广告广告
  加入我的最爱 设为首页 风格修改
首页 首尾
 手机版   订阅   地图  繁体 
您是第 10049 个阅读者
 
发表文章 发表投票 回覆文章
  可列印版   加为IE收藏   收藏主题   上一主题 | 下一主题   
Qoo 手机 会员卡
数位造型
个人文章 个人相簿 个人日记 个人地图
头衔:超人超人

级别: 副版主 该用户目前不上站
版区: 星侨五术软体
推文 x22 鲜花 x126
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片
推文 x0
[FreeBSD][转载] FreeBSD+Sendmail+SASL+ Procmail+SpamAssassin+ TLS+Clamav
转贴自 http://redhat.ecenter.idv.tw/bbs/...threadid=56973

FreeBSD + Sendmail + SASL + Procmail + SpamAssassin + TLS + Clamav

一般BSD家族预设安装完成后,Sendmail便已安装完成,我们今天就来架设Mail Server,
我们需要的功能是透过SASL验证来寄发信件,并利用SpamAssassin + Procmail来过滤垃圾邮件,
如此功能足以应付一般中小企业的需求了!

作业系统 FreeBSD 5.3 STABLE
我们先处里有关垃圾邮件的部份:
安装软体:Procmail 、SpamAssassin
Procmail的安装:
# cd /usr/ports/mail/procmail
# make install clean

SpamAssassin的安装:
# cd /usr/ports/mail/p5-Mail-SpamAssassin
# make install clean

Procmail的设定档在 /usr/local/etc/procmailrc
如果没有此档请自建(touch procmailc),然后编辑此档:
MAILDIR=/var/mail
VERBOSE=off
PATH=/bin:/sbin:/usr/bin:/usr/sbin/:/usr/local/bin:/usr/local/sbin
LOGFILE=/var/log/procmail.log
:0fw
* < 256000
| nice -n 19 /usr/local/bin/spamassassin

:0:
* ^X-Spam-Status: Yes
$HOME/mail/spam-mail
上一行是将垃圾邮件放到使用者家目录的邮件里面(mail/spam-mail),因我用openwebmail所以有此目录;
如果你没有此目录,请自行修改至正确路径。

SpamAssassin的设定档在 /usr/local/etc/mail/spamassassin/local.cf
如果没有此档请自建(touch local.cf),
由于这个设定档是用来过滤并判断垃圾邮件所以请到下面网站建立基本设定档:

http://www.yrex.com/sp...nfig.php

或者参考我的设定内容:
# How many hits before a message is considered spam.
# 超过多少分会被当 spam
required_hits 5

# Whether to change the subject of suspected spam
#是否改变垃圾邮件的主题
rewrite_subject 1

# Text to prepend to subject if rewrite_subject is used
rewrite_header Subject *****系统判断这可能是广告垃圾信*****

# Encapsulate spam in an attachment
# 将垃圾加在附件后
report_safe 1

# Use terse version of the spam report
# 用精简的自来回报垃圾给管理者
use_terse_report 1

# Enable the Bayes system
# 自动学习系统
use_bayes 1

# Enable Bayes auto-learning
# 开启自动学习
auto_learn 1

# Enable or disable network checks
skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 1

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_languages all

# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales all

这就是过滤条件的基本设定,日后可依自己需求增加过滤条件,
唯一要注意的事就是改变垃圾邮件的主题;看了很多文章都写成:
subject_tag *****SPAM*****

可是我用subject_tag这个设定值试了多次都无法改变垃圾邮件的主题,
看了这个套件附上的sample才恍然大悟,须写成
rewrite_header Subject *****SPAM*****

如此就OK了,
因为procmail有一个log档案(记录档)让我们查询,
她会随着邮件的增加而长大,因此有必要定时清理她,
我们可以将她设的跟maillog的排程相同,

#vi /etc/newsyslog.conf (或 ee /etc/newsyslog.conf)
加入
/var/log/procmail.log 640 7 * @T00 J

如此就设定完成。
接下来就是启动spamassassin
#/usr/local/etc/rc.d/sa-spamd.sh start

停止spamassassin
#/usr/local/etc/rc.d/sa-spamd.sh stop
将来有修改local.cf的规则就要重新启动,procmail则不需要启动。

