技術 - Mail Server Solution--MailScanner+ClamAV+SpamAssassin+MailScanner-MRTG

Chin-Wei · 2006-12-23, 10:03 PM

MailScanner+ClamAV+SpamAssassin
+MailScanner-MRTG安裝說明

一.安裝clamav
1.至官網下載 Source RPM：
http://www.clamav.net/=> binary packages and ports =>
Fedora5: http://crash.fce.vutbr.cz/crash-hat/5/clamav/

2.rpmbuild --rebuild clamav-0.88.7-1.src.rpm
需有安裝sendmail-devel，否則無法成功編譯。
編譯完後的RPM會在/usr/src/redhat/RPMS/i386中。

3.rpm -ivh clamav-0.88.7-1.i386.rpm
rpm -ivh clamav-db-0.88.7-1.i386.rpm
rpm -ivh clamav-debuginfo-0.88.7-1.i386.rpm
rpm -ivh clamav-devel-0.88.7-1.i386.rpm
rpm -ivh clamav-server-0.88.7-1.i386.rpm
rpm -ivh clamav-milter-0.88.7-1.i386.rpm

二.安裝spamassassin
大部份的distribution預設都有安裝，所以這步驟可以跳過。

三.安裝MailScanner
1.tar zxvf MailScanner-4.57.6-1.rpm.tar.gz
cd MailScanner-4.57.6-1
./install

2.vi /etc/MailScanner/virus.scanners.conf
把這行：clamav /usr/lib/MailScanner/clamav-wrapper /usr/local
改成：　clamav /usr/lib/MailScanner/clamav-wrapper /usr/

3.vi /etc/MailScanner/rules/spam.whitelist.rules
From: 192.168.0.1 yes
From: example.com.tw yes
From: 127.0.0.1 yes
FromOrTo: default no
把自己的domain加入白名單中，無論如何自己的Domain都不會被判定為是spam，但還是會受到其他檢驗程序的檢查，例如ClamAV。

4.vi /etc/MailScanner/rules/scan.messages.rules (若檔案不存在就自己加)
From: 192.168.0.1 no
From: example.com.tw no
From: 127.0.0.1 no
FromOrTo: default yes
讓自己的Domain發出的信件，不用受到任何MailScanner檢驗程序的檢查。

5.vi /etc/MailScanner/MailScanner.conf
%org-name% = www.example.com.tw
%org-long-name% = www.example.com.tw
%web-site% = www.example.com.tw
Scan Messages = %rules-dir%/scan.messages.rules
Virus Scanning = yes
Virus Scanners = clamav
Still Deliver Silent Viruses = no
Monitors for ClamAV Updates = /var/lib/clamav/*.cvd
(ClamAV所使用的防毒資料庫所在位置)

Sign Clean Messages = no (不在任何正常的郵件中簽署MailScanner標記)
Mark Unscanned Messages = no (不在任何未經掃瞄的郵件中簽署MailScanner標記)
Notify Senders = no (不傳送spam rejection message 給sender)
Virus Subject Text = {病毒信}
Filename Subject Text = {檔名有誤}
Content Subject Text = {內含危險程式碼}
Size Subject Text = {檔案大小不合規定}
Disarmed Subject Text = {已去除危險程式碼}
Phishing Modify Subject = yes　<= 此功能預設是關閉
Phishing Subject Text = {詐騙郵件}
Spam Subject Text = {可能是廣告信}
High Scoring Spam Subject Text = {廣告信}
Archive Mail = /var/spool/mail/backup
（將所有的郵件以mbox格式備份至檔案，檔案必須事先建立）

Send Notices = no　<= 發現有問題的信件時，不通知管理員。
Use SpamAssassin = yes
Required SpamAssassin Score = 5
High SpamAssassin Score = 10

以下選項是為了之後可以使用MailScanner-MRTG繪製圖表：
Log Speed = yes
Log Spam = yes
Log Silent Viruses = yes
Log Dangerous HTML Tags = yes

6.啟動MailScanner：
service sendmail stop
chkconfig sendmail off
service MailScanner start
chkconfig MailScanner on

測試：
至 http://www.eicar.org/anti_virus_test_file.htm 下載病毒測試檔 eicar.com ，使用Outlook寄信到自己的主機上，檢查信箱與 /var/log/maillog 看是否可以偵測到病毒。

使用 /usr/share/doc/spamassassin-3.0.6/sample-spam.txt 提供的spam範本，使用Outlook寄信到自己的主機上，檢查信箱與/var/log/maillog看是否可以偵測到spam。

