原贴:http://www.west263.com/www/info/64389-1.htm
clamav + amavisd-new + spamassassin 系统设置说明_qmail
clamav + amavisd-new + spamassassin 系统设置说明_qmail
# This option enables scanning of Microsoft Office document macros.
# Default: enabled
ScanOLE2 打开office文档扫描
# Enable internal e-mail scanner.
# Default: enabled
ScanMail 打开邮件扫描
# ClamAV can scan within archives and compressed files.
# Default: enabled
ScanArchive 扫描压缩包
# Due to license issues libclamav does not support RAR 3.0 archives (only the
# old 2.0 format is supported). Because some users report stability problems
# with unrarlib its disabled by default and you must uncomment the directive
# below to enable RAR 2.0 support.
# Default: disabled
ScanRAR 扫描RAR压缩包
# Files in archives larger than this limit wont be scanned.
# Value of 0 disables the limit.
# Default: 10M
ArchiveMaxFileSize 10M 最大扫描压缩包文件为10兆
# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
# file, all files within it will also be scanned. This options specifies how
# deep the process should be continued.
# Value of 0 disables the limit.
# Default: 8
ArchiveMaxRecursion 9 扫描压缩包9层
# Number of files to be scanned within an archive.
# Value of 0 disables the limit.
# Default: 1000
ArchiveMaxFiles 1000 最多扫描压缩包内1500个文件
# Set access mask for Clamuko.
# Default: disabled
ClamukoScanOnOpen
ClamukoScanOnClose
ClamukoScanOnExec
# Dont scan files larger than ClamukoMaxFileSize
# Value of 0 disables the limit.
# Default: 5M
ClamukoMaxFileSize 10M
Amavisd-new (/etc/ amavisd.conf )
D_PASS: 不做任何处理,直接传送给收件人。
D_DISCARD: 邮件不传送给发件人及收件人。
D_BOUNCE: 不传送给收件人。除了定义在 $viruses_that_fake_sender_re 病毒名称外的信件,amavisd-new 皆会传送 DSN 讯息给发件人。
D_REJECT: 不传送给收件人,发件人会收到拒绝传送的信息。
$sa_auto_whitelist = 1; # 启用自动学习白名单 White List
$sa_mail_body_size_limit = 200*1024; # 超过某个特定大小的邮件就不经过
SpamAssassin 的扫描。
$sa_tag_level_deflt = 4.0; # 超过这个分数标准者,才视为垃圾邮件打分数。
加入 X-Spam-Status 及 X-Spam-Level 信息头
$sa_tag2_level_deflt = 6.3; # 超过这个分数标准者,才允许在邮件标题加入
Spam 信息。
加入 X-Spam-Flag:YES 及改写主题
$sa_kill_level_deflt = 10 ; # 超过这个分数标准者,就直接將信件备份后删除。
$sa_dsn_cutoff_level = 9; # 超过这个分数标准者,將不会送出 DSN 信息。
Spamassassin (/etc/mail/spamassassin/local.cf )
# SpamAssassin config file for version 3.x
# NOTE: NOT COMPATIBLE WITH VERSIONS 2.5 or 2.6
# See http://www.yrex.com/spam/s... for earlier versions
# Generated by http://www.yrex.com/spam/s... (version 1.50)
# How many hits before a message is considered spam. 得分多少以上就会被判定为垃圾邮件。
required_hits 6.3
# Whether to change the subject of suspected spam. 在已判定的垃圾邮件之标题加上标记。( 如果是使用amaivsd来呼叫spamassass进行过滤的,请修改 Amavisd-new 的配置文件amavisd.conf 中的相应选项:$sa_spam_subject_tag = ***[ Junk Mail ]*** ; )
rewrite_header Subject ****SPAM(_SCORE_)****
# Encapsulate spam in an attachment.
# 要如何处理垃圾邮件。如果邮件还会经过防毒程序的扫描处理,所以必须设定为 0。
# 0:将信息写入邮件表头。
# 1:将垃圾邮件转为附件。
# 2:将垃圾邮件转为纯文字附件。
report_safe 0
# Use terse version of the spam report. 用精简的方式来回复垃圾邮件信息给管理者
use_terse_report 0
# Enable the Bayes system. 使用贝叶斯学习系统
use_bayes 1
# Enable Bayes auto-learning. 开启贝叶斯自动学习功能
auto_learn 1
# Enable or Disable network checks. 略过 RBLs 检查、使用 Razor version 2、使用 DCC (Distributed Checksum Clearinghouse)、使用 Pyzor
skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 1
# Blacklist. 黑名单,判定減 + 100 分
blacklist_from *@sohu.com *@mailfb.com
# Whitelist . 白名单,判定加 — 100 分
whitelist_from *@yahoo.com.tw *@yahoo.com.hk *@yahoogroups.com.hk
whitelist_from rika@rika.idv.tw
# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
# - chinese
ok_languages zh en
# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales zh en
# Disabled scores. 防止中文主旨和中文收件者误判,建议再加上下列几行
score HEADER_8BITS 0
score HTML_COMMENT_8BITS 0
score SUBJ_FULL_OF_8BITS 0
score UPPERCASE_25_50 0
score UPPERCASE_50_75 0
score UPPERCASE_75_100 0
# local domain from but ip not match. 域名和 IP 不符合,疑为垃圾邮件
header __FROM_TEATIME Received =~ /from test.com.cn/i
header __FROM_TEATIME_IP Received =~ //[12/.34/.56/.78/]/
meta FROM_TEATIME_BUT_IP_ERROR (__FROM_TEATIME)
describe FROM_TEATIME_BUT_IP_ERROR From test.com.cn but ip not match
score FROM_TEATIME_BUT_IP_ERROR 8
vi /etc/amavisd.conf (加入以下两行)
---------------------------------------------------------------------------------------
read_hash(/%whitelist_sender, /var/amavis/var/.spamassassin/whitelist);
read_hash(/%blacklist_sender, /var/amavis/var/.spamassassin/blacklist);
---------------------------------------------------------------------------------------
注明:以上两个文件 whitelist 和 blacklist 要手动建立
touch > /var/amavis/var/.spamassassin/whitelist
touch > /var/amavis/var/.spamassassin/blacklist
两个文件的属主属性为:
chown amavis:amavis whitelist
chown amavis:amavis blacklist
1)建立后,执行 /etc/rc.d/init.d/amavisd reload 让 amavisd 重新读取配置文件信息。
2)登记在 whitelist 的邮件地址或域名均不会被 Spamassassin 打分为垃圾邮件。
3)登记在 blacklist 的邮件地址或域名均会被 Spamassassin 打分为垃圾邮件。
4)whitelist 和 blacklist 的写法,例如:
test@test.com.cn
*@boss.com
5)修改了 whitelist 或 blacklist 文件,均需要执行 /etc/rc.d/init.d/amavisd restart 让 amavisd 重新启动,否则,黑白名单不能生效 !!!
