1、安装amavisd-new

shell

# yum install amavisd-new

设置相关目录权限:

shell

# chown -R amavis.amavis /var/spool/vscan/

2、配置SpamAssassin

Amavisd-new 通过Mail::SpamAssassin 模块来调用SA的功能,因此这里配置SA和常规配置SA软件有些区别,主要集中在修改local.cf文件上。

增加中文规则: 用于处理中文(简体)垃圾邮件。

shell

# wget -N -P /usr/share/spamassassin www.ccert.edu.cn/spam/sa/Chinese_rules.cf

设置规则自动更新:

shell

# /usr/bin/crontab -e

然后输入如下的内容:

0 0 1 * * wget -N -P /usr/share/spamassassin www.ccert.edu.cn/spam/sa/Chinese_rules.cf; /etc/init.d/amavisd restart 

存盘退出即可。最后运行以下调试命令以确认amavisd没有错误:

shell

# /usr/sbin/amavisd -c /etc/amavisd.conf debug

如果没有异常提示或报错退出则表示一切都正常,按ctrl+c终止,然后正常启动,若提示pid不存在等错误,不必理会。

设置amavisd开机自启:

shell

# service amavisd start
# chkconfig amavisd on

3、配置ClamAV

安装ClamAV

备注: 这里的ClamAV采用packages.sw.be站点的RPM包,因为EMOS里面的版本太旧,导致测试时老出问题。

编辑clamd.conf文件

shell

# vi /etc/clamd.conf

去掉 'LocalSocket /var/run/clamav/clamd.sock'的注释,并注释掉 'TCPSocket 3310',我们将使用unix socket而不是TCP,两者不可并存。
变动内容见下:

# Default: disabled
LocalSocket /var/run/clamav/clamd.sock

#TCPSocket 3310

设置相关目录权限:
将clamav加到amavis运行组里,并调整目录权限,否则clamav将无法扫描amavisd-new产生的临时文件

shell

# gpasswd -a clamav amavis
# usermod -G amavis clamav
# chown amavis.amavis /var/spool/vscan
# chmod 750 /var/spool/vscan
# chown amavis.amavis /var/spool/vscan/tmp
# chmod 750 /var/spool/vscan/tmp

默认的/var/spool/vscan 目录属性是:

drwxr-x---   5 amavis amavis

对于clamav用户而言,则无任何权限访问该目录,因此maillog里amavisd-new会提示:

May 19 08:38:53 as3 amavis[1752]: (01752-01) ask_av (ClamAV-clamd) FAILED - unexpected result: /var/spool/vscan/tmp/amavis-20050519T
083853-01752/parts: Access denied. ERROR\n
May 19 08:38:53 as3 amavis[1752]: (01752-01) WARN: all primary virus scanners failed, considering backups 

启动ClamAV及开机自启:

shell

# service clamd start
# freshclam –daemon

4、配置amavisd.con文件

修改amavisd.conf

shell

# vi /etc/amavisd.conf

修改的主要参数如下:

$mydomain = 'extmail.org';
$db_home   = "$MYHOME/db";
$lock_file = "$MYHOME/amavisd.lock";  # -L
$pid_file  = "$MYHOME/amavisd.pid";   # -P
$myhostname = 'mail.extmail.org';
@local_domains_maps = qw(.);
@mynetworks = qw( 127.0.0.0/8 );
对本地发出的邮件不进行内容过滤
$policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
  originating => 1,  # is true in MYNETS by default, but let's make it explicit
  os_fingerprint_method => undef,  # don't query p0f for internal clients
  allow_disclaimers => 1,  # enables disclaimer insertion if available
  bypass_spam_checks_maps => [1],
  bypass_banned_checks_maps => [1],
  bypass_header_checks_maps => [1],
};  
$sa_spam_modifies_subj = 0;            # 当邮件被认为是垃圾邮件时,是否修改邮件的主题
$remove_existing_x_scanned_headers= 1; # 凡是经过 Amavisd 过滤的邮件,都会在邮件头中被加入一行邮件头信息
$remove_existing_spam_headers = 1;
# 修改投递/拦截的方法:
$final_virus_destiny      = D_DISCARD;
$final_banned_destiny     = D_DISCARD;
$final_spam_destiny       = D_PASS;
$final_bad_header_destiny = D_PASS;
# 配置Amavisd与Clamav结合
@av_scanners = (
['ClamAV-clamd',
  \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
  qr/\bOK$/, qr/\bFOUND$/,
  qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);

