QMail: Unterschied zwischen den Versionen
(smtps) |
|||
Zeile 43: | Zeile 43: | ||
modify spam check = no | modify spam check = no | ||
</pre> | </pre> | ||
===Qmail-Scanner=== | |||
Qmail-Scanner is an add-on that enables a Qmail email server to scan gatewayed email for certain characteristics (i.e. a content scanner). It is typically used for its anti-virus and anti-spam protection functions, in which case it is used in conjunction with external scanners. It also enables a site (at a server/site level) to create "Policy blocks": i.e. react to email that contains specific strings in particular headers, or particular attachment filenames or types (e.g. *.VBS attachments). http://qmail-scanner.sourceforge.net/ | |||
This is a patched version (ergo unofficial) of qmail-scanner-2.01, that adds some options focused in deal with spam and others features. | |||
http://www.bec.at/support/qmail-scanner/ | |||
./configure --qs-user qscand --qmail-queue-binary /usr/sbin/qmail-queue --admin sadmin --domain mygretchen.de | |||
--admin-description "System Administrator" --notify psender,nmlvadm --local-domains mygretchen.de --silent-viruses auto --virus-to-delete 0 | |||
--skip-text-msgs 1 --lang de_DE --debug 0 --minidebug 1 --add-dscr-hdrs 0 --dscr-hdrs-text "X-Qmail-Scanner" --normalize yes --archive 0 | |||
--settings-per-domain 0 --max-scan-size 100000000 --unzip 0 --max-zip-size 1000000000 --max-unpacked-files 10000 | |||
--redundant xi10 --log-details syslog --log-crypto 0 --fix-mime 2 --ignore-eol-check 0 --sa-subject "***SPAM***" --sa-delta 0 --sa-alt 1 | |||
--sa-debug 1 --sa-report 1 --sa-quarantine 0 --sa-delete 0 --sa-reject 0 --scanners "clamscan,fast_spamassassin" | |||
==Konfiguration== | ==Konfiguration== |
Version vom 3. März 2007, 18:02 Uhr
als Vorlage diente http://www.debianhowto.de/doku.php/de:howtos:sarge:qmail
Installation
apt-get install qmail-src ucspi-tcp-src
UCSPI-TLS (UCSPI-SSL patched)
Ein Ersatz für inetd
from spamcontrol
Current patch for ucspi-ssl-0.70 (ucspi-ssl-0.70_ucspitls-0.4.patch) providing 'delayed' (i.e. STARTTLS/STLS) TLS support.
Qmail bauen
Qmail patchen mit Spamcontrol
Qmailadmin
http://www.inter7.com/index.php?page=qmailadmin
./configure --enable-cgipath=/member/cgi-bin/qmailadmin --enable-autoresponder-path=/usr/bin --enable-ezmlmdir=/usr/bin --enable-maxpopusers=100 --enable-maxaliases=100 --enable-maxforwards=100 --enable-maxautorepsonders=100 --enable-maxmailinglists=100 --disable-ezmlm-mysql --enable-htmldir=/home/www/mygretchen.de/htdocs --enable-cgibindir=/home/www/mygretchen.de/cgi-bin --enable-vpopmaildir=/var/vpopmail --enable-qmaildir=/var/qmail --enable-true-path=/bin/true --enable-no-cache
qmailadmin 1.2.0 Current settings --------------------------------------- cgi-bin dir = /home/www/mygretchen.de/cgi-bin html dir = /home/www/mygretchen.de/htdocs image dir = /home/www/mygretchen.de/htdocs/images/qmailadmin image URL = /images/qmailadmin template dir = /usr/local/share/qmailadmin qmail dir = /var/qmail vpopmail dir = /var/vpopmail autorespond dir = /usr/bin ezmlm dir = /usr/bin ezmlm idx = yes mysql for ezmlm = no help = no modify quota = no domain autofill = no modify spam check = no
Qmail-Scanner
Qmail-Scanner is an add-on that enables a Qmail email server to scan gatewayed email for certain characteristics (i.e. a content scanner). It is typically used for its anti-virus and anti-spam protection functions, in which case it is used in conjunction with external scanners. It also enables a site (at a server/site level) to create "Policy blocks": i.e. react to email that contains specific strings in particular headers, or particular attachment filenames or types (e.g. *.VBS attachments). http://qmail-scanner.sourceforge.net/
