na homework 4+5 postfix + dns. 2 demo >setup everything before demo, or you ’ ll get no point...
TRANSCRIPT
NA Homework 4+5
Postfix + DNS
2
Demo
> Setup everything before Demo, or you’ll get no point if something don’t work.
> Show your mail functions to TA, you could use ‘Remote Desktop’.
> Be prepared, TA will ask some questions.
3
Installation Steps
> postfix> cyrus-sasl2-saslauthd> imap-uw> amavisd-new> postgrey> Clamav> spamassassin
4
Postfix
# cd /usr/ports/mail/postfix# make install clean
5
Postfix
===> Installing for postfix-2.4.1,1===> postfix-2.4.1,1 depends on file: /usr/local/lib/libcrypto.so.5 - found===> postfix-2.4.1,1 depends on shared library: pcre.0 – found===> postfix-2.4.1,1 depends on shared library: sasl2.2 - foundAdded group "postfix".Added group "maildrop".Added user "postfix".You need user "postfix" added to group "mail".Would you like me to add it [y]? y
install -d -o root -g wheel -m 555 /usr/local/share/doc/postfixInstalled HTML documentation in /usr/local/share/doc/postfixWould you like to activate Postfix in /etc/mail/mailer.conf [n]? y
6
Postfix
> edit /etc/rc.conf
sendmail_enable="NONE“
postfix_enable="YES"
daily_clean_hoststat_enable="NO"daily_status_mail_rejects_enable="NO"daily_status_include_submit_mailq="NO"daily_submit_queuerun="NO"
> edit /etc/defaults/periodic.conf
> edit /usr/local/etc/postfix/main.cf
– edit it by yourself
– ex: myhostname, mynetworks, alias_maps…
7
Postfix with TLS
> make your certificates> edit /usr/local/etc/postfix/main.cf
8
Cyrus-sasl2-saslauthd
9
Cyrus-sasl2-saslauthd
# cd /usr/ports/security/cyrus-sasl-saslauthd# make install clean
> edit /etc/rc.conf
saslauthd_enable="YES"
10
imap-uw
# cd /usr/ports/mail/imap-uw# make install clean
> edit /etc/inetd.conf
pop3 stream tcp nowait root /usr/local/libexec/ipop3d ipop3dimap4 stream tcp nowait root /usr/local/libexec/imapd imapd
> If using TLS
pop3s stream tcp nowait root /usr/local/libexec/ipop3d ipop3dimaps stream tcp nowait root /usr/local/libexec/imapd imapd
11
Hold on and Test
> It’s better to test you can receive and send mail before next step.
> If it’s not work, check /var/log/maillog.
# /usr/local/etc/rc.d/saslauthd start
# /usr/local/etc/rc.d/postfix start
# /etc/rc.d/inetd reload
12
Amavisd-new
# cd /usr/ports/security/amavisd-new# make install clean
13
Amavisd-new
Added group "vscan".Added user "vscan".
Created "/var/amavis" directory.Created "/var/amavis/db" directory.Created "/var/amavis/tmp" directory.Created "/var/virusmails" directory.
To use amavisd-new, you need to install at least one virus scanner. The following virus scanners are available in the FreeBSD ports collection:
/usr/ports/security/vscan McAfee VirusScan /usr/ports/security/clamav Clam Antivirus /usr/ports/security/f-prot F-Prot Antivirus /usr/ports/security/drweb DrWeb antivirus suite
14
Amavisd-new
Enable amavisd-new in /etc/rc.conf with the following line:
amavisd_enable="YES"
If you want to use the amavis sendmail milter interface, you need the following additional line in /etc/rc.conf
amavis_milter_enable="YES"
Configuration templates are available in /usr/local/etc as amavisd.conf-dist, amavisd.conf-sample and amavisd.conf-default. Documentation is available in /usr/local/share/doc/amavisd-new.
15
postgrey
# cd /usr/ports/mail/postgrey# make install clean
> edit /etc/rc.conf
postgrey_enable="YES"postgrey_pidfile="/var/run/postgrey.pid"postgrey_flags="--delay=60 --pidfile=${postgrey_pidfile} \ --inet=10023 -d --user=postgrey --group=postgrey \ --dbdir=/var/db/postgrey"
16
Clamav
# cd /usr/ports/security/clamav# make install clean
17
Clamav
> edit /etc/rc.conf
clamav_clamd_enable="YES"clamav_freshclam_enable="YES"
> edit where you put your aliases file
virusalert: root
> edit /usr/local/etc/clamd.conf by yourself
18
Final Configuration
19
Final Configuration for Postfix
> edit /usr/local/etc/postfix/main.cf
content_filter = smtp-amavis:[127.0.0.1]:10024
> edit /usr/local/etc/postfix/master.cf
smtp-amavis unix - - n - 2 lmtp -o smtp_data_done_timeout=1200s -o smtp_never_send_ehlo=yes -o notify_classes=protocol,resource,software127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o mynetworks=127.0.0.0/8 -o myhostname=localhost -o local_recipient_maps= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject
20
Final Configuration for Amavisd-new
> edit /usr/local/etc/amavisd.conf
$mydomain = ‘cs.nctu.edu.tw'$notify_method = 'smtp:[127.0.0.1]:10025';$forward_method = 'smtp:[127.0.0.1]:10025';
21
Now Startup everything
# /usr/local/etc/rc.d/clamav-clamd start# /usr/local/etc/rc.d/postgrey start# /usr/local/etc/rc.d/amavisd start# /usr/local/etc/rc.d/postfix restart
22
Test for Virus
# telnet localhost 25Trying ::1...Trying 127.0.0.1...Connected to localhost.twbbs.org.Escape character is '^]'.220 nabsd.cs.nctu.edu.tw ESMTP Postfixmail from: <[email protected]>250 Okrcpt to: <[email protected]>250 Okdata354 End data with <CR><LF>.<CR><LF>Subject: Virus ComingX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*.250 Ok: queued as 647781152Equit221 ByeConnection closed by foreign host. da
23
> Normal Mail
> Mail with virus
May 13 16:55:50 nabsd amavis[29004]: (29004-05) Blocked INFECTED (Eicar-Test-Signature), [127.0.0.1] <?@localhost> -> <[email protected]>, quarantine: virus-VivGNwT9NIja, Message-ID: <[email protected]>, mail_id: VivGNwT9NIja, Hits: -, 1071 ms
May 11 20:09:27 nabsd amavis[29003]: (29003-01) Passed CLEAN, <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: Vidtcl9St6oz, Hits: -, 1312 ms
Test for Virus
24
Spamassassin
> /usr/local/etc/amavis.conf
> /usr/local/etc/mail/spamassassin/local.cf
> man Mail::SpamAssassin::Conf
25
Spamassassin
Content-Type: text/html;charset="big5"
Content-Transfer-Encoding: 8bitSender: =?big5?B?wnmkSKR+?= <[email protected]>Reply-To: [email protected]: amavisd-new at csie.nctu.edu.twX-Spam-Status: Yes, hits=10.687 tagged_above=3 required=6.3 tests=BAYES_60, DATE_IN_PAST_96_XX, DOMAIN_RATIO, HTML_90_100, HTML_IMAGE_ONLY_20, HTML_IMAGE_RATIO_02, HTML_MESSAGE, HTML_WEB_BUGS, MIME_HTML_ONLYX-Spam-Level: **********X-Spam-Flag: YESStatus: