WIKI Liberasys

Outils pour utilisateurs

Outils du site

Piste :
infrastructure:serveur_mail:partie_2:debian_jessie_rmilter_rspamd_clamav

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Les deux révisions précédentesRévision précédente
Prochaine révision		Révision précédente
infrastructure:serveur_mail:partie_2:debian_jessie_rmilter_rspamd_clamav [2015/10/12 14:39] – [Installation : rspamd, rmilter, clamav and tools] ghussoninfrastructure:serveur_mail:partie_2:debian_jessie_rmilter_rspamd_clamav [2017/07/24 13:42] (Version actuelle) ghusson
Ligne 28: Ligne 28:
 cp -a /etc/clamav/clamd.conf /etc/clamav/clamd.conf_ cp -a /etc/clamav/clamd.conf /etc/clamav/clamd.conf_
 sed -i 's|^LocalSocketGroup .*$|LocalSocketGroup _rmilter|g' /etc/clamav/clamd.conf sed -i 's|^LocalSocketGroup .*$|LocalSocketGroup _rmilter|g' /etc/clamav/clamd.conf
-sed -i 's|^LocalSocketGroup .*$|LocalSocketGroup _rmilter|g' /etc/clamav/clamd.conf+sed -i 's|^User clamav.*$|User _rmilter|g' /etc/clamav/clamd.conf
 cp -a /etc/clamav/freshclam.conf /etc/clamav/freshclam.conf_ cp -a /etc/clamav/freshclam.conf /etc/clamav/freshclam.conf_
 sed -i 's|^DatabaseOwner .*$|DatabaseOwner _rmilter|g' /etc/clamav/freshclam.conf sed -i 's|^DatabaseOwner .*$|DatabaseOwner _rmilter|g' /etc/clamav/freshclam.conf
Ligne 66: Ligne 66:
         dead_time = 300;         dead_time = 300;
         maxerrors = 10;         maxerrors = 10;
-        reject_message = "Spam detecte et rejete. Si ce n'est pas un Sapm, contactez votre administrateur de messagerie SVP. Spam message rejected; If this is not spam contact abuse";+        reject_message = "Spam detecte et rejete. Si ce n'est pas un spam, contactez votre administrateur de messagerie SVP. Spam message rejected; If this is not spam contact abuse";
         whitelist = 127.0.0.1/32;         whitelist = 127.0.0.1/32;
 +        extended_spam_headers = yes;
 }; };
  
Ligne 235: Ligne 236:
 recipient_delimiter = _ recipient_delimiter = _
 protocol lmtp { protocol lmtp {
-  postmaster_address = postmaster@liberasys.com+  postmaster_address = __POSTMASTER_ADDRESS__
   mail_plugins = $mail_plugins antispam quota sieve virtual mailbox_alias   mail_plugins = $mail_plugins antispam quota sieve virtual mailbox_alias
 } }
 __EOF__ __EOF__
 +
 +sed -i "s|__POSTMASTER_ADDRESS__|postmaster@${DEFAULT_MAIL_DOMAIN}|g" /etc/dovecot/conf.d/20-lmtp.conf
 +
 +
 </code> </code>
  
