基于Postfix+sasl+courier-imap+courier-authlib+clamav+slockd+amavisd邮件系统配置安装笔记(二)
转载请保留版权:http://piao2010.com 谢谢!
**************************
************************
垃圾邮件过滤病毒防护部分
************************
**************************
groupadd amavis
groupadd clamav
useradd amavis -g amavis
useradd clamav -g clamav
./configure –prefix=/usr/local/clamav –with-dbdir=/usr/local/share/clamav –disable-zlib-vcheck –sysconfdir=/etc/clamav
make
make install
mkdir /var/log/clamav
chown -R amavis:amavis /var/log/clamav
chown -R amavis.amavis /usr/local/share/clamav
mkdir /var/run/clamav
chmod 700 /var/run/clamav
chown amavis.amavis /var/run/clamav
mv /etc/clamav/freshclam.conf /etc/clamav/freshclam.conf.old
vi /etc/clamav/freshclam.conf
DatabaseDirectory /usr/local/share/clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose yes
LogSyslog yes
LogFacility LOG_MAIL
PidFile /var/run/freshclam.pid
DatabaseOwner amavis
DatabaseMirror db.CN.clamav.net
DatabaseMirror database.clamav.net
DatabaseMirror database.clamav.net
mv /etc/clamav/clamd.conf /etc/clamav/clamd.conf.old
LogFile /var/log/clamav/clamd.log
LogSyslog yes
LogFacility LOG_MAIL
LogVerbose yes
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /usr/local/share/clamav
LocalSocket /var/run/clamav/clamd.socket
StreamMaxLength 20M
User amavis
ScanELF yes
ScanPDF yes
ScanMail yes
PhishingSignatures yes
新版本0.952无以下两个文件,建议使用0.95以下版本
cp contrib/init/RedHat/clamd /etc/rc.d/init.d/clamd
cp contrib/init/RedHat/clamav-milter /etc/rc.d/init.d/clamav-milter
chkconfig –add clamd
chkconfig –add clamav-milter
chkconfig –level 2345 clamd on
chkconfig –level 2345 clamav-milter on
echo “/usr/local/clamav/lib” >> /etc/ld.so.conf
ldconfig -v | grep clamav
vi /etc/rc.d/init.d/clamd
progdir=”/usr/local/clamav/sbin”
service clamd start
/usr/local/clamav/bin/freshclam
vi /etc/crontab
37 * * * * /usr/local/clamav/bin/freshclam
mkdir -p /var/amavis /var/amavis/tmp /var/amavis/var /var/amavis/db
chown -R amavis:amavis /var/amavis
chmod -R 750 /var/amavis
cp amavisd /usr/local/sbin/
chown root /usr/local/sbin/amavisd
chmod 755 /usr/local/sbin/amavisd
cp amavisd.conf /etc/
chown root /etc/amavisd.conf
chmod 644 /etc/amavisd.conf
mkdir /var/virusmails
chown amavis:amavis /var/virusmails
chmod 750 /var/virusmails
vi /etc/amavisd.conf
max_servers=8;
$daemon_user = ‘amavis’;
$daemon_group = ‘amavis’;
$mydomain = ‘hacker-piao.cn’; ###自己的域名
report_safe 0
$db_home = “$MYHOME/db”;
$inet_socket_port = 10024;
$sa_tag_level_deflt = 4; ###超过这个分数标准者,才视为垃圾邮件打分
$sa_tag2_level_deflt = 6.3; ###超过这个分数标准者,才允许在邮件标题加入Spam标记
$sa_kill_level_deflt = 10; ###超过这个分数标准者删除
$virus_admin = “virusalert@$mydomain”;
$sa_spam_subject_tag = ‘*SPAM* ‘;
$notify_method = $forward_method;
$forward_method = ’smtp:127.0.0.1:10025′;
$final_virus_destiny = D_DISCARD; ###检测到病毒时的动作,D_DISCARD: 信件将被丢弃,并且不会告知收件人及发件人
$final_banned_destiny = D_BOUNCE; ###检测到受禁止的内容时的动作,D_BOUNCE: 信件不会发送给收件人但会通知发件人邮件没有被投递
$final_spam_destiny = D_PASS; ####检测到垃圾邮件时的动作D_PASS:无论信件是否有问题,都会将信件发给收件人
$final_bad_header_destiny = D_DISCARD; ###检测到不良信件时的动作D_REJECT: 邮件不会被投递给收件人,但会通知发件人邮件被拒绝
$sa_mail_body_size_limit = 200*1024; ### 超过某個特定大小的邮件就不经过 SpamAssassin 的扫描
read_hash(%whitelist_sender, ‘/var/amavis/whitelist’); ###白名单vi /var/amavis/whitelist
read_hash(%blacklist_sender, ‘/var/amavis/blacklist’); ###黑名单 vi /var/amavis/blacklist
read_hash(%spam_lovers, ‘/var/amavis/spam_lovers’); ###不检测列表中的地址
$virus_admin = “postmaster@$mydomain”; # notifications recip.
