Postfix+Amavisd-new+SpamAssassin+Clamav

一、安装Amavisd-new+SpamAssassin

说明:amavisd-new是介于MTA与邮件分析软件(如sa、clama)之间的一个接口;可以将位于队列的邮件取出来,调用ClamAV对邮件进行病毒扫描,调用SpamAssassin对邮件内容进行过滤 。

官方网站:

http://www.ijs.si/software/amavisd/

安装参考:

http://www.shisaa.jp/postset/mailserver-3.html

http://www.postfixvirtual.net/postfixantivirus.html#amavisdnew

1、安装yum源

[root@mail ~]# rpm -Uvh http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

注意:根据系统版本(centos6.6_64bit)选择安装相应目录(e16、x86_64)下的源。

2、安装amavisd-new  spamassassin

说明:最新的RPM包版本是2.8.0,有个BUG会报(!)auto-learning错误,因此建议安装2.6.6版本。

或者在官方主页上下载最新2.10.0版本源码包进行编译安装,不过比较麻烦而且容易出错。

[root@mail ~]# yum install amavisd-new-2.6.6
================================================================================
 Package                     Arch     Version                  Repository  Size
================================================================================
Installing:
 amavisd-new                 x86_64   2.6.6-3.el6.rf           rpmforge   816 k
Installing for dependencies:
 arj                         x86_64   3.10.22-2.el6.rf         rpmforge   186 k
 perl-Archive-Tar            x86_64   1.58-136.el6_6.1         updates     73 k
 perl-Archive-Zip            noarch   1.30-2.el6               base       107 k
 perl-BerkeleyDB             x86_64   0.43-1.el6.rf            rpmforge   296 k
 perl-Compress-Raw-Zlib      x86_64   1:2.021-136.el6_6.1      updates     69 k
 perl-Compress-Zlib          x86_64   2.021-136.el6_6.1        updates     45 k
 perl-Convert-BinHex         noarch   1.119-10.1.el6           base        43 k
 perl-Convert-TNEF           noarch   0.18-1.el6.rf            rpmforge    18 k
 perl-Convert-UUlib          x86_64   1:1.34-1.el6.rf          rpmforge   303 k
 perl-Crypt-OpenSSL-Bignum   x86_64   0.04-8.1.el6             base        34 k
 perl-Crypt-OpenSSL-RSA      x86_64   0.25-10.1.el6            base        37 k
 perl-Crypt-OpenSSL-Random   x86_64   0.04-9.1.el6             base        22 k
 perl-Digest-HMAC            noarch   1.01-22.el6              base        22 k
 perl-Digest-SHA1            x86_64   2.12-2.el6               base        49 k
 perl-Encode-Detect          x86_64   1.01-2.el6               base        80 k
 perl-IO-Compress-Base       x86_64   2.021-136.el6_6.1        updates     69 k
 perl-IO-Compress-Zlib       x86_64   2.021-136.el6_6.1        updates    135 k
 perl-IO-Socket-INET6        noarch   2.56-4.el6               base        17 k
 perl-IO-Socket-SSL          noarch   1.31-2.el6               base        69 k
 perl-IO-Zlib                x86_64   1:1.09-136.el6_6.1       updates     33 k
 perl-IO-stringy             noarch   2.110-10.1.el6           base        68 k
 perl-MIME-tools             noarch   5.427-4.el6              base       247 k
 perl-Mail-DKIM              noarch   0.37-2.el6               base       121 k
 perl-Net-DNS                x86_64   0.65-5.el6               base       232 k
 perl-Net-LibIDN             x86_64   0.12-3.el6               base        35 k
 perl-Net-SSLeay             x86_64   1.35-9.el6               base       173 k
 perl-Net-Server             noarch   0.99-1.el6.rf            rpmforge   171 k
 perl-NetAddr-IP             x86_64   4.027-7.el6              base        96 k
 perl-Package-Constants      x86_64   1:0.02-136.el6_6.1       updates     26 k
 perl-Socket6                x86_64   0.23-4.el6               base        27 k
 perl-Test-Mock-LWP          noarch   0.05-1.el6.rf            rpmforge    18 k
 perl-Test-MockObject        noarch   1.09-4.el6               base        32 k
 perl-UNIVERSAL-can          noarch   1.15-1.el6               base        12 k
 perl-UNIVERSAL-isa          noarch   1.03-1.el6               base        11 k
 perl-URI                    noarch   1.40-2.el6               base       117 k
 perl-Unix-Syslog            x86_64   1.1-1.el6.rf             rpmforge    56 k
 perl-libwww-perl            noarch   5.833-2.el6              base       387 k
 procmail                    x86_64   3.22-25.1.el6_5.1        base       162 k
 ripole                      x86_64   0.2.0-1.2.el6.rf         rpmforge    44 k
 spamassassin                x86_64   3.3.1-3.el6              base       1.1 M
 unrar                       x86_64   5.0.3-1.el6.rf           rpmforge   124 k
 zoo                         x86_64   2.10-2.2.el6.rf          rpmforge    76 k
Transaction Summary
================================================================================
Install      43 Package(s)

