通过上一篇“
CentOS4.4下邮件服务器架设笔记之基本功能实现”,至此,我们已经拥有一台可以正常收发MAIL的服务器了,但其功能较少,不具备防毒,防垃圾功效。本篇主要实现添加此功能!且添加了对邮件流量的监控功能!
--16:40:51-- [url]http://www.mailscanner.info/files/4/rpm/MailScanner-4.62.9-3.rpm.tar.gz[/url]
=> `MailScanner-4.62.9-3.rpm.tar.gz'
Resolving [url]http://www.mailscanner.info/[/url]... 81.17.252.15
Connecting to [url]http://www.mailscanner.info/[/url]|81.17.252.15|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4,239,584 (4.0M) [application/x-gzip]
Run As User =
Run As User = postfix
Outgoing Queue Dir = /var/spool/mqueue/ # Sendmail
1.安装clamav防病毒软件;
[root@mail ~]# yum install clamav
Dependencies Resolved
Dependencies Resolved
=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
clamav i386 0.91.2-1.el4.rf dag 1.1 M
Installing for dependencies:
clamav-db i386 0.91.2-1.el4.rf dag 10 M
Package Arch Version Repository Size
=============================================================================
Installing:
clamav i386 0.91.2-1.el4.rf dag 1.1 M
Installing for dependencies:
clamav-db i386 0.91.2-1.el4.rf dag 10 M
Transaction Summary
=============================================================================
Install 2 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 11 M
Is this ok [y/N]: y
Downloading Packages:
Downloading Packages:
(1/2): clamav-0.91.2-1.el 100% |=========================| 1.1 MB 02:31
(2/2): clamav-db-0.91.2-1 100% |=========================| 10 MB 21:27
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: clamav-db ######################### [1/2]
Installing: clamav ######################### [2/2]
=============================================================================
Install 2 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 11 M
Is this ok [y/N]: y
Downloading Packages:
Downloading Packages:
(1/2): clamav-0.91.2-1.el 100% |=========================| 1.1 MB 02:31
(2/2): clamav-db-0.91.2-1 100% |=========================| 10 MB 21:27
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: clamav-db ######################### [1/2]
Installing: clamav ######################### [2/2]
Installed: clamav.i386 0:0.91.2-1.el4.rf
Dependency Installed: clamav-db.i386 0:0.91.2-1.el4.rf
Complete!
Dependency Installed: clamav-db.i386 0:0.91.2-1.el4.rf
Complete!
上面clamav也可手工下载到:
[url]http://www.baxitek.com/pub/clamav/[/url]
wget [url]http://www.baxitek.com/pub/clamav/clamav-db-0.91.2-1.i386.rpm[/url]
wget [url]http://www.baxitek.com/pub/clamav/clamav-0.91.2-1.i386.rpm[/url]
2.更新杀毒软件病毒定义;
[root@mail ~]# /usr/bin/freshclam
ClamAV update process started at Fri Aug 31 18:55:00 2007
Downloading daily.cvd [100%]
daily.cvd updated (version: 4110, sigs: 16448, f-level: 21, builder: acab)
Database updated (149611 signatures) from db.cn.clamav.net (IP: 58.221.222.69)
WARNING: Clamd was NOT notified: Can't find or parse configuration file /etc/clamd.conf
ClamAV update process started at Fri Aug 31 18:55:00 2007
Downloading daily.cvd [100%]
daily.cvd updated (version: 4110, sigs: 16448, f-level: 21, builder: acab)
Database updated (149611 signatures) from db.cn.clamav.net (IP: 58.221.222.69)
WARNING: Clamd was NOT notified: Can't find or parse configuration file /etc/clamd.conf
3.鉴于上面升级病毒码的警告信息:是因为通过yum RPM包方式安装的clamav时,所生成的配置文件,不在/etc目录下,且文件名叫clamav.conf,按下面操作:
[root@mail etc]# find / -name clam*
find: /proc/801/task: No such file or directory
find: /proc/802/task: No such file or directory
find: /proc/803/task: No such file or directory
find: /proc/928/task: No such file or directory
find: /proc/936/task: No such file or directory
/etc/log.d/conf/services/clamav.conf
[root@mail etc]# cp /etc/log.d/conf/services/clamav.conf /etc/clamd.conf
find: /proc/801/task: No such file or directory
find: /proc/802/task: No such file or directory
find: /proc/803/task: No such file or directory
find: /proc/928/task: No such file or directory
find: /proc/936/task: No such file or directory
/etc/log.d/conf/services/clamav.conf
[root@mail etc]# cp /etc/log.d/conf/services/clamav.conf /etc/clamd.conf
4.安装spamassassin防垃圾软件;
[root@mail ~]# yum -y install spamassassin
Dependencies Resolved
Dependencies Resolved
=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
spamassassin i386 3.2.3-1.el4.rf dag 1.0 M
Installing for dependencies:
perl-Archive-Tar noarch 1.32-1.el4.rf dag 47 k
perl-Digest-HMAC noarch 1.01-13 base 11 k
perl-Digest-SHA1 i386 2.07-5 base 19 k
perl-IO-Socket-SSL noarch 1.07-2.el4.rf dag 43 k
perl-IO-Zlib noarch 1.05-1.el4.rf dag 15 k
perl-Net-DNS i386 0.61-1.el4.rf dag 271 k
perl-Net-IP noarch 1.25-1.el4.rf dag 30 k
perl-Net-SSLeay i386 1.30-4.el4.centos extras 198 k
perl-Time-HiRes i386 1.55-3 base 22 k
Updating for dependencies:
perl-HTML-Parser i386 3.55-1.el4.rf dag 140 k
Package Arch Version Repository Size
=============================================================================
Installing:
