Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédente | ||
tutoriaux:install-email-server-part-8 [2022/08/31 13:15] – [Prerequisites] frater | tutoriaux:install-email-server:install-email-server-part-8 [2023/04/23 16:48] (Version actuelle) – [Installation] frater | ||
---|---|---|---|
Ligne 13: | Ligne 13: | ||
===== Prerequisites ===== | ===== Prerequisites ===== | ||
- | You should have completed at least [[tutoriaux: | + | You should have completed at least [[tutoriaux: |
Note that if you used iRedMail or Modoboa to set up your mail server, then Amavis and ClamAV are already installed and configured, so you don’t need to follow this tutorial. | Note that if you used iRedMail or Modoboa to set up your mail server, then Amavis and ClamAV are already installed and configured, so you don’t need to follow this tutorial. | ||
- | < | + | <WRAP round alert> |
Warning: Amavis and ClamAV require a fair amount of RAM. Make sure you have at least 1.5 GB free RAM on your server before installing Amavis and ClamAV. The whole mail server stack (Postfix, Dovecot, Amavis, ClamAV, SpamAssassin, | Warning: Amavis and ClamAV require a fair amount of RAM. Make sure you have at least 1.5 GB free RAM on your server before installing Amavis and ClamAV. The whole mail server stack (Postfix, Dovecot, Amavis, ClamAV, SpamAssassin, | ||
</ | </ | ||
Ligne 113: | Ligne 113: | ||
Add the following line at the end of the file. This tells Postfix to turn on content filtering by sending every incoming email message to Amavis, which listens on // | Add the following line at the end of the file. This tells Postfix to turn on content filtering by sending every incoming email message to Amavis, which listens on // | ||
- | < | + | < |
Also, add the following line. | Also, add the following line. | ||
- | < | + | < |
This will delay Postfix connection to content filter until the entire email message has been received, which can prevent content filters from wasting time and resources for slow SMTP clients. | This will delay Postfix connection to content filter until the entire email message has been received, which can prevent content filters from wasting time and resources for slow SMTP clients. | ||
Ligne 127: | Ligne 127: | ||
Add the following lines at the end of the file. This instructs Postfix to use a special SMTP client component called '' | Add the following lines at the end of the file. This instructs Postfix to use a special SMTP client component called '' | ||
- | < | + | < |
smtp-amavis | smtp-amavis | ||
-o syslog_name=postfix/ | -o syslog_name=postfix/ | ||
Ligne 139: | Ligne 139: | ||
Then add the following lines at the end of the file. This tells Postfix to run an additional smtpd daemon listening on '' | Then add the following lines at the end of the file. This tells Postfix to run an additional smtpd daemon listening on '' | ||
- | < | + | < |
127.0.0.1: | 127.0.0.1: | ||
-o syslog_name=postfix/ | -o syslog_name=postfix/ | ||
Ligne 193: | Ligne 193: | ||
{{ tutoriaux: | {{ tutoriaux: | ||
- | < | + | <WRAP round info> |
Hint: If the above command doesn’t quit immediately, | Hint: If the above command doesn’t quit immediately, | ||
</ | </ | ||
Ligne 210: | Ligne 210: | ||
As you can see, it failed to start because a condition wasn’t met. In the / | As you can see, it failed to start because a condition wasn’t met. In the / | ||
- | < | + | < |
ConditionPathExistsGlob=/ | ConditionPathExistsGlob=/ | ||
ConditionPathExistsGlob=/ | ConditionPathExistsGlob=/ | ||
Ligne 233: | Ligne 233: | ||
Uncomment the following lines to enable virus-checking. | Uncomment the following lines to enable virus-checking. | ||
- | < | + | < |
# | # | ||
# \%bypass_virus_checks, | # \%bypass_virus_checks, | ||
Ligne 268: | Ligne 268: | ||
Custom settings should be added between the use '' | Custom settings should be added between the use '' | ||
- | < | + | < |
Then add the following line, which sets the “ORIGINATING” policy for port 10026. | Then add the following line, which sets the “ORIGINATING” policy for port 10026. | ||
- | < | + | < |
Next, add the following lines, which define the “ORIGINATING” policy. | Next, add the following lines, which define the “ORIGINATING” policy. | ||
- | < | + | < |
$policy_bank{' | $policy_bank{' | ||
originating => 1, # declare that mail was submitted by our smtp client | originating => 1, # declare that mail was submitted by our smtp client | ||
Ligne 325: | Ligne 324: | ||
===== Spam Filtering in Amavis ===== | ===== Spam Filtering in Amavis ===== | ||
- | < | + | <WRAP round important> |
