POSTFIX AMAVIS SPAMASSASSIN CLAMAV

Sekcia: Konfigurácia 19.03.2007 | 22:13
jako   Návštevník
Zdarec,

nevie niekto o nejkom dobrom navode na spamassassina + clamav

Mam rozbehany postfix a tiez som
apt-get install amavis-new spamassassin spamc clamav

postfix mi uz aj spusta amavis ale neviem ako mam povedat amavisu ze ma pouzivat clamav a spamass...

Dikes za rady
    • Re: POSTFIX AMAVIS SPAMASSASSIN CLAMAV 19.03.2007 | 22:17
      Avatar borg Arch, Debian jessie  Administrátor
      • Re: POSTFIX AMAVIS SPAMASSASSIN CLAMAV 19.03.2007 | 23:44
        jako   Návštevník
        supis, dik za odkazy ;)

        takze virusy mi to uz skenuje som to aj odskusal, tak uz len jedna otazka, ako odskusam ci funguje aj spam?
        • Re: POSTFIX AMAVIS SPAMASSASSIN CLAMAV 19.03.2007 | 23:51
          Avatar borg Arch, Debian jessie  Administrátor
          registruj svoju adresu na pochybne stranky :)

          ale nie, priklad mas napr. tu:
          http://wiki.apache.org/spamassassin/TestingInstallation
    • Re: POSTFIX AMAVIS SPAMASSASSIN CLAMAV 20.03.2007 | 03:47
      Avatar superlamer Debian RedHat FreeBSD  Používateľ
                  ***********************************************
      Postfix+Amavis+Clamav+Spamassassin-Mini-HOWTO
      ***********************************************
      
      Debian Sarge 3.1
      Postfix-tls 2.1.5-9
      amavisd-new 20030616p10-5
      ClamAV 0.88.1
      SpamAssassin 3.0.3
      sasl2-bin 2.1.19
      libsasl2-modules
      
      =========
       Postfix
      =========
      
      Nainstalujeme Postfix:
      
      bash# apt-get install postfix
      
      V "/etc/postfix/main.cf" nastavime:
      
      myhostname - hostname servera
      mydomain - domenove meno servera
      myorigin - meno servera odchadzajucej posty (std. $myhostname)
      mydestination - domeny, pre ktore postfix prijima maily
      relay_domains - domeny, kt. sa budu preposielat
      
      Zeditujeme prislusne databazove subory v "/etc/postfix"
      pre povolenie/obmedzenie sluzby a vytvorime samotne databazy takto:
      
      a) pre "/etc/aliases":
      bash# newaliases
      
      b) pre ostatne subory:
      bash# cd /etc/postfix
      bash# postmap [nazov_suboru]
      
      ========
       Amavis
      ========
      
      Nainstalujeme amavis:
      
      bash# apt-get install amavis-new
      
      V "/etc/amavis/amavisd.conf" nastavime:
      
      $inet_socket_port = 10024 - Port, na ktorom amavis prijima maily
      $mydomain - fqdn servera
      $daemon_user - malo by to bezat pod userom 'amavis'
      $daemon_group - aj groupou 'amavis'
      $virus_admin - kam posielat spravy o zachytenych virusoch
      
      Pripadne skontrolovat prava "/var/lib/amavis".
      
      ========
       Clamav
      ========
      
      *** Instalacia z balicka
      
      bash# apt-get install clamav
      
      Malo by to stiahnut aj zavislosti, mali by tam byt tieto baliky:
      
      clamav
      clamav-base
      clamav-daemon
      clamav-freshclam
      
      Upravime len "/etc/clamav/freshclam.conf":
      
      Cheks - interval kontroly databazy novych virusov
      DatabaseMirror - server s databazou virusov (moze ich byt aj viac),
                       napr. "db.[kod_krajiny].clamav.net"
      
      *** Instalacia zo zdrojakov
      
      Treba nainstalovat tieto balicky:
      
      bash# apt-get install zlib
      bash# apt-get install zlib-dev
      bash# apt-get install libgmp3
      bash# apt-get install libgmp3-dev
      
