|
論壇說明 |
歡迎您來到『史萊姆論壇』 ^___^ 您目前正以訪客的身份瀏覽本論壇,訪客所擁有的權限將受到限制,您可以瀏覽本論壇大部份的版區與文章,但您將無法參與任何討論或是使用私人訊息與其他會員交流。若您希望擁有完整的使用權限,請註冊成為我們的一份子,註冊的程序十分簡單、快速,而且最重要的是--註冊是完全免費的! 請點擊這裡:『註冊成為我們的一份子!』 |
|
主題工具 | 顯示模式 |
2003-08-31, 08:21 PM | #1 |
榮譽會員
|
構建反病毒反垃圾郵件系統
原來qmail系統的郵箱一天起碼要收十幾份垃圾、病毒郵件,實在是比較煩,不是很喜歡qmail,特別是日誌,讓人不知所云,所以乾脆考慮更換郵件系統。
系統平台為Debian Woody 3.0 一、郵件系統的安裝 1、軟體包安裝 Postfix+Courier-IMAP+Cyrus-SASL+PAM_MySQL+MySQL這種安裝方式簡單易行,在Debian下的安裝更加方便: # apt-get install courier-pop postfix-mysql postfix-tls courier-authdaemon\ courier-authmysql libpam-mysql libsasl7 libsasl-modules-plain courier-imap 如果你的系統本身沒有mysql,那麼在上面的列表裡還要加上mysql-server。apt在安裝程序中會有簡單的提示,要求填上系統的域名等信息。 2、postfix的配置 修改main.cf: 增加: home_mailbox = Maildir/ 告訴postfix使用Maildir方式 mydestination = $myhostname, $transport_maps 告訴postfix傳送$myhostname(本機)和$transport_maps(transport表裡的域名)的郵件。 alias_maps = mysql:/etc/postfix/mysql-aliases.cf relocated_maps = mysql:/etc/postfix/mysql-relocated.cf transport_maps = mysql:/etc/postfix/mysql-transport.cf virtual_maps = mysql:/etc/postfix/mysql-virtual.cf 告訴postfix從哪裡找這些表。 local_recipient_maps = $alias_maps $virtual_mailbox_maps unixasswd.byname postfix傳遞給本機收信者的幾種方法。 virtual_mailbox_base = /home/vmail virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf virtual_uid_maps = mysql:/etc/postfix/mysql-virtual-uid.cf virtual_gid_maps = mysql:/etc/postfix/mysql-virtual-gid.cf 虛擬用戶的信息。 broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous 啟用sasl,必須驗證才能發信。 smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unknown_recipient_ domain,reject_non_fqdn_recipient,check_relay_domains 發信限制。 還可以加上一些其他的參數: disable_vrfy_command = yes 將vrfy功能關掉。 3、與MySQL結合的配置及資料表結構 注意:配置mysql相關部分要寫127.0.0.1而不要寫localhost,如果使用localhost,postfix會嘗試socket連接。debian的postfix使用socket連接好像有問題。mysql不能使用skip-networking選項,要使用--bind-address=127.0.0.1讓它監聽在127.0.0.1。(非常感謝Martin List-Petersen指點) 還有要注意的是如果是自己編譯的mysql,建議在啟動的時候加上--socket=/var/run/mysqld/mysqld.sock參數,因為pam-mysql又需要使用這個socket。如果你的apache+php是自己編譯的話,php又需要重新編譯,配置的時候需要加上--with-mysql-sock=/var/run/mysqld/mysqld.sock參數。 是不是比較煩?這不過是個開始。 MySQL的資料表: CREATE TABLE alias ( id int(11) unsigned NOT NULL auto_increment, alias varchar(128) NOT NULL default \'\', destination varchar(128) NOT NULL default \'\', PRIMARY KEY (id) ) TYPE=MyISAM; CREATE TABLE relocated ( id int(11) unsigned NOT NULL auto_increment, email varchar(128) NOT NULL default \'\', destination varchar(128) NOT NULL default \'\', PRIMARY KEY (id) ) TYPE=MyISAM; CREATE TABLE transport ( id int(11) unsigned NOT NULL auto_increment, domain varchar(128) NOT NULL default \'\', destination varchar(128) NOT NULL default \'\', PRIMARY KEY (id), UNIQUE KEY domain (domain) ) TYPE=MyISAM; CREATE TABLE users ( id int(11) unsigned NOT NULL auto_increment, email varchar(128) NOT NULL default \'\', clear