---------------------------------------------------------------------------------------
有些廣告信的發信軟體, 會在 smtp 的 helo/ehlo 使用你本身的 domain name. 這個在 spamassassin 中可以使用類似下面的設定:
# local domain from but ip not match
header __FROM_TEATIME Received =~ /from teatime.com.tw/i
header __FROM_TEATIME_IP Received =~ //[211/.23/.144/.122/]/
meta FROM_TEATIME_BUT_IP_ERROR (__FROM_TEATIME %26amp;%26amp; !__FROM_TEATIME_IP)
describe FROM_TEATIME_BUT_IP_ERROR From teatime.com.tw but ip not match
score FROM_TEATIME_BUT_IP_ERROR 8
如上面的設定, 如果有收到 from teatime.com.tw 的信件, 但是 ip 又沒有出現 teatime.com.tw 正確的 ip, 就認為是廣告信, 給它一個高分.
還有一些發信的軟體會在 From, To, Cc 等欄位, 使用 XXXX@mydomain 之類的 email, XXXX 是一些中文字...
所以我們可以利用下面的方法檢查:
# From addr like @mydomain
header __FROM_8BIT_LOCAL From:addr =~ /[a-zA-Z0-9_-]*[/x80xff][a-zA-Z0-9_-]*/@teatime/.com/.tw/i
header __TO_8BIT_LOCAL To:addr =~ /[a-zA-Z0-9_-]*[/x80-/xff][a-zA-Z0-9_-]*/@teatime/.com/.tw/i
header __CC_8BIT_LOCAL Cc:addr =~ /[a-zA-Z0-9_-]*[/x80-/xff][a-zA-Z0-9_-]*/@teatime/.com/.tw/i
meta LOCAL_8BIT_USER (__FROM_8BIT_LOCAL || __TO_8BIT_LOCAL || __CC_8BIT_LOCAL)
describe LOCAL_8BIT_USER From or To a chinese@mydomain
score LOCAL_8BIT_USER 8.0
http://www.huihoo.com/inte...
反病毒,反垃圾邮件部分(Anti-Virus,Anti-Spam)
这 里需要开通一个病毒通知邮箱virusalert@yourdomain.org和广告通知邮箱spam@yourdomain.org, 我习惯于将virusalert 转信到 postmaster@example.org ,只要在postfix_aliases表中插入记录即可.
INSERT INTO `postfix_aliases` (`alias` , `rcpt`) VALUES (virusalert, postmaster@example.org);
INSERT INTO `postfix_aliases` (`alias` , `rcpt`) VALUES (spamalert, postmaster@example.org);
INSERT INTO `postfix_aliases` (`alias` , `rcpt`) VALUES (notspam, postmaster@example.org);
AMaViS
.......................................
: Postfix :
---smtpd / :
: -pre-cleanup-/ /local--
--pickup / -queue- :
: -cleanup-/ | /smtp---
: bounces/ ^ v :
: and locally | v :
: forwarded smtpd smtp-amavis :
: messages 10025 | :
...........................|...........
^ |
| v
............|..............................
: | $inet_socket_port=10024 :
: | :
: $forward_method=smtp:127.0.0.1:10025 :
: $notify_method =smtp:127.0.0.1:10025 :
: :
: amavisd-new :
...........................................
安装各种压缩软件,在这里压缩软件主要作用解压邮件附件,然后再查杀病毒。
# rpm -ivh unrar-3.2.3-2.9.i386.rpm
# rpm -ivh zoo-2.10-11.9.i386.rpm
# rpm -ivh unzoo-4.4-2.i386.rpm
# rpm -ivh arc-5.21e-6.i386.rpm
# rpm -ivh nomarch-1.3-1mdk.i586.rpm
# rpm -ivh unarj-2.65-3.9.i386.rpm
# rpm -ivh arj-3.10-0.1.i386.rpm
# rpm -ivh freeze-2.5.0-7.i386.rpm
# mkdir cmpress
# tar -zxvf compress-4.0.1.tar.gz -C compress
# cd compress
# make
# make install
安装amavisd之前,首先安装CPAN perl -MCPAN -e shell,CPAN可以手动配置,也可以自动配置,建议使用手动配置,这样你可以选择下载URL,我选择的是linuxforum.net
自动配置 提示Are you ready for manual configuration? [yes]输入no然后回车
[root@linuxas3 src]# perl -MCPAN -e shell
We have to reconfigure CPAN.pm due to following uninitialized parameters:
cpan_home, keep_source_where, build_dir, build_cache, scan_cache, index_expire, gzip, tar, unzip, ma
ke, pager, makepl_arg, make_arg, make_install_arg, urllist, inhibit_startup_message, ftp_proxy, http
_proxy, no_proxy, prerequisites_policy, cache_metadata
/usr/lib/perl5/5.8.0/CPAN/Config.pm initialized.
CPAN is the world-wide archive of perl resources. It consists of about
100 sites that all replicate the same contents all around the globe.
Many countries have at least one CPAN site already. The resources
found on CPAN are easily accessible with the CPAN.pm module. If you
want to use CPAN.pm, you have to configure it properly.
If you do not want to enter a dialog now, you can answer no to this
question and Ill try to autoconfigure. (Note: you can revisit this
dialog anytime later by typing o conf init at the cpan prompt.)
Are you ready for manual configuration? [yes]no
手动配置
[root@linuxas3 src]# perl -MCPAN -e shell
We have to reconfigure CPAN.pm due to following uninitialized parameters:
cpan_home, keep_source_where, build_dir, build_cache, scan_cache, index_expire, gzip, tar, unzip, ma
ke, pager, makepl_arg, make_arg, make_install_arg, urllist, inhibit_startup_message, ftp_proxy, http
_proxy, no_proxy, prerequisites_policy, cache_metadata
/usr/lib/perl5/5.8.0/CPAN/Config.pm initialized.
CPAN is the world-wide archive of perl resources. It consists of about
100 sites that all replicate the same contents all around the globe.
Many countries have at least one CPAN site already. The resources
found on CPAN are easily accessible with the CPAN.pm module. If you
want to use CPAN.pm, you have to configure it properly.
If you do not want to enter a dialog now, you can answer no to this
question and Ill try to autoconfigure. (Note: you can revisit this
dialog anytime later by typing o conf init at the cpan prompt.)
Are you ready for manual configuration? [yes]
The following questions are intended to help you with the
configuration. The CPAN module needs a directory of its own to cache
important index files and maybe keep a temporary mirror of CPAN files.
This may be a site-wide directory or a personal directory.
I see you already have a directory
/root/.cpan
Shall we use it as the general CPAN build and cache directory?
CPAN build and cache directory? [/root/.cpan]
If you want, I can keep the source files after a build in the cpan
home directory. If you choose so then future builds will take the
files from there. If you dont want to keep them, answer 0 to the
next question.
How big should the disk cache be for keeping the build directories
with all the intermediate files?
Cache size for build directory (in MB)? [10]
By default, each time the CPAN module is started, cache scanning
is performed to keep the cache size in sync. To prevent from this,
disable the cache scanning with never.
Perform cache scanning (atstart or never)? [atstart]
To considerably speed up the initial CPAN shell startup, it is
possible to use Storable to create a cache of metadata. If Storable
is not available, the normal index mechanism will be used.
Cache metadata (yes/no)? [yes]
The next option deals with the charset your terminal supports. In
general CPAN is English speaking territory, thus the charset does not
matter much, but some of the aliens out there who upload their
software to CPAN bear names that are outside the ASCII range. If your
terminal supports UTF-8, you say no to the next question, if it
supports ISO-8859-1 (also known as LATIN1) then you say yes, and if it
supports neither nor, your answer does not matter, you will not be
able to read the names of some authors anyway. If you answer no, names
will be output in UTF-8.
