Outils pour utilisateurs

Outils du site


infrastructure:serveur_mail:partie_2:debian_jessie_rmilter_rspamd_clamav

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Les deux révisions précédentes Révision précédente
Prochaine révision
Révision précédente
infrastructure:serveur_mail:partie_2:debian_jessie_rmilter_rspamd_clamav [2015/10/12 16:38]
ghusson [Configure clamd]
infrastructure:serveur_mail:partie_2:debian_jessie_rmilter_rspamd_clamav [2017/07/24 15:42] (Version actuelle)
ghusson
Ligne 9: Ligne 9:
 # stop mail services # stop mail services
 for SERVICE_ in postfix dovecot; do service $SERVICE_ stop; done for SERVICE_ in postfix dovecot; do service $SERVICE_ stop; done
-apt-get install rspamd rmilter arj bzip2 cabextract cpio file gzip lhasa jlha-utils lzop nomarch p7zip pax rar rpm unrar unzip zip zoo dovecot-antispam clamav clamav-daemon+apt-get install rspamd rmilter arj bzip2 cabextract cpio file gzip lhasa jlha-utils lzop nomarch p7zip pax rar rpm unrar unzip zip zoo dovecot-antispam clamav clamav-daemon ​sudo
 </​code>​ </​code>​
  
Ligne 28: Ligne 28:
 cp -a /​etc/​clamav/​clamd.conf /​etc/​clamav/​clamd.conf_ cp -a /​etc/​clamav/​clamd.conf /​etc/​clamav/​clamd.conf_
 sed -i '​s|^LocalSocketGroup .*$|LocalSocketGroup _rmilter|g'​ /​etc/​clamav/​clamd.conf sed -i '​s|^LocalSocketGroup .*$|LocalSocketGroup _rmilter|g'​ /​etc/​clamav/​clamd.conf
-sed -i 's|^LocalSocketGroup ​.*$|LocalSocketGroup ​_rmilter|g'​ /​etc/​clamav/​clamd.conf+sed -i 's|^User clamav.*$|User _rmilter|g'​ /​etc/​clamav/​clamd.conf
 cp -a /​etc/​clamav/​freshclam.conf /​etc/​clamav/​freshclam.conf_ cp -a /​etc/​clamav/​freshclam.conf /​etc/​clamav/​freshclam.conf_
 sed -i '​s|^DatabaseOwner .*$|DatabaseOwner _rmilter|g'​ /​etc/​clamav/​freshclam.conf sed -i '​s|^DatabaseOwner .*$|DatabaseOwner _rmilter|g'​ /​etc/​clamav/​freshclam.conf
Ligne 66: Ligne 66:
         dead_time = 300;         dead_time = 300;
         maxerrors = 10;         maxerrors = 10;
-        reject_message = "Spam detecte et rejete. Si ce n'est pas un Sapm, contactez votre administrateur de messagerie SVP. Spam message rejected; If this is not spam contact abuse";​+        reject_message = "Spam detecte et rejete. Si ce n'est pas un spam, contactez votre administrateur de messagerie SVP. Spam message rejected; If this is not spam contact abuse";​
         whitelist = 127.0.0.1/​32;​         whitelist = 127.0.0.1/​32;​
 +        extended_spam_headers = yes;
 }; };
  
Ligne 110: Ligne 111:
 <code bash> <code bash>
 cat << '​EOF'​ >> /​etc/​postfix/​main.cf cat << '​EOF'​ >> /​etc/​postfix/​main.cf
 +
 ################################################​ ################################################​
 # Milters (antispam/​antivirus) # Milters (antispam/​antivirus)
Ligne 117: Ligne 119:
 milter_rcpt_macros = i {rcpt_addr} milter_rcpt_macros = i {rcpt_addr}
 milter_default_action = accept milter_default_action = accept
 +
 EOF EOF
 </​code>​ </​code>​
Ligne 233: Ligne 236:
 recipient_delimiter = _ recipient_delimiter = _
 protocol lmtp { protocol lmtp {
-  postmaster_address = postmaster@liberasys.com+  postmaster_address = __POSTMASTER_ADDRESS__
   mail_plugins = $mail_plugins antispam quota sieve virtual mailbox_alias   mail_plugins = $mail_plugins antispam quota sieve virtual mailbox_alias
 } }
 __EOF__ __EOF__
 +
 +sed -i "​s|__POSTMASTER_ADDRESS__|postmaster@${DEFAULT_MAIL_DOMAIN}|g"​ /​etc/​dovecot/​conf.d/​20-lmtp.conf
 +
 +
 </​code>​ </​code>​
  
