Debian AmavisD: Unterschied zwischen den Versionen

Aus Wiki
Zur Navigation springen Zur Suche springen
Keine Bearbeitungszusammenfassung
Keine Bearbeitungszusammenfassung
Zeile 67: Zeile 67:
  ENABLED=1
  ENABLED=1


'''Plugin DKIM:'''
  vi /etc/spamassassin/v312.pre
  vi /etc/spamassassin/v312.pre
DKIM Plugin aktivieren (#-Zeichen entfernen):
DKIM Plugin aktivieren (#-Zeichen entfernen):
  loadplugin Mail::SpamAssassin::Plugin::DKIM
  loadplugin Mail::SpamAssassin::Plugin::DKIM
'''Plugin Pyzor:'''
pyzor discover
su amavis -c 'pyzor discover'
su amavis -c 'pyzor ping'
Pyzor ping sollte ein Ok liefern: ''public.pyzor.org:24441  (200, 'OK')''


'''Plugin Razor:'''
razor-admin -create
razor-admin -register
cp -r /root/.razor /var/lib/amavis
chown -R amavis:amavis /var/lib/amavis
'''Plugin DCC:'''
cd /usr/local/src
wget http://www.dcc-servers.net/dcc/source/dcc-dccproc.tar.Z
tar xzvf dcc-dccproc.tar.Z
cd dcc-dccproc-[tab][enter]
./configure --with-uid=amavis
make
make install
ln -s /var/dcc/libexec/cron-dccd /usr/bin/cron-dccd
chown -R amavis:amavis /var/dcc
Testen von DCC:
cdcc info
Es sollten Antworten von den DCC-Servern erfolgen. Localhost (127.0.0.1) wird nicht antworten. Dies ist normal hier.


Spamassassin Regeln updaten:
vi /etc/spamassassin/v310.pre
DCC Plugin aktivieren (#-Zeichen entfernen):
loadplugin Mail::SpamAssassin::Plugin::DCC
 
'''
Aktivieren der Plugins und Bayes-Filter:'''
vi /etc/spamassassin/local.cf
Kommentarzeichen (#) von folgenden Einträgen entfernen:
lock_method flock
use_bayes 1
bayes_auto_learn 1
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status
 
Folgende Zeilen ans Ende anfügen:
bayes_path /var/lib/amavis/.spamassassin/bayes
auto_whitelist_path /var/lib/amavis/.spamassassin/auto-whitelist
whitelist_from spambin@example.com
bayes_auto_learn_threshold_nonspam -0.5
#pyzor
use_pyzor 1
pyzor_path /usr/bin/pyzor
#razor
use_razor2 1
razor_config /etc/razor/razor-agent.conf
razor_timeout 8
#dcc
use_dcc 1
 
'''
Spamassassin Regeln updaten:'''
  sa-update
  sa-update


Zeile 107: Zeile 165:
  $hdrfrom_notify_sender = "amavisd-new <postmaster\@$mydomain>";
  $hdrfrom_notify_sender = "amavisd-new <postmaster\@$mydomain>";
   
   
  $notify_method = 'smtp:[127.0.0.1]:10035'; # where to submit notifications
  $notify_method = 'smtp:[127.0.0.1]:10025'; # where to submit notifications
   
   
  $max_servers = 6;
  $max_servers = 6;
 
  # We discard (and quarantine) viruses, discard (and quarantine) spam (>= kill_level),  
  # We discard (and quarantine) viruses, discard (and quarantine) spam (>= kill_level),  
  # bounce (and quarantine) banned files and pass bad headers:
  # bounce (and quarantine) banned files and pass bad headers:
Zeile 124: Zeile 182:
  # don't quarantine bad headers (no need since we pass them all):
  # don't quarantine bad headers (no need since we pass them all):
  $bad_header_quarantine_to = undef;
  $bad_header_quarantine_to = undef;
 
  # Spam gets the Subject line prepended with:
  # Spam gets the Subject line prepended with:
  #$sa_spam_subject_tag = 'Spam> ';
  #$sa_spam_subject_tag = 'Spam> ';
Falls dem Subject einer Spamnachricht durch amavisd ein Tag (Standard 'Spam> ') vorangestllt werden soll, Kommentarzeichen vor '''''$sa_spam_subject_tag''''' entfernen und das Tag anpassen z.B. ***SPAM***
Falls dem Subject einer Spamnachricht durch amavisd ein Tag (Standard 'Spam> ') vorangestllt werden soll, Kommentarzeichen vor '''''$sa_spam_subject_tag''''' entfernen und das Tag anpassen z.B. ***SPAM***
  $sa_spam_subject_tag = '***SPAM*** ';
  $sa_spam_subject_tag = '***SPAM*** ';
 
