架设防病毒、垃圾邮件网关

12/3/2006来源:Qmail人气:8612

邮件网关是用来做为公司原有服务器之过滤器,它是架设在原有的 服务器之前端,可将广告信和病毒邮件在邮件网关 内做完过滤的动作之后,再把信件传送到原有公司的邮件服务器上,完全不用更改到原本公司内部的那台邮件服务器,如此就可以省去很多不必要的麻烦,安装 邮件网关 必需配合 DNS Server 的设定,要将 MX 记录的第一个记录指向邮件网关,再把MX 记录的第二记录指向原有公司的那台邮件服务器,这样就可以有容错的功能,如果 邮件网关硬件损坏或关机时,邮件还是会传送到原有的邮件服务器而不会遗失。

所需信息:
OS : FreeBSD 6.0 Release
postfix-2.3.2 : /usr/ports/mail/postfix
clamav-0.88 : /usr/ports/security/clamav
uvscan-dat: /usr/ports/secutity/uvscan-dat
vscan: /usr/ports/secutity/vscan
amavis-stats-0.1.12 /usr/ports/security/amavis-stats
amavisd-new-2.4.1 : /usr/ports/security/amavisd-new
邮件网关 ip : 202.104.144.195(假设)
邮件服务器 IP : 202.104.144.196(假设)
域名:test.domain (假设)
安装开始==========〉
新装系统先用cvsup更新ports。
安装 Clamav
#cd /usr/ports/security/clamav
#make install clean
编辑启动档 #vi /etc/rc.conf
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
#cd /usr/local/etc
#cp clamd.conf.default clamd.conf
#cp freshclam.conf.default freshclam.conf
编辑设定档: #vi /usr/local/etc/clamd.conf

LogFile /var/log/clamav/clamd.log
LogFileMaxSize 2M
LogTime
LogSyslog
LogVerbose
PidFile /var/run/clamav/clamd.pid
LocalSocket /var/run/clamav/clamd
StreamSaveToDisk
MaxDirectoryRecursion 15
User clamav
AllowSupplementaryGroups
ScanMail
ScanArchive
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ClamukoScanOnOpen
ClamukoScanOnClose
ClamukoScanOnExec
ClamukoIncludePath /home
ClamukoMaxFileSize 1M
ClamukoScanArchive
安装uvscan
#cd /usr/ports/security/uvscan-dat
#make install clean
# cd /usr/usr/ports/security/vscan
#make install clean
增加定时更新病毒库
#crontab –e
20 0 * * * /usr/local/sbin/update_dat
再加装 Amavisd-new
#cd /usr/ports/security/amavisd-new/
#make install clean
#cp /usr/local/etc/amavisd.conf-sample /usr/local/etc/amavisd.conf
#vi /usr/local/etc/amavisd.conf
****************************************************************
# Section I - Essential daemon and MTA settings

$mydomain = 'test.domain';
$myhostname = 'viruswall.test.domain';
$forward_method = 'smtp:127.0.0.1:10025';
$notify_method = $forward_method;

# Section II - MTA specific
没更改变使用预设

# Section III - Logging
$DO_SYSLOG = 1;
$DO_SYSLOG = 5;

# Section IV - Notifications/DSN, bounce/reject/discard/pass, quarantine

$final_virus_destiny = D_BOUNCE; # (defaults to D_DISCARD)
$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_spam_destiny = D_DISCARD; # (defaults to D_BOUNCE)
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested

# Section V - Per-recipient and per-sender handling, whitelisting, etc.

$virus_admin = "virusalert\@$myhostname";
$spam_admin = "spamalert\@$myhostname";
# Section VI - Resource limits
没更改变使用预设

# Section VII - External PRograms, virus scanners, SpamAssassin

$sa_tag_level_deflt = -999;
$sa_tag2_level_deflt = 10;
$sa_kill_level_deflt = 20;

['ClamAV-clamd', # 开启 clamav 跟 amavisd-new 搭配
\%26amp;ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

# Section VIll - Resource limits

$sa_spam_subject_tag = '***SPAM*** ';
$sa_spam_modifies_subj = 1;
# Section IX - Policy banks (dynamic policy switching)
没更改变使用预设
****************************************************************
新增 log 文件所要使用的目录及改变目录权限:

#mkdir /var/log/amavis
#chown vscan:vscan amavis
#cd amavis
#touch amavis.log
#chown vscan amavis.log
#cd /var
#chown -R vscan:clamav amavis

