SendMail: Unterschied zwischen den Versionen

Aus crazylinux.de
Zur Navigation springen Zur Suche springen
(added dcc)
Keine Bearbeitungszusammenfassung
Zeile 167: Zeile 167:
===Statistiken===
===Statistiken===
http://www.enderunix.org/isoqlog/
http://www.enderunix.org/isoqlog/
==Mimedefang==
Damit bei durch spamassassin gefunder Spam das Email-Subject umgeschrieben wird, ist folgendes notwendig (ca. Zeile 324):
<pre>
/etc/mail/mimedefang-filter
...
            # We add a header which looks like this:
            # X-Spam-Score: 6.8 (******) NAME_OF_TEST,NAME_OF_TEST
            # The number of asterisks in parens is the integer part
            # of the spam score clamped to a maximum of 40.
            # MUA filters can easily be written to trigger on a
            # minimum number of asterisks...
            if ($hits >= $req) {
                action_change_header("X-Spam-Score", "$hits ($score) $names");
               
                #JT added 22.05.06
                action_change_header('Subject', "***SPAM*** $Subject");
               
                md_graphdefang_log('spam', $hits, $RelayAddr);
                # If you find the SA report useful, add it, I guess...
                action_add_part($entity, "text/plain", "-suggest",
                                "$report\n",
                                "SpamAssassinReport.txt", "inline");
            } else {
                # Delete any existing X-Spam-Score header?
                action_delete_header("X-Spam-Score");
...
</pre>


==Tools==
==Tools==

Version vom 21. Juni 2006, 19:59 Uhr

Sendmail-Config inkl.

    • Spamschutz mit spamassassin
    • Virenscan mit ClamAV
    • Razor
    • Smtp_Auth
    • Mimedefang, Sendmail-Filter, um Spam/Virenschutz einzubauen

Sendmail

Config

Die /etc/mail/sendmail.mc muss entsprechend angepaßt werden:

divert(-1)dnl
#-----------------------------------------------------------------------------
# $Sendmail: debproto.mc,v 8.13.4 2005-06-03 16:49:22 cowboy Exp $
#
# Copyright (c) 1998-2005 Richard Nelson.  All Rights Reserved.
#
# cf/debian/sendmail.mc.  Generated from sendmail.mc.in by configure.
#
# sendmail.mc prototype config file for building Sendmail 8.13.4
#
# Note: the .in file supports 8.7.6 - 9.0.0, but the generated
#       file is customized to the version noted above.
#
# This file is used to configure Sendmail for use with Debian systems.
#
# If you modify this file, you will have to regenerate /etc/mail/sendmail.cf
# by running this file through the m4 preprocessor via one of the following:
#       * `sendmailconfig`
#       * `make`
#       * `m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf`
# The first two options are preferred as they will also update other files
# that depend upon the contents of this file.
#
# The best documentation for this .mc file is:
# /usr/share/doc/sendmail-doc/cf.README.gz
#
#-----------------------------------------------------------------------------
divert(0)dnl
#
#   Copyright (c) 1998-2005 Richard Nelson.  All Rights Reserved.
#
#  This file is used to configure Sendmail for use with Debian systems.
#
define(`_USE_ETC_MAIL_')dnl
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
include(`/etc/mail/tls/starttls.m4')dnl
include(`/etc/mail/sasl/sasl.m4')dnl
define(`confAUTH_OPTIONS', `A p')dnl
VERSIONID(`$Id: sendmail.mc, v 8.13.4-3 2005-06-03 16:49:22 cowboy Exp $')
define(`confSMTP_LOGIN_MSG', `gretchen.dyndns.info Mailserver; $b')
OSTYPE(`debian')dnl
DOMAIN(`debian-mta')dnl
dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE
dnl undefine(`confHOST_STATUS_DIRECTORY')dnl        #DAEMON_HOSTSTATS=
dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE
dnl #
dnl # General defines
dnl #
dnl # SAFE_FILE_ENV: [undefined] If set, sendmail will do a chroot()
dnl #   into this directory before writing files.
dnl #   If *all* your user accounts are under /home then use that
dnl #   instead - it will prevent any writes outside of /home !
dnl #   define(`confSAFE_FILE_ENV',             `')dnl
dnl #
dnl # Daemon options - restrict to servicing LOCALHOST ONLY !!!
dnl # Remove `, Addr=' clauses to receive from any interface
dnl # If you want to support IPv6, switch the commented/uncommentd lines
FEATURE(`no_default_msa')dnl
dnl DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp, Addr=::1')dnl
DAEMON_OPTIONS(`Family=inet,  Name=MTA-v4, Port=smtp')dnl
dnl DAEMON_OPTIONS(`Family=inet6, Name=MSP-v6, Port=submission, Addr=::1')dnl
DAEMON_OPTIONS(`Family=inet,  Name=MSP-v4, Port=submission')dnl
dnl DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL, M=s')dnl
dnl #
dnl # Be somewhat anal in what we allow
define(`confPRIVACY_FLAGS',dnl
`needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl
dnl #
dnl # Define connection throttling and window length
define(`confCONNECTION_RATE_THROTTLE', `50')dnl
define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl
define(`confDOMAIN_NAME', `gretchen.dyndns.info')dnl
FEATURE(`use_cw_file')dnl
# Anti Spam

