Февраль 23rd, 2015 
Evgeniy Kamenev 1.Установка,настройка,тестирование Spamassassin,spamass-milter.
|
1 |
# yum install spamass-milter spamassassin |
|
1 |
# cp /etc/mail/spamassassin/v310.pre /etc/mail/spamassassin/v310.pre~ |
|
1 |
# cat /etc/mail/spamassassin/v310.pre | grep -v \# | grep -v ^$ |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
loadplugin Mail::SpamAssassin::Plugin::DCC loadplugin Mail::SpamAssassin::Plugin::Pyzor loadplugin Mail::SpamAssassin::Plugin::Razor2 loadplugin Mail::SpamAssassin::Plugin::SpamCop loadplugin Mail::SpamAssassin::Plugin::AWL loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject loadplugin Mail::SpamAssassin::Plugin::MIMEHeader loadplugin Mail::SpamAssassin::Plugin::ReplaceTagscp |
|
1 |
# cp /etc/mail/spamassassin/local.cf /etc/mail/spamassassin/local.cf~ |
|
1 |
# nano /etc/mail/spamassassin/local.cf |
# количество «очков спама», что бы письмо было помечено как спам
|
1 |
required_hits 5 |
# что следует делать с оригинальным сообщением, если оно будет признано спамом
# оставить как есть – 0
# прикрепить к отчету как вложение – 1
# добавить к отчету как текст — 2
|
1 |
report_safe 0 |
# Добавлять метку *****SPAM***** к спам сообщениям
|
1 |
rewrite_header Subject [SPAM] |
# Указываем кол-во баллов, при котором сообщение считается спамом
# (по умолчанию: 5.0)
|
1 |
required_score 5.0 |
# Использовать фильтр Bayesian (по умолчанию: 1)
|
1 2 |
use_bayes 1 use_bayes_rules 1 |
# Bayesian авто обучение (default: 1)
# письма распознанные как 100% спам или 100% не спам
# добавляются в базу
|
1 |
bayes_auto_learn 1 |
# Использовать сетевые проверки(Realtime Blackhole list)
|
1 |
skip_rbl_checks 0 |
# Использовать Razor
|
1 |
use_razor2 1 |
# Использовать DCC
|
1 |
use_dcc 1 |
#Использовать Pyzor
|
1 |
use_pyzor 1 |
# Указываем допустимые языки и локали сообщений
|
1 |
# ok_locales en ru |
|
1 2 |
# trusted_networks 127/8 # internal_networks 127/8 |
|
1 |
# nano /etc/sysconfig/spamass-milter |
|
1 2 |
SOCKET=/var/run/spamass-milter/spamass-milter.sock RUN_AS_USER=sa-milt |
|
1 |
# nano /etc/sysconfig/spamassassin |
|
1 |
SPAMDOPTIONS="-d -c -m5 -H" |
Проверка синтаксиса Spamassassin
|
1 |
# spamassassin --lint |
Обновляем базы Spamassassin
|
1 |
# sa-update -v |
|
1 2 |
Update available for channel updates.spamassassin.org Update was available, and was downloaded and installed successfully |
|
1 |
# nano /etc/cron.d/sa-update |
|
1 |
10 4 * * * root /usr/share/spamassassin/sa-update.cron 2>&1 | tee -a /var/log/sa-update.log |
|
1 |
# systemctl start spamassassin |
|
1 |
# systemctl enable spamassassin |
|
1 |
# systemctl start spamass-milter |
|
1 |
# systemctl enable spamass-milter |
|
1 |
# netstat -nlpt | grep spamd |
|
1 |
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 4602/spamd.pid -d - |
|
1 |
# netstat -na | grep spamass |
|
1 |
unix 2 [ ACC ] STREAM LISTENING 112500724 /var/run/spamass-milter/spamass-milter.sock |
Тестирование Spamassassin с не спам и со спам письмом.
|
1 |
# spamassassin -t < /usr/share/doc/spamassassin-3.3.2/sample-nonspam.txt | grep X-Spam |
|
1 2 3 |
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ....... X-Spam-Level: ** X-Spam-Status: No, score=2.1 required=5.0 tests=AWL,DNS_FROM_AHBL_RHSBL, |
|
1 |
# spamassassin -t < /usr/share/doc/spamassassin-3*/sample-spam.txt | grep X-Spam |
|
1 2 3 4 |
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ....... X-Spam-Flag: YES X-Spam-Level: ************************************************** X-Spam-Status: Yes, score=1000.0 required=5.0 tests=GTUBE,NO_RECEIVED, |
2.Настройка Sendmail для фильтрации писем средствами Spamassassin с помощью spamass—milter
|
1 |
# nano /etc/mail/sendmail.mc |
|
1 2 3 |
INPUT_MAIL_FILTER(`spamassassin', `S=unix:/var/run/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl define(`confMILTER_MACROS_HELO',`s, {tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}')dnl |
|
1 |
# cd /etc/mail |
|
1 |
# make all |
|
1 |
# systemctl restart sendmail |
Отправка тестового спама в теле письма Spamassassin
|
1 |
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X |
3.Установка и настройка Clamav Antivirus,clamav-milter,clamav-update(freshclam)
|
1 |
# yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd |
|
1 |
# ls -al /var/log/clamav-milter.log |
|
1 |
-rw--w---- 1 root clamilt 0 Feb 20 13:18 /var/log/clamav-milter.log |
|
1 |
# nano /etc/sysconfig/freshclam |
|
1 |
#FRESHCLAM_DELAY=disabled-warn – REMOVE ME |
|
1 |
# nano /etc/cron.d/clamav-update |
|
1 2 |
MAILTO=root 0 18 * * * root /usr/share/clamav/freshclam-sleep |
4.Настройка freshclam
|
1 |
# cat /etc/freshclam.conf | grep -v \# | grep -v ^$ |
|
1 2 3 4 5 6 7 8 9 |
DatabaseDirectory /var/lib/clamav UpdateLogFile /var/log/freshclam.log LogFileMaxSize 20M LogTime yes PidFile /var/run/freshclam.pid DatabaseOwner clamupdate DatabaseMirror database.clamav.net Checks 1 NotifyClamd /etc/clamd.d/scan.conf |
|
1 |
# ls -al /var/lib/ | grep clamav |
|
1 |
drwxr-xr-x 2 clamupdate clamupdate 4096 Feb 20 14:34 clamav |
|
1 |
# tail -f /var/log/freshclam.log |
|
1 |
# freshclam |
5.Настройка Clamav-milter
|
1 |
# cat /etc/mail/clamav-milter.conf | grep -v \# | grep -v ^$ |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
MilterSocket /var/run/clamav-milter/clamav-milter.socket User clamilt AllowSupplementaryGroups yes PidFile /var/run/clamav-milter/clamav-milter.pid TemporaryDirectory /var/tmp ClamdSocket unix:/var/run/clamd.scan/clamd.sock LocalNet local LocalNet 127.0.0.1 OnClean Accept OnInfected Reject OnFail Defer RejectMsg "The virus has been detected.Please don't send viruses" AddHeader Add LogFile /var/log/clamav-milter.log LogFileMaxSize 20M LogTime yes |
|
1 |
# systemctl enable clamav-milter |
|
1 |
# systemctl start clamav-milter |
|
1 |
# systemctl status clamav-milter |
6.Настройка Clamd
|
1 |
# cat /etc/clamd.d/scan.conf | grep -v \# | grep -v ^$ |
|
1 2 3 4 5 6 7 8 9 10 |
LogFile /var/log/clamd.scan LogFileMaxSize 20M LogTime yes LogClean yes PidFile /var/run/clamd.scan/clamd.pid TemporaryDirectory /var/tmp DatabaseDirectory /var/lib/clamav LocalSocket /var/run/clamd.scan/clamd.sock User clamupdate AllowSupplementaryGroups yes |
|
1 |
# mkdir /var/run/clamd.scan/ |
|
1 |
# chown -R clamupdate: clamupdate /var/run/clamd.scan |
|
1 |
# systemctl enable clamd@scan |
|
1 |
# systemctl start clamd@scan |
|
1 |
# systemctl status clamd@scan |
7.Настройка Sendmail для проверки почты на вирусы с помощью clamav—milter.
|
1 |
# cd /etc/mail/ |
|
1 |
# nano sendmail.mc |
|
1 |
INPUT_MAIL_FILTER(`clamav-milter', `S=local:/var/run/clamav-milter/clamav-milter.socket, F=T,T=S:4m;R:4m;E:10m') |
|
1 |
# make all |
|
1 |
# systemctl restart sendmail |
8.Загрузка тестового вируса и проверка работы Clamav
|
1 |
# cd /tmp |
|
1 |
# curl -O http://www.eicar.org/download/eicar.com |
|
1 |
# clamscan /tmp --infected --remove --recursive |
|
1 2 |
/tmp/eicar.com: Eicar-Test-Signature FOUND /tmp/eicar.com: Removed. |
|
1 2 3 4 5 6 7 8 9 |
----------- SCAN SUMMARY ----------- Known viruses: 3747942 Engine version: 0.98.6 Scanned directories: 1 Scanned files: 2 Infected files: 1 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 11.306 sec (0 m 11 s) |
8.Настройка Logrotate для ротации лог-файлов
|
1 |
# nano /etc/logrotate.d/clamav-update |
|
1 2 3 4 5 6 7 8 9 |
/var/log/freshclam.log { rotate 3 compress daily dateext missingok notifempty create 664 root clamupdate } |
|
1 |
# nano /etc/logrotate.d/clamav-milter |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
/var/log/clamav-milter.log { rotate 3 compress daily dateext missingok notifempty create 660 root clamilt sharedscripts postrotate /bin/kill -USR1 `cat /var/run/clamav-milter/clamav-milter.pid 2>/dev/null` 2>/dev/null || true endscript } |
|
1 |
# nano /etc/logrotate.d/clam |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
/var/log/clamd.scan { rotate 3 compress daily dateext missingok notifempty create 664 root clamupdate sharedscripts postrotate /bin/kill -USR1 `cat /var/run/clamd.scan/clamd.pid 2>/dev/null` 2>/dev/null || true endscript } |
Источник:
http://www.brennan.id.au/12-Sendmail_Server.html
http://rtfm.co.ua/exim-podklyuchaem-spamassassin-na-centos/#more-4927
Опубликовано в рубрике 
Метки: