特殊:Badtitle/NS100:PostfixAmavisNewClamAVSpamAssassin:修订间差异

来自Ubuntu中文
跳到导航跳到搜索
Wikibot留言 | 贡献
无编辑摘要
Wikibot留言 | 贡献
无编辑摘要
 
(未显示同一用户的4个中间版本)
第5行: 第5行:
This will detail setting up a complete mail server using the following: Ubuntu 5.10, Postfix, Courier, Amavis-new, [[UbuntuHelp:ClamAV|ClamAV]] and SpamAssassin.  The end result will send & receive email using sasl authentication, check incoming email vs the spamhaus.org known spammer list (optional), filter all incoming email through amavis-new which will then run virus scanning & also check for spam.  If viruses are found the email is dumped, if spam is found the subject is relabeled '***SPAM***'.  Postmaster is notified of both for monitoring & updating of rules.
This will detail setting up a complete mail server using the following: Ubuntu 5.10, Postfix, Courier, Amavis-new, [[UbuntuHelp:ClamAV|ClamAV]] and SpamAssassin.  The end result will send & receive email using sasl authentication, check incoming email vs the spamhaus.org known spammer list (optional), filter all incoming email through amavis-new which will then run virus scanning & also check for spam.  If viruses are found the email is dumped, if spam is found the subject is relabeled '***SPAM***'.  Postmaster is notified of both for monitoring & updating of rules.
A related article is on [[UbuntuHelp:Courier|Courier]], a more detailed guide by [http://flurdy.com/docs/postfix/ Ivar Abrahamsen on flurdy.com].
A related article is on [[UbuntuHelp:Courier|Courier]], a more detailed guide by [http://flurdy.com/docs/postfix/ Ivar Abrahamsen on flurdy.com].
This guide has also been tested on Ubuntu 7.10 Gutsy.
== Prerequisite ==
== Prerequisite ==
You must be comfortable on the command line & have a reasonable knowledge of the OS in order to accomplish this.  This is not for the faint of heart.
You must be comfortable on the command line & have a reasonable knowledge of the OS in order to accomplish this.  This is not for the faint of heart.
It is required to activate Universe and Multiverse repositories. Just follow this howto: [[UbuntuHelp:AddingRepositoriesHowto|AddingRepositoriesHowto]].
It is required to activate Universe and Multiverse repositories. Just follow this howto: [[UbuntuHelp:AddingRepositoriesHowto|AddingRepositoriesHowto]].
== Installation ==
== Installation ==
For beginning, install the main components of the mail system:
For beginning, install the main components of the mail system (For Ubuntu 7.10 Gutsy, you will need to replace libsasl2 with libsasl2-2):
<pre><nowiki>
<pre><nowiki>
sudo apt-get install postfix libsasl2 sasl2-bin libsasl2-modules libdb3-util procmail courier-authdaemon courier-imap courier-imap-ssl courier-pop courier-pop-ssl
sudo apt-get install postfix libsasl2 sasl2-bin libsasl2-modules libdb3-util procmail courier-authdaemon courier-imap courier-imap-ssl courier-pop courier-pop-ssl
第15行: 第16行:
Next install the filtering packages:
Next install the filtering packages:
<pre><nowiki>
<pre><nowiki>
sudo apt-get install amavisd-new spamassassin clamav-daemon clamav-freshclam
sudo apt-get install amavisd-new spamassassin clamav-daemon clamav-freshclam re2c
</nowiki></pre>
</nowiki></pre>
Install the optional packages for increased spam protection:
Install the optional packages for increased spam protection:
第27行: 第28行:
== Configuration ==
== Configuration ==
=== courier ===
=== courier ===
Courier comes fully configured out of the box. You should setup the Maildirs for the default user and in your existing folders. To do that, read here: [[Courier]]. '''Login to your local IMAP server may not work for uses that don't have a Maildir in their home folder.'''
