2. vim /etc/postfix/master.cf
smtp inet n - - - - smtpd -v -v -v -D
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
-o fallback_relay=
showq unix n - - - - showq
error unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - 20 pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -w 90 -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
retry unix - - n - - error
proxywrite unix - - n - 1 proxymap
policy unix - n n - - spawn user=nobody argv=/usr/bin/perl /usr/lib/postfix/policyd-spf-perl
smtp inet n - n - - smtpd -o content_filter=clamav:clamav
clamav unix - n n - - pipe flags=Rq user=clamav argv=/usr/lib/postfix/clamav-filter.sh -f ${sender} -- ${recipient}
vim /etc/maildroprc
USER=`echo "$LOGNAME" | cut -d@ -f1`
MAILBOX="$HOME/$USER/"
MAILDIR="$HOME/$USER/Maildir/"
MESSAGE="/etc/courier/overquota"
DELIVERQUOTA="/usr/bin/deliverquota.courier"
ASSUNTO="CAIXA CHEIA!"
MAILER="MAILER-DAEMON@mailserver.solisc.org.br"
if ( /^From: *.*/ )
{
ADDR=getaddr($MATCH)
}
`test -d "$MAILDIR"`
if ($RETURNCODE != 0)
{
exception {
`mkdir -p "$MAILBOX"`
`maildirmake.courier "$MAILDIR"`
}
}
if (/^X-Spam-Status: Yes/)
{
`test -d "$MAILDIR/.Spam/"`
if ($RETURNCODE != 0)
{
`maildirmake.courier -f Spam "$MAILDIR"`
`echo "INBOX.Spam" >> $MAILDIR/courierimapsubscribed`
}
exception {
to "$MAILDIR/.Spam/"
}
}
`test -f "$MAILDIR/vacation.txt"`
if ($RETURNCODE==0)
{
`test -f "$MAILDIR/vacation_subject.txt"`
if ($RETURNCODE==0)
{
SUBJECT=`cat "$MAILDIR/vacation_subject.txt"`
cc "| mailbot -t "$MAILDIR/vacation.txt" -A 'From: $USER' -A 'Subject: $SUBJECT' /usr/sbin/sendmail -t $ADDR"
}
else
{
cc "| mailbot -t "$MAILDIR/vacation.txt" -A 'From: $USER' /usr/sbin/sendmail -t $ADDR"
}
`test -f "$MAILDIR/vacation_cc_addresses.txt"`
3. if ($RETURNCODE==0)
{
CCADDRESSES=`cat "$MAILDIR/vacation_cc_addresses.txt"`
`test -f "$MAILDIR/vacation_keep_messages.txt"`
if ($RETURNCODE==0)
{
cc "! -f "$ADDR" $CCADDRESSES"
}
else
{
to "! -f "$ADDR" $CCADDRESSES"
}
}
}
exception {
to "$MAILDIR/"
}
exception {
xfilter "$DELIVERQUOTA -w 90 $MAILDIR"
}
if ($RETURNCODE==75)
{
cc "| mailbot -t "$MESSAGE" -A 'From: $MAILER' /usr/sbin/sendmail -t $ADDR"
}
vim /usr/lib/postfix/clamav-filter.sh
#!/bin/sh
export PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/usr/games
INSPECT_DIR=/AV
SENDMAIL="/usr/bin/spamc -f -e /usr/sbin/sendmail -i"
MYHOSTNAME=`postconf -h myhostname`
REPORTHOST=`postconf -h myhostname`
EX_TEMPFAIL=75
EX_UNAVAILABLE=69
EX_DENIED=77
nome_arquivo=`date +%Y%m%d%H%M%S`
nome_arquivo=in.$$.$nome_arquivo
AVCMD="/usr/bin/clamdscan --disable-summary --stdout "
NOTIFY_VIRUS=no
NOTIFY_POSTMASTER=yes
viruscan() {
VIRUS=`$AVCMD $nome_arquivo`
SAIDA=$?
