最近公司的 mail sever 突然当机,我用 sendmail + procmail + spamassassin 架的
最后查到是因为同时进来太多的信造成 perl 执行了 300多个,记忆体被吃光造成当机
看来 spamassassin 太操主机了,所以我上网找了一个比较简单的过滤广告信方案
Enhancing E-Mail Security With Procmail : the E-mail Sanitizer
=> 不用钱的伺服器端邮件扫毒软体:Sanitizer
Sendmail + Procmail + Sanitizer 之安装步骤
1) 请注意:以下步骤皆是于FreeBSD平台测试过的结果,若您的平台为Linux,请留心档案系统的差异
2) 以下做法若有错误,敬请不吝指正。^_^
一、
下载档案:sendmail.8.12.6.tar.gz、procmail-3.22.tar.gz、procmail-sanitizer.tar.gz
(以上三个档案请自行连接至原始官方网站查看是否有最新版本提供下载)
二、原始官方网站:
1) sendmail:http://www.sen....org (目前最新版:8.12.6)
※ 如果要安装8.12以后的版本,记得要先建立smmsp、mailnull这两个帐号,;不过,如果您的FreeBSD是4.6以后的版本,恭喜您,因为系统预设的sendmail是8.12.3版,早已建立这两个帐号了。
smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/sbin/nologin
mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/sbin/nologin
2) procmail:http://www.pro....org (目前最新版:3.22)
3) sanitizer:http://www.impsec.org/email-to...security.html (目前最新版:1.136;procmail-sanitizer.tar.gz、html-trap.procmail.nomacroscan.gz)
三、把三个source档放在 /tmp下,当然您也可以放在其它自己认为较适当的目录下
四、安装procmail
cd /tmp
tar zxvf procmail-3.22.tar.gz
cd procmail-3.22/
vi src/authenticate.c
找到 #define MAILSPOOLDIR "/var/spool/mail/" 这一行
把它改成 #define MAILSPOOLDIR "/var/mail/" (这是针对FreeBSD改的,如果是Linux就不必改了)
改完后储存authenticate.c
make install
五、安装sendmail
cd /tmp
tar zxvf sendmail.8.12.6.tar.gz
cd sendmail-8.12.6/
./Build
make install
#如果不想升级sendmail,可省略以上步骤,但是还是得把和系统同版本的sendmail之 source抓回来tar开,以便进行cf档的制作。
制作sendmail.cf设定档
cd /tmp/sendmail-8.12.6/cf/cf/
cp generic-bsd4.4.mc MYCF.mc
# (Linux系统请改用 generic-linux.mc)
cd ../feature
cat local_procmail.m4 >> ../cf/MYCF.mc
cat access_db.m4 >> ../cf/MYCF.mc
cat delay_checks.m4 >> ../cf/MYCF.mc
cat virtusertable.m4 >> ../cf/MYCF.mc
cat blacklist_recipients.m4 >> ../cf/MYCF.mc
cd ../cf
# 在执行下列指令前记得先编辑MYCF.cf,把MAILER(local)dnl这一行搬到procmail区块之后,以免编译MYCF.cf档时出错。
sh Build MYCF.cf
cp MYCF.cf /etc/mail/sendmail.cf
cd /etc/mail
vi sendmail.cf
找到 Mlocal, P=/usr/local/bin/procmail,
将它改成 Mlocal, P=/usr/bin/procmail,
因为8.10系列以后的sendmail其所有的设定档皆预设放于/etc/mail下
所以您原来若有 8.9.x的access及aliases档,可将它们由/etc copy至/etc/mail 下
然后 cd /etc/mail
makemap hash access.db < access
makemap hash virtusertable.db < virtusertable
newaliases
touch local-host-names
vi local-host-names
加入mail server所有的nick name(主机的alias name);
如果主机只有一个DN,此档的内容可以是空的。
格式如下:
xxxx.tc.edu.tw (xxxx为贵校的DN)
mail.xxxx.tc.edu.tw
重新启动sendmail
ps aux|grep sendmail找到其PID
kill -HUP PID
如果上述重新启动不正常,就直接kill -9 其PID,
然后 /usr/sbin/sendmail -bd -q30m
六、安装sanitizer
mkdir /etc/procmail;chown root.wheel /etc/procmail;chmod 755 /etc/procmail
cp /tmp/procmail-sanitizer.tar.gz /etc/procmail/
cd /etc/procmail
tar zxvf procmail-sanitizer.tar.gz
chown root.wheel ./*;chmod 644 ./*
cd /etc
touch procmailrc(制作procmail的公用设定档)
vi procmailrc
(敝校 procmailrc内容如下,如果想要有更多的设定或想研究其环境参数可至
http://www.impsec.org/email-tools...iguration.html参考
或至http://www.spconnect.com/m...info/esa-l订阅MailList向全世界的网管
人员讨教、交换心得、参考他人对mail security的做法。)
################################
MAILDIR=/var/mail
MANGLE_EXTENSIONS='vbs|exe'