Your terminal expects ISO-8859-1 (yes/no)? [yes]
The CPAN module can detect when a module that which you are trying to
build depends on prerequisites. If this happens, it can build the
prerequisites for you automatically (follow), ask you for
confirmation (ask), or just ignore them (ignore). Please set your
policy to one of the three values.
Policy on building prerequisites (follow, ask or ignore)? [ask]
The CPAN module will need a few external programs to work properly.
Please correct me, if I guess the wrong path for a program. Dont
panic if you do not have some of them, just press ENTER for those. To
disable the use of a download program, you can type a space followed
by ENTER.
Where is your gzip program? [/bin/gzip]
Where is your tar program? [/bin/tar]
Where is your unzip program? [/usr/bin/unzip]
Where is your make program? [/usr/bin/make]
Where is your links program? [/usr/bin/links]
Where is your wget program? [/usr/bin/wget]
Warning: ncftpget not found in PATH
Where is your ncftpget program? []
Warning: ncftp not found in PATH
Where is your ncftp program? []
Where is your ftp program? [/usr/kerberos/bin/ftp]
What is your favorite pager program? [/usr/bin/less]
What is your favorite shell? [/bin/bash]
Every Makefile.PL is run by perl in a separate process. Likewise we
run make and make install in processes. If you have any
parameters (e.g. PREFIX, LIB, UNINST or the like) you want to pass
to the calls, please specify them here.
If you dont understand this question, just press ENTER.
Parameters for the perl Makefile.PL command?
Typical frequently used settings:
POLLUTE=1 increasing backwards compatibility
LIB=~/perl non-root users (please see manual for more hints)
Your choice: []
Parameters for the make command?
Typical frequently used setting:
-j3 dual processor system
Your choice: []
Parameters for the make install command?
Typical frequently used setting:
UNINST=1 to always uninstall potentially conflicting files
Your choice: []
Sometimes you may wish to leave the processes run by CPAN alone
without caring about them. As sometimes the Makefile.PL contains
question youre expected to answer, you can set a timer that will
kill a perl Makefile.PL process after the specified time in seconds.
If you set this value to 0, these processes will wait forever. This is
the default and recommended setting.
Timeout for inactivity during Makefile.PL? [0]
If youre accessing the net via proxies, you can specify them in the
CPAN configuration or via environment variables. The variable in
the $CPAN::Config takes precedence.
Your ftp_proxy?
Your http_proxy?
Your no_proxy?
You have no /root/.cpan/sources/MIRRORED.BY
Im trying to fetch one
CPAN: LWP::UserAgent loaded ok
Fetching with LWP:
ftp://ftp.perl.org/pub/CPA...
Now we need to know where your favorite CPAN sites are located. Push
a few sites onto the array (just in case the first on the array wont
work). If you are mirroring CPAN to your local workstation, specify a
file: URL.
First, pick a nearby continent and country (you can pick several of
each, separated by spaces, or none if you just want to keep your
existing selections). Then, you will be presented with a list of URLs
of CPAN mirrors in the countries you selected, along with previously
selected URLs. Select some of those URLs, or just keep the old list.
Finally, you will be prompted for any extra URLs -- file:, ftp:, or
http: -- that host a CPAN mirror.
(1) Africa
(2) Asia
(3) Central America
(4) Europe
(5) North America
(6) Oceania
(7) South America
Select your continent (or several nearby continents) [] 2
Sorry! since you dont have any existing picks, you must make a
geographic selection.
(1) China
(2) Indonesia
(3) Israel
(4) Japan
(5) Malaysia
(6) Philippines
(7) Republic of Korea
(8) Russian Federation
(9) Saudi Arabia
(10) Singapore
(11) Taiwan
(12) Thailand
Select your country (or several nearby countries) [] 1
Sorry! since you dont have any existing picks, you must make a
geographic selection.
(1) ftp://ftp.shellhung.org/pu...
(2) ftp://mirrors.hknet.com/CP...
(3) http://cpan.linuxforum.net...
Select as many URLs as you like,
put them on one line, separated by blanks [] 3
Enter another URL or RETURN to quit: []
New set of picks:
http://cpan.linuxforum.net...
WAIT support is available as a Plugin. You need the CPAN::WAIT module
to actually use it. But we need to know your favorite WAIT server. If
you dont know a WAIT server near you, just press ENTER.
Your favorite WAIT server?
[wait://ls6-www.informatik.uni-dortmund.de:1404]
commit: wrote /usr/lib/perl5/5.8.0/CPAN/Config.pm
cpan shell -- CPAN exploration and modules installation (v1.61)
ReadLine support available (try install Bundle::CPAN)
cpan>
安装下载CPAN
下载是amavisd用到module
cpan> install CPAN
cpan> install LWP
cpan> install Archive::Tar
cpan> install Archive::Zip
cpan> install Compress::Zlib
cpan> install Convert::TNEF
cpan> install Convert::UUlib
cpan> install MIME::Base64
cpan> install MIME::Parser
cpan> install MIME::Tools
cpan> install Mail::Internet
cpan> install Net::Server
cpan> install Net::SMTP
cpan> install Digest::MD5
cpan> install IO::Stringy
cpan> install Time::HiRes
cpan> install Unix::Syslog
下载是SpamAssassin用到module,如果上面已经安装,这里不用再重复安装。
cpan> install ExtUtils::MakeMaker
cpan> install File::Spec
cpan> install Pod::Usage
cpan> install HTML::Parser
cpan> install Sys::Syslog
cpan> install DB_File
cpan> install Net::DNS
cpan> install Mail::Audit
cpan> install Mail::Internet
cpan> install Net::SMTP
cpan> install Digest::SHA1
cpan> install Net::Ident
cpan> install IO::Socket::SSL
cpan> quit
下载安装模块
登录网站 http://search.cpan.org
输入要查找的模块如:Time::HiRes
Time::HiRes
High resolution alarm, sleep, gettimeofday, interval timers
Time-HiRes-1.59 - 08 Apr 2004 - Jarkko Hietaniemi
下载 Time-HiRes-1.59 或复制它的URL,然后在使用 wget下载
[root@linuxas3 src]# wget http://search.cpan.org/CPA...
解包
[root@linuxas3 src]# tar zxvf Time-HiRes-1.59.tar.gz
Time-HiRes-1.59/
Time-HiRes-1.59/hints/
Time-HiRes-1.59/hints/sco.pl
Time-HiRes-1.59/hints/svr4.pl
Time-HiRes-1.59/hints/dec_osf.pl
Time-HiRes-1.59/hints/solaris.pl
Time-HiRes-1.59/hints/dynixptx.pl
Time-HiRes-1.59/hints/irix.pl
Time-HiRes-1.59/Changes
Time-HiRes-1.59/MANIFEST
Time-HiRes-1.59/typemap
Time-HiRes-1.59/TODO
Time-HiRes-1.59/HiRes.pm
Time-HiRes-1.59/fallback/
Time-HiRes-1.59/fallback/const-c.inc
Time-HiRes-1.59/fallback/const-xs.inc
Time-HiRes-1.59/HiRes.xs
Time-HiRes-1.59/META.yml
Time-HiRes-1.59/t/
Time-HiRes-1.59/t/HiRes.t
Time-HiRes-1.59/Makefile.PL
Time-HiRes-1.59/README
[root@linuxas3 src]# cd Time-HiRes-1.59
编译安装
[root@linuxas3 Time-HiRes-1.59]# perl Makefile.PL
[root@linuxas3 Time-HiRes-1.59]# make
[root@linuxas3 Time-HiRes-1.59]# make test
[root@linuxas3 Time-HiRes-1.59]# make install
有些模块例如(install Time::HiRes)安装时提示:
then set the environment variable LC_ALL to "C" and retry
Configuring Time::HiRes...
