리눅스, 자료실, 성경검색, 추억의게임, 고전게임, 오락실게임, rootman, http://www.rootman.co.kr
* 35.171.164.78 *
| Home | Profile | Linux | 자료실 | zabbix | Mysql 5.6 | 갤러리 | 성경검색 | 해피니스 | 자유게시판 | 게시물검색 | L | O | R |    

qmail (스팸필터링) qmail + qmail-scanner 연동

페이지 정보

profile_image
작성자 rootman
댓글 0건 조회 11,174회 작성일 11-12-07 19:29

본문

■ spam filtering
■ qmail + qmailscanner 연동
○ 설치 전 필수 패키지 설치

[[email protected] ~]# yum -y install pcre pcre-devel gcc-c++ perl-suidperl

○ quarantine-events.txt 설정 시 주의 사항
- 각 컬럼의 구분자는 [TAB]이므로 반드시 지켜야 합니다.
- DB 재구동 시 /var/qmail/bin/qmail-scanner-queue.pl -g 를 실행 시켜야 합니다.
- DB 내용은 /var/qmail/bin/qmail-scanner-queue.pl -r 로 확인합니다.

○ maildrop 설치

- 공식다운로드 : http://sourceforge.net/projects/courier/files/maildrop
- 다운로드 : https://app.box.com/s/03qzihtlxcw33lvgu3a6
[[email protected] ~]# tar xvzf maildrop-2.7.1.tar.bz2
[[email protected] ~]# cd maildrop-2.7.1
[[email protected] job/maildrop-2.7.1]# ./configure \
 --enable-sendmail=/var/qmail/bin/sendmail \
 --enable-maildrop-uid=vpopmail \
 --enable-maildrop-gid=vchkpw \
 --enable-maildirquota \
 --enable-restrict-trusted=1 \
 --enable-trusted-users='root qmaild vpopmail'
[[email protected] job/maildrop-2.7.1]# cd maildrop-2.7.1
[[email protected] job/maildrop-2.7.1]# make && make install-strip

[[email protected] ~]# mkdir /etc/maildrop
[[email protected] ~]# cat /etc/maildrop/mailfilter
VHOME=`/home/vpopmail/bin/vuserinfo -d [email protected]$HOST`
DEFAULT="$VHOME/Maildir"
SPAMDIR="$DEFAULT/.spam"
DUMMY=`test -d $SPAMDIR`
 
if($RETURNCODE == 1)
{
    `/var/qmail/bin/maildirmake $SPAMDIR`
    `chown vpopmail:vchkpw  $SPAMDIR`
}

if ( $RETURNCODE != 0 )
{
    EXITCODE=100
    exit
}
else
{
    if ( /^X-Spam-Status: Yes/ )
    {
          to "$SPAMDIR"
     }
}
[[email protected] ~]# chown -R vpopmail:vchkpw /etc/maildrop
[[email protected] ~]# chmod 600 /etc/maildrop/mailfilter
[[email protected] ~]# cat /home/vpopmail/domains/next.com/.qmail-default
[변경 전]
| /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox

[[email protected] ~]# cp /root/job/maildrop-2.7.1/libs/maildir/quotawarnmsg /home/vpopmail/domains/.quotawarn.msg
[[email protected] ~]# chown vpopmail:vchkpw /home/vpopmail/domains/.quotawarn.msg

[[email protected] /home/vpopmail/domains/next.com]# cat > .qmail-default << EOF
| /usr/local/bin/maildrop /etc/maildrop/mailfilter || /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox
EOF
[[email protected] /home/vpopmail/domains/next.com]# chmod 600 .qmail-default
[[email protected] /home/vpopmail/domains/next.com]# chown vpopmail.vchkpw .qmail-default

[[email protected] /home/vpopmail/domains/next.com/m]# cat > .mailfilter << EOF
VPOP="| /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox"
VHOME=`/home/vpopmail/bin/vuserinfo -d [email protected]$HOST`

