Teach you to build anti-spam systems

Source: Internet
Author: User
Keywords Anti-spam
One, the mail system installs 1, the package installs Postfix+courier-imap+cyrus-sasl+pam_mysql+mysql this kind of installation method is simple and easy, installs under the Debian more convenient: # apt Install Courier-pop postfix-mysql postfix-tls courier-authdaemon\courier-authmysql libpam-mysql libsasl7 Libsasl-modules-plain Courier-imap If your system does not have MySQL itself, add mysql-server to the list above. Apt in installs the process to have the simple prompt, requests fills in the system domain name and so on information. 2, postfix Configuration modification main.cf: add: Home_mailbox = maildir/tell postfix use Maildir method mydestination = $myhostname, $transport _ Maps tells Postfix to send messages $myhostname (native) and $transport_maps (the domain name in the by table). Alias_maps = Mysql:/etc/postfix/mysql-aliases.cfrelocated_maps = Mysql:/etc/postfix/mysql-relocated.cftransport_ Maps = Mysql:/etc/postfix/mysql-transport.cfvirtual_maps = Mysql:/etc/postfix/mysql-virtual.cf tells Postfix where to look for these tables. Local_recipient_maps = Several methods $alias _maps $virtual _mailbox_maps Unix:passwd.bynamepostfix passed to local recipients. Virtual_mailbox_base =/home/vmailvirtual_mailbox_maps = Mysql:/etc/postfix/mysql-virtual-maps.cfvirtual_uid_maps = Mysql:/etc/postfix/mysql-virtual-uid.cfvirtual_gid_maps = mysql:/etc/postfix/mySQL-VIRTUAL-GID.CF Virtual user information. broken_sasl_auth_clients = yessmtpd_sasl_auth_enable = Yessmtpd_sasl_security_options = noanonymous Enable SASL, you must verify to send a letter. Smtpd_recipient_restrictions = Permit_mynetworks,permit_sasl_authenticated,reject_unknown_recipient_domain, Reject_non_fqdn_recipient,check_relay_domains Letter limit. You can also add some additional parameters: Disable_vrfy_command = yes to turn off the Vrfy function. 3, with the combination of MySQL configuration and data table structure Note: Configure MySQL related part to write 127.0.0.1 rather than write localhost, if you use Localhost,postfix will try socket connection. There seems to be a problem with the socket connection for Debian postfix. MySQL cannot use the skip-networking option to use--bind-address=127.0.0.1 to let it listen in 127.0.0.1. (Thanks Martin List-petersen for pointing) and note that if you compile MySQL, it is recommended that you add--socket=/var/run/mysqld/at startup Mysqld.sock parameter, because pam-mysql also need to use this socket. If your apache+php is compiled by yourself, PHP needs to be recompiled, and you need to add--with-mysql-sock=/var/run/mysqld/mysqld.sock parameters to the configuration. Is it more annoying? It's just the beginning. MySQL datasheet: CREATE TABLE alias (id int (one) unsigned NOT null Auto_increment,alias varchar (128) NOT null default ', Destinati On varchar (128) Not NULL default ', PRIMARY KEY (ID)) Type=myisam; CREATE TABLE relocated (id int (one) unsigned not NULL Auto_increment,email varchar (128) NOT NULL default ", Destination varchar (128) NOT NULL default", PRIMARY KEY (ID)) Type=myisam; CREATE TABLE by (id int (one) unsigned NOT null Auto_increment,domain varchar (128) NOT null default ', Destination VA Rchar (128) Not NULL default ', PRIMARY key (ID), UNIQUE key domain (domain) Type=myisam; CREATE TABLE users (id int (one) unsigned NOT null Auto_increment,email varchar (128) NOT null default ', clear varchar (128) Not null default ', name Tinytext not null,uid int (one) unsigned NOT null default ' 1011 ', gid Int (one) unsigned NOT null DEFA Ult ' 1011 ', Homedir tinytext not null,maildir tinytext not Null,quota tinytext not null,postfix enum (' Y ', ' N ') not NULL DEFA Ult ' Y ', PRIMARY key (ID), UNIQUE key Email (email) Type=myisam; CREATE TABLE virtual (id int (one) unsigned NOT null Auto_increment,email varchar (128) NOT null default ', Destination Varch AR (128) Not NULL default ', PRIMARY KEY (ID)) Type=myisam;/etc/postfix directory of MySQL profiles: Mysql-aliases.cfuser = Mysql-postfix-userpassword = Mysql-postfix-passdbname = postfixtable = Aliasselect_field = Destinationwhere_field = Ali ashosts = 127.0.0.1mysql-relocated.cfuser = Mysql-postfix-userpassword = Mysql-postfix-passdbname = Postfixtable = Relocatedselect_field = Destinationwhere_field = emailhosts = 127.0.0.1mysql-transport.cfuser = Mysql-postfix-userpassword = Mysql-postfix-passdbname = postfixtable = Transportselect_field = Destinationwhere_field = Domainhosts = 127.0.0.1 TLS support by modifying the/USR/LIB/SSL/MISC/CA.PLL script implementation, the following modified ca1.pl vs. unmodified ca.pl: * * ca.pl---ca1.pl******** 59,69 * * ELSIF (/^-newcert$/) {# Create