软件环境:
操作系统(OS) ubuntu 开源系统
邮件传输代理(MTA) Postfix 使用最新版本2.5.1
数据库/目录服务 MySQL 可选openLDAP或NetScape LDAP,本文以MySQL为蓝本
邮件投递代理(MDA) maildrop 支持过滤和强大功能
Web帐户管理后台 ExtMan 支持无限域名、无限用户
POP3 服务器 Courier-IMAP 只使用pop3部分,对于大部分企业而言完全足够
WebMail 系统 ExtMail 支持多语言、全部模板化,功能基本齐全
防病毒软件 Anti-Virus ClamAV 最热门的开源杀毒软件
SMTP阶段反垃圾邮件工具 Spam Locker 基于SMTP行为识别的Antispam软件,大量可选插件
内容过滤器 Amavisd-new Content-Filter软件,支持与clamav/sa的挂接
内容级别的反垃圾邮件工具 SpamAssassin 著名的SA,可以支持大量规则,但速度慢
SMTP认证库 Cyrus SASL 标准的SASL实现库,可以支持Courier authlib
其他数据认证库 Courier Authlib authlib是maildrop, courier-imap等服务的关键部件
日志分析及显示 mailgraph_ext 在ExtMan中已经包含了
以上的软件到ubuntu源上大部分的都找得到 extmail,extman,spam loocker可以到http://www.extmail.org/cgi-bin/download.cgi去下载最近的版本
好了垃圾话不多说了,现在我们开始我们的试验了:
首先我们把系统装好,我的主机名为mail.extmail.org,装上中文语言,升级系统,使用root权限登录到系统.
我们要装“LAMP” 注:apache2,php5,mysql,phpmyadmin
打开终端,执行
出来的界面和使用新立得是一样的,我在这里选“LAMP Server”,"OpenSSH Server","Samba file server",你们可以按自己要求来选择,将光标移动到你要安装的软件,按“空格”选定。在安装过程中会让你输入"Mysql"的密码。安装完后,我们还要安装phpmyadmin来管理mysql.
sudo apt-get install phpmyadmin
在安装“phpmyadmin”的过程中它会出现“Configure database for phpmyadmin with
dbconfig-common?”,我们选“否”.打开“火狐”,在地址中输入“localhost/phpmyadmin”出现phpmyadmin
的介面说明你成功了。
前面一步,我装了“openssh server”远程管理服务。我配置了“基于RSA key登陆”,这样更安全点。
sudo ssh-keygen -t rsa
生成公有/私有RSA密匙对。
进入保证密匙的文件(/home/b/.ssh/id_rsa):
进入passphrase(empty for no passphrase):
再次进入同一passphrase:
你的验证文件保存在/home/b/.ssh/id_rsa.
你的公有密匙保存在 /home/b/.ssh/id_rsa.pub.
接下来修改apache2的配置文件。
sudo gedit /etc/apache2/apache2.conf
我们来安装 ZendOptimizerV3.3.3ForLinux.gz 它是一个PHP优化工具,不装也无所谓。我下载后把它放到了“opt”文件下,将它解压。进入文件
cd /opt/ZendOptimizer-3.3.3-linux-glibc23-i386
echo phpinfo();
?>
上面工作做完后,接下来我们来安装postfix courier sasl等:
apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl phpmyadmin apache2 libapache2-mod-fastcgi libfcgi-perl libapache2-mod-php5 php5 php5-mysql build-essential libtool libnet-server-perl libnet-cidr-perl libberkeleydb-perl arc zoo lzop liblzo1 libstdc++5 libgd-gd2-perl libfile-tail-perl libdigest-sha1-perl libdigest-HMAC-perl libnet-ip-perl libnet-dns-perl libhtml-tagset-perl libhtml-parser-perl libio-stringy-perl libio-multiplex-perl libio-socket-ssl-perl libio-zlib-perl libnet-ssleay-perl libunix-syslog-perl libtimedate-perl libmailtools-perl libconvert-binhex-perl libconvert-tnef-perl libconvert-uulib-perl libcompress-zlib-perl libarchive-zip-perl libarchive-tar-perl perl-suid apache2-suexec你会被询问以下问题:
Create directories for web-based administration?
