Banyak software-software yang ada saat ini yang dapat digunakan untuk menangkal spam maupun virus, ada yang berbayar maupun gratis (opensource). software-software tersebut ada yang diinstall di komputer pengguna maupun di mail server.
Salah satu software yang bersifat opensource dan banyak ditemukan di hampir semua varian linux adalah Amavis-new sebagai mail scanner dan ClamAV sebagai antivirus. kedua software ini dapat digunakan sebagai mail filter untuk Postfix mail server.
Berikut sedikit sharing tentang setting Amavis-new dan ClamAV di Postfix mail server. Untuk ini di asumsikan bahwa sudah terinstall dan terkonfigurasi Postfix mail server di server CentOS linux (dapat berlaku di semua variant linux).
Pertama-tama jika modul Amavis-new dan ClamAV belum terinstall di server sercara default, maka instal terlebih dulu :
yum --enablerepo=rpmforge,rpmforge-extras install amavisd-new clamav clamav-devel clamd
Jika instalasi selesai maka akan terdapat 2 user baru amavis dan clamav, cek terlebih dulu dengan command:
# cat /etc/passwd | grep "amavis\|clamav" clamav:x:101:102:Clam Anti Virus Checker:/var/clamav:/sbin/nologin amavis:x:102:103:Amavis email scan user:/var/amavis:/bin/sh
Konfigurasi ClamAV dapat ditemukan di /etc/clamd.conf, pastikan ClamAV menggunakan local UNIX socket agar dapat berkomunikasi dengan Amavis-new sebagai mail scanner.
### /etc/clamd.conf # # Set the LocalSocket for clam # Note this *MUST* match that set in /etc/amavisd.conf # LocalSocket /var/run/clamav/clamd.sock # # Comment out the TCPSocket setting: # TCPSocket 3310
Kemudian konfigurasi Amavis-new berada di /etc/amavisd.conf, berikut beberapa baris yang perlu diketahu (tidak perlu diedit)
$max_servers = 2; # num of pre-forked children (2..30 is common), -m $daemon_user = "amavis"; # (no default; customary: vscan or amavis), -u $daemon_group = "amavis"; # (no default; customary: vscan or amavis), -g ... $inet_socket_port = 10024; # listen on this local TCP port(s) ... # $notify_method = 'smtp:[127.0.0.1]:10025'; # $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter!
$inet_socket_port : 10024 merupakan socket dimana Amavis-new berkomunikasi dengan Postfix mail server.
Berikut merubah $mydomain dan $myhostname sesuai dengan kebutuhan:
$mydomain = 'example.com'; # Edit: a convenient default for other settings $MYHOME = '/var/amavis'; # Uncomment: a convenient default for other settings, -H $helpers_home = "$MYHOME/var"; # Uncomment: working directory for SpamAssassin, -S $lock_file = "$MYHOME/var/amavisd.lock"; # Uncomment, -L $pid_file = "$MYHOME/var/amavisd.pid"; # Uncomment, -P $myhostname = 'mail.example.com'; # Uncomment & Edit: must be a fully-qualified domain name!
Ada beberapa baris yang digunakan sebagai kontrol terhadap file spam dan virus, edit level sesuai kebutuhan :
$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level $sa_kill_level_deflt = 6.9; # triggers spam evasive actions (e.g. blocks mail) $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent # $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off $penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn database) $penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam $sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger $sa_local_tests_only = 0; # only tests which do not require internet access?
Berikut baris digunakan untuk mengirim email notifikasi jika ada spam atau virus (biasanya ke email admin mail server) edit sesuai dengan kebutuhan :
$virus_admin = "virusalert\@$mydomain"; # notifications recip. $mailfrom_notify_admin = "virusalert\@$mydomain"; # notifications sender $mailfrom_notify_recip = "virusalert\@$mydomain"; # notifications sender $mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender
Yang terakhir seting socket atau jalur agar dapat berkomunikasi dengan ClamAV. socket ini merupaka local UNIX socket dimana harus sama dengan socket yang digunakan oleh ClamAV seperti konfigurasi socket ClamAV diatas yaitu /var/run/clamav/clamd.sock
### http://www.clamav.net/
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: run clamd under the same user as amavisd, or run it under its own
# # uid such as clamav, add user clamav to the amavis group, and then add
# # AllowSupplementaryGroups to clamd.conf;
# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
# # this entry; when running chrooted one may prefer socket "$MYHOME/clamd".
Untuk konfigurasi Postfix ada di /etc/postfix/master.cf untuk menambahkan service Amavis-new ke Postfix mail server
amavisfeed unix - - n - 2 lmtp
-o lmtp_data_done_timeout=1200
-o lmtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
Tambahkan baris berikut diakhir digunakan untuk mengirim email kembali ketujuan (tergantung lokasi apakah spam atau tidak) setelah dilakukan scan dengan Amavis-new dan ClamAV.
127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o mynetworks=127.0.0.0/8 -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_recipient_restrictions=permit_mynetworks,reject
Agar proses filter berfungsi maka konfigurasi Postfix untuk file /etc/postfix/main.cf
content_filter=amavisfeed:[127.0.0.1]:10024
Terakhir start Amavis-new dan ClamAV service dan restart Postfix mail server
# service clamd start Starting Clam AntiVirus Daemon: [ OK ] # service amavisd start Starting Mail Virus Scanner (amavisd): [ OK ]
postfix reload
Untuk test Amavis-new gunakan telnet ke localhost 10024:
$ telnet localhost 10024 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 [127.0.0.1] ESMTP amavisd-new service ready ehlo localhost 250-[127.0.0.1] 250-VRFY 250-PIPELINING 250-SIZE 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250 XFORWARD NAME ADDR PROTO HELO quit 221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel Connection closed by foreign host.
Untuk menguji apakah Postfix mail server sudah menggunakan Amavis-new mail scanner lakukan telnet localhost 10025 :
$ telnet localhost 10025 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 mail.example.com ESMTP Postfix ehlo localhost 250-mail.example.com 250-PIPELINING 250-SIZE 20480000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN quit 221 2.0.0 Bye Connection closed by foreign host.
Untuk update ClamAV virus database gunakan command freshclam
# freshclam ClamAV update process started at Wed Dec 19 21:07:28 2012 main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) Downloading daily-15914.cdiff [100%] Downloading daily-15915.cdiff [100%] Downloading daily-15916.cdiff [100%] Downloading daily-15917.cdiff [100%] Downloading daily-15918.cdiff [100%] Downloading daily-15919.cdiff [100%] Downloading daily-15920.cdiff [100%] Downloading daily-15921.cdiff [100%] Downloading daily-15922.cdiff [100%] Downloading daily-15923.cdiff [100%] Downloading daily-15924.cdiff [100%] Downloading daily-15925.cdiff [100%] Downloading daily-15926.cdiff [100%] Downloading daily-15927.cdiff [100%] daily.cld updated (version: 15927, sigs: 363270, f-level: 63, builder: neo) Downloading bytecode-209.cdiff [100%] bytecode.cld updated (version: 209, sigs: 40, f-level: 63, builder: neo) Database updated (1407697 signatures) from database.clamav.net (IP: 49.50.9.25) Clamd successfully notified about the update.
Demikian sedikit sharing, semoga dapat membantu.
