License

Copyright (C) 2008-2017 Oliver Bohlen.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.

A copy of the license is included in the section entitled "GNU Free Documentation License".

Introduction

This documentation comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.

Howto: Mailserver for Gentoo Linux

In this topic is a full featured mailserver described. I comes with SMTP/TLS (postfix), PAM-authentification (saslauthd), Mail-Scanner (AMAVISD-NEW), Spam-Scanner (spamassassin) and Virus-Scanner (ClamAV).
Think about to run "newaliases" if you change the /etc/mail/aliases file.
Insert the valid recipient an sender addresses in /etc/postfix/virtual_recipient and /etc/postfix/virtual_sender (Syntax: "emailaddress@yourdomain.tld cyrusmailboxname" - one per line). Then create postfix mappings with

postmap /etc/postfix/virtual_sender
postmap /etc/postfix/virtual_recipient

If you want to use this solution you need the following howto(s) finished:

Required software

The required software has to be installed with the following command(s):
emerge mail-mta/postfix
emerge dev-libs/cyrus-sasl
emerge mail-filter/amavisd-new
emerge mail-filter/spamassassin
emerge app-antivirus/clamav

Changes in /etc/amavisd.conf

File permissions:
Owner: root
Group: amavis
Permissions: -rw-r-----

Click here for a download of the complete file: /etc/amavisd.conf

Changed on 11.09.08
Issued by olli
Beginning line 504

Deliver banned and spam mails.


Before change
#$final_banned_destiny     = D_BOUNCE;  # (defaults to D_BOUNCE)
#$final_spam_destiny       = D_BOUNCE;  # (defaults to D_BOUNCE)
After change
$final_banned_destiny	= D_PASS;
$final_spam_destiny	= D_PASS;

Changed on 11.09.08
Issued by olli
Beginning line 610

Warns the reciver of getting a mail with banned or virus content.


Before change
#$warnvirusrecip = 1;	# (defaults to false (undef))
#$warnbannedrecip = 1;	# (defaults to false (undef))
After change
$warnvirusrecip = 1;
$warnbannedrecip = 1;

Changed on 11.09.08
Issued by olli
Beginning line 817

Address where virus mails are delivered to.


Before change
$virus_quarantine_to  = 'virus-quarantine';    # traditional local quarantine
After change
$virus_quarantine_to  = "virus\@$mydomain";

Changed on 11.09.08
Issued by olli
Beginning line 836

Only quaranteine virus mails.


Before change
$banned_quarantine_to     = 'banned-quarantine';     # local quarantine
$bad_header_quarantine_to = 'bad-header-quarantine'; # local quarantine
$spam_quarantine_to       = 'spam-quarantine';       # local quarantine
After change
$banned_quarantine_to     = undef;
$bad_header_quarantine_to = "virus\@$mydomain";
$spam_quarantine_to       = undef;

Changed on 11.09.08
Issued by olli
Beginning line 1776

Some spamassassin settings


Before change
$sa_local_tests_only = 0;   # only tests which do not require internet access?
#$sa_auto_whitelist = 1;    # turn on AWL in SA 2.63 or older (irrelevant
                            # for SA 3.0, its cf option is use_auto_whitelist)

$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger
			    # (less than 1% of spam is > 64k)
			    # default: undef, no limitations

# default values, customarily used in the @spam_*_level_maps as the last entry
$sa_tag_level_deflt  = 2.0; # add spam info headers if at, or above that level;
			    # undef is interpreted as lower than any spam level
$sa_tag2_level_deflt = 6.31;# add 'spam detected' headers at that level to
                            # passed mail, adding address extensions;
$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions
			    # at or above that level: bounce/reject/drop,
			    # quarantine
$sa_dsn_cutoff_level = 9;   # spam level beyond which a DSN is not sent,
                            # effectively turning D_BOUNCE into D_DISCARD;
                            # undef disables this feature and is a default;
# see also $sa_quarantine_cutoff_level above, which only controls quarantining
After change
$sa_local_tests_only = 0;
#$sa_auto_whitelist = 1;
$sa_mail_body_size_limit = 257*1024;
$sa_tag_level_deflt  = -99;
$sa_tag2_level_deflt = 6.31;
$sa_kill_level_deflt = undef;
$sa_dsn_cutoff_level = undef;

Changed on 11.09.08
Issued by olli
Beginning line 1973

ClamAV Socket settings.


Before change
# ['ClamAV-clamd',
#   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
#   qr/\bOK$/m, qr/\bFOUND$/m,
#   qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
After change
['ClamAV-clamd',
    \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
    qr/\bOK$/m, qr/\bFOUND$/m,
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],

Changes in /etc/clamd.conf

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/clamd.conf

Changed on 10.09.08
Issued by olli
Beginning line 14

Log ClamAV to syslog


Before change
LogFile /var/log/clamav/clamd.log
After change
LogSyslog yes

Changes in /etc/cron.daily/logrotate

File permissions:
Owner: root
Group: root
Permissions: -rwx------

Click here for a download of the complete file: /etc/cron.daily/logrotate

Changed on 03.02.09
Issued by olli
Beginning line 8

Crate Spamassassin Whitelist from Horde address book and from mail logfile (sent to)

# Horde Adressbook
. /etc/profile
echo "select object_email from turba_objects" |  mysql -u root -p`gtc-crypt -a mysqlroot -p` horde4 2>&1 | grep '@' | egrep -v 'NULL|object_email|^$' | perl -pe 's/[^[:ascii:]]//g' | tr '[A-Z]' '[a-z]' | sort -u | while read mailadress; do echo "whitelist_from mail@example.com
# Mail log
cat /var/log/maillog.log | egrep 'postfix/smtp.+to=.+status=sent.+250' | perl -pe' s/ +/ /' | cut -d' ' -f7 | perl -pe 's/to=<//; s/>,//; s/[^[:ascii:]]//g' | tr '[A-Z]' '[a-z]' >/tmp/tmpmails-$$
cat /etc/spamassassin/sendto-whitelist | cut -d" " -f2 | grep '@' >>/tmp/tmpmails-$$
cat /tmp/tmpmails-$$ | sort -u | while read mail; do cat /etc/spamassassin/horde-whitelist | grep $mail >/dev/null || echo "whitelist_from mail@example.com
rm /tmp/tmpmails-$$
# Gabosh-User Mails
for i in `getent passwd | grep ':100:' | cut -d: -f1`; do echo "whitelist_from mail@example.com
for i in `cat /etc/postfix/mailaddresses | grep '@example.com' | cut -d" " -f1`; do echo "whitelist_from mail@example.com
for i in `getent group | grep "^maillist-"  | cut -d: -f1 | perl -pe 's/^maillist-//'`; do echo "whitelist_from mail@example.com
for i in `ls -1 /gtc/stable/etc/thinclient/profiles/`; do echo "whitelist_from mail@example.com
sort -u /tmp/user-whitelist >/etc/spamassassin/user-whitelist
# Restart services
/etc/init.d/spamd restart >/dev/null
/etc/init.d/amavisd restart >/dev/null
# Remove System apache Logrotate (it is in gabosh-Logrotate daily and noch weekly)
rm -f /etc/logrotate.d/apache2 /etc/logrotate.d/rsyslog
## Log Mails
strings="error|failed| fault|fehler|no such file or directory|Datei oder Verzeichnis nicht gefunden|permission denied|zugriff verweigert|out of memory|segmentation|Speicherzugriffsfehler| ERR: |\" 4.. |\" 5.. |sshd.+ Accepted .+ for .+ from |password for .+ changed|unable to open|Address family not supported by protocol"
excludes="/var/log/emerge.log|fail2ban.+INFO|amavis.+Defaulting.+ID |\" 404 |\" 401 | error: maximum authentication attempts exceeded for | pam_ldap: error trying to bind as user| pam_ldap: error trying to bind as user| error: PAM: Authentication failure for illegal user| Failed keyboard-interactive/pam for|RSA SHA256:hR/QDTe0cMXSQQ9FHXmUAHEcqb2YPftW9kTUxAeprwc| warning: SASL authentication failure: Password verification failed| warning: .+: SASL PLAIN authentication failed: authentication failure|imaps.+Password verification failed|mate-session|sshd.+error: PAM: Authentication failure for|named.+query failed .SERVFAIL. for|pulseaudio.+Failed to connect to "
# Over all logs
egrep -r -a -i "$strings" /var/log/*.log /var/log/*/*.log /var/log/apache2/*log /opt/horde/horde.log /opt/horde-test/horde.log | egrep -v "$excludes" | mail -E -s "Logs `date`" olli
# Errors in postqueue
postqueue -p 2>&1 | egrep -e "$strings" |  mail -E -s "Postqueue Fehler" olli