下载extmail,并修改配置
我用的是ExtMail 1.1.0.tar.gz和ExtMan 1.0.0.tar.gz
注:如果打算使用默认用户vu修改uid和gid 由于程序中默认使用的为vuser:vgroup,其uid:gid为1000:1000。而当前采用了一个新建用户vmail,所以需修改程序中的所有相关参数,具体操作如下:
chown -R vmail:vmail /var/www/extsuite/extmail/cgi/修改/var/www/extsuite/extmail/webmail.cf里的其他参数,主要变动的内容见下:
gedit webmail.cf
gedit ../extman/webman.cf
SYS_CAPTCHA_ON = 0 //用于关闭后台登录时的验证码
gedit tools/adminctl.pl
--setgid=vmail
--setuid=vmail
gedit tools/userctl.pl
--setgid=vmail
--setuid=vmail
gedit tools/aliasctl.pl
--setgid=vmail
--setuid=vmail
gedit tools/domainctl.pl
--setgid=vmail
--setuid=vmail
注:这上面实际上都是把vuser改成vmail,vgroup改成vmail.
gedit contrib/passwd2ext.pl
my $sock = '/var/run/mysqld/mysqld.sock';
my $uid = '1000';
my $gid = '1000';
gedit libs/Ext/Mgr/LDAP.pm
uidNumber => $opt{uidnumber} || '1000', //349行
gidNumber => $opt{gidnumber} || '1000', //350行
U
uidNumber => $opt{uidnumber} || '1000', //541行
gidNumber => $opt{gidnumber} || '1000', //542行
gedit docs/init.ldif
uidNumber: 1000
gidNumber: 1000
gedit /var/www/extsuite/extman/docs/init.sql
修改18行中的uid和gid
INSERT INTO `mailbox` VALUES
('postmaster@extmail.org','postmaster','$1$phz1mRrj$3ok6BjeaoJYWDBsEPZb5C0','','PostMaster','','extmail.org/postmaster/Maildir/','extmail.org/postmaster','104857600S','52428800S','extmail.org',1000,1000,'2007-02-14
15:10:04','2010-11-08',1,0,0,0,0,0,0,0,'my question', 'my
answer');
gedit /var/www/extsuite/extman/docs/extmail.sql
修改uid和gid
CREATE TABLE mailbox (
U
U
129行 uidnumber int(6) NOT NULL default '1000',
130行 gidnumber int(6) NOT NULL default '1000',
U)
到此,vmail用户组修改完毕。
数据库初始化
执行以下命令导入mysql数据库结构及初始化数据,注意必须逐行输入以下命令.
if [ ! -d /tmp/extman ]; then
mkdir /tmp/extman
chown -R vmail:vmail /tmp/extman
fi
注:linux系统有个tmpwatch工具,该工具会定期扫描/tmp/下的文件,如果这些文件很久都没被使用,将被删除,因此如果后台长期不使用, /tmp/extman目录有可能被tmpwatch删除,所以要么定期登陆后台,要么修改 webman.cf将临时目录修改到另一个地方。此处暂以/tmp/extman默认值为例。
建立上边导入mysql的postmaster@extmail.org帐户的Maildir,请输入如下命令:
cd /var/www/extsuite/extman/tools
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc
package for
# information on enabling SSL in the smtp client.
mydomain = extmail.org
myhostname = mail.$mydomain
myorigin = $mydomain
mydestination = mail.$mydomain, localhost.$mydomain, localhost
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
relayhost =
mynetworks = 127.0.0.1
message_size_limit = 102400000
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
######### virtual config############
virtual_alias_domains =
virtual_alias_maps =
mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains =
mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps =
mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_limit_maps =
mysql:/etc/postfix/mysql_virtual_limit_maps.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_overquota_bounce = yes
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the your Maildir has
overdrawn your diskspace quota, please free up some of spaces of
your mailbox try again.
proxy_read_maps = $local_recipient_maps $mydestination
$virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps
$virtual_mailbox_domains $relay_recipient_maps $relay_domains
$canonical_maps $sender_canonical_maps $recipient_canonical_maps
$relocated_maps $transport_maps $mynetworks
$virtual_mailbox_limit_maps
接下来是Apache2配置:
我们可以新建一个站点,如果你的服务器,只是做邮件服务器,你可以直接修改默认的配置文件,不过修改前,还是要备份一下。
Alias /extmail/cgi/ /var/www/extsuite/extmail/dispatch.fcgi/
Alias /extmail /var/www/extsuite/extmail/html/
ScriptAlias /extman/cgi/ /var/www/extsuite/extman/cgi/
Alias /extman/ /var/www/extsuite/extman/html/
Alias /phpmyadmin /var/www/extsuite/phpmyadmin/
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
User vmail
Group vmail
如果没有意外将启动10个dispatch.fcgi守护进程,可以通过以下命令将启动命令加到rc.local中,实现自启动:
echo "/var/www/extsuite/extmail/dispatch-init start" >> /etc/rc.local/etc/init.d/apache2 restart
访问页面
http://localhost/extman/cgi/index.cgi关于在"apache2"里添加user,group后"phpmyadmin"打开显示为一片空白的解决办法:
删除/etc/apache2/conf.d/phpmyadmin 这个重定向的文件。
chown -R vmail:vmail /etc/phpmyadmin
SMTP认证
1.更改saslauthd2. 创建文件/etc/pam.d/smtp
gedit /etc/pam.d/smtp
内容如下:
auth required pam_mysql.so user=extmail passwd=extmail host=127.0.0.1 db=extmail table=mailbox usercolumn=username passwdcolumn=password crypt=1
3.由于postfix处于chroot,要想调用到saslauthd 必须更改socket文件
mkdir -p /var/spool/postfix/var/run/saslauthd创建smtpd.conf,并且内容如下:
pwcheck_method:saslauthd4.更改main.cf 文件
gedit /etc/postfix/main.cf
###########SMTP AUTH config###############
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_optiOns= noanonymous
###########smtpd related config############
smtpd_recipient_restrictiOns= permit_mynetworks,
permit_sasl_authenticated, reject_sender_login_mismatch,
reject_unknown_sender_domain, reject_non_fqdn_hostname,
reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_unknown_recipient_domain, reject_unauth_destination,
reject_unauth_pipelining, reject_invalid_hostname,
check_recipient_maps
添加用户
adduser postfix sasl5.重启postfix saslauthd
/etc/init.d/postfix restart
POP验证
gedit /etc/courier/authdaemonrc
cp /etc/courier/authmysqlrc /etc/courier/authmysqlrc_orig
cat /dev/null > /etc/courier/authmysqlrc
gedit /etc/courier/authmysqlrc
配置Courier-IMAP
编辑/etc/courier/imapd修改下面参数
MAILDIRPATH=/home/vmail/
重新启动
/etc/init.d/courier-authdaemon restart
/etc/init.d/courier-imap restart
/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop restart
/etc/init.d/courier-pop-ssl restart
测试Courier-Authlib是否能成功连接mysql
authtest -s login
postmaster@extmail.org
extmail
如果成功应该有如下显示
Authentication succeeded.
Authenticated:
postmaster@extmail.org
(uid 1000, gid 1000)
Home Directory: /home/vmail/extmail.org/postmaster
Maildir: /home/vmail/extmail.org/postmaster/Maildir/
Quota: 104857600S
Encrypted Password: $1$phz1mRrj$3ok6BjeaoJYWDBsEPZb5C0
Cleartext Password: extmail
Options:disablesmtpd=0,disablesmtp=0,disablewebmail=0,disablenetdisk=0,disableimap=0,disablepop3=0,netdiskquota=52428800S
如果出现error请检查数据库连接,分析mail.log。 一般都是input/output
Tips: chown daemon:vmail /var/run/courier/authdaemon 可能避免错误
测试pop3
telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK Hello there.
user
postmaster@extmail.org
如果出现问题请仔细分析日志
MDA配置
概念:MDA mail deliver
agent其实就是邮件投递代理,postfix本身有很多邮件投递代理,由于我们的环境虚拟域所以可以使用postfix自己的virtual
这个代理,但是它必须创建一个用户来执行投递操作,main.cf中有记录象这样:
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000
virtual_transport = virtual
下面介绍另一种MDA maildrop
安装Maildrop
apt-get install maildrop
hostname 127.0.0.1
port 3306
database extmail
dbuser extmail
dbpw extmail
dbtable mailbox
default_uidnumber 1000
default_gidnumber 1000
uidnumber_field uidnumber
gidnumber_field gidnumber
uid_field username
homedirectory_field concat('/home/vmail/',homedir,'/')
maildir_field concat('/home/vmail/',maildir)
quota_field quota
mailstatus_field active
修改/etc/maildroprc
gedit /etc/maildroprc
logfile "/var/log/maildrop.log"
手动创建日志
gedit /var/log/maildrop.log内容为下面:
/var/log/maildrop.log {
daily
notifempty
missingok
rotate 5
compress
create 766 vmail vmail
sharedscripts
}
support@example.com
Your mailbox on the server is now more than 90% full. So that
you can continue
to receive mail you need to remove some messages from your
mailbox.
图形日志extmail
apt-get install mailgraph
修改/usr/local/mailgraph_ext/mailgraph-init为:
MAIL_LOG=/var/log/mail.log
Jun 1 14:19:58 mail postfix/qmgr[12930]: C969234426:
from=
Jun 1 14:19:58 mail postfix/pipe[12939]: C969234426:
to=
Jun 1 14:19:58 mail postfix/cleanup[12938]: 192FF34447:
message-id=<20090601061958.192FF34447@mail.extmail.org>
Jun 1 14:19:58 mail postfix/qmgr[12930]: 192FF34447: from=<>,
size=2194, nrcpt=1 (queue active)
Jun 1 14:19:58 mail postfix/bounce[12941]: C969234426: sender
non-delivery notification: 192FF34447
Jun 1 14:19:58 mail postfix/qmgr[12930]: C969234426: removed
Jun 1 14:19:59 mail postfix/smtpd[12934]: disconnect from
mail.extmail.org[127.0.0.1]
上面的错误说我没有"authdaemon"的权限,我是这样做的
chmod 755 /var/run/courier/authdaemon这下可以了,但是重启之后发现,authdaemon的权限又改会来了,日~~~~
我又在/etc/rc.local下把这个加了上去chmod 755 /var/run/courier/authdaemon
让它开机后自动执行,完工
到此,本系统基本上是安装完毕了。
下面我们来学习,反垃圾邮件,和反病毒
sudo apt-get install amavisd-new spamassassin clamav clamav-daemon clamtk
里面内容为这样:
use strict;
