1.Установка и начальная настройка Postfix cd /usr/ports/mail/postfix make install clean nano /etc/rc.conf sendmail_enable=»NONE» postfix_enable=»YES» #sendmail_enable=»NO» #sendmail_submit_enable=»NO» #sendmail_outbound_enable=»NO» #sendmail_msp_queue_enable=»NO» nano /etc/periodic.conf daily_clean_hoststat_enable=»NO» daily_status_mail_rejects_enable=»NO» daily_status_include_submit_mailq=»NO» daily_submit_queuerun=»NO» cat /etc/group | grep mail mail:*:6:postfix ………………….. cd /usr/local/etc/postfix/ cp main.cf main.cf~ cp master.cf master.cf~ nano main.cf nano /etc/aliases newaliases tail -f /var/log/maillog /etc/rc.d/sendmail stop /usr/local/etc/rc.d/postfix […]
Записи с меткой ‘postfix’
Установка и настройка Postfix+Dovecot+Clamav+Spamassassin на FreeBSD 9
Установка и настройка Postfix+Dovecot+Clamav+Spamassassin+Amavis на Centos 5
Установка и настройка Postfix+Dovecot+Clamav+Spamassassin+Amavis на Centos 5 1.Установка и настройка Postfix и Dovecot
1 |
<b>yum install postfix dovecot </b> |
1 |
<b>yum remove sendmail</b> |
[root@guk5 ~]# rpm -qa | grep «postfix\|dovecot» postfix-2.3.3-6.el5 dovecot-1.0.7-7.el5_7.1
1 |
Как вариант можно установить system-switch-mail |
1 |
Через <b>yum install system-switch-mail</b> |
И после этого запустить этот инструмент и выбрать Postfix как MTA по умолчанию Включение Sasl и TLS здесь описывать не буду(хотя конфиг уже включает их поддержку) Приводим /etc/postfix/main.cf к виду […]
Настройка fail2ban для защиты ssh,proftpd,exim,postfix,dovecot на Centos.
Установка fail2ban
1 |
# yum install fail2ban |
1.Настройка конфигурационного файла fail2ban
1 |
# grep -v -E '(\#|^$)' /etc/fail2ban/fail2ban.conf |
1 2 3 4 5 6 7 8 |
[Definition] loglevel = INFO logtarget = /var/log/fail2ban.log syslogsocket = auto socket = /var/run/fail2ban/fail2ban.sock pidfile = /var/run/fail2ban/fail2ban.pid dbfile = /var/lib/fail2ban/fail2ban.sqlite3 dbpurgeage = 86400 |
2.Настройка Fail2ban для мониторинга логов
1 |
# grep -v -E '(\#|^$)' /etc/fail2ban/jail.conf |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 |
[INCLUDES] before = paths-fedora.conf [DEFAULT] ignoreip = 127.0.0.1/8 159.224.XXX.YYY ignorecommand = bantime = 86400 findtime = 7200 maxretry = 5 backend = auto usedns = warn logencoding = auto enabled = false filter = %(__name__)s destemail = myuser@mydomain.com sender = root@mydomain.com mta = sendmail protocol = tcp chain = INPUT port = 0:65535 banaction = iptables-multiport action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"] action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"] action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"] action_blocklist_de = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s"] action_badips = badips.py[category="%(name)s", banaction="%(banaction)s"] action = %(action_)s ### SSH [sshd - iptables] port = 2200 logpath = /var/log/secure maxretry = 3 enabled = true filter = sshd action = %(action_mwl)s bantime = 86400 findtime = 3600 maxretry = 3 ### ProFTPD [proftpd-iptables] port = ftp,ftp-data,ftps,ftps-data enabled = true filter = proftpd action = %(action_mwl)s #action = iptables[name=ProFTPD, port=ftp, protocol=tcp] # sendmail-whois[name=ProFTPD, dest=myname@mydomain.com, sender=root@mydomain.com] logpath = /var/log/proftpd/proftpd.log bantime = 86400 findtime = 3600 maxretry = 3 ### Exim [exim-iptables] port = smtp,465,submission enabled = true filter = exim action = %(action_mwl)s # action = iptables-multiport[name=Exim, port="smtp,smtps,submission", protocol=tcp] # sendmail-whois[name=Exim, dest= myname@mydomain.com, sender=root@mydomain.com] logpath = /var/log/exim/mainlog bantime = 86400 #bantime = -1 # блокировка навсегда findtime = 3600 maxretry = 3 ### Dovecot [dovecot-iptables] port = pop3,pop3s,imap,imaps enabled = true filter = dovecot action = %(action_mwl)s # Необходимо указать файл,в котором логируются попытки аутентификации для Dovecot logpath = /var/log/secure #logpath = /var/log/maillog #logpath = /var/log/dovecot.log bantime = 86400 findtime = 3600 maxretry = 3 ### Postfix [postfix-sasl] enabled = true port = smtp,465,submission logpath = /var/log/maillog filter = postfix-sasl action = %(action_mwl)s #action = iptables[name=postfix-sasl, port=smtp,smtps,submission protocol=tcp] # sendmail-whois[name=postfix-sasl, dest=myname@mydomain.com, sender=root@mydomain.com] bantime = 604800 findtime = 3600 maxretry = 3 [postfix-iptables] enabled = true port = smtp,465,submission logpath = /var/log/maillog filter = postfix action = %(action_mwl)s #action = iptables[name=Postfix-smtp, port=smtp, protocol=tcp] # sendmail[name=Postfix-smtp, dest=myname@mydomain.com, sender=root@mydomain.com] logpath = /var/log/maillog bantime = 604800 maxretry = 3 findtime = 3600 |
3.Настройка Fail2ban фильтров для мониторинга логов Будем использовать все штатные фильтры, которые поставляются в комплекте с fail2ban SSH
1 |
# nano /etc/fail2ban/filter.d/sshd.conf |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
[Definition] _daemon = sshd failregex = ^%(__prefix_line)s(?:error: PAM: )?[aA]uthentication (?:failure|error) for .* from <HOST>( via \S+)?\s*$ ^%(__prefix_line)s(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\s*$ ^%(__prefix_line)sFailed \S+ for .*? from <HOST>(?: port \d*)?(?: ssh\d*)?(: (ruser .*|(\S+ ID \S+ \(serial \d+\) CA )?\S+ %(__md5hex)s(, client user ".*", client host ".*")?))?\s*$ ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$ ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$ ^%(__prefix_line)sUser .+ from <HOST> not allowed because not listed in AllowUsers\s*$ ^%(__prefix_line)sUser .+ from <HOST> not allowed because listed in DenyUsers\s*$ ^%(__prefix_line)sUser .+ from <HOST> not allowed because not in any group\s*$ ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$ ^%(__prefix_line)sReceived disconnect from <HOST>: 3: \S+: Auth fail$ ^%(__prefix_line)sUser .+ from <HOST> not allowed because a group is listed in DenyGroups\s*$ ^%(__prefix_line)sUser .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$ ^(?P<__prefix>%(__prefix_line)s)User .+ not allowed because account is locked<SKIPLINES>(?P=__prefix)(?:error: )?Received disconnect from <HOST>: 11: .+ \[preauth\]$ ^(?P<__prefix>%(__prefix_line)s)Disconnecting: Too many authentication failures for .+? \[preauth\]<SKIPLINES>(?P=__prefix)(?:error: )?Connection closed by <HOST> \[preauth\]$ ^(?P<__prefix>%(__prefix_line)s)Connection from <HOST> port \d+(?: on \S+ port \d+)?<SKIPLINES>(?P=__prefix)Disconnecting: Too many authentication failures for .+? \[preauth\]$ ^%(__prefix_line)spam_unix\(sshd:auth\):\s+authentication failure;\s*logname=\S*\s*uid=\d*\s*euid=\d*\s*tty=\S*\s*ruser=\S*\s*rhost=<HOST>\s.*$ ignoreregex = |
ProFTPD
1 |
# nano /etc/fail2ban/filter.d/proftpd.conf |
1 2 3 4 5 6 7 8 9 |
[Definition] _daemon = proftpd __suffix_failed_login = (User not authorized for login|No such user found|Incorrect password|Password expired|Account disabled|Invalid shell: '\S+'|User in \S+|Limit ($ failregex = ^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ USER .*: no such user found from \S+ \[\S+\] to \S+:\S+ *$ ^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ USER .* \(Login failed\): %(__suffix_failed_login)s\s*$ ^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: .* login attempted\. *$ ^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded *$ ignoreregex = |
