2

Outline

12. Install and configure virus scanning and spam filtering

12. Install and configure virus scanning and spam filtering

1. Install amavisd-new, clamav and spamassassin

[root@mail ~]# yum install -y  amavisd-new clamav clamav-devel clamd spamassassin

Explain that amavisd-new, clamav and spamassassin can be installed from the RPMForge software repository. Think about the manual installation of perl modules back then. Installing dozens of modules one by one is called a bitter B. Hey, now you can install it directly with yum , That's a cool one!

2. View amavisd-new, clamav and spamassassin boot automatically

[root@mail ~]# chkconfig --list | grep "amavisd\|clamd\|spamassassin"   amavisd         0:off   1:off   2:on    3:on    4:on    5:on    6:off    clamd           0:off   1:off   2:on    3:on    4:on    5:on    6:off    spamassassin    0:off   1:off   2:off   3:off   4:off   5:off   6:off    [root@mail ~]#

As you can see, spamassassin is a service that stops and does not start. It is because amavisd-new uses spamassassin directly as a module, so there is no need for a daemon process. Naturally, it does not need to be started, hehe!

3. Modify SpamAssassin configuration file

SpamAssassin, as a module of amavisd-new, requires special configuration, just install it, but you can also customize it by modifying [root@mail ~]# vim /etc/mail/spamassassin/local.cf # These values can be overridden by editing ~/.spamassassin/user_prefs.cf    # (see spamassassin(1) for details) # These should be safe assumptions and allow for simple visual sifting   # without risking lost emails. required_hits 5   report_safe 0    rewrite_header Subject [SPAM]

I just list it here for everyone to see, and bloggers who need it can modify it by themselves, I will not modify it here!

4. Modify the ClamAV configuration file /etc/clamd.conf

Explain that the settings of ClamAV are stored in /etc/clamd.conf. We modify the /etc/clamd.conf configuration file to let ClamAV know that Amavisd-new will use the local UNIX port to communicate with it instead of using the tcp port. Communicate with it!

[root@mail ~]# vim /etc/clamd.conf  #Use local communication LocalSocket /var/run/clamav/clamd.sock  #Comment out the TCP communication port #TCPSocket 3310

5. Modify the Amavisd-new configuration file /etc/amavisd.conf

(1). Stop checking virus domain spam by removing the comments in the following lines (because the following lines are commented out by default, viruses and spam are activated by default in the preset)

[root@mail ~]# vim /etc/amavisd.con # @bypass_virus_checks_maps = (1);  # controls running of anti-virus code   # @bypass_spam_checks_maps  = (1);  # controls running of anti-spam code    # $bypass_decode_parts = 1;         # controls running of decoders&dearchivers

(2). Then you can see the following lines

$max_servers = 2;            # num of pre-forked children (2..30 is common), -m   $daemon_user  = "amavis";     # (no default;  customary: vscan or amavis), -u    $daemon_group = "amavis";     # (no default;  customary: vscan or amavis), -g    $inet_socket_port = 10024;   # listen on this local TCP port(s) # $notify_method  = 'smtp:[127.0.0.1]:10025';   # $forward_method = 'smtp:[127.0.0.1]:10025';  # set to undef with milter!

Description,

$max_servers sets the number of Amavisd-new processes to be executed synchronously, and it must match the maxproc of the amavisfeed service in /etc/postfix/master.cf

$daemon_user and $daemon_group should be used to match Amavisd-new users and groups

$inet_socket_port defines which tcp port Amavisd-new will accept connections from Postfix on

$notify_method and $forward_method define the way Amavisd-new reinjects mail into Postfix

(3). The following items must be modified

$mydomain ='free.com'; # here is free.com domain               $MYHOME = '/var/amavis';                    $helpers_home = "$MYHOME/var";              $lock_file = "$MYHOME/var/amavisd.lock";    $pid_file  = "$MYHOME/var/amavisd.pid";     $myhostname ='mail.free.com'; # here is the mail.free.com host

(4). The following is the SpamAssassin setting to replace the default SpamAssassin setting

$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level   $sa_tag2_level_deflt = 6.2;  # add 'spam detected' headers at that level    $sa_kill_level_deflt = 6.9;  # triggers spam evasive actions (e.g. blocks mail)    $sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent    $sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From    # $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off    $penpals_bonus_score = 8;    # (no effect without a @storage_sql_dsn database)    $penpals_threshold_high = $sa_kill_level_deflt;  # don't waste time on hi spam    $bounce_killer_score = 100;  # spam score points to add for joe-jobbed bounces $sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger   $sa_local_tests_only = 0;    # only tests which do not require internet access?

