TWed2k - Linux交流 - [轉貼]FreeBSD+Sendmail+SASL+ Procmail+SpamAssassin+ TLS+Clamav

主題: [轉貼]FreeBSD+Sendmail+SASL+ Procmail+SpamAssassin+ TLS+Clamav [打印本頁]

發表人: yjmg 時間: 2007-5-5 05:10 PM 主題: [轉貼]FreeBSD+Sendmail+SASL+ Procmail+SpamAssassin+ TLS+Clamav

[FreeBSD][轉載] FreeBSD+Sendmail+SASL+ Procmail+SpamAssassin+ TLS+Clamav

轉貼自 http://redhat.ecenter.idv.tw/bbs/showthread.php?threadid=56973

FreeBSD + Sendmail + SASL + Procmail + SpamAssassin + TLS + Clamav

一般BSD家族預設安裝完成後，Sendmail便已安裝完成，我們今天就來架設Mail Server，
我們需要的功能是透過SASL驗證來寄發信件，並利用SpamAssassin + Procmail來過濾垃圾郵件，
如此功能足以應付一般中小企業的需求了！

作業系統 FreeBSD 5.3 STABLE
我們先處裡有關垃圾郵件的部份：
安裝軟體：Procmail 、SpamAssassin
Procmail的安裝：
# cd /usr/ports/mail/procmail
# make install clean

SpamAssassin的安裝：
# cd /usr/ports/mail/p5-Mail-SpamAssassin
# make install clean

Procmail的設定檔在 /usr/local/etc/procmailrc
如果沒有此檔請自建（touch procmailc），然後編輯此檔：
MAILDIR=/var/mail
VERBOSE=off
PATH=/bin:/sbin:/usr/bin:/usr/sbin/:/usr/local/bin:/usr/local/sbin
LOGFILE=/var/log/procmail.log
:0fw
* < 256000
| nice -n 19 /usr/local/bin/spamassassin

:0:
* ^X-Spam-Status: Yes
$HOME/mail/spam-mail
上一行是將垃圾郵件放到使用者家目錄的郵件裡面(mail/spam-mail),因我用openwebmail所以有此目錄;
如果你沒有此目錄，請自行修改至正確路徑。

SpamAssassin的設定檔在 /usr/local/etc/mail/spamassassin/local.cf
如果沒有此檔請自建（touch local.cf），
由於這個設定檔是用來過濾並判斷垃圾郵件所以請到下面網站建立基本設定檔：

http://www.yrex.com/spam/spamconfig.php

或者參考我的設定內容：
# How many hits before a message is considered spam.
# 超過多少分會被當 spam
required_hits 5

# Whether to change the subject of suspected spam
#是否改變垃圾郵件的主題
rewrite_subject 1

# Text to prepend to subject if rewrite_subject is used
rewrite_header Subject *****系統判斷這可能是廣告垃圾信*****

# Encapsulate spam in an attachment
# 將垃圾加在附件後
report_safe 1

# Use terse version of the spam report
# 用精簡的自來回報垃圾給管理者
use_terse_report 1

# Enable the Bayes system
# 自動學習系統
use_bayes 1

# Enable Bayes auto-learning
# 開啟自動學習
auto_learn 1

# Enable or disable network checks
skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 1

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_languages all

# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales all

這就是過濾條件的基本設定，日後可依自己需求增加過濾條件，
唯一要注意的事就是改變垃圾郵件的主題；看了很多文章都寫成：
subject_tag *****SPAM*****

可是我用subject_tag這個設定值試了多次都無法改變垃圾郵件的主題，
看了這個套件附上的sample才恍然大悟，須寫成
rewrite_header Subject *****SPAM*****

如此就OK了，
因為procmail有一個log檔案（記錄檔）讓我們查詢，
她會隨著郵件的增加而長大，因此有必要定時清理她，
我們可以將她設的跟maillog的排程相同，

#vi /etc/newsyslog.conf (或 ee /etc/newsyslog.conf)
加入
/var/log/procmail.log 640 7 * @T00 J

如此就設定完成。
接下來就是啟動spamassassin
#/usr/local/etc/rc.d/sa-spamd.sh start

停止spamassassin
#/usr/local/etc/rc.d/sa-spamd.sh stop
將來有修改local.cf的規則就要重新啟動，procmail則不需要啟動。

