Set up a free anti-virus mail server under Linux

xiaoxiao2021-03-06 49

An email is playing an increasingly important role in people's work and life, but with the continuous development of viral manufacturing technologies and communication technologies, email has become the most important temperature of viral spread. How to prevent virus emails and advertising messages are the problems needed for the world. Formerly speech relevant departments, more than 85% of the email on the Internet in 2004 for advertising mail, viral email. Although the erasing mail server is relatively simple, it is often unable to stop these unsolicited advertising emails, virus emails, which is also a problem that the network management personnel have a headache in recent years. At present, there are many vendors to see this business opportunities, and they have launched software with blocking advertising emails and virus mail. But buy these software, will definitely increase the cost of the company. So, how do I do block viruses and advertising messages without increasing costs? Today, we introduce a full-free anti-virus mail server in Linux, using MailScanner Clamav as Mail Gateway, the content contains the attachment to analyze scans, determine if it belongs to a known viral infection or an advertisement, and targeted The letter attribute performs different processing. Second, the installation setup requires operating system: Fedora 1 (Other versions Linux can also be used, this article uses the Fedora system, other Linux system configurations) Mail Transport Agent (MTA): Sendmail or Postfix has been configured successfully, and send mail normally . Other Software: Perl (5.005 or more), WGET GCC First, use the following instructions: #RPM -QA | GREP Software Name Confirm that there is no such software on the system, if there is no software installed, please install it yourself. The workflow of MailScanner is shown in Figure 1.

The MAILSCANNER workflow chart is slightly different due to the installation configuration of Mailscanner under Sendmail and Postfix, so we are separated. Based on Sendmail Installation Step 1: Download Mailscanner and ClamAV for free on the official website of Mailscanner. The download address is: http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml can be downloaded with wget: wget http://www.sng.ecs.soton.ac.uk/mailscanner/ Files / 4 / rpm / mailscanner-4.32.5-1.rpm.tar.gz wget http://crash.fce.vutbr.cz/crash-ha/1/clamav/clamav-0.72-1.i386.rpm The above two files are decompressed to / TMP directory: CP mailscanner-4.32.5-1.rpm.tar.gz ClamAV-0.72-1.I386.RPM / TMP CD / TMP TAR -XZVF MAILSCANER-4.32.5-1. Rpm.tar.gz // Decompression is shown in Figure 2

Step 2: After the decompression is completed, switch to the mailscanner directory: CD MAILSCANER-4.32.5-1 Enter "./install.sh" command, after about 10 minutes, users will see a prompt message to remind users to Stop Sendmail service first, start the MAILSCANNER service, as shown in Figure 3.

If you are using the MTA (Mail Transport Agent) software is sendmail, then you will perform the above instructions, and after restarting, use the PS instruction to view the program currently available: PS -AX | GREP MAILSCANNER After starting the mailscanner successful, You can try a letter to the account to the host. If it works fine, then you will see the following information in the last paragraph of the header of each letter: X-Yoursite-mailscanner-information: please contact the ISP for more information X-yoursite-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details X-MailScanner-From: xxx@xxx.xxx there are two ways to install MailScanner based with posfix with the postfix . Method A: First confirm that your Postfix can send and receive the letters normally, and then install it according to Sendmail's installation steps 1, 2. After the installation is complete, then adjust the configuration file, find the following line in /etc/postfix/main.cf: header_checks = regexp: / etc / postfix / header_checks remove the front ##, as shown in Figure 4.

