Simple Mail Gateway dengan Postfix

Posted On 19 August 2009

Filed under Linux

Comments Dropped leave a response

apt-get install postfix

vim /etc/postfix/master.cf

Kita harus menambahkan 2 baris dibawah ini ke pickup service. Ini diperlukan untuk mem-bypass filter content terhadap email dari server itu sendiri.

-o content_filter=

-o receive_override_options=no_header_body_checks

Sehingga menjadi :

pickup fifo n – – 60 1 pickup

-o content_filter=

-o receive_override_options=no_header_body_checks

11.2 Edit main.cf

cp /etc/postfix/main.cf /etc/postfix/main.cf-orig

a. alias_maps

postconf -e “alias_maps = hash:/etc/aliases”

newaliases

sejak sistem server dikonfigure untuk tidak menyimpan lokal email, ini akan diacuhkan sytem.

b. myorigin

postconf -e “myorigin = msr.web.id”

c. myhostname

postconf -e “myhostname = smtp.msr.web.id”

d. mynetworks

Set network barapa aja yang akan dipercaya untuk megirimkan email relay dari server ini.

postconf -e “mynetworks = 127.0.0.0/8, 202.47.64.0/20”

e. mesassage_size_limit

Maximum ukuran email yang bisa dilewatkan melalui postfix ini.

postconf -e “message_size_limit = 10485760”

f. local_transport

memberikan error message untuk local delivery.

local_transport = error:No local mail delivery

g. mydestination.

kosong disni menggambarkan bahwa server ini bukan tujuan akhir.

postconf -e “mydestination = “

h. local_recipient_maps

kosong disni memberutahu postfix bahwa tidak ada local mailbox di server ini.

postconf -e “local_recipient_maps = “

i. virtual_alias_maps

setup refrensi ke virtual file :

postconf -e “virtual_alias_maps = hash:/etc/postfix/virtual”

vim /etc/postfix/virtual

tambahkan line berikut :

postmaster postmaster@msr.web.id

abuse abuse@msr.web.id

root root@msr.web.id

postmap /etc/postfix/virtual

j. relay_recipient_maps

Kita bisa menset domain atau user yang akan diterima emailnya.

postconf -e “relay_recipient_maps = hash:/etc/postfix/relay_recipients”

vim /etc/postfix/relay_recipients

@msr.web.id OK

@nope16.co.cc OK

postmap /etc/postfix/relay_recipients

k. transport_maps

Memberitahu postfix agar melihat ke file transport. Kita memakai file transport ini untuk menginformasikan kemana email valid untuk domain kita akan dilanjutkan.

postconf -e “transport_maps = hash:/etc/postfix/transport”

vim /etc/postfix/transport

msr.web.id smtp:[202.47.77.247]

nope16.co.cc smtp:[202.47.77.247]

postmap /etc/postfix/transport

l. relay_domains

Email tujuan ke domai/subdomain apa yang akan diizinkan relay dari server ini.

postconf -e “relay_domains = hash:/etc/postfix/relay_domains”

vim /etc/postfix/relay_domains

msr.web.id OK

nope16.co.cc OK

Perhatikan bahwa kita tidak perlu menambahkan @ di depan domainnya.

postmap /etc/postfix/relay_domains

11.3 Setting Postfix Anti SPAM

vim /etc/postfix/main.cf

Tambahkan line berikut ini :

smtpd_banner = $myhostname ESMTP Mail Gateway

smtpd_helo_required = yes

smtpd_client_restrictions =

permit_mynetworks

reject_unauth_pipelining

reject_unauth_destination

smtpd_delay_reject = no

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access,

smtpd_recipient_restrictions = reject_rbl_client cbl.abuseat.org, reject_rbl_client bl.spamcop.net, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unlisted_sender, reject_non_fqdn_recipient, permit_mynetworks, reject_unknown_recipient_domain, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_rbl_client zen.spamhaus.org”

smtpd_data_restrictions = reject_unauth_pipelining

vim /etc/postfix/sender_access

#Example sender access map file

makeabuck@mlm.tld 550 No MLM thanks

allspam.tld 550 Spam is not accepted here

badguy.net REJECT

justaspamminfool@allspamallthetime.com REJECT

newsletter-favorite-lug.org OK

my-really-l337-test-domain.com OK

postmap /etc/postfix/sender_access

11.4 Test Postfix nya

#postfix start

telnet ke localhost :

#telnet localhost 25

Trying 127.0.0.1…

Connected to localhost.

