Sunum yükleniyor. Lütfen bekleyiniz

Sunum yükleniyor. Lütfen bekleyiniz

Postfix Spam Ayarları Tufan KARADERE Sistem Yöneticisi TÜBİTAK - ULAKBİM.

Benzer bir sunumlar


... konulu sunumlar: "Postfix Spam Ayarları Tufan KARADERE Sistem Yöneticisi TÜBİTAK - ULAKBİM."— Sunum transkripti:

1 Postfix Spam Ayarları Tufan KARADERE Sistem Yöneticisi TÜBİTAK - ULAKBİM

2 Spam Engelleme  Tam otomatize bir yol yok  Politika –Tepki –Kara liste oluşturma –Third-party yazılımlar  MTA’da yapılabilecekler (Postfix Ayarları) (Postfix Ayarları)

3 Postfix Ayarları  Filtreler –Header –Body  main.cf –Genel Kontroller –Kısıtlamalar  İstemci  Helo  Gönderici  Alıcı  SASL + TLS

4 Filtreler - Header  header_checks = regexp:/etc/postfix/maps/header_checks –/^HEADER:.*içerik/ EYLEM BİLGİ  EYLEM: –IGNORE: Satırı siler –WARN: Sadece log’a ekler –HOLD: Queue’da bekletir –DISCARD: Göndericiye bilgi vermeden siler –REJECT: Dağıtılmasını engeller  Örnekler: –/^From:.*edu.tr/ REJECT Blacklisted site –/name=[^>]*\.(pif|scr|exe)/ REJECT Invalid attachments –/^Subject:.*I.*love.*you/ REJECT Suspicious subject

5 Filtreler - Body  body_checks = regexp:/etc/postfix/maps/header_checks –/içerik/ EYLEM BİLGİ  EYLEM: –IGNORE: Satırı siler –WARN: Sadece log’a ekler –HOLD: Queue’da bekletir –DISCARD: Göndericiye bilgi vermeden siler –REJECT: Dağıtılmasını engeller  Örnekler: –/viagra/ REJECT Forbidden content –/enlarge your/ REJECT No need, thanks –/www.tanitimreklamvesaire.com/ REJECT Invalid site name in body

6 main.cf  Genel kontroller  Kara listelerin kullanımı  Kısıtlamalar –İstemci –Helo –Gönderici –Alıcı

7 Genel Kontroller  strict_rfc821_envelopes = yes  disable_vrfy_command = yes  relay_domains = hash:/etc/postfix/relay_domains  smtpd_helo_required = yes  mynetworks = /24

8 Kara listeler  maps_rbl_domains = blackholes.mail-abuse.org blackholes.mail-abuse.org dialups.mail-abuse.org dialups.mail-abuse.org relays.mail-abuse.org relays.mail-abuse.org

9 Kısıtlamalar  smtpd_client_restrictions  smtpd_helo_restrictions  smtpd_sender_restrictions  smtpd_recipient_restrictions

10 SMTP ClientServer helo mail from: rcpt to: sender recipient

11  smtpd_client_restrictions – check_client_access hash:dosyaismi – permit_mynetworks ($mynetworks) – reject_unknown_client (PTR, A)  smtpd_helo_restrictions – check_helo_access hash:dosyaismi – reject_invalid_hostname (syntax) – reject_unknown_hostname (A, MX) – permit_naked_ip_address (IP) – reject_non_fqdn_hostname (RFC)

12  smtpd_sender_restrictions – check_sender_access hash:dosyaismi – reject_unknown_sender_domain (A, MX) – reject_non_fqdn_sender (FQDN)  smtpd_recipient_restrictions – check_recipient_access hash:dosyaismi – permit_auth_destination ($relay_domains, $mydestination) –reject_unauth_destination – reject_non_fqdn_recipient (FQDN) –reject_unknown_recipient_domain (A, MX)

13 Örnek smtpd_delay_reject = yes disable_vrfy_command = yes smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks, permit_mynetworks, permit_sasl_authenticated, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_destination, reject_unauth_pipelining, reject_unauth_pipelining, #reject_unknown_client, #reject_unknown_client, #reject_invalid_hostname, #reject_invalid_hostname, #reject_non_fqdn_hostname, #reject_non_fqdn_hostname, #reject_unknown_hostname, #reject_unknown_hostname, #reject_non_fqdn_sender, #reject_non_fqdn_sender, #reject_unknown_sender_domain, #reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unknown_recipient_domain, check_sender_access dbm:/etc/postfix/checks_sender, check_sender_access dbm:/etc/postfix/checks_sender, check_helo_access dbm:/etc/postfix/checks_helo check_helo_access dbm:/etc/postfix/checks_helo

14 check_*_access hash:dosyaismi  dosyaismi (helo): ulakbim.gov.tr REJECT You are not in ulakbim.gov.tr ulak.net.tr REJECT You are not in ulak.net.tr  dosyaismi (sender): daltons.org REJECT Blacklisted site parkorman.com.tr REJECT Blacklisted site Blacklisted iktibas.net REJECT Blacklisted site sektorelrehber.comREJECT Blacklisted site

15 Relay Server Client (Dış Network) Server gönderici alıcı From: To:  İki problem: –Dış network erişim izni –Dış network göndericisinin kimliği

16 Server gönderici alıcı From: To: Client (Dış Network)  Problem: –Dış network göndericisinin kimliği

17 SASL + TLS  Basit kimlik doğrulama ve güvenlik katmanı (Simple Authentication and Security Layer)  Cyrus-Sasl:  Carnegie Mellon University:  TLS Patch, Lutz Janicke:

18 Postfix SASL + TLS #TLS smtpd_use_tls = yes #smtpd_tls_auth_only = yes smtpd_tls_key_file = /etc/postfix/newreq.pem smtpd_tls_cert_file = /etc/postfix/newcert.pem smtpd_tls_CAfile = /etc/postfix/cacert.pem smtpd_tls_loglevel = 3 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom #SASL smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_mynetworks, permit_mynetworks, permit_sasl_authenticated, permit_sasl_authenticated,

19 Teşekkürler


"Postfix Spam Ayarları Tufan KARADERE Sistem Yöneticisi TÜBİTAK - ULAKBİM." indir ppt

Benzer bir sunumlar


Google Reklamları