Virtualize users and domains with Postfix, Courier, MySQL and SquirrelMail

Postfix is ​​a MTA (Mail Transport Agent), written by Wietse Venema when he was working at IBM's TJ Watson research center. Postfix features: easy to manage, fast, safe ...

TipsMake.com - Postfix is ​​a MTA (Mail Transport Agent), written by Wietse Venema when he was working at IBM's TJ Watson research center. Postfix features: easy to manage, fast and safe. Just need a server with normal hardware, Postfix can transfer millions of emails a day. In the following article, we will show you how to install a basic Postfix mail server on a virtual user and domain (ie user and domain are stored in the MySQL database).

>>>Run SquirrelMail on Nginx (LEMP) in Debian Squeeze / Ubuntu 11.04

In addition, the article will show the process of installing and configuring Courier (Courier-POP3, Courier-IMAP), from which Courier can authenticate the MySQL database that Postfix uses. As a result, Postfix server can authenticate SMTP-AUTH , TLS and quota (quota is not built in Postfix by default, we will patch Postfix appropriately). The passwords will be stored in the encrypted form of the database. At the same time, we will show you how to install Amavisd, SpamAssassin and ClamAV so that these emails can be scanned and checked for spam and viruses. Finally, we will install the SquirrelMail webmail interface so that users can read and send mail, change the password.

overview

The advantage of a ' virtual ' setting ( virtual user and domain in the MySQL database) is that it greatly increases performance compared to a basic ' real ' user-based system setup. With virtual setup, your mail server can handle thousands of domains and users. Besides, the administration also becomes easier because you only need to deal with the MySQL database when adding new users / domains or editing existing accounts. No postmap commands are needed to create the db file, no need to reload Postfix . the management of the MySQL database can be done via web tools like phpMyAdmin (will be installed in this tutorial). The third advantage is that users will have an email address that is the user name instead of a username and an annoying email.

1. Some notes

Here we use the Fedora 15 x86_64 system, have a static IP address 192.168.0.100 and hostname server1.example.com . You need to make sure that the firewall and SELinux are disabled.

2. Some software needed

First we need to update the packages available on the system:

yum update

Then install some necessary software:

yum groupinstall 'Development Tools'

yum groupinstall 'Development Libraries'

3. Install Apache, MySQL, phpMyAdmin

This software suite can be installed at the same time via the following command line (including the packages to be built for Courier-IMAP):

yum install ntp httpd mysql-server php php-mysql php-mbstring rpm gcc build mysql-devel openssl-devel cyrus-sasl-devel pkgconfig zlib-devel phpMyAdmin pcre-devel openldap-devel postgresql-devel expect libtool-ltdl-devel openldap -servers libtool gdbm-devel pam-devel gamin-devel libidn-devel

4. Install Courier-IMAP, Courier-Authlib, And Maildrop

Unfortunately, the rpm package is not available for Courier-IMAP, Courier-Authlib, and Maildrop. Therefore we need to build it for use. Rpm packages should not be built as root , courier-imap will refuse to compile if it detects that the package runs at root. So we will create a normal account (eg, quantrimang ) and assign it a password:

useradd -m -s / bin / bash quantrimang
passwd quantrimang

Then we use the sudo command so that quantrimang can compile and install rpm packages. But first, let quantrimang run all commands using sudo:

visudo

In the file opened, in the line root ALL = (ALL) ALL add a similar line for quantrimang below:

 [.] ## Allow root to run any commands anywhere root ALL = (ALL) ALL quantrimang ALL = (ALL) ALL [.] 

Now it's time to build the rpm package. First become quantrimang :

su quantrimang

Next create the built environment:

mkdir $ HOME / rpm
mkdir $ HOME / rpm / SOURCES
mkdir $ HOME / rpm / SPECS
mkdir $ HOME / rpm / BUILD
mkdir $ HOME / rpm / BUILDROOT
mkdir $ HOME / rpm / SRPMS
mkdir $ HOME / rpm / RPMS
mkdir $ HOME / rpm / RPMS / i386
mkdir $ HOME / rpm / RPMS / x86_64

echo "% _topdir $ HOME / rpm" >> $ HOME / .rpmmacros

Create the downloads folder and download the source file here :

mkdir $ HOME / downloads
cd $ HOME / downloads

wget https://sourceforge.net/projects/courier/files/authlib/0.63.0/courier-authlib-0.63.0.tar.bz2/download
wget https://sourceforge.net/projects/courier/files/imap/4.9.3/courier-imap-4.9.3.tar.bz2/download
wget https://sourceforge.net/projects/courier/files/maildrop/2.5.4/maildrop-2.5.4.tar.bz2/download

Still in $ HOME / downloads , we build courier-authlib:

sudo rpmbuild -ta courier-authlib-0.63.0.tar.bz2

Once completed, the rpm package can be found in / root / rpmbuild / RPMS / x86_64 ( / root / rpmbuild / RPMS / i386 if you are running the i386 system):

sudo ls -l / root / rpmbuild / RPMS / x86_64

Available packages of rpm are displayed as follows:

 [quantrimang @ server1 downloads] $ sudo ls -l / root / rpmbuild / RPMS / x86_64 total 520 -rw-r - r-- 1 root root 123448 May 25 18:06 courier-authlib-0.63.0-1.fc15 .x86_64.rpm -rw-r - r-- 1 root root 265144 May 25 18:06 courier-authlib-debuginfo-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 34876 May 25 18:06 courier-authlib-devel-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 17448 May 25 18:06 courier-authlib-ldap-0.63. 0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 13808 May 25 18:06 courier-authlib-mysql-0.63.0-1.fc15.x86_64.rpm -rw-r-- r-- 1 root root 13020 May 25 18:06 courier-authlib-pgsql-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 8276 May 25 18:06 courier-authlib -pipe-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 34108 May 25 18:06 courier-authlib-userdb-0.63.0-1.fc15.x86_64.rpm [ quantrimang @ server1 downloads] $ 

Select a package you want, then install it similarly below:

sudo rpm -ivh /root/rpmbuild/RPMS/x86_64/courier-authlib-0.63.0-1.fc15.x86_64.rpm /root/rpmbuild/RPMS/x86_64/courier-authlib-mysql-0.63.0-1.fc15 .x86_64.rpm /root/rpmbuild/RPMS/x86_64/courier-authlib-devel-0.63.0-1.fc15.x86_64.rpm

Go back to downloads folder:

cd $ HOME / downloads

Run the following commands to create directories that receive / allow changes (otherwise Courier-Imap will fail):

sudo mkdir / var / cache / ccache / tmp
sudo chmod o + rwx / var / cache / ccache /
sudo chmod 777 / var / cache / ccache / tmp