Looking for gettimeofday()... found.
Looking for setitimer()... found.
Looking for getitimer()... found.
You have interval timers (both setitimer and setitimer).
Looking for ualarm()... found.
Looking for usleep()... found.
Looking for nanosleep()... found.
You can mix subsecond sleeps with signals.
Checking if your kit is complete...
Looks good
Writing Makefile for Time::HiRes
Now you may issue make. Do not forget also make test.
NOTE: if you get an error like this (the line number may vary):
Makefile:91: *** missing separator
then set the environment variable LC_ALL to "C" and retry
from scratch (re-run perl "Makefile.PL").
设置环境变量LC_ALL
cpan> exit
[root@linuxas3 src]# export LC_ALL=C
[root@linuxas3 src]# echo ${LC_ALL}
C
[root@linuxas3 src]#
然后进入CPAN环境,再安装
cpan> install Time::HiRes
/usr/bin/make install -- OK
AMaViS的安装(http://www.ijs.si/software...
[root@linuxas3 src]# cd amavisd-new-20030616
[root@linuxas3 amavisd-new-20030616]# groupadd sweep
[root@linuxas3 amavisd-new-20030616]# adduser vscan -g sweep -d /dev/null -s/bin/false
[root@linuxas3 amavisd-new-20030616]# adduser amavis
[root@linuxas3 amavisd-new-20030616]# patch -p0 patching file amavisd.conf
patching file amavisd
[root@linuxas3 amavisd-new-20030616]# mkdir /var/amavis
[root@linuxas3 amavisd-new-20030616]# chown amavis:amavis /var/amavis
[root@linuxas3 amavisd-new-20030616]# chmod 750 /var/amavis
[root@linuxas3 amavisd-new-20030616]# cp amavisd /usr/local/sbin/
[root@linuxas3 amavisd-new-20030616]# chown root /usr/local/sbin/amavisd
[root@linuxas3 amavisd-new-20030616]# chmod 755 /usr/local/sbin/amavisd
[root@linuxas3 amavisd-new-20030616]# cp amavisd.conf /etc/
[root@linuxas3 amavisd-new-20030616]# chown root /etc/amavisd.conf
[root@linuxas3 amavisd-new-20030616]# chmod 644 /etc/amavisd.conf
[root@linuxas3 amavisd-new-20030616]# cp amavisd_init.sh /etc/init.d/amavisd
[root@linuxas3 amavisd-new-20030616]# chmod 744 /etc/init.d/amavisd
[root@linuxas3 amavisd-new-20030616]# chkconfig --add amavisd
[root@linuxas3 amavisd-new-20030616]# chkconfig amavisd on
[root@linuxas3 amavisd-new-20030616]# vi /etc/init.d/amavisd
prog="/usr/local/sbin/amavisd"
[root@linuxas3 amavisd-new-20030616]# mkdir /var/virusmails
[root@linuxas3 amavisd-new-20030616]# chown -R amavis.amavis /var/virusmails(隔离区)
amavisd-new-courier.patch 这个补丁的作用是,stop amavis时关闭uvsan.如果不打补丁,当你amavis stop后,10024没有被释放。
再次启动amavis会提示你有程序正在使用10024端口.
Configure postfix to use amavis
[root@linux amavisd-new-20030616]# vi /etc/amavisd.conf
#
# Section I - Essential daemon and MTA settings
#
$mydomain = example.net; # (no useful default)
$myhostname = mail.example.net; # fqdn of this host, default by uname(3)
$forward_method = smtp:127.0.0.1:10025;
$notify_method = $forward_method;
$max_servers = 2; # number of pre-forked children (default 2)
$max_requests = 10; # retire a child after that many accepts (default 10)
$child_timeout=5*60; # abort child if it does not complete each task in n sec
# (default: 8*60 seconds)
#加入你的虚拟域.否则虚拟域邮箱不能anti-spam,如果你的虚拟域很多建议使用read_hash
@local_domains_acl = ( ".$mydomain", .example.net, .your.virualdomain );
# 每个域名站一行.如果域名前有"."点,则包括他的子域.
#read_hash(/%local_domains, /var/amavis/local_domains);
@bypass_virus_checks_acl = qw( . ); # uncomment to DISABLE anti-virus code
@local_domains_acl = ( ".$mydomain" ); # $mydomain and its subdomains
#
# Section IV - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine
#
#设置对垃圾邮件处理的方式,D_BOUNCE改为D_PASS
#(D_DISCARD表示丢弃,D_BOUNCE表示后来弹回信息, D_REJECT表示当时弹回信息,D_PASS表示允许通过)
$final_spam_destiny = D_PASS; # (defaults to D_REJECT)
#
# Section V - Per-recipient and per-sender handling, whitelisting, etc.
#
read_hash(/%whitelist_sender, /var/amavis/whitelist_sender); #去掉注释
read_hash(/%blacklist_sender, /var/amavis/blacklist_sender); #自己添加
read_hash(/%spam_lovers, /var/amavis/spam_lovers); #自己添加
# SpamAssassin settings
$sa_auto_whitelist = 1; # turn on AWL (default: false) #去掉“#”注释
$sa_spam_subject_tag = ***SPAM*** ; # (defaults to undef, disabled)
$virus_admin = "virusalert/@$mydomain";
$spam_admin = "spamalert/@$mydomain";
@av_scanners = (
# ### http://www.clamav.net/
[Clam Antivirus-clamd,
/%26amp;ask_daemon, ["CONTSCAN {}/n", "/var/run/clamav/clamd.sock"],
qr//bOK$/, qr//bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: run clamd under the same user as amavisd; match the socket
# # name (LocalSocket) in clamav.conf to the socket name in this entry
# # When running chrooted one may prefer: ["CONTSCAN {}/n","$MYHOME/clamd"],
找到@av_scanners = (这一行,在VI中可以输入/@av_scanners = (查到它的位置,然后去掉clamav的注释。
/etc/postfix/master.cf
[root@linuxas3 amavisd-new-20030616]# cd /etc/postfix/
[root@linuxas3 postfix]# vi master.cf
# amavis
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
提高处理性能
将 /etc/amavisd.conf 的 $max_servers 数字加大,预设是 2。
然后将该数字映到 /etc/postfix/master.cf 的 smtp-amavis 。
例:
$max_servers = 4
smtp-amavis unix - - n - 4 smtp
上面smtp-amavis 中的 n 选项是chroot功能
y启用、n关闭。
然后重新reload postfix和amavisd即可!
注:做系统管理最忌重启.很多人喜欢stop重start,其实用reload重新载入配置文件就要以.这样的好处是不会中断会话.
/etc/postfix/main.cf
#============ Amavis ================
soft_bounce=yes
content_filter = smtp-amavis:[127.0.0.1]:10024
文章整理:西部数码--专业提供 域名注册、 虚拟主机服务
http://www.west263.com
以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息,谢谢!
# Default: enabled
ScanOLE2 打开office文档扫描
# Enable internal e-mail scanner.
# Default: enabled
ScanMail 打开邮件扫描
# ClamAV can scan within archives and compressed files.
# Default: enabled
ScanArchive 扫描压缩包
# Due to license issues libclamav does not support RAR 3.0 archives (only the
# old 2.0 format is supported). Because some users report stability problems
# with unrarlib its disabled by default and you must uncomment the directive
# below to enable RAR 2.0 support.
# Default: disabled
ScanRAR 扫描RAR压缩包
# Files in archives larger than this limit wont be scanned.
# Value of 0 disables the limit.
# Default: 10M
ArchiveMaxFileSize 10M 最大扫描压缩包文件为10兆
# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
# file, all files within it will also be scanned. This options specifies how
# deep the process should be continued.
# Value of 0 disables the limit.
# Default: 8
ArchiveMaxRecursion 9 扫描压缩包9层
# Number of files to be scanned within an archive.
# Value of 0 disables the limit.
# Default: 1000
ArchiveMaxFiles 1000 最多扫描压缩包内1500个文件
# Set access mask for Clamuko.
# Default: disabled
ClamukoScanOnOpen
ClamukoScanOnClose
ClamukoScanOnExec
# Dont scan files larger than ClamukoMaxFileSize
# Value of 0 disables the limit.
# Default: 5M
ClamukoMaxFileSize 10M
Amavisd-new (/etc/ amavisd.conf )
D_PASS: 不做任何处理,直接传送给收件人。
D_DISCARD: 邮件不传送给发件人及收件人。
D_BOUNCE: 不传送给收件人。除了定义在 $viruses_that_fake_sender_re 病毒名称外的信件,amavisd-new 皆会传送 DSN 讯息给发件人。
D_REJECT: 不传送给收件人,发件人会收到拒绝传送的信息。
$sa_auto_whitelist = 1; # 启用自动学习白名单 White List
$sa_mail_body_size_limit = 200*1024; # 超过某个特定大小的邮件就不经过
SpamAssassin 的扫描。
$sa_tag_level_deflt = 4.0; # 超过这个分数标准者,才视为垃圾邮件打分数。
加入 X-Spam-Status 及 X-Spam-Level 信息头
$sa_tag2_level_deflt = 6.3; # 超过这个分数标准者,才允许在邮件标题加入
Spam 信息。
加入 X-Spam-Flag:YES 及改写主题
$sa_kill_level_deflt = 10 ; # 超过这个分数标准者,就直接將信件备份后删除。
$sa_dsn_cutoff_level = 9; # 超过这个分数标准者,將不会送出 DSN 信息。
Spamassassin (/etc/mail/spamassassin/local.cf )
# SpamAssassin config file for version 3.x
# NOTE: NOT COMPATIBLE WITH VERSIONS 2.5 or 2.6
# See http://www.yrex.com/spam/s... for earlier versions
# Generated by http://www.yrex.com/spam/s... (version 1.50)
# How many hits before a message is considered spam. 得分多少以上就会被判定为垃圾邮件。
required_hits 6.3
# Whether to change the subject of suspected spam. 在已判定的垃圾邮件之标题加上标记。( 如果是使用amaivsd来呼叫spamassass进行过滤的,请修改 Amavisd-new 的配置文件amavisd.conf 中的相应选项:$sa_spam_subject_tag = ***[ Junk Mail ]*** ; )
rewrite_header Subject ****SPAM(_SCORE_)****
# Encapsulate spam in an attachment.
# 要如何处理垃圾邮件。如果邮件还会经过防毒程序的扫描处理,所以必须设定为 0。
# 0:将信息写入邮件表头。
# 1:将垃圾邮件转为附件。
# 2:将垃圾邮件转为纯文字附件。
report_safe 0
# Use terse version of the spam report. 用精简的方式来回复垃圾邮件信息给管理者
use_terse_report 0
# Enable the Bayes system. 使用贝叶斯学习系统
use_bayes 1
# Enable Bayes auto-learning. 开启贝叶斯自动学习功能
auto_learn 1
# Enable or Disable network checks. 略过 RBLs 检查、使用 Razor version 2、使用 DCC (Distributed Checksum Clearinghouse)、使用 Pyzor
skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 1
# Blacklist. 黑名单,判定減 + 100 分
blacklist_from *@sohu.com *@mailfb.com
# Whitelist . 白名单,判定加 — 100 分
whitelist_from *@yahoo.com.tw *@yahoo.com.hk *@yahoogroups.com.hk
whitelist_from rika@rika.idv.tw
# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
# - chinese
ok_languages zh en
# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales zh en
# Disabled scores. 防止中文主旨和中文收件者误判,建议再加上下列几行
score HEADER_8BITS 0
score HTML_COMMENT_8BITS 0
score SUBJ_FULL_OF_8BITS 0
score UPPERCASE_25_50 0
score UPPERCASE_50_75 0
score UPPERCASE_75_100 0
# local domain from but ip not match. 域名和 IP 不符合,疑为垃圾邮件
header __FROM_TEATIME Received =~ /from test.com.cn/i
header __FROM_TEATIME_IP Received =~ //[12/.34/.56/.78/]/
meta FROM_TEATIME_BUT_IP_ERROR (__FROM_TEATIME)
describe FROM_TEATIME_BUT_IP_ERROR From test.com.cn but ip not match
score FROM_TEATIME_BUT_IP_ERROR 8
vi /etc/amavisd.conf (加入以下两行)
---------------------------------------------------------------------------------------
read_hash(/%whitelist_sender, /var/amavis/var/.spamassassin/whitelist);
read_hash(/%blacklist_sender, /var/amavis/var/.spamassassin/blacklist);
---------------------------------------------------------------------------------------
注明:以上两个文件 whitelist 和 blacklist 要手动建立
touch > /var/amavis/var/.spamassassin/whitelist
touch > /var/amavis/var/.spamassassin/blacklist
两个文件的属主属性为:
chown amavis:amavis whitelist
chown amavis:amavis blacklist
1)建立后,执行 /etc/rc.d/init.d/amavisd reload 让 amavisd 重新读取配置文件信息。
2)登记在 whitelist 的邮件地址或域名均不会被 Spamassassin 打分为垃圾邮件。
3)登记在 blacklist 的邮件地址或域名均会被 Spamassassin 打分为垃圾邮件。
4)whitelist 和 blacklist 的写法,例如:
test@test.com.cn
*@boss.com
5)修改了 whitelist 或 blacklist 文件,均需要执行 /etc/rc.d/init.d/amavisd restart 让 amavisd 重新启动,否则,黑白名单不能生效 !!!
---------------------------------------------------------------------------------------
有些廣告信的發信軟體, 會在 smtp 的 helo/ehlo 使用你本身的 domain name. 這個在 spamassassin 中可以使用類似下面的設定:
# local domain from but ip not match
header __FROM_TEATIME Received =~ /from teatime.com.tw/i
header __FROM_TEATIME_IP Received =~ //[211/.23/.144/.122/]/
meta FROM_TEATIME_BUT_IP_ERROR (__FROM_TEATIME %26amp;%26amp; !__FROM_TEATIME_IP)
describe FROM_TEATIME_BUT_IP_ERROR From teatime.com.tw but ip not match
score FROM_TEATIME_BUT_IP_ERROR 8
如上面的設定, 如果有收到 from teatime.com.tw 的信件, 但是 ip 又沒有出現 teatime.com.tw 正確的 ip, 就認為是廣告信, 給它一個高分.