varchar(128) NOT NULL default \'\', name tinytext NOT NULL, uid int(11) unsigned NOT NULL default \'1011\', gid int(11) unsigned NOT NULL default \'1011\', homedir tinytext NOT NULL, maildir tinytext NOT NULL, quota tinytext NOT NULL, postfix enum(\'Y\',\'N\') NOT NULL default \'Y\', PRIMARY KEY (id), UNIQUE KEY email (email) ) TYPE=MyISAM; CREATE TABLE virtual ( id int(11) unsigned NOT NULL auto_increment, email varchar(128) NOT NULL default \'\', destination varchar(128) NOT NULL default \'\', PRIMARY KEY (id) ) TYPE=MyISAM; /etc/postfix目錄下各mysql配置文件: mysql-aliases.cf user = mysql-postfix-user password = mysql-postfix-pass dbname = postfix table = alias select_field = destination where_field = alias hosts = 127.0.0.1 mysql-relocated.cf user = mysql-postfix-user password = mysql-postfix-pass dbname = postfix table = relocated select_field = destination where_field = email hosts = 127.0.0.1 mysql-transport.cf user = mysql-postfix-user password = mysql-postfix-pass dbname = postfix table = transport select_field = destination where_field = domain hosts = 127.0.0.1 mysql-virtual.cf user = mysql-postfix-user password = mysql-postfix-pass dbname = postfix table = virtual select_field = destination where_field = email hosts = 127.0.0.1 mysql-virtual-maps.cf user = mysql-postfix-user password = mysql-postfix-pass dbname = postfix table = users select_field = maildir where_field = email additional_conditions = and postfix = \'y\' hosts = 127.0.0.1 mysql-virtual-uid.cf user = mysql-postfix-user password = mysql-postfix-pass dbname = postfix table = users select_field = uid where_field = email additional_conditions = and postfix = \'y\' hosts = 127.0.0.1 mysql-virtual-gid.cf user = mysql-postfix-user password = mysql-postfix-pass dbname = postfix table = users select_field = gid where_field = email additional_conditions = and postfix = \'y\' hosts = 127.0.0.1 修改Courier相關設定,/etc/courier/imapd: AUTHMODULES="authdaemon" IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE" 修改/etc/courier/pop3d AUTHMODULES="authdaemon" POP3AUTH="LOGIN CRAM-MD5 CRAM-SHA1" 修改/etc/courier/authdaemonrc authmodulelist="authmysql authpam" 使用mysql驗證和pam驗證。 修改/etc/courier/authmysqlrc MYSQL_SERVER 127.0.0.1 MYSQL_USERNAME mysql-postfix-user MYSQL_PASSWORD mysql-postfix-pass #MYSQL_SOCKET /var/run/mysql/mysql.sock MYSQL_PORT 0 MYSQL_OPT 0 MYSQL_DATABASE postfix MYSQL_USER_TABLE users MYSQL_LOGIN_FIELD email MYSQL_CLEAR_PWFIELD clear MYSQL_UID_FIELD uid MYSQL_GID_FIELD gid MYSQL_HOME_FIELD homedir MYSQL_MAILDIR_FIELD maildir SASL library 新增/etc/postfix/sasl/smtpd.conf: pwcheck_method: PAM PAM-MySQL 新增/etc/pam.d/smtp: auth optional pam_mysql.so host=localhost db=postfix user= mysql-postfix-user passwd=mysql-postfix-pass table=users usercolumn=email passwdcolumn=clear crypt=n