This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
защита_почты_от_вирусов_и_spamа [2020/08/30 20:35] val [Настройка MTA на взаимодействие с clamav использованием milter интерфейса] |
защита_почты_от_вирусов_и_spamа [2021/06/10 10:10] (current) admin [Технология взвешенной оценки] |
||
---|---|---|---|
Line 23: | Line 23: | ||
=== Postfix (Debian/Ubuntu) === | === Postfix (Debian/Ubuntu) === | ||
+ | |||
<code> | <code> | ||
- | ubuntu14# cat /etc/default/clamav-milter | ||
- | </code><code> | ||
- | ... | ||
- | SOCKET_RWGROUP=postfix | ||
- | </code><code> | ||
root@gate:~# cat /etc/clamav/clamav-milter.conf | root@gate:~# cat /etc/clamav/clamav-milter.conf | ||
</code><code> | </code><code> | ||
... | ... | ||
MilterSocket /var/spool/postfix/clamav/clamav-milter.ctl | MilterSocket /var/spool/postfix/clamav/clamav-milter.ctl | ||
+ | ... | ||
+ | MilterSocketGroup postfix | ||
... | ... | ||
</code><code> | </code><code> | ||
Line 85: | Line 83: | ||
<code> | <code> | ||
- | # rbllookup mailhub.bmstu.ru | + | # apt install rblcheck |
# rblcheck 195.19.32.15 | # rblcheck 195.19.32.15 | ||
Line 98: | Line 96: | ||
<code> | <code> | ||
root@gate:~# apt install spamassassin | root@gate:~# apt install spamassassin | ||
- | |||
- | root@gate:~# cd /etc/spamassassin/ | ||
- | </code> | ||
- | |||
- | == FreeBSD == | ||
- | <code> | ||
- | [gate:~] # pkg install spamassassin | ||
- | |||
- | [gate:~] # cd /usr/local/etc/mail/spamassassin/ | ||
</code> | </code> | ||
=== Настройка и тестирование === | === Настройка и тестирование === | ||
- | == FreeBSD/Debian/Ubuntu == | + | == Debian/Ubuntu == |
<code> | <code> | ||
- | gate# cat local.cf | + | gate# cat /etc/spamassassin/local.cf |
</code><code> | </code><code> | ||
rewrite_header Subject *****SPAM***** | rewrite_header Subject *****SPAM***** | ||
Line 119: | Line 108: | ||
use_bayes 0 | use_bayes 0 | ||
# required_score 5.0 | # required_score 5.0 | ||
- | trusted_networks 192.168.X | + | trusted_networks 192.168.X # must be set for cgpav because default ALL_TRUSTED !!! |
- | # add_header all Report _REPORT_ | + | add_header all Report _REPORT_ |
- | # score RCVD_IN_BL_SPAMCOP_NET 10.0 | + | score BODY_SINGLE_WORD 10.0 |
</code><code> | </code><code> | ||
- | gate# spamassassin --lint #check config | + | gate# spamassassin --lint # Проверка конфигурации |
gate# sa-update | gate# sa-update | ||
Line 134: | Line 123: | ||
=== Запуск === | === Запуск === | ||
- | == FreeBSD == | + | == Debian/Ubuntu == |
<code> | <code> | ||
- | [gate:~] # cat /etc/rc.conf | + | root@gate:~# cat /etc/default/spamassassin |
</code><code> | </code><code> | ||
... | ... | ||
- | spamd_enable=yes | + | CRON=1 |
+ | ... | ||
</code><code> | </code><code> | ||
- | [gate:~] # service sa-spamd start | + | root@gate:~# systemctl enable spamassassin |
- | [gate:~] # cat /usr/local/etc/periodic/daily/sa-update.sh | + | root@gate:~# service spamassassin start |
- | </code><code> | + | |
- | #!/bin/sh | + | |
- | echo sa-update | + | |
- | /usr/local/bin/sa-update && /usr/local/etc/rc.d/sa-spamd restart | + | |
- | </code><code> | + | |
- | [gate:~] # chmod +x /usr/local/etc/periodic/daily/sa-update.sh | + | |
</code> | </code> | ||
- | == Debian/Ubuntu == | + | === Подключение SpamAssassin через milter интерфейс === |
+ | |||
+ | == Postfix (Debian/Ubuntu) == | ||
<code> | <code> | ||
- | root@gate:~# cat /etc/default/spamassassin | + | root@gate:~# apt install spamass-milter |
+ | |||
+ | root@gate:~# less /etc/default/spamass-milter | ||
+ | |||
+ | root@gate:~# cat /etc/postfix/main.cf | ||
</code><code> | </code><code> | ||
... | ... | ||
- | ENABLED=1 | + | smtpd_milters = unix:/clamav/clamav-milter.ctl unix:/spamass/spamass.sock |
- | ... | + | |
- | CRON=1 | + | |
- | ... | + | |
</code><code> | </code><code> | ||
- | root@gate:~# service spamassassin start | + | root@gate:~# service postfix restart |
</code> | </code> | ||
- | |||
- | === Подключение SpamAssassin через milter интерфейс === | ||
== Sendmail (FreeBSD) == | == Sendmail (FreeBSD) == | ||
Line 192: | Line 177: | ||
[gate:~] # /etc/rc.d/sendmail restart | [gate:~] # /etc/rc.d/sendmail restart | ||
- | </code> | ||
- | |||
- | == Postfix (Debian/Ubuntu) == | ||
- | <code> | ||
- | root@gate:~# apt install spamass-milter | ||
- | |||
- | root@gate:~# less /etc/default/spamass-milter | ||
- | |||
- | root@gate:~# service spamass-milter restart | ||
- | |||
- | root@gate:~# cat /etc/postfix/main.cf | ||
- | </code><code> | ||
- | ... | ||
- | smtpd_milters = unix:/clamav/clamav-milter.ctl unix:/spamass/spamass.sock | ||
- | </code><code> | ||
- | root@gate:~# service postfix restart | ||
</code> | </code> | ||
Line 223: | Line 192: | ||
==== Технология Grey List ==== | ==== Технология Grey List ==== | ||
- | * [[http://ru.wikipedia.org/wiki/Серый_список]] | + | * [[https://ru.wikipedia.org/wiki/%D0%A1%D0%B5%D1%80%D1%8B%D0%B9_%D1%81%D0%BF%D0%B8%D1%81%D0%BE%D0%BA|Серый список]] |
* RFC 2821 4.5.4.1 ([[http://rfc.com.ru/rfc2821.htm]]) | * RFC 2821 4.5.4.1 ([[http://rfc.com.ru/rfc2821.htm]]) | ||
+ | |||
+ | === Postfix (Debian/Ubuntu) === | ||
+ | |||
+ | [[http://vladimir-stupin.blogspot.com/2009/09/postfix-postgrey.html]] | ||
+ | |||
+ | <code> | ||
+ | root@gate:~# apt install postgrey | ||
+ | |||
+ | root@gate:~# less /etc/default/postgrey | ||
+ | |||
+ | root@gate:~# cat /etc/postfix/main.cf | ||
+ | </code><code> | ||
+ | ... | ||
+ | smtpd_recipient_restrictions = permit_mynetworks, | ||
+ | reject_unauth_destination, | ||
+ | check_policy_service inet:127.0.0.1:10023 | ||
+ | </code><code> | ||
+ | root@gate:~# service postfix restart | ||
+ | |||
+ | root@gate:~# ls /var/lib/postgrey/ | ||
+ | |||
+ | root@gate:~# postgreyreport < /var/log/mail.log | ||
+ | </code> | ||
=== Semdmail (FreeBSD) === | === Semdmail (FreeBSD) === | ||
Line 273: | Line 265: | ||
[gate:~] # cat /var/milter-greylist/greylist.db | [gate:~] # cat /var/milter-greylist/greylist.db | ||
</code> | </code> | ||
- | |||
- | === Postfix (Debian/Ubuntu) === | ||
- | |||
- | [[http://vladimir-stupin.blogspot.com/2009/09/postfix-postgrey.html]] | ||
- | |||
- | <code> | ||
- | root@gate:~# apt-get install postgrey | ||
- | |||
- | root@gate:~# less /etc/default/postgrey | ||
- | |||
- | root@gate:~# cat /etc/postfix/main.cf | ||
- | </code><code> | ||
- | ... | ||
- | smtpd_recipient_restrictions = permit_mynetworks, | ||
- | reject_unauth_destination, | ||
- | check_policy_service inet:127.0.0.1:10023 | ||
- | </code><code> | ||
- | root@gate:~# ls /var/lib/postgrey/ | ||
- | |||
- | root@gate:~# postgreyreport < /var/log/mail.log | ||
- | </code> | ||
- | |||
===== Использование пакета AmavisNew для контексной фильрации почты ===== | ===== Использование пакета AmavisNew для контексной фильрации почты ===== | ||
https://help.ubuntu.com/community/PostfixAmavisNew | https://help.ubuntu.com/community/PostfixAmavisNew |