|
This
will explain how-to setup, Winbind to authenticate against Active
directory to use Virtual Users, Postfix as the MTA, Spamassassin &
Procmail as the spam agent, SquirrelMail as the MUA and the
autosuscribe plugin to hold all the junk mail & Dovecot as the imap
server.
This is something I have just had to setup, it's mainly parts from other how-to's all put into one.
Name: Dovecot
HomePage: http://dovecot.org/
Function: Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like systems, written with security primarily in mind.
Name: Postfix
HomePage: http://www.postfix.org/
Function:
Postfix attempts to be fast, easy to administer, and secure, while at
the same time being sendmail compatible enough to not upset existing
users
Name: Squirrel Mail
Homepage: http://www.squirrelmail.org/
Function: Webmail client, used to check e-mails from anywhere in world, via the internet, like gmail or hotmail
Name: Spamassassin
HomePage: http://spamassassin.apache.org/
Function: SpamAssassin is a mature, widely-deployed open source project that serves as a mail filter to identify Spam
Name: Procmail
HomePage: http://www.procmail.org/
Function: procmail is a set of rules for each mail that comes into the system.
1. Edit the dovecot file dovecot.conf nano /etc/dovecot.conf 2. Now make the domain folder in your /home/ folder.
mkdir /home/DOMAIN
chown mail:mail /home/DOMAIN
chmod a+rwx /home/DOMAIN
3. Now edit the '/etc/dovecot.conf' file. (change the UID, GID to suit your system) nano /etc/dovecot.conf
dovecot.conf:
auth_userdb = passwd
auth_passdb = pam default_mail_env = mbox:/home/DOMAIN/%u/mail:INBOX=/var/spool/mail/%u
|
4. Set dovecot to start on boot and then start it
chkconfig dovecot on
/etc/init.d/dovecot start
5. Start the apache webserver next,
/etc/init.d/httpd start
6. Make sure that squirrelmail is working properly go to the web address
http://ip-address-of-the-mail-server/webmail/
(if squirrelmail was installed at the installation of fedora this alias should already be made)
7. Now it's time get winbind to authenticate against Active Directory. stop both winbind and samba services
/etc/init.d/smb stop
/etc/init.d/winbind stop
8. Edit Kerberos files to have the right configuration nano /etc/krb5.conf
krb5.conf:
[libdefaults]
default_realm = WINDOWS.SERVER.INT
[realms]
WINDOWS.SERVER.INT = {
kdc = mc1.windows.server.int
default_domain = WINDOWS.SERVER.INT
kpasswd_server = mc1.windows.server.int
admin_server = mc1.windows.server.int
}
[domain_realm]
.windows.server.int = WINDOWS.SERVER.INT |
9. Edit Samba files to have the right configuration nano /etc/samba/smb.conf
smb.conf:
workgroup = server
security = ads
realm = WINDOWS.SERVER.INT
encrypt passwords = yes
username map = /etc/samba/smbusers
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U |
10. Now it's time to join the domain
net ads join -U administrator -S mc1
11. Now we need to edit the nsswitch.conf file nano /etc/nsswitch.conf
from:
nsswitch.conf:
passwd: files
shadow: files
group: files |
to:
Code:
passwd: files winbind
shadow: files winbind
group: files winbind |
12. Now it's time to start both winbind and samba services
/etc/init.d/smb start
/etc/init.d/winbind start
13. Now hopefully all that went well, to test it out lets try this comand
/usr/bin/wbinfo -g
this should display all the groups in your active directory structure.
14. Now it is time to edit dovecot pam module
nano /etc/pam.d/dovecot
dovecot:
#%PAM-1.0
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient pam_winbind.so
account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_localuser.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
auth required /lib/security/$ISA/pam_deny.so |
15. Now lets set postfix to use procmail
nano /etc/postfix/main.cf
main.cf:
|
mailbox_command = /usr/bin/procmail -t /etc/procmailrc |
16. Once postfix is set start postfix
/etc/init.d/postfix start
17. Now set postfix to be the default mta
alternatives --config mta
choose postfix
18. Edit the /etc/skel/.procmailrc file
nano /etc/skel/.procmailrc
.procmailrc:
LOGFILE="$HOME/procmail.log"
DROPPRIVS=yes
:0fw
| /usr/bin/spamassassin
:0
* ^X-Spam-Status: Yes
$HOME/mail/Junk
:0
* ^Subject: \[spam\]
$HOME/mail/Junk |
19. Now add the following information to the spamassassin configuration file
nano /etc/mail/spamassassin/local.cf
local.cf:
required_hits 5
report_safe 0
rewrite_header Subject [SPAM]
# ================== Whitelist =====================
whitelist_from *@dnr.state.ak.us
whitelist_from *@jimweller.net
whitelist_from
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
This email address is being protected from spam bots, you need Javascript enabled to view it
