{"id":405,"date":"2012-03-05T21:46:41","date_gmt":"2012-03-05T20:46:41","guid":{"rendered":"http:\/\/diablo.craem.net\/wordpress\/?p=405"},"modified":"2012-03-05T21:46:41","modified_gmt":"2012-03-05T20:46:41","slug":"instalar-servidor-anti-spam-parte-3","status":"publish","type":"post","link":"https:\/\/diablo.craem.net\/?p=405","title":{"rendered":"Instalar servidor anti-spam, parte 3"},"content":{"rendered":"

Ahora nos toca configurar Postfix.
\nHacemos una copia del fichero \/etc\/postfix\/main.cf
\n
\n#cp main.cf main.cf_old
\n<\/code>
\nY lo dejamos tal que:
\n
\nmyhostname = antispam.craem.net
\nmydomain = craem.net
\nmyorgin = $mydomain
\nmasquerade_domain = $mydomain
\nmydestination = $myhostname, localhost.$mydomain, $mydomain
\nmynetwork_style = host
\n######################################################
\nmynetworks = 192.168.2.0\/24
\nrelay_domains = craem.net, craem.cat, craem.es
\ntransport_maps = hash:\/etc\/postfix\/transport
\nappend_at_myorigin = no
\nlocal_recipient_maps =
\nheader_checks = regexp:\/etc\/postfix\/header_checks
\nDisarmed_Modify_Subject = no
\n# Medidas antispam (anti-UCE)
\nsmtpd_helo_required = yes
\ndisable_vrfy_command = yes
\nstrict_rfc821_envelopes = yes
\nsmtpd_recipient_restrictions =
\n reject_invalid_hostname,
\n reject_non_fqdn_sender,
\n reject_non_fqdn_recipient,
\n reject_unknown_sender_domain,
\n reject_unknown_recipient_domain,
\n permit_mynetworks,
\n permit_sasl_authenticated,
\n reject_unauth_destination,
\n reject_rbl_client dul.dnsbl.sorbs.net,
\n reject_rbl_client dnsbl.sorbs.net,permit
\nsmtpd_data_restrictions =
\n reject_unauth_pipelining,
\n permit
\nbounce_notice_recipient = postmaster@craem.net
\ndelay_notice_recipient = postmaster@craem.net
\n2bounce_notice_recipient = postmaster@craem.net
\nerror_notice_recipient = postmaster@craem.net
\ndefault_destination_concurrency_limit = 10
\nsmtpd_recipient_limit = 100
\nmaximal_queue_lifetime = 2d
\nfallback_relay =
\nsmtp_destination_recipient_limit = 200
\nsmtp_destination_concurrency_limit = 10
\n<\/code>
\nAhora crearemos el fichero transport, que tendr\u00e1 las ip’s a las cuales entregaremos el correo despu\u00e9s de filtrarlo:
\n
\n# nano \/etc\/postfix\/transport
\n<\/code>
\ny a\u00f1adimos:
\n
\ncraem.net smtp:[192.168.2.4]
\ncraem.cat smtp:[192.168.2.4]
\ncraem.es smtp:[192.168.2.4]
\n<\/code>
\nSi nuestro servidor de correo corporativo, tiene m\u00e1s dominios, hemos de tener una entrada con cada una de ellas o, si queremos filtrar el correo para otras personas (servicio de pago :-)), pues eso, a a\u00f1adir m\u00e1s.
\nUna vez creado el fichero, creamos la DB del transport, para ser consultada por el postfix
\n
\n# postmap \/etc\/postfix\/transport
\n<\/code>
\nCon \u00e9sto, nos crear\u00e1 el fichero transport.db. Reiniciamos postfix
\n
\n# \/etc\/init.d\/postfix restart
\n<\/code>
\nAhora toca descargar mailscanner…
\n
\n# cd \/usr\/src
\n# wget -c https:\/\/www.mailscanner.info\/files\/4\/tar\/MailScanner-install-4.84.5-2.tar.gz
\n# tar -zxvf MailScanner-install-4.84.5-2.tar.gz
\n# cd MailScanner-install-4.84.5\/
\n# .\/install.sh
\n<\/code>
\nY tras un rato, tendremos instalado (que no configurado) el mailscanner.
