如何在CentOS 7 64位上安装ASSP v.2

本文将介绍在最少的CentOS 7安装中安装ASSP的步骤。它不包括CentOS的安装或邮件的设置...

此操作显示了在最少的CentOS 7安装上安装ASSP的步骤。 它不包括CentOS的安装和邮件服务器的设置。 CentOS-7.0-1406-x86_64-Minimal.iso镜像适用于此设置。 如果您有DVD映像,请选择最小安装并继续安装。

重启后

禁用NetworkManager和FirewallD并启用网络服务

systemctl disable NetworkManager
systemctl stop NetworkManager

systemctl disable firewalld
systemctl stop firewalld

systemctl enable network
systemctl start network

编辑网卡配置(我们假设系统上安装了一个网卡)

vi /etc/sysconfig/network-scripts/ifcfg-eth0

替换IPADDR0 = abcd
使用IPADDR = abcd

替换PREFIX0 = xx
使用PREFIX = xx

替换GATEWAY0 = aa.bb.cc.dd
GATEWAY = aa.bb.cc.dd


更新操作系统

yum -y update
reboot
yum install wget perl

从epel,repoforge,remi存储库获取Centos的额外软件:

wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-7.rpm

安装存储库

yum localinstall rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm epel-release-7-5.noarch.rpm remi-release-7.rpm


安装防火墙(iptables manager):

yum install shorewall

我们来编辑我们的防火墙 这些选项和示例文件是使其工作的最小值。 需要进一步配置。 有关shorewall的更多信息和如何配置它,请访问http://shorewall.net

一,界面文件:

vi /etc/shorewall/interfaces

net eth0

策略文件:

vi /etc/shorewall/policy

$FW net ACCEPT
net all DROP
all all REJECT

规则文件:

vi /etc/shorewall/rules

下?章节新增下列规则:

# Enable access from the internet to ssh, smtp and assp web interface services
# For security reasonsYou might want to limit ssh access to a single or a class of
# trusted IP's
ACCEPT net $FW tcp 22,25,55555

# Enable ping (1 request per second with a burst of one)
ACCEPT net $FW icmp 8 - - 1/sec:1

shorewall.conf文件:

#vi /etc/shorewall/shorewall.conf

用STARTUP_ENABLED =是替换STARTUP_ENABLED =否

最后的区域文件:

vi /etc/shorewall/zones

fw firewall
net ipv4

启用防火墙

systemctl enable shorewall
systemctl start shorewall

使用shorewall status命令检查防火墙是否正在运行:

shorewall status | grep running

Shorewall is running

安装ASSP2和模块所需的软件:

yum install gcc openssl-devel perl-Net-SMTPS perl-IO-Compress-Zlib perl-Text-Glob perl-Number-Compare perl-Convert-TNEF perl-Digest-SHA1 perl-Email-MIME perl-Email-Send perl-Email-Valid perl-File-ReadBackwards perl-MIME-Types perl-Mail-DKIM perl-Mail-SPF perl-Net-CIDR-Lite perl-Net-DNS perl-Net-IP-Match-Regexp perl-Net-SMTP-SSL perl-Time-HiRes perl-Crypt-CBC perl-IO-Socket-SSL perl-Sys-MemInfo perl-Time-HiRes perl-Tie-DBI perl-LWP-Authen-Negotiate clamd perl-Net-IP perl-Text-Unidecode perl-Schedule-Cron-Events perl-BerkeleyDB perl-LDAP perl-CPAN perl-local-lib perl-CPAN-Meta-Requirements unzip deltarpm net-tools policycoreutils-python

可选更新CPAN

perl -MCPAN -e shell

接受默认选项并继续升级:

cpan> install CPAN
cpan> reload cpan


启动时启用ClamAV

systemctl启用clamd

clamd.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig clamd on
The unit files have no [Install] section. They are not meant to be enabled
using systemctl.
Possible reasons for having this kind of units are:
1) A unit may be statically enabled by being symlinked from another unit's
.wants/ or .requires/ directory.
2) A unit's purpose may be to act as a helper for some other unit which has
a requirement dependency on it.
3) A unit may be started when needed via activation (socket, path, timer,
D-Bus, udev, scripted systemctl call, ...).

