## Sendmail 보안 설정 ##
* sendmail 업그레이드
* 기본 RPM으로 설치되는 SpamAssassin 가동
* Sendmail SPF 세팅
1. sendmail 업그레이드
# -> 체크후 8.12.8이하일 경우 업그레이드
yum -y update sendmail*
rpm -qa |grep sendmail
2. 기본 RPM으로 설치되는 SpamAssassin 가동
# -> Procmail 확인
[root@www ~]# grep "procmail" /etc/mail/sendmail.mc
MAILER(procmail)dnl
# -> Procmail 이용 SpamAssassin 가동 /etc/procmailrc 만들기
echo "#
# SpamAssassin procmail
#
OPPRIVS=yes
:0fw
* < 256000
| /usr/bin/spamc" >> /etc/procmailrc
% 참고 설정 파일 만들기 사이트
# http://www.yrex.com/spam/spamconfig.php
# /etc/mail/spamassassin/local.cf 파일을 만들어 준다. ##
echo "# SpamAssassin config file for version 3.x
# NOTE: NOT COMPATIBLE WITH VERSIONS 2.5 or 2.6
# See http://www.yrex.com/spam/spamconfig25.php for earlier versions
# Generated by http://www.yrex.com/spam/spamconfig.php (version 1.50)
# How many hits before a message is considered spam.
required_score 5.0
# Change the subject of suspected spam
rewrite_header subject *****SPAM*****
# Encapsulate spam in an attachment (0=no, 1=yes, 2=safe)
report_safe 1
# Enable the Bayes system
use_bayes 1
# Enable Bayes auto-learning
bayes_auto_learn 1
# Enable or disable network checks
skip_rbl_checks 1 ## 과도 점수 방지
use_razor2 0
use_dcc 0
use_pyzor 0
# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
# - korean
ok_languages ko
# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales ko" > /etc/mail/spamassassin/local.cf
/etc/init.d/spamassassin start
--> 이후 정상작동 여부 체크
3. Sendmail SPF 세팅
# MILTER 세팅 되어있는지 확인, 세팅 안되어 있다면 Sendmail 재설치
[root@www ~]# sendmail -d0.1 -bt < /dev/null | grep MILTER
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
# libspf2 설치
http://www.libspf2.org/spf/libspf2-1.2.5.tar.gz
tar zxvf libspf2-1.2.5.tar.gz
cd libspf2-1.2.5
./configure && make && make check && make install
# spfmilter 설치
wget http://www.acme.com/software/spfmilter/spfmilter-0.97.tar.gz
tar zxvf spfmilter-0.97.tar.gz
cd spfmilter-0.97
./configure && make && make install
# /etc/mail/sendmail.mc 파일에 다음 내용 추가
echo "INPUT_MAIL_FILTER(`spfmilter',`S=unix:/var/run/spfmilter.sock, T=S:8m;R:8m')" >> /etc/mail/sendmail.mc;
# 설정파일 Remake
make -C /etc/mail;
# spfmilter 시작스크립트 및 필요 파일 만듬.
cp rc_scripts/redhat /etc/init.d/spfmilter
chmod 700 /etc/init.d/spfmilter
touch /etc/mail/spfmilter-whitelist
touch /etc/mail/spfmilter-fallback
chkconfig --add spfmilter
# 경로 문제로 인한 spfmilter시작 스크립트 파일 수정
vi +"%s/var\/run\/spfmilter\//var\/run\//g" +"%s/usr\/sbin\/spfmilter/usr\/local\/sbin\/spfmilter/g" +"%s/spfmilt:spfmilt/root:root/g" +"%s/--user spfmilt/--user root/g" +wq /etc/mail/spfmilter
# 동작 여부 테스트
/etc/init.d/spfmilter start
/etc/init.d/sendmail restart
# 메일 테스트(메일 헤드 확인)
# Received-SPF: pass (0: SPF record at smileserv.com designates 220.90.215.13 as permitted sender)
## Dovecot 설정 ##
/etc/dovecot.conf 파일 설정
protocols = imap pop3
imap_listen = [*]
pop3_listen = [*]
댓글 없음:
댓글 쓰기