====== 03 Postfix + Postgrey ======

===== インストール =====
==== 1.34 ====
<code>
# wget http://pkgs.repoforge.org/postgrey/postgrey-1.34-1.rf.src.rpm
# rpm -ivh --nomd5 postgrey-1.34-1.rf.src.rpm
# cd /usr/src/redhat/SOURCES/
# tar zxvf postgrey-1.34.tar.gz
# cd postgrey-1.34
# wget http://k2net.hakuba.jp/pub/targrey-0.31-postgrey-1.34.patch
# patch -p0 < targrey-0.31-postgrey-1.34.patch
# cd ..
# rm -f postgrey-1.34.tar.gz && tar czvf postgrey-1.34.tar.gz postgrey-1.34
# rm -rf postgrey-1.34
# rpmbuild -bb --clean /usr/src/redhat/SPECS/postgrey.spec
# yum -y install postgrey && rpm -e postgrey
# rpm -ivh /usr/src/redhat/RPMS/noarch/postgrey-1.34-1.noarch.rpm
# rm -f /usr/src/redhat/RPMS/noarch/postgrey-*
# rpmbuild --rmsource --rmspec /usr/src/redhat/SPECS/postgrey.spec
# rm -f postgrey-1.34-1.rf.src.rpm
</code>


==== 1.32 ====

<code>
# wget http://apt.sw.be/redhat/el5/en/SRPMS.rpmforge/postgrey-1.32-1.rf.src.rpm
# rpm -ivh postgrey-1.32-1.rf.src.rpm
# cd /usr/src/redhat/SOURCES/
# tar zxvf postgrey-1.32.tar.gz
# cd postgrey-1.32
# wget http://k2net.hakuba.jp/pub/targrey-0.31-postgrey-1.32.patch
# patch -p0 < targrey-0.31-postgrey-1.32.patch
# cd ..
# rm -f postgrey-1.32.tar.gz && tar czvf postgrey-1.32.tar.gz postgrey-1.32
# rm -rf postgrey-1.32
# rpmbuild -bb --clean /usr/src/redhat/SPECS/postgrey.spec
# yum -y install postgrey && rpm -e postgrey
# rpm -ivh /usr/src/redhat/RPMS/noarch/postgrey-1.32-1.rf.noarch.rpm
# rm -f /usr/src/redhat/RPMS/noarch/postgrey-*
# rpmbuild --rmsource --rmspec /usr/src/redhat/SPECS/postgrey.spec
# rm -f postgrey-1.32-1.rf.src.rpm
</code>

===== Postfix設定ファイル編集 =====

<code>
# vi /etc/postfix/main.cf
smtpd_recipient_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    reject_unauth_destination
－－追加(ここから)－－
    check_recipient_access hash:$config_directory/whitelist_recipient
    check_client_access    hash:$config_directory/whitelist_client
    check_client_access    regexp:$config_directory/permit_client_nots25r
    check_policy_service   inet:60000
    permit

smtpd_data_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    reject_unauth_destination
    check_recipient_access hash:$config_directory/whitelist_recipient
    check_client_access    hash:$config_directory/whitelist_client
    check_client_access    regexp:$config_directory/permit_client_nots25r
    check_policy_service   inet:60000
    permit
－－追加(ここまで)－－
</code>


===== taRgrey用Postfix設定ファイルダウンロード =====
<code>
# wget http://k2net.hakuba.jp/spam/postfix.conf.2.tar.gz
# tar zxvf postfix.conf.2.tar.gz
# cp postfix.conf.2/whitelist_recipient /etc/postfix/
# cp postfix.conf.2/whitelist_client /etc/postfix/
# cp postfix.conf.2/permit_client_nots25r /etc/postfix/
# rm -rf postfix.conf.2
# rm -f postfix.conf.2.tar.gz
# postmap /etc/postfix/whitelist_recipient　←　whitelist_recipientのDB化
# postmap /etc/postfix/whitelist_client　←　whitelist_clientのDB化
</code>

===== Postgrey起動スクリプト編集 =====

<code>
# vi /etc/rc.d/init.d/postgrey
OPTIONS="--unix=$SOCKET"
↓
OPTIONS="--dbdir=$DBPATH --inet=127.0.0.1:60000 --tarpit=125 --targrey --retry-count=2 --delay=3600" 
</code>

===== Postgrey起動 =====
<code>
# chkconfig postgrey on
# /etc/rc.d/init.d/postgrey start
</code>

===== Postfix再起動(Postgrey連携有効化) =====

<code>
# /etc/rc.d/init.d/postfix restart
</code>

===== ログ =====

=== ◆遅延応答ログ ===

<code>
# grep "NOQUEUE: warn" /var/log/maillog 
</code>

=== ◆遅延を待たずにDATAを送ってきたログ ===
<code>
# grep "NOQUEUE: sleep" /var/log/maillog |grep pipelining
</code>

=== ◆遅延を待たずに切断したログ ===

<code>
# grep "NOQUEUE: sleep" /var/log/maillog |grep "lost connection"
</code>

{{tag>postfix postgrey}}