Courier comes fully configured out of the box. You should setup the Maildirs for the default user and in your existing folders. To do that, read here: [[UbuntuHelp:Courier|Courier]]. '''Login to your local IMAP server may not work for uses that don't have a Maildir in their home folder.'''
The very abbreviated approach of creating a Maildir is:
The very abbreviated approach of creating a Maildir is:
<pre><nowiki>
<pre><nowiki>
第36行: 第37行:
=== postfix ===
=== postfix ===
Postfix will need a little bit of tweaking before we're done.  We'll want to use <code><nowiki>relay_host</nowiki></code> to relay outgoing mail through your ISP account (otherwise we'll get a lot of denied outgoing email) and also setup some authentication.  The last thing we want is to setup an open mail relay for use by spammers!
Postfix will need a little bit of tweaking before we're done.  We'll want to use <code><nowiki>relay_host</nowiki></code> to relay outgoing mail through your ISP account (otherwise we'll get a lot of denied outgoing email) and also setup some authentication.  The last thing we want is to setup an open mail relay for use by spammers!
Append the follwing to /etc/postfix/main.cf  
Append the following to /etc/postfix/main.cf
(relayhost definition should match your ISP smtp settings.  Contact them for specifics)
(relayhost definition should match your ISP smtp settings.  Contact them for specifics)
<pre><nowiki>
<pre><nowiki>
第48行: 第49行:
mail.your-isp.com username:password
mail.your-isp.com username:password
</nowiki></pre>
</nowiki></pre>
For Ubuntu 7.10 Gutsy, you will also need to comment out the mailbox_command directive in  /etc/postfix/main.cf so that it looks like this: #mailbox_command = procmail -a "$EXTENSION"
=== clamav ===
=== clamav ===
The default behaviour of clamav will fit our needs. A daemon is launched (clamd) and signatures are fetch every day. If you want to use clamav for mail filtering, check the configuration files in <code><nowiki>/etc/clamav</nowiki></code>.
The default behaviour of clamav will fit our needs. A daemon is launched (clamd) and signatures are fetch every day. If you want to use clamav for mail filtering, check the configuration files in <code><nowiki>/etc/clamav</nowiki></code>.
第54行: 第56行:
sudo useradd clamav --gid amavis
sudo useradd clamav --gid amavis
</nowiki></pre>
</nowiki></pre>
Ubuntu 7.10 Gutsy note: this step will fail as the clamav user was created when the packages were installed.  Add the clamav to the amavis group by editing /etc/groups you need to add the text 'amavis' to the line that starts 'clamav' so that it looks something like this: clamav:x:126:amavis.  The 126 will change from one system to another.
=== amavis ===
=== amavis ===
Now, activate spam detection and antivirus detection in amavis by editing <code><nowiki>/etc/amavis/conf.d/15-content_filter_mode</nowiki></code>:
Now, activate spam detection and antivirus detection in amavis by editing <code><nowiki>/etc/amavis/conf.d/15-content_filter_mode</nowiki></code>:
<pre><nowiki>
<pre><nowiki>
use strict;
use strict;
# You can modify this file to re-enable SPAM checking through spamassassin
# You can modify this file to re-enable SPAM checking through spamassassin
# and to re-enable antivirus checking.
# and to re-enable antivirus checking.
#
#
# Default antivirus checking mode
# Default antivirus checking mode
# Uncomment the two lines below to enable it back
# Uncomment the two lines below to enable it back
#
#
@bypass_virus_checks_maps = (
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
  \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
 