Ligne 251: Ligne 258:
   unix_listener imap-postlogin {\   unix_listener imap-postlogin {\
   }\   }\
-}\ 
 |g' /​etc/​dovecot/​conf.d/​10-master.conf |g' /​etc/​dovecot/​conf.d/​10-master.conf
 </​code>​ </​code>​
Ligne 402: Ligne 408:
 echo " ​  ​PUBLIC key path   : $PUBKEY"​ echo " ​  ​PUBLIC key path   : $PUBKEY"​
 echo "-> DNS entries to add:" echo "-> DNS entries to add:"
-echo " ​  ​DKIM ​        : $SELECTOR._domainkey.$DOMAIN ​IN 1800 TXT \"​v=DKIM1;​ k=rsa; p=${DNSDKIM}"​\"​ +echo " ​  ​DKIM ​        : $SELECTOR._domainkey IN 1800 TXT \"​v=DKIM1;​ k=rsa; p=${DNSDKIM}"​\"​ 
-echo " ​  ​SPF ​         : $DOMAIN ​1800 IN TXT \"​v=spf1 mx ?​all\""​+echo " ​  ​SPF ​         : 1800 IN SPF \"​v=spf1 mx ?​all\""​
 echo " ​               : @ 1800 IN TXT \"​v=spf1 mx ?​all\""​ echo " ​               : @ 1800 IN TXT \"​v=spf1 mx ?​all\""​
-echo " ​  DMARC LIGHT  : _dmarc.$DOMAIN ​1800 IN TXT \"​v=DMARC1;​ p=none; rua=mailto:​postmaster@$DOMAIN;​ ruf=mailto:​postmaster@$DOMAIN;​ fo=1; adkim=r; aspf=r; rf=afrf; ri=1800\""​ +echo " ​  DMARC LIGHT  : _dmarc 1800 IN TXT \"​v=DMARC1;​ p=none; rua=mailto:​postmaster@$DOMAIN;​ ruf=mailto:​postmaster@$DOMAIN;​ fo=1; adkim=r; aspf=r; rf=afrf; ri=1800\""​ 
-echo " ​  DMARC REJECT : _dmarc.$DOMAIN ​1800 IN TXT \"​v=DMARC1;​ p=reject; rua=mailto:​postmaster@$DOMAIN;​ ruf=mailto:​postmaster@$DOMAIN;​ fo=1; adkim=r; aspf=r; rf=afrf; ri=1800\""​+echo " ​  DMARC REJECT : _dmarc 1800 IN TXT \"​v=DMARC1;​ p=reject; rua=mailto:​postmaster@$DOMAIN;​ ruf=mailto:​postmaster@$DOMAIN;​ fo=1; adkim=r; aspf=r; rf=afrf; ri=1800\""​
 echo "-> rmilter.conf :" echo "-> rmilter.conf :"
 echo " ​   domain {" echo " ​   domain {"
 echo " ​     key = $RMILTERLNK;"​ echo " ​     key = $RMILTERLNK;"​
-echo " ​     domain = \"liberasys.com\";"​+echo " ​     domain = \"$DOMAIN\";"​
 echo " ​     selector = \"​$SELECTOR\";"​ echo " ​     selector = \"​$SELECTOR\";"​
 echo " ​   };" echo " ​   };"
Ligne 429: Ligne 435:
  
