cd /etc/mail
mv sendmail.cf sendmail.cf.bak
vim /etc/mail/sendmail.mc
divert(-1)dnl
dnl #
dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl # make -C /etc/mail
dnl #
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for linux')dnl
OSTYPE(`linux')dnl
dnl #
dnl # Do not advertize sendmail version.
dnl #
dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl
dnl #
dnl # default logging level is 9, you might want to set it higher to
dnl # debug the configuration
dnl #
dnl define(`confLOG_LEVEL', `9')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST', `smtp.your.provider')dnl
dnl #
define(`confDEF_USER_ID', ``8:12'')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl # Please remember that saslauthd needs to be running for AUTH.
dnl #
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl # cd /etc/pki/tls/certs; make sendmail.pem
dnl # Complete usage:
dnl # make -C /etc/pki/tls/certs usage
dnl #
dnl define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The following limits the number of processes sendmail can fork to accept
dnl # incoming messages or process its message queues to 20.) sendmail refuses
dnl # to accept connections once it has reached its quota of child processes.
dnl #
dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl
dnl #
dnl # Limits the number of new connections per second. This caps the overhead
dnl # incurred due to forking new sendmail processes. May be useful against
dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address
dnl # limit would be useful but is not available as an option at this writing.)
dnl #
dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T
FEATURE(`blacklist_recipients')dnl
dnl # use DNSBL for spam mail
FEATURE(`dnsbl', `bl.spamcop.net', `"Spam blocked see:http://spamcop.net/bl.shtml?"$&{client_addr}')dnl
dnl FEATURE(`dnsbl',`dnsbl.sorbs.net', `"554 Rejected " $&{client_addr} " found in dnsbl.sorbs.net"')dnl
dnl FEATURE(`dnsbl', `rbl.softworking.com', `"550 Mail from "$&{client_addr}"rejected based on external blacklist - See also http://www.softworking.com/"')dnl
dnl # use GREYLIST for spam mail
FEATURE(`milter-greylist') dnl
EXPOSED_USER(`root')dnl
dnl #
dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment
dnl # the following 2 definitions and activate below in the MAILER section the
dnl # cyrusv2 mailer.
dnl #
dnl define(`confLOCAL_MAILER', `cyrusv2')dnl
dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl # enable both ipv6 and ipv4 in sendmail:
dnl #
dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
FEATURE(`accept_unresolvable_domains')dnl
dnl #
dnl FEATURE(`relay_based_on_MX')dnl
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl #
LOCAL_DOMAIN(`localhost.localdomain')dnl
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
dnl MASQUERADE_AS(`mydomain.com')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
dnl FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
dnl FEATURE(masquerade_entire_domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
dnl MAILER(cyrusv2)dnl
dnl # for clamav to clean virus
INPUT_MAIL_FILTER(`clamav', `S=local:/var/clamav/clmilter.socket, F=,T=S:4m;R:4m;C:30s;E:10m')dnl
yum -y install milter-greylist
vim /etc/mail/greylist.conf
217.158.50.178/32 \ # AXKit mailing list (unique sender)
163.29.241.0/24 \ # KCG IP
140.117.101.11/32 \ # mail.cert.tanet.edu.tw
163.32.250.21/32 \ # KH mail server
163.32.250.51/32 \ # Epass server
163.32.250.12/32 \ # kiecc.server
2001:288:8201:2::12 \ # mail.kh.edu.tw(ipv6)
2001:288:8201::/48 \ # KIEC ipv6 network area
chkconfig --level 345 milter-greylist on
service milter-greylist start
make -C /etc/mail
vim /etc/mail/local-host-names
# local-host-names - include all aliases for your machine here.
mail1.chkops.kh.edu.tw
#dns.chkops.kh.edu.tw
mail.chkops.kh.edu.tw
chkops.kh.edu.tw
dieux.chkops.kh.edu.tw
vim /etc/mail/access
Connect:localhost.localdomain RELAY
Connect:localhost RELAY
Connect:127.0.0.1 RELAY
Connect:163.32.202 RELAY
make all
service sendmail restart
* 修正啟動 sendmail: WARNING: Xgreylist: local socket name /var/run/milter-greylist/milter-greylist.sock missing
1. # mv /var/milter-greylist /var/run/
2. 編輯 /etc/init.d/milter-greylist
o pidfile="/var/milter-greylist/milter-greylist.pid"
o socket="/var/milter-greylist/milter-greylist.sock"
o 改成
o pidfile="/var/run/milter-greylist/milter-greylist.pid"
o socket="/var/run/milter-greylist/milter-greylist.sock"
o 即可
rpm -qa |grep procmail
vim /etc/procmailrc
MAILDIR=/var/mail
VERBOSE=off
PATH=/bin:/sbin:/usr/bin:/usr/sbin/:/usr/local/bin:/usr/local/sbin
LOGFILE=/var/log/procmail.log
# 廣告信過濾機制
# 原則上因考量誤判的機率較高,因為部份電子期刊也是利用相關的程式來寄發的,因此特別將這些特微
的信,予以轉存至特定的檔案,以便日後人工確認。待確認無誤後,再將設定改轉存至/dev/null,以便
直接刪除信件,以免造成硬碟空間之浪費。
# 過濾偽裝寄件者
:0 HBw
#* ^Return-Path: .*@mail\.kh\.edu\.tw.*
* ^Received: from mail\.kh\.edu\.tw .*
* !^Received: from mail\.kh\.edu\.tw .*163\.32\.250\.
* !^Received: from mail\.kh\.edu\.tw .*163\.32\.119\.
* !^Received: from mail\.kh\.edu\.tw .*163\.29\.241\.
* !^Received: from mail\.kh\.edu\.tw .*163\.29\.242\.
* !^Received: from mail\.kh\.edu\.tw .*163\.32\.137\.
* !^Received: from mail\.kh\.edu\.tw \(localhost\.localdomain \[127\.0\.0\.1\]\)
* !^Received: from 163\.32\.250\.21 .*163\.32\.250\.
/home/mailfilter/spam.local
# 過濾廣告信發送軟體(1)
:0 HBw
* ^X-Library: (Indy.*|Dynamailer.*)
/home/mailfilter/spam.library
# 過濾廣告信發送軟體(2)
:0 HBw
* ^X-Mailer: (Dynamailer.*|EhooPost.*|Mail Bomber.*|QuickSender.*|made from pascual|RET.*|
FoxMail*)
/home/mailfilter/spam.mailer
mkdir /home/mailfilter
cd /etc/mail
make all
service sendmail restart
vim /etc/aliases
# Person who should get root's mail
root: dieux,dieux@gml.chkops.kh.edu.tw
newaliases
service sendmail restart
yum -y install clamd clamav clamav-db clamav-milter
vim /etc/clamd.conf
LocalSocket /var/run/clamav/clamd.socket
vim /etc/clamav-milter.conf
ClamdSocket unix:/var/run/clamav/clamd.socket
AddHeader Yes
chkconfig --level 345 clamd on
chkconfig --level 345 clamav-milter on
service clamd start
service clamav-milter start
crontab -e
00 07 * * * /usr/bin/yum -y update;/bin/sleep 30;/usr/bin yum clean packages
0 */6 * * * /usr/bin/freshclam --quiet
ln -s /etc/cron.daily/freshclam /etc/cron.hourly/freshclam
vim /etc/dovecot.conf
protocols = imap pop3
log_path = /var/log/dovecot.log
setsebool -P dovecot_disable_trans=1
service dovecot restart
vim /etc/resolv.conf
search chkops.kh.edu.tw
nameserver 163.28.136.14
nameserver 163.28.136.10
nameserver 163.32.202.1
nameserver 163.32.202.8
yum -y install squirrelmail
vim /etc/squirrelmail/config.php
$org_name = "高雄市建國國小SquirrelMail";
$squirrelmail_default_language = 'zh_TW';
$default_charset = 'UTF-8';
vim /usr/share/squirrelmail/functions/i18n.php
約840行
$languages['zh_TW']['NAME'] = 'Chinese Trad';
$languages['zh_TW']['CHARSET'] = 'utf-8';
$languages['zh_TW']['LOCALE'] = 'zh_TW.UTF-8';
$languages['tw']['ALIAS'] = 'zh_TW';
沒有留言:
張貼留言