1 / 25

Comprehensive Guide for Setting Up Postfix with SASL, IMAP, and Email Security on FreeBSD

This detailed guide walks you through the entire setup process for Postfix with SASL authentication, IMAP support, and email security mechanisms on FreeBSD. It covers installation steps for essential components like Cyrus SASL, Amavisd-new, Postgrey, ClamAV, and SpamAssassin, as well as configuration tweaks to ensure proper functionality. Be prepared for a live demonstration with a teaching assistant, as questions and live testing of mail functions will be integral to your success. Follow these steps meticulously to avoid installation pitfalls.

farhani
Download Presentation

Comprehensive Guide for Setting Up Postfix with SASL, IMAP, and Email Security on FreeBSD

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NA Homework 4+5 Postfix + DNS

  2. Demo • Setup everything before Demo, or you’ll get no point if something don’t work. • Show your mail functions to TA, you could use ‘Remote Desktop’. • Be prepared, TA will ask some questions.

  3. Installation Steps • postfix • cyrus-sasl2-saslauthd • imap-uw • amavisd-new • postgrey • Clamav • spamassassin

  4. Postfix # cd /usr/ports/mail/postfix # make install clean

  5. Postfix ===> Installing for postfix-2.4.1,1 ===> postfix-2.4.1,1 depends on file: /usr/local/lib/libcrypto.so.5 - found ===> postfix-2.4.1,1 depends on shared library: pcre.0 – found ===> postfix-2.4.1,1 depends on shared library: sasl2.2 - found Added group "postfix". Added group "maildrop". Added user "postfix". You need user "postfix" added to group "mail". Would you like me to add it [y]? y install -d -o root -g wheel -m 555 /usr/local/share/doc/postfix Installed HTML documentation in /usr/local/share/doc/postfix Would you like to activate Postfix in /etc/mail/mailer.conf [n]? y

  6. Postfix • edit /usr/local/etc/postfix/main.cf • edit it by yourself • ex: myhostname, mynetworks, alias_maps… • edit /etc/rc.conf sendmail_enable="NONE“ postfix_enable="YES" • edit /etc/defaults/periodic.conf daily_clean_hoststat_enable="NO" daily_status_mail_rejects_enable="NO" daily_status_include_submit_mailq="NO" daily_submit_queuerun="NO"

  7. make your certificates edit /usr/local/etc/postfix/main.cf Postfix with TLS

  8. Cyrus-sasl2-saslauthd

  9. Cyrus-sasl2-saslauthd # cd /usr/ports/security/cyrus-sasl2-saslauthd # make install clean • edit /etc/rc.conf saslauthd_enable="YES"

  10. imap-uw # cd /usr/ports/mail/imap-uw # make install clean • edit /etc/inetd.conf pop3 stream tcp nowait root /usr/local/libexec/ipop3d ipop3d imap4 stream tcp nowait root /usr/local/libexec/imapd imapd • If using TLS pop3s stream tcp nowait root /usr/local/libexec/ipop3d ipop3d imaps stream tcp nowait root /usr/local/libexec/imapd imapd

  11. Hold on and Test • It’s better to test you can receive and send mail before next step. • If it’s not work, check /var/log/maillog. # /usr/local/etc/rc.d/saslauthd start # /usr/local/etc/rc.d/postfix start # /etc/rc.d/inetd reload

  12. Amavisd-new # cd /usr/ports/security/amavisd-new # make install clean

  13. Amavisd-new Added group "vscan". Added user "vscan". Created "/var/amavis" directory. Created "/var/amavis/db" directory. Created "/var/amavis/tmp" directory. Created "/var/virusmails" directory. To use amavisd-new, you need to install at least one virus scanner. The following virus scanners are available in the FreeBSD ports collection: /usr/ports/security/vscan McAfee VirusScan /usr/ports/security/clamav Clam Antivirus /usr/ports/security/f-prot F-Prot Antivirus /usr/ports/security/drweb DrWeb antivirus suite

  14. Amavisd-new Enable amavisd-new in /etc/rc.conf with the following line: amavisd_enable="YES" If you want to use the amavis sendmail milter interface, you need the following additional line in /etc/rc.conf amavis_milter_enable="YES" Configuration templates are available in /usr/local/etc as amavisd.conf-dist, amavisd.conf-sample and amavisd.conf-default. Documentation is available in /usr/local/share/doc/amavisd-new.

