Debian AmavisD
Version vom 21. März 2009, 17:04 Uhr von Erich (Diskussion | Beiträge)
Einleitung
Voraussetzungen:
- C-Compiler
- Webserver installiert
- MySQL installiert
Installation
Es sind zahlreiche Pakete erforderlich:
Debian Paketmanager:
apt-get --yes install libgd2-xpm php5-imap php5-ldap php5-mcrypt php5-gd apt-get --yes install libcrypt-blowfish-perl libossp-uuid-perl libio-zlib-perl apt-get --yes install libarchive-tar-perl libarchive-zip-perl libtemplate-perl apt-get --yes install libemail-address-perl libconvert-tnef-perl libnet-ldap-perl apt-get --yes install libunix-syslog-perl libnet-dns-perl libberkeleydb-perl apt-get --yes install libauthen-sasl-perl libmail-dkim-perl libio-socket-ssl-perl libnet-ident-perl apt-get --yes install imagemagick apt-listchanges
Pear PHP-Manager:
pear channel-update pear.php.net pear upgrade pear pear install XML_RPC pear install Mail_Mime pear install DB_Pager pear install Auth_SASL pear install Net_Socket pear install Net_Smtp pear install Net_IMAP pear install Net_POP3 pear install Log pear install DB pear install Pager pear install --alldeps Image_Color pear install -f Image_Canvas pear install -f Numbers_Words pear install Numbers_Roman pear install -f Image_Graph-0.7.2
Achtung:
- Das Paket NET_IMAP enthält einen Bug, der relativ einfach gefixt werden kann:
(Details zum Bug und Lösung siehe auch http://pear.php.net/bugs/bug.php?id=3438):
vi /usr/share/php/Net/IMAPProtocol.php
Die Zeilen 700 bis 702 folgendermaßen abändern:
#return $args; // not for now return $this->_genericImapResponseParser($args,$cmdid);
Perl-Module (MCPAN):
perl -MCPAN -e shell install Net::Server install Mail::SPF::Query install Convert::UUlib install Crypt::CBC install MIME::Parser exit
AmavisD Spamassassin und ClamAV
apt-get --yes install unrar-free nomarch lzop cabextract apt-get --yes install clamav clamav-daemon clamav-docs apt-get --yes install spamassassin razor pyzor amavisd-new
Konfiguration
Spamassassin
vi /etc/default/spamassassin
Spamassassin aktivieren:
ENABLED=1
Plugin DKIM:
vi /etc/spamassassin/v312.pre
DKIM Plugin aktivieren (#-Zeichen entfernen):
loadplugin Mail::SpamAssassin::Plugin::DKIM
Plugin Pyzor:
pyzor discover su amavis -c 'pyzor discover' su amavis -c 'pyzor ping'
Pyzor ping sollte ein Ok liefern: public.pyzor.org:24441 (200, 'OK')
Plugin Razor:
razor-admin -create razor-admin -register cp -r /root/.razor /var/lib/amavis chown -R amavis:amavis /var/lib/amavis
Plugin DCC:
cd /usr/local/src wget http://www.dcc-servers.net/dcc/source/dcc-dccproc.tar.Z tar xzvf dcc-dccproc.tar.Z cd dcc-dccproc-[tab][enter] ./configure --with-uid=amavis make make install ln -s /var/dcc/libexec/cron-dccd /usr/bin/cron-dccd chown -R amavis:amavis /var/dcc
Testen von DCC:
cdcc info
Es sollten Antworten von den DCC-Servern erfolgen. Localhost (127.0.0.1) wird nicht antworten. Dies ist normal hier.