Then in the / etc / postfix directory, add a file called Header_ Checks. CD / etc / postfix // Switch to / etc / postfix This directory vi header_checks // edits this file, if no words will automatically add the following content: / ^ Received: / Hold store After exiting. Then set the /etc/mailscanner/mailscanner.conf file, set the following parameters to be: Run as user = postfixrun as group = postfixincoming queue dir = / var / spool / postfix / holdoutgoing queue dir = / var / spool two directories under the authority / postfix / incomingMTA = postfix then the / var / spool / MailScanner set to all users postfix: chown postfix.postfix / var / spool / MailScanner / incomingchown postfix.postfix / var / spool / MailScanner / quarantine Restart the service of Postfix and Mailscanner. Please note that Postfix starts first, this is different from Sendmail. Service Postfix StartStarting Postfix: [OK] Service Mailscanner StartStarting Mailscanner Daemons: Incoming Postfix: [OK] Outgoing Postfix: [OK] mailscanner: [OK] Postfix Mailscanner's configuration is successful! Method B: First install it according to the SENDMAIL-based installation step 1, 2. Then copy a postfix profile (the principle of this method is to run 2 postfix, then perform anti-virus processing while transferring); cp-rp / etc / postfix /etc/postfix.in Make sure not in incoming this postfix Reject any email: Edit /etc/postfix.in/main.cf Add the following line: Defer_Transports = SMTP Local Virtual Relay In /etc/postfix.in/main.cf file, queue_directory = / var / spool / postfix The row is changed to queue_directory = /VAR/spool/postfix.in Next, copy / var / spool / postfix, as the incoming postfix queue directory cp -rp / var / spook / postfix /var/spool/postfix.in If you create a new mkdir /var/spool/postfix.in yourself, you need to create some files and directories in this directory after INCOMing Postfix, so it is necessary to be created. Disable the normal postfix's SMTP function to ensure that all SMTPs are entry in incoming postfix. Edit /etc/postfix/master.cf, (note that this is not a postfix.in directory) adds a # in front of SMTP INET N -N - - SMTPD, and deregises its SMTP. As shown in Figure 5.

Modify the mailscanner.conf file (the default location is in / etc / mailscanner), the following sets are set. Run As User = postfixRun As Group = postfixIncoming Queue Dir = /var/spool/postfix.in/deferredOutgoing Queue Dir = / var / spool / postfix / incomingMTA = postfix modify / var / spool / MailScanner / incoming and / var / spool / MailScanner / Quarantine Permissions: chown postfix.postfix / var / spool / mailscanner / incomingchown postfix.postfix / var / spool / mailscanner / quarantine Finally restart the MailScanner service. Note, and method A, you only need to start the mailscanner service, you can use the service mailscanner startstarting mailscanner daem: incoming postfix: [ok] Outgoing Postfix: [OK] mailscanner: [ok] is successful! Note If you use this method configuration, MailQ may not correctly display mail that is sending, you need to add an alias, command to: alias mailq = '/ usr / sbin / postqueue -p -c /etc/postfix.in' is best Add this sentence to the / etc / profile so that this alias can be used each time you login. Methods A and Method B can be used in conjunction with Postfix and MailScanner. The author's experience is that the method A is relatively simple, but the signal is not as fast as method B, the reader can choose according to the actual situation. Start anti-virus software CLAMAV1. Installing CLAMAV establishing the required group ClamavGroupAdd ClamAV to establish the user ClamavuSeradd -g clamav -d / dev / null ClamAV installation CLAMAVRPM -IVH CLAMAV-0.72-1.i386.rpmpreparing ... # #### [100%] 1: CLAMAV ##### [100%] See the prompts Clamavs successfully installed 2. Modify the /etc/mailscanner/mailscanner.conf file Modified below: Virus Scanners = NONE Change to Virus Scanners = Clamav View Virus Scanning value is set to YES, if not, modified to Yes.

Then restart the mailscanner. Note: If you configure postfix with method a, you need to stop the Mailscanner service first, then restart the Postfix service, and then start the mailscanner service. Users can write a script themselves. Finally check the update_virus_scanners file under the /etc/cron.Hourly directory, pay attention to not erroneous deletion, which is a script file for regularly upgrading the viral code of Clamav, which is performed once a hour.

Third, the MailScanner configuration can prevent most of the virus attacks after MailScanner Clamav, but relative will also lose some cost, and Mail Scanner is not universal. Because many emails are written in HTML format, there will be many programs code, or the Java language, some Mailscanner identifies will not have things, but if they don't know, even if there is no virus, Will be deleted or content, or when the user is sending a letter, if the additional file file is very like a virus, it will be returned, which will cause a plaguing part, so detailed setting is very important. . All set values are included in the /etc/mailscanner/mailscanner.conf file (different system settings may vary). In the setting file, the blank line will be ignored, and the comment begins with the symbol of the beginning of "#", and the next line is comment, all the formats are as follows: option = value Many options The rule setting may also be included in a specific file, such as: filename.rules.conf and fileType.Rules.conf, you can find some of the MailScanner rules in the Rules directory in the mailscanner installation directory. The settings in MailScanner.conf look much, but don't worry, mailscanner.conf provides a lot of practical default values, you only need to modify one of them can start using Mailscanner. The author describes some of the settings that may modify in the mailscanner.conf file: Max Children default: 5 Mailscanner will make your server to effectively carry out several processes in the same time. This setting is to set the number of strokes that are simultaneously. Suppose you need to handle very much email, you can raise this number. In general, each CPU can process 5 processes simultaneously. Suppose you have four CPUs, you can set to 20. Run As User This option is to change the user who runs MailScanner (you need to pay attention, please do not use root as a user. If you use root as a user, the mailscanner permission is root authority. Once Mailscanner is over, then the hacker has ROOT permissions can you want. Don't use root privileges, hackers can only have general user privileges, relatively safe, even more secure, even more secure. This option is changed to chase the group running the Mailscanner (also not using root as a group). Incoming Queue Dir Default: /var/spool/mqueue.in MailScanner Scanned Mail Directory. Outgoing Queue Dir Default: / VAR / SPOOL / MQUEUE Mailscanner Scanned Mail Directory. MTA Default: Sendmail Specifies to use that MTA software. Virus Scanning Default: YES Scan Mail Virus? Set this option to "No" will completely close the function of the virus scan. Virus Scanners Default: NONE Specifies which anti-virus software you want to use. Note: If you want to use several software, use the space bar to separate each name. STILL DELIVER SILENT VIRUSES Default: YES If this option is set to "Yes", the detoxification mail will still send back to the original recipient, even if these addresses are selected by those infected PCs. Come out, and not those users want to receive.