spamassassin i386 3.2.3-1.el4.rf dag 1.0 M
Installing for dependencies:
perl-Archive-Tar noarch 1.32-1.el4.rf dag 47 k
perl-Digest-HMAC noarch 1.01-13 base 11 k
perl-Digest-SHA1 i386 2.07-5 base 19 k
perl-IO-Socket-SSL noarch 1.07-2.el4.rf dag 43 k
perl-IO-Zlib noarch 1.05-1.el4.rf dag 15 k
perl-Net-DNS i386 0.61-1.el4.rf dag 271 k
perl-Net-IP noarch 1.25-1.el4.rf dag 30 k
perl-Net-SSLeay i386 1.30-4.el4.centos extras 198 k
perl-Time-HiRes i386 1.55-3 base 22 k
Updating for dependencies:
perl-HTML-Parser i386 3.55-1.el4.rf dag 140 k
Transaction Summary
=============================================================================
Install 10 Package(s)
Update 1 Package(s)
Remove 0 Package(s)
Total download size: 1.8 M
Downloading Packages:
(1/11): perl-HTML-Parser- 100% |=========================| 140 kB 00:24
(2/11): perl-Digest-HMAC- 100% |=========================| 11 kB 00:05
(3/11): perl-Net-DNS-0.61 100% |=========================| 271 kB 00:35
(4/11): perl-Net-SSLeay-1 100% |=========================| 198 kB 00:06
(5/11): perl-Digest-SHA1- 100% |=========================| 19 kB 00:04
(6/11): perl-Net-IP-1.25- 100% |=========================| 30 kB 00:06
(7/11): perl-Time-HiRes-1 100% |=========================| 22 kB 00:04
(8/11): perl-IO-Socket-SS 100% |=========================| 43 kB 00:06
(9/11): perl-Archive-Tar- 100% |=========================| 47 kB 00:07
(10/11): spamassassin-3.2 100% |=========================| 1.0 MB 02:19
(11/11): perl-IO-Zlib-1.0 100% |=========================| 15 kB 00:02
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: perl-Digest-SHA1 ####################### [ 1/12]
Updating : perl-HTML-Parser ####################### [ 2/12]
Installing: perl-Digest-HMAC ####################### [ 3/12]
Installing: perl-IO-Zlib ####################### [ 4/12]
Installing: perl-Archive-Tar ####################### [ 5/12]
Installing: perl-Time-HiRes ####################### [ 6/12]
Installing: perl-Net-IP ####################### [ 7/12]
Installing: perl-Net-DNS ####################### [ 8/12]
Installing: perl-Net-SSLeay ####################### [ 9/12]
Installing: perl-IO-Socket-SSL ####################### [10/12]
Installing: spamassassin ####################### [11/12]
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_US.en"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_US.en"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
Cleanup : perl-HTML-Parser ####################### [12/12]
=============================================================================
Install 10 Package(s)
Update 1 Package(s)
Remove 0 Package(s)
Total download size: 1.8 M
Downloading Packages:
(1/11): perl-HTML-Parser- 100% |=========================| 140 kB 00:24
(2/11): perl-Digest-HMAC- 100% |=========================| 11 kB 00:05
(3/11): perl-Net-DNS-0.61 100% |=========================| 271 kB 00:35
(4/11): perl-Net-SSLeay-1 100% |=========================| 198 kB 00:06
(5/11): perl-Digest-SHA1- 100% |=========================| 19 kB 00:04
(6/11): perl-Net-IP-1.25- 100% |=========================| 30 kB 00:06
(7/11): perl-Time-HiRes-1 100% |=========================| 22 kB 00:04
(8/11): perl-IO-Socket-SS 100% |=========================| 43 kB 00:06
(9/11): perl-Archive-Tar- 100% |=========================| 47 kB 00:07
(10/11): spamassassin-3.2 100% |=========================| 1.0 MB 02:19
(11/11): perl-IO-Zlib-1.0 100% |=========================| 15 kB 00:02
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: perl-Digest-SHA1 ####################### [ 1/12]
Updating : perl-HTML-Parser ####################### [ 2/12]
Installing: perl-Digest-HMAC ####################### [ 3/12]
Installing: perl-IO-Zlib ####################### [ 4/12]
Installing: perl-Archive-Tar ####################### [ 5/12]
Installing: perl-Time-HiRes ####################### [ 6/12]
Installing: perl-Net-IP ####################### [ 7/12]
Installing: perl-Net-DNS ####################### [ 8/12]
Installing: perl-Net-SSLeay ####################### [ 9/12]
Installing: perl-IO-Socket-SSL ####################### [10/12]
Installing: spamassassin ####################### [11/12]
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_US.en"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_US.en"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
Cleanup : perl-HTML-Parser ####################### [12/12]
Installed: spamassassin.i386 0:3.2.3-1.el4.rf
Dependency Installed: perl-Archive-Tar.noarch 0:1.32-1.el4.rf perl-Digest-HMAC.noarch 0:1.01-13 perl-Digest-SHA1.i386 0:2.07-5 perl-IO-Socket-SSL.noarch 0:1.07-2.el4.rf perl-IO-Zlib.noarch 0:1.05-1.el4.rf perl-Net-DNS.i386 0:0.61-1.el4.rf perl-Net-IP.noarch 0:1.25-1.el4.rf perl-Net-SSLeay.i386 0:1.30-4.el4.centos perl-Time-HiRes.i386 0:1.55-3
Dependency Updated: perl-HTML-Parser.i386 0:3.55-1.el4.rf
Complete!
