顯示文章

這裡允許您檢視這個會員的所有文章。請注意, 您只能看見您有權限閱讀的文章。


文章 - Yanny

頁: 1 ... 4 5 [6]
151
Linux 討論版 / postfix垃圾信的問題
« 於: 2008-08-07 10:52 »
小弟有一個postfix問題想請問各位大大,小弟的的系統是Debian etc,mail系統是採用postfix+amavisd-new+spamassassin+clamv
小弟公司最近一直收到一封垃圾病毒信,信件名稱Angelina Jolie Free Video.
它的寄件人和送件人都是同一個人,是我們公司的同事"bryan.song@abc.com.tw",我去看信件的標頭寄的人明明是bryan@sonman.com,可是它假造寄件者是我們公司的同事
標頭如下:
Received: from localhost (localhost [127.0.0.1])
   by mail.abc.com.tw (Postfix) with ESMTP id 3124619B3A;
   Wed,  6 Aug 2008 17:21:05 +0800 (CST)
Received: from mail.abc.com.tw ([127.0.0.1])
   by localhost (mail.abc.com.tw [127.0.0.1]) (amavisd-new, port 10024)
   with LMTP id C19jB3tv4H3l; Wed,  6 Aug 2008 17:20:41 +0800 (CST)
Received: from STATZ1MR (hosting-41.42.rev.fr.colt.net [213.41.42.41])
   by mail.abc.com.tw (Postfix) with SMTP id 8D5B1DEA8
   for <bryan.song@abc.com.tw>; Wed,  6 Aug 2008 17:20:40 +0800 (CST)
Return-Path: <bryan@sonman.com>
From: <bryan.song@abc.com.tw>
To: <bryan.song@abc.com.tw>
Subject: Message has been disinfected : Angelina Jolie Free Video.
Date: Wed, 6 Aug 2008 17:20:40 +0800
Message-ID: <20080806121555.4167.qmail@STATZ1MR>
MIME-Version: 1.0
Content-Type: text/plain;
   charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Mailer: CME-V6.5.4.3; MSN
Thread-Index: Acj3pcBrfqiF4VCSRYilzY6eLN7gmw==
x-original-to: songbr01@abc.com.tw
x-virus-scanned: amavisd-new at agbnielsen.com.tw
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198

它的寄法,小弟實在找不出阻擋方法,所以想請各位大大提供一點意見,讓小弟參考,謝謝!

152
eose大大,妳真是神!
謝謝你解決小弟的問題!
感恩!

153
各位大大,小弟想請問outlook2003的問題
小弟使用的是office 2003 sp3 outlook的行事曆,作業系統是Winxp sp2
小弟遇到一個問題 ,當小弟在行事曆上對我想要進行約會的時間點選兩下進去編輯,
編輯完成去做儲存離開!可是當約會時間到的時候,他卻不會自己去跳出提醒視窗
然後小弟去看我所設定的約會,約會還在可是鬧鐘圖示卻不見了,小弟搜尋了微軟知識庫,都沒看到有相關的問題,可以請各位大大幫幫忙嗎?
謝謝!

ps:小弟已經移除重新安裝過office2003,結果還是一樣!

154
Linux 討論版 / 回覆: postfix與新版amavisd
« 於: 2008-06-26 15:32 »
可以把你的amavisd的設定檔post出來和是用哪一個系統?
大家可以討論看看

155
Linux 討論版 / 回覆: postfix與新版amavisd
« 於: 2008-06-26 11:43 »
Jun 25 23:31:58 fedora amavis[4646]: (04646-01) (!!)WARN: all primary virus scanners failed, considering backups

小弟的推測,這應該是告訴你amavisd找不到任何的防毒程式,這跟SPAM沒有關係唷!

156
krab大大,小弟發現問題所在,實在是小弟豬頭
我把client.conf和server.conf放在同一個地方,所以才會啟動不起來
現在已經架設成功了,只是最困難的是firewall的設定
小弟要好好讀讀netman站長的routing的文章唷!

157
krab大大,小弟照你的做法,openvpn無法啟動,出現"Starting virtual private network daemon: client(FAILED) server(FAILED)"錯誤訊息
,他好像沒有紀錄錯誤訊息的Log,請大大解惑一下,謝謝!