account required pam_mysql.so host=localhost db=postfix user=mysql-postfix-user passwd=mysql-postfix-pass usercolumn=email passwdcolumn=clear crypt=n 4、TLS支持 通過修改/usr/lib/ssl/misc/CA.pll指令碼實現,以下修改後CA1.pl和未修改CA.pl之間的對比: *** CA.pl --- CA1.pl *************** *** 59,69 **** } elsif (/^-newcert$/) { # create a certificate ! system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS"); $RET=$?; print "Certificate (and private key) is in newreq.pem\n" } elsif (/^-newreq$/) { # create a certificate request ! system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS"); $RET=$?; print "Request (and private key) is in newreq.pem\n"; } elsif (/^-newca$/) { --- 59,69 ---- } elsif (/^-newcert$/) { # create a certificate ! system ("$REQ -new -x509 -nodes -keyout newreq.pem -out newreq.pem $DAYS"); $RET=$?; print "Certificate (and private key) is in newreq.pem\n" } elsif (/^-newreq$/) { # create a certificate request ! system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS"); $RET=$?; print "Request (and private key) is in newreq.pem\n"; } elsif (/^-newca$/) { 現在就可以使用修改的CA1.pl來簽發證書: # cd /usr/local/ssl/misc # ./CA1.pl -newca # ./CA1.pl -newreq # ./CA1.pl -sign # cp demoCA/cacert.pem /etc/postfix/CAcert.pem # cp newcert.pem /etc/postfix/cert.pem # cp newreq.pem /etc/postfix/key.pem 修改main.cf,增加: smtpd_tls_cert_file = /etc/postfix/cert.pem smtpd_tls_key_file = /etc/postfix/privkey.pem smtpd_use_tls = yes tls_random_source = dev:/dev/urandom tls_daemon_random_source = dev:/dev/urandom 重新啟動postfix後就可以看到250-STARTTLS 很多郵件客戶端對TLS的支持並不是非常好,建議使用stunnel來實現相應的smtp和pop3加密。 # apt-get install stunnel 證書: # openssl req -new -x509 -days 365 -nodes -config /etc/ssl/openssl.cnf -out stunnel.pem -keyout stunnel.pem # openssl gendh 512 >> stunnel.pem 服務端: # stunnel -d 60025 -r 25 -s nobody -g nogroup # stunnel -d 60110 -r 110 -s nobody -g nogroup 如果使用-n pop3等參數就只能用郵件客戶端收信。 客戶端: 建一個stunnel.conf文件: client = yes [pop3] accept = 127.0.0.1:110 connect = 192.168.7.144:60110 [smtp] accept = 127.0.0.1:25 connect = 192.168.7.144:60025 然後啟動stunnel.exe,在郵件客戶端的smtp和pop3的伺服器都填127.0.0.1就可以了,這樣從你到郵件伺服器端的資料傳輸就讓stunnel給你加密了。 5、測試用戶 # mkdir -p /home/vmail/test.org/san/ # chown -R nobody.nogroup /home/vmail # chmod -R 700 /home/vmail mysql> use postfix mysql> insert into transport set domain=\'test.org\', destination=\' virtual:\'; mysql> insert into users set email=\'san@test.org\',clear=\'test\',name=\'\',uid=\'65534\',gid=\'65534\', homedir=\'home/vmail\',maildir=\'test.org/san/\'; 然後就可以使用客戶端收發郵件,記得用戶名是email位址。 二、防病毒系統 1、安裝McAfee uvscan for linux McAfee uvscan for linux雖然是試用,但是沒有什麼限制,可以昇級,也沒有過期。 # wget http://www.XXXX.com/products/evaluat...sscan/english/ cmdline/linux/version_4.24/intel/vlnx424e.tar.Z # tar xzf vlnx424e.tar.Z # ./install-uvscan 預設會裝到/usr/local/uvscan目錄下,不過uvscan需要libstdc++.so.2.8,直接執行出現如下錯誤: # uvscan uvscan: error while loading shared libraries: libstdc++.so.2.8: cannot open shared objectfile: No such file or directory 可以從如下位址獲得libstdc++.so.2.8的安裝包: # wget http://debian.marlow.dk/dists/woody/virus/pool/ lib/libstdc++2.8_2.90.29-2.deb # dpkg -i libstdc++2.8_2.90.29-2.deb 這樣uvscan就可以正常執行了,不過會提示病毒庫比較老了云云。寫個病毒庫更新指令碼扔到crontab跑去吧: #!/bin/sh # # update-dat.sh # cd /usr/local/uvscan/ wget -q -O readme.txt http://http://www.XXXX.com/products/datfiles/ 4.x/nai/readme.txt >/dev/null AVVER=`head -5 readme.txt | grep \' 4[0-9][0-9][0-9] \' | head -1 | sed -e \'s/^.* \(4[0-9]*\) .*$/\1/\'` if [ ! -f dat-$AVVER.tar ]; then for i in *.tar ; do mv $i $i.old done if wget http://http://www.XXXX.com/products/datfiles/4.x/nai/ dat-$AVVER.tar >/dev/null ; then for i in *.dat ; do cp -p $i $i.bak done if tar xf dat-$AVVER.tar ; then rm -f *.old echo `date` Successfully updated AntiVirus DAT files to $AVVER fi fi fi 2、AMaViS的安裝 AMaViS是uvscan和postfix之間的一個橋樑,完成郵件解碼,交給uvscan查毒,然後再處理,轉發操作。 安裝amavisd前先確定以下軟體已經安裝,lha、unarj等使用的no-free的分支版本: # apt-get install libio-stringy-perl mailtools libmime-perl libmailtools-perl libmime-base64-perl \ libcompress-zlib-perl libconvert-uulib-perl libconvert-tnef-perl tnef libarchive-tar-perl \ libarchive-zip-perl libtime-hires-perl libunix-syslog-perl libdigest-md5-perl lha unarj unzip \ gzip unrar zoo stable版本的amavisd比較老,使用如下連結: # wget http://www.XXXX..dk/dists/woody/cust...21e-5_i386.deb # wget http://www.XXXX..dk/dists/woody/viru...14p1-2_all.deb # wget http://www.XXXX..dk/dists/woody/viru...1.12-1_all.deb # wget http://www.XXXX..dk/dists/woody/viru...0.84-3_all.deb 先安裝CPAN: # perl -MCPAN -e shell cpan> install CPAN cpan> install LWP cpan> install Archive::Tar cpan> install Archive::Zip cpan> install Compress::Zlib cpan> install Convert::TNEF cpan> install Convert::UUlib cpan> install MIME::Base64 cpan> install MIME::Parser cpan> install Mail::Internet cpan> install Net::Server cpan> install Net::SMTP cpan> install Digest::MD5 cpan> install IO::Stringy cpan> install Time::HiRes cpan> install Unix::Syslog 安裝四個下載的軟體包: # dpkg -i *.deb 修改/etc/amavis/amavisd.conf: @inet_acl = qw( 127/8 1.2.3.4/32 ); # 1.2.3.4 is your external ip .. because want maybe also accept mail from that interface, it\'s up to you. $warnvirussender = 1; # I want to warn people, who have got virus. $warnvirusrecip = 1; # I want to warn my users about virus send to them. $warn_offsite = 1; # I want to warn senders/recipients, that are not located on my server $mailfrom_notify_admin = \'virusalert@example.com\'; # $mailfrom_notify_recip = \'virusalert@example.com\'; # Change these to the appropriate email-adresses, you wish to use as sender $mailfrom_notify_spamadmin = \'spam.police@example.com\'; # for spam and virus warnings $hdrfrom_notify_sender = \'AMaViS (content filter) <postmaster@example.com>\'; $virus_admin = \'virus-admin@example.com\'; # $spam_admin = \'spam-admin@example.com\'; # 指定使用uvscan: @av_scanners = ( [\'NAI McAfee AntiVirus (uvscan)\', \'uvscan\', \'--secure -rv --summary --noboot {}\', [0], [13], qr/(?x) Found (?: \ the\ (.