Shulou(Shulou.com)06/03 Report--

The virtual machine inserts the Centos 7 Min .ISO CD

Go to the installation option and press tab

Add inst.ks= http://dl.efa-project.org/build/4/kstesting.cfg

Press Enter to install automatically, and it takes about 60 minutes for network installation to download files around 500MB.

Installation completed

Installation configuration

Modify the network card

Vi / etc/sysconfig/network-scripts/ifcfg-ens160

Instead of using smart hosts on eFa, you will set up eFa as an outbound relay.

EFA configuration option 7) Mail Settings-> option 1) outbound Mail Relay

EFA configuration option 7 "outbound Smart Host" (7P2) "Smart Host: disabled" because you want EFA to send mail directly

EFA configuration option 7 "Transport Settings" (7p4) as "domain.com"non-spam Settings"

Disable storage of non-spam: no (this allows training false positives and recent archiving / recovery).

Disable non-spam signing: yes (this setting depends on whether you need an EFA watermark, and I disable it because we (IT administrators) manage spam rather than users. In addition, most of our users (99%) are externally exposed to EFA on the Internet. )

EFA configuration option 9 "Spam Settings" (8) Spam Settings recommended: spam Settings > Spam Settings. Enable spam delivery: yes. (this, in combination with other rules mentioned later, allows suspicious spam to enter the user's spam folder.

Integration of EFA V4 and Active Directory

Please install php-ldap (rpm-qa | grep php)

Yum install lrzsz-y

Vi / var/www/html/mailscanner/conf.php (apache https is required to restart the system after editing)

/ / LDAP settings for authentication

Define ('USE_LDAP', true)

Define ('LDAP_SSL', false)

Define ('LDAP_HOST',' 192.168.32.83')

Define ('LDAP_PORT',' 389')

Define ('LDAP_DN',' OU=email,DC=test,DC=xyz')

Define ('LDAP_USER',' test@test.xyz')

Define ('LDAP_PASS',' 123456')

Define ('LDAP_SITE',' Default-First-Site-Name')

Define ('LDAP_FILTER',' proxyAddresses=smtp:%s', 'mail=%s')

Define ('LDAP_PROTOCOL_VERSION', 3)

Define ('LDAP_EMAIL_FIELD',' mail')

Define ('LDAP_USERNAME_FIELD',' cn')

Define ('LDAP_MS_AD_COMPATIBILITY', true)

Vi / etc/hosts (add exchange server IP and domain name)

192.168.32.83 mail.test.xyz

Set spam not to modify the subject

Vi / etc/MailScanner/MailScanner.conf

Spam Subject Text =

/ etc/init.d/spamassassin restart

Exchange sets up spam filtering

Add Rul

New-TransportRule-Name "EFA to Junk Folder"-HeaderMatchesMessageHeader "X-Spam-Status"-HeaderMatchesPatterns "Yes"-SetSCL 9-Comments "This rule moves spam messages from the EFA filter to the users junk mail folder."

Step 2: restart the Microsoft Exchange transport service using the command line manager

Run the command: Restart-Service MSExchangeTransport

Restart the service

Service sqlgrey restart

Service spamassassin restart

Service webmin restart

Service clamd restart

Service MailScanner restart

Service postfix restart

MailScanner-lint

Spamassassin-D-lint (Reload Rule)

Install fail2ban to automatically intercept email * *

Yum install fail2ban-y

# vi / etc/fail2ban/jail.conf

The last line is added as follows:

[postfix]

Enabled = true

Filter = postfix

Action = iptables-allports [name=postfix, port=25, protocol=tcp]

Ignoreip = 127.0.0.1

Logpath = / var/log/maillog

Bantime = 6048000

Findtime = 120

Maxretry = 3

[postfix-ddos]

Enabled = true

Filter = postfix-ddos

Action = iptables-allports [name=MAIL, protocol=all]

Logpath = / var/log/maillog

Maxretry = 2

Findtime = 86400

Bantime = 604800

Edit or add a file in / etc/fail2ban/filter.d, and the file name must correspond to the "filter=" in the previous jail.conf configuration file.

