Mailgw for FJFI Petr Vokáč říjen 2005 http://kmlinux.fjfi.cvut.cz/~vokac/activities/2005/mailgw_cont/ doplňuje předešlou prezentaci http://kmlinux.fjfi.cvut.cz/~vokac/activities/2005/mailgw/ a informace o konfiguraci mailové brány http://kmlinux.fjfi.cvut.cz/~vokac/activities/2005/mailgw_conf/
Mailgw for FJFI – data flow Internet FJFI Mailgw (mailgw1, mailgw2) mail routing -> <- smart host mailserver Local
Mailgw for FJFI – mailgw SMTP queue default restrictions ppolicy amavis (spam, antivir) SMTP communication with remote server SMTP send data SMTP queue
Mailgw for FJFI - restrictions Viz. minule Client Helo Sender Recipient Data Zakázat přímé doručování – konf. mailserveru/firewallu “From: abc@fjfi.cvut.cz” zvenčí (admin, ...)? Sledování odmítnutých mailů na mailgw http://nms.fjfi.cvut.cz/ (odkazy týkající se mailgw)
Mailgw for FJFI - ppolicy Postfix Policy Daemon http://www.postfix.org/POLICY_README http://kmlinux.fjfi.cvut.cz/~vokac/activities/p policy/ Modules Simple (ok, reject, ...) - viz. man 5 access Logical (and, or, not, eq, if, switch, atLeast, ...) Real – access, listWB, spf, domainVerification, userVerification, greylist, trap, dos, dnsbl, resolve (ip-name- ip-name) Configuration?
Mailgw for FJFI - amavis user1@fjfi 10 addr@dst user2@fjfi -1000 addr@dst Antivirus – KAV drop infected don’t send info Spamfilter – spamassassin SARE rules My custom rules spam@fjfi.cvut.cz, nospam@fjfi.cvut.cz User configuration LDAP amavisAccount For official addresses Security problem (mailRoutingAddress & amavisSpamTagLevel & dropping spam mail) spam tagger filter addr@dst mailserver
Mailgw for FJFI – configuration Synchronization (automatic) Users - govAssignedNumber Windows AD (which attribute?) NDS (RC syntax?) Groups? Special? Sync. Interval (removing expired?, ou=Odpad) LDAP addressbook Access restrictions? Phone numbers and rooms in usermap? Remove executable attachements? SMTP AUTH – NDS x AD x Usermap? pam_fjfi – http://kmlinux.fjfi.cvut.cz/~vokac/activities/pam_fjfi/
Mailgw for FJFI - administration ?