1 |
swift 08/05/20 20:12:23 |
2 |
|
3 |
Modified: mailfilter-guide.xml |
4 |
Log: |
5 |
Coding style |
6 |
|
7 |
Revision Changes Path |
8 |
1.21 xml/htdocs/doc/en/mailfilter-guide.xml |
9 |
|
10 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/mailfilter-guide.xml?rev=1.21&view=markup |
11 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/mailfilter-guide.xml?rev=1.21&content-type=text/plain |
12 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/mailfilter-guide.xml?r1=1.20&r2=1.21 |
13 |
|
14 |
Index: mailfilter-guide.xml |
15 |
=================================================================== |
16 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/mailfilter-guide.xml,v |
17 |
retrieving revision 1.20 |
18 |
retrieving revision 1.21 |
19 |
diff -u -r1.20 -r1.21 |
20 |
--- mailfilter-guide.xml 3 Aug 2007 01:31:02 -0000 1.20 |
21 |
+++ mailfilter-guide.xml 20 May 2008 20:12:23 -0000 1.21 |
22 |
@@ -1,6 +1,6 @@ |
23 |
<?xml version='1.0' encoding='utf-8'?> |
24 |
|
25 |
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/mailfilter-guide.xml,v 1.20 2007/08/03 01:31:02 nightmorph Exp $ --> |
26 |
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/mailfilter-guide.xml,v 1.21 2008/05/20 20:12:23 swift Exp $ --> |
27 |
|
28 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
29 |
<guide link="/doc/en/mailfilter-guide.xml"> |
30 |
@@ -36,7 +36,7 @@ |
31 |
|
32 |
<p> |
33 |
This guide describe step by step how to install a spam and virus filtering mail |
34 |
-gateway. It is quite simple to adopt this to a single server solution. |
35 |
+gateway. It is quite simple to adopt this to a single server solution. |
36 |
</p> |
37 |
|
38 |
</body> |
39 |
@@ -55,11 +55,11 @@ |
40 |
<p> |
41 |
In this setup applications with good security records and readable |
42 |
configuration files have been chosen. The email MTA is postfix which |
43 |
-has a good security record and is fairly easy to setup right. |
44 |
-Postfix will listen normally on port 25 for incoming mail. Upon reception it |
45 |
-will forward it to Amavisd-new on port 10024. Amavisd-new will then filter |
46 |
-the mail through different filters before passing the mail back to Postfix |
47 |
-on port 10025 which in turn will forward the mail to the next mail server. |
48 |
+has a good security record and is fairly easy to setup right. |
49 |
+Postfix will listen normally on port 25 for incoming mail. Upon reception it |
50 |
+will forward it to Amavisd-new on port 10024. Amavisd-new will then filter |
51 |
+the mail through different filters before passing the mail back to Postfix |
52 |
+on port 10025 which in turn will forward the mail to the next mail server. |
53 |
</p> |
54 |
|
55 |
<p> |
56 |
@@ -67,7 +67,7 @@ |
57 |
virus filtering and spam filtering. In this setup we will be using two helper |
58 |
applications one ClamAV for filtering virus mails and Spamassassin for filtering |
59 |
spam. Spamassassin itself can function as yet another layer of content filtering |
60 |
-framework and utilize the helper applications Vipul's Razor2 and DCC. |
61 |
+framework and utilize the helper applications Vipul's Razor2 and DCC. |
62 |
</p> |
63 |
|
64 |
<p> |
65 |
@@ -91,8 +91,8 @@ |
66 |
</ul> |
67 |
|
68 |
<p> |
69 |
-The first part (chapters 1 to 4) of the guide will describe the basic setup |
70 |
-of a mailfiltering gateway. The next chapters can be implemented individually |
71 |
+The first part (chapters 1 to 4) of the guide will describe the basic setup |
72 |
+of a mailfiltering gateway. The next chapters can be implemented individually |
73 |
with no dependence between each chapter. These chapters describe how to: |
74 |
</p> |
75 |
|
76 |
@@ -112,13 +112,13 @@ |
77 |
<note> |
78 |
The IMAP folders will be using the maildir format. Having each mail in a |
79 |
separate file makes handling much simpler. If you're using mbox I propose to |
80 |
-give maildir a try. If you're not already using maildir emerge the necessary |
81 |
+give maildir a try. If you're not already using maildir emerge the necessary |
82 |
tools with <c>emerge courier-imap</c>. |
83 |
</note> |
84 |
|
85 |
<p> |
86 |
A planned fifth part will contain various tips regarding performance and things |
87 |
-you may want to know (running chrooted, postfix restrictions, etc.). |
88 |
+you may want to know (running chrooted, postfix restrictions, etc.). |
89 |
</p> |
90 |
|
91 |
<note> |
92 |
@@ -126,7 +126,7 @@ |
93 |
know and trust these third parties. In this setup only the decision to |
94 |
quarantine virus mails are based on a single third party. Using Spamassassin's |