接下來做SASL認證、同時將procmail的設定寫入sendmail中，我們要安裝 sendmail-sasl
# cd /usr/ports/mail/sendmail-sasl
# make install
*注意* 請勿clean！
安裝完後請修改
#vi /usr/local/etc/rc.d/sendmail.sh

將有
/usr/local/sbin/sendmail
改為
/usr/sbin/sendmail

共有三個地方
將 if ! test -x /usr/local/sbin/sendmail
改成if ! test -x /usr/sbin/sendmail
將
/usr/local/sbin/sendmail ${sendmail_flags} &&
echo -n ' sendmail'
/usr/local/sbin/sendmail ${sendmail_msp_queue_flags} &&
echo -n ' sm-msp-queue'
改成
/usr/sbin/sendmail ${sendmail_flags} &&
echo -n ' sendmail'
/usr/sbin/sendmail ${sendmail_msp_queue_flags} &&
echo -n ' sm-msp-queue'

啟動sendmail
#/usr/local/etc/rc.d/sendmail.sh start

停止sendmail
#/usr/local/etc/rc.d/sendmail.sh stop

修改saslauthd.sh
#vi /usr/local/etc/rc.d/saslauthd.sh
將
saslauthd_enable=${saslauthd_enable:-"NO"}
改成
saslauthd_enable=${saslauthd_enable:-"YES"}

啟動saslauthd
# cd /usr/local/sbin/saslauthd –a pam

接下來修改sendmail.mc
# cd /usr/ports/mail/sendmail-sasl/work/sendmail-8.13.1/cf/cf

複製generic-bsd4.4.mc成sendmail.mc
# cp generic-bsd4.4.mc sendmail.mc

修改sendmail.mc
# vi sendmail.mc

加入以下幾行：
define(`confAUTH_MECHANISMS',`CRAM-MD5 DIGEST-MD5 LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`CRAM-MD5 DIGEST-MD5 LOGIN PLAIN')dnl
FEATURE(`access_db')dnl
FEATURE(local_procmail)
MAILER(procmail)dnl
MAILER(smtp)dnl

存檔後一樣在此目錄
（/usr/ports/mail/sendmail-sasl/work/sendmail-8.13.1/cf/cf)中
建立sendmail.cf並將前面設定寫入sendmail.cf

# ./Build senmail.cf
#./Build install-cf

最後退回兩個目錄安裝改變的設定檔
# cd ../../ （或 #cd /usr/ports/mail/sendmail-sasl/work/sendmail-8.13.1）
# make
# make install

重新啟動senmail
# killall sendmail
#/usr/local/etc/rc.d/sendmail.sh start

終於大功告成
請用telnet 127.0.0.1 25連進 senmail後打入ehlo localhost

FreeBSD# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to localhost.shu0930.dyndns.org.
Escape character is '^]'.
220 FreeBSD.shu0930.dyndns.org ESMTP Sendmail 8.13.1/8.13.1; Fri, 10 Dec 2004 08:43:03 +0800 (CST)
ehlo localhost
250-FreeBSD.shu0930.dyndns.org Hello localhost.shu0930.dyndns.org [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
250-DELIVERBY
250 HELP
quit
221 2.0.0 FreeBSD.shu0930.dyndns.org closing connection
Connection closed by foreign host.

如果有出現AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN就代表成功了
順便寄封信看看是否有過濾垃圾郵件
最後請在rc.conf將舊的sendmail關閉
#vi /etc/rc.conf
加入 sendmail_enable=”NONE”
然後
#cd /usr/ports/mail/sendmail-sasl
#make clean

＊在實作這篇文章前，sendmail必須是已經正常運轉中
（access、local-host-names、relay-domains皆已設定完成）而且ports已更新到最新
另外sendmail的設定部份（sendmail.mc、sendmail.cf）要千萬小心修改
因為sendmail這位老大哥相當敏感，多個空白、多個Tab鍵都會導致啟動時失敗，
建議還是手工建立勿用複製貼上，如果失敗請刪除sendmail.mc、sendmail.cf，
再重新建立與導入，
最後請勿再到 /etc/mail去啟動sendmail了(make start)
因為我們已經裝了新版本的sendmail，請用
#/usr/local/etc/rc.d/sendmail.sh { start | stop | restart }
去啟動我們的老大哥吧!!!!

