postfix+courier-authlib+courier-imap+cyrus-sasl2+TLS+kaspersky

12/3/2006来源:Qmail人气:9041

对于本系统的postfix服务器,是基于MySQL的虚拟用户,以及防病毒防垃圾邮件处理。

mysql服务器的安装

myql是数据库服务,在postfix里面提供主要的任务就是用来保户邮件帐户与密码
mysql服务器是采用源码的方式进行安装。


./configure --PRefix=/usr/local/mysql
make
make install
cp support-files/my-medium.cnf /etc/my.cnf
cd /usr/local/mysql
bin/mysql_install_db --user=mysql
chown -R root .
chown -R mysql var
chgrp -R mysql .
/usr/local/mysql/bin/mysqladmin -u root passWord 'new-password'
ln -s /usr/local/mysql/share/mysql/mysql.server /usr/local/etc/rc.d/mysql.sh

安装apache服务器
/usr/ports/www/apache21 make install
如果产生错误就采用下面的方式进行安装
make -f Makefile CC=gcc install
安装php的支持

对于如何利用php支持apache不在本文档的范围之内,请自行查询相关手册


/usr/ports/lang/php4
make install
[X] APACHE2 Use apache 2.x instead of apache 1.3.x │ │
[ ] DEBUG Enable debug │ │
[X] MULTIBYTE Enable zend multibyte support │ │
[ ] ipV6 Enable ipv6 support │ │
[X] OPENSSL Build static OpenSSL extension

安装php对mysql的支持
/usr/ports/databases/php4-mysql make install
安装php的所必须的函数库
/usr/ports/www/php4-session make install
安装phpmyadmin
/usr/ports/databases/phpmyadmin [X] BZ2 bzip2 library support │ │ [X] GD GD library support │ │ [ ] MYSQLI Improved MySQL support (PHP5, MySQL 4.1 only) │ │ [X] OPENSSL OpenSSL support │ │ [X] PDF PDFlib suppor t (implies GD) │ │ [X] ZLIB ZLIB support │ │ [X] MCRYPT MCrypt library support │ │ [X] MBSTRING Multi-byte character-set string support make install
以上把这些支持都装好,也都是为以后postfix铺路,对于php还缺少什么函数可以以后跟具需要进行安装 请自行配置好phpmyadmin在本文里没有介绍
安装postfixadmin

postfixadmin是通过web方式管理postfix的一种解决方案,我们主要是把postfixadmin的数据库导入到mysql数据库里,之后通过web的方式来管理。


/usr/ports/mail/postfixadmin
make install

安装postfix

安装postfix主程序,安装到这一步骤的时候必须要把域名配置完毕。


/usr/ports/mail/postfix
make install
│ │ [ ] NOPCRE DISABLE Perl Compatible Regular Expressions │ │
│ │ [ ] SASL Cyrus SASLv1 (Simple Authentication and Security Layer) │ │
│ │ [X] SASL2 Cyrus SASLv2 (Simple Authentication and Security Layer) │ │
│ │ [ ] SASLKRB If your SASL requires Kerberos select this option │ │ │ │ [ ] SASLKRB5 If your SASL requires Kerberos5 select this option │ │
│ │ [ ] SPF SPF support │ │
│ │ [X] TLS SSL and TLS │ │
│ │ [ ] DB3 Berkeley DB3 (required if SASL also built with DB3)%26amp;nb sp; │ │
│ │ [ ] DB40 Berkeley DB4.0 (required if SASL also built with DB4.0) │ │
│ │ [ ] DB41 Berkeley DB4.1 (required if SASL also built with DB4.1) │ │
│ │ [ ] DB42 Berkeley DB4.2 (required if SASL also built with DB4.2) │ │
│ │ [ ] DB43 Berkeley DB4.3 (required if SASL also built with DB4.3) │ │
│ │ [X] MySQL MySQL map lookups (choose version with WITH_MYSQL_VER) │ │
│ │ [ ] PgSQL PostgreSQL map lookups (choose with DEFAULT_PGSQL_VER) │ │
│ │ [ ] OpenLDAP OpenLDAP map lookups (choose ver. with WITH_OPENLDAP_VER) │ │
│ │ [ ] NIS NIS map lookups │ │

选中SASL2的认证方式与MySQL的数据库还有TLS认证支持,因为在安装postfix时选择了SASL2,但是过会儿我们要删除掉SASL2,因为我们需要在安装SASL2的时候还需要加载一些参数。(呵呵其实先安装好SASL2也可以)

Added group "postfix".
Added group "maildrop".
Added user "postfix".
You need user "postfix" added to group "mail".
Would you like me to add it [y]? y

添加postfix组与postfix用户时选择y
修改/etc/rc.conf文件
#停止sendmail的运行脚本

sendmail_enable="NONE"
cd /usr/local/etc/rc.d
ln -s /usr/local/sbin/postfix postfix.sh

安装cyrus-sasl2

/usr/ports/security/cyrus-sasl2
因为前面在装postfix的时候己经装了所以,在这里要删掉重新安装


make deinstall
make install WITH_AUTHDAEMON=yes

安装courier-authlib %26amp; courier-imap
/usr/ports/security/courier-authlib make WITH_MYSQL=yes install │ │ [ ] GDBM Use gdbm%26amp;nbs p;instead of system bdb │ │ │ │ [ ] AUTH_LDAP LDAP support │ │ │ │ [X] AUTH_MYSQL MySQL support │ │ │ │ [ ] AUTH_PGSQL PostgreSQL support │ │ │ │ [ ] AUTH_USERDB Userdb support ; │ │ │ │ [ ] AUTH_VCHKPW Vpopmail/vchkpw support
哈哈现在发现ports真是越来越好了!!! 顺便说一下SASL2的认证方式就主要是靠courier-authlib来完成,所以比以往要省去了很多事情。
/usr/ports/mail/courier-imap make WITH_MYSQL=yes install │ │ [X] OPENSSL Build with OpenSSL support │ │ │ │ [ ] FAM Build in fam support for IDLE command │ │ │ │ %26amp;nbs p;[ ] DRAC Build in DRAC support │ │ │ │ [ ] TRASHQUOTA Include deleted mails in the quota │ │ │ │ [ ] GDBM Use gdbm db instead of system bdb │ │ │ │ [X] IPV6 Build with IPv6 support │ │ │ │ [ ] AUTH _LDAP LDAP support │ │ │ │ [X] AUTH_MYSQL MySQL support │ │ │ │ [ ] AUTH_PGSQL PostgreSQL support │ │ │ │ [ ] AUTH_USERDB Userdb support │ │ │ │ [ ] AUTH_VCHKPW Vpopmail/vchkpw support │ │ │ │ │ │
其实就是主要选择MYSQL的认证支持ports真是越作越详细真是太棒了! 当这些主要的安装程序安装好后,接下来的就是配置了!
INSTALL %26amp; SETUP POSTFIX

Step1:
导入与配置postfixadmin的数据库


cd /usr/local/www/postfixadmin
mysql -u root < DATABASE_MYSQL.TXT -p

Step2:
配置postfix


cd /usr/local/etc/postfix
mkdir -p /usr/local/mail/virtual #建立虚拟邮件帐户的目录
chown postfix:postfix /usr/local/mail/vir tual #付予虚拟邮件帐户的目录所有权者
chmod 751 /usr/local/mail/virtual #付予虚拟邮件帐户的目录权限

############################################################################################
vi main.cf #以下的为更改部份,有些参数请参照postfix手册自行设备请不要照搬照抄
myhostname = lnyk.2288.org
mydomain = lnyk.2288.org #此参数请自行设置,因为本人用的是动态域名所以这样设置
mydestination = localhost
mynetworks = 127.0.0.0/8, /usr/local/etc/postfix/mynetworks #设置为本地网络与本主机地址可以转发邮件
relay_domains = $mydestination #可以转发的域为mydestination的这个变量也就是loclahost.
alias_maps = hash:/etc/aliases #设置这个参数的主要功能是以后把发往root的邮件都转发到postmaster这个邮? 恼驶Ю铩?
recipient_delimiter = +
home_mailbox = Maildir/ #采用的是Maildir方式储存邮件帐户
smtpd_banner = $myhostname ESMTP
local_destination_concurrency_limit = 5
default_destination_concurrency_limit = 50

###########Virtual User##############
virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:125
virtual_mailbox_base = /usr/local/mail/virtual //邮件存放的位置
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf //读取数据库虚拟域
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 125
virtual_transport = virtual
virtual_uid _maps = static:125
# Additional for quota support
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota,please try again later.
virtual_overquota_bounce = yes
########use MySQL also to store your Backup MX domains add###########
#relay_domains = proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf

############################################################################################
touch mynetworks

vi mysql_virtual_alias_maps.cf
user = postfix
passw ord = postfix
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
query = SELECT goto FROM alias WHERE address='%s'

vi mysql_virtual_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = domain
select_field = description
where_field = domain
query = SELECT description FROM domain WHERE domain='%s'

vi mysql_virtual_mailbox_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = maildir
where_field = username
query = SELECT maildir FROM mailbox%26amp;n bsp;WHERE username='%s'

vi mysql_virtual_mailbox_limit_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = mailbox
select_field = quota
where_field = username
query = SELECT quota FROM mailbox WHERE username='%s'

vi mysql_relay_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = domain
select_field = domain
where_field = domain
additional_conditions = and backupmx = '1'
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '1'

Step3:
配置SASL2的认证
需要配置main.cf


##########SASL AUTH#########
smtpd_sasl_auth_e nable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client cbl.anti-spam.org.cn,
reject_rbl_client cdl.anti-spam.org.cn,
reject_rbl_client cblplus.anti-spam.org.cn,
reject_rbl_client sbl-xbl.spamhaus.org

#####################################

配置smtpd.conf认证方式


vi /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: authdaemond
log_level: 3
mech_list:%26amp;nbs p;PLAIN LOGIN
authdaemond_path:/var/run/authdaemond/socket

echo 'courier_authdaemond_enable="YES"' >> /etc/rc.conf

***注意这个权限的设置***
www# ls -la /var/run/authdaemond/
total 6
drw-r----- 2 courier courier 512 7 4 11:41 .
drwxr-xr-x 5 root wheel 512 7 4 11:41 ..
-rw-r--r-- 1 root courier 5 7 4 11:41 pid
-rw------- 1 root courier 0 7 4 11:41 pid.lock
srwxrwxrwx 1 root courier 0 7 4 11:41 socket

www# chmod +x /var/run/authdaemond
www# ls -la /var/run/authdaemond/
total 6
drwxr-x--x 2 courier courier 512 7%26amp;nb sp;4 11:41 .
drwxr-xr-x 5 root wheel 512 7 4 11:41 ..
-rw-r--r-- 1 root courier 5 7 4 11:41 pid
-rw------- 1 root courier 0 7 4 11:41 pid.lock
srwxrwxrwx 1 root courier 0 7 4 11:41 socket

Step4:
配置authmysqlrc
***注意在配置这个文件时不要有空格,用TAB来代替空格***


cd /usr/local/etc/authlib
vi authmysqlrc
MYSQL_SERVER localhost
MYSQL_USERNAME postfix
MYSQL_PASSWORD postfix
MYSQL_SOCKET /tmp/mysql.sock #为了安全起见我将采用这种方式读取mysql数据库
#MYSQL_POR T 0
MYSQL_OPT 0
MYSQL_DATABASE postfix
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD '125'
MYSQL_GID_FIELD '125'
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD '/usr/local/mail/virtual'
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD maildir
############################################################################################

Step5:
做最后的调整


echo 'courier_imap_imapd_enable="YES"' >> /etc/rc.conf
echo 'courier_imap_pop3d_enable="YES"' >> /etc/rc.conf

vi /etc/aliases
postmaster: root
root: [email protected]
www# newaliases
www# cp /etc/mail/aliases.db /etc/

启动所有进程进行测试

www# telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 lnyk.2288.org ESMTP
EHLO lnyk.2288.org
250-lnyk.2288.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME

##################TLS 认证支持SUPPORT####################
www# mkdir /usr/local/etc/postfix/ssl
www# cd /usr/local/etc/postfix/ssl/
############################################################################################
www# cp /usr/src/crypto/openssl/apps/CA.pl .
www# perl CA.pl -newca
A certificate filename (or enter to create)

Making CA certificate ...
Generating a 1024 bit RSA private key
.......................++++++
....................................................++++++
writing new private key to './demoCA/private/cakey.pem'
Enter PEM pass phrase: "密码"
Verifying - Enter PEM pass phrase: "确认密码"
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about%26amp;n bsp;to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:LN
Locality Name (eg, city) []:YingKou
Organization Name (eg, company) [Internet Widgits Pty Ltd]:postfix mail
Organizational Unit Name (eg, section) []:postfix mail
Common Name (eg, YOUR name) []:dyd
Email Address []:[email protected]
www# ls
CA .pl demoCA
www# openssl req -new -nodes -keyout mailkey.pem \
? -out mailreq.pem -days 365
Generating a 1024 bit RSA private key
..........................++++++
....++++++
writing new private key to 'mailkey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field wi ll be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:LN
Locality Name (eg, city) []:YingKou
Organization Name (eg, company) [Internet Widgits Pty Ltd]:postfix mail
Organizational Unit Name (eg, section) []:postfix mail
Common Name (eg, YOUR name) []:dyd
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: "密码不用"
An optional company name []:
www# openssl ca -out mail_signed_cert.pem -infil es mailreq.pem
Using configuration from /etc/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem: ?"密码"
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number:
ea:92:3c:86:ec:a4:11:7f
Validity
Not Before: Jul 12 10:55:26 2005 GMT
Not After : Jul 12 10:55:26 2006 GMT
Subject:
countryName = CN
stateOrProvinceName ; = LN
organizationName = postfix mail
organizationalUnitName = postfix mail
commonName = dyd
emailAddress = [email protected]
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
F5:6B:65:2F:E3:7E:A2:00:60:40:FD:A1:B1:20:2E:01:71:15:1F:E5
X509v3 Authority Key Identifier:
keyid:AE:1C:40:AA:96:D6:1A:D5:5A:6B:21:9C:E0:22:ED:25:DC:E7:18:3F
DirName:/C=CN/ST=LN/L=YingKou/O=postfix mail/OU=postfix mail/CN=dyd/[email protected]
serial:EA:92:3C:86:EC:A4:11:7E

Certificate is to be certified until Jul 12 10:55:26 2006 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

###########################################################################################
##生成pop3d.pem密钥
www# cd /usr/local/share/courier-imap
www# openssl req -new -x509 -days 365 -nodes -out /usr/local/share/courier-imap/pop3d.pem -keyout /usr/local/share/courier-imap/pop3d.pem
Generating a 1024 bit RSA private key
....++++++
..................................++++++
writing new private key to '/usr/local/share/courier-imap/pop3d.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is%26amp;n bsp;called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:LN
Locality Name (eg, city) []:YingKou
Organization Name (eg, company) [Internet Widgits Pty Ltd]:postfix mail
Organizational Unit Name (eg, section) []:postfix mail
Common Name (eg, YOUR name) []:dyd
Email Address []:[email protected]
www# ls
mkimapdcert mkpop3dcert %26amp; nbsp; pop3d.pem

//在用TLS接收邮件成功后会在日志里面看到Oct 21 19:48:46 www pop3d-ssl: LOGIN, [email protected],

www# vi /usr/local/etc/postfix/main.cf
###########postfix TLS##############
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_note_starttls_offer = yes
smtpd_tls_key_file = /usr/local/etc/postfix/ssl/mailkey.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/ssl/mail_signed_cert.pem
smtpd_tls_CAfile = /usr/local/etc/postfix/ssl/demoCA/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom


#############利用postfix与Kaspersky做为邮件认证病毒网关防护#######################
/*
本方案可以解决因为kaspersky单独做为邮件网关 时不能认证的问题,我之前的想法只是想让kaspersky支持SMTP的认证,但是看了关于kaspersky的handbook后也没有找到解决的方法(也许我看得不仔细)网上的查询结果也不尽人意,于是后来我想到了利用postfix做为认证网关(postfix只单纯的提供认证功能而不提供收发的功能)当postfix接收到邮件时postfix会首先检查邮件是否支持认证,如果不支持认证当即拒绝,如果支持认证postfix会把邮件relay到kaspersky的网关上检查是否有病毒,检查完毕来再通过kaspersky的网关forward到另一台postfix的邮件服务器上这个时候就可以解决掉因为只单独使用kaspersky网关而不能解决因为邮件认证的问题了
*/

//下面的这个示意图只是kaspersky检查邮件时的示意图
------------------------------------------------
│SMTPGW %26amp;n bsp; │
│ Receiver Sender │
│ │ /\ │
│ \│/ /│\ │mail==>
mail==> │ \/ %26amp; nbsp; │ │
│ -------------------------------- │
│ │ Scanning Module │ │
│ -------------------------------- │
│ │ /\ │ /\ %26amp;nbs p; │
│ \│//│\ \│//│\ │
│ \/ │ \/ │ │
│ Spamtest filter AVE module │
│ %26amp;nbs p; │
------------------------------------------------

www# pkg_add scmsmtpgw-freebsd5.x-5.5.83.tgz
//以下可以跟具自己的需要进行设置
Configuring settings of Kaspersky Security SMTP-Gateway for
linux/Unix.

