May 12, 2006
在postfix下编译安装amavisd-new+clamav+SpamAssassin
前几天给大家介绍了postfix + cyrus-sasl2 + courier-authlib + Courier-IMAP + postfixadmin和maidrop的安装,基本邮件系统已经可以使用,今天继续给大家讲怎么给postfix邮件系统加上防病毒和防垃圾邮件系统
1.安装clamav
wget http://keihanna.dl.sourceforge.net/sourceforge/clamav/clamav-0.88.tar.gz
groupadd clamav
useradd -g clamav -s/bin/false -d/dev/null clamav
./configure --prefix=/usr/local/clamav --with-dbdir=/usr/local/share/clamav
make
make check
make install
vi /usr/local/clamav/etc/clamd.conf
LogSyslog
LogVerbose
LogFacility LOG_MAIL
LogFile /var/log/clamav/clamd.log
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /usr/local/share/clamav
LocalSocket /var/run/clamav/clamd
StreamMaxLength 10M
User amavis
ScanMail
ScanArchive
ScanRAR
vi /usr/local/clamav/etc/freshclam.conf
DatabaseDirectory /usr/local/share/clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogSyslog
LogVerbose
DatabaseOwner amavis
Checks 12
DatabaseMirror db.CN.clamav.net
DatabaseMirror database.clamav.net
NotifyClamd
注意:注释掉两个文件中Example那行
添加amavis用户和组,配合amavisd使用
groupadd amavis
useradd -g amavis -s /bin/false -c "Amavis User" -d /dev/null amavis
创建日志文件夹并设置权限
mkdir /var/log/clamav
chmod -R 744 /var/log/clamav
chown -R amavis:amavis /var/log/clamav
chown -R amavis.amavis /usr/local/share/clamav
mkdir /var/run/clamav
chmod 700 /var/run/clamav
chown amavis.amavis /var/run/clamav
手动更新病毒库
/usr/local/clamav/bin/freshclam
设置自动更新病毒库
crontab -e
0 4 * * * root /usr/local/clamav/bin/freshclam --quiet -l /var/log/clamd.log
启动
# /usr/local/clamav/sbin/clamd
2.安装amavisd
wget http://www.ijs.si/software/amavisd/amavisd-new-2.4.1.tar.gz
升级file,可以通过file -v看一下版本,要求4.06版本以上
wget ftp://ftp.astron.com/pub/file/file-4.17.tar.gz
安装以下文件,这些都是安装amavisd需要的
perl -MCPAN -e shell
cpan>install Archive::Tar
cpan>install Archive::Zip
cpan>install Compress::Zlib
cpan>install Convert::UUlib
cpan>install MIME::Base64
cpan>install Mail::Internet
cpan>install Net::Server
cpan>install Net::SMTP
cpan>install Digest::MD5
cpan>install IO::Stringy
cpan>install Time::HiRes
cpan>install Unix::Syslog
cpan>install BerkeleyDB
cpan>install Convert::TNEF
cpan>install MIME::Parser
cpan>install MIME::Tools
升级perl到最新版本,至少5.8.2以上版本
wget http://www.perl.com/CPAN/src/stable.tar.gz
tar zvxf stable.tar.gz
cd perl-5.8.8
./configure.gnu --prefix=/usr -Dpager="/bin/less -isR"
make
make test 测试一下,没问题后再install
make install
注意升级perl的话,可能会造成系统的其他perl应用不正常,请慎重升级,一般redhat9.0默认的5.8.0应该也没问题
mkdir -p /var/amavis /var/amavis/tmp /var/amavis/var /var/amavis/db /var/amavis/home
chown -R amavis:amavis /var/amavis
chmod -R 750 /var/amavis
cp amavisd /usr/local/sbin/
chown root /usr/local/sbin/amavisd
chmod 755 /usr/local/sbin/amavisd
cp amavisd.conf /etc/
chown root /etc/amavisd.conf
chmod 644 /etc/amavisd.conf
mkdir /var/virusmails
chown amavis:amavis /var/virusmails
chmod 750 /var/virusmails
#=====================================
修改 /etc/amavisd.conf
$mydomain = 'example.com';
$virus_admin = "postmaster\@$mydomain"; # notifications recip.
