Product SiteDocumentation Site

Bab 11. Layanan Jaringan: Postfix, Apache, NFS, Samba, Squid, LDAP, SIP, XMPP, TURN

11.1. Server Mail
11.1.1. Instalasi Postfix
11.1.2. Mengkonfigurasi Domain Virtual
11.1.3. Pembatasan Penerimaan dan Pengiriman
11.1.4. Setting Up greylisting
11.1.5. Customizing Filters Based On the Recipient
11.1.6. Integrating an Antivirus
11.1.7. Authenticated SMTP
11.2. Web Server (HTTP)
11.2.1. Installing Apache
11.2.2. Configuring Virtual Hosts
11.2.3. Common Directives
11.2.4. Log Analyzers
11.3. FTP File Server
11.4. NFS File Server
11.4.1. Securing NFS
11.4.2. NFS Server
11.4.3. NFS Client
11.5. Setting Up Windows Shares with Samba
11.5.1. Samba Server
11.5.2. Samba Client
11.6. HTTP/FTP Proxy
11.6.1. Installing
11.6.2. Configuring a Cache
11.6.3. Configuring a Filter
11.7. LDAP Directory
11.7.1. Installing
11.7.2. Filling in the Directory
11.7.3. Managing Accounts with LDAP
11.8. Real-Time Communication Services
11.8.1. DNS settings for RTC services
11.8.2. Server TURN
11.8.3. SIP Proxy Server
11.8.4. Server XMPP
11.8.5. Running services on port 443
11.8.6. Adding WebRTC
Layanan jaringan adalah program-program yang berinteraksi secara langsung dengan para pengguna dalam pekerjaan mereka sehari-hari. Mereka adalah puncak gunung es sistem informasi, dan bab ini akan memfokuskan pada mereka; bagian tak terlihat tempat mereka bertumpu adalah infrastruktur yang sudah kita terangkan sebelumnya.
Kebanyakan layanan jaringan moderm memerlukan teknologi enkripsi agar beroperasi secara aman dan terpercaya, khususnya ketika digunakan pada internet publik. Sertifikat X.509 (yang mana dapat direferensikan sebagai Sertifikat SSL atau Sertifikat TLS) sering digunakan untuk tujuan ini. Sebuah sertifikat untuk domain tertentu seringkali dapat berbagi antara lebih dari satu layanan dibahas pada bagian ini.

11.1. Server Mail

Administrator Falcot Corp memilih Postfix untuk server surel elektroniknya, karena keandalan dan kemudahan konfigurasinya. Memang, desainnya memberlakukan bahwa setiap tugas diimplementasikan dalam sebuah proses dengan seperangkat izin minimum yang dibutuhkan, yang merupakan langkah mitigasi yang besar terhadap masalah keamanan.

ALTERNATIF Server Exim4

Debian menggunakan Exim4 sebagai peladen posel bawaan (instalasi awal menyertakan Exim4). Konfigurasi disediakan oleh paket yang terpisah, exim4-config, dan diatur secara otomatis berdasarkan jawaban dari pertanyaan Debconf yang mirip dengan pertanyaan yang diajukan oleh paket postfix.
Konfigurasi dapat berupa berkas tunggal (/etc/exim4/exim4.conf.template) atau terpecah dalam beberapa potongan konfigurasi tersimpan di bawah /etc/exim4/conf.d/. Keduanya, berkas tersebut digunakan olehperintah update-exim4.conf sebagai palet untuk menghasilkan /var/lib/exim4/config.autogenerated. Yang terakhir adalah berkas yang digunakan oleh Exim4. Berkat mekanisme ini, nilai yang dihasilkan melalui konfigurasi debconf Exim --yang tersimpan dalam /etc/exim4/update-exim4.conf.conf-- dapat disuntikkan ke dalam berkas konfigurasi Exim, bahkan ketika administrator atau paket lain telah mengubah konfigurasi bawaan Exim.
Sintaks berkas konfigurasi Exim4 memiliki kekhasan dan kurva belajarnya; namun, begitu keanehan ini dipahami, Exim4 merupakan peladen surel yang sangat lengkap dan hebat, yang dibuktikan dengan puluhan halaman dokumentasi.
→ http://www.exim.org/docs.html

11.1.1. Instalasi Postfix

Paket postfix menyertakan daemon SMTP utama. Paket lain (seperti postfix-ldap dan postfix-pgsql) menambahkan fungsionalitas tambahakan ke Postfix, termasuk mengakses basisdata terpetakan. Anda hanya perlu menginstallnya jika Anda tahu Anda memerlukannya.

KEMBALI KE DASAR SMTP

SMTP (Simple Mail Transfer Protocol) protokol yang digunakan oleh peladen posel untuk bertukar dan mengarahkan posel.
Beberapa pertanyaan Debconf ditanyakan saat instalasi paket tersebut. Jawabannya memungkinkan menghasilkan versi pertama berkas konfigurasi /etc/postfix/main.cf.
Pertanyaan pertama berkaitan dengan jenis pengaturan. Hanya dua jawaban relevan yang diajukan jika ada server yang tersambung ke internet, "situs internet" dan "internet dengan smarthost". Yang pertama sesuai untuk server yang menerima email masuk dan mengirim email keluar langsung ke penerimanya, dan karenanya cocok untuk kasus Falcot Corp. Yang terakhir ini sesuai untuk server yang menerima email masuk secara normal, namun mengirimkan email keluar melalui server SMTP menengah — ”smarthost” — bukan langsung ke server penerima. Ini sangat berguna bagi individu dengan alamat IP dinamis, karena banyak server email menolak pesan yang datang langsung dari alamat IP semacam itu. Dalam kasus ini, smarthost biasanya adalah SMTP server milik ISP, yang selalu dikonfigurasi untuk menerima email dari pelanggan ISP dan meneruskannya dengan tepat. Pengaturan ini (dengan smarthost) selalu relevan untuk server yang tidak terhubung secara permanen ke internet, karena menghindari harus mengatur antrian pesan tidak terkirim yang perlu dicoba ulang di waktu yang lain.

KOSAKATA ISP

ISP merupakan akronim dari "Internet Service Provider" (penyedia layanan internet). Sebuah entitas, seringkali berupa perusaan komersial, yang menyediakan koneksi internet dan layanan dasar yang sesuai (email, berita, dan lain-lain).
Pertanyaan kedua berkaitan dengan nama lengkap mesin, digunakan untuk menghasilkan alamat email dari nama pengguna lokal; nama lengkap mesin sebagai bagian setelah simbol-at ("@"). Dalam kasus Falcot, jawabannya seharusnya mail.falcot.com. Pertanyaan ini yang diajukan secara default, namun konfigurasi yang diembannya tidak cukup lengkap untuk kebutuhan Falcot, karenanya administrator menjalankan perintah dpkg-reconfigure postfix agar dapat menyesuaikan lebih banyak parameter.
Salah satu pertanyaan tambahan yang diajukan untuk semua nama domain yang berhubungan dengan mesin. Daftar bawaan yang menyertakan nama lengkapnya sebagaimana sedikit padanan untuk localhost, namun domain utama falcot.com perlu ditambahkan sendiri. Lebih umumnya, pertanyaan ini seharusnya biasanya dijawab dengan seluruh nama domain yang mana mesin ini seharusnya melayani sebagai sebuah MX server; dengan kata lain, seluruh nama domain yang mana disebutkan DNS bahwa mesin ini akan menerima surel. Informasi ini berpangkal pada variabel mydestination pada berkas konfigurasi Postfix — /etc/postfix/main.cf.
Aturan record DNS MX saat mengirimkan surel

Gambar 11.1. Aturan record DNS MX saat mengirimkan surel

EXTRA Query record MX

Ketika DNS tidak memilik record MX untuk sebuah domain, peladen surel akan mencoba mengirim pesan ke host-nya sendiri, dengan menggunakan record A (atau AAAA dalam IPv6).
In some cases, the installation can also ask what networks should be allowed to send email via the machine. In its default configuration, Postfix only accepts emails coming from the machine itself; the local network will usually be added. The Falcot Corp administrators added 192.168.0.0/16 to the default answer. If the question is not asked, the relevant variable in the configuration file is mynetworks, as seen in the example below.
Local email can also be delivered through procmail. This tool allows users to sort their incoming email according to rules stored in their ~/.procmailrc file.
After this first step, the administrators got the following configuration file; it will be used as a starting point for adding some extra functionality in the next sections.

Contoh 11.1. Berkas/etc/postfix/main.cf awal

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mail.falcot.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.falcot.com, falcot.com, localhost.localdomain, localhost
relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/16
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

KEAMANAN Sertifikat SSL Snake oil

The snake oil certificates, like the snake oil “medicine” sold by unscrupulous quacks in old times, have absolutely no value: you cannot rely on them to authenticate the server since they are automatically generated self-signed certificates. However they are useful to improve the privacy of the exchanges.
In general they should only be used for testing purposes, and normal service must use real certificates; these can be generated with the procedure described in Bagian 10.2.1.1, “Infrastruktur Kunci Publik: easy-rsa.

11.1.2. Mengkonfigurasi Domain Virtual

The mail server can receive emails addressed to other domains besides the main domain; these are then known as virtual domains. In most cases where this happens, the emails are not ultimately destined to local users. Postfix provides two interesting features for handling virtual domains.

HATI-HATI Domain virtual dan domain kanonik

None of the virtual domains must be referenced in the mydestination variable; this variable only contains the names of the “canonical” domains directly associated to the machine and its local users.

11.1.2.1. Domain Alias Virtual

A virtual alias domain only contains aliases, i.e. addresses that only forward emails to other addresses.
Such a domain is enabled by adding its name to the virtual_alias_domains variable, and referencing an address mapping file in the virtual_alias_maps variable.

Contoh 11.2. Directives to add in the /etc/postfix/main.cf file

virtual_alias_domains = falcotsbrand.com
virtual_alias_maps = hash:/etc/postfix/virtual
The /etc/postfix/virtual file describes a mapping with a rather straightforward syntax: each line contains two fields separated by whitespace; the first field is the alias name, the second field is a list of email addresses where it redirects. The special @domain.com syntax covers all remaining aliases in a domain.

Contoh 11.3. Contoh berkas /etc/postfix/virtual

webmaster@falcotsbrand.com  jean@falcot.com
contact@falcotsbrand.com    laure@falcot.com, sophie@falcot.com
# The alias below is generic and covers all addresses within 
# the falcotsbrand.com domain not otherwise covered by this file.
# These addresses forward email to the same user name in the
# falcot.com domain.
@falcotsbrand.com           @falcot.com

11.1.2.2. Domain Kotak Surat Virtual

HATI-HATI Gabungan domain virtual?

Postfix does not allow using the same domain in both virtual_alias_domains and virtual_mailbox_domains. However, every domain of virtual_mailbox_domains is implicitly included in virtual_alias_domains, which makes it possible to mix aliases and mailboxes within a virtual domain.
Messages addressed to a virtual mailbox domain are stored in mailboxes not assigned to a local system user.
Enabling a virtual mailbox domain requires naming this domain in the virtual_mailbox_domains variable, and referencing a mailbox mapping file in virtual_mailbox_maps. The virtual_mailbox_base parameter contains the directory under which the mailboxes will be stored.
The virtual_uid_maps parameter (respectively virtual_gid_maps) references the file containing the mapping between the email address and the system user (respectively group) that “owns” the corresponding mailbox. To get all mailboxes owned by the same owner/group, the static:5000 syntax assigns a fixed UID/GID (of value 5000 here).

Contoh 11.4. Directives to add in the /etc/postfix/main.cf file

virtual_mailbox_domains = falcot.org
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_mailbox_base = /var/mail/vhosts
Again, the syntax of the /etc/postfix/vmailbox file is quite straightforward: two fields separated with whitespace. The first field is an email address within one of the virtual domains, and the second field is the location of the associated mailbox (relative to the directory specified in virtual_mailbox_base). If the mailbox name ends with a slash (/), the emails will be stored in the maildir format; otherwise, the traditional mbox format will be used. The maildir format uses a whole directory to store a mailbox, each individual message being stored in a separate file. In the mbox format, on the other hand, the whole mailbox is stored in one file, and each line starting with “From ” (From followed by a space) signals the start of a new message.

