2
----
CentOS6.4+LAMP+Postfix+Dovecot+Postfixadmin+Roundcubemail to build an enterprise mail server (2)
Outline
12. Install and configure virus scanning and spam filtering
12. Install and configure virus scanning and spam filtering
1. Install amavisd-new, clamav and spamassassin
[root@mail ~]# yum install -y amavisd-new clamav clamav-devel clamd spamassassin
Explain that amavisd-new, clamav and spamassassin can be installed from the RPMForge software repository. Think about the manual installation of perl modules back then. Installing dozens of modules one by one is called a bitter B. Hey, now you can install it directly with yum , That's a cool one!
2. View amavisd-new, clamav and spamassassin boot automatically
[root@mail ~]# chkconfig --list | grep "amavisd\|clamd\|spamassassin" amavisd 0:off 1:off 2:on 3:on 4:on 5:on 6:off clamd 0:off 1:off 2:on 3:on 4:on 5:on 6:off spamassassin 0:off 1:off 2:off 3:off 4:off 5:off 6:off [root@mail ~]#
As you can see, spamassassin is a service that stops and does not start. It is because amavisd-new uses spamassassin directly as a module, so there is no need for a daemon process. Naturally, it does not need to be started, hehe!
3. Modify SpamAssassin configuration file
SpamAssassin, as a module of amavisd-new, requires special configuration, just install it, but you can also customize it by modifying [root@mail ~]# vim /etc/mail/spamassassin/local.cf # These values can be overridden by editing ~/.spamassassin/user_prefs.cf # (see spamassassin(1) for details) # These should be safe assumptions and allow for simple visual sifting # without risking lost emails. required_hits 5 report_safe 0 rewrite_header Subject [SPAM]
I just list it here for everyone to see, and bloggers who need it can modify it by themselves, I will not modify it here!
4. Modify the ClamAV configuration file /etc/clamd.conf
Explain that the settings of ClamAV are stored in /etc/clamd.conf. We modify the /etc/clamd.conf configuration file to let ClamAV know that Amavisd-new will use the local UNIX port to communicate with it instead of using the tcp port. Communicate with it!
[root@mail ~]# vim /etc/clamd.conf #Use local communication LocalSocket /var/run/clamav/clamd.sock #Comment out the TCP communication port #TCPSocket 3310
5. Modify the Amavisd-new configuration file /etc/amavisd.conf
(1). Stop checking virus domain spam by removing the comments in the following lines (because the following lines are commented out by default, viruses and spam are activated by default in the preset)
[root@mail ~]# vim /etc/amavisd.con # @bypass_virus_checks_maps = (1); # controls running of anti-virus code # @bypass_spam_checks_maps = (1); # controls running of anti-spam code # $bypass_decode_parts = 1; # controls running of decoders&dearchivers
(2). Then you can see the following lines
$max_servers = 2; # num of pre-forked children (2..30 is common), -m $daemon_user = "amavis"; # (no default; customary: vscan or amavis), -u $daemon_group = "amavis"; # (no default; customary: vscan or amavis), -g $inet_socket_port = 10024; # listen on this local TCP port(s) # $notify_method = 'smtp:[127.0.0.1]:10025'; # $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter!
Description,
$max_servers sets the number of Amavisd-new processes to be executed synchronously, and it must match the maxproc of the amavisfeed service in /etc/postfix/master.cf
$daemon_user and $daemon_group should be used to match Amavisd-new users and groups
$inet_socket_port defines which tcp port Amavisd-new will accept connections from Postfix on
$notify_method and $forward_method define the way Amavisd-new reinjects mail into Postfix
(3). The following items must be modified
$mydomain ='free.com'; # here is free.com domain $MYHOME = '/var/amavis'; $helpers_home = "$MYHOME/var"; $lock_file = "$MYHOME/var/amavisd.lock"; $pid_file = "$MYHOME/var/amavisd.pid"; $myhostname ='mail.free.com'; # here is the mail.free.com host
(4). The following is the SpamAssassin setting to replace the default SpamAssassin setting
$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level $sa_kill_level_deflt = 6.9; # triggers spam evasive actions (e.g. blocks mail) $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent $sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From # $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off $penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn database) $penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam $bounce_killer_score = 100; # spam score points to add for joe-jobbed bounces $sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger $sa_local_tests_only = 0; # only tests which do not require internet access?
Explain, you don’t need to modify it by default, but you have to know them and their meaning, which can help us set up spam easily.
$sa_tag_level_deflt Specify the level at which Amavisd-new starts to write spam information headers such as X-Spam-Flag, X-Spam-Score, X-Spam-Status, etc. If you want to add information headers to all emails, please add This value is set to -999
$sa_tag2_level_deflt Specify which level starts to tag them in the header of spam emails
$sa_kill_level_deflt Specify which level Amavisd-new starts to intercept and detain emails. This is very useful, because SpamAssassin does not do this by default.
$sa_dsn_cutoff_level Specify the level from which the notification of failure to send will not be sent to the sender. Since the addresses of most spam senders are forged, it is most reasonable not to send notifications of failures for obvious spam, otherwise you will only exacerbate the problem of reverse distribution.
