1.通过"CentOS4.4下邮件服务器架设笔记之邮件网关功能实现"这一篇文章,我们已经实现了邮件网关功能,但是对于microsoft ad 平台下exchange邮件系统用户来说,外部用户发信到邮件网关,邮件网关找不到用户认证相关信息只会拒绝掉,所以需要能与AD里面的用户进行整合;
图5
}
[root@mailgate ~]# getent passwd | awk -f trinet.awk
[root@mailgate ~]# getent passwd
[root@mailgate ~]# cd /home
[root@mailgate ~]# mkdir TRIUMPH
[root@mailgate ~]#chown -R postfix TRIUMPH
[root@mailgate ~]# chmod 777 TRIUMPH
FromOrTo: [email]a@test.com[/email] yes forward /var/spool/MailScanner/archive/a_user_backup.mbx /var/spool/MailScanner/archive/a_user_backup.mbx [email]b@toping.net[/email] [email]scyz2@163.com[/email]
FromOrTo: [email]a@test.com[/email] yes forward /var/spool/MailScanner/archive/ [email]b@test.com[/email] [email]dreamflying2006@163.com[/email] /var/spool/MailScanner/archive/a_user_backup.mbx
2.对于通过LDAP方式去查询MS平台的AD用户信息,我没有成功!这个我没有做成功,在此不表;
我的做法:
使用Winbind 先将Linux 加入Windows 域环境,Winbind 是Samba 组件,Winbind 通过samba 接口与Windows 域联系,并提供PAM 接口,这样可以让其他应用程序来调用Winbind 。我们设定 Linux 服务器的 nss 配置,可以让系统通过 Winbind 程序来解析用户信息。总的来讲验证过程如下:
postfix和dovecot把帐号交给saslauthd,saslauthd把账号交给pam,pam通过winbind联系AD
3.具体实现如下:
a.测试环境介绍如下:
邮件网关的名称:mxgate.trinet.com.cn 其IP地址:10.6.6.222
邮件服务器的名称:mailserver
域的名称:triumph
域的IP地址:10.0.0.11
完整的FQDN:trinet.com.cn
b.安装samba组件,因为winbind在centos系统下,他包含在samba-common包中
[root@mailgate etc]# yum install -y samba-common samba
Setting up Install Process
Setting up repositories
dag 100% |=========================| 1.1 kB 00:00
update 100% |=========================| 951 B 00:00
base 100% |=========================| 1.1 kB 00:00
addons 100% |=========================| 951 B 00:00
extras 100% |=========================| 1.1 kB 00:00
Reading repository metadata in from local files
--> Running transaction check
Setting up Install Process
Setting up repositories
dag 100% |=========================| 1.1 kB 00:00
update 100% |=========================| 951 B 00:00
base 100% |=========================| 1.1 kB 00:00
addons 100% |=========================| 951 B 00:00
extras 100% |=========================| 1.1 kB 00:00
Reading repository metadata in from local files
--> Running transaction check
Dependencies Resolved
=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
samba i386 3.0.10-1.4E.12.2 update 13 M
samba-common i386 3.0.10-1.4E.12.2 update 5.0 M
Package Arch Version Repository Size
=============================================================================
Installing:
samba i386 3.0.10-1.4E.12.2 update 13 M
samba-common i386 3.0.10-1.4E.12.2 update 5.0 M
Transaction Summary
=============================================================================
Install 2 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 18 M
Downloading Packages:
(1/2): samba-common-3.0.1 100% |=========================| 5.0 MB 02:43
(2/2): samba-3.0.10-1.4E. 100% |=========================| 13 MB 07:38
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: samba-common ######################### [1/2]
Installing: samba ######################### [2/2]
=============================================================================
Install 2 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 18 M
Downloading Packages:
(1/2): samba-common-3.0.1 100% |=========================| 5.0 MB 02:43
(2/2): samba-3.0.10-1.4E. 100% |=========================| 13 MB 07:38
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: samba-common ######################### [1/2]
Installing: samba ######################### [2/2]
Installed: samba.i386 0:3.0.10-1.4E.12.2 samba-common.i386 0:3.0.10-1.4E.12.2
Complete!
