架設防病毒、垃圾郵件網關

郵件網關是用來做爲公司原有服務器之過濾器，它是架設在原有的 服務器之前端，可將廣告信和病毒郵件在郵件網關 內做完過濾的動作之後，再把信件傳送到原有公司的郵件服務器上，完全不用更改到原本公司內部的那台郵件服務器，如此就可以省去很多不必要的麻煩，安裝 郵件網關 必需配合 DNS Server 的設定，要將 MX 記錄的第一個記錄指向郵件網關，再把MX 記錄的第二記錄指向原有公司的那台郵件服務器，這樣就可以有容錯的功能，如果 郵件網關硬件損壞或關機時，郵件還是會傳送到原有的郵件服務器而不會遺失。

所需信息：

OS : FreeBSD 6.0 Release

postfix-2.3.2 : /usr/ports/mail/postfix

clamav-0.88 : /usr/ports/security/clamav

uvscan-dat: /usr/ports/secutity/uvscan-dat

vscan: /usr/ports/secutity/vscan

amavis-stats-0.1.12 /usr/ports/security/amavis-stats

amavisd-new-2.4.1 : /usr/ports/security/amavisd-new

郵件網關 IP : 202.104.144.195(假設)

郵件服務器 IP : 202.104.144.196（假設）

域名：test.domain （假設）

安裝開始==========〉

新裝系統先用cvsup更新ports。

安裝 Clamav

#cd /usr/ports/security/clamav

#make install clean

編輯啓動檔 #vi /etc/rc.conf

clamav_clamd_enable="YES"

clamav_freshclam_enable="YES"

#cd /usr/local/etc

#cp clamd.conf.default clamd.conf

#cp freshclam.conf.default freshclam.conf

編輯設定檔： #vi /usr/local/etc/clamd.conf

LogFile /var/log/clamav/clamd.log

LogFileMaxSize 2M

LogTime

LogSyslog

LogVerbose

PidFile /var/run/clamav/clamd.pid

LocalSocket /var/run/clamav/clamd

StreamSaveToDisk

MaxDirectoryRecursion 15

User clamav

AllowSupplementaryGroups

ScanMail

ScanArchive

ArchiveMaxFileSize 10M

ArchiveMaxRecursion 5

ArchiveMaxFiles 1000

ClamukoScanOnOpen

ClamukoScanOnClose

ClamukoScanOnExec

ClamukoIncludePath /home

ClamukoMaxFileSize 1M

ClamukoScanArchive

安裝uvscan

#cd /usr/ports/security/uvscan-dat

#make install clean

# cd /usr/usr/ports/security/vscan

#make install clean

增加定時更新病毒庫

#crontab –e

20 0 * * * /usr/local/sbin/update_dat

再加裝 Amavisd-new

#cd /usr/ports/security/amavisd-new/

#make install clean

#cp /usr/local/etc/amavisd.conf-sample /usr/local/etc/amavisd.conf

#vi /usr/local/etc/amavisd.conf

****************************************************************

# Section I - Essential daemon and MTA settings

$mydomain = 'test.domain';

$myhostname = 'viruswall.test.domain';

$forward_method = 'smtp:127.0.0.1:10025';

$notify_method = $forward_method;

# Section II - MTA specific

沒更改變使用預設

# Section III - Logging

$DO_SYSLOG = 1;

$DO_SYSLOG = 5;

# Section IV - Notifications/DSN, bounce/reject/discard/pass, quarantine

$final_virus_destiny = D_BOUNCE; # (defaults to D_DISCARD)

$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)

$final_spam_destiny = D_DISCARD; # (defaults to D_BOUNCE)

$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested

# Section V - Per-recipient and per-sender handling, whitelisting, etc.

$virus_admin = "virusalert\@$myhostname";

$spam_admin = "spamalert\@$myhostname";

# Section VI - Resource limits

沒更改變使用預設

# Section VII - External programs, virus scanners, SpamAssassin

$sa_tag_level_deflt = -999;

$sa_tag2_level_deflt = 10;

$sa_kill_level_deflt = 20;

['ClamAV-clamd', # 開啓 clamav 跟 amavisd-new 搭配

\%26amp;ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],

qr/\bOK$/, qr/\bFOUND$/,

qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

# Section VIll - Resource limits

$sa_spam_subject_tag = '***SPAM*** ';

$sa_spam_modifies_subj = 1;

# Section IX - Policy banks (dynamic policy switching)

沒更改變使用預設

****************************************************************

新增 log 文件所要使用的目錄及改變目錄權限：

#mkdir /var/log/amavis

#chown vscan:vscan amavis

#cd amavis

#touch amavis.log

#chown vscan amavis.log

#cd /var

#chown -R vscan:clamav amavis

在最新的AMaVisd-new已經結合了Spamassassin功能，所以只要用 ports安裝了 AMaVisd-new，那Spamassassin 也已經安裝好了。

添加需要的用戶

# pw useradd spam -c "Spam Bayes Learner" -d /var/empty -s /sbin/nologin

# pw useradd notspam -c "Not Spam Bayes Learner" -d /var/empty -s /sbin/nologin

修改/usr/local/etc/mail/spamassassin/local.cf

use_bayes 1

bayes_path /var/amavis/.spamassassin/bayes

auto_learn 1

auto_learn_threshold_nonspam -2

auto_learn_threshold_spam 15

加入 SapmAssassin 的學習設定檔：

#vi /var/amavis/.spamassassin/user_prefs

required_hits 5.0

rewrite_subject 1

# Text to prepend to subject if rewrite_subject is used

rewrite_header Subject ****SPAM(_SCORE_)****

# Encapsulate spam in an attachment

report_safe 1

# Use terse version of the spam report # 用精簡的方式來回報垃圾給管理者

use_terse_report 1

# Enable the Bayes system # 使用貝氏學習系統

use_bayes 1

# Enable Bayes auto-learning # 開起貝氏自動學習功能

auto_learn 1

# Enable or disable network checks

skip_rbl_checks 0

use_razor2 1

use_dcc 1

use_pyzor 1

# Mail using languages used in these country codes will not be marked

# as being possibly spam in a foreign language.

# - chinese

ok_languages all

# Mail using locales used in these country codes will not be marked

# as being possibly spam in a foreign language.

ok_locales all

# Disabled scores

score HEADER_8BITS 0

score HTML_COMMENT_8BITS 0

score SUBJ_FULL_OF_8BITS 0

score UPPERCASE_25_50 0

score UPPERCASE_50_75 0

score UPPERCASE_75_100 0

#chown vscan:vscan user_prefs

建立自動學習體系

l# vi /usr/local/sbin/my-sa-learn.sh

#!/bin/sh

if [ -e /var/mail/spam ]; then

/usr/local/bin/sa-learn --spam -p /var/amavis/.spamassassin/user_prefs --mbox /var/mail/spam

rm /var/mail/spam /dev/null

fi

if [ -e /var/mail/notspam ]; then

/usr/local/bin/sa-learn --ham -p /var/amavis/.spamassassin/user_prefs --mbox /var/mail/notspam

rm /va/mail/notspam /dev/null

fi

# chmod a+x /usr/local/sbin/my-sa-learn.sh

建立學習知識庫：

mail# /usr/local/bin/sa-learn --rebuild -p /var/amavis/.spamassassin/user_prefs

加入自動運行：

mail# crontab -e

5 0 * * * /usr/local/sbin/my-sa-learn.sh

編輯啓動檔 #vi /etc/rc.conf 增加：

amavisd_enable="YES"

spamd_enable="YES"

加裝 Postfix MTA

#cd /usr/ports/mail/postfix

#make install # 可以什麽選項都不用選，安裝過程會有兩個需要回答的問題都選 Yes 即可

#vi /usr/local/etc/postfix/master.cf # 注意下面 -o 之前必須要空一格 postfix 才會正常啓動

smtp-amavis unix - - n - 2 smtp

-o disable_dns_lookups=yes

127.0.0.1:10025 inet n - n - - smtpd

-o content_filter=

-o local_recipient_maps=

-o relay_recipient_maps=

-o smtpd_restriction_classes=

-o smtpd_client_restrictions=

-o smtpd_helo_restrictions=

-o smtpd_sender_restrictions=

-o smtpd_recipient_restrictions=permit_mynetworks,reject

-o mynetworks=127.0.0.0/8

-o strict_rfc821_envelopes=yes

#vi /usr/local/etc/postfix/main.cf

myhostname = viruswall.test.domain

mydomain = test.domain

mynetworks = 202.104.144.196/28, 127.0.0.0/8

alias_maps = hash:/usr/local/etc/postfix/aliases

content_filter = smtp-amavis:[127.0.0.1]:10024

relay_domains = $mydestination, test.domain

transport_maps = hash:/usr/local/etc/postfix/transpor

#cd /usr/local/etc/postfix/

#vi aliases

virusalert: admin

spamalert: admin

#vi transport

test.domain smtp:[202.96.144.196]

.test.domain smtp:[202.104.144.196]

viruswall.test.domain local:

localhost.test.domain local:

#postalias aliases

#postmap transport

#postfix start

#postfix reload

#netstat -na |grep LISTEN # 查看 25 , 10024 , 10025 這三個 port 有無 up

tcp4 0 0 127.0.0.1.10025 *.* LISTEN

tcp4 0 0 *.25 *.* LISTEN

tcp4 0 0 127.0.0.1.10024 *.* LISTEN

安裝amvis-stats

#cd /usr/ports/secrity/amavis-stats

#make install clean

# cd /usr/local/www/data

# ln -s ../amavis-stats ./

# crontab -e -u amavis

*/5 * * * * /usr/local/sbin/amavis-stats /var/log/maillog 2%26amp;1 /dev/null

有關apache2與php4的相關設定就不再啰嗦。

在http://viruswall.test.domain/amavis-stats 就可以訪問網關服務器攔截病毒與垃圾郵件的成績圖。其中攔截的病毒與垃圾郵件被放置在/var/virusmails裏，要定期清理：

#crontab –e

50 23 * * * find /var/virusmails/ -ctime +7 -type f -delete -print |mail -s "Delete Virusmail" root@test.domain

• postfix郵件服務器安全策略
• Linux環境下郵件服務器的分析比較
• Qmail Toaster (Linux版)
• FreeBSD下Qmail安裝
• web界面添加email的Perl程序不完整版
• 用igenus-qmail攔截采用動態域名發送
• 內外網物理隔離下的集群郵件系統路由方案
• 簡易安裝postfix郵件服務器
• 在postfix中實現基于cyrus-sasl
• 常規的qmail的防垃圾郵件處理