
systemctl enable spamassassin
systemctl start spamassassin
Install MailScanner
必要軟體安裝
yum install perl unzip gcc patch rpm-build cpp perl-DBI perl-MIME-tools perl-DBD-SQLite binutils glibc-devel perl-Filesys-Df zlib zlib-devel automake perl-devel
下載 MailScanner 5.0.3-7
https://www.mailscanner.info/downloads/
wget https://s3.amazonaws.com/msv5/release/MailScanner-5.0.3-7.rhel.tar.gz
解壓縮 tar xvf MailScanner-5.0.3-7.rhel.tar.gz
切換到解壓縮後的目錄 cd MailScanner-5.0.3-7
執行 ./install.sh 進行安裝即可
這一版 和之前不一樣 他會互動問一些問題不外乎就是要步要順便裝缺少的套件等等問題
截圖如下
設定MailScanner
MailScanner 要搭配spammassassin使用須建立目錄及設定權限
mkdir /var/spool/MailScanner/spamassassin
chown postfix /var/spool/MailScanner/spamassassin
設定 postfix 可以寫入 incoming and quarantine 兩個目錄權限指令如下
chown postfix.postfix /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/quarantine
編輯 /etc/MailScanner/MailScnner.conf
設定以下項目
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
MailScanner和postfix搭配使用時所需的設定:
修改 /etc/postfix/main.cf 裡面 這一行—-> header_checks = regexp:/etc/postfix/header_checks 將#註解拿掉
修改 /etc/postfix/header_checks 加上這一行 ——–> /^Received:/ HOLD (這是為了讓Postfix收進來的mail 先儲存在某一個Directory裡面,等待MailScanner 來進行Scan )
MailScanner 搭配Clamav預設不需要修改mailscanner.conf 只要正確安裝clamv就可以正常運作。
MailScanner 搭配SpamAssassin 預設不需要修改mailscanner.conf 只要有安裝spamassassin就會使用。
最後修改 /etc/MailScanner/defaults 設定run_mailscanner=1 才可以將服務啟動
run_mailscanner=1
確定沒問題
使用service mailscanner on =>設定開機啟動mailscanner (注意m是小寫)
啟動mailscanner => service mailscanner start
啟動後可以看一下log => tail –f /var/log/maillog 會看到類似下圖訊息
測試是否運作正常:
使用gmail 發送正常郵件看到正常的log ,紅色字體,是我用gmail 寄信到roy.lee@pmail.idv.tw
也確實有relay 到我後端Exchange (後面紅色字體)
藍色粗體字則是有掃描看看是否有病毒郵件
Dec 14 07:57:36 localhost postfix/smtpd[13803]: connect from mail-qk0-f172.google.com[209.85.220.172]
Dec 14 07:57:37 localhost postfix/smtpd[13803]: 580D1132D0: client=mail-qk0-f172.google.com[209.85.220.172]
Dec 14 07:57:37 localhost postfix/cleanup[13807]: 580D1132D0: hold: header Received: from mail-qk0-f172.google.com (mail-qk0-f172.google.com [209.85.220.172])??by localhost.localdomain (Postfix) with ESMTP id 580D1132D0??for <roy.lee@pmail.idv.tw>; Wed, 14 Dec 2016 07:57:37 from mail-qk0-f172.google.com[209.85.220.172]; from=<roy.mis0916@gmail.com> to=<roy.lee@pmail.idv.tw> proto=ESMTP helo=<mail-qk0-f172.google.com>
Dec 14 07:57:37 localhost postfix/cleanup[13807]: 580D1132D0: message-id=<CANYCmc2wGr6CMTNW4jKV9cLRVP9NGkNovkWdxs9NA+F+49AfUg@mail.gmail.com>
Dec 14 07:57:37 localhost postfix/smtpd[13803]: disconnect from mail-qk0-f172.google.com[209.85.220.172]
Dec 14 07:57:38 localhost MailScanner[13688]: New Batch: Scanning 1 messages, 3192 bytes
Dec 14 07:57:38 localhost MailScanner[13688]: Virus and Content Scanning: Starting
Dec 14 07:58:03 localhost MailScanner[13688]: Requeue: 580D1132D0.AE613 to B454935DB3
Dec 14 07:58:03 localhost MailScanner[13688]: Uninfected: Delivered 1 messages
Dec 14 07:58:03 localhost MailScanner[13688]: Deleted 1 messages from processing-database
Dec 14 07:58:03 localhost postfix/qmgr[13331]: B454935DB3: from=<roy.mis0916@gmail.com>, size=2466, nrcpt=1 (queue active)
Dec 14 07:58:04 localhost postfix/smtp[13813]: B454935DB3: to=<roy.lee@pmail.idv.tw>, relay=192.168.2.3[192.168.2.3]:25, delay=27, delays=27/0/0/0.16, dsn=2.6.0, status=sent (250 2.6.0 <CANYCmc2wGr6CMTNW4jKV9cLRVP9NGkNovkWdxs9NA+F+49AfUg@mail.gmail.com> [InternalId=2512555868176, Hostname=MBX.pmail.idv.tw] Queued mail for delivery)
收到信後再最下方有一串說明有通過mailscanner 掃描過
測試病毒信
使用gmail 測試一封信 內容帶有病毒字串
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
預設如果有掃到病毒信用戶端收到信後主旨開頭預設會被加入{Virus?}
該封郵件的附件會有說明此封為病毒郵件被放在隔離區
MailScanner in /var/spool/MailScanner/quarantine/20161214 (message 90917132D0.AEFCB).
