Part 6
l Chapter 14
Postfix Antispam with SpamAssassin and Amavisd
l Chapter 15
Postfix Antivirus with ClamAV
Chapter 14 Postfix Antispam with SpamAssassin
& Amavisd
Postfix + Amavisd (Scanner) + SpamAssassin(Antispam) +
ClamAV(Antivirus)
1) configure amavisd to accept mail from MTA
and pass it to ClamAV and SpamAssassin for checking
2) return it back to MTA for delivery
3) Amavisd will use lmtp listening on TCP port 10024 to
accept mail from MTA and then pass it to ClamAV using a
locScanned mail al UNIX socket and SpamAssassin using the Mail::SpamAssassin Perl module.
4) will be returned to MTA using smtp on TCP port
10025 for delivery.
1. Introduction of SpamAssassin and Amavisd-new
a. Amavisd-new (www.ijs.si/software/amavisd/)
§ a reliable
high-performance interface between an email
server (MTA) and content checkers like virus scanners
§ supports both (E)SMTP
and LMTP protocols as well as UNIX sockets for communicating with the MTA
and content checkers.
§ use dedicated helper
programs such as the Mail::SpamAssassin Perl module.
§ supports a number of
MTA's.
b. SpamAssassin
(spamassassin.apache.org)
§ Be used for e-mail spam filtering based on content-matching
rules.
§ uses a variety of spam-detection
techniques, that includes DNS-based and fuzzy-checksum-based spam detection,
Bayesian filtering, external programs, blacklists and online databases.
§ can be integrated with the mail server to
automatically filter all mail for a site.
§ awarded the Linux New Media Award 2006 as the
"Best Linux-based Anti-spam Solution".
2. Packages installation
# rpm –qa | grep
rpmforge
# yum install
amavisd-new spamassassin –y
# rpm –qa | grep
amavisd-new spamassassin
# chkconfig amavisd
on; chkconfig spamassassin on
# chkconfig --list |
grep "amavisd\|spamassassin“
3.
Configuration
a. Spamassassin
# vi /etc/mail/spamassassin/local.cf
required_hits
5
#
spamassassin --lint //syntax
checking
b. Amavisd-new
# vi /etc/amavisd/amavisd.conf
$max_servers = 2; # num of pre-forked
children (2..30 is common), -m
$daemon_user
= "amavis";
# (no default; customary: vscan
or amavis), -u
$daemon_group = "amavis"; # (no default; customary: vscan or amavis), -g
$inet_socket_port = 10024; # listen on this local TCP
port(s)
$mydomain = ‘chul.com'; # Edit: a convenient default for other settings
$myhostname =
‘server.chul.com';
$virus_admin = “tland\@$mydomain"; #
notifications recip.
$mailfrom_notify_admin = "virusalert\@$mydomain"; #
notifications sender
$mailfrom_notify_recip = "virusalert\@$mydomain"; #
notifications sender
$mailfrom_notify_spamadmin
= "spam.police\@$mydomain"; # notifications sender
['ClamAV-clamd',
380
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
c. Postfix
# vi /etc/postfix/main.cf
content_filter=amavisfeed:[127.0.0.1]:10024
# vi /etc/postfix/master.cf
amavisfeed unix -
- n -
2 lmtp
-o lmtp_data_done_timeout=1200
-o lmtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025
inet n - n
- - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o
smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o
smtpd_recipient_restrictions=permit_mynetworks,reject
-o
smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
-o local_header_rewrite_clients=
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=
4. Service startup and connection test
a.
Service startup
#
service amavisd start
#
service postfix restart; service spamassassin start
# ps
–ef | grep amavis
# ps
–ef | grep spamd
#
netstat –nat | grep 10024
#
netstat –nat | grep 10025
b.
Connect to amavisd and smtpd port
#
telnet localhost 10024
#
telnet localhost 10025
Chapter 15
Postfix Antivirus with ClamAV
1.What is ClamAV?
§ an open source (GPL) antivirus
engine designed for detecting Trojans, viruses, malware and other malicious
threats
§ is standard for mail
gateway scanning
§ provides a high
performance mutli-threaded scanning daemon, command line utilities for on
demand file scanning, and an intelligent tool for automatic signature updates.
