科技行者

行者学院 转型私董会 科技行者专题报道 网红大战科技行者

知识库

知识库 安全导航

至顶网安全频道架设防病毒、垃圾邮件网关

架设防病毒、垃圾邮件网关

  • 扫一扫
    分享文章到微信

  • 扫一扫
    关注官方公众号
    至顶头条

邮件网关是用来做为公司原有服务器之过滤器,它是架设在原有的 服务器之前端,可将广告信和病毒邮件在邮件网关 内做完过滤的动作之后,再把信件传送到原有公司的邮件服务器上,完全不用更改到原本公司内部的那台邮件服务器,如此就可以省去很多不必要的麻烦。

作者:论坛整理 来源:zdnet网络安全 2008年4月14日

关键字: 病毒 防病毒 病毒防范 反病毒 木马 杀毒软件

  • 评论
  • 分享微博
  • 分享邮件

邮件网关是用来做为公司原有服务器之过滤器,它是架设在原有的服务器之前端,可将广告信和病毒邮件在邮件网关内做完过滤的动作之后,再把信件传送到原有公司的邮件服务器上,完全不用更改到原本公司内部的那台邮件服务器,如此就可以省去很多不必要的麻烦,

安装 邮件网关 必需配合 DNSServer的设定,要将 MX 记录的第一个记录指向邮件网关,再把MX 记录的第二记录指向原有公司的那台邮件服务器,这样就可以有容错的功能,如果 邮件网关硬件损坏或关机时,邮件还是会传送到原有的邮件服务器而不会遗失。

所需信息:

OS : FreeBSD6.0 Release

postfix-2.3.2 : /usr/ports/mail/postfix

clamav-0.88 : /usr/ports/security/clamav

uvscan-dat: /usr/ports/secutity/uvscan-dat

vscan: /usr/ports/secutity/vscan

amavis-stats-0.1.12 /usr/ports/security/amavis-stats

amavisd-new-2.4.1 : /usr/ports/security/amavisd-new

邮件网关 IP : 202.104.144.195(假设)

邮件服务器 IP : 202.104.144.196(假设)

域名:test.domain (假设)

安装开始==========〉

新装系统先用cvsup更新ports。

安装 Clamav

#cd /usr/ports/security/clamav

#make install clean

编辑启动档 #vi /etc/rc.conf

clamav_clamd_enable="YES"

clamav_freshclam_enable="YES"

#cd /usr/local/etc

#cp clamd.conf.default clamd.conf

#cp freshclam.conf.default freshclam.conf

编辑设定档: #vi /usr/local/etc/clamd.conf

LogFile /var/log/clamav/clamd.log

LogFileMaxSize 2M

LogTime

LogSyslog

LogVerbose

PidFile /var/run/clamav/clamd.pid

LocalSocket /var/run/clamav/clamd

StreamSaveToDisk

MaxDirectoryRecursion 15

User clamav

AllowSupplementaryGroups

ScanMail

ScanArchive

ArchiveMaxFileSize 10M

ArchiveMaxRecursion 5

ArchiveMaxFiles 1000

ClamukoScanOnOpen

ClamukoScanOnClose

ClamukoScanOnExec

ClamukoIncludePath /home

ClamukoMaxFileSize 1M

ClamukoScanArchive

安装uvscan

#cd /usr/ports/security/uvscan-dat

#make install clean

# cd /usr/usr/ports/security/vscan

#make install clean

增加定时更新病毒库

#crontab –e

20 0 * * * /usr/local/sbin/update_dat

再加装 Amavisd-new

#cd /usr/ports/security/amavisd-new/

#make install clean

#cp /usr/local/etc/amavisd.conf-sample /usr/local/etc/amavisd.conf

#vi /usr/local/etc/amavisd.conf

****************************************************************

# Section I - Essential daemon and MTA settings

$mydomain = "test.domain";

$myhostname = "viruswall.test.domain";

$forward_method = "smtp:127.0.0.1:10025";

$notify_method = $forward_method;

# Section II - MTA specific

没更改变使用预设

# Section III - Logging

$DO_SYSLOG = 1;

$DO_SYSLOG = 5;

# Section IV - Notifications/DSN, bounce/reject/discard/pass, quarantine

$final_virus_destiny = D_BOUNCE; # (defaults to D_DISCARD)

$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)

$final_spam_destiny = D_DISCARD; # (defaults to D_BOUNCE)

$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested

# Section V - Per-recipient and per-sender handling, whitelisting, etc.

$virus_admin = "virusalert@$myhostname";

$spam_admin = "spamalert@$myhostname";

# Section VI - Resource limits

没更改变使用预设

# Section VII - External programs, virus scanners, SpamAssassin

$sa_tag_level_deflt = -999;

$sa_tag2_level_deflt = 10;

$sa_kill_level_deflt = 20;

["ClamAV-clamd", # 开启 clamav 跟 amavisd-new 搭配

\%26amp;ask_daemon, ["CONTSCAN {} ", "/var/run/clamav/clamd"],

qr/OK$/, qr/FOUND$/,

qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

# Section VIll - Resource limits

$sa_spam_subject_tag = "***SPAM*** ";

$sa_spam_modifies_subj = 1;

# Section IX - Policy banks (dynamic policy switching)

没更改变使用预设

****************************************************************

新增 log 文件所要使用的目录及改变目录权限:

#mkdir /var/log/amavis

#chown vscan:vscan amavis

#cd amavis

#touch amavis.log

#chown vscan amavis.log

#cd /var

#chown -R vscan:clamav amavis

在最新的AMaVisd-new已经结合了Spamassassin功能,所以只要用 ports安装了 AMaVisd-new,那Spamassassin 也已经安装好了。

