1 / 30

NA homework 4

Learn how to set up a mail server using Postfix, Cyrus, and TLS. This tutorial covers installation steps, configuring Postfix with TLS, setting up Cyrus-sasl2-saslauthd, installing Amavisd-new and Clamav for virus scanning, and final configurations for Postfix.

laureng
Download Presentation

NA homework 4

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NA homework 4 lianlee@csie.nctu.edu.tw chiahung@csie.nctu.edu.tw

  2. Requirement • Basic • postfix 30 • pop3 & imap 20 • amavisd-new 20 • clamav 20 • spamassassin 10 • Bonus • cyrus 15 • TLS 15 • webmail 15

  3. Demo • 5/27 (Friday) at CS computer center • 11:30-12:30 • 13:30-16:00 • Setup your MUA before Demo, or you’ll get no point if something don’t work • Show your mail functions to TA, you could use ‘Remote Desktop’ • Be prepared, TA will ask questions

  4. Question?

  5. Installation Steps • postfix • cyrus-sasl2-saslauthd • imap-uw • amavisd-new • clamav • openwebmail

  6. Postfix # cd /usr/ports/mail/postfix # make install clean

  7. Postfix ===> Installing for postfix-2.2.1,1 ===> postfix-2.2.1,1 depends on shared library: sasl2.2 - found ===> postfix-2.2.1,1 depends on shared library: pcre.0 - found Added group "postfix". Added group "maildrop". Added user "postfix". You need user "postfix" added to group "mail". Would you like me to add it [y]? y install -o root -g wheel -m 444 /usr/ports/mail/postfix/work/postfix-2.2.1/conf/virtual /usr/local/etc/postfix/dist Installed HTML documentation in /usr/local/share/doc/postfix Would you like to activate Postfix in /etc/mail/mailer.conf [n]? n

  8. Postfix # cd /usr/local/etc/rc.d # ln -s /usr/local/sbin/postfix postfix.sh • edit /etc/rc.conf sendmail_enable="NONE“ • edit /etc/defaults/periodic.conf daily_clean_hoststat_enable="NO" daily_status_mail_rejects_enable="NO" daily_status_include_submit_mailq="NO" daily_submit_queuerun="NO"

  9. Postfix • edit /usr/local/etc/postfix/main.cf • edit it by your self • ex: myhostname, mynetworks, alias_maps…

  10. make your certificates edit /usr/local/etc/postfix/main.cf Postfix with TLS

  11. Cyrus-sasl2-saslauthd Why?

  12. Cyrus-sasl2-saslauthd # cd /usr/ports/security/cyrus-sasl2-saslauthd # make install clean edit /etc/rc.conf saslauthd_enable="YES"

  13. imap-uw # cd /usr/ports/mail/imap-uw # make install clean edit /etc/inetd.conf pop3 stream tcp nowait root /usr/local/libexec/ipop3d ipop3d imap4 stream tcp nowait root /usr/local/libexec/imapd imapd If using TLS pop3s stream tcp nowait root /usr/local/libexec/ipop3d ipop3d imaps stream tcp nowait root /usr/local/libexec/imapd imapd

  14. Stop and Test • It’s better to test you can receive and send mail before next step • If it’s not work, check /var/log/maillog # /usr/local/etc/rc.d/saslauthd.sh start # /usr/local/etc/rc.d/postfix.sh start # kill –HUP `cat /var/run/inetd.pid`

  15. Amavisd-new # cd /usr/ports/security/amavisd-new # make install clean

  16. Amavisd-new ************************************************************************* * _ _____ _____ _____ _ _ _____ ___ ___ _ _ * * / \|_ _|_ _| ____| \ | |_ _|_ _/ _ \| \ | | * * / _ \ | | | | | _| | \| | | | | | | | | \| | * * / ___ \| | | | | |___| |\ | | | | | |_| | |\ | * * /_/ \_\_| |_| |_____|_| \_| |_| |___\___/|_| \_| * * * * See /usr/local/share/doc/p5-Mail-SpamAssassin/INSTALL, * * and /usr/local/share/doc/p5-Mail-SpamAssassin/UPGRADE, * * or http://spamassassin.org/dist/INSTALL and * * http://spamassassin.org/dist/UPGRADE BEFORE enabling * * this version of SpamAssassin for important information * * regarding changes in this version. * * *

  17. Amavisd-new Added group "vscan". Added user "vscan". Created "/var/amavis" directory. Created "/var/amavis/db" directory. Created "/var/amavis/tmp" directory. Created "/var/virusmails" directory. To use amavisd-new, you need to install at least one virus scanner. The following virus scanners are available in the FreeBSD ports collection: /usr/ports/security/vscan McAfee VirusScan /usr/ports/security/clamav Clam Antivirus /usr/ports/security/f-prot F-Prot Antivirus /usr/ports/security/drweb DrWeb antivirus suite

  18. Amavisd-new Enable amavisd-new in /etc/rc.conf with the following line: amavisd_enable="YES" If you want to use the amavis sendmail milter interface, you need the following additional line in /etc/rc.conf amavis_milter_enable="YES" Configuration templates are available in /usr/local/etc as amavisd.conf-dist, amavisd.conf-sample and amavisd.conf-default. Documentation is available in /usr/local/share/doc/amavisd-new.

