Postfix邮箱(六):安装Amavisd-new+SpamAssassin+Clamav
一、安装Amavisd-new+SpamAssassin说明:amavisd-new是介于MTA与邮件分析软件(如sa、clama)之间的一个接口;可以将位于队列的邮件取出来,调用ClamAV对邮件进行病毒扫描,调用SpamAssassin对邮件内容进行过滤 。
官方网站:
http://www.ijs.si/software/amavisd/
安装参考:
http://www.shisaa.jp/postset/mailserver-3.html
http://www.postfixvirtual.net/postfixantivirus.html#amavisdnew
1、安装yum源
1
# rpm -Uvh http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
注意:根据系统版本(centos6.6_64bit)选择安装相应目录(e16、x86_64)下的源。
2、安装amavisd-newspamassassin
说明:最新的RPM包版本是2.8.0,有个BUG会报(!)auto-learning错误,因此建议安装2.6.6版本。
或者在官方主页上下载最新2.10.0版本源码包进行编译安装,不过比较麻烦而且容易出错。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# yum install amavisd-new-2.6.6
================================================================================
Package Arch Version RepositorySize
================================================================================
Installing:
amavisd-new x86_64 2.6.6-3.el6.rf rpmforge 816 k
Installing for dependencies:
arj x86_64 3.10.22-2.el6.rf rpmforge 186 k
perl-Archive-Tar x86_64 1.58-136.el6_6.1 updates 73 k
perl-Archive-Zip noarch 1.30-2.el6 base 107 k
perl-BerkeleyDB x86_64 0.43-1.el6.rf rpmforge 296 k
perl-Compress-Raw-Zlib x86_64 1:2.021-136.el6_6.1 updates 69 k
perl-Compress-Zlib x86_64 2.021-136.el6_6.1 updates 45 k
perl-Convert-BinHex noarch 1.119-10.1.el6 base 43 k
perl-Convert-TNEF noarch 0.18-1.el6.rf rpmforge 18 k
perl-Convert-UUlib x86_64 1:1.34-1.el6.rf rpmforge 303 k
perl-Crypt-OpenSSL-Bignum x86_64 0.04-8.1.el6 base 34 k
perl-Crypt-OpenSSL-RSA x86_64 0.25-10.1.el6 base 37 k
perl-Crypt-OpenSSL-Random x86_64 0.04-9.1.el6 base 22 k
perl-Digest-HMAC noarch 1.01-22.el6 base 22 k
perl-Digest-SHA1 x86_64 2.12-2.el6 base 49 k
perl-Encode-Detect x86_64 1.01-2.el6 base 80 k
perl-IO-Compress-Base x86_64 2.021-136.el6_6.1 updates 69 k
perl-IO-Compress-Zlib x86_64 2.021-136.el6_6.1 updates 135 k
perl-IO-Socket-INET6 noarch 2.56-4.el6 base 17 k
perl-IO-Socket-SSL noarch 1.31-2.el6 base 69 k
perl-IO-Zlib x86_64 1:1.09-136.el6_6.1 updates 33 k
perl-IO-stringy noarch 2.110-10.1.el6 base 68 k
perl-MIME-tools noarch 5.427-4.el6 base 247 k
perl-Mail-DKIM noarch 0.37-2.el6 base 121 k
perl-Net-DNS x86_64 0.65-5.el6 base 232 k
perl-Net-LibIDN x86_64 0.12-3.el6 base 35 k
perl-Net-SSLeay x86_64 1.35-9.el6 base 173 k
perl-Net-Server noarch 0.99-1.el6.rf rpmforge 171 k
perl-NetAddr-IP x86_64 4.027-7.el6 base 96 k
perl-Package-Constants x86_64 1:0.02-136.el6_6.1 updates 26 k
perl-Socket6 x86_64 0.23-4.el6 base 27 k
perl-Test-Mock-LWP noarch 0.05-1.el6.rf rpmforge 18 k
perl-Test-MockObject noarch 1.09-4.el6 base 32 k
perl-UNIVERSAL-can noarch 1.15-1.el6 base 12 k
perl-UNIVERSAL-isa noarch 1.03-1.el6 base 11 k
perl-URI noarch 1.40-2.el6 base 117 k
perl-Unix-Syslog x86_64 1.1-1.el6.rf rpmforge 56 k
perl-libwww-perl noarch 5.833-2.el6 base 387 k
procmail x86_64 3.22-25.1.el6_5.1 base 162 k
ripole x86_64 0.2.0-1.2.el6.rf rpmforge 44 k
