[精华] sendmail+spamassassin+mailscanner+sophos过滤邮件

原来学校Linux+sendmail邮件服务器倒也平安，做了smtp的认证来防止非本地用户把我们的邮件服务器作为中转站滥发垃圾。

无奈，近期垃圾邮件漫天飘，尤其是netsky更是与另一家病毒制作者逞强斗能，害得我们平民百姓遭殃，眼瞅见邮件中的附件愣是不敢打开，心理障碍日趋严重。与其束手无策寄希望于病毒制作者的良心发现，不如奋起一搏拒毒于千里之外。

走投无路之际，受其他老师启发，开始琢磨垃圾邮件和病毒邮件过滤方法。而今小有斩获。

spamassassin杜绝垃圾邮件。linux内置的垃圾邮件过滤服务，惭愧，临时抱佛脚。升级spamassassin到2.63，与procmail进程整合。主要目录在/etc/mail/spamassassin 和 /usr/share/spamassassin，后者集中了各种规则。详细信息可以参照中国反垃圾联盟网站。

mailscanner+sophos杜绝病毒邮件。这是第三方开源软件，前者提供邮件扫描功能，后者是欧洲最大的防毒软件开发者，名列全球第五。提供病毒代码，如果企业用户是要付费的，能够定时更新病毒库。两者都是非常优秀的邮件安全系统。安装配置完成后防病毒邮件效果明显。主要目录：/etc/mailscanner,/usr/local/Sophos。停止sendmail进程，启动mailscanner进程。

所有的安装配置工作完成后，进行了测试，从xxx@163.com发送病毒邮件到xxx@itzx.net.cn，结果如下：

从xxx@itzx.net.cn，收到经过处理已经没有病毒的通知信：

信的主题：{Virus?} Fw: Re: List

信的内容：
Warning: This message has had one or more attachments removed
Warning: (archive.zip, data.rtf .scr).
Warning: Please read the "itzx-Attachment-Warning.txt" attachment(s) for more information.

邮件原始信息，也就是邮件头：
X-itzx-MailScanner-Information: Please contact the ISP for more information
X-itzx-MailScanner: Found to be infected
X-MailScanner-From: xxx@163.com
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on mail.itzx.net.cn
X-Spam-Level: **
X-Spam-Status: No, hits=2.6 required=5.0 tests=DNS_FROM_RFCI_DSN,
HTML_FONTCOLOR_UNKNOWN,HTML_FONT_BIG,HTML_MESSAGE,
MSGID_FROM_MTA_HEADER,PLING_QUERY autolearn=no version=2.63

经过配置，一旦查出病毒邮件，不发送通知信，非专业人员看了后可能一头雾水，心里怕怕。

给系统root的信：

日期: Tue, 27 Apr 2004 09:52:44 +0800
发件人: "MailScanner" <postmaster@mail.itzx.net.cn>
收件人: postmaster@mail.itzx.net.cn
主题: Warning: E-mail viruses detected

The following e-mail messages were found to have viruses in them:

Sender: <a href="mailto:xxx@163.com">xxx@163.com</a>
IP Address: 202.108.44.205
Recipient: xxx@163.com
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on mail.itzx.net.cn
X-Spam-Level: **
X-Spam-Status: No, hits=2.6 required=5.0 tests=DNS_FROM_RFCI_DSN,
HTML_FONTCOLOR_UNKNOWN,HTML_FONT_BIG,HTML_MESSAGE,
MSGID_FROM_MTA_HEADER,PLING_QUERY autolearn=no version=2.63

经过配置，一旦查出病毒邮件，不发送通知信，非专业人员看了后可能一头雾水。

给系统root的信：

日期: Tue, 27 Apr 2004 09:52:44 +0800
发件人: "MailScanner" <postmaster@mail.itzx.net.cn>
收件人: postmaster@mail.itzx.net.cn
主题: Warning: E-mail viruses detected

The following e-mail messages were found to have viruses in them:

Sender: xxx@163.com
IP Address: 202.108.44.205
Recipient: xxx@itzx.net.cn
Subject: Fw: something for you
MessageID: i3R1qXgL030932
Report: Sophos: >>> Virus 'W32/Netsky-B' found in file ./i3R1qXgL030932/friend.txt.exe
MailScanner: Executable DOS/Windows programs are dangerous in email (friend.txt.exe)

