CentOS 4

 

ClamAV

[1.] yum install clamav clamav-data clamav-update clamav-lib clamav-server

 

[2.] cd /usr/share/doc/clamav-server-xxx

    cp clamd.init /etc/init.d/clamd

      cp clamd.sysconfig /etc/sysconfig/clamd.clamd

      cp clamd.conf /etc/clamd.d/clamd.conf

 

      vi /etc/init.d/clamd

CLAMD_SERVICE=clamd 

    vi /etc/sysconfig/clamd.clamd

CLAMD_CONFIGFILE=/etc/clamd.d/clamd.conf
CLAMD_SOCKET=/var/run/clamd.clamd/clamd.sock
#CLAMD_OPTIONS=

    ln -s /usr/sbin/clamd /usr/sbin/clamd.clamd

    mkdir /var/run/clamd.clamd

 

    vi /etc/clamd.d/clamd.conf

#Example
LogFile /var/log/clamd.log
LogFileMaxSize 0
LogTime
LogSyslog
LogVerbose
PidFile /var/run/clamd.clamad/clamd.pid
DatabaseDirectory /var/lib/clamav
LocalSocket /var/run/clamd.clamad/clamd.sock
User root
ScanMail
ScanArchive
ScanRAR

 vi /etc/freshclam.conf

#Example

 

更新病毒碼

    freshclam -v

 

啟動 ClamAV

    /etc/init.d/clamd start

 

開機時啟動

    chkconfig clamd on

 

SpamAssassin
[1.]

    yum install spamassassin

 

[2.] 設定 spamassassin config

 

    產生器http://www.yrex.com/spam/spamconfig.php

    產生後的內容直接 copy到 /etc/mail/spamassassin/local.cf裡面

# SpamAssassin config file for version 3.x
# NOTE: NOT COMPATIBLE WITH VERSIONS 2.5 or 2.6
# See http://www.yrex.com/spam/spamconfig25.php for earlier versions
# Generated by http://www.yrex.com/spam/spamconfig.php (version 1.50)

# 得分多少就判定為垃圾郵件
required_score 5.0

# 垃圾郵件的標題加上記號
rewrite_header subject *****SPAM(_SCORE_)*****

# 要如何處理垃圾郵件。因為郵件還會經過防毒程式的處理,所以必須設定為 0
# 0:將資訊寫入郵件表頭
# 1:將垃圾郵件轉為附件
# 2:將垃圾郵件轉為純文字附件
report_safe 0

# 精簡方式來回報給管理者
#use_terse_report 0

# Enable the Bayes system
use_bayes 1

# 開起貝氏自動學習功能
bayes_auto_learn 1

# E略過 RBLs 之檢查、使用 Razor version 2、使用 DCC (Distributed Checksum Clearinghouse)、使用 Pyzor
skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 1

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_languages zh en

# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales zh en

[3.] 除錯

        spamassassin –debug –lint

 

    啟動

        service spamassassin start

 

    chkconfig spamassassin on

 

[4.] vi /etc/postfix/main.cf

mailbox_command = /usr/bin/procmail

     vi /etc/procmailrc

:0fw: spamassassin.lock
 | /usr/bin/spamassassin

其它範例,大於2MB的信不檢查

:0fw
 * < 2000000
 | /usr/bin/spamassassin

使用獨立的常駐程式spamc(會有較高的效能)

:0fw
 | /usr/bin/spamc -s 200000

[5.] spamassassin分數計算
       spamassassin -t < /usr/share/doc/spamassassin-xxx/sample-spam.txt

       spamc -R < /usr/share/doc/spamassassin-xxx/sample-spam.txt

 

[6.] 測式 spam

        mail -s test cross < /usr/share/doc/spamassassin-xxx/sample-spam.txt

 

接著會收到一封信含有 " *****SPAM(997.6)*****"

 

注意:

