CentOS 7 建置Mail Gateway for MailScanner 5.0.3 + Postfix + Mailwatch + clamav + spamassassin

建置 CentOS 7 Mail Gateway

使用的是最小安裝版本的CentOS 7  CentOS-7-x86_64-Minimal-1611.iso

下載點:

http://isoredirect.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-Minimal-1611.iso

 

安裝CentOS 7  完畢後,先把系統更新 一次

使用yum  update

先說明一下我的環境架構

內部有兩台Exchang 2013 (CAS   and MBX) ,所以架設這一台mail gateway 後直接修改 mx 紀錄外部郵件先導向這台mail gateway  過濾後 再丟到後端Exchange。

postfix 設定:

安裝好CentOS後postfix 預設就已經安裝了,所以不用特別在安裝

修改  /etc/postfix/main.cf

inet_interfaces = all

mydomain = pmail.idv.tw

relay_domains = pmail.idv.tw

transport_maps = hash:/etc/postfix/transport

修改/etc/postfix/transport

pmail.idv.tw    smtp:192.168.2.3  => 這邊設定就是轉送pmail.idv.tw 網域郵件到該IP位置

修改完畢執行以下指令會產生 transport.db 此功能才會生效,如果有新增修改資訊要執行一次才會更新。

postmap /etc/postfix/transport

gw1

設定開機啟用

systemctl start postfix

systemctl enable postfix

安裝clamav

yum -y install epel-release

yum install clamav

yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

安裝完畢後 兩個設定檔

/etc/freshclam.conf
/etc/clamd.d/scan.conf

編輯這兩個檔案 將Example 這個字串刪除

手動更新病毒碼
freshclam

設定每小時更新病毒碼

crontab -e

0  *  *  *  *  /usr/bin/freshclam –quiet

gw2

Install Spamassassin

yum install spamassassin

sa-update

設定開機啟動

systemctl enable spamassassin
systemctl start spamassassin

Install MailScanner

必要軟體安裝

yum install perl unzip gcc patch rpm-build cpp  perl-DBI perl-MIME-tools perl-DBD-SQLite binutils glibc-devel perl-Filesys-Df zlib zlib-devel automake perl-devel

下載 MailScanner  5.0.3-7

https://www.mailscanner.info/downloads/

wget https://s3.amazonaws.com/msv5/release/MailScanner-5.0.3-7.rhel.tar.gz

解壓縮  tar xvf MailScanner-5.0.3-7.rhel.tar.gz

切換到解壓縮後的目錄 cd MailScanner-5.0.3-7
 

gw3

執行 ./install.sh 進行安裝即可

這一版 和之前不一樣 他會互動問一些問題不外乎就是要步要順便裝缺少的套件等等問題

截圖如下

 

gw4gw5gw6gw7gw8gw9gw10gw11gw12gw13

設定MailScanner

MailScanner 要搭配spammassassin使用須建立目錄及設定權限
mkdir /var/spool/MailScanner/spamassassin
chown postfix /var/spool/MailScanner/spamassassin

設定 postfix 可以寫入 incoming and quarantine 兩個目錄權限指令如下
chown postfix.postfix /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/quarantine

編輯 /etc/MailScanner/MailScnner.conf

設定以下項目
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin

MailScanner和postfix搭配使用時所需的設定:
修改 /etc/postfix/main.cf 裡面 這一行—-> header_checks = regexp:/etc/postfix/header_checks 將#註解拿掉

修改 /etc/postfix/header_checks 加上這一行 ——–> /^Received:/ HOLD (這是為了讓Postfix收進來的mail 先儲存在某一個Directory裡面,等待MailScanner 來進行Scan )

MailScanner 搭配Clamav預設不需要修改mailscanner.conf 只要正確安裝clamv就可以正常運作。

MailScanner 搭配SpamAssassin 預設不需要修改mailscanner.conf  只要有安裝spamassassin就會使用。

最後修改  /etc/MailScanner/defaults 設定run_mailscanner=1 才可以將服務啟動

run_mailscanner=1

gw14

確定沒問題

使用service mailscanner on =>設定開機啟動mailscanner  (注意m是小寫)

