diff --git a/DOC/amavis_clamav_sa.install b/DOC/amavis_clamav_sa.install new file mode 100644 index 0000000..72fd707 --- /dev/null +++ b/DOC/amavis_clamav_sa.install @@ -0,0 +1,1441 @@ +## --------------------------------------------------- ## +## --- Install AMaViS with ClamAV and Spamassassin --- ## +## --------------------------------------------------- ## + +## - mx.warenform.de +## - +_db_type=pgsql +#_db_type=mysql +#_db_type='mysql' +_db_name='postfix' +_db_user='postfix' +_db_pass='CbX8vg347Vvm' +_db_host='/var/run/postgresql' +_db_host='localhost' + +_quarantine_dir=/var/QUARANTINE +## - !! Don't use doppel quotes (") here !! +_quarantine_admin='postmaster\@$mydomain'; +## - +## - END: mx.warenform.de + +## - a.mx.oopen.de +## - +_ipv4_address=83.223.86.91 +_db_type=pgsql +#_db_type=mysql +#_db_type='mysql' +_db_name='postfix' +_db_user='postfix' +_db_pass='FKt4z55FxMZp' +_db_host='/var/run/postgresql' +_db_host='localhost' + +_quarantine_dir=/var/QUARANTINE +## - !! Don't use doppel quotes (") here !! +_quarantine_admin='postmaster\@$mydomain'; +## - +## - END: a.mx.oopen.de + +## - b.mx.oopen.de +## - +_ipv4_address=83.223.86.162 +_quarantine_dir=/var/QUARANTINE +## - !! Don't use doppel quotes (") here !! +_quarantine_admin='postmaster\@$mydomain'; +## - +## - END: b.mx.oopen.de + +## - listserver.so36.net +## - +_ipv4_address=83.223.73.213 + +_quarantine_dir=/var/QUARANTINE +## - !! Don't use doppel quotes (") here !! +_quarantine_admin='postmaster\@$mydomain'; +## - +## - END: listserver.so36.net + +## - d.mx.oopen.de +## - +_ipv4_address=83.223.86.92 + +_quarantine_dir=/var/QUARANTINE +## - !! Don't use doppel quotes (") here !! +_quarantine_admin='postmaster\@$mydomain'; +## - +## - End: d.mx.oopen.de + + +## - mail.interventionistische-linke.org +## - +_ipv4_address=83.223.85.214 +_db_type=pgsql +#_db_type=mysql +#_db_type='mysql' +_db_name='postfix' +_db_user='postfix' +_db_pass='NcXxt7sf7bfV' +_db_host='/var/run/postgresql' +_db_host='localhost' + +_quarantine_dir=/var/QUARANTINE +## - !! Don't use doppel quotes (") here !! +_quarantine_admin='postmaster\@$mydomain'; +## - +## - END: mail.interventionistische-linke.org + +## - mx03.so36.net +## - +_ipv4_address=83.223.73.205 + +_quarantine_dir=/var/QUARANTINE +## - !! Don't use doppel quotes (") here !! +_quarantine_admin='postmaster\@$mydomain'; +## - +## - End: mx03.so36.net + +if [ "$_db_type" = "postgres" -o "$_db_type" = "postgresql" -o "$_db_type" = "pgsql" -o "$_db_type" = "psql" ];then + _db_type=Pg +fi + +## -- wheezy +## - +apt-get install apt-listchanges libnet-ldap-perl libauthen-sasl-perl dspam libsnmp-perl + +## - Package "dspam" is not yet supported by debian jessie +## - +## - jessie +## - +apt-get install apt-listchanges libnet-ldap-perl libauthen-sasl-perl libsnmp-perl + + +## - prerequisites: AMaViS mit Spamassassin und ClamAV +## - + +## - amavis +## - +apt-get install amavisd-new +## - Empfohlen: +apt-get install cabextract clamav clamav-daemon lhasa libzeromq-perl lzop nomarch p7zip rpm spamassassin unrar + + +## - spamassassin +## - +## - debian wheezy +## - +apt-get install -t wheezy-backports spamassassin razor pyzor libio-socket-ssl-perl \ + libdbi-perl libmail-dkim-perl libmail-spf-perl \ + libgeo-ipfree-perl libnet-ident-perl \ + libio-zlib-perl libio-string-perl \ + ftp ncftp less + +## - debian jessie +## - +apt-get install spamassassin razor pyzor libio-socket-ssl-perl \ + libdbi-perl libmail-dkim-perl libmail-spf-perl \ + libgeo-ipfree-perl libnet-ident-perl \ + libio-zlib-perl libio-string-perl \ + ftp ncftp less + + + +## - If MySQL/PostgreSQL was installed from debian package system, install also perl +## - modules "DBI" and DBD::mysql/DBD::Pg from debian package system +## - +if [ "$_db_type" = "Pg" -o "$_db_type" = "postgres" ]; then + apt-get install libdbd-pgsql libdbd-pg-perl libdbi-perl libdbi-dev +else + apt-get install libdbd-mysql libdbd-mysql-perl libdbi-perl libdbi-dev +fi + +## - If MySQL/PostgreSQL was installed from source, install perl modules "DBI" and +## - "DBD::mysql" via cpan +## - +cpan -i DBI +cpan -i DBD::mysql +## - or +cpan -i DBD::Pg + + +## - Clamav +## - + +## - wheezy +## - +apt-get install -t stable-updates clamav clamav-base clamav-daemon clamav-docs \ + clamav-freshclam libclamunrar6 + +## - Jessie +## - +apt-get install clamav clamav-base clamav-daemon clamav-docs \ + clamav-freshclam libclamunrar7 + +#apt-get install clamav clamav-base clamav-daemon clamav-docs \ +# clamav-freshclam libclamunrar6 + +## - It's very important to install the GMP package because it allows +## - freshclam (a ClamAV component) to verify the digital signatures of +## - the virus databases. +## - +#apt-get install libgmp3c2 libgmp3-dev +apt-get install libgmp-dev libgmp10 + + +/etc/init.d/clamav-daemon stop +/etc/init.d/clamav-freshclam stop + +freshclam + +/etc/init.d/clamav-daemon