# ============= Extend Filter Ruleset ==============
# Filter viagra spam.
header VIAGRA Subject =~ /viagra/i
score VIAGRA 1.0
# Filter penis spam.
header PENIS Subject =~ /penis/i
score PENIS 1.0 |
20. Now start spamassassin
/etc/init.d/spamassassin start
21. Once this is done go to the squirrelmail website and download the autosubscribe plugin.
http://squirrelmail.org/plugin_download.php?id=245&rev=1168
22. Now to install the autosubscribe plugin to create the junk mail mailbox
cp autosubscribe-1.0-1.4.2.tar.gz /usr/share/squirrelmail/plugins/
23. Now unzip autosubscribe-1.0-1.4.2.tar.gz in the plugins folder
tar -zxvf autosubscribe-1.0-1.4.2.tar.gz
24. Now change into the autosubscribe directory and setup the plugin
cd autosubscribe
cp config_sample.php config.php
25. Now change the following two variables to suit your system
nano config.php
config.php:
$autosubscribe_folders='Junk';
$autosubscribe_special_folders='Junk'; |
26. Once all that is done, install the plugin using the squirrelmail conf.pl program
/usr/share/squirrelmail/plugin/conf.pl
27. Choose option 8 to install plugins
SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books (LDAP)
7. Message of the Day (MOTD)
8. Plugins
9. Database
D. Set pre-defined settings for specific IMAP servers
C. Turn color off
S Save data
Q Quit
Command >> 8
28. Now choose whatever number the autosubscribe option is to install it, in this case it is number 4
SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Plugins
Installed Plugins
1. squirrelspell
2. newmail
3. abook_group
Available Plugins:
4. autosubscribe
5. spam_buttons
R Return to Main Menu
C. Turn color off
S Save data
Q Quit
Command >> 5
29. Once all that is done, save (s)
30. Now go to the squirrelmail website and download the spam_button plugin.
http://www.squirrelmail.org/plugin_view.php?id=242
31. Now to install the spam_button plugin to create the mark as junk mail button
cp spam_buttons-1.0-1.4.tar.gz /usr/share/squirrelmail/plugins/
32. Now unzip spam_buttons-1.0-1.4.tar.gz in the plugins folder
tar -zxvf spam_buttons-1.0-1.4.tar.gz
33. Now change into the autosubscribe directory and setup the plugin
cd spam_buttons
cp config_sample.php config.php
34. Now change the following two variables to suit your system
nano config.php
config.php:
$is_spam_shell_command = '/usr/bin/sa-learn --spam --username=###EMAIL_ADDRESS###';
$is_not_spam_shell_command = '/usr/bin/sa-learn --ham --username=###EMAIL_ADDRESS###'; |
35. Once all that is done, install the plugin using the squirrelmail conf.pl program
/usr/share/squirrelmail/plugin/conf.pl
36. Choose option 8 to install plugins
SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books (LDAP)
7. Message of the Day (MOTD)
8. Plugins
9. Database
D. Set pre-defined settings for specific IMAP servers
C. Turn color off
S Save data
Q Quit
Command >> 8
37. Now choose whatever number the spam_buttons option is to install it, in this case it is number 5
SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Plugins
Installed Plugins
1. squirrelspell
2. newmail
3. abook_group
Available Plugins:
4. autosubscribe
5. spam_buttons
R Return to Main Menu
C. Turn color off
S Save data
Q Quit
Command >> 5
38. Once all that is done, save (s) and quit (q)
39. Now make sure you have restarted all your services and make sure they are all set to start on book
/etc/init.d/postfix restart
/etc/init.d/winbind restart
/etc/init.d/smb restart
/etc/init.d/dovecot restart
/etc/init.d/httpd restart
/etc/init.d/spamassassin restart
and set them all to start on boot
chkconfig postfix on
chkconfig winbind on
chkconfig smb on
chkconfig dovecot on
chkconfig httpd on
chkconfig spamassassin on
40. Once all that is done, you can run some tests to make sure it's all working ok
send an e-mail from an outside address with the subject and body containing
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
that should be maked as spam
add an outside email to the black list and then e-mail from the outside e-mail address to your spamassassin protected mail server
blacklist_from *@hotmail.com
They should now all go into the users Junk mail box in /home/DOMAIN/username/mail/Junk
Extra Settings for Pyzor, DCC, Razor & Rules Du Jour
Fighting Spam With SpamAssassin, Pyzor, DCC, Razor & Rules Du Jour
Extra Settings for Mailman
I use mailman as my list manager and spamassassin almost kills my server when I send an e-mail to my list, because spamassassin is trying to scan 150 e-mails at once, so this is how I avoid that.
Make this your ~/.procmailrc file, it allows anything that comes from your domain to go straight to your inbox rather than go though SpamAssassin.
This is a risk though, you might start getting spamed from your domain name and they wont get scanned, so this might not be a good idea for everyone.
nano /etc/skel/.procmailrc
.procmailrc:
LOGFILE="$HOME/procmail.log"
DROPPRIVS=yes
:0:
* ^From:.*@mydomain\.com\.au
$DEFAULT
:0fw
| /usr/bin/spamassassin
:0
* ^X-Spam-Status: Yes
$HOME/mail/Junk
:0
* ^Subject: \[spam\]
$HOME/mail/Junk |
BookMarking:
cell1
|
|
cell3 |
|
cell4
|
|
Trouble Shooting:
Go to the wiki page
Go to the 'Contact Us ' Forum
Go to the how-to's Support Forum
External Links:
http://spamassassin.apache.org/gtube/ |