 <file bash example> <file bash example>
 +root@mail:​~#​ /​opt/​admin_scripts/​make_dkim_keys.bash
 +illegal number of parameters
 +/​opt/​admin_scripts/​make_dkim_keys.bash <domain name>
 +root@mail:​~#​ /​opt/​admin_scripts/​make_dkim_keys.bash alocean.com
 +Generating RSA private key, 1024 bit long modulus
 +................................................................................++++++
 +................++++++
 +e is 65537 (0x10001)
 +writing RSA key
 ================================================================================ ================================================================================
--> New DNS DKIM for liberasys.com. Selector is : 201509231353 +-> New DNS DKIM for alocean.com. Selector is : 201511301053 
-   ​PRIVATE key path  : /etc/dkim/dkim_private_201509231353._domainkey.liberasys.com.pem.key +   ​PRIVATE key path  : /etc/dkim/dkim_private_201511301053._domainkey.alocean.com.pem.key 
-                       /​etc/​dkim/​liberasys.com.201509231353.key +                       /​etc/​dkim/​alocean.com.201511301053.key 
-   ​PUBLIC key path   : /etc/dkim/dkim_public_201509231353._domainkey.liberasys.com.pem.key+   ​PUBLIC key path   : /etc/dkim/dkim_public_201511301053._domainkey.alocean.com.pem.key
 -> DNS entries to add: -> DNS entries to add:
-   ​DKIM ​        : ​201509231353._domainkey IN 1800 TXT "​v=DKIM1;​ k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVGL0FXZA6eEhiJN/YhurFTX8aQxpgFESxoueL171LBmhqxoEEyjTxF+s9T5SG2ADNDrkxptFlMmrh8RfcEZ9xBN/V7xjdgWdYt6lpesgNH4MvJzKjd8DxjARBv9ZrlA390sAouVlZEI4upoMEd8xuqQVrZ9dOWy6XET5Kpe63JwIDAQAB+   ​DKIM ​        : ​201511301053._domainkey IN 1800 TXT "​v=DKIM1;​ k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDe9mpx9bG904HdYt1s74jV/kqGKp5XP3PhX2cB+so89SHCgFw9Wu1mJBBIdDB2mi46DCgrK4MCwZtHYhbegJgdq1X6H1ifZHBjOtprEb8T+vY4ZDPotFkzHtk8TENVhWbbpHY/​fsyY/​YgFAyQO69NaCKmfrOOCLOpW8aTv/CkMGQIDAQAB
-   ​SPF ​         : liberasys.com 1800 IN TXT "​v=spf1 mx ?​all"​ +   ​SPF ​         : alocean.com 1800 IN SPF "​v=spf1 mx ?​all"​ 
-                : 1800 IN TXT "​v=spf1 mx ?​all"​ +                : alocean.com ​1800 IN TXT "​v=spf1 mx ?​all"​ 
-   DMARC LIGHT  : _dmarc 1800 IN TXT "​v=DMARC1;​ p=none; rua=mailto:​postmaster@liberasys.com; ruf=mailto:​postmaster@liberasys.com; fo=1; adkim=r; aspf=r; rf=afrf; ri=1800"​ +   DMARC LIGHT  : _dmarc 1800 IN TXT "​v=DMARC1;​ p=none; rua=mailto:​postmaster@alocean.com; ruf=mailto:​postmaster@alocean.com; fo=1; adkim=r; aspf=r; rf=afrf; ri=1800"​ 
-   DMARC REJECT : _dmarc 1800 IN TXT "​v=DMARC1;​ p=reject; rua=mailto:​postmaster@liberasys.com; ruf=mailto:​postmaster@liberasys.com; fo=1; adkim=r; aspf=r; rf=afrf; ri=1800"​+   DMARC REJECT : _dmarc 1800 IN TXT "​v=DMARC1;​ p=reject; rua=mailto:​postmaster@alocean.com; ruf=mailto:​postmaster@alocean.com; fo=1; adkim=r; aspf=r; rf=afrf; ri=1800"​
 -> rmilter.conf : -> rmilter.conf :
     domain {     domain {
-      key = /etc/dkim/liberasys.com.201509231353.key;+      key = /etc/dkim/alocean.com.201511301053.key;
       domain = "​liberasys.com";​       domain = "​liberasys.com";​
-      selector = "201509231353";+      selector = "201511301053";
     };     };
 ================================================================================ ================================================================================
 +chown -R _rmilter:​_rmilter /etc/dkim
 +chmod 550 /etc/dkim
 +chmod 640 /etc/dkim/*
 +service rmilter stop && sleep 2 && service rmilter start
 </​file>​ </​file>​
 +
 +
 +
 +===== Configure rspamd =====
 +Verify you have scoring decisions matching your spam policy. For example :
 +vi /​etc/​rspamd/​metrics.conf
 +<​file>​
 +metric {
 +    name = "​default";​
 +        actions {
 +                reject = 100;
 +                add_header = 6;
 +                greylist = 4;
 +        };
 +</​file>​
 +
  
  
Ligne 454: Ligne 489:
 In order to check everything is good, we do a full stop/start of the complete chain (in the good order!) In order to check everything is good, we do a full stop/start of the complete chain (in the good order!)
 <code bash> <code bash>
 +# tail logs
 +tail -f /​var/​log/​syslog /​var/​log/​mail.{err,​info,​log,​warn} &
 # stop mail services # stop mail services
 for SERVICE_ in postfix dovecot rmilter clamav-freshclam clamav-daemon rspamd; do service $SERVICE_ stop; done for SERVICE_ in postfix dovecot rmilter clamav-freshclam clamav-daemon rspamd; do service $SERVICE_ stop; done
 # start mail services # start mail services
 for SERVICE_ in rspamd clamav-daemon clamav-freshclam rmilter dovecot postfix; do service $SERVICE_ start; done for SERVICE_ in rspamd clamav-daemon clamav-freshclam rmilter dovecot postfix; do service $SERVICE_ start; done
 +fg
 </​code>​ </​code>​
  
Ligne 464: Ligne 502:
  
  
-TODO : copie des spams à l'admin+TODO : copy spams to a specific ​admin mailbox/​folder ?
  
infrastructure/serveur_mail/partie_2/debian_jessie_rmilter_rspamd_clamav.1444660680.txt.gz · Dernière modification: 2015/10/12 16:38 par ghusson