Now run rpmbuild again, note that not through sudo because the compiler doesn't allow it to run as root.

rpmbuild -ta courier-imap-4.9.3.tar.bz2

Then the rpm package will be found in $ HOME / rpm / RPMS / x86_64 ( $ HOME / rpm / RPMS / i386 if it is an i386 system):

cd $ HOME / rpm / RPMS / x86_64

Run the following command:

ls -l

You will receive the available rpm packages:

[quantrimang @ server1 x86_64] $ ls -l
total 1040
-rw-rw-r-- 1 quantrimang quantrimang 315872 May 25 18:33 courier-imap-4.9.3-1.15.x86_64.rpm
-rw-rw-r-- 1 quantrimang quantrimang 743200 May 25 18:33 courier-imap-debuginfo-4.9.3-1.15.x86_64.rpm
[quantrimang @ server1 x86_64] $

Install courier-imap with the following command:

sudo rpm -ivh courier-imap-4.9.3-1.15.x86_64.rpm

Go back to downloads folder:

cd $ HOME / downloads

Run rpmbuild to build maildrop package:

sudo rpmbuild -ta maildrop-2.5.4.tar.bz2

Then the rpm package can be found at / root / rpmbuild / RPMS / x86_64 ( / root / rpmbuild / RPMS / i386 with i386 system).

sudo ls -l / root / rpmbuild / RPMS / x86_64

Available rpm packages are listed:

 [quantrimang @ server1 downloads] $ sudo ls -l / root / rpmbuild / RPMS / x86_64 total 1628 -rw-r - r-- 1 root root 123448 May 25 18:06 courier-authlib-0.63.0-1.fc15 .x86_64.rpm -rw-r - r-- 1 root root 265144 May 25 18:06 courier-authlib-debuginfo-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 34876 May 25 18:06 courier-authlib-devel-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 17448 May 25 18:06 courier-authlib-ldap-0.63. 0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 13808 May 25 18:06 courier-authlib-mysql-0.63.0-1.fc15.x86_64.rpm -rw-r-- r-- 1 root root 13020 May 25 18:06 courier-authlib-pgsql-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 8276 May 25 18:06 courier-authlib -pipe-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 34108 May 25 18:06 courier-authlib-userdb-0.63.0-1.fc15.x86_64.rpm - rw-r - r-- 1 root root 278520 May 25 18:50 maildrop-2.5.4-1.15.x86_64.rpm -rw-r - r-- 1 root root 685672 May 25 18:50 maildrop-debuginfo- 2.5.4-1.15.x86_64.rpm -rw-r - r-- 1 root root 99924 May 25 18:50 maildrop-devel-2.5.4-1.15.x86_64.rpm -rw-r - r-- 1 root root 63968 May 25 18:50 maildrop-man-2.5.4-1.15.x86_64.rpm [quantrimang @ server1 downloads] $ 

Install maildrop with the following command:

sudo rpm -ivh /root/rpmbuild/RPMS/x86_64/maildrop-2.5.4-1.15.x86_64.rpm

After compiling and successfully installing the necessary packages, you can return to root with the command:

exit

5. Apply the Patch Quota patch to Postfix

We have to get the Postfix rpm source, patch it with the quota patch, build a new Postfix rpm package and install it:

cd / usr / src
wget http://ftp-stud.fht-esslingen.de/pub/Mirrors/fedora/linux/releases/15/Everything/source/SRPMS/postfix-2.8.2-2.fc15.src.rpm
rpm -ivh postfix-2.8.2-2.fc15.src.rpm

The following warnings appear, you can ignore it:

warning: mockbuild user does not exist - dùng root
cảnh báo: mockbuild group không tồn tại - dùng root

cd / root / rpmbuild / SOURCES
wget http://vda.sourceforge.net/VDA/postfix-vda-v10-2.8.2.patch
cd / root / rpmbuild / SPECS /

We need to fix the postfix.spec file:

en postfix.spec

And add Patch0: postfix-vda-v10-2.8.2.patch to the # Patches section, adding % patch0 -p1 -b .vda-v10 to % setup -q as follows:

 [.] # Patches Patch0: postfix-vda-v10-2.8.2.patch Patch1: postfix-2.7.0-config.patch Patch2: postfix-2.6.1-files.patch Patch3: postfix-alternatives.patch Patch8 : postfix-large-fs.patch Patch9: pflogsumm-1.1.3-datecalc.patch [.]% prep% setup -q # Apply obligatory patches% patch0 -p1 -b .vda-v10% patch1 -p1 -b .config% patch2 -p1 -b .files% patch3 -p1 -b .alternatives% patch8 -p1 -b .large-fs [.] 

Then build new Postfix rpm package with quota and MySQL support:

rpmbuild -ba postfix.spec

Go to the postfix rpm directory in / root / rpmbuild / RPMS / x86_64 ( / root / rpmbuild / RPMS / i386 if it is an i386 system):

cd / root / rpmbuild / RPMS / x86_64

Run the command:

ls -l

You will receive the available packages:

 [root @ server1 x86_64] # ls -l total 8308 -rw-r - r-- 1 root root 123528 Jun 20 16:33 courier-authlib-0.63.0-1.fc15.x86_64.rpm -rw-r- -r-- 1 root root 265100 Jun 20 16:33 courier-authlib-debuginfo-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 34876 Jun 20 16:33 courier- authlib-devel-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 17452 Jun 20 16:33 courier-authlib-ldap-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 13812 Jun 20 16:33 courier-authlib-mysql-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 13040 Jun 20 16:33 courier-authlib-pgsql-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 8280 Jun 20 16:33 courier-authlib-pipe-0.63.0-1. fc15.x86_64.rpm -rw-r - r-- 1 root root 34144 Jun 20 16:33 courier-authlib-userdb-0.63.0-1.fc15.x86_64.rpm -rw-r - r-- 1 root root 278628 Jun 20 18:29 maildrop-2.5.4-1.15.x86_64.rpm -rw-r - r-- 1 root root 685320 Jun 20 18:29 maildrop-debuginfo-2.5.4-1.15.x86_64.rpm -rw-r - r-- 1 root root 99920 Jun 20 18:29 maildrop-devel-2.5.4-1.15.x86_6 4.rpm -rw-r - r-- 1 root root 63964 Jun 20 18:29 maildrop-man-2.5.4-1.15.x86_64.rpm -rw-r - r-- 1 root root 2170848 Jun 20 18 : 40 postfix-2.8.2-2.fc15.x86_64.rpm -rw-r - r-- 1 root root 4599208 Jun 20 18:40 postfix-debuginfo-2.8.2-2.fc15.x86_64.rpm -rw -r - r-- 1 root root 63536 Jun 20 18:40 postfix-perl-scripts-2.8.2-2.fc15.x86_64.rpm [root @ server1 x86_64] # 