95 |
scoring system the decision to stop spam mails are not made by a single |
96 |
-authority except perhaps Spamassassins own static rules. |
97 |
+authority except perhaps Spamassassins own static rules. |
98 |
</note> |
99 |
|
100 |
<warn> |
101 |
@@ -137,7 +137,7 @@ |
102 |
link="http://www.geekcomix.com/cgi-bin/classnotes/wiki.pl?UNIX03/Realtime_Blackhole_Lists_Are_Bad">Realtime |
103 |
Blackhole Lists Are Bad</uri> and <uri |
104 |
link="http://theory.whirlycott.com/~phil/antispam/rbl-bad/rbl-bad.html">The Spam |
105 |
-Problem: Moving Beyond RBLs</uri> |
106 |
+Problem: Moving Beyond RBLs</uri> |
107 |
</warn> |
108 |
|
109 |
</body> |
110 |
@@ -152,7 +152,7 @@ |
111 |
experienced with setting up Postfix it might quickly become too complicated if |
112 |
all should be set up at once. If you need help you can find it in the excellent |
113 |
<uri link="http://www.gentoo.org/doc/en/virt-mail-howto.xml">Virtual |
114 |
-Mailhosting System with Postfix Guide</uri> in the Gentoo Documentation. |
115 |
+Mailhosting System with Postfix Guide</uri> in the Gentoo Documentation. |
116 |
</p> |
117 |
|
118 |
</body> |
119 |
@@ -165,8 +165,8 @@ |
120 |
<body> |
121 |
|
122 |
<p> |
123 |
-We start out by installing the most important programs: Amavisd-new, |
124 |
-Spamassassin and ClamAV. |
125 |
+We start out by installing the most important programs: Amavisd-new, |
126 |
+Spamassassin and ClamAV. |
127 |
</p> |
128 |
|
129 |
<pre caption="Installing Amavis, Spamassassin and Clamav"> |
130 |
@@ -177,7 +177,7 @@ |
131 |
As previously mentioned you should already have a working <c>postfix</c> |
132 |
instance running on the box. Basically this shouldn't be much more than |
133 |
<c>emerge postfix</c> <e>and</e> have a basic understanding of how Postfix is |
134 |
-working. |
135 |
+working. |
136 |
</note> |
137 |
|
138 |
</body> |
139 |
@@ -188,12 +188,12 @@ |
140 |
|
141 |
<note> |
142 |
If you're not setting up a gateway server but have the mailboxes on |
143 |
-the same server you only have to create the MX-Record. |
144 |
+the same server you only have to create the MX-Record. |
145 |
</note> |
146 |
|
147 |
<p> |
148 |
While the programs are emerging fire up another shell and create the needed DNS |
149 |
-records. |
150 |
+records. |
151 |
</p> |
152 |
|
153 |
<p> |
154 |
@@ -213,7 +213,7 @@ |
155 |
<note> |
156 |
Some ADSL providers might block port 25 and force you to relay mail through one |
157 |
of their servers. Typically you have to create a secondary MX-Record |
158 |
-like <c>MX 20 backup-mx.some-isp.tld</c> |
159 |
+like <c>MX 20 backup-mx.some-isp.tld</c> |
160 |
</note> |
161 |
|
162 |
</body> |
163 |
@@ -240,7 +240,7 @@ |
164 |
</tr> |
165 |
<tr> |
166 |
<ti>Razor</ti><ti>TCP</ti><ti>2703</ti> |
167 |
-</tr> |
168 |
+</tr> |
169 |
</table> |
170 |
|
171 |
<p> |
172 |
@@ -269,7 +269,7 @@ |
173 |
#lmtp-amavis unix - - n - 2 lmtp |
174 |
# -o lmtp_data_done_timeout=1200 |
175 |
# -o lmtp_send_xforward_command=yes</comment> |
176 |
- |
177 |
+ |
178 |
127.0.0.1:10025 inet n - n - - smtpd |
179 |
-o content_filter= |
180 |
-o local_recipient_maps= |
181 |
@@ -306,7 +306,7 @@ |
182 |
|
183 |
<note> |
184 |
If you want to reject spam early on in the process you can use the |
185 |
-Before-Queue (proxy) method instead of the filter method. If you uncomment |
186 |
+Before-Queue (proxy) method instead of the filter method. If you uncomment |
187 |
the three lines you will have to set <c>content_filter=</c> in |
188 |
<path>main.cf</path>. This is not recommended for high traffic servers |
189 |
as the number of concurrent connections are limited to the number of |
190 |
@@ -318,8 +318,8 @@ |
191 |
</warn> |
192 |
|
193 |
<note> |
194 |
-If you, for any reason whatsoever, want to send mail from this box and don't |
195 |
-want it scanned, add another postfix instance by uncommenting the last two |
196 |
+If you, for any reason whatsoever, want to send mail from this box and don't |
197 |
+want it scanned, add another postfix instance by uncommenting the last two |
198 |
lines and substitute with a proper IP. |
199 |
</note> |
200 |
|
201 |
@@ -337,7 +337,7 @@ |
202 |
<p> |
203 |
We also need to set the next hop destination for mail. Tell Postfix to filter |
204 |
all mail through an external content filter and enable explicit routing to let |
205 |
-Postfix know where to forward the mail to. |
206 |
+Postfix know where to forward the mail to. |
207 |
</p> |
208 |
|
209 |
<pre caption="Modifying /etc/postfix/main.cf"> |
210 |
@@ -367,7 +367,7 @@ |
211 |
<p> |
212 |