Set this option to "Yes" will let your user know that your mailscanner is protecting them, but if there are many people complaining that there are too many virus notifications, then set to "no". ALLOW IFRAME TAGS Default: No You want to allow tags in HTML? Is it included in the message? Allow a variety of Microsoft Outlook security weak points are not a good idea, but if you have a lot of such letters in your letter Maybe you must set this option to "Yes", otherwise your user will probably complain. Quarantine Infections Default: YES Set the mail attachment stored infected and dangerous mail attachment, if it is not set, they will be deleted, the author recommended to set this option to "NO". Deliver Clealed Messages Default: YES When an email that has been infected with viruses is completely detoxified, if this option is set to "Yes", the message will still be sent to the original recipient. NOTIFY Senders Default: YES If this option is set to "Yes", it will pass a poison information to the original sender. Spam Checks Default: YES If this option is set to "YES", each message is confirmed whether or not the advertiser. Spam Actions Default: Deliver This option can be combined with one or more keywords to reach a way to process spam. "DELIVER" - The mail is transferred to the original recipient. "Delete" - Delete the message. "Store" - stores a message to the quarantine. "Bounce" - refunds the mail. "Forward" - provides a Forward address to the system, and the system will automatically transfer one. "Striphtml" - converts embedded HTML messages into text, you must join "Deliver" and the system will send you emails. High Scoring Spam Actions Default: Deliver This is the same as the "Spam Actions" option, but it is a message recorded as "high scoring" for spamassassin. Attachment FileName Ruleset /etc/mailscanner/filename.rules.conf file contains the attachment to determine whether any designated attachment is to be accepted or rejected, regardless of whether there is a virus in such files, for example Block all attachment file names the letter to EXE. Since many Windows mail programs (for example: Microsoft Outlook) hide the file name suffix, when a malicious attachment name may be "Safe.txt.pif", it is displayed as "Safe). .txt ", many users will think that it is a TXT file, which is safe, so even experienced users, it may open this file, but this file is an MS-DOS shortcut file, can be executed Any command, and the user does not know. Therefore, it is necessary to intercept the attachments of these possible deserial names. FileName.Rules.conf This rule file is divided into 4 fields. Every field, please remember to use the Tab key, the column is the file representing the allow / deny, and the second field is the rule of the file name, Its rules are notified using formal representations, third and fourth columns, without notice, can use the "-" symbol instead. Modifying a configuration file For example: In the default settings, Mailscanner prohibits many types of file transfer, such as: EXE files, CHM files, etc., even web content will be intercepted, so system management will re-set.</p> <p>Example 1: If you don't want the web content being blocked, then in /etc/mailscanner/mailscanner.conf this settings file, find the following three parameters: Set the allow iframe tags = no YESALLOW Script tags = no When the YESALLOW Object CodeBase Tags = NO is set to YES setting, the save disk exits, restart the mailscanner. In this way, your E-mail can send and receive an email in the HTML format. Example 2: Some of the files are in the CHM format, like illustrative files, or some book files are expanded with CHM, and the mailscanner will filter the actions for this type of file, if you want to cancel For such files, you can set the file content of the CHM to Allow in /etc/mailscanner/filename.rules.conf. Set "DENY / .CHM $" to "Allow /.chm $", after the setting is complete, the save disk leaves, restart the mailscanner you can send and receive the letter of the CHM format. Summary Using Mailscanner Sendmail (Postfix) Clamav can filter mail viruses, as well as a nice spam filtering effect. According to statistics, the mail to process by Mailscanner has more than 500 million seals per day, and approximately 2 million toxic letters are removed daily and 75 million spam, these numbers have explained that the popularity of Mailscanner is How high is. Most importantly, their performance is already compared with commercial software, but it is Open Source, which follows GPL (public copyright) development. You don't need to support any software purchase fees, you can have one Powerful anti-drug / filtering mail server system. Attachment: Five clear procedures after mail viruses, disconnect your network: Disconnect your network connection to avoid further spread of viruses. Second, the file backup: Delete the poisonous mail, then run the anti-virus software to clear, but in order to prevent anti-virus software or delete you still have not processed documents and important mail, you should first transfer them to other storage media on. Third, with anti-virus software: Since the anti-virus software focuses on the development time, the anti-virus engine is different, all kinds of anti-virus software have their own strengths and shortcomings, and the cross-use effect is ideal. When anti-virus j, please try to use two tool software to cross the cleanup. Fourth, safety handle: including the username, password, mailbox, and QQ password, password, password, mailbox, and QQ password, etc., prevent hackers from knowing your password during the last invasion. 