Implementare il filtro antispam SPF in Postfix: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
mNo edit summary |
||
| Line 4: | Line 4: | ||
* Copiare file esempio | * Copiare file esempio | ||
zcat /usr/share/doc/postfix-policyd-spf-python/policyd-spf.conf.commented.gz | sudo tee /etc/postfix-policyd-spf-python/policyd-spf.conf | |||
* Impostare solo marcatura header, senza respingere. Per test: | * Impostare solo marcatura header, senza respingere. Per test: | ||
| Line 11: | Line 11: | ||
HELO_reject = False | HELO_reject = False | ||
Mail_From_reject = False | Mail_From_reject = False | ||
* Testare che non ci siano errori: | |||
/usr/bin/python3 /usr/bin/policyd-spf /etc/postfix-policyd-spf-python/policyd-spf.conf | |||
* Impostare il demone in postfix: | * Impostare il demone in postfix: | ||
| Line 16: | Line 19: | ||
policyd-spf unix - n n - 0 spawn | policyd-spf unix - n n - 0 spawn | ||
user=nobody argv=/usr/bin/ | user=nobody argv=/usr/bin/python3 /usr/bin/policyd-spf /etc/postfix-policyd-spf-python/policyd-spf.conf | ||
* Impostare il timeout: | * Impostare il timeout: | ||
Latest revision as of 11:04, 18 May 2017
- Installare
sudo apt-get install postfix-policyd-spf-python
- Copiare file esempio
zcat /usr/share/doc/postfix-policyd-spf-python/policyd-spf.conf.commented.gz | sudo tee /etc/postfix-policyd-spf-python/policyd-spf.conf
- Impostare solo marcatura header, senza respingere. Per test:
sudoedit /etc/postfix-policyd-spf-python/policyd-spf.conf
HELO_reject = False Mail_From_reject = False
- Testare che non ci siano errori:
/usr/bin/python3 /usr/bin/policyd-spf /etc/postfix-policyd-spf-python/policyd-spf.conf
- Impostare il demone in postfix:
sudoedit /etc/postfix/master.cf
policyd-spf unix - n n - 0 spawn
user=nobody argv=/usr/bin/python3 /usr/bin/policyd-spf /etc/postfix-policyd-spf-python/policyd-spf.conf
- Impostare il timeout:
sudoedit /etc/postfix/main.cf
policyd-spf_time_limit = 3600
- Impostare il check, DOPO reject_unauth_destination
sudoedit /etc/postfix/main.cf
smtpd_recipient_restrictions = ... reject_unauth_destination check_policy_service unix:private/policyd-spf ...
- Riavviare postfix:
sudo /etc/init.d/postfix restart
- Inviare un messaggio con mittente gmail, senza utilizare i server gmail. Si troverà nello stesso un'header:
Received-SPF: Softfail (domain owner discourages use of this host) identity=mailfrom; client-ip=1.2.3.4; helo=clientname envelope-from=example@gmail.com; receiver=example@example.com
- Anche nei log si potrà trovare:
Mar 28 17:42:27 emip policyd-spf[15914]: Softfail; identity=mailfrom; client-ip=1.2.3.4; helo=example; envelope-from=example@gmail.com; receiver=example@example.com
- Invece per invii legittimi l'header sarà:
Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=209.85.128.177; helo=mail-wr0-f177.google.com; envelope-from=example@gmail.com; receiver=example@example.com
- E nei log:
Mar 28 17:50:25 emip policyd-spf[16722]: Pass; identity=mailfrom; client-ip=209.85.128.177; helo=mail-wr0-f177.google.com; envelope-from=example@gmail.com; receiver=example@example.com
- Al termine, impostare il respingimento dei messaggi non adeguati:
sudoedit /etc/postfix-policyd-spf-python/policyd-spf.conf
HELO_reject = SPF_Not_Pass Mail_From_reject = Fail
- Riavviare:
sudo /etc/init.d/postfix restart
- Ritestare, usando questa volta @microsoft.com come mittente: il messaggio sarà rifiutato dal mailserver:
Mar 28 17:55:41 emip policyd-spf[19663]: Fail; identity=mailfrom; client-ip=1.2.3.4; helo=example; envelope-from=example@microsoft.com; receiver=example@example.com Mar 28 17:55:41 emip postfix/smtpd[19179]: NOQUEUE: reject: RCPT from mail.galimberti.net[1.2.3.4]: 550 5.7.1 <example@example.com>: Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=example@microsoft.com;ip=1.2.3.4;r=example@example.com; from=<example@microsoft.com> to=<example@example.com> proto=ESMTP helo=<example>