1、设置页面超时时间
[root@mail ~]# vi /var/www/extsuite/extmail/webmail.cf SYS_SESS_TIMEOUT = 30m SYS_SESS_COOKIE_ONLY = 1
30分钟不操作将断开页面连接;多域环境可以对各域分别设置。
也可设置为当用户关闭浏览器时超时:
SYS_SESS_TIMEOUT = 0 SYS_SESS_COOKIE_ONLY = 1
2、限制邮件大小
[root@mail ~]# vi /var/www/extsuite/extmail/webmail.cf SYS_MESSAGE_SIZE_LIMIT = 20971520
邮件20M,包括附件,针对WEB发送的邮件;
多域环境可以对各域分别设置。
3、限制附件和邮箱大小
[root@mail ~]# vi /etc/postfix/main.cf message_size_limit = 10485760 mailbox_size_limit = 2097152000
附件10M,邮箱2G。
4、限制最大收件人数
[root@mail ~]# vi /etc/postfix/main.cf smtpd_recipient_limit = 100 [root@mail ~]# service postfix reload
5、限制最大连接数
超过连接数限制时maillog日志报错:
mail imapd: Maximum connection limit reached for <IPADDRESS> DISCONNECTED
[root@mail ~]# vi /usr/lib/courier-imap/etc/pop3d # Maximum number of POP3 servers started MAXDAEMONS=100 # Maximum number of connections to accept from the same IP address MAXPERIP=10 [root@mail ~]# /usr/lib/courier-imap/libexec/pop3d.rc stop [root@mail ~]# /usr/lib/courier-imap/libexec/pop3d.rc start
[root@mail ~]# vi /usr/lib/courier-imap/etc/imapd # IMAP服务进程启动的最大数目 MAXDAEMONS=100 # 接受来自同一个IP地址的最大连接数 MAXPERIP=10 [root@mail ~]# /usr/lib/courier-imap/libexec/imapd.rc stop [root@mail ~]# /usr/lib/courier-imap/libexec/imapd.rc start
6、设置邮箱容量90%提醒(maildrop)
(1)前提条件:
编译安装maildrop时添加了--enable-maildirquota
(2)配置postfix:(配置maildrop时已添加,-w 90表示容量达到90%时警告)
[root@mail ~]# vi /etc/postfix/master.cf
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -w 90 -d ${user}@${nexthop} ${recipient} ${user} ${extension} {nexthop}(3)查看警告邮件模板路径:
[root@mail ~]# cat /usr/local/src/maildrop-2.7.2/libs/maildir/quotawarnmsg.h #define QUOTAWARNMSG "/usr/local/etc/quotawarnmsg"
(4)复制警告邮件模板(复制到上面的路径):
[root@mail ~]# cp /usr/local/src/maildrop-2.7.2/libs/maildir/quotawarnmsg /usr/local/etc/ [root@mail ~]# chmod 755 /usr/local/etc/quotawarnmsg
(5)设置警告邮件模板:
[root@mail ~]# vi /usr/local/etc/quotawarnmsg X-Comment: Rename/Copy this file to quotawarnmsg, and make appropriate changes X-Comment: See deliverquota man page for more information From: Mail Delivery System <postmaster@yourmail.com> Reply-To: postmaster@yourmail.com To: Valued Customer:; Subject: Mail quota warning Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Your mailbox on the server is now more than 90% full. So that you can continue to receive mail you need to remove some messages from your mailbox.
(5)如果想使用中文发件人名称和中文主题可按以下方法:
[root@mail ~]# perl -e ‘use MIME::Base64; print encode_base64("系统管理员")‘;
57O757uf566h55CG5ZGY
[root@mail ~]# perl -e ‘use MIME::Base64; print encode_base64("邮箱配额警告")‘;
6YKu566x6YWN6aKd6K2m5ZGK
[root@mail ~]# vi /usr/local/etc/quotawarnmsg
From: "=?UTF-8?B?57O757uf566h55CG5ZGY?="<postmaster@yourmail.com>
Subject: =?UTF-8?B?6YKu566x6YWN6aKd6K2m5ZGK?=
Content-Type: text/plain; charset=Unicode(UTF-8)
Content-Transfer-Encoding: 8bit
您的邮箱空间已使用90%,如果您想正常使用,请从您的邮箱清除一些邮件,或与管理员联系。
Your mailbox on the server is now more than 90% full. So that you can continue
to receive mail you need to remove some messages from your mailbox.测试:
test@yourmail.com邮箱账号默认空间大小为5M:
使用postmaster@yourmail.com给test发送4M的附件,test将会收到警告邮件:
说明:在WEB端显示邮件内容正常,而FOXMAIL客户端收到的邮件内容显示乱码,转换编码格式为UTF-8后显示正常,因此最好把英文内容也写在模板里。
7、postfix黑白名单
main.cf中注释掉了amavisd的10024过滤器,因此邮件不经过amavisd的黑白名单
(1)添加访问表限制:
smtpd_client_restrictions =
check_client_access hash:/etc/postfix/client_access #限制客户端IP地址
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/sender_access #限制发件人地址
smtpd_recipien_restrictions =
check_recipien_access hash:/etc/postfix/recipien_access #限制收件人地址
(2)创建访问表
vi /etc/postfix/client_access
10.188.1.172 REJECT "ip 172 is user ywzhou"
192.168.1 REJECT
extmail.org REJECT
vi /etc/postfix/sender_access
user@example.com REJECT
marketing@ REJECT
abc.example.com REJECT
vi /etc/postfix/recipien_access
test@yourmail.com REJECT
