虛擬機插入 Centos 7 Min .ISO 光盤
進入到安裝選 項 按tab鍵
添加 inst.ks=http://dl.efa-project.org/build/4/kstesting.cfg
按Enter 自動安裝,網絡安裝 大概需要下載500MB左右的文件 需要等60分鐘左右
安裝完成
安裝配置
修改網卡
vi /etc/sysconfig/network-scripts/ifcfg-ens160
你不會在eFa上使用智能主機,而是建立eFa作爲出站中繼。
EFA配置選項7)郵件設置 - >選項1)出站郵件中繼
EFA配置選項7“出站智能主機”(7,2)“智能主機:已禁用”,因爲您希望EFA直接發送郵件
EFA配置選項7“傳輸設置” “(7,4)as”domain.com“”<您的交換服務器的內部IP地址“
EFA配置選項8“垃圾郵件設置” “(8,1)非垃圾郵件設置
垃圾郵件設置>非垃圾郵件設置
- 禁用存儲非垃圾郵件:否(這允許培訓誤報以及最近的存檔/恢復)。
禁用非垃圾郵件簽名:是(此設置取決於您是否需要EFA水印,我禁用它,因爲我們(IT管理員)管理垃圾郵件而不是用戶。此外,我們的大多數(99%)用戶都是外部的將全民教育暴露在互聯網上。)
- EFA配置選項9“垃圾郵件設置” “(8,2)圾郵件設置
- 推薦:垃圾郵件設置>垃圾郵件設置。啓用垃圾郵件傳遞:是的。(這與後面提到的其他規則相結合,允許可疑垃圾郵件進入用戶的垃圾郵件文件夾。
EFA V4與Active Directory集成
請安裝 php-ldap (rpm -qa|grep php)
yum install lrzsz -y
vi /var/www/html/mailscanner/conf.php(編輯後重啓系統 需要開啓apache https)
// LDAP settings for authentication
define('USE_LDAP', true);
define('LDAP_SSL', false);
define('LDAP_HOST', '192.168.32.83');
define('LDAP_PORT', '389');
define('LDAP_DN', 'OU=email,DC=test,DC=xyz');
define('LDAP_USER', '[email protected]');
define('LDAP_PASS', '123456');
define('LDAP_SITE', 'Default-First-Site-Name');
define('LDAP_FILTER', 'proxyAddresses=smtp:%s', 'mail=%s');
define('LDAP_PROTOCOL_VERSION', 3);
define('LDAP_EMAIL_FIELD', 'mail');
define('LDAP_USERNAME_FIELD', 'cn');
define('LDAP_MS_AD_COMPATIBILITY', true);
vi /etc/hosts (添加exchange服務器IP和域名)
192.168.32.83 mail.test.xyz
設置垃圾郵件不修改主題
vi /etc/MailScanner/MailScanner.conf
Spam Subject Text =
/etc/init.d/spamassassin restart
exchange 設置垃圾郵件過濾
添加規則
New-TransportRule -Name "EFA to Junk Folder" -HeaderMatchesMessageHeader "X-Spam-Status" -HeaderMatchesPatterns "Yes" -SetSCL 9 -Comments "This rule moves spam messages from the EFA filter to the users junk mail folder."