Enter your fully qualified host name (to identify smtp-gateway
on the network): [www.dyd.com]:
lnyk.2288.org

Enter your fully qualified domain name (to identify relaying
rules and addressess of postmaster, admin and mail-daemon):
[www.dyd.com]:
lnyk.2288.org

Enter your listen interface in the following format x.x.x.x: z:
[0.0.0.0:25]:


Enter your subnet in the following format x.x.x.x or
x.x.x.x/x.x.x.x or x.x.x.x/y (to identify subnet that will mail
through smtp-gateway): [192.168.0.0/255.255.0.0]:


Enter your forward mail host in the following format x.x.x.x:z
(if you are not going to forward mail just press enter):

Installing license files.
License file (a file with .key extension) is your personal
license key. You need to install it to use the application.
To install it right now, just enter the path to the location of
your license file (enter an empty string to continue without key
file installation):
/usr/local/src/distfiles/
The license file /usr/local/src/distfiles/000AEA9B.KEY has been
installed.

Configuring KeepUp2Date proxy settings.
If you use an http proxy server to access the Internet, you need
to tell the Kaspersky Security SMTP-Gateway for Linux/Unix
KeepUp2Date component about it. Please enter the address of your
http proxy server in one of the following forms,
http://proxyIP:port or http://user:[email protected]:port. If you
don't have or need a proxy server to access the Internet, enter
'no' here:

Latest ;anti-virus bases are an essential part of your anti-virus
protection. Do you want to download the latest anti-virus bases
right now to insure your application is up to date? (If you
answer 'yes', make sure you are connected to the Internet):
[yes]:

Kaspersky KeepUp2Date 5.5.83/BETA build #83
Copyright (C) Kaspersky Lab, 1997-2005.
Portions Copyright (C) Lan Crypto
Configuration file: /etc/kav/5.5/scm-smtpgw/smtpgw.conf
Getting product configuration
Getting updater configuration
Checking product license keys
Initializing
Trying to update from 'http://downloads2.kaspersky-labs.com'
Copying update ;description file
Downloading remote file master.xml
Checking update description file integrity
Parsing update description file
Downloading remote file soft.xml
Downloading remote file kasset.xml
Downloading remote file kavset.xml
Downloading remote file kas20.xml
Copying files
Downloading remote file soft.xml
Downloading remote file kasset.xml
Downloading remote file kavset.xml
Downloading remote file updcfg.xml
Downloading remote file black.lst
Checking license keys
Downloading remote file kas20.xml
Downloading remote file avcmhk4.dll
Downloading remote file avp.klb
Downloading remote file avp.set
Downloading remote file av p.vnd
Downloading remote file avp_ext.set
Downloading remote file avp_x.set
Downloading remote file black.lst
Checking license keys
Downloading remote file ca.avc
.............
//更新病毒代码库

//修改postfix只为relay的方式
vi /etc/main.cf
relayhost = [192.168.1.100]1025 //192.168.1.100与1025端口为kaspersky的地址与端口

//***注意***不要把这台postfix做为邮件的收发服务器,只是单纯的做为转发网关即可,还要有认证的支持,否则这台邮件服务器不会先做为网关只是直接收发或转发。

//重新启动postfix进程
www# /usr/local/etc/rc.d/postfix.sh reload

//配置Kaspersky Security SMTP-Gateway
www# vi /etc/kav/5.5/scm-smtpgw/smtpgw.conf
Hostname=lnyk.2288.org
[email protected]
ProtectedDomains=lnyk.2288.org
[smtpgw.access]
RelayRule=allow fro m 192.168.1.0/255.255.255.0 to *
RelayRule=allow from any to *@lnyk.2288.org
RelayRule=deny from any to *
[smtpgw.forward]
ForwardRoute=any [localhost:25] <=postfix MTA端口
//***注意***此处不要照搬照抄,这个地址与端口是forward的postfix地址.

//启动Kaspersky Security SMTP-Gateway
www# /usr/local/etc/rc.d/scm-smtpgw.sh start
Starting spamtest licenser...
spamtest licenser was started
Starting spamtest filter...
spamtest filter was started
Starting smtpgw...
smtpgw was started
scm-smtpgw was started

//利用Outlook发送一封邮件来测试
Oct 26 14:31:23 www smtpgw[2296]: jEV9GOLm15518: AV-SCANNED, group="policy", nrcpt=1, srcid=jEV9GOLm15518, status="infected", names="Troja n-Dropper.Win32.Agent.hx"
//通过测试可以得知道己经检查出病毒