Категорії
Mail systems

Почтовая система полностью в сборке.

Статья содержит настройки такой связки: Postfix+dovecot+mysql+amavis+sa+postgrey+mailman+roundcube+postfixadmin
Здесь буду приводить лишь конфиги и краткие объяснения, ибо и так всё понятно, что оно и зачем. Почта храниться в /var/spool/vmail. Права на папку vmail:vmail,0770


1)Postfix.
Версия postfix-2.6.5,1. Собирал с такими опциями:

[X] PCRE      Perl Compatible Regular Expressions
[X] DOVECOT   Dovecot SASL authentication method
[X] TLS       Enable SSL and TLS support
[X] MYSQL     MySQL maps (choose version with WITH_MYSQL_VER)
[X] CDB       CDB maps lookups
[X] NIS       NIS maps lookups
[X] VDA       VDA (Virtual Delivery Agent 32Bit)

При установке задаётся такой вопрос:

Would you like to activate Postfix in /etc/mail/mailer.conf [n]?

отвечаем Y. После установки пишем такое в /etc/periodic.conf (если его нет, создаём вручную)


daily_clean_hoststat_enable=”NO”

daily_status_mail_rejects_enable=”NO”

daily_status_include_submit_mailq=”NO”

daily_submit_queuerun=”NO”

daily_status_mailq_shorten=”YES”                         # Shorten output

daily_status_include_submit_mailq=”NO”                 # Also submit queue

Этим мы отключаем специфические опции для sendmail и немного оптимизируем формат ежедневного отчёта по части почты

$cat main.cf

queue_directory = /var/spool/postfix

command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
mail_owner = postfix
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
mail_owner = postfix
myhostname = mail.domain.com.ua
mydomain = domain.com.ua

myorigin = $myhostname
inet_interfaces = all
mydestination = $myhostname
local_recipient_maps = unix:passwd.byname $alias_maps $virtual_mailbox_maps
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
mynetworks_style = subnet
mynetworks =        127.0.0.0/8,          # localhost
11.11.11.0/24,       # our local net
relay_domains = $mydestination, hash:/usr/local/etc/postfix/relayed_domains
alias_maps =
hash:/etc/mail/aliases
hash:/usr/local/mailman/data/aliases
virtual_alias_maps =
hash:/usr/local/mailman/data/virtual-mailman
mysql:/usr/local/etc/postfix/mysql/virtual.cf
virtual_alias_domains = $virtual_alias_maps
alias_database =
hash:/etc/mail/aliases
debug_peer_level = 3
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = /usr/local/share/doc/postfix
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = /usr/local/share/doc/postfix

