Red Hat 企业版4.1 + antivir-mailgate-prof 安装笔记
作者:fandy
电子邮箱:cbbc@163.com
QQ:332018422
建立日期:2005年10月13日,最后修改日期:2005年10月16日
版权说明:本文章的内容归作者版权所有,同时也接受大家的转贴,但一定要保存作者信息和出处,多谢!
提起现在Linux下的邮件查病毒的软件可能有许多,通常是要收费的软件。但也有一些可以免费试用的软件,本文介绍的antivir-mailgate-prof-2.0.3-25查病毒软件是可以试用和免费在线升级病毒库的好软件,但试用的过程中是不可以在商业上使用,请大家注意版式权的问题啊!关于antivir-mailgate-prof-2.0.3-25软件可以到以下网站来查询:http://www.antivir.de/en/,关于anti...胂劝沧昂肕ail System,可以参考一下本人的 “RedHat AS 4.1 + Postfix + dovecot + Apache + OpenWebMail 安装笔记” 这篇文章。以下的操作请使用root用户来操作)
Step0、实现环境:
网络域名:easy.com
DNS主机名称:pdc.easy.com
DNS主机IP地址:192.168.1.254
邮件主机名称:mail.easy.com
邮件主机网关:192.168.1.1
邮件主机IP地址:192.168.1.253
操作系统:RedHat Enterprise Server 4.1中文版
Step1、需要软件:
antivir-mailgate-prof-2.0.3-25.tar.gz
antivir.vdf
hbedv.key
antivir-mailgate-prof-2.0.3-25.tar.gz文件可以到以下地址下载(网页截图):
RUL: http://www.antivir.de/en/produkte/a...rver/index.html
hbedv.key文件可以到以下地址下载: (网页截图)
RUL:http://www.antivir.de/en/products/t...ence/index.html
antivir.vdf文件可以到以下地址下载: (网页截图)
RUL:http://dl.antivir.de/down/vdf/fusebundle_en.zip
Step3、antivir-mailgate-prof软件安装过程:
# tar -zxvf antivir-mailgate-prof-2.0.3-25.tar.gz (解压mailgate文件)
antivir-mailgate-prof-2.0.3-25/
antivir-mailgate-prof-2.0.3-25/bin/
antivir-mailgate-prof-2.0.3-25/bin/linux_glibc22_s390/
antivir-mailgate-prof-2.0.3-25/bin/linux_glibc22_s390/antivir.asc
antivir-mailgate-prof-2.0.3-25/bin/linux_glibc22_s390/avgatefwd
antivir-mailgate-prof-2.0.3-25/bin/linux_glibc22_s390/antivir
antivir-mailgate-prof-2.0.3-25/bin/linux_glibc22_s390/avgated
antivir-mailgate-prof-2.0.3-25/bin/linux_glibc20/
antivir-mailgate-prof-2.0.3-25/bin/linux_glibc20/antivir.asc
antivir-mailgate-prof-2.0.3-25/bin/linux_glibc20/avgatefwd
antivir-mailgate-prof-2.0.3-25/bin/linux_glibc20/antivir
antivir-mailgate-prof-2.0.3-25/bin/linux_glibc20/avgated
antivir-mailgate-prof-2.0.3-25/bin/linux_glibc22/
antivir-mailgate-prof-2.0.3-25/bin/linux_glibc22/antivir.asc
antivir-mailgate-prof-2.0.3-25/bin/linux_glibc22/avgatefwd
antivir-mailgate-prof-2.0.3-25/bin/linux_glibc22/antivir
antivir-mailgate-prof-2.0.3-25/bin/linux_glibc22/avgated
antivir-mailgate-prof-2.0.3-25/bin/solaris_sparc/
antivir-mailgate-prof-2.0.3-25/bin/solaris_sparc/antivir.asc
antivir-mailgate-prof-2.0.3-25/bin/solaris_sparc/avgatefwd
antivir-mailgate-prof-2.0.3-25/bin/solaris_sparc/antivir
antivir-mailgate-prof-2.0.3-25/bin/solaris_sparc/avgated
antivir-mailgate-prof-2.0.3-25/bin/freebsd/
antivir-mailgate-prof-2.0.3-25/bin/freebsd/antivir.asc
antivir-mailgate-prof-2.0.3-25/bin/freebsd/avgatefwd
antivir-mailgate-prof-2.0.3-25/bin/freebsd/antivir
antivir-mailgate-prof-2.0.3-25/bin/freebsd/avgated
antivir-mailgate-prof-2.0.3-25/bin/solaris_x86/
antivir-mailgate-prof-2.0.3-25/bin/solaris_x86/antivir.asc
antivir-mailgate-prof-2.0.3-25/bin/solaris_x86/avgatefwd
antivir-mailgate-prof-2.0.3-25/bin/solaris_x86/antivir
antivir-mailgate-prof-2.0.3-25/bin/solaris_x86/avgated
antivir-mailgate-prof-2.0.3-25/bin/freebsd5/
antivir-mailgate-prof-2.0.3-25/bin/freebsd5/antivir.asc
antivir-mailgate-prof-2.0.3-25/bin/freebsd5/avgatefwd
antivir-mailgate-prof-2.0.3-25/bin/freebsd5/antivir
antivir-mailgate-prof-2.0.3-25/bin/freebsd5/avgated
antivir-mailgate-prof-2.0.3-25/bin/openbsd_elf/
antivir-mailgate-prof-2.0.3-25/bin/openbsd_elf/antivir.asc
antivir-mailgate-prof-2.0.3-25/bin/openbsd_elf/avgatefwd
antivir-mailgate-prof-2.0.3-25/bin/openbsd_elf/antivir
antivir-mailgate-prof-2.0.3-25/bin/openbsd_elf/avgated
antivir-mailgate-prof-2.0.3-25/bin/openbsd/
antivir-mailgate-prof-2.0.3-25/bin/openbsd/antivir.asc
antivir-mailgate-prof-2.0.3-25/bin/openbsd/avgatefwd
antivir-mailgate-prof-2.0.3-25/bin/openbsd/antivir
antivir-mailgate-prof-2.0.3-25/bin/openbsd/avgated
antivir-mailgate-prof-2.0.3-25/bin/linux_libc5/
antivir-mailgate-prof-2.0.3-25/bin/linux_libc5/antivir.asc
antivir-mailgate-prof-2.0.3-25/bin/linux_libc5/avgatefwd
antivir-mailgate-prof-2.0.3-25/bin/linux_libc5/antivir
antivir-mailgate-prof-2.0.3-25/bin/linux_libc5/avgated
antivir-mailgate-prof-2.0.3-25/doc/
antivir-mailgate-prof-2.0.3-25/doc/FAQ
antivir-mailgate-prof-2.0.3-25/doc/man/
antivir-mailgate-prof-2.0.3-25/doc/man/avmailgate.8
antivir-mailgate-prof-2.0.3-25/doc/man/avmailgate.conf.5
antivir-mailgate-prof-2.0.3-25/doc/FAQ.DE
antivir-mailgate-prof-2.0.3-25/doc/avmailgate_de.pdf
antivir-mailgate-prof-2.0.3-25/doc/MANUAL
antivir-mailgate-prof-2.0.3-25/doc/INSTALL.qmail
antivir-mailgate-prof-2.0.3-25/doc/RELEASE_NOTES
antivir-mailgate-prof-2.0.3-25/doc/INSTALL.postfix
antivir-mailgate-prof-2.0.3-25/doc/INSTALL.DE
antivir-mailgate-prof-2.0.3-25/doc/CHANGELOG
antivir-mailgate-prof-2.0.3-25/doc/INSTALL.qmail.gui
antivir-mailgate-prof-2.0.3-25/doc/INSTALL.exim
antivir-mailgate-prof-2.0.3-25/doc/INSTALL
antivir-mailgate-prof-2.0.3-25/doc/INSTALL.sendmail
antivir-mailgate-prof-2.0.3-25/etc/
antivir-mailgate-prof-2.0.3-25/etc/avmailgate.ignore
antivir-mailgate-prof-2.0.3-25/etc/avmailgate.conf
antivir-mailgate-prof-2.0.3-25/etc/avmailgate.scan
antivir-mailgate-prof-2.0.3-25/etc/avmailgate.warn
antivir-mailgate-prof-2.0.3-25/etc/avmailgate.conf-gui
antivir-mailgate-prof-2.0.3-25/etc/avmailgate.acl
antivir-mailgate-prof-2.0.3-25/etc/antivir.conf
antivir-mailgate-prof-2.0.3-25/gui/
antivir-mailgate-prof-2.0.3-25/gui/gui_mailgate_linux_glibc22_s390.tgz
antivir-mailgate-prof-2.0.3-25/gui/antivir-logo.png
antivir-mailgate-prof-2.0.3-25/gui/gui_mailgate_common.tgz
antivir-mailgate-prof-2.0.3-25/gui/gui_mailgate_linux_glibc22.tgz
antivir-mailgate-prof-2.0.3-25/gui/gui_mailgate_solaris_sparc.tgz
antivir-mailgate-prof-2.0.3-25/pgp/
antivir-mailgate-prof-2.0.3-25/pgp/antivir.gpg
antivir-mailgate-prof-2.0.3-25/pgp/README
antivir-mailgate-prof-2.0.3-25/vdf/
antivir-mailgate-prof-2.0.3-25/vdf/antivir.vdf
antivir-mailgate-prof-2.0.3-25/LICENSE
antivir-mailgate-prof-2.0.3-25/legal/
antivir-mailgate-prof-2.0.3-25/legal/LICENSE.apache
antivir-mailgate-prof-2.0.3-25/legal/LICENSE.dazuko
antivir-mailgate-prof-2.0.3-25/legal/LICENSE.pcre
antivir-mailgate-prof-2.0.3-25/legal/LICENSE.gsoap
antivir-mailgate-prof-2.0.3-25/legal/LICENSE.bsd
antivir-mailgate-prof-2.0.3-25/legal/LICENSE.gpl
antivir-mailgate-prof-2.0.3-25/README
antivir-mailgate-prof-2.0.3-25/.installrc
antivir-mailgate-prof-2.0.3-25/script/
antivir-mailgate-prof-2.0.3-25/script/avq
antivir-mailgate-prof-2.0.3-25/script/getsysteminfo
antivir-mailgate-prof-2.0.3-25/script/rc.avgate.openbsd
antivir-mailgate-prof-2.0.3-25/script/antivir-gui
antivir-mailgate-prof-2.0.3-25/script/rc.avgate
antivir-mailgate-prof-2.0.3-25/script/rc.avgate.redhat
antivir-mailgate-prof-2.0.3-25/script/sh.avinstall
antivir-mailgate-prof-2.0.3-25/script/avupdater
antivir-mailgate-prof-2.0.3-25/script/configantivir
antivir-mailgate-prof-2.0.3-25/script/rc.avgate.solaris
antivir-mailgate-prof-2.0.3-25/script/echo_sunos
antivir-mailgate-prof-2.0.3-25/script/rc.avgate.freebsd
antivir-mailgate-prof-2.0.3-25/script/rc.avgate.SuSE
antivir-mailgate-prof-2.0.3-25/script/rcscript
antivir-mailgate-prof-2.0.3-25/script/rc.avgate.SuSE8x
antivir-mailgate-prof-2.0.3-25/smcpkg/
antivir-mailgate-prof-2.0.3-25/smcpkg/en/
antivir-mailgate-prof-2.0.3-25/smcpkg/en/uxmgt-upd.conf
antivir-mailgate-prof-2.0.3-25/smcpkg/en/uxmgt.conf
antivir-mailgate-prof-2.0.3-25/smcpkg/en/uxmgt.dll
antivir-mailgate-prof-2.0.3-25/smcpkg/en/uxmgt.pkg
antivir-mailgate-prof-2.0.3-25/smcpkg/libuxmgt.so
antivir-mailgate-prof-2.0.3-25/smcpkg/setup.inf
antivir-mailgate-prof-2.0.3-25/smcpkg/libuxmgt.so.linux_glibc22
antivir-mailgate-prof-2.0.3-25/LICENSE.DE
antivir-mailgate-prof-2.0.3-25/install
antivir-mailgate-prof-2.0.3-25/templates/
