FreeBSD-Sendmail

From IdefixWiki

Jump to: navigation, search

Contents

Using RBL blacklists

Add to your /etc/mail/<hostname>.mc the following lines: 

FEATURE(blacklist_recipients)
FEATURE(delay_checks)
FEATURE(dnsbl, `sbl-xbl.spamhaus.org', `Rejected mail from $&{client_addr} - see http://www.spamhaus.org/')dnl
FEATURE(dnsbl, `relays.ordb.org', `Rejected mail from $&{client_addr} - see http://ordb.org/')dnl
FEATURE(dnsbl, `list.dsbl.org', `Rejected mail from $&{client_addr} - see http://dsbl.org/')dnl
FEATURE(dnsbl, `china.blackholes.us',`550 Mail from $&{client_addr} rejected - see http://china.blackholes.us/')
FEATURE(dnsbl, `cn-kr.blackholes.us',`550 Mail from $&{client_addr} rejected - see http://cn-kr.blackholes.us/')
FEATURE(dnsbl, `korea.blackholes.us',`550 Mail from $&{client_addr} rejected - see http://korea.blackholes.us/')
FEATURE(dnsbl, `comcast.blackholes.us',`550 Mail from $&{client_addr} rejected - see http://comcast.blackholes.us/')
FEATURE(dnsbl, `wanadoo-fr.blackholes.us',`550 Mail from $&{client_addr} rejected - see http://wanadoo-fr.blackholes.us/')

Install the config: 

cd /etc/mail
make
make install
make restart

Installing spamassassin and clamav

Install the two ports with milter-support: 

cd /usr/ports/mail/p5-Mail-SpamAssassin/
make install clean
cd /usr/ports/security/clamav
make install clean
cd /usr/ports/mail/spamass-milter
make install clean

Enable the deamons in /etc/rc.conf: 

# enable spamd
spamd_enable="YES"
#spamd_flags="-u spamd -a -c -d -r ${spamd_pidfile}"

# enable spamassmilter
spamass_milter_enable="YES"
spamass_milter_flags="-f -m -r 7 -p ${spamass_milter_socket} -- -u spamd"

# enable clamav (virus scanner)
clamav_freshclam_enable="YES"
clamav_clamd_enable="YES"
clamav_milter_enable="YES"

Configuration for spamassassin can be found under /usr/local/etc/mail/spamassassin/local.cf.

To Configure sendmail add the following lines to the /etc/mail/<hostname>.mc file: 

INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')
INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clamav/clmilter.sock,F=, T=S:4m;R:4m')dnl

define(`confINPUT_MAIL_FILTERS', `clmilter,spamassassin')

Now start the deamons: 

/usr/local/etc/rc.d/clamav-freshclam start
/usr/local/etc/rc.d/clamav-clamd start
chown clamav /var/log/clamav/clamd.log
/usr/local/etc/rc.d/clamav-milter start
/usr/local/etc/rc.d/sa-spamd start
/usr/local/etc/rc.d/spamass-milter.sh start

Compile the config files, install them and restart sendmail with: 

cd /etc/mail
make
make install
make restart

Check the configfiles for errors.

Installing SPF

Check if sendmail has milter support: 

sendmail -d0.8 < /dev/null

 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
                NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2
                SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG

Search for the key MILTER.

At first install the milter: 

/usr/ports/mail/sid-milter
make
make install
make clean

To enable the SPF milter edit /etc/rc.conf: 

# enable SPF milter
miltersid_enable="YES"
miltersid_socket="local:/var/run/sid-filter"
miltersid_pid="/var/run/sid-filter.pid"
miltersid_flags="-r 0 -t -h"

Start the milter with: 

/usr/local/etc/rc.d/milter-sid start

Installing Greylisting

Enable SPF support by editing /etc/make.conf: 

# with SPF support
WITH_LIBSPF2="YES"

cd /usr/ports/mail/milter-greylist
make
make install
cd /usr/local/etc/mail
cp greylist.conf.sample greylist.conf

Edit the file greylist.conf to your needs, insert as last line: 

acl greylist default

To start the milter insert into /etc/rc.conf: 

miltergreylist_enable="YES"

Start it with: 

/usr/local/etc/rc.d/milter-greylist.sh start

To check logging: 

tail -f /var/log/maillog

Edit the sendmail .mc file: 

INPUT_MAIL_FILTER(`greylist', `S=local:/var/milter-greylist/milter-greylist.sock')
define(`confMILTER_MACROS_CONNECT', `j, {if_addr}')
define(`confMILTER_MACROS_HELO', `{verify}, {cert_subject}')
define(`confMILTER_MACROS_ENVFROM', `i, {auth_authen}')
define(`confMILTER_MACROS_ENVRCPT', `{greylist}')

define(`confINPUT_MAIL_FILTERS', `greylist')

SSL Key

Create a CA: 

- Edit /etc/ssl/openssl.cfn -> default_days    = 1825
- Generate CAcertificate
-> /usr/src/crypto/openssl/apps/CA.pl -newca
cp demoCA/cacert.pem .

Create a key: 

/usr/src/crypto/openssl/apps/CA.pl -newreq

Remove passphrase from key: 

openssl rsa -in newkey.pem -out key.pem

Set permissions: 

chmod 0600 *

Sendmail: 

define(`confCACERT_PATH',`/etc/mail/certs')
define(`confCACERT',`/etc/mail/certs/cacert.pem')
define(`confSERVER_CERT',`/etc/mail/certs/newcert.pem')
define(`confSERVER_KEY',`/etc/mail/certs/key.pem')
define(`confCLIENT_CERT',`/etc/mail/certs/newreq.pem')
define(`confCLIENT_KEY',`/etc/mail/certs/key.pem')

DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl


: Add client CERTS to me
/etc/mail/certs
C=FileName_of_CA_Certificate
ln -s $C `openssl x509 -noout -hash < $C`.0
Retrieved from "http://wiki.idefix.fechner.net/index.php/FreeBSD-Sendmail"
Personal tools