Erinevus lehekülje "Postfix" redaktsioonide vahel

Allikas: Kuutõrvaja
137. rida: 137. rida:
  
 
http://www.postfix.org/OVERVIEW.html
 
http://www.postfix.org/OVERVIEW.html
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
'''Serveritarkvara paigaldus'''
 
 
amavisd-new
 
 
clamav
 
 
Kogu süsteem toimib nii, et postfix annab kirja edasi amavisd'le, mis kontrollib seda kasutades amavisd'd ja smapsassassinit
 
 
 
'''Seadistus postfix'''
 
 
main.cf
 
 
content_filter = amavis:[127.0.0.1]:10024
 
 
smtpd_sender_restrictions =
 
        reject_unknown_sender_domain,
 
        permit_mynetworks,
 
        reject_rbl_client bl.spamcop.net,
 
        reject_rbl_client relays.ordb.org,
 
        reject_rbl_client sbl-xbl.spamhaus.org
 
 
master.cf
 
 
localhost:10025 inet  n  -      n      -      -      smtpd
 
    -o content_filter=
 
    -o local_recipient_maps=
 
    -o relay_recipient_maps=
 
    -o myhostname=localhost.eenet.ee
 
    -o smtpd_helo_restrictions=
 
    -o smtpd_client_restrictions=
 
    -o smtpd_sender_restrictions=
 
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
 
    -o mynetworks=127.0.0.0/8
 
#
 
amavis    unix  -      -      n      -      4      smtp
 
    -o smtp_data_done_timeout=1200
 
    -o smtp_send_xforward_command=yes
 
    -o disable_dns_lookups=yes
 
 
 
'''konfig amavisd'''
 
 
use strict;
 
 
$max_servers = 4;            # number of pre-forked children (2..15 is common)
 
$daemon_user  = 'vscan';    # (no default;  customary: vscan or amavis)
 
$daemon_group = 'vscan';    # (no default;  customary: vscan or amavis)
 
 
$mydomain = 'eenet.ee';  # a convenient default for other settings
 
 
$MYHOME  = '/var/amavis';  # a convenient default for other settings
 
$TEMPBASE = "$MYHOME/tmp";  # working directory, needs to be created manually
 
$ENV{TMPDIR} = $TEMPBASE;    # environment variable TMPDIR
 
$QUARANTINEDIR = '/var/virusmails';
 
@local_domains_maps = ( [".$mydomain"] );
 
 
$log_level = 2;              # verbosity 0..5
 
$log_recip_templ = undef;    # disable by-recipient level-0 log entries
 
$DO_SYSLOG = 1;              # log via syslogd (preferred)
 
$SYSLOG_LEVEL = 'mail.debug';
 
 
$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
 
$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1
 
 
$inet_socket_port = 10024;  # listen on this local TCP port(s) (see $protocol)
 
 
$sa_tag_level_deflt  = undef;  # add spam info headers if at, or above that level
 
$sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level
 
$sa_kill_level_deflt = 7.0; # triggers spam evasive actions
 
$sa_dsn_cutoff_level = 9;    # spam level beyond which a DSN is not sent
 
$sa_quarantine_cutoff_level = 20;  # spam level beyond which quarantine is off
 
$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
 
$sa_local_tests_only = 0;    # only tests which do not require internet access?
 
$sa_auto_whitelist = 1;      # turn on AWL in SA 2.63 or older (irrelevant
 
$virus_admin              = undef;  # notifications recip.
 
 
$mailfrom_notify_admin    = "virusalert\@$mydomain";  # notifications sender
 
$mailfrom_notify_recip    = "virusalert\@$mydomain";  # notifications sender
 
$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender
 
$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
 
 
@addr_extension_virus_maps      = ('virus');
 
@addr_extension_spam_maps      = ('spam');
 
@addr_extension_banned_maps    = ('banned');
 
@addr_extension_bad_header_maps = ('badh');
 
 
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
 
 
$MAXLEVELS = 14;
 
$MAXFILES = 1500;
 
$MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)
 
$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced)
 
 
$sa_spam_subject_tag = '***SPAM*** ';
 
$defang_virus  = 1;  # MIME-wrap passed infected mail
 
$defang_banned = 1;  # MIME-wrap passed mail containing banned name
 
 
 
$final_virus_destiny      = D_DISCARD;
 
$final_banned_destiny    = D_DISCARD;
 
$final_spam_destiny      = D_DISCARD;
 
$final_bad_header_destiny = D_PASS;
 
 
  [qr/^/ => 1],  # true for everything else
 
));
 
 
@keep_decoded_original_maps = (new_RE(
 
  qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
 
  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
 
));
 
 
$banned_filename_re = new_RE(
 
 
  # block certain double extensions anywhere in the base name
 
  qr'\.[^./]*[A-Za-z][^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,
 
 
  qr'^application/x-msdownload$'i,                  # block these MIME types
 
  qr'^application/x-msdos-program$'i,
 
  qr'^application/hta$'i,
 
 
  [ qr'^\.(rpm|cpio|tar)$'      => 0 ],  # allow any in Unix-type archives
 
  qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
 
  qr'^\.(exe-ms)$',                      # banned file(1) types
 
);
 
