spam対策としてpostgreyを導入してみました。
完全に自分用のメモ〆(゚▽゚*)
全てのメールを一時的に拒否する事は少々過激な気もするけど( ̄∇ ̄)
詳細は
ここらへんを参考にして頂けたらと思います。
日本語ポータルサイト:SPAMメール対策ツールPostgrey(Postfix
Greylisting Policy Server)
※portsを最新版にしていなかったのは・・・かなり致命的だったと後から気付きました(汗
# cd /usr/ports/mail/postgrey/
&&
sub2# make install clean
===> Vulnerability check disabled
=> postgrey-1.17.tar.gz doesn't seem to
exist in /usr/ports/distfiles/.
=> Attempting to fetch from http://isg.ee.ethz.ch/tools/postgrey/pub/.
fetch: http://isg.ee.ethz.ch/tools/postgrey/pub/postgrey-1.17.tar.gz:
Multiple C hoices
=> Attempting to fetch from ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/.
fetch: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/postgrey-1.17.tar.gz:
F ile unavailable (e.g., file not found,
no access)
=> Couldn't fetch it - please try to retrieve
this
=> port manually into /usr/ports/distfiles/
and try again.
*** Error code 1
===> postgrey-1.17 Needs perl 5.6.1 or
higher, install lang/perl5.8 and try again.
===> Cleaning for db3-3.3.11_2,1
===> Cleaning for p5-BerkeleyDB-0.26
===> Cleaning for libtool-1.3.5_2
===> Cleaning for p5-IO-1.20
===> Cleaning for p5-IO-Multiplex-1.08
===> Cleaning for p5-Time-HiRes-1.66,1
===> Cleaning for p5-Net-Server-0.87
===> Cleaning for rc_subr-1.31
===> Cleaning for postgrey-1.1
perlのバージョンが古い様です。
# perl -v
This is perl, version
5.005_03 built for i386-freebsd
Copyright 1987-1999, Larry Wall
perl5.8を入れてみる(;一_一)
# cd /usr/ports/lang/perl5.8
# make install clean
===> Cleaning for
perl-5.8.5
# rehash
# use.perl port
# perl -v
This is perl, v5.8.5 built for
i386-freebsd-64int
Copyright 1987-2004, Larry Wall
postgrey-1.24.tar.gzをWget(*^^)v
# wget http://isg.ee.ethz.ch/tools/postgrey/pub/postgrey-1.24.tar.gz
--13:23:23-- http://isg.ee.ethz.ch/tools/postgrey/pub/postgrey-1.24.tar.gz
=> `postgrey-1.24.tar.gz'
Resolving isg.ee.ethz.ch... done.
Connecting to isg.ee.ethz.ch[129.132.2.198]:80...
connected.
HTTP request sent, awaiting response... 200
OK
Length: 27,444 [application/x-tar]
100%[=======================================>]
27,444 30.52K/s ETA 00:00
13:23:24 (30.52 KB/s) - `postgrey-1.24.tar.gz'
saved [27444/27444]
# cd /usr/ports/net/p5-Net-Server/
&&
make install clean
===> Vulnerability check disabled
=> Net-Server-0.87.tar.gz doesn't seem
to exist in /usr/ports/distfiles/.
=> Attempting to fetch from http://www.seamons.com/net_server/.
fetch: http://www.seamons.com/net_server/Net-Server-0.87.tar.gz:
Not Found
=> Attempting to fetch from http://www.cpan.dk/CPAN/modules/by-module/Net/.
fetch: http://www.cpan.dk/CPAN/modules/by-module/Net/Net-Server-0.87.tar.gz:
Not Found
=> Attempting to fetch from ftp://ftp.funet.fi/pub/languages/perl/CPAN/modules/by-module/Net/.
Receiving Net-Server-0.87.tar.gz (69235 bytes):
100%
69235 bytes transferred in 2.1 seconds (32.13
kBps)
===> Extracting for p5-Net-Server-0.87
=> Checksum OK for Net-Server-0.87.tar.gz.
===> p5-Net-Server-0.87 depends on file:
/usr/local/bin/perl5.8.5 - found
===> Patching for p5-Net-Server-0.87
===> p5-Net-Server-0.87 depends on file:
/usr/local/bin/perl5.8.5 - found
===> p5-Net-Server-0.87 depends on file:
/usr/local/bin/perl5.8.5 - found
===> Configuring for p5-Net-Server-0.87
Checking if your kit is complete...
Looks good
Writing Makefile for Net::Server
===> Building for p5-Net-Server-0.87
cp lib/Net/Server/Proto/UDP.pm blib/lib/Net/Server/Proto/UDP.pm
cp lib/Net/Server/Proto/UNIX.pm blib/lib/Net/Server/Proto/UNIX.pm
省略
# wget http://downloads.sleepycat.com/db-4.4.20.tar.gz
--13:50:27-- http://downloads.sleepycat.com/db-4.4.20.tar.gz
=> `db-4.4.20.tar.gz'
Resolving downloads.sleepycat.com... done.
