Basic

FreeNAS
       
sendmail

yum -y update sendmail sendmail-cf

SendMail相關目錄
1. 設定檔目錄:/etc/mail
2. 記錄檔:/var/log/maillog
3. 己收信件之暫存目錄:/var/spool/mail/
4. 寄出信件之暫存目錄:/var/spool/mqueue/

先備份,後修改

cd /etc/mail
mv sendmail.cf sendmail.cf.bak

解除只有Server本身可以遞送信件的設定

vi /etc/mail/sendmail.mc

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA') 改成
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')

加入廣告信來源過濾機制

在以下兩行
FEATURE(`blacklist_recipients')dnl
.
.
EXPOSED_USER(`root')dnl

之間加入

dnl # use DNSBL for spam mail
FEATURE(`dnsbl', `rbl.maps.vix.com', `Rejected - see http://www.mail-abuse.org/rbl/')dnl
FEATURE(`dnsbl', `dul.maps.vix.com', `Dialup - see http://www.mail-abuse.org/dul/')dnl
FEATURE(`dnsbl', `relays.mail-abuse.org', `Open spam relay - see http://www.mail-abuse.org/rss')dnl
dnl FEATURE(`dnsbl', `relays.ordb.org', `"Email blocked using ORDB.org - see http://ordb.org"')dnl
FEATURE(`dnsbl', `blackholes.mail-abuse.org', `"Spam blocked see: http://mail-abuse.org/cgi-bin/lookup?"$&{client_addr}')dnl
FEATURE(`dnsbl', `bl.spamcop.net', `"Spam blocked see: http://spamcop.net/bl.shtml?"$&{client_addr}')dnl
dnl FEATURE(`dnsbl',`dnsbl.sorbs.net', `"554 Rejected " $&{client_addr} " found in dnsbl.sorbs.net"')dnl
dnl FEATURE(`dnsbl', `rbl.softworking.com', `"550 Mail from "$&{client_addr}" rejected based on external blacklist - See also http://www.softworking.com/"')dnl

加入Greylist機制,防止廣告信主機寄發廣告信

yum install milter-greylist

vi /etc/mail/sendmail.mc,在FEATURE(`dnsbl'...描述後面加入

dnl # use GREYLIST for spam mail
FEATURE(`milter-greylist')dnl

避免relay範圍內的機器每次都要寄兩次以上才會寄出信件

vi /etc/mail/greylist.conf

# Your own network, which should not suffer greylisting

list "my network" addr { 127.0.0.1/8 163.32.244.0/24 }

# This is a list of broken MTAs that break with greylisting. Derived from # http://cvs.puremagic.com/viewcvs/greylisting/schema/whitelist_ip.txt?rev=1.16

list "broken mta" addr { \

12.5.136.141/32 \ # Southwest Airlines (unique sender)

12.5.136.142/32 \ # Southwest Airlines

163.32.250.21/32 \ # KH mail server
163.32.250.51/32 \ # Epass server
163.32.250.12/32 \ # kiecc.server

# 另可在底下列出安全無虞(確定不會寄廣告信)的mail server IP

chkconfig --level 345 milter-greylist on
service milter-greylist start

完成修改sendmail.mc檔後,產生正確的sendmail.cf

cd /etc/mail
make -C /etc/mail

避免造成MX loop back的問題,必須將這台Server的主機別稱及所有主機別名登入進來

vi /etc/mail/local-host-names

設定負責轉信(幫Outlook送信)的範圍(RELAY)及擋掉廣告信主機(DENY)

vi /etc/mail/access

Connect:localhost.localdomain RELAY
Connect:localhost RELAY
Connect:127.0.0.1 RELAY
Connect:163.18.225 RELAY
Connect:sgrsms.sg-rs.com.hk REJECT
Connect:mail.uhome.net.tw REJECT

存檔後

make all
service sendmail restart

procmail廣告信過濾規則

yum install procmail

vi /etc/procmailrc

MAILDIR=/var/mail
VERBOSE=off
PATH=/bin:/sbin:/usr/bin:/usr/sbin/:/usr/local/bin:/usr/local/sbin
LOGFILE=/var/log/procmail.log
# 廣告信過濾機制
# 原則上因考量誤判的機率較高,因為部份電子期刊也是利用相關的程式來寄發的,因此特別將這些特微的信,予以轉存至特定的檔案,以便日後人工確認。待確認無誤後,再將設定改轉存至/dev/null,以便直接刪除信件,以免造成硬碟空間之浪費。
# 過濾偽裝寄件者
:0 HBw
#* ^Return-Path: .*@mail\.kh\.edu\.tw.*
* ^Received: from mail\.kh\.edu\.tw .*
* !^Received: from mail\.kh\.edu\.tw .*163\.32\.250\.
* !^Received: from mail\.kh\.edu\.tw .*163\.32\.119\.
* !^Received: from mail\.kh\.edu\.tw .*163\.29\.241\.
* !^Received: from mail\.kh\.edu\.tw .*163\.29\.242\.
* !^Received: from mail\.kh\.edu\.tw .*163\.32\.137\.
* !^Received: from mail\.kh\.edu\.tw \(localhost\.localdomain \[127\.0\.0\.1\]\)
* !^Received: from 163\.32\.250\.21 .*163\.32\.250\.
/home/mailfilter/spam.local
# 過濾廣告信發送軟體(1)
:0 HBw
* ^X-Library: (Indy.*|Dynamailer.*)
/home/mailfilter/spam.library
# 過濾廣告信發送軟體(2)
:0 HBw
* ^X-Mailer: (Dynamailer.*|EhooPost.*|Mail Bomber.*|QuickSender.*|made from pascual|RET.*| FoxMail*)
/home/mailfilter/spam.mailer

建立告信過濾的收集目錄:
mkdir /home/mailfilter

設定後,到目錄中編譯

cd /etc/mail
make all
service sendmail restar

dovecot(POP、IMAP)

安裝軟體

yum -y install dovecot
cp /etc/dovecot.conf /etc/dovecot.conf.bak
vi /etc/dovecot.conf

protocols = imap imaps 修改成--> protocols = pop3
ssl_disable = no 修改成--> ssl_disable = yes

重新啟動

/etc/rc.d/init.d/dovecot start
chkconfig dovecot on

Don彙整筆記2010啟用