Instalasi Postfix Untuk Mail Gateway di Debian 4.0 r3 (Webmin, MailScanner, SpamAssassin, Clamav, Pyzor and razor2, DCC, Mailwatch)

Posted On 19 August 2009

Filed under Linux

Comments Dropped leave a response

1. Tambahkan Source list pada /etc/apt/source.list

deb http://volatile.debian.org/debian-volatile etch/volatile main contrib non-free
deb http://komo.vlsm.org/debian etch main non-free contrib
deb http://komo.vlsm.org/debian etch-proposed-updates main non-free contrib
deb http://debian.indika.net.id/debian etch main non-free contrib
deb http://debian.indika.net.id/debian etch-proposed-updates main non-free contrib

Update source list dengan “apt-get update”

2. Secara default, debian akan menginstall aplikasi-aplikasi portmap, inetd, exim4, rpc.statd. Aplikasi ini membuka port2 yang sebenarnya tidak akan kita gunakan di sini. Jadi kita perlu memnonaktifkannya terlebih dahulu.

Kita bisa install sysv-rc-conf, kemudian menjalankannya dan memilih aplikasi2 yang akan kita aktifkan atau sebaliknya.

apt-get install sysv-rc-conf
sysv-rc-conf

Setelah selesai, reboot server anda.

# netstat -pln > untuk melihat port yang open
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp6 0 0 :::22 :::* LISTEN 1814/sshd
udp 0 0 0.0.0.0:68 0.0.0.0:* 1888/dhclient3
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 4487 1795/acpid /var/run/acpid.socket

3. Install paket2 yang akan kita butuhkan nantinya.

apt-get install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.3-dev libpcre3 libpopt-dev lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++ build-essential dpkg-dev db4.3-util vim bzip2 perl-doc libwww-perl libdbi-perl libconvert-binhex-perl libmail-spf-query-perl rblcheck libnet-ident-perl tnef pax libberkeleydb-perl unzoo arj lzop nomarch arc zoo libdb-file-lock-perl

4. Install unarj

cd /usr/src
wget ftp://ftp.gva.es/mirror/debian2/pool/main/a/arj/unarj_3.10.21-2_all.deb
dpkg -i unarj_3.10.21-2_all.deb

5. Install beberapa module perl yang dibutukan.

perl -MCPAN -e shell > pada saat awal akan ditanyakan mirror yang akan kita gunakan pilih sesuai regional masing2.

install Module::Build
install Mail::SPF (Needed for SPF Checking)
install NetAddr::IP (Needed for SPF Checking)
install MLDBM::Sync this should also install MLDBM (Needed for MailWatch)

apt-get install libdbd-mysql-perl libapache-dbi-perl (Needed for MailWatch)

6. Install Webmin

apt-get install libauthen-pam-perl libio-pty-perl libmd5-perl libnet-ssleay-perl

Download webmin versi terbaru
cd /usr/src
wget http://internode.dl.sourceforge.net/sourceforge/webadmin/webmin_1.470_all.deb
dpkg -i webmin_1.470_all.deb

Kita bisa login hi https://localhost:10000 dengan user root dan password root server.

7. Install MySQL Server

apt-get install mysql-server mysql-client libmysqlclient15-dev

Seting password root : mysqladmin -u root password yourpasswordhere

8. Install Apache2 with php5 and ruby

apt-get install apache2 apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert

apt-get install libapache2-mod-php5 libapache2-mod-ruby php5 php5-common php5-curl php5-dev php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-mhash php5-ming php5-mysql php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl php5-sqlite php5-tidy php5-xmlrpc php5-xsl

Continue installing libc-client without Maildir support? <– Yes Kemudian kita edit file /etc/apache2/mods-available/dir.conf dan ubah menjadi :

DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl index.xhtml

Lalu kita enable module ssl, rewrite, suexec dan include

a2enmod ssl
a2enmod rewrite
a2enmod suexec
a2enmod include

/etc/init.d/apache2 force-reload

9. Sinkronisasi dengan jam system dengan NTP

apt-get install ntp ntpdate

10. Setup Postfix

apt-get install postfix postfix-pcre postfix-mysql postfix-ldap cabextract lha unrar razor pyzor spamassassin