[root@mailgate etc]#
Complete!
[root@mailgate etc]#
c.安装krb5-server包;
[root@mailgate etc]# yum install -y krb5-server
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for krb5-server to pack into transaction set.
krb5-server-1.3.4-49.i386 100% |=========================| 36 kB 00:02
---> Package krb5-server.i386 0:1.3.4-49 set to be updated
--> Running transaction check
--> Processing Dependency: krb5-libs = 1.3.4-49 for package: krb5-server
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for krb5-libs to pack into transaction set.
krb5-libs-1.3.4-49.i386.r 100% |=========================| 31 kB 00:01
---> Package krb5-libs.i386 0:1.3.4-49 set to be updated
--> Running transaction check
--> Processing Dependency: krb5-libs = 1.3.4-33 for package: krb5-devel
--> Processing Dependency: krb5-libs = 1.3.4-33 for package: krb5-workstation
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for krb5-devel to pack into transaction set.
krb5-devel-1.3.4-49.i386. 100% |=========================| 38 kB 00:01
---> Package krb5-devel.i386 0:1.3.4-49 set to be updated
---> Downloading header for krb5-workstation to pack into transaction set.
krb5-workstation-1.3.4-49 100% |=========================| 39 kB 00:01
---> Package krb5-workstation.i386 0:1.3.4-49 set to be updated
--> Running transaction check
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for krb5-server to pack into transaction set.
krb5-server-1.3.4-49.i386 100% |=========================| 36 kB 00:02
---> Package krb5-server.i386 0:1.3.4-49 set to be updated
--> Running transaction check
--> Processing Dependency: krb5-libs = 1.3.4-49 for package: krb5-server
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for krb5-libs to pack into transaction set.
krb5-libs-1.3.4-49.i386.r 100% |=========================| 31 kB 00:01
---> Package krb5-libs.i386 0:1.3.4-49 set to be updated
--> Running transaction check
--> Processing Dependency: krb5-libs = 1.3.4-33 for package: krb5-devel
--> Processing Dependency: krb5-libs = 1.3.4-33 for package: krb5-workstation
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for krb5-devel to pack into transaction set.
krb5-devel-1.3.4-49.i386. 100% |=========================| 38 kB 00:01
---> Package krb5-devel.i386 0:1.3.4-49 set to be updated
---> Downloading header for krb5-workstation to pack into transaction set.
krb5-workstation-1.3.4-49 100% |=========================| 39 kB 00:01
---> Package krb5-workstation.i386 0:1.3.4-49 set to be updated
--> Running transaction check
Dependencies Resolved
=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
krb5-server i386 1.3.4-49 update 774 k
Updating for dependencies:
krb5-devel i386 1.3.4-49 update 822 k
krb5-libs i386 1.3.4-49 update 482 k
krb5-workstation i386 1.3.4-49 update 815 k
Package Arch Version Repository Size
=============================================================================
Installing:
krb5-server i386 1.3.4-49 update 774 k
Updating for dependencies:
krb5-devel i386 1.3.4-49 update 822 k
krb5-libs i386 1.3.4-49 update 482 k
krb5-workstation i386 1.3.4-49 update 815 k
Transaction Summary
=============================================================================
Install 1 Package(s)
Update 3 Package(s)
Remove 0 Package(s)
Total download size: 2.8 M
Downloading Packages:
(1/4): krb5-devel-1.3.4-4 100% |=========================| 822 kB 00:36
(2/4): krb5-libs-1.3.4-49 100% |=========================| 482 kB 00:24
(3/4): krb5-workstation-1 100% |=========================| 815 kB 00:31
(4/4): krb5-server-1.3.4- 100% |=========================| 774 kB 00:34
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : krb5-libs ######################### [1/7]
Updating : krb5-devel ######################### [2/7]
Updating : krb5-workstation ######################### [3/7]
Installing: krb5-server ######################### [4/7]
Cleanup : krb5-devel ######################### [5/7]
Cleanup : krb5-libs ######################### [6/7]
Cleanup : krb5-workstation ######################### [7/7]
=============================================================================
Install 1 Package(s)
Update 3 Package(s)
Remove 0 Package(s)
Total download size: 2.8 M
Downloading Packages:
(1/4): krb5-devel-1.3.4-4 100% |=========================| 822 kB 00:36
(2/4): krb5-libs-1.3.4-49 100% |=========================| 482 kB 00:24
(3/4): krb5-workstation-1 100% |=========================| 815 kB 00:31
(4/4): krb5-server-1.3.4- 100% |=========================| 774 kB 00:34
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : krb5-libs ######################### [1/7]
Updating : krb5-devel ######################### [2/7]
Updating : krb5-workstation ######################### [3/7]
Installing: krb5-server ######################### [4/7]
Cleanup : krb5-devel ######################### [5/7]
Cleanup : krb5-libs ######################### [6/7]
Cleanup : krb5-workstation ######################### [7/7]
Installed: krb5-server.i386 0:1.3.4-49
Dependency Updated: krb5-devel.i386 0:1.3.4-49 krb5-libs.i386 0:1.3.4-49 krb5-workstation.i386 0:1.3.4-49
Complete!
[root@mailgate etc]#
Dependency Updated: krb5-devel.i386 0:1.3.4-49 krb5-libs.i386 0:1.3.4-49 krb5-workstation.i386 0:1.3.4-49
Complete!
[root@mailgate etc]#
d.启动相关服务并修改为自动启动;
[root@mailgate ~]# service smb start
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
[root@mailgate ~]# service winbind start
Starting Winbind services: [ OK ]
[root@mailgate ~]# chkconfig winbind on
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
[root@mailgate ~]# service winbind start
Starting Winbind services: [ OK ]
[root@mailgate ~]# chkconfig winbind on
e.修改smb.conf
[root@mailgate etc]# vi /etc/samba/smb.conf
将workgroup = MYGROUP
改为:workgroup = TRIUMPH
增加:realm = TRIUMPH
将security = user
改为:security = ads
将 ; password server = <NT-Server-Name>
改为: password server = mailserver.triumph (注:可以写域控制器的IP地址)
将: ; encrypt passwords = yes
改为: encrypt passwords = yes
找到下面位置修改如下面:
#============================ Share Definitions ==============================
password server = 10.0.0.11
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /sbin/nologin
winbind use default domain = yes
realm = TRIUMPH
并在最后增加:
password server = 10.0.0.11
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /sbin/nologin
winbind use default domain = yes
realm = TRIUMPH
并在最后增加:
#add
template homedir = /home/%D/%U
template homedir = /home/%D/%U
f.修改krb5.conf
[root@mailgate etc]# vi /etc/krb5.conf
将下面:
[libdefaults]
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
EXAMPLE.COM = {
kdc = kerberos.example.com:88
admin_server = kerberos.example.com:749
default_domain = example.com
}
EXAMPLE.COM = {
kdc = kerberos.example.com:88
admin_server = kerberos.example.com:749
default_domain = example.com