接下来做SASL认证、同时将procmail的设定写入sendmail中,我们要安装 sendmail-sasl
# cd /usr/ports/mail/sendmail-sasl
# make install
*注意* 请勿clean!
安装完后请修改
#vi /usr/local/etc/rc.d/sendmail.sh

将有
/usr/local/sbin/sendmail
改为
/usr/sbin/sendmail

共有三个地方
将 if ! test -x /usr/local/sbin/sendmail
改成if ! test -x /usr/sbin/sendmail

/usr/local/sbin/sendmail ${sendmail_flags} &&
echo -n ' sendmail'
/usr/local/sbin/sendmail ${sendmail_msp_queue_flags} &&
echo -n ' sm-msp-queue'
改成
/usr/sbin/sendmail ${sendmail_flags} &&
echo -n ' sendmail'
/usr/sbin/sendmail ${sendmail_msp_queue_flags} &&
echo -n ' sm-msp-queue'

启动sendmail
#/usr/local/etc/rc.d/sendmail.sh start

停止sendmail
#/usr/local/etc/rc.d/sendmail.sh stop

修改saslauthd.sh
#vi /usr/local/etc/rc.d/saslauthd.sh

saslauthd_enable=${saslauthd_enable:-"NO"}
改成
saslauthd_enable=${saslauthd_enable:-"YES"}

启动saslauthd
# cd /usr/local/sbin/saslauthd –a pam

接下来修改sendmail.mc
# cd /usr/ports/mail/sendmail-sasl/work/sendmail-8.13.1/cf/cf

复制generic-bsd4.4.mc成sendmail.mc
# cp generic-bsd4.4.mc sendmail.mc

修改sendmail.mc
# vi sendmail.mc

加入以下几行:
define(`confAUTH_MECHANISMS',`CRAM-MD5 DIGEST-MD5 LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`CRAM-MD5 DIGEST-MD5 LOGIN PLAIN')dnl
FEATURE(`access_db')dnl
FEATURE(local_procmail)
MAILER(procmail)dnl
MAILER(smtp)dnl

存档后一样在此目录
(/usr/ports/mail/sendmail-sasl/work/sendmail-8.13.1/cf/cf)中
建立sendmail.cf并将前面设定写入sendmail.cf

# ./Build senmail.cf
#./Build install-cf

最后退回两个目录安装改变的设定档
# cd ../../ (或 #cd /usr/ports/mail/sendmail-sasl/work/sendmail-8.13.1)
# make
# make install

重新启动senmail
# killall sendmail
#/usr/local/etc/rc.d/sendmail.sh start

终于大功告成
请用telnet 127.0.0.1 25连进 senmail后打入ehlo localhost

FreeBSD# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to localhost.shu0930.dyndns.org.
Escape character is '^]'.
220 FreeBSD.shu0930.dyndns.org ESMTP Sendmail 8.13.1/8.13.1; Fri, 10 Dec 2004 08:43:03 +0800 (CST)
ehlo localhost
250-FreeBSD.shu0930.dyndns.org Hello localhost.shu0930.dyndns.org [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
250-DELIVERBY
250 HELP
quit
221 2.0.0 FreeBSD.shu0930.dyndns.org closing connection
Connection closed by foreign host.

如果有出现AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN就代表成功了
顺便寄封信看看是否有过滤垃圾邮件
最后请在rc.conf将旧的sendmail关闭
#vi /etc/rc.conf
加入 sendmail_enable=”NONE”
然后
#cd /usr/ports/mail/sendmail-sasl
#make clean

* 在实作这篇文章前,sendmail必须是已经正常运转中
(access、local-host-names、relay-domains皆已设定完成)而且ports已更新到最新
另外sendmail的设定部份(sendmail.mc、sendmail.cf)要千万小心修改
因为sendmail这位老大哥相当敏感,多个空白、多个Tab键都会导致启动时失败,
建议还是手工建立勿用复制贴上,如果失败请删除sendmail.mc、sendmail.cf,
再重新建立与导入,
最后请勿再到 /etc/mail去启动sendmail了(make start)
因为我们已经装了新版本的sendmail,请用
#/usr/local/etc/rc.d/sendmail.sh { start | stop | restart }
去启动我们的老大哥吧!!!!

