完美的SpamSnake  -  Ubuntu Jaunty Jackalope

2017-09-23 分类:系统运维 阅读() 评论()

完美的垃圾邮件 - Ubuntu Jaunty Jackalope

作者:Mohammed Alli

Postfix w /贝叶斯过滤和反向散射(Relay Recipients),Apache,Mysql,Dnsmasq,MailScanner(Spamassassin,ClamAV,Pyzor,Razor,DCC-Client),MailWatch,SPF Checks,FuzzyOcr,PDF / XLS / Phishing Sanesecurity Signatures, Postfix-GLD(Greylisting可选),Logwatch统计报告(可选),使用alterMIME(可选)发送免责声明,FireHOL(Iptables防火墙)

版本2.5

本教程将介绍如何在网关模式下将基于Ubuntu Jaunty Jackalope的服务器设置为垃圾邮件过滤器。 最后,您将拥有一个SpamSnake网关,它会将干净的电子邮件转发到您的MTA。 您还可以查看您的入站队列,训练您的SpamSnake,并通过MailWatch进行一些更高级的操作。

我不能提供任何保证,这将为您工作,与我一样的方式。

我将使用以下软件:

  • Web服务器:Apache 2与PHP 5
  • 数据库服务器:MySQL 5.0
  • 邮件服务器:Postfix
  • 缓存DNS服务器:Dnsmasq
  • MailScanner:MailScanner v4.76
  • MailWatch:MailWatch v1.0.4

信用于youcl和MailScanner,MailWatch,ClamAV,Apache,Mysql和Postfix的开发人员。

使用最小选项安装基本系统。

获取root权限

通过运行以下命令启用根登录,并给根密码。 然后,您可以直接以root身份登录: 

sudo passwd root

2.安装vim-nox(可选)

我将在本教程中使用vi作为我的文本编辑器。 默认的vi程序在Ubuntu和Debian上有一些奇怪的行为; 要解决这个问题,我们安装vim-nox: 

aptitude install vim-nox

(如果您使用其他文本编辑器(如joe或nano),则无需执行此操作。)

3.配置网络

由于Ubuntu安装程序已将系统配置为通过DHCP获取其网络设置,因此,由于服务器应具有静态IP地址,因此我们必须进行更改。 编辑/ etc / network / interfaces并根据您的需要进行调整(在本例中,我将使用IP地址192.168.0.100

vi /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
        address 192.168.0.100
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
        gateway 192.168.0.1

然后重新启动您的网络: 

/etc/init.d/networking restart

然后编辑/ etc / hosts 。 看起来像这样: 

127.0.0.1       localhost.localdomain   localhost
192.168.0.100   server1.example.com     server1

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

现在运行: 

echo server1.example.com > /etc/hostname 
 /etc/init.d/hostname.sh start

之后,运行: 

hostname 
 hostname -f

两者都应该显示server1.example.com

4.更新您的Linux安装

编辑/etc/apt/sources.list 。 从文件中注释或删除安装CD,并确保启用了Universe和multiverse存储库。 它应该是这样的: 

#
# deb cdrom:[Ubuntu-Server 9.04 _Jaunty Jackalope_ - Release amd64 (20090421.1)]/ jaunty main restricted

#deb cdrom:[Ubuntu-Server 9.04 _Jaunty Jackalope_ - Release amd64 (20090421.1)]/ jaunty main restricted
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.

deb http://de.archive.ubuntu.com/ubuntu/ jaunty main restricted
deb-src http://de.archive.ubuntu.com/ubuntu/ jaunty main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://de.archive.ubuntu.com/ubuntu/ jaunty-updates main restricted
deb-src http://de.archive.ubuntu.com/ubuntu/ jaunty-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://de.archive.ubuntu.com/ubuntu/ jaunty universe
deb-src http://de.archive.ubuntu.com/ubuntu/ jaunty universe
deb http://de.archive.ubuntu.com/ubuntu/ jaunty-updates universe
deb-src http://de.archive.ubuntu.com/ubuntu/ jaunty-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://de.archive.ubuntu.com/ubuntu/ jaunty multiverse
deb-src http://de.archive.ubuntu.com/ubuntu/ jaunty multiverse
deb http://de.archive.ubuntu.com/ubuntu/ jaunty-updates multiverse
deb-src http://de.archive.ubuntu.com/ubuntu/ jaunty-updates multiverse

## Uncomment the following two lines to add software from the 'backports'
## repository.
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
# deb http://de.archive.ubuntu.com/ubuntu/ jaunty-backports main restricted universe multiverse
# deb-src http://de.archive.ubuntu.com/ubuntu/ jaunty-backports main restricted universe multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu jaunty partner
# deb-src http://archive.canonical.com/ubuntu jaunty partner

deb http://security.ubuntu.com/ubuntu jaunty-security main restricted
deb-src http://security.ubuntu.com/ubuntu jaunty-security main restricted
deb http://security.ubuntu.com/ubuntu jaunty-security universe
deb-src http://security.ubuntu.com/ubuntu jaunty-security universe
deb http://security.ubuntu.com/ubuntu jaunty-security multiverse
deb-src http://security.ubuntu.com/ubuntu jaunty-security multiverse

然后运行以下更新apt包数据库: 

aptitude update

运行以下安装最新更新: 

aptitude safe-upgrade

如果您看到新内核作为更新的一部分进行安装,那么您应该重新启动系统:

5.更改默认Shell

/ bin / sh/ bin / dash的符号链接,但是我们需要/ bin / bash ,not / bin / dash 。 所以我们这样做: 

dpkg-reconfigure dash

安装破折号为/ bin / sh? < - 不

6.禁用AppArmor

AppArmor是一个安全扩展(类似于SELinux),应该提供扩展的安全性。 在我看来,你不需要配置一个安全的系统,它通常会导致更多的问题,而不是优势(考虑到你做了一周的故障排除后,因为一些服务不能按预期工作,然后你发现一切都很好,只有AppArmor导致了这个问题)。 因此我禁用它(如果你想稍后安装ISPConfig,这是必须的)。

我们可以禁用它: 

/etc/init.d/apparmor stop 
 update-rc.d -f apparmor remove 
 aptitude remove apparmor apparmor-utils

7.安装一些软件

现在我们安装一些稍后需要的软件包: 

aptitude install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.6-dev libpcre3 libpopt-dev lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++ build-essential unrar

 

8.同步系统时钟

通过互联网将系统时钟与NTP(网络时间协议)服务器同步是个好主意。 只需运行: 

apt-get install ntp ntpdate

缓存Dnsmasq 

apt-get install dnsmasq

编辑/etc/dnsmasq.conf并使localhost上的Dnsmasq监听: 

listen-address=127.0.0.1

编辑/etc/resolv.conf并将以下内容添加到列表的顶部: 

nameserver 127.0.0.1
赞(52) 打赏
未经允许不得转载:优客志 » 系统运维
分享到:
标签:

相关推荐

吐血推荐

推荐云主机,建站更安全

优客志推荐站长使用阿里云主机,安全可靠、轻松上云,从此告别主机无售后、主机各种难题。点击领取1000元代金券

热度排行

热门标签

Ubuntu (2170) Linux (1251) debian (936) centos (935) Security (686) Apache (652) Nginx (536) Desktop (533) MySQL (492) web-server (486) PHP (466) fedora (446) Linux Commands (383) virtualization (308) ispconfig (297) Ubuntu 16.04 (285) Storage (284) JAVA (279) monitoring (243) server (231) Open Source (210) suse (201) Control Panels (186) Email (182) python (182) shell (179) FTP (175) Postfix (174) Linux Tricks (149) Development (137)

Copyright © 2018 优客网 All Rights Reserved

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