antivir-mailgate-prof-2.0.3-25/templates/de/
antivir-mailgate-prof-2.0.3-25/templates/de/patho-recipient
antivir-mailgate-prof-2.0.3-25/templates/de/virus-recipient
antivir-mailgate-prof-2.0.3-25/templates/de/patho-administrator
antivir-mailgate-prof-2.0.3-25/templates/de/virus-administrator
antivir-mailgate-prof-2.0.3-25/templates/de/patho-sender
antivir-mailgate-prof-2.0.3-25/templates/de/virus-sender
antivir-mailgate-prof-2.0.3-25/templates/en/
antivir-mailgate-prof-2.0.3-25/templates/en/patho-recipient
antivir-mailgate-prof-2.0.3-25/templates/en/virus-recipient
antivir-mailgate-prof-2.0.3-25/templates/en/patho-administrator
antivir-mailgate-prof-2.0.3-25/templates/en/virus-administrator
antivir-mailgate-prof-2.0.3-25/templates/en/patho-sender
antivir-mailgate-prof-2.0.3-25/templates/en/virus-sender
antivir-mailgate-prof-2.0.3-25/templates/es/
antivir-mailgate-prof-2.0.3-25/templates/es/patho-recipient
antivir-mailgate-prof-2.0.3-25/templates/es/virus-recipient
antivir-mailgate-prof-2.0.3-25/templates/es/patho-administrator
antivir-mailgate-prof-2.0.3-25/templates/es/virus-administrator
antivir-mailgate-prof-2.0.3-25/templates/es/patho-sender
antivir-mailgate-prof-2.0.3-25/templates/es/virus-sender
antivir-mailgate-prof-2.0.3-25/templates/hu/
antivir-mailgate-prof-2.0.3-25/templates/hu/patho-recipient
antivir-mailgate-prof-2.0.3-25/templates/hu/virus-recipient
antivir-mailgate-prof-2.0.3-25/templates/hu/patho-administrator
antivir-mailgate-prof-2.0.3-25/templates/hu/virus-administrator
antivir-mailgate-prof-2.0.3-25/templates/hu/patho-sender
antivir-mailgate-prof-2.0.3-25/templates/hu/virus-sender
antivir-mailgate-prof-2.0.3-25/templates/it/
antivir-mailgate-prof-2.0.3-25/templates/it/patho-recipient
antivir-mailgate-prof-2.0.3-25/templates/it/virus-recipient
antivir-mailgate-prof-2.0.3-25/templates/it/patho-administrator
antivir-mailgate-prof-2.0.3-25/templates/it/virus-administrator
antivir-mailgate-prof-2.0.3-25/templates/it/patho-sender
antivir-mailgate-prof-2.0.3-25/templates/it/virus-sender
antivir-mailgate-prof-2.0.3-25/templates/nl/
antivir-mailgate-prof-2.0.3-25/templates/nl/patho-recipient
antivir-mailgate-prof-2.0.3-25/templates/nl/virus-recipient
antivir-mailgate-prof-2.0.3-25/templates/nl/patho-administrator
antivir-mailgate-prof-2.0.3-25/templates/nl/virus-administrator
antivir-mailgate-prof-2.0.3-25/templates/nl/patho-sender
antivir-mailgate-prof-2.0.3-25/templates/nl/virus-sender
# cp HBEDV.KEY /tmp/antivir-mailgate-prof-2.0.3-25/ (复制KEY文件)
# cp antivir.vdf /tmp/antivir-mailgate-prof-2.0.3-25/vdf/ (复制vdf文件)
# cd antivir-mailgate-prof-2.0.3-25/ (进入antivir-mailgate-prof解压目录)
# ./install
Starting AntiVir MailGate 2.0.3-25 installation...
Before installing this software, you must agree to the terms
of the license. Press to view the license.
The copyright to this software is owned by
H+BEDV Datentechnik GmbH
Tjark Auerbach; Managing Director
查看授权说明可以要按几次空格按键(略)
Do you agree to the license terms? [n] y (输入y键,并按回车按键)
creating /usr/lib/AntiVir ... done
1) installing AntiVir Engine
checking for existing /etc/antivir.conf ... not found
copying bin/antivir to /usr/lib/AntiVir/ ... done
NOTICE: This system has a prelinker. Prelinking the
antivir binary will not work correctly. Either
disable prelinking or add /usr/lib/AntiVir as an
excluded prelink path.
For example, add '-b /usr/lib/AntiVir'
to /etc/prelink.conf
copying vdf/antivir.vdf to /usr/lib/AntiVir/ ... done
copying etc/antivir.conf to /etc/ ... done
Enter the path to your key file: [HBEDV.KEY] (默认注册文件,按回车键)
copying HBEDV.KEY to /usr/lib/AntiVir/hbedv.key ... done
copying script/configantivir to /usr/lib/AntiVir/ ... done
linking /usr/bin/antivir to /usr/lib/AntiVir/antivir ... done
installation of AntiVir Engine complete
2) installing automatic internet updater
An automatic internet updater is available with version 2.0.3-25 of
AntiVir MailGate. This is a daemon that will run in the background
and automatically check for updates (internet access is required).
You may also manually check for updates using:
antivir --update
You do not need to install the automatic internet updater in order
to manually check for updates. Please read the README file for more
information on updates and how they can best suit you.
Would you like to install the automatic internet updater? [n] (按回车键)
automatic internet updater will NOT be installed
3) installing main program
copying doc/avmailgate_de.pdf to /usr/lib/AntiVir/ ... done
copying bin/avgated to /usr/lib/AntiVir/ ... done
copying bin/avgatefwd to /usr/lib/AntiVir/ ... done
copying script/avq to /usr/lib/AntiVir/ ... done
copying script/rc.avgate.redhat to /usr/lib/AntiVir/avmailgate ... done
creating /usr/lib/AntiVir/templates ... done
copying doc/MANUAL to /usr/lib/AntiVir/MANUAL.avmailgate ... done
copying etc/avmailgate.ignore to /etc/ ... done
copying etc/avmailgate.scan to /etc/ ... done
copying etc/avmailgate.warn to /etc/ ... done
creating /var/spool/avmailgate ... done
creating /var/spool/avmailgate/incoming ... done
creating /var/spool/avmailgate/outgoing ... done
creating /var/spool/avmailgate/rejected ... done
Enter the path where the manual pages will be located:
[/usr/share/man]:(照默认路径,按回车键)
copying doc/man/avmailgate.conf.5 to /usr/share/man/man5/ ... done
copying doc/man/avmailgate.8 to /usr/share/man/man8/ ... done
Enter the hosts and/or domains that are local:
[]: mail.easy.com pdc.easy.com easy.com(输入mail.easy.com,按回车键)
Enter the hosts and networks that are allowed to relay:
[127.0.0.1/8 192.168.0.0/16]: 127.0.0.1/8 192.168.1.0/24(输入本地网络IP地址,按回车键)
Would you like to create a link in /usr/sbin for avmailgate ? [y] (按回车键)
linking /usr/sbin/avmailgate to /usr/lib/AntiVir/avmailgate ... done
Would you like AvMailGate to start automatically? [y] (按回车键)
setting up startup script ... done
installation of main program complete
4) installing GUI (+ SMC support)
Note: The AntiVir Security Management Center (SMC) requires this
feature, even if you do not intend to use the GUI.
This product comes with a GUI that allows you to monitor realtime
activity, view logs, and configure the product. This tool is optional
(not required) for the product to run.
The GUI requires Java 1.4.0 or higher.
Would you like to install the GUI (+ SMC support)? [n] (按回车键)
checking for existing /etc/avmailgate.conf ... not found
copying etc/avmailgate.conf to /etc/ ... done
GUI will NOT be installed
Installation of the following features complete:
AntiVir Engine
AntiVir MailGate
Note: It is highly recommended that you perform an update now to
ensure up-to-date protection. This can be done by running:
antivir --update
Be sure to read the README file for additional information.
Thank you for your interest in AntiVir MailGate.
Step4、修改/etc/avmailgate.acl文件设定:
local: mail.easy.com
更改为:
local: mail.easy.com pdc.easy.com easy.com
Step5、修改/etc/services文件设定(添加以下两个句):
antivir 10024/tcp #Port for avgated
smtp-backdoor 10025/tcp #Port for postfix backdoor
Step6、修改/etc/avmailgate.conf文件设定:
# ListenAddress 0.0.0.0 port 25
更改为:
ListenAddress localhost port antivir
# ForwardTo SMTP: localhost port 825
更改为:
ForwardTo SMTP: localhost port smtp-backdoor
Step7、修改/etc/postfix/master.cf文件设定(添加以下一个句):
localhost:smtp-backdoor inet n - n - - smtpd -o content_filter=
Step8、修改/etc/postfix/main.cf文件设定(添加以下一个句):
content_filter = smtp:127.0.0.1:10024
Step9、重新启动操作系统:
# reboot (重新启动linux操作系统的命令)
Step10、测试结果:
从以下的网站下载一个测试病毒文件:
连接地址:http://www.eicar.org/anti_virus_test_file.htm
文件名称为:eicar.com
编写一封测试邮件:
结果会收二封以下的警告邮件:
邮件内容以下:
第一封警告邮件主题:AntiVir ALERT [your mail: "testing......."]