--
MailScanner
Email Virus Scanner
www.mailscanner.info

部分/var/log/maillog内容：
Apr 27 11:08:45 mail update.virus.scanners: Found rav installed
Apr 27 11:08:45 mail update.virus.scanners: Running autoupdate for rav
Apr 27 11:08:46 mail RAV-autoupdate[452]: RAV updater completed
Apr 27 11:08:46 mail update.virus.scanners: Found sophos installed
Apr 27 11:08:46 mail update.virus.scanners: Running autoupdate for sophos
Apr 27 11:08:55 mail Sophos-autoupdate[464]: Sophos successfully updated in /usr/local/Sophos/381.200404271108

Apr 27 11:10:38 mail MailScanner[28836]: New Batch: Scanning 1 messages, 42201 bytes
Apr 27 11:10:41 mail MailScanner[28836]: Virus and Content Scanning: Starting
Apr 27 11:10:46 mail MailScanner[28836]: >>> Virus 'W32/Netsky-P' found in file ./i3R3AXgL000509/message.scr
Apr 27 11:10:46 mail MailScanner[28836]: Virus Scanning: Sophos found 1 infections
Apr 27 11:10:46 mail MailScanner[28836]: Infected message i3R3AXgL000509 came from 218.16.86.121
Apr 27 11:10:46 mail MailScanner[28836]: Virus Scanning: Found 1 viruses
Apr 27 11:10:46 mail MailScanner[28836]: Filename Checks: Possible virus hidden in a screensaver (i3R3AXgL000509 message.scr)
Apr 27 11:10:46 mail MailScanner[28836]: Other Checks: Found 1 problems
Apr 27 11:10:46 mail MailScanner[28836]: Content Checks: Detected HTML-specific exploits in i3R3AXgL000509
Apr 27 11:10:46 mail MailScanner[28836]: Content Checks: Found 1 problems

——————————————
欢迎到浙江职教计算机专业网站
http://zjit.3322.org

[Original] [Print] [Top]

Subject: Re: sendmail+spamassassin+mailscanner+sophos过滤邮件 Author: lhl Posted: 2004-04-27 13:21 Length: 20 byte(s)
[Original] [Print] [Top]
再详细一些就更好了。
---- 时间永是流驶，BBS依旧不太平。
[Original] [Print] [Top]

Subject: Re: sendmail+spamassassin+mailscanner+sophos过滤邮件 Author: jieer Posted: 2004-04-27 17:18 Length: 43 byte(s)
[Original] [Print] [Top]
sophos anti-virus在那里可以买到，价钱多少？
---- FreeBSD、Qmail、Postfix、BBS、UseNet，Enjoy it!!!
[Original] [Print] [Top]

Subject: Re: sendmail+spamassassin+mailscanner+sophos过滤邮件 Author: ymy Posted: 2004-04-27 17:29 Length: 46 byte(s)
[Original] [Print] [Top]
一般用户是免费的，可以到它的网站通过注册下载。
[Original] [Print] [Top]

Subject: Re: sendmail+spamassassin+mailscanner+sophos过滤邮件 Author: ymy Posted: 2004-04-27 17:33 Length: 78 byte(s)
[Original] [Print] [Top]
谢谢鼓励，在论坛中学到了不少，也应该把自己的心得与大家分享，有空我再增添内容。
[Original] [Print] [Top]

Subject: Re: sendmail+spamassassin+mailscanner+sophos过滤邮件 Author: ymy Posted: 2004-05-03 19:38 Length: 231 byte(s)
[Original] [Print] [Top]
又增添了mailscanner-mrtg，通过著名的mrtg用图表的方式分析扫描状况，请访问网站： http://mail.itzx.net.cn/mailscanner-mrtg
[Original] [Print] [Top]

« Previous thread
请教如何将sendmail的系统退信或其他信息更改成中文

域名服务器和邮件服务器
第16页

Next thread »
QMAIL多域的问题

WEB	unixresources.net

备案序号: 京ICP备05006143 webmaster: webmaster@unixresources.net

This page created on 2008-07-17 02:52:51, cost 0.048681020736694 ms.