|
|
一、安装Amavisd-new+SpamAssassin
说明:amavisd-new是介于MTA与邮件分析软件(如sa、clama)之间的一个接口;可以将位于队列的邮件取出来,调用ClamAV对邮件进行病毒扫描,调用SpamAssassin对邮件内容进行过滤 。
官方网站:
http://www.ijs.si/software/amavisd/
安装参考:
http://www.shisaa.jp/postset/mailserver-3.html
http://www.postfixvirtual.net/postfixantivirus.html#amavisdnew
1、安装yum源
注意:根据系统版本(centos6.6_64bit)选择安装相应目录(e16、x86_64)下的源。
2、安装amavisd-new spamassassin
说明:最新的RPM包版本是2.8.0,有个BUG会报(!)auto-learning错误,因此建议安装2.6.6版本。
或者在官方主页上下载最新2.10.0版本源码包进行编译安装,不过比较麻烦而且容易出错。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
| [iyunv@mail ~]# yum install amavisd-new-2.6.6
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
amavisd-new x86_64 2.6.6-3.el6.rf rpmforge 816 k
Installing for dependencies:
arj x86_64 3.10.22-2.el6.rf rpmforge 186 k
perl-Archive-Tar x86_64 1.58-136.el6_6.1 updates 73 k
perl-Archive-Zip noarch 1.30-2.el6 base 107 k
perl-BerkeleyDB x86_64 0.43-1.el6.rf rpmforge 296 k
perl-Compress-Raw-Zlib x86_64 1:2.021-136.el6_6.1 updates 69 k
perl-Compress-Zlib x86_64 2.021-136.el6_6.1 updates 45 k
perl-Convert-BinHex noarch 1.119-10.1.el6 base 43 k
perl-Convert-TNEF noarch 0.18-1.el6.rf rpmforge 18 k
perl-Convert-UUlib x86_64 1:1.34-1.el6.rf rpmforge 303 k
perl-Crypt-OpenSSL-Bignum x86_64 0.04-8.1.el6 base 34 k
perl-Crypt-OpenSSL-RSA x86_64 0.25-10.1.el6 base 37 k
perl-Crypt-OpenSSL-Random x86_64 0.04-9.1.el6 base 22 k
perl-Digest-HMAC noarch 1.01-22.el6 base 22 k
perl-Digest-SHA1 x86_64 2.12-2.el6 base 49 k
perl-Encode-Detect x86_64 1.01-2.el6 base 80 k
perl-IO-Compress-Base x86_64 2.021-136.el6_6.1 updates 69 k
perl-IO-Compress-Zlib x86_64 2.021-136.el6_6.1 updates 135 k
perl-IO-Socket-INET6 noarch 2.56-4.el6 base 17 k
perl-IO-Socket-SSL noarch 1.31-2.el6 base 69 k
perl-IO-Zlib x86_64 1:1.09-136.el6_6.1 updates 33 k
perl-IO-stringy noarch 2.110-10.1.el6 base 68 k
perl-MIME-tools noarch 5.427-4.el6 base 247 k
perl-Mail-DKIM noarch 0.37-2.el6 base 121 k
perl-Net-DNS x86_64 0.65-5.el6 base 232 k
perl-Net-LibIDN x86_64 0.12-3.el6 base 35 k
perl-Net-SSLeay x86_64 1.35-9.el6 base 173 k
perl-Net-Server noarch 0.99-1.el6.rf rpmforge 171 k
perl-NetAddr-IP x86_64 4.027-7.el6 base 96 k
perl-Package-Constants x86_64 1:0.02-136.el6_6.1 updates 26 k
perl-Socket6 x86_64 0.23-4.el6 base 27 k
perl-Test-Mock-LWP noarch 0.05-1.el6.rf rpmforge 18 k
perl-Test-MockObject noarch 1.09-4.el6 base 32 k
perl-UNIVERSAL-can noarch 1.15-1.el6 base 12 k
perl-UNIVERSAL-isa noarch 1.03-1.el6 base 11 k
perl-URI noarch 1.40-2.el6 base 117 k
perl-Unix-Syslog x86_64 1.1-1.el6.rf rpmforge 56 k
perl-libwww-perl noarch 5.833-2.el6 base 387 k
procmail x86_64 3.22-25.1.el6_5.1 base 162 k
ripole x86_64 0.2.0-1.2.el6.rf rpmforge 44 k
spamassassin x86_64 3.3.1-3.el6 base 1.1 M
unrar x86_64 5.0.3-1.el6.rf rpmforge 124 k
zoo x86_64 2.10-2.2.el6.rf rpmforge 76 k
Transaction Summary
================================================================================
Install 43 Package(s)
|
说明:依赖的软件包比较多,而且大部分本地系统盘中没有,需要到CPAN安装,因此使用源码包安装非常麻烦。
安装后生成了以下内容:
用户和组:amavis.amavis
家目录:/var/amavis/{db,tmp,var}
配置文件:/etc/amavisd.conf
启动进程:/usr/sbin/amavisd
