Postfix w/Bayesian Filtering and Anti-Backscatter (Relay Recipients via look-ahead), Apache2, Mysql, Dnsmasq, MailScanner (Spamassassin, ClamAV, Pyzor, Razor, DCC-Client), Baruwa, SPF Checks, FuzzyOcr, Sanesecurity Signatures, PostGrey, KAM, Scamnailer, FireHOL (Iptables Firewall) and Relay Recipients Script.
Continue reading for the instructions.
Install main packages:
First we need to add Baruwa's repo to /etc/apt/sources.listdeb http://apt.baruwa.org/ubuntu precise mainTo use this repo add the gpg key:
wget -O - http://apt.baruwa.org/baruwa-apt-keys.gpg | apt-key add -Now we'll install some dependencies:
apt-get install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-raw-zlib-perl libcompress-bzip2-perl libpcre3 libpopt-dev lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++ build-essential telnet wget gawkUse bash as default shell:
dpkg-reconfigure dashCaching Dnsmasq:
apt-get install dnsmasqvi /etc/dnsmasq.confand make Dnsmasq listen on localhost:
listen-address=127.0.0.1Install Mysql:
apt-get install mysql-client mysql-server libdbd-mysql-perl
Install and configure Postfix:
apt-get install postfix postfix-mysql postfix-doc procmailYou will be asked two questions. Answer as follows:
General type of mail configuration: --> Internet Site
System mail name: --> server1.example.com
Stop Postfix
postfix stopWe’ll want to edit Postfix with the below:
vi master.cfWe need to add two items below the pickup service type. The pickup service "picks up" local mail (local meaning "on this machine") and delivers it. This is a way to bypass content filtering for mail generated by this machine.
It should look like this when you are done:
pickup fifo n - - 60 1 pickup -o content_filter= -o receive_override_options=no_header_body_checksEdit main.cf with a script:
vi /usr/src/postfix.sh
#!/bin/shNow make it executable:
postconf -e "alias_maps = hash:/etc/aliases"
newaliasespostconf -e "myorigin = domain.tld"postconf -e "myhostname = server1.domain.tld"postconf -e "mynetworks = 127.0.0.0/8, 192.168.0.0/24"postconf -e "message_size_limit = 10485760"
postconf -e "local_transport = error:No local mail delivery"
postconf -e "mydestination = "
postconf -e "local_recipient_maps = "
postconf -e "relay_domains = mysql:/etc/postfix/mysql-relay_domains.cf"
postconf -e "relay_recipient_maps = mysql:/etc/postfix/mysql-relay_recipients.cf"
postconf -e "transport_maps = mysql:/etc/postfix/mysql-transports.cf"
postconf -e "virtual_alias_maps = hash:/etc/postfix/virtual"
postconf -e "disable_vrfy_command = yes"
postconf -e "strict_rfc821_envelopes = no"
postconf -e "smtpd_banner = $myhostname ESMTP SpamSnake"
postconf -e "smtpd_delay_reject = yes"
postconf -e "smtpd_recipient_limit = 100"
postconf -e "smtpd_helo_required = yes"
postconf -e "smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, permit"
postconf -e "smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, permit"
postconf -e "smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, permit"
postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_recipient_domain, reject_unauth_destination, whitelist_policy, grey_policy, rbl_policy, spf_policy, permit"
postconf -e "smtpd_data_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining"
postconf -e "smtpd_restriction_classes = spf_policy, rbl_policy, grey_policy, whitelist_policy"
postconf -e "spf_policy = check_policy_service unix:private/policy"
postconf -e "rbl_policy = reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net"
postconf -e "grey_policy = check_policy_service unix:private/greyfix"
postconf -e "whitelist_policy = check_client_access mysql:/etc/postfix/mysql-global_whitelist.cf, check_sender_access mysql:/etc/postfix/mysql-global_whitelist.cf"
postconf -e "header_checks = regexp:/etc/postfix/header_checks"
touch /etc/postfix/virtual
echo "root administrator@example.com" >> /etc/postfix/virtual && echo "abuse administrator@example.com" >> /etc/postfix/virtual && echo "postmaster administrator@example.com" >> /etc/postfix/virtual
postmap /etc/postfix/virtual
touch /etc/postfix/header_checks
echo "/^Received:/ HOLD" >> /etc/postfix/header_checks
postmap /etc/postfix/header_checks
cat > /etc/postfix/mysql-global_whitelist.cf <<EOF
#mysql-global_whitelist
user = baruwa
password = password
dbname = baruwa
query = select concat('PERMIT') 'action' from lists where from_address='%s' AND list_type='1';
hosts = 127.0.0.1
EOF
cat > /etc/postfix/mysql-relay_domains.cf <<EOF
#mysql-relay_domains
user = baruwa
password = password
dbname = baruwa
query = select concat(address, ' ', 'OK') 'domain' from user_addresses where user_addresses.address='%s' and user_addresses.enabled='1';
hosts = 127.0.0.1
EOF
cat > /etc/postfix/mysql-relay_recipients.cf <<EOF
#mysql-relay_recipients
user = baruwa
password = password
dbname = baruwa
query = select concat('@', address, 'OK') 'email' from user_addresses where user_addresses.address='%d';
hosts = 127.0.0.1
EOF
cat > /etc/postfix/mysql-transports.cf <<EOF
#mysql-transports
user = baruwa
password = password
dbname = baruwa
query = select concat('smtp:[', mail_hosts.address, ']', ':', port) 'transport' from mail_hosts, user_addresses where user_addresses.address = '%s' AND user_addresses.id = mail_hosts.useraddress_id;
hosts = 127.0.0.1
EOF
chmod +x /usr/src/postfix.shand run it using
/usr/src/postfix.sh
Postfix Recipient Callout:
This feature queries the recipient server to see if the recipient exists. If not, it replies with a 550 error to the sending server and drops the connection. If the user does exist, the SpamSnake will continue processing the email. This is just another method to prevent backscatter, but comes at a price. Read up on it at http://www.postfix.org/ADDRESS_VERIFICATION_README.html. You can skip this method and use the script method (later on in this guide) if you decide it will bog down your server.
