给postfix加上反垃圾邮件

给postfix加上反垃圾邮件

除本篇外,还有一文可参考:

http://blog.csdn.net/zzban1111/article/details/16838561

Overview

The SpamAssassin system is software for analyzing email messages, determining how likely they are to be spam, and reporting its conclusions. It is a rule-based system that compares different parts of email messages with a large set of rules. Each rule adds or removes points from a message's spam score. A message with a high enough score is reported to be spam.

Many spam-checking systems are available. SpamAssassin has become popular for several reasons:

It uses a large number of different kinds of rules and weights them according to their checks. Rules that have been demonstrated to be more effective at discriminating spam from non-spam email are given higher weightings.

It is easy to tune the scores associated with each rule or to add new rules based on regular expressions.

SpamAssassin can adapt to each system's email environment, learning to recognize which senders are to be trusted and to identify new kinds of spam.

It can report spam to several different spam clearinghouses and can be configured to create spam traps—email addresses that are used only to forward spam to a clearinghouse.

SpamAssassin Scoring System

The approach, to filter spam in SpamAssassin is more sophisticated than the simple keyword matching provided by most SMTP anti-virus software. SpamAssassin uses a scoring system: messages are tagged as spam only when they have enough spam characteristics in total. This in combination with other features results in very few false positives. In our experience, a properly managed SpamAssassin installation correctly identifies 90% to 95% of spam with less than 1% false positives.

SpamAssassin doesn't block spam. Instead, it tags messages as probable spam by changing the Subject line and message headers. This is very wise: no automated system can recognize spam with 100% certainty — deciding «what is spam» is a judgment call. All automated spam filters will produce some false positives (wanted e-mail mistakenly tagged as spam) and false negatives (spam not identified as such).

SpamAssassin identifies probable spam e-mail, but leaves the choice of what to do with it up to you. You can instruct the users how to add rules to their e-mail software to delete identified messages or, better yet, move them to a folder for later review.

The method shown here only tags suspected spam. No automated deletion is performed, but the filter script can be changed without too much effort to sideline or delete suspected spam if that's what you want.

Installing SpamAssassin

SpamAssassin is build from several Perl modules. We recommend to installing it manually as described below. The SpamAssassin documentation describes how to install and configure the software. We installed each module with make, make test and make install.

  1. Download the following modules from http://www.cpan.org/, if you search a single module,http://search.cpan.org/ can be very helpful.

    Digest-1.15.tar.gz
    Digest-HMAC-1.01.tar.gz
    Digest-SHA1-2.11.tar.gz
    Digest-SHA-5.44.tar.gz
    Archive-Tar-1.30.tar.gz
    Crypt-OpenSSL-RSA-0.24.tar.gz
    DB_File-1.815.tar.gz
    Error-0.17008.tar.gz
    Geography-Countries-1.4.tar.gz
    HTML-Parser-3.56.tar.gz
    IO-Zlib-1.05.tar.gz
    IP-Country-2.23.tar.gz
    libnet-1.20.tar.gz
    libwww-perl-5.805.tar.gz
    Mail-DKIM-0.24.tar.gz
    Mail-DomainKeys-1.0.tar.gz
    Mail-SPF-Query-1.999.1.tar.gz
    MailTools-1.76.tar.gz
    MIME-Base64-3.07.tar.gz
    Net-CIDR-Lite-0.20.tar.gz
    Net-DNS-0.59.tar.gz
    Net-Ident-1.20.tar.gz
    Storable-2.16.tar.gz
    Sys-Hostname-Long-1.4.tar.gz
    Text-Diff-0.35.tar.gz
    Time-HiRes-1.9707.tar.gz
    DBI-1.54.tar.gz
    DBD-mysql-4.004.tar.gz
    Mail-SpamAssassin-3.1.8.tar.gz

     

  2. Install the modules as follows:

    tar xzvf <file-from-above>
    cd <extracted module>
    perl Makefile.PL
    make
    make test
    make install

Configure SpamAssassin

SpamAssassin is installed «out of the box» in /usr/share/spamassassin with a good set of spam identification rules. You can specify your own settings in file /etc/mail/spamassassin/local.cf.

We recommend making some changes to local.cf right away: Whitelist well-known senders so their mail will never be identified as spam. You should whitelist the e-mail addresses of well-known legitimate senders to avoid the chance of them being mis-identified by the SpamAssassin default rules. Add«whitelist_from» settings to file /etc/mail/spamassassin/local.cf for each important client, mailing list and other known spam free senders.

