2014年12月5日 星期五

ubuntu 14.04 postfix+dovecot+amavis+clamav+spamassassin

apt-get install postfix dovecot-pop3d amavisd-new spamassassin clamav clamav-daemon

/etc/postfix/main.cf
home_mailbox = Maildir/

#SASL

smtpd_sasl_type = dovecot

smtpd_sasl_path = private/auth

smtpd_sasl_auth_enable = yes

smtpd_recipient_restrictions = 

permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

#amavis

content_filter = amavis:[127.0.0.1]:10024

receive_override_options = no_address_mappings

#smptd restrictions
smtpd_client_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_rbl_client cbl.abuseat.org,reject_rbl_client dnsbl.sorbs.net
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,reject_invalid_helo_hostname,check_helo_access hash:/etc/postfix/check_helo
smtpd_data_restrictions = reject_unauth_pipelining, reject_multi_recipient_bounce
smtpd_reject_unlisted_sender = yes


另外,在/etc/postfix/下新增check_helo對照表,格式如下:
主機名稱或IP       處置動作
例如,在check_helo檔案內設定如下:
mail.demo.tw         REJECT
設定好後,執行postmap /etc/postfix/check_helo,上述設定意義為(假設我的郵件主機名稱為mail.demo.tw),拒絕以mail.demo.tw這個主機名稱來連接,可避免client端冒用我方主機發送垃圾信件!

/etc/postfix/master.cf
amavis unix - - - - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks



/etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir

/etc/dovecot/conf.d/10-master.conf
...
service auth {
...
  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
  }
...

}
/etc/dovecot/conf.d/10-auth.conf
auth_mechanisms = plain login



/etc/amavis/conf.d/15-content_filter_mode
@bypass_virus_checks_maps = (

   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

@bypass_spam_checks_maps = (

   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

/etc/amavis/conf.d/20-debian_defaults (是狀況修該需要值 for Spam,這部分很怪的是明明安裝的是Ubuntu,卻一樣套用20-debian_defaults,試過修改21-ubuntu_defaults,卻沒有效果!)


/etc/amavis/conf.d/50-user
$pax='pax';

sudo adduser clamav amavis

sudo service amavis restart

sudo service clamav-freshclam restart

sudo service clamav-daemon restart

sudo freshclam

sudo  service dovecot restart

sudo service postfix restart

/etc/spamassassin/local.cf
#bayes
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1

  /etc/default/spamassassin
ENABLED=1


You can check your SpamAssassin configuration by executing:
spamassassin --lint (It shouldn't show any errors.)

sudo service amavis restart

Now we update our SpamAssassin rulesets as follows:
sudo sa-update --nogpg -D

We create a cron job so that the rulesets will be updated regularly. Run
sudo crontab -e
23 4 */2 * * /usr/bin/sa-update --nogpg  -D &> /dev/null

sudo service spamassassin start



沒有留言:

張貼留言