 
#
#
# Default SPAM checking mode
# Default SPAM checking mode
# Uncomment the two lines below to enable it back
# Uncomment the two lines below to enable it back
#
#
@bypass_spam_checks_maps = (
@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
  \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
 
1;  # insure a defined return
1;  # insure a defined return
</nowiki></pre>
</nowiki></pre>
第94行: 第104行:
-o disable_dns_lookups=yes
-o disable_dns_lookups=yes
-o max_use=20
-o max_use=20
127.0.0.1:10025 inet n - - - - smtpd
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o content_filter=
第122行: 第133行:
Reload postfix, and now, content filtering with spam and virus detection is enabled.
Reload postfix, and now, content filtering with spam and virus detection is enabled.
== Test ==
== Test ==
Test your default installation using the following code segment.  
Test your default installation using the following code segment.
<pre><nowiki>
<pre><nowiki>
telnet localhost 25
telnet localhost 25
第140行: 第151行:
data
data
Subject: First test of Postfix
Subject: First test of Postfix
Hi,
Hi,
Are you there?
Are you there?
第145行: 第157行:
Me
Me
. (Type the .[dot] in a new Line and press Enter )
. (Type the .[dot] in a new Line and press Enter )
quit  
quit
</nowiki></pre>
</nowiki></pre>
Note:  The blank line after Subject: is required to separate the email header section from the body.
----
----
[[category:CategoryDocumentation]]


[[category:UbuntuHelp]]
[[category:UbuntuHelp]]

2009年5月12日 (二) 18:26的最新版本

{{#ifexist: :PostfixAmavisNewClamAVSpamAssassin/zh | | {{#ifexist: PostfixAmavisNewClamAVSpamAssassin/zh | | {{#ifeq: {{#titleparts:PostfixAmavisNewClamAVSpamAssassin|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:PostfixAmavisNewClamAVSpamAssassin|1|-1|}} | zh | | }}

IN PROGRESS

Introduction

This will detail setting up a complete mail server using the following: Ubuntu 5.10, Postfix, Courier, Amavis-new, ClamAV and SpamAssassin. The end result will send & receive email using sasl authentication, check incoming email vs the spamhaus.org known spammer list (optional), filter all incoming email through amavis-new which will then run virus scanning & also check for spam. If viruses are found the email is dumped, if spam is found the subject is relabeled '***SPAM***'. Postmaster is notified of both for monitoring & updating of rules. A related article is on Courier, a more detailed guide by Ivar Abrahamsen on flurdy.com. This guide has also been tested on Ubuntu 7.10 Gutsy.

Prerequisite

You must be comfortable on the command line & have a reasonable knowledge of the OS in order to accomplish this. This is not for the faint of heart. It is required to activate Universe and Multiverse repositories. Just follow this howto: AddingRepositoriesHowto.

Installation

For beginning, install the main components of the mail system (For Ubuntu 7.10 Gutsy, you will need to replace libsasl2 with libsasl2-2):

sudo apt-get install postfix libsasl2 sasl2-bin libsasl2-modules libdb3-util procmail courier-authdaemon courier-imap courier-imap-ssl courier-pop courier-pop-ssl

Next install the filtering packages:

sudo apt-get install amavisd-new spamassassin clamav-daemon clamav-freshclam re2c

Install the optional packages for increased spam protection:

sudo apt-get install libnet-dns-perl libmail-spf-query-perl pyzor razor

Install some compress/uncompress utils (this allows the filters to scan compressed archives)

sudo apt-get install file arc gzip bzip2 cabextract zip unzip unrar-free cpio tar zoo arj lzop nomarch pax unzoo

Configuration

courier

Courier comes fully configured out of the box. You should setup the Maildirs for the default user and in your existing folders. To do that, read here: Courier. Login to your local IMAP server may not work for uses that don't have a Maildir in their home folder. The very abbreviated approach of creating a Maildir is:

cd ~
maildirmake Maildir

Note: if you already have a maildir, maildirmake should abort and say: maildirmake: File exists

postfix

Postfix will need a little bit of tweaking before we're done. We'll want to use relay_host to relay outgoing mail through your ISP account (otherwise we'll get a lot of denied outgoing email) and also setup some authentication. The last thing we want is to setup an open mail relay for use by spammers! Append the following to /etc/postfix/main.cf (relayhost definition should match your ISP smtp settings. Contact them for specifics)

