Ajax Webmail RoundCube + uvscan + amavisd-new — 續上篇
ajax webmail 真是方便又好看,先附上 roundcube 截圖
由於這篇是續上篇所以架設環境不變只是增加了幾個套件:
OS: FreeBSD 6.3 stable
Package:
mysql50-server
apache22
postfix
postfixadmin
php5
php5-extensions
cyrus-sasl
courier-imap
此篇增加的套件:
roundcube
amavisd-new
vscan
安裝步驟:
#cd /usr/ports/mail/roundcube
#make install clean
Options for roundcube # 選 MYSQL 及 SPELLCHECK
[X] MYSQL Use MySQL backend
[X] SPELLCHECK Enable spellchecking
#mysql -u root -p
mysql>CREATE DATABASE roundcubemail;
mysql>GRANT ALL PRIVILEGES ON roundcubemail.* TO username@localhost IDENTIFIED BY ‘password’;
mysql>quit;
#cd /usr/local/www/roundcube/SQL
#mysql -u root -p roundcubemail < mysql5.initial.sql
#vi /usr/local/www/roundcube/config/db.inc.php
$rcmail_config['db_dsnw'] = ‘mysql://root:roundcube_sql_password@unix(/tmp/mysql.sock…
#vi /usr/local/www/roundcube/config/main.inc.php
$rcmail_config['default_host'] = ‘localhost‘;
$rcmail_config['default_port'] = 143;
#chmod 600 /usr/local/www/roundcube/config/*
#vi /usr/local/etc/apache22/Includes/mine.conf
Alias /roundcube “/usr/local/www/roundcube/”
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
#cd /usr/ports/security/uvscan-dat
#make install clean
#cd /usr/ports/security/vscan
#make install clean
將 update 放到 /usr/local/uvscan 並更改 crontab 來定時更新病毒碼
#vi /etc/crontab/
5 2 * * * root /usr/local/uvscan/update.sh
5 5 * * * root uvscan -vucr –secure /*
#cd /usr/ports/security/amavisd-new
#make -DWITH_POSTFIX install clean
Options for amavisd-new # 選 rar, arj … 等壓縮檔才能解壓縮檔的毒
#vi /usr/local/etc/mail/spamassassin/local.cf — 改為如下內容(下面是參考酷學園的範例)
############################################
required_hits 7
rewrite_subject 1
subject_tag *****SPAM*****
use_bayes 1
bayes_path /var/amavis/.spamassassin/bayes
auto_learn 1
auto_learn_threshold_nonspam -2
auto_learn_threshold_spam 15
skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 1
always_add_headers 0
dcc_add_header 0
report_safe 0
use_terse_report 0
spam_level_stars 1
dns_available yes
ok_languages en zh ja ko
ok_locales en zh ja ko
## disabled scores
score BASE64_ENC_TEXT 0
score DATE_IN_PAST_03_06 0
score FROM_NAME_NO_SPACES 0
score X_MSMAIL_PRIORITY_HIGH 0
score X_PRIORITY_HIGH 0
score CASHCASHCASH 3.0
score CLICK_BELOW 1.5
score FORGED_MUA_OUTLOOK 3.6
score HTML_40_50 0.8
score HTML_90_100 0
score INVALID_DATE 1.4
score MIME_LONG_LINE_QP 1.0
score MISSING_MIMEOLE 1.9
score NONEXISTENT_CHARSET 3.5
score NORMAL_HTTP_TO_IP 1.2
score NO_REAL_NAME 1.2
score OPT_IN 1.2
score RCVD_IN_RFCI 0.9
score UPPERCASE_25_50 0
score UPPERCASE_50_75 0
score UPPERCASE_75_100 0
score HEADER_8BITS 0
score HTML_COMMENT_8BITS 0
score SUBJ_FULL_OF_8BITS 0
score HEAD_ILLEGAL_CHARS 0
score SUBJ_ILLEGAL_CHARS 0
score FWD_MSG -2.0
score RCVD_FAKE_HELO_DOTCOM_2 2.0
score FROM_WEBMAIL_ENDS_IN_NUMS6 1.0
## customized scores
score TO_TXT 100
score RATWARE_HASH_2 100
score RATWARE_HASH_2_V2 100
score RATWARE_JIXING 100
score DCC_CHECK 4.000
score RAZOR2_CHECK 2.500
score BAYES_99 4.300
score BAYES_90 3.500
score BAYES_80 3.000
# auth
header __T_AUTH_LOCAL X-TeaTime-Auth-LOCAL =~ /^LOCAL/
header __T_AUTH_SASL X-TeaTime-Auth-SASL =~ /^SASL/
header __T_AUTH_NONE X-TeaTime-Auth-NONE =~ /^NONE/
meta T_AUTH_NONE (__T_AUTH_NONE)
describe T_AUTH_NONE Received from remote site without authenticated
score T_AUTH_NONE 0.001
meta T_AUTH_SASL (!__T_AUTH_NONE && __T_AUTH_SASL)
describe T_AUTH_SASL Received with authenticated user
score T_AUTH_SASL -4
meta T_AUTH_LOCAL (!__T_AUTH_LOCAL || !__T_AUTH_SASL)
describe T_AUTH_LOCAL Received from local network
score T_AUTH_LOCAL -4
##############################################
#vi /usr/local/etc/amavisd.conf — 更改部份設定如下
########################################################
$max_servers = 2; # num of pre-forked children (2..30 is common), -m
$daemon_user = ‘vscan’; # (no default; customary: vscan or amavis), -u
$daemon_group = ‘vscan’; # (no default; customary: vscan or amavis), -g
$mydomain = ‘mail.com’; # a convenient default for other settings
$TEMPBASE = “/var/tmp”; # working directory, needs to exist, -T
$ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc.
