[svn/pld-doc]: rev 221 - pld-doc/book/pl_book__uslugi
ciesiel w svn.pld-dc.org
ciesiel w svn.pld-dc.org
Pon, 12 Sty 2004, 16:51:08 CET
Author: ciesiel
Date: 2004-01-12 16:51:07 +0100 (Mon, 12 Jan 2004)
New Revision: 221
Modified:
pld-doc/book/pl_book__uslugi/pl_uslugi_poczta__postfix.sec
Log:
- changed title
- cleanup screen tags
Modified: pld-doc/book/pl_book__uslugi/pl_uslugi_poczta__postfix.sec
===================================================================
--- pld-doc/book/pl_book__uslugi/pl_uslugi_poczta__postfix.sec 2004-01-12 13:39:19 UTC (rev 220)
+++ pld-doc/book/pl_book__uslugi/pl_uslugi_poczta__postfix.sec 2004-01-12 15:51:07 UTC (rev 221)
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="iso-8859-2"?>
<section>
- <title>Opis instalacji postfixa by Grifter</title>
+ <title>Postfix - Opis instalacji by Grifter</title>
<para>
Hmm postfix to takie coś co pozwala nam zrobić serwer pocztowy na naszym serwerze. No tak, w sumie powiecie ściagamy poldkiem instalujemy i działa... działa ale chcemy coś wiecej... chcemy by nasz smtpd byl ładnie skonfigurowany i taki bardziej 31337 ;)
</para>
@@ -9,86 +9,66 @@
<para>
Ściagamy to co nam będzie potrzebne. Wiadomo... postfix i śmieci które mu są potrzebne:
</para>
- <screen>
- poldek -i postfix cyrus-sasl cyrus-sasl-plain cyrus-sasl-saslauthd cyrus-sasl-login
- </screen>
+ <screen>poldek -i postfix cyrus-sasl cyrus-sasl-plain cyrus-sasl-saslauthd cyrus-sasl-login</screen>
<para>
A tutaj coś co bedzie nam potrzebne do tworzenia certyfikatow.
</para>
- <screen>
- poldek -i openssl-tools
- </screen>
+ <screen>poldek -i openssl-tools</screen>
<para>
A tutaj coś żebyśmy mogli pobraś pocztę z serwera.
</para>
- <screen>
- poldek -i solid-pop3d inetd rc-inetd
- </screen>
+ <screen>poldek -i solid-pop3d inetd rc-inetd</screen>
</section>
<section>
<title>Konfiguracja</title>
<para>
Przyszedł czas na konfigurację postfixa.
</para>
- <screen>
- # echo 'pwcheck_method:saslauthd' > /etc/sasl/smtpd.conf
- </screen>
+ <screen># echo 'pwcheck_method:saslauthd' > /etc/sasl/smtpd.conf</screen>
<para>
Uruchom saslauthd:
</para>
- <screen>
- # /etc/rc.d/init.d/saslauthd start
- </screen>
+ <screen># /etc/rc.d/init.d/saslauthd start</screen>
<para>
Uruchom postifixa:
</para>
- <screen>
- # /etc/rc.d/init.d/postfix start
- </screen>
+ <screen># /etc/rc.d/init.d/postfix start</screen>
<para>
Teraz chcemy żeby postfix wymagał autentykacji:
</para>
- <screen>
- # postconf -e smtpd_sasl_auth_enable=yes
- # postconf -e smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
- </screen>
+ <screen># postconf -e smtpd_sasl_auth_enable=yes
+# postconf -e smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination</screen>
<para>
Teraz linijka dla popsutych Outlook'ow.