  # We tag all headers (for 'local' domains) with X-Spam info:
  # We tag all headers (for 'local' domains) with X-Spam info:
  $sa_tag_level_deflt = undef;
  $sa_tag_level_deflt = undef;
Zeile 135: Zeile 193:
  # This is the system default spam tag level that will be overridden by user's preferences in MySQL
  # This is the system default spam tag level that will be overridden by user's preferences in MySQL
  $sa_tag2_level_deflt = 6.31;
  $sa_tag2_level_deflt = 6.31;
 
  # The default is to not quarantine any spam (outside of what users get in their Spam folder),  
  # The default is to not quarantine any spam (outside of what users get in their Spam folder),  
  # so set default kill_level high. Users can choose their own kill_level however. kill_level
  # so set default kill_level high. Users can choose their own kill_level however. kill_level
  # will trigger quarantining (to MailZu).
  # will trigger quarantining.
  $sa_kill_level_deflt = 9999;
  $sa_kill_level_deflt = 9999;
   
   
Zeile 150: Zeile 208:
  @mynetworks = qw( 127.0.0.0/8 192.168.0.0/16 );
  @mynetworks = qw( 127.0.0.0/8 192.168.0.0/16 );
Evtl. den Eintrag '''''@mynetworks''''' den Netzwerkgegebenheiten anpassen.
Evtl. den Eintrag '''''@mynetworks''''' den Netzwerkgegebenheiten anpassen.
  $inet_socket_port = [10024, 10026];
  $inet_socket_port = [10024];  
## If using Mailzu, use this instead:
#$inet_socket_port = [10024, 10026, 9998];
$inet_socket_bind = '127.0.0.1';
## If using Mailzu, use this instead:
#$inet_socket_bind = undef;
## Interface to MailZu
#$interface_policy{'9998'} = 'MAILZU';
#$policy_bank{'MAILZU'} = {
#    protocol => 'AM.PDP',
#    inet_acl => [qw( 127.0.0.1 [::1] 111.111.111.111 )],
#};
   
   
  # If using MailZu, store banned files and spam to MySQL if you want to give users the
  $inet_socket_bind = 127.0.0.1;
# ability to read those messages in the MailZu interface:
#$banned_files_quarantine_method = 'sql:';
#$spam_quarantine_method        = 'sql:';
   
   
  # We create a custom set of banned rules for the MYNETS and TRUSTED policy
  # disable quarantine subdirectories
  # banks. See also the 'DEFAULT' $banned_filename_re settings in 20-debian_defaults
  $quarantine_subdir_levels = undef;
%banned_rules = (
  'BLOCK_EXE' =>  new_RE(
    # block double extensions in names:
      qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,
    # allow any name or type (except viruses) within an archive:
      [ qr'^\.(Z|gz|bz2|rpm|cpio|tar|zip|rar|arc|arj|zoo)$' => 0],
    # blocks MS executable file(1) types, unless allowed above:
      qr'^\.(exe|exe-ms)$',
    ),
  'DEFAULT' => $banned_filename_re,
);  
   
   
$policy_bank{'MYNETS'} = { # mail originating from @mynetworks
  # we may need to add items to this   
  originating => 1,
  @additional_perl_modules = qw(
  os_fingerprint_method => undef,
  );  
  spam_admin_maps  => ["postmaster\@$mydomain"], # alert of internal spam
  final_spam_destiny => D_BOUNCE, # so the sender knows they are a spammer 
  spam_kill_level_maps => [9.0],
  spam_dsn_cutoff_level_maps => [9999],
  spam_dsn_cutoff_level_bysender_maps => [9999],
  banned_filename_maps => ['BLOCK_EXE'],
};
# Note about spam_kill_level_maps in policy banks: the recipient's
# spam_kill_level is overridden (ignored). This may cause unexpected
# results, such as quarantining or passing of spam. In the two policy
# banks shown here, this would only apply to mail sent from trusted users
# (who typically would not send spam).
$interface_policy{'10026'} = 'TRUSTED';
  $policy_bank{'TRUSTED'} = {  # mail originating from trusted senders
  originating => 1,
  os_fingerprint_method => undef,
  spam_admin_maps => ["postmaster\@$mydomain"], # alert of internal spam
  final_spam_destiny => D_BOUNCE, # so the sender knows they are a spammer
  spam_kill_level_maps => [9.0],
  spam_dsn_cutoff_level_maps => [9999],
  spam_dsn_cutoff_level_bysender_maps => [9999],
  banned_filename_maps => ['BLOCK_EXE'],
  };
 
 




Version vom 21. März 2009, 17:04 Uhr

Einleitung

Voraussetzungen:

  • C-Compiler
  • Webserver installiert
  • MySQL installiert

Installation

Es sind zahlreiche Pakete erforderlich:

Debian Paketmanager: 

apt-get --yes install libgd2-xpm php5-imap php5-ldap php5-mcrypt php5-gd
apt-get --yes install libcrypt-blowfish-perl libossp-uuid-perl libio-zlib-perl
apt-get --yes install libarchive-tar-perl libarchive-zip-perl libtemplate-perl
apt-get --yes install libemail-address-perl libconvert-tnef-perl libnet-ldap-perl
apt-get --yes install libunix-syslog-perl libnet-dns-perl libberkeleydb-perl
apt-get --yes install libauthen-sasl-perl libmail-dkim-perl libio-socket-ssl-perl libnet-ident-perl
apt-get --yes install imagemagick apt-listchanges

Pear PHP-Manager: 

pear channel-update pear.php.net
pear upgrade pear
pear install XML_RPC
pear install Mail_Mime
pear install DB_Pager
pear install Auth_SASL
pear install Net_Socket
pear install Net_Smtp
pear install Net_IMAP
pear install Net_POP3
pear install Log
pear install DB
pear install Pager
pear install --alldeps Image_Color
pear install -f Image_Canvas
pear install -f Numbers_Words
pear install Numbers_Roman
pear install -f Image_Graph-0.7.2
Achtung:
Das Paket NET_IMAP enthält einen Bug, der relativ einfach gefixt werden kann:

(Details zum Bug und Lösung siehe auch http://pear.php.net/bugs/bug.php?id=3438): 

vi /usr/share/php/Net/IMAPProtocol.php

Die Zeilen 700 bis 702 folgendermaßen abändern: 

#return $args;
// not for now
return $this->_genericImapResponseParser($args,$cmdid);

Perl-Module (MCPAN): 

perl -MCPAN -e shell
install Net::Server
install Mail::SPF::Query
install Convert::UUlib
install Crypt::CBC
install MIME::Parser
exit

AmavisD Spamassassin und ClamAV 

apt-get --yes install unrar-free nomarch lzop cabextract
apt-get --yes install clamav clamav-daemon clamav-docs 
apt-get --yes install spamassassin razor pyzor amavisd-new

Konfiguration

Spamassassin

vi /etc/default/spamassassin

Spamassassin aktivieren: 

ENABLED=1

Plugin DKIM: 

vi /etc/spamassassin/v312.pre

DKIM Plugin aktivieren (#-Zeichen entfernen): 

loadplugin Mail::SpamAssassin::Plugin::DKIM

Plugin Pyzor: 

pyzor discover
su amavis -c 'pyzor discover'
su amavis -c 'pyzor ping'

Pyzor ping sollte ein Ok liefern: public.pyzor.org:24441 (200, 'OK')

Plugin Razor: 

razor-admin -create
razor-admin -register
cp -r /root/.razor /var/lib/amavis
chown -R amavis:amavis /var/lib/amavis

Plugin DCC: 

cd /usr/local/src
wget http://www.dcc-servers.net/dcc/source/dcc-dccproc.tar.Z
tar xzvf dcc-dccproc.tar.Z
cd dcc-dccproc-[tab][enter] 
./configure --with-uid=amavis
make
make install
ln -s /var/dcc/libexec/cron-dccd /usr/bin/cron-dccd 
chown -R amavis:amavis /var/dcc

Testen von DCC: 

cdcc info

Es sollten Antworten von den DCC-Servern erfolgen. Localhost (127.0.0.1) wird nicht antworten. Dies ist normal hier. 

vi /etc/spamassassin/v310.pre

DCC Plugin aktivieren (#-Zeichen entfernen): 

loadplugin Mail::SpamAssassin::Plugin::DCC

Aktivieren der Plugins und Bayes-Filter: 

vi /etc/spamassassin/local.cf

Kommentarzeichen (#) von folgenden Einträgen entfernen: 

lock_method flock
use_bayes 1
bayes_auto_learn 1
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status

Folgende Zeilen ans Ende anfügen: 

bayes_path /var/lib/amavis/.spamassassin/bayes
auto_whitelist_path /var/lib/amavis/.spamassassin/auto-whitelist
whitelist_from spambin@example.com
bayes_auto_learn_threshold_nonspam -0.5

#pyzor
use_pyzor 1
pyzor_path /usr/bin/pyzor

#razor
use_razor2 1
razor_config /etc/razor/razor-agent.conf
razor_timeout 8

#dcc
use_dcc 1

Spamassassin Regeln updaten: 

sa-update

ClamAV

adduser clamav amavis
/etc/init.d/clamav-freshclam restart
/etc/init.d/clamav-daemon restart

AmavisD

cd /etc/amavis/conf.d

Aktivieren der Spam- und Virenchecks: 

vi 15-content_filter_mode

Folgende Optionen aktivieren (#-Zeichen entfernen): 

