postfix邮件网关代理outlook

1.组件

操作系统centos5.4

postfix：MTA

clamd：反病毒引擎

spamassassin：反垃圾邮件

amavisd-new：是邮件代理服务器(MTA)和防毒软件之间的中间件

fail2ban：防止邮箱暴力破解

2.工作原理

第一步：postfix 接收邮件（MTA）

postfix，通过25端口，接受所有的邮件

第二步：邮件交给amavisd-new

amavisd-new负责调用clamd对邮件进行病毒扫描，负责调用SpamAssassin对邮件内容进行过滤；amavisd-new通过10025端口还给postfix

第三步：邮件返还给postfx

第四步：postfix在传递给exchange

3.安装过程

停止sendmail服务，防止25端口占用

（1）设定cdrom源 和EPEL源，这步省略

（2）yum安装postfix、fail2ban

# yum –y install
fail2ban

# servic fail2ban start

# yum –y install postfix

（3）yum安装安装病毒过滤组件clamd

#groupadd clamav

#useradd -g clamav -s /sbin/nologin -M clamav

#groupadd amavis

#useradd -g amavis -s /sbin/nologin -M amavis

#yum install clamd

#vim /etc/clamd.conf

修改

User amavis

#chown -R amavis.amavis /var/log/clamav

#chown -R amavis.amavis /var/run/clamav

#service clamd start

# vim /etc/freshclam.conf

修改

DatabaseOwneramavis

#chown -R  amavis.amavis /var/lib/clamav

#freshclam

（4）yum安装反垃圾邮件spamassassin

#yum install spamassassin

#vim /etc/mail/spamassassin/local.cf

########new###################

required_score5.0

rewrite_headerSubject ****SPAM****

report_safe    1

use_bayes      1

bayes_auto_learn    1

skip_rbl_checks     1

use_razor2     0

use_pyzor      0

ok_locales     all

#service spamassassin start

（5）yum安装amavisd-new

#yum install amavisd-new

#gpasswd -a clamav amavis

#usermod -G amavis clamav

#chown amavis.amavis /var/spool/amavisd

#chown amavis.amavis /var/spool/amavisd/tmp

#chmod 750 /var/spool/amavisd/tmp

#vim /etc/amavisd/amavisd.conf

修改

$daemon_user  = ‘amavis‘;

$daemon_group= ‘amavis‘;    #yum安装时会自动创建组和账户

$mydomain= ‘example.com‘;   # Exchange或者其它邮件系统的邮件域

$myhostname=‘mail.example.com‘;# Exchange域

$virus_admin               ="postmaster\@$mydomain";

$mailfrom_notify_admin     = "postmaster\@$mydomain";

$mailfrom_notify_recip     = "postmaster\@$mydomain";

$mailfrom_notify_spamadmin= "postmaster\@$mydomain";

virus_admin_maps=> ["postmaster\@$mydomain"],（指定报告病毒和垃圾邮件时发送系统邮件的用户身份）

spam_admin_maps  => ["postmaster\@$mydomain"],

########NEW##########

[‘ClamAV-clamd‘,

\&ask_daemon, ["CONTSCAN {}\n","/var/run/clamav/clamd.sock"],

qr/\bOK$/m, qr/\bFOUND$/m,

qr/^.*?: (?!Infected Archive)(.*) FOUND$/m],

#service amavisd start

（6）postfix关联clam、spamassassin和amavisd-new

# vim /etc/postfix/master.cf

###########add#############

amavisfeed unix -      -      n       -       2      smtp

-osmtp_data-done_timeout=1200

-odisable_dns_lookup=yes

127.0.0.1:10025 inet n  -      n       -       -      smtpd

-ocontent_filter=

-olocal_recipient_maps=

-orelay_recipient_maps=

-osmtpd_restriction_classes=

-osmtpd_client_restrictions=

-osmtpd_helo_restrictions=

-osmtpd_sender_restrictions=

-osmtpd_recipient_restrictions=permit_mynetworks,reject

-omynetworks=127.0.0.0/8

-ostrict_rfc821_envelopes=yes

# vim/etc/postfix/main.cf

smtpd_client_restrictions =

reject_rbl_client rbl.anti-spam.cn

content_filter = amavisfeed:[127.0.0.1]:10024

receive_override_options= no_address_mappings

# service postfix start

# netstat -nltp

ActiveInternet connections (only servers)

ProtoRecv-Q Send-Q Local Address              Foreign Address            State       PID/Program name

tcp        0     0 127.0.0.1:25               0.0.0.0:*                   LISTEN      20719/master

tcp        0     0 127.0.0.1:10024            0.0.0.0:*                  LISTEN      20540/amavisd (mast

tcp        0     0 127.0.0.1:10025            0.0.0.0:*                   LISTEN      20719/master

tcp        0     0 127.0.0.1:3310             0.0.0.0:*                   LISTEN      6243/clamd

tcp        0     0 127.0.0.1:783              0.0.0.0:*                   LISTEN      19863/spamd.pid

# chkconfig clamd on

# chkconfig spamassassin on

# chkconfig amavisd on

# chkconfig postfix on

# chkconfig fail2ban on

4.邮件网关设置

# vim /etc/postfix/main.cf

relay_domains = test.com

# vim /etc/postfix/transport

test.com   relay:[192.168.0.1]

# postmap /etc/postfix/transport

# service postfix reload

5.exchange不需做任何修改，包括DNS MX记录，因为是只过略入网请求。

5.防火墙发布，省略

总结：此文借鉴了很多网上的东西才得以完成，非常感谢。测试效果还算不错，仅供大家参考。