源码搭建全功能邮件系统（7）

 十二 avamvis-new

1． 安装

# mkdir -p /var/amavis /var/amavis/tmp /var/amavis/var /var/amavis/db

# chown -R amavis:amavis /var/amavis

# chmod -R 750 /var/amavis

 

# cp amavisd /usr/local/sbin/

# chown root /usr/local/sbin/amavisd

# chmod 755 /usr/local/sbin/amavisd

 

# cp amavisd.conf /etc/

# chown root /etc/amavisd.conf

# chmod 644 /etc/amavisd.conf

 

# cp amavisd_init.sh /etc/init.d/amavisd

# chmod 744 /etc/init.d/amavisd

# chkconfig --add amavisd

# chkconfig --level 2345 amavisd on

# vim /etc/rc.d/init.d/amavisd

prog="/usr/local/sbin/amavisd"

 

病毒邮件存放目录

# mkdir /var/virusmails

# chown amavis:amavis /var/virusmails

# chmod 750 /var/virusmails

 

编辑/etc/amavisd.conf，修改下面这几行

# vim /etc/amavisd.conf

$daemon_user = 'amavis';

$daemon_group = 'amavis';

$mydomain = 'zhousonglinux.com';

$db_home = "$MYHOME/db";

$lock_file = "$MYHOME/var/amavisd.lock";

$pid_file  = "$MYHOME/var/amavisd.pid";

$myhostname = 'mail.zhousonglinux.com';

@local_domains_maps = qw(.);

@mynetworks = qw( 127.0.0.0/8 );

 

 

 

对本地发出的邮件不进行内容过滤

$policy_bank{'MYNETS'} = {   # mail originating from @mynetworks

  originating => 1,  # is true in MYNETS by default, but let's make it explicit

  os_fingerprint_method => undef,  # don't query p0f for internal clients

  allow_disclaimers => 1,  # enables disclaimer insertion if available

  bypass_spam_checks_maps => [1],

  bypass_banned_checks_maps => [1],

  bypass_header_checks_maps => [1],

}; 

 

 

 

$sa_spam_modifies_subj = 0; 

# 当邮件被认为是垃圾邮件时，是否修改邮件的主题

$remove_existing_x_scanned_headers= 1;

 # 凡是经过 Amavisd 过滤的邮件，都会在邮件头中被加入一行邮件头信息

$remove_existing_spam_headers = 1;

 

 

 

# 修改投递/拦截的方法:

$final_virus_destiny      = D_DISCARD;

$final_banned_destiny     = D_DISCARD;

$final_spam_destiny       = D_PASS;

$final_bad_header_destiny = D_PASS;

 

 

 

# 配置Amavisd与Clamav结合

['ClamAV-clamd',

  \&ask_daemon, ["CONTSCAN {}\n", " /usr/local/clamav/var/run/clamd.socket "],

  qr/\bOK$/, qr/\bFOUND$/,

  qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

);

 

@av_scanners_backup = (

  ['ClamAV-clamscan', 'clamscan',

    "--stdout --no-summary -r --tempdir=$TEMPBASE {}",

    [0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

);

 

 

 

amavisd.conf常用参数说明：

 

$max_servers = 10;               设置最大可使用的进程数

$sa_spam_subject_tag = '[SPAM] ';   加 [SPAM] 标记

$mydomain = 'mail.zhousonglinux.com';     设置域名

$myhostname = 'mail.zhousonglinux.com';   设置主机名

@local_domains_maps = qw(.);     对所有的域检查

$sa_tag2_level_deflt = 5.0;         超过这个分数，允许在邮件标题加入[SPAM] 标记

$sa_kill_level_deflt = 5.0;         超过这个分数，直接�⑿偶�备份后删除

$final_virus_destiny:             检测到病毒时的动作

$final_banned_destiny:           检测到受禁止的内容时的动作

$final_spam_destiny:            检测到垃圾邮件、广告邮件（spam）时的动作

$final_bad_header_destiny：      检测到不良信件时的动作

 

默认有以下几种动作：

D_PASS:                     无论信件是否有问题，都会将信件发给收件人

D_DISCARD:                 信件将被丢弃，并且不会告知收件人及发件人

D_BOUNCE:                 信件不会发送给收件人，但会通知发件人邮件没有被投递

D_REJECT:           邮件不会被投递给收件人，但会通知发件人邮件被拒绝

 

 

注意事项：

 

上述$mydomain参数与$myhostname参数相同，主要是为了方便之后的病毒/垃圾汇报邮件发给系统管理员时，能投递到本地的别名里，再转交到虚拟域的特定用户。

 

 

 

配置Postfix 集成amavisd-new

编辑master.cf文件：

# vim /etc/postfix/master.cf

增加如下内容：

smtp-amavis unix    -    -    n    -    3    smtp

    -o smtp_data_done_timeout=1200

    -o smtp_send_xforward_command=yes

    -o disable_dns_lookups=yes

    -o max_use=10

 

127.0.0.1:10025 inet    n       -       n       -       -       smtpd

    -o content_filter=

    -o local_recipient_maps=

    -o relay_recipient_maps=

    -o smtpd_restriction_classes=

    -o smtpd_client_restrictions=

    -o smtpd_helo_restrictions=

    -o smtpd_sender_restrictions=

    -o smtpd_recipient_restrictions=permit_mynetworks,reject

    -o mynetworks=127.0.0.0/8

    -o strict_rfc821_envelopes=yes

    -o smtpd_error_sleep_time=0

    -o smtpd_soft_error_limit=1001

    -o smtpd_hard_error_limit=1000

-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks

 

编辑main.cf文件：

# vim /etc/postfix/main.cf

增加如下内容：

# Content-Filter

content_filter = smtp-amavis:[127.0.0.1]:10024

receive_override_options = no_address_mappings

注意：receive_override_options 这里必须增加，禁止地址展开/影射，否则如果遇到别名的时候会引起冗余邮件的产生。

重启postfix ：

# postfix stop

#postfix start

 

测试amavis

# /usr/local/sbin/amavisd debug

/usr/local/sbin/amavisd debug 测试amavis。一般而言，测试皆不能正常进行，因为所需要的很多perl模块很可能没有被安装。还好，报错信息给出了所需的模块。然后缺少什么perl模块就装什么perl模块。

# telnet localhost 10024

Trying 127.0.0.1...

Connected to test.com (127.0.0.1).

Escape character is '^]'.

220 [127.0.0.1] ESMTP amavisd-new service ready

启动amavisd

#service amavisd start

 

测试Clamav

# telnet localhost 25

Trying 127.0.0.1...

Connected to localhost.localdomain (127.0.0.1).

Escape character is '^]'.

220 mail.extmail.org ESMTP Postfix - by extmail.org

mail from: [email protected]     << 输入内容

250 2.1.0 Ok

rcpt to: [email protected]     << 输入内容

250 2.1.5 Ok

data     << 输入内容

354 End data with .

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*     << 输入内容

.

250 2.0.0 Ok: queued as BC24E85260

quit     << 输入内容

221 2.0.0 Bye

Connection closed by foreign host.

 

在邮件日志里，应该有相应的信息出现：

 

Mar 22 06:43:15 localhost amavis[15405]: (15405-01) Blocked INFECTED (Eicar-Test-Signature), [192.168.0.235] ->, quarantine:

virus-mI6vbjkWZ2Tz, Message-ID: <003401c88c1a$74706360$eb00a8c0@nbk00045>, mail_id: mI6vbjkWZ2Tz, Hits: -, size: 1757, 474 ms

 

如果看到类似这样的日志，表明Clamav+Amavisd-new工作正常。