spamassassin规则目录:/usr/share/spamassassin
spamassassin配置目录:/etc/mail/spamassassin
3、安装clamav
1
2
3
4
5
6
7
8
9
10
11
12
| [iyunv@mail ~]# yum install clamav clamd
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
clamav x86_64 0.98.4-1.el6.rf rpmforge 2.4 M
clamd x86_64 0.98.4-1.el6.rf rpmforge 158 k
Installing for dependencies:
clamav-db x86_64 0.98.4-1.el6.rf rpmforge 34 M
Transaction Summary
================================================================================
Install 3 Package(s)
|
安装后生成了以下内容:
用户和组clamav
数据库目录/var/clamav
临时目录/var/tmp
配置文件/etc/clamd.conf
启动程序/usr/sbin/clamd
PID文件/var/run/clamav/clamd.pid
SOCK文件/var/run/clamav/clamd.sock
日志文件/var/log/clamav/clamd.log
4、配置SASpamAssassin
(1)给SA增加中文规则
官方地址现在已经不提供文件下载了
www.ccert.edu.cn/spam/sa/Chinese_rules.cf.bak
参考文档:
http://www.securitycn.net/html/Plan/Solution/276.html
规则文件下载:
http://www.securitycn.net/img/uploadimg/20060329/Chinese_rules.cf
(2)更新SA训练库
[iyunv@mail ~]# sa-update
已默认设置了计划任务,每日4点10更新:
[iyunv@mail ~]# cat /etc/cron.d/sa-update
10 4 * * * root /usr/share/spamassassin/sa-update.cron 2>&1 | tee -a /var/log/sa-update.log
查看更新日志:
[iyunv@mail ~]# tail /var/log/sa-update.log
会出现一些无法下载更新的报错。
5、配置Amavisd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
| [iyunv@mail ~]# vi /etc/amavisd.conf
#基本设置,amavisd使用10024端口
$max_servers = 10;
$daemon_user = 'amavis';
$daemon_group = 'amavis';
$mydomain = 'yourmail.com';
$myhostname = 'mail.yourmail.com';
$MYHOME = '/var/amavis';
$db_home = "$MYHOME/db";
$lock_file = "$MYHOME/var/amavisd.lock";
$pid_file = "$MYHOME/var/amavisd.pid";
@local_domains_maps = ( [".$mydomain"] ); # = qw(.); #对所有的域检查
@mynetworks = qw( 127.0.0.0/8 ); #本地网段
#修改判定垃圾邮件的分数
$sa_tag_level_deflt = 2.0; #添加SPAM标题
$sa_tag2_level_deflt = 6.2; #添加垃圾邮件信头
$sa_kill_level_deflt = 6.9; #將信件备份后删除
# 修改投递/拦截的方法:
$final_virus_destiny = D_BOUNCE; #检测到病毒,拦截并通知发件
$final_banned_destiny = D_BOUNCE; #检测到受禁止的内容,拦截并通知发件
$final_spam_destiny = D_PASS; #垃圾邮件,不拦截,后面会设置maildroprc将垃圾邮件移动到垃圾箱
$final_bad_header_destiny = D_PASS; #不良信件头,不拦截
#D_DISCARD丢弃且不通知;D_REJECT拒绝投递并通知发件人
# 配置Amavisd与Clamav结合
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"], #/etc/clamd.conf定义了sock路径
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
|
调试amavisd程序和配置是否正确
1
2
3
4
5
6
7
| [iyunv@mail ~]# /usr/sbin/amavisd -c /etc/amavisd.conf debug
Dec 5 15:06:03.789 mail.yourmail.com /usr/sbin/amavisd[33379]: logging initialized, log level 0, syslog: amavis.mail
Dec 5 15:06:03.794 mail.yourmail.com /usr/sbin/amavisd[33379]: run_command: [33380] /usr/bin/uptime </dev/null 2>/dev/null
Dec 5 15:06:03.827 mail.yourmail.com /usr/sbin/amavisd[33379]: system uptime 2 4:12:00: 15:06:03 up 2 days, 4:12, 5 users, load average: 0.00, 0.00, 0.00
Dec 5 15:06:03.827 mail.yourmail.com /usr/sbin/amavisd[33379]: Valid PID file (younger than sys uptime 2 4:12:00)
Dec 5 15:06:03.828 mail.yourmail.com /usr/sbin/amavisd[33379]: The amavisd daemon is already running, PID: [33061]
The amavisd daemon is already running, PID: [33061]
|
没有异常提示或报错退出则表示一切都正常
6、配置ClamAV
(1)修改目录权限
1