Contoh 11.5. Berkas /etc/postfix/vmailbox

# Surel Jean disimpan sebagai maildir, dengan
# satu berkas per surel dalam suatu direktori
# terdedikasi
jean@falcot.org falcot.org/jean/
# Surel Sophie's disimpan dalam suatu berkas "mbox"
# tradisional dengan semua surel disambung ke dalam
# satu berkas tunggal
sophie@falcot.org falcot.org/sophie

11.1.3. Pembatasan Penerimaan dan Pengiriman

The growing number of unsolicited bulk emails (spam) requires being increasingly strict when deciding which emails a server should accept. This section presents some of the strategies included in Postfix.

KULTUR Masalah spam

“Spam” is a generic term used to designate all the unsolicited commercial emails (also known as UCEs) that flood our electronic mailboxes; the unscrupulous individuals sending them are known as spammers. They care little about the nuisance they cause, since sending an email costs very little, and only a very small percentage of recipients need to be attracted by the offers for the spamming operation to make more money than it costs. The process is mostly automated, and any email address made public (for instance, on a web forum, or on the archives of a mailing list, or on a blog, and so on) will be discovered by the spammers' robots, and subjected to a never-ending stream of unsolicited messages.
All system administrators try to face this nuisance with spam filters, but of course spammers keep adjusting to try to work around these filters. Some even rent networks of machines compromised by a worm from various crime syndicates. Recent statistics estimate that up to 95% of all emails circulating on the Internet are spam!

11.1.3.1. Pembatasan Akses Berbasis IP

The smtpd_client_restrictions directive controls which machines are allowed to communicate with the email server.

Contoh 11.6. Pembatasan Berbasis Alamat Klien

smtpd_client_restrictions = permit_mynetworks,
    warn_if_reject reject_unknown_client,
    check_client_access hash:/etc/postfix/access_clientip,
    reject_rbl_client sbl-xbl.spamhaus.org,
    reject_rbl_client list.dsbl.org
When a variable contains a list of rules, as in the example above, these rules are evaluated in order, from the first to the last. Each rule can accept the message, reject it, or leave the decision to a following rule. As a consequence, order matters, and simply switching two rules can lead to a widely different behavior.
The permit_mynetworks directive, used as the first rule, accepts all emails coming from a machine in the local network (as defined by the mynetworks configuration variable).
The second directive would normally reject emails coming from machines without a completely valid DNS configuration. Such a valid configuration means that the IP address can be resolved to a name, and that this name, in turn, resolves to the IP address. This restriction is often too strict, since many email servers do not have a reverse DNS for their IP address. This explains why the Falcot administrators prepended the warn_if_reject modifier to the reject_unknown_client directive: this modifier turns the rejection into a simple warning recorded in the logs. The administrators can then keep an eye on the number of messages that would be rejected if the rule were actually enforced, and make an informed decision later if they wish to enable such enforcement.

TIP tabel access

The restriction criteria include administrator-modifiable tables listing combinations of senders, IP addresses, and allowed or forbidden hostnames. These tables can be created from an uncompressed copy of the /usr/share/doc/postfix-doc/examples/access.gz file. This model is self-documented in its comments, which means each table describes its own syntax.
The /etc/postfix/access_clientip table lists IP addresses and networks; /etc/postfix/access_helo lists domain names; /etc/postfix/access_sender contains sender email addresses. All these files need to be turned into hash-tables (a format optimized for fast access) after each change, with the postmap /etc/postfix/file command.
The third directive allows the administrator to set up a blacklist and a whitelist of email servers, stored in the /etc/postfix/access_clientip file. Servers in the whitelist are considered as trusted, and the emails coming from there therefore do not go through the following filtering rules.
The last two rules reject any message coming from a server listed in one of the indicated blacklists. RBL is an acronym for Remote Black List; there are several such lists, but they all list badly configured servers that spammers use to relay their emails, as well as unexpected mail relays such as machines infected with worms or viruses.

TIPS Daftar putih dan RBL

Blacklists sometimes include a legitimate server that has been suffering an incident. In these situations, all emails coming from one of these servers would be rejected unless the server is listed in a whitelist defined by /etc/postfix/access_clientip.
Prudence therefore recommends including in the whitelist all the trusted servers from which many emails are usually received.

11.1.3.2. Checking the Validity of the EHLO or HELO Commands

Each SMTP exchange starts with a HELO (or EHLO) command, followed by the name of the sending email server; checking the validity of this name can be interesting.

Contoh 11.7. Restrictions on the name announced in EHLO

smtpd_helo_restrictions = permit_mynetworks,
    reject_invalid_hostname,
    check_helo_access hash:/etc/postfix/access_helo,
    reject_non_fqdn_hostname,
    warn_if_reject reject_unknown_hostname
The first permit_mynetworks directive allows all machines on the local network to introduce themselves freely. This is important, because some email programs do not respect this part of the SMTP protocol adequately enough, and they can introduce themselves with nonsensical names.
The reject_invalid_hostname rule rejects emails when the EHLO announce lists a syntactically incorrect hostname. The reject_non_fqdn_hostname rule rejects messages when the announced hostname is not a fully-qualified domain name (including a domain name as well as a host name). The reject_unknown_hostname rule rejects messages if the announced name does not exist in the DNS. Since this last rule unfortunately leads to too many rejections, the administrators turned its effect to a simple warning with the warn_if_reject modifier as a first step; they may decide to remove this modifier at a later stage, after auditing the results of this rule.
Using permit_mynetworks as the first rule has an interesting side effect: the following rules only apply to hosts outside the local network. This allows blacklisting all hosts that announce themselves as part of the falcot.com, for instance by adding a falcot.com REJECT You are not in our network! line to the /etc/postfix/access_helo file.

11.1.3.3. Accepting or Refusing Based on the Announced Sender

Every message has a sender, announced by the MAIL FROM command of the SMTP protocol; again, this information can be validated in several different ways.

Contoh 11.8. Sender checks

smtpd_sender_restrictions = 
    check_sender_access hash:/etc/postfix/access_sender,
    reject_unknown_sender_domain, reject_unlisted_sender,
    reject_non_fqdn_sender
The /etc/postfix/access_sender table maps some special treatment to some senders. This usually means listing some senders into a white list or a black list.
The reject_unknown_sender_domain rule requires a valid sender domain, since it is needed for a valid address. The reject_unlisted_sender rule rejects local senders if the address does not exist; this prevents emails from being sent from an invalid address in the falcot.com domain, and messages emanating from joe.bloggs@falcot.com are only accepted if such an address really exists.
Finally, the reject_non_fqdn_sender rule rejects emails purporting to come from addresses without a fully-qualified domain name. In practice, this means rejecting emails coming from user@machine: the address must be announced as either user@machine.example.com or user@example.com.

11.1.3.4. Accepting or Refusing Based on the Recipient

Each email has at least one recipient, announced with the RCPT TO command in the SMTP protocol. These addresses also warrant validation, even if that may be less relevant than the checks made on the sender address.

Contoh 11.9. Recipient checks

smtpd_recipient_restrictions = permit_mynetworks, 
    reject_unauth_destination, reject_unlisted_recipient, 
    reject_non_fqdn_recipient
reject_unauth_destination is the basic rule that requires outside messages to be addressed to us; messages sent to an address not served by this server are rejected. Without this rule, a server becomes an open relay that allows spammers to send unsolicited emails; this rule is therefore mandatory, and it will be best included near the beginning of the list, so that no other rules may authorize the message before its destination has been checked.
The reject_unlisted_recipient rule rejects messages sent to non-existing local users, which makes sense. Finally, the reject_non_fqdn_recipient rule rejects non-fully-qualified addresses; this makes it impossible to send an email to jean or jean@machine, and requires using the full address instead, such as jean@machine.falcot.com or jean@falcot.com.

11.1.3.5. Restrictions Associated with the DATA Command

The DATA command of SMTP is emitted before the contents of the message. It doesn't provide any information per se, apart from announcing what comes next. It can still be subjected to checks.

Contoh 11.10. DATA checks

smtpd_data_restrictions = reject_unauth_pipelining
The reject_unauth_pipelining directives causes the message to be rejected if the sending party sends a command before the reply to the previous command has been sent. This guards against a common optimization used by spammer robots, since they usually don't care a fig about replies and only focus on sending as many emails as possible in as short a time as possible.

11.1.3.6. Applying Restrictions

Although the above commands validate information at various stages of the SMTP exchange, Postfix only sends the actual rejection as a reply to the RCPT TO command.
This means that even if the message is rejected due to an invalid EHLO command, Postfix knows the sender and the recipient when announcing the rejection. It can then log a more explicit message than it could if the transaction had been interrupted from the start. In addition, a number of SMTP clients do not expect failures on the early SMTP commands, and these clients will be less disturbed by this late rejection.
A final advantage to this choice is that the rules can accumulate information during the various stages of the SMTP exchange; this allows defining more fine-grained permissions, such as rejecting a non-local connection if it announces itself with a local sender.

11.1.3.7. Filtering Based on the Message Contents

The validation and restriction system would not be complete without a way to apply checks to the message contents. Postfix differentiates the checks applying to the email headers from those applying to the email body.

Contoh 11.11. Enabling content-based filters

header_checks = regexp:/etc/postfix/header_checks
body_checks = regexp:/etc/postfix/body_checks
Both files contain a list of regular expressions (commonly known as regexps or regexes) and associated actions to be triggered when the email headers (or body) match the expression.

QUICK LOOK Regexp tables

The /usr/share/doc/postfix-doc/examples/header_checks.gz file contains many explanatory comments and can be used as a starting point for creating the /etc/postfix/header_checks and /etc/postfix/body_checks files.

Contoh 11.12. Example /etc/postfix/header_checks file

/^X-Mailer: GOTO Sarbacane/ REJECT I fight spam (GOTO Sarbacane)
/^Subject: *Your email contains VIRUSES/ DISCARD virus notification

BACK TO BASICS Regular expression

The regular expression term (shortened to regexp or regex) references a generic notation for expressing a description of the contents and/or structure of a string of characters. Certain special characters allow defining alternatives (for instance, foo|bar matches either “foo” or “bar”), sets of allowed characters (for instance, [0-9] means any digit, and . — a dot — means any character), quantifications (s? matches either s or the empty string, in other words 0 or 1 occurrence of s; s+ matches one or more consecutive s characters; and so on). Parentheses allow grouping search results.
The precise syntax of these expressions varies across the tools using them, but the basic features are similar.
→ http://en.wikipedia.org/wiki/Regular_expression
The first one checks the header mentioning the email software; if GOTO Sarbacane (a bulk email software) is found, the message is rejected. The second expression controls the message subject; if it mentions a virus notification, we can decide not to reject the message but to discard it immediately instead.
Using these filters is a double-edged sword, because it is easy to make the rules too generic and to lose legitimate emails as a consequence. In these cases, not only the messages will be lost, but their senders will get unwanted (and annoying) error messages.

11.1.4. Setting Up greylisting

“Greylisting” is a filtering technique according to which a message is initially rejected with a temporary error code, and only accepted on a further try after some delay. This filtering is particularly efficient against spam sent by the many machines infected by worms and viruses, since this software rarely acts as a full SMTP agent (by checking the error code and retrying failed messages later), especially since many of the harvested addresses are really invalid and retrying would only mean losing time.
Postfix doesn't provide greylisting natively, but there is a feature by which the decision to accept or reject a given message can be delegated to an external program. The postgrey package contains just such a program, designed to interface with this access policy delegation service.
Once postgrey is installed, it runs as a daemon and listens on port 10023. Postfix can then be configured to use it, by adding the check_policy_service parameter as an extra restriction: 
smtpd_recipient_restrictions = permit_mynetworks,
    [...]
    check_policy_service inet:127.0.0.1:10023
Each time Postfix reaches this rule in the ruleset, it will connect to the postgrey daemon and send it information concerning the relevant message. On its side, Postgrey considers the IP address/sender/recipient triplet and checks in its database whether that same triplet has been seen recently. If so, Postgrey replies that the message should be accepted; if not, the reply indicates that the message should be temporarily rejected, and the triplet gets recorded in the database.
The main disadvantage of greylisting is that legitimate messages get delayed, which is not always acceptable. It also increases the burden on servers that send many legitimate emails.

IN PRACTICE Shortcomings of greylisting

Theoretically, greylisting should only delay the first mail from a given sender to a given recipient, and the typical delay is in the order of minutes. Reality, however, can differ slightly. Some large ISPs use clusters of SMTP servers, and when a message is initially rejected, the server that retries the transmission may not be the same as the initial one. When that happens, the second server gets a temporary error message due to greylisting too, and so on; it may take several hours until transmission is attempted by a server that has already been involved, since SMTP servers usually increase the delay between retries at each failure.
As a consequence, the incoming IP address may vary in time even for a single sender. But it goes further: even the sender address can change. For instance, many mailing-list servers encode extra information in the sender address so as to be able to handle error messages (known as bounces). Each new message sent to a mailing-list may then need to go through greylisting, which means it has to be stored (temporarily) on the sender's server. For very large mailing-lists (with tens of thousands of subscribers), this can soon become a problem.
To mitigate these drawbacks, Postgrey manages a whitelist of such sites, and messages emanating from them are immediately accepted without going through greylisting. This list can easily be adapted to local needs, since it is stored in the /etc/postgrey/whitelist_clients file.