Changes in /etc/cron.daily/spamassassinupdate

File permissions:
Owner: root
Group: root
Permissions: -rwxr-xr-x

Click here for a download of the complete file: /etc/cron.daily/spamassassinupdate

Changed on 15.09.14
Issued by olli
Beginning line 2

Daily Spamassassin Update

date >>/var/log/sa-update.log 2>&1
sa-update -v >>/var/log/sa-update.log 2>&1
/etc/init.d/spamd restart >>/var/log/sa-update.log 2>&1
/etc/init.d/amavisd restart >>/var/log/sa-update.log 2>&1

Changes in /etc/crontab

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/crontab

Changed on 04.06.13
Issued by olli
Beginning line 37

Update Mail addresses for each User.

30 * * * *      root    /usr/local/sbin/mailaddresses.sh 2>&1 | mail -E -s "Mail Adresses Update" root

Changes in /etc/freshclam.conf

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/freshclam.conf

Changed on 10.09.08
Issued by olli
Beginning line 17

Log ClamAV to syslog


Before change
UpdateLogFile /var/log/clamav/freshclam.log
After change
LogSyslog yes

Changes in /etc/mail/aliases

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/mail/aliases

Changed on 11.09.08
Issued by olli
Beginning line 35

This sends mails to root or virusadmin so the admin Users (This user has to esxist with a mailbox). Change it to your personal needs.

root:		admin
virusalert:	admin

Changes in /etc/mail/spamassassin/local.cf

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/mail/spamassassin/local.cf

Changed on 11.09.08
Issued by olli
Beginning line 54

This is my basic configuration for spamassassin. Change ist to your needs or leave it as it is.


report_safe 0
use_pyzor 0
use_bayes 1
score BAYES_00 0
score BAYES_05 0.5
score BAYES_10 1
score BAYES_15 1.5
score BAYES_20 2
score BAYES_25 2.5
score BAYES_30 3
score BAYES_35 3.5
score BAYES_40 4
score BAYES_45 4
score BAYES_50 5
score BAYES_55 5
score BAYES_60 5.5
score BAYES_65 5.5
score BAYES_70 6
score BAYES_75 6
score BAYES_80 7
score BAYES_85 7
score BAYES_90 8
score BAYES_95 8
score BAYES_99 9
score HTML_MESSAGE 1
score MISSING_SUBJECT 0.2

dns_available no
bayes_auto_learn 1 
bayes_auto_learn_threshold_nonspam 0.1 
bayes_auto_learn_threshold_spam 10
bayes_min_spam_num 10
bayes_min_ham_num 10
skip_rbl_checks 1

body LOCAL_GELD /Geld/i
describe LOCAL_GELD Suche nach Schlagwort Geld
score LOCAL_GELD 0.5

body LOCAL_AUSZAHLUNG /Auszahlung/i
describe LOCAL_AUSZAHLUNG Suche nach Schlagwort Auszahlung
score LOCAL_AUSZAHLUNG 0.5

body LOCAL_KONTO /Konto/i
describe LOCAL_KONTO Suche nach Schlagwort Konto
score LOCAL_KONTO 0.5

body LOCAL_ROULETTE /Roulette/i
describe LOCAL_ROULETTE Suche nach Schlagwort Roulette
score LOCAL_ROULETTE 10.0

header LOCAL_FDISCOUNT From =~ /Discount/i
describe LOCAL_FDISCOUNT From: Discount
score LOCAL_FDISCOUNT 15

header LOCAL_MOZILLA From =~ /mozilla/i
describe LOCAL_MOZILLA From: mozilla
score LOCAL_MOZILLA -5

body LOCAL_ROULETTE_RULE /Roulette/i
describe LOCAL_ROULETTE_RULE Suche nach Schlagwort Roulette
score LOCAL_ROULETTE_RULE 3

body LOCAL_DISCOUNT_RULE /Discount/i
describe LOCAL_DISCOUNT_RULE Suche nach Schlagwort Discount
score LOCAL_DISCOUNT_RULE 3