smtpd_client_restrictions =

permit_mynetworks,

permit_sasl_authenticated,

reject_unauth_pipelining,

permit

smtpd_helo_restrictions =

permit

smtpd_sender_restrictions =

permit_mynetworks,

permit_sasl_authenticated,

check_sender_access hash:/usr/local/etc/postfix/sender_list,

reject_non_fqdn_sender,

reject_unknown_sender_domain,

reject_unverified_sender,

reject_rbl_client bl.spamcop.net,

reject_rbl_client dnsbl.njabl.org,

reject_rbl_client dul.dnsbl.sorbs.net,

reject_rbl_client sbl-xbl.spamhaus.org,

reject_rbl_client zen.spamhaus.org,

permit

smtpd_recipient_restrictions =

permit_mynetworks,

permit_sasl_authenticated,

check_recipient_access hash:/usr/local/etc/postfix/recipient_list,

reject_non_fqdn_recipient,

reject_unauth_destination,

reject_unknown_recipient_domain,

reject_unverified_recipient,

reject_rbl_client bl.spamcop.net,

reject_rbl_client dnsbl.njabl.org,

reject_rbl_client dul.dnsbl.sorbs.net,

reject_rbl_client sbl-xbl.spamhaus.org,

reject_rbl_client dul.ru,

reject_rbl_client zen.spamhaus.org,

check_policy_service inet:127.0.0.1:10023,

permit

smtpd_data_restrictions =

permit

smtpd_end_of_data_restrictions =

permit

smtpd_etrn_restrictions =

permit

virtual_mailbox_base = /var/spool/vmail
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql/virtual_mailbox.cf
virtual_minimum_uid = 990
virtual_mailbox_limit_maps=mysql:/usr/local/etc/postfix/mysql/virtual_mailbox_limit.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user’s maildir has no space available in their inbox.
virtual_overquota_bounce = yes
virtual_uid_maps = static:990
virtual_gid_maps = static:990
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql/virtual_mailbox_domains.cf
smtpd_sasl_auth_enable = yes
smtpd_sasl_application_name = smtpd
smtpd_sasl_local_domain = mail.domain.com.ua
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client
broken_sasl_auth_clients = yes
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
content_filter = smtp-amavis:[127.0.0.1]:10024

$cat master.cf

 

smtp      inet  n       –       n       –       –       smtpd
pickup    fifo  n       –       n       60      1       pickup
cleanup   unix  n       –       n       –       0       cleanup
qmgr      fifo  n       –       n       300     1       qmgr
tlsmgr    unix  –       –       n       1000?   1       tlsmgr
rewrite   unix  –       –       n       –       –       trivial-rewrite
bounce    unix  –       –       n       –       0       bounce
defer     unix  –       –       n       –       0       bounce
trace     unix  –       –       n       –       0       bounce
verify    unix  –       –       n       –       1       verify
flush     unix  n       –       n       1000?   0       flush
proxymap  unix  –       –       n       –       –       proxymap
smtp      unix  –       –       n       –       –       smtp
relay     unix  –       –       n       –       –       smtp -o fallback_relay=
showq     unix  n       –       n       –       –       showq
error     unix  –       –       n       –       –       error
retry     unix  –       –       n       –       –       error
discard   unix  –       –       n       –       –       discard
local     unix  –       n       n       –       –       local
virtual   unix  –       n       n       –       –       virtual
lmtp      unix  –       –       n       –       –       lmtp
anvil     unix  –       –       n       –       1       anvil
scache    unix  –       –       n       –       1       scache
smtp-amavis     unix    –       –       n       –       8      smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=8
127.0.0.1:10025 inet    n       –       n       –       –       smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
proxywrite unix –       –       n       –       1       proxymap

2)Dovecot
Версия dovecot-1.2.8. Собирал с такими опциями:

[X] KQUEUE       kqueue(2) support
[X] SSL          SSL support
[X] LDA          LDA support
[X] MANAGESIEVE  ManageSieve support
[X] MYSQL        MySQL support

$cat dovecot.conf

 

protocols = imap imaps pop3 pop3s
protocol imap {
listen = 11.11.11.11:143
ssl_listen = 11.11.11.11:993
}
protocol pop3 {
listen = 11.11.11.11:110
ssl_listen = 11.11.11.11:995
}
base_dir = /var/run/dovecot
login_user = dovecot
protocols = imap imaps pop3 pop3s
disable_plaintext_auth = no
ssl_cert_file = /etc/ssl/smtpd.pem
ssl_key_file = /etc/ssl/smtpd.pem
mail_location = maildir:%h
mail_privileged_group = mail
verbose_proctitle = yes
first_valid_uid = 990
first_valid_gid = 990
mail_uid = 990
mail_gid = 990
log_path = /var/log/maillog
log_timestamp = “%b %d %H:%M:%S “
syslog_facility = mail
protocol imap {
imap_client_workarounds = delay-newmail outlook-idle netscape-eoh tb-extra-mailbox-sep
}
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
postmaster_address = postmaster@example.com
sendmail_path = /usr/sbin/sendmail
}
auth_default_realm = domain.com.ua
auth_verbose = no
auth_debug = no
auth default {
mechanisms = digest-md5 plain login
passdb sql {
args = /usr/local/etc/dovecot-sql.conf
}
userdb passwd {
args = blocking=yes
}
userdb sql {
args = /usr/local/etc/dovecot-sql.conf
}
user = root
socket listen {
client {
path = /var/run/dovecot/auth-client
mode = 0660
user = dovecot
group = dovecot
}
}
}
dict {
}
plugin {
}