還有一些發信的軟體會在 From, To, Cc 等欄位, 使用 XXXX@mydomain 之類的 email, XXXX 是一些中文字...
所以我們可以利用下面的方法檢查:
# From addr like @mydomain
header __FROM_8BIT_LOCAL From:addr =~ /[a-zA-Z0-9_-]*[/x80xff][a-zA-Z0-9_-]*/@teatime/.com/.tw/i
header __TO_8BIT_LOCAL To:addr =~ /[a-zA-Z0-9_-]*[/x80-/xff][a-zA-Z0-9_-]*/@teatime/.com/.tw/i
header __CC_8BIT_LOCAL Cc:addr =~ /[a-zA-Z0-9_-]*[/x80-/xff][a-zA-Z0-9_-]*/@teatime/.com/.tw/i
meta LOCAL_8BIT_USER (__FROM_8BIT_LOCAL || __TO_8BIT_LOCAL || __CC_8BIT_LOCAL)
describe LOCAL_8BIT_USER From or To a chinese@mydomain
score LOCAL_8BIT_USER 8.0
http://www.huihoo.com/inte...
反病毒,反垃圾邮件部分(Anti-Virus,Anti-Spam)
这 里需要开通一个病毒通知邮箱virusalert@yourdomain.org和广告通知邮箱spam@yourdomain.org, 我习惯于将virusalert 转信到 postmaster@example.org ,只要在postfix_aliases表中插入记录即可.
INSERT INTO `postfix_aliases` (`alias` , `rcpt`) VALUES (virusalert, postmaster@example.org);
INSERT INTO `postfix_aliases` (`alias` , `rcpt`) VALUES (spamalert, postmaster@example.org);
INSERT INTO `postfix_aliases` (`alias` , `rcpt`) VALUES (notspam, postmaster@example.org);
AMaViS
.......................................
: Postfix :
---smtpd / :
: -pre-cleanup-/ /local--
--pickup / -queue- :
: -cleanup-/ | /smtp---
: bounces/ ^ v :
: and locally | v :
: forwarded smtpd smtp-amavis :
: messages 10025 | :
...........................|...........
^ |
| v
............|..............................
: | $inet_socket_port=10024 :
: | :
: $forward_method=smtp:127.0.0.1:10025 :
: $notify_method =smtp:127.0.0.1:10025 :
: :
: amavisd-new :
...........................................
安装各种压缩软件,在这里压缩软件主要作用解压邮件附件,然后再查杀病毒。
# rpm -ivh unrar-3.2.3-2.9.i386.rpm
# rpm -ivh zoo-2.10-11.9.i386.rpm
# rpm -ivh unzoo-4.4-2.i386.rpm
# rpm -ivh arc-5.21e-6.i386.rpm
# rpm -ivh nomarch-1.3-1mdk.i586.rpm
# rpm -ivh unarj-2.65-3.9.i386.rpm
# rpm -ivh arj-3.10-0.1.i386.rpm
# rpm -ivh freeze-2.5.0-7.i386.rpm
# mkdir cmpress
# tar -zxvf compress-4.0.1.tar.gz -C compress
# cd compress
# make
# make install
安装amavisd之前,首先安装CPAN perl -MCPAN -e shell,CPAN可以手动配置,也可以自动配置,建议使用手动配置,这样你可以选择下载URL,我选择的是linuxforum.net
自动配置 提示Are you ready for manual configuration? [yes]输入no然后回车
[root@linuxas3 src]# perl -MCPAN -e shell
We have to reconfigure CPAN.pm due to following uninitialized parameters:
cpan_home, keep_source_where, build_dir, build_cache, scan_cache, index_expire, gzip, tar, unzip, ma
ke, pager, makepl_arg, make_arg, make_install_arg, urllist, inhibit_startup_message, ftp_proxy, http
_proxy, no_proxy, prerequisites_policy, cache_metadata
/usr/lib/perl5/5.8.0/CPAN/Config.pm initialized.
CPAN is the world-wide archive of perl resources. It consists of about
100 sites that all replicate the same contents all around the globe.
Many countries have at least one CPAN site already. The resources
found on CPAN are easily accessible with the CPAN.pm module. If you
want to use CPAN.pm, you have to configure it properly.
If you do not want to enter a dialog now, you can answer no to this
question and Ill try to autoconfigure. (Note: you can revisit this
dialog anytime later by typing o conf init at the cpan prompt.)
Are you ready for manual configuration? [yes]no
手动配置
[root@linuxas3 src]# perl -MCPAN -e shell
We have to reconfigure CPAN.pm due to following uninitialized parameters:
cpan_home, keep_source_where, build_dir, build_cache, scan_cache, index_expire, gzip, tar, unzip, ma
ke, pager, makepl_arg, make_arg, make_install_arg, urllist, inhibit_startup_message, ftp_proxy, http
_proxy, no_proxy, prerequisites_policy, cache_metadata
/usr/lib/perl5/5.8.0/CPAN/Config.pm initialized.
CPAN is the world-wide archive of perl resources. It consists of about
100 sites that all replicate the same contents all around the globe.
Many countries have at least one CPAN site already. The resources
found on CPAN are easily accessible with the CPAN.pm module. If you
want to use CPAN.pm, you have to configure it properly.
If you do not want to enter a dialog now, you can answer no to this
question and Ill try to autoconfigure. (Note: you can revisit this
dialog anytime later by typing o conf init at the cpan prompt.)
Are you ready for manual configuration? [yes]
The following questions are intended to help you with the
configuration. The CPAN module needs a directory of its own to cache
important index files and maybe keep a temporary mirror of CPAN files.
This may be a site-wide directory or a personal directory.
I see you already have a directory
/root/.cpan
Shall we use it as the general CPAN build and cache directory?
CPAN build and cache directory? [/root/.cpan]
If you want, I can keep the source files after a build in the cpan
home directory. If you choose so then future builds will take the
files from there. If you dont want to keep them, answer 0 to the
next question.
How big should the disk cache be for keeping the build directories
with all the intermediate files?
Cache size for build directory (in MB)? [10]
By default, each time the CPAN module is started, cache scanning
is performed to keep the cache size in sync. To prevent from this,
disable the cache scanning with never.
Perform cache scanning (atstart or never)? [atstart]
To considerably speed up the initial CPAN shell startup, it is
possible to use Storable to create a cache of metadata. If Storable
is not available, the normal index mechanism will be used.
Cache metadata (yes/no)? [yes]
The next option deals with the charset your terminal supports. In
general CPAN is English speaking territory, thus the charset does not
matter much, but some of the aliens out there who upload their
software to CPAN bear names that are outside the ASCII range. If your
terminal supports UTF-8, you say no to the next question, if it
supports ISO-8859-1 (also known as LATIN1) then you say yes, and if it
supports neither nor, your answer does not matter, you will not be
able to read the names of some authors anyway. If you answer no, names
will be output in UTF-8.