The format of the <path>transport</path> file is the normal Postfix hash file. |
213 |
Mail to the domain on the left hand side is forwarded to the destination on the |
214 |
-right hand side. |
215 |
+right hand side. |
216 |
</p> |
217 |
|
218 |
<pre caption="/etc/postfix/transport"> |
219 |
@@ -379,13 +379,13 @@ |
220 |
does not actually read this file so we have to convert it to the proper format |
221 |
with <c>postmap /etc/postfix/transport</c>. This creates the file |
222 |
<path>/etc/postfix/transport.db</path>. There is no need to reload Postfix as it |
223 |
-will automatically pick up the changes. |
224 |
+will automatically pick up the changes. |
225 |
</p> |
226 |
|
227 |
<note> |
228 |
-If the next hop mail server is not listening on the standard SMTP port 25 you |
229 |
-can tell postfix to use a given port number, like |
230 |
-<c>smtp:mail.mydomain.tld:25000</c>. |
231 |
+If the next hop mail server is not listening on the standard SMTP port 25 you |
232 |
+can tell postfix to use a given port number, like |
233 |
+<c>smtp:mail.mydomain.tld:25000</c>. |
234 |
</note> |
235 |
|
236 |
<p> |
237 |
@@ -418,7 +418,7 @@ |
238 |
together severel different technologies. Upon reception of a mail message it |
239 |
will extract the mail, filter it through some custom filters, handle white and |
240 |
black listing, filter the mail through various virus scanners and finally it |
241 |
-will filter the mail using SpamAssassin. |
242 |
+will filter the mail using SpamAssassin. |
243 |
</p> |
244 |
|
245 |
<p> |
246 |
@@ -429,13 +429,14 @@ |
247 |
<li> |
248 |
it identifies dangerous file attachments and has policies to handle them |
249 |
</li> |
250 |
- <li>per-user, per-domain and system-wide policies for: |
251 |
- <ul> |
252 |
- <li>whitelists</li> |
253 |
- <li>blacklists</li> |
254 |
- <li>spam score thresholds</li> |
255 |
- <li>virus and spam policies</li> |
256 |
- </ul> |
257 |
+ <li> |
258 |
+ per-user, per-domain and system-wide policies for: |
259 |
+ <ul> |
260 |
+ <li>whitelists</li> |
261 |
+ <li>blacklists</li> |
262 |
+ <li>spam score thresholds</li> |
263 |
+ <li>virus and spam policies</li> |
264 |
+ </ul> |
265 |
</li> |
266 |
</ul> |
267 |
|
268 |
@@ -468,21 +469,21 @@ |
269 |
|
270 |
<pre caption="Editing /etc/amavisd.conf"> |
271 |
<comment>(Insert the domains to be scanned)</comment> |
272 |
-$mydomain = 'example.com'; |
273 |
+$mydomain = 'example.com'; |
274 |
<comment>(Bind only to loopback interface)</comment> |
275 |
$inet_socket_bind = '127.0.0.1'; |
276 |
<comment>(Forward to Postfix on port 10025)</comment> |
277 |
$forward_method = 'smtp:127.0.0.1:10025'; |
278 |
-$notify_method = $forward_method; |
279 |
+$notify_method = $forward_method; |
280 |
<comment>(Define the account to send virus alert emails)</comment> |
281 |
$virus_admin = "virusalert\@$mydomain"; |
282 |
<comment>(Always add spam headers)</comment> |
283 |
-$sa_tag_level_deflt = -100; |
284 |
+$sa_tag_level_deflt = -100; |
285 |
<comment>(Add spam detected header aka X-Spam-Status: Yes)</comment> |
286 |
-$sa_tag2_level_deflt = 5; |
287 |
+$sa_tag2_level_deflt = 5; |
288 |
<comment>(Trigger evasive action at this spam level)</comment> |
289 |
$sa_kill_level_deflt = $sa_tag2_level_deflt; |
290 |
-<comment>(Do not send delivery status notification to sender. It does not affect |
291 |
+<comment>(Do not send delivery status notification to sender. It does not affect |
292 |
delivery of spam to recipient. To do that, use the kill_level)</comment> |
293 |
$sa_dsn_cutoff_level = 10; |
294 |
<comment>Don't bounce messages left and right, quarantine |
295 |
@@ -495,9 +496,9 @@ |
296 |
<note> |
297 |
With this line <c>$sa_tag2_level_deflt = 5;</c> you set the Spamassassin spam |
298 |
score to 5. This might be a bit low. As you might have noticed the Amavisd-new |
299 |
-default is <c>6.3</c>. If you don't want to see a single spam mail in your |
300 |
-mail folder choose <c>5</c>, but if you don't want to deal with false positives |
301 |
-choose <c>6.3</c>. |
302 |
+default is <c>6.3</c>. If you don't want to see a single spam mail in your |
303 |
+mail folder choose <c>5</c>, but if you don't want to deal with false positives |
304 |
+choose <c>6.3</c>. |
305 |
</note> |
306 |
|
307 |
<p> |
308 |
@@ -534,9 +535,9 @@ |
309 |
LogSyslog |
310 |
LogVerbose |
311 |
LogFacility LOG_MAIL |
312 |
-<comment>(Change pid file location)</comment> |
313 |
+<comment>(Change pid file location)</comment> |
314 |
PidFile /var/run/amavis/clamd.pid |
315 |
-<comment>(Set the clamav socket)</comment> |
316 |