General type of mail configuration: <– Internet Site System mail name: = 2.02); however:
Version of libmailtools-perl on system is 1.74-1.
mailscanner depends on libole-storage-lite-perl (>= 0.17); however:
Package libole-storage-lite-perl is not installed.
dpkg: error processing mailscanner (–install):
dependency problems – leaving unconfigured
Errors were encountered while processing:
mailscanner

Ini disebabkan karena versi beberapa paket yang kita install tidak sesuai dengan versi mailscannernya. Kita download dulu versi terbaru dari paket2 yang belum sesuai yaitu (libmailtools-perl dan libole-storage-lite-perl)

wget http://ftp.jp.debian.org/debian/pool/main/libm/libmailtools-perl/libmailtools-perl_2.04-1_all.deb
dpkg -i libmailtools-perl_2.04-1_all.deb

wget http://debian.mirror.inra.fr/debian/pool/main/libo/libole-storage-lite-perl/libole-storage-lite-perl_0.18-1_all.deb
dpkg -i libole-storage-lite-perl_0.18-1_all.deb

Baru kemudian, kita coba install lagi :

dpkg -i mailscanner_4.74.16-1_all.deb

Pyzor
——

chmod -R a+rX /usr/share/doc/pyzor /usr/bin/pyzor /usr/bin/pyzord
chmod -R a+rxX /usr/share/python-support/pyzor
pyzor –homedir /var/lib/MailScanner discover
pyzor ping

Razor
—–

rm /etc/razor/razor-agent.conf
mkdir /var/lib/MailScanner/.razor
razor-admin -home=/var/lib/MailScanner/.razor -create
razor-admin -home=/var/lib/MailScanner/.razor -discover
razor-admin -home=/var/lib/MailScanner/.razor -register
chown -R postfix:www-data /var/lib/MailScanner
chmod -R ug+rwx /var/lib/MailScanner

Edit file /var/lib/MailSCanner/.razor/razor.conf
Tambahkan/edit baris menjadi :

debuglevel = 0
razorhome = /var/lib/MailScanner/.razor/

DCC
—-

cd /usr/src/
wget http://packages.bosslinux.in/boss/pool/tarang/main/d/dcc/dcc-common_1.2.74-4_i386.deb
wget http://packages.bosslinux.in/boss/pool/tarang/main/d/dcc/dcc-server_1.2.74-4_i386.deb
dpkg -i dcc-common_1.2.74-4_i386.deb
dpkg -i dcc-server_1.2.74-4_i386.deb
wget http://www.rhyolite.com/dcc/source/dcc.tar.Z
tar zxvf dcc.tar.Z
cd dcc-1.3.103
./configure

make && make install

13. Edit konfigurasi MailScanner dan clamav

postfix stop
apt-get install clamav clamav-daemon

kemudian update database AV :

freshclam
mkdir /var/spool/MailScanner/spamassassin
cp /etc/MailScanner/MailScanner.conf /etc/MailScanner/MailScanner.conf.back

Edit MailScanner.conf, Ubah parameter di bawah ini:

%org-name% = ORGNAME
%org-long-name% = ORGFULLNAME
%web-site% = ORGWEBSITE
Run As User = postfix
Run As Group = www-data
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Virus Scanners = clamav
Spam Subject Text = ***SPAM***
Send Notices = no
Spam List = spamcop.net SBL+XBL
Required SpamAssassin Score = 6
High SpamAssassin Score = 10
Spam Actions = deliver
High Scoring Spam Actions = delete
Rebuild Bayes Every = 0
Wait During Bayes Rebuild = no
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin

a. header_checks & body_checks
Agar email yang masuk bisa difilter oleh Mailscanner, kita perlu membuat rule “hold” di postfix untuk email yang masuk.

postconf -e “header_checks = regexp:/etc/postfix/header_checks”
vi /etc/postfix/header_checks
/^Received:/ HOLD

b. Edit permission untuk mailscanner

Edit /etc/rc2.d/S20mailscanner jadi seperti:
check_dir /var/spool/MailScanner ${user:-postfix} ${group:-www-data}
#check_dir /var/lib/MailScanner ${user:-mail} ${group:-mail}
#check_dir /var/run/MailScanner ${user:-mail} ${group:-mail}
check_dir /var/lock/subsys/MailScanner ${user:-postfix} ${group:-www-data}

Pastikan parameter run_mailscanner di set 1 di /etc/default/mailscanner

run_mailscanner=1

c. Menambahkan Mailscanner Webmin Plugin

Login ke Webmin, https://localhost:10000, lalu install module mailscanner dari http://internap.dl.sourceforge.net/sourceforge/msfrontend/webmin-module-1.1-4.wbm. Lalu agar bisa plugin ini bisa berjalan, masuk ke module mailscanner-nya dan cek parameter2 ini:

Full path to MailScanner program /etc/init.d/mailscanner
Full path and filename of MailScanner config file /etc/MailScanner/MailScanner.conf
Full path to the MailScanner bin directory /usr/sbin
Full path and filename for the MailScanner pid file /var/run/MailScanner/MailScanner.pid
Command to start MailScanner /etc/init.d/mailscanner start
Command to stop MailScanner /etc/init.d/mailscanner stop

e. Jalankan kembali aplikasi mailnya.

/etc/init.d/mailscanner start
/etc/init.d/postfix start

cek error dari log :

tail -f /var/log/mail.log
Akan ada error “smtp dbclean[2324]: hostname “optimus22.ietf.org”: Unknown error in line 135 of /var/lib/dcc/whitecommon”.

Solving → Edit file /var/lib/dcc/whitecommon, hapus line ke 135

15. Instalasi MailWatch

Pastikan dulu MailScanner sudah berjalan sebelum melanjutkan instalasi MailWatch

Kita harus menginstall MySQL, Apache dan PHP. Selain itu, pastikan libdbd-mysql-perl sudah terinstall untuk sinkronisasi Mailscanner dengan database MySQL.

Cek parameter ini di file php.ini (/etc/php5/cli/php.ini dan /etc/php5/apache2/php.ini) :

short_open_tag = On
safe_mode = Off
register_globals = Off
magic_quotes_gpc = On
magic_quotes_runtime = Off
session.auto_start = 0

Hapus tanda ; atau # pada line :

extension=mysql.so
extension=gd.so

Semua command harus dijalankan sebagai root.

cd /usr/src/
wget http://downloads.sourceforge.net/mailwatch/mailwatch-1.0.4.tar.gz
tar xzvf mailwatch-1.0.4.tar.gz
cd mailwatch-1.0.4

Membuat Database

mysql -p GRANT ALL ON mailscanner.* TO mailwatch@localhost IDENTIFIED BY ‘password’;

Ingat Passwordnya! Kita harus menambahkan tanda ‘ pada password.

Edit dan copy MailWatch.pm

Edit Mailwatch.pm dan ubah $db_user dan &db_pass value berdasarkan setting user mysql diatas.

mv Mailwatch.pm /etc/Mailscanner/CustomFunctions/
Membuat Mailwatch Web User

Setting Username dan password untuk nanti login ke web mailwatch

mysql mailscanner -u mailwatch -p
Enter password: ******
mysql> INSERT INTO users VALUES (‘username’,md5(‘password’),’mailscanner’,’A’,’0′,’0′,’0′,’0′,’0′);

Install dan konfigure Mailwatch
mv mailscanner/ /var/www/
cd /var/www/mailscanner

Buat direktory temp:

mkdir temp
chgrp www-data temp
chmod g+w temp

chown root:www-data images
chmod ug+rwx images
chown root:www-data images/cache
chmod ug+rwx images/cache

cp conf.php.example conf.php
vim conf.php, ubah settingannya jadi seperti ini:

define(DB_USER, ‘mailwatch’);
define(DB_PASS, ‘password’);
define(MAILWATCH_HOME, ‘/var/www/mailscanner’);
define(MS_LIB_DIR, ‘/usr/share/MailScanner/’);
define(QUARANTINE_USE_FLAG, true);

Setup MailScanner

Edit file /etc/MailScanner/MailScanner.conf

Quarantine User = root
Quarantine Group = www-data
Quarantine Permissions = 0660
Quarantine Whole Message = yes
Always Looked Up Last = &MailWatchLogging
Quarantine Whole Message As Queue Files = no
Detailed Spam Report = yes
Include Scores In SpamAssassin Report = yes