start +/etc/init.d/clamav-freshclam start + + + +## - User/Group Permissions +## - +#usermod -a -G debian-spamd amavis +#usermod -a -G amavis debian-spamd + +## - add user clamav to group amavis in order to giv clamav the needed +## - rights to e-mails +## - +## - Notice !! +## - UNTIL debia wheezy take also care, that option "AllowSupplementaryGroups true" is set +## - (/etc/clamav/clamd.conf) +## - +## - Do NOT set this option on debian jessie or later +## - + f [[ $? -eq 0 ]] ; then + echo_ok +else + echo_failed +fi +usermod -a -G amavis clamav +/etc/init.d/clamav-daemon restart +/etc/init.d/clamav-freshclam restart + + + + +## --------------- ## +## --- AMaViS --- ## +## --------------- ## + +## - load some decoders +## +apt-get install tnef zoo cabextract freeze lzop rpm alien \ + tar pax rar unrar p7zip-full zip unzip ripole arj cpio arc \ + bzip2 binutils nomarch p7zip-rar p7zip unrar-free lhasa \ + libzeromq-perl + +## - Debian wheezy - lha is not available on debian wheezy +## - +apt-get install apt-listchanges libnet-ldap-perl \ + libauthen-sasl-perl dspam libsnmp-perl + +## - Debian jessie - dspam is no longer supported +## - +apt-get install apt-listchanges libnet-ldap-perl \ + libauthen-sasl-perl libsnmp-perl lhasa libdigest-sha-perl + + +## - Install via cpan +## - +## - Digest::SHA1 +## - Encode::Detect +## - Net::Patricia +apt-get install g++ +cpan -i CPAN +cpan -i Digest::SHA1 +cpan -i Digest::SHA2 +cpan -i Digest::SHA256 +cpan -i Encode::Detect +cpan -i Net::Patricia + + +## - Quarantine Directories +## - +mkdir -p ${_quarantine_dir}/{spam,virus,banned,bad-headers,spammy} +chown -R amavis:amavis $_quarantine_dir +chmod 750 $_quarantine_dir +chmod 750 ${_quarantine_dir}/{spam,virus,banned,bad-headers,spammy} + + +## - configure amavis in /etc/amavis/conf.d +## - +## - write all changes and customization to a seperate +## - file named "50-user", which will load at end of +## - configuration and overwrites the (debian)-default values +## - +cp /etc/amavis/conf.d/50-user ~/etc_amavis_conf.d_50-user.ORIG + + +## - write file /etc/amavis/conf.d/50-user +## - +cat > /etc/amavis/conf.d/50-user < [1], +# bypass_header_checks_maps => [1], +# final_spam_destiny => D_PASS, +# $final_bad_header_destiny = D_PASS, +#}; + + +## - 7 instances seems to be a good value. +## - +\$max_servers = 7; + + +## - overrides settings in 01-debian +## - + +\$unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat']; #disabled (non-free, no security support) +\$unrar = ['rar', 'unrar']; #disabled (non-free, no security support) +\$lha = 'lha'; #disabled (non-free, no security support) +\$tnef = 'tnef'; + + +## - overrides settings in 15-content_filter_mode +## - + +## - Default antivirus checking mode +## - +@bypass_virus_checks_maps = ( + \%bypass_virus_checks, \@bypass_virus_checks_acl, + \$bypass_virus_checks_re); + + +## - Default SPAM checking mode +## - +@bypass_spam_checks_maps = ( + \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); + + +## - overrides settings in 20-debian_defaults +## - + + +\$final_virus_destiny = D_DISCARD; # (data not lost, see virus quarantine) +\$final_banned_destiny = D_DISCARD; # D_REJECT when front-end MTA +#\$final_spam_destiny = D_DISCARD; +\$final_spam_destiny = D_BOUNCE; +#\$final_bad_header_destiny = D_PASS; # False-positive prone (for spam) + +\$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level +\$sa_tag2_level_deflt = 5.1; # add 'spam detected' headers at that level + +## - user / domain specific settings +## - example for \$sa_tag2_level_deflt: +## - +#\$sa_tag2_level_deflt = { +# # oopen.de +# 'oopen.de'=>'2.1', +# 'ckubu@oopen.de'=>'2.2', +# 'argus@oopen.de'=>'2.3', +# # k8h.de +# 'k8h.de'=>'6.5', +# # default +# '.'=>'5.1' +#}; + +\$sa_kill_level_deflt = 10.31; # reject/bounce/discard/pass +#\$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent + +## - We will inform the sender about bouncing his mail with a DSN (Delivery +## - StatusNotification). That DSN message will no be send, if the spamvalue +## - exceeds the value of sa_dsn_cutoff_level +## - +\$sa_dsn_cutoff_level = 20; + + +## - change the default server response if mail was blocked +## - because of spam. +## - +## - results in (is an example): +## - : host 127.0.0.1[127.0.0.1] said: 554 5.7.0 Reject, Mailserver +## - at a.mx.oopen.de: identified as SPAM - (in reply to end of DATA command) +## - +%smtp_reason_by_ccat = ( + CC_SPAM, "Mailserver at \$myhostname: identified as SPAM - %x" +); + +\$sa_spam_subject_tag = undef; +#\$sa_spam_subject_tag = '***SPAM*** '; + + +## - QUARANTINE +## - +\$QUARANTINEDIR = "$_quarantine_dir"; +\$quarantine_subdir_levels = 0; + + +## - don't store mails in quarantine directory +## - +#\$virus_quarantine_method = undef; +#\$spam_quarantine_method = undef; +#\$banned_files_quarantine_method = undef; +#\$bad_header_quarantine_method = undef; + +## - store mails in quarantine directory +## - +\$virus_quarantine_method = 'local:virus/virus-%m'; +\$spam_quarantine_method = 'local:spam/spam-%m.gz'; +\$banned_files_quarantine_method = 'local:banned/banned-%m'; +\$bad_header_quarantine_method = 'local:bad-headers/badh-%m'; +\$clean_quarantine_method = undef; +\$archive_quarantine_method = undef; + +#\$virus_admin ="$_quarantine_admin"; +#\$spam_admin = "$_quarantine_admin"; +#\$banned_admin = "$_quarantine_admin"; +#\$bad_header_admin = "$_quarantine_admin"; +\$virus_admin = undef; +\$spam_admin = undef; +\$banned_admin = undef; +\$bad_header_admin = undef; + + +# Pass SPAMMY but quarantine and inform admin +# +\$quarantine_to_maps_by_ccat{+CC_SPAMMY} = \\@spam_quarantine_to_maps ; +\$quarantine_method_by_ccat{+CC_SPAMMY} = 'local:spammy/spammy-%m.gz' ; +\$final_destiny_by_ccat{+CC_SPAMMY} = D_PASS ; +\$admin_maps_by_ccat{+CC_SPAMMY} = sub { ca('spam_admin_maps') }; + + +# Bypass spam checking fro trusted networks using mynetworks +# +# list of trusted IPs: +# +# - b.mx.oopen.de (83.223.86.162 [2a01:30:1fff:a::162]) +# +#\@mynetworks = qw( 127.0.0.0/8 [::1] 83.223.86.162 [2a01:30:1fff:a::162] ); +# +#\$policy_bank{'MYNETS'} = { # clients in @mynetworks +# bypass_spam_checks_maps => [1], # don't spam-check internal mail +# bypass_header_checks_maps => [1], # don't header-check internal mail +# final_spam_destiny => D_PASS, +# final_bad_header_destiny => D_PASS, +# #remove_existing_x_scanned_headers => undef, +# #remove_existing_spam_headers => undef, +#}; +#\$remove_existing_x_scanned_headers = 0; +#\$remove_existing_spam_headers = 0; + +# allow all mail from local IPs: +#\$policy_bank{'MYNETS'} = { # clients in @mynetworks +# bypass_spam_checks_maps => [1], # don't spam-check internal mail +# bypass_header_checks_maps => [1], # don't header-check internal mail +# final_spam_destiny => D_PASS, +# final_bad_header_destiny => D_PASS, +#}; + + +## - Amavisd-New scans all mail passing through it for viruses, but will +## - only hand mail for local delivery off to SA for checking - you tell +## - it which domains are local using the @local_domains_maps variable, +## - which by default is set to the value of $mydomain & its subdomains: +## - +#@local_domains_maps = ( [".$mydomain"] ); + + +## - get rid of "Open Relay" warnings in amavis logfile. +## - +\$interface_policy{'10024'} = 'ORIGINATING'; +\$policy_bank{'ORIGINATING'} = { + originating => 1, # declare that mail was submitted by our smtp client +}; + +## - If you get am error like: +## - +## - amavis[9766]: () (!)DENIED ACCESS from IP $_ipv4_address, policy bank 'ORIGINATING' +## - +## - you must add your ip address to @inet_acl +## - +#@inet_acl = qw( 127.0.0.1 [::1] $_ipv4_address ); +#\$inet_socket_bind = undef; + +EOF + + +if [ "$_db_type" = "Pg" ]; then + + cat >> /etc/amavis/conf.d/50-user <> /etc/amavis/conf.d/50-user <> /etc/amavis/conf.d/50-user < syslog; false (e.g. 0) => logging to file +\$DO_SYSLOG = 1; # (defaults to 0) + +\$syslog_ident = 'amavis'; # Syslog ident string (defaults to 'amavis') +#\$syslog_facility = 'mail'; # Syslog facility as a string +\$syslog_facility = 'local0'; # Syslog facility as a string + # e.g.: mail, daemon, user, local0, ... local7, ... +\$syslog_priority = 'debug'; # Syslog base (minimal) priority as a string, + # choose from: emerg, alert, crit, err, warning, notice, info, + # debug + +# Log file (if not using syslog) +#\$LOGFILE = "/var/log/amavis.log"; # (defaults to empty, no log) + +#NOTE: levels are not strictly observed and are somewhat arbitrary +# 0: startup/exit/failure messages, viruses detected +# 1: args passed from client, some more interesting messages +# 2: virus scanner output, timing +# 3: server, client +# 4: decompose parts +# 5: more debug details +\$log_level = 1; # (defaults to 0), -d + + +## - amavis add a tag "***UNCHECKED***" if mail was not +## - checked. to get rid of that tag add: +## - +\$undecipherable_subject_tag = undef; + + +## - get rid of warning messages to postmaster if content is unchecked (that occurs +## - i.e. if mail is encrypted +## - +delete \$admin_maps_by_ccat{&CC_UNCHECKED}; + + +## - Replace "localhost" in the mailheader +## - +\$localhost_name = "amavis.`hostname -f`"; + +## - DKIM +## - +#\$enable_dkim_verification = 1; # enable DKIM signatures verification +#\$enable_dkim_signing = 1; # load DKIM signing code, keys defined by dkim_key +#dkim_key('oopen.de', 'main', '/etc/amavis/dkim/dkim-key.pem'); +#dkim_key('mbr-berlin.de', 'main', '/etc/amavis/dkim/dkim-key.pem'); +#dkim_key ... +#\@dkim_signature_options_bysender_maps = ( +# { '.' => { ttl => 21*24*3600, c => 'relaxed/simple' } } ); + + + +#------------ Do not modify anything below this line ------------- +1; # ensure a defined return +EOF + +chmod 644 /etc/amavis/conf.d/50-user + + +## - Notice: +## - you can realise domain or email-address specific spam levels. to do so +## - change at /etc/amavis/conf.d/50-user the directive "$sa_tag2_level_deflt" +## - +## - for example set: +## - +## - $sa_tag2_level_deflt = { +## - # warenform.com +## - 'warenform.com'=>'2.1', +## - 'chris@warenform.com'=>'2.2', +## - 'christian@warenform.com'=>'2.3', +## - # asap-log.com +## - 'asap-log.com'=>'6.5', +## - # jongleur-till.de +## - 'jongleur-till.de'=>'6.5', +## - # default +## - '.'