 
@score_sender_maps = ({ # a by-recipient hash lookup table,
 
                        # results from all matching recipient tables are summed
 
  '.' => [  # the _first_ matching sender determines the score boost
 
 
  new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist
 
    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i        => 5.0],
 
    [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
 
    [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
 
    [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i  => 5.0],
 
    [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i  => 5.0],
 
    [qr'^(your_friend|greatoffers)@'i                                => 5.0],
 
    [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i                    => 5.0],
 
  ),
 
 
  { # a hash-type lookup table (associative array)
 
    'pac@c-s.fr'                            => -3.0,
 
    'nobody@cert.org'                        => -3.0,
 
    'cert-advisory@us-cert.gov'              => -3.0,
 
    'owner-alert@iss.net'                    => -3.0,
 
    'slashdot@slashdot.org'                  => -3.0,
 
    'bugtraq@securityfocus.com'              => -3.0,
 
    'ntbugtraq@listserv.ntbugtraq.com'      => -3.0,
 
    'security-alerts@linuxsecurity.com'      => -3.0,
 
    'mailman-announce-admin@python.org'      => -3.0,
 
    'amavis-user-admin@lists.sourceforge.net'=> -3.0,
 
    'notification-return@lists.sophos.com'  => -3.0,
 
    'owner-postfix-users@postfix.org'        => -3.0,
 
    'owner-postfix-announce@postfix.org'    => -3.0,
 
    'owner-sendmail-announce@lists.sendmail.org'  => -3.0,
 
    'sendmail-announce-request@lists.sendmail.org' => -3.0,
 
    'donotreply@sendmail.org'                => -3.0,
 
    'ca+envelope@sendmail.org'              => -3.0,
 
    'noreply@freshmeat.net'                  => -3.0,
 
    'owner-technews@postel.acm.org'          => -3.0,
 
    'ietf-123-owner@loki.ietf.org'          => -3.0,
 
    'cvs-commits-list-admin@gnome.org'      => -3.0,
 
    'rt-users-admin@lists.fsck.com'          => -3.0,
 
    'clp-request@comp.nus.edu.sg'            => -3.0,
 
    'surveys-errors@lists.nua.ie'            => -3.0,
 
    'emailnews@genomeweb.com'                => -5.0,
 
    'yahoo-dev-null@yahoo-inc.com'          => -3.0,
 
    'returns.groups.yahoo.com'              => -3.0,
 
    'clusternews@linuxnetworx.com'          => -3.0,
 
    lc('lvs-users-admin@LinuxVirtualServer.org')    => -3.0,
 
    lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,
 
 
    # soft-blacklisting (positive score)
 
    'sender@example.net'                    =>  3.0,
 
    '.example.net'                          =>  1.0,
 
  },
 
  ],  # end of site-wide tables
 
});
 
 
@decoders = (
 
  ['mail', \&do_mime_decode],
 
  ['asc',  \&do_ascii],
 
  ['uue',  \&do_ascii],
 
  ['hqx',  \&do_ascii],
 
  ['ync',  \&do_ascii],
 
  ['F',    \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ],
 
  ['Z',    \&do_uncompress, ['uncompress','gzip -d','zcat'] ],
 
  ['gz',  \&do_gunzip],
 
  ['gz',  \&do_uncompress,  'gzip -d'],
 
  ['bz2',  \&do_uncompress,  'bzip2 -d'],
 
  ['lzo',  \&do_uncompress,  'lzop -d'],
 
  ['rpm',  \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ],
 
  ['cpio', \&do_pax_cpio,  ['pax','gcpio','cpio'] ],
 
  ['tar',  \&do_pax_cpio,  ['pax','gcpio','cpio'] ],
 
  ['tar',  \&do_tar],
 
  ['deb',  \&do_ar,          'ar'],
 
  ['zip',  \&do_unzip],
 
  ['rar',  \&do_unrar,      ['rar','unrar'] ],
 
  ['arj',  \&do_unarj,      ['arj','unarj'] ],
 
  ['arc',  \&do_arc,        ['nomarch','arc'] ],
 
  ['zoo',  \&do_zoo,        'zoo'],
 
  ['lha',  \&do_lha,        'lha'],
 
  ['cab',  \&do_cabextract,  'cabextract'],
 
  ['tnef', \&do_tnef],
 
  ['exe',  \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ],
 
);
 
 
@av_scanners = (
 
 
### http://www.clamav.net/
 
['ClamAV-clamd',
 
  \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
 
  qr/\bOK$/, qr/\bFOUND$/,
 
  qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
 
 
 
);
 
 
@av_scanners_backup = (
 
);
 
 
 
 
'''Automaatne start'''
 
 
amavisd_enable="YES"
 
clamav_clamd_enable="YES"
 
clamav_freshclam_enable="YES"
 
 
'''Spamitõrje uuendus'''
 
 
sa-update -D
 
 
spamassassin --lint && /usr/local/etc/rc.d/spamd.sh.sample restart
 
--lint kontrollib ega reeglites kala pole
 
 
 
'''Kontroll töötamisel'''
 
 
Heidame pilgu maillog faili, kõigi kirjadekohta peaks tekkima rida
 

Redaktsioon: 2. november 2008, kell 14:40

Postfix

Postfix on vabavaraline mail transfre agent (MTA), serveritarkvara mis mõeldud emailide vastuvõtmiseks ning saatmiseks. Postfixi kiirus, kergelt administreeritavus ja turvalisus on teinud sellest ühe enimkasutatava mta ja laialdase alternatiivi sendmailile.

