Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentes Révision précédente Prochaine révision | Révision précédente | ||
informatique:reseau:messagerie:amavis [2010/02/17 15:15] – bn8 | informatique:reseau:messagerie:amavis [2015/01/23 13:51] (Version actuelle) – [Mettre en place DKIM] bn8 | ||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
- | ====== Exemple de fichier de configuration : //50-user// ====== | + | ====== Exemple de fichier de configuration : 50-user ====== |
- | | + | < |
- | + | ||
- | # | + | # |
- | # Place your configuration directives here. They will override those in | + | # Place your configuration directives here. They will override those in |
- | # earlier files. | + | # earlier files. |
- | # | + | # |
- | # See / | + | # See / |
- | # the directives you can use in this file | + | # the directives you can use in this file |
- | # | + | # |
- | + | ||
- | # GENERAL | + | # GENERAL |
- | $MYHOME = '/ | + | $MYHOME = '/ |
- | $mydomain = 'test.com'; | + | $mydomain = 'exemple.com'; |
- | #$myhostname | + | $myhostname = 'exemple.com'; |
- | $daemon_user | + | $max_servers = 4; |
- | | + | $max_requests = 20; |
- | $TEMPBASE = $MYHOME; | + | $child_timeout = 5*60; |
- | # | + | read_hash(\%local_domains, |
- | $pid_file | + | @mynetworks = qw( 127.0.0.0/8 ); |
- | $lock_file = "/ | + | @mynetworks_maps |
- | $ENV{TMPDIR} = $TEMPBASE; | + | |
- | | + | # LOGGING AND DEBUGGING |
- | $max_requests = 10; # retire a child after that many accepts (default 10) | + | $DO_SYSLOG = 1; |
- | $child_timeout=5*60; | + | |
- | # (default: 8*60 seconds) | + | # MTA INTERFACE - INPUT |
- | | + | $inet_socket_port = 10024; |
- | #... | + | $inet_socket_bind = ' |
- | + | @inet_acl = qw(127.0.0.1 [::1]); | |
- | | + | $insert_received_line = 0; |
- | + | $unix_socketname = undef; | |
- | # LOGGING AND DEBUGGING | + | |
- | $DO_SYSLOG = 1; # (defaults to false) | + | # MTA INTERFACE - OUTPUT |
- | # | + | |
- | + | # MAIL FORWARDING | |
- | #NOTE: levels are not strictly observed and are somewhat arbitrary | + | $forward_method = ' |
- | # 0: startup/ | + | |
- | # 1: args passed from client, some more interesting messages | + | # QUARANTINE |
- | # 2: virus scanner output, timing | + | $QUARANTINEDIR = " |
- | # 3: server, client | + | |
- | # 4: decompose parts | + | $virus_quarantine_method = ' |
- | # 5: more debug details | + | $spam_quarantine_method = ' |
- | $log_level = 0; # (defaults to 0) | + | $banned_files_quarantine_method = ' |
- | + | $bad_header_quarantine_method = ' | |
- | | + | |
- | $inet_socket_port = 10024; | + | $virus_quarantine_to = " |
- | $inet_socket_bind = ' | + | $banned_quarantine_to |
- | @inet_acl = qw( 127.0.0.1 [:: | + | $bad_header_quarantine_to = undef; |
- | $insert_received_line = 1; | + | $spam_quarantine_to |
- | $unix_socketname = undef; | + | |
- | + | # NOTIFICATIONS | |
- | # MTA INTERFACE - OUTPUT | + | $notify_method = $forward_method; |
- | + | $mailfrom_notify_admin | |
- | # Mail Forwarding | + | $mailfrom_notify_recip |
- | $forward_method = ' | + | $mailfrom_notify_spamadmin = "postmaster\@$mydomain"; |
- | + | $warnvirussender | |
- | + | $warnvirusrecip = undef; | |
