Tuesday, Feb 8 2005

Generalicotteemid-afternoon

Spam is getting outrageous here so I thought I’d try the latest Fedora Core 3 and use Dovecot for IMAP along with SPAM Assasin and postfix. This documents what I did. Note - this is really for my use - a place to put my notes. It it is NOT a howto - but somebody might find it useful.

Assuming you selected the above components (Dovecot, SpamAssassin and Postfix) during installation (I did a server install and specifically choose Postfix rathen than Sendmail during the customisation part) the following works:

First of all you should start the dovecot component up. Dovecot works with your usual users mail directories so just use the adduser and passwd commands to set your users up. First of all we’ll make sure we can connect to our server using SSL (if you don’t have a proper cert for your mail domain you’ll get some warnings but that’s better (for a personal mail server) than just connecting via clear text. Start dovecot by doing


/etc/init.d/dovecot start

Before we try to connect to that let’s set our firewall so that we accept both IMAP connections on a secure SSL port and also our incoming SMTP connections. You can do this with the following command (assuming you are logged in as root):

system-config-securitylevel

You’ll need to enable port 993 for incoming IMAP SSL connections. Once you’ve saved all that you can try two things. Firstly at the terminal use the ‘mail username’ command to send your user a mail. Type a subject and message and then, on a line by itself, enter a full stop. This should get sent to your imap account. Now configure your IMAP client and see if you can connect via your secure IMAP connection.

Assuming that this works your next stop is to get postfix working so you can send and receive external mail. I noticed that sendmail was installed and started on my setup without my noticing (probably my stupid mistake). But for the record do the following:


chkconfig –del sendmail
/etc/init.d/sendmail stop
/etc/init.d/postfix start

Ah yes - and then you’ll find that postfix is bound to the local interface only - not your external interface(s). So edit /etc/postfix/main.cf … in there locate inet_interfaces. In my case I set this to ‘all’ but you might want to restrict it to certain interfaces if you have multiple network cards. Now restart postfix.


/etc/init.d/postfix restart

Now we want to use SMTP auth for the obvious reasons. When I installed Fedora Core 3 I got the sasl stuff as well by default (hoorah). So I need to switch on saslauthd.


/etc/init.d/saslauthd start

Now it is time to do some major config of /etc/postfix/main.cf - specifically we want to change the following settings


myhostname
mydomain
mynetworks

Those settings can be easily googled for if you are not sure what to set them to. However the important settings in the same file are


smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
# You only need the following line if supporting old mail clients
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
check_relay_domains

Now if you do a restart of postfix you’ll be able to send mail through the mail server with the provision of a password. Next step is to get spamassassin working. The simplest way is to tell postfix to process all mail through procmail and get procmail to call spamassassin. So edit /etc/procmailrc (create it if it doesn’t exist) and add the following line.

INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc

and now edit /etc/postfix/main.cf and add (or edit) the following line

mailbox_command = /usr/bin/procmail

restart postfix and try sending mail to yourself.

To check if SPAM Assassin is working look at the source of your incoming mail- you should see stuff like the following in the headers

X-Spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on web2.zobbo.org
X-Spam-Level: ***
X-Spam-Status: No, score=3.3 required=3.5 tests=FORGED_YAHOO_RCVD,
NO_DNS_FOR_FROM autolearn=no version=3.0.0

That shows it’s been processed. In this case the message was *nearly* considered spam. my threshold is sent to 3.5. By default Spam Assassin will just tag the subject line to read [SPAM]Original Subject. And currently I am filtering that on my client. On my previous file server I’d get procmail to automatically copy spams directly to a users spam folder and they’d sort it out from there. You may need to tweak settings in /etc/mail/spamassassin/ - as I say I tend to amend required_hits to 3.5 and that works well for me. But I do get a shed load of spam.

Finally you should ensure that postfix and dovecot are in the startup for when you reboot


chkconfig –add postfix
chkconfig –add dovecot

Note that use of Squirrelmail (if you selected during installation process) needs nothing more than a start of Apache.


/etc//init.d/httpd start
chkconfig –add httpd

Then I could just access it at /webmail on my email servers web port. Remember you’ll need port 80 enabled in the firewall to let your web traffic through if you want this.

Thanks for comments. I’ll amend this and offer any help I can.

來源:
http://cottee.org/index.php?p=116
arrow
arrow
    全站熱搜

    tern 發表在 痞客邦 留言(0) 人氣()