# Relay mail thru ISP
relayhost = mail.your-isp.com
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

Create /etc/postfix/sasl_passwd and add your ISP account information. Example: (this should be the same login information you use to check your ISP email)

mail.your-isp.com username:password

For Ubuntu 7.10 Gutsy, you will also need to comment out the mailbox_command directive in /etc/postfix/main.cf so that it looks like this: #mailbox_command = procmail -a "$EXTENSION"

clamav

The default behaviour of clamav will fit our needs. A daemon is launched (clamd) and signatures are fetch every day. If you want to use clamav for mail filtering, check the configuration files in /etc/clamav. Add clamav user in amavis in order clamav can access files:

sudo useradd clamav --gid amavis

Ubuntu 7.10 Gutsy note: this step will fail as the clamav user was created when the packages were installed. Add the clamav to the amavis group by editing /etc/groups you need to add the text 'amavis' to the line that starts 'clamav' so that it looks something like this: clamav:x:126:amavis. The 126 will change from one system to another.

amavis

Now, activate spam detection and antivirus detection in amavis by editing /etc/amavis/conf.d/15-content_filter_mode:

use strict;

# You can modify this file to re-enable SPAM checking through spamassassin
# and to re-enable antivirus checking.

#
# Default antivirus checking mode
# Uncomment the two lines below to enable it back
#

@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);


#
# Default SPAM checking mode
# Uncomment the two lines below to enable it back
#

@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

1;  # insure a defined return

spamassassin

Spamasssassin will automagically scan for optional components and use them if available. A few of these, which we will use, are the dcc-client, pyzor and razor. These will not need to be configured. Edit /etc/default/spamassassin to activate the daemon: Edit the following line from ENABLED=0 TO ENABLED=1.

# Change to one to enable spamd
ENABLED=1

Postfix integration

For postfix integration, you only need to add in /etc/postfix/main.cf the following line:

content_filter=smtp-amavis:[127.0.0.1]:10024

Also edit /etc/postfix/master.cf, adding this at the bottom:

smtp-amavis	unix	-	-	-	-	2	smtp
	-o smtp_data_done_timeout=1200
	-o smtp_send_xforward_command=yes
	-o disable_dns_lookups=yes
	-o max_use=20

127.0.0.1:10025	inet	n	-	-	-	-	smtpd
	-o content_filter=
	-o local_recipient_maps=
	-o relay_recipient_maps=
	-o smtpd_restriction_classes=
	-o smtpd_delay_reject=no
	-o smtpd_client_restrictions=permit_mynetworks,reject
	-o smtpd_helo_restrictions=
	-o smtpd_sender_restrictions=
	-o smtpd_recipient_restrictions=permit_mynetworks,reject
	-o smtpd_data_restrictions=reject_unauth_pipelining
	-o smtpd_end_of_data_restrictions=
	-o mynetworks=127.0.0.0/8
	-o smtpd_error_sleep_time=0
	-o smtpd_soft_error_limit=1001
	-o smtpd_hard_error_limit=1000
	-o smtpd_client_connection_count_limit=0
	-o smtpd_client_connection_rate_limit=0
	-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

And add this immediately following the "pickup" transport service:

	 -o content_filter=
	 -o receive_override_options=no_header_body_checks

This will help stop marking messages, reporting spam, as spam. Reload postfix, and now, content filtering with spam and virus detection is enabled.

Test

Test your default installation using the following code segment.

telnet localhost 25

Postfix will prompt like following in the terminal so that you can use to type SMTP commands.

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 localhost.localdomain ESMTP Postfix (Ubuntu)

Type the following code segment in Postfix's prompt.

ehlo localhost
mail from: root@localhost
rcpt to: root@localhost
data
Subject: First test of Postfix

Hi,
Are you there?
regards,
Me
. (Type the .[dot] in a new Line and press Enter )
quit

Note: The blank line after Subject: is required to separate the email header section from the body.