啟動mailscanner  => service mailscanner start

啟動後可以看一下log  => tail –f  /var/log/maillog  會看到類似下圖訊息

gw15

測試是否運作正常:

使用gmail 發送正常郵件看到正常的log ,紅色字體,是我用gmail 寄信到roy.lee@pmail.idv.tw

也確實有relay 到我後端Exchange (後面紅色字體)

藍色粗體字則是有掃描看看是否有病毒郵件

Dec 14 07:57:36 localhost postfix/smtpd[13803]: connect from mail-qk0-f172.google.com[209.85.220.172]
Dec 14 07:57:37 localhost postfix/smtpd[13803]: 580D1132D0: client=mail-qk0-f172.google.com[209.85.220.172]
Dec 14 07:57:37 localhost postfix/cleanup[13807]: 580D1132D0: hold: header Received: from mail-qk0-f172.google.com (mail-qk0-f172.google.com [209.85.220.172])??by localhost.localdomain (Postfix) with ESMTP id 580D1132D0??for <roy.lee@pmail.idv.tw>; Wed, 14 Dec 2016 07:57:37  from mail-qk0-f172.google.com[209.85.220.172]; from=<roy.mis0916@gmail.com> to=<roy.lee@pmail.idv.tw> proto=ESMTP helo=<mail-qk0-f172.google.com>
Dec 14 07:57:37 localhost postfix/cleanup[13807]: 580D1132D0: message-id=<CANYCmc2wGr6CMTNW4jKV9cLRVP9NGkNovkWdxs9NA+F+49AfUg@mail.gmail.com>
Dec 14 07:57:37 localhost postfix/smtpd[13803]: disconnect from mail-qk0-f172.google.com[209.85.220.172]
Dec 14 07:57:38 localhost MailScanner[13688]: New Batch: Scanning 1 messages, 3192 bytes
Dec 14 07:57:38 localhost MailScanner[13688]: Virus and Content Scanning: Starting
Dec 14 07:58:03 localhost MailScanner[13688]: Requeue: 580D1132D0.AE613 to B454935DB3
Dec 14 07:58:03 localhost MailScanner[13688]: Uninfected: Delivered 1 messages
Dec 14 07:58:03 localhost MailScanner[13688]: Deleted 1 messages from processing-database
Dec 14 07:58:03 localhost postfix/qmgr[13331]: B454935DB3: from=<roy.mis0916@gmail.com>, size=2466, nrcpt=1 (queue active)
Dec 14 07:58:04 localhost postfix/smtp[13813]: B454935DB3: to=<roy.lee@pmail.idv.tw>, relay=192.168.2.3[192.168.2.3]:25, delay=27, delays=27/0/0/0.16, dsn=2.6.0, status=sent (250 2.6.0 <CANYCmc2wGr6CMTNW4jKV9cLRVP9NGkNovkWdxs9NA+F+49AfUg@mail.gmail.com> [InternalId=2512555868176, Hostname=MBX.pmail.idv.tw] Queued mail for delivery)

收到信後再最下方有一串說明有通過mailscanner 掃描過

gw17

測試病毒信

使用gmail 測試一封信 內容帶有病毒字串

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

gw16

預設如果有掃到病毒信用戶端收到信後主旨開頭預設會被加入{Virus?}

gw18

該封郵件的附件會有說明此封為病毒郵件被放在隔離區

MailScanner in /var/spool/MailScanner/quarantine/20161214 (message 90917132D0.AEFCB).

gw19

果然在該路徑有此封隔離郵件

gw20

測試spam 郵件

使用gmail 測試一封信 內容帶有spam字串

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

收到信件時就會檢查到(紅色字體)