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
修改成:
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
修改成:
[libdefaults]
default_realm = TRIUMPH
dns_lookup_realm = false
dns_lookup_kdc = false
default_realm = TRIUMPH
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
TRIUMPH = {
kdc = 10.0.0.11:88
admin_server = 10.0.0.11:749
default_domain = triumph
}
TRIUMPH = {
kdc = 10.0.0.11:88
admin_server = 10.0.0.11:749
default_domain = triumph
}
[domain_realm]
.trinet.com.cn = TRINET.COM.CN
trinet.com.cn = TRINET.COM.CN
.trinet.com.cn = TRINET.COM.CN
trinet.com.cn = TRINET.COM.CN
g.修改kdc.conf
[root@mailgate etc]# vi /var/kerberos/krb5kdc/kdc.conf
将:
将:
[realms]
EXAMPLE.COM = {
master_key_type = des-cbc-crc
supported_enctypes = arcfour-hmac:normal arcfour-hmac:norealm arcfour-hmac:onlyrealm des3-hmac-sha1:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
}
EXAMPLE.COM = {
master_key_type = des-cbc-crc
supported_enctypes = arcfour-hmac:normal arcfour-hmac:norealm arcfour-hmac:onlyrealm des3-hmac-sha1:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
}
修改为:
[realms]
TRIUMPH = {
master_key_type = des-cbc-crc
supported_enctypes = arcfour-hmac:normal arcfour-hmac:norealm arcfour-hmac:onlyrealm des3-hmac-sha1:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
}
TRIUMPH = {
master_key_type = des-cbc-crc
supported_enctypes = arcfour-hmac:normal arcfour-hmac:norealm arcfour-hmac:onlyrealm des3-hmac-sha1:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
}
h.重新启动相关服务;
[root@mailgate ~]# service smb restart
Shutting down SMB services: [ OK ]
Shutting down NMB services: [ OK ]
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
[root@mailgate ~]# service winbind restart
Shutting down SMB services: [ OK ]
Shutting down NMB services: [ OK ]
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
[root@mailgate ~]# service winbind restart
Shutting down Winbind services: [ OK ]
Starting Winbind services: [ OK ]
[root@mailgate ~]#
Starting Winbind services: [ OK ]
[root@mailgate ~]#
i.加域前检查:
[root@mailgate ~]# more /etc/sysconfig/clock 检查一下时区;
如果不对,请按下面方法修改:
[root@mailgate ~]# vi /etc/sysconfig/clock
ZONE="Asia/Chongqing"
UTC=true
ARC=false
[root@mailgate ~]# ln -sf /usr/share/zoneinfo/Asia/Chongqing /etc/localtime
UTC=true
ARC=false
[root@mailgate ~]# ln -sf /usr/share/zoneinfo/Asia/Chongqing /etc/localtime
[root@mailgate ~]# date 检查一下时钟,是否与AD相差不到5分钟
如果相差过大,请按下面方法修改;
[root@mailgate ~]# date 101221202007.54
Wed Oct 23 21:20:54 CST 2007
[root@mailgate ~]# hwclock --systohc
Wed Oct 23 21:20:54 CST 2007
[root@mailgate ~]# hwclock --systohc
加域前测试,记得域名一定要大写,如果输入账户没有报错,就可以进行加域操作!
j.开始加域操作;
[root@mailgate ~]# authconfig
按下图:一步一步去操作;即可
图1
图2
图3
图4
图5
图6
图7
j.加好域后,会提示类似如下信息
Joined 'MAIL' to realm 'TRIUMPH'
setsebool: SELinux is disabled.
Joined 'MAIL' to realm 'TRIUMPH'
setsebool: SELinux is disabled.
Shutting down Winbind services: [ OK ]
Starting Winbind services: [ OK ]
[root@mailgate ~]#
Starting Winbind services: [ OK ]
[root@mailgate ~]#
[root@mailgate ~]# wbinfo -g 查看域里面的组;
[root@mailgate ~]# wbinfo -u 查看域里面的用户;
[root@mailgate ~]# wbinfo -u 查看域里面的用户;
[root@mailgate ~]# id spam
uid=16777343(spam) gid=16777216(Domain Users) groups=16777216(Domain Users)
可以查看到域里面用户账户为spam的信息了!
uid=16777343(spam) gid=16777216(Domain Users) groups=16777216(Domain Users)
可以查看到域里面用户账户为spam的信息了!
k.与AD整合部分,手工建账户的目录比较麻烦,可能通过下面方法实现,在这种情况下,即使哪天EXCHNAGE邮件服务器坏了,我们也可以完全使用这个邮件网关都行收发邮件!哈哈!