      Stiahneme zdrojaky z "www.clamav.net" a rozbalime do "/usr/local/src":
      
      bash# tar xzf clamav-x.y.tar.gz -C /usr/local/src
      
      Vytvorime usera a skupinu "clamav"
      
      bash# addgroup clavam
      bash# adduser -g clamav -s /bin/false -c "Clamav AntiVirus" clamav
      
      Do skupiny "amavis" a "staff" pridat usera "clamav". Do adresara
      "/usr/local/lib" musi mat clamav pravo zapisu. Staci nastavit ako
      skupinu "clamav" a dat jej pravo zapisu:
      
      bash# chown root:clamav /usr/local/lib
      bash# chmod 0775 /usr/local/lib
      
      Nastavit aj "/var/log/clamav" (ale zrejme este neexistuje :-):
      
      bash# chown clamav:clamav /var/log/clamav
      
      Nakoniec skompilujeme "clamav":
      
      bash# cd /usr/local/src/clamav-x.y
      bash# ./configure (malo by to skoncit bez chyby)
      bash# make
      bash# make install
      
      Binarky hodi do "/usr/local/sbin". Init skripty:
      
      "/etc/init.d/clamav-daemon"
      "/etc/init.d/clamav-freshclam"
      
      som pouzil z balickovej distribucie s upravou ciest
      k binarkam.
      
      Konfiguraky hodi do "/usr/local/etc". V "clamd.conf" upravime:
      
      DatabaseDirectory - cesta ku knizniciam clamavu ("/usr/local/lib")
      
      Vo "freshclam.conf" nastavime:
      
      Cheks - interval kontroly databazy novych virusov
      DatabaseMirror - server s databazou virusov (moze ich byt aj viac),
                       napr. "db.[kod_krajiny].clamav.net"
      DatabaseDirectory - cesta ku knizniciam clamavu ("/usr/local/lib")
      
      Pripadne vytvorit symlinky v "/etc/rc2.d":
      
      bash# ln -s /etc/init.d/clamav-daemon /etc/rc2.d/S20clamav-daemon
      bash# ln -s /etc/init.d/clamav-freshclam /etc/rc2.d/S20clamav-freshclam
      
      <pre>bash# grep initdefault /etc/inittab id:0:initdefault:</pre>
      • Re: POSTFIX AMAVIS SPAMASSASSIN CLAMAV 20.03.2007 | 03:48
        Avatar superlamer Debian RedHat FreeBSD  Používateľ
        ==============
         Spamassassin
        ==============
        
        Nainstalovat spamassassin:
        
        bash# apt-get install spamassassin
        
        V "/etc/default/spamassassin" nastavit:
        
        ENABLE=1
        
        Upravit "/etc/spamassassin/local.cf":
        
        trusted_networks - host,nets ktorym doverujeme (bezSPAMove)
        
        Pripadne pridat vlastne filtre.
        Vytvorit usera "filter" s domacim adresarom "/var/spool/filter":
        
        bash# addgroup filter
        bash# adduser -h /var/spool/filter -s /bin/bash -g filter \
        > -c "SPAM filter" --disabled-password filter
        
        Prihlasit sa pod tymto user a naucit spamassasin spam a ham:
        
        bash# su - filter
        bash$ sa-learn --ham [cesta_k_hamu]
        bash$ sa-learn --spam [cesta_k_spamu]
        
        *** Uprava konfigurakov pre "postfix"
        
        Do "/etc/postfix/main.cf" pridame:
        
        content_filter = smtp-amavis:[127.0.0.1]:10024
        
        Upravime "/etc/postfix/master.cf":
        
        smtp      unix  -       -       -       -       -       smtp
           -o content_filter=spamassassin:
        local     unix  -       n       n       -       -       local
           -o content_filter=
        smtp-amavis unix -      -       n       -      2       smtp
           -o smtp_data_done_timeout=1200
           -o disable_dns_lookups=yes
        127.0.0.1:10025 inet n  -       n       -      -       smtpd
           -o content_filter=
        spamassassin unix -     n       n       -      -       pipe
           user=filter argv=/usr/local/bin/filter.sh -f ${sender} -- ${recipient}
        
        Vytvorime skript "/usr/local/bin/filter.sh".
        