Postmap it:
Start Postfix
Add clamav to the www-data group so that it can access the directory:
Pyzor Configuration
Because pyzor doesn’t work with python2.6 very well, the workaround is to append the following to the first line of /usr/bin/pyzor to make it look like:
Create the .razor configuration:
Edit the razor agent conf.This feature queries the recipient server to see if the recipient exists. If not, it replies with a 550 error to the sending server and drops the connection. If the user does exist, the SpamSnake will continue processing the email. This is just another method to prevent backscatter, but comes at a price. Read up on it at http://www.postfix.org/ADDRESS_VERIFICATION_README.html. You can skip this method and use the script method (later on in this guide) if you decide it will bog down your server.
vi /etc/postfix/main.cfand add the following:
verify_recipient = reject_unknown_recipient_domain, reject_unverified_recipientlook_ahead = check_recipient_access hash:/etc/postfix/accessunverified_recipient_reject_code = 550address_verify_map = btree:/var/lib/postfix/verifyAdd this to your smtpd_restriction_classes:
verify_recipient, look_aheadAdd this to smptd_recipient_restrictions:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, look_ahead, whitelist_policy, grey_policy, rbl_policy, spf_policy, permitCreate the access file:
touch /etc/postfix/accessand add your domains:
domainA.com verify_recipientdomainB.com verify_recipientNote: Make sure to add valid domains you're filtering for.
Postmap it:
postmap /etc/postfix/accessFinal look at the Postfix install:
less /etc/postfix/main.cfCheck the contents of the file for errors and repair if needed. Fire up Postfix:
Start Postfix
postfix startCheck that Postfix responds:
telnet 127.0.0.1 25You should see:
220 [yourFQDNhere] ESMTP Postfix (Ubuntu)
Install MailScanner (Apparmor, Clamav, DCC, Pyzor, Razor and Spamassassin):
aptitude install razor pyzor clamav-daemon libclamav6 apparmor mailscanner libltdl7Apparmor configuration for Clamav
Add clamav to the www-data group so that it can access the directory:
usermod -a -G www-data clamavNow edit the profile for clamd:
vi /etc/apparmor.d/usr.sbin.clamdand add the Incoming folder to the list of folders:
/usr/sbin/clamd {Reload apparmor:
#clamav
/var/spool/MailScanner/** rw,
/var/spool/MailScanner/incoming/** rw,
}
/etc/init.d/apparmor reload
DCC 32bit/64bit Configuration:
Install DCC from .deb source, you can just download the necessary packages:cd /tmpOr you can add the PPA and install:
wget http://ppa.launchpad.net/jonasped/ppa/ubuntu/pool/main/d/dcc/dcc-common_1.3.130-0ubuntu1~ppa2~precise1_$(uname -m | sed -e 's/x86_64/amd64/' -e 's/i686/i386/').deb && dpkg -i dcc-common_1.3.130-0ubuntu1~ppa2~precise1_$(uname -m | sed -e 's/x86_64/amd64/' -e 's/i686/i386/').deb
wget http://ppa.launchpad.net/jonasped/ppa/ubuntu/pool/main/d/dcc/dcc-client_1.3.130-0ubuntu1~ppa2~precise1_$(uname -m | sed -e 's/x86_64/amd64/' -e 's/i686/i386/').deb && dpkg -i dcc-client_1.3.130-0ubuntu1~ppa2~precise1_$(uname -m | sed -e 's/x86_64/amd64/' -e 's/i686/i386/').deb
add-apt-repository ppa:jonasped/ppaaptitude updateaptitude install dcc-client dcc-commonTest our installation with:
cdcc infoYou should get 'requests ok' from the servers.