=>'5.31' +## - }; + + +## - Configure syslogd matching the configuration od amavisd +## - +cat << EOF > /etc/rsyslog.d/amavis.conf +## - amavis +## - +local0.* -/var/log/amavis.log +& ~ +EOF + +/etc/init.d/rsyslog restart + + +## - forward emails to amavis using "Pre-Queue" Option smtpd_proxy_filter +## - +## - edit /etc/postfix/master.cf and add flags for "smtpd_proxy_filter" (to +## - forward to amavis service on localhost port 10024) and for "content_filter" +## - (to avoid rechecking by "Post-Queue" content_filter) to smtp service +## - +## - smtp inet n - - - - smtpd +## - -o smtpd_proxy_filter=127.0.0.1:10024 +## - -o content_filter= +## - +## - take care, that, in case NOT to reject, amavis fowards the mail to the +## - MTA (Postfix) for delivering. To avoid loops in checking, install a +## - (Postfix) smtpd service on a local Port (10025) without checking anymore +## - +## - to do this edit /etc/postfix/master.cf and add service: +## - +## - localhost:10025 inet n - - - - smtpd +## - -o content_filter= +## - -o smtpd_proxy_filter= +## - -o smtpd_authorized_xforward_hosts=127.0.0.0/8 +## - -o smtpd_client_restrictions= +## - -o smtpd_helo_restrictions= +## - -o smtpd_sender_restrictions= +## - -o smtpd_recipient_restrictions=permit_mynetworks,reject +## - -o smtpd_data_restrictions= +## - -o mynetworks=127.0.0.0/8,<$_ipv4_address/32> +## - -o receive_override_options=no_unknown_recipient_checks +## - +vim /etc/postfix/master.cf + + +## - install logrotate-script for amavis +## - +cat < /etc/logrotate.d/amavis +/var/log/amavis.log { + daily + start 0 + rotate 7 + missingok + compress + delaycompress + notifempty + create 644 amavis amavis + copytruncate +} +EOF + +touch /var/log/amavis.log +chmod 644 /var/log/amavis.log +chown amavis:amavis /var/log/amavis.log + +/etc/init.d/amavis restart +/etc/init.d/postfix stop +/etc/init.d/postfix start + + +## - Add a crontab to cleanup the quarantine folder +## - +crontab -l > /tmp/tmp_crontab + +cat << EOF >> /tmp/tmp_crontab + + +# - Remove old quarantined messages (>30 days). +# - +# - Spam +0 3 * * * find ${_quarantine_dir}/spam -type f -name "spam-*" -mtime +30 -exec rm {} \; +# - Spammy +0 3 * * * find /var/QUARANTINE/spammy -type f -name "spammy-*" -mtime +30 -exec rm {} \; +# - Virus +0 3 * * * find ${_quarantine_dir}/virus -type f -name "virus-*" -mtime +30 -exec rm {} \; +# - Banned files +0 3 * * * find ${_quarantine_dir}/banned -type f -name "banned-*" -mtime +30 -exec rm {} \; +# - Bad headers +0 3 * * * find ${_quarantine_dir}/bad-headers -type f -name "badh-*" -mtime +30 -exec rm {} \; +EOF +crontab /tmp/tmp_crontab +rm /tmp/tmp_crontab + + +## -------------- ## +## --- ClamAV --- ## +## -------------- ## + +## - i prefer to install clamav ( and the update daemon freshclam from +## - debian packages, because of better possibilities to update the programm +## - application. this is useful only if these packages are actual. so i +## - add the following entry to file /etc/apt/sources.list: +## - ## ClamAV +## - http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free +## + +## - Add cronjob for updating clamav packages +## - +## - 03 0 * * * /usr/bin/apt-get update > /dev/null ; PATH=/bin:/sbin:/usr/bin:/usr/sbin /usr/bin/apt-get -y install clamav clamav-base clamav-docs clamav-daemon clamav-freshclam > /dev/null +## - +crontab -l > /tmp/tmp_crontab +echo "" >> /tmp/tmp_crontab +echo "# - update virus database and software ( clamav)" >> /tmp/tmp_crontab +echo "# -" >> /tmp/tmp_crontab +echo "03 0 * * * /usr/bin/apt-get update > /dev/null ; PATH=/bin:/sbin:/usr/bin:/usr/sbin /usr/bin/apt-get -y install -t stable-updates clamav clamav-base clamav-docs clamav-daemon clamav-freshclam > /dev/null" >> /tmp/tmp_crontab +crontab /tmp/tmp_crontab +rm /tmp/tmp_crontab + + +## - ClamAV Unofficial Signatures +## - +## - Use ClamAV Unofficial Signatures Updater: +## - https://github.com/extremeshok/clamav-unofficial-sigs/releases +## - +## - See readme file: +## - https://github.com/extremeshok/clamav-unofficial-sigs +## - + +apt-get install socat +cpan -i IO::Socket::UNIX + +cd /tmp +git clone https://github.com/extremeshok/clamav-unofficial-sigs.git + +cd clamav-unofficial-sigs + +cp clamav-unofficial-sigs.sh /usr/local/sbin/ +chmod 755 /usr/local/sbin/clamav-unofficial-sigs.sh + +mkdir /var/log/clamav-unofficial-sigs +mkdir /etc/clamav-unofficial-sigs +cp config/* /etc/clamav-unofficial-sigs/ + +cd /etc/clamav-unofficial-sigs/ + +## - For Debian Wheezy (Debian 7) +## - +cp /etc/clamav-unofficial-sigs/os.debian7.conf /etc/clamav-unofficial-sigs/os.conf + +## - Edit /etc/clamav-unofficial-sigs/os.conf and make changes if needed +## - +## - Maybe the following changes are needed: +## - clam_user="clamav" +## - clam_group="clamav" +## - +## - clamd_pid="/var/run/clamav/clamd.pid" +## - +## - clamd_socket="/var/run/clamav/clamd.ctl" +## - +perl -i -n -p -e "s#^([ ]*\ *)(clam_user=.