        ======
         SASL
        ======
        
        Nainstalujeme sasl2-bin a libsasl2-modules:
        
        bash# apt-get install sasl2-bin libsasl2-modules
        
        Vyeditujeme "/etc/default/saslauthd":
        
        START=yes
        MECHANISMS="shadow" - pam,shadow,sasldb: mechanizmus overovania
        
        Vytvorit subor "/etc/postfix/sasl/smptd.conf":
        
        pwcheck_method: saslauthd
        saslauthd_path: /var/run/saslauthd/mux (alebo kde to sasl ma)
        
        Nezabudnut na spustanie v "/etc/init.d/saslauthd": 
        
        bash# ln -s /etc/init.d/saslauthd /etc/rc2.d/S20saslauthd
        
        *** Uprava konfigurakov postfixu
        
        Do "/etc/postfix/main.cf" pridame:
        
        smtpd_sasl_auth_enable = yes
        smtpd_sasl_security_options = noanonymous
        smtpd_sasl_local_domain = $myhostname
        broken_sasl_auth_clients = yes
        
        Usera "postfix" pridat do skupiny "sasl" (tusim musi mat pravo
        na socket demona "saslauthd".)
        
        <pre>bash# grep initdefault /etc/inittab id:0:initdefault:</pre>
        • Re: POSTFIX AMAVIS SPAMASSASSIN CLAMAV 20.03.2007 | 03:51
          Avatar superlamer Debian RedHat FreeBSD  Používateľ
          ########################
          # /etc/postfix/main.cf #
          ########################
          
          queue_directory = /var/spool/postfix
          
          command_directory = /usr/sbin
          
          daemon_directory = /usr/lib/postfix
          
          mail_owner = postfix
          
          default_privs = nobody
          
          myhostname = mailfilter.vadium.sk
          
          mydomain = vadium.sk
          
          myorigin = $myhostname
          
          inet_interfaces = all
          
          unknown_local_recipient_reject_code = 550
          
          mynetworks = hash:/etc/postfix/network_table
          
          relay_domains = $transport_maps
          
          transport_maps = regexp:/etc/postfix/transport_maps
          
          alias_maps = hash:/etc/aliases
          
          mail_spool_directory = /var/mail
          
          smtpd_banner = $myhostname ESMTP $mail_name
          
          debugger_command =
          	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
          	 xxgdb $daemon_directory/$process_name $process_id & sleep 5
          
          content_filter = smtp-amavis:[127.0.0.1]:10024
          
          smtpd_sasl_auth_enable = yes
          
          smtpd_sasl_security_options = noanonymous
          
          smtpd_sasl_local_domain = $myhostname
          
          broken_sasl_auth_clients = yes
          
          smtpd_client_restrictions = check_client_access hash:/etc/postfix/client_access
                                      permit_mynetworks
                                      reject_rbl_client relays.ordb.org
                                      reject_rbl_client dnsbl.njabl.org
                                      reject_rbl_client sbl-xbl.spamhaus.org
                                      reject_rbl_client opm.blitzed.org
          
          smtpd_sender_rectriction = permit_mynetworks
                                     reject_non_fqdn_sender
                                     reject_unknown_sender_domain
                                     check_sender_access hash:/etc/sender_access
                                     reject_rhsbl_sender relays.ordb.org
                                     reject_rhsbl_sender opm.blitzed.org
                                     reject_rhsbl_sender sbl-xbl.spamhaus.org
                                     reject_rhsbl_sender dnsbl.njabl.org
          
          smtpd_recipient_restrictions = permit_sasl_authenticated
                                         permit_mynetworks
                                         check_recipient_access pcre:/etc/postfix/recipient_checks.pcre
                                         reject_rbl_client relays.ordb.org
                                         reject_rbl_client dnsbl.njabl.org
                                         reject_rbl_client sbl-xbl.spamhaus.org
                                         reject_rbl_client opm.blitzed.org
          			       reject_unauth_destination
          