Pyzor Configuration
Because pyzor doesn’t work with python2.6 very well, the workaround is to append the following to the first line of /usr/bin/pyzor to make it look like:
#!/usr/bin/python -Wignore::DeprecationWarningHere we supply the IP address of the Pyzor server to Pyzor. This will create the server's IP address in a servers file therein. Then it will test the connection. If you are behind a firewall, open port 24441/udp in and out to your server. While you're at it also open up 6277/udp for DCC, 2703/tcp for Razor and 783/tcp for SpamAssassin:
mkdir /var/lib/MailScannerpyzor --homedir=/var/lib/MailScanner discoverRazor Configuration
pyzor ping
Create the .razor configuration:
cd && rm /etc/razor/razor-agent.confmkdir /var/lib/MailScanner/.razorrazor-admin -home=/var/lib/MailScanner/.razor -createrazor-admin -home=/var/lib/MailScanner/.razor -discoverrazor-admin -home=/var/lib/MailScanner/.razor -register
vi /var/lib/MailScanner/.razor/razor-agent.confAnd set:
debuglevel = 0razorhome = /var/lib/MailScanner/.razor/Install dependencies:
apt-get install libconvert-tnef-perl libdbd-sqlite3-perl libfilesys-df-perl libmailtools-perl libmime-tools-perl libmime-perl libnet-cidr-perl libsys-syslog-perl libio-stringy-perl libfile-temp-perl libole-storage-lite-perl libarchive-zip-perl libsys-hostname-long-perl libnet-cidr-lite-perl libhtml-parser-perl libdb-file-lock-perl libnet-dns-perl libncurses5-dev libdigest-hmac-perl libdigest-sha-perl libnet-ip-perl liburi-perl libfile-spec-perl spamassassin libnet-ident-perl libmail-spf-perl libmail-dkim-perl dnsutils libio-socket-ssl-perl gdebi-coreEdit Crontab:
vi /etc/crontabAnd add:
#Mailscanner
37 5 * * * /usr/sbin/update_phishing_sites &> /dev/null
07 * * * * /usr/sbin/update_bad_phishing_sites &> /dev/null
#58 23 * * * /usr/sbin/clean.quarantine &> /dev/null
42 * * * * /usr/sbin/update_virus_scanners &> /dev/null
3,23,43 * * * * /usr/sbin/check_mailscanner &> /dev/null
Install SpamAssassin
First we need to disable the default SpamAssassin configuration file:
Pre-requisities: You'll need the perl-DBI and perl-DBD-MySQL modules installed.
Assumptions and Variables:
"YOURDOMAIN-COM" should be replaced with whatever you used for "%org-name%" in the MailScanner.conf file. Leave the "X-" in place. This is the same orgname used in the MailScanner.conf above.
Add sql connection string to the bottom:
Set MECH_OPTIONS to the ip address of your imap server
And at the bottom change:
Edit Baruwa's setings:
If you can't login use:
Setup Instructions for Baruwa (on the web insterface):
The relay_recipients, relay_domains and transports settings in /etc/postfix/main.cf will use the entries you've provided in Baruwa. Therefore, no hash file is required.
The associated queries in the mysql cf files will pull the result in the proper format and feed it to postfix for use.
However, if you'd like to use a hash for any of your config files, use the following as an example of how to setup /etc/postfix/main.cf:
Note: If you do end up using hash for relay_recipients for specific domains, you'll have to remove that domain from /etc/postfix/access. All other domain users can still be verified using look_ahead
Also, if you need to do mx lookups, you'll have to edit /etc/postfix/mysql-transports.cf query to look like:
In that file almost everything is commented out. We open that file now and make some modifications:
Create MySQL Database:
The sql script creates the database for fuzzyocr:
Make the script executable:
There is currently a lot of spam where the spam "information" is attached as .pdf or .xls files, sometimes also hidden inside a .zip file. While these spam mails are not easy to catch with e.g. SpamAssassin or a Bayes filter, the ClamAV virus scanner can catch them easily when it is fed with the correct signatures as ClamAV is built to scan mail attachments.
Install it with:
The default delay is 300 seconds (5 minutes), to change this value edit /etc/default/postgrey. Add --delay=N to the POSTGREY_OPTS:
and make it executable:
Install Firehol
First we need to disable the default SpamAssassin configuration file:
mv /etc/spamassassin/local.cf/etc/spamassassin/local.cf.disabledNow let's backup the SpamAssassin configuration file in MailScanner then edit:
cp /etc/MailScanner/spam.assassin.prefs.conf /etc/MailScanner/spam.assassin.prefs.conf.backSpamAssassin SQL Bayes
Pre-requisities: You'll need the perl-DBI and perl-DBD-MySQL modules installed.