[root@mail ~]#
Dependency Installed: perl-Archive-Tar.noarch 0:1.32-1.el4.rf perl-Digest-HMAC.noarch 0:1.01-13 perl-Digest-SHA1.i386 0:2.07-5 perl-IO-Socket-SSL.noarch 0:1.07-2.el4.rf perl-IO-Zlib.noarch 0:1.05-1.el4.rf perl-Net-DNS.i386 0:0.61-1.el4.rf perl-Net-IP.noarch 0:1.25-1.el4.rf perl-Net-SSLeay.i386 0:1.30-4.el4.centos perl-Time-HiRes.i386 0:1.55-3
Dependency Updated: perl-HTML-Parser.i386 0:3.55-1.el4.rf
Complete!
[root@mail ~]#
5.针对上面红色字体的告警信息,我们修改一下/etc/sysconfig/i18n文件,如果不修改在安装MailScanner时候,每次重新启动都提示,但是暂不知道有没有什么其它的影响!
[root@mail ~]# vi /etc/sysconfig/i18n
添加以下命令行:
LC_ALL="C"
并将:LANG="en_US.UTF-8"
改为:LANG="en_US"
改为:LANG="en_US"
6.接下来我们安装MailScanner,首先我们要下载,可以到官方网上下,地址: [url]http://www.mailscanner.info/[/url]上下载。
[root@mail tmp]# wget
[url]http://www.mailscanner.info/files/4/rpm/MailScanner-4.62.9-3.rpm.tar.gz[/url]
--16:40:51-- [url]http://www.mailscanner.info/files/4/rpm/MailScanner-4.62.9-3.rpm.tar.gz[/url]
=> `MailScanner-4.62.9-3.rpm.tar.gz'
Resolving [url]http://www.mailscanner.info/[/url]... 81.17.252.15
Connecting to [url]http://www.mailscanner.info/[/url]|81.17.252.15|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4,239,584 (4.0M) [application/x-gzip]
100%[====================================>] 4,239,584 6.74K/s ETA 00:00
16:50:54 (6.88 KB/s) - `MailScanner-4.62.9-3.rpm.tar.gz' saved [4239584/4239584]
[root@mail tmp]# tar zxvf MailScanner-4.62.9-3.rpm.tar.gz #解压缩此包
[root@mail tmp]# tar zxvf MailScanner-4.62.9-3.rpm.tar.gz #解压缩此包
[root@mail tmp]# cd MailScanner-4.62.9-3
[root@mail MailScanner-4.62.9-3]# ./install.sh #此过程较长,此时可以喝一杯去,哈哈!
Good. You have the patch command.
[root@mail MailScanner-4.62.9-3]# ./install.sh #此过程较长,此时可以喝一杯去,哈哈!
Good. You have the patch command.
Good, you have /usr/src/redhat in place.
Writing a .rpmmacros file in your home directory to stop
unpackaged files breaking the build process.
You can delete it once MailScanner is installed if you want to.
Now to install MailScanner itself.
unpackaged files breaking the build process.
You can delete it once MailScanner is installed if you want to.
Now to install MailScanner itself.
NOTE: If you get lots of errors here, run the install.sh script
NOTE: again with the command "./install.sh nodeps"
NOTE: again with the command "./install.sh nodeps"
Preparing... ########################################### [100%]
1:mailscanner ########################################### [100%]
Good, SpamAssassin site rules found in /etc/mail/spamassassin
1:mailscanner ########################################### [100%]
Good, SpamAssassin site rules found in /etc/mail/spamassassin
To activate MailScanner run the following commands:
service sendmail stop
chkconfig sendmail off
chkconfig --level 2345 MailScanner on
service MailScanner start
chkconfig sendmail off
chkconfig --level 2345 MailScanner on
service MailScanner start
For technical support, please read the MAQ at [url]www.mailscanner.biz/maq/[/url]
and buy the book at [url]www.mailscanner.info/store[/url]
and buy the book at [url]www.mailscanner.info/store[/url]
----------------------------------------------------------
Please buy the MailScanner book from [url]http://www.mailscanner.info/[/url]!
It is a very useful administration guide and introduction
to MailScanner. All the proceeds go directly to making
MailScanner a better supported package than it is today.
Please buy the MailScanner book from [url]http://www.mailscanner.info/[/url]!
It is a very useful administration guide and introduction
to MailScanner. All the proceeds go directly to making
MailScanner a better supported package than it is today.
7.配置MainScanner及设置POSTFIX使用MailScanner调用clamav及SA;(红色字为待修改,绿色为修改后的内容.
[root@mail MailScanner-4.62.9-3]# vi /etc/MailScanner/MailScanner.conf
%org-name% = yoursite
%org-name% = centosmail
%org-name% = yoursite
%org-name% = centosmail
%org-long-name% = Your Organisation Name Here
%org-long-name% = CentosMail_Leeki.Yan
%web-site% =
[url]http://www.your-organisation.com/[/url]
%web-site% = [url]http://www.centos.eb.cn/[/url]
%web-site% = [url]http://www.centos.eb.cn/[/url]
Run As User =
Run As User = postfix
Run As Group =
Run As Group = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/mqueue.in
Incoming Queue Dir = /var/spool/postfix/hold
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/mqueue
Outgoing Queue Dir = /var/spool/postfix/incoming
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = sendmail
MTA = postfix
MTA = postfix
Virus Scanners = auto
Virus Scanners = clamav
Virus Scanners = clamav
Always Include SpamAssassin Report = no
Always Include SpamAssassin Report = yes
SpamAssassin User State Dir =
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
Incoming Work User =
Incoming Work Group =
Incoming Work User = postfix
Incoming Work Group =
Incoming Work User = postfix
Incoming Work Group = postfix
SpamAssassin Install Prefix =
SpamAssassin Install Prefix = /usr/bin
SpamAssassin Install Prefix = /usr/bin
Quarantine User =
Quarantine Group =
Quarantine User = postfix
Quarantine Group =
Quarantine User = postfix
Quarantine Group = postfix
[root@mail MailScanner-4.62.9-3]# vi /etc/MailScanner/MailScanner.conf
[root@mail MailScanner-4.62.9-3]# cd /var/spool/MailScanner/
[root@mail MailScanner]# ls -al
total 20
drwxr-xr-x 4 root root 4096 Aug 31 20:34 .
