“UbuntuHelp:PostfixAmavisNew”的版本间的差异

2007年11月30日 (五) 21:05的版本

文章出处:

https://help.ubuntu.com/community/PostfixAmavisNew

点击翻译:

English

请不要直接编辑翻译本页，本页将定期与来源同步。

Introduction

In this howto, Postfix integration with amavis-new will be presented. Amavis-new is a wrapper that can call any number of content filtering programs for spam detection, antivirus, etc. In this howto, integration with Spamassassin and Clamav will be presented. This is a classical installation of Postfix + Amavis-new + Spamassassin + Clamav. Please note that the packages amavisd-new, clamav, spamassassin are part of the UbuntuHelp:UniversePackages. That means they will not receive security support from Canonical. You have been warned.

Prerequisite

You should have a functional Postfix server installed. If this is not the case, follow the UbuntuHelp:Postfix guide.

Installation

Activate Universe and Multiverse repositories. Just follow this howto: UbuntuHelp:AddingRepositoriesHowto. We explain why Universe is needed in the introduction; multiverse will be necessary for some compress/uncompress utils. To begin, install (see InstallingSoftware) the following packages:

sudo apt-get install amavisd-new spamassassin clamav-daemon

Install the optional packages for better spam detection (who does not want better spam detection?):

sudo apt-get install libnet-dns-perl libmail-spf-query-perl pyzor razor

Install some compress/uncompress utils. Install the following packages:

sudo apt-get install arj bzip2 cabextract cpio file gzip lha nomarch pax rar unrar unzip unzoo zip zoo

Configuration

Clamav

The default behaviour of Clamav will fit our needs. A daemon is launched (clamd) and signatures are fetched every day. For more Clamav configuration options, check the configuration files in /etc/clamav. Add clamav user to the amavis group in order for Clamav to have access to scan files:

sudo adduser clamav amavis

Spamassassin

Spamasssassin autodetects optional components and will use them if they are present. This means that there is no need to configure dcc-client, pyzor and razor. The fine tuning of Spamassassin rules is beyond the scope of this guide. Please refer to the UbuntuHelp:Spamassassin page. Edit /etc/default/spamassassin to activate the Spamassassin daemon change ENABLED=0 to:

ENABLED=1

Now start Spamassassin:

sudo /etc/init.d/spamassassin start

Amavis

First, activate spam and antivirus detection in Amavis by editing /etc/amavis/conf.d/15-content_filter_mode:

use strict;
# You can modify this file to re-enable SPAM checking through spamassassin
# and to re-enable antivirus checking.
#
# Default antivirus checking mode
# Uncomment the two lines below to enable it
#
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
#
# Default SPAM checking mode
# Uncomment the two lines below to enable it
#
@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
1;  # insure a defined return

Bouncing spam can be a bad idea as the return address is often faked, so it may have your server put on a blacklist. Consider editing /etc/amavis/conf.d/20-debian_defaults to set $final_spam_destiny to D_DISCARD rather than D_BOUNCE, as follows:

$final_spam_destiny       = D_DISCARD;

After configuration Amavis needs to be restarted:

sudo /etc/init.d/amavis restart

Postfix integration

For postfix integration, you only need to edit /etc/postfix/main.cf and add the following line:

content_filter = smtp-amavis:[127.0.0.1]:10024

Next edit /etc/postfix/master.cf and add the following to the end of the file:

smtp-amavis	unix	-	-	-	-	2	smtp
	-o smtp_data_done_timeout=1200
	-o smtp_send_xforward_command=yes
	-o disable_dns_lookups=yes
	-o max_use=20
127.0.0.1:10025	inet	n	-	-	-	-	smtpd
	-o content_filter=
	-o local_recipient_maps=
	-o relay_recipient_maps=
	-o smtpd_restriction_classes=
	-o smtpd_delay_reject=no
	-o smtpd_client_restrictions=permit_mynetworks,reject
	-o smtpd_helo_restrictions=
	-o smtpd_sender_restrictions=
	-o smtpd_recipient_restrictions=permit_mynetworks,reject
	-o smtpd_data_restrictions=reject_unauth_pipelining
	-o smtpd_end_of_data_restrictions=
	-o mynetworks=127.0.0.0/8
	-o smtpd_error_sleep_time=0
	-o smtpd_soft_error_limit=1001
	-o smtpd_hard_error_limit=1000
	-o smtpd_client_connection_count_limit=0
	-o smtpd_client_connection_rate_limit=0
	-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

Also add the following two lines immediately below the "pickup" transport service:

	 -o content_filter=
	 -o receive_override_options=no_header_body_checks

This will prevent messages that are generated to report on spam from being classified as spam. More information can be found from "README.postfix from amavisd-new" and "D.J.Fan" Reload postfix:

 
sudo /etc/init.d/postfix reload

Now content filtering with spam and virus detection is enabled.

