{"id":585,"date":"2011-05-26T10:47:39","date_gmt":"2011-05-26T02:47:39","guid":{"rendered":"http:\/\/blog.infinity.idv.tw\/index.php\/2011\/05\/26\/%e5%88%a9%e7%94%a8-procmail-%e7%9a%84%e9%81%8e%e6%bf%be%e4%bf%a1%e4%bb%b6postfix\/"},"modified":"2011-05-26T10:47:39","modified_gmt":"2011-05-26T02:47:39","slug":"%e5%88%a9%e7%94%a8-procmail-%e7%9a%84%e9%81%8e%e6%bf%be%e4%bf%a1%e4%bb%b6postfix","status":"publish","type":"post","link":"http:\/\/blog.infinity.idv.tw\/?p=585","title":{"rendered":"\u5229\u7528 procmail \u7684\u904e\u6ffe\u4fe1\u4ef6(Postfix )"},"content":{"rendered":"<p>\u5229\u7528 procmail \u7684\u904e\u6ffe\u4fe1\u4ef6(Postfix )<\/p>\n<p>\u53c3\u8003\u7db2\u5740:<a title=\"http:\/\/blog.weithenn.org\/2009\/06\/freebsdpostfix-amavisd-new-uvscan.html\" href=\"http:\/\/blog.weithenn.org\/2009\/06\/freebsdpostfix-amavisd-new-uvscan.html\">http:\/\/blog.weithenn.org\/2009\/06\/freebsdpostfix-amavisd-new-uvscan.html<\/a><\/p>\n<h4>Procmail \u90e8\u4efd (\u81ea\u8a02\u90f5\u4ef6\u6536\u9001\u898f\u5247)<\/h4>\n<h5>\u6b65\u9a5f1.\u5b89\u88dd Procmail \u5957\u4ef6<\/h5>\n<p>\u5207\u63db\u81f3 Ports Tree \u8def\u5f91\u5b89\u88dd Procmail \u5957\u4ef6(\u8acb\u5c0a\u91cd weithenn \u7684\u8f9b\u52de!!)<\/p>\n<p><code><\/code><\/p>\n<blockquote>\n<p><code>#cd \/usr\/ports\/mail\/procmail \/\/\u5207\u63db\u81f3\u5b89\u88dd\u8def\u5f91        <br \/>#make install clean \/\/\u5b89\u88dd\u5957\u4ef6\u4e26\u6e05\u9664\u5b89\u88dd\u904e\u7a0b\u4e2d\u4e0d\u5fc5\u8981\u7684\u6a94\u6848<\/code><\/p>\n<\/blockquote>\n<h5>\u6b65\u9a5f2.\u4fee\u6539 Postfix \u8a2d\u5b9a\u6a94 (main.cf)<\/h5>\n<p>\u4fee\u6539 Postfix \u8a2d\u5b9a\u6a94 main.cf \u5167\u5bb9\u5982\u4e0b<\/p>\n<blockquote>\n<p><code>#vi \/usr\/local\/etc\/postfix\/main.cf \/\/\u4fee\u6539 Postfix \u8a2d\u5b9a\u6a94        <br \/>mailbox_command = \/usr\/local\/bin\/procmail \/\/\u52a0\u5165\u6b64\u884c (\u81ea\u8a02\u7684\u898f\u5247\u6703\u5957\u7528\u81f3\u6240\u6709\u5e33\u865f)<\/code><\/p>\n<\/blockquote>\n<h5>\u6b65\u9a5f3.\u7de8\u5beb\u904e\u6ffe\u898f\u5247 (procmailrc)<\/h5>\n<p>\u7de8\u5beb\u904e\u6ffe\u898f\u5247\u8a2d\u5b9a\u6a94 Promailrc \u4e0b\u5217\u904e\u6ffe\u898f\u5247\u70ba\u6536\u96c6\u7db2\u8def\u4e0a\u8cc7\u6599\u800c\u6210\u7684\u7bc4\u4f8b\u3002(\u8acb\u5c0a\u91cd weithenn \u7684\u8f9b\u52de!!)<\/p>\n<ul>\n<li>\u6240\u6709\u4f7f\u7528\u8005\u7684\u904e\u6ffe\u689d\u4ef6\uff1a \/usr\/loca\/etc\/procmailrc <\/li>\n<li>\u500b\u5225\u4f7f\u7528\u8005\u7684\u904e\u6ffe\u689d\u4ef6\uff1a .procmailrc (\u4f7f\u7528\u8005\u5bb6\u76ee\u9304\u4e0b\u900f\u904e .forware \u4f86\u555f\u52d5 procmail) <\/li>\n<\/ul>\n<p>\u4f7f\u7528\u8005\u53ef\u900f\u904e\u5728\u500b\u4eba\u5bb6\u76ee\u9304\u4e0b .forward \u52a0\u5165\u5982\u4e0b\u5167\u5bb9\u4f86\u9054\u5230\u81ea\u8a02\u500b\u4eba\u904e\u6ffe\u689d\u4ef6\u7684\u76ee\u7684 (\u8acb\u4f9d\u500b\u4eba\u559c\u597d\u64c7\u4e00\u5373\u53ef)<\/p>\n<blockquote>\n<p><code>#cat ~\/.forward        <br \/>&quot;| \/usr\/local\/bin\/procmail&quot; \/\/\u52a0\u5165\u6b64\u884c (\u65b9\u5f0f\u4e00)         <br \/>&quot;|IFS=' ' &amp;&amp; exec \/usr\/local\/bin\/procmail -f- || exit 75 $USER&quot; \/\/\u52a0\u5165\u6b64\u884c (\u65b9\u5f0f\u4e8c)<\/code><\/p>\n<\/blockquote>\n<p>\u4ee5\u4e0b\u70ba\u81ea\u8a02\u6240\u6709\u4f7f\u7528\u8005\u7684\u904e\u6ffe\u689d\u4ef6\uff0c\u5176\u4e2d\u7684 \/dev\/null \u53ef\u4ee5\u63db\u6210\u5225\u7684\u76ee\u9304 (ex.\/var\/virusmails)\u3002\u5167\u5bb9\u5982\u4e0b (\u7576\u7136\u60a8\u53ef\u4f9d\u500b\u4eba\u9700\u6c42\u65b0\u589e\/\u522a\u9664)<\/p>\n<blockquote>\n<p><code>#vi \/usr\/loca\/etc\/procmailrc        <br \/>VERBOSE=off         <br \/>LOGFILE=\/var\/log\/procmail.log         <br \/>###########################################################################         <br \/>###Procmail \u5bc4\u9032\u4f86\u7684\u90f5\u4ef6\u4f9d\u4e0b\u5217\u898f\u5247\u9010\u4e00\u904e\u6ffe\uff0c\u672a\u7b26\u5408\u5e95\u4e0b\u898f\u5247\u7684\u4fe1\u4ef6\u90fd\u653e\u884c ###         <br \/>###Subjcet \u4e3b\u65e8 ###         <br \/>###Content-Type: ###         <br \/>###########################################################################         <br \/>############ KLEZ.G Virus ############         <br \/>:0b         <br \/>* ^Subject:.*(Let's be friends)         <br \/>\/dev\/null         <br \/>###         <br \/>:0b         <br \/>* ^Subject:.*A funny game         <br \/>\/dev\/null         <br \/>###         <br \/>:0b         <br \/>* ^Subject:.*Hello\\,.*\\,how are you.*         <br \/>\/dev\/null         <br \/>###         <br \/>:0 B         <br \/>* ^Content-Type:.*audio\/x-wav.*         <br \/>* ^.*name=.*\\.(scr|SCR)         <br \/>\/dev\/null         <br \/>###         <br \/>:0 B         <br \/>* ^Content-Type:.*audio\/x-midi.*         <br \/>* ^.*name=.*\\.(scr|SCR)         <br \/>\/dev\/null         <br \/>###         <br \/>:0 B         <br \/>* ^Content-Type:.*application\/octet-stream.*         <br \/>* ^.*name=.*\\.(scr|SCR)         <br \/>\/dev\/null         <br \/>###         <br \/>:0 Bb         <br \/>* ^This game is my first work.*         <br \/>* ^You\\'re the first player.*         <br \/>* I.*you would .* it.*         <br \/>\/dev\/null         <br \/>###         <br \/>:0 Bb         <br \/>* .*This is a.*patch.*         <br \/>* ^I .* you would.*it.*         <br \/>\/dev\/null         <br \/>###         <br \/>:0 Bb         <br \/>* .*iframe src=3Dcid.*height=3D0 width=3D0.*         <br \/>\/dev\/null         <br \/>###         <br \/>:0 B         <br \/>* ^Content-Type:.