科技时代新浪首页 > 科技时代 > 滚动新闻 > 正文

反病毒和反垃圾邮件系统的搭建二


http://www.sina.com.cn 2006年12月11日 15:03 ChinaByte

  TLS支持

  通过修改/usr/lib/ssl/misc/CA.pll脚本实现,以下修改后CA1.pl和未修改CA.pl之间的对比:

  *** CA.pl

  --- CA1.pl

  ***************

  *** 59,69 ****

  } elsif (/^-newcert$/) {

  # create a certificate

  ! system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");

  $RET=$?;

  print "Certificate (and private key) is in newreq.pem\n"

  } elsif (/^-newreq$/) {

  # create a certificate request

  ! system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");

  $RET=$?;

  print "Request (and private key) is in newreq.pem\n";

  } elsif (/^-newca$/) {

  --- 59,69 ----

  } elsif (/^-newcert$/) {

  # create a certificate

  ! system ("$REQ -new -x509 -nodes -keyout newreq.pem -out newreq.pem $DAYS");

  $RET=$?;

  print "Certificate (and private key) is in newreq.pem\n"

  } elsif (/^-newreq$/) {

  # create a certificate request

  ! system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");

  $RET=$?;

  print "Request (and private key) is in newreq.pem\n";

  } elsif (/^-newca$/) {

  现在就可以使用修改的CA1.pl来签发证书:

  # cd /usr/local/ssl/misc

  # ./CA1.pl -newca

  # ./CA1.pl -newreq

  # ./CA1.pl -sign

  # cp demoCA/cacert.pem /etc/postfix/CAcert.pem

  # cp newcert.pem /etc/postfix/cert.pem

  # cp newreq.pem /etc/postfix/key.pem

  修改main.cf,添加:

  smtpd_tls_cert_file = /etc/postfix/cert.pem

  smtpd_tls_key_file = /etc/postfix/privkey.pem

  smtpd_use_tls = yes

  tls_random_source = dev:/dev/urandom

  tls_daemon_random_source = dev:/dev/urandom

  重起postfix后就可以看到250-STARTTLS

  很多邮件客户端对TLS的支持并不是非常好,建议使用stunnel来实现相应的smtp和pop3加密。

  # apt-get install stunnel

  证书:

  # openssl req -new -x509 -days 365 -nodes -config /etc/ssl/openssl.cnf -out stunnel.pem -keyout stunnel.pem

  # openssl gendh 512 >> stunnel.pem

  服务端:

  # stunnel -d 60025 -r 25 -s nobody -g nogroup

  # stunnel -d 60110 -r 110 -s nobody -g nogroup

  如果使用-n pop3等参数就只能用邮件客户端收信。

  客户端:

  建一个stunnel.conf文件:

  client = yes

  [pop3]

  accept = 127.0.0.1:110

  connect = 192.168.7.144:60110

  [smtp]

  accept = 127.0.0.1:25

  connect = 192.168.7.144:60025

  然后启动stunnel.exe,在邮件客户端的smtp和pop3的服务器都填127.0.0.1就可以了,这样从你到邮件服务器端的数据传输就让stunnel给你加密了。

  5、测试用户

  # mkdir -p /home/vmail/test.org/san/

  # chown -R nobody.nogroup /home/vmail

  # chmod -R 700 /home/vmail

  mysql> use postfix

  mysql> insert into transport set domain='test.org', destination='

  virtual:';

  mysql> insert into users set email='san@test.org',clear='test',name='',uid='65534',gid='65534',

  homedir='home/vmail',maildir='test.org/san/';

  然后就可以使用客户端收发邮件,记得用户名是email地址。

  mysql-virtual.cf

  user = mysql-postfix-user

  password = mysql-postfix-pass

  dbname = postfix

  table = virtual

  select_field = destination

  where_field = email

  hosts = 127.0.0.1

  mysql-virtual-maps.cf

  user = mysql-postfix-user

  password = mysql-postfix-pass

  dbname = postfix

  table = users

  select_field = maildir

  where_field = email

  additional_conditions = and postfix = 'y'

  hosts = 127.0.0.1

  mysql-virtual-uid.cf

  user = mysql-postfix-user

  password = mysql-postfix-pass

  dbname = postfix

  table = users

  select_field = uid

  where_field = email

  additional_conditions = and postfix = 'y'

  hosts = 127.0.0.1

  mysql-virtual-gid.cf

  user = mysql-postfix-user

  password = mysql-postfix-pass

  dbname = postfix

  table = users

  select_field = gid

  where_field = email

  additional_conditions = and postfix = 'y'

  hosts = 127.0.0.1

  修改Courier相关设置,/etc/courier/imapd:

  AUTHMODULES="authdaemon"

  IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT

  THREAD=REFERENCES SORT AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE"

  修改/etc/courier/pop3d

  AUTHMODULES="authdaemon"

  POP3AUTH="LOGIN CRAM-MD5 CRAM-SHA1"

  修改/etc/courier/authdaemonrc

  authmodulelist="authmysql authpam"

  使用mysql验证和pam验证。

  修改/etc/courier/authmysqlrc

  MYSQL_SERVER 127.0.0.1

  MYSQL_USERNAME mysql-postfix-user

  MYSQL_PASSWORD mysql-postfix-pass

  #MYSQL_SOCKET /var/run/mysql/mysql.sock

  MYSQL_PORT 0

  MYSQL_OPT 0

  MYSQL_DATABASE postfix

  MYSQL_USER_TABLE users

  MYSQL_LOGIN_FIELD email

  MYSQL_CLEAR_PWFIELD clear

  MYSQL_UID_FIELD uid

  MYSQL_GID_FIELD gid

  MYSQL_HOME_FIELD homedir

  MYSQL_MAILDIR_FIELD maildir

  SASL library

  创建/etc/postfix/sasl/smtpd.conf:

  pwcheck_method: PAM

  PAM-MySQL

  创建/etc/pam.d/smtp:

  auth optional pam_mysql.so host=localhost db=postfix user=

  mysql-postfix-user passwd=mysql-postfix-pass table=users

  usercolumn=email passwdcolumn=clear crypt=n

  account required pam_mysql.so host=localhost db=postfix user=mysql-postfix-user passwd=mysql-postfix-pass usercolumn=email passwdcolumn=clear crypt=n

爱问(iAsk.com)



论坛】【收藏此页】【 】【多种方式看新闻】【下载点点通】【打印】【关闭




科技时代意见反馈留言板 电话:010-82628888-5595   欢迎批评指正

新浪简介 | About Sina | 广告服务 | 联系我们 | 招聘信息 | 网站律师 | SINA English | 会员注册 | 产品答疑

Copyright © 1996 - 2006 SINA Inc. All Rights Reserved

新浪公司 版权所有