</para>
- <screen>
- # postconf -e broken_sasl_auth_clients=yes
- # postconf -e mynetworks=127.0.0.0/8,192.168.1.1/32
- </screen>
+ <screen># postconf -e broken_sasl_auth_clients=yes
+# postconf -e mynetworks=127.0.0.0/8,192.168.1.1/32</screen>
<para>
Restart postfixa:
</para>
- <screen>
- # /etc/rc.d/init.d/postfix restart
- </screen>
+ <screen># /etc/rc.d/init.d/postfix restart</screen>
<para>
No i to wszystko razem powinno wygladać tak:
</para>
- <screen>
- # postconf -n
- alias_database = hash:/etc/mail/aliases
- alias_maps = hash:/etc/mail/aliases
- biff = no
- broken_sasl_auth_clients = yes
- command_directory = /usr/sbin
- config_directory = /etc/mail
- daemon_directory = /usr/lib/postfix
- debug_peer_level = 2
- default_privs = nobody
- mail_owner = postfix
- mail_spool_directory = /var/mail
- myhostname = networking.ee
- mynetworks = 127.0.0.0/8, 192.168.1.1/32, 192.168.1.1/32
- myorigin = $myhostname
- queue_directory = /var/spool/postfix
- setgid_group = maildrop
- smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
- smtpd_sasl_auth_enable = yes
- </screen>
+ <screen># postconf -n
+alias_database = hash:/etc/mail/aliases
+alias_maps = hash:/etc/mail/aliases
+biff = no
+broken_sasl_auth_clients = yes
+command_directory = /usr/sbin
+config_directory = /etc/mail
+daemon_directory = /usr/lib/postfix
+debug_peer_level = 2
+default_privs = nobody
+mail_owner = postfix
+mail_spool_directory = /var/mail
+myhostname = networking.ee
+mynetworks = 127.0.0.0/8, 192.168.1.1/32, 192.168.1.1/32
+myorigin = $myhostname
+queue_directory = /var/spool/postfix
+setgid_group = maildrop
+smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
+smtpd_sasl_auth_enable = yes</screen>
</section>
<section>
<title>Szyfrowanie</title>
@@ -104,82 +84,64 @@
<para>
Robimy to w sposób następujący:
</para>
- <screen>
- # openssl genrsa -out key.pem 1024
- # openssl req -new -x509 -key key.pem -out cert.pem
- # cat cert.pem >> key.pem; mv -f key.pem cert.pem
- # cp cert.pem /var/lib/openssl/certs/nasza.domena.pl.pem
- </screen>
+ <screen># openssl genrsa -out key.pem 1024
+# openssl req -new -x509 -key key.pem -out cert.pem
+# cat cert.pem >> key.pem; mv -f key.pem cert.pem
+# cp cert.pem /var/lib/openssl/certs/nasza.domena.pl.pem</screen>
<para>
Do pliku <filename>/etc/mail/main.cf</filename> należy dodać 4 linijki, takie jak poniżej:
</para>
- <screen>
- smtpd_tls_cert_file = /var/lib/openssl/certs/nasza.domena.pl.pem
- smtpd_tls_key_file = $smtpd_tls_cert_file
- smtpd_use_tls = yes
- smtp_use_tls = yes
- </screen>
+ <screen>smtpd_tls_cert_file = /var/lib/openssl/certs/nasza.domena.pl.pem
+smtpd_tls_key_file = $smtpd_tls_cert_file
+smtpd_use_tls = yes
+smtp_use_tls = yes</screen>
<para>
W pliku <filename>/etc/mail/master.cf</filename> należy zastapić aktualną linijkę czyli tą z domyślnej instalacji:
</para>
- <screen>
- #smtps inet n - n - - smtpd
- na naszą aktualną:
- smtps inet n - y - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
- </screen>
+ <screen>#smtps inet n - n - - smtpd
+na naszą aktualną:
+ smtps inet n - y - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes</screen>
</section>
<section>
<title>Domeny</title>
<para>
Jeżeli posiadamy więcej niż jedną domenę na serwerze to w <filename>/etc/mail/main.cf</filename> dopisujemy:
</para>
- <screen>
- mydestination = $myhostname, jakas.domena.pl, costam.gdziestam.pl, PLD.biz.pl
- </screen>
+ <screen>mydestination = $myhostname, jakas.domena.pl, costam.gdziestam.pl, PLD.biz.pl</screen>
<para>
Jeżeli chcemy aby nasz postfix obłsugiwał wirtualne domeny (przyznawał się do nich) dopisujemy w <filename>/etc/mail/main.cf</filename> takie dwie linijki:
</para>
- <screen>
- relay_domains = hash:/etc/mail/domains
- virtual_maps = hash:/etc/mail/virtual
- </screen>
+ <screen>relay_domains = hash:/etc/mail/domains
+virtual_maps = hash:/etc/mail/virtual</screen>
<para>
Tworzymy <filename>/etc/mail/domains</filename> i robimy nastepujące wpisy:
</para>
- <screen>
- # plik domains, w nim wpisane domeny dla których nasz serwer pocztę bedzie przyjmował
- networking.ee relay
- jakas.domena.pl relay
- costam.gdziestam.pl relay
- PLD.biz.pl relay
- </screen>
+ <screen># plik domains, w nim wpisane domeny dla których nasz serwer pocztę bedzie przyjmował
+networking.ee relay
+jakas.domena.pl relay
+costam.gdziestam.pl relay
+PLD.biz.pl relay</screen>
<para>
Do <filename>/etc/mail/virtual</filename> dopisujemy na przykład coś takiego:
</para>
- <screen>
- # plik virtual, w nim wpisane są kąta w domenach ktore obsługujemy
- # schemat wpisu
- # ktostam.nazwisko w domena.pl konto_w_systemie
- rafal.drozd w networking.ee grifter
- rafal.drozd w jakas.domena.pl grifter
- rafal.drozd w costam.gdziestam.pl grifter
- rafal.drozd w PLD.biz.pl grifter
- virusalert w networking.ee grifter
- # to ostatnie będzie nam później do amavisa potrzebne :)
- </screen>
+<screen># plik virtual, w nim wpisane są kąta w domenach ktore obsługujemy
+# schemat wpisu
+# ktostam.nazwisko w domena.pl konto_w_systemie
+rafal.drozd w networking.ee grifter
+rafal.drozd w jakas.domena.pl grifter
+rafal.drozd w costam.gdziestam.pl grifter
+rafal.drozd w PLD.biz.pl grifter
+virusalert w networking.ee grifter
+# to ostatnie będzie nam później do amavisa potrzebne :)</screen>
<para>
Teraz musimy wklepać
</para>
- <screen>
- # postmap /etc/mail/domains
- # postmap /etc/mail/virtual
- </screen>
+ <screen># postmap /etc/mail/domains
+# postmap /etc/mail/virtual</screen>
<para>
No i restart postfixa
</para>
- <screen>
- # /etc/rc.d/init.d/postfix restart
- </screen>
+ <screen># /etc/rc.d/init.d/postfix restart</screen>
</section>
<section>
<title>Usprawnienia</title>
@@ -189,100 +151,92 @@
<para>
Edytujemy <filename>/etc/mail/main.cf</filename> i dodajemy następujace wpisy:
</para>
- <screen>
- disable_vrfy_command = yes
- # liczba odbiorcow max 100 dla jednego maila
- smtpd_recipient_limit = 100
- smtpd_error_sleep_time = 5
- smtpd_hard_error_limit = 10
- smtpd_helo_required = yes
- # ogranicz do 2 mega [2000000] wielkosc przesylki, wlasciwie majac dobre lacze mozna
- # wpisac 10 mega [10000000]
- message_size_limit = 2000000
- # spam fight! :>
- header_checks = regexp:/etc/mail/header_checks
- mail_name = PLD - $myhostname
- smtpd_banner = $myhostname ESMTP $mail_name. We block/report all spam.
- smtpd_soft_error_limit = 60
- default_process_limit = 3
- maps_rbl_domains = relays.ordb.org
- smtpd_client_restrictions = reject_maps_rbl
- </screen>
+ <screen>disable_vrfy_command = yes
+# liczba odbiorcow max 100 dla jednego maila
+smtpd_recipient_limit = 100
+smtpd_error_sleep_time = 5
+smtpd_hard_error_limit = 10
+smtpd_helo_required = yes
+# ogranicz do 2 mega [2000000] wielkosc przesylki, wlasciwie majac dobre lacze mozna
+# wpisac 10 mega [10000000]
+message_size_limit = 2000000
+# spam fight! :>
+header_checks = regexp:/etc/mail/header_checks
+mail_name = PLD - $myhostname
+smtpd_banner = $myhostname ESMTP $mail_name. We block/report all spam.