*)#\#\#\1\2\nclam_user=\"clamav\"#" /etc/clamav-unofficial-sigs/os.conf +perl -i -n -p -e "s#^([ ]*\ *)(clam_group=.*)#\#\#\1\2\nclam_group=\"clamav\"#" /etc/clamav-unofficial-sigs/os.conf +perl -i -n -p -e "s#^([ ]*\ *)(clamd_pid=.*)#\#\#\1\2\nclamd_pid=\"/var/run/clamav/clamd.pid\"#" \ + /etc/clamav-unofficial-sigs/os.conf +perl -i -n -p -e "s#^([ ]*\#?\ *)(clamd_socket=.*)#\#\#\1\2\nclamd_socket=\"/var/run/clamav/clamd.ctl\"#" \ + /etc/clamav-unofficial-sigs/os.conf + + +## - For Debian Jessie (Debian 8) +## - +cp /etc/clamav-unofficial-sigs/os.debian8.conf /etc/clamav-unofficial-sigs/os.conf + +## - Edit /etc/clamav-unofficial-sigs/os.conf and make changes if needed +## - +## - Maybe the following changes are needed: +## - clamd_pid="/var/run/clamav/clamd.pid" +## - +## - clamd_restart_opt="systemctl restart clamav-daemon" +## - clamd_reload_opt="systemctl reload clamav-daemon +## - +## - clamd_socket="/var/run/clamav/clamd.ctl" +## - +perl -i -n -p -e "s#^([ ]*\ *)(clamd_pid=.*)#\#\#\1\2\nclamd_pid=\"/var/run/clamav/clamd.pid\"#" \ + /etc/clamav-unofficial-sigs/os.conf +perl -i -n -p -e "s#^([ ]*\#?\ *)(clamd_restart_opt=.*)#\#\#\1\2\nclamd_restart_opt=\"systemctl restart clamav-daemon\"\nclamd_reload_opt=\"systemctl reload clamav-daemon\"#" \ + /etc/clamav-unofficial-sigs/os.conf +perl -i -n -p -e "s#^([ ]*\#?\ *)(clamd_socket=.*)#\#\#\1\2\nclamd_socket=\"/var/run/clamav/clamd.ctl\"#" \ + /etc/clamav-unofficial-sigs/os.conf + + +## - Edit /etc/clamav-unofficial-sigs/user.conf +## - +## - Disable Yara-Rule Project because of a lot of "false positive" matches, +## - for example some pgp/gpg mails matches the Rules: +## - +## - Javascript_exploi~d_obfuscation.yar: possible_includes_base64_packed_functions +## - +## - The following change is required: +## - user_configuration_complete="yes" +## - +perl -i -n -p -e "s#^([ ]*\#\#*\ *)(user_configuration_complete=.*)#\#\# - Disable Yara-Rule set, because (some?) pgp mails where blocked.\n\#\# -\nyararulesproject_enabled=\"no\"\n\n\n\1\2#" \ + /etc/clamav-unofficial-sigs/user.conf + +perl -i -n -p -e "s#^([ ]*\#\#*\ *)(user_configuration_complete=.*)#\#\#\1\2\nuser_configuration_complete=\"yes\"#" \ + /etc/clamav-unofficial-sigs/user.conf + +## - Maybe you want include "MalwarePatrol Free/Delayed" or +## - "SecuriteInfo Free/Delayed" list support. Both are not enabled by default, +## - and for both you have to sign up for an account. Free accounts are +## - available. +## - +## - See Readme.md file for further instructions. +## - + +## - Only if Systemd is used (as in debian 8) +## - +cp /tmp/clamav-unofficial-sigs/systemd/* /etc/systemd/ + + +/usr/local/sbin/clamav-unofficial-sigs.sh --install-cron +/usr/local/sbin/clamav-unofficial-sigs.sh --install-logrotate +/usr/local/sbin/clamav-unofficial-sigs.sh --install-man + + +## - First Usage +## - +## - Run the script once as your superuser to set all the permissions and create the relevant directories +## - +## - Notice! +## - Don't forget to oopen TCP Port 873 and TCP Port 443 + +## - +/usr/local/sbin/clamav-unofficial-sigs.sh + +cd +rm -rf /tmp/clamav-unofficial-sigs + + +## -------------------- ## +## --- Spamassassin --- ## +## -------------------- ## + +apt-get install libimage-info-perl libnet-cidr-lite-perl \ + libdbd-pgsql libgeo-ip-perl geoip-bin libgeoip-dev geoip-database + +apt-get install re2c + + + +## - Pyzor configuration +## - +## - Here we supply the hostname of the Pyzor server to Pyzor (for both the +## - 'root' and 'amavis' users). This will create a .pyzor directory in both +## - user's home directories, and place the server's hostname in a 'servers' file +## - therein: +pyzor discover +su amavis -c 'pyzor discover' + +## -Test the pyzor server for a response: +pyzor ping +su amavis -c 'pyzor ping' + + +## - Pyzor Ping should show 'OK'. If not, then it's possible your firewall is +## - blocking udp replies from 82.94.255.100 or 188.40.77.236 (public.pyzor.org +## - port 24441), or the server may simply be slow to respond (often the case). + +## - I suggest you subscribe to +## - http://lists.sourceforge.net/lists/listinfo/pyzor-announce. + +## - Download a sample spam file. For testing purpose you can feed it to spamassassin: +## - +## - # cp /root/sample-spam.txt /tmp +## - # cd /tmp +## - # su amavis -c 'spamassassin -D /tmp/tmp_crontab +echo "" >> /tmp/tmp_crontab +echo "# - update razor2" >> /tmp/tmp_crontab +echo "# -" >> /tmp/tmp_crontab +echo "33 0 * * * su amavis -lc '/usr/bin/razor-admin -discover'" >> /tmp/tmp_crontab +crontab /tmp/tmp_crontab +rm /tmp/tmp_crontab + + +## - SpamAssassin's main configuration file: +## - +vim /etc/spamassassin/local.cf + + +## - insert/replace the lines +## - +## - # let the body of mails untouched.. +## - # +## - report_safe 0 +## - +## - +## - ## - Possibly optional, possibly not: +## - ## - Depending on your setup, it might be necessary to explicitly set internal_networks +## - ## - and trusted_networks. The trust path tells spamassassin which clients are not trusted. +## - ## - If you are using SpamAssassin version 3.2 or newer, do not include the 127/8 +## - ## - networks shown below. They are automatically included. +## - ## - See http://wiki.apache.org/spamassassin/TrustPath and this thread: +## - ## - +## - # explicitly set our internal_networks (might be the same or similar to mynetworks) +## - clear_internal_networks +## - #internal_networks 178.63.63.151/32 +## - #internal_networks 2a01:4f8:121:c5::2/128 +## - # don't add internal_networks to trusted_networks, but possibly other computers/networks whose mail we trust +## - clear_trusted_networks +## - #- add mx03.so36.net to our trusted networks. +## - trusted_networks 83.223.73.205 +## - trusted_networks 2a01:30:1fff:fd00::205 +## - #- add b.mx.oopen.de to our trusted networks. +## - trusted_networks 83.223.86.162 +## - trusted_networks 2a01:30:1fff:a::162 +## - +## - lock_method flock +## - +## - required_score 5.1 +## - +## - +## - use_bayes 1 +## - bayes_path /var/lib/amavis/.spamassassin/bayes +## - +## - whitelist_from admin@oopen.de +## - +## - bayes_auto_learn 1 +## - bayes_auto_learn_threshold_spam 15.0 +## - #bayes_auto_learn_threshold_spam 10.0 +## - bayes_auto_learn_threshold_nonspam -0.5 +## - +## - ## - NOTE: Since there is a script that runs each day to --force-expire old +## - ## - Bayes tokens "/etc/cron.daily/amavisd-new" (make sure there is if +## - ## - you use this setting!), we can set: +## - ## - +## - bayes_auto_expire 0 +## - +## - ## - Optional: +## - ## - Some people believe auto-whitelist is more of a liability than an asset: +## - use_auto_whitelist 1 +## - auto_whitelist_path /var/lib/amavis/.spamassassin/auto-whitelist +## - +## - ## - Optional: +## - ## - We will normally have DNS available: +## - dns_available yes +## - +## - +## - # Enable or disable network checks +## - skip_rbl_checks 1 +## - use_razor2 1 +## - razor_timeout 8 +## - +## - ##use_dcc 1 +## - ##dcc_home /var/dcc +## - +## - use_pyzor 1 +## - #pyzor_timeout 8 +## - +## - # Mail using locales used in these country codes will not be marked +## - # as being possibly spam in a foreign language. +## - ok_locales all +## - +## - add_header spam Flag _YESNOCAPS_ +## - + + +## - edit /etc/spamassassin/v310.pre +## - +## - enable auto-whitelist checks +## - loadplugin Mail::SpamAssassin::Plugin::AWL +## - +## - enable language guesser +## - loadplugin Mail::SpamAssassin::Plugin::TextCat +## - +vim /etc/spamassassin/v310.pre + + +## - enable nightly cronjob for spamassassin +## - +## - edit /etc/default/spamassassin and set: +## - CRON=1 +## - +perl -i -n -p -e "s#^([ ]*\#?\ *)(CRON\ *=.*)#\#\#\1\2\nCRON=1#" \ + /etc/default/spamassassin + + + +## - add a cronjob for cleaning up bayes +## - +crontab -l > /tmp/tmp_crontab +echo "" >> /tmp/tmp_crontab +echo "# - cleanup sa bayes for espired entries" >> /tmp/tmp_crontab +echo "# -" >> /tmp/tmp_crontab +echo '33 3 * * * su amavis -lc "/usr/bin/sa-learn --sync >/dev/null" ; su amavis -lc "/usr/bin/sa-learn --sync --force-expire >/dev/null"' >> /tmp/tmp_crontab +crontab /tmp/tmp_crontab +rm /tmp/tmp_crontab + + +sa-update + +## - !! Notice !! +## - if su clamav -c 'spamassassin --lint' failed ( with warn +## - message "warn: Use of uninitialized value $type in numeric..") +## - reading "/etc/spamassassin/local.cf": razor_timeout 8, have a look +## - at SpamAssassin/Plugin/Razor2.pm line 118: +## - +## - type => $Mail::SpamAssassin::Conf::CONF_TYPE_DURATIION, +## - +## - Should be: +## - +## - type => $Mail::SpamAssassin::Conf::CONF_TYPE_DURATION, +## - +## - see also: https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7018 +## - +perl -i -n -p -e "s/CONF_TYPE_DURATIION/CONF_TYPE_DURATION/" /usr/share/perl5/Mail/SpamAssassin/Plugin/Razor2.pm + +sa-compile +cd /tmp +su amavis -c 'spamassassin --lint' + +## - it's important, that all completes without error +## - +/etc/init.d/amavis restart + +## - SpamAssassin Rules +## - +## - updates.spamassassin.org is used automatically +## - and you have to do nothing, because "sa-update" +## - has done the update from updates.spamassassin.org. install +## - a cronjob for doing this periodically. for better understanding, +## - do this + +## - first get a gpgkey from