垃圾郵件過慮 exchange 2019(暫時不支持SCL 規則,可以用黑白名單和灰名單功能)
到 https://efa-project.org/ 下載虛擬機
連接到ESXI虛擬機,選擇下載的OVF文件 佈署虛擬機
登陸控制檯設置 ,密碼是:EfaPr0j3ct
接下來配置
按照以下設置,輸入OK 就會自動配置
(sudo /usr/local/sbin/EFA-Configure)
Choose option 14) Update Now (更新到最新系統 EFA-3.0.2.6)
![clipboard[1]](https://s1.51cto.com/images/blog/201906/05/ba5dede80a7bb1fb30d41186dca46c02.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk= "clipboard[1]")
構建系統後,您需要遵循正常的初始配置。
EFA配置選項8)郵件設置 - >選項1)出站郵件中繼
EFA配置選項8“出站智能主機”(8,2)“智能主機:已禁用”,因爲您希望EFA直接發送郵件
EFA配置選項8“傳輸設置” “(8,4)as”domain.com“”<您的交換服務器的內部IP地址“
EFA配置選項9“垃圾郵件設置” “(9,1)非垃圾郵件設置
禁用非垃圾郵件簽名:是(此設置取決於您是否需要EFA水印,我禁用它,因爲我們(IT管理員)管理垃圾郵件而不是用戶
1)您應該在端口587上使用SUBMISSION。這需要爲此正確設置Postfix。
編輯:/etc/postfix/master.cf (開啓587端口,啓用加密連接)
並取消註釋:
#submission inet n - n - - smtpd
使它看起來像這樣:
submission inet n - n - - smtpd
EFA 3.0.2.5與Active Directory集成(win server 2019)
請安裝 php-ldap
yum install lrzsz -y
yum install php-ldap –y
vi /var/www/html/mailscanner/conf.php(編輯後重啓系統)
define('USE_LDAP', true);
define('LDAP_SSL', false);
define('LDAP_HOST', '192.168.32.51');
define('LDAP_PORT', '389');
define('LDAP_DN', 'OU=email,DC=test,DC=com');
define('LDAP_USER', '[email protected]);
define('LDAP_PASS', '123456');
define('LDAP_SITE', 'Default-First-Site-Name');
define('LDAP_FILTER', 'proxyAddresses=smtp:%s', 'mail=%s');
define('LDAP_PROTOCOL_VERSION', 3);
define('LDAP_EMAIL_FIELD', 'mail');
define('LDAP_USERNAME_FIELD', 'cn');
define('LDAP_MS_AD_COMPATIBILITY', true);
vi /etc/hosts (添加exchange服務器IP和域名)
設置垃圾郵件不修改主題
vi /etc/MailScanner/MailScanner.conf
/etc/init.d/spamassassin restart
exchange 設置垃圾郵件過濾(打開exchange shell)
Set-ContentFilterConfig -SCLRejectThreshold 9 -SCLRejectEnabled $false -SCLDeleteEnabled $false -SCLQuarantineEnabled $false
添加規則
New-TransportRule -Name "EFA to Junk Folder" -HeaderMatchesMessageHeader "X-Spam-Status" -HeaderMatchesPatterns "Yes" -SetSCL 9 -Comments "This rule moves spam messages from the EFA filter to the users junk mail folder."
防火牆端口開放25和587
vi /etc/sysconfig/iptables
mysql的root密碼 存放在 /etc/EFA-Config
注意:如果安裝後收不到郵件 請查看外網DNS A和MX記錄是否正常
登陸EFA管理平臺(可以用管理員和域賬號登陸) 加黑名單或報告爲垃圾郵件
網址 https://IP
點擊要加黑名單或加垃圾郵件
翻到最底下網頁,添加黑白名單 和標記爲垃圾郵件並上報
登陸webmin管理平臺
設置爲中文
點擊服務器設置---postfix配置---查看隊列或相關設置
灰名單配置文件
vi /etc/sqlgrey/sqlgrey.conf
重啓灰名單服務(一些相關服務重啓)
service sqlgrey restart
service spamassassin restart
service webmin restart
service clamd restart
service MailScanner restart
service postfix restart
vi /etc/MailScanner/MailScanner.conf (垃圾郵件評分設置,按實際要求設置)
效果
![clipboard[60]](https://s1.51cto.com/images/blog/201906/04/bce92afef7cf38708bf4eea47be5745f.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk= "clipboard[60]")
安裝fail2ban 自動攔截郵件***
yum install fail2ban –y
# vi /etc/fail2ban/jail.conf
最後一行添加如下:
[postfix]
enabled = true
filter = postfix
action = iptables[name=postfix, port=25, protocol=tcp]
ignoreip = 127.0.0.1
logpath = /var/log/maillog
bantime = 86400
findtime = 120
maxretry = 3
/etc/fail2ban/filter.d中編輯或新加文件,文件名一定要跟上一步jail.conf配置文件中的“filter=”對應
POSTFIX
vi /etc/fail2ban/filter.d/postfix.conf
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
# $Revision: 510 $
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#
failregex = warning: (.*)\[<HOST>\]: SASL LOGIN authentication failed:
reject: RCPT from (.*)\[<HOST>\]: 550 5.1.1
reject: RCPT from (.*)\[<HOST>\]: 450 4.7.1
reject: RCPT from (.*)\[<HOST>\]: 554 5.7.1
reject: RCPT from (.*)\[<HOST>\]: 554 5.5.2
reject: RCPT from (.*)\[<HOST>\]: 504 5.5.2
reject: RCPT from (.*)\[<HOST>\]: 450
reject: RCPT from (.*)\[<HOST>\]: 554
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
啓動fail2ban
# /etc/init.d/fail2ban start
啓動fail2ban
# /etc/init.d/fail2ban start