Postscreen Configuration

Discussion in 'Installation/Configuration' started by prgs1971, Aug 20, 2013.

  1. prgs1971

    prgs1971 New Member

    I have installed Debian 7 + ISPConfig 3 in my VPS following this tutorial:
    http://www.howtoforge.com/perfect-server-debian-wheezy-nginx-bind-dovecot-ispconfig-3-p3

    Now i am trying to implement spam protection and i am following this tutorial:
    http://www.howtoforge.com/hardening-postfix-for-ispconfig-3

    I am a newbie in sysadmin and i have a doubt related with Postscreen implementation in the above tutorial.

    What this mean?
    i don't understand what to do related this line:
    -o ... # Parameters moved from smtp service to the new smtpd service.
    Code:
    # Postfix master process configuration file.  For details on the format
    # of the file, see the master(5) manual page (command: "man 5 master").
    #
    # Do not forget to execute "postfix reload" after editing this file.
    #
    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (yes)   (never) (100)
    # ==========================================================================
    #smtp      inet  n       -       -       -       -       smtpd
    #          -o ...
    smtpd     pass  -       -       n       -       -       smtpd
         -o ... # Parameters moved from smtp service to the new smtpd service.(if any)
    smtp      inet  n       -       n       -       1       postscreen
    tlsproxy  unix  -       -       n       -       0       tlsproxy
    dnsblog   unix  -       -       n       -       0       dnsblog
    My current file /etc/postfix/master.cf
    Code:
    #cyrus     unix  -       n       n       -       -       pipe
    #  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
    #
    # ====================================================================
    # Old example of delivery via Cyrus.
    #
    #old-cyrus unix  -       n       n       -       -       pipe
    #  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
    #
    # ====================================================================
    #
    # See the Postfix UUCP_README file for configuration details.
    #
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    #
    # Other external delivery methods.
    #
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix  -       n       n       -       2       pipe
      flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman   unix  -       n       n       -       -       pipe
      flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      ${nexthop} ${user}
    
    dovecot   unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
    amavis unix - - - - 2 smtp
            -o smtp_data_done_timeout=1200
            -o smtp_send_xforward_command=yes
    
    127.0.0.1:10025 inet n - - - - smtpd
            -o content_filter=
            -o local_recipient_maps=
            -o relay_recipient_maps=
            -o smtpd_restriction_classes=
            -o smtpd_client_restrictions=
            -o smtpd_helo_restrictions=
            -o smtpd_sender_restrictions=
            -o smtpd_recipient_restrictions=permit_mynetworks,reject
            -o mynetworks=127.0.0.0/8
            -o strict_rfc821_envelopes=yes
            -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
    
    # by prgs1971
    # http://www.howtoforge.com/hardening-postfix-for-ispconfig-3
    # rule for python spf checker
    policy-spf  unix  -       n       n       -       -       spawn
         user=nobody argv=/usr/bin/policyd-spf
    
    How i do the implementation suggested in the tutorial?
     
  2. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    Don´t remove the smtpd from your master.cf and use the tutorial step-by-step. I betit works. ;)

    Maybe this link helps you too
     
  3. prgs1971

    prgs1971 New Member

    This morning, i think that i was able to understand how to solve my doubts expressed in this topic.

    I have applyed the changes like this:
    Code:
    #
    # Postfix master process configuration file.  For details on the format
    # of the file, see the master(5) manual page (command: "man 5 master").
    #
    # Do not forget to execute "postfix reload" after editing this file.
    #
    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (yes)   (never) (100)
    # ==========================================================================
    # by prgs1971 - Postscreen implementation - uncomment next line
    #smtp      inet  n       -       -       -       -       smtpd
    #smtp      inet  n       -       -       -       1       postscreen
    #smtpd     pass  -       -       -       -       -       smtpd
    #dnsblog   unix  -       -       -       -       0       dnsblog
    #tlsproxy  unix  -       -       -       -       0       tlsproxy
    
    # by prgs1971 - Postscreen implementation
    # http://www.howtoforge.com/hardening-postfix-for-ispconfig-3
    smtpd     pass  -       -       n       -       -       smtpd
    smtp      inet  n       -       n       -       1       postscreen
    tlsproxy  unix  -       -       n       -       0       tlsproxy
    dnsblog   unix  -       -       n       -       0       dnsblog
    Now i will install a website and see if the email is working properly and filtering the spam messages that i am used to receive.

    After i test this i will try your suggestion ;)
     
  4. prgs1971

    prgs1971 New Member

    No i notice your are the author of that blog :)

    Congratulations, last night before i go to bed i have implemented your DKIM plugin... very nice :cool:

    But your tutorial http://blog.schaal-24.de/?p=2223&lang=en needs to have somehere:
    Code:
    mkdir /etc/postfix/dkim
    Without this when you apply the path in ISPConfig you will get a error.

    To be perfect the tutorial just need to state when things are to be added in a file if they are in end or in other section of the file... My postfix stop to work because i misunderstood where to put some code in a file, because you give to files as option and just works in one of the files.

    DKIM is working now, passed in the online tests, just need to test it directly in Hotmail, Yahoo and Google.
     

Share This Page