/etc/postfix/main.cf
home_mailbox = Maildir/
#SASL
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
#amavis
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
#smptd restrictions
smtpd_client_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_rbl_client cbl.abuseat.org,reject_rbl_client dnsbl.sorbs.net
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,reject_invalid_helo_hostname,check_helo_access hash:/etc/postfix/check_helo
smtpd_data_restrictions = reject_unauth_pipelining, reject_multi_recipient_bounce
smtpd_reject_unlisted_sender = yes
另外,在/etc/postfix/下新增check_helo對照表,格式如下:
主機名稱或IP 處置動作
例如,在check_helo檔案內設定如下:
mail.demo.tw REJECT
設定好後,執行postmap /etc/postfix/check_helo,上述設定意義為(假設我的郵件主機名稱為mail.demo.tw),拒絕以mail.demo.tw這個主機名稱來連接,可避免client端冒用我方主機發送垃圾信件!
/etc/postfix/master.cf
amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
/etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir
/etc/dovecot/conf.d/10-master.conf
...
service auth {
...
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
...
}
/etc/dovecot/conf.d/10-auth.conf
auth_mechanisms = plain login
/etc/amavis/conf.d/15-content_filter_mode
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
/etc/amavis/conf.d/20-debian_defaults (是狀況修該需要值 for Spam,這部分很怪的是明明安裝的是Ubuntu,卻一樣套用20-debian_defaults,試過修改21-ubuntu_defaults,卻沒有效果!)
/etc/amavis/conf.d/50-user
$pax='pax';
sudo adduser clamav amavis
sudo service amavis restart
sudo service clamav-freshclam restart
sudo service clamav-daemon restart
sudo freshclam
sudo service dovecot restart
sudo service postfix restart
/etc/spamassassin/local.cf
#bayes
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1
/etc/default/spamassassin
ENABLED=1
You can check your SpamAssassin configuration by executing:
spamassassin --lint (It shouldn't show any errors.)
sudo service amavis restart
Now we update our SpamAssassin rulesets as follows:
sudo sa-update --nogpg -D
We create a cron job so that the rulesets will be updated regularly. Run
sudo crontab -e
23 4 */2 * * /usr/bin/sa-update --nogpg -D &> /dev/null
sudo service spamassassin start