编辑/etc/clamd.conf:

vi /etc/clamd.conf

将您的值替换为下列值:

LogFileMaxSize 2m
LogRotate yes
LocalSocketGroup clamav
LocalSocket /var/clamav/clamd.sock
# TCPSocket 3310
# TCPAddr 127.0.0.1
PidFile /var/clamav/clamd.pid
TemporaryDirectory /var/tmp
IdleTimeout 60

编辑/etc/freshclam.conf:

vi /etc/freshclam.conf

添加或取消注释LogRotate是

开始ClamAV:

systemctl start clamd

安装ASSP的CPAN模块:

cpan -i Unicode::GCString Sys::CpuAffinity Thread::State Thread::Queue Schedule::Cron File::Scan::ClamAV Sys::Syslog IO::Socket::INET6 Lingua::Stem::Snowball Lingua::Identify Archive::Extract Archive::Zip Archive::Tar Mail::SRS Net::SenderBase Tie::DBI Crypt::OpenSSL::AES Regexp::Optimizer Schedule::Cron::Events Mail::SPF::Query File::Scan::ClamAV

通过按Enter键回答任何问题(它将是[]括号内的默认选项)

可能Mail :: SPF ::查询和文件::扫描:: ClamAV将不会强制安装。 在这种情况下:

perl -MCPAN -e shell

cpan> force install Mail::SPF::Query
cpan> force install File::Scan::ClamAV

我建议逐个安装perl模块来捕获潜在的错误和/或丢失的依赖关系:

perl -MCPAN -e shell

cpan> install

从http://sourceforge.net/projects/assp/下载ASSP v.2到您的服务器并解压缩:

unzip ASSP__Install.zip
mv -f assp/ /var/db/assp/
cd /var/db/assp

第一次开始assp:

perl assp.pl

有关perl模块的任何错误都将报告给/var/db/assp/moduleLoadErrors.txt。 任何其他错误将打印在控制台上(assp将保留在前台)。

通过登录到Web界面开始配置ASSP:

http:// <IP_or_FQDN>:55555

用户:root
密码:nospam4me

默认情况下,assp绑定到每个ipv4地址(0.0.0.0:25)上的端口25 / tcp。 这将与本地电子邮件服务器(postfix,exim,sendmail,opensmtpd)产生冲突。 该信息将打印到assp日志文件(/var/db/assp/logs/maillog.txt)上,并在控制台上打印,如果assp在前台运行:

[init] Error: couldn't create server socket on port '25' -- maybe another service is running or I'm not root (uid=0)? -- or a wrong IP address is defined? -- Address already in use

在这种情况下,我们将设置Postfix,并且必须更改它的默认端口(25 / tcp),让我们说125 / tcp并绑定到localhost:

vi /etc/postfix/master.cf

更换

smtp inet n - n - - smtpd

localhost:125 inet n - n - - smtpd


我们重新启动postfix:

systemctl restart postfix

Job for postfix.service failed. See 'systemctl status postfix.service' and 'journalctl -xn' for details.

systemctl status postfix.service

postfix.service - Postfix Mail Transport Agent
Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled)
Active: failed (Result: exit-code) since Sun 2014-12-21 15:34:11 ICT; 6s ago
Process: 30186 ExecStop=/usr/sbin/postfix stop (code=exited, status=0/SUCCESS)
Process: 30200 ExecStart=/usr/sbin/postfix start (code=exited, status=1/FAILURE)
Process: 30198 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
Process: 30195 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
Main PID: 29346 (code=killed, signal=TERM)

systemd[1]: Starting Postfix Mail Transport Agent...
postfix/master[30272]: fatal: bind 127.0.0.1 port 125: Permission denied
postfix/master[30271]: fatal: daemon initialization failure
systemd[1]: postfix.service: control process exited, code=exited status=1
systemd[1]: Failed to start Postfix Mail Transport Agent.
systemd[1]: Unit postfix.service entered failed state.

以上错误是因为selinux不允许postfix绑定到不同于25,465和587之外的其他端口

要使Postfix绑定到端口125,请禁用selinux(不推荐)或添加另一个端口到selinux策略以进行Postfix绑定:

semanage port -a 125 -t smtp_port_t -p tcp

并检查端口125是否在允许的端口列表中:

semanage port -l | grep smtp_port_t

smtp_port_t tcp 125, 25, 465, 587

现在我们可以重新启动postfix没有错误:

systemctl restart postfix

另一种做法是在本地主机上启用smtp,并在assp web config中分别在服务器的公/ IP地址上启用端口25。 这样就没有selinux配置了。

在/etc/postfix/master.cf中:

vi /etc/postfix/master.cf

更换

smtp inet n - n - - smtpd

localhost:smtp inet n - n - - smtpd

在assp web配置网络设置 - > SMTP监听端口从25更改为<Public / Private_IP>:25和网络设置 - > SMTP目标从125到127.0.0.1:25

使用Web界面上的应用按钮应用更改。


要在启动时启动assp,在assp web配置中,进入服务器设置,并在运行ASSP作为守护进程选择是 - 外部控制

然后我们创建systemd assp脚本:

vi /etc/systemd/system/assp.service

[Unit]
Description=AntiSpam SMTP Proxy
After=network.target
[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/usr/bin/perl /var/db/assp/assp.pl /var/db/assp/
ExecStop=/usr/bin/killall /usr/bin/perl
[Install]
WantedBy=multi-user.target

重新加载systemd:

systemctl daemon-reload

启动时启用ASSP脚本:

systemctl enable assp.service

重新启动服务器并检查服务是否已启动并运行。 然后,您可以继续微调ASSP和Postfix(或您选择的电子邮件守护程序)。