FreeBSD Postfix and ASSP notes

FreeBSD Postfix and ASSP notes

Postby stephen » Sat Sep 19, 2009 4:24 pm

I use the SPAM filtering system called ASSP (AntiSpam SMTP proxy server) on a FREEBSD server with Postfix and Stunnel.

Stunnel is used to handle SSL access from IMAP and POP3 clients
It redirects pop3s to pop3
imaps to imap

This is my stunnel.conf file
( You would replace the ip address of 103.11.111.11 with the real external ip address of the server )
# cat /usr/local/etc/stunnel/stunnel.conf
Code: Select all
; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular configuration
; Please make sure you understand them (especially the effect of chroot jail)


cert= /etc/ssl/certs/mail.xxxx.com.au.cert
key= /etc/ssl/private/mail.xxxx.com.au.nopassword.key

; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = all

; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /var/tmp/stunnel
setuid = stunnel
setgid = nogroup
; PID is created inside chroot jail
pid = /stunnel.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle

; Some debugging stuff useful for troubleshooting
debug = 7
output = /var/log/stunnel.log

; Service-level configuration

[pop3s]
accept  = 995
connect = 103.11.111.11:110

[IMAP4-SSL]
accept = 585
connect = 143

[imaps]
accept  = 993
connect = 143


;sjk direct to port 587 in assp listenport2
[smtps]
accept = 465
connect = 103.11.111.11:587


The ASSP (Anti Spam SMTP proxy) program is configured to receive the incoming smtp connections from the external ip address and redirect them to the postfix program which is listening on the localhost ip address.

this is the relevant parts of the /var/db/assp/assp.cfg
file
Code: Select all
listenPort:=103.11.111.11:25
smtpDestination:=127.0.0.1:25
listenPort2:=103.11.111.11:587
smtpAuthServer:=127.0.0.1:1465

Also  update Recipients
Lookup Local Addresses from Here  [i]LocalAddresses_Flat[/i]
with the names of the local domains hosted here eg @example.com.au|@test.com.au  etc





Postfix is configured to listen on the localhost port 25
here is the relevant parts of the that I have changed /usr/local/etc/postfix/master.cf
Note! I think all the SSL connections is handled through stunnel and not by postfix however I have left the SSL references in the postfix config files (because I am not sure)

Code: Select all
#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
# sjk mod for ASSP usage
127.0.0.1:smtp      inet  n       -       n       -       -       smtpd
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_reject_unlisted_sender=yes
      -o smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject
      -o broken_sasl_auth_clients=yes

#sjk 27feb09
127.0.0.1:1465     inet  n       -       n       -       -       smtpd
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_reject_unlisted_sender=yes
      -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
      -o broken_sasl_auth_clients=yes



We modified the /usr/local/etc/postfix/main.cf file as follows
Code: Select all
#B 2009-06-17
myhostname = mail.xxxx.com.au
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
 server.xxxx.com.au bbbbbsttttt.com.au

# sjk
mynetworks = 103.11.111.11/32,103.11.111.12/32,127.0.0.1/32

####### sjk smtp auth
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_sasl_auth_enable =   yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_type = cyrus
local_recipient_maps =
smtpd_use_tls = yes
smtp_tls_note_starttls_offer   = yes
smtpd_tls_key_file =   /etc/ssl/private/mail.xxxx.com.au.nopassword.key
smtpd_tls_cert_file =  /etc/ssl/certs/mail.xxxx.com.au.cert
smtpd_tls_CAfile =   /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header   = yes
smtpd_tls_session_cache_timeout   = 3600s
tls_random_source =   dev:/dev/urandom
########



To determine what processes are running use this command
eg what dovecot processes are running
Code: Select all
ps auwx |grep dovecot
stephen
 
Posts: 507
Joined: Thu Feb 09, 2006 9:37 am
Location: Brisbane

Return to Linux Server Configuration Notes

Who is online

Users browsing this forum: No registered users and 3 guests

cron