spamassassin x86_64 3.3.1-3.el6 base 1.1 M
unrar x86_64 5.0.3-1.el6.rf rpmforge 124 k
zoo x86_64 2.10-2.2.el6.rf rpmforge 76 k
Transaction Summary
================================================================================
Install 43 Package(s)
说明:依赖的软件包比较多,而且大部分本地系统盘中没有,需要到CPAN安装,因此使用源码包安装非常麻烦。
安装后生成了以下内容:
用户和组:amavis.amavis
家目录:/var/amavis/{db,tmp,var}
配置文件:/etc/amavisd.conf
启动进程:/usr/sbin/amavisd
spamassassin规则目录:/usr/share/spamassassin
spamassassin配置目录:/etc/mail/spamassassin
3、安装clamav
1
2
3
4
5
6
7
8
9
10
11
12
# yum install clamav clamd
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
clamav x86_64 0.98.4-1.el6.rf rpmforge 2.4 M
clamd x86_64 0.98.4-1.el6.rf rpmforge 158 k
Installing for dependencies:
clamav-db x86_64 0.98.4-1.el6.rf rpmforge 34 M
Transaction Summary
================================================================================
Install 3 Package(s)
安装后生成了以下内容:
用户和组clamav
数据库目录/var/clamav
临时目录/var/tmp
配置文件/etc/clamd.conf
启动程序/usr/sbin/clamd
PID文件/var/run/clamav/clamd.pid
SOCK文件/var/run/clamav/clamd.sock
日志文件/var/log/clamav/clamd.log
4、配置SASpamAssassin
(1)给SA增加中文规则
官方地址现在已经不提供文件下载了
www.ccert.edu.cn/spam/sa/Chinese_rules.cf.bak
参考文档:
http://www.securitycn.net/html/Plan/Solution/276.html
规则文件下载:
http://www.securitycn.net/img/uploadimg/20060329/Chinese_rules.cf
1
2
3
4
5
6
# cd /usr/share/spamassassin
# wget http://www.securitycn.net/img/uploadimg/20060329/Chinese_rules.cf
# vi /etc/mail/spamassassin/local.cf
rewrite_header Subject *****SPAM*****
report_safe 0
required_score 5.0
(2)更新SA训练库
# sa-update
已默认设置了计划任务,每日4点10更新:
# cat /etc/cron.d/sa-update
10 4 * * * root /usr/share/spamassassin/sa-update.cron 2>&1 | tee -a /var/log/sa-update.log
查看更新日志:
# tail /var/log/sa-update.log
会出现一些无法下载更新的报错。
5、配置Amavisd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# vi /etc/amavisd.conf
#基本设置,amavisd使用10024端口
$max_servers = 10;
$daemon_user = 'amavis';
$daemon_group = 'amavis';
$mydomain = 'yourmail.com';
$myhostname = 'mail.yourmail.com';
$MYHOME = '/var/amavis';
$db_home = "$MYHOME/db";
$lock_file = "$MYHOME/var/amavisd.lock";
$pid_file= "$MYHOME/var/amavisd.pid";
@local_domains_maps =( [".$mydomain"] ); # = qw(.); #对所有的域检查
@mynetworks = qw( 127.0.0.0/8 ); #本地网段
#修改判定垃圾邮件的分数
$sa_tag_level_deflt= 2.0;#添加SPAM标题
$sa_tag2_level_deflt = 6.2;#添加垃圾邮件信头
$sa_kill_level_deflt = 6.9;#將信件备份后删除
# 修改投递/拦截的方法:
$final_virus_destiny = D_BOUNCE; #检测到病毒,拦截并通知发件
$final_banned_destiny = D_BOUNCE; #检测到受禁止的内容,拦截并通知发件
$final_spam_destiny = D_PASS; #垃圾邮件,不拦截,后面会设置maildroprc将垃圾邮件移动到垃圾箱
$final_bad_header_destiny = D_PASS; #不良信件头,不拦截
#D_DISCARD丢弃且不通知;D_REJECT拒绝投递并通知发件人
# 配置Amavisd与Clamav结合
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"], #/etc/clamd.conf定义了sock路径
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
调试amavisd程序和配置是否正确
1
2
3
4
5
6
7
# /usr/sbin/amavisd -c /etc/amavisd.conf debug
Dec5 15:06:03.789 mail.yourmail.com /usr/sbin/amavisd: logging initialized, log level 0, syslog: amavis.mail