+<comment>(Set the clamav socket)</comment> |
317 |
LocalSocket /var/amavis/clamd |
318 |
<comment>(Close the connection when this limit is exceeded)</comment> |
319 |
StreamMaxLength 10M |
320 |
@@ -552,9 +553,9 @@ |
321 |
</note> |
322 |
|
323 |
<p> |
324 |
-ClamAV comes with the <c>freshclam</c> deamon dedicated to periodical checks |
325 |
-of virus signature updates. Instead of updating virus signatures twice a day |
326 |
-we will make <c>freshclam</c> update virus signatures every two hours. |
327 |
+ClamAV comes with the <c>freshclam</c> deamon dedicated to periodical checks |
328 |
+of virus signature updates. Instead of updating virus signatures twice a day |
329 |
+we will make <c>freshclam</c> update virus signatures every two hours. |
330 |
</p> |
331 |
|
332 |
<pre caption="Edit /etc/freshclam.conf"> |
333 |
@@ -572,7 +573,7 @@ |
334 |
|
335 |
<p> |
336 |
Start <c>clamd</c> with <c>freshclam</c> using the init scripts by modifying |
337 |
-<path>/etc/conf.d/clamd</path>. |
338 |
+<path>/etc/conf.d/clamd</path>. |
339 |
</p> |
340 |
|
341 |
<pre caption="Modifying /etc/conf.d/clamd"> |
342 |
@@ -604,10 +605,10 @@ |
343 |
<body> |
344 |
|
345 |
<p> |
346 |
-Razor2 is a collaborative and distributed spam checksum network. Install it |
347 |
-with <c>emerge razor</c> and create the needed configuration files. Do this |
348 |
-as user <c>amavis</c> by running <c>su - amavis</c> followed <c>razor-admin |
349 |
--create</c>. |
350 |
+Razor2 is a collaborative and distributed spam checksum network. Install it |
351 |
+with <c>emerge razor</c> and create the needed configuration files. Do this |
352 |
+as user <c>amavis</c> by running <c>su - amavis</c> followed <c>razor-admin |
353 |
+-create</c>. |
354 |
</p> |
355 |
|
356 |
<pre caption="Creating the required configuration files"> |
357 |
@@ -632,7 +633,7 @@ |
358 |
<p> |
359 |
Like Razor2, dcc is a collaborative and distributed spam checksum network. Its |
360 |
philosopy is to count the number of recipients of a given mail identifying each |
361 |
-mail with a fuzzy checksum. |
362 |
+mail with a fuzzy checksum. |
363 |
</p> |
364 |
|
365 |
<pre caption="Installing DCC"> |
366 |
@@ -681,7 +682,7 @@ |
367 |
<note> |
368 |
You can find inspiration for your <path>local.cf</path> file by trying the <uri |
369 |
link="http://www.yrex.com/spam/spamconfig.php">SpamAssassin Configuration |
370 |
-Generator</uri>. |
371 |
+Generator</uri>. |
372 |
</note> |
373 |
|
374 |
<note> |
375 |
@@ -700,8 +701,8 @@ |
376 |
<p> |
377 |
Once mail really starts passing through this mail gateway you will probably |
378 |
discover that the above setup is not perfect. Maybe some of your customers like |
379 |
-to receive mails that others wouldn't. You can whitelist/blacklist |
380 |
-envelope senders quite easily. Uncomment the following line in |
381 |
+to receive mails that others wouldn't. You can whitelist/blacklist |
382 |
+envelope senders quite easily. Uncomment the following line in |
383 |
<path>amavisd.conf</path>. |
384 |
</p> |
385 |
|
386 |
@@ -710,15 +711,15 @@ |
387 |
</pre> |
388 |
|
389 |
<p> |
390 |
-In the <path>sender_scores_sitewide</path> file you put complete email |
391 |
-addresses or just the domian parts and then note a positive/negative score |
392 |
+In the <path>sender_scores_sitewide</path> file you put complete email |
393 |
+addresses or just the domian parts and then note a positive/negative score |
394 |
to add to the spam score. |
395 |
</p> |
396 |
|
397 |
<pre caption="whitelist_sender example"> |
398 |
<comment>(Whitelist all emails from the specific email address)</comment> |
399 |
postmaster@×××××××.net -3.0 |
400 |
-<comment>(Whitelist all emails from the example.net excluding subdomains)</comment> |
401 |
+<comment>(Whitelist all emails from the example.net excluding subdomains)</comment> |
402 |
.example.net 1.0 |
403 |
</pre> |
404 |
|
405 |
@@ -728,7 +729,7 @@ |
406 |
|
407 |
<note> |
408 |
Placing these addresses outside <path>amavisd.conf</path> is a cleaner and safer |
409 |
-solution. |
410 |
+solution. |
411 |
</note> |
412 |
|
413 |
<note> |
414 |
@@ -738,14 +739,14 @@ |
415 |
</note> |
416 |
|
417 |
<note> |
418 |
-In a later chapter I will show how to implement per-user policies using |
419 |
+In a later chapter I will show how to implement per-user policies using |
420 |
MySQL. |
421 |
</note> |
422 |
|
423 |
<p> |
424 |
While waiting for a better method you can add the following to |
425 |
<path>amavisd.conf</path> to bypass spam checks for <c>postmaster</c> and |
426 |
-<c>abuse</c> mailboxes. |
427 |