Your terminal expects ISO-8859-1 (yes/no)? [yes]
The CPAN module can detect when a module that which you are trying to
build depends on prerequisites. If this happens, it can build the
prerequisites for you automatically (follow), ask you for
confirmation (ask), or just ignore them (ignore). Please set your
policy to one of the three values.
Policy on building prerequisites (follow, ask or ignore)? [ask]
The CPAN module will need a few external programs to work properly.
Please correct me, if I guess the wrong path for a program. Dont
panic if you do not have some of them, just press ENTER for those. To
disable the use of a download program, you can type a space followed
by ENTER.
Where is your gzip program? [/bin/gzip]
Where is your tar program? [/bin/tar]
Where is your unzip program? [/usr/bin/unzip]
Where is your make program? [/usr/bin/make]
Where is your links program? [/usr/bin/links]
Where is your wget program? [/usr/bin/wget]
Warning: ncftpget not found in PATH
Where is your ncftpget program? []
Warning: ncftp not found in PATH
Where is your ncftp program? []
Where is your ftp program? [/usr/kerberos/bin/ftp]
What is your favorite pager program? [/usr/bin/less]
What is your favorite shell? [/bin/bash]
Every Makefile.PL is run by perl in a separate process. Likewise we
run make and make install in processes. If you have any
parameters (e.g. PREFIX, LIB, UNINST or the like) you want to pass
to the calls, please specify them here.
If you dont understand this question, just press ENTER.
Parameters for the perl Makefile.PL command?
Typical frequently used settings:
POLLUTE=1 increasing backwards compatibility
LIB=~/perl non-root users (please see manual for more hints)
Your choice: []
Parameters for the make command?
Typical frequently used setting:
-j3 dual processor system
Your choice: []
Parameters for the make install command?
Typical frequently used setting:
UNINST=1 to always uninstall potentially conflicting files
Your choice: []
Sometimes you may wish to leave the processes run by CPAN alone
without caring about them. As sometimes the Makefile.PL contains
question youre expected to answer, you can set a timer that will
kill a perl Makefile.PL process after the specified time in seconds.
If you set this value to 0, these processes will wait forever. This is
the default and recommended setting.
Timeout for inactivity during Makefile.PL? [0]
If youre accessing the net via proxies, you can specify them in the
CPAN configuration or via environment variables. The variable in
the $CPAN::Config takes precedence.
Your ftp_proxy?
Your http_proxy?
Your no_proxy?
You have no /root/.cpan/sources/MIRRORED.BY
Im trying to fetch one
CPAN: LWP::UserAgent loaded ok
Fetching with LWP:
ftp://ftp.perl.org/pub/CPA...
Now we need to know where your favorite CPAN sites are located. Push
a few sites onto the array (just in case the first on the array wont
work). If you are mirroring CPAN to your local workstation, specify a
file: URL.
First, pick a nearby continent and country (you can pick several of
each, separated by spaces, or none if you just want to keep your
existing selections). Then, you will be presented with a list of URLs
of CPAN mirrors in the countries you selected, along with previously
selected URLs. Select some of those URLs, or just keep the old list.
Finally, you will be prompted for any extra URLs -- file:, ftp:, or
http: -- that host a CPAN mirror.
(1) Africa
(2) Asia
(3) Central America
(4) Europe
(5) North America
(6) Oceania
(7) South America
Select your continent (or several nearby continents) [] 2
Sorry! since you dont have any existing picks, you must make a
geographic selection.
(1) China
(2) Indonesia
(3) Israel
(4) Japan
(5) Malaysia
(6) Philippines
(7) Republic of Korea
(8) Russian Federation
(9) Saudi Arabia
(10) Singapore
(11) Taiwan
(12) Thailand
Select your country (or several nearby countries) [] 1
Sorry! since you dont have any existing picks, you must make a
geographic selection.
(1) ftp://ftp.shellhung.org/pu...
(2) ftp://mirrors.hknet.com/CP...
(3) http://cpan.linuxforum.net...
Select as many URLs as you like,
put them on one line, separated by blanks [] 3
Enter another URL or RETURN to quit: []
New set of picks:
http://cpan.linuxforum.net...
WAIT support is available as a Plugin. You need the CPAN::WAIT module
to actually use it. But we need to know your favorite WAIT server. If
you dont know a WAIT server near you, just press ENTER.
Your favorite WAIT server?
[wait://ls6-www.informatik.uni-dortmund.de:1404]
commit: wrote /usr/lib/perl5/5.8.0/CPAN/Config.pm
cpan shell -- CPAN exploration and modules installation (v1.61)
ReadLine support available (try install Bundle::CPAN)
cpan>
安装下载CPAN
下载是amavisd用到module
cpan> install CPAN
cpan> install LWP
cpan> install Archive::Tar
cpan> install Archive::Zip
cpan> install Compress::Zlib
cpan> install Convert::TNEF
cpan> install Convert::UUlib
cpan> install MIME::Base64
cpan> install MIME::Parser
cpan> install MIME::Tools
cpan> install Mail::Internet
cpan> install Net::Server
cpan> install Net::SMTP
cpan> install Digest::MD5
cpan> install IO::Stringy
cpan> install Time::HiRes
cpan> install Unix::Syslog
下载是SpamAssassin用到module,如果上面已经安装,这里不用再重复安装。
cpan> install ExtUtils::MakeMaker
cpan> install File::Spec
cpan> install Pod::Usage
cpan> install HTML::Parser
cpan> install Sys::Syslog
cpan> install DB_File
cpan> install Net::DNS
cpan> install Mail::Audit
cpan> install Mail::Internet
cpan> install Net::SMTP
cpan> install Digest::SHA1
cpan> install Net::Ident
cpan> install IO::Socket::SSL
cpan> quit
下载安装模块
登录网站 http://search.cpan.org
输入要查找的模块如:Time::HiRes
Time::HiRes
High resolution alarm, sleep, gettimeofday, interval timers
Time-HiRes-1.59 - 08 Apr 2004 - Jarkko Hietaniemi
下载 Time-HiRes-1.59 或复制它的URL,然后在使用 wget下载
[root@linuxas3 src]# wget http://search.cpan.org/CPA...
解包
[root@linuxas3 src]# tar zxvf Time-HiRes-1.59.tar.gz
Time-HiRes-1.59/
Time-HiRes-1.59/hints/
Time-HiRes-1.59/hints/sco.pl
Time-HiRes-1.59/hints/svr4.pl
Time-HiRes-1.59/hints/dec_osf.pl
Time-HiRes-1.59/hints/solaris.pl
Time-HiRes-1.59/hints/dynixptx.pl
Time-HiRes-1.59/hints/irix.pl
Time-HiRes-1.59/Changes
Time-HiRes-1.59/MANIFEST
Time-HiRes-1.59/typemap
Time-HiRes-1.59/TODO
Time-HiRes-1.59/HiRes.pm
Time-HiRes-1.59/fallback/
Time-HiRes-1.59/fallback/const-c.inc
Time-HiRes-1.59/fallback/const-xs.inc
Time-HiRes-1.59/HiRes.xs
Time-HiRes-1.59/META.yml
Time-HiRes-1.59/t/
Time-HiRes-1.59/t/HiRes.t
Time-HiRes-1.59/Makefile.PL
Time-HiRes-1.59/README
[root@linuxas3 src]# cd Time-HiRes-1.59
编译安装
[root@linuxas3 Time-HiRes-1.59]# perl Makefile.PL
[root@linuxas3 Time-HiRes-1.59]# make
[root@linuxas3 Time-HiRes-1.59]# make test
[root@linuxas3 Time-HiRes-1.59]# make install
有些模块例如(install Time::HiRes)安装时提示:
then set the environment variable LC_ALL to "C" and retry
Configuring Time::HiRes...
