taRgrey ¥¹¥Ñ¥àÂкö †

¥Õ¥¡¥¤¥ë †

sudo ls -l /var/spool/postfix/postgrey/
-rw------- 1 postgrey postgrey     8192  9·î  8 14:16 postgrey.db	ºÆÁ÷ÂÔ¤Á
-rw------- 1 postgrey postgrey     8192  9·î  8 14:16 postgrey_clients.db	¥ª¡¼¥È¥Û¥ï¥¤¥È¥ê¥¹¥È
-rw------- 1 postgrey postgrey     8192  9·î  8 14:16 tarpit_clients.db		tarpit¤òÈ´¤±¤Ê¤«¤Ã¤¿¥ê¥¹¥È

¥¤¥ó¥¹¥È¡¼¥ë

• SMTPÀܳ¤ÎÃʳ¬¤Ç¼×ÃǤ¹¤ë
• taRgrey
• ­â1157 taRgrey¤ò¤â¤¹¤êÈ´¤±¤ë¥á¡¼¥ë¤ÎµñÈݤˤĤ¤¤Æ¡£ - Web Patio - CentOS¤Ç¼«Â𥵡¼¥Ð¡¼¹½ÃÛ
• ÆüËܸìÂбþSpamAssassin¥¤¥ó¥¹¥È¡¼¥ë - NO LIMIT Is. Wiki»ÙÉô

• postgrey¥ê¥Ó¥ë¥É

  cd /usr/src/redhat/
  wget http://apt.sw.be/redhat/el5/en/SRPMS.rpmforge/postgrey-1.32-1.rf.src.rpm
  rpm -ivh postgrey-1.32-1.rf.src.rpm
  rm postgrey-1.32-1.rf.src.rpm
  
  ¥Ñ¥Ã¥Á¤òÅö¤Æ¤ë
  cd SOURCES/
  tar xvfz postgrey-1.32.tar.gz 
  cd postgrey-1.32
  wget http://k2net.hakuba.jp/pub/targrey-0.31-postgrey-1.32.patch
  patch -p0 < targrey-0.31-postgrey-1.32.patch 
  cd ..
  rm -f postgrey-1.32.tar.gz && tar czvf postgrey-1.32.tar.gz postgrey-1.32
  rm -rf postgrey-1.32
  
  cd ..
  rpmbuild -ba --clean SPECS/postgrey.spec
  
  ¥¤¥ó¥¹¥È¡¼¥ë
  perl -MCPAN -e 'install BerkeleyDB'
  perl -MCPAN -e 'install IO::Multiplex'
  perl -MCPAN -e 'install Net::Server'
  rpm -ivh --nodeps RPMS/noarch/postgrey-1.32-1.rf.noarch.rpm

• PostgreyÀßÄê

  vi /etc/rc.d/init.d/postgrey
  ----
  OPTIONS="--inet=60000 --tarpit=65 --targrey --retry-count=2 --delay=3600"
  ----

• postfixÀßÄê
• Greylist¤ËÆþ¤Ã¤¿¤Þ¤ÞÁ÷¿®¤Ç¤­¤Ê¤«¤Ã¤¿¤Î¤Ç°ÂÁ´¤Î¤¿¤á¥³¥á¥ó¥È¥¢¥¦¥È¡£Willcom·ÈÂÓ¤«¤é¤ÏÁ÷¿®¤Ç¤­¤¿¡£

  vi /etc/postfix/main.cf
  ----
  smtpd_recipient_restrictions =
      permit_mynetworks
      permit_sasl_authenticated
      reject_unauth_destination
  ¡Ý¡ÝÄɲÃ(¤³¤³¤«¤é)¡Ý¡Ý
      reject_unauth_pipelining
      check_recipient_access hash:$config_directory/whitelist_recipient
      check_client_access    hash:$config_directory/whitelist_client
      check_client_access    regexp:$config_directory/permit_client_nots25r
  #    check_policy_service   inet:60000
      permit
  
  smtpd_data_restrictions =
      permit_mynetworks
      permit_sasl_authenticated
      reject_unauth_destination
      reject_multi_recipient_bounce
      check_recipient_access hash:$config_directory/whitelist_recipient
      check_client_access    hash:$config_directory/whitelist_client
      check_client_access    regexp:$config_directory/permit_client_nots25r
  #    check_policy_service   inet:60000
      permit
  ¡Ý¡ÝÄɲÃ(¤³¤³¤Þ¤Ç)¡Ý¡Ý
  ----
  