Exim
1 |
# nano /etc/fail2ban/filter.d/exim.conf |
1 2 3 4 5 6 7 |
[Definition] failregex = ^%(pid)s %(host_info)ssender verify fail for <\S+>: (?:Unknown user|Unrouteable address|all relevant MX records point to non-existent hosts)\s*$ ^%(pid)s \w+ authenticator failed for (\S+ )?\(\S+\) \[<HOST>\](:\d+)?( I=\[\S+\](:\d+)?)?: 535 Incorrect authentication data( \(set_id=.*\)|: \d+ Time\(s$ ^%(pid)s %(host_info)sF=(<>|[^@]+@\S+) rejected RCPT [^@]+@\S+: (relay not permitted|Sender verify failed|Unknown user)\s*$ ^%(pid)s SMTP protocol synchronization error \([^)]*\): rejected (connection from|"\S+") %(host_info)s(next )?input=".*"\s*$ ^%(pid)s SMTP call from \S+ \[<HOST>\](:\d+)? (I=\[\S+\](:\d+)? )?dropped: too many nonmail commands \(last was "\S+"\)\s*$ ignoreregex = |
Dovecot
1 |
# nano /etc/fail2ban/filter.d/dovecot.conf |
1 2 3 4 5 6 7 |
[Definition] _daemon = (auth|dovecot(-auth)?|auth-worker) failregex = ^%(__prefix_line)s(%(__pam_auth)s(\(dovecot:auth\))?:)?\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=dovecot ruser=\S* rhost=<HOST>(\s+user=\$ ^%(__prefix_line)s(pop3|imap)-login: (Info: )?(Aborted login|Disconnected)(: Inactivity)? \(((auth failed, \d+ attempts)( in \d+ secs)?|tried to use (disab$ ^%(__prefix_line)s(Info|dovecot: auth\(default\)|auth-worker\(\d+\)): pam\(\S+,<HOST>\): pam_authenticate\(\) failed: (User not known to the underlying aut$ ^%(__prefix_line)s(auth|auth-worker\(\d+\)): (pam|passwd-file)\(\S+,<HOST>\): unknown user\s*$ ignoreregex = |
Postfix
1 |
# nano /etc/fail2ban/filter.d/postfix-sasl.conf |
1 2 3 4 |
[Definition] _daemon = postfix/(submission/)?smtp(d|s) failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/:]*={0,2})?\s*$ ignoreregex = |
1 |
# nano /etc/fail2ban/filter.d/postfix.conf |
1 2 3 4 5 6 7 8 |
[Definition] _daemon = postfix/(submission/)?smtp(d|s) failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.7\.1 .*$ ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 Client host rejected: cannot find your hostname, (\[\S*\]); from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$ ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 : Helo command rejected: Host not found; from=<> to=<> proto=ESMTP helo= *$ ^%(__prefix_line)sNOQUEUE: reject: VRFY from \S+\[<HOST>\]: 550 5\.1\.1 .*$ ^%(__prefix_line)simproper command pipelining after \S+ from [^[]*\[<HOST>\]:?$ ignoreregex = |
4.Проверка работы фильтра […]
Тестирование Postfix-Dovecot+Привязка SSL к Dovecot
Тестирование Postfix-Dovecot+Привязка SSL к Dovecot Postfix(25 порт) freebsd9# telnet localhost 25 Trying 127.0.0.1… Connected to localhost. Escape character is ‘^]’. 220 freebds9.kamaok.org.ua ESMTP Postfix (2.9.5) helo localhost 250 freebds9.kamaok.org.ua mail from:<test@kamaok.org.ua> 250 2.1.0 Ok rcpt to:<test@kamaok.org.ua> 250 2.1.5 Ok data 354 End data with . hi thi is test message . 250 2.0.0 Ok: queued […]
Использование виртуальных пользователей в Postfix+PostfixAdmin
Использование виртуальных пользователей в Postfix+PostfixAdmin 1.mkdir /home/vmail chmod 770 /home/vmail/ useradd -r -u 1000 -g 12 -d /home/vmail/ -c «Virtual mail» vmail chown -R vmail:mail /home/vmail/ [root@guk5 ~]# cat /etc/passwd | grep «vmail\|mail» mail:x:8:12:mail:/var/spool/mail:/sbin/nologin vmail:x:1000:12:Virtual mail:/home/vmail/:/bin/bash Настройка Postfix В /etc/postfix/main.cf добавляем local_recipient_maps = $virtual_mailbox_maps, $virtual_alias_maps mail_spool_directory = /var/spool/mail virtual_mailbox_base = /home/vmail virtual_mailbox_domains = mysql:/etc/postfix/sql/vdomains.cf virtual_mailbox_maps […]