Explain, you don’t need to modify it by default, but you have to know them and their meaning, which can help us set up spam easily.

$sa_tag_level_deflt Specify the level at which Amavisd-new starts to write spam information headers such as X-Spam-Flag, X-Spam-Score, X-Spam-Status, etc. If you want to add information headers to all emails, please add This value is set to -999

$sa_tag2_level_deflt Specify which level starts to tag them in the header of spam emails

$sa_kill_level_deflt Specify which level Amavisd-new starts to intercept and detain emails. This is very useful, because SpamAssassin does not do this by default.

$sa_dsn_cutoff_level Specify the level from which the notification of failure to send will not be sent to the sender. Since the addresses of most spam senders are forged, it is most reasonable not to send notifications of failures for obvious spam, otherwise you will only exacerbate the problem of reverse distribution.

$sa_quarantine_cutoff_level Specify which level starts without detaining spam. This option is commented out by default, which means that all emails will be detained

(5). Below is the email address for sending notifications (the default is the administrator's mailbox, and the mailbox for receiving spam notifications)

$virus_admin               = "virusalert\@$mydomain";  # notifications recip.   $mailfrom_notify_admin     = "virusalert\@$mydomain";  # notifications sender    $mailfrom_notify_recip     = "virusalert\@$mydomain";  # notifications sender    $mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender

change into,

$virus_admin               = "postmaster\@$mydomain";  # notifications recip.   $mailfrom_notify_admin     = "postmaster\@$mydomain";  # notifications sender    $mailfrom_notify_recip     = "postmaster\@$mydomain";  # notifications sender    $mailfrom_notify_spamadmin = "postmaster\@$mydomain"; # notifications sender

(6). Setting the part of ClamAV

# ### http://www.clamav.net/ #['ClamAV-clamd',    #  \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],    #  qr/\bOK$/m, qr/\bFOUND$/m,    #  qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],

change into,

#Remove the relevant comments

# ### http://www.clamav.net/  ['ClamAV-clamd',       \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],       qr/\bOK$/m, qr/\bFOUND$/m,    qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],

Note that the setting of /var/run/clamav/clamd.sock must be consistent with the LocalSocket /var/run/clamav/clamd.sock setting we entered in /etc/clamd.conf previously.

6. Modify the Postfix configuration file

(1). Modify /etc/postfix/master.cf

[root@mail ~]# vim /etc/postfix/master.cf # ==========================================================================   # # service type  private unpriv  chroot  wakeup  maxproc command + args    # #               (yes)   (yes)   (yes)   (never) (100)    # # ==========================================================================    # #    amavisfeed unix    -       -       n       -       2     smtp                -o smtp_data_done_timeout=1200                -o smtp_send_xforward_command=yes                -o smtp_tls_note_starttls_offer=no                -o disable_dns_lookups=yes                -o max_use=20

Note, please note that the value 2 in the maxproc column must be consistent with the $max_servers setting in /etc/amavisd.conf. For a detailed explanation of each option, please refer to the Amavisd-new document (vim /usr/share/doc/amavisd-new-2.8.0/README.postfix). Then we define a dedicated service to re-inject mail into Postfix. To this end, we add an smtp service that is monitored on the tcp 10025 port of localhost (127.0.0.1) (the default value of /etc/amavisd.conf) in /etc/postfix/master.cf:

# ==========================================================================  # # service type  private unpriv  chroot  wakeup  maxproc command + args   # #               (yes)   (yes)   (yes)   (never) (100)   # # ==========================================================================   127.0.0.1:10025 inet n    -       n       -       -     smtpd               -o content_filter=               -o smtpd_delay_reject=no               -o smtpd_client_restrictions=permit_mynetworks,reject               -o smtpd_helo_restrictions=               -o smtpd_sender_restrictions=               -o smtpd_recipient_restrictions=permit_mynetworks,reject               -o smtpd_data_restrictions=reject_unauth_pipelining               -o smtpd_end_of_data_restrictions=               -o smtpd_restriction_classes=               -o mynetworks=127.0.0.0/8               -o smtpd_error_sleep_time=0               -o smtpd_soft_error_limit=1001             -o smtpd_hard_error_limit=1000              -o smtpd_client_connection_count_limit=0               -o smtpd_client_connection_rate_limit=0               -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings               -o local_header_rewrite_clients=               -o smtpd_milters=               -o local_recipient_maps=

note,There must be no spaces before the first line of the above two items, otherwise an error will occur! ! !

(2). Modify /etc/postfix/main.cf to add the following settings to enable mail filtering

[root@mail ~]# vim /etc/postfix/main.cf #filter mail content_filter = amavisfeed:[127.0.0.1]:10024

(3). Restart the postfix service

[root@mail ~]# service postfix restart   Shutting down postfix:                                     [  OK  ]    Starting postfix:                                          [  OK  ]

7. Start the clamd and amavisd services:

[root@mail ~]# service clamd start   Starting Clam AntiVirus Daemon: LibClamAV Warning: **************************************************    LibClamAV Warning: ***  The virus database is older than 7 days!  ***    LibClamAV Warning: ***   Please update it as soon as possible.    ***    LibClamAV Warning: **************************************************                                                              [  OK  ] [root@mail ~]# service amavisd start   Starting Mail Virus Scanner (amavisd):                     [  OK  ]    [root@mail ~]#

9. Test

(1). Use telnet to test that the service amavisd is listening on 127.0.0.1:10024

[root@mail ~]# telnet localhost 10024   Trying ::1...    telnet: connect to address ::1: Connection refused    Trying 127.0.0.1...    Connected to localhost.    Escape character is '^]'.    220 [127.0.0.1] ESMTP amavisd-new service ready    ehlo free.com    250-[127.0.0.1]    250-VRFY    250-PIPELINING    250-SIZE    250-ENHANCEDSTATUSCODES    250-8BITMIME    250-DSN    250 XFORWARD NAME ADDR PORT PROTO HELO IDENT SOURCE    quit    221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel    Connection closed by foreign host.    [root@mail ~]#

(2). Test that the smtpd of Postfix is ​​listening on 127.0.0.1:10025

[root@mail ~]# telnet localhost 10025   Trying ::1...    telnet: connect to address ::1: Connection refused    Trying 127.0.0.1...    Connected to localhost.    Escape character is '^]'.    220 mail.free.com ESMTP Postfix    ehlo free.com   250-mail.free.com    250-PIPELINING    250-SIZE 10240000    250-VRFY    250-ETRN    250-AUTH PLAIN LOGIN CRAM-MD5    250-AUTH=PLAIN LOGIN CRAM-MD5    250-ENHANCEDSTATUSCODES    250-8BITMIME    250 DSN    quit    221 2.0.0 Bye    Connection closed by foreign host.    [root@mail ~]

(3). Spam test

[root@mail ~]#  cd /usr/share/doc/spamassassin-3.3.1/  [root@mail spamassassin-3.3.1]# sendmail test@free.com < sample-spam.txt       [root@mail spamassassin-3.3.1]# tail -f /var/log/maillog    Jul 11 09:15:46 mail postfix/cleanup[17529]: 6AB1E23776: message-id=<GTUBE1.1010101@example.net>    Jul 11 09:15:46 mail postfix/qmgr[17492]: 6AB1E23776: from=<root@free.com>, size=1657, nrcpt=1 (queue active)    Jul 11 09:15:46 mail amavis[17520]: (17520-01) Passed SPAM {RelayedTaggedInbound,Quarantined}, <root@free.com> -> <test@free.com>, quarantine: spam-rnWvh9AXIRB2.gz, Message-ID: <GTUBE1.1010101@example.net>, mail_id: rnWvh9AXIRB2, Hits: 1005.069, size: 933, queued_as: 6AB1E23776, 2403 ms    Jul 11 09:15:46 mail postfix/smtp[17533]: D927923774: to=<test@free.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.7, delays=0.21/0.07/0.02/2.4, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6AB1E23776)\