maildrop是一个使用C++编写的用来代替本地MDA的带有过滤功能邮件投递代理,是courier邮件系统组件之一。它从标准输入接受信息并投递到用户邮箱;maildrop既可以将邮件投递到mailboxes格式邮箱,亦可以将其投递到maildirs格式邮箱。同时,maildrop可以从文件中读取入站邮件过滤指示,并由此决定是将邮件送入用户邮箱或者转发到其它地址等。和procmail不同的是,maildrop使用结构化的过滤语言,因此,邮件系统管理员可以开发自己的过滤规则并应用其中。
我们在此将使用maildrop来代替postfix自带的MDA,并以此为基础扩展后文的邮件杀毒和反垃圾邮件功能的调用;在此可能会修改前文中的许多设置,请确保您的设置也做了相应的修改。
maildrop 2.0.4 Copyright 1998-2005 Double Precision, Inc.
GDBM extensions enabled.
Courier Authentication Library extension enabled.
Maildir quota extension enabled.
License. See COPYING for additional information.
>, relay=maildrop, delay=2306, delays=2306/0.04/0/0.07, dsn=2.0.0, status=sent (delivered via maildrop service)
接下来安装反病毒和反垃圾邮件的相关组件clamav、amavisd和SpamAssassin
ClamAV是一个unix系统平台上的开源反病毒工具,它是特地为在邮件网关上进行邮件扫描而设计的。整套软件提供了许多的实用工具,包括一个可伸缩和可升级的多线程守护进程、一个命令行扫描工具和病毒库自动升级工具。
SpamAssassin 是目前最好的、最流行的开源反垃圾邮件软件之一。它是一个邮件过滤器,使用了多种反垃圾邮件技术,如:文本分析、贝叶斯过滤、DNS黑名单和分布式协同过滤数据库等。
amavisd-new是一个连接MTA和内容检测工具(诸如病毒扫描工具和SpamAssassin)的高性能接口程序,使用perl语言写成。它一般通过SMTP、ESMTP或者LMTP和MTA进行通讯,当然也可以借助于其它外部程序进行。同postfix(MTA)协同工作时表现尤佳。当它呼叫SpamAssassin进行内容过滤时,对于一封邮件只需要呼叫一次,而不管这封邮件将发往多少个收件人;同时,它亦会尽力保证实现每一位收件人的偏好设置,如接收/拒绝,检测/不检测,垃圾邮件级别等;它还会在邮件头部分插入spam相关信息。
十四、安装clamav-0.91.2
最新的clamav-0.91.2需要zlib-1.2.2以上的版本的支持,而RHEL4上的版本为zlib-1.2.1,因此您需要先升级zlib
1、安装zlib-1.2.3
#tar zvxf zlib-1.2.3.tar.gz
#cd zlib-1.2.3
#./configure --prefix=/usr --shared
#make
#make test
2、安装clamav-0.91.2
添加ClamAV运行所需的组和用户:
#groupadd clamav
#useradd -g clamav -s /sbin/nologin -M clamav
添加配合amavisd-new使用的用户amavis
#groupadd amavis
#useradd -g amavis -s /sbin/nologin -M amavis
#tar zxvf clamav-0.91.2.tar.gz
#cd clamav-0.91.2
#./configure --prefix=/usr/local/clamav --with-dbdir=/usr/local/clamav/share --sysconfdir=/etc/clamav
#make
#make check
#make install
3、配置Clam AntiVirus:
编辑主配置文件:
#vi /etc/clamav/clamd.conf
注释掉第八行的Example,如下:
# Example
找到如下行
#LogFile /tmp/clamd.log
#PidFile /var/run/clamd.pid
LocalSocket /tmp/clamd.socket
#DatabaseDirectory /var/lib/clamav
#User clamav
修改为:
LogFile /var/log/clamav/clamd.log
PidFile /var/run/clamav/clamd.pid
LocalSocket /var/run/clamav/clamd.socket
DatabaseDirectory /usr/local/clamav/share
User amavis
启用以下选项
LogSyslog yes
LogFacility LOG_MAIL
LogVerbose yes
StreamMaxLength 20M (后面的数值应该与邮件服务器允许的最大附件值相一致)
编辑更新进程的配置文件
#vi /etc/clamav/freshclam.conf
注释掉Example,如下:
# Example
找到如下行
#DatabaseDirectory /var/lib/clamav
#UpdateLogFile /var/log/freshclam.log
PidFile /var/run/freshclam.pid
分别修改为:
DatabaseDirectory /usr/local/clamav/share
UpdateLogFile /var/log/clamav/freshclam.log
PidFile /var/run/clamav/freshclam.pid
启用以下选项:
DatabaseMirror db.XY.clamav.net (这里也可以把XY改成您的国家代码来实现,比如,我们用cn来代替)
LogSyslog yes
LogFacility LOG_MAIL
LogVerbose yes
4、建立日志所在的目录、进程与socket所在的目录,并让它属于clamav用户:
# mkdir -v /var/log/clamav
# chown -R amavis.amavis /var/log/clamav
# mkdir -v /var/run/clamav
# chmod 700 /var/run/clamav
# chown -R amavis.amavis /var/run/clamav
建立freshlog的日志文件
#touch /var/log/clamav/freshclam.log
#chown clamav.clamav /var/log/clamav/freshclam.log
5、配置crontab,让Clam AntiVirus每小时检测一次新的病毒库:
# crontab -e
添加:
37 * * * * /usr/local/clamav/bin/freshclam
6、配置库文件搜索路径:
# echo “/usr/local/clamav/lib” >> /etc/ls.so.conf
# ldconfig -v
7、配置clamav开机自动启动
# cp contrib/init/RedHat/clamd /etc/rc.d/init.d/clamd
# cp contrib/init/RedHat/clamav-milter /etc/rc.d/init.d/clamav-milter
# chkconfig --add clamd
# chkconfig --add clamav-milter
# chkconfig --level 2345 clamd on
# chkconfig --level 2345 clamav-milter on
编辑/etc/rc.d/init.d/clamd,将服务进程的路径指向刚才的安装目录
#vi /etc/rc.d/init.d/clamd
找到如下行
progdir="/usr/local/sbin"
修改为:
progdir="/usr/local/clamav/sbin"
启动clamd
#service clamd start
十五、安装Spamassassin-3.2.3 (2007.9.19新增)
1、依赖关系的解决,安装Spamassassin需要很多perl模块的支持,以下是所需模块列表及安装方法;
必须的软件包:
Digest::SHA1
HTML::Parser
Net::DNS
LWP (aka libwww-perl)
HTTP::Date
IO::Zlib
Archive::Tar
可选的软件包,其中有些后面的amavisd也有可能会用到:
MIME::Base64
DB_File
Net::SMTP
Mail::SPF
IP::Country::Fast
Net::Ident
IO::Socket::INET6
IO::Socket::SSL
Compress::Zlib
Time::HiRes
Mail::DKIM
Mail::DomainKeys
DBI *and* DBD driver/modules
Encode::Detect
Apache::Test
Razor2
推荐使用CPAN自动安装(你的主机要能连上Internet),它能够自动下载安装,并能解决安装过程中的依赖关系。您可以使用类同的以下的命令来进行安装:
#perl -MCPAN -e shell
cpan> install Digest::SHA1
………………
如果您的主机无法直接连接到Internet,您也可以到
[url]http://search.cpan.org[/url]上搜索下载所需要的软件包,而后使用类同的下列命令安装:
#tar zxvf 软件包.tar.gz
#cd 软件包
#perl Makefile.PL
#make
#make test
#make install
说明:某些软件包安装的过程中可能需要已经列出的其它软件包的支持(可以先尝试安装Spamassassin,然后按提示补充所需软件包),请安照提示自行调整安装顺序。另外,其中有个软件包安装过程中可能要求声明环境变量LC_ALL,此时,可输入如下命令,并重新进行软件包的编译安装即可。
#export LC_ALL=C
2、安装Spamassassin-3.2.3
#tar jxvf Mail-SpamAssassin-3.2.3.tar.bz2
#cd Mail-SpamAssassin-3.2.3
#perl Makefile.PL
#make
#make check
#make istall
3、编辑主配置文件/etc/mail/spamassassin/local.cf
required_hits 10.0
rewrite_subject 1
required_score 5.0
rewrite_header Subject *****SPAM*****
report_safe 1
use_bayes 1
bayes_auto_learn 1
skip_rbl_checks 1
use_razor2 0
use_pyzor 0
ok_locales all
4、测试spamassassin
#spamassassin -t < sample-nonspam.txt > nonspam.out
#spamassassin -t < sample-spam.txt > spam.out
查看测试结果:
#less nonspam.out
#less spam.out
5、检查配置文件
#spamassassin -d --lint
6、启动进程,并将其加入到自动启动队列
#/usr/bin/spamd -d
#echo "/usr/bin/spamd -d" >> /etc/rc.local
十六、安装amavisd-new-2.5.2
1、依赖关系的解决
以下为官方声明所必须的软件包列表,你可以采用类同安装Spamassassin一节中的perl模块的安装方法进行安装
Archive::Zip (Archive-Zip-x.xx) (1.14 or later should be used!)
Compress::Zlib (Compress-Zlib-x.xx) (1.35 or later)
Convert::TNEF (Convert-TNEF-x.xx)
Convert::UUlib (Convert-UUlib-x.xxx) (1.08 or later, stick to new versions!)
