Ubuntu-fr

Nmyennemy

postifx+mysql+dspam+clamav+procmail

bonjour a tous,

voila j 'ai monte un serveur mail sur une etch

tout fonctionne,cad qu il envoit recoit et scanne les e-mails entrants mais je voudrais aussi qu il scanne les e-mail sortants...mais la je patauge...

voici mon main.cf
myhostname = monserveur
mydomain = mondomaine
myorigin = $mydomain
mynetworks = 127.0.0.0/8, 9monippub

2bounce_notice_recipient = admin
bounce_notice_recipient = admin
bounce_service_name = bounce
double_bounce_sender = double-bounce
error_notice_recipient = admin
show_user_unknown_table_name = no

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
#inet_interfaces = 127.0.0.1, monippub
inet_interfaces = all

sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq

nested_header_checks =
mime_header_checks = regexp:/etc/postfix/mime_checks

smtpd_banner = Server $myhostname  ESMTP
bounce_queue_lifetime = 1d
maximal_queue_lifetime = 1d
delay_warning_time = 1h
#bounce_template_file = /etc/postfix/bounce.cf

# message_size_limit : email size allowed by Postfix (here, around 40 MB)
message_size_limit = 40971520
# mailbox_size_limit only applies to local mailboxes.
# we do NOT use local mailboxes but still set it *just in case*
mailbox_size_limit = 1048576000
# The minimal amount of free space in bytes in the queue file system that is needed to receive mail (around 150 Mb here)
queue_minfree = 150000000

setgid_group = postdrop
mail_owner = postfix
notify_classes = resource,software

disable_vrfy_command = yes
smtpd_helo_required = yes
biff = no

smtpd_error_sleep_time = 10s
smtpd_hard_error_limit = 5
smtpd_soft_error_limit = 2

default_process_limit = 50

anvil_rate_time_unit = 60s
anvil_status_update_time = 600s

append_at_myorigin = yes
ppend_dot_mydomain = no

# Client restrictions : which clients postfix will accept in SMTP connections
# Allowing LAN users, SASL authenticated users.
# Else, RBL checks against the client. If client is listed, the SMTP connection is discarded and is not going to the next step (MAIL FROM).
smtpd_client_restrictions =
    permit_mynetworks
    # permit_sasl_authenticated required, without that, the remote client would be checked against the RBL
    # If listed in the RBL, your trusted client would not be able to send using SMTP AUTH !
    permit_sasl_authenticated
    reject_rbl_client sbl-xbl.spamhaus.org
    reject_rbl_client list.dsbl.org

# Sender restrictions : what postfix will accept in MAIL FROM command   
# Reject non FQDN email address from senders (as required by the RFC)
smtpd_sender_restrictions =
    reject_non_fqdn_sender

# Recipient restrictions : what postfix will accept in the RCPT TO command   
# Relay : will allow users on the LAN, SASL authenticated users.
# Will reject anything else unless "RCPT TO" matches relay_domains or Postfix is the final destination
smtpd_recipient_restrictions =
    permit_mynetworks
    # allow SMTP authenticated users
    permit_sasl_authenticated
    reject_unauth_destination
    check_policy_service unix:private/policy

# The following is needed for any setting that uses the proxy:mysql scheme
proxy_read_maps =
    $virtual_alias_maps
    $virtual_mailbox_maps
    $virtual_mailbox_domains
    $virtual_mailbox_limit_maps

# MySQL + virtual mailboxes + quota
virtual_mailbox_base = /var/spool/maildirs
virtual_mailbox_maps = proxy:mysql:/etc/postfix/vmailsql/vmailbox
virtual_mailbox_domains = proxy:mysql:/etc/postfix/vmailsql/vdomain
virtual_alias_maps = proxy:mysql:/etc/postfix/vmailsql/valias
# transport_maps used for autoreply/vacation system and DSPAM retrain
# virtual_transport for regular virtual domains
transport_maps = hash:/etc/postfix/transport
virtual_transport = virtual
# IMPORTANT uid and gid 1001 = vmail
virtual_minimum_uid = 1001
virtual_uid_maps = static:1001
virtual_gid_maps = static:1001
local_recipient_maps = $virtual_mailbox_maps
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
# virtual_mailbox_limit is the very maximum quota the system should allow (here around 1 Gb)
virtual_mailbox_limit = 1048576000
# virtual_mailbox_limit_maps will check the actual quota for the mailbox
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/vmailsql/quota
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "This account is over quota"
virtual_overquota_bounce = yes