Integrasi SQL Balcklist/Whitelist

cd /usr/src/mailwatch-1.0.4
vim SQLBlackWhiteList.pm
my($db_user) = ‘mailwatch’;
my($db_pass) = ‘password’;

cp SQLBlackWhiteList.pm /etc/MailScanner/CustomFunctions/
vim /etc/MailScanner/MailScanner.conf

Is Definitely Not Spam = &SQLWhitelist
Is Definitely Spam = &SQLBlacklist

Membolehkan MailWatch untuk bekerja dengan Postfix Inbound/Outbound

cd /usr/src
wget http://www.gbnetwork.co.uk/mailscanner/files/postfixmail.tar.gz
tar xvfz postfixmail.tar.gz
cd postfixmail
cp postfix* /var/www/mailscanner
patch /var/www/mailscanner/functions.php functions.php.diff

SpamAssassin

mv /etc/spamassassin/local.cf /etc/spamassassin/local.cf.disabled
cp /etc/MailScanner/spam.assassin.prefs.conf /etc/MailScanner/spam.assassin.prefs.conf.back

Tambahkan path ke pyzor dan razor :

vi /etc/MailScanner/spam.assassin.prefs.conf

Tambahkan baris dibawah ini ke spam.assassin.prefs.conf

pyzor_options –homedir /var/lib/MailScanner/
razor_config /var/lib/MailScanner/.razor/razor-agent.conf

edit juga baris ini:

#bayes_auto_expire 0

Pindah Bayesian Database dan set permission-nya

vi /etc/MailScanner/spam.assassin.prefs.conf
bayes_path /etc/MailScanner/bayes/bayes
bayes_file_mode 0660
bayes_ignore_header X-YOURDOMAIN-COM-MailScanner
bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamCheck
bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamScore
bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-Information

“YOURDOMAIN-COM” bisa anda ubah sesuai dengan “%org-name%” di MailScanner.conf. Biarkan tanda “X-” nya

Buat directory baru untuk menyimpan bayes :

mkdir /etc/MailScanner/bayes
chown -R root:www-data /etc/MailScanner/bayes
chmod -R ug+rw /etc/MailScanner/bayes
chmod g+s /etc/MailScanner/bayes

vim /etc/MailScanner/spam.assassin.prefs.conf

bayes_auto_expire 0

# paths to utilities

ifplugin Mail::SpamAssassin::Plugin::Pyzor
pyzor_path /usr/bin/pyzor
endif
ifplugin Mail::SpamAssassin::Plugin::DCC
dcc_path /usr/local/bin/dccproc
endif

vi /etc/spamassassin/v310.pre , Uncomment / Hapus tanda # pada baris berikut :

loadplugin Mail::SpamAssassin::Plugin::DCC
loadplugin Mail::SpamAssassin::Plugin::Razor2

Sekarang kita edit permission di file-file konfigurasinya :
chown -R postfix:www-data /var/spool/MailScanner
chown -R postfix:www-data /var/lib/MailScanner
chown -R postfix:www-data /var/run/MailScanner
chown -R postfix:www-data /var/lock/subsys/MailScanner
chown -R postfix:www-data /var/spool/postfix/hold
chmod -R ug+rwx /var/spool/postfix/hold

chmod -R u+rwx,g+rx /var/spool/MailScanner/quarantine

/etc/init.d/mailscanner restart

test setup mailscanner kita :

spamassassin -x -D -p /etc/MailScanner/spam.assassin.prefs.conf –lint

Perhatikan apakah DCC, Pyzor dan Razor sudah berjalan atau belum.
Agar Mailwatch bisa berjalan dengan baik, edit db_clean

vim /usr/src/mailwatch-1.0.4/tools/db_clean.php
#!/usr/bin/php -qn

Jadi

#!/usr/bin/php -q

cp /usr/src/mailwatch-1.0.4/tools/quarantine_maint.php /usr/bin/quarantine_maint.php
cp /usr/src/mailwatch-1.0.4/tools/db_clean.php /usr/bin/db_clean.php
chmod +x /usr/bin/quarantine_maint.php
chmod +x /usr/bin/db_clean.php

crontab -e

Tambahkan baris berikut:

15 10 * * 2 /usr/bin/quarantine_maint.php –clean &> /dev/null
58 23 * * * /usr/bin/db_clean.php &> /dev/null
reboot

tail -f /var/log/mail.log
Apr 3 20:01:14 smtp dccd[2325]: 1.2.74 listening to port 6277 with /var/lib/dcc and 115 MByte window
Apr 3 20:04:31 smtp MailScanner[2382]: MailScanner E-Mail Virus Scanner version 4.74.16 starting…
Apr 3 20:04:31 smtp MailScanner[2382]: Read 848 hostnames from the phishing whitelist
Apr 3 20:04:31 smtp MailScanner[2382]: Read 4278 hostnames from the phishing blacklist
Apr 3 20:04:31 smtp MailScanner[2382]: Config: calling custom init function SQLBlacklist
Apr 3 20:04:31 smtp MailScanner[2382]: Starting up SQL Blacklist
Apr 3 20:04:31 smtp MailScanner[2382]: Read 0 blacklist entries
Apr 3 20:04:31 smtp MailScanner[2382]: Config: calling custom init function MailWatchLogging
Apr 3 20:04:31 smtp MailScanner[2382]: Started SQL Logging child
Apr 3 20:04:31 smtp MailScanner[2382]: Config: calling custom init function SQLWhitelist
Apr 3 20:04:31 smtp MailScanner[2382]: Starting up SQL Whitelist
Apr 3 20:04:31 smtp MailScanner[2382]: Read 0 whitelist entries
Apr 3 20:04:32 smtp postfix/master[2440]: daemon started — version 2.3.8, configuration /etc/postfix
Apr 3 20:04:33 smtp MailScanner[2382]: Using SpamAssassin results cache
Apr 3 20:04:33 smtp MailScanner[2382]: Connected to SpamAssassin cache database
Apr 3 20:04:33 smtp MailScanner[2382]: Enabling SpamAssassin auto-whitelist functionality…
Apr 3 20:04:43 smtp MailScanner[2382]: Using locktype = flock

Login ke Mailscanner

Browsing ke http:///mailscanner. Tentunya sesuaikan hostname itu dengan server anda. Misalnya saya browsing ke http://smtp.msr.web.id/mailscanner atau bisa juga ke IP addressnya saja.

Sinkronisasi GeIP server

Ubah /var/www/mailscanner/geoip_update.php:
vi /var/www/mailscanner/geoip_update.php
dbquery(“LOAD DATA INFILE

Jadi…

dbquery(“LOAD DATA LOCAL INFILE
Pastikan allow_url_fopen = On di seting php.ini
Klik ‘Tools/Links’ menu dan pilih ‘Update GeoIP database’ lalu klik ‘Run Now’.

Lakukan pengetesan send/receive email, harusnya sudah berjalan. Cek mail.log untuk melihat error yang mungkin terjadi. Tapi, sampai sini Instalasi saya berjalan lancar.

Vim /var/www/mailscanner/clamav_status.php

Jadi…

16. Install dan Konfigure SPF

Sebagai informasi silahkan baca http://en.wikipedia.org/wiki/Sender_Policy_Framework

Okeh Kita mulai installnya ye…

Install dulu module perl Mail::SPF dan the NetAddr::IP

cd /usr/src
wget http://www.openspf.org/blobs/postfix-policyd-spf-perl-2.007.tar.gz
tar xvfz postfix-policyd-spf-perl-2.005.tar.gz
cd postfix-policyd-spf-perl-2.005
cp postfix-policyd-spf-perl /usr/lib/postfix/policyd-spf-perl

vi /etc/postfix/master.cf (Tambahkan line ini dibaris paling akhir)

policy unix – n n – – spawn

user=nobody argv=/usr/bin/perl /usr/lib/postfix/policyd-spf-perl

vim /etc/postfix/main.cf (Tambahkan pada bagian akhir dari smtpd_recipient_restrictions)

smtpd_recipient_restrictions = …..,reject_unauth_destination, check_policy_service unix:private/policy

(PENTING!check_policy_service harus diletakan setelah reject_unauth_destination.

