以前書いておいたSMTPサーバ関連の設定の覚え書きから、かなり内容が変わっているんで、新しく残しておきます。
現時点では、
postfix+amavisd-new+clamav+spamassassin+courier-imap&courie-pop
という組み合わせで、pop-before-smtpパッケージを利用してPOP-Before-SMTP、IMAP-Before-SMTPを実現しています。
以前書いておいたSMTPサーバ関連の設定の覚え書きから、かなり内容が変わっているんで、新しく残しておきます。
現時点では、
postfix+amavisd-new+clamav+spamassassin+courier-imap&courie-pop
という組み合わせで、pop-before-smtpパッケージを利用してPOP-Before-SMTP、IMAP-Before-SMTPを実現しています。
courier-*、amavis-stats、couriergraphなどは、基本的にインストールして、そのまんま。pop-before-smtpについては、こちらのエントリーを参照のこと。
eswat2:/var/log# dpkg -l postfix* amavis* *clam* *spam* *courier* *pop* | grep -e ^ii ii postfix 2.1.4-5 A high-performance mail transport agent ii postfix-doc 2.1.4-5 Postfix documentation ii postfix-pcre 2.1.4-5 PCRE map support for Postfix ii amavis-stats 0.1.12-5 Virus statistics RRDtool frontend for Amavis ii amavisd-new 20030616p10-4 Interface between MTA and virus scanner/cont ii clamav 0.75.1-4 Antivirus scanner for Unix ii spamassassin 3.0.0-1 Perl-based spam filter using text analysis ii spamc 3.0.0-1 Client for SpamAssassin spam filtering daemo ii courier-authda 0.47-1 Courier Mail Server - Authentication daemon ii courier-base 0.47-1 Courier Mail Server - Base system ii courier-doc 0.47-1 Courier Mail Server - Additional documentati ii courier-imap 3.0.8-1 Courier Mail Server - IMAP server ii courier-imap-s 3.0.8-1 Courier Mail Server - IMAP over SSL ii courier-pop 0.47-1 Courier Mail Server - POP3 server ii courier-pop-ss 0.47-1 Courier Mail Server - POP3 over SSL ii courier-ssl 0.47-1 Courier Mail Server - SSL/TLS Support ii courier-webadm 0.47-1 Courier Mail Server - Web-based administrati ii couriergraph 0.23-2 Mail statistics RRDtool frontend for Courier ii pop-before-smt 1.31-2 watch log for pop/imap auth, notify Postfix
main.cfから。(postconf -n
の結果)
alias_database = hash:/etc/aliases hash:/var/spool/ml/etc/aliases alias_maps = hash:/etc/aliases hash:/var/spool/ml/etc/aliases allow_mail_to_commands = alias,forward,include command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/lib/postfix home_mailbox = Maildir/ inet_interfaces = all mailbox_size_limit = 0 message_size_limit = 20480000 mydestination = $myhostname localhost.$mydomain $mydomain localhost mydomain = downtown.jp myhostname = eswat2.downtown.jp mynetworks = 127.0.0.0/8 192.168.0.0/24 218.219.149.232/29 myorigin = $mydomain notify_classes = bounce recipient_delimiter = + relay_domains = $mydestination katsushika.org relayhost = smtpd_client_restrictions = permit_mynetworks permit_mx_backup reject_rbl_client relays.ordb.org reject_rbl_client rbl.maps.vix.com reject_rbl_client dul.maps.vix.com reject_rbl_client relays.mail-abuse.org reject_rbl_client spamips.shub-inter.net reject_rhsbl_client relays.mail-abuse.org reject_rhsbl_client spamips.shub-inter.net reject_non_fqdn_sender reject_non_fqdn_recipient reject_unauth_pipelining reject_unknown_sender_domain reject_unknown_recipient_domain reject_unknown_client permit smtpd_recipient_restrictions = permit_mynetworks reject_non_fqdn_recipient check_client_access hash:/var/lib/pop-before-smtp/hosts check_relay_domains smtpd_sender_restrictions = permit_mynetworks permit_mx_backup reject_non_fqdn_sender reject_non_fqdn_hostname reject_unlisted_sender reject_unknown_sender_domain reject_rhsbl_sender relays.mail-abuse.org reject_rhsbl_sender spamips.shub-inter.net permit virtual_alias_domains = $virtual_alias_maps virtual_alias_maps = hash:/etc/postfix/virtual
master.cfは、amavisd-newを呼び出す部分のみ。
--- master.cf.dpkg-dist 2004-05-31 11:46:16.000000000 +0900 +++ master.cf 2004-10-15 10:59:37.000000000 +0900 @@ -130,3 +130,17 @@ #tlsmgr fifo - - n 300 1 tlsmgr #smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes #587 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes + +# ***** amavisd-new +smtp-amavis unix - - n - 8 smtp + -o smtp_data_done_timeout=1200 + -o disable_dns_lookups=yes + +127.0.0.1:10025 inet n - n - - smtpd + -o content_filter= + -o local_recipient_maps= + -o smtpd_helo_restrictions= + -o smtpd_client_restrictions= + -o smtpd_sender_restrictions= + -o smtpd_recipient_restrictions=permit_mynetworks,reject + -o mynetworks=127.0.0.0/8
変更部分は、必要最低限でOK。