POSTFIX

Vi / etc/fail2ban/filter.d/postfix.conf

# Fail2Ban configuration file

#

# Author: Cyril Jaquier

#

# $Revision: 510 $

#

[Definition]

# Option: failregex

# Notes.: regex to match the password failures messages in the logfile. The

# host must be matched by a group named "host". The tag "" can

# be used for standard IP/hostname matching and is only an alias for

# (?: F {4jue 6}:) (? P\ S+)

# Values: TEXT

#

Failregex = warning: (. *)\ [\]: SASL LOGIN authentication failed:

Reject: RCPT from (. *)\ [\]: 550 5.1.1

Reject: RCPT from (. *)\ [\]: 450 4.7.1

Reject: RCPT from (. *)\ [\]: 554 5.7.1

Reject: RCPT from (. *)\ [\]: 554 5.5.2

Reject: RCPT from (. *)\ [\]: 504 5.5.2

Reject: RCPT from (. *)\ [\]:

Reject: RCPT from (. *)\ [\]: 554

Reject: RCPT from (. *)\ [\]: 554 5.7.1

# Option: ignoreregex

# Notes.: regex to ignore. If this regex matches, the line is ignored.

# Values: TEXT

#

Ignoreregex =

-

Vi / etc/fail2ban/filter.d/postfix-ddos.conf

# Fail2Ban filter for Postfix DDOS attacks # [INCLUDES] before = common.conf [Definition] _ daemon = postfix/ (submission/)? smtp (d | s) failregex = ^% (_ prefix_line) sNOQUEUE: reject: RCPT from\ S+\ [\]: 4504\ .7\ .1 Client host rejected: cannot find your hostname, (\ [\ S*\]); from= to= proto=ESMTP helo=$ ^% (_ prefix_line) sNOQUEUE: reject: RCPT from\ S+\ [\]: 4504\ .7\ .1: Helo command rejected Host not found: From= to= proto=ESMTP helo= * $^% (_ _ prefix_line) sNOQUEUE: reject: RCPT from\ S+\ [\]: 4544\ .7\ .1 Service unavailable Client host\ [\ S+\] blocked using. * from= to= proto=ESMTP helo=$ ^% (_ _ prefix_line) sNOQUEUE: reject: VRFY from\ S+\ [\]: 555\ .1\ .1. * $^% (_ _ prefix_line) sNOQUEUE: reject: RCPT from\ S+\ [\]: 504 5\ .5\ .2. * $^% (_ prefix_line) sNOQUEUE: reject: RCPT from\ S+\ [\]: 554 5\ .7\. 1. * $% Prefix_line) simproper command pipelining after\ S+ from [^ [] *\ [\]:? $% (_ prefix_line) slost connection after\ S+ from [^ [] *\ [\]:? $^% (_ prefix_line) swarning: [-. _\ w] +\ [\]: SASL ((?) LOGIN | PLAIN | (?: CRAM | DIGEST)-MD5) authentication failed (: [A-Za-z0-9 steps:] * = {0Cool 2})? _ _ prefix_line) sstatistics: max connection rate\ S+ for\ (smtp:\):? $ignoreregex = lost connection after. * from unknown\ [unknown\] $authentication failed: Connection lost to authentication server$ statistics: max connection rate. * for\ (smtp:unknown\). * $[Init] journalmatch = _ SYSTEMD_UNIT=postfix.service # Author: kn007

Start fail2ban

Systemctl start fail2ban

View intercepting fail2ban

Fail2ban-client status postfix

Firewalld is used by default in firewall after CentOS7 version.

Systemctl start firewalld

Yum install-y iptables-services

Service iptables start

Vi / etc/sysconfig/iptables

-An INPUT-p tcp-m state-- state NEW-m tcp-- dport 80-j ACCEPT

-An INPUT-p tcp-m state-- state NEW-m tcp-- dport 587-j ACCEPT

-An INPUT-p tcp-m state-- state NEW-m tcp-- dport 22-j ACCEPT

-An INPUT-p tcp-m state-- state NEW-m tcp-- dport 25-j ACCEPT

-An INPUT-p tcp-m state-- state NEW-m tcp-- dport 10000-j ACCEPT

-An INPUT-p tcp-m state-- state NEW-m tcp-- dport 443-j ACCEPT

Test email content filtering

The text content of the test message sent is as follows:

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Test anti-virus messages

The text content of the test message sent is as follows:

X5OREP% interview AP [4\ PZX54 (P^) 7CC) 7} $EICARMI STANDARDMI ANTIVIRUSMUSMUSMUSMUSMUSMUSMUSMULFILEQUM FILECTHH *

Turn off MailScanner to scan signatures for email content

Vi / etc/MailScanner/MailScanner.conf

Dangerous Content Scanning = no

Sign the sent message

Vi / etc/Mailscanner/Mailscanner.conf

Sign Clean Messages = no

This option is turned on by default, which means that MailScanner scans the content of the message, but it is too strict and will filter out a lot of html messages, so I turned it off.

Systemctl restart mailscanner.service

Virus Scanners = clamd

Set up antivirus software, if you use clamav, then Virus Scanners = clamav.

Vi / etc/MailScanner/MailScanner.conf

On line 2242

Required SpamAssassin Score = 4

(highly rated spam delivery)

High Scoring Spam Actions = deliver header "X-Spam-Status:Yes"

Systemctl restart mailscanner.service

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.