updates.spamassassin.org, in order only +## - getting signed update rules +cd /etc/spamassassin +wget http://spamassassin.apache.org/updates/GPG.KEY +sa-update --import GPG.KEY +rm GPG.KEY + +## - create keyfile and add a line for the key-id +## - +## - you can also get the key-id by typing +## - gpg --home /etc/spamassassin/sa-update-keys -kv +## - +echo "5244EC45" > /etc/spamassassin/sa_keys + + +## - create a channel file and add a line with the url +## - +echo "updates.spamassassin.org" > /etc/spamassassin/sa_channel + +## - now you can update: +## - +sa-update --channelfile /etc/spamassassin/sa_channel --gpgkeyfile /etc/spamassassin/sa_keys + + +## - Spamassassin Rules from Heinlein Support +## - +sa-update --nogpg --channel spamassassin.heinlein-support.de + +## - There are hundreds of SpamAssassin rules that help decide what is spam +## - and what is not. Additional rules are available from 3rd parties. I add +## - the safest set of rules from http://www.rulesemporium.com/ which I +## - obtain from another source at http://saupdates.openprotect.com/: +## - +## - !! OUTDATED !! +#cd /etc/spamassassin +#wget http://saupdates.openprotect.com/pub.gpg +#sa-update --import pub.gpg +#rm pub.gpg +#echo "BDE9DC10" >> /etc/spamassassin/sa_keys +#echo "saupdates.openprotect.com" >> /etc/spamassassin/sa_channel + + +## - Spamassassin Rule from eXtreme SHOCK +## - +## - Maintained and provided by https://eXtremeSHOK.com +## - +cd /tmp +git clone https://github.com/extremeshok/spamassassin-extremeshok_fromreplyto +cd spamassassin-extremeshok_fromreplyto + +mkdir /etc/mail/spamassassin/plugins/ +cp plugins/* /etc/mail/spamassassin/plugins/ +cp 01_extremeshok_fromreplyto.cf /etc/mail/spamassassin/01_extremeshok_fromreplyto.cf + +cd +rm -rf /tmp/spamassassin-extremeshok_fromreplyto + + + +## - check the rule. if all is fine there is no output +## - +spamassassin --lint + +## - or check with debug mode +## - +spamassassin -D --lint + +## - create a update-script using sa.update +## - +mkdir -p /root/bin +cat > /root/bin/sa-update.sh < 1 ]]; then + echo "problem with sa-update" +fi + +sa-update --allowplugins --channelfile /etc/spamassassin/sa_channel --gpgkeyfile /etc/spamassassin/sa_keys + +code2=\$? +if [[ \$code2 > 1 ]]; then + echo "problem with sa-update using channelfile.." +fi + + +## - Get rules from heinlein-support.de +## - +## - see: +## - https://www.heinlein-support.de/blog/news/aktuelle-spamassassin-regeln-von-heinlein-support/ +## - +sa-update --nogpg --channel spamassassin.heinlein-support.de +code3=\$? +if [[ \$code3 > 1 ]]; then + echo "problem with sa-update using channel spamassassin.heinlein-support.de.." +fi + + +if [[ \`expr \$code1 + \$code2 + \$code3\` < 4 ]]; then + spamassassin --lint + code4=\$? + if [[ \$code4 = 0 ]]; then + #svc -h /service/spamd + #/etc/init.d/spamassassin restart > /dev/null + /etc/init.d/amavis restart >/dev/null + else + echo "spamassassin failed to lint" + fi +fi + +# Fixup perms -- group and other should be able to read and execute, +# but never write. Works around sa-compile's failure to obey umask. +if [ -d /var/lib/spamassassin ]; then + chown -R debian-spamd:debian-spamd /var/lib/spamassassin + chmod -R go-w,go+rX /var/lib/spamassassin + chmod 700 /var/lib/spamassassin/sa-update-keys + chmod 600 /var/lib/spamassassin/sa-update-keys/* +fi +if [ -d /var/lib/amavis ]; then + chown -R amavis:amavis /var/lib/amavis +fi +EOF + +chmod 755 /root/bin/sa-update.sh + +## - add a cronjob for spamassassin updates +## - +crontab -l > /tmp/tmp_crontab +echo "" >> /tmp/tmp_crontab +echo "# - update spamassassin rules" >> /tmp/tmp_crontab +echo "# -" >> /tmp/tmp_crontab +echo "33 1 * * * /root/bin/sa-update.sh" >> /tmp/tmp_crontab +crontab /tmp/tmp_crontab +rm /tmp/tmp_crontab + + +## - Since we have the Mail::DKIM Perl module installed, we can optionally +## - enable the SpamAssassin DKIM plugin: +## - +## - uncomment the plugin: +## - loadplugin Mail::SpamAssassin::Plugin::DKIM + +vim /etc/spamassassin/v312.pre +## - Save and exit the file, then run --lint: +su amavis -c 'spamassassin --lint' + +## - With SpamAssassin version 3.2 or newer, we can optionally compile +## - some body rules so they execute faster. Start by running sa-compile +## - for the first time and check for errors: +## - +sa-compile + + +## - If it looks like it didn't crash, enable plugin +## - Mail::SpamAssassin::Plugin::Rule2XSBody +## - +vim /etc/spamassassin/v320.pre + +## - uncomment the line: +## - # loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody +## - +## - Save and exit the file, then run --lint: +su amavis -c 'spamassassin --lint' + + + +## - create a update-script that will run sa-compile +## - +mkdir -p /root/bin/ +cat > /root/bin/sa-compile.sh < /dev/null 2>&1 +fi + +code1=\$? +if [[ \$code1 > 0 ]]; then + echo "problem with sa-compile, turning off Rule2XSBody plugin" + sed -i 's/loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody/#loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody/' /etc/spamassassin/v320.pre + test -x /usr/sbin/amavisd-new || exit 0 + /etc/init.d/amavis restart >/dev/null +else + sed -i 's/#\ *loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody/loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody/' /etc/spamassassin/v320.pre + test -x /usr/sbin/amavisd-new || exit 0 + /etc/init.d/amavis restart >/dev/null +fi + +# Fixup perms -- group and other should be able to read and execute, +# but never write. Works around sa-compile's failure to obey umask. +if [ -d /var/lib/spamassassin ]; then + chown -R debian-spamd:debian-spamd /var/lib/spamassassin + chmod -R go-w,go+rX /var/lib/spamassassin + chmod 700 /var/lib/spamassassin/sa-update-keys + chmod 600 /var/lib/spamassassin/sa-update-keys/* +fi +if [ -d /var/lib/amavis ]; then + chown -R amavis:amavis /var/lib/amavis +fi +EOF + +chmod 755 /root/bin/sa-compile.sh + +## - add a cronjob for compiling rules +## - +crontab -l > /tmp/tmp_crontab +echo "" >> /tmp/tmp_crontab +echo "# - compiling rules (SpamAssassin)" >> /tmp/tmp_crontab +echo "# -" >> /tmp/tmp_crontab +echo "53 0 * * * /root/bin/sa-compile.sh" >> /tmp/tmp_crontab +crontab /tmp/tmp_crontab +rm /tmp/tmp_crontab + +## - Install DCC +## - + +## - DCC is available from the Debian archives, but we will get it from the +## - author and compile it from the source code. Installing it from source +## - is a good exercise and we have better control over how it installs. +## - Installing from source allows us to customize the installation for use +## - with amavisd-new. Note that as of version 1.3.0 of DCC +## - http://www.commtouch.com/ has exclusive marketing rights for DCC. If you +## - resell anti-spam solutions that use DCC and you do not provide your DCC +## - data to the public, you will need to pay for DCC. Please read the license. +## - +cd /usr/local/src +mkdir -p dcc +cd dcc +wget http://www.dcc-servers.net/dcc/source/dcc-dccproc.tar.Z +tar xzvf dcc-dccproc.tar.Z + +## - Change to the dcc subdirectory by using the [tab] key command +## - completion shortcut as shown, then ./configure: +cd dcc-dccproc- [tab][enter] + +## - configure and install +## - +./configure --with-uid=amavis && make && make install + +## - Update file ownership: +chown -R amavis:amavis /var/dcc + +## - Test our installation with: +cdcc info + +## - We should get 'requests ok' from the servers (but 'not answering' +## - from 127.0.0.1 is expected). + +## - The instructions say to run cron-dccd each day to clean things up, so we will do that. +## - +## - add a cronjob for cleaning up dcc +## - +crontab -l > /tmp/tmp_crontab +echo "" >> /tmp/tmp_crontab +echo "# - cleaning up dcc (Distributed Checksum Clearinghouses)" >> /tmp/tmp_crontab +echo "# -" >> /tmp/tmp_crontab +echo "13 1 * * * /var/dcc/libexec/cron-dccd" >> /tmp/tmp_crontab +crontab /tmp/tmp_crontab +rm /tmp/tmp_crontab + +## - enable dccifd: +## - + +## - edit /etc/spamassassin/v310.pre +## - uncomment the plugin: +## - loadplugin Mail::SpamAssassin::Plugin::DCC +vim /etc/spamassassin/v310.pre + +## - edit /etc/spamassassin/local.cf +## - +## - add/uncomment: +## - use_dcc 1 +## - dcc_home /var/dcc +## - +vim /etc/spamassassin/local.cf + + +## - edit /var/dcc/dcc_conf +## - +vim /var/dcc/dcc_conf + +## - and change +## - DCCIFD_ENABLE=off +## - to: +## - DCCIFD_ENABLE=on +## - +## - Then change: +## - DBCLEAN_LOGDAYS=14 +## - to: +## - DBCLEAN_LOGDAYS=1 +##- +## -save and exit. +## - + +## - ## - If you choose to allow logging, cron-dccd should delete old log files +## - ## - when it runs. Keep your eye on the files that accumulate in the +## - ## - /var/dcc/log directory. It's your choice, but I personally don't want to +## - ## - monitor the DCC logs, so I turn off logging altogether by deleting the +## - ## - log directory and commenting out the logdir entry in dcc_conf: +## - ## - +## - rm -r /var/dcc/log +## - vim /var/dcc/dcc_conf +## - and comment out: +## - DCCIFD_LOGDIR="$DCCM_LOGDIR" + +## - We will use a supplied script (rcDCC) to automatically +## - start dccifd when we boot up: +## - +cp /var/dcc/libexec/rcDCC /etc/init.d/adcc + +# +update-rc.d adcc defaults +# or within systemd +systemctl enable adcc + +/etc/init.d/adcc start + + +## - Now test it with SpamAssassin: +su amavis -c 'spamassassin -D < /tmp/sample-spam.txt' + +## - Now test that SpamAssassin finds dccifd: +## - +su amavis -c 'spamassassin -D dcc &1 | grep dccifd + +## - You should see: dbg: dcc: dccifd got response: +## - [15744] dbg: dcc: dccifd default local socket chosen: /var/dcc/dccifd +## - [15744] dbg: dcc: connecting to a local socket /var/dcc/dccifd +## - [15744] dbg: dcc: dccifd got response: X-DCC-EATSERVER-Metrics: vserver08 1166; Body=many Fuz1=many Fuz2=many + + +rm /tmp/sample-spam.txt