vi /etc/spamassassin/v310.pre
DCC Plugin aktivieren (#-Zeichen entfernen):
loadplugin Mail::SpamAssassin::Plugin::DCC
Aktivieren der Plugins und Bayes-Filter:
vi /etc/spamassassin/local.cf
Kommentarzeichen (#) von folgenden Einträgen entfernen:
lock_method flock use_bayes 1 bayes_auto_learn 1 bayes_ignore_header X-Bogosity bayes_ignore_header X-Spam-Flag bayes_ignore_header X-Spam-Status
Folgende Zeilen ans Ende anfügen:
bayes_path /var/lib/amavis/.spamassassin/bayes auto_whitelist_path /var/lib/amavis/.spamassassin/auto-whitelist whitelist_from spambin@example.com bayes_auto_learn_threshold_nonspam -0.5 #pyzor use_pyzor 1 pyzor_path /usr/bin/pyzor #razor use_razor2 1 razor_config /etc/razor/razor-agent.conf razor_timeout 8 #dcc use_dcc 1
Spamassassin Regeln updaten:
sa-update
ClamAV
adduser clamav amavis /etc/init.d/clamav-freshclam restart /etc/init.d/clamav-daemon restart
AmavisD
cd /etc/amavis/conf.d
Aktivieren der Spam- und Virenchecks:
vi 15-content_filter_mode
Folgende Optionen aktivieren (#-Zeichen entfernen):
@bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); @bypass_spam_checks_maps = ( \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
Nun sind zahlreiche Einstellungen im File 50-user erforderlich:
Achtung:
- Alle Einträge zwischen use strict und 1; einfügen. Ansonsten wird Amavisd nicht korrekt funktionieren!
vi 50-user
$mydomain und $myhostname entsprechend der Domain und Hostname anpassen
# explicitly set $mydomain and $myhostname: $mydomain = 'example.com'; $myhostname = 'server.example.com'; # when amavisd-new sends notifications, they appear to come from here: $mailfrom_notify_admin = "postmaster\@$mydomain"; $mailfrom_notify_recip = "postmaster\@$mydomain"; $mailfrom_notify_spamadmin = "postmaster\@$mydomain"; $hdrfrom_notify_sender = "amavisd-new <postmaster\@$mydomain>"; $notify_method = 'smtp:[127.0.0.1]:10025'; # where to submit notifications $max_servers = 6; # We discard (and quarantine) viruses, discard (and quarantine) spam (>= kill_level), # bounce (and quarantine) banned files and pass bad headers: $final_virus_destiny = D_DISCARD; $final_banned_destiny = D_BOUNCE; $final_spam_destiny = D_DISCARD; $final_bad_header_destiny = D_PASS; # disable DKIM - for now $enable_dkim_verification = 0; # enable DKIM signatures verification $enable_dkim_signing = 0; # load DKIM signing code, keys defined by dkim_key # don't quarantine bad headers (no need since we pass them all): $bad_header_quarantine_to = undef; # Spam gets the Subject line prepended with: #$sa_spam_subject_tag = 'Spam> ';
Falls dem Subject einer Spamnachricht durch amavisd ein Tag (Standard 'Spam> ') vorangestllt werden soll, Kommentarzeichen vor $sa_spam_subject_tag entfernen und das Tag anpassen z.B. ***SPAM***
$sa_spam_subject_tag = '***SPAM*** '; # We tag all headers (for 'local' domains) with X-Spam info: $sa_tag_level_deflt = undef; # This is the system default spam tag level that will be overridden by user's preferences in MySQL $sa_tag2_level_deflt = 6.31; # The default is to not quarantine any spam (outside of what users get in their Spam folder), # so set default kill_level high. Users can choose their own kill_level however. kill_level # will trigger quarantining. $sa_kill_level_deflt = 9999; $warnbannedrecip = 1; $defang_banned = 1; $defang_virus = 1; # We are going to create policy banks that will notify us of internally created spam # but also let banned files out (provided they are compressed). @mynetworks = qw( 127.0.0.0/8 192.168.0.0/16 );
Evtl. den Eintrag @mynetworks den Netzwerkgegebenheiten anpassen.
$inet_socket_port = [10024]; $inet_socket_bind = 127.0.0.1; # disable quarantine subdirectories $quarantine_subdir_levels = undef; # we may need to add items to this @additional_perl_modules = qw( );
Postfix
An den Postfix Konfigurationsfiles müssen Änderungen durchgeführt werden, um den Spamfilter in die Mail-Transportkette einzuschleifen:
vi /etc/master.cf
Folgende Zeilen ans Ende anfügen:
lmtp-amavis unix - - n - 2 lmtp -o lmtp_data_done_timeout=1200 -o lmtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - y - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
vi /etc/postfix/main.cf
Folgende Option einfügen:
content_filter=lmtp-amavis:[127.0.0.1]:10024
Starten der Services
/etc/init.d/spamassassin start /etc/init.d/amavisd start /etc/init.d/postfix restart