History of postmax
Version 45 | Current version | |
---|---|---|
This installation guide is intended to walk you through completely setting up a postfix smtp mail server with the maximum spam and anti-virus protection available from the open-source community. This technique is similar to that provided Mac OS X Server Mail with IP and DNS protection. It is an amalgamation of several online tutorials available throughout the net and from the software vendors, but all in one neat and tidy place. Our sincere thanks to all who contributed such wonderful software to make this world a better place. 1. Software Install
For RedHat / CentOS, you might need to get the RPM's from DAG For Suse/SLES, you should get the latest clamd to prevent an odd 5+ minute startup hang. Also, you should upgrade amavis to 2.4 or later to prevent errors as listed in troubleshooting. 2. Anti-Virus ConfigurationTweak /etc/amavisd.conf with your host information, and uncomment the clamd scanner
You might need to change the socket listed with "127.0.0.1:3310" as listed above. SpamAssassin settings are made in this file. Also, make sure $inet_socket_port = 10024; See detailed explanation of amavisd.conf for more information.
postconf -e 'content_filter = amavis:127.0.0.1:10024' postconf -e 'receive_override_options = no_address_mappings' Append these lines to /etc/postfix/master.cf
Restart postfix If you run a server for a significant number of users, you will want to run several virus scans at once. Change the 2 in two places: "- - - - 2" as above in master.cf, and "$max_servers = 2;" in amavisd.conf. These numbers should always match. 3. Test SetupUse telnet to see if the appropriate ports are open:telnet yourhost.com 25 telnet localhost 3310 telnet localhost 10025 telnet localhost 10024 4. IP Address Spam PreventionRBLDNSDThis is a local DNS server database that performs local (e.g. FAST) DNS lookups against a list of dynamic and blacklisted IP's. Successful local lookup means it's on the blacklist and will be rejected.
Spamassassin DNS BlocklistsEn-masse IP Block Here is a tutorial for Blocking E-mail from China and Korea using Postfix and the Okean CIDR Blocks 5. DNS Spam PreventionThere are two main options DomainKeys, and SenderID.DomainKeys were invented by Yahoo, SenderID was invented by Microsoft. These are arguably competing techniques, however, implementing both seems to have no ill-effect. Given SenderID was invented by Microsoft, you can be assured Outlook Server SMTP gateways employ SenderID, and are unlikely to support DomainKeys any time soon. In early 2005 when these proposals came out simultaneously, they were seen as competing techniques. As time has passed, they are now seen as more complementary, and typically both are implemented. DomainKeys Identified MailDomain Keys Identified Mail is the newest open-standard e-mail authentication specification. To use DomainKeys, typically a filter or "plugin" is needed for your SMTP gateway. There is a postfix filter that is fairly easy to install and configure. Several perl modules need to be installed:DKIMproxy
SenderID (and SPF)SenderID merged with a smaller group called Sender Policy Framework (SPF). SPF is a very simple mechanism for specifying which servers are valid for sending your email and is much simpler to implement than DomainKeys. Microsoft holds several patents in relation to the SenderID framework, however it released those patents in the "public domain" this past october. Beyond the typical cynicism of Microsoft's ulterior motives, SPF has a significant amount of technical criticism. Regardless, many major ISP's are using SPF to filter mail, including AOL (and RoadRunner) which has in some reports exclusively implemented SPF to some degree. (Spamassassin reports SOFT_FAIL reports from bogus .rr.com emails.)Spamassassin SPF Support
SPF Outbound supportThe quickest way to get the DNS entries up and running is to follow the wizard.6. Spamassassin Advanced ToolsRazor
Troubleshooting
References and Other tutorailshttp://www.akadia.com/services/postfix_amavisd.html Similar setup to postmax with mysql and quarantining web app.http://wiki.apache.org/spamassassin/SingleUserUnixInstall http://devnull.com/kyler/dspam.20040512.html http://howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-mandriva2008.1-p3 | This installation guide is intended to walk you through completely setting up a postfix smtp mail server with the maximum spam and anti-virus protection available from the open-source community. This technique is similar to that provided Mac OS X Server Mail with IP and DNS protection. It is an amalgamation of several online tutorials available throughout the net and from the software vendors, but all in one neat and tidy place. Our sincere thanks to all who contributed such wonderful software to make this world a better place. 1. Software Install
For RedHat / CentOS, you might need to get the RPM's from DAG For Suse/SLES, you should get the latest clamd to prevent an odd 5+ minute startup hang. Also, you should upgrade amavis to 2.4 or later to prevent errors as listed in troubleshooting. 2. Anti-Virus ConfigurationTweak /etc/amavisd.conf with your host information, and uncomment the clamd scanner
You might need to change the socket listed with "127.0.0.1:3310" as listed above. SpamAssassin settings are made in this file. Also, make sure $inet_socket_port = 10024; See detailed explanation of amavisd.conf for more information. db support has limited impact on features and performance.
postconf -e 'content_filter = amavis:127.0.0.1:10024' postconf -e 'receive_override_options = no_address_mappings' Append these lines to /etc/postfix/master.cf
Restart postfix If you run a server for a significant number of users, you will want to run several virus scans at once. Change the 2 in two places: "- - - - 2" as above in master.cf, and "$max_servers = 2;" in amavisd.conf. These numbers should always match. 3. Test SetupUse telnet to see if the appropriate ports are open:telnet yourhost.com 25 telnet localhost 3310 telnet localhost 10025 telnet localhost 10024 4. IP Address Spam PreventionRBLDNSDThis is a local DNS server database that performs local (e.g. FAST) DNS lookups against a list of dynamic and blacklisted IP's. Successful local lookup means it's on the blacklist and will be rejected.
Spamassassin DNS BlocklistsEn-masse IP Block Here is a tutorial for Blocking E-mail from China and Korea using Postfix and the Okean CIDR Blocks 5. DNS Spam PreventionThere are two main options DomainKeys, and SenderID.DomainKeys were invented by Yahoo, SenderID was invented by Microsoft. These are arguably competing techniques, however, implementing both seems to have no ill-effect. Given SenderID was invented by Microsoft, you can be assured Outlook Server SMTP gateways employ SenderID, and are unlikely to support DomainKeys any time soon. In early 2005 when these proposals came out simultaneously, they were seen as competing techniques. As time has passed, they are now seen as more complementary, and typically both are implemented. DomainKeys Identified MailDomain Keys Identified Mail is the newest open-standard e-mail authentication specification. To use DomainKeys, typically a filter or "plugin" is needed for your SMTP gateway. There is a postfix filter that is fairly easy to install and configure. Several perl modules need to be installed:DKIMproxy
SenderID (and SPF)SenderID merged with a smaller group called Sender Policy Framework (SPF). SPF is a very simple mechanism for specifying which servers are valid for sending your email and is much simpler to implement than DomainKeys. Microsoft holds several patents in relation to the SenderID framework, however it released those patents in the "public domain" this past october. Beyond the typical cynicism of Microsoft's ulterior motives, SPF has a significant amount of technical criticism. Regardless, many major ISP's are using SPF to filter mail, including AOL (and RoadRunner) which has in some reports exclusively implemented SPF to some degree. (Spamassassin reports SOFT_FAIL reports from bogus .rr.com emails.)Spamassassin SPF Support
SPF Outbound supportThe quickest way to get the DNS entries up and running is to follow the wizard.Spam DetectionThere are two top spam tools - DSPAM and spamassassin.6. Spamassassin Configuration
Razor
Troubleshooting
References and Other tutorailshttp://www.akadia.com/services/postfix_amavisd.html Similar setup to postmax with mysql and quarantining web app.http://wiki.apache.org/spamassassin/SingleUserUnixInstall http://devnull.com/kyler/dspam.20040512.html http://howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-mandriva2008.1-p3 |