/ 中存储网

Sendmail过滤垃圾邮件的安全加固设置

2014-07-13 20:07:54 来源:中存储网

    Sendmail+SASL+TLS+MIMEdefang+Clamav+Spamassassin

    注:我的系统平台是RedHat9.0;本文是另一篇文章“Sendmail+SASL+TLS”基础上的续篇

    转载请注明出处:http://marion.cublog.cn

    一、前提

    1.安装Spamassassin需要如下软中大多的支持,请自行到

    http://search.cpan.org

    搜索、下载并安装。安装均按照如下步骤即可:

    #tar zxvf 软件包.tar.gz

    #cd 软件包

    #perl Makefile.PL

    #make

    #make install

    说明:某些软件包安装的过程中可能需要已经列出的其它软件包的支持(可以先尝试安装Spamassassin,然后按提示补充所需软件包),请安照提示自行调整安装顺序。另外,其中有个软件包安装过程中可能要求声明环境变量LC_ALL,此时,可输入如下命令,并重新进行软件包的编译安装即可。

    #export LC_ALL=C

    Archive-Tar-1.30.tar.gz

    HTML-Parser-3.56.tar.gz

    IP-Country-2.23.tar.gz

    MIME-Base64-3.07.tar.gz

    Net_SSLeay.pm-1.30.tar.gz

    DB_File-1.815.tar.gz

    IO-Socket-INET6-2.51.tar.gz

    MIME-tools-5.420.tar.gz

    Mail-SpamAssassin-3.1.8.tar.gz

    Storable-2.15.tar.gz

    libnet-1.19.tar.gz

    DBI-1.54.tar.gz

    IO-Socket-SSL-1.03.tar.gz

    Net-DNS-0.59.tar.gz

    Time-HiRes-1.9707.tar.gz

    Digest-1.15.tar.gz

    IO-stringy-2.110.tar.gz

    Mail-SPF-Query-1.999.1.tar.gz

    Net-Ident-1.20.tar.gz

    Digest-SHA1-2.11.tar.gz

    IO-Zlib-1.05.tar.gz

    MailTools-1.74.tar.gz

    razor-agents-2.82.tar.bz2

    二、安装Spamassassin

    1.下载安装

    地址:

    http://mirror.olnevhost.net/pub/ ... sassin-3.1.8.tar.gz

    Razor2:

    http://nchc.dl.sourceforge.net/s ... agents-2.82.tar.bz2

    #tar zxvf Mail-SpamAssassin-3.1.8.tar.gz

    #cd Mail-SpamAssassin-3.1.8

    #perl Makefile.PL

    #make

    #make install

    2.编辑主配置文件/etc/mail/spamassassin/local.cf

    required_hits 10.0

    rewrite_subject 1

    required_score 5.0

    rewrite_header Subject *****SPAM*****

    report_safe 1

    use_bayes 1

    bayes_auto_learn 1

    skip_rbl_checks 1

    use_razor2 0

    use_pyzor 0

    ok_locales all

    3.测试spamassassin

    #spamassassin -t nonspam.out

    #spamassassin -t spam.out

    查看测试结果:

    #less nonspam.out

    #less spam.out

    4.检查配置文件

    #spamassassin -d --lint

    5.启动进程

    #/usr/bin/spamd -d

    也可以把此命令重定向到/etc/rc.local,以便随系统一起启动。

    三、安装查毒软件clamav

    1.下载安装

    # tar -zxvf clamav-0.90.1.tar.gz

    # cd clamav-0.90.1

    # grouadd clamav

    # useradd -g clamav -s /bin/false clamav

    # ./configure --sysconfdir=/etc/clamav

    # make

    # make check

    # make install

    2.编辑配置文件

    # vi /etc/clamav/clamav.conf

    给下面一行加上注释:

    Example

    去掉注释或更改下面行的值(大多数不用去注释,保持默认亦可)

      

      LogFile /var/log/clamd.log

      LogFileMaxSize 2M

      PidFile /var/clamav/clamd.pid

      DatabaseDirectory /usr/local/share/clamav

      LocalSocket /var/clamav/clamd.sock

      

      StreamSaveToDisk

      ScanMail

      ScanArchive

      

      ArchiveMaxFiles 1000

      MaxThreads 200

      MaxDirectoryRecursion 15

    # vi /etc/clamav/freshclam.conf

    给下面一行加上注释:

    Example

    3.更新病毒数据库

    手动更新

    #freshclam --quiet --stdout

    让clamav自动更新

    # crontab -e

    添加如下一行

    1 3 * * * /usr/local/bin/freshclam -quiet

    也可以通过以下方式实现自动更新

    #echo "/usr/local/bin/freshclam -d -c 2" >> /etc/rc.local

    4.调试启动clamav

    #/usr/local/bin/clamd

    5.测试对压缩文件的支持

    #/usr/local/bin/clamdscan

    /usr/local/bin/clamdscan

    /etc/clamav: OK

    ----------- SCAN SUMMARY -----------

    Infected files: 0

    Time: 0.032 sec (0 m 0 s)

    6.相关文件:

    升级log: /var/log/freshclam.log

    clamav log: /var/log/clamd.log

    配置文件: /etc/clamav/clamav.conf

    四、安装配置MIMIdefang

    1.说明:

