Spam Control For Postfix - Page 2

6) Restart Postfix and Spamassassin

/etc/init.d/postfix restart
/etc/init.d/spamassassin restart

 

7) Copy the mailgraph CGI script to your websites CGI-BIN:

cp -p /usr/lib/cgi-bin/mailgraph.cgi /var/www/www.example.com/cgi-bin

 

8) Create and CHMOD the postfix_report.sh script:

nano /usr/local/sbin/postfix_report.sh

Paste the following into the script:

#!/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

pflogsumm /var/log/mail.log | formail -c -I"Subject: Mail Statistics" -I"From: [email protected]" -I"To: [email protected]" -I"Received: from www.example.com ([ 127.0.0.1])" | sendmail [email protected]

##gzip /var/log/mail.log.0
exit 0

chmod 755 /usr/local/sbin/postfix_report.sh

 

9) Edit the RSYSLOG file so that your mail.log rotates daily and to set up an automatic email with postfix statistics:

nano /etc/logrotate.d/rsyslog

Delete the line that says /var/log/mail.log and add this at the VERY bottom of the file:

/var/log/mail.log
{
        rotate 7
        daily
        missingok
        notifempty
        delaycompress
        compress
        prerotate
              /usr/local/sbin/postfix_report.sh > /dev/null
        endscript
        postrotate
                invoke-rc.d rsyslog reload > /dev/null
        endscript
}

With this, every time the mail.log rotates (usually around 6am by default) you will get a detailed email about what Postfix has delivered, not delivered, greylisted, and so on.

So now you're all done! What did you do? You installed blacklist filters, greylisting, graphing for on-the-fly information about Postfix, daily emails with detailed Postfix stats, created a spam trap, and other minor things to make your mailserver a lot more secure and less susceptible to spam.

IMPORTANT: Let me know what you all do. Please respond with your choice, if you use it, and how well it worked. If there's much of a use, I will keep building upon the instructions and make it even better (hopefully). Responses are in the form of thread messages.

 

BONUS INSTRUCTIONS:

If you use the script I posted below, that gives you GREYLISTING SPECIFIC STATS, do the following:

1) DELETE it from having a CRONJOB if you added one originaly. Most likely, you did.

2) Open the RSYSLOG file again.

3) Modify the above entry so that it looks like this:

/var/log/mail.log
{
        rotate 7
        daily
        missingok
        notifempty
        delaycompress
        compress
        prerotate
          /path/to/the/greylist_script.sh > /dev/null
              /usr/local/sbin/postfix_report.sh > /dev/null
        endscript
        postrotate
                invoke-rc.d rsyslog reload > /dev/null
        endscript
}

Make sure that the /path/to/the/greylist_script.sh > /dev/null matches the exact path to the script you were using.

Here is the greylist_script.sh:

#!/bin/sh

LOGFILE=/tmp/greylist-statistics
YOURMAIL=[email protected]

echo "Total amount of GreyListed messages
" > $LOGFILE
cat /var/log/mail.log | /usr/bin/postgreyreport --delay=300 >> $LOGFILE
echo -ne  "-------------------------------------\n" >> $LOGFILE
echo -ne  "-------------------------------------\n" >> $LOGFILE
echo "Get only the top 20 sources getting greylisted out
" >> $LOGFILE
cat /var/log/mail.log | postgreyreport | awk '{print $1}' | sort | uniq -c | sort -nr | head -n20 >> $LOGFILE
echo -ne  "-------------------------------------\n" >> $LOGFILE
echo -ne  "-------------------------------------\n" >> $LOGFILE
echo "Get a list of the top 20 email address that the greylisted sources are sending email to
"  >> $LOGFILE
cat /var/log/mail.log | postgreyreport | awk '{print $4}'  | sort  | uniq -c | sort -nr | head -n20 >> $LOGFILE
echo -ne  "-------------------------------------\n" >> $LOGFILE
echo -ne  "-------------------------------------\n" >> $LOGFILE
cat $LOGFILE | mail -s "Greylisting Statistics of `hostname` for `date +%Y-%m-%d`" $YOURMAIL

Edit the following parts of the above script:

1) Change the YOUREMAIL = line so that it goes to your personal mail box. This will give you details on how its working.
2) Make sure that /var/log/mail.log is the correct path to your current mail.log file. Distros are different.

Set the script to chmod +700 so that it is executable:

chmod 700 /path/to/the/greylist_script.sh

Share this page:

1 Comment(s)

Add comment

Comments

From:

The bonus instructions are in reference to the thread on the ISPC3 forum.

http://www.howtoforge.com/forums/showthread.php?t=48608

However, the added script isn't necessary any longer.  It would just detail the greylisting effects.