    修改 /etc/mail/spamassassin/local.cf後會即時生效,用不著重新啟動 SpamAssassin

且現在用amavisd-new來呼叫spamassassin,即可達到 anti-spam的功能了,也不需設定透過procmail來用spamassassin

 

ref: http://openwebmail.org/openwebmail/download/redhat/howto/spam/howto.txt

 

amavisd-new

[1.] install clamav postfix amavids-new spamassassin

[2.] postfix main.cf加入過濾設定

       vi /etc/postfix/main.cf

content_filter = smtp-amavis:[127.0.0.1]:10024

[3.] postfix master.cf加入過濾設定

        vi /etc/postfix/master.cf

smtp-amavis unix – – n – 2 lmtp
   -o lmtp_data_done_timeout=1200
   -o lmtp_send_xforward_command=yes
   -o disable_dns_lookups=yes

127.0.0.1:10025 inet n – n – – smtpd
   -o content_filter=
   -o local_recipient_maps=
   -o relay_recipient_maps=
   -o smtpd_restriction_classes=
   -o smtpd_client_restrictions=
   -o smtpd_helo_restrictions=
   -o smtpd_sender_restrictions=
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o mynetworks=127.0.0.0/8
   -o strict_rfc821_envelopes=yes
   -o smtpd_error_sleep_time=0
   -o smtpd_soft_error_limit=1001
   -o smtpd_hard_error_limit=1000
   -o smtpd_client_connection_count_limit=0
   -o smtpd_client_connection_rate_limit=0
   -o receive_override_options=no_header_body_checks

[4.] vi /etc/amavisd.conf

$max_servers = 2;

$daemon_user = "amavis";
$daemon_group = "amavis";

$mydomain = 'ssorc.tw';
$myhostname = "mail.ssorc.tw";

$log_level = 0;
# 將這個改成0的話可分開記錄在amavis.log裡,不記錄在maillog
#$DO_SYSLOG = 1;
#$SYSLOG_LEVEL = 'mail.debug';
#$LOGFILE = "/var/log/amavis.log";

# 設定amavisd-new所listen的ip、port
$inet_socket_bind = '127.0.0.1';
$inet_socket_port = 10024;

# 病毒警告信寄給特定收件者
$virus_admin = "virusalert@$mydomain";
# SPAM警告信寄給特定收件者
$spam_admin = "spamalert@$mydomain";
$bad_header_admin = "spamalert@$mydomain";
$banned_admin = "spamalert@$mydomain";

$mailfrom_notify_admin = "virusalert@$mydomain";
$mailfrom_notify_recip = "virusalert@$mydomain";
$mailfrom_notify_spamadmin = "spam.police@$mydomain";
$mailfrom_to_quarantine = '';

# 隔離存放路徑
$QUARANTINE = "$MYHOME/virusmails";

# 隔離到"$MYHOME/virusmails"的檔案名稱格式
$virus_quarantine_method = 'local:virus-%i-%n.gz';  
$spam_quarantine_method = 'local:spam-%i-%n.gz';
$banned_files_quarantine_method = 'local:banned-%i-%n.gz';
$bad_header_quarantine_method = 'local:badh-%i-%n.gz';

# 或者多加個目錄去區分
$virus_quarantine_to = 'virus-quarantine';
$spam_quarantine_to = 'spam-quarantine';
$banned_quarantine_to = 'banned-quarantine';
$bad_header_quarantine_to = 'bad-header-quarantine';

# 或者隔離給特定收件者
$virus_quarantine_to = "virusalert@$mydomain";
$spam_quarantine_to = "spamalert@$mydomain";
$banned_quarantine_to = "spamalert@$mydomain";
$bad_header_quarantine_to = "spamalert@$mydomain";

# 啟用自動學習白名單
$sa_auto_whitelist = 1;

# 超過某個特定大小的信件就不經過 SpamAssassin掃描
$sa_mail_body_size_limit = 200*1024;

# 超過此分數者,視為 Spam
$sa_tag_level_deflt = 2.0;

# 超過此分數者,郵件表頭加入 Spam資訊
$sa_tag2_level_deflt = 4.0;

# 超過此分數者,直接將此郵件備份後刪除
$sa_kill_level_deflt = 6.3;
$undecipherable_subject_tag = '***UNCHECKED***';
$sa_spam_subject_tag = '***SPAM*** ';
$sa_spam_modifies_subj = 1;

