diff --git a/debian/README.Debian b/debian/README.Debian index 4561613..5b90ed2 100644 --- a/debian/README.Debian +++ b/debian/README.Debian @@ -6,6 +6,7 @@ postfwd for Debian Please provide a config file, usualy /etc/postfix/postfwd.cf. Examples are located in /usr/share/doc/postfwd/examples/. +An other can be found at: http://hege.li/howto/spam/etc/postfwd/postfwd.conf 2. AUTOMATIC STARTUP -------------------- diff --git a/debian/changelog b/debian/changelog index fa23309..3e5bfc5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,5 @@ -postfwd (1.10pre7c-1) unstable; urgency=low +postfwd (1.10pre7c-1) experimental; urgency=low * Initial release (Closes: #470356). - -- Jan Wagner Mon, 12 May 2008 22:43:55 +0200 + -- Jan Wagner Sat, 31 May 2008 22:07:08 +0200 diff --git a/debian/example-cfg.txt b/debian/example-cfg.txt deleted file mode 100644 index 49efb5f..0000000 --- a/debian/example-cfg.txt +++ /dev/null @@ -1,108 +0,0 @@ -# downloaded from http://postfwd.org/example-cfg.txt -# check for more recent versions! - -## -## Definitions -## - -# Maintenance times -&&MAINTENANCE { \ - date=15.01.2007 ; \ - date=15.04.2007 ; \ - date=15.07.2007 ; \ - date=15.10.2007 ; \ - time=03:00:00-04:00:00 ; \ -}; - -# Whitelists -&&TRUSTED_NETS { \ - client_address=192.168.1.0/22 ; \ - client_address=172.16.128.32/27 ; \ -}; -&&TRUSTED_HOSTS { \ - client_name~=\.domain1\.net$ ; \ - client_name~=\.domain2\.de$ ; \ -}; -&&TRUSTED_USERS { \ - sasl_username==bob ; \ - sasl_username==alice ; \ -}; -&&TRUSTED_TLS { \ - ccert_fingerprint==11:22:33:44:55:66:AA:BB:CC:DD:EE:FF ; \ - ccert_fingerprint==AA:BB:CC:DD:EE:FF:11:22:33:44:55:66 ; \ - encryption_keysize>=64 ; \ -}; -&&FREEMAIL { \ - client_name~=\.gmx\.net$ ; \ - client_name~=\.web\.de$ ; \ - client_name~=\.(aol|yahoo|h(ush|ot)mail)\.com$ ; \ -}; -&&STATIC { \ - # contains freemailers - &&FREEMAIL ; \ - client_name~=[\.\-]static[[\.\-] ; \ - client_name~=^(mail|smtp|mout|mx)[\-]*[0-9]*\. ; \ -}; - -# Spamchecks -&&BADHELO { \ - client_name~=!!($$(helo_name)) ; \ -}; -&&DYNAMIC { \ - client_name~=^unknown$ ; \ - client_name~=(\-.+){4} ; \ - client_name~=\d{5} ; \ - client_name~=[_\.\-]([axt]{0,1}dsl|br(e|oa)dband|ppp|pppoe|dynamic|dynip|ADSL|dial(up|in)|pool|dhcp|leased)[_\.\-] ; \ -}; -&&RBLS { \ - rbl=zen.spamhaus.org ; \ - rbl=list.dsbl.org ; \ - rbl=bl.spamcop.net ; \ - rbl=dnsbl.sorbs.net ; \ - rbl=ix.dnsbl.manitu.net ; \ -}; -&&RHSBLS { \ - rhsbl=rddn.dnsbl.net.au ; \ - rhsbl=rhsbl.ahbl.org ; \ - rhsbl=rhsbl.sorbs.net ; \ -}; - - -## -## Ruleset -## - -# temporary reject and drop connection during maintenance window -id=M_001 ; &&MAINTENANCE ; action=421 maintenance - please try again later - -# stress-friendly behaviour (will not match on postfix version pre 2.5) -id=STRESS ; stress==yes ; action=dunno - -# Whitelists -id=WL_001 ; &&TRUSTED_NETS ; action=dunno -id=WL_002 ; &&TRUSTED_HOSTS ; action=dunno -id=WL_003 ; &&TRUSTED_USERS ; action=dunno -id=WL_004 ; &&TRUSTED_TLS ; action=dunno - -# DNSBL checks -id=RBL_001 ; &&RHSBLS ; &&RBLS ; \ - rhsblcount=all ; rblcount=all ; \ - action=set(HIT_rhls=$$rhsblcount,HIT_rbls=$$rblcount) -id=RBL_002 ; HIT_rhls>=1 ; HIT_rbls>=1 ; action=554 5.7.1 blocked using $$HIT_rhls RHSBLs and $$HIT_rbls RBLs -id=RBL_003 ; HIT_rhls>=2 ; action=554 5.7.1 blocked using $$HIT_rhls RHSBLs -id=RBL_004 ; HIT_rbls>=2 ; action=554 5.7.1 blocked using $$HIT_rbls RBLs -id=RBL_005 ; HIT_rbls>=1 ; &&DYNAMIC ; action=REJECT listed on RBL and $$client_name looks like dynip -id=RBL_006 ; HIT_rhls>=1 ; &&DYNAMIC ; action=REJECT listed on RHSBL and $$client_name looks like dynip -id=RBL_007 ; HIT_rbls>=1 ; &&BADHELO ; action=REJECT listed on RBL and $$helo_name does not match $$client_name -id=RBL_008 ; HIT_rhls>=1 ; &&BADHELO ; action=REJECT listed on RHSBL and $$helo_name does not match $$client_name - -# Selective greylisting -id=GREY_001 ; action=dunno ; &&STATIC -id=GREY_002 ; action=dunno ; $$client_name~=$$(sender_domain)$ -id=GREY_003 ; action=greylisting ; &&DYNAMIC -id=GREY_004 ; action=greylisting ; HIT_rhls>=1 -id=GREY_005 ; action=greylisting ; HIT_rbls>=1 -# greylisting should be safe during out-of-office times -id=GREY_006 ; action=greylisting ; days=Sat-Sun -id=GREY_007 ; action=greylisting ; days=Mon-Fri ; time=!!06:00:00-20:00:00 - diff --git a/debian/example-cfg2.txt b/debian/example-cfg2.txt deleted file mode 100644 index 9b0d203..0000000 --- a/debian/example-cfg2.txt +++ /dev/null @@ -1,103 +0,0 @@ -# downloaded from http://hege.li/howto/spam/etc/postfwd/postfwd.conf -# check for more recent versions! - -## Check DNS Whitelisting - -id=OK_DNSWL; \ - rbl=list.dnswl.org/127/43200; \ - rbl=hostkarma.junkemailfilter.com/127.0.0.[13]; \ - action=OK - -## Check HELO and reverse DNS - -id=SET_HELO; \ - helo_name=^(\[|[^.]+$|.*?[0-9.-]{8}); \ - action=set(HIT_helo=1) - -id=SET_NODNS; \ - client_name=^unknown$; \ - action=set(HIT_nodns=1) - -id=REJECT_HELO_NODNS; \ - HIT_helo==1; HIT_nodns==1; \ - action=REJECT Your HELO is suspicious and no reverse DNS - -## Check ZEN for immediate blocking - -id=REJECT_RBL_ZEN; \ - rbl=zen.spamhaus.org; \ - action=REJECT You are listed in zen.spamhaus.org DNSBL - -## Check DNSBLs - -&&DNSBLS { \ - rbl=bl.spamcop.net; \ - rbl=dnsbl-1.uceprotect.net; \ - rbl=psbl.surriel.org; \ - rbl=dnsbl.ahbl.org; \ - rbl=dnsbl.njabl.org; \ - rbl=list.dsbl.org; \ - rbl=dnsbl.sorbs.net; \ - rbl=ix.dnsbl.manitu.net; \ - rbl=hostkarma.junkemailfilter.com/127.0.0.2; \ -}; - -id=EVAL_DNSBLS; \ - &&DNSBLS; rblcount=all; \ - action=set(HIT_rbls=$$rblcount) - -id=REJECT_RBL_MULTI; \ - HIT_rbls>=2; \ - action=REJECT You are listed in several DNSBLs - -## Check RHSBLs - -&&RHSBLS_REVERSE { \ - rhsbl_reverse_client=l1.apews.org; \ - rhsbl_reverse_client=rddn.dnsbl.net.au; \ - rhsbl_reverse_client=dynamic.rhs.mailpolice.com; \ -}; - -&&RHSBLS_SENDER { \ - rhsbl_sender=multi.uribl.com; \ - rhsbl_sender=multi.surbl.org; \ - rhsbl_sender=rhsbl.ahbl.org; \ - rhsbl_sender=rhsbl.sorbs.net; \ - rhsbl_sender=dsn.rfc-ignorant.org; \ -}; - -id=EVAL_RHSBLS; \ - &&RHSBLS_REVERSE; &&RHSBLS_SENDER; rhsblcount=all; \ - action=set(HIT_rhsbls=$$rhsblcount) - -id=REJECT_RHSBL_MULTI; \ - HIT_rhsbls>=2; \ - action=REJECT You are listed in several RHSBLs - -## Combined checks - -id=REJECT_RBL_RHSBL; \ - HIT_rbls>=1; HIT_rhsbls>=1; \ - action=REJECT You are DNSBL and RHSBL listed - -id=REJECT_RBL_HELO; \ - HIT_rbls>=1; HIT_helo==1; \ - action=REJECT You are DNSBL listed and HELO is suspicious - -id=REJECT_RBL_NODNS; \ - HIT_rbls>=1; HIT_nodns==1; \ - action=REJECT You are DNSBL listed and no reverse DNS - -id=REJECT_RHSBL_HELO; \ - HIT_rhsbls>=1; HIT_helo==1; \ - action=REJECT You are RHSBL listed and HELO is suspicious - -id=REJECT_RHSBL_NODNS; \ - HIT_rhsbls>=1; HIT_nodns==1; \ - action=REJECT You are RHSBL listed and no reverse DNS - -## Greylist suspicious - -id=GREY_RBL; HIT_rbls>=1; action=check_postgrey -id=GREY_RHSBL; HIT_rhsbls>=1; action=check_postgrey - diff --git a/debian/rules b/debian/rules index 11e0b20..298e25b 100755 --- a/debian/rules +++ b/debian/rules @@ -19,7 +19,7 @@ install: build install -D -m 644 sbin/postfwd debian/postfwd/usr/sbin/postfwd install -d -m 0755 debian/postfwd/usr/share/doc/postfwd/examples/ - cp debian/example-cfg*.txt debian/postfwd/usr/share/doc/postfwd/examples/ + #cp debian/example-cfg*.txt debian/postfwd/usr/share/doc/postfwd/examples/ cp etc/postfwd.cf debian/postfwd/usr/share/doc/postfwd/examples/example-cfg.txt # Build architecture-independent files here.