MIME::Base64 (MIME-Base64-x.xx)
MIME::Parser (MIME-Tools-x.xxxx) (latest version from CPAN - currently 5.420)
Mail::Internet (MailTools-1.58 or later have workarounds for Perl 5.8.0 bugs)
Net::Server (Net-Server-x.xx) (version 0.88 finally does setuid right)
Digest::MD5 (Digest-MD5-x.xx) (2.22 or later)
IO::Stringy (IO-stringy-x.xxx)
Time::HiRes (Time-HiRes-x.xx) (use 1.49 or later, older can cause problems)
Unix::Syslog (Unix-Syslog-x.xxx)
BerkeleyDB with bdb library 3.2 or later (4.2 or later preferred)
2、安装amavisd-new-2.5.2
创建运行时目录,并赋予amavis用户(前文中所建)
# mkdir -pv /var/amavis/{tmp,var,db,home}
# chown -R amavis:amavis /var/amavis
#chmod -R 750 /var/amavis
#tar zxvf amavisd-new-2.5.2.tar.gz
#cd amavisd-new-2.5.2
拷贝服务端至$PATH中指定的目录,推荐拷贝至/usr/local/sbin:
#cp amavisd /usr/local/sbin/
#chown root /usr/local/sbin/amavisd
#chmod 755 /usr/local/sbin/amavisd
拷贝主配置文件至/etc,并修改相应的权限:
#cp amavisd.conf /etc
# chown root:amavis /etc/amavisd.conf
# chmod 640 /etc/amavisd.conf
创建amavisd运行中所需要的隔离区域:
# mkdir -v /var/virusmails
# chown amavis:amavis /var/virusmails/
# chmod 750 /var/virusmails/
3、编辑主配置文件
#vi /etc/amavisd.conf
确保您的如下选项的值如下文所示:
$daemon_user = 'amavis';
$daemon_group = 'amavis';
$mydomain = 'benet.org'; (此处可更改为您集体的域)
$virus_admin = "postmaster\@$mydomain";
$mailfrom_notify_admin = "postmaster\@$mydomain";
$mailfrom_notify_recip = "postmaster\@$mydomain";
$mailfrom_notify_spamadmin = "postmaster\@$mydomain";
$mailfrom_to_quarantine = '';
virus_admin_maps => ["postmaster\@$mydomain"] (指定报告病毒和垃圾邮件时发送系统邮件的用户身份)
spam_admin_maps => ["postmaster\@$mydomain"]
启用ClamAV,(大概在第355行)去掉如下行前的注释符:
#['ClamAV-clamd',
# \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
# qr/\bOK$/, qr/\bFOUND$/,
# qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# ['Mail::ClamAV', \&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/],
并将如上行中的/var/run/clamav/clamd修改为:/var/run/clamav/clamd.socket
4、测试启动
#/usr/local/sbin/amavisd
您也可以按如下命令调试启动
#/usr/local/sbin/amavisd debug
5、修改postfix的配置,让它能调用amavisd,以实现病毒及垃圾邮件的过滤
#vi /etc/postfix/master.cf
在文末添加如下内容:
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
#
amavisfeed unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
#
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o local_header_rewrite_clients=
说明:注意每行“-o”前的空格;
#vi /etc/postifx/main.cf
在文末添加如下行:
content_filter=amavisfeed:[127.0.0.1]:10024
4、让postfix重新加载主配置文件,并查看启动情况
# postfix reload && tail -f /var/log/maillog
5、查看amavisd是否在监听10024端口,并测试服务启动情况:
# telnet localhost 10024
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
EHLO localhost
250-[127.0.0.1]
250-VRFY
250-PIPELINING
250-SIZE
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 XFORWARD NAME ADDR PROTO HELO
Quit
221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
Connection closed by foreign host.
6、postfix重新加载配置文件后将授权并激活"127.0.0.1:10025"端口,一个正常的服务连接应该类同下面所示:
# telnet localhost 10025
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 Welcome to our mail.benet.org ESMTP,Warning: Version not Available
EHLO localhost
250-mail.benet.org
250-PIPELINING
250-SIZE 14336000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
QUIT
221 2.0.0 Bye
Connection closed by foreign host.
7、通过amavisd测试发信
]# telnet localhost 10024
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
HELO localhost
250 [127.0.0.1]
MAIL FROM:<>
250 2.1.0 Sender <> OK
RCPT TO:<postmaster>
250 2.1.5 Recipient <postmaster> OK
DATA
354 End data with <CR><LF>.<CR><LF>
From:Anti-Virus tester
To: MailServer Admin
Subject:amavisd test!
amavisd test!!
.
250 2.0.0 Ok: queued as 263FC1A609
quit
221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
Connection closed by foreign host.
接下来使用root用户测试收信
# mail
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/root": 1 message 1 new
>N 1 Anti-Virus tester Wed Sep 19 01:19 23/798 "amavisd test!"
& 1
Message 1:
From MAILER-DAEMON Wed Sep 19 01:19:16 2007
X-Original-To: postmaster
Delivered-To:
[email protected]
X-Quarantine-ID: <3gmvpc8RxPtn>
X-Virus-Scanned: amavisd-new at benet.org
X-Amavis-Alert: BAD HEADER, MIME error: error: unexpected end of header
From:Anti-Virus tester
To: MailServer Admin
Subject:amavisd test!
Date: Wed, 19 Sep 2007 01:19:15 +0800 (CST)
amavisd test!!
&
十七、测试使用反病毒及反垃圾模块
1、病毒邮件发送测试
登录extmail,发送带有病毒附件的邮件(病毒样本可以去Internet上随意搜寻一个),查看发送情况:
# tail -3 /var/log/clamav/clamd.log