  cd /usr/local/src/
  wget http://k2net.hakuba.jp/spam/postfix.conf.2.tar.gz
  tar zxvf postfix.conf.2.tar.gz
  cp postfix.conf.2/whitelist_recipient /etc/postfix/
  cp postfix.conf.2/whitelist_client /etc/postfix/
  cp postfix.conf.2/permit_client_nots25r /etc/postfix/
  rm -rf postfix.conf.2
  rm -f postfix.conf.2.tar.gz
  postmap /etc/postfix/whitelist_recipient
  postmap /etc/postfix/whitelist_client

• whitelist_client¤ËÄɲÃ

  sudo sh -c "cat >> /etc/postfix/whitelist_client << 'EOS'
  # docomo
  docomo.ne.jp                                    OK
  
  # KDDI au
  #ezweb.ne.jp                                     OK
  
  # softbank
  #softbank.ne.jp                                  OK
  
  # willcom
  pdx.ne.jp                                       OK
  
  # Shinjyuku New Valley Bldg
  114.160.206.134                                 OK
  
  # malay office
  218.111.45.129                                  OK
  EOS
  "
  
  postmap /etc/postfix/whitelist_client

• yum¤Ç¥¢¥Ã¥×¥Ç¡¼¥È¤µ¤ì¤Ê¤¤¤è¤¦¤ËÀßÄê

  vi /etc/yum.conf
  ----
  exclude=postgrey*
  ----

• logwatch¤«¤é¤Î¥á¡¼¥ë¤ËPostfix¥Ñ¥Ã¥Á¤Ë¤è¤ëÃÙ±ä±þÅú¥í¥°¤¬ÂçÎ̤˽ÐÎϤµ¤ì¤Æ¤·¤Þ¤ï¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¡£

  echo NOQUEUE >> /etc/logwatch/conf/ignore.conf

• µ¯Æ°

  chkconfig postgrey on
  service postgrey start
  service postfix restart

• postgrey db¤Î³Îǧ

  db_dump¥³¥Þ¥ó¥É¤òÍøÍѲÄǽ¤Ë
  yum install db4-utils
  
  cd /var/spool/postfix/postgrey
  db_dump -p postgrey.db

• ÆüËܸìÂбþÈÇ spamassassin ¤Ë¥¢¥Ã¥×¥°¥ì¡¼¥É

  cd /usr/src/redhat/
  wget http://spamassassin.jp/download/sa3.2/packages/rhel/spamassassin-3.2.5-1.jsaug.src.rpm
  rpmbuild --rebuild spamassassin-3.2.5-1.jsaug.src.rpm
  rm spamassassin-3.2.5-1.jsaug.src.rpm
  
  rpm -Uvh RPMS/i386/spamassassin-3.2.5-1.jsaug.i386.rpm
  
  cd /etc/mail/spamassassin
  wget -O jp_rules-20060729.cf.org http://spamassassin.jp/download/rules/jp_rules-20060729.cf
  sed "s/nbody/body/g" jp_rules-20060729.cf.org > jp_rules-20060729.cf.mod
  
  wget -O jp_ml-20060729.cf.org http://spamassassin.jp/download/rules/jp_ml-20060729.cf
  sed "s/nbody/body/g" jp_ml-20060729.cf.org > jp_ml-20060729.cf.mod
  
  service spamassassin restart
  chkconfig spamassassin on

• ÆüËܸìÂбþSpamAssassin¥¤¥ó¥¹¥È¡¼¥ë - NO LIMIT Is. Wiki»ÙÉô

  wget "http://sourceforge.jp/frs/redir.php?m=jaist&f=%2Ftritonn%2F44615%2Fmecab-0.98-tritonn.1.0.12a.i386.rpm"
  wget "http://sourceforge.jp/frs/redir.php?m=jaist&f=%2Ftritonn%2F44615%2Fmecab-ipadic-2.7.0.20070801-tritonn.1.0.12a.i386.rpm"
  rpm -ivh mecab*
  perl -MCPAN -e 'install Text::MeCab,Text::MeCab::Dict'
  perl -MCPAN -e 'install Digest::SHA1,HTML::Parser,MIME::Base64,DB_File,Net::DNS'