加裝 TLS
如果各位看官已經將sendmail的認證架設完畢，沒有安全連線(Transport Layer Security & Secure Sockets Layer; TLSv1 & SSLv2/v3)
似乎美中不足，我們就來設定TLS的部份
首先自行製作 key-pair 與 CA,

mkdir /usr/local/CA
cd /usr/local/CA
mkdir certs crl newcerts private
echo "01" > serial
cp /dev/null index.txt
cp /etc/ssl/openssl.cnf openssl.cnf

編輯 openssl.cnf 檔案, 將檔案中約第 38 行的路徑設定由 ./demoCA 改成
/usr/local/CA
執行以下指令, 假裝自己是公正單位, 做一個 cacert.pem 出來. 請按螢幕上的指示,
輸入相關的系統資料. 當螢幕上提示輸入公正單位密碼(PEM pass phrase) 的時候, 請自行設定一個密碼, 並請牢記這個密碼, 以便日後使用.

cd /usr/local/CA
openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem \
-days 365 -config openssl.cnf

執行以下指令, 建立 server 端的 CA 與 key-pair.
請特別留意, 當畫面上提示輸入 Common Name 的時候, 請務必輸入機器的全名(FQDN)否則將來 user 連線都時候將會出現警告訊息, 造成 user 的困擾.另外mail address的路徑請設為 /var/mail
當螢幕提示輸入 PEM pass phrase 的時候, 請輸入上一步驟中的公正單位密碼.

cd /usr/local/CA
openssl req -nodes -new -x509 -keyout mykey.pem -out myreq.pem \
-days 365 -config openssl.cnf
openssl x509 -x509toreq -in myreq.pem -signkey mykey.pem -out tmp.pem
openssl ca -config openssl.cnf -policy policy_anything \
-out mycert.pem -infiles tmp.pem
rm -f tmp.pem

以下列指令, 將 key-pair 與 CA 複製到 /etc/mail/cert 目錄之下, 並設定正確權限

mkdir /etc/mail/cert
cp /usr/local/CA/mykey.pem /etc/mail/cert/
cp /usr/local/CA/mycert.pem /etc/mail/cert/
cp /usr/local/CA/cacert.pem /etc/mail/cert/
chmod og-rwx /etc/mail/cert/mykey.pem
chmod og=r /etc/mail/cert/mycert.pem
chmod og=r /etc/mail/cert/cacert.pem

這樣就完成了自行建立 key-pair 與 CA 的程序. 這組 key-pair 與 CA 將可被sendmail 使用於 TLS/SSL 安全連線的資料加密功能上

接下來要重新編譯sendmail
cd /usr/ports/mail/sendmail-sasl
make
(如果您照上一篇文章已經 make clean的話請下此指令)

接下來修改sendmail.mc
cd /usr/ports/mail/sendmail-sasl/work/sendmail-8.13.1/cf/cf

複製generic-bsd4.4.mc成sendmail.mc
cp generic-bsd4.4.mc sendmail.mc

修改sendmail.mc
# vi sendmail.mc

加入以下幾行：
dnl The following lines are used to enable the STARTTLS function
define(`CERT_DIR', `/etc/mail/cert')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/cacert.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl
dnl The following lines are used to enable CYRUS-SASL function
define(`confAUTH_MECHANISMS',`CRAM-MD5 DIGEST-MD5 LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`CRAM-MD5 DIGEST-MD5 LOGIN PLAIN')dnl
FEATURE(`access_db')dnl
FEATURE(local_procmail)
MAILER(procmail)dnl
MAILER(smtp)dnl

存檔後一樣在此目錄
（/usr/ports/mail/sendmail-sasl/work/sendmail-8.13.1/cf/cf)中
建立sendmail.cf並將前面設定寫入sendmail.cf

./Build senmail.cf
./Build install-cf

最後退回兩個目錄安裝改變的設定檔
cd ../../
（或#cd/usr/ports/mail/sendmail-sasl/work/sendmail-8.13.1）
make
make install