@bypass_virus_checks_maps = (
  \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

@bypass_spam_checks_maps = (
  \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

Nun sind zahlreiche Einstellungen im File 50-user erforderlich:

Achtung:
Alle Einträge zwischen use strict und 1; einfügen. Ansonsten wird Amavisd nicht korrekt funktionieren!
vi 50-user

$mydomain und $myhostname entsprechend der Domain und Hostname anpassen 

# explicitly set $mydomain and $myhostname:
$mydomain = 'example.com';
$myhostname = 'server.example.com';

# when amavisd-new sends notifications, they appear to come from here:
$mailfrom_notify_admin     = "postmaster\@$mydomain";
$mailfrom_notify_recip     = "postmaster\@$mydomain";
$mailfrom_notify_spamadmin = "postmaster\@$mydomain";
$hdrfrom_notify_sender = "amavisd-new <postmaster\@$mydomain>";

$notify_method = 'smtp:[127.0.0.1]:10025'; # where to submit notifications

$max_servers = 6;

# We discard (and quarantine) viruses, discard (and quarantine) spam (>= kill_level), 
# bounce (and quarantine) banned files and pass bad headers:
$final_virus_destiny      = D_DISCARD;
$final_banned_destiny     = D_BOUNCE;
$final_spam_destiny       = D_DISCARD;
$final_bad_header_destiny = D_PASS;

# disable DKIM - for now
$enable_dkim_verification = 0;  # enable DKIM signatures verification
$enable_dkim_signing = 0;    # load DKIM signing code, keys defined by dkim_key 

# don't quarantine bad headers (no need since we pass them all):
$bad_header_quarantine_to = undef;

# Spam gets the Subject line prepended with:
#$sa_spam_subject_tag = 'Spam> ';

Falls dem Subject einer Spamnachricht durch amavisd ein Tag (Standard 'Spam> ') vorangestllt werden soll, Kommentarzeichen vor $sa_spam_subject_tag entfernen und das Tag anpassen z.B. ***SPAM*** 

$sa_spam_subject_tag = '***SPAM*** ';

# We tag all headers (for 'local' domains) with X-Spam info:
$sa_tag_level_deflt = undef;

# This is the system default spam tag level that will be overridden by user's preferences in MySQL
$sa_tag2_level_deflt = 6.31;

# The default is to not quarantine any spam (outside of what users get in their Spam folder), 
# so set default kill_level high. Users can choose their own kill_level however. kill_level
# will trigger quarantining.
$sa_kill_level_deflt = 9999;

$warnbannedrecip = 1;
$defang_banned = 1;
$defang_virus  = 1;

# We are going to create policy banks that will notify us of internally created spam
# but also let banned files out (provided they are compressed).

@mynetworks = qw( 127.0.0.0/8 192.168.0.0/16 );

Evtl. den Eintrag @mynetworks den Netzwerkgegebenheiten anpassen. 

$inet_socket_port = [10024]; 

$inet_socket_bind = 127.0.0.1;

# disable quarantine subdirectories
$quarantine_subdir_levels = undef;

# we may need to add items to this  
@additional_perl_modules = qw(
);


Postfix

An den Postfix Konfigurationsfiles müssen Änderungen durchgeführt werden, um den Spamfilter in die Mail-Transportkette einzuschleifen: 

vi /etc/master.cf

Folgende Zeilen ans Ende anfügen: 

lmtp-amavis    unix  -       -       n       -       2       lmtp
   -o lmtp_data_done_timeout=1200
   -o lmtp_send_xforward_command=yes
   -o disable_dns_lookups=yes
   -o max_use=20
127.0.0.1:10025 inet n  -       y     -       -  smtpd
   -o content_filter=
   -o local_recipient_maps=
   -o relay_recipient_maps=
   -o smtpd_restriction_classes=
   -o smtpd_delay_reject=no
   -o smtpd_client_restrictions=permit_mynetworks,reject
   -o smtpd_helo_restrictions=
   -o smtpd_sender_restrictions=
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o smtpd_data_restrictions=reject_unauth_pipelining
   -o smtpd_end_of_data_restrictions=
   -o mynetworks=127.0.0.0/8
   -o smtpd_error_sleep_time=0
   -o smtpd_soft_error_limit=1001
   -o smtpd_hard_error_limit=1000
   -o smtpd_client_connection_count_limit=0
   -o smtpd_client_connection_rate_limit=0
   -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

vi /etc/postfix/main.cf

Folgende Option einfügen: 

content_filter=lmtp-amavis:[127.0.0.1]:10024


Starten der Services

/etc/init.d/spamassassin start
/etc/init.d/amavisd start
/etc/init.d/postfix restart
Abgerufen von „https://wiki.schiele.homelinux.org/index.php?title=Debian_AmavisD&oldid=141