Ligne 253: Ligne 258:
   unix_listener imap-postlogin {\   unix_listener imap-postlogin {\
   }\   }\
-}\ 
 |g' /etc/dovecot/conf.d/10-master.conf |g' /etc/dovecot/conf.d/10-master.conf
 </code> </code>
Ligne 404: Ligne 408:
 echo "   PUBLIC key path   : $PUBKEY" echo "   PUBLIC key path   : $PUBKEY"
 echo "-> DNS entries to add:" echo "-> DNS entries to add:"
-echo "   DKIM         : $SELECTOR._domainkey.$DOMAIN IN 1800 TXT \"v=DKIM1; k=rsa; p=${DNSDKIM}"\" +echo "   DKIM         : $SELECTOR._domainkey IN 1800 TXT \"v=DKIM1; k=rsa; p=${DNSDKIM}"\" 
-echo "   SPF          : $DOMAIN 1800 IN TXT \"v=spf1 mx ?all\""+echo "   SPF          : 1800 IN SPF \"v=spf1 mx ?all\""
 echo "                : @ 1800 IN TXT \"v=spf1 mx ?all\"" echo "                : @ 1800 IN TXT \"v=spf1 mx ?all\""
-echo "   DMARC LIGHT  : _dmarc.$DOMAIN 1800 IN TXT \"v=DMARC1; p=none; rua=mailto:postmaster@$DOMAIN; ruf=mailto:postmaster@$DOMAIN; fo=1; adkim=r; aspf=r; rf=afrf; ri=1800\"" +echo "   DMARC LIGHT  : _dmarc 1800 IN TXT \"v=DMARC1; p=none; rua=mailto:postmaster@$DOMAIN; ruf=mailto:postmaster@$DOMAIN; fo=1; adkim=r; aspf=r; rf=afrf; ri=1800\"" 
-echo "   DMARC REJECT : _dmarc.$DOMAIN 1800 IN TXT \"v=DMARC1; p=reject; rua=mailto:postmaster@$DOMAIN; ruf=mailto:postmaster@$DOMAIN; fo=1; adkim=r; aspf=r; rf=afrf; ri=1800\""+echo "   DMARC REJECT : _dmarc 1800 IN TXT \"v=DMARC1; p=reject; rua=mailto:postmaster@$DOMAIN; ruf=mailto:postmaster@$DOMAIN; fo=1; adkim=r; aspf=r; rf=afrf; ri=1800\""
 echo "-> rmilter.conf :" echo "-> rmilter.conf :"
 echo "    domain {" echo "    domain {"
 echo "      key = $RMILTERLNK;" echo "      key = $RMILTERLNK;"
-echo "      domain = \"liberasys.com\";"+echo "      domain = \"$DOMAIN\";"
 echo "      selector = \"$SELECTOR\";" echo "      selector = \"$SELECTOR\";"
 echo "    };" echo "    };"
Ligne 431: Ligne 435:
  