VIRUS=`echo $VIRUS | cut -d" " -f2-`
if [ $SAIDA -eq 1 ]; then
postlog -t postfix/virus-filter message-id=$msgid status=virus from=<$from> to=<$rcpts> 2>/dev/null
if [ "$NOTIFY_VIRUS" = "yes" ]; then
echo "From: Virus Scanner <mailer-daemon@$MYHOSTNAME>
Subject: AVISO: Email rejeitado: VIRUS Detectado
To: $from
Seu email para ($rcpts) com assunto ($subj) foi rejeitado por conter virus.
Virus encontrados: $VIRUS
" | $SENDMAIL -f MAILER-DAEMON -- $from
fi
if [ "$NOTIFY_POSTMASTER" = "yes" ]; then
echo "From: Virus Scanner <mailer-daemon@$MYHOSTNAME>
Subject: Postmaster Copy: VIRUS Detectado
To: postmaster@solisc.org.br
Um email de $from para $rcpts com assunto ($subj) foi rejeitado por conter virus.
Virus encontrados: $VIRUS
" | $SENDMAIL -f MAILER-DAEMON – postmaster@solisc.org.br
fi
exit 0
fi
}
trap "rm -rf $nome_arquivo*" 0 1 2 3 15
cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }
cat >$nome_arquivo || { echo Cannot save mail to file; exit $EX_TEMPFAIL; }
from=$2
if [ "$from" != "--" ]; then
shift
else
$from=""
fi
shift ; shift
dominio=`echo $from | cut -d"@" -f2`
email=`echo $from | cut -d"@" -f1`
subj=`head -n 200 $nome_arquivo | grep -i "^Subject:" | cut -d":" -f2- | head -n 1`
msgid=`head -n 200 $nome_arquivo | grep -i "^message-id" | cut -d: -f 2- | sed 's/^ *//' | head -n 1`
saida="-f $from -- $@"
rcpts=$@
viruscan
$SENDMAIL $saida <$nome_arquivo>
4. exit 0
vim /etc/courier/authldaprc
LDAP_URI ldap://172.86.23.171
LDAP_SERVER 172.86.23.171
LDAP_PORT 389
LDAP_PROTOCOL_VERSION 3
LDAP_AUTHBIND 1
LDAP_BASEDN dc=ad,dc=solisc
LDAP_BINDDN cn=bind,cn=users,dc=solisc
LDAP_BINDPW Solisc2010
LDAP_TIMEOUT 5
LDAP_FILTER (objectClass=organizationalPerson)
LDAP_DOMAIN solisc
LDAP_FULLNAME cn
LDAP_CLEARPW clearPassword
LDAP_CRYPTPW userPassword
LDAP_MAIL mail
LDAP_GLOB_UID 1000
LDAP_GLOB_GID 1000
LDAP_MAILDIR wWWHomePage
LDAP_HOMEDIR streetAddress
LDAP_DEREF never
LDAP_MAILDIRQUOTA st
vim /etc/courier/authdaemonrc
authmodulelist="authldap"
authmodulelistorig="authldap"
daemons=50
authdaemonvar=/var/run/courier/authdaemon
DEBUG_LOGIN=0
DEFAULTOPTIONS=""
LOGGEROPTS=""
vim /etc/spamassassin/local.cf
rewrite_header Subject *****SPAM*****
trusted_networks 172.86.0.0/16
required_score 5.0
use_bayes 1
bayes_auto_learn 1
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status
touch /etc/postfix/helo-invalid; touch /etc/postfix/header_checks; postmap /etc/postfix/helo-invalid; postmap /etc/postfix/header_checks
adduser vmail (senha vmail)
Alterar o home do usuário para /vmail
mkdir /AV; chown clamav /AV; chgrp clamav /AV; mkdir /vmail; chown vmail /vmail; chgrp vmail /vmail
ln -s /etc/maildroprc /etc/courier/maildroprc
Habilite o Spamassassin, substituindo o 0 por 1 no arquivo /etc/default/spamassassin – ENABLED=1
5. Campos utilizados no Active Directory
Criação de usuários:
E-mail: Preencher com e-mail do usuário.