          smptd_data_restriction =  reject_unauth_pipelining
          
          smtpd_helo_restrictions = check_helo_access hash:/etc/postfix/helo_access
                                    reject_invalid_hostname
          
          smtpd_helo_required = yes
                                   
          allow_untrusted_routing = no
          
          disable_vrfy_command = yes
          
          strict_rfc821_envelopes=yes
          
          delay_warning_time = 4
          
          maximal_queue_lifetime = 2
          
          queue_run_delay = 1000s
          
          bounce_size_limit = 50000
          
          header_size_limit = 102400
          
          line_length_limit = 2048
          
          message_size_limit = 4096000
          
          mailbox_size_limit = 51200000
          
          double_bounce_sender = double-bounce
          
          <pre>bash# grep initdefault /etc/inittab id:0:initdefault:</pre>
          • Re: POSTFIX AMAVIS SPAMASSASSIN CLAMAV 20.03.2007 | 03:53
            Avatar superlamer Debian RedHat FreeBSD  Používateľ
            ##########################
            # /etc/postfix/master.cf #
            ##########################
            
            smtp      inet  n       -       n       -       -       smtpd
               -o content_filter=spamassassin:
            pickup    fifo  n       -       -       60      1       pickup
            cleanup   unix  n       -       -       -       0       cleanup
            qmgr      fifo  n       -       -       300     1       qmgr
            rewrite   unix  -       -       -       -       -       trivial-rewrite
            bounce    unix  -       -       -       -       0       bounce
            defer     unix  -       -       -       -       0       bounce
            trace     unix  -       -       -       -       0       bounce
            verify    unix  -       -       -       -       1       verify
            flush     unix  n       -       -       1000?   0       flush
            proxymap  unix  -       -       n       -       -       proxymap
            smtp      unix  -       -       -       -       -       smtp
               -o content_filter=spamassassin:
            relay     unix  -       -       -       -       -       smtp
            showq     unix  n       -       -       -       -       showq
            error     unix  -       -       -       -       -       error
            local     unix  -       n       n       -       -       local
               -o content_filter=
            virtual   unix  -       n       n       -       -       virtual
            lmtp      unix  -       -       n       -       -       lmtp
            anvil     unix  -       -       n       -       1       anvil
            
            smtp-amavis unix -      -       n       -      2       smtp
               -o smtp_data_done_timeout=1200
               -o disable_dns_lookups=yes
            127.0.0.1:10025 inet n  -       n       -      -       smtpd 
               -o content_filter=
            spamassassin unix -     n       n       -      -       pipe
               user=filter argv=/usr/local/bin/filter.sh -f ${sender} -- ${recipient}
            
            maildrop  unix  -       n       n       -       -       pipe
              flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
            uucp      unix  -       n       n       -       -       pipe
              flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
            ifmail    unix  -       n       n       -       -       pipe
              flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
            bsmtp     unix  -       n       n       -       -       pipe
              flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient
            scalemail-backend unix	-	n	n	-	2	pipe
              flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
            
            
            ################################
            # /etc/postfix/sasl/smtpd.conf #
            ################################
            
            pwcheck_method: saslauthd
            saslauthd_path: /var/run/saslauthd/mux
            
            
            ##############################
            # /etc/spamassassin/local.cf #
            ##############################
            
            rewrite_header Subject *****SPAM*****
            required_score 4
            report_safe 1
            report_contact root@vadium.sk
            trusted_networks 213.151.252.
            rewrite_subject 1
            use_bayes 1
            bayes_auto_learn 1
            skip_rbl_checks 0
            use_razor2 0
            use_pyzor 0
            use_dcc 0
            auto_learn 1
            
            score RCVD_IN_BL_SPAMCOP_NET 4
            score RCVD_IN_DSBL 2
            
            score BAYES_00 -1.0
            
            
            ############################
            # /usr/local/bin/filter.sh #
            ############################
            
            #!/bin/sh
            #
            # spamc.sh
            #
            # Simple filter to plug SpamAssassin
            # into the Postfix MTA, using the spamc / spamd
            # daemon version of SpamAssassin.
            #
            