/etc/init.d/postfix reload

17. Install dan Konfigure FuzzyOcr

FuzzyOcr memiliki cara analisa span yang berbeda dengan system ham(normal email) dan spam. Fuzzyocr bisa mendeteksi banyak tipe spam gambar dan bisa melindungi server dan user dari spammers.

apt-get install netpbm gifsicle libungif-bin gocr ocrad libstring-approx-perl libmldbm-sync-perl

imagemagick tesseract-ocr

cd /usr/src/
wget http://users.own-hero.net/~decoder/fuzzyocr/fuzzyocr-3.5.1-devel.tar.gz

tar xvfz fuzzyocr-3.5.1-devel.tar.gz
cd FuzzyOcr-3.5.1/
mv FuzzyOcr* /etc/mail/spamassassin/
wget http://www.gbnetwork.co.uk/mailscanner/FuzzyOcr.words -O /etc/mail/spamassassin/FuzzyOcr.words

Buat database untuk menyimpan data fuzzyocr

mysql -p < /etc/mail/spamassassin/FuzzyOcr.mysql Ubah passwordnya mysqladmin -u fuzzyocr -p fuzzyocr newpassword vi /etc/mail/spamassassin/FuzzyOcr.pm Ubah 'use POSIX;' menjadi 'POSIX qw(SIGTERM);' Edit konfigurasi Fuzzyocr vi /etc/mail/spamassassin/FuzzyOcr.cf focr_global_wordlist /etc/mail/spamassassin/FuzzyOcr.words Lalu ganti line ini: # Include additional scanner/preprocessor commands here: # focr_bin_helper pnmnorm, pnminvert, pamthreshold, ppmtopgm, pamtopnm focr_bin_helper tesseract Dengan : # Include additional scanner/preprocessor commands here: # focr_bin_helper pnmnorm, pnminvert, convert, ppmtopgm, tesseract Edit/enable line-line berikut ini: # Search path for locating helper applications focr_path_bin /usr/local/netpbm/bin:/usr/local/bin:/usr/bin focr_preprocessor_file /etc/mail/spamassassin/FuzzyOcr.preps focr_scanset_file /etc/mail/spamassassin/FuzzyOcr.scansets focr_digest_db /etc/mail/spamassassin/FuzzyOcr.hashdb focr_db_hash /etc/mail/spamassassin/FuzzyOcr.db focr_db_safe /etc/mail/spamassassin/FuzzyOcr.safe.db focr_minimal_scanset 1 focr_autosort_scanset 1 focr_enable_image_hashing 3 focr_logfile /var/log/FuzzyOcr.log #Mysql Connection# focr_mysql_db FuzzyOcr focr_mysql_hash Hash focr_mysql_safe Safe focr_mysql_user fuzzyocr focr_mysql_pass password focr_mysql_host localhost focr_mysql_port 3306 focr_mysql_socket /var/run/mysqld/mysqld.sock Test FuzzyOcr cd /usr/src/FuzzyOcr-3.5.1/samples spamassassin –debug FuzzyOcr /dev/null

Anda akan melihat baris kira-kira seperti ini:

[14808] info: FuzzyOcr: Found Score for Exact Image Hash
[14808] info: FuzzyOcr: Matched [1] time(s). Prev match: 16 sec. ago
[14808] info: FuzzyOcr: Message is SPAM. Words found:
[14808] info: FuzzyOcr: “price” in 1 lines
[14808] info: FuzzyOcr: “company” in 1 lines
[14808] info: FuzzyOcr: “alert” in 1 lines
[14808] info: FuzzyOcr: “news” in 1 lines
[14808] info: FuzzyOcr: (6 word occurrences found)
[14808] dbg: FuzzyOcr: Remove DIR: /tmp/.spamassassin14808JZSvHBtmp
[14808] dbg: FuzzyOcr: Processed in 0.104555 sec.

1. Sanesecurity Signatures

Banyak SPAM yang di attach sebagai file .pdf, .xls, bahkan di archive sebagai .zip dan .rar. Clamav bisa menangkap dengan mudah ketika signature file dibuat untuk scan attachment file.

apt-get install curl

mkdir /usr/src/sanesecurity
cd /usr/src/sanesecurity
wget http://www.inetmsg.com/pub/unofficial-sigs.sh
mv unofficial-sigs.sh /usr/bin/ss_bill.sh
chmod +x /usr/bin/ss_bill.sh

Edit ss_bill.sh dan ubah variabel2 berikut sesuai instalasi kita:

clam_dbs=”/var/lib/clamav” > direcktori dimana clamav signature akan disimpan

clamd_pid=”/var/run/clamav/clamd.pid” > arahkan ke file clamd.pid
reload_dbs=”yes”
reload_opt=”kill -USR2 `cat $clamd_pid`”
work_dir=”/var/tmp/clamd” > menentukan dimana sanesecurity ini akan bekerja

user_configuration_complete=”yes”

