CodeCharge TAIWAN

open webmail 安裝

先安裝 apache2
apt-get install apache2

在 sources.list 最後一行加入
deb ftp://debian.tnc.edu.tw/pub1 b2d/

然後執行 apt-get update
再執行 apt-get install openwebmail

安裝完之後重新啟動 apache
/etc/init.d/apache2 restart

打開 browser, 網址輸入
http://your.domain/cgi-bin/openwebmail/openwebmail.pl

就可以登入使用了

apt-get install postfix clamav amavisd-new spamAssassin spamc postfix-pcre

先安裝libsasl2
apt-get install libsasl2

用google 找一下 sasl-bin

直接去網站把 source 抓回來
wget http://http.us.debian.org/debian/pool/m ... 8_i386.deb
安裝指令
dpkg -i sasl2-bin_2.1.22.dfsg1-8_i386.deb

然後會出現
warning: --update given but /var/run/saslauthd does not exist
* To enable saslauthd, edit /etc/default/saslauthd and set START=yes

照做, 去編輯 /etc/default/saslauthd 然後把 START=no 改成yes

接者啟動 sasl
/etc/init.d/saslauthd start

postfix 方面的設定
/etc/postfix/sasl 底下要新增一個smtpd.conf
內容
pwcheck_method: saslauthd
mech_list:plain login

main.cf
#SASL
smtpd_sasl_auth_enable = yes
smtpd_delay_reject=yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated permit_auth_destination reject
smtpd_client_restrictions = permit_sasl_authenticated
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous

做寄信測試發現
warning: SASL authentication failure:
cannot connect to saslauthd server: Permission denied

這問題只要把postfix 加到sasl 的群組就好了
addgroup postfix sasl

http://www.gentoo.tw/got-doc/spamassassin.xml

1. SpamAssassin 安裝手冊

什麼是 SpamAssassin

SpamAssassin 是一種安裝在郵件伺服主機上的郵件過濾器，用來辨識垃圾信。它是使用大量的預設規則檢查垃圾信，這些規則會檢查寄到您的網域內所有郵件的標頭，內文，以及送信者。他採取的過濾方式是採用記分制，也就是說會根據我們所設定的標準來給予分數超過標準值的時候即判定為 SPAM

2. 安裝設定 SpamAssassin
原始碼2.1: 安裝設定 SpamAssassin

# emerge Mail-SpamAssassin
# nano -w /etc/mail/spamassassin/local.cf
# SpamAssassin config file for version 2.5xM
# generated by http://www.yrex.com/spam/spamconfig.php (version 1.01)

# How many hits before a message is considered spam.
判定為 spam 所需要的分數
required_hits 5.0

# Whether to change the subject of suspected spam
設定要不要改主旨
rewrite_subject 1



# Text to prepend to subject if rewrite_subject is used
要加在 spam 主旨前面的字
subject_tag *****廣告信*****


# Encapsulate spam in an attachment
將垃圾加在附件後
report_safe 1


# Use terse version of the spam report
用精簡的自動回報垃圾給管理者
use_terse_report 0

# Enable the Bayes system
啟用 Bayes 系統，此系統具有自動學習功能
use_bayes 1

# Enable Bayes auto-learning
開啟自動學習
auto_learn 1

# Enable or disable network checks
skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 1

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
# - chinese english japanese
ok_languages zh en ja

# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales en ja zh


原始碼2.2: 設定過濾規則

# nano -w /etc/mail/spamassassin/local.cf
score HEADER_8BITS 0
score HTML_COMMENT_8BITS 0
score SUBJ_FULL_OF_8BITS 0
score UPPERCASE_25_50 0
score UPPERCASE_50_75 0
score UPPERCASE_75_100 0

score HEAD_ILLEGAL_CHARS 0
score SUBJ_ILLEGAL_CHARS 0

score FRONTPAGE 0
score HTML_FONTCOLOR_BLUE 0
score HTML_FONTCOLOR_GREEN 0
score HTML_FONTCOLOR_RED 0
score HTML_FONT_BIG 0
score HTML_FONT_FACE_BAD 0
score HTML_MESSAGE 0

score HTTP_ESCAPED_HOST 0
score HTTP_EXCESSIVE_ESCAPES 0
score HTTP_WITH_EMAIL_IN_URL 0
score LINES_OF_YELLING 0

score HTML_00_10 0
score HTML_10_20 0
score HTML_20_30 0
score HTML_30_40 0
score HTML_40_50 0
score HTML_50_60 0
score HTML_60_70 0
score HTML_70_80 0
score HTML_80_90 0
score HTML_90_100 0
score HTML_SHOUTING3 0
score HTML_SHOUTING4 0
score HTML_SHOUTING5 0
score HTML_SHOUTING6 0
score HTML_SHOUTING7 0
score HTML_SHOUTING8 0
score HTML_SHOUTING9 0
score HTML_TABLE_THICK_BORD 0
score HTML_COMMENT_EMAIL 0
score HTML_COMMENT_SHOUTING 0
score HTML_COMMENT_SKY 0
score HTML_COMMENT_8BITS 0
score HTML_COMMENT_SAVED_URL 0
score HTML_EMBEDS 0
score HTML_EVENT 0
score HTML_EVENT_UNSAFE 0
score HTML_FONT_BIG 0
score HTML_FONTCOLOR_UNSAFE 0
score HTML_FONTCOLOR_NAME 0
score HTML_FONT_INVISIBLE 0
score HTML_FONT_LOW_CONTRAST 0
score HTML_FONTCOLOR_GRAY 0
score HTML_FONTCOLOR_RED 0
score HTML_FONTCOLOR_YELLOW 0
score HTML_FONTCOLOR_GREEN 0
score HTML_FONTCOLOR_CYAN 0
score HTML_FONTCOLOR_BLUE 0
score HTML_FONTCOLOR_MAGENTA 0
score HTML_FONTCOLOR_UNKNOWN 0
score HTML_FONT_FACE_BAD 0
score HTML_FONT_FACE_ODD 0
score HTML_FONT_FACE_CAPS 0
score HTML_FORMACTION_MAILTO 0
score HTML_IMAGE_AREA_04 0
score HTML_IMAGE_AREA_05 0
score HTML_IMAGE_AREA_06 0
score HTML_IMAGE_AREA_07 0
score HTML_IMAGE_AREA_08 0
score HTML_IMAGE_AREA_09 0
score HTML_IMAGE_ONLY_02 0
score HTML_IMAGE_ONLY_04 0
score HTML_IMAGE_ONLY_06 0
score HTML_IMAGE_ONLY_08 0
score HTML_IMAGE_ONLY_10 0
score HTML_IMAGE_ONLY_12 0
score HTML_IMAGE_RATIO_02 0
score HTML_IMAGE_RATIO_04 0
score HTML_IMAGE_RATIO_06 0
score HTML_IMAGE_RATIO_08 0
score HTML_IMAGE_RATIO_10 0
score HTML_IMAGE_RATIO_12 0
score HTML_IMAGE_RATIO_14 0
score HTML_JAVASCRIPT 0
score HTML_LINK_PUSH_HERE 0
score HTML_LINK_CLICK_HERE 0
score HTML_LINK_CLICK_CAPS 0
score HTML_RELAYING_FRAME 0
score HTML_WEB_BUGS 0
score HTML_WIN_BLUR 0
score HTML_WIN_FOCUS 0
score HTML_WIN_OPEN 0
score HTML_WITH_BGCOLOR 0
score HTML_TAG_BALANCE_A 0
score HTML_TAG_BALANCE_FONT 0
score HTML_TAG_BALANCE_HTML 0
score HTML_TAG_BALANCE_BODY 0
score HTML_TAG_BALANCE_HEAD 0
score HTML_TAG_BALANCE_TABLE 0
score HTML_TAG_EXISTS_BASE 0
score HTML_TAG_EXISTS_PARAM 0
score HTML_TAG_EXISTS_TBODY 0
score HTML_TITLE_EMPTY 0
score HTML_TITLE_UNTITLED 0