[root@mailgate ~]# vi trinet.awk
#!/bin/awk
BEGIN {
FS = ":"
uidmin = 16777216
uidmax = 33554431
[root@mailgate ~]# vi trinet.awk
#!/bin/awk
BEGIN {
FS = ":"
uidmin = 16777216
uidmax = 33554431
}
{
if ($3 >= uidmin && $3 <= uidmax ) {
print "\nmake directory " $6 "\nchown " $3 "." $4 " " S6
system ( "mkdir -p " $6 " ;chown " $3 "." $4 " " $6 )
}
}
if ($3 >= uidmin && $3 <= uidmax ) {
print "\nmake directory " $6 "\nchown " $3 "." $4 " " S6
system ( "mkdir -p " $6 " ;chown " $3 "." $4 " " $6 )
}
}
[root@mailgate ~]# getent passwd | awk -f trinet.awk
[root@mailgate ~]# getent passwd
[root@mailgate ~]# cd /home
[root@mailgate ~]# mkdir TRIUMPH
[root@mailgate ~]#chown -R postfix TRIUMPH
[root@mailgate ~]# chmod 777 TRIUMPH
4.接下来我们要配置POSTFIX,让其收发信件,用户认证这块,让其通过WINBIND来查询AD里面信息;
a.[root@mailgate ~]# vi /etc/pam.d/smtp
增加:
auth sufficient pam_winbind.so
account sufficient pam_winbind.so
password sufficient pam_winbind.so use_authtok
account sufficient pam_winbind.so
password sufficient pam_winbind.so use_authtok
b.[root@mailgate ~]# vi /etc/pam.d/dovecot
增加:
增加:
auth sufficient pam_winbind.so
account sufficient pam_winbind.so
password sufficient pam_winbind.so use_authtok
account sufficient pam_winbind.so
password sufficient pam_winbind.so use_authtok
c..[root@mailgate ~]# vi /etc/pam.d/login
增加:
auth sufficient pam_winbind.so
account sufficient pam_winbind.so
password sufficient pam_winbind.so use_authtok
account sufficient pam_winbind.so
password sufficient pam_winbind.so use_authtok
d.[root@mailgate ~]#ln -s /usr/lib/sasl2/smtpd.conf /usr/local/lib/smtpd.conf
[root@mailgate ~]#vi /usr/local/lib/smtpd.conf,内容如下
[root@mailgate ~]#vi /usr/local/lib/smtpd.conf,内容如下
#pwcheck_method: auxprop
pwcheck_method: saslauthd
log_level:2
mech_list:PLAIN LOGIN
pwcheck_method: saslauthd
log_level:2
mech_list:PLAIN LOGIN
e.[root@mailgate ~]# vi /etc/init.d/saslauthd
将MECH=shadow
修改为:
MECH=pam
然后重启一下服务:
[root@mailgate lib]# service saslauthd restart
Stopping saslauthd: [ OK ]
Starting saslauthd: [ OK ]
[root@mailgate lib]#
Stopping saslauthd: [ OK ]
Starting saslauthd: [ OK ]
[root@mailgate lib]#
5.如果发现在外部网络发信被 Relay access denied,请检查一下面:
a.vi /etc/sysconfig/saslauthd文件中MECH=pam
b.smb 服务是否启动;
c.vi /etc/postfix/main.cf中验证是否开启;
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain (注:原来是$myhostname,试着改成$domain看看)
6.补充在邮件网关上,通过MailScanner对邮件监管测试:
a.
[root@mailgate ~]# vi /etc/MailScanner/MailScanner.conf
找到:
找到:
Archive Mail =
修改:
Archive Mail = %rules-dir%/archive.rules
b.