说明:依赖的软件包比较多,而且大部分本地系统盘中没有,需要到CPAN安装,因此使用源码包安装非常麻烦。

安装后生成了以下内容:

    用户和组:amavis.amavis

    家目录:/var/amavis/{db,tmp,var}

    配置文件:/etc/amavisd.conf

    启动进程:/usr/sbin/amavisd

    spamassassin规则目录:/usr/share/spamassassin

    spamassassin配置目录:/etc/mail/spamassassin

3、安装clamav

[root@mail ~]# yum install clamav clamd
================================================================================
 Package          Arch          Version                   Repository       Size
================================================================================
Installing:
 clamav           x86_64        0.98.4-1.el6.rf           rpmforge        2.4 M
 clamd            x86_64        0.98.4-1.el6.rf           rpmforge         158 k
Installing for dependencies:
 clamav-db        x86_64        0.98.4-1.el6.rf           rpmforge         34 M
Transaction Summary
================================================================================
Install       3 Package(s)

安装后生成了以下内容:

    用户和组clamav

    数据库目录/var/clamav

    临时目录/var/tmp  

    配置文件/etc/clamd.conf

    启动程序/usr/sbin/clamd

    PID文件/var/run/clamav/clamd.pid

    SOCK文件/var/run/clamav/clamd.sock

    日志文件/var/log/clamav/clamd.log

4、配置SASpamAssassin

(1)给SA增加中文规则

官方地址现在已经不提供文件下载了

www.ccert.edu.cn/spam/sa/Chinese_rules.cf.bak

参考文档:

http://www.securitycn.net/html/Plan/Solution/276.html

规则文件下载:

http://www.securitycn.net/img/uploadimg/20060329/Chinese_rules.cf

[root@mail ~]# cd /usr/share/spamassassin
[root@mail spamassassin]# wget http://www.securitycn.net/img/uploadimg/20060329/Chinese_rules.cf
[root@mail spamassassin]# vi /etc/mail/spamassassin/local.cf
rewrite_header Subject *****SPAM*****
report_safe 0 
required_score 5.0

(2)更新SA训练库

[root@mail ~]# sa-update

已默认设置了计划任务,每日4点10更新:

[root@mail ~]# cat /etc/cron.d/sa-update

10 4 * * * root /usr/share/spamassassin/sa-update.cron 2>&1 | tee -a /var/log/sa-update.log

查看更新日志:

[root@mail ~]# tail /var/log/sa-update.log

会出现一些无法下载更新的报错。

5、配置Amavisd

[root@mail ~]# vi /etc/amavisd.conf
#基本设置,amavisd使用10024端口
$max_servers = 10;
$daemon_user = 'amavis'; 
$daemon_group = 'amavis'; 
$mydomain = 'yourmail.com';
$myhostname = 'mail.yourmail.com';
$MYHOME = '/var/amavis';
$db_home   = "$MYHOME/db";
$lock_file = "$MYHOME/var/amavisd.lock";
$pid_file  = "$MYHOME/var/amavisd.pid";
@local_domains_maps =  ( [".$mydomain"] ); # = qw(.); #对所有的域检查
@mynetworks = qw( 127.0.0.0/8 );     #本地网段
#修改判定垃圾邮件的分数
$sa_tag_level_deflt  = 2.0;  #添加SPAM标题
$sa_tag2_level_deflt = 6.2;  #添加垃圾邮件信头
$sa_kill_level_deflt = 6.9;  #將信件备份后删除
# 修改投递/拦截的方法:
$final_virus_destiny      = D_BOUNCE; #检测到病毒,拦截并通知发件
$final_banned_destiny     = D_BOUNCE; #检测到受禁止的内容,拦截并通知发件
$final_spam_destiny       = D_PASS; #垃圾邮件,不拦截,后面会设置maildroprc将垃圾邮件移动到垃圾箱
$final_bad_header_destiny = D_PASS; #不良信件头,不拦截
#D_DISCARD丢弃且不通知;D_REJECT拒绝投递并通知发件人
# 配置Amavisd与Clamav结合
['ClamAV-clamd',
  \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"], #/etc/clamd.conf定义了sock路径
  qr/\bOK$/, qr/\bFOUND$/,
  qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

调试amavisd程序和配置是否正确

[root@mail ~]# /usr/sbin/amavisd -c /etc/amavisd.conf debug
Dec  5 15:06:03.789 mail.yourmail.com /usr/sbin/amavisd[33379]: logging initialized, log level 0, syslog: amavis.mail
Dec  5 15:06:03.794 mail.yourmail.com /usr/sbin/amavisd[33379]: run_command: [33380] /usr/bin/uptime </dev/null 2>/dev/null
Dec  5 15:06:03.827 mail.yourmail.com /usr/sbin/amavisd[33379]: system uptime 2 4:12:00:  15:06:03 up 2 days,  4:12,  5 users,  load average: 0.00, 0.00, 0.00
Dec  5 15:06:03.827 mail.yourmail.com /usr/sbin/amavisd[33379]: Valid PID file (younger than sys uptime 2 4:12:00)
Dec  5 15:06:03.828 mail.yourmail.com /usr/sbin/amavisd[33379]: The amavisd daemon is already running, PID: [33061]
The amavisd daemon is already running, PID: [33061]

没有异常提示或报错退出则表示一切都正常

6、配置ClamAV

(1)修改目录权限

[root@mail ~]# chown -R clamav:clamav /var/run/clamav

(2)将clamav用户加入amavis组

[root@mail ~]# usermod -G amavis clamav
[root@mail ~]# groups clamav
clamav : clamav amavis

一定要检查下clamav是否加入了amavis组,否则病毒邮件测试时会报权限错误

(3)更新病毒库

[root@mail ~]# /usr/bin/freshclam
ClamAV update process started at Fri Dec  5 15:08:06 2014
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.98.4 Recommended version: 0.98.5
DON''T PANIC! Read http://www.clamav.net/support/faq
main.cld is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Downloading daily-19727.cdiff [100%]
Downloading daily-19728.cdiff [100%]
Downloading daily-19729.cdiff [100%]                                                 #]
daily.cld updated (version: 19729, sigs: 1282958, f-level: 63, builder: neo)
bytecode.cvd is up to date (version: 242, sigs: 46, f-level: 63, builder: dgoddard)
Database updated (3707229 signatures) from db.cn.clamav.net (IP: 202.118.1.66)
Clamd successfully notified about the update.