Select the package you want and install it as follows:

rpm -ivh postfix-2.8.2-2.fc15.x86_64.rpm


6. Install password for MySQL and configure phpMyAdmin

First we start MySQL:

chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start

Then set up MySQL passwords for root accounts:

mysql_secure_installation

 [root @ server1 ~] # mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In hàng lệnh để đăng nhập vào MySQL để thực hiện nó, sẽ cần phải mật khẩu hiện thời cho người chủ root. Nếu đã đã được cài đặt MySQL, và bạn không đặt tên mật khẩu nhưng nào, mật khẩu sẽ được trống, vì bạn nên chỉ đăng nhập vào đây. Enter current password cho root (nhập cho không): OK, đã successfully dùng mật khẩu, chuyển đổi khi . 
Thiết lập mật khẩu gốc cần thiết mà không thể đăng nhập vào MySQL
root user without the proper authoring.
Set root password? [Y / n] New password: Re-enter new password: Password updated successfully!
Reloading privilege tables .
. Success!
Vì mặc định, một cài đặt MySQL có một người dùng không rõ, Allow anyone
để đăng nhập vào MySQL không có thể có một người dùng đăng nhập cho cho
more. Đây được sử dụng chỉ để kiểm tra, và để tạo cài đặt
go a bit smoother. Bạn nên gỡ bỏ chúng trước khi chuyển vào
production environment.
Remove anonymous users? [Y / n] . Success!
Thường, root nên chỉ được phép phép kết nối từ 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login command? [Y / n] . Success!
By default, MySQL comes with a database được xác định 'thử' mà có thể
access. Đây không phải được xác định chỉ cho thử thử, và nên được gỡ bỏ trước khi chuyển vào một cơ sở dữ liệu.
Remove test database and access to it? [Y / n] - Dropping test database .
. Success!
- Removing privileges on test database .
. Success!
Reloading the privilege tables will ensure that all changes do so far
sẽ xử lý ngay ngay.
Reload privilege tables now? [Y / n] . Success!
Cleaning up .
All done! If you've completed all steps theo đây, bạn MySQL
cài đặt nên được bảo vệ.
Thanks for dùng MySQL!
[root @ server1 ~] #

Next we configure phpMyAdmin. Change Apache so that phpMyAdmin allows other connections (not just from localhost ) by creating comments in the paragraph.

 # phpMyAdmin - Web based MySQL browser written in php # # Only allowed localhost by default # # But allowing phpMyAdmin to anyone other than localhost should be considered # dangerous unless đã xác định của SSL không được xác định # bị Danger khi được xác định bởi SSL Alias ​​/ phpMyAdmin usr / share / phpMyAdmin # # Order Deny, Allow # Deny from All # Allow from 127.0.0.1 # Allow from :: 1 # Order Deny, Allow Deny from All Allow from 127.0.0.1 Allow from :: 1 # These directories not request over HTTP - taken from the original # phpMyAdmin upstream tarball # Order Deny, Allow Deny from All Allow from Order Order Deny, Allow Deny from All Order Deny, Allow Deny from All Allow from None # This configuration prevents mod_security at phpMyAdmin directories from # filtering SQL etc. This may break your mod_security implementation. # # # # SecRuleInheritance Off # # 

Create a boot path for Apache and activate it:

chkconfig --levels 235 httpd on
/etc/init.d/httpd start

Now you can access the link http://server1.example.com/phpMyAdmin/ or http://192.168.0.100/phpMyAdmin/ on your browser, then log in with the root username and password root MySQL.

7. Create MySQL database for Postfix / Courier

First we create a db named mail:

mysqladmin -u root -p create mail

Next to MySQL shell:

mysql -u root -p

On the MySQL shell, we create a mail_admin user with password mail_admin_password (replace with your own password) with basic rights such as SELECT, INSERT, UPDATE, and DELETE on the mail database. This user will be used by Postfix and Courier to connect to the mail database:

GRANT SELECT, INSERT, UPDATE, DELETE ON mail. * TO 'mail_admin' @ 'localhost' IDENTIFIED BY 'mail_admin_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON mail. * TO 'mail_admin'@'localhost.localdomain' IDENTIFIED BY 'mail_admin_password';
FLUSH PRIVILEGES;

Still in the MySQL shell, we create the tables that Postfix and Courier need:

USE mail;
CREATE TABLE domains (
domain varchar (50) NOT NULL,
PRIMARY KEY (domain))
ENGINE = MyISAM;
CREATE TABLE forwardings (
source varchar (80) NOT NULL,
destination TEXT NOT NULL,
PRIMARY KEY (source))
ENGINE = MyISAM;
CREATE TABLE users (
email varchar (80) NOT NULL,
password varchar (20) NOT NULL,
bigint quota (20) DEFAULT '10485760',
PRIMARY KEY (email)
) ENGINE = MyISAM;
CREATE TABLE transport (
domain varchar (128) NOT NULL default '',
transport varchar (128) NOT NULL default '',
UNIQUE KEY domain (domain)
) ENGINE = MyISAM;
quit;

By using the quit command ; we will leave the MySQL shell and return to the Linux shell.

Domain tables will store each virtual domain for Postfix to receive emails (eg example.com ).

domain example.com

The forwardings table is for emails pointing to another email, for example pointing from info@example.com to sales@example.com .

source destination info @ example.comsales @ example.com

The users table stores all virtual account information and password with the mail box quota value (in this example, the default value is 10485760 bytes equivalent to 10MB ).

email password quota sales@example.comNo9.E4skNvGa. ("secret" in encrypted form) 10485760

The transport table is an optional option, for advanced users, that allows mail forwarding for each single user, or the entire domain, as well as all mail to another server. For example:

domain transport example.comsmtp: [1.2.3.4]

Here the entire email will forward to example.com via the smtp protocol to the server with the IP address 1.2.3.4 , [] brackets mean ' do not perform a search of the DNS MX record ' ( for IP addresses). If you use a fully qualified domain name (FQDN) then this [] mark is not required.

8. Configure Postfix

Now we need to tell Postfix where it can find all the information in the database. First need to create 6 text files, then notify Postfix to connect to MySQL on IP address 127.0.0.1 instead of localhost . We have to do this because Postfix is ​​running on a chroot jail and does not have access to the MySQL socket, so if it is not adjusted it will try to connect via localhost . When using 127.0.0.1 , Postfix will pass TCP to connect to MySQL without any problems in a chroot jail.