使用以下的指令建立 CA 的 hash link

cd /etc/mail/cert
set C=cacert.pem
ln -s $C `openssl x509 -noout -hash < $C`.0

重新啟動senmail
# killall sendmail
#/usr/local/etc/rc.d/sendmail.sh start

終於大功告成
請用telnet 127.0.0.1 25連進 senmail後打入ehlo localhost

FreeBSD# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to localhost.shu0930.dyndns.org.
Escape character is '^]'.
220 FreeBSD.shu0930.dyndns.org ESMTP Sendmail 8.13.1/8.13.1; Wed, 15 Dec 2004 04:11:07 +0800 (CST)
ehlo localhost
250-FreeBSD.shu0930.dyndns.org Hello localhost.shu0930.dyndns.org [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
250-STARTTLS
250-DELIVERBY
250 HELP
quit
221 2.0.0 FreeBSD.shu0930.dyndns.org closing connection
Connection closed by foreign host.

如果有出現AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN 和 STARTTLS就代表成功了
寄一封經過安全連線的信到奇摩，觀察其完整標頭：
Received:
from rascal333 (220-135-200-165.HINET-IP.hinet.net [220.135.200.165]) (authenticated bits=0) by FreeBSD.shu0930.dyndns.org (8.13.1/8.13.1) with ESMTP id iBEJ9dmn066199 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for <sa9a6s@yahoo.com.tw>; Wed, 15 Dec 2004 03:09:39 +0800 (CST) (envelope-from rascal@shu0930.dyndns.org)

當有看到authenticated 和 version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO
就代表成功了!!!

我們的sendmail就有了安全連線加認證(TLS+SASL)和擋垃圾郵(PROCMAIL+SPAM)的功能了!!!

打完收工!!!

TLS設定部份參考文件：
張毓麟先生的文件
http://netlab.kh.edu.tw/document/張毓麟/sendmail-ssl-auth.txt

安裝clamav
一般都和MailScanner或procmail一起服用，但觀察原廠(clamav網站)的文件clamav可以直接和sendmail結合無須再加裝milter軟體
以下是部分原廠文件

4.2 clamav-milter
Nigel Horne’s clamav-milter is a very fast email scanner designed for Sendmail. It’s
written entirely in C and only depends on clamd. You can find detailed installation
instructions in the INSTALL file that comes with the clamav-milter sources. Basically,
to connect it with Sendmail add the following lines to /etc/mail/sendmail.mc:
INPUT_MAIL_FILTER(‘clmilter’,‘S=local:/var/run/clmilter.sock,
F=, T=S:4m;R:4m’)dnl
define(‘confINPUT_MAIL_FILTERS’, ‘clmilter’)
Check entry in clamd.conf of the form:
LocalSocket /var/run/clamd.sock
Start clamav-milter
/usr/local/sbin/clamav-milter -lo /var/run/clmilter.sock
and restart sendmail.

當然原廠也會提供適當的參數和方法供我們使用

首先安裝clamav
cd /usr/ports/security/clamav
make install clean

當選項畫面出現時請勾選MILTER
安裝完成後clamav共有三支程式
clamav-clamd
clamav-milter
clamav-freshclam
以clamd為主，milter 和 freshclam為輔

設定檔在/usr/local/etc/ 底下的clamd.conf，這個設定檔毋須修改便可使用
接下來設定開機時啟動clamav
vi /etc/rc.conf
加入以下四行
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
freshclam_flags="--daemon --checks=10"
clamav_milter_enable="YES"

手動方式啟動
/usr/local/etc/rc.d/clamav-clamd.sh start
/usr/local/etc/rc.d/clamav-milter.sh start
/usr/local/etc/rc.d/clamav-freshclam.sh start

再來修改sendmail
cd /usr/ports/mail/sendmail-sasl
make
(如果您又再度 make clean的話請下此指令，沒有的話直接修改sendmail.mc)

接下來修改sendmail.mc
cd /usr/ports/mail/sendmail-sasl/work/sendmail-8.13.1/cf/cf

複製generic-bsd4.4.mc成sendmail.mc
cp generic-bsd4.4.mc sendmail.mc

修改sendmail.mc
# vi sendmail.mc
加入以下幾行：
dnl The following lines are used to enable the STARTTLS function
define(`CERT_DIR', `/etc/mail/cert')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/cacert.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl
dnl The following lines are used to enable CYRUS-SASL function
define(`confAUTH_MECHANISMS',`CRAM-MD5 DIGEST-MD5 LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`CRAM-MD5 DIGEST-MD5 LOGIN PLAIN')dnl
FEATURE(`access_db')dnl
FEATURE(`delay_checks')dnl
FEATURE(local_procmail)
MAILER(procmail)dnl
MAILER(smtp)dnl
INPUT_MAIL_FILTE(`clmilter',`S=local:/var/run/clamav/clmilter.sock,F=, T=S:4m;R:4m')
define(`confINPUT_MAIL_FILTERS', `clmilter')