這段是重新定義他的分數設定我是設定 html 的部份，
通通不計分所以通通為 0

接下來我們可以自訂一些規則來做細部的分類

有中文字"取消.*訂閱"，則過濾規則成立。
body UNSUBSCRIBE_ZH /取消.*訂閱/
describe UNSUBSCRIBE_ZH Body contain unsubscribe msg in chinese
score UNSUBSCRIBE_ZH 0.5

有中文字"貸款"，則過濾規則成立。
body LOAN /貸款/
describe LOAN Body contain unsubscribe msg in chinese
score LOAN 2.0

有中文字"資金週轉"，則過濾規則成立。
body REVOLVE /資金週轉/
describe REVOLVE Body contain unsubscribe msg in chinese
score REVOLVE 2.0

body WINDOWOPEN /window\.open\(/i
describe WINDOWOPEN JavaScript: Windows.Open
score WINDOWOPEN 3.5

發信軟體如果為 FoxMail 則過濾規則成立
header FOXMAIL X-Mailer =~ /FoxMail /
describe FOXMAIL Foxmail
score FOXMAIL 3.5




這一行是設定 whitelist，whitelist 的 domain 並不是一定不會被擋
spamassassin 是用積分制的，所以，從 whitelist 設的 domain 寄來的
只是幫他先-100分，等於他的 spam 測出來的數值，要超過 105 ，才會被擋

whitelist_from *@xxx.xxx.xxx

blacklist_from 就是黑名單摟
blacklist_from ofjvzp@msa.hinet.net

3. 修改 Postfix 設定
原始碼3.1: 建立 Filter 的 Script

建立一個新的檔案 /usr/local/sbin/filter.sh
# nano -w /usr/local/sbin/filter.sh
exec /usr/bin/spamc -d 127.0.0.1 -f -p 783 -t 30 -e /usr/sbin/sendmail -i "$@"
新增這行 Spamassassin 檢查的指令，
存檔離開之後記得修改權限使其可以執行
# chmod 755 /usr/local/sbin/filter.sh

原始碼3.2: 修改 Postfix 的 master.cf

# nano -w /etc/postfix/master.cf
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd -o content_filter=postfixfilter加上這一段

接者並在檔案的最下方加入以下兩行
postfixfilter unix - n n - - pipe flags=Rq user=nobody
argv=/usr/local/sbin/filter.sh -f ${sender} -- ${recipient}
argv=/usr/local/sbin/filter.sh 就是剛剛我們建立 filter 檔案的路徑

原始碼3.3: 修改 Postfix 的 main.cf

接者我們要修改main.cf
# nano -w /etc/postfix/main.cf
# The header_checks parameter specifies an optional table with patterns
# that each logical message header is matched against, including
# headers that span multiple physical lines.
#
# By default, these patterns also apply to MIME headers and to the
# headers of attached messages. With older Postfix versions, MIME and
# attached message headers were treated as body text.
#
# For details, see the sample-filter.cf file.
#
#header_checks = regexp:/etc/postfix/header_checks
header_checks = pcre:/etc/postfix/header_checks
在這邊新增一行

接者存檔離開去新增我們剛剛設定的檔案
nano -w /etc/postfix/header_checks
/^X-Spam-Status: No / DISCARD Byebye Spam, we don't like you.
放入這行就可以了

