Différences

Ci-dessous, les différences entre deux révisions de la page.

--- tutoriaux:install-email-server-part-8 [2022/08/31 13:15] – [Prerequisites] frater
+++ tutoriaux:install-email-server:install-email-server-part-8 [2023/04/23 16:48] (Version actuelle) – [Installation] frater
@@ Ligne 13: / Ligne 13: @@
 ===== Prerequisites =====
-You should have completed at least [[tutoriaux:install-email-server-part-1|part 1 (Postfix SMTP server)]] and [[tutoriaux:install-email-server-part-2|part 2 (Dovecot IMAP server)]] of the Debian mail server from scratch tutorial series.
+You should have completed at least [[tutoriaux:install-email-server:install-email-server-part-1|part 1 (Postfix SMTP server)]] and [[tutoriaux:install-email-server:install-email-server-part-2|part 2 (Dovecot IMAP server)]] of the Debian mail server from scratch tutorial series.
 Note that if you used iRedMail or Modoboa to set up your mail server, then Amavis and ClamAV are already installed and configured, so you don’t need to follow this tutorial.
-<WRAP center round alert 80%>
+<WRAP round alert>
 Warning: Amavis and ClamAV require a fair amount of RAM. Make sure you have at least 1.5 GB free RAM on your server before installing Amavis and ClamAV. The whole mail server stack (Postfix, Dovecot, Amavis, ClamAV, SpamAssassin, OpenDKIM, MySQL/MariaDB, PostfixAdmin, and Roundcube Webmail) needs at least 3 GB RAM to run smoothly. If your RAM runs out, you are going to have troubles like mail server going offline or unresponsive.
 </WRAP>
@@ Ligne 113: / Ligne 113: @@
 Add the following line at the end of the file. This tells Postfix to turn on content filtering by sending every incoming email message to Amavis, which listens on //127.0.0.1:10024//.
-<code>content_filter = smtp-amavis:[127.0.0.1]:10024</code>
+<code ini>content_filter = smtp-amavis:[127.0.0.1]:10024</code>
 Also, add the following line.
-<code>smtpd_proxy_options = speed_adjust</code>
+<code ini>smtpd_proxy_options = speed_adjust</code>
 This will delay Postfix connection to content filter until the entire email message has been received, which can prevent content filters from wasting time and resources for slow SMTP clients.
@@ Ligne 127: / Ligne 127: @@
 Add the following lines at the end of the file. This instructs Postfix to use a special SMTP client component called ''smtp-amavis'' to deliver email messages to Amavis. Please allow at least one whitespace character (tab or spacebar) before each ''-o''. In postfix configurations, a preceding whitespace character means that this line is continuation of the previous line.
-<code>
+<code ini>
 smtp-amavis   unix   -   -   n   -   2   smtp
     -o syslog_name=postfix/amavis
@@ Ligne 139: / Ligne 139: @@
 Then add the following lines at the end of the file. This tells Postfix to run an additional smtpd daemon listening on ''127.0.0.1:10025'' to receive email messages back from Amavis.
-<code>
+<code ini>
 .0.0.1:10025   inet   n    -     n     -     -    smtpd
     -o syslog_name=postfix/10025
@@ Ligne 193: / Ligne 193: @@
 {{ tutoriaux:debian-email:debian-clamav-db-update.png |}}
-<WRAP center round info 80%>
+<WRAP round info>
 Hint: If the above command doesn’t quit immediately, press the Q key to make it quit.
 </WRAP>
@@ Ligne 210: / Ligne 210: @@
 As you can see, it failed to start because a condition wasn’t met. In the /lib/systemd/system/clamav-daemon.service file, there are two conditions:
-<code>
+<code ini>
 ConditionPathExistsGlob=/var/lib/clamav/main.{c[vl]d,inc}
 ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc}
@@ Ligne 233: / Ligne 233: @@
 Uncomment the following lines to enable virus-checking.
-<code>
+<code python>
 #@bypass_virus_checks_maps = (
 #      \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
@@ Ligne 268: / Ligne 268: @@
 Custom settings should be added between the use ''strict;'' and ''1;'' line. By default, Amavis only listens on port 10024. Add the following line to make it also listen on port 10026.
-<code>$inet_socket_port = [10024,10026];</code>
+<code python>$inet_socket_port = [10024,10026];</code>
 Then add the following line, which sets the “ORIGINATING” policy for port 10026.
-<code>$interface_policy{'10026'} = 'ORIGINATING';</code>
+<code python>$interface_policy{'10026'} = 'ORIGINATING';</code>
 Next, add the following lines, which define the “ORIGINATING” policy.
-<code>
+<code python>
 $policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
   originating => 1,  # declare that mail was submitted by our smtp client
@@ Ligne 325: / Ligne 324: @@
 ===== Spam Filtering in Amavis =====
-<WRAP center round important 80%>
+<WRAP round important>
 If you have followed my SpamAssassin tutorial, you don’t need to enable spam-checking in Amavis. If you enable it, each email will be checked twice by SpamAssassin.
 </WRAP>
@@ Ligne 339: / Ligne 338: @@
 Uncomment the following lines to enable spam-checking.
