| 本月文章推荐 |
Postfix + Clamav + Amavisd-new 在 Red Hat Linux 9 上的安装发表日期:2006-12-3
|
|
Amavisd-new是邮件代理伺服器(MTA)和防毒软件之间的中介程式,搭配其他病毒扫描软件,如Clam Antivirus、Sophos Sweep等,就可以让邮件伺服器过滤含有病毒的邮件。
这套软件的安装比较复杂,因为防毒的需要,涉及到其他很多的模块,类似Rar 、Zip等等,在装Amavisd-new前一定要装好它们; 需要的模块分为两部份,下面分别列出。 一、外部的程式 compress, nomarch (or arc), arj (or unarj), rar (or unrar), zoo, freeze (or unfreeze or melt), 在安装这些模块之前,可以用rpm -ihv来查询一下,你的Linux下面有没有自帶的,如果有,那最好不过了,可以跳过它来安装接下来模块。 如果没有,可以到这个网址上面去下载它的rpm包,网址:http://dag.wieers.com/pack...,下载之后,直接安装它。也可以直接到它们自己的官方网站上下载。 因为compress没有rpm包,只能下载它的tar ball安装档案,所以跟其他的套件的安装方式不同,这里对它进行说明一下: # wget ftp://ftp.warwick.ac.uk/pu... 解压缩到/usr/local/src/compress(你也可以把它解压到你想要的目录里面或者你的~目录里,由你自己选择,这里以 /usr/local/src/compress 为例,没有什么特别的用意,纯属个人喜欢问题) # mkdir /usr/local/src/compress # tar -zxvf compress-4.0.1.tar.gz -C /usr/local/src/compress # cd /usr/local/src/compress # make # make install Ok安装完成。 假设你把以上所需套件都安装全了,我们接着往下进行Clamav相关套件的安装。 二、Clamav的安装 安装clamav-0.88.tar.gz http://www.clamav.net/ # /usr/sbin/groupadd clamav # /usr/sbin/adduser -s /bin/false -c "Amavis User" -d /var/amavis amavis # /usr/sbin/useradd -g clamav -s/bin/false -d/dev/null clamav # wget http://nchc.dl.sourceforge... # tar zxvf clamav-0.88.tar.gz # cd clamav-0.88 # ./configure # make # make install # mkdir /var/log/clamav # chown –c clamav /var/log/clamav # chgrp –c clamav /var/log/clamav # vi /usr/local/etc/clamd.conf ======================================================== #Example 注释掉Example行 LogFile /var/log/clamav/clamd.log LogFileMaxSize 1M LogVerbose LogTime LocalSocket /tmp/clamav.socket PidFile /var/run/clamav/clamd.pid DatabaseDirectory /usr/local/share/clamav MaxDirectoryRecursion 15 User amavis ScanMail ScanArchive ClamukoMaxFileSize 6M ArchiveMaxFileSize 10M ArchiveMaxRecursion 5 ArchiveMaxFiles 1000 ======================================================== # /usr/local/sbin/clamd ##启动 clamd 程序 编辑/usr/local/etc/freshclam.conf # vi /usr/local/etc/freshclam.conf ======================================================== #Example 注释掉Example行 DatabaseDirectory /usr/local/share/clamav UpdateLogFile /var/log/clamav/clamav-update.log LogSyslog LogVerbose DatabaseOwner amavis #Check for updates every two hours. That is the official recommendation Checks 12 DatabaseMirror db.CN.clamav.net DatabaseMirror database.clamav.net NotifyClamd ======================================================== # chown –c amavis /var/log/clamav # chown –c amavis /usr/local/share/clamav # /usr/local/bin/freshclam ## 执行 Clamavs病毒库升级 3. 建立clamd的启动脚本: # vi /etc/init.d/clamd ======================================================== #! /bin/bash # # crond Start/Stop the clam antivirus daemon. # # chkconfig: 2345 90 60 # description: clamdis a standard UNIX program that scans for Viruses. # processname: clamd # config: /usr/local/etc/clamd.conf # pidfile: /var/run/clamav/clamd.pid # Source function library. . /etc/init.d/functions RETVAL=0 # See how we were called. prog="clamd" progdir="/usr/local/sbin" # Source configuration if [ -f /etc/sysconfig/$prog ] ; then . /etc/sysconfig/$prog fi start() { echo -n $"Starting $prog: " daemon $progdir/$prog RETVAL=$? echo [ $RETVAL -eq 0 ] %26amp;%26amp; touch /var/run/clamav/clamd.pid return $RETVAL } stop() { echo -n $"Stopping $prog: " killproc $prog RETVAL=$? echo [ $RETVAL -eq 0 ] %26amp;%26amp; rm -f /var/run/clamav/clamd.pid return $RETVAL } rhstatus() { status clamd } restart() { stop start } reload() { echo -n $"Reloading clam daemon configuration: " killproc clamd -HUP retval=$? echo return $RETVAL } case "$1" in start) start ;; stop) stop ;; restart) restart ;; reload) reload ;; status) rhstatus ;; condrestart) [ -f /var/lock/subsys/clamd ] %26amp;%26amp; restart || : ;; *) echo $"Usage: $0 {start|stop|status|reload|restart|condrestart}" exit 1 esac exit 0 ======================================================== 设置 clamav 为自启动项 # chmod 755 /etc/init.d/clamd # /sbin/chkconfig --add clamd # /sbin/chkconfig clamd on # clamscan -r test 对 test 文件夹进行病毒扫描 三、Perl相关套件的安装 Amavisd-new对Perl的依赖程度相当高,因为它本身大部份都是用Perl写成的包括它的执行档,透过它所需要的Perl模组就可以很清楚地知道了。 官方网站列出它所需的Perl模组,如下: Archive::Tar (Archive-Tar-x.xx) Archive::Zip (Archive-Zip-x.xx) (1.14 or later should be used!) Compress::Zlib (Compress-Zlib-x.xx) Convert::TNEF (Convert-TNEF-x.xx) Convert::UUlib (Convert-UUlib-x.xxx) (stick to the new versions!) MIME::Base64 (MIME-Base64-x.xx) MIME::Parser (MIME-Tools-x.xxxx) (latest version from CPAN - currently 5.415) Mail::Internet (MailTools-1.58 or later have workarounds for Perl 5.8.0 bugs) Net::Server (Net-Server-x.xx) Net::SMTP (libnet-x.xx) (use libnet-1.16 or latter for performance) Digest::MD5 (Digest-MD5-x.xx) IO::Stringy (IO-stringy-x.xxx) Time::HiRes (Time-HiRes-x.xx) (use 1.49 or later, some older cause problems) Unix::Syslog (Unix-Syslog-x.xxx) BerkeleyDB with bdb library 3.2 or later (4.2 or later preferred) 这些是基本的模组,也就是说安装Amavisd-new前必需安装以下的Perl模组,少一个都不行。 我们可以透过Perl的CPAN方式来进行安装,先在终端机视窗里执行下面这条指令。 ( 以下两个源文件安装包至关重要 !!!) # wget http://search.cpan.org/CPA... # tar zxvf Digest-MD5-2.33.tar.gz # cd Digest-MD5-2.33 # export LC_ALL=C # echo ${LC_ALL} C # perl Makefile.PL # make # make install # wget http://search.cpan.org/CPA... # tar zxvf Time-HiRes-1.82.tar.gz # cd Time-HiRes-1.82 # perl Makefile.PL # make # make install # /usr/bin/perl -MCPAN -e shell ## 在安装前确定你的系统语言不是UTF-8 Warning [/etc/inputrc line 11]: Invalid variable `mark-symlinked-directories' cpan shell -- CPAN exploration and modules installation (v1.7601) ReadLine support enabled cpan> 而后安装以上所列出来的模块 cpan> install Archive::Tar cpan> install Archive::Zip cpan> install Compress::Zlib ( 系统已安装,可忽略 ) cpan> install Convert::TNEF cpan> install Convert::UUlib cpan> install MIME::Base64 ( 系统已安装,可忽略 ) cpan> install MIME::Parser ( 系统已安装,可忽略 ) cpan> install Mail::Internet ( 系统已安装,可忽略 ) cpan> install Net::Server cpan> install Net::SMTP cpan> install Digest::MD5 ( 系统已安装,可忽略 ) cpan> install IO::Stringy ( 系统已安装,可忽略 ) cpan> install Time::HiRes ( 系统已安装,可忽略 ) cpan> install Unix::Syslog cpan> install BerkeleyDB cpan> install Digest::SHA1 cpan> install DBI cpan> install DB_File cpan> install Net::DNS cpan> install IP::Country ============ 可选安装项 ====================== cpan> install Mail::SPF::Query ( NOT OK ) cpan> install Razor2 ( skip ) cpan> install Net::Ident ( NOT OK ) cpan> install IO::Socket::INET6 ( skip ) cpan> install IO::Socket::SSL ( skip ) ============ 可选安装项 ====================== cpan> install Mail::SpamAssassin cpan> exit 四、安装与设定Amavisd-new 在安装完需要的套件之后,我们就可以安装Amavisd-new了。 首先在http://www.ijs.si/software...这里下载最新版的Amavisd-new,我这里用的版本是2.3.3, 所以我下载下来的档案是amavisd-new-2.3.3.tar.gz。 我把它解压到了/usr/local/src/,解压前它自动在/usr/local/src里面创建了一个叫做amavisd-new-2.3.3的文件夹, 所有解压出来的文件都放在里面了。 # tar xzvf amavisd-new-2.3.3.tar.gz 接着在它的家目录里,建立四个子目录,在配置Amavisd-new时需要用到它们: # mkdir /var/amavis/tmp /var/amavis/var /var/amavis/db /var/amavis/home 为了系统与套件的安全性,不能让那些普通用户去读写/var/amavis,需要把/var/amavis设定为只有amavis拥有读写权限, 也就是把/var/amavis的拥有者设为amavis即可,执行如下的命令: # chown -R amavis:amavis /var/amavis # chmod -R 750 /var/amavis 假设你现在不在/usr/local/src/amavisd-new-2.3.3下面,我们用下面的命令进到里面去: # cd /usr/local/src/amavisd-new-2.3.3 把里面的amavisd档案复制到/usr/local/sbin里面 # cp amavisd /usr/local/sbin/ 并且为了提高它的安全性,需要设为只有超级管理员才可以读取它,因为这个档案是用Perl写成的,可以用一般的文字编辑器浏览它。 # chown root /usr/local/sbin/amavisd 赋给它可执行的属性 # chmod 755 /usr/local/sbin/amavisd 把Amavisd-new的配置文件amavisd.conf复制到/etc下面,以方便套件在运行时载入它。 # cp amavisd.conf /etc/ 把/etc/amavisd.conf的拥有者设为root # chown root /etc/amavisd.conf 改变它的文件属性 # chmod 644 /etc/amavisd.conf 设置 amavisd 为自启动项 # cp amavisd_init.sh /etc/init.d/amavisd # chmod 744 /etc/init.d/amavisd # /sbin/chkconfig --add amavisd # /sbin/chkconfig amavisd on # vi /etc/init.d/amavisd prog="/usr/local/sbin/amavisd" 创建一个文件夹,用于在amavisd扫描到病毒时,把感染病毒的邮件放进去进行隔离;它也可以用来存贮垃圾邮件。 # mkdir /var/virusmails 改变 /var/virusmails的拥有者 # chown amavis:amavis /var/virusmails 改变 /var/virusmails的属性 # chmod 750 /var/virusmails 现在我们现再来编辑amavisd-new的配置文件,用你习惯的文字编辑器打开 # vi /etc/amavisd.conf ====================================================== $max_servers = 8; $daemon_user = 'amavis'; $daemon_group = 'amavis'; $mydomain = 'test.com'; 设置域名 $MYHOME = '/var/amavis'; $TEMPBASE = "$MYHOME/tmp"; $QUARANTINEDIR = '/var/virusmails'; $db_home = "$MYHOME/db"; $helpers_home = "$MYHOME/var"; $pid_file = "$MYHOME/var/amavisd.pid"; $lock_file = "$MYHOME/var/amavisd.lock"; $inet_socket_port = 10024; $sa_spam_subject_tag = '***SPAM*** '; $notify_method = $forward_method; $forward_method = 'smtp:127.0.0.1:10025'; $final_virus_destiny = D_DISCARD; $final_banned_destiny = D_DISCARD; $final_spam_destiny = D_DISCARD; ( D_DISCARD表示丢弃,D_BOUNCE表示后来弹回信息, D_REJECT表示阻止,D_PASS表示允许通过 ) ['ClamAV-clamd', \%26amp;ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], ======================================================= 到现在为止,这个程式安装的差不多了,现在可以执行它来看看测试信息。如下面指令: # /usr/local/sbin/amavisd -u amavis debug Apr 12 20:20:17 mail.js.act-cn.com /usr/sbin/amavisd[3911]: Net::Server: Parent ready for children. Apr 12 20:20:17 mail.js.act-cn.com /usr/sbin/amavisd[3912]: TIMING [total 113 ms] - bdb-open: 113 (100%), rundown: 0 (0%) Apr 12 20:20:17 mail.js.act-cn.com /usr/sbin/amavisd[3913]: TIMING [total 96 ms] - bdb-open: 96 (100%), rundown: 0 (0%) 出现以上最后面两句信息时,一般来说表示套件安装成功。 启动 clamd 和 amavis # /usr/local/sbin/clamd # /usr/local/sbin/amavisd –u amavis start 用下面的指令来测试: #telnet 127 .0.0.1 10024 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 [127.0.0.1] ESMTP amavisd-new service ready 如果你的终端机里面出现以上信息,那你的这个套件就安装成功了。 五、配置Postfix与Amavisd-new,实现过滤病毒邮件。 用编辑器打开你postfix的master.cf档案,在最后加入下面的语句,你最好用复制的方法,下面的语句贴到你的master.cf档案里,以减小手动输入时产生的错误, 语句如下: smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=40 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks 保存配置文件,退出编辑器,而后再编辑postfix的另外一个配置文件main.cf,在里面增加一句指令,这句指令如下: content_filter=smtp-amavis:[127.0.0.1]:10024 重新载入postfix的配置文件 #/etc/init.d/postfix reload. 执行如下的测试指令 #telnet 127.0.0.1 10025 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 yourhost.example.com ESMTP Postfix quit 221 Bye Connection closed by foreign host. 如果出现了上面的信息就表示程式配置成功,可以使用它了。 如果你还想进一步测式看看你的邮件伺服器是否真的会通过amavisd-new来扫描病毒,就需要执行下面的测试。 测试病毒扫描 使用其他邮件系统用户给该系统的用户发送邮件,包含以下内容: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* 如果这个用户能够收到有病度提示的邮件说明病毒过滤已经成功! 邮件病毒扫描日志将被记录在/var/log/clamav/clamav.log中! -> $ telnet 127.0.0.1 10024 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 [127.0.0.1] ESMTP amavisd-new service ready MAIL FROM: 250 2.1.0 Sender test@example.com OK RCPT TO: 250 2.1.5 Recipient postmaster OK DATA 354 End data with Subject: test1 test1 . *** 250 2.6.0 Ok, id=31859-01, from MTA: 250 Ok: queued as 90B7F16F MAIL FROM: 250 2.1.0 Sender test@example.com OK RCPT TO: 250 2.1.5 Recipient postmaster OK DATA 354 End data with Subject: test2 - virus test pattern X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* . you should get one of the following replies (or similar), depending on the $final_virus_destiny and *virus_lovers* settings in amavisd.conf: *** 550 5.7.1 Message content rejected, id=16968-01 - VIRUS: EICAR-AV-Test *** 250 2.5.0 Ok, but 1 BOUNCE *** 250 2.7.1 Ok, discarded, id=16984-01 - VIRUS: EICAR-AV-Test *** 250 2.6.0 Ok, id=17041-01, from MTA: 250 Ok: queued as 3F1841A5F5 QUIT 221 2.0.0 [127.0.0.1] (amavisd) closing transmission channel Connection closed by foreign host. 如果得到上面的信息,那么恭喜你了,你的病毒扫描程式运行很顺畅。 =============== 给 amavis 打补丁 ======================== # cd /usr/local/src/amavisd-new-2.3.3 # patch -p0 patching file amavisd patching file amavisd.conf-sample amavisd-new-courier.patch 这个补丁的作用是,stop amavis时关闭uvsan.如果不打补丁,当你amavis stop后,10024没有被释放。 再次启动amavis会提示你有程序正在使用10024端口。 ======================================================================================= 六、安装Spamassassin 3.0.3 前面装amavis的时候已经装好了,如果没装,请按如下方式安装 # perl -MCPAN -e shell cpan>; install HTML:Parser cpan>; install DB_File cpan>; install Net:DNS (when prompted to enable tests, choose no) cpan>; install Digest::SHA1 cpan>; install Mail::SpamAssassin # vi /etc/mail/spamassassin/local.cf (修改后不用重新启动 SpamAssassin,立即生效) report_safe 0 use_bayes 1 bayes_path /var/amavisd/.spamassassin/bayes bayes_auto_learn 1 skip_rbl_checks 0 use_razor2 1 use_dcc 1 use_pyzor 1 # 是否能够进行 DNS 查询。直接设定为 yes 将有效加快 amavis 的启动速度 dns_available yes # 检查是否为由内部网络所寄出的信件。 # 若是,则永远不判断为垃圾邮件。(评分减 50 分) # 其中的 example.net 请替换成您的 Domain Name.. header LOCAL_RCVD Received =~ /.*\(\S+\.domain\.com\s+\[.*\]\)/ describe LOCAL_RCVD Received from local machine score LOCAL_RCVD -50 # 垃圾邮件计分规则 score DCC_CHECK 4.000 score SPF_FAIL 10.000 score SPF_HELO_FAIL 10.000 score RAZOR2_CHECK 2.500 score BAYES_99 4.300 score BAYES_90 3.500 score BAYES_80 3.000 新建文件/var/amavisd/.spamassassin/user_prefs # touch /var/amavis/.spamassassin/user_prefs 检查local.cf语法 # spamassassin --lint bayes(计划中) 启动spamd # /usr/bin/spamd --daemonize --pidfile /var/run/spamd.pid 下载中文垃圾垃圾邮件过滤规则Chinese_rules.cf # wget -N -P /usr/share/spamassassin www.ccert.edu.cn/spam/sa/C... # ps –ef | grep spamd 察看spamd进程的PID,然后 # kill -HUP PID #!/bin/sh # # Startup / shutdown script for SpamAssassin daemon case "$1" in start) /usr/bin/spamd -d -v -u vpopmail -F 0 %26amp;%26amp; echo -n 'spamd' ;; stop) spamdpid=`ps -ax | grep spamd | grep -v grep | grep -v sh | awk '{ print $1 }'` if [ "$spamdpid" != "" ]; then kill $spamdpid > /dev/null 2>%26amp;1 echo -n " spamd" fi ;; *) echo "Usage: `basename $0` {start|stop}" >%26amp;2 ;; esac exit 0 自动更新中文垃圾垃圾邮件过滤规则 # vi /etc/crontab (加一行) 0 0 1 * * root wget -N -P /usr/share/spamassassin www.ccert.edu.cn/spam/sa/C... -HUP `cat /var/run/spamd.pid` 测试病毒扫描 使用其他邮件系统用户给该系统的用户发送邮件,包含以下内容: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* 如果这个用户能够收到有病度提示的邮件说明病毒过滤已经成功! 邮件病毒扫描日志将被记录在/var/log/clamav/clamav.log中! 测试垃圾邮件扫描 使用其他邮件系统用户给该系统的用户发送邮件,包含以下内容: XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X 然后查看邮件日志看看,发出的邮件是否被BOUNCE或DISCARD了 建立maildrop过滤脚本(如果你使用amavisd-new来对spamassassin进行操作的话,跳过该项) # vi /etc/maildroprc if ( $SIZE < 26144 ) { exception { xfilter "/usr/bin/spamassassin" } } if (/^X-Spam-Flag: *YES/) { exception { to "$HOME$DEFAULT/.Spam/" } } else { exception { to "$HOME$DEFAULT" } } |
| 上一篇:E-Mail服务器为什么变慢了?
人气:2861 下一篇:Clamav + Amavisd-new + Spamassassin 系统设置说明 人气:4177 |
| 浏览全部Qmail/Sendmail/Postf的内容
Dreamweaver插件下载 网页广告代码 祝你圣诞节快乐 2009年新年快乐 |