FEATURE(`enhdnsbl', `bl.spamcop.net', `"Spam blocked see: http://spamcop.net/bl.shtml?"$&{client_addr}', `t')dnl
FEATURE(`dnsbl', `relays.ordb.org', `"550 Email rejected due to sending server misconfiguration - see http://www.ordb.org/faq/\#why_rejected"')dnl
FEATURE(`dnsbl',`sbl.spamhaus.org',`Rejected - see http://spamhaus.org/')dnl
FEATURE(`dnsbl',`list.dsbl.org',`"550 Rejected - see http://dsbl.org/listing?"$&{client_addr}')dnl
FEATURE(`dnsbl',`multihop.dsbl.org',`"550 Rejected - see http://dsbl.org/listing?"$&{client_addr}')dnl
FEATURE(`dnsbl',`dnsbl.sorbs.net',`"554 Rejected " $&{client_addr} " found in dnsbl.sorbs.net"')dnl
dnl #FEATURE(`dnsbl', `blacklist.spambag.org', `"571 SPAM MAIL REJECTED from "$&{client_name}" by blacklist.spambag.org! Please see http://www.spambag.org for details.'")dnl
FEATURE(`dnsbl', `ix.dnsbl.manitu.net', `"571 SPAM MAIL REJECTED from "$&{client_name}" by ix.dnsbl.manitu.net! Please see http://ix.dnsbl.manitu.net for details.'")dnl
dnl #FEATURE(`dnsbl', `countries.blackholes.us', `"Spam blocked! See http://www.blackholes.us/"')dnl
FEATURE(`dnsbl',`rsbl.aupads.org',`"550 Mail from " $&{client_addr} " refused: spam site. See http://www.aupads.org/cgi-bin/rsbl-lookup?host_to_find="$&{client_addr}""')dnl
FEATURE(`dnsbl',`orvedb.aupads.org',`"550 Mail from " $&{client_addr} " refused: open relay. See: http://www.aupads.org/cgi-bin/ordb-lookup?host_to_find="$&{client_add}""')dnl
FEATURE(`dnsbl',`duinv.aupads.org',`"550 Mail from host " $&{client_addr} " refused: We do not accept deliveries direct from remote dialups. Use your ISPs local SMTP server or authenticate via POP3 first. See http://www.aupads.org/cgi-bin/duinv-lookup?host_to_find="$&{client_addr}""')dnl
dnl #FEATURE(rhsbl,`dsn.rfc-ignorant.org',`"550 Mail from domain " $`'&{RHS} " refused. MX of domain do not accept bounces. This violates RFC 821/2505/2821 - see http://www.rfc-ignorant.org/"')
dnl #FEATURE(rhsbl,`postmaster.rfc-ignorant.org',`"550 Mail from domain " $`'&{RHS} " refused. MX of domain does not have a working postmaster address - see http://www.rfc-ignorant.org/"')

FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')dnl
dnl # The access db is the basis for most of sendmail's checking
dnl #FEATURE(`access_db', , `skip')dnl
FEATURE(`access_db')dnl
FEATURE(blacklist_recipients)dnl
dnl #
dnl # The greet_pause feature stops some automail bots - but check the
dnl # provided access db for details on excluding localhosts...
FEATURE(`greet_pause', `1000')dnl 1 seconds
dnl #
dnl # Delay_checks allows sender<->recipient checking
FEATURE(`delay_checks', `friend', `n')dnl
dnl #
dnl # If we get too many bad recipients, slow things down...
define(`confBAD_RCPT_THROTTLE',`3')dnl
dnl #
dnl # Stop connections that overflow our concurrent and time connection rates
FEATURE(`conncontrol', `nodelay', `terminate')dnl
FEATURE(`ratecontrol', `nodelay', `terminate')dnl
INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:1m;R:1m')dnl
dnl  specify the sender email address for all outgoing mail from the local
dnl  machine. most people also want to use "masquerade_envelope" to also
dnl  change the envelope addresses.
dnl  use "allmasquerade" to also change the recipient addresse. don't use
dnl  this feature, if you don't have the full /etc/aliases and the full
dnl  /etc/passwd on your host.
FEATURE(`masquerade_envelope')dnl
dnl #MASQUERADE_AS(`gretchen.dyndns.info')dnl
FEATURE(`always_add_domain')dnl
dnl #
dnl # If you're on a dialup link, you should enable this - so sendmail
dnl # will not bring up the link (it will queue mail for later)
dnl define(`confCON_EXPENSIVE',`True')dnl
dnl #
dnl # Default Mailer setup
MAILER_DEFINITIONS
MAILER(`local')dnl
MAILER(`smtp')dnl

sendmail.cf generieren und neu starten

hostname:/etc/mail# sendmailconfig

Antispam

Fertige Filterlisten gibts unter http://www.rulesemporium.com/

Exit0

Weitere Rules

Howtos_Spam_Assassin_Rules_Du_Jour_Configuration

Installation von DCC und Einbindung in SpamAssassin

Testen

sendmail -bv root
hostname:/etc/mail# sendmail -bv root
sadmin... deliverable: mailer local, user xy

Backup-Mailexchanger

einfach die Domain in /etc/mail/relay-domains eintragen weitere Infos gibts unter

http://www.sendmail.org/%7Eca/email/chk-89f.html#RELAYING
http://www.sendmail.org/tips/relaying.html

Statistiken

http://www.enderunix.org/isoqlog/

Mimedefang

Damit bei durch spamassassin gefunder Spam das Email-Subject umgeschrieben wird, ist folgendes notwendig (ca. Zeile 324):

/etc/mail/mimedefang-filter
...

            # We add a header which looks like this:
            # X-Spam-Score: 6.8 (******) NAME_OF_TEST,NAME_OF_TEST
            # The number of asterisks in parens is the integer part
            # of the spam score clamped to a maximum of 40.
            # MUA filters can easily be written to trigger on a
            # minimum number of asterisks...
            if ($hits >= $req) {
                action_change_header("X-Spam-Score", "$hits ($score) $names");
                
                #JT added 22.05.06
                action_change_header('Subject', "***SPAM*** $Subject");
                
                md_graphdefang_log('spam', $hits, $RelayAddr);

                # If you find the SA report useful, add it, I guess...
                action_add_part($entity, "text/plain", "-suggest",
                                "$report\n",
                                "SpamAssassinReport.txt", "inline");
            } else {
                # Delete any existing X-Spam-Score header?
                action_delete_header("X-Spam-Score");

...

Tools

graphdefang

http://www.bl.org/~jpk/graphdefang/ Webbasierende Lösung (Perl/PHP), um Statistiken aus Mimedefang/Mail-Log zu erstellen Als Cronjob

01      08      *       *       *       /usr/bin/graphdefang.pl -quiet


Links

http://www.sendmail.org/m4/features.html
http://www.sendmail.org/m4/anti_spam.html
http://www.completewhois.com/rbl_lookup.htm
http://www.linux-fuer-alle.de/doc_show.php?docid=239&catid=15
http://www.nl.sorbs.net/mailsystems/sendmail.shtml
http://www.heise.de/ix/nixspam/dnsbl/
http://www.rfc-ignorant.org/how_to_domain.php http://www.sendmail.org/virtual-hosting.html