# How many hits before a message is considered spam.
required_hits           5.0

# Text to prepend to subject if rewrite_subject is used
rewrite_header Subject  [*****SPAM*****]

# Encapsulate spam in an attachment
report_safe             1

# Enable the Bayes system
use_bayes               1

# Enable Bayes auto-learning
bayes_auto_learn        1
bayes_path              /home/spamd/
bayes_file_mode         0666

# Enable or disable network checks
skip_rbl_checks         0
use_razor2              0
use_dcc                 0
use_pyzor               0

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
# ok_languages            all

# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
# ok_locales              all

# Whitelist important senders
whitelist_from          *@xyz.xx

Check you local.cf configuration parameters with:

# spamassassin –lint
# spamassassin –lint -D

Configure Postfix

Some spam checks can be configured with Postfix and/or SpamAssassin – but we recommend to do it NOTon both for performance reasons. Specially all RBL lookups should be deactived in the Postfix configuration file main.cf

strict_rfc821_envelopes = yes
disable_vrfy_command = yes
smtpd_helo_required = yes
smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =

smtpd_recipient_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    reject_invalid_hostname,
    reject_unauth_pipelining,
    reject_non_fqdn_sender,
    reject_unknown_sender_domain,
    reject_non_fqdn_recipient,
    reject_unknown_recipient_domain,
    check_client_access hash:$config_directory/access_client,
    check_sender_access hash:$config_directory/access_sender
    permit

# ——————————–
# Deactivated, done in SpamAssasin
# ——————————–
#    reject_rhsbl_client blackhole.securitysage.com,
#    reject_rhsbl_sender blackhole.securitysage.com,
#    reject_rbl_client relays.ordb.org,
#    reject_rbl_client blackholes.easynet.nl,
#    reject_rbl_client cbl.abuseat.org,
#    reject_rbl_client proxies.blackholes.wirehub.net,
#    reject_rbl_client bl.spamcop.net,
#    reject_rbl_client sbl.spamhaus.org,
#    reject_rbl_client opm.blitzed.org,
#    reject_rbl_client dnsbl.njabl.org,
#    reject_rbl_client list.dsbl.org,
#    reject_rbl_client multihop.dsbl.org,

# ——————————–
# Deactivated, done in SpamAssasin
# ——————————–
# Check Message Header and Body
# body_checks = regexp:$config_directory/body_checks
# header_checks = regexp:$config_directory/header_checks

Configure the SpamAssassin Daemon (spamd/spamc)

The purpose of this program is to provide a daemonized version of the SpamAssassin executable. The goal is improving throughput performance for automated mail checking. Here is a brief synopsis of howspamc/spamd work, and how to use them effectively.

The Server: spamd

spamd is the workhorse of the spamc/spamd pair — it loads an instance of the SpamAssassin filters, and then listens as a daemon for incoming requests to process messages. By default, spamd listens on port 783, but this is specifiable on the command line.

When spamd receives a connection, it spawns a child to handle the request. The child will expect to read an email message from the network socket, which should then be closed for writing on the other end (so spamdreceives an EOF). spamd will then use SA to rewrite the message, and dump the processed message back to the socket before closing the connection. The child process then dies.

In theory, this child-forking should be quite efficient, since on most OSes the fork will not actually copy any memory until the child attempts to write to a memory page, and then only the dirty page(s) will be copied. This means the entire perl engine and the SA regular expressions, etc. will only be loaded once and then be reused by all the children, saving a lot of overhead.

The Client: spamc

spamc is the client half of the pair. It should be used in place of  «spamassassin» in scripts to process mail. It will read the mail from stdin, and spool it to its connection to spamd, then read the result back and print it to stdout. spamc has extremely low overhead in loading, so it should be much faster to load than the whole SpamAssassin program (and a perl VM).

Running spamd as a non-root user

Many system administrators are uncomfortable running spamd as root. A bug in spamd could provide an attacker with root privileges; a local attacker could also spoof spamc and claim to be a different user (which can be ameliorated with the –auth-ident option discussed later).

To provide additional security, spamd can be instructed to run as a non-root user. After binding its TCP port or Unix socket, spamd gives up root privileges and runs as the specified user. Ideally, you should create a new user e.g., «spamd» with its own group «spamd» and a private home directory (/home/spamd). If spamd is using a Unix domain socket, the socket will automatically have its owner set to the new user, so no changes to this path are necessary, but the directory in which the socket will be created must be writable by the user.

groupadd -g 501 spamd
useradd -u 501 -g 501 -s /sbin/nologin -d /home/spamd spamd

If you plan to use Bayesian classification (the BAYES rules) with spamd, you will need to modify/etc/mail/spamassassin/local.cf to use a shared database of tokens, by setting the «bayes_path»setting to a path all users can read and write to. You will also need to set the «bayes_file_mode» setting to 0666 so that created files are shared, too.

