Postfix + Amavisd-new + ClamAV + Spamassassin

CentOS 4

ClamAV

[1.] yum install clamav clamav-data clamav-update clamav-lib clamav-server

[2.] cd /usr/share/doc/clamav-server-xxx

　   cp clamd.init /etc/init.d/clamd

      cp clamd.sysconfig /etc/sysconfig/clamd.clamd

      cp clamd.conf /etc/clamd.d/clamd.conf

      vi /etc/init.d/clamd

    vi /etc/sysconfig/clamd.clamd

CLAMD_CONFIGFILE=/etc/clamd.d/clamd.conf
CLAMD_SOCKET=/var/run/clamd.clamd/clamd.sock
#CLAMD_OPTIONS=

    ln -s /usr/sbin/clamd /usr/sbin/clamd.clamd

    mkdir /var/run/clamd.clamd

    vi /etc/clamd.d/clamd.conf

更新病毒碼

    freshclam -v

啟動 ClamAV

    /etc/init.d/clamd start

開機時啟動

    chkconfig clamd on

SpamAssassin
[1.]

    yum install spamassassin

[2.] 設定 spamassassin config

    產生器http://www.yrex.com/spam/spamconfig.php

    產生後的內容直接 copy到 /etc/mail/spamassassin/local.cf裡面

[3.] 除錯

        spamassassin –debug –lint

    啟動

        service spamassassin start

    chkconfig spamassassin on

[4.] vi /etc/postfix/main.cf

:0fw: spamassassin.lock
 | /usr/bin/spamassassin

其它範例，大於2MB的信不檢查

:0fw
 * < 2000000
 | /usr/bin/spamassassin

使用獨立的常駐程式spamc(會有較高的效能)

[5.] spamassassin分數計算
       spamassassin -t < /usr/share/doc/spamassassin-xxx/sample-spam.txt

       spamc -R < /usr/share/doc/spamassassin-xxx/sample-spam.txt

[6.] 測式 spam

        mail -s test cross < /usr/share/doc/spamassassin-xxx/sample-spam.txt

接著會收到一封信含有 " *****SPAM(997.6)*****"

注意:

    修改 /etc/mail/spamassassin/local.cf後會即時生效，用不著重新啟動 SpamAssassin

且現在用amavisd-new來呼叫spamassassin，即可達到 anti-spam的功能了，也不需設定透過procmail來用spamassassin

ref: http://openwebmail.org/openwebmail/download/redhat/howto/spam/howto.txt

amavisd-new

[1.] install clamav postfix amavids-new spamassassin

[2.] postfix main.cf加入過濾設定

       vi /etc/postfix/main.cf

[3.] postfix master.cf加入過濾設定

        vi /etc/postfix/master.cf

smtp-amavis unix – – n – 2 lmtp
   -o lmtp_data_done_timeout=1200
   -o lmtp_send_xforward_command=yes
   -o disable_dns_lookups=yes

127.0.0.1:10025 inet n – n – – smtpd
   -o content_filter=
   -o local_recipient_maps=
   -o relay_recipient_maps=
   -o smtpd_restriction_classes=
   -o smtpd_client_restrictions=
   -o smtpd_helo_restrictions=
   -o smtpd_sender_restrictions=
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o mynetworks=127.0.0.0/8
   -o strict_rfc821_envelopes=yes
   -o smtpd_error_sleep_time=0
   -o smtpd_soft_error_limit=1001
   -o smtpd_hard_error_limit=1000
   -o smtpd_client_connection_count_limit=0
   -o smtpd_client_connection_rate_limit=0
   -o receive_override_options=no_header_body_checks

[4.] vi /etc/amavisd.conf

$max_servers = 2;

$daemon_user = "amavis";
$daemon_group = "amavis";

$mydomain = 'ssorc.tw';
$myhostname = "mail.ssorc.tw";

$log_level = 0;
# 將這個改成0的話可分開記錄在amavis.log裡，不記錄在maillog
#$DO_SYSLOG = 1;
#$SYSLOG_LEVEL = 'mail.debug';
#$LOGFILE = "/var/log/amavis.log";

# 設定amavisd-new所listen的ip、port
$inet_socket_bind = '127.0.0.1';
$inet_socket_port = 10024;

# 病毒警告信寄給特定收件者
$virus_admin = "virusalert@$mydomain";
# SPAM警告信寄給特定收件者
$spam_admin = "spamalert@$mydomain";
$bad_header_admin = "spamalert@$mydomain";
$banned_admin = "spamalert@$mydomain";

$mailfrom_notify_admin = "virusalert@$mydomain";
$mailfrom_notify_recip = "virusalert@$mydomain";
$mailfrom_notify_spamadmin = "spam.police@$mydomain";
$mailfrom_to_quarantine = '';

# 隔離存放路徑
$QUARANTINE = "$MYHOME/virusmails";

# 隔離到"$MYHOME/virusmails"的檔案名稱格式
$virus_quarantine_method = 'local:virus-%i-%n.gz';  
$spam_quarantine_method = 'local:spam-%i-%n.gz';
$banned_files_quarantine_method = 'local:banned-%i-%n.gz';
$bad_header_quarantine_method = 'local:badh-%i-%n.gz';

# 或者多加個目錄去區分
$virus_quarantine_to = 'virus-quarantine';
$spam_quarantine_to = 'spam-quarantine';
$banned_quarantine_to = 'banned-quarantine';
$bad_header_quarantine_to = 'bad-header-quarantine';

# 或者隔離給特定收件者
$virus_quarantine_to = "virusalert@$mydomain";
$spam_quarantine_to = "spamalert@$mydomain";
$banned_quarantine_to = "spamalert@$mydomain";
$bad_header_quarantine_to = "spamalert@$mydomain";

# 啟用自動學習白名單
$sa_auto_whitelist = 1;

# 超過某個特定大小的信件就不經過 SpamAssassin掃描
$sa_mail_body_size_limit = 200*1024;

# 超過此分數者，視為 Spam
$sa_tag_level_deflt = 2.0;

# 超過此分數者，郵件表頭加入 Spam資訊
$sa_tag2_level_deflt = 4.0;

# 超過此分數者，直接將此郵件備份後刪除
$sa_kill_level_deflt = 6.3;
$undecipherable_subject_tag = '***UNCHECKED***';
$sa_spam_subject_tag = '***SPAM*** ';
$sa_spam_modifies_subj = 1;

# 設定轉送已檢查過的郵件傳送目的地，並設定通知方法為 $forward_method
$forward_method = 'smtp:127.0.0.1:10025';
$notify_method = $forward_method;

# 預設
#$final_virus_destiny = D_DISCARD;
#$final_banned_destiny = D_BOUNCE;
#$final_spam_destiny = D_BOUNCE;
#$final_bad_header_destiny = D_PASS;

# D_PASS       # 不做任何處理，直接傳送給收件者。
# D_DISCARD # 信件不會傳送給寄件者及收件者。
# D_BOUNCE  # 不傳送給收件者，除了定義在$viruses_that_fake_sender_re 病毒名稱外的信件，amavisd-new皆會傳送DSN訊息給寄件者。
# D_REJECT    # 不傳送給收件者，寄件者會收拒絕傳送的訊息。

# 病毒掃描設定
 ['ClamAV-clamd',
   &ask_daemon, ["CONTSCAN {}
", "/var/spool/amavisd/clamd.sock"],
   #&ask_daemon, ["CONTSCAN {}
", "/var/run/clamd.clamad/clamd.sock"],
   qr/OK$/, qr/FOUND$/,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

警告信件， 使用 alias

    vi /etc/aliases

virusalert:    mailalert
spamalert:    mailalert

postalias /etc/aliases

service postfix restart
service amavisd restart

chkconfig postfix on

chkconfig amavisd on

除錯

    service amavisd stop
    /usr/sbin/amavisd debug

測試一 telnet 127.0.0.1 25

Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.ssorc.tw ESMTP Postfix
mail from: test@mail
250 Ok
rcpt to: cross@ssorc.tw
250 Ok
data
354 End data with <CR><LF>.<CR><LF>
subject: virus test
X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
.
250 Ok: queued as 663296CE4C1
^]
telnet> q
Connection closed.

測試二 telnet localhost 10024

垃圾信件內容

病毒信件內容

注意???

    有一情況，它不會掃 Spam，當 inet_interfaces設定成 host時

利用資料庫作查詢、記錄、報告、隔離

詳看 README.sql

[1.] vi /etc/amavisd.conf

 @lookup_sql_dsn =
 ( ['DBI:mysql:database=amavisd;host=127.0.0.1;port=3306', 'amavisd', 'amavisd'],
   ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],
   ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );
 @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database

[2.] 建立資料庫，匯入資料表

sample data

example query

amavisd-new 建立 whitelist & blacklist
在 amavisd.conf設定檔加入

read_hash(\%whitelist_sender, '/var/amavis/whitelist');
read_hash(\%blacklist_sender, '/var/amavis/blacklist');
read_hash(\%spam_lovers, '/var/amavis/spam_lovers');

chown amavis.amavis /var/amavis/*

vi /var/amavis/blacklist

root@ssorc.tw
ssorc.tw

每次加入清單必需重新啟動 amavisd

PS: 如果 whitelist與 blacklist同時存在同一 address，會以 whitelist存取優先，也測試過 amavisd.conf的設定 read_hash(\%blacklist_sender在最上頭，也是以 whitelist存取優先