ich habe RedHat, Sendmail+Procmail, Spamassassin, Trashcan, Clamav, Sanitizer.
Ich hätte es nun gerne so, dass Spamassassin SideWide läuft, aber jeder User noch zusätzlich extra-Einstellungen vornehmen kann. Da ich nun mehr oder weniger zwei, drei HowTo's gemixt habe um keine Konfig anzupassen, wollte ich kurz fragen, ob das so i.O. ist.
in /var/spool/mail habe ich
.forward mit dem Inhalt:
Code: Select all
|IFS=' ' && exec /usr/bin/procmail -f- || exit 75 #web1
|IFS=' ' && exec /usr/bin/procmail -f- || exit 75 #web2Code: Select all
DROPPRIVS=yes
LOGFILE=/var/log/procmail
#VERBOSE=ON
SHELL=/bin/sh
STRIPPED_EXECUTABLES=/etc/stripped
#
-------------------------------------------------------------------------------------
#
# Virus scan section ...
#
#
-------------------------------------------------------------------------------------
#
# 1. Run TrashScan
:0fw
* multipart
* !^X-Virus-Scan:
| /usr/local/sbin/trashscan
#
-------------------------------------------------------------------------------------
#
# Sanitize the mail
#
-------------------------------------------------------------------------------------
#
INCLUDERC=/etc/sanitize.rc
#
-------------------------------------------------------------------------------------
#
# Spamassassin
#
#
-------------------------------------------------------------------------------------
#
:0fw
* !^X-SPAM-CHECKER-VERSION: SpamAssassin 2.63 (2004-01-11) on $yourhost
#Nicht mehr scannen wenn schon auf eurem Server gescannt
* !^X-Virus-Scan: !Suspicious!
| /usr/bin/spamc -f
# Work around procmail bug: any output on stderr will cause the "F" in
"From"
# to be dropped. This will re-add it.
:0 H
* ! ^From[ ]
* ^rom[ ]
{
LOG="*** Dropped F off From_ header! Fixing up. "
:0 fhw
| sed -e 's/^rom /From /'
}
Meine local.cnf von SA:
Code: Select all
# These values can be overridden by editing ~/.spamassassin/user_prefs.cf
# (see spamassassin(1) for details)
# These should be safe assumptions and allow for simple visual sifting
# without risking lost emails.
# SpamAssassin config file for version 2.5x
# generated by http://www.yrex.com/spam/spamconfig.php (version 1.01)
# How many hits before a message is considered spam.
required_hits 5.0
# Whether to change the subject of suspected spam
rewrite_subject 1
# Text to prepend to subject if rewrite_subject is used
subject_tag *****SPAM*****
# Encapsulate spam in an attachment
report_safe 1
# Use terse version of the spam report
use_terse_report 0
# Enable the Bayes system
use_bayes 1
# Enable Bayes auto-learning
auto_learn 1
# Enable or disable network checks
skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 1
# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
# - german
ok_languages de
# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
Die Datei stripped in /etc
Code: Select all
*.asd
*.bat
*.chm
*.cil
*.cmd
*.com
*.cpl
*.dll
*.exe
*.hlp
*.hta
*.js
*.lnk
*.nws
*.ocx
*.pif
*.reg
*.scr
*.sh[bs]
*.vb
*.vb[se]
*.ws[cfh]
*.[a-z][a-z][a-z0-9].exe
*.[a-z][a-z][a-z0-9]s+.exe
*.[a-z][a-z].(?=[a-z0-9]+$)(?!(doc$|rtf$|xls$))
*.[a-z][a-z]s+.(?=[a-z0-9]+$)(?!(doc$|rtf$|xls$))
*.[a-z][a-z][a-z0-9].(?=[a-z0-9]+$)(?!(doc$|rtf$|xls$))
*.[a-z][a-z][a-z0-9]s+.(?=[a-z0-9]+$)(?!(doc$|rtf$|xls$))
*s+.exe
[0-9]+-i386-update.exe
.*romeo.exe
alyssa?s?here?.exe
amateurs.exe
anal.exe
anna.exe
anniv.doc
anti_cih.exe
anti_terrorism.exe
antivirus.exe
ants[0-9]+set.exe
aol4free.com
asian.exe
atchim.exe
avp[0-9].[0-9].exe
avp_updates.exe
babylonia.exe
badass.exe
bar.exe
binladen_bra[sz]il.exe
black.exe
blancheneige.exe
blonde.exe
boys.exe
buhh.exe
celebrity?rape.exe
cheerleader.exe
chocolate.exe
christmas.exe
comical_story.doc
common.exe
compu_ma.exe
creative.exe
cum.exe
cumshot.exe
*demo*.exe
disk.exe
doctor.exe
doggy.exe
dwarf4you.exe
emanuel.exe
enanito?fisgon.exe
enano.exe
enano?porno.exe
euro.exe
famous.exe
files.exe
fist-f?cking.exe
gay.exe
girls.exe
happy[0-9]+.exe
hardcore.exe
honey.exe
horny.exe
hot.exe
hottest.exe
i-watch-u.exe