Escape character is ‘^]’.

220 smtp.msr.web.id ESMTP Mail Gateway

quit

apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 unzoo libnet-ph-perl libnet-snpp-perl libnet-telnet-perl nomarch lzop pax

Konfigurasi amavisd-new

vi /etc/amavis/conf.d/15-content_filter_mode

use strict;

# You can modify this file to re-enable SPAM checking through spamassassin

# and to re-enable antivirus checking.

#

# Default antivirus checking mode

# Uncomment the two lines below to enable it back

#

@bypass_virus_checks_maps = (

\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

#

# Default SPAM checking mode

# Uncomment the two lines below to enable it back

#

@bypass_spam_checks_maps = (

\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

1; # insure a defined return

vi /etc/amavis/conf.d/20-debian_defaults

$QUARANTINEDIR = “$MYHOME/virusmails”;

$log_recip_templ = undef; # disable by-recipient level-0 log entries

$DO_SYSLOG = 1; # log via syslogd (preferred)

$syslog_ident = ‘amavis’; # syslog ident tag, prepended to all messages

$syslog_facility = ‘mail’;

$syslog_priority = ‘debug’; # switch to info to drop debug output, etc

$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)

$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1

$inet_socket_port = 10024; # default listenting socket

$sa_spam_subject_tag = ‘***SPAM*** ‘;

$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level

$sa_tag2_level_deflt = 6.31; # add ‘spam detected’ headers at that level

$sa_kill_level_deflt = 6.31; # triggers spam evasive actions

$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent

$sa_mail_body_size_limit = 200*1024; # don’t waste time on SA if mail is larger

$sa_local_tests_only = 0; # only tests which do not require internet access?

[…]

$final_virus_destiny = D_DISCARD; # (data not lost, see virus quarantine)

$final_banned_destiny = D_BOUNCE; # D_REJECT when front-end MTA

$final_spam_destiny = D_BOUNCE;

$final_bad_header_destiny = D_PASS; # False-positive prone (for spam)

[…]

vi /etc/amavis/conf.d/50-user

use strict;

#

# Place your configuration directives here. They will override those in

# earlier files.

#

# See /usr/share/doc/amavisd-new/ for documentation and examples of

# the directives you can use in this file

#

$pax=’pax’;

#———— Do not modify anything below this line ————-

1; # insure a defined return

adduser clamav amavis
/etc/init.d/amavis restart
/etc/init.d/clamav-daemon restart
/etc/init.d/clamav-freshclam restart

postconf -e ‘content_filter = amavis:[127.0.0.1]:10024’
postconf -e ‘receive_override_options = no_address_mappings’

vi /etc/postfix/master.cf

[…]

amavis unix – – – – 2 smtp

-o smtp_data_done_timeout=1200

-o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n – – – – smtpd

-o content_filter=

-o local_recipient_maps=

-o relay_recipient_maps=

-o smtpd_restriction_classes=

-o smtpd_client_restrictions=

-o smtpd_helo_restrictions=

-o smtpd_sender_restrictions=

-o smtpd_recipient_restrictions=permit_mynetworks,reject

-o mynetworks=127.0.0.0/8

-o strict_rfc821_envelopes=yes

-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks

-o smtpd_bind_address=127.0.0.1

postfix restart

vim /etc/spamassassin/local.cf > Tambahkan line berikut :

#pyzor
use_pyzor 1
pyzor_path /usr/bin/pyzor
pyzor_add_header 1

#razor
use_razor2 1
razor_config /etc/razor/razor-agent.conf

#bayes
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1

/etc/init.d/amavis restart

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s