通過上一篇“ CentOS4.4下郵件伺服器架設筆記之基本功能實作”,至此,我們已經擁有一台可以正常收發MAIL的伺服器了,但其功能較少,不具備防毒,防垃圾功效。本篇主要實作添加此功能!且添加了對郵件流量的監控功能! 1.安裝clamav防病毒軟體; [[email protected] ~]# yum install clamav
Dependencies Resolved =============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
clamav i386 0.91.2-1.el4.rf dag 1.1 M
Installing for dependencies:
clamav-db i386 0.91.2-1.el4.rf dag 10 M Transaction Summary
=============================================================================
Install 2 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 11 M
Is this ok [y/N]: y
Downloading Packages:
Downloading Packages:
(1/2): clamav-0.91.2-1.el 100% |=========================| 1.1 MB 02:31
(2/2): clamav-db-0.91.2-1 100% |=========================| 10 MB 21:27
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: clamav-db ######################### [1/2]
Installing: clamav ######################### [2/2] Installed: clamav.i386 0:0.91.2-1.el4.rf
Dependency Installed: clamav-db.i386 0:0.91.2-1.el4.rf
Complete! 上面clamav也可手工下載下傳到: [url]http://www.baxitek.com/pub/clamav/[/url] wget [url]http://www.baxitek.com/pub/clamav/clamav-db-0.91.2-1.i386.rpm[/url] wget [url]http://www.baxitek.com/pub/clamav/clamav-0.91.2-1.i386.rpm[/url] 2.更新防毒軟體病毒定義; [[email protected] ~]# /usr/bin/freshclam
ClamAV update process started at Fri Aug 31 18:55:00 2007
Downloading daily.cvd [100%]
daily.cvd updated (version: 4110, sigs: 16448, f-level: 21, builder: acab)
Database updated (149611 signatures) from db.cn.clamav.net (IP: 58.221.222.69)
WARNING: Clamd was NOT notified: Can't find or parse configuration file /etc/clamd.conf 3.鑒于上面更新病毒碼的警告資訊:是因為通過yum RPM包方式安裝的clamav時,所生成的配置檔案,不在/etc目錄下,且檔案名叫clamav.conf,按下面操作: [[email protected] etc]# find / -name clam*
find: /proc/801/task: No such file or directory
find: /proc/802/task: No such file or directory
find: /proc/803/task: No such file or directory
find: /proc/928/task: No such file or directory
find: /proc/936/task: No such file or directory
/etc/log.d/conf/services/clamav.conf
[[email protected] etc]# cp /etc/log.d/conf/services/clamav.conf /etc/clamd.conf
4.安裝spamassassin防垃圾軟體; [[email protected] ~]# yum -y install spamassassin
Dependencies Resolved =============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
spamassassin i386 3.2.3-1.el4.rf dag 1.0 M
Installing for dependencies:
perl-Archive-Tar noarch 1.32-1.el4.rf dag 47 k
perl-Digest-HMAC noarch 1.01-13 base 11 k
perl-Digest-SHA1 i386 2.07-5 base 19 k
perl-IO-Socket-SSL noarch 1.07-2.el4.rf dag 43 k
perl-IO-Zlib noarch 1.05-1.el4.rf dag 15 k
perl-Net-DNS i386 0.61-1.el4.rf dag 271 k
perl-Net-IP noarch 1.25-1.el4.rf dag 30 k
perl-Net-SSLeay i386 1.30-4.el4.centos extras 198 k
perl-Time-HiRes i386 1.55-3 base 22 k
Updating for dependencies:
perl-HTML-Parser i386 3.55-1.el4.rf dag 140 k Transaction Summary
=============================================================================
Install 10 Package(s)
Update 1 Package(s)
Remove 0 Package(s)
Total download size: 1.8 M
Downloading Packages:
(1/11): perl-HTML-Parser- 100% |=========================| 140 kB 00:24
(2/11): perl-Digest-HMAC- 100% |=========================| 11 kB 00:05
(3/11): perl-Net-DNS-0.61 100% |=========================| 271 kB 00:35
(4/11): perl-Net-SSLeay-1 100% |=========================| 198 kB 00:06
(5/11): perl-Digest-SHA1- 100% |=========================| 19 kB 00:04
(6/11): perl-Net-IP-1.25- 100% |=========================| 30 kB 00:06
(7/11): perl-Time-HiRes-1 100% |=========================| 22 kB 00:04
(8/11): perl-IO-Socket-SS 100% |=========================| 43 kB 00:06
(9/11): perl-Archive-Tar- 100% |=========================| 47 kB 00:07
(10/11): spamassassin-3.2 100% |=========================| 1.0 MB 02:19