Dec5 15:06:03.794 mail.yourmail.com /usr/sbin/amavisd: run_command: /usr/bin/uptime </dev/null 2>/dev/null
Dec5 15:06:03.827 mail.yourmail.com /usr/sbin/amavisd: system uptime 2 4:12:00:15:06:03 up 2 days,4:12,5 users,load average: 0.00, 0.00, 0.00
Dec5 15:06:03.827 mail.yourmail.com /usr/sbin/amavisd: Valid PID file (younger than sys uptime 2 4:12:00)
Dec5 15:06:03.828 mail.yourmail.com /usr/sbin/amavisd: The amavisd daemon is already running, PID:
The amavisd daemon is already running, PID:
没有异常提示或报错退出则表示一切都正常
6、配置ClamAV
(1)修改目录权限
1
# chown -R clamav:clamav /var/run/clamav
(2)将clamav用户加入amavis组
1
2
3
# usermod -G amavis clamav
# groups clamav
clamav : clamav amavis
一定要检查下clamav是否加入了amavis组,否则病毒邮件测试时会报权限错误
(3)更新病毒库
1
2
3
4
5
6
7
8
9
10
11
12
13
# /usr/bin/freshclam
ClamAV update process started at Fri Dec5 15:08:06 2014
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.98.4 Recommended version: 0.98.5
DON''T PANIC! Read http://www.clamav.net/support/faq
main.cld is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Downloading daily-19727.cdiff
Downloading daily-19728.cdiff
Downloading daily-19729.cdiff #]
daily.cld updated (version: 19729, sigs: 1282958, f-level: 63, builder: neo)
bytecode.cvd is up to date (version: 242, sigs: 46, f-level: 63, builder: dgoddard)
Database updated (3707229 signatures) from db.cn.clamav.net (IP: 202.118.1.66)
Clamd successfully notified about the update.
说明:提示你安装最新版本0.98.5,不用管它,成功下载cdiff病毒库文件就行。
(4)设置定时更新
1
2
# vi /etc/cron.d/freshclam
30 4 * * * root /usr/bin/freshclam
7、配置Postfix集成amavisd
(1)创建病毒垃圾邮箱
在extman中给postmaster添加别名,即/etc/amavisd.conf中定义的病毒和垃圾收集邮箱virusalert、spam.police
这里还添加了root和admin别名,也可以在别名库中设置(/etc/aliases)。
(2)设置smtp-amavis进程和回注进程
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# vi /etc/postfix/master.cf
#邮件传送给amavis进行扫描
smtp-amavis unix - - n - 10 smtp
#10表示maxproc,对应amavisd.conf中的$max_servers
-o smtp_data_done_timeout=1200
#超时时间,单位秒,应比postfix的超时时间更长
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
#amavis扫描完成后,使用一个单独的smtp进程将mail回注给postfix,只要本地10025上运行,因此不用开放端口
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
-o local_header_rewrite_clients=
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=
(3)设置Postfix内容过滤器:
1
2
3
4
# vi /etc/postfix/main.cf
# Postfix将邮件传递给amavisd检查
content_filter = smtp-amavis::10024
receive_override_options = no_address_mappings
8、启动进程
先停止postfix服务:
1
# service postfix stop
1
2
3
# /etc/init.d/spamassassin start
# netstat -tnlp |grep 783
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 31943/spamd.pid
1
2
3
# /etc/init.d/clamd start
# netstat -tnlp |grep 3310
tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 31983/clamd
1
2
3
4
# /etc/init.d/amavisd start
# netstat -tnlp | grep 10024
tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 32121/amavisd (mast
tcp 0 0 ::1:10024 :::* LISTEN 32121/amavisd (mast