- | # NOTIFICATIONS | + | $virus_admin = undef; |
- | $notify_method = $forward_method; | + | $warnbannedsender = undef; |
- | #$mailfrom_notify_admin | + | $warnbadhsender |
- | #$mailfrom_notify_recip | + | $warnbannedrecip |
- | #$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; | + | $warnspamsender |
- | $warn_offsite | + | $warn_offsite = 1; |
- | + | ||
- | # BAD HEADER | + | # ADDING ADDRESS EXTENSIONS TO RECIPIENTS - 'plus addressing' |
- | $final_bad_header_destiny | + | |
- | $bad_header_quarantine_to | + | # MAIL DECODING |
- | $warnbadhsender | + | |
- | + | # BAD HEADER | |
- | # ANTI-VIRUS AND INVALID/ | + | $final_bad_header_destiny = D_PASS; |
- | @bypass_virus_checks_maps = ( | + | |
- | | + | # ANTI-VIRUS AND INVALID/ |
- | @bypass_virus_checks_acl = map ( {' | + | @bypass_virus_checks_maps = ( |
- | push(@bypass_virus_checks_acl,' | + | |
- | + | @bypass_virus_checks_acl = map ( {' | |
- | | + | push(@bypass_virus_checks_acl,' |
- | | + | $final_virus_destiny |
- | | + | $first_infected_stops_scan = 1; |
- | | + | |
- | | + | # BANNING |
- | $replace_existing_extension = 1; # (default is false) | + | $final_banned_destiny |
- | $localpart_is_case_sensitive = undef; | + | |
- | $warnvirussender = 1; # (defaults to false (undef)) | + | # ANTI-SPAM CONTROLS |
- | $warnvirusrecip = 1; # (defaults to false (undef)) | + | @bypass_spam_checks_maps = ( |
- | $virus_admin = " | + | |
- | + | @bypass_spam_checks_acl = map ( {' | |
- | | + | push(@bypass_spam_checks_acl,' |
- | $final_banned_destiny | + | $final_spam_destiny |
- | | + | $sa_local_tests_only = undef; |
- | | + | $sa_auto_whitelist = undef; |
- | $warnbannedsender = 1; # (defaults to false (undef)) | + | $sa_tag_level_deflt |
- | # | + | $sa_tag2_level_deflt = 5; # Modification du sujet pour cette note |
- | ## qr' | + | $sa_kill_level_deflt = 7; # Mise en quarantaine si > a cette note |
- | # | + | $sa_dsn_cutoff_level = undef; |
- | # | + | $sa_spam_subject_tag = ' |
- | ## qr' | + | $sa_spam_modifies_subj = undef; |
- | ## qr' | + | |
- | ## | + | # Whitelist |
- | ## | + | @whitelist_sender_acl |
- | ## qr' | + | |
- | ## qr' | + | # MAPPING A CONTENTS CATEGORY TO A SETTING CHOSEN |
- | ## qr' | + | |
- | ## qr' | + | # POLICY BANKS |
- | ## qr' | + | $policy_bank{' |
- | # | + | bypass_spam_checks_maps |
- | ## qr' | + | |
- | #); | + | }; |
- | + | ||
- | | + | # |
- | @bypass_spam_checks_maps = ( | + | 1; # insure a defined return |
- | | + | |
- | @bypass_spam_checks_acl = map ( {' | + | # vim: filetype=perl</ |
- | push(@bypass_spam_checks_acl,' | + | |
- | + | Contenu du fichier /// | |
- | | + | |
- | $sa_local_tests_only = undef; | + | exemple.com |
- | $sa_auto_whitelist = undef; | + | exmeple.org |
- | $sa_tag_level_deflt | + | ... |
- | $sa_tag2_level_deflt = 6; # add 'spam detected' | + | |
- | $sa_kill_level_deflt = 12; # triggers spam evasive actions | + | |
- | $sa_dsn_cutoff_level = undef; | + | |
- | # effectively turning D_BOUNCE into D_DISCARD; | + | |
- | # undef disables this feature and is a default; | + | |
- | | + | |
- | $sa_spam_modifies_subj = 0; # may be a ref to a lookup table, default is true | + | |
