Thursday, August 23, 2007

Mail Gateway - ClamAV & Spamassassin

Description
This system is already test and can receive mail traffic as mail gateway:

  • 200,000 mails/day for FreeBSD Box, default kernel
  • 125,000 mails/day for Linux Box, default kernel
Services
Service Postfix 2.3.4
ClamAV 0.88.6
Amavisd-New 2.4.4
Spamassassin 3.1.7

Download
http://www.postfix.org/download.html
http://www.clamav.net/
http://www.ijs.si/software/amavisd/
http://www.spamassassin.org/

Dependencies
CPAN – Perl Module
# cpan
cpan> install Archive::Tar Archive::Zip Compress::Zlib Convert::TNEF Convert::UUlib MIME::Base64 MIME::Parser Mail::Internet Net::Server Net::SMTP Digest::MD5 IO::Stringy Time::HiRes Unix::Syslog HTML::Parser
cpan> install MD5 LWP Mail::Internet Archive::Tar Archive::Zip IO::Wrap IO::Stringy Unix::Syslog MIME::Words MIME::Head MIME::Body MIME::Entity MIME::Parser Net::SMTP Net::DNS Net::Ping Net::Server Net::Server::PreForkSimple Convert::TNEF Convert::UUlib MIME::Decoder::Base64 MIME::Decoder::Binary MIME::Decoder::Gzip64 MIME::Decoder::NBit MIME::Decoder::QuotedPrint MIME::Decoder::UU Time::HiRes Digest::SHA1 Digest::Nilsimsa Getopt::Long File::Copy Bit::Vector Date::Calc
cpan> install IO::Socket IO::Socket::INET IO::Socket::UNIX
cpan> install Net::SMTP Net::Cmd Net::SMTP Net::Server Net::Server::PreForkSimple
cpan> install DB_File Unix::Syslog File::Tail Archive::Rar Archive::TarGzip Archive::Any
cpan> install Net::DNS Mail::SPF::Query IP::Country Net::Ident IO::Socket::INET6 IO::Socket::SSL
cpan> install Inline::C Mail::ClamAV Mail::SpamAssassin DBI Net::LDAP Authen::SASL SAVI Convert::UUlib Compress::Zlib

Configure
groupadd postdrop
useradd postfix -s /bin/false
groupadd clamav
useradd clamav -g clamav -s /bin/false
mkdir /home/clamav
mkdir -p /home/clamav/amavis
mkdir -p /home/clamav/virusmails
mkdir -p /home/clamav/db
mkdir -p /home/clamav/var
mkdir -p /home/clamav/tmp
mkdir -p /home/clamav/virusdb
chmod 750 /home/clamav/amavis
chown -R clamav.clamav /home/clamav
touch /var/log/clamd.log
touch /var/log/freshclam.log
touch /var/log/clam-update.log
chown clamav.clamav /var/log/clamd.log
chown clamav.clamav /var/log/freshclam.log
chown clamav.clamav /var/log/clam-update.log


Postfix
# tar –zxvf postfix-2.3.4.tar.gz
# make
# make install

ClamAV
# tar –zxvf clamav-0.88.6.tar.gz
# ./configure --sysconfdir=/usr/local/etc --with-dbdir=/home/clamav/virusdb --libdir=/usr --includedir=/usr
# make
# make check
# make install

Amavisd-New
# tar -zxvf amavisd-new-2.x.x.tar.gz
# cd amavisd-new-2.x.x
# cp amavisd /usr/local/sbin/
# chown root /usr/local/sbin/amavisd
# chmod 755 /usr/local/sbin/amavisd

Spamassassin
# tar –zxvf Mail-SpamAssassin-3.1.7.tar.gz
# ./configure
# make
# make install

Exec Path
/usr/local/sbin/amavisd
/usr/local/bin/freshclam -d -c 10 --datadir=/home/clamav/virusdb
/usr/local/sbin/clamd/usr/sbin/postfix start

Config File

/etc/clamd.conf
---------------
AlgorithmicDetection yes
ArchiveLimitMemoryUsage yes
ArchiveMaxCompressionRatio 300
ArchiveMaxFileSize 15M
ArchiveMaxFiles 1500
ArchiveMaxRecursion 10
DatabaseDirectory /home/clamav/virusdb
LeaveTemporaryFiles yes
LogClean yes
LogFile /var/log/clamd.log
LogFileMaxSize 1000M
LogTime yes
PidFile /home/clamav/var/clamd.pid
ScanArchive yes
ScanHTML yes
ScanMail yes
TCPAddr 127.0.0.1
TCPSocket 3310
TemporaryDirectory /var/tmp
User clamav