启动和重载amavisd时可以查看日志是否有报错:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
# tail /var/log/maillog
Dec 11 09:08:28 mail amavis: starting./usr/sbin/amavisd at mail.yourmail.com amavisd-new-2.6.6 (20110518), Unicode aware, LANG="zh_CN.UTF-8"
Dec 11 09:08:28 mail amavis: Perl version 5.010001
Dec 11 09:08:28 mail amavis: Perl version 5.010001
Dec 11 09:08:29 mail amavis: Net::Server: Group Not Defined.Defaulting to EGID '491 491'
Dec 11 09:08:29 mail amavis: Net::Server: User Not Defined.Defaulting to EUID '494'
Dec 11 09:08:29 mail amavis: Module Amavis::Conf 2.209
Dec 11 09:08:29 mail amavis: Module Archive::Zip 1.39
Dec 11 09:08:29 mail amavis: Module BerkeleyDB 0.54
Dec 11 09:08:29 mail amavis: Module Compress::Zlib 2.066
Dec 11 09:08:29 mail amavis: Module Convert::TNEF 0.18
Dec 11 09:08:29 mail amavis: Module Convert::UUlib 1.4
Dec 11 09:08:29 mail amavis: Module Crypt::OpenSSL::RSA 0.28
Dec 11 09:08:29 mail amavis: Module DB_File 1.831
Dec 11 09:08:29 mail amavis: Module Digest::MD5 2.39
Dec 11 09:08:29 mail amavis: Module Digest::SHA 5.47
Dec 11 09:08:29 mail amavis: Module IO::Socket::INET6 2.72
Dec 11 09:08:29 mail amavis: Module MIME::Entity 5.505
Dec 11 09:08:29 mail amavis: Module MIME::Parser 5.505
Dec 11 09:08:29 mail amavis: Module MIME::Tools 5.505
Dec 11 09:08:29 mail amavis: Module Mail::DKIM::Signer0.4
Dec 11 09:08:29 mail amavis: Module Mail::DKIM::Verifier 0.4
Dec 11 09:08:29 mail amavis: Module Mail::Header 2.14
Dec 11 09:08:29 mail amavis: Module Mail::Internet 2.14
Dec 11 09:08:29 mail amavis: Module Mail::SpamAssassin3.004000
Dec 11 09:08:29 mail amavis: Module Net::DNS 0.81
Dec 11 09:08:29 mail amavis: Module Net::Server 2.008
Dec 11 09:08:29 mail amavis: Module NetAddr::IP 4.075
Dec 11 09:08:29 mail amavis: Module Socket6 0.25
Dec 11 09:08:29 mail amavis: Module Time::HiRes 1.9721
Dec 11 09:08:29 mail amavis: Module URI 1.65
Dec 11 09:08:29 mail amavis: Module Unix::Syslog 1.1
Dec 11 09:08:29 mail amavis: Amavis::DB code loaded
Dec 11 09:08:29 mail amavis: Amavis::Cache code loaded
Dec 11 09:08:29 mail amavis: SQL base code NOT loaded
Dec 11 09:08:29 mail amavis: SQL::Log code NOT loaded
Dec 11 09:08:29 mail amavis: SQL::Quarantine NOT loaded
Dec 11 09:08:29 mail amavis: Lookup::SQL code NOT loaded
Dec 11 09:08:29 mail amavis: Lookup::LDAP code NOT loaded
Dec 11 09:08:29 mail amavis: AM.PDP-in proto code loaded
Dec 11 09:08:29 mail amavis: SMTP-in proto code loaded
Dec 11 09:08:29 mail amavis: Courier proto code NOT loaded
Dec 11 09:08:29 mail amavis: SMTP-out proto codeloaded
Dec 11 09:08:29 mail amavis: Pipe-out proto codeNOT loaded
Dec 11 09:08:29 mail amavis: BSMTP-out proto code NOT loaded
Dec 11 09:08:29 mail amavis: Local-out proto code loaded
Dec 11 09:08:29 mail amavis: OS_Fingerprint codeNOT loaded
Dec 11 09:08:29 mail amavis: ANTI-VIRUS code loaded
Dec 11 09:08:29 mail amavis: ANTI-SPAM code loaded