This is a patched version (ergo unofficial) of qmail-scanner-2.01, that adds some options focused in deal with spam and others features. http://www.bec.at/support/qmail-scanner/
./configure --qs-user qscand --qmail-queue-binary /usr/sbin/qmail-queue --admin sadmin --domain mygretchen.de --admin-description "System Administrator" --notify psender,nmlvadm --local-domains mygretchen.de --silent-viruses auto --virus-to-delete 0 --skip-text-msgs 1 --lang de_DE --debug 0 --minidebug 1 --add-dscr-hdrs 0 --dscr-hdrs-text "X-Qmail-Scanner" --normalize yes --archive 0 --settings-per-domain 0 --max-scan-size 100000000 --unzip 0 --max-zip-size 1000000000 --max-unpacked-files 10000 --redundant xi10 --log-details syslog --log-crypto 0 --fix-mime 2 --ignore-eol-check 0 --sa-subject "***SPAM***" --sa-delta 0 --sa-alt 1 --sa-debug 1 --sa-report 1 --sa-quarantine 0 --sa-delete 0 --sa-reject 0 --scanners "clamscan,fast_spamassassin"
Konfiguration
Supervise
/service/qmail-send/run
#!/bin/sh exec /var/qmail/rc
/service/qmail-send/log/run
#!/bin/sh exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s5000000 /var/log/qmail
http://www.datenklause.de/de/software/qgreylistrbl.html
/service/qmail-smtpd/run
#!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi if [ ! -f /var/qmail/control/rcpthosts ]; then echo "No /var/qmail/control/rcpthosts!" echo "Refusing to start SMTP listener because it'll create an open relay" exit 1 fi . /var/qmail/ssl/env exec /usr/bin/softlimit -m 90000000 \ /usr/local/bin/sslserver -vesn -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 88.198.8.108 smtp /var/qmail/bin/qgreylistrbl.pl \ /var/qmail/bin/qmail-smtpd /var/vpopmail/bin/vchkpw /bin/true 2>&1 #/usr/bin/rblsmtpd -r multihop.dsbl.org -r sbl.spamhaus.org -r ix.dnsbl.manitu.net -r list.dsbl.org
/service/qmail-smtpd/log/run
#!/bin/sh exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s5000000 /var/log/qmail/smtpd
/etc/tcp.smtp
127.0.0.1:allow,RELAYCLIENT="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl",QS_SPAMASSASSIN="1" 192.168.230.:allow,RELAYCLIENT="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl",QS_SPAMASSASSIN="1" :allow,MFDNSCHECK="",SMTPAUTH="",BADMIMETYPE="",BADLOADERTYPE="M",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
cdb neubauen:
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
Qmail
Start-Config:
echo "meinhostname.domain.tld" > /etc/qmail/me
Bounce username. Default: MAILER-DAEMON.
bouncefrom
Procmail
Procmail ist ein Mailfilter mit dem man z.b. Spam- oder Maillinglistenmails automatisch in ein Unterordner verschieben kann. Filterregeln können mit Horde(Ingo) erstellt werden.
von http://www.qmailinfo.org/index.php/Horde-Procmail-Filters
/etc/procmailrc:
SHELL="/bin/sh" #LOGFILE="/tmp/procmail.log" #VERBOSE=on VPOPHOME="/var/vpopmail" DOMHOME="$VPOPHOME/domains/$DOM" USERHOME="$DOMHOME/$USERNAME" SENDMAIL="/usr/sbin/sendmail -f $USERNAME@$DOM" DEFAULT="$USERHOME/Maildir/" HOME="$USERHOME" INCLUDERC="$USERHOME/.procmailrc" ##### move_Spam ##### :0 * ^X-Spam-Status:.*Yes "$DEFAULT/.Spam/" ##### move_unknown ##### :0 * ^X-Spam-Level:.*++ "$DEFAULT/.Unknown/" :0 w | /usr/bin/safecat "${HOME}/Maildir/tmp" "${HOME}/Maildir/new"
/usr/sbin/preprocmail:
#!/bin/sh VPOPMAIL=`echo ~vpopmail` DOMDIR=`$VPOPMAIL/bin/vdominfo -d $HOST` #convert to lower EXT=`echo $EXT | tr "[:upper:]" "[:lower:]" `; #check, if maildir exist if [ -d $DOMDIR/$EXT/Maildir ]; then #create spamfolder if not exists if [ ! -d $DOMDIR/$EXT/Maildir/.Spam ]; then /usr/bin/maildirmake.courier -f Spam $DOMDIR/$EXT/Maildir/ cat > /dev/null fi #create unknownfolder if not exists if [ ! -d $DOMDIR/$EXT/Maildir/.Unknown ]; then /usr/bin/maildirmake.courier -f Unknown $DOMDIR/$EXT/Maildir/ cat > /dev/null fi #create subscription or subscribe to spamfolder if [ ! -r $DOMDIR/$EXT/Maildir/courierimapsubscribed ]; then `echo INBOX.Spam>>$DOMDIR/$EXT/Maildir/courierimapsubscribed`; else #exist the subscription? if [ `/bin/grep Spam $DOMDIR/$EXT/Maildir/courierimapsubscribed |wc -l` = 0 ]; then `echo INBOX.Spam>>$DOMDIR/$EXT/Maildir/courierimapsubscribed`; fi fi #create subscription or subscribe to unknownfolder if [ ! -r $DOMDIR/$EXT/Maildir/courierimapsubscribed ]; then `echo INBOX.Unknown>>$DOMDIR/$EXT/Maildir/courierimapsubscribed`; else #exist the subscription? if [ `/bin/grep Unknown $DOMDIR/$EXT/Maildir/courierimapsubscribed |wc -l` = 0 ]; then `echo INBOX.Unknown>>$DOMDIR/$EXT/Maildir/courierimapsubscribed`; fi fi fi if [ -r $DOMDIR/$EXT/.procmailrc ]; then env -i DOM=$HOST USERNAME=$EXT /usr/bin/procmail -p -m /etc/procmailrc cat > /dev/null exit 99 else env -i DOM=$HOST USERNAME=$EXT /usr/bin/procmail -p -m /etc/procmailrc cat > /dev/null fi cat > /dev/null exit 0
This script will be called from a .qmail file. For example,
/var/vpopmail/domains/somedomain.com/.qmail-default:
| /var/qmail/bin/preline /usr/sbin/preprocmail | /var/vpopmail/bin/vdelivermail '' bounce-no-mailbox
Links
Betrieb
Logfiles
QMail schreibt seine Daten in dem im TAI64N-Format in seine Logfiles. Das mag zwar für die Auswertung der Logfiles sehr nützlich sein, lesbar ist es nicht.
cat /var/log/qmail/smtpd/current | tai64nlocal
Start/Stop/Status
qmailctl Usage: /usr/sbin/qmailctl {start|stop|restart|doqueue|flush|reload|stat|pause|cont|cdb|queue|help}
mygretchen:/# qmailctl stat /service/qmail-send: up (pid 5465) 151263 seconds /service/qmail-send/log: up (pid 2106) 151373 seconds /service/qmail-smtpd: up (pid 2109) 151373 seconds /service/qmail-smtpd/log: up (pid 2111) 151373 seconds messages in queue: 0 messages in queue but not yet preprocessed: 0
Tools
qmHandle - queue management made easy
This little jewel, created by Michele Beltrame (according to qmail.org), gives you an easy way to view and manage the Qmail queue. It even lets you view some stats on the queue. It's a single Perl based script that is command line based, not GUI based (for you all you newbies out there). Don't fret though, because it's incredibly easy to use. If you have trouble setting it up and using it, you need to go back to school. If you think I'm kidding, wait till you set it up and you'll see. It doesn't get any easier than this. You can download the latest version of qmHandle from: http://sourceforge.net/projects/qmhandle. Normally, I would publish a tutorial on how to set it up, but the README file included with it does a wonderful job. Read the README file!
qmailalizer - a tool to generate graphs from Qmail's logs.
http://qmailalizer.sourceforge.net/
Links
Howtos & Co
http://www.lifewithqmail.org/lwq.html
http://www.gentoo.org/doc/de/qmail-howto.xml
http://www.debianhowto.de/doku.php/de:howtos:sarge:qmail
http://www.cargal.org/downloads/HOW-TO/debianqmail/debianqmail.html
Installing Qmail, Courier, Ezmlm, ... on Debian
Qmail smtps
AntiSpam
qgreylistrbl
Big all-in-one patch. MUST!
Erstellt badmailfrom-file
http://www.chrishardie.com/tech/qmail/qmail-antispam.html
Patches
Integrate Virusscanner/Spamassassin
http://toribio.apollinare.org/qmail-scanner/
Qmail SMTP Plugin patch (SPP)
Sonstiges
Qmail Ldap/Big Picture
About relaying (blacklist und smtp_auth)
Qmail Bugs and Wishlist