垃圾邮件过虑 exchange 2019(暂时不支持SCL 规则,可以用黑白名单和灰名单功能)
到 https://efa-project.org/ 下载虚拟机
连接到ESXI虚拟机,选择下载的OVF文件 布署虚拟机
登陆控制台设置 ,密码是:EfaPr0j3ct
接下来配置
按照以下设置,输入OK 就会自动配置
(sudo /usr/local/sbin/EFA-Configure)
Choose option 14) Update Now (更新到最新系统 EFA-3.0.2.6)
构建系统后,您需要遵循正常的初始配置。
EFA配置选项8)邮件设置 - >选项1)出站邮件中继
EFA配置选项8“出站智能主机”(8,2)“智能主机:已禁用”,因为您希望EFA直接发送邮件
EFA配置选项8“传输设置” “(8,4)as”domain.com“”<您的交换服务器的内部IP地址“
EFA配置选项9“垃圾邮件设置” “(9,1)非垃圾邮件设置
禁用非垃圾邮件签名:是(此设置取决于您是否需要EFA水印,我禁用它,因为我们(IT管理员)管理垃圾邮件而不是用户
1)您应该在端口587上使用SUBMISSION。这需要为此正确设置Postfix。
编辑:/etc/postfix/master.cf (开启587端口,启用加密连接)
并取消注释:
#submission inet n - n - - smtpd
使它看起来像这样:
submission inet n - n - - smtpd
EFA 3.0.2.5与Active Directory集成(win server 2019)
请安装 php-ldap
yum install lrzsz -y
yum install php-ldap –y
vi /var/www/html/mailscanner/conf.php(编辑后重启系统)
define('USE_LDAP', true);
define('LDAP_SSL', false);
define('LDAP_HOST', '192.168.32.51');
define('LDAP_PORT', '389');
define('LDAP_DN', 'OU=email,DC=test,DC=com');
define('LDAP_USER', 'test@test.com);
define('LDAP_PASS', '123456');
define('LDAP_SITE', 'Default-First-Site-Name');
define('LDAP_FILTER', 'proxyAddresses=smtp:%s', 'mail=%s');
define('LDAP_PROTOCOL_VERSION', 3);
define('LDAP_EMAIL_FIELD', 'mail');
define('LDAP_USERNAME_FIELD', 'cn');
define('LDAP_MS_AD_COMPATIBILITY', true);
vi /etc/hosts (添加exchange服务器IP和域名)
设置垃圾邮件不修改主题
vi /etc/MailScanner/MailScanner.conf
/etc/init.d/spamassassin restart
exchange 设置垃圾邮件过滤(打开exchange shell)
Set-ContentFilterConfig -SCLRejectThreshold 9 -SCLRejectEnabled $false -SCLDeleteEnabled $false -SCLQuarantineEnabled $false
添加规则
New-TransportRule -Name "EFA to Junk Folder" -HeaderMatchesMessageHeader "X-Spam-Status" -HeaderMatchesPatterns "Yes" -SetSCL 9 -Comments "This rule moves spam messages from the EFA filter to the users junk mail folder."
防火墙端口开放25和587
vi /etc/sysconfig/iptables
mysql的root密码 存放在 /etc/EFA-Config
注意:如果安装后收不到邮件 请查看外网DNS A和MX记录是否正常
登陆EFA管理平台(可以用管理员和域账号登陆) 加黑名单或报告为垃圾邮件
网址 https://IP
点击要加黑名单或加垃圾邮件
翻到最底下网页,添加黑白名单 和标记为垃圾邮件并上报
登陆webmin管理平台
设置为中文
点击服务器设置---postfix配置---查看队列或相关设置
灰名单配置文件
vi /etc/sqlgrey/sqlgrey.conf
重启灰名单服务(一些相关服务重启)
service sqlgrey restart
service spamassassin restart
service webmin restart
service clamd restart
service MailScanner restart
service postfix restart
vi /etc/MailScanner/MailScanner.conf (垃圾邮件评分设置,按实际要求设置)
效果
安装fail2ban 自动拦截邮件攻击
yum install fail2ban –y
# vi /etc/fail2ban/jail.conf
最后一行添加如下:
[postfix]
enabled = true
filter = postfix
action = iptables[name=postfix, port=25, protocol=tcp]
ignoreip = 127.0.0.1
logpath = /var/log/maillog
bantime = 86400
findtime = 120
maxretry = 3
/etc/fail2ban/filter.d中编辑或新加文件,文件名一定要跟上一步jail.conf配置文件中的“filter=”对应
POSTFIX
vi /etc/fail2ban/filter.d/postfix.conf
# Fail2Ban configuration file
#
# Author: Cyril Jaquier
#
# $Revision: 510 $
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#
failregex = warning: (.*)\[<HOST>\]: SASL LOGIN authentication failed:
reject: RCPT from (.*)\[<HOST>\]: 550 5.1.1
reject: RCPT from (.*)\[<HOST>\]: 450 4.7.1
reject: RCPT from (.*)\[<HOST>\]: 554 5.7.1
reject: RCPT from (.*)\[<HOST>\]: 554 5.5.2
reject: RCPT from (.*)\[<HOST>\]: 504 5.5.2
reject: RCPT from (.*)\[<HOST>\]: 450
reject: RCPT from (.*)\[<HOST>\]: 554
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
启动fail2ban
# /etc/init.d/fail2ban start
启动fail2ban
# /etc/init.d/fail2ban start