  19. Clamav # cd /usr/ports/security/clamav # make install clean

  20. Clamav edit /etc/rc.conf clamav_clamd_enable="YES" clamav_freshclam_enable="YES" edit where you put your aliases file virusalert: root edit /usr/local/etc/clamd.conf by yourself, the default setting should work?

  21. Final Configuration

  22. Final Configuration for Postfix edit /usr/local/etc/postfix/master.cf 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o mynetworks=127.0.0.0/8 -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o strict_rfc821_envelopes=yes -o notify_classes=protocol,resource,software smtp-amavis unix - - n - 2 smtp -o disable_dns_lookups=yes -o smtp_data_done_timeout=1200s -o smtp_never_send_ehlo=yes -o notify_classes=protocol,resource,software

  23. Final Configuration for Postfix edit /usr/local/etc/postfix/main.cf content_filter = smtp-amavis:[127.0.0.1]:10024

  24. Final Configuration for Amavisd-new edit /usr/local/etc/amavisd.conf $mydomain = 'alee.twbbs.org' $notify_method = 'smtp:[127.0.0.1]:10025'; $forward_method = 'smtp:[127.0.0.1]:10025';

  25. Now Startup everything # /usr/local/etc/rc.d/clamav-clamd.sh start # /usr/local/etc/rc.d/amavisd.sh start # /usr/local/etc/rc.d/postfix.sh restart

  26. Test for Virus # telnet localhost 25 Trying ::1... Trying 127.0.0.1... Connected to localhost.twbbs.org. Escape character is '^]'. 220 alee.twbbs.org ESMTP Postfix ehlo twbbs.org 250-alee.twbbs.org 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250 8BITMIME mail from: <lianlee@alee.twbbs.org> 250 Ok rcpt to: <lianlee@alee.twbbs.org> 250 Ok data 354 End data with <CR><LF>.<CR><LF> Subject: Virus Coming X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* . 250 Ok: queued as 647781152E quit 221 Bye Connection closed by foreign host.

  27. Test for Virus Normal Mail May 11 20:09:27 alee amavis[29003]: (29003-01) Passed CLEAN, [140.113.216.158] <lianlee@csie.nctu.edu.tw> -> <lianlee@alee.twbbs.org>, Message-ID: <20050511120922.DEEAF29019E@auth.csie.nctu.edu.tw>, mail_id: Vidtcl9St6oz, Hits: -, 1312 ms Mail with virus May 13 16:55:50 alee amavis[29004]: (29004-05) Blocked INFECTED (Eicar-Test-Signature), [127.0.0.1] <?@localhost.twbbs.org> -> <lianlee@alee.twbbs.org>, quarantine: virus-VivGNwT9NIja, Message-ID: <20050513085503.647781152E@alee.twbbs.org>, mail_id: VivGNwT9NIja, Hits: -, 1071 ms

  28. Spamassassin /usr/local/etc/amavis.conf /usr/local/etc/mail/spamassassin/local.cf man Mail::SpamAssassin::Conf

  29. Spamassassin Message-Id: <200505172015.j4HKFFPV015614@localhost.localdomain> From: =?Big5?B?wnmkSKR+?= <VGpEz@btyft.com> To: "undisclosed-recipients" <usemame@yahoo.com.tw> Subject: [SPAM]=?Big5?B?wLCnQbNXubqlzbJQqrqkdadA?= Date: Sun, 19 May 2002 04:50:36 +0800 Content-Type: text/html; charset="big5" Content-Transfer-Encoding: 8bit Sender: =?big5?B?wnmkSKR+?= <VGpEz@btyft.com> Reply-To: VGpEz@btyft.com X-Virus-Scanned: amavisd-new at csie.nctu.edu.tw X-Spam-Status: Yes, hits=10.687 tagged_above=3 required=6.3 tests=BAYES_60, DATE_IN_PAST_96_XX, DOMAIN_RATIO, HTML_90_100, HTML_IMAGE_ONLY_20, HTML_IMAGE_RATIO_02, HTML_MESSAGE, HTML_WEB_BUGS, MIME_HTML_ONLY X-Spam-Level: ********** X-Spam-Flag: YES Status:

  30. Question?

More Related