郵件伺服器過濾原理
過濾的依據:
1、根據客戶端源地址過濾
2、發件人過濾
3、收件過濾
4、主題(垃圾標誌)
5、郵件內容(body)病毒
郵件伺服器過濾原理
垃圾郵件、病毒過濾
1. 安裝MailScanner調度工具
下載 MailScanner-4.75.11-1.rpm.tar.gz 軟體包
官方站點:http://www.mailscanner.info
解包后,執行目錄中的 install.sh 腳本完成安裝
# yum -y install perl-MIME-tools
# tar xf MailScanner-4.75.11-1.rpm.tar.gz
# cd MailScanner-4.75.11-1
Advertisements
# ./install.sh --需要半小時左右
修改配置文件 MailScanner.conf
# vim /etc/MailScanner/MailScanner.conf
……
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Required SpamAssassin Score = 6--評分大於6的為垃圾郵件
High SpamAssassin Score = 10--設定高分垃圾郵件的標準為10分
Advertisements
Spam Actions = deliver header "X-Spam-Status: Yes"
High Scoring Spam Actions = delete [email protected]
2. 配置postfix支持調用MailScanner
# vim /etc/postfix/main.cf
……
header_checks = regexp:/etc/postfix/header_checks
# service postfix stop
3. 調整過濾隊列目錄,啟動MailScanner服務
# vim /etc/postfix/header_checks
/^Received:/ HOLD
# cd /var/spool/MailScanner/
# chown -R postfix.postfix incoming
# chown -R postfix.postfix quarantine
4. 安裝 SpamAssassin 過濾器
從RHEL光碟中查找安裝即可,包括存在依賴關係的相關perl軟體包
# yum -y install spamassassin
垃圾郵件中文過濾依據:
# wget -N -P /usr/share/spamassassinhttp://blog.dspam.org.cn/mail/spamassassin/Chinese_rules.cf
crontab -e
0 0 1 * * wget -N -P /usr/share/spamassassinhttp://blog.dspam.org.cn/mail/spamassassin/Chinese_rules.cf ;/etc/init.d/spamassassin restart
啟動 spamassassin 服務
# service spamassassin start
5. 安裝 F-Prot 病毒掃描工具
下載 fp-Linux-i686-ws.tar.gz 軟體包
官網地址:www.f-prot.com
解包釋放至 /opt/ 目錄
執行安裝腳本 install-f-prot.pl
手動升級病毒庫(需能訪問Internet)
# tar xf fp-Linux-i686-ws.tar.gz -C /opt
# cd /opt/f-prot/
# ./install-f-prot.pl
# mv /usr/local/bin/fpscan /usr/local/bin/f-prot
# /opt/f-prot/fpupdate --手動更新
# crontab -e
00 05 * * * /opt/f-prot/fpupdate > /dev/null 2>&1&
手工使用f-prot掃描病毒,看是否能識別病毒:
# vim /root/virus.txt
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
# /opt/f-prot/fpscan /root/virus.txt
6、最後啟動MailScaner用於調度啟動postfix
# /etc/init.d/MailScaner start
7、使用下面提供的代碼給自己發郵件測試(高分垃圾郵件自己無法收到,低分的可以收到,但主題上會帶有spam或virus):
病毒代碼:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
垃圾郵件:
/usr/share/doc/spamassassin-3.2.5/sample-nonspam.txt
/usr/share/doc/spamassassin-3.2.5/sample-spam.txt