Assumptions and Variables:
SpamAssassin Bayes Database Name: sa_bayesSpamAssassin Bayes Database UserName: sa_userSpamAssassin Bayes Database Password: sa_passwordCreate the MySQL database on the server where you intend on storing the bayesian information.
mysql -u root -pmysql> create database sa_bayes;mysql> GRANT ALL ON sa_bayes.* TO sa_user@localhost IDENTIFIED BY 'sa_password';mysql> flush privileges;Import database structure:
mysql -u sa_user -p sa_bayes < /usr/share/doc/spamassassin/sql/bayes_mysql.sqlTo enable DCC:
vi /etc/spamassassin/v310.preAnd add:
loadplugin Mail::SpamAssassin::Plugin::DCCEdit Spam Assassin's conf file:
vi /opt/MailScanner/etc/spam.assassin.prefs.confand add the following to the top:
#pyzoruse_pyzor 1pyzor_options --homedir /var/lib/MailScanner/Update header string:
#razoruse_razor2 1razor_config /var/lib/MailScanner/.razor/razor-agent.confFix DCC path:
dcc_path /usr/bin/dccproc
bayes_ignore_header X-YOURDOMAIN-COM-MailScannerbayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamCheckbayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamScorebayes_ignore_header X-YOURDOMAIN-COM-MailScanner-Information#use_auto_whitelist 0
"YOURDOMAIN-COM" should be replaced with whatever you used for "%org-name%" in the MailScanner.conf file. Leave the "X-" in place. This is the same orgname used in the MailScanner.conf above.
Add sql connection string to the bottom:
bayes_store_module Mail::SpamAssassin::BayesStore::SQLbayes_sql_dsn DBI:mysql:sa_bayes:localhostbayes_sql_username sa_userbayes_sql_password sa_passwordbayes_sql_override_username rootvi v310.preand comment out domainkeys since DKIM has superseeded it:
#loadplugin Mail::SpamAssassin::Plugin::DomainKeysAdd it to cron:
30 01 * * * /usr/bin/sa-learn --force-expire --sync -p /etc/MailScanner/spam.assassin.prefs.confInstall Apache and mod-passenger:
aptitude install apache2 libapache2-mod-passengerCreate the following to prevent an error in a lint test:
mkdir /var/www/.spamassassinInstall missing perl packages:
aptitude install libencode-detect-perl libcrypt-openssl-rsa-perlperl -MCPAN -e shellinstall IP::Country::FastexitSet permissions to bring it all together:
chown -R postfix:www-data /var/spool/postfix/holdchmod -R ug+rwx /var/spool/postfix/holdTest out the setup:
spamassassin -x -D -p /opt/MailScanner/etc/spam.assassin.prefs.conf --lintCheck for lines like:
debug: bayes: Database connection establisheddebug: bayes: found bayes db version 3debug: bayes: Using userid: 2You should see lines come up with DCC, Pyzor and Razor that say loading plugin and hopefully no errors.
MailScanner Configuration:
We need to make a directory for SpamAssassin in the spool and give postfix permissions to it, if you run sa-learn --force as root, bayes databese that is stored in these directories will change to root:root and spamassassin will error looking at the db. Just keep an eye on the mail.log and you'll remember to change the permissions back. Also disable the MailScanner default configs:mkdir /var/spool/MailScanner/spamassassinBackup your MailScanner.conf file:
cp /etc/MailScanner/MailScanner.conf /etc/MailScanner/MailScanner.conf.distChange the following parameters in MailScanner.conf with the following script:
vi /usr/src/mailscanner.shAdd:
sed -i "/^%org-name% =/ c\%org-name% =orgname" /etc/MailScanner/MailScanner.confMake the script executable:
sed -i "/^%org-long-name% =/ c\%org-long-name% = longorgname" /etc/MailScanner/MailScanner.conf
sed -i "/^%web-site% =/ c\%web-site% = www.domain.tld" /etc/MailScanner/MailScanner.conf
sed -i "/^Run As User =/ c\Run As User = postfix" /etc/MailScanner/MailScanner.conf
sed -i "/^Run As Group =/ c\Run As Group = www-data" /etc/MailScanner/MailScanner.conf
sed -i "/^Incoming Work Group =/ c\Incoming Work Group = clamav" /etc/MailScanner/MailScanner.conf
sed -i "/^Incoming Work Permissions =/ c\Incoming Work Permissions = 0640" /etc/MailScanner/MailScanner.conf
sed -i "/^Incoming Queue Dir =/ c\Incoming Queue Dir = /var/spool/postfix/hold" /etc/MailScanner/MailScanner.conf
sed -i "/^Outgoing Queue Dir =/ c\Outgoing Queue Dir = /var/spool/postfix/incoming" /etc/MailScanner/MailScanner.conf
sed -i "/^MTA =/ c\MTA = postfix" /etc/MailScanner/MailScanner.conf
sed -i "/^Quarantine User =/ c\Quarantine User = root" /etc/MailScanner/MailScanner.conf
sed -i "/^Quarantine Group =/ c\Quarantine Group = www-data" /etc/MailScanner/MailScanner.conf
sed -i "/^Quarantine Permissions =/ c\Quarantine Permissions = 0660" /etc/MailScanner/MailScanner.conf