*multipart\/mixed.*         <br \/>* name=&quot;ANTI_CIH.EXE&quot;         <br \/>\/dev\/null         <br \/>###         <br \/>:0b         <br \/>* ^Subject:.*W32.Klez.*removal tools.*         <br \/>\/dev\/null         <br \/>############## Nimda Virus ###############         <br \/>:0 Bh         <br \/>* ^Content-Type:.*audio\/x-wav.*         <br \/>* name=&quot;readme.exe&quot;         <br \/>\/dev\/null         <br \/>###         <br \/>:0 Bh         <br \/>* ^Content-Type:.*audio\/x-wav.*         <br \/>* name=&quot;sample.exe&quot;         <br \/>\/dev\/null         <br \/>###         <br \/>:0 B         <br \/>* ^Content-Type:.*multipart\/mixed.*         <br \/>* name=&quot;readme.exe&quot;         <br \/>\/dev\/null         <br \/>###         <br \/>:0 B         <br \/>* ^Content-Type:.*multipart\/mixed.*         <br \/>* name=&quot;sample.exe&quot;         <br \/>\/dev\/null         <br \/>###         <br \/>:0 B         <br \/>* ^Content-Type:.*application.*         <br \/>* name=&quot;readme.exe&quot;         <br \/>\/dev\/null         <br \/>###         <br \/>:0 B         <br \/>* ^Content-Type:.*application.*         <br \/>* name=&quot;sample.exe&quot;         <br \/>\/dev\/null         <br \/>############# SirCam Virus ############         <br \/>:0 Bh         <br \/>* I send you this file in order to have your advice         <br \/>\/dev\/null         <br \/>############# PE.BRID.A ############         <br \/>:0 H         <br \/>* ^X-Mailer: EBT Reporter.*$         <br \/>\/dev\/null         <br \/>###         <br \/>:0 B         <br \/>* ^.*[Nn][Aa][Mm][Ee]=README\\.EXE.*$         <br \/>\/dev\/null         <br \/>#############\u5ee3\u544a\u4fe1 (\u4e0b\u5217\u4e09\u7a2e\u6311\u4e00\u500b\u5427) ##############         <br \/>:0:         <br \/>* ^X-Spam-Flag:.*YES         <br \/>\/dev\/null         <br \/>:0:         <br \/>* ^X-Spam-Level:.\\*\\*\\*\\*\\*         <br \/>\/dev\/null         <br \/>:0:         <br \/>* ^X-Spam-Status:.*Yes         <br \/>\/dev\/null<\/code><\/p>\n<\/blockquote>\n<p>\u5efa\u7acb Procmail Log \u4ee5\u4fbf\u5f8c\u7e8c\u89c0\u5bdf Procmail \u904b\u4f5c\u72c0\u6cc1\uff0c\u82e5\u8981\u5141\u8a31\u4f7f\u7528\u8005\u7684 Procmail \u904e\u6ffe\u898f\u5247\u4e5f\u53ef\u5beb\u5165\u8a72 Log \u7684\u8a71\u5247\u6b0a\u9650\u8acb\u8a2d\u5b9a\u70ba 666(\u8acb\u5c0a\u91cd weithenn \u7684\u8f9b\u52de!!)<\/p>\n<blockquote>\n<p><code>#touch \/var\/log\/procmail.log \/\/\u5efa\u7acb Procmail Log        <br \/>#chmod 666 \/var\/log\/procmail.log \/\/\u5141\u8a31\u4f7f\u7528\u8005\u7684 Procmail \u904e\u6ffe\u898f\u5247\u4e5f\u53ef\u5beb\u5165<\/code><\/p>\n<\/blockquote>\n<h5>\u6b65\u9a5f4.