Dec 14 08:36:30 localhost postfix/smtpd[14383]: connect from mail-qt0-f172.google.com[209.85.216.172]
Dec 14 08:36:30 localhost postfix/smtpd[14383]: 68F2A147: client=mail-qt0-f172.google.com[209.85.216.172]
Dec 14 08:36:30 localhost postfix/cleanup[14386]: 68F2A147: hold: header Received: from mail-qt0-f172.google.com (mail-qt0-f172.google.com [209.85.216.172])??by localhost.localdomain (Postfix) with ESMTP id 68F2A147??for <roy.lee@pmail.idv.tw>; Wed, 14 Dec 2016 08:36:30 -0 from mail-qt0-f172.google.com[209.85.216.172]; from=<roy.mis0916@gmail.com> to=<roy.lee@pmail.idv.tw> proto=ESMTP helo=<mail-qt0-f172.google.com>
Dec 14 08:36:30 localhost postfix/cleanup[14386]: 68F2A147: message-id=<CANYCmc32gFHfXd2+Nz1BySQowPkQbYbgTX2oKKUjYGTAxcYgVA@mail.gmail.com>
Dec 14 08:36:30 localhost postfix/smtpd[14383]: disconnect from mail-qt0-f172.google.com[209.85.216.172]
Dec 14 08:36:31 localhost MailScanner[14289]: New Batch: Scanning 1 messages, 4624 bytes
Dec 14 08:36:31 localhost MailScanner[14289]: Virus and Content Scanning: Starting
Dec 14 08:37:02 localhost MailScanner[14289]: Spam Checks: Found 1 spam messages
Dec 14 08:37:03 localhost MailScanner[14289]: Requeue: 68F2A147.AF389 to 1349F35DB5
Dec 14 08:37:03 localhost MailScanner[14289]: Uninfected: Delivered 1 messages
Dec 14 08:37:03 localhost MailScanner[14289]: Deleted 1 messages from processing-database
Dec 14 08:37:03 localhost postfix/qmgr[13331]: 1349F35DB5: from=<roy.mis0916@gmail.com>, size=3900, nrcpt=1 (queue active)
Dec 14 08:37:12 localhost postfix/smtp[14399]: 1349F35DB5: to=<roy.lee@pmail.idv.tw>, relay=192.168.2.3[192.168.2.3]:25, delay=42, delays=33/0.01/0.01/9.2, dsn=2.6.0, status=sent (250 2.6.0 <CANYCmc32gFHfXd2+Nz1BySQowPkQbYbgTX2oKKUjYGTAxcYgVA@mail.gmail.com> [InternalId=2516850835466, Hostname=MBX.pmail.idv.tw] Queued mail for delivery)
Dec 14 08:37:12 localhost postfix/qmgr[13331]: 1349F35DB5: removed

預設如果有掃到spam用戶端收到信後主旨開頭預設會被加入{Spam?}

gw21

另外因為mailscanner 搭配spamassassin 預設沒有改的像我這次測試的spam 信應該是不會被送到用戶端因為此字串會列為高度spam,設定是會直接放到隔離區了。(如下圖)

gw22

設定的地方是 /etc/MailScanner/MailScanner.conf 中的

High Scoring Spam Actions  =  deliver or delete or store

deliver => 正常送到用戶端

delete => 直接刪除不放隔離區

store => 放到隔離區

安裝mailwatch工具:

此軟體功能還滿強大的,可以從web看maillog,還可以由web來管理隔離區郵件例如delete , release 等等。

必要軟體安裝: httpd  mariadb-server mariadb  php php-mysql php-gd php-mbstring

yum install httpd  mariadb-server mariadb  php php-mysql php-gd php-mbstring

安裝 Perl Encoding::FixLatin module 只接執行下列兩行指令

cpan App::cpanminus
cpanm  Encoding::FixLatin

設定 httpd 自動啟動

systemctl start httpd.service
systemctl enable httpd.service

DB基本設定

首先啟用mariadb => systemctl start mariadb

基本設置 =>  mysql_secure_installation

直行後預設直接Enter 進入設定模式

在此會設定db root 密碼 等等 (如下圖)(基本設就是一些安全性的設定都選Y即可)

gw23

設定開啟啟動 => systemctl enable mariadb.service

php 相關設定 (/etc/php.ini)

safe_mode = Off
register_globals = Off
magic_quotes_gpc = Off
magic_quotes_runtime = Off
session.auto_start = 0