[root@mailgate ~]# cd /etc/MailScanner/rules/
[root@mailgate rules]# ls #查看有无archive.rules文件,没有的话手工建立
bounce.rules EXAMPLES max.message.size.rules README spam.whitelist.rules
[root@mailgate rules]# vi archive.rules
[root@mailgate rules]# ls #查看有无archive.rules文件,没有的话手工建立
bounce.rules EXAMPLES max.message.size.rules README spam.whitelist.rules
[root@mailgate rules]# vi archive.rules
增加下面:(表示来自
[email]leeki.yan@trinet.com.cn[/email],抄送一份到
[email]spam@trinet.com.cn[/email])
From: [email]leeki.yan@trinet.com.cn[/email] yes forward
[email]spam@trinet.com.cn[/email]
然后重启一下:
[root@mailgate rules]# service MailScanner restaert
Usage: service MailScanner {start|stop|status|restart|reload|startin|startout|stopms}
[root@mailgate rules]# service MailScanner restart
Shutting down MailScanner daemons:
MailScanner: [ OK ]
incoming postfix: [ OK ]
outgoing postfix: [ OK ]
Waiting for MailScanner to die gracefully ... dead.
Starting MailScanner daemons:
incoming postfix: [ OK ]
outgoing postfix: [ OK ]
MailScanner: [ OK ]
[root@mailgate rules]#
Usage: service MailScanner {start|stop|status|restart|reload|startin|startout|stopms}
[root@mailgate rules]# service MailScanner restart
Shutting down MailScanner daemons:
MailScanner: [ OK ]
incoming postfix: [ OK ]
outgoing postfix: [ OK ]
Waiting for MailScanner to die gracefully ... dead.
Starting MailScanner daemons:
incoming postfix: [ OK ]
outgoing postfix: [ OK ]
MailScanner: [ OK ]
[root@mailgate rules]#
发送一封邮件到
[email]leeki.yan@trinet.com.cn[/email]后,查看maillog如下:见红色部分字体,说明已成功抄送!
Nov 1 20:14:44 mailgate postfix/smtpd[26774]: connect from unknown[10.4.4.222]
Nov 1 20:14:44 mailgate postfix/smtpd[26774]: D01AEC882E1: client=unknown[10.4.4.222], sasl_method=LOGIN, sasl_username=leeki.yan@mailgate.trinet.com.cn
Nov 1 20:14:44 mailgate postfix/cleanup[26777]: D01AEC882E1: hold: header Received: from triumphweihu (unknown [10.4.4.222])??by mailgate.trinet.com.cn (Postfix) with ESMTP id D01AEC882E1??for < [email]leeki.yan@trinet.com.cn[/email]>; Thu, 1 Nov 2007 20:14:44 +0800 (CST) from unknown[10.4.4.222]; from=< [email]leeki.yan@trinet.com.cn[/email]> to=< [email]leeki.yan@trinet.com.cn[/email]> proto=ESMTP helo=<triumphweihu>
Nov 1 20:14:44 mailgate postfix/cleanup[26777]: D01AEC882E1: message-id=< 002201c81c80$b96932d0$de04040a@triumphweihu>
Nov 1 20:14:44 mailgate postfix/smtpd[26774]: disconnect from unknown[10.4.4.222]
Nov 1 20:14:45 mailgate MailScanner[26771]: New Batch: Scanning 1 messages, 2386 bytes
Nov 1 20:14:45 mailgate MailScanner[26771]: Virus and Content Scanning: Starting
Nov 1 20:14:47 mailgate MailScanner[26771]: Requeue: D01AEC882E1.EFDC3 to 9FCDAC88479
Nov 1 20:14:47 mailgate postfix/qmgr[26750]: 9FCDAC88479: from=< [email]leeki.yan@trinet.com.cn[/email]>, size=2547, nrcpt=2 (queue active)