#cat dovecot-sql.conf

driver = mysql

connect = host=localhost user=dovecot password=dovecot dbname=postfix

default_pass_scheme = MD5-CRYPT

password_query = SELECT password FROM mailbox WHERE username = ‘%u’ AND active=’1′

user_query = SELECT CONCAT(‘/var/spool/vmail/’,domain,’/’,maildir) AS home FROM mailbox WHERE username = ‘%n@%d’

3) Amavis

Версия amavisd-new-2.6.4_2,1. Собирал с такими опциями:

[X] BDB           Use BerkeleyDB for nanny/cache/snmp
[X] SNMP          Install amavisd snmp subagent
[X] MYSQL         Use MySQL for lookups/logging/quarantine
[X] SASL          Use SASL authentication

[X] MILTER        Sendmail milter support
[X] SPAMASSASSIN  Use mail/p5-Mail-SpamAssassin
[X] FILE          Use newer file(1) utility from ports
[X] RAR           RAR support with archivers/rar
[X] UNRAR         RAR support with archivers/unrar
[X] ARJ           ARJ support with archivers/arj

[X] UNARJ         ARJ support with archivers/unarj
[X] LHA           LHA support with archivers/lha
[X] ARC           ARC support with archivers/arc
[X] NOMARCH       ARC support with archivers/nomarch
[X] CAB           CAB support with archivers/cabextract
[X] RPM           RPM support with archivers/rpm2cpio
[X] ZOO           ZOO support with archivers/zoo
[X] UNZOO         ZOO support with archivers/unzoo
[X] LZOP          LZOP support with archivers/lzop
[X] FREEZE        FREEZE support with archivers/freeze
[X] P7ZIP         P7ZIP support with archivers/p7zip
[X] MSWORD        Ms Word support with textproc/ripole


#cat amavisd.conf

use strict;
$max_servers = 8;            # num of pre-forked children (2..30 is common), -m
$max_requests = 8;           # was 32   retire a child after that many accepts (default 20)
$daemon_user  = ‘vscan’;     # (no default;  customary: vscan or amavis), -u
$daemon_group = ‘vscan’;     # (no default;  customary: vscan or amavis), -g
$mydomain = ‘domain.com.ua’;   # a convenient default for other settings
$MYHOME = ‘/var/amavis’;   # a convenient default for other settings, -H
$TEMPBASE = “$MYHOME/tmp”;   # working directory, needs to exist, -T
$ENV{TMPDIR} = $TEMPBASE;    # environment variable TMPDIR, used by SA, etc.
$QUARANTINEDIR = “$MYHOME/virusmails”;  # -Q
$log_level = 1;              # verbosity 0..5, -d
$log_recip_templ = undef;    # disable by-recipient level-0 log entries
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$syslog_facility = ‘mail’;   # Syslog facility as a string
# e.g.: mail, daemon, user, local0, … local7
$syslog_priority = ‘debug’;  # Syslog base (minimal) priority as a string,
# choose from: emerg, alert, crit, err, warning, notice, info, debug
$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1
$nanny_details_level = 2;    # nanny verbosity: 1: traditional, 2: detailed
$enable_dkim_verification=0;
@local_domains_maps = ( [“.$mydomain”] );  # list of all local domains
@mynetworks = qw( 127.0.0.0/8 11.11.11.0/24);
$unix_socketname = “$MYHOME/amavisd.sock”;  # amavisd-release or amavis-milter
# option(s) -p overrides $inet_socket_port and $unix_socketname
$inet_socket_port = 10024;   # listen on this local TCP port(s)
$policy_bank{‘MYNETS’} = {   # mail originating from @mynetworks
originating => 1,  # is true in MYNETS by default, but let’s make it explicit
os_fingerprint_method => undef,  # don’t query p0f for internal clients
};
@whitelist_sender_maps = ( [‘.domain.com.ua’, ‘.otherdomain.com.ua’] );
read_hash(\%whitelist_sender, ‘/var/amavis/whitelist’);
$interface_policy{‘10026’} = ‘ORIGINATING’;