第二封警告邮件主题:AntiVir ALERT [mail from: fandy@easy.com]
同时也可以使用以下的命令查看maillog日志信息:
# tail /var/log/maillog
Oct 16 16:48:47 mail postfix/local[3112]: A897550DBC: to=fandy@easy.com, relay=local, delay=0, status=sent (delivered to mailbox)
Oct 16 16:48:48 mail postfix/qmgr[2110]: A897550DBC: removed
Oct 16 16:48:48 mail postfix/local[3112]: B5DC250DBD: to=postfix@easy.com, orig_to=, relay=local, delay=1, status=sent (delivered to mailbox)
Oct 16 16:48:48 mail postfix/qmgr[2110]: B5DC250DBD: removed
Oct 16 16:48:48 mail postfix/local[3110]: 9417C50DBB: to=fandy@easy.com, relay=local, delay=1, status=sent (delivered to mailbox)
Oct 16 16:48:48 mail postfix/qmgr[2110]: 9417C50DBB: removed
Oct 16 16:49:03 mail pop3-login: Login: fandy [::ffff:192.168.1.2]
Oct 16 16:52:07 mail postfix/anvil[3096]: statistics: max connection rate 1/60s for (smtp:192.168.1.2) at Oct 16 16:48:46
Oct 16 16:52:07 mail postfix/anvil[3096]: statistics: max connection count 1 for (smtp:192.168.1.2) at Oct 16 16:48:46
Oct 16 16:52:07 mail postfix/anvil[3096]: statistics: max cache size 1 at Oct 16 16:48:46
Step11、库升级antivir-mailgate的病毒的操作::
# antivir –update
AntiVir / Linux Version 2.1.4-11 +gui
Copyright (c) 1994-2005 by H+BEDV Datentechnik GmbH.
All rights reserved.
checking for updates
06.32.00.61 06.32.00.87 [vdf database, on-disk]
06.32.00.03 06.32.00.08 [scan engine, running]
06.32.00.03 06.32.00.08 [scan engine, on-disk]
antivir.vdf 100% |****************| 4277 KB 23.84 KB/s 0:00 ETA 6
antivir 100% |********************| 554 KB 21.36 KB/s 0:00 ETA
06.32.00.08 06.32.00.08 [scan engine, on-disk]
reloading AntiVir mail scanner ... OK
scan engine 06.32.00.03 06.32.00.08 (/usr/lib/AntiVir/antivir)
AntiVir updated successfully
Add1、本人的其它作品:
1、 RedHat Enterprise Server 4.1 安装Jabberd-2.0s9安装笔记
连接地址:http://www.gd-linux.com/bbs/showthread.php?t=2845
2、 RedHat Enterprise Server 4.1 下配置jdk-1.5.0.04安装笔记
连接地址:http://www.gd-linux.com/bbs/showthread.php?t=2813
3、Red Hat Enterprise Linux 4.1下配置BIND -9.2.4-2安装笔记
连接地址:http://www.gd-linux.com/bbs/showthread.php?t=2866
4、RedHat AS 4.1 + Postfix + dovecot + Apache + OpenWebMail 安装笔记
连接地址:http://www.gd-linux.com/bbs/showthread.php?t=2864
5、Red Hat Enterprise Linux 4.1 + F-Prot Antivirus + MailScanner 安装笔记
连接地址:http://www.gd-linux.com/bbs/showthread.php?t=2953
6、Red Hat Enterprise Linux 4.1 + antivir-mailgate安装笔记
连接地址:
Add2、/etc/avmailgate.acl文件详细内容:
# Access lists for AvMailGate
# These hosts and/or domains are local.
local: localhost
local: mail.easy.com pdc.easy.com easy.com
# These hosts and networks are allowed to relay.
relay: 127.0.0.1/8 192.168.1.0/24
Add3、/etc/services文件详细内容:
# /etc/services:
# $Id: services,v 1.40 2004/09/23 05:45:18 notting Exp $
#
# Network services, Internet style
#
# Note that it is presently the policy of IANA to assign a single well-known
# port number for both TCP and UDP; hence, most entries here have two entries
# even if the protocol doesn't support UDP operations.
# Updated from RFC 1700, ``Assigned Numbers'' (October 1994). Not all ports
# are included, only the more common ones.
#
# The latest IANA port assignments can be gotten from
# http://www.iana.org/assignments/port-numbers
# The Well Known Ports are those from 0 through 1023.
# The Registered Ports are those from 1024 through 49151
# The Dynamic and/or Private Ports are those from 49152 through 65535
#
# Each line describes one service, and is of the form:
#
# service-name port/protocol [aliases ...] [# comment]
tcpmux 1/tcp # TCP port service multiplexer
tcpmux 1/udp # TCP port service multiplexer
rje 5/tcp # Remote Job Entry
rje 5/udp # Remote Job Entry
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users
systat 11/udp users
daytime 13/tcp
daytime 13/udp
qotd 17/tcp quote
qotd 17/udp quote
msp 18/tcp # message send protocol
msp 18/udp # message send protocol
chargen 19/tcp ttytst source
chargen 19/udp ttytst source
ftp-data 20/tcp
ftp-data 20/udp
# 21 is registered to ftp, but also used by fsp
ftp 21/tcp
ftp 21/udp fsp fspd
ssh 22/tcp # SSH Remote Login Protocol
ssh 22/udp # SSH Remote Login Protocol
telnet 23/tcp
telnet 23/udp
# 24 - private mail system
lmtp 24/tcp # LMTP Mail Delivery
lmtp 24/udp # LMTP Mail Delivery
smtp 25/tcp mail
smtp 25/udp mail
time 37/tcp timserver
time 37/udp timserver
rlp 39/tcp resource # resource location
rlp 39/udp resource # resource location
nameserver 42/tcp name # IEN 116
nameserver 42/udp name # IEN 116
nicname 43/tcp whois
nicname 43/udp whois
tacacs 49/tcp # Login Host Protocol (TACACS)
tacacs 49/udp # Login Host Protocol (TACACS)
re-mail-ck 50/tcp # Remote Mail Checking Protocol
re-mail-ck 50/udp # Remote Mail Checking Protocol
domain 53/tcp # name-domain server
domain 53/udp
whois++ 63/tcp
whois++ 63/udp
bootps 67/tcp # BOOTP server
bootps 67/udp
bootpc 68/tcp # BOOTP client
bootpc 68/udp
tftp 69/tcp
tftp 69/udp
gopher 70/tcp # Internet Gopher
gopher 70/udp
netrjs-1 71/tcp # Remote Job Service
netrjs-1 71/udp # Remote Job Service
netrjs-2 72/tcp # Remote Job Service
netrjs-2 72/udp # Remote Job Service
netrjs-3 73/tcp # Remote Job Service
netrjs-3 73/udp # Remote Job Service
netrjs-4 74/tcp # Remote Job Service
netrjs-4 74/udp # Remote Job Service
finger 79/tcp
finger 79/udp
http 80/tcp www www-http # WorldWideWeb HTTP
http 80/udp www www-http # HyperText Transfer Protocol
kerberos 88/tcp kerberos5 krb5 # Kerberos v5
kerberos 88/udp kerberos5 krb5 # Kerberos v5
supdup 95/tcp
supdup 95/udp
hostname 101/tcp hostnames # usually from sri-nic
hostname 101/udp hostnames # usually from sri-nic
iso-tsap 102/tcp tsap # part of ISODE.
csnet-ns 105/tcp cso # also used by CSO name server
csnet-ns 105/udp cso
# unfortunately the poppassd (Eudora) uses a port which has already
# been assigned to a different service. We list the poppassd as an
# alias here. This should work for programs asking for this service.
# (due to a bug in inetd the 3com-tsmux line is disabled)
#3com-tsmux 106/tcp poppassd
#3com-tsmux 106/udp poppassd
rtelnet 107/tcp # Remote Telnet
rtelnet 107/udp
pop2 109/tcp pop-2 postoffice # POP version 2
pop2 109/udp pop-2
pop3 110/tcp pop-3 # POP version 3
pop3 110/udp pop-3
sunrpc 111/tcp portmapper # RPC 4.0 portmapper TCP
sunrpc 111/udp portmapper # RPC 4.0 portmapper UDP
auth 113/tcp authentication tap ident
auth 113/udp authentication tap ident
sftp 115/tcp
sftp 115/udp
uucp-path 117/tcp
uucp-path 117/udp
nntp 119/tcp readnews untp # USENET News Transfer Protocol
nntp 119/udp readnews untp # USENET News Transfer Protocol
ntp 123/tcp
ntp 123/udp # Network Time Protocol
netbios-ns 137/tcp # NETBIOS Name Service
netbios-ns 137/udp
netbios-dgm 138/tcp # NETBIOS Datagram Service
netbios-dgm 138/udp
netbios-ssn 139/tcp # NETBIOS session service
netbios-ssn 139/udp
imap 143/tcp imap2 # Interim Mail Access Proto v2
imap 143/udp imap2
snmp 161/tcp # Simple Net Mgmt Proto
snmp 161/udp # Simple Net Mgmt Proto
snmptrap 162/udp snmp-trap # Traps for SNMP
cmip-man 163/tcp # ISO mgmt over IP (CMOT)
cmip-man 163/udp
cmip-agent 164/tcp
cmip-agent 164/udp
mailq 174/tcp # MAILQ
mailq 174/udp # MAILQ
xdmcp 177/tcp # X Display Mgr. Control Proto
xdmcp 177/udp
nextstep 178/tcp NeXTStep NextStep # NeXTStep window
nextstep 178/udp NeXTStep NextStep # server
bgp 179/tcp # Border Gateway Proto.
