这样算是架好 sendmail了吗？

txkss

我在一台主机上用 root 给本机上的另外一个用户发了一个邮件
再注销用另外的用户帐号登录发现已经收到了这个邮件
这样算是把 sendmail 架设好了吗？

Snoopy

是的，但没认证

txkss

认证是什么意思？
我好像是昨天新安装的系统
没有设置什么关于 sendmail 的设置啊
好奇怪就这么成功了？
不会吧

Snoopy

上次不是跟你说默认很简单的了吗 ？

http://www.linuxsir.cn/forum.php?mod=viewthread&tid=103163

http://www.linuxsir.cn/forum.php?mod=viewthread&tid=55805

Snoopy

转自cu,给你参考一下吧

1. 下载 ClamAV
http://osdn.dl.sourceforge.net/s ... /clamav-0.66.tar.gz

2. 解压



代码:


cd /usr/src
tar xzvf /path/to/clamav-0.66.tar.gz
cd /usr/src/clamav-0.66



3. 修改 clamav-milter/clamav-milter.c 和clamav-milter/Makefile.in（不需要了！！！！）

4. 增加用户和组clamav



代码:


groupadd clamav
useradd -g clamav -d /dev/null clamav



5. 编译



代码:


./configure \
        --prefix=/usr \
        --sysconfdir=/etc \
         --datadir=/var/clamav \
        --enable-milter
make
make install



6. 配置 /etc/clamav.conf

直接用下面代码覆盖原文件即可



代码:


# This option allows you to save the process identifier of the listening
# daemon (main thread).
PidFile /var/run/clamd.pid

# Path to virus signature database
# Default is the hardcoded directory (mostly /usr/local/share/clamav,
DataDirectory /var/clamav

# The daemon works in local or network mode. Currently the local mode is
# recommended for security reasons.

# Path to the local socket. The daemon doesn't change the mode of the
# created file (portability reasons). You may want to create it in a directory
# which is only accessible for a user running daemon.
LocalSocket /var/clamav/clamd.sock

# Maximal number of a threads running at the same time.
# Default is 5, and it should be sufficient for a typical workstation.
# You may need to increase threads number for a server machine.
MaxThreads 200

# Maximal depth the directories are scanned at.
MaxDirectoryRecursion 15

# Run as selected user (clamd must be started by root).
# By default it doesn't drop priviledges.
User clamav

##
## Archive support
##

# Comment this line to disable scanning of the archives.
ScanArchive

# Options below protect your system against Denial of Service attacks
# with archive bombs.

# Files in archives larger than this limit won't be scanned.
# Value of 0 disables the limit.
# WARNING: Due to the unrarlib implementation, whole files (one by one) in RAR
#? ?? ?archives are decompressed to the memory. That's why never disable
#? ?? ?this limit (but you may increase it of course!)
ArchiveMaxFileSize 10M

# Archives are scanned recursively - e.g. if Zip archive contains RAR file,
# the RAR file will be decompressed, too (but only if recursion limit is set
# at least to 1). With this option you may set the recursion level.
# Value of 0 disables the limit.
ArchiveMaxRecursion 5

# Number of files to be scanned within archive.
# Value of 0 disables the limit.
ArchiveMaxFiles 1000

# clamav-milter, need clamd.sock above
ScanMail
StreamSaveToDisk



7. 建立目录



代码:


mkdir /var/clamav
chown clamav:clamav /var/clamav



8.下载病毒资料库

a.拷贝升级地址列表



代码:


cp /usr/src/clamav-0.65/database/mirrors.txt /var/clamav



b.下载数据



代码:


/usr/bin/freshclam --quiet --stdout --datadir /var/clamav --log /var/clamav/clamav.log



9. 测试


代码:


cd /usr/src/clamav-0.65/test
clamscan test1



你应该看到如下提示（Known viruses后的数量不一样是正常的）：



代码:


root@server: test> clamscan test1

1. test1: ClamAV-Test-Signature FOUND
3. ----------- SCAN SUMMARY -----------
4. Known viruses: 7846
5. Scanned directories: 0
6. Scanned files: 1
7. Infected files: 1
8. Data scanned: 0.00 Mb
9. I/O buffer size: 131072 bytes
10. Time: 0.598 sec (0 m 0 s)

复制代码

10. 启动clamav




代码:


clamd
clamav-milter -blo /var/clamav/clmilter.sock




11. 设置 sendmail.mc 文件

只需要增加如下代码：



代码:


dnl ## milter clamav
INPUT_MAIL_FILTER(`clmilter',`S=local:/var/clamav/clmilter.sock, F=, T=S:4m;R:4m')dnl
define(`confINPUT_MAIL_FILTERS', `clmilter')



13.重新启动sendmail



代码:


service sendmail restart



12.测试发送带有测试用病毒邮件



代码:


cd /usr/src/clamav-0.65/test
cat test1 | mail root -s "Testing"


发送这份邮件后你会在sendmail的Log（一般在/var/log/maillog）中看见如下提示：

Nov 15 09:37:34 server sendmail[5610]: hAF1bY52005610:
from=, size=547, class=0, nrcpts=3,
msgid=<200311150137.hAF1bYjl005609@domain.server.com>, proto=ESMTP,
daemon=MTA, relay=localhost [127.0.0.1]
Nov 15 09:37:34 server sendmail[5610]: hAF1bY52005610: Milter add:
header: X-Virus-Scanned: clamdscan / ClamAV version 0.65
Nov 15 09:37:34 server sendmail[5609]: hAF1bYjl005609:
to=<0root@server.domain.com>,postmaster,,
ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00,
mailer=relay, pri=90265, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0,
stat=Sent (hAF1bY52005610 Message accepted for delivery)
Nov 15 09:37:34 server sendmail[5606]: hAF1bY52005606: Milter:
data, reject=550 5.7.1 Virus detected by ClamAV - http://clamav.elektrapro.com
Nov 15 09:37:34 server sendmail[5606]: hAF1bY52005606:
to=, delay=00:00:00, pri=30379, stat=Virus
detected by ClamAV - http://clamav.elektrapro.com

红色这份显示检测到病毒了，系统不会接受这份邮件了!打开root信箱可以看见如下信息:



代码:


A message you sent to
        <0root@server.domain.com>
contained a virus and has not been delivered.
        stream: ClamAV-Test-Signature FOUND



说明有人往root信箱送病毒被ClamAV过滤了！