postfix+rspamd 垃圾病毒郵件過濾

時間 2020-06-16

標籤 postfix+rspamd postfix rspamd 垃圾病毒郵件過濾欄目系統安全简体版

原文原文鏈接

rspmad 安裝配置參考 https://rspamd.com/doc/quickstart.htmlhtml

[root@umail ~]# wget -O /etc/yum.repos.d/rspamd.repo http://rspamd.com/CentOS/6/os/x86_64/rspamd.repo
[root@umail ~]# rpm --import http://rspamd.com/vsevolod.pubkey
[root@umail ~]# yum install rspamd
[root@umail ~]# service rspamd start

rspamd集成到postfix 須要安裝rmilter,yum安裝的是1.64，測試出來速度比較慢，因此這邊rmilter直接編譯安裝新版本1.65。 rmilter用cmake安裝,先安裝環境 rmilter 主頁 https://github.com/vstakhov/rmiltergit

[root@umail libmilter]# yum install -y bison flex cmake libopendkim-devel

直接cmake 編譯rmilter會提示找不到libmilter,查看日誌,應該是沒有libmilter 庫文件github

-- checking for one of the modules 'libpcre;libpcre3;pcre;pcre3' CMake Error at CMakeLists.txt:206 (MESSAGE): libmilter is required for building rmilter 這要下載sendmail先安裝limiltersass

[root@umail sendmail-8.15.1]# cd libmilter
[root@umail libmilter]# sh Build
[root@umail libmilter]# sh Build install

而後再安裝rmilterdom

[root@umail rmilter-master]# cmake -DMANDIR=/usr/share/man .
[root@umail rmilter-master]# make
[root@umail rmilter-master]# make install
[100%] Built target rmilter
Install the project...
-- Install configuration: "Debug"
-- Installing: /usr/local/sbin/rmilter
-- Installing: /usr/share/man/man8/rmilter.8
-- Installing: /usr/local/lib/systemd/system/rmilter.service

啓動rmilter,會提示錯誤,根據錯誤修改/etc/rmilter/rmilter.confsocket

[root@umail rmilter-master]# cp rmilter.conf.sample /etc/rmilter/rmilter.conf
[root@umail rmilter-master]# /usr/local/sbin/rmilter -c /etc/rmilter/rmilter.conf

若是用rmilter.sock 要有postfix權限,這裏面我直接把 rmilter.sock改爲777測試的，也能夠直接在rmilter.conf裏面用bind_socket 端口的方式 rmilter.conf 裏面要修改部分參數post

clamav {
servers = 127.0.0.1:3310;
}
spamd {
servers = r:127.0.0.1:11333;
}

集成到postfix 在main.cf裏面添加或者修改測試

smtpd_milters = unix:/var/run/rmilter/rmilter.sock
# or for TCP socket
# smtpd_milters = inet:localhost:9900
milter_protocol = 6
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
# skip mail without checks if milter will die
milter_default_action = accept

重啓服務測試吧.flex

常見錯誤:提示rmilter鏈接clamavr失敗ui

2015-06-25 17:46:01 rmilter[1677]:  mlfi_eom: 2B36D10079A: tempfile=/var/lib/rmilter/msg.XXplTZ9H, size=1623
2015-06-25 17:46:01 rmilter[1677]:  clamav: connect umail.test.cn, 111: Connection refused
2015-06-25 17:46:01 rmilter[1677]:  clamscan: failed to scan, retry, umail.test.cn, /var/lib/rmilter/msg.XXplTZ9H
2015-06-25 17:46:02 rmilter[1677]:  clamav: connect umail.test.cn, 111: Connection refused
2015-06-25 17:46:02 rmilter[1677]:  clamscan: failed to scan, retry, umail.test.cn, /var/lib/rmilter/msg.XXplTZ9H
2015-06-25 17:46:03 rmilter[1677]:  clamav: connect umail.westhost.cn, 111: Connection refused
2015-06-25 17:46:03 rmilter[1677]:  clamscan: failed to scan, retry, umail.test.cn, /var/lib/rmilter/msg.XXplTZ9H

處理方法,修改rmilter.conf裏面 clamav配置項裏面server=127.0.0.1:3310

垃圾郵件規則定義在 /etc/rspamd/metrics.conf 裏面

2015-06-26 10:19:34 postfix/smtpd[23481]:  warning: hostname mail.domain.com does not resolve to address 219.234.4.192
2015-06-26 10:19:34 postfix/smtpd[23481]:  connect from unknown[219.214.41.192]
2015-06-26 10:19:34 postfix/smtpd[23481]:  F2D611007BE: client=unknown[219.214.41.192]
2015-06-26 10:19:35 postfix/cleanup[23491]:  F2D611007BE: message-id=<201506261019004489699@domain.com>
2015-06-26 10:19:35 rmilter[23088]:  mlfi_eom: F2D611007BE: tempfile=/var/lib/rmilter/msg.XXsDC1zX, size=1817
2015-06-26 10:19:36 rmilter[23088]:  spamdscan: scan qid: <F2D611007BE>, mid: <201506261019004489699@domain.com>, 1.657511, localhost, metric: default: [5.900000 / 15.000000], symbols: HFILTER_HELO_IP_A(1.00), HFILTER_HOSTNAME_UNKNOWN(4.00), R_SPF_ALLOW(-1.10), MISSING_SUBJECT(2.00)
2015-06-26 10:19:36 rmilter[23088]:  clamscan: scan 0.011201, (null), /var/lib/rmilter/msg.XXsDC1zX
2015-06-26 10:19:36 postfix/qmgr[1389]:  F2D611007BE: from=<postadmin@domain.com>, size=1868, nrcpt=1 (queue active)
2015-06-26 10:19:36 postfix/smtpd[23481]:  disconnect from unknown[219.214.41.192] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
2015-06-26 10:19:36 postfix/pipe[23503]:  F2D611007BE: to=<info@mydomain.cn>, relay=dovecot, delay=2, delays=1.9/0/0/0.08, dsn=2.0.0, status=sent (delivered via dovecot service)
2015-06-26 10:19:36 postfix/qmgr[1389]:  F2D611007BE: removed

從日誌裏面看掃描一封垃圾郵件只用了2秒,比前面spamassassin明顯快多了