+<c>abuse</c> mailboxes. |
428 |
</p> |
429 |
|
430 |
<pre caption="By pass spam filters for all postmaster and abuse mails"> |
431 |
@@ -761,7 +762,7 @@ |
432 |
link="http://www.ietf.org/rfc/rfc2142.txt">RFC 2142 MAILBOX NAMES FOR COMMON |
433 |
SERVICES, ROLES AND FUNCTIONS</uri>. Otherwise your domains might end up listed |
434 |
in some of the evil lists over at <uri |
435 |
-link="http://www.rfc-ignorant.org/">rfc-ignorant.org</uri>. |
436 |
+link="http://www.rfc-ignorant.org/">rfc-ignorant.org</uri>. |
437 |
</impo> |
438 |
|
439 |
</body> |
440 |
@@ -812,8 +813,8 @@ |
441 |
</pre> |
442 |
|
443 |
<p> |
444 |
-Now you have updated virus definitions and you know that |
445 |
-<path>freshclam.conf</path> is working properly. |
446 |
+Now you have updated virus definitions and you know that |
447 |
+<path>freshclam.conf</path> is working properly. |
448 |
</p> |
449 |
|
450 |
<p> |
451 |
@@ -843,7 +844,7 @@ |
452 |
|
453 |
<p> |
454 |
Now if no strange messages appear in the log file it is time for a new |
455 |
-test. |
456 |
+test. |
457 |
</p> |
458 |
|
459 |
<p> |
460 |
@@ -858,10 +859,10 @@ |
461 |
|
462 |
<note> |
463 |
For some unknown reason you can not complete a manual mail injection to |
464 |
-<c>amavisd</c> with netcat. Use <c>telnet</c> instead. |
465 |
+<c>amavisd</c> with netcat. Use <c>telnet</c> instead. |
466 |
</note> |
467 |
|
468 |
-<pre caption="Manually checking that amavisd and postfix are listning to the new ports"> |
469 |
+<pre caption="Manually checking that amavisd and postfix are listning to the new ports"> |
470 |
# <i>nc localhost 10024</i> |
471 |
<comment>(Amavis working)</comment> |
472 |
220 [127.0.0.1] ESMTP amavisd-new service ready |
473 |
@@ -931,7 +932,7 @@ |
474 |
<p> |
475 |
If you manually want to check some of the mails to ensure that you have no false |
476 |
positives you can use the following <c>procmail</c> recipe to sideline spam |
477 |
-found into different mail folders. |
478 |
+found into different mail folders. |
479 |
</p> |
480 |
|
481 |
</body> |
482 |
@@ -1019,11 +1020,11 @@ |
483 |
</pre> |
484 |
|
485 |
<warn> |
486 |
-This grants members of the <c>mailusers</c> groups access to <c>amavis</c> |
487 |
+This grants members of the <c>mailusers</c> groups access to <c>amavis</c> |
488 |
mail. |
489 |
</warn> |
490 |
|
491 |
-<p> |
492 |
+<p> |
493 |
This makes the spam and ham folders writable but not readable. This way |
494 |
users can safely submit their ham without anyone else being able to read it. |
495 |
</p> |
496 |
@@ -1056,9 +1057,9 @@ |
497 |
<pre caption="amavis crontab"> |
498 |
<comment>#Auto learn</comment> |
499 |
0 * * * * /usr/bin/sa-learn --spam /var/amavis/.maildir/Bayes/.spam/{cur,new} \ |
500 |
- > /dev/null 2>&1 |
501 |
+ > /dev/null 2>&1 |
502 |
0 * * * * /usr/bin/sa-learn --ham /var/amavis/.maildir/Bayes/.ham/{cur,new} > \ |
503 |
- /dev/null 2>&1 |
504 |
+ /dev/null 2>&1 |
505 |
</pre> |
506 |
|
507 |
<note> |
508 |
@@ -1080,7 +1081,7 @@ |
509 |
|
510 |
<p> |
511 |
Now modify amavis to redirect spam emails to the <c>spamtrap</c> account and |
512 |
-keep spamheaders. |
513 |
+keep spamheaders. |
514 |
</p> |
515 |
|
516 |
<pre caption="Modifying /etc/amavisd.conf"> |
517 |
@@ -1102,7 +1103,7 @@ |
518 |
<c>sa-learn --ham</c> and then redelivered with all headers intact using a |
519 |
patched version of <uri |
520 |
link="http://www.engelschall.com/sw/smtpclient/">smtpclient</uri> by Ralf S. |
521 |
-Engelschall. |
522 |
+Engelschall. |
523 |
</p> |
524 |
|
525 |
<p> |
526 |
@@ -1134,9 +1135,9 @@ |
527 |
|
528 |
<p> |
529 |
Now we only have to copy the <c>redeliver.pl</c> file to |
530 |
-<path>/usr/local/bin/</path>. <uri |
531 |
-link="http://home.coming.dk/files/redeliver.pl">Download it</uri> or use |
532 |
-the version below. |
533 |
+<path>/usr/local/bin/</path>. <uri |
534 |
+link="http://home.coming.dk/files/redeliver.pl">Download it</uri> or use |
535 |
+the version below. |
536 |
</p> |
537 |
|
538 |
<pre caption="redeliver.pl"> |
539 |
@@ -1236,7 +1237,7 @@ |
540 |
</p> |
541 |
|
542 |
<pre caption="Download and installing pflogsumm"> |
543 |
-# <i>wget http://jimsun.linxnet.com/downloads/pflogsumm-1.1.0.tar.gz</i> |
544 |
+# <i>wget http://jimsun.linxnet.com/downloads/pflogsumm-1.1.0.tar.gz</i> |
545 |
# <i>tar xzf pflogsumm-1.1.0.tar.gz</i> |
546 |
# <i>cp pflogsumm-1.1.0/pflogsumm.pl /usr/local/bin/</i> |
547 |
</pre> |
548 |
@@ -1302,13 +1303,13 @@ |
549 |
mail the mail is rejected with a <e>try again later</e> message. |
550 |
This means that mail gets delayed but also that stupid spam bots |
551 |
