1. SpamAssassin 安裝手冊
什麼是 SpamAssassin
SpamAssassin 是一種安裝在郵件伺服主機上的郵件過濾器,用來辨識垃圾信。它是使用大量的預設規則檢查垃圾信,這些規則會檢查寄到您的網域內所有郵件的標頭,內文,以及送信者。他採取的過濾方式是採用記分制,也就是說會根據我們所設定的標準來給予分數超過標準值的時候即判定為 SPAM
2. 安裝設定 SpamAssassin
原始碼2.1: 安裝設定 SpamAssassin
# emerge Mail-SpamAssassin
# nano -w /etc/mail/spamassassin/local.cf
# SpamAssassin config file for version 2.5xM
# generated by http://www.yrex.com/spam/s... (version 1.01)
# How many hits before a message is considered spam.
判定為 spam 所需要的分數
required_hits 5.0
# Whether to change the subject of suspected spam
設定要不要改主旨
rewrite_subject 1
# Text to prepend to subject if rewrite_subject is used
要加在 spam 主旨前面的字
subject_tag *****廣告信*****
# Encapsulate spam in an attachment
將垃圾加在附件後
report_safe 1
# Use terse version of the spam report
用精簡的自動回報垃圾給管理者
use_terse_report 0
# Enable the Bayes system
啟用 Bayes 系統,此系統具有自動學習功能
use_bayes 1
# Enable Bayes auto-learning
開啟自動學習
auto_learn 1
# Enable or disable network checks
skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 1
# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
# - chinese english japanese
ok_languages zh en ja
# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales en ja zh
原始碼2.2: 設定過濾規則
# nano -w /etc/mail/spamassassin/local.cf
score HEADER_8BITS 0
score HTML_COMMENT_8BITS 0
score SUBJ_FULL_OF_8BITS 0
score UPPERCASE_25_50 0
score UPPERCASE_50_75 0
score UPPERCASE_75_100 0
score HEAD_ILLEGAL_CHARS 0
score SUBJ_ILLEGAL_CHARS 0
score FRONTPAGE 0
score HTML_FONTCOLOR_BLUE 0
score HTML_FONTCOLOR_GREEN 0
score HTML_FONTCOLOR_RED 0
score HTML_FONT_BIG 0
score HTML_FONT_FACE_BAD 0
score HTML_MESSAGE 0
score HTTP_ESCAPED_HOST 0
score HTTP_EXCESSIVE_ESCAPES 0
score HTTP_WITH_EMAIL_IN_URL 0
score LINES_OF_YELLING 0
score HTML_00_10 0
score HTML_10_20 0
score HTML_20_30 0
score HTML_30_40 0
score HTML_40_50 0
score HTML_50_60 0
score HTML_60_70 0
score HTML_70_80 0
score HTML_80_90 0
score HTML_90_100 0
score HTML_SHOUTING3 0
score HTML_SHOUTING4 0
score HTML_SHOUTING5 0
score HTML_SHOUTING6 0
score HTML_SHOUTING7 0
score HTML_SHOUTING8 0
score HTML_SHOUTING9 0
score HTML_TABLE_THICK_BORD 0
score HTML_COMMENT_EMAIL 0
score HTML_COMMENT_SHOUTING 0
score HTML_COMMENT_SKY 0
score HTML_COMMENT_8BITS 0
score HTML_COMMENT_SAVED_URL 0
score HTML_EMBEDS 0
score HTML_EVENT 0
score HTML_EVENT_UNSAFE 0
score HTML_FONT_BIG 0
score HTML_FONTCOLOR_UNSAFE 0
score HTML_FONTCOLOR_NAME 0
score HTML_FONT_INVISIBLE 0
score HTML_FONT_LOW_CONTRAST 0
score HTML_FONTCOLOR_GRAY 0
score HTML_FONTCOLOR_RED 0
score HTML_FONTCOLOR_YELLOW 0
score HTML_FONTCOLOR_GREEN 0
score HTML_FONTCOLOR_CYAN 0
score HTML_FONTCOLOR_BLUE 0
score HTML_FONTCOLOR_MAGENTA 0
score HTML_FONTCOLOR_UNKNOWN 0
score HTML_FONT_FACE_BAD 0
score HTML_FONT_FACE_ODD 0
score HTML_FONT_FACE_CAPS 0
score HTML_FORMACTION_MAILTO 0
score HTML_IMAGE_AREA_04 0
score HTML_IMAGE_AREA_05 0
score HTML_IMAGE_AREA_06 0
score HTML_IMAGE_AREA_07 0
score HTML_IMAGE_AREA_08 0
score HTML_IMAGE_AREA_09 0
score HTML_IMAGE_ONLY_02 0
score HTML_IMAGE_ONLY_04 0
score HTML_IMAGE_ONLY_06 0
score HTML_IMAGE_ONLY_08 0
score HTML_IMAGE_ONLY_10 0
score HTML_IMAGE_ONLY_12 0
score HTML_IMAGE_RATIO_02 0
score HTML_IMAGE_RATIO_04 0
score HTML_IMAGE_RATIO_06 0
score HTML_IMAGE_RATIO_08 0
score HTML_IMAGE_RATIO_10 0
score HTML_IMAGE_RATIO_12 0
score HTML_IMAGE_RATIO_14 0
score HTML_JAVASCRIPT 0
score HTML_LINK_PUSH_HERE 0