+)\ (?:virus|trojan) | \ (?:virus|trojan)\ or\ variant\ ([^ ]+) | :\ (.+)\ NOT\ a\ virus)/ ], ); 找到/etc/postfix/master.cf如下行: smtp inet n - n - - smtpd 改為如下: smtp inet n n n - - smtpd -o content_filter=smtp-amavis:[127.0.0.1]:10024 smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o local_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o strict_rfc821_envelopes=yes 重啟postfix,這樣在收到病毒郵件的時候能夠在日誌文件看到如下的信息: Jul 16 15:34:22 xxx amavis[30997]: (30997-09) INFECTED (W32/Nimda.gen@MM), (?) -> <xxx@xxx.org>, quarantine virus-20030716-153422-30997-09, Message-ID: <20030716073414.520D3E5C2F@xxx> 三、防垃圾郵件部分 垃圾郵件的防範必須掌握好尺度,postfix本身提供了header_check、body_check、access、classes等方式來拒絕郵件,可以參考如下位址的樣例,結合自己的情況進行修改也能阻止一部分垃圾郵件: http://www.XXXX.com/guides/postfix_uce_header.html http://www.XXXX.com/guides/postfix_uce_body.html http://www.XXXX.com/guides/postfix_uce_access.html http://www.XXXX.com/guides/postfix_uce_class.html 不過以上配置文件需要管理員根據自己情況手工進行修改,如果直接採用的話,那麼國內很多郵件你將收不到。 SpamAssassin和AMaViS可以很好的結合,它能夠幫管理員自動處理一些垃圾郵件。SpamAssassin很有趣,它對解碼後的郵件進行掃瞄後打分,如果分數達到用戶指定的分數,那麼就認為是垃圾郵件,而且它還有學習功能,管理員也可以自己重新定義各種分值或自訂分值。 1、SpamAssassin的安裝 由於已經安裝了AMaViS,所以自然就選項了SpamAssassin。SpamAssassin可以通過CPAN安裝: # perl -MCPAN -e shell install Mail::SpamAssassin 2、SpamAssassin配置 新增/var/lib/amavis/.spamassassin/user_prefs文件: # SpamAssassin config file for version 2.5x # generated by http://www.yrex.com/spam/spamconfig.php (version 1.01) # How many hits before a message is considered spam. required_hits 5.0 # Whether to change the subject of suspected spam rewrite_subject 1 # Text to prepend to subject if rewrite_subject is used subject_tag *****SPAM***** # Encapsulate spam in an attachment report_safe 1 # Use terse version of the spam report use_terse_report 0 # Enable the Bayes system use_bayes 1 # Enable Bayes auto-learning auto_learn 1 # Enable or disable network checks skip_rbl_checks 1 use_razor2 0 use_dcc 0 use_pyzor 0 # Mail using languages used in these country codes will not be marked # as being possibly spam in a foreign language. # - chinese english ok_languages zh en # Mail using locales used in these country codes will not be marked # as being possibly spam in a foreign language. ok_locales en zh SpamAssassin的打分標準見[url]http://spamassassin.org/tests.html,預訥/url]]的標準可能並不適合我們,比如SUBJ_FULL_OF_8BITS有4分多,這個比較容易誤傷友軍,應該降低該分值。只需在配置文件裡加上: score SUBJ_FULL_OF_8BITS 2 那麼SUBJ_FULL_OF_8BITS就只能評2分了。