ec2 + Postfix + Amavisd-new + ClamAV + Spamassassin
發表於 : 週三 11月 23, 2016 12:01 pm
Install Amavisd-new
Ok. Here we go…
This will install amavisd-new and a bunch of dependencies (30Mb)
It will also install Spamassassin by default
Install ClamAV
edit the following file
and comment the line “Example” like this
update the ClamAV database
auto update is already set up, but to work properly, we need to edit the following file:
and remove this 4 lines:
edit the cron file just to make sure that the line is not commented
OK. Packages are installed. Here comes the configuration part
Configuration
We need to edit amavisd.conf file
Change the following lines like this…
Now we need to check if everything is set in postfix master.cf
On top you should have lines…
Stop the postfix daemon
First we need to make sure that Spamassassin, Amavisd-new and ClamAV daemons are running
Then make sure that after reboot all daemons are automatically started:
Now start the postfix daemon:
If all is well, we should have a basic spam and virus protection up and running!
Let's do some testing:
Test Amavisd…
Test the SMTP daemon on port 10025
Daemons are up and running. It's time to send some viruses and spam to test our server.
Keep an eye on maillog file while receiving virus and spam
Send an email from external account (gmail) to account hosted on this server with the following content (Eicar virus) :
You should see something like this in your maillog file…
What about SPAM? Send the following string from external account:
Check the maillog…
One last thing to do… Spamassassin already added a cron job. Just make sure that the line is not commented!
Thats it! Job well done.
ref: http://forums.sentora.org/showthread.php?tid=1132
Ok. Here we go…
代碼: 選擇全部
yum install amavisd-new
This will install amavisd-new and a bunch of dependencies (30Mb)
It will also install Spamassassin by default
Install ClamAV
代碼: 選擇全部
yum install clamav clamav-update
edit the following file
代碼: 選擇全部
vi /etc/freshclam.conf
and comment the line “Example” like this
代碼: 選擇全部
# Example
update the ClamAV database
代碼: 選擇全部
freshclam
auto update is already set up, but to work properly, we need to edit the following file:
代碼: 選擇全部
vi /etc/sysconfig/freshclam
and remove this 4 lines:
代碼: 選擇全部
### !!!!! REMOVE ME !!!!!!
### REMOVE ME: By default, the freshclam update is disabled to avoid
### REMOVE ME: network access without prior activation
FRESHCLAM_DELAY=disabled-warn # REMOVE ME
edit the cron file just to make sure that the line is not commented
代碼: 選擇全部
vi /etc/cron.d/clamav-update
OK. Packages are installed. Here comes the configuration part
Configuration
We need to edit amavisd.conf file
代碼: 選擇全部
vi /etc/amavisd/amavisd.conf
Change the following lines like this…
代碼: 選擇全部
$mydomain = ‘rusli.cloudns.org’; # a convenient default for other settings
$myhostname = 'mail.rusli.coudns.org’; # must be a fully-qualified domain name and same as reverse DNS lookup
Now we need to check if everything is set in postfix master.cf
代碼: 選擇全部
vi /etc/postfix/master.cf
On top you should have lines…
代碼: 選擇全部
smtp inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o receive_override_options=no_address_mappings
-o content_filter=smtp-amavis:127.0.0.1:10024
…and on the bottom of the file…
代碼: 選擇全部
#
# spam/virus section
#
smtp-amavis unix - - y - 2 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
-o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n - y - - smtpd
-o content_filter=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o receive_override_options=no_header_body_checks
-o smtpd_helo_required=no
-o smtpd_client_restrictions=
-o smtpd_restriction_classes=
-o disable_vrfy_command=no
-o strict_rfc821_envelopes=yes
Stop the postfix daemon
代碼: 選擇全部
#systemctl stop postfix
service postfix stop
First we need to make sure that Spamassassin, Amavisd-new and ClamAV daemons are running
代碼: 選擇全部
#systemctl start spamassassin
#systemctl start amavisd # This will also run ClamAV
service spamassassin start
service amavisd start # This will also run ClamAV
Then make sure that after reboot all daemons are automatically started:
代碼: 選擇全部
#systemctl enable spamassassin
#systemctl enable amavisd
chkconfig spamassassin on
chkconfig amavisd on
Now start the postfix daemon:
代碼: 選擇全部
#systemctl start postfix
service postfix start
If all is well, we should have a basic spam and virus protection up and running!
Let's do some testing:
Test Amavisd…
代碼: 選擇全部
telnet localhost 10024
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 [::1] ESMTP amavisd-new service ready
ehlo localhost
250-[::1]
250-VRFY
250-PIPELINING
250-SIZE
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 XFORWARD NAME ADDR PORT PROTO HELO IDENT SOURCE
OK.
Test the SMTP daemon on port 10025
代碼: 選擇全部
telnet localhost 10025
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.domain.com ESMTP
ehlo localhost
250-mail.domain.com
250-PIPELINING
250-SIZE 20480000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
OK.
Daemons are up and running. It's time to send some viruses and spam to test our server.
Keep an eye on maillog file while receiving virus and spam
代碼: 選擇全部
tail -f /var/log/maillog
Send an email from external account (gmail) to account hosted on this server with the following content (Eicar virus) :
代碼: 選擇全部
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
You should see something like this in your maillog file…
代碼: 選擇全部
Feb 00 00:00:00 host amavis[32426]: (032426-01) Blocked INFECTED (Eicar-Test-Signature) {DiscardedOpenRelay,Quarantined}
Woohoo, Amavis, ClamAV and Postfix are working together nicely!
What about SPAM? Send the following string from external account:
代碼: 選擇全部
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
Check the maillog…
代碼: 選擇全部
Feb 00 00:00:00 host amavis[32425]: (032425-02) Blocked SPAM {DiscardedOpenRelay,Quarantined}
Blocked!
One last thing to do… Spamassassin already added a cron job. Just make sure that the line is not commented!
代碼: 選擇全部
vi /etc/cron.d/sa-update
Thats it! Job well done.
ref: http://forums.sentora.org/showthread.php?tid=1132