Postfix + DNS Demo

Postfix + DNS Demo

NA Homework 4+5 Postfix + DNS Demo > Setup everything before Demo, or you’ll get no point if something don’t work. > Show your mail functions to TA, you could use ‘Remote Desktop’. > Be prepared, TA will ask some questions. 2 Installation Steps > postfix > cyrus-sasl2-saslauthd > imap-uw > amavisd-new > postgrey > Clamav > spamassassin 3 Postfix # cd /usr/ports/mail/postfix # make install clean 4 Postfix ===> Installing for postfix-2.4.1,1 ===> postfix-2.4.1,1 depends on file: /usr/local/lib/libcrypto.so.5 - found ===> postfix-2.4.1,1 depends on shared library: pcre.0 – found ===> postfix-2.4.1,1 depends on shared library: sasl2.2 - found Added group "postfix". Added group "maildrop". Added user "postfix". You need user "postfix" added to group "mail". Would you like me to add it [y]? y install -d -o root -g wheel -m 555 /usr/local/share/doc/postfix Installed HTML documentation in /usr/local/share/doc/postfix Would you like to activate Postfix in /etc/mail/mailer.conf [n]? y 5 Postfix > edit /etc/rc.conf sendmail_enable="NONE“ postfix_enable="YES" > edit /etc/defaults/periodic.conf daily_clean_hoststat_enable="NO" daily_status_mail_rejects_enable="NO" daily_status_include_submit_mailq="NO" daily_submit_queuerun="NO" > edit /usr/local/etc/postfix/main.cf – edit it by yourself – ex: myhostname, mynetworks, alias_maps… 6 Postfix with TLS > make your certificates > edit /usr/local/etc/postfix/main.cf 7 Cyrus-sasl2-saslauthd 8 Cyrus-sasl2-saslauthd # cd /usr/ports/security/cyrus-sasl-saslauthd # make install clean > edit /etc/rc.conf saslauthd_enable="YES" 9 imap-uw # cd /usr/ports/mail/imap-uw # make install clean > edit /etc/inetd.conf pop3 stream tcp nowait root /usr/local/libexec/ipop3d ipop3d imap4 stream tcp nowait root /usr/local/libexec/imapd imapd > If using TLS pop3s stream tcp nowait root /usr/local/libexec/ipop3d ipop3d imaps stream tcp nowait root /usr/local/libexec/imapd imapd 10 Hold on and Test # /usr/local/etc/rc.d/saslauthd start # /usr/local/etc/rc.d/postfix start # /etc/rc.d/inetd reload > It’s better to test you can receive and send mail before next step. > If it’s not work, check /var/log/maillog. 11 Amavisd-new # cd /usr/ports/security/amavisd-new # make install clean 12 Amavisd-new Added group "vscan". Added user "vscan". Created "/var/amavis" directory. Created "/var/amavis/db" directory. Created "/var/amavis/tmp" directory. Created "/var/virusmails" directory. To use amavisd-new, you need to install at least one virus scanner. The following virus scanners are available in the FreeBSD ports collection: /usr/ports/security/vscan McAfee VirusScan /usr/ports/security/clamav Clam Antivirus /usr/ports/security/f-prot F-Prot Antivirus /usr/ports/security/drweb DrWeb antivirus suite 13 Amavisd-new Enable amavisd-new in /etc/rc.conf with the following line: amavisd_enable="YES" If you want to use the amavis sendmail milter interface, you need the following additional line in /etc/rc.conf amavis_milter_enable="YES" Configuration templates are available in /usr/local/etc as amavisd.conf-dist, amavisd.conf-sample and amavisd.conf-default. Documentation is available in /usr/local/share/doc/amavisd-new. 14 postgrey # cd /usr/ports/mail/postgrey # make install clean > edit /etc/rc.conf postgrey_enable="YES" postgrey_pidfile="/var/run/postgrey.pid" postgrey_flags="--delay=60 --pidfile=${postgrey_pidfile} \ --inet=10023 -d --user=postgrey --group=postgrey \ --dbdir=/var/db/postgrey" 15 Clamav # cd /usr/ports/security/clamav # make install clean 16 Clamav > edit /etc/rc.conf clamav_clamd_enable="YES" clamav_freshclam_enable="YES" > edit where you put your aliases file virusalert: root > edit /usr/local/etc/clamd.conf by yourself 17 Final Configuration 18 Final Configuration for Postfix > edit /usr/local/etc/postfix/main.cf content_filter = smtp-amavis:[127.0.0.1]:10024 > edit /usr/local/etc/postfix/master.cf smtp-amavis unix - - n - 2 lmtp -o smtp_data_done_timeout=1200s -o smtp_never_send_ehlo=yes -o notify_classes=protocol,resource,software 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o mynetworks=127.0.0.0/8 -o myhostname=localhost -o local_recipient_maps= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject 19 Final Configuration for Amavisd-new > edit /usr/local/etc/amavisd.conf $mydomain = ‘cs.nctu.edu.tw' $notify_method = 'smtp:[127.0.0.1]:10025'; $forward_method = 'smtp:[127.0.0.1]:10025'; 20 Now Startup everything # /usr/local/etc/rc.d/clamav-clamd start # /usr/local/etc/rc.d/postgrey start # /usr/local/etc/rc.d/amavisd start # /usr/local/etc/rc.d/postfix restart 21 Test for Virus # telnet localhost 25 Trying ::1... Trying 127.0.0.1... Connected to localhost.twbbs.org. Escape character is '^]'. 220 nabsd.cs.nctu.edu.tw ESMTP Postfix mail from: <[email protected]> 250 Ok rcpt to: <[email protected]> 250 Ok data 354 End data with <CR><LF>.<CR><LF> Subject: Virus Coming X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* . 250 Ok: queued as 647781152E quit 221 Bye Connection closed by foreign host. da 22 Test for Virus > Normal Mail May 11 20:09:27 nabsd amavis[29003]: (29003-01) Passed CLEAN, <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: Vidtcl9St6oz, Hits: -, 1312 ms > Mail with virus May 13 16:55:50 nabsd amavis[29004]: (29004-05) Blocked INFECTED (Eicar-Test-Signature), [127.0.0.1] <?@localhost> -> <[email protected]>, quarantine: virus-VivGNwT9NIja, Message-ID: <[email protected]>, mail_id: VivGNwT9NIja, Hits: -, 1071 ms 23 Spamassassin > /usr/local/etc/amavis.conf > /usr/local/etc/mail/spamassassin/local.cf > man Mail::SpamAssassin::Conf 24 Spamassassin Content-Type: text/html; charset="big5" Content-Transfer-Encoding: 8bit Sender: =?big5?B?wnmkSKR+?= <[email protected]> Reply-To: [email protected] X-Virus-Scanned: amavisd-new at csie.nctu.edu.tw X-Spam-Status: Yes, hits=10.687 tagged_above=3 required=6.3 tests=BAYES_60, DATE_IN_PAST_96_XX, DOMAIN_RATIO, HTML_90_100, HTML_IMAGE_ONLY_20, HTML_IMAGE_RATIO_02, HTML_MESSAGE, HTML_WEB_BUGS, MIME_HTML_ONLY X-Spam-Level: ********** X-Spam-Flag: YES Status: 25.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    25 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us