很多垃圾郵件內容都會有免費什麼什麼的,所以免費可以作為關鍵字,打上較高分數: body CH_FREE /免費/ describe CH_FREE Contain Chinese Free score CH_FREE 3.0 建立Bayes學習知識庫: # cd /var/lib/amavis/.spamassassin # /usr/local/bin/sa-learn --rebuild -D -p user_prefs 以後spamassassin會自動學習更新。 3、amavis相關配置 修改/etc/amavis/amavisd.conf文件啟用ANTI-SPAM功能: # @bypass_spam_checks_acl = qw( . ); 執行amavisd debug,看到有如下的信息,說明ANTI-SPAM的功能已經開啟了: Jul 17 02:35:46 debian amavisd[3082]: ANTI-SPAM code loaded Jul 17 02:35:46 debian amavisd[3082]: SpamControl: initializing Mail::SpamAssassin Jul 17 02:35:47 debian amavisd[3082]: SpamControl: done /etc/amavis/amavisd.conf配置文件裡的$final_spam_destiny決定了對垃圾郵件的處理,是拒絕、丟棄還是通過。 也許你還需要好好調整amavisd.conf配置文件,比如發現垃圾郵件和病毒郵件的時候是否給管理員傳送提醒郵件等等,每個選項上面都有詳細的描述。 在一個十多個郵件用戶的真實環境裡,spamassassin一天大概能擋下四、五十封垃圾郵件,而且正確率非常高,在98%以上。病毒郵件比較少,但是正確率100%,包括郵件用戶給其他人員發木馬等軟體,都會被擋下來,所以內部郵件用戶要傳送此類郵件必須使用加密或者壓縮後加密碼。 四、郵件列表 1、mailman的安裝 一直聽說mailman不錯,於是就選用了,結果問題多多,花了很長時間才解決。 首先在apt安裝的時候就有問題,mailman一定要關聯apache,由於系統本身有自己編譯的apache,所以導致安裝不成功。沒辦法只能手工編譯,手工編譯得確定有mailman的用戶和組,而且需要python2.1-dev,源碼包裡有INSTALL和README.POSTFIX兩個求助文件一定要好好看看。 # apt-get install python2.1-dev # wget http://www.XXXX..net/sourceforge/mai...lman-2.1.2.tgz # tar xzf mailman-2.1.2.tgz # mkdir /usr/local/mailman # chmod 02775 /usr/local/mailman # cd mailman-2.1.2 # ./configure --prefix=/usr/local/mailman --with-mail-gid=mailman 安裝完後檢查權限: # /usr/local/mailman/bin/check_perm 加上-f參數可以修復。安裝很方便,可是和虛擬域的postfix結合還是比較折騰人的,直接使用虛擬域如test.org就會帶來麻煩,它會搜尋虛擬域的用戶,所以會報unknown user的錯誤。 2、mailman的配置 加上mailman的cron: # cd /usr/local/mailman/cron # crontab -u mailman crontab.in 把mailman加到啟動組裡: # cp scripts/mailman /etc/init.d/mailman # update-rc.d mailman defaults 修改/usr/local/mailman/Mailman/mm_cfg.py,加上: DEFAULT_EMAIL_HOST = \'lists.test.org\' MTA = \'Postfix\' POSTFIX_STYLE_VIRTUAL_DOMAINS = [\'lists.test.org\', \'test.org\'] 可以試著增加一個郵件列表: # /usr/local/mailman/bin/newlist mailman 把用戶增加到郵件列表裡測試一些,建一個文本文件,比如members.txt,一行一個郵件位址,然後執行如下指令就可以了: # /usr/local/mailman/bin/add_members -n members.txt mailman 3、postfix相關配置 還需要修改postfix的配置文件才能使mailman工作正常,修改main.cf,加上: owner_request_special = no recipient_delimiter = + unknown_local_recipient_reject_code = 550 修改alias_maps和virtual_maps為: alias_maps = hash:/usr/local/mailman/data/aliases, mysql:/etc/postfix/mysql-aliases.cf virtual_maps = hash:/usr/local/mailman/data/virtual-mailman, mysql:/etc/postfix/mysql-virtual.cf 單單這樣還是不行的,我測試還需要把main.cf裡myorigin改為: myorigin = lists.test.org 然後在transport表裡增加一個記錄: insert into transport set domain=\'lists.test.org\',destination=\'local:\'; 重啟postfix和mailman,現在可以試試給mailman這個郵件列表發郵件是否都正常了? 