#check dir
`test -d $VHOME/Maildir/`
if( $RETURNCODE != 0 )
{
    echo "Sorry,_no_mailbox_here_by_that_name."
    EXITCODE=77
    exit
}

#blacklist
#
`test -f $VHOME/.blacklist`
if ($RETURNCODE==0)
{
    $DOMAIN=`expr $SENDER : '.*@\(.*\)'`
    if ($SENDER ne '' && (lookup($SENDER, "$VHOME/.blacklist") || lookup($DOMAIN, "$VHOME/.blacklist")))
    {
        #to "$VHOME/Maildir/.Trash/"
        to /dev/null
    }
}

#whitelist
#
`test -f $VHOME/.whitelist`
if ($RETURNCODE==0)
{
    if ($SENDER ne '' && lookup($SENDER, "$VHOME/.whitelist"))
    {
        to "$VHOME/Maildir/"
    }
}

#spamassassin
#
if ($SIZE < 262144)
{
    exception {
        xfilter "spamc -f -u [email protected]$HOST"
    }
}
else
{
    exception {
        to "$VHOME/Maildir/"
    }
    exception {
        to "$VPOP"
    }
}

if (/^X-Spam-Flag: *YES/)
{
    ADDQUOTA = " $SIZE 1"
    `echo $ADDQUOTA >> $VHOME/Maildir/maildirsize`
    to “$VHOME/Maildir/.Trash/”
}
else
{
    exception {
        to “$VHOME/Maildir/”
    }
    exception {
        to “$VPOP”
    }
}
EOF
[[email protected] /home/vpopmail/domains/next.com/m]# chmod 600 .qmail-default
[[email protected] /home/vpopmail/domains/next.com/m]# chown vpopmail.vchkpw .qmail-default

○ qmailscanner 설치
[[email protected] ~]# groupadd qscand
[[email protected] ~]# useradd -c "Qmail-Scanner Account" -g qscand  -s /bin/false qscand

- 공식다운로드 : http://sourceforge.net/projects/qmail-scanner/files/qmail-scanner/
- 다운로드 : https://app.box.com/s/sfwm18ci7pmrjhh6trxt

[[email protected] job]# tar xvfz qmail-scanner-2.11.tgz
[[email protected] job]# cd qmail-scanner-2.11
[[email protected] job/qmail-scanner-2.11]# cp -r locale/en_GB locale/eucKR
[[email protected] job/qmail-scanner-2.11]# ./configure \
--qmaildir /var/qmail \
--bindir /var/qmail/bin \
--qmail-queue-binary /var/qmail/bin/qmail-queue  \
--admin root \
--notify none \
--silent-viruses auto \
--debug 0 \
--unzip 1 \
--add-dscr-hdrs 0 \
--archive 0 \
--redundant no \
--log-details syslog \
--fix-mime 1  \
--scanners verbose_spamassassin,clamdscan \
--install


○ spamc 소유권 및 로그적재 소유권 설정
[[email protected] job]# chown qscand:qscand /usr/bin/spamc
[[email protected] job]# mkdir /var/run/clamav
[[email protected] job]# chown qscand /var/log/clamav /var/run/clamav

○ qmail DB 갱신
[[email protected] ~]#  /var/qmail/bin/qmail-scanner-queue.pl -g
perlscanner: generate new DB file from /var/spool/qscan/quarantine-events.txt
perlscanner: total of 12 entries.

○ qmail-scanner 정상 설치 여부 확인
[[email protected] /root/job/qmail-scanner-2.11/contrib]# ./test_installation.sh  -doit
An error has occured.
Cannot find any reference to the Q-S administrator Email address in
/var/qmail/bin/qmail-scanner-queue.pl on your system!
Exiting....

