Erinevus lehekülje "Postfix" redaktsioonide vahel

Allikas: Kuutõrvaja
1. rida: 1. rida:
 +
Postfix
 +
 +
Postfix on vabavaraline mail transfre agent (MTA), serveritarkvara mis mõeldud
 +
emailide vastuvõtmiseks ning saatmiseks. Postfixi kiirus, kergelt administreeritavus ja turvalisus
 +
on teinud sellest ühe enimkasutatava mta ja laialdase alternatiivi sendmailile.
 +
 +
Postfix on paljude operatsioonisüsteemide vaikimisi mta'ks, näiteks ubuntul.
 +
 +
 +
 +
Postfixi põhilisteks seadistusfailideks on main.cf ja master.cf. Main.cf sisaldab
 +
postfixi seadistusparameetreid mis vajalikud mailide liigutamiseks ning master.cf seadistab deemonprotsesse
 +
 +
Kõige lihtsamaks main.cf seadistuseks oleks
 +
 +
smtpd_banner = $myhostname ESMTP no spam please ;)
 +
 +
myhostname = kool.edu.ee
 +
mydomain = $myhostname
 +
myorigin = $mydomain
 +
 +
inet_interfaces = all
 +
mynetworks = 127.0.0.0/8, 192.168.1.0/24
 +
 +
mydestination = $myhostname, localhost.$mydomain, /usr/local/etc/postfix/mydestination
 +
 +
unknown_local_recipient_reject_code = 550
 +
 +
alias_maps = hash:/etc/mail/aliases
 +
alias_database = hash:/etc/mail/aliases
 +
 +
home_mailbox = mbox
 +
 +
 +
smtpd_sender_restrictions =
 +
        permit_mynetworks,
 +
        reject_unknown_sender_domain
 +
 +
smtpd_recipient_restrictions =
 +
        permit_mynetworks,
 +
        reject_unauth_destination
 +
 +
 +
 +
queue_directory = /var/spool/postfix
 +
command_directory = /usr/local/sbin
 +
daemon_directory = /usr/local/libexec/postfix
 +
mail_owner = postfix
 +
mail_spool_directory = /var/mail
 +
debug_peer_level = 2
 +
sendmail_path = /usr/local/sbin/sendmail
 +
newaliases_path = /usr/local/bin/newaliases
 +
mailq_path = /usr/local/bin/mailq
 +
setgid_group = maildrop
 +
html_directory = no
 +
manpage_directory = /usr/local/man
 +
sample_directory = /usr/local/etc/postfix
 +
readme_directory = no
 +
 +
 +
 +
 +
Mailiserverite võrdlused
 +
 +
http://en.wikipedia.org/wiki/Comparison_of_mail_servers
 +
 +
redhat'i postfixi põhjalikud manualid
 +
 +
http://www.redhat.com/support/resources/howto/RH-postfix-HOWTO/x368.html
 +
 +
postfixi arhidektuuri täpsem ülevaade
 +
 +
http://www.postfix.org/OVERVIEW.html
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 
'''Serveritarkvara paigaldus'''
 
'''Serveritarkvara paigaldus'''
  

Redaktsioon: 2. november 2008, kell 14:28

Postfix

Postfix on vabavaraline mail transfre agent (MTA), serveritarkvara mis mõeldud emailide vastuvõtmiseks ning saatmiseks. Postfixi kiirus, kergelt administreeritavus ja turvalisus on teinud sellest ühe enimkasutatava mta ja laialdase alternatiivi sendmailile.

Postfix on paljude operatsioonisüsteemide vaikimisi mta'ks, näiteks ubuntul.


Postfixi põhilisteks seadistusfailideks on main.cf ja master.cf. Main.cf sisaldab postfixi seadistusparameetreid mis vajalikud mailide liigutamiseks ning master.cf seadistab deemonprotsesse

Kõige lihtsamaks main.cf seadistuseks oleks

smtpd_banner = $myhostname ESMTP no spam please ;)

myhostname = kool.edu.ee mydomain = $myhostname myorigin = $mydomain

inet_interfaces = all mynetworks = 127.0.0.0/8, 192.168.1.0/24

mydestination = $myhostname, localhost.$mydomain, /usr/local/etc/postfix/mydestination

unknown_local_recipient_reject_code = 550

alias_maps = hash:/etc/mail/aliases alias_database = hash:/etc/mail/aliases

home_mailbox = mbox


smtpd_sender_restrictions = 

       permit_mynetworks,
       reject_unknown_sender_domain

smtpd_recipient_restrictions = 

       permit_mynetworks,
       reject_unauth_destination


queue_directory = /var/spool/postfix command_directory = /usr/local/sbin daemon_directory = /usr/local/libexec/postfix mail_owner = postfix mail_spool_directory = /var/mail debug_peer_level = 2 sendmail_path = /usr/local/sbin/sendmail newaliases_path = /usr/local/bin/newaliases mailq_path = /usr/local/bin/mailq setgid_group = maildrop html_directory = no manpage_directory = /usr/local/man sample_directory = /usr/local/etc/postfix readme_directory = no



