Zdarec,
nevie niekto o nejkom dobrom navode na spamassassina + clamav
Mam rozbehany postfix a tiez som
apt-get install amavis-new spamassassin spamc clamav
postfix mi uz aj spusta amavis ale neviem ako mam povedat amavisu ze ma pouzivat clamav a spamass...
Dikes za rady
POSTFIX AMAVIS SPAMASSASSIN CLAMAV
Pre pridávanie komentárov sa musíte prihlásiť.
takze virusy mi to uz skenuje som to aj odskusal, tak uz len jedna otazka, ako odskusam ci funguje aj spam?
ale nie, priklad mas napr. tu:
http://wiki.apache.org/spamassassin/TestingInstallation
*********************************************** Postfix+Amavis+Clamav+Spamassassin-Mini-HOWTO *********************************************** Debian Sarge 3.1 Postfix-tls 2.1.5-9 amavisd-new 20030616p10-5 ClamAV 0.88.1 SpamAssassin 3.0.3 sasl2-bin 2.1.19 libsasl2-modules ========= Postfix ========= Nainstalujeme Postfix: bash# apt-get install postfix V "/etc/postfix/main.cf" nastavime: myhostname - hostname servera mydomain - domenove meno servera myorigin - meno servera odchadzajucej posty (std. $myhostname) mydestination - domeny, pre ktore postfix prijima maily relay_domains - domeny, kt. sa budu preposielat Zeditujeme prislusne databazove subory v "/etc/postfix" pre povolenie/obmedzenie sluzby a vytvorime samotne databazy takto: a) pre "/etc/aliases": bash# newaliases b) pre ostatne subory: bash# cd /etc/postfix bash# postmap [nazov_suboru] ======== Amavis ======== Nainstalujeme amavis: bash# apt-get install amavis-new V "/etc/amavis/amavisd.conf" nastavime: $inet_socket_port = 10024 - Port, na ktorom amavis prijima maily $mydomain - fqdn servera $daemon_user - malo by to bezat pod userom 'amavis' $daemon_group - aj groupou 'amavis' $virus_admin - kam posielat spravy o zachytenych virusoch Pripadne skontrolovat prava "/var/lib/amavis". ======== Clamav ======== *** Instalacia z balicka bash# apt-get install clamav Malo by to stiahnut aj zavislosti, mali by tam byt tieto baliky: clamav clamav-base clamav-daemon clamav-freshclam Upravime len "/etc/clamav/freshclam.conf": Cheks - interval kontroly databazy novych virusov DatabaseMirror - server s databazou virusov (moze ich byt aj viac), napr. "db.[kod_krajiny].clamav.net" *** Instalacia zo zdrojakov Treba nainstalovat tieto balicky: bash# apt-get install zlib bash# apt-get install zlib-dev bash# apt-get install libgmp3 bash# apt-get install libgmp3-dev Stiahneme zdrojaky z "www.clamav.net" a rozbalime do "/usr/local/src": bash# tar xzf clamav-x.y.tar.gz -C /usr/local/src Vytvorime usera a skupinu "clamav" bash# addgroup clavam bash# adduser -g clamav -s /bin/false -c "Clamav AntiVirus" clamav Do skupiny "amavis" a "staff" pridat usera "clamav". Do adresara "/usr/local/lib" musi mat clamav pravo zapisu. Staci nastavit ako skupinu "clamav" a dat jej pravo zapisu: bash# chown root:clamav /usr/local/lib bash# chmod 0775 /usr/local/lib Nastavit aj "/var/log/clamav" (ale zrejme este neexistuje :-): bash# chown clamav:clamav /var/log/clamav Nakoniec skompilujeme "clamav": bash# cd /usr/local/src/clamav-x.y bash# ./configure (malo by to skoncit bez chyby) bash# make bash# make install Binarky hodi do "/usr/local/sbin". Init skripty: "/etc/init.d/clamav-daemon" "/etc/init.d/clamav-freshclam" som pouzil z balickovej distribucie s upravou ciest k binarkam. Konfiguraky hodi do "/usr/local/etc". V "clamd.conf" upravime: DatabaseDirectory - cesta ku knizniciam clamavu ("/usr/local/lib") Vo "freshclam.conf" nastavime: Cheks - interval kontroly databazy novych virusov DatabaseMirror - server s databazou virusov (moze ich byt aj viac), napr. "db.[kod_krajiny].clamav.net" DatabaseDirectory - cesta ku knizniciam clamavu ("/usr/local/lib") Pripadne vytvorit symlinky v "/etc/rc2.d": bash# ln -s /etc/init.d/clamav-daemon /etc/rc2.d/S20clamav-daemon bash# ln -s /etc/init.d/clamav-freshclam /etc/rc2.d/S20clamav-freshclam============== Spamassassin ============== Nainstalovat spamassassin: bash# apt-get install spamassassin V "/etc/default/spamassassin" nastavit: ENABLE=1 Upravit "/etc/spamassassin/local.cf": trusted_networks - host,nets ktorym doverujeme (bezSPAMove) Pripadne pridat vlastne filtre. Vytvorit usera "filter" s domacim adresarom "/var/spool/filter": bash# addgroup filter bash# adduser -h /var/spool/filter -s /bin/bash -g filter \ > -c "SPAM filter" --disabled-password filter Prihlasit sa pod tymto user a naucit spamassasin spam a ham: bash# su - filter bash$ sa-learn --ham [cesta_k_hamu] bash$ sa-learn --spam [cesta_k_spamu] *** Uprava konfigurakov pre "postfix" Do "/etc/postfix/main.cf" pridame: content_filter = smtp-amavis:[127.0.0.1]:10024 Upravime "/etc/postfix/master.cf": smtp unix - - - - - smtp -o content_filter=spamassassin: local unix - n n - - local -o content_filter= smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= spamassassin unix - n n - - pipe user=filter argv=/usr/local/bin/filter.sh -f ${sender} -- ${recipient} Vytvorime skript "/usr/local/bin/filter.sh". ====== SASL ====== Nainstalujeme sasl2-bin a libsasl2-modules: bash# apt-get install sasl2-bin libsasl2-modules Vyeditujeme "/etc/default/saslauthd": START=yes MECHANISMS="shadow" - pam,shadow,sasldb: mechanizmus overovania Vytvorit subor "/etc/postfix/sasl/smptd.conf": pwcheck_method: saslauthd saslauthd_path: /var/run/saslauthd/mux (alebo kde to sasl ma) Nezabudnut na spustanie v "/etc/init.d/saslauthd": bash# ln -s /etc/init.d/saslauthd /etc/rc2.d/S20saslauthd *** Uprava konfigurakov postfixu Do "/etc/postfix/main.cf" pridame: smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes Usera "postfix" pridat do skupiny "sasl" (tusim musi mat pravo na socket demona "saslauthd".)######################## # /etc/postfix/main.cf # ######################## queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/lib/postfix mail_owner = postfix default_privs = nobody myhostname = mailfilter.vadium.sk mydomain = vadium.sk myorigin = $myhostname inet_interfaces = all unknown_local_recipient_reject_code = 550 mynetworks = hash:/etc/postfix/network_table relay_domains = $transport_maps transport_maps = regexp:/etc/postfix/transport_maps alias_maps = hash:/etc/aliases mail_spool_directory = /var/mail smtpd_banner = $myhostname ESMTP $mail_name debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 content_filter = smtp-amavis:[127.0.0.1]:10024 smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes smtpd_client_restrictions = check_client_access hash:/etc/postfix/client_access permit_mynetworks reject_rbl_client relays.ordb.org reject_rbl_client dnsbl.njabl.org reject_rbl_client sbl-xbl.spamhaus.org reject_rbl_client opm.blitzed.org smtpd_sender_rectriction = permit_mynetworks reject_non_fqdn_sender reject_unknown_sender_domain check_sender_access hash:/etc/sender_access reject_rhsbl_sender relays.ordb.org reject_rhsbl_sender opm.blitzed.org reject_rhsbl_sender sbl-xbl.spamhaus.org reject_rhsbl_sender dnsbl.njabl.org smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks check_recipient_access pcre:/etc/postfix/recipient_checks.pcre reject_rbl_client relays.ordb.org reject_rbl_client dnsbl.njabl.org reject_rbl_client sbl-xbl.spamhaus.org reject_rbl_client opm.blitzed.org reject_unauth_destination smptd_data_restriction = reject_unauth_pipelining smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/helo_access reject_invalid_hostname smtpd_helo_required = yes allow_untrusted_routing = no disable_vrfy_command = yes strict_rfc821_envelopes=yes delay_warning_time = 4 maximal_queue_lifetime = 2 queue_run_delay = 1000s bounce_size_limit = 50000 header_size_limit = 102400 line_length_limit = 2048 message_size_limit = 4096000 mailbox_size_limit = 51200000 double_bounce_sender = double-bounce########################## # /etc/postfix/master.cf # ########################## smtp inet n - n - - smtpd -o content_filter=spamassassin: pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - - 300 1 qmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - - - - smtp -o content_filter=spamassassin: relay unix - - - - - smtp showq unix n - - - - showq error unix - - - - - error local unix - n n - - local -o content_filter= virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= spamassassin unix - n n - - pipe user=filter argv=/usr/local/bin/filter.sh -f ${sender} -- ${recipient} maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} ################################ # /etc/postfix/sasl/smtpd.conf # ################################ pwcheck_method: saslauthd saslauthd_path: /var/run/saslauthd/mux ############################## # /etc/spamassassin/local.cf # ############################## rewrite_header Subject *****SPAM***** required_score 4 report_safe 1 report_contact root@vadium.sk trusted_networks 213.151.252. rewrite_subject 1 use_bayes 1 bayes_auto_learn 1 skip_rbl_checks 0 use_razor2 0 use_pyzor 0 use_dcc 0 auto_learn 1 score RCVD_IN_BL_SPAMCOP_NET 4 score RCVD_IN_DSBL 2 score BAYES_00 -1.0 ############################ # /usr/local/bin/filter.sh # ############################ #!/bin/sh # # spamc.sh # # Simple filter to plug SpamAssassin # into the Postfix MTA, using the spamc / spamd # daemon version of SpamAssassin. # # File locations: INSPECT_DIR=/var/spool/filter SENDMAIL="/usr/sbin/sendmail -i" SPAMC=/usr/bin/spamc SASSASSIN=/usr/bin/spamassassin # Exit codes from <sysexits.h> EX_TEMPFAIL=75 EX_UNAVAILABLE=69 cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; } # Clean up when done or when aborting. trap "rm -f in.$$ out.$$" 0 1 2 3 15 # Write raw input to a temp file before sending to spamc: # (spamc doesn't seem to like taking input from a pipe) cat > in.$$ $SPAMC < in.$$ 2>/dev/null > out.$$ $SENDMAIL "$@" < out.$$ exit $? ############################# # /usr/local/etc/clamd.conf # ############################# LocalSocket /var/run/clamav/clamd.ctl FixStaleSocket User clamav AllowSupplementaryGroups ScanMail ScanArchive ArchiveMaxRecursion 5 ArchiveMaxFiles 1000 ArchiveMaxFileSize 10M ArchiveMaxCompressionRatio 250 ReadTimeout 180 MaxThreads 12 MaxConnectionQueueLength 15 LogFile /var/log/clamav/clamav.log LogTime LogFileMaxSize 0 PidFile /var/run/clamav/clamd.pid DatabaseDirectory /usr/local/lib SelfCheck 3600 ScanOLE2 ScanPE DetectBrokenExecutables ScanHTML ArchiveBlockMax ################################# # /usr/local/etc/freshclam.conf # ################################# DatabaseOwner clamav UpdateLogFile /var/log/clamav/freshclam.log LogFileMaxSize 0 MaxAttempts 5 Checks 24 DatabaseMirror db.sk.clamav.net DatabaseMirror database.clamav.net DatabaseDirectory /usr/local/lib NotifyClamd DNSDatabaseInfo current.cvd.clamav.netmozno by este stalo za spomenutie: Razor, Pyzor, DCC atd atd :-)
dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
takze vyzera ze sa mi to nakoniec vsetko podarilo rozbehat, jupiiii hip hip huraaa
vdaka vam vsetkym co ste mi radili...
Akurat ma znepokojuje jedna hlaska v logu:
Ale divne je ze to funguje, teda poslem napr. test vir majl eicar.com
tak mi emajl nedoruci prijemcovi ale posle ho postamster-ovi s hlaskou ze je infikovany
Skusim poslat SPAM email: tento http://spamassassin.apache.org/gtube/gtube.txt
tak takisto, nedoruci ho prijemcovi ale posle ho mne, mno teda postmastrovi
Tak co potom znamena ta hlaska v logu?
Dikes
takze edit: /etc/amavisd.conf a najst sekciu kde je Clamav ako primar (demon) a skontrolovat cestku k demonu
Iny sposob:
spusti amavisd v debug mode a on ti to vypise na obrazofku ;-)
# /usr/local/bin/amavisd debug
############################ # /usr/local/bin/filter.sh # ############################ #!/bin/sh # # spamc.sh # # Simple filter to plug SpamAssassin # into the Postfix MTA, using the spamc / spamd # daemon version of SpamAssassin. # # File locations: INSPECT_DIR=/var/spool/filter SENDMAIL="/usr/sbin/sendmail -i" SPAMC=/usr/bin/spamc SASSASSIN=/usr/bin/spamassassin # Exit codes from <sysexits.h> EX_TEMPFAIL=75 EX_UNAVAILABLE=69 cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; } # Clean up when done or when aborting. trap "rm -f in.$$ out.$$" 0 1 2 3 15 # Write raw input to a temp file before sending to spamc: # (spamc doesn't seem to like taking input from a pipe) cat > in.$$ $SPAMC < in.$$ 2>/dev/null > out.$$ $SENDMAIL "$@" < out.$$ exit $?a este toto v master.cf
spamassassin unix - n n - - pipe user=filter argv=/usr/local/bin/filter.sh -f ${sender} -- ${recipient}nechapem na co to ma sluzit?