 <file bash example> <file bash example>
 +root@mail:~# /opt/admin_scripts/make_dkim_keys.bash
 +illegal number of parameters
 +/opt/admin_scripts/make_dkim_keys.bash <domain name>
 +root@mail:~# /opt/admin_scripts/make_dkim_keys.bash alocean.com
 +Generating RSA private key, 1024 bit long modulus
 +................................................................................++++++
 +................++++++
 +e is 65537 (0x10001)
 +writing RSA key
 ================================================================================ ================================================================================
--> New DNS DKIM for liberasys.com. Selector is : 201509231353 +-> New DNS DKIM for alocean.com. Selector is : 201511301053 
-   PRIVATE key path  : /etc/dkim/dkim_private_201509231353._domainkey.liberasys.com.pem.key +   PRIVATE key path  : /etc/dkim/dkim_private_201511301053._domainkey.alocean.com.pem.key 
-                       /etc/dkim/liberasys.com.201509231353.key +                       /etc/dkim/alocean.com.201511301053.key 
-   PUBLIC key path   : /etc/dkim/dkim_public_201509231353._domainkey.liberasys.com.pem.key+   PUBLIC key path   : /etc/dkim/dkim_public_201511301053._domainkey.alocean.com.pem.key
 -> DNS entries to add: -> DNS entries to add:
-   DKIM         : 201509231353._domainkey IN 1800 TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVGL0FXZA6eEhiJN/YhurFTX8aQxpgFESxoueL171LBmhqxoEEyjTxF+s9T5SG2ADNDrkxptFlMmrh8RfcEZ9xBN/V7xjdgWdYt6lpesgNH4MvJzKjd8DxjARBv9ZrlA390sAouVlZEI4upoMEd8xuqQVrZ9dOWy6XET5Kpe63JwIDAQAB+   DKIM         : 201511301053._domainkey IN 1800 TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDe9mpx9bG904HdYt1s74jV/kqGKp5XP3PhX2cB+so89SHCgFw9Wu1mJBBIdDB2mi46DCgrK4MCwZtHYhbegJgdq1X6H1ifZHBjOtprEb8T+vY4ZDPotFkzHtk8TENVhWbbpHY/fsyY/YgFAyQO69NaCKmfrOOCLOpW8aTv/CkMGQIDAQAB
-   SPF          : liberasys.com 1800 IN TXT "v=spf1 mx ?all" +   SPF          : alocean.com 1800 IN SPF "v=spf1 mx ?all" 
-                : 1800 IN TXT "v=spf1 mx ?all" +                : alocean.com 1800 IN TXT "v=spf1 mx ?all" 
-   DMARC LIGHT  : _dmarc 1800 IN TXT "v=DMARC1; p=none; rua=mailto:postmaster@liberasys.com; ruf=mailto:postmaster@liberasys.com; fo=1; adkim=r; aspf=r; rf=afrf; ri=1800" +   DMARC LIGHT  : _dmarc 1800 IN TXT "v=DMARC1; p=none; rua=mailto:postmaster@alocean.com; ruf=mailto:postmaster@alocean.com; fo=1; adkim=r; aspf=r; rf=afrf; ri=1800" 
-   DMARC REJECT : _dmarc 1800 IN TXT "v=DMARC1; p=reject; rua=mailto:postmaster@liberasys.com; ruf=mailto:postmaster@liberasys.com; fo=1; adkim=r; aspf=r; rf=afrf; ri=1800"+   DMARC REJECT : _dmarc 1800 IN TXT "v=DMARC1; p=reject; rua=mailto:postmaster@alocean.com; ruf=mailto:postmaster@alocean.com; fo=1; adkim=r; aspf=r; rf=afrf; ri=1800"
 -> rmilter.conf : -> rmilter.conf :
     domain {     domain {
-      key = /etc/dkim/liberasys.com.201509231353.key;+      key = /etc/dkim/alocean.com.201511301053.key;
       domain = "liberasys.com";       domain = "liberasys.com";
-      selector = "201509231353";+      selector = "201511301053";
     };     };
 ================================================================================ ================================================================================
 +chown -R _rmilter:_rmilter /etc/dkim
 +chmod 550 /etc/dkim
 +chmod 640 /etc/dkim/*
 +service rmilter stop && sleep 2 && service rmilter start
 </file> </file>
 +
 +
 +
 +===== Configure rspamd =====
 +Verify you have scoring decisions matching your spam policy. For example :
 +vi /etc/rspamd/metrics.conf
 +<file>
 +metric {
 +    name = "default";
 +        actions {
 +                reject = 100;
 +                add_header = 6;
 +                greylist = 4;
 +        };
 +</file>
 +
  
  
Ligne 456: Ligne 489:
 In order to check everything is good, we do a full stop/start of the complete chain (in the good order!) In order to check everything is good, we do a full stop/start of the complete chain (in the good order!)
 <code bash> <code bash>
 +# tail logs
 +tail -f /var/log/syslog /var/log/mail.{err,info,log,warn} &
 # stop mail services # stop mail services
 for SERVICE_ in postfix dovecot rmilter clamav-freshclam clamav-daemon rspamd; do service $SERVICE_ stop; done for SERVICE_ in postfix dovecot rmilter clamav-freshclam clamav-daemon rspamd; do service $SERVICE_ stop; done
 # start mail services # start mail services
 for SERVICE_ in rspamd clamav-daemon clamav-freshclam rmilter dovecot postfix; do service $SERVICE_ start; done for SERVICE_ in rspamd clamav-daemon clamav-freshclam rmilter dovecot postfix; do service $SERVICE_ start; done
 +fg
 </code> </code>
  
Ligne 466: Ligne 502:
  
  
-TODO : copie des spams à l'admin+TODO : copy spams to a specific admin mailbox/folder ?
  
infrastructure/serveur_mail/partie_2/debian_jessie_rmilter_rspamd_clamav.1444660790.txt.gz · Dernière modification : 2015/10/12 14:39 de ghusson