Test

First, test that the amavis SMTP is listening:

telnet localhost 10024
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
^]

Check on your /var/log/mail.log that everything goes well. If you raise the log level, you can check every step of the content filtering: spam check, virus check, etc. Don't forget to lower the log level after your checks! On messages that go through the content filter you should see:

X-Spam-Level: 
X-Virus-Scanned: Debian amavisd-new at example.com
X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, BAYES_00
X-Spam-Level:

Troubleshooting

If the filtering is not happening, adding the following to /etc/amavis/conf.d/50-user may help:

@local_domains_acl = ( ".$mydomain" );

If you receive mail for other domains, add them to the list. This information was obtained from the Amavis-New FAQ here. If you see the following error in /var/log/syslog when amavisd is trying to scan a message: amavis[30807]: (30807-01) (!!) ask_av (ClamAV-clamd) FAILED - unexpected result: /var/lib/amavis/tmp/amavis-20070615T125025-30807/parts: lstat() failed. ERROR\n Try changing the permissions on /var/lib/amavis/tmp:

chmod -R 775 /var/lib/amavis/tmp

Another way to trouble shoot errors associated with Amavisd-new, Spamassassin, Postfix, or Clamav is to restart all the services with Amavisd-new being the last one to start:

sudo /etc/init.d/postfix restart
sudo /etc/init.d/spamassassin restart
sudo /etc/init.d/clamav-daemon restart
sudo /etc/init.d/amavis restart

Then check /var/log/mail.log and see if the error has gone away.
Note: This guide has been tested on Ubuntu 7.10 (Gutsy Gibbon).