$QUARANTINEDIR = ‘/var/virusmails’; # -Q
$inet_socket_port = 10024; # listen on this local TCP port(s)
$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.2; # add ’spam detected’ headers at that level
$sa_kill_level_deflt = 6.9; # triggers spam evasive actions (e.g. blocks mail)
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
$sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From
# $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off
$penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn database)
$penpals_threshold_high = $sa_kill_level_deflt; # don’t waste time on hi spam
$bounce_killer_score = 100; # spam score points to add for joe-jobbed bounces
$virus_admin = “root\@$mydomain”; # notifications recip.
$mailfrom_notify_admin = “root\@$mydomain”; # notifications sender
$mailfrom_notify_recip = “root\@$mydomain”; # notifications sender
$mailfrom_notify_spamadmin = “root\@$mydomain”; # notifications sender
$notify_method = ’smtp:[127.0.0.1]:10025′;
$forward_method = ’smtp:[127.0.0.1]:10025′; # set to undef with milter!
########################################################
#############################
learn information
#sa-learn –dump magic (below is example)
0.000 0 3 0 non-token data: bayes db version
0.000 0 0 0 non-token data: nspam
0.000 0 26 0 non-token data: nham
0.000 0 179 0 non-token data: ntokens
0.000 0 1212376155 0 non-token data: oldest atime
0.000 0 1212388171 0 non-token data: newest atime
0.000 0 0 0 non-token data: last journal sync atime
0.000 0 0 0 non-token data: last expiry atime
0.000 0 0 0 non-token data: last expire atime delta
0.000 0 0 0 non-token data: last expire reduction count
#############################
learm spam mail
sa-learn –spam mail.eml
#############################
learm normal mail
sa-learn –ham mail.eml
#vi /usr/local/etc/postfix/main.cf — 改為下面這些設定
alias_database = hash:/usr/local/etc/postfix/aliases
alias_maps = hash:/usr/local/etc/postfix/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
disable_vrfy_command = yes
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 2048000
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = $myhostname
myhostname = test.mail.com
mynetworks = 192.168.2.0/24, 127.0.0.0/8
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
recipient_delimiter = +
relay_domains = $mydestination
relay_transport = $relay_domains
sample_directory = /usr/local/etc/postfix
setgid_group = maildrop
smtpd_banner = $myhostname ESMTP “Version not Available”
smtpd_helo_required = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = reject_unknown_sender_domain permit_mynetworks
soft_bounce = no
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:5001
virtual_mailbox_base = /var/mailbox/
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 100000000
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_transport = maildrop
virtual_uid_maps = static:5001
virtual_transport = maildrop
relay_transport = $relay_domains
maildrop_destination_recipient_limit = 1
maildrop_destination_concurrency_limit = 1
message_size_limit = 2048000
mailbox_size_limit = 0
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit = 100000000
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user’s maildir has overdrawn his diskspace quota, please try again later.
virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_overquota_bounce = yes
broken_sasl_auth_clients = yes
smtpd_helo_required = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_sender_restrictions =
reject_unknown_sender_domain
permit_mynetworks
smtpd_client_restrications =
reject_rbl_client relays.ordb.org
reject_rbl_client list.dsbl.org
smtpd_banner = $myhostname ESMTP “Version not Available”
content_filter = smtp-amavis:[127.0.0.1]:10024
#vi /usr/local/etc/postfix/master.cf — 加入下面的設定
smtp-amavis unix – – n – 2 lmtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n – n – – smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
PS:當 mysql and amavisd and postfix restart 後變可以使用有filter virus and SPAM 的功能,只是在 maillog 中會顯示類似如下訊息
warning: do not list domain ms1.mail.com in BOTH virtual_mailbox_domains and relay_domains
這時要去確認下面 mydomain and mydestination 寫法是否跟我一樣,因為當初也把 mydomain 寫上才導至有如上訊息…
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = $myhostname
重開機後就可以正常運作
