postfix + spamassassin
Marian Cerny
jojo at matfyz.cz
Mon Apr 28 21:24:15 CEST 2008
On 2008-04-28 15:30 +0200, Martin Bubik wrote:
> zdravim, chtel bych poprosit nekoho kdo ma zkusenosti s provozem
> postfixu a spamassassina o par rad jak zacit.
Spamassassin je urcite vhodny nastroj na odhalovanie spamu, ale ak si to
este neurobil, tak si pozri rozne nastavenia v Postfixe, ktore tiez mozu
pomoct v boji proti spamu:
http://www.postfix.org/uce.html
Ja osobne pouzivam nasledovne nastavenie:
## anti-UCE ##
smtpd_helo_required = yes
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated
permit_mynetworks
reject_unauth_pipelining
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unknown_sender_domain
reject_unknown_recipient_domain
# reject_invalid_helo_hostname
warn_if_reject reject_unknown_client_hostname
check_recipient_access hash:/usr/local/etc/postfix/filtered_domains
reject_unauth_destination
smtpd_data_restrictions =
reject_unauth_pipelining
Ten reject_unknown_client_hostname planujem pridat na zaklade nedavnej
diskusii v konferencii ohladne kontroly rDNS zaznamov pri prijimani
posty.
> Server je jiz pouzivany a ja bych se chtel vyhnout nejakemu delsimu
> vypadku - takze nemuzu moc laborovat stylem
Najrozumnejsie je to najprv vyskusat na nejakom testovacom stroji. Inac
na otestovanie, ake maily bude odmietat reject pravidlo v postfixe, sa
hodi warn_if_reject. To mozes pokojne skusat aj na produkcnom serveri.
> narazil jsem na jiny postup pres perl moduly
> perl -MCPAN -e shell
Jednoznacne odporucam instalovat cez porty.
Ja mam nainstalovane p5-Mail-SpamAssassin.
V rc.conf mam spamd_enable="YES".
V master.cf mam:
# spam filter
filter unix - n n - 2 pipe
flags=Rq user=filter argv=/usr/local/bin/spamcheck -f ${sender} -- ${recipient}
retry unix - - n - - error
/usr/local/bin/spamcheck je jednoduchy shell skript:
#!/bin/sh
# Simple shell-based filter. It is meant to be invoked as follows:
# /path/to/script -f sender recipients...
SPOOL_DIR=/var/spool/filter
SENDMAIL="/usr/sbin/sendmail -G -i"
SPAMC=/usr/local/bin/spamc
# Exit codes from <sysexits.h>
EX_TEMPFAIL=75
EX_UNAVAILABLE=69
# Clean up when done or when aborting.
trap "rm -f $SPOOL_DIR/in.$$" 0 1 2 3 15
cat | $SPAMC -E > $SPOOL_DIR/in.$$
if [ $? = 1 ]
then
# This message is spam
$SENDMAIL spambasket < $SPOOL_DIR/in.$$
else
$SENDMAIL "$@" < $SPOOL_DIR/in.$$
fi
rm -f $SPOOL_DIR/in.$$
exit $?
Mam vytvoreneho uzivatela filter, adresar /var/spool/filter a mailbox
spambasket, kam mi chodi vsetok spam.
Vo filtered_domains mam pre kazdu prevadzkovanu domenu uvedene:
########################################################
# Don't forget to run 'postmap filtered_domains' upon change.
########################################################
domena.cz FILTER filter:dummy
Malo by to byt priblizne vsetko, co je potreba urobit. Ked tak pripadne
skus pozriet http://www.postfix.org/FILTER_README.html.
Marian
More information about the Users-l
mailing list