Clamav + Amavisd-new + Spamassassin 系统设置
出处:www.thismail.org 作者:易人居士 时间:2006-10-25 17:35:00
病毒过滤效果 100 %
垃圾邮件过滤效果: 正确率 98 % 误判率 2 %
------------------------------------------------------------------------------------------------------------
Clamav (/usr/local/etc/clamd.conf )
# This option enables scanning of Microsoft Office document macros.
# Default: enabled
ScanOLE2 打开office文档扫描
# Enable internal e-mail scanner.
# Default: enabled
ScanMail 打开邮件扫描
# ClamAV can scan within archives and compressed files.
# Default: enabled
ScanArchive 扫描压缩包
# Due to license issues libclamav does not support RAR 3.0 archives (only the
# old 2.0 format is supported). Because some users report stability problems
# with unrarlib it's disabled by default and you must uncomment the directive
# below to enable RAR 2.0 support.
# Default: disabled
ScanRAR 扫描RAR压缩包
# Files in archives larger than this limit won't be scanned.
# Value of 0 disables the limit.
# Default: 10M
ArchiveMaxFileSize 10M 最大扫描压缩包文件为10兆
# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
# file, all files within it will also be scanned. This options specifies how
# deep the process should be continued.
# Value of 0 disables the limit.
# Default: 8
ArchiveMaxRecursion 9 扫描压缩包9层
# Number of files to be scanned within an archive.
# Value of 0 disables the limit.
# Default: 1000
ArchiveMaxFiles 1000 最多扫描压缩包内1500个文件
# Set access mask for Clamuko.
# Default: disabled
ClamukoScanOnOpen
ClamukoScanOnClose
ClamukoScanOnExec
# Don't scan files larger than ClamukoMaxFileSize
# Value of 0 disables the limit.
# Default: 5M
ClamukoMaxFileSize 10M
-----------------------------------------------------------------------------------------------
Amavisd-new (/etc/ amavisd.conf )
D_PASS: 不做任何处理,直接传送给收件人。
D_DISCARD: 邮件不传送给发件人及收件人。
D_BOUNCE: 不传送给收件人。除了定义在 $viruses_that_fake_sender_re 病毒名称外的信件,amavisd-new 皆会传送 DSN 讯息给发件人。
D_REJECT: 不传送给收件人,发件人会收到拒绝传送的信息。
$sa_auto_whitelist = 1; # 启用自动学习白名单 White List
$sa_mail_body_size_limit = 200*1024; # 超过某个特定大小的邮件就不经过
SpamAssassin 的扫描。
$sa_tag_level_deflt = 4.0; # 超过这个分数标准者,才视为垃圾邮件打分数。
加入 X-Spam-Status 及 X-Spam-Level 信息头
$sa_tag2_level_deflt = 6.3; # 超过这个分数标准者,才允许在邮件标题加入
Spam 信息。
加入 X-Spam-Flag:YES 及改写主题
$sa_kill_level_deflt = 10 ; # 超过这个分数标准者,就直接將信件备份后删除。
$sa_dsn_cutoff_level = 9; # 超过这个分数标准者,將不会送出 DSN 信息。
--------------------------------------------------------------------------------
Spamassassin (/etc/mail/spamassassin/local.cf )
# SpamAssassin config file for version 3.x
# NOTE: NOT COMPATIBLE WITH VERSIONS 2.5 or 2.6
# See http://www.yrex.com/spam/spamconfig25.php for earlier versions
# Generated by http://www.yrex.com/spam/spamconfig.php (version 1.50)
# How many hits before a message is considered spam. 得分多少以上就会被判定为垃圾邮件。
required_hits 6.3
# Whether to change the subject of suspected spam. 在已判定的垃圾邮件之标题加上标记。( 如果是使用amaivsd来呼叫spamassass进行过滤的,请修改 Amavisd-new 的配置文件amavisd.conf 中的相应选项:$sa_spam_subject_tag = '***[ Junk Mail ]*** '; )
rewrite_header Subject ****SPAM(_SCORE_)****
# Encapsulate spam in an attachment.
# 要如何处理垃圾邮件。如果邮件还会经过防毒程序的扫描处理,所以必须设定为 0。
# 0:将信息写入邮件表头。
# 1:将垃圾邮件转为附件。
# 2:将垃圾邮件转为纯文字附件。
report_safe 0
# Use terse version of the spam report. 用精简的方式来回复垃圾邮件信息给管理者
use_terse_report 0
# Enable the Bayes system. 使用贝叶斯学习系统
use_bayes 1
# Enable Bayes auto-learning. 开启贝叶斯自动学习功能
auto_learn 1
# Enable or Disable network checks. 略过 RBLs 检查、使用 Razor version 2、使用 DCC (Distributed Checksum Clearinghouse)、使用 Pyzor
skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 1
# Blacklist. 黑名单,判定減 + 100 分
blacklist_from *@sohu.com *@mailfb.com
# Whitelist . 白名单,判定加 — 100 分
whitelist_from *@yahoo.com.tw *@yahoo.com.hk *@yahoogroups.com.hk
whitelist_from rika@rika.idv.tw# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
# - chinese
ok_languages zh en
# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales zh en
# Disabled scores. 防止中文主旨和中文收件者误判,建议再加上下列几行
score HEADER_8BITS 0
score HTML_COMMENT_8BITS 0
score SUBJ_FULL_OF_8BITS 0
score UPPERCASE_25_50 0
score UPPERCASE_50_75 0
score UPPERCASE_75_100 0
# local domain from but ip not match. 域名和 IP 不符合,疑为垃圾邮件
header __FROM_TEATIME Received =~ /from test.com.cn/i
header __FROM_TEATIME_IP Received =~ /[12.34.56.78]/
meta FROM_TEATIME_BUT_IP_ERROR (__FROM_TEATIME)
describe FROM_TEATIME_BUT_IP_ERROR From test.com.cn but ip not match
score FROM_TEATIME_BUT_IP_ERROR 8
score NO_REAL_NAME 4.000
score SPF_FAIL 10.000
score SPF_HELO_FAIL 10.000
score BAYES_99 4.300
score BAYES_90 3.500
score BAYES_80 3.000
Spamassassin 系统设置之 黑白名单
-----------------------------------------------------------------------------------------------------
vi /etc/amavisd.conf (加入以下两行)
-----------------------------------------------------------------------------------------------------
read_hash(\%whitelist_sender, '/var/amavis/var/.spamassassin/whitelist');
read_hash(\%blacklist_sender, '/var/amavis/var/.spamassassin/blacklist');
-------------------------------------------------------------------------------------------------------
注明:以上两个文件 whitelist 和 blacklist 要手动建立
touch > /var/amavis/var/.spamassassin/whitelist
touch > /var/amavis/var/.spamassassin/blacklist
两个文件的属主属性为:
chown amavis:amavis whitelist
chown amavis:amavis blacklist
1)建立后,执行 /etc/rc.d/init.d/amavisd reload 让 amavisd 重新读取配置文件信息。
2)登记在 whitelist 的邮件地址或域名均不会被 Spamassassin 打分为垃圾邮件。
3)登记在 blacklist 的邮件地址或域名均会被 Spamassassin 打分为垃圾邮件。
4)whitelist 和 blacklist 的写法,例如:
test@test.com.cn*@boss.com
5)修改了 whitelist 或 blacklist 文件,均需要执行 /etc/rc.d/init.d/amavisd restart 让 amavisd 重新启动,否则,黑白名单不能生效 !!!