body LOCAL_WINDOWS_RULE /Windows/i
describe LOCAL_WINDOWS_RULE Suche nach Schlagwort Windows
score LOCAL_WINDOWS_RULE 2

body LOCAL_HANDEL_RULE /Handel/i
describe LOCAL_HANDEL_RULE Suche nach Schlagwort Handel
score LOCAL_HANDEL_RULE 1.5

body LOCAL_DISCOUNT_RULE /Discount/i
describe LOCAL_DISCOUNT_RULE Suche nach Schlagwort Discount
score LOCAL_DISCOUNT_RULE 3

header LOCAL_FACEBOOK To =~ /\@groups.facebook.com/i
describe LOCAL_FACEBOOK To: groups.facebook.com
score LOCAL_FACEBOOK -2

header LOCAL_FACEBOOK2 From =~ /notification.+\@facebookmail.com/i
describe LOCAL_FACEBOOK2 From: facebookmail.com
score LOCAL_FACEBOOK2 -7

header LOCAL_DHL From =~ /paket\@dhl.de/i
describe LOCAL_DHL From: mail@example.com
score LOCAL_DHL -4

body LOCAL_MEDIKAMENT_RULE /Medikament/i
describe LOCAL_MEDIKAMENT_RULE Suche nach Schlagwort Medikament
score LOCAL_MEDIKAMENT_RULE 0.5

body LOCAL_CANDIDA_RULE /Candida/i
describe LOCAL_CANDIDA_RULE Suche nach Schlagwort Candida
score LOCAL_CANDIDA_RULE 0.5

body LOCAL_PILZ_RULE /Pilz/i
describe LOCAL_PILZ_RULE Suche nach Schlagwort Pilz
score LOCAL_PILZ_RULE 0.5

body LOCAL_MEDIKAMENT_RULE /Medikament/i
describe LOCAL_MEDIKAMENT_RULE Suche nach Schlagwort Medikament
score LOCAL_MEDIKAMENT_RULE 1

body LOCAL_MEDIKAMENT_RULE /Medikament/i
describe LOCAL_MEDIKAMENT_RULE Suche nach Schlagwort Medikament
score LOCAL_MEDIKAMENT_RULE 1

body LOCAL_SPITZENPREIS_RULE /Spitzenpreis/i
describe LOCAL_SPITZENPREIS_RULE Suche nach Schlagwort Spitzenpreis
score LOCAL_SPITZENPREIS_RULE 2

body LOCAL_KRANKENKASSE_RULE /Krankenkasse/i
describe LOCAL_KRANKENKASSE_RULE Suche nach Schlagwort Krankenkasse
score LOCAL_KRANKENKASSE_RULE 1

body LOCAL_TARIF_RULE /Tarif/i
describe LOCAL_TARIF_RULE Suche nach Schlagwort Tarif
score LOCAL_TARIF_RULE 1

body LOCAL_OFFER_RULE /offer/i
describe LOCAL_OFFER_RULE Suche nach Schlagwort Offer
score LOCAL_OFFER_RULE 1

body LOCAL_ANGEBOT_RULE /Angebot/i
describe LOCAL_ANGEBOT_RULE Suche nach Schlagwort Angebot
score LOCAL_ANGEBOT_RULE 0.5

body LOCAL_LIQUID_RULE /Liquid/i
describe LOCAL_LIQUID_RULE Suche nach Schlagwort Liquids
score LOCAL_LIQUID_RULE 2

body LOCAL_ZIGARETTE_RULE /Zigarette/i
describe LOCAL_ZIGARETTE_RULE Suche nach Schlagwort Zigarette
score LOCAL_ZIGARETTE_RULE 2

body LOCAL_HAEMORRIDEN_RULE /H&auml;morriden/i
describe LOCAL_HAEMORRIDEN_RULE Suche nach Schlagwort H&auml;morriden
score LOCAL_HAEMORRIDEN_RULE 2

body LOCAL_HAEMORRIDEN_RULE /H&auml;morriden/i
describe LOCAL_HAEMORRIDEN_RULE Suche nach Schlagwort H&auml;morriden
score LOCAL_HAEMORRIDEN_RULE 2