Sekarang kita update script untuk mengecek download nya berhasil.

ss_bill.sh

hasilnya akan seperti ini:

Running script manually, do you want to pause execution (y/n)?: n
Running unofficial ClamAV database updates…

======================================================================
SaneSecurity Database & Signature File Updates
======================================================================

SaneSecurity mirror site used: ns.km33603.keymachine.de 87.118.124.191

Number of files: 19
Number of files transferred: 12
Total file size: 5090959 bytes
Total transferred file size: 5084880 bytes
Literal data: 210600 bytes
Matched data: 4874280 bytes
File list size: 408
File list generation time: 0.001 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 26987
Total bytes received: 29977

sent 26987 bytes received 29977 bytes 16275.43 bytes/sec
total size is 5090959 speedup is 89.37

Testing updated database file: phish.ndb
gpg: Signature made Fri 13 Feb 2009 07:09:16 AM EST using DSA key ID 31EA4D9E
gpg: Good signature from “Sanesecurity (Sanesecurity Signatures) “
Clamscan reports phish.ndb database integrity tested good

Testing updated database file: scam.ndb
gpg: Signature made Fri 13 Feb 2009 07:09:17 AM EST using DSA key ID 31EA4D9E
gpg: Good signature from “Sanesecurity (Sanesecurity Signatures) “

[…….]

crontab -e

Tambahkan baris ini:

00 04 * * * /usr/bin/ss_bill.sh &> /dev/null

19. Install AlterMIME

apt-get install altermime

useradd -r -c “Postfix Filters” -d /var/spool/filter filter
mkdir /var/spool/filter
chown filter:filter /var/spool/filter
chmod 750 /var/spool/filter

cp /usr/share/doc/altermime/examples/postfix_filter.sh /etc/postfix/disclaimer
chgrp filter /etc/postfix/disclaimer
chmod 750 /etc/postfix/disclaimer

vi /etc/postfix/disclaimer_addresses
user1@example.com
user2@example.org
user3@example.net

vi /etc/postfix/disclaimer

#!/bin/sh
# Localize these.
INSPECT_DIR=/var/spool/filter
SENDMAIL=/usr/sbin/sendmail
####### Changed From Original Script #######
DISCLAIMER_ADDRESSES=/etc/postfix/disclaimer_addresses
####### Changed From Original Script END #######
# Exit codes from
EX_TEMPFAIL=75
EX_UNAVAILABLE=69
# Clean up when done or when aborting.
trap “rm -f in.$$” 0 1 2 3 15
# Start processing.
cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit
$EX_TEMPFAIL; }
cat >in.$$ || { echo Cannot save mail to file; exit $EX_TEMPFAIL; }
####### Changed From Original Script #######
# obtain From address
from_address=`grep -m 1 “From:” in.$$ | cut -d “” -f 1`
if [ `grep -wi ^${from_address}$ ${DISCLAIMER_ADDRESSES}` ]; then
/usr/bin/altermime –input=in.$$ \
–disclaimer=/etc/postfix/disclaimer.txt \
–disclaimer-html=/etc/postfix/disclaimer.txt \
–xheader=”X-Copyrighted-Material: Please visit http://www.company.com/privacy.htm&#8221; || \
{ echo Message content rejected; exit $EX_UNAVAILABLE; }
fi
####### Changed From Original Script END #######
$SENDMAIL “$@”
exit $?

cp /usr/share/doc/altermime/examples/disclaimer.txt /etc/postfix/disclaimer.txt

vi /etc/postfix/master.cf

#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: “man 5 master”).
#
# =========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n – – – – smtpd
-o content_filter=dfilt:

di akhir nya kita tambahkan juga :

[…]
dfilt unix – n n – – pipe

flags=Rq user=filter argv=/etc/postfix/disclaimer -f ${sender} — ${recipient}

/etc/init.d/postfix restart

Selesai! Sekarang disclaimer/penolakan akan ditambahkan pada email yang dikirm dari alamat yang dicantumkan di /etc/postfix/discalaimer_addressess.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s