四.邮件反垃圾和反病毒
一.
邮件反病毒和垃圾邮件过滤
1.
反病毒
抗病毒使用软件是
clamav
下载:
http://jaist.dl.sourceforge.net/sourceforge/clamav/clamav-0.95.tar.gz
安装:
#################################################################
# tar zxvf clamav-0.95.tar.gz &&cd clamav-0.95*
# useradd clamav
# ./configure --prefix=/usr/local/clamav
--with-dbdir=/usr/local/share/clamav
//
定义病毒数据库目录
# make && make install
################################################################
基本配置:
###################################################################
Clamav
有
2
个配置文件,一个主配置文件
/usr/local/clamav/etc/clamd.conf
,一个病毒更新配置文件
/usr/local/clamav/etc/ freshclam.conf
。现把修改好的配置文件列于下面:
[root@mail etc]# sed -e '/^#/d' -e '/^$/d' clamd.conf
LogFile /var/log/clamav/clamd.log
LogSyslog yes
LogVerbose yes
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /usr/local/share/clamav
LocalSocket /var/run/clamav/clamd.socket
StreamMaxLength 100M
//
附件大小
,
超过
100M
不扫描
User amavis
ScanMail yes
ScanArchive yes
[root@mail etc]# sed -e '/^#/d' -e '/^$/d' freshclam.conf
DatabaseDirectory /usr/local/share/clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose yes
LogSyslog yes
PidFile /var/run/clamav/freshclam.pid
DatabaseOwner amavis
DatabaseMirror db.CN.clamav.net
DatabaseMirror database.clamav.net
##################################################################
这
2
个文件有很多注释,我用
sed
把它过滤掉了。
Clamd.conf
中,有
"User amavis"
这样一行。为什么不用默认的用户
clamav
而使用
amavis
呢?这样做的目的是为了与
amavis-new
结合在一起。既然没有这个用户,就手动创建一个(
useradd amavis
)。接下来需要手动创建一些目录并赋予相应的权限,用来记录日志等用途;我把它作成一个
shell
脚本,直接执行即可,脚本的内容如下所示:
######################################################
[root@mailserv2 ~]# more /root/clamav.sh
#!/bin/bash
# create directory for clamav
mkdir /usr/local/share/clamav
mkdir /var/log/clamav
chmod -R 744 /var/log/clamav
chown -R amavis:amavis /var/log/clamav
chown -R amavis.amavis /usr/local/share/clamav
mkdir /var/run/clamav
chmod 700 /var/run/clamav
chown amavis.amavis /var/run/clamav
#####################################################
# /usr/local/clamav/bin/freshclam
手动更新病毒库。
2.
反垃圾
下载:
http://www.ijs.si/software/amavisd/amavisd-new-2.6.2.tar.gz
安装:
#################################################################
通过脚本一步到位:注意目录及版本
[root@mail virus]# vi /usr/local/bin/amavis.sh
#!/bin/bash
cd /usr/local/src/virus
tar zxvf amavisd-new-2.6.2.tar.gz && cd amavisd*
mkdir -p /var/amavis /var/amavis/tmp /var/amavis/var /var/amavis/db
chown -R amavis:amavis /var/amavis
chmod -R 750 /var/amavis
cp amavisd /usr/local/sbin/
chown root /usr/local/sbin/amavisd
chmod 755 /usr/local/sbin/amavisd
cp amavisd.conf /etc/
chown root /etc/amavisd.conf
chmod 644 /etc/amavisd.conf
mkdir /var/virusmails
chown amavis:amavis /var/virusmails
chmod 750 /var/virusmails
################################################################
