一、安装Amavisd-new+SpamAssassin
说明:amavisd-new是介于MTA与邮件分析软件(如sa、clama)之间的一个接口;可以将位于队列的邮件取出来,调用ClamAV对邮件进行病毒扫描,调用SpamAssassin对邮件内容进行过滤 。
官方网站:
http://www.ijs.si/software/amavisd/
安装参考:
http://www.shisaa.jp/postset/mailserver-3.html
http://www.postfixvirtual.net/postfixantivirus.html#amavisdnew
1、安装yum源
[[email protected] ~]# rpm -Uvh http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
注意:根据系统版本(centos6.6_64bit)选择安装相应目录(e16、x86_64)下的源。
2、安装amavisd-new spamassassin
说明:最新的RPM包版本是2.8.0,有个BUG会报(!)auto-learning错误,因此建议安装2.6.6版本。
或者在官方主页上下载最新2.10.0版本源码包进行编译安装,不过比较麻烦而且容易出错。
[[email protected] ~]# yum install amavisd-new-2.6.6 ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: amavisd-new x86_64 2.6.6-3.el6.rf rpmforge 816 k Installing for dependencies: arj x86_64 3.10.22-2.el6.rf rpmforge 186 k perl-Archive-Tar x86_64 1.58-136.el6_6.1 updates 73 k perl-Archive-Zip noarch 1.30-2.el6 base 107 k perl-BerkeleyDB x86_64 0.43-1.el6.rf rpmforge 296 k perl-Compress-Raw-Zlib x86_64 1:2.021-136.el6_6.1 updates 69 k perl-Compress-Zlib x86_64 2.021-136.el6_6.1 updates 45 k perl-Convert-BinHex noarch 1.119-10.1.el6 base 43 k perl-Convert-TNEF noarch 0.18-1.el6.rf rpmforge 18 k perl-Convert-UUlib x86_64 1:1.34-1.el6.rf rpmforge 303 k perl-Crypt-OpenSSL-Bignum x86_64 0.04-8.1.el6 base 34 k perl-Crypt-OpenSSL-RSA x86_64 0.25-10.1.el6 base 37 k perl-Crypt-OpenSSL-Random x86_64 0.04-9.1.el6 base 22 k perl-Digest-HMAC noarch 1.01-22.el6 base 22 k perl-Digest-SHA1 x86_64 2.12-2.el6 base 49 k perl-Encode-Detect x86_64 1.01-2.el6 base 80 k perl-IO-Compress-Base x86_64 2.021-136.el6_6.1 updates 69 k perl-IO-Compress-Zlib x86_64 2.021-136.el6_6.1 updates 135 k perl-IO-Socket-INET6 noarch 2.56-4.el6 base 17 k perl-IO-Socket-SSL noarch 1.31-2.el6 base 69 k perl-IO-Zlib x86_64 1:1.09-136.el6_6.1 updates 33 k perl-IO-stringy noarch 2.110-10.1.el6 base 68 k perl-MIME-tools noarch 5.427-4.el6 base 247 k perl-Mail-DKIM noarch 0.37-2.el6 base 121 k perl-Net-DNS x86_64 0.65-5.el6 base 232 k perl-Net-LibIDN x86_64 0.12-3.el6 base 35 k perl-Net-SSLeay x86_64 1.35-9.el6 base 173 k perl-Net-Server noarch 0.99-1.el6.rf rpmforge 171 k perl-NetAddr-IP x86_64 4.027-7.el6 base 96 k perl-Package-Constants x86_64 1:0.02-136.el6_6.1 updates 26 k perl-Socket6 x86_64 0.23-4.el6 base 27 k perl-Test-Mock-LWP noarch 0.05-1.el6.rf rpmforge 18 k perl-Test-MockObject noarch 1.09-4.el6 base 32 k perl-UNIVERSAL-can noarch 1.15-1.el6 base 12 k perl-UNIVERSAL-isa noarch 1.03-1.el6 base 11 k perl-URI noarch 1.40-2.el6 base 117 k perl-Unix-Syslog x86_64 1.1-1.el6.rf rpmforge 56 k perl-libwww-perl noarch 5.833-2.el6 base 387 k procmail x86_64 3.22-25.1.el6_5.1 base 162 k ripole x86_64 0.2.0-1.2.el6.rf rpmforge 44 k spamassassin x86_64 3.3.1-3.el6 base 1.1 M unrar x86_64 5.0.3-1.el6.rf rpmforge 124 k zoo x86_64 2.10-2.2.el6.rf rpmforge 76 k Transaction Summary ================================================================================ Install 43 Package(s)
说明:依赖的软件包比较多,而且大部分本地系统盘中没有,需要到CPAN安装,因此使用源码包安装非常麻烦。
安装后生成了以下内容:
用户和组:amavis.amavis
家目录:/var/amavis/{db,tmp,var}
配置文件:/etc/amavisd.conf