+smtpd_soft_error_limit = 60
+default_process_limit = 3
+maps_rbl_domains = relays.ordb.org
+smtpd_client_restrictions = reject_maps_rbl</screen>
<para>
Tworzymy <filename>/etc/mail/header_checks</filename> i dopisujemy:
</para>
- <screen>
- /^To: .*friend w public/ REJECT Header-To address revoked due to too much spam.
- /^Subject: ADV\W/ REJECT Header-Subject beginning with "spam" ADV tag rejected.
- </screen>
+ <screen>/^To: .*friend w public/ REJECT Header-To address revoked due to too much spam.
+/^Subject: ADV\W/ REJECT Header-Subject beginning with "spam" ADV tag rejected.</screen>
</section>
<section>
<title>Końcowa konfiguracja</title>
- <screen>
- # postconf -n
- alias_database = hash:/etc/mail/aliases
- alias_maps = hash:/etc/mail/aliases
- biff = no
- broken_sasl_auth_clients = yes
- command_directory = /usr/sbin
- config_directory = /etc/mail
- daemon_directory = /usr/lib/postfix
- debug_peer_level = 2
- default_privs = nobody
- default_process_limit = 3
- disable_vrfy_command = yes
- header_checks = regexp:/etc/mail/header_checks
- mail_name = PLD - $myhostname
- mail_owner = postfix
- mail_spool_directory = /var/mail
- maps_rbl_domains = relays.ordb.org
- message_size_limit = 2000000
- myhostname = networking.ee
- mynetworks = 127.0.0.0/8,192.168.1.1/32
- myorigin = $myhostname
- queue_directory = /var/spool/postfix
- relay_domains = hash:/etc/mail/domains
- setgid_group = maildrop
- smtp_use_tls = yes
- smtpd_banner = $myhostname ESMTP $mail_name. We block/report all spam.
- smtpd_client_restrictions = reject_maps_rbl
- smtpd_error_sleep_time = 5
- smtpd_hard_error_limit = 10
- smtpd_helo_required = yes
- smtpd_recipient_limit = 100
- smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
- smtpd_sasl_auth_enable = yes
- smtpd_soft_error_limit = 60
- smtpd_tls_cert_file = /var/lib/openssl/certs/nasza.domena.pl.pem
- smtpd_tls_key_file = $smtpd_tls_cert_file
- smtpd_use_tls = yes
- virtual_maps = hash:/etc/mail/virtual
- </screen>
+ <screen># postconf -n
+alias_database = hash:/etc/mail/aliases
+alias_maps = hash:/etc/mail/aliases
+biff = no
+broken_sasl_auth_clients = yes
+command_directory = /usr/sbin
+config_directory = /etc/mail
+daemon_directory = /usr/lib/postfix
+debug_peer_level = 2
+default_privs = nobody
+default_process_limit = 3
+disable_vrfy_command = yes
+header_checks = regexp:/etc/mail/header_checks
+mail_name = PLD - $myhostname
+mail_owner = postfix
+mail_spool_directory = /var/mail
+maps_rbl_domains = relays.ordb.org
+message_size_limit = 2000000
+myhostname = networking.ee
+mynetworks = 127.0.0.0/8,192.168.1.1/32
+myorigin = $myhostname
+queue_directory = /var/spool/postfix
+relay_domains = hash:/etc/mail/domains
+setgid_group = maildrop
+smtp_use_tls = yes
+smtpd_banner = $myhostname ESMTP $mail_name. We block/report all spam.