body LOCAL_GEIL_RULE /geil/i
describe LOCAL_GEIL_RULE Suche nach Schlagwort Geil
score LOCAL_GEIL_RULE 3

body LOCAL_IPHONE_RULE /iPhone/i
describe LOCAL_IPHONE_RULE Suche nach Schlagwort iPhone
score LOCAL_IPHONE_RULE 0.5

body LOCAL_KOSTENLOS_RULE /kostenlos/i
describe LOCAL_KOSTENLOS_RULE Suche nach Schlagwort kostenlos
score LOCAL_KOSTENLOS_RULE 1

body LOCAL_VERTRAG_RULE /Vertrag/i
describe LOCAL_VERTRAG_RULE Suche nach Schlagwort Vertrag
score LOCAL_VERTRAG_RULE 2

body LOCAL_V1AGRA_RULE /V1agra/i
describe LOCAL_V1AGRA_RULE Suche nach Schlagwort V1agra
score LOCAL_V1AGRA_RULE 15.0

body LOCAL_FAKESPAM /\/-nix.news\?/i
describe LOCAL_FAKESPAM Suche nach Schlagwort nix.news
score LOCAL_FAKESPAM 150.0

body LOCAL_KV /Krankenversicherung/i
describe LOCAL_KV Suche nach Schlagwort Krankenversicherung
score LOCAL_KV 15.0

body LOCAL_KREDIT /Kredit/i
describe LOCAL_KREDIT Suche nach Schlagwort Kredit
score LOCAL_KREDIT 15.0

body LOCAL_SLIM /beslim/i
describe LOCAL_SLIM Suche nach Schlagwort beslim
score LOCAL_SLIM 15.0

body LOCAL_MARKETING /marketing/i
describe LOCAL_MARKETING Suche nach Schlagwort marketing
score LOCAL_MARKETING 5.0

body LOCAL_DOWNLOAD /download now/i
describe LOCAL_DOWNLOAD Suche nach Schlagwort download now
score LOCAL_DOWNLOAD 5.0

body LOCAL_HOLIDAY /holiday/i
describe LOCAL_HOLIDAY Suche nach Schlagwort holiday
score LOCAL_HOLIDAY 5.0

body LOCAL_ABNEHMEN /abnehmen/i
describe LOCAL_ABNEHMEN Suche nach Schlagwort abnehmen
score LOCAL_ABNEHMEN 5.0

body LOCAL_VIP /vip/i
describe LOCAL_VIP Suche nach Schlagwort vip
score LOCAL_VIP 5.0

body LOCAL_HEISS /heiss/i
describe LOCAL_HEISS Suche nach Schlagwort heiss
score LOCAL_HEISS 2.0

body LOCAL_SUESS /s&uuml;ss/i
describe LOCAL_SUESS Suche nach Schlagwort s&uuml;ss
score LOCAL_SUESS 1.0

body LOCAL_SUES /s&uuml;&szlig;/i
describe LOCAL_SUES Suche nach Schlagwort s&uuml;&szlig;
score LOCAL_SUES 1.0

body LOCAL_HEIS /hei&szlig;/i
describe LOCAL_HEIS Suche nach Schlagwort hei&szlig;
score LOCAL_HEIS 2.0

body LOCAL_BWL /bwl/i
describe LOCAL_BWL Suche nach Schlagwort bwl
score LOCAL_BWL 2.0

body LOCAL_TREFFEN /treffen/i
describe LOCAL_TRFFEN Suche nach Schlagwort treffen
score LOCAL_TREFFEN 1.0

body LOCAL_DREIER /dreier/i
describe LOCAL_DREIER Suche nach Schlagwort dreier
score LOCAL_DREIER 2.0

body LOCAL_PROFIL /profil/i
describe LOCAL_PROFIL Suche nach Schlagwort profil
score LOCAL_PROFIL 2.0

body LOCAL_BILD /bild/i
describe LOCAL_BILD Suche nach Schlagwort bild
score LOCAL_BILD 0.5

body LOCAL_NACHRICHT /Nachricht /i
describe LOCAL_NACHRICHT Suche nach Schlagwort Nachricht
score LOCAL_NACHRICHT 0.5

body LOCAL_BILDERSERVICE /Bilderservive/i
describe LOCAL_BILDERSERVICE Suche nach Schlagwort Bilderservice
score LOCAL_BILDERSERVICE 3.0