/etc/amavisd.conf
-----------------
KEY POINT:
$max_servers = 3; # number of pre-forked children (2..15 is common)
$max_requests = 10;
$child_timeout=5*60;
$daemon_user = 'clamav'; # (no default; customary: vscan or amavis)
$daemon_group = 'clamav'; # (no default; customary: vscan or amavis)
$mydomain = 'mydomain.com'; # a convenient default for other settings
$MYHOME = '/home/clamav'; # a convenient default for other settings
$TEMPBASE = "$MYHOME/tmp"; # working directory, needs to be created manually
$ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR
$QUARANTINEDIR = "$MYHOME/virusmails";
# $daemon_chroot_dir = $MYHOME; # chroot directory or undef
$db_home = "$MYHOME/db";
$helpers_home = "$MYHOME/var"; # prefer $MYHOME clean and owned by root?
$pid_file = "$MYHOME/var/amavisd.pid";
$lock_file = "$MYHOME/var/amavisd.lock";
#NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually
@local_domains_maps = ( [".$mydomain"] );
@mynetworks = qw( 127.0.0.0/8 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
$log_level = 0; # verbosity 0..5
$log_recip_templ = undef; # disable by-recipient level-0 log entries
$DO_SYSLOG = 1; # log via syslogd (preferred)
$SYSLOG_LEVEL = 'mail.debug';
#$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny)
#$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1
$inet_socket_port = 10024; # listen on this local TCP port(s) (see $protocol)
$inet_socket_bind = '127.0.0.1';
@inet_acl = qw( 127.0.0.1 );
#$unix_socketname = "$MYHOME/amavisd.sock"; # when using sendmail milter
$sa_tag_level_deflt = -6.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.0; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.0; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0; # only tests which do not require internet access?
$sa_auto_whitelist = 1; # turn on AWL in SA 2.63 or older (irrelevant
$sa_spam_subject_tag = '***SPAM*** ';
$defang_virus = 1; # MIME-wrap passed infected mail
$defang_banned = 1; # MIME-wrap passed mail containing banned name
# for defanging bad headers only turn on certain minor contents categories:
$defang_by_ccat{+CC_BADH.",3"} = 1; # NUL or CR character in header
$defang_by_ccat{+CC_BADH.",5"} = 1; # header line longer than 998 characters
$defang_by_ccat{+CC_BADH.",6"} = 1; # header field syntax error
# OTHER MORE COMMON SETTINGS (defaults may suffice):
#$myhostname = 'mydomain.com'; # must be a fully-qualified domain name!
$notify_method = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[10.1.1.1]:25'; # Destination Mailserver
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_BOUNCE;
$final_spam_destiny = D_PASS;
$final_bad_header_destiny = D_PASS;

# ### http://www.clamav.net/
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "127.0.0.1:3310"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],



/etc/freshclam.conf
-------------------
Checks 24
DatabaseDirectory /home/clamav/virusdb
DatabaseMirror database.clamav.net
PidFile /home/clamav/var/freshclam.pid
UpdateLogFile /var/log/freshclam.log


/etc/mail/spamassassin/local.cf
--------------------------------
add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_
add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_
auto_learn 1
bayes_path /home/clamav/amavis/.spamassassin/bayes
dns_available yes
report_safe 0
required_hits 6.0
rewrite_subject 1
skip_rbl_checks 1
subject_tag *** Spam ***
use_bayes 1


/etc/postfix/main.cf
--------------------
KEY POINT:
header_checks = regexp:/etc/postfix/header_checks
relay_domains = hash:/etc/postfix/relay_domains
smtpd_client_restrictions = hash:/etc/postfix/access
smtpd_delay_reject=no
smtpd_helo_restrictions = hash:/etc/postfix/access
relay_domains = hash:/etc/postfix/relay_domains
smtpd_recipient_restrictions =
#permit_mynetworks,
#reject_non_fqdn_sender,
#reject_non_fqdn_recipient,
#reject_unknown_sender_domain,
#reject_unknown_recipient_domain,
reject_unauth_destination,
reject_rbl_client list.dsbl.org,
permit


/etc/postfix/master.cf
----------------------
KEY POINT:
smtp inet n - n - - smtpd
-o content_filter=smtp-amavis:[127.0.0.1]:10024

smtp-amavis unix - - n - 3 lmtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes

127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes


/etc/postfix/access
-------------------
194.67.23.20 REJECT -- MAIL BOMBING --
84.58.99.89 REJECT -- MAIL BOMBING --


/etc/postfix/relay_domains
--------------------------
mydomain.com RELAY


/etc/postfix/header_checks
--------------------------
/^(.*)name\=\"(.*)\.(hta|com|pif|vbs|vbe|js|jse|bat|cmd|vxd|scr|shm|hlp|spl|swf)\"$/ DISCARD ---- File attachment yang akan anda kirim ditolak untuk alasan keamanan - Your attachment file(s) rejected for security reason ----


/etc/postfix/body_checks
------------------------
/^(.*)V I R U S A L E R T/ DISCARD virus
/^(.*)VIRUS NOTIFICATION/ DISCARD virus
/^(.*)Virus Warning Message/ DISCARD virus

Data
/usr/spool/postfix/
/home/clamav/virusdb
/home/clamav/virusmails

Startup
/usr/local/sbin/amavisd
/usr/local/bin/freshclam -d -c 10 --datadir=/home/clamav/virusdb
/usr/local/sbin/clamd/usr/sbin/postfix start

Crontab
# crontab –l
####CLAMD####
0 0 * * * /bin/rm -rf /var/tmp/clamav-*
0 0 * * * /bin/rm /home/clamav/virusmails/*
0 0 * * * /bin/rm -r /home/clamav/tmp/amavis-*

Top Command
Bash# postfix start|stop|restart
Bash# tail –f /var/log/maillog
Bash# telnet localhost 10024 | 3310 | 25

Diposting oleh Web Documentation di 7:18 PM

Label: , ,

1 comment:

Anonymous said...

200,000 mails/day for FreeBSD

Which Hardware did you use (CPU/MEM??) and medium email size/type (%Spam,%Virus..) ??

December 3, 2007 at 8:13 AM

Post a Comment

Subscribe to: Post Comments (Atom)

Search Linux Resources

Grab this swicki from eurekster.com