  15. postgrey # cd /usr/ports/mail/postgrey # make install clean • edit /etc/rc.conf postgrey_enable="YES" postgrey_pidfile="/var/run/postgrey.pid" postgrey_flags="--delay=60 --pidfile=${postgrey_pidfile} \ --inet=10023 -d --user=postgrey --group=postgrey \ --dbdir=/var/db/postgrey"

  16. Clamav # cd /usr/ports/security/clamav # make install clean

  17. Clamav • edit /etc/rc.conf clamav_clamd_enable="YES" clamav_freshclam_enable="YES" • edit where you put your aliases file virusalert: root • edit /usr/local/etc/clamd.conf by yourself

  18. Final Configuration

  19. Final Configuration for Postfix • edit /usr/local/etc/postfix/main.cf content_filter = smtp-amavis:[127.0.0.1]:10024 • edit /usr/local/etc/postfix/master.cf smtp-amavis unix - - n - 2 lmtp -o smtp_data_done_timeout=1200s -o smtp_never_send_ehlo=yes -o notify_classes=protocol,resource,software 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o mynetworks=127.0.0.0/8 -o myhostname=localhost -o local_recipient_maps= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject

  20. Final Configuration for Amavisd-new • edit /usr/local/etc/amavisd.conf $mydomain = ‘cs.nctu.edu.tw' $notify_method = 'smtp:[127.0.0.1]:10025'; $forward_method = 'smtp:[127.0.0.1]:10025';

  21. Now Startup everything # /usr/local/etc/rc.d/clamav-clamd start # /usr/local/etc/rc.d/postgrey start # /usr/local/etc/rc.d/amavisd start # /usr/local/etc/rc.d/postfix restart

  22. Test for Virus # telnet localhost 25 Trying ::1... Trying 127.0.0.1... Connected to localhost.twbbs.org. Escape character is '^]'. 220 nabsd.cs.nctu.edu.tw ESMTP Postfix mail from: <tsuwen@cs.nctu.edu.tw> 250 Ok rcpt to: <tsuwen@nabsd.cs.nctu.edu.tw> 250 Ok data 354 End data with <CR><LF>.<CR><LF> Subject: Virus Coming X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* . 250 Ok: queued as 647781152E quit 221 Bye Connection closed by foreign host. da

  23. Test for Virus • Normal Mail May 11 20:09:27 nabsd amavis[29003]: (29003-01) Passed CLEAN, <tsuwen@cs.nctu.edu.tw> -> <tsuwen@nabsd.cs.nctu.edu.tw>, Message-ID: <20050511120922.DEEAF29019E@cs.nctu.edu.tw>, mail_id: Vidtcl9St6oz, Hits: -, 1312 ms • Mail with virus May 13 16:55:50 nabsd amavis[29004]: (29004-05) Blocked INFECTED (Eicar-Test-Signature), [127.0.0.1] <?@localhost> -> <tsuwen@nabsd.cs.nctu.edu.tw>, quarantine: virus-VivGNwT9NIja, Message-ID: <20050513085503.647781152E@nabsd.cs.nctu.edu.tw>, mail_id: VivGNwT9NIja, Hits: -, 1071 ms

  24. Spamassassin • /usr/local/etc/amavis.conf • /usr/local/etc/mail/spamassassin/local.cf • man Mail::SpamAssassin::Conf

  25. Spamassassin Content-Type: text/html; charset="big5" Content-Transfer-Encoding: 8bit Sender: =?big5?B?wnmkSKR+?= <VGpEz@btyft.com> Reply-To: VGpEz@btyft.com X-Virus-Scanned: amavisd-new at csie.nctu.edu.tw X-Spam-Status: Yes, hits=10.687 tagged_above=3 required=6.3 tests=BAYES_60, DATE_IN_PAST_96_XX, DOMAIN_RATIO, HTML_90_100, HTML_IMAGE_ONLY_20, HTML_IMAGE_RATIO_02, HTML_MESSAGE, HTML_WEB_BUGS, MIME_HTML_ONLY X-Spam-Level: ********** X-Spam-Flag: YES Status:

More Related