+smtpd_client_restrictions = reject_maps_rbl
+smtpd_error_sleep_time = 5
+smtpd_hard_error_limit = 10
+smtpd_helo_required = yes
+smtpd_recipient_limit = 100
+smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
+smtpd_sasl_auth_enable = yes
+smtpd_soft_error_limit = 60
+smtpd_tls_cert_file = /var/lib/openssl/certs/nasza.domena.pl.pem
+smtpd_tls_key_file = $smtpd_tls_cert_file
+smtpd_use_tls = yes
+virtual_maps = hash:/etc/mail/virtual</screen>
<para>
Zawartość master.cf
</para>
- <screen>
- # grep -v ^# /etc/mail/master.cf
- smtp inet n - n - - smtpd
- smtps inet n - y - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
- pickup fifo n - n 60 1 pickup
- cleanup unix n - n - 0 cleanup
- qmgr fifo n - n 300 1 qmgr
- rewrite unix - - n - - trivial-rewrite
- bounce unix - - n - 0 bounce
- defer unix - - n - 0 bounce
- flush unix n - n 1000? 0 flush
- smtp unix - - n - - smtp
- showq unix n - n - - showq
- error unix - - n - - error
- local unix - n n - - local
- virtual unix - n n - - virtual
- lmtp unix - - n - - lmtp
- cyrus unix - n n - - pipe flags=R user=cyrus argv=/usr/lib/cyrus/deliver -e -m ${extension} ${user}
- uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
- ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
- bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
- </screen>
+ <screen># grep -v ^# /etc/mail/master.cf
+smtp inet n - n - - smtpd
+smtps inet n - y - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
+pickup fifo n - n 60 1 pickup
+cleanup unix n - n - 0 cleanup
+qmgr fifo n - n 300 1 qmgr
+rewrite unix - - n - - trivial-rewrite
+bounce unix - - n - 0 bounce
+defer unix - - n - 0 bounce
+flush unix n - n 1000? 0 flush
+smtp unix - - n - - smtp
+showq unix n - n - - showq
+error unix - - n - - error
+local unix - n n - - local
+virtual unix - n n - - virtual
+lmtp unix - - n - - lmtp
+cyrus unix - n n - - pipe flags=R user=cyrus argv=/usr/lib/cyrus/deliver -e -m ${extension} ${user}
+uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient</screen>
</section>
<section>
<title>Solid-pop3d</title>
@@ -292,44 +246,36 @@
<para>
Uruchomienie demona inetd:
</para>
- <screen>
- # /etc/rc.d/init.d/rc-inetd start
- </screen>
+ <screen># /etc/rc.d/init.d/rc-inetd start</screen>
<para>
Należy wyedytować plik <filename>/etc/spop3d-ssl.conf</filename> w którym podajemy scieżkę do certyfikatu <filename>/var/lib/openssl/certs/nasza.domena.pl.pem</filename>
</para>
<para>
Plik wygląda mniejwięcej tak:
</para>
- <screen>
- <Global>
- /* AllowRootLogin yes */
- MailDropName "/var/mail/%s"
- MailDropType mailbox
- UserBullFile .spop3d-bull
- AutoLogoutTime 60s
- UserOverride yes
- AllowAPOP yes
- ChangeGID true
- TLSWrap yes
- TLSCertFile /var/lib/openssl/certs/nasza.domena.pl.pem
- TLSKeyFile /var/lib/openssl/certs/nasza.domena.pl.pem
- /* ReadExpire 0 */
- /* UnreadExpire 5w */
- </Global>
- </screen>
+ <screen><Global>
+/* AllowRootLogin yes */
+MailDropName "/var/mail/%s"
+MailDropType mailbox
+UserBullFile .spop3d-bull
+AutoLogoutTime 60s
+UserOverride yes
+AllowAPOP yes
+ChangeGID true
+TLSWrap yes
+TLSCertFile /var/lib/openssl/certs/nasza.domena.pl.pem
+TLSKeyFile /var/lib/openssl/certs/nasza.domena.pl.pem
+/* ReadExpire 0 */
+/* UnreadExpire 5w */
+</Global></screen>
<para>
Zrestartuj potem demona inetd:
</para>
- <screen>
- # /etc/rc.d/init.d/rc-inetd restart
- </screen>
+ <screen># /etc/rc.d/init.d/rc-inetd restart</screen>
<para>
No i restart postfixa
</para>
- <screen>
- # /etc/rc.d/init.d/postfix restart
- </screen>
+ <screen># /etc/rc.d/init.d/postfix restart</screen>
</section>
<section>
<title>amavis + mks</title>
@@ -339,36 +285,30 @@
<para>
Instalujemy poldkiem mksa, serwer mksd, bazy, oraz scrypt aktualizujący bazy
</para>
- <screen>
- poldek -i mks mksd mks-bases mks-updater
- </screen>
+ <screen>poldek -i mks mksd mks-bases mks-updater</screen>
<para>
Teraz sciągamy jakiegoś wirusa i sprawdzamy czy mks32 działa...