Looking for gettimeofday()... found.
Looking for setitimer()... found.
Looking for getitimer()... found.
You have interval timers (both setitimer and setitimer).
Looking for ualarm()... found.
Looking for usleep()... found.
Looking for nanosleep()... found.
You can mix subsecond sleeps with signals.
Checking if your kit is complete...
Looks good
Writing Makefile for Time::HiRes
Now you may issue make. Do not forget also make test.
NOTE: if you get an error like this (the line number may vary):
Makefile:91: *** missing separator
then set the environment variable LC_ALL to "C" and retry
from scratch (re-run perl "Makefile.PL").
设置环境变量LC_ALL
cpan> exit
[root@linuxas3 src]# export LC_ALL=C
[root@linuxas3 src]# echo ${LC_ALL}
C
[root@linuxas3 src]#
然后进入CPAN环境,再安装
cpan> install Time::HiRes
/usr/bin/make install -- OK
AMaViS的安装(http://www.ijs.si/software...
[root@linuxas3 src]# cd amavisd-new-20030616
[root@linuxas3 amavisd-new-20030616]# groupadd sweep
[root@linuxas3 amavisd-new-20030616]# adduser vscan -g sweep -d /dev/null -s/bin/false
[root@linuxas3 amavisd-new-20030616]# adduser amavis
[root@linuxas3 amavisd-new-20030616]# patch -p0 patching file amavisd.conf
patching file amavisd
[root@linuxas3 amavisd-new-20030616]# mkdir /var/amavis
[root@linuxas3 amavisd-new-20030616]# chown amavis:amavis /var/amavis
[root@linuxas3 amavisd-new-20030616]# chmod 750 /var/amavis
[root@linuxas3 amavisd-new-20030616]# cp amavisd /usr/local/sbin/
[root@linuxas3 amavisd-new-20030616]# chown root /usr/local/sbin/amavisd
[root@linuxas3 amavisd-new-20030616]# chmod 755 /usr/local/sbin/amavisd
[root@linuxas3 amavisd-new-20030616]# cp amavisd.conf /etc/
[root@linuxas3 amavisd-new-20030616]# chown root /etc/amavisd.conf
[root@linuxas3 amavisd-new-20030616]# chmod 644 /etc/amavisd.conf
[root@linuxas3 amavisd-new-20030616]# cp amavisd_init.sh /etc/init.d/amavisd
[root@linuxas3 amavisd-new-20030616]# chmod 744 /etc/init.d/amavisd
[root@linuxas3 amavisd-new-20030616]# chkconfig --add amavisd
[root@linuxas3 amavisd-new-20030616]# chkconfig amavisd on
[root@linuxas3 amavisd-new-20030616]# vi /etc/init.d/amavisd
prog="/usr/local/sbin/amavisd"
[root@linuxas3 amavisd-new-20030616]# mkdir /var/virusmails
[root@linuxas3 amavisd-new-20030616]# chown -R amavis.amavis /var/virusmails(隔离区)
amavisd-new-courier.patch 这个补丁的作用是,stop amavis时关闭uvsan.如果不打补丁,当你amavis stop后,10024没有被释放。
再次启动amavis会提示你有程序正在使用10024端口.
Configure postfix to use amavis
[root@linux amavisd-new-20030616]# vi /etc/amavisd.conf
#
# Section I - Essential daemon and MTA settings
#
$mydomain = example.net; # (no useful default)
$myhostname = mail.example.net; # fqdn of this host, default by uname(3)
$forward_method = smtp:127.0.0.1:10025;
$notify_method = $forward_method;
$max_servers = 2; # number of pre-forked children (default 2)
$max_requests = 10; # retire a child after that many accepts (default 10)
$child_timeout=5*60; # abort child if it does not complete each task in n sec
# (default: 8*60 seconds)
#加入你的虚拟域.否则虚拟域邮箱不能anti-spam,如果你的虚拟域很多建议使用read_hash
@local_domains_acl = ( ".$mydomain", .example.net, .your.virualdomain );
# 每个域名站一行.如果域名前有"."点,则包括他的子域.
#read_hash(/%local_domains, /var/amavis/local_domains);
@bypass_virus_checks_acl = qw( . ); # uncomment to DISABLE anti-virus code
@local_domains_acl = ( ".$mydomain" ); # $mydomain and its subdomains
#
# Section IV - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine
#
#设置对垃圾邮件处理的方式,D_BOUNCE改为D_PASS
#(D_DISCARD表示丢弃,D_BOUNCE表示后来弹回信息, D_REJECT表示当时弹回信息,D_PASS表示允许通过)
$final_spam_destiny = D_PASS; # (defaults to D_REJECT)
#
# Section V - Per-recipient and per-sender handling, whitelisting, etc.
#
read_hash(/%whitelist_sender, /var/amavis/whitelist_sender); #去掉注释
read_hash(/%blacklist_sender, /var/amavis/blacklist_sender); #自己添加
read_hash(/%spam_lovers, /var/amavis/spam_lovers); #自己添加
# SpamAssassin settings
$sa_auto_whitelist = 1; # turn on AWL (default: false) #去掉“#”注释
$sa_spam_subject_tag = ***SPAM*** ; # (defaults to undef, disabled)
$virus_admin = "virusalert/@$mydomain";
$spam_admin = "spamalert/@$mydomain";
@av_scanners = (
# ### http://www.clamav.net/
[Clam Antivirus-clamd,
/%26amp;ask_daemon, ["CONTSCAN {}/n", "/var/run/clamav/clamd.sock"],
qr//bOK$/, qr//bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: run clamd under the same user as amavisd; match the socket
# # name (LocalSocket) in clamav.conf to the socket name in this entry
# # When running chrooted one may prefer: ["CONTSCAN {}/n","$MYHOME/clamd"],
找到@av_scanners = (这一行,在VI中可以输入/@av_scanners = (查到它的位置,然后去掉clamav的注释。
/etc/postfix/master.cf
[root@linuxas3 amavisd-new-20030616]# cd /etc/postfix/
[root@linuxas3 postfix]# vi master.cf
# amavis
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
提高处理性能
将 /etc/amavisd.conf 的 $max_servers 数字加大,预设是 2。
然后将该数字映到 /etc/postfix/master.cf 的 smtp-amavis 。
例:
$max_servers = 4
smtp-amavis unix - - n - 4 smtp
上面smtp-amavis 中的 n 选项是chroot功能
y启用、n关闭。
然后重新reload postfix和amavisd即可!
注:做系统管理最忌重启.很多人喜欢stop重start,其实用reload重新载入配置文件就要以.这样的好处是不会中断会话.
/etc/postfix/main.cf
#============ Amavis ================
soft_bounce=yes
content_filter = smtp-amavis:[127.0.0.1]:10024
文章整理:西部数码--专业提供 域名注册、 虚拟主机服务
http://www.west263.com
以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息,谢谢!
| |
| 文章页数:[1] |
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
