From b101665d7834f8ee7600e799844038ccd8d90def Mon Sep 17 00:00:00 2001 From: Gregory Colpart Date: Fri, 8 Aug 2014 17:44:50 +0000 Subject: [PATCH] Improve configuration for antispam/antivirus --- etc/amavis/conf.d/50-user | 12 +++- etc/postfix/main.cf | 4 +- etc/spamassassin/local.cf | 117 ++++++++++---------------------------- 3 files changed, 44 insertions(+), 89 deletions(-) diff --git a/etc/amavis/conf.d/50-user b/etc/amavis/conf.d/50-user index ef102f3..cf1bf1b 100644 --- a/etc/amavis/conf.d/50-user +++ b/etc/amavis/conf.d/50-user @@ -34,7 +34,17 @@ $sa_spam_subject_tag = '[SPAM]'; $log_level = 2; # En fonction besoin/ressources, on a juste le nbre de process -$max_servers = 10; +$max_servers = 2; + +$enable_ldap = 1; +$default_ldap = { + hostname => '127.0.0.1', tls => 0, + base => 'dc=cpnt,dc=fr', scope => 'sub', + query_filter => '(&(mailacceptinggeneralid=%m)(isActive=TRUE))' +}; + +#@local_domains_acl = qw(.); +#@local_domains_acl = ( "example.com","example.net" ); #------------ Do not modify anything below this line ------------- #1; # ensure a defined return diff --git a/etc/postfix/main.cf b/etc/postfix/main.cf index ae1ab33..b8e5630 100644 --- a/etc/postfix/main.cf +++ b/etc/postfix/main.cf @@ -34,7 +34,7 @@ home_mailbox = Maildir/ #mailbox_command = /usr/bin/procmail # Separateur entre noms d'utilisateur et extensions d'adresse -# mettre + pour intégration avec amavis +# mettre + pour integration avec amavis #par defaut, = recipient_delimiter = + @@ -350,7 +350,7 @@ header_checks = #par defaut, = yes #smtpd_delay_reject = -# Définition des plages IP appartenant à mynetworks +# Definition des plages IP appartenant a mynetworks #par defaut, toutes les plages d'adresses IPv4 (et IPv6) des interfaces mynetworks = 127.0.0.0/8,[::1]/128,10.0.0.0/16 diff --git a/etc/spamassassin/local.cf b/etc/spamassassin/local.cf index 24ffb06..9ce058d 100644 --- a/etc/spamassassin/local.cf +++ b/etc/spamassassin/local.cf @@ -1,96 +1,24 @@ -# This is the right place to customize your installation of SpamAssassin. -# -# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be -# tweaked. -# -# Only a small subset of options are listed below -# -########################################################################### +#required_score 5 -> assure par Amavis +report_safe 0 +#rewrite_header Subject [SPAM] -> assure par Amavis +add_header all Report _REPORT_ -# Add *****SPAM***** to the Subject header of spam e-mails -# -rewrite_header Subject *****SPAM***** - - -# Save spam messages as a message/rfc822 MIME attachment instead of -# modifying the original message (0: off, 2: use text/plain instead) -# -report_safe 0 - - -# Set which networks or hosts are considered 'trusted' by your mail -# server (i.e. not spammers) -# -# trusted_networks 212.17.35. - - -# Set file-locking method (flock is not safe over NFS, but is faster) -# -# lock_method flock - - -# Set the threshold at which a message is considered spam (default: 5.0) -# -# required_score 5.0 - - -# Use Bayesian classifier (default: 1) -# -# use_bayes 1 - - -# Bayesian classifier auto-learning (default: 1) -# -# bayes_auto_learn 1 - - -# Set headers which may provide inappropriate cues to the Bayesian -# classifier -# -# bayes_ignore_header X-Bogosity -# bayes_ignore_header X-Spam-Flag -# bayes_ignore_header X-Spam-Status - -bayes_path /var/spool/spamassassin/bayes +# filtre bayesien +# mkdir -p /var/spool/spam/ && chown amavis /var/spool/spam/ +use_bayes 1 +bayes_auto_learn 1 +bayes_path /var/spool/spam/bayes bayes_file_mode 0777 -# Some shortcircuiting, if the plugin is enabled -# -ifplugin Mail::SpamAssassin::Plugin::Shortcircuit -# -# default: strongly-whitelisted mails are *really* whitelisted now, if the -# shortcircuiting plugin is active, causing early exit to save CPU load. -# Uncomment to turn this on -# -# shortcircuit USER_IN_WHITELIST on -# shortcircuit USER_IN_DEF_WHITELIST on -# shortcircuit USER_IN_ALL_SPAM_TO on -# shortcircuit SUBJECT_IN_WHITELIST on - -# the opposite; blacklisted mails can also save CPU -# -# shortcircuit USER_IN_BLACKLIST on -# shortcircuit USER_IN_BLACKLIST_TO on -# shortcircuit SUBJECT_IN_BLACKLIST on - -# if you have taken the time to correctly specify your "trusted_networks", -# this is another good way to save CPU -# -# shortcircuit ALL_TRUSTED on - -# and a well-trained bayes DB can save running rules, too -# -# shortcircuit BAYES_99 spam -# shortcircuit BAYES_00 ham - -endif # Mail::SpamAssassin::Plugin::Shortcircuit - # AWL : AutoWhitelist +# mkdir -p /var/spool/spam/ && chown amavis /var/spool/spam/ +loadplugin Mail::SpamAssassin::Plugin::AWL use_auto_whitelist 1 -auto_whitelist_path /var/spool/spamassassin/auto_whitelist +auto_whitelist_path /var/spool/spam/auto_whitelist auto_whitelist_file_mode 0666 # LANG TESTS +loadplugin Mail::SpamAssassin::Plugin::TextCat ok_languages en fr es it ok_locales en fr es it @@ -166,8 +94,25 @@ score ADDRESS_IN_SUBJECT 0.1 score HELO_LH_HOME 1.0 -internal_networks 192.168.XXX/24 +#internal_networks 192.168.XXX/24 +trusted_networks 31.170.8.33 31.170.8.15 62.212.111.216 88.179.18.233 85.118.59.50 #score ALL_TRUSTED 0.3 score HELO_DYNAMIC_IPADDR 0.3 score FORGED_MUA_OUTLOOK 0.5 + +# Eudora sucks +score EXTRA_MPART_TYPE 0.1 +score MIME_BOUND_EQ_REL 0.1 +score MIME_QP_LONG_LINE 0.1 + +# SMTP senders *have* dynamic IP addresses +# A.B.C.D.dnsbl.sorbs.net -> 127.0.0.10 +score RCVD_IN_DYNABLOCK 0 +score HELO_DYNAMIC_IPADDR 0.3 +score RCVD_IN_SORBS 0.1 +score RCVD_IN_PBL 0.1 +score RCVD_IN_SORBS_DUL 0 + +# old bug... +score FH_DATE_PAST_20XX 0.0