其實是只有增加原廠提供的數值(原廠路徑只是參考，/var/run/clamav/clmilter.sock才正確歐)
另外增加FEATURE(`delay_checks')dnl功能（等一下再說明）

存檔後一樣在此目錄
（/usr/ports/mail/sendmail-sasl/work/sendmail-8.13.1/cf/cf)中
建立sendmail.cf並將前面設定寫入sendmail.cf

./Build senmail.cf
./Build install-cf
最後退回兩個目錄安裝改變的設定檔
cd ../../
（或#cd/usr/ports/mail/sendmail-sasl/work/sendmail-8.13.1）
make
make install

重新啟動senmail
# killall sendmail
#/usr/local/etc/rc.d/sendmail.sh start

如此就完成了

接下來設定clamav-milter 的flags
vi /usr/local/etc/rc.d/ clamav-milter.sh
原設定為
: ${clamav_milter_flags="--postmaster-only --local --outgoing --max-children=50"}
改為
: ${clamav_milter_flags="--local --outgoing --max-children=50 --noreject --quiet --quarantine=rascal"}

這裡稍作說明
原設定的意思是發現病毒郵件會

1.將訊息傳給postmaster（MAILER-DAEMON的別名）
2.然後會回給寄件者代號550或554的訊息
3.並將該郵件丟棄

實作結果，將訊息傳給postmaster的信，是透過舊sendmail來傳送，結果clamav會發現我們的sendmail沒有啟動，會丟/var/spool/clientmqueue/
裡面，等待我們的senadmail啟動時再丟給mqueue來傳送，所以信會卡在clientmqueue裡

改變後的設定
1.將病毒郵件送往rascal（請自取一個本機帳號）
2.不會回給寄件者訊息

為什麼要改這裡而不將此flag寫在 /etc/rc.conf裡例如
clamav_milter_socket="/var/run/clamav/clmilter.sock"
clamav_milter_flags="--postmaster-only --local --outgoing
--max-children=50"

因為實作結果clmilter.sock在重新開機時會失敗，如果一定要寫在/etc/rc.conf裡面才方便管理，請
vi /etc/rc.local
加入
/usr/local/sbin/clamav-milter -lo /var/run/clamav/clmilter.sock

如此就完成了

至於freshclam則設定10天更新一次病毒碼，

新增FEATURE(`delay_checks')dnl是用來過濾動態ip
請
vi /etc/mail/access

加入
dynamic.apol.com.tw DISCARD
dynamic.giga.net.tw DISCARD
dynamic.hinet.net DISCARD
dynamic.seed.net.tw DISCARD
dynamic.tfn.net.tw DISCARD
dynamic.ttn.net DISCARD
dynamic.lsc.net.tw DISCARD
（空白部分用Tab）

然後
make maps

最後測試請用
/usr/ports/security/clamav/work/clamav-0.80/test
將test copy出來並利用奇摩來傳送test裡的試驗檔案
(寄信給webrascal結果是rascal收到)

