完美的垃圾邮件 - Ubuntu Jeos 12.04 LTSPrecise Pangolin
作者:洛基
版本:5
Postfix w /贝叶斯过滤,Postscreen,Postfix收件人标注(通过预先可选的中继收件人),Nginx / Uwsgi,Mysql,Dnsmasq,MailScanner(Spamassassin,ClamAV,Pyzor,Razor,DCC-Client),Baruwa,SPF Checks,FuzzyOcr ,Sanesecurity签名,Greyfix,KAM,Scamnailer,FireHOL(Iptables防火墙),中继收件人脚本(可选),Webmin(可选),使用alterMIME发送免责(可选)
本教程将介绍如何在网关模式下将基于Ubuntu Jeos的服务器设置为垃圾邮件过滤器。 最后,您将拥有一个SpamSnake网关,它会将干净的电子邮件转发到您的MTA。 您还可以查看您的进入队列,训练您的SpamSnake,并通过Baruwa进行一些更高级的操作。
我不能提供任何保证,这将为您工作,与我一样的方式。
我将使用以下软件:
•Web服务器:Nginx v1.1.19 / Uwsgi v1.0.3
•数据库服务器:MySQL v5.5.28
•邮件服务器:Postfix v2.9.3
•缓存DNS服务器:Dnsmasq 2.59
•过滤器:MailScanner v4.84.5-3
•前端:Baruwa v1.1.2-4sn
信誉来自HowToForge和MailScanner,Baruwa,Clamav,Nginx / Uwsgi,Mysql,Postfix,Spamassassin,Razor / Pyzor / DCC和Firehol的开发人员。
基本安装
1.安装最小vm选项
将主机名设置为server1
默认引导分区方法
3.设置用户:
你: 管理员
p: 密码
无加密
4.没有自动更新
5.安装OpenSSH
后安装
获取root权限
通过运行以下命令启用根登录,并给根密码。 然后,您可以直接以root身份登录:
sudo passwd root
2.配置网络
由于Ubuntu安装程序已将系统配置为通过DHCP获取其网络设置,因此,由于服务器应具有静态IP地址,因此我们必须进行更改。 编辑/ etc / network / interfaces
并根据您的需要进行调整(在本例中,我将使用IP地址192.168.0.100
)
vi /etc/network/interfaces
并使其看起来像以下内容:
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 192.168.0.100 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1 dns-nameservers 192.168.0.1
然后重新启动您的网络:
/etc/init.d/networking restart
vi /etc/hosts
并使其看起来像这样:
127.0.0.1 localhost.localdomain localhost 192.168.0.100 server1.example.com server1 # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts
现在运行:
echo server1.example.com > /etc/hostname
reboot now
之后,运行:
hostname
hostname -f
两者都应该显示server1.example.com
。
3.更改默认Shell
/ bin / sh
是/ bin / dash
的符号链接,但是我们需要/ bin / bash
,not / bin / dash
。 所以我们这样做:
dpkg-reconfigure dash
安装破折号为/ bin / sh?
< - 不
安装以下需要的几个包和要求:
apt-get install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-raw-zlib-perl libdb4.8-dev libpcre3 libpopt-dev lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++ build-essential telnet wget gawk -y
缓存Dnsmasq
apt-get install dnsmasq -y
vi /etc/dnsmasq.conf
并使localhost上的Dnsmasq监听:
listen-address=127.0.0.1
5.安装Mysql
apt-get install mysql-client mysql-server libdbd-mysql-perl -y
您将被要求为MySQL root用户提供密码 - 此密码对用户root @ localhost
以及root@server1.example.com有效
,因此我们不必在以后手动指定MySQL根密码:
MySQL“root”用户的新密码:
< - yourrootsqlpassword
重复MySQL“root”用户的密码:
< - yourrootsqlpassword
6.安装Postfix:
apt-get install postfix postfix-mysql postfix-doc procmail -y
你会被问到两个问题。 回答如下:
General type of mail configuration: --> Internet Site
System mail name: --> server1.example.com
停止Postfix:
postfix stop
vi /etc/postfix/master.cf
并使其看起来像以下内容:
pickup fifo n - - 60 1 pickup -o content_filter= -o receive_override_options=no_header_body_checks
编辑main.cf
:
vi /usr/src/postfix.sh
具有以下内容:
#!/bin/sh postconf -e "alias_maps = hash:/etc/aliases" newaliases postconf -e "myorigin = domain.tld" postconf -e "myhostname = server1.domain.tld" postconf -e "mynetworks = 127.0.0.0/8, 192.168.0.0/24" postconf -e "message_size_limit = 10485760" postconf -e "local_transport = error:No local mail delivery" postconf -e "mydestination = " postconf -e "local_recipient_maps = " postconf -e "relay_domains = mysql:/etc/postfix/mysql-relay_domains.cf" postconf -e "relay_recipient_maps = mysql:/etc/postfix/mysql-relay_recipients.cf" postconf -e "transport_maps = mysql:/etc/postfix/mysql-transports.cf" postconf -e "virtual_alias_maps = hash:/etc/postfix/virtual" postconf -e "disable_vrfy_command = yes" postconf -e "strict_rfc821_envelopes = no" postconf -e "smtpd_banner = $myhostname ESMTP SpamSnake" postconf -e "smtpd_delay_reject = yes" postconf -e "smtpd_recipient_limit = 100" postconf -e "smtpd_helo_required = yes" postconf -e "smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, permit" postconf -e "smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, permit" postconf -e "smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, permit" postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_recipient_domain, reject_unauth_destination, whitelist_policy, grey_policy, rbl_policy, spf_policy, permit" postconf -e "smtpd_data_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining" postconf -e "smtpd_restriction_classes = spf_policy, grey_policy, whitelist_policy" postconf -e "spf_policy = check_policy_service unix:private/policy-spf" postconf –e "policy-spf_time_limit = 3600s" postconf -e "rbl_policy = reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net" postconf -e "grey_policy = check_policy_service unix:private/greyfix" postconf -e "whitelist_policy = check_client_access mysql:/etc/postfix/mysql-global_whitelist.cf, check_sender_access mysql:/etc/postfix/mysql-global_whitelist.cf" postconf -e "header_checks = regexp:/etc/postfix/header_checks" touch /etc/postfix/virtual echo "root administrator@example.com" >> /etc/postfix/virtual && echo "abuse administrator@example.com" >> /etc/postfix/virtual && echo "postmaster administrator@example.com" >> /etc/postfix/virtual postmap /etc/postfix/virtual touch /etc/postfix/header_checks echo "/^Received:/ HOLD" >> /etc/postfix/header_checks postmap /etc/postfix/header_checks cat > /etc/postfix/mysql-global_whitelist.cf < <EOF
#mysql-global_whitelist
user = baruwa
password = password
dbname = baruwa
query = select concat('PERMIT') 'action' from lists where from_address='%s' AND list_type='1';
hosts = 127.0.0.1
EOF
cat > /etc/postfix/mysql-relay_domains.cf < <EOF
#mysql-relay_domains
user = baruwa
password = password
dbname = baruwa
query = select concat(address, ' ', 'OK') 'domain' from user_addresses where user_addresses.address='%s' and user_addresses.enabled='1';
hosts = 127.0.0.1
EOF
cat > /etc/postfix/mysql-relay_recipients.cf <<EOF
#mysql-relay_recipients
user = baruwa
password = password
dbname = baruwa
query = select concat('@', address, 'OK') 'email' from user_addresses where user_addresses.address='%d';
hosts = 127.0.0.1
EOF
cat > /etc/postfix/mysql-transports.cf <<EOF
#mysql-transports
user = baruwa
password = password
dbname = baruwa
query = select concat('smtp:[', mail_hosts.address, ']', ':', port) 'transport' from mail_hosts, user_addresses where user_addresses.address = '%s' AND user_addresses.id = mail_hosts.useraddress_id;
hosts = 127.0.0.1
EOF
注意:对于此步骤,请确保使用与您的设置匹配的真实值替换anything@example.com,example.com和@ example.com。
使其可执行并运行:
chmod +x /usr/src/postfix.sh
./usr/src/postfix.sh
*注意:cf文件的用户/密码需要与稍后在Baruwa DB设置中使用的用户/密码相同。 在运行脚本之前,请确保将所有内容更改为红色。
Postfix收件人标注(可选)
此功能查询收件人服务器以查看收件人是否存在。 如果没有,则向发送服务器回复550错误并丢弃连接。 如果用户确实存在,则SpamSnake将继续处理该电子邮件。 这只是防止反向散射的另一种方法,但价格昂贵。 请阅读http://www.postfix.org/ADDRESS_VERIFICATION_README.html。 您可以跳过此方法并使用脚本方法(本指南的后面部分),如果您决定将其压缩您的服务器。
vi /etc/postfix/main.cf
并添加以下内容:
verify_recipient = reject_unknown_recipient_domain, reject_unverified_recipient
look_ahead = check_recipient_access hash:/etc/postfix/access
unverified_recipient_reject_code = 550
address_verify_map = btree:/var/lib/postfix/verify
将其添加到您的smtpd_restriction_classes中:
verify_recipient, look_ahead
将其添加到smptd_recipient_restrictions中:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, look_ahead, whitelist_policy, grey_policy, rbl_policy, spf_policy, permit
创建访问文件:
touch /etc/postfix/access
添加您的域:
cat > /etc/postfix/access <<EOF
#mysql-transports
example.com verify_recipient
example2.com verify_recipient
EOF
*注意:确保添加您正在过滤的有效域。
贴图:
postmap /etc/postfix/access
最后看看Postfix安装:
less /etc/postfix/main.cf
如果需要,检查文件的内容是否有错误和修复。 发火Postfix:
postfix start
检查Postfix是否响应:
telnet 127.0.0.1 25
你应该看到:
220 [yourFQDNhere] ESMTP Postfix (Ubuntu)