@av_scanners_backup = (
  ['ClamAV-clamscan', 'clamscan',
    "--stdout --no-summary -r --tempdir=$TEMPBASE {}",
    [0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);

amavisd.conf常用参数说明:

$max_servers = 10;                   设置最大可使用的进程数
$sa_spam_subject_tag = '[SPAM] ';    加 [SPAM] 标记
$mydomain = 'mail.extmail.org';      设置域名
$myhostname = 'mail.extmail.org';    设置主机名
@local_domains_maps = qw(.);         对所有的域检查
$sa_tag2_level_deflt = 5.0;          超过这个分数,允许在邮件标题加入[SPAM] 标记
$sa_kill_level_deflt = 5.0;          超过这个分数,直接將信件备份后删除
$final_virus_destiny:                检测到病毒时的动作 
$final_banned_destiny:               检测到受禁止的内容时的动作 
$final_spam_destiny:                 检测到垃圾邮件、广告邮件(spam)时的动作 
$final_bad_header_destiny:          检测到不良信件时的动作 

默认有以下几种动作: 
D_PASS:                              无论信件是否有问题,都会将信件发给收件人 
D_DISCARD:                           信件将被丢弃,并且不会告知收件人及发件人 
D_BOUNCE:                            信件不会发送给收件人,但会通知发件人邮件没有被投递 
D_REJECT:                            邮件不会被投递给收件人,但会通知发件人邮件被拒绝 

注意事项:

上述$mydomain参数与$myhostname参数相同,主要是为了方便之后的病毒/垃圾汇报邮件发给系统管理员时,能投递到本地的别名里,再转交到虚拟域的特定用户。

5、配置Postfix 集成amavisd-new

增加邮件别名

shell

# vi /etc/postfix/aliases

增加如下信息,注意:默认的aliases数据库里已有一条virusalert的别名,请删除,再输入下面的别名记录,并确保所有记录都是唯一的:

virusalert:    root
spam.police:   root
postfix:       test@extmail.org

保存并执行newaliases命令生成新的别名数据库,重新启动amavisd:

shell

# newaliases
# service amavisd restart

编辑master.cf文件:

shell

# vi /etc/postfix/master.cf

增加如下内容:

smtp-amavis unix    -    -    n    -    3    smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=10

127.0.0.1:10025 inet    n       -       n       -       -       smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks

编辑main.cf文件:

shell

# vi /etc/postfix/main.cf

增加如下内容:

# Content-Filter
content_filter = smtp-amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings

注意:receive_override_options 这里必须增加,禁止地址展开/影射,否则如果遇到别名的时候会引起冗余邮件的产生。

重启postfix :

shell

# service postfix restart

重新启动amavisd:

shell

# service amavisd restart

6、测试Clamav

shell

# telnet localhost 25

其过程如下:

Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.extmail.org ESMTP Postfix - by extmail.org
mail from:<postmaster@extmail.org>     << 输入内容
250 2.1.0 Ok
rcpt to:<test@extmail.org>     << 输入内容
250 2.1.5 Ok
data     << 输入内容
354 End data with .
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*     << 输入内容
.
250 2.0.0 Ok: queued as BC24E85260
quit     << 输入内容
221 2.0.0 Bye
Connection closed by foreign host.

在邮件日志里,应该有相应的信息出现:

Mar 22 06:43:15 localhost amavis[15405]: (15405-01) Blocked INFECTED (Eicar-Test-Signature), [192.168.0.235] ->, quarantine: 
virus-mI6vbjkWZ2Tz, Message-ID: <003401c88c1a$74706360$eb00a8c0@nbk00045>, mail_id: mI6vbjkWZ2Tz, Hits: -, size: 1757, 474 ms

如果看到类似这样的日志,表明Clamav+Amavisd-new工作正常。

 
拾貳、配置内容、病毒过滤.txt · 最后更改: 2012/10/23 05:47 由 shaobo
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki