[資源分享] OpenWebMail + 防毒 + 擋廣告

祐祐

現在的網路環境，架設 mail server 已經不像以前，廣告信、防毒的構思已經成為基本配備之一，而各大入口網站所提供的 web mail 嚴然蔚為風潮，考慮防毒的概念，用 pop 收信的確對我們的電腦有一定的風險，而 web mail 現在也列為 mail server 的考慮清單之一。


環境介紹：
debian 3.0
postfix 2.x
amavivsd-new
spamassassin 3.x
ClamAV
openwebmail 2.x
apache 1.x

[ 安裝 postfix,pop ]
debian:~# apt-get install postfix-tls libsasl2-modules sasl2-bin
debian:~# apt-get install qpopper


[ 安裝 amavisd-new,spamassassin ]
debian:~# apt-get install amavisd-new spamassassin
debian:~# apt-get install unzip unrar lha zoo lzop gzip
# 有遇到詢問時，大多可以用 enter 帶過(使用預設選項)


[ 安裝 clamvisd ]
debian:~# apt-get install clamav clamav-base clamav-freshclam clamav-daemon


[ 設定postfix 啟動 amavisd-new ]
debian:~# vi /etc/postfix/main.cf
# 加入以下這行設定
content_filter = smtp-amavis:[127.0.0.1]:10024

debian:~# vi /etc/postfix/master.cf
# 加入以下兩行設定
smtp-amavis unix - - n - 2 smtp
　　-o smtp_data_done_timeout=1200
　　-o disable_dns_lookups=yes

127.0.0.1:10025 inet n - n - - smtpd
　　-o content_filter=


[ 重新啟動 postfix ]
debian:~# /etc/init.d/postfix restart


[ 設定amavisd ]
debian:~# vi /etc/amavis/amavisd.conf
# 找到以下這行，將紅字部分改為自己的網域
$mydomain = 'm955.com';

# 將紅字部分改為自己設定
$sa_spam_subject_tag = '***我是廣告***';

# 更改以下設定
$final_virus_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_spam_destiny = D_PASS; # (defaults to D_REJECT)
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS)


[ 重新啟動 amavis ]
debian:~# /etc/init.d/amavis restart


[測試吧!!]
debian:~# telnet m955.com 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 qemu ESMTP Postfix (Debian/GNU)
MAIL FROM:<tetralet@mail.org>
250 Ok
RCPT TO:<tetralet>
250 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: Virus Test Pattern

X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
.
250 2.7.1 Ok, discarded, id=02749-02 - VIRUS: Eicar-Test-Signature
quit
221 Bye


[ 網路測試病毒信：http://www.webmail.us/testvirus ]
設定到這裡，主機就具備有防毒功能了，你的每一封MAIL都會有程式把關


OpenWebMail
2005/09/18 起, B2D 計劃自行產出 openwebmail 的套件檔(因為原來的 openwebmail DEB 套件已中止)，目前 B2D 套件庫中開始提供 Openwebmail 2.51 for B2D, 安裝方法如下：

[ 編輯 /etc/apt/sources.list ]
debian:~# vi /etc/apt/sources.list

# 加入以下這段
deb ftp://debian.tnc.edu.tw/pub1 b2d/

# 您的 sources.list 要有以下二列
deb ftp://debian.tnc.edu.tw/pub/debian/ stable main non-free contrib
deb ftp://debian.tnc.edu.tw/pub1 b2d/


[ 執行 update ]
debian:~# apt-get update
debian:~# apt-get install openwebmail

# 出現以下詢問：

Send the site report?(Y/n) n

Thank you.

Please *restart* your Apache2 !
Y/N ?
y

Forcing reload of web server: Apache2.


[ 使用 ]
http://您的主機/cgi-bin/openwebmail/openwebmail.pl
若有重新啟動 Apache2, 則以下位址即可連入 Openwebmail:
http://您的主機/openwebmail


啟動廣告信機制

[ 安裝廣告資料庫 ]
debian:~# apt-get install dcc-client razor pyzor

# 安裝完成後執行以下指令
debian:~# razor-client
debian:~# razor-admin -create
debian:~# pyzor discover

SpamAssassin 會查詢 Razor 之線上資料庫來過濾垃圾郵件了，Razor 將會# 對外連線至 Razor 線上資料庫的 TCP 2703 和 7 這兩個 Port。在設定防火牆時要記得打開。

我們也可以將我們手上的垃圾郵件提交給 Razor 線上資料庫。首先，我們得要先從 Razor 線上資料庫得到一組帳號密碼：
執行 razor-admin -register -user postmaster@m955.com


[ 設定 spamassassin ]
debian:~# vi /etc/spamassassin/local.cf


#以下為基本設定(可整篇複製即可)

#rewrite_header Subject *****SPAM*****

required_hits 7
use_bayes 1
bayes_path /var/lib/amavis/.spamassassin/bayes
auto_learn 1

skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 1

always_add_headers 0
dcc_add_header 0
report_safe 0
use_terse_report 0
spam_level_stars 1
dns_available yes

ok_languages en zh
ok_locales en zh

#whitelist_from *@Newsletters.Microsoft.com
#whitelist_from *@ms1.104.com.tw

score CASHCASHCASH 3.0
score CLICK_BELOW 1.5
score FORGED_MUA_OUTLOOK 3.6
score HTML_40_50 0.8
score HTML_90_100 0
score INVALID_DATE 1.4
score MIME_LONG_LINE_QP 1.0
score MISSING_MIMEOLE 1.9
score NONEXISTENT_CHARSET 3.5
score NORMAL_HTTP_TO_IP 1.2
score NO_REAL_NAME 1.2
score OPT_IN 1.2
score RCVD_IN_RFCI 0.9
score UPPERCASE_25_50 0
score UPPERCASE_50_75 0
score UPPERCASE_75_100 0
score FWD_MSG -2.0
score RCVD_FAKE_HELO_DOTCOM_2 2.0
score FROM_WEBMAIL_ENDS_IN_NUMS6 1.0

score DCC_CHECK 4.000
score RAZOR2_CHECK 2.500
score BAYES_99 4.300
score BAYES_90 3.500
score BAYES_80 3.000

score HEADER_8BITS 0
score HTML_COMMENT_8BITS 0
score SUBJ_FULL_OF_8BITS 0
score HEAD_ILLEGAL_CHARS 0
score SUBJ_ILLEGAL_CHARS 0