说明:提示你安装最新版本0.98.5,不用管它,成功下载cdiff病毒库文件就行。

(4)设置定时更新

[root@mail ~]# vi /etc/cron.d/freshclam
30 4 * * * root /usr/bin/freshclam

7、配置Postfix集成amavisd

(1)创建病毒垃圾邮箱

在extman中给postmaster添加别名,即/etc/amavisd.conf中定义的病毒和垃圾收集邮箱virusalert、spam.police

wKioL1SSV6DQjAlXAAKTLlTxUwM230.jpg

这里还添加了root和admin别名,也可以在别名库中设置(/etc/aliases)。

(2)设置smtp-amavis进程和回注进程

[root@mail ~]# vi /etc/postfix/master.cf
#邮件传送给amavis进行扫描
smtp-amavis unix    -    -    n    -    10   smtp 
#10表示maxproc,对应amavisd.conf中的$max_servers
  -o smtp_data_done_timeout=1200 
  #超时时间,单位秒,应比postfix的超时时间更长
  -o smtp_send_xforward_command=yes
  -o disable_dns_lookups=yes
  -o max_use=20
#amavis扫描完成后,使用一个单独的smtp进程将mail回注给postfix,只要本地10025上运行,因此不用开放端口
127.0.0.1:10025 inet    n       -       n       -       -       smtpd
  -o content_filter=
  -o smtpd_delay_reject=no
  -o smtpd_client_restrictions=permit_mynetworks,reject
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o smtpd_data_restrictions=reject_unauth_pipelining
  -o smtpd_end_of_data_restrictions=
  -o smtpd_restriction_classes=
  -o mynetworks=127.0.0.0/8
  -o smtpd_error_sleep_time=0
  -o smtpd_soft_error_limit=1001
  -o smtpd_hard_error_limit=1000
  -o smtpd_client_connection_count_limit=0
  -o smtpd_client_connection_rate_limit=0
  -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
  -o local_header_rewrite_clients=
  -o smtpd_milters=
  -o local_recipient_maps=
  -o relay_recipient_maps=

(3)设置Postfix内容过滤器:

[root@mail ~]# vi /etc/postfix/main.cf
# Postfix将邮件传递给amavisd检查
content_filter = smtp-amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings

8、启动进程

先停止postfix服务:

[root@mail ~]# service postfix stop
[root@mail ~]# /etc/init.d/spamassassin start
[root@mail ~]# netstat -tnlp |grep 783
tcp        0      0 127.0.0.1:783               0.0.0.0:*                   LISTEN      31943/spamd.pid
[root@mail ~]# /etc/init.d/clamd start
[root@mail ~]# netstat -tnlp |grep 3310
tcp        0      0 127.0.0.1:3310              0.0.0.0:*                   LISTEN      31983/clamd
[root@mail ~]# /etc/init.d/amavisd start
[root@mail ~]# netstat -tnlp | grep 10024
tcp        0      0 127.0.0.1:10024             0.0.0.0:*                   LISTEN      32121/amavisd (mast 
tcp        0      0 ::1:10024                   :::*                        LISTEN      32121/amavisd (mast

启动和重载amavisd时可以查看日志是否有报错:

[root@mail ~]# tail /var/log/maillog
Dec 11 09:08:28 mail amavis[17768]: starting.  /usr/sbin/amavisd at mail.yourmail.com amavisd-new-2.6.6 (20110518), Unicode aware, LANG="zh_CN.UTF-8"
Dec 11 09:08:28 mail amavis[17768]: Perl version               5.010001
Dec 11 09:08:28 mail amavis[17768]: Perl version               5.010001
Dec 11 09:08:29 mail amavis[17769]: Net::Server: Group Not Defined.  Defaulting to EGID '491 491'
Dec 11 09:08:29 mail amavis[17769]: Net::Server: User Not Defined.  Defaulting to EUID '494'
Dec 11 09:08:29 mail amavis[17769]: Module Amavis::Conf        2.209
Dec 11 09:08:29 mail amavis[17769]: Module Archive::Zip        1.39
Dec 11 09:08:29 mail amavis[17769]: Module BerkeleyDB          0.54
Dec 11 09:08:29 mail amavis[17769]: Module Compress::Zlib      2.066
Dec 11 09:08:29 mail amavis[17769]: Module Convert::TNEF       0.18
Dec 11 09:08:29 mail amavis[17769]: Module Convert::UUlib      1.4
Dec 11 09:08:29 mail amavis[17769]: Module Crypt::OpenSSL::RSA 0.28
Dec 11 09:08:29 mail amavis[17769]: Module DB_File             1.831
Dec 11 09:08:29 mail amavis[17769]: Module Digest::MD5         2.39
Dec 11 09:08:29 mail amavis[17769]: Module Digest::SHA         5.47
Dec 11 09:08:29 mail amavis[17769]: Module IO::Socket::INET6   2.72
Dec 11 09:08:29 mail amavis[17769]: Module MIME::Entity        5.505
Dec 11 09:08:29 mail amavis[17769]: Module MIME::Parser        5.505
Dec 11 09:08:29 mail amavis[17769]: Module MIME::Tools         5.505
Dec 11 09:08:29 mail amavis[17769]: Module Mail::DKIM::Signer  0.4
Dec 11 09:08:29 mail amavis[17769]: Module Mail::DKIM::Verifier 0.4
Dec 11 09:08:29 mail amavis[17769]: Module Mail::Header        2.14
Dec 11 09:08:29 mail amavis[17769]: Module Mail::Internet      2.14
Dec 11 09:08:29 mail amavis[17769]: Module Mail::SpamAssassin  3.004000
Dec 11 09:08:29 mail amavis[17769]: Module Net::DNS            0.81
Dec 11 09:08:29 mail amavis[17769]: Module Net::Server         2.008
Dec 11 09:08:29 mail amavis[17769]: Module NetAddr::IP         4.075
Dec 11 09:08:29 mail amavis[17769]: Module Socket6             0.25
Dec 11 09:08:29 mail amavis[17769]: Module Time::HiRes         1.9721
Dec 11 09:08:29 mail amavis[17769]: Module URI                 1.65
Dec 11 09:08:29 mail amavis[17769]: Module Unix::Syslog        1.1
Dec 11 09:08:29 mail amavis[17769]: Amavis::DB code      loaded
Dec 11 09:08:29 mail amavis[17769]: Amavis::Cache code   loaded
Dec 11 09:08:29 mail amavis[17769]: SQL base code        NOT loaded
Dec 11 09:08:29 mail amavis[17769]: SQL::Log code        NOT loaded
Dec 11 09:08:29 mail amavis[17769]: SQL::Quarantine      NOT loaded
Dec 11 09:08:29 mail amavis[17769]: Lookup::SQL code     NOT loaded
Dec 11 09:08:29 mail amavis[17769]: Lookup::LDAP code    NOT loaded
Dec 11 09:08:29 mail amavis[17769]: AM.PDP-in proto code loaded
Dec 11 09:08:29 mail amavis[17769]: SMTP-in proto code   loaded
Dec 11 09:08:29 mail amavis[17769]: Courier proto code   NOT loaded
Dec 11 09:08:29 mail amavis[17769]: SMTP-out proto code  loaded
Dec 11 09:08:29 mail amavis[17769]: Pipe-out proto code  NOT loaded
Dec 11 09:08:29 mail amavis[17769]: BSMTP-out proto code NOT loaded
Dec 11 09:08:29 mail amavis[17769]: Local-out proto code loaded
Dec 11 09:08:29 mail amavis[17769]: OS_Fingerprint code  NOT loaded
Dec 11 09:08:29 mail amavis[17769]: ANTI-VIRUS code      loaded
Dec 11 09:08:29 mail amavis[17769]: ANTI-SPAM code       loaded
Dec 11 09:08:29 mail amavis[17769]: ANTI-SPAM-EXT code   NOT loaded
Dec 11 09:08:29 mail amavis[17769]: ANTI-SPAM-C code     NOT loaded
Dec 11 09:08:29 mail amavis[17769]: ANTI-SPAM-SA code    loaded
Dec 11 09:08:29 mail amavis[17769]: Unpackers code       loaded
Dec 11 09:08:29 mail amavis[17769]: DKIM code            loaded
Dec 11 09:08:29 mail amavis[17769]: Tools code           NOT loaded
Dec 11 09:08:29 mail amavis[17769]: Found $file            at /usr/bin/file
Dec 11 09:08:29 mail amavis[17769]: Found $altermime       at /usr/bin/altermime
Dec 11 09:08:29 mail amavis[17769]: Internal decoder for .mail
Dec 11 09:08:29 mail amavis[17769]: Internal decoder for .asc 
Dec 11 09:08:29 mail amavis[17769]: Internal decoder for .uue 
Dec 11 09:08:29 mail amavis[17769]: Internal decoder for .hqx 
Dec 11 09:08:29 mail amavis[17769]: Internal decoder for .ync 
Dec 11 09:08:29 mail amavis[17769]: Found decoder for    .F    at /usr/bin/unfreeze
Dec 11 09:08:29 mail amavis[17769]: Found decoder for    .Z    at /usr/bin/uncompress
Dec 11 09:08:29 mail amavis[17769]: Found decoder for    .gz   at /usr/bin/gzip -d
Dec 11 09:08:29 mail amavis[17769]: Found decoder for    .bz2  at /usr/bin/bzip2 -d
Dec 11 09:08:29 mail amavis[17769]: Found decoder for    .lzo  at /usr/bin/lzop -d
Dec 11 09:08:29 mail amavis[17769]: Found decoder for    .rpm  at /usr/bin/rpm2cpio
Dec 11 09:08:29 mail amavis[17769]: Found decoder for    .cpio at /usr/bin/pax
Dec 11 09:08:29 mail amavis[17769]: Found decoder for    .tar  at /usr/bin/pax
Dec 11 09:08:29 mail amavis[17769]: Found decoder for    .deb  at /usr/bin/ar
Dec 11 09:08:29 mail amavis[17769]: Internal decoder for .zip 
Dec 11 09:08:29 mail amavis[17769]: Found decoder for    .7z   at /usr/bin/7za
Dec 11 09:08:29 mail amavis[17769]: Found decoder for    .rar  at /usr/bin/unrar
Dec 11 09:08:29 mail amavis[17769]: Found decoder for    .arj  at /usr/bin/arj
Dec 11 09:08:29 mail amavis[17769]: Found decoder for    .arc  at /usr/bin/nomarch
Dec 11 09:08:29 mail amavis[17769]: Found decoder for    .zoo  at /usr/bin/zoo
Dec 11 09:08:29 mail amavis[17769]: Found decoder for    .lha  at /usr/bin/lha
Dec 11 09:08:29 mail amavis[17769]: Found decoder for    .cab  at /usr/bin/cabextract
Dec 11 09:08:29 mail amavis[17769]: No decoder for       .tnef tried: tnef
Dec 11 09:08:29 mail amavis[17769]: Internal decoder for .tnef
Dec 11 09:08:29 mail amavis[17769]: Found decoder for    .exe  at /usr/bin/unrar; /usr/bin/lha; /usr/bin/arj
Dec 11 09:08:29 mail amavis[17769]: Using primary internal av scanner code for ClamAV-clamd
Dec 11 09:08:29 mail amavis[17769]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Dec 11 09:08:29 mail amavis[17769]: Creating db in /var/amavis/db/; BerkeleyDB 0.54, libdb 4.7

Net::Server: Group Not Defined警告不用理会,它会使用默认用户491和组494,即amavis。

9、查看创建的数据库

[root@mail ~]# ls /var/amavis/db/
__db.001  __db.002  __db.003  __db.004  nanny.db  snmp.db

10、启动postfix服务

[root@mail ~]# service postfix start
[root@mail ~]# netstat -tnlp | grep master
tcp        0      0 0.0.0.0:465                 0.0.0.0:*                   LISTEN      32265/master        
tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN      32265/master        
tcp        0      0 127.0.0.1:10025             0.0.0.0:*                   LISTEN      32265/master

可以看到postfix启动了10025端口进程

11、设置开机自动启动

[root@mail ~]# chkconfig spamassassin on
[root@mail ~]# chkconfig clamd on
[root@mail ~]# chkconfig amavisd on

说明:下节进行垃圾和病毒测试。

发表评论