# 設定轉送已檢查過的郵件傳送目的地,並設定通知方法為 $forward_method
$forward_method = 'smtp:127.0.0.1:10025';
$notify_method = $forward_method;

# 預設
#$final_virus_destiny = D_DISCARD;
#$final_banned_destiny = D_BOUNCE;
#$final_spam_destiny = D_BOUNCE;
#$final_bad_header_destiny = D_PASS;

# D_PASS       # 不做任何處理,直接傳送給收件者。
# D_DISCARD # 信件不會傳送給寄件者及收件者。
# D_BOUNCE  # 不傳送給收件者,除了定義在$viruses_that_fake_sender_re 病毒名稱外的信件,amavisd-new皆會傳送DSN訊息給寄件者。
# D_REJECT    # 不傳送給收件者,寄件者會收拒絕傳送的訊息。

# 病毒掃描設定
 ['ClamAV-clamd',
   &ask_daemon, ["CONTSCAN {}
", "/var/spool/amavisd/clamd.sock"],
   #&ask_daemon, ["CONTSCAN {}
", "/var/run/clamd.clamad/clamd.sock"],
   qr/OK$/, qr/FOUND$/,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

警告信件, 使用 alias

    vi /etc/aliases

virusalert:    mailalert
spamalert:    mailalert

postalias /etc/aliases

 

service postfix restart
service amavisd restart

 

chkconfig postfix on

chkconfig amavisd on

 

除錯

    service amavisd stop
    /usr/sbin/amavisd debug

 

測試一 telnet 127.0.0.1 25

Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.ssorc.tw ESMTP Postfix
mail from: test@mail
250 Ok
rcpt to: [email protected]
250 Ok
data
354 End data with <CR><LF>.<CR><LF>
subject: virus test
X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
.
250 Ok: queued as 663296CE4C1
^]
telnet> q
Connection closed.

測試二 telnet localhost 10024

 

垃圾信件內容

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

病毒信件內容

X5O!P%@AP[4/PZX54(P^)7CC]7]$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

或到 /usr/share/doc/amavisd-new-xxx/test-messages目錄裡有 sample作測式
    /bin/mail [email protected] < sample

 

注意???

    有一情況,它不會掃 Spam,當 inet_interfaces設定成 host時

 

利用資料庫作查詢、記錄、報告、隔離

詳看 README.sql

[1.] vi /etc/amavisd.conf

 @lookup_sql_dsn =
 ( ['DBI:mysql:database=amavisd;host=127.0.0.1;port=3306', 'amavisd', 'amavisd'],
   ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],
   ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );
 @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database

[2.] 建立資料庫,匯入資料表

sample data

 

example query

 

amavisd-new 建立 whitelist & blacklist
在 amavisd.conf設定檔加入

read_hash(\%whitelist_sender, '/var/amavis/whitelist');
read_hash(\%blacklist_sender, '/var/amavis/blacklist');
read_hash(\%spam_lovers, '/var/amavis/spam_lovers');

chown amavis.amavis /var/amavis/*

vi /var/amavis/blacklist

每次加入清單必需重新啟動 amavisd

PS: 如果 whitelist與 blacklist同時存在同一 address,會以 whitelist存取優先,也測試過 amavisd.conf的設定 read_hash(\%blacklist_sender在最上頭,也是以 whitelist存取優先

 

Related posts 相關文章
spamhaus 檢查你的郵件是否為 SPAM 垃圾郵件
More...
postfix 怎麼記錄信件主旨於 maillog 中
More...
讓 Plesk 的 Postfix 使用 Domain Key、SPF
More...
postfix 利用 postfwd2 限制寄信數量
More...

作者

留言

撰寫回覆或留言

發佈留言必須填寫的電子郵件地址不會公開。