# From addr like <some chinese>@mydomain
#header __FROM_8BIT_LOCAL From:addr =~ /[a-zA-Z0-9_-]*[x80xff][a-zA-Z0-9_-]*@mail.com.tw/i
#header __TO_8BIT_LOCAL To:addr =~ /[a-zA-Z0-9_-]*[x80-xff][a-zA-Z0-9_-]*@mail.com.tw/i
#header __CC_8BIT_LOCAL Cc:addr =~ /[a-zA-Z0-9_-]*[x80-xff][a-zA-Z0-9_-]*@mail.com.tw/i
#meta LOCAL_8BIT_USER (__FROM_8BIT_LOCAL || __TO_8BIT_LOCAL || __CC_8BIT_LOCAL)
#describe LOCAL_8BIT_USER From or To a chinese@mydomain
#score LOCAL_8BIT_USER 3.0


# local


body EROTICISM_ZH /(口|肛|性)交/
describe EROTICISM_ZH Eroticism
score EROTICISM_ZH 3.5

header FOXMAIL1 X-Mailer =~ /FoxMail/
describe FOXMAIL1 Foxmail with X-Mailer
score FOXMAIL1 3.5

header FOXMAIL2 X-mailer =~ /FoxMail/
describe FOXMAIL2 Foxmail with X-mailer
score FOXMAIL2 3.7

body H8H_COM /http://x-mail.h8h.com.tw/
describe H8H_COM Spammers from http://x-mail.h8h.com.tw
score H8H_COM 3.5

body SPAM_ZH /廣告/
describe SPAM_ZH Contain AD
score SPAM_ZH 0.5

header SUBJECT_TIME Subject =~ / [0-9]{2}:[0-9]{2}:[0-9]{2}/
describe SUBJECT_TIME Subject: Has "Time" String - 12:33:09
score SUBJECT_TIME 3.5

header TO_DMAILER To =~ /DMailer/i
describe TO_DMAILER To: has a dmailer related address
score TO_DMAILER 3.5

header TO_TXT To =~ /.txt/i
describe TO_TXT To: has a .txt address
score TO_TXT 3.5

header TO_UNDISCLOSED To =~ /"Undisclosed-Recipient:"@/i
describe TO_UNDISCLOSED To: Undisclosed-Recipient
score TO_UNDISCLOSED 2.0

body WINDOWOPEN /window.open(/i
describe WINDOWOPEN JavaScript: Windows.Open
score WINDOWOPEN 3.5

body UNSUBSCRIBE_ZH /取消.*訂閱/
describe UNSUBSCRIBE_ZH Body contain unsubscribe msg in chinese
score UNSUBSCRIBE_ZH 1.5

body EPAPER /報/
describe EPAPER Someone's epaper
score EPAPER -2.0

body price /比價王/
describe price website
score EPAPER -2.0


[ 測試看看!! ]
debian:~# spamassassin -D < /usr/share/doc/spamassassin/examples/sample-spam.txt
# 如果有看到以下類似訊息，就表示OK嘍

debug: executable for dccproc was found at /usr/bin/dccproc
debug: DCC is available: /usr/bin/dccproc
debug: entering helper-app run mode
debug: DCC: got response: X-DCC-dcc.uncw.edu-Metrics: qemu 1201; Body=many Fuz1=many Fuz2=many
debug: leaving helper-app run mode
debug: DCC: Listed! BODY: 999999 of 999999 FUZ1: 999999 of 999999 FUZ2: 999999 of 999999

debug: executable for pyzor was found at /usr/bin/pyzor
debug: Pyzor is available: /usr/bin/pyzor
debug: entering helper-app run mode
debug: Pyzor: got response: 217.160.253.84:24441 (200, 'OK') 0 0


[ 設定 amavisd ]
debian:~# vi /etc/amavis/amavisd.conf
# 前面加上註解，讓 Amavisd-new 啟動 SpamAssassin
# @bypass_spam_checks_acl = qw( . );

# 更改以下設定
$sa_tag_level_deflt = 4.0;
$sa_tag2_level_deflt = 6.3;
$sa_kill_level_deflt = 10;


[ 黑白名單(選擇性加入) ]
# 黑名單
read_hash(%blacklist_sender, '/etc/amavis/blacklist');
# 白名單
read_hash(%spam_lovers, '/etc/amavis/spam_lovers');

# 要自己去 touch 這兩個檔案，加入你所想列的 E-MAIL


[ 重新啟動 amavis ]
debian:~# /etc/init.d/amavis restart


[測試吧!!]
debian:~# telnet m955.com 25
Connected to 127.0.0.1.
Escape character is '^]'.
220 qemu ESMTP Postfix (Debian/GNU)
MAIL FROM:<tetralet@mail.org>
250 Ok
RCPT TO:<tetralet>
250 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: Test spam mail (GTUBE)

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
.
250 Ok: queued as 0C3E9C906B
quit
221 Bye