FreeBSD FreeBSD_6x_FILTRANDO_SPAM_GATEWAY_POSTFIX.txt FreeBSD 6.0 STABLE ##### atualizar source..... ##### Atualizar ports portsnap fetch update ##### Instalar Anti-Virus cd /usr/ports/security/clamav make config (escolher Milter,Culr,Libunrar) make all install ...obs.: Incluir no rc.conf as seguintes linhas: # Antivirus clamav_clamd_enable="YES" clamav_freshclam_enable="YES" ##### Instalar Scanner Amavisd-New cd /usr/ports/security/amavisd-new/ make install clean ... obs.: Escolher as opcoes desejadas (menos o file).. ira instalar tb o spamassassin e d+ frescuras.. ... obs.: acertar as seguintes linhas no amavisd.conf # $max_servers = 10; $mydomain = 'irapida.com.br'; $forward_method = 'smtp:127.0.0.1:10025'; $notify_method = $forward_method; $final_virus_destiny = D_DISCARD; $final_banned_destiny = D_BOUNCE; $final_spam_destiny = D_BOUNCE; $final_bad_header_destiny = D_BOUNCE; # obs.: incluir no rc.conf: # Amavis SCANNER amavisd_enable="YES" amavis_milter_enable="YES" amavis_p0fanalyzer_enable="YES" amavis_p0fanalyzer_p0f_filter="tcp dst port 25" # SPAM spamd_enable="YES" # criar a parte de logs do amavis mkdir /var/log/amavis chown vscan:vscan /var/log/amavis cd /var/log/amavis touch amavis.log chown vscan amavis.log cd /var chown -R vscan:clamav amavis # Acertar o SpamAssasin mkdir /var/amavis/.spamassassin cp /usr/local/share/spamassassin/user_prefs.template /var/amavis/.spamassassin/user_prefs vi /var/amavis/.spamassassin/user_prefs # required_hits 5.0 rewrite_subject 1 rewrite_header Subject ****SPAM(_SCORE_)**** sa_tag2_level_deflt = 10 report_safe 1 use_terse_report 1 use_bayes 1 auto_learn 1 skip_rbl_checks 0 use_razor2 1 use_dcc 1 use_pyzor 1 blacklist_from *@sohu.com *@mailfb.com *@rika.idv.tw blacklist_from easygogo@hotmail.com whitelist_from *@yahoo.com.hk *@yahoogroups.com.hk *@gmail.com *@yahoo-inc.com *@yahoo.com whitelist_from rika@rika.idv.tw CE0216@futek.com.tw ok_languages pt en ok_locales pt en score HEADER_8BITS 0 score HTML_COMMENT_8BITS 0 score SUBJ_FULL_OF_8BITS 0 score UPPERCASE_25_50 0 score UPPERCASE_50_75 0 score UPPERCASE_75_100 0 header __FROM_TEATIME Received =~ /from irapida.com.br/i header __FROM_TEATIME_IP Received =~ /\[88\.88\.88\.20\]/ meta FROM_TEATIME_BUT_IP_ERROR (__FROM_TEATIME) describe FROM_TEATIME_BUT_IP_ERROR From irapida.com.br but ip not match score FROM_TEATIME_BUT_IP_ERROR 8 # chown vscan:vscan /var/amavis/.spamassassin/user_prefs /usr/local/etc/rc.d/amavisd.sh start /usr/local/etc/rc.d/sa-spamd.sh start ##### Instalar Postfix cd /usr/ports/mail/postfix make all install ... obs.: algumas inclusoes a serem feitas no /usr/local/etc/postfix/master.cf # smtp-amavis unix - - n - 2 smtp -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes # ... obs.: algumas inclusoes a serem feitas no /usr/local/etc/postfix/main.cf # content_filter = smtp-amavis:[127.0.0.1]:10024 myhostname = mx.dominio.com.br mydomain = dominio.com.br readme_directory = no myorigin = dominio.com.br mynetworks = 127.0.0.0/8, 10.128.41.222 message_size_limit = 104857600 local_transport = error:no local mail delivery alias_maps = hash:/usr/local/etc/postfix/aliases mydestination = local_recipient_maps = virtual_alias_maps = hash:/usr/local/etc/postfix/virtual relayhost = [ip_que_sera_relay] relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients recipient_delimiter = + smtpd_helo_required = yes smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access,reject_non_fqdn_sender, reject_unknown_sender_domain smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/greypolicy, check_policy_service unix:private/policy, reject_rbl_client rbl.brasilrbl.com.br, reject_rbl_client rhsbl.brasilrbl.com.br, reject_rbl_client relays.ordb.