(11/11): perl-IO-Zlib-1.0 100% |=========================| 15 kB 00:02
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: perl-Digest-SHA1 ####################### [ 1/12]
Updating : perl-HTML-Parser ####################### [ 2/12]
Installing: perl-Digest-HMAC ####################### [ 3/12]
Installing: perl-IO-Zlib ####################### [ 4/12]
Installing: perl-Archive-Tar ####################### [ 5/12]
Installing: perl-Time-HiRes ####################### [ 6/12]
Installing: perl-Net-IP ####################### [ 7/12]
Installing: perl-Net-DNS ####################### [ 8/12]
Installing: perl-Net-SSLeay ####################### [ 9/12]
Installing: perl-IO-Socket-SSL ####################### [10/12]
Installing: spamassassin ####################### [11/12]
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_US.en"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_US.en"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
Cleanup : perl-HTML-Parser ####################### [12/12] Installed: spamassassin.i386 0:3.2.3-1.el4.rf
Dependency Installed: perl-Archive-Tar.noarch 0:1.32-1.el4.rf perl-Digest-HMAC.noarch 0:1.01-13 perl-Digest-SHA1.i386 0:2.07-5 perl-IO-Socket-SSL.noarch 0:1.07-2.el4.rf perl-IO-Zlib.noarch 0:1.05-1.el4.rf perl-Net-DNS.i386 0:0.61-1.el4.rf perl-Net-IP.noarch 0:1.25-1.el4.rf perl-Net-SSLeay.i386 0:1.30-4.el4.centos perl-Time-HiRes.i386 0:1.55-3
Dependency Updated: perl-HTML-Parser.i386 0:3.55-1.el4.rf
Complete!
[[email protected] ~]# 5.針對上面紅色字型的告警資訊,我們修改一下/etc/sysconfig/i18n檔案,如果不修改在安裝MailScanner時候,每次重新啟動都提示,但是暫不知道有沒有什麼其它的影響! [[email protected] ~]# vi /etc/sysconfig/i18n 添加以下指令行: LC_ALL="C" 并将:
改為: 6.接下來我們安裝MailScanner,首先我們要下載下傳,可以到官方網上下,位址: [url]http://www.mailscanner.info/[/url]上下載下傳。 [[email protected] tmp]# wget
--16:40:51-- [url]http://www.mailscanner.info/files/4/rpm/MailScanner-4.62.9-3.rpm.tar.gz[/url]
=> `MailScanner-4.62.9-3.rpm.tar.gz'
Resolving [url]http://www.mailscanner.info/[/url]... 81.17.252.15
Connecting to [url]http://www.mailscanner.info/[/url]|81.17.252.15|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4,239,584 (4.0M) [application/x-gzip] 100%[====================================>] 4,239,584 6.74K/s ETA 00:00 16:50:54 (6.88 KB/s) - `MailScanner-4.62.9-3.rpm.tar.gz' saved [4239584/4239584]
[[email protected] tmp]# tar zxvf MailScanner-4.62.9-3.rpm.tar.gz #解壓縮此包 [[email protected] tmp]# cd MailScanner-4.62.9-3
[[email protected] MailScanner-4.62.9-3]# ./install.sh #此過程較長,此時可以喝一杯去,哈哈!
Good. You have the patch command. Good, you have /usr/src/redhat in place. Writing a .rpmmacros file in your home directory to stop
unpackaged files breaking the build process.
You can delete it once MailScanner is installed if you want to.
Now to install MailScanner itself. NOTE: If you get lots of errors here, run the install.sh script
NOTE: again with the command "./install.sh nodeps" Preparing... ########################################### [100%]
1:mailscanner ########################################### [100%]
Good, SpamAssassin site rules found in /etc/mail/spamassassin To activate MailScanner run the following commands: service sendmail stop
chkconfig sendmail off
chkconfig --level 2345 MailScanner on
service MailScanner start For technical support, please read the MAQ at [url]www.mailscanner.biz/maq/[/url]
and buy the book at [url]www.mailscanner.info/store[/url] ----------------------------------------------------------
Please buy the MailScanner book from [url]http://www.mailscanner.info/[/url]!
It is a very useful administration guide and introduction
to MailScanner. All the proceeds go directly to making
MailScanner a better supported package than it is today.
