Linux/Mailserver/Internet Site: Difference between revisions

From Wiki
 
(13 intermediate revisions by the same user not shown)
Line 5: Line 5:


= Spam filtering =
= Spam filtering =
== Installation ==
* install
<blockquote>
<pre>
apt install postgrey postfix-policyd-spf-python spamassassin spamass-milter clamav-milter
</pre>
</blockquote>


* edit /etc/postfix/main.cf
* edit /etc/postfix/main.cf
<blockquote>
<blockquote>
<pre>
<pre>
# Restrictions in order: client, helo, sender, relay/recipient
smtpd_client_restrictions =  
smtpd_client_restrictions =  
         permit_mynetworks,
         permit_mynetworks, permit_sasl_authenticated,
         reject_unauth_pipelining,
         reject_unauth_pipelining,


Line 22: Line 29:
         permit_mynetworks,
         permit_mynetworks,
         reject_non_fqdn_sender, reject_unknown_sender_domain,
         reject_non_fqdn_sender, reject_unknown_sender_domain,
        check_sender_access hash:/etc/postfix/sender_access,


smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
smtpd_relay_restrictions =  
        permit_mynetworks, permit_sasl_authenticated,
         reject_unauth_destination,
         reject_unauth_destination,


Line 36: Line 43:
         reject_unknown_sender_domain,
         reject_unknown_sender_domain,
         permit_mynetworks,
         permit_mynetworks,
         reject_rbl_client zen.spamhaus.org,
         reject_rbl_client zen.spamhaus.org,
         reject_rhsbl_reverse_client dbl.spamhaus.org,
         reject_rhsbl_reverse_client dbl.spamhaus.org,
         reject_rhsbl_helo dbl.spamhaus.org,
         reject_rhsbl_helo dbl.spamhaus.org,
         reject_rhsbl_sender dbl.spamhaus.org,
         reject_rhsbl_sender dbl.spamhaus.org,
 
        check_policy_service unix:private/policy-spf
 
            # check SPF of remote mail server
 
         check_policy_service inet:127.0.0.1:10023,
 
 
 
 
         check_policy_service inet:127.0.0.1:10023
             # check with postgrey     
             # check with postgrey     
         permit
         permit
policy-spf_time_limit = 3600s
</pre>
</pre>
</blockquote>
</blockquote>


== Postgrey ==


== Postgrey ==
* install
<blockquote>
<pre>
apt install postgrey 
</pre>
</blockquote>


* edit /etc/default/postgrey
* edit /etc/default/postgrey
Line 78: Line 74:
</blockquote>
</blockquote>


* edit /etc/postfix/main.cf
== Postfix-policyd-spf-python ==
<blockquote>
* add to end of /etc/postfix/master.cf
<pre>
smtpd_recipient_restrictions =
    ...
    permit_sasl_authenticated
    permit_mynetworks
    reject_unauth_destination
    ...
    check_policy_service inet:127.0.0.1:10023
    ...
    permit
</pre>
</blockquote>
 
 
 
<blockquote>
<blockquote>
<pre>
<pre>
 
policy-spf unix  -      n      n      -      -      spawn
    user=nobody argv=/usr/bin/policyd-spf
</pre>
</pre>
</blockquote>
</blockquote>


== spamassassin ==
* add to /etc/postfix/main.cf
<blockquote>
<blockquote>
<pre>
<pre>
 
smtpd_milters = unix:/spamass/spamass.sock
                    # spamassassin
</pre>
</pre>
</blockquote>
</blockquote>
Line 109: Line 94:




== clam-av ==
* add to /etc/postfix/main.cf
<blockquote>
<blockquote>
<pre>
<pre>
smtpd_milters = unix:/clamav/clamav-milter.ctl
                    # clam-av virus scan


milter_connect_macros="i j {daemon_name} v {if_name} _"
</pre>
</pre>
</blockquote>
</blockquote>


* change /etc/clamav/clamav-milter.conf
<blockquote>
<blockquote>
<pre>
<pre>
 
MilterSocket /var/spool/postfix/clamav/clamav-milter.ctl
MilterSocketGroup postfix
</pre>
</pre>
</blockquote>
</blockquote>

Latest revision as of 22:00, 5 September 2016

Requirements

  • Ubuntu 16.04
  • server with static ip
  • control of dns entries

Spam filtering

Installation

  • install
apt install postgrey postfix-policyd-spf-python spamassassin spamass-milter clamav-milter


  • edit /etc/postfix/main.cf
smtpd_client_restrictions = 
        permit_mynetworks, permit_sasl_authenticated,
        reject_unauth_pipelining,

smtpd_helo_required = yes
smtpd_helo_restrictions = 
        permit_mynetworks,
        reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname

smtpd_sender_restrictions = 
        permit_mynetworks,
        reject_non_fqdn_sender, reject_unknown_sender_domain,

smtpd_relay_restrictions = 
        permit_mynetworks, permit_sasl_authenticated,
        reject_unauth_destination,

smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        reject_non_fqdn_recipient,
        reject_unknown_recipient_domain,
        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain,
        permit_mynetworks,
        reject_rbl_client zen.spamhaus.org,
        reject_rhsbl_reverse_client dbl.spamhaus.org,
        reject_rhsbl_helo dbl.spamhaus.org,
        reject_rhsbl_sender dbl.spamhaus.org,
        check_policy_service unix:private/policy-spf
            # check SPF of remote mail server
        check_policy_service inet:127.0.0.1:10023,
            # check with postgrey    
        permit

policy-spf_time_limit = 3600s

Postgrey

  • edit /etc/default/postgrey
POSTGREY_OPTS="--inet=10023 --delay=60"
  • restart
systemctl restart postgrey

Postfix-policyd-spf-python

  • add to end of /etc/postfix/master.cf
policy-spf unix  -       n       n       -       -       spawn
     user=nobody argv=/usr/bin/policyd-spf

spamassassin

  • add to /etc/postfix/main.cf
smtpd_milters = unix:/spamass/spamass.sock
                    # spamassassin


clam-av

  • add to /etc/postfix/main.cf
smtpd_milters = unix:/clamav/clamav-milter.ctl
                    # clam-av virus scan

milter_connect_macros="i j {daemon_name} v {if_name} _"
  • change /etc/clamav/clamav-milter.conf
MilterSocket /var/spool/postfix/clamav/clamav-milter.ctl
MilterSocketGroup postfix
Retrieved from "https://wiki.marcluerssen.de/index.php?title=Linux/Mailserver/Internet_Site&oldid=1130"