Create 6 text files:

vi /etc/postfix/mysql-virtual_domains.cf

 user = mail_admin password = mail_admin_password dbname = mail query = SELECT domain AS virtual FROM domains WHERE domain = '% s' hosts = 127.0.0.1 

vi /etc/postfix/mysql-virtual_forwardings.cf

 user = mail_admin password = mail_admin_password dbname = mail query = SELECT destination FROM forwardings WHERE source = '% s' hosts = 127.0.0.1 

vi /etc/postfix/mysql-virtual_mailboxes.cf

 user = mail_admin password = mail_admin_password dbname = mail query = SELECT CONCAT (SUBSTRING_INDEX (email, '@', - 1), '/', SUBSTRING_INDEX (email, '@', 1), '/') FROM users WHERE email = '% s' hosts = 127.0.0.1 

vi /etc/postfix/mysql-virtual_email2email.cf

 user = mail_admin password = mail_admin_password dbname = mail query = SELECT email FROM users WHERE email = '% s' hosts = 127.0.0.1 

en /etc/postfix/mysql-virtual_transports.cf

 user = mail_admin password = mail_admin_password dbname = mail query = SELECT transport FROM transport WHERE domain = '% s' hosts = 127.0.0.1 

vi /etc/postfix/mysql-virtual_mailbox_limit_maps.cf

 user = mail_admin password = mail_admin_password dbname = mail query = SELECT quota FROM users WHERE email = '% s' hosts = 127.0.0.1 

chmod o = /etc/postfix/mysql-virtual_*.cf
chgrp postfix /etc/postfix/mysql-virtual_*.cf

Now we create a user and group named vmail with the home directory of / home / vmail . This will store the entire inbox.

groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d / home / vmail -m

Next is the postfix configuration process. Make sure that you have replaced server1.example.com with a valid FQDN, otherwise Postfix may not work properly.

 postconf -e 'myhostname = server1.example.com' postconf -e 'mydestination = server1.example.com, localhost, localhost.localdomain' postconf -e 'mynetworks = 127.0.0.0/8' postconf -e 'virtual_alias_domains =' postconf -e 'virtual_alias_maps = proxy: mysql: /etc/postfix/mysql-virtual_forwardings.cf, mysql: /etc/postfix/mysql-virtual_email2email.cf' postconf -e 'virtual_mailbox_domains = proxy: mysql: / etc / postfix / mysql- virtual_domains.cf 'postconf -e' virtual_mailbox_maps = proxy: mysql: /etc/postfix/mysql-virtual_mailboxes.cf 'postconf -e' virtual_mailbox_base = / home / vmail 'postconf -e' virtual_uid_maps = static: 5000 'postconf -e' virtual_gid_maps = static: 5000 'postconf -e' smtpd_sasl_auth_enable = yes' postconf -e 'broken_sasl_auth_clients = yes' postconf -e' smtpd_sasl_authenticated_header = yes' postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination' postconf -e ', reject_unauth_destination' postconf -e 'smtpd_use_tls' yes postconf -e 'smtpd_tls_cert_file = / etc / post fix / smtpd.cert 'postconf -e' smtpd_tls_key_file = /etc/postfix/smtpd.key 'postconf -e' transport_maps = proxy: mysql: /etc/postfix/mysql-virtual_transports.cf 'postconf -e' virtual_create_maildirsize = yes' postconf -e 'virtual_maildir_extended = yes' postconf -e' virtual_mailbox_limit_maps = proxy: mysql: /etc/postfix/mysql-virtual_mailbox_limit_maps.cf 'postconf -e' virtual_mailbox_limit_override = yes' postconf -e 'virtual_maildir_limit_message = "The user you are trying to "postconf -e 'virtual_overquota_bounce = yes' postconf -e' proxy_read_maps = $ local_recipient_maps $ mydestination $ virtual_alias_maps $ virtual_alias_domains $ virtual_mailbox_maps $ virtual_mailbox_domains $ relay_recipient_maps $ relay_domains $ canonical_maps $ sender_canonical_maps $ recipient_canonical_maps $ relocated_maps $ relocated_maps $ transport_canonical_maps $ rel_ated virtual_mailbox_limit_maps' postconf -e 'inet_interfaces = all' 

Then create the SSL certificate needed for TLS:

cd / etc / postfix
openssl req -new -outform PEM -out smtpd.cert -newkey rsa: 2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509

Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]: Organization Name (eg, the name of your company).
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []: Qualified Domain Name of the system (eg "server1.example.com").
Email Address []:

Change permissions for smtpd.key:

chmod o = /etc/postfix/smtpd.key


9. Saslauthd configuration

Editing the /etc/sasl2/smtpd.conf file is as follows:

vi /etc/sasl2/smtpd.conf

 pwcheck_method: authdaemond log_level: 3 mech_list: PLAIN LOGIN authdaemond_path: / var / spool / authdaemon / socket 

Then turn off Sendmail and start Postfix, saslauthd, courier-authlib:

chmod 755 / var / spool / authdaemon
chkconfig --levels 235 courier-authlib on
/etc/init.d/courier-authlib start
chkconfig --levels 235 sendmail off
chkconfig --levels 235 postfix on
chkconfig --levels 235 saslauthd on
/etc/init.d/sendmail stop
/etc/init.d/postfix start
/etc/init.d/saslauthd start

10. Configure Courier

Now we will tell Courier to verify the MySQL database again. First, edit / etc / authlib / authdaemonrc and change the value of authmodulelist :

en / etc / authlib / authdaemonrc

 [.] authmodulelist = "authmysql" # authmodulelist = "authuserdb authpam authpgsql authldap authmysql authcustom authpipe" [.] 