7.配置MainScanner及設定POSTFIX使用MailScanner調用clamav及SA;(紅色字為待修改,綠色為修改後的内容. [[email protected] MailScanner-4.62.9-3]# vi /etc/MailScanner/MailScanner.conf
%org-name% = yoursite
%org-name% = centosmail %org-long-name% = Your Organisation Name Here %org-long-name% = CentosMail_Leeki.Yan %web-site% =
%web-site% =
Run As User =
Run As User = postfix Run As Group =
Run As Group = postfix
Incoming Queue Dir = /var/spool/mqueue.in
Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/mqueue
Outgoing Queue Dir = /var/spool/postfix/incoming MTA = sendmail
MTA = postfix
Virus Scanners = auto
Virus Scanners = clamav Always Include SpamAssassin Report = no Always Include SpamAssassin Report = yes
SpamAssassin User State Dir =
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin Incoming Work User =
Incoming Work Group =
Incoming Work User = postfix Incoming Work Group = postfix SpamAssassin Install Prefix =
SpamAssassin Install Prefix = /usr/bin Quarantine User =
Quarantine Group =
Quarantine User = postfix Quarantine Group = postfix [[email protected] MailScanner-4.62.9-3]# vi /etc/MailScanner/MailScanner.conf
[[email protected] MailScanner-4.62.9-3]# cd /var/spool/MailScanner/
[[email protected] MailScanner]# ls -al
total 20
drwxr-xr-x 4 root root 4096 Aug 31 20:34 .
drwxr-xr-x 16 root root 4096 Aug 31 20:34 ..
drwxr-xr-x 8 root root 4096 Aug 31 21:01 incoming
drwxr-xr-x 2 root root 4096 Aug 31 20:34 quarantine
[[email protected] MailScanner]# mkdir spamassassin
[[email protected] MailScanner]# mkdir .spamassassin
[[email protected] MailScanner]# chown -R postfix:postfix /var/spool/MailScanner12 * * * /usr/bin/freshclam --quiet -l /var/log/clamav/freshclam.log 表每各12小時更新一次 b.設定spamassassin,支援CCERT中文垃圾郵件過濾規則集及自動更新 [[email protected] tmp]# wget -N -P /usr/share/spamassassin [url]www.ccert.edu.cn/spam/sa/Chinese_rules.cf[/url]
[[email protected] tmp]# crontab -e
把下面一行複制到裡面,進行自動更新規則
0 0 1 * * wget -N -P /usr/share/spamassassin [url]www.ccert.edu.cn/spam/sa/Chinese_rules.cf[/url]; /etc/rc.d/init.d/spamassassin restart
# sa-learn --sync -D -p user_prefs (建立學習系統)
#sa-learn --dump all(檢視自學習的資料資訊) 13.至此防毒防垃圾功能都已實作,别特别注意一點: MailScanner.conf中其中有一個參數 原始值:SpamAssassin Local Rules Dir = 此參數網上很多參考的文檔設定為: SpamAssassin Local Rules Dir =/etc/MailScanner 本人暫不推薦設定此參數,因為我在安裝的時候發現,按照網上相關網關設定的後,郵件全部卡在隊列裡,日志裡總重報如下資訊,卻沒有報錯資訊,郁悶啊! Aug 25 22:58:27 mail MailScanner[5619]: Using SpamAssassin results cache
Aug 25 22:58:27 mail MailScanner[5619]: Connected to SpamAssassin cache database
Aug 25 22:58:27 mail MailScanner[5619]: Enabling SpamAssassin auto-whitelist functionality...
Aug 25 22:58:30 mail MailScanner[5620]: MailScanner E-Mail Virus Scanner version 4.62.9 starting...
Aug 25 22:58:30 mail MailScanner[5620]: Read 794 hostnames from the phishing whitelist
Aug 25 22:58:30 mail MailScanner[5620]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp
Aug 25 22:58:32 mail MailScanner[5620]: Using SpamAssassin results cache
Aug 25 22:58:32 mail MailScanner[5620]: Connected to SpamAssassin cache database
Aug 25 22:58:32 mail MailScanner[5620]: Enabling SpamAssassin auto-whitelist functionality...
Aug 25 22:58:35 mail MailScanner[5626]: MailScanner E-Mail Virus Scanner version 4.62.9 starting...
Aug 25 22:58:35 mail MailScanner[5626]: Read 794 hostnames from the phishing whitelist
Aug 25 22:58:36 mail MailScanner[5626]: SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp
檢視隊列發現:無論是發信還是收信,郵件全部卡在隊列裡:測試發和收,都會被卡在隊列裡
[[email protected] incoming]# mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
695912341DA! 5535 Sat Aug 25 22:55:59 [email][email protected][/email]
[email][email protected][/email]
07D6B2341D8! 11042 Sat Aug 25 22:34:34 [email][email protected][/email]
[email][email protected][/email]
BEEBD2341D9! 2085 Sat Aug 25 23:00:58 [email][email protected][/email]
[email][email protected][/email]
-- 18 Kbytes in 3 Requests.
為此花掉三個日日夜夜排錯!别提多慘啦!至此所需防毒防垃圾及流量監控都已實作!其它相關進階設定及優化,待總結。。。。