drwxr-xr-x 16 root root 4096 Aug 31 20:34 ..
drwxr-xr-x 8 root root 4096 Aug 31 21:01 incoming
drwxr-xr-x 2 root root 4096 Aug 31 20:34 quarantine
[root@mail MailScanner]# mkdir spamassassin
[root@mail MailScanner]# mkdir .spamassassin
[root@mail MailScanner]# chown -R postfix:postfix /var/spool/MailScanner/*
[root@mail MailScanner]# ls -al
total 28
drwxr-xr-x 6 root root 4096 Aug 31 21:48 .
drwxr-xr-x 16 root root 4096 Aug 31 20:34 ..
drwxr-xr-x 2 root root 4096 Aug 31 21:48 .spamassassin
drwxr-xr-x 8 postfix postfix 4096 Aug 31 21:01 incoming
drwxr-xr-x 2 postfix postfix 4096 Aug 31 20:34 quarantine
drwxr-xr-x 2 postfix postfix 4096 Aug 31 21:48 spamassassin
[root@mail MailScanner-4.62.9-3]# cd /var/spool/MailScanner/
[root@mail MailScanner]# ls -al
total 20
drwxr-xr-x 4 root root 4096 Aug 31 20:34 .
drwxr-xr-x 16 root root 4096 Aug 31 20:34 ..
drwxr-xr-x 8 root root 4096 Aug 31 21:01 incoming
drwxr-xr-x 2 root root 4096 Aug 31 20:34 quarantine
[root@mail MailScanner]# mkdir spamassassin
[root@mail MailScanner]# mkdir .spamassassin
[root@mail MailScanner]# chown -R postfix:postfix /var/spool/MailScanner/*
[root@mail MailScanner]# ls -al
total 28
drwxr-xr-x 6 root root 4096 Aug 31 21:48 .
drwxr-xr-x 16 root root 4096 Aug 31 20:34 ..
drwxr-xr-x 2 root root 4096 Aug 31 21:48 .spamassassin
drwxr-xr-x 8 postfix postfix 4096 Aug 31 21:01 incoming
drwxr-xr-x 2 postfix postfix 4096 Aug 31 20:34 quarantine
drwxr-xr-x 2 postfix postfix 4096 Aug 31 21:48 spamassassin
修改main.cf文件,让其使用MainScanner;
[root@mail MailScanner]# vi /etc/postfix/main.cf
将: #header_checks = regexp:/etc/postfix/header_checks
改为:
header_checks = regexp:/etc/postfix/header_checks
[root@mail MailScanner]# mv /etc/postfix/header_checks /etc/postfix/header_checks.bak
[root@mail MailScanner]# vi /etc/postfix/header_checks
[root@mail MailScanner]# vi /etc/postfix/header_checks
增加如下命令:
(注意,空格处要使用 tab 键,添加如下内容)
/^Received:/ HOLD
/^Received:/ HOLD
[root@mail MailScanner]# chkconfig spamassassin on
[root@mail MailScanner]# service spamassassin start
Starting spamd: [ OK ]
[root@mail MailScanner]#
[root@mail MailScanner]# chkconfig postfix off #关闭postfix自启动,因MailScanner启动时,自动启动postfix
[root@mail MailScanner]# chkconfig MailScanner on
[root@mail MailScanner]# /etc/rc.d/init.d/MailScanner start
Starting MailScanner daemons:
incoming postfix: [ OK ]
outgoing postfix: [ OK ]
MailScanner: [ OK ]
[root@mail MailScanner]# service spamassassin start
Starting spamd: [ OK ]
[root@mail MailScanner]#
[root@mail MailScanner]# chkconfig postfix off #关闭postfix自启动,因MailScanner启动时,自动启动postfix
[root@mail MailScanner]# chkconfig MailScanner on
[root@mail MailScanner]# /etc/rc.d/init.d/MailScanner start
Starting MailScanner daemons:
incoming postfix: [ OK ]
outgoing postfix: [ OK ]
MailScanner: [ OK ]
查看clamav有没有启动,使用下面命令:
[root@mail MailScanner]# ps -aux | grep clamd
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.3/FAQ
root 12603 0.0 0.2 2992 444 pts/0 S+ 22:08 0:00 grep clamd
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.3/FAQ
root 12603 0.0 0.2 2992 444 pts/0 S+ 22:08 0:00 grep clamd
8.重新启动一下机器,开始测试吧!
[root@mail~]#tail -f /var/log/maillog
开始测试发一封邮件,可以在日志中查到到以下内容:
Aug 31 22:23:18 mail MailScanner[2600]: Using locktype = flock
Aug 31 22:23:18 mail MailScanner[3338]: Using SpamAssassin results cache
Aug 31 22:23:18 mail MailScanner[3338]: Connected to SpamAssassin cache database
Aug 31 22:23:18 mail MailScanner[3338]: Enabling SpamAssassin auto-whitelist functionality...
