![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2017-02-08
介紹
HomePage: http://mailscanner.info/
Lang: Perl
* controlled on a per-user, per-domain or per-IP basis.
* The setup of MailScanner distributed with Ubuntu is totally broken (所以要人手安裝)
* In Queue (/var/spool/postfix/hold)Scanner
目錄
Install
Deabin 只有 squeeze 才有 package 而且很舊 (4.79.11-2.2), 所以建議由 Source 開發安裝 ...
由 Source 安裝
# 設定 CPAN
沒有設定會一直死在, 如下
Please enter the URL of your CPAN mirror
# Virtually every configuration option can, for example, be controlled on a per-user, per-domain or per-IP basis.
gpg --recv-keys --keyserver pgp.mit.edu 1415B654
gpg --verify signature_file mailscanner_archive
# unpack and install
# Tarball-based installations of all the modules required for ClamAV 0.96.5 and SpamAssassin 3.3.1.
tar xzvf <filename>.tar.gz
install.sh # 行完 install.sh 後將會安裝在 /opt
# 建立 cron job
37 5 * * * /opt/MailScanner/bin/update_phishing_sites 07 * * * * /opt/MailScanner/bin/update_bad_phishing_sites # 用 mailwatch 就不用這句 # 58 23 * * * /opt/MailScanner/bin/clean.quarantine 42 * * * * /opt/MailScanner/bin/update_virus_scanners 3,23,43 * * * * /opt/MailScanner/bin/check_mailscanner
Doc
- http://mailscanner.info/postfix.html
- http://mailscanner.info/MailScanner.conf.5.html
- http://wiki.mailscanner.info/doku.php?id=maq:index
Start & Stop
# Start MailScanner:
/opt/MailScanner/bin/check_mailscanner
Starting MailScanner... Done.# check
ps aux | grep MailScanner
root 11708 0.0 1.9 26216 20120 ? Ss 20:28 0:00 MailScanner: master waiting for children, sleeping
root 11709 0.3 2.3 36992 23832 ? S 20:28 0:00 MailScanner: waiting for messages
root 11754 0.4 2.3 36996 23796 ? S 20:28 0:00 MailScanner: waiting for messages
root 11800 0.5 2.3 36996 23796 ? S 20:28 0:00 MailScanner: waiting for messages
root 11845 0.7 2.3 36996 23796 ? S 20:28 0:00 MailScanner: waiting for messages
root 11890 1.1 2.3 36996 23796 ? S 20:28 0:00 MailScanner: waiting for messages# Stop MailScanner:
pkill -9 MailScanner
Configure Files
/opt/MailScanner/etc/*
* MailScanner.conf <= 主設定檔
# 減少使用資源 # 每個 child 要用 20MB 左右 Max Children = 1 Restart Every = 7200 # 多少秒 scam incoming mail queue 一次 Queue Scan Interval = 6 Run As User = postfix Run As Group = postfix # 設定 header msg 用的 variable %org-name% = MailFilter
# pid
/opt/MailScanner/var/MailScanner.pid
# lib
/opt/MailScanner/lib
- clamav-autoupdate
- clamav-wrapper
- nod32-autoupdate
- nod32-wrapper
Scan 的次序
RBL Tests
\/
Spam Tests
\/
Virus Tests
\/
Attachment HTML Tests
\/
Message Processing
Work with postfix
設定: main.cf
/etc/postfix/main.cf
header_checks = regexp:/etc/postfix/header_checks
/etc/postfix/header_checks
/^Received:/ HOLD
* Make sure you have the chroot jail set up in /var/spool/postfix
check:
Sep 30 14:55:43 debian6 postfix/cleanup[19388]: 63C4F5B8CC: hold: header Received: from yourdomain.net (unknown [192.168.88.177])??by debian6.local (Postfix) with SMTP id 63C4F5B8CC??for <root>; Mon, 30 Sep 2013 14:55:27 +0800 (HKT) from unknown[192.168.88.177]; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<yourdomain.net>
MailScanner.conf
Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming MTA = postfix
PS.