score HTML_LINK_CLICK_HERE 0
score HTML_LINK_CLICK_CAPS 0
score HTML_RELAYING_FRAME 0
score HTML_WEB_BUGS 0
score HTML_WIN_BLUR 0
score HTML_WIN_FOCUS 0
score HTML_WIN_OPEN 0
score HTML_WITH_BGCOLOR 0
score HTML_TAG_BALANCE_A 0
score HTML_TAG_BALANCE_FONT 0
score HTML_TAG_BALANCE_HTML 0
score HTML_TAG_BALANCE_BODY 0
score HTML_TAG_BALANCE_HEAD 0
score HTML_TAG_BALANCE_TABLE 0
score HTML_TAG_EXISTS_BASE 0
score HTML_TAG_EXISTS_PARAM 0
score HTML_TAG_EXISTS_TBODY 0
score HTML_TITLE_EMPTY 0
score HTML_TITLE_UNTITLED 0
這段是重新定義他的分數設定我是設定 html 的部份,
通通不計分所以通通為 0
接下來我們可以自訂一些規則來做細部的分類
有中文字"取消.*訂閱",則過濾規則成立。
body UNSUBSCRIBE_ZH /取消.*訂閱/
describe UNSUBSCRIBE_ZH Body contain unsubscribe msg in chinese
score UNSUBSCRIBE_ZH 0.5
有中文字"貸款",則過濾規則成立。
body LOAN /貸款/
describe LOAN Body contain unsubscribe msg in chinese
score LOAN 2.0
有中文字"資金週轉",則過濾規則成立。
body REVOLVE /資金週轉/
describe REVOLVE Body contain unsubscribe msg in chinese
score REVOLVE 2.0
body WINDOWOPEN /window\.open\(/i
describe WINDOWOPEN JavaScript: Windows.Open
score WINDOWOPEN 3.5
發信軟體如果為 FoxMail 則過濾規則成立
header FOXMAIL X-Mailer =~ /FoxMail /
describe FOXMAIL Foxmail
score FOXMAIL 3.5
這一行是設定 whitelist,whitelist 的 domain 並不是一定不會被擋
spamassassin 是用積分制的,所以,從 whitelist 設的 domain 寄來的
只是幫他先-100分,等於他的 spam 測出來的數值,要超過 105 ,才會被擋
whitelist_from *@xxx.xxx.xxx
blacklist_from 就是黑名單摟
blacklist_from ofjvzp@msa.hinet.net
3. 修改 Postfix 設定
原始碼3.1: 建立 Filter 的 Script
建立一個新的檔案 /usr/local/sbin/filter.sh
# nano -w /usr/local/sbin/filter.sh
exec /usr/bin/spamc -d 127.0.0.1 -f -p 783 -t 30 -e /usr/sbin/sendmail -i "$@"
新增這行 Spamassassin 檢查的指令,
存檔離開之後記得修改權限使其可以執行
# chmod 755 /usr/local/sbin/filter.sh
原始碼3.2: 修改 Postfix 的 master.cf
# nano -w /etc/postfix/master.cf
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd -o content_filter=postfixfilter加上這一段
接者並在檔案的最下方加入以下兩行
postfixfilter unix - n n - - pipe flags=Rq user=nobody
argv=/usr/local/sbin/filter.sh -f ${sender} -- ${recipient}
argv=/usr/local/sbin/filter.sh 就是剛剛我們建立 filter 檔案的路徑
原始碼3.3: 修改 Postfix 的 main.cf
接者我們要修改main.cf
# nano -w /etc/postfix/main.cf
# The header_checks parameter specifies an optional table with patterns
# that each logical message header is matched against, including
# headers that span multiple physical lines.
#
# By default, these patterns also apply to MIME headers and to the
# headers of attached messages. With older Postfix versions, MIME and
# attached message headers were treated as body text.
#
# For details, see the sample-filter.cf file.
#
#header_checks = regexp:/etc/postfix/header_checks
header_checks = pcre:/etc/postfix/header_checks
在這邊新增一行
接者存檔離開去新增我們剛剛設定的檔案
nano -w /etc/postfix/header_checks
/^X-Spam-Status: No / DISCARD Byebye Spam, we don't like you.
放入這行就可以了
原始碼3.4: 加入到預設的開機啟動程序
# rc-update add spamd default
接者啟動Spamd
# /etc/init.d/spamd start
並且把 Postfix 重新啟動
# /etc/init.d/postfix restart
4. 測試除錯
原始碼4.1: 測試是否有啟動 Spamassassin
# tail -n 50 -f /var/log/messages | grep spamd
即時擷取包含 Spamd 最後50行資訊來驗証
/var/log/messages 是因為筆者使用 Syslog-ng 這套 LOG 程式,讀者可以
依照自己的 LOG 程式去修改自己的檔案位址
同時從外部寄信過來測試,如果出現上述訊息代表您的 Spamassassin
已經正常啟動
Apr 8 12:35:19 www spamd[24055]: processing message <200404080435.MAA28386@ms8.hinet.net> for nobody:65534.
Apr 8 12:35:23 www spamd[24055]: identified spam (7.1/5.0) for nobody:65534 in 3.8 seconds, 2166 bytes.
identified spam (7.1/5.0) 這邊讀者可以注意一下7.1代表該封信的總積分
已經超過標準已被判定為 SPAM 表示您的設定已經正常運作了
|