§ www.clamav.net
2. Package Introduction
① clamtk: Easy to use
front-end for ClamAV
② clamav-db: Virus database for
clamav
③ clamav-devel: Header
files, libraries and development documentation for clamav
④ clamd : The Clam AntiVirus
Daemon
⑤ clamav : Anti-virus
software
⑥ clamsmtp : A SMTP virus
scanning system
3.
ClamAV installation
a.
Install ClamAV
# yum
--enablerepo=rpmforge -y install clamav clamav-db clamd clamav-devel
# vi
/etc/freshclam.conf
#NotifyClamd
/etc/clamd.conf
# vi
/etc/clamd.conf
LocalSocket
/var/run/clamav/clamd.sock
#
TCPSocket 3310
User
clamav
b.
Update the database
# chown
–R clamav.clamav /var/log/clamav/
# chown
–R clamav.clamav /var/run/clamav
#
freshclam //update
pattern files
# ls –l
/var/lib/clamav
c. Try
to scan
# clamscan --infected --remove --recursive /home
# clamscan --infected --remove --recursive /home
d. try
to download trial virus
# wget http://www.eicar.org/download/eicar.com
# wget http://www.eicar.org/download/eicar.com
#
clamscan --infected --remove --recursive
./eicar.com: Eicar-Test-Signature FOUND
./eicar.com: Removed. # just detected
./eicar.com: Eicar-Test-Signature FOUND
./eicar.com: Removed. # just detected
-----------
SCAN SUMMARY -----------
4.
Clamsmtp
a.
Install ClamSMTP
# yum
--enablerepo=rpmforge -y install clamsmtp
b.
Clamsmtp Configuration
# vi
/etc/clamsmtpd.conf
OutAddress: 127.0.0.1:10027
Listen: 127.0.0.1:10026
ClamAddress: /var/run/clamav/clamd.sock
Header: X-Virus-Scanned: ClamAV using ClamSMTP
TempDirectory: /var/tmp
Action: drop
User: clamav
OutAddress: 127.0.0.1:10027
Listen: 127.0.0.1:10026
ClamAddress: /var/run/clamav/clamd.sock
Header: X-Virus-Scanned: ClamAV using ClamSMTP
TempDirectory: /var/tmp
Action: drop
User: clamav
c.
Service startup and checking
# service clamsmtpd start
# service clamsmtpd start
# ps
–ef | grep clamsmtpd
#
netstat –nat | grep 10026
# chkconfig clamsmtpd on
# chkconfig clamsmtpd on
#
chkconfig clamd on
5.
Configure Postfix
[root@mail
~]# vi /etc/postfix/main.cf
content_filter
= scan:127.0.0.1:10026
[root@mail
~]# vi /etc/postfix/master.cf
scan unix
- - n
- 16 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10027
inet n - n
- 16 smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o
smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o
smtpd_authorized_xforward_hosts=127.0.0.0/8
[root@mail
~]# service postfix restart
6.
Testing antispam and antivirus
a.
Amavis testing using sample files
# cd
/usr/share/doc/amavisd-new-2.5.4/test-messages
# perl
-pe 's/./chr(ord($&)^255)/sge' <sample.tar.gz.compl | zcat | tar xvf –
# mail
–vs “virus teseting” linux@chul.com
< sample-virus-simple.txt
# mail
–vs “spam testng” linux@chul.com <
sample-spam-GTUBE-junk.txt
#
spamassassin –D < sample-spam-GTUBE-junk.txt
# spamc
–c < sample-spam-GTUBE-junk.txt
# spamc
–c < sample-nonspam.txt
# tail –f /var/log/maillog
b. ClamAV and Clamsmtp testing
#
service clamsmtpd stop
#
clamsmtpd –d 4 //debuging
mode
# mail
–vs “virus teseting” linux@chul.com
< sample-virus-simple.txt
# tail
–f /var/log/mailllog
Hi
ReplyDeletei have internet in my house
using my laptop with thunderbird and setting up my account using port 993 i can able to recieve email from outside but the problem i cant able to send outside.
thanks