加装 TLS
如果各位看官已经将sendmail的认证架设完毕,没有安全连线(Transport Layer Security & Secure Sockets Layer; TLSv1 & SSLv2/v3)
似乎美中不足,我们就来设定TLS的部份
首先自行制作 key-pair 与 CA,

mkdir /usr/local/CA
cd /usr/local/CA
mkdir certs crl newcerts private
echo "01" > serial
cp /dev/null index.txt
cp /etc/ssl/openssl.cnf openssl.cnf

编辑 openssl.cnf 档案, 将档案中约第 38 行的路径设定由 ./demoCA 改成
/usr/local/CA
执行以下指令, 假装自己是公正单位, 做一个 cacert.pem 出来. 请按萤幕上的指示,
输入相关的系统资料. 当萤幕上提示输入公正单位密码(PEM pass phrase) 的时候, 请自行设定一个密码, 并请牢记这个密码, 以便日后使用.

cd /usr/local/CA
openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem \
-days 365 -config openssl.cnf

执行以下指令, 建立 server 端的 CA 与 key-pair.
请特别留意, 当画面上提示输入 Common Name 的时候, 请务必输入机器的全名(FQDN)否则将来 user 连线都时候将会出现警告讯息, 造成 user 的困扰.另外mail address的路径请设为 /var/mail
当萤幕提示输入 PEM pass phrase 的时候, 请输入上一步骤中的公正单位密码.

cd /usr/local/CA
openssl req -nodes -new -x509 -keyout mykey.pem -out myreq.pem \
-days 365 -config openssl.cnf
openssl x509 -x509toreq -in myreq.pem -signkey mykey.pem -out tmp.pem
openssl ca -config openssl.cnf -policy policy_anything \
-out mycert.pem -infiles tmp.pem
rm -f tmp.pem

以下列指令, 将 key-pair 与 CA 复制到 /etc/mail/cert 目录之下, 并设定正确权限

mkdir /etc/mail/cert
cp /usr/local/CA/mykey.pem /etc/mail/cert/
cp /usr/local/CA/mycert.pem /etc/mail/cert/
cp /usr/local/CA/cacert.pem /etc/mail/cert/
chmod og-rwx /etc/mail/cert/mykey.pem
chmod og=r /etc/mail/cert/mycert.pem
chmod og=r /etc/mail/cert/cacert.pem

这样就完成了自行建立 key-pair 与 CA 的程序. 这组 key-pair 与 CA 将可被sendmail 使用于 TLS/SSL 安全连线的资料加密功能上

接下来要重新编译sendmail
cd /usr/ports/mail/sendmail-sasl
make
(如果您照上一篇文章已经 make clean的话请下此指令)

接下来修改sendmail.mc
cd /usr/ports/mail/sendmail-sasl/work/sendmail-8.13.1/cf/cf

复制generic-bsd4.4.mc成sendmail.mc
cp generic-bsd4.4.mc sendmail.mc

修改sendmail.mc
# vi sendmail.mc

加入以下几行:
dnl The following lines are used to enable the STARTTLS function
define(`CERT_DIR', `/etc/mail/cert')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/cacert.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl
dnl The following lines are used to enable CYRUS-SASL function
define(`confAUTH_MECHANISMS',`CRAM-MD5 DIGEST-MD5 LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`CRAM-MD5 DIGEST-MD5 LOGIN PLAIN')dnl
FEATURE(`access_db')dnl
FEATURE(local_procmail)
MAILER(procmail)dnl
MAILER(smtp)dnl

存档后一样在此目录
(/usr/ports/mail/sendmail-sasl/work/sendmail-8.13.1/cf/cf)中
建立sendmail.cf并将前面设定写入sendmail.cf

./Build senmail.cf
./Build install-cf

最后退回两个目录安装改变的设定档
cd ../../
(或#cd/usr/ports/mail/sendmail-sasl/work/sendmail-8.13.1)
make
make install

使用以下的指令建立 CA 的 hash link

cd /etc/mail/cert
set C=cacert.pem
ln -s $C `openssl x509 -noout -hash < $C`.0

重新启动senmail
# killall sendmail
#/usr/local/etc/rc.d/sendmail.sh start

终于大功告成
请用telnet 127.0.0.1 25连进 senmail后打入ehlo localhost

FreeBSD# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to localhost.shu0930.dyndns.org.
Escape character is '^]'.
220 FreeBSD.shu0930.dyndns.org ESMTP Sendmail 8.13.1/8.13.1; Wed, 15 Dec 2004 04:11:07 +0800 (CST)
ehlo localhost
250-FreeBSD.shu0930.dyndns.org Hello localhost.shu0930.dyndns.org [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
250-STARTTLS
250-DELIVERBY
250 HELP
quit
221 2.0.0 FreeBSD.shu0930.dyndns.org closing connection
Connection closed by foreign host.