$policy_bank{‘ORIGINATING’} = {  # mail supposedly originating from our users
originating => 1,  # declare that mail was submitted by our smtp client
allow_disclaimers => 1,  # enables disclaimer insertion if available
# notify administrator of locally originating malware
virus_admin_maps => [“virusalert\@$mydomain”],
spam_admin_maps  => [“virusalert\@$mydomain”],
warnbadhsender   => 1,
# forward to a smtpd service providing DKIM signing service
forward_method => ‘smtp:[127.0.0.1]:10027’,
# force MTA conversion to 7-bit (e.g. before DKIM signing)
smtpd_discard_ehlo_keywords => [‘8BITMIME’],
bypass_banned_checks_maps => [1],  # allow sending any file names and types
terminate_dsn_on_notify_success => 0,  # don’t remove NOTIFY=SUCCESS option
};
$interface_policy{‘SOCK’} = ‘AM.PDP-SOCK’; # only applies with $unix_socketname
$policy_bank{‘AM.PDP-SOCK’} = {
protocol => ‘AM.PDP’,
auth_required_release => 0,  # do not require secret_id for amavisd-release
};
$spam_quarantine_to = “spam\@$mydomain”;
$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 4.5;  # add ‘spam detected’ headers at that level
$sa_kill_level_deflt = 6.5;  # triggers spam evasive actions (e.g. blocks mail)
$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent
$penpals_bonus_score = 8;    # (no effect without a @storage_sql_dsn database)
$penpals_threshold_high = $sa_kill_level_deflt;  # don’t waste time on hi spam
$sa_mail_body_size_limit = 400*1024; # don’t waste time on SA if mail is larger
$sa_local_tests_only = 0;    # only tests which do not require internet access?
$virus_admin               = “virusalert\@$mydomain”;  # notifications recip.
$mailfrom_notify_admin     = “virusalert\@$mydomain”;  # notifications sender
$mailfrom_notify_recip     = “virusalert\@$mydomain”;  # notifications sender
$mailfrom_notify_spamadmin = “spam.police\@$mydomain”; # notifications sender
$mailfrom_to_quarantine = ”; # null return path; uses original sender if undef
@addr_extension_virus_maps      = (‘virus’);
@addr_extension_banned_maps     = (‘banned’);
@addr_extension_spam_maps       = (‘spam’);
@addr_extension_bad_header_maps = (‘badh’);
$path = ‘/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin’;
$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced)

