[2004/10/15]最新状態で、エントリーを作り直しましたので、そちらもご覧下さい。
-----
インストール済みパッケージの一覧
eswat2:~# dpkg -l postfix* amavis* *clam* *spam* | grep -e ^ii
ii postfix 2.0.19-1 A high-performance mail transport agent
ii postfix-doc 2.0.19-1 Postfix documentation
ii postfix-pcre 2.0.19-1 PCRE map support for Postfix
ii amavisd-new 20030616p7-3 Interface between MTA and virus scanner/cont
ii clamav 0.69-0.70-rc-2 Antivirus scanner for Unix
ii clamav-base 0.69-0.70-rc-2 Base package for clamav, an anti-virus utili
ii clamav-daemon 0.69-0.70-rc-2 Powerful Antivirus scanner daemon
ii clamav-freshcl 0.69-0.70-rc-2 Downloads clamav virus databases from the In
ii clamav-getfile 0.3-3 Update script for clamav
ii clamav-testfil 0.69-0.70-rc-2 Use these files to test that your Antivirus
ii libclamav1 0.69-0.70-rc-2 Virus scanner library
ii libclamav1-dev 0.69-0.70-rc-2 Clam Antivirus library development files
ii spamassassin 2.63-1 Perl-based spam filter using text analysis
ii spamc 2.63-1 Client for perl-based spam filtering daemon
my_networksとrelay_domainsは、公開用に一部削ってあるので注意。master.cfで実際に必要なのは、最後のほうの12行だけ。
eswat2:~# postconf -n
alias_maps = hash:/etc/aliases
allow_mail_to_commands = alias,forward,include
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
header_checks = regexp:/etc/postfix/header_check_regex
inet_interfaces = all
mail_spool_directory = /var/mail
mailbox_command = /usr/bin/procmail
mailbox_size_limit = 0
mydestination = $myhostname localhost.$mydomain $mydomain localhost
mydomain = downtown.jp
myhostname = eswat2.downtown.jp
mynetworks = 127.0.0.0/8 192.168.254.0/24 61.197.253.80/28
myorigin = $mydomain
program_directory = /usr/lib/postfix
recipient_delimiter = +
relay_domains = $mydestination katsushika.org
relayhost =
smtpd_client_restrictions = permit_mynetworks permit_mx_backup check_client_access hash:/etc/postfix/bad_clients reject_unauth_destination reject_non_fqdn_sender reject_non_fqdn_recipient reject_unauth_pipelining reject_unknown_sender_domain reject_unknown_recipient_domain reject_unknown_client reject_rbl_client relays.ordb.org permit
virtual_alias_domains = $virtual_alias_maps
virtual_alias_maps = hash:/etc/postfix/virtual
--- /etc/postfix/master.cf.dpkg-dist 2003-12-09 06:49:22.000000000 +0900
+++ /etc/postfix/master.cf 2003-12-23 16:46:04.000000000 +0900
@@ -1,14 +1,8 @@
#
-# Postfix master process configuration file. Each logical line
-# describes how a Postfix daemon program should be run.
-#
-# A logical line starts with non-whitespace, non-comment text.
-# Empty lines and whitespace-only lines are ignored, as are comment
-# lines whose first non-whitespace character is a `#'.
-# A line that starts with whitespace continues a logical line.
-#
-# The fields that make up each line are described below. A "-" field
-# value requests that a default value be used for that field.
+# Postfix master process configuration file. Each line describes how
+# a mailer component program should be run. The fields that make up
+# each line are described below. A "-" field value requests that a
+# default value be used for that field.
#
# Service: any name that is valid for the specified transport type
# (the next field). With INET transports, a service is specified as
@@ -32,8 +26,6 @@
# directory (pathname is controlled by the queue_directory configuration
# variable in the main.cf file). Presently, all Postfix daemons can run
# chrooted, except for the pipe, virtual and local delivery daemons.
-# The proxymap server can run chrooted, but doing so defeats most of
-# the purpose of having that service in the first place.
# The files in the examples/chroot-setup subdirectory describe how
# to set up a Postfix chroot environment for your type of machine.
#
@@ -65,11 +57,17 @@
# SPECIFY ONLY PROGRAMS THAT ARE WRITTEN TO RUN AS POSTFIX DAEMONS.
# ALL DAEMONS SPECIFIED HERE MUST SPEAK A POSTFIX-INTERNAL PROTOCOL.
#
+# DO NOT CHANGE THE ZERO PROCESS LIMIT FOR CLEANUP/BOUNCE/DEFER OR
+# POSTFIX WILL BECOME STUCK UP UNDER HEAVY LOAD
+#
+# DO NOT CHANGE THE ONE PROCESS LIMIT FOR PICKUP/QMGR OR POSTFIX WILL
+# DELIVER MAIL MULTIPLE TIMES.