GOING FURTHER Selective greylisting with milter-greylist

The drawbacks of greylisting can be mitigated by only using greylisting on the subset of clients that are already considered as probable sources of spam (because they are listed in a DNS blacklist). This is not possible with postgrey but milter-greylist can be used in such a way.
In that scenario, since DNS blacklists never triggers a definitive rejection, it becomes reasonable to use aggressive blacklists, including those listing all dynamic IP addresses from ISP clients (such as pbl.spamhaus.org or dul.dnsbl.sorbs.net).
Since milter-greylist uses Sendmail's milter interface, the postfix side of its configuration is limited to “smtpd_milters = unix:/var/run/milter-greylist/milter-greylist.sock”. The greylist.conf(5) manual page documents /etc/milter-greylist/greylist.conf and the numerous ways to configure milter-greylist. You will also have to edit /etc/default/milter-greylist to actually enable the service.

11.1.5. Customizing Filters Based On the Recipient

Bagian 11.1.3, “Pembatasan Penerimaan dan Pengiriman” and Bagian 11.1.4, “Setting Up greylisting reviewed many of the possible restrictions. They all have their use in limiting the amount of received spam, but they also all have their drawbacks. It is therefore more and more common to customize the set of filters depending on the recipient. At Falcot Corp, greylisting is interesting for most users, but it hinders the work of some users who need low latency in their emails (such as the technical support service). Similarly, the commercial service sometimes has problems receiving emails from some Asian providers who may be listed in blacklists; this service asked for a non-filtered address so as to be able to correspond.
Postfix provides such a customization of filters with a “restriction class” concept. The classes are declared in the smtpd_restriction_classes parameter, and defined the same way as smtpd_recipient_restrictions. The check_recipient_access directive then defines a table mapping a given recipient to the appropriate set of restrictions.

Contoh 11.13. Defining restriction classes in main.cf

smtpd_restriction_classes = greylisting, aggressive, permissive

greylisting = check_policy_service inet:127.0.0.1:10023
aggressive = reject_rbl_client sbl-xbl.spamhaus.org,
        check_policy_service inet:127.0.0.1:10023
permissive = permit

smtpd_recipient_restrictions = permit_mynetworks,
        reject_unauth_destination,
        check_recipient_access hash:/etc/postfix/recipient_access

Contoh 11.14. The /etc/postfix/recipient_access file

# Unfiltered addresses
postmaster@falcot.com  permissive
support@falcot.com     permissive
sales-asia@falcot.com  permissive

# Aggressive filtering for some privileged users
joe@falcot.com         aggressive

# Special rule for the mailing-list manager
sympa@falcot.com       reject_unverified_sender

# Greylisting by default
falcot.com             greylisting

11.1.6. Integrating an Antivirus

The many viruses circulating as attachments to emails make it important to set up an antivirus at the entry point of the company network, since despite an awareness campaign, some users will still open attachments from obviously shady messages.
The Falcot administrators selected clamav for their free antivirus. The main package is clamav, but they also installed a few extra packages such as arj, unzoo, unrar and lha, since they are required for the antivirus to analyze attachments archived in one of these formats.
The task of interfacing between antivirus and the email server goes to clamav-milter. A milter (short for mail filter) is a filtering program specially designed to interface with email servers. A milter uses a standard application programming interface (API) that provides much better performance than filters external to the email servers. Milters were initially introduced by Sendmail, but Postfix soon followed suit.

QUICK LOOK A milter for Spamassassin

The spamass-milter package provides a milter based on SpamAssassin, the famous unsolicited email detector. It can be used to flag messages as probable spams (by adding an extra header) and/or to reject the messages altogether if their “spamminess” score goes beyond a given threshold.
Once the clamav-milter package is installed, the milter should be reconfigured to run on a TCP port rather than on the default named socket. This can be achieved with dpkg-reconfigure clamav-milter. When prompted for the “Communication interface with Sendmail”, answer “inet:10002@127.0.0.1”.

