Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung Nächste ÜberarbeitungBeide Seiten der Revision | ||
centos:mail_c7:spam_2 [05.11.2014 17:50. ] – [via yum] django | centos:mail_c7:spam_2 [05.11.2014 18:01. ] – [manuell] django | ||
---|---|---|---|
Zeile 10: | Zeile 10: | ||
===== Installation ===== | ===== Installation ===== | ||
==== via yum ==== | ==== via yum ==== | ||
- | Die einfachste und schnellste Variante bei der Installation ist die aus dem Repository **[[centos: | + | Die einfachste und schnellste Variante bei der Installation ist die aus dem Repository **[[centos: |
# yum install policyd-weight | # yum install policyd-weight | ||
Zeile 69: | Zeile 69: | ||
</ | </ | ||
+ | Als nächstes schreiten wir direkt zur **[[centos: | ||
==== manuell ==== | ==== manuell ==== | ||
+ | Will oder kann man nicht auf das Repository **[[centos: | ||
+ | |||
+ | Wir holen uns also als erstes das besagte Perl-Script in der aktuellen Version von der [[http:// | ||
+ | # wget http:// | ||
+ | |||
+ | Als nächstes passen wir die Dateirechte an, so dass das Script ausgeführte werden kann. | ||
+ | # chmod u+rx policyd-weight | ||
+ | |||
+ | Zum Schluß verschieben wir das script noch an Ort und Stelle unter **/ | ||
+ | # mv policyd-weight / | ||
+ | |||
+ | <WRAP round tip>Das vom daemon benötigte Perl-Paket **perl-Net-IP** installieren wir noch mit Hilfe von **yum**.</ | ||
+ | |||
+ | === Programmcheck === | ||
+ | Als erstes überprüfen wir, ob sich das Perl-Script ausführen lässt. Hierzu fragen wir den Versionsstand des Scripts ab. | ||
+ | # policyd-weight -v | ||
+ | |||
+ | | ||
+ | Perl version: | ||
+ | | ||
+ | | ||
+ | |||
+ | === Konfigurationsdatei erzeugen === | ||
+ | Als nächstes erstellen wir uns die Default-Konfigurationsdatei. | ||
+ | # policyd-weight defaults > / | ||
+ | |||
+ | |||
+ | # vim / | ||
+ | <file bash / | ||
+ | # policyd-weight configuration (defaults) Version 0.1.15 beta-2 | ||
+ | # ---------------------------------------------------------------- | ||
+ | |||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | # REJECTLEVEL will be rejected | ||
+ | |||
+ | | ||
+ | # A space separated case-sensitive list of | ||
+ | # strings on which if found in the $RET | ||
+ | # logging-string policyd-weight changes | ||
+ | # its action to $DEFER_ACTION in case | ||
+ | # of rejects. | ||
+ | # USE WITH CAUTION! | ||
+ | # DEFAULT: " | ||
+ | |||
+ | |||
+ | | ||
+ | # DEFER_IF_REJECT, | ||
+ | # 4xx response codes. See also access(5) | ||
+ | # DEFAULT: 450 | ||
+ | |||
+ | | ||
+ | # scores greater than DEFER_LEVEL will be | ||
+ | # rejected | ||
+ | # DEFAULT: 5 | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | # If ON request that ALL clients are only | ||
+ | # checked against RBLs | ||
+ | |||
+ | | ||
+ | # qr/ | ||
+ | # qr/ | ||
+ | ); # specify a comma-separated list of regexps | ||
+ | # for client hostnames which shall only | ||
+ | # be RBL checked. This does not work for | ||
+ | # postfix' | ||
+ | # The usage of this should not be the norm | ||
+ | # and is a tool for people which like to | ||
+ | # shoot in their own foot. | ||
+ | # DEFAULT: empty | ||
+ | | ||
+ | |||
+ | | ||
+ | # When set to ON it logs only RBLs which | ||
+ | # affect scoring (positive or negative) | ||
+ | | ||
+ | ## DNSBL settings | ||
+ | | ||
+ | # HOST, HIT SCORE, | ||
+ | ' | ||
+ | ' | ||
+ | ' | ||
+ | # ' | ||
+ | ' | ||
+ | #' | ||
+ | ); | ||
+ | |||
+ | | ||
+ | # DNSBLS than this var, it gets | ||
+ | # REJECTed immediately | ||
+ | |||
+ | | ||
+ | # DNSBLs is ABOVE this | ||
+ | # level, reject immediately | ||
+ | |||
+ | | ||
+ | |||
+ | ## RHSBL settings | ||
+ | | ||
+ | ' | ||
+ | ' | ||
+ | # ' | ||
+ | # ' | ||
+ | # ' | ||
+ | ); | ||
+ | |||
+ | | ||
+ | # errors | ||
+ | |||
+ | | ||
+ | |||
+ | ## cache stuff | ||
+ | | ||
+ | # trailing slash) | ||
+ | |||
+ | | ||
+ | # daemon. | ||
+ | |||
+ | | ||
+ | # before starting maintenance routines | ||
+ | # NOTE: standard maintenance jobs happen | ||