Postfix on paljude operatsioonisüsteemide vaikimisi mta'ks, näiteks ubuntul.

Seadistus

Postfixi põhilisteks seadistusfailideks on main.cf ja master.cf. Main.cf sisaldab postfixi seadistusparameetreid mis vajalikud mailide liigutamiseks ning master.cf seadistab deemonprotsesse

Kõige lihtsamaks main.cf seadistuseks oleks 

smtpd_banner = $myhostname ESMTP no spam please ;) 
myhostname = kool.edu.ee
mydomain = $myhostname
myorigin = $mydomain
inet_interfaces = all
mynetworks = 127.0.0.0/8, 192.168.1.0/24
mydestination = $myhostname, localhost.$mydomain, /usr/local/etc/postfix/mydestination
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/mail/aliases
alias_database = hash:/etc/mail/aliases
home_mailbox = mbox
smtpd_sender_restrictions = permit_mynetworks, reject_unknown_sender_domain
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination

See kõik on üldine ja töötab ühtemoodi nii freebsd, solarise kui debiani või kasvõi windowsil (kui postfix sinna kunagi porditakse)

Seejärel tuleb muidugi seadistada ka postfixi septsiifilisem osa, mis varieerub erinevatel operatsioonisüsteemidel omasuudu, näiteks kus asub deemon, kus spool kaust või mis õigustes töötab postfix

Näiteks FreeBSD's võib see olla selline aga ka muidugi sõltuda täiesti olukorras ja paigaldusest. 

queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
mail_owner = postfix
mail_spool_directory = /var/mail
debug_peer_level = 2
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = no


Seletaks pisut põhilisi ridu lahti


smtpd_banner = $myhostname ESMTP no spam please ;)

Üldine teade mida näeb kui ühenduda 25 pordi külge, üldiselt täidab pigem ilu ülesannet :)

myhostname = kool.edu.ee

See muutuja võetakse tavaliselt shellist ja sõltub mis on sereri hostnameks määratud, üldiselt võib olla soov seda siiski sageli muuta

mydomain = $myhostname

mydomain võib samuti sageli erineda myhostnamest, üldiselt kui aga ei võib kasutada näiteks muutujat $myhostname

myorigin = $mydomain

Sama jutt mis eelmise puhul

inet_interfaces = all

Postfix kuulab vaikimisi kõikidel võrguseadmetel mis serveril küljes 25ndat porti

mynetworks = 127.0.0.0/8, 192.168.1.0/24

Võrkudeks mis on turvalised nimetame localhosti ja serveri taguse kontori sisevõrgu

mydestination = $myhostname, localhost.$mydomain, /usr/local/etc/postfix/mydestination 


cat /usr/local/etc/postfix/mydestination

luunja.tartu.ee luunja.edu.ee


unknown_local_recipient_reject_code = 550

alias_maps = hash:/etc/mail/aliases

alias_database = hash:/etc/mail/aliases

home_mailbox = mbox

Mailide salvestamise formaadiks mailbox. See on kõige vanem ja lihtsam formaat kuid mitte kõige parem ja tänapäeval oleks tegelikult juba üsnagi mõttekas kasutada maildir'i home_mailbox = Maildir/

smtpd_sender_restrictions = permit_mynetworks, reject_unknown_sender_domain

Piirangud läbi mailiserveri saatjale, lubame automaatselt mynetworgist saatmised ning keelame tundmatud

smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination

siinpuhul saab seadistada veel 


 permit_sasl_authenticated,
 reject_non_fqdn_hostname,
 reject_non_fqdn_sender,
 reject_non_fqdn_recipient,
 reject_unauth_destination,
 reject_unauth_pipelining,
 reject_invalid_hostname,
 reject_rbl_client bl.spamcop.net,
 reject_rbl_client sbl-xbl.spamhaus.org


Lingid

Mailiserverite võrdlused

http://en.wikipedia.org/wiki/Comparison_of_mail_servers

redhat'i postfixi põhjalikud manualid

http://www.redhat.com/support/resources/howto/RH-postfix-HOWTO/x368.html

postfixi arhidektuuri täpsem ülevaade

http://www.postfix.org/OVERVIEW.html

Pärit leheküljelt "https://kuutorvaja.eenet.ee/w/index.php?title=Postfix&oldid=9028"