Nov 1 20:14:47 mailgate MailScanner[26771]: Uninfected: Delivered 1 messages
Nov 1 20:14:47 mailgate postfix/smtp[26785]: 9FCDAC88479: to=< [email]leeki.yan@trinet.com.cn[/email] >, relay=10.0.0.11[10.0.0.11], delay=3, status=sent (250 2.6.0 < 002201c81c80$b96932d0$de04040a@triumphweihu > Queued mail for delivery)
Nov 1 20:14:47 mailgate postfix/smtp[26785]: 9FCDAC88479: to=< [email]spam@trinet.com.cn[/email] >, relay=10.0.0.11[10.0.0.11], delay=3, status=sent (250 2.6.0 < 002201c81c80$b96932d0$de04040a@triumphweihu > Queued mail for delivery)
Nov 1 20:14:47 mailgate postfix/qmgr[26750]: 9FCDAC88479: removed
c.archive.rules文件其它写法说明及注意点:
Nov 1 20:14:44 mailgate postfix/smtpd[26774]: D01AEC882E1: client=unknown[10.4.4.222], sasl_method=LOGIN, sasl_username=leeki.yan@mailgate.trinet.com.cn
Nov 1 20:14:44 mailgate postfix/cleanup[26777]: D01AEC882E1: hold: header Received: from triumphweihu (unknown [10.4.4.222])??by mailgate.trinet.com.cn (Postfix) with ESMTP id D01AEC882E1??for < [email]leeki.yan@trinet.com.cn[/email]>; Thu, 1 Nov 2007 20:14:44 +0800 (CST) from unknown[10.4.4.222]; from=< [email]leeki.yan@trinet.com.cn[/email]> to=< [email]leeki.yan@trinet.com.cn[/email]> proto=ESMTP helo=<triumphweihu>
Nov 1 20:14:44 mailgate postfix/cleanup[26777]: D01AEC882E1: message-id=< 002201c81c80$b96932d0$de04040a@triumphweihu>
Nov 1 20:14:44 mailgate postfix/smtpd[26774]: disconnect from unknown[10.4.4.222]
Nov 1 20:14:45 mailgate MailScanner[26771]: New Batch: Scanning 1 messages, 2386 bytes
Nov 1 20:14:45 mailgate MailScanner[26771]: Virus and Content Scanning: Starting
Nov 1 20:14:47 mailgate MailScanner[26771]: Requeue: D01AEC882E1.EFDC3 to 9FCDAC88479
Nov 1 20:14:47 mailgate postfix/qmgr[26750]: 9FCDAC88479: from=< [email]leeki.yan@trinet.com.cn[/email]>, size=2547, nrcpt=2 (queue active)
Nov 1 20:14:47 mailgate MailScanner[26771]: Uninfected: Delivered 1 messages
Nov 1 20:14:47 mailgate postfix/smtp[26785]: 9FCDAC88479: to=< [email]leeki.yan@trinet.com.cn[/email] >, relay=10.0.0.11[10.0.0.11], delay=3, status=sent (250 2.6.0 < 002201c81c80$b96932d0$de04040a@triumphweihu > Queued mail for delivery)
Nov 1 20:14:47 mailgate postfix/smtp[26785]: 9FCDAC88479: to=< [email]spam@trinet.com.cn[/email] >, relay=10.0.0.11[10.0.0.11], delay=3, status=sent (250 2.6.0 < 002201c81c80$b96932d0$de04040a@triumphweihu > Queued mail for delivery)
Nov 1 20:14:47 mailgate postfix/qmgr[26750]: 9FCDAC88479: removed
c.archive.rules文件其它写法说明及注意点:
FromOrTo:
[email]spam@trinet.com.cn[/email] yes forward
[email]leeki.yan@trinet.com.cn[/email]
To:
*@trinet.com.cn yes forward
[email]leeki.yan@trinet.com.cn[/email]
表示所有发进来的信都抄送一份给
[email]leeki.yan@trinet.com.cn[/email]
比如测试使用
[email]leeki.yan@trinet.com.cn[/email]发信到
[email]leeki.yan@trinet.com.cn[/email],理论上
[email]leeki.yan@trinet.com.cn[/email]应该收到两封信才到,见下面maillog,红色字体部分可以看出,leeki.yan已经收到两份邮件!!