# 아래와 같이 이메일 주소 변경
[[email protected] ~]# vim /var/qmail/bin/qmail-scanner-queue.pl   
my $V_FROM='[email protected]';
my $V_FROMNAME='System Anti-Virus Administrator';
my $QUARANTINE_CC='[email protected]';
my $NOTIFY_ADDRS='[email protected]';

# 수정했음에도 동일하게 에러가 발생한다면. defaultdomain 값이 set되어 있는지 확인
[[email protected] ~]# cat /var/qmail/control/defaultdomain
rootman.co.kr

○ qmail-scanner cannot open dir 에러 발생 시
- /var/spool/qscan 디렉터리의 소유자가 qscand 가 맞는지 확인
- /var/spool/qscan/tmp 디렉터리의 소유자가 qscand 가 맞는지 확인
- /usr/bin/find 명령어 읽기/실행 권한을 qscand 유저가 갖고 있는지 확인

○ qmail-smtpd/run 을 통한 control
[[email protected] ~]# cat /var/qmail/supervise/smtp/run
#!/bin/sh
VPOP_UID=`id -u vpopmail`
VPOP_GID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`

# simscan 이용 시
# QMAILQUEUE="/var/qmail/bin/simscan"

# qmailscanner 이용 시
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"

export QMAILQUEUE

exec /usr/sbin/softlimit -m 64000000 \
/usr/local/bin/tcpserver -vRHl0 \
-x /etc/tcprules.d/tcp.smtp.cdb \
-c ${MAXSMTPD} \
-u ${VPOP_UID} -g ${VPOP_GID} 0 25 \
/var/qmail/bin/qmail-smtpd \
/home/vpopmail/bin/vchkpw /bin/true 2>&1

○ tcp.smtp를 이용한 control
[[email protected] ~]# cat /etc/tcprules.d/tcp.smtp
127.0.0.1:allow,RELAYCLIENT="",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",DKSIGN="/var/qmail/control/domainkeys/%/private",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
:allow,CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",DKSIGN="/var/qmail/control/domainkeys/%/private"

[[email protected] ~]# tcprules /etc/tcprules.d/tcp.smtp.cdb /etc/tcprules.d/tcp.smtp.tmp < /etc/tcprules.d/tcp.smtp
 
○ clamav 실행 사용자를 qscand로 변경.
[[email protected] ~]# vim /etc/clamav/clamd.conf
# default
# User clamav
# 2014/01/24, qmail-scanner Use
User qscand

○ /var/qmail/bin/qmail-scanner-queue.pl 수정
#Array of virus scanners used must point to subroutines
my @scanner_array=("spamassassin");
my $spamc_binary='/usr/bin/spamc';
my $spamc_options='-c -f';
my $spamc_subject='[SPAM]';
my $spamassassin_binary='/usr/bin/spamassassin';
..

○ qmail-scanner-queue.pl 의 quarantine.log 중 적재 파일명 추가
- 함수 명 : write_quarantine_report
- 변경 전 : $report = "$nowtime\t$returnpath\t$recips\t$subj\t$desc\t$SCANINFO\n";
- 변경 후 : $report = "$nowtime\t$returnpath\t$recips\t$subj\t$desc\t$SCANINFO\t$file_id\n";

○ qmail-scanner 로그
/var/spool/qscan/qmail-queue.log
/var/spool/qscan/quarantine.log

○ 큐메일 및 clamd, spamassassin 재시작
[[email protected] ~]# /etc/init.d/qmaild restart
Restarting qmail:
* Stopping smtp.
* Stopping pop3.
* Stopping submission.
* Sending send SIGTERM and restarting.
* Restarting smtp.
* Restarting pop3.
* Restarting submission.
[[email protected] ~]# /etc/init.d/spamassassin restart
Stopping spamd:        [FAILED]
Starting spamd:         [  OK  ]
[[email protected] ~]#

○ config 설명 (첨부파일 참고)
[[email protected] /var/spool/qscan]# cat /var/spool/qscan/quarantine-events.txt
# 사이즈가 크면 filter
# This will block email containing .exe attachments that are EXACTLY 10Mbytes in size
.exe    SIZE=10000000   Executable attachments of 10M not accepted

# 사이즈 무관하게 mp3 첨부파일은 filter
# A size of "-1" bytes matches any size
# ...would stop any Email containing MP3 attachments passing.
.mp3    SIZE=-1 MP3 attachments disallowed