添加需要的用户

# pw useradd spam -c "Spam Bayes Learner" -d /var/empty -s /sbin/nologin

# pw useradd notspam -c "Not Spam Bayes Learner" -d /var/empty -s /sbin/nologin

修改/usr/local/etc/mail/spamassassin/local.cf

use_bayes 1

bayes_path /var/amavis/.spamassassin/bayes

auto_learn 1

auto_learn_threshold_nonspam -2

auto_learn_threshold_spam 15

加入 SapmAssassin 的学习设定档:

#vi /var/amavis/.spamassassin/user_prefs

required_hits 5.0

rewrite_subject 1

# Text to prepend to subject if rewrite_subject is used

rewrite_header Subject ****SPAM(_SCORE_)****

# Encapsulate spam in an attachment

report_safe 1

# Use terse version of the spam report # 用精简的方式来回报垃圾给管理者

use_terse_report 1

# Enable the Bayes system # 使用贝氏学习系统

use_bayes 1

# Enable Bayes auto-learning # 开起贝氏自动学习功能

auto_learn 1

# Enable or disable network checks

skip_rbl_checks 0

use_razor2 1

use_dcc 1

use_pyzor 1

# Mail using languages used in these country codes will not be marked

# as being possibly spam in a foreign language.

# - chinese

ok_languages all

# Mail using locales used in these country codes will not be marked

# as being possibly spam in a foreign language.

ok_locales all

# Disabled scores

score HEADER_8BITS 0

score HTML_COMMENT_8BITS 0

score SUBJ_FULL_OF_8BITS 0

score UPPERCASE_25_50 0

score UPPERCASE_50_75 0

score UPPERCASE_75_100 0

#chown vscan:vscan user_prefs

建立自动学习体系

l# vi /usr/local/sbin/my-sa-learn.sh

#!/bin/sh

if [ -e /var/mail/spam ]; then

/usr/local/bin/sa-learn --spam -p /var/amavis/.spamassassin/user_prefs --mbox /var/mail/spam

rm /var/mail/spam > /dev/null

fi

if [ -e /var/mail/notspam ]; then

/usr/local/bin/sa-learn --ham -p /var/amavis/.spamassassin/user_prefs --mbox /var/mail/notspam

rm /va/mail/notspam > /dev/null

fi

# chmod a+x /usr/local/sbin/my-sa-learn.sh

建立学习知识库:

mail# /usr/local/bin/sa-learn --rebuild -p /var/amavis/.spamassassin/user_prefs

加入自动运行:

mail# crontab -e

5 0 * * * /usr/local/sbin/my-sa-learn.sh

编辑启动档 #vi /etc/rc.conf 增加:

amavisd_enable="YES"

spamd_enable="YES"

加装 Postfix MTA

#cd /usr/ports/mail/postfix

#make install # 可以什么选项都不用选,安装过程会有两个需要回答的问题都选 Yes 即可

#vi /usr/local/etc/postfix/master.cf # 注意下面 -o 之前必须要空一格 postfix 才会正常启动

smtp-amavis unix- - n - 2 smtp

-o disable_dns_lookups=yes

127.0.0.1:10025 inet n - n - - smtpd

-o content_filter=

-o local_recipient_maps=

-o relay_recipient_maps=

-o smtpd_restriction_classes=

-o smtpd_client_restrictions=

-o smtpd_helo_restrictions=

-o smtpd_sender_restrictions=

-o smtpd_recipient_restrictions=permit_mynetworks,reject

-o mynetworks=127.0.0.0/8

-o strict_rfc821_envelopes=yes

#vi /usr/local/etc/postfix/main.cf

myhostname = viruswall.test.domain

mydomain = test.domain

mynetworks = 202.104.144.196/28, 127.0.0.0/8

alias_maps = hash:/usr/local/etc/postfix/aliases

content_filter = smtp-amavis:[127.0.0.1]:10024

relay_domains = $mydestination, test.domain

transport_maps = hash:/usr/local/etc/postfix/transpor

#cd /usr/local/etc/postfix/

#vi aliases

virusalert: admin

spamalert: admin

#vi transport

test.domain smtp:[202.96.144.196]

.test.domain smtp:[202.104.144.196]

viruswall.test.domain local:

localhost.test.domain local:

#postalias aliases

#postmap transport

#postfix start

#postfix reload

#netstat -na |grep LISTEN # 查看 25 , 10024 , 10025 这三个 port 有无 up

tcp4 0 0 127.0.0.1.10025 *.* LISTEN

tcp4 0 0 *.25 *.* LISTEN

tcp4 0 0 127.0.0.1.10024 *.* LISTEN

安装amvis-stats

#cd /usr/ports/secrity/amavis-stats

#make install clean

# cd /usr/local/www/data

# ln -s ../amavis-stats ./

# crontab -e -u amavis

*/5 * * * * /usr/local/sbin/amavis-stats /var/log/maillog 2>%26amp;1 > /dev/null

有关apache2与php4的相关设定就不再啰嗦。

在http://viruswall.test.domain/amavis-stats就可以访问网关服务器拦截病毒与垃圾邮件的成绩图。其中拦截的病毒与垃圾邮件被放置在/var/virusmails里,要定期清理:

#crontab –e

50 23 * * * find /var/virusmails/ -ctime +7 -type f -delete -print |mail -s "Delete Virusmail" root@test.domain

    • 评论
    • 分享微博
    • 分享邮件
    邮件订阅

    如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。

    重磅专题
    往期文章
    最新文章