安裝 Postgrey (Postfix Greylisting Policy Server)

Published: KEI in 5/05/2011
起因
想要把一些廣告信的來源進行阻擋由不想誤檔正常的信件。

原理
Postgrey 的運作原理是讓 SMTP Server 在收到郵件後先回應 450 給來源 SMTP Server,若來源伺服器是正常的 SMTP Server 會在一段時間後自動重試,如果對方是使用發送垃圾郵件的工具不會將信件重送,如此可以達到有效阻擋垃圾郵件的目的。

安裝套件
postgrey-1.33-1.el4.rf.noarch.rpm
perl-BerkeleyDB-0.43-1.el4.rf.i386.rpm
perl-IO-Multiplex-1.10-1.el4.rf.noarch.rpm
perl-Net-Server-0.99-1.el4.rf.noarch.rpm
參考下載位置 http://pkgs.org/

設定
/etc/postfix/main.cf

smtpd_restriction_classes = greylisting
greylisting = check_policy_service unix:postgrey/socket
smtpd_recipient_restrictions =
...
check_client_access pcre:/etc/postfix/greylist
...

/etc/postfix/greylist

/(\-.+){4}$/ greylisting
/(\..+){4}$/ greylisting
# everything with 4 or more dots/hyphens in the hostname
/(^|[0-9.x_-])(abo|br(e|oa)dband|cabel|(hk)?cablep?|catv|cbl|cidr|d?client2?|cust(omer)?s?|dhcp|dial?(in|up)?|d[iu]p|[asx]?dsld?|dyn(a(dsl|mic)?)?|home|in-addr|modem(cable)?|(di)?pool|ppp|ptr|rev|static|user|YahooBB[0-9]{12}|c[[:alnum:]]{6,}(\.[a-z]{3})?\.virtua|[1-9]Cust[0-9]+|AC[A-Z][0-9A-F]{5}\.ipt|pcp[0-9]{6,}pcs|S0106[[:alnum:]]{12,}\.[a-z]{2})[0-9.x_-]/ greylisting
/^unknown$/ greylisting

/etc/sysconfig/postgrey (參數問男人)

OPTIONS="--unix=/var/spool/postfix/postgrey/socket \
--delay=120 \
--greylist-text=\"Policy Rejection- Please try later.\"
--auto-whitelist-clients=0"

清單
/etc/postfix/postgrey_whitelist_clients (預設白名單)
/etc/postfix/postgrey_whitelist_recipients (預設可不阻擋之收件人)
/etc/postfix/postgrey_whitelist_clients.local (自訂白名單)
# 1111.com.tw
202.153.190.210
# 104.com.tw
202.8.15.60
202.8.15.61
202.8.15.62
202.8.15.63
202.8.15.64
202.8.15.65
202.8.15.66
202.8.15.67
202.8.15.68
202.8.15.69
202.8.15.71
202.8.15.72
202.8.15.73
202.8.15.74
202.8.15.75
202.8.15.76
202.8.15.77
202.8.15.78
202.8.15.79

開機啟動
chkconfig --add postgrey

啟動
/etc/rc.d/init.d/postgrey start

檢查
cat /var/log/mail/maillog



參考資料
http://wiki.centos.org/HowTos/postgrey#head-314ceecc5ece27e0f0a4bf1abcd8ee9356cd1a5e
http://www.arschkrebs.de/postfix/postfix_greylisting.shtml
http://rimuhosting.com/knowledgebase/linux/mail/greylisting%20with%20postgrey
http://ssorc.tw/rewrite.php/read-573.html
http://www.postfix.org/SMTPD_POLICY_README.html
0 意見 標籤: ,

用Fail2ban阻擋特定來源位址

Published: KEI in 5/03/2011
起因
由於 POP3 的 services 常常被猜密碼覺得煩麻煩的,所以想要把這些猜密碼的位址阻擋。

安裝套件
fail2ban-0.8.4-23.el4.noarch.rpm (http://www.fail2ban.org/wiki/index.php/Downloads)
gamin-0.1.7-1.4.EL4.i386.rpm (CentOS 4.6 CD#1)
gamin-python-0.1.7-1.4.EL4.i386.rpm (CentOS 4.6 CD#3)
shorewall-4.4.18-1.noarch.rpm (http://www.shorewall.net/)

設定
/etc/fail2ban/jail.conf
[dovecot-check]
enabled = true
filter = dovecot-check
action = iptables-multiport[name=dovecot-check, port="pop3,pop3s,imap,imaps", protocol=tcp]
logpath = /var/log/mail/dovecot
ignoreip = 168.192.0.1 192.168.1.0/24
bantime  = 1800
findtime  = 300
maxretry = 3
/etc/fail2ban/fail2ban.conf
logtarget = /var/log/fail2ban.log
/etc/fail2ban/filter.d/dovecot-check.conf
[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.*
ignoreregex =
啟動
/etc/rc.d/init.d/fail2ban start
檢查
1./etc/rc.d/init.d/fail2ban status
2.cat  /var/log/fail2ban.log
3.iptables -L


參考資料
http://wiki.dovecot.org/HowTo/Fail2Ban
http://cha.homeip.net/blog/archives/2007/06/_fail2ban_ip.html
http://www.mamu.com.tw/blog/2008/06/12/fail2ban-install/
0 意見 標籤: ,

重新產生 SEP 使用的 ID

Published: KEI in 5/02/2011
#NoTrayIcon
$program_stop = "C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -stop"
$program_start = "C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -start"
$del_file = "C:\Program Files\Common Files\Symantec Shared\HWID\sephwid.xml"
$pass = "123456"
run($program_stop, "", @SW_HIDE)
WinWaitActive("密碼")
ControlSend("密碼", "", "Edit1", $pass)
ControlClick("密碼", "", "[CLASS:Button; INSTANCE:1]")
RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink", "HardwareID", "REG_SZ", "")
FileDelete($del_file)
ProcessWaitClose("Smc.exe")
run($program_start)
0 意見 標籤: ,

用 WSH 新增MS Outlook 資料夾

Published: KEI in 5/02/2011
Set objOutlook = CreateObject("Outlook.Application")
Set myNameSpace = objOutlook.GetNamespace("MAPI")
Set myInboxFolder = myNameSpace.GetDefaultFolder(6)
Set myNewFolder = myInboxFolder.Folders.Add("資料夾一")
Set myNewFolder = myInboxFolder.Folders.Add("資料夾二")
Set myNewFolder = myInboxFolder.Folders.Add("資料夾三")
0 意見 標籤:
訂閱: 文章 (Atom)