Mailiserverite võrdlused

http://en.wikipedia.org/wiki/Comparison_of_mail_servers

redhat'i postfixi põhjalikud manualid

http://www.redhat.com/support/resources/howto/RH-postfix-HOWTO/x368.html

postfixi arhidektuuri täpsem ülevaade

http://www.postfix.org/OVERVIEW.html












Serveritarkvara paigaldus

amavisd-new

clamav

Kogu süsteem toimib nii, et postfix annab kirja edasi amavisd'le, mis kontrollib seda kasutades amavisd'd ja smapsassassinit


Seadistus postfix

main.cf 

content_filter = amavis:[127.0.0.1]:10024

smtpd_sender_restrictions =
       reject_unknown_sender_domain,
       permit_mynetworks,
       reject_rbl_client bl.spamcop.net,
       reject_rbl_client relays.ordb.org,
       reject_rbl_client sbl-xbl.spamhaus.org

master.cf 

localhost:10025 inet  n  -      n       -       -       smtpd
   -o content_filter=
   -o local_recipient_maps=
   -o relay_recipient_maps=
   -o myhostname=localhost.eenet.ee
   -o smtpd_helo_restrictions=
   -o smtpd_client_restrictions=
   -o smtpd_sender_restrictions=
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o mynetworks=127.0.0.0/8
#
amavis    unix  -       -       n       -       4       smtp
   -o smtp_data_done_timeout=1200
   -o smtp_send_xforward_command=yes
   -o disable_dns_lookups=yes


konfig amavisd 

use strict;

$max_servers = 4;            # number of pre-forked children (2..15 is common)
$daemon_user  = 'vscan';     # (no default;  customary: vscan or amavis)
$daemon_group = 'vscan';     # (no default;  customary: vscan or amavis) 

$mydomain = 'eenet.ee';   # a convenient default for other settings 

$MYHOME   = '/var/amavis';   # a convenient default for other settings
$TEMPBASE = "$MYHOME/tmp";   # working directory, needs to be created manually
$ENV{TMPDIR} = $TEMPBASE;    # environment variable TMPDIR
$QUARANTINEDIR = '/var/virusmails';
@local_domains_maps = ( [".$mydomain"] ); 

$log_level = 2;              # verbosity 0..5
$log_recip_templ = undef;    # disable by-recipient level-0 log entries
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$SYSLOG_LEVEL = 'mail.debug'; 

$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1 

$inet_socket_port = 10024;   # listen on this local TCP port(s) (see $protocol)

$sa_tag_level_deflt  = undef;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 7.0; # triggers spam evasive actions
$sa_dsn_cutoff_level = 9;    # spam level beyond which a DSN is not sent
$sa_quarantine_cutoff_level = 20;  # spam level beyond which quarantine is off
$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0;    # only tests which do not require internet access?
$sa_auto_whitelist = 1;      # turn on AWL in SA 2.63 or older (irrelevant
$virus_admin               = undef;  # notifications recip.

$mailfrom_notify_admin     = "virusalert\@$mydomain";  # notifications sender
$mailfrom_notify_recip     = "virusalert\@$mydomain";  # notifications sender
$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender
$mailfrom_to_quarantine = ; # null return path; uses original sender if undef

@addr_extension_virus_maps      = ('virus');
@addr_extension_spam_maps       = ('spam');
@addr_extension_banned_maps     = ('banned');
@addr_extension_bad_header_maps = ('badh');

$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';

$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced)

$sa_spam_subject_tag = '***SPAM*** ';
$defang_virus  = 1;  # MIME-wrap passed infected mail
$defang_banned = 1;  # MIME-wrap passed mail containing banned name
 
$final_virus_destiny      = D_DISCARD;
$final_banned_destiny     = D_DISCARD;
$final_spam_destiny       = D_DISCARD;
$final_bad_header_destiny = D_PASS;

 [qr/^/ => 1],  # true for everything else
));

@keep_decoded_original_maps = (new_RE(
 qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
 qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
));

$banned_filename_re = new_RE(

 # block certain double extensions anywhere in the base name
 qr'\.[^./]*[A-Za-z][^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,

 qr'^application/x-msdownload$'i,                  # block these MIME types
 qr'^application/x-msdos-program$'i,
 qr'^application/hta$'i,