执行完脚本后别忘记检查一下是否都按我们的意愿工作,如
/usr/local/sbin
目录是否有文件
amavisd
。
Amavisd
的配置文件
/etc/amavisd.conf
比较复杂,需要修改的内容如下:
$max_servers=8;
$daemon_user = 'amavis';
$daemon_group = 'amavis';
$mydomain = 'mail.test.com';
$db_home = "$MYHOME/db";
$inet_socket_port = 10024;
$sa_tag_level_deflt = 5.0;
$sa_tag2_level_deflt = 6.2;
$sa_kill_level_deflt = $sa_tag2_level_deflt;
$virus_admin = "virusalert@$mydomain";
$sa_spam_subject_tag = '***SPAM*** ';
$forward_method = 'smtp:127.0.0.1:10025';
$notify_method = $forward_method;
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_PASS;
['ClamAV-clamd',
&ask_daemon, ["CONTSCAN {}n", "/var/run/clamav/clamd"],
qr/bOK$/, qr/bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
上述修改确认无误后,执行
# /usr/local/sbin/amavisd debug
测试
amavis
。一般而言,测试皆不能正常进行,因为所需要的很多
perl
模块很可能没有被安装。还好,报错信息给出了所需的模块。这时你需要到
www.cpan.org
下载相关的模块,然后安装
;
也可能遇到包依赖,再下载依赖的包,安装这个依赖,再反回来安装先前那个包,如此反复,很是烦人,极考验人的耐性。等到
/usr/local/sbin/amavisd debug
输出没有错误方才完成。有另外一种方法,即运行
[root@mailserv2 ~]#
perl -MCPAN -e shell
,然后执行
cpan> install Time::HiRes
这样的命令挨个安装缺少的
perl
模块。根据我的经验,这样干很耗时,并且有的模块用这种方法安装还不灵,所以还不如在网站下载模块安装有效。
# /usr/local/sbin/amavisd debug
ERROR: MISSING REQUIRED BASIC MODULES:
IO::Stringy
Compress::Zlib
MIME::Words
MIME::Head
MIME::Body
MIME::Entity
MIME::Parser
MIME::Decoder
MIME::Decoder::Base64
MIME::Decoder::Binary
MIME::Decoder::QuotedPrint
MIME::Decoder::NBit
MIME::Decoder::UU
MIME::Decoder::Gzip64
Net::Server
Net::Server::PreFork
BEGIN failed--compilation aborted at /usr/local/sbin/amavisd line 234.
根据以上缺少内容,边安装边调试
安装
Mail/SpamAssassin.pm
相关
perl
模块
REQUIRED module missing: HTML::Parser
optional module missing: Mail::SPF
optional module missing: Mail::SPF::Query
optional module missing: IP::Country
optional module missing: Razor2
optional module missing: Net::Ident
optional module missing: IO::Socket::INET6
optional module missing: IO::Socket::SSL
optional module missing: Mail::DomainKeys
optional module missing: Mail::DKIM
optional module missing: LWP::UserAgent
optional module missing: HTTP::Date
optional module missing: Archive::Tar
optional module missing: IO::Zlib
optional module missing: Encode::Detect
最终调试结果部分:
May 12 17:01:02.413 test.com /usr/local/sbin/amavisd[25969]: ANTI-VIRUS code loaded
May 12 17:01:02.413 test.com /usr/local/sbin/amavisd[25969]: ANTI-SPAM code loaded
May 12 17:01:02.414 test.com /usr/local/sbin/amavisd[25969]: ANTI-SPAM-SA code loaded
3. mail:: spamassassin
配置如下
# more /etc/mail/spamassassin/local.cf
#####################################
required_hits 5
use_bayes 1
bayes_auto_learn 1
skip_rbl_checks 0
use_razor2 1
use_pyzor 0
#####################################
# chown �CR amavis.amavis /usr/share/spamassassin
# chmod �CR 777 /usr/share/spamassassin
以上两步不这样做
,mail:: spamassassin
配置文件不会起作用
.
4.