Aug 31 22:23:33 mail MailScanner[2709]: Using locktype = flock
Aug 31 22:23:36 mail MailScanner[3264]: Using locktype = flock
Aug 31 22:23:38 mail MailScanner[3336]: Using locktype = flock
Aug 31 22:23:39 mail MailScanner[3338]: Using locktype = flock
Aug 31 22:23:18 mail MailScanner[3338]: Using SpamAssassin results cache
Aug 31 22:23:18 mail MailScanner[3338]: Connected to SpamAssassin cache database
Aug 31 22:23:18 mail MailScanner[3338]: Enabling SpamAssassin auto-whitelist functionality...
Aug 31 22:23:33 mail MailScanner[2709]: Using locktype = flock
Aug 31 22:23:36 mail MailScanner[3264]: Using locktype = flock
Aug 31 22:23:38 mail MailScanner[3336]: Using locktype = flock
Aug 31 22:23:39 mail MailScanner[3338]: Using locktype = flock
Aug 31 22:24:13 mail pop3-login: Login: leeki.yan [::ffff:10.0.0.25]
Aug 31 22:25:39 mail postfix/smtpd[3345]: connect from unknown[10.0.0.25]
Aug 31 22:25:39 mail postfix/smtpd[3345]: C38C71702CA: client=unknown[10.0.0.25]
Aug 31 22:25:40 mail postfix/cleanup[3348]: C38C71702CA: hold: header Received: from ts (unknown [10.0.0.25])??by mail.centos.eb.cn (Postfix) with SMTP id C38C71702CA??for <[email][email protected][/email]>; Fri, 31 Aug 2007 22:25:39 +0800 (CST) from unknown[10.0.0.25]; from=<[email][email protected][/email]> to=<[email][email protected][/email]> proto=SMTP helo=
Aug 31 22:25:40 mail postfix/cleanup[3348]: C38C71702CA: message-id=<001901c7ebdb$f70f9ff0$1900000a@triumph>
Aug 31 22:25:40 mail postfix/smtpd[3345]: disconnect from unknown[10.0.0.25]
Aug 31 22:25:43 mail MailScanner[3264]: New Batch: Scanning 1 messages, 934 bytes
Aug 31 22:25:59 mail pop3-login: Login: leeki.yan [::ffff:10.0.0.25]
Aug 31 22:25:59 mail MailScanner[3264]: Virus and Content Scanning: Starting
Aug 31 22:26:14 mail MailScanner[3264]: Requeue: C38C71702CA.8937F to 14A741702E8
Aug 31 22:26:14 mail MailScanner[3264]: Uninfected: Delivered 1 messages
Aug 31 22:26:14 mail postfix/qmgr[2579]: 14A741702E8: from=<[email][email protected][/email]>, size=1212, nrcpt=1 (queue active)
Aug 31 22:26:14 mail postfix/local[3361]: 14A741702E8: to=<[email][email protected][/email]>, relay=local, delay=35, status=sent (delivered to maildir)
Aug 31 22:26:14 mail postfix/qmgr[2579]: 14A741702E8: removed
Aug 31 22:28:29 mail pop3-login: Login: leeki.yan [::ffff:10.0.0.25]
从上面的日志可以看出,MailScanner已经开始起作用了!
Aug 31 22:25:39 mail postfix/smtpd[3345]: connect from unknown[10.0.0.25]
Aug 31 22:25:39 mail postfix/smtpd[3345]: C38C71702CA: client=unknown[10.0.0.25]
Aug 31 22:25:40 mail postfix/cleanup[3348]: C38C71702CA: hold: header Received: from ts (unknown [10.0.0.25])??by mail.centos.eb.cn (Postfix) with SMTP id C38C71702CA??for <[email][email protected][/email]>; Fri, 31 Aug 2007 22:25:39 +0800 (CST) from unknown[10.0.0.25]; from=<[email][email protected][/email]> to=<[email][email protected][/email]> proto=SMTP helo=
Aug 31 22:25:40 mail postfix/cleanup[3348]: C38C71702CA: message-id=<001901c7ebdb$f70f9ff0$1900000a@triumph>
Aug 31 22:25:40 mail postfix/smtpd[3345]: disconnect from unknown[10.0.0.25]
Aug 31 22:25:43 mail MailScanner[3264]: New Batch: Scanning 1 messages, 934 bytes
Aug 31 22:25:59 mail pop3-login: Login: leeki.yan [::ffff:10.0.0.25]
Aug 31 22:25:59 mail MailScanner[3264]: Virus and Content Scanning: Starting
Aug 31 22:26:14 mail MailScanner[3264]: Requeue: C38C71702CA.8937F to 14A741702E8
Aug 31 22:26:14 mail MailScanner[3264]: Uninfected: Delivered 1 messages
Aug 31 22:26:14 mail postfix/qmgr[2579]: 14A741702E8: from=<[email][email protected][/email]>, size=1212, nrcpt=1 (queue active)
Aug 31 22:26:14 mail postfix/local[3361]: 14A741702E8: to=<[email][email protected][/email]>, relay=local, delay=35, status=sent (delivered to maildir)
Aug 31 22:26:14 mail postfix/qmgr[2579]: 14A741702E8: removed
Aug 31 22:28:29 mail pop3-login: Login: leeki.yan [::ffff:10.0.0.25]
9.另MailScanner.conf配置文件其它参数说明:
a.用mailscanner发信自动带加上这个内容:
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean
取消这种设置方法:vi /etc/MailScanner/MailScaner.conf
Sign Clean Messages = yes
改成
Sign Clean Messages = no
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean
取消这种设置方法:vi /etc/MailScanner/MailScaner.conf
Sign Clean Messages = yes
改成
Sign Clean Messages = no
b.可以从网上找个翻译过的report中文文件,以后当发生警告时,就会发中文的告警信息;
mv cn /etc/MailScanner/reports即可
/etc/MailScanner/reports/en
因为部分中文没有,所有LOG里有报错:
方法:
cd /etc/MailScanner/reports/cn
cp ../en/* ../cn
当提示覆盖时,选n即可!