# You can modify this file to re-enable SPAM checking through
spamassassin
# and to re-enable antivirus checking.
#
# Default antivirus checking mode
# Uncomment the two lines below to enable it back
#
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl,
\$bypass_virus_checks_re);
#
# Default SPAM checking mode
# Uncomment the two lines below to enable it back
#
@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl,
\$bypass_spam_checks_re);
1; # ensure a defined return
修改
/etc/amavis/conf.d/20-debian_defaults
将:$final_spam_destiny = D_PASS;
改成
$final_spam_destiny = D_DISCARD;
并重启这两个服务:
/etc/init.d/amavis restart
/etc/init.d/clamav-daemon restart
/etc/init.d/clamav-freshclam restart
然后,修改 /etc/postfix/main.cf,增加:
#### amavis config #####修改 /etc/postfix/master.cf,增加:
smtp-amavis unix - - - - 2 smtp
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictiOns=permit_mynetworks,reject
-o smtpd_helo_restrictiOns=
-o smtpd_sender_restrictiOns=
-o smtpd_recipient_restrictiOns=permit_mynetworks,reject
-o smtpd_data_restrictiOns=reject_unauth_pipelining
-o smtpd_end_of_data_restrictiOns=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o
receive_override_optiOns=no_header_body_checks,no_unknown_recipient_checks
root@mail:~# netstat -tap
激活Internet连接 (服务器和已建立连接的)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program
name
tcp 0 0 mail.extmail.org:10024 *:* LISTEN 2519/amavisd (maste
tcp 0 0 mail.extmail.org:10025 *:* LISTEN 3375/master
tcp 0 0 mail.extmail.org:mysql *:* LISTEN 2598/mysqld
tcp 0 0 mail.extmail.org:10030 *:* LISTEN 2703/slockd (master
tcp 0 0 mail.extmail.org:spamd *:* LISTEN 2713/spamd.pid
tcp 0 0 *:www *:* LISTEN 3949/apache2
tcp 0 0 *:ssh *:* LISTEN 2481/sshd
tcp 0 0 mail.extmail.org:ipp *:* LISTEN 3691/cupsd
tcp 0 0 mail.extmail.org:8888 *:* LISTEN 4017/dispatch.fcgi
tcp 0 0 *:smtp *:* LISTEN 3375/master
tcp 1 1 mail.local:47076 tx-in-f113.google.c:www LAST_ACK -
tcp6 0 0 [::]:imaps [::]:* LISTEN 3225/couriertcpd
tcp6 0 0 [::]:pop3s [::]:* LISTEN 3273/couriertcpd
tcp6 0 0 [::]:netbios-ssn [::]:* LISTEN 3407/smbd
tcp6 0 0 [::]:pop3 [::]:* LISTEN 3246/couriertcpd
tcp6 0 0 [::]:imap2 [::]:* LISTEN 3198/couriertcpd
tcp6 0 0 [::]:ssh [::]:* LISTEN 2481/sshd
tcp6 0 0 localhost:ipp [::]:* LISTEN 3691/cupsd
tcp6 0 0 [::]:microsoft-ds [::]:* LISTEN 3407/smbd
root@mail:~#
出现上面 “10024”,“10025”,字样说明amavis安装成功接下来我们来做反垃圾。
接下来就是spamassassin的配置了:
因为DCC不在我们软件库中我们要执行下面的操作
cd /tmp
wget
http://launchpadlibrarian.net/11564361/ ... 5_i386.deb
http://launchpadlibrarian.net/11564359/ ... 5_i386.deb
1所需套件
* 2简介
* 3设定SpamAssassin
* 4设定SpamAssassin和Postfix搭配使用
* 4.1 spamd/spamd模式(一般作法)
* 4.2利用Amavisd-new来呼叫SpamAssassin(建议做法)
* 5测试SpamAssassin
* 6其它
所需套件
spamassassin (sa)
简介
SpamAssassin
(SA)是利用Perl来进行文字分析以达到过滤垃圾邮件之目的。它的判断方式是藉由评分方式-若这封邮件符合某种特征,则加以评分。若总得分高于某项标准,则判定为垃圾邮件。
为了应用于高负载之服务器上,它也提供了spamc/spamd这组以Client/Server为架构之程式,如此可以有效降低SpamAssassin对系统资源的需求。但Debian预设上并不会启用这个服务。
而我们还可以替而使用Amavisd-new来呼叫SpamAssassin,也就是让Amavisd-new肩负扫毒及过滤垃圾邮件的重责。而在本人的系统中,这个方法比起使用spamc/spamd的做法快上了非常多,所以建议采用这种作法。
设定SpamAssassin
修改/etc/mail/spamassassin/local.cf如下,这是SpamAssassin的配置文件:
(详细设定请参考man Mail::SpamAssassin::Conf)
(修改/etc/mail/spamassassin/local.cf后会即时生效,用不着重新启动SpamAssassin。)
