1. Components
Operating system centos5.4
Postfix:mta
CLAMD: Anti-Virus engine
SpamAssassin: Anti-spam
Amavisd-new: Middleware between the Mail proxy Server (MTA) and antivirus software
Fail2ban: Preventing mailbox Brute Force cracking
2. Working principle
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/59/E0/wKioL1TukjbQ14n5AAC9vajd2qY593.jpg "title=" principle. jpg "alt=" Wkiol1tukjbq14n5aac9vajd2qy593.jpg "/>
Step one: Postfix receive mail (MTA)
postfix, through the port, accept all mail
Step two: Mail to amavisd-new
Amavisd-new is responsible for calling CLAMD to virus scan the message, responsible for calling SpamAssassin to filter the contents of the message, amavisd-new through the 10025 port back to Postfix
Step three: Mail back to postfx
Fourth step:postfix is passed to exchange
3. installation process
Stop the SendMail service to prevent 25 port occupancy
(1) Set CDROM source and Epel source, this step omitted
(2) Yum installed postfix,fail2ban
# yum–y Installfail2ban
# Servic Fail2ban Start
# yum–y Install Postfix
(3) Yum installation install virus filtering component CLAMD
#groupadd ClamAV
#useradd-G clamav-s/sbin/nologin-m ClamAV
#groupadd Amavis
#useradd-G amavis-s/sbin/nologin-m Amavis
#yum Install CLAMD
#vim/etc/clamd.conf
Modify
User Amavis
#chown-R Amavis.amavis/var/log/clamav
#chown-R Amavis.amavis/var/run/clamav
#service CLAMD Start
# vim/etc/freshclam.conf
Modify
Databaseowneramavis
#chown-R Amavis.amavis/var/lib/clamav
#freshclam
(4) Yum installs anti-spam SpamAssassin
#yum Install SpamAssassin
#vim/ETC/MAIL/SPAMASSASSIN/LOCAL.CF
####### #new ###################
required_score5.0
Rewrite_headersubject ****spam****
Report_safe 1
Use_bayes 1
Bayes_auto_learn 1
Skip_rbl_checks 1
Use_razor2 0
Use_pyzor 0
Ok_locales All
#service SpamAssassin Start
(5) Yum installation amavisd-new
#yum Install Amavisd-new
#gpasswd-a ClamAV Amavis
#usermod-G Amavis ClamAV
#chown AMAVIS.AMAVIS/VAR/SPOOL/AMAVISD
#chown amavis.amavis/var/spool/amavisd/tmp
#chmod 750/var/spool/amavisd/tmp
#vim/etc/amavisd/amavisd.conf
Modify
$daemon _user = ' Amavis ';
$daemon _group= ' Amavis '; groups and accounts are created automatically #yum installation
$mydomain = ' example.com '; # mail domains for Exchange or other messaging systems
$myhostname = ' mail.example.com '; # Exchange Domain
$virus _admin = "postmaster\@ $mydomain";
$mailfrom _notify_admin = "postmaster\@ $mydomain";
$mailfrom _notify_recip = "postmaster\@ $mydomain";
$mailfrom _notify_spamadmin= "postmaster\@ $mydomain";
virus_admin_maps=> ["postmaster\@ $mydomain"], (Specify the identity of the user who sent the system mail when the virus and spam are reported)
Spam_admin_maps = ["postmaster\@ $mydomain"],
####### #NEW ##########
[' Clamav-clamd ',
\&ask_daemon, ["Contscan {}\n", "/var/run/clamav/clamd.sock"],
qr/\bok$/m, qr/\bfound$/m,
Qr/^.*?: (?! Infected Archive) (. *) found$/m],
#service AMAVISD Start
(6) Postfix associated clam, SpamAssassin and amavisd-new
# VIM/ETC/POSTFIX/MASTER.CF
########## #add #############
Amavisfeed Unix--n-2 SMTP
-osmtp_data-done_timeout=1200
-odisable_dns_lookup=yes
127.0.0.1:10025 inet n-n--SMTPD
-ocontent_filter=
-olocal_recipient_maps=
-orelay_recipient_maps=
-osmtpd_restriction_classes=
-osmtpd_client_restrictions=
-osmtpd_helo_restrictions=
-osmtpd_sender_restrictions=
-osmtpd_recipient_restrictions=permit_mynetworks,reject
-omynetworks=127.0.0.0/8
-ostrict_rfc821_envelopes=yes
# VIM/ETC/POSTFIX/MAIN.CF
Smtpd_client_restrictions =
Reject_rbl_client rbl.anti-spam.cn
Content_filter = amavisfeed:[127.0.0.1]:10024
receive_override_options= no_address_mappings
# service Postfix Start
# NETSTAT-NLTP
Activeinternet connections (only servers)
Protorecv-q send-q Local Address Foreign address State Pid/program Name
TCP 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 20719/master
TCP 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 20540/amavisd (mast
TCP 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 20719/master
TCP 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 6243/clamd
TCP 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 19863/spamd.pid
# Chkconfig CLAMD on
# Chkconfig SpamAssassin on
# Chkconfig AMAVISD on
# chkconfig Postfix on
# Chkconfig Fail2ban on
4. Mail Gateway Settings
# VIM/ETC/POSTFIX/MAIN.CF
Relay_domains = test.com
# Vim/etc/postfix/transport
test.com relay:[192.168.0.1]
# Postmap/etc/postfix/transport
# service Postfix Reload
5.exchange does not need to make any modifications, including DNS MX records, because it is only over-the-grid request.
5. Firewall publishing, omitting
Summary: This article borrowed a lot of things on the internet to be completed, thank you very much. Test results are good, for everyone's reference.
Postfix Mail Gateway Agent Outlook