+ | # regardless of this setting. | ||
+ | |||
+ | | ||
+ | # maintenance jobs: | ||
+ | # checking for config changes | ||
+ | |||
+ | # negative (i.e. SPAM) result cache settings ################################## | ||
+ | |||
+ | | ||
+ | # To this level the cache will be cleaned. | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | # to decrease TTL counter | ||
+ | |||
+ | |||
+ | # positve (i.,e. HAM) result cache settings ################################### | ||
+ | |||
+ | | ||
+ | # of entries the cache will be cleaned | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | # succeed one time the RBL checks again | ||
+ | |||
+ | | ||
+ | # must pass one time the RBL checks again. | ||
+ | # Values must be nonfractal. Accepted | ||
+ | # time-units: s, m, h, d | ||
+ | |||
+ | | ||
+ | # checks in order to be listed as hard-HAM | ||
+ | # After this time the client will pass | ||
+ | # immediately for PTTL within PTIME | ||
+ | |||
+ | |||
+ | ## DNS settings | ||
+ | | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | # in a complete policy query | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | # broken in Net::DNS version 0.51. Works with | ||
+ | # Net::DNS 0.53; DEFAULT: off | ||
+ | |||
+ | | ||
+ | # Normally policyd-weight tries to use a faster | ||
+ | # RBL lookup routine instead of Net::DNS | ||
+ | |||
+ | |||
+ | | ||
+ | # This overrides resolv.conf settings | ||
+ | # Example: $NS = ' | ||
+ | # DEFAULT: empty | ||
+ | |||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | # to smtpd clients in order to avoid too many | ||
+ | # established connections to one policyd-weight | ||
+ | # child | ||
+ | |||
+ | # scores for checks, WARNING: they may manipulate eachother | ||
+ | # or be factors for other scores. | ||
+ | # HIT score, MISS Score | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | # X-policyd-weight: | ||
+ | # DEFAULT: on | ||
+ | |||
+ | |||
+ | | ||
+ | # the weighted check didn't | ||
+ | # return any response (should never | ||
+ | # appear). | ||
+ | |||
+ | |||
+ | |||
+ | # | ||
+ | # Syslogging options for verbose mode and for fatal errors. | ||
+ | # NOTE: comment out the $syslog_socktype line if syslogging does not | ||
+ | # work on your system. | ||
+ | # | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | |||
+ | # | ||
+ | # Process Options | ||
+ | # | ||
+ | | ||
+ | |||
+ | | ||
+ | # DEFAULT: empty, will be initialized as | ||
+ | # $USER | ||
+ | |||
+ | | ||
+ | | ||
+ | |||
+ | | ||
+ | # listens for policy requests from postfix | ||
+ | |||
+ | | ||
+ | # listen for requests. | ||
+ | # You may only list ONE IP here, if you want | ||
+ | # to listen on all IPs you need to say ' | ||
+ | # here. Default is ' | ||
+ | # You need to restart policyd-weight if you | ||
+ | # change this. | ||
+ | |||
+ | | ||
+ | # policyd-weight accepts | ||
+ | # Default: 1024 | ||
+ | |||
+ | |||
+ | | ||
+ | # it dies. | ||
+ | |||
+ | | ||
+ | </ | ||
+ | |||
+ | Hat man Änderungen an der Konfigurationsdatei vorgenommen, | ||
+ | # perl -c / | ||
+ | |||
+ | / | ||
+ | |||
+ | === User polw anlegen === | ||
+ | Für den Betrieb benötigen wir noch einen User **polw**, den wir mit | ||
+ | # useradd -r -s /sbin/false polw | ||
+ | |||
+ | anlegen. | ||
+ | |||
+ | === systemd Startscript anlegen ==== | ||
+ | Zum Starten unseres Daemon legen wir uns noch ein Startscript an. | ||
+ | # vim / | ||
+ | |||
+ | <file bash / | ||
+ | Description=policyd-weight is a Perl policy daemon for the Postfix MTA (2.1 and later) intended to eliminate forged envelope senders and HELOs (i.e. in bogus mails). | ||
+ | Before=postfix.service | ||
+ | After=syslog.target network.target | ||
+ | |||
+ | [Service] | ||
+ | Type=forking | ||
+ | EnvironmentFile=/ | ||
+ | Restart=on-failure | ||
+ | ExecStart=/ | ||
+ | ExecReload=/ | ||
+ | ExecStop=/ | ||
+ | |||
+ | [Install] | ||
+ | WantedBy=multi-user.target | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
FIXME | FIXME |