====== Защита почты от вирусов и SPAMа ======
===== Защита почты от вирусов с использование clamav =====
==== Установка clamav с milter интерфейсом ====
=== Debian/Ubuntu ===
[[Сервис Clamav]]
root@gate:~# apt install clamav-milter
=== FreeBSD ===
[gate:~] # pkg install clamav-milter
==== Настройка MTA на взаимодействие с clamav использованием milter интерфейса ====
=== Postfix (Debian/Ubuntu) ===
root@gate:~# cat /etc/clamav/clamav-milter.conf
...
MilterSocket /var/spool/postfix/clamav/clamav-milter.ctl
...
MilterSocketGroup postfix
...
root@gate:~# service clamav-milter restart
root@gate:~# cat /etc/postfix/main.cf
...
milter_default_action = accept
smtpd_milters = unix:/clamav/clamav-milter.ctl
root@gate:~# service postfix reload
root@gate:~# tail -f /var/log/clamav/clamav.log
=== Sendmail (FreeBSD) ===
[gate:~] # cat /usr/local/etc/clamav-milter.conf
...
AddHeader Replace
...
[gate:/etc/mail] # cat gate.corpX.un.mc
...
INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clamav/clmilter.sock,F=, T=S:4m;R:4m')
define(`confINPUT_MAIL_FILTERS', `clmilter')
MAILER(local)
...
[gate:/etc/mail] # make install
[gate:~] # service clamav-milter start
[gate:~] # service sendmail restart
[gate:~] # tail -f /var/log/maillog
===== Защита почты от спама =====
* [[http://www.dnsbl.info/dnsbl-database-check.php|Spam Database Lookup]]
* [[http://mxtoolbox.com/blacklists.aspx|BLACKLIST CHECK]]
* [[https://www.tendence.ru/articles/spf-primenenie-v-pochtovyh-serverah-i-massovyh-rassylkah|SPF — применение в почтовых серверах и массовых рассылках]]
* [[https://habrahabr.ru/post/270159/|Значимость SPF]]
* [[http://www.lexa.ru/articles/distributed-antispam-2.html|Распределенные методы обнаружения спама]]
* [[http://spamassassin.apache.org/gtube/|Generic Test for Unsolicited Bulk Email (Тестовый спам)]]
# apt install rblcheck
# rblcheck 195.19.32.15
==== Технология взвешенной оценки ====
* [[http://ru.wikipedia.org/wiki/SpamAssassin|SpamAssassin — эффективное средство для фильтрации спама]]
=== Установка ===
== Debian/Ubuntu ==
root@gate:~# apt install spamassassin
=== Настройка и тестирование ===
== Debian/Ubuntu ==
gate# cat /etc/spamassassin/local.cf
rewrite_header Subject *****SPAM*****
report_safe 0
use_bayes 0
# required_score 5.0
trusted_networks 192.168.X # must be set for cgpav because default ALL_TRUSTED !!!
add_header all Report _REPORT_
score BODY_SINGLE_WORD 10.0
gate# spamassassin --lint # Проверка конфигурации
gate# sa-update
gate# mail root
gate# spamassassin -tx < /var/mail/root
=== Запуск ===
== Debian/Ubuntu ==
root@gate:~# cat /etc/default/spamassassin
...
CRON=1
...
root@gate:~# systemctl enable spamassassin
root@gate:~# service spamassassin start
=== Подключение SpamAssassin через milter интерфейс ===
== Postfix (Debian/Ubuntu) ==
root@gate:~# apt install spamass-milter
root@gate:~# less /etc/default/spamass-milter
root@gate:~# cat /etc/postfix/main.cf
...
smtpd_milters = unix:/clamav/clamav-milter.ctl unix:/spamass/spamass.sock
root@gate:~# service postfix restart
== Sendmail (FreeBSD) ==
[gate:~] # pkg install spamass-milter
[gate:~] # more /usr/local/share/doc/spamass-milter/activation.txt
[gate:~] # cat /etc/rc.conf
...
spamass_milter_enable=yes
[gate:~] # service spamass-milter start
[gate:/etc/mail] # cat gate.corpX.un.mc
...
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')
define(`confMILTER_MACROS_CONNECT',`b, j, _, {daemon_name}, {if_name}, {if_addr}')
define(`confINPUT_MAIL_FILTERS', `clmilter,spamassassin')
MAILER(local)
MAILER(smtp)
[gate:~] # make install
[gate:~] # /etc/rc.d/sendmail restart
=== Подключение SpamAssassin через procmail ===
== FreeBSD ==
gate# cat ~student/.procmailrc
:0fw
| /usr/local/bin/spamc
# | /usr/local/bin/spamassassin -x
==== Технология Grey List ====
* [[https://ru.wikipedia.org/wiki/%D0%A1%D0%B5%D1%80%D1%8B%D0%B9_%D1%81%D0%BF%D0%B8%D1%81%D0%BE%D0%BA|Серый список]]
* RFC 2821 4.5.4.1 ([[http://rfc.com.ru/rfc2821.htm]])
=== Postfix (Debian/Ubuntu) ===
[[http://vladimir-stupin.blogspot.com/2009/09/postfix-postgrey.html]]
root@gate:~# apt install postgrey
root@gate:~# less /etc/default/postgrey
root@gate:~# cat /etc/postfix/main.cf
...