</para>
- <screen>
- # wget http://www.eicar.org/download/eicar.com
- # mks32 eicar.com
- mks_vir: init... 1.9.0 for Linux i386, 2003.07.02
- mks_vir: database version 2003 7 11 13 23
- mks_vir: init OK, scan mode
- mks_vir: check file(s)
- mks_vir: file: eicar.com
- mks_vir: --heuristic for virus Eicar.Test
- mks_vir: --heuristic for virus Eicar.Test
- mks_vir: status: virus found: eicar.com
- mks_vir: exit code: 0x01
- </screen>
+ <screen># wget http://www.eicar.org/download/eicar.com
+# mks32 eicar.com
+mks_vir: init... 1.9.0 for Linux i386, 2003.07.02
+mks_vir: database version 2003 7 11 13 23
+mks_vir: init OK, scan mode
+mks_vir: check file(s)
+mks_vir: file: eicar.com
+mks_vir: --heuristic for virus Eicar.Test
+mks_vir: --heuristic for virus Eicar.Test
+mks_vir: status: virus found: eicar.com
+mks_vir: exit code: 0x01</screen>
<para>
Jesli dostaliście coś takiego... tzn ze wszystko jest ok ;)
</para>
<para>
Teraz przetestujemy czy mksd działa poprawnie.
</para>
- <screen>
- # /etc/rc.d/init.d/mksd start
- # mksscan ../mks32-1-9-0-Linux-i386/eicar.com
- VIR Eicar.Test /root/skaner/eicar.com
- </screen>
+ <screen># /etc/rc.d/init.d/mksd start
+# mksscan ../mks32-1-9-0-Linux-i386/eicar.com
+VIR Eicar.Test /root/skaner/eicar.com</screen>
<para>
Jesli dostaleś coć takiego tzn. ze wszystko jest okej.
mksd przyśpiesza znacznie pracę na słabych maszynach... wtedy znacznie odczujesz.
@@ -376,9 +316,7 @@
<para>
Instalujemy teraz amavisa
</para>
- <screen>
- poldek -i amavisd-new
- </screen>
+ <screen>poldek -i amavisd-new</screen>
<para>
No i teraz najgorsze ;)
</para>
@@ -388,72 +326,60 @@
<para>
Odkomentuj linie:
</para>
- <screen>
- @bypass_spam_checks_acl = qw( . ); # uncomment to DISABLE anti-spam code
- </screen>
+ <screen>@bypass_spam_checks_acl = qw( . ); # uncomment to DISABLE anti-spam code</screen>
<para>
Pozmieniaj odpowiednie linie
</para>
- <screen>
- $mydomain = 'twoja.domena.pl'; # (no useful default)
- $daemon_user = 'root'; # (no default; customary: vscan or amavis)
- $daemon_group = 'root'; # (no default; customary: vscan or amavis)
- </screen>
+ <screen>$mydomain = 'twoja.domena.pl'; # (no useful default)
+$daemon_user = 'root'; # (no default; customary: vscan or amavis)
+$daemon_group = 'root'; # (no default; customary: vscan or amavis)</screen>
<para>
Zakomentuj linie:
</para>
- <screen>
- #$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket
- </screen>
+ <screen>#$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket</screen>
<para>
Jeśli nie chcesz żeby amavis używal pewnych pakerów to zakomentuj odpowiednie linie, np.