三.安裝MailScanner-MRTG
1.至http://sourceforge.net/projects/mailscannermrtg/ 下載tarball版本
(比較不會有問題)
tar zxvf mailscanner-mrtg-0.10.00.tar.gz
cd mailscanner-mrtg-0.10.00
./install.pl

此時按下enter會進入vi編輯模式，要改二行設定：
MailScanner Work Directory = /var/spool/MailScanner/incoming => /
Spool Directory = /var/spool => /
(以上二個選項都要改成mount point，例如”/”，不然的話圖表無法正常繪製)

2.vi /etc/cron.d/mailscanner-mrtg.crond
*/5 * * * * root env LANG=C /usr/bin/mrtg /etc/mrtg/mailscanner-mrtg.cfg > /dev/null 2>&1

3.vi /etc/mrtg/mailscanner-mrtg.cfg
Options[_]: gauge, nopercent
Language: Big5

4.vi /etc/httpd/conf/mailscanner-mrtg.include
Alias /mailscanner-mrtg "/var/www/html/mailscanner-mrtg/"

service httpd reload

5.修改 /etc/snmp/snmpd.conf：
com2sec local localhost public
com2sec mynetwork 192.168.0.0/24 public
group MyRWGroup v1 local
group MyROGroup v1 mynetwork
group MyRWGroup v2c local
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
view all included .1 80
access MyROGroup "" any noauth prefix all none none
access MyRWGroup "" any noauth prefix all all all
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root (configure /etc/snmp/snmp.local.conf)
pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat
view systemview included .1.3.6.1.2.1.2
#mem use
view systemview included .1.3.6.1.4.1.2021.4
#cpu use
view systemview included .1.3.6.1.4.1.2021

service snmpd restart
chkconfig snmpd on
(記得firewall與tcpwraper要開權限給localhost使用snmpd)