            # File locations:
            INSPECT_DIR=/var/spool/filter
            SENDMAIL="/usr/sbin/sendmail -i"
            SPAMC=/usr/bin/spamc
            SASSASSIN=/usr/bin/spamassassin
            
            # Exit codes from <sysexits.h>
            EX_TEMPFAIL=75
            EX_UNAVAILABLE=69
            
            cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }
            
            # Clean up when done or when aborting.
            trap "rm -f in.$$ out.$$" 0 1 2 3 15
            
            # Write raw input to a temp file before sending to spamc:
            # (spamc doesn't seem to like taking input from a pipe)
            cat > in.$$
            $SPAMC < in.$$ 2>/dev/null > out.$$
            $SENDMAIL "$@" < out.$$
            
            exit $?
            
            
            #############################
            # /usr/local/etc/clamd.conf #
            #############################
            
            LocalSocket /var/run/clamav/clamd.ctl
            FixStaleSocket
            User clamav
            AllowSupplementaryGroups
            ScanMail
            ScanArchive
            ArchiveMaxRecursion 5
            ArchiveMaxFiles 1000
            ArchiveMaxFileSize 10M
            ArchiveMaxCompressionRatio 250
            ReadTimeout 180
            MaxThreads 12
            MaxConnectionQueueLength 15
            LogFile /var/log/clamav/clamav.log
            LogTime
            LogFileMaxSize 0
            PidFile /var/run/clamav/clamd.pid
            DatabaseDirectory /usr/local/lib
            SelfCheck 3600
            ScanOLE2
            ScanPE
            DetectBrokenExecutables
            ScanHTML
            ArchiveBlockMax
            
            
            #################################
            # /usr/local/etc/freshclam.conf #
            #################################
            
            DatabaseOwner clamav
            UpdateLogFile /var/log/clamav/freshclam.log
            LogFileMaxSize 0
            MaxAttempts 5
            Checks 24
            DatabaseMirror db.sk.clamav.net
            DatabaseMirror database.clamav.net
            DatabaseDirectory /usr/local/lib
            NotifyClamd
            DNSDatabaseInfo current.cvd.clamav.net
            
            <pre>bash# grep initdefault /etc/inittab id:0:initdefault:</pre>
            • Re: POSTFIX AMAVIS SPAMASSASSIN CLAMAV 24.07.2007 | 11:00
              Avatar Tomáš Srnka Barz čo, už asi všetko  Administrátor
              mozno by to nebolo zle spravit ako clanok/serial, ak by sa ti chcelo, bolo by to fajn (teda ak by sa tam pridali dake vysvetlenia, opisy).
              Dlho som robil linuxos.sk, neskôr založil vpsFree.cz, posledných pár rokov ako tech. riaditeľ vo Websupporte
              • Re: POSTFIX AMAVIS SPAMASSASSIN CLAMAV 25.07.2007 | 03:25
                Avatar superlamer Debian RedHat FreeBSD  Používateľ
                hmmm moze byt...
                <pre>bash# grep initdefault /etc/inittab id:0:initdefault:</pre>
                • Re: POSTFIX AMAVIS SPAMASSASSIN CLAMAV 25.07.2007 | 16:43
                  Avatar nipo Ubuntu 9.04  Používateľ
                  Rozsiahla tema :-)

                  mozno by este stalo za spomenutie: Razor, Pyzor, DCC atd atd :-)
                • Re: POSTFIX AMAVIS SPAMASSASSIN CLAMAV 25.07.2007 | 19:29
                  Avatar Tomáš Srnka Barz čo, už asi všetko  Administrátor
                  ozvi sa mi prosim na mail/ICQ dohodli by sme podrobnosti
                  Dlho som robil linuxos.sk, neskôr založil vpsFree.cz, posledných pár rokov ako tech. riaditeľ vo Websupporte
            • Re: POSTFIX AMAVIS SPAMASSASSIN CLAMAV 26.05.2008 | 12:06
              Avatar uid0 Debian  Používateľ
              velice pekne, len ten chroot si nemusel vypinat

              dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
              Debian. apt-get into it…
    • Re: POSTFIX AMAVIS SPAMASSASSIN CLAMAV 20.03.2007 | 14:27
      jako   Návštevník
      dikes za rady aj pekny mini howto...

      takze vyzera ze sa mi to nakoniec vsetko podarilo rozbehat, jupiiii hip hip huraaa
      vdaka vam vsetkym co ste mi radili...