$sa_quarantine_cutoff_level Specify which level starts without detaining spam. This option is commented out by default, which means that all emails will be detained
(5). Below is the email address for sending notifications (the default is the administrator's mailbox, and the mailbox for receiving spam notifications)
$virus_admin = "virusalert\@$mydomain"; # notifications recip. $mailfrom_notify_admin = "virusalert\@$mydomain"; # notifications sender $mailfrom_notify_recip = "virusalert\@$mydomain"; # notifications sender $mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender
change into,
$virus_admin = "postmaster\@$mydomain"; # notifications recip. $mailfrom_notify_admin = "postmaster\@$mydomain"; # notifications sender $mailfrom_notify_recip = "postmaster\@$mydomain"; # notifications sender $mailfrom_notify_spamadmin = "postmaster\@$mydomain"; # notifications sender
(6). Setting the part of ClamAV
# ### http://www.clamav.net/ #['ClamAV-clamd', # \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"], # qr/\bOK$/m, qr/\bFOUND$/m, # qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
change into,
#Remove the relevant comments
# ### http://www.clamav.net/ ['ClamAV-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"], qr/\bOK$/m, qr/\bFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
Note that the setting of /var/run/clamav/clamd.sock must be consistent with the LocalSocket /var/run/clamav/clamd.sock setting we entered in /etc/clamd.conf previously.
6. Modify the Postfix configuration file
(1). Modify /etc/postfix/master.cf
[root@mail ~]# vim /etc/postfix/master.cf # ========================================================================== # # service type private unpriv chroot wakeup maxproc command + args # # (yes) (yes) (yes) (never) (100) # # ========================================================================== # # amavisfeed unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o smtp_tls_note_starttls_offer=no -o disable_dns_lookups=yes -o max_use=20
Note, please note that the value 2 in the maxproc column must be consistent with the $max_servers setting in /etc/amavisd.conf. For a detailed explanation of each option, please refer to the Amavisd-new document (vim /usr/share/doc/amavisd-new-2.8.0/README.postfix). Then we define a dedicated service to re-inject mail into Postfix. To this end, we add an smtp service that is monitored on the tcp 10025 port of localhost (127.0.0.1) (the default value of /etc/amavisd.conf) in /etc/postfix/master.cf:
# ========================================================================== # # service type private unpriv chroot wakeup maxproc command + args # # (yes) (yes) (yes) (never) (100) # # ========================================================================== 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings -o local_header_rewrite_clients= -o smtpd_milters= -o local_recipient_maps=
note,There must be no spaces before the first line of the above two items, otherwise an error will occur! ! !
(2). Modify /etc/postfix/main.cf to add the following settings to enable mail filtering
[root@mail ~]# vim /etc/postfix/main.cf #filter mail content_filter = amavisfeed:[127.0.0.1]:10024
(3). Restart the postfix service
[root@mail ~]# service postfix restart Shutting down postfix: [ OK ] Starting postfix: [ OK ]
7. Start the clamd and amavisd services:
[root@mail ~]# service clamd start Starting Clam AntiVirus Daemon: LibClamAV Warning: ************************************************** LibClamAV Warning: *** The virus database is older than 7 days! *** LibClamAV Warning: *** Please update it as soon as possible. *** LibClamAV Warning: ************************************************** [ OK ] [root@mail ~]# service amavisd start Starting Mail Virus Scanner (amavisd): [ OK ] [root@mail ~]#
9. Test
(1). Use telnet to test that the service amavisd is listening on 127.0.0.1:10024
[root@mail ~]# telnet localhost 10024 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 [127.0.0.1] ESMTP amavisd-new service ready ehlo free.com 250-[127.0.0.1] 250-VRFY 250-PIPELINING 250-SIZE 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250 XFORWARD NAME ADDR PORT PROTO HELO IDENT SOURCE quit 221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel Connection closed by foreign host. [root@mail ~]#
(2). Test that the smtpd of Postfix is listening on 127.0.0.1:10025
[root@mail ~]# telnet localhost 10025 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 mail.free.com ESMTP Postfix ehlo free.com 250-mail.free.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN CRAM-MD5 250-AUTH=PLAIN LOGIN CRAM-MD5 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN quit 221 2.0.0 Bye Connection closed by foreign host. [root@mail ~]
(3). Spam test
[root@mail ~]# cd /usr/share/doc/spamassassin-3.3.1/ [root@mail spamassassin-3.3.1]# sendmail test@free.com < sample-spam.txt [root@mail spamassassin-3.3.1]# tail -f /var/log/maillog Jul 11 09:15:46 mail postfix/cleanup[17529]: 6AB1E23776: message-id=<GTUBE1.1010101@example.net> Jul 11 09:15:46 mail postfix/qmgr[17492]: 6AB1E23776: from=<root@free.com>, size=1657, nrcpt=1 (queue active) Jul 11 09:15:46 mail amavis[17520]: (17520-01) Passed SPAM {RelayedTaggedInbound,Quarantined}, <root@free.com> -> <test@free.com>, quarantine: spam-rnWvh9AXIRB2.gz, Message-ID: <GTUBE1.1010101@example.net>, mail_id: rnWvh9AXIRB2, Hits: 1005.069, size: 933, queued_as: 6AB1E23776, 2403 ms Jul 11 09:15:46 mail postfix/smtp[17533]: D927923774: to=<test@free.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.7, delays=0.21/0.07/0.02/2.4, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6AB1E23776)\
---