原始碼3.4: 加入到預設的開機啟動程序

# rc-update add spamd default
接者啟動Spamd
# /etc/init.d/spamd start
並且把 Postfix 重新啟動
# /etc/init.d/postfix restart

4. 測試除錯
原始碼4.1: 測試是否有啟動 Spamassassin

# tail -n 50 -f /var/log/messages | grep spamd
即時擷取包含 Spamd 最後50行資訊來驗証
/var/log/messages 是因為筆者使用 Syslog-ng 這套 LOG 程式，讀者可以
依照自己的 LOG 程式去修改自己的檔案位址

同時從外部寄信過來測試，如果出現上述訊息代表您的 Spamassassin
已經正常啟動
Apr 8 12:35:19 www spamd[24055]: processing message <200404080435.MAA28386@ms8.hinet.net> for nobody:65534.
Apr 8 12:35:23 www spamd[24055]: identified spam (7.1/5.0) for nobody:65534 in 3.8 seconds, 2166 bytes.
identified spam (7.1/5.0) 這邊讀者可以注意一下7.1代表該封信的總積分
已經超過標準已被判定為 SPAM 表示您的設定已經正常運作了

nano /etc/mysql/my.cnf

找 skip-networking

把 bind-address = 127.0.0.1 加#註解掉

這樣就可以從外部連接 port 3306

因為執行了 apt-get upgrade 結果 nano 掛掉看不到底下工具提示

解決辦法:
去 http://www.nano-editor.org/download.php 下載stable 版本的nano
wget http://debian.linux.org.tw/debian/pool/ ... 1_i386.deb

然後執行 dpkg -i nano_2.0.2-1_i386.deb

安裝完就可以了~而且連 工具提示都變成中文了

apache2 是以模組的方式掛載
所以要修改
/etc/apache2/mods-enabled/dir.conf

把 index.php 放到 index.html 前面 然後重新啟動 apache 即可

from http://wiki.ubuntu.org.cn/index.php?tit ... figuration

The default behaviour of Clamav will fit our needs. A daemon is launched (clamd) and signatures are fetched every day. For more Clamav configuration options, check the configuration files in /etc/clamav. Add clamav user to the amavis group in order for Clamav to have access to scan files:

sudo adduser clamav amavis

Spamasssassin autodetects optional components and will use them if they are present. This means that there is no need to configure dcc-client, pyzor and razor. The fine tuning of Spamassassin rules is beyond the scope of this guide. Please refer to the Spamassassin page. Edit /etc/default/spamassassin to activate the Spamassassin daemon change ENABLED=0 to:

ENABLED=1

Now start Spamassassin:

sudo /etc/init.d/spamassassin start

First, activate spam and antivirus detection in Amavis by editing /etc/amavis/conf.d/15-content_filter_mode:

use strict;

# You can modify this file to re-enable SPAM checking through spamassassin
# and to re-enable antivirus checking.

#
# Default antivirus checking mode
# Uncomment the two lines below to enable it
#

@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);


#
# Default SPAM checking mode
# Uncomment the two lines below to enable it
#

@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

1; # insure a defined return

Bouncing spam can be a bad idea as the return address is often faked, so it may have your server put on a blacklist. Consider editing /etc/amavis/conf.d/20-debian_defaults to set $final_spam_destiny to D_DISCARD rather than D_BOUNCE, as follows:

$final_spam_destiny = D_DISCARD;

After configuration Amavis needs to be restarted:

sudo /etc/init.d/amavis restart

Postfix integration

For postfix integration, you only need to edit /etc/postfix/main.cf and add the following line:

content_filter = smtp-amavis:[127.0.0.1]:10024

Next edit /etc/postfix/master.cf and add the following to the end of the file:

smtp-amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20

127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

Also add the following two lines immediately below the "pickup" transport service:

-o content_filter=
-o receive_override_options=no_header_body_checks

This will prevent messages that are generated to report on spam from being classified as spam. More information can be found from "README.postfix from amavisd-new" and "D.J.Fan" Reload postfix:


sudo /etc/init.d/postfix reload

Now content filtering with spam and virus detection is enabled.