\nAhora, tal y como nos pide MailScanner, creamos las entradas en el Crontab, para las actualizaciones:
\n
\n# crontab -e
\n<\/code>
\nY le a\u00f1adimos lo siguiente:
\n
\n37 5 * * * \/opt\/MailScanner\/bin\/update_phishing_sites
\n07 * * * * \/opt\/MailScanner\/bin\/update_bad_phishing_sites
\n58 23 * * * \/opt\/MailScanner\/bin\/clean.quarantine
\n42 * * * * \/opt\/MailScanner\/bin\/update_virus_scanners
\n3,23,43 * * * * \/opt\/MailScanner\/bin\/check_mailscanner
\n<\/code>
\nEditamos el fichero \/etc\/default\/spamassassin y cambiamos:
\n
\nENABLED=0 to ENABLED=1
\nCRON=0 to CRON=1
\n<\/code>
\nY lo arrancamos;
\n
\n# \/etc\/init.d\/spamassassin start
\n<\/code>
\nAhora, editamos el fichero \/opt\/MailScanner\/etc\/MailScanner.conf y cambiamos
\n
\nRun As User = postfix
\nRun As Group = postfix
\nMTA = postfix
\nIncoming Queue Dir = \/var\/spool\/postfix\/hold
\nOutgoing Queue Dir = \/var\/spool\/postfix\/incoming
\nVirus Scanners = clamav
\nSpam List = SBL+XBL
\nSpamAssassin User State Dir = \/var\/spool\/MailScanner\/spamassassin
\n<\/code>
\nAhora, editamos el fichero:
\n\/etc\/postfix\/header_checks
\nY a\u00f1adimos lo siguiente:
\n
\n\/^Received:\/ HOLD
\n<\/code>
\nReiniciamos el postfix y arrancamos el mailscanner
\n
\n# \/etc\/init.d\/postfix restart
\n# cd \/opt\/MailScanner\/bin
\n# .\/check_mailscanner
\n<\/code>
\nAhora instalaremos mailwatch<\/em> , que ser\u00e1 la \u00abinterfaz\u00bb gr\u00e1fica del mailscanner.
\n
\n# cd \/usr\/src\/
\n# wget -c https:\/\/downloads.sourceforge.net\/project\/mailwatch\/mailwatch\/1.1.5.1\/mailwatch-1.1.5.1.tar.gz?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fmailwatch%2F&ts=1330981577&use_mirror=garr
\n<\/code>
\nDescomprimes el tar.gz y importamos el *.sql
\n
\n# mysql -p < create.sql\n<\/code>
\nCreamos el usuario:
\n
\n # mysql -p
\n > GRANT ALL ON mailscanner.* TO mailscanner@localhost IDENTIFIED BY 'mailscanner';
\n<\/code>
\nCreamos el usuario para loguear en la web de mailwatch:
\n
\nmysql -u root -pPASSWORD
\n mysql> INSERT INTO users VALUES ('root',md5('password'),'root','A','0','0','0','0','0');
\n<\/code>
\nMovemos el directorio mailscanner a la raiz del webServer:
\n
\n# mv mailscanner \/var\/www\/
\n<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"

Ahora nos toca configurar Postfix. Hacemos una copia del fichero \/etc\/postfix\/main.cf #cp main.cf main.cf_old Y lo dejamos tal que: myhostname = antispam.craem.net mydomain = craem.net myorgin = $mydomain masquerade_domain = $mydomain mydestination = $myhostname, localhost.$mydomain, $mydomain mynetwork_style = host ###################################################### mynetworks = 192.168.2.0\/24 relay_domains = craem.net, craem.cat, craem.es transport_maps = hash:\/etc\/postfix\/transport append_at_myorigin = no local_recipient_maps […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,8],"tags":[21,48,102,105,136,146,147],"class_list":["post-405","post","type-post","status-publish","format-standard","hentry","category-linux","category-varios","tag-antispam","tag-clamav","tag-linux-2","tag-mailscanner","tag-openspf","tag-postfix","tag-postgrey"],"_links":{"self":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts\/405","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=405"}],"version-history":[{"count":0,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts\/405\/revisions"}],"wp:attachment":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=405"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=405"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=405"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}