# SMTP AUTH
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

# Postfix TLS
# Always put "smtpd_tls_auth_only = yes" on smtps interface in master.cf
smtpd_tls_auth_only = no
# smtp_use_tls = no : the server won't establish a TLS connection with remote servers offering STARTTLS
smtp_use_tls = yes
# smtpd_use_tls = no : doesn't offer STARTTLS to remote servers
smtpd_use_tls = yes
# smtp_tls_note_starttls_offer : if set to yes, will log the STARTTLS offer made to remote servers
smtp_tls_note_starttls_offer = no
smtpd_tls_cert_file = /etc/ssl/nmy.be/smtp/smtp-cert.pem
smtpd_tls_key_file = /etc/ssl/nmy.be/smtp/smtp-key.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

# We do NOT deliver emails to local users in this set up, leave this blank
alias_database =
alias_maps = 

mon master.cf

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
# Incoming interface : header_checks, DSPAM and ClamAssassin checks
smtp    inet    n    -    n    -    -    smtpd
    -o content_filter=lmtp:unix:/var/run/dspam/dspam.sock
    -o header_checks=regexp:/etc/postfix/header_checks

# SMTPS only available for remote users using SMTP AUTH
smtps    inet    n    -    n    -    10    smtpd
    -o content_filter=signature
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_tls_wrappermode=yes
    -o smtpd_helo_restrictions=permit_mynetworks,reject_non_fqdn_hostname
    -o smtpd_client_connection_count_limit=5
    -o smtpd_client_connection_rate_limit=5

# DSPAM will reinject emails into Postfix using this interface, will then pipe the reinjected email into procmail check (clamassassin)
localhost:10026    inet    n    -    n    -    -    smtpd
    -o content_filter=procmail
    -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
    -o smtpd_helo_restrictions=
    -o smtpd_client_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o smtpd_authorized_xforward_hosts=127.0.0.0/8

# Outgoing interface : not scanning the content but appending a signature/disclaimer
#smtp      inet    n       -       n       -       -       smtpd
#    -o content_filter=signature
# Procmail for virus scan
# For flags meaning, see "man 8 pipe"
procmail                unix    -       n       n       -       10      pipe
    flags=Rq user=filter argv=/usr/bin/procmail -Y -m /etc/postfix/procmail/master.rc ${sender} -- ${recipient}

# Signature/Disclaimer
signature           unix    -       n       n       -       -       pipe
      flags=Rq user=filter argv=/etc/postfix/signature/disclaimer.sh -f ${sender} -- ${recipient}

# DSPAM Retrain (do not forget to edit /etc/postfix/transport)
dspam-retrain   unix    -       n       n       -       10      pipe
    flags=Ru user=dspam argv=/usr/bin/dspam-retrain $nexthop $sender $recipient

# Autoreply
vacation    unix  -       n       n       -       -       pipe
     flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient}

#smtp      inet  n       -       -       -       -       smtpd
#submission inet n       -       -       -       -       smtpd
#  -o smtpd_enforce_tls=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps     inet  n       -       -       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628      inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       -       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       -       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       -       -       -       smtp
    -o fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache      unix    -    -    -    -    1    scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix    -    n    n    -    2    pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}
policy      unix      -       n       n       -       -       spawn
        user=nobody argv=/usr/bin/perl /usr/lib/postfix/policyd-spf-perl

voila merci d avance

toniotonio

Re : postifx+mysql+dspam+clamav+procmail

utilise amavisd pour faire tout ca, ce sera bien plus simple

---

Tutoriaux Postfix sur www.starbridge.org/spip
Messagerie Dédiée, Relais Mail Antispam/Antivirus, Infogérance 24/7: http://www.eole-its.com

nmyennemy

Re : postifx+mysql+dspam+clamav+procmail

euh sans passer par amavisd ...mains en configurant ce que j 'ai deja