that do not implement the RFC protocol will drop the attempt to |
552 |
-deliver the spam and never retry. With time spam bots will probably |
553 |
-adjust, however it will give other technologies more time to identify |
554 |
+deliver the spam and never retry. With time spam bots will probably |
555 |
+adjust, however it will give other technologies more time to identify |
556 |
the spam. |
557 |
</p> |
558 |
|
559 |
<note> |
560 |
-If your ISP blocks incoming traffic on port 25 and relays all mail to you |
561 |
+If your ISP blocks incoming traffic on port 25 and relays all mail to you |
562 |
through their own mail server greylisting will not work. |
563 |
</note> |
564 |
|
565 |
@@ -1326,7 +1327,7 @@ |
566 |
There are other greylisting policy servers for Postfix around (such as <uri |
567 |
link="http://www.gasmi.net/gld.html">Gld</uri>, which is in Portage, and <uri |
568 |
link="http://sqlgrey.sourceforge.net/">SQLgrey</uri>). Some of them support |
569 |
-database backends, auto whitelisting and other neat features. |
570 |
+database backends, auto whitelisting and other neat features. |
571 |
</note> |
572 |
|
573 |
</body> |
574 |
@@ -1367,7 +1368,7 @@ |
575 |
situations for the mail queue and mail box situations, this is not the |
576 |
case with the greylisting database. If the file becomes corrupted |
577 |
you may not be able to receive mail at all until you delete the file |
578 |
-by hand. |
579 |
+by hand. |
580 |
</warn> |
581 |
|
582 |
</body> |
583 |
@@ -1403,15 +1404,15 @@ |
584 |
</pre> |
585 |
|
586 |
<warn> |
587 |
-Be sure to specify <c>check_sender_access</c> AFTER |
588 |
+Be sure to specify <c>check_sender_access</c> AFTER |
589 |
<c>reject_unauth_destination</c> or else your system could become an |
590 |
-open mail relay. |
591 |
+open mail relay. |
592 |
</warn> |
593 |
|
594 |
<note> |
595 |
The greylist database gets polluted quickly with bogus addresses. It |
596 |
helps if you protect greylist lookups with other restrictions that |
597 |
-reject unknown senders and/or recipients. |
598 |
+reject unknown senders and/or recipients. |
599 |
</note> |
600 |
|
601 |
<p> |
602 |
@@ -1523,11 +1524,11 @@ |
603 |
<p> |
604 |
SPF allows domain owners to state in their DNS records which IP |
605 |
addressess should be allowed to send mails from their domain. This |
606 |
-will prevent spammers from spoofing the <c>Return-Path</c>. |
607 |
+will prevent spammers from spoofing the <c>Return-Path</c>. |
608 |
</p> |
609 |
|
610 |
<note> |
611 |
-If your ISP blocks incoming traffic on port 25 and relays all mail to you |
612 |
+If your ISP blocks incoming traffic on port 25 and relays all mail to you |
613 |
through their own mail server SPF will not work. |
614 |
</note> |
615 |
|
616 |
@@ -1556,7 +1557,7 @@ |
617 |
|
618 |
<p> |
619 |
Spamassassin 3.0 has support for SPF, however it is not enabled by default |
620 |
-and the new policy daemon in Postfix supports SPF so let's install SPF support |
621 |
+and the new policy daemon in Postfix supports SPF so let's install SPF support |
622 |
for Postfix. |
623 |
</p> |
624 |
|
625 |
@@ -1583,7 +1584,7 @@ |
626 |
|
627 |
<note> |
628 |
The <path>spf.pl</path> coming with Postfix is slightly buggy so find |
629 |
-and uncomment the following line: <c>push @HANDLERS, "sender_permitted_from"; |
630 |
+and uncomment the following line: <c>push @HANDLERS, "sender_permitted_from"; |
631 |
use Mail::SPF::Query;</c>. Furthermore in about line 199 substitute |
632 |
<c>comemnt</c> with <c>comment</c>. Alternatively you can download a |
633 |
<uri link="http://spf.pobox.com/postfix-policyd.txt">development |
634 |
@@ -1658,7 +1659,7 @@ |
635 |
</pre> |
636 |
|
637 |
<p> |
638 |
-Now that the database is created we'll need to create the necessary tables. |
639 |
+Now that the database is created we'll need to create the necessary tables. |
640 |
You can cut and paste the following into the mysql prompt: |
641 |
</p> |
642 |
|
643 |
@@ -1694,7 +1695,7 @@ |
644 |
wb char(1) NOT NULL, -- W or Y / B or N / space=neutral |
645 |
PRIMARY KEY (rid,sid) |
646 |
); |
647 |
- |
648 |
+ |
649 |
CREATE TABLE policy ( |
650 |
id int unsigned NOT NULL auto_increment, |
651 |
policy_name varchar(32), -- not used by amavisd-new |
652 |
@@ -1710,7 +1711,7 @@ |
653 |
spam_quarantine_to varchar(64) DEFAULT NULL, -- (optional field) |
654 |
spam_tag_level float, -- higher score inserts spam info headers |
655 |
spam_tag2_level float DEFAULT NULL, -- higher score inserts |
656 |
- -- 'declared spam' info header fields |
657 |
+ -- 'declared spam' info header fields |
