2007年1月7日 星期日

終結垃圾郵件(二)

5. 設定Sendmail
A. 先找到設定檔的目錄 /usr/local/share/sendmail/cf/cf
B. 將/etc/mail/freebsd.mc拷貝至設定檔的目錄
C. 編輯該檔

ibm-fb60# cd /usr/local/share/sendmail/cf/cf
ibm-fb60# cp /etc/mail/freebsd.mc sendmail.mc
ibm-fb60# vi sendmail.mc
……

D. 設定只relay host
dnl Relay Mail for Individual Hosts
FEATURE(relay_hosts_only)

E. 設定ORDB
FEATURE(dnsbl, `relays.ordb.org', `"550 Mail from " $&{client_addr} " rejected,
see http://www.ordb.org/faq/\#why_rejected"')dnl

F. 設定DDoS
dnl Denying Dos Attacks
dnl Accept up to 10 connections per second
define(`confCONNECTION_RATE_THROTTLE', `10')
dnl Allow no more than 200 concurrent connections
define(`confMAX_DAEMON_CHILDREN', `200')

G. 設定不轉送至程式
dnl Disabling Delivery to Programs and files
MODIFY_MAILER_FLAGS(`LOCAL',`-')
MODIFY_MAILER_FLAGS(`LOCAL',`-/')

H. 設定GreyList的連結
dnl Add milter-greylist
INPUT_MAIL_FILTER(`milter-greylist',`S=unix:/var/milter-greylist/milter-greylist.sock, T=S:5m;R:5m;C:1m;E:1m')

I. 編譯設定檔 (以下二選一,通常ii會成功)
i. 使用 Build
ibm-fb60# ./Build sendmail.cf

ii. 使用 m4
ibm-fb60# m4 ../m4/cf.m4 sendmail.mc > sendmail.cf

J. 重新啟動Sendmail
ibm-fb60# cp /etc/mail/sendmail.cf /etc/mail.cf.bak
ibm-fb60# cp sendmail.cf /etc/mail/sendmail.cf
ibm-fb60# kill -HUP `head -1 /var/run/sendmail.pid`

K. 設定只替自己的email domain送信(建立/etc/mail/relay-domains), 這個檔案的內容, 在重新啟動Sendmail後才能作用
ibm-fb60# cd /etc/mail
ibm-fb60# cat relay-domains
abc.tw
abc.com.tw
mail.abc.com.tw
dns.abc.com.tw

L. 設定mailertable, 將信送至Domino主機; 記得要用makemap指令, 將文字檔轉換成資料庫
ibm-fb60# cp mailertable.sample mailertable
ibm-fb60# vi mailertable
……
ibm-fb60# more mailertable
# $FreeBSD: src/etc/mail/mailertable.sample,v 1.2 2000/03/18 06:38:22 rwatson Ex
p $
#
# List of domains (possibly wildcarded) and destination mailers
#
abc.tw esmtp:[10.1.10.22]
abc.com.tw esmtp:[10.1.10.22]
mail.abc.com.tw esmtp:[10.1.10.22]
dns.abc.com.tw esmtp:[10.1.10.22]
……
ibm-fb60# makemap hash mailertable

M.設定access, 只收合法的使用者信件
ibm-fb60# cp access.sample access
ibm-fb60# vi access
……..
To:vion@abc.com.tw RELAY
To:aardvark@abc.com.tw RELAY
To:mail.abc.com.tw REJECT
To:dns.abc.com.tw REJECT
To:abc.com.tw REJECT
To:abc.tw REJECT

ibm-fb60# makemap hash access < ntpdate_enable="YES" ntpdate_program="/usr/local/bin/ntpdate" ntpdate_flags="-b" ntpd_enable="YES" ntpd_program="/usr/local/bin/ntpd" conf =" The" pid =" The" log =" This" ntpd_flags="-c /etc/ntp.conf -p /var/run/ntpd.pid -l /var/log/ntp.log -f /var/db/ntp.drift"> help
Commands available:
addpeer addrefclock addserver addtrap authinfo
broadcast clkbug clockstat clrtrap controlkey
ctlstats debug delay delrestrict disable
dmpeers enable exit fudge help
host hostnames iostats kerninfo keyid
keytype listpeers loopinfo memstats monlist
passwd peers preset pstats quit
readkeys requestkey reset reslist restrict
showpeer sysinfo sysstats timeout timerstats
traps trustedkey unconfig unrestrict untrustedkey
version
ntpdc> peers
remote local st poll reach delay offset disp
=======================================================================
=murgon.cs.mu.oz 10.1.10.122 16 1024 0 0.00000 0.000000 0.00000
=ntp1.cs.mu.oz.a 10.1.10.122 16 1024 0 0.00000 0.000000 0.00000
=ntp1.belbone.be 10.1.10.122 16 1024 0 0.00000 0.000000 0.00000
=ns.saard.net 10.1.10.122 16 1024 0 0.00000 0.000000 0.00000
ntpdc> sysinfo
system peer: 0.0.0.0
system peer mode: unspec
leap indicator: 11
stratum: 16
precision: -20
root distance: 0.00000 s
root dispersion: 0.04831 s
reference ID: [73.78.73.84]
reference time: 00000000.00000000 Thu, Feb 7 2036 14:28:16.000
system flags: auth monitor ntp kernel stats
jitter: 0.000000 s
stability: 0.000 ppm
broadcastdelay: 0.003998 s
authdelay: 0.000000 s
ntpdc>
張貼留言