E2guardian no CentOS 7
  1. No diretório /root/download, execute:
    wget -c http://mailserver.guru/7/os/x86_64/Packages/e2guardian-5.3.2-2.el7.x86_64.rpm
    wget -c http://www.shallalist.de/Downloads/shallalist.tar.gz
  2. Instale o /root/download/e2guardian-5.3.2-2.el7.x86_64.rpm.
  3. Edite o arquivo /etc/logrotate.d/e2guardian:
    /var/log/e2guardian/access.log {
      rotate 4
        systemctl stop e2guardian.service > /dev/null 2>&1 || true
        systemctl start e2guardian.service > /dev/null 2>&1
  4. Extraia o conteúdo do arquivo /root/download/shallalist.tar.gz no diretório /etc/e2guardian/lists.
  5. No diretório /etc/e2guardian/lists, mude o owner do diretório BL para e2guardian:e2guardian recursivamente:
    chown -R e2guardian:e2guardian BL
  6. Crie o diretório /etc/e2guardian/ssl/generatedcerts:
    mkdir -p /etc/e2guardian/ssl/generatedcerts
  7. Mude o mode do diretório /etc/e2guardian/ssl/generatedcerts para 777:
    chmod 777 /etc/e2guardian/ssl/generatedcerts
  8. Crie o arquivo /etc/e2guardian/ssl/mkcert e o execute:
    openssl genrsa 4096 > ca.key
    openssl req -new -x509 -days 3650 -key ca.key -out ca.pem
    openssl x509 -in ca.pem -outform DER -out ca.der
    openssl genrsa 4096 > cert.key
  9. Edite os arquivos:
    • /etc/e2guardian/e2guardian.conf:
      # Enable SSL support
      # This must be present to enable MITM and/or Cert checking
      # default is off
      enablessl = on
      #SSL man in the middle
      #CA certificate path
      #Path to the CA certificate to use as a signing certificate for
      #generated certificates.
      # default is blank - required if ssl_mitm is enabled.
      cacertificatepath = '/etc/e2guardian/ssl/ca.pem'
      #CA private key path
      #path to the private key that matches the public key in the CA certificate.
      # default is blank - required if ssl_mitm is enabled.
      caprivatekeypath = '/etc/e2guardian/ssl/ca.key'
      #Cert private key path
      #The public / private key pair used by all generated certificates
      # default is blank - required if ssl_mitm is enabled.
      certprivatekeypath = '/etc/e2guardian/ssl/cert.key'
      #Generated cert path
      #The location where generated certificates will be saved for future use.
      #(must be writable by the dg user)
      # default is blank - required if ssl_mitm is enabled.
      generatedcertpath = '/etc/e2guardian/ssl/generatedcerts/'
    • /etc/e2guardian/lists/bannedsitelist:
      #List other sites to block:
      # badboys.com
      # You will need to edit to add and remove categories you want
  10. Habilite e inicie o serviço e2guardian.service:
    systemctl enable e2guardian.service
    systemctl start e2guardian.service