Memo/Linux/taRgrey

https://dexlab.net:443/pukiwiki/index.php?Memo/Linux/taRgrey
 

taRgrey ¥¹¥Ñ¥àÂкö


¥Õ¥¡¥¤¥ë

sudo ls -l /var/spool/postfix/postgrey/
-rw------- 1 postgrey postgrey     8192  9·î  8 14:16 postgrey.db	ºÆÁ÷ÂÔ¤Á
-rw------- 1 postgrey postgrey     8192  9·î  8 14:16 postgrey_clients.db	¥ª¡¼¥È¥Û¥ï¥¤¥È¥ê¥¹¥È
-rw------- 1 postgrey postgrey     8192  9·î  8 14:16 tarpit_clients.db		tarpit¤òÈ´¤±¤Ê¤«¤Ã¤¿¥ê¥¹¥È

¥¤¥ó¥¹¥È¡¼¥ë

  • postgrey¥ê¥Ó¥ë¥É
    cd /usr/src/redhat/
    wget http://apt.sw.be/redhat/el5/en/SRPMS.rpmforge/postgrey-1.32-1.rf.src.rpm
    rpm -ivh postgrey-1.32-1.rf.src.rpm
    rm postgrey-1.32-1.rf.src.rpm
    
    ¥Ñ¥Ã¥Á¤òÅö¤Æ¤ë
    cd SOURCES/
    tar xvfz postgrey-1.32.tar.gz 
    cd postgrey-1.32
    wget http://k2net.hakuba.jp/pub/targrey-0.31-postgrey-1.32.patch
    patch -p0 < targrey-0.31-postgrey-1.32.patch 
    cd ..
    rm -f postgrey-1.32.tar.gz && tar czvf postgrey-1.32.tar.gz postgrey-1.32
    rm -rf postgrey-1.32
    
    cd ..
    rpmbuild -ba --clean SPECS/postgrey.spec
    
    ¥¤¥ó¥¹¥È¡¼¥ë
    perl -MCPAN -e 'install BerkeleyDB'
    perl -MCPAN -e 'install IO::Multiplex'
    perl -MCPAN -e 'install Net::Server'
    rpm -ivh --nodeps RPMS/noarch/postgrey-1.32-1.rf.noarch.rpm
  • PostgreyÀßÄê
    vi /etc/rc.d/init.d/postgrey
    ----
    OPTIONS="--inet=60000 --tarpit=65 --targrey --retry-count=2 --delay=3600"
    ----
  • postfixÀßÄê
  • Greylist¤ËÆþ¤Ã¤¿¤Þ¤ÞÁ÷¿®¤Ç¤­¤Ê¤«¤Ã¤¿¤Î¤Ç°ÂÁ´¤Î¤¿¤á¥³¥á¥ó¥È¥¢¥¦¥È¡£Willcom·ÈÂÓ¤«¤é¤ÏÁ÷¿®¤Ç¤­¤¿¡£
    vi /etc/postfix/main.cf
    ----
    smtpd_recipient_restrictions =
        permit_mynetworks
        permit_sasl_authenticated
        reject_unauth_destination
    ¡Ý¡ÝÄɲÃ(¤³¤³¤«¤é)¡Ý¡Ý
        reject_unauth_pipelining
        check_recipient_access hash:$config_directory/whitelist_recipient
        check_client_access    hash:$config_directory/whitelist_client
        check_client_access    regexp:$config_directory/permit_client_nots25r
    #    check_policy_service   inet:60000
        permit
    
    smtpd_data_restrictions =
        permit_mynetworks
        permit_sasl_authenticated
        reject_unauth_destination
        reject_multi_recipient_bounce
        check_recipient_access hash:$config_directory/whitelist_recipient
        check_client_access    hash:$config_directory/whitelist_client
        check_client_access    regexp:$config_directory/permit_client_nots25r
    #    check_policy_service   inet:60000
        permit
    ¡Ý¡ÝÄɲÃ(¤³¤³¤Þ¤Ç)¡Ý¡Ý
    ----
    
    cd /usr/local/src/
    wget http://k2net.hakuba.jp/spam/postfix.conf.2.tar.gz
    tar zxvf postfix.conf.2.tar.gz
    cp postfix.conf.2/whitelist_recipient /etc/postfix/
    cp postfix.conf.2/whitelist_client /etc/postfix/
    cp postfix.conf.2/permit_client_nots25r /etc/postfix/
    rm -rf postfix.conf.2
    rm -f postfix.conf.2.tar.gz
    postmap /etc/postfix/whitelist_recipient
    postmap /etc/postfix/whitelist_client
  • whitelist_client¤ËÄɲÃ
    sudo sh -c "cat >> /etc/postfix/whitelist_client << 'EOS'
    # docomo
    docomo.ne.jp                                    OK
    
    # KDDI au
    #ezweb.ne.jp                                     OK
    
    # softbank
    #softbank.ne.jp                                  OK
    
    # willcom
    pdx.ne.jp                                       OK
    
    # Shinjyuku New Valley Bldg
    114.160.206.134                                 OK
    
    # malay office
    218.111.45.129                                  OK
    EOS
    "
    
    postmap /etc/postfix/whitelist_client
  • yum¤Ç¥¢¥Ã¥×¥Ç¡¼¥È¤µ¤ì¤Ê¤¤¤è¤¦¤ËÀßÄê
    vi /etc/yum.conf
    ----
    exclude=postgrey*
    ----
  • logwatch¤«¤é¤Î¥á¡¼¥ë¤ËPostfix¥Ñ¥Ã¥Á¤Ë¤è¤ëÃÙ±ä±þÅú¥í¥°¤¬ÂçÎ̤˽ÐÎϤµ¤ì¤Æ¤·¤Þ¤ï¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¡£
    echo NOQUEUE >> /etc/logwatch/conf/ignore.conf
  • µ¯Æ°
    chkconfig postgrey on
    service postgrey start
    service postfix restart
  • postgrey db¤Î³Îǧ
    db_dump¥³¥Þ¥ó¥É¤òÍøÍѲÄǽ¤Ë
    yum install db4-utils
    
    cd /var/spool/postfix/postgrey
    db_dump -p postgrey.db
  • ÆüËܸìÂбþÈÇ spamassassin ¤Ë¥¢¥Ã¥×¥°¥ì¡¼¥É
    cd /usr/src/redhat/
    wget http://spamassassin.jp/download/sa3.2/packages/rhel/spamassassin-3.2.5-1.jsaug.src.rpm
    rpmbuild --rebuild spamassassin-3.2.5-1.jsaug.src.rpm
    rm spamassassin-3.2.5-1.jsaug.src.rpm
    
    rpm -Uvh RPMS/i386/spamassassin-3.2.5-1.jsaug.i386.rpm
    
    cd /etc/mail/spamassassin
    wget -O jp_rules-20060729.cf.org http://spamassassin.jp/download/rules/jp_rules-20060729.cf
    sed "s/nbody/body/g" jp_rules-20060729.cf.org > jp_rules-20060729.cf.mod
    
    wget -O jp_ml-20060729.cf.org http://spamassassin.jp/download/rules/jp_ml-20060729.cf
    sed "s/nbody/body/g" jp_ml-20060729.cf.org > jp_ml-20060729.cf.mod
    
    service spamassassin restart
    chkconfig spamassassin on
  • ÆüËܸìÂбþSpamAssassin¥¤¥ó¥¹¥È¡¼¥ë - NO LIMIT Is. Wiki»ÙÉô
    wget "http://sourceforge.jp/frs/redir.php?m=jaist&f=%2Ftritonn%2F44615%2Fmecab-0.98-tritonn.1.0.12a.i386.rpm"
    wget "http://sourceforge.jp/frs/redir.php?m=jaist&f=%2Ftritonn%2F44615%2Fmecab-ipadic-2.7.0.20070801-tritonn.1.0.12a.i386.rpm"
    rpm -ivh mecab*
    perl -MCPAN -e 'install Text::MeCab,Text::MeCab::Dict'
    perl -MCPAN -e 'install Digest::SHA1,HTML::Parser,MIME::Base64,DB_File,Net::DNS'

¥È¥Ã¥×   ÊÔ½¸ Åà·ë º¹Ê¬ ¥Ð¥Ã¥¯¥¢¥Ã¥× źÉÕ Ê£À½ ̾Á°Êѹ¹ ¥ê¥í¡¼¥É   ¿·µ¬ °ìÍ÷ ñ¸ì¸¡º÷ ºÇ½ª¹¹¿·   ¥Ø¥ë¥×   ºÇ½ª¹¹¿·¤ÎRSS
Last-modified: 2018-09-15 (ÅÚ) 07:31:38 (947d)