# This is the right place to customize your installation of
SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can
be
# tweaked.
#
##################################################
#########################
#
# rewrite_subject 0
# report_safe 1
# trusted_networks 212.17.35.
#得分多少以上就会被判定为垃圾邮件
required_hits 5.0
#绝不会被判定为垃圾邮件之列表,即白名单
#请自行加以增删修改!
whitelist_from tetralet@localhost
whitelist_from *@virtual.com
score USER_IN_BLACKLIST 20.00
score USER_IN_WHITELIST -1200.0
#在垃圾邮件上之标题上加上注记
rewrite_subject 1
#要如何处理垃圾邮件。因为邮件还会经过防毒程式的处理,所以必须设定为0。
# 0:将资讯写入邮件表头。
# 1:将垃圾邮件转为附件。
# 2:将垃圾邮件转为纯文字附件。
report_safe 0
#在处理垃圾邮件时,在邮件档头是否不加注详细原因?
use_terse_report 0
rewrite_header Subject ****SPAM****
#是否使用Bayesian
use_bayes 1
# Bayesian之资料库位置
bayes_path /var/lib/amavis/.spamassassin/bayes
#是否启用Bayesian自动学习功能?
auto_learn 1
#略过RBLs之检查
skip_rbl_checks 0
#是否使用Razor version 2
use_razor2 1
#是否使用DCC (Distributed Checksum Clearinghouse)
use_dcc 1
#是否使用Pyzor
use_pyzor 1
#是否在邮件表头中加入DCC资讯
dcc_add_header 1
#是否能够进行DNS查询。直接设定为yes将有效加快amavis的启动速度。
#设定值:(yes|no|test)
dns_available yes
#检查是否为由内部网路所寄出的信件。
#若是,则永远不判断为垃圾邮件。 (评分减50分)
#其中的example.net请替换成您的Domain Name...
header LOCAL_RCVD Received =~
/.*\(\S+\.example\.net\s+\[.*\]\)/
describe LOCAL_RCVD Received from local machine
score LOCAL_RCVD -50
#一些自订的规则
body WINDOWOPEN /window\.open\(/i
describe WINDOWOPEN Javascript. Windows.Open
score WINDOWOPEN 3.5
#垃圾邮件计分规则。
## Optional Score Increases
score DCC_CHECK 4.000
score RAZOR2_CHECK 2.500
score BAYES_99 4.300
score BAYES_90 3.500
score BAYES_80 3.000
# Disabled scores #防止中文主旨和中文收件者误判,建议再加上下列几行
score HEADER_8BITS 0
score HTML_COMMENT_8BITS 0
score SUBJ_FULL_OF_8BITS 0
score UPPERCASE_25_50 0
score UPPERCASE_50_75 0
score UPPERCASE_75_100 0
# local domain from but ip not match #网域和ip不符,疑似为垃圾信件
header __FROM_TEATIME Received =~ /from 4wei.us/i
header __FROM_TEATIME_IP Received =~ /\[88\.88\.88\.20\]/
meta FROM_TEATIME_BUT_IP_ERROR (__FROM_TEATIME)
describe FROM_TEATIME_BUT_IP_ERROR From 4wei.us but ip not
match
score FROM_TEATIME_BUT_IP_ERROR 8
设定SpamAssassin和Postfix搭配使用
Postfix与外部过滤程序的通讯有两种方式:基于命令的过滤(即以下所说的"一般做法"),以及基于守护进程的过滤(即以下的"建议做法")。
对于前者,Postfix每处理一封邮件,过滤命令就被启动一次,并且过滤程序还必须调用一次Sendmail,将完成过滤的邮件送回Postfix,所以运算成本比较高。
相对于实时地启动外部过滤程序,基于守护进程的过滤显然在I/O与CPU使用方面比较经济,不必每处理一封邮件就多创建一个新的进程,并且基于守护进程的过滤与Postfix之间的交互架构也比较先进,双方使用标准的SMTP或LMTP协议交换邮件。
=== spamd/spamd模式(一般做法)===
修改/etc/default/spamassassin,将其中的ENABLED=0改为ENABLED=1,以启动spamd:
# /etc/default/spamd.conf
# Duncan Findlay
# WARNING read README.spamd before using. THERE ARE SECURITY RISKS!
# Change to one to enable spamd
ENABLED = 1
# Options
# See man spamd for possible options. The -d option is
automatically added.