启动进程:/usr/sbin/amavisd
spamassassin规则目录:/usr/share/spamassassin
spamassassin配置目录:/etc/mail/spamassassin
3、安装clamav
[[email protected] ~]# yum install clamav clamd ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: clamav x86_64 0.98.4-1.el6.rf rpmforge 2.4 M clamd x86_64 0.98.4-1.el6.rf rpmforge 158 k Installing for dependencies: clamav-db x86_64 0.98.4-1.el6.rf rpmforge 34 M Transaction Summary ================================================================================ Install 3 Package(s)
安装后生成了以下内容:
用户和组clamav
数据库目录/var/clamav
临时目录/var/tmp
配置文件/etc/clamd.conf
启动程序/usr/sbin/clamd
PID文件/var/run/clamav/clamd.pid
SOCK文件/var/run/clamav/clamd.sock
日志文件/var/log/clamav/clamd.log
4、配置SASpamAssassin
(1)给SA增加中文规则
官方地址现在已经不提供文件下载了
www.ccert.edu.cn/spam/sa/Chinese_rules.cf.bak
参考文档:
http://www.securitycn.net/html/Plan/Solution/276.html
规则文件下载:
http://www.securitycn.net/img/uploadimg/20060329/Chinese_rules.cf
[[email protected] ~]# cd /usr/share/spamassassin [[email protected] spamassassin]# wget http://www.securitycn.net/img/uploadimg/20060329/Chinese_rules.cf [[email protected] spamassassin]# vi /etc/mail/spamassassin/local.cf rewrite_header Subject *****SPAM***** report_safe 0 required_score 5.0
(2)更新SA训练库
[[email protected] ~]# sa-update
已默认设置了计划任务,每日4点10更新:
[[email protected] ~]# cat /etc/cron.d/sa-update
10 4 * * * root /usr/share/spamassassin/sa-update.cron 2>&1 | tee -a /var/log/sa-update.log
查看更新日志:
[[email protected] ~]# tail /var/log/sa-update.log
会出现一些无法下载更新的报错。
5、配置Amavisd
[[email protected] ~]# vi /etc/amavisd.conf
#基本设置,amavisd使用10024端口
$max_servers = 10;
$daemon_user = ‘amavis‘;
$daemon_group = ‘amavis‘;
$mydomain = ‘yourmail.com‘;
$myhostname = ‘mail.yourmail.com‘;
$MYHOME = ‘/var/amavis‘;
$db_home = "$MYHOME/db";
$lock_file = "$MYHOME/var/amavisd.lock";
$pid_file = "$MYHOME/var/amavisd.pid";
@local_domains_maps = ( [".$mydomain"] ); # = qw(.); #对所有的域检查
@mynetworks = qw( 127.0.0.0/8 ); #本地网段
#修改判定垃圾邮件的分数
$sa_tag_level_deflt = 2.0; #添加SPAM标题
$sa_tag2_level_deflt = 6.2; #添加垃圾邮件信头
$sa_kill_level_deflt = 6.9; #將信件备份后删除
# 修改投递/拦截的方法:
$final_virus_destiny = D_BOUNCE; #检测到病毒,拦截并通知发件
$final_banned_destiny = D_BOUNCE; #检测到受禁止的内容,拦截并通知发件
$final_spam_destiny = D_PASS; #垃圾邮件,不拦截,后面会设置maildroprc将垃圾邮件移动到垃圾箱
$final_bad_header_destiny = D_PASS; #不良信件头,不拦截
#D_DISCARD丢弃且不通知;D_REJECT拒绝投递并通知发件人
# 配置Amavisd与Clamav结合
[‘ClamAV-clamd‘,
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"], #/etc/clamd.conf定义了sock路径
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
调试amavisd程序和配置是否正确
[[email protected] ~]# /usr/sbin/amavisd -c /etc/amavisd.conf debug Dec 5 15:06:03.789 mail.yourmail.com /usr/sbin/amavisd[33379]: logging initialized, log level 0, syslog: amavis.mail Dec 5 15:06:03.794 mail.yourmail.com /usr/sbin/amavisd[33379]: run_command: [33380] /usr/bin/uptime </dev/null 2>/dev/null Dec 5 15:06:03.827 mail.yourmail.com /usr/sbin/amavisd[33379]: system uptime 2 4:12:00: 15:06:03 up 2 days, 4:12, 5 users, load average: 0.00, 0.00, 0.00 Dec 5 15:06:03.827 mail.yourmail.com /usr/sbin/amavisd[33379]: Valid PID file (younger than sys uptime 2 4:12:00) Dec 5 15:06:03.828 mail.yourmail.com /usr/sbin/amavisd[33379]: The amavisd daemon is already running, PID: [33061] The amavisd daemon is already running, PID: [33061]