# MANGLE_EXTENSIONS 砍杀病毒的迷思,例如:test.pot被改成test.60276DEFANGED-pot了!!!
VERBOSE=off
PATH=/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/ucb:/etc:/usr/openwin/bin:/usr/dt/bin:/usr/ccs/bin/
SHELL=/bin/sh
PMDIR=$HOME/.procmail
POISONED_EXECUTABLES=/etc/procmail/poisoned-files
SECURITY_NOTIFY="postmaster, security-dude"
SECURITY_NOTIFY_VERBOSE="virus-checker"
SECURITY_NOTIFY_SENDER=/etc/procmail/sanitizer-security-policy.txt
SECRET="CHANGE THIS"
POISONED_SCORE=25
SCORE_HISTORY=/var/log/macro-scanner-scores
DROPPRIVS=YES
LOGFILE=/var/log/procmail.log
NL=""
LOGABSTRACT=no
SECURITY_QUARANTINE=/var/log/sanitizer.log
INCLUDERC=/etc/procmail/html-trap.procmail
#INCLUDERC=/etc/procmail/html-trap.procmail.nomacroscan
POISONED_EXECUTABLES=
SECURITY_NOTIFY=
SECURITY_NOTIFY_VERBOSE=
SECURITY_NOTIFY_SENDER=
SECURITY_QUARANTINE=
SECRET=
##################################################
接下来制作记录档(若学校的信件流量很大,下列前二个档膨胀的速度非常快喔,
可以在/etc/newsyslog.conf中设定让系统定时压缩、备份、删除记录档)
touch /var/log/sanitizer.log;chmod 622 /var/log/sanitizer.log
touch /var/log/procmail.log;chmod 622 /var/log/procmail.log
touch /var/log/macro-scanner-scores;chmod 622 /var/log/macro-scanner-scores
touch /etc/procmail/sanitizer-security-policy.txt
因为procmail+sanitizer若过滤到有问题的信(通常是含毒的),会寄通知给以下三个帐号
postmaster、security-dude、virus-checker(这三个帐号是刚刚在/etc/procmailrc档中指定的,如果觉得不好记,也可改成您喜欢的拼法)
其中postmaster是/etc/mail/aliases中预设的aliases帐号,另两个就要手动修改/etc/mail/aliases档把它们加上了
我在敝校的aliases加上:
postmaster:mis(这一行系统预设是postmaster: root)
virus-checker:mis
security-dude:mis
修改好后,记得在/etc/mail 下 newaliases 指令,更新aliases.db
这样我们只要收mis的信就可以了。(当然您也可以指定成其它贵校的合法帐号)
最后,我们只要重新启动一次sendmail让procmail读入/etc/procmailrc的设定就OK了。
#### Poisoned Files list:毒药档设成这样,您觉得还有什么档案可以夹呢?
*.asd
*.bat
*.chm
*.cil
*.cmd
*.com
*.dll
*.exe
*.hlp
*.hta
*.js
*.lnk
*.nws
*.ocx
*.pif
*.reg
*.scr
*.sh[bs]
*.vb
*.vb[se]
*.ws[cfh]
*.[a-z][a-z][a-z0-9].exe
*.[a-z][a-z][a-z0-9]\s+.exe
*.[a-z][a-z].(?=[a-z0-9]+$)(?!(doc$|rtf$|xls$))
*.[a-z][a-z]\s+.(?=[a-z0-9]+$)(?!(doc$|rtf$|xls$))
*.[a-z][a-z][a-z0-9].(?=[a-z0-9]+$)(?!(doc$|rtf$|xls$))
*.[a-z][a-z][a-z0-9]\s+.(?=[a-z0-9]+$)(?!(doc$|rtf$|xls$))
*\s+.exe
[0-9]+-i386-update.exe
.*romeo.exe
alyssa?s?here?.exe
amateurs.exe
anal.exe
anna.exe
anniv.doc
anti_cih.exe
anti_terrorism.exe
antivirus.exe
ants[0-9]+set.exe
aol4free.com
asian.exe
atchim.exe
avp[0-9].[0-9].exe
avp_updates.exe
babylonia.exe
badass.exe
bar.exe
binladen_bra[sz]il.exe
black.exe
blancheneige.exe
blonde.exe
boys.exe
buhh.exe
celebrity?rape.exe
cheerleader.exe
chocolate.exe
christmas.exe
comical_story.doc
common.exe
compu_ma.exe
creative.exe
cum.exe
cumshot.exe
*demo*.exe
disk.exe
doctor.exe
doggy.exe
dwarf4you.exe
emanuel.exe
enanito?fisgon.exe
enano.exe
enano?porno.exe
euro.exe
famous.exe
files.exe
fist-f?cking.exe
gay.exe
girls.exe
happy[0-9]+.exe
hardcore.exe
honey.exe
horny.exe
hot.exe
hottest.exe
i-watch-u.exe
ibmls.exe
ie[0-9]+.exe
images_zipped.exe
*install*.exe
invoice.exe
javascript.exe
jesus.exe
joke.exe
kinky.exe
leather.exe
led.exe
lesbians.exe
list.doc
lovers.exe
luckey.exe
masyanya.exe
matcher.exe
messy.exe
missworld.exe
misworld.exe
mkcompat.exe
mmsn_offline.htm
ms[0-9-]+.exe
mwld.exe
mwrld.exe
nakedwife.exe
navidad.exe
ntkrnl.exe
oains.exe
oral.exe
orgy.exe
*password.exe
*patch*.exe
path.xls
photos17.exe
picture.exe
pippo.exe
pleasure.exe
porkis.exe
pretty?park.exe
prettypark.exe
q[0-9][0-9][0-9]+.exe
qi_test.exe
quake4demo.exe
raquel?darian.exe
readme.exe
rede.exe
romeo.exe
sado.exe
sample.exe
seicho_no_ie.exe
serialz.hlp
*setup*.exe
sex.exe
sexy.exe
shake.exe
si.exe
slut.exe
sm.exe
sodomized.exe
softwarekey.exe
sslpatch.exe
story.doc
suck.exe
sulfnbk.exe
suppl.doc
surprise!.exe
suzete.exe
tattoo.exe
teens.exe
tettona.exe
teuro.exe
*update*.exe
*upgrade*.exe
userconf.exe
virgins.exe
whatever.exe
wtc.exe
x-mas.exe
xena.exe
xuxa.exe
xxxpic*.exe
y2kcount.exe
yahoo.exe
yawsetup.exe
zacker.exe
zipped_files.exe
?.exe
转贴自
http://w3.tceb.edu.tw/study/networ...tizerSetup.txt不过因为他会自动解压缩 zip 及 rar 去判断是否有病毒附档名,那也会占用很多主机资源,反正现在每台两电都有防毒软体,所以我就把那个功能关掉,另外因为 office 的病毒我也不用去过滤,所以我改用 html-trap.procmail.nomacroscan
我参考了官网的说明
http://www.impsec.org/email-tools...iguration.html以下是我的设定档,希望有兴趣的朋友可以一起研究
################################
MAILDIR=/var/mail
MANGLE_EXTENSIONS='vbs|exe'
# MANGLE_EXTENSIONS 砍杀病毒的迷思,例如:test.pot被改成test.60276DEFANGED-pot了!!!
VERBOSE=off
PATH=/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/ucb:/etc:/usr/openwin/bin:/usr/dt/bin:/usr/ccs/bin/
SHELL=/bin/sh
PMDIR=$HOME/.procmail
POISONED_EXECUTABLES=/etc/procmail/poisoned-files
SECURITY_NOTIFY="postmaster, security-dude"
SECURITY_NOTIFY_VERBOSE="virus-checker"
SECURITY_NOTIFY_SENDER=/etc/procmail/sanitizer-security-policy.txt
SECRET="CHANGE THIS"
POISONED_SCORE=25
SCORE_HISTORY=/var/log/macro-scanner-scores
DROPPRIVS=YES
LOGFILE=/var/log/procmail.log
NL=""
LOGABSTRACT=no
SECURITY_QUARANTINE=/var/log/sanitizer.log
DISABLE_RAR_SCAN=YES
DISABLE_ZIP_SCAN=YES
DISABLE_JPEG_SCAN=YE
#INCLUDERC=/etc/procmail/html-trap.procmail
INCLUDERC=/etc/procmail/html-trap.procmail.nomacroscan
POISONED_EXECUTABLES=
SECURITY_NOTIFY=
SECURITY_NOTIFY_VERBOSE=
SECURITY_NOTIFY_SENDER=
SECURITY_QUARANTINE=
SECRET=
##################################################