158
linux12399大大,如何讓ldap搜尋cn的屬性,小弟暫時還是找不出來!
不過有一個替代方案,就是在我的ldap設定上加一個"$alias_maps",讓他去讀/etc/aliases的設定檔,讓他可以寄發群組Mail
virtual_alias_maps = ldap:accounts,ldap:aliases,$alias_maps
希望這些對大大有一點幫助,假如還有什麼問題大家可以一起討論

PS:小弟還是滿好奇大大的Dovecot為什麼不行,可以討論一下嗎?

159
可以把dovecot的設定檔po出來嗎?

160
linux12399大大,什麼是IMAP-2002D ?
可以幫小弟解惑一下嗎?
謝謝!

161
謝謝日京三子大大給的文章,小弟再努力去專研!
有什麼問題再請問大大,謝謝!

162
"在建立群組帳號時增加一個欄位「comment」,把你想加入群組的人全部寫在這裡就好了..."
日京三子大大,不太懂你的意思,是我新增一個正常帳號的user,然後那user新增一個comment欄位,是這樣嗎?
可是我看moto大大,好像是用別種方法去做,不過我做不出來
http://moto.debian.org.tw/viewtopic.php?p=6532

我想我的意思可能寫的不清楚,讓日京三子大大誤解了,我所說的不認識系統帳號是只在用postfix收信的時候,他只會抓lda的資料做認證,
其他地方當然可以使用local user做登入,要不然就像大大講的一樣,整個系統應該跑不起來,不知道大大這樣有沒有解決你的疑問呢?

163
SaPow大大,你給的方法是可行的,非常感謝你的幫助!

小弟原本想在LDAP上建立一個"ou=aliases",然後在上面建立mail aliases,全部都用ldap管理
,可是卻不瞭解postfix要如何去抓這裡的資料,因為aliases建立出來的屬性是cn
可是我們正常帳號抓的屬性是uid,不知道哪裡有文件可以叁考,請大大們再給小弟一點建議吧!
謝謝!!!

164
日京三子大大 :
小弟有試過編輯/etc/aliases,然後執行newaliases,但他是沒有作用的,完全無反應!
我的帳號完全抓ldap認證,local user他不認識
小弟post我的設定檔,請大家給點意見,謝謝]
main.cf

myhostname = mail.abc.com.tw
mydomain = abc.com.tw
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $mydomain, $myhostname, localhost.abc.com.tw, , localhost, autoreply.abc.com.tw
relayhost =
mynetworks = 127.0.0.0/8, 192.168.88.0/24, 10.0.88.0/24
#MAILDIR=$HOME/Maildir
mailbox_command = procmail -a "$EXTENSION" DEFAULT= $HOME
local_recipient_maps=
mailbox_size_limit = 153600000
recipient_delimiter = +
inet_interfaces = all
home_maildir = Maildir/
virtual_mailbox_limit = 153600000


#LDAP Configure

local_transport = virtual

accounts_server_host = 10.0.88.50
accounts_search_base = ou=Users,dc=abc,dc=com,dc=tw
accounts_query_filter = (&(objectClass=inetOrgPerson)(uid=%s))
accounts_result_attribute = uid
account_bind = no

mailbox_server_host = 10.0.88.50
mailbox_search_base = ou=Users,dc=abc,dc=com,dc=tw
mailbox_query_filter = (&(objectClass=inetOrgPerson)(uid=%s))
mailbox_result_format = %s/
mailbox_result_attribute = uid
mailbox_bind = no

aliases_server_host = 10.0.88.50
aliases_search_base = ou=Users,dc=abc,dc=com,dc=tw
aliases_query_filter = (&(objectClass=inetLocalMailRecipient)(mail=%s))
aliases_result_attribute = uid
aliases_bind =no

virtual_alias_maps = ldap:accounts,ldap:aliases
virtual_mailbox_base =/home/
virtual_mailbox_maps = ldap:mailbox
virtual_transport = maildrop
virtual_uid_maps = hash:/etc/postfix/virtual_uids
virtual_gid_maps = static:513

165
謝謝大大的意見,小弟會去試試看!

166
otislin88 大大:

小弟之前有試過,不知道是我設錯還是那個方法不行,大大可以給你一些意見嗎?

167
damon大大:

用local user的帳號,我知道可以修改/etc/aliases
但ldap我不知道如何用aliases???
可以請你教學一下嗎?

168
sorry,日京三子大大,小弟沒有講清楚!
我舉一個例子好了,我有A,b,c三個mail address
我新建一個D的mail address,他包含了 A,b,c的mail address
假如我寄D的maill address,他會自動寄給 A,b,c的mail address
這應該叫mail的別名吧,在exchange上叫mail group
請大大給一點建議吧,謝謝!

