4、测试启动

#/usr/local/sbin/amavisd

您也可以按如下命令调试启动
#/usr/local/sbin/amavisd debug


5、修改postfix的配置,让它能调用amavisd,以实现病毒及垃圾邮件的过滤

#vi /etc/postfix/master.cf
在文末添加如下内容:

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
#
amavisfeed unix    -       -       n       -       2     smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20
#
127.0.0.1:10025 inet n    -       n       -       -     smtpd
    -o content_filter=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o smtpd_restriction_classes=
    -o mynetworks=127.0.0.0/8
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
    -o local_header_rewrite_clients=

说明:注意每行“-o”前的空格;


#vi /etc/postifx/main.cf
在文末添加如下行:
content_filter=amavisfeed:[127.0.0.1]:10024

4、让postfix重新加载主配置文件,并查看启动情况

# postfix reload && tail -f /var/log/maillog

5、查看amavisd是否在监听10024端口,并测试服务启动情况:

# telnet localhost 10024
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
EHLO localhost
250-[127.0.0.1]
250-VRFY
250-PIPELINING
250-SIZE
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 XFORWARD NAME ADDR PROTO HELO
Quit  
221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
Connection closed by foreign host.

6、postfix重新加载配置文件后将授权并激活"127.0.0.1:10025"端口,一个正常的服务连接应该类同下面所示:

# telnet localhost 10025
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 Welcome to our mail.benet.org ESMTP,Warning: Version not Available
EHLO localhost
250-mail.benet.org
250-PIPELINING
250-SIZE 14336000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
QUIT
221 2.0.0 Bye
Connection closed by foreign host.

7、通过amavisd测试发信

]# telnet localhost 10024
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
HELO localhost
250 [127.0.0.1]
MAIL FROM:<>
250 2.1.0 Sender <> OK
RCPT TO:<postmaster>
250 2.1.5 Recipient <postmaster> OK
DATA
354 End data with <CR><LF>.<CR><LF>
From:Anti-Virus tester
To: MailServer Admin
Subject:amavisd test!
amavisd test!!
.
250 2.0.0 Ok: queued as 263FC1A609
quit
221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
Connection closed by foreign host.

接下来使用root用户测试收信
# mail
Mail version 8.1 6/6/93.  Type ? for help.
"/var/spool/mail/root": 1 message 1 new
>N  1 Anti-Virus tester     Wed Sep 19 01:19  23/798   "amavisd test!"
& 1
Message 1:
From MAILER-DAEMON  Wed Sep 19 01:19:16 2007
X-Original-To: postmaster
Delivered-To: postmaster@benet.org
X-Quarantine-ID: <3gmvpc8RxPtn>
X-Virus-Scanned: amavisd-new at benet.org
X-Amavis-Alert: BAD HEADER, MIME error: error: unexpected end of header
From:Anti-Virus tester
To: MailServer Admin
Subject:amavisd test!
Date: Wed, 19 Sep 2007 01:19:15 +0800 (CST)

amavisd test!!
& 

十八、测试使用反病毒及反垃圾模块

1、病毒邮件发送测试

登录extmail,发送带有病毒附件的邮件(病毒样本文件后文附有),查看发送情况:

# tail  -3  /var/log/clamav/clamd.log 

  1. Reading databases from /usr/local/clamav/share
  2. Database correctly reloaded (148100 signatures)
  3. /var/amavis/tmp/amavis-20070918T225935-28502/parts/p002: Trojan.Downloader.Delf-747 FOUN
复制代码