header LOCAL_GRATISWETTE Subject =~ /Gratiswette/i
describe LOCAL_GRATISWETTE Subject: Gratiswette
score LOCAL_GRATISWETTE  10.0

header LOCAL_GRATISWETTE2 From =~ /Gratiswette/i
describe LOCAL_GRATISWETTE2 From: Gratiswette
score LOCAL_GRATISWETTE2 10.0

body LOCAL_FREUNDSCHAFTSANFRAGE /Freundschaftsanfrage/i
describe LOCAL_FREUNDSCHAFTSANFRAGE Suche nach Schlagwort Freundschaftsanfrage
score LOCAL_FREUNDSCHAFTSANFRAGE 2.0

body LOCAL_FACEBOOKZENTRALE /Facbeook-Zentrale/i
describe LOCAL_FACEBOOKZENTRALE Suche nach Schlagwort Facbeook-Zentrale
score LOCAL_FACEBOOKZENTRALE 10.0

body LOCAL_URL /http\:\/\/.+\/............\//i
describe LOCAL_URL Suche nach Schlagwort URLs wie http://www.1u1mx.site/QCutDY9Iw8rR/
score LOCAL_URL 3.0

body LOCAL_URL2 /http\:\/\//i
describe LOCAL_URL2 Suche nach Schlagwort URLs
score LOCAL_URL2 1

body LOCAL_SAUNA /Sauna/i
describe LOCAL_SAUNA Suche nach Schlagwort SAUNAs
score LOCAL_SAUNA 0.5

header LOCAL_BEWERBUNG Subject =~ /bewerbung/i
describe LOCAL_BEWERBUNG Subject: bewerbung
score LOCAL_BEWERBUNG  -10.0

header LOCAL_AMAZONR Subject =~ /Informationen zum Ausdrucken eines R&uuml;cksendeetiketts von Amazon/i
describe LOCAL_AMAZONR Subject: Ruecksendung
score LOCAL_AMAZONR -10.0

header LOCAL_MONEY Subject =~ /money/i
describe LOCAL_MONEY Subject: money
score LOCAL_MONEY  5.0

header LOCAL_MARKETING From =~ /allround-marketing.com/i
describe LOCAL_MARKETING From: Marketing
score LOCAL_MARKETING  30.0

header LOCAL_IENTRY From =~ /ientrynetwork.net/i
describe LOCAL_IENTRY From: ientrynetwork
score LOCAL_IENTRY  30.0

header LOCAL_FAJEA From =~ /fajea.com/i
describe LOCAL_FAJEA From: Fajea
score LOCAL_FAJEA  30.0

header LOCAL_SEER From =~ /mail.internetseer.com/i
describe LOCAL_SEER From: Internetseer
score LOCAL_SEER  30.0

header LOCAL_CLIK From =~ /clik-n.com/i
describe LOCAL_CLIK From: clik-n
score LOCAL_CLIK  30.0

header LOCAL_CLIKN From =~ /c-likn.com/i
describe LOCAL_CLIKN From: c-likn
score LOCAL_CLIKN 30.0

header LOCAL_LINKEDIN From =~ /LinkedIn/i
describe LOCAL_LINKEDIN From: LinkedIn
score LOCAL_LINKEDIN 30.0

header LOCAL_DIGITALRIVER From =~ /digitalriver/i
describe LOCAL_DIGITALRIVER From: digitalriver
score LOCAL_DIGITALRIVER 30.0

header LOCAL_DIGITALRIVER From =~ /digitalriver/i
describe LOCAL_DIGITALRIVER From: digitalriver
score LOCAL_DIGITALRIVER 30.0

header LOCAL_QUOTEITFREE From =~ /quoteitfree/i
describe LOCAL_QUOTEITFREE From: quoteitfree
score LOCAL_QUOTEITFREE 30.0

header LOCAL_NEWS From =~ /news/i
describe LOCAL_NEWS From: news
score LOCAL_NEWS 3.0

body LOCAL_ASIA /日/
describe LOCAL_ASIA Suche nach ASIA-Schriftzeichen
score LOCAL_ASIA 5.0

body LOCAL_ASIA2 /顢/
describe LOCAL_ASIA2 Suche nach ASIA-Schriftzeichen
score LOCAL_ASIA2 5.0