169
Linux 討論版 / ldap + postfix 如何做 mail group
« 於: 2008-06-03 17:07 »
各位大大,小弟有一個問題搜尋google還是找不到什麼建議,想在這請問各位大大!
我的作業系統Debian 4.0 etch
小弟架設兩台機器,機器A是用來做openldap,機器B是做postfix
postfix會透過pam去跟ldap要user資料做認證!
我現在想要做mail group,我試著去編輯/etc/aliases檔案,但是那個檔案好像只有對local user有用處,postfix + ldap整合就不能使用這個檔案,想請問各位大大,要如何做ldap的mail group?
請各位大大提供一些建議給小弟叁考,謝謝!

170
各位大大,小弟的問題算解決了
我在main.cf下設定一個檔案A,然後在檔案A上設定username和uid對應
然後讓postfix去抓他對應!
這個缺點就是你新增一個user就要去檔案A作一次對應,比較麻煩一點!

172
謝謝各位大大的指導,現在可以用PAM去跟LDAP做認証,小弟用Dovecot-pop3d 採用Maildir格式去做POP3
用outlook收信卻是不行,好像是權限的問題,

-rw------- 1 dovecot Domain Users        1060 2008-05-21 20:19 1211372377.V304I128018M548
小弟登入的帳號是jc,但是Mail 的user 卻是dovecot,所以才會出現以下訊息

May 21 21:00:50 mail dovecot: POP3(jc): open(/home/jc/cur/1211372377.V304I128018M548444.mail:2,) failed: Permission denied

請問dovecot.conf 裡面那裡可以設定mail收進來的預設權限,或者可以指定 users或 group來收信,請各位大大幫忙一下!

這個postfix設定是指定 mail 的uid 和 gid

virtual_alias_maps = ldap:accounts,ldap:aliases
virtual_mailbox_base =/home/
virtual_mailbox_maps = ldap:mailbox
#virtual_transport = maildrop
virtual_uid_maps = static:107
virtual_gid_maps = static:513

這是Dovecot設定檔,因為怕太佔版面,只po有更動過的

protocols = imap pop3
listen = *
disable_plaintext_auth = no
mail_location = maildir:~/
##
## POP3 specific settings
##

protocol pop3 {
  # Login executable location.
  login_executable = /usr/lib/dovecot/pop3-login
  pop3_uidl_format = %08Xu%08Xv
}
 passdb pam {
      args = session=yes *
    #   args = cache_key=%u dovecot
    #args = dovecot
  }


173
你先要看網卡有沒有抓到,使用以下command去查網卡有無抓到
ifconfig -a

假如有的話,就看你是設DHCP還是固定IP唷!!!

174
日京三子大大,你的意思是說saslauthd也丟給pam去做認証嗎?
可是我的ldap server 是在A機器上,但是我的mail server 是在B 機器上
我要如何用pam從B去跟A溝通呢?
小弟不太知道,可以講解一下嗎?

175
日京三子大大,小弟有個疑問
我的smtp是用saslauthd 去做認証,假如我改用 pam的話,是否就用不到saslauthd呢?假如用不到,那我寄信要用什麼來做認証呢?
可以請大大講解一下嗎?

176
damon大大:

pam要如何整合,小弟沒用過!
PAM可以跨機器做認證嗎?可以教一下小弟嗎?
謝謝

177
各位大大,小弟在這邊請教一個問題!
我有兩台PC 上面的系統是 Debian etch

一台pc 安裝的是 samba + openldap
一台pc 安裝的是 postfix

當postfix收信時,他會去跟另一台pc 的ldap要user的資訊去做認證
我是用saslauthd 是跟ldap去做聯接,而不是用pam去做連接
我在Linux上收發信都沒有什麼問題,因為我想要outlook去收信,所以我安裝了courier-ldap couriew-imap courier-pop courier-base 這些套件,也在authldaprc這個檔案做過設定,但是每當我用outlook去收信的時候,他會一直要求我輸入密碼,可是寄信的話是沒有任何問題, 我不知道是什麼原因,可以請各位大大幫忙看看嗎?

authldaprc設定檔

#LDAP_URI ldaps://ldap.example.com, ldaps://backup.example.com
LDAP_URI ldap://10.0.88.50

##NAME: LDAP_PROTOCOL_VERSION:0
#
# Which version of LDAP protocol to use

LDAP_PROTOCOL_VERSION 3

##NAME: LDAP_BASEDN:0
#
# Look for authentication here:

LDAP_BASEDN ou=Users,dc=abc,dc=com,dc=tw

##NAME: LDAP_BINDDN:0
#
# You may or may not need to specify the following. Because you've got
# a password here, authldaprc should not be world-readable!!!