# zip 첨부파일 사이즈가 1024K보다 작으면 filter
.zip  SIZE=<1024      Tiny zip files not allowed

# 사이즈가 0이고 doc 첨부파일은 filter
# ...would mean block *.doc files that are 0 bytes in length.
.doc    SIZE=0  Zero-length corrupt viruses - ignore

# 첨부(EICAR.COM) 사이즈가 69K 면 filter
EICAR.COM               SIZE=69 EICAR Test Virus

# 첨부(Happy99.exe) 사이즈가 10000k filter
Happy99.exe             SIZE=10000      Happy99 Trojan virus

# 메일 제목 filter
# .*ILOVEYOU 형태로도 가능
# will match "Subject: Pickles for Breakfast" - and
# will match "Subject: PICKLES for BreAKfast"
# but not    "Subject: Pickles - where did you go?"
# help=>filter, i help you => X
help    Policy-Subject: Fake Example Pickles virus
# help=>X, i help => filter
.*help    Policy-Subject: Fake Example Pickles virus
# help=>X, i help7 => filter
.*help[0-9]$    Policy-Subject: Fake Example Pickles virus

# 메일 주소(from) filter
# would block all mail coming from the SMTP sender "[email protected]",
# (and would notify them - see NOTE 6).
[email protected]  Policy-MAILFROM:        Bad mailfrom envelope not allowed here!
.*addr.here  Policy-MAILFROM:        Bad mailfrom envelope not allowed here!

# smtp client 주소를 filter
# Policy-REMOTEIPADDR: - the IP address of the SMTP client
127.0.0.5      Policy-REMOTEIPADDR:    Blocked IP from 127.0.0.5 blocked

###############################################################
# [ mail type reject ]
.vbs    SIZE=-1 VBS files not allowed per Company security policy
.lnk    SIZE=-1 LNK files not allowed per Company security policy
.scr    SIZE=-1 SCR files not allowed per Company security policy
.wsh    SIZE=-1 WSH files not allowed per Company security policy
.hta    SIZE=-1 HTA files not allowed per Company security policy
.pif    SIZE=-1 PIF files not allowed per Company security policy
.cpl    SIZE=-1 CPL files not allowed per Company security policy
.exe    SIZE=-1 CPL files not allowed per Company security policy
..
..

○ config 갱신

[[email protected] ~]# /var/qmail/bin/qmail-scanner-queue.pl -g
perlscanner: generate new DB file from /var/spool/qscan/quarantine-events.txt
perlscanner: total of 24 entries.

○ config db update 설정 사항 보기
[[email protected] ~]# /var/qmail/bin/qmail-scanner-queue.pl
...
Email Header:     Subject
            Content: ^sex.*$
            Description: Spam Subject
perlscanner: total of 25 entries found.

○ 로그 보기
[[email protected] ~]# tail -f /var/spool/qscan/quarantine.log
Fri, 24 Jan 2014 14:00:17 KST    [email protected]     [email protected]    sex ##sdftest, sex .....3333....... mailling...    Love Letter Virus/Trojan    

○ 스팸 메일 발송 시 에러 적재 사항
::: /var/spool/qscan/quarantine.log 파일
[[email protected] /var/spool/qscan]# tail -f 
Wed, 29 Jan 2014 12:50:58 KST    [email protected]    [email protected]    sex    dirty subject    spamassassin: 3.3.1.

::: /var/log/maillog 파일
Jan 29 12:50:58 n3 qmail-scanner[3475]: Perlscan:dirty_subject:RC:0(1.1.1.1): 0.040615 210476 [email protected] [email protected] sex <[email protected]> 1390967458.3477-0.pds.next.com:11548 __UTF-8_B_ZWhleHRob3N0LmV4ZQ____:143360

○ 스팸파일 메일 그대로 전송하기
[[email protected] /var/spool/qscan/quarantine/policy/new]# cat pds.next.com13905553615886097 | /var/qmail/bin/qmail-inject

댓글목록

등록된 댓글이 없습니다.

Total 645건 5 페이지

검색