$sa_spam_subject_tag = ‘***SPAM*** ‘;
$defang_virus  = 1;  # MIME-wrap passed infected mail
$defang_banned = 1;  # MIME-wrap passed mail containing banned name
$defang_by_ccat{+CC_BADH.”,3″} = 1;  # NUL or CR character in header
$defang_by_ccat{+CC_BADH.”,5″} = 1;  # header line longer than 998 characters
$defang_by_ccat{+CC_BADH.”,6″} = 1;  # header field syntax error
$myhostname = ‘mail.domain.com.ua’;  # must be a fully-qualified domain name!
$notify_method  = ‘smtp:[127.0.0.1]:10025’;
$forward_method = ‘smtp:[127.0.0.1]:10025’;  # set to undef with milter!
$final_virus_destiny      = D_DISCARD;
$final_banned_destiny     = D_BOUNCE;
$final_spam_destiny       = D_BOUNCE;
$final_bad_header_destiny = D_PASS;
@keep_decoded_original_maps = (new_RE(
qr’^MAIL-UNDECIPHERABLE$’, # recheck full mail if it contains undecipherables
qr’^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)’i,
));
$banned_filename_re = new_RE(
qr’^\.(exe-ms|dll)$’,                   # banned file(1) types, rudimentary
[ qr’^\.(rpm|cpio|tar)$’       => 0 ],  # allow any in Unix-type archives
qr’.\.(pif|scr)$’i,                     # banned extensions – rudimentary
qr’^application/x-msdownload$’i,        # block these MIME types
qr’^application/x-msdos-program$’i,
qr’^application/hta$’i,
# block certain double extensions in filenames
qr’\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$’i,
qr’.\.(exe|vbs|pif|scr|cpl)$’i,             # banned extension – basic
);
@score_sender_maps = ({ # a by-recipient hash lookup table,
# results from all matching recipient tables are summed
‘.’ => [  # the _first_ matching sender determines the score boost
new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist
[qr’^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@’i         => 5.0],
[qr’^(greatcasino|investments|lose_weight_today|market\.alert)@’i=> 5.0],
[qr’^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@’i=> 5.0],
[qr’^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@’i   => 5.0],
[qr’^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@’i  => 5.0],
[qr’^(your_friend|greatoffers)@’i                                => 5.0],
[qr’^(inkjetplanet|marketopt|MakeMoney)\d*@’i                    => 5.0],
),
{ # a hash-type lookup table (associative array)
‘nobody@cert.org’                        => -3.0,
‘cert-advisory@us-cert.gov’              => -3.0,
‘owner-alert@iss.net’                    => -3.0,
‘slashdot@slashdot.org’                  => -3.0,
‘securityfocus.com’                      => -3.0,
‘ntbugtraq@listserv.ntbugtraq.com’       => -3.0,
‘security-alerts@linuxsecurity.com’      => -3.0,
‘mailman-announce-admin@python.org’      => -3.0,
‘amavis-user-admin@lists.sourceforge.net’=> -3.0,
‘amavis-user-bounces@lists.sourceforge.net’ => -3.0,
‘spamassassin.apache.org’                => -3.0,
‘notification-return@lists.sophos.com’   => -3.0,
‘owner-postfix-users@postfix.org’        => -3.0,
‘owner-postfix-announce@postfix.org’     => -3.0,
‘owner-sendmail-announce@lists.sendmail.org’   => -3.0,
‘sendmail-announce-request@lists.sendmail.org’ => -3.0,
‘donotreply@sendmail.org’                => -3.0,
‘ca+envelope@sendmail.org’               => -3.0,
‘noreply@freshmeat.net’                  => -3.0,
‘owner-technews@postel.acm.org’          => -3.0,
‘ietf-123-owner@loki.ietf.org’           => -3.0,
‘cvs-commits-list-admin@gnome.org’       => -3.0,
‘rt-users-admin@lists.fsck.com’          => -3.0,
‘clp-request@comp.nus.edu.sg’            => -3.0,
‘surveys-errors@lists.nua.ie’            => -3.0,
’emailnews@genomeweb.com’                => -5.0,
‘yahoo-dev-null@yahoo-inc.com’           => -3.0,
‘returns.groups.yahoo.com’               => -3.0,
‘clusternews@linuxnetworx.com’           => -3.0,
lc(‘lvs-users-admin@LinuxVirtualServer.org’)    => -3.0,
lc(‘owner-textbreakingnews@CNNIMAIL12.CNN.COM’) => -5.0,
# soft-blacklisting (positive score)
‘sender@example.net’                     =>  3.0,
‘.example.net’                           =>  1.0,
},
],  # end of site-wide tables
});
@decoders = (
[‘mail’, \&do_mime_decode],
[‘asc’,  \&do_ascii],
[‘uue’,  \&do_ascii],
[‘hqx’,  \&do_ascii],
[‘ync’,  \&do_ascii],
[‘F’,    \&do_uncompress, [‘unfreeze’,’freeze -d’,’melt’,’fcat’] ],
[‘Z’,    \&do_uncompress, [‘uncompress’,’gzip -d’,’zcat’] ],
[‘gz’,   \&do_uncompress,  ‘gzip -d’],
[‘gz’,   \&do_gunzip],
[‘bz2’,  \&do_uncompress,  ‘bzip2 -d’],
[‘lzo’,  \&do_uncompress,  ‘lzop -d’],
[‘rpm’,  \&do_uncompress, [‘rpm2cpio.pl’,’rpm2cpio’] ],
[‘cpio’, \&do_pax_cpio,   [‘pax’,’gcpio’,’cpio’] ],
[‘tar’,  \&do_pax_cpio,   [‘pax’,’gcpio’,’cpio’] ],
[‘deb’,  \&do_ar,          ‘ar’],
[‘zip’,  \&do_unzip],
[‘7z’,   \&do_7zip,       [‘7zr’,’7za’,’7z’] ],
[‘rar’,  \&do_unrar,      [‘rar’,’unrar’] ],
[‘arj’,  \&do_unarj,      [‘arj’,’unarj’] ],
[‘arc’,  \&do_arc,        [‘nomarch’,’arc’] ],
[‘zoo’,  \&do_zoo,        [‘zoo’,’unzoo’] ],
[‘lha’,  \&do_lha,         ‘lha’],
[‘cab’,  \&do_cabextract,  ‘cabextract’],
[‘tnef’, \&do_tnef_ext,    ‘tnef’],
[‘tnef’, \&do_tnef],
[‘exe’,  \&do_executable, [‘rar’,’unrar’], ‘lha’, [‘arj’,’unarj’] ],
);
@av_scanners = (
[‘ClamAV-clamd’,
\&ask_daemon, [“CONTSCAN {}\n”, “/var/run/clamav/clamd”],
qr/\bOK$/m, qr/\bFOUND$/m,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
);
@av_scanners_backup = (
### http://www.clamav.net/   – backs up clamd or Mail::ClamAV
[‘ClamAV-clamscan’, ‘clamscan’,
“–stdout –no-summary -r –tempdir=$TEMPBASE {}”,
[0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
);
1;

