11 Amavisd
Postfix will pass incomming mails to Amavis. Amavis on the other hand will pass them to Spamassassin an ClamAV. After the mails have been checked they'll be passed back to Postfix. Configure Amavis as follows.
vi /etc/amavis/conf.d/15-content_filter_mode
It should look like this:
use strict; @bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); @bypass_spam_checks_maps = ( \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); 1;
vi /etc/amavis/conf.d/50-user
It should look like this:
use strict; $pax='pax'; 1;
Afterwards add the user clamav to the amavis group and restart amavis & ClamAV.
adduser clamav amavis
/etc/init.d/amavis restart
/etc/init.d/clamav-daemon restart
/etc/init.d/clamav-freshclam restart
12 Spamassassin
In this step you'll enable additional plugins to increase spam detection.
vi /etc/spamassassin/local.cf
Add the following content to the file:
# dcc
use_dcc 1
dcc_path /usr/bin/dccproc
#pyzor
use_pyzor 1
pyzor_path /usr/bin/pyzor
#razor
use_razor2 1
razor_config /etc/razor/razor-agent.conf
#bayes
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1
vi /etc/spamassassin/v310.pre
Uncomment the line for the dcc-plugin. It should look like this:
loadplugin Mail::SpamAssassin::Plugin::DCC loadplugin Mail::SpamAssassin::Plugin::Pyzor loadplugin Mail::SpamAssassin::Plugin::Razor2 loadplugin Mail::SpamAssassin::Plugin::SpamCop loadplugin Mail::SpamAssassin::Plugin::AWL loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject loadplugin Mail::SpamAssassin::Plugin::MIMEHeader loadplugin Mail::SpamAssassin::Plugin::ReplaceTags
Now configure spamassassin to run as daemon.
vi /etc/default/spamassassin
Set ENABLED=1. It should look like this:
ENABLED=1 OPTIONS="--create-prefs --max-children 5 --helper-home-dir" PIDFILE="/var/run/spamd.pid" #NICE="--nicelevel 15" CRON=0
Afterwards start spamassassin and restart amavis.
/etc/init.d/spamassassin start
/etc/init.d/amavis restart
13 BIND Configuration
First copy a customized configuration file into the bind directory.
cp /usr/share/doc/python-mmc-base/contrib/bind/named.conf /etc/bind/
Afterwards we change the slapd starting point that it starts before bind.
update-rc.d -f slapd remove && update-rc.d slapd start 14 2 3 4 5 . stop 86 0 1 6 .
Edit the resolv configuration.
vi /etc/resolv.conf
It should look like this:
nameserver 127.0.0.1 nameserver 192.168.0.2
14 DHCP Configuration
First copy the customized configuration file into the dhcp3 directory.
cp /usr/share/doc/python-mmc-base/contrib/dhcpd/dhcpd.conf /etc/dhcp3/
vi /etc/dhcp3/dhcpd.conf
Edit the file that it fits to your needs - it should look like this:
ldap-server "localhost"; ldap-port 389; ldap-username "cn=admin, dc=example, dc=com"; ldap-password "howtoforge"; ldap-base-dn "dc=example, dc=com"; ldap-method dynamic; ldap-debug-file "/var/log/dhcp-ldap-startup.log";
15 SquidGuard/Squid Configuration
Squid with SquidGuard will be used to disable the accessibility of selected websites.
15.1 Configuration Files
15.1.1 SquidGuard
Copy the example configuration file into the squid directory, create an empty bad-domins-list (otherwise the mmc-proxy-plugin won't load) and edit the configuration file.
cp /usr/share/doc/python-mmc-base/contrib/proxy/squidGuard.conf /etc/squid/
touch /var/lib/squidguard/db/bad.destdomainlist
vi /etc/squid/squidGuard.conf
Change the line for the redirect that it looks like this:
redirect http://blocked.example.com/squidGuard.cgi?clientaddr=%a&srcclass=%s&targetclass=%t&url=%u
15.1.2 Squid
First rename the configuration file, create a new one without comments (the original configuration file has more than 4000 lines) and edit it.
cd /etc/squid/
mv squid.conf squid.conf.orig
cat squid.conf.orig | egrep "^[^#]" > squid.conf
vi squid.conf
Comment ...
http_access allow localhost
... and add the following lines to the configuration:
redirect_program /usr/bin/squidGuard
acl SSL_ports port 3128
acl our_networks src 192.168.0.0/24
http_access allow our_networks
Restart squid
/etc/init.d/squid restart
15.2 Redirect VHost
When users want to visit websites that you have disabled, they'll be redirected to blocked.example.com. Create the directory for the VHost, put the squidGuard.cgi into it and make it executable.
mkdir /var/www/squidguard/
zcat /usr/share/doc/squidguard/examples/squidGuard.cgi.gz > /var/www/squidguard/squidGuard.cgi
chmod +x /var/www/squidguard/squidGuard.cgi
Afterwards create a VHost for the redirection.
vi /etc/apache2/sites-available/http
Add this configuration:
NameVirtualHost 192.168.0.100:80
<VirtualHost 192.168.0.100:80>
ServerName blocked.example.com
ServerAdmin Administrator@example.com
DocumentRoot /var/www/squidguard/
AddHandler cgi-script .cgi
<Directory /var/www/squidguard/>
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from 192.168.0.0/24
</Directory>
ErrorLog /var/log/apache2/squidguard_error.log
CustomLog /var/log/apache2/squidguard_access.log combined
LogLevel warn
</VirtualHost>