| [iyunv@mail ~]# chown -R clamav:clamav /var/run/clamav
|
(2)将clamav用户加入amavis组
1
2
3
| [iyunv@mail ~]# usermod -G amavis clamav
[iyunv@mail ~]# groups clamav
clamav : clamav amavis
|
一定要检查下clamav是否加入了amavis组,否则病毒邮件测试时会报权限错误
(3)更新病毒库
1
2
3
4
5
6
7
8
9
10
11
12
13
| [iyunv@mail ~]# /usr/bin/freshclam
ClamAV update process started at Fri Dec 5 15:08:06 2014
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.98.4 Recommended version: 0.98.5
DON''T PANIC! Read http://www.clamav.net/support/faq
main.cld is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Downloading daily-19727.cdiff [100%]
Downloading daily-19728.cdiff [100%]
Downloading daily-19729.cdiff [100%] #]
daily.cld updated (version: 19729, sigs: 1282958, f-level: 63, builder: neo)
bytecode.cvd is up to date (version: 242, sigs: 46, f-level: 63, builder: dgoddard)
Database updated (3707229 signatures) from db.cn.clamav.net (IP: 202.118.1.66)
Clamd successfully notified about the update.
|
说明:提示你安装最新版本0.98.5,不用管它,成功下载cdiff病毒库文件就行。
(4)设置定时更新
1
2
| [iyunv@mail ~]# vi /etc/cron.d/freshclam
30 4 * * * root /usr/bin/freshclam
|
7、配置Postfix集成amavisd
(1)创建病毒垃圾邮箱
在extman中给postmaster添加别名,即/etc/amavisd.conf中定义的病毒和垃圾收集邮箱virusalert、spam.police
这里还添加了root和admin别名,也可以在别名库中设置(/etc/aliases)。
(2)设置smtp-amavis进程和回注进程
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
| [iyunv@mail ~]# vi /etc/postfix/master.cf
#邮件传送给amavis进行扫描
smtp-amavis unix - - n - 10 smtp
#10表示maxproc,对应amavisd.conf中的$max_servers
-o smtp_data_done_timeout=1200
#超时时间,单位秒,应比postfix的超时时间更长
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
#amavis扫描完成后,使用一个单独的smtp进程将mail回注给postfix,只要本地10025上运行,因此不用开放端口
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
-o local_header_rewrite_clients=
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=
|
(3)设置Postfix内容过滤器:
1
2
3
4
| [iyunv@mail ~]# vi /etc/postfix/main.cf
# Postfix将邮件传递给amavisd检查
content_filter = smtp-amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
|
8、启动进程
先停止postfix服务:
1
| [iyunv@mail ~]# service postfix stop
|
1
2
3
| [iyunv@mail ~]# /etc/init.d/spamassassin start
[iyunv@mail ~]# netstat -tnlp |grep 783
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 31943/spamd.pid
|
1
2
3
| [iyunv@mail ~]# /etc/init.d/clamd start
[iyunv@mail ~]# netstat -tnlp |grep 3310
tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 31983/clamd
|
1
2
3
4
| [iyunv@mail ~]# /etc/init.d/amavisd start
[iyunv@mail ~]# netstat -tnlp | grep 10024
tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 32121/amavisd (mast
tcp 0 0 ::1:10024 :::* LISTEN 32121/amavisd (mast
|
启动和重载amavisd时可以查看日志是否有报错:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
| [iyunv@mail ~]# tail /var/log/maillog
Dec 11 09:08:28 mail amavis[17768]: starting. /usr/sbin/amavisd at mail.yourmail.com amavisd-new-2.6.6 (20110518), Unicode aware, LANG="zh_CN.UTF-8"
Dec 11 09:08:28 mail amavis[17768]: Perl version 5.010001
Dec 11 09:08:28 mail amavis[17768]: Perl version 5.010001
Dec 11 09:08:29 mail amavis[17769]: Net::Server: Group Not Defined. Defaulting to EGID '491 491'