OPTIOnS="-c -m 10 -a -H"
# Set nice level of spamd
#NICE="--nicelevel 15"
注:也可以在此使用-u参数来指定启用SpamAssassin Daemon的帐号, 但由于SpamAssassin Daemon会su成Client帐号来过滤垃圾邮件, 因而并无此必要...
修改/etc/postfix/master.cf如下,告知Postfix使用SpamAssassin来扫描邮件内容:(其中的spamassassin字串可以自订)
(上略)
# =================================================
=========================
# service type private unpriv chroot wakeup maxproc command +
args
# (yes) (yes) (yes) (never) (100)
# =================================================
=========================
smtp inet n - n - - smtpd -v
-o content_filter=spamassassin
(下略)
并再修改/etc/postfix/master.cf,加入以下内容:
(在此是设定spamassassin的内容。详细参数请参考man spamc及man sendmail之说明。)
注意,一般是以nobody身份来启动SpamAssassin,但在此例中是以amavis的身份来呼叫SpamAssassin的!
spamassassin unix - n n - - pipe
flags=Rq user=amavis argv=/usr/bin/spamc -d 127.0.0.1 -f -p 783 -t
30 -e /usr/sbin/sendmail -oi -f ${sender} -- ${recipient}
因为,若以nobody身份来启动SpamAssassin时,往往会因为nobody的Home Directory不存在,因而在/var/log/mail.log中将出现类似以下的错误讯息:
Oct 30 13:21:47 qemu spamd[788]: info: setuid to nobody
succeeded
Oct 30 13:21:47 qemu spamd[788]: Creating default_prefs
[/nonexistent/.spamassassin/user_prefs]
Oct 30 13:21:47 qemu spamd[788]: Cannot write to
/nonexistent/.spamassassin/user_prefs: No such file or
directory
Oct 30 13:21:47 qemu spamd[788]: Couldn't create readable
default_prefs for [/nonexistent/.spamassassin/user_prefs]
所以改由以amavis身份来启动SpamAssassin。
修改完毕后,使用以下指令来启动SpamAssassin并重新启动Postfix:
/etc/init.d/spamassassin start
/etc/init.d/postfix restart
在预设上,spamd会监听783这个Port。
另外,SpamAssassin可以使用sa-learn指令来学习新的垃圾邮件规则,请参考AntiSpam with Bayesian
Classifier一章之说明。
===利用Amavisd-new来呼叫SpamAssassin(建议做法)===
我们可以替而使用Amavisd-new来呼叫SpamAssassin,也就是让Amavisd-new肩负扫毒及过滤垃圾邮件的重责。而在本人的系统中,这个方法比起使用spamc/spamd的做法快上了非常多,所以建议采用这种作法。
请修改/etc/amavis/amavisd.conf如下:
(注:/etc/amavis/amavisd.conf的内容很大,以下只节录必须修改的项目)
#在@bypass_spam_checks_acl = qw( .
);前加上注解,让Amavisd-new启动SpamAssassin
# Any setting can be changed with a new assignment, so make
sure
# you do not unintentionally override these settings further
down!
# @bypass_spam_checks_acl = qw( . ); # No default dependency
#不要移去SpamAssassin所加入的Headers,但似乎是没有作用?
#$remove_existing_spam_headers = 0; # leave existing X-Spam*
headers alone
$remove_existing_spam_headers = 0; # remove existing spam headers
if
# spam scanning is enabled (default)
#让SpamAssassin可以和外部连线
# $sa_local_tests_only is passed to Mail::SpamAssassin::new as a
value
# of the option local_tests_only. See Mail::SpamAssassin man
page.
# If set to 1, SA tests are restricted to local tests only, ie no
tests
# that require internet access will be performed.
#
$sa_local_tests_Only= 0; # (default: false)
#启用自动的White List
$sa_auto_whitelist = 1; # turn on AWL (default: false)
#设定White List
#注意:在/etc/spamassassin/local.cf所设定的将失去效用!
map { $whitelist_sender{lc($_)}=1 } (qw(
tetralet@example.net
#或指定为某个档案。注意:这些档案必须存在,否则Amavisd-new将无法启动!