If you have followed my SpamAssassin tutorial, you don’t need to enable spam-checking in Amavis. If you enable it, each email will be checked twice by SpamAssassin. | If you have followed my SpamAssassin tutorial, you don’t need to enable spam-checking in Amavis. If you enable it, each email will be checked twice by SpamAssassin. | ||
</ | </ | ||
Ligne 339: | Ligne 338: | ||
Uncomment the following lines to enable spam-checking. | Uncomment the following lines to enable spam-checking. | ||
- | < | + | < |
# | # | ||
# | # | ||
Ligne 349: | Ligne 348: | ||
===== DKIM in Amavis ===== | ===== DKIM in Amavis ===== | ||
- | Two common pieces of software that can do DKIM signing and verification on Linux are [[tutoriaux: | + | Two common pieces of software that can do DKIM signing and verification on Linux are [[tutoriaux: |
By default, Amavis can verify the DKIM signature of incoming email messages. If you have OpenDKIM running on your mail server, then you can disable DKIM verification in Amavis. | By default, Amavis can verify the DKIM signature of incoming email messages. If you have OpenDKIM running on your mail server, then you can disable DKIM verification in Amavis. | ||
Ligne 357: | Ligne 356: | ||
Find the following line and change 1 to 0, so Amavis won’t verify DKIM signatures. | Find the following line and change 1 to 0, so Amavis won’t verify DKIM signatures. | ||
- | < | + | < |
Save and close the file. Then restart Amavis. | Save and close the file. Then restart Amavis. | ||
Ligne 385: | Ligne 384: | ||
Add the following line in the file between the use '' | Add the following line in the file between the use '' | ||
- | < | + | < |
$max_servers = 4; | $max_servers = 4; | ||
</ | </ | ||
Ligne 395: | Ligne 394: | ||
Find the '' | Find the '' | ||
- | < | + | < |
smtp-amavis | smtp-amavis | ||
-o syslog_name=postfix/ | -o syslog_name=postfix/ | ||
Ligne 416: | Ligne 415: | ||
Press Ctrl+C to stop amavisd-nanny. | Press Ctrl+C to stop amavisd-nanny. | ||
+ | |||
+ | ===== PostGrey : Postfix Greylisting Policy Server | ||
+ | |||
+ | When a request for delivery of a mail is received by Postfix via SMTP, the triplet CLIENT_IP / SENDER / RECIPIENT is built. If it is the first time that this triplet is seen, or if the triplet was first seen, less than 5 minutes ago, then the mail gets rejected with a temporary error. Hopefully spammers or viruses will not try again later, as it is however required per RFC. | ||
+ | |||
+ | ==== Installation ==== | ||
+ | |||
+ | <code bash> | ||
+ | |||
+ | the package is self installing, you have noting to change to the postfix' | ||
+ | ==== Configuration ==== | ||
+ | |||
+ | '' | ||
+ | |||
+ | You may want to " | ||
+ | |||
+ | Edit the two files in ''/ | ||
+ | |||
+ | * '' | ||
+ | * '' | ||
+ | |||
+ | ==== examples ==== | ||
+ | |||
+ | <code sshconfig whitelist_recipients> | ||
+ | # postgrey whitelist for mail recipients | ||
+ | # -------------------------------------- | ||
+ | # put this file in / | ||
+ | |||
+ | # do not delay mail to : | ||
+ | postmaster@ | ||
+ | abuse@ | ||
+ | </ | ||
+ | |||
+ | <code sshconfig whitelist_clients> | ||
+ | # postgrey whitelist for mail client hostnames | ||
+ | # -------------------------------------------- | ||
+ | # put this file in / | ||
+ | # | ||
+ | # postgrey version: 1.36, build date: 2015-09-01 | ||
+ | |||
+ | # Debian-specific additions | ||
+ | # I *know* they run real mail queues, so greylisting only creates bigger load for them. | ||
+ | debconf.org | ||
+ | debian.org | ||
+ | spi-inc.org | ||
+ | |||
+ | # you may also add IPs | ||
+ | 1.1.1.1 | ||
+ | |||
+ | # or regex expressions: | ||
+ | / | ||
+ | </ | ||
===== Skip Virus-Checking for Your Newsletters ===== | ===== Skip Virus-Checking for Your Newsletters ===== | ||
Ligne 426: | Ligne 477: | ||
Add the following lines at the beginning of this file. This will enable '' | Add the following lines at the beginning of this file. This will enable '' | ||
- | < | + | < |
127.0.0.1: | 127.0.0.1: | ||
-o syslog_name=postfix/ | -o syslog_name=postfix/ | ||
Ligne 435: | Ligne 486: | ||
Then add the following lines at the end of this file. Replace 12.34.56.78 with the mail server’s public IP address. This will create another Postfix submission daemon listening on port 10587. This is for client connections from another server. | Then add the following lines at the end of this file. Replace 12.34.56.78 with the mail server’s public IP address. This will create another Postfix submission daemon listening on port 10587. This is for client connections from another server. | ||
- | < | + | < |
12.34.56.78: | 12.34.56.78: | ||
-o syslog_name=postfix/ | -o syslog_name=postfix/ |