On 2008-04-28 15:30 +0200, Martin Bubik wrote: > zdravim, chtel bych poprosit nekoho kdo ma zkusenosti s provozem > postfixu a spamassassina o par rad jak zacit.
Spamassassin je urcite vhodny nastroj na odhalovanie spamu, ale ak si to este neurobil, tak si pozri rozne nastavenia v Postfixe, ktore tiez mozu pomoct v boji proti spamu: http://www.postfix.org/uce.html Ja osobne pouzivam nasledovne nastavenie: ## anti-UCE ## smtpd_helo_required = yes disable_vrfy_command = yes strict_rfc821_envelopes = yes smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_pipelining reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_sender_domain reject_unknown_recipient_domain # reject_invalid_helo_hostname warn_if_reject reject_unknown_client_hostname check_recipient_access hash:/usr/local/etc/postfix/filtered_domains reject_unauth_destination smtpd_data_restrictions = reject_unauth_pipelining Ten reject_unknown_client_hostname planujem pridat na zaklade nedavnej diskusii v konferencii ohladne kontroly rDNS zaznamov pri prijimani posty. > Server je jiz pouzivany a ja bych se chtel vyhnout nejakemu delsimu > vypadku - takze nemuzu moc laborovat stylem Najrozumnejsie je to najprv vyskusat na nejakom testovacom stroji. Inac na otestovanie, ake maily bude odmietat reject pravidlo v postfixe, sa hodi warn_if_reject. To mozes pokojne skusat aj na produkcnom serveri. > narazil jsem na jiny postup pres perl moduly > perl -MCPAN -e shell Jednoznacne odporucam instalovat cez porty. Ja mam nainstalovane p5-Mail-SpamAssassin. V rc.conf mam spamd_enable="YES". V master.cf mam: # spam filter filter unix - n n - 2 pipe flags=Rq user=filter argv=/usr/local/bin/spamcheck -f ${sender} -- ${recipient} retry unix - - n - - error /usr/local/bin/spamcheck je jednoduchy shell skript: #!/bin/sh # Simple shell-based filter. It is meant to be invoked as follows: # /path/to/script -f sender recipients... SPOOL_DIR=/var/spool/filter SENDMAIL="/usr/sbin/sendmail -G -i" SPAMC=/usr/local/bin/spamc # Exit codes from <sysexits.h> EX_TEMPFAIL=75 EX_UNAVAILABLE=69 # Clean up when done or when aborting. trap "rm -f $SPOOL_DIR/in.$$" 0 1 2 3 15 cat | $SPAMC -E > $SPOOL_DIR/in.$$ if [ $? = 1 ] then # This message is spam $SENDMAIL spambasket < $SPOOL_DIR/in.$$ else $SENDMAIL "$@" < $SPOOL_DIR/in.$$ fi rm -f $SPOOL_DIR/in.$$ exit $? Mam vytvoreneho uzivatela filter, adresar /var/spool/filter a mailbox spambasket, kam mi chodi vsetok spam. Vo filtered_domains mam pre kazdu prevadzkovanu domenu uvedene: ######################################################## # Don't forget to run 'postmap filtered_domains' upon change. ######################################################## domena.cz FILTER filter:dummy Malo by to byt priblizne vsetko, co je potreba urobit. Ked tak pripadne skus pozriet http://www.postfix.org/FILTER_README.html. Marian -- FreeBSD mailing list ([email protected]) http://www.freebsd.cz/listserv/listinfo/users-l