在最新的AMaVisd-new已经结合了Spamassassin功能,所以只要用 ports安装了 AMaVisd-new,那Spamassassin 也已经安装好了。
添加需要的用户
# pw useradd spam -c "Spam Bayes Learner" -d /var/empty -s /sbin/nologin
# pw useradd notspam -c "Not Spam Bayes Learner" -d /var/empty -s /sbin/nologin
修改/usr/local/etc/mail/spamassassin/local.cf
use_bayes 1
bayes_path /var/amavis/.spamassassin/bayes
auto_learn 1
auto_learn_threshold_nonspam -2
auto_learn_threshold_spam 15

加入 SapmAssassin 的学习设定档:

#vi /var/amavis/.spamassassin/user_prefs
required_hits 5.0

rewrite_subject 1

# Text to prepend to subject if rewrite_subject is used
rewrite_header Subject ****SPAM(_SCORE_)****

# Encapsulate spam in an attachment
report_safe 1

# Use terse version of the spam report # 用精简的方式来回报垃圾给管理者
use_terse_report 1

# Enable the Bayes system # 使用贝氏学习系统
use_bayes 1

# Enable Bayes auto-learning # 开起贝氏自动学习功能

auto_learn 1

# Enable or disable network checks
skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 1

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
# - chinese
ok_languages all
# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales all
# Disabled scores
score HEADER_8BITS 0
score HTML_COMMENT_8BITS 0
score SUBJ_FULL_OF_8BITS 0
score UPPERCASE_25_50 0
score UPPERCASE_50_75 0
score UPPERCASE_75_100 0

#chown vscan:vscan user_prefs

建立自动学习体系
l# vi /usr/local/sbin/my-sa-learn.sh

#!/bin/sh
if [ -e /var/mail/spam ]; then
/usr/local/bin/sa-learn --spam -p /var/amavis/.spamassassin/user_prefs --mbox /var/mail/spam
rm /var/mail/spam > /dev/null
fi
if [ -e /var/mail/notspam ]; then
/usr/local/bin/sa-learn --ham -p /var/amavis/.spamassassin/user_prefs --mbox /var/mail/notspam
rm /va/mail/notspam > /dev/null
fi
# chmod a+x /usr/local/sbin/my-sa-learn.sh
建立学习知识库:
mail# /usr/local/bin/sa-learn --rebuild -p /var/amavis/.spamassassin/user_prefs

加入自动运行:
mail# crontab -e
5 0 * * * /usr/local/sbin/my-sa-learn.sh
编辑启动档 #vi /etc/rc.conf 增加:
amavisd_enable="YES"
spamd_enable="YES"
加装 Postfix MTA

#cd /usr/ports/mail/postfix
#make install # 可以什么选项都不用选,安装过程会有两个需要回答的问题都选 Yes 即可

#vi /usr/local/etc/postfix/master.cf # 注意下面 -o 之前必须要空一格 postfix 才会正常启动

smtp-amavis unix - - n - 2 smtp
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes

#vi /usr/local/etc/postfix/main.cf

myhostname = viruswall.test.domain
mydomain = test.domain
mynetworks = 202.104.144.196/28, 127.0.0.0/8
alias_maps = hash:/usr/local/etc/postfix/aliases
content_filter = smtp-amavis:[127.0.0.1]:10024
relay_domains = $mydestination, test.domain
transport_maps = hash:/usr/local/etc/postfix/transpor

#cd /usr/local/etc/postfix/
#vi aliases
virusalert: admin
spamalert: admin
#vi transport
test.domain smtp:[202.96.144.196]
.test.domain smtp:[202.104.144.196]
viruswall.test.domain local:
localhost.test.domain local:

#postalias aliases
#postmap transport
#postfix start
#postfix reload

#netstat -na |grep LISTEN # 查看 25 , 10024 , 10025 这三个 port 有无 up
tcp4 0 0 127.0.0.1.10025 *.* LISTEN
tcp4 0 0 *.25 *.* LISTEN
tcp4 0 0 127.0.0.1.10024 *.* LISTEN
安装amvis-stats
#cd /usr/ports/secrity/amavis-stats
#make install clean
# cd /usr/local/www/data
# ln -s ../amavis-stats ./
# crontab -e -u amavis
*/5 * * * * /usr/local/sbin/amavis-stats /var/log/maillog 2>%26amp;1 > /dev/null
有关apache2与php4的相关设定就不再啰嗦。
http://viruswall.test.domain/amavis-stats 就可以访问网关服务器拦截病毒与垃圾邮件的成绩图。其中拦截的病毒与垃圾邮件被放置在/var/virusmails里,要定期清理:
#crontab –e

50 23 * * * find /var/virusmails/ -ctime +7 -type f -delete -print |mail -s "Delete Virusmail" [email protected]