果然在該路徑有此封隔離郵件
測試spam 郵件
使用gmail 測試一封信 內容帶有spam字串
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
收到信件時就會檢查到(紅色字體)
Dec 14 08:36:30 localhost postfix/smtpd[14383]: connect from mail-qt0-f172.google.com[209.85.216.172]
Dec 14 08:36:30 localhost postfix/smtpd[14383]: 68F2A147: client=mail-qt0-f172.google.com[209.85.216.172]
Dec 14 08:36:30 localhost postfix/cleanup[14386]: 68F2A147: hold: header Received: from mail-qt0-f172.google.com (mail-qt0-f172.google.com [209.85.216.172])??by localhost.localdomain (Postfix) with ESMTP id 68F2A147??for <roy.lee@pmail.idv.tw>; Wed, 14 Dec 2016 08:36:30 -0 from mail-qt0-f172.google.com[209.85.216.172]; from=<roy.mis0916@gmail.com> to=<roy.lee@pmail.idv.tw> proto=ESMTP helo=<mail-qt0-f172.google.com>
Dec 14 08:36:30 localhost postfix/cleanup[14386]: 68F2A147: message-id=<CANYCmc32gFHfXd2+Nz1BySQowPkQbYbgTX2oKKUjYGTAxcYgVA@mail.gmail.com>
Dec 14 08:36:30 localhost postfix/smtpd[14383]: disconnect from mail-qt0-f172.google.com[209.85.216.172]
Dec 14 08:36:31 localhost MailScanner[14289]: New Batch: Scanning 1 messages, 4624 bytes
Dec 14 08:36:31 localhost MailScanner[14289]: Virus and Content Scanning: Starting
Dec 14 08:37:02 localhost MailScanner[14289]: Spam Checks: Found 1 spam messages
Dec 14 08:37:03 localhost MailScanner[14289]: Requeue: 68F2A147.AF389 to 1349F35DB5
Dec 14 08:37:03 localhost MailScanner[14289]: Uninfected: Delivered 1 messages
Dec 14 08:37:03 localhost MailScanner[14289]: Deleted 1 messages from processing-database
Dec 14 08:37:03 localhost postfix/qmgr[13331]: 1349F35DB5: from=<roy.mis0916@gmail.com>, size=3900, nrcpt=1 (queue active)
Dec 14 08:37:12 localhost postfix/smtp[14399]: 1349F35DB5: to=<roy.lee@pmail.idv.tw>, relay=192.168.2.3[192.168.2.3]:25, delay=42, delays=33/0.01/0.01/9.2, dsn=2.6.0, status=sent (250 2.6.0 <CANYCmc32gFHfXd2+Nz1BySQowPkQbYbgTX2oKKUjYGTAxcYgVA@mail.gmail.com> [InternalId=2516850835466, Hostname=MBX.pmail.idv.tw] Queued mail for delivery)
Dec 14 08:37:12 localhost postfix/qmgr[13331]: 1349F35DB5: removed
預設如果有掃到spam用戶端收到信後主旨開頭預設會被加入{Spam?}
另外因為mailscanner 搭配spamassassin 預設沒有改的像我這次測試的spam 信應該是不會被送到用戶端因為此字串會列為高度spam,設定是會直接放到隔離區了。(如下圖)
設定的地方是 /etc/MailScanner/MailScanner.conf 中的
High Scoring Spam Actions = deliver or delete or store
deliver => 正常送到用戶端
delete => 直接刪除不放隔離區
store => 放到隔離區
安裝mailwatch工具:
此軟體功能還滿強大的,可以從web看maillog,還可以由web來管理隔離區郵件例如delete , release 等等。
必要軟體安裝: httpd mariadb-server mariadb php php-mysql php-gd php-mbstring
yum install httpd mariadb-server mariadb php php-mysql php-gd php-mbstring
安裝 Perl Encoding::FixLatin module 只接執行下列兩行指令
cpan App::cpanminus
cpanm Encoding::FixLatin
設定 httpd 自動啟動
systemctl start httpd.service
systemctl enable httpd.service
DB基本設定
首先啟用mariadb => systemctl start mariadb
基本設置 => mysql_secure_installation
直行後預設直接Enter 進入設定模式
在此會設定db root 密碼 等等 (如下圖)(基本設就是一些安全性的設定都選Y即可)
設定開啟啟動 => systemctl enable mariadb.service
php 相關設定 (/etc/php.ini)
safe_mode = Off
register_globals = Off
magic_quotes_gpc = Off
magic_quotes_runtime = Off
session.auto_start = 0下載目前最新版mailwatch 1.2.0
https://github.com/mailwatch/1.2.0
下載後放到mailgw 主機上
抓下來是 1.2.0-master.zip
放上主機後解壓縮 => unzip 1.2.0-master.zip
接著 切換到 接壓縮的目錄 => cd 1.2.0-master
建立資料庫 mysql -u root -p < create.sql
建立 mariadb 使用者帳號密碼
mysql> GRANT ALL ON mailscanner.* TO mailwatch@localhost IDENTIFIED BY '<password>';
mysql> GRANT FILE ON *.* TO mailwatch@localhost IDENTIFIED BY '<password>';
mysql> FLUSH PRIVILEGES;
修改MailWatch.pm
檔案在解壓縮目錄中的 1.2.0-master/MailScanner_perl_scripts
修改帳戶及密碼 (這裡的帳號密碼就是最後網頁登入帳號密碼,在這此檔案先設定後面步驟會在MariaDB 新增此帳號密碼)
my($db_user) = ‘mailwatch’;
my($db_pass) = ‘password’;
修改完畢後將檔案搬到 /usr/share/MailScanner/perl/custom 目錄中
指令:
mv MailWatch.pm /usr/share/MailScanner/perl/custom
建立 MailWatch web user
mysql mailscanner -u mailwatch -p
INSERT INTO users SET username = ‘<username>’, password = MD5(‘<password>’), fullname = ‘<name>’, type = ‘A’
安裝設定mailwatch
將網頁相關檔案搬到 /var/www/html/
檔案在解壓縮目錄中的 1.2.0-master/mailscanner
指令 => mv mailscanner /var/www/html/
設定相關權限
切換到 /var/www/html/mailscanner 後
$ chown root:apache images
$ chmod ug+rwx images
$ chown root:apache images/cache
$ chmod ug+rwx images/cache
建立conf.php
cd /var/www/html/mailscanner
cp conf.php.example conf.php
修改前面步驟設定的mailwatch web 用戶帳號密碼
define('DB_TYPE', 'mysql');
define('DB_USER', 'mailwatch');
define('DB_PASS', 'password');
define('DB_HOST', 'localhost');
define('DB_NAME', 'mailscanner');
設定MailScanner
先將mailscanner 停止 => service mailscanner stop
修改 /etc/MailScanner/MailScanner.conf 如下設定
Always Looked Up Last = &MailWatchLogging Detailed Spam Report = yes Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = no Include Scores In SpamAssassin Report = yes Quarantine User = root Quarantine Group = apache Quarantine Permissions = 0660
整合黑白名單(SQLBlackWhiteList.pm )
SQLBlackWhiteList.pm 檔案在解壓縮目錄中的 1.2.0-master\MailScanner_perl_scripts
將SQLBlackWhiteList.pm 複製到 /usr/share/MailScanner/perl/custom
複製後到/usr/share/MailScanner/perl/custom 修改 SQLBlackWhiteList.pm
將mailwatch web user 帳號密碼填入
sub CreateList {
my($type, $BlackWhite) = @_;
my($dbh, $sth, $sql, $to_address, $from_address, $count, $filter);
my($db_name) = 'mailscanner';
my($db_host) = 'localhost';
my($db_user) = 'mailwatch';
my($db_pass) = 'password';修改MailScanner.conf
Is Definitely Not Spam = &SQLWhitelist Is Definitely Spam = &SQLBlacklist
修改為必再啟動mailscanner => service mailscanner start
登入mailwatch
PS:
1.此版本mailscanner 測試後不會自動將postfix 服務帶起來,所以postfix 還是需要設定開機自動啟動。
本篇瀏覽人數: 12688
Jun 27 06:32:53 localhost MailScanner[22207]: Error in configuration file line 185, directory /var/spool/mqueue for outqueuedir does not exist (or is not readable)
Jun 27 06:32:53 localhost MailScanner[22207]: File containing list of incoming queue dirs (/var/spool/mqueue.in) does not exist
這是因為版本不同造成的錯誤嗎?
您好
看起來好像是目錄不存在 嘗試手動建立看看