步驟 2:使用命令行管理程序重新啓動 Microsoft Exchange 傳輸服務
運行命令:Restart-Service MSExchangeTransport
重啓服務
service sqlgrey restart
service spamassassin restart
service webmin restart
service clamd restart
service MailScanner restart
service postfix restart
MailScanner --lint
spamassassin -D --lint (重新加載規則)
安裝fail2ban 自動攔截郵件***
yum install fail2ban –y
# vi /etc/fail2ban/jail.conf
最後一行添加如下:
[postfix]
enabled = true
filter = postfix
action = iptables-allports[name=postfix, port=25, protocol=tcp]
ignoreip = 127.0.0.1
logpath = /var/log/maillog
bantime = 6048000
findtime = 120
maxretry = 3
[postfix-ddos]
enabled = true
filter = postfix-ddos
action = iptables-allports[name=MAIL, protocol=all]
logpath = /var/log/maillog
maxretry = 2
findtime = 86400
bantime = 604800
/etc/fail2ban/filter.d中編輯或新加文件,文件名一定要跟上一步jail.conf配置文件中的“filter=”對應
POSTFIX
vi /etc/fail2ban/filter.d/postfix.conf
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
# $Revision: 510 $
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#
failregex = warning: (.*)\[<HOST>\]: SASL LOGIN authentication failed:
reject: RCPT from (.*)\[<HOST>\]: 550 5.1.1
reject: RCPT from (.*)\[<HOST>\]: 450 4.7.1
reject: RCPT from (.*)\[<HOST>\]: 554 5.7.1
reject: RCPT from (.*)\[<HOST>\]: 554 5.5.2
reject: RCPT from (.*)\[<HOST>\]: 504 5.5.2
reject: RCPT from (.*)\[<HOST>\]: 450
reject: RCPT from (.*)\[<HOST>\]: 554
reject: RCPT from (.*)\[<HOST>\]: 554 5.7.1
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
--------------------------------------------------------------------------------------------------------------
vi /etc/fail2ban/filter.d/postfix-ddos.conf
# Fail2Ban filter for Postfix DDOS attacks # [INCLUDES] before = common.conf [Definition] _daemon = postfix/(submission/)?smtp(d|s) failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 Client host rejected: cannot find your hostname, (\[\S*\]); from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$ ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 : Helo command rejected: Host not found; from=<> to=<> proto=ESMTP helo= *$ ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 454 4\.7\.1 Service unavailable; Client host \[\S+\] blocked using .* from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$ ^%(__prefix_line)sNOQUEUE: reject: VRFY from \S+\[<HOST>\]: 550 5\.1\.1 .*$ ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 504 5\.5\.2 .*$ ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.7\.1 .*$ ^%(__prefix_line)simproper command pipelining after \S+ from [^[]*\[<HOST>\]:?$ ^%(__prefix_line)slost connection after \S+ from [^[]*\[<HOST>\]:?$ ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/:]*={0,2})?\s*$ ^%(__prefix_line)sstatistics: max connection rate \S+ for \(smtp:<HOST>\):?$ ignoreregex = lost connection after .* from unknown\[unknown\]$ authentication failed: Connection lost to authentication server$ statistics: max connection rate .* for \(smtp:unknown\).*$ [Init] journalmatch = _SYSTEMD_UNIT=postfix.service # Author: kn007
啓動fail2ban
systemctl start fail2ban
查看攔截fail2ban
fail2ban-client status postfix
CentOS7版本後防火牆默認使用firewalld
systemctl start firewalld
yum install -y iptables-services
service iptables start
vi /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 587 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10000 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
測試郵件內容過濾
發送測試郵件的文本內容如下:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
測試反病毒郵件
發送測試郵件的文本內容如下:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
關閉MailScanner 對郵件內容掃描簽名
vi /etc/MailScanner/MailScanner.conf
Dangerous Content Scanning = no
對發送的郵件進行簽名
vi /etc/Mailscanner/Mailscanner.conf
Sign Clean Messages = no
這個選項默認是打開的,表示MailScanner對郵件內容進行掃描,但是過於嚴格了,會把很多html郵件濾掉,所以我把它關了。
systemctl restart mailscanner.service
Virus Scanners = clamd
設置殺毒軟件,如果使用clamav,則Virus Scanners = clamav。
vi /etc/MailScanner/MailScanner.conf
在2242行
Required SpamAssassin Score = 4
(高評分垃圾郵件投遞)
High Scoring Spam Actions = deliver header "X-Spam-Status:Yes"
systemctl restart mailscanner.service