Virus und Spam
amavisd-new
# portmaster security/amavisd-new
You should complete the following post-installation tasks:
1) Read /usr/local/share/doc/spamassassin/INSTALL
and /usr/local/share/doc/spamassassin/UPGRADE
BEFORE enabling SpamAssassin for important changes
2) Edit the configuration in /usr/local/etc/mail/spamassassin,
in particular /usr/local/etc/mail/spamassassin/init.pre
You may get lots of annoying (but harmless) error messages
if you skip this step.
3) To run spamd, add the following to /etc/rc.conf:
spamd_enable="YES"
4) If this is a new installation, you should run sa-update
and sa-compile. If this isn't a new installation, you
should probably run those commands on a regular basis
anyway.
5) Install mail/spamass-rules if you want some third-party
spam-catching rulesets
*******************************************************************
To use amavisd-new, you need to install at least one virus scanner.
The following virus scanners are available in the FreeBSD ports
collection:
/usr/ports/security/clamav Clam Antivirus
/usr/ports/security/f-prot F-Prot Antivirus
Enable amavisd-new in /etc/rc.conf with the following line:
amavisd_enable="YES"
You can set the pidfile, if you do not use the default path:
amavisd_pidfile="/var/amavis/amavisd.pid"
Optionally enable amavisd tmp ram disk with:
amavisd_ram="512m"
If you have installed and want to use the amavis sendmail milter interface,
you need the following additional line in /etc/rc.conf:
amavis_milter_enable="YES"
If you have installed and want to use the p0fanalyzer interface,
you need the following additional lines in /etc/rc.conf
(with modifications according to your needs):
amavis_p0fanalyzer_enable="YES"
amavis_p0fanalyzer_p0f_filter="tcp dst port 25"
You can pass another command line options to p0f daemon by setting
amavis_p0f_daemon_flags and to p0f-analyzer.pl by setting
amavis_p0fanalyzer_flags.
Configuration templates are available in /usr/local/etc
as amavisd.conf.sample, amavisd.conf-default and amavisd-custom.conf.sample
Documentation is available in /usr/local/share/doc/amavisd-new.
*******************************************************************
/usr/local/etc/
clamav
# portmaster security/clamav
/usr/local/etc/
postgrey
# portmaster mail/postgrey
SPF installieren
# portmaster mail/postfix-policyd-spf-perl
Installing postfix-policyd-spf-perl-2.010... done
The service is not enabled by default. Enable it by doing the following:
1. Add the following to /etc/postfix/master.cf:
spf-policy unix - n n - 0 spawn
user=nobody argv=/usr/local/libexec/postfix-policyd-spf-perl
The user nobody is fine if you have no other daemons running as nobody.
Otherwise, you should use a dedicated user and group for this policy
service.
2. Add "spf-policy_time_limit = 3600" to main.cf.
3. Configure the Postfix policy service in /usr/local/etc/postfix/main.cf:
smtpd_recipient_restrictions =
...
reject_unauth_destination
...
check_policy_service unix:private/spf-policy
...
NOTE: Specify check_policy_service AFTER reject_unauth_destination or your
system may become an open relay.
4. Restart Postfix.