安装amavisd-new
shell
# yum install amavisd-new
设置相关目录权限:
shell
# chown -R amavis.amavis /var/spool/vscan/
2、配置SpamAssassin
Amavisd-new 通过Mail::SpamAssassin 模块来调用SA的功能,因此这里配置SA和常规配置SA软件有些区别,主要集中在修改local.cf文件上。
增加中文规则: 用于处理中文(简体)垃圾邮件。
cd /usr/share/spamassassin
wget http://www.securitycn.net/img/uploadimg/20060329/Chinese_rules.cf
vi /etc/mail/spamassassin/local.cf
-
rewrite_header Subject *****SPAM*****
-
report_safe 0
-
required_score 5.0
更新SA训练库
sa-update
shell
# /usr/sbin/amavisd -c /etc/amavisd.conf debug
如果没有异常提示或报错退出则表示一切都正常,按ctrl+c终止,然后正常启动,若提示pid不存在等错误,不必理会。
设置amavisd开机自启:
shell
# service amavisd start
# chkconfig amavisd on
3、配置ClamAV
安装ClamAV
shell
# cd /root/rpm
-
# wget http://packages.sw.be/clamav/clamav-0.97-1.el5.rf.i386.rpm
-
# wget http://packages.sw.be/clamav/clamd-0.97-1.el5.rf.i386.rpm
-
# wget http://packages.sw.be/clamav/clamav-db-0.97-1.el5.rf.i386.rpm
-
# rpm -ivh clam*
备注: 这里的ClamAV采用packages.sw.be站点的RPM包,因为EMOS里面的版本太旧,导致测试时老出问题。
编辑clamd.conf文件
shell
# vi /etc/clamd.conf
去掉 'LocalSocket /var/run/clamav/clamd.sock'的注释,并注释掉 'TCPSocket 3310',我们将使用unix socket而不是TCP,两者不可并存。
变动内容见下:
-
# Default: disabled
-
LocalSocket /var/run/clamav/clamd.sock
-
#TCPSocket 3310
设置相关目录权限:
将clamav加到amavis运行组里,并调整目录权限,否则clamav将无法扫描amavisd-new产生的临时文件
shell
-
# gpasswd -a clamav amavis
-
# usermod -G amavis clamav
-
# chown amavis.amavis /var/spool/vscan
-
# chmod 750 /var/spool/vscan
-
# chown amavis.amavis /var/spool/vscan/tmp
-
# chmod 750 /var/spool/vscan/tmp
默认的/var/spool/vscan 目录属性是:
drwxr-x--- 5 amavis amavis
对于clamav用户而言,则无任何权限访问该目录,因此maillog里amavisd-new会提示:
-
May 19 08:38:53 as3 amavis[1752]: (01752-01) ask_av (ClamAV-clamd) FAILED - unexpected result: /var/spool/vscan/tmp/amavis-20050519T
-
083853-01752/parts: Access denied. ERROR\n
-
May 19 08:38:53 as3 amavis[1752]: (01752-01) WARN: all primary virus scanners failed, considering backups
启动ClamAV及开机自启:
shell
# service clamd start
# freshclam –daemon
4、配置amavisd.con文件
修改amavisd.conf
shell
# vi /etc/amavisd.conf
修改的主要参数如下:
-
$mydomain = 'extmail.org';
-
$db_home = "$MYHOME/db";
-
$lock_file = "$MYHOME/amavisd.lock"; # -L
-
$pid_file = "$MYHOME/amavisd.pid"; # -P
-
$myhostname = 'mail.extmail.org';
-
@local_domains_maps = qw(.);
-
@mynetworks = qw( 127.0.0.0/8 );
-
对本地发出的邮件不进行内容过滤
-
$policy_bank{'MYNETS'} = { # mail originating from @mynetworks
-
originating => 1, # is true in MYNETS by default, but let's make it explicit
-
os_fingerprint_method => undef, # don't query p0f for internal clients
-
allow_disclaimers => 1, # enables disclaimer insertion if available
-
bypass_spam_checks_maps => [1],
-
bypass_banned_checks_maps => [1],
-
bypass_header_checks_maps => [1],
-
};
-
$sa_spam_modifies_subj = 0; # 当邮件被认为是垃圾邮件时,是否修改邮件的主题
-
$remove_existing_x_scanned_headers= 1; # 凡是经过 Amavisd 过滤的邮件,都会在邮件头中被加入一行邮件头信息
-
$remove_existing_spam_headers = 1;
-
# 修改投递/拦截的方法:
-
$final_virus_destiny = D_DISCARD;
-
$final_banned_destiny = D_DISCARD;
-
$final_spam_destiny = D_PASS;
-
$final_bad_header_destiny = D_PASS
# 配置Amavisd与Clamav结合
-
@av_scanners = (
-
['ClamAV-clamd',
-
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
-
qr/\bOK$/, qr/\bFOUND$/,
-
