anomy-list

Re: anomy with postfix as mailrelay

From: 42809@xyz.molar.is
Date: Tue 07 May 2002 - 16:48:31 UTC

  • Next message: Federico Coco: "Anomy with postfix"

    On 05/07/2002 10:35:59 AM "Northe, Juergen" wrote:

    >Can anyone give me an example master.cf and main.cf ?
    >
    >I would suggest to post a working postfix-config on the
    >http://mailtools.anomy.net/sanitizer.html with the title "In-transit
    >sanitizing - postfix".
    >If I have a working server I will send a copy of that to Bjarni
    >Einarsson.
    >
    I'm still building my system with anomy. I have a production system using
    html-trap that
    will work similarly. Nothing special is needed in the main.cf for
    scanning with Procmail.

    see http://advosys.ca/papers/postfix-filtering.html for help

    master.cf
    #
    ==========================================================================
    # service type private unpriv chroot wakeup maxproc command + args
    # (yes) (yes) (yes) (never) (50)
    #
    ==========================================================================
    smtp inet n - y - - smtpd -o
    content_filter=procmail
    #628 inet n - n - - qmqpd
    pickup fifo n - y 60 1 pickup
    cleanup unix n - y - 0 cleanup
    qmgr fifo n - y 300 1 qmgr
    #qmgr fifo n - n 300 1 nqmgr
    rewrite unix - - y - - trivial-rewrite
    bounce unix - - y - 0 bounce
    defer unix - - y - 0 bounce
    flush unix n - y 1000? 0 flush
    smtp unix - - y - - smtp
    showq unix n - y - - showq
    error unix - - y - - error
    local unix - n n - - local
    virtual unix - n y - - virtual
    lmtp unix - - y - - lmtp
    procmail unix - n n - - pipe flags=R
    user=filter argv=/usr/bin/procmail -Y -m /etc/procmail/procmail.rc
    ${sender} ${recipient}
    =========================================

    main.cf (via postconf -n)

    2bounce_notice_recipient = root@localhost
    alias_database = hash:$config_directory/local-aliases
    alias_maps = hash:$config_directory/local-aliases
    allow_percent_hack = no
    biff = no
    body_checks = regexp:$config_directory/cleanup-body-checks.rx
    bounce_notice_recipient = root@localhost
    bounce_size_limit = 10000
    command_directory = /usr/sbin
    config_directory = /etc/postfix
    daemon_directory = /usr/libexec/postfix
    default_destination_recipient_limit = 100
    delay_notice_recipient = root@localhost
    delay_warning_time = 4h
    disable_vrfy_command = yes
    empty_address_recipient = root@localhost
    error_notice_recipient = root@localhost
    header_checks = regexp:$config_directory/cleanup-header-checks.rx
    hopcount_limit = 20
    ignore_mx_lookup_error = yes
    local_transport = local
    luser_relay = $42896@xyz.molar.is
    mail_name = Vulcan E-mail Relay
    mail_owner = postfix
    mailbox_size_limit = 102400000
    mailq_path = /usr/bin/mailq
    manpage_directory = /usr/share/man
    maps_rbl_domains = dnsbl.njabl.org, relays.osirusoft.com bl.spamcop.net
    maps_rbl_reject_code = 550
    masquerade_domains = dalton.vul.com, $mydomain
    maximal_queue_lifetime = 1d
    message_size_limit = 7168000
    minimal_backoff_time = 300s
    mydestination = $mydomain, $myhostname, localhost.$mydomain,
    vulcanchemicals.com, vulcanbiz.com, vulcanperformancechemicals
    mydomain = vul.com
    myhostname = dalton.vul.com
    mynetworks = 127.0.0.0/8, 205.235.112.0/20
    myorigin = $myhostname
    newaliases_path = /usr/bin/newaliases
    notify_classes = resource, software, protocol, bounce, 2bounce, delay
    queue_directory = /var/spool/postfix
    queue_minfree = 21504000
    queue_run_delay = 300s
    readme_directory = /etc/postfix/README_FILES
    recipient_canonical_maps = hash:$config_directory/cleanup-canonical,
    regexp:$config_directory/cleanup-canonical.rx
    relay_domains = $mynetworks, $mydestination, $transport_maps,
    relocated_maps = hash:$config_directory/qmgr-relocated
    sample_directory = /etc/postfix/samples
    sendmail_path = /usr/sbin/sendmail
    setgid_group = postdrop
    smtpd_banner = $myhostname - ESMTP - ATTN: Telnet and UCE trespassers will
    be pursued.
    smtpd_client_restrictions =
    smtpd_hard_error_limit = 100
    smtpd_helo_required = yes
    smtpd_helo_restrictions =
    smtpd_junk_command_limit = 4
    smtpd_recipient_limit = 500
    smtpd_recipient_restrictions = reject_non_fqdn_sender,
    reject_non_fqdn_recipient, permit_mynetworks, reject_unauth_destination,
      check_recipient_access hash:$config_directory/smtpd-recipient-checks,
    check_sender_access hash:$config_directory/smtpd-sender-checks,
    check_client_access hash:$config_directory/smtpd-client-checks,
    check_helo_access hash:$config_directory/smtpd-helo-checks,
    reject_unauth_pipelining, warn_if_reject, reject_non_fqdn_hostname,
    reject_invalid_hostname, reject_unknown_sender_domain, reject_maps_rbl,
    permit
    smtpd_sender_restrictions =
    smtpd_soft_error_limit = 5
    smtpd_timeout = 900s
    strict_rfc821_envelopes = yes
    transport_maps = hash:$config_directory/qmgr-transport
    unknown_address_reject_code = 554
    unknown_client_reject_code = 554
    unknown_hostname_reject_code = 554
    virtual_maps = hash:$config_directory/cleanup-virtual
    ============================================
    procmailrc (using html-trap instead of anomy)