NOTE Real TCP port vs named socket

The reason why we use a real TCP port rather than the named socket is that the postfix daemons often run chrooted and do not have access to the directory hosting the named socket. You could also decide to keep using a named socket and pick a location within the chroot (/var/spool/postfix/).
The standard ClamAV configuration fits most situations, but some important parameters can still be customized with dpkg-reconfigure clamav-base.
The last step involves telling Postfix to use the recently-configured filter. This is a simple matter of adding the following directive to /etc/postfix/main.cf: 
# Virus check with clamav-milter
smtpd_milters = inet:[127.0.0.1]:10002
If the antivirus causes problems, this line can be commented out, and service postfix reload should be run so that this change is taken into account.

IN PRACTICE Testing the antivirus

Once the antivirus is set up, its correct behavior should be tested. The simplest way to do that is to send a test email with an attachment containing the eicar.com (or eicar.com.zip) file, which can be downloaded online:
→ http://www.eicar.org/86-0-Intended-use.html
This file is not a true virus, but a test file that all antivirus software on the market diagnose as a virus to allow checking installations.
All messages handled by Postfix now go through the antivirus filter.

11.1.7. Authenticated SMTP

Being able to send emails requires an SMTP server to be reachable; it also requires said SMTP server to send emails through it. For roaming users, this may need regularly changing the configuration of the SMTP client, since Falcot's SMTP server rejects messages coming from IP addresses apparently not belonging to the company. Two solutions exist: either the roaming user installs an SMTP server on their computer, or they still use the company server with some means of authenticating as an employee. The former solution is not recommended since the computer won't be permanently connected, and it won't be able to retry sending messages in case of problems; we will focus on the latter solution.
SMTP authentication in Postfix relies on SASL (Simple Authentication and Security Layer). It requires installing the libsasl2-modules and sasl2-bin packages, then registering a password in the SASL database for each user that needs authenticating on the SMTP server. This is done with the saslpasswd2 command, which takes several parameters. The -u option defines the authentication domain, which must match the smtpd_sasl_local_domain parameter in the Postfix configuration. The -c option allows creating a user, and -f allows specifying the file to use if the SASL database needs to be stored at a different location than the default (/etc/sasldb2). 
# saslpasswd2 -u `postconf -h myhostname` -f /var/spool/postfix/etc/sasldb2 -c jean
[... type jean's password twice ...]
Note that the SASL database was created in Postfix's directory. In order to ensure consistency, we also turn /etc/sasldb2 into a symbolic link pointing at the database used by Postfix, with the ln -sf /var/spool/postfix/etc/sasldb2 /etc/sasldb2 command.
Now we need to configure Postfix to use SASL. First the postfix user needs to be added to the sasl group, so that it can access the SASL account database. A few new parameters are also needed to enable SASL, and the smtpd_recipient_restrictions parameter needs to be configured to allow SASL-authenticated clients to send emails freely.

Contoh 11.15. Enabling SASL in /etc/postfix/main.cf

# Enable SASL authentication
smtpd_sasl_auth_enable = yes
# Define the SASL authentication domain to use
smtpd_sasl_local_domain = $myhostname
[...]
# Adding permit_sasl_authenticated before reject_unauth_destination
# allows relaying mail sent by SASL-authenticated users
smtpd_recipient_restrictions = permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
[...]

EXTRA Authenticated SMTP client

Most email clients are able to authenticate to an SMTP server before sending outgoing messages, and using that feature is a simple matter of configuring the appropriate parameters. If the client in use does not provide that feature, the workaround is to use a local Postfix server and configure it to relay email via the remote SMTP server. In this case, the local Postfix itself will be the client that authenticates with SASL. Here are the required parameters: 
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
relay_host = [mail.falcot.com]
The /etc/postfix/sasl_passwd file needs to contain the username and password to use for authenticating on the mail.falcot.com server. Here is an example: 
[mail.falcot.com]   joe:LyinIsji
As for all Postfix maps, this file must be turned into /etc/postfix/sasl_passwd.db with the postmap command.