Connecting to downloads.sleepycat.com[209.235.214.1]:80...
connected.
HTTP request sent, awaiting response... 200
OK
Length: 7,952,742 [application/x-tar]
100%[=======================================================>]
7,952,742 133.58K/s ETA 00:00
13:51:26 (133.58 KB/s) - `db-4.4.20.tar.gz'
saved [7952742/7952742]
省略
cpan> install Net::Server
Writing /usr/local/lib/perl5/site_perl/5.8.5/mach/auto/Net/Server/.packlist
FreeBSD: Registering installation in the
package database
Appending installation info to /usr/local/lib/perl5/5.8.5/mach/perllocal.pod
/usr/bin/make install -- OK
cpan> install IO::Multiplex
Running make install
Installing /usr/local/lib/perl5/site_perl/5.8.5/IO/Multiplex.pm
Installing /usr/local/lib/perl5/5.8.5/man/man3/IO::Multiplex.3
Writing /usr/local/lib/perl5/site_perl/5.8.5/mach/auto/IO/Multiplex/.packlist
FreeBSD: Registering installation in the
package database
Appending installation info to /usr/local/lib/perl5/5.8.5/mach/perllocal.pod
/usr/bin/make install -- OK
cpan> install BerkeleyDB
# wget http://k2net.hakuba.jp/pub/postgrey-namecheck.tar.gz
--15:23:00-- http://k2net.hakuba.jp/pub/postgrey-namecheck.tar.gz
=> `postgrey-namecheck.tar.gz'
Resolving k2net.hakuba.jp... done.
Connecting to k2net.hakuba.jp[210.188.204.245]:80...
connected.
HTTP request sent, awaiting response... 200
OK
Length: 3,518 [application/x-tar]
100%[=======================================================>]
3,518 137.42K/s ETA 00:00
15:23:00 (137.42 KB/s) - `postgrey-namecheck.tar.gz'
saved [3518/3518]
起動させてみる( ̄∇ ̄)
# cd /var/spool/postfix/postgrey
Mar 26 08:15:29 sub2 postgrey[20457]: Process
Backgrounded
Mar 26 08:15:29 sub2 postgrey[20457]: 2006/03/26-08:15:29
postgrey (type Net::Server::Multiplex) starting!
pid(20457)
Mar 26 08:15:29 sub2 postgrey[20457]: Binding
to TCP port 10023 on host localhost
Mar 26 08:15:29 sub2 postgrey[20457]: Setting
gid to "65533 65533"
Mar 26 08:15:29 sub2 postgrey[20457]: Setting
uid to "1006"
Mar 26 08:15:29 sub2 postgrey[20457]: warning:
WARNING: disabling DB_AUTO_COMMIT because
you are using BerkeleyDB version 3.3. Version
4.1 is required for DB_AUTO_COMMIT. You might
have problems in case of system failures
to recover the database.
# ls -l
total 520
-rw------- 1 postgrey postgrey 8192 Mar 26
08:15 __db.001
-rw------- 1 postgrey postgrey 270336 Mar
26 08:15 __db.002
-rw------- 1 postgrey postgrey 98304 Mar
26 08:15 __db.003
-rw------- 1 postgrey postgrey 16384 Mar
26 08:15 __db.004
-rw------- 1 postgrey postgrey 242907 Mar
26 08:15 log.0000000001
-rw------- 1 postgrey postgrey 65536 Mar
26 08:15 postgrey.db
-rw------- 1 postgrey postgrey 0 Mar 19 16:41
postgrey.lock
-rw------- 1 postgrey postgrey 32768 Mar
26 08:15 postgrey_clients.db
メールのログを見てみる。
ostfix/smtpd[9111]: NOQUEUE:
reject: RCPT from unknown[60.24.137.**]: 450 <○○@yumidon.com>:
Recipient address rejected: Greylisted for
300 seconds (see http://isg.ee.ethz.ch/tools/postgrey/help/yumidon.com.html);
from=<c_pugh_yk@△△.com> to=<○○@yumidon.com>
proto=ESMTP helo=<artware.com>
postfix/smtpd[9111]: NOQUEUE:
reject: RCPT from unknown[211.196.109.**]: 450
<○○@yumidon.com>:
Recipient address rejected: Greylisted for
300 seconds (see http://isg.ee.ethz.ch/tools/postgrey/help/yumidon.com.html);
from=<napoleon.rodriguesuc@□□.com>
to=<○○@yumidon.com> proto=ESMTP helo=<☆☆.com>