sed -i "/^Quarantine Whole Message =/ c\Quarantine Whole Message = yes" /etc/MailScanner/MailScanner.conf
sed -i "/^Virus Scanners =/ c\Virus Scanners = clamd" /etc/MailScanner/MailScanner.conf
sed -i "/^Monitors for ClamAV Updates =/ c\Monitors for ClamAV Updates = /var/lib/clamav/*.cld /var/lib/clamav/*.cvd" /etc/MailScanner/MailScanner.conf
sed -i "/^Clamd Socket =/ c\Clamd Socket = /var/run/clamav/clamd.ctl" /etc/MailScanner/MailScanner.conf
sed -i "/^Clamd Lock File =/ c\Clamd Lock File = /var/run/clamav/clamd.pid" /etc/MailScanner/MailScanner.conf
sed -i "/^Spam Subject Text =/ c\Spam Subject Text = ***SPAM***" /etc/MailScanner/MailScanner.conf
sed -i "/^Spam Actions =/ c\Spam Actions = deliver store" /etc/MailScanner/MailScanner.conf
sed -i "/^High Scoring Spam Actions =/ c\High Scoring Spam Actions = store delete" /etc/MailScanner/MailScanner.conf
sed -i "/^Non Spam Actions =/ c\Non Spam Actions = deliver store" /etc/MailScanner/MailScanner.conf
sed -i "/^SpamAssassin User State Dir =/ c\SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin" /etc/MailScanner/MailScanner.conf
chmod +x mailscanner.shand run using
/usr/src/mailscanner.shEdit /etc/default/mailscanner. There you will have to set the variable run_mailscanner to 1.
Install and configure Saslauthd:
aptitude install sasl2-bin libsasl2-modules-ldapedit the configuration:
vi /etc/default/saslauthdchange:
MECHANISMS="pam"to:
MECHANISMS="rimap"
Set MECH_OPTIONS to the ip address of your imap server
And at the bottom change:
OPTIONS="-c -m /var/run/saslauthd"to:
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"Set the correct permissions:
chown postfix /var/spool/postfix/var/run/saslauthdchgrp sasl /var/spool/postfix/var/run/saslauthdchmod 710 /var/spool/postfix/var/run/saslauthdStart the system:
/etc/init.d/saslauthd startCheck your logs for errors:
/etc/init.d/mailscanner start
/etc/init.d/postfix start
tail -f /var/log/mail.logCheck your mail.log (tail –f /var/log/mail.log) and you should see the following:
Jun 13 12:18:23 hoshi MailScanner[26388]: MailScanner E-Mail Virus Scanner version 4.81.4 starting...
Install Baruwa:
First you need to install rabbitmq-serveraptitude install rabbitmq-serverAnd configure it:
rabbitmqctl add_user baruwa passwordrabbitmqctl add_vhost baruwarabbitmqctl set_permissions -p baruwa baruwa ".*" ".*" ".*"/etc/init.d/rabbitmq-server restartNow install Baruwa:
aptitude install baruwaYou'll be prompted to setup the baruwa db for logging, including an access username and password, which will be used by the Baruwa scripts. You'll also be prompted to setup the admin user information for the Baruwa frontend.
Edit Baruwa's setings:
vi /usr/share/pyshared/baruwa/settings.pyChange the Quarantine hosturl to your liking:
QUARANTINE_REPORT_HOSTURL = 'http://baruwa-alpha.local'Setup the Baruwa DB:
baruwa-admin syncdb --noinputbaruwa-admin migratebaruwa-admin syncdb --noinputbaruwa-admin migrateSet MailScanner to use Baruwa's DB:
vi /etc/MailScanner/MailScanner.confYou need to make sure that the following options are set:
Always Looked Up Last = &BaruwaSQLIs Definitely Not Spam = &BaruwaWhitelistIs Definitely Spam = &BaruwaBlacklistRequired SpamAssassin Score = &BaruwaLowScoreHigh SpamAssassin Score = &BaruwaHighScoreEnable Baruwa in Apache
a2dissite 000-defaultservice apache2 reloadRestart MailScanner:
/etc/init.d/mailscanner restartPoint your browser to http://hostname_used login with admin user and password and start working. You can now use the interface to add users and process messages, etc.
If you can't login use:
baruwa-admin createsuperuserto create an initial admin user.
Setup Instructions for Baruwa (on the web insterface):
- Log into Baruwa as admin and navigate to:
- --> Settings --> Accounts --> Create Account
- Once you've created the user account, you'll get two new tabs on that page, Profile Settings and Associated Addresses.
- Fill out Profile Settings choosing Domain Admin and set a low score of 6 and a high score of 9 and check scan email.
- Click the + sign under Associated Addresses and enter a domains for which the user is the admin of eg. domain.com. domain.com will show up under Associated Addresses.
- Click on domain.com and you'll be taken into Domain Information, where you'll be able to setup SMTP delivery information. Go ahead and add the receiving smtp server, or the ip of the receiving smtp server. Select enable and if you use a non-standard port, set it, otherwise use 25. Once you've done that, you can click on the test button next to the pencil, to see if your receiving server will accept the connection.