$mailfrom_notify_admin = "postmaster\@$mydomain"; # notifications sender
$mailfrom_notify_recip = "postmaster\@$mydomain"; # notifications sender
$mailfrom_notify_spamadmin = "postmaster\@$mydomain"; # notifications sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
加入对Clamav 的支持
# ### http://www.clamav.net/
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
3.安装SpamAssassin
perl -MCPAN -e shell
cpan>install Digest::SHA1
cpan>install HTML::Parser
cpan>install Net::DNS
cpan>install Mail::SPF::Query
cpan>install IP::Country
cpan>install Net::Ident
cpan>install IO::Socket::INET6
cpan>install IO::Socket::SSL
cpan>install DBI
cpan>install LWP::UserAgent
cpan>install Mail::SpamAssassin
SA的配置我这里不讲了,如果你想了解一点,也可参考我在这里的blog笔记
测试amavis
# /usr/local/sbin/amavisd debug
启动停止服务
# /usr/local/sbin/amavisd start|stop
4.让postfix使用amavisd
在/usr/local/etc/postfix/main.cf 加入
content_filter = smtp-amavis:[127.0.0.1]:10024
在/usr/local/etc/postfix/master.cf 加入
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
#============================================
参考文档
http://www.xjtusky.com/article.asp?id=109
http://genco.gen.tc/postfix_virtual.php#amavisdclamav
http://www.toping.net/bbs/htm_data/10/0602/1042.html
http://www.freespamfilter.org/FC4.html
August 21, 2005
难道google也发垃圾评论
今天到后台一看,居然多出这么多评论,但更加让我觉得惊讶的是,居然跟google有关。
难道google也要发一些垃圾评论,还是人为的在诋毁google,真是不可思议。
居然所有留言都指向www.google.com
July 15, 2005
让CBL结合SpamAssassin使用
中国反垃圾邮件联盟的实时黑名单服务(RBL) —— CBL/CDL/CBL+/CBL-相信很多邮件服务器的管理员都在用,在其官方的使用说明中,有关qmail的使用,只是在smtp启动教本设置了使用rbl检查。有个弊端,就是可能误杀正常邮件。我个人认为还是把邮件都收下来(当然你的邮件服务器如果用户俩巨大的话,不用考虑我的情况)然后让邮件都打上“垃圾邮件”的标示,让用户用客户端软件的过虑策略自己去处理。
其实SpamAssassin本身自带rbl的检测,当然你得在local.cf打开skip_rbl_checks ,默认是检查rbl的
skip_rbl_checks 0
然后我们在/usr/share/spamassassin/ 修改20_dnsbl_tests.cf
添加以下语句
# CBL
# URL: http://www.anti-spam.org.cn/
header RCVD_IN_CBL eval:check_rbl('cbl+', 'cblplus.anti-spam.org.cn.')
describe RCVD_IN_CBL Received via a relay in cblplus.anti-spam.org.cn
tflags RCVD_IN_CBL net
ok,重启spamd服务,这样SpamAssassin就可以使用cbl的服务了
注:要使用cbl的服务,还得先去他们的网站进行注册,否则是用不了的
July 14, 2005
SpamAssassin的简单应用
这里我们只讲SpamAssassin的简单应用,就是利用SpamAssassin的规则集把垃圾邮件标注为垃圾邮件,然后在客户端outlook用策略把带有垃圾邮件字符的邮件自动转移到垃圾邮件目录。
参看文章
CCERT中文垃圾邮件过滤规则集
试验环境:redhat9.0
前提条件:已经安装好qmail,本文已经搭建的环境是qmail+vpopmail+igeus
1:安装SpamAssassin
安装方法1:直接通过CPAN安装
perl -MCPAN -e shell
install Mail::SpamAssassin
2:自己编译安装
去http://spamassassin.apache.org下载最新版本的软件
解压后:# perl Makefile.PL
# make
# make install
如果make过程中报错,可以参看此文解决相关问题http://blog.5ilinux.com/archives/2005/07/spamassassin.html
3:配置local.cf文件
# vi /etc/mail/spamassassin/local.cf
# How many hits before a message is considered spam.
required_hits 9.5# Text to prepend to subject if rewrite_subject is used
rewrite_header Subject *****垃圾邮件*****# Encapsulate spam in an attachment
report_safe 1# Enable the Bayes system
use_bayes 1# Enable Bayes auto-learning
bayes_auto_learn 1# Enable or disable network checks
skip_rbl_checks 1
use_razor2 0
use_dcc 0
use_pyzor 0# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_languages all# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales all
关于SpamAssassin的配置文件,可参考SpamAssassin 3.x 配置指南(中文版)
4:下载垃圾邮件中文规则集
wget -N -P /usr/share/spamassassin www.ccert.edu.cn/spam/sa/Chinese_rules.cf
5:qmail和SpamAssassin的结合
在SpamAssassin 3.x 的spamc 目录下编译qmail-spamc
# cc -O -o qmail-spamc qmail-spamc.c
# install -m 755 qmail-spamc /var/qmail/bin
# ln -s /var/qmail/bin/qmail-queue /usr/bin/qmail-queue
编辑 /etc/tcp.smtp 如下
127.:allow,RELAYCLIENT=""
:allow,QMAILQUEUE="/var/qmail/bin/qmail-spamc"
然后:
tcprules tcp.smtp.cdb tcp.smtp.tmp < tcp.smtp
在编译目录spamd目录下
mv redhat-rc-script.sh /etc/rc.d/init.d/spamd
启动spamd
/etc/rc.d/init.d/spamd start
这样SpamAssassin会根据规则集自动判断垃圾邮件,把认为潜在可能的垃圾邮件打上****垃圾邮件****的标,一目了然,至于客户端outlook怎么设置策略自动转移垃圾邮件,就不用我说了吧。
July 12, 2005
安装SpamAssassin遇到问题的解决
编译安装SpamAssassin过程中:
报以下错误
[root@www Mail-SpamAssassin-3.0.4]# perl Makefile.PL
What email address or URL should be used in the suspected-spam report
text for users who want more information on your filter installation?
(In particular, ISPs should change this to a local Postmaster contact)
default text: [the administrator of that system]
Check network rules during 'make test' (test scripts may fail due to
network problems)? (y/n) [n] y
Warning: prerequisite Digest::SHA1 0 not found.
Writing Makefile for Mail::SpamAssassin
Makefile written by ExtUtils::MakeMaker 6.03
[root@www Mail-SpamAssassin-3.0.4]# make
/usr/bin/perl spamc/configure.pl --prefix="/usr" --sysconfdir="/etc/mail/spamassassin" --datadir="/usr/share/spamassassin" --enable-ssl="no"
cd spamc
/usr/bin/perl version.h.pl
version.h.pl: creating version.h
spamc/configure.pl: version.h.pl: Failed to get the version from Mail::SpamAssassin.
Please use the --with-version= switch to specify it manually.
The error was:
version.h.pl: version.h.pl: version.h.pl: version.h.pl: version.h.pl: version.h.pl: version.h.pl: Can't locate Digest/SHA1.pm in @INC (@INC contains: ../lib /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl .) at ../lib/Mail/SpamAssassin/EvalTests.pm line 33.
BEGIN failed--compilation aborted at ../lib/Mail/SpamAssassin/EvalTests.pm line 33.
Compilation failed in require at ../lib/Mail/SpamAssassin/PerMsgStatus.pm line 56.
BEGIN failed--compilation aborted at ../lib/Mail/SpamAssassin/PerMsgStatus.pm line 56.
Compilation failed in require at ../lib/Mail/SpamAssassin.pm line 74.
BEGIN failed--compilation aborted at ../lib/Mail/SpamAssassin.pm line 74.
Compilation failed in require at version.h.pl line 27.
make: *** [spamc/Makefile] Error 2
解决办法:
根据perl时的错误提示是找不到Warning: prerequisite Digest::SHA1 0 not found.所以我们安装Digest::SHA1
安装后,重新编译,顺利编译SpamAssassin
July 11, 2005
spamassassin的中文垃圾邮件过滤规则集
我想每个邮件服务器的管理员最大的烦恼就是日益增多的垃圾邮件,以前国外报道垃圾邮件怎么怎么影响工作,似乎没怎么感受,好像离的好远,可现在每天上班头一件事就是处理多达好几百的垃圾邮件,已经成为我每天特头疼的事情。
决定这几天对我的qmal邮件系统动刀,解决日益严重的垃圾邮件问题。初步定位为qmail + vpopmail + maildrop + spamassassin 实现邮件过滤的方案。
另外还发现了一份spamassassin的中文垃圾邮件过滤规则集,我想应该会对自己有用。
CCERT反垃圾邮件研究小组利用CCERT所掌握的最新和丰富的样本数据,推出了第一个基于SpamAssassin的中文垃圾邮件过滤规则集Chinese_rules.cf。该规则集每周更新一次,时效性非常好。
Chinese_rules.cf是在SpamAssassin 官方网站上发布的第一个中文垃圾邮件过滤规则集,也是用Google,Yahoo,百度,MSN搜索“中文垃圾邮件过滤”时所返回的第一条结果。
下载Chinese_rules.cf
CCERT中文垃圾邮件解决方案 CCERT-Anti-Spam-Solutions.pdf