下載目前最新版mailwatch 1.2.0

https://github.com/mailwatch/1.2.0

下載後放到mailgw 主機上

抓下來是   1.2.0-master.zip

放上主機後解壓縮 =>   unzip 1.2.0-master.zip

接著 切換到 接壓縮的目錄 =>  cd 1.2.0-master

建立資料庫   mysql -u root -p < create.sql

gw24

建立 mariadb 使用者帳號密碼

mysql> GRANT ALL ON mailscanner.* TO mailwatch@localhost IDENTIFIED BY '<password>';
mysql> GRANT FILE ON *.* TO mailwatch@localhost IDENTIFIED BY '<password>';
mysql> FLUSH PRIVILEGES;

gw25

修改MailWatch.pm

檔案在解壓縮目錄中的 1.2.0-master/MailScanner_perl_scripts

修改帳戶及密碼 (這裡的帳號密碼就是最後網頁登入帳號密碼,在這此檔案先設定後面步驟會在MariaDB 新增此帳號密碼)

my($db_user) = ‘mailwatch’;
my($db_pass) = ‘password’;

gw26

修改完畢後將檔案搬到 /usr/share/MailScanner/perl/custom 目錄中

指令:

mv MailWatch.pm /usr/share/MailScanner/perl/custom

建立 MailWatch web user

mysql mailscanner -u mailwatch -p

INSERT INTO users SET username = ‘<username>’, password = MD5(‘<password>’), fullname = ‘<name>’, type = ‘A’gw27

安裝設定mailwatch

將網頁相關檔案搬到 /var/www/html/

檔案在解壓縮目錄中的 1.2.0-master/mailscanner

指令 => mv mailscanner  /var/www/html/

設定相關權限

切換到 /var/www/html/mailscanner 後

 $ chown root:apache images
 $ chmod ug+rwx images
 $ chown root:apache images/cache
 $ chmod ug+rwx images/cache

gw28

建立conf.php

cd  /var/www/html/mailscanner
cp conf.php.example conf.php

修改前面步驟設定的mailwatch web 用戶帳號密碼

define('DB_TYPE', 'mysql');
define('DB_USER', 'mailwatch');
define('DB_PASS', 'password');
define('DB_HOST', 'localhost');
define('DB_NAME', 'mailscanner');

設定MailScanner

先將mailscanner 停止 => service mailscanner stop

修改 /etc/MailScanner/MailScanner.conf 如下設定

Always Looked Up Last = &MailWatchLogging
Detailed Spam Report = yes
Quarantine Whole Message = yes
Quarantine Whole Messages As Queue Files = no
Include Scores In SpamAssassin Report = yes
Quarantine User = root
Quarantine Group = apache
Quarantine Permissions = 0660

整合黑白名單(SQLBlackWhiteList.pm )

SQLBlackWhiteList.pm 檔案在解壓縮目錄中的 1.2.0-master\MailScanner_perl_scripts

將SQLBlackWhiteList.pm 複製到  /usr/share/MailScanner/perl/custom

複製後到/usr/share/MailScanner/perl/custom  修改 SQLBlackWhiteList.pm

將mailwatch web user 帳號密碼填入

sub CreateList {
  my($type, $BlackWhite) = @_;
  my($dbh, $sth, $sql, $to_address, $from_address, $count, $filter);
  my($db_name) = 'mailscanner';
  my($db_host) = 'localhost';
  my($db_user) = 'mailwatch';
  my($db_pass) = 'password';

修改MailScanner.conf 

Is Definitely Not Spam = &SQLWhitelist
Is Definitely Spam = &SQLBlacklist

修改為必再啟動mailscanner   =>  service mailscanner start

登入mailwatch

http://x.x.x.x/mailscanner/

PS:

1.此版本mailscanner 測試後不會自動將postfix  服務帶起來,所以postfix 還是需要設定開機自動啟動。



本篇瀏覽人數: 1079
本篇發表於 Cent OS篇。將永久鏈結加入書籤。

發表迴響

您的電子郵件位址並不會被公開。 必要欄位標記為 *

*

您可以使用這些 HTML 標籤與屬性: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>