Then edit / etc / authlib / authmysqlrc . Ensure accuracy for what entered.

cp / etc / authlib / authmysqlrc / etc / authlib / authmysqlrc_orig
cat / dev / null> / etc / authlib / authmysqlrc
en / etc / authlib / authmysqlrc
 MYSQL_SERVER localhost MYSQL_USERNAME mail_admin MYSQL_PASSWORD mail_admin_password MYSQL_PORT 0 users MYSQL_CRYPT_PWFIELD MYSQL_USER_TABLE MYSQL_DATABASE mail password password #MYSQL_CLEAR_PWFIELD MYSQL_GID_FIELD MYSQL_UID_FIELD 5000 5000 email MYSQL_LOGIN_FIELD MYSQL_HOME_FIELD "/ home / Vmail" MYSQL_MAILDIR_FIELD CONCAT (SUBSTRING_INDEX (email, '@', - 1), '/', SUBSTRING_INDEX (email, '@', 1), '/') #MYSQL_NAME_FIELD MYSQL_QUOTA_FIELD quota 

Courier restart:

chkconfig --levels 235 courier-imap on
/etc/init.d/courier-authlib restart
/etc/init.d/courier-imap restart

The first time you launch courier-imap, it will automatically generate authentication files /usr/lib/courier-imap/share/imapd.pem and /usr/lib/courier-imap/share/pop3d.pem from the file. /usr/lib/courier-imap/etc/imapd.cnf and /usr/lib/courier-imap/etc/pop3d.cnf . Because the contents of the .cnf files contain the CN = localhost line, our server is named server1.example.com so the certificates may have trouble using the TLS connection. To solve this problem, let's remove the authentication .

cd / usr / lib / courier-imap / share
rm -f imapd.pem
rm -f pop3d.pem

. and replace the line CN = localhost in /usr/lib/courier-imap/etc/imapd.cnf and /usr/lib/courier-imap/etc/pop3d.cnf by CN = server1.example.com :

vi /usr/lib/courier-imap/etc/imapd.cnf

 [.] CN = server1.example.com [.] 

en /usr/lib/courier-imap/etc/pop3d.cnf

 [.] CN = server1.example.com [.] 

Then reconstruct these two certificates .

./mkimapdcert
./mkpop3dcert

. and restart courier-authlib, courier-imap:

/etc/init.d/courier-authlib restart
/etc/init.d/courier-imap restart

Run the command:

telnet localhost pop3

to see if your POP3 server works correctly by displaying the message + OK Hello there . (type quit to return to the Linux shell):

[root @ server1 share] # telnet localhost pop3
Trying :: 1 .
Connected to localhost.
Escape character is '^]'.
+ OK Hello there.

+ OK Better luck next time.
Connection closed by foreign host.
[root @ server1 share] #

11. Edit / etc / aliases

The next step is to open / etc / aliases . Make sure the postmaster points to root and root to your username or email, for example:

vi / etc / aliases

 [.] postmaster: root root: postmaster@yourdomain.tld [.] 

Or like this (if the administrator belongs to you):

 [.] postmaster: root root: administrator [.] 

Whenever you modify / etc / aliases, you must run the command:

newaliases

Then restart Postfix:

/etc/init.d/postfix restart


12. Install Amavisd-new, SpamAssassin and ClamAV

To install Amavisd-new, SpamAssassin and ClamAV at the same time, run the following command:

yum install amavisd-new spamassassin clamav clamav-data clamav-server clamav-update unzip bzip2

Now you need to do this, edit the /etc/amavisd/amavisd.conf file.

/etc/amavisd/amavisd.conf

In this file we need to change 5 locations:

12.1: Change

 $ mydomain = 'example.com'; # một mặc định mặc định cho các phần khác 

City

 $ mydomain = 'localhost'; # $ mydomain = 'example.com'; # một mặc định mặc định cho các đặt khác 

12.2: Change

 $ sa_tag_level_deflt = 2.0; # add spam headers if at, or above that level $ sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level $ sa_kill_level_deflt = 6.9; # triggers evasive actions spam (eg blocks mail) $ sa_dsn_cutoff_level = 10; # spam level ở sau một số DSN không được gửi 

City

 $ sa_tag_level_deflt = 2.0; # add spam headers if at, or above that level $ sa_tag2_level_deflt = 4.0; # add 'spam detected' headers at that level $ sa_kill_level_deflt = $ sa_tag2_level_deflt; # triggers evasive actions spam (eg blocks mail) $ sa_dsn_cutoff_level = 10; # spam level ở sau mà một DSN không được gửi # $ sa_tag_level_deflt = 2.0; # add spam headers if at, or above that level # $ sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level # $ sa_kill_level_deflt = 6.9; # triggers spam evasive actions (eg blocks mail) # $ sa_dsn_cutoff_level = 10; # spam level ở sau một số DSN không được gửi 

Here you can adjust the spam score as you like.

12.3: Change

 # @lookup_sql_dsn = # (['DBI: mysql: database = mail; host = 127.0.0.1; port = 3306', 'user1', 'passwd1'], # ['DBI: mysql: database = mail; host = host2 ',' username2 ',' password2 '], # ["DBI: SQLite: dbname = $ MYHOME / sql / mail_prefs.sqlite",' ',' ']); # @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database 

City

 # @lookup_sql_dsn = # (['DBI: mysql: database = mail; host = 127.0.0.1; port = 3306', 'user1', 'passwd1'], # ['DBI: mysql: database = mail; host = host2 ',' username2 ',' password2 '], # ["DBI: SQLite: dbname = $ MYHOME / sql / mail_prefs.sqlite",' ',' ']); # @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database @lookup_sql_dsn = (['DBI: mysql: database = mail; host = 127.0.0.1; port = 3306', 'mail_admin', 'mail_admin_password']); $ sql_select_policy = 'SELECT "Y" as local FROM domains WHERE CONCAT ("@", domain) IN (% k)'; $ sql_select_white_black_list = undef; # undef disables SQL white / blacklisting $ recipient_delimiter = '+'; # (default is '+') $ replace_existing_extension = 1; # (default is false) $ localpart_is_case_sensitive = 0; # (default is false) 

12.4: Change

 # $ recipient_delimiter = '+'; # undef disables address extensions altogether # when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+ 

City

 $recipient_delimiter = undef; # undef disables address extensions altogether # $recipient_delimiter = '+'; # undef disables address extensions altogether # when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+ 

12.5: Đổi

 $final_virus_destiny = D_DISCARD; $final_banned_destiny = D_BOUNCE; $final_spam_destiny = D_DISCARD; $final_bad_header_destiny = D_BOUNCE; 

City

 $final_virus_destiny = D_REJECT; $final_banned_destiny = D_REJECT; $final_spam_destiny = D_PASS; $final_bad_header_destiny = D_PASS; #$final_virus_destiny = D_DISCARD; #$final_banned_destiny = D_BOUNCE; #$final_spam_destiny = D_DISCARD; #$final_bad_header_destiny = D_BOUNCE; 