Dec 11 09:08:29 mail amavis[17769]: Net::Server: User Not Defined. Defaulting to EUID '494'
Dec 11 09:08:29 mail amavis[17769]: Module Amavis::Conf 2.209
Dec 11 09:08:29 mail amavis[17769]: Module Archive::Zip 1.39
Dec 11 09:08:29 mail amavis[17769]: Module BerkeleyDB 0.54
Dec 11 09:08:29 mail amavis[17769]: Module Compress::Zlib 2.066
Dec 11 09:08:29 mail amavis[17769]: Module Convert::TNEF 0.18
Dec 11 09:08:29 mail amavis[17769]: Module Convert::UUlib 1.4
Dec 11 09:08:29 mail amavis[17769]: Module Crypt::OpenSSL::RSA 0.28
Dec 11 09:08:29 mail amavis[17769]: Module DB_File 1.831
Dec 11 09:08:29 mail amavis[17769]: Module Digest::MD5 2.39
Dec 11 09:08:29 mail amavis[17769]: Module Digest::SHA 5.47
Dec 11 09:08:29 mail amavis[17769]: Module IO::Socket::INET6 2.72
Dec 11 09:08:29 mail amavis[17769]: Module MIME::Entity 5.505
Dec 11 09:08:29 mail amavis[17769]: Module MIME::Parser 5.505
Dec 11 09:08:29 mail amavis[17769]: Module MIME::Tools 5.505
Dec 11 09:08:29 mail amavis[17769]: Module Mail::DKIM::Signer 0.4
Dec 11 09:08:29 mail amavis[17769]: Module Mail::DKIM::Verifier 0.4
Dec 11 09:08:29 mail amavis[17769]: Module Mail::Header 2.14
Dec 11 09:08:29 mail amavis[17769]: Module Mail::Internet 2.14
Dec 11 09:08:29 mail amavis[17769]: Module Mail::SpamAssassin 3.004000
Dec 11 09:08:29 mail amavis[17769]: Module Net::DNS 0.81
Dec 11 09:08:29 mail amavis[17769]: Module Net::Server 2.008
Dec 11 09:08:29 mail amavis[17769]: Module NetAddr::IP 4.075
Dec 11 09:08:29 mail amavis[17769]: Module Socket6 0.25
Dec 11 09:08:29 mail amavis[17769]: Module Time::HiRes 1.9721
Dec 11 09:08:29 mail amavis[17769]: Module URI 1.65
Dec 11 09:08:29 mail amavis[17769]: Module Unix::Syslog 1.1
Dec 11 09:08:29 mail amavis[17769]: Amavis::DB code loaded
Dec 11 09:08:29 mail amavis[17769]: Amavis::Cache code loaded
Dec 11 09:08:29 mail amavis[17769]: SQL base code NOT loaded
Dec 11 09:08:29 mail amavis[17769]: SQL::Log code NOT loaded
Dec 11 09:08:29 mail amavis[17769]: SQL::Quarantine NOT loaded
Dec 11 09:08:29 mail amavis[17769]: Lookup::SQL code NOT loaded
Dec 11 09:08:29 mail amavis[17769]: Lookup::LDAP code NOT loaded
Dec 11 09:08:29 mail amavis[17769]: AM.PDP-in proto code loaded
Dec 11 09:08:29 mail amavis[17769]: SMTP-in proto code loaded
Dec 11 09:08:29 mail amavis[17769]: Courier proto code NOT loaded
Dec 11 09:08:29 mail amavis[17769]: SMTP-out proto code loaded
Dec 11 09:08:29 mail amavis[17769]: Pipe-out proto code NOT loaded
Dec 11 09:08:29 mail amavis[17769]: BSMTP-out proto code NOT loaded
Dec 11 09:08:29 mail amavis[17769]: Local-out proto code loaded
Dec 11 09:08:29 mail amavis[17769]: OS_Fingerprint code NOT loaded
Dec 11 09:08:29 mail amavis[17769]: ANTI-VIRUS code loaded
Dec 11 09:08:29 mail amavis[17769]: ANTI-SPAM code loaded
Dec 11 09:08:29 mail amavis[17769]: ANTI-SPAM-EXT code NOT loaded
Dec 11 09:08:29 mail amavis[17769]: ANTI-SPAM-C code NOT loaded
Dec 11 09:08:29 mail amavis[17769]: ANTI-SPAM-SA code loaded
Dec 11 09:08:29 mail amavis[17769]: Unpackers code loaded
Dec 11 09:08:29 mail amavis[17769]: DKIM code loaded
Dec 11 09:08:29 mail amavis[17769]: Tools code NOT loaded