@@ 第2行： / 第2行： @@
 {{Languages|UbuntuHelp:PostfixAmavisNew}}
 == Introduction ==
 In this howto, Postfix integration with amavis-new will be presented. Amavis-new is a wrapper that can call any number of content filtering programs for spam detection, antivirus, etc. In this howto, integration with Spamassassin and Clamav will be presented. This is a classical installation of Postfix + Amavis-new + Spamassassin + Clamav.
 Please note that the packages <code><nowiki>amavisd-new</nowiki></code>, <code><nowiki>clamav</nowiki></code>, <code><nowiki>spamassassin</nowiki></code> are part of the [[UbuntuHelp:UniversePackages]]. That means they will not receive security support from Canonical. You have been warned.
 == Prerequisite ==
 You should have a functional Postfix server installed. If this is not the case, follow the [[UbuntuHelp:Postfix]] guide.
 == Installation ==
 Activate Universe and Multiverse repositories. Just follow this howto: [[UbuntuHelp:AddingRepositoriesHowto]]. We explain why Universe is needed in the introduction; multiverse will be necessary for some compress/uncompress utils.
 To begin, install (see InstallingSoftware) the following packages:
 <pre><nowiki>
 sudo apt-get install amavisd-new spamassassin clamav-daemon
 </nowiki></pre>
 Install the optional packages for better spam detection (who does not want better spam detection?):
 <pre><nowiki>
 sudo apt-get install libnet-dns-perl libmail-spf-query-perl pyzor razor
 </nowiki></pre>
 Install some compress/uncompress utils. Install the following packages:
 <pre><nowiki>
 sudo apt-get install arj bzip2 cabextract cpio file gzip lha nomarch pax rar unrar unzip unzoo zip zoo
 </nowiki></pre>
 == Configuration ==
 === Clamav ===
 The default behaviour of Clamav will fit our needs. A daemon is launched (clamd) and signatures are fetched every day.  For more Clamav configuration options, check the configuration files in <code><nowiki>/etc/clamav</nowiki></code>.
 Add <code><nowiki>clamav</nowiki></code> user to the <code><nowiki>amavis</nowiki></code> group in order for Clamav to have access to scan files:
 <pre><nowiki>
 sudo adduser clamav amavis
 </nowiki></pre>
 === Spamassassin ===
 Spamasssassin autodetects optional components and will use them if they are present. This means that there is no need to configure <code><nowiki>dcc-client</nowiki></code>, <code><nowiki>pyzor</nowiki></code> and <code><nowiki>razor</nowiki></code>.
 The fine tuning of Spamassassin rules is beyond the scope of this guide. Please refer to the [[UbuntuHelp:Spamassassin]] page.
 Edit <code><nowiki>/etc/default/spamassassin</nowiki></code> to activate the Spamassassin daemon change ''ENABLED=0'' to:
 <pre><nowiki>
 ENABLED=1
 </nowiki></pre>
 Now start Spamassassin:
 <pre><nowiki>
 sudo /etc/init.d/spamassassin start
 </nowiki></pre>
 === Amavis ===
 First, activate spam and antivirus detection in Amavis by editing <code><nowiki>/etc/amavis/conf.d/15-content_filter_mode</nowiki></code>:
 <pre><nowiki>
 use strict;
 # You can modify this file to re-enable SPAM checking through spamassassin
 # and to re-enable antivirus checking.
 #
 # Default antivirus checking mode
 # Uncomment the two lines below to enable it
 #
 @bypass_virus_checks_maps = (
 \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
 #
 # Default SPAM checking mode
 # Uncomment the two lines below to enable it
 #
 @bypass_spam_checks_maps = (
 \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
 ;  # insure a defined return
 </nowiki></pre>
 Bouncing spam can be a bad idea as the return address is often faked, so it may have your server put on a blacklist.  Consider editing <code><nowiki>/etc/amavis/conf.d/20-debian_defaults</nowiki></code> to set $final_spam_destiny to D_DISCARD rather than D_BOUNCE, as follows:
 <pre><nowiki>
 $final_spam_destiny       = D_DISCARD;
 </nowiki></pre>
 After configuration Amavis needs to be restarted:
 <pre><nowiki>
 sudo /etc/init.d/amavis restart
 </nowiki></pre>
 === Postfix integration ===
 For postfix integration, you only need to edit <code><nowiki>/etc/postfix/main.cf</nowiki></code> and add the following line:
 <pre><nowiki>
 content_filter = smtp-amavis:[127.0.0.1]:10024
 </nowiki></pre>
 Next edit <code><nowiki>/etc/postfix/master.cf</nowiki></code> and add the following to the end of the file:
 <pre><nowiki>
@@ 第114行： / 第78行： @@
 	-o disable_dns_lookups=yes
 	-o max_use=20
 .0.0.1:10025	inet	n	-	-	-	-	smtpd
 	-o content_filter=
@@ 第135行： / 第98行： @@
 	-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
 </nowiki></pre>
 Also add the following two lines immediately below the "pickup" transport service:
 <pre><nowiki>
@@ 第142行： / 第104行： @@
 </nowiki></pre>
 This will prevent messages that are generated to report on spam from being classified as spam.
 More information can be found from [http://www.ijs.si/software/amavisd/README.postfix.txt "README.postfix from amavisd-new"] and [http://www200.pair.com/mecham/spam/spamfilter20060701.html "D.J.Fan"]
 Reload postfix:
 <pre><nowiki>
 sudo /etc/init.d/postfix reload
 </nowiki></pre>
 Now content filtering with spam and virus detection is enabled.
 == Test ==
 First, test that the amavis SMTP is listening:
 <pre><nowiki>
@@ 第164行： / 第120行： @@
 ^]
 </nowiki></pre>
 Check on your <code><nowiki>/var/log/mail.log</nowiki></code> that everything goes well. If you raise the log level, you can check every step of the content filtering: spam check, virus check, etc. Don't forget to lower the log level after your checks!
 On messages that go through the content filter you should see:
 <pre><nowiki>
@@ 第174行： / 第128行： @@
 X-Spam-Level:
 </nowiki></pre>
 == Troubleshooting ==
 If the filtering is not happening, adding the following to <code><nowiki>/etc/amavis/conf.d/50-user</nowiki></code> may help:
 <pre><nowiki>
 @local_domains_acl = ( ".$mydomain" );
 </nowiki></pre>
 If you receive mail for other domains, add them to the list.  This information was obtained from the Amavis-New FAQ [http://www.ijs.si/software/amavisd/#faq-spam here].
 If you see the following error in /var/log/syslog when amavisd is trying to scan a message:
 <code><nowiki>amavis[30807]: (30807-01) (!!) ask_av (ClamAV-clamd) FAILED - unexpected result: /var/lib/amavis/tmp/amavis-20070615T125025-30807/parts: lstat() failed. ERROR\n</nowiki></code>
 Try changing the permissions on <code><nowiki>/var/lib/amavis/tmp</nowiki></code>:
 <pre><nowiki>
 chmod -R 775 /var/lib/amavis/tmp
 </nowiki></pre>
 Another way to trouble shoot errors associated with Amavisd-new, Spamassassin, Postfix, or Clamav is to restart all the services with Amavisd-new being the last one to start:
 <pre><nowiki>
@@ 第202行： / 第147行： @@
 sudo /etc/init.d/amavis restart
 </nowiki></pre>
 Then check <code><nowiki>/var/log/mail.log</nowiki></code> and see if the error has gone away.
 <br>
 '''Note:''' This guide has been tested on Ubuntu 7.10 (Gutsy Gibbon).

个人工具

“UbuntuHelp:PostfixAmavisNew”的版本间的差异 - Ubuntu中文

搜索

导航

编辑

工具