The relay_recipients, relay_domains and transports settings in /etc/postfix/main.cf will use the entries you've provided in Baruwa. Therefore, no hash file is required.
The associated queries in the mysql cf files will pull the result in the proper format and feed it to postfix for use.
However, if you'd like to use a hash for any of your config files, use the following as an example of how to setup /etc/postfix/main.cf:
relay_recipient_maps = hash:/etc/postfix/relay_recipientsOf course, you would have to create the hash file(s), populate it and postmap it for postfix to use.
Note: If you do end up using hash for relay_recipients for specific domains, you'll have to remove that domain from /etc/postfix/access. All other domain users can still be verified using look_ahead
Also, if you need to do mx lookups, you'll have to edit /etc/postfix/mysql-transports.cf query to look like:
concat('smtp:', mail_hosts.address, ':', port) 'transport'The [ and ] were removed to allow MX lookups.
Install and configure SPF:
aptitude install postfix-policyd-spf-perlThen we edit /etc/postfix/master.cf
vi /etc/postfix/master.cfand add the following stanza at the end:
policy unix - n n - - spawn user=nobody argv=/usr/sbin/postfix-policyd-spf-perlThen restart Postfix:
/etc/init.d/postfix restart
Install and Configure FuzzyOcr:
FuzzyOCR has some prerequisites like ocrad and gocr that we can install like this:apt-get install fuzzyocr3 netpbm gifsicle libungif-bin gocr ocrad libstring-approx-perl libmldbm-sync-perl libdigest-md5-perl libdbd-mysql-perl imagemagick tesseract-ocrSo FuzzyOCR is now installed, now we need to configure it. FuzzyOCR's configuration file is /etc/spamassassin/FuzzyOcr.cf.
In that file almost everything is commented out. We open that file now and make some modifications:
vi /etc/spamassassin/FuzzyOcr.cfUncomment the following lines:
focr_global_wordlist /etc/spamassassin/FuzzyOcr.wordsfocr_preprocessor_file /etc/spamassassin/FuzzyOcr.prepsfocr_scanset_file /etc/spamassassin/FuzzyOcr.scansets<focr_enable_image_hashing 3focr_digest_db /etc/spamassassin/FuzzyOcr.hashdbfocr_db_hash /etc/spamassassin/FuzzyOcr.dbfocr_db_safe /etc/spamassassin/FuzzyOcr.safe.dbfocr_bin_helper convert, tesseractComment out the path:
#focr_path_bin /usr/local/netpbm/bin:/usr/local/bin:/usr/binWe will be storing the image hashes in a mysql database to improve on performance such that images that we have already scanned do not get scanned again as OCR is a resource intense activity.
Create MySQL Database:
The sql script creates the database for fuzzyocr:
vi FuzzyOcr.mysqlAdd:
CREATE DATABASE FuzzyOcr;use FuzzyOcr;Create the DB:
CREATE TABLE `Hash` ( `key` varchar(255) NOT NULL default '', `basic` varchar(64) NOT NULL default '', `fname` varchar(160) NOT NULL default '', `ctype` varchar(64) NOT NULL default '', `ftype` smallint(5) unsigned NOT NULL default '0', `match` int(10) unsigned NOT NULL default '0', `input` int(10) unsigned NOT NULL default '0', `check` int(10) unsigned NOT NULL default '0', `score` decimal(8,3) NOT NULL default '0.000', `dinfo` text NOT NULL, PRIMARY KEY (`key`) );
CREATE TABLE `Safe` ( `key` varchar(255) NOT NULL default '', `basic` varchar(64) NOT NULL default '', `fname` varchar(160) NOT NULL default '', `ctype` varchar(64) NOT NULL default '', `ftype` smallint(5) unsigned NOT NULL default '0', `match` int(10) unsigned NOT NULL default '0', `input` int(10) unsigned NOT NULL default '0', `check` int(10) unsigned NOT NULL default '0', `score` decimal(8,3) NOT NULL default '0.000', `dinfo` text NOT NULL, PRIMARY KEY (`key`) );
GRANT SELECT,UPDATE,INSERT,DELETE ON FuzzyOcr.* TO fuzzyocr@localhost IDENTIFIED BY 'fuzzyocr';
mysql -p < FuzzyOcr.mysqlEdit the configuration file:
vi /etc/spamassassin/FuzzyOcr.cfEnable the following lines:
focr_mysql_db FuzzyOcrfocr_mysql_hash Hashfocr_mysql_safe Safefocr_mysql_user fuzzyocrfocr_mysql_pass fuzzyocrfocr_mysql_host localhostfocr_mysql_port 3306focr_mysql_socket /var/run/mysqld/mysqld.sockSetup FuzzyOcr Database Cleaner script:
vi /usr/sbin/fuzzy-cleanmysqlAdd:
#!/usr/bin/perl
#Script to clean out mysql tables of data. Default is to leave data in Safe for 1 day and Hash for 10 days.
#Fuzzyocr-cleanmysql
use Getopt::Long;
use DBI;
use MLDBM qw(DB_File Storable);
my %Files = (
db_hash => '/var/lib/fuzzyocr/FuzzyOcr.db',
db_safe => '/var/lib/fuzzyocr/FuzzyOcr.safe.db',
);
use DBI;
$database = "FuzzyOcr";
$hostname = "localhost";
$socket = "/var/run/mysqld/mysqld.sock";
$port = "3306";
$username = "fuzzyocr";
$password = 'password';
# defaults
my $cfgfile = "/etc/spamassassin/FuzzyOcr.cf";
my %App;
my %age;
$age{'age'} = 10*24; # 10 days
$age{'hash'} = $age{'age'};
$age{'safe'} = 0;
my $help = 0;
my $verbose = 0;
GetOptions( \%age,
'age=i',
'config=s' => \$cfgfile,
'hash=i',
'help' => \$help,
'safe=i',
'verbose' => \$verbose,
);
if ($help) {
print "Usage: fuzzy-cleanmysql [Options]\n";
print "\n";
print "Available options:\n";
print "--age=i Global age in hours to keep in db\n";
print "--config=s Specify location of FuzzyOcr.cf\n";
print " Default: /etc/spamassassin/FuzzyOcr.cf\n";
print "--hash=i Number of hours old to keep in Hash db\n";
print "--safe=i Number of hours old to keep in Safe db\n";
print "--verbose Show more informations\n";
print "\n";
exit 1;
}
# Convert hours to seconds
$age{'age'} *= 60 * 60;
$age{'hash'} *= 60 * 60;
$age{'safe'} *= 60 * 60;
$age{'safe'} = $age{'safe'} ? $age{'safe'} : $age{'age'};
# Read custom paths from FuzzyOcr.cf
my $app_path = q(/usr/local/netpbm/bin:/usr/local/bin:/usr/bin);
open CONFIG, "< $cfgfile" or warn "Can't read configuration file, using defaults...\n";
while () {
chomp;
if ($_ =~ m/^focr_bin_(\w+) (.+)/) {
$App{$1} = $2;
printf "Found custom path \"$2\" for application \"$1\"\n" if $verbose;
}
if ($_ =~ m/^focr_path_bin (.+)/) {
$app_path = $1;
printf "Found new path: \"$1\"\n" if $verbose;
}
if ($_ =~ m/^focr_enable_image_hashing (\d)/) {
$App{hashing_type} = $1;
printf "Found DB Hashing\n" if ($verbose and $1 == 2);
printf "Found MySQL Hashing\n" if ($verbose and $1 == 3);
}
if ($_ =~ m/^focr_mysql_(\w+) (.+)/) {
$MySQL{$1} = $2;
printf "Found MySQL option $1 => '$2'\n" if $verbose;
}
if ($_ =~ m/^focr_threshold_max_hash (.+)/) {
$App{max_hash} = $1;
printf "Updated Thresold{max_hash} = $1\n" if $verbose;
}
}
close CONFIG;
# make shure we have this threshold set
$App{max_hash} = 5 unless defined $App{max_hash};
# search path for bin_util unless already specified in configuration file
foreach my $app (@bin_utils) {
next if defined $App{$app};
foreach my $d (split(':',$app_path)) {
if (-x "$d/$app") {
$App{$app} = "$d/$app";
last;
}
}
}
sub get_ddb {
my %dopts = ( AutoCommit => 1 );
my $dsn = "DBI:mysql:database=$database";
if (defined $socket) {
$dsn .= ";mysql_socket=$socket";
} else {
$dsn .= ";host=$hostname";
$dns .= ";port=$port" unless $port == 3306;
}
printf "Connecting to: $dsn\n" if $verbose;
return DBI->connect($dsn, $username, $password,\%dopts) or die("Could not connect!");
}
if ($App{hashing_type} == 3) {
my $ddb = get_ddb();
if ($ddb) {
my $sql;
foreach my $ff (sort keys %Files) {
$ff =~ s/db_//;
$sqlbase = "FROM $MySQL{$ff} WHERE $MySQL{$ff}.\`check\` < ?";
my $timestamp = time;
$timestamp = $timestamp - $age{$ff};
$sql = "DELETE $sqlbase";
if ( $verbose ) {
printf "Delete from Table $MySQL{$ff}\n";
print "$sql, $timestamp\n";
print "Timestamp is ", scalar(localtime($timestamp)), "\n";
print "That's $age{$ff} seconds earlier than now.\n";
print "\n";
}
$ddb->do($sql,undef,$timestamp);
}
$ddb->disconnect;
}
}
Make the script executable:
chmod +x /usr/sbin/fuzzy-cleanmysqlAnd add it to cron
vi /etc/crontabwith:
@weekly /usr/sbin/fuzzy-cleanmysql &> /dev/null #FuzzyOcr DB cleanerFiltering PDF, XLS and Phishing Spam with ClamAV (Sanesecurity Signatures):
There is currently a lot of spam where the spam "information" is attached as .pdf or .xls files, sometimes also hidden inside a .zip file. While these spam mails are not easy to catch with e.g. SpamAssassin or a Bayes filter, the ClamAV virus scanner can catch them easily when it is fed with the correct signatures as ClamAV is built to scan mail attachments.