\u6e2c\u8a66\u904e\u6ffe\u898f\u5247<\/h5>\n<p>\u5728\u6e2c\u8a66\u904e\u7a0b\u4e2d\u53ef\u4ee5\u91dd\u5c0d A funny game \u4e3b\u65e8\u4f86\u9032\u884c\u6e2c\u8a66\u4e26\u4e14\u628a \/dev\/null \u6539\u6210\/var\/virusmails\u3002\u5bc4\u6b64\u4e3b\u65e8\u7684\u4fe1\u4ef6\u7d66\u4f7f\u7528\u8005\u7136\u5f8c\u4f7f\u7528 mailstat \u4f86\u89c0\u5bdf\u3002<\/p>\n<blockquote>\n<p><code>#mailstat -km \/var\/log\/procmail.log<\/code><\/p>\n<\/blockquote>\n<h5>\u6b65\u9a5f5.\u5982\u4f55\u904e\u6ffe\u4e2d\u6587\u5ee3\u544a\u4fe1<\/h5>\n<p>\u7531\u65bc\u4e2d\u6587\u7de8\u78bc (\u4e2d\u6587\u5ee3\u544a\u4fe1) \u9032\u5165\u7cfb\u7d71\u5f8c\u6703\u986f\u793a\u70ba\u4e82\u78bc\uff0c\u56e0\u6b64\u82e5\u662f\u60a8\u76f4\u63a5\u5728\u904e\u6ffe\u898f\u5247\u5167\u6253\u4e2d\u6587\u662f\u7121\u6cd5\u904e\u6ffe\u4e2d\u6587\u5ee3\u544a\u4fe1\u7684\uff0c\u6240\u4ee5\u8acb\u5b89\u88dd mmencode \u5957\u4ef6\uff0c\u5c07\u4e2d\u6587\u5b57\u8f49\u63db\u70ba MIME Code\u3002<\/p>\n<blockquote>\n<p><code>#cd \/usr\/ports\/converters\/mmencode \/\/\u5207\u63db\u5230\u5b89\u88dd\u8def\u5f91        <br \/>#make install clean \/\/\u5b89\u88dd\u4e26\u6e05\u9664\u904e\u7a0b\u4e2d\u4e0d\u5fc5\u8981\u7684\u6a94\u6848<\/code><\/p>\n<\/blockquote>\n<p>MIME \u5b9a\u7fa9\u5169\u7a2e\u7de8\u78bc\u65b9\u6cd5\uff1aBase64 \u8207 QP(Quote-Printable) \u800c\u542b\u6709 MIME \u7de8\u78bc\u7684\u90f5\u4ef6\u82e5\u60a8\u67e5\u770b\u5b83\u7684\u6e90\u59cb\u78bc\u6703\u542b\u6709 &quot;This is a multi-part message in MIME format.&quot; \u9019\u6a23\u7684\u53e5\u5b50\u3002<\/p>\n<ul>\n<li><strong>Base64<\/strong>\uff1a \u9810\u8a2d\u503c\uff0c\u5c07\u6574\u500b\u6a94\u6848\u8cc7\u6599\u91cd\u65b0\u7de8\u78bc\u70ba 7bits\n<ul>\n<li>\u4ee5\u4e0b\u5c07\u4e2d\u6587\u5b57 <strong>\u6253\u70ae<\/strong> \u8f49\u63db\u6210 MIME \u7de8\u78bc\u4e2d\u7684 Base64 \u4ee5\u53ca\u5c07 Base64 \u8f49\u63db\u56de\u4e2d\u6587 <\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<blockquote>\n<p><code>#echo &quot;\u6253\u70ae&quot; | mmencode \/\/\u4e2d\u6587\u8f49\u63db\u70ba Base64        <br \/>pbSstgo=         <br \/>#echo &quot;pbSstgo=&quot; |mmencode -u \/\/Base64 \u8f49\u63db\u70ba\u4e2d\u6587         <br \/>\u6253\u70ae<\/code> <\/p>\n<ul>\n<li><strong>QP<\/strong> (<strong>Q<\/strong>uote-<strong>P<\/strong>rintable)\uff1a \u5c07 8bits \u4e2d\u6587\u8cc7\u6599\u8f49\u63db\u70ba 7bits\n<ul>\n<li>\u4ee5\u4e0b\u5c07\u4e2d\u6587\u5b57 <strong>\u6253\u70ae<\/strong> \u8f49\u63db\u6210 MIME \u7de8\u78bc\u4e2d\u7684 QP \u4ee5\u53ca\u5c07 QP \u8f49\u63db\u56de\u4e2d\u6587 <\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>   <code>#echo &quot;\u6253\u70ae&quot; | mmencode -q \/\/\u4e2d\u6587\u8f49\u63db\u70ba QP      <br \/>=A5=B4=AC=B6       <br \/>#echo &quot;=A5=B4=AC=B6&quot; | mmencode -q -u \/\/QP \u8f49\u63db\u70ba\u4e2d\u6587       <br \/>\u6253\u70ae<\/code> <\/p><\/blockquote>\n<p>\u5728 Procemail \u904e\u6ffe\u898f\u5247 (procmailrc) \u4e2d\u53ef\u4ee5\u63a5\u53d7 Base64 \u53ca QP \u7684 MIME \u7de8\u78bc\uff0c\u4ee5\u4e0b\u904e\u6ffe\u898f\u5247\u4e2d\u70ba\u90f5\u4ef6\u4e3b\u65e8\u4e2d\u53ea\u8981\u6709<strong>\u6253\u70ae<\/strong>\u9019\u4e8c\u500b\u4e2d\u6587\u5b57\u773c\u5c31\u628a\u8a72 Mail \u79fb\u5230 \/dev\/null \u53bb\u3002<\/p>\n<blockquote>\n<p><code>:0b        <br \/>* ^Subject:.*(pbSstgo=)* \/\/Base64 Code         <br \/>\/dev\/null         <br \/>:0b         <br \/>* ^Subject:.*(=A5=B4=AC=B6)* \/\/QP Code         <br \/>\/dev\/null<\/code><\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>\u5229\u7528 procmail \u7684\u904e\u6ffe\u4fe1\u4ef6(Postfix )<\/p>\n<p>\u53c3\u8003\u7db2\u5740:http:\/\/blog.weithenn.org\/2009\/06\/freebsdpostfix-amavisd-new-uvscan.html<\/p>\n<p>Procmail \u90e8\u4efd (\u81ea\u8a02\u90f5\u4ef6\u6536\u9001\u898f\u5247)<br \/>\n\u6b65\u9a5f1.\u5b89\u88dd Procmail \u5957\u4ef6<\/p>\n<p>\u5207\u63db\u81f3 Ports Tree \u8def\u5f91\u5b89\u88dd Procmail \u5957\u4ef6(\u8acb\u5c0a\u91cd weithenn \u7684\u8f9b\u52de!!)<\/p>\n<\/p>\n<p>#cd \/usr\/ports\/mail\/procmail \/\/\u5207\u63db\u81f3\u5b89\u88dd\u8def\u5f91        #make install clean \/\/\u5b89\u88dd\u5957\u4ef6\u4e26\u6e05\u9664\u5b89\u88dd\u904e\u7a0b\u4e2d\u4e0d\u5fc5\u8981\u7684\u6a94\u6848<\/p>\n<p>\u6b65\u9a5f2.\u4fee\u6539 Postfix \u8a2d\u5b9a\u6a94 (main.cf)<\/p>\n<p>\u4fee\u6539 Postfix \u8a2d\u5b9a\u6a94 main.cf \u5167\u5bb9\u5982\u4e0b<\/p>\n<p>#vi \/usr\/local\/etc\/postfix\/main.cf \/\/\u4fee\u6539 Postfix \u8a2d\u5b9a\u6a94        mailbox_command = \/usr\/local\/bin\/procmail \/\/\u52a0\u5165\u6b64\u884c (\u81ea\u8a02\u7684\u898f\u5247\u6703\u5957\u7528\u81f3\u6240\u6709\u5e33\u865f)<\/p>\n<p>\u6b65\u9a5f3.\u7de8\u5beb\u904e\u6ffe\u898f\u5247 (procmailrc)<\/p>\n<p>\u7de8\u5beb\u904e\u6ffe\u898f\u5247\u8a2d\u5b9a\u6a94 Promailrc \u4e0b\u5217\u904e\u6ffe\u898f\u5247\u70ba\u6536\u96c6\u7db2\u8def\u4e0a\u8cc7\u6599\u800c\u6210\u7684\u7bc4\u4f8b\u3002(\u8acb\u5c0a\u91cd weithenn [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[255],"tags":[377],"_links":{"self":[{"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=\/wp\/v2\/posts\/585"}],"collection":[{"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=585"}],"version-history":[{"count":0,"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=\/wp\/v2\/posts\/585\/revisions"}],"wp:attachment":[{"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=585"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=585"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blog.infinity.idv.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=585"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}