 [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any in Unix-type archives
 qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
 qr'^\.(exe-ms)$',                       # banned file(1) types
);

@score_sender_maps = ({ # a by-recipient hash lookup table,
                        # results from all matching recipient tables are summed
 '.' => [  # the _first_ matching sender determines the score boost

  new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist
   [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i         => 5.0],
   [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
   [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
   [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i   => 5.0],
   [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i  => 5.0],
   [qr'^(your_friend|greatoffers)@'i                                => 5.0],
   [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i                    => 5.0],
  ),

  { # a hash-type lookup table (associative array)
    'pac@c-s.fr'                             => -3.0,
    'nobody@cert.org'                        => -3.0,
    'cert-advisory@us-cert.gov'              => -3.0,
    'owner-alert@iss.net'                    => -3.0,
    'slashdot@slashdot.org'                  => -3.0,
    'bugtraq@securityfocus.com'              => -3.0,
    'ntbugtraq@listserv.ntbugtraq.com'       => -3.0,
    'security-alerts@linuxsecurity.com'      => -3.0,
    'mailman-announce-admin@python.org'      => -3.0,
    'amavis-user-admin@lists.sourceforge.net'=> -3.0,
    'notification-return@lists.sophos.com'   => -3.0,
    'owner-postfix-users@postfix.org'        => -3.0,
    'owner-postfix-announce@postfix.org'     => -3.0,
    'owner-sendmail-announce@lists.sendmail.org'   => -3.0,
    'sendmail-announce-request@lists.sendmail.org' => -3.0,
    'donotreply@sendmail.org'                => -3.0,
    'ca+envelope@sendmail.org'               => -3.0,
    'noreply@freshmeat.net'                  => -3.0,
    'owner-technews@postel.acm.org'          => -3.0,
    'ietf-123-owner@loki.ietf.org'           => -3.0,
    'cvs-commits-list-admin@gnome.org'       => -3.0,
    'rt-users-admin@lists.fsck.com'          => -3.0,
    'clp-request@comp.nus.edu.sg'            => -3.0,
    'surveys-errors@lists.nua.ie'            => -3.0,
    'emailnews@genomeweb.com'                => -5.0,
    'yahoo-dev-null@yahoo-inc.com'           => -3.0,
    'returns.groups.yahoo.com'               => -3.0,
    'clusternews@linuxnetworx.com'           => -3.0,
    lc('lvs-users-admin@LinuxVirtualServer.org')    => -3.0,
    lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,

    # soft-blacklisting (positive score)
    'sender@example.net'                     =>  3.0,
    '.example.net'                           =>  1.0,
  },
 ],  # end of site-wide tables
});

@decoders = (
 ['mail', \&do_mime_decode],
 ['asc',  \&do_ascii],
 ['uue',  \&do_ascii],
 ['hqx',  \&do_ascii],
 ['ync',  \&do_ascii],
 ['F',    \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ],
 ['Z',    \&do_uncompress, ['uncompress','gzip -d','zcat'] ],
 ['gz',   \&do_gunzip],
 ['gz',   \&do_uncompress,  'gzip -d'],
 ['bz2',  \&do_uncompress,  'bzip2 -d'],
 ['lzo',  \&do_uncompress,  'lzop -d'],
 ['rpm',  \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ],
 ['cpio', \&do_pax_cpio,   ['pax','gcpio','cpio'] ],
 ['tar',  \&do_pax_cpio,   ['pax','gcpio','cpio'] ],
 ['tar',  \&do_tar],
 ['deb',  \&do_ar,          'ar'],
 ['zip',  \&do_unzip],
 ['rar',  \&do_unrar,      ['rar','unrar'] ],
 ['arj',  \&do_unarj,      ['arj','unarj'] ],
 ['arc',  \&do_arc,        ['nomarch','arc'] ],
 ['zoo',  \&do_zoo,         'zoo'],
 ['lha',  \&do_lha,         'lha'],
 ['cab',  \&do_cabextract,  'cabextract'],
 ['tnef', \&do_tnef],
 ['exe',  \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ],
);

@av_scanners = (

### http://www.clamav.net/
['ClamAV-clamd',
  \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
  qr/\bOK$/, qr/\bFOUND$/,
  qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
 
);

@av_scanners_backup = (
);


Automaatne start 

amavisd_enable="YES"
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"

Spamitõrje uuendus 

sa-update -D

spamassassin --lint && /usr/local/etc/rc.d/spamd.sh.sample restart

--lint kontrollib ega reeglites kala pole


Kontroll töötamisel

Heidame pilgu maillog faili, kõigi kirjadekohta peaks tekkima rida

Pärit leheküljelt "https://kuutorvaja.eenet.ee/w/index.php?title=Postfix&oldid=9024"