read_hash(\%whitelist_sender, '/var/lib/amavis/whitelist');
#指定黑名单
read_hash(\%blacklist_sender, '/var/lib/amavis/blacklist');
#若收件人名列其中,则不进行垃圾邮件检测
read_hash(\%spam_lovers, '/var/lib/amavis/spam_lovers');
#超过某个特定大小的邮件可以不经过SpamAssassin的扫瞄
$sa_mail_body_size_limit = 150*1024; # don't waste time
#设定评分规则。
# default values, can be overridden by more specific lookups, eg
SQL
#超过这个标准者,就在邮件标头加入Spam资讯
$sa_tag_level_deflt = 4.0; # add spam info headers if at, or above
that level
#超过这个标准者,就直接视为垃圾邮件
$sa_tag2_level_deflt = 6.3; # add 'spam detected' headers at that
level
#超过这个标准者,就直接将信件备份后删除。
$sa_kill_level_deflt = 10 ; # triggers spam evasive actions
# at or above that level: bounce/reject/drop,
# quarantine, and adding mail address extension
#启用SpamAssassin的Debug。在正式上线时请记得去掉!
# Turn on SpamAssassin debugging (output to STDERR, use with
'amavisd debug')
$sa_debug = 1; # defaults to false
然后重新启动Amavisd-new即可。
若因任何原因而无法启动Amavisd-new,可以使用以下指令来进行Debug:
amavisd-new debug-sa
测试SpamAssassin
在安装SpamAssassin时,也同时会附上测试用的Spam范例档。您可以用以下指令来测试SpamAssassin是否能够正确运作了:
spamassassin -t <
/usr/share/doc/spamassassin/examples/sample-spam.txt
寄封测试用的垃圾邮件吧:
# telnet 127.0.0.1 25
Connected to 127.0.0.1.
Escape character is '^]'.
220 qemu ESMTP Postfix (Debian/GNU)
MAIL FROM:
250 Ok
RCPT TO:
250 Ok
DATA
354 End data with
Subject: Test spam mail (GTUBE)
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
.
250 Ok: queued as 0C3E9C906B
quit
221 Bye
Connection closed by foreign host.
看看这封邮件是否真的被判定为垃圾邮件了:
From
tetralet@mail.org
Fri Oct 22 16:50:46 2004
Return-Path:
X-Original-To:
tetralet@virtual.com
tetralet@virtual.com
tetralet@mail.org
http://razor.sf.net/
">http://razor.sf.net/)
* -100 USER_IN_WHITELIST From: address is in the user's
white-list
* 3.3 MSGID_FROM_MTA_SHORT Message-Id was added by a relay
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
如果一切没问题,那就大功告成
注: 上面的是别人写的,下面我会放出我的local.cf配置文件出来,供给大家参考。
为 SpamAssassin 添加过滤规则
接下来我们需要下载一些过滤规则,创建 /usr/local/sbin/sa_rules_update.sh
内容为:
#!/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
# export http_proxy=http://your.proxy.server
cd /usr/share/spamassassin/ &> /dev/null && /usr/bin/wget
http://www.rulesemporium.com/rules/71_s ... re3.0.0.cf
-O 71_sare_redirect_pre3.0.0.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.rulesemporium.com/rules/70_s ... son_nxm.cf
-O 70_sare_bayes_poison_nxm.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.rulesemporium.com/rules/70_sare_html.cf
-O 70_sare_html.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.rulesemporium.com/rules/70_sare_html4.cf
-O 70_sare_html4.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.rulesemporium.com/rules/70_sare_html_x30.cf
-O 70_sare_html_x30.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.rulesemporium.com/rules/70_sare_header0.cf
-O 70_sare_header0.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.rulesemporium.com/rules/70_sare_header3.cf
-O 70_sare_header3.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.rulesemporium.com/rules/70_s ... der_x30.cf
-O 70_sare_header_x30.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.rulesemporium.com/rules/70_sare_specific.cf
-O 70_sare_specific.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.rulesemporium.com/rules/70_sare_adult.cf
-O 70_sare_adult.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.rulesemporium.com/rules/72_s ... post25x.cf
-O 72_sare_bml_post25x.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.rulesemporium.com/rules/99_s ... post25x.cf
-O 99_sare_fraud_post25x.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.rulesemporium.com/rules/70_sare_spoof.cf
-O 70_sare_spoof.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.rulesemporium.com/rules/70_sare_random.cf
-O 70_sare_random.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.rulesemporium.com/rules/70_sare_oem.cf
-O 70_sare_oem.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.rulesemporium.com/rules/70_sare_genlsubj0.cf
-O 70_sare_genlsubj0.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.rulesemporium.com/rules/70_sare_genlsubj3.cf