c.设置本地域不进行扫描:
mv cn /etc/MailScanner/reports即可
/etc/MailScanner/reports/en
因为部分中文没有,所有LOG里有报错:
方法:
cd /etc/MailScanner/reports/cn
cp ../en/* ../cn
当提示覆盖时,选n即可!
c.设置本地域不进行扫描:
编辑/etc/MailScanner/MailScanner.conf文件,
修改 Is Definitely Not Spam = /etc/MailScanner/rules/spam.whitelist.rules
vi /etc/MailScanner/rules/spam.whitelist.rules
加入 From: *@centos.eb.cn yes #centos.eb.cn是本地域名
重启MailScannerl。
修改 Is Definitely Not Spam = /etc/MailScanner/rules/spam.whitelist.rules
vi /etc/MailScanner/rules/spam.whitelist.rules
加入 From: *@centos.eb.cn yes #centos.eb.cn是本地域名
重启MailScannerl。
在/etc/mail/spamassassin/local.cf里面加了一句whitelist_from
*@trinet.com.cn
这样发出去的邮件都不会被标记为 spam ,但是还是经过了检查的,我想在问下,这两种设置的区别在那里 ?
答:设置whitelist_from,实际上还是会进行spam检查,whitelist_from 是表示在分数方面 -100分
而设置spam.whitelist.rules是直接标记不是垃圾邮件,不再进行spam检查的。
答:设置whitelist_from,实际上还是会进行spam检查,whitelist_from 是表示在分数方面 -100分
而设置spam.whitelist.rules是直接标记不是垃圾邮件,不再进行spam检查的。
d.
Max Children = 5 #
这是设置 MailScanner 的进程数,如果你的计算机不够强劲的话,建议你将数值设小点,因为 MailScanner 比较耗资
源,尤其是内存
Max Children = 5 #
这是设置 MailScanner 的进程数,如果你的计算机不够强劲的话,建议你将数值设小点,因为 MailScanner 比较耗资
源,尤其是内存
e.Virus Scanner Timeout = 30 # 病毒查杀软件扫描你的邮件的最长时间
f.Find Phishing Fraud = yes # 是否开启防钓鱼邮件检测功能
g.
Filename Rules = %etc-dir%/filename.rules.conf
Filetype Rules = %etc-dir%/filetype.rules.conf # 这两个参数用来设置你的邮件系统能接收或发送何种名称的附件
Filename Rules = %etc-dir%/filename.rules.conf
Filetype Rules = %etc-dir%/filetype.rules.conf # 这两个参数用来设置你的邮件系统能接收或发送何种名称的附件
h.
Max SpamAssassin Size = 1024k # 设置 spamassassin 只能扫描最大为多少的邮件
Max SpamAssassin Size = 1024k # 设置 spamassassin 只能扫描最大为多少的邮件
i:
Syslog Facility = mail
Log Speed = no
Log Spam = no
Log Non Spam = no
Log Permitted Filenames = no
Log Permitted Filetypes = no
Log Silent Viruses = no
Log Dangerous HTML Tags = no # 上面这些参数是设置 MailScanner 是否在 maillog 日志中记录相关的信息。如果你的计算机不够强劲的 话,建议你还是选 no 吧。
Syslog Facility = mail
Log Speed = no
Log Spam = no
Log Non Spam = no
Log Permitted Filenames = no
Log Permitted Filetypes = no
Log Silent Viruses = no
Log Dangerous HTML Tags = no # 上面这些参数是设置 MailScanner 是否在 maillog 日志中记录相关的信息。如果你的计算机不够强劲的 话,建议你还是选 no 吧。
10.安装mailscanner-mrtg监控邮件的流量;
[root@mail tmp]# wget [url]http://nchc.dl.sourceforge.net/sourceforge/mailscannermrtg/mailscanner-mrtg-0.10.00-1.noarch.rpm[/url]
[root@mail tmp]# wget [url]http://nchc.dl.sourceforge.net/sourceforge/mailscannermrtg/mailscanner-mrtg-0.10.00-1.noarch.rpm[/url]
[root@mail tmp]# rpm -ivh mailscanner-mrtg-0.10.00-1.noarch.rpm
warning: mailscanner-mrtg-0.10.00-1.noarch.rpm: V3 DSA signature: NOKEY, key ID e342f442
error: Failed dependencies:
mrtg >= 2.9 is needed by mailscanner-mrtg-0.10.00-1.noarch
Suggested resolutions:
/home/buildcentos/CENTOS/en/4.0/i386/CentOS/RPMS/mrtg-2.10.15-1.i386.rpm
出现上面的报错,这是包依赖的原因,接下来先安装mrtg,再安装mailscanner-mrtg
warning: mailscanner-mrtg-0.10.00-1.noarch.rpm: V3 DSA signature: NOKEY, key ID e342f442
error: Failed dependencies:
mrtg >= 2.9 is needed by mailscanner-mrtg-0.10.00-1.noarch
Suggested resolutions:
/home/buildcentos/CENTOS/en/4.0/i386/CentOS/RPMS/mrtg-2.10.15-1.i386.rpm
出现上面的报错,这是包依赖的原因,接下来先安装mrtg,再安装mailscanner-mrtg
[root@mail tmp]# yum -y install mrtg
Dependencies Resolved
=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
mrtg i386 2.10.15-1 base 914 k
Installing for dependencies:
gd i386 2.0.28-5.4E base 119 k
Package Arch Version Repository Size
=============================================================================
Installing:
mrtg i386 2.10.15-1 base 914 k
Installing for dependencies:
gd i386 2.0.28-5.4E base 119 k
Transaction Summary
=============================================================================
Install 2 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 1.0 M
Downloading Packages:
(1/2): gd-2.0.28-5.4E.i38 100% |=========================| 119 kB 02:48
(2/2): mrtg-2.10.15-1.i38 100% |=========================| 914 kB 13:02
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: gd ######################### [1/2]
Installing: mrtg ######################### [2/2]
=============================================================================
Install 2 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 1.0 M
Downloading Packages:
(1/2): gd-2.0.28-5.4E.i38 100% |=========================| 119 kB 02:48
(2/2): mrtg-2.10.15-1.i38 100% |=========================| 914 kB 13:02
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: gd ######################### [1/2]
Installing: mrtg ######################### [2/2]
Installed: mrtg.i386 0:2.10.15-1
Dependency Installed: gd.i386 0:2.0.28-5.4E
Complete!
再次安装mailscanner-mrtg,发现可以安装了,见下面:
Dependency Installed: gd.i386 0:2.0.28-5.4E
Complete!
再次安装mailscanner-mrtg,发现可以安装了,见下面:
[root@mail tmp]# rpm -ivh mailscanner-mrtg-0.10.00-1.noarch.rpm
warning: mailscanner-mrtg-0.10.00-1.noarch.rpm: V3 DSA signature: NOKEY, key ID e342f442
Preparing... ########################################### [100%]
1:mailscanner-mrtg ########################################### [100%]
warning: mailscanner-mrtg-0.10.00-1.noarch.rpm: V3 DSA signature: NOKEY, key ID e342f442
Preparing... ########################################### [100%]
1:mailscanner-mrtg ########################################### [100%]
Running MRTG to get your initial graphs (Could be slow)
Stopping httpd: [FAILED]
Starting httpd: httpd: Could not determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[ OK ]
Stopping httpd: [FAILED]
Starting httpd: httpd: Could not determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[ OK ]
备注:在安装好mailscanner-mrtg后,发现maillog里面总报如下错误;
Oct 25 15:20:02 mailgate MailScanner-MRTG[5072]: ERROR: Snmpwalk Binary
specified in /etc/MailScanner/mailscanner-mrtg.conf is not executable
or not present. Maybe you need to install the snmp or snmp-utils
packages. See the README.SNMP file in the docs. - Skipping snmp
functions
Oct 25 15:20:02 mailgate MailScanner-MRTG[5072]: Unable to find a
Oct 25 15:20:02 mailgate MailScanner-MRTG[5072]: Unable to find a
mountpoint for /var/spool. Please set Spool Directory in mailscanner-
mrtg.conf to a valid mountpoint. You can see a list of mointpoints on
your system by using the df command.
Oct 25 15:20:02 mailgate MailScanner-MRTG[5072]: Unable to find a
Oct 25 15:20:02 mailgate MailScanner-MRTG[5072]: Unable to find a
mountpoint for /var/spool/MailScanner/incoming. Please set MailScanner
Work Directory in mailscanner-mrtg.conf to a valid mountpoint. You can
see a list of mointpoints on your system by using the df command
侦对上面的错误:(因为没有安装snmp包,所以CPU,MEM等图标就为空了)
vi /etc/Mailscanner/mailscanner-mrtg.conf
将
Use SNMP = yes
Snmpwalk Binary = /usr/bin/snmpwalk
MailScanner Work Directory = /var/spool/MailScanner/incoming
Spool Directory = /var/spool
修改为:
#Use SNMP = yes
#Snmpwalk Binary = /usr/bin/snmpwalk
MailScanner Work Directory = /
Spool Directory = /
11.配置apache自启动及mailscanner-mrtg参数修改(上一篇文章已经安装了apache)
[root@mail tmp]#chkconfig httpd on
[root@mail tmp]# vi /etc/MailScanner/mailscanner-mrtg.conf
MTA = sendmail
MTA = postfix
Incoming Queue Dir = /var/spool/mqueue.in/ # Sendmail
Incoming Queue Dir = /var/spool/postfix/hold/ # Postfix
Outgoing Queue Dir = /var/spool/mqueue/ # Sendmail
Outgoing Queue Dir = /var/spool/postfix/incoming/ # Sendmail
Interfaces to Monitor = eth0(此参数视情况而定修改,使用ifconfig -a查看后,再作决定)
例如本机就无需修改!见下面:蓝色字体
[root@mail tmp]# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:C0:A8:F5:06:CD
inet addr:10.6.6.111 Bcast:10.255.255.255 Mask:255.0.0.0
inet6 addr: fe80::2c0:a8ff:fef5:6cd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5950 errors:0 dropped:0 overruns:0 frame:0
TX packets:3547 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1585146 (1.5 MiB) TX bytes:463239 (452.3 KiB)
重新启动一下apache服务,然后在浏览器中输入http://邮件服务器的IP地址/mailscanner-mrtg/就可以看到流量图了!
eth0 Link encap:Ethernet HWaddr 00:C0:A8:F5:06:CD
inet addr:10.6.6.111 Bcast:10.255.255.255 Mask:255.0.0.0
inet6 addr: fe80::2c0:a8ff:fef5:6cd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5950 errors:0 dropped:0 overruns:0 frame:0
TX packets:3547 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1585146 (1.5 MiB) TX bytes:463239 (452.3 KiB)
重新启动一下apache服务,然后在浏览器中输入http://邮件服务器的IP地址/mailscanner-mrtg/就可以看到流量图了!