a certificate! system ("$REQ-new-x509-keyout newreq.pem-out Eq.pem $DAYS "); $RET =$? Print "certificate (and private key) is in Newreq.pem\n"} elsif (/^-newreq$/) {# Create a Certificate request! system ("$R Eq-new-keyout newreq.pem-out Newreq.pem $DAYS "); $RET =$? Print "Request (and private key) is in newreq.pem\n";} elsif (/^-newca$/) {---59,69----} elsif (/^-newcert$/) {# Create a certificate! system ("$REQ-new-x509-nodes-keyout newreq.pem-out newreq.pem $DAYS"); $RET =$?; Print "certificate (and private key) is in Newreq.pem\n"} elsif (/^-newreq$/) {# Create a Certificate request! system ("$R Eq-new-nodes-keyout newreq.pem-out Newreq.pem $DAYS "); $RET =$? Print "Request (and private key) is in newreq.pem\n";} elsif (/^-newca$/) {You can now use the modified ca1.pl to issue the certificate: # cd/usr/local/ssl/misc#./ca1.pl-newca#./ca1.pl-newreq# CP democa/cacert.pem/etc/postfix/cacert.pem# CP newcert.pem/etc/postfix/cert.pem# CP newreq.pem/etc/postfix/ Key.pem Modify MAIN.CF, add: smtpd_tls_cert_file =/etc/postfix/cert.pemsmtpd_tls_key_file =/etc/postfix/privkey.pemsmtpd_ Use_tls = Yestls_random_source = Dev:/dev/urandomtls_daemon_random_source = dev:/dev/ Urandom postfix can be seen 250-starttls many mail clients support TLS is not very good, it is recommended to use Stunnel to implement the appropriate SMTP and POP3 encryption. # Apt Install Stunnel certificate: # OpenSSL Req-new-x509-days 365-nodes-config/etc/ssl/openssl.cnf-out T Stunnel.pem# OpenSSL gendh >> STUNNEL.PEM server: # stunnel-d 60025-r 25-s nobody-g nogroup# stunnel-d 60110-r Nobody-g Nogroup If you use parameters such as-n POP3, you can only use the mail client to receive the message. Client: Build a stunnel.conf file: client = yes[pop3]accept = 127.0.0.1:110connect = 192.168.7.144:60110[smtp]accept = 127.0.0.1:25connect = 192.168.7.144:60025 then start Stunnel.exe, in the mail client's SMTP and POP3 servers are filled 127.0.0.1 can be, so from your email server side of the data transmission let Stunnel to you encrypted. 4. Test User # Mkdir-p/home/vmail/test.org/san/# chown-r nobody.nogroup/home/vmail# chmod-r Use pos Tfixmysql> insert into by set domain= ' test.org ', destination= ' virtual: ';mysql> insert into users set email= ' San@test.org ', clear= ' test ', name= ', uid= ' 65534 ', gid= ' 65534 ', homedir= ' home/vmail ', maildir= ' test.org/san/'; Then you can use the client to send and receive mail, remember the username is an email address. Mysql-virtual.cfuser = Mysql-postfix-userpassword = Mysql-postfix-passdbname = postfixtable = Virtualselect_field = Destinationwhere_field = emailhosts = 127.0.0.1mysql-virtual-maps.cfuser = Mysql-postfix-userpassword = Mysql-poStfix-passdbname = postfixtable = Usersselect_field = Maildirwhere_field = Emailadditional_conditions = and postfix = ' y ' H OSTs = 127.0.0.1mysql-virtual-uid.cfuser = Mysql-postfix-userpassword = Mysql-postfix-passdbname = Postfixtable = Usersselect_field = Uidwhere_field = Emailadditional_conditions = and postfix = ' y ' hosts = 127.0.0.1MYSQL-VIRTUAL-GID.CFU Ser = Mysql-postfix-userpassword = Mysql-postfix-passdbname = postfixtable = Usersselect_field = Gidwhere_field = Emailadd Itional_conditions = and postfix = ' y ' hosts = 127.0.0.1 Modify Courier Related Settings,/etc/courier/imapd:authmodules= "Authdaemon" Imap_ capability= "IMAP4rev1 CHILDREN NAMESPACE thread=orderedsubjectthread=references SORT auth=cram-md5 auth=cram-sha1 IDLE "Modify/etc/courier/pop3dauthmodules=" Authdaemon "pop3auth=" LOGIN cram-md5 cram-sha1 "Modify/etc/courier/ authdaemonrcauthmodulelist= "Authmysql authpam" uses MySQL validation and Pam validation. Modify/etc/courier/authmysqlrcmysql_server 127.0.0.1mysql_username Mysql-postfix-usermysql_password Mysql-postfix-pass#mysql_socket/Var/run/mysql/mysql.sockmysql_port 0mysql_opt 0mysql_database postfixmysql_user_table UsersMYSQL_LOGIN_FIELD Emailmysql_clear_pwfield Clearmysql_uid_field Uidmysql_gid_field Gidmysql_home_field HomedirMYSQL_MAILDIR_FIELD MAILDIRSASL Library Create/etc/postfix/sasl/smtpd.conf:pwcheck_method:pampam-mysql create/etc/pam.d/smtp:auth optional PAM_ mysql.so host=localhost db=postfix user=mysql-postfix-user passwd=mysql-postfix-pass table=usersusercolumn=email Passwdcolumn=clear Crypt=naccount required pam_mysql.so host=localhost db=postfix user=mysql-postfix-user passwd= Mysql-postfix-pass usercolumn=email passwdcolumn=clear crypt=n Editor Zhao Zhaoyi#51cto.com TEL: (010) 68476636-8001 to force (0 votes) Tempted (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title of the party (0 votes) passed by (0 votes) Text: teach you to build anti-spam system back to the column Recycle Bin Home
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.