+#
# DO NOT SHARE THE POSTFIX QUEUE BETWEEN MULTIPLE POSTFIX INSTANCES.
#
# ==========================================================================
-# service type private unpriv chroot wakeup maxproc command + args
-# (yes) (yes) (yes) (never) (100)
+# service type private unpriv chroot wakeup maxproc command + args
+# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd
#628 inet n - - - - qmqpd
@@ -81,7 +79,6 @@
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
flush unix n - - 1000? 0 flush
-proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
@@ -90,7 +87,6 @@
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
-
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
@@ -101,11 +97,12 @@
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
-cyrus unix - n n - - pipe
- flags=R user=cyrus argv=/usr/sbin/cyrdeliver -e -m "${extension}" ${user}
+#
+old-cyrus unix - n n - - pipe
+ flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
-#cyrus unix - n n - - pipe
-# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
+cyrus unix - n n - - pipe
+ flags=R user=cyrus argv=/usr/sbin/cyrdeliver -e -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
@@ -116,6 +113,21 @@
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
# only used by postfix-tls
-#tlsmgr fifo - - n 300 1 tlsmgr
#smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#587 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
+
+proxymap unix - - n - - proxymap
+
+# ***** amavisd-new
+smtp-amavis unix - - n - 4 lmtp
+ -o smtp_data_done_timeout=1200
+ -o disable_dns_lookups=yes
+
+127.0.0.1:10025 inet n - n - - smtpd
+ -o content_filter=
+ -o local_recipient_maps=
+ -o smtpd_helo_restrictions=
+ -o smtpd_client_restrictions=
+ -o smtpd_sender_restrictions=
+ -o smtpd_recipient_restrictions=permit_mynetworks,reject
+ -o mynetworks=127.0.0.0/8
amavisdは、起動プロセス数をデフォルトから一部変更。あとは、$mydomainなど、最低限必要なもののみ設定。
--- /etc/amavis/amavisd.conf.dpkg-dist 2004-03-03 23:35:04.000000000 +0900
+++ /etc/amavis/amavisd.conf 2004-02-10 11:32:19.000000000 +0900
@@ -2,7 +2,7 @@
# Configuration file for amavisd-new
# Defaults modified for the Debian amavisd-new package
-# $Id: amavisd.conf,v 1.24 2004/03/03 14:32:11 hmh Exp $
+# $Id: amavisd.conf,v 1.20 2004/01/07 12:13:36 hmh Exp $
#
# This software is licensed under the GNU General Public License (GPL).
# See comments at the start of amavisd-new for the whole license text.
@@ -58,7 +58,7 @@
# $mydomain serves as a quick default for some other configuration settings.
# More refined control is available with each individual setting further down.
# $mydomain is never used directly by the program.
-$mydomain = 'example.com'; # (no useful default)
+$mydomain = 'downtown.jp'; # (no useful default)
# Set the user and group to which the daemon will change if started as root
# (otherwise just keeps the UID unchanged, and these settings have no effect):
@@ -130,8 +130,8 @@
# feeding amavisd, e.g. with Postfix the 'Max procs' field in the
# master.cf file, like the '2' in the: smtp-amavis unix - - n - 2 smtp
#
-$max_servers = 2; # number of pre-forked children (default 2)
-$max_requests = 10; # retire a child after that many accepts (default 10)
+$max_servers = 4; # number of pre-forked children (default 2)
+$max_requests = 16; # retire a child after that many accepts (default 10)
$child_timeout=5*60; # abort child if it does not complete each task in n sec
# (default: 8*60 seconds)
@@ -151,7 +151,7 @@
#
# Any setting can be changed with a new assignment, so make sure
# you do not unintentionally override these settings further down!
-@bypass_spam_checks_acl = qw( . ); # No default dependency on spamassassin
+#@bypass_spam_checks_acl = qw( . ); # No default dependency on spamassassin
# Lookup list of local domains (see README.lookups for syntax details)
#
@@ -203,7 +203,7 @@
#
# These are logged at level 3, so enable logging until you know you got it
# right.
-$relayhost_is_client = 0; # (defaults to false)
+$relayhost_is_client = 1; # (defaults to false)