You will need to ensure that the user "postfix" can write to
/var/spool/MailScanner/incoming and /var/spool/MailScanner/quarantine
Incoming Work Dir = /var/spool/MailScanner/incoming Quarantine Dir = /var/spool/MailScanner/quarantine
chmod 770 /var/spool/MailScanner/incoming
chown postfix /var/spool/MailScanner/incoming
chmod 770 /var/spool/MailScanner/quarantine
chown postfix /var/spool/MailScanner/quarantine
Setting up a MailScanner as Gateway (postfix)
Step1:
main.cf:
#relay_domains = <your domain>, <your domain2> relay_domains = hash:/etc/postfix/transport transport_maps = hash:/etc/postfix/transport
transport:
<your domain1> smtp:[ip.address.of.exchange] <your domain2> smtp:[ip.of.lotus.server]
postmap transport
Step2:
Edit DNS MX records to suit the new MailScanner server
Attachment Filename Checking
MailScanner.conf
# The maximum size, in bytes, of any attachment in a message. # If this is set to zero, effectively no attachments are allowed. # If this is set less than zero, then no size checking is done. Maximum Attachment Size = -1 # The maximum number of attachments allowed in a message before it is # considered to be an error. Maximum Attachments Per Message = 30
filename.rules
From: 127.0.0.1 /etc/MailScanner/filename.rules.allowall.conf FromOrTo: default /etc/MailScanner/filename.rules.conf
filename.rules.allowall.conf
allow .* - -
filename.rules.conf
# Fields are separated by TAB # "regular expression" "log text" "user report text" # my setting deny \.js$ block js file java script file
Archives
# Setting Maximum Archive Depth = 3 Archives Are = zip rar ole Attachment Extensions Not To Zip = .zip .rar .gz .tgz .jpg .jpeg .mpg .mpe .mpeg .mp3 .rpm .htm .html .eml Allow Password-Protected Archives = yes Check Filenames In Password-Protected Archives = yes Archives: Filename Rules = %etc-dir%/archives.filename.rules.conf Archives: Filetype Rules = %etc-dir%/archives.filetype.rules.con
Phishing
Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf Phishing Bad Sites File = %etc-dir%/phishing.bad.sites.conf
Virus Scanner
MailScanner.conf
Virus Scanning = yes Virus Scanner = clamav
Spam
# This includes both MailScanner's own checks and SpamAssassin. Spam Checks = yes # Disable MailScanner #Spam List = Spam List = BARRACUDA SORBS SPAMHAUS SPAMCOP # translates the names of the "Spam List" values to the real DNS names Spam List Definitions = %etc-dir%/spam.lists.conf # If a message appears in at least this number of "Spam Lists" (as defined above), # then the message will be treated as spam Spam Lists To Be Spam = 1 # "High Scoring Spam Actions" will happen Spam Lists To Reach High Score = 3 # if a message is bigger than a certain size, it is highly unlikely to be spam Max Spam Check Size = 3072k # ==================== Use SpamAssassin = yes Required SpamAssassin Score = 4 High SpamAssassin Score = 7
spam.lists.conf
# You should register your IP before using the Barracuda list. BARRACUDA b.barracudacentral.org # aggregate list - http://www.sorbs.net/using.shtml SORBS dnsbl.sorbs.net # aggregate list - http://www.spamhaus.org/zen/ SPAMHAUS zen.spamhaus.org # aggregate list - https://www.spamcop.net/bl.shtml SPAMCOP bl.spamcop.net
Notifications back to the senders
Notify Senders = no # *If* "Notify Senders" is set to yes 後的設定 Notify Senders Of Viruses = no Notify Senders Of Blocked Filenames Or Filetypes = yes
Web GUI
MailWatch
HomePage: http://mailwatch.org/
PHP & MySQL
GPL
Download: https://github.com/mailwatch
baruwa
HomePage: https://www.baruwa.org/
Version: 2.0.1 (2013-09-30) (requirement MailScanner >=4.80)
安裝
# Baruwa can be downloaded from PyPI
apt-get install python-pip
pip install baruwa
DOC:
https://www.baruwa.org/docs/2.0/
Header Configure
Mail Header = X-%org-name%-MailScanner-EFA:
X-SF2-MailScanner-EFA: Found to be clean
Detailed Spam Report = yes
Spam Header = X-%org-name%-SpamCheck:
X-SF2-SpamCheck: not spam, SpamAssassin (not cached, score=1.473, required 4, AWL -0.32, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, HTML_FONT_FACE_BAD 0.29, HTML_MESSAGE 0.00, KAM_NUMSUBJECT 0.50, MIME_HTML_ONLY 1.10)
Spam Score Header = X-%org-name%-SpamScore:
Spam Score Character = *
SpamScore Number Instead Of Stars = yes
X-SF2-SpamScore: 1
Use Watermarking = yes
Add Watermark = yes
Watermark Header = X-%org-name%-Watermark:
X-SF2-Watermark: 1516329963.03818@gGejTV1QtXU7/mlISu5Isw