没有异常提示或报错退出则表示一切都正常
6、配置ClamAV
(1)修改目录权限
[[email protected] ~]# chown -R clamav:clamav /var/run/clamav
(2)将clamav用户加入amavis组
[[email protected] ~]# usermod -G amavis clamav [[email protected] ~]# groups clamav clamav : clamav amavis
一定要检查下clamav是否加入了amavis组,否则病毒邮件测试时会报权限错误
(3)更新病毒库
[[email protected] ~]# /usr/bin/freshclam ClamAV update process started at Fri Dec 5 15:08:06 2014 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.98.4 Recommended version: 0.98.5 DON‘‘T PANIC! Read http://www.clamav.net/support/faq main.cld is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) Downloading daily-19727.cdiff [100%] Downloading daily-19728.cdiff [100%] Downloading daily-19729.cdiff [100%] #] daily.cld updated (version: 19729, sigs: 1282958, f-level: 63, builder: neo) bytecode.cvd is up to date (version: 242, sigs: 46, f-level: 63, builder: dgoddard) Database updated (3707229 signatures) from db.cn.clamav.net (IP: 202.118.1.66) Clamd successfully notified about the update.
说明:提示你安装最新版本0.98.5,不用管它,成功下载cdiff病毒库文件就行。
(4)设置定时更新
[[email protected] ~]# vi /etc/cron.d/freshclam 30 4 * * * root /usr/bin/freshclam
7、配置Postfix集成amavisd
(1)创建病毒垃圾邮箱
在extman中给postmaster添加别名,即/etc/amavisd.conf中定义的病毒和垃圾收集邮箱virusalert、spam.police
这里还添加了root和admin别名,也可以在别名库中设置(/etc/aliases)。
(2)设置smtp-amavis进程和回注进程
[[email protected] ~]# vi /etc/postfix/master.cf #邮件传送给amavis进行扫描 smtp-amavis unix - - n - 10 smtp #10表示maxproc,对应amavisd.conf中的$max_servers -o smtp_data_done_timeout=1200 #超时时间,单位秒,应比postfix的超时时间更长 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 #amavis扫描完成后,使用一个单独的smtp进程将mail回注给postfix,只要本地10025上运行,因此不用开放端口 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings -o local_header_rewrite_clients= -o smtpd_milters= -o local_recipient_maps= -o relay_recipient_maps=
(3)设置Postfix内容过滤器:
[[email protected] ~]# vi /etc/postfix/main.cf # Postfix将邮件传递给amavisd检查 content_filter = smtp-amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings
8、启动进程
先停止postfix服务:
[[email protected] ~]# service postfix stop
[[email protected] ~]# /etc/init.d/spamassassin start [[email protected] ~]# netstat -tnlp |grep 783 tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 31943/spamd.pid
[[email protected] ~]# /etc/init.d/clamd start [[email protected] ~]# netstat -tnlp |grep 3310 tcp 0 0 127.0.0.1:3310 0.0.0.0:* LISTEN 31983/clamd
[[email protected] ~]# /etc/init.d/amavisd start [[email protected] ~]# netstat -tnlp | grep 10024 tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 32121/amavisd (mast tcp 0 0 ::1:10024 :::* LISTEN 32121/amavisd (mast
启动和重载amavisd时可以查看日志是否有报错:
[[email protected] ~]# tail /var/log/maillog Dec 11 09:08:28 mail amavis[17768]: starting. /usr/sbin/amavisd at mail.yourmail.com amavisd-new-2.6.6 (20110518), Unicode aware, LANG="zh_CN.UTF-8" Dec 11 09:08:28 mail amavis[17768]: Perl version 5.010001 Dec 11 09:08:28 mail amavis[17768]: Perl version 5.010001 Dec 11 09:08:29 mail amavis[17769]: Net::Server: Group Not Defined. Defaulting to EGID ‘491 491‘ Dec 11 09:08:29 mail amavis[17769]: Net::Server: User Not Defined. Defaulting to EUID ‘494‘ Dec 11 09:08:29 mail amavis[17769]: Module Amavis::Conf 2.209 Dec 11 09:08:29 mail amavis[17769]: Module Archive::Zip 1.39 Dec 11 09:08:29 mail amavis[17769]: Module BerkeleyDB 0.54 Dec 11 09:08:29 mail amavis[17769]: Module Compress::Zlib 2.066 Dec 11 09:08:29 mail amavis[17769]: Module Convert::TNEF 0.18 Dec 11 09:08:29 mail amavis[17769]: Module Convert::UUlib 1.4 Dec 11 09:08:29 mail amavis[17769]: Module Crypt::OpenSSL::RSA 0.28 Dec 11 09:08:29 mail amavis[17769]: Module DB_File 1.831 Dec 11 09:08:29 mail amavis[17769]: Module Digest::MD5 2.39 Dec 11 09:08:29 mail amavis[17769]: Module Digest::SHA 5.47 Dec 11 09:08:29 mail amavis[17769]: Module IO::Socket::INET6 2.72 Dec 11 09:08:29 mail amavis[17769]: Module MIME::Entity 5.505 Dec 11 09:08:29 mail amavis[17769]: Module MIME::Parser 5.505 Dec 11 09:08:29 mail amavis[17769]: Module MIME::Tools 5.505 Dec 11 09:08:29 mail amavis[17769]: Module Mail::DKIM::Signer 0.4 Dec 11 09:08:29 mail amavis[17769]: Module Mail::DKIM::Verifier 0.4 Dec 11 09:08:29 mail amavis[17769]: Module Mail::Header 2.14 Dec 11 09:08:29 mail amavis[17769]: Module Mail::Internet 2.14 Dec 11 09:08:29 mail amavis[17769]: Module Mail::SpamAssassin 3.004000 Dec 11 09:08:29 mail amavis[17769]: Module Net::DNS 0.81 Dec 11 09:08:29 mail amavis[17769]: Module Net::Server 2.008 Dec 11 09:08:29 mail amavis[17769]: Module NetAddr::IP 4.075 Dec 11 09:08:29 mail amavis[17769]: Module Socket6 0.25 Dec 11 09:08:29 mail amavis[17769]: Module Time::HiRes 1.9721 Dec 11 09:08:29 mail amavis[17769]: Module URI 1.65 Dec 11 09:08:29 mail amavis[17769]: Module Unix::Syslog 1.1 Dec 11 09:08:29 mail amavis[17769]: Amavis::DB code loaded Dec 11 09:08:29 mail amavis[17769]: Amavis::Cache code loaded Dec 11 09:08:29 mail amavis[17769]: SQL base code NOT loaded Dec 11 09:08:29 mail amavis[17769]: SQL::Log code NOT loaded Dec 11 09:08:29 mail amavis[17769]: SQL::Quarantine NOT loaded Dec 11 09:08:29 mail amavis[17769]: Lookup::SQL code NOT loaded Dec 11 09:08:29 mail amavis[17769]: Lookup::LDAP code NOT loaded Dec 11 09:08:29 mail amavis[17769]: AM.PDP-in proto code loaded Dec 11 09:08:29 mail amavis[17769]: SMTP-in proto code loaded Dec 11 09:08:29 mail amavis[17769]: Courier proto code NOT loaded Dec 11 09:08:29 mail amavis[17769]: SMTP-out proto code loaded Dec 11 09:08:29 mail amavis[17769]: Pipe-out proto code NOT loaded Dec 11 09:08:29 mail amavis[17769]: BSMTP-out proto code NOT loaded Dec 11 09:08:29 mail amavis[17769]: Local-out proto code loaded Dec 11 09:08:29 mail amavis[17769]: OS_Fingerprint code NOT loaded Dec 11 09:08:29 mail amavis[17769]: ANTI-VIRUS code loaded Dec 11 09:08:29 mail amavis[17769]: ANTI-SPAM code loaded Dec 11 09:08:29 mail amavis[17769]: ANTI-SPAM-EXT code NOT loaded Dec 11 09:08:29 mail amavis[17769]: ANTI-SPAM-C code NOT loaded Dec 11 09:08:29 mail amavis[17769]: ANTI-SPAM-SA code loaded Dec 11 09:08:29 mail amavis[17769]: Unpackers code loaded Dec 11 09:08:29 mail amavis[17769]: DKIM code loaded Dec 11 09:08:29 mail amavis[17769]: Tools code NOT loaded Dec 11 09:08:29 mail amavis[17769]: Found $file at /usr/bin/file Dec 11 09:08:29 mail amavis[17769]: Found $altermime at /usr/bin/altermime Dec 11 09:08:29 mail amavis[17769]: Internal decoder for .mail Dec 11 09:08:29 mail amavis[17769]: Internal decoder for .asc Dec 11 09:08:29 mail amavis[17769]: Internal decoder for .uue Dec 11 09:08:29 mail amavis[17769]: Internal decoder for .hqx Dec 11 09:08:29 mail amavis[17769]: Internal decoder for .ync Dec 11 09:08:29 mail amavis[17769]: Found decoder for .F at /usr/bin/unfreeze Dec 11 09:08:29 mail amavis[17769]: Found decoder for .Z at /usr/bin/uncompress Dec 11 09:08:29 mail amavis[17769]: Found decoder for .gz at /usr/bin/gzip -d Dec 11 09:08:29 mail amavis[17769]: Found decoder for .bz2 at /usr/bin/bzip2 -d Dec 11 09:08:29 mail amavis[17769]: Found decoder for .lzo at /usr/bin/lzop -d Dec 11 09:08:29 mail amavis[17769]: Found decoder for .rpm at /usr/bin/rpm2cpio Dec 11 09:08:29 mail amavis[17769]: Found decoder for .cpio at /usr/bin/pax Dec 11 09:08:29 mail amavis[17769]: Found decoder for .tar at /usr/bin/pax Dec 11 09:08:29 mail amavis[17769]: Found decoder for .deb at /usr/bin/ar Dec 11 09:08:29 mail amavis[17769]: Internal decoder for .zip Dec 11 09:08:29 mail amavis[17769]: Found decoder for .7z at /usr/bin/7za Dec 11 09:08:29 mail amavis[17769]: Found decoder for .rar at /usr/bin/unrar Dec 11 09:08:29 mail amavis[17769]: Found decoder for .arj at /usr/bin/arj Dec 11 09:08:29 mail amavis[17769]: Found decoder for .arc at /usr/bin/nomarch Dec 11 09:08:29 mail amavis[17769]: Found decoder for .zoo at /usr/bin/zoo Dec 11 09:08:29 mail amavis[17769]: Found decoder for .lha at /usr/bin/lha Dec 11 09:08:29 mail amavis[17769]: Found decoder for .cab at /usr/bin/cabextract Dec 11 09:08:29 mail amavis[17769]: No decoder for .tnef tried: tnef Dec 11 09:08:29 mail amavis[17769]: Internal decoder for .tnef Dec 11 09:08:29 mail amavis[17769]: Found decoder for .exe at /usr/bin/unrar; /usr/bin/lha; /usr/bin/arj Dec 11 09:08:29 mail amavis[17769]: Using primary internal av scanner code for ClamAV-clamd Dec 11 09:08:29 mail amavis[17769]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan Dec 11 09:08:29 mail amavis[17769]: Creating db in /var/amavis/db/; BerkeleyDB 0.54, libdb 4.7
Net::Server: Group Not Defined警告不用理会,它会使用默认用户491和组494,即amavis。
9、查看创建的数据库
[[email protected] ~]# ls /var/amavis/db/ __db.001 __db.002 __db.003 __db.004 nanny.db snmp.db
10、启动postfix服务
[[email protected] ~]# service postfix start [[email protected] ~]# netstat -tnlp | grep master tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 32265/master tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 32265/master tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 32265/master
可以看到postfix启动了10025端口进程
11、设置开机自动启动
[[email protected] ~]# chkconfig spamassassin on [[email protected] ~]# chkconfig clamd on [[email protected] ~]# chkconfig amavisd on
说明:下节进行垃圾和病毒测试。
时间: 2024-11-09 08:41:45