#tail -15 /var/log/maillog

  1. Sep 18 23:36:40 mail postfix/pickup[28925]: 8C1681A609: uid=1001 from=<[email]marion@test.com[/email]>
  2. Sep 18 23:36:40 mail postfix/cleanup[29002]: 8C1681A609: message-id=<[email]20070918153640.8C1681A609@mail.benet.org[/email]>
  3. Sep 18 23:36:40 mail postfix/qmgr[28924]: 8C1681A609: from=<[email]marion@test.com[/email]>, size=83658, nrcpt=1 (queue active)
  4. Sep 18 23:36:43 mail clamd[28473]: /var/amavis/tmp/amavis-20070918T225935-28502/parts/p002: Trojan.Downloader.Delf-747 FOUND 
  5. Sep 18 23:36:44 mail postfix/smtpd[29011]: connect from mail[127.0.0.1]
  6. Sep 18 23:36:44 mail postfix/smtpd[29011]: CDF9B1A602: client=mail[127.0.0.1]
  7. Sep 18 23:36:44 mail postfix/cleanup[29002]: CDF9B1A602: message-id=<[email]VA7mnx1DHavOWC@mail.benet.org[/email]>
  8. Sep 18 23:36:44 mail postfix/smtpd[29011]: disconnect from mail[127.0.0.1]
  9. Sep 18 23:36:44 mail postfix/qmgr[28924]: CDF9B1A602: from=<[email]postmaster@benet.org[/email]>, size=2230, nrcpt=1 (queue active)
  10. Sep 18 23:36:44 mail amavis[28502]: (28502-05) Blocked INFECTED (Trojan.Downloader.Delf-747), <[email]marion@test.com[/email]> -> <[email]marion@test.com[/email]>, quarantine: virus-7mnx1DHavOWC, Message-ID: <[email]20070918153640.8C1681A609@mail.benet.org[/email]>, mail_id: 7mnx1DHavOWC, Hits: -, size: 83658, 4203 ms
  11. Sep 18 23:36:45 mail postfix/smtp[29006]: 8C1681A609: to=<[email]marion@test.com[/email]>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.7, delays=0.42/0.05/0.12/4.1, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=28502-05 - VIRUS: Trojan.Downloader.Delf-747)
  12. Sep 18 23:36:45 mail postfix/qmgr[28924]: 8C1681A609: removed
  13. Sep 18 23:36:45 mail postfix/local[29014]: CDF9B1A602: to=<[email]root@benet.org[/email]>, orig_to=<[email]postmaster@benet.org[/email]>, relay=local, delay=0.28, delays=0.12/0.09/0/0.07, dsn=2.0.0, status=sent (delivered to mailbox)
  14. Sep 18 23:36:45 mail postfix/qmgr[28924]: CDF9B1A602: removed
复制代码



说明:此附件中带有特洛伊病毒,请不要作为危害别人之用,而对于您的操作不慎而给您带来的后果,作者不负任何责任;病毒样本如下:
(6) [Mail]RHEL4上安装基于postfix的全功能邮件服务器_mail soe.rar (58.95 KB) 

2、垃圾邮件测试

登录extmail,新建一封邮件,拷贝以下内容作为邮件正文,并查看发送情况:

This is the GTUBE, the
        Generic
        Test for
        Unsolicited
        Bulk
        Email

If your spam filter supports it, the GTUBE provides a test by which you
can verify that the filter is installed correctly and is detecting incoming
spam. You can send yourself a test mail containing the following string of
characters (in upper case and with no white spaces and line breaks):

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

查看发送结果:
#tail -15 /var/log/maillog

  1. Sep 19 00:04:07 mail spamd[29060]: logger: removing stderr method 
  2. Sep 19 00:04:11 mail spamd[29062]: rules: meta test FM_DDDD_TIMES_2 has dependency 'FH_HOST_EQ_D_D_D_D' with a zero score 
  3. Sep 19 00:04:11 mail spamd[29062]: rules: meta test FM_SEX_HOSTDDDD has dependency 'FH_HOST_EQ_D_D_D_D' with a zero score 
  4. Sep 19 00:04:11 mail spamd[29062]: rules: meta test HS_PHARMA_1 has dependency 'HS_SUBJ_ONLINE_PHARMACEUTICAL' with a zero score 
  5. Sep 19 00:04:11 mail spamd[29062]: spamd: server started on port 783/tcp (running version 3.2.3) 
  6. Sep 19 00:04:12 mail spamd[29062]: spamd: server pid: 29062 
  7. Sep 19 00:04:12 mail spamd[29062]: spamd: server successfully spawned child process, pid 29064 
  8. Sep 19 00:04:12 mail spamd[29062]: spamd: server successfully spawned child process, pid 29065 
  9. Sep 19 00:04:12 mail spamd[29062]: prefork: child states: II 
  10. Sep 19 00:06:44 mail postfix/pickup[28925]: E37651A60E: uid=1001 from=<[email]marion@test.com[/email]>
  11. Sep 19 00:06:44 mail postfix/cleanup[29073]: E37651A60E: message-id=<[email]20070918160643.E37651A60E@mail.benet.org[/email]>
  12. Sep 19 00:06:45 mail postfix/qmgr[28924]: E37651A60E: from=<[email]marion@test.com[/email]>, size=1041, nrcpt=1 (queue active)
  13. Sep 19 00:07:01 mail amavis[28502]: (28502-06) Blocked SPAM, <[email]marion@test.com[/email]> -> <[email]marion@test.com[/email]>, quarantine: spam-7ui+Zpn7-M00.gz, Message-ID: <[email]20070918160643.E37651A60E@mail.benet.org[/email]>, mail_id: 7ui+Zpn7-M00, Hits: 1004.576, size: 1040, 12805 ms
  14. Sep 19 00:07:01 mail postfix/smtp[29079]: E37651A60E: to=<[email]marion@test.com[/email]>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=1.8/1.5/4.9/9.9, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=28502-06, DISCARD(bounce.suppressed))
  15. Sep 19 00:07:01 mail postfix/qmgr[28924]: E37651A60E: removed
复制代码