body LOCAL_ASIA3 /죩/
describe LOCAL_ASIA3 Suche nach ASIA-Schriftzeichen
score LOCAL_ASIA3 5.0

header LOCAL_SUBJ_RUSS_CHAR Subject:raw =~ /koi8-r/i
describe LOCAL_SUBJ_RUSS_CHAR Suche nach Russisches-Charset
score LOCAL_SUBJ_RUSS_CHAR 5.0

header LOCAL_SUBJ_ASIA_CHAR Subject:raw =~ /gb2312/i
describe LOCAL_SUBJ_ASIA_CHAR Suche nach Asia-Charset
score LOCAL_SUBJ_ASIA_CHAR 5.0

body LOCAL_CLICKSERVER /clickserver/i
describe LOCAL_CLICKSERVER Suche nach CLICKSERVER
score LOCAL_CLICKSERVER 5.0

body LOCAL_WHATSAPP /whatsapp/i
describe LOCAL_WHATSAPP Suche nach WHATSAPP
score LOCAL_WHATSAPP 5.0

body LOCAL_NACHBARIN /Nachbarin/i
describe LOCAL_NACHBARIN Suche nach Nachbarin
score LOCAL_NACHBARIN 1.0

body LOCAL_ERWACHSENEN /Erwachsenen/i
describe LOCAL_ERWACHSENEN Suche nach Erwachsenen
score LOCAL_ERWACHSENEN 2.0

whitelist_to mail@example.com
whitelist_to mail@example.com
whitelist_to mail@example.com
whitelist_to mail@example.com
whitelist_to mail@example.com
whitelist_to mail@example.com
whitelist_to mail@example.com
whitelist_to mail@example.com
whitelist_to mail@example.com

whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com
whitelist_from mail@example.com

include /etc/spamassassin/horde-whitelist
include /etc/spamassassin/sendto-whitelist
include /etc/spamassassin/user-whitelist


Changes in /etc/postfix/main.cf

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/postfix/main.cf

Changed on 10.09.08
Issued by olli
Beginning line 682

This is the Postfix (SMTP) configuration.

mynetworks_style = host
inet_protocols = ipv4

default_destination_concurrency_limit = 2
mail_spool_directory = /var/spool/mail
alias_database = hash:/etc/mail/aliases
local_destination_concurrency_limit = 2

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
# Recipient Mail (RCPT TO) checks
smtpd_recipient_restrictions = permit_mynetworks, check_recipient_access hash:/etc/postfix/amavis, permit_sasl_authenticated, reject_unauth_destination
mailbox_transport = cyrus
# example.com has to be registered because of the "loop to myself" error
myhostname=example.com
mydestination = pcre:/etc/postfix/mydestinations
virtual_alias_maps = hash:/etc/postfix/mailaddresses,pcre:/etc/postfix/catchall
#local_recipient_maps = $virtual_alias_maps

# SASL SMTP authentication
smtpd_sasl2_auth_enable = yes
smtpd_sasl_local_domain =

# SSL/TLS
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/ssl/example.com/example.com.key
smtpd_tls_cert_file = /etc/ssl/example.com/example.com.crt
smtpd_tls_CAfile = /etc/ssl/example.com/letsencryptchain.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_protocols = !SSLv2, !SSLv3 
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_auth_only = yes
smtp_tls_protocols = !SSLv2, !SSLv3
tls_random_source = dev:/dev/urandom

# Sender Mail (MAIL FROM) checks
smtpd_sender_login_maps = hash:/etc/postfix/mailaddresses
smtpd_sender_restrictions = permit_mynetworks, check_sender_access hash:/etc/postfix/sender_access, reject_sender_login_mismatch, reject_unlisted_sender, permit_auth_destination, permit_sasl_authenticated
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination

# Max. size of every mail (20MB)
message_size_limit=209715200
mailbox_size_limit=209715200

# Client troubleshooting (Waiting time for new login prompt for security reasons)
smtpd_error_sleep_time = 2s
smtpd_soft_error_limit = 5
smtpd_hard_error_limit = 10