Sau khi thay đổi xong các phần này, file /etc/amavisd/amavisd.conf sẽ trông như sau:

 use strict; # a minimalistic configuration file for amavisd-new with all necessary settings # # see amavisd.conf-default for a list of all variables with their defaults; # see amavisd.conf-sample for a traditional-style commented file; # for more details see documentation in INSTALL, README_FILES/* # and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html # COMMONLY ADJUSTED SETTINGS: # @bypass_virus_checks_maps = (1); # controls running of anti-virus code # @bypass_spam_checks_maps = (1); # controls running of anti-spam code # $bypass_decode_parts = 1; # controls running of decoders&dearchivers $max_servers = 2; # num of pre-forked children (2.30 is common), -m $daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u $daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g $mydomain = 'localhost'; #$mydomain = 'example.com'; # a convenient default for other settings $MYHOME = '/var/spool/amavisd'; # a convenient default for other settings, -H $TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T $ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc. $QUARANTINEDIR = undef; # -Q # $quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine # $release_format = 'resend'; # 'attach', 'plain', 'resend' # $report_format = 'arf'; # 'attach', 'plain', 'resend', 'arf' # $daemon_chroot_dir = $MYHOME; # chroot directory or undef, -R $db_home = "$MYHOME/db"; # dir for bdb nanny/cache/snmp databases, -D # $helpers_home = "$MYHOME/var"; # working directory for SpamAssassin, -S $lock_file = "/var/run/amavisd/amavisd.lock"; # -L $pid_file = "/var/run/amavisd/amavisd.pid"; # -P #NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually $log_level = 0; # verbosity 0.5, -d $log_recip_templ = undef; # disable by-recipient level-0 log entries $DO_SYSLOG = 1; # log via syslogd (preferred) $syslog_facility = 'mail'; # Syslog facility as a string # eg: mail, daemon, user, local0, . local7 $syslog_priority = 'debug'; # Syslog base (minimal) priority as a string, # choose from: emerg, alert, crit, err, warning, notice, info, debug $enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny) $enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1 $nanny_details_level = 2; # nanny verbosity: 1: traditional, 2: detailed $enable_dkim_verification = 1; # enable DKIM signatures verification $enable_dkim_signing = 1; # load DKIM signing code, keys defined by dkim_key @local_domains_maps = ( [".$mydomain"] ); # list of all local domains @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ); $unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter # option(s) -p overrides $inet_socket_port and $unix_socketname $inet_socket_port = 10024; # listen on this local TCP port(s) # $inet_socket_port = [10024,10026]; # listen on multiple TCP ports $policy_bank{'MYNETS'} = { # mail originating from @mynetworks originating => 1, # is true in MYNETS by default, but let's make it explicit os_fingerprint_method => undef, # don't query p0f for internal clients }; # it is up to MTA to re-route mail from authenticated roaming users or # from internal hosts to a dedicated TCP port (such as 10026) for filtering $interface_policy{'10026'} = 'ORIGINATING'; $policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users originating => 1, # declare that mail was submitted by our smtp client allow_disclaimers => 1, # enables disclaimer insertion if available # notify administrator of locally originating malware virus_admin_maps => ["virusalert@$mydomain"], spam_admin_maps => ["virusalert@$mydomain"], warnbadhsender => 1, # forward to a smtpd service providing DKIM signing service forward_method => 'smtp:[127.0.0.1]:10027', # force MTA conversion to 7-bit (eg before DKIM signing) smtpd_discard_ehlo_keywords => ['8BITMIME'], bypass_banned_checks_maps => [1], # allow sending any file names and types terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option }; $interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname # Use with amavis-release over a socket or with Petr Rehor's amavis-milter.c # (with amavis-milter.c from this package or old amavis.c client use 'AM.CL'): $policy_bank{'AM.PDP-SOCK'} = { protocol => 'AM.PDP', auth_required_release => 0, # do not require secret_id for amavisd-release }; $sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 4.0; # add 'spam detected' headers at that level $sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions (eg blocks mail) $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent #$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level #$sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level #$sa_kill_level_deflt = 6.9; # triggers spam evasive actions (eg blocks mail) #$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent $sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From # $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off $penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn database) $penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam $bounce_killer_score = 100; # spam score points to add for joe-jobbed bounces $sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger $sa_local_tests_only = 0; # only tests which do not require internet access? # @lookup_sql_dsn = # ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'], # ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'], # ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] ); # @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database @lookup_sql_dsn = ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'mail_admin', 'mail_admin_password'] ); $sql_select_policy = 'SELECT "Y" as local FROM domains WHERE CONCAT("@",domain) IN (%k)'; $sql_select_white_black_list = undef; # undef disables SQL white/blacklisting $recipient_delimiter = '+'; # (default is '+') $replace_existing_extension = 1; # (default is false) $localpart_is_case_sensitive = 0; # (default is false) # $timestamp_fmt_mysql = 1; # if using MySQL *and* msgs.time_iso is TIMESTAMP; # defaults to 0, which is good for non-MySQL or if msgs.time_iso is CHAR(16) $virus_admin = undef; # notifications recip. $mailfrom_notify_admin = undef; # notifications sender $mailfrom_notify_recip = undef; # notifications sender $mailfrom_notify_spamadmin = undef; # notifications sender $mailfrom_to_quarantine = ''; # null return path; uses original sender if undef @addr_extension_virus_maps = ('virus'); @addr_extension_banned_maps = ('banned'); @addr_extension_spam_maps = ('spam'); @addr_extension_bad_header_maps = ('badh'); $recipient_delimiter = undef; # undef disables address extensions altogether # $recipient_delimiter = '+'; # undef disables address extensions altogether # when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+ $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin'; # $dspam = 'dspam'; $MAXLEVELS = 14; $MAXFILES = 1500; $MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced) $MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced) $sa_spam_subject_tag = '***SPAM*** '; $defang_virus = 1; # MIME-wrap passed infected mail $defang_banned = 1; # MIME-wrap passed mail containing banned name # for defanging bad headers only turn on certain minor contents categories: $defang_by_ccat{+CC_BADH.",3"} = 1; # NUL or CR character in header $defang_by_ccat{+CC_BADH.",5"} = 1; # header line longer than 998 characters $defang_by_ccat{+CC_BADH.",6"} = 1; # header field syntax error # OTHER MORE COMMON SETTINGS (defaults may suffice): # $myhostname = 'host.example.com'; # must be a fully-qualified domain name! # $notify_method = 'smtp:[127.0.0.1]:10025'; # $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter! $final_virus_destiny = D_REJECT; $final_banned_destiny = D_REJECT; $final_spam_destiny = D_PASS; $final_bad_header_destiny = D_PASS; #$final_virus_destiny = D_DISCARD; #$final_banned_destiny = D_BOUNCE; #$final_spam_destiny = D_DISCARD; #$final_bad_header_destiny = D_BOUNCE; # $bad_header_quarantine_method = undef; # $os_fingerprint_method = 'p0f:*:2345'; # to query p0f-analyzer.pl ## hierarchy by which a final setting is chosen: ## policy bank (based on port or IP address) -> *_by_ccat ## *_by_ccat (based on mail contents) -> *_maps ## *_maps (based on recipient address) -> final configuration value # SOME OTHER VARIABLES WORTH CONSIDERING (see amavisd.conf-default for all) # $warnbadhsender, # $warnvirusrecip, $warnbannedrecip, $warnbadhrecip, (or @warn*recip_maps) # # @bypass_virus_checks_maps, @bypass_spam_checks_maps, # @bypass_banned_checks_maps, @bypass_header_checks_maps, # # @virus_lovers_maps, @spam_lovers_maps, # @banned_files_lovers_maps, @bad_header_lovers_maps, # # @blacklist_sender_maps, @score_sender_maps, # # $clean_quarantine_method, $virus_quarantine_to, $banned_quarantine_to, # $bad_header_quarantine_to, $spam_quarantine_to, # # $defang_bad_header, $defang_undecipherable, $defang_spam # REMAINING IMPORTANT VARIABLES ARE LISTED HERE BECAUSE OF LONGER ASSIGNMENTS @keep_decoded_original_maps = (new_RE( qr'^MAIL$', # ret ain full original message for virus checking qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, # qr'^Zip archive data', # don't trust Archive::Zip )); # for $banned_namepath_re (a new-style of banned table) see amavisd.conf-sample $banned_filename_re = new_RE( ### BLOCKED ANYWHERE # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components qr'^.(exe-ms|dll)$', # banned file(1) types, rudimentary # qr'^.(exe|lha|tnef|cab|dll)$', # banned file(1) types ### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES: # [ qr'^.(gz|bz2)$' => 0 ], # allow any in gzip or bzip2 [ qr'^.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives qr'.(pif|scr)$'i, # banned extensions - rudimentary # qr'^.zip$', # block zip type ### BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES: # [ qr'^.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within these archives qr'^application/x-msdownload$'i, # block these MIME types qr'^application/x-msdos-program$'i, qr'^application/hta$'i, # qr'^message/partial$'i, # rfc2046 MIME type # qr'^message/external-body$'i, # rfc2046 MIME type # qr'^(application/x-msmetafile|image/x-wmf)$'i, # Windows Metafile MIME type # qr'^. wmf$', # Windows Metafile file(1) type # block certain double extensions in filenames qr'.[^./]*[A-Za-z][^./]*.s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.s]*$'i, # qr'{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}}?'i, # Class ID CLSID, strict # qr'{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}}?'i, # Class ID extension CLSID, loose qr'.(exe|vbs|pif|scr|cpl)$'i, # banned extension - basic # qr'.(exe|vbs|pif|scr|cpl|bat|cmd|com)$'i, # banned extension - basic+cmd # qr'.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta| # inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst| # ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs| # wmf|wsc|wsf|wsh)$'ix, # banned ext - long # qr'.(ani|cur|ico)$'i, # banned cursors and icons filename # qr'^.ani$', # banned animated cursor file(1) type # qr'.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab. ); # See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631 # and http://www.cknow.com/vtutor/vtextensions.htm # ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING @score_sender_maps = ({ # a by-recipient hash lookup table, # results from all matching recipient tables are summed # ## per-recipient personal tables (NOTE: positive: black, negative: white) # 'user1@example.com' => [{'bla-mobile.press@example.com' => 10.0}], # 'user3@example.com' => [{'.ebay.com' => -3.0}], # 'user4@example.com' => [{'cleargreen@cleargreen.com' => -7.0, # '.cleargreen.com' => -5.0}], ## site-wide opinions about senders (the '.' matches any recipient) '.' => [ # the _first_ matching sender determines the score boost new_RE( # regexp-type lookup table, just happens to be all soft-blacklist [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0], [qr'^(greatcasino|investments|lose_weight_today|market.alert)@'i=> 5.0], [qr'^(money2you|MyGreenCard|new.tld.registry|opt-out|opt-in)@'i=> 5.0] , [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0], [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0], [qr'^(your_friend|greatoffers)@'i => 5.0], [qr'^(inkjetplanet|marketopt|MakeMoney)d*@'i => 5.0], ), # read_hash("/var/amavis/sender_scores_sitewide"), { # a hash-type lookup table (associative array) 'nobody@cert.org' => -3.0, 'cert-advisory@us-cert.gov' => -3.0, 'owner-alert@iss.net' => -3.0, 'slashdot@slashdot.org' => -3.0, 'securityfocus.com' => -3.0, 'ntbugtraq@listserv.ntbugtraq.com' => -3.0, 'security-alerts@linuxsecurity.com' => -3.0, 'mailman-announce-admin@python.org' => -3.0, 'amavis-user-admin@lists.sourceforge.net'=> -3.0, 'amavis-user-bounces@lists.sourceforge.net' => -3.0, 'spamassassin.apache.org' => -3.0, 'notification-return@lists.sophos.com' => -3.0, 'owner-postfix-users@postfix.org' => -3.0, 'owner-postfix-announce@postfix.org' => -3.0, 'owner-sendmail-announce@lists.sendmail.org' => -3.0, 'sendmail-announce-request@lists. sendmail.org' => -3.0, 'donotreply@sendmail.org' => -3.0, 'ca+envelope@sendmail.org' => -3.0, 'noreply@freshmeat.net' => -3.0, 'owner-technews@postel.acm.org' => -3.0, 'ietf-123-owner@loki.ietf.org' => -3.0, 'cvs-commits-list-admin@gnome.org' => -3.0, 'rt-users-admin@lists.fsck.com' => -3.0, 'clp-request@comp.nus.edu.sg' => -3.0, 'surveys-errors@lists.nua.ie' => -3.0, 'emailnews@genomeweb.com' => -5.0, 'yahoo-dev-null@yahoo-inc.com' => -3.0, 'returns.groups.yahoo.com' => -3.0, 'clusternews@linuxnetworx.com' => -3.0, lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0, lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0, # soft-blacklisting (positive score) 'sender@example.net' => 3.0, '.example.net' => 1.0, }, ], # end of site-wide tables }); @decoders = ( ['mail', &do_mime_decode], ['asc', &do_ascii], ['uue', &do_ascii], ['hqx', &do_ascii], ['ync', &do_ascii], ['F', &do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ], ['Z', &do_uncompress, ['uncompress','gzip -d','zcat'] ], ['gz', &do_uncompress, 'gzip -d'], ['gz', &do_gunzip], ['bz2', &do_uncompress, 'bzip2 -d'], ['lzo', &do_uncompress, 'lzop -d'], ['rpm', &do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ], ['cpio', &do_pax_cpio, ['pax','gcpio','cpio'] ], ['tar', &do_pax_cpio, ['pax','gcpio','cpio'] ], ['deb', &do_ar, 'ar'], # ['a', &do_ar, 'ar'], # unpacking .a seems an overkill ['zip', &do_unzip], ['7z', &do_7zip, ['7zr','7za','7z'] ], ['rar', &do_unrar, ['rar','unrar'] ], ['arj', &do_unarj, ['arj','unarj'] ], ['arc', &do_arc, ['nomarch','arc'] ], ['zoo', &do_zoo, ['zoo','unzoo'] ], ['lha', &do_lha, 'lha'], # ['doc', &do_ole, 'ripole'], ['cab', &do_cabextract, 'cabextract'], ['tnef', &do_tnef_ext, 'tnef'], ['tnef', &do_tnef], # ['sit', &do_unstuff, 'unstuff'], # broken/u nsafe decoder ['exe', &do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ], ); @av_scanners = ( # ### http://www.clanfield.info/sophie/ (http://www.vanja.com/tools/sophie/) # ['Sophie', # &ask_daemon, ["{}/n", '/var/run/sophie'], # qr/(?x)^ 0+ ( : | [00rn]* $)/m, qr/(?x)^ 1 ( : | [00rn]* $)/m, # qr/(?x)^ [-+]? d+ : (.*?) [00rn]* $/m ], # ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/ # ['Sophos SAVI', &sophos_savi ], # ### http://www.clamav.net/ ['ClamAV-clamd', &ask_daemon, ["CONTSCAN {}n", "/var/spool/amavisd/clamd.sock"], qr/bOK$/m, qr/bFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], # # NOTE: run clamd under the same user as amavisd, or run it under its own # # uid such as clamav, add user clamav to the amavis group, and then add # # AllowSupplementaryGroups to clamd.conf; # # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in # # this entry; when running chrooted one may prefer socket "$MYHOME/clamd". # ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is preferred) # # note that Mail::ClamAV requires per l to be build with threading! # ['Mail::ClamAV', &ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/m ], # ### http://www.openantivirus.org/ # ['OpenAntiVirus ScannerDaemon (OAV)', # &ask_daemon, ["SCAN {}n", '127.0.0.1:8127'], # qr/^OK/m, qr/^FOUND: /m, qr/^FOUND: (.+)/m ], # ### http://www.vanja.com/tools/trophie/ # ['Trophie', # &ask_daemon, ["{}/n", '/var/run/trophie'], # qr/(?x)^ 0+ ( : | [00rn]* $)/m, qr/(?x)^ 1 ( : | [00rn]* $)/m, # qr/(?x)^ [-+]? d+ : (.*?) [00rn]* $/m ], # ### http://www.grisoft.com/ # ['AVG Anti-Virus', # &ask_daemon, ["SCAN {}n", '127.0.0.1:55555'], # qr/^200/m, qr/^403/m, qr/^403 .*?: ([^rn]+)/m ], # ### http://www.f-prot.com/ # ['F-Prot fpscand', # F-PROT Antivirus for BSD/Linux/Solaris, version 6 # &ask_daemon, # ["SCAN FILE {}/*n", '127.0.0.1:10200'], # qr/^(0|8|64) /m, # qr/^([1235679]|1[01345]) |<[^>:]*(?i)(infected|suspicious|unwanted)/m, # qr/(?i)<[^>:]*(?:infected|suspicious|unwanted)[^>:]*: ([^>]*)>/m ], # ### http://www.f-prot.com/ # ['F-Prot f-protd', # old version # &ask_daemon, # ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0rnrn", # ['127.0.0.1:10200', '127.0.0.1:10201', '127.0.0.1:10202', # '127.0.0.1:10203', '127.0.0.1:10204'] ], # qr/(?i)  ]*>clean/m, # qr/(?i)  ]*>infected/m, # qr/(?i)(.+)/m ], # ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/ # ['DrWebD', &ask_daemon, # DrWebD 4.31 or later # [pack('N',1). # DRWEBD_SCAN_CMD # pack('N',0x00280001). # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES # pack('N', # path length # length("$TEMPBASE/amavis-yyyymmddTHHMMSS-xxxxx/parts/pxxx")). # '{}/*'. # path # pack('N',0). # content size # pack('N',0), # '/var/drweb/run/drwebd.sock', # # '/var/amavis/var/run/drwebd.sock', # suitable for chroot # # '/usr/local/drweb/run/drwebd.sock', # FreeBSD drweb ports default # # '127.0.0.1:3000', # or over an inet socket # ], # qr/Ax00[x10x11][x00x10]x00/sm, # IS_CLEAN,EVAL_KEY; SKIPPED # qr/Ax00[x00x01][x00x10][x20x40x80]/sm,# KNOWN_V,UNKNOWN_V,V._MODIF # qr/A.{12}(?:infected with )?([^x00]+)x00/sm, # ], # # NOTE: If using amavis-milter, change length to: # # length("$TEMPBASE/amavis-milter-xxxxxxxxxxxxxx/parts/pxxx"). ### http://www.kaspersky.com/ (kav4mailservers) ['KasperskyLab AVP - aveclient', ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient', '/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'], '-p /var/run/aveserver -s {}/*', [0,3,6,8], qr/b(INFECTED|SUSPICION|SUSPICIOUS)b/m, qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.+)/m, ], # NOTE: one may prefer [0],[2,3,4,5], depending on how suspicious, # currupted or protected archives are to be handled ### http://www.kaspersky.com/ ['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'], '-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ? qr/infected: (.+)/m, sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"}, sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, ], ### The kavdaemon and AVPDaemonClient have been removed from Kasperky ### products and replaced by aveserver and aveclient ['KasperskyLab AVPDaemonClient', [ '/opt/AVP/kavdaemon', 'kavdaemon', '/opt/AVP/AvpDaemonClient', 'AvpDaemonClient', '/opt/AVP/AvpTeamDream', 'AvpTeamDream', '/opt/AVP/avpdc', 'avpdc' ], "-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^rn]+)/m ], # change the startup-script in /etc/init.d/kavd to: # DPARMS="-* -Y -dl -f=/var/amavis /var/amavis" # (or perhaps: DPARMS="-I0 -Y -* /var/amavis" ) # adjusting /var/amavis above to match your $TEMPBASE. # The '-f=/var/amavis' is needed if not running it as root, so it # can find, read, and write its pid file, etc., see 'man kavdaemon'. # defUnix.prf: there must be an entry "*/var/amavis" (or whatever # directory $TEMPBASE specifies) in the 'Names=' section. # cd /opt/AVP/DaemonClients; configure; cd Sample; make # cp AvpDaemonClient /opt/AVP/ # su - vscan -c "${P 
3.8 ★ | 28 Vote