658 |
spam_kill_level float, -- higher score activates evasive actions, e.g. |
659 |
-- reject/drop, quarantine, ... |
660 |
-- (subject to final_spam_destiny setting) |
661 |
@@ -1724,20 +1725,20 @@ |
662 |
</note> |
663 |
|
664 |
<note> |
665 |
-Lookups trying to match email are done with raw (rfc2821-unquoted |
666 |
+Lookups trying to match email are done with raw (rfc2821-unquoted |
667 |
and unbracketed) addresses as a key, i.e.: |
668 |
-<c>John "Funny" Smith@×××××××.com</c> |
669 |
+<c>John "Funny" Smith@×××××××.com</c> |
670 |
</note> |
671 |
|
672 |
<note> |
673 |
-Lookups are performed in the following order: <c>SQL</c>, <c>LDAP</c>, |
674 |
+Lookups are performed in the following order: <c>SQL</c>, <c>LDAP</c>, |
675 |
<c>hash</c>, <c>ACL</c>, <c>regexp</c>, <c>constant</c>. The first that |
676 |
returns a definitive answer (not <c>undef/NULL</c>) stops the search. |
677 |
</note> |
678 |
|
679 |
<p> |
680 |
If you wish to use whitelisting and blacklisting you must add the |
681 |
-sender and receiver to <c>mailadr</c> after which you create the relation |
682 |
+sender and receiver to <c>mailadr</c> after which you create the relation |
683 |
between the two e-mail addresses in <c>wblist</c> and state if it is |
684 |
whitelisting (<c>W</c>) or blacklisting (<c>B</c>). |
685 |
</p> |
686 |
@@ -1851,7 +1852,7 @@ |
687 |
</pre> |
688 |
|
689 |
<p> |
690 |
-Now that the database is created we'll create the necessary tables. You can cut |
691 |
+Now that the database is created we'll create the necessary tables. You can cut |
692 |
and paste the following into the mysql prompt: |
693 |
</p> |
694 |
|
695 |
@@ -1884,7 +1885,7 @@ |
696 |
ham_count int(11) NOT NULL default '0', |
697 |
atime int(11) NOT NULL default '0', |
698 |
PRIMARY KEY (id, token), |
699 |
- INDEX (id, atime) |
700 |
+ INDEX (id, atime) |
701 |
) TYPE=MyISAM; |
702 |
|
703 |
CREATE TABLE bayes_vars ( |
704 |
@@ -1901,7 +1902,7 @@ |
705 |
PRIMARY KEY (id), |
706 |
UNIQUE bayes_vars_idx1 (username) |
707 |
) TYPE=MyISAM; |
708 |
- |
709 |
+ |
710 |
CREATE TABLE awl ( |
711 |
username varchar(100) NOT NULL default '', |
712 |
email varchar(200) NOT NULL default '', |
713 |
@@ -1934,10 +1935,10 @@ |
714 |
</p> |
715 |
|
716 |
<pre caption="Converting Bayes data from a DBM Database"> |
717 |
-<i>su - amavis</i> |
718 |
-<i>sa-learn --sync</i> |
719 |
-<i>sa-learn --backup > backup.txt</i> |
720 |
-<i>sa-learn --restore backup.txt</i> |
721 |
+<i>su - amavis</i> |
722 |
+<i>sa-learn --sync</i> |
723 |
+<i>sa-learn --backup > backup.txt</i> |
724 |
+<i>sa-learn --restore backup.txt</i> |
725 |
</pre> |
726 |
|
727 |
<note> |
728 |
@@ -1993,7 +1994,7 @@ |
729 |
<p> |
730 |
To troubleshoot Amavisd-new start out by stopping it with <c>/etc/init.d/amavisd |
731 |
stop</c> and then start it manually in the foreground with <c>amavisd debug</c> |
732 |
-and watch it for anomalies in the output. |
733 |
+and watch it for anomalies in the output. |
734 |
</p> |
735 |
|
736 |
</body> |
737 |
@@ -2005,18 +2006,18 @@ |
738 |
<p> |
739 |
To troubleshoot Spamassassin you can filter an email through it with |
740 |
<c>spamassassin -D < mail</c>. To ensure that the headers are intact you can |
741 |
-move it from another machine with IMAP. |
742 |
+move it from another machine with IMAP. |
743 |
</p> |
744 |
|
745 |
<note> |
746 |
-If you need to troubleshoot you have to enable login for the user |
747 |
-<c>amavis</c> by changing the login shell in <path>/etc/passwd</path> to |
748 |
+If you need to troubleshoot you have to enable login for the user |
749 |
+<c>amavis</c> by changing the login shell in <path>/etc/passwd</path> to |
750 |
<path>/bin/bash</path>. |
751 |
</note> |
752 |
|
753 |
<p> |
754 |
If you want you can make get the same information and more with Amavisd-new |
755 |
-using <c>amavisd debug-sa</c>. |
756 |
+using <c>amavisd debug-sa</c>. |
757 |
</p> |
758 |
|
759 |
</body> |
760 |
@@ -2031,7 +2032,7 @@ |
761 |
link="http://marc.theaimsgroup.com/?l=amavis-user">Amavis User |
762 |
mailing list archives</uri>. If you find no answer here you can |
763 |
subscribe to the <uri |
764 |
-link="https://lists.sourceforge.net/lists/listinfo/amavis-user">Amavis User |
765 |
+link="https://lists.sourceforge.net/lists/listinfo/amavis-user">Amavis User |
766 |
mailing list</uri> |
767 |
</p> |
768 |
|
769 |
@@ -2051,31 +2052,41 @@ |
770 |
<body> |
771 |
|
772 |
<ul> |
773 |
-<li><uri |
774 |
-link="http://www.ijs.si/software/amavisd/INSTALL">Amavisd-new |
775 |
-INSTALL</uri></li> |
776 |
-<li><uri |
777 |
-link="http://www.ijs.si/software/amavisd/README.postfix">Amavisd-new |
778 |
-Postfix README</uri> |
779 |
-</li> |
780 |
-<li><uri |
781 |
-link="http://www.ijs.si/software/amavisd/amavisd-new-docs.html#pbanks">Amavisd-new |
782 |
-Policy bank documentation</uri> |
783 |
-</li> |
784 |
-<li><uri |
785 |
-link="http://spamassassin.apache.org/full/3.0.x/dist/sql/README">Spamassassin |
786 |
-SQL README</uri></li> |
787 |
-<li><uri link="http://www.greylisting.org">Greylisting</uri></li> |
788 |
-<li><uri link="http://www.postfix.org/FILTER_README.html">Postfix |
789 |
-SMTPD_POLICY_README</uri></li> |
790 |
-<li><uri |
791 |
-link="http://www.unixwiz.net/techtips/postfix-HELO.html">Blocking |
792 |
-spammers with Postfix HELO controls</uri></li> |
793 |
-<li><uri |
794 |
-link="http://www.linuxjournal.com/article.php?sid=7327">SPF Overview</uri></li> |
795 |
-<li><uri |
796 |
-link="http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt">Jim |
797 |
-Seymour's Postfix Anti-UCE Cheat Sheet</uri></li> |
798 |
+ <li> |
799 |
+ <uri link="http://www.ijs.si/software/amavisd/INSTALL">Amavisd-new |
800 |
+ INSTALL</uri> |
801 |
+ </li> |
802 |
+ <li> |
803 |
+ <uri link="http://www.ijs.si/software/amavisd/README.postfix">Amavisd-new |
804 |
+ Postfix README</uri> |
805 |
+ </li> |
806 |
+ <li> |
807 |
+ <uri link="http://www.ijs.si/software/amavisd/amavisd-new-docs.html#pbanks">Amavisd-new |
808 |
+ Policy bank documentation</uri> |
809 |
+ </li> |
810 |
+ <li> |
811 |
+ <uri link="http://spamassassin.apache.org/full/3.0.x/dist/sql/README">Spamassassin |
812 |
+ SQL README</uri> |
813 |
+ </li> |
814 |
+ <li> |
815 |
+ <uri link="http://www.greylisting.org">Greylisting</uri> |
816 |
+ </li> |
817 |
+ <li> |
818 |
+ <uri link="http://www.postfix.org/FILTER_README.html">Postfix |
819 |
+ SMTPD_POLICY_README</uri> |
820 |
+ </li> |
821 |
+ <li> |
822 |
+ <uri link="http://www.unixwiz.net/techtips/postfix-HELO.html">Blocking |
823 |
+ spammers with Postfix HELO controls</uri> |
824 |
+ </li> |
825 |
+ <li> |
826 |
+ <uri link="http://www.linuxjournal.com/article.php?sid=7327">SPF |
827 |
+ Overview</uri> |
828 |
+ </li> |
829 |
+ <li> |
830 |
+ <uri link="http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt">Jim |
831 |
+ Seymour's Postfix Anti-UCE Cheat Sheet</uri> |
832 |
+ </li> |
833 |
</ul> |
834 |
|
835 |
</body> |
836 |
@@ -2085,17 +2096,24 @@ |
837 |
<body> |
838 |
|
839 |
<ul> |
840 |
-<li><uri link="http://www.spamassassin.org">Spamassassin</uri></li> |
841 |
-<li><uri link="http://www.ijs.si/software/amavisd/">Amavisd-new</uri></li> |
842 |
-<li><uri |
843 |
-link="http://www.ijs.si/software/amavisd/amavisd-new-docs.html">Amavisd-new |
844 |
-documentation bits and pieces</uri></li> |
845 |
-<li><uri link="http://razor.sourceforge.net/">Vipuls's Razor</uri></li> |
846 |
-<li><uri link="http://pyzor.sourceforge.net/">Pyzor</uri></li> |
847 |
-<li><uri link="http://www.rhyolite.com/anti-spam/dcc/">Distributed Checksum |
848 |
-Clearinghouse</uri></li> <li><uri |
849 |
-link="http://www.renaissoft.com/projects/maia/">Maia Mailguard</uri></li> |
850 |
+ <li><uri link="http://www.spamassassin.org">Spamassassin</uri></li> |
851 |
+ <li><uri link="http://www.ijs.si/software/amavisd/">Amavisd-new</uri></li> |
852 |
+ <li> |
853 |
+ <uri link="http://www.ijs.si/software/amavisd/amavisd-new-docs.html">Amavisd-new |
854 |
+ documentation bits and pieces</uri> |
855 |
+ </li> |
856 |
+ <li><uri link="http://razor.sourceforge.net/">Vipuls's Razor</uri></li> |
857 |
+ <li><uri link="http://pyzor.sourceforge.net/">Pyzor</uri></li> |
858 |
+ <li> |
859 |
+ <uri link="http://www.rhyolite.com/anti-spam/dcc/">Distributed Checksum |
860 |
+ Clearinghouse</uri> |
861 |
+ </li> |
862 |
+ <li> |
863 |
+ <uri link="http://www.renaissoft.com/projects/maia/">Maia |
864 |
+ Mailguard</uri> |
865 |
+ </li> |
866 |
</ul> |
867 |
+ |
868 |
</body> |
869 |
</section> |
870 |
<section> |
871 |
@@ -2103,12 +2121,14 @@ |
872 |
<body> |
873 |
|
874 |
<ul> |
875 |
-<li><uri link="http://www.flakshack.com/anti-spam/">Fairly-Secure Anti-SPAM |
876 |
-Gateway Using OpenBSD, Postfix, Amavisd-new, SpamAssassin, Razor |
877 |
-and DCC</uri></li> |
878 |
+ <li> |
879 |
+ <uri link="http://www.flakshack.com/anti-spam/">Fairly-Secure Anti-SPAM |
880 |
+ Gateway Using OpenBSD, Postfix, Amavisd-new, SpamAssassin, Razor |
881 |
+ and DCC</uri> |
882 |
+ </li> |
883 |
</ul> |
884 |
+ |
885 |
</body> |
886 |
</section> |
887 |
</chapter> |
888 |
- |
889 |
</guide> |
890 |
|
891 |
|
892 |
|
893 |
-- |
894 |
gentoo-doc-cvs@l.g.o mailing list |