添加postfix
反病毒和反垃圾
# more /etc/main.cf
content_filter = smtp-amavis:[127.0.0.1]:10024
max_use = 10
# more /etc/
postfix
/master.cf
# antispam #
#############################################################################
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
localhost:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o mynetworks=127.0.0.0/8
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
5./etc/rc.local
起动文件
###############################################
# Start Nginx+extmailcgi
/var/www/extsuite/extmail/dispatch-init start
/usr/local/nginx/sbin/nginx
# mysql
/usr/local/mysql/bin/mysqld_safe --user=mysql &
# authlib
/usr/local/authlib/sbin/authdaemond start
# sasl
/usr/local/sbin/saslauthd -a shadow pam
# postfix
/usr/sbin/postfix start
# mailgraph
/usr/local/mailgraph_ext/mailgraph-init start
/usr/local/mailgraph_ext/qmonitor-init start
# spam
/usr/bin/spamd --daemonize --pidfile /var/run/spamd.pid
/usr/local/sbin/amavisd start
/usr/local/clamav/sbin/clamd
###############################################
测试一下反SPAM
效果,
以下是maillog
日志
May 12 17:22:05 MailSer1 postfix/smtpd[2354]: connect from m15-74.126.com[220.181.15.74]
May 12 17:22:05 MailSer1 postfix/smtpd[2354]: 66871816F: client=m15-74.126.com[220.181.15.74]
May 12 17:22:05 MailSer1 postfix/cleanup[2362]: 66871816F: message-id=<[email protected]>
May 12 17:22:05 MailSer1 postfix/qmgr[2184]: 66871816F: from=<[email protected]>, size=2233, nrcpt=1 (queue active)
May 12 17:22:05 MailSer1 postfix/smtpd[2354]: disconnect from m15-74.126.com[220.181.15.74]
May 12 17:22:10 MailSer1 postfix/smtpd[2367]: connect from MailSer1[127.0.0.1]
May 12 17:22:10 MailSer1 postfix/smtpd[2367]: 7C5D78174: client=MailSer1[127.0.0.1]
May 12 17:22:10 MailSer1 postfix/cleanup[2362]: 7C5D78174: message-id=<[email protected]>
May 12 17:22:10 MailSer1 postfix/qmgr[2184]: 7C5D78174: from=<[email protected]>, size=2669, nrcpt=1 (queue active)
May 12 17:22:10 MailSer1 postfix/smtp[2364]: 66871816F: [email protected], relay=127.0.0.1[127.0.0.1]:10024, delay=5.2, delays=0.16/0.1/0.05/4.9, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02198-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 7C5D78174)
May 12 17:22:10 MailSer1 postfix/qmgr[2184]: 66871816F: removed
May 12 17:22:10 MailSer1 authdaemond: received userid lookup request: [email protected]
May 12 17:22:10 MailSer1 authdaemond: authmysql: trying this module
May 12 17:22:10 MailSer1 authdaemond: authmysqllib: connected. Versions: header 50041, client 50041, server 50041
May 12 17:22:10 MailSer1 authdaemond: SQL query: SELECT username, password, "", '1001', '1001', '/var/mailbox/', maildir, concat(quota,' S'), name, "" FROM mailbox WHERE username = '[email protected]' AND (active='1')
May 12 17:22:10 MailSer1 authdaemond: Authenticated: sysusername=<null>, sysuserid=1001, sysgroupid=1001, homedir=/var/mailbox/, [email protected], fullname=test, maildir=mail.test.com/test/Maildir/, quota=5242880S S, options=<null>
May 12 17:22:10 MailSer1 authdaemond: Authenticated: clearpasswd=<null>, passwd=$1$92oqbXjU$g/EwkMIivyj0LPwVsP7CQ.
May 12 17:22:10 MailSer1 postfix/pipe[2370]: 7C5D78174: [email protected], relay=maildrop, delay=0.24, delays=0.04/0.09/0/0.11, dsn=2.0.0, status=sent (delivered via maildrop service)
May 12 17:22:10 MailSer1 postfix/qmgr[2184]: 7C5D78174: removed
可能出现的问题:
Hits
值总为
0,
可能是
mail::
spamassassin
没有起作用
,
查看一下
/usr/share/spamassassin/
是否有访问权限
,
其属主为
amavis
6.
病毒库和反垃圾规则更新
[root@MailSer1 ~]# crontab -l
0 0 1 * * root wget -N -P /usr/share/spamassassin www.ccert.edu.cn/spam/sa/Chinese_rules.cf;kill -HUP `cat /var/run/spamd.pid`
00 00 * * * /usr/local/clamav/bin/freshclam
补充:
垃圾邮件分捡:
# more /etc/maildroprc
logfile "/var/log/maildrop.log"
if (/^X-Spam-Flag:.*YES/)
{
exception {
to "$HOME/$DEFAULT/.Junk/."
}
}
到此,整个邮件系统安装基本完成,在安装过程中,参考了网上很多资料,同时也发现了许多问题!这几篇文章难免还有一些不足,我会不断完善,也欢迎大家指正!