{"id":429,"date":"2012-03-19T20:30:00","date_gmt":"2012-03-19T19:30:00","guid":{"rendered":"http:\/\/diablo.craem.net\/wordpress\/?p=429"},"modified":"2012-03-19T20:30:00","modified_gmt":"2012-03-19T19:30:00","slug":"instalar-servidor-anti-spam-parte-5","status":"publish","type":"post","link":"https:\/\/diablo.craem.net\/?p=429","title":{"rendered":"Instalar servidor anti-spam, parte 5"},"content":{"rendered":"

Ahora toca protegernos un poco de los spammers.
\nPrimero de todo, instalaremos el postgrey….. recordemos… recibimos un correo y la primera vez, devolvemos un 4.x.x y el servidor remoto, si cumple las RFC, deber\u00e1 volver a intentar la entrega de correo pasados unos minutos.
\nInstalamos postgrey:
\n
\napt-get install postgrey
\n<\/code>
\nEditamos el fichero \/etc\/default\/postgrey veremos donde est\u00e1 escuchando…
\n
\n# nano \/etc\/default\/postgrey
\n<\/code>
\ny tendremos algo tal que:
\n
\n postgrey startup options, created for Debian
\n# you may want to set
\n# --delay=N how long to greylist, seconds (default: 300)
\n# --max-age=N delete old entries after N days (default: 35)
\n# see also the postgrey(8) manpage
\nPOSTGREY_OPTS=\"--inet=60000\"
\n# the --greylist-text commandline argument can not be easily passed through
\n# POSTGREY_OPTS when it contains spaces. So, insert your text here:
\n#POSTGREY_TEXT=\"Your customized rejection message here\"
\n<\/code>
\nCambiamos el puerto al que sea de nuestro gusto (en mi caso al 60000) y reiniciamos postgrey.
\nPara ver si lo hemos hecho correctamente….
\n
\nroot@antispam:\/etc\/default# netstat -anp | grep 60000
\ntcp 0 0 127.0.0.1:60000 0.0.0.0:* LISTEN 3955\/postgrey.pid -
\nroot@antispam:\/etc\/default#
\n<\/code>
\nEditamos el fichero \/etc\/postfix\/main.cf y a\u00f1adimos en la secci\u00f3n:
\n
\nsmtpd_recipient_restrictions =
\n check_policy_service inet:127.0.0.1:60000,<\/strong>
\n reject_invalid_hostname,
\n reject_non_fqdn_sender,
\n reject_non_fqdn_recipient,
\n reject_unknown_sender_domain,
\n reject_unknown_recipient_domain,
\n permit_mynetworks,
\n permit_sasl_authenticated,
\n reject_unauth_destination,
\n reject_rbl_client dul.dnsbl.sorbs.net,
\n reject_rbl_client dnsbl.sorbs.net,permit
\n<\/code>
\nReiniciamos postfix y a probar….
\nPor \u00faltimo, instalaremos el openSPF, para verificar la identidad de los correos en el caso de tener configurado bien los dns.
\nInstalamos los paquetes:
\n
\napt-get install postfix-policyd-spf-perl
\n<\/code>
\nVolvemos a editar el main.cf y ponemos:
\n
\n smtpd_recipient_restrictions =
\n check_policy_service inet:127.0.0.1:60000,
\n check_policy_service unix:private\/policy,<\/strong>
\n<\/code>
\nEditamos el \/etc\/postfix\/master.cf y a\u00f1adimos la final:
\n
\npolicy unix - n n - - spawn
\n user=nobody argv=\/usr\/bin\/perl \/usr\/lib\/postfix\/policyd-spf-perl
\n<\/code>
\nAhora instalaremos la parte en PERL… en la consola, tecleamos
\n
\nperl -MCPAN -e shell
\n<\/code>
\nEn la consola del perl, tecleamos:
\n
\ninstall Mail::SPF
\n<\/code>
\nDescargar\u00e1 paquetes…. una vez acabe, tecleamos en la consola:
\n
\nq<\/code>
\nInstalamos el postfix-policy-spf-perl
\n
\ncd \/usr\/src
\nwget https:\/\/www.openspf.org\/blobs\/postfix-policyd-spf-perl-2.001.tar.gz
\ntar xvfz postfix-policyd-spf-perl-2.001.tar.gz
\ncd postfix-policyd-spf-perl-2.001
\ncp postfix-policyd-spf-perl \/usr\/lib\/postfix\/policyd-spf-perl
\n<\/code>
\nPor \u00faltimo, editamos el fichero \/etc\/postfix\/master.cf y a\u00f1adimos al final:
\n
\npolicy unix - n n - - spawn
\n user=nobody argv=\/usr\/bin\/perl \/usr\/lib\/postfix\/policyd-spf-perl
\n<\/code>
\nReiniciamos postfix y a parar los spammers !!!!!
\nMirar los diversos ficheros que se han tocado y podr\u00e9is ver m\u00e1s opciones que tienen todos los paquetes que hemos instalado.<\/p>\n","protected":false},"excerpt":{"rendered":"

Ahora toca protegernos un poco de los spammers. Primero de todo, instalaremos el postgrey….. recordemos… recibimos un correo y la primera vez, devolvemos un 4.x.x y el servidor remoto, si cumple las RFC, deber\u00e1 volver a intentar la entrega de correo pasados unos minutos. Instalamos postgrey: apt-get install postgrey Editamos el fichero \/etc\/default\/postgrey veremos donde […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[21,48,102,105,146],"class_list":["post-429","post","type-post","status-publish","format-standard","hentry","category-linux","tag-antispam","tag-clamav","tag-linux-2","tag-mailscanner","tag-postfix"],"_links":{"self":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts\/429","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=429"}],"version-history":[{"count":0,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts\/429\/revisions"}],"wp:attachment":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=429"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=429"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=429"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}