$mailfrom_notify_admin = “postmaster@$mydomain”; # notifications sender
$mailfrom_notify_recip = “postmaster@$mydomain”; # notifications sender
$mailfrom_notify_spamadmin = “postmaster@$mydomain”; # notifications sender
$mailfrom_to_quarantine = ”; # null return path; uses original sender if undef
['ClamAV-clamd',
&ask_daemon, ["CONTSCAN {}n", "/var/run/clamav/clamd.socket"],
qr/bOK$/, qr/bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
测试启动
/usr/local/sbin/amavisd debug
肯定会报错,根据提示下载安装相应模块,下载网站http://search.cpan.org/,安装某一模块的过程中可能又会提示需要另一模块,需要什么就安装什么,目录一级一级深入,安装完成后一级一级返回,这样不容易把自己弄晕了。操作很简单:wget,tar zxf,perl Make.PL,make,make install如此不断重复
安装N多的模块以后终于OK!大概是30个左右吧,具体我自己也记不清楚了!
vi /etc/mail/spamassassin/local.cf
# These values can be overridden by editing ~/.spamassassin/user_prefs.cf
# (see spamassassin(1) for details)
# These should be safe assumptions and allow for simple visual sifting
# without risking lost emails.
required_hits 10.0
report_safe 1
rewrite_header Subject [SPAM]
required_hits 10.0
rewrite_subject 1
use_bayes 1
bayes_auto_learn 1
skip_rbl_checks 1
use_razor2 0
use_pyzor 0
ok_locales all
spamassassin -d –lint
/usr/bin/spamd -d
wget -N -P /usr/share/spamassassin www.ccert.edu.cn/spam/sa/Chinese_rules.cf
/usr/bin/crontab -e
0 0 1 * * wget -N -P /usr/share/spamassassin www.ccert.edu.cn/spam/sa/Chinese_rules.cf;/usr/local/sbin/amavisdstop;/usr/local/sbin/amavisd start
echo “/usr/local/sbin/amavisd” >> /etc/rc.local
echo “/usr/bin/spamd -d” >> /etc/rc.local
/usr/local/sbin/amavisd
vi /etc/postfix/main.cf
################################Amavis Start(if need delete following line #)#####################
content_filter = amavisfeed:[127.0.0.1]:10024
max_use=10
receive_override_options = no_address_mappings
################################Amavis END###########################
vi /etc/postfix/main.cf
################################Amavis Start(if need delete following line #)#####################
amavisfeed unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o local_header_rewrite_clients=
################################Amavis END###########################
一定要注意-o前面必须有一个空格,否则会报错的。
如果需要增强垃圾邮件过滤功能还可以安装slockd
解压缩复制全部的文件到/usr/local/slockd目录下
vi /usr/local/slockd/config/main.cf
# uncomment the following line if you need to daemonize
setsid 1
## logging
log_file /var/log/slockd.log
然后执行
/usr/local/slockd/slockd-init start
会监听10030端口
vi /etc/postfix/main.cf
将 check_policy_service inet:127.0.0.1:10030 这一行记录增加到smtpd_recipient_restrictions 里
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
check_policy_service inet:127.0.0.1:10030
echo “/usr/local/slockd/slockd-init start” >> /etc/rc.d/rc.local
全部开机自动启动项目:
service httpd start
service mysqld start
postfix start
service courier-authlib start
service courier-imapd start
service clamd start
service clamav-milter start
/usr/bin/spamd -d
/usr/local/sbin/amavisd
/usr/local/slockd/slockd-init start#这个根据需要处理
至此全部软件安装配置完成,有一点小小的成就感啊,嘿嘿!
有什么问题可以和我一起交流!email:hacker-piao@163.com