如果有出现AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN 和 STARTTLS就代表成功了
寄一封经过安全连线的信到奇摩,观察其完整标头:
Received:
from rascal333 (220-135-200-165.HINET-IP.hinet.net [220.135.200.165]) (authenticated bits=0) by FreeBSD.shu0930.dyndns.org (8.13.1/8.13.1) with ESMTP id iBEJ9dmn066199 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for <sa9a6s@yahoo.com.tw>; Wed, 15 Dec 2004 03:09:39 +0800 (CST) (envelope-from rascal@shu0930.dyndns.org)

当有看到authenticated 和 version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO
就代表成功了!!!

我们的sendmail就有了安全连线加认证(TLS+SASL)和挡垃圾邮(PROCMAIL+SPAM)的功能了!!!

打完收工!!!

TLS设定部份参考文件:
张毓麟先生的文件
http://netlab.kh.ed...cument/张毓麟/sendmail-ssl-auth.txt

安装clamav
一般都和MailScanner或procmail一起服用,但观察原厂(clamav网站)的文件clamav可以直接和sendmail结合无须再加装milter软体
以下是部分原厂文件

4.2 clamav-milter
Nigel Horne’s clamav-milter is a very fast email scanner designed for Sendmail. It’s
written entirely in C and only depends on clamd. You can find detailed installation
instructions in the INSTALL file that comes with the clamav-milter sources. Basically,
to connect it with Sendmail add the following lines to /etc/mail/sendmail.mc:
INPUT_MAIL_FILTER(‘clmilter’,‘S=local:/var/run/clmilter.sock,
F=, T=S:4m;R:4m’)dnl
define(‘confINPUT_MAIL_FILTERS’, ‘clmilter’)
Check entry in clamd.conf of the form:
LocalSocket /var/run/clamd.sock
Start clamav-milter
/usr/local/sbin/clamav-milter -lo /var/run/clmilter.sock
and restart sendmail.

当然原厂也会提供适当的参数和方法供我们使用

首先安装clamav
cd /usr/ports/security/clamav
make install clean

当选项画面出现时请勾选MILTER
安装完成后clamav共有三支程式
clamav-clamd
clamav-milter
clamav-freshclam
以clamd为主,milter 和 freshclam为辅

设定档在/usr/local/etc/ 底下的clamd.conf,这个设定档毋须修改便可使用
接下来设定开机时启动clamav
vi /etc/rc.conf
加入以下四行
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
freshclam_flags="--daemon --checks=10"
clamav_milter_enable="YES"

手动方式启动
/usr/local/etc/rc.d/clamav-clamd.sh start
/usr/local/etc/rc.d/clamav-milter.sh start
/usr/local/etc/rc.d/clamav-freshclam.sh start

再来修改sendmail
cd /usr/ports/mail/sendmail-sasl
make
(如果您又再度 make clean的话请下此指令,没有的话直接修改sendmail.mc)

接下来修改sendmail.mc
cd /usr/ports/mail/sendmail-sasl/work/sendmail-8.13.1/cf/cf

复制generic-bsd4.4.mc成sendmail.mc
cp generic-bsd4.4.mc sendmail.mc

修改sendmail.mc
# vi sendmail.mc
加入以下几行:
dnl The following lines are used to enable the STARTTLS function
define(`CERT_DIR', `/etc/mail/cert')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/cacert.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl
dnl The following lines are used to enable CYRUS-SASL function
define(`confAUTH_MECHANISMS',`CRAM-MD5 DIGEST-MD5 LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`CRAM-MD5 DIGEST-MD5 LOGIN PLAIN')dnl
FEATURE(`access_db')dnl
FEATURE(`delay_checks')dnl
FEATURE(local_procmail)
MAILER(procmail)dnl
MAILER(smtp)dnl
INPUT_MAIL_FILTE(`clmilter',`S=local:/var/run/clamav/clmilter.sock,F=, T=S:4m;R:4m')
define(`confINPUT_MAIL_FILTERS', `clmilter')

其实是只有增加原厂提供的数值(原厂路径只是参考,/var/run/clamav/clmilter.sock才正确欧)
另外增加FEATURE(`delay_checks')dnl功能(等一下再说明)

存档后一样在此目录
(/usr/ports/mail/sendmail-sasl/work/sendmail-8.13.1/cf/cf)中
建立sendmail.cf并将前面设定写入sendmail.cf

./Build senmail.cf
./Build install-cf
最后退回两个目录安装改变的设定档
cd ../../
(或#cd/usr/ports/mail/sendmail-sasl/work/sendmail-8.13.1)
make
make install

重新启动senmail
# killall sendmail
#/usr/local/etc/rc.d/sendmail.sh start

如此就完成了

接下来设定clamav-milter 的flags
vi /usr/local/etc/rc.d/ clamav-milter.sh
原设定为
: ${clamav_milter_flags="--postmaster-only --local --outgoing --max-children=50"}
改为
: ${clamav_milter_flags="--local --outgoing --max-children=50 --noreject --quiet --quarantine=rascal"}

这里稍作说明
原设定的意思是发现病毒邮件会

1.将讯息传给postmaster(MAILER-DAEMON的别名)
2.然后会回给寄件者代号550或554的讯息
3.并将该邮件丢弃

实作结果,将讯息传给postmaster的信,是透过旧sendmail来传送,结果clamav会发现我们的sendmail没有启动,会丢/var/spool/clientmqueue/
里面,等待我们的senadmail启动时再丢给mqueue来传送,所以信会卡在clientmqueue里

改变后的设定
1.将病毒邮件送往rascal(请自取一个本机帐号)
2.不会回给寄件者讯息

为什么要改这里而不将此flag写在 /etc/rc.conf里例如
clamav_milter_socket="/var/run/clamav/clmilter.sock"
clamav_milter_flags="--postmaster-only --local --outgoing
--max-children=50"

因为实作结果clmilter.sock在重新开机时会失败,如果一定要写在/etc/rc.conf里面才方便管理,请
vi /etc/rc.local
加入
/usr/local/sbin/clamav-milter -lo /var/run/clamav/clmilter.sock

如此就完成了

至于freshclam则设定10天更新一次病毒码,

新增FEATURE(`delay_checks')dnl是用来过滤动态ip

vi /etc/mail/access

加入
dynamic.apol.com.tw DISCARD
dynamic.giga.net.tw DISCARD
dynamic.hinet.net DISCARD
dynamic.seed.net.tw DISCARD
dynamic.tfn.net.tw DISCARD
dynamic.ttn.net DISCARD
dynamic.lsc.net.tw DISCARD
(空白部分用Tab)

然后
make maps

最后测试请用
/usr/ports/security/clamav/work/clamav-0.80/test
将test copy出来并利用奇摩来传送test里的试验档案
(寄信给webrascal结果是rascal收到)

观看/var/log/maillog
Dec 16 07:15:48 FreeBSD sm-mta[3469]: iBFNFlxk003469: from=<sa9a6s@yahoo.com.tw>, size=1780, class=0, nrcpts=1, msgid=<20041215231540.73511.qmail@web17402.mail.tpe.yahoo.com>, proto=SMTP, daemon=MTA, relay=web17402.mail.tpe.yahoo.com [202.43.200.170]
Dec 16 07:15:48 FreeBSD sm-mta[3469]: iBFNFlxk003469: Milter add: header: X-Virus-Scanned: ClamAV 0.80/631/Wed Dec 15 22:01:14 2004\n\tclamav-milter version 0.80j\n\ton FreeBSD.shu0930.dyndns.org
Dec 16 07:15:48 FreeBSD sm-mta[3469]: iBFNFlxk003469: Milter add: header: X-Virus-Status: Infected
Dec 16 07:15:48 FreeBSD sm-mta[3469]: iBFNFlxk003469: Milter delete: rcpt <webrascal@shu0930.dyndns.org>
Dec 16 07:15:48 FreeBSD sm-mta[3469]: iBFNFlxk003469: Milter add: header: X-Original-To: <webrascal@shu0930.dyndns.org>
Dec 16 07:15:48 FreeBSD sm-mta[3469]: iBFNFlxk003469: Milter add: rcpt: rascal
Dec 16 07:15:48 FreeBSD sm-mta[3469]: iBFNFlxk003469: Milter change: header Subject: from qqq to [Virus] ClamAV-Test-File
Dec 16 07:15:57 FreeBSD sm-mta[3470]: iBFNFlxk003469: to=rascal, delay=00:00:10, xdelay=00:00:09, mailer=local, pri=32271, dsn=2.0.0, stat=Sent

