完美的SpamSnake  -  Ubuntu Jeos 12.04 LTSPrecise Pangolin

完美的垃圾邮件 - Ubuntu Jeos 12.04 LTSPrecise Pangolin

作者:洛基
版本:5

Postfix w /贝叶斯过滤,Postscreen,Postfix收件人标注(通过预先可选的中继收件人),Nginx / Uwsgi,Mysql,Dnsmasq,MailScanner(Spamassassin,ClamAV,Pyzor,Razor,DCC-Client),Baruwa,SPF Checks,FuzzyOcr ,Sanesecurity签名,Greyfix,KAM,Scamnailer,FireHOL(Iptables防火墙),中继收件人脚本(可选),Webmin(可选),使用alterMIME发送免责(可选)

本教程将介绍如何在网关模式下将基于Ubuntu Jeos的服务器设置为垃圾邮件过滤器。 最后,您将拥有一个SpamSnake网关,它会将干净的电子邮件转发到您的MTA。 您还可以查看您的进入队列,训练您的SpamSnake,并通过Baruwa进行一些更高级的操作。

我不能提供任何保证,这将为您工作,与我一样的方式。

我将使用以下软件:
•Web服务器:Nginx v1.1.19 / Uwsgi v1.0.3
•数据库服务器:MySQL v5.5.28
•邮件服务器:Postfix v2.9.3
•缓存DNS服务器:Dnsmasq 2.59
•过滤器:MailScanner v4.84.5-3
•前端:Baruwa v1.1.2-4sn

信誉来自HowToForge和MailScanner,Baruwa,Clamav,Nginx / Uwsgi,Mysql,Postfix,Spamassassin,Razor / Pyzor / DCC和Firehol的开发人员。

基本安装

1.安装最小vm选项
将主机名设置为server1
默认引导分区方法
3.设置用户:
你: 管理员
p: 密码
无加密
4.没有自动更新
5.安装OpenSSH

后安装

获取root权限

通过运行以下命令启用根登录,并给根密码。 然后,您可以直接以root身份登录:

sudo passwd root

2.配置网络

由于Ubuntu安装程序已将系统配置为通过DHCP获取其网络设置,因此,由于服务器应具有静态IP地址,因此我们必须进行更改。 编辑/ etc / network / interfaces并根据您的需要进行调整(在本例中,我将使用IP地址192.168.0.100

vi /etc/network/interfaces

并使其看起来像以下内容:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
        address 192.168.0.100
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
        gateway 192.168.0.1
        dns-nameservers 192.168.0.1

然后重新启动您的网络:

/etc/init.d/networking restart
vi /etc/hosts

并使其看起来像这样:

127.0.0.1       localhost.localdomain   localhost
192.168.0.100   server1.example.com     server1
# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

现在运行:

echo server1.example.com > /etc/hostname
reboot now

之后,运行:

hostname
hostname -f

两者都应该显示server1.example.com

3.更改默认Shell

/ bin / sh/ bin / dash的符号链接,但是我们需要/ bin / bash ,not / bin / dash 。 所以我们这样做:

dpkg-reconfigure dash

安装破折号为/ bin / sh? < - 不

安装以下需要的几个包和要求:

apt-get install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-raw-zlib-perl libdb4.8-dev libpcre3 libpopt-dev lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++ build-essential telnet wget gawk -y

缓存Dnsmasq

apt-get install dnsmasq -y
vi /etc/dnsmasq.conf

并使localhost上的Dnsmasq监听:

listen-address=127.0.0.1

5.安装Mysql

apt-get install mysql-client mysql-server libdbd-mysql-perl -y

您将被要求为MySQL root用户提供密码 - 此密码对用户root @ localhost以及root@server1.example.com有效 ,因此我们不必在以后手动指定MySQL根密码:

MySQL“root”用户的新密码: < - yourrootsqlpassword
重复MySQL“root”用户的密码: < - yourrootsqlpassword

6.安装Postfix:

apt-get install postfix postfix-mysql postfix-doc procmail -y

你会被问到两个问题。 回答如下:

General type of mail configuration: --> Internet Site
System mail name: --> server1.example.com

停止Postfix:

postfix stop
vi /etc/postfix/master.cf

并使其看起来像以下内容:

pickup    fifo  n       -       -       60      1       pickup
         -o content_filter=
         -o receive_override_options=no_header_body_checks

编辑main.cf

vi /usr/src/postfix.sh

具有以下内容:

#!/bin/sh
postconf -e "alias_maps = hash:/etc/aliases"
newaliases
postconf -e "myorigin = domain.tld"
postconf -e "myhostname = server1.domain.tld"
postconf -e "mynetworks = 127.0.0.0/8, 192.168.0.0/24"
postconf -e "message_size_limit = 10485760"
postconf -e "local_transport = error:No local mail delivery"
postconf -e "mydestination = "
postconf -e "local_recipient_maps = "
postconf -e "relay_domains = mysql:/etc/postfix/mysql-relay_domains.cf"
postconf -e "relay_recipient_maps = mysql:/etc/postfix/mysql-relay_recipients.cf"
postconf -e "transport_maps = mysql:/etc/postfix/mysql-transports.cf"
postconf -e "virtual_alias_maps = hash:/etc/postfix/virtual"
postconf -e "disable_vrfy_command = yes"
postconf -e "strict_rfc821_envelopes = no"
postconf -e "smtpd_banner = $myhostname ESMTP SpamSnake"
postconf -e "smtpd_delay_reject = yes"
postconf -e "smtpd_recipient_limit = 100"
postconf -e "smtpd_helo_required = yes"
postconf -e "smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, permit"
postconf -e "smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, permit"
postconf -e "smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, permit"
postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_recipient_domain, reject_unauth_destination, whitelist_policy, grey_policy, rbl_policy, spf_policy, permit"
postconf -e "smtpd_data_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining"
postconf -e "smtpd_restriction_classes = spf_policy, grey_policy, whitelist_policy"
postconf -e "spf_policy = check_policy_service unix:private/policy-spf"
postconf –e "policy-spf_time_limit = 3600s"
postconf -e "rbl_policy = reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net"
postconf -e "grey_policy = check_policy_service unix:private/greyfix"
postconf -e "whitelist_policy = check_client_access mysql:/etc/postfix/mysql-global_whitelist.cf, check_sender_access mysql:/etc/postfix/mysql-global_whitelist.cf"
postconf -e "header_checks = regexp:/etc/postfix/header_checks"
touch /etc/postfix/virtual
echo "root administrator@example.com" >> /etc/postfix/virtual && echo "abuse administrator@example.com" >> /etc/postfix/virtual && echo "postmaster administrator@example.com" >> /etc/postfix/virtual
postmap /etc/postfix/virtual
touch /etc/postfix/header_checks
echo "/^Received:/ HOLD" >> /etc/postfix/header_checks
postmap /etc/postfix/header_checks
cat > /etc/postfix/mysql-global_whitelist.cf <
  
   <EOF
   
#mysql-global_whitelist
user = baruwa
password = password
dbname = baruwa
query = select concat('PERMIT') 'action' from lists where from_address='%s' AND list_type='1';
hosts = 127.0.0.1
EOF
cat > /etc/postfix/mysql-relay_domains.cf < <EOF
#mysql-relay_domains
user = baruwa
password = password
dbname = baruwa
query = select concat(address, ' ', 'OK') 'domain' from user_addresses where user_addresses.address='%s' and user_addresses.enabled='1';
hosts = 127.0.0.1
EOF
cat > /etc/postfix/mysql-relay_recipients.cf <<EOF
#mysql-relay_recipients
user = baruwa
password = password
dbname = baruwa
query = select concat('@', address, 'OK') 'email' from user_addresses where user_addresses.address='%d';
hosts = 127.0.0.1
EOF
cat > /etc/postfix/mysql-transports.cf <<EOF
#mysql-transports
user = baruwa
password = password
dbname = baruwa
query = select concat('smtp:[', mail_hosts.address, ']', ':', port) 'transport' from mail_hosts, user_addresses where user_addresses.address = '%s' AND user_addresses.id = mail_hosts.useraddress_id;
hosts = 127.0.0.1
EOF

注意:对于此步骤,请确保使用与您的设置匹配的真实值替换anything@example.com,example.com和@ example.com。

使其可执行并运行:

chmod +x /usr/src/postfix.sh
./usr/src/postfix.sh

*注意:cf文件的用户/密码需要与稍后在Baruwa DB设置中使用的用户/密码相同。 在运行脚本之前,请确保将所有内容更改为红色。

Postfix收件人标注(可选)

此功能查询收件人服务器以查看收件人是否存在。 如果没有,则向发送服务器回复550错误并丢弃连接。 如果用户确实存在,则SpamSnake将继续处理该电子邮件。 这只是防止反向散射的另一种方法,但价格昂贵。 请阅读http://www.postfix.org/ADDRESS_VERIFICATION_README.html。 您可以跳过此方法并使用脚本方法(本指南的后面部分),如果您决定将其压缩您的服务器。

vi /etc/postfix/main.cf并添加以下内容:

verify_recipient = reject_unknown_recipient_domain, reject_unverified_recipient
look_ahead = check_recipient_access hash:/etc/postfix/access
unverified_recipient_reject_code = 550
address_verify_map = btree:/var/lib/postfix/verify

将其添加到您的smtpd_restriction_classes中:

verify_recipient, look_ahead

将其添加到smptd_recipient_restrictions中:

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, look_ahead, whitelist_policy, grey_policy, rbl_policy, spf_policy, permit

创建访问文件:

touch /etc/postfix/access

添加您的域:

cat > /etc/postfix/access <<EOF
#mysql-transports
example.com verify_recipient
example2.com verify_recipient
EOF

*注意:确保添加您正在过滤的有效域。

贴图:

postmap /etc/postfix/access

最后看看Postfix安装:

less /etc/postfix/main.cf

如果需要,检查文件的内容是否有错误和修复。 发火Postfix:

postfix start

检查Postfix是否响应:

telnet 127.0.0.1 25

你应该看到:

220 [yourFQDNhere] ESMTP Postfix (Ubuntu)
赞(52) 打赏
未经允许不得转载:优客志 » 系统运维
分享到:

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