bgp 179/udp
prospero 191/tcp # Cliff Neuman's Prospero
prospero 191/udp
irc 194/tcp # Internet Relay Chat
irc 194/udp
smux 199/tcp # SNMP Unix Multiplexer
smux 199/udp
at-rtmp 201/tcp # AppleTalk routing
at-rtmp 201/udp
at-nbp 202/tcp # AppleTalk name binding
at-nbp 202/udp
at-echo 204/tcp # AppleTalk echo
at-echo 204/udp
at-zis 206/tcp # AppleTalk zone information
at-zis 206/udp
qmtp 209/tcp # Quick Mail Transfer Protocol
qmtp 209/udp # Quick Mail Transfer Protocol
z39.50 210/tcp z3950 wais # NISO Z39.50 database
z39.50 210/udp z3950 wais
ipx 213/tcp # IPX
ipx 213/udp
imap3 220/tcp # Interactive Mail Access
imap3 220/udp # Protocol v3
link 245/tcp ttylink
link 245/udp ttylink
fatserv 347/tcp # Fatmen Server
fatserv 347/udp # Fatmen Server
rsvp_tunnel 363/tcp
rsvp_tunnel 363/udp
odmr 366/tcp # odmr required by fetchmail
odmr 366/udp # odmr required by fetchmail
rpc2portmap 369/tcp
rpc2portmap 369/udp # Coda portmapper
codaauth2 370/tcp
codaauth2 370/udp # Coda authentication server
ulistproc 372/tcp ulistserv # UNIX Listserv
ulistproc 372/udp ulistserv
ldap 389/tcp
ldap 389/udp
svrloc 427/tcp # Server Location Protocl
svrloc 427/udp # Server Location Protocl
mobileip-agent 434/tcp
mobileip-agent 434/udp
mobilip-mn 435/tcp
mobilip-mn 435/udp
https 443/tcp # MCom
https 443/udp # MCom
snpp 444/tcp # Simple Network Paging Protocol
snpp 444/udp # Simple Network Paging Protocol
microsoft-ds 445/tcp
microsoft-ds 445/udp
kpasswd 464/tcp kpwd # Kerberos "passwd"
kpasswd 464/udp kpwd # Kerberos "passwd"
photuris 468/tcp
photuris 468/udp
saft 487/tcp # Simple Asynchronous File Transfer
saft 487/udp # Simple Asynchronous File Transfer
gss-http 488/tcp
gss-http 488/udp
pim-rp-disc 496/tcp
pim-rp-disc 496/udp
isakmp 500/tcp
isakmp 500/udp
gdomap 538/tcp # GNUstep distributed objects
gdomap 538/udp # GNUstep distributed objects
iiop 535/tcp
iiop 535/udp
dhcpv6-client 546/tcp
dhcpv6-client 546/udp
dhcpv6-server 547/tcp
dhcpv6-server 547/udp
rtsp 554/tcp # Real Time Stream Control Protocol
rtsp 554/udp # Real Time Stream Control Protocol
nntps 563/tcp # NNTP over SSL
nntps 563/udp # NNTP over SSL
whoami 565/tcp
whoami 565/udp
submission 587/tcp msa # mail message submission
submission 587/udp msa # mail message submission
npmp-local 610/tcp dqs313_qmaster # npmp-local / DQS
npmp-local 610/udp dqs313_qmaster # npmp-local / DQS
npmp-gui 611/tcp dqs313_execd # npmp-gui / DQS
npmp-gui 611/udp dqs313_execd # npmp-gui / DQS
hmmp-ind 612/tcp dqs313_intercell # HMMP Indication / DQS
hmmp-ind 612/udp dqs313_intercell # HMMP Indication / DQS
ipp 631/tcp # Internet Printing Protocol
ipp 631/udp # Internet Printing Protocol
ldaps 636/tcp # LDAP over SSL
ldaps 636/udp # LDAP over SSL
acap 674/tcp
acap 674/udp
ha-cluster 694/tcp # Heartbeat HA-cluster
ha-cluster 694/udp # Heartbeat HA-cluster
kerberos-adm 749/tcp # Kerberos `kadmin' (v5)
kerberos-iv 750/udp kerberos4 kerberos-sec kdc
kerberos-iv 750/tcp kerberos4 kerberos-sec kdc
webster 765/tcp # Network dictionary
webster 765/udp
phonebook 767/tcp # Network phonebook
phonebook 767/udp
rsync 873/tcp # rsync
rsync 873/udp # rsync
telnets 992/tcp
telnets 992/udp
imaps 993/tcp # IMAP over SSL
imaps 993/udp # IMAP over SSL
ircs 994/tcp
ircs 994/udp
pop3s 995/tcp # POP-3 over SSL
pop3s 995/udp # POP-3 over SSL
#
# UNIX specific services
#
exec 512/tcp
biff 512/udp comsat
login 513/tcp
who 513/udp whod
shell 514/tcp cmd # no passwords used
syslog 514/udp
printer 515/tcp spooler # line printer spooler
printer 515/udp spooler # line printer spooler
talk 517/udp
ntalk 518/udp
utime 519/tcp unixtime
utime 519/udp unixtime
efs 520/tcp
router 520/udp route routed # RIP
ripng 521/tcp
ripng 521/udp
timed 525/tcp timeserver
timed 525/udp timeserver
tempo 526/tcp newdate
courier 530/tcp rpc
conference 531/tcp chat
netnews 532/tcp
netwall 533/udp # -for emergency broadcasts
uucp 540/tcp uucpd # uucp daemon
klogin 543/tcp # Kerberized `rlogin' (v5)
kshell 544/tcp krcmd # Kerberized `rsh' (v5)
afpovertcp 548/tcp # AFP over TCP
afpovertcp 548/udp # AFP over TCP
remotefs 556/tcp rfs_server rfs # Brunhoff remote filesystem
#
# From ``PORT NUMBERS'':
#
#REGISTERED PORT NUMBERS
#
#The Registered Ports are listed by the IANA and on most systems can be
#used by ordinary user processes or programs executed by ordinary
#users.
#
#Ports are used in the TCP [RFC793] to name the ends of logical
#connections which carry long term conversations. For the purpose of
#providing services to unknown callers, a service contact port is
#defined. This list specifies the port used by the server process as
#its contact port.
#
#The IANA registers uses of these ports as a convienence to the
#community.
#
socks 1080/tcp # socks proxy server
socks 1080/udp # socks proxy server
# Port 1236 is registered as `bvcontrol', but is also used by the
# Gracilis Packeten remote config server. The official name is listed as
# the primary name, with the unregistered name as an alias.
bvcontrol 1236/tcp rmtcfg # Daniel J. Walsh, Gracilis Packeten remote config server
bvcontrol 1236/udp # Daniel J. Walsh
h323hostcallsc 1300/tcp # H323 Host Call Secure
h323hostcallsc 1300/udp # H323 Host Call Secure
ms-sql-s 1433/tcp # Microsoft-SQL-Server
ms-sql-s 1433/udp # Microsoft-SQL-Server
ms-sql-m 1434/tcp # Microsoft-SQL-Monitor
ms-sql-m 1434/udp # Microsoft-SQL-Monitor
ica 1494/tcp # Citrix ICA Client
ica 1494/udp # Citrix ICA Client
wins 1512/tcp # Microsoft's Windows Internet Name Service
wins 1512/udp # Microsoft's Windows Internet Name Service
ingreslock 1524/tcp
ingreslock 1524/udp
prospero-np 1525/tcp # Prospero non-privileged
prospero-np 1525/udp
datametrics 1645/tcp old-radius # datametrics / old radius entry
datametrics 1645/udp old-radius # datametrics / old radius entry
sa-msg-port 1646/tcp old-radacct # sa-msg-port / old radacct entry
sa-msg-port 1646/udp old-radacct # sa-msg-port / old radacct entry
kermit 1649/tcp
kermit 1649/udp
l2tp 1701/tcp l2f
l2tp 1701/udp l2f
h323gatedisc 1718/tcp
h323gatedisc 1718/udp
h323gatestat 1719/tcp
h323gatestat 1719/udp
h323hostcall 1720/tcp
h323hostcall 1720/udp
tftp-mcast 1758/tcp
tftp-mcast 1758/udp
mtftp 1759/udp
hello 1789/tcp
hello 1789/udp
radius 1812/tcp # Radius
radius 1812/udp # Radius
radius-acct 1813/tcp radacct # Radius Accounting
radius-acct 1813/udp radacct # Radius Accounting
mtp 1911/tcp #
mtp 1911/udp #
hsrp 1985/tcp # Cisco Hot Standby Router Protocol
hsrp 1985/udp # Cisco Hot Standby Router Protocol
licensedaemon 1986/tcp
licensedaemon 1986/udp
gdp-port 1997/tcp # Cisco Gateway Discovery Protocol
gdp-port 1997/udp # Cisco Gateway Discovery Protocol
sieve 2000/tcp # Sieve Mail Filter Daemon
sieve 2000/udp # Sieve Mail Filter Daemon
nfs 2049/tcp nfsd
nfs 2049/udp nfsd
zephyr-srv 2102/tcp # Zephyr server
zephyr-srv 2102/udp # Zephyr server
zephyr-clt 2103/tcp # Zephyr serv-hm connection
zephyr-clt 2103/udp # Zephyr serv-hm connection
zephyr-hm 2104/tcp # Zephyr hostmanager
zephyr-hm 2104/udp # Zephyr hostmanager
cvspserver 2401/tcp # CVS client/server operations
cvspserver 2401/udp # CVS client/server operations
venus 2430/tcp # codacon port
venus 2430/udp # Venus callback/wbc interface
venus-se 2431/tcp # tcp side effects
venus-se 2431/udp # udp sftp side effect
codasrv 2432/tcp # not used
codasrv 2432/udp # server port
codasrv-se 2433/tcp # tcp side effects
codasrv-se 2433/udp # udp sftp side effectQ
# Ports numbered 2600 through 2606 are used by the zebra package without
# being registred. The primary names are the registered names, and the
# unregistered names used by zebra are listed as aliases.
hpstgmgr 2600/tcp zebrasrv # HPSTGMGR
hpstgmgr 2600/udp # HPSTGMGR
discp-client 2601/tcp zebra # discp client
discp-client 2601/udp # discp client
discp-server 2602/tcp ripd # discp server
discp-server 2602/udp # discp server
servicemeter 2603/tcp ripngd # Service Meter
servicemeter 2603/udp # Service Meter
nsc-ccs 2604/tcp ospfd # NSC CCS
nsc-ccs 2604/udp # NSC CCS
nsc-posa 2605/tcp bgpd # NSC POSA
nsc-posa 2605/udp # NSC POSA
netmon 2606/tcp ospf6d # Dell Netmon
netmon 2606/udp # Dell Netmon
dict 2628/tcp # RFC 2229
dict 2628/udp # RFC 2229
corbaloc 2809/tcp # CORBA naming service locator
icpv2 3130/tcp # Internet Cache Protocol V2 (Squid)
icpv2 3130/udp # Internet Cache Protocol V2 (Squid)
mysql 3306/tcp # MySQL
mysql 3306/udp # MySQL
trnsprntproxy 3346/tcp # Trnsprnt Proxy
trnsprntproxy 3346/udp # Trnsprnt Proxy
pxe 4011/udp # PXE server
fud 4201/udp # Cyrus IMAP FUD Daemon
rwhois 4321/tcp # Remote Who Is
rwhois 4321/udp # Remote Who Is
krb524 4444/tcp # Kerberos 5 to 4 ticket xlator
krb524 4444/udp # Kerberos 5 to 4 ticket xlator
rfe 5002/tcp # Radio Free Ethernet
rfe 5002/udp # Actually uses UDP only
cfengine 5308/tcp # CFengine
cfengine 5308/udp # CFengine
cvsup 5999/tcp CVSup # CVSup file transfer/John Polstra/FreeBSD
cvsup 5999/udp CVSup # CVSup file transfer/John Polstra/FreeBSD
x11 6000/tcp X # the X Window System
afs3-fileserver 7000/tcp # file server itself
afs3-fileserver 7000/udp # file server itself
afs3-callback 7001/tcp # callbacks to cache managers
afs3-callback 7001/udp # callbacks to cache managers
afs3-prserver 7002/tcp # users %26amp; groups database
afs3-prserver 7002/udp # users %26amp; groups database
afs3-vlserver 7003/tcp # volume location database
afs3-vlserver 7003/udp # volume location database
afs3-kaserver 7004/tcp # AFS/Kerberos authentication service
afs3-kaserver 7004/udp # AFS/Kerberos authentication service
afs3-volser 7005/tcp # volume managment server
afs3-volser 7005/udp # volume managment server
afs3-errors 7006/tcp # error interpretation service
afs3-errors 7006/udp # error interpretation service
afs3-bos 7007/tcp # basic overseer process
afs3-bos 7007/udp # basic overseer process
afs3-update 7008/tcp # server-to-server updater
afs3-update 7008/udp # server-to-server updater
afs3-rmtsys 7009/tcp # remote cache manager service
afs3-rmtsys 7009/udp # remote cache manager service
sd 9876/tcp # Session Director
sd 9876/udp # Session Director
amanda 10080/tcp # amanda backup services
amanda 10080/udp # amanda backup services
pgpkeyserver 11371/tcp # PGP/GPG public keyserver
pgpkeyserver 11371/udp # PGP/GPG public keyserver
h323callsigalt 11720/tcp # H323 Call Signal Alternate
h323callsigalt 11720/udp # H323 Call Signal Alternate
bprd 13720/tcp # BPRD (VERITAS NetBackup)
bprd 13720/udp # BPRD (VERITAS NetBackup)
bpdbm 13721/tcp # BPDBM (VERITAS NetBackup)
bpdbm 13721/udp # BPDBM (VERITAS NetBackup)