Dec 11 09:08:29 mail amavis: ANTI-SPAM-EXT code NOT loaded
Dec 11 09:08:29 mail amavis: ANTI-SPAM-C code NOT loaded
Dec 11 09:08:29 mail amavis: ANTI-SPAM-SA code loaded
Dec 11 09:08:29 mail amavis: Unpackers code loaded
Dec 11 09:08:29 mail amavis: DKIM code loaded
Dec 11 09:08:29 mail amavis: Tools code NOT loaded
Dec 11 09:08:29 mail amavis: Found $file at /usr/bin/file
Dec 11 09:08:29 mail amavis: Found $altermime at /usr/bin/altermime
Dec 11 09:08:29 mail amavis: Internal decoder for .mail
Dec 11 09:08:29 mail amavis: Internal decoder for .asc
Dec 11 09:08:29 mail amavis: Internal decoder for .uue
Dec 11 09:08:29 mail amavis: Internal decoder for .hqx
Dec 11 09:08:29 mail amavis: Internal decoder for .ync
Dec 11 09:08:29 mail amavis: Found decoder for .F at /usr/bin/unfreeze
Dec 11 09:08:29 mail amavis: Found decoder for .Z at /usr/bin/uncompress
Dec 11 09:08:29 mail amavis: Found decoder for .gz at /usr/bin/gzip -d
Dec 11 09:08:29 mail amavis: Found decoder for .bz2at /usr/bin/bzip2 -d
Dec 11 09:08:29 mail amavis: Found decoder for .lzoat /usr/bin/lzop -d
Dec 11 09:08:29 mail amavis: Found decoder for .rpmat /usr/bin/rpm2cpio
Dec 11 09:08:29 mail amavis: Found decoder for .cpio at /usr/bin/pax
Dec 11 09:08:29 mail amavis: Found decoder for .tarat /usr/bin/pax
Dec 11 09:08:29 mail amavis: Found decoder for .debat /usr/bin/ar
Dec 11 09:08:29 mail amavis: Internal decoder for .zip
Dec 11 09:08:29 mail amavis: Found decoder for .7z at /usr/bin/7za
Dec 11 09:08:29 mail amavis: Found decoder for .rarat /usr/bin/unrar
Dec 11 09:08:29 mail amavis: Found decoder for .arjat /usr/bin/arj
Dec 11 09:08:29 mail amavis: Found decoder for .arcat /usr/bin/nomarch
Dec 11 09:08:29 mail amavis: Found decoder for .zooat /usr/bin/zoo
Dec 11 09:08:29 mail amavis: Found decoder for .lhaat /usr/bin/lha
Dec 11 09:08:29 mail amavis: Found decoder for .cabat /usr/bin/cabextract
Dec 11 09:08:29 mail amavis: No decoder for .tnef tried: tnef
Dec 11 09:08:29 mail amavis: Internal decoder for .tnef
Dec 11 09:08:29 mail amavis: Found decoder for .exeat /usr/bin/unrar; /usr/bin/lha; /usr/bin/arj
Dec 11 09:08:29 mail amavis: Using primary internal av scanner code for ClamAV-clamd
Dec 11 09:08:29 mail amavis: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Dec 11 09:08:29 mail amavis: Creating db in /var/amavis/db/; BerkeleyDB 0.54, libdb 4.7
Net::Server: Group Not Defined警告不用理会,它会使用默认用户491和组494,即amavis。
9、查看创建的数据库
1
2
# ls /var/amavis/db/
__db.001__db.002__db.003__db.004nanny.dbsnmp.db
10、启动postfix服务
1
2
3
4
5
# service postfix start
# netstat -tnlp | grep master
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 32265/master
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 32265/master
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 32265/master
可以看到postfix启动了10025端口进程
11、设置开机自动启动
1
2
3
# chkconfig spamassassin on
# chkconfig clamd on
# chkconfig amavisd on
说明:下节进行垃圾和病毒测试。
页:
[1]