LDAP_BINDDN cn=admin,dc=abc,dc=com,dc=tw
LDAP_BINDPW q

##NAME: LDAP_TIMEOUT:0
#
# Timeout for LDAP search and connection

LDAP_TIMEOUT 5

##NAME: LDAP_AUTHBIND:0
#
# Define this to have the ldap server authenticate passwords. If LDAP_AUTHBIND
# the password is validated by rebinding with the supplied userid and password.
# If rebind succeeds, this is considered to be an authenticated request. This
# does not support CRAM-MD5 authentication, which requires clearPassword.
# Additionally, if LDAP_AUTHBIND is 1 then password changes are done under
# the credentials of the user themselves, not LDAP_BINDDN/BINDPW
#
#LDAP_AUTHBIND 1

##NAME: LDAP_MAIL:0
#
# Here's the field on which we query

LDAP_MAIL uid

##NAME: LDAP_FILTER:0
#
# This LDAP filter will be ANDed with the query for the field defined above
# in LDAP_MAIL. So if you are querying for mail, and you have LDAP_FILTER
# defined to be "(objectClass=CourierMailAccount)" the query that is performed
# will be "(&(objectClass=CourierMailAccount)(mail=<someAccount>))"
#
LDAP_FILTER (objectClass=inetOrgPerson)

##NAME: LDAP_DOMAIN:0
#
# The following default domain will be appended, if not explicitly specified.
#
# LDAP_DOMAIN agb.com.tw

##NAME: LDAP_GLOB_IDS:0
#
# The following two variables can be used to set everybody's uid and gid.
# This is convenient if your LDAP specifies a bunch of virtual mail accounts
# The values can be usernames or userids:
#
LDAP_GLOB_UID vmail
LDAP_GLOB_GID vmail

##NAME: LDAP_HOMEDIR:0
#
# We will retrieve the following attributes
#
# The HOMEDIR attribute MUST exist, and we MUST be able to chdir to it

LDAP_HOMEDIR uid

##NAME: LDAP_MAILROOT:0
#
# If homeDirectory is not an absolute path, define the root of the
# relative paths in LDAP_MAILROOT
#
LDAP_MAILROOT /var/vmail

##NAME: LDAP_MAILDIR:0
#
# The MAILDIR attribute is OPTIONAL, and specifies the location of the
# mail directory. If not specified, ./Maildir will be used

LDAP_MAILDIR .

##NAME: LDAP_DEFAULTDELIVERY:0
#
# Courier mail server only: optional attribute specifies custom mail delivery
# instructions for this account (if defined) -- essentially overrides
# DEFAULTDELIVERY from ${sysconfdir}/courierd

LDAP_DEFAULTDELIVERY defaultDelivery

##NAME: LDAP_MAILDIRQUOTA:0
#
# The following variable, if defined, specifies the field containing the
# maildir quota, see README.maildirquota for more information
#
# LDAP_MAILDIRQUOTA quota


##NAME: LDAP_FULLNAME:0
#
# FULLNAME is optional, specifies the user's full name

LDAP_FULLNAME cn

##NAME: LDAP_PW:0
#
# CLEARPW is the clear text password. CRYPT is the crypted password.
# ONE OF THESE TWO ATTRIBUTES IS REQUIRED. If CLEARPW is provided, and
# libhmac.a is available, CRAM authentication will be possible!