ibmls.exe
ie[0-9]+.exe
images_zipped.exe
*install*.exe
invoice.exe
javascript.exe
jesus.exe
joke.exe
kinky.exe
leather.exe
led.exe
lesbians.exe
list.doc
lovers.exe
luckey.exe
masyanya.exe
matcher.exe
messy.exe
missworld.exe
misworld.exe
mkcompat.exe
mmsn_offline.htm
ms[0-9-]+.exe
mwld.exe
mwrld.exe
nakedwife.exe
navidad.exe
ntkrnl.exe
oains.exe
oral.exe
orgy.exe
*password.exe
*patch*.exe
path.xls
photos17.exe
picture.exe
pippo.exe
pleasure.exe
porkis.exe
pretty?park.exe
prettypark.exe
q[0-9][0-9][0-9]+.exe
qi_test.exe
quake4demo.exe
raquel?darian.exe
readme.exe
rede.exe
romeo.exe
sado.exe
sample.exe
seicho_no_ie.exe
serialz.hlp
*setup*.exe
sex.exe
sexy.exe
shake.exe
si.exe
slut.exe
sm.exe
sodomized.exe
softwarekey.exe
sslpatch.exe
story.doc
suck.exe
sulfnbk.exe
suppl.doc
surprise!.exe
suzete.exe
tattoo.exe
teens.exe
tettona.exe
teuro.exe
*update*.exe
*upgrade*.exe
userconf.exe
virgins.exe
whatever.exe
wtc.exe
x-mas.exe
xena.exe
xuxa.exe
xxxpic*.exe
y2kcount.exe
yahoo.exe
yawsetup.exe
zacker.exe
zipped_files.exe
?.exe
Code: Select all
#
# procmail configuration for TrashScan: ZapCoded by Trashware; 13.10.2002
#
# [ ... ]
# ------------------------------------------------------------------------------------- #
# Virus scan section ... #
# ------------------------------------------------------------------------------------- #
# 1. Run TrashScan
:0
* multipart
* !^X-Virus-Scan:
| /usr/local/sbin/trashscan
# 2. Filter tagged virus mails
:0:
* ^X-Virus-Scan: Suspicious
/dev/null
Code: Select all
# SpamAssassin sample procmailrc
#
# Pipe the mail through spamassassin (replace 'spamassassin' with 'spamc'
# if you use the spamc/spamd combination)
# The condition line ensures that only messages smaller than 250 kB
# (250 * 1024 = 256000 bytes) are processed by SpamAssassin. Most spam
# isn't bigger than a few k and working with big messages can bring
# SpamAssassin to its knees.
:0fw
* < 256000
| /usr/local/bin/spamassassin
--prefs-file=/home/web1/.spamassassin/user_prefs
# All mail tagged as spam (eg. with a score higher than the set threshold)
# is moved to "/dev/null".
#:0:
#* ^X-Spam-Status: Yes
#/dev/null
# Work around procmail bug: any output on stderr will cause the "F" in "From"
# to be dropped. This will re-add it.
:0
* ^^rom[ ]
{
LOG="*** Dropped F off From_ header! Fixing up. "
:0 fhw
| sed -e '1s/^/F/'
}
und nochmals eine .procmailrc
Code: Select all
INCLUDERC=/home/web1/.html-trap.rc
INCLUDERC=/home/web1/.spamassassin.rc
:0
* ^From.*MAILER-DAEMON
./MAILERRORS
#
#----------------------------------------
# Regel 1: spam
:0
* ^Subject.*SPAM
spam
INCLUDERC=/home/web1/.antivirus.rc
Im Verzeichnis tmp der User liegen nun Mails von Trashcan. Spam-Mails werden als solche erkannt und auch entsprechend markiert. Im Head der Mails steht auch, dass sie virengescannt wurden.
Mail-Header:
Code: Select all
Message-Id: <100001c46a74$5b0da7ef$0d98c6d3@bullshit-artist.com>
X-Spam-Flag: YES
X-Spam-Status: Yes, hits=7.3 required=5.0
tests=AWL,HTML_30_40,HTML_FONT_FACE_BAD,HTML_FONT_FACE_ODD,
HTML_MESSAGE,MIME_LONG_LINE_QP,RCVD_IN_NJABL,RCVD_IN_ORBS,
UNDESIRED_LANGUAGE_BODY
version=2.55
X-Spam-Level: *******
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
MIME-Version: 1.0
X-Security: message sanitized on meinserver.de
See http://www.impsec.org/email-tools/sanitizer-intro.html
for details. $Revision: 1.143 $Date: 2004-04-10 09:05:42-07
X-Security: The postmaster has not enabled quarantine of poisoned messages.
Content-Type: multipart/mixed; boundary="----------=_4103BE2C.F86CC90C"Ich hoffe ich hab erstmal alle nötigen Infos gepostet. So gut kenne ich mich leider nicht aus, aber ich bin am Lernen, dass ich irgendwann mal einen Produktivserver konfigurieren kann...
thx in advance
p.s. sehe gerade, dass in dieser Header-Datei der Virus-Scan fehlt, also füge ich den als INCLUDER wieder ein und erhalte ich den Kopfzeilen nun zusätzlich:
X-Virus-Scan: Scanned by TrashScan v0.12 running on meinserver.de