bpjava-msvc 13722/tcp # BP Java MSVC Protocol
bpjava-msvc 13722/udp # BP Java MSVC Protocol
vnetd 13724/tcp # Veritas Network Utility
vnetd 13724/udp # Veritas Network Utility
bpcd 13782/tcp # VERITAS NetBackup
bpcd 13782/udp # VERITAS NetBackup
vopied 13783/tcp # VOPIED Protocol
vopied 13783/udp # VOPIED Protocol
# This port is registered as wnn6, but also used under the unregistered name
# "wnn4" by the FreeWnn package.
wnn6 22273/tcp wnn4
wnn6 22273/udp wnn4
quake 26000/tcp
quake 26000/udp
wnn6-ds 26208/tcp
wnn6-ds 26208/udp
traceroute 33434/tcp
traceroute 33434/udp
#
# Datagram Delivery Protocol services
#
rtmp 1/ddp # Routing Table Maintenance Protocol
nbp 2/ddp # Name Binding Protocol
echo 4/ddp # AppleTalk Echo Protocol
zip 6/ddp # Zone Information Protocol
#
# Kerberos (Project Athena/MIT) services
# Note that these are for Kerberos v4, and are unregistered/unofficial. Sites
# running v4 should uncomment these and comment out the v5 entries above.
#
kerberos_master 751/udp # Kerberos authentication
kerberos_master 751/tcp # Kerberos authentication
passwd_server 752/udp # Kerberos passwd server
krbupdate 760/tcp kreg # Kerberos registration
kpop 1109/tcp # Pop with Kerberos
knetd 2053/tcp # Kerberos de-multiplexor
#
# Kerberos 5 services, also not registered with IANA
#
krb5_prop 754/tcp # Kerberos slave propagation
eklogin 2105/tcp # Kerberos encrypted rlogin
#
# Unregistered but necessary(?) (for NetBSD) services
#
supfilesrv 871/tcp # SUP server
supfiledbg 1127/tcp # SUP debugging
#
# Unregistered but useful/necessary other services
#
netstat 15/tcp # (was once asssigned, no more)
linuxconf 98/tcp # Linuxconf HTML access
poppassd 106/tcp # Eudora
poppassd 106/udp # Eudora
smtps 465/tcp # SMTP over SSL (TLS)
gii 616/tcp # gated interactive interface
omirr 808/tcp omirrd # online mirror
omirr 808/udp omirrd # online mirror
swat 901/tcp # Samba Web Administration Tool
rndc 953/tcp # rndc control sockets (BIND 9)
rndc 953/udp # rndc control sockets (BIND 9)
skkserv 1178/tcp # SKK Japanese input method
xtel 1313/tcp # french minitel
support 1529/tcp prmsd gnatsd # GNATS, cygnus bug tracker
cfinger 2003/tcp # GNU Finger
ninstall 2150/tcp # ninstall service
ninstall 2150/udp # ninstall service
afbackup 2988/tcp # Afbackup system
afbackup 2988/udp # Afbackup system
squid 3128/tcp # squid web proxy
prsvp 3455/tcp # RSVP Port
prsvp 3455/udp # RSVP Port
distcc 3632/tcp # distcc
svn 3690/tcp # Subversion
svn 3690/udp # Subversion
postgres 5432/tcp # POSTGRES
postgres 5432/udp # POSTGRES
fax 4557/tcp # FAX transmission service (old)
hylafax 4559/tcp # HylaFAX client-server protocol (new)
sgi-dgl 5232/tcp # SGI Distributed Graphics
sgi-dgl 5232/udp
noclog 5354/tcp # noclogd with TCP (nocol)
noclog 5354/udp # noclogd with UDP (nocol)
hostmon 5355/tcp # hostmon uses TCP (nocol)
hostmon 5355/udp # hostmon uses TCP (nocol)
canna 5680/tcp
x11-ssh-offset 6010/tcp # SSH X11 forwarding offset
ircd 6667/tcp # Internet Relay Chat
ircd 6667/udp # Internet Relay Chat
xfs 7100/tcp # X font server
tircproxy 7666/tcp # Tircproxy
http-alt 8008/tcp
http-alt 8008/udp
webcache 8080/tcp # WWW caching service
webcache 8080/udp # WWW caching service
tproxy 8081/tcp # Transparent Proxy
tproxy 8081/udp # Transparent Proxy
jetdirect 9100/tcp laserjet hplj #
mandelspawn 9359/udp mandelbrot # network mandelbrot
kamanda 10081/tcp # amanda backup services (Kerberos)
kamanda 10081/udp # amanda backup services (Kerberos)
amandaidx 10082/tcp # amanda backup services
amidxtape 10083/tcp # amanda backup services
isdnlog 20011/tcp # isdn logging system
isdnlog 20011/udp # isdn logging system
vboxd 20012/tcp # voice box system
vboxd 20012/udp # voice box system
wnn4_Kr 22305/tcp # used by the kWnn package
wnn4_Cn 22289/tcp # used by the cWnn package
wnn4_Tw 22321/tcp # used by the tWnn package
binkp 24554/tcp # Binkley
binkp 24554/udp # Binkley
asp 27374/tcp # Address Search Protocol
asp 27374/udp # Address Search Protocol
tfido 60177/tcp # Ifmail
tfido 60177/udp # Ifmail
fido 60179/tcp # Ifmail
fido 60179/udp # Ifmail
# Local services
antivir 10024/tcp #Port for avgated
smtp-backdoor 10025/tcp #Port for postfix backdoor
Add4、/etc/avmailgate.conf文件详细内容:
#################################################################
## avmailgate.conf ##
#################################################################
# This file lists all the available parameters. Lines beginning with '#'
# are comments and are ignored. If a parameter is not specified, some
# default value is used. The default values are the values shown here,
# unless otherwise indicated.
###################################
# Parameters used by both daemons #
###################################
# ------------------------------------------------------------------------
# Avgated and avgatefwd will switch to this user and group
# as soon as possible. Avgated will do this after opening
# the SMTP port and avgatefwd will do it immediately.
# User uucp
# Group antivir
# ------------------------------------------------------------------------
# Who will get errors and alert messages.
# Postmaster postmaster
# ------------------------------------------------------------------------
# MyHostName: FQDN of the local host.
# The default value, if not set in configuration file, is that
# obtained by gethostname(2), or if this fails, "localhost".
# MyHostName localhost
# ------------------------------------------------------------------------
# The spooldir must be owned by User:Group (as specified above)
# and must be accessible by only this user (mode = 0700).
# Both programs will yell and refuse to run if something is wrong.
# SpoolDir /var/spool/avmailgate
# ------------------------------------------------------------------------
# AntiVirDir: The antivir 'library' directory, where the VDF,
# the key, and some other files are stored.
# AntiVirDir /usr/lib/AntiVir
# ------------------------------------------------------------------------
# TemporaryDir: Where the temporary files are stored
# (for example, attachments while checking them).
# It needs enough space to hold uncompressed attachments
# for each forwarder, and some more.
# Default: "/var/tmp" or else "/tmp".
# TemporaryDir /var/tmp
# ------------------------------------------------------------------------
# You can set this option to RECIPIENT, SENDER or BOTH to allow matching of
# domain name of the recipient and/or sender mail address, to check if it's
# to be considered local.
# If MatchMailAddressForLocal is RECIPIENT, and the recipient address matches
# the domain given in "local:", mail will be accepted.
# If MatchMailAddressForLocal is SENDER, and the sender address matches the
# domain given in "local:", mail will be accepted.
# If MatchMailAdressForLocal is BOTH, and the recipient or the sender adresses
# matches the domain given in "local:" mail will be accepted.
# MatchMailAddressForLocal RECIPIENT
# ------------------------------------------------------------------------
# SMTP greeting message.
# SMTPBanner "AntiVir MailGate"
# ------------------------------------------------------------------------
# Where the pid files of avgated and avgatefwd are stored.
# Default: "/var/tmp" or else "/tmp".
# PidDir /var/tmp
# ------------------------------------------------------------------------
# Specify the facility for the syslog.
# E.g.: SyslogFacility local0
# SyslogFacility mail
# ------------------------------------------------------------------------
# Specify a full path with a filename to which AntiVir MailGate
# will write its log messages. AntiVir MailGate still logs to syslog
# even if this option is set.
# Default: NO - dont use custom logfile.
# E.g.: LogFile /var/log/avmailgate.log
# LogFile NO
##############################
# Parameters used by avgated #
##############################
# ------------------------------------------------------------------------
# Select the interface, the SMTP daemon will listen on.
# The default listen address of 0.0.0.0 means all interfaces.
# IF YOU ARE UNSURE JUST LEAVE IT AS IS!
ListenAddress localhost port antivir
# ------------------------------------------------------------------------
# Limit the number of simultaneous connections from remote sites.
# A limit of 0 disables this feature.
# MaxIncomingConnections 0
# ------------------------------------------------------------------------
# Number of seconds until a timeout occures in SMTP conversation.
# SMTPTimeout 300
# ------------------------------------------------------------------------
# Larger mails will be rejected.
# A limit of 0 means "no limit" (in bytes).
# MaxMessageSize 0
# ------------------------------------------------------------------------
# Refuse incoming connections if less free blocks are available
# on the filesystem containing the spool directory.
# MinFreeBlocks 100
# ------------------------------------------------------------------------
# So many recipients can be accepted at once.
# MaxRecipientsPerMessage 100
# ------------------------------------------------------------------------
# Refuse 'MAIL FROM:'.
# Actually, RFC2821, RFC821 and RFC2505 explicitely note that 'MAIL FROM: '
# MUST be accepted. It is strongly recommended not to change the
# default setting.
# RefuseEmptyMailFrom NO
# ------------------------------------------------------------------------
# If AllowSourceRouting is NO, if source routing is present in the
# given recipient address path, it's removed.
# If AllowSourceRouting is YES, then source routing is honored, and
# the messages is forwared to the first host specified in the route.
# AllowSourceRouting NO
# ------------------------------------------------------------------------
# If InEnvelopeAddressesBangIs is REFUSED, the presence of an unquoted
# "!" in the recipient envelope address implies that the message will be
# refused.
# If InEnvelopeAddressesBangIs is IGNORED, any unquoted "!" will be
# processed as any other non-special character of the address.
# If InEnvelopeAddressesBangIs is INTERPRETED, then the address is
# rewritten in RFC821 standard form. An address such as:
# hostA!hostB!hostC!user
# is rewritten as:
# @hostA,@hostB:user@hostC
# Then, if source routing is allowed, the message is transmited to
# hostA, otherwise it's directly sent to hostC.
# Thus, this rewritting allow us to discover the recipient host, in the
# case where all the UUCP gateways on the route would have interpreted
# the address the same way as us. (If that were not the case, then this
# parameters should be set to IGNORED).
# InEnvelopeAddressesBangIs REFUSED
# ------------------------------------------------------------------------
# If InEnvelopeAddressesPercentIs is REFUSED, the presence of an
# unquoted "%" in the recipient envelope add, ress implies that the message
# will be refused.
# If InEnvelopeAddressesPercentIs is IGNORED, any unquoted "%" will be
# processed as any other non-special character of the address.
# If InEnvelopeAddressesPercentIs is INTERPRETED, then the address is
# rewritten in RFC821 standard form. An address such as:
# user%hostC%hostB@hostA
# is rewritten as:
# @hostA,@hostB:user@hostC
# Then, if source routing is allowed, the message is transmited to
# hostA, otherwise it's directly sent to hostC.
# Thus, this rewritting allow us to discover the recipient host, in the
# case where all the gateways on the route would have interpreted the
# address the same way as us. (If that were not the case, then this
# parameters should be set to IGNORED).
# InEnvelopeAddressesPercentIs REFUSED
# ------------------------------------------------------------------------
# If AcceptLooseDomainName is NO, if the name of the domain selected
# for delivery (depending on source routing) does not strictly conform
# the domain name syntax, then it's refused.
# If AcceptLooseDomainName is YES, then no check is done on the domain
# name, apart of interpreting the domain name syntax for numerical IP
# addresses.
# AcceptLooseDomainName NO
# ------------------------------------------------------------------------
# If AddressFilter is YES, the recipient address and/or the sender address of
# an email will be matched against a table of addresses.
# Two tables will be matched in a specified order (see option "FilterTableOrder").
# For more details please have a look at the MANUAL.
# (YES is only available in commercial mode)
# AddressFilter NO
# ------------------------------------------------------------------------
# If AddressFilter is set to yes one can specify which table has to be matched
# for a sender and/or recipient address first.
# Options are: scan,ignore | ignore,scan
# FilterTableOrder scan,ignore
################################
# Parameters used by avgatefwd #
################################
# -----------------------------------------------------------------------
# Timeout, in seconds, to receive the greeting message from the remote host.
# SMTPGreetingTimeout 300
# -----------------------------------------------------------------------
# Timeout, in seconds, to receive a reply to the EHLO/HELO command.
# SMTPHeloTimeout 300
# -----------------------------------------------------------------------
# Timeout, in seconds, to receive a reply to the MAIL FROM command.
# SMTPMailFromTimeout 300
# -----------------------------------------------------------------------
# Timeout, in seconds, to receive a reply to the RCPT TO command.
# SMTPRcptTimeout 300
# -----------------------------------------------------------------------
# Timeout, in seconds, to receive a reply to the DATA command.
# SMTPDataTimeout 120
# -----------------------------------------------------------------------
# Timeout, in seconds, for sending one data block.
# SMTPDataBlockTimeout 180
# -----------------------------------------------------------------------
# Timeout, in seconds, to receive a reply to the final dot.
# After sending the message.
# SMTPDataPeriodTimeout 600
# ------------------------------------------------------------------------
# Number of forwarders running simultaneously.
# (All the forwarders are of the same class, as specified by
# the following option).
# MaxForwarders 10
# ------------------------------------------------------------------------
# Select how mail should be forwarded.
# Send mail by piping it thru sendmail (this is the default):
# ForwardTo /usr/lib/sendmail -oem -oi
# Or if you want the mail to be sent by SMTP:
ForwardTo SMTP: localhost port smtp-backdoor
# ------------------------------------------------------------------------
# Maximum number of attachments to scan in single MIME mail.
# MaxAttachments 100
# ------------------------------------------------------------------------
# Stop delivery of suspicious MIME mails. Occurs if MaxAttachments has
# been reached.
# BlockSuspiciousMime NO
# ------------------------------------------------------------------------
# Block mails which are coded as a fragmented message.
# "Message Fragmentation and Reassembly" (RFC2046, section 5.2.2.1).
# BlockFragmentedMessage NO
# ------------------------------------------------------------------------
# Block emails which have an attachment with one of the
# specified extensions in the filename.
# Each extension is separated by a semicolon.
# Note that filenames in archives are matched too, not
# only the name in the MIME header.
# E.g.: BlockExtensions exe;scr;pif
# BlockExtensions NO
# ------------------------------------------------------------------------
# Send alerts to recipients.
# If ExposeRecipientAlerts is NO, no alerts will be sent to recipients.
# If ExposeRecipientAlerts is LOCAL, alerts to recipients will only be
# sent if recipient is local to your domain.
# If ExposeRecipientAlerts is YES, alerts will always be sent to
# recipients.
# (NO is only available in commercial mode)
# ExposeRecipientAlerts LOCAL
# ------------------------------------------------------------------------
# Send alerts to sender.
# If ExposeSenderAlerts is NO, no alerts will be sent to sender.
# If ExposeSenderAlerts is LOCAL, alerts to sender will only be
# sent if sender is local to your domain.
# If ExposeSenderAlerts is YES, alerts will always be sent to
# sender.
# (NO is only available in commercial mode)
# ExposeSenderAlerts LOCAL
# ------------------------------------------------------------------------
# Send alerts to Postmaster.
# This option is only available in commercial mode.
# ExposePostmasterAlerts YES
# ------------------------------------------------------------------------
# User name of sender of alerts, if an alert was found in a mail.
# AlertsUser AvMailGate
# or
# AlertsUser AvMailGate@domainname
# ------------------------------------------------------------------------
# If AddStatusInBody is NO, no status notification is inserted in
# the body of emails.
# If AddStatusInBody is YES:
# A default text will be inserted to each mail.
# If a file named body-state exists in the template subdirectory
# of the program directory, the text in this file will be inserted
# in the mail (body-state is only used due to compatibility issues).
# If AddStatusInBody is a full path to a file, the text in the given file
# will be inserted in the mail.
# AddStatusInBody NO
# If AddStatusInBody is set, no status text will be inserted,
# if the mail is larger than MaxMessageSizeStatus.
# The size can be specified in megabytes (m), kilobytes (k) or bytes (b).
#
# E.g. MaxMessageSizeStatus 2m
#
# MaxMessageSizeStatus 0
# ------------------------------------------------------------------------
# If ForwardAllEmailAsMIME is NO, incoming emails that are not MIME
# emails get out as they came, non-MIME.
# If ForwardAllEmailAsMIME is YES:
# The behaviour does not change for MIME emails.
# However, plain RFC mails will get a MIME header of Content-Type
# text/plain and Content-Disposition inline. The encoding is 7bit
# or 8bit depending on the original message.
# ForwardAllEmailAsMIME NO
# ------------------------------------------------------------------------
# If ScanInArchive is NO, no files in an archive will be scanned.
# If ScanInArchives is YES, all files in archives are going to be extracted
# and scanned, depending on the restrictions given with
# ArchiveMaxSize, ArchiveMaxRecursion and ArchiveMaxRatio.
# ScanInArchive YES
# ------------------------------------------------------------------------
# If ArchiveMaxSize is 0, all files in an archive will be extracted,
# don't care of their unpacked size.
# If ArchiveMaxSize is 0, all files up to the adjusted size will be
# extracted (in bytes).
# ArchiveMaxSize 0
# ------------------------------------------------------------------------
# If the compression ratio is above the value specified here,
# the mail will not be scanned completely.
# If ArchiveMaxRatio is 0, the mail be scanned completely.
# ArchiveMaxRatio 150
# ------------------------------------------------------------------------
# If ArchiveMaxRecursion is 0, recursive archives are going to be
# unpacked with an unlimited recursion depth.
# If ArchiveMaxRecursion is 0, recursive archives are going to be
# unpacked up to the adjusted recursion depth.
# ArchiveMaxRecursion 20
# ------------------------------------------------------------------------
# If BlockSuspiciousArchive is NO, don't stop delivery of mails
# containing archives with suspicious content.
# If BlockSuspiciousArchive is YES, stop delivery of mails
# containing archives that reached the limits of ArchiveMaxRecursion,
# ArchiveMaxSize or ArchiveMaxRatio.
# BlockSuspiciousArchive NO
# ------------------------------------------------------------------------
# If BlockEncryptedArchive is NO, don't stop delivery of mails
# containing encrypted files in archives.
# If BlockEncryptedArchive is YES, stop delivery of mails
# containing encrypted files in an archive.
# BlockEncryptedArchive NO
# ------------------------------------------------------------------------
# If BlockOnError is NO, don't stop delivery of mails
# containing archives that cause errors when processing them
# or that cause the scan process to timeout.
# If BlockOnError is YES, stop delivery of mails
# containing archives that cause errors when processing them
# or that cause the scan process to timeout.
# BlockOnError NO
# ------------------------------------------------------------------------
# If BlockUnsupportedArchive is NO, don't stop delivery of mails
# containing archives that can not be handled by the scanner.
# If BlockUnsupportedArchive is YES, stop delivery of mails
# containing archives that can not be handled by the scanner.
# BlockUnsupportedArchive NO
# ------------------------------------------------------------------------
# PollPeriod specifies the periodicity, in seconds, of the queue
# scanning done by avgatefwd.
# PollPeriod 60
# ------------------------------------------------------------------------
# QueueLifetime specifies the maximum time a message can stay in the
# queue before it will be bounced. (s=seconds, m=minutes, h=hours, d=days).
# 0 disables this feature.
# QueueLifetime 0
# ------------------------------------------------------------------------
# ForwarderRetryDelay specifies the maximum time between retrying
# to send a queued message (s=seconds, m=minutes, h=hours, d=days).
# E.g. 30m
# - The message will not be reprocessed within the next 30 minutes.