Dec 11 09:08:29 mail amavis[17769]: Found $file at /usr/bin/file
Dec 11 09:08:29 mail amavis[17769]: Found $altermime at /usr/bin/altermime
Dec 11 09:08:29 mail amavis[17769]: Internal decoder for .mail
Dec 11 09:08:29 mail amavis[17769]: Internal decoder for .asc
Dec 11 09:08:29 mail amavis[17769]: Internal decoder for .uue
Dec 11 09:08:29 mail amavis[17769]: Internal decoder for .hqx
Dec 11 09:08:29 mail amavis[17769]: Internal decoder for .ync
Dec 11 09:08:29 mail amavis[17769]: Found decoder for .F at /usr/bin/unfreeze
Dec 11 09:08:29 mail amavis[17769]: Found decoder for .Z at /usr/bin/uncompress
Dec 11 09:08:29 mail amavis[17769]: Found decoder for .gz at /usr/bin/gzip -d
Dec 11 09:08:29 mail amavis[17769]: Found decoder for .bz2 at /usr/bin/bzip2 -d
Dec 11 09:08:29 mail amavis[17769]: Found decoder for .lzo at /usr/bin/lzop -d
Dec 11 09:08:29 mail amavis[17769]: Found decoder for .rpm at /usr/bin/rpm2cpio
Dec 11 09:08:29 mail amavis[17769]: Found decoder for .cpio at /usr/bin/pax
Dec 11 09:08:29 mail amavis[17769]: Found decoder for .tar at /usr/bin/pax
Dec 11 09:08:29 mail amavis[17769]: Found decoder for .deb at /usr/bin/ar
Dec 11 09:08:29 mail amavis[17769]: Internal decoder for .zip
Dec 11 09:08:29 mail amavis[17769]: Found decoder for .7z at /usr/bin/7za
Dec 11 09:08:29 mail amavis[17769]: Found decoder for .rar at /usr/bin/unrar
Dec 11 09:08:29 mail amavis[17769]: Found decoder for .arj at /usr/bin/arj
Dec 11 09:08:29 mail amavis[17769]: Found decoder for .arc at /usr/bin/nomarch
Dec 11 09:08:29 mail amavis[17769]: Found decoder for .zoo at /usr/bin/zoo
Dec 11 09:08:29 mail amavis[17769]: Found decoder for .lha at /usr/bin/lha
Dec 11 09:08:29 mail amavis[17769]: Found decoder for .cab at /usr/bin/cabextract
Dec 11 09:08:29 mail amavis[17769]: No decoder for .tnef tried: tnef
Dec 11 09:08:29 mail amavis[17769]: Internal decoder for .tnef
Dec 11 09:08:29 mail amavis[17769]: Found decoder for .exe at /usr/bin/unrar; /usr/bin/lha; /usr/bin/arj
Dec 11 09:08:29 mail amavis[17769]: Using primary internal av scanner code for ClamAV-clamd
Dec 11 09:08:29 mail amavis[17769]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Dec 11 09:08:29 mail amavis[17769]: Creating db in /var/amavis/db/; BerkeleyDB 0.54, libdb 4.7
|
Net::Server: Group Not Defined警告不用理会,它会使用默认用户491和组494,即amavis。
9、查看创建的数据库
1
2
| [iyunv@mail ~]# ls /var/amavis/db/
__db.001 __db.002 __db.003 __db.004 nanny.db snmp.db
|
10、启动postfix服务
1
2
3
4
5
| [iyunv@mail ~]# service postfix start
[iyunv@mail ~]# netstat -tnlp | grep master
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 32265/master
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 32265/master
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 32265/master
|
可以看到postfix启动了10025端口进程
11、设置开机自动启动
1
2
3
| [iyunv@mail ~]# chkconfig spamassassin on
[iyunv@mail ~]# chkconfig clamd on
[iyunv@mail ~]# chkconfig amavisd on
|
说明:下节进行垃圾和病毒测试。
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2014-12-19 08:23:11
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