请仔细观察整个病毒筛检的流程(因为主旨被改写了所以也可以用procmail将有此主旨的信作其他处置,在此不多加说明)

再来用动态ip匿名寄信给rascal

220 FreeBSD.shu0930.dyndns.org ESMTP Sendmail 8.13.1/8.13.1; Thu, 16 Dec 2004 07
:33:09 +0800 (CST)
ehlo kimo.com.tw
250-FreeBSD.shu0930.dyndns.org Hello 61-229-108-18.dynamic.hinet.net [61.229.108
.18], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
250-STARTTLS
250-DELIVERBY
250 HELP
MAIL FROM:<nothing@yahoo.com.tw>
250 2.1.0 <nothing@yahoo.com.tw>... Sender ok
RCPT TO:<rascal>
550 5.0.0 <rascal>... We don't accept mail from dynamic ip

为了示范所以改了access为

dynamic.hinet.net 550 We don't accept mail from dynamic ip

所以才看的到,如果是DISCARD则不会有此回应,会被直接丢弃!!!

综合以上两篇如我用openwebmail来看信件的完整标头应是如此

From sa9a6s@yahoo.com.tw Thu Dec 16 07:15:48 2004
Return-Path: <sa9a6s@yahoo.com.tw>
Received: from web17402.mail.tpe.yahoo.com (web17402.mail.tpe.yahoo.com [202.43.200.170])
by FreeBSD.shu0930.dyndns.org (8.13.1/8.13.1) with SMTP id iBFNFlxk003469
for <webrascal@shu0930.dyndns.org>; Thu, 16 Dec 2004 07:15:47 +0800 (CST)
(envelope-from sa9a6s@yahoo.com.tw)
Message-ID: <20041215231540.73511.qmail@web17402.mail.tpe.yahoo.com>
Received: from [220.135.200.165] by web17402.mail.tpe.yahoo.com via HTTP; Thu, 16 Dec 2004 07:15:40 CST
Date: Thu, 16 Dec 2004 07:15:40 +0800 (CST)
From: sa9a6s <sa9a6s@yahoo.com.tw>
Subject: [Virus] ClamAV-Test-File
To: webrascal@shu0930.dyndns.org
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-738343047-1103152540=:70735"
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: ClamAV 0.80/631/Wed Dec 15 22:01:14 2004
clamav-milter version 0.80j
on FreeBSD.shu0930.dyndns.org
X-Virus-Status: Infected
X-Original-To: <webrascal@shu0930.dyndns.org>
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on
FreeBSD.shu0930.dyndns.org
X-Spam-Level: ***
X-Spam-Status: No, score=3.6 required=5.0 tests=AWL,DNS_FROM_RFC_ABUSE,
FROM_HAS_MIXED_NUMS,FROM_HAS_MIXED_NUMS3,HTML_60_70,HTML_MESSAGE,
HTML_OBFUSCATE_10_20 autolearn=no version=3.0.1
Status: R

这样的sendmail就成功了,防毒、防垃圾邮件、安全连线、认证,一应俱全,
心动了吗?开始着手安装吧!!!

各位看官!!!请注意我使用的版本是FreeBSD 5.3 STABLE 其他版本可能稍有出入
不过差别应该不大,请安心服用!!!



献花 x0 回到顶端 [楼 主] From:台湾 | Posted:2006-12-04 14:37 |
mnbmnb5266
个人文章 个人相簿 个人日记 个人地图
小有名气
级别: 小有名气 该用户目前不上站
推文 x5 鲜花 x46
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片

好棒的教学啊,收藏起来回家慢慢研究 表情


我的收藏
https://pan.baidu.com/s/1QUJ9lr_VzxXKRJAlBJgUQA
提取码:am2c
献花 x0 回到顶端 [1 楼] From:加拿大Rogers | Posted:2010-08-20 23:41 |

首页  发表文章 发表投票 回覆文章
Powered by PHPWind v1.3.6
Copyright © 2003-04 PHPWind
Processed in 0.016195 second(s),query:16 Gzip disabled
本站由 瀛睿律师事务所 担任常年法律顾问 | 免责声明 | 本网站已依台湾网站内容分级规定处理 | 连络我们 | 访客留言