postfix + spamassassin

Marian Cerny jojo at matfyz.cz
Mon Apr 28 21:24:15 CEST 2008


On 2008-04-28 15:30 +0200, Martin Bubik wrote:
> zdravim, chtel bych poprosit nekoho kdo ma zkusenosti s provozem 
> postfixu a spamassassina o par rad jak zacit.

Spamassassin je urcite vhodny nastroj na odhalovanie spamu, ale ak si to
este neurobil, tak si pozri rozne nastavenia v Postfixe, ktore tiez mozu
pomoct v boji proti spamu:
http://www.postfix.org/uce.html

	Ja osobne pouzivam nasledovne nastavenie:

	## anti-UCE ##

	smtpd_helo_required = yes
	disable_vrfy_command = yes
	strict_rfc821_envelopes = yes

	smtpd_recipient_restrictions =
		permit_sasl_authenticated
		permit_mynetworks
		reject_unauth_pipelining
		reject_non_fqdn_sender
		reject_non_fqdn_recipient
		reject_unknown_sender_domain
		reject_unknown_recipient_domain
	#       reject_invalid_helo_hostname
		warn_if_reject reject_unknown_client_hostname
		check_recipient_access hash:/usr/local/etc/postfix/filtered_domains
		reject_unauth_destination

	smtpd_data_restrictions =
		reject_unauth_pipelining

Ten reject_unknown_client_hostname planujem pridat na zaklade nedavnej
diskusii v konferencii ohladne kontroly rDNS zaznamov pri prijimani
posty.

> Server je jiz pouzivany a ja bych se chtel vyhnout nejakemu delsimu 
> vypadku - takze nemuzu moc laborovat stylem

Najrozumnejsie je to najprv vyskusat na nejakom testovacom stroji. Inac
na otestovanie, ake maily bude odmietat reject pravidlo v postfixe, sa
hodi warn_if_reject. To mozes pokojne skusat aj na produkcnom serveri.

> narazil jsem na jiny postup pres perl moduly
> perl -MCPAN -e shell

Jednoznacne odporucam instalovat cez porty.

Ja mam nainstalovane p5-Mail-SpamAssassin.

V rc.conf mam spamd_enable="YES". 

V master.cf mam:
	# spam filter
	filter    unix  -       n       n       -       2       pipe
	  flags=Rq user=filter argv=/usr/local/bin/spamcheck -f ${sender} -- ${recipient}
	retry     unix  -       -       n       -       -       error

/usr/local/bin/spamcheck je jednoduchy shell skript:
	#!/bin/sh

	# Simple shell-based filter. It is meant to be invoked as follows:
	#       /path/to/script -f sender recipients...

	SPOOL_DIR=/var/spool/filter
	SENDMAIL="/usr/sbin/sendmail -G -i"
	SPAMC=/usr/local/bin/spamc

	# Exit codes from <sysexits.h>
	EX_TEMPFAIL=75
	EX_UNAVAILABLE=69

	# Clean up when done or when aborting.
	trap "rm -f $SPOOL_DIR/in.$$" 0 1 2 3 15

	cat | $SPAMC -E > $SPOOL_DIR/in.$$

	if [ $? = 1 ]
	then
		# This message is spam
		$SENDMAIL spambasket < $SPOOL_DIR/in.$$
	else
		$SENDMAIL "$@" < $SPOOL_DIR/in.$$
	fi

	rm -f $SPOOL_DIR/in.$$

	exit $?

Mam vytvoreneho uzivatela filter, adresar /var/spool/filter a mailbox
spambasket, kam mi chodi vsetok spam.

Vo filtered_domains mam pre kazdu prevadzkovanu domenu uvedene:
	########################################################
	# Don't forget to run 'postmap filtered_domains' upon change.
	########################################################

	domena.cz          FILTER filter:dummy

Malo by to byt priblizne vsetko, co je potreba urobit. Ked tak pripadne
skus pozriet http://www.postfix.org/FILTER_README.html.

Marian



More information about the Users-l mailing list