LDAP_CLEARPW clearPassword
LDAP_CRYPTPW userPassword

##NAME: LDAP_IDS:0
#
# Uncomment the following, and modify as appropriate, if your LDAP database
# stores individual userids and groupids. Otherwise, you must uncomment
# LDAP_GLOB_UID and LDAP_GLOB_GID above. LDAP_GLOB_UID and LDAP_GLOB_GID
# specify a uid/gid for everyone. Otherwise, LDAP_UID and LDAP_GID must
# be defined as attributes for everyone.
#
LDAP_UID uidNumber
LDAP_GID gidNumber


##NAME: LDAP_AUXOPTIONS:0
#
# Auxiliary options. The LDAP_AUXOPTIONS setting should contain a list of
# comma-separated "ATTRIBUTE=NAME" pairs. These names are additional
# attributes that define various per-account "options", as given in
# INSTALL's description of the OPTIONS setting.
#
# Each ATTRIBUTE specifies an LDAP attribute name. If it is present,
# the attribute value gets placed in the OPTIONS variable, with the name
# NAME. For example:
#
# LDAP_AUXOPTIONS shared=sharedgroup,disableimap=disableimap
#
# Then, if an LDAP record contains the following attributes:
#
# shared: domain1
# disableimap: 0
#
# Then authldap will initialize OPTIONS to #"sharedgroup=domain1,disableimap=0"
#
# NOTE: ** no spaces in this setting **, the above example has exactly
# one tab character after LDAP_AUXOPTIONS


##NAME: LDAP_ENUMERATE_FILTER:0
#
# {EXPERIMENTAL}
# Optional custom filter used when enumerating accounts for authenumerate,
# in order to compile a list of accounts for shared folders. If present,
# this filter will be used instead of LDAP_FILTER.
#
# LDAP_ENUMERATE_FILTER #(&(objectClass=CourierMailAccount)(!(disableshared=1)))


##NAME: LDAP_DEREF:0
#
# Determines how aliases are handled during a search. This option is available
# only with OpenLDAP 2.0
#
# LDAP_DEREF can be one of the following values:
# never, searching, finding, always. If not specified, aliases are
# never dereferenced.

LDAP_DEREF never

##NAME: LDAP_TLS:0
#
# Set LDAP_TLS to 1 to use the Start TLS extension (RFC 2830). This is
# when the server accepts a normal LDAP connection on port 389 which
# the client then requests 'upgrading' to TLS, and is equivalent to the
# -ZZ flag to ldapsearch. If you are using an ldaps:// URI then do not
# set this option.
#
# For additional LDAP-related options, see the authdaemonrc config file.

LDAP_TLS 0

imap和pop設定檔因為怕版面太長,而且小弟完成沒有動到這兩個檔案,所以暫時不post上來了

錯誤訊息

May 13 20:28:56 mail courierpop3login: Connection, ip=[::ffff:10.0.88.51]
May 13 20:28:56 mail authdaemond: received auth request, service=pop3, authtype=login
May 13 20:28:56 mail authdaemond: authldap: trying this module
May 13 20:28:56 mail authdaemond: using search filter: (&(objectClass=inetOrgPerson)(uid=jc))
May 13 20:28:56 mail authdaemond: one entry returned, DN: uid=jc,ou=Users,dc=abc,dc=com,dc=tw
May 13 20:28:56 mail authdaemond: raw ldap entry returned:
May 13 20:28:56 mail authdaemond: | cn: jc
May 13 20:28:56 mail authdaemond: | uid: jc
May 13 20:28:56 mail authdaemond: | uidNumber: 1000
May 13 20:28:56 mail authdaemond: | gidNumber: 513
May 13 20:28:56 mail courierpop3login: jc: chdir(jc) failed!!
May 13 20:28:56 mail courierpop3login: error: No such file or directory
May 13 20:28:56 mail courierpop3login: LOGIN FAILED, user=jc, ip=[::ffff:10.0.88.51]
May 13 20:28:56 mail courierpop3login: authentication error: No such file or directory
May 13 20:28:56 mail authdaemond: | userPassword: {MD5}dpT0pmMW5TyM3Z2ZVL1hHQ==
May 13 20:28:56 mail authdaemond: authldaplib: sysusername=<null>, sysuserid=1000, sysgroupid=513, homedir=jc, address=jc, fullname=jc, maildir=<null>, quota=<null>, options=<null>
May 13 20:28:56 mail authdaemond: authldaplib: clearpasswd=<null>, passwd={MD5}dpT0pmMW5TyM3Z2ZVL1hHQ==
May 13 20:28:56 mail authdaemond: password matches successfully
May 13 20:28:56 mail authdaemond: Authenticated: sysusername=<null>, sysuserid=1000, sysgroupid=513, homedir=jc, address=jc, fullname=jc, maildir=<null>, quota=<null>, options=<null>
May 13 20:28:56 mail authdaemond: Authenticated: clearpasswd=q, passwd={MD5}dpT0pmMW5TyM3Z2ZVL1hHQ==

頁: 1 ... 4 5 [6]