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client cbl.abuseat.org, reject_rbl_client proxies.blackholes.wirehub.net, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client opm.blitzed.org, reject_rbl_client dnsbl.njabl.org, reject_rbl_client list.dsbl.org, reject_rbl_client multihop.dsbl.org, reject_unauth_destination, reject_unauth_pipelining, reject_unknown_sender_domain smtpd_data_restrictions = reject_unauth_pipelining relay_domains = $mydestination, cominio.com.br, cominio2.com.br # relay_domains transport_maps = hash:/usr/local/etc/postfix/transport policy_time_limit = 3600 # cd /usr/local/etc/postfix/ vi aliases virusalert: admin spamalert: admin ...obs.: Editar o transport e incluir os dominios ... vi transport # dominio.com.br smtp:[pop.dominio.com.br] dominio2.com.br smtp:[pop.dominio2.com.br] # ##### SPF cd /usr/ports/mail/postfix/work/postfix-2.3.4/examples/smtpd-policy cp postfix-policyd-spf.pl /usr/local/bin/ ... obs.: incluir a seguinte linha no master.cf # policy unix - n n - - spawn user=nobody argv=/usr/bin/perl /usr/local/bin/postfix-policyd-spf.pl # ...obs.: alterar o arquivo /usr/local/bin/postfix-policyd-spf.pl ........: incluir +/- na linha 201 a seguinte situacao: elsif ($result eq "softfail") { return "REJECT $smtp_comment"; } ##### GREYLIST # MYSQL cd /usr/ports/databases/mysql50-server/ make all install ...obs..: incluir no rc.conf # mysql_enable="YES" # /usr/local/etc/rc.d/mysql-server start /usr/local/bin/mysqladmin -u root password 'senha_de_root_do_mysql' ....obs.: Criar um database chamado greylist e setar usuario/senha: mysql -u root -psenha_de_root_do_mysql > CREATE DATABASE greylist; > USE greylist; > GRANT ALL ON greylist TO 'greylist' IDENTIFIED BY 'secret'; > BYE # GPS cd /usr/ports/mail/postfix-gps make all install ... obs.: incluir a seguinte linha no master.cf # greypolicy unix - n n - - spawn user=nobody argv=/usr/local/libexec/gps /usr/local/etc/gps.conf # ...obs.: Acertar detalhes do /usr/local/etc/gps.conf (startar ele em modo init e depois alterar para normal) senha e tals... cp /usr/local/etc/gps.conf-dist /usr/local/etc/gps.conf ....obs.: Incluir as seguintes linhas no crontab # GREYLIST # Limpa qq registro que esteja no Triplex a mais de 24 horas sem uma segunda ocorrencia (tentativa) 27 * * * * /usr/local/libexec/gps-maintain.pl -delete -eq 0 -age 86400 /usr/local/etc/gps.conf # Limpa qq registro que esteja no Triplex a mais de 60 dias sem adicao de nenhuma ocorrencia 30 3 * * * /usr/local/libexec/gps-maintain.pl -delete -age 5184000 /usr/local/etc/gps.conf ########################## LINKS ############## http://www.5dmail.net/html/2006-10-16/20061016155748.htm http://freebsd.ntut.idv.tw/document/mail_gateway_postfix_clamav_amavisd-new.html http://www.unitednerds.org/thefallen/docs/index.php?area=Postfix http://www.freespamfilter.org/FC4.html http://mimo.gn.apc.org/gps/ http://www.soft-land.org/articoli/greylist http://www.freesoftwaremagazine.com/articles/focus_spam_postfix/ ######### Eh isto ae... espero ter auxiliado.... ##### Powered by Christopher Giese www.bsdux.com.br - bsdux@bsdux.com.br