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination,
check_policy_service inet:127.0.0.1:10023
root@gate:~# service postfix restart
root@gate:~# ls /var/lib/postgrey/
root@gate:~# postgreyreport < /var/log/mail.log
=== Semdmail (FreeBSD) ===
[gate:~] # pkg install milter-greylist
[gate:~] # pkg_add -r milter-greylist
[gate:~] # more /usr/local/share/doc/milter-greylist/README
[gate:~] # more /usr/local/etc/mail/greylist.conf.sample
[gate:~] # cat /usr/local/etc/mail/greylist.conf
pidfile "/var/run/milter-greylist.pid"
socket "/var/milter-greylist/milter-greylist.sock"
dumpfile "/var/milter-greylist/greylist.db" 600
dumpfreq 1
user "mailnull:mailnull"
quiet
list "my network" addr { 127.0.0.1/8 192.168.X.0/24 }
racl whitelist list "my network"
racl greylist default delay 5m autowhite 3d
[gate:~] # cat /etc/rc.conf
...
miltergreylist_enable=yes
[gate:~] # /usr/local/etc/rc.d/milter-greylist start
[gate:/etc/mail] # cat gate.corpX.un.mc
...
define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO``, {verify}'')
define(`confMILTER_MACROS_ENVRCPT', confMILTER_MACROS_ENVRCPT``, {greylist}'')
INPUT_MAIL_FILTER(`greylist', `S=local:/var/milter-greylist/milter-greylist.sock, F=T, T=R:30s')
define(`confINPUT_MAIL_FILTERS', `clmilter,spamassassin,greylist')
MAILER(local)
...
[gate:/etc/mail] # make install
[gate:/etc/mail] # /etc/rc.d/sendmail restart
[gate:~] # tail -f /var/log/maillog
[gate:~] # cat /var/milter-greylist/greylist.db
===== Использование пакета AmavisNew для контексной фильрации почты =====
https://help.ubuntu.com/community/PostfixAmavisNew
==== Установка и настройка AmavisNew ====
root@gate:~# apt-get install amavisd-new
root@gate:~# less /etc/amavis/conf.d/15-av_scanners
root@gate:~# rcsdiff /etc/amavis/conf.d/15-content_filter_mode
11,12c11,12
< #@bypass_virus_checks_maps = (
< # \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
---
> @bypass_virus_checks_maps = (
> \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
20,21c20,21
< #@bypass_spam_checks_maps = (
< # \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
---
> @bypass_spam_checks_maps = (
> \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
root@gate:~# cat /etc/amavis/conf.d/50-user
...
$sa_tag2_level_deflt = -6.31;
$final_spam_destiny = D_DISCARD;
1; # ensure a defined return
root@g13:~# adduser clamav amavis
root@g13:~# id clamav
uid=117(clamav) gid=124(clamav) groups=124(clamav),125(amavis)
root@g13:~# /etc/init.d/clamav-daemon restart
root@g13:~# /etc/init.d/amavis restart
==== Подключение AmavisNew к postfix ====
root@gate:~# zcat /usr/share/doc/amavisd-new/README.postfix.gz | less
Смотри пункты 2.2.2, 2.3, 3.1
root@gate:~# rcsdiff /etc/postfix/master.cf
85a86,108
> amavisfeed unix - - n - 2 smtp
> -o smtp_data_done_timeout=1200
> -o smtp_send_xforward_command=yes
> -o disable_dns_lookups=yes
> -o max_use=20
> 127.0.0.1:10025 inet n - n - - smtpd
> -o content_filter=
> -o smtpd_delay_reject=no
> -o smtpd_client_restrictions=permit_mynetworks,reject
> -o smtpd_helo_restrictions=
> -o smtpd_sender_restrictions=
> -o smtpd_recipient_restrictions=permit_mynetworks,reject
> -o smtpd_data_restrictions=reject_unauth_pipelining
> -o smtpd_end_of_data_restrictions=
> -o smtpd_restriction_classes=
> -o mynetworks=127.0.0.0/8
> -o smtpd_error_sleep_time=0
> -o smtpd_soft_error_limit=1001
> -o smtpd_hard_error_limit=1000
> -o smtpd_client_connection_count_limit=0
> -o smtpd_client_connection_rate_limit=0
> -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
> -o local_header_rewrite_clients=
root@gate:~# rcsdiff /etc/postfix/main.cf
46a47,48
> content_filter=amavisfeed:[127.0.0.1]:10024
root@gate:~# /etc/init.d/postfix restart