-<code>
+<code python>
 #@bypass_spam_checks_maps = (
 #   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
@@ Ligne 349: / Ligne 348: @@
 ===== DKIM in Amavis =====
-Two common pieces of software that can do DKIM signing and verification on Linux are [[tutoriaux:install-email-server-part-4|OpenDKIM]] and Amavis. I prefer to use OpenDKIM because it works better with [[tutoriaux:install-email-server-part-5|OpenDMARC]]. So I won’t explain how to DKIM sign your email in Amavis.
+Two common pieces of software that can do DKIM signing and verification on Linux are [[tutoriaux:install-email-server:install-email-server-part-4|OpenDKIM]] and Amavis. I prefer to use OpenDKIM because it works better with [[tutoriaux:install-email-server:install-email-server-part-5|OpenDMARC]]. So I won’t explain how to DKIM sign your email in Amavis.
 By default, Amavis can verify the DKIM signature of incoming email messages. If you have OpenDKIM running on your mail server, then you can disable DKIM verification in Amavis.
@@ Ligne 357: / Ligne 356: @@
 Find the following line and change 1 to 0, so Amavis won’t verify DKIM signatures.
-<code>$enable_dkim_verification = 1;</code>
+<code python>$enable_dkim_verification = 1;</code>
 Save and close the file. Then restart Amavis.
@@ Ligne 385: / Ligne 384: @@
 Add the following line in the file between the use ''strict;'' and ''1;'' line. This will make Amavis run 4 processes. If you have 10 CPU cores, you can change 4 to 10. Note that running more than 10 Amavis processes has little effect on performance.
-<code>
+<code python>
 $max_servers = 4;
 </code>
@@ Ligne 395: / Ligne 394: @@
 Find the ''smtp-amavis'' service definition, and change the process limit from 2 to 4.
-<code>
+<code ini>
 smtp-amavis   unix   -   -   n   -   4   smtp
     -o syslog_name=postfix/amavis
@@ Ligne 416: / Ligne 415: @@
 Press Ctrl+C to stop amavisd-nanny.
+===== PostGrey : Postfix Greylisting Policy Server  =====
+When a request for delivery of a mail is received by Postfix via SMTP, the triplet CLIENT_IP / SENDER / RECIPIENT is built. If it is the first time that this triplet is seen, or if the triplet was first seen, less than 5 minutes ago, then the mail gets rejected with a temporary error. Hopefully spammers or viruses will not try again later, as it is however required per RFC.
+==== Installation ====
+<code bash>sudo apt install postgrey</code>
+the package is self installing, you have noting to change to the postfix's configuration files.
+==== Configuration ====
+''postgrey'' is, out-of-the-box working (by replying to unknown sender to retry sending later (usually 5 minutes).
+You may want to "whitelist" sender or destination email (by white listing you're **NOT** applying any delay or retry policies).
+Edit the two files in ''/etc/postgey/'' directory
+    * ''whitelist_clients'' is for whitelisting the sender's hostname
+    * ''whitelist_reciepients'' is for not applying **ANY** delay nor retry to specific destination (internal) email.
+==== examples ====
+<code sshconfig whitelist_recipients>
+# postgrey whitelist for mail recipients
+# --------------------------------------
+# put this file in /etc/postgrey or specify its path with --whitelist-recipients=xxx
+# do not delay mail to :
+postmaster@
+abuse@
+</code>
+<code sshconfig whitelist_clients>
+# postgrey whitelist for mail client hostnames
+# --------------------------------------------
+# put this file in /etc/postgrey or specify its path with --whitelist-clients=xxx
+#
+# postgrey version: 1.36, build date: 2015-09-01
+# Debian-specific additions
+# I *know* they run real mail queues, so greylisting only creates bigger load for them.
+debconf.org
+debian.org
+spi-inc.org
+# you may also add IPs
+.1.1.1
+# or regex expressions:
+/^mail\d+\.telekom\.de$/
+</code>
 ===== Skip Virus-Checking for Your Newsletters =====
@@ Ligne 426: / Ligne 477: @@
 Add the following lines at the beginning of this file. This will enable ''smtpd'' on port 2525 of the localhost and it can accept client connections initiated from the same server. If there’s another process listening on port 2525, you can change 127.0.0.1:2525 to something else, like 127.0.0.1:2552. Note that the ''content_filter'' parameter is set to ''none'', which means emails won’t be scanned by ClamAV.
-<code>
+<code ini>
 .0.0.1:2525      inet  n       -       -       -       1       smtpd
   -o syslog_name=postfix/2525
@@ Ligne 435: / Ligne 486: @@
 Then add the following lines at the end of this file. Replace 12.34.56.78 with the mail server’s public IP address. This will create another Postfix submission daemon listening on port 10587. This is for client connections from another server.
-<code>
+<code ini>
 .34.56.78:10587     inet     n    -    y    -    -    smtpd
   -o syslog_name=postfix/10587

Nox-Rhea WiKi

Outils pour utilisateurs

Outils du site

Différences

Outils de la page