垃圾邮件过虑    exchange 2019(暂时不支持SCL 规则,可以用黑白名单和灰名单功能)

https://efa-project.org/ 下载虚拟机

clipboard

连接到ESXI虚拟机,选择下载的OVF文件 布署虚拟机

clipboard

登陆控制台设置 ,密码是:EfaPr0j3ct

clipboard

接下来配置

clipboard

按照以下设置,输入OK 就会自动配置

clipboard

(sudo /usr/local/sbin/EFA-Configure)

Choose option 14) Update Now (更新到最新系统 EFA-3.0.2.6)

clipboard[1]

构建系统后,您需要遵循正常的初始配置

EFA配置选项8)邮件设置 - >选项1)出站邮件中继

clipboard

EFA配置选项8“出站智能主机”(8,2)“智能主机:已禁用”,因为您希望EFA直接发送邮件

clipboard

EFA配置选项8“传输设置” “(8,4)as”domain.com“”<您的交换服务器的内部IP地址“

image

EFA配置选项9“垃圾邮件设置” “(9,1)非垃圾邮件设置

禁用非垃圾邮件签名:是(此设置取决于您是否需要EFA水印,我禁用它,因为我们(IT管理员)管理垃圾邮件而不是用户

image


1)您应该在端口587上使用SUBMISSION。这需要为此正确设置Postfix。

编辑:/etc/postfix/master.cf    (开启587端口,启用加密连接)

并取消注释:

#submission inet n - n - - smtpd

使它看起来像这样:

submission inet n - n - - smtpd

clipboard

EFA 3.0.2.5与Active Directory集成(win server 2019)

请安装 php-ldap

yum install lrzsz -y

yum install php-ldap –y


vi /var/www/html/mailscanner/conf.php(编辑后重启系统)

define('USE_LDAP', true);

define('LDAP_SSL', false);

define('LDAP_HOST', '192.168.32.51');

define('LDAP_PORT', '389');

define('LDAP_DN', 'OU=email,DC=test,DC=com');

define('LDAP_USER', 'test@test.com);

define('LDAP_PASS', '123456');

define('LDAP_SITE', 'Default-First-Site-Name');

define('LDAP_FILTER', 'proxyAddresses=smtp:%s', 'mail=%s');

define('LDAP_PROTOCOL_VERSION', 3);

define('LDAP_EMAIL_FIELD', 'mail');

define('LDAP_USERNAME_FIELD', 'cn');

define('LDAP_MS_AD_COMPATIBILITY', true);

image


vi /etc/hosts (添加exchange服务器IP和域名)

image

设置垃圾邮件不修改主题

vi /etc/MailScanner/MailScanner.conf

clipboard

/etc/init.d/spamassassin restart

exchange 设置垃圾邮件过滤(打开exchange shell)

Set-ContentFilterConfig -SCLRejectThreshold 9 -SCLRejectEnabled $false -SCLDeleteEnabled $false -SCLQuarantineEnabled $false


添加规则

New-TransportRule -Name "EFA to Junk Folder" -HeaderMatchesMessageHeader "X-Spam-Status" -HeaderMatchesPatterns "Yes" -SetSCL 9 -Comments "This rule moves spam messages from the EFA filter to the users junk mail folder."

clipboard


防火墙端口开放25和587

vi /etc/sysconfig/iptables

clipboard

mysql的root密码 存放在 /etc/EFA-Config

注意:如果安装后收不到邮件 请查看外网DNS A和MX记录是否正常

登陆EFA管理平台(可以用管理员和域账号登陆) 加黑名单或报告为垃圾邮件

网址 https://IP

clipboard

点击要加黑名单或加垃圾邮件

clipboard

翻到最底下网页,添加黑白名单 和标记为垃圾邮件并上报

image

登陆webmin管理平台

clipboard

设置为中文

clipboard

点击服务器设置---postfix配置---查看队列或相关设置

clipboard

灰名单配置文件

vi /etc/sqlgrey/sqlgrey.conf

image

重启灰名单服务(一些相关服务重启)

service sqlgrey restart

service spamassassin restart

service webmin restart

service clamd restart

service MailScanner restart

service postfix restart


vi /etc/MailScanner/MailScanner.conf  (垃圾邮件评分设置,按实际要求设置)

clipboard


效果

clipboard[60]

安装fail2ban  自动拦截邮件***

yum install fail2ban –y

# vi /etc/fail2ban/jail.conf

最后一行添加如下:

[postfix]

enabled = true

filter = postfix

action = iptables[name=postfix, port=25, protocol=tcp]

ignoreip = 127.0.0.1

logpath = /var/log/maillog

bantime = 86400

findtime = 120

maxretry = 3

/etc/fail2ban/filter.d中编辑或新加文件,文件名一定要跟上一步jail.conf配置文件中的“filter=”对应

POSTFIX

vi /etc/fail2ban/filter.d/postfix.conf

# Fail2Ban configuration file

#

# Author: Cyril Jaquier

#

# $Revision: 510 $

#

[Definition]

# Option: failregex

# Notes.: regex to match the password failures messages in the logfile. The

# host must be matched by a group named "host". The tag "<HOST>" can

# be used for standard IP/hostname matching and is only an alias for

# (?:::f{4,6}:)?(?P<host>\S+)

# Values: TEXT

#

failregex = warning: (.*)\[<HOST>\]: SASL LOGIN authentication failed:

reject: RCPT from (.*)\[<HOST>\]: 550 5.1.1

reject: RCPT from (.*)\[<HOST>\]: 450 4.7.1

reject: RCPT from (.*)\[<HOST>\]: 554 5.7.1

reject: RCPT from (.*)\[<HOST>\]: 554 5.5.2

reject: RCPT from (.*)\[<HOST>\]: 504 5.5.2

reject: RCPT from (.*)\[<HOST>\]: 450

reject: RCPT from (.*)\[<HOST>\]: 554

# Option: ignoreregex

# Notes.: regex to ignore. If this regex matches, the line is ignored.

# Values: TEXT

#

ignoreregex =


启动fail2ban

# /etc/init.d/fail2ban start


启动fail2ban

# /etc/init.d/fail2ban start