1、安装amavisd-new

shell

# yum install amavisd-new

设置相关目录权限:

 

shell

# chown -R amavis.amavis /var/spool/vscan/ 2、配置SpamAssassin

Amavisd-new 通过Mail::SpamAssassin 模块来调用SA的功能,因此这里配置SA和常规配置SA软件有些区别,主要集中在修改local.cf文件上。

增加中文规则: 用于处理中文(简体)垃圾邮件。

 

shell

# wget -N -P /usr/share/spamassassin www.ccert.edu.cn/spam/sa/Chinese_rules.cf

设置规则自动更新:

 

shell

# /usr/bin/crontab -e

然后输入如下的内容:

0 0 1 * * wget -N -P /usr/share/spamassassin www.ccert.edu.cn/spam/sa/Chinese_rules.cf; /etc/init.d/amavisd restart

存盘退出即可。最后运行以下调试命令以确认amavisd没有错误:

 

shell

# /usr/sbin/amavisd -c /etc/amavisd/amavisd.conf debug

如果没有异常提示或报错退出则表示一切都正常,按ctrl+c终止,然后正常启动,若提示pid不存在等错误,不必理会。

设置amavisd开机自启:

 

shell

# service amavisd start
# chkconfig amavisd on 3、配置ClamAV

安装ClamAV

 

shell

# yum install clamd

编辑clamd.conf文件

 

shell

# vi /etc/clamd.conf

去掉 ‘LocalSocket /var/run/clamav/clamd.sock’的注释,并注释掉 ‘TCPSocket 3310’,我们将使用unix socket而不是TCP,两者不可并存。
变动内容见下:

# Default: disabledLocalSocket /var/run/clamav/clamd.sock#TCPSocket 3310

设置相关目录权限:
将clamav加到amavis运行组里,并调整目录权限,否则clamav将无法扫描amavisd-new产生的临时文件

 

shell

# gpasswd -a clamav amavis
# usermod -G amavis clamav
# chown amavis.amavis /var/spool/vscan
# chmod 750 /var/spool/vscan
# chown amavis.amavis /var/spool/vscan/tmp
# chmod 750 /var/spool/vscan/tmp

默认的/var/spool/vscan 目录属性是:

drwxr-x--- 5 amavis amavis

对于clamav用户而言,则无任何权限访问该目录,因此maillog里amavisd-new会提示:

May 19 08:38:53 as3 amavis[1752]: (01752-01) ask_av (ClamAV-clamd) FAILED - unexpected result: /var/spool/vscan/tmp/amavis-20050519T083853-01752/parts: Access denied. ERROR\nMay 19 08:38:53 as3 amavis[1752]: (01752-01) WARN: all primary virus scanners failed, considering backups

启动ClamAV及freshclam开机自启:

 

shell

# service clamd start
# freshclam –daemon
4、配置amavisd.con文件

修改amavisd.conf

 

shell

# vi /etc/amavisd.conf

修改的主要参数如下:

$mydomain = 'extmail.org';$db_home = "$MYHOME/db";$lock_file = "$MYHOME/amavisd.lock"; # -L$pid_file = "$MYHOME/amavisd.pid"; # -P$myhostname = 'mail.extmail.org';@local_domains_maps = qw(.);@mynetworks = qw( 127.0.0.0/8 );对本地发出的邮件不进行内容过滤$policy_bank{'MYNETS'} = { # mail originating from @mynetworks originating => 1, # is true in MYNETS by default, but let's make it explicit os_fingerprint_method => undef, # don't query p0f for internal clients allow_disclaimers => 1, # enables disclaimer insertion if available bypass_spam_checks_maps => [1], bypass_banned_checks_maps => [1], bypass_header_checks_maps => [1],}; $sa_spam_modifies_subj = 0; # 当邮件被认为是垃圾邮件时,是否修改邮件的主题$remove_existing_x_scanned_headers= 1; # 凡是经过 Amavisd 过滤的邮件,都会在邮件头中被加入一行邮件头信息$remove_existing_spam_headers = 1;# 修改投递/拦截的方法:$final_virus_destiny = D_DISCARD;$final_banned_destiny = D_DISCARD;$final_spam_destiny = D_PASS;$final_bad_header_destiny = D_PASS;# 配置Amavisd与Clamav结合['ClamAV-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],);@av_scanners_backup = ( ['ClamAV-clamscan', 'clamscan', "--stdout --no-summary -r --tempdir=$TEMPBASE {}", [0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],);

amavisd.conf常用参数说明:

$max_servers = 10; 设置最大可使用的进程数$sa_spam_subject_tag = '[SPAM] '; 加 [SPAM] 标记$mydomain = 'mail.extmail.org'; 设置域名$myhostname = 'mail.extmail.org'; 设置主机名@local_domains_maps = qw(.); 对所有的域检查$sa_tag2_level_deflt = 5.0; 超过这个分数,允许在邮件标题加入[SPAM] 标记$sa_kill_level_deflt = 5.0; 超过这个分数,直接將信件备份后删除$final_virus_destiny: 检测到病毒时的动作 $final_banned_destiny: 检测到受禁止的内容时的动作 $final_spam_destiny: 检测到垃圾邮件、广告邮件(spam)时的动作 $final_bad_header_destiny: 检测到不良信件时的动作 默认有以下几种动作: D_PASS: 无论信件是否有问题,都会将信件发给收件人 D_DISCARD: 信件将被丢弃,并且不会告知收件人及发件人 D_BOUNCE: 信件不会发送给收件人,但会通知发件人邮件没有被投递 D_REJECT: 邮件不会被投递给收件人,但会通知发件人邮件被拒绝

注意事项:

上述$mydomain参数与$myhostname参数相同,主要是为了方便之后的病毒/垃圾汇报邮件发给系统管理员时,能投递到本地的别名里,再转交到虚拟域的特定用户。

5、配置Postfix 集成amavisd-new

增加邮件别名

 

shell

# vi /etc/postfix/aliases

增加如下信息,注意:默认的aliases数据库里已有一条virusalert的别名,请删除,再输入下面的别名记录,并确保所有记录都是唯一的:

virusalert: rootspam.police: rootpostfix: test@extmail.org

保存并执行newaliases命令生成新的别名数据库,重新启动amavisd:

 

shell

# newaliases
# service amavisd restart

编辑master.cf文件:

 

shell

# vi /etc/postfix/master.cf

增加如下内容:

smtp-amavis unix - - n - 3 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=10127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks

编辑main.cf文件:

 

shell

# vi /etc/postfix/main.cf

增加如下内容:

# Content-Filtercontent_filter = smtp-amavis:[127.0.0.1]:10024receive_override_options = no_address_mappings

注意:receive_override_options 这里必须增加,禁止地址展开/影射,否则如果遇到别名的时候会引起冗余邮件的产生。

重启postfix :

 

shell

# service postfix restart

重新启动amavisd:

 

shell

# service amavisd restart 6、测试Clamav

shell

# telnet localhost 25

其过程如下:

Trying 127.0.0.1...Connected to localhost.localdomain (127.0.0.1).Escape character is '^]'.220 mail.extmail.org ESMTP Postfix - by extmail.orgmail from:<postmaster@extmail.org> << 输入内容250 2.1.0 Okrcpt to:<test@extmail.org> << 输入内容250 2.1.5 Okdata << 输入内容354 End data with .X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* << 输入内容.250 2.0.0 Ok: queued as BC24E85260quit << 输入内容221 2.0.0 ByeConnection closed by foreign host.

在邮件日志里,应该有相应的信息出现:

Mar 22 06:43:15 localhost amavis[15405]: (15405-01) Blocked INFECTED (Eicar-Test-Signature), [192.168.0.235] ->, quarantine: virus-mI6vbjkWZ2Tz, Message-ID: <003401c88c1a$74706360$eb00a8c0@nbk00045>, mail_id: mI6vbjkWZ2Tz, Hits: -, size: 1757, 474 ms

如果看到类似这样的日志,表明Clamav+Amavisd-new工作正常。