    Sendmail8.13.0以前的版本默认不支持mail filters,如果你的Sendmail默认不支持的话,你需要重新编译安装Sendmail。在编译安装时只要在site.config.m4文件中添加如下两行即可:

    APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER')

    APPENDDEF(`conf_libmilter_ENVDEF', `-D_FFR_MILTER_ROOT_UNSAFE')

    同时,如果你是像我这样原码安装Sendmail的话,你还需要去编译安装Sendmail时的原码目录里的libmilter目录中编译安装libmilter,否则,安装MIMEdefang的过程会报错。

    #cd /usr/local/src/sendmail-8.14.0/libmilter

    #sh Build

    #sh Build install

    2.下载安装MIMEdefang

    地址:

    http://www.mimedefang.org/static/mimedefang-2.61.tar.gz

    #groupadd defang

    #useradd -g defang -s /sbin/nologin defang

    #tar xvzf mimedefang-2.61.tar.gz

    #./configure

    #make

    #make install

    #cp /usr/local/src/mimedefang-2.61/examples/init-script /etc/init.d/mimedefang

    3.编辑配置文件

    #vi /etc/mail/mimidefang-filter

    修改下列项的值为你需要的,其它各项也可以酌情修改:

    $AdminAddress = 'defang-admin@localhost';

    $AdminName = "MIMEDefang Administrator's Full Name";

    $DaemonAddress = '

    [email=postmaster@yourcompany.com]postmaster@yourcompany.com[/email]

    ';

    $DaemonName = 'Your Company Mail Server';

    测试配置文件是否有语法错误:

    #mimedefang.pl -test

    如果你自己定义的有其它filter文件,可以用如下命令测试其正确与否:

    #mimedefang.pl -f your-filter -test

    4.编辑/etc/mail/sendmail.mc文件,在mailer语句前添加mimedefang过滤:

    INPUT_MAIL_FILTER(`mimedefang',`S=unix:/var/spool/MIMEDefang/mimedefang.sock,F=T,T=S:60s;R:60s;E:5m')dnl

    重新生成/etc/mail/sendmail.cf文件

    #m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

    5.启动mimedefang

    #service mimedefang start

    如果过后重新修改了filter文件,可以用如下命令重新读取:

    #service mimedefang reread

    6.如果启动时提示找不到/var/spool/MIMEdefang/clamv.sock,可以修改/etc/clamv/clamd.conf文件中LocalSocket行为如下内容,并重新启动clamd即可

    LocalSocket /var/spool/MIMEDefang/clamd.sock

    五、确保以上服务启动以后,就可以重新启动Sendmail并测试发信了。

    1.启用outlook进行发信测试,在本机使用root帐户收信如下:

    From

    [email=redhat@benet.org]redhat@benet.org[/email]

     Sun Mar 25 12:19:51 2007

    From: "redhat"

    To:

    Subject: Test_MIMEdefang

    Date: Wed, 28 Mar 2007 12:38:56 +0800

    MIME-Version: 1.0

    Content-Type: multipart/alternative;

     boundary="----=_NextPart_000_001B_01C77136.0CEC64A0"

    X-Priority: 3

    X-MSMail-Priority: Normal

    X-Mailer: Microsoft Outlook Express 6.00.2900.3028

    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028

    X-Scanned-By: MIMEDefang 2.61 on 192.168.1.66

    This is a multi-part message in MIME format.

    ------=_NextPart_000_001B_01C77136.0CEC64A0

    Content-Type: text/plain;

     charset="gb2312"

    Content-Transfer-Encoding: base64

    VGVzdF9NSU1FZGVmYW5n

    ------=_NextPart_000_001B_01C77136.0CEC64A0

    Content-Type: text/html;

     charset="gb2312"

    Content-Transfer-Encoding: base64

    2.mail日志记录

    Mar 25 12:19:43 mail sendmail[1924]: STARTTLS=server, relay=[192.168.1.175], version=TLSv1/SSLv3, verify=NO, cipher=RC4-MD5, bits=128/128

    Mar 25 12:19:43 mail sendmail[1924]: AUTH=server, relay=[192.168.1.175], authid=redhat, mech=LOGIN, bits=0

    Mar 25 12:19:44 mail sendmail[1924]: l2P4JgR9001924: from=, size=1223, class=0, nrcpts=1, msgid=, proto=ESMTP, daemon=MTA-SSL, relay=[192.168.1.175]

    Mar 25 12:19:51 mail mimedefang.pl[1746]: MDLOG,l2P4JgR9001924,mail_in,,,,,Test_MIMEdefang

    Mar 25 12:19:51 mail sendmail[1924]: l2P4JgR9001924: Milter delete (noop): header: X-Spam-Score

    Mar 25 12:19:51 mail sendmail[1924]: l2P4JgR9001924: Milter add: header: X-Scanned-By: MIMEDefang 2.61 on 192.168.1.66

    Mar 25 12:19:51 mail imapd[1929]: imaps SSL service init from 192.168.1.175

    Mar 25 12:19:51 mail imapd[1929]: Login user=redhat host=[192.168.1.175]

    Mar 25 12:19:51 mail sendmail[1928]: l2P4JgR9001924: to=, ctladdr= (500/500), delay=00:00:07, xdelay=00:00:00, mailer=local, pri=31521, dsn=2.0.0, stat=Sent