4) SpamAssasin

Перед тем, как собирать, нужно немного подправить исходники, а именно файл72_active.cf, который лежит в папке rules относительно исходников. Править нужно в блоке:

##{ FH_DATE_PAST_20XX
header   FH_DATE_PAST_20XX      Date =~ /20[1-9][0-9]/
describe FH_DATE_PAST_20XX      The date is grossly in the future.
##} FH_DATE_PAST_20XX

фрагмент Date =~ /20[1-9][0-9]/ на Date =~ /20[2-9][0-9]/ (то есть заменить 1на 2), иначе письма отосланные в 2010 году будут автоматом помечаться как спам. Не знаю, может уже эту проблему решили, но лучше проверить.

Версия p5-Mail-SpamAssassin-3.2.5_4. Собирал с такими опциями:

[X] AS_ROOT        Run spamd as root (recommended)
[X] SPAMC          Build spamd/spamc (not for amavisd)
[X] SACOMPILE      sa-compile
[X] SSL            Build with SSL support for spamd/spamc
[X] GNUPG          Install GnuPG (for sa-update)
[X] MYSQL          Add MySQL support
[X] RAZOR          Add Vipul’s Razor support
[X] RELAY_COUNTRY  Relay country support

cat /usr/local/etc/mail/spamassassin/local.cf
rewrite_header Subject *****SPAM*****
report_safe 1
required_score 7.0
use_bayes 1
bayes_auto_learn 1
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status
use_razor2 1
razor_config /var/spool/mqueue/razor/razor-agent.conf

5) razor
#cat /var/spool/mqueue/razor/razor-agent.conf
debuglevel             = 3
identity               = identity
ignorelist             = 0
listfile_catalogue     = servers.catalogue.lst
listfile_discovery     = servers.discovery.lst
listfile_nomination    = servers.nomination.lst
logfile                = /var/log/razor-agent.log
logic_method           = 4
min_cf                 = ac
razordiscovery         = discovery.razor.cloudmark.com
rediscovery_wait       = 172800
report_headers         = 1
turn_off_discovery     = 0
use_engines            = 4,8
whitelist              = razor-whitelist
razorhome              = /var/spool/mqueue/razor

6) clamav

Версия clamav-0.95.3. Собирал с такими опциями:
[X] ARC           Enable arch archives support
[X] ARJ           Enable arj archives support
[X] LHA           Enable lha archives support
[X] UNZOO         Enable zoo archives support
[X] UNRAR         Enable rar archives support
[X] MILTER        Compile the milter interface
[X] ICONV         Enable ICONV support


#cat /usr/local/etc/clamd.conf
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 1M
LogTime yes
LogSyslog yes
LogVerbose yes
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/db/clamav
LocalSocket /var/run/clamav/clamd
FixStaleSocket yes
MaxThreads 32
User clamav
AllowSupplementaryGroups yes
ScanMail yes

7) postgrey

Версия postgrey-1.32.

$cat postgrey_whitelist_clients

domain.com.ua
domain.net
google.com

8) postfixadmin

Версия postfixadmin-2.3. Собирал с такими опциями:

[X] MYSQL   MySQL back-end (use mysql PHP extension)

Приведу лишь значимые опции, остальные можно глянуть в конфиге из предыдущих статей:

$CONF[‘default_language’] = ‘ru’;
$CONF[‘encrypt’] = ‘md5crypt’;
$CONF[‘authlib_default_flavor’] = ‘md5’;
$CONF[‘dovecotpw’] = “/usr/local/sbin/dovecotpw”;
$CONF[‘min_password_length’] = 0;
$CONF[‘generate_password’] = ‘YES’;
$CONF[‘show_password’] = ‘YES’;
$CONF[‘transport_default’] = ‘virtual’;

9) roundcube

Версия roundcube-0.3.1,1. Собирал с такими опциями:
[X] MYSQL     Use MySQL backend
[X] SSL       Enable SSL support (imaps or google spellcheck)
[X] PSPELL    Enable PSpell support (internal spellcheck)
[X] NSC       Install network spellchecker

Приведу лишь значимые опции, остальные можно глянуть в дефолтном конфиге :

$rcmail_config[‘auto_create_user’] = TRUE;
$rcmail_config[‘imap_auth_type’] = plain;
$rcmail_config[‘smtp_auth_type’] = ‘LOGIN’;
$rcmail_config[‘default_charset’] = ‘UTF-8’;
$rcmail_config[‘language’] = ru_RU;
$rcmail_config[‘max_recipients’] = 20

10) mailman
Версия mailman-with-htdig-2.1.12. Собирал с такими опциями:
[X] POSTFIX   for use with postfix
[X] HTDIG     htdig integration patches

Значимые опции из конфига:
DEFAULT_CHARSET = ‘koi8-u’
MTA = ‘Postfix’
POSTFIX_STYLE_VIRTUAL_DOMAINS = [‘domain.com.ua’, ‘mail.domain.com.ua’]
add_virtualhost(‘mail.domain.com.ua’)
DEFAULT_SERVER_LANGUAGE = ‘ru’
DEFAULT_DEFAULT_MEMBER_MODERATION = Yes

=========================================================

Вот ещё опции, которые нужно добавить в /etc/rc.conf, что бы всё это вместе заработало:

sendmail_enable=”NONE”
postfix_enable=”YES”
dovecot_enable=”YES”
amavisd_enable=”YES”
mailman_enable=”YES”
postgrey_enable=”YES”
clamav_clamd_enable=”YES”
clamav_freshclam_enable=”YES”
apache22_enable=”YES”
apache22_http_accept_enable=”YES”
spamd_enable=”YES”
spamd_flags=”-u vscan”
==========================================================

Забыл привести содержимое файлов /usr/local/etc/postfix/mysql/*. Ниже привожу их:

#cat virtual.cf

user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias WHERE address=’%s’ AND active = ‘1’

#cat virtual_mailbox.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT CONCAT(domain,’/’,maildir) FROM mailbox WHERE username=’%s’ AND active = ‘1’

cat virtual_mailbox_limit.cf
user            = postfix
password        = postfix
hosts           = localhost
dbname          = postfix
query           = SELECT quota FROM mailbox WHERE username=’%s’ AND active = ‘1’

#cat virtual_mailbox_domains.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain=’%u’

Это уже всё.

Залишити відповідь

Ваша e-mail адреса не оприлюднюватиметься. Обов’язкові поля позначені *

Домашняя страничка Andy
Записки молодого админа
Самостоятельная подготовка к Cisco CCNA
Самостоятельная подготовка к Cisco CCNP
Powered by Muff