測試：
在瀏覽器中輸入http://your_domain/mailscanner_mrtg/　即可看到圖表。

2006-12-23, 10:03 PM	#1
Chin-Wei 長老會員榮譽勳章勳章總數9 UID - 114112 在線等級: 註冊日期: 2007-02-18 文章: 3448 精華: 0 現金: 1674 金幣資產: 32804 金幣	技術 - Mail Server Solution--MailScanner+ClamAV+SpamAssassin+MailScanner-MRTG MailScanner+ClamAV+SpamAssassin +MailScanner-MRTG安裝說明一.安裝clamav 1.至官網下載 Source RPM： http://www.clamav.net/=> binary packages and ports => Fedora5: http://crash.fce.vutbr.cz/crash-hat/5/clamav/ 2.rpmbuild --rebuild clamav-0.88.7-1.src.rpm 需有安裝sendmail-devel，否則無法成功編譯。編譯完後的RPM會在/usr/src/redhat/RPMS/i386中。 3.rpm -ivh clamav-0.88.7-1.i386.rpm rpm -ivh clamav-db-0.88.7-1.i386.rpm rpm -ivh clamav-debuginfo-0.88.7-1.i386.rpm rpm -ivh clamav-devel-0.88.7-1.i386.rpm rpm -ivh clamav-server-0.88.7-1.i386.rpm rpm -ivh clamav-milter-0.88.7-1.i386.rpm 二.安裝spamassassin 大部份的distribution預設都有安裝，所以這步驟可以跳過。三.安裝MailScanner 1.tar zxvf MailScanner-4.57.6-1.rpm.tar.gz cd MailScanner-4.57.6-1 ./install 2.vi /etc/MailScanner/virus.scanners.conf 把這行：clamav /usr/lib/MailScanner/clamav-wrapper /usr/local 改成：　clamav /usr/lib/MailScanner/clamav-wrapper /usr/ 3.vi /etc/MailScanner/rules/spam.whitelist.rules From: 192.168.0.1 yes From: example.com.tw yes From: 127.0.0.1 yes FromOrTo: default no 把自己的domain加入白名單中，無論如何自己的Domain都不會被判定為是spam，但還是會受到其他檢驗程序的檢查，例如ClamAV。 4.vi /etc/MailScanner/rules/scan.messages.rules (若檔案不存在就自己加) From: 192.168.0.1 no From: example.com.tw no From: 127.0.0.1 no FromOrTo: default yes 讓自己的Domain發出的信件，不用受到任何MailScanner檢驗程序的檢查。 5.vi /etc/MailScanner/MailScanner.conf %org-name% = www.example.com.tw %org-long-name% = www.example.com.tw %web-site% = www.example.com.tw Scan Messages = %rules-dir%/scan.messages.rules Virus Scanning = yes Virus Scanners = clamav Still Deliver Silent Viruses = no Monitors for ClamAV Updates = /var/lib/clamav/.cvd (ClamAV所使用的防毒資料庫所在位置) Sign Clean Messages = no (不在任何正常的郵件中簽署MailScanner標記) Mark Unscanned Messages = no (不在任何未經掃瞄的郵件中簽署MailScanner標記) Notify Senders = no (不傳送spam rejection message 給sender) Virus Subject Text = {病毒信} Filename Subject Text = {檔名有誤} Content Subject Text = {內含危險程式碼} Size Subject Text = {檔案大小不合規定} Disarmed Subject Text = {已去除危險程式碼} Phishing Modify Subject = yes　<= 此功能預設是關閉 Phishing Subject Text = {詐騙郵件} Spam Subject Text = {可能是廣告信} High Scoring Spam Subject Text = {廣告信} Archive Mail = /var/spool/mail/backup （將所有的郵件以mbox格式備份至檔案，檔案必須事先建立） Send Notices = no　<= 發現有問題的信件時，不通知管理員。 Use SpamAssassin = yes Required SpamAssassin Score = 5 High SpamAssassin Score = 10 以下選項是為了之後可以使用MailScanner-MRTG繪製圖表： Log Speed = yes Log Spam = yes Log Silent Viruses = yes Log Dangerous HTML Tags = yes 6.啟動MailScanner： service sendmail stop chkconfig sendmail off service MailScanner start chkconfig MailScanner on 測試：至 http://www.eicar.org/anti_virus_test_file.htm 下載病毒測試檔 eicar.com ，使用Outlook寄信到自己的主機上，檢查信箱與 /var/log/maillog 看是否可以偵測到病毒。使用 /usr/share/doc/spamassassin-3.0.6/sample-spam.txt 提供的spam範本，使用Outlook寄信到自己的主機上，檢查信箱與/var/log/maillog看是否可以偵測到spam。三.安裝MailScanner-MRTG 1.至http://sourceforge.net/projects/mailscannermrtg/ 下載tarball版本 (比較不會有問題) tar zxvf mailscanner-mrtg-0.10.00.tar.gz cd mailscanner-mrtg-0.10.00 ./install.pl 此時按下enter會進入vi編輯模式，要改二行設定： MailScanner Work Directory = /var/spool/MailScanner/incoming => / Spool Directory = /var/spool => / (以上二個選項都要改成mount point，例如”/”，不然的話圖表無法正常繪製) 2.vi /etc/cron.d/mailscanner-mrtg.crond /5 * * * * root env LANG=C /usr/bin/mrtg /etc/mrtg/mailscanner-mrtg.cfg > /dev/null 2>&1 3.vi /etc/mrtg/mailscanner-mrtg.cfg Options[_]: gauge, nopercent Language: Big5 4.vi /etc/httpd/conf/mailscanner-mrtg.include Alias /mailscanner-mrtg "/var/www/html/mailscanner-mrtg/" service httpd reload 5.修改 /etc/snmp/snmpd.conf： com2sec local localhost public com2sec mynetwork 192.168.0.0/24 public group MyRWGroup v1 local group MyROGroup v1 mynetwork group MyRWGroup v2c local view systemview included .1.3.6.1.2.1.1 view systemview included .1.3.6.1.2.1.25.1.1 view all included .1 80 access MyROGroup "" any noauth prefix all none none access MyRWGroup "" any noauth prefix all all all syslocation Unknown (edit /etc/snmp/snmpd.conf) syscontact Root (configure /etc/snmp/snmp.local.conf) pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat view systemview included .1.3.6.1.2.1.2 #mem use view systemview included .1.3.6.1.4.1.2021.4 #cpu use view systemview included .1.3.6.1.4.1.2021 service snmpd restart chkconfig snmpd on (記得firewall與tcpwraper要開權限給localhost使用snmpd) 測試：在瀏覽器中輸入http://your_domain/mailscanner_mrtg/　即可看到圖表。此帖於 2006-12-26 08:09 PM 被 Chin-Wei 編輯.
	__________________ 思考，正是從一個錯誤，跳進另外一個錯誤。
	送花文章: 5387, 收花文章: 1361 篇, 收花: 5457 次

Google 提供的廣告