Install it with:
aptitude install clamav-unofficial-sigsEdit it's configuration file:
vi /usr/share/clamav-unofficial-sigs/conf.d/00-clamav-unofficial-sigs.confChange Path to clamd.pid:
And once you're done with the configuration, set the following to yes:clamd_pid="/var/run/clamav/clamd.pid"Reload after update:reload_dbs="yes"Work Directory:work_dir="/var/lib/clamav"
user_configuration_complete="yes"Now we run the update script to check if the download works:
clamav-unofficial-sigsAdd it to cron:
00 04 * * * root /usr/sbin/clamav-unofficial-sigs &> /dev/null
Grey listing with Postgrey:
apt-get install postgrey libnet-rblclient-perlEnable it in postfix:
postconf -e "grey_policy = check_policy_service inet:127.0.0.1:10023"Reload postfix configuration:
sudo /etc/init.d/postfix reloadYou may need to modify the whitelisting of certain domains or users. To do so, use the files in /etc/postgrey/.
The default delay is 300 seconds (5 minutes), to change this value edit /etc/default/postgrey. Add --delay=N to the POSTGREY_OPTS:
POSTGREY_OPTS="--inet=10023 --delay=60"
KAM:
Create the script:vi /etc/cron.daily/kam.shAdd the following content:
And make it executable:
#!/bin/bash
# Original version modified by Andrew MacLachlan (andrew@gdcon.net)# Added additional MailScanner restarts on inital restart failure# Made script run silently for normal (successful) operation# Increased UPDATEMAXDELAY to 900 from 600# Insert a random delay up to this value, to spread virus updates round# the clock. 1800 seconds = 30 minutes.# Set this to 0 to disable it.UPDATEMAXDELAY=0if [ -f /opt/MailScanner/var/MailScanner ] ; then. /opt/MailScanner/var/MailScannerfiexport UPDATEMAXDELAYif [ "x$UPDATEMAXDELAY" = "x0" ]; then:elselogger -p mail.info -t KAM.cf.sh Delaying cron job up to $UPDATEMAXDELAY secondsperl -e "sleep int(rand($UPDATEMAXDELAY));"fi# JKF Fetch KAM.cf#echo Fetching KAM.cf...cd /etc/mail/spamassassinrm -f KAM.cfwget -O KAM.cf http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf > /dev/null 2>&1if [ "$?" = "0" ]; then#echo It completed and fetched somethingif ( tail -10 KAM.cf | grep -q '^#.*EOF' ); then# echo It succeeded so make a backupcp -f KAM.cf KAM.cf.backupelseecho ERROR: Could not find EOF markercp -f KAM.cf.backup KAM.cffielseecho It failed to complete properlycp -f KAM.cf.backup KAM.cffi#echo Reloading MailScanner and SpamAssassin configuration rules/etc/init.d/mailscanner reload > /dev/null 2>&1if [ $? != 0 ] ; thenecho "MailScanner reload failed - Retrying..."/etc/init.d/mailscanner force-reloadif [ $? = 0 ] ; thenecho "MailScanner reload succeeded."elseecho "Stopping MailScanner..."/etc/init.d/mailscanner stopecho "Waiting for a minute..."perl -e "sleep 60;"echo "Attemping to start MailScanner..."/etc/init.d/mailscanner startfifi
chmod +x /etc/cron.daily/kam.sh
ScamNailer:
Create the script:vi /usr/sbin/update_scamnailerNote: Content is in https://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=0B9cN15Q3pKnwNmU2NTY2ZDQtZTdiNS00ZjM4LWI0MDktM2ZhNGYzOTY0NTZk&authkey=CKOFkqIJ&hl=en
and make it executable:
chmod +x /usr/sbin/update_scamnailerAdd it to cron:
@daily /usr/sbin/update_scamnailer &> /dev/null #Update Scamnailer
Firewalling the SpamSnake with Firehol:
Firehol is a stateful iptables packet filtering firewall configurator. It is abstracted, extensible, easy and powerful. It can handle any kind of firewall, but most importantly, it gives you the means to configure it, the same way you think of it.Install Firehol
apt-get install fireholFirehol Settings:
vi /etc/default/fireholand change the following:
START_FIREHOL=YESvi /etc/firehol/firehol.confand add the following:
server_zabbix_ports="tcp/10050 udp/10050"client_zabbix_ports="default 10050"Restart firehol:
version 5 # Accept all client traffic on any interface interface any internet protection strong server "icmp ping ICMP ssh http https telnet webmin dns dcc snmp smtp smtps submission zabbix mysql" accept client all accept
service fireholl restartAnd that's it
No comments:
Post a Comment