--- amavisd.conf.orig 2004-08-03 02:08:29.000000000 +0900 +++ amavisd.conf 2004-09-30 14:03:55.000000000 +0900 @@ -2,7 +2,7 @@ # Configuration file for amavisd-new # Defaults modified for the Debian amavisd-new package -# $Id: amavisd.conf,v 1.27 2004/07/31 19:43:41 hmh Exp $ +# $Id: amavisd.conf,v 1.26 2004/07/05 15:15:02 hmh Exp $ # # This software is licensed under the GNU General Public License (GPL). # See comments at the start of amavisd-new for the whole license text. @@ -63,7 +63,7 @@ # $mydomain serves as a quick default for some other configuration settings. # More refined control is available with each individual setting further down. # $mydomain is never used directly by the program. -$mydomain = 'example.com'; # (no useful default) +$mydomain = 'downtown.jp'; # (no useful default) # $myhostname = 'host.example.com'; # fqdn of this host, default by uname(3) @@ -137,8 +137,8 @@ # feeding amavisd, e.g. with Postfix the 'Max procs' field in the # master.cf file, like the '2' in the: smtp-amavis unix - - n - 2 smtp # -$max_servers = 2; # number of pre-forked children (default 2) -$max_requests = 10; # retire a child after that many accepts (default 10) +$max_servers = 8; # number of pre-forked children (default 2) +$max_requests = 32; # retire a child after that many accepts (default 10) $child_timeout=5*60; # abort child if it does not complete each task in n sec # (default: 8*60 seconds) @@ -158,7 +158,7 @@ # # Any setting can be changed with a new assignment, so make sure # you do not unintentionally override these settings further down! -@bypass_spam_checks_acl = qw( . ); # No default dependency on spamassassin +#@bypass_spam_checks_acl = qw( . ); # No default dependency on spamassassin # Lookup list of local domains (see README.lookups for syntax details) # @@ -210,7 +210,7 @@ # # These are logged at level 3, so enable logging until you know you got it # right. -$relayhost_is_client = 0; # (defaults to false) +$relayhost_is_client = 1; # (defaults to false) $insert_received_line = 1; # behave like MTA: insert 'Received:' header # (does not apply to sendmail/milter) @@ -288,7 +288,7 @@ # 3: server, client # 4: decompose parts # 5: more debug details -#$log_level = 2; # (defaults to 0) +$log_level = 2; # (defaults to 0) # Customizable template for the most interesting log file entry (e.g. with # $log_level=0) (take care to properly quote Perl special characters like '\') @@ -339,7 +339,7 @@ # # read_l10n_templates('/etc/amavis/en_US'); # -# Debian available locales: en_US, pt_BR, de_DE, it_IT +# Debian available locales: en_US, pt_BR read_l10n_templates('en_US', '/etc/amavis'); @@ -1102,7 +1102,7 @@ # that require internet access will be performed. # $sa_local_tests_only = 1; # (default: false) -#$sa_auto_whitelist = 1; # turn on AWL (default: false) +$sa_auto_whitelist = 1; # turn on AWL (default: false) # Timout for SpamAssassin. This is only used if spamassassin does NOT # override it (which it often does if sa_local_tests_only is not true) @@ -1112,7 +1112,7 @@ # AWL (auto whitelisting), requires spamassassin 2.44 or better # $sa_auto_whitelist = 1; # defaults to undef -$sa_mail_body_size_limit = 150*1024; # don't waste time on SA is mail is larger +#$sa_mail_body_size_limit = 150*1024; # don't waste time on SA is mail is larger # (less than 1% of spam is > 64k) # default: undef, no limitations @@ -1501,7 +1501,7 @@ #$keep_decoded_original_re = new_RE( qr/.*/ ); # Turn on SpamAssassin debugging (output to STDERR, use with 'amavisd debug') -#$sa_debug = 1; # defaults to false +$sa_debug = 1; # defaults to false #------------- 1; # insure a defined return
ほぼデフォルト状態でOK。
System Wideでのチェックを行う為には、ユーザamavisのhomeディレクトリにある/var/lib/amavis/.spamassassin/に下記のようなuser_prefsを置くことで、判定が行われます。(whitelist_fromなどのパラメータはここのネットワークに合わせて読み替えてくださいね。)
spam判定用のDBもユーザamavistとしてsa-learn
コマンドで作成済み。
# SpamAssassin user preferences file. See 'perldoc Mail::SpamAssassin::Conf' # for details of what can be tweaked. ########################################################################### # How many hits before a mail is considered spam. required_hits 7.5 # Whitelist and blacklist addresses are now file-glob-style patterns, so # "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work. # whitelist_from someone@somewhere.com # Add your own customised scores for some tests below. The default scores are # read from the installed spamassassin rules files, but you can override them # here. To see the list of tests and their default scores, go to # http://spamassassin.org/tests.html . # # score SYMBOLIC_TEST_NAME n.nn # Speakers of Asian languages, like Chinese, Japanese and Korean, will almost # definitely want to uncomment the following lines. They will switch off some # rules that detect 8-bit characters, which commonly trigger on mails using CJK # character sets, or that assume a western-style charset is in use. # # score HEADER_8BITS 0 # score HTML_COMMENT_8BITS 0 # score SUBJ_FULL_OF_8BITS 0 # score UPPERCASE_25_50 0 # score UPPERCASE_50_75 0 # score UPPERCASE_75_100 0 trusted_networks 127/8 192.168.0/24 internel_networks 192.168.0/24 whitelist_from logcheck@downtown.jp whitelist_to root@downtown.jp #***** blacklist_from delivery@hosyou-b.mine.nu tomio@tkeiba.net
コメントする