# ForwarderRetryDelay 30m
# ------------------------------------------------------------------------
# ThrottleMessageCount is only needed if you have a huge queue and you do not
# want the mails to be processed at once after starting the forwarder daemon.
# Usually you do not need this option.
# If this option and the option "ThrottleDelay" is set, only
# "ThrottleMessageCount" mails will be reprocessed at once. After reprocessing
# the mails, the forwarder daemon will sleep for "ThrottleDelay" seconds.
# After "ThrottleDelay" seconds, the daemon will process the next
# "ThrottleMessageCount" messages. This will be done until all messages
# are reprocessed.
# If the queue is empty this option will not be used anymore and throttling
# will be disabled.
# NOTE: If the queue gets filled during a throttled reprocessing of mails,
# the new mails will not be processed immediately!
# You should not accept mails while a throttled reprocessing of mails is active!
# 0 disables this feature.
# ThrottleMessageCount 0
# -----------------------------------------------------------------------
# ThrottleDelay specifies the amount of seconds the forwarder daemon will
# sleep after reprocessing "ThrottleMessageCount" queued mails.
# See option "ThrottleMessageCount".
# 0 disables this feature.
# ThrottleDelay 0
# ------------------------------------------------------------------------
# User name of sender of error messages, if a mail couldn't be delivered via
# MTA (bounce messages).
# BounceMessageUser MAILER-DAEMON
# or
# BounceMessageUser MAILER-DAEMON@domainname
# ------------------------------------------------------------------------
# BounceMessageSizeBody limits the size in bytes of the body of bounce
# mails.
# A value of 0 means unlimited.
# BounceMessageSizeBody 0
# ------------------------------------------------------------------------
# BounceMessageSizeHeader limits the size in bytes of the header of bounce
# mails.
# A value of 0 means unlimited.
# BounceMessageSizeHeader 0
# ------------------------------------------------------------------------
# If AddXHeaderInfo is YES, information about scanning status is added
# to the header of checked mail. E.g.: "X-AntiVirus: Checked by ..."
# This option is only available in commercial mode.
# AddXHeader YES
# ------------------------------------------------------------------------
# If AddReceivedByHeader is YES, a "Received:" stamp is added to
# the header of the mail.
# AddReceivedByHeader YES
# ------------------------------------------------------------------------
# Prevent mail loops. If there are more than MaxHopCount "Received:"
# lines in the header, the mail will not be accepted.
# 0 disables this feature.
# MaxHopCount 100
# ------------------------------------------------------------------------
# ScanTimeout specifies the scan time of mail, in seconds, when to stop
# scanning of mails.
# ScanTimeout 300
# ------------------------------------------------------------------------
# Call external program or script if an alert was found. The argument is
# the id of the rejected message.
# ExternalProgram /dir/my_own_script
# ------------------------------------------------------------------------
# Send notification mail every day, 30 days before license will expire.
# 0 means no notification mail.
# NotifyEndOfLicense 30
# ------------------------------------------------------------------------
# If AddPrecedenceHeader is YES, a line (Precedence: junk) is added to the
# header of a notice-mail. If neither YES nor NO is given, the custom text
# will be inserted.
# This option causes some E-Mail-autoresponders to NOT respond
# to the received notice-mail. This option is only available in commercial mode.
# AddPrecedenceHeader NO
# ------------------------------------------------------------------------
# If AddHeaderToNotice is set to YES, the original header of the infected
# mail will be appended to the postmaster notice mail.
# This option is only available in commercial mode.
# AddHeaderToNotice YES
# ------------------------------------------------------------------------
# The proxy feature in SAVAPI performs scans more efficiently
# by using and reusing a prepared pool of AntiVir scanners. While this
# pool increases throughput this feature requires the pool size
# to be wisely chosen -- too many scanners will put load on the
# machine without gaining more performance, too few scanners may
# have the SAVAPI using applications wait unnecessarily.
# UseProxy NO
# ------------------------------------------------------------------------
# The number of prepared AntiVir scanners in the pool.
# See option "UseProxy"
# ProxyScanners 8
# ------------------------------------------------------------------------
# The maximum number of simultaneous allowed connections
# from AntiVir MailGate to the scanner pool.
# ProxyConnections 32
# ------------------------------------------------------------------------
# Enable GUI support
# GuiSupport NO
# ------------------------------------------------------------------------
# Path to CA file
# GuiCAFile /usr/lib/AntiVir/gui/cert/cacert.pem
# ------------------------------------------------------------------------
# Path to cert file
# GuiCertFile /usr/lib/AntiVir/gui/cert/server.pem
# ------------------------------------------------------------------------
# Password for certificate
# GuiCertPass antivir_default
## Configuration file for AntiVir MailGate 2.0.3-25
Add5、/etc/postfix/master. cf文件详细内容:
#
# Postfix master process configuration file. For details on the format
# of the file, see the Postfix master(5) manual page.
#
# =================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# =================================================================
smtp inet n - n - - smtpd
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
localhost:smtp-backdoor inet n - n - - smtpd -o content_filter=
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
=================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# =================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus unix - n n - - pipe
user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail.postfix ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
Add6、/etc/postfix/main.cf文件详细内容:
# Global Postfix configuration file. This file lists only a subset
# of all 300+ parameters. See the postconf(5) manual page for a
# complete list.
#
# The general format of each line is: parameter = value. Lines
# that begin with whitespace continue the previous line. A value can
# contain references to other $names or ${name}s.
#
# NOTE - CHANGE NO MORE THAN 2-3 PARAMETERS AT A TIME, AND TEST IF
# POSTFIX STILL WORKS AFTER EVERY CHANGE.
# SOFT BOUNCE
#
# The soft_bounce parameter provides a limited safety net for
# testing. When soft_bounce is enabled, mail will remain queued that
# would otherwise bounce. This parameter disables locally-generated
# bounces, and prevents the SMTP server from rejecting mail permanently
# (by changing 5xx replies into 4xx replies). However, soft_bounce
# is no cure for address rewriting mistakes or mail routing mistakes.
#
#soft_bounce = no
# LOCAL PATHNAME INFORMATION
#
# The queue_directory specifies the location of the Postfix queue.
# This is also the root directory of Postfix daemons that run chrooted.
# See the files in examples/chroot-setup for setting up Postfix chroot
# environments on different UNIX systems.
#
queue_directory = /var/spool/postfix
# The command_directory parameter specifies the location of all
# postXXX commands.
#
command_directory = /usr/sbin
# The daemon_directory parameter specifies the location of all Postfix
# daemon programs (i.e. programs listed in the master.cf file). This
# directory must be owned by root.
#
daemon_directory = /usr/libexec/postfix
# QUEUE AND PROCESS OWNERSHIP
#
# The mail_owner parameter specifies the owner of the Postfix queue
# and of most Postfix daemon processes. Specify the name of a user
# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
# USER.
#
mail_owner = postfix
# The default_privs parameter specifies the default rights used by
# the local delivery agent for delivery to external file or command.
# These rights are used in the absence of a recipient user context.
# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
#
#default_privs = nobody
# INTERNET HOST AND DOMAIN NAMES
#
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#
myhostname = mail.easy.com
#myhostname = virtual.domain.tld
# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#
mydomain = easy.com
# SENDING MAIL
#
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites. If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
# user@that.users.mailhost.
#
# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#
#myorigin = $myhostname
myorigin = easy.com
# RECEIVING MAIL
# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on. By default,
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user@[ip.address].
#
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
#
# Note: you need to stop/start Postfix when this parameter changes.
#
inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
# The proxy_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on by way of a
# proxy or network address translation unit. This setting extends
# the address list specified with the inet_interfaces parameter.
#
# You must specify your proxy/NAT addresses when your system is a
# backup MX host for other domains, otherwise mail delivery loops
# will happen when the primary MX host is down.
#
#proxy_interfaces =
#proxy_interfaces = 1.2.3.4
# The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for.
#
# These domains are routed to the delivery agent specified with the
# local_transport parameter setting. By default, that is the UNIX
# compatible delivery agent that lookups all recipients in /etc/passwd
# and /etc/aliases or their equivalent.
#
# The default is $myhostname + localhost.$mydomain. On a mail domain
# gateway, you should also include $mydomain.
#
# Do not specify the names of virtual domains - those domains are
# specified elsewhere (see VIRTUAL_README).
#
# Do not specify the names of domains that this machine is backup MX
# host for. Specify those names via the relay_domains settings for
# the SMTP server, or use permit_mx_backup if you are lazy (see
# STANDARD_CONFIGURATION_README).
#
# The local machine is always the final destination for mail addressed
# to user@[the.net.work.address] of an interface that the mail system
# receives mail on (see the inet_interfaces parameter).
#
# Specify a list of host or domain names, /file/name or type:table
# patterns, separated by commas and/or whitespace. A /file/name
# pattern is replaced by its contents; a type:table is matched when
# a name matches a lookup key (the right-hand side is ignored).
# Continue long lines by starting the next line with whitespace.
#
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
#
#mydestination = $myhostname, localhost.$mydomain, localhost
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,mail.$mydomain, www.$mydomain, ftp.$mydomain
# REJECTING MAIL FOR UNKNOWN LOCAL USERS
#
# The local_recipient_maps parameter specifies optional lookup tables
# with all names or addresses of users that are local with respect
# to $mydestination, $inet_interfaces or $proxy_interfaces.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown local users. This parameter is defined by default.
#
# To turn off local recipient checking in the SMTP server, specify
# local_recipient_maps = (i.e. empty).
#
# The default setting assumes that you use the default Postfix local
# delivery agent for local delivery. You need to update the
# local_recipient_maps setting if:
#
# - You define $mydestination domain recipients in files other than
# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
# For example, you define $mydestination domain recipients in
# the $virtual_mailbox_maps files.
#
# - You redefine the local delivery agent in master.cf.
#
# - You redefine the "local_transport" setting in main.cf.
#
# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
# feature of the Postfix local delivery agent (see local(8)).
#
# Details are described in the LOCAL_RECIPIENT_README file.
#
# Beware: if the Postfix SMTP server runs chrooted, you probably have
# to access the passwd file via the proxymap service, in order to
# overcome chroot restrictions. The alternative, having a copy of
# the system passwd file in the chroot jail is just not practical.
#
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify a bare username, an @domain.tld
# wild-card, or specify a user@domain.tld address.
#
#local_recipient_maps = unix:passwd.byname $alias_maps
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =
# The unknown_local_recipient_reject_code specifies the SMTP server
# response code when a recipient domain matches $mydestination or
# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
# and the recipient address or address local-part is not found.
#
# The default setting is 550 (reject mail) but it is safer to start
# with 450 (try again later) until you are certain that your
# local_recipient_maps settings are OK.
#
unknown_local_recipient_reject_code = 550
# TRUST AND RELAY CONTROL
# The mynetworks parameter specifies the list of "trusted" SMTP
# clients that have more privileges than "strangers".
#
# In particular, "trusted" SMTP clients are allowed to relay mail
# through Postfix. See the smtpd_recipient_restrictions parameter
# in postconf(5).
#
# You can specify the list of "trusted" network addresses by hand
# or you can let Postfix do it for you (which is the default).
#
# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
# clients in the same IP subnetworks as the local machine.
# On Linux, this does works correctly only with interfaces specified
# with the "ifconfig" command.
#
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
# clients in the same IP class A/B/C networks as the local machine.
# Don't do this with a dialup site - it would cause Postfix to "trust"
# your entire provider's network. Instead, specify an explicit
# mynetworks list by hand, as described below.
#
# Specify "mynetworks_style = host" when Postfix should "trust"
# only the local machine.
#
#mynetworks_style = class
#mynetworks_style = subnet
mynetworks_style = host
# Alternatively, you can specify the mynetworks list by hand, in
# which case Postfix ignores the mynetworks_style setting.
#
# Specify an explicit list of network/netmask patterns, where the
# mask specifies the number of bits in the network part of a host
# address.
#
# You can also specify the absolute pathname of a pattern file instead
# of listing the patterns here. Specify type:table for table-based lookups
# (the value on the table right-hand side is not used).
#
mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
# The relay_domains parameter restricts what destinations this system will
# relay mail to. See the smtpd_recipient_restrictions description in
# postconf(5) for detailed information.
#
# By default, Postfix relays mail
# - from "trusted" clients (IP address matches $mynetworks) to any destination,
# - from "untrusted" clients to destinations that match $relay_domains or
# subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is $mydestination.
#
# In addition to the above, the Postfix SMTP server by default accepts mail
# that Postfix is final destination for:
# - destinations that match $inet_interfaces or $proxy_interfaces,
# - destinations that match $mydestination
# - destinations that match $virtual_alias_domains,
# - destinations that match $virtual_mailbox_domains.
# These destinations do not need to be listed in $relay_domains.
#
# Specify a list of hosts or domains, /file/name patterns or type:name
# lookup tables, separated by commas and/or whitespace. Continue
# long lines by starting the next line with whitespace. A file name
# is replaced by its contents; a type:name table is matched when a
# (parent) domain appears as lookup key.
#
# NOTE: Postfix will not automatically forward mail for domains that
# list this system as their primary or backup MX host. See the
# permit_mx_backup restriction description in postconf(5).
#
#relay_domains = $mydestination
# INTERNET OR INTRANET
# The relayhost parameter specifies the default host to send mail to
# when no entry is matched in the optional transport(5) table. When
# no relayhost is given, mail is routed directly to the destination.
#
# On an intranet, specify the organizational domain name. If your
# internal DNS uses no MX records, specify the name of the intranet
# gateway host instead.
#
# In the case of SMTP, specify a domain, host, host:port, [host]:port,
# [address] or [address]:port; the form [host] turns off MX lookups.
#
# If you're connected via UUCP, see also the default_transport parameter.
#
#relayhost = $mydomain
#relayhost = [gateway.my.domain]
#relayhost = [mailserver.isp.tld]
#relayhost = uucphost
#relayhost = [an.ip.add.ress]
# REJECTING UNKNOWN RELAY USERS
#
# The relay_recipient_maps parameter specifies optional lookup tables
# with all addresses in the domains that match $relay_domains.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown relay users. This feature is off by default.