-O 70_sare_genlsubj3.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.rulesemporium.com/rules/70_s ... ubj_x30.cf
-O 70_sare_genlsubj_x30.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.rulesemporium.com/rules/70_sare_unsub.cf
-O 70_sare_unsub.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.rulesemporium.com/rules/70_sare_uri.cf
-O 70_sare_uri.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://mywebpages.comcast.net/mkettler/sa/antidrug.cf
-O antidrug.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.timj.co.uk/linux/bogus-virus-warnings.cf
-O bogus-virus-warnings.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.yackley.org/sa-rules/evilnumbers.cf
-O evilnumbers.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.stearns.org/sa-blacklist/random.current.cf
-O random.current.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.rulesemporium.com/rules/88_FVGT_body.cf
-O 88_FVGT_body.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.rulesemporium.com/rules/88_FVGT_rawbody.cf
-O 88_FVGT_rawbody.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.rulesemporium.com/rules/88_FVGT_subject.cf
-O 88_FVGT_subject.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.rulesemporium.com/rules/88_FVGT_headers.cf
-O 88_FVGT_headers.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.rulesemporium.com/rules/88_FVGT_uri.cf
-O 88_FVGT_uri.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.rulesemporium.com/rules/99_FVGT_Tripwire.cf
-O 99_FVGT_Tripwire.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.rulesemporium.com/rules/99_FVGT_meta.cf
-O 99_FVGT_meta.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.nospamtoday.com/download/mime_validate.cf
-O mime_validate.cf &> /dev/null
cd /usr/share/spamassassin/ &> /dev/null &&
/usr/bin/wget
http://www.ccert.edu.cn/spam/sa/Chinese_rules.cf
-O Chinese_rules.cf &> /dev/null
/etc/init.d/amavis restart &> /dev/null
exit 0
然后,执行它
chmod 755 /usr/local/sbin/sa_rules_update.sh
cd /etc/spamassassin
/usr/local/sbin/sa_rules_update.sh
你还可以加入计划任务中,让它每天自动执行,例如,执行 crontab -e,然后创建如下任务
10 4 * * * /usr/local/sbin/sa_rules_update.sh &> /dev/null
这样每天早上 4 点 10 分,就会自动下载更新这些过滤规则了
我们再来编辑/etc/spamassassin/v310.pre
我们把 #loadplugin Mail::SpamAssassin::Plugin::DCC
前的“#”给去掉
然后重置spamassassin 请执行
spamassassin --lint
然后重新启动 Amavisd-new:
/etc/init.d/amavis restart
注意这里不是启动 spamassassin,因为 spamassassin 以及配置为由 Amavisd-new 来调用了。
再更新我们的SpamAssassin
sa-update --no-gpg
为了让它以后能够自动更新,我们要做这样两步
执行下面的建一个脚本
crontab -e
把下面的代码复制
20 4 * * * /usr/bin/sa-update --no-gpg &> /dev/null
按ctrl+o 来保存,按ctrl+x来退出
这样每天早上 4 点 20 分,就会自动下载更新。
安装 Spam Locker 反垃圾邮件
在 ubuntu 上安装 Spam Locker 比较简单了,大部分 perl 包在上面已经安装了。
我们从www.extmail.org下载最新的 slockd-0.99.tar.gz 我们将它解压,并放到/usr/local下面
tar zxvf slockd-0.99.tar.gz
mv slockd /usr/local/slockd
然后编辑 /usr/local/slockd/config/main.cf,将
setsid 1
log_file /var/log/slockd.log
两行前面的注释去掉。
将 /usr/local/slockd/slockd-init 复制到 /etc/init.d 目录下,然后建立启动关闭服务的链接文件:
cp /usr/local/slockd/slockd-init /etc/init.d/slockd
update-rc.d slockd start 19 2 3 4 5 . stop 21 0 1 6 .
创建 /etc/logrotate.d/slockd
/var/log/slockd.log {
daily
notifempty
missingok
rotate 5
compress
create 644 root root
sharedscripts
}
然后,编辑 /usr/local/slockd/config/whitelist,加入你的白名单列表。之后启动 slockd 服务。
/etc/init.d/slockd start
编辑 /etc/postfix/main.cf,将
smtpd_recipient_restrictiOns= permit_mynetworks,
permit_sasl_authenticated, reject_unknown_sender_domain,
reject_non_fqdn_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_unauth_destination, reject_unauth_pipelining,
reject_invalid_hostname, check_recipient_maps
中的
check_recipient_maps
替换为
check_policy_service inet:127.0.0.1:10030
即可。然后重新启动 Postfix。
/etc/init.d/postfix reload
启动/测试 slockd
在/usr/local/slockd目录下,执行
./slockd
此时slockd将启动,并进入监听模式,接受来自10030端口的请求,要注意的是,如果刚才配置了log_file路径,则调试信息必须通过如下命令获得:
tail -f /var/log/slockd.log
打开另一个ssh/终端窗口,进入/usr/local/slockd/tools 目录,输入:
perl policy_sig -h localhost -p 10030 --helo FOOBAR \
--ip 192.168.0.1 --from
test@foo.com
--to
test@bar.com
此时,程序应该
京公网安备 11010802041100号 | 京ICP备19059560号-4 | PHP1.CN 第一PHP社区 版权所有