      Akurat ma znepokojuje jedna hlaska v logu:
      Mar 20 13:16:03 korab amavis[18227]: (18227-01) (!!) ClamAV-clamd av-scanner FAILED: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: nen\303\255 souborem ani adres\303\241\305\231em) at (eval 44) line 268.
      Mar 20 13:16:03 korab amavis[18227]: (18227-01) (!!) WARN: all primary virus scanners failed, considering backups
      

      Ale divne je ze to funguje, teda poslem napr. test vir majl eicar.com
      tak mi emajl nedoruci prijemcovi ale posle ho postamster-ovi s hlaskou ze je infikovany
      Skusim poslat SPAM email: tento http://spamassassin.apache.org/gtube/gtube.txt
      tak takisto, nedoruci ho prijemcovi ale posle ho mne, mno teda postmastrovi

      Tak co potom znamena ta hlaska v logu?
      Dikes
      • Re: POSTFIX AMAVIS SPAMASSASSIN CLAMAV 20.03.2007 | 19:38
        Avatar superlamer Debian RedHat FreeBSD  Používateľ
        skontroluj pristupove prava
        <pre>bash# grep initdefault /etc/inittab id:0:initdefault:</pre>
        • Re: POSTFIX AMAVIS SPAMASSASSIN CLAMAV 20.03.2007 | 21:22
          jako   Návštevník
          pristupove prava coho?
          • Re: POSTFIX AMAVIS SPAMASSASSIN CLAMAV 21.03.2007 | 13:01
            Avatar superlamer Debian RedHat FreeBSD  Používateľ
            no ved to mas v logu...
            <pre>bash# grep initdefault /etc/inittab id:0:initdefault:</pre>
      • Re: POSTFIX AMAVIS SPAMASSASSIN CLAMAV 24.07.2007 | 09:02
        Avatar nipo Ubuntu 9.04  Používateľ
        Zjavne ti spatne ukazuju cesty na primarny antivirus t.j. clamav

        takze edit: /etc/amavisd.conf a najst sekciu kde je Clamav ako primar (demon) a skontrolovat cestku k demonu

        Iny sposob:

        spusti amavisd v debug mode a on ti to vypise na obrazofku ;-)

        # /usr/local/bin/amavisd debug
    • Re: POSTFIX AMAVIS SPAMASSASSIN CLAMAV 24.07.2007 | 02:04
      ondro   Návštevník
      Zdarec pozeram tu na to a ucim sa, ale moze mi niekto vysvetlit na co sluzi toto?
      ############################
      # /usr/local/bin/filter.sh #
      ############################
      
      #!/bin/sh
      #
      # spamc.sh
      #
      # Simple filter to plug SpamAssassin
      # into the Postfix MTA, using the spamc / spamd
      # daemon version of SpamAssassin.
      #
      
      # File locations:
      INSPECT_DIR=/var/spool/filter
      SENDMAIL="/usr/sbin/sendmail -i"
      SPAMC=/usr/bin/spamc
      SASSASSIN=/usr/bin/spamassassin
      
      # Exit codes from <sysexits.h>
      EX_TEMPFAIL=75
      EX_UNAVAILABLE=69
      
      cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }
      
      # Clean up when done or when aborting.
      trap "rm -f in.$$ out.$$" 0 1 2 3 15
      
      # Write raw input to a temp file before sending to spamc:
      # (spamc doesn't seem to like taking input from a pipe)
      cat > in.$$
      $SPAMC < in.$$ 2>/dev/null > out.$$
      $SENDMAIL "$@" < out.$$
      
      exit $?
      

      a este toto v master.cf
      spamassassin unix -     n       n       -      -       pipe
         user=filter argv=/usr/local/bin/filter.sh -f ${sender} -- ${recipient}
      

      nechapem na co to ma sluzit?