    # This version mangles both dangerous attachments and media/sound
    # attachments. -D Smart 3/14/02
    #
    LOGFILE=/home/filter/procmail.log
    NL="
    "
    ##LOGABSTRACT=ALL
    VERBOSE=no

    DISABLE_MACRO_CHECK=YES
    POISONED_EXECUTABLES=/etc/procmail/poisoned-files
    STRIPPED_EXECUTABLES=/etc/procmail/stripped
    SECURITY_STRIP_MSTNEF=YES
    DEFANG_WEBBUGS=NO
    SECURITY_NOTIFY="root@localhost"
    SECURITY_NOTIFY_SENDER="/etc/procmail/policy-note.txt"
    SECURITY_NOTIFY_RECIPIENT="/etc/procmail/quarantined.txt"
    SECURITY_NOTIFY_SENDER_POSTMASTER=YES
    SECRET="ferris"
    SECURITY_QUARANTINE=/home/filter/quarantine/Folder
    #SECURITY_QUARINTINE=
    POISONED_SCORE=25
    SCORE_HISTORY=/home/filter/macro-scanner-scores

    MANGLE_EXTENSIONS='386|adt|app|as[dpx]|ba[st]|bin|btm|cab|cbt|chm|cil|clas?s?|cmd|com|cpl|crt|csc|dll|drv|em[fl]|email|exe|fon|hlp|hta|ica|in[fs]|isp|jse?|lib|lnk|ms[ciopt]|nws|obj|ocx|ov.|pcd|pgm|pif|p[lm]|rar|reg|sc[rt]|sh[bs]|smm|sys|vb[se]?|vxd|wm[szd]|ws[cfh]|acp|aiff?|au|avi|bm[ort]|cda|dib|la[1r]|lavs|lqt|m[123]v|m3u|m[ie]di?|mn[ds]|mov|mp[123aegsv]|mpe?ga?|pls|qtm|r3t|r[afmptv]|rmi|rtsp|sdp|smil?|snd|vpg|wav|wma|\{[-0-9a-f]+\}'

    #backup of last 50 messages
    :0 c
    backup

    :0 ci
    | cd backup && rm -f dummy `ls -t msg.* | sed -e 1,50d`

    #run Sanitizer
    INCLUDERC=/etc/procmail/html-trap.procmail

    #re-send the message
    :0
    |/usr/sbin/sendmail -oi -f "$@"

    ################################################################



    hosted by molar.is