# Enable Bayes auto-learning
bayes_auto_learn        1
bayes_path              /home/spamd/
bayes_file_mode         0666

After creating your new user, start spamd like this, as root:

/usr/bin/spamd –daemonize –username spamd –pidfile /home/spamd/spamd.pid

Integrating SpamAssassin with Postfix

Postfix is a mail transport agent written by security researcher Wietse Venema. Not surprisingly, Postfix is designed from the ground up to be a highly secure system. It consists of several components, each of which runs with least privilege and none of which trust data from the other without validating it themselves. Despite the extensive security emphasis in the system's architecture, Postfix is capable of very good performance in normal conditions; because of architectural decisions, it is also fault tolerant and capable of good performance under adverse conditions such as resource starvation. It has become a popular replacement for sendmail because it provides a compatible command-line interface. This article does not explain how to install and setup Postfix, more information can be found here.

This article explains how to integrate SpamAssassin into a Postfix-based mail server to perform spam-checking on a mail gateway.

Spam-Checking All Incoming Internet Mail

If you want to set up a spam-checking gateway for all recipients, local or not, you need a way to perform spam-checking as mail is received, before final delivery. Postfix provides a general-purpose filtering directive called content_filter.

The content_filter directive specifies a mail transport that Postfix will invoke after receiving a message. The mail transport hands the message to a filtering program. The filter checks the message and then either refuses it (which will cause Postfix to generate a bounce message), discards it, or reinjects the modified message into Postfix for further delivery. Messages that pass the filter are reinjected so that Postfix can operate on them almost as if they were new messages; this allows Postfix to behave properly if the content filter rewrites message headers.

Content filters can be programs that are invoked for each message. They read a message on standard input and reinject filtered messages via the sendmail program. SpamAssassin itself is not suitable for use as a content filter, because it doesn't know how to reinject a tagged message. However, SpamAssassin can be invoked by a content filter in several ways.

Create your own Content Filter

Postfix receives unfiltered mail from the network with the smtpd server, and delivers unfiltered mail to the SpamAssassin content filter with the Postfix pipe delivery agent. The content filter injects filtered mail back into Postfix with the Postfix sendmail command, so that Postfix can deliver it to the final destination.

This means that mail submitted via the Postfix sendmail command cannot be content filtered again.

The content filters are programs that accept messages on standard input, perform spam-checking, and either exit with an error status code or reinject the message to Postfix. To use a program as a content filter requires a series of steps:

继续阅读

Posted in Linux系统学习 | Leave a comment

netstat p参数没有显示进程id和程序名字

netstat p参数没有显示进程id和程序名字

根据netstat的说明,参数p可以列出对应socket的进程id和程序名字,

netstat -p

可是你会发现有些有,有些没有,

tcp        0      0 0.0.0.0:6379                   0.0.0.0:*                   LISTEN      –                   
tcp        0      0 127.0.0.1:55567             0.0.0.0:*                   LISTEN      8144/python         
tcp        0      0 0.0.0.0:111                     0.0.0.0:*                   LISTEN      –                   
tcp        0      0 0.0.0.0:80                       0.0.0.0:*                   LISTEN      –                   
tcp        0      0 0.0.0.0:8082                   0.0.0.0:*                   LISTEN      15302/java          
tcp        0      0 127.0.0.1:9205               0.0.0.0:*                   LISTEN      –                   
tcp        0      0 0.0.0.0:22                       0.0.0.0:*                   LISTEN      –                   
tcp        0      0 127.0.0.1:631                 0.0.0.0:*                   LISTEN      –                   
tcp        0      0 0.0.0.0:4730                   0.0.0.0:*                   LISTEN      –                   
tcp        0      0 0.0.0.0:9092                   0.0.0.0:*                   LISTEN      15302/java          
tcp        0      0 0.0.0.0:5029                   0.0.0.0:*                   LISTEN      –                   
tcp        0      0 127.0.0.1:9000               0.0.0.0:*                   LISTEN      –                   
 

