以前書いておいたSMTPサーバ関連の設定の覚え書きから、かなり内容が変わっているんで、新しく残しておきます。
現時点では、
postfix+amavisd-new+clamav+spamassassin+courier-imap&courie-pop
という組み合わせで、pop-before-smtpパッケージを利用してPOP-Before-SMTP、IMAP-Before-SMTPを実現しています。
設定覚え書き:Postfix編
インストール済みのパッケージ一覧
courier-*、amavis-stats、couriergraphなどは、基本的にインストールして、そのまんま。pop-before-smtpについては、こちらのエントリーを参照のこと。
eswat2:/var/log# dpkg -l postfix* amavis* *clam* *spam* *courier* *pop* | grep -e ^ii ii postfix 2.1.4-5 A high-performance mail transport agent ii postfix-doc 2.1.4-5 Postfix documentation ii postfix-pcre 2.1.4-5 PCRE map support for Postfix ii amavis-stats 0.1.12-5 Virus statistics RRDtool frontend for Amavis ii amavisd-new 20030616p10-4 Interface between MTA and virus scanner/cont ii clamav 0.75.1-4 Antivirus scanner for Unix ii spamassassin 3.0.0-1 Perl-based spam filter using text analysis ii spamc 3.0.0-1 Client for SpamAssassin spam filtering daemo ii courier-authda 0.47-1 Courier Mail Server - Authentication daemon ii courier-base 0.47-1 Courier Mail Server - Base system ii courier-doc 0.47-1 Courier Mail Server - Additional documentati ii courier-imap 3.0.8-1 Courier Mail Server - IMAP server ii courier-imap-s 3.0.8-1 Courier Mail Server - IMAP over SSL ii courier-pop 0.47-1 Courier Mail Server - POP3 server ii courier-pop-ss 0.47-1 Courier Mail Server - POP3 over SSL ii courier-ssl 0.47-1 Courier Mail Server - SSL/TLS Support ii courier-webadm 0.47-1 Courier Mail Server - Web-based administrati ii couriergraph 0.23-2 Mail statistics RRDtool frontend for Courier ii pop-before-smt 1.31-2 watch log for pop/imap auth, notify Postfix
postfix
main.cfから。(postconf -nの結果)
alias_database = hash:/etc/aliases hash:/var/spool/ml/etc/aliases alias_maps = hash:/etc/aliases hash:/var/spool/ml/etc/aliases allow_mail_to_commands = alias,forward,include command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/lib/postfix home_mailbox = Maildir/ inet_interfaces = all mailbox_size_limit = 0 message_size_limit = 20480000 mydestination = $myhostname localhost.$mydomain $mydomain localhost mydomain = downtown.jp myhostname = eswat2.downtown.jp mynetworks = 127.0.0.0/8 192.168.0.0/24 218.219.149.232/29 myorigin = $mydomain notify_classes = bounce recipient_delimiter = + relay_domains = $mydestination katsushika.org relayhost = smtpd_client_restrictions = permit_mynetworks permit_mx_backup reject_rbl_client relays.ordb.org reject_rbl_client rbl.maps.vix.com reject_rbl_client dul.maps.vix.com reject_rbl_client relays.mail-abuse.org reject_rbl_client spamips.shub-inter.net reject_rhsbl_client relays.mail-abuse.org reject_rhsbl_client spamips.shub-inter.net reject_non_fqdn_sender reject_non_fqdn_recipient reject_unauth_pipelining reject_unknown_sender_domain reject_unknown_recipient_domain reject_unknown_client permit smtpd_recipient_restrictions = permit_mynetworks reject_non_fqdn_recipient check_client_access hash:/var/lib/pop-before-smtp/hosts check_relay_domains smtpd_sender_restrictions = permit_mynetworks permit_mx_backup reject_non_fqdn_sender reject_non_fqdn_hostname reject_unlisted_sender reject_unknown_sender_domain reject_rhsbl_sender relays.mail-abuse.org reject_rhsbl_sender spamips.shub-inter.net permit virtual_alias_domains = $virtual_alias_maps virtual_alias_maps = hash:/etc/postfix/virtual
master.cfは、amavisd-newを呼び出す部分のみ。
--- master.cf.dpkg-dist 2004-05-31 11:46:16.000000000 +0900 +++ master.cf 2004-10-15 10:59:37.000000000 +0900 @@ -130,3 +130,17 @@ #tlsmgr fifo - - n 300 1 tlsmgr #smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes #587 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes + +# ***** amavisd-new +smtp-amavis unix - - n - 8 smtp + -o smtp_data_done_timeout=1200 + -o disable_dns_lookups=yes + +127.0.0.1:10025 inet n - n - - smtpd + -o content_filter= + -o local_recipient_maps= + -o smtpd_helo_restrictions= + -o smtpd_client_restrictions= + -o smtpd_sender_restrictions= + -o smtpd_recipient_restrictions=permit_mynetworks,reject + -o mynetworks=127.0.0.0/8