Página do Web: Preencher com o Maildir do usuário.
Rua: Home do Postfix (igual para todos usuários)
Cidade: Redirecionamento (repetir email do usuario para desabilitar)
Estado: Quota de disco em bytes (não esquecer do S no final)
Criação de listas:
Para cada lista deve ser criada uma ACL no arquivo no Posftix e criado um grupo no AD com o mesmo username do email da lista.
Nome do grupo: Deve ser o mesmo username do email da lista
E-Mail: Endereço de e-mail da lista.
Incluir e/ou remover aqui os usuários ativos na lista.
Configuração do SPF
perl -MCPAN -e shell
install Mail::SPF
q
Editar o arquivo de DNS e incluir a linha do SPF abaixo do MX
mailserver.solisc.org.br. IN TXT "v=spf1 ipv4:172.86.23.39/32 mx -all"
Incluir no final do arquivo /etc/postfix/master.cf
6. vim /etc/postfix/master.cf
policy unix - n n - - spawn user=nobody argv=/usr/bin/perl /usr/lib/postfix/policyd-spf-perl
Testando: host -t txt mailserver.solisc.org.br
mailserver.solisc.org.br descriptive text "v=spf1 ipv4:172.86.23.39/32 mx -all"
Obs.: OS ARQUIVOS INCLUIDOS NESSE DOCUMENTO JÁ INCLUEN AS ALTERAÇÕES ACIMA.
Disco virtua RAMDISK para a Queue
Inlcuir no /etc/rc.local: mount -t tmpfs none /AV
Configuração do OpenISCSI
iscsiadm -m iface -I iface4 --op=new
iscsiadm -m iface -I iface4 --op=update -n iface.hwaddress -v d8:d3:85:b8:5d:8a
iscsiadm -m discovery -t st -p 10.0.30.2 iface4 -P 1
iscsiadm -m node -T iqn.1986-03.com.hp:storage.msa2324i.0944da4fac -l
mount -t ext3 /dev/sdg1 /vmail
vim /etc/iscsi/iscsid.conf
isns.address = 10.0.30.2
isns.port = 3260
node.startup = automatic
node.session.timeo.replacement_timeout = 120
node.conn[0].timeo.login_timeout = 15
node.conn[0].timeo.logout_timeout = 15
node.conn[0].timeo.noop_out_interval = 5
node.conn[0].timeo.noop_out_timeout = 5
node.session.err_timeo.abort_timeout = 15
node.session.err_timeo.lu_reset_timeout = 20
node.session.initial_login_retry_max = 8
node.session.queue_depth = 32
node.session.iscsi.InitialR2T = No
node.session.iscsi.ImmediateData = Yes
node.session.iscsi.FirstBurstLength = 262144
node.session.iscsi.MaxBurstLength = 16776192
node.conn[0].iscsi.MaxRecvDataSegmentLength = 131072
discovery.sendtargets.iscsi.MaxRecvDataSegmentLength = 32768
node.session.iscsi.FastAbort = Yes
vim /etc/fstab
/dev/sda1 /vmail ext3 rw,sync,auto,_netdev 0 0
Verificação de portas
nmap 127.0.0.1
22/tcp | 25/tcp | 111/tcp | 143/tcp | 734/tcp | 783/tcp
Relação de arquivos utilizados:
/etc/passwd
/etc/group
/etc/rc.local
/etc/fstab
/etc/crontab
/etc/resolv.conf
/etc/iscsi/iscsid.conf
/etc/postfix/main.cf
/etc/postfix/master.cf
/etc/postfix/helo-invalid
/etc/postfix/header_checks
/etc/courier/authldaprc
/etc/courier/authdaemonrc
/etc/spamassassin/local.cf
/etc/maildroprc
/etc/default/spamassassin
/usr/lib/postfix/clamav-filter.sh
Obs.: Os arquivos de configuração não podem conter espaços em branco no final das linhas.