Nov 1 20:25:44 mailgate postfix/qmgr[27280]: A8EABC88479: from=<
[email]leeki.yan@trinet.com.cn[/email]>, size=2547, nrcpt=2 (queue active)
Nov 1 20:25:44 mailgate MailScanner[27294]: Uninfected: Delivered 1 messages
Nov 1 20:25:44 mailgate postfix/smtp[27314]: A8EABC88479: to=< [email]leeki.yan@trinet.com.cn[/email] >, relay=10.0.0.11[10.0.0.11], delay=3, status=sent (250 2.6.0 < 004a01c81c82$40ab1820$de04040a@triumphweihu > Queued mail for delivery)
Nov 1 20:25:44 mailgate postfix/smtp[27314]: A8EABC88479: to=< [email]leeki.yan@trinet.com.cn[/email] >, relay=10.0.0.11[10.0.0.11], delay=3, status=sent (250 2.6.0 < 004a01c81c82$40ab1820$de04040a@triumphweihu > Queued mail for delivery)
Nov 1 20:25:44 mailgate postfix/qmgr[27280]: A8EABC88479: removed
Nov 1 20:25:44 mailgate MailScanner[27294]: Uninfected: Delivered 1 messages
Nov 1 20:25:44 mailgate postfix/smtp[27314]: A8EABC88479: to=< [email]leeki.yan@trinet.com.cn[/email] >, relay=10.0.0.11[10.0.0.11], delay=3, status=sent (250 2.6.0 < 004a01c81c82$40ab1820$de04040a@triumphweihu > Queued mail for delivery)
Nov 1 20:25:44 mailgate postfix/smtp[27314]: A8EABC88479: to=< [email]leeki.yan@trinet.com.cn[/email] >, relay=10.0.0.11[10.0.0.11], delay=3, status=sent (250 2.6.0 < 004a01c81c82$40ab1820$de04040a@triumphweihu > Queued mail for delivery)
Nov 1 20:25:44 mailgate postfix/qmgr[27280]: A8EABC88479: removed
c.其它修改说明:
FromOrTo:
[email]a@test.com[/email] yes forward
[email]b@test.com[/email]
[email]c@test.com[/email]
[email]d@test.com[/email]
方法二:同时备份到一个或多个档案及一个或多个信箱
FromOrTo: [email]a@test.com[/email] yes forward /var/spool/MailScanner/archive/a_user_backup.mbx /var/spool/MailScanner/archive/a_user_backup.mbx [email]b@toping.net[/email] [email]scyz2@163.com[/email]
注:以上为一行,该档案要先建立且确定该档案拥有者与 MailScanner.conf 的 Run As User = XXXXXXX 相同
方法三:备份到文件夹及多个信箱或档案
FromOrTo: [email]a@test.com[/email] yes forward /var/spool/MailScanner/archive/ [email]b@test.com[/email] [email]dreamflying2006@163.com[/email] /var/spool/MailScanner/archive/a_user_backup.mbx
d.注意:archive.rules文件中语句写法中,注意大小写;以及冒号后面一定得有个空格;还有就是修改后别忘了,重启MailScanner 服务!!!
e.还有就是修改main.cf参数实现邮件监控!等随后有空再作补充!!!!
另外main.cf参数还有:
寄件备份 sender_bcc_maps
收件备份 recipient_bcc_maps
寄件及收件备份 always_bcc
寄件备份 sender_bcc_maps
收件备份 recipient_bcc_maps
寄件及收件备份 always_bcc
本文转自 godoha 51CTO博客,原文链接:http://blog.51cto.com/godoha/47549 ,如需转载请自行联系原作者