(3)转化为数据库格式
只要修改了访问表都要进行转化操作:
postmap /etc/postfix/client_access
postmap /etc/postfix/sender_access
postmap /etc/postfix/recipien_access
将生成xxx_access.db文件
(4)加载配置文件
service postfix reload
8、限制用户给群组邮箱发邮件
流程:邮件通过SMTPD进来、发件人过滤、检查其收件人是groups中的群组地址rsb@yourmail.com、
该地址调用类group_limit_rsb、该类调用访问表rsb、检查发件人在该表中设为了OK则通过、没有则拒绝
(1)添加访问表限制:
vi /etc/postfix/main.cf
smtpd_sender_restrictions =
#这里和前面不同,是在“发件人”限制中添加“收件人”访问表
check_recipient_access hash:/etc/postfix/group_limit/groups
#定义“检查收件方”的类,一个群组账号对应一个
smtpd_restriction_classes =
group_limit_rsb,
group_limit_cwb,
group_limit_all
#为类添加发件人访问表
group_limit_rsb =
check_sender_access hash:/etc/postfix/group_limit/rsb,
reject
group_limit_cwb =
check_sender_access hash:/etc/postfix/group_limit/cwb,
reject
group_limit_all =
check_sender_access hash:/etc/postfix/group_limit/all,
reject
#给类添加规则,检查发件人访问表,其他拒绝
(2)创建访问表
mkdir /etc/postfix/group_limit
#群组账号列表,及其调用的类
vi /etc/posftix/group_limit/groups
rsb@yourmail.com group_limit_rsb
cwb@yourmail.com group_limit_cwb
all@yourmail.com group_limit_all
#设置类调用的访问表
vi /etc/postfix/group_limit/rsb
ywzhou@yourmail.com OK
vi /etc/postfix/group_limit/cwb
ywzhou@yourmail.com OK
vi /etc/postfix/group_limit/all
yourmail.com OK
(3)转化为hash数据库格式
postmap /etc/postfix/group_limit/group_limit
postmap /etc/postfix/group_limit/rsb
postmap /etc/postfix/group_limit/cwb
postmap /etc/postfix/group_limit/all
(4)加载配置文件
service postfix reload
问题
用Extmail WEB发的话任意用户都可以对别名群发
因为webmail发送是通过管道呼叫/usr/sbin/sendmail 发送email,不受这个限制
必须让webmail使用smtp的方式发送才能实现这个限制
9、限制用户只能内部收发邮件
参考上节群组限制
流程:外网发邮件给test01~03、收件人过滤、检查其发件人调用local_senders_in访问表、
该表中设置了01和02调用local_limit_in类、该类调用local_domains访问表发件人表、
表中没有外网发件人的域名,因此拒绝01和02,但03正常;
同理01~03发邮件给外网,local_senders_out限制了01和03只能发给local_domains中的域,
因此拒绝,02不受限制。
(1)添加访问表限制:
vi /etc/postfix/main.cf
smtpd_recipient_restrictions =
check_sender_access hash:/etc/postfix/group_limit/local_senders_in
check_recipient_access hash:/etc/postfix/group_limit/local_senders_out
smtpd_restriction_classes =
local_limit_in,
local_limit_out
local_limit_in =
check_sender_access hash:/etc/postfix/group_limit/local_domains,
reject
local_limit_out =
check_recipient_access hash:/etc/postfix/group_limit/local_domains,
reject
(2)创建访问表
vi /etc/posftix/group_limit/local_senders_in
test01@yourmail.com local_limit_in
test02@yourmail.com local_limit_in
vi /etc/posftix/group_limit/local_senders_out
test01@yourmail.com local_limit_out
test03@yourmail.com local_limit_out
vi /etc/postfix/group_limit/local_domains
yourmail.com OK
seconed.cn OK
(3)转化为hash数据库格式
postmap /etc/postfix/group_limit/local_domains
postmap /etc/postfix/group_limit/local_senders_in
postmap /etc/postfix/group_limit/local_senders_out
(4)加载配置文件
service postfix reload
10、amavisd限制
vi /etc/amavisd.conf
#对本地发出的邮件不进行内容过滤
$policy_bank{‘MYNETS‘} = { # mail originating from @mynetworks
originating => 1, # is true in MYNETS by default, but let‘s make it explicit
os_fingerprint_method => undef, # don‘t query p0f for internal clients
allow_disclaimers => 1, # enables disclaimer insertion if available
#添加以下三行参数,不进行检查
bypass_spam_checks_maps => [1],
bypass_banned_checks_maps => [1],
bypass_header_checks_maps => [1],
};
# 启用自动学习白名单
$sa_auto_whitelist = 1;
# 配置黑白名单,可以不设置,因此postfix注释掉10024过滤器了,不会经过此名单
read_hash(\%whitelist_sender, ‘/etc/amavisd/whitelist‘);
read_hash(\%blacklist_sender,‘/etc/amavisd/blacklist‘);
vi whitelist
test@test.com.cn #单个邮件地址
test.com #整个域
.test1.com #整个域及其子域
#限制附件格式
$banned_filename_re = new_RE(
qr‘_\.(exe-ms|dll)$‘,
qr‘\.[_./]*[A-Za-z][_./*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$‘i,
qr‘.\.(exe|vbs|pif|scr|cpl)$‘i,
如需放行指定格式的附件,删除字段即可,比如bat。
service amavisd restart
本文出自 “月晴星飞” 博客,请务必保留此出处http://ywzhou.blog.51cto.com/2785388/1596169
原文地址:http://ywzhou.blog.51cto.com/2785388/1596169