</para>
- <screen>
- #$unrar = 'unrar';
- </screen>
+ <screen>#$unrar = 'unrar';</screen>
<para>
Usuń wszystkie wpisy na temat antywirusów (@av_scanners = ) i zastąp to wpisem z pliku README z archiwum mksd:
</para>
- <screen>
- ['MkS_Vir daemon',
- 'mksscan', '-s -Q {}',
- [0], [1..7],
- qr/^... (\S+)/
- ],
- </screen>
+ <screen>['MkS_Vir daemon',
+'mksscan', '-s -Q {}',
+[0], [1..7],
+qr/^... (\S+)/
+ ],</screen>
<para>
Usun wpisy z @av_scanners_backup =
</para>
<para>
W swoim systemie pocztowym (postfix) utwórz użytkownika (lub alias) "virusalert" lub pozmieniaj wpisy:
</para>
- <screen>
- $mailfrom_notify_admin
- $mailfrom_notify_recip
- $virus_admin
- </screen>
+ <screen>$mailfrom_notify_admin
+$mailfrom_notify_recip
+$virus_admin</screen>
<para>
My zrobiliśmy wczesniej aliasa dla virusalert'a ;)
</para>
<para>
Ja sobie jeszcze dopisałem:
</para>
- <screen>
- $hdrfrom_notify_sender = $mailfrom_notify_admin;
- </screen>
+ <screen>$hdrfrom_notify_sender = $mailfrom_notify_admin;</screen>
<para>
Jesli nie chcesz aby nadawcy listow oraz admini dostawali informacje o wirusach w domyślnym języku (English) to odkomentuj linie i zrób własne wpisy w /var/amavis/*.txt :]
</para>
- <screen>
- # $notify_sender_templ = read_text('/var/amavis/notify_sender.txt');
- # $notify_virus_sender_templ=read_text('/var/amavis/notify_virus_sender.txt');
- # $notify_virus_admin_templ = read_text('/var/amavis/notify_virus_admin.txt');
- # $notify_virus_recips_templ=read_text('/var/amavis/notify_virus_recips.txt');
- i zmien
- #$bdy_encoding = 'iso-8859-1'; # (default: 'iso-8859-1')
- na
- $bdy_encoding = 'iso-8859-2'; # (default: 'iso-8859-1')
- </screen>
+ <screen># $notify_sender_templ = read_text('/var/amavis/notify_sender.txt');
+# $notify_virus_sender_templ=read_text('/var/amavis/notify_virus_sender.txt');
+# $notify_virus_admin_templ = read_text('/var/amavis/notify_virus_admin.txt');
+# $notify_virus_recips_templ=read_text('/var/amavis/notify_virus_recips.txt');
+
+i zmien
+
+#$bdy_encoding = 'iso-8859-1'; # (default: 'iso-8859-1')
+
+na
+
+$bdy_encoding = 'iso-8859-2'; # (default: 'iso-8859-1')</screen>
<para>
Wedlug licencji powinnieneś umieścić w notify_sender.txt reklamę http://www.mks.com.pl
gdyż jest do warunek licencji na używanie mks'a ;) Na końcu pliku /usr/sbin/amavisd
@@ -462,38 +388,32 @@
<para>
W pliku <filename>/etc/mail/master.cf</filename> dopisujemy nową linnię:
</para>
- <screen>
- localhost:10025 inet n - n - - smtpd
- </screen>
+ <screen>localhost:10025 inet n - n - - smtpd</screen>
<para>
No i restart postfixa,amavisda i mksa
</para>
- <screen>
- # /etc/rc.d/init.d/postfix restart
- # /etc/rc.d/init.d/mksd restart
- # /etc/rc.d/init.d/amavisd restart
- </screen>
+ <screen># /etc/rc.d/init.d/postfix restart
+# /etc/rc.d/init.d/mksd restart
+# /etc/rc.d/init.d/amavisd restart</screen>
<para>
Teraz testujemy amavisa:
</para>
- <screen>
- # telnet 127.0.0.1 10024
- Trying 127.0.0.1.10024...
- Connected to localhost.
- Escape character is '^]'.
- 220 [127.0.0.1] ESMTP amavisd-new service ready
- MAIL FROM: <root>
- 250 2.1.0 Sender root OK
- RCPT TO: <root>
- 250 2.1.5 Recipient root OK
- DATA
- 354 End data with <CR><LF>.<CR><LF>
- Subject: test bez wirusa
- test
- .