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
-
);
-
-
-
@av_scanners_backup = (
-
['ClamAV-clamscan', 'clamscan',
-
"--stdout --no-summary -r --tempdir=$TEMPBASE {}",
-
[0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
-
)
amavisd.conf常用参数说明:
-
$max_servers = 10; 设置最大可使用的进程数
-
$sa_spam_subject_tag = '[SPAM] '; 加 [SPAM] 标记
-
$mydomain = 'mail.extmail.org'; 设置域名
-
$myhostname = 'mail.extmail.org'; 设置主机名
-
@local_domains_maps = qw(.); 对所有的域检查
-
$sa_tag2_level_deflt = 5.0; 超过这个分数,允许在邮件标题加入[SPAM] 标记
-
$sa_kill_level_deflt = 5.0; 超过这个分数,直接將信件备份后删除
-
$final_virus_destiny: 检测到病毒时的动作
-
$final_banned_destiny: 检测到受禁止的内容时的动作
-
$final_spam_destiny: 检测到垃圾邮件、广告邮件(spam)时的动作
-
$final_bad_header_destiny: 检测到不良信件时的动作
-
默认有以下几种动作:
-
D_PASS: 无论信件是否有问题,都会将信件发给收件人
-
D_DISCARD: 信件将被丢弃,并且不会告知收件人及发件人
-
D_BOUNCE: 信件不会发送给收件人,但会通知发件人邮件没有被投递
-
D_REJECT: 邮件不会被投递给收件人,但会通知发件人邮件被拒绝
-
-
注意事项:
上述$mydomain参数与$myhostname参数相同,主要是为了方便之后的病毒/垃圾汇报邮件发给系统管理员时,能投递到本地的别名里,再转交到虚拟域的特定用户。
5、配置Postfix 集成amavisd-new
增加邮件别名
shell
# vi /etc/postfix/aliases
增加如下信息,注意:默认的aliases数据库里已有一条virusalert的别名,请删除,再输入下面的别名记录,并确保所有记录都是唯一的:
-
virusalert: root
-
spam.police: root
-
postfix: test@extmail.org
保存并执行newaliases命令生成新的别名数据库,重新启动amavisd:
shell
# newaliases
# service amavisd restart
编辑master.cf文件:
shell
# vi /etc/postfix/master.cf
增加如下内容:
-
smtp-amavis unix - - n - 3 smtp
-
-o smtp_data_done_timeout=1200
-
-o smtp_send_xforward_command=yes
-
-o disable_dns_lookups=yes
-
-o max_use=10
-
-
-
127.0.0.1:10025 inet n - n - - smtpd
-
-o content_filter=
-
-o local_recipient_maps=
-
-o relay_recipient_maps=
-
-o smtpd_restriction_classes=
-
-o smtpd_client_restrictions=
-
-o smtpd_helo_restrictions=
-
-o smtpd_sender_restrictions=
-
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-
-o mynetworks=127.0.0.0/8
-
-o strict_rfc821_envelopes=yes
-
-o smtpd_error_sleep_time=0
-
-o smtpd_soft_error_limit=1001
-
-o smtpd_hard_error_limit=1000
-
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
编辑main.cf文件:
shell
# vi /etc/postfix/main.cf
增加如下内容:
-
# Content-Filter
-
content_filter = smtp-amavis:[127.0.0.1]:10024
-
receive_override_options = no_address_mappings
注意:receive_override_options 这里必须增加,禁止地址展开/影射,否则如果遇到别名的时候会引起冗余邮件的产生。
重启postfix :
shell
# service postfix restart
重新启动amavisd:
shell
# service amavisd restart
6、测试Clamav
shell
# telnet localhost 25
其过程如下:
-
Trying 127.0.0.1...
-
Connected to localhost.localdomain (127.0.0.1).
-
Escape character is '^]'.
-
220 mail.extmail.org ESMTP Postfix - by extmail.org
-
mail from:<postmaster@extmail.org> << 输入内容
-
250 2.1.0 Ok
-
rcpt to:<test@extmail.org> << 输入内容
-
250 2.1.5 Ok
-
data << 输入内容
-
354 End data with .
-
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* << 输入内容
-
.
-
250 2.0.0 Ok: queued as BC24E85260
-
quit << 输入内容
-
221 2.0.0 Bye
-
Connection closed by foreign host.
在邮件日志里,应该有相应的信息出现:
-
Mar 22 06:43:15 localhost amavis[15405]: (15405-01) Blocked INFECTED (Eicar-Test-Signature), [192.168.0.235] ->, quarantine:
-
virus-mI6vbjkWZ2Tz, Message-ID: <003401c88c1a$74706360$eb00a8c0@nbk00045>, mail_id: mI6vbjkWZ2Tz, Hits: -, size: 1757, 474 ms
如果看到类似这样的日志,表明Clamav+Amavisd-new工作正常。
阅读(1683) | 评论(0) | 转发(0) |