#
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify an @domain.tld wild-card, or specify
# a user@domain.tld address.
#
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
# INPUT RATE CONTROL
#
# The in_flow_delay configuration parameter implements mail input
# flow control. This feature is turned on by default, although it
# still needs further development (it's disabled on SCO UNIX due
# to an SCO bug).
#
# A Postfix process will pause for $in_flow_delay seconds before
# accepting a new message, when the message arrival rate exceeds the
# message delivery rate. With the default 100 SMTP server process
# limit, this limits the mail inflow to 100 messages a second more
# than the number of messages delivered per second.
#
# Specify 0 to disable the feature. Valid delays are 0..10.
#
#in_flow_delay = 1s
# ADDRESS REWRITING
#
# The ADDRESS_REWRITING_README document gives information about
# address masquerading or other forms of address rewriting including
# username-Firstname.Lastname mapping.
# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
#
# The VIRTUAL_README document gives information about the many forms
# of domain hosting that Postfix supports.
# "USER HAS MOVED" BOUNCE MESSAGES
#
# See the discussion in the ADDRESS_REWRITING_README document.
# TRANSPORT MAP
#
# See the discussion in the ADDRESS_REWRITING_README document.
# ALIAS DATABASE
#
# The alias_maps parameter specifies the list of alias databases used
# by the local delivery agent. The default list is system dependent.
#
# On systems with NIS, the default is to search the local alias
# database, then the NIS alias database. See aliases(5) for syntax
# details.
#
# If you change the alias database, run "postalias /etc/aliases" (or
# wherever your system stores the mail alias file), or simply run
# "newaliases" to build the necessary DBM or DB file.
#
# It will take a minute or so before changes become visible. Use
# "postfix reload" to eliminate the delay.
#
#alias_maps = dbm:/etc/aliases
#alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases
# The alias_database parameter specifies the alias database(s) that
# are built with "newaliases" or "sendmail -bi". This is a separate
# configuration parameter, because alias_maps (see above) may specify
# tables that are not necessarily all under control by Postfix.
#
#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
#alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
# ADDRESS EXTENSIONS (e.g., user+foo)
#
# The recipient_delimiter parameter specifies the separator between
# user names and address extensions (user+foo). See canonical(5),
# local(8), relocated(5) and virtual(5) for the effects this has on
# aliases, canonical, virtual, relocated and .forward file lookups.
# Basically, the software tries user+foo and .forward+foo before
# trying user and .forward.
#
#recipient_delimiter = +
# DELIVERY TO MAILBOX
#
# The home_mailbox parameter specifies the optional pathname of a
# mailbox file relative to a user's home directory. The default
# mailbox file is /var/spool/mail/user or /var/mail/user. Specify
# "Maildir/" for qmail-style delivery (the / is required).
#
#home_mailbox = Mailbox
#home_mailbox = Maildir/
# The mail_spool_directory parameter specifies the directory where
# UNIX-style mailboxes are kept. The default setting depends on the
# system type.
#
#mail_spool_directory = /var/mail
#mail_spool_directory = /var/spool/mail
# The mailbox_command parameter specifies the optional external
# command to use instead of mailbox delivery. The command is run as
# the recipient with proper HOME, SHELL and LOGNAME environment settings.
# Exception: delivery for root is done as $default_user.
#
# Other environment variables of interest: USER (recipient username),
# EXTENSION (address extension), DOMAIN (domain part of address),
# and LOCAL (the address localpart).
#
# Unlike other Postfix configuration parameters, the mailbox_command
# parameter is not subjected to $parameter substitutions. This is to
# make it easier to specify shell syntax (see example below).
#
# Avoid shell meta characters because they will force Postfix to run
# an expensive shell process. Procmail alone is expensive enough.
#
# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
#
#mailbox_command = /some/where/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"
# The mailbox_transport specifies the optional transport in master.cf
# to use after processing aliases and .forward files. This parameter
# has precedence over the mailbox_command, fallback_transport and
# luser_relay parameters.
#
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#mailbox_transport = lmtp:unix:/file/name
#mailbox_transport = cyrus
# The fallback_transport specifies the optional transport in master.cf
# to use for recipients that are not found in the UNIX passwd database.
# This parameter has precedence over the luser_relay parameter.
#
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#fallback_transport = lmtp:unix:/file/name
#fallback_transport = cyrus
#fallback_transport =
# The luser_relay parameter specifies an optional destination address
# for unknown recipients. By default, mail for unknown@$mydestination,
# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
# as undeliverable.
#
# The following expansions are done on luser_relay: $user (recipient
# username), $shell (recipient shell), $home (recipient home directory),
# $recipient (full recipient address), $extension (recipient address
# extension), $domain (recipient domain), $local (entire recipient
# localpart), $recipient_delimiter. Specify ${name?value} or
# ${name:value} to expand value only when $name does (does not) exist.
#
# luser_relay works only for the default Postfix local delivery agent.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must specify "local_recipient_maps =" (i.e. empty) in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#luser_relay = $user@other.host
#luser_relay = $local@other.host
#luser_relay = admin+$local
# JUNK MAIL CONTROLS
#
# The controls listed here are only a very small subset. The file
# SMTPD_ACCESS_README provides an overview.
# The header_checks parameter specifies an optional table with patterns
# that each logical message header is matched against, including
# headers that span multiple physical lines.
#
# By default, these patterns also apply to MIME headers and to the
# headers of attached messages. With older Postfix versions, MIME and
# attached message headers were treated as body text.
#
# For details, see "man header_checks".
#
#header_checks = regexp:/etc/postfix/header_checks
# FAST ETRN SERVICE
#
# Postfix maintains per-destination logfiles with information about
# deferred mail, so that mail can be flushed quickly with the SMTP
# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
# See the ETRN_README document for a detailed description.
#
# The fast_flush_domains parameter controls what destinations are
# eligible for this service. By default, they are all domains that
# this server is willing to relay mail to.
#
#fast_flush_domains = $relay_domains
# SHOW SOFTWARE VERSION OR NOT
#
# The smtpd_banner parameter specifies the text that follows the 220
# code in the SMTP server's greeting banner. Some people like to see
# the mail version advertised. By default, Postfix shows no version.
#
# You MUST specify $myhostname at the start of the text. That is an
# RFC requirement. Postfix itself does not care.
#
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
# PARALLEL DELIVERY TO THE SAME DESTINATION
#
# How many parallel deliveries to the same user or domain? With local
# delivery, it does not make sense to do massively parallel delivery
# to the same user, because mailbox updates must happen sequentially,
# and expensive pipelines in .forward files can cause disasters when
# too many are run at the same time. With SMTP deliveries, 10
# simultaneous connections to the same domain could be sufficient to
# raise eyebrows.
#
# Each message delivery transport has its XXX_destination_concurrency_limit
# parameter. The default is $default_destination_concurrency_limit for
# most delivery transports. For the local delivery agent the default is 2.
#local_destination_concurrency_limit = 2
#default_destination_concurrency_limit = 20
# DEBUGGING CONTROL
#
# The debug_peer_level parameter specifies the increment in verbose
# logging level when an SMTP client or server host name or address
# matches a pattern in the debug_peer_list parameter.
#
debug_peer_level = 2
# The debug_peer_list parameter specifies an optional list of domain
# or network patterns, /file/name patterns or type:name tables. When
# an SMTP client or server host name or address matches a pattern,
# increase the verbose logging level by the amount specified in the
# debug_peer_level parameter.
#
#debug_peer_list = 127.0.0.1
#debug_peer_list = some.domain
# The debugger_command specifies the external command that is executed
# when a Postfix daemon program is run with the -D option.
#
# Use "command .. %26amp; sleep 5" so that the debugger can attach before
# the process marches on. If you use an X-based debugger, be sure to
# set up your XAUTHORITY environment variable before starting Postfix.
#
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id %26amp; sleep 5
# If you can't use X, use this to capture the call stack when a
# daemon crashes. The result is in a file in the configuration
# directory, and is named after the process name and the process ID.
#
# debugger_command =
# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
# echo where) | gdb $daemon_directory/$process_name $process_id 2%26amp;1
# $config_directory/$process_name.$process_id.log %26amp; sleep 5
#
# Another possibility is to run gdb under a detached screen session.
# To attach to the screen sesssion, su root and run "screen -r
# " where uniquely matches one of the detached
# sessions (from "screen -list").
#
# debugger_command =
# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
# -dmS $process_name gdb $daemon_directory/$process_name
# $process_id %26amp; sleep 1
# INSTALL-TIME CONFIGURATION INFORMATION
#
# The following parameters are used when installing a new Postfix version.
#
# sendmail_path: The full pathname of the Postfix sendmail command.
# This is the Sendmail-compatible mail posting interface.
#
sendmail_path = /usr/sbin/sendmail.postfix
# newaliases_path: The full pathname of the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases.
#
newaliases_path = /usr/bin/newaliases.postfix
# mailq_path: The full pathname of the Postfix mailq command. This
# is the Sendmail-compatible mail queue listing command.
#
mailq_path = /usr/bin/mailq.postfix
# setgid_group: The group for mail submission and queue management
# commands. This must be a group name with a numerical group ID that
# is not shared with other accounts, not even with the Postfix account.
#
setgid_group = postdrop
# html_directory: The location of the Postfix HTML documentation.
#
html_directory = /usr/share/doc/postfix-2.2.5-documentation/html
# manpage_directory: The location of the Postfix on-line manual pages.
#
manpage_directory = /usr/share/man
# sample_directory: The location of the Postfix sample configuration files.
# This parameter is obsolete as of Postfix 2.1.
#
sample_directory = /etc/postfix
# readme_directory: The location of the Postfix README files.
#
readme_directory = /usr/share/doc/postfix-2.2.5-documentation/readme
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
content_filter = smtp:127.0.0.1:10024