+ <screen># telnet 127.0.0.1 10024
+Trying 127.0.0.1.10024...
+Connected to localhost.
+Escape character is '^]'.
+220 [127.0.0.1] ESMTP amavisd-new service ready
+MAIL FROM: <root>
+250 2.1.0 Sender root OK
+RCPT TO: <root>
+250 2.1.5 Recipient root OK
+DATA
+354 End data with <CR><LF>.<CR><LF>
+Subject: test bez wirusa
+test
+.
- 250 2.6.0 Ok, id=29569-01, from MTA: 250 Ok: queued as A1017FD1E
- </screen>
+250 2.6.0 Ok, id=29569-01, from MTA: 250 Ok: queued as A1017FD1E</screen>
<para>
Dostaleś 250? To znaczy, ze amavisd sprawdził przesyłke :) nie wierzysz?
tail -n 100 -f /var/log/maillog
@@ -501,57 +421,50 @@
<para>
A teraz sprawdzimy jak reaguje na przesyłkę z wirusem:
</para>
- <screen>
- # telnet 127.0.0.1 10024
- Trying 127.0.0.1.10024...
- Connected to localhost.
- Escape character is '^]'.
- 220 [127.0.0.1] ESMTP amavisd-new service ready
- MAIL FROM: <root>
- 250 2.1.0 Sender root OK
- RCPT TO: <root>
- 250 2.1.5 Recipient root OK
- DATA
- 354 End data with <CR><LF>.<CR><LF>
- Subject: test z wirusem
-
- X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
- .
- 250 2.5.0 Ok, but 1 BOUNCE
- </screen>
+ <screen># telnet 127.0.0.1 10024
+Trying 127.0.0.1.10024...
+Connected to localhost.
+Escape character is '^]'.
+220 [127.0.0.1] ESMTP amavisd-new service ready
+MAIL FROM: <root>
+250 2.1.0 Sender root OK
+RCPT TO: <root>
+250 2.1.5 Recipient root OK
+DATA
+354 End data with <CR><LF>.<CR><LF>
+Subject: test z wirusem
+
+X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
+.
+250 2.5.0 Ok, but 1 BOUNCE</screen>
<para>
No i znalazł wirusa :) w logach mamy:
</para>
- <screen>
- Jul 14 04:17:43 networking amavis[29569]: (29569-02) INFECTED (Eicar.Test),
- <root> -> <root>, quarantine virus-20030714-041716-29569-02, Message-ID: , Hits: -
- </screen>
+ <screen>Jul 14 04:17:43 networking amavis[29569]: (29569-02) INFECTED (Eicar.Test),
+<root> -> <root>, quarantine virus-20030714-041716-29569-02, Message-ID: , Hits: -</screen>
<para>
Teraz jeszcze mala obróbka plików cf od postfixa ;)
</para>
<para>
Edytujemy <filename>/etc/mail/master.cf</filename>
</para>
- <screen>
- Linijke:
- smtp inet n - n - - smtpd
- zamieniamy na:
- smtp inet n - n - - smtpd -o content_filter=smtp-amavis:[127.0.0.1]:10024
+ <screen>Linijke:
+smtp inet n - n - - smtpd
+
+zamieniamy na:
+
+smtp inet n - n - - smtpd -o content_filter=smtp-amavis:[127.0.0.1]:10024
</screen>
<para>
oraz dodajemy jeszcze:
</para>
- <screen>
- smtp-amavis unix - - n - 2 smtp
- -o smtp_data_done_timeout=1200
- -o disable_dns_lookups=yes
- </screen>
+ <screen>smtp-amavis unix - - n - 2 smtp
+-o smtp_data_done_timeout=1200
+-o disable_dns_lookups=yes</screen>
<para>
Restart postfixa:
</para>
- <screen>
- # /etc/rc.d/init.d/postfix restart
- </screen>
+ <screen># /etc/rc.d/init.d/postfix restart</screen>
<para>
i powinno wszystko nam pieknie latac:)
</para>
Więcej informacji o liście dyskusyjnej pld-doc