- | | + | |
- | $spam_quarantine_to | + | |
- | | + | |
- | + | ||
- | # | + | |
- | 1; # insure a defined return | + | |
- | + | ||
- | # vim: filetype=perl | + | |
===== Signification D_PASS, D_REJECT, D_BOUNCE, D_DISCARD ===== | ===== Signification D_PASS, D_REJECT, D_BOUNCE, D_DISCARD ===== | ||
Ligne 147: | Ligne 132: | ||
* **D_REJECT** : | * **D_REJECT** : | ||
* Le message sera stoppé et une notification SMTP (non-delivery) sera envoyé. | * Le message sera stoppé et une notification SMTP (non-delivery) sera envoyé. | ||
+ | |||
+ | ====== Configurer l' | ||
+ | Editez le fichier /// | ||
+ | |||
+ | * Modifier : < | ||
+ | -o content_filter=smtp-amavis: | ||
+ | |||
+ | * Ajouter : < | ||
+ | -o content_filter= | ||
+ | -o local_recipient_maps= | ||
+ | -o relay_recipient_maps= | ||
+ | -o smtpd_restriction_classes= | ||
+ | -o smtpd_client_restrictions= | ||
+ | -o smtpd_helo_restrictions= | ||
+ | -o smtpd_sender_restrictions= | ||
+ | -o smtpd_recipient_restrictions=permit_mynetworks, | ||
+ | -o mynetworks=127.0.0.0/ | ||
+ | -o strict_rfc821_envelopes=yes | ||
+ | -o smtpd_error_sleep_time=0 | ||
+ | -o smtpd_soft_error_limit=1001 | ||
+ | -o smtpd_hard_error_limit=1000 | ||
+ | |||
+ | smtp-amavis unix - - | ||
+ | -o smtp_data_done_timeout=1200 | ||
+ | -o smtp_send_xforward_command=yes | ||
+ | -o disable_dns_lookups=yes</ | ||
+ | |||
+ | | ||
+ | |||
+ | |||
====== Pyzor ====== | ====== Pyzor ====== | ||
Ligne 158: | Ligne 173: | ||
* Si le // | * Si le // | ||
- | | + | |
====== Razor ====== | ====== Razor ====== | ||
su - amavis | su - amavis | ||
Ligne 171: | Ligne 185: | ||
* Firewalling : le port 2703 TCP doit être ouvert vers l' | * Firewalling : le port 2703 TCP doit être ouvert vers l' | ||
+ | ====== Installation des decoders ====== | ||
+ | |||
+ | < | ||
+ | |||
+ | ====== Réinitialiser le filtrage bayésien ====== | ||
+ | |||
+ | Il peut arriver après un certain temps que le filtrage bayésien d' | ||
+ | |||
+ | < | ||
+ | sa-learn --clear | ||
+ | exit | ||
+ | service amavis restart</ | ||
+ | |||
+ | ====== Mettre en place DKIM ====== | ||
+ | |||
+ | Amavis peut s' | ||
+ | |||
+ | - Commencer par générer la clé qui sera utilisée : < | ||
+ | $ mkdir / | ||
+ | $ / | ||
+ | Private RSA key successfully written to file "/ | ||
+ | - Récupérer ensuite la clé publique à mettre en place au niveau de la zone DNS : < | ||
+ | $ / | ||
+ | ; key#1, domain example.com, | ||
+ | main._domainkey.example.com. 3600 TXT ( | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | - Ajouter cet enregistrement dans votre zone DNS, sans faire de reload pour le moment | ||
+ | - Il faut ensuite activer la signature des messages dans la configuration d' | ||
+ | - En global : < | ||
+ | dkim_key(" | ||
+ | @dkim_signature_options_bysender_maps = ( { " | ||
+ | - Dans la // | ||
+ | - Redémarrer Amavis pour prendre en compte la modification et faite le reload de votre zone DNS | ||
+ | - Vous pouvez vérifier que votre zone à bien été configuré : < | ||
+ | $ / | ||
+ | TESTING#1: main._domainkey.example.com | ||
====== Références ====== | ====== Références ====== | ||
* http:// | * http:// |