觀看/var/log/maillog
Dec 16 07:15:48 FreeBSD sm-mta[3469]: iBFNFlxk003469: from=<sa9a6s@yahoo.com.tw>, size=1780, class=0, nrcpts=1, msgid=<20041215231540.73511.qmail@web17402.mail.tpe.yahoo.com>, proto=SMTP, daemon=MTA, relay=web17402.mail.tpe.yahoo.com [202.43.200.170]
Dec 16 07:15:48 FreeBSD sm-mta[3469]: iBFNFlxk003469: Milter add: header: X-Virus-Scanned: ClamAV 0.80/631/Wed Dec 15 22:01:14 2004\n\tclamav-milter version 0.80j\n\ton FreeBSD.shu0930.dyndns.org
Dec 16 07:15:48 FreeBSD sm-mta[3469]: iBFNFlxk003469: Milter add: header: X-Virus-Status: Infected
Dec 16 07:15:48 FreeBSD sm-mta[3469]: iBFNFlxk003469: Milter delete: rcpt <webrascal@shu0930.dyndns.org>
Dec 16 07:15:48 FreeBSD sm-mta[3469]: iBFNFlxk003469: Milter add: header: X-Original-To: <webrascal@shu0930.dyndns.org>
Dec 16 07:15:48 FreeBSD sm-mta[3469]: iBFNFlxk003469: Milter add: rcpt: rascal
Dec 16 07:15:48 FreeBSD sm-mta[3469]: iBFNFlxk003469: Milter change: header Subject: from qqq to [Virus] ClamAV-Test-File
Dec 16 07:15:57 FreeBSD sm-mta[3470]: iBFNFlxk003469: to=rascal, delay=00:00:10, xdelay=00:00:09, mailer=local, pri=32271, dsn=2.0.0, stat=Sent

請仔細觀察整個病毒篩檢的流程(因為主旨被改寫了所以也可以用procmail將有此主旨的信作其他處置,在此不多加說明)

再來用動態ip匿名寄信給rascal

220 FreeBSD.shu0930.dyndns.org ESMTP Sendmail 8.13.1/8.13.1; Thu, 16 Dec 2004 07
:33:09 +0800 (CST)
ehlo kimo.com.tw
250-FreeBSD.shu0930.dyndns.org Hello 61-229-108-18.dynamic.hinet.net [61.229.108
.18], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
250-STARTTLS
250-DELIVERBY
250 HELP
MAIL FROM:<nothing@yahoo.com.tw>
250 2.1.0 <nothing@yahoo.com.tw>... Sender ok
RCPT TO:<rascal>
550 5.0.0 <rascal>... We don't accept mail from dynamic ip

為了示範所以改了access為

dynamic.hinet.net 550 We don't accept mail from dynamic ip

所以才看的到，如果是DISCARD則不會有此回應，會被直接丟棄！！！

綜合以上兩篇如我用openwebmail來看信件的完整標頭應是如此

From sa9a6s@yahoo.com.tw Thu Dec 16 07:15:48 2004
Return-Path: <sa9a6s@yahoo.com.tw>
Received: from web17402.mail.tpe.yahoo.com (web17402.mail.tpe.yahoo.com [202.43.200.170])
by FreeBSD.shu0930.dyndns.org (8.13.1/8.13.1) with SMTP id iBFNFlxk003469
for <webrascal@shu0930.dyndns.org>; Thu, 16 Dec 2004 07:15:47 +0800 (CST)
(envelope-from sa9a6s@yahoo.com.tw)
Message-ID: <20041215231540.73511.qmail@web17402.mail.tpe.yahoo.com>
Received: from [220.135.200.165] by web17402.mail.tpe.yahoo.com via HTTP; Thu, 16 Dec 2004 07:15:40 CST
Date: Thu, 16 Dec 2004 07:15:40 +0800 (CST)
From: sa9a6s <sa9a6s@yahoo.com.tw>
Subject: [Virus] ClamAV-Test-File
To: webrascal@shu0930.dyndns.org
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-738343047-1103152540=:70735"
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: ClamAV 0.80/631/Wed Dec 15 22:01:14 2004
clamav-milter version 0.80j
on FreeBSD.shu0930.dyndns.org
X-Virus-Status: Infected
X-Original-To: <webrascal@shu0930.dyndns.org>
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on
FreeBSD.shu0930.dyndns.org
X-Spam-Level: ***
X-Spam-Status: No, score=3.6 required=5.0 tests=AWL,DNS_FROM_RFC_ABUSE,
FROM_HAS_MIXED_NUMS,FROM_HAS_MIXED_NUMS3,HTML_60_70,HTML_MESSAGE,
HTML_OBFUSCATE_10_20 autolearn=no version=3.0.1
Status: R

這樣的sendmail就成功了，防毒、防垃圾郵件、安全連線、認證，一應俱全，
心動了嗎？開始著手安裝吧!!!

各位看官!!!請注意我使用的版本是FreeBSD 5.3 STABLE 其他版本可能稍有出入
不過差別應該不大,請安心服用!!!

歡迎光臨 TWed2k (http://twed2k.org/)