Adjust /etc/hosts: Server1 127.0.0.1
Adjust /etc/hosts: Server1 127.0.0.1
Adjust /etc/hosts: Server1 127.0.0.1
vi /etc/hosts
Disable SELinux
vi /etc/selinux/Config
yum update
yum groupinstall 'Development Tools'
yum groupinstall 'Development Libraries'
Now we install some software packages that are needed later on:
yum install fetchmail wget bzip2 unzip zip nmap openssl lynx fileutils ncftp gcc gcc-c++
Postfix With SMTP-AUTH And TLS
Now we install Postfix and Dovecot (Dovecot will be our POP3/IMAP server):
We must edit /usr/lib/sasl2/smtpd.conf so that Postfix allows PLAIN and LOGIN logins (on
64bit systems, this file is in /usr/lib64/sasl2/smtpd.conf). It should look like this:
vi /usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
Then we set the hostname in our Postfix installation (make sure you replace
server1.example.com with your own hostname):
After these configuration steps you should now have a /etc/postfix/main.cf that looks like
this (I have removed all comments from it):
cat /etc/postfix/main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.5.5/samples
readme_directory = /usr/share/doc/postfix-2.5.5/README_FILES
inet_protocols = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
mynetworks = 127.0.0.0/8
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
myhostname = server1.example.com
To see if SMTP-AUTH and TLS work properly now run the following command:
telnet localhost 25
After you have established the connection to your Postfix mail server type
ehlo localhost
250-STARTTLS
and
everything is fine.
Type
quit
Maildir
Dovecot uses Maildir format (not mbox), so if you install ISPConfig on the server, please
make sure you enable Maildir under Management -> Server -> Settings -> Email. ISPConfig
will then do the necessary configuration.
If you do not want to install ISPConfig, then you must configure Postfix to deliver emails to
a user's Maildir (you can also do this if you use ISPConfig - it doesn't hurt ;-)):
vi /etc/amavisd/amavisd.conf
1) Change
To
$mydomain = 'localhost';
#$mydomain = 'example.com'; # a convenient default for other settings
2) Change
$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.9; # triggers spam evasive actions (e.g. blocks mail)
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
to
$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 4.0; # add 'spam detected' headers at that level
$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions (e.g. blocks
mail)
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
#$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
#$sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level
#$sa_kill_level_deflt = 6.9; # triggers spam evasive actions (e.g. blocks mail)
#$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
(Of course, you can adjust the spam scores to your liking.)
3)Change
to
4) Change
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_BOUNCE;
$final_spam_destiny = D_DISCARD;
$final_bad_header_destiny = D_BOUNCE;
to
$final_virus_destiny = D_REJECT;
$final_banned_destiny = D_REJECT;
$final_spam_destiny = D_PASS;
$final_bad_header_destiny = D_PASS;
#$final_virus_destiny = D_DISCARD;
#$final_banned_destiny = D_BOUNCE;
#$final_spam_destiny = D_DISCARD;
#$final_bad_header_destiny = D_BOUNCE;
(Of course, it's up to you to decide what should happen with spam and viruses. I decide to
accept spam (D_PASS) so that Spam can be filtered in my email client with a simple filter
rule (based on the subject that gets rewritten by amavisd-new if it thinks a mail is spam).
The allowed actions (D_PASS, D_DISCARD, D_BOUNCE, and D_REJECT) are explained here:
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#actions)
When we installed ClamAV, a cron job got installed that tries to update the ClamAV virus
database every three hours. But this works only if we enable it in /etc/sysconfig/freshclam
and /etc/freshclam.conf:
vi /etc/sysconfig/freshclam
vi /etc/freshclam.conf
[...]
# Comment or remove the line below.
#Example
[...]
Now let's create the system startup links for ClamAV and amavisd-new, update ClamAV's
virus signature database, and start both services:
vi /etc/postfix/master.cf
[...]
amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
/etc/init.d/postfix restart
Razor, Pyzor and DCC are spamfilters that use a collaborative filtering network. To install
Razor and Pyzor, run
cd /tmp
wget http://www.dcc-servers.net/dcc/source/dcc-dccproc.tar.Z
tar xzvf dcc-dccproc.tar.Z
cd dcc-dccproc-1.3.102
./configure --with-uid=amavis
make
make install
chown -R amavis:amavis /var/dcc
ln -s /var/dcc/libexec/dccifd /usr/local/bin/dccifd
vi /etc/mail/spamassassin/local.cf
# These should be safe assumptions and allow for simple visual sifting
# without risking lost emails.
#required_hits 5
#report_safe 0
#rewrite_header Subject [SPAM]
# dcc
use_dcc 1
dcc_path /usr/local/bin/dccproc
#pyzor
use_pyzor 1
pyzor_path /usr/bin/pyzor
#razor
use_razor2 1
razor_config /var/spool/amavisd/razor-agent.conf
#bayes
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1
Then we must enable the DCC plugin in SpamAssassin. Open
/etc/mail/spamassassin/v310.pre and uncomment the loadplugin
Mail::SpamAssassin::Plugin::DCC line:
vi /etc/mail/spamassassin/v310.pre
[...]
# DCC - perform DCC message checks.
#
# DCC is disabled here because it is not open source. See the DCC
# license for more details.
#
loadplugin Mail::SpamAssassin::Plugin::DCC
[...]
spamassassin --lint
Run
/etc/init.d/amavisd restart
afterwards.
sa-update --no-gpg
We create a cron job so that the rulesets will be updated regularly. Run
crontab -e
to open the cron job editor. Create the following cron job:
Test Postfix
To see if Postfix is ready for SMTP-AUTH and TLS, run
telnet localhost 25
After you have established the connection to your Postfix mail server type
ehlo localhost
and
everything is fine.
Type
quit