Linux Tomorrow: Mandriva Directory Server On Debian Etch

Mandriva Directory Server On Debian Etch - Page 4

Labels: How To Posted by EdGe on Monday, February 18, 2008 at 10:54 PM

11 Amavisd

Postfix will pass incomming mails to Amavis. Amavis on the other hand will pass them to Spamassassin an ClamAV. After the mails have been checked they'll be passed back to Postfix. Configure Amavis as follows.

vi /etc/amavis/conf.d/15-content_filter_mode

It should look like this:

use strict;
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
1;

vi /etc/amavis/conf.d/50-user

It should look like this:

use strict;
$pax='pax';
1;

Afterwards add the user clamav to the amavis group and restart amavis & ClamAV.

adduser clamav amavis
/etc/init.d/amavis restart
/etc/init.d/clamav-daemon restart
/etc/init.d/clamav-freshclam restart

12 Spamassassin

In this step you'll enable additional plugins to increase spam detection.

vi /etc/spamassassin/local.cf

Add the following content to the file:

# dcc
use_dcc 1
dcc_path /usr/bin/dccproc

#pyzor
use_pyzor 1
pyzor_path /usr/bin/pyzor

#razor
use_razor2 1
razor_config /etc/razor/razor-agent.conf

#bayes
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1

vi /etc/spamassassin/v310.pre

Uncomment the line for the dcc-plugin. It should look like this:

loadplugin Mail::SpamAssassin::Plugin::DCC
loadplugin Mail::SpamAssassin::Plugin::Pyzor
loadplugin Mail::SpamAssassin::Plugin::Razor2
loadplugin Mail::SpamAssassin::Plugin::SpamCop
loadplugin Mail::SpamAssassin::Plugin::AWL
loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold
loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject
loadplugin Mail::SpamAssassin::Plugin::MIMEHeader
loadplugin Mail::SpamAssassin::Plugin::ReplaceTags

Now configure spamassassin to run as daemon.

vi /etc/default/spamassassin

Set ENABLED=1. It should look like this:

ENABLED=1
OPTIONS="--create-prefs --max-children 5 --helper-home-dir"
PIDFILE="/var/run/spamd.pid"
#NICE="--nicelevel 15"
CRON=0

Afterwards start spamassassin and restart amavis.

/etc/init.d/spamassassin start
/etc/init.d/amavis restart

13 BIND Configuration

First copy a customized configuration file into the bind directory.

cp /usr/share/doc/python-mmc-base/contrib/bind/named.conf /etc/bind/

Afterwards we change the slapd starting point that it starts before bind.

update-rc.d -f slapd remove && update-rc.d slapd start 14 2 3 4 5 . stop 86 0 1 6 .

Edit the resolv configuration.

vi /etc/resolv.conf

It should look like this:

nameserver 127.0.0.1
nameserver 192.168.0.2

14 DHCP Configuration

First copy the customized configuration file into the dhcp3 directory.

cp /usr/share/doc/python-mmc-base/contrib/dhcpd/dhcpd.conf /etc/dhcp3/
vi /etc/dhcp3/dhcpd.conf

Edit the file that it fits to your needs - it should look like this:

ldap-server "localhost";
ldap-port 389;
ldap-username "cn=admin, dc=example, dc=com";
ldap-password "howtoforge";
ldap-base-dn "dc=example, dc=com";
ldap-method dynamic;
ldap-debug-file "/var/log/dhcp-ldap-startup.log";

15 SquidGuard/Squid Configuration

Squid with SquidGuard will be used to disable the accessibility of selected websites.

15.1 Configuration Files

15.1.1 SquidGuard

Copy the example configuration file into the squid directory, create an empty bad-domins-list (otherwise the mmc-proxy-plugin won't load) and edit the configuration file.

cp /usr/share/doc/python-mmc-base/contrib/proxy/squidGuard.conf /etc/squid/
touch /var/lib/squidguard/db/bad.destdomainlist
vi /etc/squid/squidGuard.conf

Change the line for the redirect that it looks like this:

redirect http://blocked.example.com/squidGuard.cgi?clientaddr=%a&srcclass=%s&targetclass=%t&url=%u

15.1.2 Squid

First rename the configuration file, create a new one without comments (the original configuration file has more than 4000 lines) and edit it.

cd /etc/squid/
mv squid.conf squid.conf.orig
cat squid.conf.orig | egrep "^[^#]" > squid.conf
vi squid.conf

Comment ...

http_access allow localhost

... and add the following lines to the configuration:

redirect_program /usr/bin/squidGuard
acl SSL_ports port 3128
acl our_networks src 192.168.0.0/24
http_access allow our_networks

Restart squid

/etc/init.d/squid restart

15.2 Redirect VHost

When users want to visit websites that you have disabled, they'll be redirected to blocked.example.com. Create the directory for the VHost, put the squidGuard.cgi into it and make it executable.

mkdir /var/www/squidguard/
zcat /usr/share/doc/squidguard/examples/squidGuard.cgi.gz > /var/www/squidguard/squidGuard.cgi
chmod +x /var/www/squidguard/squidGuard.cgi

Afterwards create a VHost for the redirection.

vi /etc/apache2/sites-available/http

Add this configuration:

NameVirtualHost 192.168.0.100:80

ServerName blocked.example.com
ServerAdmin Administrator@example.com
DocumentRoot /var/www/squidguard/

AddHandler cgi-script .cgi

AllowOverride None
Options ExecCGI
Order allow,deny
Allow from 192.168.0.0/24

ErrorLog /var/log/apache2/squidguard_error.log
CustomLog /var/log/apache2/squidguard_access.log combined
LogLevel warn

Previous || Next