5. Prevent mail viruses: Mail virus is actually the same as ordinary computer viruses, but because their spread paths are mainly emailed, they are called mail viruses. They typically spread through the approach of attachment entry entats, you run the virus program in this attachment to make your computer to poison. I know this, we don't have to take corresponding measures to prevent it.</p></div><div class="text-center mt-3 text-grey"> 转载请注明原文地址:https://www.9cbs.com/read-81867.html</div><div class="plugin d-flex justify-content-center mt-3"></div><hr><div class="row"><div class="col-lg-12 text-muted mt-2"><i class="icon-tags mr-2"></i><span class="badge border border-secondary mr-2"><h2 class="h6 mb-0 small"><a class="text-secondary" href="tag-2.html">9cbs</a></h2></span></div></div></div></div><div class="card card-postlist border-white shadow"><div class="card-body"><div class="card-title"><div class="d-flex justify-content-between"><div><b>New Post</b>(<span class="posts">0</span>) </div><div></div></div></div><ul class="postlist list-unstyled"> </ul></div></div><div class="d-none threadlist"><input type="checkbox" name="modtid" value="81867" checked /></div></div></div></div></div><footer class="text-muted small bg-dark py-4 mt-3" id="footer"><div class="container"><div class="row"><div class="col">CopyRight © 2020 All Rights Reserved </div><div class="col text-right">Processed: <b>0.038</b>, SQL: <b>9</b></div></div></div></footer><script src="./lang/en-us/lang.js?2.2.0"></script><script src="view/js/jquery.min.js?2.2.0"></script><script src="view/js/popper.min.js?2.2.0"></script><script src="view/js/bootstrap.min.js?2.2.0"></script><script src="view/js/xiuno.js?2.2.0"></script><script src="view/js/bootstrap-plugin.js?2.2.0"></script><script src="view/js/async.min.js?2.2.0"></script><script src="view/js/form.js?2.2.0"></script><script> var debug = DEBUG = 0; var url_rewrite_on = 1; var url_path = './'; var forumarr = {"1":"Tech"}; var fid = 1; var uid = 0; var gid = 0; xn.options.water_image_url = 'view/img/water-small.png'; </script><script src="view/js/wellcms.js?2.2.0"></script><a class="scroll-to-top rounded" href="javascript:void(0);"><i class="icon-angle-up"></i></a><a class="scroll-to-bottom rounded" href="javascript:void(0);" style="display: inline;"><i class="icon-angle-down"></i></a></body></html><script> var forum_url = 'list-1.html'; var safe_token = 'dNdTJ2neAbhGbTY3AFboSXuA17BRIWGEPXB151OWV4K4F_2BM4PYOe2o3_2B2sqvS0odaZ2cS3PXJ2YPSqt1VBP9ow_3D_3D'; var body = $('body'); body.on('submit', '#form', function() { var jthis = $(this); var jsubmit = jthis.find('#submit'); jthis.reset(); jsubmit.button('loading'); var postdata = jthis.serializeObject(); $.xpost(jthis.attr('action'), postdata, function(code, message) { if(code == 0) { location.reload(); } else { $.alert(message); jsubmit.button('reset'); } }); return false; }); function resize_image() { var jmessagelist = $('div.message'); var first_width = jmessagelist.width(); jmessagelist.each(function() { var jdiv = $(this); var maxwidth = jdiv.attr('isfirst') ? first_width : jdiv.width(); var jmessage_width = Math.min(jdiv.width(), maxwidth); jdiv.find('img, embed, iframe, video').each(function() { var jimg = $(this); var img_width = this.org_width; var img_height = this.org_height; if(!img_width) { var img_width = jimg.attr('width'); var img_height = jimg.attr('height'); this.org_width = img_width; this.org_height = img_height; } if(img_width > jmessage_width) { if(this.tagName == 'IMG') { jimg.width(jmessage_width); jimg.css('height', 'auto'); jimg.css('cursor', 'pointer'); jimg.on('click', function() { }); } else { jimg.width(jmessage_width); var height = (img_height / img_width) * jimg.width(); jimg.height(height); } } }); }); } function resize_table() { $('div.message').each(function() { var jdiv = $(this); jdiv.find('table').addClass('table').wrap('<div class="table-responsive"></div>'); }); } $(function() { resize_image(); resize_table(); $(window).on('resize', resize_image); }); var jmessage = $('#message'); jmessage.on('focus', function() {if(jmessage.t) { clearTimeout(jmessage.t); jmessage.t = null; } jmessage.css('height', '6rem'); }); jmessage.on('blur', function() {jmessage.t = setTimeout(function() { jmessage.css('height', '2.5rem');}, 1000); }); $('#nav li[data-active="fid-1"]').addClass('active'); </script>