# Maximal number of recipients in one Mail (Spam prevention)
smtpd_recipient_limit = 500

# Deactivete postfix banner (for Security reasons)
smtp_banner = $myhostname ESMTP

# Allow a "-" at the beginnig of a mail address
allow_min_user = yes

# Optional for special mailrouting
#transport_maps = hash:/etc/postfix/transport

# Relay-Server. Comment it if mails should be deliveres directly. A mail relay is needed for internet connections with dynamic IPs and some other internet connections because some other mailservers doesen't trust dynamic IPs and rejects mails from them. Some provicers offers a mail relay. Some need an authentification too.
relayhost = smtp.1und1.de:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes 

# Header Checks
#header_checks = regexp:/etc/postfix/header_checks

# Sec:
disable_vrfy_command=yes
smtpd_banner=example.com

compatibility_level=2


Changes in /etc/postfix/master.cf

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/postfix/master.cf

Changed on 10.09.08
Issued by olli
Beginning line 132

Deliver local incoming mails to Cyrus

cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/usr/lib/cyrus/deliver -e -r ${sender} -m ${extension} ${user}

Changed on 10.09.08
Issued by olli
Beginning line 137

Receive mails scanned by amavis

# amavisd-new
smtp-amavis unix -      -       n     -       2  smtp
    -o smtp_data_done_timeout=1200
    -o lmtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20

127.0.0.1:10025 inet n  -       n     -       -  smtpd
    -o content_filter=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o smtpd_restriction_classes=
    -o mynetworks=XXX.XXX.XXX.XXX/8
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
    -o local_header_rewrite_clients=
    -o smtpd_milters=
    -o local_recipient_maps=
    -o relay_recipient_maps=

Changes in /usr/local/sbin/mailaddresses.sh

File permissions:
Owner: root
Group: root
Permissions: -rwxr-xr-x

Click here for a download of the complete file: /usr/local/sbin/mailaddresses.sh

Changed on 04.06.13
Issued by olli
Beginning line 2

Update Mail addresses for each User.

#!/bin/bash

. /etc/profile

>/tmp/mailaddresses-$$
for i in `getent group users | cut -d: -f4 | perl -pe 's/\,/ /g'`
do
 # Get Infos
 USER=`getent passwd $i | cut -d":" -f 1`
 LNAME="`getent passwd $i | cut -d':' -f 5`"
 echo "$USER@example.com $USER" >>/tmp/mailaddresses-$$
 LNAME=`echo "$LNAME" | tr '[A-Z]' '[a-z]' | perl -pe 's/&ouml;/oe/g; s/&auml;/ae/g; s/&uuml;/ue/g; s/&szlig;/ss/g; s/[^a-zA-Z0-9\.]/\./g; s/\.+/\./g; s/^\.//; s/\.$//;'`
 echo "$LNAME@example.com $USER" >>/tmp/mailaddresses-$$
done
find /tmp/mailaddresses-$$ -empty -delete
if [ -f /tmp/mailaddresses-$$ ]
then
 if [ `cat /tmp/mailaddresses-$$ | wc -l` -gt 5 ]
 then
  cat /tmp/mailaddresses-$$ /etc/postfix/mailaddresses | sort -u > /etc/postfix/mailaddresses.tmp
  cat /etc/postfix/mailaddresses.tmp >/etc/postfix/mailaddresses
  postmap /etc/postfix/mailaddresses
  rm /tmp/mailaddresses-$$ /etc/postfix/mailaddresses.tmp
 else
  echo "$0: /tmp/mailaddresses-$$ hat wegiger als 5 Zeilen: `cat /tmp/mailaddresses-$$` -> Breche Bearbeitung ab. " | mail -s "/tmp/mailaddresses-$$ hat weniger als 5 Zeilen" root
 fi
else
 echo "$0: Fehler beim Mailadressenupdate!!!"
fi

Setting up services

For starting the new service after system reboot you should add it to a runlevel with the following command(s):

rc-update add postfix 
rc-update add saslauthd default
rc-update add amavisd 
rc-update add spamd 
rc-update add clamd default

Please send a feedback to: doc<at>gabosh.net

Howto listing
File Index

Here you can find the official Gentoo Linux Forums where you can find a lot of answers.

Here a link to the official Gentoo Linux Homepage.

Edit Howto

About / Impressum

Click here for About / Impressum

Wishlist

If you want to support my work you can find my Amazon whishlist here