4、python處理中文的問題 如果郵件都是中文gb2312編碼的就有問題,檢視/usr/local/mailman/logs/error會發現如下的錯誤: Jul 16 17:40:09 2003 (392) Uncaught runner exception: unknown encoding Jul 16 17:40:10 2003 (392) Traceback (most recent call last): File "/usr/local/mailman/Mailman/Queue/Runner.py", line 105, in _oneloop self._onefile(msg, msgdata) File "/usr/local/mailman/Mailman/Queue/Runner.py", line 155, in _onefile keepqueued = self._dispose(mlist, msg, msgdata) File "/usr/local/mailman/Mailman/Queue/IncomingRunner.py", line 130, in _dispose more = self._dopipeline(mlist, msg, msgdata, pipeline) File "/usr/local/mailman/Mailman/Queue/IncomingRunner.py", line 153, in _dopipeline sys.modules[modname].process(mlist, msg, msgdata) File "/usr/local/mailman/Mailman/Handlers/CookHeaders.py", line 75, in process prefix_subject(mlist, msg, msgdata) File "/usr/local/mailman/Mailman/Handlers/CookHeaders.py", line 262, in prefix_subject h.append(s, c) File "/usr/local/mailman/pythonlib/email/Header.py", line 285, in append s = s.encode(outcodec, errors) LookupError: unknown encoding Jul 16 17:40:10 2003 (392) SHUNTING: 1058348408.892736+4539457d44c4477c6393b0b8b9916993b6084898 這是由於python不支持gb2312的緣故!在linuxforum找到一篇關於如何使python支持gb2312的文章: http://www.XXXX..net/forum/showflat....python&Number= 427317&page=0&view=collapsed&sb=5&o=&fpart= 我就用了作者提供的[url]http://bbs1.nju.edu.cn/file/gb2312.rar,其實它久/url]]是從http://sourceforge.net/projects/python-codecs/來的。把gb2312目錄的gb2312.py檔案拷貝到/usr/lib/python2.1/encodings/目錄下,chinesecn目錄也拷貝到該目錄下,然後修改/usr/lib/python2.1/encodings/aliases.py文件,在最後的}前加上: # gb2321_cn codec \'gb2312\': \'gb2312\', 然後再次傳送中文郵件給郵件列表,發現郵件列表就能夠正常轉發了。 5、郵件列表的配置 Default.py和mm_cfg.py的配置是針對全局的,對全局配置文件的修改不會影響到已經存在的郵件列表。mailman提供了config_list這個指令來對單個郵件列表進行配置,先匯出該郵件列表的配置: # /usr/local/mailman/bin/config_list -o /tmp/config mailman 然後修改/tmp/config文件,裡面有很多選項,可以根據自己的要求修改,比如加上回復到郵件列表的郵件頭、去掉mailman自動加的邊腳等等,最後把這個配置文件導回給郵件列表就可以了: # /usr/local/mailman/bin/config_list -i /tmp/config mailman 習慣了發現mailman配起來也是蠻簡單的。 五、其它事項 1、courier-pop 有一個值得注意的問題,如果不小心/etc/init.d/courier-pop stop以後,再start起來,有時候會發現不能登入pop,日誌會提示: courierpop3login: chdir: No such file or directory 這應該是一個bug,courierpop3login好像使用了工作目錄,只需退到根目錄再start啟動就沒有問題。感謝scz的提醒。 2、Debian的ENC增強位 Debian預設設定/proc/sys/net/ipv4/tcp_ecn=1,這樣在TCP握手時發的syn包ecn置位,對於一些嚴格的防火牆來說這不是syn包,所以拒絕和你建立連接。只需置零就可以了: echo 1 > /proc/sys/net/ipv4/tcp_ecn 如果希望重啟也不置位,那麼在/etc/sysctl.conf裡加上: net/ipv4/tcp_ecn=0 3、郵箱別名 alias表是針對本機的別名,virtual表才是針對虛擬用戶的別名。比如要給san@test.org建立一個別名faint@test.org,那麼寫入以下的SQL語句: insert into virtual set email=\'faint@test.org\',destination=\'san@test.org\'; 4、位址欺騙 為了讓mailman正常工作,main.cf裡已經設定myorigin = lists.test.org,這使得本機用戶傳送郵件也使用這個域名,比如通過web發郵件在日誌裡就能看到from是nobody@lists.test.org,如果lists.test.org這個子域名不存在的話,那麼對於一些嚴格的郵件伺服器會拒絕接受此類郵件(postfix可以在smtpd_sender_restrictions後面加上reject_unknown_sender_domain拒絕此類郵件)。 這時可以使用postfix的masquerade_domains選項來實現位址欺騙,只需加上: masquerade_domains = test.org 這樣本機用戶傳送的郵件位址就使用test.org了。但有一點要注意,要遮閉郵件列表,比如: masquerade_exceptions = mailman, otherlist 這樣郵件列表還是使用lists.test.org這個域。位址欺騙並不影響虛擬域。 歷史記錄 0.01 - 初始版本。根據自己伺服器配置和使用程序寫的HOWTO。 |
送花文章: 3,
|