12.其它的设定;
a.病毒库自动更新设定:
[root@mail tmp]# vi /etc/freshclam.conf
增加:LogFileMaxSize 2M
将#PidFile /var/run/freshclam.pid
改为:PidFile /var/run/freshclam.pid
增加:LogFileMaxSize 2M
将#PidFile /var/run/freshclam.pid
改为:PidFile /var/run/freshclam.pid
[root@mail tmp]# crontab -e
0 */12 * * * /usr/bin/freshclam --quiet -l /var/log/clamav/freshclam.log 表每各12小时更新一次
0 */12 * * * /usr/bin/freshclam --quiet -l /var/log/clamav/freshclam.log 表每各12小时更新一次
b.设置spamassassin,支持CCERT中文垃圾邮件过滤规则集及自动更新
[root@mail tmp]# wget -N -P /usr/share/spamassassin [url]www.ccert.edu.cn/spam/sa/Chinese_rules.cf[/url]
[root@mail tmp]# crontab -e
把下面一行复制到里面,进行自动更新规则
0 0 1 * * wget -N -P /usr/share/spamassassin [url]www.ccert.edu.cn/spam/sa/Chinese_rules.cf[/url]; /etc/rc.d/init.d/spamassassin restart
# sa-learn --sync -D -p user_prefs (建立学习系统)
#sa-learn --dump all(查看自学习的数据信息)
[root@mail tmp]# crontab -e
把下面一行复制到里面,进行自动更新规则
0 0 1 * * wget -N -P /usr/share/spamassassin [url]www.ccert.edu.cn/spam/sa/Chinese_rules.cf[/url]; /etc/rc.d/init.d/spamassassin restart
# sa-learn --sync -D -p user_prefs (建立学习系统)
#sa-learn --dump all(查看自学习的数据信息)
13.至此防毒防垃圾功能都已实现,别特别注意一点:
MailScanner.conf中其中有一个参数
原始值:SpamAssassin Local Rules Dir =
此参数网上很多参考的文档设定为:
SpamAssassin Local Rules Dir =/etc/MailScanner
本人暂不推荐设定此参数,因为我在安装的时候发现,按照网上相关网关设定的后,邮件全部卡在队列里,日志里总重报如下信息,却没有报错信息,郁闷啊!
Aug 25 22:58:27 mail MailScanner[5619]: Using SpamAssassin results cache
Aug 25 22:58:27 mail MailScanner[5619]: Connected to SpamAssassin cache database
Aug 25 22:58:27 mail MailScanner[5619]: Enabling SpamAssassin auto-whitelist functionality...
Aug 25 22:58:30 mail MailScanner[5620]: MailScanner E-Mail Virus Scanner version 4.62.9 starting...
Aug 25 22:58:30 mail MailScanner[5620]: Read 794 hostnames from the phishing whitelist
Aug 25 22:58:30 mail MailScanner[5620]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp
Aug 25 22:58:32 mail MailScanner[5620]: Using SpamAssassin results cache
Aug 25 22:58:32 mail MailScanner[5620]: Connected to SpamAssassin cache database
Aug 25 22:58:32 mail MailScanner[5620]: Enabling SpamAssassin auto-whitelist functionality...
Aug 25 22:58:35 mail MailScanner[5626]: MailScanner E-Mail Virus Scanner version 4.62.9 starting...
Aug 25 22:58:35 mail MailScanner[5626]: Read 794 hostnames from the phishing whitelist
Aug 25 22:58:36 mail MailScanner[5626]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp
查看队列发现:无论是发信还是收信,邮件全部卡在队列里:测试发和收,都会被卡在队列里
[root@mail incoming]# mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
695912341DA! 5535 Sat Aug 25 22:55:59 [email][email protected][/email]
[email][email protected][/email]
07D6B2341D8! 11042 Sat Aug 25 22:34:34 [email][email protected][/email]
[email][email protected][/email]
BEEBD2341D9! 2085 Sat Aug 25 23:00:58 [email][email protected][/email]
[email][email protected][/email]
-- 18 Kbytes in 3 Requests.
Aug 25 22:58:27 mail MailScanner[5619]: Connected to SpamAssassin cache database
Aug 25 22:58:27 mail MailScanner[5619]: Enabling SpamAssassin auto-whitelist functionality...
Aug 25 22:58:30 mail MailScanner[5620]: MailScanner E-Mail Virus Scanner version 4.62.9 starting...
Aug 25 22:58:30 mail MailScanner[5620]: Read 794 hostnames from the phishing whitelist
Aug 25 22:58:30 mail MailScanner[5620]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp
Aug 25 22:58:32 mail MailScanner[5620]: Using SpamAssassin results cache
Aug 25 22:58:32 mail MailScanner[5620]: Connected to SpamAssassin cache database
Aug 25 22:58:32 mail MailScanner[5620]: Enabling SpamAssassin auto-whitelist functionality...
Aug 25 22:58:35 mail MailScanner[5626]: MailScanner E-Mail Virus Scanner version 4.62.9 starting...
Aug 25 22:58:35 mail MailScanner[5626]: Read 794 hostnames from the phishing whitelist
Aug 25 22:58:36 mail MailScanner[5626]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp
查看队列发现:无论是发信还是收信,邮件全部卡在队列里:测试发和收,都会被卡在队列里
[root@mail incoming]# mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
695912341DA! 5535 Sat Aug 25 22:55:59 [email][email protected][/email]
[email][email protected][/email]
07D6B2341D8! 11042 Sat Aug 25 22:34:34 [email][email protected][/email]
[email][email protected][/email]
BEEBD2341D9! 2085 Sat Aug 25 23:00:58 [email][email protected][/email]
[email][email protected][/email]
-- 18 Kbytes in 3 Requests.
为此花掉三个日日夜夜排错!别提多惨啦!至此所需防毒防垃圾及流量监控都已实现!其它相关高级设定及优化,待总结。。。。