amavisd-new
変更部分は、必要最低限でOK。
--- amavisd.conf.orig 2004-08-03 02:08:29.000000000 +0900
+++ amavisd.conf 2004-09-30 14:03:55.000000000 +0900
@@ -2,7 +2,7 @@
# Configuration file for amavisd-new
# Defaults modified for the Debian amavisd-new package
-# $Id: amavisd.conf,v 1.27 2004/07/31 19:43:41 hmh Exp $
+# $Id: amavisd.conf,v 1.26 2004/07/05 15:15:02 hmh Exp $
#
# This software is licensed under the GNU General Public License (GPL).
# See comments at the start of amavisd-new for the whole license text.
@@ -63,7 +63,7 @@
# $mydomain serves as a quick default for some other configuration settings.
# More refined control is available with each individual setting further down.
# $mydomain is never used directly by the program.
-$mydomain = 'example.com'; # (no useful default)
+$mydomain = 'downtown.jp'; # (no useful default)
# $myhostname = 'host.example.com'; # fqdn of this host, default by uname(3)
@@ -137,8 +137,8 @@
# feeding amavisd, e.g. with Postfix the 'Max procs' field in the
# master.cf file, like the '2' in the: smtp-amavis unix - - n - 2 smtp
#
-$max_servers = 2; # number of pre-forked children (default 2)
-$max_requests = 10; # retire a child after that many accepts (default 10)
+$max_servers = 8; # number of pre-forked children (default 2)
+$max_requests = 32; # retire a child after that many accepts (default 10)
$child_timeout=5*60; # abort child if it does not complete each task in n sec
# (default: 8*60 seconds)
@@ -158,7 +158,7 @@
#
# Any setting can be changed with a new assignment, so make sure
# you do not unintentionally override these settings further down!
-@bypass_spam_checks_acl = qw( . ); # No default dependency on spamassassin
+#@bypass_spam_checks_acl = qw( . ); # No default dependency on spamassassin
# Lookup list of local domains (see README.lookups for syntax details)
#
@@ -210,7 +210,7 @@
#
# These are logged at level 3, so enable logging until you know you got it
# right.
-$relayhost_is_client = 0; # (defaults to false)
+$relayhost_is_client = 1; # (defaults to false)
$insert_received_line = 1; # behave like MTA: insert 'Received:' header
# (does not apply to sendmail/milter)
@@ -288,7 +288,7 @@
# 3: server, client
# 4: decompose parts
# 5: more debug details
-#$log_level = 2; # (defaults to 0)
+$log_level = 2; # (defaults to 0)
# Customizable template for the most interesting log file entry (e.g. with
# $log_level=0) (take care to properly quote Perl special characters like '\')
@@ -339,7 +339,7 @@
#
# read_l10n_templates('/etc/amavis/en_US');
#
-# Debian available locales: en_US, pt_BR, de_DE, it_IT
+# Debian available locales: en_US, pt_BR
read_l10n_templates('en_US', '/etc/amavis');
@@ -1102,7 +1102,7 @@
# that require internet access will be performed.
#
$sa_local_tests_only = 1; # (default: false)
-#$sa_auto_whitelist = 1; # turn on AWL (default: false)
+$sa_auto_whitelist = 1; # turn on AWL (default: false)
# Timout for SpamAssassin. This is only used if spamassassin does NOT
# override it (which it often does if sa_local_tests_only is not true)
@@ -1112,7 +1112,7 @@
# AWL (auto whitelisting), requires spamassassin 2.44 or better
# $sa_auto_whitelist = 1; # defaults to undef
-$sa_mail_body_size_limit = 150*1024; # don't waste time on SA is mail is larger
+#$sa_mail_body_size_limit = 150*1024; # don't waste time on SA is mail is larger
# (less than 1% of spam is > 64k)
# default: undef, no limitations
@@ -1501,7 +1501,7 @@
#$keep_decoded_original_re = new_RE( qr/.*/ );
# Turn on SpamAssassin debugging (output to STDERR, use with 'amavisd debug')
-#$sa_debug = 1; # defaults to false
+$sa_debug = 1; # defaults to false
#-------------
1; # insure a defined return
amavisd-new
ほぼデフォルト状態でOK。
System Wideでのチェックを行う為には、ユーザamavisのhomeディレクトリにある/var/lib/amavis/.spamassassin/に下記のようなuser_prefsを置くことで、判定が行われます。(whitelist_fromなどのパラメータはここのネットワークに合わせて読み替えてくださいね。)
spam判定用のDBもユーザamavistとしてsa-learnコマンドで作成済み。
# SpamAssassin user preferences file. See 'perldoc Mail::SpamAssassin::Conf' # for details of what can be tweaked. ########################################################################### # How many hits before a mail is considered spam. required_hits 7.5 # Whitelist and blacklist addresses are now file-glob-style patterns, so # "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work. # whitelist_from someone@somewhere.com # Add your own customised scores for some tests below. The default scores are # read from the installed spamassassin rules files, but you can override them # here. To see the list of tests and their default scores, go to # http://spamassassin.org/tests.html . # # score SYMBOLIC_TEST_NAME n.nn # Speakers of Asian languages, like Chinese, Japanese and Korean, will almost # definitely want to uncomment the following lines. They will switch off some # rules that detect 8-bit characters, which commonly trigger on mails using CJK # character sets, or that assume a western-style charset is in use. # # score HEADER_8BITS 0 # score HTML_COMMENT_8BITS 0 # score SUBJ_FULL_OF_8BITS 0 # score UPPERCASE_25_50 0 # score UPPERCASE_50_75 0 # score UPPERCASE_75_100 0 trusted_networks 127/8 192.168.0/24 internel_networks 192.168.0/24 whitelist_from logcheck@downtown.jp whitelist_to root@downtown.jp #***** blacklist_from delivery@hosyou-b.mine.nu tomio@tkeiba.net
コメントする