Add to your /etc/mail/<hostname>.mc the following lines:
FEATURE(blacklist_recipients) FEATURE(delay_checks) FEATURE(dnsbl, `sbl-xbl.spamhaus.org', `Rejected mail from $&{client_addr} - see http:<nowiki>//</nowiki>www.spamhaus.org/')dnl FEATURE(dnsbl, `relays.ordb.org', `Rejected mail from $&{client_addr} - see http:<nowiki>//</nowiki>ordb.org/')dnl FEATURE(dnsbl, `list.dsbl.org', `Rejected mail from $&{client_addr} - see http:<nowiki>//</nowiki>dsbl.org/')dnl FEATURE(dnsbl, `china.blackholes.us',`550 Mail from $&{client_addr} rejected - see http:<nowiki>//</nowiki>china.blackholes.us/') FEATURE(dnsbl, `cn-kr.blackholes.us',`550 Mail from $&{client_addr} rejected - see http:<nowiki>//</nowiki>cn-kr.blackholes.us/') FEATURE(dnsbl, `korea.blackholes.us',`550 Mail from $&{client_addr} rejected - see http:<nowiki>//</nowiki>korea.blackholes.us/') FEATURE(dnsbl, `comcast.blackholes.us',`550 Mail from $&{client_addr} rejected - see http:<nowiki>//</nowiki>comcast.blackholes.us/') FEATURE(dnsbl, `wanadoo-fr.blackholes.us',`550 Mail from $&{client_addr} rejected - see http:<nowiki>//</nowiki>wanadoo-fr.blackholes.us/')
Install the config:
cd /etc/mail make make install make restart
Install the two ports with milter-support:
cd /usr/ports/mail/p5-Mail-SpamAssassin/ make install clean cd /usr/ports/security/clamav make install clean cd /usr/ports/mail/spamass-milter make install clean
Enable the deamons in /etc/rc.conf:
- enable spamd spamd_enable="YES" - spamd_flags="-u spamd -a -c -d -r ${spamd_pidfile}" - enable spamassmilter spamass_milter_enable="YES" spamass_milter_flags="-f -m -r 7 -p ${spamass_milter_socket} -- -u spamd" - enable clamav (virus scanner) clamav_freshclam_enable="YES" clamav_clamd_enable="YES" clamav_milter_enable="YES"
Configuration for spamassassin can be found under /usr/local/etc/mail/spamassassin/local.cf.
To Configure sendmail add the following lines to the /etc/mail/<hostname>.mc file:
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m') INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clamav/clmilter.sock,F=, T=S:4m;R:4m')dnl define(`confINPUT_MAIL_FILTERS', `clmilter,spamassassin')
Now start the deamons:
/usr/local/etc/rc.d/clamav-freshclam start /usr/local/etc/rc.d/clamav-clamd start chown clamav /var/log/clamav/clamd.log /usr/local/etc/rc.d/clamav-milter start /usr/local/etc/rc.d/sa-spamd start /usr/local/etc/rc.d/spamass-milter.sh start
Compile the config files, install them and restart sendmail with:
cd /etc/mail make make install make restart
Check the configfiles for errors.
Check if sendmail has milter support:
sendmail -d0.8 < /dev/null <code> Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG
</code> Search for the key MILTER.
At first install the milter:
/usr/ports/mail/sid-milter make make install make clean
To enable the SPF milter edit /etc/rc.conf:
- enable SPF milter miltersid_enable="YES" miltersid_socket="local:/var/run/sid-filter" miltersid_pid="/var/run/sid-filter.pid" miltersid_flags="-r 0 -t -h"
Start the milter with:
/usr/local/etc/rc.d/milter-sid start
Enable SPF support by editing /etc/make.conf:
- with SPF support WITH_LIBSPF2="YES" cd /usr/ports/mail/milter-greylist make make install cd /usr/local/etc/mail cp greylist.conf.sample greylist.conf
Edit the file greylist.conf to your needs, insert as last line:
acl greylist default geoipdb "/usr/local/share/GeoIP/GeoIP.dat"
To start the milter insert into /etc/rc.conf:
miltergreylist_enable="YES"
Start it with:
/usr/local/etc/rc.d/milter-greylist.sh start
To check logging:
tail -f /var/log/maillog
Edit the sendmail .mc file:
INPUT_MAIL_FILTER(`greylist', `S=local:/var/milter-greylist/milter-greylist.sock') define(`confMILTER_MACROS_CONNECT', `j, {if_addr}') define(`confMILTER_MACROS_CONNECT', confMILTER_MACROS_CONNECT`, {daemon_port}')dnl define(`confMILTER_MACROS_HELO', `{verify}, {cert_subject}') define(`confMILTER_MACROS_ENVFROM', `i, {auth_authen}') define(`confMILTER_MACROS_ENVRCPT', `{greylist}') define(`confINPUT_MAIL_FILTERS', `greylist')
Create a CA:
- Edit /etc/ssl/openssl.cfn -> default_days = 10950 - Edit /etc/ssl/openssl.cfn -> default_bits = 4096 - Generate CAcertificate -> /usr/src/crypto/openssl/apps/CA.pl -newca cp demoCA/cacert.pem . - Edit /etc/ssl/openssl.cfn -> default_days = 365
Create a key:
/usr/src/crypto/openssl/apps/CA.pl -newreq
Remove passphrase from key:
openssl rsa -in newkey.pem -out key.pem
Sign key:
/usr/src/crypto/openssl/apps/CA.pl -sign
Set permissions:
chmod 0600 *
Sendmail:
define(`confCACERT_PATH',`/etc/mail/certs') define(`confCACERT',`/etc/mail/certs/cacert.pem') define(`confSERVER_CERT',`/etc/mail/certs/newcert.pem') define(`confSERVER_KEY',`/etc/mail/certs/key.pem') define(`confCLIENT_CERT',`/etc/mail/certs/newcert.pem') define(`confCLIENT_KEY',`/etc/mail/certs/key.pem') DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl > Add client CERTS to me /etc/mail/certs C=FileName_of_CA_Certificate ln -s $C `openssl x509 -noout -hash < $C`.0
Make sure demoCA/index.txt.attr has the content:
unique_subject = no
Renew the certificate then with:
cd /etc/mail/certs/ /usr/src/crypto/openssl/apps/CA.pl -sign cd /etc/mail make restart
To configure a server as a backup MX we must create a second MX entry in the zone file which points to the backup mx with a higher number.
Then create an entry in mailertable on the backup machine:
domain smtp:mail.domain
Now edit the access:
To:domain RELAY