继续阅读

Posted in Linux系统学习 | Leave a comment

linux bash添加文件内容和改写文件内容

linux bash添加文件内容和改写文件内容

创建文件

touch test.txt

用vim打开并添加内容:

vim test.txt

this is content

添加文件内容

echo "this is another content" >> test.txt

之后内容变成:

this is content

this is another content

继续阅读

Posted in Linux系统学习 | Leave a comment

linux如何显示某个进程的cpu和内存的使用情况

linux如何显示某个进程的cpu和内存的使用情况

这里说的命令行下面操作:

ps -p [pid] -o %cpu,%mem

例如:

$>ps -p 27890 -o %cpu,%mem

%CPU %MEM
 0.1  1.5

或者还可加上cmd来打印出当前命令:

ps -p [pid] -o %cpu,%mem,cmd

继续阅读

Posted in Linux系统学习 | Leave a comment

svn删除已经被手动删除的文件

svn删除已经被手动删除的文件

svn提供了删除文件的方式

svn rm或者svn delete

比如说

svn rm test/test.c

但是如果你是先用linux直接删除文件的方式删除了文件,那么svn删除已经被手动删除的文件怎么做呢?下面一条命令即可做到

继续阅读

Posted in Linux系统学习 | Leave a comment

rpm包中名词解释

EPEL

rpm包中名词解释 有时候我们看到一些rpm的安装包里面写的名字是带什么epel,或者el6之类的,那么EPEL是什么呢?

根据官网的解释:

https://fedoraproject.org/wiki/EPEL

EPEL=Extra Packages for Enterprise Linux

就是企业版Linux的额外安装包。

What is Extra Packages for Enterprise Linux (or EPEL)?

Extra Packages for Enterprise Linux (or EPEL) is a Fedora Special Interest Group that creates, maintains, and manages a high quality set of additional packages for Enterprise Linux, including, but not limited to, Red Hat Enterprise Linux (RHEL), CentOS and Scientific Linux (SL), Oracle Enterprise Linux (OEL).

继续阅读

Posted in Linux系统学习 | Leave a comment

linux查找进程

linux查找进程

ps aux | grep xxxx
可以查到对应的xxxx进程的信息,
不过如果需要进程id的话,则需要,
ps aux | grep xxxx | awk {'print $2'}

你会发现除了我们感兴趣的进程的id外,还多了一个grep的进程,那么去掉?

使用 grep -v grep

ps aux | grep -i firefox | grep -v grep | awk {'print $2'}
grep的-v就是去除不感兴趣的部分。

下面是利用上面的pid直接杀掉它:

ps aux | grep -i firefox | grep -v grep | awk {'print $2'} | xargs kill -9

继续阅读

Posted in Linux系统学习 | Leave a comment

在makefile中判断文件是否存在

在makefile中判断文件是否存在

makefile判断文件存在如下的两种方法:

1. 调用shell的函数进行判断

exist=$(shellif[-f$(FILE)];thenecho"exist";elseecho"notexist";fi;)
ifeq(exist,"exist")
#do something here
endif

当然,这个方法很土,但是能够工作!!

2. 使用makefile的函数进行判断
ifeq($(FILE),$(wildcard$(FILE)))
#do something here
endif

继续阅读

Posted in Linux系统学习 | Leave a comment

如何打自己的第一个RPM包

如何打自己的第一个RPM包

首先说明几点:

  1. 打包最好用root用户操作,不然会遇到permission denied的错误。——> 这点如果大家有不同见解,大家可以讨论。
  2. 需要安装rpmbuild这个工具

如果没有rpmbuild这个命令,可以使用下面的命令安装,本片文章所使用的环境是Centos 7.

$> sudo yum install -y rpm-build

安装之后使用下面的命令测试是否安装成功

$>rpmbuild

这个命令默认没有任何输出,但是命令已经安装就不会找不到之类的错误信息。

下面我们打一个最简单的包,里面只包含一个可执行文件文件,helloworld,然后将它安装到/usr/local/bin。 首先,我们生成helloworld的可执行程序,

继续阅读

Posted in Linux系统学习 | Leave a comment

如何去新西兰

如何去新西兰

这里说说如何去新西兰,都有那些途径,但是并不会展开说。
以后会有专门文章就每一种方式详加阐述。

大概有以下几个选项:

1. 申请 Working Holiday Visa

申请条件

未超过30岁,30也可以申请

申请网址

http://www.immigration.govt.nz/migrant/stream/work/workingholiday/chinawhs.htm

继续阅读

Posted in 移民 | Leave a comment
京ICP备15005596号-4