$insert_received_line = 1; # behave like MTA: insert 'Received:' header
# (does not apply to sendmail/milter)
@@ -389,7 +389,7 @@
# and other dual-MTA setups, which can't reject original client SMTP
# session, as the mail has already been enqueued.
-$final_virus_destiny = D_DISCARD; # (defaults to D_BOUNCE)
+$final_virus_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_spam_destiny = D_REJECT; # (defaults to D_REJECT)
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested
@@ -400,9 +400,6 @@
# - use D_BOUNCE instead of D_REJECT if not using milter;
#
# D_BOUNCE is preferred for viruses, but consider:
-# - use D_DISCARD to avoid bothering the rest of the network, it is hopeless
-# to try to keep up with the viruses that faker the envelope sender anyway,
-# and bouncing only increases the network cost of viruses for everyone
# - use D_PASS (or virus_lovers) and $warnvirussender=1 to deliver viruses;
# - use D_REJECT instead of D_BOUNCE if using milter and under heavy
# virus storm;
@@ -463,10 +460,10 @@
#
# Empty or undef lookup disables virus admin notifications.
+$virus_admin = "virusalert\@$mydomain";
# $virus_admin = undef; # do not send virus admin notifications (default)
# $virus_admin = {'not.example.com' => '', '.' => 'virusalert@example.com'};
# $virus_admin = 'virus-admin@example.com';
-$virus_admin = "postmaster\@$mydomain"; # due to D_DISCARD default
# equivalent to $virus_admin, but for spam admin notifications:
# $spam_admin = "spamalert\@$mydomain";
@@ -640,7 +637,6 @@
# (lookup key is what file(1) utility returned):
#
$keep_decoded_original_re = new_RE(
- qr'^MAIL$', # retain full original message for virus checking
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
);
@@ -1079,15 +1075,15 @@
# $sa_local_tests_only = 1; # defaults to false
# AWL (auto whitelisting), requires spamassassin 2.44 or better
-# $sa_auto_whitelist = 1; # defaults to undef
+$sa_auto_whitelist = 1; # defaults to undef
$sa_mail_body_size_limit = 150*1024; # don't waste time on SA is mail is larger
# (less than 1% of spam is > 64k)
# default: undef, no limitations
# default values, can be overridden by more specific lookups, e.g. SQL
-$sa_tag_level_deflt = 4.0; # add spam info headers if at, or above that level
-$sa_tag2_level_deflt = 6.3; # add 'spam detected' headers at that level
+$sa_tag_level_deflt = 3.6; # add spam info headers if at, or above that level
+$sa_tag2_level_deflt = 4.8; # add 'spam detected' headers at that level
$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions
# at or above that level: bounce/reject/drop,
# quarantine, and adding mail address extension
@@ -1182,6 +1178,7 @@
### http://clamav.elektrapro.com/
['Clam Antivirus-clamd',
+# \&ask_daemon, ["CONTSCAN {}\n", '/var/run/clamd.ctl'],
\&ask_daemon, ["CONTSCAN {}\n", '/var/run/clamav/clamd.ctl'],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
@@ -1444,7 +1441,7 @@
#$keep_decoded_original_re = new_RE( qr/.*/ );
# Turn on SpamAssassin debugging (output to STDERR, use with 'amavisd debug')
-#$sa_debug = 1; # defaults to false
+$sa_debug = 1; # defaults to false
#-------------
1; # insure a defined return
clamav関連は、デフォルトのまま。
spamassassinは、System-Wideで動作させるために、下記内容のuser_prefsを/var/lib/amavis/.spamassassinに置く。
eswat2:~# less /var/lib/amavis/.spamassassin/user_prefs
# SpamAssassin user preferences file. See 'perldoc Mail::SpamAssassin::Conf'
# for details of what can be tweaked.
###########################################################################
# How many hits before a mail is considered spam.
required_hits 5.5
# Whitelist and blacklist addresses are now file-glob-style patterns, so
# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.
# whitelist_from someone@somewhere.com
# Add your own customised scores for some tests below. The default scores are
# read from the installed spamassassin rules files, but you can override them
# here. To see the list of tests and their default scores, go to
# http://spamassassin.org/tests.html .
#
# score SYMBOLIC_TEST_NAME n.nn
# Speakers of Asian languages, like Chinese, Japanese and Korean, will almost
# definitely want to uncomment the following lines. They will switch off some
# rules that detect 8-bit characters, which commonly trigger on mails using CJK
# character sets, or that assume a western-style charset is in use.
#
# score HEADER_8BITS 0
# score HTML_COMMENT_8BITS 0
# score SUBJ_FULL_OF_8BITS 0
# score UPPERCASE_25_50 0
# score UPPERCASE_50_75 0
# score UPPERCASE_75_100 0
score HABEAS_SWE -5.0
score HABEAS_VIOLATOR 10.0
コメントする